1624 files changed, 77079 insertions, 50065 deletions

diff --git a/lib/Makefile b/lib/Makefile
index 37e8ce06d7..aa4e074830 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -19,53 +19,21 @@
 include $(ERL_TOP)/make/target.mk
 include $(ERL_TOP)/make/$(TARGET)/otp.mk
 
-#
-# Macros
-#
-ifeq ($(findstring vxworks,$(TARGET)),vxworks)
-  ERTS_SUB_DIRECTORIES = stdlib sasl kernel compiler
-  OTHER_SUB_DIRECTORIES =	\
-     snmp otp_mibs appmon erl_interface os_mon tools runtime_tools
-  ifdef BUILD_ALL
-    OTHER_SUB_DIRECTORIES += mnesia jinterface ic asn1 debugger \
-	inets mnesia_session diameter orber pman tv observer \
-	cosTransactions cosEvent cosTime cosNotification cosProperty 
-	cosFileTransfer cosEventDomain
-  endif
-else
-#
-# unix and win32
-# --------------
-#
-    ERTS_SUB_DIRECTORIES = stdlib sasl kernel compiler
-    OTHER_SUB_DIRECTORIES = tools test_server common_test runtime_tools
-    ifdef BUILD_ALL
-      ifeq ($(findstring win32,$(TARGET)),win32) # BUILD_ALL on win32
-        OTHER_SUB_DIRECTORIES += 			\
-          snmp otp_mibs appmon erl_interface asn1 jinterface gs wx inets ic \
-          mnesia crypto orber os_mon parsetools syntax_tools pman \
-          public_key ssl toolbar tv observer debugger reltool odbc \
-          diameter \
-          cosTransactions cosEvent cosTime cosNotification cosProperty \
-          cosFileTransfer cosEventDomain et megaco webtool \
-	  xmerl edoc eunit ssh inviso typer erl_docgen \
-	  common_test percept dialyzer
-# dialyzer
-        OTHER_SUB_DIRECTORIES += hipe
-      else # BUILD_ALL on unix
-        OTHER_SUB_DIRECTORIES += \
-          snmp otp_mibs appmon erl_interface asn1 jinterface wx debugger reltool gs inets \
+ERTS_SUB_DIRECTORIES = stdlib sasl kernel compiler
+OTHER_SUB_DIRECTORIES = tools test_server common_test runtime_tools
+ifdef BUILD_ALL
+  OTHER_SUB_DIRECTORIES += \
+          snmp otp_mibs appmon erl_interface asn1 jinterface \
+          wx debugger reltool gs inets \
           ic mnesia crypto orber os_mon parsetools syntax_tools \
           pman public_key ssl toolbar tv observer odbc \
           diameter \
           cosTransactions cosEvent cosTime cosNotification \
           cosProperty cosFileTransfer cosEventDomain et megaco webtool \
 	  xmerl edoc eunit ssh inviso typer erl_docgen \
-	  common_test percept dialyzer
-# dialyzer
-        OTHER_SUB_DIRECTORIES += hipe $(TSP_APP)
-      endif
-    endif
+	  percept dialyzer hipe
+  EXTRA_FILE := $(wildcard EXTRA-APPLICATIONS)
+  EXTRA_APPLICATIONS := $(if $(EXTRA_FILE),$(shell cat $(EXTRA_FILE)))
 endif
 
 ifdef BOOTSTRAP
@@ -76,9 +44,11 @@ else
     SUB_DIRECTORIES = hipe parsetools asn1/src
   else
     ifdef TERTIARY_BOOTSTRAP
-      SUB_DIRECTORIES = snmp sasl jinterface ic syntax_tools
+      SUB_DIRECTORIES = snmp sasl jinterface ic syntax_tools wx
     else # Not bootstrap build
-      SUB_DIRECTORIES = $(ERTS_SUB_DIRECTORIES) $(OTHER_SUB_DIRECTORIES)
+      SUB_DIRECTORIES = $(ERTS_SUB_DIRECTORIES) \
+			$(OTHER_SUB_DIRECTORIES) \
+			$(EXTRA_APPLICATIONS)
     endif
   endif
 endif
diff --git a/lib/appmon/doc/src/appmon.xml b/lib/appmon/doc/src/appmon.xml
index ae6147a387..5af50daa53 100644
--- a/lib/appmon/doc/src/appmon.xml
+++ b/lib/appmon/doc/src/appmon.xml
@@ -32,6 +32,12 @@
   <module>appmon</module>
   <modulesummary>A graphical node and application process tree viewer.</modulesummary>
   <description>
+    <warning>
+      <p>
+	The Appmon application has been superseded by the Observer application.
+	Appmon will be removed in R16.
+      </p>
+    </warning>
     <p>The application monitor Appmon is a graphical utility used to
       supervise applications executing either locally or on remote nodes.
       The process tree of an application can furthermore be monitored.</p>
diff --git a/lib/appmon/doc/src/appmon_chapter.xml b/lib/appmon/doc/src/appmon_chapter.xml
index 0dab23b549..3f642ad002 100644
--- a/lib/appmon/doc/src/appmon_chapter.xml
+++ b/lib/appmon/doc/src/appmon_chapter.xml
@@ -31,6 +31,12 @@
 
   <section>
     <title>Introduction</title>
+    <warning>
+      <p>
+	The Appmon application has been superseded by the Observer application.
+	Appmon will be removed in R16.
+      </p>
+    </warning>
     <p>The application monitor Appmon is a graphical node and application viewer. The tool shows an overview of all applications on all known nodes, and it is possible to view the process tree for an application running on any of the nodes.</p>
     <note>
       <p>If the Appmon code is not available at a node, for example an
diff --git a/lib/appmon/doc/src/notes.xml b/lib/appmon/doc/src/notes.xml
index ace163bcad..c469880abd 100644
--- a/lib/appmon/doc/src/notes.xml
+++ b/lib/appmon/doc/src/notes.xml
@@ -30,6 +30,27 @@
   </header>
   <p>This document describes the changes made to the Appmon application.</p>
 
+<section><title>Appmon 2.1.14</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+        <item>
+          <p>
+	    Miscellaneous documentation build updates</p>
+          <p>
+	    Own Id: OTP-9813</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Appmon 2.1.13</title>
 
     <section><title>Improvements and New Features</title>
diff --git a/lib/appmon/src/appmon.erl b/lib/appmon/src/appmon.erl
index 2b982cddf0..7a6d86c9ab 100644
--- a/lib/appmon/src/appmon.erl
+++ b/lib/appmon/src/appmon.erl
@@ -17,6 +17,11 @@
 %% %CopyrightEnd%
 -module(appmon).
 -behaviour(gen_server).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,1}}]).
 
 %%%---------------------------------------------------------------------
 %%% Appmon main module.
diff --git a/lib/appmon/src/appmon_a.erl b/lib/appmon/src/appmon_a.erl
index b0b5847343..2c8185a85d 100644
--- a/lib/appmon/src/appmon_a.erl
+++ b/lib/appmon/src/appmon_a.erl
@@ -17,6 +17,11 @@
 %% %CopyrightEnd%
 %%
 -module(appmon_a).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,1}}]).
 
 %%----------------------------------------------------------------------
 %%
diff --git a/lib/appmon/src/appmon_lb.erl b/lib/appmon/src/appmon_lb.erl
index 4e433f37c5..55fda83027 100644
--- a/lib/appmon/src/appmon_lb.erl
+++ b/lib/appmon/src/appmon_lb.erl
@@ -29,6 +29,13 @@
 %%% then pressing the load button, its application window is started.
 
 -module(appmon_lb).
+-compile([{nowarn_deprecated_function,{gs,button,3}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,listbox,3}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 -export ([
 	  start/1, 
diff --git a/lib/appmon/src/appmon_txt.erl b/lib/appmon/src/appmon_txt.erl
index 4e1785c53f..8647bc9890 100644
--- a/lib/appmon/src/appmon_txt.erl
+++ b/lib/appmon/src/appmon_txt.erl
@@ -22,6 +22,11 @@
 %%------------------------------------------------------------
 
 -module(appmon_txt).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,1}}]).
 -export([start/0, start/1, print/1, fprint/1]).
 
 %% gen_server stuff
diff --git a/lib/appmon/src/appmon_web.erl b/lib/appmon/src/appmon_web.erl
index 7c0451c3c3..048f7fa165 100644
--- a/lib/appmon/src/appmon_web.erl
+++ b/lib/appmon/src/appmon_web.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/appmon/vsn.mk b/lib/appmon/vsn.mk
index fa17345daf..047f1eadc1 100644
--- a/lib/appmon/vsn.mk
+++ b/lib/appmon/vsn.mk
@@ -1 +1 @@
-APPMON_VSN = 2.1.13
+APPMON_VSN = 2.1.14
diff --git a/lib/asn1/c_src/asn1_erl_nif.c b/lib/asn1/c_src/asn1_erl_nif.c
index 9c9f83bc2a..accd368af1 100644
--- a/lib/asn1/c_src/asn1_erl_nif.c
+++ b/lib/asn1/c_src/asn1_erl_nif.c
@@ -580,7 +580,7 @@ int per_insert_bits_as_bits(int desired_no, int no_bytes,
 	unsigned char **input_ptr, unsigned char **output_ptr, int *unused) {
     unsigned char *in_ptr = *input_ptr;
     unsigned char val;
-    int no_bits, ret, ret2;
+    int no_bits, ret;
 
     if (desired_no == (no_bytes * 8)) {
 	if (per_insert_octets_unaligned(no_bytes, &in_ptr, output_ptr, *unused)
@@ -606,8 +606,7 @@ int per_insert_bits_as_bits(int desired_no, int no_bytes,
 		== ASN1_ERROR
 		)
 	    return ASN1_ERROR;
-	ret2 = per_pad_bits(desired_no - (no_bytes * 8), output_ptr, unused);
-	/*     printf("ret2 = %d\n\r",ret2); */
+	per_pad_bits(desired_no - (no_bytes * 8), output_ptr, unused);
 	ret = CEIL(desired_no,8);
 	/*     printf("ret = %d\n\r",ret); */
     }
diff --git a/lib/asn1/doc/src/Makefile b/lib/asn1/doc/src/Makefile
index 566173837c..20bd00a3b8 100644
--- a/lib/asn1/doc/src/Makefile
+++ b/lib/asn1/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/asn1/doc/src/notes.xml b/lib/asn1/doc/src/notes.xml
index 52d770c9f6..9b6c482c0a 100644
--- a/lib/asn1/doc/src/notes.xml
+++ b/lib/asn1/doc/src/notes.xml
@@ -31,6 +31,57 @@
   <p>This document describes the changes made to the asn1 application.</p>
 
 
+<section><title>Asn1 1.6.19</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    The linked-in driver used for ber decode and per encode
+	    has been replaced with nifs. To enable the usage of nifs
+	    pass the nif option to erlc or asn1rt:compile when
+	    compiling. If you previously used the linked-in driver,
+	    you have to recompile your ASN1 modules with the current
+	    version of asn1 application as the linked-in driver
+	    modules have been removed.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9419</p>
+        </item>
+        <item>
+          <p>
+	    A few of the heavy calculations which are done for
+	    encoding and decoding operations when dealing with
+	    SEQUENCE OF and DEFAULT in runtime have been moved to be
+	    done in compile time instead.</p>
+          <p>
+	    Own Id: OTP-9440</p>
+        </item>
+        <item>
+          <p>
+	    When compiling an ASN.1 ber module with the +nif option,
+	    the module will use a new nif for ber encoding,
+	    increasing performance by about 5%.</p>
+          <p>
+	    Own Id: OTP-9441</p>
+        </item>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Asn1 1.6.18</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/asn1/src/asn1ct_check.erl b/lib/asn1/src/asn1ct_check.erl
index e318477234..105fc02819 100644
--- a/lib/asn1/src/asn1ct_check.erl
+++ b/lib/asn1/src/asn1ct_check.erl
@@ -5253,6 +5253,9 @@ check_int(S,[{'NamedNumber',Id,Num}|T],Acc) when is_integer(Num) ->
 check_int(S,[{'NamedNumber',Id,{identifier,_,Name}}|T],Acc) ->
     Val = dbget_ex(S,S#state.mname,Name),
     check_int(S,[{'NamedNumber',Id,Val#valuedef.value}|T],Acc);
+check_int(S,[{'NamedNumber',Id,{'Externalvaluereference',_,Mod,Name}}|T],Acc) ->
+    Val = dbget_ex(S,Mod,Name),
+    check_int(S,[{'NamedNumber',Id,Val#valuedef.value}|T],Acc);
 check_int(_S,[],Acc) ->
     lists:keysort(2,Acc).
 
diff --git a/lib/asn1/src/asn1ct_constructed_ber.erl b/lib/asn1/src/asn1ct_constructed_ber.erl
index 77b78dcac7..360de77663 100644
--- a/lib/asn1/src/asn1ct_constructed_ber.erl
+++ b/lib/asn1/src/asn1ct_constructed_ber.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -1542,7 +1542,7 @@ mkfunname(Erule,TopType,Cname,WhatKind,DecOrEnc,Arity) ->
 	    F = lists:concat(["fun '",DecOrEnc,"_",EType,"'/",Arity]),
 	    {F, "?MODULE", F};
 	#'Externaltypereference'{module=Mod,type=EType} ->
-	    {lists:concat(["{'",Mod,"','",DecOrEnc,"_",EType,"'}"]),Mod,
+	    {lists:concat(["fun '",Mod,"':'",DecOrEnc,"_",EType,"'/",Arity]),Mod,
 	     lists:concat(["'",DecOrEnc,"_",EType,"'"])};
 	{constructed,bif} ->
 	    F =
diff --git a/lib/asn1/src/asn1ct_constructed_ber_bin_v2.erl b/lib/asn1/src/asn1ct_constructed_ber_bin_v2.erl
index 243ff234a7..2c4b44996d 100644
--- a/lib/asn1/src/asn1ct_constructed_ber_bin_v2.erl
+++ b/lib/asn1/src/asn1ct_constructed_ber_bin_v2.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/asn1/src/asn1ct_gen_ber_bin_v2.erl b/lib/asn1/src/asn1ct_gen_ber_bin_v2.erl
index 781271bae7..365bb84d52 100644
--- a/lib/asn1/src/asn1ct_gen_ber_bin_v2.erl
+++ b/lib/asn1/src/asn1ct_gen_ber_bin_v2.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2002-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/asn1/src/asn1ct_gen_per.erl b/lib/asn1/src/asn1ct_gen_per.erl
index b90a0adf81..8fd7a69a19 100644
--- a/lib/asn1/src/asn1ct_gen_per.erl
+++ b/lib/asn1/src/asn1ct_gen_per.erl
@@ -358,6 +358,10 @@ greatest_common_range2({_,Int},VR={_Lb,_Ub}) when is_integer(Int) ->
 greatest_common_range2({_,L},{Lb,Ub}) when is_list(L) ->
     Min = least_Lb([Lb|L]),
     Max = greatest_Ub([Ub|L]),
+    [{'ValueRange',{Min,Max}}];
+greatest_common_range2({Lb1,Ub1},{Lb2,Ub2}) ->
+    Min = least_Lb([Lb1,Lb2]),
+    Max = greatest_Ub([Ub1,Ub2]),
     [{'ValueRange',{Min,Max}}].
 
 mk_vr([{Type,I}]) when is_atom(Type), is_integer(I) ->
diff --git a/lib/asn1/src/asn1ct_gen_per_rt2ct.erl b/lib/asn1/src/asn1ct_gen_per_rt2ct.erl
index 1a0a0e211d..fb9613c18d 100644
--- a/lib/asn1/src/asn1ct_gen_per_rt2ct.erl
+++ b/lib/asn1/src/asn1ct_gen_per_rt2ct.erl
@@ -704,6 +704,10 @@ greatest_common_range([{_,Int}],VR=[{_,{_Lb,_Ub}}]) when is_integer(Int) ->
 greatest_common_range([{_,L}],[{_,{Lb,Ub}}]) when is_list(L) ->
     Min = least_Lb([Lb|L]),
     Max = greatest_Ub([Ub|L]),
+    [{'ValueRange',{Min,Max}}];
+greatest_common_range([{_,{Lb1,Ub1}}],[{_,{Lb2,Ub2}}]) ->
+    Min = least_Lb([Lb1,Lb2]),
+    Max = greatest_Ub([Ub1,Ub2]),
     [{'ValueRange',{Min,Max}}].
     
 
diff --git a/lib/asn1/src/asn1rt_per_bin_rt2ct.erl b/lib/asn1/src/asn1rt_per_bin_rt2ct.erl
index c7ead680ce..750b59aba6 100644
--- a/lib/asn1/src/asn1rt_per_bin_rt2ct.erl
+++ b/lib/asn1/src/asn1rt_per_bin_rt2ct.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/asn1/test/asn1_SUITE.erl.src b/lib/asn1/test/asn1_SUITE.erl.src
index 124ee2d2bb..3f51b125ec 100644
--- a/lib/asn1/test/asn1_SUITE.erl.src
+++ b/lib/asn1/test/asn1_SUITE.erl.src
@@ -96,7 +96,8 @@ all() -> [{group,compile},parse,default_per,default_ber,default_per_opt,per,
 	       testSSLspecs, testNortel,test_undecoded_rest,
 	       test_inline, testTcapsystem, testNBAPsystem,
 	       test_compile_options,testDoubleEllipses, test_modified_x420,
-	       testX420, test_x691,ticket_6143, testExtensionAdditionGroup
+	       testX420, test_x691,ticket_6143, testExtensionAdditionGroup,
+               test_OTP_9688
                ] ++ common() ++ particular().
 
 groups() -> 
@@ -2369,4 +2370,23 @@ test_modules() ->
 	 "LDAP"
 	].
 
-
+test_OTP_9688(Config) ->
+    Asn1Mod = "OTP-9688.asn1",
+    %%DataDir = ?config(data_dir,Config),     
+    PrivDir = ?config(priv_dir,Config),
+    Data = "
+OTP-9688 DEFINITIONS ::= BEGIN
+
+ foo INTEGER ::= 1
+ bar INTEGER ::= 42
+
+ Baz ::= INTEGER {x-y-z1(foo), x-y-z2(bar)}
+ Qux ::= SEQUENCE {flerpInfo SEQUENCE {x INTEGER (-10 | -9 | (0..4))} OPTIONAL}
+
+END
+",
+    File = filename:join(PrivDir,Asn1Mod),
+    ok = file:write_file(File, Data),
+    %% Does it compile with changes to asn1ct_check and asn1ct_gen_per_rt2ct?
+    %% (see ticket)
+    ok = asn1ct:compile(File, [{outdir, PrivDir}]).
diff --git a/lib/asn1/vsn.mk b/lib/asn1/vsn.mk
index b1132155e6..ae92fcb11b 100644
--- a/lib/asn1/vsn.mk
+++ b/lib/asn1/vsn.mk
@@ -1,2 +1,2 @@
 #next version number to use is 1.6.15 | 1.7 | 2.0
-ASN1_VSN = 1.6.18
+ASN1_VSN = 1.6.19
diff --git a/lib/common_test/doc/src/Makefile b/lib/common_test/doc/src/Makefile
index 964f7c76c1..d9651f13b0 100644
--- a/lib/common_test/doc/src/Makefile
+++ b/lib/common_test/doc/src/Makefile
@@ -61,6 +61,7 @@ XML_PART_FILES = part.xml
 
 XML_CHAPTER_FILES = \
 	basics_chapter.xml \
+	getting_started_chapter.xml \
 	install_chapter.xml \
 	write_test_chapter.xml \
 	test_structure_chapter.xml \
@@ -80,7 +81,10 @@ MAKE_EDOC = make_edoc
 
 BOOK_FILES = book.xml
 
-GIF_FILES =
+GIF_FILES = \
+	tc_execution.gif \
+	config.gif \
+	html_logs.gif
 
 INSTALL_NOTES = ../../notes.html
 
diff --git a/lib/common_test/doc/src/basics_chapter.xml b/lib/common_test/doc/src/basics_chapter.xml
index c1bb365b1f..20141d2561 100644
--- a/lib/common_test/doc/src/basics_chapter.xml
+++ b/lib/common_test/doc/src/basics_chapter.xml
@@ -28,54 +28,65 @@
     <rev></rev>
     <file>basics_chapter.xml</file>
   </header>
-
+  <marker id="basics"></marker>
   <section>
     <title>Introduction</title>
 
-    <p>
-      The Common Test framework (CT) is a tool which can support
-      implementation and automated execution of test cases towards different
-      types of target systems. The framework is based on the OTP Test
-      Server. Test cases can be run individually or in batches. Common
-      Test also features a distributed testing mode with central
-      control and logging. This feature makes it possible to test
-      multiple systems independently in one common session. This
-      can be very useful e.g. for running automated large-scale regression 
-      tests.
+    <p>The <em>Common Test</em> framework (CT) is a tool which supports
+      implementation and automated execution of test cases towards arbitrary
+      types of target systems. The CT framework is based on the OTP Test
+      Server and it's the main tool being used in all testing- and verification
+      activities that are part of Erlang/OTP system development- and maintenance.
+    </p>
+
+    <p>Test cases can be executed individually or in batches. Common Test
+      also features a distributed testing mode with central control and logging
+      (a feature that makes it possible to test multiple systems independently in
+      one common session, useful e.g. for running automated large-scale regression
+      tests).
     </p>
 
     <p>
       The SUT (System Under Test) may consist of one or several target
-      nodes.  CT contains a generic test server which together with
-      other test utilities is used to perform test case execution. 
-      It is possible to start the tests from the CT GUI or from an OS- or
-      Erlang shell prompt. <em>Test suites</em> are files (Erlang
+      nodes. CT contains a generic test server which, together with
+      other test utilities, is used to perform test case execution. 
+      It is possible to start the tests from a GUI or from the OS- or
+      Erlang shell. <em>Test suites</em> are files (Erlang
       modules) that contain the <em>test cases</em> (Erlang functions)
       to be executed. <em>Support modules</em> provide functions
       that the test cases utilize in order to carry out the tests.
     </p>
     
-    <p>
-      The main idea is that CT based test programs connect to
-      the target system(s) via standard O&amp;M interfaces. CT
-      provides implementations and wrappers of some of these O&amp;M
-      interfaces and will be extended with more interfaces later. 
-      There are a number of target independent interfaces
-      supported in CT such as Generic Telnet, FTP etc. which can be
-      specialized or used directly for controlling instruments, 
-      traffic generators etc.</p> 
+    <p>In a black-box testing scenario, CT based test programs connect to
+      the target system(s) via standard O&amp;M and CLI protocols. CT
+      provides implementations of, and wrapper interfaces to, some of these
+      protocols (most of which exist as stand-alone components and
+      applications in OTP). The wrappers simplify configuration and add
+      verbosity for logging purposes. CT will be continously extended with
+      useful support modules. (Note however that it's
+      a straightforward task to use any arbitrary Erlang/OTP component
+      for testing purposes with Common Test, without needing a CT wrapper
+      for it. It's as simple as calling Erlang functions). There
+      are a number of target independent interfaces supported in CT, such as
+      Generic Telnet, FTP, etc, which can be specialized or used
+      directly for controlling instruments, traffic load generators, etc.
+    </p> 
     
     <p>Common Test is also a very useful tool for white-box testing Erlang
-      code since the test programs can call Erlang API functions directly. 
-      For black-box testing Erlang software, Erlang RPC as well as 
-      standard O&amp;M interfaces can be used.
+      code (e.g. module testing), since the test programs can call exported Erlang
+      functions directly and there's very little overhead required for
+      implementing basic test suites and executing simple tests. For black-box
+      testing Erlang software, Erlang RPC as well as standard O&amp;M interfaces
+      can for example be used.
     </p>
     
     <p>A test case can handle several connections towards one or
       several target systems, instruments and traffic generators in
       parallel in order to perform the necessary actions for a
       test. The handling of many connections in parallel is one of
-      the major strengths of Common Test!      
+      the major strengths of Common Test (thanks to the efficient
+      support for concurrency in the Erlang runtime system - which CT users
+      can take great advantage of!).
     </p>
   </section>
 
@@ -186,7 +197,7 @@
     
     <taglist>
       <tag>all()</tag>
-        <item>Returns a list of all test cases in the suite. (Mandatory)</item>
+        <item>Returns a list of all test cases and groups in the suite. (Mandatory)</item>
       <tag>suite()</tag>
         <item>Info function used to return properties for the suite. (Optional)</item>
       <tag>groups()</tag>
@@ -197,12 +208,14 @@
       <tag>end_per_suite(Config)</tag>
         <item>Suite level configuration function, executed after the last 
 	test case. (Optional)</item>
+      <tag>group(GroupName)</tag>
+        <item>Info function used to return properties for a test case group. (Optional)</item>	
       <tag>init_per_group(GroupName, Config)</tag>
         <item>Configuration function for a group, executed before the first 
-	test case. (Mandatory if groups are defined)</item>
+	test case. (Optional)</item>
       <tag>end_per_group(GroupName, Config)</tag>
         <item>Configuration function for a group, executed after the last 
-	test case. (Mandatory if groups are defined)</item>
+	test case. (Optional)</item>
       <tag>init_per_testcase(TestCase, Config)</tag>
         <item>Configuration function for a testcase, executed before each 
 	test case. (Optional)</item>
diff --git a/lib/common_test/doc/src/common_test_app.xml b/lib/common_test/doc/src/common_test_app.xml
index f58b2ab0a9..c7f6c7ce5c 100644
--- a/lib/common_test/doc/src/common_test_app.xml
+++ b/lib/common_test/doc/src/common_test_app.xml
@@ -69,12 +69,25 @@
   
   <funcs>
     <func>
-      <name>Module:all() -> TestCases | {skip,Reason} </name>
-      <fsummary>Returns the list of all test cases in the module.</fsummary>
+      <name>Module:all() -> Tests | {skip,Reason} </name>
+      <fsummary>Returns the list of all test case groups and test cases
+	in the module.</fsummary>
       <type>
-	<v>TestCases = [atom() | {group,GroupName}]</v>
-	<v>Reason = term()</v>
+	<v>Tests = [TestCase | {group,GroupName} |
+	            {group,GroupName,Properties} |
+	            {group,GroupName,Properties,SubGroups}]</v>
+	<v>TestCase = atom()</v>
 	<v>GroupName = atom()</v>
+	<v>Properties = [parallel | sequence | Shuffle | {RepeatType,N}] |
+	                default</v>
+	<v>SubGroups = [{GroupName,Properties} |
+	                {GroupName,Properties,SubGroups}]</v>
+	<v>Shuffle = shuffle | {shuffle,Seed}</v>
+	<v>Seed = {integer(),integer(),integer()}</v>
+	<v>RepeatType = repeat | repeat_until_all_ok | repeat_until_all_fail |
+                        repeat_until_any_ok | repeat_until_any_fail</v>
+	<v>N = integer() | forever</v>
+	<v>Reason = term()</v>
       </type>
       
       <desc>	
@@ -85,9 +98,14 @@
 	  This list also specifies the order the cases and groups will
 	  be executed by Common Test. A test case is represented by an atom,
 	  the name of the test case function. A test case group is
-	  represented by a <c>{group,GroupName}</c> tuple, where 
-	  <c>GroupName</c>, an atom, is the name of the group (defined
-	  with <c>groups/0</c>).</p>
+	  represented by a <c>group</c> tuple, where <c>GroupName</c>,
+	  an atom, is the name of the group (defined in <c>groups/0</c>).
+	  Execution properties for groups may also be specified, both
+	  for a top level group and for any of its sub-groups.
+	  Group execution properties specified here, will override
+	  properties in the group definition (see <c>groups/0</c>).
+	  (With value <c>default</c>, the group definition properties
+	  will be used).</p>
 	
 	<p> If <c>{skip,Reason}</c> is returned, all test cases
           in the module will be skipped, and the <c>Reason</c> will
@@ -120,14 +138,16 @@
       <desc>	
 	<p> OPTIONAL </p>
 	
-	<p>See <seealso marker="write_test_chapter#test_case_groups">Test case 
+	<p>Function for defining test case groups. Please see
+	  <seealso marker="write_test_chapter#test_case_groups">Test case 
 	  groups</seealso> in the User's Guide for details.</p>      
       </desc>
     </func>
 
       <func>
 	<name>Module:suite() -> [Info] </name>
-	<fsummary>Test suite info function (providing default data for the suite).</fsummary>
+	<fsummary>Test suite info function (providing default data
+	  for the suite).</fsummary>
 	<type>
 	<v> Info = {timetrap,Time} | {require,Required} | 
 	    {require,Name,Required} | {userdata,UserData} |
@@ -160,11 +180,11 @@
 	  
 	<p>This is the test suite info function. It is supposed to 
 	  return a list of tagged tuples that specify various properties
-	  regarding the execution of this test suite (common for all
+	  related to the execution of this test suite (common for all
 	  test cases in the suite).</p>
 	  
 	<p>The <c>timetrap</c> tag sets the maximum time each
-	  test case is allowed to take (including <c>init_per_testcase/2</c>
+	  test case is allowed to execute (including <c>init_per_testcase/2</c>
 	  and <c>end_per_testcase/2</c>). If the timetrap time is
 	  exceeded, the test case fails with reason
 	  <c>timetrap_timeout</c>. If a <c>TimeFunc</c> function is specified,
@@ -172,9 +192,9 @@
 	  <c>TimeVal</c> format.</p>
 	
 	<p>The <c>require</c> tag specifies configuration variables
-	  that are required by test cases in the suite. If the required
-	  configuration variables are not found in any of the
-	  configuration files, all test cases are skipped. For more
+	  that are required by test cases (and/or configuration functions)
+	  in the suite. If the required configuration variables are not found
+	  in any of the configuration files, all test cases are skipped. For more
 	  information about the 'require' functionality, see the
 	  reference manual for the function
 	  <c>ct:require/[1,2]</c>.</p>
@@ -196,8 +216,9 @@
     </func>
 
       <func>
-	<name>Module:init_per_suite(Config) -> NewConfig | {skip,Reason} | {skip_and_save,Reason,SaveConfig}</name>
-	<fsummary>Test suite initialization.</fsummary>
+	<name>Module:init_per_suite(Config) -> NewConfig | {skip,Reason} |
+	  {skip_and_save,Reason,SaveConfig}</name>
+	<fsummary>Test suite initializations.</fsummary>
 	<type>
 	  <v> Config = NewConfig = SaveConfig = [{Key,Value}]</v>
 	  <v> Key = atom()</v>
@@ -208,15 +229,15 @@
 	  
 	  <p> OPTIONAL </p>
 	  
-	  <p>This function is called as the first function in the
-	  suite. It typically contains initialization which is common for
+	  <p>This configuration function is called as the first function in the
+	  suite. It typically contains initializations which are common for
 	  all test cases in the suite, and which shall only be done
-	  once. The <c>Config</c> parameter is the configuration
+	  once. The <c>Config</c> parameter is the configuration data
 	  which can be modified here. Whatever is returned from this
 	  function is given as <c>Config</c> to all configuration functions
 	  and test cases in the suite. If <c>{skip,Reason}</c> 
-	  is returned, all test cases in the suite will be skipped and <c>Reason</c> 
-	  printed in the overview log for the suite.</p>
+	  is returned, all test cases in the suite will be skipped
+	  and <c>Reason</c> printed in the overview log for the suite.</p>
 	  <p>For information on <c>save_config</c> and <c>skip_and_save</c>, 
 	  please see 
 	  <seealso marker="dependencies_chapter#save_config">Dependencies 
@@ -224,29 +245,106 @@
     </desc>      
     </func>
       
-      <func>
-	<name>Module:end_per_suite(Config) -> void() | {save_config,SaveConfig}</name>
-	<fsummary>Test suite finalization. </fsummary>
-	<type>
-	  <v> Config = SaveConfig = [{Key,Value}]</v>
-	  <v> Key = atom()</v>
-	  <v> Value = term()</v>
-	</type>
+    <func>
+      <name>Module:end_per_suite(Config) -> void() | 
+	{save_config,SaveConfig}</name>
+      <fsummary>Test suite finalization. </fsummary>
+      <type>
+	<v> Config = SaveConfig = [{Key,Value}]</v>
+	<v> Key = atom()</v>
+	<v> Value = term()</v>
+      </type>
+      
+      <desc>	
+	<p> OPTIONAL </p>
 	
+	<p>This function is called as the last test case in the
+	  suite. It is meant to be used for cleaning up after
+	  <c>init_per_suite/1</c>.
+	  For information on <c>save_config</c>, please see 
+	  <seealso marker="dependencies_chapter#save_config">Dependencies
+	    between Test Cases and Suites</seealso> in the User's Guide.</p>
+      </desc>
+    </func>
+
+    <func>
+      <name>Module:group(GroupName) -> [Info] </name>
+      <fsummary>Test case group info function (providing default data
+	for a test case group, i.e. its test cases and sub-groups).</fsummary>
+      <type>
+	<v> Info = {timetrap,Time} | {require,Required} | 
+	  {require,Name,Required} | {userdata,UserData} |
+	  {silent_connections,Conns} | {stylesheet,CSSFile} | 
+	  {ct_hooks, CTHs}</v>
+	<v> Time = TimeVal | TimeFunc</v>
+	<v> TimeVal = MilliSec | {seconds,integer()} | {minutes,integer()} |
+	  {hours,integer()}</v>
+	<v> TimeFunc = {Mod,Func,Args} | Fun</v>
+	<v> MilliSec = integer()</v>
+	<v> Mod = atom()</v>
+	<v> Func = atom()</v>
+	<v> Args = list()</v>
+	<v> Fun = fun()</v>
+	<v> Required = Key | {Key,SubKeys}</v>
+	<v> Key = atom()</v>
+	<v> SubKeys = SubKey | [SubKey]</v>
+	<v> SubKey = atom()</v>
+	<v> Name = atom()</v>
+	<v> UserData = term()</v>
+	<v> Conns = [atom()]</v>
+	<v> CSSFile = string()</v>
+	<v> CTHs = [CTHModule | {CTHModule, CTHInitArgs} |
+	  {CTHModule, CTHInitArgs, CTHPriority}]</v>
+	<v> CTHModule = atom()</v>
+	<v> CTHInitArgs = term()</v>
+	</type>
 	<desc>	
+	  
 	  <p> OPTIONAL </p>
 	  
-	  <p>This function is called as the last test case in the
-	    suite. It is meant to be used for cleaning up after <c>init_per_suite/1</c>.
-	    For information on <c>save_config</c>, please see 
-	    <seealso marker="dependencies_chapter#save_config">Dependencies between 
-	    Test Cases and Suites</seealso> in the User's Guide.</p>
-    </desc>
+	<p>This is the test case group info function. It is supposed to 
+	  return a list of tagged tuples that specify various properties
+	  related to the execution of a test case group (i.e. its test cases
+	  and sub-groups). Properties set by <c>groups/1</c> override
+	  properties with the same key that have been previously set by
+	  <c>suite/0</c>.</p>
+	  
+	<p>The <c>timetrap</c> tag sets the maximum time each
+	  test case is allowed to execute (including <c>init_per_testcase/2</c>
+	  and <c>end_per_testcase/2</c>). If the timetrap time is
+	  exceeded, the test case fails with reason
+	  <c>timetrap_timeout</c>. If a <c>TimeFunc</c> function is specified,
+	  it will be called initially and must return a value on
+	  <c>TimeVal</c> format.</p>
+	
+	<p>The <c>require</c> tag specifies configuration variables
+	  that are required by test cases (and/or configuration functions)
+	  in the suite. If the required configuration variables are not found
+	  in any of the configuration files, all test cases in this group are skipped.
+	  For more information about the 'require' functionality, see the
+	  reference manual for the function
+	  <c>ct:require/[1,2]</c>.</p>
+
+	<p>With <c>userdata</c>, it is possible for the user to
+	  specify arbitrary test case group related information which can be 
+	  read by calling <c>ct:userdata/2</c>.</p>
+
+	  <p>The <c>ct_hooks</c> tag specifies which 
+	  <seealso marker="ct_hooks_chapter">Common Test Hooks</seealso>
+	  are to be run together with this suite.</p>
+	
+	<p>Other tuples than the ones defined will simply be ignored.</p>
+
+	<p>For more information about the test case group info function,
+	  see <seealso marker="write_test_chapter#suite">Test
+	  case group info function</seealso> in the User's Guide.</p>
+    </desc>      
     </func>
 
       <func>
-	<name>Module:init_per_group(GroupName, Config) -> NewConfig | {skip,Reason}</name>
-	<fsummary>Test case group initialization.</fsummary>
+	<name>Module:init_per_group(GroupName, Config) -> NewConfig |
+	  {skip,Reason}</name>
+	<fsummary>Test case group initializations.</fsummary>
 	<type>
 	  <v> GroupName = atom()</v>
 	  <v> Config = NewConfig = [{Key,Value}]</v>
@@ -258,16 +356,16 @@
 	  
 	  <p> OPTIONAL </p>
 	  
-	  <p>This function is called before execution of a test case group.
-	  It typically contains initialization which is common for
-	  all test cases in the group, and which shall only be performed
-	  once. <c>GroupName</c> is the name of the group, as specified in
-	  the group definition (see <c>groups/0</c>). The <c>Config</c> 
-	  parameter is the configuration which can be modified here. 
-	  Whatever is returned from this function is given as <c>Config</c> 
-	  to all test cases in the group. If <c>{skip,Reason}</c> is returned, 
-	  all test cases in the group will be skipped and <c>Reason</c> printed
-	  in the overview log for the group.</p>
+	  <p>This configuration function is called before execution of a
+	    test case group. It typically contains initializations which are 
+	    common for all test cases and sub-groups in the group, and which
+	    shall only be performed once. <c>GroupName</c> is the name of the
+	    group, as specified in the group definition (see <c>groups/0</c>). The
+	    <c>Config</c> parameter is the configuration data which can be modified
+	    here. The return value of this function is given as <c>Config</c> 
+	    to all test cases and sub-groups in the group. If <c>{skip,Reason}</c>
+	    is returned, all test cases in the group will be skipped and
+	    <c>Reason</c> printed in the overview log for the group.</p>
 
 	  <p>For information about test case groups, please see 
 	    <seealso marker="write_test_chapter#test_case_groups">Test case 
@@ -276,7 +374,8 @@
     </func>
       
       <func>
-	<name>Module:end_per_group(GroupName, Config) -> void() | {return_group_result,Status}</name>
+	<name>Module:end_per_group(GroupName, Config) -> void() |
+	  {return_group_result,Status}</name>
 	<fsummary>Test case group finalization.</fsummary>
 	<type>
 	  <v> GroupName = atom()</v>
@@ -305,7 +404,7 @@
 
       <func>
 	<name>Module:init_per_testcase(TestCase, Config) -> NewConfig | {fail,Reason} | {skip,Reason}</name>
-	<fsummary>Test case initialization.</fsummary>
+	<fsummary>Test case initializations.</fsummary>
 	<type>
 	  <v> TestCase = atom()</v>
 	  <v> Config = NewConfig = [{Key,Value}]</v>
@@ -385,10 +484,13 @@
 	  
 	<p>This is the test case info function. It is supposed to 
 	  return a list of tagged tuples that specify various properties
-	  regarding the execution of this particular test case.</p>
+	  related to the execution of this particular test case.
+	  Properties set by <c>Testcase/0</c> override
+	  properties that have been previously set for the test case
+	  by <c>group/1</c> or <c>suite/0</c>.</p>
 	  
 	<p>The <c>timetrap</c> tag sets the maximum time the
-	  test case is allowed to take. If the timetrap time is
+	  test case is allowed to execute. If the timetrap time is
 	  exceeded, the test case fails with reason
 	  <c>timetrap_timeout</c>. <c>init_per_testcase/2</c>
 	  and <c>end_per_testcase/2</c> are included in the
@@ -397,16 +499,16 @@
 	  and must return a value on <c>TimeVal</c> format.</p>
 	
 	<p>The <c>require</c> tag specifies configuration variables
-	  that are required by the test case. If the required
-	  configuration variables are not found in any of the
+	  that are required by the test case (and/or <c>init/end_per_testcase/2</c>).
+	  If the required configuration variables are not found in any of the
 	  configuration files, the test case is skipped. For more
 	  information about the 'require' functionality, see the
 	  reference manual for the function
 	  <c>ct:require/[1,2]</c>.</p>
 
 	<p>If <c>timetrap</c> and/or <c>require</c> is not set, the
-	  default values specified in the <c>suite/0</c> return list
-	  will be used.</p>
+	  default values specified by <c>suite/0</c> (or
+	  <c>group/1</c>) will be used.</p>
 
 	<p>With <c>userdata</c>, it is possible for the user to
 	  specify arbitrary test case related information which can be 
@@ -438,12 +540,12 @@
 	<p>This is the implementation of a test case. Here you must
 	  call the functions you want to test, and do whatever you
 	  need to check the result. If something fails, make sure the
-	  function causes a runtime error, or call <c>ct:fail/[0,1]</c> 
-	  (which also causes the test case process to crash).</p>
+	  function causes a runtime error, or call <c>ct:fail/1/2</c> 
+	  (which also causes the test case process to terminate).</p>
 	
-	<p>Elements from the <c>Config</c> parameter can be read
-	  with the <c>?config</c> macro. The <c>config</c>
-	  macro is defined in <c>ct.hrl</c></p>
+	<p>Elements from the <c>Config</c> list can e.g. be read
+	  with <c>proplists:get_value/2</c> (or the macro <c>?config</c>
+	  defined in <c>ct.hrl</c>).</p>
 
 	<p>You can return <c>{skip,Reason}</c> if you decide not to
 	  run the test case after all. <c>Reason</c> will then be
diff --git a/lib/common_test/doc/src/config.gif b/lib/common_test/doc/src/config.gif
new file mode 100644
index 0000000000..ac8006c4fb
--- /dev/null
+++ b/lib/common_test/doc/src/config.gif
diff --git a/lib/common_test/doc/src/config_file_chapter.xml b/lib/common_test/doc/src/config_file_chapter.xml
index 6fc6638bf7..6a860bb58b 100644
--- a/lib/common_test/doc/src/config_file_chapter.xml
+++ b/lib/common_test/doc/src/config_file_chapter.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2004</year><year>2010</year>
+      <year>2004</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/common_test/doc/src/ct_hooks_chapter.xml b/lib/common_test/doc/src/ct_hooks_chapter.xml
index bac0c4eaa8..8505ee8469 100644
--- a/lib/common_test/doc/src/ct_hooks_chapter.xml
+++ b/lib/common_test/doc/src/ct_hooks_chapter.xml
@@ -108,9 +108,10 @@
     </section>
    
     <section>
-      <title>CTH Priority</title>
+      <title>CTH Execution order</title>
       <p>By default each CTH installed will be executed in the order which
-      they are installed. This is not always wanted so common_test allows 
+      they are installed for init calls, and then reversed for end calls.
+      This is not always wanted so common_test allows
       the user to specify a priority for each hook. The priority can either
       be specified in the CTH <seealso marker="ct_hooks#Module:init-2">init/2
       </seealso> function or when installing the hook. The priority given at
diff --git a/lib/common_test/doc/src/ct_run.xml b/lib/common_test/doc/src/ct_run.xml
index 9045646733..b01ab3667d 100644
--- a/lib/common_test/doc/src/ct_run.xml
+++ b/lib/common_test/doc/src/ct_run.xml
@@ -4,7 +4,7 @@
 <comref>
   <header>
     <copyright>
-      <year>2007</year><year>2010</year>
+      <year>2007</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/common_test/doc/src/event_handler_chapter.xml b/lib/common_test/doc/src/event_handler_chapter.xml
index b41b233ce6..a5886b9687 100644
--- a/lib/common_test/doc/src/event_handler_chapter.xml
+++ b/lib/common_test/doc/src/event_handler_chapter.xml
@@ -174,6 +174,16 @@
 	are also given.
 	</p></item>
 
+      <item><c>#event{name = tc_logfile, data = {{Suite,Func},LogFileName}}</c>
+        <p><c>Suite = atom()</c>, name of the test suite.</p>
+        <p><c>Func = atom()</c>, name of test case or configuration function.</p>
+        <p><c>LogFileName = string()</c>, full name of test case log file.</p>
+        <p>This event is sent at the start of each test case (and configuration function
+	  except <c>init/end_per_testcase</c>) and carries information about the
+	  full name (i.e. the file name including the absolute directory path) of
+	  the current test case log file.
+	</p></item>
+
       <marker id="tc_done"/>
       <item><c>#event{name = tc_done, data = {Suite,FuncOrGroup,Result}}</c>
         <p><c>Suite = atom()</c>, name of the suite.</p>
diff --git a/lib/common_test/doc/src/getting_started_chapter.xml b/lib/common_test/doc/src/getting_started_chapter.xml
new file mode 100644
index 0000000000..7de0912036
--- /dev/null
+++ b/lib/common_test/doc/src/getting_started_chapter.xml
@@ -0,0 +1,230 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+  <header>
+    <copyright>
+      <year>2007</year><year>2010</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+
+    </legalnotice>
+
+    <title>Getting Started</title>
+    <prepared>Peter Andersson</prepared>
+    <docno></docno>
+    <date>2011-12-12</date>
+    <rev></rev>
+    <file>getting_started_chapter.xml</file>
+  </header>
+
+  <section>
+    <title>Are you new around here?</title>
+    <p>
+      The purpose of this short chapter is to, with a "learning by example"
+      approach, give the newcomer a chance to get started quickly writing and
+      executing some first simple tests. The chapter will introduce some of the
+      basics, but leave most explanations and details for the later
+      chapters in this User's Guide. Hopefully though, after this chapter, you
+      will be inspired and unintimidated enough to go on and get into the
+      nitty-gritty that follows in this rather heavy User's Guide! If you're
+      not much into "learning by example" and prefer to get into more technical
+      detail right away, go ahead and skip to the next chapter. Again, the basics
+      presented here will be covered in detail in later chapters.
+    </p>
+    <p>
+      This chapter also tries to demonstrate how dead simple it actually is
+      to write a very basic (yet for many module testing purposes, often sufficiently
+      complex) test suite, and execute its test cases. This is not necessarily
+      obvious when you read the rest of the chapters in the User's Guide.
+    </p>
+    <p>
+      A quick note before we start: In order to understand what's discussed and
+      examplified here, it is recommended that you first read through the
+      opening <seealso marker="basics_chapter#basics">Common Test Basics</seealso>
+      chapter.
+    </p>
+    </section>
+
+    <section>
+    <title>Test case execution</title>
+    <p>Execution of test cases is handled this way:</p>
+    
+    <p>
+    <image file="tc_execution.gif">
+      <icaption>
+	Successful vs unsuccessful test case execution.
+      </icaption>
+    </image>
+    </p>
+
+    <p>For each test case that Common Test is told to execute, it spawns a
+      dedicated process on which the test case function in question starts
+      running. (In parallel to the test case process, an idle waiting timer
+      process is started which is linked to the test case process. If the timer
+      process runs out of waiting time, it sends an exit signal to terminate
+      the test case process and this is what's called a <em>timetrap</em>).
+    </p>
+    <p>In scenario 1, the test case process terminates normally after case A has
+      finished executing its test code without detecting any errors. The test
+      case function simply returns a value and Common Test logs the test case as
+      successful.
+    </p>
+    <p>In scenario 2, an error is detected during test case execution
+      which causes the test case B function to generate an exception.
+      This causes the test case process to exit with reason
+      other than normal, and as a result, Common Test will log this as an
+      unsuccessful test case.
+    </p>
+    <p>As you can understand from the illustration above, Common Test requires
+      that a test case generates a runtime error to indicate failure (e.g.
+      by causing a bad match error or by calling <c>exit/1</c>, preferrably
+      through the <c>ct:fail/1/2</c> help function). A succesful execution is
+      indicated by means of a normal return from the test case function.
+    </p>
+    </section>
+
+    <section>
+    <title>A simple test suite</title>
+    <p>As you've seen in the basics chapter, the test suite module implements
+      callback functions (mandatory or optional) for various purposes, e.g:
+      <list>
+	<item>Init/end configuration function for the test suite</item>
+	<item>Init/end configuration function for a test case</item>
+	<item>Init/end configuration function for a test case group</item>
+	<item>Test cases</item>
+      </list>
+      The configuration functions are optional and if you don't need them for
+      your test, a test suite with one simple test case could look like this:
+    </p>
+    <pre>
+      -module(my1st_SUITE).
+      -compile(export_all).
+
+      all() ->
+          [mod_exists].
+
+      mod_exists(_) ->
+          {module,mymod} = code:load_file(mymod).</pre>
+    <p>
+      In this example we check that the <c>mymod</c> module exists (i.e. can be
+      successfully loaded by the code server). If the operation fails, we will
+      get a bad match error which terminates the test case.
+    </p>
+    </section>
+
+    <section>
+    <title>A test suite with configuration functions</title>
+    <p>
+      If we need to perform configuration operations in order to run our test, we
+      implement configuration functions in our suite. The result from a
+      configuration function is configuration data, or simply <em><c>Config</c></em>.
+      This is a list of key-value tuples which get passed from the configuration
+      function to the test cases (possibly through configuration functions on
+      "lower level"). The data flow looks like this:
+    </p>
+
+    <p>
+    <image file="config.gif">
+      <icaption>
+	Config data flow in the suite.
+      </icaption>
+    </image>
+    </p>
+
+    <p>
+      Here's an example of a test suite which uses configuration functions
+      to open and close a log file for the test cases (an operation that would
+      be unnecessary and irrelevant to perform by each test case):
+    </p>
+    <pre>
+      -module(check_log_SUITE).
+      -export([all/0, init_per_suite/1, end_per_suite/1]).
+      -export([check_restart_result/1, check_no_errors/1]).
+      
+      -define(value(Key,Config), proplists:get_value(Key,Config)).
+
+      all() -> [check_restart_result, check_no_errors].
+
+      init_per_suite(InitConfigData) ->
+          [{logref,open_log()} | InitConfigData].
+
+      end_per_suite(ConfigData) ->
+          close_log(?value(logref, ConfigData)).
+
+      check_restart_result(ConfigData) ->
+          TestData = read_log(restart, ?value(logref, ConfigData)),
+          {match,_Line} = search_for("restart successful", TestData).
+      
+      check_no_errors(ConfigData) ->
+          TestData = read_log(all, ?value(logref, ConfigData)),
+          case search_for("error", TestData) of
+              {match,Line} -> ct:fail({error_found_in_log,Line});
+              nomatch -> ok
+          end.</pre>
+    <p>
+      In this example we have test cases that verify, by parsing a
+      log file, that our SUT has performed a successful restart and
+      that no unexpected errors have been printed.
+    </p>
+
+    <p>To execute the test cases in the test suite above, we could type this on
+      the Unix/Linux command line (assuming for this example that the suite module
+      is in the current working directory):
+    </p>
+    <pre>
+      $ ct_run -dir .</pre>
+    <p>or</p>
+    <pre>
+    $ ct_run -suite check_log_SUITE</pre>
+
+    <p>If we want to use the Erlang shell to run our test, we could evaluate this call:
+    </p>
+    <pre>
+      1> ct:run_test([{dir, "."}]).</pre>
+    <p>or</p>
+    <pre>
+      1> ct:run_test([{suite, "check_log_SUITE"}]).</pre>
+    <p>
+      The result from running our test is printed in log files on HTML format
+      (stored in unique log directories on different level). This illustration
+      shows the log file structure:
+    </p>
+
+    <p>
+    <image file="html_logs.gif">
+      <icaption>
+	HTML log file structure.
+      </icaption>
+    </image>
+    </p>
+  </section>
+
+  <section>
+    <title>What happens next?</title>
+    <p>
+      You will find detailed information about the basics introduced here in this
+      chapter in the following chapters in the User's Guide, as well as
+      presentations of many more useful features. Have fun!
+    </p>
+    </section>
+</chapter>
+
+
+
+
+
+
+
+
diff --git a/lib/common_test/doc/src/html_logs.gif b/lib/common_test/doc/src/html_logs.gif
new file mode 100644
index 0000000000..3a3fd86bde
--- /dev/null
+++ b/lib/common_test/doc/src/html_logs.gif
diff --git a/lib/common_test/doc/src/notes.xml b/lib/common_test/doc/src/notes.xml
index af96ef621f..da0b6b2d65 100644
--- a/lib/common_test/doc/src/notes.xml
+++ b/lib/common_test/doc/src/notes.xml
@@ -32,6 +32,163 @@
     <file>notes.xml</file>
     </header>
 
+<section><title>Common_Test 1.6</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    A Getting Started chapter has been added to the Common
+	    Test User's Guide.</p>
+          <p>
+	    Own Id: OTP-9156</p>
+        </item>
+        <item>
+          <p>
+	    The test case group info function has been implemented in
+	    Common Test. Before execution of a test case group, a
+	    call is now made to <c>TestSuite:group(GroupName)</c>.
+	    The function returns a list of test properties, e.g. to
+	    specify timetrap values, require configuration data, etc
+	    (analogue to the test suite- and test case info
+	    function). The scope of the properties set by
+	    <c>group(GroupName)</c> is all test cases and sub-groups
+	    of group <c>GroupName</c>.</p>
+          <p>
+	    Own Id: OTP-9235</p>
+        </item>
+        <item>
+          <p>
+	    Common Test hooks are now in a final supported version.
+	    The Common Test hooks allow you to abstract out
+	    initialization behaviour that is common to multiple test
+	    suites into one place and also extend the behaviour of a
+	    suite without changing the suite itself. For more
+	    information see the Common Test user's guide.</p>
+          <p>
+	    Own Id: OTP-9449</p>
+        </item>
+        <item>
+          <p>
+	    A new built-in common test hook has been added which
+	    captures error_logger and SASL event and prints them in
+	    the testcase log. To disable this (and any other built-in
+	    hooks) pass 'enable_builtin_hooks false' to common test.</p>
+          <p>
+	    Own Id: OTP-9543</p>
+        </item>
+        <item>
+          <p>
+	    Common Test now calls info functions also for the
+	    <c>init/end_per_suite/1</c> and
+	    <c>init/end_per_group/2</c> configuration functions.
+	    These can be used e.g. to set timetraps and require
+	    external configuration data relevant only for the
+	    configuration functions in question (without affecting
+	    properties set for groups and test cases in the suite).
+	    The info function for <c>init/end_per_suite(Config)</c>
+	    is <c>init/end_per_suite()</c>, and for
+	    <c>init/end_per_group(GroupName,Config)</c> it's
+	    <c>init/end_per_group(GroupName)</c>. Info functions can
+	    not be used with <c>init/end_per_testcase(TestCase,
+	    Config)</c>, since these configuration functions execute
+	    on the test case process and will use the same properties
+	    as the test case (i.e. properties set by the test case
+	    info function, <c>TestCase()</c>).</p>
+          <p>
+	    Own Id: OTP-9569</p>
+        </item>
+        <item>
+          <p>
+	    It's now possible to read the full name of the test case
+	    log file during execution. One way to do this is to
+	    lookup it up as value of the key <c>tc_logfile</c> in the
+	    test case <c>Config</c> list (which means it can also be
+	    read by a pre- or post Common Test hook function). The
+	    data is also sent with the event
+	    <c>#event{name=tc_logfile,data={{Suite,Func},LogFileName}}</c>,
+	    and can be read by any installed event handler.</p>
+          <p>
+	    Own Id: OTP-9676 Aux Id: seq11941 </p>
+        </item>
+        <item>
+          <p>
+	    The look of the HTML log files generated by Common Test
+	    and Test Server has been improved (and made easier to
+	    customize) by means of a CSS file.</p>
+          <p>
+	    Own Id: OTP-9706</p>
+        </item>
+        <item>
+          <p>
+	    Functions ct:fail(Format, Args) and ct:comment(Format,
+	    Args) have been added in order to make printouts of
+	    formatted error and comment strings easier (no need for
+	    the user to call io_lib:format/2 explicitly).</p>
+          <p>
+	    Own Id: OTP-9709 Aux Id: seq11951 </p>
+        </item>
+        <item>
+          <p>
+	    The order in which ct hooks are executed for cleanup
+	    hooks (i.e. *_end_per_* hooks) has been reversed.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9774 Aux Id: seq11913 </p>
+        </item>
+        <item>
+          <p>
+	    Printouts to stdout may be captured during test case
+	    execution. This is useful in order to e.g. read and parse
+	    tty printouts from the SUT during test case execution (if
+	    necessary, say, to determine the outcome of the test).
+	    The capturing session is started with
+	    <c>ct:capture_start/0</c>, and stopped with
+	    <c>ct:capture_stop/0</c>. The list of buffered strings is
+	    read and purged with <c>ct:capture_get/0/1</c>. It's
+	    possible to filter out printouts made with
+	    <c>ct:log/2/3</c> and <c>ct:pal/2/3</c> from the captured
+	    list of strings. This is done by calling
+	    <c>capture_get/1</c> with a list of log categories to
+	    exclude.</p>
+          <p>
+	    Own Id: OTP-9775</p>
+        </item>
+        <item>
+          <p>
+	    The syntax for specifying test case groups in the all/0
+	    list has been extended to include execution properties
+	    for both groups and sub-groups. The properties specified
+	    in all/0 for a group overrides the properties specified
+	    in the group declaration (in groups/0). The main purpose
+	    of this extension is to make it possible to run the same
+	    set of tests, but with different properties, without
+	    having to declare copies of the group in question. Also,
+	    the same syntax may be used in test specifications in
+	    order to change properties of groups at the time of
+	    execution, without having to edit the test suite. Please
+	    see the User's Guide for details and examples.</p>
+          <p>
+	    Own Id: OTP-9809 Aux Id: OTP-9235 </p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Known Bugs and Problems</title>
+      <list>
+        <item>
+          <p>
+	    Fix problems in CT/TS due to line numbers in exceptions.</p>
+          <p>
+	    Own Id: OTP-9203</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Common_Test 1.5.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/common_test/doc/src/part.xml b/lib/common_test/doc/src/part.xml
index 3284bcadaa..a74185221d 100644
--- a/lib/common_test/doc/src/part.xml
+++ b/lib/common_test/doc/src/part.xml
@@ -65,6 +65,7 @@
   </description>
 
   <xi:include href="basics_chapter.xml"/>
+  <xi:include href="getting_started_chapter.xml"/>
   <xi:include href="install_chapter.xml"/>
   <xi:include href="write_test_chapter.xml"/>
   <xi:include href="test_structure_chapter.xml"/>
diff --git a/lib/common_test/doc/src/run_test_chapter.xml b/lib/common_test/doc/src/run_test_chapter.xml
index 57059f0ba2..848f278fa6 100644
--- a/lib/common_test/doc/src/run_test_chapter.xml
+++ b/lib/common_test/doc/src/run_test_chapter.xml
@@ -412,6 +412,16 @@
       the way from <c>init_per_suite</c> down to the test cases in the
       sub group).</p>
 
+    <p>With the <c>GroupSpec</c> element (below) it's possible to specify
+      group execution properties that will override those specified in the
+      group definition (i.e. in <c>groups/0</c>). Execution properties for
+      sub-groups may be overridden as well. This feature makes it possible to
+      change properties of groups at the time of execution,
+      without even having to edit the test suite. More detailed documentation,
+      and examples, can be found in the
+      <seealso marker="write_test_chapter#test_case_groups">
+      Test case groups</seealso> chapter.</p>
+
     <p>Below is the test specification syntax. Test specifications can
       be used to run tests both in a single test host environment and
       in a distributed Common Test environment (Large Scale
@@ -475,8 +485,8 @@
       {groups, DirRef, Suite, Groups}.
       {groups, NodeRefsDirRef, Suite, Groups}.
 
-      {groups, DirRef, Suite, Group, {cases,Cases}}.
-      {groups, NodeRefsDirRef, Suite, Group, {cases,Cases}}.
+      {groups, DirRef, Suite, GroupSpec, {cases,Cases}}.
+      {groups, NodeRefsDirRef, Suite, GroupSpec, {cases,Cases}}.
 
       {cases, DirRef, Suite, Cases}.                           
       {cases, NodeRefs, DirRef, Suite, Cases}.
@@ -510,7 +520,8 @@
       DirRef        = DirAlias | Dir
       Suites        = atom() | [atom()] | all
       Suite         = atom()
-      Groups        = atom() | [atom()] | all
+      Groups        = GroupSpec | [GroupSpec] | all
+      GroupSpec     = Group | {Group,Properties} | {Group,Properties,GroupSpec}
       Group         = atom()
       Cases         = atom() | [atom()] | all
       Comment       = string() | ""
@@ -644,14 +655,25 @@
 	to each individual test case log file for quick viewing with an HTML 
 	browser.</p>
       
-      <p>The minor log file contain full details of every single test
-	case, each one in a separate file. This way the files should
-	be easy to compare with previous test runs, even if the set of
-	test cases change. If SASL is running those logs will also be
-        printed there by the
+      <p>The minor log files contain full details of every single test
+	case, each one in a separate file. This way, it should be
+	straightforward	to compare the latest results to that of previous
+	test runs, even if the set of test cases changes. If SASL is running,
+	its logs will also be printed to the current minor log file by the
 	<seealso marker="common_test:ct_hooks_chapter#builtin_cths">
 	  cth_log_redirect built-in hook</seealso>.
-        </p>
+      </p>
+
+      <p>The full name of the minor log file (i.e. the name of the file
+	including the absolute directory path) can be read during execution
+	of the test case. It comes as value in the tuple
+	<c>{tc_logfile,LogFileName}</c> in the <c>Config</c> list (which means it
+	can also be read by a pre- or post Common Test hook function). Also,
+	at the start of a test case, this data is sent with an event
+	to any installed event handler.	Please see the
+	<seealso marker="event_handler_chapter#event_handling">Event Handling</seealso>
+	chapter for details.
+      </p>
       
       <p>Which information goes where is user configurable via the
 	test server controller. Three threshold values determine what
@@ -693,8 +715,15 @@
       <section>
 	<marker id="html_stylesheet"></marker>
 	<title>HTML Style Sheets</title>
-	<p>Common Test includes the <em>optional</em> feature to use
-	  HTML style sheets (CSS) for customizing user printouts. The
+	<p>Common Test uses a CSS file to control the look of the HTML
+	  files generated during test runs. If, for some reason, the
+	  log files are not displayed correctly in the HTML browser of your
+	  choice, or you prefer the "pre Common Test v1.6 look"
+	  of the log files (i.e. not using CSS), use the start flag/option
+	  <c>basic_html</c> to revert to the old style.</p>
+	  
+	<p>Common Test includes an <em>optional</em> feature to allow
+	  user HTML style sheets for customizing printouts. The
 	  functions in <c>ct</c> that print to a test case HTML log
 	  file (<c>log/3</c> and <c>pal/3</c>) accept <c>Category</c>
 	  as first argument. With this argument it's possible to
@@ -708,22 +737,16 @@
 	  look like this:</p>
 
 	<pre>
-&lt;style&gt;
-  div.ct_internal { background:lightgrey; color:black }
-  div.default     { background:lightgreen; color:black }
-  div.sys_config  { background:blue; color:white }
-  div.sys_state   { background:yellow; color:black }
-  div.error       { background:red; color:white }
-&lt;/style&gt;
-	</pre>
+	  div.sys_config  { background:blue; color:white }
+	  div.sys_state   { background:yellow; color:black }
+	  div.error       { background:red; color:white }</pre>
 
 	<p>To install the CSS file (Common Test inlines the definition in the 
 	  HTML code), the name may be provided when executing <c>ct_run</c>.
 	  Example:</p>
 
 	<pre>
-	  $ ct_run -dir $TEST/prog -stylesheet $TEST/styles/test_categories.css
-	</pre>
+	  $ ct_run -dir $TEST/prog -stylesheet $TEST/styles/test_categories.css</pre>
 
 	  <p>Categories in a CSS file installed with the <c>-stylesheet</c> flag
 	    are on a global test level in the sense that they can be used in any 
@@ -744,8 +767,7 @@
 	      ct:log(sys_state, "Connections: ~p", [ConnectionInfo]),
 	      ...
 	      ct:pal(error, "Error ~p detected! Info: ~p", [SomeFault,ErrorInfo]),
-	      ct:fail(SomeFault).
-	  </pre>
+	      ct:fail(SomeFault).</pre>
 
 	<p>If the style sheet is installed as in this example, the categories are 
 	  private to the suite in question. They can be used by all test cases in the 
@@ -769,21 +791,6 @@
 	<p>The <c>Category</c> argument in the example above may have the
 	  value (atom) <c>sys_config</c> (white on blue), <c>sys_state</c>
 	  (black on yellow) or <c>error</c> (white on red).</p>
-
-	<p>If the <c>Category</c> argument is not specified, Common Test will
-	  use the CSS selector <c>div.default</c> for the
-	  printout. For this reason a user supplied style sheet must
-	  include this selector. Also the selector
-	  <c>div.ct_internal</c> must be included. Hence a minimal
-	  user style sheet should look like this (which is also the
-	  default style sheet Common Test uses if no user CSS file is
-	  provided):</p>
-	<pre>
-	  &lt;style&gt;
-	  div.ct_internal { background:lightgrey; color:black }
-	  div.default     { background:lightgreen; color:black }
-	  &lt;/style&gt;
-	</pre>	  
   </section>
 
   <section>
diff --git a/lib/common_test/doc/src/tc_execution.gif b/lib/common_test/doc/src/tc_execution.gif
new file mode 100644
index 0000000000..7c89d7be57
--- /dev/null
+++ b/lib/common_test/doc/src/tc_execution.gif
diff --git a/lib/common_test/doc/src/write_test_chapter.xml b/lib/common_test/doc/src/write_test_chapter.xml
index e35888e68f..c0ec26ddcc 100644
--- a/lib/common_test/doc/src/write_test_chapter.xml
+++ b/lib/common_test/doc/src/write_test_chapter.xml
@@ -68,7 +68,7 @@
 
     <p>Each test suite module must export the function <c>all/0</c>
       which returns the list of all test case groups and test cases 
-      in that module. 
+      to be executed in that module. 
     </p>
 
   </section>
@@ -369,10 +369,12 @@
     <title>Test suite info function</title>
 
       <p>The <c>suite/0</c> function can be used in a test suite
-	module to set the default values for the <c>timetrap</c> and
-	<c>require</c> tags. If a test case info function also specifies
-	any of these tags, the default value is overruled. See above for
-	more information.
+	module to e.g. set a default <c>timetrap</c> value and to
+	<c>require</c> external configuration data. If a test case-, or
+	group info function also specifies any of the info tags, it
+	overrides the default values set by <c>suite/0</c>. See the test
+	case info function above, and group info function below, for more
+	details.
       </p>
       
       <p>Other options that may be specified with the suite info list are:</p>
@@ -450,11 +452,65 @@
     <pre>
       all() -> [testcase1, {group,group1}, testcase2, {group,group2}].</pre>
 
-    <p>Properties may be combined so that e.g. if <c>shuffle</c>, 
-    <c>repeat_until_any_fail</c> and <c>sequence</c> are all specified, the test 
-    cases in the group will be executed repeatedly and in random order until
-    a test case fails, when execution is immediately stopped and the rest of 
-    the cases skipped.</p>
+    <p>It is also possible to specify execution properties with a group
+      tuple in <c>all/0</c>: <c>{group,GroupName,Properties}</c>. These
+      properties will override those specified in the group definition (see
+      <c>groups/0</c> above). This way, it's possible to run the same set of tests,
+      but with different properties, without having to make copies of the group
+      definition in question.</p>
+
+    <p>If a group contains sub-groups, the execution properties for these may
+      also be specified in the group tuple:
+      <c>{group,GroupName,Properties,SubGroups}</c>, where <c>SubGroups</c>
+      is a list of tuples, <c>{GroupName,Properties}</c>, or
+      <c>{GroupName,Properties,SubGroups}</c>, representing the sub-groups.
+      Any sub-groups defined in <c>group/0</c> for a group, that are not specified
+      in the <c>SubGroups</c> list, will simply execute with their pre-defined
+      properties.</p>
+
+    <p>Example:</p>
+    <pre>
+      groups() -> {tests1, [], [{tests2, [], [t2a,t2b]},
+                                {tests3, [], [t31,t3b]}]}.</pre>
+    <p>To execute group 'tests1' twice with different properties for 'tests2'
+      each time:</p>
+    <pre>
+      all() ->
+         [{group, tests1, default, [{tests2, [parallel]}]},
+          {group, tests1, default, [{tests2, [shuffle,{repeat,10}]}]}].</pre>
+    <p>Note that this is equivalent to this specification:</p>
+    <pre>
+      all() ->
+         [{group, tests1, default, [{tests2, [parallel]},
+                                    {tests3, default}]},
+          {group, tests1, default, [{tests2, [shuffle,{repeat,10}]},
+                                    {tests3, default}]}].</pre>
+    <p>The value <c>default</c> states that the pre-defined properties
+      should be used.</p>
+    <p>Here's an example of how to override properties in a scenario
+      with deeply nested groups:</p>
+    <pre>
+      groups() ->
+         [{tests1, [], [{group, tests2}]},
+          {tests2, [], [{group, tests3}]},
+          {tests3, [{repeat,2}], [t3a,t3b,t3c]}].
+
+      all() ->
+         [{group, tests1, default, 
+           [{tests2, default,
+             [{tests3, [parallel,{repeat,100}]}]}]}].</pre>
+
+    <p>The syntax described above may also be used in Test Specifications
+      in order to change properties of groups at the time of execution,
+      without even having to edit the test suite (please see the
+      <seealso marker="run_test_chapter#test_specifications">Test
+	Specifications</seealso> chapter for more info).</p>
+
+    <p>As illustrated above, properties may be combined. If e.g.
+      <c>shuffle</c>, <c>repeat_until_any_fail</c> and <c>sequence</c>
+      are all specified, the test cases in the group will be executed
+      repeatedly, and in random order, until a test case fails. Then
+      execution is immediately stopped and the rest of the cases skipped.</p>
 
     <p>Before execution of a group begins, the configuration function
     <c>init_per_group(GroupName, Config)</c> is called (the function is
@@ -641,6 +697,51 @@
   </section>
 
   <section>
+    <marker id="group_info"></marker>
+    <title>Group info function</title>
+
+      <p>The test case group info function, <c>group(GroupName)</c>,
+	serves the same purpose as the suite- and test case info
+	functions previously described in this chapter. The scope for
+	the group info, however, is all test cases and sub-groups in the
+	group in question (<c>GroupName</c>).</p>
+      <p>Example:</p>
+      <pre>
+	group(connection_tests) ->
+	   [{require,login_data},
+	    {timetrap,1000}].</pre>
+	
+      <p>The group info properties override those set with the
+	suite info function, and may in turn be overridden by test
+	case info properties. Please see the test case info
+	function above for a list of valid info properties and more
+	general information.</p>
+  </section>
+
+  <section>
+    <title>Info functions for init- and end-configuration</title>
+      <p>It is possible to use info functions also for the <c>init_per_suite</c>,
+	<c>end_per_suite</c>, <c>init_per_group</c>, and <c>end_per_group</c>
+	functions, and it works the same way as with info functions
+	for test cases (see above). This is useful e.g. for setting
+	timetraps and requiring external configuration data relevant
+	only for the configuration function in question (without
+	affecting properties set for groups and test cases in the suite).</p>
+
+      <p>The info function <c>init/end_per_suite()</c> is called for
+	<c>init/end_per_suite(Config)</c>, and info function
+	<c>init/end_per_group(GroupName)</c> is called for
+	<c>init/end_per_group(GroupName,Config)</c>. Info functions
+	can not be used with <c>init/end_per_testcase(TestCase, Config)</c>,
+	however, since these configuration functions execute on the test case process
+	and will use the same properties as the test case (i.e. the properties
+	set by the test case info function, <c>TestCase()</c>). Please see the test case
+	info function above for a list of valid info properties and more
+	general information.
+      </p>
+  </section>
+
+  <section>
     <marker id="data_priv_dir"></marker>
     <title>Data and Private Directories</title>
 
diff --git a/lib/common_test/priv/auxdir/config.guess b/lib/common_test/priv/auxdir/config.guess
index fefabd7dd0..38a833903b 120000..100755
--- a/lib/common_test/priv/auxdir/config.guess
+++ b/lib/common_test/priv/auxdir/config.guess
@@ -1 +1,1519 @@
-../../../../erts/autoconf/config.guess
\ No newline at end of file
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+#   Inc.
+
+timestamp='2007-05-17'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner <[email protected]>.
+# Please send patches to <[email protected]>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# The plan is that this can be called by configure scripts if you
+# don't specify an explicit build system type.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <[email protected]>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# ([email protected] 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep __ELF__ >/dev/null
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# [email protected] (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:SunOS:5.*:* | ix86xen:SunOS:5.*:*)
+	echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[45])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep __LP64__ >/dev/null
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	case ${UNAME_MACHINE} in
+	    pc98)
+		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    *:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    *:Interix*:[3456]*)
+    	case ${UNAME_MACHINE} in
+	    x86) 
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    EM64T | authenticamd)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    arm*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    avr32*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-gnu
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-gnu
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-gnu
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    mips:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips
+	#undef mipsel
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mipsel
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips64
+	#undef mips64el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mips64el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips64
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-gnu
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-gnu
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-gnu
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-gnu ;;
+	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
+	  *)    echo hppa-unknown-linux-gnu ;;
+	esac
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-gnu
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    tile:Linux:*:*)
+	echo tile-unknown-linux-gnu
+	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-gnu
+	exit ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-gnu
+	exit ;;
+    xtensa:Linux:*:*)
+    	echo xtensa-unknown-linux-gnu
+	exit ;;
+    i*86:Linux:*:*)
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	# Set LC_ALL=C to ensure ld outputs messages in English.
+	ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
+		;;
+	  a.out-i386-linux)
+		echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+		exit ;;
+	  coff-i386)
+		echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+		exit ;;
+	  "")
+		# Either a pre-BFD a.out linker (linux-gnuoldld) or
+		# one that does not give us useful --help.
+		echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+		exit ;;
+	esac
+	# Determine whether the default compiler is a.out or elf
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <features.h>
+	#ifdef __ELF__
+	# ifdef __GLIBC__
+	#  if __GLIBC__ >= 2
+	LIBC=gnu
+	#  else
+	LIBC=gnulibc1
+	#  endif
+	# else
+	LIBC=gnulibc1
+	# endif
+	#else
+	#if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+	LIBC=gnu
+	#else
+	LIBC=gnuaout
+	#endif
+	#endif
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^LIBC/{
+		s: ::g
+		p
+	    }'`"
+	test x"${LIBC}" != x && {
+		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+		exit
+	}
+	test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i386.
+	echo i386-pc-msdosdjgpp
+        exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && { echo i486-ncr-sysv4; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <[email protected]>
+        echo i586-unisys-sysv4
+        exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <[email protected]>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From [email protected].
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From [email protected].
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From [email protected].
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = "x86"; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    c34*)
+	echo c34-convex-bsd
+	exit ;;
+    c38*)
+	echo c38-convex-bsd
+	exit ;;
+    c4*)
+	echo c4-convex-bsd
+	exit ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <[email protected]> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/lib/common_test/priv/auxdir/config.sub b/lib/common_test/priv/auxdir/config.sub
index 90979e8924..f43233b104 120000..100755
--- a/lib/common_test/priv/auxdir/config.sub
+++ b/lib/common_test/priv/auxdir/config.sub
@@ -1 +1,1630 @@
-../../../../erts/autoconf/config.sub
\ No newline at end of file
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+#   Inc.
+
+timestamp='2007-04-29'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <[email protected]>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <[email protected]>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray)
+		os=
+		basic_machine=$1
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+	| bfin \
+	| c4x | clipper \
+	| d10v | d30v | dlx | dsp16xx \
+	| fido | fr30 | frv \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64vr | mips64vrel \
+	| mips64orion | mips64orionel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| mt \
+	| msp430 \
+	| nios | nios2 \
+	| ns16k | ns32k \
+	| or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
+	| tahoe | thumb | tic4x | tic80 | tron \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* | avr32-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| m32c-* | m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
+	| msp430-* \
+	| nios-* | nios2-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+	| tron-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa-* \
+	| ymp-* \
+	| z8k-*)
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16c)
+		basic_machine=cr16c-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+		;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	tile*)
+		basic_machine=tile-tilera
+		os=-linux-gnu
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+        -os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+        -tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+        mep-*)
+		os=-elf
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+    	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/lib/common_test/priv/auxdir/install-sh b/lib/common_test/priv/auxdir/install-sh
index 9422c370df..a5897de6ea 120000..100755
--- a/lib/common_test/priv/auxdir/install-sh
+++ b/lib/common_test/priv/auxdir/install-sh
@@ -1 +1,519 @@
-../../../../erts/autoconf/install-sh
\ No newline at end of file
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2006-12-25.00
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  trap '(exit $?); exit' 1 2 13 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dst_arg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writeable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	-*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test -z "$d" && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/lib/common_test/priv/ct_default.css b/lib/common_test/priv/ct_default.css
index a64e1ec576..75f8d5db8a 100644
--- a/lib/common_test/priv/ct_default.css
+++ b/lib/common_test/priv/ct_default.css
@@ -147,7 +147,7 @@ td a:visited {
 }
 
 tr:hover th[scope=row], tr:hover td { 
-    background-color: #808080;
+    background-color: #D1D1D1;
     color: #fff;
 } 
 
diff --git a/lib/common_test/src/common_test.app.src b/lib/common_test/src/common_test.app.src
index 57606c01db..7fba484b18 100644
--- a/lib/common_test/src/common_test.app.src
+++ b/lib/common_test/src/common_test.app.src
@@ -1,7 +1,7 @@
 % This is an -*- erlang -*- file.
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2009-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/src/ct.erl b/lib/common_test/src/ct.erl
index 69e15fa246..e0e82283c4 100644
--- a/lib/common_test/src/ct.erl
+++ b/lib/common_test/src/ct.erl
@@ -63,9 +63,10 @@
 	 log/1, log/2, log/3,
 	 print/1, print/2, print/3,
 	 pal/1, pal/2, pal/3,
-	 fail/1, comment/1,
+	 capture_start/0, capture_stop/0, capture_get/0, capture_get/1,
+	 fail/1, fail/2, comment/1, comment/2,
 	 testcases/2, userdata/2, userdata/3,
-	 timetrap/1, sleep/1]).
+	 timetrap/1, get_timetrap_info/0, sleep/1]).
 
 %% New API for manipulating with config handlers
 -export([add_config/2, remove_config/2]).
@@ -108,7 +109,7 @@ install(Opts) ->
 %%%   Cases = atom() | [atom()]
 %%%   Result = [TestResult] | {error,Reason}
 %%%
-%%% @doc Run the given testcase(s).
+%%% @doc Run the given test case(s).
 %%%
 %%% <p>Requires that <code>ct:install/1</code> has been run first.</p>
 %%%
@@ -121,7 +122,7 @@ run(TestDir,Suite,Cases) ->
 %%%-----------------------------------------------------------------
 %%% @spec run(TestDir,Suite) -> Result
 %%%
-%%% @doc Run all testcases in the given suite.
+%%% @doc Run all test cases in the given suite.
 %%% @see run/3.
 run(TestDir,Suite) ->
     ct_run:run(TestDir,Suite).
@@ -130,7 +131,7 @@ run(TestDir,Suite) ->
 %%% @spec run(TestDirs) -> Result
 %%%   TestDirs = TestDir | [TestDir]
 %%%
-%%% @doc Run all testcases in all suites in the given directories.
+%%% @doc Run all test cases in all suites in the given directories.
 %%% @see run/3.
 run(TestDirs) ->
     ct_run:run(TestDirs).
@@ -440,11 +441,10 @@ log(X1,X2) ->
 %%%      Format = string()
 %%%      Args = list()
 %%%
-%%% @doc Printout from a testcase to the log. 
+%%% @doc Printout from a test case to the log file. 
 %%%
-%%% <p>This function is meant for printing stuff directly from a
-%%% testcase (i.e. not from within the CT framework) in the test
-%%% log.</p>
+%%% <p>This function is meant for printing a string directly from a
+%%% test case to the test case log file.</p>
 %%%
 %%% <p>Default <code>Category</code> is <code>default</code> and
 %%% default <code>Args</code> is <code>[]</code>.</p>
@@ -473,10 +473,10 @@ print(X1,X2) ->
 %%%      Format = string()
 %%%      Args = list()
 %%%
-%%% @doc Printout from a testcase to the console. 
+%%% @doc Printout from a test case to the console. 
 %%%
-%%% <p>This function is meant for printing stuff from a testcase on
-%%% the console.</p>
+%%% <p>This function is meant for printing a string from a test case
+%%% to the console.</p>
 %%%
 %%% <p>Default <code>Category</code> is <code>default</code> and
 %%% default <code>Args</code> is <code>[]</code>.</p>
@@ -508,16 +508,75 @@ pal(X1,X2) ->
 %%%      Format = string()
 %%%      Args = list()
 %%%
-%%% @doc Print and log from a testcase. 
+%%% @doc Print and log from a test case. 
 %%%
-%%% <p>This function is meant for printing stuff from a testcase both
-%%% in the log and on the console.</p>
+%%% <p>This function is meant for printing a string from a test case,
+%%% both to the test case log file and to the console.</p>
 %%%
 %%% <p>Default <code>Category</code> is <code>default</code> and
 %%% default <code>Args</code> is <code>[]</code>.</p>
 pal(Category,Format,Args) ->
     ct_logs:tc_pal(Category,Format,Args).
 
+%%%-----------------------------------------------------------------
+%%% @spec capture_start() -> ok
+%%%
+%%% @doc Start capturing all text strings printed to stdout during
+%%% execution of the test case.
+%%%
+%%% @see capture_stop/0
+%%% @see capture_get/1
+capture_start() ->
+    test_server:capture_start().
+
+%%%-----------------------------------------------------------------
+%%% @spec capture_stop() -> ok
+%%%
+%%% @doc Stop capturing text strings (a session started with
+%%% <code>capture_start/0</code>).
+%%%
+%%% @see capture_start/0
+%%% @see capture_get/1
+capture_stop() ->
+    test_server:capture_stop().
+
+%%%-----------------------------------------------------------------
+%%% @spec capture_get() -> ListOfStrings
+%%%      ListOfStrings = [string()]
+%%%
+%%% @equiv capture_get([default])
+capture_get() ->
+    %% remove default log printouts (e.g. ct:log/2 printouts)
+    capture_get([default]).
+
+%%%-----------------------------------------------------------------
+%%% @spec capture_get(ExclCategories) -> ListOfStrings
+%%%      ExclCategories = [atom()]
+%%%      ListOfStrings = [string()]
+%%%
+%%% @doc Return and purge the list of text strings buffered
+%%% during the latest session of capturing printouts to stdout.
+%%% With <code>ExclCategories</code> it's possible to specify
+%%% log categories that should be ignored in <code>ListOfStrings</code>.
+%%% If <code>ExclCategories = []</code>, no filtering takes place.
+%%%
+%%% @see capture_start/0
+%%% @see capture_stop/0
+%%% @see log/3
+capture_get([ExclCat | ExclCategories]) ->
+    Strs = test_server:capture_get(),
+    CatsStr = [atom_to_list(ExclCat) | 
+	       [[$| | atom_to_list(EC)] || EC <- ExclCategories]],
+    {ok,MP} = re:compile("<div class=\"(" ++ lists:flatten(CatsStr) ++ ")\">.*"),
+    lists:flatmap(fun(Str) ->
+			  case re:run(Str, MP) of
+			      {match,_} -> [];
+			      nomatch -> [Str]
+			  end
+		  end, Strs);
+
+capture_get([]) ->
+    test_server:capture_get().
 
 %%%-----------------------------------------------------------------
 %%% @spec fail(Reason) -> void()
@@ -528,18 +587,35 @@ pal(Category,Format,Args) ->
 fail(Reason) ->
     exit({test_case_failed,Reason}).
 
+
+%%%-----------------------------------------------------------------
+%%% @spec fail(Format, Args) -> void()
+%%%      Format = string()
+%%%      Args = list()
+%%%
+%%% @doc Terminate a test case with an error message specified
+%%% by a format string and a list of values (used as arguments to
+%%% <code>io_lib:format/2</code>).
+fail(Format, Args) ->
+    try io_lib:format(Format, Args) of
+	Str ->
+	    exit({test_case_failed,lists:flatten(Str)})
+    catch
+	_:BadArgs ->
+	    exit({BadArgs,{?MODULE,fail,[Format,Args]}})
+    end.
+
+
 %%%-----------------------------------------------------------------
 %%% @spec comment(Comment) -> void()
 %%%      Comment = term()
 %%%
-%%% @doc Print the given <code>Comment</code> in the comment field of
+%%% @doc Print the given <code>Comment</code> in the comment field in
 %%% the table on the test suite result page.
 %%%
 %%% <p>If called several times, only the last comment is printed.
-%%% <code>comment/1</code> is also overwritten by the return value
-%%% <code>{comment,Comment}</code> or by the function
-%%% <code>fail/1</code> (which prints <code>Reason</code> as a
-%%% comment).</p>
+%%% The test case return value <code>{comment,Comment}</code>
+%%% overwrites the string set by this function.</p>
 comment(Comment) when is_list(Comment) ->
     Formatted =
 	case (catch io_lib:format("~s",[Comment])) of
@@ -553,6 +629,29 @@ comment(Comment) ->
     Formatted = io_lib:format("~p",[Comment]),
     send_html_comment(lists:flatten(Formatted)).
 
+%%%-----------------------------------------------------------------
+%%% @spec comment(Format, Args) -> void()
+%%%      Format = string()
+%%%      Args = list()
+%%%
+%%% @doc Print the formatted string in the comment field in
+%%% the table on the test suite result page.
+%%% 
+%%% <p>The <code>Format</code> and <code>Args</code> arguments are
+%%% used in call to <code>io_lib:format/2</code> in order to create
+%%% the comment string. The behaviour of <code>comment/2</code> is
+%%% otherwise the same as the <code>comment/1</code> function (see
+%%% above for details).</p>
+comment(Format, Args) when is_list(Format), is_list(Args) ->
+    Formatted =
+	case (catch io_lib:format(Format, Args)) of
+	    {'EXIT',Reason} ->  % bad args
+		exit({Reason,{?MODULE,comment,[Format,Args]}});
+	    String ->
+		lists:flatten(String)
+	end,
+    send_html_comment(Formatted).
+
 send_html_comment(Comment) ->
     Html = "<font color=\"green\">" ++ Comment ++ "</font>",
     ct_util:set_testdata({comment,Html}),
@@ -606,7 +705,7 @@ listenv(Telnet) ->
 %%%       Testcases = list()
 %%%       Reason = term()
 %%%
-%%% @doc Returns all testcases in the specified suite.
+%%% @doc Returns all test cases in the specified suite.
 testcases(TestDir, Suite) ->
     case make_and_load(TestDir, Suite) of
 	E = {error,_} ->
@@ -664,7 +763,8 @@ userdata(TestDir, Suite) ->
 	    get_userdata(Info, "suite/0")
     end.
 
-get_userdata({'EXIT',{undef,_}}, Spec) ->
+get_userdata({'EXIT',{Undef,_}}, Spec) when Undef == undef;
+					     Undef == function_clause ->
     {error,list_to_atom(Spec ++ " is not defined")};
 get_userdata({'EXIT',Reason}, Spec) ->
     {error,{list_to_atom("error in " ++ Spec),Reason}};
@@ -680,16 +780,27 @@ get_userdata(_BadTerm, Spec) ->
     {error,list_to_atom(Spec ++ " must return a list")}.
    
 %%%-----------------------------------------------------------------
-%%% @spec userdata(TestDir, Suite, Case) -> TCUserData | {error,Reason}
+%%% @spec userdata(TestDir, Suite, GroupOrCase) -> TCUserData | {error,Reason}
 %%%       TestDir = string()
 %%%       Suite = atom()
-%%%       Case = atom()
+%%%       GroupOrCase = {group,GroupName} | atom()
+%%%       GroupName = atom()
 %%%       TCUserData = [term()]
 %%%       Reason = term()
 %%%
 %%% @doc Returns any data specified with the tag <code>userdata</code>
-%%% in the list of tuples returned from <code>Suite:Case/0</code>.
-userdata(TestDir, Suite, Case) ->
+%%% in the list of tuples returned from <code>Suite:group(GroupName)</code>
+%%% or <code>Suite:Case()</code>.
+userdata(TestDir, Suite, {group,GroupName}) ->
+    case make_and_load(TestDir, Suite) of
+	E = {error,_} ->
+	    E;
+	_ ->
+	    Info = (catch apply(Suite, group, [GroupName])),
+	    get_userdata(Info, "group("++atom_to_list(GroupName)++")")
+    end;
+
+userdata(TestDir, Suite, Case) when is_atom(Case) ->
     case make_and_load(TestDir, Suite) of
 	E = {error,_} ->
 	    E;
@@ -867,6 +978,18 @@ timetrap(Time) ->
     test_server:timetrap(Time).
 
 %%%-----------------------------------------------------------------
+%%% @spec get_timetrap_info() -> {Time,Scale}
+%%%       Time = integer() | infinity
+%%%       Scale = true | false
+%%%
+%%% @doc <p>Read info about the timetrap set for the current test case.
+%%%      <c>Scale</c> indicates if Common Test will attempt to automatically
+%%%      compensate timetraps for runtime delays introduced by e.g. tools like
+%%%      cover.</p>
+get_timetrap_info() ->
+    test_server:get_timetrap_info().
+
+%%%-----------------------------------------------------------------
 %%% @spec sleep(Time) -> ok
 %%%       Time = {hours,Hours} | {minutes,Mins} | {seconds,Secs} | Millisecs | infinity
 %%%       Hours = integer()
diff --git a/lib/common_test/src/ct_config.erl b/lib/common_test/src/ct_config.erl
index fc51aea7f3..9277af5bc1 100644
--- a/lib/common_test/src/ct_config.erl
+++ b/lib/common_test/src/ct_config.erl
@@ -1,7 +1,7 @@
 %%--------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/src/ct_config_plain.erl b/lib/common_test/src/ct_config_plain.erl
index 6698332379..237df5c8f3 100644
--- a/lib/common_test/src/ct_config_plain.erl
+++ b/lib/common_test/src/ct_config_plain.erl
@@ -1,7 +1,7 @@
 %%--------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/src/ct_config_xml.erl b/lib/common_test/src/ct_config_xml.erl
index 794174e663..6e0a016161 100644
--- a/lib/common_test/src/ct_config_xml.erl
+++ b/lib/common_test/src/ct_config_xml.erl
@@ -1,7 +1,7 @@
 %%--------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/src/ct_framework.erl b/lib/common_test/src/ct_framework.erl
index 0897675591..c24a7c238b 100644
--- a/lib/common_test/src/ct_framework.erl
+++ b/lib/common_test/src/ct_framework.erl
@@ -36,6 +36,10 @@
 -include("ct_event.hrl").
 -include("ct_util.hrl").
 
+-define(val(Key, List), proplists:get_value(Key, List)). 
+-define(val(Key, List, Def), proplists:get_value(Key, List, Def)).
+-define(rev(L), lists:reverse(L)).
+
 %%%-----------------------------------------------------------------
 %%% @spec init_tc(Mod,Func,Args) -> {ok,NewArgs} | {error,Reason} |
 %%%         {skip,Reason} | {auto_skip,Reason}
@@ -48,6 +52,8 @@
 %%% @doc Test server framework callback, called by the test_server
 %%% when a new test case is started.
 init_tc(Mod,Func,Config) ->
+    %% in case Mod == ct_framework, lookup the suite name
+    Suite = get_suite_name(Mod, Config),
     %% check if previous testcase was interpreted and has left
     %% a "dead" trace window behind - if so, kill it
     case ct_util:get_testdata(interpret) of
@@ -57,34 +63,36 @@ init_tc(Mod,Func,Config) ->
 	_ ->
 	    ok
     end,
-	    
     %% check if we need to add defaults explicitly because
     %% there's no init_per_suite exported from Mod
     {InitFailed,DoInit} =
 	case ct_util:get_testdata(curr_tc) of
-	    {Mod,{suite0_failed,_}=Failure} ->
+	    {Suite,{suite0_failed,_}=Failure} ->
 		{Failure,false};
-	    {Mod,_} ->
+	    {?MODULE,_} ->		    % should not really happen
 		{false,false};
-	    _ when Func == init_per_suite ->
+	    {Suite,_} ->	            % Func is not 1st case in suite
 		{false,false};
-	    _ ->
+	    _ when Func == init_per_suite ->	% defaults will be added anyway
+		{false,false};
+	    _ ->				% first case in suite
 		{false,true}
 	end,
     case InitFailed of
 	false ->
-	    ct_util:set_testdata({curr_tc,{Mod,Func}}),
-	    case ct_util:read_suite_data({seq,Mod,Func}) of
+	    ct_util:set_testdata({curr_tc,{Suite,Func}}),
+	    case ct_util:read_suite_data({seq,Suite,Func}) of
 		undefined ->
 		    init_tc1(Mod,Func,Config,DoInit);
 		Seq when is_atom(Seq) ->
-		    case ct_util:read_suite_data({seq,Mod,Seq}) of
+		    case ct_util:read_suite_data({seq,Suite,Seq}) of
 			[Func|TCs] ->		% this is the 1st case in Seq
 			    %% make sure no cases in this seq are marked as failed
 			    %% from an earlier execution in the same suite
-			    lists:foreach(fun(TC) ->
-						  ct_util:save_suite_data({seq,Mod,TC},Seq)
-					  end, TCs);
+			    lists:foreach(
+			      fun(TC) ->
+				      ct_util:save_suite_data({seq,Suite,TC},Seq)
+			      end, TCs);
 			_ ->
 			    ok
 		    end,
@@ -98,6 +106,17 @@ init_tc(Mod,Func,Config) ->
 	    {skip,InitFailed}
     end.	    
 
+init_tc1(?MODULE,error_in_suite,[Config0],_) when is_list(Config0) ->
+    ct_logs:init_tc(false),
+    ct_event:notify(#event{name=tc_start,
+			   node=node(),
+			   data={?MODULE,error_in_suite}}),
+    case ?val(error, Config0) of
+	undefined ->
+	    {skip,"unknown_error_in_suite"};
+	Reason ->
+	    {skip,Reason}
+    end;
 init_tc1(Mod,Func,[Config0],DoInit) when is_list(Config0) ->
     Config1 = 
 	case ct_util:read_suite_data(last_saved_config) of
@@ -122,35 +141,40 @@ init_tc1(Mod,Func,[Config0],DoInit) when is_list(Config0) ->
 	    %% release all name -> key bindings (once per suite)
 	    ct_config:release_allocated()
     end,
-    TestCaseInfo =
-	case catch apply(Mod,Func,[]) of
-	    Result when is_list(Result) -> Result;
-	    _ -> []
-	end,
+
+    GroupPath = ?val(tc_group_path, Config, []),
+    AllGroups =	[?val(tc_group_properties, Config, []) | GroupPath],
+
     %% clear all config data default values set by previous
     %% testcase info function (these should only survive the
     %% testcase, not the whole suite)
-    ct_config:delete_default_config(testcase),
-    case add_defaults(Mod,Func,TestCaseInfo,DoInit) of
+    FuncSpec = group_or_func(Func,Config0),
+    if is_tuple(FuncSpec) ->			% group
+	    ok;
+       true ->
+	    ct_config:delete_default_config(testcase)
+    end,
+    %% in case Mod == ct_framework, lookup the suite name
+    Suite = get_suite_name(Mod, Config),
+    case add_defaults(Mod,Func,AllGroups,DoInit) of
 	Error = {suite0_failed,_} ->
 	    ct_logs:init_tc(false),
-	    FuncSpec = group_or_func(Func,Config0),
 	    ct_event:notify(#event{name=tc_start,
 				   node=node(),
 				   data={Mod,FuncSpec}}),
-	    ct_util:set_testdata({curr_tc,{Mod,Error}}),
+	    ct_util:set_testdata({curr_tc,{Suite,Error}}),
 	    {error,Error};
 	{SuiteInfo,MergeResult} ->
 	    case MergeResult of
 		{error,Reason} when DoInit == false ->
 		    ct_logs:init_tc(false),
-		    FuncSpec = group_or_func(Func,Config0),
 		    ct_event:notify(#event{name=tc_start,
 					   node=node(),
 					   data={Mod,FuncSpec}}),
 		    {skip,Reason};
 		_ ->
-		    init_tc2(Mod,Func,SuiteInfo,MergeResult,Config,DoInit)
+		    init_tc2(Mod,Func,SuiteInfo,MergeResult,
+			     Config,DoInit)
 	    end
     end;
 init_tc1(_Mod,_Func,Args,_DoInit) ->
@@ -203,8 +227,9 @@ init_tc2(Mod,Func,SuiteInfo,MergeResult,Config,DoInit) ->
     ct_event:notify(#event{name=tc_start,
 			   node=node(),
 			   data={Mod,FuncSpec}}),
-    
-    case catch configure(MergedInfo1,MergedInfo1,SuiteInfo,{Func,DoInit},Config) of
+
+    case catch configure(MergedInfo1,MergedInfo1,SuiteInfo,
+			 {FuncSpec,DoInit},Config) of
 	{suite0_failed,Reason} ->
 	    ct_util:set_testdata({curr_tc,{Mod,{suite0_failed,{require,Reason}}}}),
 	    {skip,{require_failed_in_suite0,Reason}};
@@ -212,7 +237,7 @@ init_tc2(Mod,Func,SuiteInfo,MergeResult,Config,DoInit) ->
 	    {auto_skip,{require_failed,Reason}};
 	{'EXIT',Reason} ->
 	    {auto_skip,Reason};
-	{ok, FinalConfig} ->
+	{ok,FinalConfig} ->
 	    case MergeResult of
 		{error,Reason} ->
 		    %% suite0 configure finished now, report that 
@@ -241,19 +266,20 @@ ct_suite_init(Mod, Func, [Config]) when is_list(Config) ->
 	    Else
     end.
 
-add_defaults(Mod,Func,FuncInfo,DoInit) ->
-    case (catch Mod:suite()) of
+add_defaults(Mod,Func, GroupPath, DoInit) ->
+    Suite = get_suite_name(Mod, GroupPath),
+    case (catch Suite:suite()) of
 	{'EXIT',{undef,_}} ->
-	    SuiteInfo = merge_with_suite_defaults(Mod,[]),
+	    SuiteInfo = merge_with_suite_defaults(Suite,[]),
 	    SuiteInfoNoCTH = [I || I <- SuiteInfo, element(1,I) =/= ct_hooks],
-	    case add_defaults1(Mod,Func,FuncInfo,SuiteInfoNoCTH,DoInit) of
+	    case add_defaults1(Mod,Func, GroupPath, SuiteInfoNoCTH, DoInit) of
 		Error = {error,_} -> {SuiteInfo,Error};
 		MergedInfo -> {SuiteInfo,MergedInfo}
 	    end;
 	{'EXIT',Reason} ->
 	    ErrStr = io_lib:format("~n*** ERROR *** "
 				   "~w:suite/0 failed: ~p~n",
-				   [Mod,Reason]),
+				   [Suite,Reason]),
 	    io:format(ErrStr, []),
 	    io:format(user, ErrStr, []),
 	    {suite0_failed,{exited,Reason}};
@@ -262,18 +288,18 @@ add_defaults(Mod,Func,FuncInfo,DoInit) ->
 			      (_) -> false
 			   end, SuiteInfo) of
 		true ->
-		    SuiteInfo1 = merge_with_suite_defaults(Mod,SuiteInfo),
+		    SuiteInfo1 = merge_with_suite_defaults(Suite, SuiteInfo),
 		    SuiteInfoNoCTH = [I || I <- SuiteInfo1,
 					   element(1,I) =/= ct_hooks],
-		    case add_defaults1(Mod,Func,FuncInfo,
-				       SuiteInfoNoCTH,DoInit) of
+		    case add_defaults1(Mod,Func, GroupPath,
+				       SuiteInfoNoCTH, DoInit) of
 			Error = {error,_} -> {SuiteInfo1,Error};
 			MergedInfo -> {SuiteInfo1,MergedInfo}
 		    end;
 		false ->
 		    ErrStr = io_lib:format("~n*** ERROR *** "
 					   "Invalid return value from "
-					   "~w:suite/0: ~p~n", [Mod,SuiteInfo]),
+					   "~w:suite/0: ~p~n", [Suite,SuiteInfo]),
 		    io:format(ErrStr, []),
 		    io:format(user, ErrStr, []),
 		    {suite0_failed,bad_return_value}
@@ -281,57 +307,178 @@ add_defaults(Mod,Func,FuncInfo,DoInit) ->
 	SuiteInfo ->
 	    ErrStr = io_lib:format("~n*** ERROR *** "
 				   "Invalid return value from "
-				   "~w:suite/0: ~p~n", [Mod,SuiteInfo]),
+				   "~w:suite/0: ~p~n", [Suite,SuiteInfo]),
 	    io:format(ErrStr, []),
 	    io:format(user, ErrStr, []),
 	    {suite0_failed,bad_return_value}
     end.
 
-add_defaults1(_Mod,init_per_suite,[],SuiteInfo,_DoInit) ->
-    SuiteInfo;
-
-add_defaults1(Mod,Func,FuncInfo,SuiteInfo,DoInit) ->
-    %% mustn't re-require suite variables in test case info function,
-    %% can result in weird behaviour (suite values get overwritten)
+add_defaults1(Mod,Func, GroupPath, SuiteInfo, DoInit) ->
+    Suite = get_suite_name(Mod, GroupPath),
+    %% GroupPathInfo (for subgroup on level X) =
+    %%     [LevelXGroupInfo, LevelX-1GroupInfo, ..., TopLevelGroupInfo]
+    GroupPathInfo =  
+	lists:map(fun(GroupProps) ->
+			  Name = ?val(name, GroupProps),
+			  case catch Suite:group(Name) of
+			      GrInfo when is_list(GrInfo) -> GrInfo;
+			      _ -> []
+			  end
+		  end, GroupPath),
+    Args = if Func == init_per_group; Func == ct_init_per_group;
+	      Func == end_per_group; Func == ct_end_per_group ->
+		   [?val(name, hd(GroupPath))];
+	      true ->
+		   []
+	   end,
+    TestCaseInfo =
+	case catch apply(Mod,Func,Args) of
+	    TCInfo when is_list(TCInfo) -> TCInfo;
+	    _ -> []
+	end,
+    %% let test case info (also for all config funcs) override group info,
+    %% and lower level group info override higher level info
+    TCAndGroupInfo = [TestCaseInfo | remove_info_in_prev(TestCaseInfo,
+							 GroupPathInfo)],
+    %% find and save require terms found in suite info
     SuiteReqs = 
 	[SDDef || SDDef <- SuiteInfo,
 		  ((require == element(1,SDDef)) or
 		   (default_config == element(1,SDDef)))],
-    FuncReqs =
-	[FIDef || FIDef <- FuncInfo,
-		  require == element(1,FIDef)],
-    case [element(2,Clash) || Clash <- SuiteReqs,
-			      require == element(1, Clash),
-			      true == lists:keymember(element(2,Clash),2,
-						      FuncReqs)] of
+    case check_for_clashes(TestCaseInfo, GroupPathInfo, SuiteReqs) of
 	[] ->
-	    add_defaults2(Mod,Func,FuncInfo,SuiteInfo,SuiteReqs,DoInit);
+	    add_defaults2(Mod,Func, TCAndGroupInfo,SuiteInfo,SuiteReqs, DoInit);
 	Clashes ->
 	    {error,{config_name_already_in_use,Clashes}}
     end.
 
-add_defaults2(Mod,init_per_suite,IPSInfo,SuiteInfo,SuiteReqs,false) ->
-    %% not common practise to use a test case info function for
-    %% init_per_suite (usually handled by suite/0), but let's support
-    %% it just in case...
-    add_defaults2(Mod,init_per_suite,IPSInfo,SuiteInfo,SuiteReqs,true);
-
-add_defaults2(_Mod,_Func,FuncInfo,SuiteInfo,_,false) ->
-    %% include require elements from test case info, but not from suite/0
-    %% (since we've already required those vars)
-    FuncInfo ++
-	[SFDef || SFDef <- SuiteInfo,
-		  require /= element(1,SFDef),
-		  false == lists:keymember(element(1,SFDef),1,FuncInfo)];
-
-add_defaults2(_Mod,_Func,FuncInfo,SuiteInfo,SuiteReqs,true) ->
-    %% We must include require elements from suite/0 here since
-    %% there's no init_per_suite call before this first test case.
-    %% Let other test case info elements override those from suite/0.
-    FuncInfo ++ SuiteReqs ++
-	[SDDef || SDDef <- SuiteInfo,
-		  require /= element(1,SDDef),
-		  false == lists:keymember(element(1,SDDef),1,FuncInfo)].    
+get_suite_name(?MODULE, [Cfg|_]) when is_list(Cfg), Cfg /= [] ->
+    get_suite_name(?MODULE, Cfg);
+
+get_suite_name(?MODULE, Cfg) when is_list(Cfg), Cfg /= [] ->
+    case ?val(tc_group_properties, Cfg) of
+	undefined ->
+	    case ?val(suite, Cfg) of
+		undefined -> ?MODULE;
+		Suite -> Suite
+	    end;
+	GrProps ->
+	    case ?val(suite, GrProps) of
+		undefined -> ?MODULE;
+		Suite -> Suite
+	    end
+    end;
+get_suite_name(Mod, _) ->
+    Mod.
+
+%% Check that alias names are not already in use
+check_for_clashes(TCInfo, GrPathInfo, SuiteInfo) ->
+    {CurrGrInfo,SearchIn} = case GrPathInfo of
+				[] -> {[],[SuiteInfo]};
+				[Curr|Path] -> {Curr,[SuiteInfo|Path]}
+			    end,
+    ReqNames = fun(Info) -> [element(2,R) || R <- Info,
+					     size(R) == 3,
+					     require == element(1,R)]
+	       end,
+    ExistingNames = lists:flatten([ReqNames(L)  || L <- SearchIn]),
+    CurrGrReqNs = ReqNames(CurrGrInfo),
+    GrClashes = [Name || Name <- CurrGrReqNs,
+			 true == lists:member(Name, ExistingNames)],
+    AllReqNs = CurrGrReqNs ++ ExistingNames,
+    TCClashes = [Name || Name <- ReqNames(TCInfo),
+			 true == lists:member(Name, AllReqNs)],
+    TCClashes ++ GrClashes.
+
+%% Delete the info terms in Terms from all following info lists
+remove_info_in_prev(Terms, [[] | Rest]) ->
+    [[] | remove_info_in_prev(Terms, Rest)];
+remove_info_in_prev(Terms, [Info | Rest]) ->
+    UniqueInInfo = [U || U <- Info,
+			  ((timetrap == element(1,U)) and
+			   (not lists:keymember(timetrap,1,Terms))) or 
+			  ((require == element(1,U)) and
+			   (not lists:member(U,Terms))) or
+			  ((default_config == element(1,U)) and
+                           (not keysmember([default_config,1,
+					    element(2,U),2], Terms)))],
+    OtherTermsInInfo = [T || T <- Info,
+			     timetrap /= element(1,T),
+			     require /= element(1,T),
+			     default_config /= element(1,T),
+			     false == lists:keymember(element(1,T),1,
+						      Terms)],
+    KeptInfo = UniqueInInfo ++ OtherTermsInInfo,
+    [KeptInfo | remove_info_in_prev(Terms ++ KeptInfo, Rest)];
+remove_info_in_prev(_, []) ->
+    [].
+
+keysmember([Key,Pos|Next], List) ->
+    case [Elem || Elem <- List, Key == element(Pos,Elem)] of
+	[]    -> false;
+	Found -> keysmember(Next, Found)
+    end;
+keysmember([], _) -> true.
+
+
+add_defaults2(Mod,init_per_suite, IPSInfo, SuiteInfo,SuiteReqs, false) ->
+    add_defaults2(Mod,init_per_suite, IPSInfo, SuiteInfo,SuiteReqs, true);
+
+add_defaults2(_Mod,IPG, IPGAndGroupInfo, SuiteInfo,SuiteReqs, DoInit) when
+      IPG == init_per_group ; IPG == ct_init_per_group ->
+    %% If DoInit == true, we have to process the suite() list, otherwise
+    %% it has already been handled (see clause for init_per_suite)
+    case DoInit of		
+	true ->
+	    %% note: we know for sure this is a top level group
+	    Info = lists:flatten([IPGAndGroupInfo, SuiteReqs]),
+	    Info ++ remove_info_in_prev(Info, [SuiteInfo]);
+	false ->
+	    SuiteInfo1 =
+		remove_info_in_prev(lists:flatten([IPGAndGroupInfo,
+						   SuiteReqs]), [SuiteInfo]),
+	    %% don't require terms in prev groups (already processed)
+	    case IPGAndGroupInfo of
+		[IPGInfo] ->
+		    lists:flatten([IPGInfo,SuiteInfo1]);
+		[IPGInfo | [CurrGroupInfo | PrevGroupInfo]] ->
+		    PrevGroupInfo1 = delete_require_terms(PrevGroupInfo),
+		    lists:flatten([IPGInfo,CurrGroupInfo,PrevGroupInfo1,
+				   SuiteInfo1])
+	    end
+    end;
+
+add_defaults2(_Mod,_Func, TCAndGroupInfo, SuiteInfo,SuiteReqs, false) ->
+    %% Include require elements from test case info and current group,
+    %% but not from previous groups or suite/0 (since we've already required
+    %% those vars). Let test case info elements override group and suite
+    %% info elements.
+    SuiteInfo1 = remove_info_in_prev(lists:flatten([TCAndGroupInfo,
+						    SuiteReqs]), [SuiteInfo]),
+    %% don't require terms in prev groups (already processed)
+    case TCAndGroupInfo of
+	[TCInfo] ->
+	    lists:flatten([TCInfo,SuiteInfo1]);
+	[TCInfo | [CurrGroupInfo | PrevGroupInfo]] ->
+	    PrevGroupInfo1 = delete_require_terms(PrevGroupInfo),
+	    lists:flatten([TCInfo,CurrGroupInfo,PrevGroupInfo1,
+			   SuiteInfo1])
+    end;
+
+add_defaults2(_Mod,_Func, TCInfo, SuiteInfo,SuiteReqs, true) ->
+    %% Here we have to process the suite info list also (no call to
+    %% init_per_suite before this first test case). This TC can't belong
+    %% to a group, or the clause for (ct_)init_per_group would've caught this.
+    Info = lists:flatten([TCInfo, SuiteReqs]),
+    lists:flatten([Info,remove_info_in_prev(Info, [SuiteInfo])]).
+
+delete_require_terms([Info | Prev]) ->
+    Info1 = [T || T <- Info, 
+		  require /= element(1,T),
+		  default_config /= element(1,T)],
+    [Info1 | delete_require_terms(Prev)];
+delete_require_terms([]) ->
+    [].
 
 merge_with_suite_defaults(Mod,SuiteInfo) ->
     case lists:keysearch(suite_defaults,1,Mod:module_info(attributes)) of
@@ -355,16 +502,17 @@ timetrap_first([Trap = {timetrap,_} | Rest],Info,Found) ->
 timetrap_first([Other | Rest],Info,Found) ->
     timetrap_first(Rest,[Other | Info],Found);
 timetrap_first([],Info,[]) ->
-    [{timetrap,{minutes,30}} | lists:reverse(Info)];
+    [{timetrap,{minutes,30}} | ?rev(Info)];
 timetrap_first([],Info,Found) ->
-    lists:reverse(Found) ++ lists:reverse(Info).
+    ?rev(Found) ++ ?rev(Info).
 
 configure([{require,Required}|Rest],Info,SuiteInfo,Scope,Config) ->
     case ct:require(Required) of
 	ok ->
 	    configure(Rest,Info,SuiteInfo,Scope,Config);
 	Error = {error,Reason} ->
-	    case required_default('_UNDEF',Required,Info,SuiteInfo,Scope) of
+	    case required_default('_UNDEF',Required,Info,
+				  SuiteInfo,Scope) of
 		ok ->
 		    configure(Rest,Info,SuiteInfo,Scope,Config);
 		_ ->
@@ -406,18 +554,24 @@ configure([],_,_,_,Config) ->
     {ok,[Config]}.
 
 %% the require element in Info may come from suite/0 and
-%% should be scoped 'suite', or come from the testcase info
-%% function and should then be scoped 'testcase'
-required_default(Name,Key,Info,SuiteInfo,{Func,true}) ->
+%% should be scoped 'suite', or come from the group info
+%% function and be scoped 'group', or come from the testcase
+%% info function and then be scoped 'testcase'
+
+required_default(Name,Key,Info,SuiteInfo,{FuncSpec,true}) ->
     case try_set_default(Name,Key,SuiteInfo,suite) of
 	ok ->
 	    ok;
 	_ ->
-	    required_default(Name,Key,Info,[],{Func,false})
+	    required_default(Name,Key,Info,[],{FuncSpec,false})
     end;
 required_default(Name,Key,Info,_,{init_per_suite,_}) ->
     try_set_default(Name,Key,Info,suite);
-required_default(Name,Key,Info,_,_) ->
+required_default(Name,Key,Info,_,{{init_per_group,GrName,_},_}) ->
+    try_set_default(Name,Key,Info,{group,GrName});
+required_default(Name,Key,Info,_,{{ct_init_per_group,GrName,_},_}) ->
+    try_set_default(Name,Key,Info,{group,GrName});
+required_default(Name,Key,Info,_,_FuncSpec) ->
     try_set_default(Name,Key,Info,testcase).
 
 try_set_default(Name,Key,Info,Where) ->
@@ -484,7 +638,11 @@ end_tc(Mod,Func,TCPid,Result,Args,Return) ->
     ct_util:delete_suite_data(last_saved_config),
     FuncSpec =
 	case group_or_func(Func,Args) of
-	    {_,GroupName,_Props} = Group ->			       
+	    {_,GroupName,_Props} = Group ->
+		if Func == end_per_group; Func == ct_end_per_group ->
+			ct_config:delete_default_config({group,GroupName});
+		   true -> ok
+		end,
 		case lists:keysearch(save_config,1,Args) of
 		    {value,{save_config,SaveConfig}} ->
 			ct_util:save_suite_data(
@@ -703,12 +861,14 @@ mark_as_failed1(_,_,_,[]) ->
     ok.
 
 group_or_func(Func, Config) when Func == init_per_group; 
-				 Func == end_per_group ->
-    case proplists:get_value(tc_group_properties,Config) of
+				 Func == end_per_group;
+				 Func == ct_init_per_group; 
+				 Func == ct_end_per_group ->
+    case ?val(tc_group_properties, Config) of
 	undefined ->
 	    {Func,unknown,[]};
 	GrProps ->
-	    GrName = proplists:get_value(name,GrProps),
+	    GrName = ?val(name,GrProps),
 	    {Func,GrName,proplists:delete(name,GrProps)}
     end;	  
 group_or_func(Func, _Config) ->
@@ -732,7 +892,7 @@ get_suite(Mod, all) ->
 		    %% (and only) test case so we can report Error properly
 		    [{?MODULE,error_in_suite,[[Error]]}];
 		ConfTests ->
-		    get_all(Mod, ConfTests)
+		    get_all(Mod, ConfTests)		    
 	    end;
 	_ ->
 	    E = "Bad return value from "++atom_to_list(Mod)++":groups/0",
@@ -746,7 +906,7 @@ get_suite(Mod, all) ->
 
 %% group
 get_suite(Mod, Group={conf,Props,_Init,TCs,_End}) ->
-    Name = proplists:get_value(name, Props),
+    Name = ?val(name, Props),
     case catch apply(Mod, groups, []) of
 	{'EXIT',_} ->
 	    [Group];
@@ -764,14 +924,25 @@ get_suite(Mod, Group={conf,Props,_Init,TCs,_End}) ->
 			    %% a *subgroup* specified *only* as skipped (and not
 			    %% as an explicit test) should not be returned, or
 			    %% init/end functions for top groups will be executed
-			    case catch proplists:get_value(name, element(2, hd(ConfTests))) of
+			    case catch ?val(name, element(2, hd(ConfTests))) of
 				Name ->		% top group
 				    delete_subs(ConfTests, ConfTests);
 				_ ->
 				    []
 			    end;
 			false ->
-			    delete_subs(ConfTests, ConfTests)
+			    ConfTests1 = delete_subs(ConfTests, ConfTests),
+			    case ?val(override, Props) of
+				undefined ->
+				    ConfTests1;
+				[] ->
+				    ConfTests1;
+				ORSpec ->
+				    ORSpec1 = if is_tuple(ORSpec) -> [ORSpec];
+						 true -> ORSpec end,
+				    search_and_override(ConfTests1,
+							ORSpec1, Mod)
+			    end							      
 		    end
 	    end;
 	_ ->
@@ -793,13 +964,12 @@ get_all_cases(Suite) ->
 	    {error,Error};
 	Tests ->
 	    Cases = get_all_cases1(Suite, Tests),
-	    lists:reverse(
-	      lists:foldl(fun(TC, TCs) ->
-				  case lists:member(TC, TCs) of
+	    ?rev(lists:foldl(fun(TC, TCs) ->
+				     case lists:member(TC, TCs) of
 				      true  -> TCs;
-				      false -> [TC | TCs]
-				  end
-			  end, [], Cases))
+					 false -> [TC | TCs]
+				     end
+			     end, [], Cases))
     end.
 
 get_all_cases1(Suite, [{conf,_Props,_Init,GrTests,_End} | Tests]) ->
@@ -918,14 +1088,14 @@ delete_subs([], All) ->
     All.
 
 delete_conf({conf,Props,_,_,_}, Confs) ->
-    Name = proplists:get_value(name, Props),
+    Name = ?val(name, Props),
     [Conf || Conf = {conf,Props0,_,_,_} <- Confs,
-	     Name =/= proplists:get_value(name, Props0)].
+	     Name =/= ?val(name, Props0)].
 
 is_sub({conf,Props,_,_,_}=Conf, [{conf,_,_,Tests,_} | Confs]) ->
-    Name = proplists:get_value(name, Props),
+    Name = ?val(name, Props),
     case lists:any(fun({conf,Props0,_,_,_}) ->
-			   case proplists:get_value(name, Props0) of
+			   case ?val(name, Props0) of
 			       N when N == Name ->
 				   true;
 			       _ ->
@@ -1078,29 +1248,116 @@ expand_groups([H | T], ConfTests, Mod) ->
 expand_groups([], _ConfTests, _Mod) ->
     [];
 expand_groups({group,Name}, ConfTests, Mod) ->
-    FindConf = 
-	fun({conf,Props,_,_,_}) ->
-		case proplists:get_value(name, Props) of
-		    Name -> true;
-		    _    -> false
+    expand_groups({group,Name,default,[]}, ConfTests, Mod);
+expand_groups({group,Name,default}, ConfTests, Mod) ->
+    expand_groups({group,Name,default,[]}, ConfTests, Mod);
+expand_groups({group,Name,ORProps}, ConfTests, Mod) when is_list(ORProps) ->
+    expand_groups({group,Name,ORProps,[]}, ConfTests, Mod);
+expand_groups({group,Name,ORProps,SubORSpec}, ConfTests, Mod) ->
+    FindConf =
+	fun(Conf = {conf,Props,Init,Ts,End}) ->
+		case ?val(name, Props) of
+		    Name when ORProps == default ->
+			[Conf];
+		    Name ->
+			[{conf,[{name,Name}|ORProps],Init,Ts,End}];
+		    _    -> 
+			[]
 		end
 	end,					 
-    case lists:filter(FindConf, ConfTests) of
-	[ConfTest|_] ->
-	    expand_groups(ConfTest, ConfTests, Mod);
+    case lists:flatmap(FindConf, ConfTests) of
 	[] ->
-	    E = "Invalid reference to group "++
-		atom_to_list(Name)++" in "++
-		atom_to_list(Mod)++":all/0",
-	    throw({error,list_to_atom(E)})
+	    throw({error,invalid_ref_msg(Name, Mod)});
+	Matching when SubORSpec == [] -> 
+	    Matching;
+	Matching -> 
+	    override_props(Matching, SubORSpec, Name,Mod)
     end;
 expand_groups(SeqOrTC, _ConfTests, _Mod) ->
     SeqOrTC.
 
+%% search deep for the matching conf test and modify it and any 
+%% sub tests according to the override specification
+search_and_override([Conf = {conf,Props,Init,Tests,End}], ORSpec, Mod) ->
+    Name = ?val(name, Props),
+    case lists:keysearch(Name, 1, ORSpec) of
+	{value,{Name,default}} ->
+	    [Conf];
+	{value,{Name,ORProps}} ->
+	    [{conf,[{name,Name}|ORProps],Init,Tests,End}];
+	{value,{Name,default,[]}} ->
+	    [Conf];
+	{value,{Name,default,SubORSpec}} ->
+	    override_props([Conf], SubORSpec, Name,Mod);
+	{value,{Name,ORProps,SubORSpec}} ->
+	    override_props([{conf,[{name,Name}|ORProps],
+			    Init,Tests,End}], SubORSpec, Name,Mod);
+	_ ->
+	    [{conf,Props,Init,search_and_override(Tests,ORSpec,Mod),End}]
+    end.
+
+%% Modify the Tests element according to the override specification
+override_props([{conf,Props,Init,Tests,End} | Confs], SubORSpec, Name,Mod) ->
+    {Subs,SubORSpec1} = override_sub_props(Tests, [], SubORSpec, Mod),
+    [{conf,Props,Init,Subs,End} | override_props(Confs, SubORSpec1, Name,Mod)];
+override_props([], [], _,_) ->
+    [];
+override_props([], SubORSpec, Name,Mod) ->
+    Es = [invalid_ref_msg(Name, element(1,Spec), Mod) || Spec <- SubORSpec],
+    throw({error,Es}).
+
+override_sub_props([], New, ORSpec, _) ->    
+    {?rev(New),ORSpec};
+override_sub_props([T = {conf,Props,Init,Tests,End} | Ts],
+		   New, ORSpec, Mod) ->
+    Name = ?val(name, Props),
+    case lists:keysearch(Name, 1, ORSpec) of
+	{value,Spec} ->				% group found in spec
+	    Props1 =
+		case element(2, Spec) of
+		    default -> Props;
+		    ORProps -> [{name,Name} | ORProps]
+		end,
+	    case catch element(3, Spec) of
+		Undef when Undef == [] ; 'EXIT' == element(1, Undef) ->
+		    override_sub_props(Ts, [{conf,Props1,Init,Tests,End} | New],
+				       lists:keydelete(Name, 1, ORSpec), Mod);
+		SubORSpec when is_list(SubORSpec) ->
+		    case override_sub_props(Tests, [], SubORSpec, Mod) of
+			{Subs,[]} ->
+			    override_sub_props(Ts, [{conf,Props1,Init,
+						     Subs,End} | New],
+					       lists:keydelete(Name, 1, ORSpec),
+					       Mod);
+			{_,NonEmptySpec} ->
+			    Es = [invalid_ref_msg(Name, element(1, GrRef),
+						  Mod) || GrRef <- NonEmptySpec],
+			    throw({error,Es})
+		    end;
+		BadGrSpec ->
+		    throw({error,{invalid_form,BadGrSpec}})
+	    end;
+	_ ->					% not a group in spec
+	    override_sub_props(Ts, [T | New], ORSpec, Mod)
+    end;
+override_sub_props([TC | Ts], New, ORSpec, Mod) ->
+    override_sub_props(Ts, [TC | New], ORSpec, Mod).
+
+invalid_ref_msg(Name, Mod) ->
+    E = "Invalid reference to group "++
+	atom_to_list(Name)++" in "++
+	atom_to_list(Mod)++":all/0",
+    list_to_atom(E).
+
+invalid_ref_msg(Name0, Name1, Mod) ->
+    E = "Invalid reference to group "++
+	atom_to_list(Name1)++" from "++atom_to_list(Name0)++
+	" in "++atom_to_list(Mod)++":all/0",
+    list_to_atom(E).
 
 %%!============================================================
 %%! The support for sequences by means of using sequences/0
-%%! will be removed in OTP R14. The code below is only kept 
+%%! will be removed in OTP R15. The code below is only kept 
 %%! for backwards compatibility. From OTP R13 groups with
 %%! sequence property should be used instead!
 %%!============================================================
@@ -1234,8 +1491,8 @@ report(What,Data) ->
 	loginfo ->
 	    %% logfiles and direcories have been created for a test and the
 	    %% top level test index page needs to be refreshed
-	    TestName = filename:basename(proplists:get_value(topdir, Data), ".logs"),
-	    RunDir = proplists:get_value(rundir, Data),
+	    TestName = filename:basename(?val(topdir, Data), ".logs"),
+	    RunDir = ?val(rundir, Data),
 	    ct_logs:make_all_suites_index({TestName,RunDir}),
 	    ok;
 	tests_start ->
@@ -1274,6 +1531,10 @@ report(What,Data) ->
 	tests_done ->
 	    ok;
 	tc_start ->
+	    %% Data = {{Suite,Func},LogFileName}
+	    ct_event:sync_notify(#event{name=tc_logfile,
+					node=node(),
+					data=Data}),
 	    ok;
 	tc_done ->
 	    {_Suite,Case,Result} = Data,
@@ -1337,11 +1598,24 @@ report(What,Data) ->
 					node=node(),
 					data=Data}),
 	    ct_hooks:on_tc_skip(What, Data),
-	    if Case /= end_per_suite, Case /= end_per_group -> 
+	    if Case /= end_per_suite, 
+	       Case /= end_per_group,
+	       Case /= ct_end_per_group -> 
 		    add_to_stats(auto_skipped);
 	       true -> 
 		    ok
 	    end;
+	framework_error ->
+	    case Data of
+		{{M,F},E} ->
+		    ct_event:sync_notify(#event{name=tc_done,
+						node=node(),
+						data={M,F,{framework_error,E}}});
+		_ ->
+		    ct_event:sync_notify(#event{name=tc_done,
+						node=node(),
+						data=Data})
+	    end;
 	_ ->
 	    ok
     end,
diff --git a/lib/common_test/src/ct_hooks.erl b/lib/common_test/src/ct_hooks.erl
index ffafc582cf..c42adbbdd9 100644
--- a/lib/common_test/src/ct_hooks.erl
+++ b/lib/common_test/src/ct_hooks.erl
@@ -178,8 +178,9 @@ call_generic(#ct_hook_config{ module = Mod, state = State} = Hook,
 call(Fun, Config, Meta) ->
     maybe_lock(),
     Hooks = get_hooks(),
-    Res = call(get_new_hooks(Config, Fun) ++
-		   [{HookId,Fun} || #ct_hook_config{id = HookId} <- Hooks],
+    Calls = get_new_hooks(Config, Fun) ++
+	[{HookId,Fun} || #ct_hook_config{id = HookId} <- Hooks],
+    Res = call(resort(Calls,Hooks,Meta),
 	       remove(?config_name,Config), Meta, Hooks),
     maybe_unlock(),
     Res.
@@ -205,7 +206,7 @@ call([{Hook, call_id, NextFun} | Rest], Config, Meta, Hooks) ->
 		    {Hooks ++ [NewHook],
 		     [{NewId, call_init}, {NewId,NextFun} | Rest]}
 	    end,
-	call(resort(NewRest,NewHooks), Config, Meta, NewHooks)
+	call(resort(NewRest,NewHooks,Meta), Config, Meta, NewHooks)
     catch Error:Reason ->
 	    Trace = erlang:get_stacktrace(),
 	    ct_logs:log("Suite Hook","Failed to start a CTH: ~p:~p",
@@ -221,7 +222,7 @@ call([{HookId, Fun} | Rest], Config, Meta, Hooks) ->
         {NewConf, NewHook} =  Fun(Hook, Config, Meta),
         NewCalls = get_new_hooks(NewConf, Fun),
         NewHooks = lists:keyreplace(HookId, #ct_hook_config.id, Hooks, NewHook),
-        call(resort(NewCalls ++ Rest,NewHooks), %% Resort if call_init changed prio
+        call(resort(NewCalls ++ Rest,NewHooks,Meta), %% Resort if call_init changed prio
 	     remove(?config_name, NewConf), Meta,
              terminate_if_scope_ends(HookId, Meta, NewHooks))
     catch throw:{error_in_cth_call,Reason} ->
@@ -308,6 +309,18 @@ get_hooks() ->
 %% call_id < call_init < ctfirst < Priority 1 < .. < Priority N < ctlast
 %% If Hook Priority is equal, check when it has been installed and
 %% sort on that instead.
+%% If we are doing a cleanup call i.e. {post,pre}_end_per_*, all priorities
+%% are reversed. Probably want to make this sorting algorithm pluginable
+%% as some point...
+resort(Calls,Hooks,[F|_R]) when F == post_end_per_testcase;
+				F == pre_end_per_group;
+				F == post_end_per_group;
+				F == pre_end_per_suite;
+				F == post_end_per_suite ->
+    lists:reverse(resort(Calls,Hooks));
+resort(Calls,Hooks,_Meta) ->
+    resort(Calls,Hooks).
+    
 resort(Calls, Hooks) ->
     lists:sort(
       fun({_,_,_},_) ->
diff --git a/lib/common_test/src/ct_logs.erl b/lib/common_test/src/ct_logs.erl
index d66a31d9a5..19ad7b26d8 100644
--- a/lib/common_test/src/ct_logs.erl
+++ b/lib/common_test/src/ct_logs.erl
@@ -223,7 +223,6 @@ init_tc(RefreshLog) ->
 %%%
 %%% <p>This function is called by ct_framework:end_tc/3</p>
 end_tc(TCPid) ->
-    io:format(xhtml("<br>", "<br />")),
     %% use call here so that the TC process will wait and receive
     %% possible exit signals from ct_logs before end_tc returns ok 
     call({end_tc,TCPid}).
@@ -745,20 +744,19 @@ print_style(Fd,StyleSheet) ->
 		       0 -> string:str(Str,"<STYLE>");
 		       N0 -> N0
 		   end,
-	    case Pos0 of
-		0 -> print_style_error(Fd,StyleSheet,missing_style_tag);
-		_ -> 
-		    Pos1 = case string:str(Str,"</style>") of
-			       0 -> string:str(Str,"</STYLE>");
-			       N1 -> N1
-			   end,
-		    case Pos1 of
-			0 -> 
-			    print_style_error(Fd,StyleSheet,missing_style_end_tag);
-			_ -> 
-			    Style = string:sub_string(Str,Pos0,Pos1+7),
-			    io:format(Fd,"~s\n",[Style])
-		    end
+	    Pos1 = case string:str(Str,"</style>") of
+		       0 -> string:str(Str,"</STYLE>");
+		       N1 -> N1
+		   end,
+	    if (Pos0 == 0) and (Pos1 /= 0) ->
+		    print_style_error(Fd,StyleSheet,missing_style_start_tag);
+	       (Pos0 /= 0) and (Pos1 == 0) ->
+		    print_style_error(Fd,StyleSheet,missing_style_end_tag);
+	       Pos0 /= 0 ->
+		    Style = string:sub_string(Str,Pos0,Pos1+7),
+		    io:format(Fd,"~s\n",[Style]);
+	       Pos0 == 0 ->
+		    io:format(Fd,"<style>~s</style>\n",[Str])
 	    end;
 	{error,Reason} ->
 	    print_style_error(Fd,StyleSheet,Reason)  
diff --git a/lib/common_test/src/ct_make.erl b/lib/common_test/src/ct_make.erl
index 40e9e99f37..8ddb91d355 100644
--- a/lib/common_test/src/ct_make.erl
+++ b/lib/common_test/src/ct_make.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/src/ct_run.erl b/lib/common_test/src/ct_run.erl
index 0a9bb5af67..05b10bca32 100644
--- a/lib/common_test/src/ct_run.erl
+++ b/lib/common_test/src/ct_run.erl
@@ -1660,6 +1660,14 @@ final_tests1([{TestDir,Suite,GrsOrCs}|Tests], Final, Skip, Bad) when
 		     ({skipped,Group,TCs}) ->
 			  [ct_framework:make_conf(TestDir, Suite,
 						  Group, [skipped], TCs)];
+		     ({GrSpec = {Group,_},TCs}) ->
+			  Props = [{override,GrSpec}],
+			  [ct_framework:make_conf(TestDir, Suite,
+						  Group, Props, TCs)];
+		     ({GrSpec = {Group,_,_},TCs}) ->
+			  Props = [{override,GrSpec}],
+			  [ct_framework:make_conf(TestDir, Suite,
+						  Group, Props, TCs)];
 		     ({Group,TCs}) ->
 			  [ct_framework:make_conf(TestDir, Suite,
 						  Group, [], TCs)];
diff --git a/lib/common_test/src/ct_telnet.erl b/lib/common_test/src/ct_telnet.erl
index 71a784870c..f4a551e3ff 100644
--- a/lib/common_test/src/ct_telnet.erl
+++ b/lib/common_test/src/ct_telnet.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2003-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/src/ct_testspec.erl b/lib/common_test/src/ct_testspec.erl
index 317910d5c8..b68cbd3aa1 100644
--- a/lib/common_test/src/ct_testspec.erl
+++ b/lib/common_test/src/ct_testspec.erl
@@ -878,7 +878,11 @@ separate([],_,_,_) ->
 %%              {Suite2,[GrOrCase21,GrOrCase22,...]},...]}
 %% {{Node,Dir},[{Suite1,{skip,Cmt}},
 %%              {Suite2,[{GrOrCase21,{skip,Cmt}},GrOrCase22,...]},...]}
-%% GrOrCase = {GroupName,[Case1,Case2,...]} | Case
+%% GrOrCase = {GroupSpec,[Case1,Case2,...]} | Case
+%% GroupSpec = {GroupName,OverrideProps} |
+%%             {GroupName,OverrideProps,SubGroupSpec}
+%% OverrideProps = Props | default
+%% SubGroupSpec = GroupSpec | []
 
 insert_suites(Node,Dir,[S|Ss],Tests, MergeTests) ->
     Tests1 = insert_cases(Node,Dir,S,all,Tests,MergeTests),
@@ -889,7 +893,7 @@ insert_suites(Node,Dir,S,Tests,MergeTests) ->
     insert_suites(Node,Dir,[S],Tests,MergeTests).
 
 insert_groups(Node,Dir,Suite,Group,Cases,Tests,MergeTests) 
-  when is_atom(Group) ->
+  when is_atom(Group); is_tuple(Group) ->
     insert_groups(Node,Dir,Suite,[Group],Cases,Tests,MergeTests);
 insert_groups(Node,Dir,Suite,Groups,Cases,Tests,false) when
       ((Cases == all) or is_list(Cases)) and is_list(Groups) ->
diff --git a/lib/common_test/test/Makefile b/lib/common_test/test/Makefile
index b7b099069c..284612b8f7 100644
--- a/lib/common_test/test/Makefile
+++ b/lib/common_test/test/Makefile
@@ -30,8 +30,11 @@ MODULES= \
 	ct_userconfig_callback \
 	ct_smoke_test_SUITE \
 	ct_event_handler_SUITE \
+	ct_config_info_SUITE \
 	ct_groups_test_1_SUITE \
 	ct_groups_test_2_SUITE \
+	ct_group_info_SUITE \
+	ct_groups_spec_SUITE \
 	ct_sequence_1_SUITE \
 	ct_repeat_1_SUITE \
 	ct_testspec_1_SUITE \
diff --git a/lib/common_test/test/ct_config_SUITE.erl b/lib/common_test/test/ct_config_SUITE.erl
index 8ce75f582a..18218bee47 100644
--- a/lib/common_test/test/ct_config_SUITE.erl
+++ b/lib/common_test/test/ct_config_SUITE.erl
@@ -228,7 +228,7 @@ expected_events(config_static_SUITE)->
      {?eh,tc_start,{config_static_SUITE,test_config_name_already_in_use2}},
      {?eh,tc_done,
       {config_static_SUITE,test_config_name_already_in_use2,
-       {skipped,{config_name_already_in_use,[x1,alias]}}}},
+       {skipped,{config_name_already_in_use,[alias,x1]}}}},
      {?eh,test_stats,{4,0,{2,0}}},
      {?eh,tc_start,{config_static_SUITE,test_alias_tclocal}},
      {?eh,tc_done,{config_static_SUITE,test_alias_tclocal,ok}},
diff --git a/lib/common_test/test/ct_config_info_SUITE.erl b/lib/common_test/test/ct_config_info_SUITE.erl
new file mode 100644
index 0000000000..40da377ee5
--- /dev/null
+++ b/lib/common_test/test/ct_config_info_SUITE.erl
@@ -0,0 +1,178 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%%-------------------------------------------------------------------
+%%% File: ct_config_info_SUITE
+%%%
+%%% Description: Test how Common Test handles info functions
+%%% for the config functions.
+%%%
+%%%-------------------------------------------------------------------
+-module(ct_config_info_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("common_test/include/ct_event.hrl").
+
+-define(eh, ct_test_support_eh).
+
+%%--------------------------------------------------------------------
+%% TEST SERVER CALLBACK FUNCTIONS
+%%--------------------------------------------------------------------
+
+%%--------------------------------------------------------------------
+%% Description: Since Common Test starts another Test Server
+%% instance, the tests need to be performed on a separate node (or
+%% there will be clashes with logging processes etc).
+%%--------------------------------------------------------------------
+init_per_suite(Config) ->
+    Config1 = ct_test_support:init_per_suite(Config),
+    Config1.
+
+end_per_suite(Config) ->
+    ct_test_support:end_per_suite(Config).
+
+init_per_testcase(TestCase, Config) ->
+    ct_test_support:init_per_testcase(TestCase, Config).
+
+end_per_testcase(TestCase, Config) ->
+    ct_test_support:end_per_testcase(TestCase, Config).
+
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() -> 
+    [
+     config_info
+    ].
+
+%%--------------------------------------------------------------------
+%% TEST CASES
+%%--------------------------------------------------------------------
+
+%%%-----------------------------------------------------------------
+%%% 
+config_info(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "config_info_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},
+			  {label,config_info}], Config),
+    ok = execute(config_info, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% HELP FUNCTIONS
+%%%-----------------------------------------------------------------
+
+setup(Test, Config) ->
+    Opts0 = ct_test_support:get_opts(Config),
+    Level = ?config(trace_level, Config),
+    EvHArgs = [{cbm,ct_test_support},{trace_level,Level}],
+    Opts = Opts0 ++ [{event_handler,{?eh,EvHArgs}}|Test],
+    ERPid = ct_test_support:start_event_receiver(Config),
+    {Opts,ERPid}.
+
+execute(Name, Opts, ERPid, Config) ->
+    ok = ct_test_support:run(Opts, Config),
+    Events = ct_test_support:get_events(ERPid, Config),
+
+    ct_test_support:log_events(Name, 
+			       reformat(Events, ?eh),
+			       ?config(priv_dir, Config),
+			       Opts),
+
+    TestEvents = events_to_check(Name),
+    ct_test_support:verify_events(TestEvents, Events, Config).
+
+reformat(Events, EH) ->
+    ct_test_support:reformat(Events, EH).
+
+%%%-----------------------------------------------------------------
+%%% TEST EVENTS
+%%%-----------------------------------------------------------------
+events_to_check(Test) ->
+    %% 2 tests (ct:run_test + script_start) is default
+    events_to_check(Test, 2).
+
+events_to_check(_, 0) ->
+    [];
+events_to_check(Test, N) ->
+    test_events(Test) ++ events_to_check(Test, N-1).
+
+
+test_events(config_info) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,6}},
+     {?eh,tc_done,{config_info_1_SUITE,init_per_suite,ok}},
+
+     [{?eh,tc_start,{config_info_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{config_info_1_SUITE,
+		    {init_per_group,unknown,[]},
+		    {failed,{timetrap_timeout,350}}}},
+      {?eh,tc_auto_skip,{config_info_1_SUITE,t11,
+	{failed,{config_info_1_SUITE,init_per_group,{timetrap_timeout,350}}}}},
+      {?eh,tc_auto_skip,{config_info_1_SUITE,end_per_group,
+			 {failed,{config_info_1_SUITE,init_per_group,
+				  {timetrap_timeout,350}}}}}],
+
+     [{?eh,tc_start,{config_info_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{config_info_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{config_info_1_SUITE,t21,ok}},
+      {?eh,tc_start,{config_info_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{config_info_1_SUITE,
+		    {end_per_group,unknown,[]},
+		    {failed,{timetrap_timeout,450}}}}],
+     [{?eh,tc_start,{config_info_1_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{config_info_1_SUITE,{init_per_group,g3,[]},ok}},
+      [{?eh,tc_start,{config_info_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{config_info_1_SUITE,
+		     {init_per_group,unknown,[]},
+		     {failed,{timetrap_timeout,400}}}},
+       {?eh,tc_auto_skip,{config_info_1_SUITE,t41,
+	 {failed,{config_info_1_SUITE,init_per_group,
+		  {timetrap_timeout,400}}}}},
+       {?eh,tc_auto_skip,{config_info_1_SUITE,end_per_group,
+	 {failed,{config_info_1_SUITE,init_per_group,
+		  {timetrap_timeout,400}}}}}],
+      {?eh,tc_start,{config_info_1_SUITE,t31}},
+      {?eh,tc_done,{config_info_1_SUITE,t31,
+		    {skipped,{failed,{config_info_1_SUITE,init_per_testcase,
+				      {timetrap_timeout,250}}}}}},
+      {?eh,tc_start,{config_info_1_SUITE,t32}},
+      {?eh,tc_done,{config_info_1_SUITE,t32,
+		    {failed,{config_info_1_SUITE,end_per_testcase,
+			     {timetrap_timeout,250}}}}},
+
+      [{?eh,tc_start,{config_info_1_SUITE,{init_per_group,g5,[]}}},
+       {?eh,tc_done,{config_info_1_SUITE,{init_per_group,g5,[]},ok}},
+       {?eh,tc_done,{config_info_1_SUITE,t51,ok}},
+       {?eh,tc_start,{config_info_1_SUITE,{end_per_group,g5,[]}}},
+       {?eh,tc_done,{config_info_1_SUITE,
+		     {end_per_group,unknown,[]},
+		     {failed,{timetrap_timeout,400}}}}],
+      {?eh,tc_start,{config_info_1_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{config_info_1_SUITE,{end_per_group,g3,[]},ok}}],
+
+     {?eh,tc_start,{config_info_1_SUITE,end_per_suite}},
+     {?eh,tc_done,{config_info_1_SUITE,end_per_suite,
+		   {failed,{timetrap_timeout,300}}}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ].
diff --git a/lib/common_test/test/ct_config_info_SUITE_data/config_info_1_SUITE.erl b/lib/common_test/test/ct_config_info_SUITE_data/config_info_1_SUITE.erl
new file mode 100644
index 0000000000..53a233b7a4
--- /dev/null
+++ b/lib/common_test/test/ct_config_info_SUITE_data/config_info_1_SUITE.erl
@@ -0,0 +1,168 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(config_info_1_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+%%%-----------------------------------------------------------------
+
+suite() ->
+    [{timetrap,500}].
+
+%%%-----------------------------------------------------------------
+
+group(_) ->
+    [{timetrap,250}].
+
+%%%-----------------------------------------------------------------
+
+init_per_suite() ->
+    ct:pal("init_per_suite info called", []),
+    [{timetrap,1000},
+     {require,suite_data},
+     {default_config,suite_data,suite_data_val}].
+
+init_per_suite(Config) ->
+    suite_data_val = ct:get_config(suite_data),
+    ct:sleep(750),
+    Config.
+
+%%%-----------------------------------------------------------------
+
+end_per_suite() ->
+    ct:pal("end_per_suite info called", []),
+    [{timetrap,300},
+     {require,suite_data2},
+     {default_config,suite_data2,suite_data2_val}].
+
+end_per_suite(_Config) ->
+    suite_data2_val = ct:get_config(suite_data2),
+    ct:sleep(500),
+    ok.
+
+%%%-----------------------------------------------------------------
+
+init_per_group(g1) ->
+    ct:pal("init_per_group(g1) info called", []),
+    [{timetrap,350}];
+init_per_group(G) ->
+    ct:pal("init_per_group(~w) info called", [G]),
+    [{timetrap,400}].
+
+init_per_group(g1, _Config) ->
+    ct:sleep(1000);
+init_per_group(g4, _Config) ->
+    ct:sleep(1000);
+init_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = proplists:delete(name, GrProps),
+    ct:comment(io_lib:format("init( ~w ): ~p", [G, GrProps1])),
+    ct:pal("init( ~w ): ~p", [G, GrProps1]),
+    Config.
+
+%%%-----------------------------------------------------------------
+
+end_per_group(g2) ->
+    ct:pal("end_per_group(g2) info called", []),
+    [{timetrap,450}];
+end_per_group(G) ->
+    ct:pal("end_per_group(~w) info called", [G]),
+    [{timetrap,400}].
+
+end_per_group(g2, _Config) ->
+    ct:sleep(1000);
+end_per_group(g5, _Config) ->
+    ct:sleep(1000);
+end_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = proplists:delete(name, GrProps),
+    ct:comment(io_lib:format("end( ~w ): ~p", [G, GrProps1])),
+    ct:pal("end( ~w ): ~p", [G, GrProps1]),
+    ok.
+
+%%%-----------------------------------------------------------------
+init_per_testcase() ->
+    [{timetrap,750}].
+
+init_per_testcase(t1, _Config) ->
+    ct:sleep(1000);
+init_per_testcase(t31, _Config) ->
+    ct:sleep(1000);
+init_per_testcase(_TestCase, Config) ->
+    Config.
+
+%%%-----------------------------------------------------------------
+
+end_per_testcase() ->
+    [{timetrap,600}].
+
+end_per_testcase(t2, _Config) ->
+    ct:sleep(1000);
+end_per_testcase(t32, _Config) ->
+    ct:sleep(1000);
+end_per_testcase(_TestCase, _Config) ->
+    ok.
+
+%%--------------------------------------------------------------------
+%% TEST DECLARATIONS
+%%--------------------------------------------------------------------
+
+groups() ->
+    [
+     {g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[{g4,[],[t41]}, t31, t32, {g5,[],[t51]}]}
+    ].
+
+all() -> 
+    [
+     {group,g1},
+     {group,g2},
+     {group,g3}
+    ].
+
+%%-----------------------------------------------------------------
+%% TEST CASES
+%%-----------------------------------------------------------------
+
+t1(_) ->
+    exit(should_not_execute).
+
+t2(_) ->
+    ok.
+
+t11(_) ->
+    exit(should_not_execute).
+
+t21(_) ->
+    ok.
+
+t31(_) ->
+    exit(should_not_execute).
+
+t32(_) ->
+    ok.
+
+t41(_) ->
+    exit(should_not_execute).
+
+t51(_) ->
+    ok.
diff --git a/lib/common_test/test/ct_error_SUITE.erl b/lib/common_test/test/ct_error_SUITE.erl
index c1a455c6d8..2b3157ff3b 100644
--- a/lib/common_test/test/ct_error_SUITE.erl
+++ b/lib/common_test/test/ct_error_SUITE.erl
@@ -493,7 +493,7 @@ test_events(cfg_error) ->
      {?eh,tc_start,{cfg_error_9_SUITE,tc1}},
      {?eh,tc_done,{cfg_error_9_SUITE,tc1,
 		   {skipped,{failed,{cfg_error_9_SUITE,init_per_testcase,
-				     tc1_should_be_skipped}}}}},
+				     {tc1_should_be_skipped,'_'}}}}}},
      {?eh,test_stats,{9,0,{0,15}}},
      {?eh,tc_start,{cfg_error_9_SUITE,tc2}},
      {?eh,tc_done,{cfg_error_9_SUITE,tc2,
@@ -535,12 +535,7 @@ test_events(cfg_error) ->
      {?eh,tc_start,{cfg_error_9_SUITE,tc13}},
      {?eh,tc_done,{cfg_error_9_SUITE,tc13,
 		   {failed,{cfg_error_9_SUITE,end_per_testcase,
-			    {'EXIT',{{badmatch,undefined},
-				     [{cfg_error_9_SUITE,end_per_testcase,2},
-				      {test_server,my_apply,3},
-				      {test_server,do_end_per_testcase,4},
-				      {test_server,run_test_case_eval1,6},
-				      {test_server,run_test_case_eval,9}]}}}}}},
+			    {'EXIT',{{badmatch,undefined},'_'}}}}}},
      {?eh,test_stats,{12,3,{0,18}}},
      {?eh,tc_start,{cfg_error_9_SUITE,tc14}},
      {?eh,tc_done,
@@ -568,8 +563,8 @@ test_events(cfg_error) ->
      {?eh,tc_start,{cfg_error_11_SUITE,init_per_suite}},
      {?eh,tc_done,{cfg_error_11_SUITE,init_per_suite,ok}},
      {?eh,tc_start,{cfg_error_11_SUITE,tc1}},
-     {?eh,tc_done,{cfg_error_11_SUITE,tc1,
-		   {skipped,{config_name_already_in_use,[dummy0]}}}},
+     {?eh,tc_done, {cfg_error_11_SUITE,tc1,
+		    {skipped,{config_name_already_in_use,[dummy_alias]}}}},
      {?eh,test_stats,{12,6,{1,19}}},
      {?eh,tc_start,{cfg_error_11_SUITE,tc2}},
      {?eh,tc_done,{cfg_error_11_SUITE,tc2,ok}},
@@ -577,7 +572,7 @@ test_events(cfg_error) ->
      {?eh,tc_start,{cfg_error_11_SUITE,end_per_suite}},
      {?eh,tc_done,{cfg_error_11_SUITE,end_per_suite,ok}},
      {?eh,tc_start,{cfg_error_12_SUITE,tc1}},
-     {?eh,tc_done,{cfg_error_12_SUITE,tc1,{failed,{timetrap_timeout,500}}}},
+     {?eh,tc_done,{ct_framework,init_tc,{framework_error,{timetrap,500}}}},
      {?eh,test_stats,{13,7,{1,19}}},
      {?eh,tc_start,{cfg_error_12_SUITE,tc2}},
      {?eh,tc_done,{cfg_error_12_SUITE,tc2,{failed,
@@ -875,10 +870,10 @@ test_events(timetrap_fun) ->
      {?eh,tc_done,
       {timetrap_6_SUITE,init_per_suite,{skipped,{timetrap_error,kaboom}}}},
      {?eh,tc_auto_skip,
-      {timetrap_6_SUITE,tc0,{fw_auto_skip,{timetrap_error,kaboom}}}},
+      {timetrap_6_SUITE,tc0,{timetrap_error,kaboom}}},
      {?eh,test_stats,{0,8,{0,5}}},
      {?eh,tc_auto_skip,
-      {timetrap_6_SUITE,end_per_suite,{fw_auto_skip,{timetrap_error,kaboom}}}},
+      {timetrap_6_SUITE,end_per_suite,{timetrap_error,kaboom}}},
 
      {?eh,tc_done,{timetrap_7_SUITE,init_per_suite,ok}},
      {?eh,tc_start,{timetrap_7_SUITE,tc0}},
diff --git a/lib/common_test/test/ct_error_SUITE_data/error/test/cfg_error_11_SUITE.erl b/lib/common_test/test/ct_error_SUITE_data/error/test/cfg_error_11_SUITE.erl
index ce94533110..879561ebb9 100644
--- a/lib/common_test/test/ct_error_SUITE_data/error/test/cfg_error_11_SUITE.erl
+++ b/lib/common_test/test/ct_error_SUITE_data/error/test/cfg_error_11_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -29,10 +29,7 @@
 suite() ->
     [{timetrap,{seconds,2}},
      {require, dummy0}, {default_config, dummy0, "suite/0"},
-     {require, dummy1}, {default_config, dummy1, "suite/0"},
-     {require, dummy2}, {default_config, dummy2, "suite/0"}].
-
-
+     {require, dummy_alias, dummy1}, {default_config, dummy1, "suite/0"}].
 
 %%--------------------------------------------------------------------
 %% Function: init_per_suite(Config0) ->
@@ -119,16 +116,17 @@ groups() ->
 %% Reason = term()
 %%--------------------------------------------------------------------
 all() ->
-    [tc1, tc2].
+    [tc1,tc2].
 
 tc1() ->
-    [{require, dummy0}, {default_config, dummy0, "tc1"}].
+    [{require, dummy0}, {default_config, dummy0, "tc1"},
+     {require, dummy_alias, dummy2}, {default_config, dummy2, "tc1"}].
 
 tc1(_) ->
     dummy.
 
 tc2() ->
-    [{timetrap,1}].
+    [{timetrap,10}].
 
 tc2(_) ->
     dummy.
diff --git a/lib/common_test/test/ct_group_info_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE.erl
new file mode 100644
index 0000000000..2da8219196
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE.erl
@@ -0,0 +1,859 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%%-------------------------------------------------------------------
+%%% File: ct_group_info_SUITE
+%%%
+%%% Description: 
+%%% Test that the group info function works as expected with regards
+%%% to timetraps and require (and default config values).
+%%%
+%%%-------------------------------------------------------------------
+-module(ct_group_info_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("common_test/include/ct_event.hrl").
+
+-define(eh, ct_test_support_eh).
+
+%%--------------------------------------------------------------------
+%% TEST SERVER CALLBACK FUNCTIONS
+%%--------------------------------------------------------------------
+
+%%--------------------------------------------------------------------
+%% Description: Since Common Test starts another Test Server
+%% instance, the tests need to be performed on a separate node (or
+%% there will be clashes with logging processes etc).
+%%--------------------------------------------------------------------
+init_per_suite(Config) ->
+    Config1 = ct_test_support:init_per_suite(Config),
+    Config1.
+
+end_per_suite(Config) ->
+    ct_test_support:end_per_suite(Config).
+
+init_per_testcase(TestCase, Config) ->
+    ct_test_support:init_per_testcase(TestCase, Config).
+
+end_per_testcase(TestCase, Config) ->
+    ct_test_support:end_per_testcase(TestCase, Config).
+
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() -> 
+    [
+     timetrap_all,
+     timetrap_group,
+     timetrap_group_case,
+     timetrap_all_no_ips,
+     timetrap_all_no_ipg,
+     require,
+     require_default,
+     require_no_ips,
+     require_no_ipg
+    ].
+
+%%--------------------------------------------------------------------
+%% TEST CASES
+%%--------------------------------------------------------------------
+
+%%%-----------------------------------------------------------------
+%%% 
+timetrap_all(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_timetrap_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},
+			  {label,timetrap_all}], Config),
+    ok = execute(timetrap_all, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+timetrap_group(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_timetrap_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},{group,[g1,g3,g7]},
+			  {label,timetrap_group}], Config),
+    ok = execute(timetrap_group, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+timetrap_group_case(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_timetrap_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},{group,g4},{testcase,t41},
+			  {label,timetrap_group_case}], Config),
+    ok = execute(timetrap_group_case, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+timetrap_all_no_ips(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_timetrap_2_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},
+			  {label,timetrap_all_no_ips}], Config),
+    ok = execute(timetrap_all_no_ips, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+timetrap_all_no_ipg(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_timetrap_3_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},
+			  {label,timetrap_all_no_ipg}], Config),
+    ok = execute(timetrap_all_no_ipg, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+require(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_require_1_SUITE"),
+    CfgFile = filename:join(DataDir, "vars.cfg"),
+    {Opts,ERPid} = setup([{suite,Suite},{config,CfgFile},
+			  {label,require}], Config),
+    ok = execute(require, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+require_default(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_require_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},
+			  {label,require_default}], Config),
+    ok = execute(require_default, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+require_no_ips(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_require_2_SUITE"),
+    CfgFile = filename:join(DataDir, "vars.cfg"),
+    {Opts,ERPid} = setup([{suite,Suite},{config,CfgFile},
+			  {label,require_no_ips}], Config),
+    ok = execute(require_no_ips, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+require_no_ipg(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "group_require_3_SUITE"),
+    CfgFile = filename:join(DataDir, "vars.cfg"),
+    {Opts,ERPid} = setup([{suite,Suite},{config,CfgFile},
+			  {label,require_no_ipg}], Config),
+    ok = execute(require_no_ipg, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% HELP FUNCTIONS
+%%%-----------------------------------------------------------------
+
+setup(Test, Config) ->
+    Opts0 = ct_test_support:get_opts(Config),
+    Level = ?config(trace_level, Config),
+    EvHArgs = [{cbm,ct_test_support},{trace_level,Level}],
+    Opts = Opts0 ++ [{event_handler,{?eh,EvHArgs}}|Test],
+    ERPid = ct_test_support:start_event_receiver(Config),
+    {Opts,ERPid}.
+
+execute(Name, Opts, ERPid, Config) ->
+    ok = ct_test_support:run(Opts, Config),
+    Events = ct_test_support:get_events(ERPid, Config),
+
+    ct_test_support:log_events(Name, 
+			       reformat(Events, ?eh),
+			       ?config(priv_dir, Config),
+			       Opts),
+
+    TestEvents = events_to_check(Name),
+    ct_test_support:verify_events(TestEvents, Events, Config).
+
+reformat(Events, EH) ->
+    ct_test_support:reformat(Events, EH).
+
+%%%-----------------------------------------------------------------
+%%% TEST EVENTS
+%%%-----------------------------------------------------------------
+events_to_check(Test) ->
+    %% 2 tests (ct:run_test + script_start) is default
+    events_to_check(Test, 2).
+
+events_to_check(_, 0) ->
+    [];
+events_to_check(Test, N) ->
+    test_events(Test) ++ events_to_check(Test, N-1).
+
+
+test_events(timetrap_all) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,14}},
+     {?eh,tc_done,{group_timetrap_1_SUITE,init_per_suite,ok}},
+
+     {?eh,tc_done,{group_timetrap_1_SUITE,t1,{failed,{timetrap_timeout,1000}}}},
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,t11,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,t21,{failed,{timetrap_timeout,1500}}}},
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g2,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_1_SUITE,t2,{failed,{timetrap_timeout,1000}}}},
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g3,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g4,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t41,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g4,[]},ok}}],
+      {?eh,tc_done,{group_timetrap_1_SUITE,t31,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g5,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g5,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t51,{failed,{timetrap_timeout,1500}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g5,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g5,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g3,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_1_SUITE,t3,{failed,{timetrap_timeout,250}}}},
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g6,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g6,[]},ok}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,t61,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g6,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g6,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g7,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g7,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g8,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g8,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t81,{failed,{timetrap_timeout,750}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g8,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g8,[]},ok}}],
+      {?eh,tc_done,{group_timetrap_1_SUITE,t71,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g9,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g9,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t91,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g9,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g9,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g7,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g7,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g10,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g10,[]},ok}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,t101,{failed,{timetrap_timeout,1000}}}},
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g10,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g10,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g11,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g11,[]},ok}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,t111,{failed,{timetrap_timeout,1000}}}},
+      {?eh,test_stats,{0,14,{0,0}}},
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g11,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g11,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(timetrap_group) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,7}},
+     {?eh,tc_done,{group_timetrap_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,t11,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g3,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g4,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t41,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g4,[]},ok}}],
+      {?eh,tc_done,{group_timetrap_1_SUITE,t31,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g5,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g5,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t51,{failed,{timetrap_timeout,1500}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g5,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g5,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g3,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g7,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g7,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g8,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g8,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t81,{failed,{timetrap_timeout,750}}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g8,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g8,[]},ok}}],
+      {?eh,tc_done,{group_timetrap_1_SUITE,t71,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g9,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g9,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t91,{failed,{timetrap_timeout,250}}}},
+       {?eh,test_stats,{0,7,{0,0}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g9,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g9,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g7,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g7,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(timetrap_group_case) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,1}},
+     {?eh,tc_done,{group_timetrap_1_SUITE,init_per_suite,ok}},
+
+     [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g3,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{init_per_group,g4,[]},ok}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,t41,{failed,{timetrap_timeout,250}}}},
+       {?eh,test_stats,{0,1,{0,0}}},
+       {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g4,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_1_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_1_SUITE,{end_per_group,g3,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(timetrap_all_no_ips) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,14}},
+
+     {?eh,tc_done,{group_timetrap_2_SUITE,t1,{failed,{timetrap_timeout,1000}}}},
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,t11,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,t21,{failed,{timetrap_timeout,1500}}}},
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g2,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_2_SUITE,t2,{failed,{timetrap_timeout,1000}}}},
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g3,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g4,[]},ok}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,t41,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g4,[]},ok}}],
+      {?eh,tc_done,{group_timetrap_2_SUITE,t31,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g5,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g5,[]},ok}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,t51,{failed,{timetrap_timeout,1500}}}},
+       {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g5,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g5,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g3,[]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_2_SUITE,t3,{failed,{timetrap_timeout,250}}}},
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g6,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g6,[]},ok}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,t61,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g6,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g6,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g7,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g7,[]},ok}},
+      [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g8,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g8,[]},ok}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,t81,{failed,{timetrap_timeout,750}}}},
+       {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g8,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g8,[]},ok}}],
+      {?eh,tc_done,{group_timetrap_2_SUITE,t71,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g9,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g9,[]},ok}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,t91,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g9,[]}}},
+       {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g9,[]},ok}}],
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g7,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g7,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g10,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g10,[]},ok}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,t101,{failed,{timetrap_timeout,1000}}}},
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g10,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g10,[]},ok}}],
+
+     [{?eh,tc_start,{group_timetrap_2_SUITE,{init_per_group,g11,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{init_per_group,g11,[]},ok}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,t111,{failed,{timetrap_timeout,1000}}}},
+      {?eh,test_stats,{0,14,{0,0}}},
+      {?eh,tc_start,{group_timetrap_2_SUITE,{end_per_group,g11,[]}}},
+      {?eh,tc_done,{group_timetrap_2_SUITE,{end_per_group,g11,[]},ok}}],
+
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(timetrap_all_no_ipg) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,14}},
+
+     {?eh,tc_done,{group_timetrap_3_SUITE,t1,{failed,{timetrap_timeout,1000}}}},
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g1,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g1,[{suite,group_timetrap_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_timetrap_3_SUITE,t11,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g1,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g1,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g2,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g2,[{suite,group_timetrap_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_timetrap_3_SUITE,t21,{failed,{timetrap_timeout,1500}}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g2,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g2,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_3_SUITE,t2,{failed,{timetrap_timeout,1000}}}},
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g3,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g3,[{suite,group_timetrap_3_SUITE}]},ok}},
+      [{?eh,tc_start,{ct_framework,{ct_init_per_group,g4,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_init_per_group,g4,[{suite,group_timetrap_3_SUITE}]},ok}},
+       {?eh,tc_done,{group_timetrap_3_SUITE,t41,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{ct_framework,{ct_end_per_group,g4,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_end_per_group,g4,[{suite,group_timetrap_3_SUITE}]},ok}}],
+      {?eh,tc_done,{group_timetrap_3_SUITE,t31,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{ct_framework,{ct_init_per_group,g5,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_init_per_group,g5,[{suite,group_timetrap_3_SUITE}]},ok}},
+       {?eh,tc_done,{group_timetrap_3_SUITE,t51,{failed,{timetrap_timeout,1500}}}},
+       {?eh,tc_start,{ct_framework,{ct_end_per_group,g5,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_end_per_group,g5,[{suite,group_timetrap_3_SUITE}]},ok}}],
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g3,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g3,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     {?eh,tc_done,{group_timetrap_3_SUITE,t3,{failed,{timetrap_timeout,250}}}},
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g6,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g6,[{suite,group_timetrap_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_timetrap_3_SUITE,t61,{failed,{timetrap_timeout,500}}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g6,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g6,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g7,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g7,[{suite,group_timetrap_3_SUITE}]},ok}},
+      [{?eh,tc_start,{ct_framework,{ct_init_per_group,g8,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_init_per_group,g8,[{suite,group_timetrap_3_SUITE}]},ok}},
+       {?eh,tc_done,{group_timetrap_3_SUITE,t81,{failed,{timetrap_timeout,750}}}},
+       {?eh,tc_start,{ct_framework,{ct_end_per_group,g8,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_end_per_group,g8,[{suite,group_timetrap_3_SUITE}]},ok}}],
+      {?eh,tc_done,{group_timetrap_3_SUITE,t71,{failed,{timetrap_timeout,500}}}},
+      [{?eh,tc_start,{ct_framework,{ct_init_per_group,g9,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_init_per_group,g9,[{suite,group_timetrap_3_SUITE}]},ok}},
+       {?eh,tc_done,{group_timetrap_3_SUITE,t91,{failed,{timetrap_timeout,250}}}},
+       {?eh,tc_start,{ct_framework,{ct_end_per_group,g9,[{suite,group_timetrap_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_end_per_group,g9,[{suite,group_timetrap_3_SUITE}]},ok}}],
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g7,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g7,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g10,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g10,[{suite,group_timetrap_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_timetrap_3_SUITE,t101,{failed,{timetrap_timeout,1000}}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g10,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g10,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g11,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g11,[{suite,group_timetrap_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_timetrap_3_SUITE,t111,{failed,{timetrap_timeout,1000}}}},
+      {?eh,test_stats,{0,14,{0,0}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g11,[{suite,group_timetrap_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g11,[{suite,group_timetrap_3_SUITE}]},ok}}],
+
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(require) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,13}},
+     {?eh,tc_done,{group_require_1_SUITE,init_per_suite,ok}},
+     {?eh,tc_done,{group_require_1_SUITE,t1,ok}},
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t11,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t21,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g2,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g3,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t31,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g3,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g4,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g4,[]},
+	{skipped,{require_failed,{name_in_use,common2_alias,common2}}}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,t41,
+			  {require_failed,{name_in_use,common2_alias,common2}}}},
+      {?eh,test_stats,{4,0,{0,1}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,end_per_group,
+	{require_failed,{name_in_use,common2_alias,common2}}}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g5,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g5,[]},ok}},
+      [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g6,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g6,[]},ok}},
+       {?eh,tc_done,{group_require_1_SUITE,t61,ok}},
+       {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g6,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g6,[]},ok}}],
+      {?eh,tc_done,{group_require_1_SUITE,t51,ok}},
+      [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g7,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g7,[]},ok}},
+       {?eh,tc_done,{group_require_1_SUITE,t71,ok}},
+       {?eh,tc_done,{group_require_1_SUITE,t72,ok}},
+       {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g7,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g7,[]},ok}}],
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g5,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g5,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g8,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,
+		    {init_per_group,g8,[]},
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,t81,
+			 {require_failed,{not_available,non_existing}}}},
+      {?eh,test_stats,{8,0,{0,2}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,end_per_group,
+			 {require_failed,{not_available,non_existing}}}}],
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g9,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g9,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t91,
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,test_stats,{8,0,{0,3}}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g9,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g9,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g10,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g10,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t101,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g10,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g10,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g11,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g11,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t111,ok}},
+      {?eh,test_stats,{10,0,{0,3}}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g11,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g11,[]},ok}}],
+
+     {?eh,tc_done,{group_require_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(require_default) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,13}},
+     {?eh,tc_done,{group_require_1_SUITE,init_per_suite,ok}},
+     {?eh,tc_done,{group_require_1_SUITE,t1,ok}},
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t11,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t21,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g2,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g3,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t31,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g3,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g4,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,
+		    {init_per_group,g4,[]},
+		    {skipped,{require_failed,{not_available,common3}}}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,t41,
+			 {require_failed,{not_available,common3}}}},
+      {?eh,test_stats,{4,0,{0,1}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,end_per_group,
+			 {require_failed,{not_available,common3}}}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g5,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g5,[]},ok}},
+      [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g6,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g6,[]},ok}},
+       {?eh,tc_done,{group_require_1_SUITE,t61,ok}},
+       {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g6,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g6,[]},ok}}],
+      {?eh,tc_done,{group_require_1_SUITE,t51,ok}},
+      [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g7,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g7,[]},ok}},
+       {?eh,tc_done,{group_require_1_SUITE,t71,ok}},
+       {?eh,tc_done,{group_require_1_SUITE,t72,ok}},
+       {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g7,[]}}},
+       {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g7,[]},ok}}],
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g5,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g5,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g8,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,
+		    {init_per_group,g8,[]},
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,t81,
+			 {require_failed,{not_available,non_existing}}}},
+      {?eh,test_stats,{8,0,{0,2}}},
+      {?eh,tc_auto_skip,{group_require_1_SUITE,end_per_group,
+			 {require_failed,{not_available,non_existing}}}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g9,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g9,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t91,
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,test_stats,{8,0,{0,3}}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g9,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g9,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g10,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g10,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t101,ok}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g10,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g10,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_1_SUITE,{init_per_group,g11,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{init_per_group,g11,[]},ok}},
+      {?eh,tc_done,{group_require_1_SUITE,t111,ok}},
+      {?eh,test_stats,{10,0,{0,3}}},
+      {?eh,tc_start,{group_require_1_SUITE,{end_per_group,g11,[]}}},
+      {?eh,tc_done,{group_require_1_SUITE,{end_per_group,g11,[]},ok}}],
+
+     {?eh,tc_done,{group_require_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(require_no_ips) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,13}},
+     {?eh,tc_done,{group_require_2_SUITE,t1,ok}},
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{group_require_2_SUITE,t11,ok}},
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{group_require_2_SUITE,t21,ok}},
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g2,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g3,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g3,[]},ok}},
+      {?eh,tc_done,{group_require_2_SUITE,t31,ok}},
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g3,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g3,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g4,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g4,[]},
+	{skipped,{require_failed,{name_in_use,common2_alias,common2}}}}},
+      {?eh,tc_auto_skip,{group_require_2_SUITE,t41,
+			  {require_failed,{name_in_use,common2_alias,common2}}}},
+      {?eh,test_stats,{4,0,{0,1}}},
+      {?eh,tc_auto_skip,{group_require_2_SUITE,end_per_group,
+			 {require_failed,{name_in_use,common2_alias,common2}}}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g5,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g5,[]},ok}},
+      [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g6,[]}}},
+       {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g6,[]},ok}},
+       {?eh,tc_done,{group_require_2_SUITE,t61,ok}},
+       {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g6,[]}}},
+       {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g6,[]},ok}}],
+      {?eh,tc_done,{group_require_2_SUITE,t51,ok}},
+      [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g7,[]}}},
+       {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g7,[]},ok}},
+       {?eh,tc_done,{group_require_2_SUITE,t71,ok}},
+       {?eh,tc_done,{group_require_2_SUITE,t72,ok}},
+       {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g7,[]}}},
+       {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g7,[]},ok}}],
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g5,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g5,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g8,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,
+		    {init_per_group,g8,[]},
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,tc_auto_skip,{group_require_2_SUITE,t81,
+			 {require_failed,{not_available,non_existing}}}},
+      {?eh,test_stats,{8,0,{0,2}}},
+      {?eh,tc_auto_skip,{group_require_2_SUITE,end_per_group,
+			 {require_failed,{not_available,non_existing}}}}],
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g9,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g9,[]},ok}},
+      {?eh,tc_done,{group_require_2_SUITE,t91,
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,test_stats,{8,0,{0,3}}},
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g9,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g9,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g10,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g10,[]},ok}},
+      {?eh,tc_done,{group_require_2_SUITE,t101,ok}},
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g10,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g10,[]},ok}}],
+
+     [{?eh,tc_start,{group_require_2_SUITE,{init_per_group,g11,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{init_per_group,g11,[]},ok}},
+      {?eh,tc_done,{group_require_2_SUITE,t111,ok}},
+      {?eh,test_stats,{10,0,{0,3}}},
+      {?eh,tc_start,{group_require_2_SUITE,{end_per_group,g11,[]}}},
+      {?eh,tc_done,{group_require_2_SUITE,{end_per_group,g11,[]},ok}}],
+
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(require_no_ipg) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
+     {?eh,start_info,{1,1,13}},
+     {?eh,tc_done,{group_require_3_SUITE,t1,ok}},
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g1,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g1,[{suite,group_require_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_require_3_SUITE,t11,ok}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g1,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g1,[{suite,group_require_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g2,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g2,[{suite,group_require_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_require_3_SUITE,t21,ok}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g2,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g2,[{suite,group_require_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g3,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g3,[{suite,group_require_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_require_3_SUITE,t31,ok}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g3,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g3,[{suite,group_require_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g4,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g4,[{suite,group_require_3_SUITE}]},
+	{skipped,{require_failed,{name_in_use,common2_alias,common2}}}}},
+      {?eh,tc_auto_skip,{group_require_3_SUITE,t41,
+			 {require_failed,{name_in_use,common2_alias,common2}}}},
+      {?eh,test_stats,{4,0,{0,1}}},
+      {?eh,tc_auto_skip,{ct_framework,ct_end_per_group,
+			 {require_failed,{name_in_use,common2_alias,common2}}}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g5,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g5,[{suite,group_require_3_SUITE}]},ok}},
+      [{?eh,tc_start,{ct_framework,{ct_init_per_group,g6,[{suite,group_require_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_init_per_group,g6,[{suite,group_require_3_SUITE}]},ok}},
+       {?eh,tc_done,{group_require_3_SUITE,t61,ok}},
+       {?eh,tc_start,{ct_framework,{ct_end_per_group,g6,[{suite,group_require_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_end_per_group,g6,[{suite,group_require_3_SUITE}]},ok}}],
+      {?eh,tc_done,{group_require_3_SUITE,t51,ok}},
+      [{?eh,tc_start,{ct_framework,{ct_init_per_group,g7,[{suite,group_require_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_init_per_group,g7,[{suite,group_require_3_SUITE}]},ok}},
+       {?eh,tc_done,{group_require_3_SUITE,t71,ok}},
+       {?eh,tc_done,{group_require_3_SUITE,t72,ok}},
+       {?eh,tc_start,{ct_framework,{ct_end_per_group,g7,[{suite,group_require_3_SUITE}]}}},
+       {?eh,tc_done,{ct_framework,{ct_end_per_group,g7,[{suite,group_require_3_SUITE}]},ok}}],
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g5,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g5,[{suite,group_require_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g8,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g8,[{suite,group_require_3_SUITE}]},
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,tc_auto_skip,{group_require_3_SUITE,t81,
+			 {require_failed,{not_available,non_existing}}}},
+      {?eh,test_stats,{8,0,{0,2}}},
+      {?eh,tc_auto_skip,{ct_framework,ct_end_per_group,
+			 {require_failed,{not_available,non_existing}}}}],
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g9,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g9,[{suite,group_require_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_require_3_SUITE,t91,
+		    {skipped,{require_failed,{not_available,non_existing}}}}},
+      {?eh,test_stats,{8,0,{0,3}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g9,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g9,[{suite,group_require_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g10,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g10,[{suite,group_require_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_require_3_SUITE,t101,ok}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g10,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g10,[{suite,group_require_3_SUITE}]},ok}}],
+
+     [{?eh,tc_start,{ct_framework,{ct_init_per_group,g11,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_init_per_group,g11,[{suite,group_require_3_SUITE}]},ok}},
+      {?eh,tc_done,{group_require_3_SUITE,t111,ok}},
+      {?eh,test_stats,{10,0,{0,3}}},
+      {?eh,tc_start,{ct_framework,{ct_end_per_group,g11,[{suite,group_require_3_SUITE}]}}},
+      {?eh,tc_done,{ct_framework,{ct_end_per_group,g11,[{suite,group_require_3_SUITE}]},ok}}],
+
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ].
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/group_require_1_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE_data/group_require_1_SUITE.erl
new file mode 100644
index 0000000000..16df897752
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/group_require_1_SUITE.erl
@@ -0,0 +1,259 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(group_require_1_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+
+%%%-----------------------------------------------------------------
+%%% CONFIG FUNCS
+%%%-----------------------------------------------------------------
+
+init_per_suite(Config) ->
+    ct:comment(io_lib:format("init( ~w ): ~p", [?MODULE, suite()])),
+    Config.
+
+end_per_suite(_Config) ->
+    ok.
+
+init_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    Info = case catch group(G) of {'EXIT',_} -> []; I -> I end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [G, Info])),
+    if Info /= [] -> verify_cfg(G); true -> ok end,
+    Config.
+
+end_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    Info = case catch group(G) of {'EXIT',_} -> []; I -> I end,
+    ct:comment(io_lib:format("end( ~w )", [G])),
+    if Info /= [] -> verify_cfg(G); true -> ok end,
+    ok.
+
+init_per_testcase(t101, Config) ->
+    Config;
+init_per_testcase(t111, Config) ->
+    Config;
+init_per_testcase(TestCase, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = if GrProps == undefined  -> []; true -> GrProps end,
+    verify_cfg(proplists:get_value(name, GrProps1)),
+    if TestCase == t72 -> verify_cfg(TestCase); true -> ok end,
+    Info = case catch apply(?MODULE,TestCase,[]) of 
+	       {'EXIT',_} -> [];
+	       I -> I
+	   end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [TestCase, Info])),    
+    Config.
+
+end_per_testcase(t101, Config) ->
+    ok;
+end_per_testcase(t111, Config) ->
+    ok;
+end_per_testcase(TestCase, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = if GrProps == undefined  -> []; true -> GrProps end,
+    verify_cfg(proplists:get_value(name, GrProps1)),
+    if TestCase == t72 -> verify_cfg(TestCase); true -> ok end,
+    ok.
+
+verify_cfg(undefined) ->
+    ok;
+verify_cfg(Name) ->
+    Key = list_to_atom(atom_to_list(Name) ++ "_cfg"),
+    Alias = list_to_atom(atom_to_list(Name) ++ "_cfg_alias"),
+    Val = list_to_atom(atom_to_list(Name) ++ "_cfg_val"),
+    ct:pal("Reading ~p & ~p. Expecting ~p.", [Key,Alias,Val]),
+    Val = ct:get_config(Key),
+    Val = ct:get_config(Alias),
+    suite_cfg_val = ct:get_config(suite_cfg),
+    suite_cfg_val = ct:get_config(suite_cfg_alias).
+    
+    
+
+%%%------------------------------------------------------------------
+%%% TEST DECLARATIONS
+%%%------------------------------------------------------------------
+
+groups() ->
+    [{g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[t31]},
+     {g4,[],[t41]},
+
+     {g5,[],[{group,g6},t51,{group,g7}]},
+
+       {g6,[],[t61]},
+       {g7,[],[t71,t72]},
+
+     {g8,[],[t81]},
+     {g9,[],[t91]},
+     {g10,[],[t101]},
+     {g11,[],[t111]}
+    ].
+     
+
+all() -> 
+    [t1,
+     {group,g1},
+     {group,g2},
+     {group,g3},
+     {group,g4},
+     {group,g5},
+     {group,g8},
+     {group,g9},
+     {group,g10},
+     {group,g11}
+    ].
+
+%%%-----------------------------------------------------------------
+%%% INFO FUNCS
+%%%-----------------------------------------------------------------
+
+suite() -> [{require,suite_cfg},
+	    {require,suite_cfg_alias,suite_cfg},
+	    {require,common1},
+	    {default_config,suite_cfg,suite_cfg_val},
+	    {default_config,common1,common1_val}].
+
+group(g1) -> [{require,g1_cfg},
+	      {require,g1_cfg_alias,g1_cfg},
+	      {default_config,g1_cfg,g1_cfg_val}];
+
+group(g2) -> [{require,g2_cfg},
+	      {require,g2_cfg_alias,g2_cfg},
+	      {require,common1},
+	      {require,common2},
+	      {default_config,g2_cfg,g2_cfg_val},
+	      {default_config,common1,common1_val},
+	      {default_config,common2,common2_val}];
+
+group(g3) -> [{require,g3_cfg},
+	      {require,g3_cfg_alias,g3_cfg},
+	      {require,common2},
+	      {require,common2_alias,common2},
+	      {default_config,g3_cfg,g3_cfg_val},
+	      {default_config,common2,common2_val}];
+
+group(g4) -> [{require,g4_cfg},
+	      {require,g4_cfg_alias,g4_cfg},
+	      {require,common2_alias,common3},
+	      {default_config,g4_cfg,g4_cfg_val}];
+
+group(g5) -> [{require,g5_cfg},
+	      {require,g5_cfg_alias,g5_cfg},
+	      {default_config,g5_cfg,g5_cfg_val}];
+
+group(g6) -> [{require,g6_cfg},
+	      {require,g6_cfg_alias,g6_cfg},
+	      {default_config,g6_cfg,g6_cfg_val}];
+
+group(g7) -> [{require,g7_cfg},
+	      {require,g7_cfg_alias,g7_cfg},
+	      {default_config,g7_cfg,g7_cfg_val}];
+
+group(g8) -> [{require,non_existing}];
+
+group(g9) -> [{require,g9_cfg},
+	      {require,g9_cfg_alias,g9_cfg},
+	      {default_config,g9_cfg,g9_cfg_val}];
+
+group(G) when G /= g11 -> [].
+
+t72() -> [{require,t72_cfg},
+	  {require,t72_cfg_alias,t72_cfg},
+	  {default_config,t72_cfg,t72_cfg_val}].
+
+t91() -> [{require,non_existing}].
+    
+
+%%%------------------------------------------------------------------
+%%% TEST CASES
+%%%------------------------------------------------------------------
+
+t1(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+t11(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    suite_cfg_val = ct:get_config(suite_cfg_alias),
+    g1_cfg_val = ct:get_config(g1_cfg),
+    g1_cfg_val = ct:get_config(g1_cfg_alias).
+
+t21(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g2_cfg_val = ct:get_config(g2_cfg),
+    g2_cfg_val = ct:get_config(g2_cfg_alias),
+    common1_val = ct:get_config(common1),
+    common2_val = ct:get_config(common2).
+
+t31(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g3_cfg_val = ct:get_config(g3_cfg),
+    g3_cfg_val = ct:get_config(g3_cfg_alias),
+    common2_val = ct:get_config(common2),
+    common2_val = ct:get_config(common2_alias).
+
+t41(_) ->
+    exit(should_be_skipped).
+
+t51(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias).
+
+t61(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g6_cfg_val = ct:get_config(g6_cfg),
+    g6_cfg_val = ct:get_config(g6_cfg_alias).
+
+t71(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g7_cfg_val = ct:get_config(g7_cfg),
+    g7_cfg_val = ct:get_config(g7_cfg_alias).
+
+t72(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g7_cfg_val = ct:get_config(g7_cfg),
+    g7_cfg_val = ct:get_config(g7_cfg_alias),
+    t72_cfg_val = ct:get_config(t72_cfg).
+
+t81(_) ->
+    exit(should_be_skipped).
+
+t91(_) ->
+    exit(should_be_skipped).
+
+t101(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+t111(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/group_require_2_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE_data/group_require_2_SUITE.erl
new file mode 100644
index 0000000000..adb53ff564
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/group_require_2_SUITE.erl
@@ -0,0 +1,252 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(group_require_2_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+
+%%%-----------------------------------------------------------------
+%%% CONFIG FUNCS
+%%%-----------------------------------------------------------------
+
+init_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    Info = case catch group(G) of {'EXIT',_} -> []; I -> I end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [G, Info])),
+    if Info /= [] -> verify_cfg(G); true -> ok end,
+    Config.
+
+end_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    Info = case catch group(G) of {'EXIT',_} -> []; I -> I end,
+    ct:comment(io_lib:format("end( ~w )", [G])),
+    if Info /= [] -> verify_cfg(G); true -> ok end,
+    ok.
+
+init_per_testcase(t101, Config) ->
+    Config;
+init_per_testcase(t111, Config) ->
+    Config;
+init_per_testcase(TestCase, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = if GrProps == undefined  -> []; true -> GrProps end,
+    verify_cfg(proplists:get_value(name, GrProps1)),
+    if TestCase == t72 -> verify_cfg(TestCase); true -> ok end,
+    Info = case catch apply(?MODULE,TestCase,[]) of 
+	       {'EXIT',_} -> [];
+	       I -> I
+	   end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [TestCase, Info])),    
+    Config.
+
+end_per_testcase(t101, Config) ->
+    ok;
+end_per_testcase(t111, Config) ->
+    ok;
+end_per_testcase(TestCase, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = if GrProps == undefined  -> []; true -> GrProps end,
+    verify_cfg(proplists:get_value(name, GrProps1)),
+    if TestCase == t72 -> verify_cfg(TestCase); true -> ok end,
+    ok.
+
+verify_cfg(undefined) ->
+    ok;
+verify_cfg(Name) ->
+    Key = list_to_atom(atom_to_list(Name) ++ "_cfg"),
+    Alias = list_to_atom(atom_to_list(Name) ++ "_cfg_alias"),
+    Val = list_to_atom(atom_to_list(Name) ++ "_cfg_val"),
+    ct:pal("Reading ~p & ~p. Expecting ~p.", [Key,Alias,Val]),
+    Val = ct:get_config(Key),
+    Val = ct:get_config(Alias),
+    suite_cfg_val = ct:get_config(suite_cfg),
+    suite_cfg_val = ct:get_config(suite_cfg_alias).
+    
+    
+
+%%%------------------------------------------------------------------
+%%% TEST DECLARATIONS
+%%%------------------------------------------------------------------
+
+groups() ->
+    [{g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[t31]},
+     {g4,[],[t41]},
+
+     {g5,[],[{group,g6},t51,{group,g7}]},
+
+       {g6,[],[t61]},
+       {g7,[],[t71,t72]},
+
+     {g8,[],[t81]},
+     {g9,[],[t91]},
+     {g10,[],[t101]},
+     {g11,[],[t111]}
+    ].
+     
+
+all() -> 
+    [t1,
+     {group,g1},
+     {group,g2},
+     {group,g3},
+     {group,g4},
+     {group,g5},
+     {group,g8},
+     {group,g9},
+     {group,g10},
+     {group,g11}
+    ].
+
+%%%-----------------------------------------------------------------
+%%% INFO FUNCS
+%%%-----------------------------------------------------------------
+
+suite() -> [{require,suite_cfg},
+	    {require,suite_cfg_alias,suite_cfg},
+	    {require,common1},
+	    {default_config,suite_cfg,suite_cfg_val},
+	    {default_config,common1,common1_val}].
+
+group(g1) -> [{require,g1_cfg},
+	      {require,g1_cfg_alias,g1_cfg},
+	      {default_config,g1_cfg,g1_cfg_val}];
+
+group(g2) -> [{require,g2_cfg},
+	      {require,g2_cfg_alias,g2_cfg},
+	      {require,common1},
+	      {require,common2},
+	      {default_config,g2_cfg,g2_cfg_val},
+	      {default_config,common1,common1_val},
+	      {default_config,common2,common2_val}];
+
+group(g3) -> [{require,g3_cfg},
+	      {require,g3_cfg_alias,g3_cfg},
+	      {require,common2},
+	      {require,common2_alias,common2},
+	      {default_config,g3_cfg,g3_cfg_val},
+	      {default_config,common2,common2_val}];
+
+group(g4) -> [{require,g4_cfg},
+	      {require,g4_cfg_alias,g4_cfg},
+	      {require,common2_alias,common3},
+	      {default_config,g4_cfg,g4_cfg_val}];
+
+group(g5) -> [{require,g5_cfg},
+	      {require,g5_cfg_alias,g5_cfg},
+	      {default_config,g5_cfg,g5_cfg_val}];
+
+group(g6) -> [{require,g6_cfg},
+	      {require,g6_cfg_alias,g6_cfg},
+	      {default_config,g6_cfg,g6_cfg_val}];
+
+group(g7) -> [{require,g7_cfg},
+	      {require,g7_cfg_alias,g7_cfg},
+	      {default_config,g7_cfg,g7_cfg_val}];
+
+group(g8) -> [{require,non_existing}];
+
+group(g9) -> [{require,g9_cfg},
+	      {require,g9_cfg_alias,g9_cfg},
+	      {default_config,g9_cfg,g9_cfg_val}];
+
+group(G) when G /= g11 -> [].
+
+t72() -> [{require,t72_cfg},
+	  {require,t72_cfg_alias,t72_cfg},
+	  {default_config,t72_cfg,t72_cfg_val}].
+
+t91() -> [{require,non_existing}].
+    
+
+%%%------------------------------------------------------------------
+%%% TEST CASES
+%%%------------------------------------------------------------------
+
+t1(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+t11(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    suite_cfg_val = ct:get_config(suite_cfg_alias),
+    g1_cfg_val = ct:get_config(g1_cfg),
+    g1_cfg_val = ct:get_config(g1_cfg_alias).
+
+t21(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g2_cfg_val = ct:get_config(g2_cfg),
+    g2_cfg_val = ct:get_config(g2_cfg_alias),
+    common1_val = ct:get_config(common1),
+    common2_val = ct:get_config(common2).
+
+t31(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g3_cfg_val = ct:get_config(g3_cfg),
+    g3_cfg_val = ct:get_config(g3_cfg_alias),
+    common2_val = ct:get_config(common2),
+    common2_val = ct:get_config(common2_alias).
+
+t41(_) ->
+    exit(should_be_skipped).
+
+t51(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias).
+
+t61(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g6_cfg_val = ct:get_config(g6_cfg),
+    g6_cfg_val = ct:get_config(g6_cfg_alias).
+
+t71(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g7_cfg_val = ct:get_config(g7_cfg),
+    g7_cfg_val = ct:get_config(g7_cfg_alias).
+
+t72(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g7_cfg_val = ct:get_config(g7_cfg),
+    g7_cfg_val = ct:get_config(g7_cfg_alias),
+    t72_cfg_val = ct:get_config(t72_cfg).
+
+t81(_) ->
+    exit(should_be_skipped).
+
+t91(_) ->
+    exit(should_be_skipped).
+
+t101(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+t111(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/group_require_3_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE_data/group_require_3_SUITE.erl
new file mode 100644
index 0000000000..1f2dfd2a30
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/group_require_3_SUITE.erl
@@ -0,0 +1,241 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(group_require_3_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+
+%%%-----------------------------------------------------------------
+%%% CONFIG FUNCS
+%%%-----------------------------------------------------------------
+
+%% init_per_suite(Config) ->
+%%     Config.
+%% end_per_suite(_) ->
+%%     ok.
+
+init_per_testcase(t101, Config) ->
+    Config;
+init_per_testcase(t111, Config) ->
+    Config;
+init_per_testcase(TestCase, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = if GrProps == undefined  -> []; true -> GrProps end,
+    verify_cfg(proplists:get_value(name, GrProps1)),
+    if TestCase == t72 -> verify_cfg(TestCase); true -> ok end,
+    Info = case catch apply(?MODULE,TestCase,[]) of 
+	       {'EXIT',_} -> [];
+	       I -> I
+	   end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [TestCase, Info])),    
+    Config.
+
+end_per_testcase(t101, _Config) ->
+    ok;
+end_per_testcase(t111, _Config) ->
+    ok;
+end_per_testcase(TestCase, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = if GrProps == undefined  -> []; true -> GrProps end,
+    verify_cfg(proplists:get_value(name, GrProps1)),
+    if TestCase == t72 -> verify_cfg(TestCase); true -> ok end,
+    ok.
+
+verify_cfg(undefined) ->
+    ok;
+verify_cfg(Name) ->
+    Key = list_to_atom(atom_to_list(Name) ++ "_cfg"),
+    Alias = list_to_atom(atom_to_list(Name) ++ "_cfg_alias"),
+    Val = list_to_atom(atom_to_list(Name) ++ "_cfg_val"),
+    ct:pal("Reading ~p & ~p. Expecting ~p.", [Key,Alias,Val]),
+    Val = ct:get_config(Key),
+    Val = ct:get_config(Alias),
+    suite_cfg_val = ct:get_config(suite_cfg),
+    suite_cfg_val = ct:get_config(suite_cfg_alias).
+    
+    
+
+%%%------------------------------------------------------------------
+%%% TEST DECLARATIONS
+%%%------------------------------------------------------------------
+
+groups() ->
+    [{g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[t31]},
+     {g4,[],[t41]},
+
+     {g5,[],[{group,g6},t51,{group,g7}]},
+
+       {g6,[],[t61]},
+       {g7,[],[t71,t72]},
+
+     {g8,[],[t81]},
+     {g9,[],[t91]},
+     {g10,[],[t101]},
+     {g11,[],[t111]}
+    ].
+     
+
+all() -> 
+    [t1,
+     {group,g1},
+     {group,g2},
+     {group,g3},
+     {group,g4},
+     {group,g5},
+     {group,g8},
+     {group,g9},
+     {group,g10},
+     {group,g11}
+    ].
+
+%%%-----------------------------------------------------------------
+%%% INFO FUNCS
+%%%-----------------------------------------------------------------
+
+suite() -> [{require,suite_cfg},
+	    {require,suite_cfg_alias,suite_cfg},
+	    {require,common1},
+	    {default_config,suite_cfg,suite_cfg_val},
+	    {default_config,common1,common1_val}].
+
+group(g1) -> [{require,g1_cfg},
+	      {require,g1_cfg_alias,g1_cfg},
+	      {default_config,g1_cfg,g1_cfg_val}];
+
+group(g2) -> [{require,g2_cfg},
+	      {require,g2_cfg_alias,g2_cfg},
+	      {require,common1},
+	      {require,common2},
+	      {default_config,g2_cfg,g2_cfg_val},
+	      {default_config,common1,common1_val},
+	      {default_config,common2,common2_val}];
+
+group(g3) -> [{require,g3_cfg},
+	      {require,g3_cfg_alias,g3_cfg},
+	      {require,common2},
+	      {require,common2_alias,common2},
+	      {default_config,g3_cfg,g3_cfg_val},
+	      {default_config,common2,common2_val}];
+
+group(g4) -> [{require,g4_cfg},
+	      {require,g4_cfg_alias,g4_cfg},
+	      {require,common2_alias,common3},
+	      {default_config,g4_cfg,g4_cfg_val}];
+
+group(g5) -> [{require,g5_cfg},
+	      {require,g5_cfg_alias,g5_cfg},
+	      {default_config,g5_cfg,g5_cfg_val}];
+
+group(g6) -> [{require,g6_cfg},
+	      {require,g6_cfg_alias,g6_cfg},
+	      {default_config,g6_cfg,g6_cfg_val}];
+
+group(g7) -> [{require,g7_cfg},
+	      {require,g7_cfg_alias,g7_cfg},
+	      {default_config,g7_cfg,g7_cfg_val}];
+
+group(g8) -> [{require,non_existing}];
+
+group(g9) -> [{require,g9_cfg},
+	      {require,g9_cfg_alias,g9_cfg},
+	      {default_config,g9_cfg,g9_cfg_val}];
+
+group(G) when G /= g11 -> [].
+
+t72() -> [{require,t72_cfg},
+	  {require,t72_cfg_alias,t72_cfg},
+	  {default_config,t72_cfg,t72_cfg_val}].
+
+t91() -> [{require,non_existing}].
+    
+
+%%%------------------------------------------------------------------
+%%% TEST CASES
+%%%------------------------------------------------------------------
+
+t1(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+t11(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    suite_cfg_val = ct:get_config(suite_cfg_alias),
+    g1_cfg_val = ct:get_config(g1_cfg),
+    g1_cfg_val = ct:get_config(g1_cfg_alias).
+
+t21(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g2_cfg_val = ct:get_config(g2_cfg),
+    g2_cfg_val = ct:get_config(g2_cfg_alias),
+    common1_val = ct:get_config(common1),
+    common2_val = ct:get_config(common2).
+
+t31(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g3_cfg_val = ct:get_config(g3_cfg),
+    g3_cfg_val = ct:get_config(g3_cfg_alias),
+    common2_val = ct:get_config(common2),
+    common2_val = ct:get_config(common2_alias).
+
+t41(_) ->
+    exit(should_be_skipped).
+
+t51(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias).
+
+t61(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g6_cfg_val = ct:get_config(g6_cfg),
+    g6_cfg_val = ct:get_config(g6_cfg_alias).
+
+t71(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g7_cfg_val = ct:get_config(g7_cfg),
+    g7_cfg_val = ct:get_config(g7_cfg_alias).
+
+t72(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg),
+    g5_cfg_val = ct:get_config(g5_cfg_alias),
+    g7_cfg_val = ct:get_config(g7_cfg),
+    g7_cfg_val = ct:get_config(g7_cfg_alias),
+    t72_cfg_val = ct:get_config(t72_cfg).
+
+t81(_) ->
+    exit(should_be_skipped).
+
+t91(_) ->
+    exit(should_be_skipped).
+
+t101(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+t111(_) ->
+    suite_cfg_val = ct:get_config(suite_cfg).
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_1_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_1_SUITE.erl
new file mode 100644
index 0000000000..0a81edf729
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_1_SUITE.erl
@@ -0,0 +1,191 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(group_timetrap_1_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+
+%%%-----------------------------------------------------------------
+%%% CONFIG FUNCS
+%%%-----------------------------------------------------------------
+
+init_per_suite(Config) ->
+    ct:comment(io_lib:format("init( ~w ): ~p", [?MODULE, suite()])),
+    Config.
+
+end_per_suite(_Config) ->
+    ok.
+
+init_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    Info = case catch group(G) of {'EXIT',_} -> []; I -> I end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [G, Info])),
+    Config.
+
+end_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    ct:comment(io_lib:format("end( ~w )", [G])),
+    ok.
+
+init_per_testcase(TestCase, Config) ->
+    Info = case catch apply(?MODULE,TestCase,[]) of 
+	       {'EXIT',_} -> [];
+	       I -> I
+	   end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [TestCase, Info])),    
+    Config.
+
+end_per_testcase(_TestCase, _Config) ->
+    ok.
+
+%%%------------------------------------------------------------------
+%%% TEST DECLARATIONS
+%%%------------------------------------------------------------------
+
+groups() ->
+    [{g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[{group,g4},t31,{group,g5}]},
+
+       {g4,[],[t41]},
+       {g5,[],[t51]},
+
+     {g6,[],[t61]},
+     {g7,[],[{group,g8},t71,{group,g9}]},
+
+       {g8,[],[t81]},
+       {g9,[],[t91]},
+
+     {g10,[],[t101]},
+     {g11,[],[t111]}
+    ].
+     
+
+all() -> 
+    [t1,
+     {group,g1},
+     {group,g2},
+     t2,
+     {group,g3},
+     t3,
+     {group,g6},
+     {group,g7},
+     {group,g10},
+     {group,g11}
+    ].
+
+%%%-----------------------------------------------------------------
+%%% INFO FUNCS
+%%%-----------------------------------------------------------------
+
+suite() -> [{timetrap,1000}].
+
+group(g1) -> [{timetrap,500}];
+
+group(g2) -> [{timetrap,1500}];
+
+group(g3) -> [{timetrap,500}];
+
+group(g4) -> [{timetrap,250}];
+
+group(g5) -> [{timetrap,1500}];
+
+group(g6) -> [{timetrap,250}];
+
+group(g7) -> [{timetrap,250}];
+
+group(g8) -> [{timetrap,250}];
+
+group(G) when G /= g11 -> [].
+
+t3() -> [{timetrap,250}].
+
+t61() -> [{timetrap,500}].
+
+t71() -> [{timetrap,500}].
+
+t81() -> [{timetrap,750}].
+
+t91() -> [{timetrap,250}].
+
+%%%------------------------------------------------------------------
+%%% TEST CASES
+%%%------------------------------------------------------------------
+
+t1(_) ->
+    ct:sleep(3000),
+    exit(should_timeout).
+
+t11(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t21(_) ->
+    ct:sleep(3000),
+    exit(should_timeout).
+
+t2(_) ->
+    ct:sleep(1250),
+    exit(should_timeout).
+
+t31(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t41(_) ->
+    ct:sleep(350),
+    exit(should_timeout).
+
+t51(_) ->
+    ct:sleep(2000),
+    exit(should_timeout).
+
+t3(_) ->
+    ct:sleep(500),
+    exit(should_timeout).
+
+t61(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t71(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t81(_) ->
+    ct:sleep(1000),
+    exit(should_timeout).
+
+t91(_) ->
+    ct:sleep(350),
+    exit(should_timeout).
+
+t101(_) ->
+    ct:sleep(1500),
+    exit(should_timeout).
+
+t111(_) ->
+    ct:sleep(1500),
+    exit(should_timeout).
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_2_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_2_SUITE.erl
new file mode 100644
index 0000000000..1ebe8bd510
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_2_SUITE.erl
@@ -0,0 +1,184 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(group_timetrap_2_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+
+%%%-----------------------------------------------------------------
+%%% CONFIG FUNCS
+%%%-----------------------------------------------------------------
+
+init_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    Info = case catch group(G) of {'EXIT',_} -> []; I -> I end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [G, Info])),
+    Config.
+
+end_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    _GrProps1 = proplists:delete(name, GrProps),
+    ct:comment(io_lib:format("end( ~w )", [G])),
+    ok.
+
+init_per_testcase(TestCase, Config) ->
+    Info = case catch apply(?MODULE,TestCase,[]) of 
+	       {'EXIT',_} -> [];
+	       I -> I
+	   end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [TestCase, Info])),    
+    Config.
+
+end_per_testcase(_TestCase, _Config) ->
+    ok.
+
+%%%------------------------------------------------------------------
+%%% TEST DECLARATIONS
+%%%------------------------------------------------------------------
+
+groups() ->
+    [{g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[{group,g4},t31,{group,g5}]},
+
+       {g4,[],[t41]},
+       {g5,[],[t51]},
+
+     {g6,[],[t61]},
+     {g7,[],[{group,g8},t71,{group,g9}]},
+
+       {g8,[],[t81]},
+       {g9,[],[t91]},
+
+     {g10,[],[t101]},
+     {g11,[],[t111]}
+    ].
+     
+
+all() -> 
+    [t1,
+     {group,g1},
+     {group,g2},
+     t2,
+     {group,g3},
+     t3,
+     {group,g6},
+     {group,g7},
+     {group,g10},
+     {group,g11}
+    ].
+
+%%%-----------------------------------------------------------------
+%%% INFO FUNCS
+%%%-----------------------------------------------------------------
+
+suite() -> [{timetrap,1000}].
+
+group(g1) -> [{timetrap,500}];
+
+group(g2) -> [{timetrap,1500}];
+
+group(g3) -> [{timetrap,500}];
+
+group(g4) -> [{timetrap,250}];
+
+group(g5) -> [{timetrap,1500}];
+
+group(g6) -> [{timetrap,250}];
+
+group(g7) -> [{timetrap,250}];
+
+group(g8) -> [{timetrap,250}];
+
+group(G) when G /= g11 -> [].
+
+t3() -> [{timetrap,250}].
+
+t61() -> [{timetrap,500}].
+
+t71() -> [{timetrap,500}].
+
+t81() -> [{timetrap,750}].
+
+t91() -> [{timetrap,250}].
+
+%%%------------------------------------------------------------------
+%%% TEST CASES
+%%%------------------------------------------------------------------
+
+t1(_) ->
+    ct:sleep(3000),
+    exit(should_timeout).
+
+t11(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t21(_) ->
+    ct:sleep(3000),
+    exit(should_timeout).
+
+t2(_) ->
+    ct:sleep(1250),
+    exit(should_timeout).
+
+t31(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t41(_) ->
+    ct:sleep(350),
+    exit(should_timeout).
+
+t51(_) ->
+    ct:sleep(2000),
+    exit(should_timeout).
+
+t3(_) ->
+    ct:sleep(500),
+    exit(should_timeout).
+
+t61(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t71(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t81(_) ->
+    ct:sleep(1000),
+    exit(should_timeout).
+
+t91(_) ->
+    ct:sleep(350),
+    exit(should_timeout).
+
+t101(_) ->
+    ct:sleep(1500),
+    exit(should_timeout).
+
+t111(_) ->
+    ct:sleep(1500),
+    exit(should_timeout).
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_3_SUITE.erl b/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_3_SUITE.erl
new file mode 100644
index 0000000000..66d29802e2
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/group_timetrap_3_SUITE.erl
@@ -0,0 +1,171 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(group_timetrap_3_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+
+%%%-----------------------------------------------------------------
+%%% CONFIG FUNCS
+%%%-----------------------------------------------------------------
+
+init_per_testcase(TestCase, Config) ->
+    Info = case catch apply(?MODULE,TestCase,[]) of 
+	       {'EXIT',_} -> [];
+	       I -> I
+	   end,
+    ct:comment(io_lib:format("init( ~w ): ~p", [TestCase, Info])),    
+    Config.
+
+end_per_testcase(_TestCase, _Config) ->
+    ok.
+
+%%%------------------------------------------------------------------
+%%% TEST DECLARATIONS
+%%%------------------------------------------------------------------
+
+groups() ->
+    [{g1,[],[t11]},
+     {g2,[],[t21]},
+     {g3,[],[{group,g4},t31,{group,g5}]},
+
+       {g4,[],[t41]},
+       {g5,[],[t51]},
+
+     {g6,[],[t61]},
+     {g7,[],[{group,g8},t71,{group,g9}]},
+
+       {g8,[],[t81]},
+       {g9,[],[t91]},
+
+     {g10,[],[t101]},
+     {g11,[],[t111]}
+    ].
+     
+
+all() -> 
+    [t1,
+     {group,g1},
+     {group,g2},
+     t2,
+     {group,g3},
+     t3,
+     {group,g6},
+     {group,g7},
+     {group,g10},
+     {group,g11}
+    ].
+
+%%%-----------------------------------------------------------------
+%%% INFO FUNCS
+%%%-----------------------------------------------------------------
+
+suite() -> [{timetrap,1000}].
+
+group(g1) -> [{timetrap,500}];
+
+group(g2) -> [{timetrap,1500}];
+
+group(g3) -> [{timetrap,500}];
+
+group(g4) -> [{timetrap,250}];
+
+group(g5) -> [{timetrap,1500}];
+
+group(g6) -> [{timetrap,250}];
+
+group(g7) -> [{timetrap,250}];
+
+group(g8) -> [{timetrap,250}];
+
+group(G) when G /= g11 -> [].
+
+t3() -> [{timetrap,250}].
+
+t61() -> [{timetrap,500}].
+
+t71() -> [{timetrap,500}].
+
+t81() -> [{timetrap,750}].
+
+t91() -> [{timetrap,250}].
+
+%%%------------------------------------------------------------------
+%%% TEST CASES
+%%%------------------------------------------------------------------
+
+t1(_) ->
+    ct:sleep(3000),
+    exit(should_timeout).
+
+t11(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t21(_) ->
+    ct:sleep(3000),
+    exit(should_timeout).
+
+t2(_) ->
+    ct:sleep(1250),
+    exit(should_timeout).
+
+t31(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t41(_) ->
+    ct:sleep(350),
+    exit(should_timeout).
+
+t51(_) ->
+    ct:sleep(2000),
+    exit(should_timeout).
+
+t3(_) ->
+    ct:sleep(500),
+    exit(should_timeout).
+
+t61(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t71(_) ->
+    ct:sleep(750),
+    exit(should_timeout).
+
+t81(_) ->
+    ct:sleep(1000),
+    exit(should_timeout).
+
+t91(_) ->
+    ct:sleep(350),
+    exit(should_timeout).
+
+t101(_) ->
+    ct:sleep(1500),
+    exit(should_timeout).
+
+t111(_) ->
+    ct:sleep(1500),
+    exit(should_timeout).
+
+
diff --git a/lib/common_test/test/ct_group_info_SUITE_data/vars.cfg b/lib/common_test/test/ct_group_info_SUITE_data/vars.cfg
new file mode 100644
index 0000000000..8a1960d121
--- /dev/null
+++ b/lib/common_test/test/ct_group_info_SUITE_data/vars.cfg
@@ -0,0 +1,19 @@
+{suite_cfg,suite_cfg_val}.
+{g1_cfg,g1_cfg_val}.
+{g2_cfg,g2_cfg_val}.
+{g3_cfg,g3_cfg_val}.
+{g4_cfg,g4_cfg_val}.
+{g5_cfg,g5_cfg_val}.
+{g6_cfg,g6_cfg_val}.
+{g7_cfg,g7_cfg_val}.
+{g8_cfg,g8_cfg_val}.
+{g9_cfg,g9_cfg_val}.
+{g10_cfg,g10_cfg_val}.
+{g11_cfg,g11_cfg_val}.
+
+{t72_cfg,t72_cfg_val}.
+{t91_cfg,t91_cfg_val}.
+
+{common1,common1_val}.
+{common2,common2_val}.
+{common3,common3_val}.
diff --git a/lib/common_test/test/ct_groups_spec_SUITE.erl b/lib/common_test/test/ct_groups_spec_SUITE.erl
new file mode 100644
index 0000000000..5a6d5ac0ac
--- /dev/null
+++ b/lib/common_test/test/ct_groups_spec_SUITE.erl
@@ -0,0 +1,586 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%%-------------------------------------------------------------------
+%%% File: ct_groups_spec_SUITE
+%%%
+%%% Description: 
+%%% Test that overriding default group properties with group terms
+%%% in all/0 and in test specifications works as expected.
+%%%
+%%%-------------------------------------------------------------------
+-module(ct_groups_spec_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("common_test/include/ct_event.hrl").
+
+-define(eh, ct_test_support_eh).
+
+%%--------------------------------------------------------------------
+%% TEST SERVER CALLBACK FUNCTIONS
+%%--------------------------------------------------------------------
+
+%%--------------------------------------------------------------------
+%% Description: Since Common Test starts another Test Server
+%% instance, the tests need to be performed on a separate node (or
+%% there will be clashes with logging processes etc).
+%%--------------------------------------------------------------------
+init_per_suite(Config) ->
+    Config1 = ct_test_support:init_per_suite(Config),
+    Config1.
+
+end_per_suite(Config) ->
+    ct_test_support:end_per_suite(Config).
+
+init_per_testcase(TestCase, Config) ->
+    ct_test_support:init_per_testcase(TestCase, Config).
+
+end_per_testcase(TestCase, Config) ->
+    ct_test_support:end_per_testcase(TestCase, Config).
+
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() -> 
+    [
+     simple_group_opt,
+     simple_group_case_opt,
+     override_with_all,
+     override_with_spec
+    ].
+
+%%--------------------------------------------------------------------
+%% TEST CASES
+%%--------------------------------------------------------------------
+
+%%%-----------------------------------------------------------------
+%%% 
+simple_group_opt(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "groups_spec_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},{group,[g1,g5]},
+			  {label,simple_group_opt}], Config),
+    ok = execute(simple_group_opt, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+simple_group_case_opt(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "groups_spec_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},{group,g5},{testcase,[t52,t54]},
+			  {label,simple_group_case_opt}], Config),
+    ok = execute(simple_group_case_opt, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+override_with_all(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Suite = filename:join(DataDir, "groups_spec_1_SUITE"),
+    {Opts,ERPid} = setup([{suite,Suite},{label,override_with_all}], Config),
+    ok = execute(override_with_all, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% 
+override_with_spec(Config) when is_list(Config) -> 
+    DataDir = ?config(data_dir, Config),
+    Spec = filename:join(DataDir, "override.spec"),
+    {Opts,ERPid} = setup([{spec,Spec},{label,override_with_spec}], Config),
+    ok = execute(override_with_spec, Opts, ERPid, Config).
+
+%%%-----------------------------------------------------------------
+%%% HELP FUNCTIONS
+%%%-----------------------------------------------------------------
+
+setup(Test, Config) ->
+    Opts0 = ct_test_support:get_opts(Config),
+    Level = ?config(trace_level, Config),
+    EvHArgs = [{cbm,ct_test_support},{trace_level,Level}],
+    Opts = Opts0 ++ [{event_handler,{?eh,EvHArgs}}|Test],
+    ERPid = ct_test_support:start_event_receiver(Config),
+    {Opts,ERPid}.
+
+execute(Name, Opts, ERPid, Config) ->
+    ok = ct_test_support:run(Opts, Config),
+    Events = ct_test_support:get_events(ERPid, Config),
+
+    ct_test_support:log_events(Name, 
+			       reformat(Events, ?eh),
+			       ?config(priv_dir, Config),
+			       Opts),
+
+    TestEvents = events_to_check(Name),
+    ct_test_support:verify_events(TestEvents, Events, Config).
+
+reformat(Events, EH) ->
+    ct_test_support:reformat(Events, EH).
+
+%%%-----------------------------------------------------------------
+%%% TEST EVENTS
+%%%-----------------------------------------------------------------
+events_to_check(Test) ->
+    %% 2 tests (ct:run_test + script_start) is default
+    events_to_check(Test, 2).
+
+events_to_check(_, 0) ->
+    [];
+events_to_check(Test, N) ->
+    test_events(Test) ++ events_to_check(Test, N-1).
+
+
+test_events(simple_group_opt) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,start_info,{1,1,7}},
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t13,ok}},
+      {?eh,test_stats,{2,1,{0,0}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[]},ok}}],
+
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]},ok}},
+
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[]},ok}},
+
+       {parallel,
+	[{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]},ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t51}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t51,ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t52}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t52,{failed,{timetrap_timeout,2000}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t53}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t53,{failed,{error,crashes}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t54}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t54,ok}},
+	 {?eh,test_stats,{4,3,{0,0}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]},ok}}]},
+
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[]},ok}}],
+
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]},ok}}],
+
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(simple_group_case_opt) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,start_info,{1,1,2}},
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]},ok}},
+
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[]},ok}},
+
+       {parallel,
+	[{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]},ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t52}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t52,{failed,{timetrap_timeout,2000}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t54}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t54,ok}},
+	 {?eh,test_stats,{1,1,{0,0}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]},ok}}]},
+
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[]},ok}}],
+
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]},ok}}],
+
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(override_with_all) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,start_info,{1,1,45}},
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+
+     %% TEST: {group,g1,default}
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t13,ok}},
+      {?eh,test_stats,{2,1,{0,0}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[]},ok}}],
+
+     %% TEST: {group,g1,[sequence]}
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[sequence]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t13,{failed,{groups_spec_1_SUITE,t12}}}},
+      {?eh,test_stats,{3,2,{0,1}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[sequence]},ok}}],
+
+     %% TEST: {group,g1,[parallel],[]}
+     {parallel,
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[parallel]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[parallel]},ok}},
+       {?eh,tc_start,{groups_spec_1_SUITE,t11}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+       {?eh,tc_start,{groups_spec_1_SUITE,t12}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,t13}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t13,ok}},
+       {?eh,test_stats,{5,3,{0,1}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[parallel]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[parallel]},ok}}]},
+
+     %% TEST: {group,g2,[],[]}
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t21,ok}},
+      {?eh,test_stats,{6,3,{0,1}}},
+
+      {parallel,
+       [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g3,[parallel]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g3,[parallel]},ok}},
+	{?eh,tc_start,{groups_spec_1_SUITE,t31}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t31,ok}},
+	{?eh,tc_start,{groups_spec_1_SUITE,t32}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t32,{failed,{error,crashes}}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,t33}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t33,ok}},
+	{?eh,test_stats,{8,4,{0,1}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g3,[parallel]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g3,[parallel]},ok}}]},
+
+      {?eh,tc_done,{groups_spec_1_SUITE,t22,{failed,{error,crashes}}}},
+      {?eh,test_stats,{8,5,{0,1}}},
+
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t41,ok}},
+       {?eh,test_stats,{9,5,{0,1}}},
+
+       {parallel,
+	[{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]},ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t51}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t51,ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t52}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t52,{failed,{timetrap_timeout,2000}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t53}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t53,{failed,{error,crashes}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t54}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t54,ok}},
+	 {?eh,test_stats,{11,7,{0,1}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]},ok}}]},
+
+       {?eh,tc_done,{groups_spec_1_SUITE,t42,{failed,{error,crashes}}}},
+       {?eh,test_stats,{11,8,{0,1}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[]},ok}}],
+
+      {?eh,tc_done,{groups_spec_1_SUITE,t23,ok}},
+      {?eh,test_stats,{12,8,{0,1}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[]},ok}}],
+
+     %% TEST: {group,g2,default,[{g3,[sequence]}]}
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t21,ok}},
+      {?eh,test_stats,{13,8,{0,1}}},
+
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t31,ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t32,{failed,{error,crashes}}}},
+       {?eh,tc_auto_skip,{groups_spec_1_SUITE,t33,{failed,{groups_spec_1_SUITE,t32}}}},
+       {?eh,test_stats,{14,9,{0,2}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]},ok}}],
+
+      {?eh,tc_done,{groups_spec_1_SUITE,t22,{failed,{error,crashes}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t41,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t51,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t52,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t53,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t54,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t42,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t23,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,test_stats,{14,10,{0,9}}},
+
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]},ok}}],
+
+     %% TEST: {group,g2,[],[{g4,[sequence],[{g5,[sequence]}]},{g3,[sequence]}]}
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t21,ok}},
+      {?eh,test_stats,{15,10,{0,9}}},
+
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t31,ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t32,{failed,{error,crashes}}}},
+       {?eh,tc_auto_skip,{groups_spec_1_SUITE,t33,{failed,{groups_spec_1_SUITE,t32}}}},
+       {?eh,test_stats,{16,11,{0,10}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]},ok}}],
+
+      {?eh,tc_done,{groups_spec_1_SUITE,t22,{failed,{error,crashes}}}},
+      {?eh,test_stats,{16,12,{0,10}}},
+
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[sequence]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t41,ok}},
+       {?eh,test_stats,{17,12,{0,10}}},
+
+       [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[sequence]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[sequence]},ok}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t51,ok}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t52,{failed,{timetrap_timeout,2000}}}},
+	{?eh,tc_auto_skip,{groups_spec_1_SUITE,t53,{failed,{groups_spec_1_SUITE,t52}}}},
+	{?eh,tc_auto_skip,{groups_spec_1_SUITE,t54,{failed,{groups_spec_1_SUITE,t52}}}},
+	{?eh,test_stats,{18,13,{0,12}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[sequence]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[sequence]},ok}}],
+
+       {?eh,tc_done,{groups_spec_1_SUITE,t42,{failed,{error,crashes}}}},
+       {?eh,test_stats,{18,14,{0,12}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[sequence]},ok}}],
+
+      {?eh,tc_done,{groups_spec_1_SUITE,t23,ok}},
+      {?eh,test_stats,{19,14,{0,12}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[]},ok}}],
+
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ];
+
+test_events(override_with_spec) ->
+    [
+     {?eh,start_logging,{'DEF','RUNDIR'}},
+     {?eh,start_info,{7,4,49}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE, {g1,default}}.
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t13,ok}},
+      {?eh,test_stats,{2,1,{0,0}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[]},ok}}],
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE, [{g1,[sequence]},
+     %%                                           {g1,[parallel],[]}]}.
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[sequence]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t13,{failed,{groups_spec_1_SUITE,t12}}}},
+      {?eh,test_stats,{3,2,{0,1}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[sequence]},ok}}],
+     {parallel,
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[parallel]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[parallel]},ok}},
+       {?eh,tc_start,{groups_spec_1_SUITE,t11}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t11,ok}},
+       {?eh,tc_start,{groups_spec_1_SUITE,t12}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,t13}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t13,ok}},
+       {?eh,test_stats,{5,3,{0,1}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[parallel]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[parallel]},ok}}]},
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE, {g2,[],[]}}.
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_start,{groups_spec_1_SUITE,t21}},
+      {?eh,test_stats,{6,3,{0,1}}},
+      {parallel,
+       [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g3,[parallel]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g3,[parallel]},ok}},
+	{?eh,tc_start,{groups_spec_1_SUITE,t31}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t31,ok}},
+	{?eh,tc_start,{groups_spec_1_SUITE,t32}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t32,{failed,{error,crashes}}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,t33}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t33,ok}},
+	{?eh,test_stats,{8,4,{0,1}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g3,[parallel]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g3,[parallel]},ok}}]},
+      {?eh,tc_done,{groups_spec_1_SUITE,t22,{failed,{error,crashes}}}},
+      {?eh,test_stats,{8,5,{0,1}}},
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t41,ok}},
+       {?eh,test_stats,{9,5,{0,1}}},
+       {parallel,
+	[{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[parallel]},ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t51}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t51,ok}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t52}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t52,{failed,{timetrap_timeout,2000}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t53}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t53,{failed,{error,crashes}}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,t54}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,t54,ok}},
+	 {?eh,test_stats,{11,7,{0,1}}},
+	 {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]}}},
+	 {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[parallel]},ok}}]},
+       {?eh,tc_done,{groups_spec_1_SUITE,t42,{failed,{error,crashes}}}},
+       {?eh,test_stats,{11,8,{0,1}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[]},ok}}],
+      {?eh,tc_done,{groups_spec_1_SUITE,t23,ok}},
+      {?eh,test_stats,{12,8,{0,1}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[]},ok}}],
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE, {g2,default,[{g3,[sequence]}]}}
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t21,ok}},
+      {?eh,test_stats,{13,8,{0,1}}},
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t31,ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t32,{failed,{error,crashes}}}},
+       {?eh,tc_auto_skip,{groups_spec_1_SUITE,t33,{failed,{groups_spec_1_SUITE,t32}}}},
+       {?eh,test_stats,{14,9,{0,2}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]},ok}}],
+      {?eh,tc_done,{groups_spec_1_SUITE,t22,{failed,{error,crashes}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t41,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t51,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t52,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t53,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t54,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t42,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t23,{failed,{groups_spec_1_SUITE,t22}}}},
+      {?eh,test_stats,{14,10,{0,9}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]},ok}}],
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE,
+     %%        {g2,[],[{g4,[sequence],[{g5,[sequence]}]},{g3,[sequence]}]}}.
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t21,ok}},
+      {?eh,test_stats,{15,10,{0,9}}},
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g3,[sequence]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t31,ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t32,{failed,{error,crashes}}}},
+       {?eh,tc_auto_skip,{groups_spec_1_SUITE,t33,{failed,{groups_spec_1_SUITE,t32}}}},
+       {?eh,test_stats,{16,11,{0,10}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g3,[sequence]},ok}}],
+      {?eh,tc_done,{groups_spec_1_SUITE,t22,{failed,{error,crashes}}}},
+      {?eh,test_stats,{16,12,{0,10}}},
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[sequence]},ok}},
+       {?eh,tc_done,{groups_spec_1_SUITE,t41,ok}},
+       {?eh,test_stats,{17,12,{0,10}}},
+       [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[sequence]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[sequence]},ok}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t51,ok}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t52,{failed,{timetrap_timeout,2000}}}},
+	{?eh,tc_auto_skip,{groups_spec_1_SUITE,t53,{failed,{groups_spec_1_SUITE,t52}}}},
+	{?eh,tc_auto_skip,{groups_spec_1_SUITE,t54,{failed,{groups_spec_1_SUITE,t52}}}},
+	{?eh,test_stats,{18,13,{0,12}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[sequence]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[sequence]},ok}}],
+       {?eh,tc_done,{groups_spec_1_SUITE,t42,{failed,{error,crashes}}}},
+       {?eh,test_stats,{18,14,{0,12}}},
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[sequence]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[sequence]},ok}}],
+      {?eh,tc_done,{groups_spec_1_SUITE,t23,ok}},
+      {?eh,test_stats,{19,14,{0,12}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[]},ok}}],
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE, {g1,[sequence]}, {cases,[t12,t13]}}
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g1,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g1,[sequence]},ok}},
+      {?eh,tc_done,{groups_spec_1_SUITE,t12,{failed,{error,crashes}}}},
+      {?eh,tc_auto_skip,{groups_spec_1_SUITE,t13,{failed,{groups_spec_1_SUITE,t12}}}},
+      {?eh,test_stats,{19,15,{0,13}}},
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g1,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g1,[sequence]},ok}}],
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     %% TEST: {groups, dir, groups_spec_1_SUITE, {g5,[]}, {cases,[t53,t54]}}
+     {?eh,tc_done,{groups_spec_1_SUITE,init_per_suite,ok}},
+     [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g2,[sequence]},ok}},
+      [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g4,[]},ok}},
+       [{?eh,tc_start,{groups_spec_1_SUITE,{init_per_group,g5,[]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{init_per_group,g5,[]},ok}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t53,{failed,{error,crashes}}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,t54,ok}},
+	{?eh,test_stats,{20,16,{0,13}}},
+	{?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g5,[]}}},
+	{?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g5,[]},ok}}],
+       {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g4,[]}}},
+       {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g4,[]},ok}}],
+      {?eh,tc_start,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]}}},
+      {?eh,tc_done,{groups_spec_1_SUITE,{end_per_group,g2,[sequence]},ok}}],
+     {?eh,tc_done,{groups_spec_1_SUITE,end_per_suite,ok}},
+
+     {?eh,test_done,{'DEF','STOP_TIME'}},
+     {?eh,stop_logging,[]}
+    ].
+
diff --git a/lib/common_test/test/ct_groups_spec_SUITE_data/groups_spec_1_SUITE.erl b/lib/common_test/test/ct_groups_spec_SUITE_data/groups_spec_1_SUITE.erl
new file mode 100644
index 0000000000..ae6065bae4
--- /dev/null
+++ b/lib/common_test/test/ct_groups_spec_SUITE_data/groups_spec_1_SUITE.erl
@@ -0,0 +1,124 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(groups_spec_1_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+%%--------------------------------------------------------------------
+%% INFO FUNCS
+%%--------------------------------------------------------------------
+suite() ->
+    [{timetrap,1000}].
+
+group(_) ->
+    [{timetrap,2000}].
+
+%%--------------------------------------------------------------------
+%% CONFIG FUNCS
+%%--------------------------------------------------------------------
+init_per_suite(Config) ->
+    Config.
+
+end_per_suite(_Config) ->
+    ok.
+
+init_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = proplists:delete(name, GrProps),
+    ct:comment(io_lib:format("init( ~w ): ~p", [G, GrProps1])),
+    ct:pal("init( ~w ): ~p", [G, GrProps1]),
+    Config.
+
+end_per_group(G, Config) ->
+    GrProps = proplists:get_value(tc_group_properties, Config),
+    GrProps1 = proplists:delete(name, GrProps),
+    ct:comment(io_lib:format("end( ~w ): ~p", [G, GrProps1])),
+    ct:pal("end( ~w ): ~p", [G, GrProps1]),
+    ok.
+
+init_per_testcase(_TestCase, Config) ->
+    Config.
+
+end_per_testcase(_TestCase, _Config) ->
+    ok.
+
+%%--------------------------------------------------------------------
+%% TEST DECLARATIONS
+%%--------------------------------------------------------------------
+
+groups() ->
+    [
+     {g1,[],[t11,t12,t13]},
+     {g2,[sequence],[t21,{group,g3},t22,{group,g4},t23]},
+     {g3,[parallel],[t31,t32,t33]},
+     {g4,[],[t41,{group,g5},t42]},
+     {g5,[parallel],[t51,t52,t53,t54]}
+    ].
+
+all() -> 
+    [
+     {group,g1,default},
+     {group,g1,[sequence]},
+     {group,g1,[parallel],[]},
+     
+     {group,g2,[],[]},
+     {group,g2,default,[{g3,[sequence]}]},
+     {group,g2,[],[{g4,[sequence],[{g5,[sequence]}]},{g3,[sequence]}]}
+    ].
+
+%%-----------------------------------------------------------------
+%% TEST CASES
+%%-----------------------------------------------------------------
+
+t11(_) ->
+    ok.
+t12(_) ->
+    exit(crashes).
+t13(_) ->
+    ok.
+
+t21(_) ->
+    ok.
+t22(_) ->
+    exit(crashes).
+t23(_) ->
+    ok.
+
+t31(_) ->
+    ok.
+t32(_) ->
+    exit(crashes).
+t33(_) ->
+    ok.
+
+t41(_) ->
+    ok.	
+t42(_) ->
+    exit(crashes).
+
+t51(_) ->
+    ok.
+t52(_) ->
+    ct:sleep(3000).
+t53(_) ->
+    exit(crashes).
+t54(_) ->
+    ok.
diff --git a/lib/common_test/test/ct_groups_spec_SUITE_data/override.spec b/lib/common_test/test/ct_groups_spec_SUITE_data/override.spec
new file mode 100644
index 0000000000..1bfc6405c9
--- /dev/null
+++ b/lib/common_test/test/ct_groups_spec_SUITE_data/override.spec
@@ -0,0 +1,15 @@
+{merge_tests,false}.
+
+{alias,dir,"."}.
+
+{groups, dir, groups_spec_1_SUITE, {g1,default}}.
+{groups, dir, groups_spec_1_SUITE, [{g1,[sequence]},
+				    {g1,[parallel],[]}]}.
+
+{groups, dir, groups_spec_1_SUITE, {g2,[],[]}}.
+{groups, dir, groups_spec_1_SUITE, {g2,default,[{g3,[sequence]}]}}.
+{groups, dir, groups_spec_1_SUITE, {g2,[],[{g4,[sequence],[{g5,[sequence]}]},
+					   {g3,[sequence]}]}}.
+
+{groups, dir, groups_spec_1_SUITE, {g1,[sequence]}, {cases,[t12,t13]}}.
+{groups, dir, groups_spec_1_SUITE, {g5,[]}, {cases,[t53,t54]}}.
diff --git a/lib/common_test/test/ct_groups_test_2_SUITE.erl b/lib/common_test/test/ct_groups_test_2_SUITE.erl
index 940d791b15..2392b0b850 100644
--- a/lib/common_test/test/ct_groups_test_2_SUITE.erl
+++ b/lib/common_test/test/ct_groups_test_2_SUITE.erl
@@ -171,16 +171,16 @@ test_events(missing_conf) ->
      {?eh,start_logging,{'DEF','RUNDIR'}},
      {?eh,test_start,{'DEF',{'START_TIME','LOGDIR'}}},
      {?eh,start_info,{1,1,2}},
-     {?eh,tc_start,{ct_framework,ct_init_per_group}},
-     {?eh,tc_done,{ct_framework,ct_init_per_group,ok}},
+     {?eh,tc_start,{ct_framework,{ct_init_per_group,group1,[]}}},
+     {?eh,tc_done,{ct_framework,{ct_init_per_group,group1,[]},ok}},
      {?eh,tc_start,{missing_conf_SUITE,tc1}},
      {?eh,tc_done,{missing_conf_SUITE,tc1,ok}},
      {?eh,test_stats,{1,0,{0,0}}},
      {?eh,tc_start,{missing_conf_SUITE,tc2}},
      {?eh,tc_done,{missing_conf_SUITE,tc2,ok}},
      {?eh,test_stats,{2,0,{0,0}}},
-     {?eh,tc_start,{ct_framework,ct_end_per_group}},
-     {?eh,tc_done,{ct_framework,ct_end_per_group,ok}},
+     {?eh,tc_start,{ct_framework,{ct_end_per_group,group1,[]}}},
+     {?eh,tc_done,{ct_framework,{ct_end_per_group,group1,[]},ok}},
      {?eh,test_done,{'DEF','STOP_TIME'}},
      {?eh,stop_logging,[]}
     ];
diff --git a/lib/common_test/test/ct_hooks_SUITE.erl b/lib/common_test/test/ct_hooks_SUITE.erl
index 5c99f0f9f7..2c519f08b5 100644
--- a/lib/common_test/test/ct_hooks_SUITE.erl
+++ b/lib/common_test/test/ct_hooks_SUITE.erl
@@ -1046,29 +1046,34 @@ test_events(prio_cth) ->
 		     [900],[900,900],[500,900],[1000],[1200,1050],
 		     [1100],[1200]]) ++
 	     GenPost(post_end_per_testcase,
-		     [[1100,100],[600,200],[600,600],[600],[700],[800],
-		      [900],[900,900],[500,900],[1000],[1200,1050],
-		      [1100],[1200]]) ++
+		     lists:reverse(
+		       [[1100,100],[600,200],[600,600],[600],[700],[800],
+			[900],[900,900],[500,900],[1000],[1200,1050],
+			[1100],[1200]])) ++
 	     [{?eh,tc_done,{ct_cth_prio_SUITE,test_case,ok}},
 
 	      {?eh,tc_start,{ct_cth_prio_SUITE,{end_per_group,'_',[]}}}] ++
 	     GenPre(pre_end_per_group, 
-		    [[1100,100],[600,200],[600,600],[600],[700],[800],
-		     [900],[900,900],[500,900],[1000],[1200,1050],
-		     [1100],[1200]]) ++
+		    lists:reverse(
+		      [[1100,100],[600,200],[600,600],[600],[700],[800],
+		       [900],[900,900],[500,900],[1000],[1200,1050],
+		       [1100],[1200]])) ++
 	     GenPost(post_end_per_group,
-		     [[1100,100],[600,200],[600,600],[600],[700],[800],
-		      [900],[900,900],[500,900],[1000],[1200,1050],
-		      [1100],[1200]]) ++
+		     lists:reverse(
+		       [[1100,100],[600,200],[600,600],[600],[700],[800],
+			[900],[900,900],[500,900],[1000],[1200,1050],
+			[1100],[1200]])) ++
 	     [{?eh,tc_done,{ct_cth_prio_SUITE,{end_per_group,'_',[]},ok}}],
 
 	 {?eh,tc_start,{ct_cth_prio_SUITE,end_per_suite}}] ++
 	GenPre(pre_end_per_suite,
-	       [[1100,100],[600,200],[600,600],[700],[800],[900],[1000],
-		[1200,1050],[1100],[1200]]) ++
+	       lists:reverse(
+		 [[1100,100],[600,200],[600,600],[700],[800],[900],[1000],
+		  [1200,1050],[1100],[1200]])) ++
 	GenPost(post_end_per_suite,
-		[[1100,100],[600,200],[600,600],[700],[800],[900],[1000],
-		[1200,1050],[1100],[1200]]) ++
+		lists:reverse(
+		  [[1100,100],[600,200],[600,600],[700],[800],[900],[1000],
+		   [1200,1050],[1100],[1200]])) ++
 	[{?eh,tc_done,{ct_cth_prio_SUITE,end_per_suite,ok}},
 	 {?eh,test_done,{'DEF','STOP_TIME'}},
 	 {?eh,stop_logging,[]}];
diff --git a/lib/common_test/test/ct_repeat_1_SUITE_data/repeat_1_SUITE.erl b/lib/common_test/test/ct_repeat_1_SUITE_data/repeat_1_SUITE.erl
index fb8d31edd4..4c5b880e39 100644
--- a/lib/common_test/test/ct_repeat_1_SUITE_data/repeat_1_SUITE.erl
+++ b/lib/common_test/test/ct_repeat_1_SUITE_data/repeat_1_SUITE.erl
@@ -1,11 +1,21 @@
-%%%-------------------------------------------------------------------
-%%% @author Peter Andersson <[email protected]>
-%%% @copyright (C) 2010, Peter Andersson
-%%% @doc
-%%%
-%%% @end
-%%% Created : 11 Aug 2010 by Peter Andersson <[email protected]>
-%%%-------------------------------------------------------------------
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
 -module(repeat_1_SUITE).
 
 -compile(export_all).
diff --git a/lib/common_test/test/ct_test_server_if_1_SUITE.erl b/lib/common_test/test/ct_test_server_if_1_SUITE.erl
index 4471915e69..efc0309781 100644
--- a/lib/common_test/test/ct_test_server_if_1_SUITE.erl
+++ b/lib/common_test/test/ct_test_server_if_1_SUITE.erl
@@ -228,39 +228,39 @@ test_events(ts_if_1) ->
 			{failed,{error,{suite0_failed,{exited,suite0_goes_boom}}}}}},
 
      {?eh,tc_start,{ct_framework,error_in_suite}},
-     {?eh,test_stats,{3,6,{3,7}}},
+     {?eh,test_stats,{3,5,{4,7}}},
 
      {?eh,tc_start,{ct_framework,error_in_suite}},
-     {?eh,test_stats,{3,7,{3,7}}},
+     {?eh,test_stats,{3,5,{5,7}}},
 
      {?eh,tc_start,{ts_if_5_SUITE,init_per_suite}},
      {?eh,tc_done,{ts_if_5_SUITE,init_per_suite,
 		   {skipped,{require_failed_in_suite0,{not_available,undef_variable}}}}},
      {?eh,tc_auto_skip,{ts_if_5_SUITE,my_test_case,
 			{require_failed_in_suite0,{not_available,undef_variable}}}},
-     {?eh,test_stats,{3,7,{3,8}}},
+     {?eh,test_stats,{3,5,{5,8}}},
      {?eh,tc_auto_skip,{ts_if_5_SUITE,end_per_suite,
 			{require_failed_in_suite0,{not_available,undef_variable}}}},
 
      {?eh,tc_start,{ts_if_6_SUITE,tc1}},
      {?eh,tc_done,{ts_if_6_SUITE,tc1,{failed,{error,{suite0_failed,{exited,suite0_byebye}}}}}},
-     {?eh,test_stats,{3,7,{4,8}}},
+     {?eh,test_stats,{3,5,{6,8}}},
 
      {?eh,tc_start,{ts_if_7_SUITE,tc1}},
      {?eh,tc_done,{ts_if_7_SUITE,tc1,ok}},
-     {?eh,test_stats,{4,7,{4,8}}},
+     {?eh,test_stats,{4,5,{6,8}}},
 
      {?eh,tc_start,{ts_if_8_SUITE,tc1}},
      {?eh,tc_done,{ts_if_8_SUITE,tc1,{failed,{error,failed_on_purpose}}}},
-     {?eh,test_stats,{4,8,{4,8}}},
+     {?eh,test_stats,{4,6,{6,8}}},
 
      {?eh,tc_user_skip,{skipped_by_spec_1_SUITE,all,"should be skipped"}},
-     {?eh,test_stats,{4,8,{5,8}}},
+     {?eh,test_stats,{4,6,{7,8}}},
 
      {?eh,tc_start,{skipped_by_spec_2_SUITE,init_per_suite}},
      {?eh,tc_done,{skipped_by_spec_2_SUITE,init_per_suite,ok}},
      {?eh,tc_user_skip,{skipped_by_spec_2_SUITE,tc1,"should be skipped"}},
-     {?eh,test_stats,{4,8,{6,8}}},
+     {?eh,test_stats,{4,6,{8,8}}},
      {?eh,tc_start,{skipped_by_spec_2_SUITE,end_per_suite}},
      {?eh,tc_done,{skipped_by_spec_2_SUITE,end_per_suite,ok}},
 
diff --git a/lib/common_test/test/ct_test_server_if_1_SUITE_data/test_server_if/test/ts_if_1_SUITE.erl b/lib/common_test/test/ct_test_server_if_1_SUITE_data/test_server_if/test/ts_if_1_SUITE.erl
index bda7d91161..06fa6ac638 100644
--- a/lib/common_test/test/ct_test_server_if_1_SUITE_data/test_server_if/test/ts_if_1_SUITE.erl
+++ b/lib/common_test/test/ct_test_server_if_1_SUITE_data/test_server_if/test/ts_if_1_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2009-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/common_test/vsn.mk b/lib/common_test/vsn.mk
index 4782a32933..2f43c1bc17 100644
--- a/lib/common_test/vsn.mk
+++ b/lib/common_test/vsn.mk
@@ -1,3 +1 @@
-COMMON_TEST_VSN = 1.5.5
-
-
+COMMON_TEST_VSN = 1.6
diff --git a/lib/compiler/doc/src/compile.xml b/lib/compiler/doc/src/compile.xml
index 522c1dc411..0f8abf1ccf 100644
--- a/lib/compiler/doc/src/compile.xml
+++ b/lib/compiler/doc/src/compile.xml
@@ -333,7 +333,7 @@ module.beam: module.erl \
           <tag><c>{d,Macro,Value}</c></tag>
           <item>
             <p>Defines a macro <c>Macro</c> to have the value
-	      <c>Value</c>. The default is <c>true</c>).</p>
+	      <c>Value</c>. The default is <c>true</c>.</p>
           </item>
 
 	  <tag><c>{parse_transform,Module}</c></tag>
diff --git a/lib/compiler/doc/src/notes.xml b/lib/compiler/doc/src/notes.xml
index 740cbcf8eb..3f53a71764 100644
--- a/lib/compiler/doc/src/notes.xml
+++ b/lib/compiler/doc/src/notes.xml
@@ -31,6 +31,105 @@
   <p>This document describes the changes made to the Compiler
     application.</p>
 
+<section><title>Compiler 4.8</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Add '-callback' attributes in stdlib's behaviours</p>
+          <p>
+	    Replace the behaviour_info(callbacks) export in stdlib's
+	    behaviours with -callback' attributes for all the
+	    callbacks. Update the documentation with information on
+	    the callback attribute Automatically generate
+	    'behaviour_info' function from '-callback' attributes</p>
+          <p>
+	    'behaviour_info(callbacks)' is a special function that is
+	    defined in a module which describes a behaviour and
+	    returns a list of its callbacks.</p>
+          <p>
+	    This function is now automatically generated using the
+	    '-callback' specs. An error is returned by lint if user
+	    defines both '-callback' attributes and the
+	    behaviour_info/1 function. If no type info is needed for
+	    a callback use a generic spec for it. Add '-callback'
+	    attribute to language syntax</p>
+          <p>
+	    Behaviours may define specs for their callbacks using the
+	    familiar spec syntax, replacing the '-spec' keyword with
+	    '-callback'. Simple lint checks are performed to ensure
+	    that no callbacks are defined twice and all types
+	    referred are declared.</p>
+          <p>
+	    These attributes can be then used by tools to provide
+	    documentation to the behaviour or find discrepancies in
+	    the callback definitions in the callback module.</p>
+          <p>
+	    Add callback specs into 'application' module in kernel
+	    Add callback specs to tftp module following internet
+	    documentation Add callback specs to inets_service module
+	    following possibly deprecated comments</p>
+          <p>
+	    Own Id: OTP-9621</p>
+        </item>
+        <item>
+          <p>
+	    The calculation of the 'uniq' value for a fun (see
+	    <c>erlang:fun_info/1</c>) was too weak and has been
+	    strengthened. It used to be based on the only the code
+	    for the fun body, but it is now based on the MD5 of the
+	    BEAM code for the module.</p>
+          <p>
+	    Own Id: OTP-9667</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Variables are now now allowed in '<c>fun M:F/A</c>' as
+	    suggested by Richard O'Keefe in EEP-23.</p>
+	    <p>The representation of '<c>fun M:F/A</c>' in the
+	    abstract format has been changed in an incompatible way.
+	    Tools that directly read or manipulate the abstract
+	    format (such as parse transforms) may need to be updated.
+	    The compiler can handle both the new and the old format
+	    (i.e. extracting the abstract format from a pre-R15 BEAM
+	    file and compiling it using compile:forms/1,2 will work).
+	    The <c>syntax_tools</c> application can also handle both
+	    formats.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9643</p>
+        </item>
+        <item>
+          <p>
+	    <c>filename:find_src/1,2</c> will now work on stripped
+	    BEAM files (reported by Per Hedeland). The HiPE compiler
+	    will also work on stripped BEAM files. The BEAM compiler
+	    will no longer include compilation options given in the
+	    source code itself in <c>M:module_info(compile)</c>
+	    (because those options will be applied anyway if the
+	    module is re-compiled).</p>
+          <p>
+	    Own Id: OTP-9752</p>
+        </item>
+        <item>
+	    <p>Inlining binary matching could cause an internal
+	    compiler error. (Thanks to Rene Kijewski for reporting
+	    this bug.)</p>
+          <p>
+	    Own Id: OTP-9770</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Compiler 4.7.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/compiler/src/Makefile b/lib/compiler/src/Makefile
index 1238d113e1..3415517fff 100644
--- a/lib/compiler/src/Makefile
+++ b/lib/compiler/src/Makefile
@@ -53,12 +53,14 @@ MODULES =  \
 	beam_dead \
 	beam_dict \
 	beam_disasm \
+	beam_except \
 	beam_flatten \
 	beam_jump \
 	beam_listing \
 	beam_opcodes \
 	beam_peep \
 	beam_receive \
+	beam_split \
 	beam_trim \
 	beam_type \
 	beam_utils \
diff --git a/lib/compiler/src/beam_asm.erl b/lib/compiler/src/beam_asm.erl
index 4a9c12dfea..a7c8508321 100644
--- a/lib/compiler/src/beam_asm.erl
+++ b/lib/compiler/src/beam_asm.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/compiler/src/beam_block.erl b/lib/compiler/src/beam_block.erl
index 432d1e7eea..cd568097fa 100644
--- a/lib/compiler/src/beam_block.erl
+++ b/lib/compiler/src/beam_block.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/compiler/src/beam_dead.erl b/lib/compiler/src/beam_dead.erl
index 9f81a6ab43..5f12a98f09 100644
--- a/lib/compiler/src/beam_dead.erl
+++ b/lib/compiler/src/beam_dead.erl
@@ -131,10 +131,9 @@
 -import(lists, [mapfoldl/3,reverse/1]).
 
 module({Mod,Exp,Attr,Fs0,_}, _Opts) ->
-    Fs1 = [split_blocks(F) || F <- Fs0],
-    {Fs2,Lc1} = beam_clean:clean_labels(Fs1),
-    {Fs,Lc} = mapfoldl(fun function/2, Lc1, Fs2),
-    %%{Fs,Lc} = {Fs2,Lc1},
+    {Fs1,Lc1} = beam_clean:clean_labels(Fs0),
+    {Fs,Lc} = mapfoldl(fun function/2, Lc1, Fs1),
+    %%{Fs,Lc} = {Fs1,Lc1},
     {ok,{Mod,Exp,Attr,Fs,Lc}}.
 
 function({function,Name,Arity,CLabel,Is0}, Lc0) ->
@@ -160,64 +159,6 @@ function({function,Name,Arity,CLabel,Is0}, Lc0) ->
 	    erlang:raise(Class, Error, Stack)
     end.
 
-%% We must split the basic block when we encounter instructions with labels,
-%% such as catches and BIFs. All labels must be visible outside the blocks.
-
-split_blocks({function,Name,Arity,CLabel,Is0}) ->
-    Is = split_blocks(Is0, []),
-    {function,Name,Arity,CLabel,Is}.
-
-split_blocks([{block,Bl}|Is], Acc0) ->
-    Acc = split_block(Bl, [], Acc0),
-    split_blocks(Is, Acc);
-split_blocks([I|Is], Acc) ->
-    split_blocks(Is, [I|Acc]);
-split_blocks([], Acc) -> reverse(Acc).
-
-split_block([{set,[R],[_,_,_]=As,{bif,is_record,{f,Lbl}}}|Is], Bl, Acc) ->
-    %% is_record/3 must be translated by beam_clean; therefore,
-    %% it must be outside of any block.
-    split_block(Is, [], [{bif,is_record,{f,Lbl},As,R}|make_block(Bl, Acc)]);
-split_block([{set,[R],As,{bif,N,{f,Lbl}=Fail}}|Is], Bl, Acc) when Lbl =/= 0 ->
-    split_block(Is, [], [{bif,N,Fail,As,R}|make_block(Bl, Acc)]);
-split_block([{set,[R],As,{alloc,Live,{gc_bif,N,{f,Lbl}=Fail}}}|Is], Bl, Acc)
-  when Lbl =/= 0 ->
-    split_block(Is, [], [{gc_bif,N,Fail,Live,As,R}|make_block(Bl, Acc)]);
-split_block([{set,[R],[],{'catch',L}}|Is], Bl, Acc) ->
-    split_block(Is, [], [{'catch',R,L}|make_block(Bl, Acc)]);
-split_block([{set,[],[],{line,_}=Line}|Is], Bl, Acc) ->
-    split_block(Is, [], [Line|make_block(Bl, Acc)]);
-split_block([I|Is], Bl, Acc) ->
-    split_block(Is, [I|Bl], Acc);
-split_block([], Bl, Acc) -> make_block(Bl, Acc).
-
-make_block([], Acc) -> Acc;
-make_block([{set,[D],Ss,{bif,Op,Fail}}|Bl]=Bl0, Acc) ->
-    %% If the last instruction in the block is a comparison or boolean operator
-    %% (such as '=:='), move it out of the block to facilitate further
-    %% optimizations.
-    Arity = length(Ss),
-    case erl_internal:comp_op(Op, Arity) orelse
-	erl_internal:new_type_test(Op, Arity) orelse
-	erl_internal:bool_op(Op, Arity) of
-	false ->
-	    [{block,reverse(Bl0)}|Acc];
-	true ->
-	    I = {bif,Op,Fail,Ss,D},
-	    case Bl =:= [] of
-		true -> [I|Acc];
-		false -> [I,{block,reverse(Bl)}|Acc]
-	    end
-    end;
-make_block([{set,[Dst],[Src],move}|Bl], Acc) ->
-    %% Make optimization of {move,Src,Dst}, {jump,...} possible.
-    I = {move,Src,Dst},
-    case Bl =:= [] of
-	true -> [I|Acc];
-	false -> [I,{block,reverse(Bl)}|Acc]
-    end;
-make_block(Bl, Acc) -> [{block,reverse(Bl)}|Acc].
-
 %% 'move' instructions outside of blocks may thwart the jump optimizer.
 %% Move them back into the block.
 
diff --git a/lib/compiler/src/beam_disasm.erl b/lib/compiler/src/beam_disasm.erl
index 7103d2390f..62bdc74cc8 100644
--- a/lib/compiler/src/beam_disasm.erl
+++ b/lib/compiler/src/beam_disasm.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2000-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2000-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -182,10 +182,14 @@ process_chunks(F) ->
 	    Literals = beam_disasm_literals(LiteralBin),
 	    Code = beam_disasm_code(CodeBin, Atoms, mk_imports(ImportsList),
 				    StrBin, Lambdas, Literals, Module),
-	    Attributes = optional_chunk(F, attributes),
+	    Attributes =
+		case optional_chunk(F, attributes) of
+		    none -> [];
+		    Atts when is_list(Atts) -> Atts
+		end,
 	    CompInfo = 
 		case optional_chunk(F, "CInf") of
-		    none -> none;
+		    none -> [];
 		    CompInfoBin when is_binary(CompInfoBin) ->
 			binary_to_term(CompInfoBin)
 		end,
@@ -198,7 +202,7 @@ process_chunks(F) ->
     end.
 
 %%-----------------------------------------------------------------------
-%% Retrieve an optional chunk or none if the chunk doesn't exist.
+%% Retrieve an optional chunk or return 'none' if the chunk doesn't exist.
 %%-----------------------------------------------------------------------
 
 optional_chunk(F, ChunkTag) ->
diff --git a/lib/compiler/src/beam_except.erl b/lib/compiler/src/beam_except.erl
new file mode 100644
index 0000000000..fb1a43cd9e
--- /dev/null
+++ b/lib/compiler/src/beam_except.erl
@@ -0,0 +1,149 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(beam_except).
+-export([module/2]).
+
+%%% Rewrite certain calls to erlang:error/{1,2} to specialized
+%%% instructions:
+%%%
+%%% erlang:error({badmatch,Value})       => badmatch Value
+%%% erlang:error({case_clause,Value})    => case_end Value
+%%% erlang:error({try_clause,Value})     => try_case_end Value
+%%% erlang:error(if_clause)              => if_end
+%%% erlang:error(function_clause, Args)  => jump FuncInfoLabel
+%%%
+
+-import(lists, [reverse/1]).
+
+module({Mod,Exp,Attr,Fs0,Lc}, _Opt) ->
+    Fs = [function(F) || F <- Fs0],
+    {ok,{Mod,Exp,Attr,Fs,Lc}}.
+
+function({function,Name,Arity,CLabel,Is0}) ->
+    try
+	Is = function_1(Is0),
+	{function,Name,Arity,CLabel,Is}
+    catch
+	Class:Error ->
+	    Stack = erlang:get_stacktrace(),
+	    io:fwrite("Function: ~w/~w\n", [Name,Arity]),
+	    erlang:raise(Class, Error, Stack)
+    end.
+
+-record(st,
+	{lbl,					%func_info label
+	 loc					%location for func_info
+	 }).
+
+function_1(Is0) ->
+    case Is0 of
+	[{label,Lbl},{line,Loc}|_] ->
+	    St = #st{lbl=Lbl,loc=Loc},
+	    translate(Is0, St, []);
+	[{label,_}|_] ->
+	    %% No line numbers. The source must be a .S file.
+	    %% There is no need to do anything.
+	    Is0
+    end.
+
+translate([{call_ext,Ar,{extfunc,erlang,error,Ar}}=I|Is], St, Acc) ->
+    translate_1(Ar, I, Is, St, Acc);
+translate([{call_ext_only,Ar,{extfunc,erlang,error,Ar}}=I|Is], St, Acc) ->
+    translate_1(Ar, I, Is, St, Acc);
+translate([{call_ext_last,Ar,{extfunc,erlang,error,Ar},_}=I|Is], St, Acc) ->
+    translate_1(Ar, I, Is, St, Acc);
+translate([I|Is], St, Acc) ->
+    translate(Is, St, [I|Acc]);
+translate([], _, Acc) ->
+    reverse(Acc).
+
+translate_1(Ar, I, Is, St, [{line,_}=Line|Acc1]=Acc0) ->
+    case dig_out(Ar, Acc1) of
+	no ->
+	    translate(Is, St, [I|Acc0]);
+	{yes,function_clause,Acc2} ->
+	    case {Line,St} of
+		{{line,Loc},#st{lbl=Fi,loc=Loc}} ->
+		    Instr = {jump,{f,Fi}},
+		    translate(Is, St, [Instr|Acc2]);
+		{_,_} ->
+		    %% This must be "error(function_clause, Args)" in
+		    %% the Erlang source code. Don't translate.
+		    translate(Is, St, [I|Acc0])
+	    end;
+	{yes,Instr,Acc2} ->
+	    translate(Is, St, [Instr,Line|Acc2])
+    end.
+
+dig_out(Ar, [{kill,_}|Is]) ->
+    dig_out(Ar, Is);
+dig_out(1, [{block,Bl0}|Is]) ->
+    case dig_out_block(reverse(Bl0)) of
+	no -> no;
+	{yes,What,[]} ->
+	    {yes,What,Is};
+	{yes,What,Bl} ->
+	    {yes,What,[{block,Bl}|Is]}
+    end;
+dig_out(2, [{block,Bl}|Is]) ->
+    case dig_out_block_fc(Bl) of
+	no -> no;
+	{yes,What} -> {yes,What,Is}
+    end;
+dig_out(_, _) -> no.
+
+dig_out_block([{set,[{x,0}],[{atom,if_clause}],move}]) ->
+    {yes,if_end,[]};
+dig_out_block([{set,[{x,0}],[{literal,{Exc,Value}}],move}|Is]) ->
+    translate_exception(Exc, {literal,Value}, Is, 0);
+dig_out_block([{set,[{x,0}],[Tuple],move},
+	       {set,[],[Value],put},
+	       {set,[],[{atom,Exc}],put},
+	       {set,[Tuple],[],{put_tuple,2}}|Is]) ->
+    translate_exception(Exc, Value, Is, 3);
+dig_out_block([{set,[],[Value],put},
+	       {set,[],[{atom,Exc}],put},
+	       {set,[{x,0}],[],{put_tuple,2}}|Is]) ->
+    translate_exception(Exc, Value, Is, 3);
+dig_out_block(_) -> no.
+
+translate_exception(badmatch, Val, Is, Words) ->
+    {yes,{badmatch,Val},fix_block(Is, Words)};
+translate_exception(case_clause, Val, Is, Words) ->
+    {yes,{case_end,Val},fix_block(Is, Words)};
+translate_exception(try_clause, Val, Is, Words) ->
+    {yes,{try_case_end,Val},fix_block(Is, Words)};
+translate_exception(_, _, _, _) -> no.
+
+fix_block(Is, 0) ->
+    reverse(Is);
+fix_block(Is0, Words) ->
+    [{set,[],[],{alloc,Live,{F1,F2,Needed,F3}}}|Is] = reverse(Is0),
+    [{set,[],[],{alloc,Live,{F1,F2,Needed-Words,F3}}}|Is].
+
+dig_out_block_fc([{set,[],[],{alloc,Live,_}}|Bl]) ->
+    dig_out_fc(Bl, Live-1, nil);
+dig_out_block_fc(_) -> no.
+
+dig_out_fc([{set,[Dst],[{x,Reg},Dst0],put_list}|Is], Reg, Dst0) ->
+    dig_out_fc(Is, Reg-1, Dst);
+dig_out_fc([{set,[{x,0}],[{atom,function_clause}],move}], -1, {x,1}) ->
+    {yes,function_clause};
+dig_out_fc(_, _, _) -> no.
diff --git a/lib/compiler/src/beam_jump.erl b/lib/compiler/src/beam_jump.erl
index 537f8ca81b..db67d24514 100644
--- a/lib/compiler/src/beam_jump.erl
+++ b/lib/compiler/src/beam_jump.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/compiler/src/beam_listing.erl b/lib/compiler/src/beam_listing.erl
index 2941f6135c..50d1f3cdb1 100644
--- a/lib/compiler/src/beam_listing.erl
+++ b/lib/compiler/src/beam_listing.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/compiler/src/beam_receive.erl b/lib/compiler/src/beam_receive.erl
index c483d85a97..bd1f44f66b 100644
--- a/lib/compiler/src/beam_receive.erl
+++ b/lib/compiler/src/beam_receive.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/compiler/src/beam_split.erl b/lib/compiler/src/beam_split.erl
new file mode 100644
index 0000000000..cacaaebffe
--- /dev/null
+++ b/lib/compiler/src/beam_split.erl
@@ -0,0 +1,85 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(beam_split).
+-export([module/2]).
+
+-import(lists, [reverse/1]).
+
+module({Mod,Exp,Attr,Fs0,Lc}, _Opts) ->
+    Fs = [split_blocks(F) || F <- Fs0],
+    {ok,{Mod,Exp,Attr,Fs,Lc}}.
+
+%% We must split the basic block when we encounter instructions with labels,
+%% such as catches and BIFs. All labels must be visible outside the blocks.
+
+split_blocks({function,Name,Arity,CLabel,Is0}) ->
+    Is = split_blocks(Is0, []),
+    {function,Name,Arity,CLabel,Is}.
+
+split_blocks([{block,Bl}|Is], Acc0) ->
+    Acc = split_block(Bl, [], Acc0),
+    split_blocks(Is, Acc);
+split_blocks([I|Is], Acc) ->
+    split_blocks(Is, [I|Acc]);
+split_blocks([], Acc) -> reverse(Acc).
+
+split_block([{set,[R],[_,_,_]=As,{bif,is_record,{f,Lbl}}}|Is], Bl, Acc) ->
+    %% is_record/3 must be translated by beam_clean; therefore,
+    %% it must be outside of any block.
+    split_block(Is, [], [{bif,is_record,{f,Lbl},As,R}|make_block(Bl, Acc)]);
+split_block([{set,[R],As,{bif,N,{f,Lbl}=Fail}}|Is], Bl, Acc) when Lbl =/= 0 ->
+    split_block(Is, [], [{bif,N,Fail,As,R}|make_block(Bl, Acc)]);
+split_block([{set,[R],As,{alloc,Live,{gc_bif,N,{f,Lbl}=Fail}}}|Is], Bl, Acc)
+  when Lbl =/= 0 ->
+    split_block(Is, [], [{gc_bif,N,Fail,Live,As,R}|make_block(Bl, Acc)]);
+split_block([{set,[R],[],{'catch',L}}|Is], Bl, Acc) ->
+    split_block(Is, [], [{'catch',R,L}|make_block(Bl, Acc)]);
+split_block([{set,[],[],{line,_}=Line}|Is], Bl, Acc) ->
+    split_block(Is, [], [Line|make_block(Bl, Acc)]);
+split_block([I|Is], Bl, Acc) ->
+    split_block(Is, [I|Bl], Acc);
+split_block([], Bl, Acc) -> make_block(Bl, Acc).
+
+make_block([], Acc) -> Acc;
+make_block([{set,[D],Ss,{bif,Op,Fail}}|Bl]=Bl0, Acc) ->
+    %% If the last instruction in the block is a comparison or boolean operator
+    %% (such as '=:='), move it out of the block to facilitate further
+    %% optimizations.
+    Arity = length(Ss),
+    case erl_internal:comp_op(Op, Arity) orelse
+	erl_internal:new_type_test(Op, Arity) orelse
+	erl_internal:bool_op(Op, Arity) of
+	false ->
+	    [{block,reverse(Bl0)}|Acc];
+	true ->
+	    I = {bif,Op,Fail,Ss,D},
+	    case Bl =:= [] of
+		true -> [I|Acc];
+		false -> [I,{block,reverse(Bl)}|Acc]
+	    end
+    end;
+make_block([{set,[Dst],[Src],move}|Bl], Acc) ->
+    %% Make optimization of {move,Src,Dst}, {jump,...} possible.
+    I = {move,Src,Dst},
+    case Bl =:= [] of
+	true -> [I|Acc];
+	false -> [I,{block,reverse(Bl)}|Acc]
+    end;
+make_block(Bl, Acc) -> [{block,reverse(Bl)}|Acc].
diff --git a/lib/compiler/src/beam_trim.erl b/lib/compiler/src/beam_trim.erl
index 25e6ffbb73..5f4fa3b1f8 100644
--- a/lib/compiler/src/beam_trim.erl
+++ b/lib/compiler/src/beam_trim.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2007-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/compiler/src/beam_type.erl b/lib/compiler/src/beam_type.erl
index 0c51251f1b..6f0ffb5b25 100644
--- a/lib/compiler/src/beam_type.erl
+++ b/lib/compiler/src/beam_type.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/compiler/src/beam_utils.erl b/lib/compiler/src/beam_utils.erl
index f281ad5eac..116ede0bc9 100644
--- a/lib/compiler/src/beam_utils.erl
+++ b/lib/compiler/src/beam_utils.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -474,8 +474,15 @@ check_liveness(R, [{make_fun2,_,_,_,NumFree}|Is], St) ->
     end;
 check_liveness(R, [{try_end,Y}|Is], St) ->
     case R of
-	Y -> {killed,St};
-	_ -> check_liveness(R, Is, St)
+	Y ->
+	    {killed,St};
+	{y,_} ->
+	    %% y registers will be used if an exception occurs and
+	    %% control transfers to the label given in the previous
+	    %% try/2 instruction.
+	    {used,St};
+	_ ->
+	    check_liveness(R, Is, St)
     end;
 check_liveness(R, [{catch_end,Y}|Is], St) ->
     case R of
diff --git a/lib/compiler/src/beam_validator.erl b/lib/compiler/src/beam_validator.erl
index fe3b1680d9..a52e7bb761 100644
--- a/lib/compiler/src/beam_validator.erl
+++ b/lib/compiler/src/beam_validator.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -670,10 +670,20 @@ valfun_4({get_tuple_element,Src,I,Dst}, Vst) ->
 valfun_4({test,bs_start_match2,{f,Fail},Live,[Ctx,NeedSlots],Ctx}, Vst0) ->
     %% If source and destination registers are the same, match state
     %% is OK as input.
-    _ = get_move_term_type(Ctx, Vst0),
+    CtxType = get_move_term_type(Ctx, Vst0),
     verify_live(Live, Vst0),
     Vst1 = prune_x_regs(Live, Vst0),
-    Vst = branch_state(Fail, Vst1),
+    BranchVst = case CtxType of
+		    {match_context,_,_} ->
+			%% The failure branch will never be taken when Ctx
+			%% is a match context. Therefore, the type for Ctx
+			%% at the failure label must not be match_context
+			%% (or we could reject legal code).
+			set_type_reg(term, Ctx, Vst1);
+		    _ ->
+			Vst1
+		end,
+    Vst = branch_state(Fail, BranchVst),
     set_type_reg(bsm_match_state(NeedSlots), Ctx, Vst);
 valfun_4({test,bs_start_match2,{f,Fail},Live,[Src,Slots],Dst}, Vst0) ->
     assert_term(Src, Vst0),
diff --git a/lib/compiler/src/cerl_inline.erl b/lib/compiler/src/cerl_inline.erl
index c15103999f..589685d72d 100644
--- a/lib/compiler/src/cerl_inline.erl
+++ b/lib/compiler/src/cerl_inline.erl
@@ -1262,8 +1262,9 @@ i_receive_1(E, Cs, T, B, S) ->
 i_module(E, Ctxt, Ren, Env, S) ->
     %% Cf. `i_letrec'. Note that we pass a dummy constant value for the
     %% "body" parameter.
+    Exps = i_module_exports(E),
     {Es, _, Xs1, S1} = i_letrec(module_defs(E), void(),
-                                module_exports(E), Ctxt, Ren, Env, S),
+                                Exps, Ctxt, Ren, Env, S),
     %% Sanity check:
     case Es of
         [] ->
@@ -1276,6 +1277,27 @@ i_module(E, Ctxt, Ren, Env, S) ->
     E1 = update_c_module(E, module_name(E), Xs1, module_attrs(E), Es),
     {E1, count_size(weight(module), S1)}.
 
+i_module_exports(E) ->
+    %% If a function is named in an `on_load' attribute, we will
+    %% pretend that it is exported to ensure that it will not be removed.
+    Exps = module_exports(E),
+    Attrs = module_attrs(E),
+    case i_module_on_load(Attrs) of
+	none ->
+	    Exps;
+	[{_,_}=FA] ->
+	    ordsets:add_element(c_var(FA), Exps)
+    end.
+
+i_module_on_load([{Key,Val}|T]) ->    
+    case concrete(Key) of
+	on_load ->
+	    concrete(Val);
+	_ ->
+	    i_module_on_load(T)
+    end;
+i_module_on_load([]) -> none.
+
 %% Binary-syntax expressions are too complicated to do anything
 %% interesting with here - that is beyond the scope of this program;
 %% also, their construction could have side effects, so even in effect
diff --git a/lib/compiler/src/compile.erl b/lib/compiler/src/compile.erl
index bfa7c6cedd..9b505ad15c 100644
--- a/lib/compiler/src/compile.erl
+++ b/lib/compiler/src/compile.erl
@@ -175,6 +175,8 @@ expand_opt(r12, Os) ->
     [no_recv_opt,no_line_info|Os];
 expand_opt(r13, Os) ->
     [no_recv_opt,no_line_info|Os];
+expand_opt(r14, Os) ->
+    [no_line_info|Os];
 expand_opt({debug_info_key,_}=O, Os) ->
     [encrypt_debug_info,O|Os];
 expand_opt(no_float_opt, Os) ->
@@ -235,7 +237,8 @@ format_error({module_name,Mod,Filename}) ->
 		  code=[],
 		  core_code=[],
 		  abstract_code=[],		%Abstract code for debugger.
-		  options=[]  :: [option()],
+		  options=[]  :: [option()],	%Options for compilation
+		  mod_options=[]  :: [option()], %Options for module_info
 		  errors=[],
 		  warnings=[]}).
 
@@ -246,10 +249,11 @@ internal(Master, Input, Opts) ->
 
 internal({forms,Forms}, Opts) ->
     {_,Ps} = passes(forms, Opts),
-    internal_comp(Ps, "", "", #compile{code=Forms,options=Opts});
+    internal_comp(Ps, "", "", #compile{code=Forms,options=Opts,
+				       mod_options=Opts});
 internal({file,File}, Opts) ->
     {Ext,Ps} = passes(file, Opts),
-    Compile = #compile{options=Opts},
+    Compile = #compile{options=Opts,mod_options=Opts},
     internal_comp(Ps, File, Ext, Compile).
 
 internal_comp(Passes, File, Suffix, St0) ->
@@ -625,11 +629,15 @@ asm_passes() ->
       [{unless,no_postopt,
 	[{pass,beam_block},
 	 {iff,dblk,{listing,"block"}},
+	 {unless,no_except,{pass,beam_except}},
+	 {iff,dexcept,{listing,"except"}},
 	 {unless,no_bopt,{pass,beam_bool}},
 	 {iff,dbool,{listing,"bool"}},
 	 {unless,no_topt,{pass,beam_type}},
 	 {iff,dtype,{listing,"type"}},
-	 {pass,beam_dead},	      %Must always run since it splits blocks.
+	 {pass,beam_split},
+	 {iff,dsplit,{listing,"split"}},
+	 {unless,no_dead,{pass,beam_dead}},
 	 {iff,ddead,{listing,"dead"}},
 	 {unless,no_jopt,{pass,beam_jump}},
 	 {iff,djmp,{listing,"jump"}},
@@ -1228,12 +1236,13 @@ beam_unused_labels(#compile{code=Code0}=St) ->
     Code = beam_jump:module_labels(Code0),
     {ok,St#compile{code=Code}}.
 
-beam_asm(#compile{ifile=File,code=Code0,abstract_code=Abst,options=Opts0}=St) ->
+beam_asm(#compile{ifile=File,code=Code0,
+		  abstract_code=Abst,mod_options=Opts0}=St) ->
     Source = filename:absname(File),
     Opts1 = lists:map(fun({debug_info_key,_}) -> {debug_info_key,'********'};
 			 (Other) -> Other
 		      end, Opts0),
-    Opts2 = [O || O <- Opts1, is_informative_option(O)],
+    Opts2 = [O || O <- Opts1, effects_code_generation(O)],
     case beam_asm:module(Code0, Abst, Source, Opts2) of
 	{ok,Code} -> {ok,St#compile{code=Code,abstract_code=[]}}
     end.
@@ -1303,15 +1312,23 @@ embed_native_code(St, {Architecture,NativeCode}) ->
     {ok, BeamPlusNative} = beam_lib:build_module(Chunks),
     St#compile{code=BeamPlusNative}.
 
-%% Returns true if the option is informative and therefore should be included
-%% in the option list of the compiled module.
-
-is_informative_option(beam) -> false;
-is_informative_option(report_warnings) -> false;
-is_informative_option(report_errors) -> false;
-is_informative_option(binary) -> false;
-is_informative_option(verbose) -> false;
-is_informative_option(_) -> true.
+%% effects_code_generation(Option) -> true|false.
+%%  Determine whether the option could have any effect on the
+%%  generated code in the BEAM file (as opposed to how
+%%  errors will be reported).
+
+effects_code_generation(Option) ->
+    case Option of 
+	beam -> false;
+	report_warnings -> false;
+	report_errors -> false;
+	return_errors-> false;
+	return_warnings-> false;
+	binary -> false;
+	verbose -> false;
+	{cwd,_} -> false;
+	_ -> true
+    end.
 
 save_binary(#compile{code=none}=St) -> {ok,St};
 save_binary(#compile{module=Mod,ofile=Outfile,
diff --git a/lib/compiler/src/compiler.app.src b/lib/compiler/src/compiler.app.src
index 4ac879c9a4..1133882728 100644
--- a/lib/compiler/src/compiler.app.src
+++ b/lib/compiler/src/compiler.app.src
@@ -1,7 +1,7 @@
 % This is an -*- erlang -*- file.
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -28,12 +28,14 @@
 	     beam_dead,
 	     beam_dict,
 	     beam_disasm,
+	     beam_except,
 	     beam_flatten,
 	     beam_jump,
 	     beam_listing,
 	     beam_opcodes,
 	     beam_peep,
 	     beam_receive,
+	     beam_split,
 	     beam_trim,
 	     beam_type,
 	     beam_utils,
diff --git a/lib/compiler/src/erl_bifs.erl b/lib/compiler/src/erl_bifs.erl
index 2514c06360..9ad2378d00 100644
--- a/lib/compiler/src/erl_bifs.erl
+++ b/lib/compiler/src/erl_bifs.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -136,6 +136,7 @@ is_pure(math, sinh, 1) -> true;
 is_pure(math, sqrt, 1) -> true;
 is_pure(math, tan, 1) -> true;
 is_pure(math, tanh, 1) -> true;
+is_pure(math, pi, 0) -> true;
 is_pure(_, _, _) -> false.
 
 
diff --git a/lib/compiler/src/genop.tab b/lib/compiler/src/genop.tab
index 39c1e8297f..75ac91907a 100644
--- a/lib/compiler/src/genop.tab
+++ b/lib/compiler/src/genop.tab
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1998-2010. All Rights Reserved.
+# Copyright Ericsson AB 1998-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/compiler/src/sys_core_fold.erl b/lib/compiler/src/sys_core_fold.erl
index 6ea67741fa..5b155398dc 100644
--- a/lib/compiler/src/sys_core_fold.erl
+++ b/lib/compiler/src/sys_core_fold.erl
@@ -2641,9 +2641,9 @@ bsm_leftmost_2([_|Ps], Cs, N, Pos) ->
 bsm_leftmost_2([], Cs, _, Pos) ->
     bsm_leftmost_1(Cs, Pos).
 
-%% bsm_notempty(Cs, Pos) -> true|false
+%% bsm_nonempty(Cs, Pos) -> true|false
 %%  Check if at least one of the clauses matches a non-empty
-%%  binary in the given argumet position.
+%%  binary in the given argument position.
 %%
 bsm_nonempty([#c_clause{pats=Ps}|Cs], Pos) ->
     case nth(Pos, Ps) of
@@ -2704,7 +2704,7 @@ bsm_ensure_no_partition_2([P|_], 1, _, Vstate, State) ->
 	    %%
 	    %% But if the clauses can't be freely rearranged, as in
 	    %%
-	    %% b(Var, <<>>) -> ...
+	    %% b(Var, <<X>>) -> ...
 	    %% b(1, 2) -> ...
 	    %%
 	    %% we do have a problem.
diff --git a/lib/compiler/src/sys_expand_pmod.erl b/lib/compiler/src/sys_expand_pmod.erl
index 4fee26f2a6..da644b4f0b 100644
--- a/lib/compiler/src/sys_expand_pmod.erl
+++ b/lib/compiler/src/sys_expand_pmod.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -317,6 +317,8 @@ expr({'try',Line,Es0,Scs0,Ccs0,As0},St) ->
     Ccs1 = icr_clauses(Ccs0,St),
     As1 = exprs(As0,St),
     {'try',Line,Es1,Scs1,Ccs1,As1};
+expr({'fun',_,{function,_,_,_}}=ExtFun,_St) ->
+    ExtFun;
 expr({'fun',Line,Body,Info},St) ->
     case Body of
 	{clauses,Cs0} ->
diff --git a/lib/compiler/src/v3_codegen.erl b/lib/compiler/src/v3_codegen.erl
index e7dae67085..6623485609 100644
--- a/lib/compiler/src/v3_codegen.erl
+++ b/lib/compiler/src/v3_codegen.erl
@@ -53,7 +53,6 @@
 
 %% Main codegen structure.
 -record(cg, {lcount=1,				%Label counter
-	     finfo,				%Function info label
 	     bfail,				%Fail label for BIFs
 	     break,				%Break label
 	     recv,				%Receive label
@@ -126,7 +125,6 @@ cg_fun(Les, Hvs, Vdb, AtomMod, NameArity, Anno, St0) ->
 			 stk=[]}, 0, Vdb),
     {B,_Aft,St} = cg_list(Les, 0, Vdb, Bef,
 			  St3#cg{bfail=0,
-				 finfo=Fi,
 				 ultimate_failure=UltimateMatchFail,
 				 is_top_block=true}),
     {Name,Arity} = NameArity,
@@ -147,8 +145,6 @@ cg({match,M,Rs}, Le, Vdb, Bef, St) ->
     match_cg(M, Rs, Le, Vdb, Bef, St);
 cg({guard_match,M,Rs}, Le, Vdb, Bef, St) ->
     guard_match_cg(M, Rs, Le, Vdb, Bef, St);
-cg({match_fail,F}, Le, Vdb, Bef, St) ->
-    match_fail_cg(F, Le, Vdb, Bef, St);
 cg({call,Func,As,Rs}, Le, Vdb, Bef, St) ->
     call_cg(Func, As, Rs, Le, Vdb, Bef, St);
 cg({enter,Func,As}, Le, Vdb, Bef, St) ->
@@ -294,39 +290,6 @@ match_cg({block,Es}, Le, _Fail, Bef, St) ->
     Int = clear_dead(Bef, Le#l.i, Le#l.vdb),
     block_cg(Es, Le, Int, St).
 
-%% match_fail_cg(FailReason, Le, Vdb, StackReg, State) ->
-%%	{[Ainstr],StackReg,State}.
-%%  Generate code for the match_fail "call".  N.B. there is no generic
-%%  case for when the fail value has been created elsewhere.
-
-match_fail_cg({function_clause,As}, Le, Vdb, Bef, St) ->
-    %% Must have the args in {x,0}, {x,1},...
-    {Sis,Int} = cg_setup_call(As, Bef, Le#l.i, Vdb),
-    {Sis ++ [{jump,{f,St#cg.finfo}}],
-     Int#sr{reg=clear_regs(Int#sr.reg)},St};
-match_fail_cg({badmatch,Term}, Le, Vdb, Bef, St) ->
-    R = cg_reg_arg(Term, Bef),
-    Int0 = clear_dead(Bef, Le#l.i, Vdb),
-    {Sis,Int} = adjust_stack(Int0, Le#l.i, Le#l.i+1, Vdb),
-    {Sis ++ [line(Le),{badmatch,R}],
-     Int#sr{reg=clear_regs(Int0#sr.reg)},St};
-match_fail_cg({case_clause,Reason}, Le, Vdb, Bef, St) ->
-    R = cg_reg_arg(Reason, Bef),
-    Int0 = clear_dead(Bef, Le#l.i, Vdb),
-    {Sis,Int} = adjust_stack(Int0, Le#l.i, Le#l.i+1, Vdb),
-    {Sis++[line(Le),{case_end,R}],
-     Int#sr{reg=clear_regs(Bef#sr.reg)},St};
-match_fail_cg(if_clause, Le, Vdb, Bef, St) ->
-    Int0 = clear_dead(Bef, Le#l.i, Vdb),
-    {Sis,Int1} = adjust_stack(Int0, Le#l.i, Le#l.i+1, Vdb),
-    {Sis++[line(Le),if_end],Int1#sr{reg=clear_regs(Int1#sr.reg)},St};
-match_fail_cg({try_clause,Reason}, Le, Vdb, Bef, St) ->
-    R = cg_reg_arg(Reason, Bef),
-    Int0 = clear_dead(Bef, Le#l.i, Vdb),
-    {Sis,Int} = adjust_stack(Int0, Le#l.i, Le#l.i+1, Vdb),
-    {Sis ++ [line(Le),{try_case_end,R}],
-     Int#sr{reg=clear_regs(Int0#sr.reg)},St}.
-
 %% bsm_rename_ctx([Clause], Var) -> [Clause]
 %%  We know from an annotation that the register for a binary can
 %%  be reused for the match context because the two are not truly
diff --git a/lib/compiler/src/v3_kernel.erl b/lib/compiler/src/v3_kernel.erl
index 47e5e49a76..f2eaa37617 100644
--- a/lib/compiler/src/v3_kernel.erl
+++ b/lib/compiler/src/v3_kernel.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -83,6 +83,7 @@
 -import(lists, [map/2,foldl/3,foldr/3,mapfoldl/3,splitwith/2,member/2,
 		keymember/3,keyfind/3]).
 -import(ordsets, [add_element/2,del_element/2,union/2,union/1,subtract/2]).
+-import(cerl, [c_tuple/1]).
 
 -include("core_parse.hrl").
 -include("v3_kernel.hrl").
@@ -422,10 +423,11 @@ expr(#c_call{anno=A,module=M0,name=F0,args=Cargs}, Sub, St0) ->
     end;
 expr(#c_primop{anno=A,name=#c_literal{val=match_fail},args=Cargs0}, Sub, St0) ->
     Cargs = translate_match_fail(Cargs0, Sub, A, St0),
-    %% This special case will disappear.
     {Kargs,Ap,St} = atomic_list(Cargs, Sub, St0),
     Ar = length(Cargs),
-    Call = #k_call{anno=A,op=#k_internal{name=match_fail,arity=Ar},args=Kargs},
+    Call = #k_call{anno=A,op=#k_remote{mod=#k_atom{val=erlang},
+				       name=#k_atom{val=error},
+				       arity=Ar},args=Kargs},
     {Call,Ap,St};
 expr(#c_primop{anno=A,name=#c_literal{val=N},args=Cargs}, Sub, St0) ->
     {Kargs,Ap,St1} = atomic_list(Cargs, Sub, St0),
@@ -455,14 +457,14 @@ expr(#ireceive_accept{anno=A}, _Sub, St) -> {#k_receive_accept{anno=A},[],St}.
 translate_match_fail(Args, Sub, Anno, St) ->
     case Args of
 	[#c_tuple{es=[#c_literal{val=function_clause}|As]}] ->
-	    translate_match_fail_1(Anno, Args, As, Sub, St);
+	    translate_match_fail_1(Anno, As, Sub, St);
 	[#c_literal{val=Tuple}] when is_tuple(Tuple) ->
 	    %% The inliner may have created a literal out of
 	    %% the original #c_tuple{}.
 	    case tuple_to_list(Tuple) of
 		[function_clause|As0] ->
 		    As = [#c_literal{val=E} || E <- As0],
-		    translate_match_fail_1(Anno, Args, As, Sub, St);
+		    translate_match_fail_1(Anno, As, Sub, St);
 		_ ->
 		    Args
 	    end;
@@ -471,7 +473,7 @@ translate_match_fail(Args, Sub, Anno, St) ->
 	    Args
     end.
 
-translate_match_fail_1(Anno, Args, As, Sub, #kern{ff=FF}) ->
+translate_match_fail_1(Anno, As, Sub, #kern{ff=FF}) ->
     AnnoFunc = case keyfind(function_name, 1, Anno) of
 		   false ->
 		       none;			%Force rewrite.
@@ -481,10 +483,10 @@ translate_match_fail_1(Anno, Args, As, Sub, #kern{ff=FF}) ->
     case {AnnoFunc,FF} of
 	{Same,Same} ->
 	    %% Still in the correct function.
-	    Args;
+	    translate_fc(As);
 	{{F,_},F} ->
 	    %% Still in the correct function.
-	    Args;
+	    translate_fc(As);
 	_ ->
 	    %% Wrong function or no function_name annotation.
 	    %%
@@ -493,9 +495,12 @@ translate_match_fail_1(Anno, Args, As, Sub, #kern{ff=FF}) ->
 	    %% the current function). match_fail(function_clause) will
 	    %% only work at the top level of the function it was originally
 	    %% defined in, so we will need to rewrite it to a case_clause.
-	    [#c_tuple{es=[#c_literal{val=case_clause},#c_tuple{es=As}]}]
+	    [c_tuple([#c_literal{val=case_clause},c_tuple(As)])]
     end.
 
+translate_fc(Args) ->
+    [#c_literal{val=function_clause},make_list(Args)].
+
 %% call_type(Module, Function, Arity) -> call | bif | apply | error.
 %%  Classify the call.
 call_type(#c_literal{val=M}, #c_literal{val=F}, Ar) when is_atom(M), is_atom(F) ->
@@ -1494,7 +1499,6 @@ iletrec_funs_gen(Fs, FreeVs, St) ->
 %% is_exit_expr(Kexpr) -> boolean().
 %%  Test whether Kexpr always exits and never returns.
 
-is_exit_expr(#k_call{op=#k_internal{name=match_fail,arity=1}}) -> true;
 is_exit_expr(#k_receive_next{}) -> true;
 is_exit_expr(_) -> false.
 
diff --git a/lib/compiler/src/v3_life.erl b/lib/compiler/src/v3_life.erl
index a1d92af9f8..93f8034230 100644
--- a/lib/compiler/src/v3_life.erl
+++ b/lib/compiler/src/v3_life.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -89,19 +89,8 @@ function(#k_fdef{anno=#k{a=Anno},func=F,arity=Ar,vars=Vs,body=Kb}) ->
     end.
 
 %% body(Kbody, I, Vdb) -> {[Expr],MaxI,Vdb}.
-%%  Handle a body, need special cases for transforming match_fails.
-%%  We KNOW that they only occur last in a body.
-
-body(#k_seq{arg=#k_put{anno=Pa,arg=Arg,ret=[R]},
-	    body=#k_enter{anno=Ea,op=#k_internal{name=match_fail,arity=1},
-			  args=[R]}},
-      I, Vdb0) ->
-    Vdb1 = use_vars(Pa#k.us, I, Vdb0),		%All used here
-    {[match_fail(Arg, I, Pa#k.a ++ Ea#k.a)],I,Vdb1};
-body(#k_enter{anno=Ea,op=#k_internal{name=match_fail,arity=1},args=[Arg]},
-      I, Vdb0) ->
-    Vdb1 = use_vars(Ea#k.us, I, Vdb0),
-    {[match_fail(Arg, I, Ea#k.a)],I,Vdb1};
+%%  Handle a body.
+
 body(#k_seq{arg=Ke,body=Kb}, I, Vdb0) ->
     %%ok = io:fwrite("life ~w:~p~n", [?LINE,{Ke,I,Vdb0}]),
     A = get_kanno(Ke),
@@ -353,25 +342,6 @@ guard_clause(#k_guard_clause{anno=A,guard=Kg,body=Kb}, Ls, I, Ctxt, Vdb0) ->
        i=I,vdb=use_vars((get_kanno(Kg))#k.us, I+2, Vdb1),
        a=A#k.a}.
 
-%% match_fail(FailValue, I, Anno) -> Expr.
-%%  Generate the correct match_fail instruction.  N.B. there is no
-%%  generic case for when the fail value has been created elsewhere.
-
-match_fail(#k_literal{anno=Anno,val={Atom,Val}}, I, A) when is_atom(Atom) ->
-    match_fail(#k_tuple{anno=Anno,es=[#k_atom{val=Atom},#k_literal{val=Val}]}, I, A);
-match_fail(#k_literal{anno=Anno,val={Atom}}, I, A) when is_atom(Atom) ->
-    match_fail(#k_tuple{anno=Anno,es=[#k_atom{val=Atom}]}, I, A);
-match_fail(#k_tuple{es=[#k_atom{val=function_clause}|As]}, I, A) ->
-    #l{ke={match_fail,{function_clause,literal_list(As, [])}},i=I,a=A};
-match_fail(#k_tuple{es=[#k_atom{val=badmatch},Val]}, I, A) ->
-    #l{ke={match_fail,{badmatch,literal(Val, [])}},i=I,a=A};
-match_fail(#k_tuple{es=[#k_atom{val=case_clause},Val]}, I, A) ->
-    #l{ke={match_fail,{case_clause,literal(Val, [])}},i=I,a=A};
-match_fail(#k_atom{val=if_clause}, I, A) ->
-    #l{ke={match_fail,if_clause},i=I,a=A};
-match_fail(#k_tuple{es=[#k_atom{val=try_clause},Val]}, I, A) ->
-    #l{ke={match_fail,{try_clause,literal(Val, [])}},i=I,a=A}.
-
 %% type(Ktype) -> Type.
 
 type(k_literal) -> literal;
diff --git a/lib/compiler/test/Makefile b/lib/compiler/test/Makefile
index b90adaf917..e13ad4ae90 100644
--- a/lib/compiler/test/Makefile
+++ b/lib/compiler/test/Makefile
@@ -10,6 +10,7 @@ MODULES= \
 	apply_SUITE \
 	beam_validator_SUITE \
 	beam_disasm_SUITE \
+	beam_expect_SUITE \
 	bs_bincomp_SUITE \
 	bs_bit_binaries_SUITE \
 	bs_construct_SUITE \
@@ -29,7 +30,6 @@ MODULES= \
 	misc_SUITE \
 	num_bif_SUITE \
 	pmod_SUITE \
-	parteval_SUITE \
 	receive_SUITE \
 	record_SUITE \
 	trycatch_SUITE \
@@ -39,6 +39,7 @@ MODULES= \
 NO_OPT= \
 	andor \
 	apply \
+	beam_expect \
 	bs_construct \
         bs_match \
 	bs_utf \
diff --git a/lib/compiler/test/beam_disasm_SUITE.erl b/lib/compiler/test/beam_disasm_SUITE.erl
index 44574ae64a..62afc80ca6 100644
--- a/lib/compiler/test/beam_disasm_SUITE.erl
+++ b/lib/compiler/test/beam_disasm_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2011. All Rights Reserved.
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -60,6 +60,6 @@ stripped(Config) when is_list(Config) ->
     ?line true = is_list(Attr),
     ?line true = is_list(CompileInfo),
     ?line {ok, {tmp, _}} = beam_lib:strip(BeamName),
-    ?line {beam_file, tmp, _, none, none, [_|_]} =
+    ?line {beam_file, tmp, _, [], [], [_|_]} =
 	beam_disasm:file(BeamName),
     ok.
diff --git a/lib/compiler/test/beam_expect_SUITE.erl b/lib/compiler/test/beam_expect_SUITE.erl
new file mode 100644
index 0000000000..6f216eac4f
--- /dev/null
+++ b/lib/compiler/test/beam_expect_SUITE.erl
@@ -0,0 +1,67 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(beam_expect_SUITE).
+
+-export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1,
+	 init_per_group/2,end_per_group/2,
+	 coverage/1]).
+
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() ->
+    [coverage].
+
+groups() ->
+    [].
+
+init_per_suite(Config) ->
+    Config.
+
+end_per_suite(_Config) ->
+    ok.
+
+init_per_group(_GroupName, Config) ->
+    Config.
+
+end_per_group(_GroupName, Config) ->
+    Config.
+
+coverage(_) ->
+    File = {file,"fake.erl"},
+    ok = fc(a),
+    {'EXIT',{function_clause,
+	     [{?MODULE,fc,[[x]],[File,{line,2}]}|_]}} =
+	(catch fc([x])),
+    {'EXIT',{function_clause,
+	     [{?MODULE,fc,[y],[File,{line,2}]}|_]}} =
+	(catch fc(y)),
+    {'EXIT',{function_clause,
+	     [{?MODULE,fc,[[a,b,c]],[File,{line,6}]}|_]}} =
+	(catch fc([a,b,c])),
+
+    {'EXIT',{undef,[{erlang,error,[a,b,c],_}|_]}} =
+	(catch erlang:error(a, b, c)),
+    ok.
+
+-file("fake.erl", 1).
+fc(a) ->	                                %Line 2
+    ok;						%Line 3
+fc(L) when length(L) > 2 ->			%Line 4
+    %% Not the same as a "real" function_clause error.
+    error(function_clause, [L]).		%Line 6
diff --git a/lib/compiler/test/beam_validator_SUITE.erl b/lib/compiler/test/beam_validator_SUITE.erl
index 556dc54a8f..902867bc19 100644
--- a/lib/compiler/test/beam_validator_SUITE.erl
+++ b/lib/compiler/test/beam_validator_SUITE.erl
@@ -79,21 +79,18 @@ beam_files(Config) when is_list(Config) ->
     %% a grammatical error in the output of the io:format/2 call below. ;-)
     ?line [_,_|_] = Fs = filelib:wildcard(Wc),
     ?line io:format("~p files\n", [length(Fs)]),
-    beam_files_1(Fs, 0).
-
-beam_files_1([F|Fs], Errors) ->
-    ?line case beam_validator:file(F) of
-	      ok ->
-		  beam_files_1(Fs, Errors);
-	      {error,Es} ->
-		  io:format("File:  ~s", [F]),
-		  io:format("Error: ~p\n", [Es]),
-		  beam_files_1(Fs, Errors+1)
-	  end;
-beam_files_1([], 0) -> ok;
-beam_files_1([], Errors) ->
-    ?line io:format("~p error(s)", [Errors]),
-    ?line ?t:fail().
+    test_lib:p_run(fun do_beam_file/1, Fs).
+
+
+do_beam_file(F) ->
+    case beam_validator:file(F) of
+	ok ->
+	    ok;
+	{error,Es} ->
+	    io:format("File:  ~s", [F]),
+	    io:format("Error: ~p\n", [Es]),
+	    error
+    end.
 
 compiler_bug(Config) when is_list(Config) ->
     %% Check that the compiler returns an error if we try to
diff --git a/lib/compiler/test/bs_match_SUITE.erl b/lib/compiler/test/bs_match_SUITE.erl
index f8c71a0257..01b7568122 100644
--- a/lib/compiler/test/bs_match_SUITE.erl
+++ b/lib/compiler/test/bs_match_SUITE.erl
@@ -342,6 +342,10 @@ partitioned_bs_match(Config) when is_list(Config) ->
 
     ?line fc(partitioned_bs_match_2, [4,<<0:17>>],
 	     catch partitioned_bs_match_2(4, <<0:17>>)),
+
+    anything = partitioned_bs_match_3(anything, <<42>>),
+    ok = partitioned_bs_match_3(1, 2),
+
     ok.
 
 partitioned_bs_match(_, <<42:8,T/binary>>) ->
@@ -356,6 +360,9 @@ partitioned_bs_match_2(1, <<B:8,T/binary>>) ->
 partitioned_bs_match_2(Len, <<_:8,T/binary>>) ->
     {Len,T}.
 
+partitioned_bs_match_3(Var, <<_>>) -> Var;
+partitioned_bs_match_3(1, 2) -> ok.
+
 function_clause(Config) when is_list(Config)  ->
     ?line ok = function_clause_1(<<0,7,0,7,42>>),
     ?line fc(function_clause_1, [<<0,1,2,3>>],
diff --git a/lib/compiler/test/compilation_SUITE.erl b/lib/compiler/test/compilation_SUITE.erl
index 1343fbd1c9..408fd5ed53 100644
--- a/lib/compiler/test/compilation_SUITE.erl
+++ b/lib/compiler/test/compilation_SUITE.erl
@@ -44,7 +44,7 @@ all() ->
      trycatch_4, opt_crash, otp_5404, otp_5436, otp_5481,
      otp_5553, otp_5632, otp_5714, otp_5872, otp_6121,
      otp_6121a, otp_6121b, otp_7202, otp_7345, on_load,
-     string_table,otp_8949_a,otp_8949_a].
+     string_table,otp_8949_a,otp_8949_a,split_cases].
 
 groups() -> 
     [{vsn, [], [vsn_1, vsn_2, vsn_3]}].
@@ -159,6 +159,7 @@ split({int, N}, <<N:16,B:N/binary,T/binary>>) ->
 ?comp(convopts).
 ?comp(otp_7202).
 ?comp(on_load).
+?comp(on_load_inline).
 
 beam_compiler_7(doc) ->
     "Code snippet submitted from Ulf Wiger which fails in R3 Beam.";
@@ -427,9 +428,9 @@ self_compile_1(Config, Prefix, Opts) ->
     %% Compile the compiler again using the newly compiled compiler.
     %% (In another node because reloading the compiler would disturb cover.)
     CompilerB = Prefix++"compiler_b",
-    ?line CompB = make_compiler_dir(Priv, Prefix++"compiler_b"),
+    CompB = make_compiler_dir(Priv, CompilerB),
     ?line VsnB = VsnA ++ ".0",
-    ?line self_compile_node(CompilerB, CompA, CompB, VsnB, Opts),
+    self_compile_node(CompA, CompB, VsnB, Opts),
 
     %% Compare compiler directories.
     ?line compare_compilers(CompA, CompB),
@@ -438,21 +439,26 @@ self_compile_1(Config, Prefix, Opts) ->
     ?line CompilerC = Prefix++"compiler_c",
     ?line CompC = make_compiler_dir(Priv, CompilerC),
     ?line VsnC = VsnB ++ ".0",
-    ?line self_compile_node(CompilerC, CompB, CompC, VsnC, Opts),
+    self_compile_node(CompB, CompC, VsnC, Opts),
     ?line compare_compilers(CompB, CompC),
 
     ?line test_server:timetrap_cancel(Dog),
     ok.
 
-self_compile_node(NodeName0, CompilerDir, OutDir, Version, Opts) ->
-    ?line NodeName = list_to_atom(NodeName0),
-    ?line Dog = test_server:timetrap(test_server:minutes(10)),
+self_compile_node(CompilerDir, OutDir, Version, Opts) ->
+    ?line Dog = test_server:timetrap(test_server:minutes(15)),
     ?line Pa = "-pa " ++ filename:dirname(code:which(?MODULE)) ++
 	" -pa " ++ CompilerDir,
-    ?line {ok,Node} = start_node(NodeName, Pa),
     ?line Files = compiler_src(),
-    ?line ok = rpc:call(Node, ?MODULE, compile_compiler, [Files,OutDir,Version,Opts]),
-    ?line test_server:stop_node(Node),
+
+    %% We don't want the cover server started on the other node,
+    %% because it will load the same cover-compiled code as on this
+    %% node. Use a shielded node to prevent the cover server from
+    %% being started.
+    ?t:run_on_shielded_node(
+       fun() ->
+	       compile_compiler(Files, OutDir, Version, Opts)
+       end, Pa),
     ?line test_server:timetrap_cancel(Dog),
     ok.
 
@@ -465,9 +471,12 @@ compile_compiler(Files, OutDir, Version, InlineOpts) ->
 	    {d,'COMPILER_VSN',"\""++Version++"\""},
 	    nowarn_shadow_vars,
 	    {i,filename:join(code:lib_dir(stdlib), "include")}|InlineOpts],
-    lists:foreach(fun(File) ->
-			  {ok,_} = compile:file(File, Opts)
-		  end, Files).
+    test_lib:p_run(fun(File) ->
+			   case compile:file(File, Opts) of
+			       {ok,_} -> ok;
+			       _ -> error
+			   end
+		   end, Files).
 
 compiler_src() ->
     filelib:wildcard(filename:join([code:lib_dir(compiler), "src", "*.erl"])).
@@ -657,5 +666,19 @@ otp_8949_b(A, B) ->
 	    id(Var)
     end.
     
+split_cases(_) ->
+    dummy1 = do_split_cases(x),
+    {'EXIT',{{badmatch,b},_}} = (catch do_split_cases(y)),
+    ok.
+
+do_split_cases(A) ->
+    case A of
+        x ->
+	    Z = dummy1;
+        _ ->
+	    Z = dummy2,
+	    a=b
+    end,
+    Z.
 
 id(I) -> I.
diff --git a/lib/compiler/test/compilation_SUITE_data/on_load_inline.erl b/lib/compiler/test/compilation_SUITE_data/on_load_inline.erl
new file mode 100644
index 0000000000..322843b61e
--- /dev/null
+++ b/lib/compiler/test/compilation_SUITE_data/on_load_inline.erl
@@ -0,0 +1,23 @@
+-module(on_load_inline).
+-export([?MODULE/0]).
+-on_load(on_load/0).
+-compile(inline).
+
+?MODULE() ->
+    [{pid,Pid}] = ets:lookup(on_load_executed, pid),
+    exit(Pid, kill),
+    ok.
+
+on_load() ->
+    Parent = self(),
+    spawn(fun() ->
+		  T = ets:new(on_load_executed, [named_table]),
+		  ets:insert(T, {pid,self()}),
+		  Parent ! done,
+		  receive
+		      wait_forever -> ok
+		  end
+	  end),
+    receive
+	done -> ok
+    end.
diff --git a/lib/compiler/test/compile_SUITE.erl b/lib/compiler/test/compile_SUITE.erl
index 8c6a623dfb..640849f2ec 100644
--- a/lib/compiler/test/compile_SUITE.erl
+++ b/lib/compiler/test/compile_SUITE.erl
@@ -29,7 +29,8 @@
 	 binary/1, makedep/1, cond_and_ifdef/1, listings/1, listings_big/1,
 	 other_output/1, package_forms/1, encrypted_abstr/1,
 	 bad_record_use1/1, bad_record_use2/1, strict_record/1,
-	 missing_testheap/1, cover/1, env/1, core/1, asm/1]).
+	 missing_testheap/1, cover/1, env/1, core/1, asm/1,
+	 sys_pre_attributes/1]).
 
 -export([init/3]).
 
@@ -45,7 +46,8 @@ all() ->
      binary, makedep, cond_and_ifdef, listings, listings_big,
      other_output, package_forms, encrypted_abstr,
      {group, bad_record_use}, strict_record,
-     missing_testheap, cover, env, core, asm].
+     missing_testheap, cover, env, core, asm,
+     sys_pre_attributes].
 
 groups() -> 
     [{bad_record_use, [],
@@ -77,12 +79,22 @@ file_1(Config) when is_list(Config) ->
     ?line {Simple, Target} = files(Config, "file_1"),
     ?line {ok, Cwd} = file:get_cwd(),
     ?line ok = file:set_cwd(filename:dirname(Target)),
-    ?line {ok,simple} = compile:file(Simple),	%Smoke test only.
+
+    %% Native from BEAM without compilation info.
     ?line {ok,simple} = compile:file(Simple, [slim]), %Smoke test only.
-    ?line {ok,simple} = compile:file(Simple, [native,report]), %Smoke test.
     ?line {ok,simple} = compile:file(Target, [native,from_beam]), %Smoke test.
-    ?line {ok,simple} = compile:file(Simple, [debug_info]),
+
+    %% Native from BEAM with compilation info.
+    ?line {ok,simple} = compile:file(Simple),	%Smoke test only.
+    ?line {ok,simple} = compile:file(Target, [native,from_beam]), %Smoke test.
+
+    ?line {ok,simple} = compile:file(Simple, [native,report]), %Smoke test.
+
+    ?line compile_and_verify(Simple, Target, []),
+    ?line compile_and_verify(Simple, Target, [native]),
+    ?line compile_and_verify(Simple, Target, [debug_info]),
     ?line {ok,simple} = compile:file(Simple, [no_line_info]), %Coverage
+
     ?line ok = file:set_cwd(Cwd),
     ?line true = exists(Target),
     ?line passed = run(Target, test, []),
@@ -113,10 +125,9 @@ big_file(Config) when is_list(Config) ->
     ?line Big = filename:join(DataDir, "big.erl"),
     ?line Target = filename:join(PrivDir, "big.beam"),
     ?line ok = file:set_cwd(PrivDir),
-    ?line {ok,big} = compile:file(Big, []),
-    ?line {ok,big} = compile:file(Big, [r9,debug_info]),
-    ?line {ok,big} = compile:file(Big, [no_postopt]),
-    ?line true = exists(Target),
+    ?line compile_and_verify(Big, Target, []),
+    ?line compile_and_verify(Big, Target, [debug_info]),
+    ?line compile_and_verify(Big, Target, [no_postopt]),
 
     %% Cleanup.
     ?line ok = file:delete(Target),
@@ -775,3 +786,46 @@ do_asm(Beam, Outdir) ->
 		      [M,Class,Error,erlang:get_stacktrace()]),
 	    error
     end.
+
+sys_pre_attributes(Config) ->
+    DataDir = ?config(data_dir, Config),
+    File = filename:join(DataDir, "attributes.erl"),
+    Mod = attributes,
+    CommonOpts = [binary,report,verbose,
+		  {parse_transform,sys_pre_attributes}],
+    PreOpts = [{attribute,delete,deleted}],
+    PostOpts = [{attribute,insert,inserted,"value"}],
+    PrePostOpts = [{attribute,replace,replaced,42},
+		   {attribute,replace,replace_nonexisting,new}],
+    {ok,Mod,Code} = compile:file(File, PrePostOpts ++ PreOpts ++
+				     PostOpts ++ CommonOpts),
+    code:load_binary(Mod, File, Code),
+    Attr = Mod:module_info(attributes),
+    io:format("~p", [Attr]),
+    {inserted,"value"} = lists:keyfind(inserted, 1, Attr),
+    {replaced,[42]} = lists:keyfind(replaced, 1, Attr),
+    {replace_nonexisting,[new]} = lists:keyfind(replace_nonexisting, 1, Attr),
+    false = lists:keymember(deleted, 1, Attr),
+
+    %% Cover more code.
+    {ok,Mod,_} = compile:file(File, PostOpts ++ CommonOpts),
+    {ok,Mod,_} = compile:file(File, CommonOpts -- [verbose]),
+    {ok,Mod,_} = compile:file(File, PreOpts ++ CommonOpts),
+    {ok,Mod,_} = compile:file(File,
+			      [{attribute,replace,replaced,42}|CommonOpts]),
+    {ok,Mod,_} = compile:file(File, PrePostOpts ++ PreOpts ++
+				  PostOpts ++ CommonOpts --
+				  [report,verbose]),
+    ok.
+
+%%%
+%%% Utilities.
+%%%
+
+compile_and_verify(Name, Target, Opts) ->
+    Mod = list_to_atom(filename:basename(Name, ".erl")),
+    {ok,Mod} = compile:file(Name, Opts),
+    {ok,{Mod,[{compile_info,CInfo}]}} = 
+	beam_lib:chunks(Target, [compile_info]),
+    {options,BeamOpts} = lists:keyfind(options, 1, CInfo),
+    Opts = BeamOpts.
diff --git a/lib/compiler/test/compile_SUITE_data/attributes.erl b/lib/compiler/test/compile_SUITE_data/attributes.erl
new file mode 100644
index 0000000000..9c3451d272
--- /dev/null
+++ b/lib/compiler/test/compile_SUITE_data/attributes.erl
@@ -0,0 +1,23 @@
+%%
+%% %CopyrightBegin%
+%% 
+%% Copyright Ericsson AB 2012. All Rights Reserved.
+%% 
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%% 
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%% 
+%% %CopyrightEnd%
+%%
+
+-module(attributes).
+-deleted(dummy).
+-replaced(dummy).
+
diff --git a/lib/compiler/test/compiler.cover b/lib/compiler/test/compiler.cover
index 9fc4c7dd43..3fd7fc1937 100644
--- a/lib/compiler/test/compiler.cover
+++ b/lib/compiler/test/compiler.cover
@@ -1,5 +1,5 @@
 {incl_app,compiler,details}.
 
 %% -*- erlang -*-
-{excl_mods,[sys_pre_attributes,core_scan,core_parse]}.
+{excl_mods,compiler,[core_scan,core_parse]}.
 
diff --git a/lib/compiler/test/core_SUITE.erl b/lib/compiler/test/core_SUITE.erl
index 26173c62b8..874e02803d 100644
--- a/lib/compiler/test/core_SUITE.erl
+++ b/lib/compiler/test/core_SUITE.erl
@@ -21,7 +21,9 @@
 -export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
 	 init_per_group/2,end_per_group/2,
 	 init_per_testcase/2,end_per_testcase/2,
-	 dehydrated_itracer/1,nested_tries/1]).
+	 dehydrated_itracer/1,nested_tries/1,
+	 make_effect_seq/1,eval_is_boolean/1,
+	 unsafe_case/1,nomatch_shadow/1,reversed_annos/1]).
 
 -include_lib("test_server/include/test_server.hrl").
 
@@ -41,7 +43,8 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
     test_lib:recompile(?MODULE),
-    [dehydrated_itracer, nested_tries].
+    [dehydrated_itracer,nested_tries,make_effect_seq,
+     eval_is_boolean,unsafe_case,nomatch_shadow,reversed_annos].
 
 groups() -> 
     [].
@@ -61,19 +64,18 @@ end_per_group(_GroupName, Config) ->
 
 ?comp(dehydrated_itracer).
 ?comp(nested_tries).
+?comp(make_effect_seq).
+?comp(eval_is_boolean).
+?comp(unsafe_case).
+?comp(nomatch_shadow).
+?comp(reversed_annos).
 
 try_it(Mod, Conf) ->
-    ?line Src = filename:join(?config(data_dir, Conf), atom_to_list(Mod)),
-    ?line Out = ?config(priv_dir,Conf),
-    ?line io:format("Compiling: ~s\n", [Src]),
-    ?line CompRc0 = compile:file(Src, [from_core,{outdir,Out},report,time]),
-    ?line io:format("Result: ~p\n",[CompRc0]),
-    ?line {ok,Mod} = CompRc0,
-
-    ?line {module,Mod} = code:load_abs(filename:join(Out, Mod)),
-    ?line ok = Mod:Mod(),
-    ok.
-
-
-
-
+    Src = filename:join(?config(data_dir, Conf), atom_to_list(Mod)),
+    compile_and_load(Src, []),
+    compile_and_load(Src, [no_copt]).
+
+compile_and_load(Src, Opts) ->
+    {ok,Mod,Bin} = compile:file(Src, [from_core,report,time,binary|Opts]),
+    {module,Mod} = code:load_binary(Mod, Mod, Bin),
+    ok = Mod:Mod().
diff --git a/lib/compiler/test/core_SUITE_data/eval_is_boolean.core b/lib/compiler/test/core_SUITE_data/eval_is_boolean.core
new file mode 100644
index 0000000000..6a68b1414d
--- /dev/null
+++ b/lib/compiler/test/core_SUITE_data/eval_is_boolean.core
@@ -0,0 +1,22 @@
+module 'eval_is_boolean' ['eval_is_boolean'/0]
+    attributes []
+'eval_is_boolean'/0 =
+    %% Line 4
+    fun () ->
+	case <> of
+	  <> when 'true' ->
+		case call 'erlang':'is_boolean'(call 'erlang':'make_ref'()) of
+		    <'false'> when 'true' ->
+			'ok'
+		    ( <_cor1> when 'true' ->
+			  primop 'match_fail'
+			      ({'badmatch',_cor1})
+		      -| ['compiler_generated'] )
+		  end
+	  ( <> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause'})
+		  -| [{'function_name',{'eval_is_boolean',0}}] )
+	    -| ['compiler_generated'] )
+	end
+end
diff --git a/lib/compiler/test/core_SUITE_data/make_effect_seq.core b/lib/compiler/test/core_SUITE_data/make_effect_seq.core
new file mode 100644
index 0000000000..9941e63b76
--- /dev/null
+++ b/lib/compiler/test/core_SUITE_data/make_effect_seq.core
@@ -0,0 +1,51 @@
+module 'make_effect_seq' ['make_effect_seq'/0]
+    attributes []
+'make_effect_seq'/0 =
+    fun () ->
+	case <> of
+	  <> when 'true' ->
+	      let <_cor0> =
+		  catch
+		      apply 't'/1
+			  ('a')
+	      in
+		  case _cor0 of
+		    <{'EXIT',{'badarg',_cor3}}> when 'true' ->
+			let <_cor4> =
+			    apply 't'/1
+				({'a','b','c'})
+			in
+			    case _cor4 of
+			      <'ok'> when 'true' ->
+				  ( _cor4
+				    -| ['compiler_generated'] )
+			      ( <_cor2> when 'true' ->
+				    primop 'match_fail'
+					({'badmatch',_cor2})
+				-| ['compiler_generated'] )
+			    end
+		    ( <_cor1> when 'true' ->
+			  primop 'match_fail'
+			      ({'badmatch',_cor1})
+		      -| ['compiler_generated'] )
+		  end
+	  ( <> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause'})
+		  -| [{'function_name',{'make_effect_seq',0}}] )
+	    -| ['compiler_generated'] )
+	end
+'t'/1 =
+    fun (_cor0) ->
+	case _cor0 of
+	  <T> when 'true' ->
+	      do
+		  {'ok',call 'erlang':'element'(2, T)}
+		  'ok'
+	  ( <_cor2> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause',_cor2})
+		  -| [{'function_name',{'t',1}}] )
+	    -| ['compiler_generated'] )
+	end
+end
diff --git a/lib/compiler/test/core_SUITE_data/nomatch_shadow.core b/lib/compiler/test/core_SUITE_data/nomatch_shadow.core
new file mode 100644
index 0000000000..565d9dc0f3
--- /dev/null
+++ b/lib/compiler/test/core_SUITE_data/nomatch_shadow.core
@@ -0,0 +1,28 @@
+module 'nomatch_shadow' ['nomatch_shadow'/0]
+    attributes []
+'nomatch_shadow'/0 =
+    fun () ->
+	case <> of
+	  <> when 'true' ->
+	      apply 't'/1
+		  (42)
+	  ( <> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause'})
+		  -| [{'function_name',{'nomatch_shadow',0}}] )
+	    -| ['compiler_generated'] )
+	end
+'t'/1 =
+    fun (_cor0) ->
+	case _cor0 of
+	  <42> when 'true' ->
+	      'ok'
+	  <42> when 'true' ->
+	      'ok'
+	  ( <_cor1> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause',_cor1})
+		  -| [{'function_name',{'t',1}}] )
+	    -| ['compiler_generated'] )
+	end
+end
diff --git a/lib/compiler/test/core_SUITE_data/reversed_annos.core b/lib/compiler/test/core_SUITE_data/reversed_annos.core
new file mode 100644
index 0000000000..95b3cd52d6
--- /dev/null
+++ b/lib/compiler/test/core_SUITE_data/reversed_annos.core
@@ -0,0 +1,49 @@
+module 'reversed_annos' ['reversed_annos'/0]
+    attributes []
+'reversed_annos'/0 =
+    fun () ->
+	case <> of
+	  <> when 'true' ->
+	      case apply 't'/1
+		       (['a']) of
+		<'ok'> when 'true' ->
+		    let <_cor2> =
+			apply 't'/1
+			    (['a'|['b']])
+		    in
+			case _cor2 of
+			  <'ok'> when 'true' ->
+			      ( _cor2
+				-| ['compiler_generated'] )
+			  ( <_cor1> when 'true' ->
+				primop 'match_fail'
+				    ({'badmatch',_cor1})
+			    -| ['compiler_generated'] )
+			end
+		( <_cor0> when 'true' ->
+		      primop 'match_fail'
+			  ({'badmatch',_cor0})
+		  -| ['compiler_generated'] )
+	      end
+	  ( <> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause'})
+		  -| [{'function_name',{'reversed_annos',0}}] )
+	    -| ['compiler_generated'] )
+	end
+'t'/1 =
+    fun (_cor0) ->
+	case _cor0 of
+	  <[_cor2|_cor3]> when 'true' ->
+	      'ok'
+	  %% Cover v3_kernel:get_line/1.
+	  ( <['a']> when 'true' ->
+	      'error'
+            -| [{'file',"reversed_annos.erl"},11] )
+	  ( <_cor1> when 'true' ->
+		( primop 'match_fail'
+		      ({'function_clause',_cor1})
+		  -| [{'function_name',{'t',1}}] )
+	    -| ['compiler_generated'] )
+	end
+end
diff --git a/lib/compiler/test/core_SUITE_data/unsafe_case.core b/lib/compiler/test/core_SUITE_data/unsafe_case.core
new file mode 100644
index 0000000000..84cb2c310a
--- /dev/null
+++ b/lib/compiler/test/core_SUITE_data/unsafe_case.core
@@ -0,0 +1,25 @@
+module 'unsafe_case' ['unsafe_case'/0]
+    attributes []
+'unsafe_case'/0 =
+    fun () ->
+	case apply 't'/1
+		 (42) of
+	  <{'ok',42}> when 'true' ->
+	      'ok'
+	  ( <_cor0> when 'true' ->
+		primop 'match_fail'
+		    ({'badmatch',_cor0})
+	    -| ['compiler_generated'] )
+	end
+'t'/1 =
+    fun (_cor0) ->
+	case _cor0 of
+	  <X>
+	      when call 'erlang':'>'
+		    (_cor0,
+		     0) ->
+	      {'ok',X}
+	  %% The default case is intentionally missing
+	  %% to cover v3_kernel:build_match/2.
+	end
+end
diff --git a/lib/compiler/test/core_fold_SUITE.erl b/lib/compiler/test/core_fold_SUITE.erl
index ac14d36e82..fb5ec88c9f 100644
--- a/lib/compiler/test/core_fold_SUITE.erl
+++ b/lib/compiler/test/core_fold_SUITE.erl
@@ -214,6 +214,7 @@ coverage(Config) when is_list(Config) ->
 	(catch cover_will_match_list_type({a,b,c,d})),
     ?line a = cover_remove_non_vars_alias({a,b,c}),
     ?line error = cover_will_match_lit_list(),
+    {ok,[a]} = cover_is_safe_bool_expr(a),
 
     %% Make sure that we don't attempt to make literals
     %% out of pids. (Putting a pid into a #c_literal{}
@@ -249,4 +250,17 @@ cover_will_match_lit_list() ->
 	    error
     end.
 
+cover_is_safe_bool_expr(X) ->
+    %% Use a try...catch that looks like a try...catch in a guard.
+    try
+	%% let V = [X] in {ok,V}
+	%%    is_safe_simple([X]) ==> true
+	%%    is_safe_bool_expr([X]) ==> false
+	V = [X],
+	{ok,V}
+    catch
+	_:_ ->
+	    false
+    end.
+
 id(I) -> I.
diff --git a/lib/compiler/test/inline_SUITE.erl b/lib/compiler/test/inline_SUITE.erl
index 086fba2649..2e17d3fde6 100644
--- a/lib/compiler/test/inline_SUITE.erl
+++ b/lib/compiler/test/inline_SUITE.erl
@@ -33,7 +33,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 all() -> 
     test_lib:recompile(?MODULE),
     [attribute, bsdecode, bsdes, barnes2, decode1, smith,
-     itracer, pseudoknot, lists, really_inlined, otp_7223,
+     itracer, pseudoknot, comma_splitter, lists, really_inlined, otp_7223,
      coverage].
 
 groups() -> 
@@ -78,6 +78,7 @@ attribute(Config) when is_list(Config) ->
 ?comp(smith).
 ?comp(itracer).
 ?comp(pseudoknot).
+?comp(comma_splitter).
 
 try_inline(Mod, Config) ->
     ?line Src = filename:join(?config(data_dir, Config), atom_to_list(Mod)),
diff --git a/lib/compiler/test/inline_SUITE_data/comma_splitter.erl b/lib/compiler/test/inline_SUITE_data/comma_splitter.erl
new file mode 100644
index 0000000000..eaa89e0edc
--- /dev/null
+++ b/lib/compiler/test/inline_SUITE_data/comma_splitter.erl
@@ -0,0 +1,18 @@
+-module(comma_splitter).
+-export([?MODULE/0]).
+
+?MODULE() ->
+    {<<"def">>,<<"cba">>} = split_at_comma(<<"abc,   def">>, <<>>),
+    ok.
+
+strip_leading_ws(<<N, Rest/binary>>) when N =< $\s ->
+    strip_leading_ws(Rest);
+strip_leading_ws(B) ->
+    B.
+
+split_at_comma(<<>>, Accu) ->
+    {<<>>, Accu};
+split_at_comma(<<$,, Rest/binary>>, Accu) ->
+    {strip_leading_ws(Rest), Accu};
+split_at_comma(<<C, Rest/binary>>, Accu) ->
+    split_at_comma(Rest, <<C, Accu/binary>>).
diff --git a/lib/compiler/test/misc_SUITE.erl b/lib/compiler/test/misc_SUITE.erl
index 9b414cade6..5e13a93c52 100644
--- a/lib/compiler/test/misc_SUITE.erl
+++ b/lib/compiler/test/misc_SUITE.erl
@@ -190,6 +190,15 @@ silly_coverage(Config) when is_list(Config) ->
 		     {label,2}|non_proper_list]}],99},
     ?line expect_error(fun() -> beam_block:module(BlockInput, []) end),
 
+    %% beam_except
+    ExceptInput = {?MODULE,[{foo,0}],[],
+		   [{function,foo,0,2,
+		     [{label,1},
+		      {line,loc},
+		      {func_info,{atom,?MODULE},{atom,foo},0},
+		      {label,2}|non_proper_list]}],99},
+    expect_error(fun() -> beam_except:module(ExceptInput, []) end),
+
     %% beam_bool
     BoolInput = {?MODULE,[{foo,0}],[],
 		  [{function,foo,0,2,
@@ -253,8 +262,15 @@ expect_error(Fun) ->
 	    io:format("~p", [Any]),
 	    ?t:fail(call_was_supposed_to_fail)
     catch
-	_:_ ->
-	    io:format("~p\n", [erlang:get_stacktrace()])
+	Class:Reason ->
+	    Stk = erlang:get_stacktrace(),
+	    io:format("~p:~p\n~p\n", [Class,Reason,Stk]),
+	    case {Class,Reason} of
+		{error,undef} ->
+		    ?t:fail(not_supposed_to_fail_with_undef);
+		{_,_} ->
+		    ok
+	    end
     end.
 
 confused_literals(Config) when is_list(Config) ->
diff --git a/lib/compiler/test/parteval_SUITE.erl b/lib/compiler/test/parteval_SUITE.erl
deleted file mode 100644
index 6b1ae38c1b..0000000000
--- a/lib/compiler/test/parteval_SUITE.erl
+++ /dev/null
@@ -1,66 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
--module(parteval_SUITE).
-
--include_lib("test_server/include/test_server.hrl").
-
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
-	 init_per_group/2,end_per_group/2, pe2/1]).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() -> 
-    [pe2].
-
-groups() -> 
-    [].
-
-init_per_suite(Config) ->
-    Config.
-
-end_per_suite(_Config) ->
-    ok.
-
-init_per_group(_GroupName, Config) ->
-    Config.
-
-end_per_group(_GroupName, Config) ->
-    Config.
-
-
-%% (This is more general than needed, since we once compiled the same
-%% source code with and without a certain option.)
-compile_and_load(Srcname, Outdir, Module, Options) ->
-    ?line Objname = filename:join(Outdir, "t1") ++ code:objfile_extension(),
-    ?line {ok, Module} =
-	compile:file(Srcname,
-		     [{d, 'M', Module}, {outdir, Outdir}] ++ Options),
-    ?line {ok, B} = file:read_file(Objname),
-    ?line {module, Module} = code:load_binary(Module, Objname, B),
-    B.
-
-pe2(Config) when is_list(Config) ->
-    ?line DataDir = ?config(data_dir, Config),
-    ?line PrivDir = ?config(priv_dir, Config),
-    ?line Srcname = filename:join(DataDir, "t1.erl"),
-    ?line compile_and_load(Srcname, PrivDir, t1, []),
-
-    ?line {Correct, Actual} = t1:run(),
-    ?line Correct = Actual,
-    ok.
diff --git a/lib/compiler/test/parteval_SUITE_data/t1.erl b/lib/compiler/test/parteval_SUITE_data/t1.erl
deleted file mode 100644
index 5e4a40f103..0000000000
--- a/lib/compiler/test/parteval_SUITE_data/t1.erl
+++ /dev/null
@@ -1,140 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1998-2009. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
--module(?M).
-
--compile(export_all).
-
-%%% The arity-0 functions are all called from the test suite.
-
-f2() ->
-    size({1,2}).
-
-i() ->
-    case [] of
-	[] ->
-	    ok;
-	X ->
-	    hopp
-    end.
-
-e() ->
-    case 4+5 of
-%	X when X>10 -> kvock;	% not removed by BEAM opt.
-	{X,X} when list(X) ->
-	    kvack;
-	9 ->
-	    ok;
-	_ ->
-	    ko
-    end.
-
-f() ->
-    element(2,{a,b,c,d}),
-    erlang:element(2,{a,b,c,d}),
-    "hej" ++ "hopp".
-
-g(X) ->
-    if
-	float(3.4) ->
-	    hej;
-	X == 5, 4==4 ->
-	    japp;
-	4 == 4, size({1,2}) == 1 ->
-	    ok
-    end.
-
-g() ->
-    {g(3),g(5)}.
-
-bliff() ->
-    if
-	3==4 ->
-	    himm
-    end.
-
-fi() ->
-    case 4 of
-	X when 4==3 ->
-	    {X};
-	4 ->
-	    4;
-	_ ->
-	    ok
-    end.
-
-iff() when 3==2 ->
-    if
-	3 == 4 ->
-	    baff;
-	3 == 3 ->
-	    nipp
-    end.
-
-sleep(I) -> receive after I -> ok end.
-
-sleep() ->
-    sleep(45).
-
-s() ->
-    case 4 of
-	3 ->
-	    ok
-    end.
-
-error_reason(R) when atom(R) ->
-    R;
-error_reason(R) when tuple(R) ->
-    error_reason(element(1, R)).
-
-plusplus() ->
-    ?MODULE ++ " -> mindre snygg felhantering".
-
-call_it(F) ->
-    case (catch apply(?MODULE, F, [])) of
-	{'EXIT', R0} ->
-	    {'EXIT', error_reason(R0)};
-	V ->
-	    V
-    end.
-
-run() ->
-    L = [{f2, 2},
-	 {i, ok},
-	 {e, ok},
-	 {f, "hejhopp"},
-	 {g, {hej, hej}},
-	 {bliff, {'EXIT', if_clause}},
-	 {fi, 4},
-	 {iff, {'EXIT', function_clause}},
-	 {sleep, ok},
-	 {s, {'EXIT', case_clause},
-	 {plusplus, {'EXIT', badarg}}}],
-    Actual = [call_it(F) || {F, _} <- L],
-    Correct = [C || {_, C} <- L],
-    {Correct, Actual}.
-
-
-%%% Don't call, only compile.
-t(A) ->
-    receive
-	A when 1==2 ->
-	    ok;
-	B ->
-	    B
-    end.
diff --git a/lib/compiler/test/pmod_SUITE.erl b/lib/compiler/test/pmod_SUITE.erl
index 3d02adaf52..5dd09a7245 100644
--- a/lib/compiler/test/pmod_SUITE.erl
+++ b/lib/compiler/test/pmod_SUITE.erl
@@ -100,6 +100,7 @@ basic_1(Config, Opts) ->
     Fun = fun(Arg) -> Prop4:bar(Arg) end,
     ?line ok = Fun({s,0}),
 
+    [{y,[1,2]},{x,[5,19]}] = Prop4:collapse([{y,[2,1]},{x,[19,5]}]),
     ok.
 
 otp_8447(Config) when is_list(Config) ->
diff --git a/lib/compiler/test/pmod_SUITE_data/pmod_basic.erl b/lib/compiler/test/pmod_SUITE_data/pmod_basic.erl
index 0d46cffe00..19cce452dc 100644
--- a/lib/compiler/test/pmod_SUITE_data/pmod_basic.erl
+++ b/lib/compiler/test/pmod_SUITE_data/pmod_basic.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,6 +21,7 @@
 -export([lookup/1,or_props/1,prepend/1,append/1,stupid_sum/0]).
 -export([bar/1,bar_bar/1]).
 -export([bc1/0, bc2/0]).
+-export([collapse/1]).
 
 lookup(Key) ->
     proplists:lookup(Key, Props).
@@ -77,3 +78,6 @@ bc1() ->
 
 bc2() ->
     << <<A:1>> || A <- [1,0,1,0] >>.
+
+collapse(L) ->
+    lists:keymap(fun lists:sort/1, 2, L).
diff --git a/lib/compiler/test/test_lib.erl b/lib/compiler/test/test_lib.erl
index 53d8c04169..2295592a38 100644
--- a/lib/compiler/test/test_lib.erl
+++ b/lib/compiler/test/test_lib.erl
@@ -77,7 +77,14 @@ get_data_dir(Config) ->
 %%  Will fail the test case if there were any errors.
 
 p_run(Test, List) ->
-    N = erlang:system_info(schedulers) + 1,
+    N = case ?t:is_cover() of
+	    false ->
+		erlang:system_info(schedulers);
+	    true ->
+		%% Cover is running. Using more than one process
+		%% will probably only slow down compilation.
+		1
+	end,
     p_run_loop(Test, List, N, [], 0, 0).
 
 p_run_loop(_, [], _, [], Errors, Ws) ->
diff --git a/lib/compiler/test/trycatch_SUITE.erl b/lib/compiler/test/trycatch_SUITE.erl
index 760cf17225..09a23724fe 100644
--- a/lib/compiler/test/trycatch_SUITE.erl
+++ b/lib/compiler/test/trycatch_SUITE.erl
@@ -24,7 +24,7 @@
 	 catch_oops/1,after_oops/1,eclectic/1,rethrow/1,
 	 nested_of/1,nested_catch/1,nested_after/1,
 	 nested_horrid/1,last_call_optimization/1,bool/1,
-	 plain_catch_coverage/1,andalso_orelse/1]).
+	 plain_catch_coverage/1,andalso_orelse/1,get_in_try/1]).
 
 -include_lib("test_server/include/test_server.hrl").
 
@@ -35,7 +35,7 @@ all() ->
     [basic, lean_throw, try_of, try_after, catch_oops,
      after_oops, eclectic, rethrow, nested_of, nested_catch,
      nested_after, nested_horrid, last_call_optimization,
-     bool, plain_catch_coverage, andalso_orelse].
+     bool, plain_catch_coverage, andalso_orelse, get_in_try].
 
 groups() -> 
     [].
@@ -928,3 +928,17 @@ andalso_orelse_2({Type,Keyval}) ->
 
 zero() ->
     0.0.
+
+get_in_try(_) ->
+    undefined = get_valid_line([a], []),
+    ok.
+
+get_valid_line([_|T]=Path, Annotations) ->
+    try
+        get(Path)
+	%% beam_dead used to optimize away an assignment to {y,1}
+	%% because it didn't appear to be used.
+    catch
+        _:not_found ->
+            get_valid_line(T, Annotations)
+    end.
diff --git a/lib/compiler/vsn.mk b/lib/compiler/vsn.mk
index 04290c0a7f..416c2f08bb 100644
--- a/lib/compiler/vsn.mk
+++ b/lib/compiler/vsn.mk
@@ -1 +1 @@
-COMPILER_VSN = 4.7.5
+COMPILER_VSN = 4.8
diff --git a/lib/configure.in.src b/lib/configure.in.src
index 792a7f932a..fea3c7bffa 100644
--- a/lib/configure.in.src
+++ b/lib/configure.in.src
@@ -1,7 +1,7 @@
 dnl
 dnl %CopyrightBegin%
 dnl
-dnl Copyright Ericsson AB 1999-2010. All Rights Reserved.
+dnl Copyright Ericsson AB 1999-2011. All Rights Reserved.
 dnl
 dnl The contents of this file are subject to the Erlang Public License,
 dnl Version 1.1, (the "License"); you may not use this file except in
@@ -17,7 +17,7 @@ dnl
 dnl %CopyrightEnd%
 dnl
 
-dnl Turn of caching
+dnl Turn off caching
 define([AC_CACHE_LOAD], )dnl
 define([AC_CACHE_SAVE], )dnl
 
diff --git a/lib/cosEvent/doc/src/Makefile b/lib/cosEvent/doc/src/Makefile
index db2f7e6da5..6a9b4201d7 100644
--- a/lib/cosEvent/doc/src/Makefile
+++ b/lib/cosEvent/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosEvent/doc/src/notes.xml b/lib/cosEvent/doc/src/notes.xml
index 1da5399755..de98a44b6a 100644
--- a/lib/cosEvent/doc/src/notes.xml
+++ b/lib/cosEvent/doc/src/notes.xml
@@ -32,7 +32,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section>
+  <section><title>cosEvent 2.1.12</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>cosEvent 2.1.11</title>
 
     <section>
diff --git a/lib/cosEvent/src/Makefile b/lib/cosEvent/src/Makefile
index 736b95538a..f8e751f218 100644
--- a/lib/cosEvent/src/Makefile
+++ b/lib/cosEvent/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosEvent/vsn.mk b/lib/cosEvent/vsn.mk
index 85d3cf552b..2cd943e4b2 100644
--- a/lib/cosEvent/vsn.mk
+++ b/lib/cosEvent/vsn.mk
@@ -1,3 +1,3 @@
 
-COSEVENT_VSN = 2.1.11
+COSEVENT_VSN = 2.1.12
 
diff --git a/lib/cosEventDomain/doc/src/Makefile b/lib/cosEventDomain/doc/src/Makefile
index b2cdef278a..cd159c623c 100644
--- a/lib/cosEventDomain/doc/src/Makefile
+++ b/lib/cosEventDomain/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2001-2009. All Rights Reserved.
+# Copyright Ericsson AB 2001-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosEventDomain/doc/src/notes.xml b/lib/cosEventDomain/doc/src/notes.xml
index 585761ce65..fa96792c33 100644
--- a/lib/cosEventDomain/doc/src/notes.xml
+++ b/lib/cosEventDomain/doc/src/notes.xml
@@ -31,7 +31,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section>
+  <section><title>cosEventDomain 1.1.12</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>cosEventDomain 1.1.11</title>
 
     <section>
diff --git a/lib/cosEventDomain/src/Makefile b/lib/cosEventDomain/src/Makefile
index 5af790c760..409cac47f1 100644
--- a/lib/cosEventDomain/src/Makefile
+++ b/lib/cosEventDomain/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2001-2009. All Rights Reserved.
+# Copyright Ericsson AB 2001-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosEventDomain/vsn.mk b/lib/cosEventDomain/vsn.mk
index 7df47cef2e..5ad421e319 100644
--- a/lib/cosEventDomain/vsn.mk
+++ b/lib/cosEventDomain/vsn.mk
@@ -1,3 +1,3 @@
 
-COSEVENTDOMAIN_VSN = 1.1.11
+COSEVENTDOMAIN_VSN = 1.1.12
 
diff --git a/lib/cosFileTransfer/doc/src/Makefile b/lib/cosFileTransfer/doc/src/Makefile
index e62738daba..d9c68987e4 100644
--- a/lib/cosFileTransfer/doc/src/Makefile
+++ b/lib/cosFileTransfer/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosFileTransfer/doc/src/notes.xml b/lib/cosFileTransfer/doc/src/notes.xml
index c7a4fd4504..f38597db10 100644
--- a/lib/cosFileTransfer/doc/src/notes.xml
+++ b/lib/cosFileTransfer/doc/src/notes.xml
@@ -30,7 +30,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section><title>cosFileTransfer 1.1.12</title>
+  <section><title>cosFileTransfer 1.1.13</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>cosFileTransfer 1.1.12</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/cosFileTransfer/src/Makefile b/lib/cosFileTransfer/src/Makefile
index b811ef1106..1d51304f6b 100644
--- a/lib/cosFileTransfer/src/Makefile
+++ b/lib/cosFileTransfer/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosFileTransfer/test/fileTransfer_SUITE.erl b/lib/cosFileTransfer/test/fileTransfer_SUITE.erl
index e94c307ef8..79a234bd28 100644
--- a/lib/cosFileTransfer/test/fileTransfer_SUITE.erl
+++ b/lib/cosFileTransfer/test/fileTransfer_SUITE.erl
@@ -131,10 +131,10 @@ end_per_testcase(_Case, Config) ->
     ok.
 
 init_per_suite(Config) ->
-    case code:which(crypto) of
-	Res when is_atom(Res) ->
+    case crypto_works() of
+	false ->
 	    {skip,"Could not start crypto!"};
-	_Else ->
+	true ->
 	    orber:jump_start(),
 	    cosProperty:install(),
 	    cosProperty:start(),
@@ -165,6 +165,15 @@ init_per_suite(Config) ->
 	    end
     end.
 
+crypto_works() ->
+    try crypto:start() of
+	{error,{already_started,crypto}} -> true;
+	ok -> true
+    catch
+	error:_ ->
+	    false
+    end.
+
 end_per_suite(Config) ->
     ssl:stop(),
     crypto:stop(),
diff --git a/lib/cosFileTransfer/vsn.mk b/lib/cosFileTransfer/vsn.mk
index fe0226e3b3..6d0c6669a3 100644
--- a/lib/cosFileTransfer/vsn.mk
+++ b/lib/cosFileTransfer/vsn.mk
@@ -1 +1 @@
-COSFILETRANSFER_VSN = 1.1.12
+COSFILETRANSFER_VSN = 1.1.13
diff --git a/lib/cosNotification/doc/src/Makefile b/lib/cosNotification/doc/src/Makefile
index 2ead9aba7b..5caee09ec5 100644
--- a/lib/cosNotification/doc/src/Makefile
+++ b/lib/cosNotification/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosNotification/doc/src/notes.xml b/lib/cosNotification/doc/src/notes.xml
index a54230c9f7..c79d040f9a 100644
--- a/lib/cosNotification/doc/src/notes.xml
+++ b/lib/cosNotification/doc/src/notes.xml
@@ -31,7 +31,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section><title>cosNotification 1.1.17</title>
+  <section><title>cosNotification 1.1.18</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>cosNotification 1.1.17</title>
 
     <section><title>Improvements and New Features</title>
       <list>
diff --git a/lib/cosNotification/src/Makefile b/lib/cosNotification/src/Makefile
index be52d1a06f..92225c6cfd 100644
--- a/lib/cosNotification/src/Makefile
+++ b/lib/cosNotification/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosNotification/vsn.mk b/lib/cosNotification/vsn.mk
index b32919a2ef..e7c5465fe4 100644
--- a/lib/cosNotification/vsn.mk
+++ b/lib/cosNotification/vsn.mk
@@ -1,2 +1,2 @@
-COSNOTIFICATION_VSN = 1.1.17
+COSNOTIFICATION_VSN = 1.1.18
 
diff --git a/lib/cosProperty/doc/src/Makefile b/lib/cosProperty/doc/src/Makefile
index d4c89ff44f..50f2e06f6c 100644
--- a/lib/cosProperty/doc/src/Makefile
+++ b/lib/cosProperty/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosProperty/doc/src/notes.xml b/lib/cosProperty/doc/src/notes.xml
index 85b2119e9d..f5f737e2a3 100644
--- a/lib/cosProperty/doc/src/notes.xml
+++ b/lib/cosProperty/doc/src/notes.xml
@@ -31,7 +31,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section>
+  <section><title>cosProperty 1.1.15</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>cosProperty 1.1.14</title>
 
     <section>
diff --git a/lib/cosProperty/src/Makefile b/lib/cosProperty/src/Makefile
index b72019f37d..8060421b4e 100644
--- a/lib/cosProperty/src/Makefile
+++ b/lib/cosProperty/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosProperty/vsn.mk b/lib/cosProperty/vsn.mk
index ecc4a2746c..a4b1a2c94e 100644
--- a/lib/cosProperty/vsn.mk
+++ b/lib/cosProperty/vsn.mk
@@ -1,2 +1,2 @@
-COSPROPERTY_VSN = 1.1.14
+COSPROPERTY_VSN = 1.1.15
 
diff --git a/lib/cosTime/doc/src/Makefile b/lib/cosTime/doc/src/Makefile
index af418896aa..4e97b07cf4 100644
--- a/lib/cosTime/doc/src/Makefile
+++ b/lib/cosTime/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosTime/doc/src/notes.xml b/lib/cosTime/doc/src/notes.xml
index 3698e4813e..c70978df2b 100644
--- a/lib/cosTime/doc/src/notes.xml
+++ b/lib/cosTime/doc/src/notes.xml
@@ -32,7 +32,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section>
+  <section><title>cosTime 1.1.12</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>cosTime 1.1.11</title>
 
     <section>
diff --git a/lib/cosTime/src/Makefile b/lib/cosTime/src/Makefile
index fa456249bd..18c25ca8f1 100644
--- a/lib/cosTime/src/Makefile
+++ b/lib/cosTime/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosTime/vsn.mk b/lib/cosTime/vsn.mk
index 4d982f3013..14d3b61bc6 100644
--- a/lib/cosTime/vsn.mk
+++ b/lib/cosTime/vsn.mk
@@ -1,2 +1,2 @@
-COSTIME_VSN = 1.1.11
+COSTIME_VSN = 1.1.12
 
diff --git a/lib/cosTransactions/doc/src/Makefile b/lib/cosTransactions/doc/src/Makefile
index 7d959cbc8f..4341ec04a3 100644
--- a/lib/cosTransactions/doc/src/Makefile
+++ b/lib/cosTransactions/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosTransactions/doc/src/notes.xml b/lib/cosTransactions/doc/src/notes.xml
index 29addf424d..f3a7a83fb0 100644
--- a/lib/cosTransactions/doc/src/notes.xml
+++ b/lib/cosTransactions/doc/src/notes.xml
@@ -32,7 +32,25 @@
     <file>notes.xml</file>
   </header>
 
-  <section>
+  <section><title>cosTransactions 1.2.12</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>cosTransactions 1.2.11</title>
     <section>
       <title>Improvements and New Features</title>
diff --git a/lib/cosTransactions/src/Makefile b/lib/cosTransactions/src/Makefile
index e7d4b0b080..3c799ca0ca 100644
--- a/lib/cosTransactions/src/Makefile
+++ b/lib/cosTransactions/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/cosTransactions/vsn.mk b/lib/cosTransactions/vsn.mk
index 3960c58c5b..7ca604b589 100644
--- a/lib/cosTransactions/vsn.mk
+++ b/lib/cosTransactions/vsn.mk
@@ -1 +1 @@
-COSTRANSACTIONS_VSN = 1.2.11
+COSTRANSACTIONS_VSN = 1.2.12
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 802c1991de..4dc62421d2 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -53,6 +53,17 @@
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_SHA256) && defined(NID_sha256)
+# define HAVE_SHA256
+#endif
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_SHA384) && defined(NID_sha384)\
+         && !defined(OPENSSL_NO_SHA512) /* disabled like this in my sha.h (?) */
+# define HAVE_SHA384
+#endif
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_SHA512) && defined(NID_sha512)
+# define HAVE_SHA512
+#endif
+
 #ifdef VALGRIND
     #  include <valgrind/memcheck.h>
 
@@ -124,6 +135,14 @@ static ERL_NIF_TERM sha(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM sha_init(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM sha_update(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM sha_final(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha256_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha256_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha256_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha256_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha512_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha512_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha512_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM sha512_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM md4(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM md4_init(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM md4_update(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
@@ -148,7 +167,7 @@ static ERL_NIF_TERM strong_rand_mpint_nif(ErlNifEnv* env, int argc, const ERL_NI
 static ERL_NIF_TERM rand_uniform_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM mod_exp_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM dss_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
-static ERL_NIF_TERM rsa_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM rsa_verify_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM aes_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM exor(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rc4_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
@@ -201,6 +220,14 @@ static ErlNifFunc nif_funcs[] = {
     {"sha_init", 0, sha_init},
     {"sha_update", 2, sha_update},
     {"sha_final", 1, sha_final},
+    {"sha256_nif", 1, sha256_nif},
+    {"sha256_init_nif", 0, sha256_init_nif},
+    {"sha256_update_nif", 2, sha256_update_nif},
+    {"sha256_final_nif", 1, sha256_final_nif},
+    {"sha512_nif", 1, sha512_nif},
+    {"sha512_init_nif", 0, sha512_init_nif},
+    {"sha512_update_nif", 2, sha512_update_nif},
+    {"sha512_final_nif", 1, sha512_final_nif},
     {"md4", 1, md4},
     {"md4_init", 0, md4_init},
     {"md4_update", 2, md4_update},
@@ -228,7 +255,7 @@ static ErlNifFunc nif_funcs[] = {
     {"rand_uniform_nif", 2, rand_uniform_nif},
     {"mod_exp_nif", 3, mod_exp_nif},
     {"dss_verify", 4, dss_verify},
-    {"rsa_verify", 4, rsa_verify},
+    {"rsa_verify_nif", 4, rsa_verify_nif},
     {"aes_cbc_crypt", 4, aes_cbc_crypt},
     {"exor", 2, exor},
     {"rc4_encrypt", 2, rc4_encrypt},
@@ -260,6 +287,9 @@ ERL_NIF_INIT(crypto,nif_funcs,load,reload,upgrade,unload)
 #define SHA_CTX_LEN     (sizeof(SHA_CTX))
 #define SHA_LEN         20
 #define SHA_LEN_96      12
+#define SHA256_LEN	(256/8)
+#define SHA384_LEN	(384/8)
+#define SHA512_LEN	(512/8)
 #define HMAC_INT_LEN    64
 
 #define HMAC_IPAD       0x36
@@ -270,6 +300,9 @@ static ErlNifRWLock** lock_vec = NULL; /* Static locks used by openssl */
 static ERL_NIF_TERM atom_true;
 static ERL_NIF_TERM atom_false;
 static ERL_NIF_TERM atom_sha;
+static ERL_NIF_TERM atom_sha256;
+static ERL_NIF_TERM atom_sha384;
+static ERL_NIF_TERM atom_sha512;
 static ERL_NIF_TERM atom_md5;
 static ERL_NIF_TERM atom_ripemd160;
 static ERL_NIF_TERM atom_error;
@@ -286,6 +319,7 @@ static ERL_NIF_TERM atom_not_suitable_generator;
 static ERL_NIF_TERM atom_check_failed;
 static ERL_NIF_TERM atom_unknown;
 static ERL_NIF_TERM atom_none;
+static ERL_NIF_TERM atom_notsup;
 
 
 static int is_ok_load_info(ErlNifEnv* env, ERL_NIF_TERM load_info)
@@ -340,6 +374,9 @@ static int load(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info)
     atom_true = enif_make_atom(env,"true");
     atom_false = enif_make_atom(env,"false");
     atom_sha = enif_make_atom(env,"sha");
+    atom_sha256 = enif_make_atom(env,"sha256");
+    atom_sha384 = enif_make_atom(env,"sha384");
+    atom_sha512 = enif_make_atom(env,"sha512");
     atom_md5 = enif_make_atom(env,"md5");
     atom_ripemd160 = enif_make_atom(env,"ripemd160");
     atom_error = enif_make_atom(env,"error");
@@ -355,6 +392,7 @@ static int load(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info)
     atom_check_failed = enif_make_atom(env,"check_failed");
     atom_unknown = enif_make_atom(env,"unknown");
     atom_none = enif_make_atom(env,"none");
+    atom_notsup = enif_make_atom(env,"notsup");
 
     *priv_data = NULL;
     library_refc++;
@@ -519,6 +557,129 @@ static ERL_NIF_TERM sha_final(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[
     return ret;
 }
 
+static ERL_NIF_TERM sha256_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Data) */
+#ifdef HAVE_SHA256
+    ErlNifBinary ibin;
+    ERL_NIF_TERM ret;
+
+    if (!enif_inspect_iolist_as_binary(env, argv[0], &ibin)) {
+	return enif_make_badarg(env);
+    }
+    SHA256((unsigned char *) ibin.data, ibin.size,
+	 enif_make_new_binary(env,SHA256_LEN, &ret));
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+static ERL_NIF_TERM sha256_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* () */   
+#ifdef HAVE_SHA256
+    ERL_NIF_TERM ret;
+    SHA256_Init((SHA256_CTX *) enif_make_new_binary(env, sizeof(SHA256_CTX), &ret));
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+static ERL_NIF_TERM sha256_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Context, Data) */
+#ifdef HAVE_SHA256
+    SHA256_CTX* new_ctx;
+    ErlNifBinary ctx_bin, data_bin;
+    ERL_NIF_TERM ret;
+    if (!enif_inspect_binary(env, argv[0], &ctx_bin) || ctx_bin.size != sizeof(SHA256_CTX)
+	|| !enif_inspect_iolist_as_binary(env, argv[1], &data_bin)) {
+	return enif_make_badarg(env);
+    }
+    new_ctx = (SHA256_CTX*) enif_make_new_binary(env,sizeof(SHA256_CTX), &ret);
+    memcpy(new_ctx, ctx_bin.data, sizeof(SHA256_CTX));
+    SHA256_Update(new_ctx, data_bin.data, data_bin.size);
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+static ERL_NIF_TERM sha256_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Context) */
+#ifdef HAVE_SHA256
+    ErlNifBinary ctx_bin;
+    SHA256_CTX ctx_clone;
+    ERL_NIF_TERM ret;
+    if (!enif_inspect_binary(env, argv[0], &ctx_bin) || ctx_bin.size != sizeof(SHA256_CTX)) {
+	return enif_make_badarg(env);
+    }
+    memcpy(&ctx_clone, ctx_bin.data, sizeof(SHA256_CTX)); /* writable */
+    SHA256_Final(enif_make_new_binary(env, SHA256_LEN, &ret), &ctx_clone);    
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+
+static ERL_NIF_TERM sha512_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Data) */
+#ifdef HAVE_SHA512
+    ErlNifBinary ibin;
+    ERL_NIF_TERM ret;
+
+    if (!enif_inspect_iolist_as_binary(env, argv[0], &ibin)) {
+	return enif_make_badarg(env);
+    }
+    SHA512((unsigned char *) ibin.data, ibin.size,
+	 enif_make_new_binary(env,SHA512_LEN, &ret));
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+static ERL_NIF_TERM sha512_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* () */   
+#ifdef HAVE_SHA512
+    ERL_NIF_TERM ret;
+    SHA512_Init((SHA512_CTX *) enif_make_new_binary(env, sizeof(SHA512_CTX), &ret));
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+static ERL_NIF_TERM sha512_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Context, Data) */
+#ifdef HAVE_SHA512
+    SHA512_CTX* new_ctx;
+    ErlNifBinary ctx_bin, data_bin;
+    ERL_NIF_TERM ret;
+    if (!enif_inspect_binary(env, argv[0], &ctx_bin) || ctx_bin.size != sizeof(SHA512_CTX)
+	|| !enif_inspect_iolist_as_binary(env, argv[1], &data_bin)) {
+	return enif_make_badarg(env);
+    }
+    new_ctx = (SHA512_CTX*) enif_make_new_binary(env,sizeof(SHA512_CTX), &ret);
+    memcpy(new_ctx, ctx_bin.data, sizeof(SHA512_CTX));
+    SHA512_Update(new_ctx, data_bin.data, data_bin.size);
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+static ERL_NIF_TERM sha512_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Context) */
+#ifdef HAVE_SHA512
+    ErlNifBinary ctx_bin;
+    SHA512_CTX ctx_clone;
+    ERL_NIF_TERM ret;
+    if (!enif_inspect_binary(env, argv[0], &ctx_bin) || ctx_bin.size != sizeof(SHA512_CTX)) {
+	return enif_make_badarg(env);
+    }
+    memcpy(&ctx_clone, ctx_bin.data, sizeof(SHA512_CTX)); /* writable */
+    SHA512_Final(enif_make_new_binary(env, SHA512_LEN, &ret), &ctx_clone);    
+    return ret;
+#else
+    return atom_notsup;
+#endif
+}
+
+
 static ERL_NIF_TERM md4(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Data) */    
     ErlNifBinary ibin;
@@ -1095,17 +1256,14 @@ static ERL_NIF_TERM dss_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv
     return(i > 0) ? atom_true : atom_false;
 }
 
-static ERL_NIF_TERM rsa_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+static ERL_NIF_TERM rsa_verify_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Type, Data, Signature, Key=[E,N]) */
     ErlNifBinary data_bin, sign_bin;
-    unsigned char hmacbuf[SHA_DIGEST_LENGTH];
+    unsigned char hmacbuf[SHA512_LEN];
     ERL_NIF_TERM head, tail, ret;
-    int i, is_sha;
+    int i;
     RSA* rsa = RSA_new();
-
-    if (argv[0] == atom_sha) is_sha = 1;
-    else if (argv[0] == atom_md5) is_sha = 0;
-    else goto badarg;
+    const ERL_NIF_TERM type = argv[0];
 
     if (!inspect_mpint(env, argv[1], &data_bin)
 	|| !inspect_mpint(env, argv[2], &sign_bin)
@@ -1114,22 +1272,57 @@ static ERL_NIF_TERM rsa_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv
 	|| !enif_get_list_cell(env, tail, &head, &tail)
 	|| !get_bn_from_mpint(env, head, &rsa->n)
 	|| !enif_is_empty_list(env, tail)) {
-    badarg:
+	
 	ret = enif_make_badarg(env);
     }
     else {
-	if (is_sha) {
+	if (type == atom_sha) {
 	    SHA1(data_bin.data+4, data_bin.size-4, hmacbuf);
 	    i = RSA_verify(NID_sha1, hmacbuf, SHA_DIGEST_LENGTH,
 			   sign_bin.data+4, sign_bin.size-4, rsa);
 	}
-	else {
+	else if (type == atom_sha256) {
+	  #ifdef HAVE_SHA256
+	    SHA256(data_bin.data+4, data_bin.size-4, hmacbuf);
+	    i = RSA_verify(NID_sha256, hmacbuf, SHA256_LEN,
+			   sign_bin.data+4, sign_bin.size-4, rsa);
+	  #else
+	    ret = atom_notsup;
+	    goto done;
+	  #endif 
+	}
+	else if (type == atom_sha384) {
+	  #ifdef HAVE_SHA384
+	    SHA384(data_bin.data+4, data_bin.size-4, hmacbuf);
+	    i = RSA_verify(NID_sha384, hmacbuf, SHA384_LEN,
+			   sign_bin.data+4, sign_bin.size-4, rsa);
+	  #else
+	    ret = atom_notsup;
+	    goto done;
+	  #endif 
+	}
+	else if (type == atom_sha512) {
+	  #ifdef HAVE_SHA512
+	    SHA512(data_bin.data+4, data_bin.size-4, hmacbuf);
+	    i = RSA_verify(NID_sha512, hmacbuf, SHA512_LEN,
+			   sign_bin.data+4, sign_bin.size-4, rsa);
+	  #else
+	    ret = atom_notsup;
+	    goto done;	    
+	  #endif
+	}
+	else if (type == atom_md5) {
 	    MD5(data_bin.data+4, data_bin.size-4, hmacbuf);
 	    i = RSA_verify(NID_md5, hmacbuf, MD5_DIGEST_LENGTH,
 			   sign_bin.data+4, sign_bin.size-4, rsa);
 	}
+	else {
+	    ret = enif_make_badarg(env);
+	    goto done;
+	}
 	ret = (i==1 ? atom_true : atom_false);
-    }
+    }    
+done:
     RSA_free(rsa);
     return ret;
 }
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 48243fd693..8cb893cd1c 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -896,7 +896,7 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
         <v>Key = [E, N]</v>
         <v>E, N = Mpint</v>
         <d>Where <c>E</c> is the public exponent and <c>N</c> is public modulus.</d>
-	<v>DigestType = md5 | sha</v>
+	<v>DigestType = md5 | sha | sha256 | sha384 | sha512</v>
 	<d> The default <c>DigestType</c> is sha.</d>
         <v>Mpint = binary()</v>
       </type>
@@ -905,6 +905,8 @@ Mpint() = <![CDATA[<<ByteLen:32/integer-big, Bytes:ByteLen/binary>>]]>
           and verifies that the digest matches the RSA signature using the
           signer's public key <c>Key</c>.
 	</p>
+	<p>May throw exception <c>notsup</c> in case the chosen <c>DigestType</c>
+	is not supported by the underlying OpenSSL implementation.</p>
       </desc>
     </func>
     
diff --git a/lib/crypto/doc/src/notes.xml b/lib/crypto/doc/src/notes.xml
index 763f79e02d..3a44550ae2 100644
--- a/lib/crypto/doc/src/notes.xml
+++ b/lib/crypto/doc/src/notes.xml
@@ -30,6 +30,44 @@
   </header>
   <p>This document describes the changes made to the Crypto application.</p>
 
+<section><title>Crypto 2.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    public_key, ssl and crypto now supports PKCS-8</p>
+          <p>
+	    Own Id: OTP-9312</p>
+        </item>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+          <p>
+	    Add DES and Triple DES cipher feedback (CFB) mode
+	    functions to <c>crypto</c>. (Thanks to Paul Guyot)</p>
+          <p>
+	    Own Id: OTP-9640</p>
+        </item>
+        <item>
+          <p>
+	    Add sha256, sha384 and sha512 support for
+	    <c>crypto:rsa_verify</c>.</p>
+          <p>
+	    Own Id: OTP-9778</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Crypto 2.0.4</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 0714cb686d..d7aac27825 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -25,8 +25,8 @@
 -export([md4/1, md4_init/0, md4_update/2, md4_final/1]).
 -export([md5/1, md5_init/0, md5_update/2, md5_final/1]).
 -export([sha/1, sha_init/0, sha_update/2, sha_final/1]).
-%-export([sha256/1, sha256_init/0, sha256_update/2, sha256_final/1]).
-%-export([sha512/1, sha512_init/0, sha512_update/2, sha512_final/1]).
+-export([sha256/1, sha256_init/0, sha256_update/2, sha256_final/1]).
+-export([sha512/1, sha512_init/0, sha512_update/2, sha512_final/1]).
 -export([md5_mac/2, md5_mac_96/2, sha_mac/2, sha_mac/3, sha_mac_96/2]).
 -export([hmac_init/2, hmac_update/2, hmac_final/1, hmac_final_n/2]).
 -export([des_cbc_encrypt/3, des_cbc_decrypt/3, des_cbc_ivec/1]).
@@ -64,8 +64,8 @@
 -define(FUNC_LIST, [md4, md4_init, md4_update, md4_final,
 		    md5, md5_init, md5_update, md5_final,
 		    sha, sha_init, sha_update, sha_final,
-%% 		    sha256, sha256_init, sha256_update, sha256_final,
-%% 		    sha512, sha512_init, sha512_update, sha512_final,
+ 		    sha256, sha256_init, sha256_update, sha256_final,
+ 		    sha512, sha512_init, sha512_update, sha512_final,
 		    md5_mac,  md5_mac_96,
 		    sha_mac,  sha_mac_96,
                     sha_mac_init, sha_mac_update, sha_mac_final,
@@ -95,7 +95,7 @@
                     aes_ctr_stream_init, aes_ctr_stream_encrypt, aes_ctr_stream_decrypt,
 		    info_lib]).
 
--type rsa_digest_type() :: 'md5' | 'sha'.
+-type rsa_digest_type() :: 'md5' | 'sha' | 'sha256' | 'sha384' | 'sha512'.
 -type dss_digest_type() :: 'none' | 'sha'.
 -type crypto_integer() :: binary() | integer().
 
@@ -219,6 +219,73 @@ sha_init() -> ?nif_stub.
 sha_update(_Context, _Data) -> ?nif_stub.
 sha_final(_Context) -> ?nif_stub.
 
+%
+%% SHA256
+%%
+-spec sha256(iodata()) -> binary().
+-spec sha256_init() -> binary().
+-spec sha256_update(binary(), iodata()) -> binary().
+-spec sha256_final(binary()) -> binary().
+
+sha256(Data) ->
+    case sha256_nif(Data) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+sha256_init() ->
+    case sha256_init_nif() of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+sha256_update(Context, Data) ->
+    case sha256_update_nif(Context, Data) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+sha256_final(Context) ->
+    case sha256_final_nif(Context) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+
+sha256_nif(_Data) -> ?nif_stub.
+sha256_init_nif() -> ?nif_stub.
+sha256_update_nif(_Context, _Data) -> ?nif_stub.
+sha256_final_nif(_Context) -> ?nif_stub.
+
+%
+%% SHA512
+%%
+-spec sha512(iodata()) -> binary().
+-spec sha512_init() -> binary().
+-spec sha512_update(binary(), iodata()) -> binary().
+-spec sha512_final(binary()) -> binary().
+
+sha512(Data) ->
+    case sha512_nif(Data) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+sha512_init() ->
+    case sha512_init_nif() of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+sha512_update(Context, Data) ->
+    case sha512_update_nif(Context, Data) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+sha512_final(Context) ->
+    case sha512_final_nif(Context) of
+	notsup -> erlang:error(notsup);
+	Bin -> Bin
+    end.
+
+sha512_nif(_Data) -> ?nif_stub.
+sha512_init_nif() -> ?nif_stub.
+sha512_update_nif(_Context, _Data) -> ?nif_stub.
+sha512_final_nif(_Context) -> ?nif_stub.
 
 %%
 %%  MESSAGE AUTHENTICATION CODES
@@ -522,8 +589,14 @@ dss_verify(_Type,_Data,_Signature,_Key) -> ?nif_stub.
 
 % Key = [E,N]  E=PublicExponent N=PublicModulus
 rsa_verify(Data,Signature,Key) ->
-    rsa_verify(sha, Data,Signature,Key).
-rsa_verify(_Type,_Data,_Signature,_Key) -> ?nif_stub.
+    rsa_verify_nif(sha, Data,Signature,Key).
+rsa_verify(Type, Data, Signature, Key) ->
+    case rsa_verify_nif(Type, Data, Signature, Key) of
+    	notsup -> erlang:error(notsup);
+	Bool -> Bool
+    end.
+
+rsa_verify_nif(_Type, _Data, _Signature, _Key) -> ?nif_stub.
 
 
 %%
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 86acdc27df..627c966dfb 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -68,30 +68,29 @@
 	 rc4_test/1,
 	 rc4_stream_test/1,
 	 blowfish_cfb64/1,
-	 smp/1,
-	 cleanup/1]).
+	 smp/1]).
 
 -export([hexstr2bin/1]).
 
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
-    [link_test, md5, md5_update, md4, md4_update, md5_mac,
-     md5_mac_io, sha, sha_update, 
-     hmac_update_sha, hmac_update_sha_n, hmac_update_md5_n, hmac_update_md5_io, hmac_update_md5,
-     %% sha256, sha256_update, sha512,sha512_update,
-     des_cbc, des_cfb, des3_cbc, des3_cfb, rc2_cbc, aes_cfb, aes_cbc,
-     aes_cbc_iter, aes_ctr, aes_ctr_stream, des_cbc_iter, des_cfb_iter, des_ecb,
-     des_cbc, rc2_cbc, aes_cfb, aes_cbc,
-     aes_cbc_iter, aes_ctr, aes_ctr_stream, des_cbc_iter, des_ecb,
-     rand_uniform_test, strong_rand_test,
-     rsa_verify_test, dsa_verify_test, rsa_sign_test,
-     dsa_sign_test, rsa_encrypt_decrypt, dh, exor_test,
-     rc4_test, rc4_stream_test, mod_exp_test, blowfish_cfb64,
-     smp].
-
-groups() -> 
-    [].
+    [link_test, {group, info}].
+
+groups() ->
+    [{info, [sequence],[info, {group, rest}]},
+     {rest, [],
+      [md5, md5_update, md4, md4_update, md5_mac,
+       md5_mac_io, sha, sha_update,
+       hmac_update_sha, hmac_update_sha_n, hmac_update_md5_n,
+       hmac_update_md5_io, hmac_update_md5,
+       des_cbc, aes_cfb, aes_cbc,
+       aes_cbc_iter, aes_ctr, aes_ctr_stream, des_cbc_iter, des_ecb,
+       rand_uniform_test, strong_rand_test,
+       rsa_verify_test, dsa_verify_test, rsa_sign_test,
+       dsa_sign_test, rsa_encrypt_decrypt, dh, exor_test,
+       rc4_test, rc4_stream_test, mod_exp_test, blowfish_cfb64,
+       smp]}].
 
 init_per_suite(Config) ->
     Config.
@@ -105,11 +104,15 @@ init_per_group(_GroupName, Config) ->
 end_per_group(_GroupName, Config) ->
     Config.
 
+init_per_testcase(info, Config) ->
+    Config;
 init_per_testcase(_Name,Config) ->
     io:format("init_per_testcase\n"),
     ?line crypto:start(),
     Config.
 
+end_per_testcase(info, Config) ->
+    Config;
 end_per_testcase(_Name,Config) ->
     io:format("end_per_testcase\n"),
     ?line crypto:stop(),
@@ -197,13 +200,6 @@ info(Config) when is_list(Config) ->
 	    ?line crypto:stop()
     end.
 
-cleanup(doc) ->
-    ["Cleanup (dummy)."];
-cleanup(suite) ->
-    [];
-cleanup(Config) when is_list(Config) ->
-    Config.
-
 %%
 %%
 md5(doc) ->
diff --git a/lib/crypto/vsn.mk b/lib/crypto/vsn.mk
index 33fa9b1ec3..7e82e47d38 100644
--- a/lib/crypto/vsn.mk
+++ b/lib/crypto/vsn.mk
@@ -1 +1 @@
-CRYPTO_VSN = 2.0.4
+CRYPTO_VSN = 2.1
diff --git a/lib/debugger/doc/src/debugger_chapter.xml b/lib/debugger/doc/src/debugger_chapter.xml
index 2d812b0236..de7784b240 100644
--- a/lib/debugger/doc/src/debugger_chapter.xml
+++ b/lib/debugger/doc/src/debugger_chapter.xml
@@ -4,7 +4,7 @@
 <chapter>
 <header>
     <copyright>
-      <year>1997</year><year>2009</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/debugger/doc/src/int.xml b/lib/debugger/doc/src/int.xml
index c9d815755d..0794685f34 100644
--- a/lib/debugger/doc/src/int.xml
+++ b/lib/debugger/doc/src/int.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1998</year><year>2009</year>
+      <year>1998</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/debugger/doc/src/notes.xml b/lib/debugger/doc/src/notes.xml
index 93e447848a..4d8bd8ebe4 100644
--- a/lib/debugger/doc/src/notes.xml
+++ b/lib/debugger/doc/src/notes.xml
@@ -32,6 +32,50 @@
   <p>This document describes the changes made to the Debugger
     application.</p>
 
+<section><title>Debugger 3.2.7</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fix "OK" spelling in debugger messages and variables</p>
+          <p>
+	    Simple code refactor in the debugger: renames all the
+	    occurrences of "Ok" to "OK" in the code, variable names
+	    and strings. This improves the consistency of the code
+	    and follows the GTK UI where "OK" is always used.(Thanks
+	    to Ricardo Catalinas Jim�nez)</p>
+          <p>
+	    Own Id: OTP-9699</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Variables are now now allowed in '<c>fun M:F/A</c>' as
+	    suggested by Richard O'Keefe in EEP-23.</p>
+	    <p>The representation of '<c>fun M:F/A</c>' in the
+	    abstract format has been changed in an incompatible way.
+	    Tools that directly read or manipulate the abstract
+	    format (such as parse transforms) may need to be updated.
+	    The compiler can handle both the new and the old format
+	    (i.e. extracting the abstract format from a pre-R15 BEAM
+	    file and compiling it using compile:forms/1,2 will work).
+	    The <c>syntax_tools</c> application can also handle both
+	    formats.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9643</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Debugger 3.2.6</title>
 
     <section><title>Improvements and New Features</title>
diff --git a/lib/debugger/src/Makefile b/lib/debugger/src/Makefile
index 6dc7d0d783..be9a2d13cb 100644
--- a/lib/debugger/src/Makefile
+++ b/lib/debugger/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/src/dbg_debugged.erl b/lib/debugger/src/dbg_debugged.erl
index 18dcd92ff3..4d9ffc4f3b 100644
--- a/lib/debugger/src/dbg_debugged.erl
+++ b/lib/debugger/src/dbg_debugged.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1998-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/src/dbg_ieval.hrl b/lib/debugger/src/dbg_ieval.hrl
index ea6189ad02..1abf39d247 100644
--- a/lib/debugger/src/dbg_ieval.hrl
+++ b/lib/debugger/src/dbg_ieval.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2005-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/src/dbg_ui_break_win.erl b/lib/debugger/src/dbg_ui_break_win.erl
index abbec158b0..2894e8223b 100644
--- a/lib/debugger/src/dbg_ui_break_win.erl
+++ b/lib/debugger/src/dbg_ui_break_win.erl
@@ -17,6 +17,18 @@
 %% %CopyrightEnd%
 %%
 -module(dbg_ui_break_win).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,entry,2}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,listbox,2}},
+          {nowarn_deprecated_function,{gs,menu,2}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,radiobutton,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 %% External exports
 -export([create_win/5,
diff --git a/lib/debugger/src/dbg_ui_edit_win.erl b/lib/debugger/src/dbg_ui_edit_win.erl
index 82f784aa83..fb40ab3812 100644
--- a/lib/debugger/src/dbg_ui_edit_win.erl
+++ b/lib/debugger/src/dbg_ui_edit_win.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -17,6 +17,12 @@
 %% %CopyrightEnd%
 %%
 -module(dbg_ui_edit_win).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,entry,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 %% External exports
 -export([create_win/5, get_window/1,
diff --git a/lib/debugger/src/dbg_ui_filedialog_win.erl b/lib/debugger/src/dbg_ui_filedialog_win.erl
index 1eced1104d..50d198f361 100644
--- a/lib/debugger/src/dbg_ui_filedialog_win.erl
+++ b/lib/debugger/src/dbg_ui_filedialog_win.erl
@@ -18,6 +18,13 @@
 %%
 
 -module(dbg_ui_filedialog_win).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,entry,3}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,listbox,3}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 %% External exports
 -export([create_win/6, create_win/7, get_window/1,
diff --git a/lib/debugger/src/dbg_ui_interpret.erl b/lib/debugger/src/dbg_ui_interpret.erl
index 079eaeb634..73392d40cb 100644
--- a/lib/debugger/src/dbg_ui_interpret.erl
+++ b/lib/debugger/src/dbg_ui_interpret.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/src/dbg_ui_mon_win.erl b/lib/debugger/src/dbg_ui_mon_win.erl
index 52e8f433ba..f446fb7fcd 100644
--- a/lib/debugger/src/dbg_ui_mon_win.erl
+++ b/lib/debugger/src/dbg_ui_mon_win.erl
@@ -17,6 +17,19 @@
 %% %CopyrightEnd%
 %%
 -module(dbg_ui_mon_win).
+-compile([{nowarn_deprecated_function,{gs,checkbutton,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,grid,2}},
+          {nowarn_deprecated_function,{gs,gridline,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,listbox,2}},
+          {nowarn_deprecated_function,{gs,menu,2}},
+          {nowarn_deprecated_function,{gs,menubar,2}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 %% External exports
 -export([init/0]).
diff --git a/lib/debugger/src/dbg_ui_settings.erl b/lib/debugger/src/dbg_ui_settings.erl
index 38b2ec424f..fcfd67966f 100644
--- a/lib/debugger/src/dbg_ui_settings.erl
+++ b/lib/debugger/src/dbg_ui_settings.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/src/dbg_ui_trace_win.erl b/lib/debugger/src/dbg_ui_trace_win.erl
index 82d4199630..f237f30e4a 100644
--- a/lib/debugger/src/dbg_ui_trace_win.erl
+++ b/lib/debugger/src/dbg_ui_trace_win.erl
@@ -17,6 +17,25 @@
 %% %CopyrightEnd%
 %%
 -module(dbg_ui_trace_win).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,button,3}},
+          {nowarn_deprecated_function,{gs,checkbutton,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,editor,2}},
+          {nowarn_deprecated_function,{gs,editor,3}},
+          {nowarn_deprecated_function,{gs,entry,2}},
+          {nowarn_deprecated_function,{gs,entry,3}},
+          {nowarn_deprecated_function,{gs,frame,3}},
+          {nowarn_deprecated_function,{gs,grid,3}},
+          {nowarn_deprecated_function,{gs,gridline,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,label,3}},
+          {nowarn_deprecated_function,{gs,menubar,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,window,2}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 %% External exports
 -export([init/0]).
diff --git a/lib/debugger/src/dbg_ui_win.erl b/lib/debugger/src/dbg_ui_win.erl
index 9bed6a1ec5..cef091ee28 100644
--- a/lib/debugger/src/dbg_ui_win.erl
+++ b/lib/debugger/src/dbg_ui_win.erl
@@ -17,6 +17,15 @@
 %% %CopyrightEnd%
 %%
 -module(dbg_ui_win).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,menu,2}},
+          {nowarn_deprecated_function,{gs,menu,3}},
+          {nowarn_deprecated_function,{gs,menubutton,2}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,menuitem,3}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,1}}]).
 
 %% External exports
 -export([init/0,
diff --git a/lib/debugger/src/dbg_ui_winman.erl b/lib/debugger/src/dbg_ui_winman.erl
index c7aac0df23..8619be344b 100644
--- a/lib/debugger/src/dbg_ui_winman.erl
+++ b/lib/debugger/src/dbg_ui_winman.erl
@@ -18,6 +18,11 @@
 %%
 -module(dbg_ui_winman).
 -behaviour(gen_server).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,menu,3}},
+          {nowarn_deprecated_function,{gs,menubutton,3}},
+          {nowarn_deprecated_function,{gs,menuitem,3}}]).
 
 %% External exports
 -export([start/0]).
diff --git a/lib/debugger/src/dbg_wx_filedialog_win.erl b/lib/debugger/src/dbg_wx_filedialog_win.erl
index 9f45ad0c47..f109652a70 100644
--- a/lib/debugger/src/dbg_wx_filedialog_win.erl
+++ b/lib/debugger/src/dbg_wx_filedialog_win.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2009-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -24,7 +24,7 @@
 -export([new/3, getFilename/1, getFilenames/1, getDirectory/1, destroy/1]).
 
 %% Internal 
--export([init/1, handle_call/3, handle_event/2, 
+-export([init/1, handle_call/3, handle_event/2, handle_cast/2,
 	 handle_info/2, code_change/3, terminate/2]).
 
 -include_lib("wx/include/wx.hrl").
@@ -193,6 +193,9 @@ handle_call(getDirectory, _From, State = #state{path=Dir}) ->
 handle_call(destroy, _From, State) ->
     {stop, normal, ok, State}.
 
+handle_cast(_, State) ->
+    {noreply, State}.
+
 %%  events
 handle_event(#wx{id=?wxID_UP}, State0) ->
     State = update_window(change_dir(0, State0)),
diff --git a/lib/debugger/src/dbg_wx_settings.erl b/lib/debugger/src/dbg_wx_settings.erl
index bc88bdf7da..3be93c495c 100644
--- a/lib/debugger/src/dbg_wx_settings.erl
+++ b/lib/debugger/src/dbg_wx_settings.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/src/dbg_wx_trace_win.erl b/lib/debugger/src/dbg_wx_trace_win.erl
index 720b913024..aab8fddda7 100644
--- a/lib/debugger/src/dbg_wx_trace_win.erl
+++ b/lib/debugger/src/dbg_wx_trace_win.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -19,6 +19,7 @@
 
 %%
 -module(dbg_wx_trace_win).
+-compile([{nowarn_deprecated_function,{gs,config,2}}]).
 
 %% External exports
 -export([init/0, stop/1]).
diff --git a/lib/debugger/src/debugger.app.src b/lib/debugger/src/debugger.app.src
index 5538f66260..807054c983 100644
--- a/lib/debugger/src/debugger.app.src
+++ b/lib/debugger/src/debugger.app.src
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/test/bs_construct_SUITE.erl b/lib/debugger/test/bs_construct_SUITE.erl
index 187c9f53b0..fa7b40ff1e 100644
--- a/lib/debugger/test/bs_construct_SUITE.erl
+++ b/lib/debugger/test/bs_construct_SUITE.erl
@@ -56,7 +56,7 @@ end_per_group(_GroupName, Config) ->
 
 init_per_testcase(_Case, Config) ->
     test_lib:interpret(?MODULE),
-    Dog = test_server:timetrap(?t:minutes(1)),
+    Dog = test_server:timetrap(?t:minutes(15)),
     [{watchdog,Dog}|Config].
 
 end_per_testcase(_Case, Config) ->
diff --git a/lib/debugger/test/bs_match_misc_SUITE.erl b/lib/debugger/test/bs_match_misc_SUITE.erl
index 89fce263f5..ec3746d76a 100644
--- a/lib/debugger/test/bs_match_misc_SUITE.erl
+++ b/lib/debugger/test/bs_match_misc_SUITE.erl
@@ -57,7 +57,7 @@ end_per_suite(Config) when is_list(Config) ->
 
 init_per_testcase(_Case, Config) ->
     test_lib:interpret(?MODULE),
-    Dog = test_server:timetrap(?t:minutes(1)),
+    Dog = test_server:timetrap(?t:minutes(15)),
     [{watchdog,Dog}|Config].
 
 end_per_testcase(_Case, Config) ->
diff --git a/lib/debugger/test/int_eval_SUITE_data/my_int_eval_module.erl b/lib/debugger/test/int_eval_SUITE_data/my_int_eval_module.erl
index 90f83e80e8..c9ac6931e2 100644
--- a/lib/debugger/test/int_eval_SUITE_data/my_int_eval_module.erl
+++ b/lib/debugger/test/int_eval_SUITE_data/my_int_eval_module.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/test/test_lib.erl b/lib/debugger/test/test_lib.erl
index 5e4ac7f164..29b26343e8 100644
--- a/lib/debugger/test/test_lib.erl
+++ b/lib/debugger/test/test_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2000-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2000-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/debugger/vsn.mk b/lib/debugger/vsn.mk
index 0f70dafc19..01ff0eb9a8 100644
--- a/lib/debugger/vsn.mk
+++ b/lib/debugger/vsn.mk
@@ -1 +1 @@
-DEBUGGER_VSN = 3.2.6
+DEBUGGER_VSN = 3.2.7
diff --git a/lib/dialyzer/doc/src/book.xml b/lib/dialyzer/doc/src/book.xml
index 0b4e1cb617..ec06427671 100644
--- a/lib/dialyzer/doc/src/book.xml
+++ b/lib/dialyzer/doc/src/book.xml
@@ -4,7 +4,7 @@
 <book xmlns:xi="http://www.w3.org/2001/XInclude">
   <header titlestyle="normal">
     <copyright>
-      <year>2006</year><year>2009</year>
+      <year>2006</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/dialyzer/doc/src/notes.xml b/lib/dialyzer/doc/src/notes.xml
index 17291b24f7..f100865b56 100644
--- a/lib/dialyzer/doc/src/notes.xml
+++ b/lib/dialyzer/doc/src/notes.xml
@@ -31,6 +31,94 @@
   <p>This document describes the changes made to the Dialyzer
     application.</p>
 
+<section><title>Dialyzer 2.5</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fix false warning about closure application</p>
+          <p>
+	    Whenever a variable that could hold one of two or more
+	    possible closures was used in a particular application,
+	    the application was assumed to fail if ONE of the
+	    closures would fail in this application. This has been
+	    corrected to infer failing application if ALL possible
+	    closures would fail in the particular application.</p>
+          <p>
+	    Change category of 'might also return' warnings</p>
+          <p>
+	    Dialyzer emits warnings like the following "The
+	    specification for _ states that the function might also
+	    return _ but the inferred return is _", which are
+	    actually underspecifications and not wrong type
+	    specifications. This patch makes sure that they are filed
+	    under the appropriate category.</p>
+          <p>
+	    Own Id: OTP-9707</p>
+        </item>
+        <item>
+	    <p>Wrap up behaviours patch for Dialyzer</p> <list>
+	    <item><p>Enable warnings by default, add two options for
+	    suppressing them</p></item> <item><p>Fix warning
+	    formatting and update testsuites.</p></item>
+	    <item><p>Detection of callback-spec
+	    discrepancies</p></item> <item><p>Allow none() as return
+	    value in callbacks</p></item> <item><p>Behaviour callback
+	    discrepancy detection for Dialyzer</p></item>
+	    <item><p>Add lookup function for callbacks</p></item>
+	    <item><p>Store callbacks in codeserver and PLT</p></item>
+	    <item><p>Collect callback definitions during
+	    compilation</p></item> <item><p>Update inets
+	    results</p></item> </list>
+          <p>
+	    Own Id: OTP-9731</p>
+        </item>
+        <item>
+          <p>
+	    <list> <item><p>No warnings for underspecs with remote
+	    types</p></item> <item><p> Fix crash in Typer</p></item>
+	    <item><p>Fix Dialyzer's warning for its own
+	    code</p></item> <item><p>Fix Dialyzer's warnings in
+	    HiPE</p></item> <item><p>Add file/line info in a
+	    particular Dialyzer crash</p></item> <item><p>Update
+	    inets test results</p></item> </list></p>
+          <p>
+	    Own Id: OTP-9758</p>
+        </item>
+        <item>
+          <p>
+	    <list> <item><p>Correct callback spec in application
+	    module</p></item> <item><p>Refine warning about callback
+	    specs with extra ranges</p></item> <item><p>Cleanup
+	    autoimport compiler directives</p></item> <item><p>Fix
+	    Dialyzer's warnings in typer</p></item> <item><p>Fix
+	    Dialyzer's warning for its own code</p></item>
+	    <item><p>Fix bug in Dialyzer's behaviours
+	    analysis</p></item> <item><p>Fix crash in
+	    Dialyzer</p></item> <item><p>Variable substitution was
+	    not generalizing any unknown variables.</p></item>
+	    </list></p>
+          <p>
+	    Own Id: OTP-9776</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p> Optimize the joining of maps in
+	    <c>dialyzer_dataflow</c>. </p>
+          <p>
+	    Own Id: OTP-9761</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Dialyzer 2.4.4</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/dialyzer/doc/src/part.xml b/lib/dialyzer/doc/src/part.xml
index 4410840660..564ef3a52f 100644
--- a/lib/dialyzer/doc/src/part.xml
+++ b/lib/dialyzer/doc/src/part.xml
@@ -4,7 +4,7 @@
 <part xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>2006</year><year>2009</year>
+      <year>2006</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/dialyzer/doc/src/part_notes.xml b/lib/dialyzer/doc/src/part_notes.xml
index cb048d55dd..992ee73daa 100644
--- a/lib/dialyzer/doc/src/part_notes.xml
+++ b/lib/dialyzer/doc/src/part_notes.xml
@@ -4,7 +4,7 @@
 <part xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>2006</year><year>2009</year>
+      <year>2006</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/dialyzer/doc/src/ref_man.xml b/lib/dialyzer/doc/src/ref_man.xml
index ca5410f6b8..7e5367b7c5 100644
--- a/lib/dialyzer/doc/src/ref_man.xml
+++ b/lib/dialyzer/doc/src/ref_man.xml
@@ -4,7 +4,7 @@
 <application xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>2006</year><year>2009</year>
+      <year>2006</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/dialyzer/src/dialyzer_analysis_callgraph.erl b/lib/dialyzer/src/dialyzer_analysis_callgraph.erl
index 62153fa176..458f3a4c81 100644
--- a/lib/dialyzer/src/dialyzer_analysis_callgraph.erl
+++ b/lib/dialyzer/src/dialyzer_analysis_callgraph.erl
@@ -2,7 +2,7 @@
 %%--------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2006-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2006-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -359,8 +359,17 @@ store_core(Mod, Core, NoWarn, Callgraph, CServer) ->
   store_code_and_build_callgraph(Mod, LabeledCore, Callgraph, CServer3, NoWarn).
 
 abs_get_nowarn(Abs, M) ->
-  [{M, F, A}
-   || {attribute, _, compile, {nowarn_unused_function, {F, A}}} <- Abs].
+  Opts = lists:flatten([C || {attribute, _, compile, C} <- Abs]),
+  Warn = erl_lint:bool_option(warn_unused_function, nowarn_unused_function,
+                              true, Opts),
+  case Warn of
+    false ->
+      [{M, F, A} || {function, _, F, A, _} <- Abs]; % all functions
+    true ->
+      [{M, F, A} ||
+        {nowarn_unused_function, FAs} <- Opts,
+        {F, A} <- lists:flatten([FAs])]
+  end.
 
 get_exported_types_from_core(Core) ->
   Attrs = cerl:module_attrs(Core),
diff --git a/lib/dialyzer/src/dialyzer_behaviours.erl b/lib/dialyzer/src/dialyzer_behaviours.erl
index 56eb46d78a..e89c08df7d 100644
--- a/lib/dialyzer/src/dialyzer_behaviours.erl
+++ b/lib/dialyzer/src/dialyzer_behaviours.erl
@@ -2,7 +2,7 @@
 %%-----------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -144,15 +144,20 @@ check_all_callbacks(Module, Behaviour, [Cb|Rest],
       'error' -> Acc1;
       {ok, {{File, Line}, Contract}} ->
 	Acc10 = Acc1,
-	SpecReturnType = dialyzer_contracts:get_contract_return(Contract),
-	SpecArgTypes = dialyzer_contracts:get_contract_args(Contract),
+	SpecReturnType0 = dialyzer_contracts:get_contract_return(Contract),
+	SpecArgTypes0 = dialyzer_contracts:get_contract_args(Contract),
+	SpecReturnType = erl_types:subst_all_vars_to_any(SpecReturnType0),
+	SpecArgTypes =
+	  [erl_types:subst_all_vars_to_any(ArgT0) || ArgT0 <- SpecArgTypes0],
 	Acc11 =
 	  case erl_types:t_is_subtype(SpecReturnType, CbReturnType) of
 	    true -> Acc10;
-	    false -> [{callback_spec_type_mismatch,
-		       [File, Line, Behaviour, Function, Arity,
-			erl_types:t_to_string(SpecReturnType, Records),
-			erl_types:t_to_string(CbReturnType, Records)]}|Acc10]
+	    false ->
+	      ExtraType = erl_types:t_subtract(SpecReturnType, CbReturnType),
+	      [{callback_spec_type_mismatch,
+		[File, Line, Behaviour, Function, Arity,
+		 erl_types:t_to_string(ExtraType, Records),
+		 erl_types:t_to_string(CbReturnType, Records)]}|Acc10]
 	  end,
 	Acc12 =
 	  case erl_types:any_none(
diff --git a/lib/dialyzer/src/dialyzer_cl.erl b/lib/dialyzer/src/dialyzer_cl.erl
index e638e2fff2..04a0db890f 100644
--- a/lib/dialyzer/src/dialyzer_cl.erl
+++ b/lib/dialyzer/src/dialyzer_cl.erl
@@ -29,10 +29,6 @@
 
 -module(dialyzer_cl).
 
-%% Avoid warning for local function error/1 clashing with autoimported BIF.
--compile({no_auto_import,[error/1]}).
-%% Avoid warning for local function error/2 clashing with autoimported BIF.
--compile({no_auto_import,[error/2]}).
 -export([start/1]).
 
 -include("dialyzer.hrl").
@@ -88,7 +84,7 @@ init_opts_for_build(Opts) ->
         Plts ->
           Msg = io_lib:format("Could not build multiple PLT files: ~s\n",
                               [format_plts(Plts)]),
-          error(Msg)
+          cl_error(Msg)
       end;
     false -> Opts#options{init_plts = []}
   end.
@@ -110,7 +106,7 @@ init_opts_for_add(Opts) ->
         Plts ->
           Msg = io_lib:format("Could not add to multiple PLT files: ~s\n",
                               [format_plts(Plts)]),
-          error(Msg)
+          cl_error(Msg)
       end;
     false ->
       case Opts#options.init_plts =:= [] of
@@ -134,11 +130,12 @@ check_plt_aux([_] = Plt, Opts) ->
   report_check(Opts2),
   plt_common(Opts2, [], []);
 check_plt_aux([Plt|Plts], Opts) ->
-  Opts1 = Opts#options{init_plts = [Plt]},
-  Opts2 = init_opts_for_check(Opts1),
-  report_check(Opts2),
-  plt_common(Opts2, [], []),
-  check_plt_aux(Plts, Opts).
+  case check_plt_aux([Plt], Opts) of
+    {?RET_NOTHING_SUSPICIOUS, []} -> check_plt_aux(Plts, Opts);
+    {?RET_DISCREPANCIES, Warns} ->
+      {_RET, MoreWarns} = check_plt_aux(Plts, Opts),
+      {?RET_DISCREPANCIES, Warns ++ MoreWarns}
+  end.
 
 init_opts_for_check(Opts) ->
   InitPlt =
@@ -175,7 +172,7 @@ init_opts_for_remove(Opts) ->
         Plts ->
           Msg = io_lib:format("Could not remove from multiple PLT files: ~s\n",
                               [format_plts(Plts)]),
-          error(Msg)
+          cl_error(Msg)
       end;
     false ->
       case Opts#options.init_plts =:= [] of
@@ -193,7 +190,7 @@ plt_common(#options{init_plts = [InitPlt]} = Opts, RemoveFiles, AddFiles) ->
 	none -> ok;
 	OutPlt ->
 	  {ok, Binary} = file:read_file(InitPlt),
-	  file:write_file(OutPlt, Binary)
+	  ok = file:write_file(OutPlt, Binary)
       end,
       case Opts#options.report_mode of
 	quiet -> ok;
@@ -221,19 +218,19 @@ plt_common(#options{init_plts = [InitPlt]} = Opts, RemoveFiles, AddFiles) ->
     {error, no_such_file} ->
       Msg = io_lib:format("Could not find the PLT: ~s\n~s",
 			  [InitPlt, default_plt_error_msg()]),
-      error(Msg);
+      cl_error(Msg);
     {error, not_valid} ->
       Msg = io_lib:format("The file: ~s is not a valid PLT file\n~s",
 			  [InitPlt, default_plt_error_msg()]),
-      error(Msg);
+      cl_error(Msg);
     {error, read_error} ->
       Msg = io_lib:format("Could not read the PLT: ~s\n~s",
 			  [InitPlt, default_plt_error_msg()]),
-      error(Msg);
+      cl_error(Msg);
     {error, {no_file_to_remove, F}} ->
       Msg = io_lib:format("Could not remove the file ~s from the PLT: ~s\n",
 			  [F, InitPlt]),
-      error(Msg)
+      cl_error(Msg)
   end.
 
 default_plt_error_msg() ->
@@ -426,7 +423,7 @@ assert_writable(PltFile) ->
     true -> ok;
     false ->
       Msg = io_lib:format("    The PLT file ~s is not writable", [PltFile]),
-      error(Msg)
+      cl_error(Msg)
   end.
 
 check_if_writable(PltFile) ->
@@ -525,10 +522,7 @@ native_compile(Mods) ->
   end.
 
 hc(Mod) ->
-  case code:ensure_loaded(Mod) of
-    {module, Mod} -> ok;
-    {error, sticky_directory} -> ok
-  end,
+  {module, Mod} = code:ensure_loaded(Mod),
   case code:is_module_native(Mod) of
     true -> ok;
     false ->
@@ -553,7 +547,7 @@ init_output(State0, #options{output_file = OutFile,
 	{error, Reason} ->
 	  Msg = io_lib:format("Could not open output file ~p, Reason: ~p\n",
 			      [OutFile, Reason]),
-	  error(State, lists:flatten(Msg))
+	  cl_error(State, lists:flatten(Msg))
       end
   end.
 
@@ -599,10 +593,10 @@ cl_loop(State, LogCache) ->
       cl_loop(NewState, LogCache);
     {'EXIT', BackendPid, {error, Reason}} ->
       Msg = failed_anal_msg(Reason, LogCache),
-      error(State, Msg);
+      cl_error(State, Msg);
     {'EXIT', BackendPid, Reason} when Reason =/= 'normal' ->
       Msg = failed_anal_msg(io_lib:format("~P", [Reason, 12]), LogCache),
-      error(State, Msg);
+      cl_error(State, Msg);
     _Other ->
       %% io:format("Received ~p\n", [_Other]),
       cl_loop(State, LogCache)
@@ -611,7 +605,7 @@ cl_loop(State, LogCache) ->
 -spec failed_anal_msg(string(), [_]) -> nonempty_string().
 
 failed_anal_msg(Reason, LogCache) ->
-  Msg = "Analysis failed with error: " ++ Reason ++ "\n",
+  Msg = "Analysis failed with error:\n" ++ Reason ++ "\n",
   case LogCache =:= [] of
     true -> Msg;
     false ->
@@ -635,14 +629,14 @@ store_warnings(#cl_state{stored_warnings = StoredWarnings} = St, Warnings) ->
 store_unknown_behaviours(#cl_state{unknown_behaviours = Behs} = St, Beh) ->
   St#cl_state{unknown_behaviours = Beh ++ Behs}.
 
--spec error(string()) -> no_return().
+-spec cl_error(string()) -> no_return().
 
-error(Msg) ->
+cl_error(Msg) ->
   throw({dialyzer_error, Msg}).
 
--spec error(#cl_state{}, string()) -> no_return().
+-spec cl_error(#cl_state{}, string()) -> no_return().
 
-error(State, Msg) ->
+cl_error(State, Msg) ->
   case State#cl_state.output of
     standard_io -> ok;
     Outfile -> io:format(Outfile, "\n~s\n", [Msg])
diff --git a/lib/dialyzer/src/dialyzer_codeserver.erl b/lib/dialyzer/src/dialyzer_codeserver.erl
index c34a9f0b7d..13ca65e4dd 100644
--- a/lib/dialyzer/src/dialyzer_codeserver.erl
+++ b/lib/dialyzer/src/dialyzer_codeserver.erl
@@ -2,7 +2,7 @@
 %%-----------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2006-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2006-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/dialyzer/src/dialyzer_contracts.erl b/lib/dialyzer/src/dialyzer_contracts.erl
index 3469d70a4d..2b78b736ab 100644
--- a/lib/dialyzer/src/dialyzer_contracts.erl
+++ b/lib/dialyzer/src/dialyzer_contracts.erl
@@ -2,7 +2,7 @@
 %%-----------------------------------------------------------------------
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -256,7 +256,7 @@ check_extraneous([C|Cs], SuccType) ->
 check_extraneous_1(Contract, SuccType) ->
   CRngs = erl_types:t_elements(erl_types:t_fun_range(Contract)),
   STRng = erl_types:t_fun_range(SuccType),
-  %% io:format("CR = ~p\nSR = ~p\n", [CRngs, STRng]),
+  ?debug("CR = ~p\nSR = ~p\n", [CRngs, STRng]),
   case [CR || CR <- CRngs, erl_types:t_is_none(erl_types:t_inf(CR, STRng, opaque))] of
     [] -> ok;
     CRs -> {error, {extra_range, erl_types:t_sup(CRs), STRng}}
@@ -352,28 +352,37 @@ insert_constraints([], Dict) -> Dict.
 
 store_tmp_contract(MFA, FileLine, TypeSpec, SpecDict, RecordsDict) ->
   %% io:format("contract from form: ~p\n", [TypeSpec]),
-  TmpContract = contract_from_form(TypeSpec, RecordsDict),
+  TmpContract = contract_from_form(TypeSpec, RecordsDict, FileLine),
   %% io:format("contract: ~p\n", [Contract]),
   dict:store(MFA, {FileLine, TmpContract}, SpecDict).
 
-contract_from_form(Forms, RecDict) ->
-  {CFuns, Forms1} = contract_from_form(Forms, RecDict, [], []),
+contract_from_form(Forms, RecDict, FileLine) ->
+  {CFuns, Forms1} = contract_from_form(Forms, RecDict, FileLine, [], []),
   #tmp_contract{contract_funs = CFuns, forms = Forms1}.
 
 contract_from_form([{type, _, 'fun', [_, _]} = Form | Left], RecDict,
-		   TypeAcc, FormAcc) ->
+		   FileLine, TypeAcc, FormAcc) ->
   TypeFun =
     fun(ExpTypes, AllRecords) ->
-	Type = erl_types:t_from_form(Form, RecDict),
+	Type =
+	  try
+	    erl_types:t_from_form(Form, RecDict)
+	  catch
+	    throw:{error, Msg} ->
+	      {File, Line} = FileLine,
+	      NewMsg = io_lib:format("~s:~p: ~s", [filename:basename(File),
+						     Line, Msg]),
+	      throw({error, NewMsg})
+	  end,
 	NewType = erl_types:t_solve_remote(Type, ExpTypes, AllRecords),
 	{NewType, []}
     end,
   NewTypeAcc = [TypeFun | TypeAcc],
   NewFormAcc = [{Form, []} | FormAcc],
-  contract_from_form(Left, RecDict, NewTypeAcc, NewFormAcc);
+  contract_from_form(Left, RecDict, FileLine, NewTypeAcc, NewFormAcc);
 contract_from_form([{type, _L1, bounded_fun,
 		     [{type, _L2, 'fun', [_, _]} = Form, Constr]}| Left],
-		   RecDict, TypeAcc, FormAcc) ->
+		   RecDict, FileLine, TypeAcc, FormAcc) ->
   TypeFun =
     fun(ExpTypes, AllRecords) ->
 	Constr1 = [constraint_from_form(C, RecDict, ExpTypes, AllRecords)
@@ -385,8 +394,8 @@ contract_from_form([{type, _L1, bounded_fun,
     end,
   NewTypeAcc = [TypeFun | TypeAcc],
   NewFormAcc = [{Form, Constr} | FormAcc],
-  contract_from_form(Left, RecDict, NewTypeAcc, NewFormAcc);
-contract_from_form([], _RecDict, TypeAcc, FormAcc) ->
+  contract_from_form(Left, RecDict, FileLine, NewTypeAcc, NewFormAcc);
+contract_from_form([], _RecDict, _FileLine, TypeAcc, FormAcc) ->
   {lists:reverse(TypeAcc), lists:reverse(FormAcc)}.
 
 constraint_from_form({type, _, constraint, [{atom, _, is_subtype},
@@ -444,7 +453,21 @@ get_invalid_contract_warnings_funs([{MFA, {FileLine, Contract}}|Left],
 	  {error, invalid_contract} ->
 	    [invalid_contract_warning(MFA, FileLine, Sig, RecDict)|Acc];
 	  {error, {extra_range, ExtraRanges, STRange}} ->
-	    [extra_range_warning(MFA, FileLine, ExtraRanges, STRange)|Acc];
+	    Warn =
+	      case t_from_forms_without_remote(Contract#contract.forms,
+					       RecDict) of
+		{ok, NoRemoteType} ->
+		  CRet = erl_types:t_fun_range(NoRemoteType),
+		  erl_types:t_is_subtype(ExtraRanges, CRet);
+		unsupported ->
+		  true
+	      end,
+	    case Warn of
+	      true ->
+		[extra_range_warning(MFA, FileLine, ExtraRanges, STRange)|Acc];
+	      false ->
+		Acc
+	    end;
 	  {error, Msg} ->
 	    [{?WARN_CONTRACT_SYNTAX, FileLine, Msg}|Acc];
 	  ok ->
@@ -507,26 +530,92 @@ picky_contract_check(CSig0, Sig0, MFA, FileLine, Contract, RecDict, Acc) ->
 extra_contract_warning({M, F, A}, FileLine, Contract, CSig, Sig, RecDict) ->
   SigString = lists:flatten(dialyzer_utils:format_sig(Sig, RecDict)),
   ContractString0 = lists:flatten(dialyzer_utils:format_sig(CSig, RecDict)),
-  case SigString =:= ContractString0 of
+  %% The only difference is in record fields containing 'undefined' or not.
+  IsUndefRecordFieldsRelated = SigString =:= ContractString0,
+  {IsRemoteTypesRelated, SubtypeRelation} =
+    is_remote_types_related(Contract, CSig, Sig, RecDict),
+  case IsUndefRecordFieldsRelated orelse IsRemoteTypesRelated of
     true ->
-      %% The only difference is in record fields containing 'undefined' or not.
       no_warning;
     false ->
       ContractString = contract_to_string(Contract),
       {Tag, Msg} =
-	case erl_types:t_is_subtype(CSig, Sig) of
-	  true ->
+	case SubtypeRelation of
+	  contract_is_subtype ->
 	    {?WARN_CONTRACT_SUBTYPE,
 	     {contract_subtype, [M, F, A, ContractString, SigString]}};
-	  false ->
-	    case erl_types:t_is_subtype(Sig, CSig) of
-	      true ->
-		{?WARN_CONTRACT_SUPERTYPE,
-		 {contract_supertype, [M, F, A, ContractString, SigString]}};
-	      false ->
-		{?WARN_CONTRACT_NOT_EQUAL,
-		 {contract_diff, [M, F, A, ContractString, SigString]}}
-	    end
+	  contract_is_supertype ->
+	    {?WARN_CONTRACT_SUPERTYPE,
+	     {contract_supertype, [M, F, A, ContractString, SigString]}};
+	  neither ->
+	    {?WARN_CONTRACT_NOT_EQUAL,
+	     {contract_diff, [M, F, A, ContractString, SigString]}}
 	end,
       {warning, {Tag, FileLine, Msg}}
   end.
+
+is_remote_types_related(Contract, CSig, Sig, RecDict) ->
+  case erl_types:t_is_subtype(CSig, Sig) of
+    true ->
+      {false, contract_is_subtype};
+    false ->
+      case erl_types:t_is_subtype(Sig, CSig) of
+	true ->
+	  case t_from_forms_without_remote(Contract#contract.forms, RecDict) of
+	    {ok, NoRemoteTypeSig} ->
+	      case blame_remote(CSig, NoRemoteTypeSig, Sig) of
+		true ->
+		  {true, neither};
+		false ->
+		  {false, contract_is_supertype}
+	      end;
+	    unsupported ->
+	      {false, contract_is_supertype}
+	  end;
+	false ->
+	  {false, neither}
+      end
+  end.
+
+t_from_forms_without_remote([{FType, []}], RecDict) ->
+  Type0 = erl_types:t_from_form(FType, RecDict),
+  Map =
+    fun(Type) ->
+	case erl_types:t_is_remote(Type) of
+	  true -> erl_types:t_none();
+	  false -> Type
+	end
+    end,
+  {ok, erl_types:t_map(Map, Type0)};
+t_from_forms_without_remote([{_FType, _Constrs}], _RecDict) ->
+  %% 'When' constraints
+  unsupported;
+t_from_forms_without_remote(_Forms, _RecDict) ->
+  %% Lots of forms
+  unsupported.
+
+blame_remote(ContractSig, NoRemoteContractSig, Sig) ->
+  CArgs  = erl_types:t_fun_args(ContractSig),
+  CRange = erl_types:t_fun_range(ContractSig),
+  NRArgs = erl_types:t_fun_args(NoRemoteContractSig),
+  NRRange = erl_types:t_fun_range(NoRemoteContractSig),
+  SArgs = erl_types:t_fun_args(Sig),
+  SRange = erl_types:t_fun_range(Sig),
+  blame_remote_list([CRange|CArgs], [NRRange|NRArgs], [SRange|SArgs]).
+
+blame_remote_list([], [], []) ->
+  true;
+blame_remote_list([CArg|CArgs], [NRArg|NRArgs], [SArg|SArgs]) ->
+  case erl_types:t_is_equal(CArg, NRArg) of
+    true ->
+      case not erl_types:t_is_equal(CArg, SArg) of
+	true  -> false;
+	false -> blame_remote_list(CArgs, NRArgs, SArgs)
+      end;
+    false ->
+      case erl_types:t_is_subtype(SArg, NRArg)
+	andalso not erl_types:t_is_subtype(NRArg, SArg) of
+	true  -> false;
+	false -> blame_remote_list(CArgs, NRArgs, SArgs)
+      end
+  end.
diff --git a/lib/dialyzer/src/dialyzer_dataflow.erl b/lib/dialyzer/src/dialyzer_dataflow.erl
index d74c04385b..6008dba080 100644
--- a/lib/dialyzer/src/dialyzer_dataflow.erl
+++ b/lib/dialyzer/src/dialyzer_dataflow.erl
@@ -101,6 +101,12 @@
 		behaviour_api_dict = [] ::
 		  dialyzer_behaviours:behaviour_api_dict()}).
 
+-record(map, {dict = dict:new()   :: dict(),
+              subst = dict:new()  :: dict(),
+              modified = []       :: [Key :: term()],
+              modified_stack = [] :: [{[Key :: term()],reference()}],
+              ref = undefined     :: reference() | undefined}).
+
 %% Exported Types
 
 -opaque state() :: #state{}.
@@ -1058,12 +1064,13 @@ handle_case(Tree, Map, #state{callgraph = Callgraph} = State) ->
                                    RaceListSize + 1, State1);
           false -> State1
         end,
+      Map2 = join_maps_begin(Map1),
       {MapList, State3, Type} =
 	handle_clauses(Clauses, Arg, ArgType, ArgType, State2,
-		       [], Map1, [], []),
-      Map2 = join_maps(MapList, Map1),
+		       [], Map2, [], []),
+      Map3 = join_maps_end(MapList, Map2),
       debug_pp_map(Map2),
-      {State3, Map2, Type}
+      {State3, Map3, Type}
   end.
 
 %%----------------------------------------
@@ -1640,14 +1647,15 @@ bind_pat_vars([Pat|PatLeft], [Type|TypeLeft], Acc, Map, State, Rev) ->
 	  false ->
 	    SubTuples = t_tuple_subtypes(Tuple),
 	    %% Need to call the top function to get the try-catch wrapper
+            MapJ = join_maps_begin(Map),
 	    Results =
 	      case Rev of
 		true ->
 		  [bind_pat_vars_reverse(Es, t_tuple_args(SubTuple), [],
-					 Map, State)
+					 MapJ, State)
 		   || SubTuple <- SubTuples];
 		false ->
-		  [bind_pat_vars(Es, t_tuple_args(SubTuple), [], Map, State)
+		  [bind_pat_vars(Es, t_tuple_args(SubTuple), [], MapJ, State)
 		   || SubTuple <- SubTuples]
 	      end,
 	    case lists:keyfind(opaque, 2, Results) of
@@ -1661,7 +1669,7 @@ bind_pat_vars([Pat|PatLeft], [Type|TypeLeft], Acc, Map, State, Rev) ->
 		      false -> bind_error([Pat], Tuple, t_none(), bind)
 		    end;
 		  Maps ->
-		    Map1 = join_maps(Maps, Map),
+		    Map1 = join_maps_end(Maps, MapJ),
 		    TupleType = t_sup([t_tuple(EsTypes)
 				       || {M, EsTypes} <- Results, M =/= error]),
 		    {Map1, TupleType}
@@ -2308,27 +2316,29 @@ handle_guard_and(Guard, Map, Env, Eval, State) ->
 	  end
       end;
     neg ->
+      MapJ = join_maps_begin(Map),
       {Map1, Type1} =
-	try bind_guard(Arg1, Map, Env, neg, State)
-	catch throw:{fail, _} -> bind_guard(Arg2, Map, Env, pos, State)
+	try bind_guard(Arg1, MapJ, Env, neg, State)
+	catch throw:{fail, _} -> bind_guard(Arg2, MapJ, Env, pos, State)
 	end,
       {Map2, Type2} =
-	try bind_guard(Arg2, Map, Env, neg, State)
-	catch throw:{fail, _} -> bind_guard(Arg1, Map, Env, pos, State)
+	try bind_guard(Arg2, MapJ, Env, neg, State)
+	catch throw:{fail, _} -> bind_guard(Arg1, MapJ, Env, pos, State)
 	end,
       case t_is_atom(false, Type1) orelse t_is_atom(false, Type2) of
-	true -> {join_maps([Map1, Map2], Map), t_atom(false)};
+	true -> {join_maps_end([Map1, Map2], MapJ), t_atom(false)};
 	false -> signal_guard_fail(Eval, Guard, [Type1, Type2], State)
       end;
     dont_know ->
-      {Map1, Type1} = bind_guard(Arg1, Map, Env, dont_know, State),
-      {Map2, Type2} = bind_guard(Arg2, Map, Env, dont_know, State),
+      MapJ = join_maps_begin(Map),
+      {Map1, Type1} = bind_guard(Arg1, MapJ, Env, dont_know, State),
+      {Map2, Type2} = bind_guard(Arg2, MapJ, Env, dont_know, State),
       Bool1 = t_inf(Type1, t_boolean()),
       Bool2 = t_inf(Type2, t_boolean()),
       case t_is_none(Bool1) orelse t_is_none(Bool2) of
 	true -> throw({fatal_fail, none});
 	false ->
-	  NewMap = join_maps([Map1, Map2], Map),
+	  NewMap = join_maps_end([Map1, Map2], MapJ),
 	  NewType =
 	    case {t_atom_vals(Bool1), t_atom_vals(Bool2)} of
 	      {['true'] , ['true'] } -> t_atom(true);
@@ -2344,20 +2354,21 @@ handle_guard_or(Guard, Map, Env, Eval, State) ->
   [Arg1, Arg2] = cerl:call_args(Guard),
   case Eval of
     pos ->
+      MapJ = join_maps_begin(Map),
       {Map1, Bool1} =
-	try bind_guard(Arg1, Map, Env, pos, State)
+	try bind_guard(Arg1, MapJ, Env, pos, State)
 	catch
-	  throw:{fail,_} -> bind_guard(Arg1, Map, Env, dont_know, State)
+	  throw:{fail,_} -> bind_guard(Arg1, MapJ, Env, dont_know, State)
 	end,
       {Map2, Bool2} =
-	try bind_guard(Arg2, Map, Env, pos, State)
+	try bind_guard(Arg2, MapJ, Env, pos, State)
 	catch
-	  throw:{fail,_} -> bind_guard(Arg2, Map, Env, dont_know, State)
+	  throw:{fail,_} -> bind_guard(Arg2, MapJ, Env, dont_know, State)
 	end,
       case ((t_is_atom(true, Bool1) andalso t_is_boolean(Bool2))
 	    orelse
 	    (t_is_atom(true, Bool2) andalso t_is_boolean(Bool1))) of
-	true -> {join_maps([Map1, Map2], Map), t_atom(true)};
+	true -> {join_maps_end([Map1, Map2], MapJ), t_atom(true)};
 	false -> signal_guard_fail(Eval, Guard, [Bool1, Bool2], State)
       end;
     neg ->
@@ -2372,14 +2383,15 @@ handle_guard_or(Guard, Map, Env, Eval, State) ->
 	  end
       end;
     dont_know ->
-      {Map1, Type1} = bind_guard(Arg1, Map, Env, dont_know, State),
-      {Map2, Type2} = bind_guard(Arg2, Map, Env, dont_know, State),
+      MapJ = join_maps_begin(Map),
+      {Map1, Type1} = bind_guard(Arg1, MapJ, Env, dont_know, State),
+      {Map2, Type2} = bind_guard(Arg2, MapJ, Env, dont_know, State),
       Bool1 = t_inf(Type1, t_boolean()),
       Bool2 = t_inf(Type2, t_boolean()),
       case t_is_none(Bool1) orelse t_is_none(Bool2) of
 	true -> throw({fatal_fail, none});
 	false ->
-	  NewMap = join_maps([Map1, Map2], Map),
+	  NewMap = join_maps_end([Map1, Map2], MapJ),
 	  NewType =
 	    case {t_atom_vals(Bool1), t_atom_vals(Bool2)} of
 	      {['false'], ['false']} -> t_atom(false);
@@ -2493,8 +2505,9 @@ mk_guard_msg(Eval, F, Args, ArgTypes, State) ->
       end
   end.
 
-bind_guard_case_clauses(Arg, Clauses, Map, Env, Eval, State) ->
+bind_guard_case_clauses(Arg, Clauses, Map0, Env, Eval, State) ->
   Clauses1 = filter_fail_clauses(Clauses),
+  Map = join_maps_begin(Map0),
   {GenMap, GenArgType} = bind_guard(Arg, Map, Env, dont_know, State),
   bind_guard_case_clauses(GenArgType, GenMap, Arg, Clauses1, Map, Env, Eval,
 			  t_none(), [], State).
@@ -2594,7 +2607,7 @@ bind_guard_case_clauses(_GenArgType, _GenMap, _ArgExpr, [], Map, _Env, _Eval,
 			AccType, AccMaps, _State) ->
   case t_is_none(AccType) of
     true -> throw({fail, none});
-    false -> {join_maps(AccMaps, Map), AccType}
+    false -> {join_maps_end(AccMaps, Map), AccType}
   end.
 
 %%% ===========================================================================
@@ -2604,11 +2617,34 @@ bind_guard_case_clauses(_GenArgType, _GenMap, _ArgExpr, [], Map, _Env, _Eval,
 %%% ===========================================================================
 
 map__new() ->
-  {dict:new(), dict:new()}.
+  #map{}.
+
+%% join_maps_begin pushes 'modified' to the stack; join_maps pops
+%% 'modified' from the stack.
+
+join_maps_begin(#map{modified = M, modified_stack = S, ref = Ref} = Map) ->
+  Map#map{ref = make_ref(), modified = [], modified_stack = [{M,Ref} | S]}.
+
+join_maps_end(Maps, MapOut) ->
+  #map{ref = Ref, modified_stack = [{M1,R1} | S]} = MapOut,
+  true = lists:all(fun(M) -> M#map.ref =:= Ref end, Maps), % sanity
+  Keys0 = lists:usort(lists:append([M#map.modified || M <- Maps])),
+  #map{dict = Dict, subst = Subst} = MapOut,
+  Keys = [Key ||
+           Key <- Keys0,
+           dict:is_key(Key, Dict) orelse dict:is_key(Key, Subst)],
+  Out = case Maps of
+          [] -> join_maps(Maps, MapOut);
+          _ -> join_maps(Keys, Maps, MapOut)
+        end,
+  debug_join_check(Maps, MapOut, Out),
+  Out#map{ref = R1,
+          modified = Out#map.modified ++ M1, % duplicates possible
+          modified_stack = S}.
 
 join_maps(Maps, MapOut) ->
-  {Map, Subst} = MapOut,
-  Keys = ordsets:from_list(dict:fetch_keys(Map) ++ dict:fetch_keys(Subst)),
+  #map{dict = Dict, subst = Subst} = MapOut,
+  Keys = ordsets:from_list(dict:fetch_keys(Dict) ++ dict:fetch_keys(Subst)),
   join_maps(Keys, Maps, MapOut).
 
 join_maps([Key|Left], Maps, MapOut) ->
@@ -2631,6 +2667,17 @@ join_maps_one_key([Map|Left], Key, AccType) ->
 join_maps_one_key([], _Key, AccType) ->
   AccType.
 
+-ifdef(DEBUG).
+debug_join_check(Maps, MapOut, Out) ->
+  #map{dict = Dict, subst = Subst} = Out,
+  #map{dict = Dict2, subst = Subst2} = join_maps(Maps, MapOut),
+  F = fun(D) -> lists:keysort(1, dict:to_list(D)) end,
+  [throw({bug, join_maps}) ||
+    F(Dict) =/= F(Dict2) orelse F(Subst) =/= F(Subst2)].
+-else.
+debug_join_check(_Maps, _MapOut, _Out) -> ok.
+-endif.
+
 enter_type_lists([Key|KeyTail], [Val|ValTail], Map) ->
   Map1 = enter_type(Key, Val, Map),
   enter_type_lists(KeyTail, ValTail, Map1);
@@ -2643,20 +2690,21 @@ enter_type_list([{Key, Val}|Left], Map) ->
 enter_type_list([], Map) ->
   Map.
 
-enter_type(Key, Val, {Map, Subst} = MS) ->
+enter_type(Key, Val, MS) ->
   case cerl:is_literal(Key) of
     true -> MS;
     false ->
       case cerl:is_c_values(Key) of
 	true ->
-	  Keys = cerl:values_es(Key),
+          Keys = cerl:values_es(Key),
 	  case t_is_any(Val) orelse t_is_none(Val) of
 	    true ->
 	      enter_type_lists(Keys, [Val || _ <- Keys], MS);
 	    false ->
-	      enter_type_lists(cerl:values_es(Key), t_to_tlist(Val), MS)
+	      enter_type_lists(Keys, t_to_tlist(Val), MS)
 	  end;
 	false ->
+          #map{dict = Dict, subst = Subst} = MS,
 	  KeyLabel = get_label(Key),
 	  case dict:find(KeyLabel, Subst) of
 	    {ok, NewKey} ->
@@ -2664,21 +2712,25 @@ enter_type(Key, Val, {Map, Subst} = MS) ->
 	      enter_type(NewKey, Val, MS);
 	    error ->
 	      ?debug("Entering ~p :: ~s\n", [KeyLabel, t_to_string(Val)]),
-	      case dict:find(KeyLabel, Map) of
+	      case dict:find(KeyLabel, Dict) of
 		{ok, Val} -> MS;
-		{ok, _OldVal} -> {dict:store(KeyLabel, Val, Map), Subst};
-		error -> {dict:store(KeyLabel, Val, Map), Subst}
+		{ok, _OldVal} -> store_map(KeyLabel, Val, MS);
+		error -> store_map(KeyLabel, Val, MS)
 	      end
 	  end
       end
   end.
 
-enter_subst(Key, Val, {Map, Subst} = MS) ->
+store_map(Key, Val, #map{dict = Dict, ref = undefined} = Map) ->
+  Map#map{dict = dict:store(Key, Val, Dict)};
+store_map(Key, Val, #map{dict = Dict, modified = Mod} = Map) ->
+  Map#map{dict = dict:store(Key, Val, Dict), modified = [Key | Mod]}.
+
+enter_subst(Key, Val, #map{subst = Subst} = MS) ->
   KeyLabel = get_label(Key),
   case cerl:is_literal(Val) of
     true ->
-      NewMap = dict:store(KeyLabel, literal_type(Val), Map),
-      {NewMap, Subst};
+      store_map(KeyLabel, literal_type(Val), MS);
     false ->
       case cerl:is_c_var(Val) of
 	false -> MS;
@@ -2691,25 +2743,29 @@ enter_subst(Key, Val, {Map, Subst} = MS) ->
 	      if KeyLabel =:= ValLabel -> MS;
 		 true ->
 		  ?debug("Subst: storing ~p = ~p\n", [KeyLabel, ValLabel]),
-		  NewSubst = dict:store(KeyLabel, ValLabel, Subst),
-		  {Map, NewSubst}
+                  store_subst(KeyLabel, ValLabel, MS)
 	      end
 	  end
       end
   end.
 
-lookup_type(Key, {Map, Subst}) ->
-  lookup(Key, Map, Subst, t_none()).
+store_subst(Key, Val, #map{subst = S, ref = undefined} = Map) ->
+  Map#map{subst = dict:store(Key, Val, S)};
+store_subst(Key, Val, #map{subst = S, modified = Mod} = Map) ->
+  Map#map{subst = dict:store(Key, Val, S), modified = [Key | Mod]}.
+
+lookup_type(Key, #map{dict = Dict, subst = Subst}) ->
+  lookup(Key, Dict, Subst, t_none()).
 
-lookup(Key, Map, Subst, AnyNone) ->
+lookup(Key, Dict, Subst, AnyNone) ->
   case cerl:is_literal(Key) of
     true -> literal_type(Key);
     false ->
       Label = get_label(Key),
       case dict:find(Label, Subst) of
-	{ok, NewKey} -> lookup(NewKey, Map, Subst, AnyNone);
+	{ok, NewKey} -> lookup(NewKey, Dict, Subst, AnyNone);
 	error ->
-	  case dict:find(Label, Map) of
+	  case dict:find(Label, Dict) of
 	    {ok, Val} -> Val;
 	    error -> AnyNone
 	  end
@@ -2744,8 +2800,8 @@ mark_as_fresh([], Map) ->
   Map.
 
 -ifdef(DEBUG).
-debug_pp_map(Map = {Map0, _Subst}) ->
-  Keys = dict:fetch_keys(Map0),
+debug_pp_map(#map{dict = Dict}=Map) ->
+  Keys = dict:fetch_keys(Dict),
   io:format("Map:\n", []),
   lists:foreach(fun (Key) ->
 		    io:format("\t~w :: ~s\n",
diff --git a/lib/dialyzer/src/dialyzer_gui.erl b/lib/dialyzer/src/dialyzer_gui.erl
index ccd80a4835..f60194e01f 100644
--- a/lib/dialyzer/src/dialyzer_gui.erl
+++ b/lib/dialyzer/src/dialyzer_gui.erl
@@ -28,6 +28,23 @@
 %%%-----------------------------------------------------------------------
 
 -module(dialyzer_gui).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,editor,2}},
+          {nowarn_deprecated_function,{gs,entry,2}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,listbox,2}},
+          {nowarn_deprecated_function,{gs,menu,2}},
+          {nowarn_deprecated_function,{gs,menubar,2}},
+          {nowarn_deprecated_function,{gs,menubutton,2}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,radiobutton,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,stop,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/1]).
 
diff --git a/lib/dialyzer/src/dialyzer_typesig.erl b/lib/dialyzer/src/dialyzer_typesig.erl
index 92868b6878..4268814859 100644
--- a/lib/dialyzer/src/dialyzer_typesig.erl
+++ b/lib/dialyzer/src/dialyzer_typesig.erl
@@ -2046,8 +2046,7 @@ lookup_type(Key, Map) ->
   %% case cerl:is_literal(Key) of
   %%   true -> t_from_term(cerl:concrete(Key));
   %%   false ->
-  Subst = t_subst(Key, Map),
-  t_sup(Subst, Subst).
+  t_subst(Key, Map).
   %% end.
 
 mk_var(Var) ->
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/results/callbacks_and_specs b/lib/dialyzer/test/behaviour_SUITE_data/results/callbacks_and_specs
index da498c225d..33d135048e 100644
--- a/lib/dialyzer/test/behaviour_SUITE_data/results/callbacks_and_specs
+++ b/lib/dialyzer/test/behaviour_SUITE_data/results/callbacks_and_specs
@@ -1,5 +1,5 @@
 
 my_callbacks_wrong.erl:26: The return type #state{parent::'undefined' | pid(),status::'closed' | 'init' | 'open',subscribe::[{pid(),integer()}],counter::integer()} in the specification of callback_init/1 is not a subtype of {'ok',_}, which is the expected return type for the callback of my_behaviour behaviour
 my_callbacks_wrong.erl:28: The inferred return type of callback_init/1 (#state{parent::'undefined' | pid(),status::'init',subscribe::[],counter::1}) has nothing in common with {'ok',_}, which is the expected return type for the callback of my_behaviour behaviour
-my_callbacks_wrong.erl:30: The return type {'noreply',#state{parent::'undefined' | pid(),status::'closed' | 'init' | 'open',subscribe::[{pid(),integer()}],counter::integer()}} | {'reply',#state{parent::'undefined' | pid(),status::'closed' | 'init' | 'open',subscribe::[{pid(),integer()}],counter::integer()}} in the specification of callback_cast/3 is not a subtype of {'noreply',_}, which is the expected return type for the callback of my_behaviour behaviour
+my_callbacks_wrong.erl:30: The return type {'reply',#state{parent::'undefined' | pid(),status::'closed' | 'init' | 'open',subscribe::[{pid(),integer()}],counter::integer()}} in the specification of callback_cast/3 is not a subtype of {'noreply',_}, which is the expected return type for the callback of my_behaviour behaviour
 my_callbacks_wrong.erl:39: The specified type for the 2nd argument of callback_call/3 (atom()) is not a supertype of pid(), which is expected type for this argument in the callback of the my_behaviour behaviour
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/results/gen_event_incorrect_return b/lib/dialyzer/test/behaviour_SUITE_data/results/gen_event_incorrect_return
index 2afb5db133..e646eea383 100644
--- a/lib/dialyzer/test/behaviour_SUITE_data/results/gen_event_incorrect_return
+++ b/lib/dialyzer/test/behaviour_SUITE_data/results/gen_event_incorrect_return
@@ -1,2 +1,2 @@
 
-gen_event_incorrect_return.erl:16: The inferred return type of init/1 ('error') has nothing in common with {'ok',_} | {'ok',_,'hibernate'}, which is the expected return type for the callback of gen_event behaviour
+gen_event_incorrect_return.erl:16: The inferred return type of init/1 ('error') has nothing in common with {'error',_} | {'ok',_} | {'ok',_,'hibernate'}, which is the expected return type for the callback of gen_event behaviour
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/results/vars_in_beh_spec b/lib/dialyzer/test/behaviour_SUITE_data/results/vars_in_beh_spec
new file mode 100644
index 0000000000..5284e412f0
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/results/vars_in_beh_spec
@@ -0,0 +1,6 @@
+
+vars_in_beh_spec.erl:3: Undefined callback function handle_call/3 (behaviour 'gen_server')
+vars_in_beh_spec.erl:3: Undefined callback function handle_cast/2 (behaviour 'gen_server')
+vars_in_beh_spec.erl:3: Undefined callback function handle_info/2 (behaviour 'gen_server')
+vars_in_beh_spec.erl:3: Undefined callback function init/1 (behaviour 'gen_server')
+vars_in_beh_spec.erl:3: Undefined callback function terminate/2 (behaviour 'gen_server')
diff --git a/lib/dialyzer/test/behaviour_SUITE_data/src/vars_in_beh_spec.erl b/lib/dialyzer/test/behaviour_SUITE_data/src/vars_in_beh_spec.erl
new file mode 100644
index 0000000000..dc75b30d0e
--- /dev/null
+++ b/lib/dialyzer/test/behaviour_SUITE_data/src/vars_in_beh_spec.erl
@@ -0,0 +1,10 @@
+-module(vars_in_beh_spec).
+
+-behaviour(gen_server).
+
+-export([code_change/3]).
+
+-spec code_change(_, State, _) -> {ok, State}.
+
+code_change(_, State, _) ->
+    {ok, State}.
diff --git a/lib/dialyzer/test/r9c_SUITE_data/results/inets b/lib/dialyzer/test/r9c_SUITE_data/results/inets
index 6b16dba2ff..24cb39e52b 100644
--- a/lib/dialyzer/test/r9c_SUITE_data/results/inets
+++ b/lib/dialyzer/test/r9c_SUITE_data/results/inets
@@ -12,7 +12,6 @@ httpc_manager.erl:145: The pattern {ErrorReply, State2} can never match the type
 httpc_manager.erl:160: The pattern {ErrorReply, State2} can never match the type {{'ok',number()},number(),#state{reqid::number()}}
 httpc_manager.erl:478: The pattern {'error', Reason} can never match the type 'ok' | {number(),#session{clientclose::boolean(),pipeline::[],quelength::1}}
 httpc_manager.erl:490: The pattern {'error', Reason} can never match the type 'ok' | {number(),#session{clientclose::boolean(),pipeline::[],quelength::1}}
-httpd.erl:583: The pattern <{'error', Reason}, _Fd, SoFar> can never match the type <[any()],pid(),[[any(),...]]>
 httpd_acceptor.erl:105: The pattern {'error', Reason} can never match the type {'ok',pid()}
 httpd_acceptor.erl:110: Function handle_connection_err/4 will never be called
 httpd_acceptor.erl:168: Function report_error/2 will never be called
@@ -24,8 +23,7 @@ httpd_manager.erl:933: Function acceptor_status/1 will never be called
 httpd_request_handler.erl:374: The call httpd_response:send_status(Info::#mod{parsed_header::maybe_improper_list()},417,[32 | 66 | 98 | 100 | 103 | 105 | 111 | 116 | 121,...]) will never return since it differs in the 2nd argument from the success typing arguments: (#mod{socket_type::'ip_comm' | {'ssl',_}},100 | 301 | 304 | 400 | 401 | 403 | 404 | 412 | 414 | 416 | 500 | 501 | 503,any())
 httpd_request_handler.erl:378: The call httpd_response:send_status(Info::#mod{parsed_header::maybe_improper_list()},417,[32 | 77 | 97 | 100 | 101 | 104 | 108 | 110 | 111 | 116 | 119,...]) will never return since it differs in the 2nd argument from the success typing arguments: (#mod{socket_type::'ip_comm' | {'ssl',_}},100 | 301 | 304 | 400 | 401 | 403 | 404 | 412 | 414 | 416 | 500 | 501 | 503,any())
 httpd_request_handler.erl:401: The call httpd_response:send_status(Info::#mod{parsed_header::maybe_improper_list()},417,[32 | 77 | 97 | 100 | 101 | 104 | 108 | 110 | 111 | 116 | 119,...]) will never return since it differs in the 2nd argument from the success typing arguments: (#mod{socket_type::'ip_comm' | {'ssl',_}},100 | 301 | 304 | 400 | 401 | 403 | 404 | 412 | 414 | 416 | 500 | 501 | 503,any())
-httpd_request_handler.erl:644: The call lists:reverse(Fields0::{'error',_} | {'ok',_}) will never return since it differs in the 1st argument from the success typing arguments: ([any()])
-httpd_request_handler.erl:645: Function will never be called
+httpd_request_handler.erl:649: Guard test [{_,_}] =:= Trailers::nonempty_string() can never succeed
 httpd_sup.erl:63: The variable Else can never match since previous clauses completely covered the type {'error',_} | {'ok',[any()],_,_}
 httpd_sup.erl:88: The pattern {'error', Reason} can never match the type {'ok',_,_}
 httpd_sup.erl:92: The variable Else can never match since previous clauses completely covered the type {'ok',_,_}
@@ -40,10 +38,10 @@ mod_dir.erl:72: The pattern {'error', Reason} can never match the type {'ok',[[[
 mod_get.erl:135: The pattern <{'enfile', _}, _Info, Path> can never match the type <atom(),#mod{},atom() | binary() | [atom() | [any()] | char()]>
 mod_head.erl:80: The pattern <{'enfile', _}, _Info, Path> can never match the type <atom(),#mod{},atom() | binary() | [atom() | [any()] | char()]>
 mod_htaccess.erl:460: The pattern {'error', BadData} can never match the type {'ok',_}
-mod_include.erl:193: The pattern {_, Name, {[], []}} can never match the type {[any()],[any()],string()}
-mod_include.erl:195: The pattern {_, Name, {PathInfo, []}} can never match the type {[any()],[any()],string()}
-mod_include.erl:197: The pattern {_, Name, {PathInfo, QueryString}} can never match the type {[any()],[any()],string()}
-mod_include.erl:201: The variable Gurka can never match since previous clauses completely covered the type {[any()],[any()],string()}
+mod_include.erl:193: The pattern {_, Name, {[], []}} can never match the type {[any()],[any()],maybe_improper_list()}
+mod_include.erl:195: The pattern {_, Name, {PathInfo, []}} can never match the type {[any()],[any()],maybe_improper_list()}
+mod_include.erl:197: The pattern {_, Name, {PathInfo, QueryString}} can never match the type {[any()],[any()],maybe_improper_list()}
+mod_include.erl:201: The variable Gurka can never match since previous clauses completely covered the type {[any()],[any()],maybe_improper_list()}
 mod_include.erl:692: The pattern <{'read', Reason}, Info, Path> can never match the type <{'open',atom()},#mod{},atom() | binary() | [atom() | [any()] | char()]>
 mod_include.erl:706: The pattern <{'enfile', _}, _Info, Path> can never match the type <atom(),#mod{},atom() | binary() | [atom() | [any()] | char()]>
 mod_include.erl:716: Function read_error/3 will never be called
diff --git a/lib/dialyzer/test/small_SUITE_data/src/maybe_improper.erl b/lib/dialyzer/test/small_SUITE_data/src/maybe_improper.erl
new file mode 100644
index 0000000000..1743d81493
--- /dev/null
+++ b/lib/dialyzer/test/small_SUITE_data/src/maybe_improper.erl
@@ -0,0 +1,7 @@
+-module(maybe_improper).
+
+-export([s/1]).
+
+-spec s(maybe_improper_list(X,Y)) -> {[X], maybe_improper_list(X,Y)}.
+s(A) ->
+    lists:split(2,A).
diff --git a/lib/dialyzer/test/underspecs_SUITE_data/dialyzer_options b/lib/dialyzer/test/underspecs_SUITE_data/dialyzer_options
new file mode 100644
index 0000000000..f7197ac30f
--- /dev/null
+++ b/lib/dialyzer/test/underspecs_SUITE_data/dialyzer_options
@@ -0,0 +1 @@
+{dialyzer_options, [{warnings, [underspecs]}]}.
diff --git a/lib/dialyzer/test/underspecs_SUITE_data/results/remote b/lib/dialyzer/test/underspecs_SUITE_data/results/remote
new file mode 100644
index 0000000000..1e0cda3bde
--- /dev/null
+++ b/lib/dialyzer/test/underspecs_SUITE_data/results/remote
@@ -0,0 +1,9 @@
+
+remotes1.erl:17: The specification for remotes1:foo5/1 states that the function might also return 'ko' but the inferred return is 'ok'
+remotes1.erl:20: Type specification remotes1:foo6('ok' | 'ko') -> 'ok' is a supertype of the success typing: remotes1:foo6('ok') -> 'ok'
+remotes1.erl:25: The specification for remotes1:foo7/1 states that the function might also return 'ko' but the inferred return is 'ok'
+remotes1.erl:28: Type specification remotes1:foo8(local_type_42()) -> 'ok' is a supertype of the success typing: remotes1:foo8('ok') -> 'ok'
+remotes1.erl:33: The specification for remotes1:foo9/1 states that the function might also return 'ko' but the inferred return is 'ok'
+remotes1.erl:36: Type specification remotes1:foo10(local_and_known_remote_type_42()) -> 'ok' is a supertype of the success typing: remotes1:foo10('ok') -> 'ok'
+remotes1.erl:49: Type specification remotes1:foo13('ok') -> local_and_unknown_remote_type_42() is a supertype of the success typing: remotes1:foo13('ok') -> 'ok'
+remotes1.erl:52: Type specification remotes1:foo14(local_and_unknown_remote_type_42()) -> 'ok' is a supertype of the success typing: remotes1:foo14('ok') -> 'ok'
diff --git a/lib/dialyzer/test/underspecs_SUITE_data/src/remote/remotes1.erl b/lib/dialyzer/test/underspecs_SUITE_data/src/remote/remotes1.erl
new file mode 100644
index 0000000000..b722495095
--- /dev/null
+++ b/lib/dialyzer/test/underspecs_SUITE_data/src/remote/remotes1.erl
@@ -0,0 +1,61 @@
+-module(remotes1).
+
+-compile(export_all).
+
+-spec foo1(some_unknown_remote:type42()) -> ok.
+foo1(ok) -> ok.
+
+-spec foo2(ok) -> some_unknown_remote:type42().
+foo2(ok) -> ok.
+
+-spec foo3(some_known_remote:type42()) -> ok.
+foo3(ok) -> ok.
+
+-spec foo4(ok) -> some_known_remote:type42().
+foo4(ok) -> ok.
+
+-spec foo5(ok|ko) -> ok|ko.
+foo5(ok) -> ok.
+
+-spec foo6(ok|ko) -> ok.
+foo6(ok) -> ok.
+
+-type local_type_42() :: ok | ko.
+
+-spec foo7(ok) -> local_type_42().
+foo7(ok) -> ok.
+
+-spec foo8(local_type_42()) -> ok.
+foo8(ok) -> ok.
+
+-type local_and_known_remote_type_42() :: some_known_remote:type42() | ok | ko.
+
+-spec foo9(ok) -> local_and_known_remote_type_42().
+foo9(ok) -> ok.
+
+-spec foo10(local_and_known_remote_type_42()) -> ok.
+foo10(ok) -> ok.
+
+-type local_and_ok_known_remote_type_42() :: some_known_remote:type42() | ok.
+
+-spec foo11(ok) -> local_and_ok_known_remote_type_42().
+foo11(ok) -> ok.
+
+-spec foo12(local_and_ok_known_remote_type_42()) -> ok.
+foo12(ok) -> ok.
+
+-type local_and_unknown_remote_type_42() :: some_unknown_remote:type42() | ok | ko.
+
+-spec foo13(ok) -> local_and_unknown_remote_type_42().
+foo13(ok) -> ok.
+
+-spec foo14(local_and_unknown_remote_type_42()) -> ok.
+foo14(ok) -> ok.
+
+-type local_and_ok_unknown_remote_type_42() :: some_unknown_remote:type42() | ok.
+
+-spec foo15(ok) -> local_and_ok_unknown_remote_type_42().
+foo15(ok) -> ok.
+
+-spec foo16(local_and_ok_unknown_remote_type_42()) -> ok.
+foo16(ok) -> ok.
diff --git a/lib/dialyzer/test/underspecs_SUITE_data/src/remote/some_known_remote.erl b/lib/dialyzer/test/underspecs_SUITE_data/src/remote/some_known_remote.erl
new file mode 100644
index 0000000000..437f1e7826
--- /dev/null
+++ b/lib/dialyzer/test/underspecs_SUITE_data/src/remote/some_known_remote.erl
@@ -0,0 +1,5 @@
+-module(some_known_remote).
+
+-export_type([type42/0]).
+
+-type type42() :: ok | ko.
diff --git a/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_1 b/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_1
new file mode 100644
index 0000000000..de416455e2
--- /dev/null
+++ b/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_1
@@ -0,0 +1,2 @@
+
+nowarn_unused_function_1.erl:17: Function f3/1 will never be called
diff --git a/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_2 b/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_2
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_2
diff --git a/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_3 b/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_3
new file mode 100644
index 0000000000..8ae78673d5
--- /dev/null
+++ b/lib/dialyzer/test/user_SUITE_data/results/nowarn_unused_function_3
@@ -0,0 +1,3 @@
+
+nowarn_unused_function_3.erl:12: Function f2/1 will never be called
+nowarn_unused_function_3.erl:9: Function f1/1 will never be called
diff --git a/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_1.erl b/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_1.erl
new file mode 100644
index 0000000000..fcce532f73
--- /dev/null
+++ b/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_1.erl
@@ -0,0 +1,18 @@
+%% Test that option 'nowarn_unused_funcion' works similarly in
+%% Dialyzer as in the compiler.
+
+-module(nowarn_unused_function_1).
+
+-compile(warn_unused_function).
+
+-compile({nowarn_unused_function,f1/1}).
+f1(_) ->
+    a.
+
+-compile({nowarn_unused_function,[{f2,1}]}).
+f2(_) ->
+    a.
+
+-compile({warn_unused_function,[{f3,1}]}).
+f3(_) ->
+    a.
diff --git a/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_2.erl b/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_2.erl
new file mode 100644
index 0000000000..9bc3ab14ea
--- /dev/null
+++ b/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_2.erl
@@ -0,0 +1,18 @@
+%% Test that option 'nowarn_unused_funcion' works similarly in
+%% Dialyzer as in the compiler.
+
+-module(nowarn_unused_function_2).
+
+-compile(nowarn_unused_function).
+
+-compile({warn_unused_function,f1/1}).
+f1(_) ->
+    a.
+
+-compile({warn_unused_function,[{f2,1}]}).
+f2(_) ->
+    a.
+
+-compile({nowarn_unused_function,[{f3,1}]}).
+f3(_) ->
+    a.
diff --git a/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_3.erl b/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_3.erl
new file mode 100644
index 0000000000..604c5e436b
--- /dev/null
+++ b/lib/dialyzer/test/user_SUITE_data/src/nowarn_unused_function_3.erl
@@ -0,0 +1,16 @@
+%% Test that option 'nowarn_unused_funcion' works similarly in
+%% Dialyzer as in the compiler.
+
+-module(nowarn_unused_function_3).
+
+-compile({warn_unused_function,[{f1,1},{f2,1}]}).
+-compile({nowarn_unused_function,[{f3,1}]}).
+
+f1(_) ->
+    a.
+
+f2(_) ->
+    a.
+
+f3(_) ->
+    a.
diff --git a/lib/dialyzer/vsn.mk b/lib/dialyzer/vsn.mk
index a7e82b54ce..622e51b859 100644
--- a/lib/dialyzer/vsn.mk
+++ b/lib/dialyzer/vsn.mk
@@ -1 +1 @@
-DIALYZER_VSN = 2.4.4
+DIALYZER_VSN = 2.5
diff --git a/lib/diameter/bin/diameterc b/lib/diameter/bin/diameterc
index c0e83ea1a4..a72ba2d75c 100755
--- a/lib/diameter/bin/diameterc
+++ b/lib/diameter/bin/diameterc
@@ -73,24 +73,30 @@ gen(Args) ->
     end.
 
 compile(#argv{file = File, options = Opts} = A) ->
-    try
-        Spec = diameter_spec_util:parse(File, Opts),
-        maybe_output(A, Spec, Opts, spec), %% the spec file
-        maybe_output(A, Spec, Opts, erl),  %% the erl file
-        maybe_output(A, Spec, Opts, hrl),  %% The hrl file
-        0
+    try diameter_dict_util:parse({path, File}, Opts) of
+        {ok, Spec} ->
+            maybe_output(A, Spec, Opts, spec), %% the spec file
+            maybe_output(A, Spec, Opts, erl),  %% the erl file
+            maybe_output(A, Spec, Opts, hrl),  %% The hrl file
+            0;
+        {error, Reason} ->
+            error_msg(diameter_dict_util:format_error(Reason), []),
+            1
     catch
         error: Reason ->
-            error_msg({"ERROR: ~p~n  ~p", [Reason, erlang:get_stacktrace()]}),
+            error_msg("ERROR: ~p~n  ~p", [Reason, erlang:get_stacktrace()]),
             2
     end.
 
 maybe_output(#argv{file = File, output = Output}, Spec, Opts, Mode) ->
     lists:member(Mode, Output)
-        andalso diameter_codegen:from_spec(File, Spec, Opts, Mode).
+        andalso diameter_codegen:from_dict(File, Spec, Opts, Mode).
 
 error_msg({Fmt, Args}) ->
-    io:format(standard_error, Fmt ++ "~n", Args).
+    error_msg(Fmt, Args).
+
+error_msg(Fmt, Args) ->
+    io:format(standard_error, "** " ++ Fmt ++ "~n", Args).
 
 norm({_,_} = T) ->
     T;
diff --git a/lib/diameter/doc/src/diameter.xml b/lib/diameter/doc/src/diameter.xml
index 2d8edb1301..93e2603c10 100644
--- a/lib/diameter/doc/src/diameter.xml
+++ b/lib/diameter/doc/src/diameter.xml
@@ -107,7 +107,9 @@ belonging to the application.</p>
 <marker id="application_module"/>
 </item>
 
-<tag><c>application_module() = Mod | [Mod | ExtraArgs]</c></tag>
+<tag><c>application_module() = Mod
+                             | [Mod | ExtraArgs]
+                             | #diameter_callback{}</c></tag>
 <item>
 <code>
 Mod = atom()
@@ -125,6 +127,14 @@ specified to <seealso marker="#call">call/4</seealso>, in which case
 the call-specific arguments are appended to any specified with the
 callback module.</p>
 
+<p>
+Specifying a <c>#diameter_callback{}</c> record allows individual
+functions to be configured in place of the usual <seealso
+marker="diameter_app">diameter_app(3)</seealso> callbacks, with
+default implementations provided by module <c>diameter_callback</c>
+unless otherwise specified.
+See that module for details.</p>
+
 <marker id="application_opt"/>
 </item>
 
diff --git a/lib/diameter/doc/src/diameter_dict.xml b/lib/diameter/doc/src/diameter_dict.xml
index e7c530f1b8..cc638dbc18 100644
--- a/lib/diameter/doc/src/diameter_dict.xml
+++ b/lib/diameter/doc/src/diameter_dict.xml
@@ -36,7 +36,7 @@ under the License.
 <!-- ===================================================================== -->
 
 <file>diameter_dict</file>
-<filesummary>Dictionary inteface of the diameter application.</filesummary>
+<filesummary>Dictionary interface of the diameter application.</filesummary>
 
 <description>
 <p>
@@ -44,9 +44,9 @@ A diameter service as configured with <seealso
 marker="diameter#start_service">diameter:start_service/2</seealso>
 specifies one or more supported Diameter applications.
 Each Diameter application specifies a dictionary module that knows how
-to encode and decode its messages and AVP's.
+to encode and decode its messages and AVPs.
 The dictionary module is in turn generated from a file that defines
-these messages and AVP's.
+these messages and AVPs.
 The format of such a file is defined in
 <seealso marker="#FILE_FORMAT">FILE FORMAT</seealso> below.
 Users add support for their specific applications by creating
@@ -56,7 +56,7 @@ resulting dictionaries modules on a service.</p>
 
 <p>
 The codec generation also results in a hrl file that defines records
-for the messages and grouped AVP's defined for the application, these
+for the messages and grouped AVPs defined for the application, these
 records being what a user of the diameter application sends and receives.
 (Modulo other available formats as discussed in <seealso
 marker="diameter_app">diameter_app(3)</seealso>.)
@@ -74,14 +74,14 @@ corresponding to applications defined in section 2.4 of RFC 3588:
 application with application identifier 0,
 <c>diameter_gen_accounting</c> for the Diameter Base Accounting
 application with application identifier 3 and
-<c>diameter_gen_relay</c>the Relay application with application
+<c>diameter_gen_relay</c> the Relay application with application
 identifier 0xFFFFFFFF.
 The Common Message and Relay applications are the only applications
 that diameter itself has any specific knowledge of.
 The Common Message application is used for messages that diameter
 itself handles: CER/CEA, DWR/DWA and DPR/DPA.
 The Relay application is given special treatment with regard to
-encode/decode since the messages and AVP's it handles are not specifically
+encode/decode since the messages and AVPs it handles are not specifically
 defined.</p>
 
 <marker id="FILE_FORMAT"/>
@@ -94,18 +94,16 @@ defined.</p>
 
 <p>
 A dictionary file consists of distinct sections.
-Each section starts with a line consisting of a tag
-followed by zero or more arguments.
-Each section ends at the the start of the next section or end of file.
+Each section starts with a tag followed by zero or more arguments
+and ends at the the start of the next section or end of file.
 Tags consist of an ampersand character followed by a keyword and are
 separated from their arguments by whitespace.
-Whitespace within a section separates individual tokens but its
-quantity is insignificant.</p>
+Whitespace separates individual tokens but is otherwise insignificant.</p>
 
 <p>
 The tags, their arguments and the contents of each corresponding
 section are as follows.
-Each section can occur at most once unless otherwise specified.
+Each section can occur multiple times unless otherwise specified.
 The order in which sections are specified is unimportant.</p>
 
 <taglist>
@@ -115,7 +113,8 @@ The order in which sections are specified is unimportant.</p>
 <p>
 Defines the integer Number as the Diameter Application Id of the
 application in question.
-Required if the dictionary defines <c>@messages</c>.
+Can occur at most once and is required if the dictionary defines
+<c>@messages</c>.
 The section has empty content.</p>
 
 <p>
@@ -136,16 +135,13 @@ Example:</p>
 <item>
 <p>
 Defines the name of the generated dictionary module.
-The section has empty content.
-Mod must match the regular expression '^[a-zA-Z0-9][-_a-zA-Z0-9]*$';
-that is, contains only alphanumerics, hyphens and underscores begin with an
-alphanumeric.</p>
+Can occur at most once and defaults to the name of the dictionary file
+minus any extension if unspecified.
+The section has empty content.</p>
 
 <p>
-A name is optional and defaults to the name of the dictionary file
-minus any extension.
-Note that a generated module must have a unique name an not colide
-with another module in the system.</p>
+Note that a dictionary module should have a unique name so as not collide
+with existing modules in the system.</p>
 
 <p>
 Example:</p>
@@ -159,22 +155,22 @@ Example:</p>
 <tag><c>@prefix Name</c></tag>
 <item>
 <p>
-Defines Name as the prefix to be added to record and constant names in
-the generated dictionary module and hrl.
-The section has empty content.
-Name must be of the same form as a @name.</p>
+Defines Name as the prefix to be added to record and constant names
+(followed by a <c>'_'</c> character) in the generated dictionary
+module and hrl.
+Can occur at most once.
+The section has empty content.</p>
 
 <p>
-A prefix is optional but can
-be used to disambiguate record and constant names
-resulting from similarly named messages and AVP's in different
-Diameter applications.</p>
+A prefix is optional but can be be used to disambiguate between record
+and constant names resulting from similarly named messages and AVPs in
+different Diameter applications.</p>
 
 <p>
 Example:</p>
 
 <code>
-@prefix etsi_e2_
+@prefix etsi_e2
 </code>
 
 </item>
@@ -182,10 +178,12 @@ Example:</p>
 <tag><c>@vendor Number Name</c></tag>
 <item>
 <p>
-Defines the integer Number as the the default Vendor-ID of AVP's for
+Defines the integer Number as the the default Vendor-Id of AVPs for
 which the V flag is set.
 Name documents the owner of the application
 but is otherwise unused.
+Can occur at most once and is required if an AVP sets the V flag and
+is not otherwise assigned a Vendor-Id.
 The section has empty content.</p>
 
 <p>
@@ -200,10 +198,9 @@ Example:</p>
 <tag><c>@avp_vendor_id Number</c></tag>
 <item>
 <p>
-Defines the integer Number as the Vendor-ID of the AVP's listed in the
+Defines the integer Number as the Vendor-Id of the AVPs listed in the
 section content, overriding the <c>@vendor</c> default.
-The section content consists of AVP names.
-Can occur zero or more times (with different values of Number).</p>
+The section content consists of AVP names.</p>
 
 <p>
 Example:</p>
@@ -221,13 +218,27 @@ Region-Set
 <tag><c>@inherits Mod</c></tag>
 <item>
 <p>
-Defines the name of a generated dictionary module containing AVP
-definitions referenced by the dictionary but not defined by it.
-The section content is empty.</p>
+Defines the name of a dictionary module containing AVP
+definitions that should be imported into the current dictionary.
+The section content consists of the names of those AVPs whose
+definitions should be imported from the dictionary, an empty list
+causing all to be imported.
+Any listed AVPs must not be defined in the current dictionary and
+it is an error to inherit the same AVP from more than one
+dictionary.</p>
 
 <p>
-Can occur 0 or more times (with different values of Mod) but all
-dictionaries should typically inherit RFC3588 AVPs from
+Note that an inherited AVP that sets the V flag takes its Vendor-Id
+from either <c>@avp_vendor_id</c> in the inheriting dictionary or
+<c>@vendor</c> in the inherited dictionary.
+In particular, <c>@avp_vendor_id</c> in the inherited dictionary is
+ignored.
+Inheriting from a dictionary that specifies the required <c>@vendor</c>
+is equivalent to using <c>@avp_vendor_id</c> with a copy of the
+dictionary's definitions but the former makes for easier reuse.</p>
+
+<p>
+All dictionaries should typically inherit RFC3588 AVPs from
 <c>diameter_gen_base_rfc3588</c>.</p>
 
 <p>
@@ -248,13 +259,11 @@ The section consists of definitions of the form</p>
 <p><c>Name Code Type Flags</c></p>
 
 <p>
-where Code is the integer AVP code, Flags is a string of V,
-M and P characters indicating the flags to be
-set on an outgoing AVP or a single - (minus) character if none are to
-be set.
-Type identifies either an AVP Data Format as defined in <seealso
-marker="#DATA_TYPES">DATA TYPES</seealso> below or a
-type as defined by a <c>@custom_types</c> tag.</p>
+where Code is the integer AVP code, Type identifies an AVP Data Format
+as defined in <seealso marker="#DATA_TYPES">DATA TYPES</seealso> below,
+and Flags is a string of V, M and P characters indicating the flags to be
+set on an outgoing AVP or a single <c>'-'</c> (minus) character if
+none are to be set.</p>
 
 <p>
 Example:</p>
@@ -262,8 +271,8 @@ Example:</p>
 <code>
 @avp_types
 
-Location-Information   350  Grouped     VM
-Requested-Information  353  Enumerated  V
+Location-Information   350  Grouped     MV
+Requested-Information  353  Enumerated   V
 </code>
 
 <p>
@@ -276,21 +285,36 @@ to 0 as mandated by the current draft standard.</p>
 <tag><c>@custom_types Mod</c></tag>
 <item>
 <p>
-Defines AVPs for which module Mod provides encode/decode.
-The section contents consists of type names.
-For each AVP Name defined with custom type Type, Mod should export the
-function Name/3 with arguments encode|decode, Type and Data,
-the latter being the term to be encoded/decoded.
-The function returns the encoded/decoded value.</p>
+Specifies AVPs for which module Mod provides encode/decode functions.
+The section contents consists of AVP names.
+For each such name, <c>Mod:Name(encode|decode, Type, Data)</c> is
+expected to provide encode/decode for values of the AVP, where Name is
+the name of the AVP, Type is it's type as declared in the
+<c>@avp_types</c> section of the dictionary and Data is the value to
+encode/decode.</p>
+
+<p>
+Example:</p>
+
+<code>
+@custom_types rfc4005_avps
+
+Framed-IP-Address
+</code>
+</item>
 
+<tag><c>@codecs Mod</c></tag>
+<item>
 <p>
-Can occur 0 or more times (with different values of Mod).</p>
+Like <c>@custom_types</c> but requires the specified module to export
+<c>Mod:Type(encode|decode, Name, Data)</c> rather than
+<c>Mod:Name(encode|decode, Type, Data)</c>.</p>
 
 <p>
 Example:</p>
 
 <code>
-@custom_types rfc4005_types
+@codecs rfc4005_avps
 
 Framed-IP-Address
 </code>
@@ -360,6 +384,10 @@ SIP-Deregistration-Reason ::= &lt; AVP Header: 383 >
                               [ SIP-Reason-Info ]
                             * [ AVP ]
 </code>
+
+<p>
+Specifying a Vendor-Id in the definition of a grouped AVP is
+equivalent to specifying it with <c>@avp_vendor_id</c>.</p>
 </item>
 
 <tag><c>@enum Name</c></tag>
@@ -371,11 +399,9 @@ Integer values can be prefixed with 0x to be interpreted as
 hexidecimal.</p>
 
 <p>
-Can occur 0 or more times (with different values of Name).
-The AVP in question can be defined in an inherited dictionary in order
-to introduce additional values.
-An AVP so extended must be referenced by in a <c>@messages</c> or
-<c>@grouped</c> section.</p>
+Note that the AVP in question can be defined in an inherited
+dictionary in order to introduce additional values to an enumeration
+otherwise defined in another dictionary.</p>
 
 <p>
 Example:</p>
@@ -390,11 +416,18 @@ REMOVE_SIP_SERVER        3
 </code>
 </item>
 
+<tag><c>@end</c></tag>
+<item>
+<p>
+Causes parsing of the dictionary to terminate:
+any remaining content is ignored.</p>
+</item>
+
 </taglist>
 
 <p>
 Comments can be included in a dictionary file using semicolon:
-text from a semicolon to end of line is ignored.</p>
+characters from a semicolon to end of line are ignored.</p>
 
 <marker id="MESSAGE_RECORDS"/>
 </section>
diff --git a/lib/diameter/doc/src/notes.xml b/lib/diameter/doc/src/notes.xml
index e2723f3e99..6e364a3200 100644
--- a/lib/diameter/doc/src/notes.xml
+++ b/lib/diameter/doc/src/notes.xml
@@ -36,6 +36,120 @@ first.</p>
 
 <!-- ===================================================================== -->
 
+<section><title>Diameter 1.0</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fix faulty cleanup after diameter:remove_transport/2.</p>
+          <p>
+	    Removing a transport removed the configuration but did
+	    not prevent the transport process from being restarted.</p>
+          <p>
+	    Own Id: OTP-9756</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Add support for TLS over TCP.</p>
+          <p>
+	    RFC 3588 requires that a Diameter server support TLS. In
+	    practice this seems to mean TLS over SCTP since there are
+	    limitations with running over SCTP: see RFC 6083 (DTLS
+	    over SCTP), which is a response to RFC 3436 (TLS over
+	    SCTP). The current RFC 3588 draft acknowledges this by
+	    equating TLS with TLS/TCP and DTLS/SCTP.</p>
+          <p>
+	    TLS handshaking can take place either following a CER/CEA
+	    that negotiates TLS using the Inband-Security-Id AVP (the
+	    method documented in RFC 3588) or immediately following
+	    connection establishment (the method added to the current
+	    draft).</p>
+          <p>
+	    Own Id: OTP-9605</p>
+        </item>
+        <item>
+          <p>
+	    Improvements to the dictionary parser.</p>
+          <p>
+	    The dictionary parser now emits useful error messages in
+	    case of faults in the input file, also identifying the
+	    line number at which the fault was detected. There are
+	    semantic checks that were missing in the previous parser,
+	    a fault in the interpretation of vendor id's in
+	    combination with @inherits has been fixed and @end can be
+	    used to terminate parsing explicitly instead of always
+	    parsing to end of file.</p>
+          <p>
+	    Own Id: OTP-9639</p>
+        </item>
+        <item>
+          <p>
+	    Improve dictionary reusability.</p>
+          <p>
+	    Reusing a dictionary just to get a different generated
+	    module name or prefix previously required taking a copy
+	    of the source, which may consist of several files if
+	    inheritance is used, just to edit a couple of lines which
+	    don't affect the semantics of the Diameter application
+	    being defined. Options --name, --prefix and --inherits
+	    have been added to diameterc to allow corresponding
+	    values to be set at compile time.</p>
+          <p>
+	    Own Id: OTP-9641</p>
+        </item>
+        <item>
+          <p>
+	    Add capabilities_cb transport option.</p>
+          <p>
+	    Its value is a function that's applied to the transport
+	    reference and capabilities record after capabilities
+	    exchange. If a callback returns anything but 'ok' then
+	    the connection is closed. In the case of an incoming CER,
+	    the callback can return a result code with which to
+	    answer. Multiple callbacks can be specified and are
+	    applied until either all return 'ok' or one doesn't.</p>
+          <p>
+	    This provides a way to reject a peer connection.</p>
+          <p>
+	    Own Id: OTP-9654</p>
+        </item>
+        <item>
+          <p>
+	    Add @codecs to dictionary format.</p>
+          <p>
+	    The semantics are similar to @custom_types but results in
+	    codec functions of the form TypeName(encode|decode,
+	    AvpName, Data) rather than AvpName(encode|decode,
+	    TypeName, Data). That is, the role of the AVP name and
+	    Diameter type name are reversed. This eliminates the need
+	    for exporting one function for each AVP sharing a common
+	    specialized encode/decode.</p>
+          <p>
+	    Own Id: OTP-9708 Aux Id: OTP-9639 </p>
+        </item>
+        <item>
+          <p>
+	    Add #diameter_callback{} for more flexible callback
+	    configuration.</p>
+          <p>
+	    The record allows individual functions to be configured
+	    for each of the diameter_app(3) callbacks, as well as a
+	    default callback.</p>
+          <p>
+	    Own Id: OTP-9777</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Diameter 0.10</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/diameter/examples/GNUmakefile b/lib/diameter/examples/code/GNUmakefile
index 4c3f87939b..a0669119d2 100644
--- a/lib/diameter/examples/GNUmakefile
+++ b/lib/diameter/examples/code/GNUmakefile
@@ -1,19 +1,19 @@
-# 
+#
 # %CopyrightBegin%
-# 
+#
 # Copyright Ericsson AB 2010-2011. All Rights Reserved.
-# 
+#
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
 # compliance with the License. You should have received a copy of the
 # Erlang Public License along with this software. If not, it can be
 # retrieved online at http://www.erlang.org/.
-# 
+#
 # Software distributed under the License is distributed on an "AS IS"
 # basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 # the License for the specific language governing rights and limitations
 # under the License.
-# 
+#
 # %CopyrightEnd%
 #
 
diff --git a/lib/diameter/examples/client.erl b/lib/diameter/examples/code/client.erl
index 36a77dd524..9e65f98de0 100644
--- a/lib/diameter/examples/client.erl
+++ b/lib/diameter/examples/code/client.erl
@@ -112,7 +112,7 @@ cast(Name) ->
                   {'Auth-Application-Id', 0},
                   {'Re-Auth-Request-Type', 1}],
     diameter:call(Name, ?APP_ALIAS, RAR, [detach]).
-    
+
 cast() ->
     cast(?SVC_NAME).
 
diff --git a/lib/diameter/examples/client_cb.erl b/lib/diameter/examples/code/client_cb.erl
index 524a8f94a1..524a8f94a1 100644
--- a/lib/diameter/examples/client_cb.erl
+++ b/lib/diameter/examples/code/client_cb.erl
diff --git a/lib/diameter/examples/peer.erl b/lib/diameter/examples/code/peer.erl
index 89203e15c3..89203e15c3 100644
--- a/lib/diameter/examples/peer.erl
+++ b/lib/diameter/examples/code/peer.erl
diff --git a/lib/diameter/examples/redirect.erl b/lib/diameter/examples/code/redirect.erl
index b54701243f..b54701243f 100644
--- a/lib/diameter/examples/redirect.erl
+++ b/lib/diameter/examples/code/redirect.erl
diff --git a/lib/diameter/examples/redirect_cb.erl b/lib/diameter/examples/code/redirect_cb.erl
index ea7ad38749..ea7ad38749 100644
--- a/lib/diameter/examples/redirect_cb.erl
+++ b/lib/diameter/examples/code/redirect_cb.erl
diff --git a/lib/diameter/examples/relay.erl b/lib/diameter/examples/code/relay.erl
index deecb1cfc0..deecb1cfc0 100644
--- a/lib/diameter/examples/relay.erl
+++ b/lib/diameter/examples/code/relay.erl
diff --git a/lib/diameter/examples/relay_cb.erl b/lib/diameter/examples/code/relay_cb.erl
index 9ed6517d5c..9ed6517d5c 100644
--- a/lib/diameter/examples/relay_cb.erl
+++ b/lib/diameter/examples/code/relay_cb.erl
diff --git a/lib/diameter/examples/sctp.erl b/lib/diameter/examples/code/sctp.erl
index 2e0e9d8b0b..08de023571 100644
--- a/lib/diameter/examples/sctp.erl
+++ b/lib/diameter/examples/code/sctp.erl
@@ -1,3 +1,21 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
 
 -module(sctp).
 
diff --git a/lib/diameter/examples/server.erl b/lib/diameter/examples/code/server.erl
index ebb408e501..ebb408e501 100644
--- a/lib/diameter/examples/server.erl
+++ b/lib/diameter/examples/code/server.erl
diff --git a/lib/diameter/examples/server_cb.erl b/lib/diameter/examples/code/server_cb.erl
index 43b8e24b5c..43b8e24b5c 100644
--- a/lib/diameter/examples/server_cb.erl
+++ b/lib/diameter/examples/code/server_cb.erl
diff --git a/lib/diameter/examples/dict/rfc4004_mip.dia b/lib/diameter/examples/dict/rfc4004_mip.dia
new file mode 100644
index 0000000000..575ad4394a
--- /dev/null
+++ b/lib/diameter/examples/dict/rfc4004_mip.dia
@@ -0,0 +1,280 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+;;
+;; RFC 4004, Diameter Mobile IPv4 Application
+;;
+;; Edits:
+;;
+;; - MIP-nonce  -> MIP-Nonce
+;; - Session-ID -> Session-Id
+;; - Omit MIP-HA-to-MN-SPI, MIP-MN-FA-SPI and MIP-MN-HA-SPI, none of
+;;   which are defined.
+;;
+
+@id 2
+
+@inherits rfc3588_base
+
+;; ===========================================================================
+
+@avp_types
+
+   MIP-Reg-Request                320  OctetString   M
+   MIP-Reg-Reply                  321  OctetString   M
+   MIP-MN-AAA-Auth                322  Grouped       M
+   MIP-Mobile-Node-Address        333  Address       M
+   MIP-Home-Agent-Address         334  Address       M
+   MIP-Candidate-Home-Agent-Host  336  DiamIdent     M
+   MIP-Feature-Vector             337  Unsigned32    M
+   MIP-Auth-Input-Data-Length     338  Unsigned32    M
+   MIP-Authenticator-Length       339  Unsigned32    M
+   MIP-Authenticator-Offset       340  Unsigned32    M
+   MIP-MN-AAA-SPI                 341  Unsigned32    M
+   MIP-Filter-Rule                342  IPFilterRule  M
+   MIP-FA-Challenge               344  OctetString   M
+   MIP-Originating-Foreign-AAA    347  Grouped       M
+   MIP-Home-Agent-Host            348  Grouped       M
+
+   MIP-FA-to-HA-SPI               318  Unsigned32    M
+   MIP-FA-to-MN-SPI               319  Unsigned32    M
+   MIP-HA-to-FA-SPI               323  Unsigned32    M
+   MIP-MN-to-FA-MSA               325  Grouped       M
+   MIP-FA-to-MN-MSA               326  Grouped       M
+   MIP-FA-to-HA-MSA               328  Grouped       M
+   MIP-HA-to-FA-MSA               329  Grouped       M
+   MIP-MN-to-HA-MSA               331  Grouped       M
+   MIP-HA-to-MN-MSA               332  Grouped       M
+   MIP-Nonce                      335  OctetString   M
+   MIP-Session-Key                343  OctetString   M
+   MIP-Algorithm-Type             345  Enumerated    M
+   MIP-Replay-Mode                346  Enumerated    M
+   MIP-MSA-Lifetime               367  Unsigned32    M
+
+;; ===========================================================================
+
+@messages
+
+   ;; 5.1.  AA-Mobile-Node-Request
+
+   AMR ::= < Diameter Header: 260, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { User-Name }
+           { Destination-Realm }
+           { Origin-Host }
+           { Origin-Realm }
+           { MIP-Reg-Request }
+           { MIP-MN-AAA-Auth }
+           [ Acct-Multi-Session-Id ]
+           [ Destination-Host ]
+           [ Origin-State-Id ]
+           [ MIP-Mobile-Node-Address ]
+           [ MIP-Home-Agent-Address ]
+           [ MIP-Feature-Vector ]
+           [ MIP-Originating-Foreign-AAA ]
+           [ Authorization-Lifetime ]
+           [ Auth-Session-State ]
+           [ MIP-FA-Challenge ]
+           [ MIP-Candidate-Home-Agent-Host ]
+           [ MIP-Home-Agent-Host ]
+           [ MIP-HA-to-FA-SPI ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 5.2.  AA-Mobile-Node-Answer
+
+   AMA ::= < Diameter Header: 260, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ Acct-Multi-Session-Id ]
+           [ User-Name ]
+           [ Authorization-Lifetime ]
+           [ Auth-Session-State ]
+           [ Error-Message ]
+           [ Error-Reporting-Host ]
+           [ Re-Auth-Request-Type ]
+           [ MIP-Feature-Vector ]
+           [ MIP-Reg-Reply ]
+           [ MIP-MN-to-FA-MSA ]
+           [ MIP-MN-to-HA-MSA ]
+           [ MIP-FA-to-MN-MSA ]
+           [ MIP-FA-to-HA-MSA ]
+           [ MIP-HA-to-MN-MSA ]
+           [ MIP-MSA-Lifetime ]
+           [ MIP-Home-Agent-Address ]
+           [ MIP-Mobile-Node-Address ]
+         * [ MIP-Filter-Rule ]
+           [ Origin-State-Id ]
+         * [ Proxy-Info ]
+         * [ AVP ]
+
+   ;; 5.3.  Home-Agent-MIP-Request
+
+   HAR ::= < Diameter Header: 262, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Authorization-Lifetime }
+           { Auth-Session-State }
+           { MIP-Reg-Request }
+           { Origin-Host }
+           { Origin-Realm }
+           { User-Name }
+           { Destination-Realm }
+           { MIP-Feature-Vector }
+           [ Destination-Host ]
+           [ MIP-MN-to-HA-MSA ]
+           [ MIP-MN-to-FA-MSA ]
+           [ MIP-HA-to-MN-MSA ]
+           [ MIP-HA-to-FA-MSA ]
+           [ MIP-MSA-Lifetime ]
+           [ MIP-Originating-Foreign-AAA ]
+           [ MIP-Mobile-Node-Address ]
+           [ MIP-Home-Agent-Address ]
+         * [ MIP-Filter-Rule ]
+           [ Origin-State-Id ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 5.4.  Home-Agent-MIP-Answer
+
+   HAA ::= < Diameter Header: 262, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ Acct-Multi-Session-Id ]
+           [ User-Name ]
+           [ Error-Reporting-Host ]
+           [ Error-Message ]
+           [ MIP-Reg-Reply ]
+           [ MIP-Home-Agent-Address ]
+           [ MIP-Mobile-Node-Address ]
+           [ MIP-FA-to-HA-SPI ]
+           [ MIP-FA-to-MN-SPI ]
+           [ Origin-State-Id ]
+         * [ Proxy-Info ]
+         * [ AVP ]
+
+;; ===========================================================================
+
+@grouped
+
+   MIP-MN-AAA-Auth ::= < AVP Header: 322 >
+
+           { MIP-MN-AAA-SPI }
+           { MIP-Auth-Input-Data-Length }
+           { MIP-Authenticator-Length }
+           { MIP-Authenticator-Offset }
+         * [ AVP ]
+
+
+   MIP-Originating-Foreign-AAA ::= < AVP Header: 347 >
+
+           { Origin-Realm }
+           { Origin-Host }
+         * [ AVP ]
+
+   MIP-Home-Agent-Host ::= < AVP Header: 348 >
+
+           { Destination-Realm }
+           { Destination-Host }
+         * [ AVP ]
+
+   MIP-FA-to-MN-MSA ::= < AVP Header: 326 >
+
+           { MIP-FA-to-MN-SPI }
+           { MIP-Algorithm-Type }
+           { MIP-Session-Key }
+         * [ AVP ]
+
+   MIP-FA-to-HA-MSA ::= < AVP Header: 328 >
+
+           { MIP-FA-to-HA-SPI }
+           { MIP-Algorithm-Type }
+           { MIP-Session-Key }
+         * [ AVP ]
+
+   MIP-HA-to-FA-MSA ::= < AVP Header: 329 >
+
+           { MIP-HA-to-FA-SPI   }
+           { MIP-Algorithm-Type }
+           { MIP-Session-Key }
+         * [ AVP ]
+
+   MIP-HA-to-MN-MSA ::= < AVP Header: 332 >
+
+   ;       { MIP-HA-to-MN-SPI   }
+           { MIP-Algorithm-Type }
+           { MIP-Replay-Mode }
+           { MIP-Session-Key }
+         * [ AVP ]
+
+   MIP-MN-to-FA-MSA ::= < AVP Header: 325 >
+
+   ;       { MIP-MN-FA-SPI }
+           { MIP-Algorithm-Type }
+           { MIP-Nonce }
+         * [ AVP ]
+
+   MIP-MN-to-HA-MSA ::= < AVP Header: 331 >
+
+   ;       { MIP-MN-HA-SPI }
+           { MIP-Algorithm-Type }
+           { MIP-Replay-Mode }
+           { MIP-Nonce }
+         * [ AVP ]
+
+;; ===========================================================================
+
+@enum MIP-Algorithm-Type
+
+   HMAC-SHA-1      2
+
+@enum MIP-Replay-Mode
+
+   NONE            1
+   TIMESTAMPS      2
+   NONCES          3
+
+;; ===========================================================================
+
+@define Result-Code
+
+   ;; 6.1.  Transient Failures
+
+   MIP_REPLY_FAILURE              4005
+   HA_NOT_AVAILABLE               4006
+   BAD_KEY                        4007
+   MIP_FILTER_NOT_SUPPORTED       4008
+
+   ;; 6.2.  Permanent Failures
+
+   NO_FOREIGN_HA_SERVICE          5024
+   END_TO_END_MIP_KEY_ENCRYPTION  5025
diff --git a/lib/diameter/examples/dict/rfc4005_nas.dia b/lib/diameter/examples/dict/rfc4005_nas.dia
new file mode 100644
index 0000000000..a4b44e38bb
--- /dev/null
+++ b/lib/diameter/examples/dict/rfc4005_nas.dia
@@ -0,0 +1,740 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+;;
+;; RFC 4005, Diameter Network Access Server Application
+;;
+;; Edits:
+;;
+;; - Acounting-Auth-Method      -> Accounting-Auth-Method
+;; - Connection-Info            -> ConnectInfo
+;; - Framed-Appletalk-Link      -> Framed-AppleTalk-Link
+;; - Framed-Appletalk-Network   -> Framed-AppleTalk-Network
+;; - Framed-Appletalk-Zone      -> Framed-AppleTalk-Zone
+;; - Qos-Filter-Rule            -> QoS-Filter-Rule
+;; - Redirect-Host-Usase        -> Redirect-Host-Usage
+;; - Redirected-Host            -> Redirect-Host
+;; - Redirected-Host-Usage      -> Redirect-Host-Usage
+;; - Redirected-Host-Cache-Time -> Redirect-Max-Cache-Time
+;; - Redirected-Max-Cache-Time  -> Redirect-Max-Cache-Time
+;;
+
+@id 1
+
+@inherits rfc3588_base
+
+;; ===========================================================================
+
+@avp_types
+
+   ;; 4.  NAS Session AVPs
+
+   NAS-Port                           5    Unsigned32    M
+   NAS-Port-Id                       87    UTF8String    M
+   NAS-Port-Type                     61    Enumerated    M
+   Called-Station-Id                 30    UTF8String    M
+   Calling-Station-Id                31    UTF8String    M
+   Connect-Info                      77    UTF8String    M
+   Originating-Line-Info             94   OctetString    -
+   Reply-Message                     18    UTF8String    M
+
+   ;; 5.  NAS Authentication AVPs
+
+   User-Password                      2   OctetString    M
+   Password-Retry                    75    Unsigned32    M
+   Prompt                            76    Enumerated    M
+   CHAP-Auth                        402       Grouped    M
+   CHAP-Algorithm                   403    Enumerated    M
+   CHAP-Ident                       404   OctetString    M
+   CHAP-Response                    405   OctetString    M
+   CHAP-Challenge                    60   OctetString    M
+   ARAP-Password                     70   OctetString    M
+   ARAP-Challenge-Response           84   OctetString    M
+   ARAP-Security                     73    Unsigned32    M
+   ARAP-Security-Data                74   OctetString    M
+
+   ;; 6.  NAS Authorization AVPs
+
+   Service-Type                       6    Enumerated    M
+   Callback-Number                   19    UTF8String    M
+   Callback-Id                       20    UTF8String    M
+   Idle-Timeout                      28    Unsigned32    M
+   Port-Limit                        62    Unsigned32    M
+   NAS-Filter-Rule                  400  IPFilterRule    M
+   Filter-Id                         11    UTF8String    M
+   Configuration-Token               78   OctetString    M
+   QoS-Filter-Rule                  407 QoSFilterRule    -
+   Framed-Protocol                    7    Enumerated    M
+   Framed-Routing                    10    Enumerated    M
+   Framed-MTU                        12    Unsigned32    M
+   Framed-Compression                13    Enumerated    M
+   Framed-IP-Address                  8   OctetString    M
+   Framed-IP-Netmask                  9   OctetString    M
+   Framed-Route                      22    UTF8String    M
+   Framed-Pool                       88   OctetString    M
+   Framed-Interface-Id               96    Unsigned64    M
+   Framed-IPv6-Prefix                97   OctetString    M
+   Framed-IPv6-Route                 99    UTF8String    M
+   Framed-IPv6-Pool                 100   OctetString    M
+   Framed-IPX-Network                23    UTF8String    M
+   Framed-AppleTalk-Link             37    Unsigned32    M
+   Framed-AppleTalk-Network          38    Unsigned32    M
+   Framed-AppleTalk-Zone             39   OctetString    M
+   ARAP-Features                     71   OctetString    M
+   ARAP-Zone-Access                  72    Enumerated    M
+   Login-IP-Host                     14   OctetString    M
+   Login-IPv6-Host                   98   OctetString    M
+   Login-Service                     15    Enumerated    M
+   Login-TCP-Port                    16    Unsigned32    M
+   Login-LAT-Service                 34   OctetString    M
+   Login-LAT-Node                    35   OctetString    M
+   Login-LAT-Group                   36   OctetString    M
+   Login-LAT-Port                    63   OctetString    M
+
+   ;; 7.  NAS Tunneling
+
+   Tunneling                        401       Grouped    M
+   Tunnel-Type                       64    Enumerated    M
+   Tunnel-Medium-Type                65    Enumerated    M
+   Tunnel-Client-Endpoint            66    UTF8String    M
+   Tunnel-Server-Endpoint            67    UTF8String    M
+   Tunnel-Password                   69   OctetString    M
+   Tunnel-Private-Group-Id           81   OctetString    M
+   Tunnel-Assignment-Id              82   OctetString    M
+   Tunnel-Preference                 83    Unsigned32    M
+   Tunnel-Client-Auth-Id             90    UTF8String    M
+   Tunnel-Server-Auth-Id             91    UTF8String    M
+
+   ;; 8.  NAS Accounting
+
+   Accounting-Input-Octets          363    Unsigned64    M
+   Accounting-Output-Octets         364    Unsigned64    M
+   Accounting-Input-Packets         365    Unsigned64    M
+   Accounting-Output-Packets        366    Unsigned64    M
+   Acct-Session-Time                 46    Unsigned32    M
+   Acct-Authentic                    45    Enumerated    M
+   Accounting-Auth-Method           406    Enumerated    M
+   Acct-Delay-Time                   41    Unsigned32    M
+   Acct-Link-Count                   51    Unsigned32    M
+   Acct-Tunnel-Connection            68   OctetString    M
+   Acct-Tunnel-Packets-Lost          86    Unsigned32    M
+
+   ;; 9.3.  AVPs Used Only for Compatibility
+
+   NAS-Identifier                    32    UTF8String    M
+   NAS-IP-Address                     4   OctetString    M
+   NAS-IPv6-Address                  95   OctetString    M
+   State                             24   OctetString    M
+ ;;Termination-Cause                295    Enumerated    M
+   Origin-AAA-Protocol              408    Enumerated    M
+
+;; ===========================================================================
+
+@messages
+
+   AAR ::= < Diameter Header: 265, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Auth-Request-Type }
+           [ Destination-Host ]
+           [ NAS-Identifier ]
+           [ NAS-IP-Address ]
+           [ NAS-IPv6-Address ]
+           [ NAS-Port ]
+           [ NAS-Port-Id ]
+           [ NAS-Port-Type ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ Port-Limit ]
+           [ User-Name ]
+           [ User-Password ]
+           [ Service-Type ]
+           [ State ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Auth-Session-State ]
+           [ Callback-Number ]
+           [ Called-Station-Id ]
+           [ Calling-Station-Id ]
+           [ Originating-Line-Info ]
+           [ Connect-Info ]
+           [ CHAP-Auth ]
+           [ CHAP-Challenge ]
+         * [ Framed-Compression ]
+           [ Framed-Interface-Id ]
+           [ Framed-IP-Address ]
+         * [ Framed-IPv6-Prefix ]
+           [ Framed-IP-Netmask ]
+           [ Framed-MTU ]
+           [ Framed-Protocol ]
+           [ ARAP-Password ]
+           [ ARAP-Security ]
+         * [ ARAP-Security-Data ]
+         * [ Login-IP-Host ]
+         * [ Login-IPv6-Host ]
+           [ Login-LAT-Group ]
+           [ Login-LAT-Node ]
+           [ Login-LAT-Port ]
+           [ Login-LAT-Service ]
+         * [ Tunneling ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   AAA ::= < Diameter Header: 265, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Request-Type }
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ User-Name ]
+           [ Service-Type ]
+         * [ Class ]
+         * [ Configuration-Token ]
+           [ Acct-Interim-Interval ]
+           [ Error-Message ]
+           [ Error-Reporting-Host ]
+         * [ Failed-AVP ]
+           [ Idle-Timeout ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Auth-Session-State ]
+           [ Re-Auth-Request-Type ]
+           [ Multi-Round-Time-Out ]
+           [ Session-Timeout ]
+           [ State ]
+         * [ Reply-Message ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+         * [ Filter-Id ]
+           [ Password-Retry ]
+           [ Port-Limit ]
+           [ Prompt ]
+           [ ARAP-Challenge-Response ]
+           [ ARAP-Features ]
+           [ ARAP-Security ]
+         * [ ARAP-Security-Data ]
+           [ ARAP-Zone-Access ]
+           [ Callback-Id ]
+           [ Callback-Number ]
+           [ Framed-AppleTalk-Link ]
+         * [ Framed-AppleTalk-Network ]
+           [ Framed-AppleTalk-Zone ]
+         * [ Framed-Compression ]
+           [ Framed-Interface-Id ]
+           [ Framed-IP-Address ]
+         * [ Framed-IPv6-Prefix ]
+           [ Framed-IPv6-Pool ]
+         * [ Framed-IPv6-Route ]
+           [ Framed-IP-Netmask ]
+         * [ Framed-Route ]
+           [ Framed-Pool ]
+           [ Framed-IPX-Network ]
+           [ Framed-MTU ]
+           [ Framed-Protocol ]
+           [ Framed-Routing ]
+         * [ Login-IP-Host ]
+         * [ Login-IPv6-Host ]
+           [ Login-LAT-Group ]
+           [ Login-LAT-Node ]
+           [ Login-LAT-Port ]
+           [ Login-LAT-Service ]
+           [ Login-Service ]
+           [ Login-TCP-Port ]
+         * [ NAS-Filter-Rule ]
+         * [ QoS-Filter-Rule ]
+         * [ Tunneling ]
+         * [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ AVP ]
+
+   RAR ::= < Diameter Header: 258, REQ, PXY >
+
+           < Session-Id >
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Destination-Host }
+           { Auth-Application-Id }
+           { Re-Auth-Request-Type }
+           [ User-Name ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ NAS-Identifier ]
+           [ NAS-IP-Address ]
+           [ NAS-IPv6-Address ]
+           [ NAS-Port ]
+           [ NAS-Port-Id ]
+           [ NAS-Port-Type ]
+           [ Service-Type ]
+           [ Framed-IP-Address ]
+           [ Framed-IPv6-Prefix ]
+           [ Framed-Interface-Id ]
+           [ Called-Station-Id ]
+           [ Calling-Station-Id ]
+           [ Originating-Line-Info ]
+           [ Acct-Session-Id ]
+           [ Acct-Multi-Session-Id ]
+           [ State ]
+         * [ Class ]
+           [ Reply-Message ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   RAA ::= < Diameter Header: 258, PXY >
+
+           < Session-Id >
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ User-Name ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ Error-Message ]
+           [ Error-Reporting-Host ]
+         * [ Failed-AVP ]
+         * [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+           [ Service-Type ]
+         * [ Configuration-Token ]
+           [ Idle-Timeout ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Re-Auth-Request-Type ]
+           [ State ]
+         * [ Class ]
+         * [ Reply-Message ]
+           [ Prompt ]
+         * [ Proxy-Info ]
+         * [ AVP ]
+
+   STR ::= < Diameter Header: 275, REQ, PXY >
+
+           < Session-Id >
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Auth-Application-Id }
+           { Termination-Cause }
+           [ User-Name ]
+           [ Destination-Host ]
+         * [ Class ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   STA ::= < Diameter Header: 275, PXY >
+
+           < Session-Id >
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ User-Name ]
+         * [ Class ]
+           [ Error-Message ]
+           [ Error-Reporting-Host ]
+         * [ Failed-AVP ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+         * [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ AVP ]
+
+   ASR ::= < Diameter Header: 274, REQ, PXY >
+
+           < Session-Id >
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Destination-Host }
+           { Auth-Application-Id }
+           [ User-Name ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ NAS-Identifier ]
+           [ NAS-IP-Address ]
+           [ NAS-IPv6-Address ]
+           [ NAS-Port ]
+           [ NAS-Port-Id ]
+           [ NAS-Port-Type ]
+           [ Service-Type ]
+           [ Framed-IP-Address ]
+           [ Framed-IPv6-Prefix ]
+           [ Framed-Interface-Id ]
+           [ Called-Station-Id ]
+           [ Calling-Station-Id ]
+           [ Originating-Line-Info ]
+           [ Acct-Session-Id ]
+           [ Acct-Multi-Session-Id ]
+           [ State ]
+         * [ Class ]
+         * [ Reply-Message ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ASA ::= < Diameter Header: 274, PXY >
+
+           < Session-Id >
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ User-Name ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ State]
+           [ Error-Message ]
+           [ Error-Reporting-Host ]
+         * [ Failed-AVP ]
+         * [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ AVP ]
+
+   ACR ::= < Diameter Header: 271, REQ, PXY >
+
+           < Session-Id >
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Accounting-Record-Type }
+           { Accounting-Record-Number }
+           [ Acct-Application-Id ]
+           [ Vendor-Specific-Application-Id ]
+           [ User-Name ]
+           [ Accounting-Sub-Session-Id ]
+           [ Acct-Session-Id ]
+           [ Acct-Multi-Session-Id ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ Destination-Host ]
+           [ Event-Timestamp ]
+           [ Acct-Delay-Time ]
+           [ NAS-Identifier ]
+           [ NAS-IP-Address ]
+           [ NAS-IPv6-Address ]
+           [ NAS-Port ]
+           [ NAS-Port-Id ]
+           [ NAS-Port-Type ]
+         * [ Class ]
+           [ Service-Type ]
+           [ Termination-Cause ]
+           [ Accounting-Input-Octets ]
+           [ Accounting-Input-Packets ]
+           [ Accounting-Output-Octets ]
+           [ Accounting-Output-Packets ]
+           [ Acct-Authentic ]
+           [ Accounting-Auth-Method ]
+           [ Acct-Link-Count ]
+           [ Acct-Session-Time ]
+           [ Acct-Tunnel-Connection ]
+           [ Acct-Tunnel-Packets-Lost ]
+           [ Callback-Id ]
+           [ Callback-Number ]
+           [ Called-Station-Id ]
+           [ Calling-Station-Id ]
+         * [ Connect-Info ]
+           [ Originating-Line-Info ]
+           [ Authorization-Lifetime ]
+           [ Session-Timeout ]
+           [ Idle-Timeout ]
+           [ Port-Limit ]
+           [ Accounting-Realtime-Required ]
+           [ Acct-Interim-Interval ]
+         * [ Filter-Id ]
+         * [ NAS-Filter-Rule ]
+         * [ QoS-Filter-Rule ]
+           [ Framed-AppleTalk-Link ]
+           [ Framed-AppleTalk-Network ]
+           [ Framed-AppleTalk-Zone ]
+           [ Framed-Compression ]
+           [ Framed-Interface-Id ]
+           [ Framed-IP-Address ]
+           [ Framed-IP-Netmask ]
+         * [ Framed-IPv6-Prefix ]
+           [ Framed-IPv6-Pool ]
+         * [ Framed-IPv6-Route ]
+           [ Framed-IPX-Network ]
+           [ Framed-MTU ]
+           [ Framed-Pool ]
+           [ Framed-Protocol ]
+         * [ Framed-Route ]
+           [ Framed-Routing ]
+         * [ Login-IP-Host ]
+         * [ Login-IPv6-Host ]
+           [ Login-LAT-Group ]
+           [ Login-LAT-Node ]
+           [ Login-LAT-Port ]
+           [ Login-LAT-Service ]
+           [ Login-Service ]
+           [ Login-TCP-Port ]
+         * [ Tunneling ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ACA ::= < Diameter Header: 271, PXY >
+
+           < Session-Id >
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           { Accounting-Record-Type }
+           { Accounting-Record-Number }
+           [ Acct-Application-Id ]
+           [ Vendor-Specific-Application-Id ]
+           [ User-Name ]
+           [ Accounting-Sub-Session-Id ]
+           [ Acct-Session-Id ]
+           [ Acct-Multi-Session-Id ]
+           [ Event-Timestamp ]
+           [ Error-Message ]
+           [ Error-Reporting-Host ]
+         * [ Failed-AVP ]
+           [ Origin-AAA-Protocol ]
+           [ Origin-State-Id ]
+           [ NAS-Identifier ]
+           [ NAS-IP-Address ]
+           [ NAS-IPv6-Address ]
+           [ NAS-Port ]
+           [ NAS-Port-Id ]
+           [ NAS-Port-Type ]
+           [ Service-Type ]
+           [ Termination-Cause ]
+           [ Accounting-Realtime-Required ]
+           [ Acct-Interim-Interval ]
+         * [ Class ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+;; ===========================================================================
+
+@grouped
+
+   CHAP-Auth ::= < AVP Header: 402 >
+
+           { CHAP-Algorithm }
+           { CHAP-Ident }
+           [ CHAP-Response ]
+         * [ AVP ]
+
+   Tunneling ::= < AVP Header: 401 >
+
+           { Tunnel-Type }
+           { Tunnel-Medium-Type }
+           { Tunnel-Client-Endpoint }
+           { Tunnel-Server-Endpoint }
+           [ Tunnel-Preference ]
+           [ Tunnel-Client-Auth-Id ]
+           [ Tunnel-Server-Auth-Id ]
+           [ Tunnel-Assignment-Id ]
+           [ Tunnel-Password ]
+           [ Tunnel-Private-Group-Id ]
+
+;; ===========================================================================
+
+@enum NAS-Port-Type
+
+   ASYNC                          0
+   SYNC                           1
+   ISDN_SYNC                      2
+   ISDN_ASYNC_V120                3
+   ISDN_ASYNC_V110                4
+   VIRTUAL                        5
+   PIAFS                          6
+   HDLC_CLEAR_CHANNEL             7
+   X25                            8
+   X75                            9
+   G3FAX                         10
+   SDSL                          11
+   ADSL-CAP                      12
+   ADSL-DMT                      13
+   IDSL                          14
+   ETHERNET                      15
+   XDSL                          16
+   CABLE                         17
+   WIRELESS_OTHER                18
+  'WIRELESS_802.11'              19
+   TOKEN-RING                    20
+   FDDI                          21
+   WIRELESS_CDMA2000             22
+   WIRELESS_UMTS                 23
+   WIRELESS_1X-EV                24
+   IAPP                          25
+
+@enum Prompt
+
+   NO_ECHO                        0
+   ECHO                           1
+
+@enum CHAP-Algorithm
+
+   WITH_MD5                       5
+
+@enum Service-Type
+
+   LOGIN                          1
+   FRAMED                         2
+   CALLBACK_LOGIN                 3
+   CALLBACK_FRAMED                4
+   OUTBOUND                       5
+   ADMINISTRATIVE                 6
+   NAS_PROMPT                     7
+   AUTHENTICATE_ONLY              8
+   CALLBACK_NAS_PROMPT            9
+   CALL_CHECK                    10
+   CALLBACK_ADMINISTRATIVE       11
+   VOICE                         12
+   FAX                           13
+   MODEM_RELAY                   14
+   IAPP-REGISTER                 15
+   IAPP-AP-CHECK                 16
+   AUTHORIZE_ONLY                17
+
+@enum Framed-Protocol
+
+   PPP                            1
+   SLIP                           2
+   ARAP                           3
+   GANDALF                        4
+   XYLOGICS                       5
+   X75                            6
+
+@enum Framed-Routing
+
+   NONE                           0
+   SEND                           1
+   LISTEN                         2
+   SEND_AND_LISTEN                3
+
+@enum Framed-Compression
+
+   NONE                           0
+   VJ                             1
+   IPX                            2
+   STAC-LZS                       3
+
+@enum ARAP-Zone-Access
+
+   DEFAULT                        1
+   FILTER_INCLUSIVELY             2
+   FILTER_EXCLUSIVELY             4
+
+@enum Login-Service
+
+   TELNET                         0
+   RLOGIN                         1
+   TCP_CLEAR                      2
+   PORTMASTER                     3
+   LAT                            4
+   X25-PAD                        5
+   X25-T3POS                      6
+   TCP_CLEAR_QUIET                8
+
+@enum Tunnel-Type
+
+   PPTP                           1
+   L2F                            2
+   L2TP                           3
+   ATMP                           4
+   VTP                            5
+   AH                             6
+   IP-IP                          7
+   MIN-IP-IP                      8
+   ESP                            9
+   GRE                           10
+   DVS                           11
+   IP-IN-IP                      12
+   VLAN                          13
+
+@enum Tunnel-Medium-Type
+
+   IPV4                           1
+   IPV6                           2
+   NSAP                           3
+   HDLC                           4
+   BBN_1822                       5
+  '802'                           6
+   E163                           7
+   E164                           8
+   F69                            9
+   X121                          10
+   IPX                           11
+   APPLETALK                     12
+   DECNET_IV                     13
+   BANYAN_VINES                  14
+   E164_NSAP                     15
+
+
+@enum Acct-Authentic
+
+   RADIUS                         1
+   LOCAL                          2
+   REMOTE                         3
+   DIAMETER                       4
+
+@enum Accounting-Auth-Method
+
+   PAP                            1
+   CHAP                           2
+   MS-CHAP-1                      3
+   MS-CHAP-2                      4
+   EAP                            5
+   NONE                           7
+
+@enum Termination-Cause
+
+   USER_REQUEST                  11
+   LOST_CARRIER                  12
+   LOST_SERVICE                  13
+   IDLE_TIMEOUT                  14
+   SESSION_TIMEOUT               15
+   ADMIN_RESET                   16
+   ADMIN_REBOOT                  17
+   PORT_ERROR                    18
+   NAS_ERROR                     19
+   NAS_REQUEST                   20
+   NAS_REBOOT                    21
+   PORT_UNNEEDED                 22
+   PORT_PREEMPTED                23
+   PORT_SUSPENDED                24
+   SERVICE_UNAVAILABLE           25
+   CALLBACK                      26
+   USER_ERROR                    27
+   HOST_REQUEST                  28
+   SUPPLICANT_RESTART            29
+   REAUTHORIZATION_FAILURE       30
+   PORT_REINIT                   31
+   PORT_DISABLED                 32
diff --git a/lib/diameter/examples/dict/rfc4006_cc.dia b/lib/diameter/examples/dict/rfc4006_cc.dia
new file mode 100644
index 0000000000..b723e4ddbb
--- /dev/null
+++ b/lib/diameter/examples/dict/rfc4006_cc.dia
@@ -0,0 +1,349 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+;;
+;; RFC 4006, Diameter Credit-Control Application
+;;
+
+@id 4
+
+@inherits rfc3588_base
+@inherits rfc4005_nas  Filter-Id
+
+;; ===========================================================================
+
+@avp_types
+
+   CC-Correlation-Id                 411    OctetString   -
+   CC-Input-Octets                   412    Unsigned64    M
+   CC-Money                          413    Grouped       M
+   CC-Output-Octets                  414    Unsigned64    M
+   CC-Request-Number                 415    Unsigned32    M
+   CC-Request-Type                   416    Enumerated    M
+   CC-Service-Specific-Units         417    Unsigned64    M
+   CC-Session-Failover               418    Enumerated    M
+   CC-Sub-Session-Id                 419    Unsigned64    M
+   CC-Time                           420    Unsigned32    M
+   CC-Total-Octets                   421    Unsigned64    M
+   CC-Unit-Type                      454    Enumerated    M
+   Check-Balance-Result              422    Enumerated    M
+   Cost-Information                  423    Grouped       M
+   Cost-Unit                         424    UTF8String    M
+   Credit-Control                    426    Enumerated    M
+   Credit-Control-Failure-Handling   427    Enumerated    M
+   Currency-Code                     425    Unsigned32    M
+   Direct-Debiting-Failure-Handling  428    Enumerated    M
+   Exponent                          429    Integer32     M
+   Final-Unit-Action                 449    Enumerated    M
+   Final-Unit-Indication             430    Grouped       M
+   Granted-Service-Unit              431    Grouped       M
+   G-S-U-Pool-Identifier             453    Unsigned32    M
+   G-S-U-Pool-Reference              457    Grouped       M
+   Multiple-Services-Credit-Control  456    Grouped       M
+   Multiple-Services-Indicator       455    Enumerated    M
+   Rating-Group                      432    Unsigned32    M
+   Redirect-Address-Type             433    Enumerated    M
+   Redirect-Server                   434    Grouped       M
+   Redirect-Server-Address           435    UTF8String    M
+   Requested-Action                  436    Enumerated    M
+   Requested-Service-Unit            437    Grouped       M
+   Restriction-Filter-Rule           438    IPFilterRule  M
+   Service-Context-Id                461    UTF8String    M
+   Service-Identifier                439    Unsigned32    M
+   Service-Parameter-Info            440    Grouped       -
+   Service-Parameter-Type            441    Unsigned32    -
+   Service-Parameter-Value           442    OctetString   -
+   Subscription-Id                   443    Grouped       M
+   Subscription-Id-Data              444    UTF8String    M
+   Subscription-Id-Type              450    Enumerated    M
+   Tariff-Change-Usage               452    Enumerated    M
+   Tariff-Time-Change                451    Time          M
+   Unit-Value                        445    Grouped       M
+   Used-Service-Unit                 446    Grouped       M
+   User-Equipment-Info               458    Grouped       -
+   User-Equipment-Info-Type          459    Enumerated    -
+   User-Equipment-Info-Value         460    OctetString   -
+   Value-Digits                      447    Integer64     M
+   Validity-Time                     448    Unsigned32    M
+
+;; ===========================================================================
+
+@messages
+
+   CCR ::= < Diameter Header: 272, REQ, PXY >
+
+           < Session-Id >
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Auth-Application-Id }
+           { Service-Context-Id }
+           { CC-Request-Type }
+           { CC-Request-Number }
+           [ Destination-Host ]
+           [ User-Name ]
+           [ CC-Sub-Session-Id ]
+           [ Acct-Multi-Session-Id ]
+           [ Origin-State-Id ]
+           [ Event-Timestamp ]
+         * [ Subscription-Id ]
+           [ Service-Identifier ]
+           [ Termination-Cause ]
+           [ Requested-Service-Unit ]
+           [ Requested-Action ]
+         * [ Used-Service-Unit ]
+           [ Multiple-Services-Indicator ]
+         * [ Multiple-Services-Credit-Control ]
+         * [ Service-Parameter-Info ]
+           [ CC-Correlation-Id ]
+           [ User-Equipment-Info ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   CCA ::= < Diameter Header: 272, PXY >
+
+           < Session-Id >
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           { Auth-Application-Id }
+           { CC-Request-Type }
+           { CC-Request-Number }
+           [ User-Name ]
+           [ CC-Session-Failover ]
+           [ CC-Sub-Session-Id ]
+           [ Acct-Multi-Session-Id ]
+           [ Origin-State-Id ]
+           [ Event-Timestamp ]
+           [ Granted-Service-Unit ]
+         * [ Multiple-Services-Credit-Control ]
+           [ Cost-Information]
+           [ Final-Unit-Indication ]
+           [ Check-Balance-Result ]
+           [ Credit-Control-Failure-Handling ]
+           [ Direct-Debiting-Failure-Handling ]
+           [ Validity-Time]
+         * [ Redirect-Host]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ Failed-AVP ]
+         * [ AVP ]
+
+;; ===========================================================================
+
+@grouped
+
+   Cost-Information ::= < AVP Header: 423 >
+
+           { Unit-Value }
+           { Currency-Code }
+           [ Cost-Unit ]
+
+   Unit-Value ::= < AVP Header: 445 >
+
+           { Value-Digits }
+           [ Exponent ]
+
+   Multiple-Services-Credit-Control ::= < AVP Header: 456 >
+
+           [ Granted-Service-Unit ]
+           [ Requested-Service-Unit ]
+         * [ Used-Service-Unit ]
+           [ Tariff-Change-Usage ]
+         * [ Service-Identifier ]
+           [ Rating-Group ]
+         * [ G-S-U-Pool-Reference ]
+           [ Validity-Time ]
+           [ Result-Code ]
+           [ Final-Unit-Indication ]
+         * [ AVP ]
+
+   Granted-Service-Unit ::= < AVP Header: 431 >
+
+           [ Tariff-Time-Change ]
+           [ CC-Time ]
+           [ CC-Money ]
+           [ CC-Total-Octets ]
+           [ CC-Input-Octets ]
+           [ CC-Output-Octets ]
+           [ CC-Service-Specific-Units ]
+         * [ AVP ]
+
+   Requested-Service-Unit ::= < AVP Header: 437 >
+
+           [ CC-Time ]
+           [ CC-Money ]
+           [ CC-Total-Octets ]
+           [ CC-Input-Octets ]
+           [ CC-Output-Octets ]
+           [ CC-Service-Specific-Units ]
+         * [ AVP ]
+
+   Used-Service-Unit ::= < AVP Header: 446 >
+
+           [ Tariff-Change-Usage ]
+           [ CC-Time ]
+           [ CC-Money ]
+           [ CC-Total-Octets ]
+           [ CC-Input-Octets ]
+           [ CC-Output-Octets ]
+           [ CC-Service-Specific-Units ]
+         * [ AVP ]
+
+   CC-Money ::= < AVP Header: 413 >
+
+           { Unit-Value }
+           [ Currency-Code ]
+
+   G-S-U-Pool-Reference ::= < AVP Header: 457 >
+
+           { G-S-U-Pool-Identifier }
+           { CC-Unit-Type }
+           { Unit-Value }
+
+   Final-Unit-Indication ::= < AVP Header: 430 >
+
+           { Final-Unit-Action }
+         * [ Restriction-Filter-Rule ]
+         * [ Filter-Id ]
+           [ Redirect-Server ]
+
+   Redirect-Server ::= < AVP Header: 434 >
+
+           { Redirect-Address-Type }
+           { Redirect-Server-Address }
+
+   Service-Parameter-Info ::= < AVP Header: 440 >
+
+           { Service-Parameter-Type }
+           { Service-Parameter-Value }
+
+   Subscription-Id ::= < AVP Header: 443 >
+
+           { Subscription-Id-Type }
+           { Subscription-Id-Data }
+
+   User-Equipment-Info ::= < AVP Header: 458 >
+
+           { User-Equipment-Info-Type }
+           { User-Equipment-Info-Value }
+
+;; ===========================================================================
+
+@enum CC-Request-Type
+
+   INITIAL_REQUEST                 1
+   UPDATE_REQUEST                  2
+   TERMINATION_REQUEST             3
+   EVENT_REQUEST                   4
+
+@enum CC-Session-Failover
+
+   NOT_SUPPORTED                   0
+   SUPPORTED                       1
+
+@enum Check-Balance-Result
+
+   ENOUGH_CREDIT                   0
+   NO_CREDIT                       1
+
+@enum Credit-Control
+
+   AUTHORIZATION                   0
+   RE_AUTHORIZATION                1
+
+@enum Credit-Control-Failure-Handling
+
+   TERMINATE                       0
+   CONTINUE                        1
+   RETRY_AND_TERMINATE             2
+
+@enum Direct-Debiting-Failure-Handling
+
+   TERMINATE_OR_BUFFER             0
+   CONTINUE                        1
+
+@enum Tariff-Change-Usage
+
+   UNIT_BEFORE_TARIFF_CHANGE       0
+   UNIT_AFTER_TARIFF_CHANGE        1
+   UNIT_INDETERMINATE              2
+
+@enum CC-Unit-Type
+
+   TIME                            0
+   MONEY                           1
+   TOTAL-OCTETS                    2
+   INPUT-OCTETS                    3
+   OUTPUT-OCTETS                   4
+   SERVICE-SPECIFIC-UNITS          5
+
+@enum Final-Unit-Action
+
+   TERMINATE                       0
+   REDIRECT                        1
+   RESTRICT_ACCESS                 2
+
+@enum Redirect-Address-Type
+
+   IPV4                            0
+   IPV6                            1
+   URL                             2
+   SIP_URI                         3
+
+@enum Multiple-Services-Indicator
+
+   NOT_SUPPORTED                   0
+   SUPPORTED                       1
+
+@enum Requested-Action
+
+   DIRECT_DEBITING                 0
+   REFUND_ACCOUNT                  1
+   CHECK_BALANCE                   2
+   PRICE_ENQUIRY                   3
+
+@enum Subscription-Id-Type
+
+   END_USER_E164                   0
+   END_USER_IMSI                   1
+   END_USER_SIP_URI                2
+   END_USER_NAI                    3
+   END_USER_PRIVATE                4
+
+@enum User-Equipment-Info-Type
+
+   IMEISV                          0
+   MAC                             1
+   EUI64                           2
+   MODIFIED_EUI64                  3
+
+;; ===========================================================================
+
+@define Result-Code
+
+   END_USER_SERVICE_DENIED         4010
+   CREDIT_CONTROL_NOT_APPLICABLE   4011
+   CREDIT_LIMIT_REACHED            4012
+
+   USER_UNKNOWN                    5030
+   RATING_FAILED                   5031
diff --git a/lib/diameter/examples/dict/rfc4072_eap.dia b/lib/diameter/examples/dict/rfc4072_eap.dia
new file mode 100644
index 0000000000..111516b347
--- /dev/null
+++ b/lib/diameter/examples/dict/rfc4072_eap.dia
@@ -0,0 +1,150 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+;;
+;; RFC 4072, Diameter Extensible Authentication Protocol (EAP) Application
+;;
+;; Edits:
+;;
+;; - Move EAP-Payload to not break fixed/required/optional order
+;; - Framed-Appletalk-Link    -> Framed-AppleTalk-Link
+;; - Framed-Appletalk-Network -> Framed-AppleTalk-Network
+;; - Framed-Appletalk-Zone    -> Framed-AppleTalk-Zone
+;;
+
+@id 5
+
+@inherits rfc3588_base
+@inherits rfc4005_nas
+
+;; ===========================================================================
+
+@avp_types
+
+   EAP-Master-Session-Key           464   OctetString    -
+   EAP-Key-Name                     102   OctetString    -
+   EAP-Payload                      462   OctetString    -
+   EAP-Reissued-Payload             463   OctetString    -
+   Accounting-EAP-Auth-Method       465    Unsigned64    -
+
+;; ===========================================================================
+
+@messages
+
+   DER ::= < Diameter Header: 268, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { Auth-Request-Type }
+           { EAP-Payload }
+           [ Destination-Host ]
+           [ NAS-Identifier ]
+           [ NAS-IP-Address ]
+           [ NAS-IPv6-Address ]
+           [ NAS-Port ]
+           [ NAS-Port-Id ]
+           [ NAS-Port-Type ]
+           [ Origin-State-Id ]
+           [ Port-Limit ]
+           [ User-Name ]
+           [ EAP-Key-Name ]
+           [ Service-Type ]
+           [ State ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Auth-Session-State ]
+           [ Callback-Number ]
+           [ Called-Station-Id ]
+           [ Calling-Station-Id ]
+           [ Originating-Line-Info ]
+           [ Connect-Info ]
+         * [ Framed-Compression ]
+           [ Framed-Interface-Id ]
+           [ Framed-IP-Address ]
+         * [ Framed-IPv6-Prefix ]
+           [ Framed-IP-Netmask ]
+           [ Framed-MTU ]
+           [ Framed-Protocol ]
+         * [ Tunneling ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   DEA ::= < Diameter Header: 268, PXY >
+
+          < Session-Id >
+          { Auth-Application-Id }
+          { Auth-Request-Type }
+          { Result-Code }
+          { Origin-Host }
+          { Origin-Realm }
+          [ User-Name ]
+          [ EAP-Payload ]
+          [ EAP-Reissued-Payload ]
+          [ EAP-Master-Session-Key ]
+          [ EAP-Key-Name ]
+          [ Multi-Round-Time-Out ]
+          [ Accounting-EAP-Auth-Method ]
+          [ Service-Type ]
+        * [ Class ]
+        * [ Configuration-Token ]
+          [ Acct-Interim-Interval ]
+          [ Error-Message ]
+          [ Error-Reporting-Host ]
+        * [ Failed-AVP ]
+          [ Idle-Timeout ]
+          [ Authorization-Lifetime ]
+          [ Auth-Grace-Period ]
+          [ Auth-Session-State ]
+          [ Re-Auth-Request-Type ]
+          [ Session-Timeout ]
+          [ State ]
+        * [ Reply-Message ]
+          [ Origin-State-Id ]
+        * [ Filter-Id ]
+          [ Port-Limit ]
+          [ Callback-Id ]
+          [ Callback-Number ]
+          [ Framed-AppleTalk-Link ]
+        * [ Framed-AppleTalk-Network ]
+          [ Framed-AppleTalk-Zone ]
+        * [ Framed-Compression ]
+          [ Framed-Interface-Id ]
+          [ Framed-IP-Address ]
+        * [ Framed-IPv6-Prefix ]
+          [ Framed-IPv6-Pool ]
+        * [ Framed-IPv6-Route ]
+          [ Framed-IP-Netmask ]
+        * [ Framed-Route ]
+          [ Framed-Pool ]
+          [ Framed-IPX-Network ]
+          [ Framed-MTU ]
+          [ Framed-Protocol ]
+          [ Framed-Routing ]
+        * [ NAS-Filter-Rule ]
+        * [ QoS-Filter-Rule ]
+        * [ Tunneling ]
+        * [ Redirect-Host ]
+          [ Redirect-Host-Usage ]
+          [ Redirect-Max-Cache-Time ]
+        * [ Proxy-Info ]
+        * [ AVP ]
diff --git a/lib/diameter/examples/dict/rfc4590_digest.dia b/lib/diameter/examples/dict/rfc4590_digest.dia
new file mode 100644
index 0000000000..a4ebe0c456
--- /dev/null
+++ b/lib/diameter/examples/dict/rfc4590_digest.dia
@@ -0,0 +1,45 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+;;
+;; RFC 4590, RADIUS Extension for Digest Authentication
+;;
+
+@avp_types
+
+   Digest-Response          103  OctetString  -
+   Digest-Realm             104  OctetString  -
+   Digest-Nonce             105  OctetString  -
+   Digest-Response-Auth     106  OctetString  -
+   Digest-Nextnonce         107  OctetString  -
+   Digest-Method            108  OctetString  -
+   Digest-URI               109  OctetString  -
+   Digest-Qop               110  OctetString  -
+   Digest-Algorithm         111  OctetString  -
+   Digest-Entity-Body-Hash  112  OctetString  -
+   Digest-CNonce            113  OctetString  -
+   Digest-Nonce-Count       114  OctetString  -
+   Digest-Username          115  OctetString  -
+   Digest-Opaque            116  OctetString  -
+   Digest-Auth-Param        117  OctetString  -
+   Digest-AKA-Auts          118  OctetString  -
+   Digest-Domain            119  OctetString  -
+   Digest-Stale             120  OctetString  -
+   Digest-HA1               121  OctetString  -
+   SIP-AOR                  122  OctetString  -
diff --git a/lib/diameter/examples/dict/rfc4740_sip.dia b/lib/diameter/examples/dict/rfc4740_sip.dia
new file mode 100644
index 0000000000..8c21882649
--- /dev/null
+++ b/lib/diameter/examples/dict/rfc4740_sip.dia
@@ -0,0 +1,446 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+;;
+;; RFC 4740, Diameter Session Initiation Protocol (SIP) Application
+;;
+
+@id 6
+
+@inherits rfc3588_base
+@inherits rfc4590_digest
+
+;; ===========================================================================
+
+@avp_types
+
+    SIP-Accounting-Information          368  Grouped      M
+    SIP-Accounting-Server-URI           369  DiameterURI  M
+    SIP-Credit-Control-Server-URI       370  DiameterURI  M
+    SIP-Server-URI                      371  UTF8String   M
+    SIP-Server-Capabilities             372  Grouped      M
+    SIP-Mandatory-Capability            373  Unsigned32   M
+    SIP-Optional-Capability             374  Unsigned32   M
+    SIP-Server-Assignment-Type          375  Enumerated   M
+    SIP-Auth-Data-Item                  376  Grouped      M
+    SIP-Authentication-Scheme           377  Enumerated   M
+    SIP-Item-Number                     378  Unsigned32   M
+    SIP-Authenticate                    379  Grouped      M
+    SIP-Authorization                   380  Grouped      M
+    SIP-Authentication-Info             381  Grouped      M
+    SIP-Number-Auth-Items               382  Unsigned32   M
+    SIP-Deregistration-Reason           383  Grouped      M
+    SIP-Reason-Code                     384  Enumerated   M
+    SIP-Reason-Info                     385  UTF8String   M
+    SIP-Visited-Network-Id              386  UTF8String   M
+    SIP-User-Authorization-Type         387  Enumerated   M
+    SIP-Supported-User-Data-Type        388  UTF8String   M
+    SIP-User-Data                       389  Grouped      M
+    SIP-User-Data-Type                  390  UTF8String   M
+    SIP-User-Data-Contents              391  OctetString  M
+    SIP-User-Data-Already-Available     392  Enumerated   M
+    SIP-Method                          393  UTF8String   M
+
+;; ===========================================================================
+
+@messages
+
+   ;; 8.1.  User-Authorization-Request
+
+   UAR ::= < Diameter Header: 283, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { SIP-AOR }
+           [ Destination-Host ]
+           [ User-Name ]
+           [ SIP-Visited-Network-Id ]
+           [ SIP-User-Authorization-Type ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.2.  User-Authorization-Answer
+
+   UAA ::= < Diameter Header: 283, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Result-Code }
+           { Origin-Host }
+           { Origin-Realm }
+           [ SIP-Server-URI ]
+           [ SIP-Server-Capabilities ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.3.  Server-Assignment-Request
+
+   SAR ::= < Diameter Header: 284, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { SIP-Server-Assignment-Type }
+           { SIP-User-Data-Already-Available }
+           [ Destination-Host ]
+           [ User-Name ]
+           [ SIP-Server-URI ]
+         * [ SIP-Supported-User-Data-Type ]
+         * [ SIP-AOR ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.4.  Server-Assignment-Answer
+
+   SAA ::= < Diameter Header: 284, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+         * [ SIP-User-Data ]
+           [ SIP-Accounting-Information ]
+         * [ SIP-Supported-User-Data-Type ]
+           [ User-Name ]
+           [ Auth-Grace-Period ]
+           [ Authorization-Lifetime ]
+           [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.5.  Location-Info-Request
+
+  LIR ::= < Diameter Header: 285, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { SIP-AOR }
+           [ Destination-Host ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.6.  Location-Info-Answer
+
+   LIA ::= < Diameter Header: 285, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           [ SIP-Server-URI ]
+           [ SIP-Server-Capabilities ]
+           [ Auth-Grace-Period ]
+           [ Authorization-Lifetime ]
+           [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.7.  Multimedia-Auth-Request
+
+   MAR ::= < Diameter Header: 286, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { SIP-AOR }
+           { SIP-Method }
+           [ Destination-Host ]
+           [ User-Name ]
+           [ SIP-Server-URI ]
+           [ SIP-Number-Auth-Items ]
+           [ SIP-Auth-Data-Item ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.8.  Multimedia-Auth-Answer
+
+   MAA ::= < Diameter Header: 286, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           [ User-Name ]
+           [ SIP-AOR ]
+           [ SIP-Number-Auth-Items ]
+         * [ SIP-Auth-Data-Item ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.9.  Registration-Termination-Request
+
+   RTR ::= < Diameter Header: 287, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Host }
+           { SIP-Deregistration-Reason }
+           [ Destination-Realm ]
+           [ User-Name ]
+         * [ SIP-AOR ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.10.  Registration-Termination-Answer
+
+   RTA ::= < Diameter Header: 287, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+           [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.11.  Push-Profile-Request
+
+   PPR ::= < Diameter Header: 288, REQ, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           { Destination-Realm }
+           { User-Name }
+         * [ SIP-User-Data ]
+           [ SIP-Accounting-Information ]
+           [ Destination-Host ]
+           [ Authorization-Lifetime ]
+           [ Auth-Grace-Period ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+   ;; 8.12.  Push-Profile-Answer
+
+   PPA ::= < Diameter Header: 288, PXY >
+
+           < Session-Id >
+           { Auth-Application-Id }
+           { Result-Code }
+           { Auth-Session-State }
+           { Origin-Host }
+           { Origin-Realm }
+           [ Redirect-Host ]
+           [ Redirect-Host-Usage ]
+           [ Redirect-Max-Cache-Time ]
+         * [ Proxy-Info ]
+         * [ Route-Record ]
+         * [ AVP ]
+
+;; ===========================================================================
+
+@grouped
+
+   SIP-Accounting-Information ::= < AVP Header: 368 >
+
+         * [ SIP-Accounting-Server-URI ]
+         * [ SIP-Credit-Control-Server-URI ]
+         * [ AVP]
+
+   SIP-Server-Capabilities ::= < AVP Header: 372 >
+
+         * [ SIP-Mandatory-Capability ]
+         * [ SIP-Optional-Capability ]
+         * [ SIP-Server-URI ]
+         * [ AVP ]
+
+   SIP-Auth-Data-Item ::= < AVP Header: 376 >
+
+           { SIP-Authentication-Scheme }
+           [ SIP-Item-Number ]
+           [ SIP-Authenticate ]
+           [ SIP-Authorization ]
+           [ SIP-Authentication-Info ]
+         * [ AVP ]
+
+   SIP-Authenticate ::= < AVP Header: 379 >
+
+           { Digest-Realm }
+           { Digest-Nonce }
+           [ Digest-Domain ]
+           [ Digest-Opaque ]
+           [ Digest-Stale ]
+           [ Digest-Algorithm ]
+           [ Digest-Qop ]
+           [ Digest-HA1]
+         * [ Digest-Auth-Param ]
+         * [ AVP ]
+
+   SIP-Authorization ::= < AVP Header: 380 >
+
+           { Digest-Username }
+           { Digest-Realm }
+           { Digest-Nonce }
+           { Digest-URI }
+           { Digest-Response }
+           [ Digest-Algorithm ]
+           [ Digest-CNonce ]
+           [ Digest-Opaque ]
+           [ Digest-Qop ]
+           [ Digest-Nonce-Count ]
+           [ Digest-Method]
+           [ Digest-Entity-Body-Hash ]
+         * [ Digest-Auth-Param ]
+         * [ AVP ]
+
+   SIP-Authentication-Info ::= < AVP Header: 381 >
+
+           [ Digest-Nextnonce ]
+           [ Digest-Qop ]
+           [ Digest-Response-Auth ]
+           [ Digest-CNonce ]
+           [ Digest-Nonce-Count ]
+         * [ AVP ]
+
+   SIP-Deregistration-Reason ::= < AVP Header: 383 >
+
+           { SIP-Reason-Code }
+           [ SIP-Reason-Info ]
+         * [ AVP ]
+
+   SIP-User-Data ::= < AVP Header: 389 >
+
+           { SIP-User-Data-Type }
+           { SIP-User-Data-Contents }
+         * [ AVP ]
+
+;; ===========================================================================
+
+@enum SIP-Server-Assignment-Type
+
+   NO_ASSIGNMENT                  0
+   REGISTRATION                   1
+   RE_REGISTRATION                2
+   UNREGISTERED_USER              3
+   TIMEOUT_DEREGISTRATION         4
+   USER_DEREGISTRATION            5
+   TIMEOUT_DEREGISTRATION_STORE   6
+   USER_DEREGISTRATION_STORE      7
+   ADMINISTRATIVE_DEREGISTRATION  8
+   AUTHENTICATION_FAILURE         9
+   AUTHENTICATION_TIMEOUT        10
+   DEREGISTRATION_TOO_MUCH_DATA  11
+
+@enum SIP-Authentication-Scheme
+
+   DIGEST                         0
+
+@enum SIP-Reason-Code
+
+   PERMANENT_TERMINATION          0
+   NEW_SIP_SERVER_ASSIGNED        1
+   SIP_SERVER_CHANGE              2
+   REMOVE_SIP_SERVER              3
+
+@enum SIP-User-Authorization-Type
+
+   REGISTRATION                   0
+   DEREGISTRATION                 1
+   REGISTRATION_AND_CAPABILITIES  2
+
+@enum SIP-User-Data-Already-Available
+
+   USER_DATA_NOT_AVAILABLE        0
+   USER_DATA_ALREADY_AVAILABLE    1
+
+;; ===========================================================================
+
+@define Result-Code
+
+   ;; Success
+
+   FIRST_REGISTRATION                   2003
+   SUBSEQUENT_REGISTRATION              2004
+   UNREGISTERED_SERVICE                 2005
+   SUCCESS_SERVER_NAME_NOT_STORED       2006
+   SERVER_SELECTION                     2007
+   SUCCESS_AUTH_SENT_SERVER_NOT_STORED  2008
+
+   ;; Transient Failures
+
+   USER_NAME_REQUIRED                   4013
+
+   ;; Permanent Failures
+
+   USER_UNKNOWN                         5032
+   IDENTITIES_DONT_MATCH                5033
+   IDENTITY_NOT_REGISTERED              5034
+   ROAMING_NOT_ALLOWED                  5035
+   IDENTITY_ALREADY_REGISTERED          5036
+   AUTH_SCHEME_NOT_SUPPORTED            5037
+   IN_ASSIGNMENT_TYPE                   5038
+   TOO_MUCH_DATA                        5039
+   NOT_SUPPORTED_USER_DATA              5040
diff --git a/lib/diameter/include/diameter.hrl b/lib/diameter/include/diameter.hrl
index 0fa7fd406f..4273262015 100644
--- a/lib/diameter/include/diameter.hrl
+++ b/lib/diameter/include/diameter.hrl
@@ -107,6 +107,21 @@
          transport = sctp,       %% | tcp,
          protocol  = diameter}). %% | radius | 'tacacs+'
 
+%% A diameter_callback record can be specified as an application
+%% module in order to selectively receive callbacks or alter their
+%% form.
+-record(diameter_callback,
+        {peer_up,
+         peer_down,
+         pick_peer,
+         prepare_request,
+         prepare_retransmit,
+         handle_request,
+         handle_answer,
+         handle_error,
+         default,
+         extra = []}).
+
 %% The diameter service and diameter_apps records are only passed
 %% through the transport interface when starting a transport process,
 %% although typically a transport implementation will (and probably
diff --git a/lib/diameter/src/Makefile b/lib/diameter/src/Makefile
index eea2aa894d..dbfaa4e140 100644
--- a/lib/diameter/src/Makefile
+++ b/lib/diameter/src/Makefile
@@ -54,14 +54,16 @@ VPATH = .:base:compiler:transport:gen
 
 include modules.mk
 
+# Modules generated from dictionary specifications.
 DICT_MODULES = $(DICTS:%=gen/diameter_gen_%)
 DICT_ERLS    = $(DICT_MODULES:%=%.erl)
 DICT_HRLS    = $(DICT_MODULES:%=%.hrl)
 
 # Modules to build before compiling dictionaries.
-COMPILER_MODULES = $(filter compiler/%, $(CT_MODULES))
+COMPILER_MODULES = $(notdir $(filter compiler/%, $(CT_MODULES))) \
+                   $(DICT_YRL)
 
-# All handwritten modules.
+# All handwritten modules from which a depend.mk is generated.
 MODULES = \
 	$(RT_MODULES) \
 	$(CT_MODULES)
@@ -74,17 +76,21 @@ APP_MODULES = \
 # Modules for which to build beams.
 TARGET_MODULES = \
 	$(APP_MODULES) \
-	$(CT_MODULES)
+	$(CT_MODULES) \
+	$(DICT_YRL:%=gen/%)
 
 # What to build for the 'opt' target.
 TARGET_FILES = \
-	$(patsubst %,$(EBIN)/%.$(EMULATOR),$(notdir $(TARGET_MODULES))) \
+	$(patsubst %, $(EBIN)/%.$(EMULATOR), $(notdir $(TARGET_MODULES))) \
 	$(APP_TARGET) \
 	$(APPUP_TARGET)
 
 # Subdirectories of src to release modules into.
 TARGET_DIRS = $(sort $(dir $(TARGET_MODULES)))
 
+# Ditto for examples.
+EXAMPLE_DIRS = $(sort $(dir $(EXAMPLES)))
+
 APP_FILE   = diameter.app
 APP_SRC    = $(APP_FILE).src
 APP_TARGET = $(EBIN)/$(APP_FILE)
@@ -125,6 +131,10 @@ opt: $(TARGET_FILES)
 debug:
 	@$(MAKE) TYPE=debug opt
 
+# The dictionary parser.
+gen/$(DICT_YRL).erl: compiler/$(DICT_YRL).yrl
+	$(ERLC) -Werror -o $(@D) $<
+
 # Generate the app file.
 $(APP_TARGET): $(APP_SRC) ../vsn.mk modules.mk
 	M=`echo $(notdir $(APP_MODULES)) | tr ' ' ,`; \
@@ -146,6 +156,8 @@ info:
 	@echo ========================================
 	@$(call list,DICTS)
 	@echo
+	@$(call list,DICT_YRL)
+	@echo
 	@$(call list,RT_MODULES)
 	@echo
 	@$(call list,CT_MODULES)
@@ -160,11 +172,13 @@ info:
 	@echo
 	@$(call list,EXAMPLES)
 	@echo
+	@$(call list,EXAMPLE_DIRS)
+	@echo
 	@$(call list,BINS)
 	@echo ========================================
 
 clean:
-	rm -f $(TARGET_FILES) $(DICT_ERLS) $(DICT_HRLS)
+	rm -f $(TARGET_FILES) gen/*
 	rm -f depend.mk
 
 # ----------------------------------------------------
@@ -180,22 +194,29 @@ endif
 # Can't $(INSTALL_DIR) more than one directory at a time on Solaris.
 
 release_spec: opt
-	for d in bin ebin examples include src/dict $(TARGET_DIRS:%/=src/%); do \
+	for d in bin ebin include src/dict; do \
 	    $(INSTALL_DIR) $(RELSYSDIR)/$$d; \
 	done
 	$(INSTALL_SCRIPT) $(BINS:%=../bin/%) $(RELSYSDIR)/bin
 	$(INSTALL_DATA) $(TARGET_FILES) $(RELSYSDIR)/ebin
-	$(INSTALL_DATA) $(EXAMPLES:%=../examples/%) $(RELSYSDIR)/examples
 	$(INSTALL_DATA) $(EXTERNAL_HRLS:%=../include/%) $(DICT_HRLS) \
 	                $(RELSYSDIR)/include
 	$(INSTALL_DATA) $(DICTS:%=dict/%.dia) $(RELSYSDIR)/src/dict
 	$(MAKE) $(TARGET_DIRS:%/=release_src_%)
+	$(MAKE) $(EXAMPLE_DIRS:%/=release_examples_%)
 
 $(TARGET_DIRS:%/=release_src_%): release_src_%:
-	$(INSTALL_DATA) $(filter $*/%,$(TARGET_MODULES:%=%.erl) \
-	                              $(INTERNAL_HRLS)) \
+	$(INSTALL_DIR) $(RELSYSDIR)/src/$*
+	$(INSTALL_DATA) $(filter $*/%, $(TARGET_MODULES:%=%.erl) \
+	                               $(INTERNAL_HRLS)) \
+	                $(filter $*/%, compiler/$(DICT_YRL).yrl) \
 	                $(RELSYSDIR)/src/$*
 
+$(EXAMPLE_DIRS:%/=release_examples_%): release_examples_%:
+	$(INSTALL_DIR) $(RELSYSDIR)/examples/$*
+	$(INSTALL_DATA) $(patsubst %, ../examples/%, $(filter $*/%, $(EXAMPLES))) \
+	                $(RELSYSDIR)/examples/$*
+
 release_docs_spec:
 
 # ----------------------------------------------------
@@ -207,7 +228,7 @@ gen/diameter_gen_base_accounting.hrl gen/diameter_gen_relay.hrl: \
 	$(EBIN)/diameter_gen_base_rfc3588.$(EMULATOR)
 
 gen/diameter_gen_base_rfc3588.erl gen/diameter_gen_base_rfc3588.hrl: \
-	$(COMPILER_MODULES:compiler/%=$(EBIN)/%.$(EMULATOR))
+	$(COMPILER_MODULES:%=$(EBIN)/%.$(EMULATOR))
 
 $(DICT_MODULES:gen/%=$(EBIN)/%.$(EMULATOR)): \
 	$(INCDIR)/diameter.hrl \
@@ -224,10 +245,13 @@ depend.mk: depend.sed $(MODULES:%=%.erl) Makefile
 
 -include depend.mk
 
-.PRECIOUS: $(DICT_ERLS) $(DICT_HRLS)
 .PHONY: app clean depend dict info release_subdir
 .PHONY: debug opt release_docs_spec release_spec
 .PHONY: $(TARGET_DIRS:%/=%) $(TARGET_DIRS:%/=release_src_%)
+.PHONY: $(EXAMPLE_DIRS:%/=release_examples_%)
+
+# Keep intermediate files.
+.SECONDARY: $(DICT_ERLS) $(DICT_HRLS) gen/$(DICT_YRL:%=%.erl)
 
 # ----------------------------------------------------
 # Targets using secondary expansion (make >= 3.81)
@@ -237,4 +261,6 @@ depend.mk: depend.sed $(MODULES:%=%.erl) Makefile
 
 # Make beams from a subdirectory.
 $(TARGET_DIRS:%/=%): \
-  $$(patsubst $$@/%,$(EBIN)/%.$(EMULATOR),$$(filter $$@/%,$(TARGET_MODULES)))
+  $$(patsubst $$@/%, \
+              $(EBIN)/%.$(EMULATOR), \
+              $$(filter $$@/%, $(TARGET_MODULES) compiler/$(DICT_YRL)))
diff --git a/lib/diameter/src/base/diameter.erl b/lib/diameter/src/base/diameter.erl
index 2f721421d8..336f0c1f2d 100644
--- a/lib/diameter/src/base/diameter.erl
+++ b/lib/diameter/src/base/diameter.erl
@@ -38,17 +38,47 @@
          service_info/2]).
 
 %% Start/stop the application. In a "real" application this should
-%% typically be a consequence of specifying diameter in a release file
-%% rather than by calling start/stop explicitly.
+%% typically be a consequence of a release file rather than by calling
+%% start/stop explicitly.
 -export([start/0,
          stop/0]).
 
+-export_type([evaluable/0,
+              app_alias/0,
+              service_name/0,
+              capability/0,
+              peer_filter/0,
+              service_opt/0,
+              application_opt/0,
+              app_module/0,
+              transport_ref/0,
+              transport_opt/0,
+              transport_pred/0,
+              call_opt/0]).
+
+-export_type(['OctetString'/0,
+              'Integer32'/0,
+              'Integer64'/0,
+              'Unsigned32'/0,
+              'Unsigned64'/0,
+              'Float32'/0,
+              'Float64'/0,
+              'Grouped'/0,
+              'Address'/0,
+              'Time'/0,
+              'UTF8String'/0,
+              'DiameterIdentity'/0,
+              'DiameterURI'/0,
+              'Enumerated'/0,
+              'IPFilterRule'/0,
+              'QoSFilterRule'/0]).
+
+-include_lib("diameter/include/diameter.hrl").
 -include("diameter_internal.hrl").
--include("diameter_types.hrl").
 
-%%% --------------------------------------------------------------------------
-%%% start/0
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% start/0
+%% ---------------------------------------------------------------------------
 
 -spec start()
    -> ok
@@ -57,9 +87,9 @@
 start() ->
     application:start(?APPLICATION).
 
-%%% --------------------------------------------------------------------------
-%%% stop/0
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% stop/0
+%% ---------------------------------------------------------------------------
 
 -spec stop()
    -> ok
@@ -68,9 +98,9 @@ start() ->
 stop() ->
     application:stop(?APPLICATION).
 
-%%% --------------------------------------------------------------------------
-%%% start_service/2
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% start_service/2
+%% ---------------------------------------------------------------------------
 
 -spec start_service(service_name(), [service_opt()])
    -> ok
@@ -80,9 +110,9 @@ start_service(SvcName, Opts)
   when is_list(Opts) ->
     diameter_config:start_service(SvcName, Opts).
 
-%%% --------------------------------------------------------------------------
-%%% stop_service/1
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% stop_service/1
+%% ---------------------------------------------------------------------------
 
 -spec stop_service(service_name())
    -> ok
@@ -91,9 +121,9 @@ start_service(SvcName, Opts)
 stop_service(SvcName) ->
     diameter_config:stop_service(SvcName).
 
-%%% --------------------------------------------------------------------------
-%%% services/0
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% services/0
+%% ---------------------------------------------------------------------------
 
 -spec services()
    -> [service_name()].
@@ -101,9 +131,9 @@ stop_service(SvcName) ->
 services() ->
     [Name || {Name, _} <- diameter_service:services()].
 
-%%% --------------------------------------------------------------------------
-%%% service_info/2
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% service_info/2
+%% ---------------------------------------------------------------------------
 
 -spec service_info(service_name(), atom() | [atom()])
    -> any().
@@ -111,9 +141,9 @@ services() ->
 service_info(SvcName, Option) ->
     diameter_service:info(SvcName, Option).
 
-%%% --------------------------------------------------------------------------
-%%% add_transport/3
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% add_transport/3
+%% ---------------------------------------------------------------------------
 
 -spec add_transport(service_name(), {listen|connect, [transport_opt()]})
    -> {ok, transport_ref()}
@@ -123,9 +153,9 @@ add_transport(SvcName, {T, Opts} = Cfg)
   when is_list(Opts), (T == connect orelse T == listen) ->
     diameter_config:add_transport(SvcName, Cfg).
 
-%%% --------------------------------------------------------------------------
-%%% remove_transport/2
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% remove_transport/2
+%% ---------------------------------------------------------------------------
 
 -spec remove_transport(service_name(), transport_pred())
    -> ok | {error, term()}.
@@ -133,12 +163,9 @@ add_transport(SvcName, {T, Opts} = Cfg)
 remove_transport(SvcName, Pred) ->
     diameter_config:remove_transport(SvcName, Pred).
 
-%%% --------------------------------------------------------------------------
-%%% # subscribe(SvcName)
-%%%
-%%% Description: Subscribe to #diameter_event{} messages for the specified
-%%%              service.
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% subscribe/1
+%% ---------------------------------------------------------------------------
 
 -spec subscribe(service_name())
    -> true.
@@ -146,9 +173,9 @@ remove_transport(SvcName, Pred) ->
 subscribe(SvcName) ->
     diameter_service:subscribe(SvcName).
 
-%%% --------------------------------------------------------------------------
-%%% # unsubscribe(SvcName)
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% unsubscribe/1
+%% ---------------------------------------------------------------------------
 
 -spec unsubscribe(service_name())
    -> true.
@@ -156,9 +183,9 @@ subscribe(SvcName) ->
 unsubscribe(SvcName) ->
     diameter_service:unsubscribe(SvcName).
 
-%%% ----------------------------------------------------------
-%%% # session_id/1
-%%% ----------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% session_id/1
+%% ---------------------------------------------------------------------------
 
 -spec session_id('DiameterIdentity'())
    -> 'OctetString'().
@@ -166,9 +193,9 @@ unsubscribe(SvcName) ->
 session_id(Ident) ->
     diameter_session:session_id(Ident).
 
-%%% ----------------------------------------------------------
-%%% # origin_state_id/0
-%%% ----------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% origin_state_id/0
+%% ---------------------------------------------------------------------------
 
 -spec origin_state_id()
    -> 'Unsigned32'().
@@ -176,9 +203,9 @@ session_id(Ident) ->
 origin_state_id() ->
     diameter_session:origin_state_id().
 
-%%% --------------------------------------------------------------------------
-%%% # call/[34]
-%%% --------------------------------------------------------------------------
+%% ---------------------------------------------------------------------------
+%% call/3,4
+%% ---------------------------------------------------------------------------
 
 -spec call(service_name(), app_alias(), any(), [call_opt()])
    -> any().
@@ -188,3 +215,125 @@ call(SvcName, App, Message, Options) ->
 
 call(SvcName, App, Message) ->
     call(SvcName, App, Message, []).
+
+%% ===========================================================================
+
+%% Diameter basic types
+
+-type 'OctetString'() :: iolist().
+-type 'Integer32'()   :: -2147483647..2147483647.
+-type 'Integer64'()   :: -9223372036854775807..9223372036854775807.
+-type 'Unsigned32'()  :: 0..4294967295.
+-type 'Unsigned64'()  :: 0..18446744073709551615.
+-type 'Float32'()     :: '-infinity' | float() | infinity.
+-type 'Float64'()     :: '-infinity' | float() | infinity.
+-type 'Grouped'()     :: list() | tuple().
+
+%% Diameter derived types
+
+-type 'Address'()
+   :: inet:ip_address()
+    | string().
+
+-type 'Time'()             :: {{integer(), 1..12, 1..31},
+                               {0..23, 0..59, 0..59}}.
+-type 'UTF8String'()       :: iolist().
+-type 'DiameterIdentity'() :: 'OctetString'().
+-type 'DiameterURI'()      :: 'OctetString'().
+-type 'Enumerated'()       :: 'Integer32'().
+-type 'IPFilterRule'()     :: 'OctetString'().
+-type 'QoSFilterRule'()    :: 'OctetString'().
+
+%% The handle to a service.
+
+-type service_name()
+   :: any().
+
+%% Capabilities options/avps on start_service/2 and/or add_transport/2
+
+-type capability()
+   :: {'Origin-Host',                    'DiameterIdentity'()}
+    | {'Origin-Realm',                   'DiameterIdentity'()}
+    | {'Host-IP-Address',                ['Address'()]}
+    | {'Vendor-Id',                      'Unsigned32'()}
+    | {'Product-Name',                   'UTF8String'()}
+    | {'Supported-Vendor-Id',            ['Unsigned32'()]}
+    | {'Auth-Application-Id',            ['Unsigned32'()]}
+    | {'Vendor-Specific-Application-Id', ['Grouped'()]}
+    | {'Firmware-Revision',              'Unsigned32'()}.
+
+%% Filters for call/4
+
+-type peer_filter()
+   :: none
+    | host
+    | realm
+    | {host,  any|'DiameterIdentity'()}
+    | {realm, any|'DiameterIdentity'()}
+    | {eval, evaluable()}
+    | {neg, peer_filter()}
+    | {all, [peer_filter()]}
+    | {any, [peer_filter()]}.
+
+-type evaluable()
+   :: {module(), atom(), list()}
+    | fun()
+    | maybe_improper_list(evaluable(), list()).
+
+%% Options passed to start_service/2
+
+-type service_opt()
+   :: capability()
+    | {application, [application_opt()]}.
+
+-type application_opt()
+   :: {alias, app_alias()}
+    | {dictionary, module()}
+    | {module, app_module()}
+    | {state, any()}
+    | {call_mutates_state, boolean()}
+    | {answer_errors, callback|report|discard}.
+
+-type app_alias()
+   :: any().
+
+-type app_module()
+   :: module()
+    | maybe_improper_list(module(), list())
+    | #diameter_callback{}.
+
+%% Identifier returned by add_transport/2
+
+-type transport_ref()
+   :: reference().
+
+%% Options passed to add_transport/2
+
+-type transport_opt()
+   :: {transport_module, atom()}
+    | {transport_config, any()}
+    | {applications, [app_alias()]}
+    | {capabilities, [capability()]}
+    | {capabilities_cb, evaluable()}
+    | {watchdog_timer, 'Unsigned32'() | {module(), atom(), list()}}
+    | {reconnect_timer, 'Unsigned32'()}
+    | {private, any()}.
+
+%% Predicate passed to remove_transport/2
+
+-type transport_pred()
+   :: fun((reference(), connect|listen, list()) -> boolean())
+    | fun((reference(), list()) -> boolean())
+    | fun((list()) -> boolean())
+    | reference()
+    | list()
+    | {connect|listen, transport_pred()}
+    | {atom(), atom(), list()}.
+
+%% Options passed to call/4
+
+-type call_opt()
+   :: {extra, list()}
+    | {filter, peer_filter()}
+    | {timeout, 'Unsigned32'()}
+    | detach.
diff --git a/lib/diameter/src/base/diameter_callback.erl b/lib/diameter/src/base/diameter_callback.erl
index 6d5c8cdca1..90431099b0 100644
--- a/lib/diameter/src/base/diameter_callback.erl
+++ b/lib/diameter/src/base/diameter_callback.erl
@@ -18,11 +18,58 @@
 %%
 
 %%
-%% A minimal application callback module.
+%% A diameter callback module that can redirect selected callbacks,
+%% providing reasonable default implementations otherwise.
+%%
+%% To order alternate callbacks, configure a #diameter_callback record
+%% as the Diameter application callback in question. The record has
+%% one field for each callback function as well as 'default' and
+%% 'extra' fields. A function-specific field can be set to a
+%% diameter:evaluable() in order to redirect the callback
+%% corresponding to that field, or to 'false' to request the default
+%% callback implemented in this module. If neither of these fields are
+%% set then the 'default' field determines the form of the callback: a
+%% module name results in the usual callback as if the module had been
+%% configured directly as the callback module, a diameter_evaluable()
+%% in a callback applied to the atom-valued callback name and argument
+%% list. For all callbacks not to this module, the 'extra' field is a
+%% list of additional arguments, following arguments supplied by
+%% diameter but preceeding those of the diameter:evaluable() being
+%% applied.
+%%
+%% For example, the following config to diameter:start_service/2, in
+%% an 'application' tuple, would result in only a mymod:peer_down/3
+%% callback, this module implementing the remaining callbacks.
+%%
+%%   {module, #diameter_callback{peer_down = {mymod, down, []}}}
+%%
+%% Equivalently, this can also be specified with a [Mod | Args]
+%% field/value list as follows.
+%%
+%%   {module, [diameter_callback, {peer_down, {mymod, down, []}}]}
+%%
+%% The following would result in this module suppying peer_up and
+%% peer_down callback, others taking place in module mymod.
+%%
+%%   {module, #diameter_callback{peer_up = false,
+%%                               peer_down = false,
+%%                               default = mymod}}
+%%
+%% The following would result in all callbacks taking place as
+%% calls to mymod:diameter/2.
+%%
+%%   {module, #diameter_callback{default = {mymod, diameter, []}}}
+%%
+%% The following are equivalent and result in all callbacks being
+%% provided by this module.
+%%
+%%   {module, #diameter_callback{}}
+%%   {module, diameter_callback}
 %%
 
 -module(diameter_callback).
 
+%% Default callbacks when no aleternate is specified.
 -export([peer_up/3,
          peer_down/3,
          pick_peer/4,
@@ -32,6 +79,16 @@
          handle_answer/4,
          handle_error/4]).
 
+%% Callbacks taking a #diameter_callback record.
+-export([peer_up/4,
+         peer_down/4,
+         pick_peer/5,
+         prepare_request/4,
+         prepare_retransmit/4,
+         handle_request/4,
+         handle_answer/5,
+         handle_error/5]).
+
 -include_lib("diameter/include/diameter.hrl").
 
 %%% ----------------------------------------------------------
@@ -41,51 +98,137 @@
 peer_up(_Svc, _Peer, State) ->
     State.
 
+peer_up(Svc, Peer, State, D) ->
+    cb(peer_up,
+       [Svc, Peer, State],
+       D#diameter_callback.peer_up,
+       D).
+
 %%% ----------------------------------------------------------
 %%% # peer_down/3
 %%% ----------------------------------------------------------
 
-peer_down(_SvcName, _Peer, State) ->
+peer_down(_Svc, _Peer, State) ->
     State.
 
+peer_down(Svc, Peer, State, D) ->
+    cb(peer_down,
+       [Svc, Peer, State],
+       D#diameter_callback.peer_down,
+       D).
+
 %%% ----------------------------------------------------------
 %%% # pick_peer/4
 %%% ----------------------------------------------------------
 
-pick_peer([Peer|_], _, _SvcName, _State) ->
-    {ok, Peer}.
+pick_peer([Peer|_], _, _Svc, _State) ->
+    {ok, Peer};
+pick_peer([], _, _Svc, _State) ->
+    false.
+
+pick_peer(PeersL, PeersR, Svc, State, D) ->
+    cb(pick_peer,
+       [PeersL, PeersR, Svc, State],
+       D#diameter_callback.pick_peer,
+       D).
 
 %%% ----------------------------------------------------------
 %%% # prepare_request/3
 %%% ----------------------------------------------------------
 
-prepare_request(Pkt, _SvcName, _Peer) ->
+prepare_request(Pkt, _Svc, _Peer) ->
     {send, Pkt}.
 
+prepare_request(Pkt, Svc, Peer, D) ->
+    cb(prepare_request,
+       [Pkt, Svc, Peer],
+       D#diameter_callback.prepare_request,
+       D).
+
 %%% ----------------------------------------------------------
 %%% # prepare_retransmit/3
 %%% ----------------------------------------------------------
 
-prepare_retransmit(Pkt, _SvcName, _Peer) ->
+prepare_retransmit(Pkt, _Svc, _Peer) ->
     {send, Pkt}.
 
+prepare_retransmit(Pkt, Svc, Peer, D) ->
+    cb(prepare_retransmit,
+       [Pkt, Svc, Peer],
+       D#diameter_callback.prepare_retransmit,
+       D).
+
 %%% ----------------------------------------------------------
 %%% # handle_request/3
 %%% ----------------------------------------------------------
 
-handle_request(_Pkt, _SvcName, _Peer) ->
+handle_request(_Pkt, _Svc, _Peer) ->
     {protocol_error, 3001}.  %% DIAMETER_COMMAND_UNSUPPORTED
 
+handle_request(Pkt, Svc, Peer, D) ->
+    cb(handle_request,
+       [Pkt, Svc, Peer],
+       D#diameter_callback.handle_request,
+       D).
+
 %%% ----------------------------------------------------------
 %%% # handle_answer/4
 %%% ----------------------------------------------------------
 
-handle_answer(#diameter_packet{msg = Ans}, _Req, _SvcName, _Peer) ->
-    Ans.
+handle_answer(#diameter_packet{msg = Ans, errors = []}, _Req, _Svc, _Peer) ->
+    Ans;
+handle_answer(#diameter_packet{msg = Ans, errors = Es}, _Req, _Svc, _Peer) ->
+    [Ans | Es].
+
+handle_answer(Pkt, Req, Svc, Peer, D) ->
+    cb(handle_answer,
+       [Pkt, Req, Svc, Peer],
+       D#diameter_callback.handle_answer,
+       D).
 
 %%% ---------------------------------------------------------------------------
 %%% # handle_error/4
 %%% ---------------------------------------------------------------------------
 
-handle_error(Reason, _Req, _SvcName, _Peer) ->
+handle_error(Reason, _Req, _Svc, _Peer) ->
     {error, Reason}.
+
+handle_error(Reason, Req, Svc, Peer, D) ->
+    cb(handle_error,
+       [Reason, Req, Svc, Peer],
+       D#diameter_callback.handle_error,
+       D).
+
+%% ===========================================================================
+
+%% cb/4
+
+%% Unspecified callback: use default field to determine something
+%% appropriate.
+cb(CB, Args, undefined, D) ->
+    cb(CB, Args, D);
+
+%% Explicitly requested default.
+cb(CB, Args, false, _) ->
+    apply(?MODULE, CB, Args);
+
+%% A specified callback.
+cb(_, Args, F, #diameter_callback{extra = X}) ->
+    diameter_lib:eval([[F|X] | Args]).
+
+%% cb/3
+
+%% No user-supplied default: call ours.
+cb(CB, Args, #diameter_callback{default = undefined}) ->
+    apply(?MODULE, CB, Args);
+
+%% Default is a module name: make the usual callback.
+cb(CB, Args, #diameter_callback{default = M,
+                                extra = X})
+  when is_atom(M) ->
+    apply(M, CB, Args ++ X);
+
+%% Default is something else: apply if to callback name and arguments.
+cb(CB, Args, #diameter_callback{default = F,
+                                extra = X}) ->
+    diameter_lib:eval([F, CB, Args | X]).
diff --git a/lib/diameter/src/base/diameter_capx.erl b/lib/diameter/src/base/diameter_capx.erl
index 842a9e6103..6c4d60ee9b 100644
--- a/lib/diameter/src/base/diameter_capx.erl
+++ b/lib/diameter/src/base/diameter_capx.erl
@@ -54,7 +54,6 @@
 
 -include_lib("diameter/include/diameter.hrl").
 -include("diameter_internal.hrl").
--include("diameter_types.hrl").
 -include("diameter_gen_base_rfc3588.hrl").
 
 -define(SUCCESS,    2001).  %% DIAMETER_SUCCESS
@@ -75,13 +74,17 @@ build_CER(Caps) ->
     try_it([fun bCER/1, Caps]).
 
 -spec recv_CER(#diameter_base_CER{}, #diameter_service{})
-   -> tried({['Unsigned32'()], #diameter_caps{}, #diameter_base_CEA{}}).
+   -> tried({[diameter:'Unsigned32'()],
+             #diameter_caps{},
+             #diameter_base_CEA{}}).
 
 recv_CER(CER, Svc) ->
     try_it([fun rCER/2, CER, Svc]).
 
 -spec recv_CEA(#diameter_base_CEA{}, #diameter_service{})
-   -> tried({['Unsigned32'()], ['Unsigned32'()], #diameter_caps{}}).
+   -> tried({[diameter:'Unsigned32'()],
+             [diameter:'Unsigned32'()],
+             #diameter_caps{}}).
 
 recv_CEA(CEA, Svc) ->
     try_it([fun rCEA/2, CEA, Svc]).
diff --git a/lib/diameter/src/base/diameter_config.erl b/lib/diameter/src/base/diameter_config.erl
index a6b48fe65b..9253af0de2 100644
--- a/lib/diameter/src/base/diameter_config.erl
+++ b/lib/diameter/src/base/diameter_config.erl
@@ -605,6 +605,13 @@ app_acc({application, Opts}, Acc) ->
 app_acc(_, Acc) ->
     Acc.
 
+init_mod(#diameter_callback{} = R) ->
+    init_mod([diameter_callback, R]);
+init_mod([diameter_callback, #diameter_callback{}] = L) ->
+    L;
+init_mod([diameter_callback = M | L])
+  when is_list(L) ->
+    [M, init_cb(L)];
 init_mod(M)
   when is_atom(M) ->
     [M];
@@ -614,6 +621,14 @@ init_mod([M|_] = L)
 init_mod(M) ->
     ?THROW({module, M}).
 
+init_cb(List) ->
+    Fields = record_info(fields, diameter_callback),
+    Defaults = lists:zip(Fields, tl(tuple_to_list(#diameter_callback{}))),
+    Values = [V || F <- Fields,
+                   D <- [proplists:get_value(F, Defaults)],
+                   V <- [proplists:get_value(F, List, D)]],
+    #diameter_callback{} = list_to_tuple([diameter_callback | Values]).
+
 init_mutable(M)
   when M == true;
        M == false ->
diff --git a/lib/diameter/src/base/diameter_peer_fsm.erl b/lib/diameter/src/base/diameter_peer_fsm.erl
index fae5d763dc..99644814d2 100644
--- a/lib/diameter/src/base/diameter_peer_fsm.erl
+++ b/lib/diameter/src/base/diameter_peer_fsm.erl
@@ -46,7 +46,6 @@
 
 -include_lib("diameter/include/diameter.hrl").
 -include("diameter_internal.hrl").
--include("diameter_types.hrl").
 -include("diameter_gen_base_rfc3588.hrl").
 
 -define(GOAWAY, ?'DIAMETER_BASE_DISCONNECT-CAUSE_DO_NOT_WANT_TO_TALK_TO_YOU').
@@ -78,7 +77,8 @@
          parent       :: pid(),
          transport    :: pid(),
          service      :: #diameter_service{},
-         dpr = false  :: false | {'Unsigned32'(), 'Unsigned32'()}}).
+         dpr = false  :: false | {diameter:'Unsigned32'(),
+                                  diameter:'Unsigned32'()}}).
                             %% | hop by hop and end to end identifiers
 
 %% There are non-3588 states possible as a consequence of 5.6.1 of the
diff --git a/lib/diameter/src/base/diameter_service.erl b/lib/diameter/src/base/diameter_service.erl
index 7adcf1c265..3dfdcee2b2 100644
--- a/lib/diameter/src/base/diameter_service.erl
+++ b/lib/diameter/src/base/diameter_service.erl
@@ -64,7 +64,6 @@
 
 -include_lib("diameter/include/diameter.hrl").
 -include("diameter_internal.hrl").
--include("diameter_types.hrl").
 
 -define(STATE_UP,   up).
 -define(STATE_DOWN, down).
@@ -117,7 +116,7 @@
         {pid  :: match(pid()),
          type :: match(connect | accept),
          ref  :: match(reference()),  %% key into diameter_config
-         options :: match([transport_opt()]), %% as passed to start_transport
+         options :: match([diameter:transport_opt()]),%% from start_transport
          op_state = ?STATE_DOWN :: match(?STATE_DOWN | ?STATE_UP),
          started = now(),      %% at process start
          conn = false :: match(boolean() | pid())}).
@@ -126,7 +125,7 @@
 %% Record representing a peer_fsm process.
 -record(conn,
         {pid   :: pid(),
-         apps  :: [{0..16#FFFFFFFF, app_alias()}], %% {Id, Alias}
+         apps  :: [{0..16#FFFFFFFF, diameter:app_alias()}], %% {Id, Alias}
          caps  :: #diameter_caps{},
          started = now(),  %% at process start
          peer  :: pid()}). %% key into peerT
@@ -137,16 +136,16 @@
          handler    :: match(pid()), %% request process
          transport  :: match(pid()), %% peer process
          caps       :: match(#diameter_caps{}),
-         app        :: match(app_alias()),  %% #diameter_app.alias
+         app        :: match(diameter:app_alias()),  %% #diameter_app.alias
          dictionary :: match(module()),     %% #diameter_app.dictionary
-         module     :: match(nonempty_improper_list(module(), list())),
+         module     :: match([module() | list()]),
                     %% #diameter_app.module
-         filter     :: match(peer_filter()),
+         filter     :: match(diameter:peer_filter()),
          packet     :: match(#diameter_packet{})}).
 
 %% Record call/4 options are parsed into.
 -record(options,
-        {filter = none  :: peer_filter(),
+        {filter = none  :: diameter:peer_filter(),
          extra = []     :: list(),
          timeout = ?DEFAULT_TIMEOUT :: 0..16#FFFFFFFF,
          detach = false :: boolean()}).
@@ -630,10 +629,6 @@ insert(Tbl, Rec) ->
     ets:insert(Tbl, Rec),
     Rec.
 
-monitor(Pid) ->
-    erlang:monitor(process, Pid),
-    Pid.
-
 %% Using the process dictionary for the callback state was initially
 %% just a way to make what was horrendous trace (big state record and
 %% much else everywhere) somewhat more readable. There's not as much
@@ -647,11 +642,6 @@ mod_state(Alias) ->
 mod_state(Alias, ModS) ->
     put({?MODULE, mod_state, Alias}, ModS).
 
-%% have_transport/2
-
-have_transport(SvcName, Ref) ->
-    [] /= diameter_config:have_transport(SvcName, Ref).
-
 %%% ---------------------------------------------------------------------------
 %%% # shutdown/2
 %%% ---------------------------------------------------------------------------
@@ -820,10 +810,10 @@ start(Ref, Type, Opts, #state{peerT = PeerT,
                               service = Svc})
   when Type == connect;
        Type == accept ->
-    Pid = monitor(s(Type, Ref, {ConnT,
-                                Opts,
-                                SvcName,
-                                merge_service(Opts, Svc)})),
+    Pid = s(Type, Ref, {ConnT,
+                        Opts,
+                        SvcName,
+                        merge_service(Opts, Svc)}),
     insert(PeerT, #peer{pid = Pid,
                         type = Type,
                         ref = Ref,
@@ -836,7 +826,13 @@ start(Ref, Type, Opts, #state{peerT = PeerT,
 %% callbacks.
 
 s(Type, Ref, T) ->
-    diameter_watchdog:start({Type, Ref}, T).
+    case diameter_watchdog:start({Type, Ref}, T) of
+        {_MRef, Pid} ->
+            Pid;
+        Pid when is_pid(Pid) ->  %% from old code
+            erlang:monitor(process, Pid),
+            Pid
+    end.
 
 %% merge_service/2
 
@@ -1131,7 +1127,7 @@ start_tc(Tc, T, _) ->
 %% tc_timeout/2
 
 tc_timeout({Ref, _Type, _Opts} = T, #state{service_name = SvcName} = S) ->
-    tc(have_transport(SvcName, Ref), T, S).
+    tc(diameter_config:have_transport(SvcName, Ref), T, S).
 
 tc(true, {Ref, Type, Opts}, #state{service_name = SvcName}
                             = S) ->
@@ -1159,7 +1155,7 @@ close(Pid, #state{service_name = SvcName,
           options = Opts}
         = fetch(PeerT, Pid),
 
-    c(Pid, have_transport(SvcName, Ref), Opts).
+    c(Pid, diameter_config:have_transport(SvcName, Ref), Opts).
 
 %% Tell watchdog to (maybe) die later ...
 c(Pid, true, Opts) ->
@@ -1490,7 +1486,7 @@ pd([], _) ->
 send_request(TPid, #diameter_packet{bin = Bin} = Pkt, Req, Timeout)
   when node() == node(TPid) ->
     %% Store the outgoing request before sending to avoid a race with
-   %% reply reception.
+    %% reply reception.
     TRef = store_request(TPid, Bin, Req, Timeout),
     send(TPid, Pkt),
     TRef;
@@ -1946,7 +1942,7 @@ reply(Msg, Dict, TPid, #diameter_packet{errors = Es,
   when [] == Es;
        is_record(hd(Msg), diameter_header) ->
     Pkt = diameter_codec:encode(Dict, make_answer_packet(Msg, ReqPkt)),
-    incr(send, Pkt, Dict, TPid),  %% count result codes in sent answers
+    incr(send, Pkt, TPid),  %% count result codes in sent answers
     send(TPid, Pkt#diameter_packet{transport_data = TD});
 
 %% Or not: set Result-Code and Failed-AVP AVP's.
@@ -2218,12 +2214,11 @@ a(#diameter_packet{errors = []}
   SvcName,
   AE,
   #request{transport = TPid,
-           dictionary = Dict,
            caps = Caps,
            packet = P}
   = Req) ->
     try
-        incr(in, Pkt, Dict, TPid)
+        incr(in, Pkt, TPid)
     of
         _ ->
             cb(Req, handle_answer, [Pkt, msg(P), SvcName, {TPid, Caps}])
@@ -2254,18 +2249,17 @@ e(Pkt, SvcName, discard, Req) ->
 %% Increment a stats counter for an incoming or outgoing message.
 
 %% TODO: fix
-incr(_, #diameter_packet{msg = undefined}, _, _) ->
+incr(_, #diameter_packet{msg = undefined}, _) ->
     ok;
 
-incr(Dir, Pkt, Dict, TPid)
+incr(Dir, Pkt, TPid)
   when is_pid(TPid) ->
     #diameter_packet{header = #diameter_header{is_error = E}
                             = Hdr,
                      msg = Rec}
         = Pkt,
 
-    D  = choose(E, ?BASE, Dict),
-    RC = int(get_avp_value(D, 'Result-Code', Rec)),
+    RC = int(get_avp_value(?BASE, 'Result-Code', Rec)),
     PE = is_protocol_error(RC),
 
     %% Check that the E bit is set only for 3xxx result codes.
@@ -2273,7 +2267,7 @@ incr(Dir, Pkt, Dict, TPid)
         orelse (E andalso PE)
         orelse x({invalid_error_bit, RC}, answer, [Dir, Pkt]),
 
-    Ctr = rc_counter(D, Rec, RC),
+    Ctr = rc_counter(Rec, RC),
     is_tuple(Ctr)
         andalso incr(TPid, {diameter_codec:msg_id(Hdr), Dir, Ctr}).
 
@@ -2291,11 +2285,11 @@ incr(TPid, Counter) ->
 %% Maintain statistics assuming one or the other, not both, which is
 %% surely the intent of the RFC.
 
-rc_counter(_, _, RC)
+rc_counter(_, RC)
   when is_integer(RC) ->
     {'Result-Code', RC};
-rc_counter(D, Rec, _) ->
-    rcc(get_avp_value(D, 'Experimental-Result', Rec)).
+rc_counter(Rec, _) ->
+    rcc(get_avp_value(?BASE, 'Experimental-Result', Rec)).
 
 %% Outgoing answers may be in any of the forms messages can be sent
 %% in. Incoming messages will be records. We're assuming here that the
@@ -2355,8 +2349,8 @@ rt(#request{packet = #diameter_packet{msg = undefined}}, _) ->
     false;  %% TODO: Not what we should do.
 
 %% ... or not.
-rt(#request{packet = #diameter_packet{msg = Msg}, dictionary = D} = Req, S) ->
-    find_transport(get_destination(Msg, D), Req, S).
+rt(#request{packet = #diameter_packet{msg = Msg}} = Req, S) ->
+    find_transport(get_destination(Msg), Req, S).
 
 %%% ---------------------------------------------------------------------------
 %%% # report_status/5
@@ -2468,12 +2462,12 @@ find_transport({alias, Alias}, Msg, Opts, #state{service = Svc} = S) ->
 find_transport(#diameter_app{} = App, Msg, Opts, S) ->
     ft(App, Msg, Opts, S).
 
-ft(#diameter_app{module = Mod, dictionary = D} = App, Msg, Opts, S) ->
+ft(#diameter_app{module = Mod} = App, Msg, Opts, S) ->
     #options{filter = Filter,
              extra = Xtra}
         = Opts,
     pick_peer(App#diameter_app{module = Mod ++ Xtra},
-              get_destination(Msg, D),
+              get_destination(Msg),
               Filter,
               S);
 ft(false = No, _, _, _) ->
@@ -2509,11 +2503,11 @@ find_transport([_,_] = RH,
               Filter,
               S).
 
-%% get_destination/2
+%% get_destination/1
 
-get_destination(Msg, Dict) ->
-    [str(get_avp_value(Dict, 'Destination-Realm', Msg)),
-     str(get_avp_value(Dict, 'Destination-Host', Msg))].
+get_destination(Msg) ->
+    [str(get_avp_value(?BASE, 'Destination-Realm', Msg)),
+     str(get_avp_value(?BASE, 'Destination-Host', Msg))].
 
 %% This is not entirely correct. The avp could have an arity 1, in
 %% which case an empty list is a DiameterIdentity of length 0 rather
diff --git a/lib/diameter/src/base/diameter_session.erl b/lib/diameter/src/base/diameter_session.erl
index bb91e97f39..4c468f207c 100644
--- a/lib/diameter/src/base/diameter_session.erl
+++ b/lib/diameter/src/base/diameter_session.erl
@@ -26,8 +26,6 @@
 %% towards diameter_sup
 -export([init/0]).
 
--include("diameter_types.hrl").
-
 -define(INT64, 16#FFFFFFFFFFFFFFFF).
 -define(INT32, 16#FFFFFFFF).
 
@@ -73,7 +71,7 @@
 %%       consumed (see Section 6.2) SHOULD be silently discarded.
 
 -spec sequence()
-   -> 'Unsigned32'().
+   -> diameter:'Unsigned32'().
 
 sequence() ->
     Instr = {_Pos = 2, _Incr = 1, _Threshold = ?INT32, _SetVal = 0},
@@ -97,7 +95,7 @@ sequence() ->
 %%    counter retained in non-volatile memory across restarts.
 
 -spec origin_state_id()
-   -> 'Unsigned32'().
+   -> diameter:'Unsigned32'().
 
 origin_state_id() ->
     ets:lookup_element(diameter_sequence, origin_state_id, 2).
@@ -130,8 +128,8 @@ origin_state_id() ->
 %%    <optional value> is implementation specific but may include a modem's
 %%    device Id, a layer 2 address, timestamp, etc.
 
--spec session_id('DiameterIdentity'())
-   -> 'OctetString'().
+-spec session_id(diameter:'DiameterIdentity'())
+   -> diameter:'OctetString'().
 %% Note that Session-Id has type UTF8String and that any OctetString
 %% is a UTF8String.
 
diff --git a/lib/diameter/src/base/diameter_types.erl b/lib/diameter/src/base/diameter_types.erl
index 6b1b1b8d39..9ae289034c 100644
--- a/lib/diameter/src/base/diameter_types.erl
+++ b/lib/diameter/src/base/diameter_types.erl
@@ -42,8 +42,23 @@
          'IPFilterRule'/2,
          'QoSFilterRule'/2]).
 
+%% Functions taking the AVP name in question as second parameter.
+-export(['OctetString'/3,
+         'Integer32'/3,
+         'Integer64'/3,
+         'Unsigned32'/3,
+         'Unsigned64'/3,
+         'Float32'/3,
+         'Float64'/3,
+         'Address'/3,
+         'Time'/3,
+         'UTF8String'/3,
+         'DiameterIdentity'/3,
+         'DiameterURI'/3,
+         'IPFilterRule'/3,
+         'QoSFilterRule'/3]).
+
 -include_lib("diameter/include/diameter.hrl").
--include("diameter_internal.hrl").
 
 -define(UINT(N,X), ((0 =< X) andalso (X < 1 bsl N))).
 -define(SINT(N,X), ((-1*(1 bsl (N-1)) < X) andalso (X < 1 bsl (N-1)))).
@@ -433,6 +448,50 @@ uenc([C | Rest], Acc) ->
 'Time'(encode, zero) ->
     <<0:32>>.
 
+%% -------------------------------------------------------------------------
+
+'OctetString'(M, _, Data) ->
+    'OctetString'(M, Data).
+
+'Integer32'(M, _, Data) ->
+    'Integer32'(M, Data).
+
+'Integer64'(M, _, Data) ->
+    'Integer64'(M, Data).
+
+'Unsigned32'(M, _, Data) ->
+    'Unsigned32'(M, Data).
+
+'Unsigned64'(M, _, Data) ->
+    'Unsigned64'(M, Data).
+
+'Float32'(M, _, Data) ->
+    'Float32'(M, Data).
+
+'Float64'(M, _, Data) ->
+    'Float64'(M, Data).
+
+'Address'(M, _, Data) ->
+    'Address'(M, Data).
+
+'Time'(M, _, Data) ->
+    'Time'(M, Data).
+
+'UTF8String'(M, _, Data) ->
+    'UTF8String'(M, Data).
+
+'DiameterIdentity'(M, _, Data) ->
+    'DiameterIdentity'(M, Data).
+
+'DiameterURI'(M, _, Data) ->
+    'DiameterURI'(M, Data).
+
+'IPFilterRule'(M, _, Data) ->
+    'IPFilterRule'(M, Data).
+
+'QoSFilterRule'(M, _, Data) ->
+    'QoSFilterRule'(M, Data).
+
 %% ===========================================================================
 %% ===========================================================================
 
diff --git a/lib/diameter/src/base/diameter_types.hrl b/lib/diameter/src/base/diameter_types.hrl
deleted file mode 100644
index 02bf8a74dd..0000000000
--- a/lib/diameter/src/base/diameter_types.hrl
+++ /dev/null
@@ -1,139 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-%% Types for function specifications, primarily in diameter.erl. This
-%% has nothing specifically to do with diameter_types.erl.
-%%
-
--type evaluable()
-   :: {module(), atom(), list()}
-    | fun()
-    | nonempty_improper_list(evaluable(), list()).   %% [evaluable() | Args]
-
--type app_alias()
-   :: any().
-
--type service_name()
-   :: any().
-
-%% Diameter basic types
-
--type 'OctetString'() :: iolist().
--type 'Integer32'()   :: -2147483647..2147483647.
--type 'Integer64'()   :: -9223372036854775807..9223372036854775807.
--type 'Unsigned32'()  :: 0..4294967295.
--type 'Unsigned64'()  :: 0..18446744073709551615.
--type 'Float32'()     :: '-infinity' | float() | infinity.
--type 'Float64'()     :: '-infinity' | float() | infinity.
--type 'Grouped'()     :: list() | tuple().
-
-%% Diameter derived types
-
--type 'Address'()
-   :: inet:ip_address()
-    | string().
-
--type 'Time'()             :: {{integer(), 1..12, 1..31},
-                               {0..23, 0..59, 0..59}}.
--type 'UTF8String'()       :: iolist().
--type 'DiameterIdentity'() :: 'OctetString'().
--type 'DiameterURI'()      :: 'OctetString'().
--type 'Enumerated'()       :: 'Integer32'().
--type 'IPFilterRule'()     :: 'OctetString'().
--type 'QoSFilterRule'()    :: 'OctetString'().
-
-%% Capabilities options/avps on start_service/2 and/or add_transport/2
-
--type capability()
-   :: {'Origin-Host',                    'DiameterIdentity'()}
-    | {'Origin-Realm',                   'DiameterIdentity'()}
-    | {'Host-IP-Address',                ['Address'()]}
-    | {'Vendor-Id',                      'Unsigned32'()}
-    | {'Product-Name',                   'UTF8String'()}
-    | {'Supported-Vendor-Id',            ['Unsigned32'()]}
-    | {'Auth-Application-Id',            ['Unsigned32'()]}
-    | {'Vendor-Specific-Application-Id', ['Grouped'()]}
-    | {'Firmware-Revision',              'Unsigned32'()}.
-
-%% Filters for call/4
-
--type peer_filter()
-   :: none
-    | host
-    | realm
-    | {host,  any|'DiameterIdentity'()}
-    | {realm, any|'DiameterIdentity'()}
-    | {eval, evaluable()}
-    | {neg, peer_filter()}
-    | {all, [peer_filter()]}
-    | {any, [peer_filter()]}.
-
-%% Options passed to start_service/2
-
--type service_opt()
-   :: capability()
-    | {application, [application_opt()]}.
-
--type application_opt()
-   :: {alias, app_alias()}
-    | {dictionary, module()}
-    | {module, app_module()}
-    | {state, any()}
-    | {call_mutates_state, boolean()}
-    | {answer_errors, callback|report|discard}.
-
--type app_module()
-   :: module()
-    | nonempty_improper_list(module(), list()).  %% list with module() head
-
-%% Identifier returned by add_transport/2
-
--type transport_ref()
-   :: reference().
-
-%% Options passed to add_transport/2
-
--type transport_opt()
-   :: {transport_module, atom()}
-    | {transport_config, any()}
-    | {applications, [app_alias()]}
-    | {capabilities, [capability()]}
-    | {watchdog_timer, 'Unsigned32'() | {module(), atom(), list()}}
-    | {reconnect_timer, 'Unsigned32'()}
-    | {private, any()}.
-
-%% Predicate passed to remove_transport/2
-
--type transport_pred()
-   :: fun((reference(), connect|listen, list()) -> boolean())
-    | fun((reference(), list()) -> boolean())
-    | fun((list()) -> boolean())
-    | reference()
-    | list()
-    | {connect|listen, transport_pred()}
-    | {atom(), atom(), list()}.
-
-%% Options passed to call/4
-
--type call_opt()
-   :: {extra, list()}
-    | {filter, peer_filter()}
-    | {timeout, 'Unsigned32'()}
-    | detach.
diff --git a/lib/diameter/src/base/diameter_watchdog.erl b/lib/diameter/src/base/diameter_watchdog.erl
index 6dc53d9f31..fb22fd8275 100644
--- a/lib/diameter/src/base/diameter_watchdog.erl
+++ b/lib/diameter/src/base/diameter_watchdog.erl
@@ -59,10 +59,19 @@
          message_data}).   %% term passed into diameter_service with message
 
 %% start/2
+%%
+%% Start a monitor before the watchdog is allowed to proceed to ensure
+%% that a failed capabilities exchange produces the desired exit
+%% reason.
 
 start({_,_} = Type, T) ->
-    {ok, Pid} = diameter_watchdog_sup:start_child({Type, self(), T}),
-    Pid.
+    Ref = make_ref(),
+    {ok, Pid} = diameter_watchdog_sup:start_child({Ref, {Type, self(), T}}),
+    try
+        {erlang:monitor(process, Pid), Pid}
+    after
+        Pid ! Ref
+    end.
 
 start_link(T) ->
     {ok, _} = proc_lib:start_link(?MODULE,
@@ -80,14 +89,29 @@ init(T) ->
     proc_lib:init_ack({ok, self()}),
     gen_server:enter_loop(?MODULE, [], i(T)).
 
-i({T, Pid, {ConnT, Opts, SvcName, #diameter_service{applications = Apps,
-                                                    capabilities = Caps}
-                                  = Svc}}) ->
-    {M,S,U} = now(),
-    random:seed(M,S,U),
+i({Ref, {_, Pid, _} = T}) ->
+    MRef = erlang:monitor(process, Pid),
+    receive
+        Ref ->
+            make_state(T);
+        {'DOWN', MRef, process, _, _} = D ->
+            exit({shutdown, D})
+    end;
+
+i({_, Pid, _} = T) ->  %% from old code
+    erlang:monitor(process, Pid),
+    make_state(T).
+
+make_state({T, Pid, {ConnT,
+                     Opts,
+                     SvcName,
+                     #diameter_service{applications = Apps,
+                                       capabilities = Caps}
+                     = Svc}}) ->
+    random:seed(now()),
     putr(restart, {T, Opts, Svc}),  %% save seeing it in trace
     putr(dwr, dwr(Caps)),           %%
-    #watchdog{parent = monitor(Pid),
+    #watchdog{parent = Pid,
               transport = monitor(diameter_peer_fsm:start(T, Opts, Svc)),
               tw = proplists:get_value(watchdog_timer,
                                        Opts,
diff --git a/lib/diameter/src/compiler/diameter_codegen.erl b/lib/diameter/src/compiler/diameter_codegen.erl
index 0fd4a0b301..1e31c40afe 100644
--- a/lib/diameter/src/compiler/diameter_codegen.erl
+++ b/lib/diameter/src/compiler/diameter_codegen.erl
@@ -20,17 +20,18 @@
 -module(diameter_codegen).
 
 %%
-%% This module generates .erl and .hrl files for encode/decode
-%% modules from the orddict parsed from a .dia (aka spec) file by
-%% dis_spec_util. The generated code is very simple (one-liners), the
-%% generated functions being called by code included from dis_gen.hrl
-%% in order to encode/decode messages and AVPs. The orddict itself is
-%% returned by dict/0 in the generated module and dis_spec_util calls
-%% this function when importing spec files. (That is, beam has to be
-%% compiled from an imported spec file before it can be imported.)
+%% This module generates erl/hrl files for encode/decode modules
+%% from the orddict parsed from a dictionary file (.dia) by
+%% diameter_dict_util. The generated code is simple (one-liners),
+%% the generated functions being called by code included iin the
+%% generated modules from diameter_gen.hrl. The orddict itself is
+%% returned by dict/0 in the generated module and diameter_dict_util
+%% calls this function when importing dictionaries as a consequence
+%% of @inherits sections. That is, @inherits introduces a dependency
+%% on the beam file of another dictionary.
 %%
 
--export([from_spec/4]).
+-export([from_dict/4]).
 
 %% Internal exports (for test).
 -export([file/1,
@@ -38,17 +39,23 @@
          file/3]).
 
 -include("diameter_forms.hrl").
+-include("diameter_vsn.hrl").
 
-%% Generated functions that could have no generated clauses will have
-%% a trailing ?UNEXPECTED clause that should never execute.
--define(UNEXPECTED(N), {?clause, [?VAR('_') || _ <- lists:seq(1,N)],
-                        [],
-                        [?APPLY(erlang,
-                                error,
-                                [?TERM({unexpected, getr(module)})])]}).
+-define(S, atom_to_list).
+-define(A, list_to_atom).
 
+-define(Atom(T), ?ATOM(?A(T))).
 
-from_spec(File, Spec, Opts, Mode) ->
+%% ===========================================================================
+
+-spec from_dict(File, Spec, Opts, Mode)
+   -> ok
+ when File :: string(),
+      Spec :: orddict:orddict(),
+      Opts :: list(),
+      Mode :: spec | erl | hrl.
+
+from_dict(File, Spec, Opts, Mode) ->
     Outdir = proplists:get_value(outdir, Opts, "."),
     putr(verbose, lists:member(verbose, Opts)),
     putr(debug,   lists:member(debug, Opts)),
@@ -73,7 +80,7 @@ getr(Key) ->
 %% ===========================================================================
 %% ===========================================================================
 
-%% Generate from parsed spec in a file.
+%% Generate from parsed dictionary in a file.
 
 file(F) ->
     file(F, spec).
@@ -83,55 +90,46 @@ file(F, Mode) ->
 
 file(F, Outdir, Mode) ->
     {ok, [Spec]} = file:consult(F),
-    from_spec(F, Spec, Outdir, Mode).
+    from_dict(F, Spec, Outdir, Mode).
 
 %% ===========================================================================
 %% ===========================================================================
 
-choose(true, X, _)  -> X;
-choose(false, _, X) -> X.
-
 get_value(Key, Plist) ->
     proplists:get_value(Key, Plist, []).
 
-write(Path, [C|_] = Spec)
-  when is_integer(C) ->
-    w(Path, Spec, "~s");
-write(Path, Spec) ->
-    w(Path, Spec, "~p.").
+write(Path, Str) ->
+    w(Path, Str, "~s").
 
-w(Path, Spec, Fmt) ->
+write_term(Path, T) ->
+    w(Path, T, "~p.").
+
+w(Path, T, Fmt) ->
     {ok, Fd} = file:open(Path, [write]),
-    io:fwrite(Fd, Fmt ++ "~n", [Spec]),
+    io:fwrite(Fd, Fmt ++ "~n", [T]),
     file:close(Fd).
 
 codegen(File, Spec, Outdir, Mode) ->
     Mod = mod(File, orddict:find(name, Spec)),
     Path = filename:join(Outdir, Mod),  %% minus extension
-    gen(Mode, Spec, Mod, Path),
+    gen(Mode, Spec, ?A(Mod), Path),
     ok.
 
 mod(File, error) ->
     filename:rootname(filename:basename(File));
 mod(_, {ok, Mod}) ->
-    atom_to_list(Mod).
+    Mod.
 
 gen(spec, Spec, _Mod, Path) ->
-    write(Path ++ ".spec", Spec);
+    write_term(Path ++ ".spec", [?VERSION | Spec]);
 
 gen(hrl, Spec, Mod, Path) ->
     gen_hrl(Path ++ ".hrl", Mod, Spec);
 
-gen(erl = Mode, Spec, Mod, Path)
-  when is_list(Mod) ->
-    gen(Mode, Spec, list_to_atom(Mod), Path);
-
 gen(erl, Spec, Mod, Path) ->
-    putr(module, Mod),  %% used by ?UNEXPECTED.
-
     Forms = [{?attribute, module, Mod},
              {?attribute, compile, [{parse_transform, diameter_exprecs}]},
-             {?attribute, compile, [nowarn_unused_function]},
+             {?attribute, compile, [{parse_transform, diameter_nowarn}]},
              {?attribute, export, [{name, 0},
                                    {id, 0},
                                    {vendor_id, 0},
@@ -175,7 +173,7 @@ gen(erl, Spec, Mod, Path) ->
     gen_erl(Path, insert_hrl_forms(Spec, Forms)).
 
 gen_erl(Path, Forms) ->
-    getr(debug) andalso write(Path ++ ".forms", Forms),
+    getr(debug) andalso write_term(Path ++ ".forms", Forms),
     write(Path ++ ".erl",
           header() ++ erl_prettypr:format(erl_syntax:form_list(Forms))).
 
@@ -224,16 +222,16 @@ a_record(Prefix, ProjF, L) ->
     lists:map(fun(T) -> a_record(ProjF(T), Prefix) end, L).
 
 a_record({Nm, Avps}, Prefix) ->
-    Name = list_to_atom(Prefix ++ atom_to_list(Nm)),
+    Name = list_to_atom(Prefix ++ Nm),
     Fields = lists:map(fun field/1, Avps),
     {?attribute, record, {Name, Fields}}.
 
 field(Avp) ->
     {Name, Arity} = avp_info(Avp),
     if 1 == Arity ->
-            {?record_field, ?ATOM(Name)};
+            {?record_field, ?Atom(Name)};
        true ->
-            {?record_field, ?ATOM(Name), ?NIL}
+            {?record_field, ?Atom(Name), ?NIL}
     end.
 
 %%% ------------------------------------------------------------------------
@@ -256,25 +254,33 @@ c_id({ok, Id}) ->
     {?clause, [], [], [?INTEGER(Id)]};
 
 c_id(error) ->
-    ?UNEXPECTED(0).
+    ?BADARG(0).
 
 %%% ------------------------------------------------------------------------
 %%% # vendor_id/0
 %%% ------------------------------------------------------------------------
 
 f_vendor_id(Spec) ->
-    {Id, _} = orddict:fetch(vendor, Spec),
     {?function, vendor_id, 0,
-     [{?clause, [], [], [?INTEGER(Id)]}]}.
+     [{?clause, [], [], [b_vendor_id(orddict:find(vendor, Spec))]}]}.
+
+b_vendor_id({ok, {Id, _}}) ->
+    ?INTEGER(Id);
+b_vendor_id(error) ->
+    ?APPLY(erlang, error, [?TERM(undefined)]).
 
 %%% ------------------------------------------------------------------------
 %%% # vendor_name/0
 %%% ------------------------------------------------------------------------
 
 f_vendor_name(Spec) ->
-    {_, Name} = orddict:fetch(vendor, Spec),
     {?function, vendor_name, 0,
-     [{?clause, [], [], [?ATOM(Name)]}]}.
+     [{?clause, [], [], [b_vendor_name(orddict:find(vendor, Spec))]}]}.
+
+b_vendor_name({ok, {_, Name}}) ->
+    ?Atom(Name);
+b_vendor_name(error) ->
+    ?APPLY(erlang, error, [?TERM(undefined)]).
 
 %%% ------------------------------------------------------------------------
 %%% # msg_name/1
@@ -287,22 +293,18 @@ f_msg_name(Spec) ->
 %% DIAMETER_COMMAND_UNSUPPORTED should be replied.
 
 msg_name(Spec) ->
-    lists:flatmap(fun c_msg_name/1,
-                  proplists:get_value(command_codes, Spec, []))
+    lists:flatmap(fun c_msg_name/1, proplists:get_value(command_codes,
+                                                        Spec,
+                                                        []))
         ++ [{?clause, [?VAR('_'), ?VAR('_')], [], [?ATOM('')]}].
 
 c_msg_name({Code, Req, Ans}) ->
     [{?clause, [?INTEGER(Code), ?ATOM(true)],
       [],
-      [?ATOM(mname(Req))]},
+      [?Atom(Req)]},
      {?clause, [?INTEGER(Code), ?ATOM(false)],
       [],
-      [?ATOM(mname(Ans))]}].
-
-mname({N, _Abbr}) ->
-    N;
-mname(N) ->
-    N.
+      [?Atom(Ans)]}].
 
 %%% ------------------------------------------------------------------------
 %%% # msg2rec/1
@@ -313,30 +315,11 @@ f_msg2rec(Spec) ->
 
 msg2rec(Spec) ->
     Pre = prefix(Spec),
-    Dict = dict:from_list(lists:flatmap(fun msgs/1,
-                                        get_value(command_codes, Spec))),
-    lists:flatmap(fun(T) -> msg2rec(T, Dict, Pre) end,
-                  get_value(messages, Spec))
-        ++ [?UNEXPECTED(1)].
-
-msgs({_Code, Req, Ans}) ->
-    [{mname(Req), Req}, {mname(Ans), Ans}].
-
-msg2rec({N,_,_,_,_}, Dict, Pre) ->
-    c_msg2rec(fetch_names(N, Dict), Pre).
-
-fetch_names(Name, Dict) ->
-    case dict:find(Name, Dict) of
-        {ok, N} ->
-            N;
-        error ->
-            Name
-    end.
+    lists:map(fun(T) -> c_msg2rec(T, Pre) end, get_value(messages, Spec))
+        ++ [?BADARG(1)].
 
-c_msg2rec({N,A}, Pre) ->
-    [c_name2rec(N, N, Pre), c_name2rec(A, N, Pre)];
-c_msg2rec(N, Pre) ->
-    [c_name2rec(N, N, Pre)].
+c_msg2rec({N,_,_,_,_}, Pre) ->
+    c_name2rec(N, Pre).
 
 %%% ------------------------------------------------------------------------
 %%% # rec2msg/1
@@ -348,10 +331,10 @@ f_rec2msg(Spec) ->
 rec2msg(Spec) ->
     Pre = prefix(Spec),
     lists:map(fun(T) -> c_rec2msg(T, Pre) end, get_value(messages, Spec))
-        ++ [?UNEXPECTED(1)].
+        ++ [?BADARG(1)].
 
 c_rec2msg({N,_,_,_,_}, Pre) ->
-    {?clause, [?ATOM(rec_name(N, Pre))], [], [?ATOM(N)]}.
+    {?clause, [?Atom(rec_name(N, Pre))], [], [?Atom(N)]}.
 
 %%% ------------------------------------------------------------------------
 %%% # name2rec/1
@@ -364,11 +347,11 @@ name2rec(Spec) ->
     Pre = prefix(Spec),
     Groups = get_value(grouped, Spec)
           ++ lists:flatmap(fun avps/1, get_value(import_groups, Spec)),
-    lists:map(fun({N,_,_,_}) -> c_name2rec(N, N, Pre) end, Groups)
+    lists:map(fun({N,_,_,_}) -> c_name2rec(N, Pre) end, Groups)
         ++ [{?clause, [?VAR('T')], [], [?CALL(msg2rec, [?VAR('T')])]}].
 
-c_name2rec(Name, Rname, Pre) ->
-    {?clause, [?ATOM(Name)], [], [?ATOM(rec_name(Rname, Pre))]}.
+c_name2rec(Name, Pre) ->
+    {?clause, [?Atom(Name)], [], [?Atom(rec_name(Name, Pre))]}.
 
 avps({_Mod, Avps}) ->
     Avps.
@@ -390,32 +373,47 @@ f_avp_name(Spec) ->
 %%       allocated by IANA (see Section 11.1).
 
 avp_name(Spec) ->
-    Avps = get_value(avp_types, Spec)
-        ++ lists:flatmap(fun avps/1, get_value(import_avps, Spec)),
-    {Vid, _} = orddict:fetch(vendor, Spec),
-    Vs = lists:flatmap(fun({V,Ns}) -> [{N,V} || N <- Ns] end,
-                       get_value(avp_vendor_id, Spec)),
+    Avps = get_value(avp_types, Spec),
+    Imported = get_value(import_avps, Spec),
+    Vid = orddict:find(vendor, Spec),
+    Vs = vendor_id_map(Spec),
 
-    lists:map(fun(T) -> c_avp_name(T, Vid, Vs) end, Avps)
+    lists:map(fun(T) -> c_avp_name(T, Vs, Vid) end, Avps)
+        ++ lists:flatmap(fun(T) -> c_imported_avp_name(T, Vs) end, Imported)
         ++ [{?clause, [?VAR('_'), ?VAR('_')], [], [?ATOM('AVP')]}].
 
-c_avp_name({Name, Code, Type, Flags, _Encr}, Vid, Vs) ->
-    c_avp_name({Name, Type},
-               Code,
-               lists:member('V', Flags),
-               Vid,
-               proplists:get_value(Name, Vs)).
+c_avp_name({Name, Code, Type, Flags}, Vs, Vid) ->
+    c_avp_name_(?TERM({?A(Name), ?A(Type)}),
+                ?INTEGER(Code),
+                vid(Name, Flags, Vs, Vid)).
 
-c_avp_name(T, Code, false, _, undefined = U) ->
-    {?clause, [?INTEGER(Code), ?ATOM(U)],
+%% Note that an imported AVP's vendor id is determined by
+%% avp_vendor_id in the inheriting module and vendor in the inherited
+%% module. In particular, avp_vendor_id in the inherited module is
+%% ignored so can't just call Mod:avp_header/1 to retrieve the vendor
+%% id. A vendor id specified in @grouped is equivalent to one
+%% specified as avp_vendor_id.
+
+c_imported_avp_name({Mod, Avps}, Vs) ->
+    lists:map(fun(A) -> c_avp_name(A, Vs, {module, Mod}) end, Avps).
+
+c_avp_name_(T, Code, undefined = U) ->
+    {?clause, [Code, ?ATOM(U)],
      [],
-     [?TERM(T)]};
+     [T]};
 
-c_avp_name(T, Code, true, Vid, V)
-  when is_integer(Vid) ->
-    {?clause, [?INTEGER(Code), ?INTEGER(choose(V == undefined, Vid, V))],
+c_avp_name_(T, Code, Vid) ->
+    {?clause, [Code, ?INTEGER(Vid)],
      [],
-     [?TERM(T)]}.
+     [T]}.
+
+vendor_id_map(Spec) ->
+    lists:flatmap(fun({V,Ns}) -> [{N,V} || N <- Ns] end,
+                  get_value(avp_vendor_id, Spec))
+        ++ lists:flatmap(fun({_,_,[],_}) -> [];
+                            ({N,_,[V],_}) -> [{N,V}]
+                         end,
+                         get_value(grouped, Spec)).
 
 %%% ------------------------------------------------------------------------
 %%% # avp_arity/2
@@ -445,60 +443,75 @@ c_avp_arity(Name, Avps) ->
 
 c_arity(Name, Avp) ->
     {AvpName, Arity} = avp_info(Avp),
-    {?clause, [?ATOM(Name), ?ATOM(AvpName)], [], [?TERM(Arity)]}.
+    {?clause, [?Atom(Name), ?Atom(AvpName)], [], [?TERM(Arity)]}.
 
 %%% ------------------------------------------------------------------------
 %%% # avp/3
 %%% ------------------------------------------------------------------------
 
 f_avp(Spec) ->
-    {?function, avp, 3, avp(Spec) ++ [?UNEXPECTED(3)]}.
+    {?function, avp, 3, avp(Spec) ++ [?BADARG(3)]}.
 
 avp(Spec) ->
-    Native   = get_value(avp_types, Spec),
-    Custom   = get_value(custom_types, Spec),
-    Imported = get_value(import_avps, Spec),
-    Enums    = get_value(enums, Spec),
-    avp([{N,T} || {N,_,T,_,_} <- Native], Imported, Custom, Enums).
+    Native     = get_value(avp_types, Spec),
+    CustomMods = get_value(custom_types, Spec),
+    TypeMods   = get_value(codecs, Spec),
+    Imported   = get_value(import_avps, Spec),
+    Enums      = get_value(enum, Spec),
 
-avp(Native, Imported, Custom, Enums) ->
-    Dict = orddict:from_list(Native),
+    Custom = lists:map(fun({M,As}) -> {M, custom_types, As} end,
+                       CustomMods)
+        ++ lists:map(fun({M,As}) -> {M, codecs, As} end,
+                     TypeMods),
+    avp(types(Native), Imported, Custom, Enums).
+
+types(Avps) ->
+    lists:map(fun({N,_,T,_}) -> {N,T} end, Avps).
 
-    report(native, Dict),
+avp(Native, Imported, Custom, Enums) ->
+    report(native, Native),
     report(imported, Imported),
     report(custom, Custom),
 
-    CustomNames = lists:flatmap(fun({_,Ns}) -> Ns end, Custom),
+    TypeDict = lists:foldl(fun({N,_,T,_}, D) -> orddict:store(N,T,D) end,
+                           orddict:from_list(Native),
+                           lists:flatmap(fun avps/1, Imported)),
+
+    CustomNames = lists:flatmap(fun({_,_,Ns}) -> Ns end, Custom),
 
     lists:map(fun c_base_avp/1,
-              lists:filter(fun({N,_}) ->
-                                   false == lists:member(N, CustomNames)
-                           end,
+              lists:filter(fun({N,_}) -> not_in(CustomNames, N) end,
                            Native))
-        ++ lists:flatmap(fun(I) -> cs_imported_avp(I, Enums) end, Imported)
-        ++ lists:flatmap(fun(C) -> cs_custom_avp(C, Dict) end, Custom).
+        ++ lists:flatmap(fun(I) -> cs_imported_avp(I, Enums, CustomNames) end,
+                         Imported)
+        ++ lists:flatmap(fun(C) -> cs_custom_avp(C, TypeDict) end, Custom).
+
+not_in(List, X) ->
+    not lists:member(X, List).
 
 c_base_avp({AvpName, T}) ->
-    {?clause, [?VAR('T'), ?VAR('Data'), ?ATOM(AvpName)],
+    {?clause, [?VAR('T'), ?VAR('Data'), ?Atom(AvpName)],
      [],
-     [base_avp(AvpName, T)]}.
+     [b_base_avp(AvpName, T)]}.
 
-base_avp(AvpName, 'Enumerated') ->
-    ?CALL(enumerated_avp, [?VAR('T'), ?ATOM(AvpName), ?VAR('Data')]);
+b_base_avp(AvpName, "Enumerated") ->
+    ?CALL(enumerated_avp, [?VAR('T'), ?Atom(AvpName), ?VAR('Data')]);
 
-base_avp(AvpName, 'Grouped') ->
-    ?CALL(grouped_avp, [?VAR('T'), ?ATOM(AvpName), ?VAR('Data')]);
+b_base_avp(AvpName, "Grouped") ->
+    ?CALL(grouped_avp, [?VAR('T'), ?Atom(AvpName), ?VAR('Data')]);
 
-base_avp(_, Type) ->
-    ?APPLY(diameter_types, Type, [?VAR('T'), ?VAR('Data')]).
+b_base_avp(_, Type) ->
+    ?APPLY(diameter_types, ?A(Type), [?VAR('T'), ?VAR('Data')]).
 
-cs_imported_avp({Mod, Avps}, Enums) ->
-    lists:map(fun(A) -> imported_avp(Mod, A, Enums) end, Avps).
+cs_imported_avp({Mod, Avps}, Enums, CustomNames) ->
+    lists:map(fun(A) -> imported_avp(Mod, A, Enums) end,
+              lists:filter(fun({N,_,_,_}) -> not_in(CustomNames, N) end,
+                           Avps)).
 
-imported_avp(_Mod, {AvpName, _, 'Grouped' = T, _, _}, _) ->
+imported_avp(_Mod, {AvpName, _, "Grouped" = T, _}, _) ->
     c_base_avp({AvpName, T});
 
-imported_avp(Mod, {AvpName, _, 'Enumerated' = T, _, _}, Enums) ->
+imported_avp(Mod, {AvpName, _, "Enumerated" = T, _}, Enums) ->
     case lists:keymember(AvpName, 1, Enums) of
         true ->
             c_base_avp({AvpName, T});
@@ -506,34 +519,40 @@ imported_avp(Mod, {AvpName, _, 'Enumerated' = T, _, _}, Enums) ->
             c_imported_avp(Mod, AvpName)
     end;
 
-imported_avp(Mod, {AvpName, _, _, _, _}, _) ->
+imported_avp(Mod, {AvpName, _, _, _}, _) ->
     c_imported_avp(Mod, AvpName).
 
 c_imported_avp(Mod, AvpName) ->
-    {?clause, [?VAR('T'), ?VAR('Data'), ?ATOM(AvpName)],
+    {?clause, [?VAR('T'), ?VAR('Data'), ?Atom(AvpName)],
      [],
      [?APPLY(Mod, avp, [?VAR('T'),
                         ?VAR('Data'),
-                        ?ATOM(AvpName)])]}.
+                        ?Atom(AvpName)])]}.
 
-cs_custom_avp({Mod, Avps}, Dict) ->
-    lists:map(fun(N) -> c_custom_avp(Mod, N, orddict:fetch(N, Dict)) end,
+cs_custom_avp({Mod, Key, Avps}, Dict) ->
+    lists:map(fun(N) -> c_custom_avp(Mod, Key, N, orddict:fetch(N, Dict)) end,
               Avps).
 
-c_custom_avp(Mod, AvpName, Type) ->
-    {?clause, [?VAR('T'), ?VAR('Data'), ?ATOM(AvpName)],
+c_custom_avp(Mod, Key, AvpName, Type) ->
+    {F,A} = custom(Key, AvpName, Type),
+    {?clause, [?VAR('T'), ?VAR('Data'), ?Atom(AvpName)],
      [],
-     [?APPLY(Mod, AvpName, [?VAR('T'), ?ATOM(Type), ?VAR('Data')])]}.
+     [?APPLY(?A(Mod), ?A(F), [?VAR('T'), ?Atom(A), ?VAR('Data')])]}.
+
+custom(custom_types, AvpName, Type) ->
+    {AvpName, Type};
+custom(codecs, AvpName, Type) ->
+    {Type, AvpName}.
 
 %%% ------------------------------------------------------------------------
 %%% # enumerated_avp/3
 %%% ------------------------------------------------------------------------
 
 f_enumerated_avp(Spec) ->
-    {?function, enumerated_avp, 3, enumerated_avp(Spec) ++ [?UNEXPECTED(3)]}.
+    {?function, enumerated_avp, 3, enumerated_avp(Spec) ++ [?BADARG(3)]}.
 
 enumerated_avp(Spec) ->
-    Enums = get_value(enums, Spec),
+    Enums = get_value(enum, Spec),
     lists:flatmap(fun cs_enumerated_avp/1, Enums)
         ++ lists:flatmap(fun({M,Es}) -> enumerated_avp(M, Es, Enums) end,
                          get_value(import_enums, Spec)).
@@ -554,11 +573,11 @@ cs_enumerated_avp(false, _, _) ->
 cs_enumerated_avp({AvpName, Values}) ->
     lists:flatmap(fun(V) -> c_enumerated_avp(AvpName, V) end, Values).
 
-c_enumerated_avp(AvpName, {I,_}) ->
-    [{?clause, [?ATOM(decode), ?ATOM(AvpName), ?TERM(<<I:32/integer>>)],
+c_enumerated_avp(AvpName, {_,I}) ->
+    [{?clause, [?ATOM(decode), ?Atom(AvpName), ?TERM(<<I:32/integer>>)],
       [],
       [?TERM(I)]},
-     {?clause, [?ATOM(encode), ?ATOM(AvpName), ?INTEGER(I)],
+     {?clause, [?ATOM(encode), ?Atom(AvpName), ?INTEGER(I)],
       [],
       [?TERM(<<I:32/integer>>)]}].
 
@@ -567,7 +586,7 @@ c_enumerated_avp(AvpName, {I,_}) ->
 %%% ------------------------------------------------------------------------
 
 f_msg_header(Spec) ->
-    {?function, msg_header, 1, msg_header(Spec) ++ [?UNEXPECTED(1)]}.
+    {?function, msg_header, 1, msg_header(Spec) ++ [?BADARG(1)]}.
 
 msg_header(Spec) ->
     msg_header(get_value(messages, Spec), Spec).
@@ -582,7 +601,7 @@ msg_header(Msgs, Spec) ->
 %% Note that any application id in the message header spec is ignored.
 
 c_msg_header(Name, Code, Flags, ApplId) ->
-    {?clause, [?ATOM(Name)],
+    {?clause, [?Atom(Name)],
      [],
      [?TERM({Code, encode_msg_flags(Flags), ApplId})]}.
 
@@ -598,50 +617,61 @@ emf('ERR', N) -> N bor 2#00100000.
 %%% ------------------------------------------------------------------------
 
 f_avp_header(Spec) ->
-    {?function, avp_header, 1, avp_header(Spec) ++ [?UNEXPECTED(1)]}.
+    {?function, avp_header, 1, avp_header(Spec) ++ [?BADARG(1)]}.
 
 avp_header(Spec) ->
     Native = get_value(avp_types, Spec),
     Imported = get_value(import_avps, Spec),
-    {Vid, _} = orddict:fetch(vendor, Spec),
-    Vs = lists:flatmap(fun({V,Ns}) -> [{N,V} || N <- Ns] end,
-                       get_value(avp_vendor_id, Spec)),
+    Vid = orddict:find(vendor, Spec),
+    Vs = vendor_id_map(Spec),
 
-    lists:flatmap(fun(A) -> c_avp_header({Vid, Vs}, A) end,
+    lists:flatmap(fun(A) -> c_avp_header(A, Vs, Vid) end,
                   Native ++ Imported).
 
-c_avp_header({Vid, Vs}, {Name, Code, _Type, Flags, _Encr}) ->
-    [{?clause, [?ATOM(Name)],
+c_avp_header({Name, Code, _Type, Flags}, Vs, Vid) ->
+    [{?clause, [?Atom(Name)],
       [],
       [?TERM({Code, encode_avp_flags(Flags), vid(Name, Flags, Vs, Vid)})]}];
 
-c_avp_header({_, Vs}, {Mod, Avps}) ->
-    lists:map(fun(A) -> c_avp_header(Vs, Mod, A) end, Avps).
+c_avp_header({Mod, Avps}, Vs, _Vid) ->
+    lists:map(fun(A) -> c_imported_avp_header(A, Mod, Vs) end, Avps).
 
-c_avp_header(Vs, Mod, {Name, _, _, Flags, _}) ->
-    Apply = ?APPLY(Mod, avp_header, [?ATOM(Name)]),
-    {?clause, [?ATOM(Name)],
+%% Note that avp_vendor_id in the inherited dictionary is ignored. The
+%% value must be changed in the inheriting dictionary. This is
+%% consistent with the semantics of avp_name/2.
+
+c_imported_avp_header({Name, _Code, _Type, _Flags}, Mod, Vs) ->
+    Apply = ?APPLY(Mod, avp_header, [?Atom(Name)]),
+    {?clause, [?Atom(Name)],
      [],
      [case proplists:get_value(Name, Vs) of
           undefined ->
               Apply;
           Vid ->
-              true = lists:member('V', Flags),  %% sanity check
               ?CALL(setelement, [?INTEGER(3), Apply, ?INTEGER(Vid)])
       end]}.
 
 encode_avp_flags(Fs) ->
     lists:foldl(fun eaf/2, 0, Fs).
 
-eaf('V', F) -> 2#10000000 bor F;
-eaf('M', F) -> 2#01000000 bor F;
-eaf('P', F) -> 2#00100000 bor F.
+eaf($V, F) -> 2#10000000 bor F;
+eaf($M, F) -> 2#01000000 bor F;
+eaf($P, F) -> 2#00100000 bor F.
 
 vid(Name, Flags, Vs, Vid) ->
-    v(lists:member('V', Flags), Name, Vs, Vid).
+    v(lists:member($V, Flags), Name, Vs, Vid).
+
+v(true = T, Name, Vs, {module, Mod}) ->
+    v(T, Name, Vs, {ok, {Mod:vendor_id(), Mod:vendor_name()}});
 
 v(true, Name, Vs, Vid) ->
-    proplists:get_value(Name, Vs, Vid);
+    case proplists:get_value(Name, Vs) of
+        undefined ->
+            {ok, {Id, _}} = Vid,
+            Id;
+        Id ->
+            Id
+    end;
 v(false, _, _, _) ->
     undefined.
 
@@ -656,19 +686,19 @@ empty_value(Spec) ->
     Imported = lists:flatmap(fun avps/1, get_value(import_enums, Spec)),
     Groups = get_value(grouped, Spec)
         ++ lists:flatmap(fun avps/1, get_value(import_groups, Spec)),
-    Enums = [T || {N,_} = T <- get_value(enums, Spec),
+    Enums = [T || {N,_} = T <- get_value(enum, Spec),
                   not lists:keymember(N, 1, Imported)]
         ++ Imported,
     lists:map(fun c_empty_value/1, Groups ++ Enums)
         ++ [{?clause, [?VAR('Name')], [], [?CALL(empty, [?VAR('Name')])]}].
 
 c_empty_value({Name, _, _, _}) ->
-    {?clause, [?ATOM(Name)],
+    {?clause, [?Atom(Name)],
      [],
-     [?CALL(empty_group, [?ATOM(Name)])]};
+     [?CALL(empty_group, [?Atom(Name)])]};
 
 c_empty_value({Name, _}) ->
-    {?clause, [?ATOM(Name)],
+    {?clause, [?Atom(Name)],
      [],
      [?TERM(<<0:32/integer>>)]}.
 
@@ -678,7 +708,7 @@ c_empty_value({Name, _}) ->
 
 f_dict(Spec) ->
     {?function, dict, 0,
-     [{?clause, [], [], [?TERM(Spec)]}]}.
+     [{?clause, [], [], [?TERM([?VERSION | Spec])]}]}.
 
 %%% ------------------------------------------------------------------------
 %%% # gen_hrl/3
@@ -706,10 +736,10 @@ gen_hrl(Path, Mod, Spec) ->
 
     write("ENUM Macros",
           Fd,
-          m_enums(PREFIX, false, get_value(enums, Spec))),
+          m_enums(PREFIX, false, get_value(enum, Spec))),
     write("DEFINE Macros",
           Fd,
-          m_enums(PREFIX, false, get_value(defines, Spec))),
+          m_enums(PREFIX, false, get_value(define, Spec))),
 
     lists:foreach(fun({M,Es}) ->
                           write("ENUM Macros from " ++ atom_to_list(M),
@@ -751,8 +781,8 @@ m_enums(Prefix, Wrap, Enums) ->
 
 m_enum(Prefix, B, {Name, Values}) ->
     P = Prefix ++ to_upper(Name) ++ "_",
-    lists:map(fun({I,A}) ->
-                      N = ["'", P, to_upper(z(atom_to_list(A))), "'"],
+    lists:map(fun({A,I}) ->
+                      N = ["'", P, to_upper(z(A)), "'"],
                       wrap(B,
                            N,
                            ["-define(", N, ", ", integer_to_list(I), ").\n"])
@@ -794,34 +824,34 @@ header() ->
      "%%\n\n").
 
 hrl_header(Name) ->
-    header() ++ "-hrl_name('" ++ Name ++ ".hrl').\n".
+    header() ++ "-hrl_name('" ++ ?S(Name) ++ ".hrl').\n".
 
 %% avp_info/1
 
 avp_info(Entry) ->  %% {Name, Arity}
     case Entry of
-        {'<',A,'>'} -> {A, 1};
-        {A}         -> {A, 1};
-        [A]         -> {A, {0,1}};
+        {{A}} -> {A, 1};
+        {A}   -> {A, 1};
+        [A]   -> {A, {0,1}};
         {Q,T} ->
             {A,_} = avp_info(T),
-            {A, arity(Q)}
+            {A, arity(T,Q)}
     end.
 
 %% Normalize arity to 1 or {N,X} where N is an integer. A record field
 %% for an AVP is list-valued iff the normalized arity is not 1.
-arity('*' = Inf) -> {0, Inf};
-arity({'*', N})  -> {0, N};
-arity({1,1})     -> 1;
-arity(T)         -> T.
+arity({{_}}, '*' = Inf) -> {0, Inf};
+arity([_],   '*' = Inf) -> {0, Inf};
+arity({_},   '*' = Inf) -> {1, Inf};
+arity(_,   {_,_} = Q)   -> Q.
 
 prefix(Spec) ->
     case orddict:find(prefix, Spec) of
         {ok, P} ->
-            atom_to_list(P) ++ "_";
+            P ++ "_";
         error ->
             ""
     end.
 
 rec_name(Name, Prefix) ->
-    list_to_atom(Prefix ++ atom_to_list(Name)).
+    Prefix ++ Name.
diff --git a/lib/diameter/src/compiler/diameter_dict_parser.yrl b/lib/diameter/src/compiler/diameter_dict_parser.yrl
new file mode 100644
index 0000000000..6fd4cedd23
--- /dev/null
+++ b/lib/diameter/src/compiler/diameter_dict_parser.yrl
@@ -0,0 +1,324 @@
+%% -*- erlang -*-
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% A grammar for dictionary specification.
+%%
+
+Nonterminals
+  application_id avp avp_code avp_def avp_defs avp_flags avp_header
+  avp_header_tok avp_name avp_names avp_ref avp_spec avp_type
+  avp_vendor avps bit bits command_def command_id diameter_name
+  dictionary enum_def enum_defs group_def group_defs header header_tok
+  ident idents message_defs module qual section sections.
+
+Terminals
+  avp_types avp_vendor_id codecs custom_types define enum grouped
+  id inherits messages name prefix vendor
+  number word
+  '{' '}' '<' '>' '[' ']' '*' '::=' ':' ',' '-'
+   code
+  'answer-message'
+  'AVP' 'AVP-Header'
+  'Diameter' 'Diameter-Header' 'Header'
+  'REQ' 'PXY' 'ERR'.
+
+Rootsymbol dictionary.
+
+Endsymbol '$end'.
+
+%% ===========================================================================
+
+dictionary -> sections : '$1'.
+
+sections -> '$empty'         : [].
+sections -> section sections : ['$1' | '$2'].
+
+section -> name ident   : ['$1', '$2'].
+section -> prefix ident : ['$1', '$2'].
+section -> id number    : ['$1', '$2'].
+section -> vendor number ident       : ['$1', '$2', '$3'].
+section -> inherits module avp_names : ['$1', '$2' | '$3'].
+section -> avp_types avp_defs        : ['$1' | '$2'].
+section -> avp_vendor_id number avp_names : ['$1', '$2' | '$3'].
+section -> custom_types module avp_names  : ['$1', '$2' | '$3'].
+section -> codecs module avp_names      : ['$1', '$2' | '$3'].
+section -> messages message_defs  : ['$1' | '$2'].
+section -> grouped group_defs     : ['$1' | '$2'].
+section -> enum ident enum_defs   : ['$1', '$2' | '$3'].
+section -> define ident enum_defs : ['$1', '$2' | '$3'].
+
+%% =====================================
+
+module -> ident : '$1'.
+
+avp_names -> idents : '$1'.  %% Note: not 'AVP'
+
+avp_defs -> '$empty'         : [].
+avp_defs -> avp_def avp_defs : ['$1' | '$2'].
+
+avp_def -> ident number avp_type avp_flags : ['$1', '$2', '$3', '$4'].
+
+avp_type -> ident : '$1'.
+
+idents -> '$empty'     : [].
+idents -> ident idents : ['$1' | '$2'].
+
+avp_flags -> '-'   :
+    {_, Lineno} = '$1',
+    {word, Lineno, ""}.
+avp_flags -> ident :
+    '$1'.
+%% Could support lowercase here if there's a use for distinguishing
+%% between Must and Should in the future in deciding whether or not
+%% to set a flag.
+
+ident -> word : '$1'.
+
+%% Don't bother mapping reserved words to make these usable in this
+%% context. That an AVP can't be named Diameter-Header is probably no
+%% great loss, and that it can't be named AVP may even save someone
+%% from themselves. (Temporarily at least.)
+
+group_defs -> '$empty'             : [].
+group_defs -> group_def group_defs : ['$1' | '$2'].
+
+message_defs -> '$empty'                 : [].
+message_defs -> command_def message_defs : ['$1' | '$2'].
+
+enum_defs -> '$empty'           : [].
+enum_defs -> enum_def enum_defs : ['$1' | '$2'].
+
+enum_def -> ident number : ['$1', '$2'].
+
+%% =====================================
+%% 3.2.  Command Code ABNF specification
+%%
+%%    Every Command Code defined MUST include a corresponding ABNF
+%%    specification, which is used to define the AVPs that MUST or MAY be
+%%    present when sending the message.  The following format is used in
+%%    the definition:
+
+%%   command-def      = <command-name> "::=" diameter-message
+%%
+%%   command-name     = diameter-name
+%%
+%%   diameter-name    = ALPHA *(ALPHA / DIGIT / "-")
+%%
+%%   diameter-message = header  [ *fixed] [ *required] [ *optional]
+
+%% answer-message is a special case.
+command_def -> 'answer-message' '::=' '<' header_tok ':' code
+                                          ',' 'ERR' '[' 'PXY' ']' '>'
+               avps
+  : ['$1', false | '$13'].
+
+command_def -> diameter_name '::=' header avps
+  : ['$1', '$3' | '$4'].
+%% Ensure the order fixed/required/optional by semantic checks rather
+%% than grammatically since the latter requires more lookahead: don't
+%% know until after a leading qual which of the three it is that's
+%% being parsed.
+
+diameter_name -> ident : '$1'.
+
+%%   header           = "<" "Diameter Header:" command-id
+%%                      [r-bit] [p-bit] [e-bit] [application-id] ">"
+%%
+%%   command-id       = 1*DIGIT
+%%                      ; The Command Code assigned to the command
+%%
+%%   r-bit            = ", REQ"
+%%                      ; If present, the 'R' bit in the Command
+%%                      ; Flags is set, indicating that the message
+%%                      ; is a request, as opposed to an answer.
+%%
+%%   p-bit            = ", PXY"
+%%                      ; If present, the 'P' bit in the Command
+%%                      ; Flags is set, indicating that the message
+%%                      ; is proxiable.
+%%
+%%   e-bit            = ", ERR"
+%%                      ; If present, the 'E' bit in the Command
+%%                      ; Flags is set, indicating that the answer
+%%                      ; message contains a Result-Code AVP in
+%%                      ; the "protocol error" class.
+%%
+%%   application-id   = 1*DIGIT
+
+header -> '<' header_tok ':' command_id bits application_id '>'
+  : ['$4', '$5', '$6'].
+
+command_id -> number : '$1'.
+
+%% Accept both the form of the base definition and the typo (fixed in
+%% 3588bis) of the grammar.
+header_tok -> 'Diameter' 'Header'.
+header_tok -> 'Diameter-Header'.
+
+bits -> '$empty'     : [].
+bits -> ',' bit bits : ['$2' | '$3'].
+
+%% ERR only makes sense for answer-message so don't allow it here
+%% (despite 3588).
+bit -> 'REQ' : '$1'.
+bit -> 'PXY' : '$1'.
+
+application_id -> '$empty' : false.
+application_id -> number   : '$1'.
+
+%%   fixed            = [qual] "<" avp-spec ">"
+%%                      ; Defines the fixed position of an AVP
+%%
+%%   required         = [qual] "{" avp-spec "}"
+%%                      ; The AVP MUST be present and can appear
+%%                      ; anywhere in the message.
+%%
+%%   optional         = [qual] "[" avp-name "]"
+%%                      ; The avp-name in the 'optional' rule cannot
+%%                      ; evaluate to any AVP Name which is included
+%%                      ; in a fixed or required rule.  The AVP can
+%%                      ; appear anywhere in the message.
+%%                      ;
+%%                      ; NOTE:  "[" and "]" have a slightly different
+%%                      ; meaning than in ABNF (RFC 5234]). These braces
+%%                      ; cannot be used to express optional fixed rules
+%%                      ; (such as an optional ICV at the end). To do this,
+%%                      ; the convention is '0*1fixed'.
+
+avps -> '$empty' : [].
+avps -> avp avps : ['$1' | '$2'].
+
+avp -> avp_ref      : [false | '$1'].
+avp -> qual avp_ref : ['$1' | '$2'].
+
+avp_ref -> '<' avp_spec '>' : [$<, '$2'].
+avp_ref -> '{' avp_name '}' : [${, '$2'].
+avp_ref -> '[' avp_name ']' : [$[, '$2'].
+%% Note that required can be an avp_name, not just avp_spec. 'AVP'
+%% is specified as required by Failed-AVP for example.
+
+%%   qual             = [min] "*" [max]
+%%                      ; See ABNF conventions, RFC 5234 Section 4.
+%%                      ; The absence of any qualifiers depends on
+%%                      ; whether it precedes a fixed, required, or
+%%                      ; optional rule. If a fixed or required rule has
+%%                      ; no qualifier, then exactly one such AVP MUST
+%%                      ; be present.  If an optional rule has no
+%%                      ; qualifier, then 0 or 1 such AVP may be
+%%                      ; present. If an optional rule has a qualifier,
+%%                      ; then the value of min MUST be 0 if present.
+%%
+%%   min              = 1*DIGIT
+%%                      ; The minimum number of times the element may
+%%                      ; be present. If absent, the default value is zero
+%%                      ; for fixed and optional rules and one for required
+%%                      ; rules. The value MUST be at least one for for
+%%                      ; required rules.
+%%
+%%   max              = 1*DIGIT
+%%                      ; The maximum number of times the element may
+%%                      ; be present. If absent, the default value is
+%%                      ; infinity. A value of zero implies the AVP MUST
+%%                      ; NOT be present.
+
+qual -> number '*' number : {'$1', '$3'}.
+qual -> number '*'        : {'$1', true}.
+qual -> '*' number        : {true, '$2'}.
+qual -> '*'               : true.
+
+%%   avp-spec         = diameter-name
+%%                      ; The avp-spec has to be an AVP Name, defined
+%%                      ; in the base or extended Diameter
+%%                      ; specifications.
+
+avp_spec -> diameter_name : '$1'.
+
+%%   avp-name         = avp-spec / "AVP"
+%%                      ; The string "AVP" stands for *any* arbitrary AVP
+%%                      ; Name, not otherwise listed in that command code
+%%                      ; definition. Addition this AVP is recommended for
+%%                      ; all command ABNFs to allow for extensibility.
+
+avp_name -> 'AVP'    : '$1'.
+avp_name -> avp_spec : '$1'.
+
+%%   The following is a definition of a fictitious command code:
+%%
+%%   Example-Request ::= < Diameter Header: 9999999, REQ, PXY >
+%%                       { User-Name }
+%%                     * { Origin-Host }
+%%                     * [ AVP ]
+
+%% =====================================
+%% 4.4.   Grouped AVP Values
+%%
+%%    The Diameter protocol allows AVP values of type 'Grouped'.  This
+%%    implies that the Data field is actually a sequence of AVPs.  It is
+%%    possible to include an AVP with a Grouped type within a Grouped type,
+%%    that is, to nest them.  AVPs within an AVP of type Grouped have the
+%%    same padding requirements as non-Grouped AVPs, as defined in Section
+%%    4.
+%%
+%%    The AVP Code numbering space of all AVPs included in a Grouped AVP is
+%%    the same as for non-grouped AVPs.  Receivers of a Grouped AVP that
+%%    does not have the 'M' (mandatory) bit set and one or more of the
+%%    encapsulated AVPs within the group has the 'M' (mandatory) bit set
+%%    MAY simply be ignored if the Grouped AVP itself is unrecognized.  The
+%%    rule applies even if the encapsulated AVP with its 'M' (mandatory)
+%%    bit set is further encapsulated within other sub-groups; i.e. other
+%%    Grouped AVPs embedded within the Grouped AVP.
+%%
+%%    Every Grouped AVP defined MUST include a corresponding grammar, using
+%%    ABNF [RFC5234] (with modifications), as defined below.
+
+%%          grouped-avp-def  = <name> "::=" avp
+%%
+%%          name-fmt         = ALPHA *(ALPHA / DIGIT / "-")
+%%
+%%          name             = name-fmt
+%%                             ; The name has to be the name of an AVP,
+%%                             ; defined in the base or extended Diameter
+%%                             ; specifications.
+%%
+%%          avp              = header  [ *fixed] [ *required] [ *optional]
+
+group_def -> ident '::=' avp_header avps : ['$1', '$3' | '$4'].
+
+%%          header           = "<" "AVP-Header:" avpcode [vendor] ">"
+%%
+%%          avpcode          = 1*DIGIT
+%%                             ; The AVP Code assigned to the Grouped AVP
+%%
+%%          vendor           = 1*DIGIT
+%%                             ; The Vendor-ID assigned to the Grouped AVP.
+%%                             ; If absent, the default value of zero is
+%%                             ; used.
+
+avp_header -> '<' avp_header_tok ':' avp_code avp_vendor '>'
+  : ['$4', '$5'].
+
+avp_header_tok -> 'AVP-Header'.
+avp_header_tok -> 'AVP' 'Header'.
+
+avp_code -> number : '$1'.
+
+avp_vendor -> '$empty' : false.
+avp_vendor -> number   : '$1'.
diff --git a/lib/diameter/src/compiler/diameter_dict_scanner.erl b/lib/diameter/src/compiler/diameter_dict_scanner.erl
new file mode 100644
index 0000000000..45189376fb
--- /dev/null
+++ b/lib/diameter/src/compiler/diameter_dict_scanner.erl
@@ -0,0 +1,276 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(diameter_dict_scanner).
+
+%%
+%% A scanner for dictionary files of the form expected by yecc.
+%%
+
+-export([scan/1,
+         format_error/1]).
+
+-export([is_name/1]).
+
+%% -----------------------------------------------------------
+%% # scan/1
+%% -----------------------------------------------------------
+
+-spec scan(string() | binary())
+   -> {ok, [Token]}
+    | {error, {string(), string(), Lineno}}
+ when Token  :: {word, Lineno, string()}
+              | {number, Lineno, non_neg_integer()}
+              | {Symbol, Lineno},
+      Lineno   :: pos_integer(),
+      Symbol   :: '{' | '}'   | '<' | '>' | '[' | ']'
+                | '*' | '::=' | ':' | ',' | '-'
+                | avp_types
+                | avp_vendor_id
+                | codecs
+                | custom_types
+                | define
+                | grouped
+                | id
+                | inherits
+                | messages
+                | name
+                | prefix
+                | vendor
+                | '$end'
+                | code
+                | 'answer-message'
+                | 'AVP'
+                | 'AVP-Header'
+                | 'Diameter'
+                | 'Diameter-Header'
+                | 'Header'
+                | 'REQ'
+                | 'PXY'
+                | 'ERR'.
+
+scan(B)
+  when is_binary(B) ->
+    scan(binary_to_list(B));
+scan(S) ->
+    scan(S, {1, []}).
+
+scan(S, {Lineno, Acc}) ->
+    case split(S) of
+        '$end' = E ->
+            {ok, lists:reverse([{E, Lineno} | Acc])};
+        {Tok, Rest} ->
+            scan(Rest, acc(Tok, Lineno, Acc));
+        Reason when is_list(Reason) ->
+            {error, {Reason, S, Lineno}}
+    end.
+
+%% format_error/1
+
+format_error({Reason, Input, Lineno}) ->
+    io_lib:format("~s at line ~p: ~s",
+                  [Reason, Lineno, head(Input, [], 20, true)]).
+
+%% is_name/1
+
+is_name([H|T]) ->
+    is_alphanum(H) andalso lists:all(fun is_name_ch/1, T).
+
+%% ===========================================================================
+
+head(Str, Acc, N, _)
+  when [] == Str;
+       0 == N;
+       $\r == hd(Str);
+       $\n == hd(Str) ->
+    lists:reverse(Acc);
+head([C|Rest], Acc, N, true = T)  %% skip leading whitespace
+  when C == $\s;
+       C == $\t;
+       C == $\f;
+       C == $\v ->
+    head(Rest, Acc, N, T);
+head([C|Rest], Acc, N, _) ->
+    head(Rest, [C|Acc], N-1, false).
+
+acc(endline, Lineno, Acc) ->
+    {Lineno + 1, Acc};
+acc(T, Lineno, Acc) ->
+    {Lineno, [tok(T, Lineno) | Acc]}.
+
+tok({Cat, Sym}, Lineno) ->
+    {Cat, Lineno, Sym};
+tok(Sym, Lineno) ->
+    {Sym, Lineno}.
+
+%% # split/1
+%%
+%% Output: {Token, Rest} | atom()
+
+%% Finito.
+split("") ->
+    '$end';
+
+%% Skip comments. This precludes using semicolon for any other purpose.
+split([$;|T]) ->
+    split(lists:dropwhile(fun(C) -> not is_eol_ch(C) end, T));
+
+%% Beginning of a section.
+split([$@|T]) ->
+    {Name, Rest} = lists:splitwith(fun is_name_ch/1, T),
+    case section(Name) of
+        false ->
+            "Unknown section";
+        'end' ->
+            '$end';
+        A ->
+            {A, Rest}
+    end;
+
+split("::=" ++ T) ->
+    {'::=', T};
+
+split([H|T])
+  when H == ${; H == $};
+       H == $<; H == $>;
+       H == $[; H == $];
+       H == $*; H == $:; H == $,; H == $- ->
+    {list_to_atom([H]), T};
+
+%% RFC 3588 requires various names to begin with a letter but 3GPP (for
+%% one) abuses this. (eg 3GPP-Charging-Id in TS32.299.)
+split([H|_] = L) when $0 =< H, H =< $9 ->
+    {P, Rest} = splitwith(fun is_name_ch/1, L),
+    Tok = try
+              {number, read_int(P)}
+          catch
+              error:_ ->
+                  word(P)
+          end,
+    {Tok, Rest};
+
+split([H|_] = L) when $a =< H, H =< $z;
+                      $A =< H, H =< $Z ->
+    {P, Rest} = splitwith(fun is_name_ch/1, L),
+    {word(P), Rest};
+
+split([$'|T]) ->
+    case lists:splitwith(fun(C) -> not lists:member(C, "'\r\n") end, T) of
+        {[_|_] = A, [$'|Rest]} ->
+            {{word, A}, Rest};
+        {[], [$'|_]} ->
+            "Empty string";
+        _ -> %% not terminated on same line
+            "Unterminated string"
+    end;
+
+%% Line ending of various forms.
+split([$\r,$\n|T]) ->
+    {endline, T};
+split([C|T])
+  when C == $\r;
+       C == $\n ->
+    {endline, T};
+
+%% Ignore whitespace.
+split([C|T])
+  when C == $\s;
+       C == $\t;
+       C == $\f;
+       C == $\v ->
+    split(T);
+
+split(_) ->
+    "Unexpected character".
+
+%% word/1
+
+%% Reserved words significant in parsing ...
+word(S)
+  when S == "answer-message";
+       S == "code";
+       S == "AVP";
+       S == "AVP-Header";
+       S == "Diameter";
+       S == "Diameter-Header";
+       S == "Header";
+       S == "REQ";
+       S == "PXY";
+       S == "ERR" ->
+    list_to_atom(S);
+
+%% ... or not.
+word(S) ->
+    {word, S}.
+
+%% section/1
+
+section(N)
+  when N == "avp_types";
+       N == "avp_vendor_id";
+       N == "codecs";
+       N == "custom_types";
+       N == "define";
+       N == "end";
+       N == "enum";
+       N == "grouped";
+       N == "id";
+       N == "inherits";
+       N == "messages";
+       N == "name";
+       N == "prefix";
+       N == "vendor" ->
+    list_to_atom(N);
+section(_) ->
+    false.
+
+%% read_int/1
+
+read_int([$0,X|S])
+  when X == $X;
+       X == $x ->
+    {ok, [N], []} = io_lib:fread("~16u", S),
+    N;
+
+read_int(S) ->
+    list_to_integer(S).
+
+%% splitwith/3
+
+splitwith(Fun, [H|T]) ->
+    {SH, ST} = lists:splitwith(Fun, T),
+    {[H|SH], ST}.
+
+is_eol_ch(C) ->
+    C == $\n orelse C == $\r.
+
+is_name_ch(C) ->
+    is_alphanum(C) orelse C == $- orelse C == $_.
+
+is_alphanum(C) ->
+    is_lower(C) orelse is_upper(C) orelse is_digit(C).
+
+is_lower(C) ->
+    $a =< C andalso C =< $z.
+
+is_upper(C) ->
+    $A =< C andalso C =< $Z.
+
+is_digit(C) ->
+    $0 =< C andalso C =< $9.
diff --git a/lib/diameter/src/compiler/diameter_dict_util.erl b/lib/diameter/src/compiler/diameter_dict_util.erl
new file mode 100644
index 0000000000..36a6efa294
--- /dev/null
+++ b/lib/diameter/src/compiler/diameter_dict_util.erl
@@ -0,0 +1,1358 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% This module turns a dictionary file into the orddict that
+%% diameter_codegen.erl in turn morphs into .erl and .hrl files for
+%% encode and decode of Diameter messages and AVPs.
+%%
+
+-module(diameter_dict_util).
+
+-export([parse/2,
+         format_error/1,
+         format/1]).
+
+-include("diameter_vsn.hrl").
+
+-define(RETURN(T), throw({T, ?MODULE, ?LINE})).
+-define(RETURN(T, Args), ?RETURN({T, Args})).
+
+-define(A, list_to_atom).
+-define(L, atom_to_list).
+-define(I, integer_to_list).
+-define(F, io_lib:format).
+
+%% ===========================================================================
+%% parse/2
+%% ===========================================================================
+
+-spec parse(File, Opts)
+   -> {ok, orddict:orddict()}
+    | {error, term()}
+ when File :: {path, string()}
+            | iolist()
+            | binary(),
+      Opts :: list().
+
+parse(File, Opts) ->
+    putr(verbose, lists:member(verbose, Opts)),
+    try
+        {ok, do_parse(File, Opts)}
+    catch
+        {Reason, ?MODULE, _Line} ->
+            {error, Reason}
+    after
+        eraser(verbose)
+    end.
+
+%% ===========================================================================
+%% format_error/1
+%% ===========================================================================
+
+format_error({read, Reason}) ->
+    file:format_error(Reason);
+format_error({scan, Reason}) ->
+    diameter_dict_scanner:format_error(Reason);
+format_error({parse, {Line, _Mod, Reason}}) ->
+    lists:flatten(["Line ", ?I(Line), ", ", Reason]);
+
+format_error(T) ->
+    {Fmt, As} = fmt(T),
+    lists:flatten(io_lib:format(Fmt, As)).
+
+fmt({avp_code_already_defined = E, [Code, false, Name, Line, L]}) ->
+    {fmt(E), [Code, "", Name, Line, L]};
+fmt({avp_code_already_defined = E, [Code, Vid, Name, Line, L]}) ->
+    {fmt(E), [Code, ?F("/~p", [Vid]), Name, Line, L]};
+
+fmt({uint32_out_of_range = E, [id | T]}) ->
+    {fmt(E), ["@id", "application identifier" | T]};
+fmt({uint32_out_of_range = E, [K | T]})
+  when K == vendor;
+       K == avp_vendor_id ->
+    {fmt(E), [?F("@~p", [K]), "vendor id" | T]};
+fmt({uint32_out_of_range = E, [K, Name | T]})
+  when K == enum;
+       K == define ->
+    {fmt(E), [?F("@~p ~s", [K, Name]), "value" | T]};
+fmt({uint32_out_of_range = E, [avp_types, Name | T]}) ->
+    {fmt(E), ["AVP " ++ Name, "AVP code" | T]};
+fmt({uint32_out_of_range = E, [grouped, Name | T]}) ->
+    {fmt(E), ["Grouped AVP " ++ Name | T]};
+fmt({uint32_out_of_range = E, [messages, Name | T]}) ->
+    {fmt(E), ["Message " ++ Name, "command code" | T]};
+
+fmt({Reason, As}) ->
+    {fmt(Reason), As};
+
+fmt(avp_code_already_defined) ->
+    "AVP ~p~s (~s) at line ~p already defined at line ~p";
+
+fmt(uint32_out_of_range) ->
+    "~s specifies ~s ~p at line ~p that is out of range for a value of "
+    "Diameter type Unsigned32";
+
+fmt(imported_avp_already_defined) ->
+    "AVP ~s imported by @inherits ~p at line ~p defined at line ~p";
+fmt(duplicate_import) ->
+    "AVP ~s is imported by more than one @inherits, both at line ~p "
+    "and at line ~p";
+
+fmt(duplicate_section) ->
+    "Section @~s at line ~p already declared at line ~p";
+
+fmt(already_declared) ->
+    "Section @~p ~s at line ~p already declared at line ~p";
+
+fmt(inherited_avp_already_defined) ->
+    "AVP ~s inherited at line ~p defined in @avp_types at line ~p";
+fmt(avp_already_defined) ->
+    "AVP ~s at line ~p already in @~p at line ~p";
+fmt(key_already_defined) ->
+    "Value for ~s:~s in @~p at line ~p already provided at line ~p";
+
+fmt(messages_without_id) ->
+    "@messages at line ~p but @id not declared";
+
+fmt(avp_name_already_defined) ->
+    "AVP ~s at line ~p already defined at line ~p";
+fmt(avp_has_unknown_type) ->
+    "AVP ~s at line ~p defined with unknown type ~s";
+fmt(avp_has_invalid_flag) ->
+    "AVP ~s at line ~p specifies invalid flag ~c";
+fmt(avp_has_duplicate_flag) ->
+    "AVP ~s at line ~p specifies duplicate flag ~c";
+fmt(avp_has_vendor_id) ->
+    "AVP ~s at line ~p does not specify V flag "
+    "but is assigned vendor id ~p at line ~p";
+fmt(avp_has_no_vendor) ->
+    "AVP ~s at line ~p specifies V flag "
+    "but neither @vendor_avp_id nor @vendor supplies a value";
+
+fmt(group_already_defined) ->
+    "Group ~s at line ~p already defined at line ~p";
+fmt(grouped_avp_code_mismatch) ->
+    "AVP ~s at line ~p has with code ~p "
+    "but @avp_types specifies ~p at line ~p";
+fmt(grouped_avp_has_wrong_type) ->
+    "Grouped AVP ~s at line ~p defined with type ~s at line ~p";
+fmt(grouped_avp_not_defined) ->
+    "Grouped AVP ~s on line ~p not defined in @avp_types";
+fmt(grouped_vendor_id_without_flag) ->
+    "Grouped AVP ~s at line ~p has vendor id "
+    "but definition at line ~p does not specify V flag";
+fmt(grouped_vendor_id_mismatch) ->
+    "Grouped AVP ~s at line ~p has vendor id ~p "
+    "but ~p specified at line ~p";
+
+fmt(message_name_already_defined) ->
+    "Message ~s at line ~p already defined at line ~p";
+fmt(message_code_already_defined) ->
+    "~s message with code ~p at line ~p already defined at line ~p";
+fmt(message_has_duplicate_flag) ->
+    "Message ~s has duplicate flag ~s at line ~p";
+fmt(message_application_id_mismatch) ->
+    "Message ~s has application id ~p at line ~p "
+    "but @id specifies ~p at line ~p";
+
+fmt(invalid_avp_order) ->
+    "AVP reference ~c~s~c at line ~p breaks fixed/required/optional order";
+fmt(required_avp_has_zero_max_arity) ->
+    "Required AVP has maximum arity 0 at line ~p";
+fmt(required_avp_has_zero_min_arity) ->
+    "Required AVP has minimum arity 0 at line ~p";
+fmt(optional_avp_has_nonzero_min_arity) ->
+    "Optional AVP has non-zero minimum arity at line ~p";
+fmt(qualifier_has_min_greater_than_max) ->
+    "Qualifier ~p*~p at line ~p has Min > Max";
+fmt(avp_already_referenced) ->
+    "AVP ~s at line ~p already referenced at line ~p";
+
+fmt(message_missing) ->
+    "~s message at line ~p but no ~s message is defined";
+
+fmt(requested_avp_not_found) ->
+    "@inherit ~s at line ~p requests AVP ~s at line ~p "
+    "but module does not define that AVP";
+
+fmt(enumerated_avp_has_wrong_local_type) ->
+    "Enumerated AVP ~s in @enum at line ~p defined with type ~s at line ~p";
+fmt(enumerated_avp_has_wrong_inherited_type) ->
+    "Enumerated AVP ~s in @enum at line ~p "
+    "inherited with type ~s from module ~s at line ~p";
+fmt(enumerated_avp_not_defined) ->
+    "Enumerated AVP ~s in @enum at line ~p neither defined nor inherited";
+
+fmt(avp_not_defined) ->
+    "AVP ~s referenced at line ~p neither defined nor inherited";
+
+fmt(recompile) ->
+    "Module ~p appears to have been compiler with an incompatible "
+    "version of the dictionary compiler and must be recompiled";
+fmt(not_loaded) ->
+    "Module ~p is not on the code path or could not be loaded";
+fmt(no_dict) ->
+    "Module ~p does not appear to be a diameter dictionary".
+
+%% ===========================================================================
+%% format/1
+%%
+%% Turn dict/0 output back into a dictionary file (with line ending = $\n).
+
+-spec format(Dict)
+   -> iolist()
+ when Dict :: orddict:orddict().
+
+-define(KEYS, [id, name, prefix, vendor,
+               inherits, codecs, custom_types,
+               avp_types,
+               messages,
+               grouped,
+               enum, define]).
+
+format(Dict) ->
+    Io = orddict:fold(fun io/3, [], Dict),
+    [S || {_,S} <- lists:sort(fun keysort/2, Io)].
+
+keysort({A,_}, {B,_}) ->
+    [HA, HB] = [H || K <- [A,B],
+                     H <- [lists:takewhile(fun(X) -> X /= K end, ?KEYS)]],
+    HA < HB.
+
+%% ===========================================================================
+
+-define(INDENT, "    ").
+-define(SP, " ").
+-define(NL, $\n).
+
+%% io/3
+
+io(K, _, Acc)
+  when K == command_codes;
+       K == import_avps;
+       K == import_groups;
+       K == import_enums ->
+    Acc;
+
+io(Key, Body, Acc) ->
+    [{Key, io(Key, Body)} | Acc].
+
+%% io/2
+
+io(K, Id)
+  when K == id;
+       K == name;
+       K == prefix ->
+    [?NL, section(K), ?SP, tok(Id)];
+
+io(vendor = K, {Id, Name}) ->
+    [?NL, section(K) | [[?SP, tok(X)] || X <- [Id, Name]]];
+
+io(avp_types = K, Body) ->
+    [?NL, ?NL, section(K), ?NL, [body(K,A) || A <- Body]];
+
+io(K, Body)
+  when K == messages;
+       K == grouped ->
+    [?NL, ?NL, section(K), [body(K,A) || A <- Body]];
+
+io(K, Body)
+  when K == avp_vendor_id;
+       K == inherits;
+       K == custom_types;
+       K == codecs;
+       K == enum;
+       K == define ->
+    [[?NL, pairs(K, T)] || T <- Body].
+
+pairs(K, {Id, Avps}) ->
+    [?NL, section(K), ?SP, tok(Id), ?NL, [[?NL, body(K, A)] || A <- Avps]].
+
+body(K, AvpName)
+  when K == avp_vendor_id;
+       K == inherits;
+       K == custom_types;
+       K == codecs ->
+    [?INDENT, word(AvpName)];
+
+body(K, {Name, N})
+  when K == enum;
+       K == define ->
+    [?INDENT, word(Name), ?SP, ?I(N)];
+
+body(avp_types = K, {Name, Code, Type, ""}) ->
+    body(K, {Name, Code, Type, "-"});
+body(avp_types, {Name, Code, Type, Flags}) ->
+    [?NL, ?INDENT, word(Name),
+     [[?SP, ?SP, S] || S <- [?I(Code), Type, Flags]]];
+
+body(messages, {"answer-message", _, _, [], Avps}) ->
+    [?NL, ?NL, ?INDENT,
+     "answer-message ::= < Diameter Header: code, ERR [PXY] >",
+     f_avps(Avps)];
+body(messages, {Name, Code, Flags, ApplId, Avps}) ->
+    [?NL, ?NL, ?INDENT, word(Name), " ::= ", header(Code, Flags, ApplId),
+     f_avps(Avps)];
+
+body(grouped, {Name, Code, Vid, Avps}) ->
+    [?NL, ?NL, ?INDENT, word(Name), " ::= ", avp_header(Code, Vid),
+     f_avps(Avps)].
+
+header(Code, Flags, ApplId) ->
+    ["< Diameter Header: ",
+     ?I(Code),
+     [[", ", ?L(F)] || F <- Flags],
+     [[" ", ?I(N)] || N <- ApplId],
+     " >"].
+
+avp_header(Code, Vid) ->
+    ["< AVP Header: ",
+     ?I(Code),
+     [[" ", ?I(V)] || V <- Vid],
+     " >"].
+
+f_avps(L) ->
+    [[?NL, ?INDENT, ?INDENT, f_avp(A)] || A <- L].
+
+f_avp({Q, A}) ->
+    [D | _] = Avp = f_delim(A),
+    f_avp(f_qual(D, Q), Avp);
+f_avp(A) ->
+    f_avp("", f_delim(A)).
+
+f_delim({{A}}) ->
+    [$<, word(A), $>];
+f_delim({A}) ->
+    [${, word(A), $}];
+f_delim([A]) ->
+    [$[, word(A), $]].
+
+f_avp(Q, [L, Avp, R]) ->
+    Len = length(lists:flatten([Q])),
+    [io_lib:format("~*s", [-1*max(Len+1, 6) , Q]), L, " ", Avp, " ", R].
+
+f_qual(${, '*') ->
+    "1*";  %% Equivalent to "*" but the more common/obvious rendition
+f_qual(_, '*') ->
+    "*";
+f_qual(_, {'*', N}) ->
+    [$*, ?I(N)];
+f_qual(_, {N, '*'}) ->
+    [?I(N), $*];
+f_qual(_, {M,N}) ->
+    [?I(M), $*, ?I(N)].
+
+section(Key) ->
+    ["@", ?L(Key)].
+
+tok(N)
+  when is_integer(N) ->
+    ?I(N);
+tok(N) ->
+    word(N).
+
+word(Str) ->
+    word(diameter_dict_scanner:is_name(Str), Str).
+
+word(true, Str) ->
+    Str;
+word(false, Str) ->
+    [$', Str, $'].
+
+%% ===========================================================================
+
+do_parse(File, Opts) ->
+    Bin  = do([fun read/1, File], read),
+    Toks = do([fun diameter_dict_scanner:scan/1, Bin], scan),
+    Tree = do([fun diameter_dict_parser:parse/1, Toks], parse),
+    make_dict(Tree, Opts).
+
+do([F|A], E) ->
+    case apply(F,A) of
+        {ok, T} ->
+            T;
+        {error, Reason} ->
+            ?RETURN({E, Reason})
+    end.
+
+read({path, Path}) ->
+    file:read_file(Path);
+read(File) ->
+    {ok, iolist_to_binary([File])}.
+
+make_dict(Parse, Opts) ->
+    make_orddict(pass4(pass3(pass2(pass1(reset(make_dict(Parse),
+                                               Opts))),
+                             Opts))).
+
+%% make_orddict/1
+
+make_orddict(Dict) ->
+    dict:fold(fun mo/3,
+              orddict:from_list([{K,[]} || K <- [avp_types,
+                                                 messages,
+                                                 grouped,
+                                                 inherits,
+                                                 custom_types,
+                                                 codecs,
+                                                 avp_vendor_id,
+                                                 enum,
+                                                 define]]),
+              Dict).
+
+mo(K, Sects, Dict)
+  when is_atom(K) ->
+    orddict:store(K, make(K, Sects), Dict);
+
+mo(_, _, Dict) ->
+    Dict.
+
+make(K, [[_Line, {_, _, X}]])
+  when K == id;
+       K == name;
+       K == prefix ->
+    X;
+
+make(vendor, [[_Line, {_, _, Id}, {_, _, Name}]]) ->
+    {Id, Name};
+
+make(K, T)
+  when K == command_codes;
+       K == import_avps;
+       K == import_groups;
+       K == import_enums ->
+    T;
+
+make(K, Sects) ->
+    post(K, foldl(fun([_L|B], A) -> make(K,B,A) end,
+                  [],
+                  Sects)).
+
+post(avp_types, L) ->
+    lists:sort(L);
+
+post(K, L)
+  when K == grouped;
+       K == messages;
+       K == enum;
+       K == define ->
+    lists:reverse(L);
+
+post(_, L) ->
+    L.
+
+make(K, [{_,_,Name} | Body], Acc)
+  when K == enum;
+       K == define;
+       K == avp_vendor_id;
+       K == custom_types;
+       K == inherits;
+       K == codecs ->
+    [{Name, mk(K, Body)} | Acc];
+
+make(K, Body, Acc) ->
+    foldl(fun(T,A) -> [mk(K, T) | A] end, Acc, Body).
+
+mk(avp_types, [{_,_,Name}, {_,_,Code}, {_,_,Type}, {_,_,Flags}]) ->
+    {Name, Code, type(Type), Flags};
+
+mk(messages, [{'answer-message' = A, _}, false | Avps]) ->
+    {?L(A), -1, ['ERR', 'PXY'], [], make_body(Avps)};
+
+mk(messages, [{_,_,Name}, [{_,_,Code}, Flags, ApplId] | Avps]) ->
+    {Name,
+     Code,
+     lists:map(fun({F,_}) -> F end, Flags),
+     opt(ApplId),
+     make_body(Avps)};
+
+mk(grouped, [{_,_,Name}, [{_,_,Code}, Vid] | Avps]) ->
+    {Name, Code, opt(Vid), make_body(Avps)};
+
+mk(K, Body)
+  when K == enum;
+       K == define ->
+    lists:map(fun([{_,_,Name}, {_,_,Value}]) -> {Name, Value} end, Body);
+
+mk(K, Avps)
+  when K == avp_vendor_id;
+       K == custom_types;
+       K == inherits;
+       K == codecs ->
+    lists:map(fun({_,_,N}) -> N end, Avps).
+
+opt(false) ->
+    [];
+opt({_,_,X}) ->
+    [X].
+
+make_body(Avps) ->
+    lists:map(fun avp/1, Avps).
+
+avp([false, D, Avp]) ->
+    avp(D, Avp);
+avp([Q, D, Avp]) ->
+    case {qual(D, Q), avp(D, Avp)} of
+        {{0,1}, A} when D == $[ ->
+            A;
+        {{1,1}, A} ->
+            A;
+        T ->
+            T
+    end.
+%% Could just store the qualifier as a pair in all cases but the more
+%% compact form is easier to parse visually so live with a bit of
+%% mapping. Ditto the use of '*'.
+
+avp(D, {'AVP', _}) ->
+    delim(D, "AVP");
+avp(D, {_, _, Name}) ->
+    delim(D, Name).
+
+delim($<, N) ->
+    {{N}};
+delim(${, N) ->
+    {N};
+delim($[, N) ->
+    [N].
+
+%% There's a difference between max = 0 and not specifying an AVP:
+%% reception of an AVP with max = 0 will always be an error, otherwise
+%% it depends on the existence of 'AVP' and the M flag.
+
+qual(${, {{_,L,0}, _}) ->
+    ?RETURN(required_avp_has_zero_min_arity, [L]);
+qual(${, {_, {_,L,0}}) ->
+    ?RETURN(required_avp_has_zero_max_arity, [L]);
+
+qual($[, {{_,L,N}, _})
+  when 0 < N ->
+    ?RETURN(optional_avp_has_nonzero_min_arity, [L]);
+
+qual(_, {{_,L,Min}, {_,_,Max}})
+  when Min > Max ->
+    ?RETURN(qualifier_has_min_greater_than_max, [Min, Max, L]);
+
+qual(_, true) ->
+    '*';
+
+qual(${, {true, {_,_,N}}) ->
+    {1, N};
+qual(_, {true, {_,_,N}}) ->
+    {0, N};
+
+qual(D, {{_,_,N}, true})
+  when D == ${, N == 1;
+       D /= ${, N == 0 ->
+    '*';
+qual(_, {{_,_,N}, true}) ->
+    {N, '*'};
+
+qual(_, {{_,_,Min}, {_,_,Max}}) ->
+    {Min, Max}.
+
+%% Optional reports when running verbosely.
+report(What, [F | A])
+  when is_function(F) ->
+    report(What, apply(F, A));
+report(What, Data) ->
+    report(getr(verbose), What, Data).
+
+report(true, Tag, Data) ->
+    io:format("##~n## ~p ~p~n", [Tag, Data]);
+report(false, _, _) ->
+    ok.
+
+%% ------------------------------------------------------------------------
+%% make_dict/1
+%%
+%% Turn a parsed dictionary into an dict.
+
+make_dict(Parse) ->
+    foldl(fun(T,A) ->
+                  report(section, T),
+                  section(T,A)
+          end,
+          dict:new(),
+          Parse).
+
+section([{T, L} | Rest], Dict)
+  when T == name;
+       T == prefix;
+       T == id;
+       T == vendor ->
+    case find(T, Dict) of
+        [] ->
+            dict:store(T, [[L | Rest]], Dict);
+        [[Line | _]] ->
+            ?RETURN(duplicate_section, [T, L, Line])
+    end;
+
+section([{T, L} | Rest], Dict)
+  when T == avp_types;
+       T == messages;
+       T == grouped;
+       T == inherits;
+       T == custom_types;
+       T == codecs;
+       T == avp_vendor_id;
+       T == enum;
+       T == define ->
+    dict:append(T, [L | Rest], Dict).
+
+%% ===========================================================================
+%% reset/2
+%%
+%% Reset sections from options.
+
+reset(Dict, Opts) ->
+    foldl([fun reset/3, Opts], Dict, [name, prefix, inherits]).
+
+reset(K, Dict, Opts) ->
+    foldl(fun opt/2, Dict, [T || {A,_} = T <- Opts, A == K]).
+
+opt({inherits = Key, "-"}, Dict) ->
+    dict:erase(Key, Dict);
+
+opt({inherits = Key, Mod}, Dict) ->
+    case lists:splitwith(fun(C) -> C /= $/ end, Mod) of
+        {Mod, ""} ->
+            dict:append(Key, [0, {word, 0, Mod}], Dict);
+        {From, [$/|To]} ->
+            dict:store(Key,
+                       [reinherit(From, To, M) || M <- find(Key, Dict)],
+                       Dict)
+    end;
+
+opt({Key, Val}, Dict) ->
+    dict:store(Key, [[0, {word, 0, Val}]], Dict);
+
+opt(_, Dict) ->
+    Dict.
+
+reinherit(From, To, [L, {word, _, From} = T | Avps]) ->
+    [L, setelement(3, T, To) | Avps];
+reinherit(_, _, T) ->
+    T.
+
+%% ===========================================================================
+%% pass1/1
+%%
+%% Explode sections into additional dictionary entries plus semantic
+%% checks.
+
+pass1(Dict) ->
+    true = no_messages_without_id(Dict),
+
+    foldl(fun(K,D) -> foldl([fun p1/3, K], D, find(K,D)) end,
+          Dict,
+          [id,
+           vendor,
+           avp_types,  %% must precede inherits, grouped, enum
+           avp_vendor_id,
+           custom_types,
+           codecs,
+           inherits,
+           grouped,
+           messages,
+           enum,
+           define]).
+
+%% Multiple sections are allowed as long as their bodies don't
+%% overlap. (Except enum/define.)
+
+p1([_Line, N], Dict, id = K) ->
+    true = is_uint32(N, [K]),
+    Dict;
+
+p1([_Line, Id, _Name], Dict, vendor = K) ->
+    true = is_uint32(Id, [K]),
+    Dict;
+
+p1([_Line, X | Body], Dict, K)
+  when K == avp_vendor_id;
+       K == custom_types;
+       K == codecs;
+       K == inherits ->
+    foldl([fun explode/4, X, K], Dict, Body);
+
+p1([_Line, X | Body], Dict, K)
+  when K == define;
+       K == enum ->
+    {_, L, Name} = X,
+    foldl([fun explode2/4, X, K],
+          store_new({K, Name},
+                    [L, Body],
+                    Dict,
+                    [K, Name, L],
+                    already_declared),
+          Body);
+
+p1([_Line | Body], Dict, K)
+  when K == avp_types;
+       K == grouped;
+       K == messages ->
+    foldl([fun explode/3, K], Dict, Body).
+
+no_messages_without_id(Dict) ->
+    case find(messages, Dict) of
+        [] ->
+            true;
+        [[Line | _] | _] ->
+            [] /= find(id, Dict) orelse ?RETURN(messages_without_id, [Line])
+    end.
+
+%% Note that the AVP's in avp_vendor_id, custom_types, codecs and
+%% enum can all be inherited, as can the AVP content of messages and
+%% grouped AVP's. Check that the referenced AVP's exist after
+%% importing definitions.
+
+%% explode/4
+%%
+%% {avp_vendor_id, AvpName}                 -> [Lineno, Id::integer()]
+%% {custom_types|codecs|inherits,  AvpName} -> [Lineno, Mod::string()]
+
+explode({_, Line, AvpName}, Dict, {_, _, X} = T, K) ->
+    true = K /= avp_vendor_id orelse is_uint32(T, [K]),
+    true = K /= inherits orelse avp_not_local(AvpName, Line, Dict),
+
+    store_new({key(K), AvpName},
+              [Line, X],
+              Dict,
+              [AvpName, Line, K],
+              avp_already_defined).
+
+%% explode2/4
+
+%% {define, {Name, Key}} -> [Lineno, Value::integer(), enum|define]
+
+explode2([{_, Line, Key}, {_, _, Value} = T], Dict, {_, _, Name}, K) ->
+    true = is_uint32(T, [K, Name]),
+
+    store_new({key(K), {Name, Key}},
+              [Line, Value, K],
+              Dict,
+              [Name, Key, K, Line],
+              key_already_defined).
+
+%% key/1
+%%
+%% Conflate keys that are equivalent as far as uniqueness of
+%% definition goes.
+
+key(K)
+  when K == enum;
+       K == define ->
+    define;
+key(K)
+  when K == custom_types;
+       K == codecs ->
+    custom;
+key(K) ->
+    K.
+
+%% explode/3
+
+%% {avp_types, AvpName}       -> [Line | Toks]
+%% {avp_types, {Code, IsReq}} -> [Line, AvpName]
+%%
+%% where AvpName = string()
+%%       Code    = integer()
+%%       IsReq   = boolean()
+
+explode([{_, Line, Name} | Toks], Dict0, avp_types = K) ->
+    %% Each AVP can be defined only once.
+    Dict = store_new({K, Name},
+                     [Line | Toks],
+                     Dict0,
+                     [Name, Line],
+                     avp_name_already_defined),
+
+    [{number, _, _Code} = C, {word, _, Type}, {word, _, _Flags}] = Toks,
+
+    true = avp_type_known(Type, Name, Line),
+    true = is_uint32(C, [K, Name]),
+
+    Dict;
+
+%% {grouped, Name}            -> [Line, HeaderTok | AvpToks]
+%% {grouped, {Name, AvpName}} -> [Line, Qual, Delim]
+%%
+%% where Name  = string()
+%%       AvpName = string()
+%%       Qual  = {Q, Q} | boolean()
+%%       Q     = true | NumberTok
+%%       Delim = $< | ${ | $[
+
+explode([{_, Line, Name}, Header | Avps], Dict0, grouped = K) ->
+    Dict = store_new({K, Name},
+                     [Line, Header | Avps],
+                     Dict0,
+                     [Name, Line],
+                     group_already_defined),
+
+    [{_,_, Code} = C, Vid] = Header,
+    {DefLine, {_, _, Flags}} = grouped_flags(Name, Code, Dict0, Line),
+    V = lists:member($V, Flags),
+
+    true = is_uint32(C, [K, Name, "AVP code"]),
+    true = is_uint32(Vid, [K, Name, "vendor id"]),
+    false = vendor_id_mismatch(Vid, V, Name, Dict0, Line, DefLine),
+
+    explode_avps(Avps, Dict, K, Name);
+
+%% {messages, Name}            -> [Line, HeaderTok | AvpToks]
+%% {messages, {Code, IsReq}}   -> [Line, NameTok]
+%% {messages, Code}            -> [[Line, NameTok, IsReq]]
+%% {messages, {Name, Flag}}    -> [Line]
+%% {messages, {Name, AvpName}} -> [Line, Qual, Delim]
+%%
+%% where Name  = string()
+%%       Code  = integer()
+%%       IsReq = boolean()
+%%       Flag  = 'REQ' | 'PXY'
+%%       AvpName = string()
+%%       Qual  = true | {Q,Q}
+%%       Q     = true | NumberTok
+%%       Delim = $< | ${ | ${
+
+explode([{'answer-message' = A, Line}, false = H | Avps],
+        Dict0,
+        messages = K) ->
+    Name = ?L(A),
+    Dict1 = store_new({K, Name},
+                      [Line, H, Avps],
+                      Dict0,
+                      [Name, Line],
+                      message_name_already_defined),
+
+    explode_avps(Avps, Dict1, K, Name);
+
+explode([{_, Line, MsgName} = M, Header | Avps],
+        Dict0,
+        messages = K) ->
+    %% There can be at most one message with a given name.
+    Dict1 = store_new({K, MsgName},
+                      [Line, Header | Avps],
+                      Dict0,
+                      [MsgName, Line],
+                      message_name_already_defined),
+
+    [{_, _, Code} = C, Bits, ApplId] = Header,
+
+    %% Don't check any application id since it's required to be
+    %% the same as @id.
+    true = is_uint32(C, [K, MsgName]),
+
+    %% An application id specified as part of the message definition
+    %% has to agree with @id. The former is parsed just because RFC
+    %% 3588 specifies it.
+    false = application_id_mismatch(ApplId, Dict1, MsgName),
+
+    IsReq = lists:keymember('REQ', 1, Bits),
+
+    %% For each command code, there can be at most one request and
+    %% one answer.
+    Dict2 = store_new({K, {Code, IsReq}},
+                      [Line, M],
+                      Dict1,
+                      [choose(IsReq, "Request", "Answer"), Code, Line],
+                      message_code_already_defined),
+
+    %% For each message, each flag can occur at most once.
+    Dict3 = foldl(fun({F,L},D) ->
+                          store_new({K, {MsgName, F}},
+                                    [L],
+                                    D,
+                                    [MsgName, ?L(F)],
+                                    message_has_duplicate_flag)
+                  end,
+                  Dict2,
+                  Bits),
+
+    dict:append({K, Code},
+                [Line, M, IsReq],
+                explode_avps(Avps, Dict3, K, MsgName)).
+
+%% explode_avps/4
+%%
+%% Ensure required AVP order and sane qualifiers. Can't check for AVP
+%% names until after they've been imported.
+%%
+%% RFC 3588 allows a trailing fixed while 3588bis doesn't. Parse the
+%% former.
+
+explode_avps(Avps, Dict, Key, Name) ->
+    xa("<{[<", Avps, Dict, Key, Name).
+
+xa(_, [], Dict, _, _) ->
+    Dict;
+
+xa(Ds, [[Qual, D, {'AVP', Line}] | Avps], Dict, Key, Name) ->
+    xa(Ds, [[Qual, D, {word, Line, "AVP"}] | Avps], Dict, Key, Name);
+
+xa([], [[_Qual, D, {_, Line, Name}] | _], _, _, _) ->
+    ?RETURN(invalid_avp_order, [D, Name, close(D), Line]);
+
+xa([D|_] = Ds, [[Qual, D, {_, Line, AvpName}] | Avps], Dict, Key, Name) ->
+    xa(Ds,
+       Avps,
+       store_new({Key, {Name, AvpName}},
+                 [Line, Qual, D],
+                 Dict,
+                 [Name, Line],
+                 avp_already_referenced),
+       Key,
+       Name);
+
+xa([_|Ds], Avps, Dict, Key, Name) ->
+    xa(Ds, Avps, Dict, Key, Name).
+
+close($<) -> $>;
+close(${) -> $};
+close($[) -> $].
+
+%% is_uint32/2
+
+is_uint32(false, _) ->
+    true;
+is_uint32({Line, _, N}, Args) ->
+    N < 1 bsl 32 orelse ?RETURN(uint32_out_of_range, Args ++ [N, Line]).
+%% Can't call diameter_types here since it may not exist yet.
+
+%% application_id_mismatch/3
+
+application_id_mismatch({number, Line, Id}, Dict, MsgName) ->
+    [[_, {_, L, I}]] = dict:fetch(id, Dict),
+
+    I /= Id andalso ?RETURN(message_application_id_mismatch,
+                            [MsgName, Id, Line, I, L]);
+
+application_id_mismatch(false = No, _, _) ->
+    No.
+
+%% avp_not_local/3
+
+avp_not_local(Name, Line, Dict) ->
+    A = find({avp_types, Name}, Dict),
+
+    [] == A orelse ?RETURN(inherited_avp_already_defined,
+                           [Name, Line, hd(A)]).
+
+%% avp_type_known/3
+
+avp_type_known(Type, Name, Line) ->
+    false /= type(Type)
+        orelse ?RETURN(avp_has_unknown_type, [Name, Line, Type]).
+
+%% vendor_id_mismatch/6
+%%
+%% Require a vendor id specified on a group to match any specified
+%% in @avp_vendor_id. Note that both locations for the value are
+%% equivalent, both in the value being attributed to a locally
+%% defined AVP and ignored when imported from another dictionary.
+
+vendor_id_mismatch({_,_,_}, false, Name, _, Line, DefLine) ->
+    ?RETURN(grouped_vendor_id_without_flag, [Name, Line, DefLine]);
+
+vendor_id_mismatch({_, _, I}, true, Name, Dict, Line, _) ->
+    case vendor_id(Name, Dict) of
+        {avp_vendor_id, L, N} ->
+            I /= N andalso
+                ?RETURN(grouped_vendor_id_mismatch, [Name, Line, I, N, L]);
+        _ ->
+            false
+    end;
+
+vendor_id_mismatch(_, _, _, _, _, _) ->
+    false.
+
+%% grouped_flags/4
+
+grouped_flags(Name, Code, Dict, Line) ->
+    case find({avp_types, Name}, Dict) of
+        [L, {_, _, Code}, {_, _, "Grouped"}, Flags] ->
+            {L, Flags};
+        [_, {_, L, C}, {_, _, "Grouped"}, _Flags] ->
+            ?RETURN(grouped_avp_code_mismatch, [Name, Line, Code, C, L]);
+        [_, _Code, {_, L, T}, _] ->
+            ?RETURN(grouped_avp_has_wrong_type, [Name, Line, T, L]);
+        [] ->
+            ?RETURN(grouped_avp_not_defined, [Name, Line])
+    end.
+
+%% vendor_id/2
+
+%% Look for a vendor id in @avp_vendor_id, then @vendor.
+vendor_id(Name, Dict) ->
+    case find({avp_vendor_id, Name}, Dict) of
+        [Line, Id] when is_integer(Id) ->
+            {avp_vendor_id, Line, Id};
+        [] ->
+            vendor(Dict)
+    end.
+
+vendor(Dict) ->
+    case find(vendor, Dict) of
+        [[_Line, {_, _, Id}, {_, _, _}]] ->
+            {vendor, Id};
+        [] ->
+            false
+    end.
+
+%% find/2
+
+find(Key, Dict) ->
+    case dict:find(Key, Dict) of
+        {ok, L} when is_list(L) ->
+            L;
+        error ->
+            []
+    end.
+
+%% store_new/5
+
+store_new(Key, Value, Dict, Args, Err) ->
+    case dict:find(Key, Dict) of
+        {ok, [L | _]} ->
+            ?RETURN(Err, Args ++ [L]);
+        error ->
+            dict:store(Key, Value, Dict)
+    end.
+
+%% type/1
+
+type("DiamIdent") ->
+    "DiameterIdentity";
+type("DiamURI") ->
+    "DiameterURI";
+type(T)
+  when T == "OctetString";
+       T == "Integer32";
+       T == "Integer64";
+       T == "Unsigned32";
+       T == "Unsigned64";
+       T == "Float32";
+       T == "Float64";
+       T == "Grouped";
+       T == "Enumerated";
+       T == "Address";
+       T == "Time";
+       T == "UTF8String";
+       T == "DiameterIdentity";
+       T == "DiameterURI";
+       T == "IPFilterRule";
+       T == "QoSFilterRule" ->
+    T;
+type(_) ->
+    false.
+
+%% ===========================================================================
+%% pass2/1
+%%
+%% More explosion, but that requires the previous pass to write its
+%% entries.
+
+pass2(Dict) ->
+    foldl(fun(K,D) -> foldl([fun p2/3, K], D, find(K,D)) end,
+          Dict,
+          [avp_types]).
+
+p2([_Line | Body], Dict, avp_types) ->
+    foldl(fun explode_avps/2, Dict, Body);
+
+p2([], Dict, _) ->
+    Dict.
+
+explode_avps([{_, Line, Name} | Toks], Dict) ->
+    [{number, _, Code}, {word, _, _Type}, {word, _, Flags}] = Toks,
+
+    true = avp_flags_valid(Flags, Name, Line),
+
+    Vid = avp_vendor_id(Flags, Name, Line, Dict),
+
+    %% An AVP is uniquely defined by its AVP code and vendor id (if any).
+    %% Ensure there are no duplicate.
+    store_new({avp_types, {Code, Vid}},
+              [Line, Name],
+              Dict,
+              [Code, Vid, Name, Line],
+              avp_code_already_defined).
+
+%% avp_flags_valid/3
+
+avp_flags_valid(Flags, Name, Line) ->
+    Bad = lists:filter(fun(C) -> not lists:member(C, "MVP") end, Flags),
+    [] == Bad
+        orelse ?RETURN(avp_has_invalid_flag, [Name, Line, hd(Bad)]),
+
+    Dup = Flags -- "MVP",
+    [] == Dup
+        orelse ?RETURN(avp_has_duplicate_flag, [Name, Line, hd(Dup)]).
+
+%% avp_vendor_id/4
+
+avp_vendor_id(Flags, Name, Line, Dict) ->
+    V = lists:member($V, Flags),
+
+    case vendor_id(Name, Dict) of
+        {avp_vendor_id, _, I} when V ->
+            I;
+        {avp_vendor_id, L, I} ->
+            ?RETURN(avp_has_vendor_id, [Name, Line, I, L]);
+        {vendor, I} when V ->
+            I;
+        false when V ->
+            ?RETURN(avp_has_no_vendor, [Name, Line]);
+        _ ->
+            false
+    end.
+
+%% ===========================================================================
+%% pass3/2
+%%
+%% Import AVPs.
+
+pass3(Dict, Opts) ->
+    import_enums(import_groups(import_avps(insert_codes(Dict), Opts))).
+
+%% insert_codes/1
+%%
+%% command_codes -> [{Code, ReqNameTok, AnsNameTok}]
+
+insert_codes(Dict) ->
+    dict:store(command_codes,
+               dict:fold(fun make_code/3, [], Dict),
+               Dict).
+
+make_code({messages, Code}, Names, Acc)
+  when is_integer(Code) ->
+    [mk_code(Code, Names) | Acc];
+make_code(_, _, Acc) ->
+    Acc.
+
+mk_code(Code, [[_, _, false] = Ans, [_, _, true] = Req]) ->
+    mk_code(Code, [Req, Ans]);
+
+mk_code(Code, [[_, {_,_,Req}, true], [_, {_,_,Ans}, false]]) ->
+    {Code, Req, Ans};
+
+mk_code(_Code, [[Line, _Name, IsReq]]) ->
+    ?RETURN(message_missing, [choose(IsReq, "Request", "Answer"),
+                              Line,
+                              choose(IsReq, "answer", "request")]).
+
+%% import_avps/2
+
+import_avps(Dict, Opts) ->
+    Import = inherit(Dict, Opts),
+    report(imported, Import),
+
+    %% pass4/1 tests that all referenced AVP's are either defined
+    %% or imported.
+
+    dict:store(import_avps,
+               lists:map(fun({M, _, As}) -> {M, [A || {_,A} <- As]} end,
+                         lists:reverse(Import)),
+               foldl(fun explode_imports/2, Dict, Import)).
+
+explode_imports({Mod, Line, Avps}, Dict) ->
+    foldl([fun xi/4, Mod, Line], Dict, Avps).
+
+xi({L, {Name, _Code, _Type, _Flags} = A}, Dict, Mod, Line) ->
+    store_new({avp_types, Name},
+              [0, Mod, Line, L, A],
+              store_new({import, Name},
+                        [Line],
+                        Dict,
+                        [Name, Line],
+                        duplicate_import),
+              [Name, Mod, Line],
+              imported_avp_already_defined).
+
+%% import_groups/1
+%% import_enums/1
+%%
+%% For each inherited module, store the content of imported AVP's of
+%% type grouped/enumerated in a new key.
+
+import_groups(Dict) ->
+    dict:store(import_groups, import(grouped, Dict), Dict).
+
+import_enums(Dict) ->
+    dict:store(import_enums, import(enum, Dict), Dict).
+
+import(Key, Dict) ->
+    flatmap([fun import_key/2, Key], dict:fetch(import_avps, Dict)).
+
+import_key({Mod, Avps}, Key) ->
+    As = lists:flatmap(fun(T) ->
+                               N = element(1,T),
+                               choose(lists:keymember(N, 1, Avps), [T], [])
+                       end,
+                       orddict:fetch(Key, dict(Mod))),
+    if As == [] ->
+            [];
+       true ->
+            [{Mod, As}]
+    end.
+
+%% ------------------------------------------------------------------------
+%% inherit/2
+%%
+%% Return a {Mod, Line, [{Lineno, Avp}]} list, where Mod is a module
+%% name, Line points to the corresponding @inherit and each Avp is
+%% from Mod:dict(). Lineno is 0 if the import is implicit.
+
+inherit(Dict, Opts) ->
+    code:add_pathsa([D || {include, D} <- Opts]),
+    foldl(fun inherit_avps/2, [], find(inherits, Dict)).
+%% Note that the module order of the returned lists is reversed
+%% relative to @inherits.
+
+inherit_avps([Line, {_,_,M} | Names], Acc) ->
+    Mod = ?A(M),
+    report(inherit_from, Mod),
+    case find_avps(Names, avps_from_module(Mod)) of
+        {_, [{_, L, N} | _]} ->
+            ?RETURN(requested_avp_not_found, [Mod, Line, N, L]);
+        {Found, []} ->
+            [{Mod, Line, lists:sort(Found)} | Acc]
+    end.
+
+%% Import everything not defined locally ...
+find_avps([], Avps) ->
+    {[{0, A} || A <- Avps], []};
+
+%% ... or specified AVPs.
+find_avps(Names, Avps) ->
+    foldl(fun acc_avp/2, {[], Names}, Avps).
+
+acc_avp({Name, _Code, _Type, _Flags} = A, {Found, Not} = Acc) ->
+    case lists:keyfind(Name, 3, Not) of
+        {_, Line, Name} ->
+            {[{Line, A} | Found], lists:keydelete(Name, 3, Not)};
+        false ->
+            Acc
+    end.
+
+%% avps_from_module/2
+
+avps_from_module(Mod) ->
+    orddict:fetch(avp_types, dict(Mod)).
+
+dict(Mod) ->
+    try Mod:dict() of
+        [?VERSION | Dict] ->
+            Dict;
+        _ ->
+            ?RETURN(recompile, [Mod])
+    catch
+        error: _ ->
+            ?RETURN(choose(false == code:is_loaded(Mod),
+                           not_loaded,
+                           no_dict),
+                    [Mod])
+    end.
+
+%% ===========================================================================
+%% pass4/1
+%%
+%% Sanity checks.
+
+pass4(Dict) ->
+    dict:fold(fun(K, V, _) -> p4(K, V, Dict) end, ok, Dict),
+    Dict.
+
+%% Ensure enum AVP's have type Enumerated.
+p4({enum, Name}, [Line | _], Dict)
+  when is_list(Name) ->
+    true = is_enumerated_avp(Name, Dict, Line);
+
+%% Ensure all referenced AVP's are either defined locally or imported.
+p4({K, {Name, AvpName}}, [Line | _], Dict)
+  when (K == grouped orelse K == messages),
+       is_list(Name),
+       is_list(AvpName),
+       AvpName /= "AVP" ->
+    true = avp_is_defined(AvpName, Dict, Line);
+
+%% Ditto.
+p4({K, AvpName}, [Line | _], Dict)
+  when K == avp_vendor_id;
+       K == custom_types;
+       K == codecs ->
+    true = avp_is_defined(AvpName, Dict, Line);
+
+p4(_, _, _) ->
+    ok.
+
+%% has_enumerated_type/3
+
+is_enumerated_avp(Name, Dict, Line) ->
+    case find({avp_types, Name}, Dict) of
+        [_Line, _Code, {_, _, "Enumerated"}, _Flags] ->   %% local
+            true;
+        [_Line, _Code, {_, L, T}, _] ->
+            ?RETURN(enumerated_avp_has_wrong_local_type,
+                    [Name, Line, T, L]);
+        [0, _, _, _, {_Name, _Code, "Enumerated", _Flags}] ->   %% inherited
+            true;
+        [0, Mod, LM, LA, {_Name, _Code, Type, _Flags}] ->
+            ?RETURN(enumerated_avp_has_wrong_inherited_type,
+                    [Name, Line, Type, Mod, choose(0 == LA, LM, LA)]);
+        [] ->
+            ?RETURN(enumerated_avp_not_defined, [Name, Line])
+    end.
+
+avp_is_defined(Name, Dict, Line) ->
+    case find({avp_types, Name}, Dict) of
+        [_Line, _Code, _Type, _Flags] ->   %% local
+            true;
+        [0, _, _, _, {Name, _Code, _Type, _Flags}] ->  %% inherited
+            true;
+        [] ->
+            ?RETURN(avp_not_defined, [Name, Line])
+    end.
+
+%% ===========================================================================
+
+putr(Key, Value) ->
+    put({?MODULE, Key}, Value).
+
+getr(Key) ->
+    get({?MODULE, Key}).
+
+eraser(Key) ->
+    erase({?MODULE, Key}).
+
+choose(true, X, _)  -> X;
+choose(false, _, X) -> X.
+
+foldl(F, Acc, List) ->
+    lists:foldl(fun(T,A) -> eval([F,T,A]) end, Acc, List).
+
+flatmap(F, List) ->
+    lists:flatmap(fun(T) -> eval([F,T]) end, List).
+
+eval([[F|X] | A]) ->
+    eval([F | A ++ X]);
+eval([F|A]) ->
+    apply(F,A).
diff --git a/lib/diameter/src/compiler/diameter_exprecs.erl b/lib/diameter/src/compiler/diameter_exprecs.erl
index 5e120d6f44..191f53f29d 100644
--- a/lib/diameter/src/compiler/diameter_exprecs.erl
+++ b/lib/diameter/src/compiler/diameter_exprecs.erl
@@ -96,41 +96,15 @@
 
 -export([parse_transform/2]).
 
-%% Form tag with line number.
--define(F(T), T, ?LINE).
-%% Yes, that's right. The replacement is to the first unmatched ')'.
-
--define(attribute,    ?F(attribute)).
--define(clause,       ?F(clause)).
--define(function,     ?F(function)).
--define(call,         ?F(call)).
--define('fun',        ?F('fun')).
--define(generate,     ?F(generate)).
--define(lc,           ?F(lc)).
--define(match,        ?F(match)).
--define(remote,       ?F(remote)).
--define(record,       ?F(record)).
--define(record_field, ?F(record_field)).
--define(record_index, ?F(record_index)).
--define(tuple,        ?F(tuple)).
-
--define(ATOM(T),      {atom, ?LINE, T}).
--define(VAR(V),       {var, ?LINE, V}).
-
--define(CALL(F,A),    {?call, ?ATOM(F), A}).
--define(APPLY(M,F,A), {?call, {?remote, ?ATOM(M), ?ATOM(F)}, A}).
+-include("diameter_forms.hrl").
 
 %% parse_transform/2
 
 parse_transform(Forms, _Options) ->
     Rs = [R || {attribute, _, record, R} <- Forms],
-    case lists:append([E || {attribute, _, export_records, E} <- Forms]) of
-        [] ->
-            Forms;
-        Es ->
-            {H,T} = lists:splitwith(fun is_head/1, Forms),
-            H ++ [a_export(Es) | f_accessors(Es, Rs)] ++ T
-    end.
+    Es = lists:append([E || {attribute, _, export_records, E} <- Forms]),
+    {H,T} = lists:splitwith(fun is_head/1, Forms),
+    H ++ [a_export(Es) | f_accessors(Es, Rs)] ++ T.
 
 is_head(T) ->
     not lists:member(element(1,T), [function, eof]).
@@ -200,7 +174,7 @@ fname(Op, Rname) ->
 
 '#info-/2'(Exports) ->
     {?function, fname(info), 2,
-     lists:map(fun 'info-'/1, Exports)}.
+     lists:map(fun 'info-'/1, Exports) ++ [?BADARG(2)]}.
 
 'info-'(R) ->
     {?clause, [?ATOM(R), ?VAR('Info')],
@@ -209,7 +183,7 @@ fname(Op, Rname) ->
 
 '#new-/1'(Exports) ->
     {?function, fname(new), 1,
-     lists:map(fun 'new-'/1, Exports)}.
+     lists:map(fun 'new-'/1, Exports) ++ [?BADARG(1)]}.
 
 'new-'(R) ->
     {?clause, [?ATOM(R)],
@@ -218,7 +192,7 @@ fname(Op, Rname) ->
 
 '#new-/2'(Exports) ->
     {?function, fname(new), 2,
-     lists:map(fun 'new--'/1, Exports)}.
+     lists:map(fun 'new--'/1, Exports) ++ [?BADARG(2)]}.
 
 'new--'(R) ->
     {?clause, [?ATOM(R), ?VAR('Vals')],
@@ -227,7 +201,7 @@ fname(Op, Rname) ->
 
 '#get-/2'(Exports) ->
     {?function, fname(get), 2,
-     lists:map(fun 'get-'/1, Exports)}.
+     lists:map(fun 'get-'/1, Exports) ++ [?BADARG(2)]}.
 
 'get-'(R) ->
     {?clause, [?VAR('Attrs'),
@@ -237,7 +211,7 @@ fname(Op, Rname) ->
 
 '#set-/2'(Exports) ->
     {?function, fname(set), 2,
-     lists:map(fun 'set-'/1, Exports)}.
+     lists:map(fun 'set-'/1, Exports) ++ [?BADARG(2)]}.
 
 'set-'(R) ->
     {?clause, [?VAR('Vals'), {?match, {?record, R, []}, ?VAR('Rec')}],
diff --git a/lib/diameter/src/compiler/diameter_forms.hrl b/lib/diameter/src/compiler/diameter_forms.hrl
index d93131df34..4cd86c32aa 100644
--- a/lib/diameter/src/compiler/diameter_forms.hrl
+++ b/lib/diameter/src/compiler/diameter_forms.hrl
@@ -21,6 +21,13 @@
 %% Macros used when building abstract code.
 %%
 
+%% Generated functions that could have no generated clauses will have
+%% a trailing ?BADARG clause that should never execute as called
+%% by diameter.
+-define(BADARG(N), {?clause, [?VAR('_') || _ <- lists:seq(1,N)],
+                    [],
+                    [?APPLY(erlang, error, [?ATOM(badarg)])]}).
+
 %% Form tag with line number.
 -define(F(T), T, ?LINE).
 %% Yes, that's right. The replacement is to the first unmatched ')'.
diff --git a/lib/diameter/src/compiler/diameter_make.erl b/lib/diameter/src/compiler/diameter_make.erl
index 5380ee56ca..16e30c1ffb 100644
--- a/lib/diameter/src/compiler/diameter_make.erl
+++ b/lib/diameter/src/compiler/diameter_make.erl
@@ -20,59 +20,113 @@
 %%
 %% Module alternative to diameterc for dictionary compilation.
 %%
-%% Eg. 1> diameter_make:dict("mydict.dia").
+%% Eg. 1> diameter_make:codec("mydict.dia").
 %%
-%%     $ erl -noshell \
+%%     $ erl -noinput \
 %%           -boot start_clean \
-%%           -s diameter_make dict mydict.dia \
+%%           -eval 'ok = diameter_make:codec("mydict.dia")' \
 %%           -s init stop
 %%
 
 -module(diameter_make).
 
--export([dict/1,
+-export([codec/1,
+         codec/2,
+         dict/1,
          dict/2,
-         spec/1,
-         spec/2]).
+         format/1,
+         reformat/1]).
 
--type opt() :: {outdir|include|name|prefix|inherits, string()}
+-export_type([opt/0]).
+
+-type opt() :: {include|outdir|name|prefix|inherits, string()}
              | verbose
              | debug.
 
-%% dict/1-2
+%% ===========================================================================
+
+%% codec/1-2
+%%
+%% Parse a dictionary file and generate a codec module.
+
+-spec codec(Path, [opt()])
+   -> ok
+    | {error, Reason}
+ when Path :: string(),
+      Reason :: string().
+
+codec(File, Opts) ->
+    case dict(File, Opts) of
+        {ok, Dict} ->
+            make(File,
+                 Opts,
+                 Dict,
+                 [spec || _ <- [1], lists:member(debug, Opts)] ++ [erl, hrl]);
+        {error, _} = E ->
+            E
+    end.
+
+codec(File) ->
+    codec(File, []).
+
+%% dict/2
+%%
+%% Parse a dictionary file and return the orddict that a codec module
+%% returns from dict/0.
 
 -spec dict(string(), [opt()])
-   -> ok.
+   -> {ok, orddict:orddict()}
+    | {error, string()}.
 
-dict(File, Opts) ->
-    make(File,
-         Opts,
-         spec(File, Opts),
-         [spec || _ <- [1], lists:member(debug, Opts)] ++ [erl, hrl]).
+dict(Path, Opts) ->
+    case diameter_dict_util:parse({path, Path}, Opts) of
+        {ok, _} = Ok ->
+            Ok;
+        {error = E, Reason} ->
+            {E, diameter_dict_util:format_error(Reason)}
+    end.
 
 dict(File) ->
     dict(File, []).
 
-%% spec/2
+%% format/1
+%%
+%% Turn an orddict returned by dict/1-2 back into a dictionary file
+%% in the form of an iolist().
+
+-spec format(orddict:orddict())
+   -> iolist().
+
+format(Dict) ->
+    diameter_dict_util:format(Dict).
 
--spec spec(string(), [opt()])
-   -> orddict:orddict().
+%% reformat/1
+%%
+%% Parse a dictionary file and return its formatted equivalent.
 
-spec(File, Opts) ->
-    diameter_spec_util:parse(File, Opts).
+-spec reformat(File)
+   -> {ok, iolist()}
+    | {error, Reason}
+ when File :: string(),
+      Reason :: string().
 
-spec(File) ->
-    spec(File, []).
+reformat(File) ->
+    case dict(File) of
+        {ok, Dict} ->
+            {ok, format(Dict)};
+        {error, _} = No ->
+            No
+    end.
 
 %% ===========================================================================
 
 make(_, _, _, []) ->
     ok;
-make(File, Opts, Spec, [Mode | Rest]) ->
-    try diameter_codegen:from_spec(File, Spec, Opts, Mode) of
-        ok ->
-            make(File, Opts, Spec, Rest)
+make(File, Opts, Dict, [Mode | Rest]) ->
+    try
+        ok = diameter_codegen:from_dict(File, Dict, Opts, Mode),
+        make(File, Opts, Dict, Rest)
     catch
         error: Reason ->
-            {error, {Reason, Mode, erlang:get_stacktrace()}}
+            erlang:error({Reason, Mode, erlang:get_stacktrace()})
     end.
diff --git a/lib/diameter/src/compiler/diameter_nowarn.erl b/lib/diameter/src/compiler/diameter_nowarn.erl
new file mode 100644
index 0000000000..6c17af6563
--- /dev/null
+++ b/lib/diameter/src/compiler/diameter_nowarn.erl
@@ -0,0 +1,41 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% A parse transform to work around dialyzer currently not
+%% understanding nowarn_unused_function except on individual
+%% functions. The include of diameter_gen.hrl by generated dictionary
+%% modules contains code that may not be called depending on the
+%% dictionary. (The relay dictionary for example.)
+%%
+%% Even called functions may contain cases that aren't used for a
+%% particular dictionary. This also causes dialyzer to complain but
+%% there's no way to silence it in this case.
+%%
+
+-module(diameter_nowarn).
+
+-export([parse_transform/2]).
+
+parse_transform(Forms, _Options) ->
+    [{attribute, ?LINE, compile, {nowarn_unused_function, {F,A}}}
+     || {function, _, F, A, _} <- Forms]
+    ++ Forms.
+%% Note that dialyzer also doesn't understand {nowarn_unused_function, FAs}
+%% with FAs a list of tuples.
diff --git a/lib/diameter/src/compiler/diameter_spec_scan.erl b/lib/diameter/src/compiler/diameter_spec_scan.erl
deleted file mode 100644
index bc0448882a..0000000000
--- a/lib/diameter/src/compiler/diameter_spec_scan.erl
+++ /dev/null
@@ -1,157 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
--module(diameter_spec_scan).
-
-%%
-%% Functions used by the spec file parser in diameter_spec_util.
-%%
-
--export([split/1,
-         split/2,
-         parse/1]).
-
-%%% -----------------------------------------------------------
-%%% # parse/1
-%%%
-%%% Output: list of Token
-%%%
-%%%         Token = '{' | '}' | '<' | '>' | '[' | ']'
-%%%               | '*' | '::=' | ':' | ',' | '-'
-%%%               | {name, string()}
-%%%               | {tag, atom()}
-%%%               | {number, integer() >= 0}
-%%%
-%%% Tokenize a string. Fails if the string does not parse.
-%%% -----------------------------------------------------------
-
-parse(S) ->
-    parse(S, []).
-
-%% parse/2
-
-parse(S, Acc) ->
-    acc(split(S), Acc).
-
-acc({T, Rest}, Acc) ->
-    parse(Rest, [T | Acc]);
-acc("", Acc) ->
-    lists:reverse(Acc).
-
-%%% -----------------------------------------------------------
-%%% # split/2
-%%%
-%%% Output: {list() of Token, Rest}
-%%%
-%%% Extract a specified number of tokens from a string. Returns a list
-%%% of length less than the specified number if there are less than
-%%% this number of tokens to be parsed.
-%%% -----------------------------------------------------------
-
-split(Str, N)
-  when N >= 0 ->
-    split(N, Str, []).
-
-split(0, Str, Acc) ->
-    {lists:reverse(Acc), Str};
-
-split(N, Str, Acc) ->
-    case split(Str) of
-        {T, Rest} ->
-            split(N-1, Rest, [T|Acc]);
-        "" = Rest ->
-            {lists:reverse(Acc), Rest}
-    end.
-
-%%% -----------------------------------------------------------
-%%% # split/1
-%%%
-%%% Output: {Token, Rest} | ""
-%%%
-%%% Extract the next token from a string.
-%%% -----------------------------------------------------------
-
-split("" = Rest) ->
-    Rest;
-
-split("::=" ++ T) ->
-    {'::=', T};
-
-split([H|T])
-  when H == ${; H == $};
-       H == $<; H == $>;
-       H == $[; H == $];
-       H == $*; H == $:; H == $,; H == $- ->
-    {list_to_atom([H]), T};
-
-split([H|T]) when $A =< H, H =< $Z;
-                  $0 =< H, H =< $9 ->
-    {P, Rest} = splitwith(fun is_name_ch/1, [H], T),
-    Tok = try
-              {number, read_int(P)}
-          catch
-              error:_ ->
-                  {name, P}
-          end,
-    {Tok, Rest};
-
-split([H|T]) when $a =< H, H =< $z ->
-    {P, Rest} = splitwith(fun is_name_ch/1, [H], T),
-    {{tag, list_to_atom(P)}, Rest};
-
-split([H|T]) when H == $\t;
-                  H == $\s;
-                  H == $\n ->
-    split(T).
-
-%% read_int/1
-
-read_int([$0,X|S])
-  when X == $X;
-       X == $x ->
-    {ok, [N], []} = io_lib:fread("~16u", S),
-    N;
-
-read_int(S) ->
-    list_to_integer(S).
-
-%% splitwith/3
-
-splitwith(Fun, Acc, S) ->
-    split([] /= S andalso Fun(hd(S)), Fun, Acc, S).
-
-split(true, Fun, Acc, [H|T]) ->
-    splitwith(Fun, [H|Acc], T);
-split(false, _, Acc, S) ->
-    {lists:reverse(Acc), S}.
-
-is_name_ch(C) ->
-    is_alphanum(C) orelse C == $- orelse C == $_.
-
-is_alphanum(C) ->
-    is_lower(C) orelse is_upper(C) orelse is_digit(C).
-
-is_lower(C) ->
-    $a =< C andalso C =< $z.
-
-is_upper(C) ->
-    $A =< C andalso C =< $Z.
-
-is_digit(C) ->
-    $0 =< C andalso C =< $9.
diff --git a/lib/diameter/src/compiler/diameter_spec_util.erl b/lib/diameter/src/compiler/diameter_spec_util.erl
deleted file mode 100644
index 62536bf06d..0000000000
--- a/lib/diameter/src/compiler/diameter_spec_util.erl
+++ /dev/null
@@ -1,1089 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-%% This module turns a .dia (aka spec) file into the orddict that
-%% diameter_codegen.erl in turn morphs into .erl and .hrl files for
-%% encode and decode of Diameter messages and AVPs.
-%%
-
--module(diameter_spec_util).
-
--export([parse/2]).
-
--define(ERROR(T), erlang:error({T, ?MODULE, ?LINE})).
--define(ATOM, list_to_atom).
-
-%% parse/1
-%%
-%% Output: orddict()
-
-parse(Path, Opts) ->
-    put({?MODULE, verbose}, lists:member(verbose, Opts)),
-    {ok, B} = file:read_file(Path),
-    Chunks = chunk(B),
-    Spec = reset(make_spec(Chunks), Opts, [name, prefix, inherits]),
-    true = groups_defined(Spec),  %% sanity checks
-    true = customs_defined(Spec), %%
-    Full = import_enums(import_groups(import_avps(insert_codes(Spec), Opts))),
-    true = enums_defined(Full),   %% sanity checks
-    true = v_flags_set(Spec),
-    Full.
-
-reset(Spec, Opts, Keys) ->
-    lists:foldl(fun(K,S) ->
-                        reset([{A,?ATOM(V)} || {A,V} <- Opts, A == K], S)
-                end,
-                Spec,
-                Keys).
-
-reset(L, Spec)
-  when is_list(L) ->
-    lists:foldl(fun reset/2, Spec, L);
-
-reset({inherits = Key, '-'}, Spec) ->
-    orddict:erase(Key, Spec);
-reset({inherits = Key, Dict}, Spec) ->
-    orddict:append(Key, Dict, Spec);
-reset({Key, Atom}, Spec) ->
-    orddict:store(Key, Atom, Spec);
-reset(_, Spec) ->
-    Spec.
-    
-%% Optional reports when running verbosely.
-report(What, Data) ->
-    report(get({?MODULE, verbose}), What, Data).
-
-report(true, Tag, Data) ->
-    io:format("##~n## ~p ~p~n", [Tag, Data]);
-report(false, _, _) ->
-    ok.
-
-%% chunk/1
-
-chunk(B) ->
-    chunkify(normalize(binary_to_list(B))).
-
-%% normalize/1
-%%
-%% Replace CR NL by NL, multiple NL by one, tab by space, and strip
-%% comments and leading/trailing space from each line. Precludes
-%% semicolons being used for any other purpose than comments.
-
-normalize(Str) ->
-    nh(Str, []).
-
-nh([], Acc) ->
-    lists:reverse(Acc);
-
-%% Trim leading whitespace.
-nh(Str, Acc) ->
-    nb(trim(Str), Acc).
-
-%% tab -> space
-nb([$\t|Rest], Acc) ->
-    nb(Rest, [$\s|Acc]);
-
-%% CR NL -> NL
-nb([$\r,$\n|Rest], Acc) ->
-    nt(Rest, Acc);
-
-%% Gobble multiple newlines before starting over again.
-nb([$\n|Rest], Acc) ->
-    nt(Rest, Acc);
-
-%% Comment.
-nb([$;|Rest], Acc) ->
-    nb(lists:dropwhile(fun(C) -> C /= $\n end, Rest), Acc);
-
-%% Just an ordinary character. Boring ...
-nb([C|Rest], Acc) ->
-    nb(Rest, [C|Acc]);
-
-nb([] = Str, Acc) ->
-    nt(Str, Acc).
-
-%% Discard a subsequent newline.
-nt(T, [$\n|_] = Acc) ->
-    nh(T, trim(Acc));
-
-%% Trim whitespace from the end of the line before continuing.
-nt(T, Acc) ->
-    nh(T, [$\n|trim(Acc)]).
-
-trim(S) ->
-    lists:dropwhile(fun(C) -> lists:member(C, "\s\t") end, S).
-
-%% chunkify/1
-%%
-%% Split the spec file into pieces delimited by lines starting with
-%% @Tag. Returns a list of {Tag, Args, Chunk} where Chunk is the
-%% string extending to the next delimiter. Note that leading
-%% whitespace has already been stripped.
-
-chunkify(Str) ->
-    %% Drop characters to the start of the first chunk.
-    {_, Rest} = split_chunk([$\n|Str]),
-    chunkify(Rest, []).
-
-chunkify([], Acc) ->
-    lists:reverse(Acc);
-
-chunkify(Rest, Acc) ->
-    {H,T} = split_chunk(Rest),
-    chunkify(T, [split_tag(H) | Acc]).
-
-split_chunk(Str) ->
-    split_chunk(Str, []).
-
-split_chunk([] = Rest, Acc) ->
-    {lists:reverse(Acc), Rest};
-split_chunk([$@|Rest], [$\n|_] = Acc) ->
-    {lists:reverse(Acc), Rest};
-split_chunk([C|Rest], Acc) ->
-    split_chunk(Rest, [C|Acc]).
-
-%% Expect a tag and its arguments on a single line.
-split_tag(Str) ->
-    {L, Rest} = get_until($\n, Str),
-    [{tag, Tag} | Toks] = diameter_spec_scan:parse(L),
-    {Tag, Toks, trim(Rest)}.
-
-get_until(EndT, L) ->
-    {H, [EndT | T]} = lists:splitwith(fun(C) -> C =/= EndT end, L),
-    {H,T}.
-
-%% ------------------------------------------------------------------------
-%% make_spec/1
-%%
-%% Turn chunks into spec.
-
-make_spec(Chunks) ->
-    lists:foldl(fun(T,A) -> report(chunk, T), chunk(T,A) end,
-                orddict:new(),
-                Chunks).
-
-chunk({T, [X], []}, Dict)
-  when T == name;
-       T == prefix ->
-    store(T, atomize(X), Dict);
-
-chunk({id = T, [{number, I}], []}, Dict) ->
-    store(T, I, Dict);
-
-chunk({vendor = T, [{number, I}, N], []}, Dict) ->
-    store(T, {I, atomize(N)}, Dict);
-
-%% inherits -> [{Mod, [AvpName, ...]}, ...]
-chunk({inherits = T, [_,_|_] = Args, []}, Acc) ->
-    Mods = [atomize(A) || A <- Args],
-    append_list(T, [{M,[]} || M <- Mods], Acc);
-chunk({inherits = T, [Mod], Body}, Acc) ->
-    append(T, {atomize(Mod), parse_avp_names(Body)}, Acc);
-
-%% avp_types -> [{AvpName, Code, Type, Flags, Encr}, ...]
-chunk({avp_types = T, [], Body}, Acc) ->
-    store(T, parse_avp_types(Body), Acc);
-
-%% custom_types -> [{Mod, [AvpName, ...]}, ...]
-chunk({custom_types = T, [Mod], Body}, Dict) ->
-    [_|_] = Avps = parse_avp_names(Body),
-    append(T, {atomize(Mod), Avps}, Dict);
-
-%% messages -> [{MsgName, Code, Type, Appl, Avps}, ...]
-chunk({messages = T, [], Body}, Acc) ->
-    store(T, parse_messages(Body), Acc);
-
-%% grouped -> [{AvpName, Code, Vendor, Avps}, ...]
-chunk({grouped = T, [], Body}, Acc) ->
-    store(T, parse_groups(Body), Acc);
-
-%% avp_vendor_id -> [{Id, [AvpName, ...]}, ...]
-chunk({avp_vendor_id = T, [{number, I}], Body}, Dict) ->
-    [_|_] = Names = parse_avp_names(Body),
-    append(T, {I, Names}, Dict);
-
-%% enums -> [{AvpName, [{Value, Name}, ...]}, ...]
-chunk({enum, [N], Str}, Dict) ->
-    append(enums, {atomize(N), parse_enums(Str)}, Dict);
-
-%% defines -> [{DefineName, [{Value, Name}, ...]}, ...]
-chunk({define, [N], Str}, Dict) ->
-    append(defines, {atomize(N), parse_enums(Str)}, Dict);
-chunk({result_code, [_] = N, Str}, Dict) ->  %% backwards compatibility
-    chunk({define, N, Str}, Dict);
-
-%% commands -> [{Name, Abbrev}, ...]
-chunk({commands = T, [], Body}, Dict) ->
-    store(T, parse_commands(Body), Dict);
-
-chunk(T, _) ->
-    ?ERROR({unknown_tag, T}).
-
-store(Key, Value, Dict) ->
-    error == orddict:find(Key, Dict) orelse ?ERROR({duplicate, Key}),
-    orddict:store(Key, Value, Dict).
-append(Key, Value, Dict) ->
-    orddict:append(Key, Value, Dict).
-append_list(Key, Values, Dict) ->
-    orddict:append_list(Key, Values, Dict).
-
-atomize({tag, T}) ->
-    T;
-atomize({name, T}) ->
-    ?ATOM(T).
-
-get_value(Keys, Spec)
-  when is_list(Keys) ->
-    [get_value(K, Spec) || K <- Keys];
-get_value(Key, Spec) ->
-    proplists:get_value(Key, Spec, []).
-
-%% ------------------------------------------------------------------------
-%% enums_defined/1
-%% groups_defined/1
-%% customs_defined/1
-%%
-%% Ensure that every local enum/grouped/custom is defined as an avp
-%% with an appropriate type.
-
-enums_defined(Spec) ->
-    Avps = get_value(avp_types, Spec),
-    Import = get_value(import_enums, Spec),
-    lists:all(fun({N,_}) ->
-                      true = enum_defined(N, Avps, Import)
-              end,
-              get_value(enums, Spec)).
-
-enum_defined(Name, Avps, Import) ->
-    case lists:keyfind(Name, 1, Avps) of
-        {Name, _, 'Enumerated', _, _} ->
-            true;
-        {Name, _, T, _, _} ->
-            ?ERROR({avp_has_wrong_type, Name, 'Enumerated', T});
-        false ->
-            lists:any(fun({_,Is}) -> lists:keymember(Name, 1, Is) end, Import)
-                orelse ?ERROR({avp_not_defined, Name, 'Enumerated'})
-    end.
-%% Note that an AVP is imported only if referenced by a message or
-%% grouped AVP, so the final branch will fail if an enum definition is
-%% extended without this being the case.
-
-groups_defined(Spec) ->
-    Avps = get_value(avp_types, Spec),
-    lists:all(fun({N,_,_,_}) -> true = group_defined(N, Avps) end,
-              get_value(grouped, Spec)).
-
-group_defined(Name, Avps) ->
-    case lists:keyfind(Name, 1, Avps) of
-        {Name, _, 'Grouped', _, _} ->
-            true;
-        {Name, _, T, _, _} ->
-            ?ERROR({avp_has_wrong_type, Name, 'Grouped', T});
-        false ->
-            ?ERROR({avp_not_defined, Name, 'Grouped'})
-    end.
-
-customs_defined(Spec) ->
-    Avps = get_value(avp_types, Spec),
-    lists:all(fun(A) -> true = custom_defined(A, Avps) end,
-              lists:flatmap(fun last/1, get_value(custom_types, Spec))).
-
-custom_defined(Name, Avps) ->
-    case lists:keyfind(Name, 1, Avps) of
-        {Name, _, T, _, _} when T == 'Grouped';
-                                T == 'Enumerated' ->
-            ?ERROR({avp_has_invalid_custom_type, Name, T});
-        {Name, _, _, _, _} ->
-            true;
-        false ->
-            ?ERROR({avp_not_defined, Name})
-    end.
-
-last({_,Xs}) -> Xs.
-
-%% ------------------------------------------------------------------------
-%% v_flags_set/1
-
-v_flags_set(Spec) ->
-    Avps = get_value(avp_types, Spec)
-        ++ lists:flatmap(fun last/1, get_value(import_avps, Spec)),
-    Vs = lists:flatmap(fun last/1, get_value(avp_vendor_id, Spec)),
-
-    lists:all(fun(N) -> vset(N, Avps) end, Vs).
-
-vset(Name, Avps) ->
-    A = lists:keyfind(Name, 1, Avps),
-    false == A andalso ?ERROR({avp_not_defined, Name}),
-    {Name, _Code, _Type, Flags, _Encr} = A,
-    lists:member('V', Flags) orelse ?ERROR({v_flag_not_set, A}).
-
-%% ------------------------------------------------------------------------
-%% insert_codes/1
-
-insert_codes(Spec) ->
-    [Msgs, Cmds] = get_value([messages, commands], Spec),
-
-    %% Code -> [{Name, Flags}, ...]
-    Dict = lists:foldl(fun({N,C,Fs,_,_}, D) -> dict:append(C,{N,Fs},D) end,
-                       dict:new(),
-                       Msgs),
-
-    %% list() of {Code, {ReqName, ReqAbbr}, {AnsName, AnsAbbr}}
-    %% If the name and abbreviation are the same then the 2-tuples
-    %% are replaced by the common atom()-valued name.
-    Codes = dict:fold(fun(C,Ns,A) -> [make_code(C, Ns, Cmds) | A] end,
-                      [],
-                      dict:erase(-1, Dict)),  %% answer-message
-
-    orddict:store(command_codes, Codes, Spec).
-
-make_code(Code, [_,_] = Ns, Cmds) ->
-    {Req, Ans} = make_names(Ns, lists:map(fun({_,Fs}) ->
-                                                  lists:member('REQ', Fs)
-                                          end,
-                                          Ns)),
-    {Code, abbrev(Req, Cmds), abbrev(Ans, Cmds)};
-
-make_code(Code, Cs, _) ->
-    ?ERROR({missing_request_or_answer, Code, Cs}).
-
-%% 3.3.  Diameter Command Naming Conventions
-%%
-%%    Diameter command names typically includes one or more English words
-%%    followed by the verb Request or Answer.  Each English word is
-%%    delimited by a hyphen.  A three-letter acronym for both the request
-%%    and answer is also normally provided.
-
-make_names([{Rname,_},{Aname,_}], [true, false]) ->
-    {Rname, Aname};
-make_names([{Aname,_},{Rname,_}], [false, true]) ->
-    {Rname, Aname};
-make_names([_,_] = Names, _) ->
-    ?ERROR({inconsistent_command_flags, Names}).
-
-abbrev(Name, Cmds) ->
-    case abbr(Name, get_value(Name, Cmds)) of
-        Name ->
-            Name;
-        Abbr ->
-            {Name, Abbr}
-    end.
-
-%% No explicit abbreviation: construct.
-abbr(Name, []) ->
-    ?ATOM(abbr(string:tokens(atom_to_list(Name), "-")));
-
-%% Abbreviation was specified.
-abbr(_Name, Abbr) ->
-    Abbr.
-
-%% No hyphens: already abbreviated.
-abbr([Abbr]) ->
-    Abbr;
-
-%% XX-Request/Answer ==> XXR/XXA
-abbr([[_,_] = P, T])
-  when T == "Request";
-       T == "Answer" ->
-    P ++ [hd(T)];
-
-%% XXX-...-YYY-Request/Answer ==> X...YR/X...YA
-abbr([_,_|_] = L) ->
-    lists:map(fun erlang:hd/1, L).
-
-%% ------------------------------------------------------------------------
-%% import_avps/2
-
-import_avps(Spec, Options) ->
-    Msgs = get_value(messages, Spec),
-    Groups = get_value(grouped, Spec),
-
-    %% Messages and groups require AVP's referenced by them.
-    NeededAvps
-        = ordsets:from_list(lists:flatmap(fun({_,_,_,_,As}) ->
-                                                  [avp_name(A) || A <- As]
-                                          end,
-                                          Msgs)
-                            ++ lists:flatmap(fun({_,_,_,As}) ->
-                                                     [avp_name(A) || A <- As]
-                                             end,
-                                             Groups)),
-    MissingAvps = missing_avps(NeededAvps, Spec),
-
-    report(needed, NeededAvps),
-    report(missing, MissingAvps),
-
-    Import = inherit(get_value(inherits, Spec), Options),
-
-    report(imported, Import),
-
-    ImportedAvps = lists:map(fun({N,_,_,_,_}) -> N end,
-                             lists:flatmap(fun last/1, Import)),
-
-    Unknown = MissingAvps -- ImportedAvps,
-
-    [] == Unknown orelse ?ERROR({undefined_avps, Unknown}),
-
-    orddict:store(import_avps, Import, orddict:erase(inherits, Spec)).
-
-%% missing_avps/2
-%%
-%% Given a list of AVP names and parsed spec, return the list of
-%% AVP's that aren't defined in this spec.
-
-missing_avps(NeededNames, Spec) ->
-    Avps = get_value(avp_types, Spec),
-    Groups = lists:map(fun({N,_,_,As}) ->
-                               {N, [avp_name(A) || A <- As]}
-                       end,
-                       get_value(grouped, Spec)),
-    Names = ordsets:from_list(['AVP' | lists:map(fun({N,_,_,_,_}) -> N end,
-                                                 Avps)]),
-    missing_avps(NeededNames, [], {Names, Groups}).
-
-avp_name({'<',A,'>'}) -> A;
-avp_name({A}) -> A;
-avp_name([A]) -> A;
-avp_name({_, A}) -> avp_name(A).
-
-missing_avps(NeededNames, MissingNames, {Names, _} = T) ->
-    missing(ordsets:filter(fun(N) -> lists:member(N, NeededNames) end, Names),
-            ordsets:union(NeededNames, MissingNames),
-            T).
-
-%% Nothing found locally.
-missing([], MissingNames, _) ->
-    MissingNames;
-
-%% Or not. Keep looking for for the AVP's needed by the found AVP's of
-%% type Grouped.
-missing(FoundNames, MissingNames, {_, Groups} = T) ->
-    NeededNames = lists:flatmap(fun({N,As}) ->
-                                  choose(lists:member(N, FoundNames), As, [])
-                          end,
-                          Groups),
-    missing_avps(ordsets:from_list(NeededNames),
-                 ordsets:subtract(MissingNames, FoundNames),
-                 T).
-
-%% inherit/2
-
-inherit(Inherits, Options) ->
-    Dirs = [D || {include, D} <- Options] ++ ["."],
-    lists:foldl(fun(T,A) -> find_avps(T, A, Dirs) end, [], Inherits).
-
-find_avps({Mod, AvpNames}, Acc, Path) ->
-    report(inherit_from, Mod),
-    Avps = avps_from_beam(find_beam(Mod, Path), Mod),  %% could be empty
-    [{Mod, lists:sort(find_avps(AvpNames, Avps))} | Acc].
-
-find_avps([], Avps) ->
-    Avps;
-find_avps(Names, Avps) ->
-    lists:filter(fun({N,_,_,_,_}) -> lists:member(N, Names) end, Avps).
-
-%% find_beam/2
-
-find_beam(Mod, Dirs)
-  when is_atom(Mod) ->
-    find_beam(atom_to_list(Mod), Dirs);
-find_beam(Mod, Dirs) ->
-    Beam = Mod ++ code:objfile_extension(),
-    case try_path(Dirs, Beam) of
-        {value, Path} ->
-            Path;
-        false ->
-            ?ERROR({beam_not_on_path, Beam, Dirs})
-    end.
-
-try_path([D|Ds], Fname) ->
-    Path = filename:join(D, Fname),
-    case file:read_file_info(Path) of
-        {ok, _} ->
-            {value, Path};
-        _ ->
-            try_path(Ds, Fname)
-    end;
-try_path([], _) ->
-    false.
-
-%% avps_from_beam/2
-
-avps_from_beam(Path, Mod) ->
-    report(beam, Path),
-    ok = load_module(code:is_loaded(Mod), Mod, Path),
-    orddict:fetch(avp_types, Mod:dict()).
-
-load_module(false, Mod, Path) ->
-    R = filename:rootname(Path, code:objfile_extension()),
-    {module, Mod} = code:load_abs(R),
-    ok;
-load_module({file, _}, _, _) ->
-    ok.
-
-choose(true, X, _)  -> X;
-choose(false, _, X) -> X.
-
-%% ------------------------------------------------------------------------
-%% import_groups/1
-%% import_enums/1
-%%
-%% For each inherited module, store the content of imported AVP's of
-%% type grouped/enumerated in a new key.
-
-import_groups(Spec) ->
-    orddict:store(import_groups, import(grouped, Spec), Spec).
-
-import_enums(Spec) ->
-    orddict:store(import_enums, import(enums, Spec), Spec).
-
-import(Key, Spec) ->
-    lists:flatmap(fun(T) -> import_key(Key, T) end,
-                  get_value(import_avps, Spec)).
-
-import_key(Key, {Mod, Avps}) ->
-    Imports = lists:flatmap(fun(T) ->
-                                    choose(lists:keymember(element(1,T),
-                                                           1,
-                                                           Avps),
-                                           [T],
-                                           [])
-                            end,
-                            get_value(Key, Mod:dict())),
-    if Imports == [] ->
-            [];
-       true ->
-            [{Mod, Imports}]
-    end.
-
-%% ------------------------------------------------------------------------
-%% parse_enums/1
-%%
-%% Enums are specified either as the integer value followed by the
-%% name or vice-versa. In the former case the name of the enum is
-%% taken to be the string up to the end of line, which may contain
-%% whitespace. In the latter case the integer may be parenthesized,
-%% specified in hex and followed by an inline comment. This is
-%% historical and will likely be changed to require a precise input
-%% format.
-%%
-%% Output: list() of {integer(), atom()}
-
-parse_enums(Str) ->
-    lists:flatmap(fun(L) -> parse_enum(trim(L)) end, string:tokens(Str, "\n")).
-
-parse_enum([]) ->
-    [];
-
-parse_enum(Str) ->
-    REs = [{"^(0[xX][0-9A-Fa-f]+|[0-9]+)\s+(.*?)\s*$", 1, 2},
-           {"^(.+?)\s+(0[xX][0-9A-Fa-f]+|[0-9]+)(\s+.*)?$", 2, 1},
-           {"^(.+?)\s+\\((0[xX][0-9A-Fa-f]+|[0-9]+)\\)(\s+.*)?$", 2, 1}],
-    parse_enum(Str, REs).
-
-parse_enum(Str, REs) ->
-    try lists:foreach(fun(R) -> enum(Str, R) end, REs) of
-        ok ->
-            ?ERROR({bad_enum, Str})
-    catch
-        throw: {enum, T} ->
-            [T]
-    end.
-
-enum(Str, {Re, I, N}) ->
-    case re:run(Str, Re, [{capture, all_but_first, list}]) of
-        {match, Vs} ->
-            T = list_to_tuple(Vs),
-            throw({enum, {to_int(element(I,T)), ?ATOM(element(N,T))}});
-        nomatch ->
-            ok
-    end.
-
-to_int([$0,X|Hex])
-  when X == $x;
-       X == $X ->
-    {ok, [I], _} = io_lib:fread("~#", "16#" ++ Hex),
-    I;
-to_int(I) ->
-    list_to_integer(I).
-
-%% ------------------------------------------------------------------------
-%% parse_messages/1
-%%
-%% Parse according to the ABNF for message specifications in 3.2 of
-%% RFC 3588 (shown below). We require all message and AVP names to
-%% start with a digit or uppercase character, except for the base
-%% answer-message, which is treated as a special case. Allowing names
-%% that start with a digit is more than the RFC specifies but the name
-%% doesn't affect what's sent over the wire. (Certains 3GPP standards
-%% use names starting with a digit. eg 3GPP-Charging-Id in TS32.299.)
-
-%%
-%% Sadly, not even the RFC follows this grammar. In particular, except
-%% in the example in 3.2, it wraps each command-name in angle brackets
-%% ('<' '>') which makes parsing a sequence of specifications require
-%% lookahead: after 'optional' avps have been parsed, it's not clear
-%% whether a '<' is a 'fixed' or whether it's the start of a
-%% subsequent message until we see whether or not '::=' follows the
-%% closing '>'. Require the grammar as specified.
-%%
-%% Output: list of {Name, Code, Flags, ApplId, Avps}
-%%
-%%         Name   = atom()
-%%         Code   = integer()
-%%         Flags  = integer()
-%%         ApplId = [] | [integer()]
-%%         Avps   = see parse_avps/1
-
-parse_messages(Str) ->
-    p_cmd(trim(Str), []).
-
-%%   command-def      = command-name "::=" diameter-message
-%%
-%%   command-name     = diameter-name
-%%
-%%   diameter-name    = ALPHA *(ALPHA / DIGIT / "-")
-%%
-%%   diameter-message = header  [ *fixed] [ *required] [ *optional]
-%%                      [ *fixed]
-%%
-%%   header           = "<" Diameter-Header:" command-id
-%%                      [r-bit] [p-bit] [e-bit] [application-id]">"
-%%
-%% The header spec (and example that follows it) is slightly mangled
-%% and, given the examples in the RFC should as follows:
-%%
-%%   header           = "<" "Diameter Header:" command-id
-%%                      [r-bit] [p-bit] [e-bit] [application-id]">"
-%%
-%% This is what's required/parsed below, modulo whitespace. This is
-%% also what's specified in the current draft standard at
-%% http://ftp.ietf.org/drafts/wg/dime.
-%%
-%% Note that the grammar specifies the order fixed, required,
-%% optional. In practise there seems to be little difference between
-%% the latter two since qualifiers can be used to change the
-%% semantics. For example 1*[XXX] and *1{YYY} specify 1 or more of the
-%% optional avp XXX and 0 or 1 of the required avp YYY, making the
-%% iotional avp required and the required avp optional. The current
-%% draft addresses this somewhat by requiring that min for a qualifier
-%% on an optional avp must be 0 if present. It doesn't say anything
-%% about required avps however, so specifying a min of 0 would still
-%% be possible. The draft also does away with the trailing *fixed.
-%%
-%% What will be parsed here will treat required and optional
-%% interchangeably. That is. only require that required/optional
-%% follow and preceed fixed, not that optional avps must follow
-%% required ones. We already have several specs for which this parsing
-%% is necessary and there seems to be no harm in accepting it.
-
-p_cmd("", Acc) ->
-    lists:reverse(Acc);
-
-p_cmd(Str, Acc) ->
-    {Next, Rest} = split_def(Str),
-    report(command, Next),
-    p_cmd(Rest, [p_cmd(Next) | Acc]).
-
-p_cmd("answer-message" ++ Str) ->
-    p_header([{name, 'answer-message'} | diameter_spec_scan:parse(Str)]);
-
-p_cmd(Str) ->
-    p_header(diameter_spec_scan:parse(Str)).
-
-%% p_header/1
-
-p_header(['<', {name, _} = N, '>' | Toks]) ->
-    p_header([N | Toks]);
-
-p_header([{name, 'answer-message' = N}, '::=',
-          '<', {name, "Diameter"}, {name, "Header"}, ':', {tag, code},
-          ',', {name, "ERR"}, '[', {name, "PXY"}, ']', '>'
-          | Toks]) ->
-    {N, -1, ['ERR', 'PXY'], [], parse_avps(Toks)};
-
-p_header([{name, Name}, '::=',
-          '<', {name, "Diameter"}, {name, "Header"}, ':', {number, Code}
-          | Toks]) ->
-    {Flags, Rest} = p_flags(Toks),
-    {ApplId, [C|_] = R} = p_appl(Rest),
-    '>' == C orelse ?ERROR({invalid_flag, {Name, Code, Flags, ApplId}, R}),
-    {?ATOM(Name), Code, Flags, ApplId, parse_avps(tl(R))};
-
-p_header(Toks) ->
-    ?ERROR({invalid_header, Toks}).
-
-%%   application-id   = 1*DIGIT
-%%
-%%   command-id       = 1*DIGIT
-%%                      ; The Command Code assigned to the command
-%%
-%%   r-bit            = ", REQ"
-%%                      ; If present, the 'R' bit in the Command
-%%                      ; Flags is set, indicating that the message
-%%                      ; is a request, as opposed to an answer.
-%%
-%%   p-bit            = ", PXY"
-%%                      ; If present, the 'P' bit in the Command
-%%                      ; Flags is set, indicating that the message
-%%                      ; is proxiable.
-%%
-%%   e-bit            = ", ERR"
-%%                      ; If present, the 'E' bit in the Command
-%%                      ; Flags is set, indicating that the answer
-%%                      ; message contains a Result-Code AVP in
-%%                      ; the "protocol error" class.
-
-p_flags(Toks) ->
-    lists:foldl(fun p_flags/2, {[], Toks}, ["REQ", "PXY", "ERR"]).
-
-p_flags(N, {Acc, [',', {name, N} | Toks]}) ->
-    {[?ATOM(N) | Acc], Toks};
-
-p_flags(_, T) ->
-    T.
-
-%% The RFC doesn't specify ',' before application-id but this seems a
-%% bit inconsistent. Accept a comma if it exists.
-p_appl([',', {number, I} | Toks]) ->
-    {[I], Toks};
-p_appl([{number, I} | Toks]) ->
-    {[I], Toks};
-p_appl(Toks) ->
-    {[], Toks}.
-
-%% parse_avps/1
-%%
-%% Output: list() of Avp | {Qual, Avp}
-%%
-%%         Qual = '*' | {Min, '*'} | {'*', Max} | {Min, Max}
-%%         Avp  = {'<', Name, '>'} | {Name} | [Name]
-%%
-%%         Min, Max = integer() >= 0
-
-parse_avps(Toks) ->
-    p_avps(Toks, ['<', '|', '<'], []).
-%% The list corresponds to the delimiters expected at the front, middle
-%% and back of the avp specification, '|' representing '{' and '['.
-
-%%   fixed            = [qual] "<" avp-spec ">"
-%%                      ; Defines the fixed position of an AVP
-%%
-%%   required         = [qual] "{" avp-spec "}"
-%%                      ; The AVP MUST be present and can appear
-%%                      ; anywhere in the message.
-%%
-%%   optional         = [qual] "[" avp-name "]"
-%%                      ; The avp-name in the 'optional' rule cannot
-%%                      ; evaluate to any AVP Name which is included
-%%                      ; in a fixed or required rule.  The AVP can
-%%                      ; appear anywhere in the message.
-%%
-%%   qual             = [min] "*" [max]
-%%                      ; See ABNF conventions, RFC 2234 Section 6.6.
-%%                      ; The absence of any qualifiers depends on whether
-%%                      ; it precedes a fixed, required, or optional
-%%                      ; rule.  If a fixed or required rule has no
-%%                      ; qualifier, then exactly one such AVP MUST
-%%                      ; be present.  If an optional rule has no
-%%                      ; qualifier, then 0 or 1 such AVP may be
-%%                      ; present.
-%%                      ;
-%%                      ; NOTE:  "[" and "]" have a different meaning
-%%                      ; than in ABNF (see the optional rule, above).
-%%                      ; These braces cannot be used to express
-%%                      ; optional fixed rules (such as an optional
-%%                      ; ICV at the end).  To do this, the convention
-%%                      ; is '0*1fixed'.
-%%
-%%   min              = 1*DIGIT
-%%                      ; The minimum number of times the element may
-%%                      ; be present.  The default value is zero.
-%%
-%%   max              = 1*DIGIT
-%%                      ; The maximum number of times the element may
-%%                      ; be present.  The default value is infinity.  A
-%%                      ; value of zero implies the AVP MUST NOT be
-%%                      ; present.
-%%
-%%   avp-spec         = diameter-name
-%%                      ; The avp-spec has to be an AVP Name, defined
-%%                      ; in the base or extended Diameter
-%%                      ; specifications.
-%%
-%%   avp-name         = avp-spec / "AVP"
-%%                      ; The string "AVP" stands for *any* arbitrary
-%%                      ; AVP Name, which does not conflict with the
-%%                      ; required or fixed position AVPs defined in
-%%                      ; the command code definition.
-%%
-
-p_avps([], _, Acc) ->
-    lists:reverse(Acc);
-
-p_avps(Toks, Delim, Acc) ->
-    {Qual, Rest} = p_qual(Toks),
-    {Avp, R, D} = p_avp(Rest, Delim),
-    T = if Qual == false ->
-                Avp;
-           true ->
-                {Qual, Avp}
-        end,
-    p_avps(R, D, [T | Acc]).
-
-p_qual([{number, Min}, '*', {number, Max} | Toks]) ->
-    {{Min, Max}, Toks};
-p_qual([{number, Min}, '*' = Max | Toks]) ->
-    {{Min, Max}, Toks};
-p_qual(['*' = Min, {number, Max} | Toks]) ->
-    {{Min, Max}, Toks};
-p_qual(['*' = Q | Toks]) ->
-    {Q, Toks};
-p_qual(Toks) ->
-    {false, Toks}.
-
-p_avp([B, {name, Name}, E | Toks], [_|_] = Delim) ->
-    {avp(B, ?ATOM(Name), E),
-     Toks,
-     delim(choose(B == '<', B, '|'), Delim)};
-p_avp(Toks, Delim) ->
-    ?ERROR({invalid_avp, Toks, Delim}).
-
-avp('<' = B, Name, '>' = E) ->
-    {B, Name, E};
-avp('{', Name, '}') ->
-    {Name};
-avp('[', Name, ']') ->
-    [Name];
-avp(B, Name, E) ->
-    ?ERROR({invalid_avp, B, Name, E}).
-
-delim(B, D) ->
-    if B == hd(D) -> D; true -> tl(D) end.
-
-%% split_def/1
-%%
-%% Strip one command definition off head of a string.
-
-split_def(Str) ->
-    sdh(Str, []).
-
-%% Look for the "::=" starting off the definition.
-sdh("", _) ->
-    ?ERROR({missing, '::='});
-sdh("::=" ++ Rest, Acc) ->
-    sdb(Rest, [$=,$:,$:|Acc]);
-sdh([C|Rest], Acc) ->
-    sdh(Rest, [C|Acc]).
-
-%% Look for the "::=" starting off the following definition.
-sdb("::=" ++ _ = Rest, Acc) ->
-    sdt(trim(Acc), Rest);
-sdb("" = Rest, Acc) ->
-    sd(Acc, Rest);
-sdb([C|Rest], Acc) ->
-    sdb(Rest, [C|Acc]).
-
-%% Put name characters of the subsequent specification back into Rest.
-sdt([C|Acc], Rest)
-  when C /= $\n, C /= $\s ->
-    sdt(Acc, [C|Rest]);
-
-sdt(Acc, Rest) ->
-    sd(Acc, Rest).
-
-sd(Acc, Rest) ->
-    {trim(lists:reverse(Acc)), Rest}.
-%% Note that Rest is already trimmed of leading space.
-
-%% ------------------------------------------------------------------------
-%% parse_groups/1
-%%
-%% Parse according to the ABNF for message specifications in 4.4 of
-%% RFC 3588 (shown below). Again, allow names starting with a digit
-%% and also require "AVP Header" without "-" since this is what
-%% the RFC uses in all examples.
-%%
-%% Output: list of {Name, Code, Vendor, Avps}
-%%
-%%         Name   = atom()
-%%         Code   = integer()
-%%         Vendor = [] | [integer()]
-%%         Avps   = see parse_avps/1
-
-parse_groups(Str) ->
-    p_group(trim(Str), []).
-
-%%      grouped-avp-def  = name "::=" avp
-%%
-%%      name-fmt         = ALPHA *(ALPHA / DIGIT / "-")
-%%
-%%      name             = name-fmt
-%%                         ; The name has to be the name of an AVP,
-%%                         ; defined in the base or extended Diameter
-%%                         ; specifications.
-%%
-%%      avp              = header  [ *fixed] [ *required] [ *optional]
-%%                         [ *fixed]
-%%
-%%      header           = "<" "AVP-Header:" avpcode [vendor] ">"
-%%
-%%      avpcode          = 1*DIGIT
-%%                         ; The AVP Code assigned to the Grouped AVP
-%%
-%%      vendor           = 1*DIGIT
-%%                         ; The Vendor-ID assigned to the Grouped AVP.
-%%                         ; If absent, the default value of zero is
-%%                         ; used.
-
-p_group("", Acc) ->
-    lists:reverse(Acc);
-
-p_group(Str, Acc) ->
-    {Next, Rest} = split_def(Str),
-    report(group, Next),
-    p_group(Rest, [p_group(diameter_spec_scan:parse(Next)) | Acc]).
-
-p_group([{name, Name}, '::=', '<', {name, "AVP"}, {name, "Header"},
-         ':', {number, Code}
-         | Toks]) ->
-    {Id, [C|_] = R} = p_vendor(Toks),
-    C == '>' orelse ?ERROR({invalid_group_header, R}),
-    {?ATOM(Name), Code, Id, parse_avps(tl(R))};
-
-p_group(Toks) ->
-    ?ERROR({invalid_group, Toks}).
-
-p_vendor([{number, I} | Toks]) ->
-    {[I], Toks};
-p_vendor(Toks) ->
-    {[], Toks}.
-
-%% ------------------------------------------------------------------------
-%% parse_avp_names/1
-
-parse_avp_names(Str) ->
-    [p_name(N) || N <- diameter_spec_scan:parse(Str)].
-
-p_name({name, N}) ->
-    ?ATOM(N);
-p_name(T) ->
-    ?ERROR({invalid_avp_name, T}).
-
-%% ------------------------------------------------------------------------
-%% parse_avp_types/1
-%%
-%% Output: list() of {Name, Code, Type, Flags, Encr}
-
-parse_avp_types(Str) ->
-    p_avp_types(Str, []).
-
-p_avp_types(Str, Acc) ->
-    p_type(diameter_spec_scan:split(Str, 3), Acc).
-
-p_type({[],[]}, Acc) ->
-    lists:reverse(Acc);
-
-p_type({[{name, Name}, {number, Code}, {name, Type}], Str}, Acc) ->
-    {Flags, Encr, Rest} = try
-                              p_avp_flags(trim(Str), [])
-                          catch
-                              throw: {?MODULE, Reason} ->
-                                  ?ERROR({invalid_avp_type, Reason})
-                          end,
-    p_avp_types(Rest, [{?ATOM(Name), Code, ?ATOM(type(Type)), Flags, Encr}
-                       | Acc]);
-
-p_type(T, _) ->
-    ?ERROR({invalid_avp_type, T}).
-
-p_avp_flags([C|Str], Acc)
-  when C == $M;
-       C == $P;
-       C == $V ->
-    p_avp_flags(Str, [?ATOM([C]) | Acc]);
-%% Could support lowercase here if there's a use for distinguishing
-%% between Must and Should in the future in deciding whether or not
-%% to set a flag.
-
-p_avp_flags([$-|Str], Acc) ->
-    %% Require encr on same line as flags if specified.
-    {H,T} = lists:splitwith(fun(C) -> C /= $\n end, Str),
-
-    {[{name, [$X|X]} | Toks], Rest} = diameter_spec_scan:split([$X|H], 2),
-
-    "" == X orelse throw({?MODULE, {invalid_avp_flag, Str}}),
-
-    Encr = case Toks of
-               [] ->
-                   "-";
-               [{_, E}] ->
-                   (E == "Y" orelse E == "N")
-                       orelse throw({?MODULE, {invalid_encr, E}}),
-                   E
-           end,
-
-    Flags = ordsets:from_list(lists:reverse(Acc)),
-
-    {Flags, ?ATOM(Encr), Rest ++ T};
-
-p_avp_flags(Str, Acc) ->
-    p_avp_flags([$-|Str], Acc).
-
-type("DiamIdent")   -> "DiameterIdentity";  %% RFC 3588
-type("DiamURI")     -> "DiameterURI";       %% RFC 3588
-type("IPFltrRule")  -> "IPFilterRule";      %% RFC 4005
-type("QoSFltrRule") -> "QoSFilterRule";     %% RFC 4005
-type(N)
-  when N == "OctetString";
-       N == "Integer32";
-       N == "Integer64";
-       N == "Unsigned32";
-       N == "Unsigned64";
-       N == "Float32";
-       N == "Float64";
-       N == "Grouped";
-       N == "Enumerated";
-       N == "Address";
-       N == "Time";
-       N == "UTF8String";
-       N == "DiameterIdentity";
-       N == "DiameterURI";
-       N == "IPFilterRule";
-       N == "QoSFilterRule" ->
-    N;
-type(N) ->
-    ?ERROR({invalid_avp_type, N}).
-
-%% ------------------------------------------------------------------------
-%% parse_commands/1
-
-parse_commands(Str) ->
-    p_abbr(diameter_spec_scan:parse(Str), []).
-
- p_abbr([{name, Name}, {name, Abbrev} | Toks], Acc)
-  when length(Abbrev) < length(Name) ->
-    p_abbr(Toks, [{?ATOM(Name), ?ATOM(Abbrev)} | Acc]);
-
-p_abbr([], Acc) ->
-    lists:reverse(Acc);
-
-p_abbr(T, _) ->
-    ?ERROR({invalid_command, T}).
diff --git a/lib/diameter/src/compiler/diameter_vsn.hrl b/lib/diameter/src/compiler/diameter_vsn.hrl
new file mode 100644
index 0000000000..024d047adc
--- /dev/null
+++ b/lib/diameter/src/compiler/diameter_vsn.hrl
@@ -0,0 +1,22 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%% The version of the format of the return value of dict/0 in
+%% generated dictionary modules.
+-define(VERSION, 1).
diff --git a/lib/diameter/src/dict/base_rfc3588.dia b/lib/diameter/src/dict/base_rfc3588.dia
index f7a0b717cd..acd7fffd00 100644
--- a/lib/diameter/src/dict/base_rfc3588.dia
+++ b/lib/diameter/src/dict/base_rfc3588.dia
@@ -136,14 +136,14 @@
               [ Origin-State-Id ]
 
    answer-message ::= < Diameter Header: code, ERR [PXY] >
-                  0*1 < Session-Id >
-                      { Origin-Host }
-                      { Origin-Realm }
-                      { Result-Code }
-                      [ Origin-State-Id ]
-                      [ Error-Reporting-Host ]
-                      [ Proxy-Info ]
-                    * [ AVP ]
+          0*1 < Session-Id >
+              { Origin-Host }
+              { Origin-Realm }
+              { Result-Code }
+              [ Origin-State-Id ]
+              [ Error-Reporting-Host ]
+              [ Proxy-Info ]
+            * [ AVP ]
 
       RAR ::= < Diameter Header: 258, REQ, PXY >
               < Session-Id >
@@ -312,14 +312,14 @@
 
 @enum Termination-Cause
 
-   DIAMETER_LOGOUT                1
-   DIAMETER_SERVICE_NOT_PROVIDED  2
-   DIAMETER_BAD_ANSWER            3
-   DIAMETER_ADMINISTRATIVE        4
-   DIAMETER_LINK_BROKEN           5
-   DIAMETER_AUTH_EXPIRED          6
-   DIAMETER_USER_MOVED            7
-   DIAMETER_SESSION_TIMEOUT       8
+   LOGOUT                         1
+   SERVICE_NOT_PROVIDED           2
+   BAD_ANSWER                     3
+   ADMINISTRATIVE                 4
+   LINK_BROKEN                    5
+   AUTH_EXPIRED                   6
+   USER_MOVED                     7
+   SESSION_TIMEOUT                8
 
 @enum Session-Server-Failover
 
@@ -343,14 +343,53 @@
 
 @define Result-Code
 
-;; 7.1.1.  Informational
+   ;; 7.1.1.  Informational
+   MULTI_ROUND_AUTH            1001
+
+   ;; 7.1.2.  Success
+   SUCCESS                     2001
+   LIMITED_SUCCESS             2002
+
+   ;; 7.1.3.  Protocol Errors
+   COMMAND_UNSUPPORTED         3001
+   UNABLE_TO_DELIVER           3002
+   REALM_NOT_SERVED            3003
+   TOO_BUSY                    3004
+   LOOP_DETECTED               3005
+   REDIRECT_INDICATION         3006
+   APPLICATION_UNSUPPORTED     3007
+   INVALID_HDR_BITS            3008
+   INVALID_AVP_BITS            3009
+   UNKNOWN_PEER                3010
+
+   ;; 7.1.4.  Transient Failures
+   AUTHENTICATION_REJECTED     4001
+   OUT_OF_SPACE                4002
+   ELECTION_LOST               4003
+
+   ;; 7.1.5.  Permanent Failures
+   AVP_UNSUPPORTED             5001
+   UNKNOWN_SESSION_ID          5002
+   AUTHORIZATION_REJECTED      5003
+   INVALID_AVP_VALUE           5004
+   MISSING_AVP                 5005
+   RESOURCES_EXCEEDED          5006
+   CONTRADICTING_AVPS          5007
+   AVP_NOT_ALLOWED             5008
+   AVP_OCCURS_TOO_MANY_TIMES   5009
+   NO_COMMON_APPLICATION       5010
+   UNSUPPORTED_VERSION         5011
+   UNABLE_TO_COMPLY            5012
+   INVALID_BIT_IN_HEADER       5013
+   INVALID_AVP_LENGTH          5014
+   INVALID_MESSAGE_LENGTH      5015
+   INVALID_AVP_BIT_COMBO       5016
+   NO_COMMON_SECURITY          5017
+
+   ;; With a prefix for backwards compatibility.
    DIAMETER_MULTI_ROUND_AUTH          1001
-
-;; 7.1.2.  Success
    DIAMETER_SUCCESS                   2001
    DIAMETER_LIMITED_SUCCESS           2002
-
-;; 7.1.3.  Protocol Errors
    DIAMETER_COMMAND_UNSUPPORTED       3001
    DIAMETER_UNABLE_TO_DELIVER         3002
    DIAMETER_REALM_NOT_SERVED          3003
@@ -361,13 +400,9 @@
    DIAMETER_INVALID_HDR_BITS          3008
    DIAMETER_INVALID_AVP_BITS          3009
    DIAMETER_UNKNOWN_PEER              3010
-
-;; 7.1.4.  Transient Failures
    DIAMETER_AUTHENTICATION_REJECTED   4001
    DIAMETER_OUT_OF_SPACE              4002
-   ELECTION_LOST                      4003
-
-;; 7.1.5.  Permanent Failures
+   DIAMETER_ELECTION_LOST             4003
    DIAMETER_AVP_UNSUPPORTED           5001
    DIAMETER_UNKNOWN_SESSION_ID        5002
    DIAMETER_AUTHORIZATION_REJECTED    5003
@@ -412,3 +447,15 @@
 ;;
       E2E-Sequence ::= <AVP Header: 300 >
                    2* { AVP }
+
+;; Backwards compatibility.
+@define Termination-Cause
+
+   DIAMETER_LOGOUT                1
+   DIAMETER_SERVICE_NOT_PROVIDED  2
+   DIAMETER_BAD_ANSWER            3
+   DIAMETER_ADMINISTRATIVE        4
+   DIAMETER_LINK_BROKEN           5
+   DIAMETER_AUTH_EXPIRED          6
+   DIAMETER_USER_MOVED            7
+   DIAMETER_SESSION_TIMEOUT       8
diff --git a/lib/diameter/src/dict/relay.dia b/lib/diameter/src/dict/relay.dia
index c22293209b..294014b093 100644
--- a/lib/diameter/src/dict/relay.dia
+++ b/lib/diameter/src/dict/relay.dia
@@ -21,5 +21,3 @@
 @name   diameter_gen_relay
 @prefix diameter_relay
 @vendor 0 IETF
-
-@inherits diameter_gen_base_rfc3588
diff --git a/lib/diameter/src/gen/.gitignore b/lib/diameter/src/gen/.gitignore
index d490642eb7..3f32313f56 100644
--- a/lib/diameter/src/gen/.gitignore
+++ b/lib/diameter/src/gen/.gitignore
@@ -1,2 +1,2 @@
-
+/diameter_dict_parser.erl
 /diameter_gen*rl
diff --git a/lib/diameter/src/modules.mk b/lib/diameter/src/modules.mk
index c7cbe598af..7a700a6d53 100644
--- a/lib/diameter/src/modules.mk
+++ b/lib/diameter/src/modules.mk
@@ -24,10 +24,15 @@ DICTS = \
 	base_accounting \
 	relay
 
+# The yecc grammar for the dictionary parser.
+DICT_YRL = \
+	diameter_dict_parser
+
 # Handwritten (runtime) modules included in the app file.
 RT_MODULES = \
 	base/diameter \
 	base/diameter_app \
+	base/diameter_callback \
 	base/diameter_capx \
 	base/diameter_config \
 	base/diameter_codec \
@@ -57,13 +62,13 @@ RT_MODULES = \
 
 # Handwritten (compile time) modules not included in the app file.
 CT_MODULES = \
-	base/diameter_callback \
 	base/diameter_dbg \
 	base/diameter_info \
 	compiler/diameter_codegen \
 	compiler/diameter_exprecs \
-	compiler/diameter_spec_scan \
-	compiler/diameter_spec_util \
+	compiler/diameter_nowarn \
+	compiler/diameter_dict_scanner \
+	compiler/diameter_dict_util \
 	compiler/diameter_make
 
 # Released hrl files in ../include intended for public consumption.
@@ -74,8 +79,8 @@ EXTERNAL_HRLS = \
 # Released hrl files intended for private use.
 INTERNAL_HRLS = \
 	base/diameter_internal.hrl \
-	base/diameter_types.hrl \
-	compiler/diameter_forms.hrl
+	compiler/diameter_forms.hrl \
+	compiler/diameter_vsn.hrl
 
 # Released files relative to ../bin.
 BINS = \
@@ -83,11 +88,17 @@ BINS = \
 
 # Released files relative to ../examples.
 EXAMPLES = \
-	GNUmakefile \
-	peer.erl \
-	client.erl \
-	client_cb.erl \
-	server.erl \
-	server_cb.erl \
-	relay.erl \
-	relay_cb.erl
+	code/GNUmakefile \
+	code/peer.erl \
+	code/client.erl \
+	code/client_cb.erl \
+	code/server.erl \
+	code/server_cb.erl \
+	code/relay.erl \
+	code/relay_cb.erl \
+	dict/rfc4004_mip.dia \
+	dict/rfc4005_nas.dia \
+	dict/rfc4006_cc.dia \
+	dict/rfc4072_eap.dia \
+	dict/rfc4590_digest.dia \
+	dict/rfc4740_sip.dia
diff --git a/lib/diameter/src/transport/diameter_sctp.erl b/lib/diameter/src/transport/diameter_sctp.erl
index 209f8c01c1..68b0342cd5 100644
--- a/lib/diameter/src/transport/diameter_sctp.erl
+++ b/lib/diameter/src/transport/diameter_sctp.erl
@@ -546,10 +546,10 @@ send(Sock, AssocId, Stream, Bin) ->
 %% recv/2
 
 %% Association established ...
-recv({[], #sctp_assoc_change{state = comm_up,
-                             outbound_streams = OS,
-                             inbound_streams = IS,
-                             assoc_id = Id}},
+recv({_, #sctp_assoc_change{state = comm_up,
+                            outbound_streams = OS,
+                            inbound_streams = IS,
+                            assoc_id = Id}},
      #transport{assoc_id = undefined,
                 mode = {T, _},
                 socket = Sock}
@@ -562,7 +562,7 @@ recv({[], #sctp_assoc_change{state = comm_up,
                    streams = {IS, OS}});
 
 %% ... or not: try the next address.
-recv({[], #sctp_assoc_change{} = E},
+recv({_, #sctp_assoc_change{} = E},
      #transport{assoc_id = undefined,
                 socket = Sock,
                 mode = {connect = C, {[RA|RAs], RP, Es}}}
@@ -570,7 +570,7 @@ recv({[], #sctp_assoc_change{} = E},
     S#transport{mode = {C, connect(Sock, RAs, RP, [{RA,E} | Es])}};
 
 %% Lost association after establishment.
-recv({[], #sctp_assoc_change{}}, _) ->
+recv({_, #sctp_assoc_change{}}, _) ->
     stop;
 
 %% Inbound Diameter message.
@@ -580,7 +580,7 @@ recv({[#sctp_sndrcvinfo{stream = Id}], Bin}, #transport{parent = Pid})
                                              bin = Bin}),
     ok;
 
-recv({[], #sctp_shutdown_event{assoc_id = Id}},
+recv({_, #sctp_shutdown_event{assoc_id = Id}},
      #transport{assoc_id = Id}) ->
     stop;
 
@@ -593,10 +593,10 @@ recv({[], #sctp_shutdown_event{assoc_id = Id}},
 %% disabled by default so don't handle it. We could simply disable
 %% events we don't react to but don't.
 
-recv({[], #sctp_paddr_change{}}, _) ->
+recv({_, #sctp_paddr_change{}}, _) ->
     ok;
 
-recv({[], #sctp_pdapi_event{}}, _) ->
+recv({_, #sctp_pdapi_event{}}, _) ->
     ok.
 
 %% up/1
diff --git a/lib/diameter/test/Makefile b/lib/diameter/test/Makefile
index 97d9069f4a..ab5b45ff3d 100644
--- a/lib/diameter/test/Makefile
+++ b/lib/diameter/test/Makefile
@@ -50,6 +50,8 @@ TARGET_FILES = $(MODULES:%=%.$(EMULATOR))
 SUITE_MODULES = $(filter diameter_%_SUITE, $(MODULES))
 SUITES        = $(SUITE_MODULES:diameter_%_SUITE=%)
 
+DATA_DIRS = $(sort $(dir $(DATA)))
+
 # ----------------------------------------------------
 # FLAGS
 # ----------------------------------------------------
@@ -121,12 +123,12 @@ help:
 # diameter_ct:run/1 itself can't tell (it seems). The absolute -pa is
 # because ct will change directories.
 $(SUITES): log opt
-	$(ERL) -noshell \
+	$(ERL) -noinput \
 	       -pa $(realpath ../ebin) \
 	       -sname diameter_test_$@ \
 	       -s diameter_ct run diameter_$@_SUITE \
 	       -s init stop \
-	| awk '1{rc=0} {print} / FAILED /{rc=1} END{exit rc}'
+	| awk '{print} / FAILED /{rc=1} END{exit rc}' rc=0
 # Shorter in sed but requires a GNU extension (ie. Q).
 
 log:
@@ -147,9 +149,7 @@ else
 include $(ERL_TOP)/make/otp_release_targets.mk
 endif
 
-release_spec: 
-
-release_docs_spec:
+release_spec release_docs_spec:
 
 release_tests_spec:
 	$(INSTALL_DIR)  $(RELSYSDIR)
@@ -157,12 +157,18 @@ release_tests_spec:
 	                $(COVER_SPEC_FILE) \
 	                $(HRL_FILES) \
 	                $(RELSYSDIR)
+	$(MAKE) $(DATA_DIRS:%/=release_data_%)
 	$(MAKE) $(ERL_FILES:%=/%)
 
+$(DATA_DIRS:%/=release_data_%): release_data_%:
+	$(INSTALL_DIR) $(RELSYSDIR)/$*
+	$(INSTALL_DATA) $(filter $*/%, $(DATA)) $(RELSYSDIR)/$*
+
 force:
 
 .PHONY: release_spec release_docs_spec release_test_specs
 .PHONY: force
+.PHONY: $(DATA_DIRS:%/=release_data_%)
 
 # Can't just make $(ERL_FILES:%=/%) phony since then implicit rule
 # searching is skipped.
diff --git a/lib/diameter/test/diameter_app_SUITE.erl b/lib/diameter/test/diameter_app_SUITE.erl
index 7f53a4ddd4..53332af626 100644
--- a/lib/diameter/test/diameter_app_SUITE.erl
+++ b/lib/diameter/test/diameter_app_SUITE.erl
@@ -41,6 +41,19 @@
 
 -define(A, list_to_atom).
 
+%% Modules not in the app and that should not have dependencies on it
+%% for build reasons.
+-define(COMPILER_MODULES, [diameter_codegen,
+                           diameter_dict_scanner,
+                           diameter_dict_parser,
+                           diameter_dict_util,
+                           diameter_exprecs,
+                           diameter_nowarn,
+                           diameter_make]).
+
+-define(HELP_MODULES, [diameter_dbg,
+                       diameter_info]).
+
 %% ===========================================================================
 
 suite() ->
@@ -93,14 +106,8 @@ vsn(Config) ->
 modules(Config) ->
     Mods = fetch(modules, fetch(app, Config)),
     Installed = code_mods(),
-    Help = [diameter_callback,
-            diameter_codegen,
-            diameter_dbg,
-            diameter_exprecs,
-            diameter_info,
-            diameter_make,
-            diameter_spec_scan,
-            diameter_spec_util],
+    Help = lists:sort(?HELP_MODULES ++ ?COMPILER_MODULES),
+
     {[], Help} = {Mods -- Installed, lists:sort(Installed -- Mods)}.
 
 code_mods() ->
@@ -167,14 +174,12 @@ xref(Config) ->
     %% stop xref from complaining about calls to module erlang, which
     %% was previously in kernel. Erts isn't an application however, in
     %% the sense that there's no .app file, and isn't listed in
-    %% applications. Seems less than ideal. Also, diameter_tcp does
-    %% call ssl despite ssl not being listed as a dependency in the
-    %% app file since ssl is only required for TLS security: it's up
-    %% to a client who wants TLS it to start ssl.
+    %% applications.
     ok = lists:foreach(fun(A) -> add_application(XRef, A) end,
                        [?APP, erts | fetch(applications, App)]),
 
     {ok, Undefs} = xref:analyze(XRef, undefined_function_calls),
+    {ok, Called} = xref:analyze(XRef, {module_call, ?COMPILER_MODULES}),
 
     xref:stop(XRef),
 
@@ -183,7 +188,21 @@ xref(Config) ->
                               lists:member(F, Mods)
                                   andalso {F,T} /= {diameter_tcp, ssl}
                       end,
-                      Undefs).
+                      Undefs),
+    %% diameter_tcp does call ssl despite the latter not being listed
+    %% as a dependency in the app file since ssl is only required for
+    %% TLS security: it's up to a client who wants TLS it to start
+    %% ssl.
+
+    [] = lists:filter(fun is_bad_dependency/1, Called).
+
+%% It's not strictly necessary that diameter compiler modules not
+%% depend on other diameter modules but it's a simple source of build
+%% errors if not encoded in the makefile (hence the test) so guard
+%% against it.
+is_bad_dependency(Mod) ->
+    lists:prefix("diameter", atom_to_list(Mod))
+        andalso not lists:member(Mod, ?COMPILER_MODULES).
 
 add_application(XRef, App) ->
     add_application(XRef, App, code:lib_dir(App)).
diff --git a/lib/diameter/test/diameter_capx_SUITE.erl b/lib/diameter/test/diameter_capx_SUITE.erl
index e6b1558bf6..54a161d606 100644
--- a/lib/diameter/test/diameter_capx_SUITE.erl
+++ b/lib/diameter/test/diameter_capx_SUITE.erl
@@ -27,8 +27,6 @@
 -export([suite/0,
          all/0,
          groups/0,
-         init_per_group/2,
-         end_per_group/2,
          init_per_testcase/2,
          end_per_testcase/2]).
 
@@ -93,30 +91,26 @@
 -define(cea,            #diameter_base_CEA).
 -define(answer_message, #'diameter_base_answer-message').
 
+-define(fail(T), erlang:error({T, process_info(self(), messages)})).
+
+-define(TIMEOUT, 2000).
+
 %% ===========================================================================
 
 suite() ->
     [{timetrap, {seconds, 10}}].
 
-all() ->
-    [start, start_services, add_listeners
-     | [{group, N} || {N, _, _} <- groups()]]
-        ++ [remove_listeners, stop_services, stop].
+all() -> [start,
+          start_services,
+          add_listeners,
+          {group, all},
+          {group, all, [parallel]},
+          remove_listeners,
+          stop_services,
+          stop].
 
 groups() ->
-    Ts = testcases(),
-    [{grp(P), P, Ts} || P <- [[], [parallel]]].
-
-grp([]) ->
-    sequential;
-grp([parallel = P]) ->
-    P.
-
-init_per_group(_Name, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
+    [{all, [], lists:flatmap(fun tc/1, tc())}].
 
 %% Generate a unique hostname for each testcase so that watchdogs
 %% don't prevent a connection from being brought up immediately.
@@ -137,9 +131,6 @@ end_per_testcase(Name, Config) ->
     ok = diameter:remove_transport(?CLIENT, CRef).
 
 %% Testcases all come in two flavours, client and server.
-testcases() ->
-    lists:flatmap(fun tc/1, tc()).
-
 tc(Name) ->
     [?A([C,$_|?L(Name)]) || C <- "cs"].
 
@@ -270,8 +261,8 @@ s_client_reject(Config) ->
                            ?packet{}}}
                     = Info ->
             Info
-    after 2000 ->
-            fail({LRef, OH})
+    after ?TIMEOUT ->
+            ?fail({LRef, OH})
     end.
 
 c_client_reject(Config) ->
@@ -307,12 +298,12 @@ server_closed(Config, F, RC) ->
                                = Reason,
                                {listen, _}}} ->
             Reason
-    after 2000 ->
-            fail({LRef, OH})
+    after ?TIMEOUT ->
+            ?fail({LRef, OH})
     end.
 
 %% server_reject/3
-    
+
 server_reject(Config, F, RC) ->
     true = diameter:subscribe(?SERVER),
     OH = host(Config),
@@ -328,8 +319,8 @@ server_reject(Config, F, RC) ->
                                = Reason,
                                {listen, _}}} ->
             Reason
-    after 2000 ->
-            fail({LRef, OH})
+    after ?TIMEOUT ->
+            ?fail({LRef, OH})
     end.
 
 %% cliient_closed/4
@@ -345,13 +336,13 @@ client_closed(Config, Host, F, RC) ->
 
 %% client_recv/1
 
-client_recv(CRef) ->    
+client_recv(CRef) ->
     receive
         ?event{service = ?CLIENT,
                info = {closed, CRef, Reason, {connect, _}}} ->
             Reason
-    after 2000 ->
-            fail(CRef)
+    after ?TIMEOUT ->
+            ?fail(CRef)
     end.
 
 %% server_capx/3
@@ -373,9 +364,6 @@ client_capx(_, ?caps{origin_host = {[_,$_|"client_reject." ++ _], _}}) ->
 
 %% ===========================================================================
 
-fail(T) ->
-    erlang:error({T, process_info(self(), messages)}).
-
 host(Config) ->
     {_, H} = lists:keyfind(host, 1, Config),
     ?HOST(H).
diff --git a/lib/diameter/test/diameter_codec_SUITE.erl b/lib/diameter/test/diameter_codec_SUITE.erl
index 30c60be8e9..2e219bbb10 100644
--- a/lib/diameter/test/diameter_codec_SUITE.erl
+++ b/lib/diameter/test/diameter_codec_SUITE.erl
@@ -35,7 +35,8 @@
 %% testcases
 -export([base/1,
          gen/1,
-         lib/1]).
+         lib/1,
+         unknown/1]).
 
 -include("diameter_ct.hrl").
 
@@ -47,7 +48,7 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [base, gen, lib].
+    [base, gen, lib, unknown].
 
 init_per_testcase(gen, Config) ->
     [{application, ?APP, App}] = diameter_util:consult(?APP, app),
@@ -74,3 +75,26 @@ gen([{dicts, Ms} | _]) ->
 
 lib(_Config) ->
     diameter_codec_test:lib().
+
+%% Have a separate AVP dictionary just to exercise more code.
+unknown(Config) ->
+    Priv = proplists:get_value(priv_dir, Config),
+    Data = proplists:get_value(data_dir, Config),
+    ok = make(Data, "recv.dia"),
+    ok = make(Data, "avps.dia"),
+    {ok, _, _} = compile("diameter_test_avps.erl"),
+    ok = make(Data, "send.dia"),
+    {ok, _, _} = compile("diameter_test_send.erl"),
+    {ok, _, _} = compile("diameter_test_recv.erl"),
+    {ok, _, _} = compile(filename:join([Data, "diameter_test_unknown.erl"]),
+                         [{i, Priv}]),
+    diameter_test_unknown:run().
+
+make(Dir, File) ->
+    diameter_make:codec(filename:join([Dir, File])).
+
+compile(File) ->
+    compile(File, []).
+
+compile(File, Opts) ->
+    compile:file(File, [return | Opts]).
diff --git a/lib/diameter/test/diameter_codec_SUITE_data/avps.dia b/lib/diameter/test/diameter_codec_SUITE_data/avps.dia
new file mode 100644
index 0000000000..c9d80a37a9
--- /dev/null
+++ b/lib/diameter/test/diameter_codec_SUITE_data/avps.dia
@@ -0,0 +1,25 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+@name diameter_test_avps
+
+@avp_types
+
+   XXX    111    Unsigned32    M
+   YYY    222    Unsigned32    -
diff --git a/lib/diameter/test/diameter_codec_SUITE_data/diameter_test_unknown.erl b/lib/diameter/test/diameter_codec_SUITE_data/diameter_test_unknown.erl
new file mode 100644
index 0000000000..bce3d78a37
--- /dev/null
+++ b/lib/diameter/test/diameter_codec_SUITE_data/diameter_test_unknown.erl
@@ -0,0 +1,76 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(diameter_test_unknown).
+
+-compile(export_all).
+
+%%
+%% Test reception of unknown AVP's.
+%%
+
+-include_lib("diameter/include/diameter.hrl").
+-include("diameter_test_send.hrl").
+-include("diameter_test_recv.hrl").
+
+-define(HOST,  "test.erlang.org").
+-define(REALM, "erlang.org").
+
+%% Patterns to match decoded AVP's.
+-define(MANDATORY_XXX,     #diameter_avp{code = 111}).
+-define(NOT_MANDATORY_YYY, #diameter_avp{code = 222}).
+
+%% Ensure that an unknown AVP with an M flag is regarded as an error
+%% while one without an M flag is returned as 'AVP'.
+
+run() ->
+    H = #diameter_header{version = 1,
+                         end_to_end_id = 1,
+                         hop_by_hop_id = 1},
+    Vs = [{'Origin-Host', ?HOST},
+          {'Origin-Realm', ?REALM},
+          {'XXX', [0]},
+          {'YYY', [1]}],
+    Pkt = #diameter_packet{header = H,
+                           msg = Vs},
+
+    [] = diameter_util:run([{?MODULE, [run, M, enc(M, Pkt)]}
+                            || M <- ['AR','BR']]).
+
+enc(M, #diameter_packet{msg = Vs} = P) ->
+    diameter_codec:encode(diameter_test_send,
+                          P#diameter_packet{msg = [M|Vs]}).
+
+run(M, Pkt) ->
+    dec(M, diameter_codec:decode(diameter_test_recv, Pkt)).
+%% Note that the recv dictionary defines neither XXX nor YYY.
+
+dec('AR', #diameter_packet
+           {msg = #recv_AR{'Origin-Host'  = ?HOST,
+                           'Origin-Realm' = ?REALM,
+                           'AVP' = [?NOT_MANDATORY_YYY]},
+            errors = [{5001, ?MANDATORY_XXX}]}) ->
+    ok;
+
+dec('BR', #diameter_packet
+           {msg = #recv_BR{'Origin-Host'  = ?HOST,
+                           'Origin-Realm' = ?REALM},
+            errors = [{5008, ?NOT_MANDATORY_YYY},
+                      {5001, ?MANDATORY_XXX}]}) ->
+    ok.
diff --git a/lib/diameter/test/diameter_codec_SUITE_data/recv.dia b/lib/diameter/test/diameter_codec_SUITE_data/recv.dia
new file mode 100644
index 0000000000..15fec5a5dd
--- /dev/null
+++ b/lib/diameter/test/diameter_codec_SUITE_data/recv.dia
@@ -0,0 +1,51 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+@id 17
+@name   diameter_test_recv
+@prefix recv
+
+@inherits diameter_gen_base_rfc3588
+
+    Origin-Host
+    Origin-Realm
+    Result-Code
+
+@messages
+
+      AR ::= < Diameter Header: 123, REQ >
+              { Origin-Host }
+              { Origin-Realm }
+            * [ AVP ]
+
+      AA ::= < Diameter Header: 123 >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+            * [ AVP ]
+
+      BR ::= < Diameter Header: 124, REQ >
+              { Origin-Host }
+              { Origin-Realm }
+
+      BA ::= < Diameter Header: 124 >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+            * [ AVP ]
diff --git a/lib/diameter/test/diameter_codec_SUITE_data/send.dia b/lib/diameter/test/diameter_codec_SUITE_data/send.dia
new file mode 100644
index 0000000000..1472f146ae
--- /dev/null
+++ b/lib/diameter/test/diameter_codec_SUITE_data/send.dia
@@ -0,0 +1,56 @@
+;;
+;; %CopyrightBegin%
+;;
+;; Copyright Ericsson AB 2010-2011. All Rights Reserved.
+;;
+;; The contents of this file are subject to the Erlang Public License,
+;; Version 1.1, (the "License"); you may not use this file except in
+;; compliance with the License. You should have received a copy of the
+;; Erlang Public License along with this software. If not, it can be
+;; retrieved online at http://www.erlang.org/.
+;;
+;; Software distributed under the License is distributed on an "AS IS"
+;; basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+;; the License for the specific language governing rights and limitations
+;; under the License.
+;;
+;; %CopyrightEnd%
+;;
+
+@id 17
+@name   diameter_test_send
+@prefix send
+
+@inherits diameter_gen_base_rfc3588
+
+    Origin-Host
+    Origin-Realm
+    Result-Code
+
+@inherits diameter_test_avps
+
+@messages
+
+      AR ::= < Diameter Header: 123, REQ >
+              { Origin-Host }
+              { Origin-Realm }
+              [ XXX ]
+              [ YYY ]
+
+      AA ::= < Diameter Header: 123 >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+            * [ AVP ]
+
+      BR ::= < Diameter Header: 124, REQ >
+              { Origin-Host }
+              { Origin-Realm }
+              [ XXX ]
+              [ YYY ]
+
+      BA ::= < Diameter Header: 124 >
+              { Result-Code }
+              { Origin-Host }
+              { Origin-Realm }
+            * [ AVP ]
diff --git a/lib/diameter/test/diameter_codec_test.erl b/lib/diameter/test/diameter_codec_test.erl
index 8046ca4c04..fbd38067a8 100644
--- a/lib/diameter/test/diameter_codec_test.erl
+++ b/lib/diameter/test/diameter_codec_test.erl
@@ -30,6 +30,9 @@
 -define(BASE, diameter_gen_base_rfc3588).
 -define(BOOL, [true, false]).
 
+-define(A, list_to_atom).
+-define(S, atom_to_list).
+
 %% ===========================================================================
 %% Interface.
 
@@ -42,7 +45,7 @@ gen(Mod) ->
                                                       command_codes,
                                                       avp_types,
                                                       grouped,
-                                                      enums,
+                                                      enum,
                                                       import_avps,
                                                       import_groups,
                                                       import_enums]]).
@@ -133,7 +136,7 @@ types() ->
 
 gen(M, T) ->
     [] = run(lists:map(fun(X) -> {?MODULE, [gen, M, T, X]} end,
-                       fetch(T, M:dict()))).
+                       fetch(T, dict(M)))).
 
 fetch(T, Spec) ->
     case orddict:find(T, Spec) of
@@ -143,6 +146,10 @@ fetch(T, Spec) ->
             []
     end.
 
+gen(M, messages = T, {Name, Code, Flags, ApplId, Avps})
+  when is_list(Name) ->
+    gen(M, T, {?A(Name), Code, Flags, ApplId, Avps});
+
 gen(M, messages, {Name, Code, Flags, _, _}) ->
     Rname = M:msg2rec(Name),
     Name = M:rec2msg(Rname),
@@ -156,22 +163,16 @@ gen(M, messages, {Name, Code, Flags, _, _}) ->
            end,
     [] = arity(M, Name, Rname);
 
-gen(M, command_codes = T, {Code, {Req, Abbr}, Ans}) ->
-    Rname = M:msg2rec(Req),
-    Rname = M:msg2rec(Abbr),
-    gen(M, T, {Code, Req, Ans});
-
-gen(M, command_codes = T, {Code, Req, {Ans, Abbr}}) ->
-    Rname = M:msg2rec(Ans),
-    Rname = M:msg2rec(Abbr),
-    gen(M, T, {Code, Req, Ans});
-
 gen(M, command_codes, {Code, Req, Ans}) ->
-    Msgs = orddict:fetch(messages, M:dict()),
+    Msgs = orddict:fetch(messages, dict(M)),
     {_, Code, _, _, _} = lists:keyfind(Req, 1, Msgs),
     {_, Code, _, _, _} = lists:keyfind(Ans, 1, Msgs);
 
-gen(M, avp_types, {Name, Code, Type, _Flags, _Encr}) ->
+gen(M, avp_types = T, {Name, Code, Type, Flags})
+  when is_list(Name) ->
+    gen(M, T, {?A(Name), Code, ?A(Type), Flags});
+
+gen(M, avp_types, {Name, Code, Type, _Flags}) ->
     {Code, Flags, VendorId} = M:avp_header(Name),
     0 = Flags band 2#00011111,
     V = undefined /= VendorId,
@@ -181,11 +182,19 @@ gen(M, avp_types, {Name, Code, Type, _Flags, _Encr}) ->
     B = z(B),
     [] = avp_decode(M, Type, Name);
 
+gen(M, grouped = T, {Name, Code, Vid, Avps})
+  when is_list(Name) ->
+    gen(M, T, {?A(Name), Code, Vid, Avps});
+
 gen(M, grouped, {Name, _, _, _}) ->
     Rname = M:name2rec(Name),
     [] = arity(M, Name, Rname);
 
-gen(M, enums, {Name, ED}) ->
+gen(M, enum = T, {Name, ED})
+  when is_list(Name) ->
+    gen(M, T, {?A(Name), lists:map(fun({E,D}) -> {?A(E), D} end, ED)});
+
+gen(M, enum, {Name, ED}) ->
     [] = run([{?MODULE, [enum, M, Name, T]} || T <- ED]);
 
 gen(M, Tag, {_Mod, L}) ->
@@ -253,17 +262,17 @@ arity(M, Name, AvpName, Rec) ->
 
 %% enum/3
 
-enum(M, Name, {E,_}) ->
+enum(M, Name, {_,E}) ->
     B = <<E:32/integer>>,
     B = M:avp(encode, E, Name),
     E = M:avp(decode, B, Name).
 
 retag(import_avps)   -> avp_types;
 retag(import_groups) -> grouped;
-retag(import_enums)  -> enums;
+retag(import_enums)  -> enum;
 
 retag(avp_types) -> import_avps;
-retag(enums)     -> import_enums.
+retag(enum)     -> import_enums.
 
 %% ===========================================================================
 
@@ -370,8 +379,8 @@ values('Time') ->
 %% wrapped as for values/1.
 
 values('Enumerated', Name, Mod) ->
-    {_Name, Vals} = lists:keyfind(Name, 1, types(enums, Mod)),
-    lists:map(fun({N,_}) -> N end, Vals);
+    {_Name, Vals} = lists:keyfind(?S(Name), 1, types(enum, Mod)),
+    lists:map(fun({_,N}) -> N end, Vals);
 
 values('Grouped', Name, Mod) ->
     Rname = Mod:name2rec(Name),
@@ -400,8 +409,8 @@ values('AVP', _) ->
 
 values(Name, Mod) ->
     Avps = types(avp_types, Mod),
-    {Name, _Code, Type, _Flags, _Encr} = lists:keyfind(Name, 1, Avps),
-    b(values(Type, Name, Mod)).
+    {_Name, _Code, Type, _Flags} = lists:keyfind(?S(Name), 1, Avps),
+    b(values(?A(Type), Name, Mod)).
 
 %% group/5
 %%
@@ -467,7 +476,7 @@ types(T, Mod) ->
     types(T, retag(T), Mod).
 
 types(T, IT, Mod) ->
-    Dict = Mod:dict(),
+    Dict = dict(Mod),
     fetch(T, Dict) ++ lists:flatmap(fun({_,As}) -> As end, fetch(IT, Dict)).
 
 %% random/[12]
@@ -498,3 +507,8 @@ flatten({_, {{badmatch, [{_, {{badmatch, _}, _}} | _] = L}, _}}) ->
     L;
 flatten(T) ->
     [T].
+
+%% dict/1
+
+dict(Mod) ->
+    tl(Mod:dict()).
diff --git a/lib/diameter/test/diameter_compiler_SUITE.erl b/lib/diameter/test/diameter_compiler_SUITE.erl
new file mode 100644
index 0000000000..3b4c9706e0
--- /dev/null
+++ b/lib/diameter/test/diameter_compiler_SUITE.erl
@@ -0,0 +1,489 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% Tests of the dictionary file compiler.
+%%
+
+-module(diameter_compiler_SUITE).
+
+-export([suite/0,
+         all/0,
+         init_per_suite/1,
+         end_per_suite/1]).
+
+%% testcases
+-export([format/1,    format/2,
+         replace/1,   replace/2,
+         generate/1,  generate/4,  generate/0,
+         examples/1, examples/0]).
+
+-export([dict/0]).  %% fake dictionary module
+
+-define(base, "base_rfc3588.dia").
+-define(util, diameter_util).
+-define(S, atom_to_list).
+-define(L, integer_to_list).
+
+%% ===========================================================================
+
+%% RE/Replacement (in the sense of re:replace/4) pairs for morphing
+%% base_rfc3588.dia. The key is 'ok' or the the expected error as
+%% returned in the first element of the error tuple returned by
+%% diameter_dict_util:parse/2.
+-define(REPLACE,
+        [{ok,
+          "",
+          ""},
+         {scan,
+          "@id 0",
+          "@id \\&"},
+         {scan,
+          "@name ",
+          "&'"},
+         {parse,
+          "@id 0",
+          "@id @id"},
+         {avp_code_already_defined,
+          "480",
+          "485"},
+         {uint32_out_of_range,
+          "@id 0",
+          "@id 4294967296"},
+         {uint32_out_of_range,
+          "@vendor 0",
+          "@vendor 4294967296"},
+         {uint32_out_of_range,
+          [{"^ *Failed-AVP .*$", "&V"},
+           {"@avp_types", "@avp_vendor_id 4294967296 Failed-AVP\n&"}]},
+         {imported_avp_already_defined,
+          "@avp_types",
+          "@inherits diameter_gen_base_rfc3588 &"},
+         {duplicate_import,
+          [{"@avp_types", "@inherits diameter_gen_base_rfc3588 Class\n&"},
+           {"@avp_types", "@inherits diameter_gen_base_rfc3588\n&"},
+           {"^@avp_types[^@]*", ""},
+           {"^@enum[^&]*", ""}]},
+         {duplicate_section,
+          "@prefix",
+          "@name"},
+         {already_declared,
+          "@enum Termination-Cause",
+          "& XXX 0\n &"},
+         {already_declared,
+          "@define Result-Code",
+          "& XXX 1000 &"},
+         {inherited_avp_already_defined,
+          "@id",
+          "@inherits nomod Origin-Host &"},
+         {avp_already_defined,
+          "@avp_types",
+          "@inherits m XXX\nXXX\n&"},
+         {avp_already_defined,
+          "@avp_types",
+          "@inherits mod1 XXX\n@inherits mod2 XXX\n&"},
+         {key_already_defined,
+          "DIAMETER_SUCCESS",
+          "& 2001\n&"},
+         {messages_without_id,
+          "@id 0",
+          ""},
+         {avp_name_already_defined,
+          "Class",
+          "& 666 Time M\n&"},
+         {avp_has_unknown_type,
+          "Enumerated",
+          "Enum"},
+         {avp_has_invalid_flag,
+          " -",
+          " X"},
+         {avp_has_duplicate_flag,
+          " -",
+          " MM"},
+         {avp_has_vendor_id,
+          "@avp_types",
+          "@avp_vendor_id 667 Class\n&"},
+         {avp_has_no_vendor,
+          [{"^ *Class .*$", "&V"},
+           {"@vendor .*", ""}]},
+         {group_already_defined,
+          "@grouped",
+          "& Failed-AVP ::= < AVP Header: 279 > " "{AVP}\n&"},
+         {grouped_avp_code_mismatch,
+          "(Failed-AVP ::= [^0-9]*27)9",
+          "&8"},
+         {grouped_avp_has_wrong_type,
+          "(Failed-AVP *279 *)Grouped",
+          "\\1Time"},
+         {grouped_avp_not_defined,
+          "Failed-AVP *.*",
+          ""},
+         {grouped_vendor_id_without_flag,
+          "(Failed-AVP .*)>",
+          "\\1 668>"},
+         {grouped_vendor_id_mismatch,
+          [{"(Failed-AVP .*)>", "\\1 17>"},
+           {"^ *Failed-AVP .*$", "&V"},
+           {"@avp_types", "@avp_vendor_id 18 Failed-AVP\n&"}]},
+         {ok,
+          [{"(Failed-AVP .*)>", "\\1 17>"},
+           {"^ *Failed-AVP .*$", "&V"}]},
+         {message_name_already_defined,
+          "CEA ::= .*:",
+          "& 257 > {Result-Code}\n&"},
+         {message_code_already_defined,
+          "CEA( ::= .*)",
+          "XXX\\1 {Result-Code}\n&"},
+         {message_has_duplicate_flag,
+          "(CER ::=.*)>",
+          "\\1, REQ>"},
+         {message_application_id_mismatch,
+         "(CER ::=.*)>",
+          "\\1 1>"},
+         {invalid_avp_order,
+          "CEA ::=",
+          "{Result-Code} &"},
+         {ok,
+          "{ Product-Name",
+          "* &"},
+         {required_avp_has_zero_max_arity,
+          "{ Product-Name",
+          "*0 &"},
+         {required_avp_has_zero_min_arity,
+          "{ Product-Name",
+          "0* &"},
+         {required_avp_has_zero_min_arity,
+          "{ Product-Name",
+          "0*0 &"},
+         {ok,
+          "{ Product-Name",
+          "*1 &"},
+         {ok,
+          "{ Product-Name",
+          "1* &"},
+         {ok,
+          "{ Product-Name",
+          "1*1 &"},
+         {ok,
+          "{ Product-Name",
+          "2* &"},
+         {ok,
+          "{ Product-Name",
+          "*2 &"},
+         {ok,
+          "{ Product-Name",
+          "2*2 &"},
+         {ok,
+          "{ Product-Name",
+          "2*3 &"},
+         {qualifier_has_min_greater_than_max,
+          "{ Product-Name",
+          "3*2 &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "* &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "0* &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "*0 &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "0*0 &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "0*1 &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "0*2 &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "*1 &"},
+         {optional_avp_has_nonzero_min_arity,
+          "\\[ Origin-State-Id",
+          "1* &"},
+         {optional_avp_has_nonzero_min_arity,
+          "\\[ Origin-State-Id",
+          "1*1 &"},
+         {ok,
+          "\\[ Origin-State-Id",
+          "*2 &"},
+         {optional_avp_has_nonzero_min_arity,
+          "\\[ Origin-State-Id",
+          "2* &"},
+         {optional_avp_has_nonzero_min_arity,
+          "\\[ Origin-State-Id",
+          "2*2 &"},
+         {optional_avp_has_nonzero_min_arity,
+          "\\[ Origin-State-Id",
+          "2*3 &"},
+         {optional_avp_has_nonzero_min_arity,
+          "\\[ Origin-State-Id",
+          "3*2 &"},
+         {ok,
+          "^ *< Session-Id",
+          "* &"},
+         {ok,
+          "^ *< Session-Id",
+          "*0 &"},
+         {ok,
+          "^ *< Session-Id",
+          "0* &"},
+         {ok,
+          "^ *< Session-Id",
+          "0*0 &"},
+         {ok,
+          "^ *< Session-Id",
+          "0*1 &"},
+         {ok,
+          "^ *< Session-Id",
+          "0*2 &"},
+         {ok,
+          "^ *< Session-Id",
+          "*1 &"},
+         {ok,
+          "^ *< Session-Id",
+          "1* &"},
+         {ok,
+          "^ *< Session-Id",
+          "1*1 &"},
+         {ok,
+          "^ *< Session-Id",
+          "*2 &"},
+         {ok,
+          "^ *< Session-Id",
+          "2* &"},
+         {ok,
+          "^ *< Session-Id",
+          "2*2 &"},
+         {ok,
+          "^ *< Session-Id",
+          "2*3 &"},
+         {qualifier_has_min_greater_than_max,
+          "^ *< Session-Id",
+          "3*2 &"},
+         {avp_already_referenced,
+          "CER ::=.*",
+          "& {Origin-Host}"},
+         {message_missing,
+          "CER ::=",
+          "XXR ::= < Diameter-Header: 666, REQ > {Origin-Host} &"},
+         {requested_avp_not_found,
+          [{"@id", "@inherits diameter_gen_base_rfc3588 XXX &"},
+           {"CEA ::=", "<XXX> &"}]},
+         {requested_avp_not_found,
+          [{"@id", "@inherits diameter_gen_base_rfc3588 'X X X' &"},
+           {"CEA ::=", "<'X X X'> &"}]},
+         {enumerated_avp_has_wrong_local_type,
+          "Enumerated",
+          "Time"},
+         {enumerated_avp_not_defined,
+         [{"{ Disconnect-Cause }", ""},
+          {"^ *Disconnect-Cause .*", ""}]},
+         {avp_not_defined,
+          "CEA ::=",
+          "<XXX> &"},
+         {not_loaded,
+          [{"@avp_types", "@inherits nomod XXX &"},
+           {"CEA ::=", "<XXX> &"}]},
+         {recompile,
+          [{"@avp_types", "@inherits " ++ ?S(?MODULE) ++ " XXX &"},
+           {"CEA ::=", "<XXX> &"}]},
+         {no_dict,
+          [{"@avp_types", "@inherits diameter XXX &"},
+           {"CEA ::=", "<XXX> &"}]},
+         {ok,
+          "@avp_types",
+          "@end & bad syntax"},
+         {parse,
+          "@avp_types",
+          "& bad syntax"},
+         {ok,
+          [{"@avp_types", "& 3XXX 666 Time M 'X X X' 667 Time -"},
+           {"^ *Class .*", "@avp_types"},
+           {"^ *Failed-AVP ", "@avp_types &"},
+           {"@grouped", "&&"},
+           {"^ *Failed-AVP ::=", "@grouped &"},
+           {"CEA ::=", "<'Class'> &"},
+           {"@avp_types", "@inherits diameter_gen_base_rfc3588 Class\n&"},
+           {"@avp_types", "@custom_types mymod "
+                              "Product-Name Firmware-Revision\n"
+                          "@codecs mymod "
+                              "Origin-Host Origin-Realm\n&"}]}]).
+
+%% Standard dictionaries in examples/dict.
+-define(EXAMPLES, [rfc4004_mip,
+                   rfc4005_nas,
+                   rfc4006_cc,
+                   rfc4072_eap,
+                   rfc4590_digest,
+                   rfc4740_sip]).
+
+%% ===========================================================================
+
+suite() ->
+    [{timetrap, {seconds, 5}}].
+
+all() ->
+    [format,
+     replace,
+     generate,
+     examples].
+
+%% Error handling testcases will make an erroneous dictionary out of
+%% the base dictionary and check that the expected error results.
+%% ?REPLACE encodes the modifications and expected error.
+init_per_suite(Config) ->
+    Path = filename:join([code:lib_dir(diameter, src), "dict", ?base]),
+    {ok, Bin} = file:read_file(Path),
+    [{base, Bin} | Config].
+
+end_per_suite(_Config) ->
+    ok.
+
+%% ===========================================================================
+%% format/1
+%%
+%% Ensure that parse o format is the identity map.
+
+format(Config) ->
+    Bin = proplists:get_value(base, Config),
+    [] = ?util:run([{?MODULE, [format, M, Bin]}
+                    || E <- ?REPLACE,
+                       {ok, M} <- [norm(E)]]).
+
+format(Mods, Bin) ->
+    B = modify(Bin, Mods),
+    {ok, Dict} = diameter_dict_util:parse(B, []),
+    {ok, D} = diameter_dict_util:parse(diameter_dict_util:format(Dict), []),
+    {Dict, Dict} = {Dict, D}.
+
+%% ===========================================================================
+%% replace/1
+%%
+%% Ensure the expected success/error when parsing a morphed common
+%% dictionary.
+
+replace(Config) ->
+    Bin = proplists:get_value(base, Config),
+    [] = ?util:run([{?MODULE, [replace, N, Bin]}
+                    || E <- ?REPLACE,
+                       N <- [norm(E)]]).
+
+replace({E, Mods}, Bin) ->
+    B = modify(Bin, Mods),
+    case {E, diameter_dict_util:parse(B, [{include, here()}]), Mods} of
+        {ok, {ok, Dict}, _} ->
+            Dict;
+        {_, {error, {E,_} = T}, _} ->
+            S = diameter_dict_util:format_error(T),
+            true = nochar($", S, E),
+            true = nochar($', S, E),
+            S
+    end.
+
+re({RE, Repl}, Bin) ->
+    re:replace(Bin, RE, Repl, [multiline]).
+
+%% ===========================================================================
+%% generate/1
+%%
+%% Ensure success when generating code and compiling.
+
+generate() ->
+    [{timetrap, {seconds, 2*length(?REPLACE)}}].
+
+generate(Config) ->
+    Bin = proplists:get_value(base, Config),
+    Rs  = lists:zip(?REPLACE, lists:seq(1, length(?REPLACE))),
+    [] = ?util:run([{?MODULE, [generate, M, Bin, N, T]}
+                    || {E,N} <- Rs,
+                       {ok, M} <- [norm(E)],
+                       T <- [erl, hrl, spec]]).
+
+generate(Mods, Bin, N, Mode) ->
+    B = modify(Bin, Mods ++ [{"@name .*", "@name dict" ++ ?L(N)}]),
+    {ok, Dict} = diameter_dict_util:parse(B, []),
+    File = "dict" ++ integer_to_list(N),
+    {_, ok} = {Dict, diameter_codegen:from_dict("dict",
+                                                Dict,
+                                                [{name, File},
+                                                 {prefix, "base"},
+                                                 debug],
+                                                Mode)},
+    Mode == erl
+        andalso ({ok, _} = compile:file(File ++ ".erl", [return_errors])).
+
+%% ===========================================================================
+%% examples/1
+%%
+%% Compile dictionaries extracted from various standards.
+
+examples() ->
+    [{timetrap, {seconds, 3*length(?EXAMPLES)}}].
+
+examples(_Config) ->
+    Dir = filename:join([code:lib_dir(diameter, examples), "dict"]),
+    [D || D <- ?EXAMPLES, _ <- [examples(?S(D), Dir)]].
+
+examples(Dict, Dir) ->
+    {Name, Pre} = make_name(Dict),
+    ok = diameter_make:codec(filename:join([Dir, Dict ++ ".dia"]),
+                             [{name, Name},
+                              {prefix, Pre},
+                              inherits("rfc3588_base")
+                              | opts(Dict)]),
+    {ok, _, _} = compile:file(Name ++ ".erl", [return]).
+
+opts(M)
+  when M == "rfc4006_cc";
+       M == "rfc4072_eap" ->
+    [inherits("rfc4005_nas")];
+opts("rfc4740_sip") ->
+    [inherits("rfc4590_digest")];
+opts(_) ->
+    [].
+
+inherits(File) ->
+    {Name, _} = make_name(File),
+    {inherits, File ++ "/" ++ Name}.
+
+make_name(File) ->
+    {R, [$_|N]} = lists:splitwith(fun(C) -> C /= $_ end, File),
+    {string:join(["diameter_gen", N, R], "_"), "diameter_" ++ N}.
+
+%% ===========================================================================
+
+modify(Bin, Mods) ->
+    lists:foldl(fun re/2, Bin, Mods).
+
+norm({E, RE, Repl}) ->
+    {E, [{RE, Repl}]};
+norm({_,_} = T) ->
+    T.
+
+nochar(Char, Str, Err) ->
+    Err == parse orelse not lists:member(Char, Str) orelse Str.
+
+here() ->
+    filename:dirname(code:which(?MODULE)).
+
+dict() ->
+    [0 | orddict:new()].
diff --git a/lib/diameter/test/diameter_dict_SUITE.erl b/lib/diameter/test/diameter_dict_SUITE.erl
index 87bb9727fe..5cf8506d3f 100644
--- a/lib/diameter/test/diameter_dict_SUITE.erl
+++ b/lib/diameter/test/diameter_dict_SUITE.erl
@@ -25,9 +25,7 @@
 
 -export([suite/0,
          all/0,
-         groups/0,
-         init_per_group/2,
-         end_per_group/2]).
+         groups/0]).
 
 %% testcases
 -export([append/1,
@@ -53,10 +51,11 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [{group, all} | tc()].
+    [{group, all},
+     {group, all, [parallel]}].
 
 groups() ->
-    [{all, [parallel], tc()}].
+    [{all, [], tc()}].
 
 tc() ->
     [append,
@@ -71,12 +70,6 @@ tc() ->
      update,
      update_counter].
 
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
-
 %% ===========================================================================
 
 -define(KV100, [{N,[N]} || N <- lists:seq(1,100)]).
diff --git a/lib/diameter/test/diameter_failover_SUITE.erl b/lib/diameter/test/diameter_failover_SUITE.erl
index f4d62f94c6..53398dd93e 100644
--- a/lib/diameter/test/diameter_failover_SUITE.erl
+++ b/lib/diameter/test/diameter_failover_SUITE.erl
@@ -48,18 +48,13 @@
          stop/1]).
 
 %% diameter callbacks
--export([peer_up/3,
-         peer_down/3,
-         pick_peer/4,
+-export([pick_peer/4,
          prepare_request/3,
-         prepare_retransmit/3,
          handle_answer/4,
-         handle_error/4,
          handle_request/3]).
 
 -include("diameter.hrl").
 -include("diameter_gen_base_rfc3588.hrl").
--include("diameter_ct.hrl").
 
 %% ===========================================================================
 
@@ -91,7 +86,12 @@
          {'Acct-Application-Id', [Dict:id()]},
          {application, [{alias, ?APP_ALIAS},
                         {dictionary, Dict},
-                        {module, ?MODULE},
+                        {module, #diameter_callback
+                                  {peer_up = false,
+                                   peer_down = false,
+                                   handle_error = false,
+                                   prepare_retransmit = false,
+                                   default = ?MODULE}},
                         {answer_errors, callback}]}]).
 
 -define(SUCCESS, 2001).
@@ -174,23 +174,13 @@ realm(Host) ->
 
 call(Req, Opts) ->
     diameter:call(?CLIENT, ?APP_ALIAS, Req, Opts).
-    
+
 set([H|T], Vs) ->
     [H | Vs ++ T].
 
 %% ===========================================================================
 %% diameter callbacks
 
-%% peer_up/3
-
-peer_up(_SvcName, _Peer, State) ->
-    State.
-
-%% peer_down/3
-
-peer_down(_SvcName, _Peer, State) ->
-    State.
-
 %% pick_peer/4
 
 %% Choose a server other than SERVER3 or SERVER5 if possible.
@@ -219,22 +209,12 @@ prepare(#diameter_packet{msg = Req}, Caps) ->
               {'Origin-Host',  OH},
               {'Origin-Realm', OR}]).
 
-%% prepare_retransmit/3
-
-prepare_retransmit(Pkt, ?CLIENT, _Peer) ->
-    {send, Pkt}.
-
 %% handle_answer/4
 
 handle_answer(Pkt, _Req, ?CLIENT, _Peer) ->
     #diameter_packet{msg = Rec, errors = []} = Pkt,
     Rec.
 
-%% handle_error/4
-
-handle_error(Reason, _Req, ?CLIENT, _Peer) ->
-    {error, Reason}.
-
 %% handle_request/3
 
 %% Only SERVER3 actually answers.
diff --git a/lib/diameter/test/diameter_gen_sctp_SUITE.erl b/lib/diameter/test/diameter_gen_sctp_SUITE.erl
new file mode 100644
index 0000000000..7f435a6b7a
--- /dev/null
+++ b/lib/diameter/test/diameter_gen_sctp_SUITE.erl
@@ -0,0 +1,354 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+%% Some gen_sctp-specific tests demonstrating problems that were
+%% encountered during diameter development but have nothing
+%% specifically to do with diameter. At least one of them can cause
+%% diameter_transport_SUITE testcases to fail.
+%%
+
+-module(diameter_gen_sctp_SUITE).
+
+-export([suite/0,
+         all/0,
+         init_per_suite/1,
+         end_per_suite/1]).
+
+%% testcases
+-export([send_not_from_controlling_process/1,
+         send_from_multiple_clients/1,
+         receive_what_was_sent/1]).
+
+-include_lib("kernel/include/inet_sctp.hrl").
+
+%% Message from gen_sctp are of this form.
+-define(SCTP(Sock, Data), {sctp, Sock, _, _, Data}).
+
+%% Open sockets on the loopback address.
+-define(ADDR, {127,0,0,1}).
+
+%% Snooze, nap, siesta.
+-define(SLEEP(T), receive after T -> ok end).
+
+%% An indescribably long number of milliseconds after which everthing
+%% that should have happened has.
+-define(FOREVER, 2000).
+
+%% The first byte in each message we send as a simple guard against
+%% not receiving what was sent.
+-define(MAGIC, 42).
+
+%% ===========================================================================
+
+suite() ->
+    [{timetrap, {minutes, 2}}].
+
+all() ->
+    [send_not_from_controlling_process,
+     send_from_multiple_clients,
+     receive_what_was_sent].
+
+init_per_suite(Config) ->
+    case gen_sctp:open() of
+        {ok, Sock} ->
+            gen_sctp:close(Sock),
+            Config;
+        {error, E} when E == eprotonosupport;
+                        E == esocktnosupport ->
+            {skip, no_sctp}
+    end.
+
+end_per_suite(_Config) ->
+    ok.
+
+%% ===========================================================================
+
+%% send_not_from_controlling_process/1
+%%
+%% This testcase failing shows gen_sctp:send/4 hanging when called
+%% outside the controlling process of the socket in question.
+
+send_not_from_controlling_process(_) ->
+    Pids = send_not_from_controlling_process(),
+    ?SLEEP(?FOREVER),
+    try
+        [] = [{P,I} || P <- Pids, I <- [process_info(P)], I /= undefined]
+    after
+        lists:foreach(fun(P) -> exit(P, kill) end, Pids)
+    end.
+
+%% send_not_from_controlling_process/0
+%%
+%% Returns the pids of three spawned processes: a listening process, a
+%% connecting process and a sending process.
+%%
+%% The expected behaviour is that all three processes exit:
+%%
+%% - The listening process exits upon receiving an SCTP message
+%%   sent by the sending process.
+%% - The connecting process exits upon listening process exit.
+%% - The sending process exits upon gen_sctp:send/4 return.
+%%
+%% The observed behaviour is that all three processes remain alive
+%% indefinitely:
+%%
+%% - The listening process never receives the SCTP message sent
+%%   by the sending process.
+%% - The connecting process has an inet_reply message in its mailbox
+%%   as a consequence of the call to gen_sctp:send/4 call from the
+%%   sending process.
+%% - The call to gen_sctp:send/4 in the sending process doesn't return,
+%%   hanging in prim_inet:getopts/2.
+
+send_not_from_controlling_process() ->
+    FPid = self(),
+    {L, MRef} = spawn_monitor(fun() -> listen(FPid) end),%% listening process
+    receive
+        {?MODULE, C, S} ->
+            erlang:demonitor(MRef, [flush]),
+            [L,C,S];
+        {'DOWN', MRef, process, _, _} = T ->
+            error(T)
+    end.
+
+%% listen/1
+
+listen(FPid) ->
+    {ok, Sock} = open(),
+    ok = gen_sctp:listen(Sock, true),
+    {ok, PortNr} = inet:port(Sock),
+    LPid = self(),
+    spawn(fun() -> connect1(PortNr, FPid, LPid) end), %% connecting process
+    Id = assoc(Sock),
+    ?SCTP(Sock, {[#sctp_sndrcvinfo{assoc_id = Id}], _Bin})
+        = recv(). %% Waits with this as current_function.
+
+%% recv/0
+
+recv() ->
+    receive T -> T end.
+
+%% connect1/3
+
+connect1(PortNr, FPid, LPid) ->
+    {ok, Sock} = open(),
+    ok = gen_sctp:connect_init(Sock, ?ADDR, PortNr, []),
+    Id = assoc(Sock),
+    FPid ! {?MODULE,
+            self(),
+            spawn(fun() -> send(Sock, Id) end)}, %% sending process
+    MRef = erlang:monitor(process, LPid),
+    down(MRef).  %% Waits with this as current_function.
+
+%% down/1
+
+down(MRef) ->
+    receive {'DOWN', MRef, process, _, Reason} -> Reason end.
+
+%% send/2
+
+send(Sock, Id) ->
+    ok = gen_sctp:send(Sock, Id, 0, <<0:32>>).
+
+%% ===========================================================================
+
+%% send_from_multiple_clients/0
+%%
+%% Demonstrates sluggish delivery of messages.
+
+send_from_multiple_clients(_) ->
+    {S, Rs} = T = send_from_multiple_clients(8, 1024),
+    {false, [], _} = {?FOREVER < S,
+                      Rs -- [OI || {O,_} = OI <- Rs, is_integer(O)],
+                      T}.
+
+%% send_from_multiple_clients/2
+%%
+%% Opens a listening socket and then spawns a specified number of
+%% processes, each of which connects to the listening socket. Each
+%% connecting process then sends a message, whose size in bytes is
+%% passed as an argument, the listening process sends a reply
+%% containing the time at which the message was received, and the
+%% connecting process then exits upon reception of this reply.
+%%
+%% Returns the elapsed time for all connecting process to exit
+%% together with a list of exit reasons for the connecting processes.
+%% In the successful case a connecting process exits with the
+%% outbound/inbound transit times for the sent/received message as
+%% reason.
+%%
+%% The observed behaviour is that some outbound messages (that is,
+%% from a connecting process to the listening process) can take an
+%% unexpectedly long time to complete their journey. The more
+%% connecting processes, the longer the possible delay it seems.
+%%
+%% eg. (With F = fun send_from_multiple_clients/2.)
+%%
+%%     5> F(2, 1024).
+%%     {875,[{128,116},{113,139}]}
+%%     6> F(4, 1024).
+%%     {2995290,[{2994022,250},{2994071,80},{200,130},{211,113}]}
+%%     7> F(8, 1024).
+%%     {8997461,[{8996161,116},
+%%               {2996471,86},
+%%               {2996278,116},
+%%               {2996360,95},
+%%               {246,112},
+%%               {213,159},
+%%               {373,173},
+%%               {376,118}]}
+%%     8> F(8, 1024).
+%%     {21001891,[{20999968,128},
+%%                {8997891,172},
+%%                {8997927,91},
+%%                {2995716,164},
+%%                {2995860,87},
+%%                {134,100},
+%%                {117,98},
+%%                {149,125}]}
+
+send_from_multiple_clients(N, Sz)
+  when is_integer(N), 0 < N, is_integer(Sz), 0 < Sz ->
+    timer:tc(fun listen/2, [N, <<?MAGIC, 0:Sz/unit:8>>]).
+
+%% listen/2
+
+listen(N, Bin) ->
+    {ok, Sock} = open(),
+    ok = gen_sctp:listen(Sock, true),
+    {ok, PortNr} = inet:port(Sock),
+
+    %% Spawn a middleman that in turn spawns N connecting processes,
+    %% collects a list of exit reasons and then exits with the list as
+    %% reason. loop/3 returns when we receive this list from the
+    %% middleman's 'DOWN'.
+
+    Self = self(),
+    Fun = fun() -> exit(connect2(Self, PortNr, Bin)) end,
+    {_, MRef} = spawn_monitor(fun() -> exit(fold(N, Fun)) end),
+    loop(Sock, MRef, Bin).
+
+%% fold/2
+%%
+%% Spawn N processes and collect their exit reasons in a list.
+
+fold(N, Fun) ->
+    start(N, Fun),
+    acc(N, []).
+
+start(0, _) ->
+    ok;
+start(N, Fun) ->
+    spawn_monitor(Fun),
+    start(N-1, Fun).
+
+acc(0, Acc) ->
+    Acc;
+acc(N, Acc) ->
+    receive
+        {'DOWN', _MRef, process, _, RC} ->
+            acc(N-1, [RC | Acc])
+    end.
+
+%% loop/3
+
+loop(Sock, MRef, Bin) ->
+    receive
+        ?SCTP(Sock, {[#sctp_sndrcvinfo{assoc_id = Id}], B}) ->
+            Sz = size(Bin),
+            {Sz, Bin} = {size(B), B},  %% assert
+            ok = send(Sock, Id, mark(Bin)),
+            loop(Sock, MRef, Bin);
+        ?SCTP(Sock, _) ->
+            loop(Sock, MRef, Bin);
+        {'DOWN', MRef, process, _, Reason} ->
+            Reason
+    end.
+
+%% connect2/3
+
+connect2(Pid, PortNr, Bin) ->
+    erlang:monitor(process, Pid),
+
+    {ok, Sock} = open(),
+    ok = gen_sctp:connect_init(Sock, ?ADDR, PortNr, []),
+    Id = assoc(Sock),
+
+    %% T1 = time before send
+    %% T2 = time after listening process received our message
+    %% T3 = time after reply is received
+
+    T1 = now(),
+    ok = send(Sock, Id, Bin),
+    T2 = unmark(recv(Sock, Id)),
+    T3 = now(),
+    {timer:now_diff(T2, T1), timer:now_diff(T3, T2)}. %% {Outbound, Inbound}
+
+%% recv/2
+
+recv(Sock, Id) ->
+    receive
+        ?SCTP(Sock, {[#sctp_sndrcvinfo{assoc_id = Id}], Bin}) ->
+            Bin;
+        T ->  %% eg. 'DOWN'
+            exit(T)
+    end.
+
+%% send/3
+
+send(Sock, Id, Bin) ->
+    gen_sctp:send(Sock, Id, 0, Bin).
+
+%% mark/1
+
+mark(Bin) ->
+    Info = term_to_binary(now()),
+    <<Info/binary, Bin/binary>>.
+
+%% unmark/1
+
+unmark(Bin) ->
+    {_,_,_} = binary_to_term(Bin).
+
+%% ===========================================================================
+
+%% receive_what_was_sent/1
+%%
+%% Demonstrates reception of a message that differs from that sent.
+
+receive_what_was_sent(_Config) ->
+    send_from_multiple_clients(1, 1024*32).  %% fails
+
+%% ===========================================================================
+
+%% open/0
+
+open() ->
+    gen_sctp:open([{ip, ?ADDR}, {port, 0}, {active, true}, binary]).
+
+%% assoc/1
+
+assoc(Sock) ->
+    receive
+        ?SCTP(Sock, {[], #sctp_assoc_change{state = S,
+                                            assoc_id = Id}}) ->
+            comm_up = S,  %% assert
+            Id
+    end.
diff --git a/lib/diameter/test/diameter_reg_SUITE.erl b/lib/diameter/test/diameter_reg_SUITE.erl
index ade824c9dd..ec6a0ca731 100644
--- a/lib/diameter/test/diameter_reg_SUITE.erl
+++ b/lib/diameter/test/diameter_reg_SUITE.erl
@@ -26,8 +26,6 @@
 -export([suite/0,
          all/0,
          groups/0,
-         init_per_group/2,
-         end_per_group/2,
          init_per_suite/1,
          end_per_suite/1]).
 
@@ -48,10 +46,11 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [{group, all} | tc()].
+    [{group, all},
+     {group, all, [parallel]}].
 
 groups() ->
-    [{all, [parallel], tc()}].
+    [{all, [], tc()}].
 
 tc() ->
     [add,
@@ -61,12 +60,6 @@ tc() ->
      terms,
      pids].
 
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
-
 init_per_suite(Config) ->
     ok = diameter:start(),
     Config.
diff --git a/lib/diameter/test/diameter_relay_SUITE.erl b/lib/diameter/test/diameter_relay_SUITE.erl
index 40cbdf805a..70e1866791 100644
--- a/lib/diameter/test/diameter_relay_SUITE.erl
+++ b/lib/diameter/test/diameter_relay_SUITE.erl
@@ -35,9 +35,7 @@
 
 -export([suite/0,
          all/0,
-         groups/0,
-         init_per_group/2,
-         end_per_group/2]).
+         groups/0]).
 
 %% testcases
 -export([start/1,
@@ -55,18 +53,14 @@
          stop/1]).
 
 %% diameter callbacks
--export([peer_up/3,
-         peer_down/3,
-         pick_peer/4,
+-export([pick_peer/4,
          prepare_request/3,
          prepare_retransmit/3,
          handle_answer/4,
-         handle_error/4,
          handle_request/3]).
 
 -include("diameter.hrl").
 -include("diameter_gen_base_rfc3588.hrl").
--include("diameter_ct.hrl").
 
 %% ===========================================================================
 
@@ -102,7 +96,10 @@
          {'Acct-Application-Id', [Dict:id()]},
          {application, [{alias, ?APP_ALIAS},
                         {dictionary, Dict},
-                        {module, ?MODULE},
+                        {module, #diameter_callback{peer_up = false,
+                                                    peer_down = false,
+                                                    handle_error = false,
+                                                    default = ?MODULE}},
                         {answer_errors, callback}]}]).
 
 -define(SUCCESS, 2001).
@@ -118,21 +115,17 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [start, start_services, connect]
-        ++ tc()
-        ++ [{group, all},
-            disconnect,
-            stop_services,
-            stop].
+    [start,
+     start_services,
+     connect,
+     {group, all},
+     {group, all, [parallel]},
+     disconnect,
+     stop_services,
+     stop].
 
 groups() ->
-    [{all, [parallel], tc()}].
-
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
+    [{all, [], tc()}].
 
 %% Traffic cases run when services are started and connections
 %% established.
@@ -249,23 +242,13 @@ call(Server) ->
 
 call(Req, Opts) ->
     diameter:call(?CLIENT, ?APP_ALIAS, Req, Opts).
-    
+
 set([H|T], Vs) ->
     [H | Vs ++ T].
 
 %% ===========================================================================
 %% diameter callbacks
 
-%% peer_up/3
-
-peer_up(_SvcName, _Peer, State) ->
-    State.
-
-%% peer_down/3
-
-peer_down(_SvcName, _Peer, State) ->
-    State.
-
 %% pick_peer/4
 
 pick_peer([Peer | _], _, Svc, _State)
@@ -309,11 +292,6 @@ handle_answer(Pkt, _Req, ?CLIENT, _Peer) ->
     #diameter_packet{msg = Rec, errors = []} = Pkt,
     Rec.
 
-%% handle_error/4
-
-handle_error(Reason, _Req, _Svc, _Peer) ->
-    {error, Reason}.
-
 %% handle_request/3
 
 handle_request(Pkt, OH, {_Ref, #diameter_caps{origin_host = {OH,_}} = Caps})
diff --git a/lib/diameter/test/diameter_stats_SUITE.erl b/lib/diameter/test/diameter_stats_SUITE.erl
index e50a0050a6..e7807fd360 100644
--- a/lib/diameter/test/diameter_stats_SUITE.erl
+++ b/lib/diameter/test/diameter_stats_SUITE.erl
@@ -26,8 +26,6 @@
 -export([suite/0,
          all/0,
          groups/0,
-         init_per_group/2,
-         end_per_group/2,
          init_per_suite/1,
          end_per_suite/1]).
 
@@ -44,21 +42,16 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [{group, all} | tc()].
+    [{group, all},
+     {group, all, [parallel]}].
 
 groups() ->
-    [{all, [parallel], tc()}].
+    [{all, [], tc()}].
 
 tc() ->
     [an,
      twa].
 
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
-
 init_per_suite(Config) ->
     ok = diameter:start(),
     Config.
diff --git a/lib/diameter/test/diameter_sync_SUITE.erl b/lib/diameter/test/diameter_sync_SUITE.erl
index 84f77b6066..ab629fb1c1 100644
--- a/lib/diameter/test/diameter_sync_SUITE.erl
+++ b/lib/diameter/test/diameter_sync_SUITE.erl
@@ -26,8 +26,6 @@
 -export([suite/0,
          all/0,
          groups/0,
-         init_per_group/2,
-         end_per_group/2,
          init_per_suite/1,
          end_per_suite/1]).
 
@@ -48,10 +46,11 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [{group, all} | tc()].
+    [{group, all},
+     {group, all, [parallel]}].
 
 groups() ->
-    [{all, [parallel], tc()}].
+    [{all, [], tc()}].
 
 tc() ->
     [call,
@@ -59,12 +58,6 @@ tc() ->
      timeout,
      flush].
 
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
-
 init_per_suite(Config) ->
     ok = diameter:start(),
     Config.
diff --git a/lib/diameter/test/diameter_tls_SUITE.erl b/lib/diameter/test/diameter_tls_SUITE.erl
index 127e3435dc..85b953dc1a 100644
--- a/lib/diameter/test/diameter_tls_SUITE.erl
+++ b/lib/diameter/test/diameter_tls_SUITE.erl
@@ -36,8 +36,6 @@
 -export([suite/0,
          all/0,
          groups/0,
-         init_per_group/2,
-         end_per_group/2,
          init_per_suite/1,
          end_per_suite/1]).
 
@@ -58,18 +56,13 @@
          stop_ssl/1]).
 
 %% diameter callbacks
--export([peer_up/3,
-         peer_down/3,
-         pick_peer/4,
-         prepare_request/3,
+-export([prepare_request/3,
          prepare_retransmit/3,
          handle_answer/4,
-         handle_error/4,
          handle_request/3]).
 
 -include("diameter.hrl").
 -include("diameter_gen_base_rfc3588.hrl").
--include("diameter_ct.hrl").
 
 %% ===========================================================================
 
@@ -105,7 +98,11 @@
          {'Auth-Application-Id', [Dict:id()]},
          {application, [{alias, ?APP_ALIAS},
                         {dictionary, Dict},
-                        {module, ?MODULE},
+                        {module, #diameter_callback{peer_up = false,
+                                                    peer_down = false,
+                                                    pick_peer = false,
+                                                    handle_error = false,
+                                                    default = ?MODULE}},
                         {answer_errors, callback}]}]).
 
 %% Config for diameter:add_transport/2. In the listening case, listen
@@ -137,31 +134,33 @@ all() ->
      start_diameter,
      make_certs,
      start_services,
-     add_transports]
-        ++ [{group, N} || {N, _, _} <- groups()]
-        ++ [remove_transports, stop_services, stop_diameter, stop_ssl].
+     add_transports,
+     {group, all},
+     {group, all, [parallel]},
+     remove_transports,
+     stop_services,
+     stop_diameter,
+     stop_ssl].
 
 groups() ->
-    Ts = tc(),
-    [{all, [], Ts},
-     {p, [parallel], Ts}].
-
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
+    [{all, [], tc()}].
 
+%% Shouldn't really have to know about crypto here but 'ok' from
+%% ssl:start() isn't enough to guarantee that TLS is available.
 init_per_suite(Config) ->
-    case os:find_executable("openssl") of
-        false ->
-            {skip, no_openssl};
-        _ ->
-            Config
+    try
+        false /= os:find_executable("openssl")
+            orelse throw({?MODULE, no_openssl}),
+        ok == (catch crypto:start())
+            orelse throw({?MODULE, no_crypto}),
+        Config
+    catch
+        {?MODULE, E} ->
+            {skip, E}
     end.
 
 end_per_suite(_Config) ->
-    ok.
+    crypto:stop().
 
 %% Testcases to run when services are started and connections
 %% established.
@@ -246,21 +245,6 @@ send5(_Config) ->
 %% ===========================================================================
 %% diameter callbacks
 
-%% peer_up/3
-
-peer_up(_SvcName, _Peer, State) ->
-    State.
-
-%% peer_down/3
-
-peer_down(_SvcName, _Peer, State) ->
-    State.
-
-%% pick_peer/4
-
-pick_peer([Peer], _, ?CLIENT, _State) ->
-    {ok, Peer}.
-
 %% prepare_request/3
 
 prepare_request(#diameter_packet{msg = Req},
@@ -285,11 +269,6 @@ handle_answer(Pkt, _Req, ?CLIENT, _Peer) ->
     #diameter_packet{msg = Rec, errors = []} = Pkt,
     Rec.
 
-%% handle_error/4
-
-handle_error(Reason, _Req, ?CLIENT, _Peer) ->
-    {error, Reason}.
-
 %% handle_request/3
 
 handle_request(#diameter_packet{msg = #diameter_base_STR{'Session-Id' = SId}},
diff --git a/lib/diameter/test/diameter_traffic_SUITE.erl b/lib/diameter/test/diameter_traffic_SUITE.erl
index 55c5fc7c54..6eed8d3b5d 100644
--- a/lib/diameter/test/diameter_traffic_SUITE.erl
+++ b/lib/diameter/test/diameter_traffic_SUITE.erl
@@ -89,7 +89,6 @@
 
 -include("diameter.hrl").
 -include("diameter_gen_base_rfc3588.hrl").
--include("diameter_ct.hrl").
 
 %% ===========================================================================
 
@@ -163,27 +162,16 @@ suite() ->
     [{timetrap, {seconds, 10}}].
 
 all() ->
-    [start, start_services, add_transports, result_codes
-     | [{group, N} || {N, _, _} <- groups()]]
+    [start, start_services, add_transports, result_codes]
+        ++ [{group, E, P} || E <- ?ENCODINGS, P <- [[], [parallel]]]
         ++ [remove_transports, stop_services, stop].
 
 groups() ->
     Ts = tc(),
-    [{grp(E,P), P, Ts} || E <- ?ENCODINGS, P <- [[], [parallel]]].
-
-grp(E, []) ->
-    E;
-grp(E, [parallel]) ->
-    ?P(E).
+    [{E, [], Ts} || E <- ?ENCODINGS].
 
 init_per_group(Name, Config) ->
-    E = case ?L(Name) of
-            "p_" ++ Rest ->
-                ?A(Rest);
-            _ ->
-                Name
-        end,
-    [{encode, E} | Config].
+    [{encode, Name} | Config].
 
 end_per_group(_, _) ->
     ok.
@@ -517,10 +505,10 @@ send_multiple_filters(Config, Fs) ->
 %% Ensure that we can pass a request in any form to diameter:call/4,
 %% only the return value from the prepare_request callback being
 %% significant.
-send_anything(Config) ->    
+send_anything(Config) ->
     #diameter_base_STA{'Result-Code' = ?SUCCESS}
         = call(Config, anything).
-    
+
 %% ===========================================================================
 
 call(Config, Req) ->
diff --git a/lib/diameter/test/diameter_transport_SUITE.erl b/lib/diameter/test/diameter_transport_SUITE.erl
index c22adc3334..893b7ba2f9 100644
--- a/lib/diameter/test/diameter_transport_SUITE.erl
+++ b/lib/diameter/test/diameter_transport_SUITE.erl
@@ -27,8 +27,6 @@
 -export([suite/0,
          all/0,
          groups/0,
-         init_per_group/2,
-         end_per_group/2,
          init_per_suite/1,
          end_per_suite/1]).
 
@@ -46,7 +44,6 @@
 
 -include_lib("kernel/include/inet_sctp.hrl").
 -include("diameter.hrl").
--include("diameter_ct.hrl").
 
 -define(util, diameter_util).
 
@@ -93,10 +90,13 @@ suite() ->
     [{timetrap, {minutes, 2}}].
 
 all() ->
-    [start | tc()] ++ [{group, all}, stop].
+    [start,
+     {group, all},
+     {group, all, [parallel]},
+     stop].
 
 groups() ->
-    [{all, [parallel], tc()}].
+    [{all, [], tc()}].
 
 tc() ->
     [tcp_accept,
@@ -104,12 +104,6 @@ tc() ->
      sctp_accept,
      sctp_connect].
 
-init_per_group(_, Config) ->
-    Config.
-
-end_per_group(_, _) ->
-    ok.
-
 init_per_suite(Config) ->
     [{sctp, have_sctp()} | Config].
 
@@ -176,14 +170,12 @@ connect(Prot) ->
 %% have_sctp/0
 
 have_sctp() ->
-    try gen_sctp:open() of
+    case gen_sctp:open() of
         {ok, Sock} ->
             gen_sctp:close(Sock),
             true;
-        {error, eprotonosupport} ->  %% fail on any other reason
-            false
-    catch
-        error: badarg ->
+        {error, E} when E == eprotonosupport;
+                        E == esocktnosupport -> %% fail on any other reason
             false
     end.
 
@@ -220,7 +212,7 @@ init(gen_connect, {Prot, Ref}) ->
     [PortNr] = ?util:lport(Prot, Ref, 20),
 
     %% Connect, send a message and receive it back.
-    {ok, Sock} = gen_connect(Prot, PortNr, Ref),
+    {ok, Sock} = gen_connect(Prot, PortNr),
     Bin = make_msg(),
     ok = gen_send(Prot, Sock, Bin),
     Bin = gen_recv(Prot, Sock);
@@ -359,20 +351,7 @@ tmod(tcp) ->
 
 %% ===========================================================================
 
-%% gen_connect/3
-
-gen_connect(Prot, PortNr, Ref) ->
-    Pid = sync(connect, Ref),
-
-    %% Stagger connect attempts to avoid the situation that no
-    %% transport process is accepting yet.
-    receive after 250 -> ok end,
-
-    try
-        gen_connect(Prot, PortNr)
-    after
-        Pid ! Ref
-    end.
+%% gen_connect/2
 
 gen_connect(sctp = P, PortNr) ->
     {ok, Sock} = Ok = gen_sctp:open([{ip, ?ADDR}, {port, 0} | ?SCTP_OPTS]),
diff --git a/lib/diameter/test/diameter_util.erl b/lib/diameter/test/diameter_util.erl
index 6b1dc1f0c9..0c42f955ad 100644
--- a/lib/diameter/test/diameter_util.erl
+++ b/lib/diameter/test/diameter_util.erl
@@ -212,7 +212,7 @@ read_priv(Config, Name) ->
 read(Path) ->
     {ok, Bin} = file:read_file(Path),
     binary_to_term(Bin).
-    
+
 %% map_priv/3
 %%
 %% Modify a term in a file and return both old and new values.
diff --git a/lib/diameter/test/diameter_watchdog_SUITE.erl b/lib/diameter/test/diameter_watchdog_SUITE.erl
index b40d7c104d..ff40326947 100644
--- a/lib/diameter/test/diameter_watchdog_SUITE.erl
+++ b/lib/diameter/test/diameter_watchdog_SUITE.erl
@@ -306,11 +306,8 @@ watchdog(Type, Ref, TPid, Wd) ->
     Opts = [{transport_module, ?MODULE},
             {transport_config, TPid},
             {watchdog_timer, Wd}],
-    monitor(diameter_watchdog:start({Type, Ref},
-                                    {false, Opts, false, ?SERVICE})).
-
-monitor(Pid) ->
-    erlang:monitor(process, Pid),
+    {_MRef, Pid} = diameter_watchdog:start({Type, Ref},
+                                           {false, Opts, false, ?SERVICE}),
     Pid.
 
 %% ===========================================================================
@@ -350,6 +347,10 @@ init(_, _, TPid, _) ->
     monitor(TPid),
     3.
 
+monitor(Pid) ->
+    erlang:monitor(process, Pid),
+    Pid.
+
 %% Generate a unique hostname for the faked peer.
 hostname() ->
     lists:flatten(io_lib:format("~p-~p-~p", tuple_to_list(now()))).
diff --git a/lib/diameter/test/modules.mk b/lib/diameter/test/modules.mk
index f88258c232..7f163536fb 100644
--- a/lib/diameter/test/modules.mk
+++ b/lib/diameter/test/modules.mk
@@ -24,6 +24,7 @@ MODULES = \
 	diameter_ct \
 	diameter_util \
 	diameter_enum \
+	diameter_compiler_SUITE \
 	diameter_codec_SUITE \
 	diameter_codec_test \
 	diameter_app_SUITE \
@@ -32,6 +33,7 @@ MODULES = \
 	diameter_sync_SUITE \
 	diameter_stats_SUITE \
 	diameter_watchdog_SUITE \
+	diameter_gen_sctp_SUITE \
 	diameter_transport_SUITE \
 	diameter_capx_SUITE \
 	diameter_traffic_SUITE \
@@ -41,3 +43,9 @@ MODULES = \
 
 HRL_FILES = \
 	diameter_ct.hrl
+
+DATA = \
+	diameter_codec_SUITE_data/avps.dia \
+	diameter_codec_SUITE_data/send.dia \
+	diameter_codec_SUITE_data/recv.dia \
+	diameter_codec_SUITE_data/diameter_test_unknown.erl
diff --git a/lib/diameter/vsn.mk b/lib/diameter/vsn.mk
index b1d3ba2241..0c240798cc 100644
--- a/lib/diameter/vsn.mk
+++ b/lib/diameter/vsn.mk
@@ -18,7 +18,7 @@
 # %CopyrightEnd%
 
 APPLICATION  = diameter
-DIAMETER_VSN = 0.11
+DIAMETER_VSN = 1.0
 PRE_VSN      =
 APP_VSN      = "$(APPLICATION)-$(DIAMETER_VSN)$(PRE_VSN)"
 
diff --git a/lib/edoc/doc/src/notes.xml b/lib/edoc/doc/src/notes.xml
index b220067bbe..a74a19bc05 100644
--- a/lib/edoc/doc/src/notes.xml
+++ b/lib/edoc/doc/src/notes.xml
@@ -31,6 +31,21 @@
   <p>This document describes the changes made to the EDoc
     application.</p>
 
+<section><title>Edoc 0.7.9.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Miscellaneous documentation build updates</p>
+          <p>
+	    Own Id: OTP-9813</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Edoc 0.7.9</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/edoc/vsn.mk b/lib/edoc/vsn.mk
index 22f225dd9b..b8f33894f1 100644
--- a/lib/edoc/vsn.mk
+++ b/lib/edoc/vsn.mk
@@ -1 +1 @@
-EDOC_VSN = 0.7.9
+EDOC_VSN = 0.7.9.1
diff --git a/lib/erl_docgen/Makefile b/lib/erl_docgen/Makefile
index 68b41a1ff2..19b129fd5d 100644
--- a/lib/erl_docgen/Makefile
+++ b/lib/erl_docgen/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1996-2010. All Rights Reserved.
+# Copyright Ericsson AB 1996-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/erl_docgen/doc/src/Makefile b/lib/erl_docgen/doc/src/Makefile
index a546d8da33..ff50c12895 100644
--- a/lib/erl_docgen/doc/src/Makefile
+++ b/lib/erl_docgen/doc/src/Makefile
@@ -44,6 +44,7 @@ XML_PART_FILES = \
 
 XML_CHAPTER_FILES = \
 	overview.xml \
+        doc-build.xml \
 	user_guide_dtds.xml \
 	refman_dtds.xml \
 	notes.xml \
diff --git a/lib/erl_docgen/doc/src/doc-build.xml b/lib/erl_docgen/doc/src/doc-build.xml
new file mode 100644
index 0000000000..08410a1539
--- /dev/null
+++ b/lib/erl_docgen/doc/src/doc-build.xml
@@ -0,0 +1,188 @@
+<?xml version="1.0" encoding="iso-8859-1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+  <header>
+    <copyright>
+      <year>1997</year><year>2011</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+    
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+    
+     </legalnotice>
+    <title>How to Build OTP like documentation</title>
+    <prepared></prepared>
+    <docno></docno>
+    <date></date>
+    <rev></rev>
+    <file>doc-build.xml</file>
+  </header>
+
+  <section>
+    <title>Utilities to prepare XML files</title>
+    <section>
+      <title>Create XML files from code</title>
+      <p>
+	If there are EDoc comments in a module, the escript <c>xml_from_edoc.escript</c>
+	can be used to generate an XML file according to the <c>erlref</c> DTD 
+	for this module.
+      </p>
+      <p>
+	Example:
+      </p>
+      <code>
+
+	1> escript $(ERL_TOP)/lib/erl_docgen/priv/bin/xml_from_edoc.escript ex1.erl
+      </code>
+    </section>
+    <section>
+      <title>Include code in XML</title>
+      <p>If there are OTP DTD <i>codeinclude</i> tags in the source XML file, the escript
+          <c>codeline_preprocessing.escript</c> can be used to include the code and produce
+	  an XML file according to the OTP DTDs. 
+      </p>
+      <p>
+	Example:
+      </p>
+      <code>
+
+	1> escript $(ERL_TOP)/lib/erl_docgen/priv/bin/codeline_preprocessing.escript ex1.xmlsrc ex1.xml
+      </code>
+    </section>
+  </section>
+
+  <section>
+    <title>Use xsltproc to generate different output formats</title>
+
+    <section>
+      <title>Parameters used in all the the XSL transformations</title>
+      <p>
+	These parameters to <c>xsltproc</c> are used for all the supported output formats.
+      </p>
+      <taglist>
+	<tag><c>docgen</c></tag>
+	<item>
+	  Path to erl_docgen's top directory.
+	</item>
+	<tag><c>gendate</c></tag>
+	<item>
+	  The date string that will be used in the documentation.
+	</item>
+	<tag><c>appname</c></tag>
+	<item>
+	  The name of the application.>
+	</item> 
+	<tag><c>appver</c></tag>
+	<item>
+	  The version of the application.
+	</item>
+     </taglist>
+    </section>
+
+    <section>
+      <title>Generate HTML output</title>
+      <p>
+	When generating HTML one also needs these three pramaters to <c>xsltproc</c>.
+      </p> 
+      <taglist>
+	<tag><c>outdir</c></tag>
+	<item>
+	  Output directory for the produced html files.
+	</item>
+ 	<tag><c>topdocdir</c></tag>
+	<item>
+	  If one builds a standalone documentation for an application this should be set to ".".
+	</item>
+	<tag><c>pdfdir</c></tag>
+	<item>
+	  Relative path from the html directory to where the pdf file are placed.
+	</item>
+      </taglist>
+      <p>
+	Example:
+      </p>
+      <code>
+	
+	1> xsltproc --noout --stringparam outdir /tmp/myhtmldoc \
+	      --stringparam docgen $(ERL_TOP)/lib/erl_docgen \
+              --stringparam topdocdir . \
+              --stringparam pdfdir "$(PDFDIR)" \
+              --xinclude \
+	      --stringparam gendate "December 5 2011" \
+              --stringparam appname MyApp \
+              --stringparam appver 0.1 \
+              -path $ERL_TOP/lib/erl_docgen/priv/dtd \
+              -path $ERL_TOP/lib/erl_docgen/priv/dtd_html_entities \
+	      $ERL_TOP/lib/erl_docgen/priv/xsl/db_html.xsl mybook.xml
+      </code>
+    </section>
+
+    <section>
+      <title>Generate PDF</title>
+      <p>
+	The generation of the PDF file is done in two steps. First is <c>xsltproc</c> used to generate a <c>.fo</c> file 
+	which is used as input to the <c>fop</c> command to produce th PDF file.
+      </p>
+      <p>
+	Example:
+      </p>
+      <code>
+
+	1> xsltproc --output MyApp.fo \
+             --stringparam docgen $ERL_TOP/lib/erl_docgen \
+	     --stringparam gendate  "December 5 2011" \
+             --stringparam appname MyApp \
+             --stringparam appver 0.1 \
+             --xinclude \
+             -path $ERL_TOP/lib/erl_docgen/priv/dtd \
+             -path $ERL_TOP/lib/erl_docgen/priv/dtd_html_entities \
+	     $ERL_TOP/lib/erl_docgen/priv/xsl/db_pdf.xsl mybook.xml
+
+
+        2> fop -fo MyApp.fo -pdf MyApp.pdf
+      </code>
+    </section>
+
+    <section>
+      <title>Generate man pages</title>
+      <p>
+	Unix man pages can be generated with <c>xsltproc</c> from XML files written according to 
+	the different OTP ref type DTDs. 
+      </p>
+      <p>
+	Example:
+      </p>
+      <code>
+
+	1> xsltproc --output  my_module.3\
+	      --stringparam docgen $ERL_TOP/lib/erl_docgen \
+	      --stringparam gendate  "December 5 2011" \
+	      --stringparam appname MyApp \
+	      --stringparam appver 0.1 \
+	      --xinclude -path $ERL_TOP/lib/erl_docgen/priv/dtd  \
+              -path $ERL_TOP/lib/erl_docgen/priv/dtd_man_entities \
+              $ERL_TOP/lib/erl_docgen/priv/xsl/db_man.xsl my_refpage.xml
+      </code>
+    </section>
+
+    <section>
+      <title>Upcomming changes</title>
+      <p>
+	The output from the <c>erl_docgen</c> documentation build process is now just the OTP style. 
+	But in a near future we will for example add the possibility to change logo, color in the PDF and 
+	style sheet for the HTML.
+      </p>
+    </section>
+
+  </section>
+</chapter>
diff --git a/lib/erl_docgen/doc/src/fasc_dtds.xml b/lib/erl_docgen/doc/src/fasc_dtds.xml
index dec8189b55..86eeb958f6 100644
--- a/lib/erl_docgen/doc/src/fasc_dtds.xml
+++ b/lib/erl_docgen/doc/src/fasc_dtds.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2007</year><year>2009</year>
+      <year>2007</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/erl_docgen/doc/src/header_tags.xml b/lib/erl_docgen/doc/src/header_tags.xml
index 902bce4f68..dfae15107f 100644
--- a/lib/erl_docgen/doc/src/header_tags.xml
+++ b/lib/erl_docgen/doc/src/header_tags.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1997</year><year>2009</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/erl_docgen/doc/src/notes.xml b/lib/erl_docgen/doc/src/notes.xml
index 9591b363f7..23f64b876a 100644
--- a/lib/erl_docgen/doc/src/notes.xml
+++ b/lib/erl_docgen/doc/src/notes.xml
@@ -30,7 +30,50 @@
   </header>
   <p>This document describes the changes made to the <em>erl_docgen</em> application.</p>
 
-  <section><title>Erl_Docgen 0.2.6</title>
+  <section><title>Erl_Docgen 0.3</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+	    <p> Bug fixes concerning the generation of manpages. </p>
+          <p>
+	    Own Id: OTP-9614</p>
+        </item>
+        <item>
+	    <p> Fix syntax bug in eix files. </p>
+          <p>
+	    Own Id: OTP-9617</p>
+        </item>
+        <item>
+	    <p> Bug fix concerning the generation of manpages. </p>
+          <p>
+	    Own Id: OTP-9759</p>
+        </item>
+        <item>
+	    <p> Fixed an arity calculation bug for erlang functions
+	    in the documentation index for html and pdf. </p>
+          <p>
+	    Own Id: OTP-9772</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p> The docbuilder application is removed in R15 and
+	    parts still used in the OTP documentation build process
+	    and the DTD documentation is moved to erl_docgen. </p>
+          <p>
+	    Own Id: OTP-9721</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Erl_Docgen 0.2.6</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/erl_docgen/doc/src/overview.xml b/lib/erl_docgen/doc/src/overview.xml
index f0f97d8d45..2a420c53d9 100644
--- a/lib/erl_docgen/doc/src/overview.xml
+++ b/lib/erl_docgen/doc/src/overview.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE chapter SYSTEM "chapter.dtd">
 
 <chapter>
   <header>
     <copyright>
-      <year>1997</year><year>2009</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -20,7 +20,7 @@
       under the License.
     
      </legalnotice>
-    <title>Overview</title>
+    <title>Overview OTP DTDs</title>
     <prepared></prepared>
     <docno></docno>
     <date></date>
@@ -42,7 +42,7 @@
 	  A collection of chapters
 	  (<seealso marker="user_guide_dtds#chapterDTD">chapter</seealso>).
 	</p>
-      </item>
+      </item> 
 
       <tag><em>Reference Manual</em></tag>
       <item>
@@ -72,23 +72,16 @@
       the <c>application</c> or <c>part</c> DTD to write other types
       of documentation for the application.</p>
 
-  </section>
-
-  <section>
-    <title>Structure of Generated HTML</title>
 
-    <p>The generated HTML corresponding to a <c>part</c> or
-      <c>application</c> document is split into a left frame and a right
-      frame. The left frame contains information about the document
-      and links to the included files, that is chapters or manual pages.
-      The right frame is used to display either the front page for
-      the document, or the selected chapter/manual page.</p>
+    <p>The structure of the different documents and the meaning of the 
+    tags are explained. There are numerous examples of documentation 
+    source code.</p>
 
-    <p>The left frame also contains links to a bibliography and a
-      glossary, which are automatically generated.</p>
+    <p>For readability and simplicity, the examples have been kept as
+      short as possible. For an example of what the generated HTML
+      will look like, it is recommended to look at the documentation of 
+      an OTP application.</p>
 
-    <p>In the case of an <c>application</c> document, the left frame
-      also contains a link to an automatically generated index.</p>
   </section>
 
   <section>
@@ -108,48 +101,5 @@
       tags, for example a highlighted word within a paragraph.</p>
   </section>
 
-  <section>
-    <title>About This Document</title>
-
-    <p>In this User's Guide, the structure of the different documents
-      and the meaning of the tags are explained. There are numerous
-      examples of documentation source code.</p>
-
-    <p>For readability and simplicity, the examples have been kept as
-      short as possible. For an example of what the generated HTML
-      will look like, it is recommended to look at the documentation of 
-      an OTP application.</p>
-    <list>
-      <item>This User's Guides are written using the <c>part</c> and
-	<c>chapter</c> DTDs.</item>
-
-      <item>The Reference Manuals are written using
-	the <c>application</c>, <c>appref</c> and <c>erlref</c> DTDs.
-      </item>
-    </list>
-  </section>
-
-  <section>
-    <title>Usage</title>
-
-    <list type="ordered">
-      <item>
-	<p>Create the relevant XML files.</p>
-
-	<p>If there are EDoc comments in a module, the escript 
-	  <!-- seealso marker="xml_from_edoc">xml_from_edoc</seealso -->
-          <c>xml_from_edoc</c>
-	  can be used to generate an XML file according to
-	  the <c>erlref</c> DTD for this module.</p>
-      </item>
-
-      <!-- item>
-	<p>The XML files can be validated using
-	  <seealso marker="docb_xml_check#validate/1">docb_xml_check:validate/1</seealso>.
-	</p>
-      </item -->
-
-    </list>
-  </section>
 </chapter>
 
diff --git a/lib/erl_docgen/doc/src/part.xml b/lib/erl_docgen/doc/src/part.xml
index 4594778a2f..26d660df08 100644
--- a/lib/erl_docgen/doc/src/part.xml
+++ b/lib/erl_docgen/doc/src/part.xml
@@ -27,10 +27,11 @@
     <rev></rev>
   </header>
   <description>
-    <p><em>Erl_Docgen</em> provides functionality for generating HTML/PDF
+    <p><em>Erl_Docgen</em> provides functionality for generating HTML/PDF/man
        documentation for Erlang modules and Erlang/OTP applications
        from XML source code and/or EDoc comments in Erlang source code.</p>
   </description>
+  <xi:include href="doc-build.xml"/>
   <xi:include href="overview.xml"/>
   <xi:include href="user_guide_dtds.xml"/>
   <xi:include href="refman_dtds.xml"/>
diff --git a/lib/erl_docgen/doc/src/refman_dtds.xml b/lib/erl_docgen/doc/src/refman_dtds.xml
index 7b01c57db4..4f0e388a8a 100644
--- a/lib/erl_docgen/doc/src/refman_dtds.xml
+++ b/lib/erl_docgen/doc/src/refman_dtds.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1997</year><year>2009</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/erl_docgen/doc/src/user_guide_dtds.xml b/lib/erl_docgen/doc/src/user_guide_dtds.xml
index a2db44f830..79a7701ce8 100644
--- a/lib/erl_docgen/doc/src/user_guide_dtds.xml
+++ b/lib/erl_docgen/doc/src/user_guide_dtds.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1997</year><year>2009</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/erl_docgen/info b/lib/erl_docgen/info
index 4dc2a02bfb..31c7eb911a 100644
--- a/lib/erl_docgen/info
+++ b/lib/erl_docgen/info
@@ -1,3 +1,2 @@
 group: doc Documentation Applications
 short: A utility used to produce the OTP documentation.
-
diff --git a/lib/erl_docgen/priv/bin/xml_from_edoc.escript b/lib/erl_docgen/priv/bin/xml_from_edoc.escript
index 9a96a3c25a..2cb81be1be 100755
--- a/lib/erl_docgen/priv/bin/xml_from_edoc.escript
+++ b/lib/erl_docgen/priv/bin/xml_from_edoc.escript
@@ -2,7 +2,7 @@
 %% -*- erlang -*-
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/erl_docgen/priv/css/otp_doc.css b/lib/erl_docgen/priv/css/otp_doc.css
index 97d8c2df74..c56de378f4 100644
--- a/lib/erl_docgen/priv/css/otp_doc.css
+++ b/lib/erl_docgen/priv/css/otp_doc.css
@@ -1,6 +1,5 @@
-
-
-body          { 
+/* standard OTP style sheet */
+body {
   background: white;
   font-family: Verdana, Arial, Helvetica, sans-serif;
   margin: 0;
@@ -11,7 +10,6 @@ body          {
   max-height: 100%;
 }
 
-
 th            { font-family: Verdana, Arial, Helvetica, sans-serif }
 td            { font-family: Verdana, Arial, Helvetica, sans-serif }
 p             { font-family: Verdana, Arial, Helvetica, sans-serif }
@@ -33,8 +31,7 @@ a:visited      { color: blue; text-decoration: none }
   background-color: #fff;
 }
 
-
-#leftnav  {
+#leftnav {
   position: fixed;
   float: left;
   top: 0;
@@ -47,8 +44,7 @@ a:visited      { color: blue; text-decoration: none }
   border-right: 1px solid red;
 }
 
-
-#content   {
+#content {
   margin-left: 240px; /* set left value to WidthOfFrameDiv */
 }
 
@@ -57,7 +53,6 @@ a:visited      { color: blue; text-decoration: none }
   padding-top: 50px; /* Magins for inner DIV inside each DIV (to provide padding) */
 }
 
-
 .innertube 
 {
   margin: 15px; /* Magins for inner DIV inside each DIV (to provide padding) */
@@ -66,16 +61,15 @@ a:visited      { color: blue; text-decoration: none }
 .footer 
 {
   margin: 15px; /* Magins for inner DIV inside each DIV (to provide padding) */
-
 }
-span.bold_code        { font-family: courier;font-weight: bold}
-span.code        { font-family: courier;font-weight: normal}
+
+span.bold_code   { font-family: Courier, monospace; font-weight: bold }
+span.code        { font-family: Courier, monospace; font-weight: normal }
 
 .note, .warning {
   border: solid black 1px;
   margin: 1em 3em;
 }
-
 .note .label {
   background: #30d42a;
   color: white;
@@ -102,16 +96,15 @@ span.code        { font-family: courier;font-weight: normal}
   font-size: 90%;
   padding: 5px 10px;
 }
-
-.example     { 
+.example {
   background-color:#eeeeff;
   padding: 0px 10px;
-} 
+}
 
-pre          { font-family: courier; font-weight: normal }
+pre          { font-family: Courier, monospace; font-weight: normal }
 
 .REFBODY     { margin-left: 13mm }
 
 .REFTYPES    { margin-left: 8mm }
 
-footer       {  }
+footer       { }
diff --git a/lib/erl_docgen/priv/dtd/Makefile b/lib/erl_docgen/priv/dtd/Makefile
index 9454147258..65c68fcca7 100644
--- a/lib/erl_docgen/priv/dtd/Makefile
+++ b/lib/erl_docgen/priv/dtd/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2009. All Rights Reserved.
+# Copyright Ericsson AB 2009-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/erl_docgen/priv/xsl/db_eix.xsl b/lib/erl_docgen/priv/xsl/db_eix.xsl
index 55540317f6..249e6950f7 100644
--- a/lib/erl_docgen/priv/xsl/db_eix.xsl
+++ b/lib/erl_docgen/priv/xsl/db_eix.xsl
@@ -328,7 +328,7 @@
     <xsl:choose>
       <xsl:when test="string-length($tmp1) > 0 or starts-with($string, $start)">
         <xsl:variable name="tmp2">
-          <xsl:value-of select="substring-after($string, $end)"/>
+          <xsl:value-of select="substring-after(substring-after($string, $start), $end)"/>
         </xsl:variable>
         <xsl:variable name="retstring">
           <xsl:call-template name="remove-paren">
diff --git a/lib/erl_docgen/priv/xsl/db_html.xsl b/lib/erl_docgen/priv/xsl/db_html.xsl
index a9052f29e5..7cf5465f90 100644
--- a/lib/erl_docgen/priv/xsl/db_html.xsl
+++ b/lib/erl_docgen/priv/xsl/db_html.xsl
@@ -3,7 +3,7 @@
      #
      # %CopyrightBegin%
      #
-     # Copyright Ericsson AB 2009-2011. All Rights Reserved.
+     # Copyright Ericsson AB 2009-2012. All Rights Reserved.
      #
      # The contents of this file are subject to the Erlang Public License,
      # Version 1.1, (the "License"); you may not use this file except in
@@ -40,6 +40,11 @@
   <xsl:variable name="m2a" select="document($mod2app_file)"></xsl:variable>
   <xsl:key name="mod2app" match="module" use="@name"/>
 
+  <xsl:key
+        name="mfa"
+	match="func/name[string-length(@arity) > 0 and ancestor::erlref]"
+	use="concat(ancestor::erlref/module,':',@name, '/', @arity)"/>
+
   <xsl:template name="err">
     <xsl:param name="f"/>
     <xsl:param name="m"/>
@@ -101,10 +106,14 @@
 	</xsl:message>
       </xsl:when>
       <xsl:when test="ancestor::erlref">
+        <!-- Do not to use preceding since it is very slow! -->
+        <xsl:variable name="curModule" select="ancestor::erlref/module"/>
+        <xsl:variable name="mfas"
+                      select="key('mfa',
+                                  concat($curModule,':',$name,'/',$arity))"/>
 	<xsl:choose>
-	  <xsl:when test="preceding-sibling::name[position() = 1
-			  and @name = $name and @arity = $arity]">
-	    <!-- Avoid duplicated anchors.-->
+          <xsl:when test="generate-id($mfas[1]) != generate-id(.)">
+	    <!-- Avoid duplicated anchors. See also menu.funcs. -->
 	  </xsl:when>
 	  <xsl:otherwise>
 	    <a name="{$name}-{$arity}"></a>
@@ -546,6 +555,23 @@
 
   <!-- End of Dialyzer type/spec tags -->
 
+  <!-- Cache for each module all the elements used for navigation. -->
+  <xsl:variable name="erlref.nav" select="exsl:node-set($erlref.nav_rtf)"/>
+
+  <xsl:variable name="erlref.nav_rtf">
+    <xsl:for-each select="//erlref">
+      <xsl:variable name="cval" select="module"/>
+      <xsl:variable name="link_cval"><xsl:value-of select="translate($cval, '&#173;', '')"/></xsl:variable>
+      <module name="{$cval}">
+	<xsl:call-template name="menu.funcs">
+	  <xsl:with-param name="entries" select="funcs/func/name"/>
+	  <xsl:with-param name="cval" select="$cval"/>
+	  <xsl:with-param name="basename" select="$link_cval"/>
+	</xsl:call-template>
+      </module>
+    </xsl:for-each>
+  </xsl:variable>
+
   <!-- Page layout -->
   <xsl:template name="pagelayout">
     <xsl:param name="chapnum"/>
@@ -1315,11 +1341,25 @@
                   Top of manual page
                 </a>
               </li>
-              <xsl:call-template name="menu.funcs">
-                <xsl:with-param name="entries"
-                  select="funcs/func/name"/>
-                <xsl:with-param name="basename"><xsl:value-of select="$link_cval"/></xsl:with-param>
-              </xsl:call-template>
+              <xsl:call-template name="nl"/>
+                <xsl:choose>
+                  <xsl:when test="local-name() = 'erlref'">
+	            <!-- Use the cached value in order to save time.
+                         value-of a string node is _much_ faster than
+			 copy-of a rtf -->
+		    <xsl:value-of
+		         disable-output-escaping="yes"
+			 select="$erlref.nav/module[@name = $cval]"/>
+                  </xsl:when>
+                  <xsl:otherwise>
+		    <xsl:call-template name="menu.funcs">
+		      <xsl:with-param name="entries"
+			select="funcs/func/name"/>
+		      <xsl:with-param name="basename"><xsl:value-of select="$link_cval"/></xsl:with-param>
+		      <xsl:with-param name="cval" select="$cval"/>
+		    </xsl:call-template>
+                  </xsl:otherwise>
+                </xsl:choose>
             </ul>
           </li>
         </xsl:when>
@@ -1349,6 +1389,7 @@
   <xsl:template name="menu.funcs">
     <xsl:param name="entries"/>
     <xsl:param name="basename"/>
+    <xsl:param name="cval"/>
 
     <xsl:for-each select="$entries">
 
@@ -1434,17 +1475,41 @@
             </xsl:choose>
           </xsl:variable>
 
+	  <!-- Avoid duplicated entries. See also template "spec_name" -->
+          <!-- Do not to use preceding since it is very slow! -->
+          <xsl:variable name="mfas"
+			select="key('mfa',
+				    concat($cval,':',$fname,'/',$arity))"/>
 	  <xsl:choose>
-	    <xsl:when test="preceding-sibling::name[position() = 1
-                            and @name = $fname and @arity = $arity]">
+            <xsl:when test="string-length(@name) > 0 and
+                            generate-id($mfas[1]) != generate-id(.)">
               <!-- Skip. Only works for Dialyzer specs. -->
 	    </xsl:when>
 	    <xsl:otherwise>
+<!--
 	      <li title="{$fname}-{$arity}">
 		<a href="{$basename}.html#{$fname}-{$arity}">
 		  <xsl:value-of select="$fname"/>/<xsl:value-of select="$arity"/>
 		</a>
 	      </li>
+-->
+	      <!-- Generate a text node -->
+	      <xsl:text>&lt;li title="</xsl:text>
+	      <xsl:value-of select="$fname"/>
+	      <xsl:text>-</xsl:text>
+	      <xsl:value-of select="$arity"/>
+	      <xsl:text>">&lt;a href="</xsl:text>
+	      <xsl:value-of select="$basename"/>
+	      <xsl:text>.html#</xsl:text>
+	      <xsl:value-of select="$fname"/>
+	      <xsl:text>-</xsl:text>
+	      <xsl:value-of select="$arity"/>
+	      <xsl:text>"></xsl:text>
+	      <xsl:value-of select="$fname"/>
+	      <xsl:text>/</xsl:text>
+	      <xsl:value-of select="$arity"/>
+	      <xsl:text>&lt;/a>&lt;/li></xsl:text>
+              <xsl:call-template name="nl"/>
 	    </xsl:otherwise>
 	  </xsl:choose>
         </xsl:when>
@@ -1854,18 +1919,24 @@
 
     <xsl:choose>
       <xsl:when test="string-length($filepart) > 0">
-        <xsl:variable name="modulepart"><xsl:value-of select="substring-before($filepart, ':')"/></xsl:variable>
+        <!-- "Filepart#Linkpart" (or "Filepart#") -->
+        <xsl:variable name="app_part"><xsl:value-of select="substring-before($filepart, ':')"/></xsl:variable>
         <xsl:choose>
-          <xsl:when test="string-length($modulepart) > 0">
-            <xsl:variable name="filepart1"><xsl:value-of select="substring-after($filepart, ':')"/></xsl:variable>
-            <span class="bold_code"><a href="javascript:erlhref('{$topdocdir}/../','{$modulepart}','{$filepart1}.html#{$linkpart}');"><xsl:apply-templates/></a></span>
+          <xsl:when test="string-length($app_part) > 0">
+            <!-- "AppPart:ModPart#Linkpart" -->
+            <xsl:variable name="mod_part"><xsl:value-of select="substring-after($filepart, ':')"/></xsl:variable>
+            <span class="bold_code"><a href="javascript:erlhref('{$topdocdir}/../','{$app_part}','{$mod_part}.html#{$linkpart}');"><xsl:apply-templates/></a></span>
           </xsl:when>
           <xsl:otherwise>
+            <!-- "Filepart#Linkpart (there is no ':' in Filepart) -->
+            <xsl:variable name="minus_prefix"
+                          select="substring-before($linkpart, '-')"/>
             <xsl:choose>
-              <!-- Dialyzer seealso (the application is unknown) -->
-              <xsl:when test="string-length($specs_file) > 0
+              <xsl:when test="$minus_prefix = 'type'
+                              and string-length($specs_file) > 0
                               and count($i/specs/module[@name=$filepart]) = 0">
-                <!-- Deemed to slow; use key() instead
+                <!-- Dialyzer seealso (the application is unknown) -->
+                <!-- Following code deemed too slow; use key() instead
 		<xsl:variable name="app"
                               select="$m2a/mod2app/module[@name=$filepart]"/>
                 -->
@@ -1877,41 +1948,45 @@
 		      <span class="bold_code"><a href="javascript:erlhref('{$topdocdir}/../','{$app}','{$filepart}.html#{$linkpart}');"><xsl:value-of select="$this"/></a></span>
 		    </xsl:when>
 		    <xsl:otherwise>
-		      <!-- Unknown application; no link -->
-		      <xsl:value-of select="$this"/>
+		      <!-- Unknown application -->
+		      <xsl:message terminate="yes">
+			Error <xsl:value-of select="$filepart"/>: cannot find module exporting type
+		      </xsl:message>
 		    </xsl:otherwise>
 		  </xsl:choose>
                 </xsl:for-each>
               </xsl:when>
               <xsl:when test="string-length($linkpart) > 0">
+                <!-- Still Filepart#Linkpart (there is no ':' in Filepart -->
                 <span class="bold_code"><a href="{$filepart}.html#{$linkpart}"><xsl:apply-templates/></a></span>
               </xsl:when>
               <xsl:otherwise>
+                <!-- "Filepart#" (there is no ':' in Filepart -->
                 <span class="bold_code"><a href="{$filepart}.html"><xsl:apply-templates/></a></span>
               </xsl:otherwise>
             </xsl:choose>
           </xsl:otherwise>
         </xsl:choose>
+      </xsl:when> <!-- string-length($filepart) > 0 -->
+      <xsl:when test="string-length($linkpart) > 0">
+	<!-- "#Linkpart" -->
+	<span class="bold_code"><a href="#{$linkpart}"><xsl:apply-templates/></a></span>
       </xsl:when>
       <xsl:otherwise>
-        <xsl:choose>
-          <xsl:when test="string-length($linkpart) > 0">
-            <span class="bold_code"><a href="#{$linkpart}"><xsl:apply-templates/></a></span>
-          </xsl:when>
-          <xsl:otherwise>
-            <xsl:variable name="modulepart"><xsl:value-of select="substring-before(@marker, ':')"/></xsl:variable>
+	<!-- "AppPart:Mod" or "Mod" (there is no '#') -->
+	<xsl:variable name="app_part"><xsl:value-of select="substring-before(@marker, ':')"/></xsl:variable>
 
-            <xsl:choose>
-              <xsl:when test="string-length($modulepart) > 0">
-                <xsl:variable name="filepart1"><xsl:value-of select="substring-after(@marker, ':')"/></xsl:variable>
-                <span class="bold_code"><a href="javascript:erlhref('{$topdocdir}/../','{$modulepart}','{$filepart1}.html');"><xsl:apply-templates/></a></span>
-              </xsl:when>
-              <xsl:otherwise>
-                <span class="bold_code"><a href="{@marker}.html"><xsl:apply-templates/></a></span>
-              </xsl:otherwise>
-            </xsl:choose>
-          </xsl:otherwise>
-        </xsl:choose>
+	<xsl:choose>
+	  <xsl:when test="string-length($app_part) > 0">
+	    <!-- "App:Mod" -->
+	    <xsl:variable name="mod_part"><xsl:value-of select="substring-after(@marker, ':')"/></xsl:variable>
+	    <span class="bold_code"><a href="javascript:erlhref('{$topdocdir}/../','{$app_part}','{$mod_part}.html');"><xsl:apply-templates/></a></span>
+	  </xsl:when>
+	  <xsl:otherwise>
+	    <!-- "Mod" -->
+	    <span class="bold_code"><a href="{@marker}.html"><xsl:apply-templates/></a></span>
+	  </xsl:otherwise>
+	</xsl:choose>
       </xsl:otherwise>
     </xsl:choose>
 
@@ -2184,7 +2259,7 @@
     <xsl:choose>
       <xsl:when test="string-length($tmp1) > 0 or starts-with($string, $start)">
         <xsl:variable name="tmp2">
-          <xsl:value-of select="substring-after($string, $end)"/>
+          <xsl:value-of select="substring-after(substring-after($string, $start), $end)"/>
         </xsl:variable>
         <xsl:variable name="retstring">
           <xsl:call-template name="remove-paren">
@@ -2200,4 +2275,9 @@
 
   </xsl:template>
 
+  <xsl:template name="nl">
+    <xsl:text>
+</xsl:text>
+  </xsl:template>
+
 </xsl:stylesheet>
diff --git a/lib/erl_docgen/priv/xsl/db_man.xsl b/lib/erl_docgen/priv/xsl/db_man.xsl
index 0aca74bc97..5234ba6bd0 100644
--- a/lib/erl_docgen/priv/xsl/db_man.xsl
+++ b/lib/erl_docgen/priv/xsl/db_man.xsl
@@ -586,7 +586,15 @@
   </xsl:template>
 
   <xsl:template match="seealso">
-    <xsl:text>\fB</xsl:text><xsl:apply-templates/><xsl:text>\fR\&amp;</xsl:text>
+    <xsl:choose>
+      <xsl:when test="ancestor::head">
+	<!-- The header of Dialyzer specs -->
+	<xsl:apply-templates/>
+      </xsl:when>
+      <xsl:otherwise>
+	<xsl:text>\fB</xsl:text><xsl:apply-templates/><xsl:text>\fR\&amp;</xsl:text>
+      </xsl:otherwise>
+    </xsl:choose>
   </xsl:template>
 
   <!-- Code -->
diff --git a/lib/erl_docgen/priv/xsl/db_pdf.xsl b/lib/erl_docgen/priv/xsl/db_pdf.xsl
index 48a7a026c1..4ed4fa14c4 100644
--- a/lib/erl_docgen/priv/xsl/db_pdf.xsl
+++ b/lib/erl_docgen/priv/xsl/db_pdf.xsl
@@ -1680,7 +1680,7 @@
     <xsl:choose>
       <xsl:when test="string-length($tmp1) > 0 or starts-with($string, $start)">
         <xsl:variable name="tmp2">
-          <xsl:value-of select="substring-after($string, $end)"/>
+          <xsl:value-of select="substring-after(substring-after($string, $start), $end)"/>
         </xsl:variable>
         <xsl:variable name="retstring">
           <xsl:call-template name="remove-paren">
diff --git a/lib/erl_docgen/src/Makefile b/lib/erl_docgen/src/Makefile
index 4a805697e6..cbaf6e4627 100644
--- a/lib/erl_docgen/src/Makefile
+++ b/lib/erl_docgen/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1996-2010. All Rights Reserved.
+# Copyright Ericsson AB 1996-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/erl_interface/aclocal.m4 b/lib/erl_interface/aclocal.m4
index 151fd5ea5a..339a15a2bb 120000..100644
--- a/lib/erl_interface/aclocal.m4
+++ b/lib/erl_interface/aclocal.m4
@@ -1 +1,1766 @@
-../../erts/aclocal.m4
\ No newline at end of file
+dnl
+dnl %CopyrightBegin%
+dnl
+dnl Copyright Ericsson AB 1998-2011. All Rights Reserved.
+dnl
+dnl The contents of this file are subject to the Erlang Public License,
+dnl Version 1.1, (the "License"); you may not use this file except in
+dnl compliance with the License. You should have received a copy of the
+dnl Erlang Public License along with this software. If not, it can be
+dnl retrieved online at http://www.erlang.org/.
+dnl
+dnl Software distributed under the License is distributed on an "AS IS"
+dnl basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+dnl the License for the specific language governing rights and limitations
+dnl under the License.
+dnl
+dnl %CopyrightEnd%
+dnl
+
+dnl
+dnl aclocal.m4
+dnl
+dnl Local macros used in configure.in. The Local Macros which
+dnl could/should be part of autoconf are prefixed LM_, macros specific
+dnl to the Erlang system are prefixed ERL_.
+dnl
+
+AC_DEFUN(LM_PRECIOUS_VARS,
+[
+
+dnl ERL_TOP
+AC_ARG_VAR(ERL_TOP, [Erlang/OTP top source directory])
+
+dnl Tools
+AC_ARG_VAR(CC, [C compiler])
+AC_ARG_VAR(CFLAGS, [C compiler flags])
+AC_ARG_VAR(STATIC_CFLAGS, [C compiler static flags])
+AC_ARG_VAR(CFLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag passed via C compiler])
+AC_ARG_VAR(CPP, [C/C++ preprocessor])
+AC_ARG_VAR(CPPFLAGS, [C/C++ preprocessor flags])
+AC_ARG_VAR(CXX, [C++ compiler])
+AC_ARG_VAR(CXXFLAGS, [C++ compiler flags])
+AC_ARG_VAR(LD, [linker (is often overridden by configure)])
+AC_ARG_VAR(LDFLAGS, [linker flags (can be risky to set since LD may be overriden by configure)])
+AC_ARG_VAR(LIBS, [libraries])
+AC_ARG_VAR(DED_LD, [linker for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LDFLAGS, [linker flags for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LD_FLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(LFS_CFLAGS, [large file support C compiler flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LDFLAGS, [large file support linker flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LIBS, [large file support libraries (set all LFS_* variables or none)])
+AC_ARG_VAR(RANLIB, [ranlib])
+AC_ARG_VAR(AR, [ar])
+AC_ARG_VAR(GETCONF, [getconf])
+
+dnl Cross system root
+AC_ARG_VAR(erl_xcomp_sysroot, [Absolute cross system root path (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_isysroot, [Absolute cross system root include path (only used when cross compiling)])
+
+dnl Cross compilation variables
+AC_ARG_VAR(erl_xcomp_bigendian, [big endian system: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_clock_gettime_correction, [clock_gettime() can be used for time correction: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_nptl, [have Native POSIX Thread Library: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigusrx, [SIGUSR1 and SIGUSR2 can be used: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigaltstack, [have working sigaltstack(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_poll, [have working poll(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_kqueue, [have working kqueue(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_putenv_copy, [putenv() stores key-value copy: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_reliable_fpe, [have reliable floating point exceptions: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_getaddrinfo, [have working getaddrinfo() for both IPv4 and IPv6: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_gethrvtime_procfs_ioctl, [have working gethrvtime() which can be used with procfs ioctl(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_clock_gettime_cpu_time, [clock_gettime() can be used for retrieving process CPU time: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_after_morecore_hook, [__after_morecore_hook can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_dlsym_brk_wrappers, [dlsym(RTLD_NEXT, _) brk wrappers can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+
+])
+
+AC_DEFUN(ERL_XCOMP_SYSROOT_INIT,
+[
+erl_xcomp_without_sysroot=no
+if test "$cross_compiling" = "yes"; then
+    test "$erl_xcomp_sysroot" != "" || erl_xcomp_without_sysroot=yes
+    test "$erl_xcomp_isysroot" != "" || erl_xcomp_isysroot="$erl_xcomp_sysroot"
+else
+    erl_xcomp_sysroot=
+    erl_xcomp_isysroot=
+fi
+])
+
+AC_DEFUN(LM_CHECK_GETCONF,
+[
+if test "$cross_compiling" != "yes"; then
+    AC_CHECK_PROG([GETCONF], [getconf], [getconf], [false])
+else
+    dnl First check if we got a `<HOST>-getconf' in $PATH
+    host_getconf="$host_alias-getconf"
+    AC_CHECK_PROG([GETCONF], [$host_getconf], [$host_getconf], [false])
+    if test "$GETCONF" = "false" && test "$erl_xcomp_sysroot" != ""; then
+	dnl We should perhaps give up if we have'nt found it by now, but at
+	dnl least in one Tilera MDE `getconf' under sysroot is a bourne
+	dnl shell script which we can use. We try to find `<HOST>-getconf'
+    	dnl or `getconf' under sysconf, but only under sysconf since
+	dnl `getconf' in $PATH is almost guaranteed to be for the build
+	dnl machine.
+	GETCONF=
+	prfx="$erl_xcomp_sysroot"
+        AC_PATH_TOOL([GETCONF], [getconf], [false],
+	             ["$prfx/usr/bin:$prfx/bin:$prfx/usr/local/bin"])
+    fi
+fi
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_WINDOWS_ENVIRONMENT
+dnl
+dnl
+dnl Tries to determine thw windows build environment, i.e. 
+dnl MIXED_CYGWIN_VC or MIXED_MSYS_VC 
+dnl
+
+AC_DEFUN(LM_WINDOWS_ENVIRONMENT,
+[
+MIXED_CYGWIN=no
+MIXED_MSYS=no
+
+AC_MSG_CHECKING(for mixed cygwin or msys and native VC++ environment)
+if test "X$host" = "Xwin32" -a "x$GCC" != "xyes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([Cygwin and VC])
+		MIXED_CYGWIN_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_VC"
+	elif test -x /usr/bin/msysinfo; then
+	        CFLAGS="-O2"
+		MIXED_MSYS=yes
+		AC_MSG_RESULT([MSYS and VC])
+		MIXED_MSYS_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_MSYS_VC"
+	else		    
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_VC=no
+	MIXED_MSYS_VC=no
+fi
+AC_SUBST(MIXED_CYGWIN_VC)
+AC_SUBST(MIXED_MSYS_VC)
+
+MIXED_VC=no
+if test "x$MIXED_MSYS_VC" = "xyes" -o  "x$MIXED_CYGWIN_VC" = "xyes" ; then
+   MIXED_VC=yes
+fi
+
+AC_SUBST(MIXED_VC)
+
+if test "x$MIXED_MSYS" != "xyes"; then
+   AC_MSG_CHECKING(for mixed cygwin and native MinGW environment)
+   if test "X$host" = "Xwin32" -a "x$GCC" = x"yes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([yes])
+		MIXED_CYGWIN_MINGW=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_MINGW"
+	else
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+    else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_MINGW=no
+    fi
+else
+	MIXED_CYGWIN_MINGW=no
+fi	
+AC_SUBST(MIXED_CYGWIN_MINGW)
+
+AC_MSG_CHECKING(if we mix cygwin with any native compiler)
+if test "X$MIXED_CYGWIN" = "Xyes"; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_CYGWIN)
+	
+AC_MSG_CHECKING(if we mix msys with another native compiler)
+if test "X$MIXED_MSYS" = "Xyes" ; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_MSYS)
+])		
+	
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_FIND_EMU_CC
+dnl
+dnl
+dnl Tries fairly hard to find a C compiler that can handle jump tables.
+dnl Defines the @EMU_CC@ variable for the makefiles and 
+dnl inserts NO_JUMP_TABLE in the header if one cannot be found...
+dnl
+
+AC_DEFUN(LM_FIND_EMU_CC,
+	[AC_CACHE_CHECK(for a compiler that handles jumptables,
+			ac_cv_prog_emu_cc,
+			[
+AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    __label__ lbl1;
+    __label__ lbl2;
+    int x = magic();
+    static void *jtab[2];
+
+    jtab[0] = &&lbl1;
+    jtab[1] = &&lbl2;
+    goto *jtab[x];
+lbl1:
+    return 1;
+lbl2:
+    return 2;
+],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+
+if test $ac_cv_prog_emu_cc = no; then
+	for ac_progname in emu_cc.sh gcc-4.2 gcc; do
+  		IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  		ac_dummy="$PATH"
+  		for ac_dir in $ac_dummy; do
+    			test -z "$ac_dir" && ac_dir=.
+    			if test -f $ac_dir/$ac_progname; then
+      				ac_cv_prog_emu_cc=$ac_dir/$ac_progname
+      				break
+    			fi
+  		done
+  		IFS="$ac_save_ifs"
+		if test $ac_cv_prog_emu_cc != no; then
+			break
+		fi
+	done
+fi
+
+if test $ac_cv_prog_emu_cc != no; then
+	save_CC=$CC
+	save_CFLAGS=$CFLAGS
+	save_CPPFLAGS=$CPPFLAGS
+	CC=$ac_cv_prog_emu_cc
+	CFLAGS=""
+	CPPFLAGS=""
+	AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    	__label__ lbl1;
+    	__label__ lbl2;
+    	int x = magic();
+    	static void *jtab[2];
+
+    	jtab[0] = &&lbl1;
+    	jtab[1] = &&lbl2;
+    	goto *jtab[x];
+	lbl1:
+    	return 1;
+	lbl2:
+    	return 2;
+	],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+	CC=$save_CC
+	CFLAGS=$save_CFLAGS
+	CPPFLAGS=$save_CPPFLAGS
+fi
+])
+if test $ac_cv_prog_emu_cc = no; then
+	AC_DEFINE(NO_JUMP_TABLE,[],[Defined if no found C compiler can handle jump tables])
+	EMU_CC=$CC
+else
+	EMU_CC=$ac_cv_prog_emu_cc
+fi
+AC_SUBST(EMU_CC)
+])		
+			
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_INSTALL_DIR
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl Figure out how to create directories with parents.
+dnl (In my opinion INSTALL_DIR is a bad name, MKSUBDIRS or something is better)
+dnl
+dnl We prefer 'install -d', but use 'mkdir -p' if it exists.
+dnl If none of these methods works, we give up.
+dnl
+
+
+AC_DEFUN(LM_PROG_INSTALL_DIR,
+[AC_CACHE_CHECK(how to create a directory including parents,
+ac_cv_prog_mkdir_p,
+[
+temp_name_base=config.$$
+temp_name=$temp_name_base/x/y/z
+$INSTALL -d $temp_name >/dev/null 2>&1
+ac_cv_prog_mkdir_p=none
+if test -d $temp_name; then
+        ac_cv_prog_mkdir_p="$INSTALL -d"
+else
+        mkdir -p $temp_name >/dev/null 2>&1
+        if test -d $temp_name; then
+                ac_cv_prog_mkdir_p="mkdir -p"
+        fi
+fi
+rm -fr $temp_name_base           
+])
+
+case "${ac_cv_prog_mkdir_p}" in
+  none) AC_MSG_ERROR(don't know how create directories with parents) ;;
+  *)    INSTALL_DIR="$ac_cv_prog_mkdir_p" AC_SUBST(INSTALL_DIR)     ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_PERL5
+dnl
+dnl Try to find perl version 5. If found set PERL to the absolute path
+dnl of the program, if not found set PERL to false.
+dnl
+dnl On some systems /usr/bin/perl is perl 4 and e.g.
+dnl /usr/local/bin/perl is perl 5. We try to handle this case by
+dnl putting a couple of 
+dnl Tries to handle the case that there are two programs called perl
+dnl in the path and one of them is perl 5 and the other isn't. 
+dnl
+AC_DEFUN(LM_PROG_PERL5,
+[AC_PATH_PROGS(PERL, perl5 perl, false,
+   /usr/local/bin:/opt/local/bin:/usr/local/gnu/bin:${PATH})
+changequote(, )dnl
+dnl[ That bracket is needed to balance the right bracket below
+if test "$PERL" = "false" || $PERL -e 'exit ($] >= 5)'; then
+changequote([, ])dnl
+  ac_cv_path_PERL=false
+  PERL=false
+dnl  AC_MSG_WARN(perl version 5 not found)
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SO_BSDCOMPAT
+dnl
+dnl Check if the system has the SO_BSDCOMPAT flag on sockets (linux) 
+dnl
+AC_DEFUN(LM_DECL_SO_BSDCOMPAT,
+[AC_CACHE_CHECK([for SO_BSDCOMPAT declaration], ac_cv_decl_so_bsdcompat,
+AC_TRY_COMPILE([#include <sys/socket.h>], [int i = SO_BSDCOMPAT;],
+               ac_cv_decl_so_bsdcompat=yes,
+               ac_cv_decl_so_bsdcompat=no))
+
+case "${ac_cv_decl_so_bsdcompat}" in
+  "yes" ) AC_DEFINE(HAVE_SO_BSDCOMPAT,[],
+		[Define if you have SO_BSDCOMPAT flag on sockets]) ;;
+  * ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_INADDR_LOOPBACK
+dnl
+dnl Try to find declaration of INADDR_LOOPBACK, if nowhere provide a default
+dnl
+
+AC_DEFUN(LM_DECL_INADDR_LOOPBACK,
+[AC_CACHE_CHECK([for INADDR_LOOPBACK in netinet/in.h],
+ ac_cv_decl_inaddr_loopback,
+[AC_TRY_COMPILE([#include <sys/types.h>
+#include <netinet/in.h>], [int i = INADDR_LOOPBACK;],
+ac_cv_decl_inaddr_loopback=yes, ac_cv_decl_inaddr_loopback=no)
+])
+
+if test ${ac_cv_decl_inaddr_loopback} = no; then
+  AC_CACHE_CHECK([for INADDR_LOOPBACK in rpc/types.h],
+                   ac_cv_decl_inaddr_loopback_rpc,
+                   AC_TRY_COMPILE([#include <rpc/types.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_rpc=yes,
+                                   ac_cv_decl_inaddr_loopback_rpc=no))
+
+   case "${ac_cv_decl_inaddr_loopback_rpc}" in
+     "yes" )
+        AC_DEFINE(DEF_INADDR_LOOPBACK_IN_RPC_TYPES_H,[],
+		[Define if you need to include rpc/types.h to get INADDR_LOOPBACK defined]) ;;
+      * )
+  	AC_CACHE_CHECK([for INADDR_LOOPBACK in winsock2.h],
+                   ac_cv_decl_inaddr_loopback_winsock2,
+                   AC_TRY_COMPILE([#define WIN32_LEAN_AND_MEAN
+				   #include <winsock2.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_winsock2=yes,
+                                   ac_cv_decl_inaddr_loopback_winsock2=no))
+	case "${ac_cv_decl_inaddr_loopback_winsock2}" in
+     		"yes" )
+			AC_DEFINE(DEF_INADDR_LOOPBACK_IN_WINSOCK2_H,[],
+				[Define if you need to include winsock2.h to get INADDR_LOOPBACK defined]) ;;
+		* )
+			# couldn't find it anywhere
+        		AC_DEFINE(HAVE_NO_INADDR_LOOPBACK,[],
+				[Define if you don't have a definition of INADDR_LOOPBACK]) ;;
+	esac;;
+   esac
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_SOCKADDR_SA_LEN
+dnl
+dnl Check if the sockaddr structure has the field sa_len
+dnl
+
+AC_DEFUN(LM_STRUCT_SOCKADDR_SA_LEN,
+[AC_CACHE_CHECK([whether struct sockaddr has sa_len field],
+                ac_cv_struct_sockaddr_sa_len,
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <sys/socket.h>], [struct sockaddr s; s.sa_len = 10;],
+  ac_cv_struct_sockaddr_sa_len=yes, ac_cv_struct_sockaddr_sa_len=no))
+
+dnl FIXME convbreak
+case ${ac_cv_struct_sockaddr_sa_len} in
+  "no" ) AC_DEFINE(NO_SA_LEN,[1],[Define if you dont have salen]) ;;
+  *) ;;
+esac
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_EXCEPTION
+dnl
+dnl Check to see whether the system supports the matherr function
+dnl and its associated type "struct exception".
+dnl
+
+AC_DEFUN(LM_STRUCT_EXCEPTION,
+[AC_CACHE_CHECK([for struct exception (and matherr function)],
+ ac_cv_struct_exception,
+AC_TRY_COMPILE([#include <math.h>],
+  [struct exception x; x.type = DOMAIN; x.type = SING;],
+  ac_cv_struct_exception=yes, ac_cv_struct_exception=no))
+
+case "${ac_cv_struct_exception}" in
+  "yes" ) AC_DEFINE(USE_MATHERR,[1],[Define if you have matherr() function and struct exception type]) ;;
+  *  ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_IPV6
+dnl
+dnl Check for ipv6 support and what the in6_addr structure is called.
+dnl (early linux used in_addr6 insted of in6_addr)
+dnl
+
+AC_DEFUN(LM_SYS_IPV6,
+[AC_MSG_CHECKING(for IP version 6 support)
+AC_CACHE_VAL(ac_cv_sys_ipv6_support,
+[ok_so_far=yes
+ AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+   [struct in6_addr a6; struct sockaddr_in6 s6;], ok_so_far=yes, ok_so_far=no)
+
+if test $ok_so_far = yes; then
+  ac_cv_sys_ipv6_support=yes
+else
+  AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+    [struct in_addr6 a6; struct sockaddr_in6 s6;],
+    ac_cv_sys_ipv6_support=in_addr6, ac_cv_sys_ipv6_support=no)
+fi
+])dnl
+
+dnl
+dnl Have to use old style AC_DEFINE due to BC with old autoconf.
+dnl
+
+case ${ac_cv_sys_ipv6_support} in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    ;;
+  in_addr6)
+    AC_MSG_RESULT([yes (but I am redefining in_addr6 to in6_addr)])
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    AC_DEFINE(HAVE_IN_ADDR6_STRUCT,[],[Early linux used in_addr6 instead of in6_addr, define if you have this])
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_MULTICAST
+dnl
+dnl Check for multicast support. Only checks for multicast options in
+dnl setsockopt(), no check is performed that multicasting actually works.
+dnl If options are found defines HAVE_MULTICAST_SUPPORT
+dnl
+
+AC_DEFUN(LM_SYS_MULTICAST,
+[AC_CACHE_CHECK([for multicast support], ac_cv_sys_multicast_support,
+[AC_EGREP_CPP(yes,
+[#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#if defined(IP_MULTICAST_TTL) && defined(IP_MULTICAST_LOOP) && defined(IP_MULTICAST_IF) && defined(IP_ADD_MEMBERSHIP) && defined(IP_DROP_MEMBERSHIP)
+yes
+#endif
+], ac_cv_sys_multicast_support=yes, ac_cv_sys_multicast_support=no)])
+if test $ac_cv_sys_multicast_support = yes; then
+  AC_DEFINE(HAVE_MULTICAST_SUPPORT,[1],
+	[Define if setsockopt() accepts multicast options])
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SYS_ERRLIST
+dnl
+dnl Define SYS_ERRLIST_DECLARED if the variable sys_errlist is declared
+dnl in a system header file, stdio.h or errno.h.
+dnl
+
+AC_DEFUN(LM_DECL_SYS_ERRLIST,
+[AC_CACHE_CHECK([for sys_errlist declaration in stdio.h or errno.h],
+  ac_cv_decl_sys_errlist,
+[AC_TRY_COMPILE([#include <stdio.h>
+#include <errno.h>], [char *msg = *(sys_errlist + 1);],
+  ac_cv_decl_sys_errlist=yes, ac_cv_decl_sys_errlist=no)])
+if test $ac_cv_decl_sys_errlist = yes; then
+  AC_DEFINE(SYS_ERRLIST_DECLARED,[],
+	[define if the variable sys_errlist is declared in a system header file])
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_FUNC_DECL( funname, declaration [, extra includes 
+dnl                     [, action-if-found [, action-if-not-found]]] )
+dnl
+dnl Checks if the declaration "declaration" of "funname" conflicts
+dnl with the header files idea of how the function should be
+dnl declared. It is useful on systems which lack prototypes and you
+dnl need to provide your own (e.g. when you want to take the address
+dnl of a function). The 4'th argument is expanded if conflicting, 
+dnl the 5'th argument otherwise
+dnl
+dnl
+
+AC_DEFUN(LM_CHECK_FUNC_DECL,
+[AC_MSG_CHECKING([for conflicting declaration of $1])
+AC_CACHE_VAL(ac_cv_func_decl_$1,
+[AC_TRY_COMPILE([#include <stdio.h>
+$3],[$2
+char *c = (char *)$1;
+], eval "ac_cv_func_decl_$1=no", eval "ac_cv_func_decl_$1=yes")])
+if eval "test \"`echo '$ac_cv_func_decl_'$1`\" = yes"; then
+  AC_MSG_RESULT(yes)
+  ifelse([$4], , :, [$4])
+else
+  AC_MSG_RESULT(no)
+ifelse([$5], , , [$5
+])dnl
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_THR_LIB
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl LM_CHECK_THR_LIB sets THR_LIBS, THR_DEFS, and THR_LIB_NAME. It also
+dnl checks for some pthread headers which will appear in DEFS or config.h.
+dnl
+
+AC_DEFUN(LM_CHECK_THR_LIB,
+[
+
+NEED_NPTL_PTHREAD_H=no
+
+dnl win32?
+AC_MSG_CHECKING([for native win32 threads])
+if test "X$host_os" = "Xwin32"; then
+    AC_MSG_RESULT(yes)
+    THR_DEFS="-DWIN32_THREADS"
+    THR_LIBS=
+    THR_LIB_NAME=win32_threads
+    THR_LIB_TYPE=win32_threads
+else
+    AC_MSG_RESULT(no)
+    THR_DEFS=
+    THR_LIBS=
+    THR_LIB_NAME=
+    THR_LIB_TYPE=posix_unknown
+
+dnl Try to find POSIX threads
+
+dnl The usual pthread lib...
+    AC_CHECK_LIB(pthread, pthread_create, THR_LIBS="-lpthread")
+
+dnl FreeBSD has pthreads in special c library, c_r...
+    if test "x$THR_LIBS" = "x"; then
+	AC_CHECK_LIB(c_r, pthread_create, THR_LIBS="-lc_r")
+    fi
+
+dnl On ofs1 the '-pthread' switch should be used
+    if test "x$THR_LIBS" = "x"; then
+	AC_MSG_CHECKING([if the '-pthread' switch can be used])
+	saved_cflags=$CFLAGS
+	CFLAGS="$CFLAGS -pthread"
+	AC_TRY_LINK([#include <pthread.h>],
+		    pthread_create((void*)0,(void*)0,(void*)0,(void*)0);,
+		    [THR_DEFS="-pthread"
+		     THR_LIBS="-pthread"])
+	CFLAGS=$saved_cflags
+	if test "x$THR_LIBS" != "x"; then
+	    AC_MSG_RESULT(yes)
+	else
+	    AC_MSG_RESULT(no)
+	fi
+    fi
+
+    if test "x$THR_LIBS" != "x"; then
+	THR_DEFS="$THR_DEFS -D_THREAD_SAFE -D_REENTRANT -DPOSIX_THREADS"
+	THR_LIB_NAME=pthread
+	case $host_os in
+	    solaris*)
+		THR_DEFS="$THR_DEFS -D_POSIX_PTHREAD_SEMANTICS" ;;
+	    linux*)
+		THR_DEFS="$THR_DEFS -D_POSIX_THREAD_SAFE_FUNCTIONS"
+
+		LM_CHECK_GETCONF
+		AC_MSG_CHECKING(for Native POSIX Thread Library)
+		libpthr_vsn=`$GETCONF GNU_LIBPTHREAD_VERSION 2>/dev/null`
+		if test $? -eq 0; then
+		    case "$libpthr_vsn" in
+			*nptl*|*NPTL*) nptl=yes;;
+			*) nptl=no;;
+		    esac
+		elif test "$cross_compiling" = "yes"; then
+		    case "$erl_xcomp_linux_nptl" in
+			"") nptl=cross;;
+			yes|no) nptl=$erl_xcomp_linux_nptl;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_nptl value: $erl_xcomp_linux_nptl]);;
+		    esac
+		else
+		    nptl=no
+		fi
+		AC_MSG_RESULT($nptl)
+		if test $nptl = cross; then
+		    nptl=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $nptl = yes; then
+		    THR_LIB_TYPE=posix_nptl
+		    need_nptl_incldir=no
+		    AC_CHECK_HEADER(nptl/pthread.h,
+				    [need_nptl_incldir=yes
+				     NEED_NPTL_PTHREAD_H=yes])
+		    if test $need_nptl_incldir = yes; then
+			# Ahh...
+			nptl_path="$C_INCLUDE_PATH:$CPATH"
+			if test X$cross_compiling != Xyes; then
+			    nptl_path="$nptl_path:/usr/local/include:/usr/include"
+			else
+			    IROOT="$erl_xcomp_isysroot"
+			    test "$IROOT" != "" || IROOT="$erl_xcomp_sysroot"
+			    test "$IROOT" != "" || AC_MSG_ERROR([Don't know where to search for includes! Please set erl_xcomp_isysroot])
+			    nptl_path="$nptl_path:$IROOT/usr/local/include:$IROOT/usr/include"
+			fi
+			nptl_ws_path=
+			save_ifs="$IFS"; IFS=":"
+			for dir in $nptl_path; do
+			    if test "x$dir" != "x"; then
+				nptl_ws_path="$nptl_ws_path $dir"
+			    fi
+			done
+			IFS=$save_ifs
+			nptl_incldir=
+			for dir in $nptl_ws_path; do
+		            AC_CHECK_HEADER($dir/nptl/pthread.h,
+					    nptl_incldir=$dir/nptl)
+			    if test "x$nptl_incldir" != "x"; then
+				THR_DEFS="$THR_DEFS -isystem $nptl_incldir"
+				break
+			    fi
+			done
+			if test "x$nptl_incldir" = "x"; then
+			    AC_MSG_ERROR(Failed to locate nptl system include directory)
+			fi
+		    fi
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need THR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags=$CPPFLAGS
+	CPPFLAGS="$CPPFLAGS $THR_DEFS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h,
+			AC_DEFINE(HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+    fi
+fi
+
+])
+
+AC_DEFUN(ERL_INTERNAL_LIBS,
+[
+
+ERTS_INTERNAL_X_LIBS=
+
+AC_CHECK_LIB(kstat, kstat_open,
+[AC_DEFINE(HAVE_KSTAT, 1, [Define if you have kstat])
+ERTS_INTERNAL_X_LIBS="$ERTS_INTERNAL_X_LIBS -lkstat"])
+
+AC_SUBST(ERTS_INTERNAL_X_LIBS)
+
+])
+
+AC_DEFUN(ETHR_CHK_SYNC_OP,
+[
+    AC_MSG_CHECKING([for $3-bit $1()])
+    case "$2" in
+	"1") sync_call="$1(&var);";;
+	"2") sync_call="$1(&var, ($4) 0);";;
+	"3") sync_call="$1(&var, ($4) 0, ($4) 0);";;
+    esac
+    have_sync_op=no
+    AC_TRY_LINK([],
+	[
+	    $4 res;
+	    volatile $4 var;
+	    res = $sync_call
+	],
+	[have_sync_op=yes])
+    test $have_sync_op = yes && $5
+    AC_MSG_RESULT([$have_sync_op])
+])
+
+AC_DEFUN(ETHR_CHK_INTERLOCKED,
+[
+    ilckd="$1"
+    AC_MSG_CHECKING([for ${ilckd}()])
+    case "$2" in
+	"1") ilckd_call="${ilckd}(var);";;
+	"2") ilckd_call="${ilckd}(var, ($3) 0);";;
+	"3") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0);";;
+	"4") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0, arr);";;
+    esac
+    have_interlocked_op=no
+    AC_TRY_LINK(
+	[
+	#define WIN32_LEAN_AND_MEAN
+	#include <windows.h>
+	#include <intrin.h>
+	],
+	[
+	    volatile $3 *var;
+	    volatile $3 arr[2];
+
+	    $ilckd_call
+	    return 0;
+	],
+	[have_interlocked_op=yes])
+    test $have_interlocked_op = yes && $4
+    AC_MSG_RESULT([$have_interlocked_op])
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_FIND_ETHR_LIB
+dnl
+dnl NOTE! This macro may be changed at any time! Should *only* be used by
+dnl       ERTS!
+dnl
+dnl Find a thread library to use. Sets ETHR_LIBS to libraries to link
+dnl with, ETHR_X_LIBS to extra libraries to link with (same as ETHR_LIBS
+dnl except that the ethread lib itself is not included), ETHR_DEFS to
+dnl defines to compile with, ETHR_THR_LIB_BASE to the name of the
+dnl thread library which the ethread library is based on, and ETHR_LIB_NAME
+dnl to the name of the library where the ethread implementation is located.
+dnl  ERL_FIND_ETHR_LIB currently searches for 'pthreads', and
+dnl 'win32_threads'. If no thread library was found ETHR_LIBS, ETHR_X_LIBS,
+dnl ETHR_DEFS, ETHR_THR_LIB_BASE, and ETHR_LIB_NAME are all set to the
+dnl empty string.
+dnl
+
+AC_DEFUN(ERL_FIND_ETHR_LIB,
+[
+
+LM_CHECK_THR_LIB
+ERL_INTERNAL_LIBS
+
+ethr_have_native_atomics=no
+ethr_have_native_spinlock=no
+ETHR_THR_LIB_BASE="$THR_LIB_NAME"
+ETHR_THR_LIB_BASE_TYPE="$THR_LIB_TYPE"
+ETHR_DEFS="$THR_DEFS"
+ETHR_X_LIBS="$THR_LIBS $ERTS_INTERNAL_X_LIBS"
+ETHR_LIBS=
+ETHR_LIB_NAME=
+
+ethr_modified_default_stack_size=
+
+dnl Name of lib where ethread implementation is located
+ethr_lib_name=ethread
+
+case "$THR_LIB_NAME" in
+
+    win32_threads)
+	ETHR_THR_LIB_BASE_DIR=win
+	# * _WIN32_WINNT >= 0x0400 is needed for
+	#   TryEnterCriticalSection
+	# * _WIN32_WINNT >= 0x0403 is needed for
+	#   InitializeCriticalSectionAndSpinCount
+	# The ethread lib will refuse to build if _WIN32_WINNT < 0x0403.
+	#
+	# -D_WIN32_WINNT should have been defined in $CPPFLAGS; fetch it
+	# and save it in ETHR_DEFS.
+	found_win32_winnt=no
+	for cppflag in $CPPFLAGS; do
+	    case $cppflag in
+		-DWINVER*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    ;;
+		-D_WIN32_WINNT*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    found_win32_winnt=yes
+		    ;;
+		*)
+		    ;;
+	    esac
+        done
+        if test $found_win32_winnt = no; then
+	    AC_MSG_ERROR([-D_WIN32_WINNT missing in CPPFLAGS])
+        fi
+
+	AC_DEFINE(ETHR_WIN32_THREADS, 1, [Define if you have win32 threads])
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT, 1, [Define if you have _InterlockedDecrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement_rel], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT_REL, 1, [Define if you have _InterlockedDecrement_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT, 1, [Define if you have _InterlockedIncrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement_acq], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT_ACQ, 1, [Define if you have _InterlockedIncrement_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD, 1, [Define if you have _InterlockedExchangeAdd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd_acq], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD_ACQ, 1, [Define if you have _InterlockedExchangeAdd_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND, 1, [Define if you have _InterlockedAnd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR, 1, [Define if you have _InterlockedOr()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE, 1, [Define if you have _InterlockedExchange()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE, 1, [Define if you have _InterlockedCompareExchange()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_acq], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_ACQ, 1, [Define if you have _InterlockedCompareExchange_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_rel], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_REL, 1, [Define if you have _InterlockedCompareExchange_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64, 1, [Define if you have _InterlockedDecrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64_rel], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64_REL, 1, [Define if you have _InterlockedDecrement64_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64, 1, [Define if you have _InterlockedIncrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64_acq], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64_ACQ, 1, [Define if you have _InterlockedIncrement64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64, 1, [Define if you have _InterlockedExchangeAdd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64_acq], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64_ACQ, 1, [Define if you have _InterlockedExchangeAdd64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND64, 1, [Define if you have _InterlockedAnd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR64, 1, [Define if you have _InterlockedOr64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE64, 1, [Define if you have _InterlockedExchange64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64, 1, [Define if you have _InterlockedCompareExchange64()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_acq], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_ACQ, 1, [Define if you have _InterlockedCompareExchange64_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_rel], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_REL, 1, [Define if you have _InterlockedCompareExchange64_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange128], [4], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE128, 1, [Define if you have _InterlockedCompareExchange128()]))
+
+	test "$ethr_have_native_atomics" = "yes" && ethr_have_native_spinlock=yes
+	;;
+
+    pthread)
+	ETHR_THR_LIB_BASE_DIR=pthread
+    	AC_DEFINE(ETHR_PTHREADS, 1, [Define if you have pthreads])
+	case $host_os in
+	    openbsd*)
+		# The default stack size is insufficient for our needs
+		# on OpenBSD. We increase it to 256 kilo words.
+		ethr_modified_default_stack_size=256;;
+	    linux*)
+		ETHR_DEFS="$ETHR_DEFS -D_GNU_SOURCE"
+
+		if test	X$cross_compiling = Xyes; then
+		    case X$erl_xcomp_linux_usable_sigusrx in
+			X) usable_sigusrx=cross;;
+			Xyes|Xno) usable_sigusrx=$erl_xcomp_linux_usable_sigusrx;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigusrx value: $erl_xcomp_linux_usable_sigusrx]);;
+		    esac
+		    case X$erl_xcomp_linux_usable_sigaltstack in
+			X) usable_sigaltstack=cross;;
+			Xyes|Xno) usable_sigaltstack=$erl_xcomp_linux_usable_sigaltstack;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigaltstack value: $erl_xcomp_linux_usable_sigaltstack]);;
+		    esac
+		else
+		    # FIXME: Test for actual problems instead of kernel versions
+		    linux_kernel_vsn_=`uname -r`
+		    case $linux_kernel_vsn_ in
+			[[0-1]].*|2.[[0-1]]|2.[[0-1]].*)
+			    usable_sigusrx=no
+			    usable_sigaltstack=no;;
+			2.[[2-3]]|2.[[2-3]].*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=no;;
+		    	*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=yes;;
+		    esac
+		fi
+
+		AC_MSG_CHECKING(if SIGUSR1 and SIGUSR2 can be used)
+		AC_MSG_RESULT($usable_sigusrx)
+		if test $usable_sigusrx = cross; then
+		    usable_sigusrx=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigusrx = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGUSRX"
+		fi
+
+		AC_MSG_CHECKING(if sigaltstack can be used)
+		AC_MSG_RESULT($usable_sigaltstack)
+		if test $usable_sigaltstack = cross; then
+		    usable_sigaltstack=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigaltstack = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGALTSTACK"
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need ETHR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags="$CPPFLAGS"
+	CPPFLAGS="$CPPFLAGS $ETHR_DEFS"
+
+	dnl We need the thread library in order to find some functions
+	saved_libs="$LIBS"
+	LIBS="$LIBS $ETHR_X_LIBS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(ETHR_HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	if test $NEED_NPTL_PTHREAD_H = yes; then
+	    AC_DEFINE(ETHR_NEED_NPTL_PTHREAD_H, 1, \
+[Define if you need the <nptl/pthread.h> header file.])
+	fi
+
+	AC_CHECK_HEADER(sched.h, \
+			AC_DEFINE(ETHR_HAVE_SCHED_H, 1, \
+[Define if you have the <sched.h> header file.]))
+
+	AC_CHECK_HEADER(sys/time.h, \
+			AC_DEFINE(ETHR_HAVE_SYS_TIME_H, 1, \
+[Define if you have the <sys/time.h> header file.]))
+
+	AC_TRY_COMPILE([#include <time.h>
+			#include <sys/time.h>], 
+			[struct timeval *tv; return 0;],
+			AC_DEFINE(ETHR_TIME_WITH_SYS_TIME, 1, \
+[Define if you can safely include both <sys/time.h> and <time.h>.]))
+
+
+	dnl
+	dnl Check for functions
+	dnl
+
+	AC_CHECK_FUNC(pthread_spin_lock, \
+			[ethr_have_native_spinlock=yes \
+			 AC_DEFINE(ETHR_HAVE_PTHREAD_SPIN_LOCK, 1, \
+[Define if you have the pthread_spin_lock function.])])
+
+	have_sched_yield=no
+	have_librt_sched_yield=no
+	AC_CHECK_FUNC(sched_yield, [have_sched_yield=yes])
+	if test $have_sched_yield = no; then
+	    AC_CHECK_LIB(rt, sched_yield,
+			 [have_librt_sched_yield=yes
+			  ETHR_X_LIBS="$ETHR_X_LIBS -lrt"])
+	fi
+	if test $have_sched_yield = yes || test $have_librt_sched_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_SCHED_YIELD, 1, [Define if you have the sched_yield() function.])
+	    AC_MSG_CHECKING([whether sched_yield() returns an int])
+	    sched_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#ifdef ETHR_HAVE_SCHED_H
+				#include <sched.h>
+				#endif
+			   ],
+			   [int sched_yield();],
+			   [sched_yield_ret_int=yes])
+	    AC_MSG_RESULT([$sched_yield_ret_int])
+	    if test $sched_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_SCHED_YIELD_RET_INT, 1, [Define if sched_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_yield=no
+	AC_CHECK_FUNC(pthread_yield, [have_pthread_yield=yes])
+	if test $have_pthread_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_PTHREAD_YIELD, 1, [Define if you have the pthread_yield() function.])
+	    AC_MSG_CHECKING([whether pthread_yield() returns an int])
+	    pthread_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			   ],
+			   [int pthread_yield();],
+			   [pthread_yield_ret_int=yes])
+	    AC_MSG_RESULT([$pthread_yield_ret_int])
+	    if test $pthread_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_PTHREAD_YIELD_RET_INT, 1, [Define if pthread_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_rwlock_init=no
+	AC_CHECK_FUNC(pthread_rwlock_init, [have_pthread_rwlock_init=yes])
+	if test $have_pthread_rwlock_init = yes; then
+
+	    ethr_have_pthread_rwlockattr_setkind_np=no
+	    AC_CHECK_FUNC(pthread_rwlockattr_setkind_np,
+			  [ethr_have_pthread_rwlockattr_setkind_np=yes])
+
+	    if test $ethr_have_pthread_rwlockattr_setkind_np = yes; then
+		AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCKATTR_SETKIND_NP, 1, \
+[Define if you have the pthread_rwlockattr_setkind_np() function.])
+
+		AC_MSG_CHECKING([for PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP])
+		ethr_pthread_rwlock_writer_nonrecursive_initializer_np=no
+		AC_TRY_LINK([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			    ],
+			    [
+				pthread_rwlockattr_t *attr;
+				return pthread_rwlockattr_setkind_np(attr,
+				    PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP);
+			    ],
+			    [ethr_pthread_rwlock_writer_nonrecursive_initializer_np=yes])
+		AC_MSG_RESULT([$ethr_pthread_rwlock_writer_nonrecursive_initializer_np])
+		if test $ethr_pthread_rwlock_writer_nonrecursive_initializer_np = yes; then
+		    AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP, 1, \
+[Define if you have the PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP rwlock attribute.])
+		fi
+	    fi
+	fi
+
+	if test "$force_pthread_rwlocks" = "yes"; then
+
+	    AC_DEFINE(ETHR_FORCE_PTHREAD_RWLOCK, 1, \
+[Define if you want to force usage of pthread rwlocks])
+
+	    if test $have_pthread_rwlock_init = yes; then
+		AC_MSG_WARN([Forced usage of pthread rwlocks. Note that this implementation may suffer from starvation issues.])
+	    else
+		AC_MSG_ERROR([User forced usage of pthread rwlock, but no such implementation was found])
+	    fi
+	fi
+
+	AC_CHECK_FUNC(pthread_attr_setguardsize, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_ATTR_SETGUARDSIZE, 1, \
+[Define if you have the pthread_attr_setguardsize function.]))
+
+	linux_futex=no
+	AC_MSG_CHECKING([for Linux futexes])
+	AC_TRY_LINK([
+			#include <sys/syscall.h>
+			#include <unistd.h>
+			#include <linux/futex.h>
+			#include <sys/time.h>
+		    ],
+		    [
+			int i = 1;
+			syscall(__NR_futex, (void *) &i, FUTEX_WAKE, 1,
+				(void*)0,(void*)0, 0);
+			syscall(__NR_futex, (void *) &i, FUTEX_WAIT, 0,
+				(void*)0,(void*)0, 0);
+			return 0;
+		    ],
+		    linux_futex=yes)
+	AC_MSG_RESULT([$linux_futex])
+	test $linux_futex = yes && AC_DEFINE(ETHR_HAVE_LINUX_FUTEX, 1, [Define if you have a linux futex implementation.])
+
+	AC_CHECK_SIZEOF(int)
+	AC_CHECK_SIZEOF(long)
+	AC_CHECK_SIZEOF(long long)
+	AC_CHECK_SIZEOF(__int128_t)
+
+	if test "$ac_cv_sizeof_int" = "4"; then
+	    int32="int"
+	elif test "$ac_cv_sizeof_long" = "4"; then
+	    int32="long"
+	elif test "$ac_cv_sizeof_long_long" = "4"; then
+	    int32="long long"
+	else
+	    AC_MSG_ERROR([No 32-bit type found])
+	fi
+
+	if test "$ac_cv_sizeof_int" = "8"; then
+	    int64="int"
+	elif test "$ac_cv_sizeof_long" = "8"; then
+	    int64="long"
+	elif test "$ac_cv_sizeof_long_long" = "8"; then
+	    int64="long long"
+	else
+	    AC_MSG_ERROR([No 64-bit type found])
+	fi
+
+	int128=no
+	if test "$ac_cv_sizeof___int128_t" = "16"; then
+	    int128="__int128_t"
+	fi
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP32, 1, [Define if you have __sync_val_compare_and_swap() for 32-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH32, 1, [Define if you have __sync_add_and_fetch() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND32, 1, [Define if you have __sync_fetch_and_and() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR32, 1, [Define if you have __sync_fetch_and_or() for 32-bit integers]))
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP64, 1, [Define if you have __sync_val_compare_and_swap() for 64-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH64, 1, [Define if you have __sync_add_and_fetch() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND64, 1, [Define if you have __sync_fetch_and_and() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR64, 1, [Define if you have __sync_fetch_and_or() for 64-bit integers]))
+
+	if test $int128 != no; then
+	    ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [128], [$int128], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP128, 1, [Define if you have __sync_val_compare_and_swap() for 128-bit integers]))
+	fi
+
+	AC_MSG_CHECKING([for a usable libatomic_ops implementation])
+	case "x$with_libatomic_ops" in
+	    xno | xyes | x)
+		libatomic_ops_include=
+		;;
+	    *)
+		if test -d "${with_libatomic_ops}/include"; then
+		    libatomic_ops_include="-I$with_libatomic_ops/include"
+		    CPPFLAGS="$CPPFLAGS $libatomic_ops_include"
+		else
+		    AC_MSG_ERROR([libatomic_ops include directory $with_libatomic_ops/include not found])
+		fi;;
+	esac
+	ethr_have_libatomic_ops=no
+	AC_TRY_LINK([#include "atomic_ops.h"],
+		    [
+			volatile AO_t x;
+			AO_t y;
+			int z;
+
+			AO_nop_full();
+			AO_store(&x, (AO_t) 0);
+			z = AO_load(&x);
+			z = AO_compare_and_swap_full(&x, (AO_t) 0, (AO_t) 1);
+		    ],
+		    [ethr_have_native_atomics=yes
+		     ethr_have_libatomic_ops=yes])
+	AC_MSG_RESULT([$ethr_have_libatomic_ops])
+	if test $ethr_have_libatomic_ops = yes; then
+	    AC_CHECK_SIZEOF(AO_t, ,
+			    [
+				#include <stdio.h>
+				#include "atomic_ops.h"
+			    ])
+	    AC_DEFINE_UNQUOTED(ETHR_SIZEOF_AO_T, $ac_cv_sizeof_AO_t, [Define to the size of AO_t if libatomic_ops is used])
+
+	    AC_DEFINE(ETHR_HAVE_LIBATOMIC_OPS, 1, [Define if you have libatomic_ops atomic operations])
+	    if test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+		AC_DEFINE(ETHR_PREFER_LIBATOMIC_OPS_NATIVE_IMPLS, 1, [Define if you prefer libatomic_ops native ethread implementations])
+	    fi
+	    ETHR_DEFS="$ETHR_DEFS $libatomic_ops_include"
+	elif test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+	    AC_MSG_ERROR([No usable libatomic_ops implementation found])
+	fi
+
+	case "$host_cpu" in
+	  sparc | sun4u | sparc64 | sun4v)
+		case "$with_sparc_memory_order" in
+		    "TSO")
+			AC_DEFINE(ETHR_SPARC_TSO, 1, [Define if only run in Sparc TSO mode]);;
+		    "PSO")
+			AC_DEFINE(ETHR_SPARC_PSO, 1, [Define if only run in Sparc PSO, or TSO mode]);;
+		    "RMO"|"")
+			AC_DEFINE(ETHR_SPARC_RMO, 1, [Define if run in Sparc RMO, PSO, or TSO mode]);;
+		    *)
+			AC_MSG_ERROR([Unsupported Sparc memory order: $with_sparc_memory_order]);;
+		esac
+		ethr_have_native_atomics=yes;; 
+	  i86pc | i*86 | x86_64 | amd64)
+		if test "$enable_x86_out_of_order" = "yes"; then
+			AC_DEFINE(ETHR_X86_OUT_OF_ORDER, 1, [Define if x86/x86_64 out of order instructions should be synchronized])
+		fi
+		ethr_have_native_atomics=yes;;
+	  macppc | ppc | "Power Macintosh")
+		ethr_have_native_atomics=yes;;
+	  tile)
+		ethr_have_native_atomics=yes;;
+	  *)
+		;;
+	esac
+
+	test ethr_have_native_atomics = "yes" && ethr_have_native_spinlock=yes
+
+	dnl Restore LIBS
+	LIBS=$saved_libs
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+	;;
+    *)
+	;;
+esac
+
+AC_MSG_CHECKING([whether default stack size should be modified])
+if test "x$ethr_modified_default_stack_size" != "x"; then
+	AC_DEFINE_UNQUOTED(ETHR_MODIFIED_DEFAULT_STACK_SIZE, $ethr_modified_default_stack_size, [Define if you want to modify the default stack size])
+	AC_MSG_RESULT([yes; to $ethr_modified_default_stack_size kilo words])
+else
+	AC_MSG_RESULT([no])
+fi
+
+if test "x$ETHR_THR_LIB_BASE" != "x"; then
+	ETHR_DEFS="-DUSE_THREADS $ETHR_DEFS"
+	ETHR_LIBS="-l$ethr_lib_name -lerts_internal_r $ETHR_X_LIBS"
+	ETHR_LIB_NAME=$ethr_lib_name
+fi
+
+AC_CHECK_SIZEOF(void *)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_PTR, $ac_cv_sizeof_void_p, [Define to the size of pointers])
+
+AC_CHECK_SIZEOF(int)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_INT, $ac_cv_sizeof_int, [Define to the size of int])
+AC_CHECK_SIZEOF(long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG, $ac_cv_sizeof_long, [Define to the size of long])
+AC_CHECK_SIZEOF(long long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG_LONG, $ac_cv_sizeof_long_long, [Define to the size of long long])
+AC_CHECK_SIZEOF(__int64)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT64, $ac_cv_sizeof___int64, [Define to the size of __int64])
+AC_CHECK_SIZEOF(__int128_t)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT128_T, $ac_cv_sizeof___int128_t, [Define to the size of __int128_t])
+
+
+case X$erl_xcomp_bigendian in
+    X) ;;
+    Xyes|Xno) ac_cv_c_bigendian=$erl_xcomp_bigendian;;
+    *) AC_MSG_ERROR([Bad erl_xcomp_bigendian value: $erl_xcomp_bigendian]);;
+esac
+
+AC_C_BIGENDIAN
+
+if test "$ac_cv_c_bigendian" = "yes"; then
+    AC_DEFINE(ETHR_BIGENDIAN, 1, [Define if bigendian])
+fi
+
+AC_ARG_ENABLE(native-ethr-impls,
+	      AS_HELP_STRING([--disable-native-ethr-impls],
+                             [disable native ethread implementations]),
+[ case "$enableval" in
+    no) disable_native_ethr_impls=yes ;;
+    *)  disable_native_ethr_impls=no ;;
+  esac ], disable_native_ethr_impls=no)
+
+AC_ARG_ENABLE(x86-out-of-order,
+	      AS_HELP_STRING([--enable-x86-out-of-order],
+                             [enable x86/x84_64 out of order support (default disabled)]))
+
+test "X$disable_native_ethr_impls" = "Xyes" &&
+  AC_DEFINE(ETHR_DISABLE_NATIVE_IMPLS, 1, [Define if you want to disable native ethread implementations])
+
+AC_ARG_ENABLE(prefer-gcc-native-ethr-impls,
+	      AS_HELP_STRING([--enable-prefer-gcc-native-ethr-impls],
+			     [prefer gcc native ethread implementations]),
+[ case "$enableval" in
+    yes) enable_prefer_gcc_native_ethr_impls=yes ;;
+    *)  enable_prefer_gcc_native_ethr_impls=no ;;
+  esac ], enable_prefer_gcc_native_ethr_impls=no)
+
+test $enable_prefer_gcc_native_ethr_impls = yes &&
+  AC_DEFINE(ETHR_PREFER_GCC_NATIVE_IMPLS, 1, [Define if you prefer gcc native ethread implementations])
+
+AC_ARG_WITH(libatomic_ops,
+	    AS_HELP_STRING([--with-libatomic_ops=PATH],
+			   [specify and prefer usage of libatomic_ops in the ethread library]))
+
+AC_ARG_WITH(with_sparc_memory_order,
+	    AS_HELP_STRING([--with-sparc-memory-order=TSO|PSO|RMO],
+			   [specify sparc memory order (defaults to RMO)]))
+
+ETHR_X86_SSE2_ASM=no
+case "$GCC-$ac_cv_sizeof_void_p-$host_cpu" in
+  yes-4-i86pc | yes-4-i*86 | yes-4-x86_64 | yes-4-amd64)
+    AC_MSG_CHECKING([for gcc sse2 asm support])
+    save_CFLAGS="$CFLAGS"
+    CFLAGS="$CFLAGS -msse2"
+    gcc_sse2_asm=no
+    AC_TRY_COMPILE([],
+	[
+		long long x, *y;
+		__asm__ __volatile__("movq %1, %0\n\t" : "=x"(x) : "m"(*y) : "memory");
+	],
+	[gcc_sse2_asm=yes])
+    CFLAGS="$save_CFLAGS"
+    AC_MSG_RESULT([$gcc_sse2_asm])
+    if test "$gcc_sse2_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_SSE2_ASM_SUPPORT, 1, [Define if you use a gcc that supports -msse2 and understand sse2 specific asm statements])
+      ETHR_X86_SSE2_ASM=yes
+    fi
+    ;;
+  *)
+    ;;
+esac
+
+case "$GCC-$host_cpu" in
+  yes-i86pc | yes-i*86 | yes-x86_64 | yes-amd64)
+    gcc_dw_cmpxchg_asm=no
+    AC_MSG_CHECKING([for gcc double word cmpxchg asm support])    
+    AC_TRY_COMPILE([],
+	[
+    char xchgd;
+    long new[2], xchg[2], *p;		  
+    __asm__ __volatile__(
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"pushl %%ebx\n\t"
+	"movl %8, %%ebx\n\t"
+#endif
+#if ETHR_SIZEOF_PTR == 4
+	"lock; cmpxchg8b %0\n\t"
+#else
+	"lock; cmpxchg16b %0\n\t"
+#endif
+	"setz %3\n\t"
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"popl %%ebx\n\t"
+#endif
+	: "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	: "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new[1]),
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	  "r"(new[0])
+#else
+	  "b"(new[0])
+#endif
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+    if test $gcc_dw_cmpxchg_asm = no && test $ac_cv_sizeof_void_p = 4; then
+      AC_TRY_COMPILE([],
+	  [
+      char xchgd;
+      long new[2], xchg[2], *p;
+#if !defined(__PIC__) || !__PIC__
+#  error nope
+#endif
+      __asm__ __volatile__(
+    	  "pushl %%ebx\n\t"
+	  "movl (%7), %%ebx\n\t"
+	  "movl 4(%7), %%ecx\n\t"
+	  "lock; cmpxchg8b %0\n\t"
+  	  "setz %3\n\t"
+	  "popl %%ebx\n\t"
+	  : "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	  : "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new)
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+      if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+        AC_DEFINE(ETHR_CMPXCHG8B_REGISTER_SHORTAGE, 1, [Define if you get a register shortage with cmpxchg8b and position independent code])
+      fi
+    fi
+    AC_MSG_RESULT([$gcc_dw_cmpxchg_asm])
+    if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_DW_CMPXCHG_ASM_SUPPORT, 1, [Define if you use a gcc that supports the double word cmpxchg instruction])
+    fi;;
+  *)
+    ;;
+esac
+
+AC_DEFINE(ETHR_HAVE_ETHREAD_DEFINES, 1, \
+[Define if you have all ethread defines])
+
+AC_SUBST(ETHR_X_LIBS)
+AC_SUBST(ETHR_LIBS)
+AC_SUBST(ETHR_LIB_NAME)
+AC_SUBST(ETHR_DEFS)
+AC_SUBST(ETHR_THR_LIB_BASE)
+AC_SUBST(ETHR_THR_LIB_BASE_DIR)
+AC_SUBST(ETHR_X86_SSE2_ASM)
+
+])
+
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_TIME_CORRECTION
+dnl
+dnl In the presence of a high resolution realtime timer Erlang can adapt
+dnl its view of time relative to this timer. On solaris such a timer is
+dnl available with the syscall gethrtime(). On other OS's a fallback
+dnl solution using times() is implemented. (However on e.g. FreeBSD times()
+dnl is implemented using gettimeofday so it doesn't make much sense to
+dnl use it there...) On second thought, it seems to be safer to do it the
+dnl other way around. I.e. only use times() on OS's where we know it will
+dnl work...
+dnl
+
+AC_DEFUN(ERL_TIME_CORRECTION,
+[if test x$ac_cv_func_gethrtime = x; then
+  AC_CHECK_FUNC(gethrtime)
+fi
+if test x$clock_gettime_correction = xunknown; then
+	AC_TRY_COMPILE([#include <time.h>],
+			[struct timespec ts;
+     			 long long result;
+			 clock_gettime(CLOCK_MONOTONIC,&ts);
+                         result = ((long long) ts.tv_sec) * 1000000000LL + 
+			 ((long long) ts.tv_nsec);],
+			clock_gettime_compiles=yes,
+			clock_gettime_compiles=no)
+else
+	clock_gettime_compiles=no
+fi
+			
+
+AC_CACHE_CHECK([how to correct for time adjustments], erl_cv_time_correction,
+[
+case $clock_gettime_correction in
+    yes)
+	erl_cv_time_correction=clock_gettime;;	
+    no|unknown)
+	case $ac_cv_func_gethrtime in
+  	    yes)
+    		erl_cv_time_correction=hrtime ;;
+  	    no)
+    		case $host_os in
+        	    linux*)
+			case $clock_gettime_correction in
+			    unknown)
+				if test x$clock_gettime_compiles = xyes; then
+				    if test X$cross_compiling != Xyes; then
+				    	linux_kernel_vsn_=`uname -r`
+				    	case $linux_kernel_vsn_ in
+					    [[0-1]].*|2.[[0-5]]|2.[[0-5]].*)
+					    	erl_cv_time_correction=times ;;
+					    *)
+					    	erl_cv_time_correction=clock_gettime;;
+				    	esac
+				    else
+					case X$erl_xcomp_linux_clock_gettime_correction in
+					    X)
+						erl_cv_time_correction=cross;;
+					    Xyes|Xno)
+						if test $erl_xcomp_linux_clock_gettime_correction = yes; then
+						    erl_cv_time_correction=clock_gettime
+						else
+					    	    erl_cv_time_correction=times
+						fi;;
+					    *)
+						AC_MSG_ERROR([Bad erl_xcomp_linux_clock_gettime_correction value: $erl_xcomp_linux_clock_gettime_correction]);;
+					esac
+				    fi
+				else
+				    erl_cv_time_correction=times
+				fi
+				;;
+			     *)				
+        			erl_cv_time_correction=times ;;
+			esac
+			;;
+            	    *)
+        		erl_cv_time_correction=none ;;
+    		esac
+    		;;
+	esac
+	;;
+esac
+])
+
+xrtlib=""
+case $erl_cv_time_correction in
+  times)
+    AC_DEFINE(CORRECT_USING_TIMES,[],
+	[Define if you do not have a high-res. timer & want to use times() instead])
+    ;;
+  clock_gettime|cross)
+    if test $erl_cv_time_correction = cross; then
+	erl_cv_time_correction=clock_gettime
+	AC_MSG_WARN([result clock_gettime guessed because of cross compilation])
+    fi
+    xrtlib="-lrt"
+    AC_DEFINE(GETHRTIME_WITH_CLOCK_GETTIME,[1],
+	[Define if you want to use clock_gettime to simulate gethrtime])
+    ;;
+esac
+dnl
+dnl Check if gethrvtime is working, and if to use procfs ioctl
+dnl or (yet to be written) write to the procfs ctl file.
+dnl
+
+AC_MSG_CHECKING([if gethrvtime works and how to use it])
+AC_TRY_RUN([
+/* gethrvtime procfs ioctl test */
+/* These need to be undef:ed to not break activation of
+ * micro level process accounting on /proc/self 
+ */
+#ifdef _LARGEFILE_SOURCE
+#  undef _LARGEFILE_SOURCE
+#endif
+#ifdef _FILE_OFFSET_BITS
+#  undef _FILE_OFFSET_BITS
+#endif
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/signal.h>
+#include <sys/fault.h>
+#include <sys/syscall.h>
+#include <sys/procfs.h>
+#include <fcntl.h>
+
+int main() {
+    long msacct = PR_MSACCT;
+    int fd;
+    long long start, stop;
+    int i;
+    pid_t pid = getpid();
+    char proc_self[30] = "/proc/";
+
+    sprintf(proc_self+strlen(proc_self), "%lu", (unsigned long) pid);
+    if ( (fd = open(proc_self, O_WRONLY)) == -1)
+	exit(1);
+    if (ioctl(fd, PIOCSET, &msacct) < 0)
+	exit(2);
+    if (close(fd) < 0)
+	exit(3);
+    start = gethrvtime();
+    for (i = 0; i < 100; i++)
+	stop = gethrvtime();
+    if (start == 0)
+	exit(4);
+    if (start == stop)
+	exit(5);
+    exit(0); return 0;
+}
+],
+erl_gethrvtime=procfs_ioctl,
+erl_gethrvtime=false,
+[
+case X$erl_xcomp_gethrvtime_procfs_ioctl in
+    X)
+	erl_gethrvtime=cross;;
+    Xyes|Xno)
+	if test $erl_xcomp_gethrvtime_procfs_ioctl = yes; then
+	    erl_gethrvtime=procfs_ioctl
+	else
+	    erl_gethrvtime=false
+	fi;;
+    *)
+	AC_MSG_ERROR([Bad erl_xcomp_gethrvtime_procfs_ioctl value: $erl_xcomp_gethrvtime_procfs_ioctl]);;
+esac
+])
+
+case $erl_gethrvtime in
+  procfs_ioctl)
+	AC_DEFINE(HAVE_GETHRVTIME_PROCFS_IOCTL,[1],
+		[define if gethrvtime() works and uses ioctl() to /proc/self])
+	AC_MSG_RESULT(uses ioctl to procfs)
+	;;
+  *)
+	if test $erl_gethrvtime = cross; then
+	    erl_gethrvtime=false
+	    AC_MSG_RESULT(cross)
+	    AC_MSG_WARN([result 'not working' guessed because of cross compilation])
+	else
+	    AC_MSG_RESULT(not working)
+	fi
+
+	dnl
+	dnl Check if clock_gettime (linux) is working
+	dnl
+
+	AC_MSG_CHECKING([if clock_gettime can be used to get process CPU time])
+	save_libs=$LIBS
+	LIBS="-lrt"
+	AC_TRY_RUN([
+	#include <stdlib.h>
+	#include <unistd.h>
+	#include <string.h>
+	#include <stdio.h>
+	#include <time.h>
+	int main() {
+	    long long start, stop;
+	    int i;
+	    struct timespec tp;
+
+	    if (clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp) < 0)
+	      exit(1);
+	    start = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    for (i = 0; i < 100; i++)
+	      clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp);
+	    stop = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    if (start == 0)
+	      exit(4);
+	    if (start == stop)
+	      exit(5);
+	    exit(0); return 0;
+	  }
+	],
+	erl_clock_gettime=yes,
+	erl_clock_gettime=no,
+	[
+	case X$erl_xcomp_clock_gettime_cpu_time in
+	    X) erl_clock_gettime=cross;;
+	    Xyes|Xno) erl_clock_gettime=$erl_xcomp_clock_gettime_cpu_time;;
+	    *) AC_MSG_ERROR([Bad erl_xcomp_clock_gettime_cpu_time value: $erl_xcomp_clock_gettime_cpu_time]);;
+	esac
+	])
+	LIBS=$save_libs
+	case $host_os in
+		linux*)
+			AC_MSG_RESULT([no; not stable])
+			LIBRT=$xrtlib
+			;;
+		*)
+			AC_MSG_RESULT($erl_clock_gettime)
+			case $erl_clock_gettime in
+	  			yes)
+					AC_DEFINE(HAVE_CLOCK_GETTIME,[],
+						  [define if clock_gettime() works for getting process time])
+					LIBRT=-lrt
+					;;
+	  			cross)
+					erl_clock_gettime=no
+					AC_MSG_WARN([result no guessed because of cross compilation])
+					LIBRT=$xrtlib
+					;;
+	  			*)
+					LIBRT=$xrtlib
+					;;
+			esac
+			;;
+	esac
+	AC_SUBST(LIBRT)
+	;;
+esac
+])dnl
+
+dnl ERL_TRY_LINK_JAVA(CLASSES, FUNCTION-BODY
+dnl                   [ACTION_IF_FOUND [, ACTION-IF-NOT-FOUND]])
+dnl Freely inspired by AC_TRY_LINK. (Maybe better to create a 
+dnl AC_LANG_JAVA instead...)
+AC_DEFUN(ERL_TRY_LINK_JAVA,
+[java_link='$JAVAC conftest.java 1>&AC_FD_CC'
+changequote(, )dnl
+cat > conftest.java <<EOF
+$1
+class conftest { public static void main(String[] args) {
+   $2
+   ; return; }}
+EOF
+changequote([, ])dnl
+if AC_TRY_EVAL(java_link) && test -s conftest.class; then
+   ifelse([$3], , :, [rm -rf conftest*
+   $3])
+else
+   echo "configure: failed program was:" 1>&AC_FD_CC
+   cat conftest.java 1>&AC_FD_CC
+   echo "configure: PATH was $PATH" 1>&AC_FD_CC
+ifelse([$4], , , [  rm -rf conftest*
+  $4
+])dnl
+fi
+rm -f conftest*])
+#define UNSAFE_MASK  0xc0000000 /* Mask for bits that must be constant */
+
+
diff --git a/lib/erl_interface/configure.in b/lib/erl_interface/configure.in
index 72ac8c7bbf..c958f80065 100644
--- a/lib/erl_interface/configure.in
+++ b/lib/erl_interface/configure.in
@@ -1,7 +1,7 @@
 #                                               -*- Autoconf -*-
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2000-2010. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -89,7 +89,7 @@ AC_PROG_CC
 AC_PROG_CPP
 dnl AC_PROG_LIBTOOL
 AC_PROG_RANLIB
-AC_CHECK_PROG(LD, ld.sh)
+AC_CHECK_PROGS(LD, ld.sh)
 AC_CHECK_TOOL(LD, ld, '$(CC)')
 AC_SUBST(LD)
 
@@ -224,50 +224,8 @@ elif test "x$with_gmp" != "xno" -a -n "$with_gmp" ;then
     # FIXME return ERROR if no lib
 fi
 
-MIXED_CYGWIN=no
-
-AC_MSG_CHECKING(for mixed cygwin and native VC++ environment)
-if test "X$CC" = "Xcc.sh" -a "X$host" = "Xwin32" -a "x$GCC" != x"yes"; then
-	if test -x /usr/bin/cygpath; then
-		CFLAGS="-O2"
-		MIXED_CYGWIN=yes
-		AC_MSG_RESULT([yes])
-		MIXED_CYGWIN_VC=yes
-	else
-		AC_MSG_RESULT([undeterminable])
-		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
-	fi
-else
-	AC_MSG_RESULT([no])
-	MIXED_CYGWIN_VC=no
-fi
-AC_SUBST(MIXED_CYGWIN_VC)
-
-AC_MSG_CHECKING(for mixed cygwin and native MinGW environment)
-if test "X$CC" = "Xcc.sh" -a "X$host" = "Xwin32" -a "x$GCC" = x"yes"; then
-	if test -x /usr/bin/cygpath; then
-		CFLAGS="-O2"
-		MIXED_CYGWIN=yes
-		AC_MSG_RESULT([yes])
-		MIXED_CYGWIN_MINGW=yes
-	else
-		AC_MSG_RESULT([undeterminable])
-		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
-	fi
-else
-	AC_MSG_RESULT([no])
-	MIXED_CYGWIN_MINGW=no
-fi
-AC_SUBST(MIXED_CYGWIN_MINGW)
-
-AC_MSG_CHECKING(if we mix cygwin with any native compiler)
-if test "X$MIXED_CYGWIN" = "Xyes" ; then
-	AC_MSG_RESULT([yes])	
-else
-	AC_MSG_RESULT([no])
-fi
-
-AC_SUBST(MIXED_CYGWIN)
+LM_WINDOWS_ENVIRONMENT
+	
 	
 dnl
 dnl Threads
@@ -338,12 +296,6 @@ AC_SUBST(LIB_CFLAGS)
 if test "X$host" = "Xwin32"; then
   LIB_CFLAGS="$CFLAGS"
 else
-  case $host_os in
-    darwin*)
-	CFLAGS="$CFLAGS -no-cpp-precomp"
-	;;
-  esac
-
   if test "x$GCC" = xyes; then
 	LIB_CFLAGS="$CFLAGS -fPIC"
   else
diff --git a/lib/erl_interface/doc/src/notes.xml b/lib/erl_interface/doc/src/notes.xml
index 9a42ebfddf..4cb9532880 100644
--- a/lib/erl_interface/doc/src/notes.xml
+++ b/lib/erl_interface/doc/src/notes.xml
@@ -30,6 +30,44 @@
   </header>
   <p>This document describes the changes made to the Erl_interface application.</p>
 
+<section><title>Erl_Interface 3.7.6</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    An error when getting global names on OS X Lion has been
+	    fixed. The error caused truncated strings to be returned
+	    from the function.</p>
+          <p>
+	    Own Id: OTP-9799</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Erl_Interface 3.7.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/erl_interface/src/Makefile.in b/lib/erl_interface/src/Makefile.in
index 0d841cfa48..d6b0ca1f16 100644
--- a/lib/erl_interface/src/Makefile.in
+++ b/lib/erl_interface/src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1997-2010. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -39,7 +39,9 @@ include ../vsn.mk
 include $(TARGET)/eidefs.mk
 
 USING_MINGW=@MIXED_CYGWIN_MINGW@
-USING_VC=@MIXED_CYGWIN_VC@
+USING_MSYS_VC==@MIXED_MSYS_VC@
+USING_CYGWIN_VC==@MIXED_MSYS_VC@
+USING_VC=@MIXED_VC@
 
 ifdef TESTROOT
 RELEASE_PATH=$(TESTROOT)
diff --git a/lib/erl_interface/src/auxdir/config.guess b/lib/erl_interface/src/auxdir/config.guess
index fefabd7dd0..38a833903b 120000..100755
--- a/lib/erl_interface/src/auxdir/config.guess
+++ b/lib/erl_interface/src/auxdir/config.guess
@@ -1 +1,1519 @@
-../../../../erts/autoconf/config.guess
\ No newline at end of file
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+#   Inc.
+
+timestamp='2007-05-17'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner <[email protected]>.
+# Please send patches to <[email protected]>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# The plan is that this can be called by configure scripts if you
+# don't specify an explicit build system type.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <[email protected]>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# ([email protected] 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep __ELF__ >/dev/null
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# [email protected] (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:SunOS:5.*:* | ix86xen:SunOS:5.*:*)
+	echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[45])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep __LP64__ >/dev/null
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	case ${UNAME_MACHINE} in
+	    pc98)
+		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    *:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    *:Interix*:[3456]*)
+    	case ${UNAME_MACHINE} in
+	    x86) 
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    EM64T | authenticamd)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    arm*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    avr32*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-gnu
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-gnu
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-gnu
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    mips:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips
+	#undef mipsel
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mipsel
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips64
+	#undef mips64el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mips64el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips64
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-gnu
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-gnu
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-gnu
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-gnu ;;
+	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
+	  *)    echo hppa-unknown-linux-gnu ;;
+	esac
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-gnu
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    tile:Linux:*:*)
+	echo tile-unknown-linux-gnu
+	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-gnu
+	exit ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-gnu
+	exit ;;
+    xtensa:Linux:*:*)
+    	echo xtensa-unknown-linux-gnu
+	exit ;;
+    i*86:Linux:*:*)
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	# Set LC_ALL=C to ensure ld outputs messages in English.
+	ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
+		;;
+	  a.out-i386-linux)
+		echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+		exit ;;
+	  coff-i386)
+		echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+		exit ;;
+	  "")
+		# Either a pre-BFD a.out linker (linux-gnuoldld) or
+		# one that does not give us useful --help.
+		echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+		exit ;;
+	esac
+	# Determine whether the default compiler is a.out or elf
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <features.h>
+	#ifdef __ELF__
+	# ifdef __GLIBC__
+	#  if __GLIBC__ >= 2
+	LIBC=gnu
+	#  else
+	LIBC=gnulibc1
+	#  endif
+	# else
+	LIBC=gnulibc1
+	# endif
+	#else
+	#if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+	LIBC=gnu
+	#else
+	LIBC=gnuaout
+	#endif
+	#endif
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^LIBC/{
+		s: ::g
+		p
+	    }'`"
+	test x"${LIBC}" != x && {
+		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+		exit
+	}
+	test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i386.
+	echo i386-pc-msdosdjgpp
+        exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && { echo i486-ncr-sysv4; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <[email protected]>
+        echo i586-unisys-sysv4
+        exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <[email protected]>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From [email protected].
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From [email protected].
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From [email protected].
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = "x86"; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    c34*)
+	echo c34-convex-bsd
+	exit ;;
+    c38*)
+	echo c38-convex-bsd
+	exit ;;
+    c4*)
+	echo c4-convex-bsd
+	exit ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <[email protected]> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/lib/erl_interface/src/auxdir/config.sub b/lib/erl_interface/src/auxdir/config.sub
index 90979e8924..f43233b104 120000..100755
--- a/lib/erl_interface/src/auxdir/config.sub
+++ b/lib/erl_interface/src/auxdir/config.sub
@@ -1 +1,1630 @@
-../../../../erts/autoconf/config.sub
\ No newline at end of file
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+#   Inc.
+
+timestamp='2007-04-29'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <[email protected]>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <[email protected]>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray)
+		os=
+		basic_machine=$1
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+	| bfin \
+	| c4x | clipper \
+	| d10v | d30v | dlx | dsp16xx \
+	| fido | fr30 | frv \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64vr | mips64vrel \
+	| mips64orion | mips64orionel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| mt \
+	| msp430 \
+	| nios | nios2 \
+	| ns16k | ns32k \
+	| or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
+	| tahoe | thumb | tic4x | tic80 | tron \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* | avr32-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| m32c-* | m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
+	| msp430-* \
+	| nios-* | nios2-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+	| tron-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa-* \
+	| ymp-* \
+	| z8k-*)
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16c)
+		basic_machine=cr16c-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+		;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	tile*)
+		basic_machine=tile-tilera
+		os=-linux-gnu
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+        -os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+        -tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+        mep-*)
+		os=-elf
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+    	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/lib/erl_interface/src/auxdir/install-sh b/lib/erl_interface/src/auxdir/install-sh
index 9422c370df..a5897de6ea 120000..100755
--- a/lib/erl_interface/src/auxdir/install-sh
+++ b/lib/erl_interface/src/auxdir/install-sh
@@ -1 +1,519 @@
-../../../../erts/autoconf/install-sh
\ No newline at end of file
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2006-12-25.00
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  trap '(exit $?); exit' 1 2 13 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dst_arg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writeable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	-*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test -z "$d" && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/lib/erl_interface/src/legacy/global_names.c b/lib/erl_interface/src/legacy/global_names.c
index 7333d94931..3a437df3a3 100644
--- a/lib/erl_interface/src/legacy/global_names.c
+++ b/lib/erl_interface/src/legacy/global_names.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 1998-2009. All Rights Reserved.
+ * Copyright Ericsson AB 1998-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -94,7 +94,7 @@ char **erl_global_names(int fd, int *count)
   if (!(names = malloc((arity * sizeof(char**)) + (size-index)))) return NULL;
 
   /* arity pointers first, followed by s */
-  s = (char *)(names+arity+1);
+  s = (char *)(names+arity);
 
   if (count) *count = 0;
   for (i=0; i<arity; i++) {
diff --git a/lib/erl_interface/src/misc/ei_format.c b/lib/erl_interface/src/misc/ei_format.c
index cf50f12451..c1e5d998e4 100644
--- a/lib/erl_interface/src/misc/ei_format.c
+++ b/lib/erl_interface/src/misc/ei_format.c
@@ -149,7 +149,7 @@ static int pdigit(const char** fmt, ei_x_buff* x)
 {
     const char* start = *fmt;
     char c;
-    int len, dotp=0;
+    int dotp=0;
     double d;
     long l;
 
@@ -166,7 +166,6 @@ static int pdigit(const char** fmt, ei_x_buff* x)
 	    break;
     } 
     --(*fmt);
-    len = *fmt - start;
     if (dotp) {
 	sscanf(start, "%lf", &d);
 	return ei_x_encode_double(x, d);
diff --git a/lib/erl_interface/test/all_SUITE_data/Makefile.src b/lib/erl_interface/test/all_SUITE_data/Makefile.src
index 42d4c6f27f..70652e47c5 100644
--- a/lib/erl_interface/test/all_SUITE_data/Makefile.src
+++ b/lib/erl_interface/test/all_SUITE_data/Makefile.src
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2003-2009. All Rights Reserved.
+# Copyright Ericsson AB 2003-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/erl_interface/test/all_SUITE_data/init_tc.erl b/lib/erl_interface/test/all_SUITE_data/init_tc.erl
index 8db4667bf9..7a599994fc 100644
--- a/lib/erl_interface/test/all_SUITE_data/init_tc.erl
+++ b/lib/erl_interface/test/all_SUITE_data/init_tc.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/erl_interface/test/port_call_SUITE_data/port_call_drv.c b/lib/erl_interface/test/port_call_SUITE_data/port_call_drv.c
index 80811fb973..abc76085de 100644
--- a/lib/erl_interface/test/port_call_SUITE_data/port_call_drv.c
+++ b/lib/erl_interface/test/port_call_SUITE_data/port_call_drv.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 2001-2009. All Rights Reserved.
+ * Copyright Ericsson AB 2001-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -18,14 +18,17 @@
  */
 
 #include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
 #include "erl_interface.h"
 #include "erl_driver.h"
 
 static ErlDrvPort my_erlang_port;
 static ErlDrvData echo_start(ErlDrvPort, char *);
-static void from_erlang(ErlDrvData, char*, int);
-static int do_call(ErlDrvData drv_data, unsigned int command, char *buf, 
-		     int len, char **rbuf, int rlen, unsigned *ret_flags);
+static void from_erlang(ErlDrvData, char*, ErlDrvSizeT);
+static ErlDrvSSizeT do_call(ErlDrvData drv_data, unsigned int command,
+			    char *buf, ErlDrvSizeT len, char **rbuf,
+			    ErlDrvSizeT rlen, unsigned *ret_flags);
 static ErlDrvEntry echo_driver_entry = { 
     NULL,			/* Init */
     echo_start,
@@ -41,7 +44,15 @@ static ErlDrvEntry echo_driver_entry = {
     NULL,
     NULL,
     NULL,
-    do_call
+    do_call,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL,
 };
 
 DRIVER_INIT(echo_drv)
@@ -56,14 +67,14 @@ echo_start(ErlDrvPort port, char *buf)
 }
 
 static void
-from_erlang(ErlDrvData data, char *buf, int count)
+from_erlang(ErlDrvData data, char *buf, ErlDrvSizeT count)
 {
     driver_output((ErlDrvPort) data, buf, count);
 }
 
-static int 
+static ErlDrvSSizeT
 do_call(ErlDrvData drv_data, unsigned int command, char *buf, 
-	  int len, char **rbuf, int rlen, unsigned *ret_flags) 
+	  ErlDrvSizeT len, char **rbuf, ErlDrvSizeT rlen, unsigned *ret_flags) 
 {
     int nlen;
     ei_x_buff x;
diff --git a/lib/erl_interface/vsn.mk b/lib/erl_interface/vsn.mk
index 601958579c..2c402bba6c 100644
--- a/lib/erl_interface/vsn.mk
+++ b/lib/erl_interface/vsn.mk
@@ -1 +1 @@
-EI_VSN = 3.7.5
+EI_VSN = 3.7.6
diff --git a/lib/et/src/et_gs_contents_viewer.erl b/lib/et/src/et_gs_contents_viewer.erl
index f6a87bd608..5331c7697a 100644
--- a/lib/et/src/et_gs_contents_viewer.erl
+++ b/lib/et/src/et_gs_contents_viewer.erl
@@ -21,6 +21,17 @@
 %%----------------------------------------------------------------------
 
 -module(et_gs_contents_viewer).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,editor,2}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,menu,2}},
+          {nowarn_deprecated_function,{gs,menubar,2}},
+          {nowarn_deprecated_function,{gs,menubutton,2}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,menuitem,3}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -behaviour(gen_server).
 
diff --git a/lib/et/src/et_gs_viewer.erl b/lib/et/src/et_gs_viewer.erl
index 0af7814d15..4e6f0e3f64 100644
--- a/lib/et/src/et_gs_viewer.erl
+++ b/lib/et/src/et_gs_viewer.erl
@@ -21,6 +21,23 @@
 %%----------------------------------------------------------------------
 
 -module(et_gs_viewer).
+-compile([{nowarn_deprecated_function,{gs,canvas,2}},
+          {nowarn_deprecated_function,{gs,checkbutton,3}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,line,2}},
+          {nowarn_deprecated_function,{gs,menu,2}},
+          {nowarn_deprecated_function,{gs,menu,3}},
+          {nowarn_deprecated_function,{gs,menubar,2}},
+          {nowarn_deprecated_function,{gs,menubutton,2}},
+          {nowarn_deprecated_function,{gs,menubutton,3}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,menuitem,3}},
+          {nowarn_deprecated_function,{gs,scale,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,text,2}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -behaviour(gen_server).
 
diff --git a/lib/eunit/doc/src/notes.xml b/lib/eunit/doc/src/notes.xml
index e68330482c..34e8a47e3d 100644
--- a/lib/eunit/doc/src/notes.xml
+++ b/lib/eunit/doc/src/notes.xml
@@ -32,6 +32,24 @@
   </header>
   <p>This document describes the changes made to the EUnit application.</p>
 
+<section><title>Eunit 2.2.2</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Eunit 2.2.1</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/eunit/vsn.mk b/lib/eunit/vsn.mk
index b0a77a225b..445c070e96 100644
--- a/lib/eunit/vsn.mk
+++ b/lib/eunit/vsn.mk
@@ -1 +1 @@
-EUNIT_VSN = 2.2.1
+EUNIT_VSN = 2.2.2
diff --git a/lib/gs/contribs/bonk/bonk.erl b/lib/gs/contribs/bonk/bonk.erl
index 79f01bf659..7e68a4ddc5 100644
--- a/lib/gs/contribs/bonk/bonk.erl
+++ b/lib/gs/contribs/bonk/bonk.erl
@@ -19,6 +19,12 @@
 
 %%
 -module(bonk).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
+
 -export([run/0, run/1,bonk_dir/0,start/0]).
 
 -record(colors, {miss, x, bomb, face}).
diff --git a/lib/gs/contribs/cols/cols.erl b/lib/gs/contribs/cols/cols.erl
index 111c9a58f1..9c44837f3e 100644
--- a/lib/gs/contribs/cols/cols.erl
+++ b/lib/gs/contribs/cols/cols.erl
@@ -19,6 +19,12 @@
 
 %%
 -module(cols).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
 
 -export([start/0, init/0]).
 
diff --git a/lib/gs/contribs/cols/highscore.erl b/lib/gs/contribs/cols/highscore.erl
index 9ffbea50a7..8f984aaa83 100644
--- a/lib/gs/contribs/cols/highscore.erl
+++ b/lib/gs/contribs/cols/highscore.erl
@@ -19,6 +19,13 @@
 
 %%
 -module(highscore).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,grid,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([run/2]).
 
diff --git a/lib/gs/contribs/mandel/mandel.erl b/lib/gs/contribs/mandel/mandel.erl
index 0f1df5c665..6293f867e2 100644
--- a/lib/gs/contribs/mandel/mandel.erl
+++ b/lib/gs/contribs/mandel/mandel.erl
@@ -18,6 +18,11 @@
 %%
 
 -module(mandel).
+-compile([{nowarn_deprecated_function,{gs,assq,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,image,2}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
 -author('(mbj,eklas)@erlang.ericsson.se').
 
 %% User's interface
diff --git a/lib/gs/contribs/othello/othello_board.erl b/lib/gs/contribs/othello/othello_board.erl
index 212ba9bfe1..c52211a495 100644
--- a/lib/gs/contribs/othello/othello_board.erl
+++ b/lib/gs/contribs/othello/othello_board.erl
@@ -19,6 +19,12 @@
 
 %%
 -module(othello_board).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
+
 -export([start/0,stop/0,init/0]).
 
 
diff --git a/lib/gs/doc/src/gs.xml b/lib/gs/doc/src/gs.xml
index f2182fc673..c61e8c4938 100644
--- a/lib/gs/doc/src/gs.xml
+++ b/lib/gs/doc/src/gs.xml
@@ -39,9 +39,7 @@
 	graphical user interface.
       </p>
       <p>
-	GS is not maintained and we plan to deprecate and remove it from
-	the distribution as soon as possible, maybe already in the next
-	major release (R15).
+	GS is deprecated and will be removed in the R16 release.
       </p>
     </warning>
     <p>The Graphics System, GS, is easy to learn and
diff --git a/lib/gs/doc/src/notes.xml b/lib/gs/doc/src/notes.xml
index c32db495a1..cd63104346 100644
--- a/lib/gs/doc/src/notes.xml
+++ b/lib/gs/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2004</year><year>2010</year>
+      <year>2004</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -30,7 +30,31 @@
   </header>
   <p>This document describes the changes made to the GS application.</p>
 
-  <section><title>GS 1.5.14</title>
+  <section><title>GS 1.5.15</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>GS 1.5.14</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/gs/examples/ball.erl b/lib/gs/examples/ball.erl
index 3f91a7b379..03fac3b5fc 100644
--- a/lib/gs/examples/ball.erl
+++ b/lib/gs/examples/ball.erl
@@ -24,6 +24,12 @@
 %% ------------------------------------------------------------
 
 -module(ball).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,canvas,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,oval,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/0,init/0]).
 
diff --git a/lib/gs/examples/browser.erl b/lib/gs/examples/browser.erl
index 1dba5a915b..0f8b3fc7e6 100644
--- a/lib/gs/examples/browser.erl
+++ b/lib/gs/examples/browser.erl
@@ -23,6 +23,14 @@
 %% ------------------------------------------------------------
 
 -module(browser).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,entry,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,listbox,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/0,start/2,init/3]).
 
diff --git a/lib/gs/examples/calc.erl b/lib/gs/examples/calc.erl
index 992b8adb4e..ca29ae1cb9 100644
--- a/lib/gs/examples/calc.erl
+++ b/lib/gs/examples/calc.erl
@@ -23,6 +23,11 @@
 %% ------------------------------------------------------------
 
 -module(calc).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/0,calc/0]).
 
diff --git a/lib/gs/examples/calc2.erl b/lib/gs/examples/calc2.erl
index 0e841397f6..83e1870b7a 100644
--- a/lib/gs/examples/calc2.erl
+++ b/lib/gs/examples/calc2.erl
@@ -24,6 +24,12 @@
 %% ------------------------------------------------------------
 
 -module(calc2).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
+
 -export([start/0,calc/0]).
 
 start() ->
diff --git a/lib/gs/examples/color_demo.erl b/lib/gs/examples/color_demo.erl
index 650f853061..a2f4d0eb87 100644
--- a/lib/gs/examples/color_demo.erl
+++ b/lib/gs/examples/color_demo.erl
@@ -24,6 +24,11 @@
 %% ------------------------------------------------------------
 
 -module(color_demo).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,scale,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/0,init/0]).
 
diff --git a/lib/gs/examples/color_demo2.erl b/lib/gs/examples/color_demo2.erl
index 817cc9ed7d..3b0b36221d 100644
--- a/lib/gs/examples/color_demo2.erl
+++ b/lib/gs/examples/color_demo2.erl
@@ -24,6 +24,10 @@
 %% ------------------------------------------------------------
 
 -module(color_demo2).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
 
 -export([start/0,init/0]).
 
diff --git a/lib/gs/examples/distrib_draw.erl b/lib/gs/examples/distrib_draw.erl
index ecb1386c25..8f76bc6650 100644
--- a/lib/gs/examples/distrib_draw.erl
+++ b/lib/gs/examples/distrib_draw.erl
@@ -43,6 +43,11 @@
 %%  
 
 -module(distrib_draw).
+-compile([{nowarn_deprecated_function,{gs,canvas,3}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,line,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 -export([start/2,init/0]).
 
diff --git a/lib/gs/examples/entry_demo.erl b/lib/gs/examples/entry_demo.erl
index a5ecfbc4d3..4bb64e949e 100644
--- a/lib/gs/examples/entry_demo.erl
+++ b/lib/gs/examples/entry_demo.erl
@@ -23,6 +23,12 @@
 %% ------------------------------------------------------------
 
 -module(entry_demo).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/0,init/1]).
 
diff --git a/lib/gs/examples/event_test.erl b/lib/gs/examples/event_test.erl
index f6fcc9b4b9..8c0a109df4 100644
--- a/lib/gs/examples/event_test.erl
+++ b/lib/gs/examples/event_test.erl
@@ -21,6 +21,9 @@
 %% Demo for testing some events
 
 -module(event_test).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/0,init/0]).
 
diff --git a/lib/gs/examples/file_dialog.erl b/lib/gs/examples/file_dialog.erl
index ff20321374..c1ef6ed8b1 100644
--- a/lib/gs/examples/file_dialog.erl
+++ b/lib/gs/examples/file_dialog.erl
@@ -23,6 +23,11 @@
 %% ------------------------------------------------------------
 
 -module(file_dialog).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
 
 -export([start/0,start/1,start/2,fs_init/3]).
 
diff --git a/lib/gs/examples/focus_demo.erl b/lib/gs/examples/focus_demo.erl
index b9d86866e6..71ca9c6ff5 100644
--- a/lib/gs/examples/focus_demo.erl
+++ b/lib/gs/examples/focus_demo.erl
@@ -23,6 +23,11 @@
 %% ------------------------------------------------------------
 
 -module(focus_demo).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/0,init/0]).
 
diff --git a/lib/gs/examples/frac.erl b/lib/gs/examples/frac.erl
index 139a4be310..46af83de8a 100644
--- a/lib/gs/examples/frac.erl
+++ b/lib/gs/examples/frac.erl
@@ -21,6 +21,9 @@
 %% Purpose : Fractal trees
 
 -module(frac).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
 
 -export([start/0, go/0, test/0, grow/2, expand/3, subst/2]).
 
diff --git a/lib/gs/examples/line_demo.erl b/lib/gs/examples/line_demo.erl
index c8a6a69e2e..ba88605118 100644
--- a/lib/gs/examples/line_demo.erl
+++ b/lib/gs/examples/line_demo.erl
@@ -24,6 +24,12 @@
 %% ------------------------------------------------------------
 
 -module(line_demo).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,canvas,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,line,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/0,init/0,line/3]).
 
diff --git a/lib/gs/examples/man.erl b/lib/gs/examples/man.erl
index a0ffd3364e..bddd6930ab 100644
--- a/lib/gs/examples/man.erl
+++ b/lib/gs/examples/man.erl
@@ -23,6 +23,15 @@
 %% ------------------------------------------------------------
 
 -module(man).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,entry,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,listbox,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 -export([start/0,init/0]).
 -export([man_list/0]).
diff --git a/lib/gs/examples/menu_demo.erl b/lib/gs/examples/menu_demo.erl
index c95fc33152..6b2fc4113a 100644
--- a/lib/gs/examples/menu_demo.erl
+++ b/lib/gs/examples/menu_demo.erl
@@ -19,6 +19,12 @@
 
 %%
 -module(menu_demo).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -compile(export_all).
 
diff --git a/lib/gs/examples/rubber.erl b/lib/gs/examples/rubber.erl
index ba263f07ac..da4aa57391 100644
--- a/lib/gs/examples/rubber.erl
+++ b/lib/gs/examples/rubber.erl
@@ -23,6 +23,14 @@
 %% ------------------------------------------------------------
 
 -module(rubber).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,canvas,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,radiobutton,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 -export([start/0, init/0]).
 
diff --git a/lib/gs/src/Makefile b/lib/gs/src/Makefile
index 964966ba00..43b530295b 100644
--- a/lib/gs/src/Makefile
+++ b/lib/gs/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1996-2009. All Rights Reserved.
+# Copyright Ericsson AB 1996-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/gs/src/gs.erl b/lib/gs/src/gs.erl
index 3e9a1c4b8b..92dce12580 100644
--- a/lib/gs/src/gs.erl
+++ b/lib/gs/src/gs.erl
@@ -24,7 +24,13 @@
 %%
 
 -module(gs).
-
+-deprecated(module).
+-compile([{nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,create_tree,2}},
+          {nowarn_deprecated_function,{gs,foreach,3}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,1}}]).
 
 %% ----- Exports -----
 -export([start/0, stop/0, start/1]).
diff --git a/lib/gs/src/gs_frontend.erl b/lib/gs/src/gs_frontend.erl
index 009b264e69..73954baa8d 100644
--- a/lib/gs/src/gs_frontend.erl
+++ b/lib/gs/src/gs_frontend.erl
@@ -24,6 +24,8 @@
 %%
 
 -module(gs_frontend).
+-compile([{nowarn_deprecated_function,{gs,assq,2}},
+          {nowarn_deprecated_function,{gs,error,2}}]).
 
 -export([create/2,
 	 config/2,
diff --git a/lib/gs/src/gs_make.erl b/lib/gs/src/gs_make.erl
index e41183f9bf..bf8a66001f 100644
--- a/lib/gs/src/gs_make.erl
+++ b/lib/gs/src/gs_make.erl
@@ -19,6 +19,7 @@
 
 %%
 -module(gs_make).
+-compile([{nowarn_deprecated_function,{gs,assq,2}}]).
 
 -export([start/0]).
 
diff --git a/lib/gs/src/gse.erl b/lib/gs/src/gse.erl
index b3ea2af4d4..c62badcc27 100644
--- a/lib/gs/src/gse.erl
+++ b/lib/gs/src/gse.erl
@@ -23,6 +23,68 @@
 %%%----------------------------------------------------------------------
 
 -module(gse).
+-compile([{nowarn_deprecated_function,{gs,arc,2}},
+          {nowarn_deprecated_function,{gs,arc,3}},
+          {nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,button,3}},
+          {nowarn_deprecated_function,{gs,canvas,2}},
+          {nowarn_deprecated_function,{gs,canvas,3}},
+          {nowarn_deprecated_function,{gs,checkbutton,2}},
+          {nowarn_deprecated_function,{gs,checkbutton,3}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,create_tree,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,editor,2}},
+          {nowarn_deprecated_function,{gs,editor,3}},
+          {nowarn_deprecated_function,{gs,entry,2}},
+          {nowarn_deprecated_function,{gs,entry,3}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,frame,3}},
+          {nowarn_deprecated_function,{gs,grid,2}},
+          {nowarn_deprecated_function,{gs,grid,3}},
+          {nowarn_deprecated_function,{gs,gridline,2}},
+          {nowarn_deprecated_function,{gs,gridline,3}},
+          {nowarn_deprecated_function,{gs,image,2}},
+          {nowarn_deprecated_function,{gs,image,3}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,label,3}},
+          {nowarn_deprecated_function,{gs,line,2}},
+          {nowarn_deprecated_function,{gs,line,3}},
+          {nowarn_deprecated_function,{gs,listbox,2}},
+          {nowarn_deprecated_function,{gs,listbox,3}},
+          {nowarn_deprecated_function,{gs,menu,2}},
+          {nowarn_deprecated_function,{gs,menu,3}},
+          {nowarn_deprecated_function,{gs,menubar,2}},
+          {nowarn_deprecated_function,{gs,menubar,3}},
+          {nowarn_deprecated_function,{gs,menubutton,2}},
+          {nowarn_deprecated_function,{gs,menubutton,3}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,menuitem,3}},
+          {nowarn_deprecated_function,{gs,message,2}},
+          {nowarn_deprecated_function,{gs,message,3}},
+          {nowarn_deprecated_function,{gs,oval,2}},
+          {nowarn_deprecated_function,{gs,oval,3}},
+          {nowarn_deprecated_function,{gs,polygon,2}},
+          {nowarn_deprecated_function,{gs,polygon,3}},
+          {nowarn_deprecated_function,{gs,prompter,2}},
+          {nowarn_deprecated_function,{gs,prompter,3}},
+          {nowarn_deprecated_function,{gs,radiobutton,2}},
+          {nowarn_deprecated_function,{gs,radiobutton,3}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,rectangle,2}},
+          {nowarn_deprecated_function,{gs,rectangle,3}},
+          {nowarn_deprecated_function,{gs,scale,2}},
+          {nowarn_deprecated_function,{gs,scale,3}},
+          {nowarn_deprecated_function,{gs,scrollbar,2}},
+          {nowarn_deprecated_function,{gs,scrollbar,3}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,start,1}},
+          {nowarn_deprecated_function,{gs,text,2}},
+          {nowarn_deprecated_function,{gs,text,3}},
+          {nowarn_deprecated_function,{gs,window,2}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 %%-compile(export_all).
 -export([
diff --git a/lib/gs/src/gstk.erl b/lib/gs/src/gstk.erl
index 6f83cf8be4..ee974a5f63 100644
--- a/lib/gs/src/gstk.erl
+++ b/lib/gs/src/gstk.erl
@@ -20,6 +20,8 @@
 %%
 
 -module(gstk).
+-compile([{nowarn_deprecated_function,{gs,assq,2}},
+          {nowarn_deprecated_function,{gs,creation_error,2}}]).
 
 -export([start_link/4,
 	 stop/1,
diff --git a/lib/gs/src/gstk_arc.erl b/lib/gs/src/gstk_arc.erl
index 8e80ef92b5..3c6fe54d36 100644
--- a/lib/gs/src/gstk_arc.erl
+++ b/lib/gs/src/gstk_arc.erl
@@ -23,6 +23,7 @@
 %% ------------------------------------------------------------
 
 -module(gstk_arc).
+-compile([{nowarn_deprecated_function,{gs,creation_error,2}}]).
 
 %%-----------------------------------------------------------------------------
 %% 			    ARC OPTIONS
diff --git a/lib/gs/src/gstk_canvas.erl b/lib/gs/src/gstk_canvas.erl
index 868b3020fe..5d15529995 100644
--- a/lib/gs/src/gstk_canvas.erl
+++ b/lib/gs/src/gstk_canvas.erl
@@ -23,6 +23,8 @@
 %% ------------------------------------------------------------
 
 -module(gstk_canvas).
+-compile([{nowarn_deprecated_function,{gs,pair,2}},
+          {nowarn_deprecated_function,{gs,val,2}}]).
 
 %%-----------------------------------------------------------------------------
 %% 			    CANVAS OPTIONS
diff --git a/lib/gs/src/gstk_editor.erl b/lib/gs/src/gstk_editor.erl
index 8cc7021cc6..2686997036 100644
--- a/lib/gs/src/gstk_editor.erl
+++ b/lib/gs/src/gstk_editor.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,6 +23,9 @@
 %% ------------------------------------------------------------
 
 -module(gstk_editor).
+-compile([{nowarn_deprecated_function,{gs,assq,2}},
+          {nowarn_deprecated_function,{gs,error,2}},
+          {nowarn_deprecated_function,{gs,val,2}}]).
 
 %%------------------------------------------------------------------------------
 %% 			    CANVAS OPTIONS
diff --git a/lib/gs/src/gstk_entry.erl b/lib/gs/src/gstk_entry.erl
index 14f7831151..432ccd5fde 100644
--- a/lib/gs/src/gstk_entry.erl
+++ b/lib/gs/src/gstk_entry.erl
@@ -23,6 +23,7 @@
 %% ------------------------------------------------------------
 
 -module(gstk_entry).
+-compile([{nowarn_deprecated_function,{gs,error,2}}]).
 
 %%------------------------------------------------------------------------------
 %% 			    ENTRY OPTIONS
diff --git a/lib/gs/src/gstk_generic.erl b/lib/gs/src/gstk_generic.erl
index 2cc6c4c2d3..50c3da8dc5 100644
--- a/lib/gs/src/gstk_generic.erl
+++ b/lib/gs/src/gstk_generic.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -20,6 +20,7 @@
 %%
 
 -module(gstk_generic).
+-compile([{nowarn_deprecated_function,{gs,assq,2}}]).
 
 -export([out_opts/8,
 	 read_option/5,
diff --git a/lib/gs/src/gstk_grid.erl b/lib/gs/src/gstk_grid.erl
index 4189246822..f703dad074 100644
--- a/lib/gs/src/gstk_grid.erl
+++ b/lib/gs/src/gstk_grid.erl
@@ -19,6 +19,7 @@
 
 %%
 -module(gstk_grid).
+-compile([{nowarn_deprecated_function,{gs,val,2}}]).
 
 -export([event/5,create/3,config/3,option/5,read/3,delete/2,destroy/2,
 	 mk_create_opts_for_child/4,read_option/5]).
diff --git a/lib/gs/src/gstk_gridline.erl b/lib/gs/src/gstk_gridline.erl
index c1dd5a1443..4585c7e043 100644
--- a/lib/gs/src/gstk_gridline.erl
+++ b/lib/gs/src/gstk_gridline.erl
@@ -19,6 +19,8 @@
 
 %%
 -module(gstk_gridline).
+-compile([{nowarn_deprecated_function,{gs,val,2}},
+          {nowarn_deprecated_function,{gs,val,3}}]).
 
 -export([event/5,create/3,config/3,option/5,read/3,delete/2,destroy/3,
 	read_option/5]).
diff --git a/lib/gs/src/gstk_image.erl b/lib/gs/src/gstk_image.erl
index 9adbe42386..2b7a324e28 100644
--- a/lib/gs/src/gstk_image.erl
+++ b/lib/gs/src/gstk_image.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,6 +23,7 @@
 %% ------------------------------------------------------------
 
 -module(gstk_image).
+-compile([{nowarn_deprecated_function,{gs,pair,2}}]).
 
 %%-----------------------------------------------------------------------------
 %% 			    BITMAP OPTIONS
diff --git a/lib/gs/src/gstk_menu.erl b/lib/gs/src/gstk_menu.erl
index 3957951a35..e878669de6 100644
--- a/lib/gs/src/gstk_menu.erl
+++ b/lib/gs/src/gstk_menu.erl
@@ -23,6 +23,7 @@
 %%------------------------------------------------------------------------------
 
 -module(gstk_menu).
+-compile([{nowarn_deprecated_function,{gs,error,2}}]).
 
 %%------------------------------------------------------------------------------
 %% 			    MENU OPTIONS
diff --git a/lib/gs/src/gstk_menuitem.erl b/lib/gs/src/gstk_menuitem.erl
index 36a9253598..8abf5d13aa 100644
--- a/lib/gs/src/gstk_menuitem.erl
+++ b/lib/gs/src/gstk_menuitem.erl
@@ -23,6 +23,7 @@
 %% ------------------------------------------------------------
 
 -module(gstk_menuitem).
+-compile([{nowarn_deprecated_function,{gs,error,2}}]).
 
 %%-----------------------------------------------------------------------------
 %% 			    MENUITEM OPTIONS
diff --git a/lib/gs/src/gstk_port_handler.erl b/lib/gs/src/gstk_port_handler.erl
index 93f3e58dc2..c6ca2c0f5b 100644
--- a/lib/gs/src/gstk_port_handler.erl
+++ b/lib/gs/src/gstk_port_handler.erl
@@ -34,6 +34,7 @@
 %% ------------------------------------------------------------
 
 -module(gstk_port_handler).
+-compile([{nowarn_deprecated_function,{gs,error,2}}]).
 
 -include("gstk.hrl").
 
diff --git a/lib/gs/src/gstk_rectangle.erl b/lib/gs/src/gstk_rectangle.erl
index 1e02977c9a..14be16c990 100644
--- a/lib/gs/src/gstk_rectangle.erl
+++ b/lib/gs/src/gstk_rectangle.erl
@@ -23,6 +23,7 @@
 %% ------------------------------------------------------------
 
 -module(gstk_rectangle).
+-compile([{nowarn_deprecated_function,{gs,pair,2}}]).
 
 %%-----------------------------------------------------------------------------
 %% 			    RECTANGLE OPTIONS
diff --git a/lib/gs/src/gstk_window.erl b/lib/gs/src/gstk_window.erl
index acac452ed1..4b4706eb88 100644
--- a/lib/gs/src/gstk_window.erl
+++ b/lib/gs/src/gstk_window.erl
@@ -23,6 +23,7 @@
 %% ------------------------------------------------------------
 
 -module(gstk_window).
+-compile([{nowarn_deprecated_function,{gs,destroy,1}}]).
 
 %%------------------------------------------------------------------------------
 %% 			    WINDOW OPTIONS
diff --git a/lib/gs/src/tcl2erl.erl b/lib/gs/src/tcl2erl.erl
index 8845cf0b9a..d159681c5c 100644
--- a/lib/gs/src/tcl2erl.erl
+++ b/lib/gs/src/tcl2erl.erl
@@ -25,6 +25,7 @@
 %% ------------------------------------------------------------
 
 -module(tcl2erl).
+-compile([{nowarn_deprecated_function,{gs,error,2}}]).
 
 -export([parse_event/1,
 	 ret_int/1,
diff --git a/lib/gs/src/tool_file_dialog.erl b/lib/gs/src/tool_file_dialog.erl
index 6b2c2e8c81..cfcfcd1bf6 100644
--- a/lib/gs/src/tool_file_dialog.erl
+++ b/lib/gs/src/tool_file_dialog.erl
@@ -19,6 +19,16 @@
 
 %%
 -module(tool_file_dialog).
+-compile([{nowarn_deprecated_function,{gs,button,3}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,entry,3}},
+          {nowarn_deprecated_function,{gs,frame,3}},
+          {nowarn_deprecated_function,{gs,label,3}},
+          {nowarn_deprecated_function,{gs,listbox,3}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
+
 -export([start/1]).
 
 -record(opts, {type,          % open | save | multiselect
diff --git a/lib/gs/src/tool_utils.erl b/lib/gs/src/tool_utils.erl
index d09af5f22f..69919b18bd 100644
--- a/lib/gs/src/tool_utils.erl
+++ b/lib/gs/src/tool_utils.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -19,6 +19,11 @@
 
 %%
 -module(tool_utils).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}}]).
+
 -include_lib("kernel/include/file.hrl").
 
 %%%---------------------------------------------------------------------
diff --git a/lib/gs/vsn.mk b/lib/gs/vsn.mk
index 4894c6c13a..41a2561809 100644
--- a/lib/gs/vsn.mk
+++ b/lib/gs/vsn.mk
@@ -1,2 +1,2 @@
-GS_VSN = 1.5.14
+GS_VSN = 1.5.15
 
diff --git a/lib/hipe/cerl/cerl_hipe_primops.hrl b/lib/hipe/cerl/cerl_hipe_primops.hrl
index 36b1b62901..1d82f7bfc7 100644
--- a/lib/hipe/cerl/cerl_hipe_primops.hrl
+++ b/lib/hipe/cerl/cerl_hipe_primops.hrl
@@ -59,7 +59,6 @@
 -define(PRIMOP_IS_ATOM, 'is_atom').		% arity 1
 -define(PRIMOP_IS_BIGNUM, 'is_bignum').		% arity 1
 -define(PRIMOP_IS_BINARY, 'is_binary').		% arity 1
--define(PRIMOP_IS_CONSTANT, 'is_constant').	% arity 1
 -define(PRIMOP_IS_FIXNUM, 'is_fixnum').		% arity 1
 -define(PRIMOP_IS_FLOAT, 'is_float').		% arity 1
 -define(PRIMOP_IS_FUNCTION, 'is_function').	% arity 1
diff --git a/lib/hipe/cerl/cerl_hipeify.erl b/lib/hipe/cerl/cerl_hipeify.erl
index 8f6c3561c9..89b4ec147d 100644
--- a/lib/hipe/cerl/cerl_hipeify.erl
+++ b/lib/hipe/cerl/cerl_hipeify.erl
@@ -392,7 +392,6 @@ call_to_primop(erlang, '=<', 2) -> {yes, ?PRIMOP_LE};
 call_to_primop(erlang, '>=', 2) -> {yes, ?PRIMOP_GE};
 call_to_primop(erlang, is_atom, 1) -> {yes, ?PRIMOP_IS_ATOM};
 call_to_primop(erlang, is_binary, 1) -> {yes, ?PRIMOP_IS_BINARY};
-call_to_primop(erlang, is_constant, 1) -> {yes, ?PRIMOP_IS_CONSTANT};
 call_to_primop(erlang, is_float, 1) -> {yes, ?PRIMOP_IS_FLOAT};
 call_to_primop(erlang, is_function, 1) -> {yes, ?PRIMOP_IS_FUNCTION};
 call_to_primop(erlang, is_integer, 1) -> {yes, ?PRIMOP_IS_INTEGER};
diff --git a/lib/hipe/cerl/cerl_messagean.erl b/lib/hipe/cerl/cerl_messagean.erl
index 6dd93adaa3..b9f82f2a43 100644
--- a/lib/hipe/cerl/cerl_messagean.erl
+++ b/lib/hipe/cerl/cerl_messagean.erl
@@ -1083,7 +1083,6 @@ is_imm_op(erlang, is_alive, 0) -> true;
 is_imm_op(erlang, is_atom, 1) -> true;
 is_imm_op(erlang, is_binary, 1) -> true;
 is_imm_op(erlang, is_builtin, 3) -> true;
-is_imm_op(erlang, is_constant, 1) -> true;
 is_imm_op(erlang, is_float, 1) -> true;
 is_imm_op(erlang, is_function, 1) -> true;
 is_imm_op(erlang, is_integer, 1) -> true;
diff --git a/lib/hipe/cerl/cerl_to_icode.erl b/lib/hipe/cerl/cerl_to_icode.erl
index 362c427cbe..089e3f021e 100644
--- a/lib/hipe/cerl/cerl_to_icode.erl
+++ b/lib/hipe/cerl/cerl_to_icode.erl
@@ -88,7 +88,6 @@
 -define(TYPE_IS_ATOM, atom).
 -define(TYPE_IS_BIGNUM, bignum).
 -define(TYPE_IS_BINARY, binary).
--define(TYPE_IS_CONSTANT, constant).
 -define(TYPE_IS_FIXNUM, fixnum).
 -define(TYPE_IS_FLOAT, float).
 -define(TYPE_IS_FUNCTION, function).
@@ -2051,7 +2050,6 @@ is_record_test(T, A, N, True, False, Ctxt, Env, S) ->
 type_test(?PRIMOP_IS_ATOM) -> ?TYPE_IS_ATOM;
 type_test(?PRIMOP_IS_BIGNUM) -> ?TYPE_IS_BIGNUM;
 type_test(?PRIMOP_IS_BINARY) -> ?TYPE_IS_BINARY;
-type_test(?PRIMOP_IS_CONSTANT) -> ?TYPE_IS_CONSTANT;
 type_test(?PRIMOP_IS_FIXNUM) -> ?TYPE_IS_FIXNUM;
 type_test(?PRIMOP_IS_FLOAT) -> ?TYPE_IS_FLOAT;
 type_test(?PRIMOP_IS_FUNCTION) -> ?TYPE_IS_FUNCTION;
@@ -2082,7 +2080,6 @@ is_bool_op(Op, A) when is_atom(Op), is_integer(A) -> false.
 is_type_test(?PRIMOP_IS_ATOM, 1) -> true;
 is_type_test(?PRIMOP_IS_BIGNUM, 1) -> true;
 is_type_test(?PRIMOP_IS_BINARY, 1) -> true;
-is_type_test(?PRIMOP_IS_CONSTANT, 1) -> true;
 is_type_test(?PRIMOP_IS_FIXNUM, 1) -> true;
 is_type_test(?PRIMOP_IS_FLOAT, 1) -> true;
 is_type_test(?PRIMOP_IS_FUNCTION, 1) -> true;
diff --git a/lib/hipe/cerl/erl_bif_types.erl b/lib/hipe/cerl/erl_bif_types.erl
index 1483b2aee1..845df0ca61 100644
--- a/lib/hipe/cerl/erl_bif_types.erl
+++ b/lib/hipe/cerl/erl_bif_types.erl
@@ -54,7 +54,6 @@
 		    t_cons/2,
 		    t_cons_hd/1,
 		    t_cons_tl/1,
-		    t_constant/0,
 		    t_fixnum/0,
 		    t_non_neg_fixnum/0,
 		    t_pos_fixnum/0,
@@ -81,7 +80,6 @@
 		    t_is_bitstr/1,
 		    t_is_boolean/1,
 		    t_is_cons/1,
-		    t_is_constant/1,
 		    t_is_float/1,
 		    t_is_float/1,
 		    t_is_fun/1,
@@ -845,11 +843,6 @@ type(erlang, is_boolean, 1, Xs) ->
   strict(arg_types(erlang, is_boolean, 1), Xs, Fun);
 type(erlang, is_builtin, 3, Xs) ->
   strict(arg_types(erlang, is_builtin, 3), Xs, fun (_) -> t_boolean() end);
-type(erlang, is_constant, 1, Xs) ->
-  Fun = fun (X) ->
-	    check_guard(X, fun (Y) -> t_is_constant(Y) end, t_constant())
-	end,
-  strict(arg_types(erlang, is_constant, 1), Xs, Fun);
 type(erlang, is_float, 1, Xs) ->
   Fun = fun (X) ->
 	    check_guard(X, fun (Y) -> t_is_float(Y) end, t_float())
@@ -1202,11 +1195,13 @@ type(erlang, process_flag, 2, Xs) ->
 		 case t_atom_vals(Flag) of
 		   ['error_handler'] -> t_atom();
 		   ['min_heap_size'] -> t_non_neg_integer();
+                   ['min_bin_vheap_size'] -> t_non_neg_integer();
 		   ['scheduler'] -> t_non_neg_integer();
 		   ['monitor_nodes'] -> t_boolean();
 		   ['priority'] -> t_process_priority_level();
 		   ['save_calls'] -> t_non_neg_integer();
 		   ['trap_exit'] -> t_boolean();
+                   ['sensitive'] -> t_boolean();
 		   List when is_list(List) ->
 		     T_process_flag_returns;
 		   unknown ->
@@ -1321,6 +1316,9 @@ type(erlang, resume_process, 1, Xs) ->
 	 fun (_) -> t_any() end); %% TODO: overapproximation -- fix this
 type(erlang, round, 1, Xs) ->
   strict(arg_types(erlang, round, 1), Xs, fun (_) -> t_integer() end);
+type(erlang, posixtime_to_universaltime, 1, Xs) ->
+  strict(arg_types(erlang, posixtime_to_universaltime, 1), Xs, 
+	 fun(_) ->  t_tuple([t_date(), t_time()]) end);
 type(erlang, self, 0, _) -> t_pid();
 type(erlang, send, 2, Xs) -> type(erlang, '!', 2, Xs);  % alias
 type(erlang, send, 3, Xs) ->
@@ -1500,6 +1498,8 @@ type(erlang, system_flag, 2, Xs) ->
 		     t_non_neg_fixnum();
 		   ['min_heap_size'] ->
 		     t_non_neg_fixnum();
+		   ['min_bin_vheap_size'] ->
+		     t_non_neg_fixnum();
 		   ['multi_scheduling'] ->
 		     t_system_multi_scheduling();
 		   ['schedulers_online'] ->
@@ -1543,8 +1543,12 @@ type(erlang, system_info, 1, Xs) ->
 			      t_list(t_tuple([t_atom(),
 					      t_list(t_tuple([t_atom(),
 							      t_any()]))]))]);
+		   ['build_type'] ->
+                     t_system_build_type_return();
 		   ['break_ignored'] ->
 		     t_boolean();
+                   ['c_compiler_used'] ->
+                     t_tuple([t_atom(), t_any()]);
 		   ['cpu_topology'] ->
 		     t_system_cpu_topology();
 		   ['compat_rel'] ->
@@ -1557,6 +1561,8 @@ type(erlang, system_info, 1, Xs) ->
 		     t_binary();
 		   ['dist_ctrl'] ->
 		     t_list(t_tuple([t_atom(), t_sup([t_pid(), t_port])]));
+                   ['driver_version'] ->
+                     t_string();
 		   %% elib_malloc is intentionally not included,
 		   %% because it scheduled for removal in R15.
 		   ['endian'] ->
@@ -1570,7 +1576,9 @@ type(erlang, system_info, 1, Xs) ->
 		   ['heap_sizes'] ->
 		     t_list(t_integer());
 		   ['heap_type'] ->
-		     t_sup([t_atom('private'), t_atom('hybrid')]);
+		     t_sup([t_atom('private'),
+                            t_atom('shared'),
+                            t_atom('hybrid')]);
 		   ['hipe_architecture'] ->
 		     t_atoms(['amd64', 'arm', 'powerpc', 'ppc64',
 			      'undefined', 'ultrasparc', 'x86']);
@@ -1578,12 +1586,20 @@ type(erlang, system_info, 1, Xs) ->
 		     t_binary();
 		   ['internal_cpu_topology'] -> %% Undocumented internal feature
 		     t_internal_cpu_topology();
+                   ['kernel_poll'] ->
+                     t_boolean();
 		   ['loaded'] ->
 		     t_binary();
 		   ['logical_processors'] ->
 		     t_non_neg_fixnum();
 		   ['machine'] ->
 		     t_string();
+                   ['min_heap_size'] ->
+                     t_tuple([t_atom('min_heap_size'),
+                              t_non_neg_integer()]);
+                   ['min_bin_vheap_size'] ->
+                     t_tuple([t_atom('min_bin_vheap_size'),
+                              t_non_neg_integer()]);
 		   ['multi_scheduling'] ->
 		     t_system_multi_scheduling();
 		   ['multi_scheduling_blockers'] ->
@@ -1598,6 +1614,8 @@ type(erlang, system_info, 1, Xs) ->
 				    t_non_neg_fixnum(),
 				    t_non_neg_fixnum()]),
 			   t_string());
+                   ['otp_release'] ->
+                     t_string();
 		   ['process_count'] ->
 		     t_non_neg_fixnum();
 		   ['process_limit'] ->
@@ -1627,6 +1645,8 @@ type(erlang, system_info, 1, Xs) ->
 		     t_non_neg_fixnum();
 		   ['trace_control_word'] ->
 		     t_integer();
+                   ['update_cpu_info'] ->
+                     t_sup([t_atom('changed'), t_atom('unchanged')]);
 		   ['version'] ->
 		     t_string();
 		   ['wordsize'] ->
@@ -1717,6 +1737,9 @@ type(erlang, universaltime, 0, _) ->
 type(erlang, universaltime_to_localtime, 1, Xs) ->
   strict(arg_types(erlang, universaltime_to_localtime, 1), Xs,
 	 fun ([T]) -> T end);
+type(erlang, universaltime_to_posixtime, 1, Xs) ->
+  strict(arg_types(erlang, universaltime_to_posixtime,1), Xs,
+	 fun(_) -> t_integer() end);
 type(erlang, unlink, 1, Xs) ->
   strict(arg_types(erlang, unlink, 1), Xs, fun (_) -> t_atom('true') end);
 type(erlang, unregister, 1, Xs) ->
@@ -3561,8 +3584,6 @@ arg_types(erlang, is_boolean, 1) ->
   [t_any()];
 arg_types(erlang, is_builtin, 3) ->
   [t_atom(), t_atom(), t_arity()];
-arg_types(erlang, is_constant, 1) ->
-  [t_any()];
 arg_types(erlang, is_float, 1) ->
   [t_any()];
 arg_types(erlang, is_function, 1) ->
@@ -3741,8 +3762,13 @@ arg_types(erlang, pre_loaded, 0) ->
 arg_types(erlang, process_display, 2) ->
   [t_pid(), t_atom('backtrace')];
 arg_types(erlang, process_flag, 2) ->
-  [t_sup([t_atom('trap_exit'), t_atom('error_handler'),
-	  t_atom('min_heap_size'), t_atom('priority'), t_atom('save_calls'),
+  [t_sup([t_atom('trap_exit'),
+          t_atom('error_handler'),
+	  t_atom('min_heap_size'),
+          t_atom('min_bin_vheap_size'),
+          t_atom('priority'),
+          t_atom('save_calls'),
+          t_atom('sensitive'),
 	  t_atom('scheduler'),                             % undocumented
 	  t_atom('monitor_nodes'), 			  % undocumented
 	  t_tuple([t_atom('monitor_nodes'), t_list()])]), % undocumented
@@ -3776,6 +3802,8 @@ arg_types(erlang, resume_process, 1) ->
   [t_pid()]; % intended for debugging only
 arg_types(erlang, round, 1) ->
   [t_number()];
+arg_types(erlang, posixtime_to_universaltime, 1) ->
+  [t_integer()];
 arg_types(erlang, self, 0) ->
   [];
 arg_types(erlang, send, 2) ->
@@ -3853,6 +3881,7 @@ arg_types(erlang, system_flag, 2) ->
 	  t_atom('display_items'),	% undocumented
 	  t_atom('fullsweep_after'),
 	  t_atom('min_heap_size'),
+	  t_atom('min_bin_vheap_size'),
 	  t_atom('multi_scheduling'),
 	  t_atom('schedulers_online'),
 	  t_atom('scheduler_bind_type'),
@@ -3881,7 +3910,8 @@ arg_types(erlang, system_flag, 2) ->
 arg_types(erlang, system_info, 1) ->
   [t_sup([t_atom(),                     % documented
 	  t_tuple([t_atom(), t_any()]), % documented
-	  t_tuple([t_atom(), t_atom(), t_any()])])];
+	  t_tuple([t_atom(), t_atom(), t_any()]),
+	  t_tuple([t_atom(allocator_sizes), t_reference(), t_any()])])];
 arg_types(erlang, system_monitor, 0) ->
   [];
 arg_types(erlang, system_monitor, 1) ->
@@ -3941,6 +3971,8 @@ arg_types(erlang, universaltime, 0) ->
   [];
 arg_types(erlang, universaltime_to_localtime, 1) ->
   [t_tuple([t_date(), t_time()])];
+arg_types(erlang, universaltime_to_posixtime, 1) ->
+  [t_tuple([t_date(), t_time()])];
 arg_types(erlang, unlink, 1) ->
   [t_sup(t_pid(), t_port())];
 arg_types(erlang, unregister, 1) ->
@@ -4722,6 +4754,7 @@ t_spawn_options() ->
 	 t_atom('monitor'),
 	 t_tuple([t_atom('priority'), t_process_priority_level()]),
 	 t_tuple([t_atom('min_heap_size'), t_fixnum()]),
+	 t_tuple([t_atom('min_bin_vheap_size'), t_fixnum()]),
 	 t_tuple([t_atom('fullsweep_after'), t_fixnum()])]).
 
 t_spawn_opt_return(List) ->
@@ -4810,6 +4843,17 @@ t_system_profile_return() ->
   t_sup(t_atom('undefined'),
 	t_tuple([t_sup(t_pid(), t_port()), t_system_profile_options()])).
 
+t_system_build_type_return() ->
+  t_sup([t_atom('opt'),
+         t_atom('debug'),
+         t_atom('purify'),
+         t_atom('quantify'),
+         t_atom('purecov'),
+         t_atom('gcov'),
+         t_atom('valgrind'),
+         t_atom('gprof'),
+         t_atom('lcnt')]).
+
 %% =====================================================================
 %% These are used for the built-in functions of 'ets'
 %% =====================================================================
diff --git a/lib/hipe/cerl/erl_types.erl b/lib/hipe/cerl/erl_types.erl
index 0ff827ac37..620fed365e 100644
--- a/lib/hipe/cerl/erl_types.erl
+++ b/lib/hipe/cerl/erl_types.erl
@@ -2528,34 +2528,77 @@ findfirst(N1, N2, U1, B1, U2, B2) ->
 %%-----------------------------------------------------------------------------
 %% Substitution of variables
 %%
+%% Dialyzer versions prior to R15B used a dict data structure to map variables
+%% to types. Hans Bolinder suggested the use of lists of Key-Value pairs for
+%% this data structure and measurements showed a non-trivial speedup when using
+%% them for operations within this module (e.g. in t_unify/2). However, there
+%% is code outside erl_types that still passes a dict() in the 2nd argument.
+%% So, for the time being, this module provides a t_subst/2 function for these
+%% external calls and a clone of it (t_subst_kv/2) which is used from all calls
+%% from within this module. This code duplication needs to be eliminated at
+%% some point.
 
 -spec t_subst(erl_type(), dict()) -> erl_type().
 
 t_subst(T, Dict) ->
   case t_has_var(T) of
-    true -> t_subst(T, Dict, fun(X) -> X end);
+    true -> t_subst_dict(T, Dict);
     false -> T
   end.
 
+t_subst_dict(?var(Id), Dict) ->
+  case dict:find(Id, Dict) of
+    error -> ?any;
+    {ok, Type} -> Type
+  end;
+t_subst_dict(?list(Contents, Termination, Size), Dict) ->
+  case t_subst_dict(Contents, Dict) of
+    ?none -> ?none;
+    NewContents ->
+      %% Be careful here to make the termination collapse if necessary.
+      case t_subst_dict(Termination, Dict) of
+	?nil -> ?list(NewContents, ?nil, Size);
+	?any -> ?list(NewContents, ?any, Size);
+	Other ->
+	  ?list(NewContents, NewTermination, _) = t_cons(NewContents, Other),
+	  ?list(NewContents, NewTermination, Size)
+      end
+  end;
+t_subst_dict(?function(Domain, Range), Dict) ->
+  ?function(t_subst_dict(Domain, Dict), t_subst_dict(Range, Dict));
+t_subst_dict(?product(Types), Dict) ->
+  ?product([t_subst_dict(T, Dict) || T <- Types]);
+t_subst_dict(?tuple(?any, ?any, ?any) = T, _Dict) ->
+  T;
+t_subst_dict(?tuple(Elements, _Arity, _Tag), Dict) ->
+  t_tuple([t_subst_dict(E, Dict) || E <- Elements]);
+t_subst_dict(?tuple_set(_) = TS, Dict) ->
+  t_sup([t_subst_dict(T, Dict) || T <- t_tuple_subtypes(TS)]);
+t_subst_dict(T, _Dict) ->
+  T.
+
 -spec subst_all_vars_to_any(erl_type()) -> erl_type().
 
 subst_all_vars_to_any(T) ->
+  t_subst_kv(T, []).
+
+t_subst_kv(T, KVMap) ->
   case t_has_var(T) of
-    true -> t_subst(T, dict:new(), fun(_) -> ?any end);
+    true -> t_subst_aux(T, KVMap);
     false -> T
   end.
 
-t_subst(?var(Id) = V, Dict, Fun) ->
-  case dict:find(Id, Dict) of
-    error -> Fun(V);
-    {ok, Type} -> Type
+t_subst_aux(?var(Id), VarMap) ->
+  case lists:keyfind(Id, 1, VarMap) of
+    false -> ?any;
+    {Id, Type} -> Type
   end;
-t_subst(?list(Contents, Termination, Size), Dict, Fun) ->
-  case t_subst(Contents, Dict, Fun) of
+t_subst_aux(?list(Contents, Termination, Size), VarMap) ->
+  case t_subst_aux(Contents, VarMap) of
     ?none -> ?none;
     NewContents ->
       %% Be careful here to make the termination collapse if necessary.
-      case t_subst(Termination, Dict, Fun) of
+      case t_subst_aux(Termination, VarMap) of
 	?nil -> ?list(NewContents, ?nil, Size);
 	?any -> ?list(NewContents, ?any, Size);
 	Other ->
@@ -2563,17 +2606,17 @@ t_subst(?list(Contents, Termination, Size), Dict, Fun) ->
 	  ?list(NewContents, NewTermination, Size)
       end
   end;
-t_subst(?function(Domain, Range), Dict, Fun) ->
-  ?function(t_subst(Domain, Dict, Fun), t_subst(Range, Dict, Fun));
-t_subst(?product(Types), Dict, Fun) -> 
-  ?product([t_subst(T, Dict, Fun) || T <- Types]);
-t_subst(?tuple(?any, ?any, ?any) = T, _Dict, _Fun) ->
+t_subst_aux(?function(Domain, Range), VarMap) ->
+  ?function(t_subst_aux(Domain, VarMap), t_subst_aux(Range, VarMap));
+t_subst_aux(?product(Types), VarMap) ->
+  ?product([t_subst_aux(T, VarMap) || T <- Types]);
+t_subst_aux(?tuple(?any, ?any, ?any) = T, _VarMap) ->
   T;
-t_subst(?tuple(Elements, _Arity, _Tag), Dict, Fun) ->
-  t_tuple([t_subst(E, Dict, Fun) || E <- Elements]);
-t_subst(?tuple_set(_) = TS, Dict, Fun) ->
-  t_sup([t_subst(T, Dict, Fun) || T <- t_tuple_subtypes(TS)]);
-t_subst(T, _Dict, _Fun) -> 
+t_subst_aux(?tuple(Elements, _Arity, _Tag), VarMap) ->
+  t_tuple([t_subst_aux(E, VarMap) || E <- Elements]);
+t_subst_aux(?tuple_set(_) = TS, VarMap) ->
+  t_sup([t_subst_aux(T, VarMap) || T <- t_tuple_subtypes(TS)]);
+t_subst_aux(T, _VarMap) ->
   T.
 	      
 %%-----------------------------------------------------------------------------
@@ -2590,87 +2633,87 @@ t_unify(T1, T2) ->
 -spec t_unify(erl_type(), erl_type(), [erl_type()]) -> t_unify_ret().
 
 t_unify(T1, T2, Opaques) ->
-  {T, Dict} = t_unify(T1, T2, dict:new(), Opaques),
-  {t_subst(T, Dict), lists:keysort(1, dict:to_list(Dict))}.
-
-t_unify(?var(Id) = T, ?var(Id), Dict, _Opaques) ->
-  {T, Dict};
-t_unify(?var(Id1) = T, ?var(Id2), Dict, Opaques) ->
-  case dict:find(Id1, Dict) of
-    error -> 
-      case dict:find(Id2, Dict) of
-	error -> {T, dict:store(Id2, T, Dict)};
-	{ok, Type} -> t_unify(T, Type, Dict, Opaques)
+  {T, VarMap} = t_unify(T1, T2, [], Opaques),
+  {t_subst_kv(T, VarMap), lists:keysort(1, VarMap)}.
+
+t_unify(?var(Id) = T, ?var(Id), VarMap, _Opaques) ->
+  {T, VarMap};
+t_unify(?var(Id1) = T, ?var(Id2), VarMap, Opaques) ->
+  case lists:keyfind(Id1, 1, VarMap) of
+    false ->
+      case lists:keyfind(Id2, 1, VarMap) of
+	false -> {T, [{Id2, T} | VarMap]};
+	{Id2, Type} -> t_unify(T, Type, VarMap, Opaques)
       end;
-    {ok, Type1} ->
-      case dict:find(Id2, Dict) of
-	error -> {Type1, dict:store(Id2, T, Dict)};
-	{ok, Type2} -> t_unify(Type1, Type2, Dict, Opaques)
+    {Id1, Type1} ->
+      case lists:keyfind(Id2, 1, VarMap) of
+	false -> {Type1, [{Id2, T} | VarMap]};
+	{Id2, Type2} -> t_unify(Type1, Type2, VarMap, Opaques)
       end
   end;
-t_unify(?var(Id), Type, Dict, Opaques) ->
-  case dict:find(Id, Dict) of
-    error -> {Type, dict:store(Id, Type, Dict)};
-    {ok, VarType} -> t_unify(VarType, Type, Dict, Opaques)
+t_unify(?var(Id), Type, VarMap, Opaques) ->
+  case lists:keyfind(Id, 1, VarMap) of
+    false -> {Type, [{Id, Type} | VarMap]};
+    {Id, VarType} -> t_unify(VarType, Type, VarMap, Opaques)
   end;
-t_unify(Type, ?var(Id), Dict, Opaques) ->
-  case dict:find(Id, Dict) of
-    error -> {Type, dict:store(Id, Type, Dict)};
-    {ok, VarType} -> t_unify(VarType, Type, Dict, Opaques)
+t_unify(Type, ?var(Id), VarMap, Opaques) ->
+  case lists:keyfind(Id, 1, VarMap) of
+    false -> {Type, [{Id, Type} | VarMap]};
+    {Id, VarType} -> t_unify(VarType, Type, VarMap, Opaques)
   end;
-t_unify(?function(Domain1, Range1), ?function(Domain2, Range2), Dict, Opaques) ->
-  {Domain, Dict1} = t_unify(Domain1, Domain2, Dict, Opaques),
-  {Range, Dict2} = t_unify(Range1, Range2, Dict1, Opaques),
-  {?function(Domain, Range), Dict2};
+t_unify(?function(Domain1, Range1), ?function(Domain2, Range2), VarMap, Opaques) ->
+  {Domain, VarMap1} = t_unify(Domain1, Domain2, VarMap, Opaques),
+  {Range, VarMap2} = t_unify(Range1, Range2, VarMap1, Opaques),
+  {?function(Domain, Range), VarMap2};
 t_unify(?list(Contents1, Termination1, Size), 
-	?list(Contents2, Termination2, Size), Dict, Opaques) ->
-  {Contents, Dict1} = t_unify(Contents1, Contents2, Dict, Opaques),
-  {Termination, Dict2} = t_unify(Termination1, Termination2, Dict1, Opaques),
-  {?list(Contents, Termination, Size), Dict2};
-t_unify(?product(Types1), ?product(Types2), Dict, Opaques) ->
-  {Types, Dict1} = unify_lists(Types1, Types2, Dict, Opaques),
-  {?product(Types), Dict1};
-t_unify(?tuple(?any, ?any, ?any) = T, ?tuple(?any, ?any, ?any), Dict, _Opaques) ->
-  {T, Dict};
+	?list(Contents2, Termination2, Size), VarMap, Opaques) ->
+  {Contents, VarMap1} = t_unify(Contents1, Contents2, VarMap, Opaques),
+  {Termination, VarMap2} = t_unify(Termination1, Termination2, VarMap1, Opaques),
+  {?list(Contents, Termination, Size), VarMap2};
+t_unify(?product(Types1), ?product(Types2), VarMap, Opaques) ->
+  {Types, VarMap1} = unify_lists(Types1, Types2, VarMap, Opaques),
+  {?product(Types), VarMap1};
+t_unify(?tuple(?any, ?any, ?any) = T, ?tuple(?any, ?any, ?any), VarMap, _Opaques) ->
+  {T, VarMap};
 t_unify(?tuple(Elements1, Arity, _), 
-	?tuple(Elements2, Arity, _), Dict, Opaques) when Arity =/= ?any ->
-  {NewElements, Dict1} = unify_lists(Elements1, Elements2, Dict, Opaques),
-  {t_tuple(NewElements), Dict1};
+	?tuple(Elements2, Arity, _), VarMap, Opaques) when Arity =/= ?any ->
+  {NewElements, VarMap1} = unify_lists(Elements1, Elements2, VarMap, Opaques),
+  {t_tuple(NewElements), VarMap1};
 t_unify(?tuple_set([{Arity, _}]) = T1, 
-	?tuple(_, Arity, _) = T2, Dict, Opaques) when Arity =/= ?any ->
-  unify_tuple_set_and_tuple(T1, T2, Dict, Opaques);
+	?tuple(_, Arity, _) = T2, VarMap, Opaques) when Arity =/= ?any ->
+  unify_tuple_set_and_tuple(T1, T2, VarMap, Opaques);
 t_unify(?tuple(_, Arity, _) = T1,
-	?tuple_set([{Arity, _}]) = T2, Dict, Opaques) when Arity =/= ?any ->
-  unify_tuple_set_and_tuple(T2, T1, Dict, Opaques);
-t_unify(?tuple_set(List1), ?tuple_set(List2), Dict, Opaques) ->
-  {Tuples, NewDict} = 
+	?tuple_set([{Arity, _}]) = T2, VarMap, Opaques) when Arity =/= ?any ->
+  unify_tuple_set_and_tuple(T2, T1, VarMap, Opaques);
+t_unify(?tuple_set(List1), ?tuple_set(List2), VarMap, Opaques) ->
+  {Tuples, NewVarMap} =
     unify_lists(lists:append([T || {_Arity, T} <- List1]), 
-		lists:append([T || {_Arity, T} <- List2]), Dict, Opaques),
-  {t_sup(Tuples), NewDict};
-t_unify(?opaque(Elements) = T, ?opaque(Elements), Dict, _Opaques) ->
-  {T, Dict};
-t_unify(?opaque(_) = T1, ?opaque(_) = T2, _Dict, _Opaques) ->
+		lists:append([T || {_Arity, T} <- List2]), VarMap, Opaques),
+  {t_sup(Tuples), NewVarMap};
+t_unify(?opaque(Elements) = T, ?opaque(Elements), VarMap, _Opaques) ->
+  {T, VarMap};
+t_unify(?opaque(_) = T1, ?opaque(_) = T2, _VarMap, _Opaques) ->
   throw({mismatch, T1, T2});
-t_unify(Type, ?opaque(_) = OpType, Dict, Opaques) ->
-  t_unify_with_opaque(Type, OpType, Dict, Opaques);
-t_unify(?opaque(_) = OpType, Type, Dict, Opaques) ->
-  t_unify_with_opaque(Type, OpType, Dict, Opaques);
-t_unify(T, T, Dict, _Opaques) ->
-  {T, Dict};
+t_unify(Type, ?opaque(_) = OpType, VarMap, Opaques) ->
+  t_unify_with_opaque(Type, OpType, VarMap, Opaques);
+t_unify(?opaque(_) = OpType, Type, VarMap, Opaques) ->
+  t_unify_with_opaque(Type, OpType, VarMap, Opaques);
+t_unify(T, T, VarMap, _Opaques) ->
+  {T, VarMap};
 t_unify(T1, T2, _, _) ->
   throw({mismatch, T1, T2}).
 
-t_unify_with_opaque(Type, OpType, Dict, Opaques) ->
+t_unify_with_opaque(Type, OpType, VarMap, Opaques) ->
   case lists:member(OpType, Opaques) of
     true ->
       Struct = t_opaque_structure(OpType),
-      try t_unify(Type, Struct, Dict, Opaques) of
-	{_T, Dict1} -> {OpType, Dict1}
+      try t_unify(Type, Struct, VarMap, Opaques) of
+	{_T, VarMap1} -> {OpType, VarMap1}
       catch
 	throw:{mismatch, _T1, _T2} ->
 	  case t_inf(OpType, Type, opaque) of
 	    ?none -> throw({mismatch, Type, OpType});
-	    _ -> {OpType, Dict}
+	    _ -> {OpType, VarMap}
 	  end
       end;
     false ->
@@ -2678,20 +2721,20 @@ t_unify_with_opaque(Type, OpType, Dict, Opaques) ->
   end.
 
 unify_tuple_set_and_tuple(?tuple_set([{Arity, List}]), 
-			  ?tuple(Elements2, Arity, _), Dict, Opaques) ->
+			  ?tuple(Elements2, Arity, _), VarMap, Opaques) ->
   %% Can only work if the single tuple has variables at correct places.
   %% Collapse the tuple set.
-  {NewElements, Dict1} = unify_lists(sup_tuple_elements(List), Elements2, Dict, Opaques),
-  {t_tuple(NewElements), Dict1}.
+  {NewElements, VarMap1} = unify_lists(sup_tuple_elements(List), Elements2, VarMap, Opaques),
+  {t_tuple(NewElements), VarMap1}.
 
-unify_lists(L1, L2, Dict, Opaques) ->
-  unify_lists(L1, L2, Dict, [], Opaques).
+unify_lists(L1, L2, VarMap, Opaques) ->
+  unify_lists(L1, L2, VarMap, [], Opaques).
 
-unify_lists([T1|Left1], [T2|Left2], Dict, Acc, Opaques) ->
-  {NewT, NewDict} = t_unify(T1, T2, Dict, Opaques),
-  unify_lists(Left1, Left2, NewDict, [NewT|Acc], Opaques);
-unify_lists([], [], Dict, Acc, _Opaques) ->
-  {lists:reverse(Acc), Dict}.
+unify_lists([T1|Left1], [T2|Left2], VarMap, Acc, Opaques) ->
+  {NewT, NewVarMap} = t_unify(T1, T2, VarMap, Opaques),
+  unify_lists(Left1, Left2, NewVarMap, [NewT|Acc], Opaques);
+unify_lists([], [], VarMap, Acc, _Opaques) ->
+  {lists:reverse(Acc), VarMap}.
 
 %%t_assign_variables_to_subtype(T1, T2) ->
 %%  try 
diff --git a/lib/hipe/doc/src/notes.xml b/lib/hipe/doc/src/notes.xml
index 6b601e3039..3f28cf9959 100644
--- a/lib/hipe/doc/src/notes.xml
+++ b/lib/hipe/doc/src/notes.xml
@@ -30,6 +30,83 @@
   </header>
   <p>This document describes the changes made to HiPE.</p>
 
+<section><title>Hipe 3.9</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    <list> <item><p>No warnings for underspecs with remote
+	    types</p></item> <item><p> Fix crash in Typer</p></item>
+	    <item><p>Fix Dialyzer's warning for its own
+	    code</p></item> <item><p>Fix Dialyzer's warnings in
+	    HiPE</p></item> <item><p>Add file/line info in a
+	    particular Dialyzer crash</p></item> <item><p>Update
+	    inets test results</p></item> </list></p>
+          <p>
+	    Own Id: OTP-9758</p>
+        </item>
+        <item>
+          <p>
+	    <list> <item><p>Correct callback spec in application
+	    module</p></item> <item><p>Refine warning about callback
+	    specs with extra ranges</p></item> <item><p>Cleanup
+	    autoimport compiler directives</p></item> <item><p>Fix
+	    Dialyzer's warnings in typer</p></item> <item><p>Fix
+	    Dialyzer's warning for its own code</p></item>
+	    <item><p>Fix bug in Dialyzer's behaviours
+	    analysis</p></item> <item><p>Fix crash in
+	    Dialyzer</p></item> <item><p>Variable substitution was
+	    not generalizing any unknown variables.</p></item>
+	    </list></p>
+          <p>
+	    Own Id: OTP-9776</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Possible to run HiPE without floating point exceptions
+	    (FPE). Useful on platforms that lack reliable FPE. Slower
+	    float operations compared to HiPE with FPE.</p>
+          <p>
+	    Own Id: OTP-9724</p>
+        </item>
+        <item>
+          <p>
+	    HiPE compiler: The possibility to compile and load
+	    selected functions from a module has been removed.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9751</p>
+        </item>
+        <item>
+          <p>
+	    <c>filename:find_src/1,2</c> will now work on stripped
+	    BEAM files (reported by Per Hedeland). The HiPE compiler
+	    will also work on stripped BEAM files. The BEAM compiler
+	    will no longer include compilation options given in the
+	    source code itself in <c>M:module_info(compile)</c>
+	    (because those options will be applied anyway if the
+	    module is re-compiled).</p>
+          <p>
+	    Own Id: OTP-9752</p>
+        </item>
+        <item>
+	    <p> Optimize <c>erl_types:t_unify()</c>. </p>
+          <p>
+	    Own Id: OTP-9768</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Hipe 3.8.1</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/hipe/flow/Makefile b/lib/hipe/flow/Makefile
index 02f610587b..bbe8ef8666 100644
--- a/lib/hipe/flow/Makefile
+++ b/lib/hipe/flow/Makefile
@@ -65,7 +65,7 @@ DOC_FILES= $(MODULES:%=$(DOCS)/%.html)
 
 include ../native.mk
 
-ERL_COMPILE_FLAGS += +warn_exported_vars +warn_missing_spec +warn_untyped_record
+ERL_COMPILE_FLAGS += +warn_exported_vars +warn_missing_spec # +warn_untyped_record
 
 # ----------------------------------------------------
 # Targets
diff --git a/lib/hipe/icode/Makefile b/lib/hipe/icode/Makefile
index eced90b0ec..bd6436c8b3 100644
--- a/lib/hipe/icode/Makefile
+++ b/lib/hipe/icode/Makefile
@@ -83,7 +83,7 @@ DOC_FILES= $(DOC_MODULES:%=$(DOCS)/%.html)
 
 include ../native.mk
 
-ERL_COMPILE_FLAGS += +warn_unused_import +warn_missing_spec +warn_untyped_record
+ERL_COMPILE_FLAGS += +warn_unused_import +warn_missing_spec # +warn_untyped_record
 
 # ----------------------------------------------------
 # Targets
diff --git a/lib/hipe/icode/hipe_beam_to_icode.erl b/lib/hipe/icode/hipe_beam_to_icode.erl
index 45b390acbd..2d2b414a70 100644
--- a/lib/hipe/icode/hipe_beam_to_icode.erl
+++ b/lib/hipe/icode/hipe_beam_to_icode.erl
@@ -31,7 +31,7 @@
 
 -module(hipe_beam_to_icode).
 
--export([module/2, mfa/3]).
+-export([module/2]).
 
 %%-----------------------------------------------------------------------
 
@@ -111,55 +111,6 @@ trans_beam_function_chunk(FunBeamCode, ClosureInfo) ->
   {MFA,Icode}.
 
 %%-----------------------------------------------------------------------
-%% @doc
-%% Translates the BEAM code of a single function into Icode.
-%%   Returns a tuple whose first argument is list of {{M,F,A}, ICode}
-%%   pairs, where the first entry is that of the given MFA, and the
-%%   following (in undefined order) are those of the funs that are
-%%   defined in the function, and recursively, in the funs.  The
-%%   second argument of the tuple is the HiPE compiler options
-%%   contained in the file.
-%% @end
-%%-----------------------------------------------------------------------
-
--spec mfa(list(), mfa(), comp_options()) -> hipe_beam_to_icode_ret().
-
-mfa(BeamFuns, {M,F,A} = MFA, Options)
-  when is_atom(M), is_atom(F), is_integer(A) ->
-  BeamCode0 = [beam_disasm:function__code(Fn) || Fn <- BeamFuns],
-  {ModCode, ClosureInfo} = preprocess_code(BeamCode0),
-  mfa_loop([MFA], [], sets:new(), ModCode, ClosureInfo, Options).
-
-mfa_loop([{M,F,A} = MFA | MFAs], Acc, Seen, ModCode, ClosureInfo,
-	 Options) when is_atom(M), is_atom(F), is_integer(A) ->
-  case sets:is_element(MFA, Seen) of
-    true ->
-      mfa_loop(MFAs, Acc, Seen, ModCode, ClosureInfo, Options);
-    false ->
-      {Icode, FunMFAs} = mfa_get(M, F, A, ModCode, ClosureInfo, Options),
-      mfa_loop(FunMFAs ++ MFAs, [{MFA, Icode} | Acc],
-	       sets:add_element(MFA, Seen),
-	       ModCode, ClosureInfo, Options)
-  end;
-mfa_loop([], Acc, _, _, _, _) ->
-  lists:reverse(Acc).
-
-mfa_get(M, F, A, ModCode, ClosureInfo, Options) ->
-  BeamCode = get_fun(ModCode, M,F,A),
-  pp_beam([BeamCode], Options),  % cheat by using a list
-  Icode = trans_mfa_code(M,F,A, BeamCode, ClosureInfo),
-  FunMFAs = get_fun_mfas(BeamCode),
-  {Icode, FunMFAs}.
-
-get_fun_mfas([{patched_make_fun,{M,F,A} = MFA,_,_,_}|BeamCode])
-  when is_atom(M), is_atom(F), is_integer(A) ->
-  [MFA|get_fun_mfas(BeamCode)];
-get_fun_mfas([_|BeamCode]) ->
-  get_fun_mfas(BeamCode);
-get_fun_mfas([]) ->
-  [].
-
-%%-----------------------------------------------------------------------
 %% The main translation function.
 %%-----------------------------------------------------------------------
 
@@ -514,10 +465,6 @@ trans_fun([{test,is_nil,{f,Lbl},[Arg]}|Instructions], Env) ->
 trans_fun([{test,is_binary,{f,Lbl},[Arg]}|Instructions], Env) ->
   {Code,Env1} = trans_type_test(binary,Lbl,Arg,Env),
   [Code | trans_fun(Instructions,Env1)];
-%%--- is_constant ---
-trans_fun([{test,is_constant,{f,Lbl},[Arg]}|Instructions], Env) ->
-  {Code,Env1} = trans_type_test(constant,Lbl,Arg,Env),
-  [Code | trans_fun(Instructions,Env1)];
 %%--- is_list ---
 trans_fun([{test,is_list,{f,Lbl},[Arg]}|Instructions], Env) ->
   {Code,Env1} = trans_type_test(list,Lbl,Arg,Env),
@@ -1884,16 +1831,6 @@ find_mfa([{func_info,{atom,M},{atom,F},A}|_])
   when is_atom(M), is_atom(F), is_integer(A), 0 =< A, A =< 255 ->
   {M, F, A}.
 
-%%-----------------------------------------------------------------------
-
-%% Localize a particular function in a module
-get_fun([[L, {func_info,{atom,M},{atom,F},A} | Is] | _], M,F,A) ->
-  [L, {func_info,{atom,M},{atom,F},A} | Is];
-get_fun([[_L1,_L2, {func_info,{atom,M},{atom,F},A} = MFA| _Is] | _], M,F,A) ->
-  ?WARNING_MSG("Consecutive labels found; please re-create the .beam file~n", []),
-  [_L1,_L2, MFA | _Is];
-get_fun([_|Rest], M,F,A) ->
-  get_fun(Rest, M,F,A).    
 
 %%-----------------------------------------------------------------------
 %% Takes a list of arguments and returns the constants of them into
diff --git a/lib/hipe/icode/hipe_icode_coordinator.erl b/lib/hipe/icode/hipe_icode_coordinator.erl
index a71e143192..d8c82cf01c 100644
--- a/lib/hipe/icode/hipe_icode_coordinator.erl
+++ b/lib/hipe/icode/hipe_icode_coordinator.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2007-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -49,6 +49,12 @@ coordinate(CG, Escaping, NonEscaping, Mod) ->
     fun (PM) -> last_action(PM, ServerPid, Mod, All) end, 
   coordinate({Clean,All}, CG, gb_trees:empty(), Restart, LastAction, ServerPid).
 
+-type mfalists() :: {[mfa()], [mfa()]}.
+
+-spec coordinate(mfalists(), hipe_digraph:hdg(), gb_tree(),
+                 fun((mfalists(), gb_tree()) -> mfalists()),
+                 fun((gb_tree()) -> 'ok'), pid()) -> no_return().
+
 coordinate(MFALists, CG, PM, Restart, LastAction, ServerPid) ->
   case MFALists of
     {[], []} ->
@@ -106,8 +112,7 @@ last_action(PM, ServerPid, Mod, All) ->
 		    receive 
 		      {done_rewrite, MFA} -> ok
 		    end
-		end, All),
-  ok.
+		end, All).
 
 restart_funs({Queue, Busy} = QB, PM, All, ServerPid) ->
   case ?MAX_CONCURRENT - length(Busy) of
diff --git a/lib/hipe/icode/hipe_icode_inline_bifs.erl b/lib/hipe/icode/hipe_icode_inline_bifs.erl
index 27296dcad5..9a2fb7846a 100644
--- a/lib/hipe/icode/hipe_icode_inline_bifs.erl
+++ b/lib/hipe/icode/hipe_icode_inline_bifs.erl
@@ -29,7 +29,7 @@
 
 %% Currently inlined BIFs:
 %% and, or, xor, not, <, >, >=, =<, ==, /=, =/=, =:=
-%% is_atom, is_boolean, is_binary, is_constant, is_float, is_function,
+%% is_atom, is_boolean, is_binary, is_float, is_function,
 %% is_integer, is_list, is_pid, is_port, is_reference, is_tuple
 
 -module(hipe_icode_inline_bifs).
@@ -131,7 +131,6 @@ is_type_test(Name) ->
     is_boolean -> {true, boolean};
     is_function -> {true, function};	       
     is_reference -> {true, reference};
-    is_constant -> {true, constant};
     is_port -> {true, port};
     _ -> false
   end.
diff --git a/lib/hipe/icode/hipe_icode_mulret.erl b/lib/hipe/icode/hipe_icode_mulret.erl
index a6529c8519..a3cae621ab 100644
--- a/lib/hipe/icode/hipe_icode_mulret.erl
+++ b/lib/hipe/icode/hipe_icode_mulret.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2005-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -595,9 +595,9 @@ optimizeDefine([I|Code], Dsts, DstLst, Res) ->
   [Ds] = Dsts,
   case isCallPrimop(I, mktuple) andalso DstLst =:= [] of
     true ->
-      case (hipe_icode:call_dstlist(I) =:= Dsts) of
+      case hipe_icode:call_dstlist(I) =:= Dsts of
 	true ->
-	  case (hipe_icode:call_args(I) > 1) of 
+	  case length(hipe_icode:call_args(I)) > 1 of
 	    true ->
 	      optimizeDefine(Code, Dsts, hipe_icode:call_args(I), Res);
 	    false ->
diff --git a/lib/hipe/icode/hipe_icode_pp.erl b/lib/hipe/icode/hipe_icode_pp.erl
index 575bbfe43d..de29b6f779 100644
--- a/lib/hipe/icode/hipe_icode_pp.erl
+++ b/lib/hipe/icode/hipe_icode_pp.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/hipe/icode/hipe_icode_ssa.erl b/lib/hipe/icode/hipe_icode_ssa.erl
index 719d5d8f45..4607a96dda 100644
--- a/lib/hipe/icode/hipe_icode_ssa.erl
+++ b/lib/hipe/icode/hipe_icode_ssa.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/hipe/icode/hipe_icode_type.erl b/lib/hipe/icode/hipe_icode_type.erl
index 3f9488d7c3..cae4325b9e 100644
--- a/lib/hipe/icode/hipe_icode_type.erl
+++ b/lib/hipe/icode/hipe_icode_type.erl
@@ -899,9 +899,7 @@ test_type0(list, T) ->
 test_type0(cons, T) ->
   t_is_cons(T);
 test_type0(nil, T) ->
-  t_is_nil(T);
-test_type0(constant, T) ->
-  t_is_constant(T).
+  t_is_nil(T).
 
 
 true_branch_info(integer) ->
@@ -940,8 +938,6 @@ true_branch_info(nil) ->
   t_nil();
 true_branch_info(boolean) ->
   t_boolean();
-true_branch_info(constant) ->
-  t_constant();
 true_branch_info(T) ->
   exit({?MODULE,unknown_typetest,T}).
 
diff --git a/lib/hipe/main/hipe.app.src b/lib/hipe/main/hipe.app.src
index e5d6d1e540..c05aec4c4a 100644
--- a/lib/hipe/main/hipe.app.src
+++ b/lib/hipe/main/hipe.app.src
@@ -74,7 +74,6 @@
 	     hipe_arm_specific,
 	     hipe_bb,
 	     hipe_beam_to_icode,
-	     hipe_ceach,
 	     hipe_coalescing_regalloc,
 	     hipe_consttab,
 	     hipe_data_pp,
diff --git a/lib/hipe/main/hipe.erl b/lib/hipe/main/hipe.erl
index 570e4d9d17..1be679a13f 100644
--- a/lib/hipe/main/hipe.erl
+++ b/lib/hipe/main/hipe.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -47,9 +47,8 @@
 %%
 %% <h3>Using the direct interface - for advanced users only</h3>
 %%
-%% To compile a module or a specific function to native code and
-%% automatically load the code into memory, call <a
-%% href="#c-1"><code>hipe:c(Module)</code></a> or <a
+%% To compile a module to native code and automatically load the code
+%% into memory, call <a href="#c-1"><code>hipe:c(Module)</code></a> or <a
 %% href="#c-2"><code>hipe:c(Module, Options)</code></a>. Note that all
 %% options are specific to the HiPE compiler. See the <a
 %% href="#index">function index</a> for other compiler functions.
@@ -221,11 +220,10 @@
 %%-------------------------------------------------------------------
 
 -type mod() :: atom().
--type c_unit() :: mod() | mfa().
 -type f_unit() :: mod() | binary().
 -type ret_rtl() :: [_].
--type c_ret() :: {'ok', c_unit()} | {'error', term()} |
-                 {'ok', c_unit(), ret_rtl()}. %% The last for debugging only
+-type c_ret() :: {'ok', mod()} | {'error', term()} |
+                 {'ok', mod(), ret_rtl()}. %% The last for debugging only
 -type compile_file() :: atom() | string() | binary().
 -type compile_ret() :: {hipe_architecture(), binary()} | list().
 
@@ -278,47 +276,44 @@ load(Mod, BeamFileName) when is_list(BeamFileName) ->
   end.
 
 %% @spec c(Name) -> {ok, Name} | {error, Reason}
-%%       Name = mod() | mfa()
+%%       Name = mod()
 %%       Reason = term()
 %%
 %% @equiv c(Name, [])
 
--spec c(c_unit()) -> c_ret().
+-spec c(mod()) -> c_ret().
 
 c(Name) ->
   c(Name, []).
 
 %% @spec c(Name, options()) -> {ok, Name} | {error, Reason}
-%%     Name = mod() | mfa()
+%%     Name = mod()
 %%     options() = [option()]
 %%     option() = term()
 %%     Reason = term()
 %%
-%% @type mfa() = {M::mod(),F::fun(),A::arity()}.
-%%       A fully qualified function name.
-%%
 %% @type fun() = atom(). A function identifier.
 %%
 %% @type arity() = integer(). A function arity; always nonnegative.
 %% 
 %% @doc User-friendly native code compiler interface. Reads BEAM code
-%% from the corresponding "Module<code>.beam</code>" file in the system
-%% path, and compiles either a single function or the whole module to
-%% native code. By default, the compiled code is loaded directly. See
-%% above for documentation of options.
+%% from the corresponding "Module<code>.beam</code>" file in the
+%% system path, and compiles the whole module to native code. By
+%% default, the compiled code is loaded directly. See above for
+%% documentation of options.
 %%
 %% @see c/1
 %% @see c/3
 %% @see f/2
 %% @see compile/2
 
--spec c(c_unit(), comp_options()) -> c_ret().
+-spec c(mod(), comp_options()) -> c_ret().
 
 c(Name, Options) ->
   c(Name, beam_file(Name), Options).
 
 %% @spec c(Name, File, options()) -> {ok, Name} | {error, Reason}
-%%     Name = mod() | mfa()
+%%     Name = mod()
 %%     File = filename() | binary()
 %%     Reason = term()
 %%
@@ -329,7 +324,6 @@ c(Name, Options) ->
 %% @see f/2
 
 c(Name, File, Opts) ->
-  %% No server if only one function is compiled
   Opts1 = user_compile_opts(Opts),
   case compile(Name, File, Opts1) of
     {ok, Res} ->
@@ -359,8 +353,7 @@ f(File) ->
 %%     Reason = term()
 %%
 %% @doc Like <code>c/3</code>, but takes the module name from the
-%% specified <code>File</code>. This always compiles the whole module;
-%% there is no possibility to compile just a single function.
+%% specified <code>File</code>.
 %%
 %% @see c/3
 
@@ -381,26 +374,26 @@ user_compile_opts(Opts) ->
 
 
 %% @spec compile(Name) -> {ok, {Target,Binary}} | {error, Reason}
-%%       Name = mod() | mfa()
+%%       Name = mod()
 %%       Binary = binary()
 %%       Reason = term()
 %% 
 %% @equiv compile(Name, [])
 
--spec compile(c_unit()) -> {'ok', compile_ret()} | {'error', term()}.
+-spec compile(mod()) -> {'ok', compile_ret()} | {'error', term()}.
 
 compile(Name) ->
   compile(Name, []).
 
 %% @spec compile(Name, options()) -> {ok, {Target,Binary}} | {error, Reason}
-%%       Name = mod() | mfa()
+%%       Name = mod()
 %%       Binary = binary()
 %%       Reason = term()
 %%
-%% @doc Direct compiler interface, for advanced use. This just compiles
-%% the named function or module, reading BEAM code from the
-%% corresponding "Module<code>.beam</code>" file in the system path.
-%% Returns <code>{ok, Binary}</code> if successful, or <code>{error,
+%% @doc Direct compiler interface, for advanced use. This just
+%% compiles the module, reading BEAM code from the corresponding
+%% "Module<code>.beam</code>" file in the system path.  Returns
+%% <code>{ok, Binary}</code> if successful, or <code>{error,
 %% Reason}</code> otherwise. By default, it does <em>not</em> load the
 %% binary to memory (the <code>load</code> option can be used to
 %% activate automatic loading). <code>File</code> can be either a file
@@ -412,15 +405,13 @@ compile(Name) ->
 %% @see file/2
 %% @see load/2
 
--spec compile(c_unit(), comp_options()) -> {'ok', compile_ret()} | {'error', _}.
+-spec compile(mod(), comp_options()) -> {'ok', compile_ret()} | {'error', _}.
 
 compile(Name, Options) ->
   compile(Name, beam_file(Name), Options).
 
--spec beam_file(mod() | mfa()) -> string().
+-spec beam_file(mod()) -> string().
 
-beam_file({M,F,A}) when is_atom(M), is_atom(F), is_integer(A), A >= 0 ->
-  beam_file(M);
 beam_file(Module) when is_atom(Module) ->
   case code:which(Module) of
     non_existing ->
@@ -432,7 +423,7 @@ beam_file(Module) when is_atom(Module) ->
 
 %% @spec compile(Name, File, options()) ->
 %%           {ok, {Target, Binary}} | {error, Reason}
-%%       Name = mod() | mfa()
+%%       Name = mod()
 %%       File = filename() | binary()
 %%       Binary = binary()
 %%       Reason = term()
@@ -442,18 +433,11 @@ beam_file(Module) when is_atom(Module) ->
 %%
 %% @see compile/2
 
--spec compile(c_unit(), compile_file(), comp_options()) ->
+-spec compile(mod(), compile_file(), comp_options()) ->
 	 {'ok', compile_ret()} | {'error', term()}.
 
-compile(Name, File, Opts0) ->
-  Opts1 = expand_kt2(Opts0),
-  Opts = 
-    case Name of
-      {_Mod, _Fun, _Arity} ->
-	[no_concurrent_comp|Opts1];
-      _ ->
-	Opts1
-    end,
+compile(Name, File, Opts0) when is_atom(Name) ->
+  Opts = expand_kt2(Opts0),
   case proplists:get_value(core, Opts) of
     true when is_binary(File) ->
       ?error_msg("Cannot get Core Erlang code from BEAM binary.",[]),
@@ -486,23 +470,11 @@ compile(Name, File, Opts0) ->
 	  ?EXIT({cant_compile_source_code, Error})
       end;
     Other when Other =:= false; Other =:= undefined ->
-      NewOpts =
-	case proplists:get_value(use_callgraph, Opts) of
-	  No when No =:= false; No =:= undefined -> Opts;
-	  _ ->
-	    case Name of
-	      {_M,_F,_A} ->
-		%% There is no point in using the callgraph or concurrent_comp
-		%% when analyzing just one function.
-		[no_use_callgraph, no_concurrent_comp|Opts];
-	      _ -> Opts
-	    end
-	end,
       DisasmFun = fun (_) -> disasm(File) end,
       IcodeFun = fun (Code, Opts_) ->
 		     get_beam_icode(Name, Code, File, Opts_)
 		 end,
-      run_compiler(Name, DisasmFun, IcodeFun, NewOpts)
+      run_compiler(Name, DisasmFun, IcodeFun, Opts)
   end.
 
 -spec compile_core(mod(), cerl:c_module(), compile_file(), comp_options()) ->
@@ -604,7 +576,7 @@ disasm(File) ->
     #beam_file{labeled_exports = LabeledExports,
 	       compile_info = CompInfo,
 	       code = BeamCode} ->
-      {options, CompOpts} = lists:keyfind(options, 1, CompInfo),
+      CompOpts = proplists:get_value(options, CompInfo, []),
       HCompOpts = case lists:keyfind(hipe, 1, CompOpts) of
 		    {hipe, L} when is_list(L) -> L;
 		    {hipe, X} -> [X];
@@ -625,11 +597,6 @@ fix_beam_exports([{F,A,_}|BeamExports], Exports) ->
 fix_beam_exports([], Exports) ->
   Exports.
 
-get_beam_icode({M,_F,_A} = MFA, {BeamCode, Exports}, _File, Options) ->
-  ?option_time({ok, Icode} = 
-	       (catch {ok, hipe_beam_to_icode:mfa(BeamCode, MFA, Options)}),
-	       "BEAM-to-Icode", Options),
-  {{M, Exports, Icode}, false};
 get_beam_icode(Mod, {BeamCode, Exports}, File, Options) ->
   ?option_time({ok, Icode} =
 	       (catch {ok, hipe_beam_to_icode:module(BeamCode, Options)}),
@@ -899,7 +866,8 @@ maybe_load(Mod, Bin, WholeModule, Opts) ->
       do_load(Mod, Bin, WholeModule)
   end.
 
-do_load(Mod, Bin, WholeModule) ->
+do_load(Mod, Bin, BeamBinOrPath) when is_binary(BeamBinOrPath);
+				      is_list(BeamBinOrPath) ->
   HostArch = get(hipe_host_arch),
   TargetArch = get(hipe_target_arch),
   %% Make sure we can do the load.
@@ -907,29 +875,22 @@ do_load(Mod, Bin, WholeModule) ->
     ?EXIT({host_and_target_arch_differ, HostArch, TargetArch});
     true -> ok
   end,
-  case WholeModule of 
+  case code:is_sticky(Mod) of
+    true ->
+      %% We unpack and repack the Beam binary as a workaround to
+      %% ensure that it is not compressed.
+      {ok, _, Chunks} = beam_lib:all_chunks(BeamBinOrPath),
+      {ok, Beam} = beam_lib:build_module(Chunks),
+      %% Don't purge or register sticky mods; just load native.
+      code:load_native_sticky(Mod, Bin, Beam);
     false ->
-      %% In this case, the emulated code for the module must be loaded.
-      {module, Mod} = code:ensure_loaded(Mod),
-      code:load_native_partial(Mod, Bin);
-    BeamBinOrPath when is_binary(BeamBinOrPath) orelse is_list(BeamBinOrPath) ->
-      case code:is_sticky(Mod) of
-	true ->
-	  %% We unpack and repack the Beam binary as a workaround to
-	  %% ensure that it is not compressed.
-	  {ok, _, Chunks} = beam_lib:all_chunks(WholeModule),
-	  {ok, Beam} = beam_lib:build_module(Chunks),
-	  %% Don't purge or register sticky mods; just load native.
-	  code:load_native_sticky(Mod, Bin, Beam);
-	false ->
-	  %% Normal loading of a whole module
-	  Architecture = erlang:system_info(hipe_architecture),
-	  ChunkName = hipe_unified_loader:chunk_name(Architecture),
-	  {ok, _, Chunks0} = beam_lib:all_chunks(WholeModule),
-	  Chunks = [{ChunkName, Bin}|lists:keydelete(ChunkName, 1, Chunks0)],
-	  {ok, BeamPlusNative} = beam_lib:build_module(Chunks),
-	  code:load_binary(Mod, code:which(Mod), BeamPlusNative)
-      end
+      %% Normal loading of a whole module
+      Architecture = erlang:system_info(hipe_architecture),
+      ChunkName = hipe_unified_loader:chunk_name(Architecture),
+      {ok, _, Chunks0} = beam_lib:all_chunks(BeamBinOrPath),
+      Chunks = [{ChunkName, Bin}|lists:keydelete(ChunkName, 1, Chunks0)],
+      {ok, BeamPlusNative} = beam_lib:build_module(Chunks),
+      code:load_binary(Mod, code:which(Mod), BeamPlusNative)
   end.
 
 assemble(CompiledCode, Closures, Exports, Options) ->
diff --git a/lib/hipe/opt/Makefile b/lib/hipe/opt/Makefile
index 74fde26c0b..4596201801 100644
--- a/lib/hipe/opt/Makefile
+++ b/lib/hipe/opt/Makefile
@@ -63,7 +63,7 @@ DOC_FILES= $(MODULES:%=$(DOCS)/%.html)
 
 include ../native.mk
 
-ERL_COMPILE_FLAGS += +warn_exported_vars +warn_missing_spec +warn_untyped_record
+ERL_COMPILE_FLAGS += +warn_exported_vars +warn_missing_spec # +warn_untyped_record
 
 # ----------------------------------------------------
 # Targets
diff --git a/lib/hipe/opt/hipe_schedule.erl b/lib/hipe/opt/hipe_schedule.erl
index 4925b2927b..4f153e17ad 100644
--- a/lib/hipe/opt/hipe_schedule.erl
+++ b/lib/hipe/opt/hipe_schedule.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2001-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -797,7 +797,7 @@ dep_arc(N, Lat, M, {Dag,Preds}) ->
 %% Returns     : A dependence graph sorted by To. 
 %% Description : A new arc that is added is sorted in the right place, and if
 %%               there is already an arc between nodes A and B, the one with 
-%%               the greatest latency is choosen.
+%%               the greatest latency is chosen.
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 add_arc(Lat,To, []) -> {[{Lat, To}], added};
 add_arc(Lat1, To, [{Lat2, To} | Arcs]) ->
diff --git a/lib/hipe/rtl/Makefile b/lib/hipe/rtl/Makefile
index 690045b978..48086ec79f 100644
--- a/lib/hipe/rtl/Makefile
+++ b/lib/hipe/rtl/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2001-2011. All Rights Reserved.
+# Copyright Ericsson AB 2001-2012. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -139,27 +139,35 @@ hipe_literals.hrl: $(HIPE_MKLITERALS)
 ../main/hipe.hrl: ../vsn.mk ../main/hipe.hrl.src
 	(cd ../main && $(MAKE) hipe.hrl)
 
-$(EBIN)/hipe_rtl.beam: hipe_rtl.hrl ../main/hipe.hrl
-$(EBIN)/hipe_rtl_arch.beam: hipe_rtl.hrl hipe_literals.hrl
-$(EBIN)/hipe_rtl_binary.beam: hipe_rtl.hrl hipe_literals.hrl
-$(EBIN)/hipe_rtl_bin_util.beam: hipe_rtl.hrl hipe_literals.hrl
-$(EBIN)/hipe_rtl_cfg.beam: hipe_rtl.hrl ../flow/cfg.hrl ../flow/cfg.inc ../main/hipe.hrl
-$(EBIN)/hipe_rtl_cleanup_const.beam: hipe_rtl.hrl
-$(EBIN)/hipe_rtl_liveness.beam: hipe_rtl.hrl ../flow/cfg.hrl ../flow/liveness.inc
-$(EBIN)/hipe_icode2rtl.beam: hipe_literals.hrl ../main/hipe.hrl ../icode/hipe_icode.hrl
-$(EBIN)/hipe_tagscheme.beam: hipe_rtl.hrl hipe_literals.hrl
-$(EBIN)/hipe_rtl_primops.beam: hipe_rtl.hrl ../icode/hipe_icode_primops.hrl hipe_literals.hrl ../main/hipe.hrl
+# 2012-02-24. Please keep these dependencies up to date. They tend to rot.
+# grep ^-include *.erl says a lot, but you need to dig further, e.g:
+# grep ^-include ../flow/*.{hrl,inc}
+$(EBIN)/hipe_icode2rtl.beam: \
+	../main/hipe.hrl ../icode/hipe_icode.hrl hipe_literals.hrl
+$(EBIN)/hipe_rtl_arch.beam: hipe_literals.hrl
 $(EBIN)/hipe_rtl_arith_32.beam: ../main/hipe.hrl hipe_rtl_arith.inc
 $(EBIN)/hipe_rtl_arith_64.beam: ../main/hipe.hrl hipe_rtl_arith.inc
-$(EBIN)/hipe_rtl_bs_ops.beam: hipe_literals.hrl ../main/hipe.hrl
-$(EBIN)/hipe_rtl_cerl_bs_ops.beam: ../main/hipe.hrl hipe_literals.hrl hipe_rtl.hrl
-$(EBIN)/hipe_rtl_exceptions.beam: hipe_literals.hrl ../main/hipe.hrl
-$(EBIN)/hipe_rtl_inline_bs_ops.beam: hipe_rtl.hrl hipe_literals.hrl ../main/hipe.hrl
+$(EBIN)/hipe_rtl_binary_construct.beam: \
+	../main/hipe.hrl hipe_rtl.hrl hipe_literals.hrl
+$(EBIN)/hipe_rtl_binary_match.beam: hipe_literals.hrl
+$(EBIN)/hipe_rtl_cfg.beam: \
+	../main/hipe.hrl hipe_rtl.hrl ../flow/cfg.hrl ../flow/cfg.inc
+$(EBIN)/hipe_rtl_cleanup_const.beam: hipe_rtl.hrl
+$(EBIN)/hipe_rtl.beam: ../main/hipe.hrl hipe_rtl.hrl
+$(EBIN)/hipe_rtl_exceptions.beam: ../main/hipe.hrl hipe_literals.hrl
+$(EBIN)/hipe_rtl_lcm.beam: ../main/hipe.hrl hipe_rtl.hrl ../flow/cfg.hrl
+$(EBIN)/hipe_rtl_liveness.beam: hipe_rtl.hrl ../flow/cfg.hrl ../flow/liveness.inc
 $(EBIN)/hipe_rtl_mk_switch.beam: ../main/hipe.hrl
-$(EBIN)/hipe_rtl_lcm.beam: ../flow/cfg.hrl hipe_rtl.hrl
-$(EBIN)/hipe_rtl_symbolic.beam: hipe_rtl.hrl hipe_literals.hrl ../flow/cfg.hrl ../icode/hipe_icode_primops.hrl
-$(EBIN)/hipe_rtl_varmap.beam: ../main/hipe.hrl ../icode/hipe_icode.hrl
-
-$(EBIN)/hipe_rtl_ssa.beam: ../ssa/hipe_ssa.inc ../main/hipe.hrl ../ssa/hipe_ssa_liveness.inc hipe_rtl.hrl
-$(EBIN)/hipe_rtl_ssa_const_prop.beam: hipe_rtl.hrl ../main/hipe.hrl ../flow/cfg.hrl ../ssa/hipe_ssa_const_prop.inc
-$(EBIN)/hipe_rtl_ssapre.beam: ../main/hipe.hrl ../flow/cfg.hrl hipe_rtl.hrl
+$(EBIN)/hipe_rtl_primops.beam: ../main/hipe.hrl \
+	../icode/hipe_icode_primops.hrl hipe_rtl.hrl hipe_literals.hrl
+$(EBIN)/hipe_rtl_ssa_avail_expr.beam: ../main/hipe.hrl hipe_rtl.hrl
+$(EBIN)/hipe_rtl_ssa_const_prop.beam: ../main/hipe.hrl hipe_rtl.hrl \
+	../flow/cfg.hrl ../ssa/hipe_ssa_const_prop.inc
+$(EBIN)/hipe_rtl_ssa.beam: hipe_rtl.hrl \
+	../main/hipe.hrl ../ssa/hipe_ssa_liveness.inc ../ssa/hipe_ssa.inc
+$(EBIN)/hipe_rtl_ssapre.beam: ../main/hipe.hrl hipe_rtl.hrl
+$(EBIN)/hipe_rtl_symbolic.beam: hipe_rtl.hrl hipe_literals.hrl \
+	../icode/hipe_icode_primops.hrl
+$(EBIN)/hipe_rtl_varmap.beam: ../main/hipe.hrl \
+	../misc/hipe_consttab.hrl ../icode/hipe_icode.hrl
+$(EBIN)/hipe_tagscheme.beam: hipe_rtl.hrl hipe_literals.hrl
diff --git a/lib/hipe/tools/Makefile b/lib/hipe/tools/Makefile
index 0eaa3a7b05..f90d3c9f70 100644
--- a/lib/hipe/tools/Makefile
+++ b/lib/hipe/tools/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2002-2010. All Rights Reserved.
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -42,7 +42,7 @@ RELSYSDIR = $(RELEASE_PATH)/lib/hipe-$(VSN)
 # ----------------------------------------------------
 # Target Specs
 # ----------------------------------------------------
-MODULES = hipe_tool hipe_profile hipe_ceach hipe_jit
+MODULES = hipe_tool hipe_profile hipe_jit
 #	  hipe_timer
 
 HRL_FILES=
diff --git a/lib/hipe/tools/hipe_ceach.erl b/lib/hipe/tools/hipe_ceach.erl
deleted file mode 100644
index b29615e169..0000000000
--- a/lib/hipe/tools/hipe_ceach.erl
+++ /dev/null
@@ -1,74 +0,0 @@
-%% -*- erlang-indent-level: 2 -*-
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% Copyright (c) 2001 by Erik Johansson.  All Rights Reserved 
-%% ====================================================================
-%%  Module   :	hipe_ceach
-%%  Purpose  :  Compile each function in a module, possibly applying a
-%%              fun between each compilation. Useful for bug hunting by
-%%		pinpointing a function that when compiled causes a bug.
-%%  Notes    : 
-%%  History  :	* 2001-12-11 Erik Johansson ([email protected]): Created.
-%% ====================================================================
-%%  Exports  :
-%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
--module(hipe_ceach).
-
--export([c/1, c/2, c/3]).
-
--include("../main/hipe.hrl").
-
-%%---------------------------------------------------------------------
-
--spec c(atom()) -> 'ok'.
-
-c(M) ->
-  lists:foreach(fun({F,A}) -> comp(M, F, A) end,
-		M:module_info(functions)).
-
--spec c(atom(), comp_options()) -> 'ok'.
-
-c(M, Opts) ->
-  lists:foreach(fun({F,A}) -> comp(M, F, A, Opts) end,
-		M:module_info(functions)).
-
--spec c(atom(), comp_options(), fun(() -> any())) -> 'ok'.
-
-c(M, Opts, Fn) ->
-  lists:foreach(fun({F,A}) -> comp(M, F, A, Opts), Fn() end,
-		M:module_info(functions)).
-
--spec comp(atom(), atom(), arity()) -> 'ok'.
-
-comp(M, F, A) ->
-  io:format("~w:~w/~w... ", [M, F, A]),
-  MFA = {M, F, A},
-  {ok, MFA} = hipe:c(MFA),
-  io:format("OK\n").
-
--spec comp(atom(), atom(), arity(), comp_options()) -> 'ok'.
-
-comp(M, F, A, Opts) ->
-  io:format("~w:~w/~w... ", [M, F, A]),
-  MFA = {M, F, A},
-  {ok, MFA} = hipe:c(MFA, Opts),
-  io:format("OK\n").
diff --git a/lib/hipe/tools/hipe_profile.erl b/lib/hipe/tools/hipe_profile.erl
index 7566acb8f4..ea6b1fb42c 100644
--- a/lib/hipe/tools/hipe_profile.erl
+++ b/lib/hipe/tools/hipe_profile.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -89,7 +89,7 @@ calls() ->
 %%   F(), 
 %%   %% Get result.
 %%   R = res(),
-%%   %% Turn of profiling.
+%%   %% Turn off profiling.
 %%   prof_off(),
 %%   R.
 
diff --git a/lib/hipe/tools/hipe_tool.erl b/lib/hipe/tools/hipe_tool.erl
index 990805ceca..190a68ee56 100644
--- a/lib/hipe/tools/hipe_tool.erl
+++ b/lib/hipe/tools/hipe_tool.erl
@@ -30,6 +30,18 @@
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 -module(hipe_tool).
+-compile([{nowarn_deprecated_function,{gs,button,3}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,editor,3}},
+          {nowarn_deprecated_function,{gs,label,3}},
+          {nowarn_deprecated_function,{gs,listbox,3}},
+          {nowarn_deprecated_function,{gs,menu,3}},
+          {nowarn_deprecated_function,{gs,menubar,3}},
+          {nowarn_deprecated_function,{gs,menubutton,3}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 -export([start/0]).
 
diff --git a/lib/hipe/util/hipe_dot.erl b/lib/hipe/util/hipe_dot.erl
index d6ef801c88..e4a47ae0c4 100644
--- a/lib/hipe/util/hipe_dot.erl
+++ b/lib/hipe/util/hipe_dot.erl
@@ -2,7 +2,7 @@
 %%%
 %%% %CopyrightBegin%
 %%% 
-%%% Copyright Ericsson AB 2004-2009. All Rights Reserved.
+%%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%% 
 %%% The contents of this file are subject to the Erlang Public License,
 %%% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/hipe/vsn.mk b/lib/hipe/vsn.mk
index 65e04ff7fa..347a0336cd 100644
--- a/lib/hipe/vsn.mk
+++ b/lib/hipe/vsn.mk
@@ -1 +1 @@
-HIPE_VSN = 3.8.1
+HIPE_VSN = 3.9
diff --git a/lib/ic/c_src/Makefile.in b/lib/ic/c_src/Makefile.in
index 28040ca42d..5e034c47c6 100644
--- a/lib/ic/c_src/Makefile.in
+++ b/lib/ic/c_src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1998-2009. All Rights Reserved.
+# Copyright Ericsson AB 1998-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ic/doc/src/Makefile b/lib/ic/doc/src/Makefile
index 1e93578cb1..208f16e441 100644
--- a/lib/ic/doc/src/Makefile
+++ b/lib/ic/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1998-2010. All Rights Reserved.
+# Copyright Ericsson AB 1998-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ic/doc/src/notes.xml b/lib/ic/doc/src/notes.xml
index ff289bd76c..6329bf1fb5 100644
--- a/lib/ic/doc/src/notes.xml
+++ b/lib/ic/doc/src/notes.xml
@@ -30,7 +30,25 @@
     <file>notes.xml</file>
   </header>
 
-   <section>
+   <section><title>IC 4.2.29</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section>
     <title>IC 4.2.28</title>
 
     <section>
diff --git a/lib/ic/examples/pre_post_condition/Makefile b/lib/ic/examples/pre_post_condition/Makefile
index d57133c964..8f85babb1a 100644
--- a/lib/ic/examples/pre_post_condition/Makefile
+++ b/lib/ic/examples/pre_post_condition/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ic/vsn.mk b/lib/ic/vsn.mk
index 703c8d29eb..e21fc8fbb2 100644
--- a/lib/ic/vsn.mk
+++ b/lib/ic/vsn.mk
@@ -1 +1 @@
-IC_VSN = 4.2.28
+IC_VSN = 4.2.29
diff --git a/lib/inets/Makefile b/lib/inets/Makefile
index 4765a2ca3c..d837a3396a 100644
--- a/lib/inets/Makefile
+++ b/lib/inets/Makefile
@@ -31,12 +31,16 @@ VSN = $(INETS_VSN)
 
 SPECIAL_TARGETS = 
 
+DIA_PLT      = ./priv/plt/$(APPLICATION).plt
+DIA_ANALYSIS = $(basename $(DIA_PLT)).dialyzer_analysis
+
+
 # ----------------------------------------------------
 # Default Subdir Targets
 # ----------------------------------------------------
 include $(ERL_TOP)/make/otp_subdir.mk
 
-.PHONY: info gclean
+.PHONY: info gclean dialyzer dialyzer_plt dclean
 
 info:
 	@echo "OS:        $(OS)"
@@ -45,6 +49,29 @@ info:
 	@echo "INETS_VSN: $(INETS_VSN)"
 	@echo "APP_VSN:   $(APP_VSN)"
 	@echo ""
+	@echo "DIA_PLT:      $(DIA_PLT)"
+	@echo "DIA_ANALYSIS: $(DIA_ANALYSIS)"
+	@echo ""
 
 gclean: 
 	git clean -fXd
+
+dclean:
+	rm -f $(DIA_PLT)
+	rm -f $(DIA_ANALYSIS)
+
+dialyzer_plt: $(DIA_PLT)
+
+$(DIA_PLT): 
+	@echo "Building $(APPLICATION) plt file"
+	@dialyzer --build_plt \
+                  --output_plt $@ \
+                  -r ../$(APPLICATION)/ebin \
+                  --output $(DIA_ANALYSIS) \
+                  --verbose
+
+dialyzer: $(DIA_PLT)
+	@echo "Running dialyzer on $(APPLICATION)"
+	@dialyzer --plt $< \
+                  ../$(APPLICATION)/ebin \
+                  --verbose
diff --git a/lib/inets/doc/src/Makefile b/lib/inets/doc/src/Makefile
index 82f2a5829f..53d505b102 100644
--- a/lib/inets/doc/src/Makefile
+++ b/lib/inets/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1997-2010. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/inets/doc/src/httpc.xml b/lib/inets/doc/src/httpc.xml
index b1f964ae69..48a2089605 100644
--- a/lib/inets/doc/src/httpc.xml
+++ b/lib/inets/doc/src/httpc.xml
@@ -178,13 +178,14 @@ filename()       = string()
         <v>timeout() = integer() >= 0 | infinity</v>
         <v>Options = options()</v>
         <v>options() = [option()]</v>
-        <v>option() = {sync,          boolean()} | 
-                      {stream,        stream_to()} | 
-                      {body_format,   body_format()} | 
-                      {full_result,   boolean()} | 
-                      {headers_as_is, boolean() |
-                      {socket_opts,   socket_opts()} | 
-                      {receiver,      receiver()}}</v>
+        <v>option() = {sync,                    boolean()} | 
+                      {stream,                  stream_to()} | 
+                      {body_format,             body_format()} | 
+                      {full_result,             boolean()} | 
+                      {headers_as_is,           boolean() |
+                      {socket_opts,             socket_opts()} | 
+                      {receiver,                receiver()},
+	              {ipv6_host_with_brackets, boolean()}}</v>
         <v>stream_to() = none | self | {self, once} | filename() </v>
         <v>socket_opts() = [socket_opt()]</v>
         <v>receiver() = pid() | function()/1 | {Module, Function, Args} </v>
@@ -407,7 +408,18 @@ apply(Module, Function, [ReplyInfo | Args])
 
             <p>Defaults to the <c>pid()</c> of the process calling the request 
 	    function (<c>self()</c>). </p>
+
+	    <marker id="ipv6_host_with_brackets"></marker>
+	  </item>
+
+          <tag><c><![CDATA[ipv6_host_with_brackets]]></c></tag>
+          <item>
+            <p>When parsing the Host-Port part of an URI with a IPv6 address 
+	    with brackets, shall we retain those brackets (<c>true</c>) or 
+	    strip them (<c>false</c>). </p>
+            <p>Defaults to <c>false</c>. </p>
 	  </item>
+
         </taglist>
 
         <marker id="cancel_request"></marker>
@@ -572,17 +584,24 @@ apply(Module, Function, [ReplyInfo | Args])
 
     <func>
       <name>cookie_header(Url) -> </name>
-      <name>cookie_header(Url, Profile) -> header() | {error, Reason}</name>
+      <name>cookie_header(Url, Profile | Opts) -> header() | {error, Reason}</name>
+      <name>cookie_header(Url, Opts, Profile) -> header() | {error, Reason}</name>
       <fsummary>Returns the cookie header that would be sent when
       making a request to Url using the profile <c>Profile</c>.</fsummary>
       <type>
         <v>Url = url()</v>
+        <v>Opts = [cookie_header_opt()]</v>
 	<v>Profile = profile() | pid() (when started <c>stand_alone</c>)</v>
+        <v>cookie_header_opt() = {ipv6_host_with_brackets, boolean()}</v>
       </type>
       <desc>
         <p>Returns the cookie header that would be sent
 	when making a request to <c>Url</c> using the profile <c>Profile</c>.
 	If no profile is specified the default profile will be used. </p>
+	<p>The option <c>ipv6_host_with_bracket</c> deals with how to 
+	parse IPv6 addresses. 
+	See the <c>Options</c> argument of the 
+	<seealso marker="#request2">request/4,5</seealso> for more info. </p>
 
         <marker id="reset_cookies"></marker>
       </desc>
diff --git a/lib/inets/doc/src/notes.xml b/lib/inets/doc/src/notes.xml
index 7f0f61148c..cfc58b8ddb 100644
--- a/lib/inets/doc/src/notes.xml
+++ b/lib/inets/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2002</year><year>2011</year>
+      <year>2002</year><year>2012</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -32,6 +32,58 @@
     <file>notes.xml</file>
   </header>
   
+
+  <section><title>Inets 5.8.1</title>
+    <section><title>Improvements and New Features</title>
+    <p>-</p>
+
+<!--
+      <list>
+        <item>
+          <p>[httpc|httpd] Added support for IPv6 with ssl. </p>
+          <p>Own Id: OTP-5566</p>
+        </item>
+
+      </list>
+-->
+
+    </section>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+<!--
+    <p>-</p>
+-->
+
+      <list>
+        <item>
+          <p>[ftp] Fails to open IPv6 connection due to badly formatted
+          IPv6 address in EPRT command. The address part of the command
+          incorrectly contained decimal elements instead of hexadecimal. </p>
+          <p>Own Id: OTP-9827</p>
+          <p>Aux Id: Seq 11970 </p>
+        </item>
+
+        <item>
+          <p>[httpc] Bad Keep Alive Mode. When selecting a session, 
+          the "state" of the session (specifically if the server has 
+          responded) was not taken into account. </p>
+          <p>Own Id: OTP-9847</p>
+        </item>
+
+        <item>
+          <p>[httpc] The client incorrectly streams 404 responses. 
+          The documentation specifies that only 200 and 206 responses 
+          shall be streamed. </p>
+          <p>Shane Evens</p>
+          <p>Own Id: OTP-9860</p>
+        </item>
+
+      </list>
+    </section>
+  
+  </section> <!-- 5.8.1 -->
+
+
   <section><title>Inets 5.8</title>
 
     <section><title>Improvements and New Features</title>
@@ -50,6 +102,21 @@
 	  <p>Own Id: OTP-9545</p>
         </item>
 
+        <item>
+          <p>[httpc] Wrong Host header in IPv6 HTTP requests.
+	  When a URI with a IPv6 host is parsed, the brackets that encapsulates
+	  the address part is removed. This value is then supplied as the host 
+	  header. This can cause problems with some servers.
+	  A workaround for this is to use headers_as_is and provide the host
+	  header with the requst call. 
+	  To solve this a new option has been added, 
+	  <seealso marker="httpc#ipv6_host_with_brackets">ipv6_host_with_brackets</seealso>. 
+	  This option specifies if the host value of the host header shall 
+	  include the brackets or not. By default, it does not (as before). 
+	  </p>
+	  <p>Own Id: OTP-9628</p>
+        </item>
+
       </list>
 
     </section>
@@ -66,6 +133,20 @@
 	  <p>Own Id: OTP-9715</p>
         </item>
 
+        <item>
+          <p>[httpd] Sometimes entries in the transfer log was written 
+	  with the message size as list of numbers. This list was actually 
+	  the size as a string, e.g. "123", written with the control 
+	  sequence ~w. This has now been corrected so that any string is 
+	  converted to an integer (if possible). </p>
+	  <p>Own Id: OTP-9733</p>
+        </item>
+
+        <item>
+          <p>Fixed various problems detected by Dialyzer. </p>
+	  <p>Own Id: OTP-9736</p>
+        </item>
+
       </list>
 
     </section>
diff --git a/lib/inets/priv/plt/.gitignore b/lib/inets/priv/plt/.gitignore
new file mode 100644
index 0000000000..2051b52d48
--- /dev/null
+++ b/lib/inets/priv/plt/.gitignore
@@ -0,0 +1,2 @@
+/*.plt
+/*.dialyzer_analysis
diff --git a/lib/inets/src/ftp/ftp.erl b/lib/inets/src/ftp/ftp.erl
index b6da92947c..560ee55271 100644
--- a/lib/inets/src/ftp/ftp.erl
+++ b/lib/inets/src/ftp/ftp.erl
@@ -1987,17 +1987,14 @@ setup_ctrl_connection(Host, Port, Timeout, State) ->
 setup_data_connection(#state{mode   = active, 
 			     caller = Caller, 
 			     csock  = CSock} = State) ->    
-    IntToString = fun(Element) -> integer_to_list(Element) end,
-    
     case (catch inet:sockname(CSock)) of
 	{ok, {{_, _, _, _, _, _, _, _} = IP, _}} ->
 	    {ok, LSock} = 
 		gen_tcp:listen(0, [{ip, IP}, {active, false},
 				   inet6, binary, {packet, 0}]),
 	    {ok, Port} = inet:port(LSock),
-	    Cmd = mk_cmd("EPRT |2|~s:~s:~s:~s:~s:~s:~s:~s|~s|", 
-			 lists:map(IntToString, 
-				   tuple_to_list(IP) ++ [Port])),
+	    IpAddress = inet_parse:ntoa(IP),
+	    Cmd = mk_cmd("EPRT |2|~s|~p|", [IpAddress, Port]),
 	    send_ctrl_message(State, Cmd),
 	    activate_ctrl_connection(State),  
 	    {noreply, State#state{caller = {setup_data_connection, 
diff --git a/lib/inets/src/http_client/Makefile b/lib/inets/src/http_client/Makefile
index 3960c36d00..d490e59929 100644
--- a/lib/inets/src/http_client/Makefile
+++ b/lib/inets/src/http_client/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2005-2010. All Rights Reserved.
+# Copyright Ericsson AB 2005-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/inets/src/http_client/httpc.erl b/lib/inets/src/http_client/httpc.erl
index d72c34fa6b..ae87ceed93 100644
--- a/lib/inets/src/http_client/httpc.erl
+++ b/lib/inets/src/http_client/httpc.erl
@@ -34,7 +34,7 @@
 	 set_option/2, set_option/3,
 	 set_options/1, set_options/2,
 	 store_cookies/2, store_cookies/3, 
-	 cookie_header/1, cookie_header/2, 
+	 cookie_header/1, cookie_header/2, cookie_header/3, 
 	 which_cookies/0, which_cookies/1, 
 	 reset_cookies/0, reset_cookies/1, 
 	 stream_next/1,
@@ -290,25 +290,36 @@ store_cookies(SetCookieHeaders, Url, Profile)
 
 
 %%--------------------------------------------------------------------------
-%% cookie_header(Url [, Profile]) -> Header | {error, Reason}
-%%               
+%% cookie_header(Url) -> Header | {error, Reason}
+%% cookie_header(Url, Profile) -> Header | {error, Reason}
+%% cookie_header(Url, Opts,  Profile) -> Header | {error, Reason}
+%% 
 %% Description: Returns the cookie header that would be sent when making
 %% a request to <Url>.
 %%-------------------------------------------------------------------------
 cookie_header(Url) ->
     cookie_header(Url, default_profile()).
 
-cookie_header(Url, Profile) ->
+cookie_header(Url, Profile) when is_atom(Profile) orelse is_pid(Profile) ->
+    cookie_header(Url, [], Profile);
+cookie_header(Url, Opts) when is_list(Opts) ->
+    cookie_header(Url, Opts, default_profile()).
+
+cookie_header(Url, Opts, Profile) 
+  when (is_list(Opts) andalso (is_atom(Profile) orelse is_pid(Profile))) ->
     ?hcrt("cookie header", [{url,     Url},
+			    {opts,    Opts}, 
 			    {profile, Profile}]),
     try 
 	begin
-	    httpc_manager:which_cookies(Url, profile_name(Profile))
+	    httpc_manager:which_cookies(Url, Opts, profile_name(Profile))
 	end
     catch 
 	exit:{noproc, _} ->
 	    {error, {not_started, Profile}}
     end.
+    
+    
 
 
 %%--------------------------------------------------------------------------
diff --git a/lib/inets/src/http_client/httpc_handler.erl b/lib/inets/src/http_client/httpc_handler.erl
index 587e24cc8d..bfe9b14ef6 100644
--- a/lib/inets/src/http_client/httpc_handler.erl
+++ b/lib/inets/src/http_client/httpc_handler.erl
@@ -157,12 +157,12 @@ info(Pid) ->
 %%              memory in vain.)
 %%--------------------------------------------------------------------
 %% Request should not be streamed
-stream(BodyPart, Request = #request{stream = none}, _) ->
+stream(BodyPart, #request{stream = none} = Request, _) ->
     ?hcrt("stream - none", []),
     {BodyPart, Request};
 
 %% Stream to caller
-stream(BodyPart, Request = #request{stream = Self}, Code) 
+stream(BodyPart, #request{stream = Self} = Request, Code) 
   when ((Code =:= 200) orelse  (Code =:= 206)) andalso 
        ((Self =:= self) orelse (Self =:= {self, once})) ->
     ?hcrt("stream - self", [{stream, Self}, {code, Code}]),
@@ -170,17 +170,10 @@ stream(BodyPart, Request = #request{stream = Self}, Code)
 			{Request#request.id, stream, BodyPart}),
     {<<>>, Request};
 
-stream(BodyPart, Request = #request{stream = Self}, 404) 
-  when (Self =:= self) orelse (Self =:= {self, once}) ->
-    ?hcrt("stream - self with 404", [{stream, Self}]),
-    httpc_response:send(Request#request.from, 
-			{Request#request.id, stream, BodyPart}),
-    {<<>>, Request};
-
 %% Stream to file
 %% This has been moved to start_stream/3
 %% We keep this for backward compatibillity...
-stream(BodyPart, Request = #request{stream = Filename}, Code)
+stream(BodyPart, #request{stream = Filename} = Request, Code)
   when ((Code =:= 200) orelse (Code =:= 206)) andalso is_list(Filename) -> 
     ?hcrt("stream - filename", [{stream, Filename}, {code, Code}]),
     case file:open(Filename, [write, raw, append, delayed_write]) of
@@ -192,7 +185,7 @@ stream(BodyPart, Request = #request{stream = Filename}, Code)
     end;
 
 %% Stream to file
-stream(BodyPart, Request = #request{stream = Fd}, Code)  
+stream(BodyPart, #request{stream = Fd} = Request, Code)  
   when ((Code =:= 200) orelse (Code =:= 206)) -> 
     ?hcrt("stream to file", [{stream, Fd}, {code, Code}]),
     case file:write(Fd, BodyPart) of
@@ -295,7 +288,7 @@ handle_call(#request{address = Addr} = Request, _,
 					%% Queue + current
 					queue:len(NewPipeline) + 1,
 					client_close = ClientClose},
-		    httpc_manager:insert_session(NewSession, ProfileName),
+		    insert_session(NewSession, ProfileName),
 		    ?hcrd("session updated", []),
                     {reply, ok, State#state{pipeline = NewPipeline,
 					    session  = NewSession,
@@ -363,7 +356,7 @@ handle_call(#request{address = Addr} = Request, _,
 					%% Queue + current
 					queue:len(NewKeepAlive) + 1,
 					client_close = ClientClose},
-		    httpc_manager:insert_session(NewSession, ProfileName),
+		    insert_session(NewSession, ProfileName),
 		    ?hcrd("session updated", []),
                     {reply, ok, State#state{keep_alive = NewKeepAlive,
 					    session    = NewSession,
@@ -377,7 +370,7 @@ handle_call(#request{address = Addr} = Request, _,
 		    NewSession = 
 			Session#session{queue_length = 1,
 					client_close = ClientClose},
-		    httpc_manager:insert_session(NewSession, ProfileName),
+		    insert_session(NewSession, ProfileName),
 		    Relaxed = 
 			(Request#request.settings)#http_options.relaxed,
 		    MFA = {httpc_response, parse,
@@ -766,23 +759,52 @@ deliver_answer(Request) ->
 %% Func: code_change(_OldVsn, State, Extra) -> {ok, NewState}
 %% Purpose: Convert process state when code is changed
 %%--------------------------------------------------------------------
-%% code_change(_, #state{request = Request, pipeline = Queue} = State, 
-%% 	    [{from, '5.0.1'}, {to, '5.0.2'}]) ->
-%%     Settings = new_http_options(Request#request.settings),
-%%     NewRequest = Request#request{settings = Settings},
-%%     NewQueue = new_queue(Queue, fun new_http_options/1),
-%%     {ok, State#state{request = NewRequest, pipeline = NewQueue}};
-
-%% code_change(_, #state{request = Request, pipeline = Queue} = State, 
-%% 	    [{from, '5.0.2'}, {to, '5.0.1'}]) ->
-%%     Settings = old_http_options(Request#request.settings),
-%%     NewRequest = Request#request{settings = Settings},
-%%     NewQueue = new_queue(Queue, fun old_http_options/1),
-%%     {ok, State#state{request = NewRequest, pipeline = NewQueue}};
+
+code_change(_, 
+	    #state{session      = OldSession, 
+		   profile_name = ProfileName} = State, 
+	    upgrade_from_pre_5_8_1) ->
+    case OldSession of
+	{session, 
+	 Id, ClientClose, Scheme, Socket, SocketType, QueueLen, Type} ->
+	    NewSession = #session{id           = Id, 
+				  client_close = ClientClose, 
+				  scheme       = Scheme, 
+				  socket       = Socket, 
+				  socket_type  = SocketType,
+				  queue_length = QueueLen, 
+				  type         = Type}, 
+	    insert_session(NewSession, ProfileName), 
+	    {ok, State#state{session = NewSession}};
+	_ -> 
+	    {ok, State}
+    end;
+
+code_change(_, 
+	    #state{session      = OldSession, 
+		   profile_name = ProfileName} = State, 
+	    downgrade_to_pre_5_8_1) ->
+    case OldSession of
+	#session{id           = Id, 
+		 client_close = ClientClose, 
+		 scheme       = Scheme, 
+		 socket       = Socket, 
+		 socket_type  = SocketType,
+		 queue_length = QueueLen, 
+		 type         = Type} ->
+	    NewSession = {session, 
+			  Id, ClientClose, Scheme, Socket, SocketType, 
+			  QueueLen, Type},
+	    insert_session(NewSession, ProfileName), 
+	    {ok, State#state{session = NewSession}};
+	_ -> 
+	    {ok, State}
+    end;
 
 code_change(_, State, _) ->
     {ok, State}.
 
+
 %% new_http_options({http_options, TimeOut, AutoRedirect, SslOpts,
 %% 		  Auth, Relaxed}) ->
 %%     {http_options, "HTTP/1.1", TimeOut, AutoRedirect, SslOpts,
@@ -1181,7 +1203,7 @@ handle_pipeline(#state{status       = pipeline,
 
     case queue:out(State#state.pipeline) of
 	{empty, _} ->
-	    ?hcrd("epmty pipeline queue", []),
+	    ?hcrd("pipeline queue empty", []),
 	    
 	    %% The server may choose too teminate an idle pipeline
 	    %% in this case we want to receive the close message
@@ -1191,9 +1213,8 @@ handle_pipeline(#state{status       = pipeline,
 
 	    %% If a pipeline that has been idle for some time is not
 	    %% closed by the server, the client may want to close it.
-	    NewState   = activate_queue_timeout(TimeOut, State),
-	    NewSession = Session#session{queue_length = 0},
-	    httpc_manager:insert_session(NewSession, ProfileName),
+	    NewState = activate_queue_timeout(TimeOut, State),
+	    update_session(ProfileName, Session, #session.queue_length, 0), 
 	    %% Note mfa will be initilized when a new request 
 	    %% arrives.
 	    {noreply, 
@@ -1203,6 +1224,7 @@ handle_pipeline(#state{status       = pipeline,
 			    headers     = undefined,
 			    body        = undefined}};
 	{{value, NextRequest}, Pipeline} ->    
+	    ?hcrd("pipeline queue non-empty", []),
 	    case lists:member(NextRequest#request.id, 
 			      State#state.canceled) of		
 		true ->
@@ -1218,7 +1240,7 @@ handle_pipeline(#state{status       = pipeline,
 			Session#session{queue_length =
 					%% Queue + current
 					queue:len(Pipeline) + 1},
-		    httpc_manager:insert_session(NewSession, ProfileName),
+		    insert_session(NewSession, ProfileName),
 		    Relaxed = 
 			(NextRequest#request.settings)#http_options.relaxed,
 		    MFA = {httpc_response, 
@@ -1257,7 +1279,7 @@ handle_keep_alive_queue(
 
     case queue:out(State#state.keep_alive) of
 	{empty, _} ->
-	    ?hcrd("empty keep_alive queue", []),
+	    ?hcrd("keep_alive queue empty", []),
 	    %% The server may choose too terminate an idle keep_alive session
 	    %% in this case we want to receive the close message
 	    %% at once and not when trying to send the next
@@ -1266,8 +1288,7 @@ handle_keep_alive_queue(
 	    %% If a keep_alive session has been idle for some time is not
 	    %% closed by the server, the client may want to close it.
 	    NewState = activate_queue_timeout(TimeOut, State),
-	    NewSession = Session#session{queue_length = 0},
-	    httpc_manager:insert_session(NewSession, ProfileName),
+	    update_session(ProfileName, Session, #session.queue_length, 0),
 	    %% Note mfa will be initilized when a new request 
 	    %% arrives.
 	    {noreply, 
@@ -1279,6 +1300,7 @@ handle_keep_alive_queue(
 			   } 
 	    };
 	{{value, NextRequest}, KeepAlive} ->    
+	    ?hcrd("keep_alive queue non-empty", []),
 	    case lists:member(NextRequest#request.id, 
 			      State#state.canceled) of		
 		true ->
@@ -1388,10 +1410,10 @@ try_to_enable_pipeline_or_keep_alive(
 	    case (is_pipeline_enabled_client(Session) andalso 
 		  httpc_request:is_idempotent(Method)) of
 		true ->
-		    httpc_manager:insert_session(Session, ProfileName),
+		    insert_session(Session, ProfileName),
 		    State#state{status = pipeline};
 		false ->
-		    httpc_manager:insert_session(Session, ProfileName),
+		    insert_session(Session, ProfileName),
 		    %% Make sure type is keep_alive in session
 		    %% as it in this case might be pipeline
 		    NewSession = Session#session{type = keep_alive}, 
@@ -1403,7 +1425,9 @@ try_to_enable_pipeline_or_keep_alive(
     end.
 
 answer_request(#request{id = RequestId, from = From} = Request, Msg, 
-	       #state{timers = Timers, profile_name = ProfileName} = State) -> 
+	       #state{session      = Session, 
+		      timers       = Timers, 
+		      profile_name = ProfileName} = State) -> 
     ?hcrt("answer request", [{request, Request}, {msg, Msg}]),
     httpc_response:send(From, Msg),
     RequestTimers = Timers#timers.request_timers,
@@ -1412,12 +1436,20 @@ answer_request(#request{id = RequestId, from = From} = Request, Msg,
     Timer = {RequestId, TimerRef},
     cancel_timer(TimerRef, {timeout, Request#request.id}),
     httpc_manager:request_done(RequestId, ProfileName),
-
+    NewSession = maybe_make_session_available(ProfileName, Session), 
+    Timers2 = Timers#timers{request_timers = lists:delete(Timer, 
+							  RequestTimers)}, 
     State#state{request = Request#request{from = answer_sent},
-		timers = 
-		Timers#timers{request_timers =
-			      lists:delete(Timer, RequestTimers)}}.
-
+		session = NewSession, 
+		timers  = Timers2}.
+
+maybe_make_session_available(ProfileName, 
+			     #session{available = false} = Session) ->
+    update_session(ProfileName, Session, #session.available, true),
+    Session#session{available = true};
+maybe_make_session_available(_ProfileName, Session) ->
+    Session.
+    
 cancel_timers(#timers{request_timers = ReqTmrs, queue_timer = QTmr}) ->
     cancel_timer(QTmr, timeout_queue),
     CancelTimer = fun({_, Timer}) -> cancel_timer(Timer, timeout) end, 
@@ -1656,6 +1688,28 @@ send_raw(SocketType, Socket, ProcessBody, Acc) ->
     end.
 
 
+%% ---------------------------------------------------------------------
+%% Session wrappers
+%% ---------------------------------------------------------------------
+
+insert_session(Session, ProfileName) ->
+    httpc_manager:insert_session(Session, ProfileName).
+
+
+update_session(ProfileName, #session{id = SessionId} = Session, Pos, Value) ->
+    try
+	begin
+	    httpc_manager:update_session(ProfileName, SessionId, Pos, Value)
+	end
+    catch
+	error:undef -> % This could happen during code upgrade
+	    Session2 = erlang:setelement(Pos, Session, Value),
+	    insert_session(Session2, ProfileName)
+    end.
+
+
+%% ---------------------------------------------------------------------
+
 call(Msg, Pid) ->
     Timeout = infinity,
     call(Msg, Pid, Timeout).
diff --git a/lib/inets/src/http_client/httpc_internal.hrl b/lib/inets/src/http_client/httpc_internal.hrl
index e4127d992d..8af752546c 100644
--- a/lib/inets/src/http_client/httpc_internal.hrl
+++ b/lib/inets/src/http_client/httpc_internal.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -115,17 +115,37 @@
 	}
        ).               
 
+
 -record(session,
 	{
-	  id,           % {{Host, Port}, HandlerPid}
-	  client_close, % true | false
-	  scheme,       % http (HTTP/TCP) | https (HTTP/SSL/TCP)
-	  socket,       % Open socket, used by connection
-	  socket_type,  % socket-type, used by connection
-	  queue_length = 1, % Current length of pipeline or keep-alive queue  
-	  type          % pipeline | keep_alive (wait for response before sending new request) 
+	  %% {{Host, Port}, HandlerPid}
+	  id, 
+
+	  %% true | false
+	  client_close, 
+
+	  %% http (HTTP/TCP) | https (HTTP/SSL/TCP)
+	  scheme, 
+
+	  %% Open socket, used by connection
+	  socket, 
+	  
+	  %% socket-type, used by connection
+	  socket_type,
+
+	  %% Current length of pipeline or keep-alive queue  
+	  queue_length = 1, 
+
+	  %% pipeline | keep_alive (wait for response before sending new request) 
+	  type, 
+
+	  %% true | false
+	  %% This will be true, when a response has been received for 
+	  %% the first request. See type above.
+	  available = false
 	 }).
 
+
 -record(http_cookie,
 	{
 	  domain,
diff --git a/lib/inets/src/http_client/httpc_manager.erl b/lib/inets/src/http_client/httpc_manager.erl
index ab575d867e..453081da21 100644
--- a/lib/inets/src/http_client/httpc_manager.erl
+++ b/lib/inets/src/http_client/httpc_manager.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2012. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -34,10 +34,11 @@
 	 retry_request/2, 
 	 redirect_request/2,
 	 insert_session/2, 
+	 update_session/4, 
 	 delete_session/2, 
 	 set_options/2, 
 	 store_cookies/3,
-	 which_cookies/1, which_cookies/2, 
+	 which_cookies/1, which_cookies/2, which_cookies/3, 
 	 reset_cookies/1, 
 	 session_type/1,
 	 info/1
@@ -193,6 +194,27 @@ insert_session(Session, ProfileName) ->
 
 
 %%--------------------------------------------------------------------
+%% Function: update_session(ProfileName, SessionId, Pos, Value) -> _
+%%	Session - #session{}
+%%      ProfileName - atom()
+%%
+%% Description: Update, only one field (Pos) of the session record
+%%              identified by the SessionId, the session information 
+%%              of the httpc manager table <ProfileName>_session_db. 
+%%              Intended to be called by the httpc request handler process.
+%%--------------------------------------------------------------------
+
+update_session(ProfileName, SessionId, Pos, Value) ->
+    SessionDbName = session_db_name(ProfileName), 
+    ?hcrt("update session", 
+	  [{id,      SessionId}, 
+	   {pos,     Pos}, 
+	   {value,   Value}, 
+	   {profile, ProfileName}]),
+    ets:update_element(SessionDbName, SessionId, {Pos, Value}).
+
+
+%%--------------------------------------------------------------------
 %% Function: delete_session(SessionId, ProfileName) -> _
 %%	SessionId -  {{Host, Port}, HandlerPid}
 %%      ProfileName - atom()
@@ -271,9 +293,11 @@ reset_cookies(ProfileName) ->
 
 which_cookies(ProfileName) when is_atom(ProfileName) ->
     call(ProfileName, which_cookies).
+
 which_cookies(Url, ProfileName) 
   when is_list(Url) andalso is_atom(ProfileName) ->
-    call(ProfileName, {which_cookies, Url, []}).
+    which_cookies(Url, [], ProfileName).
+
 which_cookies(Url, Options, ProfileName) 
   when is_list(Url) andalso is_list(Options) andalso is_atom(ProfileName) ->
     call(ProfileName, {which_cookies, Url, Options}).
@@ -557,9 +581,70 @@ terminate(_, State) ->
 %% Func: code_change(_OldVsn, State, Extra) -> {ok, NewState}
 %% Purpose: Convert process state when code is changed
 %%--------------------------------------------------------------------
-code_change(_OldVsn, State, _Extra) ->
+code_change(_, 
+	    #state{session_db = SessionDB} = State, 
+	    upgrade_from_pre_5_8_1) ->
+    Upgrade = 
+	fun({session, 
+	     Id, ClientClose, Scheme, Socket, SocketType, QueueLen, Type}) ->
+		{ok, #session{id           = Id, 
+			      client_close = ClientClose, 
+			      scheme       = Scheme, 
+			      socket       = Socket, 
+			      socket_type  = SocketType,
+			      queue_length = QueueLen, 
+			      type         = Type}};
+	   (_) -> % Already upgraded (by handler)
+		ignore
+	end,
+    (catch update_session_table(SessionDB, Upgrade)),
+    {ok, State};
+
+code_change(_, 
+	    #state{session_db = SessionDB} = State, 
+	    downgrade_to_pre_5_8_1) ->
+    Downgrade = 
+	fun(#session{id           = Id, 
+		     client_close = ClientClose, 
+		     scheme       = Scheme, 
+		     socket       = Socket, 
+		     socket_type  = SocketType,
+		     queue_length = QueueLen, 
+		     type         = Type}) ->
+		{ok, {session, 
+		      Id, ClientClose, Scheme, Socket, SocketType, 
+		      QueueLen, Type}};
+	   (_) -> % Already downgraded (by handler)
+		ignore
+	end,
+    (catch update_session_table(SessionDB, Downgrade)),
+    {ok, State};
+
+code_change(_, State, _) ->
     {ok, State}.
 
+%% This function is to catch everything that calls through the cracks...
+update_session_table(SessionDB, Transform) ->
+    ets:safe_fixtable(SessionDB, true),
+    update_session_table(SessionDB, ets:first(SessionDB), Transform),
+    ets:safe_fixtable(SessionDB, false).
+
+update_session_table(_SessionDB, '$end_of_table', _Transform) ->
+    ok;
+update_session_table(SessionDB, Key, Transform) ->
+    case ets:lookup(SessionDB, Key) of
+	[OldSession] ->
+	    case Transform(OldSession) of
+		{ok, NewSession} -> 
+		    ets:insert(SessionDB, NewSession);
+		ignore ->
+		    ok
+	    end;
+	_ ->
+	    ok
+    end,
+    update_session_table(SessionDB, ets:next(SessionDB, Key), Transform).
+
 
 %%--------------------------------------------------------------------
 %% Internal functions
@@ -688,6 +773,7 @@ select_session(Method, HostPort, Scheme, SessionType,
 			       scheme       = Scheme,
 			       queue_length = '$2',
 			       type         = SessionType,
+			       available    = true, 
 			       _            = '_'},
 	    %% {'_', {HostPort, '$1'}, false, Scheme, '_', '$2', SessionTyp}, 
 	    Candidates = ets:match(SessionDb, Pattern), 
@@ -725,7 +811,7 @@ pipeline_or_keep_alive(Request, HandlerPid, State) ->
 	    ets:insert(State#state.handler_db, {Request#request.id,
 						HandlerPid,
 						Request#request.from});
-	_  -> %timeout pipelining failed
+	_  -> % timeout pipelining failed
 	    start_handler(Request, State)
     end.
 
diff --git a/lib/inets/src/http_client/httpc_response.erl b/lib/inets/src/http_client/httpc_response.erl
index 2414ed0911..919115a23a 100644
--- a/lib/inets/src/http_client/httpc_response.erl
+++ b/lib/inets/src/http_client/httpc_response.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/inets/src/http_server/httpd_acceptor.erl b/lib/inets/src/http_server/httpd_acceptor.erl
index bcebb6a9e3..08ee9ee0d0 100644
--- a/lib/inets/src/http_server/httpd_acceptor.erl
+++ b/lib/inets/src/http_server/httpd_acceptor.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -139,11 +139,11 @@ acceptor_loop(Manager, SocketType, ListenSocket, ConfigDb, AcceptTimeout) ->
 	    handle_error(Reason, ConfigDb),
 	    ?MODULE:acceptor_loop(Manager, SocketType, ListenSocket, 
 				  ConfigDb, AcceptTimeout);
-	{'EXIT', _Reason} = EXIT ->
-	    ?hdri("accept exited", [{reason, _Reason}]),
-	    handle_error(EXIT, ConfigDb),
-	    ?MODULE:acceptor_loop(Manager, SocketType, ListenSocket, 
-				  ConfigDb, AcceptTimeout)
+	{'EXIT', Reason} ->
+	    ?hdri("accept exited", [{reason, Reason}]),
+	    ReasonString = 
+		lists:flatten(io_lib:format("Accept exit: ~p", [Reason])),
+	    accept_failed(ConfigDb, ReasonString)
     end.
 
 
@@ -189,15 +189,13 @@ handle_error(esslaccept, _) ->
     %% not write an error message.
     ok;
 
-handle_error({'EXIT', Reason}, ConfigDb) ->
-    String = lists:flatten(io_lib:format("Accept exit: ~p", [Reason])),
-    accept_failed(ConfigDb, String);
-
 handle_error(Reason, ConfigDb) ->
     String = lists:flatten(io_lib:format("Accept error: ~p", [Reason])),
     accept_failed(ConfigDb, String).
 
--spec accept_failed(_, string()) -> no_return(). 
+
+-spec accept_failed(ConfigDB     :: term(), 
+		    ReasonString :: string()) -> no_return(). 
 
 accept_failed(ConfigDb, String) ->
     error_logger:error_report(String),
diff --git a/lib/inets/src/http_server/httpd_log.erl b/lib/inets/src/http_server/httpd_log.erl
index db1e2c627a..60ab326a20 100644
--- a/lib/inets/src/http_server/httpd_log.erl
+++ b/lib/inets/src/http_server/httpd_log.erl
@@ -24,68 +24,110 @@
 -export([access_entry/8, error_entry/5, error_report_entry/5, 
 	 security_entry/5]).
 
+
 %%%=========================================================================
 %%%  Internal Application API 
 %%%=========================================================================
-access_entry(Log, NoLog, Info, RFC931, AuthUser, Date, StatusCode, Bytes) ->
-    ConfigDB = Info#mod.config_db,
-    case httpd_util:lookup(ConfigDB, Log) of
-	undefined ->
-	    NoLog;
-	LogRef ->
-	    {_, RemoteHost}
-		= (Info#mod.init_data)#init_data.peername,
-	    RequestLine = Info#mod.request_line,
-	    Headers =  Info#mod.parsed_header,
-	    Entry = do_access_entry(ConfigDB, Headers, RequestLine, 
-				    RemoteHost, RFC931, AuthUser,
-				    Date, StatusCode, Bytes),
-	    {LogRef, Entry}
-    end.
 
-error_entry(Log, NoLog, Info, Date, Reason) ->
-    ConfigDB = Info#mod.config_db,
-    case httpd_util:lookup(ConfigDB, Log) of
-	undefined ->
-	    NoLog;
-	LogRef ->
-	    {_, RemoteHost} =
-		(Info#mod.init_data)#init_data.peername,
-	    URI = Info#mod.request_uri,
-	    Entry = do_error_entry(ConfigDB, RemoteHost, URI, Date, Reason), 
-	    {LogRef, Entry}
-    end.
+-spec access_entry(Log        :: term(), % Id of the log
+		   NoLog      :: term(), % What to return when no log is found
+		   Info       :: #mod{},
+		   RFC931     :: string(),
+		   AuthUser   :: string(), 
+		   Date       :: string(), 
+		   StatusCode :: pos_integer(),
+		   Size       :: pos_integer() | string()) ->
+    {Log :: atom() | pid(), Entry :: string()}.
+
+access_entry(Log, NoLog, Info, RFC931, AuthUser, Date, StatusCode, SizeStr) 
+  when is_list(SizeStr) ->
+    Size = 
+	case (catch list_to_integer(SizeStr)) of
+	    I when is_integer(I) ->
+		I;
+	    _ ->
+		SizeStr % This is better then nothing
+	end,
+    access_entry(Log, NoLog, Info, RFC931, AuthUser, Date, StatusCode, Size);
+access_entry(Log, NoLog, 
+	     #mod{config_db     = ConfigDB, 
+		  init_data     = #init_data{peername = {_, RemoteHost}}, 
+		  request_line  = RequestLine,
+		  parsed_header = Headers}, 
+	     RFC931, AuthUser, Date, StatusCode, Size) ->
+    MakeEntry = 
+	fun() ->
+		do_access_entry(ConfigDB, Headers, RequestLine, 
+				RemoteHost, RFC931, AuthUser,
+				Date, StatusCode, Size)
+	end,
+    log_entry(Log, NoLog, ConfigDB, MakeEntry).
+
+
+-spec error_entry(Log    :: term(), % Id of the log
+		  NoLog  :: term(), % What to return when no log is found
+		  Info   :: #mod{},
+		  Date   :: string(), 
+		  Reason :: term()) ->
+    {Log :: atom() | pid(), Entry :: string()}.
+
+error_entry(Log, NoLog, 
+	    #mod{config_db   = ConfigDB,
+		 init_data   = #init_data{peername = {_, RemoteHost}}, 
+		 request_uri = URI}, Date, Reason) ->
+    MakeEntry = 
+	fun() ->
+		do_error_entry(ConfigDB, RemoteHost, URI, Date, Reason)	
+	end,
+    log_entry(Log, NoLog, ConfigDB, MakeEntry).
+
+
+-spec error_report_entry(Log      :: term(), 
+			 NoLog    :: term(), 
+			 ConfigDB :: term(),
+			 Date     :: string(), 
+			 ErrroStr :: string()) ->
+    {Log :: atom() | pid(), Entry :: string()}.
 
 error_report_entry(Log, NoLog, ConfigDb, Date, ErrorStr) ->
-    case httpd_util:lookup(ConfigDb, Log) of
-	undefined ->
-	    NoLog;
-	LogRef ->
-	     Entry = io_lib:format("[~s], ~s~n", [Date, ErrorStr]),
-	     {LogRef, Entry}
-     end.
+    MakeEntry = fun() -> io_lib:format("[~s], ~s~n", [Date, ErrorStr]) end,
+    log_entry(Log, NoLog, ConfigDb, MakeEntry).
+
 
-security_entry(Log, NoLog, #mod{config_db = ConfigDb}, Date, Reason) ->
+-spec security_entry(Log      :: term(), 
+		     NoLog    :: term(), 
+		     ConfigDB :: term(),
+		     Date     :: string(), 
+		     Reason   :: term()) ->
+    {Log :: atom() | pid(), Entry :: string()}.
+
+security_entry(Log, NoLog, #mod{config_db = ConfigDB}, Date, Reason) ->
+    MakeEntry = fun() -> io_lib:format("[~s] ~s~n", [Date, Reason]) end,
+    log_entry(Log, NoLog, ConfigDB, MakeEntry).
+
+
+log_entry(Log, NoLog, ConfigDb, MakeEntry) when is_function(MakeEntry) ->
     case httpd_util:lookup(ConfigDb, Log) of
 	undefined ->
 	    NoLog;
 	LogRef ->
-	    Entry = io_lib:format("[~s] ~s~n", [Date, Reason]),
-	    {LogRef, Entry}
+	    {LogRef, MakeEntry()}
     end.
-
+   
+    
 %%%========================================================================
 %%% Internal functions
 %%%========================================================================
+
 do_access_entry(ConfigDB, Headers, RequestLine,
-	     RemoteHost, RFC931, AuthUser, Date, StatusCode,
-	     Bytes) ->
+		RemoteHost, RFC931, AuthUser, Date, StatusCode,
+		Size) ->
     case httpd_util:lookup(ConfigDB, log_format, common) of
 	common ->
 	    lists:flatten(io_lib:format("~s ~s ~s [~s] \"~s\" ~w ~w~n",
 			  [RemoteHost, RFC931, AuthUser, Date,
 			   RequestLine, 
-			   StatusCode, Bytes]));
+			   StatusCode, Size]));
 	combined ->
 	    Referer = 
 		proplists:get_value("referer", Headers, "-"),
@@ -94,7 +136,7 @@ do_access_entry(ConfigDB, Headers, RequestLine,
 				    Headers, "-"),
 	    io_lib:format("~s ~s ~s [~s] \"~s\" ~w ~w ~s ~s~n",
 			  [RemoteHost, RFC931, AuthUser, Date,
-			   RequestLine, StatusCode, Bytes, 
+			   RequestLine, StatusCode, Size, 
 			   Referer, UserAgent])
     end.
 
diff --git a/lib/inets/src/http_server/httpd_request_handler.erl b/lib/inets/src/http_server/httpd_request_handler.erl
index d2f22fce93..b62c10bbc7 100644
--- a/lib/inets/src/http_server/httpd_request_handler.erl
+++ b/lib/inets/src/http_server/httpd_request_handler.erl
@@ -162,7 +162,14 @@ continue_init(Manager, ConfigDB, SocketType, Socket, TimeOut) ->
 %%                                      {stop, Reason, State}
 %% Description: Handling call messages
 %%--------------------------------------------------------------------
-handle_call(Request, From, State) ->
+handle_call(Request, From, #state{mod = ModData} = State) ->
+    Error = 
+	lists:flatten(
+	  io_lib:format("Unexpected request: "
+			"~n~p"
+			"~nto request handler (~p) from ~p"
+			"~n", [Request, self(), From])),
+    error_log(Error, ModData),
     {stop, {call_api_violation, Request, From}, State}.
 
 %%--------------------------------------------------------------------
@@ -171,8 +178,15 @@ handle_call(Request, From, State) ->
 %%                                      {stop, Reason, State}
 %% Description: Handling cast messages
 %%--------------------------------------------------------------------
-handle_cast(Msg, State) ->
-    {reply, {cast_api_violation, Msg}, State}.
+handle_cast(Msg, #state{mod = ModData} = State) ->
+    Error = 
+	lists:flatten(
+	  io_lib:format("Unexpected message: "
+			"~n~p"
+			"~nto request handler (~p)"
+			"~n", [Msg, self()])),
+    error_log(Error, ModData),
+    {noreply, State}.
 
 %%--------------------------------------------------------------------
 %% handle_info(Info, State) -> {noreply, State} |
@@ -253,7 +267,10 @@ handle_info(timeout, #state{mod = ModData} = State) ->
 %% Default case
 handle_info(Info, #state{mod = ModData} = State) ->
     Error = lists:flatten(
-	      io_lib:format("Unexpected message received: ~n~p~n", [Info])),
+	      io_lib:format("Unexpected info: "
+			    "~n~p"
+			    "~nto request handler (~p)"
+			    "~n", [Info, self()])),
     error_log(Error, ModData),
     {noreply, State}.
 
diff --git a/lib/inets/src/http_server/mod_log.erl b/lib/inets/src/http_server/mod_log.erl
index 62faa285df..a912f5616c 100644
--- a/lib/inets/src/http_server/mod_log.erl
+++ b/lib/inets/src/http_server/mod_log.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/inets/src/http_server/mod_responsecontrol.erl b/lib/inets/src/http_server/mod_responsecontrol.erl
index 989f45db20..6af5f6211e 100644
--- a/lib/inets/src/http_server/mod_responsecontrol.erl
+++ b/lib/inets/src/http_server/mod_responsecontrol.erl
@@ -211,7 +211,7 @@ compare_etags(Tag,Etags) ->
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%                                                                  %%
-%% Control if the file is modificated                               %%
+%% Control if the file is modified                                  %%
 %%                                                                  %%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%	    
 
diff --git a/lib/inets/src/inets_app/Makefile b/lib/inets/src/inets_app/Makefile
index 63ab0a5bae..d99e33b4ea 100644
--- a/lib/inets/src/inets_app/Makefile
+++ b/lib/inets/src/inets_app/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2005-2010. All Rights Reserved.
+# Copyright Ericsson AB 2005-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/inets/src/inets_app/inets.app.src b/lib/inets/src/inets_app/inets.app.src
index 4d0defb329..1db7ed2c30 100644
--- a/lib/inets/src/inets_app/inets.app.src
+++ b/lib/inets/src/inets_app/inets.app.src
@@ -1,7 +1,7 @@
 %% This is an -*- erlang -*- file.
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/inets/src/inets_app/inets.appup.src b/lib/inets/src/inets_app/inets.appup.src
index 779dd8e439..e80cb2a23b 100644
--- a/lib/inets/src/inets_app/inets.appup.src
+++ b/lib/inets/src/inets_app/inets.appup.src
@@ -1,7 +1,7 @@
 %% This is an -*- erlang -*- file.
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -18,6 +18,15 @@
 
 {"%VSN%",
  [
+  {"5.8",
+   [
+    {load_module, ftp, soft_purge, soft_purge, []}, 
+    {update, httpc_handler, {advanced, upgrade_from_pre_5_8_1}, 
+     soft_purge, soft_purge, []}, 
+    {update, httpc_manager, {advanced, upgrade_from_pre_5_8_1}, 
+     soft_purge, soft_purge, [httpc_handler]}
+   ]
+  }, 
   {"5.7.2", 
    [
     {restart_application, inets}
@@ -40,6 +49,15 @@
   } 
  ],
  [
+  {"5.8",
+   [
+    {load_module, ftp, soft_purge, soft_purge, []}, 
+    {update, httpc_handler, {advanced, upgrade_from_pre_5_8_1}, 
+     soft_purge, soft_purge, []}, 
+    {update, httpc_manager, {advanced, upgrade_from_pre_5_8_1}, 
+     soft_purge, soft_purge, [httpc_handler]}
+   ]
+  }, 
   {"5.7.2", 
    [
     {restart_application, inets}
diff --git a/lib/inets/src/inets_app/inets.mk b/lib/inets/src/inets_app/inets.mk
index 35fb0d7eca..194b4ca2b1 100644
--- a/lib/inets/src/inets_app/inets.mk
+++ b/lib/inets/src/inets_app/inets.mk
@@ -2,7 +2,7 @@
 
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2010. All Rights Reserved.
+# Copyright Ericsson AB 2010-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/inets/src/tftp/tftp.erl b/lib/inets/src/tftp/tftp.erl
index 8d8fce388d..0d7ae1a89e 100644
--- a/lib/inets/src/tftp/tftp.erl
+++ b/lib/inets/src/tftp/tftp.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2005-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/inets/test/httpc_SUITE.erl b/lib/inets/test/httpc_SUITE.erl
index d86e52f3d5..881266b70a 100644
--- a/lib/inets/test/httpc_SUITE.erl
+++ b/lib/inets/test/httpc_SUITE.erl
@@ -90,6 +90,7 @@ all() ->
      parse_url, 
      options,
      headers_as_is, 
+     selecting_session, 
      {group, proxy}, 
      {group, ssl}, 
      {group, stream}, 
@@ -145,14 +146,6 @@ groups() ->
     ].
 
 
-
-init_per_group(_GroupName, Config) ->
-    Config.
-
-end_per_group(_GroupName, Config) ->
-    Config.
-
-
 %%--------------------------------------------------------------------
 %% Function: init_per_suite(Config) -> Config
 %% Config - [tuple()]
@@ -226,9 +219,7 @@ init_per_testcase(initial_server_connect = Case, Config) ->
     %% this test case does not work unless it does
     try 
 	begin
-	    ensure_started(crypto),
-	    ensure_started(public_key),
-	    ensure_started(ssl),
+	    ?ENSURE_STARTED([crypto, public_key, ssl]),
 	    inets:start(),
 	    Config
 	end
@@ -262,15 +253,17 @@ init_per_testcase(Case, Timeout, Config) ->
 
     %% inets:enable_trace(max, io, httpd),
     %% inets:enable_trace(max, io, httpc),
-    inets:enable_trace(max, io, all),
+    %% inets:enable_trace(max, io, all),
 
     NewConfig = 
 	case atom_to_list(Case) of
 	    [$s, $s, $l | _] ->
+		?ENSURE_STARTED([crypto, public_key, ssl]), 
 		init_per_testcase_ssl(ssl, PrivDir, SslConfFile, 
 				      [{watchdog, Dog} | TmpConfig]);
 
 	    [$e, $s, $s, $l | _] ->
+		?ENSURE_STARTED([crypto, public_key, ssl]), 
 		init_per_testcase_ssl(essl, PrivDir, SslConfFile, 
 				      [{watchdog, Dog} | TmpConfig]);
 
@@ -282,7 +275,7 @@ init_per_testcase(Case, Timeout, Config) ->
 			inets:start(),
 			tsp("init_per_testcase -> "
 			    "[proxy case] start crypto, public_key and ssl"),
-			try ensure_started([crypto, public_key, ssl]) of
+			try ?ENSURE_STARTED([crypto, public_key, ssl]) of
 			    ok ->
 				[{watchdog, Dog} | TmpConfig]
 			catch 
@@ -335,8 +328,8 @@ init_per_testcase(Case, Timeout, Config) ->
 		end;
 
 	    "ipv6_" ++ _Rest ->
-		%% Ensure needed apps (crypto, public_key and ssl) started
-		try ensure_started([crypto, public_key, ssl]) of
+		%% Ensure needed apps (crypto, public_key and ssl) are started
+		try ?ENSURE_STARTED([crypto, public_key, ssl]) of
 		    ok ->
 			Profile = ipv6, 
 			%% A stand-alone profile is represented by a pid()
@@ -370,7 +363,7 @@ init_per_testcase(Case, Timeout, Config) ->
     
     %% This will fail for the ipv6_ - cases (but that is ok)
     ProxyExceptions = ["localhost", ?IPV6_LOCAL_HOST], 
-    http:set_options([{proxy, {{?PROXY, ?PROXY_PORT}, ProxyExceptions}}]),
+    httpc:set_options([{proxy, {{?PROXY, ?PROXY_PORT}, ProxyExceptions}}]),
     inets:enable_trace(max, io, httpc),
     %% inets:enable_trace(max, io, all),
     %% snmp:set_trace([gen_tcp]),
@@ -1773,6 +1766,7 @@ http_stream(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
+
 http_stream_once(doc) ->
     ["Test the option stream for asynchrony requests"];
 http_stream_once(suite) ->
@@ -1780,12 +1774,12 @@ http_stream_once(suite) ->
 http_stream_once(Config) when is_list(Config) ->
     p("http_stream_once -> entry with"
       "~n   Config: ~p", [Config]),
-      
+
     p("http_stream_once -> set ipfamily to inet", []),
     ok = httpc:set_options([{ipfamily, inet}]),
     p("http_stream_once -> start dummy server", []),
     {DummyServerPid, Port} = dummy_server(ipv4),    
-    
+
     PortStr =  integer_to_list(Port),
     p("http_stream_once -> once", []),
     once(?URL_START ++ PortStr ++ "/once.html"),
@@ -1793,14 +1787,14 @@ http_stream_once(Config) when is_list(Config) ->
     once(?URL_START ++ PortStr ++ "/once_chunked.html"),
     p("http_stream_once -> dummy", []),
     once(?URL_START ++ PortStr ++ "/dummy.html"),
-    
+
     p("http_stream_once -> stop dummy server", []),
     DummyServerPid ! stop,
     p("http_stream_once -> set ipfamily to inet6fb4", []),
     ok = httpc:set_options([{ipfamily, inet6fb4}]), 
     p("http_stream_once -> done", []),
     ok.
-  
+
 once(URL) ->
     p("once -> issue sync request for ~p", [URL]),
     {ok, {{_,200,_}, [_ | _], Body}} = 
@@ -2009,6 +2003,7 @@ ipv6(SocketType, Scheme, HTTPOptions, Extra, Config) ->
 
 
 %%-------------------------------------------------------------------------
+
 headers_as_is(doc) ->
     ["Test the option headers_as_is"];
 headers_as_is(suite) ->
@@ -2026,6 +2021,321 @@ headers_as_is(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
+
+selecting_session(doc) ->
+    ["Test selection of sessions - OTP-9847"];
+selecting_session(suite) ->
+    [];
+selecting_session(Config) when is_list(Config) ->
+    tsp("selecting_session -> entry with"
+	"~n   Config: ~p", [Config]),
+
+    tsp("selecting_session -> set ipfamily to inet"),
+    ok = httpc:set_options([{ipfamily, inet}]),
+
+    tsp("selecting_session -> start server"),
+    {ServerPid, Port} = otp_9847_server(),    
+
+    PortStr = integer_to_list(Port),
+    URL     = ?URL_START ++ PortStr ++ "/index.html",
+     
+    tsp("selecting_session -> issue the first batch (three) requests"),
+    lists:foreach(fun(P) -> 
+			  tsp("selecting_session:fun1 -> "
+			      "send stop request to ~p", [P]),
+			  P ! stop 
+		  end, 
+		  reqs(URL, ServerPid, 3, 3, false)),
+    tsp("selecting_session -> sleep some (1) to make sure nothing lingers"),
+    ?SLEEP(5000),
+    tsp("selecting_session -> "
+	"instruct the server to reply to the first request"),
+    ServerPid ! {answer, true}, 
+    receive
+	{answer, true} ->
+	    tsp("selecting_session -> "
+		"received ack from server to reply to the first request"),
+	    ok
+    end,
+    tsp("selecting_session -> issue the second batch (four) requests"),
+    lists:foreach(fun(P) -> 
+			  tsp("selecting_session:fun2 -> "
+			      "send stop request to ~p", [P]),
+			  P ! stop 
+		  end, 
+		  reqs(URL, ServerPid, 4, 1, true)),
+    tsp("selecting_session -> sleep some (2) to make sure nothing lingers"),
+    ?SLEEP(5000),
+
+    tsp("selecting_session -> stop server"),
+    ServerPid ! stop,
+    tsp("selecting_session -> set ipfamily (back) to inet6fb4"),
+    ok = httpc:set_options([{ipfamily, inet6fb4}]), 
+    tsp("selecting_session -> done"),
+    ok.
+
+reqs(URL, ServerPid, NumReqs, NumHandlers, InitialSync) ->
+    tsp("reqs -> entry with"
+	"~n   URL:         ~p"
+	"~n   ServerPid:   ~w"
+	"~n   NumReqs:     ~w"
+	"~n   NumHandlers: ~w"
+	"~n   InitialSync: ~w", 
+	[URL, ServerPid, NumReqs, NumHandlers, InitialSync]),
+    Handlers = reqs2(URL, NumReqs, [], InitialSync),
+    tsp("reqs -> "
+	"~n   Handlers: ~w", [Handlers]),
+    case length(Handlers) of
+	NumHandlers ->
+	    tsp("reqs -> "
+		"~n   NumHandlers: ~w", [NumHandlers]),
+	    ServerPid ! num_handlers, 
+	    receive
+		{num_handlers, NumHandlers} ->
+		    tsp("reqs -> received num_handlers with"
+			"~n   NumHandlers: ~w", [NumHandlers]),
+		    Handlers;
+		{num_handlers, WrongNumHandlers} ->
+		    tsp("reqs -> received num_handlers with"
+			"~n   WrongNumHandlers: ~w", [WrongNumHandlers]),
+		    exit({wrong_num_handlers1, WrongNumHandlers, NumHandlers})
+	    end;
+	WrongNumHandlers ->
+	    tsp("reqs -> "
+		"~n   WrongNumHandlers: ~w", [WrongNumHandlers]),
+	    exit({wrong_num_handlers2, WrongNumHandlers, NumHandlers})
+    end.
+	    
+
+reqs2(_URL, 0, Acc, _Sync) ->
+    lists:reverse(Acc);
+reqs2(URL, Num, Acc, Sync) ->
+    tsp("reqs2 -> entry with"
+	"~n   Num:  ~w"
+	"~n   Sync: ~w", [Num, Sync]),
+    case httpc:request(get, {URL, []}, [], [{sync, Sync}]) of
+	{ok, _Reply} ->
+	    tsp("reqs2 -> successful request: ~p", [_Reply]),
+	    receive
+		{handler, Handler, _Manager} ->
+		    %% This is when a new handler is created
+		    tsp("reqs2 -> received handler: ~p", [Handler]),
+		    case lists:member(Handler, Acc) of
+			true ->
+			    tsp("reqs2 -> duplicate handler"),
+			    exit({duplicate_handler, Handler, Num, Acc});
+			false ->
+			    tsp("reqs2 -> wait for data ack"),
+			    receive
+				{data_received, Handler} ->
+				    tsp("reqs2 -> "
+					"received data ack from ~p", [Handler]),
+				    case Sync of
+					true ->
+					    reqs2(URL, Num-1, [Handler|Acc], 
+						  false);
+					false ->
+					    reqs2(URL, Num-1, [Handler|Acc], 
+						  Sync)
+				    end
+			    end
+		    end;
+
+		{data_received, Handler} ->
+		    tsp("reqs2 -> "
+			"received data ack from ~p", [Handler]),
+		    reqs2(URL, Num-1, Acc, false)
+
+	    end;
+
+	{error, Reason} ->
+	    tsp("reqs2 -> request ~w failed: ~p", [Num, Reason]),
+	    exit({request_failed, Reason, Num, Acc})
+    end.
+
+otp_9847_server() ->
+    TC  = self(), 
+    Pid = spawn_link(fun() -> otp_9847_server_init(TC) end),
+    receive
+	{port, Port} ->
+	    {Pid, Port}
+    end.
+
+otp_9847_server_init(TC) ->
+    tsp("otp_9847_server_init -> entry with"
+	"~n   TC: ~p", [TC]),
+    {ok, ListenSocket} = 
+	gen_tcp:listen(0, [binary, inet, {packet, 0},
+			   {reuseaddr,true},
+			   {active, false}]),
+    tsp("otp_9847_server_init -> listen socket created: "
+	"~n   ListenSocket: ~p", [ListenSocket]),
+    {ok, Port} = inet:port(ListenSocket),
+    tsp("otp_9847_server_init -> Port: ~p", [Port]),
+    TC ! {port, Port},
+    otp_9847_server_main(TC, ListenSocket, false, []).
+
+otp_9847_server_main(TC, ListenSocket, Answer, Handlers) ->
+    tsp("otp_9847_server_main -> entry with"
+	"~n   TC:           ~p"
+	"~n   ListenSocket: ~p"
+	"~n   Answer:       ~p"
+	"~n   Handlers:     ~p", [TC, ListenSocket, Answer, Handlers]),
+    case gen_tcp:accept(ListenSocket, 1000) of
+	{ok, Sock} ->
+	    tsp("otp_9847_server_main -> accepted"
+		"~n   Sock: ~p", [Sock]),
+	    {Handler, Mon, Port} = otp_9847_handler(TC, Sock, Answer), 
+	    tsp("otp_9847_server_main -> handler ~p created for ~w", 
+		[Handler, Port]),
+	    gen_tcp:controlling_process(Sock, Handler),
+	    tsp("otp_9847_server_main -> control transfer"),
+	    Handler ! owner, 
+	    tsp("otp_9847_server_main -> "
+		"handler ~p informed of owner transfer", [Handler]),
+	    TC ! {handler, Handler, self()}, 
+	    tsp("otp_9847_server_main -> "
+		"TC ~p informed of handler ~p", [TC, Handler]),
+	    otp_9847_server_main(TC, ListenSocket, Answer, 
+				 [{Handler, Mon, Sock, Port}|Handlers]);
+
+	{error, timeout} ->
+	    tsp("otp_9847_server_main -> timeout"),
+	    receive 
+		{answer, true} ->
+		    tsp("otp_9847_server_main -> received answer request"),
+		    TC ! {answer, true}, 
+		    otp_9847_server_main(TC, ListenSocket, true, Handlers);
+
+		{'DOWN', _Mon, process, Pid, _Reason} ->
+		    %% Could be one of the handlers
+		    tsp("otp_9847_server_main -> received DOWN for ~p", [Pid]),
+		    otp_9847_server_main(TC, ListenSocket, Answer, 
+					 lists:keydelete(Pid, 1, Handlers));
+
+		num_handlers ->
+		    tsp("otp_9847_server_main -> "
+			"received request for number of handlers (~w)", 
+			[length(Handlers)]),
+		    TC ! {num_handlers, length(Handlers)}, 
+		    otp_9847_server_main(TC, ListenSocket, Answer, Handlers);
+
+		stop ->
+		    tsp("otp_9847_server_main -> received stop request"),
+		    %% Stop all handlers (just in case)
+		    Pids = [Handler || {Handler, _, _} <- Handlers], 
+		    lists:foreach(fun(Pid) -> Pid ! stop end, Pids),
+		    exit(normal);
+
+		Any ->
+		    tsp("otp_9847_server_main -> received"
+			"~n   Any: ~p", [Any]),
+		    exit({crap, Any})
+
+	    after 0 ->
+		    tsp("otp_9847_server_main -> nothing in queue"),
+		    otp_9847_server_main(TC, ListenSocket, Answer, Handlers)
+	    end;
+
+	Error ->
+	    exit(Error)
+    end.
+
+
+otp_9847_handler(TC, Sock, Answer) ->
+    tsp("otp_9847_handler -> entry with"
+	"~n   TC:     ~p" 
+	"~n   Sock:   ~p" 
+	"~n   Answer: ~p", [TC, Sock, Answer]),
+    Self = self(), 
+    {Pid, Mon} = 
+	spawn_opt(fun() -> 
+			  otp_9847_handler_init(TC, Self, Sock, Answer) 
+		  end, 
+		  [monitor]),
+    receive
+	{port, Port} ->
+	    tsp("otp_9847_handler -> received port message (from ~p)"
+		"~n   Port: ~p", [Pid, Port]),
+	    {Pid, Mon, Port}
+    end.
+    
+
+otp_9847_handler_init(TC, Server, Sock, Answer) ->
+    tsp("otp_9847_handler_init -> entry with"
+	"~n   TC:     ~p" 
+	"~n   Server: ~p" 
+	"~n   Sock:   ~p" 
+	"~n   Answer: ~p", [TC, Server, Sock, Answer]),
+    {ok, Port} = inet:port(Sock),
+    Server ! {port, Port},
+    receive 
+	owner ->
+	    tsp("otp_9847_handler_init -> "
+		"received owner message - activate socket"),
+	    inet:setopts(Sock, [{active, true}]),
+	    otp_9847_handler_main(TC, Server, Sock, Answer, [?HTTP_MAX_HEADER_SIZE])
+    end.
+    
+otp_9847_handler_main(TC, Server, Sock, Answer, ParseArgs) ->
+    tsp("otp_9847_handler_main -> entry with"
+	"~n   TC:        ~p" 
+	"~n   Server:    ~p" 
+	"~n   Sock:      ~p" 
+	"~n   Answer:    ~p"
+	"~n   ParseArgs: ~p", [TC, Server, Sock, Answer, ParseArgs]),
+    receive
+	stop ->
+	    tsp("otp_9847_handler_main -> received stop request"),
+	    exit(normal);
+
+	{tcp, Sock, _Data} when Answer =:= false ->
+	    tsp("otp_9847_handler_main -> received tcp data - no answer"),
+	    TC ! {data_received, self()}, 
+	    inet:setopts(Sock, [{active, true}]),
+	    %% Ignore all data
+	    otp_9847_handler_main(TC, Server, Sock, Answer, ParseArgs);
+
+	{tcp, Sock, Data} when Answer =:= true ->
+	    tsp("otp_9847_handler_main -> received tcp data - answer"),
+	    TC ! {data_received, self()}, 
+	    inet:setopts(Sock, [{active, true}]),
+	    NewParseArgs = otp_9847_handler_request(Sock, [Data|ParseArgs]), 
+	    otp_9847_handler_main(TC, Server, Sock, Answer, NewParseArgs);
+
+	{tcp_closed, Sock} ->
+	    tsp("otp_9847_handler_main -> received tcp socket closed"),
+	    exit(normal);
+
+	{tcp_error, Sock, Reason} ->
+	    tsp("otp_9847_handler_main -> socket error: ~p", [Reason]),
+	    (catch gen_tcp:close(Sock)),
+	    exit(normal)
+
+    %% after 30000 ->
+    %% 	    gen_tcp:close(Sock),
+    %% 	    exit(normal)
+    end.
+    
+otp_9847_handler_request(Sock, Args) ->
+    Msg = 
+	case httpd_request:parse(Args) of
+	    {ok, {_, "/index.html" = _RelUrl, _, _, _}} ->
+		B = 
+		    "<HTML><BODY>" ++ 
+		    "...some body part..." ++ 
+		    "</BODY></HTML>", 
+		Len = integer_to_list(length(B)), 
+		"HTTP/1.1 200 ok\r\n" ++
+		    "Content-Length:" ++ Len ++ "\r\n\r\n" ++ B
+	end,
+    gen_tcp:send(Sock, Msg),
+    [?HTTP_MAX_HEADER_SIZE].
+	    
+
+
+%%-------------------------------------------------------------------------
+
 options(doc) ->
     ["Test the option parameters."];
 options(suite) ->
@@ -2050,6 +2360,7 @@ options(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
+
 http_invalid_http(doc) ->
     ["Test parse error"];
 http_invalid_http(suite) ->
@@ -2863,6 +3174,7 @@ otp_8739_dummy_server_main(_Parent, ListenSocket) ->
 	    exit(Error)
     end.
 
+
 %%-------------------------------------------------------------------------
 
 initial_server_connect(doc) ->
@@ -3553,21 +3865,5 @@ dummy_ssl_server_hang_loop(_) ->
     end.
 
 
-ensure_started([]) ->
-    ok;
-ensure_started([App|Apps]) ->
-    ensure_started(App),
-    ensure_started(Apps);
-ensure_started(App) when is_atom(App) ->
-    case (catch application:start(App)) of
-	ok ->
-	    ok;
-	{error, {already_started, _}} ->
-	    ok;
-	Error ->
-	    throw({error, {failed_starting, App, Error}})
-    end.
-
-
 skip(Reason) ->
     {skip, Reason}.
diff --git a/lib/inets/test/httpd_SUITE.erl b/lib/inets/test/httpd_SUITE.erl
index ba31788ccc..a4bb8f7159 100644
--- a/lib/inets/test/httpd_SUITE.erl
+++ b/lib/inets/test/httpd_SUITE.erl
@@ -497,6 +497,7 @@ init_per_testcase2(Case, Config) ->
 		    _ ->
 			NewConfig
 		end;
+
 	    _ ->
 		NewConfig
 	end,
@@ -528,7 +529,7 @@ init_per_testcase3(Case, Config) ->
     application:stop(ssl),
     cleanup_mnesia(),
 
-    %% Set trace
+    %% Set trace level
     case lists:reverse(atom_to_list(Case)) of
 	"tset_emit" ++ _Rest -> % test-cases ending with time_test
 	    io:format(user, "~w:init_per_testcase3(~w) -> disabling trace", 
@@ -581,9 +582,10 @@ init_per_testcase3(Case, Config) ->
 		Rest;
 
 	    [X, $s, $s, $l, $_, $m, $o, $d, $_, $h, $t, $a, $c, $c, $e, $s, $s] ->
+		?ENSURE_STARTED([crypto, public_key, ssl]),		
 		SslTag = 
 		    case X of
-			$p -> ssl;  % plain
+			$p -> ssl;  % Plain
 			$e -> essl  % Erlang based ssl
 		    end,
 		case inets_test_lib:start_http_server_ssl(
@@ -597,6 +599,7 @@ init_per_testcase3(Case, Config) ->
 			{skip, "SSL does not seem to be supported"}
 		end;
 	    [X, $s, $s, $l, $_ | Rest] ->
+		?ENSURE_STARTED([crypto, public_key, ssl]),		
 		SslTag = 
 		    case X of
 			$p -> ssl;
@@ -679,36 +682,6 @@ end_per_testcase2(Case, Config) ->
 %%-------------------------------------------------------------------------
 
 %%-------------------------------------------------------------------------
-
-
-
-
-
-
-%%-------------------------------------------------------------------------
-http_1_1_ip(doc) ->
-    ["HTTP/1.1"];
-http_1_1_ip(suite) ->
-    [
-     ip_host, 
-     ip_chunked, 
-     ip_expect, 
-     ip_range, 
-     ip_if_test, 
-     ip_http_trace,
-     ip_http1_1_head, 
-     ip_mod_cgi_chunked_encoding_test
-    ].
-
-%%-------------------------------------------------------------------------
-
-%%-------------------------------------------------------------------------
-
-%%-------------------------------------------------------------------------
-
-%%-------------------------------------------------------------------------
-
-%%-------------------------------------------------------------------------
 ip_mod_alias(doc) -> 
     ["Module test: mod_alias"];
 ip_mod_alias(suite) -> 
@@ -717,6 +690,7 @@ ip_mod_alias(Config) when is_list(Config) ->
     httpd_mod:alias(ip_comm, ?IP_PORT, 
 		    ?config(host, Config), ?config(node, Config)),
     ok.
+
 %%-------------------------------------------------------------------------
 ip_mod_actions(doc) -> 
     ["Module test: mod_actions"];
@@ -726,6 +700,7 @@ ip_mod_actions(Config) when is_list(Config) ->
     httpd_mod:actions(ip_comm, ?IP_PORT, 
 		      ?config(host, Config), ?config(node, Config)),
     ok.
+
 %%-------------------------------------------------------------------------
 ip_mod_security(doc) -> 
     ["Module test: mod_security"];
@@ -2252,6 +2227,7 @@ ticket_5865(doc) ->
 ticket_5865(suite) ->
     [];
 ticket_5865(Config) ->
+    ?SKIP(as_of_r15_behaviour_of_calendar_has_changed),
     Host = ?config(host,Config),
     ServerRoot = ?config(server_root, Config), 
     DocRoot = filename:join([ServerRoot, "htdocs"]),
diff --git a/lib/inets/test/httpd_test_lib.erl b/lib/inets/test/httpd_test_lib.erl
index 1c7bb512cc..2f5867559a 100644
--- a/lib/inets/test/httpd_test_lib.erl
+++ b/lib/inets/test/httpd_test_lib.erl
@@ -80,14 +80,18 @@
 %% API
 %%------------------------------------------------------------------
 verify_request(SocketType, Host, Port, Node, RequestStr, Options) ->
-    verify_request(SocketType, Host, Port, Node, RequestStr, Options, 30000).
+    verify_request(SocketType, Host, Port, Node, RequestStr, 
+		   Options, 30000).
 verify_request(SocketType, Host, Port, TranspOpts, Node, RequestStr, Options) 
   when is_list(TranspOpts) ->
-    verify_request(SocketType, Host, Port, TranspOpts, Node, RequestStr, Options, 30000);
+    verify_request(SocketType, Host, Port, TranspOpts, Node, RequestStr, 
+		   Options, 30000);
 verify_request(SocketType, Host, Port, Node, RequestStr, Options, TimeOut) 
   when (is_integer(TimeOut) orelse (TimeOut =:= infinity)) ->
-    verify_request(SocketType, Host, Port, [], Node, RequestStr, Options, TimeOut).
-verify_request(SocketType, Host, Port, TranspOpts, Node, RequestStr, Options, TimeOut) ->
+    verify_request(SocketType, Host, Port, [], Node, RequestStr, 
+		   Options, TimeOut).
+verify_request(SocketType, Host, Port, TranspOpts, Node, RequestStr, 
+	       Options, TimeOut) ->
     tsp("verify_request -> entry with"
 	"~n   SocketType: ~p"
 	"~n   Host:       ~p"
@@ -259,10 +263,10 @@ validate(RequestStr, #state{status_line = {Version, StatusCode, _},
 			    headers     = Headers, 
 			    body        = Body}, Options, N, P) ->
     
-    %% tsp("validate -> entry with"
-    %% 	"~n   StatusCode: ~p"
-    %% 	"~n   Headers:    ~p"
-    %% 	"~n   Body:       ~p", [StatusCode, Headers, Body]),
+    tsp("validate -> entry with"
+     	"~n   StatusCode: ~p"
+	"~n   Headers:    ~p"
+	"~n   Body:       ~p", [StatusCode, Headers, Body]),
 
     check_version(Version, Options),
     case lists:keysearch(statuscode, 1, Options) of
@@ -320,9 +324,9 @@ do_validate(Header, [{header, HeaderField}|Rest], N, P) ->
 	{value, {LowerHeaderField, _Value}} ->
 	    ok;
 	false ->
-	    test_server:fail({missing_header_field, LowerHeaderField, Header});
+	    tsf({missing_header_field, LowerHeaderField, Header});
 	_ ->
-	    test_server:fail({missing_header_field, LowerHeaderField, Header})
+	    tsf({missing_header_field, LowerHeaderField, Header})
     end,
     do_validate(Header, Rest, N, P);
 do_validate(Header, [{header, HeaderField, Value}|Rest],N,P) ->
@@ -331,18 +335,15 @@ do_validate(Header, [{header, HeaderField, Value}|Rest],N,P) ->
 	{value, {LowerHeaderField, Value}} ->
 	    ok;
 	false ->
-	    test_server:fail({wrong_header_field_value, LowerHeaderField, 
-			      Header});
+	    tsf({wrong_header_field_value, LowerHeaderField, Header});
 	_ ->
-	    test_server:fail({wrong_header_field_value, LowerHeaderField, 
-			      Header})
+	    tsf({wrong_header_field_value, LowerHeaderField, Header})
     end,
     do_validate(Header, Rest, N, P);
 do_validate(Header,[{no_last_modified, HeaderField}|Rest],N,P) ->
     case lists:keysearch(HeaderField,1,Header) of
 	{value,_} ->
-	    test_server:fail({wrong_header_field_value, HeaderField, 
-			      Header});
+	    tsf({wrong_header_field_value, HeaderField, Header});
 	_ ->
 	    ok
     end,
diff --git a/lib/inets/test/httpd_time_test.erl b/lib/inets/test/httpd_time_test.erl
index c54674be36..0bb457f9b9 100644
--- a/lib/inets/test/httpd_time_test.erl
+++ b/lib/inets/test/httpd_time_test.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2001-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -333,51 +333,82 @@ poll(Error, _SocketType, _URI, _ExpRes) ->
     exit({failed_creating_socket, Error}).
 
 await_poll_response(ok, SocketType, Socket, ExpStatusCode) ->
+    await_poll_response2(SocketType, Socket, ExpStatusCode, []);
+await_poll_response(Error, _SocketType, _Socket, _ExpStatusCode) ->
+    exit(Error).
+
+%% The reply *can* be split into two messages (this is a 
+%% result of OTP-9757 for ssl), so we read them all until 
+%% the sockets closes, then we analyze the response.
+await_poll_response2(SocketType, Socket, ExpStatusCode, Data) ->
     receive 
 	%% SSL receives
-	{ssl, Socket, Data} ->
-            validate(ExpStatusCode, SocketType, Socket, Data);
-	{ssl_closed, Socket} ->
-	    exit(connection_closed);
+	{ssl, Socket, NewData} ->
+	    d("await_poll_response2 -> "
+	      "received part (~w bytes) of the response", [sz(NewData)]),
+            await_poll_response2(SocketType, Socket, ExpStatusCode, 
+				 [NewData | Data]);
+	{ssl_closed, Socket} -> 
+	    %% We are done or we failed
+	    d("await_poll_response2 -> "
+	      "we are done after receiving ~w bytes data", [sz(Data)]),
+	    validate(ExpStatusCode, SocketType, Socket, 
+		     lists:flatten(lists:reverse(Data)));
 	{ssl_error, Socket, Error} ->
 	    exit({connection_error, Error});
 
 	%% TCP receives
-        {tcp, Socket, Response} ->
-            validate(ExpStatusCode, SocketType, Socket, Response);
+        {tcp, Socket, NewData} ->
+	    d("await_poll_response2 -> "
+	      "received part (~w bytes) of the response", [sz(NewData)]),
+            await_poll_response2(SocketType, Socket, ExpStatusCode, 
+				 [NewData | Data]);
         {tcp_closed, Socket} ->
-            exit(connection_closed);
+	    %% We are done or we failed
+	    d("await_poll_response2 -> "
+	      "we are done after receiving ~w bytes data", [sz(Data)]),
+	    validate(ExpStatusCode, SocketType, Socket, 
+		     lists:flatten(lists:reverse(Data)));
 	{tcp_error, Socket, Error} ->
 	    exit({connection_error, Error})
 
     after 10000 ->
-            exit(response_timed_out)
-    end;
-await_poll_response(Error, _SocketType, _Socket, _ExpStatusCode) ->
-    exit(Error).
-
+	    d("we timed out while waiting for response, "
+	      "validate whatever we got so far"),
+	    validate(ExpStatusCode, SocketType, Socket, 
+		     lists:flatten(lists:reverse(Data)))
+	    %% exit(response_timed_out)
+    end.
 
-validate(ExpStatusCode, SocketType, Socket, Response) ->
-    Sz = sz(Response),
-    trash_the_rest(Socket, Sz),
-    inets_test_lib:close(SocketType, Socket),
+validate(ExpStatusCode, _SocketType, _Socket, Response) ->
+    %% Sz = sz(Response),
+    %% trash_the_rest(Socket, Sz),
+    %% inets_test_lib:close(SocketType, Socket),
     case inets_regexp:split(Response," ") of
-        {ok,["HTTP/1.0", ExpStatusCode|_]} ->
+        {ok, ["HTTP/1.0", ExpStatusCode|_]} ->
             ok;
-        {ok,["HTTP/1.0", StatusCode|_]} -> 
+        {ok, ["HTTP/1.0", StatusCode|_]} -> 
 	    error_msg("Unexpected status code: ~p (~s). "
 		      "Expected status code: ~p (~s)", 
 		      [StatusCode,    status_to_message(StatusCode),
 		       ExpStatusCode, status_to_message(ExpStatusCode)]),
             exit({unexpected_response_code, StatusCode, ExpStatusCode});
-	{ok,["HTTP/1.1", ExpStatusCode|_]} ->
+	{ok, ["HTTP/1.1", ExpStatusCode|_]} ->
             ok;
-        {ok,["HTTP/1.1", StatusCode|_]} -> 
+        {ok, ["HTTP/1.1", StatusCode|_]} -> 
 	    error_msg("Unexpected status code: ~p (~s). "
 		      "Expected status code: ~p (~s)", 
 		      [StatusCode,    status_to_message(StatusCode),
 		       ExpStatusCode, status_to_message(ExpStatusCode)]),
-            exit({unexpected_response_code, StatusCode, ExpStatusCode})
+            exit({unexpected_response_code, StatusCode, ExpStatusCode});
+        {ok, Unexpected} -> 
+	    error_msg("Unexpected response split: ~p (~s)", 
+		      [Unexpected, Response]),
+            exit({unexpected_response, Unexpected, Response});
+        {error, Reason} -> 
+	    error_msg("Failed processing response: ~p (~s)", 
+		      [Reason, Response]),
+            exit({failed_response_processing, Reason, Response})
     end.
 
 
diff --git a/lib/inets/test/inets_app_test.erl b/lib/inets/test/inets_app_test.erl
index 9d7202e087..db2218f3b6 100644
--- a/lib/inets/test/inets_app_test.erl
+++ b/lib/inets/test/inets_app_test.erl
@@ -45,8 +45,7 @@ end_per_testcase(_Case, Config) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 all() -> 
-    [fields, modules, exportall, app_depend,
-     undef_funcs].
+    [fields, modules, exportall, app_depend, undef_funcs].
 
 groups() -> 
     [].
@@ -243,18 +242,11 @@ undef_funcs(doc) ->
 undef_funcs(Config) when is_list(Config) ->
     %% We need to check if there is a point to run this test.
     %% On some platforms, crypto will not build, which in turn
-    %% causes ssl to not to not build (at this time, this will
+    %% causes ssl to not build (at this time, this will
     %% change in the future).
     %% So, we first check if we can start crypto, and if not, 
     %% we skip this test case!
-    case (catch crypto:start()) of
-	ok ->
-	    ok;
-	{error, {already_started, crypto}} ->
-	    ok;
-	_ ->
-	    ?SKIP(crypto_start_check_failed)
-    end, 
+    ?ENSURE_STARTED(crypto), 
     App            = inets,
     AppFile        = key1search(app_file, Config),
     Mods           = key1search(modules, AppFile),
@@ -266,7 +258,7 @@ undef_funcs(Config) when is_list(Config) ->
     ok             = xref:set_default(XRef, 
 				      [{verbose,false},{warnings,false}]),
     XRefName       = undef_funcs_make_name(App, xref_name),
-    {ok, XRefName} = xref:add_release(XRef, Root, {name,XRefName}),
+    {ok, XRefName} = xref:add_release(XRef, Root, {name, XRefName}),
     {ok, App}      = xref:replace_application(XRef, App, EbinDir),
     {ok, Undefs}   = xref:analyze(XRef, undefined_function_calls),
     xref:stop(XRef),
diff --git a/lib/inets/test/inets_test_lib.erl b/lib/inets/test/inets_test_lib.erl
index ddb1a49394..bbed35e1f8 100644
--- a/lib/inets/test/inets_test_lib.erl
+++ b/lib/inets/test/inets_test_lib.erl
@@ -35,6 +35,7 @@
 -export([check_body/1]).
 -export([millis/0, millis_diff/2, hours/1, minutes/1, seconds/1, sleep/1]).
 -export([oscmd/1, has_ipv6_support/1]).
+-export([ensure_started/1]).
 -export([non_pc_tc_maybe_skip/4, os_based_skip/1, skip/3, fail/3]).
 -export([flush/0]).
 -export([start_node/1, stop_node/1]).
@@ -126,6 +127,37 @@ await_stopped(Node, N) ->
 
 
 %% ----------------------------------------------------------------
+%% Ensure apps are started
+%% This to ensure we dont attempt to run teatcases on platforms 
+%% where there is no working ssl app.
+
+ensure_started([]) ->
+    ok;
+ensure_started([App|Apps]) ->
+    ensure_started(App),
+    ensure_started(Apps);
+ensure_started(crypto = App) ->
+    %% We have to treat crypto in this special way because 
+    %% only this function ensures that the NIF lib is actually
+    %% loaded. And only by loading that lib can we know if it 
+    %% is even possible to run crypto.
+    do_ensure_started(App, fun() -> crypto:start() end);
+ensure_started(App) when is_atom(App) ->
+    do_ensure_started(App, fun() -> application:start(App) end).
+
+do_ensure_started(App, Start) when is_function(Start) ->
+    case (catch Start()) of
+	ok ->
+	    ok;
+	{error, {already_started, _}} ->
+	    ok;
+	Error ->
+	    throw({error, {failed_starting, App, Error}})
+    end.
+
+
+
+%% ----------------------------------------------------------------
 %% HTTPD starter functions
 %%
 
diff --git a/lib/inets/test/inets_test_lib.hrl b/lib/inets/test/inets_test_lib.hrl
index 4dd81093a2..c578398c55 100644
--- a/lib/inets/test/inets_test_lib.hrl
+++ b/lib/inets/test/inets_test_lib.hrl
@@ -64,10 +64,11 @@
 
 %% - Misc macros -
 
--define(UPDATE(K,V,C),  inets_test_lib:update_config(K,V,C)).
--define(CONFIG(K,C),    inets_test_lib:get_config(K,C)).
--define(HOSTNAME(),     inets_test_lib:hostname()).
--define(SZ(X),          inets_test_lib:sz(X)).
+-define(ENSURE_STARTED(A), inets_test_lib:ensure_started(A)).
+-define(UPDATE(K,V,C),     inets_test_lib:update_config(K,V,C)).
+-define(CONFIG(K,C),       inets_test_lib:get_config(K,C)).
+-define(HOSTNAME(),        inets_test_lib:hostname()).
+-define(SZ(X),             inets_test_lib:sz(X)).
 
 
 %% - Test case macros - 
diff --git a/lib/inets/vsn.mk b/lib/inets/vsn.mk
index 1df4558e45..77eb43a7ed 100644
--- a/lib/inets/vsn.mk
+++ b/lib/inets/vsn.mk
@@ -2,7 +2,7 @@
 
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2001-2011. All Rights Reserved.
+# Copyright Ericsson AB 2001-2012. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -18,7 +18,7 @@
 # %CopyrightEnd%
 
 APPLICATION = inets
-INETS_VSN   = 5.8
+INETS_VSN   = 5.8.1
 PRE_VSN     =
 APP_VSN     = "$(APPLICATION)-$(INETS_VSN)$(PRE_VSN)"
 
diff --git a/lib/inviso/doc/src/inviso.xml b/lib/inviso/doc/src/inviso.xml
index 44fe7a3a78..c0e2e8f0de 100644
--- a/lib/inviso/doc/src/inviso.xml
+++ b/lib/inviso/doc/src/inviso.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>2006</year><year>2009</year>
+      <year>2006</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -30,6 +30,10 @@
   <module>inviso</module>
   <modulesummary>Main API Module to the Inviso Tracer</modulesummary>
   <description>
+    <warning>
+      <p>The <c>inviso</c> application is deprecated and will be
+      removed in the R16 release.</p>
+    </warning>
     <p>With the <c>inviso</c> API runtime components can be started and tracing managed across a network of distributed Erlang nodes, using a control component also started with <c>inviso</c> API functions.</p>
     <p>Inviso can be used both in a distributed environment and in a non-distributed. API functions not taking a list of nodes as argument works on all started runtime components. If it is the non-distributed case, that is the local runtime component. The API functions taking a list of nodes as argument, or as part of one of the arguments, can not be used in a non-distributed environment. Return values named <c>NodeResult</c> refers to return values from a single Erlang node, and will therefore be the return in the non-distributed environment.</p>
   </description>
diff --git a/lib/inviso/doc/src/inviso_chapter.xml b/lib/inviso/doc/src/inviso_chapter.xml
index 4480099c67..b69fb97586 100644
--- a/lib/inviso/doc/src/inviso_chapter.xml
+++ b/lib/inviso/doc/src/inviso_chapter.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2006</year><year>2009</year>
+      <year>2006</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -30,8 +30,12 @@
   </header>
 
   <section>
-    <title>Introduction</title>
     <p><em>inviso</em>: (Latin) to go to see, visit, inspect, look at.</p>
+    <warning>
+      <p>The <c>inviso</c> application is deprecated and will be
+      removed in the R16 release.</p>
+    </warning>
+    <title>Introduction</title>
     <p>The Inviso trace system consists of one or several runtime components supposed to run on each Erlang node doing tracing and one control component which can run on any node with available processor power. Inviso may also be part of a higher layer trace tool. See the inviso-tool as an example. The implementation is spread out over the Runtime_tools and the Inviso Erlang/OTP applications. Erlang modules necessary to run the runtime component are located in Runtime_tools and therefore assumed to be available on any node. Even though Inviso is introduced with Erlang/OTP R11B the runtime component implementation is done with backward compatibility in mind. Meaning that it is possible to compile and run it on older Erlang/OTP releases.</p>
     <image file="inviso_users_guide_pic1.gif">
       <icaption>Inviso Trace System Architecture Overview.</icaption>
diff --git a/lib/inviso/doc/src/notes.xml b/lib/inviso/doc/src/notes.xml
index 7c2c3c3bde..661284e786 100644
--- a/lib/inviso/doc/src/notes.xml
+++ b/lib/inviso/doc/src/notes.xml
@@ -31,7 +31,28 @@
   <p>This document describes the changes made to the Inviso application.</p>
 
 

-  <section><title>Inviso 0.6.2</title>
+  <section><title>Inviso 0.6.3</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>The <c>inviso</c> application has been deprecated and
+	    will be removed in the R16 release.</p>
+          <p>
+	    Own Id: OTP-9798</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Inviso 0.6.2</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/inviso/src/inviso.erl b/lib/inviso/src/inviso.erl
index 0eda06a5c2..07bdf3e649 100644
--- a/lib/inviso/src/inviso.erl
+++ b/lib/inviso/src/inviso.erl
@@ -25,6 +25,7 @@
 %% ------------------------------------------------------------------------------

 

 -module(inviso).

+-deprecated(module).
 

 %% ------------------------------------------------------------------------------

 %% Exported API functions.

diff --git a/lib/inviso/test/inviso_tool_SUITE.erl b/lib/inviso/test/inviso_tool_SUITE.erl
index 6b16e506eb..f8a9cea47f 100644
--- a/lib/inviso/test/inviso_tool_SUITE.erl
+++ b/lib/inviso/test/inviso_tool_SUITE.erl
@@ -52,7 +52,12 @@ end_per_group(_GroupName, Config) ->
 %% -----------------------------------------------------------------------------

 

 init_per_suite(Config) ->

-    Config.

+    case test_server:is_native(lists) of
+	true ->
+	    {skip,"Native libs -- tracing doesn't work"};
+	false ->
+	    Config
+    end.
 %% -----------------------------------------------------------------------------

 

 end_per_suite(_Config) ->

diff --git a/lib/inviso/vsn.mk b/lib/inviso/vsn.mk
index 79093597fe..c6b0398bde 100644
--- a/lib/inviso/vsn.mk
+++ b/lib/inviso/vsn.mk
@@ -1 +1 @@
-INVISO_VSN = 0.6.2
+INVISO_VSN = 0.6.3
diff --git a/lib/jinterface/doc/src/notes.xml b/lib/jinterface/doc/src/notes.xml
index 11fcc5f387..bf94077114 100644
--- a/lib/jinterface/doc/src/notes.xml
+++ b/lib/jinterface/doc/src/notes.xml
@@ -30,6 +30,27 @@
   </header>
   <p>This document describes the changes made to the Jinterface application.</p>
 
+<section><title>Jinterface 1.5.5</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    JInterface: improve OtpOutputStream buffer allocation</p>
+          <p>
+	    Previously, the buffer was increased linearly by 2048
+	    bytes. I now propose to use an exponential increase
+	    function (similar to Javas ArrayList, e.g. always at
+	    least +50%). This significantly increases performance of
+	    e.g. doRPC for large parameters. (Thanks to Nico Kruber)</p>
+          <p>
+	    Own Id: OTP-9806</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Jinterface 1.5.4</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/Makefile b/lib/jinterface/java_src/com/ericsson/otp/erlang/Makefile
index e772a2b0a5..365798e68a 100644
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/Makefile
+++ b/lib/jinterface/java_src/com/ericsson/otp/erlang/Makefile
@@ -3,7 +3,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2000-2009. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangAtom.java b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangAtom.java
index 4d53447164..60eef7a126 100644
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangAtom.java
+++ b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangAtom.java
@@ -53,7 +53,7 @@ public class OtpErlangAtom extends OtpErlangObject implements Serializable,
 
 	if (atom.length() > maxAtomLength) {
 	    throw new java.lang.IllegalArgumentException("Atom may not exceed "
-		    + maxAtomLength + " characters");
+		    + maxAtomLength + " characters: " + atom);
 	}
 	this.atom = atom;
     }
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangString.java b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangString.java
index 23734bf83b..be8b7c5c12 100644
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangString.java
+++ b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpErlangString.java
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 2000-2009. All Rights Reserved.
+ * Copyright Ericsson AB 2000-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -154,13 +154,16 @@ public class OtpErlangString extends OtpErlangObject implements Serializable,
      *         Unicode code points
      */
 
-    public static int[] stringToCodePoints(final String s) {
-	final int m = s.codePointCount(0, s.length());
-	final int [] codePoints = new int[m];
-	for (int i = 0, j = 0;  j < m;  i = s.offsetByCodePoints(i, 1), j++) {
-	    codePoints[j] = s.codePointAt(i);
-	}
-	return codePoints;
+   public static int[] stringToCodePoints(final String s) {
+        final int m = s.codePointCount(0, s.length());
+        final int[] codePoints = new int[m];
+        int j = 0;
+        for (int offset = 0; offset < s.length();) {
+            final int codepoint = s.codePointAt(offset);
+            codePoints[j++] = codepoint;
+            offset += Character.charCount(codepoint);
+        }
+        return codePoints;
     }
 
     /**
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpMbox.java b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpMbox.java
index 71a419497a..b0b64e6953 100644
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpMbox.java
+++ b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpMbox.java
@@ -31,7 +31,7 @@ package com.ericsson.otp.erlang;
  * the recipient of the message. When sending messages to other mailboxes, the
  * recipient can only respond if the sender includes the pid as part of the
  * message contents. The sender can determine his own pid by calling
- * {@link #self self()}.
+ * {@link #self() self()}.
  * </p>
  * 
  * <p>
@@ -141,7 +141,7 @@ public class OtpMbox {
      * Get the registered name of this mailbox.
      * 
      * @return the registered name of this mailbox, or null if the mailbox had
-     *         no registerd name.
+     *         no registered name.
      */
     public String getName() {
 	return name;
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpNode.java b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpNode.java
index d499fae3fb..be7c8e5b1a 100644
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpNode.java
+++ b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpNode.java
@@ -182,7 +182,7 @@ public class OtpNode extends OtpLocalNode {
      * Create an unnamed {@link OtpMbox mailbox} that can be used to send and
      * receive messages with other, similar mailboxes and with Erlang processes.
      * Messages can be sent to this mailbox by using its associated
-     * {@link OtpMbox#self pid}.
+     * {@link OtpMbox#self() pid}.
      * 
      * @return a mailbox.
      */
@@ -248,7 +248,7 @@ public class OtpNode extends OtpLocalNode {
      * Create an named mailbox that can be used to send and receive messages
      * with other, similar mailboxes and with Erlang processes. Messages can be
      * sent to this mailbox by using its registered name or the associated
-     * {@link OtpMbox#self pid}.
+     * {@link OtpMbox#self() pid}.
      * 
      * @param name
      *            a name to register for this mailbox. The name must be unique
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpOutputStream.java b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpOutputStream.java
index 181350100f..22ebb4688a 100644
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpOutputStream.java
+++ b/lib/jinterface/java_src/com/ericsson/otp/erlang/OtpOutputStream.java
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 2000-2009. All Rights Reserved.
+ * Copyright Ericsson AB 2000-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -25,6 +25,7 @@ import java.io.UnsupportedEncodingException;
 import java.math.BigDecimal;
 import java.math.BigInteger;
 import java.text.DecimalFormat;
+import java.util.Arrays;
 
 /**
  * Provides a stream for encoding Erlang terms to external format, for
@@ -39,7 +40,7 @@ public class OtpOutputStream extends ByteArrayOutputStream {
     /** The default initial size of the stream. * */
     public static final int defaultInitialSize = 2048;
 
-    /** The default increment used when growing the stream. * */
+    /** The default increment used when growing the stream (increment at least this much). * */
     public static final int defaultIncrement = 2048;
 
     // static formats, used to encode floats and doubles
@@ -95,6 +96,41 @@ public class OtpOutputStream extends ByteArrayOutputStream {
     }
 
     /**
+     * Trims the capacity of this <tt>OtpOutputStream</tt> instance to be the
+     * buffer's current size.  An application can use this operation to minimize
+     * the storage of an <tt>OtpOutputStream</tt> instance.
+     */
+    public void trimToSize() {
+	if (super.count < super.buf.length) {
+	    final byte[] tmp = new byte[super.count];
+	    System.arraycopy(super.buf, 0, tmp, 0, super.count);
+	    super.buf = tmp;
+	}
+    }
+
+    /**
+     * Increases the capacity of this <tt>OtpOutputStream</tt> instance, if
+     * necessary, to ensure that it can hold at least the number of elements
+     * specified by the minimum capacity argument.
+     *
+     * @param   minCapacity   the desired minimum capacity
+     */
+    public void ensureCapacity(int minCapacity) {
+	int oldCapacity = super.buf.length;
+	if (minCapacity > oldCapacity) {
+	    int newCapacity = (oldCapacity * 3)/2 + 1;
+	    if (newCapacity < oldCapacity + defaultIncrement)
+		newCapacity = oldCapacity + defaultIncrement;
+	    if (newCapacity < minCapacity)
+		newCapacity = minCapacity;
+	    // minCapacity is usually close to size, so this is a win:
+	    final byte[] tmp = new byte[newCapacity];
+	    System.arraycopy(super.buf, 0, tmp, 0, super.count);
+	    super.buf = tmp;
+	}
+    }
+
+    /**
      * Write one byte to the stream.
      * 
      * @param b
@@ -102,13 +138,7 @@ public class OtpOutputStream extends ByteArrayOutputStream {
      * 
      */
     public void write(final byte b) {
-	if (super.count >= super.buf.length) {
-	    // System.err.println("Expanding buffer from " + this.buf.length
-	    // + " to " + (this.buf.length+defaultIncrement));
-	    final byte[] tmp = new byte[super.buf.length + defaultIncrement];
-	    System.arraycopy(super.buf, 0, tmp, 0, super.count);
-	    super.buf = tmp;
-	}
+	ensureCapacity(super.count + 1);
 	super.buf[super.count++] = b;
     }
 
@@ -122,14 +152,7 @@ public class OtpOutputStream extends ByteArrayOutputStream {
 
     @Override
     public void write(final byte[] buf) {
-	if (super.count + buf.length > super.buf.length) {
-	    // System.err.println("Expanding buffer from " + super.buf.length
-	    // + " to " + (buf.length + super.buf.lengt + defaultIncrement));
-	    final byte[] tmp = new byte[super.buf.length + buf.length
-		    + defaultIncrement];
-	    System.arraycopy(super.buf, 0, tmp, 0, super.count);
-	    super.buf = tmp;
-	}
+	ensureCapacity(super.count + buf.length);
 	System.arraycopy(buf, 0, super.buf, super.count, buf.length);
 	super.count += buf.length;
     }
diff --git a/lib/jinterface/test/nc_SUITE.erl b/lib/jinterface/test/nc_SUITE.erl
index da54f5bf51..9c88400c2a 100644
--- a/lib/jinterface/test/nc_SUITE.erl
+++ b/lib/jinterface/test/nc_SUITE.erl
@@ -296,7 +296,8 @@ lists_roundtrip_2(Config) when is_list(Config) ->
 	  {[z,23|24],tail3},
 	  {[z|25],tail3},
 	  {"abc123",sub3atom},
-	  {"abc",sub3atom}
+	  {"abc",sub3atom},
+	  {"abcdefg",codepointBug}
 	 ],
     Trans =
 	fun ([_|T], tail) ->
@@ -308,7 +309,9 @@ lists_roundtrip_2(Config) when is_list(Config) ->
 	    (L, tail3) when is_list(L) ->
 		null;
 	    ([_,_,_|L], sub3atom) ->
-		list_to_atom(L)
+		list_to_atom(L);
+	    (L, codepointBug) ->
+		L
 	end,
     OutTrans =
 	fun ({L,Twist}) ->
diff --git a/lib/jinterface/test/nc_SUITE_data/echo_server.java b/lib/jinterface/test/nc_SUITE_data/echo_server.java
index 0550e4beb1..5ecb5b72a7 100644
--- a/lib/jinterface/test/nc_SUITE_data/echo_server.java
+++ b/lib/jinterface/test/nc_SUITE_data/echo_server.java
@@ -202,6 +202,12 @@ public class echo_server {
 		final OtpErlangAtom o = new OtpErlangAtom(s.stringValue()
 			.substring(3));
 		return o;
+	    } else if (atomValue.equals("codepointBug")
+		    && i instanceof OtpErlangString) {
+		final OtpErlangString s = (OtpErlangString) i;
+		final String ss = s.stringValue().substring(3, 6);
+		final int[] cps = OtpErlangString.stringToCodePoints(ss);
+		return s;
 	    } else if (atomValue.equals("utf8")) {
 		if (i instanceof OtpErlangString) {
 		    final OtpErlangString s = (OtpErlangString) i;
diff --git a/lib/jinterface/vsn.mk b/lib/jinterface/vsn.mk
index 9d75a653e3..9d8229e9fa 100644
--- a/lib/jinterface/vsn.mk
+++ b/lib/jinterface/vsn.mk
@@ -1 +1 @@
-JINTERFACE_VSN = 1.5.4
+JINTERFACE_VSN = 1.5.5
diff --git a/lib/kernel/doc/src/code.xml b/lib/kernel/doc/src/code.xml
index 6b89711924..ee687511a3 100644
--- a/lib/kernel/doc/src/code.xml
+++ b/lib/kernel/doc/src/code.xml
@@ -229,10 +229,10 @@
      <c>-code_path_choice Choice</c>. If the flag is set to <c>relaxed</c>,
      the code server will instead choose a suitable directory
      depending on the actual file structure. If there exists a regular
-     application ebin directory,situation it will be choosen. But if it does
-     not exist, the ebin directory in the archive is choosen if it
+     application ebin directory,situation it will be chosen. But if it does
+     not exist, the ebin directory in the archive is chosen if it
      exists. If neither of them exists the original directory will be
-     choosen.</p>
+     chosen.</p>
 
     <p>The command line flag <c>-code_path_choice Choice</c> does also
      affect how <c>init</c> interprets the <c>boot script</c>. The
diff --git a/lib/kernel/doc/src/file.xml b/lib/kernel/doc/src/file.xml
index 7db20e6343..772eff13cc 100644
--- a/lib/kernel/doc/src/file.xml
+++ b/lib/kernel/doc/src/file.xml
@@ -149,6 +149,12 @@
     <datatype>
       <name name="mode"/>
     </datatype>
+    <datatype>
+      <name name="file_info_option"/>
+    </datatype>
+    <datatype>
+      <name name="sendfile_option"/>
+    </datatype>
    </datatypes>
 
   <funcs>
@@ -409,7 +415,7 @@
       <name>file_info(Filename) -> {ok, FileInfo} | {error, Reason}</name>
       <fsummary>Get information about a file (deprecated)</fsummary>
       <desc>
-        <p>This function is obsolete. Use <c>read_file_info/1</c>
+        <p>This function is obsolete. Use <c>read_file_info/1,2</c>
           instead.</p>
       </desc>
     </func>
@@ -536,7 +542,7 @@
       <desc>
         <p>Makes a hard link from <c><anno>Existing</anno></c> to
           <c><anno>New</anno></c>, on
-          platforms that support links (Unix). This function returns
+          platforms that support links (Unix and Windows). This function returns
           <c>ok</c> if the link was successfully created, or
           <c>{error, <anno>Reason</anno>}</c>. On platforms that do not support
           links, <c>{error,enotsup}</c> is returned.</p>
@@ -563,11 +569,12 @@
       <name name="make_symlink" arity="2"/>
       <fsummary>Make a symbolic link to a file or directory</fsummary>
       <desc>
-        <p>This function creates a symbolic link <c><anno>Name2</anno></c> to
-          the file or directory <c><anno>Name1</anno></c>, on platforms that
-          support
-          symbolic links (most Unix systems). <c><anno>Name1</anno></c> need not
-          exist. This function returns <c>ok</c> if the link was
+        <p>This function creates a symbolic link <c><anno>New</anno></c> to
+          the file or directory <c><anno>Existing</anno></c>, on platforms that
+          support symbolic links (most Unix systems and Windows beginning with
+	  Vista).
+	  <c><anno>Existing</anno></c> need not exist.
+          This function returns <c>ok</c> if the link was
           successfully created, or <c>{error, <anno>Reason</anno>}</c>.
           On platforms
           that do not support symbolic links, <c>{error, enotsup}</c>
@@ -577,11 +584,11 @@
           <tag><c>eacces</c></tag>
           <item>
             <p>Missing read or write permissions for the parent directories
-            of <c><anno>Name1</anno></c> or <c><anno>Name2</anno></c>.</p>
+            of <c><anno>Existing</anno></c> or <c><anno>New</anno></c>.</p>
           </item>
           <tag><c>eexist</c></tag>
           <item>
-            <p><c><anno>Name2</anno></c> already exists.</p>
+            <p><c><anno>New</anno></c> already exists.</p>
           </item>
           <tag><c>enotsup</c></tag>
           <item>
@@ -1185,6 +1192,7 @@
     </func>
     <func>
       <name name="read_file_info" arity="1"/>
+      <name name="read_file_info" arity="2"/>
       <fsummary>Get information about a file</fsummary>
       <desc>
         <p>Retrieves information about a file. Returns
@@ -1196,6 +1204,20 @@
           from which the function is called:</p>
         <code type="none">
 -include_lib("kernel/include/file.hrl").</code>
+		<p>The time type returned in <c>atime</c>, <c>mtime</c> and <c>ctime</c>
+			is dependent on the time type set in <c>Opts :: {time, Type}</c>.
+			Type <c>local</c> will return local time, <c>universal</c> will
+			return universal time and <c>posix</c> will return seconds since
+			or before unix time epoch which is 1970-01-01 00:00 UTC. 
+			Default is <c>{time, local}</c>.
+		</p> 
+		<note>
+          <p>
+			  Since file times is stored in posix time on most OS it is
+			  faster to query file information with the <c>posix</c> option.
+		  </p> 
+        </note>
+        
         <p>The record <c>file_info</c> contains the following fields.</p>
         <taglist>
           <tag><c>size = integer()</c></tag>
@@ -1210,15 +1232,15 @@
           <item>
             <p>The current system access to the file.</p>
           </item>
-          <tag><c>atime = <seealso marker="#type-date_time">date_time()</seealso></c></tag>
+          <tag><c>atime = <seealso marker="#type-date_time">date_time()</seealso> | integer() </c></tag> 
           <item>
-            <p>The last (local) time the file was read.</p>
+            <p>The last time the file was read.</p>
           </item>
-          <tag><c>mtime = <seealso marker="#type-date_time">date_time()</seealso></c></tag>
+          <tag><c>mtime = <seealso marker="#type-date_time">date_time()</seealso> | integer() </c></tag> 
           <item>
-            <p>The last (local) time the file was written.</p>
+            <p>The last time the file was written.</p>
           </item>
-          <tag><c>ctime = <seealso marker="#type-date_time">date_time()</seealso></c></tag>
+          <tag><c>ctime = <seealso marker="#type-date_time">date_time()</seealso> | integer() </c></tag> 
           <item>
             <p>The interpretation of this time field depends on
               the operating system. On Unix, it is the last time
@@ -1374,9 +1396,11 @@
     </func>
     <func>
       <name name="read_link_info" arity="1"/>
+      <name name="read_link_info" arity="2"/>
       <fsummary>Get information about a link or file</fsummary>
       <desc>
-        <p>This function works like <c>read_file_info/1</c>, except that
+		  <p>This function works like 
+			 <seealso marker="#read_file_info/2">read_file_info/1,2</seealso> except that
           if <c><anno>Name</anno></c> is a symbolic link, information about
           the link will be returned in the <c>file_info</c> record and
           the <c>type</c> field of the record will be set to
@@ -1574,6 +1598,48 @@
       </desc>
     </func>
     <func>
+      <name name="sendfile" arity="2"/>
+      <fsummary>send a file to a socket</fsummary>
+      <desc>
+        <p>Sends the file <c>Filename</c> to <c>Socket</c>.
+        Returns <c>{ok, BytesSent}</c> if successful,
+        otherwise <c>{error, Reason}</c>.</p>
+      </desc>
+    </func>
+    <func>
+      <name name="sendfile" arity="5"/>
+      <fsummary>send a file to a socket</fsummary>
+      <desc>
+        <p>Sends <c>Bytes</c> from the file
+        referenced by <c>RawFile</c> beginning at <c>Offset</c> to
+        <c>Socket</c>.
+        Returns <c>{ok, BytesSent}</c> if successful,
+        otherwise <c>{error, Reason}</c>. If <c>Bytes</c> is set to
+	0 all data after the given <c>Offset</c> is sent.</p>
+	<p>The file used must be opened using the raw flag, and the process
+	calling sendfile must be the controlling process of the socket.
+	See <seealso marker="gen_tcp#controlling_process-2">gen_tcp:controlling_process/2</seealso></p>
+	<p>If the OS used does not support sendfile, an Erlang fallback
+	using file:read and gen_tcp:send is used.</p>
+	<p>The option list can contain the following options:
+	<taglist>
+          <tag><c>chunk_size</c></tag>
+          <item>The chunk size used by the erlang fallback to send
+	  data. If using the fallback, this should be set to a value
+	  which comfortably fits in the systems memory. Default is 20 MB.</item>
+	</taglist>
+	</p>
+	<p>On operating systems with thread support, it is recommended to use
+	async threads. See the command line flag
+	<c>+A</c> in <seealso marker="erts:erl">erl(1)</seealso>. If it is not
+	possible to use async threads for sendfile, it is recommended to use
+	a relatively small value for the send buffer on the socket. Otherwise
+	the Erlang VM might loose some of its soft realtime guarantees.
+	Which size to use depends on the OS/hardware and the requirements
+	of the application.</p>
+      </desc>
+    </func>
+    <func>
       <name name="write" arity="2"/>
       <fsummary>Write to a file</fsummary>
       <desc>
@@ -1645,6 +1711,7 @@
     </func>
     <func>
       <name name="write_file_info" arity="2"/>
+      <name name="write_file_info" arity="3"/>
       <fsummary>Change information about a file</fsummary>
       <desc>
         <p>Change file information. Returns <c>ok</c> if successful,
@@ -1655,18 +1722,25 @@
           from which the function is called:</p>
         <code type="none">
 -include_lib("kernel/include/file.hrl").</code>
+		<p>The time type set in <c>atime</c>, <c>mtime</c> and <c>ctime</c>
+			is dependent on the time type set in <c>Opts :: {time, Type}</c>.
+			Type <c>local</c> will interpret the time set as local, <c>universal</c> will
+			interpret it as universal time and <c>posix</c> must be seconds since
+			or before unix time epoch which is 1970-01-01 00:00 UTC.
+			Default is <c>{time, local}</c>.
+		</p>
         <p>The following fields are used from the record, if they are
           given.</p>
         <taglist>
-          <tag><c>atime = <seealso marker="#type-date_time">date_time()</seealso></c></tag>
+          <tag><c>atime = <seealso marker="#type-date_time">date_time()</seealso> | integer()</c></tag>
           <item>
-            <p>The last (local) time the file was read.</p>
+            <p>The last time the file was read.</p>
           </item>
-          <tag><c>mtime = <seealso marker="#type-date_time">date_time()</seealso></c></tag>
+          <tag><c>mtime = <seealso marker="#type-date_time">date_time()</seealso> | integer()</c></tag>
           <item>
-            <p>The last (local) time the file was written.</p>
+            <p>The last time the file was written.</p>
           </item>
-          <tag><c>ctime = <seealso marker="#type-date_time">date_time()</seealso></c></tag>
+          <tag><c>ctime = <seealso marker="#type-date_time">date_time()</seealso> | integer()</c></tag>
           <item>
             <p>On Unix, any value give for this field will be ignored
               (the "ctime" for the file will be set to the current
diff --git a/lib/kernel/doc/src/gen_sctp.xml b/lib/kernel/doc/src/gen_sctp.xml
index 418bfae4b8..579b7f1f74 100644
--- a/lib/kernel/doc/src/gen_sctp.xml
+++ b/lib/kernel/doc/src/gen_sctp.xml
@@ -270,7 +270,7 @@
 	it is bound to.</p>
 	<p>For type <c>seqpacket</c> sockets (the default)
 	<c><anno>IsServer</anno></c> must be <c>true</c> or <c>false</c>.
-	In the contrast to TCP, in SCTP there is no listening queue length.
+	In contrast to TCP, in SCTP there is no listening queue length.
 	If <c><anno>IsServer</anno></c> is <c>true</c> the socket accepts new associations, i.e.
 	it will become an SCTP server socket.</p>
 	<p>For type <c>stream</c> sockets <anno>Backlog</anno> defines
diff --git a/lib/kernel/doc/src/inet.xml b/lib/kernel/doc/src/inet.xml
index fad5af85bb..1a05b4ba99 100644
--- a/lib/kernel/doc/src/inet.xml
+++ b/lib/kernel/doc/src/inet.xml
@@ -573,6 +573,10 @@ fe80::204:acff:fe17:bf38
               is longer than the max allowed length, the packet is
               considered invalid. The same happens if the packet header
               is too big for the socket receive buffer.</p>
+	    <p>For line oriented protocols (<c>line</c>,<c>http*</c>),
+	    option <c>packet_size</c> also guarantees that lines up to the
+	    indicated length are accepted and not considered invalid due
+	    to internal buffer limitations.</p>
           </item>
           <tag><c>{read_packets, Integer}</c>(UDP sockets)</tag>
           <item>
diff --git a/lib/kernel/doc/src/notes.xml b/lib/kernel/doc/src/notes.xml
index ec57b03bd9..9121186631 100644
--- a/lib/kernel/doc/src/notes.xml
+++ b/lib/kernel/doc/src/notes.xml
@@ -30,6 +30,241 @@
   </header>
   <p>This document describes the changes made to the Kernel application.</p>
 
+<section><title>Kernel 2.15</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+	    <p> Calls to <c>global:whereis_name/1</c> have been
+	    substituted for calls to
+	    <c>global:safe_whereis_name/1</c> since the latter is not
+	    safe at all.</p>
+	    <p>The reason for not doing this earlier is that setting
+	    a global lock masked out a bug concerning the restart of
+	    supervised children. The bug has now been fixed by a
+	    modification of <c>global:whereis_name/1</c>. (Thanks to
+	    Ulf Wiger for code contribution.)</p>
+	    <p>A minor race conditions in <c>gen_fsm:start*</c> has
+	    been fixed: if one of these functions returned <c>{error,
+	    Reason}</c> or ignore, the name could still be registered
+	    (either locally or in <c>global</c>. (This is the same
+	    modification as was done for gen_server in OTP-7669.)</p>
+	    <p>The undocumented function
+	    <c>global:safe_whereis_name/1</c> has been removed. </p>
+          <p>
+	    Own Id: OTP-9212 Aux Id: seq7117, OTP-4174 </p>
+        </item>
+        <item>
+          <p>
+	    Honor option <c>packet_size</c> for http packet parsing
+	    by both TCP socket and <c>erlang:decode_packet</c>. This
+	    gives the ability to accept HTTP headers larger than the
+	    default setting, but also avoid DoS attacks by accepting
+	    lines only up to whatever length you wish to allow. For
+	    consistency, packet type <c>line</c> also honor option
+	    <c>packet_size</c>. (Thanks to Steve Vinoski)</p>
+          <p>
+	    Own Id: OTP-9389</p>
+        </item>
+        <item>
+	    <p> <c>disk_log:reopen/2,3</c> and
+	    <c>disk_log:breopen/3</c> could return the error reason
+	    from <c>file:rename/2</c> rather than the reason
+	    <c>{file_error, Filename, Reason}</c>. This bug has been
+	    fixed. </p> <p> The message <c>{disk_log, Node, {error,
+	    disk_log_stopped}}</c> which according the documentation
+	    is sent upon failure to truncate or reopen a disk log was
+	    sometimes turned into a reply. This bug has been fixed.
+	    </p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9508</p>
+        </item>
+        <item>
+          <p>
+	    Environment variable 'shutdown_timeout' is added to
+	    kernel application. Earlier, application_controller would
+	    hang forever if an application top supervisor did not
+	    terminate upon a shutdown request. If this new
+	    environment variable is set to a positive integer T, then
+	    application controller will now give up after T
+	    milliseconds and instead brutally kill the application.
+	    For backwards compatibility, the default value for
+	    shutdown_timeout is 'infinity'.</p>
+          <p>
+	    Own Id: OTP-9540</p>
+        </item>
+        <item>
+          <p>
+	    Add '-callback' attributes in stdlib's behaviours</p>
+          <p>
+	    Replace the behaviour_info(callbacks) export in stdlib's
+	    behaviours with -callback' attributes for all the
+	    callbacks. Update the documentation with information on
+	    the callback attribute Automatically generate
+	    'behaviour_info' function from '-callback' attributes</p>
+          <p>
+	    'behaviour_info(callbacks)' is a special function that is
+	    defined in a module which describes a behaviour and
+	    returns a list of its callbacks.</p>
+          <p>
+	    This function is now automatically generated using the
+	    '-callback' specs. An error is returned by lint if user
+	    defines both '-callback' attributes and the
+	    behaviour_info/1 function. If no type info is needed for
+	    a callback use a generic spec for it. Add '-callback'
+	    attribute to language syntax</p>
+          <p>
+	    Behaviours may define specs for their callbacks using the
+	    familiar spec syntax, replacing the '-spec' keyword with
+	    '-callback'. Simple lint checks are performed to ensure
+	    that no callbacks are defined twice and all types
+	    referred are declared.</p>
+          <p>
+	    These attributes can be then used by tools to provide
+	    documentation to the behaviour or find discrepancies in
+	    the callback definitions in the callback module.</p>
+          <p>
+	    Add callback specs into 'application' module in kernel
+	    Add callback specs to tftp module following internet
+	    documentation Add callback specs to inets_service module
+	    following possibly deprecated comments</p>
+          <p>
+	    Own Id: OTP-9621</p>
+        </item>
+        <item>
+          <p>
+	    make tab completion work in remote shells (Thanks to Mats
+	    Cronqvist)</p>
+          <p>
+	    Own Id: OTP-9673</p>
+        </item>
+        <item>
+          <p>
+	    Add missing parenthesis in heart doc.</p>
+          <p>
+	    Add missing spaces in the Reference Manual distributed
+	    section.</p>
+          <p>
+	    In the HTML version of the doc those spaces are necessary
+	    to separate those words.</p>
+          <p>
+	    Own Id: OTP-9693</p>
+        </item>
+        <item>
+          <p>
+	    Fixes net_kernel:get_net_ticktime() doc</p>
+          <p>
+	    Adds missing description when `ignored' is returned.
+	    (Thanks to Ricardo Catalinas Jim�nez )</p>
+          <p>
+	    Own Id: OTP-9713</p>
+        </item>
+        <item>
+	    <p> While <c>disk_log</c> eagerly collects logged terms
+	    for better performance, collecting too much data may
+	    choke the system and cause huge binaries to be written.
+	    In order to remedy the situation a (small) limit on the
+	    amount of data that is collected before writing to disk
+	    has been introduced. </p>
+          <p>
+	    Own Id: OTP-9764</p>
+        </item>
+        <item>
+          <p>
+	    <list> <item><p>Correct callback spec in application
+	    module</p></item> <item><p>Refine warning about callback
+	    specs with extra ranges</p></item> <item><p>Cleanup
+	    autoimport compiler directives</p></item> <item><p>Fix
+	    Dialyzer's warnings in typer</p></item> <item><p>Fix
+	    Dialyzer's warning for its own code</p></item>
+	    <item><p>Fix bug in Dialyzer's behaviours
+	    analysis</p></item> <item><p>Fix crash in
+	    Dialyzer</p></item> <item><p>Variable substitution was
+	    not generalizing any unknown variables.</p></item>
+	    </list></p>
+          <p>
+	    Own Id: OTP-9776</p>
+        </item>
+        <item>
+          <p>
+	    Fix a crash when file:change_time/2,3 are called with
+	    invalid dates</p>
+          <p>
+	    Calling file:change_time/2,3 with an invalid date tuple
+	    (e.g file:change_time("file.txt", {undefined,
+	    undefined})) will cause file_server_2 to crash.
+	    error_logger will shutdown and the whole VM will stop.
+	    Change behavior to validate given dates on system
+	    boundaries. (i.e before issuing a server call).(Thanks to
+	    Ahmed Omar)</p>
+          <p>
+	    Own Id: OTP-9785</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p> An option list argument can now be passed to
+	    <c>file:read_file_info/2, file:read_link_info/2</c> and
+	    <c>file:write_file_info/3</c> and set time type
+	    information in the call. Valid options are <c>{time,
+	    local}, {time, universal}</c> and <c>{time, posix}</c>.
+	    In the case of <c>posix</c> time no conversions are made
+	    which makes the operation a bit faster. </p>
+          <p>
+	    Own Id: OTP-7687</p>
+        </item>
+        <item>
+	    <p><c>file:list_dir/1,2</c> will now fill an buffer
+	    entire with filenames from the efile driver before
+	    sending it to an erlang process. This will speed up this
+	    file operation in most cases.</p>
+          <p>
+	    Own Id: OTP-9023</p>
+        </item>
+        <item>
+	    <p>gen_sctp:open/0-2 may now return
+	    {error,eprotonosupport} if SCTP is not supported</p>
+	    <p>gen_sctp:peeloff/1 has been implemented and creates a
+	    one-to-one socket which also are supported now</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9239</p>
+        </item>
+        <item>
+          <p>
+	    Sendfile has been added to the file module's API.
+	    sendfile/2 is used to read data from a file and send it
+	    to a tcp socket using a zero copying mechanism if
+	    available on that OS.</p>
+          <p>
+	    Thanks to Tuncer Ayaz and Steve Vinovski for original
+	    implementation</p>
+          <p>
+	    Own Id: OTP-9240</p>
+        </item>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Kernel 2.14.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/kernel/include/dist.hrl b/lib/kernel/include/dist.hrl
index aea1ab81ba..5b52f6f294 100644
--- a/lib/kernel/include/dist.hrl
+++ b/lib/kernel/include/dist.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/kernel/include/dist_util.hrl b/lib/kernel/include/dist_util.hrl
index f2b0598532..c3a7f97418 100644
--- a/lib/kernel/include/dist_util.hrl
+++ b/lib/kernel/include/dist_util.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/kernel/include/file.hrl b/lib/kernel/include/file.hrl
index 3889bce393..bf97173122 100644
--- a/lib/kernel/include/file.hrl
+++ b/lib/kernel/include/file.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,10 +25,11 @@
 	{size   :: non_neg_integer(),	% Size of file in bytes.
 	 type   :: 'device' | 'directory' | 'other' | 'regular' | 'symlink',
 	 access :: 'read' | 'write' | 'read_write' | 'none',
-	 atime  :: file:date_time(),	% The local time the file was last read:
-					% {{Year, Mon, Day}, {Hour, Min, Sec}}.
-	 mtime  :: file:date_time(),	% The local time the file was last written.
-	 ctime  :: file:date_time(),	% The interpretation of this time field
+	 atime  :: file:date_time() | integer(), % The local time the file was last read:
+					         % {{Year, Mon, Day}, {Hour, Min, Sec}}.
+						 % atime, ctime, mtime may also be unix epochs()
+	 mtime  :: file:date_time() | integer(), % The local time the file was last written.
+	 ctime  :: file:date_time() | integer(), % The interpretation of this time field
 					% is dependent on operating system.
 					% On Unix it is the last time the file
 					% or the inode was changed.  On Windows,
diff --git a/lib/kernel/include/net_address.hrl b/lib/kernel/include/net_address.hrl
index 5342076507..9b9ea42931 100644
--- a/lib/kernel/include/net_address.hrl
+++ b/lib/kernel/include/net_address.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/kernel/src/Makefile b/lib/kernel/src/Makefile
index 02be6b5036..54f21eb2b8 100644
--- a/lib/kernel/src/Makefile
+++ b/lib/kernel/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1996-2010. All Rights Reserved.
+# Copyright Ericsson AB 1996-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/kernel/src/application.erl b/lib/kernel/src/application.erl
index caac4d926c..c299fb085c 100644
--- a/lib/kernel/src/application.erl
+++ b/lib/kernel/src/application.erl
@@ -59,7 +59,7 @@
 
 -callback start(StartType :: normal | {takeover, node()} | {failover, node()},
 		StartArgs :: term()) ->
-    {ok, pid()} | {ok, pid(), State :: term()} | {error, Reason :: term}.
+    {'ok', pid()} | {'ok', pid(), State :: term()} | {'error', Reason :: term()}.
 
 -callback stop(State :: term()) ->
     term().
diff --git a/lib/kernel/src/code.erl b/lib/kernel/src/code.erl
index 882e9625fe..b7fda69ce0 100644
--- a/lib/kernel/src/code.erl
+++ b/lib/kernel/src/code.erl
@@ -324,15 +324,7 @@ start_link(Flags) ->
 %%-----------------------------------------------------------------
 
 do_start(Flags) ->
-    %% The following module_info/1 calls are here to ensure
-    %% that these modules are loaded prior to their use elsewhere in
-    %% the code_server.
-    %% Otherwise a deadlock may occur when the code_server is starting.
-    code_server = code_server:module_info(module),
-    packages = packages:module_info(module),
-    catch hipe_unified_loader:load_hipe_modules(),
-    Modules2 = [gb_sets, gb_trees, ets, os, binary, unicode, filename, lists],
-    lists:foreach(fun (M) -> M = M:module_info(module) end, Modules2),
+    load_code_server_prerequisites(),
 
     Mode = get_mode(Flags),
     case init:get_argument(root) of 
@@ -360,6 +352,25 @@ do_start(Flags) ->
 	    {error, crash}
     end.
 
+%% Make sure that all modules that the code_server process calls
+%% (directly or indirectly) are loaded. Otherwise the code_server
+%% process will deadlock.
+
+load_code_server_prerequisites() ->
+    %% Please keep the alphabetical order.
+    Needed = [binary,
+	      ets,
+	      filename,
+	      gb_sets,
+	      gb_trees,
+	      hipe_unified_loader,
+	      lists,
+	      os,
+	      packages,
+	      unicode],
+    [M = M:module_info(module) || M <- Needed],
+    ok.
+
 do_stick_dirs() ->
     do_s(compiler),
     do_s(stdlib),
diff --git a/lib/kernel/src/code_server.erl b/lib/kernel/src/code_server.erl
index 32a12e2b52..5d4f2eb70c 100644
--- a/lib/kernel/src/code_server.erl
+++ b/lib/kernel/src/code_server.erl
@@ -1317,15 +1317,21 @@ int_list([H|T]) when is_integer(H) -> int_list(T);
 int_list([_|_])                    -> false;
 int_list([])                       -> true.
 
+load_file(Mod0, {From,_}=Caller, St0) ->
+    Mod = to_atom(Mod0),
+    case pending_on_load(Mod, From, St0) of
+	no -> load_file_1(Mod, Caller, St0);
+	{yes,St} -> {noreply,St}
+    end.
 
-load_file(Mod, Caller, #state{path=Path,cache=no_cache}=St) ->
+load_file_1(Mod, Caller, #state{path=Path,cache=no_cache}=St) ->
     case mod_to_bin(Path, Mod) of
 	error ->
 	    {reply,{error,nofile},St};
 	{Mod,Binary,File} ->
 	    try_load_module(File, Mod, Binary, Caller, St)
     end;
-load_file(Mod, Caller, #state{cache=Cache}=St0) ->
+load_file_1(Mod, Caller, #state{cache=Cache}=St0) ->
     Key = {obj,Mod},
     case ets:lookup(Cache, Key) of
 	[] -> 
diff --git a/lib/kernel/src/disk_log.erl b/lib/kernel/src/disk_log.erl
index d6bc23be6d..fb9415d440 100644
--- a/lib/kernel/src/disk_log.erl
+++ b/lib/kernel/src/disk_log.erl
@@ -64,7 +64,7 @@
 %%-define(PROFILE(C), C).
 -define(PROFILE(C), void).
 
--compile({inline,[{log_loop,4},{log_end_sync,2},{replies,2},{rflat,1}]}).
+-compile({inline,[{log_loop,5},{log_end_sync,2},{replies,2},{rflat,1}]}).
 
 %%%----------------------------------------------------------------------
 %%% Contract type specifications
@@ -685,7 +685,7 @@ handle({From, {log, B}}, S) ->
 	L when L#log.mode =:= read_only ->
 	    reply(From, {error, {read_only_mode, L#log.name}}, S);
 	L when L#log.status =:= ok, L#log.format =:= internal ->
-	    log_loop(S, From, [B], []);
+	    log_loop(S, From, [B], [], iolist_size(B));
 	L when L#log.status =:= ok, L#log.format =:= external ->
 	    reply(From, {error, {format_external, L#log.name}}, S);
 	L when L#log.status =:= {blocked, false} ->
@@ -700,7 +700,7 @@ handle({From, {blog, B}}, S) ->
 	L when L#log.mode =:= read_only ->
 	    reply(From, {error, {read_only_mode, L#log.name}}, S);
 	L when L#log.status =:= ok ->
-	    log_loop(S, From, [B], []);
+	    log_loop(S, From, [B], [], iolist_size(B));
 	L when L#log.status =:= {blocked, false} ->
 	    reply(From, {error, {blocked_log, L#log.name}}, S);
 	L when L#log.blocked_by =:= From ->
@@ -714,7 +714,7 @@ handle({alog, B}, S) ->
 	    notify_owners({read_only,B}),
 	    loop(S);
 	L when L#log.status =:= ok, L#log.format =:= internal ->
-	    log_loop(S, [], [B], []);
+	    log_loop(S, [], [B], [], iolist_size(B));
 	L when L#log.status =:= ok ->
 	    notify_owners({format_external, B}),
 	    loop(S);
@@ -730,7 +730,7 @@ handle({balog, B}, S) ->
 	    notify_owners({read_only,B}),
 	    loop(S);
 	L when L#log.status =:= ok ->
-	    log_loop(S, [], [B], []);
+	    log_loop(S, [], [B], [], iolist_size(B));
 	L when L#log.status =:= {blocked, false} ->
 	    notify_owners({blocked_log, B}),
 	    loop(S);
@@ -1029,38 +1029,42 @@ handle(_, S) ->
     loop(S).
 
 sync_loop(From, S) ->
-    log_loop(S, [], [], From).
+    log_loop(S, [], [], From, 0).
+
+-define(MAX_LOOK_AHEAD, 64*1024).
 
 %% Inlined.
-log_loop(S, Pids, _Bins, _Sync) when S#state.cache_error =/= ok ->
+log_loop(S, Pids, _Bins, _Sync, _Sz) when S#state.cache_error =/= ok ->
     loop(cache_error(S, Pids));
-log_loop(S, Pids, Bins, Sync) when S#state.messages =:= [] ->
+log_loop(#state{messages = []}=S, Pids, Bins, Sync, Sz)
+            when Sz > ?MAX_LOOK_AHEAD ->
+    loop(log_end(S, Pids, Bins, Sync));
+log_loop(#state{messages = []}=S, Pids, Bins, Sync, Sz) ->
     receive 
 	Message ->
-	    log_loop(Message, Pids, Bins, Sync, S, get(log))
+            log_loop(Message, Pids, Bins, Sync, Sz, S, get(log))
     after 0 ->
 	    loop(log_end(S, Pids, Bins, Sync))
     end;
-log_loop(S, Pids, Bins, Sync) ->
+log_loop(S, Pids, Bins, Sync, Sz) ->
     [M | Ms] = S#state.messages,
     S1 = S#state{messages = Ms},
-    log_loop(M, Pids, Bins, Sync, S1, get(log)).
+    log_loop(M, Pids, Bins, Sync, Sz, S1, get(log)).
 
 %% Items logged after the last sync request found are sync:ed as well.
-log_loop({alog,B}, Pids, Bins, Sync, S, L) when L#log.format =:= internal ->
+log_loop({alog,B}, Pids, Bins, Sync, Sz, S, #log{format = internal}) ->
     %% {alog, _} allowed for the internal format only.
-    log_loop(S, Pids, [B | Bins], Sync);
-log_loop({balog, B}, Pids, Bins, Sync, S, _L) ->
-    log_loop(S, Pids, [B | Bins], Sync);
-log_loop({From, {log, B}}, Pids, Bins, Sync, S, L) 
-                                           when L#log.format =:= internal ->
+    log_loop(S, Pids, [B | Bins], Sync, Sz+iolist_size(B));
+log_loop({balog, B}, Pids, Bins, Sync, Sz, S, _L) ->
+    log_loop(S, Pids, [B | Bins], Sync, Sz+iolist_size(B));
+log_loop({From, {log, B}}, Pids, Bins, Sync, Sz, S, #log{format = internal}) ->
     %% {log, _} allowed for the internal format only.
-    log_loop(S, [From | Pids], [B | Bins], Sync);
-log_loop({From, {blog, B}}, Pids, Bins, Sync, S, _L) ->
-    log_loop(S, [From | Pids], [B | Bins], Sync);
-log_loop({From, sync}, Pids, Bins, Sync, S, _L) ->
-    log_loop(S, Pids, Bins, [From | Sync]);
-log_loop(Message, Pids, Bins, Sync, S, _L) ->
+    log_loop(S, [From | Pids], [B | Bins], Sync, Sz+iolist_size(B));
+log_loop({From, {blog, B}}, Pids, Bins, Sync, Sz, S, _L) ->
+    log_loop(S, [From | Pids], [B | Bins], Sync, Sz+iolist_size(B));
+log_loop({From, sync}, Pids, Bins, Sync, Sz, S, _L) ->
+    log_loop(S, Pids, Bins, [From | Sync], Sz);
+log_loop(Message, Pids, Bins, Sync, _Sz, S, _L) ->
     NS = log_end(S, Pids, Bins, Sync),
     handle(Message, NS).
 
diff --git a/lib/kernel/src/file.erl b/lib/kernel/src/file.erl
index 706c60caaf..4028dd4f0b 100644
--- a/lib/kernel/src/file.erl
+++ b/lib/kernel/src/file.erl
@@ -28,9 +28,11 @@
 %% File system and metadata.
 -export([get_cwd/0, get_cwd/1, set_cwd/1, delete/1, rename/2,
 	 make_dir/1, del_dir/1, list_dir/1,
-	 read_file_info/1, write_file_info/2,
+	 read_file_info/1, read_file_info/2,
+	 write_file_info/2, write_file_info/3,
 	 altname/1,
-	 read_link_info/1, read_link/1,
+	 read_link_info/1, read_link_info/2,
+	 read_link/1,
 	 make_link/2, make_symlink/2,
 	 read_file/1, write_file/2, write_file/3]).
 %% Specialized
@@ -51,6 +53,9 @@
 
 -export([pid2name/1]).
 
+%% Sendfile functions
+-export([sendfile/2,sendfile/5]).
+
 %%% Obsolete exported functions
 
 -export([raw_read_file_info/1, raw_write_file_info/2]).
@@ -103,6 +108,10 @@
 -type date_time() :: calendar:datetime().
 -type posix_file_advise() :: 'normal' | 'sequential' | 'random'
                            | 'no_reuse' | 'will_need' | 'dont_need'.
+-type sendfile_option() :: {chunk_size, non_neg_integer()}.
+-type file_info_option() :: {'time', 'local'} | {'time', 'universal'} 
+			  | {'time', 'posix'}.
+
 
 %%%-----------------------------------------------------------------
 %%% General functions
@@ -211,6 +220,15 @@ del_dir(Name) ->
 read_file_info(Name) ->
     check_and_call(read_file_info, [file_name(Name)]).
 
+-spec read_file_info(Filename, Opts) -> {ok, FileInfo} | {error, Reason} when
+      Filename :: name(),
+      Opts :: [file_info_option()],
+      FileInfo :: file_info(),
+      Reason :: posix() | badarg.
+
+read_file_info(Name, Opts) when is_list(Opts) ->
+    check_and_call(read_file_info, [file_name(Name), Opts]).
+
 -spec altname(Name :: name()) -> any().
 
 altname(Name) ->
@@ -224,6 +242,16 @@ altname(Name) ->
 read_link_info(Name) ->
     check_and_call(read_link_info, [file_name(Name)]).
 
+-spec read_link_info(Name, Opts) -> {ok, FileInfo} | {error, Reason} when
+      Name :: name(),
+      Opts :: [file_info_option()],
+      FileInfo :: file_info(),
+      Reason :: posix() | badarg.
+
+read_link_info(Name, Opts) when is_list(Opts) ->
+    check_and_call(read_link_info, [file_name(Name),Opts]).
+
+
 -spec read_link(Name) -> {ok, Filename} | {error, Reason} when
       Name :: name(),
       Filename :: filename(),
@@ -240,6 +268,15 @@ read_link(Name) ->
 write_file_info(Name, Info = #file_info{}) ->
     check_and_call(write_file_info, [file_name(Name), Info]).
 
+-spec write_file_info(Filename, FileInfo, Opts) -> ok | {error, Reason} when
+      Filename :: name(),
+      Opts :: [file_info_option()],
+      FileInfo :: file_info(),
+      Reason :: posix() | badarg.
+
+write_file_info(Name, Info = #file_info{}, Opts) when is_list(Opts) ->
+    check_and_call(write_file_info, [file_name(Name), Info, Opts]).
+
 -spec list_dir(Dir) -> {ok, Filenames} | {error, Reason} when
       Dir :: name(),
       Filenames :: [filename()],
@@ -264,9 +301,9 @@ read_file(Name) ->
 make_link(Old, New) ->
     check_and_call(make_link, [file_name(Old), file_name(New)]).
 
--spec make_symlink(Name1, Name2) -> ok | {error, Reason} when
-      Name1 :: name(),
-      Name2 :: name(),
+-spec make_symlink(Existing, New) -> ok | {error, Reason} when
+      Existing :: name(),
+      New :: name(),
       Reason :: posix() | badarg.
 
 make_symlink(Old, New) ->
@@ -1100,8 +1137,9 @@ change_group(Name, GroupId)
       Mtime :: date_time(),
       Reason :: posix() | badarg.
 
-change_time(Name, Time) 
-  when is_tuple(Time) ->
+change_time(Name, {{Y, M, D}, {H, Min, Sec}}=Time)
+  when is_integer(Y), is_integer(M), is_integer(D),
+       is_integer(H), is_integer(Min), is_integer(Sec)->
     write_file_info(Name, #file_info{mtime=Time}).
 
 -spec change_time(Filename, Atime, Mtime) -> ok | {error, Reason} when
@@ -1110,10 +1148,150 @@ change_time(Name, Time)
       Mtime :: date_time(),
       Reason :: posix() | badarg.
 
-change_time(Name, Atime, Mtime) 
-  when is_tuple(Atime), is_tuple(Mtime) ->
+change_time(Name, {{AY, AM, AD}, {AH, AMin, ASec}}=Atime,
+         {{MY, MM, MD}, {MH, MMin, MSec}}=Mtime)
+  when is_integer(AY), is_integer(AM), is_integer(AD),
+       is_integer(AH), is_integer(AMin), is_integer(ASec),
+       is_integer(MY), is_integer(MM), is_integer(MD),
+       is_integer(MH), is_integer(MMin), is_integer(MSec)->
     write_file_info(Name, #file_info{atime=Atime, mtime=Mtime}).
 
+%%
+%% Send data using sendfile
+%%
+
+-define(MAX_CHUNK_SIZE, (1 bsl 20)*20). %% 20 MB, has to fit in primary memory
+
+-spec sendfile(RawFile, Socket, Offset, Bytes, Opts) ->
+   {'ok', non_neg_integer()} | {'error', inet:posix() | 
+				closed | badarg | not_owner} when
+      RawFile :: file:fd(),
+      Socket :: inet:socket(),
+      Offset :: non_neg_integer(),
+      Bytes :: non_neg_integer(),
+      Opts :: [sendfile_option()].
+sendfile(File, _Sock, _Offet, _Bytes, _Opts) when is_pid(File) ->
+    {error, badarg};
+sendfile(File, Sock, Offset, Bytes, []) ->
+    sendfile(File, Sock, Offset, Bytes, ?MAX_CHUNK_SIZE, [], [],
+	     false, false, false);
+sendfile(File, Sock, Offset, Bytes, Opts) ->
+    ChunkSize0 = proplists:get_value(chunk_size, Opts, ?MAX_CHUNK_SIZE),
+    ChunkSize = if ChunkSize0 > ?MAX_CHUNK_SIZE ->
+			?MAX_CHUNK_SIZE;
+		   true -> ChunkSize0
+		end,
+    %% Support for headers, trailers and options has been removed because the
+    %% Darwin and BSD API for using it does not play nice with
+    %% non-blocking sockets. See unix_efile.c for more info.
+    sendfile(File, Sock, Offset, Bytes, ChunkSize, [], [],
+	     false,false,false).
+
+%% sendfile/2
+-spec sendfile(Filename, Socket) ->
+   {'ok', non_neg_integer()} | {'error', inet:posix() | 
+				closed | badarg | not_owner}
+      when Filename :: file:name(),
+	   Socket :: inet:socket().
+sendfile(Filename, Sock)  ->
+    case file:open(Filename, [read, raw, binary]) of
+	{error, Reason} ->
+	    {error, Reason};
+	{ok, Fd} ->
+	    Res = sendfile(Fd, Sock, 0, 0, []),
+	    file:close(Fd),
+	    Res
+    end.
+
+%% Internal sendfile functions
+sendfile(#file_descriptor{ module = Mod } = Fd, Sock, Offset, Bytes,
+	 ChunkSize, Headers, Trailers, Nodiskio, MNowait, Sync)
+  when is_port(Sock) ->
+    case Mod:sendfile(Fd, Sock, Offset, Bytes, ChunkSize, Headers, Trailers,
+		      Nodiskio, MNowait, Sync) of
+	{error, enotsup} ->
+	    sendfile_fallback(Fd, Sock, Offset, Bytes, ChunkSize,
+			      Headers, Trailers);
+	Else ->
+	    Else
+    end;
+sendfile(_,_,_,_,_,_,_,_,_,_) ->
+    {error, badarg}.
+
+%%%
+%% Sendfile Fallback
+%%%
+sendfile_fallback(File, Sock, Offset, Bytes, ChunkSize,
+		  Headers, Trailers)
+  when Headers == []; is_integer(Headers) ->
+    case sendfile_fallback(File, Sock, Offset, Bytes, ChunkSize) of
+	{ok, BytesSent} when is_list(Trailers),
+			     Trailers =/= [],
+			     is_integer(Headers) ->
+	    sendfile_send(Sock, Trailers, BytesSent+Headers);
+	{ok, BytesSent} when is_list(Trailers), Trailers =/= [] ->
+	    sendfile_send(Sock, Trailers, BytesSent);
+	{ok, BytesSent} when is_integer(Headers) ->
+	    {ok, BytesSent + Headers};
+	Else ->
+	    Else
+    end;
+sendfile_fallback(File, Sock, Offset, Bytes, ChunkSize, Headers, Trailers) ->
+    case sendfile_send(Sock, Headers, 0) of
+	{ok, BytesSent} ->
+	    sendfile_fallback(File, Sock, Offset, Bytes, ChunkSize, BytesSent,
+			      Trailers);
+	Else ->
+	    Else
+    end.
+
+
+sendfile_fallback(File, Sock, Offset, Bytes, ChunkSize) ->
+    {ok, CurrPos} = file:position(File, {cur, 0}),
+    {ok, _NewPos} = file:position(File, {bof, Offset}),
+    Res = sendfile_fallback_int(File, Sock, Bytes, ChunkSize, 0),
+    file:position(File, {bof, CurrPos}),
+    Res.
+
+
+sendfile_fallback_int(File, Sock, Bytes, ChunkSize, BytesSent)
+  when Bytes > BytesSent; Bytes == 0 ->
+    Size = if Bytes == 0 ->
+		   ChunkSize;
+	       (Bytes - BytesSent + ChunkSize) > 0 ->
+		   Bytes - BytesSent;
+	      true ->
+		   ChunkSize
+	   end,
+    case file:read(File, Size) of
+	{ok, Data} ->
+	    case sendfile_send(Sock, Data, BytesSent) of
+		{ok,NewBytesSent} ->
+		    sendfile_fallback_int(
+		      File, Sock, Bytes, ChunkSize,
+		      NewBytesSent);
+		Error ->
+		    Error
+	    end;
+	eof ->
+	    {ok, BytesSent};
+	Error ->
+	    Error
+    end;
+sendfile_fallback_int(_File, _Sock, BytesSent, _ChunkSize, BytesSent) ->
+    {ok, BytesSent}.
+
+sendfile_send(Sock, Data, Old) ->
+    Len = iolist_size(Data),
+    case gen_tcp:send(Sock, Data) of
+	ok ->
+	    {ok, Len+Old};
+	Else ->
+	    Else
+    end.
+
+
+
 %%%-----------------------------------------------------------------
 %%% Helpers
 
diff --git a/lib/kernel/src/file_server.erl b/lib/kernel/src/file_server.erl
index 64c61ba3ac..fc6cd823c9 100644
--- a/lib/kernel/src/file_server.erl
+++ b/lib/kernel/src/file_server.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2000-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2000-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -147,15 +147,24 @@ handle_call({get_cwd, Name}, _From, Handle) ->
 handle_call({read_file_info, Name}, _From, Handle) ->
     {reply, ?PRIM_FILE:read_file_info(Handle, Name), Handle};
 
+handle_call({read_file_info, Name, Opts}, _From, Handle) ->
+    {reply, ?PRIM_FILE:read_file_info(Handle, Name, Opts), Handle};
+
 handle_call({altname, Name}, _From, Handle) ->
     {reply, ?PRIM_FILE:altname(Handle, Name), Handle};
 
 handle_call({write_file_info, Name, Info}, _From, Handle) ->
     {reply, ?PRIM_FILE:write_file_info(Handle, Name, Info), Handle};
 
+handle_call({write_file_info, Name, Info, Opts}, _From, Handle) ->
+    {reply, ?PRIM_FILE:write_file_info(Handle, Name, Info, Opts), Handle};
+
 handle_call({read_link_info, Name}, _From, Handle) ->
     {reply, ?PRIM_FILE:read_link_info(Handle, Name), Handle};
 
+handle_call({read_link_info, Name, Opts}, _From, Handle) ->
+    {reply, ?PRIM_FILE:read_link_info(Handle, Name, Opts), Handle};
+
 handle_call({read_link, Name}, _From, Handle) ->
     {reply, ?PRIM_FILE:read_link(Handle, Name), Handle};
 
diff --git a/lib/kernel/src/gen_sctp.erl b/lib/kernel/src/gen_sctp.erl
index 77ca26b845..d8954f0cf7 100644
--- a/lib/kernel/src/gen_sctp.erl
+++ b/lib/kernel/src/gen_sctp.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -314,7 +314,7 @@ eof_or_abort(S, AssocId, Action) ->
 -spec send(Socket, SndRcvInfo, Data) -> ok | {error, Reason} when
       Socket :: sctp_socket(),
       SndRcvInfo :: #sctp_sndrcvinfo{},
-      Data :: binary | iolist(),
+      Data :: binary() | iolist(),
       Reason :: term().
 
 %% Full-featured send. Rarely needed.
@@ -331,7 +331,7 @@ send(S, SRI, Data) ->
       Socket :: sctp_socket(),
       Assoc :: #sctp_assoc_change{} | assoc_id(),
       Stream :: integer(),
-      Data :: binary | iolist(),
+      Data :: binary() | iolist(),
       Reason :: term().
 
 send(S, #sctp_assoc_change{assoc_id=AssocId}, Stream, Data)
diff --git a/lib/kernel/src/gen_tcp.erl b/lib/kernel/src/gen_tcp.erl
index 8ab18c01b4..4d6c7f5f1d 100644
--- a/lib/kernel/src/gen_tcp.erl
+++ b/lib/kernel/src/gen_tcp.erl
@@ -27,6 +27,7 @@
 -export([fdopen/2]).
 
 -include("inet_int.hrl").
+-include("file.hrl").
 
 -type option() ::
         {active,          true | false | once} |
@@ -302,7 +303,7 @@ unrecv(S, Data) when is_port(S) ->
 	    Mod:unrecv(S, Data);
 	Error ->
 	    Error
-    end.    
+    end.
 
 %%
 %% Set controlling process
@@ -354,3 +355,4 @@ mod([_|Opts], Address) ->
     mod(Opts, Address);
 mod([], Address) ->
     mod(Address).
+
diff --git a/lib/kernel/src/hipe_unified_loader.erl b/lib/kernel/src/hipe_unified_loader.erl
index 1d3eb926ca..8b3aa0286d 100644
--- a/lib/kernel/src/hipe_unified_loader.erl
+++ b/lib/kernel/src/hipe_unified_loader.erl
@@ -36,7 +36,6 @@
 
 -export([chunk_name/1,
 	 %% Only the code and code_server modules may call the entries below!
-	 load_hipe_modules/0,
 	 load_native_code/2,
 	 post_beam_load/1,
 	 load_module/3,
@@ -78,16 +77,6 @@ chunk_name(Architecture) ->
 
 %%========================================================================
 
--spec load_hipe_modules() -> 'ok'.
-%% @doc
-%%    Ensures HiPE's loader modules are loaded.
-%%    Called from code.erl at start-up.
-
-load_hipe_modules() ->
-  ok.
-
-%%========================================================================
-
 -spec load_native_code(Mod, binary()) -> 'no_native' | {'module', Mod}
 					  when is_subtype(Mod, atom()).
 %% @doc
diff --git a/lib/kernel/src/inet.erl b/lib/kernel/src/inet.erl
index b60c68e3a1..49f64a9236 100644
--- a/lib/kernel/src/inet.erl
+++ b/lib/kernel/src/inet.erl
@@ -40,6 +40,10 @@
 
 -export([tcp_controlling_process/2, udp_controlling_process/2,
 	 tcp_close/1, udp_close/1]).
+
+%% used by sendfile
+-export([lock_socket/2]).
+
 %% used by socks5
 -export([setsockname/2, setpeername/2]).
 
@@ -1353,3 +1357,14 @@ stop_timer(Timer) ->
 	    end;
 	T -> T
     end.
+
+
+lock_socket(S,Val) ->
+    case erlang:port_info(S, connected) of
+	{connected, Pid} when Pid =/= self() ->
+	    {error, not_owner};
+	undefined ->
+	    {error, einval};
+	_ ->
+	    prim_inet:ignorefd(S,Val)
+    end.
diff --git a/lib/kernel/src/inet_int.hrl b/lib/kernel/src/inet_int.hrl
index f8984b13fe..cf893c73eb 100644
--- a/lib/kernel/src/inet_int.hrl
+++ b/lib/kernel/src/inet_int.hrl
@@ -85,6 +85,8 @@
 -define(INET_REQ_GETIFADDRS,    25).
 -define(INET_REQ_ACCEPT,        26).
 -define(INET_REQ_LISTEN,        27).
+-define(INET_REQ_IGNOREFD,      28).
+
 %% TCP requests
 %%-define(TCP_REQ_ACCEPT,         40). MOVED
 %%-define(TCP_REQ_LISTEN,         41). MERGED
diff --git a/lib/kernel/src/user_drv.erl b/lib/kernel/src/user_drv.erl
index e33b4830ab..8f2ca28f56 100644
--- a/lib/kernel/src/user_drv.erl
+++ b/lib/kernel/src/user_drv.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/kernel/src/user_sup.erl b/lib/kernel/src/user_sup.erl
index 35b7ff0cfe..cb50d9491d 100644
--- a/lib/kernel/src/user_sup.erl
+++ b/lib/kernel/src/user_sup.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -45,7 +45,7 @@ init([]) ->
 	    Pid = start_slave(Master),
 	    {ok, Pid, Pid};
 	{M, F, A} ->
-	    case start_user({M, F}, A) of
+	    case start_user(M, F, A) of
 		{ok, Pid} ->
 		    {ok, Pid, Pid};
 		Error ->
@@ -95,8 +95,8 @@ terminate(_Reason, UserPid) ->
 %% is guaranteed that the user is started.
 %%-----------------------------------------------------------------
 
-start_user(Func,A) ->
-    apply(Func, A),
+start_user(Mod, Func, A) ->
+    apply(Mod, Func, A),
     wait_for_user_p(100).
 
 wait_for_user_p(0) ->
diff --git a/lib/kernel/test/Makefile b/lib/kernel/test/Makefile
index 82bc3fc6d1..5dcaad3f5e 100644
--- a/lib/kernel/test/Makefile
+++ b/lib/kernel/test/Makefile
@@ -74,7 +74,8 @@ MODULES= \
 	wrap_log_reader_SUITE \
 	cleanup \
 	zlib_SUITE \
-	loose_node
+	loose_node \
+	sendfile_SUITE
 
 APP_FILES = \
 	appinc.app \
diff --git a/lib/kernel/test/code_SUITE.erl b/lib/kernel/test/code_SUITE.erl
index 10ab3e4370..99b0cd2ffb 100644
--- a/lib/kernel/test/code_SUITE.erl
+++ b/lib/kernel/test/code_SUITE.erl
@@ -30,9 +30,9 @@
 	 load_cached/1, start_node_with_cache/1, add_and_rehash/1,
 	 where_is_file_cached/1, where_is_file_no_cache/1,
 	 purge_stacktrace/1, mult_lib_roots/1, bad_erl_libs/1,
-	 code_archive/1, code_archive2/1, on_load/1,
-	 big_boot_embedded/1,
-	 on_load_embedded/1, on_load_errors/1, native_early_modules/1]).
+	 code_archive/1, code_archive2/1, on_load/1, on_load_binary/1,
+	 on_load_embedded/1, on_load_errors/1, big_boot_embedded/1,
+	 native_early_modules/1]).
 
 -export([init_per_testcase/2, end_per_testcase/2, 
 	 init_per_suite/1, end_per_suite/1,
@@ -55,8 +55,8 @@ all() ->
      add_and_rehash, where_is_file_no_cache,
      where_is_file_cached, purge_stacktrace, mult_lib_roots,
      bad_erl_libs, code_archive, code_archive2, on_load,
-     on_load_embedded, big_boot_embedded, on_load_errors, 
-     native_early_modules].
+     on_load_binary, on_load_embedded, on_load_errors,
+     big_boot_embedded, native_early_modules].
 
 groups() -> 
     [].
@@ -1286,6 +1286,45 @@ on_load_wait_for_all([Ref|T]) ->
     end;
 on_load_wait_for_all([]) -> ok.
 
+on_load_binary(_) ->
+    Master = on_load_binary_test_case_process,
+    register(Master, self()),
+
+    %% Construct, compile and pretty-print.
+    Mod = on_load_binary,
+    File = atom_to_list(Mod) ++ ".erl",
+    Forms = [{attribute,1,file,{File,1}},
+	     {attribute,1,module,Mod},
+	     {attribute,2,export,[{ok,0}]},
+	     {attribute,3,on_load,{init,0}},
+	     {function,5,init,0,
+	      [{clause,5,[],[],
+		[{op,6,'!',
+		  {atom,6,Master},
+		  {tuple,6,[{atom,6,Mod},{call,6,{atom,6,self},[]}]}},
+		 {'receive',7,[{clause,8,[{atom,8,go}],[],[{atom,8,ok}]}]}]}]},
+	     {function,11,ok,0,[{clause,11,[],[],[{atom,11,true}]}]}],
+    {ok,Mod,Bin} = compile:forms(Forms, [report]),
+    [io:put_chars(erl_pp:form(F)) || F <- Forms],
+
+    {Pid1,Ref1} = spawn_monitor(fun() ->
+					code:load_binary(Mod, File, Bin),
+					true = on_load_binary:ok()
+				end),
+    receive {Mod,OnLoadPid} -> ok end,
+    {Pid2,Ref2} = spawn_monitor(fun() ->
+					true = on_load_binary:ok()
+				end),
+    erlang:yield(),
+    OnLoadPid ! go,
+    receive {'DOWN',Ref1,process,Pid1,Exit1} -> ok end,
+    receive {'DOWN',Ref2,process,Pid2,Exit2} -> ok end,
+    normal = Exit1,
+    normal = Exit2,
+    true = code:delete(on_load_binary),
+    false = code:purge(on_load_binary),
+    ok.
+
 on_load_embedded(Config) when is_list(Config) ->
     try
 	on_load_embedded_1(Config)
diff --git a/lib/kernel/test/erl_prim_loader_SUITE.erl b/lib/kernel/test/erl_prim_loader_SUITE.erl
index 7599a89779..d0d52c5ea7 100644
--- a/lib/kernel/test/erl_prim_loader_SUITE.erl
+++ b/lib/kernel/test/erl_prim_loader_SUITE.erl
@@ -175,10 +175,10 @@ wait_really_started(Node, N) ->
 inet_disconnects(doc) -> ["Start a node using the 'inet' loading method, ",
 			  "then lose the connection."];
 inet_disconnects(Config) when is_list(Config) ->
-    case os:type() of
-	vxworks ->
-	    {comment, "VxWorks: tested separately"};
-	_ ->
+    case test_server:is_native(erl_boot_server) of
+	true ->
+	    {skip,"erl_boot_server is native"};
+	false ->
 	    ?line Name = erl_prim_test_inet_disconnects,
 	    ?line Host = host(),
 	    ?line Cookie = atom_to_list(erlang:get_cookie()),
diff --git a/lib/kernel/test/file_SUITE.erl b/lib/kernel/test/file_SUITE.erl
index 77fc7e73f9..2b6af7e1fb 100644
--- a/lib/kernel/test/file_SUITE.erl
+++ b/lib/kernel/test/file_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -78,7 +78,7 @@
 
 -export([altname/1]).
 
--export([large_file/1]).
+-export([large_file/1, large_write/1]).
 
 -export([read_line_1/1, read_line_2/1, read_line_3/1,read_line_4/1]).
 
@@ -92,6 +92,8 @@
 -export([bytes/2, iterate/3]).
 
 
+%% System probe functions that might be handy to check from the shell
+-export([disc_free/1, memsize/0]).
 
 -include_lib("test_server/include/test_server.hrl").
 -include_lib("kernel/include/file.hrl").
@@ -106,7 +108,7 @@ all() ->
      {group, compression}, {group, links}, copy,
      delayed_write, read_ahead, segment_read, segment_write,
      ipread, pid2name, interleaved_read_write, otp_5814,
-     large_file, read_line_1, read_line_2, read_line_3,
+     large_file, large_write, read_line_1, read_line_2, read_line_3,
      read_line_4, standard_io].
 
 groups() -> 
@@ -143,6 +145,13 @@ end_per_group(_GroupName, Config) ->
 
 
 init_per_suite(Config) when is_list(Config) ->
+    SaslConfig = case application:start(sasl) of
+		     {error, {already_started, sasl}} ->
+			 [];
+		     ok ->
+			 [{sasl,started}]
+		 end,
+    ok = application:start(os_mon),
     case os:type() of
 	{win32, _} ->
 	    Priv = ?config(priv_dir, Config),
@@ -154,9 +163,9 @@ init_per_suite(Config) when is_list(Config) ->
 		    {ok, _} ->
 			[]
 		end,
-	    ?FILE_INIT(HasAccessTime++Config);
+	    ?FILE_INIT(HasAccessTime++Config++SaslConfig);
 	_ ->
-	    ?FILE_INIT(Config)
+	    ?FILE_INIT(Config++SaslConfig)
     end.
 
 end_per_suite(Config) when is_list(Config) ->
@@ -166,6 +175,13 @@ end_per_suite(Config) when is_list(Config) ->
 	_ ->
 	    ok
     end,
+    application:stop(os_mon),
+    case proplists:get_value(sasl, Config) of
+	started ->
+	    application:stop(sasl);
+	_Else ->
+	    ok
+    end,
     ?FILE_FINI(Config).
 
 init_per_testcase(_Func, Config) ->
@@ -394,6 +410,7 @@ make_del_dir(Config) when is_list(Config) ->
 	%% Don't worry ;-) the parent directory should never be empty, right?
 	?line case ?FILE_MODULE:del_dir('..') of
 		  {error, eexist} -> ok;
+		  {error, eacces} -> ok;		%OpenBSD
 		  {error, einval} -> ok			%FreeBSD
 	      end,
 	?line {error, enoent} = ?FILE_MODULE:del_dir(""),
@@ -3144,12 +3161,12 @@ ipread_int(Dir, ModeList) ->
 		{fun (Bin) when is_binary(Bin) -> Bin;
 		     (List) when is_list(List) -> list_to_binary(List)
 		 end, 
-		 {erlang, size}};
+		 fun erlang:byte_size/1};
 	    false ->
 		{fun (Bin) when is_binary(Bin) -> binary_to_list(Bin);
 		     (List) when is_list(List) -> List
 		 end, 
-		 {erlang, length}}
+		 fun erlang:length/1}
 	end,
     ?line Pos = 4711,
     ?line Data = Conv("THE QUICK BROWN FOX JUMPS OVER A LAZY DOG"),
@@ -3287,50 +3304,13 @@ large_file(suite) ->
 large_file(doc) ->
     ["Tests positioning in large files (> 4G)"];
 large_file(Config) when is_list(Config) ->
-    case {os:type(),os:version()} of
-	{{win32,nt},_} ->
-	    do_large_file(Config);
-	{{unix,sunos},{A,B,C}}
-	when A == 5, B == 5, C >= 1;   A == 5, B >= 6;   A >= 6 ->
-	    do_large_file(Config);
-	{{unix,Unix},_} when Unix =/= sunos ->
-	    N = unix_free(Config),
-	    io:format("Free: ~w KByte~n", [N]),
-	    if N < 5 * (1 bsl 20) ->
-		    %% Less than 5 GByte free
-		    {skipped,"Less than 5 GByte free"};
-	       true ->
-		    do_large_file(Config)
-	    end;
-	_ -> 
-	    {skipped,"Only supported on Win32, Unix or SunOS >= 5.5.1"}
-    end.
+    run_large_file_test(Config,
+			fun(Name) -> do_large_file(Name) end,
+			"_large_file").
 
-unix_free(Config) ->
-    Cmd = ["df -k '",?config(priv_dir, Config),"'"],
-    DF0 = os:cmd(Cmd),
-    io:format("$ ~s~n~s", [Cmd,DF0]),
-    [$\n|DF1] = lists:dropwhile(fun ($\n) -> false; (_) -> true end, DF0),
-    {ok,[N],_} = io_lib:fread(" ~*s ~d", DF1),
-    N.
+do_large_file(Name) ->
+    ?line Watchdog = ?t:timetrap(?t:minutes(20)),
 
-do_large_file(Config) ->
-    ?line Watchdog = ?t:timetrap(?t:minutes(5)),
-    %%
-    ?line Name = filename:join(?config(priv_dir, Config),
-			       ?MODULE_STRING ++ "_large_file"),
-    ?line Tester = self(),
-    Deleter = 
-	spawn(
-	  fun() ->
-		  Mref = erlang:monitor(process, Tester),
-		  receive
-		      {'DOWN',Mref,_,_,_} -> ok;
-		      {Tester,done} -> ok
-		  end,
-		  ?FILE_MODULE:delete(Name)
-	  end),
-    %%
     ?line S = "1234567890",
     L = length(S),
     R = lists:reverse(S),
@@ -3366,15 +3346,36 @@ do_large_file(Config) ->
     ?line {ok,R}   = ?FILE_MODULE:read(F1, L+1),
     ?line ok       = ?FILE_MODULE:close(F1),
     %%
-    ?line Mref = erlang:monitor(process, Deleter),
-    ?line Deleter ! {Tester,done},
-    ?line receive {'DOWN',Mref,_,_,_} -> ok end,
-    %%
     ?line ?t:timetrap_cancel(Watchdog),
     ok.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
+large_write(Config) when is_list(Config) ->
+    run_large_file_test(Config,
+			fun(Name) -> do_large_write(Name) end,
+			"_large_write").
+
+do_large_write(Name) ->
+    Memsize = memsize(),
+    io:format("Memsize = ~w Bytes~n", [Memsize]),
+    case {erlang:system_info(wordsize),Memsize} of
+	{4,_} ->
+	    {skip,"Needs a 64-bit emulator"};
+	{8,N} when N < 6 bsl 30 ->
+	    {skip,
+	     "This machine has < 6 GB  memory: "
+	     ++integer_to_list(N)};
+	{8,_} ->
+	    Size = 4*1024*1024*1024+1,
+	    Bin = <<0:Size/unit:8>>,
+	    ok = file:write_file(Name, Bin),
+	    {ok,#file_info{size=Size}} = file:read_file_info(Name),
+	    ok
+    end.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
 
 
 response_analysis(Module, Function, Arguments) ->
@@ -3950,3 +3951,67 @@ flush(Msgs) ->
     after 0 ->
 	    lists:reverse(Msgs)
     end.
+
+%%%
+%%% Support for testing large files.
+%%%
+
+run_large_file_test(Config, Run, Name) ->
+    case {os:type(),os:version()} of
+	{{win32,nt},_} ->
+	    do_run_large_file_test(Config, Run, Name);
+	{{unix,sunos},OsVersion} when OsVersion < {5,5,1} ->
+	    {skip,"Only supported on Win32, Unix or SunOS >= 5.5.1"};
+	{{unix,_},_} ->
+	    N = disc_free(?config(priv_dir, Config)),
+	    io:format("Free disk: ~w KByte~n", [N]),
+	    if N < 5 * (1 bsl 20) ->
+		    %% Less than 5 GByte free
+		    {skip,"Less than 5 GByte free"};
+	       true ->
+		    do_run_large_file_test(Config, Run, Name)
+	    end;
+	_ -> 
+	    {skip,"Only supported on Win32, Unix or SunOS >= 5.5.1"}
+    end.
+
+
+do_run_large_file_test(Config, Run, Name0) ->
+    Name = filename:join(?config(priv_dir, Config),
+			 ?MODULE_STRING ++ Name0),
+    
+    %% Set up a process that will delete this file.
+    Tester = self(),
+    Deleter = 
+	spawn(
+	  fun() ->
+		  Mref = erlang:monitor(process, Tester),
+		  receive
+		      {'DOWN',Mref,_,_,_} -> ok;
+		      {Tester,done} -> ok
+		  end,
+		  ?FILE_MODULE:delete(Name)
+	  end),
+    
+    %% Run the test case.
+    Res = Run(Name),
+
+    %% Delete file and finish deleter process.
+    Mref = erlang:monitor(process, Deleter),
+    Deleter ! {Tester,done},
+    receive {'DOWN',Mref,_,_,_} -> ok end,
+
+    Res.
+
+disc_free(Path) ->
+    Data = disksup:get_disk_data(),
+    {_,Tot,Perc} = hd(lists:filter(
+			fun({P,_Size,_Full}) ->
+				lists:prefix(filename:nativename(P),
+					     filename:nativename(Path))
+			end, lists:reverse(lists:sort(Data)))),
+    round(Tot * (1-(Perc/100))).
+
+memsize() ->
+    {Tot,_Used,_}  = memsup:get_memory_data(),
+    Tot.
diff --git a/lib/kernel/test/gen_sctp_SUITE.erl b/lib/kernel/test/gen_sctp_SUITE.erl
index 300152ddce..8f490b6643 100644
--- a/lib/kernel/test/gen_sctp_SUITE.erl
+++ b/lib/kernel/test/gen_sctp_SUITE.erl
@@ -48,7 +48,9 @@ init_per_suite(_Config) ->
 	{ok,Socket} ->
 	    gen_sctp:close(Socket),
 	    [];
-	{error,eprotonosupport} ->
+	{error,Error}
+	  when Error =:= eprotonosupport;
+	       Error =:= esocktnosupport ->
 	    {skip,"SCTP not supported on this machine"}
     end.
 
diff --git a/lib/kernel/test/gen_tcp_api_SUITE.erl b/lib/kernel/test/gen_tcp_api_SUITE.erl
index cbaec2d6dd..a7af00c12a 100644
--- a/lib/kernel/test/gen_tcp_api_SUITE.erl
+++ b/lib/kernel/test/gen_tcp_api_SUITE.erl
@@ -22,7 +22,7 @@
 %% are not tested here, because they are tested indirectly in this and
 %% and other test suites.
 
--include_lib("test_server/include/test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
 -include_lib("kernel/include/inet.hrl").
 
 -export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1, 
@@ -46,6 +46,8 @@ groups() ->
      {t_connect, [], [t_connect_timeout, t_connect_bad]},
      {t_recv, [], [t_recv_timeout, t_recv_eof]}].
 
+
+
 init_per_suite(Config) ->
     Config.
 
@@ -55,9 +57,8 @@ end_per_suite(_Config) ->
 init_per_group(_GroupName, Config) ->
     Config.
 
-end_per_group(_GroupName, Config) ->
-    Config.
-
+end_per_group(_,_Config) ->
+    ok.
 
 init_per_testcase(_Func, Config) ->
     Dog = test_server:timetrap(test_server:seconds(60)),
@@ -237,7 +238,6 @@ implicit_inet6(S, Addr) ->
     ?line ok = gen_tcp:close(S1).
 
 
-
 %%% Utilities
 
 %% Calls M:F/length(A), which should return a timeout error, and complete
diff --git a/lib/kernel/test/gen_tcp_echo_SUITE.erl b/lib/kernel/test/gen_tcp_echo_SUITE.erl
index fffaaf4c45..5bbaeb02ad 100644
--- a/lib/kernel/test/gen_tcp_echo_SUITE.erl
+++ b/lib/kernel/test/gen_tcp_echo_SUITE.erl
@@ -167,8 +167,12 @@ echo_test_1(SockOpts, EchoFun, Config0) ->
 		      [{type, {cdr, little}}|Config]),
     ?line case lists:keymember(packet_size, 1, SockOpts) of
 	      false ->
-		  ?line echo_packet([{packet, line}|SockOpts],
-				    EchoFun, Config);
+		  % This is cheating, we should test that packet_size
+		  % also works for line and http.
+		  echo_packet([{packet, line}|SockOpts], EchoFun, Config),
+		  echo_packet([{packet, http}|SockOpts], EchoFun, Config),
+		  echo_packet([{packet, http_bin}|SockOpts], EchoFun, Config);
+
 	      true -> ok
 	  end,
     ?line echo_packet([{packet, tpkt}|SockOpts], EchoFun, Config),
@@ -183,9 +187,6 @@ echo_test_1(SockOpts, EchoFun, Config0) ->
 		      [{type, {asn1, short, LongTag}}|Config]),
     ?line echo_packet([{packet, asn1}|SockOpts], EchoFun,
 		      [{type, {asn1, long, LongTag}}|Config]),
-
-    ?line echo_packet([{packet, http}|SockOpts], EchoFun, Config),
-    ?line echo_packet([{packet, http_bin}|SockOpts], EchoFun, Config),
     ok.
 
 echo_packet(SockOpts, EchoFun, Opts) ->
diff --git a/lib/kernel/test/gen_tcp_misc_SUITE.erl b/lib/kernel/test/gen_tcp_misc_SUITE.erl
index b1ef8826d5..3da4b07c05 100644
--- a/lib/kernel/test/gen_tcp_misc_SUITE.erl
+++ b/lib/kernel/test/gen_tcp_misc_SUITE.erl
@@ -40,7 +40,8 @@
 	 accept_timeouts_in_order3/1,accept_timeouts_mixed/1, 
 	 killing_acceptor/1,killing_multi_acceptors/1,killing_multi_acceptors2/1,
 	 several_accepts_in_one_go/1,active_once_closed/1, send_timeout/1, send_timeout_active/1, 
-	 otp_7731/1, zombie_sockets/1, otp_7816/1, otp_8102/1]).
+	 otp_7731/1, zombie_sockets/1, otp_7816/1, otp_8102/1,
+         otp_9389/1]).
 
 %% Internal exports.
 -export([sender/3, not_owner/1, passive_sockets_server/2, priority_server/1, 
@@ -72,7 +73,7 @@ all() ->
      killing_acceptor, killing_multi_acceptors,
      killing_multi_acceptors2, several_accepts_in_one_go,
      active_once_closed, send_timeout, send_timeout_active, otp_7731,
-     zombie_sockets, otp_7816, otp_8102].
+     zombie_sockets, otp_7816, otp_8102, otp_9389].
 
 groups() -> 
     [].
@@ -1030,6 +1031,7 @@ busy_send_loop(Server, Client, N) ->
 			    {Server,send} ->
 				?line busy_send_2(Server, Client, N+1)
 			after 10000 ->
+				%% If this happens, see busy_send_srv
 				?t:fail({timeout,{server,not_send,flush([])}})
 			end
 	  end.
@@ -1049,7 +1051,9 @@ busy_send_2(Server, Client, _N) ->
 
 busy_send_srv(L, Master, Msg) ->
     %% Server
-    %%
+    %% Sometimes this accept does not return, do not really know why
+    %% but is causes the timeout error in busy_send_loop to be
+    %% triggered. Only happens on OS X Leopard?!?
     {ok,Socket} = gen_tcp:accept(L),
     busy_send_srv_loop(Socket, Master, Msg).
 
@@ -2479,4 +2483,63 @@ otp_8102_do(LSocket, PortNum, {Bin,PType}) ->
     io:format("Got error msg, ok.\n",[]),
     gen_tcp:close(SSocket),    
     gen_tcp:close(RSocket).
-    
+
+otp_9389(doc) -> ["Verify packet_size handles long HTTP header lines"];
+otp_9389(suite) -> [];
+otp_9389(Config) when is_list(Config) ->
+    ?line {ok, LS} = gen_tcp:listen(0, []),
+    ?line {ok, {_, PortNum}} = inet:sockname(LS),
+    io:format("Listening on ~w with port number ~p\n", [LS, PortNum]),
+    OrigLinkHdr = "/" ++ string:chars($S, 8192),
+    _Server = spawn_link(
+                fun() ->
+                        ?line {ok, S} = gen_tcp:accept(LS),
+                        ?line ok = inet:setopts(S, [{packet_size, 16384}]),
+                        ?line ok = otp_9389_loop(S, OrigLinkHdr),
+                        ?line ok = gen_tcp:close(S)
+                end),
+    ?line {ok, S} = gen_tcp:connect("localhost", PortNum,
+                                    [binary, {active, false}]),
+    Req = "GET / HTTP/1.1\r\n"
+        ++ "Host: localhost\r\n"
+        ++ "Link: " ++ OrigLinkHdr ++ "\r\n\r\n",
+    ?line ok = gen_tcp:send(S, Req),
+    ?line ok = inet:setopts(S, [{packet, http}]),
+    ?line {ok, {http_response, {1,1}, 200, "OK"}} = gen_tcp:recv(S, 0),
+    ?line ok = inet:setopts(S, [{packet, httph}, {packet_size, 16384}]),
+    ?line {ok, {http_header, _, 'Content-Length', _, "0"}} = gen_tcp:recv(S, 0),
+    ?line {ok, {http_header, _, "Link", _, LinkHdr}} = gen_tcp:recv(S, 0),
+    ?line true = (LinkHdr == OrigLinkHdr),
+    ok = gen_tcp:close(S),
+    ok = gen_tcp:close(LS),
+    ok.
+
+otp_9389_loop(S, OrigLinkHdr) ->
+    ?line ok = inet:setopts(S, [{active,once},{packet,http}]),
+    receive
+        {http, S, {http_request, 'GET', _, _}} ->
+            ?line ok = otp_9389_loop(S, OrigLinkHdr, undefined)
+    after
+        3000 ->
+            ?line error({timeout,request_line})
+    end.
+otp_9389_loop(S, OrigLinkHdr, ok) ->
+    ?line Resp = "HTTP/1.1 200 OK\r\nContent-length: 0\r\n" ++
+        "Link: " ++ OrigLinkHdr ++ "\r\n\r\n",
+    ?line ok = gen_tcp:send(S, Resp);
+otp_9389_loop(S, OrigLinkHdr, State) ->
+    ?line ok = inet:setopts(S, [{active,once}, {packet,httph}]),
+    receive
+        {http, S, http_eoh} ->
+            ?line otp_9389_loop(S, OrigLinkHdr, ok);
+        {http, S, {http_header, _, "Link", _, LinkHdr}} ->
+            ?line LinkHdr = OrigLinkHdr,
+            ?line otp_9389_loop(S, OrigLinkHdr, State);
+        {http, S, {http_header, _, _Hdr, _, _Val}} ->
+            ?line otp_9389_loop(S, OrigLinkHdr, State);
+        {http, S, {http_error, Err}} ->
+            ?line error({error, Err})
+    after
+        3000 ->
+            ?line error({timeout,header})
+    end.
diff --git a/lib/kernel/test/inet_SUITE.erl b/lib/kernel/test/inet_SUITE.erl
index aaa20b7398..7241b093d0 100644
--- a/lib/kernel/test/inet_SUITE.erl
+++ b/lib/kernel/test/inet_SUITE.erl
@@ -97,8 +97,12 @@ t_gethostbyaddr() ->
     required(v4).
 t_gethostbyaddr(doc) -> "Test the inet:gethostbyaddr/1 function.";
 t_gethostbyaddr(Config) when is_list(Config) ->
-    ?line {Name,FullName,IPStr,IP,Aliases,_,_} =
+    ?line {Name,FullName,IPStr,{A,B,C,D}=IP,Aliases,_,_} =
 	ct:get_config(test_host_ipv4_only),
+    ?line Rname = integer_to_list(D) ++ "." ++
+	integer_to_list(C) ++ "." ++
+	integer_to_list(B) ++ "." ++
+	integer_to_list(A) ++ ".in-addr.arpa",
     ?line {ok,HEnt} = inet:gethostbyaddr(IPStr),
     ?line {ok,HEnt} = inet:gethostbyaddr(IP),
     ?line {error,Error} = inet:gethostbyaddr(Name),
@@ -116,7 +120,7 @@ t_gethostbyaddr(Config) when is_list(Config) ->
 	    ok;
 	_ ->
 	    ?line check_elems([{HEnt#hostent.h_name,[Name,FullName]},
-			       {HEnt#hostent.h_aliases,[[],Aliases]}])
+			       {HEnt#hostent.h_aliases,[[],Aliases,[Rname]]}])
     end,
 
     ?line {_DName, _DFullName, DIPStr, DIP, _, _, _} =
diff --git a/lib/kernel/test/inet_res_SUITE.erl b/lib/kernel/test/inet_res_SUITE.erl
index 15b0ed5718..f3ba28e4f9 100644
--- a/lib/kernel/test/inet_res_SUITE.erl
+++ b/lib/kernel/test/inet_res_SUITE.erl
@@ -88,7 +88,7 @@ init_per_testcase(Func, Config) ->
 		    inet_db:ins_alt_ns(IP, Port);
 		_ -> ok
 	    end,
-	    Dog = test_server:timetrap(test_server:seconds(10)),
+	    Dog = test_server:timetrap(test_server:seconds(20)),
 	    [{nameserver,NsSpec},{res_lookup,Lookup},{watchdog,Dog}|Config]
     catch
 	SkipReason ->
@@ -303,7 +303,7 @@ basic(Config) when is_list(Config) ->
     {ok,Msg2} = inet_dns:decode(Bin2),
     %%
     %% lookup
-    [IP] = inet_res:lookup(Name, in, a, [{nameservers,[NS]}]),
+    [IP] = inet_res:lookup(Name, in, a, [{nameservers,[NS]},verbose]),
     %%
     %% gethostbyname
     {ok,#hostent{h_addr_list=[IP]}} = inet_res:gethostbyname(Name),
@@ -410,7 +410,7 @@ edns0(Config) when is_list(Config) ->
     false = inet_db:res_option(edns), % ASSERT
     true = inet_db:res_option(udp_payload_size) >= 1280, % ASSERT
     %% These will fall back to TCP
-    MXs = lists:sort(inet_res:lookup(Domain, in, mx, [{nameservers,[NS]}])),
+    MXs = lists:sort(inet_res:lookup(Domain, in, mx, [{nameservers,[NS]},verbose])),
     %%
     {ok,#hostent{h_addr_list=As}} = inet_res:getbyname(Domain++".", mx),
     MXs = lists:sort(As),
diff --git a/lib/kernel/test/inet_res_SUITE_data/run-named b/lib/kernel/test/inet_res_SUITE_data/run-named
index 39e7b1d5aa..211d2c7af7 100755
--- a/lib/kernel/test/inet_res_SUITE_data/run-named
+++ b/lib/kernel/test/inet_res_SUITE_data/run-named
@@ -2,7 +2,7 @@
 ##
 ## %CopyrightBegin%
 ## 
-## Copyright Ericsson AB 2009-2011. All Rights Reserved.
+## Copyright Ericsson AB 2009-2012. All Rights Reserved.
 ## 
 ## The contents of this file are subject to the Erlang Public License,
 ## Version 1.1, (the "License"); you may not use this file except in
@@ -47,7 +47,6 @@ CONF_FILE=named.conf
 INC_FILE=named_inc.conf
 PID_FILE=named.pid
 LOG_FILE=named.log
-EXIT_FILE=named.exit
 
 error () {
     r=$?
@@ -150,7 +149,6 @@ cat >>"$CONF_FILE" <<-CONF_FILE
 ( cd "$SRCDIR" && ls -1 ) | while read f; do
     cp -fp "$SRCDIR/$f" .
 done
-rm -f "$EXIT_FILE"
 
 # Start nameserver
 echo "Cwd: `pwd`"
@@ -158,19 +156,20 @@ echo "Nameserver: $NAMED_VER"
 echo "Port: $2"
 echo "ZoneDir: $3"
 echo "Command: $NAMED $NAMED_FG -c $CONF_FILE"
-($NAMED $NAMED_FG -c "$CONF_FILE" >"$LOG_FILE" 2>&1 </dev/null; \
- echo "$?" >"$EXIT_FILE")&
+$NAMED $NAMED_FG -c "$CONF_FILE" >"$LOG_FILE" 2>&1 </dev/null &
 NAMED_PID=$!
-trap "kill -TERM $NAMED_PID >/dev/null 2>&1; wait $NAMED_PID >/dev/null 2>&1" \
+echo "Pid: $NAMED_PID"
+trap "kill $NAMED_PID >/dev/null 2>&1; wait $NAMED_PID >/dev/null 2>&1" \
     0 1 2 3 15
-sleep 2 # Give name server time to load its zone files
-if [ -f "$EXIT_FILE" ]; then
-    ERROR="`cat "$EXIT_FILE"`"
-    (exit "$ERROR")& error "$NAMED returned $ERROR on start"
-else
+
+sleep 5 # Give name server time to load its zone files
+
+if ps -p $NAMED_PID >/dev/null 2>&1 || ps p $NAMED_PID >/dev/null 2>&1; then
     echo "Running: Enter \`\`quit'' to terminate nameserver[$NAMED_PID]..."
     while read LINE; do
 	test :"$LINE" = :'quit' && break
     done
+    echo "Closing: Terminating nameserver..."
+else
+    error "$NAMED failed to start"
 fi
-echo "Closing: Terminating nameserver..."
diff --git a/lib/kernel/test/os_SUITE.erl b/lib/kernel/test/os_SUITE.erl
index b08b12c978..ae3410d13f 100644
--- a/lib/kernel/test/os_SUITE.erl
+++ b/lib/kernel/test/os_SUITE.erl
@@ -117,9 +117,21 @@ space_in_name(Config) when is_list(Config) ->
     ?line ok = file:change_mode(Echo, 8#777),	% Make it executable on Unix.
 
     %% Run the echo program.
-
-    ?line comp("", os:cmd("\"" ++ Echo ++ "\"")),
-    ?line comp("a::b::c", os:cmd("\"" ++ Echo ++ "\" a b c")),
+    %% Quoting on windows depends on if the full path of the executable 
+    %% contains special characters. Paths when running common_tests always
+    %% include @, why Windows would always fail if we do not double the 
+    %% quotes (this is the behaviour of cmd.exe, not Erlang's idea).
+    Quote = case os:type() of
+                {win32,_} ->
+		    case (Echo -- "&<>()@^|") =:= Echo of
+		        true -> "\"";
+			false -> "\"\""
+	 	    end;
+		_ ->
+		    "\""
+	    end,
+    ?line comp("", os:cmd(Quote ++ Echo ++ Quote)),
+    ?line comp("a::b::c", os:cmd(Quote ++ Echo ++ Quote ++ " a b c")),
     ?t:sleep(5),
     ?line [] = receive_all(),
     ok.
diff --git a/lib/kernel/test/prim_file_SUITE.erl b/lib/kernel/test/prim_file_SUITE.erl
index 00eda6292f..3e2202922c 100644
--- a/lib/kernel/test/prim_file_SUITE.erl
+++ b/lib/kernel/test/prim_file_SUITE.erl
@@ -32,7 +32,10 @@
 	  file_info_basic_directory_a/1, file_info_basic_directory_b/1,
 	  file_info_bad_a/1, file_info_bad_b/1, 
 	  file_info_times_a/1, file_info_times_b/1, 
-	  file_write_file_info_a/1, file_write_file_info_b/1]).
+	  file_write_file_info_a/1, file_write_file_info_b/1,
+	  file_read_file_info_opts/1, file_write_file_info_opts/1,
+	  file_write_read_file_info_opts/1
+      ]).
 -export([rename_a/1, rename_b/1, 
 	 access/1, truncate/1, datasync/1, sync/1,
 	 read_write/1, pread_write/1, append/1, exclusive/1]).
@@ -49,6 +52,10 @@
 	  list_dir_limit/1]).
 
 -export([advise/1]).
+-export([large_write/1]).
+
+%% System probe functions that might be handy to check from the shell
+-export([unix_free/1]).
 
 -include_lib("test_server/include/test_server.hrl").
 -include_lib("kernel/include/file.hrl").
@@ -80,7 +87,7 @@ groups() ->
        cur_dir_1a, cur_dir_1b]},
      {files, [],
       [{group, open}, {group, pos}, {group, file_info},
-       truncate, sync, datasync, advise]},
+       truncate, sync, datasync, advise, large_write]},
      {open, [],
       [open1, modes, close, access, read_write, pread_write,
        append, exclusive]},
@@ -90,7 +97,10 @@ groups() ->
        file_info_basic_directory_a,
        file_info_basic_directory_b, file_info_bad_a,
        file_info_bad_b, file_info_times_a, file_info_times_b,
-       file_write_file_info_a, file_write_file_info_b]},
+       file_write_file_info_a, file_write_file_info_b,
+       file_read_file_info_opts, file_write_file_info_opts,
+       file_write_read_file_info_opts
+   ]},
      {errors, [],
       [e_delete, e_rename, e_make_dir, e_del_dir]},
      {compression, [],
@@ -284,6 +294,7 @@ make_del_dir(Config, Handle, Suffix) ->
 	%% Don't worry ;-) the parent directory should never be empty, right?
 	?line case ?PRIM_FILE_call(del_dir, Handle, [".."]) of
 		  {error, eexist} -> ok;
+		  {error, eacces} -> ok;	%OpenBSD
 		  {error, einval} -> ok		%FreeBSD
 	      end,
 	?line {error, enoent} = ?PRIM_FILE_call(del_dir, Handle, [""]),
@@ -1074,6 +1085,104 @@ file_write_file_info(Config, Handle, Suffix) ->
     ?line test_server:timetrap_cancel(Dog),
     ok.
 
+%% Test the write_file_info/3 function.
+
+file_write_file_info_opts(suite) -> [];
+file_write_file_info_opts(doc) -> [];
+file_write_file_info_opts(Config) when is_list(Config) ->
+    {ok, Handle} = ?PRIM_FILE:start(),
+    Dog = test_server:timetrap(test_server:seconds(10)),
+    RootDir = get_good_directory(Config),
+    test_server:format("RootDir = ~p", [RootDir]),
+
+    Name = filename:join(RootDir, atom_to_list(?MODULE) ++"_write_file_info_opts"),
+    ok   = ?PRIM_FILE:write_file(Name, "hello_opts"),
+
+    lists:foreach(fun
+	    ({FI, Opts}) ->
+		ok = ?PRIM_FILE_call(write_file_info, Handle, [Name, FI, Opts])
+	end, [ 
+	    {#file_info{ mode=8#600, atime = Time, mtime = Time, ctime = Time}, Opts} || 
+	    Opts <- [[{time, posix}]],
+	    Time <- [ 0,1,-1,100,-100,1000,-1000,10000,-10000 ]
+	]),
+
+    % REM: determine date range dependent on time_t = Uint32 | Sint32 | Sint64
+    % Determine time_t on os:type()?
+    lists:foreach(fun
+	    ({FI, Opts}) ->
+		ok = ?PRIM_FILE_call(write_file_info, Handle, [Name, FI, Opts])
+	end, [ 
+	    {#file_info{ mode=8#400, atime = Time, mtime = Time, ctime = Time}, Opts} || 
+	    Opts <- [[{time, universal}],[{time, local}]],
+	    Time <- [
+		{{1970,1,1},{0,0,0}},
+		{{1970,1,1},{0,0,1}},
+		{{1969,12,31},{23,59,59}},
+		{{1908,2,3},{23,59,59}},
+		{{2012,2,3},{23,59,59}},
+		{{2037,2,3},{23,59,59}},
+		erlang:localtime()
+	    ]]),
+    ok   = ?PRIM_FILE:stop(Handle),
+    test_server:timetrap_cancel(Dog),
+    ok.
+
+file_read_file_info_opts(suite) -> [];
+file_read_file_info_opts(doc) -> [];
+file_read_file_info_opts(Config) when is_list(Config) ->
+    {ok, Handle} = ?PRIM_FILE:start(),
+    Dog = test_server:timetrap(test_server:seconds(10)),
+    RootDir = get_good_directory(Config),
+    test_server:format("RootDir = ~p", [RootDir]),
+
+    Name = filename:join(RootDir, atom_to_list(?MODULE) ++"_read_file_info_opts"),
+    ok   = ?PRIM_FILE:write_file(Name, "hello_opts"),
+
+    lists:foreach(fun
+	    (Opts) ->
+		{ok,_} = ?PRIM_FILE_call(read_file_info, Handle, [Name, Opts])
+    end, [[{time, Type}] || Type <- [local, universal, posix]]),
+    ok   = ?PRIM_FILE:stop(Handle),
+    test_server:timetrap_cancel(Dog),
+    ok.
+
+%% Test the write and read back *_file_info/3 functions.
+
+file_write_read_file_info_opts(suite) -> [];
+file_write_read_file_info_opts(doc) -> [];
+file_write_read_file_info_opts(Config) when is_list(Config) ->
+    {ok, Handle} = ?PRIM_FILE:start(),
+    Dog = test_server:timetrap(test_server:seconds(10)),
+    RootDir = get_good_directory(Config),
+    test_server:format("RootDir = ~p", [RootDir]),
+
+    Name = filename:join(RootDir, atom_to_list(?MODULE) ++"_read_write_file_info_opts"),
+    ok   = ?PRIM_FILE:write_file(Name, "hello_opts2"),
+
+    ok = file_write_read_file_info_opts(Handle, Name, {{1989, 04, 28}, {19,30,22}}, [{time, local}]),
+    ok = file_write_read_file_info_opts(Handle, Name, {{1989, 04, 28}, {19,30,22}}, [{time, universal}]),
+    ok = file_write_read_file_info_opts(Handle, Name, {{1930, 04, 28}, {19,30,22}}, [{time, local}]),
+    ok = file_write_read_file_info_opts(Handle, Name, {{1930, 04, 28}, {19,30,22}}, [{time, universal}]),
+    ok = file_write_read_file_info_opts(Handle, Name, 1, [{time, posix}]),
+    ok = file_write_read_file_info_opts(Handle, Name, -1, [{time, posix}]),
+    ok = file_write_read_file_info_opts(Handle, Name, 300000, [{time, posix}]),
+    ok = file_write_read_file_info_opts(Handle, Name, -300000, [{time, posix}]),
+    ok = file_write_read_file_info_opts(Handle, Name, 0, [{time, posix}]),
+
+    ok = ?PRIM_FILE:stop(Handle),
+    test_server:timetrap_cancel(Dog),
+    ok.
+
+file_write_read_file_info_opts(Handle, Name, Mtime, Opts) ->
+    {ok, FI} = ?PRIM_FILE_call(read_file_info, Handle, [Name, Opts]),
+    FI2 = FI#file_info{ mtime = Mtime },
+    ok = ?PRIM_FILE_call(write_file_info, Handle, [Name, FI2, Opts]),
+    {ok, FI2} = ?PRIM_FILE_call(read_file_info, Handle, [Name, Opts]),
+    ok.
+
+
+
 %% Returns a directory on a file system that has correct file times.
 
 get_good_directory(Config) ->
@@ -1218,6 +1327,41 @@ advise(Config) when is_list(Config) ->
     ?line test_server:timetrap_cancel(Dog),
     ok.
 
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+large_write(Config) when is_list(Config) ->
+    run_large_file_test(Config,
+			fun(Name) -> do_large_write(Name) end,
+			"_large_write").
+
+do_large_write(Name) ->
+    Dog = test_server:timetrap(test_server:minutes(60)),
+    ChunkSize = (256 bsl 20) + 1,	% 256 M + 1
+    Chunks = 16,			% times 16 -> 4 G + 16
+    Base = 100,
+    Interleave = lists:seq(Base+1, Base+Chunks),
+    Chunk = <<0:ChunkSize/unit:8>>,
+    Data = zip_data(lists:duplicate(Chunks, Chunk), Interleave),
+    Size = Chunks * ChunkSize + Chunks,	% 4 G + 32
+    Wordsize = erlang:system_info(wordsize),
+    case prim_file:write_file(Name, Data) of
+	ok when Wordsize =:= 8 ->
+	    {ok,#file_info{size=Size}} = file:read_file_info(Name),
+	    {ok,Fd} = prim_file:open(Name, [read]),
+	    check_large_write(Dog, Fd, ChunkSize, 0, Interleave);
+	{error,einval} when Wordsize =:= 4 ->
+	    ok
+    end.
+
+check_large_write(Dog, Fd, ChunkSize, Pos, [X|Interleave]) ->
+    Pos1 = Pos + ChunkSize,
+    {ok,Pos1} = prim_file:position(Fd, {cur,ChunkSize}),
+    {ok,[X]} = prim_file:read(Fd, 1),
+    check_large_write(Dog, Fd, ChunkSize, Pos1+1, Interleave);
+check_large_write(Dog, Fd, _, _, []) ->
+    eof = prim_file:read(Fd, 1),
+    test_server:timetrap_cancel(Dog),
+    ok.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -1940,3 +2084,70 @@ list_dir_limit_cleanup(Dir, Handle, N, Cnt) ->
     ?PRIM_FILE:delete(Handle, filename:join(Dir, Name)),
     list_dir_limit_cleanup(Dir, Handle, N, Cnt+1).
 
+%%%
+%%% Support for testing large files.
+%%%
+
+run_large_file_test(Config, Run, Name) ->
+    case {os:type(),os:version()} of
+	{{win32,nt},_} ->
+	    do_run_large_file_test(Config, Run, Name);
+	{{unix,sunos},OsVersion} when OsVersion < {5,5,1} ->
+	    {skip,"Only supported on Win32, Unix or SunOS >= 5.5.1"};
+	{{unix,_},_} ->
+	    N = unix_free(?config(priv_dir, Config)),
+	    io:format("Free disk: ~w KByte~n", [N]),
+	    if N < 5 bsl 20 ->
+		    %% Less than 5 GByte free
+		    {skip,"Less than 5 GByte free disk"};
+	       true ->
+		    do_run_large_file_test(Config, Run, Name)
+	    end;
+	_ -> 
+	    {skip,"Only supported on Win32, Unix or SunOS >= 5.5.1"}
+    end.
+
+
+do_run_large_file_test(Config, Run, Name0) ->
+    Name = filename:join(?config(priv_dir, Config),
+			 ?MODULE_STRING ++ Name0),
+    
+    %% Set up a process that will delete this file.
+    Tester = self(),
+    Deleter = 
+	spawn(
+	  fun() ->
+		  Mref = erlang:monitor(process, Tester),
+		  receive
+		      {'DOWN',Mref,_,_,_} -> ok;
+		      {Tester,done} -> ok
+		  end,
+		  prim_file:delete(Name)
+	  end),
+    
+    %% Run the test case.
+    Res = Run(Name),
+
+    %% Delete file and finish deleter process.
+    Mref = erlang:monitor(process, Deleter),
+    Deleter ! {Tester,done},
+    receive {'DOWN',Mref,_,_,_} -> ok end,
+
+    Res.
+
+unix_free(Path) ->
+    Cmd = ["df -k '",Path,"'"],
+    DF0 = os:cmd(Cmd),
+    io:format("$ ~s~n~s", [Cmd,DF0]),
+    Lines = re:split(DF0, "\n", [trim,{return,list}]),
+    Last = lists:last(Lines),
+    RE = "^[^\\s]*\\s+\\d+\\s+\\d+\\s+(\\d+)",
+    {match,[Avail]} = re:run(Last, RE, [{capture,all_but_first,list}]),
+    list_to_integer(Avail).
+
+zip_data([A|As], [B|Bs]) ->
+    [[A,B]|zip_data(As, Bs)];
+zip_data([], Bs) ->
+    Bs;
+zip_data(As, []) ->
+    As.
diff --git a/lib/kernel/test/sendfile_SUITE.erl b/lib/kernel/test/sendfile_SUITE.erl
new file mode 100644
index 0000000000..6d0848ee05
--- /dev/null
+++ b/lib/kernel/test/sendfile_SUITE.erl
@@ -0,0 +1,355 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(sendfile_SUITE).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("kernel/include/file.hrl").
+
+-compile(export_all).
+
+all() ->
+    [t_sendfile_small
+     ,t_sendfile_big
+     ,t_sendfile_partial
+     ,t_sendfile_offset
+     ,t_sendfile_sendafter
+     ,t_sendfile_recvafter
+     ,t_sendfile_sendduring
+     ,t_sendfile_recvduring
+     ,t_sendfile_closeduring
+     ,t_sendfile_crashduring
+    ].
+
+init_per_suite(Config) ->
+    Priv = ?config(priv_dir, Config),
+    SFilename = filename:join(Priv, "sendfile_small.html"),
+    {ok, DS} = file:open(SFilename,[write,raw]),
+    file:write(DS,"yo baby yo"),
+    file:sync(DS),
+    file:close(DS),
+    BFilename = filename:join(Priv, "sendfile_big.html"),
+    {ok, DB} = file:open(BFilename,[write,raw]),
+    [file:write(DB,[<<0:(10*8*1024*1024)>>]) || _I <- lists:seq(1,51)],
+    file:sync(DB),
+    file:close(DB),
+    [{small_file, SFilename},
+     {file_opts,[raw,binary]},
+     {big_file, BFilename}|Config].
+
+end_per_suite(Config) ->
+    file:delete(proplists:get_value(big_file, Config)).
+
+init_per_testcase(TC,Config) when TC == t_sendfile_recvduring;
+				  TC == t_sendfile_sendduring ->
+    Filename = proplists:get_value(small_file, Config),
+
+    Send = fun(Sock) ->
+		   {_Size, Data} = sendfile_file_info(Filename),
+		   {ok,D} = file:open(Filename, [raw,binary,read]),
+		   prim_file:sendfile(D, Sock, 0, 0, 0,
+				      [],[],false,false,false),
+		   Data
+	   end,
+
+    %% Check if sendfile is supported on this platform
+    case catch sendfile_send(Send) of
+	ok ->
+	    Config;
+	Error ->
+	    ct:log("Error: ~p",[Error]),
+	    {skip,"Not supported"}
+    end;
+init_per_testcase(_Tc,Config) ->
+    Config.
+
+
+t_sendfile_small(Config) when is_list(Config) ->
+    Filename = proplists:get_value(small_file, Config),
+
+    Send = fun(Sock) ->
+		   {Size, Data} = sendfile_file_info(Filename),
+		   {ok, Size} = file:sendfile(Filename, Sock),
+		   Data
+	   end,
+
+    ok = sendfile_send(Send).
+
+t_sendfile_big(Config) when is_list(Config) ->
+    Filename = proplists:get_value(big_file, Config),
+
+    Send = fun(Sock) ->
+		   {ok, #file_info{size = Size}} =
+		       file:read_file_info(Filename),
+		   {ok, Size} = file:sendfile(Filename, Sock),
+		   Size
+	   end,
+
+    ok = sendfile_send({127,0,0,1}, Send, 0).
+
+t_sendfile_partial(Config) ->
+    Filename = proplists:get_value(small_file, Config),
+    FileOpts = proplists:get_value(file_opts, Config, []),
+
+    SendSingle = fun(Sock) ->
+			 {_Size, <<Data:5/binary,_/binary>>} =
+			     sendfile_file_info(Filename),
+			 {ok,D} = file:open(Filename,[read|FileOpts]),
+			 {ok,5} = file:sendfile(D,Sock,0,5,[]),
+			 file:close(D),
+			 Data
+		 end,
+    ok = sendfile_send(SendSingle),
+
+    {_Size, <<FData:5/binary,SData:3/binary,_/binary>>} =
+	sendfile_file_info(Filename),
+    {ok,D} = file:open(Filename,[read|FileOpts]),
+    {ok, <<FData/binary>>} = file:read(D,5),
+    FSend = fun(Sock) ->
+		    {ok,5} = file:sendfile(D,Sock,0,5,[]),
+		    FData
+	    end,
+
+    ok = sendfile_send(FSend),
+
+    SSend = fun(Sock) ->
+		    {ok,3} = file:sendfile(D,Sock,5,3,[]),
+		    SData
+	    end,
+
+    ok = sendfile_send(SSend),
+
+    {ok, <<SData/binary>>} = file:read(D,3),
+
+    file:close(D).
+
+t_sendfile_offset(Config) ->
+    Filename = proplists:get_value(small_file, Config),
+    FileOpts = proplists:get_value(file_opts, Config, []),
+
+    Send = fun(Sock) ->
+		   {_Size, <<_:5/binary,Data:3/binary,_/binary>> = AllData} =
+		       sendfile_file_info(Filename),
+		   {ok,D} = file:open(Filename,[read|FileOpts]),
+		   {ok,3} = file:sendfile(D,Sock,5,3,[]),
+		   {ok, AllData} = file:read(D,100),
+		   file:close(D),
+		   Data
+	   end,
+    ok = sendfile_send(Send).
+
+
+t_sendfile_sendafter(Config) ->
+    Filename = proplists:get_value(small_file, Config),
+
+    Send = fun(Sock) ->
+		   {Size, Data} = sendfile_file_info(Filename),
+		   {ok, Size} = file:sendfile(Filename, Sock),
+		   ok = gen_tcp:send(Sock, <<2>>),
+		   <<Data/binary,2>>
+	   end,
+
+    ok = sendfile_send(Send).
+
+t_sendfile_recvafter(Config) ->
+    Filename = proplists:get_value(small_file, Config),
+
+    Send = fun(Sock) ->
+		   {Size, Data} = sendfile_file_info(Filename),
+		   {ok, Size} = file:sendfile(Filename, Sock),
+		   ok = gen_tcp:send(Sock, <<1>>),
+		   {ok,<<1>>} = gen_tcp:recv(Sock, 1),
+		   <<Data/binary,1>>
+	   end,
+
+    ok = sendfile_send(Send).
+
+t_sendfile_sendduring(Config) ->
+    Filename = proplists:get_value(big_file, Config),
+
+    Send = fun(Sock) ->
+		   {ok, #file_info{size = Size}} =
+		       file:read_file_info(Filename),
+		   spawn_link(fun() ->
+				      timer:sleep(50),
+				      ok = gen_tcp:send(Sock, <<2>>)
+			      end),
+		   {ok, Size} = file:sendfile(Filename, Sock),
+		   Size+1
+	   end,
+
+    ok = sendfile_send({127,0,0,1}, Send, 0).
+
+t_sendfile_recvduring(Config) ->
+    Filename = proplists:get_value(big_file, Config),
+
+    Send = fun(Sock) ->
+		   {ok, #file_info{size = Size}} =
+		       file:read_file_info(Filename),
+		   spawn_link(fun() ->
+				      timer:sleep(50),
+				      ok = gen_tcp:send(Sock, <<1>>),
+				      {ok,<<1>>} = gen_tcp:recv(Sock, 1)
+			      end),
+		   {ok, Size} = file:sendfile(Filename, Sock),
+		   timer:sleep(1000),
+		   Size+1
+	   end,
+
+    ok = sendfile_send({127,0,0,1}, Send, 0).
+
+t_sendfile_closeduring(Config) ->
+    Filename = proplists:get_value(big_file, Config),
+
+    Send = fun(Sock,SFServPid) ->
+		   spawn_link(fun() ->
+				      timer:sleep(50),
+				      SFServPid ! stop
+			      end),
+		   case erlang:system_info(thread_pool_size) of
+		       0 ->
+			   {error, closed} = file:sendfile(Filename, Sock);
+		       _Else ->
+			   %% This can return how much has been sent or
+			   %% {error,closed} depending on OS.
+			   %% How much is sent impossible to know as
+			   %%  the socket was closed mid sendfile
+			   case file:sendfile(Filename, Sock) of
+			       {error, closed} ->
+				   ok;
+			       {ok, Size}  when is_integer(Size) ->
+				   ok
+			   end
+		   end,
+		   -1
+	   end,
+
+    ok = sendfile_send({127,0,0,1}, Send, 0).
+
+t_sendfile_crashduring(Config) ->
+    Filename = proplists:get_value(big_file, Config),
+
+    error_logger:add_report_handler(?MODULE,[self()]),
+
+    Send = fun(Sock) ->
+		   spawn_link(fun() ->
+				      timer:sleep(50),
+				      exit(die)
+			      end),
+		   {error, closed} = file:sendfile(Filename, Sock),
+		   -1
+	   end,
+    process_flag(trap_exit,true),
+    spawn_link(fun() ->
+		       ok = sendfile_send({127,0,0,1}, Send, 0)
+	       end),
+    receive
+	{stolen,Reason} ->
+	    process_flag(trap_exit,false),
+	    ct:fail(Reason)
+	after 200 ->
+		receive
+		    {'EXIT',_,Reason} ->
+			process_flag(trap_exit,false),
+			die = Reason
+		end
+	end.
+
+%% Generic sendfile server code
+sendfile_send(Send) ->
+    sendfile_send({127,0,0,1},Send).
+sendfile_send(Host, Send) ->
+    sendfile_send(Host, Send, []).
+sendfile_send(Host, Send, Orig) ->
+    SFServer = spawn_link(?MODULE, sendfile_server, [self(), Orig]),
+    receive
+	{server, Port} ->
+	    {ok, Sock} = gen_tcp:connect(Host, Port,
+					       [binary,{packet,0},
+						{active,false}]),
+	    Data = case proplists:get_value(arity,erlang:fun_info(Send)) of
+		       1 ->
+			   Send(Sock);
+		       2 ->
+			   Send(Sock, SFServer)
+		   end,
+	    ok = gen_tcp:close(Sock),
+	    receive
+		{ok, Bin} ->
+		    Data = Bin,
+		    ok
+	    end
+    end.
+
+sendfile_server(ClientPid, Orig) ->
+    {ok, LSock} = gen_tcp:listen(0, [binary, {packet, 0},
+				     {active, true},
+				     {reuseaddr, true}]),
+    {ok, Port} = inet:port(LSock),
+    ClientPid ! {server, Port},
+    {ok, Sock} = gen_tcp:accept(LSock),
+    {ok, Bin} = sendfile_do_recv(Sock, Orig),
+    ClientPid ! {ok, Bin},
+    gen_tcp:send(Sock, <<1>>).
+
+-define(SENDFILE_TIMEOUT, 10000).
+sendfile_do_recv(Sock, Bs) ->
+    receive
+	stop when Bs /= 0,is_integer(Bs) ->
+	    gen_tcp:close(Sock),
+	    {ok, -1};
+	{tcp, Sock, B} ->
+	    case binary:match(B,<<1>>) of
+		nomatch when is_list(Bs) ->
+		    sendfile_do_recv(Sock, [B|Bs]);
+		nomatch when is_integer(Bs) ->
+		    sendfile_do_recv(Sock, byte_size(B) + Bs);
+		_ when is_list(Bs) ->
+		    ct:log("Stopped due to a 1"),
+		    {ok, iolist_to_binary(lists:reverse([B|Bs]))};
+		_ when is_integer(Bs) ->
+		    ct:log("Stopped due to a 1"),
+		    {ok, byte_size(B) + Bs}
+	    end;
+	{tcp_closed, Sock} when is_list(Bs) ->
+	    ct:log("Stopped due to close"),
+	    {ok, iolist_to_binary(lists:reverse(Bs))};
+	{tcp_closed, Sock} when is_integer(Bs) ->
+	    ct:log("Stopped due to close"),
+	    {ok, Bs}
+    after ?SENDFILE_TIMEOUT ->
+	    ct:log("Sendfile timeout"),
+	    timeout
+    end.
+
+sendfile_file_info(File) ->
+    {ok, #file_info{size = Size}} = file:read_file_info(File),
+    {ok, Data} = file:read_file(File),
+    {Size, Data}.
+
+
+%% Error handler 
+
+init([Proc]) -> {ok,Proc}.
+
+handle_event({error,noproc,{emulator,Format,Args}}, Proc) -> 
+    Proc ! {stolen,lists:flatten(io_lib:format(Format,Args))},
+    {ok,Proc};
+handle_event(_, Proc) -> 
+    {ok,Proc}.
diff --git a/lib/kernel/test/seq_trace_SUITE_data/echo_drv.c b/lib/kernel/test/seq_trace_SUITE_data/echo_drv.c
index dcbb3348d8..aa182b0877 100644
--- a/lib/kernel/test/seq_trace_SUITE_data/echo_drv.c
+++ b/lib/kernel/test/seq_trace_SUITE_data/echo_drv.c
@@ -3,7 +3,7 @@
 
 static ErlDrvPort erlang_port;
 static ErlDrvData echo_start(ErlDrvPort, char *);
-static void echo_stop(ErlDrvData), echo_read(ErlDrvData, char*, int);
+static void echo_stop(ErlDrvData), echo_read(ErlDrvData, char*, ErlDrvSizeT);
 
 static ErlDrvEntry echo_driver_entry = { 
     NULL,
@@ -13,7 +13,22 @@ static ErlDrvEntry echo_driver_entry = {
     NULL,
     NULL,
     "echo_drv",
-    NULL
+    NULL,
+    NULL, /* handle */
+    NULL, /* control */
+    NULL, /* timeout */
+    NULL, /* outputv */
+    NULL, /* ready_async */
+    NULL,
+    NULL,
+    NULL,
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL,
 };
 
 DRIVER_INIT(echo_drv)
@@ -31,7 +46,7 @@ static ErlDrvData echo_start(ErlDrvPort port,char *buf)
     return (ErlDrvData)port;
 }
 
-static void echo_read(ErlDrvData data, char *buf, int count)
+static void echo_read(ErlDrvData data, char *buf, ErlDrvSizeT count)
 {
     driver_output(erlang_port, buf, count);
 }
diff --git a/lib/kernel/test/wrap_log_reader_SUITE.erl b/lib/kernel/test/wrap_log_reader_SUITE.erl
index ffc8def626..96dc3e6d33 100644
--- a/lib/kernel/test/wrap_log_reader_SUITE.erl
+++ b/lib/kernel/test/wrap_log_reader_SUITE.erl
@@ -561,4 +561,4 @@ rec(M, Where) ->
     end.
 	    
 pps() ->
-    {erlang:ports(), lists:filter({erlang, is_process_alive}, processes())}.
+    {erlang:ports(), lists:filter(fun erlang:is_process_alive/1, processes())}.
diff --git a/lib/kernel/vsn.mk b/lib/kernel/vsn.mk
index 76c62ece67..76d3003ff4 100644
--- a/lib/kernel/vsn.mk
+++ b/lib/kernel/vsn.mk
@@ -1 +1 @@
-KERNEL_VSN = 2.15
+KERNEL_VSN = 2.15.1
diff --git a/lib/megaco/Makefile b/lib/megaco/Makefile
index 10efaf667f..9dc84c122c 100644
--- a/lib/megaco/Makefile
+++ b/lib/megaco/Makefile
@@ -97,9 +97,8 @@ endif
 CONFIGURE_OPTS = $(FLEX_SCANNER_LINENO_ENABLER) $(FLEX_SCANNER_REENTRANT_ENABLER)
 
 
-MEGACO_DIA_PLT     = ./priv/megaco.plt
-MEGACO_DIA_PLT_LOG = $(basename $(MEGACO_DIA_PLT)).dialyzer_plt_log
-MEGACO_DIA_LOG     = $(basename $(MEGACO_DIA_PLT)).dialyzer_log
+DIA_PLT      = ./priv/plt/$(APPLICATION).plt
+DIA_ANALYSIS = $(basename $(DIA_PLT)).dialyzer_analysis
 
 
 # ----------------------------------------------------
@@ -140,8 +139,8 @@ info:
 	@echo "OTP_INSTALL_DIR: $(OTP_INSTALL_DIR)"
 	@echo "APP_INSTALL_DIR: $(APP_INSTALL_DIR)"
 	@echo ""
-	@echo "MEGACO_PLT     = $(MEGACO_PLT)"
-	@echo "MEGACO_DIA_LOG = $(MEGACO_DIA_LOG)"
+	@echo "DIA_PLT:      $(DIA_PLT)"
+	@echo "DIA_ANALYSIS: $(DIA_ANALYSIS)"
 	@echo ""
 
 version:
@@ -201,18 +200,18 @@ tar: $(APP_TAR_FILE)
 $(APP_TAR_FILE): $(APP_DIR)
 	(cd $(APP_RELEASE_DIR); gtar zcf $(APP_TAR_FILE) $(DIR_NAME))
 
-dialyzer_plt: $(MEGACO_DIA_PLT)
+dialyzer_plt: $(DIA_PLT)
 
-$(MEGACO_DIA_PLT): 
-	@echo "Building megaco plt file"
+$(DIA_PLT): 
+	@echo "Building $(APPLICATION) plt file"
 	@dialyzer --build_plt \
                   --output_plt $@ \
-                  -r ../megaco/ebin \
-                  -o $(MEGACO_DIA_PLT_LOG) \
+                  -r ../$(APPLICATION)/ebin \
+                  --output $(DIA_ANALYSIS) \
                   --verbose
 
-dialyzer: $(MEGACO_DIA_PLT)
-	(dialyzer --plt $< \
-                  -o $(MEGACO_DIA_LOG) \
-                  ../megaco/ebin \
-                  && (shell cat $(MEGACO_DIA_LOG)))
+dialyzer: $(DIA_PLT)
+	@echo "Running dialyzer on $(APPLICATION)"
+	@dialyzer --plt $< \
+                  ../$(APPLICATION)/ebin \
+                  --verbose
diff --git a/lib/megaco/configure.in b/lib/megaco/configure.in
index b88e17ec85..42c50b8961 100644
--- a/lib/megaco/configure.in
+++ b/lib/megaco/configure.in
@@ -208,7 +208,7 @@ if test "X$host" = "Xwin32"; then
 else
   case $host_os in
     darwin*)
-	CFLAGS="$CFLAGS -no-cpp-precomp -fno-common"
+	CFLAGS="$CFLAGS -fno-common"
 	;;
   esac
 
diff --git a/lib/megaco/doc/src/Makefile b/lib/megaco/doc/src/Makefile
index f782afc3f6..137f0315d8 100644
--- a/lib/megaco/doc/src/Makefile
+++ b/lib/megaco/doc/src/Makefile
@@ -1,7 +1,7 @@
 # 
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2000-2010. All Rights Reserved.
+# Copyright Ericsson AB 2000-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -123,10 +123,13 @@ imgs: $(IMG_FILES:%=$(HTMLDIR)/%)
 man: $(MAN3_FILES) 
 
 $(INDEX_TARGET): $(INDEX_SRC) $(APP_FILE)
-	sed -e 's/%VSN%/$(VSN)/; \
-                s/%ERLANG_SITE%/www\.erlang\.se\//; \
-                s/%UP_ONE_LEVEL%/..\/..\/..\/doc\/index.html/; \
-                s/%OFF_PRINT%/pdf\/megaco-$(VSN).pdf/' $< > $@
+	sed -e 's/%VSN%/$(VSN)/' $< > $@
+
+$(INDEX_TARGET): $(INDEX_SRC) $(APP_FILE)
+	sed -e 's/%VSN%/$(VSN)/' \
+            -e 's/%ERLANG_SITE%/www\.erlang\.se\//' \
+            -e 's/%UP_ONE_LEVEL%/..\/..\/..\/doc\/index.html/' \
+            -e 's/%OFF_PRINT%/pdf\/megaco-$(VSN).pdf/' $< > $@
 
 debug opt: 
 
diff --git a/lib/megaco/doc/src/megaco_run.xml b/lib/megaco/doc/src/megaco_run.xml
index 9ed589b079..b723778890 100644
--- a/lib/megaco/doc/src/megaco_run.xml
+++ b/lib/megaco/doc/src/megaco_run.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2000</year><year>2010</year>
+      <year>2000</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -317,7 +317,7 @@
       "in storage" (indicated by the transaction id) it is assumed to 
       be a resend and everything stored is sent. This could happen if 
       the values of the <c><![CDATA[trans_timer]]></c> and the
-      <c><![CDATA[request_timer]]></c> is not properly choosen.</p>
+      <c><![CDATA[request_timer]]></c> is not properly chosen.</p>
   </section>
 
   <section>
diff --git a/lib/megaco/doc/src/notes.xml b/lib/megaco/doc/src/notes.xml
index baf8c6a201..d9c575885f 100644
--- a/lib/megaco/doc/src/notes.xml
+++ b/lib/megaco/doc/src/notes.xml
@@ -36,9 +36,9 @@
     section is the version number of Megaco.</p>
 
 
-  <section><title>Megaco 3.15.1.2</title>
+  <section><title>Megaco 3.16</title>
 
-    <p>Version 3.15.1.2 supports code replacement in runtime from/to
+    <p>Version 3.16 supports code replacement in runtime from/to
       version 3.15.1.1, 3.15.1 and 3.15.</p>
 
     <section>
@@ -67,6 +67,12 @@
           <p>Own Id: OTP-9679</p>
         </item>
 
+        <item>
+	  <p>The flex driver has been updated to support the new driver format
+	  (changed to enable 64-bit aware drivers). </p>
+          <p>Own Id: OTP-9795</p>
+        </item>
+
      </list>
 
     </section>
@@ -88,7 +94,25 @@
       
     </section>
 
-  </section> <!-- 3.15.1.2 -->
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+
+<!--
+      <list type="bulleted">
+        <item>
+	  <p>Due to the change in the flex driver API, 
+	  we may no longer be able to build and/or use 
+	  the flex driver without reentrant support. </p>
+          <p>Own Id: OTP-9795</p>
+        </item>
+
+      </list>
+-->
+
+    </section>
+
+  </section> <!-- 3.16 -->
 
 
   <section><title>Megaco 3.15.1.1</title>
diff --git a/lib/megaco/include/megaco_message_prev3a.hrl b/lib/megaco/include/megaco_message_prev3a.hrl
index 7b7a60fdae..3e73f94761 100644
--- a/lib/megaco/include/megaco_message_prev3a.hrl
+++ b/lib/megaco/include/megaco_message_prev3a.hrl
@@ -563,7 +563,7 @@
 
 
 %% This is the actual ASN.1 type and it is as this it will
-%% be represented if the encoding config [native] is choosen.
+%% be represented if the encoding config [native] is chosen.
 %% %% String of at least 1 character and at most 67 characters (ASN.1). 
 %% %% 64 characters for name, 1 for "/", 2 for version to match ABNF
 %% -record('ServiceChangeProfile',
diff --git a/lib/megaco/include/megaco_message_prev3b.hrl b/lib/megaco/include/megaco_message_prev3b.hrl
index cfabb29941..b4bde2bb7e 100644
--- a/lib/megaco/include/megaco_message_prev3b.hrl
+++ b/lib/megaco/include/megaco_message_prev3b.hrl
@@ -563,7 +563,7 @@
 
 
 %% This is the actual ASN.1 type and it is as this it will
-%% be represented if the encoding config [native] is choosen.
+%% be represented if the encoding config [native] is chosen.
 %% %% String of at least 1 character and at most 67 characters (ASN.1). 
 %% %% 64 characters for name, 1 for "/", 2 for version to match ABNF
 %% -record('ServiceChangeProfile',
diff --git a/lib/megaco/include/megaco_message_prev3c.hrl b/lib/megaco/include/megaco_message_prev3c.hrl
index 32024c9a02..90612f66c8 100644
--- a/lib/megaco/include/megaco_message_prev3c.hrl
+++ b/lib/megaco/include/megaco_message_prev3c.hrl
@@ -748,7 +748,7 @@
 
 
 %% This is the actual ASN.1 type and it is as this it will
-%% be represented if the encoding config [native] is choosen.
+%% be represented if the encoding config [native] is chosen.
 %% %% String of at least 1 character and at most 67 characters (ASN.1). 
 %% %% 64 characters for name, 1 for "/", 2 for version to match ABNF
 %% -record('ServiceChangeProfile',
diff --git a/lib/megaco/include/megaco_message_v1.hrl b/lib/megaco/include/megaco_message_v1.hrl
index ba50b50c80..f196c26713 100644
--- a/lib/megaco/include/megaco_message_v1.hrl
+++ b/lib/megaco/include/megaco_message_v1.hrl
@@ -404,7 +404,7 @@
 	 }). % with extension mark
 
 %% This is the actual ASN.1 type and it is as this it will
-%% be represented if the encoding config [native] is choosen.
+%% be represented if the encoding config [native] is chosen.
 % %% String of at least 1 character and at most 67 characters (ASN.1). 
 % %% 64 characters for name, 1 for "/", 2 for version to match ABNF
 % -record('ServiceChangeProfile',
diff --git a/lib/megaco/include/megaco_message_v2.hrl b/lib/megaco/include/megaco_message_v2.hrl
index 6190ea7ac4..af79c4dc92 100644
--- a/lib/megaco/include/megaco_message_v2.hrl
+++ b/lib/megaco/include/megaco_message_v2.hrl
@@ -525,7 +525,7 @@
 
 
 %% This is the actual ASN.1 type and it is as this it will
-%% be represented if the encoding config [native] is choosen.
+%% be represented if the encoding config [native] is chosen.
 %% %% String of at least 1 character and at most 67 characters (ASN.1). 
 %% %% 64 characters for name, 1 for "/", 2 for version to match ABNF
 %% -record('ServiceChangeProfile',
diff --git a/lib/megaco/include/megaco_message_v3.hrl b/lib/megaco/include/megaco_message_v3.hrl
index 7a1bc80571..466cfa6856 100644
--- a/lib/megaco/include/megaco_message_v3.hrl
+++ b/lib/megaco/include/megaco_message_v3.hrl
@@ -743,7 +743,7 @@
 
 
 %% This is the actual ASN.1 type and it is as this it will
-%% be represented if the encoding config [native] is choosen.
+%% be represented if the encoding config [native] is chosen.
 %% %% String of at least 1 character and at most 67 characters (ASN.1). 
 %% %% 64 characters for name, 1 for "/", 2 for version to match ABNF
 %% -record('ServiceChangeProfile',
diff --git a/lib/megaco/priv/plt/.gitignore b/lib/megaco/priv/plt/.gitignore
new file mode 100644
index 0000000000..2051b52d48
--- /dev/null
+++ b/lib/megaco/priv/plt/.gitignore
@@ -0,0 +1,2 @@
+/*.plt
+/*.dialyzer_analysis
diff --git a/lib/megaco/src/app/megaco.appup.src b/lib/megaco/src/app/megaco.appup.src
index 7f6fe0c733..3c9740818a 100644
--- a/lib/megaco/src/app/megaco.appup.src
+++ b/lib/megaco/src/app/megaco.appup.src
@@ -141,48 +141,41 @@
 %%   3.15.1.1
 %%      |
 %%      v
-%%   3.15.1.2
+%%    3.16
 %%
 %%
 {"%VSN%",
  [
   {"3.15.1.1", 
    [
+    {restart_application, megaco}
    ]
   },
   {"3.15.1", 
    [
+    {restart_application, megaco}
    ]
   },
   {"3.15", 
    [
-    {load_module, megaco_flex_scanner, soft_purge, soft_purge, []},
-    {load_module, megaco_sdp, soft_purge, soft_purge, []},
-    {load_module, megaco_filter, soft_purge, soft_purge, []},
-    {load_module, megaco_timer, soft_purge, soft_purge, [megaco_config_misc]},
-    {update, megaco_config, soft, soft_purge, soft_purge, 
-     [megaco_timer, megaco_config_misc]},
-    {add_module,  megaco_config_misc}
+    {restart_application, megaco}
    ]
   }
  ],
  [
   {"3.15.1.1", 
    [
+    {restart_application, megaco}
    ]
   },
   {"3.15.1", 
    [
+    {restart_application, megaco}
    ]
   },
   {"3.15", 
    [
-    {load_module, megaco_flex_scanner, soft_purge, soft_purge, []},
-    {load_module, megaco_sdp, soft_purge, soft_purge, []},
-    {load_module, megaco_filter, soft_purge, soft_purge, []},
-    {load_module, megaco_timer, soft_purge, soft_purge, [megaco_config]},
-    {update, megaco_config, soft, soft_purge, soft_purge, []},
-    {remove, {megaco_config_misc, soft_purge, brutal_purge}}
+    {restart_application, megaco}
    ]
   }
  ]
diff --git a/lib/megaco/src/engine/megaco_digit_map.erl b/lib/megaco/src/engine/megaco_digit_map.erl
index de28686d6d..bf798d7938 100644
--- a/lib/megaco/src/engine/megaco_digit_map.erl
+++ b/lib/megaco/src/engine/megaco_digit_map.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2000-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2000-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -362,7 +362,7 @@ collect(Event, State, Timers, STL, Letters) ->
 	       "~n   Timers2:  ~p"
 	       "~n   Letters2: ~p", [State2, Timers2, Letters2]),
 	    MaxWait = choose_timer(State2, Event, Timers2),
-	    ?d("collect -> Timer choosen: "
+	    ?d("collect -> Timer chosen: "
 	       "~n   MaxWait: ~p", [MaxWait]),
 	    receive
 		{?MODULE, _FromPid, Event2} ->
@@ -737,7 +737,7 @@ compute_cont([Next | Cont] = All, Mode, GlobalMode, State, STL) ->
        "~n   Mode:       ~p"
        "~n   GlobalMode: ~p", [Next, Mode, GlobalMode]),
     case Next of
-	%% Retain long timer if that has already been choosen
+	%% Retain long timer if that has already been chosen
 	use_short_timer when GlobalMode =:= use_long_timer ->
 	    compute_cont(Cont, Mode, GlobalMode, State, STL);
 	use_short_timer ->
diff --git a/lib/megaco/src/flex/Makefile.in b/lib/megaco/src/flex/Makefile.in
index 2c46a673e4..7d82644246 100644
--- a/lib/megaco/src/flex/Makefile.in
+++ b/lib/megaco/src/flex/Makefile.in
@@ -1,7 +1,7 @@
 # 
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2001-2010. All Rights Reserved.
+# Copyright Ericsson AB 2001-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/megaco/src/flex/megaco_flex_scanner_drv.flex.src b/lib/megaco/src/flex/megaco_flex_scanner_drv.flex.src
index 9b4f717201..b8146c345d 100644
--- a/lib/megaco/src/flex/megaco_flex_scanner_drv.flex.src
+++ b/lib/megaco/src/flex/megaco_flex_scanner_drv.flex.src
@@ -1,7 +1,7 @@
   /*
    * %CopyrightBegin%
    *
-   * Copyright Ericsson AB 2001-2010. All Rights Reserved.
+   * Copyright Ericsson AB 2001-2011. All Rights Reserved.
    *
    * The contents of this file are subject to the Erlang Public License,
    * Version 1.1, (the "License"); you may not use this file except in
@@ -60,18 +60,11 @@
 #define NUL        0x0
 
 #if defined(MEGACO_REENTRANT_FLEX_SCANNER)
-  #define MEGACO_EXTENDED_MARKER        ERL_DRV_EXTENDED_MARKER
-  #define MEGACO_DRIVER_FLAGS           ERL_DRV_FLAG_USE_PORT_LOCKING
-  #define MEGACO_EXTENDED_MAJOR_VERSION ERL_DRV_EXTENDED_MAJOR_VERSION
-  #define MEGACO_EXTENDED_MINOR_VERSION ERL_DRV_EXTENDED_MINOR_VERSION
-#else
-  #define MEGACO_EXTENDED_MARKER        0
-  #define MEGACO_DRIVER_FLAGS           0
-  #define MEGACO_EXTENDED_MAJOR_VERSION 0
-  #define MEGACO_EXTENDED_MINOR_VERSION 0
+#  define MEGACO_DRIVER_FLAGS           ERL_DRV_FLAG_USE_PORT_LOCKING
+#else 
+#  define MEGACO_DRIVER_FLAGS           0
 #endif
 
-
 #define FREE(bufP)        driver_free(bufP)
 #define ALLOC(sz)         driver_alloc(sz)
 #define REALLOC(bufP, sz) driver_realloc(bufP, sz)
@@ -320,11 +313,11 @@ static void mfs_load_map_token();
 static ErlDrvData mfs_start(ErlDrvPort port, char *buf);
 static void 	  mfs_stop(ErlDrvData handle);
 static void 	  mfs_command(ErlDrvData handle, 
-                              char *buf, int buf_len);
-static int 	  mfs_control(ErlDrvData handle, 
+                              char *buf, ErlDrvSizeT buf_len);
+static ErlDrvSSizeT mfs_control(ErlDrvData handle,
                               unsigned int command,
-                              char *buf, int buf_len, 
-      			      char **res_buf, int res_buf_len);
+                              char *buf, ErlDrvSizeT buf_len, 
+      			      char **res_buf, ErlDrvSizeT res_buf_len);
 static void 	  mfs_finish(void);
 
 /* 
@@ -348,10 +341,10 @@ static ErlDrvEntry mfs_entry = {
     NULL,              /* flush, port is about to be closed */
     NULL,              /* call, a syncronous call into the driver */
     NULL,              /* event, event selected by driver_event() has occurred */
-    MEGACO_EXTENDED_MARKER,         /* extended_marker, which we use if reentrant */
-    MEGACO_EXTENDED_MAJOR_VERSION,  /* major_version, ... */
-    MEGACO_EXTENDED_MINOR_VERSION,  /* minor_version, ... */
-    MEGACO_DRIVER_FLAGS,            /* driver_flags, used for port lock indication */
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    MEGACO_DRIVER_FLAGS, /* driver_flags, used for port lock indication */
     NULL,              /* handle2, emulator internal use */
     NULL               /* process_exit, Called when a process monitor fires */
 };    
@@ -1685,17 +1678,17 @@ static void mfs_stop(ErlDrvData handle)
 }
 
 static void mfs_command(ErlDrvData handle, 
-			char *buf, int buf_len)
+			char *buf, ErlDrvSizeT buf_len)
 {
   driver_failure_atom(((MfsErlDrvData*) handle)->port, "bad_usage");
 
   return;
 }
 
-static int mfs_control(ErlDrvData          handle, 
+static ErlDrvSSizeT mfs_control(ErlDrvData          handle,
 		       unsigned int        command,
-		       char  *buf,     int buf_len, 
-		       char **res_buf, int res_buf_len)
+		       char  *buf,     ErlDrvSizeT buf_len, 
+		       char **res_buf, ErlDrvSizeT res_buf_len)
 {
   MfsErlDrvData*  dataP = (MfsErlDrvData*) handle;
   char*           tmp;
diff --git a/lib/megaco/test/megaco_codec_v2_test.erl b/lib/megaco/test/megaco_codec_v2_test.erl
index 1d3fcb36e9..a44f74166c 100644
--- a/lib/megaco/test/megaco_codec_v2_test.erl
+++ b/lib/megaco/test/megaco_codec_v2_test.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/megaco/test/megaco_mess_test.erl b/lib/megaco/test/megaco_mess_test.erl
index 383e3df774..8bafab1aba 100644
--- a/lib/megaco/test/megaco_mess_test.erl
+++ b/lib/megaco/test/megaco_mess_test.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -456,9 +456,20 @@ connect(Config) when is_list(Config) ->
     ?VERIFY(bad_send_mod, megaco:user_info(MgMid, send_mod)),
     ?VERIFY(bad_send_mod, megaco:conn_info(PrelCH, send_mod)),
     SC = service_change_request(),
-    ?VERIFY({1, {error, {send_message_failed, {'EXIT',
-                  {undef, [{bad_send_mod, send_message, [sh, _]} | _]}}}}},
-	     megaco:call(PrelCH, [SC], [])),
+    case megaco:call(PrelCH, [SC], []) of
+	{error, 
+	 {send_message_failed, 
+	  {'EXIT', {undef, [{bad_send_mod, send_message, [sh, _]} | _]}}}} ->
+	    ok;
+	
+	%% As of R15, we also get some extra info (e.g. line numbers)
+	{error, 
+	 {send_message_failed, 
+	  {'EXIT', {undef, [{bad_send_mod, send_message, [sh, _], _} | _]}}}} ->
+	    ok;
+	Unexpected ->
+	    ?ERROR(Unexpected)
+    end,
 
     ?VERIFY(ok, megaco:disconnect(PrelCH, shutdown)),
 
diff --git a/lib/megaco/test/megaco_profile.erl b/lib/megaco/test/megaco_profile.erl
index 344c551970..fd72604e92 100644
--- a/lib/megaco/test/megaco_profile.erl
+++ b/lib/megaco/test/megaco_profile.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/megaco/vsn.mk b/lib/megaco/vsn.mk
index 35acffcb64..bb6f5f554a 100644
--- a/lib/megaco/vsn.mk
+++ b/lib/megaco/vsn.mk
@@ -18,6 +18,6 @@
 # %CopyrightEnd%
 
 APPLICATION = megaco
-MEGACO_VSN  = 3.15.1.2
+MEGACO_VSN  = 3.16
 PRE_VSN     =
 APP_VSN     = "$(APPLICATION)-$(MEGACO_VSN)$(PRE_VSN)"
diff --git a/lib/mnesia/doc/src/Makefile b/lib/mnesia/doc/src/Makefile
index f2e581f9d3..1ac5760510 100644
--- a/lib/mnesia/doc/src/Makefile
+++ b/lib/mnesia/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/mnesia/doc/src/mnesia.xml b/lib/mnesia/doc/src/mnesia.xml
index 19ec70118f..20133cb6cb 100644
--- a/lib/mnesia/doc/src/mnesia.xml
+++ b/lib/mnesia/doc/src/mnesia.xml
@@ -813,6 +813,21 @@ mnesia:change_table_copy_type(person, node(), disc_copies)
               </p>
           </item>
           <item>
+            <p><c>{storage_properties, [{Backend, Properties}]</c>.
+	    Forwards additional properties to the backend storage.
+	    <c>Backend</c> can currently be <c>ets</c> or <c>dets</c> and
+	    <c>Properties</c> is a list of options sent to the backend storage
+	    during table creation. <c>Properties</c> may not contain properties
+	    already used by mnesia such as <c>type</c> or <c>named_table</c>.
+	    </p>
+	    <p>For example:</p>
+	    <code type="none">
+mnesia:create_table(table, [{ram_copies, [node()]}, {disc_only_copies, nodes()},
+			    {storage_properties,
+			     [{ets, [compressed]}, {dets, [{auto_save, 5000}]} ]}])
+	    </code>
+          </item>
+          <item>
             <p><c>{type, Type}</c>, where <c>Type</c> must be
               either of the atoms <c>set</c>, <c>ordered_set</c> or
               <c>bag</c>. The default value is <c>set</c>. In a
diff --git a/lib/mnesia/doc/src/notes.xml b/lib/mnesia/doc/src/notes.xml
index 1bb80f8fe3..a300fcc12d 100644
--- a/lib/mnesia/doc/src/notes.xml
+++ b/lib/mnesia/doc/src/notes.xml
@@ -38,7 +38,61 @@
     thus constitutes one section in this document. The title of each
     section is the version number of Mnesia.</p>
 
-  <section><title>Mnesia 4.5.1</title>
+  <section><title>Mnesia 4.6</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Reduce calls to phash in key_to_frag_number</p>
+          <p>
+	    Original code calls phash 1..2 times, based on which
+	    fragment the hashed key targets and how many fragments
+	    exist. New code always calls phash only once.</p>
+          <p>
+	    Add mnesia_frag_hash test (Thanks to Philip Robinson)</p>
+          <p>
+	    Own Id: OTP-9722</p>
+        </item>
+        <item>
+          <p>
+	    Fixed a sticky lock bug which caused mnesia:read(Tab,
+	    Key, write) return undefined.</p>
+          <p>
+	    Own Id: OTP-9786</p>
+        </item>
+        <item>
+          <p>
+	    Use the synchronous log_terms instead of alog_terms in
+	    mnesia_log:ets2dcd()</p>
+          <p>
+	    This avoids the situation where mnesia could dump a very
+	    large ets table in its entirety into the message queue of
+	    the disk_log process, causing memory blowup and choking
+	    the disk logger. (Thanks to Richard Carlsson)</p>
+          <p>
+	    Own Id: OTP-9804</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Implemented a new option to mnesia:create_table/2 which
+	    allows the user to assign 'ets' and 'dets' options not
+	    available in mnesia.</p>
+          <p>
+	    Own Id: OTP-8970</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Mnesia 4.5.1</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/mnesia/src/mnesia.appup.src b/lib/mnesia/src/mnesia.appup.src
index e0954ad206..304a15242f 100644
--- a/lib/mnesia/src/mnesia.appup.src
+++ b/lib/mnesia/src/mnesia.appup.src
@@ -1,14 +1,16 @@
 %% -*- erlang -*-
 {"%VSN%",
  [
-  {"4.5", [{restart_application, mnesia}]},
+  {"4.5.1",  [{restart_application, mnesia}]},
+  {"4.5",    [{restart_application, mnesia}]},
   {"4.4.19", [{restart_application, mnesia}]},
   {"4.4.18", [{restart_application, mnesia}]},
   {"4.4.17", [{restart_application, mnesia}]},
   {"4.4.16", [{restart_application, mnesia}]}
  ],
  [
-  {"4.5", [{restart_application, mnesia}]},
+  {"4.5.1",  [{restart_application, mnesia}]},
+  {"4.5",    [{restart_application, mnesia}]},
   {"4.4.19", [{restart_application, mnesia}]},
   {"4.4.18", [{restart_application, mnesia}]},
   {"4.4.17", [{restart_application, mnesia}]},
diff --git a/lib/mnesia/src/mnesia.erl b/lib/mnesia/src/mnesia.erl
index 980a9c6213..3d30debc53 100644
--- a/lib/mnesia/src/mnesia.erl
+++ b/lib/mnesia/src/mnesia.erl
@@ -27,7 +27,7 @@
 	 %% Start, stop and debugging
 	 start/0, start/1, stop/0,           % Not for public use
 	 set_debug_level/1, lkill/0, kill/0, % Not for public use
-	 ms/0, 
+	 ms/0,
 	 change_config/2,
 
 	 %% Activity mgt
@@ -40,14 +40,14 @@
 	 %% Access within an activity - Lock acquisition
 	 lock/2, lock/4,
 	 lock_table/2,
-	 read_lock_table/1, 
+	 read_lock_table/1,
 	 write_lock_table/1,
 
 	 %% Access within an activity - Updates
-	 write/1, s_write/1, write/3, write/5, 
-	 delete/1, s_delete/1, delete/3, delete/5, 
-	 delete_object/1, s_delete_object/1, delete_object/3, delete_object/5, 
-	 
+	 write/1, s_write/1, write/3, write/5,
+	 delete/1, s_delete/1, delete/3, delete/5,
+	 delete_object/1, s_delete_object/1, delete_object/3, delete_object/5,
+
 	 %% Access within an activity - Reads
 	 read/1, read/2, wread/1, read/3, read/5,
 	 match_object/1, match_object/3, match_object/5,
@@ -58,9 +58,9 @@
 	 first/1, next/2, last/1, prev/2,
 	 first/3, next/4, last/3, prev/4,
 
-	 %% Iterators within an activity 
+	 %% Iterators within an activity
 	 foldl/3, foldl/4, foldr/3, foldr/4,
-	 
+
 	 %% Dirty access regardless of activities - Updates
 	 dirty_write/1, dirty_write/2,
 	 dirty_delete/1, dirty_delete/2,
@@ -72,8 +72,8 @@
 	 dirty_select/2,
 	 dirty_match_object/1, dirty_match_object/2, dirty_all_keys/1,
 	 dirty_index_match_object/2, dirty_index_match_object/3,
-	 dirty_index_read/3, dirty_slot/2, 
-	 dirty_first/1, dirty_next/2, dirty_last/1, dirty_prev/2, 
+	 dirty_index_read/3, dirty_slot/2,
+	 dirty_first/1, dirty_next/2, dirty_last/1, dirty_prev/2,
 
 	 %% Info
 	 table_info/2, table_info/4, schema/0, schema/1,
@@ -102,7 +102,7 @@
 	 dump_tables/1, wait_for_tables/2, force_load_table/1,
 	 change_table_access_mode/2, change_table_load_order/2,
 	 set_master_nodes/1, set_master_nodes/2,
-	 
+
 	 %% Misc admin
 	 dump_log/0, subscribe/1, unsubscribe/1, report_event/1,
 
@@ -112,7 +112,7 @@
 
 	 %% Textfile access
 	 load_textfile/1, dump_to_textfile/1,
-	 
+
 	 %% QLC functions
 	 table/1, table/2,
 
@@ -137,20 +137,20 @@
 
 -define(DEFAULT_ACCESS, ?MODULE).
 
-%% Select 
+%% Select
 -define(PATTERN_TO_OBJECT_MATCH_SPEC(Pat), [{Pat,[],['$_']}]).
 -define(PATTERN_TO_BINDINGS_MATCH_SPEC(Pat), [{Pat,[],['$$']}]).
-   
+
 %% Local function in order to avoid external function call
 val(Var) ->
     case ?catch_val(Var) of
-	{'EXIT', Reason} -> mnesia_lib:other_val(Var, Reason); 
+	{'EXIT', Reason} -> mnesia_lib:other_val(Var, Reason);
 	Value -> Value
     end.
 
 is_dollar_digits(Var) ->
     case atom_to_list(Var) of
-	[$$ | Digs] -> 
+	[$$ | Digs] ->
 	    is_digits(Digs);
 	_ ->
 	    false
@@ -166,13 +166,13 @@ is_digits([Dig | Tail]) ->
 is_digits([]) ->
     true.
 
-has_var(X) when is_atom(X) -> 
-    if 
-	X == '_' -> 
+has_var(X) when is_atom(X) ->
+    if
+	X == '_' ->
 	    true;
-	is_atom(X) -> 
+	is_atom(X) ->
 	    is_dollar_digits(X);
-	true  -> 
+	true  ->
 	    false
     end;
 has_var(X) when is_tuple(X) ->
@@ -196,9 +196,9 @@ e_has_var(X, Pos) ->
 
 start() ->
     {Time , Res} =  timer:tc(application, start, [?APPLICATION, temporary]),
-    
+
     Secs = Time div 1000000,
-    case Res of 
+    case Res of
 	ok ->
 	    verbose("Mnesia started, ~p seconds~n",[ Secs]),
 	    ok;
@@ -243,10 +243,10 @@ change_config(extra_db_nodes, Ns) when is_list(Ns) ->
     mnesia_controller:connect_nodes(Ns);
 change_config(dc_dump_limit, N) when is_number(N), N > 0 ->
     case mnesia_lib:is_running() of
-	yes ->  
+	yes ->
 	    mnesia_lib:set(dc_dump_limit, N),
 	    {ok, N};
-	_ -> 
+	_ ->
 	    {error, {not_started, ?APPLICATION}}
     end;
 change_config(BadKey, _BadVal) ->
@@ -255,7 +255,7 @@ change_config(BadKey, _BadVal) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Debugging
 
-set_debug_level(Level) -> 
+set_debug_level(Level) ->
     mnesia_subscr:set_debug_level(Level).
 
 lkill() ->
@@ -274,9 +274,9 @@ ms() ->
      mnesia_controller,
      mnesia_dumper,
      mnesia_loader,
-     mnesia_frag, 
-     mnesia_frag_hash, 
-     mnesia_frag_old_hash, 
+     mnesia_frag,
+     mnesia_frag_hash,
+     mnesia_frag_old_hash,
      mnesia_index,
      mnesia_kernel_sup,
      mnesia_late_loader,
@@ -295,9 +295,9 @@ ms() ->
 
      %% Keep these last in the list, so
      %% mnesia_sup kills these last
-     mnesia_monitor, 
+     mnesia_monitor,
      mnesia_event
-    ]. 
+    ].
 
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -305,7 +305,7 @@ ms() ->
 
 -spec abort(_) -> no_return().
 
-abort(Reason) -> 
+abort(Reason) ->
     exit({aborted, Reason}).
 
 is_transaction() ->
@@ -339,7 +339,7 @@ sync_transaction(Fun, Args, Retries) ->
     transaction(get(mnesia_activity_state), Fun, Args, Retries, ?DEFAULT_ACCESS, sync).
 
 
-transaction(State, Fun, Args, Retries, Mod, Kind) 
+transaction(State, Fun, Args, Retries, Mod, Kind)
   when is_function(Fun), is_list(Args), Retries == infinity, is_atom(Mod) ->
     mnesia_tm:transaction(State, Fun, Args, Retries, Mod, Kind);
 transaction(State, Fun, Args, Retries, Mod, Kind)
@@ -348,7 +348,7 @@ transaction(State, Fun, Args, Retries, Mod, Kind)
 transaction(_State, Fun, Args, Retries, Mod, _Kind) ->
     {aborted, {badarg, Fun, Args, Retries, Mod}}.
 
-non_transaction(State, Fun, Args, ActivityKind, Mod) 
+non_transaction(State, Fun, Args, ActivityKind, Mod)
   when is_function(Fun), is_list(Args), is_atom(Mod) ->
     mnesia_tm:non_transaction(State, Fun, Args, ActivityKind, Mod);
 non_transaction(_State, Fun, Args, _ActivityKind, _Mod) ->
@@ -394,7 +394,7 @@ wrap_trans(State, Fun, Args, Retries, Mod, Kind) ->
 	{atomic, GoodRes} -> GoodRes;
 	BadRes -> exit(BadRes)
     end.
-	     
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Access within an activity - lock acquisition
 
@@ -507,13 +507,13 @@ good_global_nodes(Nodes) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Access within an activity - updates
 
-write(Val) when is_tuple(Val), tuple_size(Val) > 2 -> 
+write(Val) when is_tuple(Val), tuple_size(Val) > 2 ->
     Tab = element(1, Val),
     write(Tab, Val, write);
 write(Val) ->
     abort({bad_type, Val}).
 
-s_write(Val) when is_tuple(Val), tuple_size(Val) > 2 -> 
+s_write(Val) when is_tuple(Val), tuple_size(Val) > 2 ->
     Tab = element(1, Val),
     write(Tab, Val, sticky_write).
 
@@ -561,7 +561,7 @@ write_to_store(Tab, Store, Oid, Val) ->
 		_  ->
 		    ?ets_delete(Store, Oid),
 		    ?ets_insert(Store, {Oid, Val, write})
-	    end, 
+	    end,
 	    ok;
 	{'EXIT', _} ->
 	    abort({no_exists, Tab});
@@ -611,7 +611,7 @@ delete(Tid, Ts, Tab, Key, LockKind)
 	      ok;
 	Protocol ->
 	      do_dirty_delete(Protocol, Tab, Key)
-    end; 
+    end;
 delete(_Tid, _Ts, Tab, _Key, _LockKind) ->
     abort({bad_type, Tab}).
 
@@ -640,7 +640,7 @@ delete_object(Tab, Val, LockKind) ->
 delete_object(Tid, Ts, Tab, Val, LockKind)
   when is_atom(Tab), Tab /= schema, is_tuple(Val), tuple_size(Val) > 2 ->
     case has_var(Val) of
-	false -> 
+	false ->
 	    do_delete_object(Tid, Ts, Tab, Val, LockKind);
 	true ->
 	    abort({bad_type, Tab, Val})
@@ -665,7 +665,7 @@ do_delete_object(Tid, Ts, Tab, Val, LockKind) ->
 		      abort({bad_type, Tab, LockKind})
 	      end,
 	      case val({Tab, setorbag}) of
-		  bag -> 
+		  bag ->
 		      ?ets_match_delete(Store, {Oid, Val, '_'}),
 		      ?ets_insert(Store, {Oid, Val, delete_object});
 		  _ ->
@@ -731,7 +731,7 @@ read(Tid, Ts, Tab, Key, LockKind)
 	    add_written(?ets_lookup(Store, Oid), Tab, Objs);
 	_Protocol ->
 	    dirty_read(Tab, Key)
-    end; 
+    end;
 read(_Tid, _Ts, Tab, _Key, _LockKind) ->
     abort({bad_type, Tab}).
 
@@ -744,7 +744,7 @@ first(Tab) ->
 	_ ->
 	    abort(no_transaction)
     end.
-    
+
 first(Tid, Ts, Tab)
   when is_atom(Tab), Tab /= schema ->
     case element(1, Tid) of
@@ -845,9 +845,9 @@ prev(_Tid, _Ts,Tab,_) ->
 stored_keys(Tab,'$end_of_table',Prev,Ts,Op,Type) ->
     case ts_keys(Ts#tidstore.store,Tab,Op,Type,[]) of
 	[] -> '$end_of_table';
-	Keys when Type == ordered_set-> 
+	Keys when Type == ordered_set->
 	    get_ordered_tskey(Prev,Keys,Op);
-	Keys -> 
+	Keys ->
 	    get_next_tskey(Prev,Keys,Tab)
     end;
 stored_keys(Tab,{'EXIT',{aborted,R={badarg,[Tab,Key]}}},
@@ -858,7 +858,7 @@ stored_keys(Tab,{'EXIT',{aborted,R={badarg,[Tab,Key]}}},
 	Ops ->
 	    case lists:last(Ops) of
 		[delete] -> abort(R);
-		_ -> 
+		_ ->
 		    case ts_keys(Store,Tab,Op,Type,[]) of
 			[] -> '$end_of_table';
 			Keys -> get_next_tskey(Key,Keys,Tab)
@@ -869,14 +869,14 @@ stored_keys(_,{'EXIT',{aborted,R}},_,_,_,_) ->
     abort(R);
 stored_keys(Tab,Key,Prev,#tidstore{store=Store},Op,ordered_set) ->
     case ?ets_match(Store, {{Tab, Key}, '_', '$1'}) of
-	[] -> 
+	[] ->
 	    Keys = ts_keys(Store,Tab,Op,ordered_set,[Key]),
 	    get_ordered_tskey(Prev,Keys,Op);
  	Ops ->
 	    case lists:last(Ops) of
 		[delete] ->
 	 	    mnesia:Op(Tab,Key);
-		_ -> 
+		_ ->
 		    Keys = ts_keys(Store,Tab,Op,ordered_set,[Key]),
 		    get_ordered_tskey(Prev,Keys,Op)
 	    end
@@ -898,7 +898,7 @@ get_ordered_tskey(Prev, [_|R],Op) ->  get_ordered_tskey(Prev,R,Op);
 get_ordered_tskey(_, [],_) ->    '$end_of_table'.
 
 get_next_tskey(Key,Keys,Tab) ->
-    Next = 
+    Next =
 	if Key == '$end_of_table' -> hd(Keys);
 	   true ->
 		case lists:dropwhile(fun(A) -> A /= Key end, Keys) of
@@ -912,7 +912,7 @@ get_next_tskey(Key,Keys,Tab) ->
 	_ -> %% Really slow anybody got another solution??
 	    case dirty_read(Tab, Next) of
 		[] -> Next;
-		_ ->  
+		_ ->
 		    %% Updated value we already returned this key
 		    get_next_tskey(Next,Keys,Tab)
 	    end
@@ -921,7 +921,7 @@ get_next_tskey(Key,Keys,Tab) ->
 ts_keys(Store, Tab, Op, Type, Def) ->
     All = ?ets_match(Store, {{Tab,'$1'},'_','$2'}),
     Keys = ts_keys_1(All, Def),
-    if 
+    if
 	Type == ordered_set, Op == prev ->
 	    lists:reverse(lists:sort(Keys));
 	Type == ordered_set ->
@@ -947,7 +947,7 @@ ts_keys_1([], Acc) ->
 
 
 %%%%%%%%%%%%%%%%%%%%%
-%% Iterators 
+%% Iterators
 
 foldl(Fun, Acc, Tab) ->
     foldl(Fun, Acc, Tab, read).
@@ -968,7 +968,7 @@ foldl(ActivityId, Opaque, Fun, Acc, Tab, LockKind) ->
     close_iteration(Res, Tab).
 
 do_foldl(A, O, Tab, '$end_of_table', Fun, RAcc, _Type, Stored) ->
-    lists:foldl(fun(Key, Acc) -> 
+    lists:foldl(fun(Key, Acc) ->
 			lists:foldl(Fun, Acc, read(A, O, Tab, Key, read))
 		end, RAcc, Stored);
 do_foldl(A, O, Tab, Key, Fun, Acc, ordered_set, [H | Stored]) when H == Key ->
@@ -983,7 +983,7 @@ do_foldl(A, O, Tab, Key, Fun, Acc, ordered_set, [H | Stored]) when H > Key ->
     NewAcc = lists:foldl(Fun, Acc, read(A, O, Tab, Key, read)),
     {_, Tid, Ts} = get(mnesia_activity_state),
     do_foldl(Tid, Ts, Tab, dirty_next(Tab, Key), Fun, NewAcc, ordered_set, [H |Stored]);
-do_foldl(A, O, Tab, Key, Fun, Acc, Type, Stored) ->  %% Type is set or bag 
+do_foldl(A, O, Tab, Key, Fun, Acc, Type, Stored) ->  %% Type is set or bag
     NewAcc = lists:foldl(Fun, Acc, read(A, O, Tab, Key, read)),
     NewStored = ordsets:del_element(Key, Stored),
     {_, Tid, Ts} = get(mnesia_activity_state),
@@ -1003,8 +1003,8 @@ foldr(Fun, Acc, Tab, LockKind) when is_function(Fun) ->
 
 foldr(ActivityId, Opaque, Fun, Acc, Tab, LockKind) ->
     {Type, TempPrev} = init_iteration(ActivityId, Opaque, Tab, LockKind),
-    Prev = 
-	if 
+    Prev =
+	if
 	    Type == ordered_set ->
 		lists:reverse(TempPrev);
 	    true ->      %% Order doesn't matter for set and bag
@@ -1014,7 +1014,7 @@ foldr(ActivityId, Opaque, Fun, Acc, Tab, LockKind) ->
     close_iteration(Res, Tab).
 
 do_foldr(A, O, Tab, '$end_of_table', Fun, RAcc, _Type, Stored) ->
-    lists:foldl(fun(Key, Acc) -> 
+    lists:foldl(fun(Key, Acc) ->
 			lists:foldl(Fun, Acc, read(A, O, Tab, Key, read))
 		end, RAcc, Stored);
 do_foldr(A, O, Tab, Key, Fun, Acc, ordered_set, [H | Stored]) when H == Key ->
@@ -1029,7 +1029,7 @@ do_foldr(A, O, Tab, Key, Fun, Acc, ordered_set, [H | Stored]) when H < Key ->
     NewAcc = lists:foldl(Fun, Acc, read(A, O, Tab, Key, read)),
     {_, Tid, Ts} = get(mnesia_activity_state),
     do_foldr(Tid, Ts, Tab, dirty_prev(Tab, Key), Fun, NewAcc, ordered_set, [H |Stored]);
-do_foldr(A, O, Tab, Key, Fun, Acc, Type, Stored) ->  %% Type is set or bag 
+do_foldr(A, O, Tab, Key, Fun, Acc, Type, Stored) ->  %% Type is set or bag
     NewAcc = lists:foldl(Fun, Acc, read(A, O, Tab, Key, read)),
     NewStored = ordsets:del_element(Key, Stored),
     {_, Tid, Ts} = get(mnesia_activity_state),
@@ -1037,25 +1037,25 @@ do_foldr(A, O, Tab, Key, Fun, Acc, Type, Stored) ->  %% Type is set or bag
 
 init_iteration(ActivityId, Opaque, Tab, LockKind) ->
     lock(ActivityId, Opaque, {table, Tab}, LockKind),
-    Type = val({Tab, setorbag}),    
+    Type = val({Tab, setorbag}),
     Previous = add_previous(ActivityId, Opaque, Type, Tab),
     St = val({Tab, storage_type}),
-    if 
-	St == unknown -> 
+    if
+	St == unknown ->
 	    ignore;
 	true ->
 	    mnesia_lib:db_fixtable(St, Tab, true)
-    end, 
+    end,
     {Type, Previous}.
 
 close_iteration(Res, Tab) ->
     case val({Tab, storage_type}) of
-	unknown -> 
+	unknown ->
 	    ignore;
-	St -> 
+	St ->
 	    mnesia_lib:db_fixtable(St, Tab, false)
     end,
-    case Res of 
+    case Res of
 	{'EXIT', {aborted, What}} ->
 	   abort(What);
 	{'EXIT', What} ->
@@ -1074,7 +1074,7 @@ add_previous(_Tid, Ts, _Type, Tab) ->
 %% it is correct with respect to what this particular transaction
 %% has already written, deleted .... etc
 
-add_written([], _Tab, Objs) -> 
+add_written([], _Tab, Objs) ->
     Objs;  % standard normal fast case
 add_written(Written, Tab, Objs) ->
     case val({Tab, setorbag}) of
@@ -1093,7 +1093,7 @@ add_written_to_set(Ws) ->
 
 add_written_to_bag([{_, Val, write} | Tail], Objs, Ack) ->
     add_written_to_bag(Tail, lists:delete(Val, Objs), [Val | Ack]);
-add_written_to_bag([], Objs, Ack) -> 
+add_written_to_bag([], Objs, Ack) ->
     Objs ++ lists:reverse(Ack); %% Oldest write first as in ets
 add_written_to_bag([{_, _ , delete} | Tail], _Objs, _Ack) ->
     %% This transaction just deleted all objects
@@ -1118,7 +1118,7 @@ match_object(Tab, Pat, LockKind) ->
 	    abort(no_transaction)
     end.
 
-match_object(Tid, Ts, Tab, Pat, LockKind) 
+match_object(Tid, Ts, Tab, Pat, LockKind)
   when is_atom(Tab), Tab /= schema, is_tuple(Pat), tuple_size(Pat) > 2 ->
     case element(1, Tid) of
 	ets ->
@@ -1142,11 +1142,11 @@ add_written_match(S, Pat, Tab, Objs) ->
     add_match(Ops, Objs, val({Tab, setorbag})).
 
 find_ops(S, Tab, Pat) ->
-    GetWritten = [{{{Tab, '_'}, Pat, write}, [], ['$_']}, 
+    GetWritten = [{{{Tab, '_'}, Pat, write}, [], ['$_']},
 		  {{{Tab, '_'}, '_', delete}, [], ['$_']},
 		  {{{Tab, '_'}, Pat, delete_object}, [], ['$_']}],
     ets:select(S, GetWritten).
-    
+
 add_match([], Objs, _Type) ->
     Objs;
 add_match(Written, Objs, ordered_set) ->
@@ -1162,13 +1162,13 @@ add_match([{Oid, Val, write}|R], Objs, set) ->
     add_match(R, [Val | deloid(Oid,Objs)],set).
 
 %% For ordered_set only !!
-add_ordered_match(Written = [{{_, Key}, _, _}|_], [Obj|Objs], Acc) 
+add_ordered_match(Written = [{{_, Key}, _, _}|_], [Obj|Objs], Acc)
   when Key > element(2, Obj) ->
     add_ordered_match(Written, Objs, [Obj|Acc]);
-add_ordered_match([{{_, Key}, Val, write}|Rest], Objs =[Obj|_], Acc) 
+add_ordered_match([{{_, Key}, Val, write}|Rest], Objs =[Obj|_], Acc)
   when Key < element(2, Obj) ->
     add_ordered_match(Rest, [Val|Objs],Acc);
-add_ordered_match([{{_, Key}, _, _DelOP}|Rest], Objs =[Obj|_], Acc) 
+add_ordered_match([{{_, Key}, _, _DelOP}|Rest], Objs =[Obj|_], Acc)
   when Key < element(2, Obj) ->
     add_ordered_match(Rest,Objs,Acc);
 %% Greater than last object
@@ -1176,7 +1176,7 @@ add_ordered_match([{_, Val, write}|Rest], [], Acc) ->
     add_ordered_match(Rest, [Val], Acc);
 add_ordered_match([_|Rest], [], Acc) ->
     add_ordered_match(Rest, [], Acc);
-%% Keys are equal from here 
+%% Keys are equal from here
 add_ordered_match([{_, Val, write}|Rest], [_Obj|Objs], Acc) ->
     add_ordered_match(Rest, [Val|Objs], Acc);
 add_ordered_match([{_, _Val, delete}|Rest], [_Obj|Objs], Acc) ->
@@ -1207,7 +1207,7 @@ add_sel_match([Op={Oid, _, delete}|R], Objs, Type, Acc) ->
     end;
 add_sel_match([Op = {_Oid, Val, delete_object}|R], Objs, Type, Acc) ->
     case lists:delete(Val, Objs) of
-	Objs -> 
+	Objs ->
 	    add_sel_match(R, Objs, Type, [Op|Acc]);
 	NewObjs when Type == set ->
 	    add_sel_match(R, NewObjs, Type, Acc);
@@ -1224,26 +1224,26 @@ add_sel_match([Op={Oid={_,Key}, Val, write}|R], Objs, bag, Acc) ->
     end;
 add_sel_match([Op={Oid, Val, write}|R], Objs, set, Acc) ->
     case deloid(Oid,Objs) of
-	Objs -> 
+	Objs ->
 	    add_sel_match(R, Objs,set, [Op|Acc]);
 	NewObjs ->
 	    add_sel_match(R, [Val | NewObjs],set, Acc)
     end.
 
 %% For ordered_set only !!
-add_sel_ordered_match(Written = [{{_, Key}, _, _}|_], [Obj|Objs],Acc) 
+add_sel_ordered_match(Written = [{{_, Key}, _, _}|_], [Obj|Objs],Acc)
   when Key > element(2, Obj) ->
     add_sel_ordered_match(Written, Objs, [Obj|Acc]);
-add_sel_ordered_match([{{_, Key}, Val, write}|Rest], Objs =[Obj|_],Acc) 
+add_sel_ordered_match([{{_, Key}, Val, write}|Rest], Objs =[Obj|_],Acc)
   when Key < element(2, Obj) ->
     add_sel_ordered_match(Rest,[Val|Objs],Acc);
-add_sel_ordered_match([{{_, Key}, _, _DelOP}|Rest], Objs =[Obj|_], Acc) 
+add_sel_ordered_match([{{_, Key}, _, _DelOP}|Rest], Objs =[Obj|_], Acc)
   when Key < element(2, Obj) ->
     add_sel_ordered_match(Rest,Objs,Acc);
 %% Greater than last object
 add_sel_ordered_match(Ops1, [], Acc) ->
     {lists:reverse(Acc), Ops1};
-%% Keys are equal from here 
+%% Keys are equal from here
 add_sel_ordered_match([{_, Val, write}|Rest], [_Obj|Objs], Acc) ->
     add_sel_ordered_match(Rest, [Val|Objs], Acc);
 add_sel_ordered_match([{_, _Val, delete}|Rest], [_Obj|Objs], Acc) ->
@@ -1264,11 +1264,11 @@ deloid(Oid, [H | T]) ->
     [H | deloid(Oid, T)].
 
 %%%%%%%%%%%%%%%%%%
-% select 
+% select
 
 select(Tab, Pat) ->
     select(Tab, Pat, read).
-select(Tab, Pat, LockKind) 
+select(Tab, Pat, LockKind)
   when is_atom(Tab), Tab /= schema, is_list(Pat) ->
     case get(mnesia_activity_state) of
 	{?DEFAULT_ACCESS, Tid, Ts} ->
@@ -1293,13 +1293,13 @@ fun_select(Tid, Ts, Tab, Spec, LockKind, TabPat, SelectFun) ->
 	    select_lock(Tid,Ts,LockKind,Spec,Tab),
 	    Store = Ts#tidstore.store,
 	    Written = ?ets_match_object(Store, {{TabPat, '_'}, '_', '_'}),
-	    case Written of 
-		[] ->  
+	    case Written of
+		[] ->
 		    %% Nothing changed in the table during this transaction,
 		    %% Simple case get results from [d]ets
 		    SelectFun(Spec);
-		_ ->   
-		    %% Hard (slow case) records added or deleted earlier 
+		_ ->
+		    %% Hard (slow case) records added or deleted earlier
 		    %% in the transaction, have to cope with that.
 		    Type = val({Tab, setorbag}),
 		    FixedSpec = get_record_pattern(Spec),
@@ -1326,7 +1326,7 @@ select_lock(Tid,Ts,LockKind,Spec,Tab) ->
     end.
 
 %% Breakable Select
-select(Tab, Pat, NObjects, LockKind) 
+select(Tab, Pat, NObjects, LockKind)
   when is_atom(Tab), Tab /= schema, is_list(Pat), is_integer(NObjects) ->
     case get(mnesia_activity_state) of
 	{?DEFAULT_ACCESS, Tid, Ts} ->
@@ -1356,26 +1356,26 @@ fun_select(Tid, Ts, Tab, Spec, LockKind, TabPat, Init, NObjects, Node, Storage)
 	    select_lock(Tid,Ts,LockKind,Spec,Tab),
 	    Store = Ts#tidstore.store,
 	    do_fixtable(Tab, Store),
-	    
-	    Written0 = ?ets_match_object(Store, {{TabPat, '_'}, '_', '_'}),	    
-	    case Written0 of 
-		[] ->  
+
+	    Written0 = ?ets_match_object(Store, {{TabPat, '_'}, '_', '_'}),
+	    case Written0 of
+		[] ->
 		    %% Nothing changed in the table during this transaction,
 		    %% Simple case get results from [d]ets
 		    select_state(Init(Spec),Def);
-		_ ->   
-		    %% Hard (slow case) records added or deleted earlier 
+		_ ->
+		    %% Hard (slow case) records added or deleted earlier
 		    %% in the transaction, have to cope with that.
 		    Type = val({Tab, setorbag}),
-		    Written = 
+		    Written =
 			if Type == ordered_set -> %% Sort stable
 				lists:keysort(1,Written0);
-			   true -> 
+			   true ->
 				Written0
 			end,
 		    FixedSpec = get_record_pattern(Spec),
 		    CMS = ets:match_spec_compile(Spec),
-		    trans_select(Init(FixedSpec), 
+		    trans_select(Init(FixedSpec),
 				 Def#mnesia_select{written=Written,spec=CMS,type=Type, orig=FixedSpec})
 	    end;
 	_Protocol ->
@@ -1394,7 +1394,7 @@ select(Cont) ->
 
 select_cont(_Tid,_Ts,'$end_of_table') ->
     '$end_of_table';
-select_cont(Tid,_Ts,State=#mnesia_select{tid=Tid,cont=Cont, orig=Ms}) 
+select_cont(Tid,_Ts,State=#mnesia_select{tid=Tid,cont=Cont, orig=Ms})
   when element(1,Tid) == ets ->
     case Cont of
 	'$end_of_table' -> '$end_of_table';
@@ -1415,7 +1415,7 @@ trans_select('$end_of_table', #mnesia_select{written=Written0,spec=CMS,type=Type
 trans_select({TabRecs,Cont}, State = #mnesia_select{written=Written0,spec=CMS,type=Type}) ->
     {FixedRes,Written} = add_sel_match(Written0, TabRecs, Type),
     select_state({ets:match_spec_run(FixedRes, CMS),Cont},
-		 State#mnesia_select{written=Written}). 
+		 State#mnesia_select{written=Written}).
 
 select_state({Matches, Cont}, MS) ->
     {Matches, MS#mnesia_select{cont=Cont}};
@@ -1433,9 +1433,9 @@ all_keys(Tab) ->
 	    Mod:all_keys(Tid, Ts, Tab, read);
 	_ ->
 	    abort(no_transaction)
-    end. 
+    end.
 
-all_keys(Tid, Ts, Tab, LockKind) 
+all_keys(Tid, Ts, Tab, LockKind)
   when is_atom(Tab), Tab /= schema ->
     Pat0 = val({Tab, wild_pattern}),
     Pat = setelement(2, Pat0, '$1'),
@@ -1446,7 +1446,7 @@ all_keys(Tid, Ts, Tab, LockKind)
 	_ ->
 	    Keys
     end;
-all_keys(_Tid, _Ts, Tab, _LockKind) ->    
+all_keys(_Tid, _Ts, Tab, _LockKind) ->
     abort({bad_type, Tab}).
 
 index_match_object(Pat, Attr) when is_tuple(Pat), tuple_size(Pat) > 2 ->
@@ -1465,7 +1465,7 @@ index_match_object(Tab, Pat, Attr, LockKind) ->
 	    abort(no_transaction)
     end.
 
-index_match_object(Tid, Ts, Tab, Pat, Attr, LockKind) 
+index_match_object(Tid, Ts, Tab, Pat, Attr, LockKind)
   when is_atom(Tab), Tab /= schema, is_tuple(Pat), tuple_size(Pat) > 2 ->
     case element(1, Tid) of
 	ets ->
@@ -1501,7 +1501,7 @@ index_read(Tab, Key, Attr) ->
 	    abort(no_transaction)
     end.
 
-index_read(Tid, Ts, Tab, Key, Attr, LockKind) 
+index_read(Tid, Ts, Tab, Key, Attr, LockKind)
   when is_atom(Tab), Tab /= schema ->
     case element(1, Tid) of
 	ets ->
@@ -1536,7 +1536,7 @@ dirty_write(Val) when is_tuple(Val), tuple_size(Val) > 2  ->
     dirty_write(Tab, Val);
 dirty_write(Val) ->
     abort({bad_type, Val}).
-    
+
 dirty_write(Tab, Val) ->
     do_dirty_write(async_dirty, Tab, Val).
 
@@ -1562,7 +1562,7 @@ dirty_delete(Oid) ->
 
 dirty_delete(Tab, Key) ->
     do_dirty_delete(async_dirty, Tab, Key).
-    
+
 do_dirty_delete(SyncMode, Tab, Key) when is_atom(Tab), Tab /= schema  ->
     Oid = {Tab, Key},
     mnesia_tm:dirty(SyncMode, {Oid, Oid, delete});
@@ -1582,7 +1582,7 @@ do_dirty_delete_object(SyncMode, Tab, Val)
     when is_atom(Tab), Tab /= schema, is_tuple(Val), tuple_size(Val) > 2 ->
     Oid = {Tab, element(2, Val)},
     case has_var(Val) of
-	false -> 
+	false ->
 	    mnesia_tm:dirty(SyncMode, {Oid, Val, delete_object});
 	true ->
 	    abort({bad_type, Tab, Val})
@@ -1600,7 +1600,7 @@ dirty_update_counter(Counter, _Incr) ->
 
 dirty_update_counter(Tab, Key, Incr) ->
     do_dirty_update_counter(async_dirty, Tab, Key, Incr).
-    
+
 do_dirty_update_counter(SyncMode, Tab, Key, Incr)
   when is_atom(Tab), Tab /= schema, is_integer(Incr) ->
     case ?catch_val({Tab, record_validation}) of
@@ -1638,7 +1638,7 @@ dirty_match_object(Pat) when is_tuple(Pat), tuple_size(Pat) > 2 ->
     dirty_match_object(Tab, Pat);
 dirty_match_object(Pat) ->
     abort({bad_type, Pat}).
-    
+
 dirty_match_object(Tab, Pat)
   when is_atom(Tab), Tab /= schema, is_tuple(Pat), tuple_size(Pat) > 2 ->
     dirty_rpc(Tab, ?MODULE, remote_dirty_match_object, [Tab, Pat]);
@@ -1697,8 +1697,8 @@ remote_dirty_select(Tab, [{HeadPat,_, _}] = Spec, [Pos | Tail])
 	    %% Returns the records without applying the match spec
 	    %% The actual filtering is handled by the caller
 	    CMS = ets:match_spec_compile(Spec),
-	    case val({Tab, setorbag}) of 
-		ordered_set -> 
+	    case val({Tab, setorbag}) of
+		ordered_set ->
 		    ets:match_spec_run(lists:sort(Recs), CMS);
 		_ ->
 		    ets:match_spec_run(Recs, CMS)
@@ -1730,14 +1730,14 @@ dirty_all_keys(Tab) when is_atom(Tab), Tab /= schema ->
     end;
 dirty_all_keys(Tab) ->
     abort({bad_type, Tab}).
-    
+
 dirty_index_match_object(Pat, Attr) when is_tuple(Pat), tuple_size(Pat) > 2 ->
     Tab = element(1, Pat),
     dirty_index_match_object(Tab, Pat, Attr);
 dirty_index_match_object(Pat, _Attr) ->
     abort({bad_type, Pat}).
 
-dirty_index_match_object(Tab, Pat, Attr) 
+dirty_index_match_object(Tab, Pat, Attr)
   when is_atom(Tab), Tab /= schema, is_tuple(Pat), tuple_size(Pat) > 2 ->
     case mnesia_schema:attr_tab_to_pos(Tab, Attr) of
 	Pos when Pos =< tuple_size(Pat) ->
@@ -1752,7 +1752,7 @@ dirty_index_match_object(Tab, Pat, Attr)
 				      [Tab, Pat, Pos]);
 			true ->
 			    abort({bad_type, Tab, Attr, Elem})
-		    end		    
+		    end
 	    end;
 	BadPos ->
 	    abort({bad_type, Tab, BadPos})
@@ -1810,7 +1810,7 @@ do_dirty_rpc(Tab, Node, M, F, Args) ->
 	    %% Sync with mnesia_monitor
 	    try sys:get_status(mnesia_monitor) catch _:_ -> ok end,
 	    case mnesia_controller:call({check_w2r, Node, Tab}) of % Sync
-		NewNode when NewNode =:= Node -> 
+		NewNode when NewNode =:= Node ->
 		    ErrorTag = mnesia_lib:dirty_rpc_error_tag(Reason),
 		    mnesia:abort({ErrorTag, Args});
 		NewNode ->
@@ -1821,9 +1821,9 @@ do_dirty_rpc(Tab, Node, M, F, Args) ->
 			    %% to acquire the lock on the NewNode.
 			    %% In this context we do neither know
 			    %% the kind or granularity of the lock.
-			    %% --> Abort the transaction 
+			    %% --> Abort the transaction
 			    mnesia:abort({node_not_running, Node});
-			{error, {node_not_running, _}} -> 
+			{error, {node_not_running, _}} ->
 			    %% Mnesia is stopping
 			    mnesia:abort({no_exists, Args});
 			_ ->
@@ -1858,21 +1858,21 @@ table_info(_Tid, _Ts, Tab, Item) ->
     any_table_info(Tab, Item).
 
 
-any_table_info(Tab, Item) when is_atom(Tab) ->    
+any_table_info(Tab, Item) when is_atom(Tab) ->
     case Item of
 	master_nodes ->
 	    mnesia_recover:get_master_nodes(Tab);
-%	checkpoints -> 
+%	checkpoints ->
 %	    case ?catch_val({Tab, commit_work}) of
 %		[{checkpoints, List} | _] -> List;
 %		No_chk when is_list(No_chk) ->  [];
 %		Else -> info_reply(Else, Tab, Item)
 %	    end;
-	size -> 
+	size ->
 	    raw_table_info(Tab, Item);
 	memory ->
 	    raw_table_info(Tab, Item);
-	type -> 
+	type ->
 	    case ?catch_val({Tab, setorbag}) of
 		{'EXIT', _} ->
 		    abort({no_exists, Tab, Item});
@@ -1885,8 +1885,8 @@ any_table_info(Tab, Item) when is_atom(Tab) ->
 		    abort({no_exists, Tab, Item});
 		Props ->
 		    lists:map(fun({setorbag, Type}) -> {type, Type};
-				 (Prop) -> Prop end, 
-			      Props) 
+				 (Prop) -> Prop end,
+			      Props)
 	    end;
 	name ->
 	    Tab;
@@ -1927,14 +1927,14 @@ bad_info_reply(_Tab, memory) -> 0;
 bad_info_reply(Tab, Item) -> abort({no_exists, Tab, Item}).
 
 %% Raw info about all tables
-schema() -> 
+schema() ->
     mnesia_schema:info().
 
 %% Raw info about one tables
-schema(Tab) -> 
+schema(Tab) ->
     mnesia_schema:info(Tab).
 
-error_description(Err) -> 
+error_description(Err) ->
     mnesia_lib:error_desc(Err).
 
 info() ->
@@ -1951,18 +1951,18 @@ info() ->
 	    io:format( "---> Processes waiting for locks <--- ~n", []),
 	    lists:foreach(fun({Oid, Op, _Pid, Tid, OwnerTid}) ->
 				  io:format("Tid ~p waits for ~p lock "
-					    "on oid ~p owned by ~p ~n", 
+					    "on oid ~p owned by ~p ~n",
 					    [Tid, Op, Oid, OwnerTid])
 		  end, Queued),
 	    mnesia_tm:display_info(group_leader(), TmInfo),
-	    
+
 	    Pat = {'_', unclear, '_'},
 	    Uncertain = ets:match_object(mnesia_decision, Pat),
 
 	    io:format( "---> Uncertain transactions <--- ~n", []),
 	    lists:foreach(fun({Tid, _, Nodes}) ->
 				  io:format("Tid ~w waits for decision "
-					    "from ~w~n", 
+					    "from ~w~n",
 					    [Tid, Nodes])
 		  end, Uncertain),
 
@@ -2023,15 +2023,15 @@ display_tab_info() ->
     io:format("master node tables = ~p~n", [lists:sort(MasterTabs)]),
 
     Tabs = system_info(tables),
-    
+
     {Unknown, Ram, Disc, DiscOnly} =
 	lists:foldl(fun storage_count/2, {[], [], [], []}, Tabs),
-    
+
     io:format("remote             = ~p~n", [lists:sort(Unknown)]),
     io:format("ram_copies         = ~p~n", [lists:sort(Ram)]),
     io:format("disc_copies        = ~p~n", [lists:sort(Disc)]),
     io:format("disc_only_copies   = ~p~n", [lists:sort(DiscOnly)]),
-    
+
     Rfoldl = fun(T, Acc) ->
 		     Rpat =
 			 case val({T, access_mode}) of
@@ -2041,7 +2041,7 @@ display_tab_info() ->
 				 table_info(T, where_to_commit)
 			 end,
 		     case lists:keysearch(Rpat, 1, Acc) of
-			 {value, {_Rpat, Rtabs}} -> 
+			 {value, {_Rpat, Rtabs}} ->
 			     lists:keyreplace(Rpat, 1, Acc, {Rpat, [T | Rtabs]});
 			 false ->
 			     [{Rpat, [T]} | Acc]
@@ -2161,20 +2161,20 @@ system_info2(fallback_activated) ->
 
 system_info2(version) ->
     case ?catch_val(version) of
-	{'EXIT', _} -> 
+	{'EXIT', _} ->
 	    Apps = application:loaded_applications(),
 	    case lists:keysearch(?APPLICATION, 1, Apps) of
 		{value, {_Name, _Desc, Version}} ->
 		    Version;
 		false ->
 		    %% Ensure that it does not match
-		    {mnesia_not_loaded, node(), now()} 
+		    {mnesia_not_loaded, node(), now()}
 	    end;
 	Version ->
 	    Version
     end;
 
-system_info2(access_module) -> mnesia_monitor:get_env(access_module); 
+system_info2(access_module) -> mnesia_monitor:get_env(access_module);
 system_info2(auto_repair) -> mnesia_monitor:get_env(auto_repair);
 system_info2(is_running) -> mnesia_lib:is_running();
 system_info2(backup_module) -> mnesia_monitor:get_env(backup_module);
@@ -2183,7 +2183,7 @@ system_info2(debug) -> mnesia_monitor:get_env(debug);
 system_info2(dump_log_load_regulation) -> mnesia_monitor:get_env(dump_log_load_regulation);
 system_info2(dump_log_write_threshold) -> mnesia_monitor:get_env(dump_log_write_threshold);
 system_info2(dump_log_time_threshold) -> mnesia_monitor:get_env(dump_log_time_threshold);
-system_info2(dump_log_update_in_place) -> 
+system_info2(dump_log_update_in_place) ->
     mnesia_monitor:get_env(dump_log_update_in_place);
 system_info2(max_wait_for_decision) -> mnesia_monitor:get_env(max_wait_for_decision);
 system_info2(embedded_mnemosyne) -> mnesia_monitor:get_env(embedded_mnemosyne);
@@ -2204,9 +2204,9 @@ system_info2(transaction_failures) -> mnesia_lib:read_counter(trans_failures);
 system_info2(transaction_commits) -> mnesia_lib:read_counter(trans_commits);
 system_info2(transaction_restarts) -> mnesia_lib:read_counter(trans_restarts);
 system_info2(transaction_log_writes) -> mnesia_dumper:get_log_writes();
-system_info2(core_dir) ->  mnesia_monitor:get_env(core_dir); 
-system_info2(no_table_loaders) ->  mnesia_monitor:get_env(no_table_loaders); 
-system_info2(dc_dump_limit) ->  mnesia_monitor:get_env(dc_dump_limit); 
+system_info2(core_dir) ->  mnesia_monitor:get_env(core_dir);
+system_info2(no_table_loaders) ->  mnesia_monitor:get_env(no_table_loaders);
+system_info2(dc_dump_limit) ->  mnesia_monitor:get_env(dc_dump_limit);
 system_info2(send_compressed) -> mnesia_monitor:get_env(send_compressed);
 
 system_info2(Item) -> exit({badarg, Item}).
@@ -2281,7 +2281,7 @@ system_info_items(no) ->
      core_dir,
      version
     ].
-    
+
 system_info() ->
     IsRunning = mnesia_lib:is_running(),
     case IsRunning of
@@ -2308,62 +2308,62 @@ load_mnesia_or_abort() ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Database mgt
 
-create_schema(Ns) -> 
+create_schema(Ns) ->
     mnesia_bup:create_schema(Ns).
 
-delete_schema(Ns) -> 
+delete_schema(Ns) ->
     mnesia_schema:delete_schema(Ns).
 
-backup(Opaque) -> 
+backup(Opaque) ->
     mnesia_log:backup(Opaque).
 
-backup(Opaque, Mod) -> 
+backup(Opaque, Mod) ->
     mnesia_log:backup(Opaque, Mod).
 
-traverse_backup(S, T, Fun, Acc) -> 
+traverse_backup(S, T, Fun, Acc) ->
     mnesia_bup:traverse_backup(S, T, Fun, Acc).
 
-traverse_backup(S, SM, T, TM, F, A) -> 
+traverse_backup(S, SM, T, TM, F, A) ->
     mnesia_bup:traverse_backup(S, SM, T, TM, F, A).
 
-install_fallback(Opaque) -> 
+install_fallback(Opaque) ->
     mnesia_bup:install_fallback(Opaque).
 
-install_fallback(Opaque, Mod) -> 
+install_fallback(Opaque, Mod) ->
     mnesia_bup:install_fallback(Opaque, Mod).
 
-uninstall_fallback() -> 
+uninstall_fallback() ->
     mnesia_bup:uninstall_fallback().
 
-uninstall_fallback(Args) -> 
+uninstall_fallback(Args) ->
     mnesia_bup:uninstall_fallback(Args).
 
-activate_checkpoint(Args) -> 
+activate_checkpoint(Args) ->
     mnesia_checkpoint:activate(Args).
 
-deactivate_checkpoint(Name) -> 
+deactivate_checkpoint(Name) ->
     mnesia_checkpoint:deactivate(Name).
 
-backup_checkpoint(Name, Opaque) -> 
+backup_checkpoint(Name, Opaque) ->
     mnesia_log:backup_checkpoint(Name, Opaque).
 
-backup_checkpoint(Name, Opaque, Mod) -> 
+backup_checkpoint(Name, Opaque, Mod) ->
     mnesia_log:backup_checkpoint(Name, Opaque, Mod).
 
-restore(Opaque, Args) -> 
+restore(Opaque, Args) ->
     mnesia_schema:restore(Opaque, Args).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Table mgt
 
-create_table(Arg) -> 
+create_table(Arg) ->
     mnesia_schema:create_table(Arg).
-create_table(Name, Arg) when is_list(Arg) -> 
+create_table(Name, Arg) when is_list(Arg) ->
     mnesia_schema:create_table([{name, Name}| Arg]);
 create_table(Name, Arg) ->
     {aborted, badarg, Name, Arg}.
 
-delete_table(Tab) -> 
+delete_table(Tab) ->
     mnesia_schema:delete_table(Tab).
 
 add_table_copy(Tab, N, S) ->
@@ -2371,38 +2371,38 @@ add_table_copy(Tab, N, S) ->
 del_table_copy(Tab, N) ->
     mnesia_schema:del_table_copy(Tab, N).
 
-move_table_copy(Tab, From, To) -> 
+move_table_copy(Tab, From, To) ->
     mnesia_schema:move_table(Tab, From, To).
 
-add_table_index(Tab, Ix) -> 
+add_table_index(Tab, Ix) ->
     mnesia_schema:add_table_index(Tab, Ix).
-del_table_index(Tab, Ix) -> 
+del_table_index(Tab, Ix) ->
     mnesia_schema:del_table_index(Tab, Ix).
 
-transform_table(Tab, Fun, NewA) -> 
+transform_table(Tab, Fun, NewA) ->
     case catch val({Tab, record_name}) of
-	{'EXIT', Reason} -> 
+	{'EXIT', Reason} ->
 	    mnesia:abort(Reason);
-	OldRN -> 
+	OldRN ->
 	    mnesia_schema:transform_table(Tab, Fun, NewA, OldRN)
     end.
 
-transform_table(Tab, Fun, NewA, NewRN) -> 
+transform_table(Tab, Fun, NewA, NewRN) ->
     mnesia_schema:transform_table(Tab, Fun, NewA, NewRN).
 
 change_table_copy_type(T, N, S) ->
     mnesia_schema:change_table_copy_type(T, N, S).
 
 clear_table(Tab) ->
-    case get(mnesia_activity_state) of 
+    case get(mnesia_activity_state) of
 	State = {Mod, Tid, _Ts} when element(1, Tid) =/= tid ->
 	    transaction(State, fun() -> do_clear_table(Tab) end, [], infinity, Mod, sync);
-	undefined -> 
+	undefined ->
 	    transaction(undefined, fun() -> do_clear_table(Tab) end, [], infinity, ?DEFAULT_ACCESS, sync);
 	_ -> %% Not allowed for clear_table
 	    mnesia:abort({aborted, nested_transaction})
     end.
-	    
+
 do_clear_table(Tab) ->
     case get(mnesia_activity_state) of
 	{?DEFAULT_ACCESS, Tid, Ts}  ->
@@ -2415,7 +2415,7 @@ do_clear_table(Tab) ->
 
 clear_table(Tid, Ts, Tab, Obj) when element(1, Tid) =:= tid ->
     Store = Ts#tidstore.store,
-    mnesia_locker:wlock_table(Tid, Store, Tab), 
+    mnesia_locker:wlock_table(Tid, Store, Tab),
     Oid = {Tab, '_'},
     ?ets_insert(Store, {Oid, Obj, clear_table}),
     ok.
@@ -2423,26 +2423,26 @@ clear_table(Tid, Ts, Tab, Obj) when element(1, Tid) =:= tid ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Table mgt - user properties
 
-read_table_property(Tab, PropKey) -> 
+read_table_property(Tab, PropKey) ->
     val({Tab, user_property, PropKey}).
 
-write_table_property(Tab, Prop) -> 
+write_table_property(Tab, Prop) ->
     mnesia_schema:write_table_property(Tab, Prop).
 
-delete_table_property(Tab, PropKey) -> 
+delete_table_property(Tab, PropKey) ->
     mnesia_schema:delete_table_property(Tab, PropKey).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Table mgt - user properties
 
-change_table_frag(Tab, FragProp) -> 
+change_table_frag(Tab, FragProp) ->
     mnesia_schema:change_table_frag(Tab, FragProp).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Table mgt - table load
 
 %% Dump a ram table to disc
-dump_tables(Tabs) -> 
+dump_tables(Tabs) ->
     mnesia_schema:dump_tables(Tabs).
 
 %% allow the user to wait for some tables to be loaded
@@ -2455,10 +2455,10 @@ force_load_table(Tab) ->
 	Other -> Other
     end.
 
-change_table_access_mode(T, Access) -> 
+change_table_access_mode(T, Access) ->
     mnesia_schema:change_table_access_mode(T, Access).
 
-change_table_load_order(T, O) -> 
+change_table_load_order(T, O) ->
     mnesia_schema:change_table_load_order(T, O).
 
 change_table_majority(T, M) ->
@@ -2471,13 +2471,13 @@ set_master_nodes(Nodes) when is_list(Nodes) ->
 	yes ->
 	    CsPat = {{'_', cstruct}, '_'},
 	    Cstructs0 = ?ets_match_object(mnesia_gvar, CsPat),
-	    Cstructs = [Cs || {_, Cs} <- Cstructs0], 
+	    Cstructs = [Cs || {_, Cs} <- Cstructs0],
 	    log_valid_master_nodes(Cstructs, Nodes, UseDir, IsRunning);
 	_NotRunning ->
 	    case UseDir of
 		true ->
 		    mnesia_lib:lock_table(schema),
-		    Res = 
+		    Res =
 			case mnesia_schema:read_cstructs_from_disc() of
 			    {ok, Cstructs} ->
 				log_valid_master_nodes(Cstructs, Nodes, UseDir, IsRunning);
@@ -2497,7 +2497,7 @@ log_valid_master_nodes(Cstructs, Nodes, UseDir, IsRunning) ->
     Fun = fun(Cs) ->
 		  Copies = mnesia_lib:copy_holders(Cs),
 		  Valid = mnesia_lib:intersect(Nodes, Copies),
-		  {Cs#cstruct.name, Valid}  
+		  {Cs#cstruct.name, Valid}
 	  end,
     Args = lists:map(Fun, Cstructs),
     mnesia_recover:log_master_nodes(Args, UseDir, IsRunning).
@@ -2523,7 +2523,7 @@ set_master_nodes(Tab, Nodes) when is_list(Nodes) ->
 	    case UseDir of
 		true ->
 		    mnesia_lib:lock_table(schema),
-		    Res = 
+		    Res =
 			case mnesia_schema:read_cstructs_from_disc() of
 			    {ok, Cstructs} ->
 				case lists:keysearch(Tab, 2, Cstructs) of
@@ -2553,7 +2553,7 @@ set_master_nodes(Tab, Nodes) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Misc admin
 
-dump_log() -> 
+dump_log() ->
     mnesia_controller:sync_dump_log(user).
 
 subscribe(What) ->
@@ -2568,10 +2568,10 @@ report_event(Event) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Snmp
 
-snmp_open_table(Tab, Us) -> 
+snmp_open_table(Tab, Us) ->
     mnesia_schema:add_snmp(Tab, Us).
 
-snmp_close_table(Tab) ->  
+snmp_close_table(Tab) ->
     mnesia_schema:del_snmp(Tab).
 
 snmp_get_row(Tab, RowIndex) when is_atom(Tab), Tab /= schema, is_list(RowIndex) ->
@@ -2583,26 +2583,26 @@ snmp_get_row(Tab, RowIndex) when is_atom(Tab), Tab /= schema, is_list(RowIndex)
 		    SnmpType = val({Tab,snmp}),
 		    Fix = fun({{_,Key},Row,Op}, Res) ->
 				  case mnesia_snmp_hook:key_to_oid(Tab,Key,SnmpType) of
-				      RowIndex -> 
+				      RowIndex ->
 					  case Op of
 					      write -> {ok, Row};
 					      _ ->
 						  undefined
 					  end;
-				      _ -> 
+				      _ ->
 					  Res
 				  end
 			  end,
 		    lists:foldl(Fix, undefined, Ops);
 		Key ->
 		    case Mod:read(Tid, Ts, Tab, Key, read) of
-			[Row] ->  
+			[Row] ->
 			    {ok, Row};
-			_ -> 
+			_ ->
 			    undefined
 		    end
 	    end;
- 	_ -> 
+	_ ->
  	    dirty_rpc(Tab, mnesia_snmp_hook, get_row, [Tab, RowIndex])
     end;
 snmp_get_row(Tab, _RowIndex) ->
@@ -2613,7 +2613,7 @@ snmp_get_row(Tab, _RowIndex) ->
 snmp_get_next_index(Tab, RowIndex) when is_atom(Tab), Tab /= schema, is_list(RowIndex) ->
     {Next,OrigKey} = dirty_rpc(Tab, mnesia_snmp_hook, get_next_index, [Tab, RowIndex]),
     case get(mnesia_activity_state) of
- 	{_Mod, Tid, #tidstore{store=Store}} when element(1, Tid) =:= tid ->		
+	{_Mod, Tid, #tidstore{store=Store}} when element(1, Tid) =:= tid ->
 	    case OrigKey of
 		undefined ->
 		    snmp_order_keys(Store, Tab, RowIndex, []);
@@ -2639,7 +2639,7 @@ snmp_get_next_index(Tab, _RowIndex) ->
 snmp_order_keys(Store,Tab,RowIndex,Def) ->
     All = ?ets_match(Store, {{Tab,'$1'},'_','$2'}),
     SnmpType = val({Tab,snmp}),
-    Keys0 = [mnesia_snmp_hook:key_to_oid(Tab,Key,SnmpType) || 
+    Keys0 = [mnesia_snmp_hook:key_to_oid(Tab,Key,SnmpType) ||
 		Key <- ts_keys_1(All, Def)],
     Keys = lists:sort(Keys0),
     get_ordered_snmp_key(RowIndex,Keys).
@@ -2648,7 +2648,7 @@ get_ordered_snmp_key(Prev, [First|_]) when Prev < First -> {ok, First};
 get_ordered_snmp_key(Prev, [_|R]) ->
     get_ordered_snmp_key(Prev, R);
 get_ordered_snmp_key(_, []) ->
-    endOfTable.	       
+    endOfTable.
 
 %%%%%%%%%%
 
@@ -2657,7 +2657,7 @@ snmp_get_mnesia_key(Tab, RowIndex) when is_atom(Tab), Tab /= schema, is_list(Row
  	{_Mod, Tid, Ts} when element(1, Tid) =:= tid ->
 	    Res = dirty_rpc(Tab,mnesia_snmp_hook,get_mnesia_key,[Tab,RowIndex]),
 	    snmp_filter_key(Res, RowIndex, Tab, Ts#tidstore.store);
-	_ -> 
+	_ ->
 	    dirty_rpc(Tab, mnesia_snmp_hook, get_mnesia_key, [Tab, RowIndex])
     end;
 snmp_get_mnesia_key(Tab, _RowIndex) ->
@@ -2670,7 +2670,7 @@ snmp_oid_to_mnesia_key(RowIndex, Tab) ->
 		{ok, MnesiaKey} -> MnesiaKey;
 		undefined -> unknown
 	    end;
-	MnesiaKey -> 
+	MnesiaKey ->
 	    MnesiaKey
     end.
 
@@ -2690,20 +2690,20 @@ snmp_filter_key(undefined, RowIndex, Tab, Store) ->
 	    SnmpType = val({Tab,snmp}),
 	    Fix = fun({{_,Key},_,Op}, Res) ->
 			  case mnesia_snmp_hook:key_to_oid(Tab,Key,SnmpType) of
-			      RowIndex -> 
+			      RowIndex ->
 				  case Op of
 				      write -> {ok, Key};
 				      _ ->
 					  undefined
 				  end;
-			      _ -> 
+			      _ ->
 				  Res
 			  end
 		  end,
 	    lists:foldl(Fix, undefined, Ops);
 	Key ->
 	    case ?ets_lookup(Store, {Tab,Key}) of
-		[] -> 
+		[] ->
 		    undefined;
 		Ops ->
 		    case lists:last(Ops) of
@@ -2716,9 +2716,9 @@ snmp_filter_key(undefined, RowIndex, Tab, Store) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Textfile access
 
-load_textfile(F) -> 
+load_textfile(F) ->
     mnesia_text:load_textfile(F).
-dump_to_textfile(F) -> 
+dump_to_textfile(F) ->
     mnesia_text:dump_to_textfile(F).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -2727,7 +2727,7 @@ dump_to_textfile(F) ->
 table(Tab) ->
     table(Tab, []).
 table(Tab,Opts) ->
-    {[Trav,Lock,NObjects],QlcOptions0} = 
+    {[Trav,Lock,NObjects],QlcOptions0} =
 	qlc_opts(Opts,[{traverse,select},{lock,read},{n_objects,100}]),
     TF = case Trav of
 	     {select,Ms} ->
@@ -2740,10 +2740,10 @@ table(Tab,Opts) ->
     Pre  = fun(Arg) -> pre_qlc(Arg, Tab) end,
     Post = fun()  -> post_qlc(Tab) end,
     Info = fun(Tag) -> qlc_info(Tab, Tag) end,
-    ParentFun = fun() -> 
-			{mnesia_activity, mnesia:get_activity_id()} 
+    ParentFun = fun() ->
+			{mnesia_activity, mnesia:get_activity_id()}
 		end,
-    Lookup = 
+    Lookup =
 	case Trav of
 	    {select, _} -> [];
 	    _ ->
@@ -2757,27 +2757,27 @@ table(Tab,Opts) ->
 		[{lookup_fun, LFun}]
 	end,
     MFA  = fun(Type) -> qlc_format(Type, Tab, NObjects, Lock, Opts) end,
-    QlcOptions = [{pre_fun, Pre}, {post_fun, Post}, 
-		  {info_fun, Info}, {parent_fun, ParentFun}, 
+    QlcOptions = [{pre_fun, Pre}, {post_fun, Post},
+		  {info_fun, Info}, {parent_fun, ParentFun},
 		  {format_fun, MFA}|Lookup] ++ QlcOptions0,
     qlc:table(TF, QlcOptions).
 
 pre_qlc(Opts, Tab) ->
-    {_,Tid,_} = 
+    {_,Tid,_} =
 	case get(mnesia_activity_state) of
 	    undefined ->
 		case lists:keysearch(parent_value, 1, Opts) of
 		    {value, {parent_value,{mnesia_activity,undefined}}} ->
 			abort(no_transaction);
 		    {value, {parent_value,{mnesia_activity,Aid}}} ->
-			{value,{stop_fun,Stop}} = 
+			{value,{stop_fun,Stop}} =
 			    lists:keysearch(stop_fun,1,Opts),
 			put_activity_id(Aid,Stop),
 			Aid;
 		    _ ->
 			abort(no_transaction)
 		end;
-	    Else -> 
+	    Else ->
 		Else
 	end,
     case element(1,Tid) of
@@ -2785,9 +2785,9 @@ pre_qlc(Opts, Tab) ->
 	_ ->
 	    case ?catch_val({Tab, setorbag}) of
 		ordered_set ->   ok;
-		_ -> 
+		_ ->
 		    dirty_rpc(Tab, mnesia_tm, fixtable, [Tab,true,self()]),
-		    ok	    
+		    ok
 	    end
     end.
 
@@ -2806,7 +2806,7 @@ post_qlc(Tab) ->
 
 qlc_select('$end_of_table') ->     [];
 qlc_select({[], Cont}) -> qlc_select(select(Cont));
-qlc_select({Objects, Cont}) -> 
+qlc_select({Objects, Cont}) ->
     Objects ++ fun() -> qlc_select(select(Cont)) end.
 
 qlc_opts(Opts, Keys) when is_list(Opts) ->
@@ -2826,7 +2826,7 @@ qlc_opts(Opts,[],Acc) -> {lists:reverse(Acc),Opts}.
 
 qlc_info(Tab, num_of_objects) ->
     dirty_rpc(Tab, ?MODULE, raw_table_info, [Tab, size]);
-qlc_info(_, keypos) ->    2;         
+qlc_info(_, keypos) ->    2;
 qlc_info(_, is_unique_objects) ->    true;
 qlc_info(Tab, is_unique_keys) ->
     case val({Tab, type}) of
@@ -2836,9 +2836,9 @@ qlc_info(Tab, is_unique_keys) ->
     end;
 qlc_info(Tab, is_sorted_objects) ->
     case val({Tab, type}) of
-	ordered_set -> 
+	ordered_set ->
 	    case ?catch_val({Tab, frag_hash}) of
-		{'EXIT', _} -> 
+		{'EXIT', _} ->
 		    ascending;
 		_ ->  %% Fragmented tables are not ordered
 		    no
@@ -2856,11 +2856,11 @@ qlc_format({match_spec, Ms}, Tab, NObjects, Lock, Opts) ->
     {?MODULE, table, [Tab,[{traverse,{select,Ms}},{n_objects, NObjects}, {lock,Lock}|Opts]]};
 qlc_format({lookup, 2, Keys}, Tab, _, Lock, _) ->
     io_lib:format("lists:flatmap(fun(V) -> "
-		  "~w:read(~w, V, ~w) end, ~w)", 
+		  "~w:read(~w, V, ~w) end, ~w)",
 		  [?MODULE, Tab, Lock, Keys]);
 qlc_format({lookup, Index,Keys}, Tab, _, _, _) ->
     io_lib:format("lists:flatmap(fun(V) -> "
-		  "~w:index_read(~w, V, ~w) end, ~w)", 
+		  "~w:index_read(~w, V, ~w) end, ~w)",
 		  [?MODULE, Tab, Index, Keys]).
 
 
@@ -2874,7 +2874,7 @@ do_fixtable(Tab, Store) ->
 	    ok;
 	_ ->
 	    case ?ets_match_object(Store, {fixtable, {Tab, '_'}}) of
-		[] -> 
+		[] ->
 		    Node = dirty_rpc(Tab, mnesia_tm, fixtable, [Tab,true,self()]),
 		    ?ets_insert(Store, {fixtable, {Tab, Node}});
 		_ ->
@@ -2886,10 +2886,10 @@ do_fixtable(Tab, Store) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Mnemosyne exclusive
 
-get_activity_id() -> 
+get_activity_id() ->
     get(mnesia_activity_state).
 
-put_activity_id(Activity) -> 
+put_activity_id(Activity) ->
     mnesia_tm:put_activity_id(Activity).
-put_activity_id(Activity,Fun) -> 
+put_activity_id(Activity,Fun) ->
     mnesia_tm:put_activity_id(Activity,Fun).
diff --git a/lib/mnesia/src/mnesia.hrl b/lib/mnesia/src/mnesia.hrl
index 2375b72d59..2855792646 100644
--- a/lib/mnesia/src/mnesia.hrl
+++ b/lib/mnesia/src/mnesia.hrl
@@ -70,6 +70,7 @@
 		  attributes = [key, val],         % [Atom]
 		  user_properties = [],            % [Record]
 		  frag_properties = [],            % [{Key, Val]
+		  storage_properties = [],         % [{Key, Val]
                   cookie = ?unique_cookie,         % Term
                   version = {{2, 0}, []}}).        % {{Integer, Integer}, [Node]}
 
diff --git a/lib/mnesia/src/mnesia_backup.erl b/lib/mnesia/src/mnesia_backup.erl
index f372ca0be5..736f2ed9bf 100644
--- a/lib/mnesia/src/mnesia_backup.erl
+++ b/lib/mnesia/src/mnesia_backup.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -56,14 +56,14 @@
 
 -export([
 	 %% Write access
-         open_write/1, 
-	 write/2, 
-	 commit_write/1, 
+         open_write/1,
+	 write/2,
+	 commit_write/1,
 	 abort_write/1,
 
 	 %% Read access
-         open_read/1, 
-	 read/1, 
+         open_read/1,
+	 read/1,
 	 close_read/1
         ]).
 
diff --git a/lib/mnesia/src/mnesia_bup.erl b/lib/mnesia/src/mnesia_bup.erl
index 14414537b9..fd87be1759 100644
--- a/lib/mnesia/src/mnesia_bup.erl
+++ b/lib/mnesia/src/mnesia_bup.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
+%%
 %% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -62,7 +62,7 @@
                         fallback_tmp,
                         skip_tables = [],
                         keep_tables = [],
-                        default_op = keep_tables                       
+                        default_op = keep_tables
                        }).
 
 -type fallback_args() :: #fallback_args{}.
@@ -134,7 +134,7 @@ abort_restore(R, What, Args, Reason) ->
             [Mod, What, Args, Reason]),
     catch apply(Mod, close_read, [Opaque]),
     throw({error, Reason}).
-            
+
 fallback_to_schema() ->
     Fname = fallback_bup(),
     fallback_to_schema(Fname).
@@ -146,14 +146,14 @@ fallback_to_schema(Fname) ->
             {error, Reason};
         Schema ->
             case catch lookup_schema(schema, Schema) of
-                {error, _} -> 
+                {error, _} ->
                     {error, "No schema in fallback"};
                 List ->
                     {ok, fallback, List}
             end
     end.
 
-%% Opens Opaque reads schema and then close 
+%% Opens Opaque reads schema and then close
 read_schema(Mod, Opaque) ->
     R = #restore{bup_module = Mod, bup_data = Opaque},
     case catch read_schema_section(R) of
@@ -163,7 +163,7 @@ read_schema(Mod, Opaque) ->
             catch safe_apply(R2, close_read, [R2#restore.bup_data]),
             Schema
     end.
-    
+
 %% Open backup media and extract schema
 %% rewind backup media and leave it open
 %% Returns {R, {Header, Schema}}
@@ -227,7 +227,7 @@ refresh_cookie(Schema, NewCookie) ->
             Cs2 = Cs#cstruct{cookie = NewCookie},
             Item = {schema, schema, mnesia_schema:cs2list(Cs2)},
             lists:keyreplace(schema, 2, Schema, Item);
-        
+
         false ->
             Reason = "No schema found. Cannot be used as backup.",
             throw({error, {Reason, Schema}})
@@ -273,7 +273,7 @@ convert_0_1([{schema, db_nodes, DbNodes} | Schema], Acc, Cs) ->
 convert_0_1([{schema, version, Version} | Schema], Acc, Cs) ->
     convert_0_1(Schema, Acc, Cs#cstruct{version = Version});
 convert_0_1([{schema, Tab, Def} | Schema], Acc, Cs) ->
-    Head = 
+    Head =
         case lists:keysearch(index, 1, Def) of
             {value, {index, PosList}} ->
                 %% Remove the snmp "index"
@@ -334,7 +334,7 @@ create_schema(Ns, ok) ->
     case mnesia_lib:ensure_loaded(?APPLICATION) of
         ok ->
             case mnesia_monitor:get_env(schema_location) of
-                ram -> 
+                ram ->
                     {error, {has_no_disc, node()}};
                 _ ->
                     case mnesia_schema:opt_create_dir(true, mnesia_lib:dir()) of
@@ -358,7 +358,7 @@ create_schema(Ns, ok) ->
                                     {error, Reason}
                             end
                     end
-            end;        
+            end;
         {error, Reason} ->
             {error, Reason}
     end;
@@ -434,7 +434,7 @@ check_fallback_args([Arg | Tail], FA) ->
 check_fallback_args([], FA) ->
     {ok, FA}.
 
-check_fallback_arg_type(Arg, FA) ->    
+check_fallback_arg_type(Arg, FA) ->
     case Arg of
         {scope, global} ->
             FA#fallback_args{scope = global};
@@ -462,10 +462,10 @@ atom_list([H | T]) when is_atom(H) ->
     atom_list(T);
 atom_list([]) ->
     ok.
-    
+
 do_install_fallback(FA) ->
     Pid = spawn_link(?MODULE, install_fallback_master, [self(), FA]),
-    Res = 
+    Res =
         receive
             {'EXIT', Pid, Reason} -> % if appl has trapped exit
                 {error, {'EXIT', Reason}};
@@ -506,7 +506,7 @@ restore_recs(Recs, Header, Schema, {start, FA}) ->
             Pids = [spawn_link(N, ?MODULE, fallback_receiver, Args) || N <- Ns],
             send_fallback(Pids, {start, Header, Schema2}),
             Res = restore_recs(Recs, Header, Schema2, Pids),
-            global:del_lock({{mnesia_table_lock, schema}, self()}, Ns), 
+            global:del_lock({{mnesia_table_lock, schema}, self()}, Ns),
             Res
     end;
 
@@ -578,7 +578,7 @@ fallback_tmp_name() -> "FALLBACK.TMP".
 -spec fallback_receiver(pid(), fallback_args()) -> no_return().
 fallback_receiver(Master, FA) ->
     process_flag(trap_exit, true),
-    
+
     case catch register(mnesia_fallback, self()) of
         {'EXIT', _} ->
             Reason = {already_exists, node()},
@@ -610,7 +610,7 @@ local_fallback_error(Master, Reason) ->
     Master ! {self(), {error, Reason}},
     unlink(Master),
     exit(Reason).
-    
+
 check_fallback_dir(Master, FA) ->
     case mnesia:system_info(schema_location) of
         ram ->
@@ -659,7 +659,7 @@ fallback_receiver_loop(Master, R, FA, State) ->
             R2 = safe_apply(R, write, [R#restore.bup_data, Recs]),
             Master ! {self(), ok},
             fallback_receiver_loop(Master, R2, FA, records);
-        
+
         {Master, swap} when State =/= schema ->
             ?eval_debug_fun({?MODULE, fallback_receiver_loop, pre_swap}, []),
             safe_apply(R, commit_write, [R#restore.bup_data]),
@@ -834,7 +834,7 @@ create_dat_files([{schema, Tab, TabDef} | Tail], LocalTabs) ->
             ok = dets:delete(schema, {schema, Tab}),
             create_dat_files(Tail, LocalTabs);
         Storage =:= disc_only_copies ->
-            Args = [{file, TmpFile}, {keypos, 2}, 
+            Args = [{file, TmpFile}, {keypos, 2},
                     {type, mnesia_lib:disk_type(Tab, Cs#cstruct.type)}],
             Open = fun(T, LT) when T =:= LT#local_tab.name ->
                            case mnesia_lib:dets_sync_open(T, Args) of
@@ -861,9 +861,9 @@ create_dat_files([{schema, Tab, TabDef} | Tail], LocalTabs) ->
 	    Swap = fun(T, LT) when T =:= LT#local_tab.name ->
 			   Expunge(),
 			   case LT#local_tab.opened of
-			       true -> 
+			       true ->
 				   Close(T,LT);
-			       false -> 
+			       false ->
 				   Open(T,LT),
 				   Close(T,LT)
 			   end,
@@ -887,8 +887,8 @@ create_dat_files([{schema, Tab, TabDef} | Tail], LocalTabs) ->
 	    create_dat_files(Tail, LocalTabs);
         Storage =:= ram_copies; Storage =:= disc_copies ->
 	    Open = fun(T, LT) when T =:= LT#local_tab.name ->
-			   mnesia_log:open_log({?MODULE, T}, 
-					       mnesia_log:dcl_log_header(), 
+			   mnesia_log:open_log({?MODULE, T},
+					       mnesia_log:dcl_log_header(),
 					       TmpFile,
 					       false,
 					       false,
@@ -917,7 +917,7 @@ create_dat_files([{schema, Tab, TabDef} | Tail], LocalTabs) ->
 			       true ->
 				   Log = mnesia_log:open_log(fallback_tab,
 							     mnesia_log:dcd_log_header(),
-							     DcdFile, 
+							     DcdFile,
 							     false),
 				   mnesia_log:close_log(Log),
 				   case LT#local_tab.opened of
@@ -926,7 +926,7 @@ create_dat_files([{schema, Tab, TabDef} | Tail], LocalTabs) ->
 				       false ->
 					   Open(T,LT),
 					   Close(T,LT)
-				   end,				   
+				   end,
 				   case file:rename(TmpFile, DclFile) of
 				       ok ->
 					   ok;
@@ -959,7 +959,7 @@ create_dat_files([], _LocalTabs) ->
     ok.
 
 uninstall_fallback() ->
-    uninstall_fallback([{scope, global}]).    
+    uninstall_fallback([{scope, global}]).
 
 uninstall_fallback(Args) ->
     case check_fallback_args(Args, #fallback_args{}) of
@@ -969,7 +969,7 @@ uninstall_fallback(Args) ->
             {error, Reason}
     end.
 
-do_uninstall_fallback(FA) ->    
+do_uninstall_fallback(FA) ->
     %% Ensure that we access the intended Mnesia
     %% directory. This function may not be called
     %% during startup since it will cause the
@@ -1040,11 +1040,11 @@ do_uninstall(_ClientPid, [], GoodPids, BadNodes, BadRes) ->
 
 local_uninstall_fallback(Master, FA) ->
     %% Don't trap exit
-    
+
     register(mnesia_fallback, self()),        % May exit
     FA2 = check_fallback_dir(Master, FA), % May exit
     Master ! {self(), started},
-    
+
     receive
         {Master, do_uninstall} ->
             ?eval_debug_fun({?MODULE, uninstall_fallback2, pre_delete}, []),
@@ -1052,7 +1052,7 @@ local_uninstall_fallback(Master, FA) ->
             Tmp = FA2#fallback_args.fallback_tmp,
             Bup = FA2#fallback_args.fallback_bup,
             file:delete(Tmp),
-            Res = 
+            Res =
                 case fallback_exists(Bup) of
                     true -> file:delete(Bup);
                     false -> ok
@@ -1079,7 +1079,7 @@ rec_uninstall(ClientPid, [], Res) ->
     ClientPid ! {self(), Res},
     unlink(ClientPid),
     exit(normal).
-    
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Backup traversal
 
@@ -1130,7 +1130,7 @@ do_traverse_backup(ClientPid, Source, SourceMod, Target, TargetMod, Fun, Acc) ->
         if
             TargetMod =/= read_only ->
                 case catch do_apply(TargetMod, open_write, [Target], Target) of
-                    {error, Error} -> 
+                    {error, Error} ->
                         unlink(ClientPid),
                         ClientPid ! {iter_done, self(), {error, Error}},
                         exit(Error);
@@ -1140,15 +1140,15 @@ do_traverse_backup(ClientPid, Source, SourceMod, Target, TargetMod, Fun, Acc) ->
                 ignore
         end,
     A = {start, Fun, Acc, TargetMod, Iter},
-    Res = 
+    Res =
         case iterate(SourceMod, fun trav_apply/4, Source, A) of
             {ok, {iter, _, Acc2, _, Iter2}} when TargetMod =/= read_only ->
                 case catch do_apply(TargetMod, commit_write, [Iter2], Iter2) of
-                    {error, Reason} -> 
+                    {error, Reason} ->
                         {error, Reason};
-                    _ -> 
+                    _ ->
                         {ok, Acc2}
-                end;            
+                end;
             {ok, {iter, _, Acc2, _, _}} ->
                 {ok, Acc2};
             {error, Reason} when TargetMod =/= read_only->
diff --git a/lib/mnesia/src/mnesia_controller.erl b/lib/mnesia/src/mnesia_controller.erl
index 6a561394d5..d488a33d67 100644
--- a/lib/mnesia/src/mnesia_controller.erl
+++ b/lib/mnesia/src/mnesia_controller.erl
@@ -107,14 +107,14 @@
 
 -include("mnesia.hrl").
 
--define(SERVER_NAME, ?MODULE).  
+-define(SERVER_NAME, ?MODULE).
 
 -record(state, {supervisor,
 		schema_is_merged = false,
 		early_msgs = [],
-		loader_pid = [],     %% Was Pid is now [{Pid,Work}|..] 
+		loader_pid = [],     %% Was Pid is now [{Pid,Work}|..]
 		loader_queue,        %% Was list is now gb_tree
-		sender_pid = [],     %% Was a pid or undef is now [{Pid,Work}|..] 
+		sender_pid = [],     %% Was a pid or undef is now [{Pid,Work}|..]
 		sender_queue =  [],
 		late_loader_queue,   %% Was list is now gb_tree
 		dumper_pid,          %% Dumper or schema commit pid
@@ -124,12 +124,12 @@
 		is_stopping = false
 	       }).
 %% Backwards Comp. Sender_pid is now a list of senders..
-get_senders(#state{sender_pid = Pids}) when is_list(Pids) -> Pids.    
+get_senders(#state{sender_pid = Pids}) when is_list(Pids) -> Pids.
 %% Backwards Comp. loader_pid is now a list of loaders..
-get_loaders(#state{loader_pid = Pids}) when is_list(Pids) -> Pids.    
+get_loaders(#state{loader_pid = Pids}) when is_list(Pids) -> Pids.
 max_loaders() ->
     case ?catch_val(no_table_loaders) of
-	{'EXIT', _} -> 
+	{'EXIT', _} ->
 	    mnesia_lib:set(no_table_loaders,1),
 	    1;
 	Val -> Val
@@ -153,7 +153,7 @@ max_loaders() ->
 		     remote_storage
 		    }).
 
--record(disc_load, {table, 
+-record(disc_load, {table,
 		    reason,
 		    opt_reply_to
 		   }).
@@ -184,7 +184,7 @@ max_loaders() ->
 
 val(Var) ->
     case ?catch_val(Var) of
-	{'EXIT', Reason} -> mnesia_lib:other_val(Var, Reason); 
+	{'EXIT', Reason} -> mnesia_lib:other_val(Var, Reason);
 	Value -> Value
     end.
 
@@ -199,7 +199,7 @@ sync_dump_log(InitBy) ->
 
 async_dump_log(InitBy) ->
     ?SERVER_NAME ! {async_dump_log, InitBy}.
-    
+
 %% Wait for tables to be active
 %% If needed, we will wait for Mnesia to start
 %% If Mnesia stops, we will wait for Mnesia to restart
@@ -227,7 +227,7 @@ do_wait_for_tables(Tabs, Timeout) ->
 	    exit(Pid, timeout),
 	    reply_wait(Tabs)
     end.
-	
+
 reply_wait(Tabs) ->
     case catch mnesia_lib:active_tables() of
 	{'EXIT', _} ->
@@ -270,7 +270,7 @@ rec_tabs([Tab | Tabs], AllTabs, From, Init) ->
 	    %% This will trigger an exit signal
 	    %% to mnesia_init
 	    exit(wait_for_tables_timeout);
-	
+
 	{'EXIT', Init, _} ->
 	    %% Oops, mnesia_init stopped,
 	    exit(mnesia_stopped)
@@ -279,11 +279,8 @@ rec_tabs([], _, _, Init) ->
     unlink(Init),
     ok.
 
-%% New function that does exactly what get_cstructs() used to do.
-%% When this function is called, we know that the calling node knows
-%% how to convert cstructs on the receiving end (should they differ).
 get_remote_cstructs() ->
-    call(get_cstructs).
+    get_cstructs().  %% Sigh not forward compatible always check version
 
 %% Old function kept for backwards compatibility; converts cstructs before sending.
 get_cstructs() ->
@@ -319,7 +316,7 @@ get_network_copy(Tab, Cs) ->
 %   We can't let the controller queue this one
 %   because that may cause a deadlock between schema_operations
 %   and initial tableloadings which both takes schema locks.
-%   But we have to get copier_done msgs when the other side 
+%   But we have to get copier_done msgs when the other side
 %   goes down.
     call({add_other, self()}),
     Reason = {dumper,add_table_copy},
@@ -341,14 +338,14 @@ get_network_copy(Tab, Cs) ->
  		    ignore
  	    end,
  	    Res#loader_done.reply;
- 	#loader_done{} -> 
+	#loader_done{} ->
  	    Res#loader_done.reply;
  	Else ->
  	    {not_loaded, Else}
     end.
 
 %% This functions is invoked from the dumper
-%% 
+%%
 %% There are two cases here:
 %% startup ->
 %%   no need for sync, since mnesia_controller not started yet
@@ -380,11 +377,11 @@ force_load_table(Tab) when is_atom(Tab), Tab /= schema ->
     end;
 force_load_table(Tab) ->
     {error, {bad_type, Tab}}.
-    
+
 do_force_load_table(Tab) ->
     Loaded = ?catch_val({Tab, load_reason}),
     case Loaded of
-	unknown -> 
+	unknown ->
 	    set({Tab, load_by_force}, true),
 	    mnesia_late_loader:async_late_disc_load(node(), [Tab], forced_by_user),
 	    wait_for_tables([Tab], infinity);
@@ -394,7 +391,7 @@ do_force_load_table(Tab) ->
 	    wait_for_tables([Tab], infinity);
 	_ ->
 	    ok
-    end.    
+    end.
 master_nodes_updated(schema, _Masters) ->
     ignore;
 master_nodes_updated(Tab, Masters) ->
@@ -438,15 +435,15 @@ connect_nodes(Ns) ->
     connect_nodes(Ns, fun default_merge/1).
 
 connect_nodes(Ns, UserFun) ->
-    case mnesia:system_info(is_running) of 
+    case mnesia:system_info(is_running) of
 	no ->
 	    {error, {node_not_running, node()}};
-	yes ->	  	   
+	yes ->
 	    Pid = spawn_link(?MODULE,connect_nodes2,[self(),Ns, UserFun]),
-	    receive 
-		{?MODULE, Pid, Res, New} -> 
+	    receive
+		{?MODULE, Pid, Res, New} ->
 		    case Res of
-			ok -> 
+			ok ->
 			    mnesia_lib:add_list(extra_db_nodes, New),
 			    {ok, New};
 			{aborted, {throw, Str}} when is_list(Str) ->
@@ -454,8 +451,8 @@ connect_nodes(Ns, UserFun) ->
 			    {error, {merge_schema_failed, lists:flatten(Str)}};
 			Else ->
 			    {error, Else}
-		    end;	    
-		{'EXIT', Pid, Reason} -> 
+		    end;
+		{'EXIT', Pid, Reason} ->
 		    {error, Reason}
 	    end
     end.
@@ -466,16 +463,16 @@ connect_nodes2(Father, Ns, UserFun) ->
     {NewC, OldC} = mnesia_recover:connect_nodes(Ns),
     Connected = NewC ++OldC,
     New1 = mnesia_lib:intersect(Ns, Connected),
-    New = New1 -- Current,    
+    New = New1 -- Current,
     process_flag(trap_exit, true),
     Res = try_merge_schema(New, [], UserFun),
     Msg = {schema_is_merged, [], late_merge, []},
     multicall([node()|Ns], Msg),
-    After = val({current, db_nodes}),    
+    After = val({current, db_nodes}),
     Father ! {?MODULE, self(), Res, mnesia_lib:intersect(Ns,After)},
     unlink(Father),
     ok.
-    
+
 %% Merge the local schema with the schema on other nodes.
 %% But first we must let all processes that want to force
 %% load tables wait until the schema merge is done.
@@ -483,7 +480,7 @@ connect_nodes2(Father, Ns, UserFun) ->
 merge_schema() ->
     AllNodes = mnesia_lib:all_nodes(),
     case try_merge_schema(AllNodes, [node()], fun default_merge/1) of
-	ok -> 
+	ok ->
 	    schema_is_merged();
 	{aborted, {throw, Str}} when is_list(Str) ->
 	    fatal("Failed to merge schema: ~s~n", [Str]);
@@ -535,7 +532,7 @@ im_running(OldFriends, NewFriends) ->
 schema_is_merged() ->
     MsgTag = schema_is_merged,
     SafeLoads = initial_safe_loads(),
-    
+
     %% At this point we do not know anything about
     %% which tables that the other nodes already
     %% has loaded and therefore we let the normal
@@ -545,7 +542,7 @@ schema_is_merged() ->
     %% that all nodes tells each other directly
     %% when they have loaded a table and are
     %% willing to share it.
-    
+
     try_schedule_late_disc_load(SafeLoads, initial, MsgTag).
 
 
@@ -589,7 +586,7 @@ remote_call(Node, Func, Args) ->
 	Else ->
 	    Else
     end.
-    
+
 multicall(Nodes, Msg) ->
     {Good, Bad} = gen_server:multi_call(Nodes, ?MODULE, Msg, infinity),
     PatchedGood = [Reply || {_Node, Reply} <- Good],
@@ -621,9 +618,9 @@ init([Parent]) ->
     Msg = {async_dump_log, time_threshold},
     {ok, Ref} = timer:send_interval(Interval, Msg),
     mnesia_dumper:start_regulator(),
-    
+
     Empty = gb_trees:empty(),
-    {ok, #state{supervisor = Parent, dump_log_timer_ref = Ref, 
+    {ok, #state{supervisor = Parent, dump_log_timer_ref = Ref,
 		loader_queue = Empty,
 		late_loader_queue = Empty}}.
 
@@ -656,17 +653,17 @@ handle_call(block_controller, From, State) ->
 
 handle_call({update,Fun}, From, State) ->
     Res = (catch Fun()),
-    reply(From, Res), 
+    reply(From, Res),
     noreply(State);
 
 handle_call(get_cstructs, From, State) ->
     Tabs = val({schema, tables}),
     Cstructs = [val({T, cstruct}) || T <- Tabs],
     Running = val({current, db_nodes}),
-    reply(From, {cstructs, Cstructs, Running}), 
+    reply(From, {cstructs, Cstructs, Running}),
     noreply(State);
 
-handle_call({schema_is_merged, [], late_merge, []}, From, 
+handle_call({schema_is_merged, [], late_merge, []}, From,
 	    State = #state{schema_is_merged = Merged}) ->
     case Merged of
 	{false, Node} when Node == node(From) ->
@@ -697,8 +694,8 @@ handle_call(disc_load_intents,From,State = #state{loader_queue=LQ,late_loader_qu
 
 handle_call({update_where_to_write, [add, Tab, AddNode], _From}, _Dummy, State) ->
     Current = val({current, db_nodes}),
-    Res = 
-	case lists:member(AddNode, Current) and 
+    Res =
+	case lists:member(AddNode, Current) and
 	    (State#state.schema_is_merged == true) of
 	    true ->
 		mnesia_lib:add_lsort({Tab, where_to_write}, AddNode),
@@ -732,7 +729,7 @@ handle_call({add_active_replica, [Tab, ToNode, RemoteS, AccessMode], From},
 	    noreply(State#state{early_msgs = [{call, Msg, undefined} | Msgs]})
     end;
 
-handle_call({unannounce_add_table_copy, [Tab, Node], From}, ReplyTo, State) ->    
+handle_call({unannounce_add_table_copy, [Tab, Node], From}, ReplyTo, State) ->
     KnownNode = lists:member(node(From), val({current, db_nodes})),
     Merged = State#state.schema_is_merged,
     if
@@ -752,16 +749,16 @@ handle_call({unannounce_add_table_copy, [Tab, Node], From}, ReplyTo, State) ->
     end;
 
 handle_call({net_load, Tab, Cs}, From, State) ->
-    State2 = 
+    State2 =
 	case State#state.schema_is_merged of
-	    true -> 	    
+	    true ->
 		Worker = #net_load{table = Tab,
 				   opt_reply_to = From,
 				   reason = {dumper,add_table_copy},
 				   cstruct = Cs
 				  },
 		add_worker(Worker, State);
-	    false -> 
+	    false ->
 		reply(From, {not_loaded, schema_not_merged}),
 		State
 	end,
@@ -804,16 +801,16 @@ handle_call({add_other, Who}, _From, State = #state{others=Others0}) ->
 handle_call({del_other, Who}, _From, State = #state{others=Others0}) ->
     Others = lists:delete(Who, Others0),
     {reply, ok, State#state{others=Others}};
-	    
+
 handle_call(Msg, _From, State) ->
     error("~p got unexpected call: ~p~n", [?SERVER_NAME, Msg]),
     noreply(State).
 
-late_disc_load(TabsR, Reason, RemoteLoaders, From, 
+late_disc_load(TabsR, Reason, RemoteLoaders, From,
 	       State = #state{loader_queue = LQ, late_loader_queue = LLQ}) ->
     verbose("Intend to load tables: ~p~n", [TabsR]),
     ?eval_debug_fun({?MODULE, late_disc_load},
-		    [{tabs, TabsR}, 
+		    [{tabs, TabsR},
 		     {reason, Reason},
 		     {loaders, RemoteLoaders}]),
 
@@ -822,14 +819,14 @@ late_disc_load(TabsR, Reason, RemoteLoaders, From,
 
     %% Remove deleted tabs and queued/loaded
     LocalTabs = gb_sets:from_ordset(lists:sort(mnesia_lib:val({schema,local_tables}))),
-    Filter = fun(TabInfo0, Acc) -> 
-		     TabInfo = {Tab,_} = 
-			 case TabInfo0 of 
+    Filter = fun(TabInfo0, Acc) ->
+		     TabInfo = {Tab,_} =
+			 case TabInfo0 of
 			     {_,_} -> TabInfo0;
 			     TabN -> {TabN,Reason}
 			 end,
 		     case gb_sets:is_member(Tab, LocalTabs) of
-			 true -> 
+			 true ->
 			     case ?catch_val({Tab, where_to_read}) == node() of
 				 true -> Acc;
 				 false ->
@@ -841,12 +838,12 @@ late_disc_load(TabsR, Reason, RemoteLoaders, From,
 			 false -> Acc
 		     end
 	     end,
-    
+
     Tabs = lists:foldl(Filter, [], TabsR),
-    
+
     Nodes = val({current, db_nodes}),
     LateQueue = late_loaders(Tabs, RemoteLoaders, Nodes, LLQ),
-    State#state{late_loader_queue = LateQueue}. 
+    State#state{late_loader_queue = LateQueue}.
 
 late_loaders([{Tab, Reason} | Tabs], RemoteLoaders, Nodes, LLQ) ->
     case gb_trees:is_defined(Tab, LLQ) of
@@ -859,7 +856,7 @@ late_loaders([{Tab, Reason} | Tabs], RemoteLoaders, Nodes, LLQ) ->
 	    LateLoad = #late_load{table=Tab,loaders=LoadNodes,reason=Reason},
 	    late_loaders(Tabs, RemoteLoaders, Nodes, gb_trees:insert(Tab,LateLoad,LLQ));
 	true ->
-	    late_loaders(Tabs, RemoteLoaders, Nodes, LLQ)	     
+	    late_loaders(Tabs, RemoteLoaders, Nodes, LLQ)
     end;
 late_loaders([], _RemoteLoaders, _Nodes, LLQ) ->
     LLQ.
@@ -899,7 +896,7 @@ late_load_filter([RL | RemoteLoaders], Tab, Nodes, Acc) ->
     end;
 late_load_filter([], _Tab, _Nodes, Acc) ->
     Acc.
-    
+
 %%----------------------------------------------------------------------
 %% Func: handle_cast/2
 %% Returns: {noreply, State}          |
@@ -911,7 +908,7 @@ handle_cast({release_schema_commit_lock, _Owner}, State) ->
     if
 	State#state.is_stopping == true ->
 	    {stop, shutdown, State};
-	true -> 
+	true ->
 	    case State#state.dumper_queue of
 		[#schema_commit_lock{}|Rest] ->
 		    [_Worker | Rest] = State#state.dumper_queue,
@@ -932,7 +929,7 @@ handle_cast(unblock_controller, State) ->
 	    [_Worker | Rest] = State#state.dumper_queue,
 	    State2 = State#state{dumper_pid = undefined,
 				 dumper_queue = Rest},
-	    State3 = opt_start_worker(State2),	    
+	    State3 = opt_start_worker(State2),
 	    noreply(State3)
     end;
 
@@ -948,31 +945,31 @@ handle_cast({mnesia_down, Node}, State) ->
 
     %% Fix if we are late_merging against the node that went down
     case State#state.schema_is_merged of
-	{false, Node} -> 
+	{false, Node} ->
 	    spawn(?MODULE, call, [{schema_is_merged, [], late_merge, []}]);
 	_ ->
 	    ignore
     end,
-    
+
     %% Fix internal stuff
     LateQ = remove_loaders(Alltabs, Node, State#state.late_loader_queue),
-    
+
     case get_senders(State) ++ get_loaders(State) of
 	[] -> ignore;
-	Senders -> 
+	Senders ->
 	    lists:foreach(fun({Pid,_}) -> Pid ! {copier_done, Node} end,
 			  Senders)
     end,
-    lists:foreach(fun(Pid) -> Pid ! {copier_done,Node} end, 
+    lists:foreach(fun(Pid) -> Pid ! {copier_done,Node} end,
 		  State#state.others),
-    
+
     Remove = fun(ST) ->
 		     node(ST#send_table.receiver_pid) /= Node
 	     end,
     NewSenders = lists:filter(Remove, State#state.sender_queue),
     Early = remove_early_messages(State#state.early_msgs, Node),
-    noreply(State#state{sender_queue = NewSenders, 
-			early_msgs = Early, 
+    noreply(State#state{sender_queue = NewSenders,
+			early_msgs = Early,
 			late_loader_queue = LateQ
 		       });
 
@@ -981,8 +978,8 @@ handle_cast({merging_schema, Node}, State) ->
 	false ->
 	    %% This comes from dynamic connect_nodes which are made
 	    %% after mnesia:start() and the schema_merge.
-	    ImANewKidInTheBlock = 
-		(val({schema, storage_type}) == ram_copies) 
+	    ImANewKidInTheBlock =
+		(val({schema, storage_type}) == ram_copies)
 		andalso (mnesia_lib:val({schema, local_tables}) == [schema]),
 	    case ImANewKidInTheBlock of
 		true ->  %% I'm newly started ram_node..
@@ -1000,7 +997,7 @@ handle_cast(Msg, State) when State#state.schema_is_merged /= true ->
     noreply(State#state{early_msgs = [{cast, Msg} | Msgs]});
 
 %% This must be done after schema_is_merged otherwise adopt_orphan
-%% might trigger a table load from wrong nodes as a result of that we don't 
+%% might trigger a table load from wrong nodes as a result of that we don't
 %% know which tables we can load safly first.
 handle_cast({im_running, Node, NewFriends}, State) ->
     LocalTabs = mnesia_lib:local_active_tables() -- [schema],
@@ -1027,7 +1024,7 @@ handle_cast({sync_tabs, Tabs, From}, State) ->
 
 handle_cast({i_have_tab, Tab, Node}, State) ->
     case lists:member(Node, val({current, db_nodes})) of
-	true -> 
+	true ->
 	    State2 = node_has_tabs([Tab], Node, State),
 	    noreply(State2);
 	false ->
@@ -1043,10 +1040,10 @@ handle_cast({force_load_updated, Tab}, State) ->
 	    State2 = node_has_tabs([Tab], SomeNode, State),
 	    noreply(State2)
     end;
-    
+
 handle_cast({master_nodes_updated, Tab, Masters}, State) ->
     Active = val({Tab, active_replicas}),
-    Valid = 
+    Valid =
 	case val({Tab, load_by_force}) of
 	    true ->
 		Active;
@@ -1066,10 +1063,10 @@ handle_cast({master_nodes_updated, Tab, Masters}, State) ->
 	    State2 = node_has_tabs([Tab], SomeNode, State),
 	    noreply(State2)
     end;
-    
+
 handle_cast({adopt_orphans, Node, Tabs}, State) ->
     State2 = node_has_tabs(Tabs, Node, State),
-    
+
     case ?catch_val({node_up,Node}) of
 	true -> ignore;
 	_ ->
@@ -1101,7 +1098,7 @@ handle_cast(Msg, State) ->
     error("~p got unexpected cast: ~p~n", [?SERVER_NAME, Msg]),
     noreply(State).
 
-handle_sync_tabs([Tab | Tabs], From) ->    
+handle_sync_tabs([Tab | Tabs], From) ->
     case val({Tab, where_to_read}) of
 	nowhere ->
 	    case get({sync_tab, Tab}) of
@@ -1145,7 +1142,7 @@ handle_info(#dumper_done{worker_pid=Pid, worker_res=Res}, State) ->
 	    {stop, fatal, State}
     end;
 
-handle_info(Done = #loader_done{worker_pid=WPid, table_name=Tab}, State0) ->    
+handle_info(Done = #loader_done{worker_pid=WPid, table_name=Tab}, State0) ->
     LateQueue0 = State0#state.late_loader_queue,
     State1 = State0#state{loader_pid = lists:keydelete(WPid,1,get_loaders(State0))},
 
@@ -1153,7 +1150,7 @@ handle_info(Done = #loader_done{worker_pid=WPid, table_name=Tab}, State0) ->
 	case Done#loader_done.is_loaded of
 	    true ->
 		%% Optional table announcement
-		if 
+		if
 		    Done#loader_done.needs_announce == true,
 		    Done#loader_done.needs_reply == true ->
 			i_have_tab(Tab),
@@ -1187,7 +1184,7 @@ handle_info(Done = #loader_done{worker_pid=WPid, table_name=Tab}, State0) ->
 		State1#state{late_loader_queue=gb_trees:delete_any(Tab, LateQueue0)};
 	    false ->
 		%% Either the node went down or table was not
-		%% loaded remotly yet 
+		%% loaded remotly yet
 		case Done#loader_done.needs_reply of
 		    true ->
 			reply(Done#loader_done.reply_to,
@@ -1210,7 +1207,7 @@ handle_info(#sender_done{worker_pid=Pid, worker_res=Res}, State)  ->
     Senders = get_senders(State),
     {value, {Pid,_Worker}} = lists:keysearch(Pid, 1, Senders),
     if
-	Res == ok ->	    
+	Res == ok ->
 	    State2 = State#state{sender_pid = lists:keydelete(Pid, 1, Senders)},
 	    State3 = opt_start_worker(State2),
 	    noreply(State3);
@@ -1252,7 +1249,7 @@ handle_info(Msg = {'EXIT', Pid, R}, State) when R /= wait_for_tables_timeout ->
 	    {stop, fatal, State};
 	false ->
 	    case lists:keymember(Pid, 1, get_loaders(State)) of
-		true -> 
+		true ->
 		    fatal("Loader crashed: ~p~n state: ~p~n", [R, State]),
 		    {stop, fatal, State};
 		false ->
@@ -1338,7 +1335,7 @@ code_change(_OldVsn, State0, _Extra) ->
     State1 = case State0#state.loader_pid of
 		 Pids when is_list(Pids) -> State0;
 		 undefined -> State0#state{loader_pid = [],loader_queue=gb_trees:empty()};
-		 Pid when is_pid(Pid) -> 
+		 Pid when is_pid(Pid) ->
 		     [Loader|Rest] = State0#state.loader_queue,
 		     LQ0 = [{element(2,Rec),Rec} || Rec <- Rest],
 		     LQ1 = lists:sort(LQ0),
@@ -1346,7 +1343,7 @@ code_change(_OldVsn, State0, _Extra) ->
 		     State0#state{loader_pid=[{Pid,Loader}], loader_queue=LQ}
 	     end,
     %% LateLoaderQueue
-    State = if is_list(State1#state.late_loader_queue) -> 
+    State = if is_list(State1#state.late_loader_queue) ->
 		    LLQ0 = State1#state.late_loader_queue,
 		    LLQ1 = lists:sort([{element(2,Rec),Rec} || Rec <- LLQ0]),
 		    LLQ  = gb_trees:from_orddict(LLQ1),
@@ -1355,7 +1352,7 @@ code_change(_OldVsn, State0, _Extra) ->
 		    State1
 	    end,
     {ok, State}.
- 
+
 %%%----------------------------------------------------------------------
 %%% Internal functions
 %%%----------------------------------------------------------------------
@@ -1365,20 +1362,20 @@ maybe_log_mnesia_down(N) ->
     %% so if we are not running (i.e haven't decided which tables
     %% to load locally), don't log mnesia_down yet.
     case mnesia_lib:is_running() of
-	yes -> 
+	yes ->
 	    verbose("Logging mnesia_down ~w~n", [N]),
 	    mnesia_recover:log_mnesia_down(N),
 	    ok;
-	_ ->	    	    
+	_ ->
 	    Filter = fun(Tab) ->
 			     inactive_copy_holders(Tab, N)
 		     end,
 	    HalfLoadedTabs = lists:any(Filter, val({schema, local_tables}) -- [schema]),
-	    if 
+	    if
 		HalfLoadedTabs == true ->
 		    verbose("Logging mnesia_down ~w~n", [N]),
 		    mnesia_recover:log_mnesia_down(N),
-		    ok;		
+		    ok;
 		true ->
 		    %% Unfortunately we have not loaded some common
 		    %% tables yet, so we cannot rely on the nodedown
@@ -1407,7 +1404,7 @@ orphan_tables([Tab | Tabs], Node, Ns, Local, Remote) ->
     BeingCreated = (?catch_val({Tab, create_table}) == true),
     Read = val({Tab, where_to_read}),
     case lists:member(Node, DiscCopyHolders) of
-	_ when BeingCreated == true -> 
+	_ when BeingCreated == true ->
 	    orphan_tables(Tabs, Node, Ns, Local, Remote);
 	_ when Read == node() -> %% Allready loaded
 	    orphan_tables(Tabs, Node, Ns, Local, Remote);
@@ -1445,13 +1442,13 @@ orphan_tables([], _, _, LocalOrphans, RemoteMasters) ->
     {LocalOrphans, RemoteMasters}.
 
 node_has_tabs([Tab | Tabs], Node, State) when Node /= node() ->
-    State2 = 
+    State2 =
 	case catch update_whereabouts(Tab, Node, State) of
 	    State1 = #state{} -> State1;
 	    {'EXIT', R} ->  %% Tab was just deleted?
 		case ?catch_val({Tab, cstruct}) of
 		    {'EXIT', _} -> State; % yes
-		    _ ->  erlang:error(R) 
+		    _ ->  erlang:error(R)
 		end
 	end,
     node_has_tabs(Tabs, Node, State2);
@@ -1477,14 +1474,14 @@ update_whereabouts(Tab, Node, State) ->
 	    true ->
 		lists:member(Node, Masters)
 	end,
-    
+
     dbg_out("Table ~w is loaded on ~w. s=~w, r=~w, lc=~w, f=~w, m=~w~n",
 	    [Tab, Node, Storage, Read, LocalC, ByForce, GoGetIt]),
     if
 	LocalC == true ->
 	    %% Local contents, don't care about other node
 	    State;
-	BeingCreated == true ->	    
+	BeingCreated == true ->
 	    %% The table is currently being created
 	    %% It will be handled elsewhere
 	    State;
@@ -1501,8 +1498,8 @@ update_whereabouts(Tab, Node, State) ->
 		    State
 	    end;
 	Storage == unknown ->
-	    %% No own copy, continue to read remotely	    
-	    add_active_replica(Tab, Node),	    
+	    %% No own copy, continue to read remotely
+	    add_active_replica(Tab, Node),
 	    NodeST = mnesia_lib:storage_type_at_node(Node, Tab),
 	    ReadST = mnesia_lib:storage_type_at_node(Read, Tab),
 	    if   %% Avoid reading from disc_only_copies
@@ -1542,16 +1539,16 @@ initial_safe_loads() ->
 	    Tabs = val({schema, local_tables}) -- [schema],
 	    LastC = fun(T) -> last_consistent_replica(T, Downs) end,
 	    lists:zf(LastC, Tabs);
-	
+
 	disc_copies ->
 	    Downs = mnesia_recover:get_mnesia_downs(),
 	    dbg_out("mnesia_downs = ~p~n", [Downs]),
-		
+
 	    Tabs = val({schema, local_tables}) -- [schema],
 	    LastC = fun(T) -> last_consistent_replica(T, Downs) end,
 	    lists:zf(LastC, Tabs)
     end.
-    
+
 last_consistent_replica(Tab, Downs) ->
     Cs = val({Tab, cstruct}),
     Storage = mnesia_lib:cs_to_storage_type(node(), Cs),
@@ -1628,7 +1625,7 @@ remove_early_messages([], _Node) ->
     [];
 remove_early_messages([{call, {add_active_replica, [_, Node, _, _], _}, _}|R], Node) ->
     remove_early_messages(R, Node); %% Does a reply before queuing
-remove_early_messages([{call, {block_table, _, From}, ReplyTo}|R], Node) 
+remove_early_messages([{call, {block_table, _, From}, ReplyTo}|R], Node)
   when node(From) == Node ->
     reply(ReplyTo, ok),  %% Remove gen:server waits..
     remove_early_messages(R, Node);
@@ -1682,9 +1679,9 @@ is_tab_blocked(W2C) when is_list(W2C) ->
 is_tab_blocked({blocked, W2C}) when is_list(W2C) ->
     {true, W2C}.
 
-mark_blocked_tab(true, Value) -> 
+mark_blocked_tab(true, Value) ->
     {blocked, Value};
-mark_blocked_tab(false, Value) -> 
+mark_blocked_tab(false, Value) ->
     Value.
 
 %%
@@ -1717,7 +1714,7 @@ del_active_replica(Tab, Node) ->
     update_where_to_wlock(Tab).
 
 change_table_access_mode(Cs) ->
-    W = fun() -> 
+    W = fun() ->
 		Tab = Cs#cstruct.name,
 		lists:foreach(fun(N) -> add_active_replica(Tab, N, Cs) end,
 			      val({Tab, active_replicas}))
@@ -1746,7 +1743,7 @@ update_where_to_wlock(Tab) ->
 unannounce_add_table_copy(Tab, To) ->
     catch del_active_replica(Tab, To),
     case catch val({Tab , where_to_read}) of
-	To -> 
+	To ->
 	    mnesia_lib:set_remote_where_to_read(Tab);
 	_ ->
 	    ignore
@@ -1759,7 +1756,7 @@ user_sync_tab(Tab) ->
 	_ ->
 	    ignore
     end,
-	
+
     case erase({sync_tab, Tab}) of
 	undefined ->
 	    ok;
@@ -1778,11 +1775,11 @@ i_have_tab(Tab) ->
 
 sync_and_block_table_whereabouts(Tab, ToNode, RemoteS, AccessMode) when Tab /= schema ->
     Current = val({current, db_nodes}),
-    Ns = 
+    Ns =
 	case lists:member(ToNode, Current) of
 	    true -> Current -- [ToNode];
 	    false -> Current
-	end,   
+	end,
     remote_call(ToNode, block_table, [Tab]),
     [remote_call(Node, add_active_replica, [Tab, ToNode, RemoteS, AccessMode]) ||
 	Node <- [ToNode | Ns]],
@@ -1827,7 +1824,7 @@ get_workers(Timeout) ->
 		    {timeout, Timeout}
 	    end
     end.
-    
+
 info() ->
     Tabs = mnesia_lib:local_active_tables(),
     io:format( "---> Active tables <--- ~n", []),
@@ -1836,12 +1833,12 @@ info() ->
 info([Tab | Tail]) ->
     case val({Tab, storage_type}) of
 	disc_only_copies ->
-	    info_format(Tab, 
-			dets:info(Tab, size), 
+	    info_format(Tab,
+			dets:info(Tab, size),
 			dets:info(Tab, file_size),
 			"bytes on disc");
 	_ ->
-	    info_format(Tab, 
+	    info_format(Tab,
 			?ets_info(Tab, size),
 			?ets_info(Tab, memory),
 			"words of mem")
@@ -1881,7 +1878,7 @@ handle_early_msg({cast, Msg}, State) ->
     handle_cast(Msg, State);
 handle_early_msg({info, Msg}, State) ->
     handle_info(Msg, State).
-    
+
 noreply(State) ->
     {noreply, State}.
 
@@ -1929,7 +1926,7 @@ add_worker(Worker = #send_table{}, State) ->
 add_worker(Worker = #disc_load{}, State) ->
     opt_start_worker(add_loader(Worker#disc_load.table,Worker,State));
 % Block controller should be used for upgrading mnesia.
-add_worker(Worker = #block_controller{}, State) -> 
+add_worker(Worker = #block_controller{}, State) ->
     Queue = State#state.dumper_queue,
     Queue2 = [Worker | Queue],
     State2 = State#state{dumper_queue = Queue2},
@@ -1938,13 +1935,13 @@ add_worker(Worker = #block_controller{}, State) ->
 add_loader(Tab,Worker,State = #state{loader_queue=LQ0}) ->
     case gb_trees:is_defined(Tab, LQ0) of
 	true -> State;
-	false -> 
+	false ->
 	    LQ=gb_trees:insert(Tab, Worker, LQ0),
 	    State#state{loader_queue=LQ}
     end.
 
 %% Optionally start a worker
-%% 
+%%
 %% Dumpers and loaders may run simultaneously
 %% but neither of them may run during schema commit.
 %% Loaders may not start if a schema commit is enqueued.
@@ -1958,7 +1955,7 @@ opt_start_worker(State) ->
 	    %% Great, a worker in queue and neither
 	    %% a schema transaction is being
 	    %% committed and nor a dumper is running
-		    
+
 	    %% Start worker but keep him in the queue
 	    if
 		is_record(Worker, schema_commit_lock) ->
@@ -1966,7 +1963,7 @@ opt_start_worker(State) ->
 		    reply(ReplyTo, granted),
 		    {Owner, _Tag} = ReplyTo,
 		    opt_start_loader(State#state{dumper_pid = Owner});
-		
+
 		is_record(Worker, dump_log) ->
 		    Pid = spawn_link(?MODULE, dump_and_reply, [self(), Worker]),
 		    State2 = State#state{dumper_pid = Pid},
@@ -1976,7 +1973,7 @@ opt_start_worker(State) ->
 		    %% or sender
 		    State3 = opt_start_sender(State2),
 		    opt_start_loader(State3);
-		
+
 		is_record(Worker, block_controller) ->
 		    case {get_senders(State), get_loaders(State)} of
 			{[], []} ->
@@ -1989,7 +1986,7 @@ opt_start_worker(State) ->
 		    end
 	    end;
 	_ ->
-	    %% Bad luck, try with a loader or sender instead 
+	    %% Bad luck, try with a loader or sender instead
 	    State2 = opt_start_sender(State),
 	    opt_start_loader(State2)
     end.
@@ -1997,8 +1994,8 @@ opt_start_worker(State) ->
 opt_start_sender(State) ->
     case State#state.sender_queue of
 	[]->   State; 	    %% No need
-	SenderQ -> 
-	    {NewS,Kept} = opt_start_sender2(SenderQ, get_senders(State), 
+	SenderQ ->
+	    {NewS,Kept} = opt_start_sender2(SenderQ, get_senders(State),
 					    [], get_loaders(State)),
 	    State#state{sender_pid = NewS, sender_queue = Kept}
     end.
@@ -2007,11 +2004,11 @@ opt_start_sender2([], Pids,Kept, _) -> {Pids,Kept};
 opt_start_sender2([Sender|R], Pids, Kept, LoaderQ) ->
     Tab = Sender#send_table.table,
     Active = val({Tab, active_replicas}),
-    IgotIt = lists:member(node(), Active),    
-    IsLoading = lists:any(fun({_Pid,Loader}) -> 
+    IgotIt = lists:member(node(), Active),
+    IsLoading = lists:any(fun({_Pid,Loader}) ->
 				  Tab == element(#net_load.table, Loader)
 			  end, LoaderQ),
-    if 
+    if
 	IgotIt, IsLoading  ->
 	    %% I'm currently finishing loading the table let him wait
 	    opt_start_sender2(R,Pids, [Sender|Kept], LoaderQ);
@@ -2029,11 +2026,11 @@ opt_start_loader(State = #state{loader_queue = LoaderQ}) ->
     Current = get_loaders(State),
     Max = max_loaders(),
     case gb_trees:is_empty(LoaderQ) of
-	true -> 
+	true ->
 	    State;
-	_ when length(Current) >= Max -> 
+	_ when length(Current) >= Max ->
 	    State;
-	false -> 
+	false ->
 	    SchemaQueue = State#state.dumper_queue,
 	    case lists:keymember(schema_commit_lock, 1, SchemaQueue) of
 		false ->
@@ -2064,7 +2061,7 @@ already_loading(#disc_load{table=Tab},Loaders) ->
 
 already_loading2(Tab, [{_,#net_load{table=Tab}}|_]) -> true;
 already_loading2(Tab, [{_,#disc_load{table=Tab}}|_]) -> true;
-already_loading2(Tab, [_|Rest]) -> already_loading2(Tab,Rest);     
+already_loading2(Tab, [_|Rest]) -> already_loading2(Tab,Rest);
 already_loading2(_,[]) -> false.
 
 start_remote_sender(Node, Tab, Receiver, Storage) ->
@@ -2093,8 +2090,8 @@ send_and_reply(ReplyTo, Worker) ->
 
 load_and_reply(ReplyTo, Worker) ->
     Load = load_table_fun(Worker),
-    SendAndReply = 
-	fun() -> 
+    SendAndReply =
+	fun() ->
 		process_flag(trap_exit, true),
 		Done = Load(),
 		ReplyTo ! Done#loader_done{worker_pid = self()},
@@ -2161,7 +2158,7 @@ load_table_fun(#disc_load{table=Tab, reason=Reason, opt_reply_to=ReplyTo}) ->
 	ReadNode == nowhere ->
 	    %% Already loaded on other node, lets get it
 	    Cs = val({Tab, cstruct}),
-	    fun() -> 
+	    fun() ->
 		    case mnesia_loader:net_load_table(Tab, Reason, Active, Cs) of
 			{loaded, ok} ->
 			    Done#loader_done{needs_sync = true};
@@ -2204,10 +2201,10 @@ filter_active(Tab) ->
     Active  = val({Tab, active_replicas}),
     Masters = mnesia_recover:get_master_nodes(Tab),
     Ns = do_filter_active(ByForce, Active, Masters),
-    %% Reorder the so that we load from fastest first 
+    %% Reorder the so that we load from fastest first
     LS = ?catch_val({Tab, storage_type}),
     DOC = val({Tab, disc_only_copies}),
-    {Good,Worse} = 
+    {Good,Worse} =
 	case LS of
 	    disc_only_copies ->
 		G = mnesia_lib:intersect(Ns, DOC),
@@ -2218,7 +2215,7 @@ filter_active(Tab) ->
 	end,
     %% Pick a random node of the fastest
     Len = length(Good),
-    if 
+    if
 	Len > 0 ->
 	    R = erlang:phash(node(), Len+1),
 	    random(R-1,Good,Worse);
@@ -2237,5 +2234,5 @@ do_filter_active(false, Active, []) ->
     Active;
 do_filter_active(false, Active, Masters) ->
     mnesia_lib:intersect(Active, Masters).
-    
+
 
diff --git a/lib/mnesia/src/mnesia_dumper.erl b/lib/mnesia/src/mnesia_dumper.erl
index f8d7664156..e2a0aa3bda 100644
--- a/lib/mnesia/src/mnesia_dumper.erl
+++ b/lib/mnesia/src/mnesia_dumper.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
+%%
 %% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -43,7 +43,7 @@
 
  %% Internal stuff
 -export([regulator_init/1]).
-	
+
 -include("mnesia.hrl").
 -include_lib("kernel/include/file.hrl").
 
@@ -70,14 +70,14 @@ incr_log_writes() ->
 
 adjust_log_writes(DoCast) ->
     Token = {mnesia_adjust_log_writes, self()},
-    case global:set_lock(Token, [node()], 1) of 
+    case global:set_lock(Token, [node()], 1) of
 	false ->
 	    ignore; %% Somebody else is sending a dump request
-	true -> 
-	    case DoCast of 
+	true ->
+	    case DoCast of
 		false ->
 		    ignore;
-		true -> 
+		true ->
 		    mnesia_controller:async_dump_log(write_threshold)
 	    end,
 	    Max = mnesia_monitor:get_env(dump_log_write_threshold),
@@ -93,16 +93,16 @@ adjust_log_writes(DoCast) ->
 opt_dump_log(InitBy) ->
     Reg = case whereis(?REGULATOR_NAME) of
 	      undefined ->
-		  nopid; 
+		  nopid;
 	      Pid when is_pid(Pid) ->
-		  Pid 
+		  Pid
 	  end,
     perform_dump(InitBy, Reg).
 
 %% Scan for decisions
 perform_dump(InitBy, Regulator) when InitBy == scan_decisions ->
     ?eval_debug_fun({?MODULE, perform_dump}, [InitBy]),
-    
+
     dbg_out("Transaction log dump initiated by ~w~n", [InitBy]),
     scan_decisions(mnesia_log:previous_log_file(), InitBy, Regulator),
     scan_decisions(mnesia_log:latest_log_file(), InitBy, Regulator);
@@ -112,8 +112,8 @@ perform_dump(InitBy, Regulator) ->
     ?eval_debug_fun({?MODULE, perform_dump}, [InitBy]),
     LogState = mnesia_log:prepare_log_dump(InitBy),
     dbg_out("Transaction log dump initiated by ~w: ~w~n",
-	    [InitBy, LogState]), 
-    adjust_log_writes(false),    
+	    [InitBy, LogState]),
+    adjust_log_writes(false),
     case LogState of
 	already_dumped ->
 	    mnesia_recover:allow_garb(),
@@ -142,7 +142,7 @@ perform_dump(InitBy, Regulator) ->
 			    mnesia_lib:important(Desc, Reason),
 			    %% Ignore rest of the log
 			    mnesia_log:confirm_log_dump(Diff);
-			false -> 
+			false ->
 			    fatal(Desc, Reason)
 		    end
 	    end;
@@ -189,9 +189,9 @@ do_perform_dump(Cont, InPlace, InitBy, Regulator, OldVersion) ->
 insert_recs([Rec | Recs], InPlace, InitBy, Regulator, LogV) ->
     regulate(Regulator),
     case insert_rec(Rec, InPlace, InitBy, LogV) of
- 	LogH when is_record(LogH, log_header) ->	    
+	LogH when is_record(LogH, log_header) ->
 	    insert_recs(Recs, InPlace, InitBy, Regulator, LogH#log_header.log_version);
-	_ -> 
+	_ ->
 	    insert_recs(Recs, InPlace, InitBy, Regulator, LogV)
     end;
 
@@ -199,7 +199,7 @@ insert_recs([], _InPlace, _InitBy, _Regulator, Version) ->
     Version.
 
 insert_rec(Rec, _InPlace, scan_decisions, _LogV) ->
-    if 
+    if
 	is_record(Rec, commit) ->
 	    ignore;
 	is_record(Rec, log_header) ->
@@ -227,7 +227,7 @@ insert_rec(H, _InPlace, _InitBy, _LogV) when is_record(H, log_header) ->
         H#log_header.log_kind /= trans_log ->
 	    exit({"Bad kind of transaction log", H});
 	H#log_header.log_version == CurrentVersion ->
-	    ok; 
+	    ok;
 	H#log_header.log_version == "4.2" ->
 	    ok;
 	H#log_header.log_version == "4.1" ->
@@ -247,8 +247,8 @@ do_insert_rec(Tid, Rec, InPlace, InitBy, LogV) ->
 	[] ->
 	    ignore;
 	SchemaOps ->
-	    case val({schema, storage_type}) of 
-		ram_copies -> 
+	    case val({schema, storage_type}) of
+		ram_copies ->
 		    insert_ops(Tid, schema_ops, SchemaOps, InPlace, InitBy, LogV);
 	        Storage ->
 		    true = open_files(schema, Storage, InPlace, InitBy),
@@ -264,13 +264,13 @@ do_insert_rec(Tid, Rec, InPlace, InitBy, LogV) ->
 	_ ->
 	    ignore
     end.
-    
+
 
 update(_Tid, [], _DumperMode) ->
     dumped;
 update(Tid, SchemaOps, DumperMode) ->
     UseDir = mnesia_monitor:use_dir(),
-    Res = perform_update(Tid, SchemaOps, DumperMode, UseDir),    
+    Res = perform_update(Tid, SchemaOps, DumperMode, UseDir),
     mnesia_controller:release_schema_commit_lock(),
     Res.
 
@@ -279,23 +279,23 @@ perform_update(_Tid, _SchemaOps, mandatory, true) ->
     %% dumper perform needed updates
 
     InitBy = schema_update,
-    ?eval_debug_fun({?MODULE, dump_schema_op}, [InitBy]),    
+    ?eval_debug_fun({?MODULE, dump_schema_op}, [InitBy]),
     opt_dump_log(InitBy);
 perform_update(Tid, SchemaOps, _DumperMode, _UseDir) ->
     %% No need for a full transaction log dump.
     %% Ignore the log file and perform only perform
     %% the corresponding updates.
 
-    InitBy = fast_schema_update, 
+    InitBy = fast_schema_update,
     InPlace = mnesia_monitor:get_env(dump_log_update_in_place),
     ?eval_debug_fun({?MODULE, dump_schema_op}, [InitBy]),
-    case catch insert_ops(Tid, schema_ops, SchemaOps, InPlace, InitBy, 
+    case catch insert_ops(Tid, schema_ops, SchemaOps, InPlace, InitBy,
 			  mnesia_log:version()) of
 	{'EXIT', Reason} ->
 	    Error = {error, {"Schema update error", Reason}},
 	    close_files(InPlace, Error, InitBy),
             fatal("Schema update error ~p ~p", [Reason, SchemaOps]);
-	_ ->		    
+	_ ->
 	    ?eval_debug_fun({?MODULE, post_dump}, [InitBy]),
 	    close_files(InPlace, ok, InitBy),
 	    ok
@@ -318,7 +318,7 @@ insert_ops(Tid, Storage, [Op | Ops], InPlace, InitBy, Ver) when Ver < "4.3" ->
 disc_insert(_Tid, Storage, Tab, Key, Val, Op, InPlace, InitBy) ->
     case open_files(Tab, Storage, InPlace, InitBy) of
 	true ->
-	    case Storage of 
+	    case Storage of
 		disc_copies when Tab /= schema ->
 		    mnesia_log:append({?MODULE,Tab}, {{Tab, Key}, Val, Op}),
 		    ok;
@@ -331,7 +331,7 @@ disc_insert(_Tid, Storage, Tab, Key, Val, Op, InPlace, InitBy) ->
 
 %% To fix update_counter so that it behaves better.
 %% i.e. if nothing have changed in tab except update_counter
-%% trust that the value in the dets file is correct. 
+%% trust that the value in the dets file is correct.
 %% Otherwise we will get a double increment.
 %% This is perfect but update_counter is a dirty op.
 
@@ -353,12 +353,12 @@ dets_insert(Op,Tab,Key,Val) ->
 			_ when Incr < 0 ->
 			    Zero = {RecName, Key, 0},
 			    ok = dets:insert(Tab, Zero);
-			_ -> 
+			_ ->
 			    Init = {RecName, Key, Incr},
 			    ok = dets:insert(Tab, Init)
 		    end;
 		false ->  ok
-	    end;				    
+	    end;
 	delete_object ->
 	    dets_updated(Tab,Key),
 	    ok = dets:delete_object(Tab, Val);
@@ -366,17 +366,17 @@ dets_insert(Op,Tab,Key,Val) ->
 	    dets_cleared(Tab),
 	    ok = dets:delete_all_objects(Tab)
     end.
-	    
-dets_updated(Tab,Key) -> 
+
+dets_updated(Tab,Key) ->
     case get(mnesia_dumper_dets) of
-	undefined -> 
+	undefined ->
 	    Empty = gb_trees:empty(),
 	    Tree = gb_trees:insert(Tab, gb_sets:singleton(Key), Empty),
 	    put(mnesia_dumper_dets, Tree);
 	Tree ->
 	    case gb_trees:lookup(Tab,Tree) of
 		{value, cleared} -> ignore;
-		{value, Set} -> 
+		{value, Set} ->
 		    T = gb_trees:update(Tab, gb_sets:add(Key, Set), Tree),
 		    put(mnesia_dumper_dets, T);
 		none ->
@@ -398,14 +398,14 @@ dets_incr_counter(Tab,Key) ->
 
 dets_cleared(Tab) ->
     case get(mnesia_dumper_dets) of
-	undefined -> 
+	undefined ->
 	    Empty = gb_trees:empty(),
 	    Tree = gb_trees:insert(Tab, cleared, Empty),
 	    put(mnesia_dumper_dets, Tree);
 	Tree ->
 	    case gb_trees:lookup(Tab,Tree) of
 		{value, cleared} -> ignore;
-		_ -> 
+		_ ->
 		    T = gb_trees:enter(Tab, cleared, Tree),
 		    put(mnesia_dumper_dets, T)
 	    end
@@ -417,7 +417,7 @@ insert(Tid, Storage, Tab, Key, [Val | Tail], Op, InPlace, InitBy) ->
 
 insert(_Tid, _Storage, _Tab, _Key, [], _Op, _InPlace, _InitBy) ->
     ok;
-    
+
 insert(Tid, Storage, Tab, Key, Val, Op, InPlace, InitBy) ->
     Item = {{Tab, Key}, Val, Op},
     case InitBy of
@@ -447,18 +447,18 @@ insert(Tid, Storage, Tab, Key, Val, Op, InPlace, InitBy) ->
 disc_delete_table(Tab, Storage) ->
     case mnesia_monitor:use_dir() of
 	true ->
-	    if 		
-		Storage == disc_only_copies; Tab == schema ->  
+	    if
+		Storage == disc_only_copies; Tab == schema ->
 		    mnesia_monitor:unsafe_close_dets(Tab),
 		    Dat = mnesia_lib:tab2dat(Tab),
-		    file:delete(Dat);		
-		true -> 
+		    file:delete(Dat);
+		true ->
 		    DclFile = mnesia_lib:tab2dcl(Tab),
 		    case get({?MODULE,Tab}) of
 			{opened_dumper, dcl} ->
 			    del_opened_tab(Tab),
 			    mnesia_log:unsafe_close_log(Tab);
-			_ -> 
+			_ ->
 			    ok
 		    end,
 		    file:delete(DclFile),
@@ -490,7 +490,7 @@ insert_op(Tid, Storage, {{Tab, Key}, Val, Op}, InPlace, InitBy) ->
 insert_op(_Tid, schema_ops, _OP, _InPlace, Initby)
   when Initby /= startup,
        Initby /= fast_schema_update,
-       Initby /= schema_update -> 
+       Initby /= schema_update ->
     ignore;
 
 insert_op(Tid, _, {op, rec, Storage, Item}, InPlace, InitBy) ->
@@ -507,7 +507,7 @@ insert_op(Tid, _, {op, change_table_copy_type, N, FromS, ToS, TabDef}, InPlace,
 	_ ->
 	    ignore
     end,
-    if  
+    if
 	N == node() ->
 	    Dmp  = mnesia_lib:tab2dmp(Tab),
 	    Dat  = mnesia_lib:tab2dat(Tab),
@@ -531,8 +531,8 @@ insert_op(Tid, _, {op, change_table_copy_type, N, FromS, ToS, TabDef}, InPlace,
 		    true = open_files(Tab, disc_only_copies, InPlace, InitBy),
 		    %% ram_delete_table must be done before init_indecies,
 		    %% it uses info which is reset in init_indecies,
-		    %% it doesn't matter, because init_indecies don't use 
-		    %% the ram replica of the table when creating the disc 
+		    %% it doesn't matter, because init_indecies don't use
+		    %% the ram replica of the table when creating the disc
 		    %% index; Could be improved :)
 		    mnesia_schema:ram_delete_table(Tab, FromS),
 		    PosList = Cs#cstruct.index,
@@ -540,17 +540,17 @@ insert_op(Tid, _, {op, change_table_copy_type, N, FromS, ToS, TabDef}, InPlace,
 		{disc_only_copies, ram_copies} ->
 		    mnesia_monitor:unsafe_close_dets(Tab),
 		    disc_delete_indecies(Tab, Cs, disc_only_copies),
-		    case InitBy of 
-			startup -> 
+		    case InitBy of
+			startup ->
 			    ignore;
-			_ -> 
+			_ ->
 			    mnesia_controller:get_disc_copy(Tab)
 		    end,
 		    disc_delete_table(Tab, disc_only_copies);
 		{disc_copies, disc_only_copies} ->
 		    ok = ensure_rename(Dmp, Dat),
 		    true = open_files(Tab, disc_only_copies, InPlace, InitBy),
-		    mnesia_schema:ram_delete_table(Tab, FromS), 
+		    mnesia_schema:ram_delete_table(Tab, FromS),
 		    PosList = Cs#cstruct.index,
 		    mnesia_index:init_indecies(Tab, disc_only_copies, PosList),
 		    file:delete(Dcl),
@@ -558,8 +558,8 @@ insert_op(Tid, _, {op, change_table_copy_type, N, FromS, ToS, TabDef}, InPlace,
 		{disc_only_copies, disc_copies} ->
 		    mnesia_monitor:unsafe_close_dets(Tab),
 		    disc_delete_indecies(Tab, Cs, disc_only_copies),
-		    case InitBy of 
-			startup -> 
+		    case InitBy of
+			startup ->
 			    ignore;
 			_ ->
 			    mnesia_log:ets2dcd(Tab),
@@ -576,7 +576,7 @@ insert_op(Tid, _, {op, change_table_copy_type, N, FromS, ToS, TabDef}, InPlace,
 insert_op(Tid, _, {op, transform, _Fun, TabDef}, InPlace, InitBy) ->
     Cs = mnesia_schema:list2cs(TabDef),
     case mnesia_lib:cs_to_storage_type(node(), Cs) of
-	disc_copies -> 
+	disc_copies ->
 	    open_dcl(Cs#cstruct.name);
 	_ ->
 	    ignore
@@ -604,28 +604,34 @@ insert_op(Tid, _, {op, restore_recreate, TabDef}, InPlace, InitBy) ->
 		    mnesia_checkpoint:tm_del_copy(Tab, node())
 	    end
     end,
+    StorageProps = Cs#cstruct.storage_properties,
+    
     %% And create new ones..
     if
 	(InitBy == startup) or (Storage == unknown) ->
 	    ignore;
 	Storage == ram_copies ->
-	    Args = [{keypos, 2}, public, named_table, Type],
+	    EtsProps = proplists:get_value(ets, StorageProps, []),
+	    Args = [{keypos, 2}, public, named_table, Type | EtsProps],
 	    mnesia_monitor:mktab(Tab, Args);
 	Storage == disc_copies ->
-	    Args = [{keypos, 2}, public, named_table, Type],
+	    EtsProps = proplists:get_value(ets, StorageProps, []),
+	    Args = [{keypos, 2}, public, named_table, Type | EtsProps],
 	    mnesia_monitor:mktab(Tab, Args),
-	    File = mnesia_lib:tab2dcd(Tab),	    
-	    FArg = [{file, File}, {name, {mnesia,create}}, 
+	    File = mnesia_lib:tab2dcd(Tab),
+	    FArg = [{file, File}, {name, {mnesia,create}},
 		    {repair, false}, {mode, read_write}],
 	    {ok, Log} = mnesia_monitor:open_log(FArg),
 	    mnesia_monitor:unsafe_close_log(Log);
 	Storage == disc_only_copies ->
 	    File = mnesia_lib:tab2dat(Tab),
 	    file:delete(File),
+	    DetsProps = proplists:get_value(dets, StorageProps, []),
 	    Args = [{file, mnesia_lib:tab2dat(Tab)},
 		    {type, mnesia_lib:disk_type(Tab, Type)},
 		    {keypos, 2},
-		    {repair, mnesia_monitor:get_env(auto_repair)}],
+		    {repair, mnesia_monitor:get_env(auto_repair)} 
+		    | DetsProps ],
 	    mnesia_monitor:open_dets(Tab, Args)
     end,
     insert_op(Tid, ignore, {op, create_table, TabDef}, InPlace, InitBy);
@@ -635,6 +641,7 @@ insert_op(Tid, _, {op, create_table, TabDef}, InPlace, InitBy) ->
     insert_cstruct(Tid, Cs, false, InPlace, InitBy),
     Tab = Cs#cstruct.name,
     Storage = mnesia_lib:cs_to_storage_type(node(), Cs),
+    StorageProps = Cs#cstruct.storage_properties,
     case InitBy of
 	startup ->
 	    case Storage of
@@ -644,22 +651,25 @@ insert_op(Tid, _, {op, create_table, TabDef}, InPlace, InitBy) ->
 		    ignore;
 		disc_copies ->
 		    Dcd = mnesia_lib:tab2dcd(Tab),
-		    case mnesia_lib:exists(Dcd) of  
+		    case mnesia_lib:exists(Dcd) of
 			true -> ignore;
 			false ->
-			    mnesia_log:open_log(temp, 
+			    mnesia_log:open_log(temp,
 						mnesia_log:dcd_log_header(),
-						Dcd, 
-						false, 
+						Dcd,
+						false,
 						false,
 						read_write),
 			    mnesia_log:unsafe_close_log(temp)
 		    end;
 		_ ->
+		    DetsProps = proplists:get_value(dets, StorageProps, []),
+
 		    Args = [{file, mnesia_lib:tab2dat(Tab)},
 			    {type, mnesia_lib:disk_type(Tab, Cs#cstruct.type)},
 			    {keypos, 2},
-			    {repair, mnesia_monitor:get_env(auto_repair)}],
+			    {repair, mnesia_monitor:get_env(auto_repair)} 
+			    | DetsProps ],
 		    case mnesia_monitor:open_dets(Tab, Args) of
 			{ok, _} ->
 			    mnesia_monitor:unsafe_close_dets(Tab);
@@ -671,7 +681,7 @@ insert_op(Tid, _, {op, create_table, TabDef}, InPlace, InitBy) ->
 	    Copies = mnesia_lib:copy_holders(Cs),
 	    Active = mnesia_lib:intersect(Copies, val({current, db_nodes})),
 	    [mnesia_controller:add_active_replica(Tab, N, Cs) || N <- Active],
-
+	    
 	    case Storage of
 		unknown ->
 		    mnesia_lib:unset({Tab, create_table}),
@@ -695,8 +705,8 @@ insert_op(Tid, _, {op, create_table, TabDef}, InPlace, InitBy) ->
 			    %% Indecies are still created by loader
 			    disc_delete_indecies(Tab, Cs, Storage)
 			    %% disc_delete_table(Tab, Storage)
-		    end, 
-		    
+		    end,
+
 		    %% Update whereabouts and create table
 		    mnesia_controller:create_table(Tab),
 		    mnesia_lib:unset({Tab, create_table})
@@ -754,7 +764,7 @@ insert_op(Tid, _, {op, clear_table, TabDef}, InPlace, InitBy) ->
 	       true ->
 		    ignore
 	    end,
-	    %% Need to catch this, it crashes on ram_copies if 
+	    %% Need to catch this, it crashes on ram_copies if
 	    %% the op comes before table is loaded at startup.
 	    catch insert(Tid, Storage, Tab, '_', Oid, clear_table, InPlace, InitBy)
     end;
@@ -766,16 +776,16 @@ insert_op(Tid, _, {op, merge_schema, TabDef}, InPlace, InitBy) ->
 	    %% If we bootstrap an empty (diskless) mnesia from another node
 	    %% we might have changed the storage_type of schema.
 	    %% I think this is a good place to do it.
-	    Update = fun(NS = {Node,Storage}) -> 
+	    Update = fun(NS = {Node,Storage}) ->
 			     case mnesia_lib:cs_to_storage_type(Node, Cs) of
 				 Storage -> NS;
-				 disc_copies when Node == node() -> 
-				     Dir = mnesia_lib:dir(),    
+				 disc_copies when Node == node() ->
+				     Dir = mnesia_lib:dir(),
 				     ok = mnesia_schema:opt_create_dir(true, Dir),
 				     mnesia_schema:purge_dir(Dir, []),
 				     mnesia_log:purge_all_logs(),
 
-				     mnesia_lib:set(use_dir, true),	     
+				     mnesia_lib:set(use_dir, true),
 				     mnesia_log:init(),
 				     Ns = val({current, db_nodes}),
 				     F = fun(U) -> mnesia_recover:log_mnesia_up(U) end,
@@ -783,11 +793,11 @@ insert_op(Tid, _, {op, merge_schema, TabDef}, InPlace, InitBy) ->
 				     raw_named_dump_table(schema, dat),
 				     temp_set_master_nodes(),
 				     {Node,disc_copies};
-				 CSstorage -> 
+				 CSstorage ->
 				     {Node,CSstorage}
 			     end
 		     end,
-	    
+
 	    W2C0 = val({schema, where_to_commit}),
 	    W2C = case W2C0 of
 		      {blocked, List} ->
@@ -854,9 +864,9 @@ insert_op(Tid, _, {op, del_snmp, TabDef}, InPlace, InitBy) ->
 	InitBy /= startup,
 	Storage /= unknown ->
 	    case ?catch_val({Tab, {index, snmp}}) of
-		{'EXIT', _} -> 
+		{'EXIT', _} ->
 		    ignore;
-		Stab -> 
+		Stab ->
 		    mnesia_snmp_hook:delete_table(Tab, Stab),
 		    mnesia_lib:unset({Tab, {index, snmp}})
 	    end;
@@ -874,7 +884,7 @@ insert_op(Tid, _, {op, add_index, Pos, TabDef}, InPlace, InitBy) ->
 	    true = open_files(Tab, Storage, InPlace, InitBy),
 	    mnesia_index:init_indecies(Tab, Storage, [Pos]);
 	startup ->
-	    ignore; 
+	    ignore;
 	_  ->
 	    case val({Tab,where_to_read}) of
 		nowhere -> ignore;
@@ -890,7 +900,7 @@ insert_op(Tid, _, {op, del_index, Pos, TabDef}, InPlace, InitBy) ->
     case InitBy of
 	startup when Storage == disc_only_copies ->
 	    mnesia_index:del_index_table(Tab, Storage, Pos);
-	startup -> 
+	startup ->
 	    ignore;
 	_ ->
 	    mnesia_index:del_index_table(Tab, Storage, Pos)
@@ -939,16 +949,19 @@ open_files(Tab, Storage, UpdateInPlace, InitBy)
 		{'EXIT', _} ->
 		    false;
 		Type ->
-		    case Storage of 
+		    case Storage of
 			disc_copies when Tab /= schema ->
 			    Bool = open_disc_copies(Tab, InitBy),
 			    Bool;
 			_ ->
+			    Props = val({Tab, storage_properties}),
+			    DetsProps = proplists:get_value(dets, Props, []),
 			    Fname = prepare_open(Tab, UpdateInPlace),
 			    Args = [{file, Fname},
 				    {keypos, 2},
 				    {repair, mnesia_monitor:get_env(auto_repair)},
-				    {type, mnesia_lib:disk_type(Tab, Type)}],
+				    {type, mnesia_lib:disk_type(Tab, Type)} 
+				    | DetsProps],
 			    {ok, _} = mnesia_monitor:open_dets(Tab, Args),
 			    put({?MODULE, Tab}, {opened_dumper, dat}),
 			    true
@@ -964,7 +977,7 @@ open_files(_Tab, _Storage, _UpdateInPlace, _InitBy) ->
 
 open_disc_copies(Tab, InitBy) ->
     DclF = mnesia_lib:tab2dcl(Tab),
-    DumpEts = 
+    DumpEts =
 	case file:read_file_info(DclF) of
 	    {error, enoent} ->
 		false;
@@ -975,7 +988,7 @@ open_disc_copies(Tab, InitBy) ->
 			mnesia_lib:dbg_out("File ~p info_error ~p ~n",
 					   [DcdF, Reason]),
 			true;
-		    {ok, DcdInfo} -> 
+		    {ok, DcdInfo} ->
 			Mul = case ?catch_val(dc_dump_limit) of
 				  {'EXIT', _} -> ?DumpToEtsMultiplier;
 				  Val -> Val
@@ -983,12 +996,12 @@ open_disc_copies(Tab, InitBy) ->
 			DcdInfo#file_info.size =< (DclInfo#file_info.size * Mul)
 		end
 	end,
-    if 
-	DumpEts == false; InitBy == startup ->	    
-	    mnesia_log:open_log({?MODULE,Tab}, 
-				mnesia_log:dcl_log_header(), 
-				DclF, 
-				mnesia_lib:exists(DclF), 
+    if
+	DumpEts == false; InitBy == startup ->
+	    mnesia_log:open_log({?MODULE,Tab},
+				mnesia_log:dcl_log_header(),
+				DclF,
+				mnesia_lib:exists(DclF),
 				mnesia_monitor:get_env(auto_repair),
 				read_write),
 	    put({?MODULE, Tab}, {opened_dumper, dcl}),
@@ -997,9 +1010,9 @@ open_disc_copies(Tab, InitBy) ->
 	    mnesia_log:ets2dcd(Tab),
 	    put({?MODULE, Tab}, already_dumped),
 	    false
-    end. 
+    end.
 
-%% Always opens the dcl file for writing overriding already_dumped 
+%% Always opens the dcl file for writing overriding already_dumped
 %% mechanismen, used for schema transactions.
 open_dcl(Tab) ->
     case get({?MODULE, Tab}) of
@@ -1007,10 +1020,10 @@ open_dcl(Tab) ->
 	    true;
 	_ -> %% undefined or already_dumped
 	    DclF = mnesia_lib:tab2dcl(Tab),
-	    mnesia_log:open_log({?MODULE,Tab}, 
-				mnesia_log:dcl_log_header(), 
-				DclF, 
-				mnesia_lib:exists(DclF), 
+	    mnesia_log:open_log({?MODULE,Tab},
+				mnesia_log:dcl_log_header(),
+				DclF,
+				mnesia_lib:exists(DclF),
 				mnesia_monitor:get_env(auto_repair),
 				read_write),
 	    put({?MODULE, Tab}, {opened_dumper, dcl}),
@@ -1047,7 +1060,7 @@ close_files(InPlace, Outcome, InitBy, [{{?MODULE, Tab}, {opened_dumper, Type}} |
     case val({Tab, storage_type}) of
 	disc_only_copies when InitBy /= startup ->
 	    ignore;
-	disc_copies when Tab /= schema -> 
+	disc_copies when Tab /= schema ->
 	    mnesia_log:close_log({?MODULE,Tab});
 	Storage ->
 	    do_close(InPlace, Outcome, Tab, Type, Storage)
@@ -1082,7 +1095,7 @@ do_close(InPlace, Outcome, Tab, dat, Storage) ->
 	true ->
 	    file:delete(mnesia_lib:tab2tmp(Tab))
     end.
-    
+
 
 ensure_rename(From, To) ->
     case mnesia_lib:exists(From) of
@@ -1096,7 +1109,7 @@ ensure_rename(From, To) ->
 		    {error, {rename_failed, From, To}}
 	    end
     end.
-    
+
 insert_cstruct(Tid, Cs, KeepWhereabouts, InPlace, InitBy) ->
     Val = mnesia_schema:insert_cstruct(Tid, Cs, KeepWhereabouts),
     {schema, Tab, _} = Val,
@@ -1114,15 +1127,15 @@ delete_cstruct(Tid, Cs, InPlace, InitBy) ->
 
 temp_set_master_nodes() ->
     Tabs = val({schema, local_tables}),
-    Masters = [{Tab, (val({Tab, disc_copies}) ++ 
-		      val({Tab, ram_copies}) ++ 
-		      val({Tab, disc_only_copies})) -- [node()]} 
+    Masters = [{Tab, (val({Tab, disc_copies}) ++
+		      val({Tab, ram_copies}) ++
+		      val({Tab, disc_only_copies})) -- [node()]}
 	       || Tab <- Tabs],
     %% UseDir = false since we don't want to remember these
     %% masternodes and we are running (really soon anyway) since we want this
     %% to be known during table loading.
     mnesia_recover:log_master_nodes(Masters, false, yes),
-    ok.    
+    ok.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Raw dump of table. Dumper must have unique access to the ets table.
@@ -1152,7 +1165,7 @@ raw_named_dump_table(Tab, Ftype) ->
 		{ok, TabRef} ->
 		    Storage = ram_copies,
 		    mnesia_lib:db_fixtable(Storage, Tab, true),
-		    
+
 		    case catch raw_dump_table(TabRef, Tab) of
 			{'EXIT', Reason} ->
 			    mnesia_lib:db_fixtable(Storage, Tab, false),
@@ -1179,11 +1192,11 @@ raw_dump_table(DetsRef, EtsRef) ->
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Load regulator
-%% 
-%% This is a poor mans substitute for a fair scheduler algorithm 
-%% in the Erlang emulator. The mnesia_dumper process performs many 
-%% costly BIF invokations and must pay for this. But since the 
-%% Emulator does not handle this properly we must compensate for 
+%%
+%% This is a poor mans substitute for a fair scheduler algorithm
+%% in the Erlang emulator. The mnesia_dumper process performs many
+%% costly BIF invokations and must pay for this. But since the
+%% Emulator does not handle this properly we must compensate for
 %% this with some form of load regulation of ourselves in order to
 %% not steal all computation power in the Erlang Emulator ans make
 %% other processes starve. Hopefully this is a temporary solution.
@@ -1230,6 +1243,6 @@ regulate(RegulatorPid) ->
 
 val(Var) ->
     case ?catch_val(Var) of
-	{'EXIT', Reason} -> mnesia_lib:other_val(Var, Reason); 
-	Value -> Value 
+	{'EXIT', Reason} -> mnesia_lib:other_val(Var, Reason);
+	Value -> Value
     end.
diff --git a/lib/mnesia/src/mnesia_event.erl b/lib/mnesia/src/mnesia_event.erl
index 5a060a28ff..8085155fd5 100644
--- a/lib/mnesia/src/mnesia_event.erl
+++ b/lib/mnesia/src/mnesia_event.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/mnesia/src/mnesia_frag_hash.erl b/lib/mnesia/src/mnesia_frag_hash.erl
index d70579c3b3..3dfdb87f30 100644
--- a/lib/mnesia/src/mnesia_frag_hash.erl
+++ b/lib/mnesia/src/mnesia_frag_hash.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/mnesia/src/mnesia_loader.erl b/lib/mnesia/src/mnesia_loader.erl
index c4b22814a8..e443b54016 100644
--- a/lib/mnesia/src/mnesia_loader.erl
+++ b/lib/mnesia/src/mnesia_loader.erl
@@ -61,9 +61,11 @@ do_get_disc_copy2(Tab, _Reason, Storage, _Type) when Storage == unknown ->
 do_get_disc_copy2(Tab, Reason, Storage, Type) when Storage == disc_copies ->
     %% NOW we create the actual table
     Repair = mnesia_monitor:get_env(auto_repair),
-    Args = [{keypos, 2}, public, named_table, Type],
+    StorageProps = val({Tab, storage_properties}),
+    EtsOpts = proplists:get_value(ets, StorageProps, []),
+    Args = [{keypos, 2}, public, named_table, Type | EtsOpts],
     case Reason of
-	{dumper, _} -> %% Resources allready allocated
+	{dumper, _} -> %% Resources already allocated
 	    ignore;
 	_ ->
 	    mnesia_monitor:mktab(Tab, Args),
@@ -82,7 +84,9 @@ do_get_disc_copy2(Tab, Reason, Storage, Type) when Storage == disc_copies ->
     {loaded, ok};
 
 do_get_disc_copy2(Tab, Reason, Storage, Type) when Storage == ram_copies ->
-    Args = [{keypos, 2}, public, named_table, Type],
+    StorageProps = val({Tab, storage_properties}),
+    EtsOpts = proplists:get_value(ets, StorageProps, []),
+    Args = [{keypos, 2}, public, named_table, Type | EtsOpts],
     case Reason of
 	{dumper, _} -> %% Resources allready allocated
 	    ignore;
@@ -115,10 +119,14 @@ do_get_disc_copy2(Tab, Reason, Storage, Type) when Storage == ram_copies ->
     {loaded, ok};
 
 do_get_disc_copy2(Tab, Reason, Storage, Type) when Storage == disc_only_copies ->
+    StorageProps = val({Tab, storage_properties}),
+    DetsOpts = proplists:get_value(dets, StorageProps, []),
+
     Args = [{file, mnesia_lib:tab2dat(Tab)},
 	    {type, mnesia_lib:disk_type(Tab, Type)},
 	    {keypos, 2},
-	    {repair, mnesia_monitor:get_env(auto_repair)}],
+	    {repair, mnesia_monitor:get_env(auto_repair)} 
+	    | DetsOpts],
     case Reason of
 	{dumper, _} ->
 	    mnesia_index:init_index(Tab, Storage),
@@ -349,17 +357,21 @@ do_init_table(Tab,Storage,Cs,SenderPid,
     end.
 
 create_table(Tab, TabSize, Storage, Cs) ->
+    StorageProps = val({Tab, storage_properties}),
     if
 	Storage == disc_only_copies ->
 	    mnesia_lib:lock_table(Tab),
 	    Tmp = mnesia_lib:tab2tmp(Tab),
 	    Size = lists:max([TabSize, 256]),
+	    DetsOpts = lists:keydelete(estimated_no_objects, 1,
+				       proplists:get_value(dets, StorageProps, [])),
 	    Args = [{file, Tmp},
 		    {keypos, 2},
 %%		    {ram_file, true},
 		    {estimated_no_objects, Size},
 		    {repair, mnesia_monitor:get_env(auto_repair)},
-		    {type, mnesia_lib:disk_type(Tab, Cs#cstruct.type)}],
+		    {type, mnesia_lib:disk_type(Tab, Cs#cstruct.type)}
+		    | DetsOpts],
 	    file:delete(Tmp),
 	    case mnesia_lib:dets_sync_open(Tab, Args) of
 		{ok, _} ->
@@ -370,7 +382,8 @@ create_table(Tab, TabSize, Storage, Cs) ->
 		    Else
 	    end;
 	(Storage == ram_copies) or (Storage == disc_copies) ->
-	    Args = [{keypos, 2}, public, named_table, Cs#cstruct.type],
+	    EtsOpts = proplists:get_value(ets, StorageProps, []),
+	    Args = [{keypos, 2}, public, named_table, Cs#cstruct.type | EtsOpts],
 	    case mnesia_monitor:unsafe_mktab(Tab, Args) of
 		Tab ->
 		    {Storage, Tab};
@@ -516,10 +529,13 @@ handle_last({disc_only_copies, Tab}, Type, nobin) ->
     Dat = mnesia_lib:tab2dat(Tab),
     case file:rename(Tmp, Dat) of
 	ok ->
+	    StorageProps = val({Tab, storage_properties}),
+	    DetsOpts = proplists:get_value(dets, StorageProps, []),
+
 	    Args = [{file, mnesia_lib:tab2dat(Tab)},
 		    {type, mnesia_lib:disk_type(Tab, Type)},
 		    {keypos, 2},
-		    {repair, mnesia_monitor:get_env(auto_repair)}],
+		    {repair, mnesia_monitor:get_env(auto_repair)} | DetsOpts],
 	    mnesia_monitor:open_dets(Tab, Args),
 	    ok;
 	{error, Reason} ->
diff --git a/lib/mnesia/src/mnesia_locker.erl b/lib/mnesia/src/mnesia_locker.erl
index 0492d794f3..a22c95d454 100644
--- a/lib/mnesia/src/mnesia_locker.erl
+++ b/lib/mnesia/src/mnesia_locker.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 1996-2012. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -66,14 +66,14 @@
 
 -record(queue, {oid, tid, op, pid, lucky}).
 
-%% mnesia_held_locks: contain       {Oid, Op, Tid} entries  (bag)
+%% mnesia_held_locks: contain       {Oid, MaxLock, [{Op, Tid}]} entries
 -define(match_oid_held_locks(Oid),  {Oid, '_', '_'}).
-%% mnesia_tid_locks: contain        {Tid, Oid, Op} entries  (bag) 
+%% mnesia_tid_locks: contain        {Tid, Oid, Op} entries  (bag)
 -define(match_oid_tid_locks(Tid),   {Tid, '_', '_'}).
 %% mnesia_sticky_locks: contain     {Oid, Node} entries and {Tab, Node} entries (set)
 -define(match_oid_sticky_locks(Oid),{Oid, '_'}).
 %% mnesia_lock_queue: contain       {queue, Oid, Tid, Op, ReplyTo, WaitForTid} entries (bag)
--define(match_oid_lock_queue(Oid),  #queue{oid=Oid, tid='_', op = '_', pid = '_', lucky = '_'}). 
+-define(match_oid_lock_queue(Oid),  #queue{oid=Oid, tid='_', op = '_', pid = '_', lucky = '_'}).
 %% mnesia_lock_counter:             {{write, Tab}, Number} &&
 %%                                  {{read, Tab}, Number} entries  (set)
 
@@ -83,11 +83,11 @@ start() ->
 init(Parent) ->
     register(?MODULE, self()),
     process_flag(trap_exit, true),
-    ?ets_new_table(mnesia_held_locks, [bag, private, named_table]), 
+    ?ets_new_table(mnesia_held_locks, [ordered_set, private, named_table]),
     ?ets_new_table(mnesia_tid_locks, [bag, private, named_table]),
     ?ets_new_table(mnesia_sticky_locks, [set, private, named_table]),
     ?ets_new_table(mnesia_lock_queue, [bag, private, named_table, {keypos, 2}]),
-    
+
     proc_lib:init_ack(Parent, {ok, self()}),
     case ?catch_val(pid_sort_order) of
 	r9b_plain -> put(pid_sort_order, r9b_plain);
@@ -98,8 +98,8 @@ init(Parent) ->
 
 val(Var) ->
     case ?catch_val(Var) of
-	{'EXIT', _ReASoN_} -> mnesia_lib:other_val(Var, _ReASoN_); 
-	_VaLuE_ -> _VaLuE_ 
+	{'EXIT', _ReASoN_} -> mnesia_lib:other_val(Var, _ReASoN_);
+	_VaLuE_ -> _VaLuE_
     end.
 
 reply(From, R) ->
@@ -111,10 +111,10 @@ l_request(Node, X, Store) ->
 
 l_req_rec(Node, Store) ->
     ?ets_insert(Store, {nodes, Node}),
-    receive 
-	{?MODULE, Node, Reply} -> 
+    receive
+	{?MODULE, Node, Reply} ->
 	    Reply;
-	{mnesia_down, Node} -> 
+	{mnesia_down, Node} ->
 	    {not_granted, {node_not_running, Node}}
     end.
 
@@ -128,10 +128,10 @@ send_release_tid(Nodes, Tid) ->
     rpc:abcast(Nodes, ?MODULE, {self(), {sync_release_tid, Tid}}).
 
 receive_release_tid_acc([Node | Nodes], Tid) ->
-    receive 
-	{?MODULE, Node, {tid_released, Tid}} -> 
+    receive
+	{?MODULE, Node, {tid_released, Tid}} ->
 	    receive_release_tid_acc(Nodes, Tid);
-	{mnesia_down, Node} -> 
+	{mnesia_down, Node} ->
 	    receive_release_tid_acc(Nodes, Tid)
     end;
 receive_release_tid_acc([], _Tid) ->
@@ -152,27 +152,27 @@ loop(State) ->
 
 	%% Really do a  read, but get hold of a write lock
 	%% used by mnesia:wread(Oid).
-	
+
 	{From, {read_write, Tid, Oid}} ->
 	    try_sticky_lock(Tid, read_write, From, Oid),
 	    loop(State);
-	
+
 	%% Tid has somehow terminated, clear up everything
 	%% and pass locks on to queued processes.
 	%% This is the purpose of the mnesia_tid_locks table
-	
+
 	{release_tid, Tid} ->
 	    do_release_tid(Tid),
 	    loop(State);
-	
+
 	%% stick lock, first tries this to the where_to_read Node
 	{From, {test_set_sticky, Tid, {Tab, _} = Oid, Lock}} ->
 	    case ?ets_lookup(mnesia_sticky_locks, Tab) of
-		[] -> 
+		[] ->
 		    reply(From, not_stuck),
 		    loop(State);
 		[{_,Node}] when Node == node() ->
-		    %% Lock is stuck here, see now if we can just set 
+		    %% Lock is stuck here, see now if we can just set
 		    %% a regular write lock
 		    try_lock(Tid, Lock, From, Oid),
 		    loop(State);
@@ -188,7 +188,7 @@ loop(State) ->
 	    ?ets_insert(mnesia_sticky_locks, {Tab, N}),
 	    loop(State);
 
-	%% The caller which sends this message, must have first 
+	%% The caller which sends this message, must have first
 	%% aquired a write lock on the entire table
 	{unstick, Tab} ->
 	    ?ets_delete(mnesia_sticky_locks, Tab),
@@ -205,14 +205,14 @@ loop(State) ->
 		[{_,N}] ->
 		    Req = {From, {ix_read, Tid, Tab, IxKey, Pos}},
 		    From ! {?MODULE, node(), {switch, N, Req}},
-		    loop(State)	   
+		    loop(State)
 	    end;
 
 	{From, {sync_release_tid, Tid}} ->
 	    do_release_tid(Tid),
 	    reply(From, {tid_released, Tid}),
 	    loop(State);
-	
+
 	{release_remote_non_pending, Node, Pending} ->
 	    release_remote_non_pending(Node, Pending),
 	    mnesia_monitor:mnesia_down(?MODULE, Node),
@@ -229,16 +229,23 @@ loop(State) ->
 	{get_table, From, LockTable} ->
 	    From ! {LockTable, ?ets_match_object(LockTable, '_')},
 	    loop(State);
-	
+
 	Msg ->
 	    error("~p got unexpected message: ~p~n", [?MODULE, Msg]),
 	    loop(State)
     end.
 
-set_lock(Tid, Oid, Op) ->
-    ?dbg("Granted ~p ~p ~p~n", [Tid,Oid,Op]),
-    ?ets_insert(mnesia_held_locks, {Oid, Op, Tid}),
-    ?ets_insert(mnesia_tid_locks, {Tid, Oid, Op}).
+set_lock(Tid, Oid, Op, []) ->
+    ?ets_insert(mnesia_tid_locks, {Tid, Oid, Op}),
+    ?ets_insert(mnesia_held_locks, {Oid, Op, [{Op, Tid}]});
+set_lock(Tid, Oid, read, [{Oid, Prev, Items}]) ->
+    ?ets_insert(mnesia_tid_locks, {Tid, Oid, read}),
+    ?ets_insert(mnesia_held_locks, {Oid, Prev, [{read, Tid}|Items]});
+set_lock(Tid, Oid, write, [{Oid, _Prev, Items}]) ->
+    ?ets_insert(mnesia_tid_locks, {Tid, Oid, write}),
+    ?ets_insert(mnesia_held_locks, {Oid, write, [{write, Tid}|Items]});
+set_lock(Tid, Oid, Op, undefined) ->
+    set_lock(Tid, Oid, Op, ?ets_lookup(mnesia_held_locks, Oid)).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Acquire locks
@@ -261,32 +268,32 @@ try_lock(Tid, Op, Pid, Oid) ->
 
 try_lock(Tid, Op, SimpleOp, Lock, Pid, Oid) ->
     case can_lock(Tid, Lock, Oid, {no, bad_luck}) of
-	yes ->
-	    Reply = grant_lock(Tid, SimpleOp, Lock, Oid),
+	{yes, Default} ->
+	    Reply = grant_lock(Tid, SimpleOp, Lock, Oid, Default),
 	    reply(Pid, Reply);
-	{no, Lucky} ->
+	{{no, Lucky},_} ->
 	    C = #cyclic{op = SimpleOp, lock = Lock, oid = Oid, lucky = Lucky},
 	    ?dbg("Rejected ~p ~p ~p ~p ~n", [Tid, Oid, Lock, Lucky]),
 	    reply(Pid, {not_granted, C});
-	{queue, Lucky} ->
+	{{queue, Lucky},_} ->
 	    ?dbg("Queued ~p ~p ~p ~p ~n", [Tid, Oid, Lock, Lucky]),
 	    %% Append to queue: Nice place for trace output
-	    ?ets_insert(mnesia_lock_queue, 
-			#queue{oid = Oid, tid = Tid, op = Op, 
+	    ?ets_insert(mnesia_lock_queue,
+			#queue{oid = Oid, tid = Tid, op = Op,
 			       pid = Pid, lucky = Lucky}),
 	    ?ets_insert(mnesia_tid_locks, {Tid, Oid, {queued, Op}})
     end.
 
-grant_lock(Tid, read, Lock, Oid = {Tab, Key})
+grant_lock(Tid, read, Lock, Oid = {Tab, Key}, Default)
   when Key /= ?ALL, Tab /= ?GLOBAL ->
     case node(Tid#tid.pid) == node() of
 	true ->
-	    set_lock(Tid, Oid, Lock),
+	    set_lock(Tid, Oid, Lock, Default),
 	    {granted, lookup_in_client};
 	false ->
 	    try
 		Val = mnesia_lib:db_get(Tab, Key), %% lookup as well
-		set_lock(Tid, Oid, Lock),
+		set_lock(Tid, Oid, Lock, Default),
 		{granted, Val}
 	    catch _:_Reason ->
 		    %% Table has been deleted from this node,
@@ -296,87 +303,71 @@ grant_lock(Tid, read, Lock, Oid = {Tab, Key})
 		    {not_granted, C}
 	    end
     end;
-grant_lock(Tid, {ix_read,IxKey,Pos}, Lock, Oid = {Tab, _}) ->
+grant_lock(Tid, {ix_read,IxKey,Pos}, Lock, Oid = {Tab, _}, Default) ->
     try
 	Res = ix_read_res(Tab, IxKey,Pos),
-	set_lock(Tid, Oid, Lock),
+	set_lock(Tid, Oid, Lock, Default),
 	{granted, Res, [?ALL]}
     catch _:_ ->
 	    {not_granted, {no_exists, Tab, {index, [Pos]}}}
     end;
-grant_lock(Tid, read, Lock, Oid) ->
-    set_lock(Tid, Oid, Lock),
+grant_lock(Tid, read, Lock, Oid, Default) ->
+    set_lock(Tid, Oid, Lock, Default),
     {granted, ok};
-grant_lock(Tid, write, Lock, Oid) ->
-    set_lock(Tid, Oid, Lock),
+grant_lock(Tid, write, Lock, Oid, Default) ->
+    set_lock(Tid, Oid, Lock, Default),
     granted.
 
 %% 1) Impose an ordering on all transactions favour old (low tid) transactions
 %%    newer (higher tid) transactions may never wait on older ones,
 %% 2) When releasing the tids from the queue always begin with youngest (high tid)
 %%    because of 1) it will avoid the deadlocks.
-%% 3) TabLocks is the problem :-) They should not starve and not deadlock 
+%% 3) TabLocks is the problem :-) They should not starve and not deadlock
 %%    handle tablocks in queue as they had locks on unlocked records.
 
-can_lock(Tid, read, {Tab, Key}, AlreadyQ) when Key /= ?ALL ->
-    %% The key is bound, no need for the other BIF
-    Oid = {Tab, Key}, 
-    ObjLocks = ?ets_match_object(mnesia_held_locks, {Oid, write, '_'}),
-    TabLocks = ?ets_match_object(mnesia_held_locks, {{Tab, ?ALL}, write, '_'}),
-    check_lock(Tid, Oid, ObjLocks, TabLocks, yes, AlreadyQ, read);
+can_lock(Tid, read, Oid = {Tab, Key}, AlreadyQ) when Key /= ?ALL ->
+    ObjLocks = ?ets_lookup(mnesia_held_locks, Oid),
+    TabLocks = ?ets_lookup(mnesia_held_locks, {Tab, ?ALL}),
+    {check_lock(Tid, Oid,
+		filter_write(ObjLocks),
+		filter_write(TabLocks),
+		yes, AlreadyQ, read),
+     ObjLocks};
 
 can_lock(Tid, read, Oid, AlreadyQ) -> % Whole tab
     Tab = element(1, Oid),
     ObjLocks = ?ets_match_object(mnesia_held_locks, {{Tab, '_'}, write, '_'}),
-    check_lock(Tid, Oid, ObjLocks, [], yes, AlreadyQ, read);
+    {check_lock(Tid, Oid, ObjLocks, [], yes, AlreadyQ, read), undefined};
 
-can_lock(Tid, write, {Tab, Key}, AlreadyQ) when Key /= ?ALL -> 
-    Oid = {Tab, Key},
+can_lock(Tid, write, Oid = {Tab, Key}, AlreadyQ) when Key /= ?ALL ->
     ObjLocks = ?ets_lookup(mnesia_held_locks, Oid),
     TabLocks = ?ets_lookup(mnesia_held_locks, {Tab, ?ALL}),
-    check_lock(Tid, Oid, ObjLocks, TabLocks, yes, AlreadyQ, write);
+    {check_lock(Tid, Oid, ObjLocks, TabLocks, yes, AlreadyQ, write), ObjLocks};
 
 can_lock(Tid, write, Oid, AlreadyQ) -> % Whole tab
     Tab = element(1, Oid),
     ObjLocks = ?ets_match_object(mnesia_held_locks, ?match_oid_held_locks({Tab, '_'})),
-    check_lock(Tid, Oid, ObjLocks, [], yes, AlreadyQ, write).
+    {check_lock(Tid, Oid, ObjLocks, [], yes, AlreadyQ, write), undefined}.
+
+filter_write([{_, read, _}]) -> [];
+filter_write(Res) -> Res.
 
 %% Check held locks for conflicting locks
-check_lock(Tid, Oid, [Lock | Locks], TabLocks, X, AlreadyQ, Type) ->
-    case element(3, Lock) of
-	Tid ->
-	    check_lock(Tid, Oid, Locks, TabLocks, X, AlreadyQ, Type);
-	WaitForTid ->
-	    Queue = allowed_to_be_queued(WaitForTid,Tid),
-	    if Queue == true -> 
-		    check_lock(Tid, Oid, Locks, TabLocks, {queue, WaitForTid}, AlreadyQ, Type);
-	       Tid#tid.pid == WaitForTid#tid.pid ->
-		    dbg_out("Spurious lock conflict ~w ~w: ~w -> ~w~n",
-			    [Oid, Lock, Tid, WaitForTid]),  
-		    %% Test..
-		    {Tab, _Key} = Oid,
-		    HaveQ = (ets:lookup(mnesia_lock_queue, Oid) /= []) 
-			orelse (ets:lookup(mnesia_lock_queue,{Tab,?ALL}) /= []),
-		    if 
-			HaveQ -> 
-			    {no, WaitForTid};
-			true -> 
-			    check_lock(Tid,Oid,Locks,TabLocks,{queue,WaitForTid},AlreadyQ,Type)
-		    end;
-		    %%{no, WaitForTid};  Safe solution 
-	       true ->
-		    {no, WaitForTid}
-	    end
+check_lock(Tid, Oid, [{_, _, Lock} | Locks], TabLocks, _X, AlreadyQ, Type) ->
+    case can_queue(Lock, Tid, Oid, _X) of
+	{no, _} = Res ->
+	    Res;
+	Res ->
+	    check_lock(Tid, Oid, Locks, TabLocks, Res, AlreadyQ, Type)
     end;
 
 check_lock(_, _, [], [], X, {queue, bad_luck}, _) ->
     X;  %% The queue should be correct already no need to check it again
 
 check_lock(_, _, [], [], X = {queue, _Tid}, _AlreadyQ, _) ->
-    X;  
+    X;
 
-check_lock(Tid, Oid, [], [], X, AlreadyQ, Type) ->
-    {Tab, Key} = Oid,
+check_lock(Tid, Oid = {Tab, Key}, [], [], X, AlreadyQ, Type) ->
     if
 	Type == write ->
 	    check_queue(Tid, Tab, X, AlreadyQ);
@@ -387,7 +378,7 @@ check_lock(Tid, Oid, [], [], X, AlreadyQ, Type) ->
 	    %% If there is a queue on that object, read_lock shouldn't be granted
 	    ObjLocks = ets:lookup(mnesia_lock_queue, Oid),
 	    case max(ObjLocks) of
-		empty -> 
+		empty ->
 		    check_queue(Tid, Tab, X, AlreadyQ);
 		ObjL ->
 		    case allowed_to_be_queued(ObjL,Tid) of
@@ -403,16 +394,36 @@ check_lock(Tid, Oid, [], [], X, AlreadyQ, Type) ->
 check_lock(Tid, Oid, [], TabLocks, X, AlreadyQ, Type) ->
     check_lock(Tid, Oid, TabLocks, [], X, AlreadyQ, Type).
 
+can_queue([{_Op, Tid}|Locks], Tid, Oid, Res) ->
+    can_queue(Locks, Tid, Oid, Res);
+can_queue([{Op, WaitForTid}|Locks], Tid, Oid = {Tab, _}, _) ->
+    case allowed_to_be_queued(WaitForTid,Tid) of
+	true when Tid#tid.pid == WaitForTid#tid.pid ->
+	    dbg_out("Spurious lock conflict ~w ~w: ~w -> ~w~n",
+		    [Oid, Op, Tid, WaitForTid]),
+	    HaveQ = (ets:lookup(mnesia_lock_queue, Oid) /= [])
+		orelse (ets:lookup(mnesia_lock_queue,{Tab,?ALL}) /= []),
+	    case HaveQ of
+		true -> {no, WaitForTid};
+		false ->  can_queue(Locks, Tid, Oid, {queue, WaitForTid})
+	    end;
+	true ->
+	    can_queue(Locks, Tid, Oid, {queue, WaitForTid});
+	false ->
+	    {no, WaitForTid}
+    end;
+can_queue([], _, _, Res) -> Res.
+
 %% True if  WaitForTid > Tid -> % Important order
 allowed_to_be_queued(WaitForTid, Tid) ->
     case get(pid_sort_order) of
 	undefined -> WaitForTid > Tid;
-	r9b_plain -> 
+	r9b_plain ->
 	    cmp_tid(true, WaitForTid, Tid) =:= 1;
-	standard  -> 
+	standard  ->
 	    cmp_tid(false, WaitForTid, Tid) =:= 1
-    end.	    
-	    
+    end.
+
 %% Check queue for conflicting locks
 %% Assume that all queued locks belongs to other tid's
 
@@ -421,25 +432,25 @@ check_queue(Tid, Tab, X, AlreadyQ) ->
     Greatest = max(TabLocks),
     case Greatest of
 	empty ->  X;
-	Tid ->    X; 
-	WaitForTid -> 
+	Tid ->    X;
+	WaitForTid ->
 	    case allowed_to_be_queued(WaitForTid,Tid) of
 		true ->
 		    {queue, WaitForTid};
-		false when AlreadyQ =:= {no, bad_luck} -> 
+		false when AlreadyQ =:= {no, bad_luck} ->
 		    {no, WaitForTid}
 	    end
     end.
 
 sort_queue(QL) ->
     case get(pid_sort_order) of
-	undefined -> 
+	undefined ->
 	    lists:reverse(lists:keysort(#queue.tid, QL));
-	r9b_plain -> 
-	    lists:sort(fun(#queue{tid=X},#queue{tid=Y}) -> 
+	r9b_plain ->
+	    lists:sort(fun(#queue{tid=X},#queue{tid=Y}) ->
 			       cmp_tid(true, X, Y) == 1
 		       end, QL);
-	standard  -> 
+	standard  ->
 	    lists:sort(fun(#queue{tid=X},#queue{tid=Y}) ->
 			       cmp_tid(false, X, Y) == 1
 		       end, QL)
@@ -456,22 +467,22 @@ set_read_lock_on_all_keys(Tid, From, Tab, IxKey, Pos) ->
     Op = {ix_read,IxKey, Pos},
     Lock = read,
     case can_lock(Tid, Lock, Oid, {no, bad_luck}) of
-	yes ->
-	    Reply = grant_lock(Tid, Op, Lock, Oid),
+	{yes, Default} ->
+	    Reply = grant_lock(Tid, Op, Lock, Oid, Default),
 	    reply(From, Reply);
-	{no, Lucky} ->
+	{{no, Lucky},_} ->
 	    C = #cyclic{op = Op, lock = Lock, oid = Oid, lucky = Lucky},
 	    ?dbg("Rejected ~p ~p ~p ~p ~n", [Tid, Oid, Lock, Lucky]),
 	    reply(From, {not_granted, C});
-    	{queue, Lucky} ->
+	{{queue, Lucky},_} ->
 	    ?dbg("Queued ~p ~p ~p ~p ~n", [Tid, Oid, Lock, Lucky]),
 	    %% Append to queue: Nice place for trace output
-	    ?ets_insert(mnesia_lock_queue, 
-			#queue{oid = Oid, tid = Tid, op = Op, 
+	    ?ets_insert(mnesia_lock_queue,
+			#queue{oid = Oid, tid = Tid, op = Op,
 			       pid = From, lucky = Lucky}),
 	    ?ets_insert(mnesia_tid_locks, {Tid, Oid, {queued, Op}})
     end.
-       
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Release of locks
 
@@ -520,30 +531,40 @@ release_locks([]) ->
 release_lock({Tid, Oid, {queued, _}}) ->
     ?ets_match_delete(mnesia_lock_queue, #queue{oid=Oid, tid = Tid, op = '_',
 						pid = '_', lucky = '_'});
-release_lock({Tid, Oid, Op}) ->
-    if
-	Op == write ->
-	    ?ets_delete(mnesia_held_locks, Oid);
-	Op == read ->
-	    ets:delete_object(mnesia_held_locks, {Oid, Op, Tid})
+release_lock({_Tid, Oid, write}) ->
+    ?ets_delete(mnesia_held_locks, Oid);
+release_lock({Tid, Oid, read}) ->
+    case ?ets_lookup(mnesia_held_locks, Oid) of
+	[{Oid, Prev, Locks0}] ->
+	    case remove_tid(Locks0, Tid, []) of
+		[] -> ?ets_delete(mnesia_held_locks, Oid);
+		Locks -> ?ets_insert(mnesia_held_locks, {Oid, Prev, Locks})
+	    end;
+	[] -> ok
     end.
 
+remove_tid([{_Op, Tid}|Ls], Tid, Acc) ->
+    remove_tid(Ls,Tid, Acc);
+remove_tid([Keep|Ls], Tid, Acc) ->
+    remove_tid(Ls,Tid, [Keep|Acc]);
+remove_tid([], _, Acc) -> Acc.
+
 rearrange_queue([{_Tid, {Tab, Key}, _} | Locks]) ->
     if
-	Key /= ?ALL->	    
-	    Queue =  
-		ets:lookup(mnesia_lock_queue, {Tab, ?ALL}) ++ 
+	Key /= ?ALL->
+	    Queue =
+		ets:lookup(mnesia_lock_queue, {Tab, ?ALL}) ++
 		ets:lookup(mnesia_lock_queue, {Tab, Key}),
-	    case Queue of 
-		[] -> 
+	    case Queue of
+		[] ->
 		    ok;
 		_ ->
 		    Sorted = sort_queue(Queue),
 		    try_waiters_obj(Sorted)
-	    end;	
-	true -> 
+	    end;
+	true ->
 	    Pat = ?match_oid_lock_queue({Tab, '_'}),
-	    Queue = ?ets_match_object(mnesia_lock_queue, Pat),	    
+	    Queue = ?ets_match_object(mnesia_lock_queue, Pat),
 	    Sorted = sort_queue(Queue),
 	    try_waiters_tab(Sorted)
     end,
@@ -556,7 +577,7 @@ try_waiters_obj([W | Waiters]) ->
     case try_waiter(W) of
 	queued ->
 	    no;
-	_ -> 	    
+	_ ->
 	    try_waiters_obj(Waiters)
     end;
 try_waiters_obj([]) ->
@@ -573,10 +594,10 @@ try_waiters_tab([W | Waiters]) ->
 	    end;
 	Oid ->
 	    case try_waiter(W) of
-		queued -> 	    
+		queued ->
 		    Rest = key_delete_all(Oid, #queue.oid, Waiters),
 		    try_waiters_tab(Rest);
-		_ ->		    
+		_ ->
 		    try_waiters_tab(Waiters)
 	    end
     end;
@@ -592,22 +613,22 @@ try_waiter({queue, Oid, Tid, Op, ReplyTo, _}) ->
 
 try_waiter(Oid, Op, SimpleOp, Lock, ReplyTo, Tid) ->
     case can_lock(Tid, Lock, Oid, {queue, bad_luck}) of
-	yes ->
+	{yes, Default} ->
 	    %% Delete from queue: Nice place for trace output
-	    ?ets_match_delete(mnesia_lock_queue, 
+	    ?ets_match_delete(mnesia_lock_queue,
 			      #queue{oid=Oid, tid = Tid, op = Op,
 				     pid = ReplyTo, lucky = '_'}),
-	    Reply = grant_lock(Tid, SimpleOp, Lock, Oid),	    
+	    Reply = grant_lock(Tid, SimpleOp, Lock, Oid, Default),
 	    reply(ReplyTo,Reply),
 	    locked;
-	{queue, _Why} ->
+	{{queue, _Why}, _} ->
 	    ?dbg("Keep ~p ~p ~p ~p~n", [Tid, Oid, Lock, _Why]),
-	    queued; % Keep waiter in queue	
-	{no, Lucky} ->
+	    queued; % Keep waiter in queue
+	{{no, Lucky}, _} ->
 	    C = #cyclic{op = SimpleOp, lock = Lock, oid = Oid, lucky = Lucky},
 	    verbose("** WARNING ** Restarted transaction, possible deadlock in lock queue ~w: cyclic = ~w~n",
 		    [Tid, C]),
-	    ?ets_match_delete(mnesia_lock_queue, 
+	    ?ets_match_delete(mnesia_lock_queue,
 			      #queue{oid=Oid, tid = Tid, op = Op,
 				     pid = ReplyTo, lucky = '_'}),
 	    Reply = {not_granted, C},
@@ -645,7 +666,7 @@ mnesia_down(N, Pending) ->
 	    Pid ! {release_remote_non_pending, N, Pending}
     end.
 
-%% Aquire a write lock, but do a read, used by 
+%% Aquire a write lock, but do a read, used by
 %% mnesia:wread/1
 
 rwlock(Tid, Store, Oid) ->
@@ -657,9 +678,10 @@ rwlock(Tid, Store, Oid) ->
 	    Lock = write,
 	    case need_lock(Store, Tab, Key, Lock)  of
 		yes ->
-		    {Ns, Majority} = w_nodes(Tab),
+		    {Ns0, Majority} = w_nodes(Tab),
+		    Ns = [Node|lists:delete(Node,Ns0)],
 		    check_majority(Majority, Tab, Ns),
-		    Res = get_rwlocks_on_nodes(Ns, rwlock, Node, Store, Tid, Oid),
+		    Res = get_rwlocks_on_nodes(Ns, make_ref(), Store, Tid, Oid),
 		    ?ets_insert(Store, {{locks, Tab, Key}, Lock}),
 		    Res;
 		no ->
@@ -718,7 +740,7 @@ sticky_rwlock(Tid, Store, Oid) ->
     sticky_lock(Tid, Store, Oid, read_write).
 
 sticky_lock(Tid, Store, {Tab, Key} = Oid, Lock) ->
-    N = val({Tab, where_to_read}), 
+    N = val({Tab, where_to_read}),
     if
 	node() == N ->
 	    case need_lock(Store, Tab, Key, write) of
@@ -805,9 +827,9 @@ sticky_wlock_table(Tid, Store, Tab) ->
 %% aquire a wlock on Oid
 %% We store a {Tabname, write, Tid} in all locktables
 %% on all nodes containing a copy of Tabname
-%% We also store an item {{locks, Tab, Key}, write} in the 
+%% We also store an item {{locks, Tab, Key}, write} in the
 %% local store when we have aquired the lock.
-%% 
+%%
 wlock(Tid, Store, Oid) ->
     wlock(Tid, Store, Oid, _CheckMajority = true).
 
@@ -845,10 +867,10 @@ wlock_no_exist(Tid, Store, Tab, Ns) ->
 
 need_lock(Store, Tab, Key, LockPattern) ->
     TabL = ?ets_match_object(Store, {{locks, Tab, ?ALL}, LockPattern}),
-    if 
+    if
 	TabL == [] ->
 	    KeyL = ?ets_match_object(Store, {{locks, Tab, Key}, LockPattern}),
-	    if 
+	    if
 		KeyL == [] ->
 		    yes;
 		true  ->
@@ -865,7 +887,7 @@ del_debug() ->
     erase(mnesia_wlock_nodes).
 
 %% We first send lock request to the local node if it is part of the lockers
-%% then the first sorted node then to the rest of the lockmanagers on all 
+%% then the first sorted node then to the rest of the lockmanagers on all
 %% nodes holding a copy of the table
 
 get_wlocks_on_nodes([Node | Tail], Orig, Store, Request, Oid) ->
@@ -875,51 +897,31 @@ get_wlocks_on_nodes([Node | Tail], Orig, Store, Request, Oid) ->
     case node() of
 	Node -> %% Local done try one more
 	    get_wlocks_on_nodes(Tail, Orig, Store, Request, Oid);
-	_ ->    %% The first succeded cont with the rest  
+	_ ->    %% The first succeded cont with the rest
 	    get_wlocks_on_nodes(Tail, Store, Request),
 	    receive_wlocks(Tail, Orig, Store, Oid)
     end;
-get_wlocks_on_nodes([], Orig, _Store, _Request, _Oid) -> 
+get_wlocks_on_nodes([], Orig, _Store, _Request, _Oid) ->
     Orig.
 
 get_wlocks_on_nodes([Node | Tail], Store, Request) ->
     {?MODULE, Node} ! Request,
     ?ets_insert(Store,{nodes, Node}),
     get_wlocks_on_nodes(Tail, Store, Request);
-get_wlocks_on_nodes([], _, _) -> 
+get_wlocks_on_nodes([], _, _) ->
     ok.
 
-get_rwlocks_on_nodes([ReadNode|Tail], _Res, ReadNode, Store, Tid, Oid) ->
+get_rwlocks_on_nodes([ReadNode|Tail], Ref, Store, Tid, Oid) ->
     Op = {self(), {read_write, Tid, Oid}},
     {?MODULE, ReadNode} ! Op,
     ?ets_insert(Store, {nodes, ReadNode}),
-    Res = receive_wlocks([ReadNode], undefined, Store, Oid),
-    case node() of
-	ReadNode -> 
-	    get_rwlocks_on_nodes(Tail, Res, ReadNode, Store, Tid, Oid);
-	_ ->
-	    get_wlocks_on_nodes(Tail, Store, {self(), {write, Tid, Oid}}),
-	    receive_wlocks(Tail, Res, Store, Oid)
+    case receive_wlocks([ReadNode], Ref, Store, Oid) of
+	Ref ->
+	    get_rwlocks_on_nodes(Tail, Ref, Store, Tid, Oid);
+	Res ->
+	    get_wlocks_on_nodes(Tail, Res, Store, {self(), {write, Tid, Oid}}, Oid)
     end;
-get_rwlocks_on_nodes([Node | Tail], Res, ReadNode, Store, Tid, Oid) ->
-    Op = {self(), {write, Tid, Oid}},
-    {?MODULE, Node} ! Op,
-    ?ets_insert(Store, {nodes, Node}),
-    receive_wlocks([Node], undefined, Store, Oid),
-    if node() == Node ->
-	    get_rwlocks_on_nodes(Tail, Res, ReadNode, Store, Tid, Oid);
-       Res == rwlock -> %% Hmm	    
-	    Rest = lists:delete(ReadNode, Tail),
-	    Op2 = {self(), {read_write, Tid, Oid}},
-	    {?MODULE, ReadNode} ! Op2,
-	    ?ets_insert(Store, {nodes, ReadNode}),
-	    get_wlocks_on_nodes(Rest, Store, {self(), {write, Tid, Oid}}),
-	    receive_wlocks([ReadNode|Rest], undefined, Store, Oid);
-       true ->
-	    get_wlocks_on_nodes(Tail, Store, {self(), {write, Tid, Oid}}),
-	    receive_wlocks(Tail, Res, Store, Oid)
-    end;
-get_rwlocks_on_nodes([],Res,_,_,_,_) ->
+get_rwlocks_on_nodes([],Res,_,_,_) ->
     Res.
 
 receive_wlocks([], Res, _Store, _Oid) ->
@@ -944,8 +946,8 @@ receive_wlocks(Nodes = [This|Ns], Res, Store, Oid) ->
 	    Tail = lists:delete(Node,Nodes),
 	    Nonstuck = lists:delete(Sticky,Tail),
 	    [?ets_insert(Store, {nodes, NSNode}) || NSNode <- Nonstuck],
-	    case lists:member(Sticky,Tail) of		
-		true -> 		    
+	    case lists:member(Sticky,Tail) of
+		true ->
 		    sticky_flush(Nonstuck,Store),
 		    receive_wlocks([Sticky], Res, Store, Oid);
 		false ->
@@ -957,7 +959,7 @@ receive_wlocks(Nodes = [This|Ns], Res, Store, Oid) ->
 	    flush_remaining(Ns, This, Reason1)
     end.
 
-sticky_flush([], _) -> 
+sticky_flush([], _) ->
     del_debug(),
     ok;
 sticky_flush(Ns=[Node | Tail], Store) ->
@@ -991,7 +993,7 @@ opt_lookup_in_client(lookup_in_client, Oid, Lock) ->
 	    %% Table has been deleted from this node,
 	    %% restart the transaction.
 	    #cyclic{op = read, lock = Lock, oid = Oid, lucky = nowhere};
-	Val -> 
+	Val ->
 	    Val
     end;
 opt_lookup_in_client(Val, _Oid, _Lock) ->
@@ -1000,8 +1002,8 @@ opt_lookup_in_client(Val, _Oid, _Lock) ->
 return_granted_or_nodes({_, ?ALL}   , Nodes) -> Nodes;
 return_granted_or_nodes({?GLOBAL, _}, Nodes) -> Nodes;
 return_granted_or_nodes(_           , _Nodes) -> granted.
-    
-%% We store a {Tab, read, From} item in the 
+
+%% We store a {Tab, read, From} item in the
 %% locks table on the node where we actually do pick up the object
 %% and we also store an item {lock, Oid, read} in our local store
 %% so that we can release any locks we hold when we commit.
@@ -1059,9 +1061,9 @@ rlock_get_reply(Node, Store, Oid, {granted, V}) ->
     ?ets_insert(Store, {{locks, Tab, Key}, read}),
     ?ets_insert(Store, {nodes, Node}),
     case opt_lookup_in_client(V, Oid, read) of
-	C = #cyclic{} -> 
+	C = #cyclic{} ->
 	    mnesia:abort(C);
-	Val -> 
+	Val ->
 	    Val
     end;
 rlock_get_reply(Node, Store, Oid, granted) ->
@@ -1079,7 +1081,7 @@ rlock_get_reply(Node, Store, Tab, {granted, V, RealKeys}) ->
 rlock_get_reply(_Node, _Store, _Oid, {not_granted, Reason}) ->
     exit({aborted, Reason});
 
-rlock_get_reply(_Node, Store, Oid, {switch, N2, Req}) ->    
+rlock_get_reply(_Node, Store, Oid, {switch, N2, Req}) ->
     ?ets_insert(Store, {nodes, N2}),
     {?MODULE, N2} ! Req,
     rlock_get_reply(N2, Store, Oid, l_req_rec(N2, Store)).
@@ -1095,7 +1097,7 @@ ixrlock(Tid, Store, Tab, IxKey, Pos) ->
 	    %%% Old code
 	    %% R = l_request(Node, {ix_read, Tid, Tab, IxKey, Pos}, Store),
 	    %% rlock_get_reply(Node, Store, Tab, R)
-	    
+
 	    case need_lock(Store, Tab, ?ALL, read) of
 		no when Node =:= node() ->
 		    ix_read_res(Tab,IxKey,Pos);
@@ -1135,11 +1137,23 @@ rec_requests([], _Oid, _Store) ->
 
 get_held_locks() ->
     ?MODULE ! {get_table, self(), mnesia_held_locks},
-    receive {mnesia_held_locks, Locks} -> Locks  end.
+    Locks = receive {mnesia_held_locks, Ls} -> Ls after 5000 -> [] end,
+    rewrite_locks(Locks, []).
+
+rewrite_locks([{Oid, _, Ls}|Locks], Acc0) ->
+    Acc = rewrite_locks(Ls, Oid, Acc0),
+    rewrite_locks(Locks, Acc);
+rewrite_locks([], Acc) ->
+    lists:reverse(Acc).
+
+rewrite_locks([{Op, Tid}|Ls], Oid, Acc) ->
+    rewrite_locks(Ls, Oid, [{Oid, Op, Tid}|Acc]);
+rewrite_locks([], _, Acc) ->
+    Acc.
 
 get_lock_queue() ->
     ?MODULE ! {get_table, self(), mnesia_lock_queue},
-    Q = receive {mnesia_lock_queue, Locks} -> Locks  end,
+    Q = receive {mnesia_lock_queue, Locks} -> Locks after 5000 -> [] end,
     [{Oid, Op, Pid, Tid, WFT} || {queue, Oid, Tid, Op, Pid, WFT} <- Q].
 
 do_stop() ->
diff --git a/lib/mnesia/src/mnesia_log.erl b/lib/mnesia/src/mnesia_log.erl
index 94153473cb..18303869ed 100644
--- a/lib/mnesia/src/mnesia_log.erl
+++ b/lib/mnesia/src/mnesia_log.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
+%%
 %% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -180,8 +180,8 @@
 	 view/1,
 	 write_trans_log_header/0
 	]).
-	
-	
+
+
 -compile({no_auto_import,[error/2]}).
 
 -include("mnesia.hrl").
@@ -210,7 +210,7 @@ decision_tab_version() -> "1.0".
 
 dcl_version() -> "1.0".
 dcd_version() -> "1.0".
-     
+
 append(Log, Bin) when is_binary(Bin) ->
     disk_log:balog(Log, Bin);
 append(Log, Term) ->
@@ -218,9 +218,9 @@ append(Log, Term) ->
 
 %% Synced append
 sappend(Log, Bin) when is_binary(Bin) ->
-    ok = disk_log:blog(Log, Bin);  
+    ok = disk_log:blog(Log, Bin);
 sappend(Log, Term) ->
-    ok = disk_log:log(Log, Term).  
+    ok = disk_log:log(Log, Term).
 
 %% Write commit records to the latest_log
 log(C) when  C#commit.disc_copies == [],
@@ -283,7 +283,7 @@ previous_log_file() -> dir("PREVIOUS.LOG").
 decision_log_file() -> dir(decision_log_name()).
 
 decision_tab_file() -> dir(decision_tab_name()).
-    
+
 previous_decision_log_file() -> dir("PDECISION.LOG").
 
 latest_log_name() -> "LATEST.LOG".
@@ -297,10 +297,10 @@ init() ->
 	true ->
 	    Prev = previous_log_file(),
 	    verify_no_exists(Prev),
-	    
+
 	    Latest = latest_log_file(),
 	    verify_no_exists(Latest),
-	    
+
 	    Header = trans_log_header(),
 	    open_log(latest_log, Header, Latest);
 	false ->
@@ -346,20 +346,20 @@ open_log(Name, Header, Fname, Exists, Repair, Mode) ->
 	    write_header(Log, Header),
 	    Log;
 	{repaired, Log, _Recover, BadBytes} ->
-	    mnesia_lib:important("Data may be missing, log ~p repaired: Lost ~p bytes~n", 
+	    mnesia_lib:important("Data may be missing, log ~p repaired: Lost ~p bytes~n",
 				 [Fname, BadBytes]),
 	    Log;
 	{error, Reason} when Repair == true ->
 	    file:delete(Fname),
-	    mnesia_lib:important("Data may be missing, Corrupt logfile deleted: ~p, ~p ~n", 
+	    mnesia_lib:important("Data may be missing, Corrupt logfile deleted: ~p, ~p ~n",
 				 [Fname, Reason]),
-	    %% Create a new 
+	    %% Create a new
 	    open_log(Name, Header, Fname, false, false, read_write);
 	{error, Reason} ->
 	    fatal("Cannot open log file ~p: ~p~n", [Fname, Reason])
     end.
 
-write_header(Log, Header) -> 
+write_header(Log, Header) ->
     append(Log, Header).
 
 write_trans_log_header() ->
@@ -376,12 +376,12 @@ stop() ->
 close_log(Log) ->
 %%    io:format("mnesia_log:close_log ~p~n", [Log]),
 %%    io:format("mnesia_log:close_log ~p~n", [Log]),
-    case disk_log:sync(Log) of 
+    case disk_log:sync(Log) of
 	ok -> ok;
-	{error, {read_only_mode, Log}} -> 
+	{error, {read_only_mode, Log}} ->
 	    ok;
-	{error, Reason} -> 
-	    mnesia_lib:important("Failed syncing ~p to_disk reason ~p ~n", 
+	{error, Reason} ->
+	    mnesia_lib:important("Failed syncing ~p to_disk reason ~p ~n",
 				 [Log, Reason])
     end,
     mnesia_monitor:close_log(Log).
@@ -392,7 +392,7 @@ unsafe_close_log(Log) ->
 
 
 purge_some_logs() ->
-    mnesia_monitor:unsafe_close_log(latest_log), 
+    mnesia_monitor:unsafe_close_log(latest_log),
     file:delete(latest_log_file()),
     file:delete(decision_tab_file()).
 
@@ -466,10 +466,10 @@ chunk_log(Log, Cont) ->
 		  [Log, Reason]);
 	{C2, Chunk, _BadBytes} ->
 	    %% Read_only case, should we warn about the bad log file?
-	    %% BUGBUG Should we crash if Repair == false ?? 
+	    %% BUGBUG Should we crash if Repair == false ??
 	    %% We got to check this !!
 	    mnesia_lib:important("~p repaired, lost ~p bad bytes~n", [Log, _BadBytes]),
-	    {C2, Chunk}; 
+	    {C2, Chunk};
 	Other ->
 	    Other
     end.
@@ -492,7 +492,7 @@ open_decision_log() ->
     Latest = decision_log_file(),
     open_log(decision_log, decision_log_header(), Latest),
     start.
-    
+
 prepare_decision_log_dump() ->
     Prev = previous_decision_log_file(),
     prepare_decision_log_dump(exists(Prev), Prev).
@@ -586,11 +586,11 @@ view_file(C, Log) ->
 	    eof;
 	{C2, Terms, _BadBytes} ->
 	    dbg_out("Lost ~p bytes in ~p ~n", [_BadBytes, Log]),
-	    lists:foreach(fun(X) -> mnesia_lib:show("~p~n", [X]) end, 
+	    lists:foreach(fun(X) -> mnesia_lib:show("~p~n", [X]) end,
 			  Terms),
 	    view_file(C2, Log);
 	{C2, Terms} ->
-	    lists:foreach(fun(X) -> mnesia_lib:show("~p~n", [X]) end, 
+	    lists:foreach(fun(X) -> mnesia_lib:show("~p~n", [X]) end,
 			  Terms),
 	    view_file(C2, Log)
     end.
@@ -655,7 +655,7 @@ check_backup_args([Arg | Tail], B) ->
 check_backup_args([], B) ->
     {ok, B}.
 
-check_backup_arg_type(Arg, B) ->    
+check_backup_arg_type(Arg, B) ->
     case Arg of
 	{scope, global} ->
 	    B#backup_args{scope = global};
@@ -714,7 +714,7 @@ select_tables(AllTabs, B) ->
 
 safe_write(B, []) ->
     B;
-safe_write(B, Recs) ->	
+safe_write(B, Recs) ->
     safe_apply(B, write, [B#backup_args.opaque, Recs]).
 
 backup_schema(B, Tabs) ->
@@ -754,7 +754,7 @@ abort_write(B, What, Args, Reason) ->
 		  [Mod, abort_write, [Opaque], Other]),
 	    throw({error, Reason})
     end.
-	
+
 backup_tab(Tab, B) ->
     Name = B#backup_args.name,
     case mnesia_checkpoint:most_local_node(Name, Tab) of
@@ -768,7 +768,7 @@ backup_tab(Tab, B) ->
 	{error, Reason} ->
 	    abort_write(B, {?MODULE, backup_tab}, [Tab, B], {error, Reason})
     end.
-    
+
 tab_copier(Pid, B, Tab) when is_record(B, backup_args) ->
     %% Intentional crash at exit
     Name = B#backup_args.name,
@@ -829,7 +829,7 @@ handle_last(Pid, _Acc) ->
     exit(normal).
 
 iterate(B, Name, Tab, Pid, Source, Age, Pass, Acc) ->
-    Fun = 
+    Fun =
 	if
 	    Pid == self() ->
 		RecName = val({Tab, record_name}),
@@ -874,7 +874,7 @@ tab_receiver(Pid, B, Tab, RecName, Slot) ->
 	    Recs2 = rec_filter(B, Tab, RecName, Recs),
 	    B2 = safe_write(B, Recs2),
 	    tab_receiver(Pid, B2, Tab, RecName, Next);
-	
+
 	{Pid, {last, {ok,_}}} ->
 	    B;
 
@@ -885,7 +885,7 @@ tab_receiver(Pid, B, Tab, RecName, Slot) ->
 	    Reason = {error, {"Tab copier crashed", {'EXIT', R}}},
 	    abort_write(B, {?MODULE, remote_tab_sender}, [self(), B, Tab], Reason);
 	Msg ->
-	    R = {error, {"Tab receiver got unexpected msg", Msg}}, 
+	    R = {error, {"Tab receiver got unexpected msg", Msg}},
 	    abort_write(B, {?MODULE, remote_tab_sender}, [self(), B, Tab], R)
     end.
 
@@ -910,9 +910,9 @@ ets2dcd(Tab, Ftype) ->
 	case Ftype of
 	    dcd -> mnesia_lib:tab2dcd(Tab);
 	    dmp -> mnesia_lib:tab2dmp(Tab)
-	end,    
+	end,
     TmpF = mnesia_lib:tab2tmp(Tab),
-    file:delete(TmpF),    
+    file:delete(TmpF),
     Log  = open_log({Tab, ets2dcd}, dcd_log_header(), TmpF, false),
     mnesia_lib:db_fixtable(ram_copies, Tab, true),
     ok   = ets2dcd(mnesia_lib:db_init_chunk(ram_copies, Tab, 1000), Tab, Log),
@@ -926,8 +926,8 @@ ets2dcd(Tab, Ftype) ->
 
 ets2dcd('$end_of_table', _Tab, _Log) ->
     ok;
-ets2dcd({Recs, Cont}, Tab, Log) -> 
-    ok = disk_log:alog_terms(Log, Recs),     
+ets2dcd({Recs, Cont}, Tab, Log) ->
+    ok = disk_log:log_terms(Log, Recs),
     ets2dcd(mnesia_lib:db_chunk(ram_copies, Cont), Tab, Log).
 
 dcd2ets(Tab) ->
@@ -937,12 +937,12 @@ dcd2ets(Tab, Rep) ->
     Dcd = mnesia_lib:tab2dcd(Tab),
     case mnesia_lib:exists(Dcd) of
 	true ->
-	    Log = open_log({Tab, dcd2ets}, dcd_log_header(), Dcd, 
+	    Log = open_log({Tab, dcd2ets}, dcd_log_header(), Dcd,
 			   true, Rep, read_only),
 	    Data = chunk_log(Log, start),
 	    ok = insert_dcdchunk(Data, Log, Tab),
 	    close_log(Log),
-	    load_dcl(Tab, Rep); 
+	    load_dcl(Tab, Rep);
 	false -> %% Handle old dets files, and conversion from disc_only to disc.
 	    Fname = mnesia_lib:tab2dat(Tab),
 	    Type = val({Tab, setorbag}),
@@ -956,13 +956,13 @@ dcd2ets(Tab, Rep) ->
 	    end
     end.
 
-insert_dcdchunk({Cont, [LogH | Rest]}, Log, Tab) 
-  when is_record(LogH, log_header),  
-       LogH#log_header.log_kind == dcd_log, 
-       LogH#log_header.log_version >= "1.0" ->    
-    insert_dcdchunk({Cont, Rest}, Log, Tab);   
+insert_dcdchunk({Cont, [LogH | Rest]}, Log, Tab)
+  when is_record(LogH, log_header),
+       LogH#log_header.log_kind == dcd_log,
+       LogH#log_header.log_version >= "1.0" ->
+    insert_dcdchunk({Cont, Rest}, Log, Tab);
 
-insert_dcdchunk({Cont, Recs}, Log, Tab) ->     
+insert_dcdchunk({Cont, Recs}, Log, Tab) ->
     true = ets:insert(Tab, Recs),
     insert_dcdchunk(chunk_log(Log, Cont), Log, Tab);
 insert_dcdchunk(eof, _Log, _Tab) ->
@@ -971,13 +971,13 @@ insert_dcdchunk(eof, _Log, _Tab) ->
 load_dcl(Tab, Rep) ->
     FName = mnesia_lib:tab2dcl(Tab),
     case mnesia_lib:exists(FName) of
-	true -> 	    
+	true ->
 	    Name = {load_dcl,Tab},
-	    open_log(Name, 
-		     dcl_log_header(), 
-		     FName, 
+	    open_log(Name,
+		     dcl_log_header(),
+		     FName,
 		     true,
-		     Rep, 
+		     Rep,
 		     read_only),
 	    FirstChunk = chunk_log(Name, start),
             N = insert_logchunk(FirstChunk, Name, 0),
@@ -1015,10 +1015,10 @@ add_recs([{{Tab, Key}, Val, update_counter} | Rest], N) ->
 	    true = ets:insert(Tab, Zero)
     end,
     add_recs(Rest, N+1);
-add_recs([LogH|Rest], N) 
-  when is_record(LogH, log_header),  
-       LogH#log_header.log_kind == dcl_log, 
-       LogH#log_header.log_version >= "1.0" ->    
+add_recs([LogH|Rest], N)
+  when is_record(LogH, log_header),
+       LogH#log_header.log_kind == dcl_log,
+       LogH#log_header.log_version >= "1.0" ->
     add_recs(Rest, N);
 add_recs([{{Tab, _Key}, _Val, clear_table} | Rest], N) ->
     Size = ets:info(Tab, size),
diff --git a/lib/mnesia/src/mnesia_monitor.erl b/lib/mnesia/src/mnesia_monitor.erl
index 8cb2e92c08..c08bbc879f 100644
--- a/lib/mnesia/src/mnesia_monitor.erl
+++ b/lib/mnesia/src/mnesia_monitor.erl
@@ -80,9 +80,9 @@
 		going_down = [], tm_started = false, early_connects = [],
 		connecting, mq = []}).
 
--define(current_protocol_version,  {8,0}).
+-define(current_protocol_version,  {8,1}).
 
--define(previous_protocol_version, {7,6}).
+-define(previous_protocol_version, {8,0}).
 
 start() ->
     gen_server:start_link({local, ?MODULE}, ?MODULE,
@@ -188,7 +188,7 @@ protocol_version() ->
 %% A sorted list of acceptable protocols the
 %% preferred protocols are first in the list
 acceptable_protocol_versions() ->
-    [protocol_version(), ?previous_protocol_version].
+    [protocol_version(), ?previous_protocol_version, {7,6}].
 
 needs_protocol_conversion(Node) ->
     case {?catch_val({protocol, Node}), protocol_version()} of
@@ -417,6 +417,8 @@ handle_call({negotiate_protocol, Mon, Version, Protocols}, From, State)
 	    case hd(Protocols) of
 		?previous_protocol_version ->
 		    accept_protocol(Mon, MyVersion, ?previous_protocol_version, From, State);
+		{7,6} ->
+		    accept_protocol(Mon, MyVersion, {7,6}, From, State);
 		_ ->
 		    verbose("Connection with ~p rejected. "
 			    "version = ~p, protocols = ~p, "
diff --git a/lib/mnesia/src/mnesia_schema.erl b/lib/mnesia/src/mnesia_schema.erl
index 179e15197e..6e43052fb0 100644
--- a/lib/mnesia/src/mnesia_schema.erl
+++ b/lib/mnesia/src/mnesia_schema.erl
@@ -188,6 +188,7 @@ do_set_schema(Tab, Cs) ->
     [set({Tab, user_property, element(1, P)}, P) || P <- Cs#cstruct.user_properties],
     set({Tab, frag_properties}, Cs#cstruct.frag_properties),
     mnesia_frag:set_frag_hash(Tab, Cs#cstruct.frag_properties),
+    set({Tab, storage_properties}, Cs#cstruct.storage_properties),
     set({Tab, attributes}, Cs#cstruct.attributes),
     Arity = length(Cs#cstruct.attributes) + 1,
     set({Tab, arity}, Arity),
@@ -644,6 +645,14 @@ cs2list(Cs) when is_record(Cs, cstruct) ->
     rec2list(Tags, Tags, 2, Cs);
 cs2list(CreateList) when is_list(CreateList) ->
     CreateList;
+%% 4.6
+cs2list(Cs) when element(1, Cs) == cstruct, tuple_size(Cs) == 19 ->
+    Tags = [name,type,ram_copies,disc_copies,disc_only_copies,
+	    load_order,access_mode,majority,index,snmp,local_content,
+	    record_name,attributes,
+	    user_properties,frag_properties,storage_properties,
+	    cookie,version],
+    rec2list(Tags, Tags, 2, Cs);
 %% 4.4.19
 cs2list(Cs) when element(1, Cs) == cstruct, tuple_size(Cs) == 18 ->
     Tags = [name,type,ram_copies,disc_copies,disc_only_copies,
@@ -674,8 +683,17 @@ cs2list(ver4_4_19, Cs) ->
 	    load_order,access_mode,majority,index,snmp,local_content,
 	    record_name,attributes,user_properties,frag_properties,
 	    cookie,version],
+    rec2list(Tags, Orig, 2, Cs);
+cs2list(ver4_6, Cs) ->
+    Orig = record_info(fields, cstruct),
+    Tags = [name,type,ram_copies,disc_copies,disc_only_copies,
+	    load_order,access_mode,majority,index,snmp,local_content,
+	    record_name,attributes,
+	    user_properties,frag_properties,storage_properties,
+	    cookie,version],
     rec2list(Tags, Orig, 2, Cs).
 
+
 rec2list([Tag | Tags], [Tag | Orig], Pos, Rec) ->
     Val = element(Pos, Rec),
     [{Tag, Val} | rec2list(Tags, Orig, Pos + 1, Rec)];
@@ -728,6 +746,29 @@ list2cs(List) when is_list(List) ->
     Frag = pick(Name, frag_properties, List, []),
     verify({alt, [nil, list]}, mnesia_lib:etype(Frag),
 	   {badarg, Name, {frag_properties, Frag}}),
+
+    BEProps = pick(Name, storage_properties, List, []),
+    verify({alt, [nil, list]}, mnesia_lib:etype(Ix),
+	   {badarg, Name, {storage_properties, BEProps}}),
+    CheckProp = fun(Opt, Opts) when is_atom(Opt) ->
+			lists:member(Opt, Opts)
+			    andalso mnesia:abort({badarg, Name, Opt});
+		   (Tuple, Opts) when is_tuple(Tuple) ->
+			lists:member(element(1,Tuple), Opts)
+			    andalso mnesia:abort({badarg, Name, Tuple});
+		   (What,_) ->
+			mnesia:abort({badarg, Name, What})
+		end,
+    BadEtsOpts = [set, ordered_set, bag, duplicate_bag,
+		  public, private, protected,
+		  keypos, named_table],
+    EtsOpts = proplists:get_value(ets, BEProps, []),
+    is_list(EtsOpts) orelse mnesia:abort({badarg, Name, {ets, EtsOpts}}),
+    [CheckProp(Prop, BadEtsOpts) || Prop <- EtsOpts],
+    BadDetsOpts = [type, keypos, repair, access, file],
+    DetsOpts = proplists:get_value(dets, BEProps, []),
+    is_list(DetsOpts) orelse mnesia:abort({badarg, Name, {dets, DetsOpts}}),
+    [CheckProp(Prop, BadDetsOpts) || Prop <- DetsOpts],
     #cstruct{name = Name,
              ram_copies = Rc,
              disc_copies = Dc,
@@ -743,6 +784,7 @@ list2cs(List) when is_list(List) ->
              attributes = Attrs,
              user_properties = lists:sort(UserProps),
 	     frag_properties = lists:sort(Frag),
+	     storage_properties = lists:sort(BEProps),
              cookie = Cookie,
              version = Version}.
 
@@ -1881,18 +1923,18 @@ prepare_op(Tid, {op, create_table, TabDef}, _WaitFor) ->
             mnesia:abort(UseDirReason);
 	ram_copies ->
 	    mnesia_lib:set({Tab, create_table},true),
-	    create_ram_table(Tab, Cs#cstruct.type),
+	    create_ram_table(Tab, Cs),
 	    insert_cstruct(Tid, Cs, false),
 	    {true, optional};
 	disc_copies ->
 	    mnesia_lib:set({Tab, create_table},true),
-	    create_ram_table(Tab, Cs#cstruct.type),
+	    create_ram_table(Tab, Cs),
 	    create_disc_table(Tab),
 	    insert_cstruct(Tid, Cs, false),
 	    {true, optional};
 	disc_only_copies ->
 	    mnesia_lib:set({Tab, create_table},true),
-	    create_disc_only_table(Tab,Cs#cstruct.type),
+	    create_disc_only_table(Tab,Cs),
 	    insert_cstruct(Tid, Cs, false),
 	    {true, optional};
         unknown -> %% No replica on this node
@@ -2044,7 +2086,7 @@ prepare_op(_Tid, {op, change_table_copy_type,  N, FromS, ToS, TabDef}, _WaitFor)
 	    mnesia_dumper:raw_named_dump_table(Tab, dmp);
 	FromS == disc_only_copies ->
 	    Type = Cs#cstruct.type,
-	    create_ram_table(Tab, Type),
+	    create_ram_table(Tab, Cs),
 	    Datname = mnesia_lib:tab2dat(Tab),
 	    Repair = mnesia_monitor:get_env(auto_repair),
 	    case mnesia_lib:dets_to_ets(Tab, Tab, Datname, Type, Repair, no) of
@@ -2132,8 +2174,9 @@ prepare_op(_Tid, {op, merge_schema, TabDef}, _WaitFor) ->
 prepare_op(_Tid, _Op, _WaitFor) ->
     {true, optional}.
 
-create_ram_table(Tab, Type) ->
-    Args = [{keypos, 2}, public, named_table, Type],
+create_ram_table(Tab, #cstruct{type=Type, storage_properties=Props}) ->
+    EtsOpts = proplists:get_value(ets, Props, []),
+    Args = [{keypos, 2}, public, named_table, Type | EtsOpts],
     case mnesia_monitor:unsafe_mktab(Tab, Args) of
 	Tab ->
 	    ok;
@@ -2141,6 +2184,7 @@ create_ram_table(Tab, Type) ->
 	    Err = "Failed to create ets table",
 	    mnesia:abort({system_limit, Tab, {Err,Reason}})
     end.
+
 create_disc_table(Tab) ->
     File = mnesia_lib:tab2dcd(Tab),
     file:delete(File),
@@ -2154,13 +2198,15 @@ create_disc_table(Tab) ->
 	    Err = "Failed to create disc table",
 	    mnesia:abort({system_limit, Tab, {Err,Reason}})
     end.
-create_disc_only_table(Tab,Type) ->
+create_disc_only_table(Tab, #cstruct{type=Type, storage_properties=Props}) ->
     File = mnesia_lib:tab2dat(Tab),
     file:delete(File),
+    DetsOpts = proplists:get_value(dets, Props, []),
     Args = [{file, mnesia_lib:tab2dat(Tab)},
 	    {type, mnesia_lib:disk_type(Tab, Type)},
 	    {keypos, 2},
-	    {repair, mnesia_monitor:get_env(auto_repair)}],
+	    {repair, mnesia_monitor:get_env(auto_repair)}
+	    | DetsOpts],
     case mnesia_monitor:unsafe_open_dets(Tab, Args) of
 	{ok, _} ->
 	    ok;
@@ -2688,17 +2734,17 @@ restore_schema([{schema, Tab, List} | Schema], R) ->
 	    R2 = R#r{tables = [{Tab, undefined, Snmp, RecName} | R#r.tables]},
 	    restore_schema(Schema, R2);
 	recreate_tables ->
-	    case ?catch_val({Tab, cstruct}) of
-		{'EXIT', _} ->
-		    TidTs = {_Mod, Tid, Ts} = get(mnesia_activity_state),
-		    RunningNodes = val({current, db_nodes}),
-		    Nodes = mnesia_lib:intersect(mnesia_lib:cs_to_nodes(list2cs(List)),
-						 RunningNodes),
-		    mnesia_locker:wlock_no_exist(Tid, Ts#tidstore.store, Tab, Nodes),
-		    TidTs;
-		_ ->
-		    TidTs = get_tid_ts_and_lock(Tab, write)
-	    end,
+	    TidTs = case ?catch_val({Tab, cstruct}) of
+			{'EXIT', _} ->
+			    TTs = {_Mod, Tid, Ts} = get(mnesia_activity_state),
+			    RunningNodes = val({current, db_nodes}),
+			    Nodes = mnesia_lib:intersect(mnesia_lib:cs_to_nodes(list2cs(List)),
+							 RunningNodes),
+			    mnesia_locker:wlock_no_exist(Tid, Ts#tidstore.store, Tab, Nodes),
+			    TTs;
+			_ ->
+			    get_tid_ts_and_lock(Tab, write)
+		    end,
 	    NC    = {cookie, ?unique_cookie},
 	    List2 = lists:keyreplace(cookie, 1, List, NC),
 	    Where = where_to_commit(Tab, List2),
@@ -2839,15 +2885,15 @@ do_merge_schema(LockTabs0) ->
     end.
 
 fetch_cstructs(Node) ->
-    case mnesia_monitor:needs_protocol_conversion(Node) of
-	true ->
+    case need_old_cstructs([Node]) of
+	false ->
+	    rpc:call(Node, mnesia_controller, get_remote_cstructs, []);
+	_Ver ->
 	    case rpc:call(Node, mnesia_controller, get_cstructs, []) of
 		{cstructs, Cs0, RR} ->
 		    {cstructs, [list2cs(cs2list(Cs)) || Cs <- Cs0], RR};
 		Err -> Err
-	    end;
-	false ->
-	    rpc:call(Node, mnesia_controller, get_remote_cstructs, [])
+	    end
     end.
 
 need_old_cstructs() ->
@@ -2868,7 +2914,9 @@ need_old_cstructs(Nodes) ->
 		Cs when element(1, Cs) == cstruct, tuple_size(Cs) == 17 ->
 		    ver4_4_18;			% Without majority
 		Cs when element(1, Cs) == cstruct, tuple_size(Cs) == 18 ->
-		    ver4_4_19			% With majority
+		    ver4_4_19;			% With majority
+		Cs when element(1, Cs) == cstruct, tuple_size(Cs) == 19 ->
+		    ver4_6			% With storage_properties
 	    end
     end.
 
diff --git a/lib/mnesia/src/mnesia_tm.erl b/lib/mnesia/src/mnesia_tm.erl
index f62f7cb7c8..0af7f55c06 100644
--- a/lib/mnesia/src/mnesia_tm.erl
+++ b/lib/mnesia/src/mnesia_tm.erl
@@ -36,7 +36,7 @@
 	 prepare_checkpoint/2,
 	 prepare_checkpoint/1, % Internal
 	 prepare_snmp/3,
-	 do_snmp/2,	 
+	 do_snmp/2,
 	 put_activity_id/1,
 	 put_activity_id/2,
 	 block_tab/1,
@@ -68,7 +68,7 @@
 	       majority = []
 	      }).
 
--record(participant, {tid, pid, commit, disc_nodes = [], 
+-record(participant, {tid, pid, commit, disc_nodes = [],
 		      ram_nodes = [], protocol = sym_trans}).
 
 start() ->
@@ -77,12 +77,12 @@ start() ->
 init(Parent) ->
     register(?MODULE, self()),
     process_flag(trap_exit, true),
-    
+
     %% Initialize the schema
     IgnoreFallback = mnesia_monitor:get_env(ignore_fallback_at_startup),
     mnesia_bup:tm_fallback_start(IgnoreFallback),
     mnesia_schema:init(IgnoreFallback),
-    
+
     %% Handshake and initialize transaction recovery
     mnesia_recover:init(),
     Early = mnesia_monitor:init(),
@@ -101,11 +101,11 @@ init(Parent) ->
 	false ->
 	    ignore
     end,
-    
+
     mnesia_schema:purge_tmp_files(),
     mnesia_recover:start_garb(),
-    
-    ?eval_debug_fun({?MODULE, init},  [{nodes, AllOthers}]),		   
+
+    ?eval_debug_fun({?MODULE, init},  [{nodes, AllOthers}]),
 
     case val(debug) of
 	Debug when Debug /= debug, Debug /= trace ->
@@ -118,8 +118,8 @@ init(Parent) ->
 
 val(Var) ->
     case ?catch_val(Var) of
-	{'EXIT', _ReASoN_} -> mnesia_lib:other_val(Var, _ReASoN_); 
-	_VaLuE_ -> _VaLuE_ 
+	{'EXIT', _ReASoN_} -> mnesia_lib:other_val(Var, _ReASoN_);
+	_VaLuE_ -> _VaLuE_
     end.
 
 reply({From,Ref}, R) ->
@@ -136,7 +136,7 @@ req(R) ->
 	undefined ->
 	    {error, {node_not_running, node()}};
 	Pid ->
-	    Ref = make_ref(), 
+	    Ref = make_ref(),
 	    Pid ! {{self(), Ref}, R},
 	    rec(Pid, Ref)
     end.
@@ -161,7 +161,7 @@ rec(Pid, Ref) ->
 	    Reply;
 	{'EXIT', Pid, _} ->
 	    {error, {node_not_running, node()}}
-    end.   
+    end.
 
 tmlink({From, Ref}) when is_reference(Ref) ->
     link(From);
@@ -209,7 +209,7 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 		    State2 = State#state{dirty_queue = [Item | State#state.dirty_queue]},
 		    doit_loop(State2)
 	    end;
-	
+
 	{From, {sync_dirty, Tid, Commit, Tab}} ->
 	    case lists:member(Tab, State#state.blocked_tabs) of
 		false ->
@@ -220,7 +220,7 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 		    State2 = State#state{dirty_queue = [Item | State#state.dirty_queue]},
 		    doit_loop(State2)
 	    end;
-	
+
 	{From, start_outer} -> %% Create and associate ets_tab with Tid
 	    case catch ?ets_new_table(mnesia_trans_store, [bag, public]) of
 		{'EXIT', Reason} -> %% system limit
@@ -236,16 +236,16 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 		    S2 = State#state{coordinators = A2},
 		    reply(From, {new_tid, Tid, Etab}, S2)
 	    end;
-	
+
 	{From, {ask_commit, Protocol, Tid, Commit, DiscNs, RamNs}} ->
-	    ?eval_debug_fun({?MODULE, doit_ask_commit}, 
+	    ?eval_debug_fun({?MODULE, doit_ask_commit},
 			    [{tid, Tid}, {prot, Protocol}]),
 	    mnesia_checkpoint:tm_enter_pending(Tid, DiscNs, RamNs),
-	    Pid = 
+	    Pid =
 		case Protocol of
 		    asym_trans when node(Tid#tid.pid) /= node() ->
 			Args = [tmpid(From), Tid, Commit, DiscNs, RamNs],
-			spawn_link(?MODULE, commit_participant, Args);		
+			spawn_link(?MODULE, commit_participant, Args);
 		    _ when node(Tid#tid.pid) /= node() -> %% *_sym_trans
 			reply(From, {vote_yes, Tid}),
 			nopid
@@ -258,7 +258,7 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 			     protocol = Protocol},
 	    State2 = State#state{participants = gb_trees:insert(Tid,P,Participants)},
 	    doit_loop(State2);
-	
+
 	{Tid, do_commit} ->
 	    case gb_trees:lookup(Tid, Participants) of
 		none ->
@@ -272,14 +272,14 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 			    Member = lists:member(node(), P#participant.disc_nodes),
 			    if Member == false ->
 				    ignore;
-			       P#participant.protocol == sym_trans -> 
+			       P#participant.protocol == sym_trans ->
 				    mnesia_log:log(Commit);
-			       P#participant.protocol == sync_sym_trans -> 
+			       P#participant.protocol == sync_sym_trans ->
 				    mnesia_log:slog(Commit)
 			    end,
 			    mnesia_recover:note_decision(Tid, committed),
 			    do_commit(Tid, Commit),
-			    if 
+			    if
 				P#participant.protocol == sync_sym_trans ->
 				    Tid#tid.pid ! {?MODULE, node(), {committed, Tid}};
 				true ->
@@ -296,13 +296,13 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 			    doit_loop(State)
 		    end
 	    end;
-	
+
 	{Tid, simple_commit} ->
 	    mnesia_recover:note_decision(Tid, committed),
 	    mnesia_locker:release_tid(Tid),
 	    transaction_terminated(Tid),
 	    doit_loop(State);
-	
+
 	{Tid, {do_abort, Reason}} ->
 	    ?eval_debug_fun({?MODULE, do_abort, pre}, [{tid, Tid}]),
 	    case gb_trees:lookup(Tid, Participants) of
@@ -317,7 +317,7 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 			    Commit = P#participant.commit,
 			    mnesia_recover:note_decision(Tid, aborted),
 			    do_abort(Tid, Commit),
-			    if 
+			    if
 				P#participant.protocol == sync_sym_trans ->
 				    Tid#tid.pid ! {?MODULE, node(), {aborted, Tid}};
 				true ->
@@ -335,7 +335,7 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 			    doit_loop(State)
 		    end
 	    end;
-	
+
 	{From, {add_store, Tid}} -> %% new store for nested  transaction
 	    case catch ?ets_new_table(mnesia_trans_store, [bag, public]) of
 		{'EXIT', Reason} -> %% system limit
@@ -355,14 +355,14 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 
 	{'EXIT', Pid, Reason} ->
 	    handle_exit(Pid, Reason, State);
-	
+
 	{From, {restart, Tid, Store}} ->
 	    A2 = restore_stores(Coordinators, Tid, Store),
 	    clear_fixtable([Store]),
 	    ?ets_match_delete(Store, '_'),
 	    ?ets_insert(Store, {nodes, node()}),
 	    reply(From, {restarted, Tid}, State#state{coordinators = A2});
-	
+
 	{delete_transaction, Tid} ->
 	    %% used to clear transactions which are committed
 	    %% in coordinator or participant processes
@@ -377,7 +377,7 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 			    clear_fixtable(Etabs),
 			    erase_ets_tabs(Etabs),
 			    transaction_terminated(Tid),
-			    doit_loop(State#state{coordinators = 
+			    doit_loop(State#state{coordinators =
 						  gb_trees:delete(Tid,Coordinators)})
 		    end;
 		true ->
@@ -385,20 +385,20 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 		    State2 = State#state{participants=gb_trees:delete(Tid,Participants)},
 		    doit_loop(State2)
 	    end;
-	
+
 	{sync_trans_serial, Tid} ->
 	    %% Do the Lamport thing here
 	    mnesia_recover:sync_trans_tid_serial(Tid),
 	    doit_loop(State);
-	    
+
 	{From, info} ->
-	    reply(From, {info, gb_trees:values(Participants), 
+	    reply(From, {info, gb_trees:values(Participants),
 			 gb_trees:to_list(Coordinators)}, State);
-	
+
 	{mnesia_down, N} ->
 	    verbose("Got mnesia_down from ~p, reconfiguring...~n", [N]),
 	    reconfigure_coordinators(N, gb_trees:to_list(Coordinators)),
-	    
+
 	    Tids = gb_trees:keys(Participants),
 	    reconfigure_participants(N, gb_trees:values(Participants)),
 	    NewState = clear_fixtable(N, State),
@@ -408,34 +408,34 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 	{From, {unblock_me, Tab}} ->
 	    case lists:member(Tab, State#state.blocked_tabs) of
 		false ->
-		    verbose("Wrong dirty Op blocked on ~p ~p ~p", 
+		    verbose("Wrong dirty Op blocked on ~p ~p ~p",
 			    [node(), Tab, From]),
 		    reply(From, unblocked),
 		    doit_loop(State);
 		true ->
-		    Item = {Tab, unblock_me, From}, 
+		    Item = {Tab, unblock_me, From},
 		    State2 = State#state{dirty_queue = [Item | State#state.dirty_queue]},
 		    doit_loop(State2)
-	    end;	    
-	
+	    end;
+
 	{From, {block_tab, Tab}} ->
 	    State2 = State#state{blocked_tabs = [Tab | State#state.blocked_tabs]},
 	    reply(From, ok, State2);
-	
+
 	{From, {unblock_tab, Tab}} ->
 	    BlockedTabs2 = State#state.blocked_tabs -- [Tab],
 	    case lists:member(Tab, BlockedTabs2) of
 		false ->
 		    mnesia_controller:unblock_table(Tab),
 		    Queue = process_dirty_queue(Tab, State#state.dirty_queue),
-		    State2 = State#state{blocked_tabs = BlockedTabs2, 
+		    State2 = State#state{blocked_tabs = BlockedTabs2,
 					 dirty_queue = Queue},
 		    reply(From, ok, State2);
 		true ->
 		    State2 = State#state{blocked_tabs = BlockedTabs2},
 		    reply(From, ok, State2)
 	    end;
-	
+
 	{From, {prepare_checkpoint, Cp}} ->
 	    Res = mnesia_checkpoint:tm_prepare(Cp),
 	    case Res of
@@ -448,18 +448,18 @@ doit_loop(#state{coordinators=Coordinators,participants=Participants,supervisor=
 	    reply(From, Res, State);
 	{From, {fixtable, [Tab,Lock,Requester]}} ->
 	    case ?catch_val({Tab, storage_type}) of
-		{'EXIT', _} -> 
+		{'EXIT', _} ->
 		    reply(From, error, State);
 		Storage ->
 		    mnesia_lib:db_fixtable(Storage,Tab,Lock),
 		    NewState = manage_fixtable(Tab,Lock,Requester,State),
 		    reply(From, node(), NewState)
 	    end;
-	
+
 	{system, From, Msg} ->
 	    dbg_out("~p got {system, ~p, ~p}~n", [?MODULE, From, Msg]),
 	    sys:handle_system_msg(Msg, From, Sup, ?MODULE, [], State);
-	
+
 	Msg ->
 	    verbose("** ERROR ** ~p got unexpected message: ~p~n", [?MODULE, Msg]),
 	    doit_loop(State)
@@ -508,7 +508,7 @@ prepare_pending_coordinators([{Tid, [Store | _Etabs]} | Coords], IgnoreNew) ->
 		    ignore
 	    end,
 	    prepare_pending_coordinators(Coords, IgnoreNew);
-	{'EXIT', _} -> 
+	{'EXIT', _} ->
 	    prepare_pending_coordinators(Coords, IgnoreNew)
     end;
 prepare_pending_coordinators([], _IgnoreNew) ->
@@ -538,7 +538,7 @@ handle_exit(Pid, _Reason, State) when Pid == State#state.supervisor ->
 
 handle_exit(Pid, Reason, State) ->
     %% Check if it is a coordinator
-    case pid_search_delete(Pid, gb_trees:to_list(State#state.coordinators)) of 
+    case pid_search_delete(Pid, gb_trees:to_list(State#state.coordinators)) of
 	{none, _} ->
 	    %% Check if it is a participant
 	    Ps = gb_trees:values(State#state.participants),
@@ -552,9 +552,9 @@ handle_exit(Pid, Reason, State) ->
 		    NewPs = gb_trees:delete(P#participant.tid,State#state.participants),
 		    doit_loop(State#state{participants = NewPs})
 	    end;
-	
+
 	{{Tid, Etabs}, RestC} ->
-	    %% A local coordinator has died and 
+	    %% A local coordinator has died and
 	    %% we must determine the outcome of the
 	    %% transaction and tell mnesia_tm on the
 	    %% other nodes about it and then recover
@@ -578,7 +578,7 @@ recover_coordinator(Tid, Etabs) ->
 	    %% Tell the participants about the outcome
 	    Protocol = Prep#prep.protocol,
 	    Outcome = tell_outcome(Tid, Protocol, node(), CheckNodes, TellNodes),
-	    
+
 	    %% Recover locally
 	    CR = Prep#prep.records,
 	    {DiscNs, RamNs} = commit_nodes(CR, [], []),
@@ -589,7 +589,7 @@ recover_coordinator(Tid, Etabs) ->
 		    recover_coordinator(Tid, Protocol, Outcome, Local, DiscNs, RamNs),
 		    ?eval_debug_fun({?MODULE, recover_coordinator, post},
 				    [{tid, Tid}, {outcome, Outcome}, {prot, Protocol}]);
-		false ->  %% When killed before store havn't been copied to 
+		false ->  %% When killed before store havn't been copied to
 		    ok    %% to the new nested trans store.
 	    end
     end,
@@ -610,12 +610,12 @@ recover_coordinator(Tid, sync_sym_trans, aborted, _Local, _, _) ->
 
 recover_coordinator(Tid, asym_trans, committed, Local, DiscNs, RamNs) ->
     D = #decision{tid = Tid, outcome = committed,
-		  disc_nodes = DiscNs, ram_nodes = RamNs},		
+		  disc_nodes = DiscNs, ram_nodes = RamNs},
     mnesia_recover:log_decision(D),
     do_commit(Tid, Local);
 recover_coordinator(Tid, asym_trans, aborted, Local, DiscNs, RamNs) ->
     D = #decision{tid = Tid, outcome = aborted,
- 		  disc_nodes = DiscNs, ram_nodes = RamNs},		
+		  disc_nodes = DiscNs, ram_nodes = RamNs},
     mnesia_recover:log_decision(D),
     do_abort(Tid, Local).
 
@@ -631,7 +631,7 @@ add_coord_store(Coords, Tid, Etab) ->
 
 del_coord_store(Coords, Tid, Current, Obsolete) ->
     Stores = gb_trees:get(Tid, Coords),
-    Rest = 
+    Rest =
     	case Stores of
     	    [Obsolete, Current | Tail] -> Tail;
     	    [Current, Obsolete | Tail] -> Tail
@@ -642,14 +642,14 @@ del_coord_store(Coords, Tid, Current, Obsolete) ->
 erase_ets_tabs([H | T]) ->
     ?ets_delete_table(H),
     erase_ets_tabs(T);
-erase_ets_tabs([]) -> 
+erase_ets_tabs([]) ->
     ok.
 
 %% Clear one transactions all fixtables
 clear_fixtable([Store|_]) ->
     Fixed = get_elements(fixtable, Store),
     lists:foreach(fun({Tab,Node}) ->
-			  rpc:cast(Node, ?MODULE, fixtable, [Tab,false,self()]) 
+			  rpc:cast(Node, ?MODULE, fixtable, [Tab,false,self()])
 		  end, Fixed).
 
 %% Clear all fixtable Node have done
@@ -661,7 +661,7 @@ clear_fixtable(Node, State=#state{fixed_tabs = FT0}) ->
 	    lists:foreach(
 	      fun(Tab) ->
 		      case ?catch_val({Tab, storage_type}) of
-			  {'EXIT', _} -> 
+			  {'EXIT', _} ->
 			      ignore;
 			  Storage ->
 			      mnesia_lib:db_fixtable(Storage,Tab,false)
@@ -680,9 +680,9 @@ manage_fixtable(Tab,true,Requester,State=#state{fixed_tabs = FT0}) ->
     end;
 manage_fixtable(Tab,false,Requester,State = #state{fixed_tabs = FT0}) ->
     Node = node(Requester),
-    case mnesia_lib:key_search_delete(Node, 1, FT0) of 
+    case mnesia_lib:key_search_delete(Node, 1, FT0) of
 	{none,_FT} -> State; % Hmm? Safeguard
-	{{Node, Tabs0},FT} -> 
+	{{Node, Tabs0},FT} ->
 	    case lists:delete(Tab, Tabs0) of
 		[] -> State#state{fixed_tabs=FT};
 		Tabs -> State#state{fixed_tabs=[{Node,Tabs}|FT]}
@@ -691,7 +691,7 @@ manage_fixtable(Tab,false,Requester,State = #state{fixed_tabs = FT0}) ->
 
 %% Deletes a pid from a list of participants
 %% or from a gb_trees of coordinators
-%% {none, All} or {Tr, Rest} 
+%% {none, All} or {Tr, Rest}
 pid_search_delete(Pid, Trs) ->
     pid_search_delete(Pid, Trs, none, []).
 pid_search_delete(Pid, [Tr = {Tid, _Ts} | Trs], _Val, Ack) when Tid#tid.pid == Pid ->
@@ -701,7 +701,7 @@ pid_search_delete(Pid, [Tr | Trs], Val, Ack) ->
 
 pid_search_delete(_Pid, [], Val, Ack) ->
     {Val, gb_trees:from_orddict(lists:reverse(Ack))}.
- 
+
 transaction_terminated(Tid)  ->
     mnesia_checkpoint:tm_exit_pending(Tid),
     Pid = Tid#tid.pid,
@@ -713,14 +713,14 @@ transaction_terminated(Tid)  ->
     end.
 
 %% If there are an surrounding transaction, we inherit it's context
-non_transaction(OldState={_,_,Trans}, Fun, Args, ActivityKind, Mod) 
+non_transaction(OldState={_,_,Trans}, Fun, Args, ActivityKind, Mod)
   when Trans /= non_transaction ->
-    Kind = case ActivityKind of 
+    Kind = case ActivityKind of
 	       sync_dirty -> sync;
 	       _ -> async
 	   end,
     case transaction(OldState, Fun, Args, infinity, Mod, Kind) of
-	{atomic, Res} -> 
+	{atomic, Res} ->
 	    Res;
 	{aborted,Res} ->
 	    exit(Res)
@@ -766,7 +766,7 @@ transaction(OldTidTs, Fun, Args, Retries, Mod, Type) ->
 
 execute_outer(Mod, Fun, Args, Factor, Retries, Type) ->
     case req(start_outer) of
-	{error, Reason} -> 
+	{error, Reason} ->
 	    {aborted, Reason};
 	{new_tid, Tid, Store} ->
 	    Ts = #tidstore{store = Store},
@@ -792,7 +792,7 @@ execute_inner(Mod, Tid, OldMod, Ts, Fun, Args, Factor, Retries, Type) ->
 
 copy_ets(From, To) ->
     do_copy_ets(?ets_first(From), From, To).
-do_copy_ets('$end_of_table', _,_) -> 
+do_copy_ets('$end_of_table', _,_) ->
     ok;
 do_copy_ets(K, From, To) ->
     Objs = ?ets_lookup(From, K),
@@ -813,7 +813,7 @@ execute_transaction(Fun, Args, Factor, Retries, Type) ->
 	    mnesia_lib:incr_counter(trans_commits),
 	    erase(mnesia_activity_state),
 	    %% no need to clear locks, already done by commit ...
-	    %% Flush any un processed mnesia_down messages we might have 
+	    %% Flush any un processed mnesia_down messages we might have
 	    flush_downs(),
 	    catch unlink(whereis(?MODULE)),
 	    {atomic, Value};
@@ -846,7 +846,7 @@ check_exit(Fun, Args, Factor, Retries, Reason, Type) ->
 	    maybe_restart(Fun, Args, Factor, Retries, Type, {node_not_running, N});
 	{aborted, {bad_commit, N}} ->
 	    maybe_restart(Fun, Args, Factor, Retries, Type, {bad_commit, N});
-	_ -> 
+	_ ->
 	    return_abort(Fun, Args, Reason)
     end.
 
@@ -888,11 +888,11 @@ restart(Mod, Tid, Ts, Fun, Args, Factor0, Retries0, Type, Why) ->
 	    SleepTime = mnesia_lib:random_time(Factor, Tid#tid.counter),
 	    dbg_out("Restarting transaction ~w: in ~wms ~w~n", [Tid, SleepTime, Why]),
 	    timer:sleep(SleepTime),
-	    execute_outer(Mod, Fun, Args, Factor, Retries, Type);	
+	    execute_outer(Mod, Fun, Args, Factor, Retries, Type);
 	_ ->
 	    SleepTime = mnesia_lib:random_time(Factor0, Tid#tid.counter),
 	    dbg_out("Restarting transaction ~w: in ~wms ~w~n", [Tid, SleepTime, Why]),
-	    
+
 	    if
 		Factor0 /= 10 ->
 		    ignore;
@@ -911,7 +911,7 @@ restart(Mod, Tid, Ts, Fun, Args, Factor0, Retries0, Type, Why) ->
 	    mnesia_locker:receive_release_tid_acc(Nodes, Tid),
 	    case get_restarted(Tid) of
 		{restarted, Tid} ->
-		    execute_transaction(Fun, Args, Factor0 + 1, 
+		    execute_transaction(Fun, Args, Factor0 + 1,
 					Retries, Type);
 		{error, Reason} ->
 		    mnesia:abort(Reason)
@@ -934,7 +934,7 @@ decr(_X) -> 0.
 
 return_abort(Fun, Args, Reason)  ->
     {_Mod, Tid, Ts} = get(mnesia_activity_state),
-    dbg_out("Transaction ~p calling ~p with ~p failed: ~n ~p~n", 
+    dbg_out("Transaction ~p calling ~p with ~p failed: ~n ~p~n",
 	    [Tid, Fun, Args, Reason]),
     OldStore = Ts#tidstore.store,
     Nodes = get_elements(nodes, OldStore),
@@ -945,7 +945,7 @@ return_abort(Fun, Args, Reason)  ->
 	Level == 1 ->
 	    mnesia_locker:async_release_tid(Nodes, Tid),
 	    ?MODULE ! {delete_transaction, Tid},
-	    erase(mnesia_activity_state),	    
+	    erase(mnesia_activity_state),
 	    flush_downs(),
 	    catch unlink(whereis(?MODULE)),
 	    {aborted, mnesia_lib:fix_error(Reason)};
@@ -958,14 +958,14 @@ return_abort(Fun, Args, Reason)  ->
 			      level = Level - 1},
 	    NewTidTs = {OldMod, Tid, Ts2},
 	    put(mnesia_activity_state, NewTidTs),
-	    case Reason of 
+	    case Reason of
 		#cyclic{} ->
 		    exit({aborted, Reason});
-		{node_not_running, _N} -> 
+		{node_not_running, _N} ->
 		    exit({aborted, Reason});
-		{bad_commit, _N}-> 
+		{bad_commit, _N}->
 		    exit({aborted, Reason});
-		_ -> 
+		_ ->
 		    {aborted, mnesia_lib:fix_error(Reason)}
 	    end
     end.
@@ -982,10 +982,10 @@ put_activity_id(MTT) ->
     put_activity_id(MTT, undefined).
 put_activity_id(undefined,_) ->
     erase_activity_id();
-put_activity_id({Mod, Tid = #tid{}, Ts = #tidstore{}},Fun) ->    
+put_activity_id({Mod, Tid = #tid{}, Ts = #tidstore{}},Fun) ->
     flush_downs(),
     Store = Ts#tidstore.store,
-    if 
+    if
 	is_function(Fun) ->
 	    ?ets_insert(Store, {friends, {stop,Fun}});
 	true ->
@@ -1000,14 +1000,14 @@ erase_activity_id() ->
     flush_downs(),
     erase(mnesia_activity_state).
 
-get_elements(Type,Store) ->    
+get_elements(Type,Store) ->
     case catch ?ets_lookup(Store, Type) of
 	[] -> [];
 	[{_,Val}] -> [Val];
 	{'EXIT', _} -> [];
 	Vals -> [Val|| {_,Val} <- Vals]
     end.
-    
+
 opt_propagate_store(_Current, _Obsolete, false) ->
     ok;
 opt_propagate_store(Current, Obsolete, true) ->
@@ -1030,8 +1030,8 @@ intercept_best_friend([],_) ->    ok;
 intercept_best_friend([{stop,Fun} | R],Ignore) ->
     catch Fun(),
     intercept_best_friend(R,Ignore);
-intercept_best_friend([Pid | R],false) ->    
-    Pid ! {activity_ended, undefined, self()}, 
+intercept_best_friend([Pid | R],false) ->
+    Pid ! {activity_ended, undefined, self()},
     wait_for_best_friend(Pid, 0),
     intercept_best_friend(R,true);
 intercept_best_friend([_|R],true) ->
@@ -1047,18 +1047,18 @@ wait_for_best_friend(Pid, Timeout) ->
 		false -> ok
 	    end
     end.
-    
+
 my_process_is_alive(Pid) ->
     case catch erlang:is_process_alive(Pid) of % New BIF in R5
-	true -> 
+	true ->
 	    true;
-	false -> 
+	false ->
 	    false;
-	{'EXIT', _} -> % Pre R5 backward compatibility 
+	{'EXIT', _} -> % Pre R5 backward compatibility
 	    case process_info(Pid, message_queue_len) of
 		undefined -> false;
 		_ -> true
-	    end 
+	    end
     end.
 
 dirty(Protocol, Item) ->
@@ -1070,12 +1070,12 @@ dirty(Protocol, Item) ->
 	async_dirty ->
 	    %% Send commit records to the other involved nodes,
 	    %% but do only wait for one node to complete.
-	    %% Preferrably, the local node if possible. 
-		    
+	    %% Preferrably, the local node if possible.
+
 	    ReadNode = val({Tab, where_to_read}),
 	    {WaitFor, FirstRes} = async_send_dirty(Tid, CR, Tab, ReadNode),
 	    rec_dirty(WaitFor, FirstRes);
-		
+
 	sync_dirty ->
 	    %% Send commit records to the other involved nodes,
 	    %% and wait for all nodes to complete
@@ -1097,7 +1097,7 @@ t_commit(Type) ->
     if
 	Ts#tidstore.level == 1 ->
 	    intercept_friends(Tid, Ts),
-	    %% N is number of updates 
+	    %% N is number of updates
 	    case arrange(Tid, Store, Type) of
 		{N, Prep} when N > 0 ->
 		    multi_commit(Prep#prep.protocol,
@@ -1135,8 +1135,8 @@ arrange(Tid, Store, Type) ->
     Recs = prep_recs(Nodes, []),
     Key = ?ets_first(Store),
     N = 0,
-    Prep = 
-	case Type of 
+    Prep =
+	case Type of
 	    async -> #prep{protocol = sym_trans, records = Recs};
 	    sync -> #prep{protocol = sync_sym_trans, records = Recs}
 	end,
@@ -1146,7 +1146,7 @@ arrange(Tid, Store, Type) ->
 	    case Reason of
 		{aborted, R} ->
 		    mnesia:abort(R);
-		_ -> 
+		_ ->
 		    mnesia:abort(Reason)
 	    end;
 	{New, Prepared} ->
@@ -1155,7 +1155,7 @@ arrange(Tid, Store, Type) ->
 
 reverse([]) ->
     [];
-reverse([H=#commit{ram_copies=Ram, disc_copies=DC, 
+reverse([H=#commit{ram_copies=Ram, disc_copies=DC,
 		   disc_only_copies=DOC,snmp = Snmp}
 	 |R]) ->
     [
@@ -1164,7 +1164,7 @@ reverse([H=#commit{ram_copies=Ram, disc_copies=DC,
        disc_copies      =  lists:reverse(DC),
        disc_only_copies =  lists:reverse(DOC),
        snmp             = lists:reverse(Snmp)
-      }  
+      }
      | reverse(R)].
 
 prep_recs([N | Nodes], Recs) ->
@@ -1191,7 +1191,7 @@ do_arrange(Tid, Store, RestoreKey, Prep, N) when RestoreKey == restore_op ->
 	     (BupRec, CommitRecs, RecName, Where, Snmp) ->
 		  Tab = element(1, BupRec),
 		  Key = element(2, BupRec),
-		  Item = 
+		  Item =
 		      if
 			  Tab == RecName ->
 			      [{{Tab, Key}, BupRec, write}];
@@ -1200,7 +1200,7 @@ do_arrange(Tid, Store, RestoreKey, Prep, N) when RestoreKey == restore_op ->
 			      [{{Tab, Key}, BupRec2, write}]
 		      end,
 		  do_prepare_items(Tid, Tab, Key, Where, Snmp, Item, CommitRecs)
-	  end,	  
+	  end,
     Recs2 = mnesia_schema:arrange_restore(R, Fun, Prep#prep.records),
     P2 = Prep#prep{protocol = asym_trans, records = Recs2},
     do_arrange(Tid, Store, ?ets_next(Store, RestoreKey), P2, N + 1);
@@ -1222,20 +1222,20 @@ prepare_items(Tid, Tab, Key, Items, Prep) when Prep#prep.prev_tab == Tab ->
     Recs = Prep#prep.records,
     Recs2 = do_prepare_items(Tid, Tab, Key, Types, Snmp, Items, Recs),
     Prep#prep{records = Recs2};
-    
+
 prepare_items(Tid, Tab, Key, Items, Prep) ->
     Types = val({Tab, where_to_commit}),
     case Types of
 	[] -> mnesia:abort({no_exists, Tab});
-	{blocked, _} -> 
+	{blocked, _} ->
 	    unblocked = req({unblock_me, Tab}),
 	    prepare_items(Tid, Tab, Key, Items, Prep);
 	_ ->
 	    Majority = needs_majority(Tab, Prep),
 	    Snmp = val({Tab, snmp}),
-	    Recs2 = do_prepare_items(Tid, Tab, Key, Types, 
+	    Recs2 = do_prepare_items(Tid, Tab, Key, Types,
 				     Snmp, Items, Prep#prep.records),
-	    Prep2 = Prep#prep{records = Recs2, prev_tab = Tab, 
+	    Prep2 = Prep#prep{records = Recs2, prev_tab = Tab,
 			      majority = Majority,
 			      prev_types = Types, prev_snmp = Snmp},
 	    check_prep(Prep2, Types)
@@ -1273,7 +1273,7 @@ have_majority([{Tab, AllNodes} | Rest], Nodes) ->
     end.
 
 prepare_snmp(Tab, Key, Items) ->
-    case val({Tab, snmp}) of 
+    case val({Tab, snmp}) of
 	[] ->
 	    [];
 	Ustruct when Key /= '_' ->
@@ -1286,10 +1286,10 @@ prepare_snmp(Tab, Key, Items) ->
 	    [{clear_table, Tab}]
     end.
 
-prepare_snmp(_Tid, _Tab, _Key, _Types, [], _Items, Recs) -> 
+prepare_snmp(_Tid, _Tab, _Key, _Types, [], _Items, Recs) ->
     Recs;
 
-prepare_snmp(Tid, Tab, Key, Types, Us, Items, Recs) -> 
+prepare_snmp(Tid, Tab, Key, Types, Us, Items, Recs) ->
     if Key /= '_' ->
 	    {_Oid, _Val, Op} = hd(Items),
 	    SnmpOid = mnesia_snmp_hook:key_to_oid(Tab, Key, Us), % May exit
@@ -1334,7 +1334,7 @@ prepare_node(Node, Storage, [Item | Items], Rec, Kind) when Kind == snmp ->
     Rec2 = Rec#commit{snmp = [Item | Rec#commit.snmp]},
     prepare_node(Node, Storage, Items, Rec2, Kind);
 prepare_node(Node, Storage, [Item | Items], Rec, Kind) when Kind /= schema ->
-    Rec2 = 
+    Rec2 =
 	case Storage of
 	    ram_copies ->
 		Rec#commit{ram_copies = [Item | Rec#commit.ram_copies]};
@@ -1345,7 +1345,7 @@ prepare_node(Node, Storage, [Item | Items], Rec, Kind) when Kind /= schema ->
 			   [Item | Rec#commit.disc_only_copies]}
 	end,
     prepare_node(Node, Storage, Items, Rec2, Kind);
-prepare_node(_Node, _Storage, Items, Rec, Kind) 
+prepare_node(_Node, _Storage, Items, Rec, Kind)
   when Kind == schema, Rec#commit.schema_ops == []  ->
     Rec#commit{schema_ops = Items};
 prepare_node(_Node, _Storage, [], Rec, _Kind) ->
@@ -1354,7 +1354,7 @@ prepare_node(_Node, _Storage, [], Rec, _Kind) ->
 %% multi_commit((Protocol, Tid, CommitRecords, Store)
 %% Local work is always performed in users process
 multi_commit(read_only, _Maj = [], Tid, CR, _Store) ->
-    %% This featherweight commit protocol is used when no 
+    %% This featherweight commit protocol is used when no
     %% updates has been performed in the transaction.
 
     {DiscNs, RamNs} = commit_nodes(CR, [], []),
@@ -1381,11 +1381,11 @@ multi_commit(sym_trans, _Maj = [], Tid, CR, Store) ->
     %%    perform the updates.
     %%
     %%    The outcome is kept 3 minutes in the transient decision table.
-    %%    
+    %%
     %% Recovery:
     %%    If somebody dies before the coordinator has
     %%    broadcasted do_commit, the transaction is aborted.
-    %%    
+    %%
     %%    If a participant dies, the table load algorithm
     %%    ensures that the contents of the involved tables
     %%    are picked from another node.
@@ -1394,15 +1394,15 @@ multi_commit(sym_trans, _Maj = [], Tid, CR, Store) ->
     %%    the outcome with all the others. If all are uncertain
     %%    about the outcome, the transaction is aborted. If
     %%    somebody knows the outcome the others will follow.
-    
+
     {DiscNs, RamNs} = commit_nodes(CR, [], []),
     Pending = mnesia_checkpoint:tm_enter_pending(Tid, DiscNs, RamNs),
     ?ets_insert(Store, Pending),
 
     {WaitFor, Local} = ask_commit(sym_trans, Tid, CR, DiscNs, RamNs),
-    {Outcome, []} = rec_all(WaitFor, Tid, do_commit, []), 
-    ?eval_debug_fun({?MODULE, multi_commit_sym}, 
-		    [{tid, Tid}, {outcome, Outcome}]), 
+    {Outcome, []} = rec_all(WaitFor, Tid, do_commit, []),
+    ?eval_debug_fun({?MODULE, multi_commit_sym},
+		    [{tid, Tid}, {outcome, Outcome}]),
     rpc:abcast(DiscNs -- [node()], ?MODULE, {Tid, Outcome}),
     rpc:abcast(RamNs -- [node()], ?MODULE, {Tid, Outcome}),
     case Outcome of
@@ -1422,15 +1422,15 @@ multi_commit(sync_sym_trans, _Maj = [], Tid, CR, Store) ->
     %%   This protocol is the same as sym_trans except that it
     %%   uses syncronized calls to disk_log and syncronized commits
     %%   when several nodes are involved.
-    
+
     {DiscNs, RamNs} = commit_nodes(CR, [], []),
     Pending = mnesia_checkpoint:tm_enter_pending(Tid, DiscNs, RamNs),
     ?ets_insert(Store, Pending),
 
     {WaitFor, Local} = ask_commit(sync_sym_trans, Tid, CR, DiscNs, RamNs),
-    {Outcome, []} = rec_all(WaitFor, Tid, do_commit, []), 
-    ?eval_debug_fun({?MODULE, multi_commit_sym_sync}, 
-		    [{tid, Tid}, {outcome, Outcome}]), 
+    {Outcome, []} = rec_all(WaitFor, Tid, do_commit, []),
+    ?eval_debug_fun({?MODULE, multi_commit_sym_sync},
+		    [{tid, Tid}, {outcome, Outcome}]),
     [?ets_insert(Store, {waiting_for_commit_ack, Node}) || Node <- WaitFor],
     rpc:abcast(DiscNs -- [node()], ?MODULE, {Tid, Outcome}),
     rpc:abcast(RamNs -- [node()], ?MODULE, {Tid, Outcome}),
@@ -1451,7 +1451,7 @@ multi_commit(sync_sym_trans, _Maj = [], Tid, CR, Store) ->
     Outcome;
 
 multi_commit(asym_trans, Majority, Tid, CR, Store) ->
-    %% This more expensive commit protocol is used when 
+    %% This more expensive commit protocol is used when
     %% table definitions are changed (schema transactions).
     %% It is also used when the involved tables are
     %% replicated asymetrically. If the storage type differs
@@ -1462,14 +1462,14 @@ multi_commit(asym_trans, Majority, Tid, CR, Store) ->
     %%   commit record and votes yes or no depending of the
     %%   outcome of the prepare. The preparation is also performed
     %%   by the coordinator.
-    %%   
+    %%
     %% 2a Somebody has died or voted no
     %%    Tell all yes voters to do_abort
     %% 2b Everybody has voted yes
     %%    Put a unclear marker in the log.
     %%    Tell the others to pre_commit. I.e. that they should
     %%    put a unclear marker in the log and reply
-    %%    acc_pre_commit when they are done. 
+    %%    acc_pre_commit when they are done.
     %%
     %% 3a Somebody died
     %%    Tell the remaining participants to do_abort
@@ -1492,7 +1492,7 @@ multi_commit(asym_trans, Majority, Tid, CR, Store) ->
     %%    If we have no unclear marker in the log we may
     %%    safely abort, since we know that nobody may have
     %%    decided to commit yet.
-    %%    
+    %%
     %%    If we have a committed marker in the log we may
     %%    safely commit since we know that everybody else
     %%    also will come to this conclusion.
@@ -1506,7 +1506,7 @@ multi_commit(asym_trans, Majority, Tid, CR, Store) ->
     %%    up. When all involved nodes are up and uncertain,
     %%    we decide to commit (first put a committed marker
     %%    in the log, then do the updates).
-    
+
     D = #decision{tid = Tid, outcome = presume_abort},
     {D2, CR2} = commit_decision(D, CR, [], []),
     DiscNs = D2#decision.disc_nodes,
@@ -1518,10 +1518,10 @@ multi_commit(asym_trans, Majority, Tid, CR, Store) ->
     Pending = mnesia_checkpoint:tm_enter_pending(Tid, DiscNs, RamNs),
     ?ets_insert(Store, Pending),
     {WaitFor, Local} = ask_commit(asym_trans, Tid, CR2, DiscNs, RamNs),
-    SchemaPrep = (catch mnesia_schema:prepare_commit(Tid, Local, {coord, WaitFor})), 
-    {Votes, Pids} = rec_all(WaitFor, Tid, do_commit, []), 
-    
-    ?eval_debug_fun({?MODULE, multi_commit_asym_got_votes}, 
+    SchemaPrep = (catch mnesia_schema:prepare_commit(Tid, Local, {coord, WaitFor})),
+    {Votes, Pids} = rec_all(WaitFor, Tid, do_commit, []),
+
+    ?eval_debug_fun({?MODULE, multi_commit_asym_got_votes},
 		    [{tid, Tid}, {votes, Votes}]),
     case Votes of
 	do_commit ->
@@ -1530,20 +1530,20 @@ multi_commit(asym_trans, Majority, Tid, CR, Store) ->
 		    mnesia_log:log(C), % C is not a binary
 		    ?eval_debug_fun({?MODULE, multi_commit_asym_log_commit_rec},
 				    [{tid, Tid}]),
-		    
+
 		    D3 = C#commit.decision,
-		    D4 = D3#decision{outcome = unclear},		
-		    mnesia_recover:log_decision(D4),			
+		    D4 = D3#decision{outcome = unclear},
+		    mnesia_recover:log_decision(D4),
 		    ?eval_debug_fun({?MODULE, multi_commit_asym_log_commit_dec},
 				    [{tid, Tid}]),
 		    tell_participants(Pids, {Tid, pre_commit}),
 		    %% Now we are uncertain and we do not know
 		    %% if all participants have logged that
 		    %% they are uncertain or not
-		    rec_acc_pre_commit(Pids, Tid, Store, {C,Local}, 
+		    rec_acc_pre_commit(Pids, Tid, Store, {C,Local},
 				       do_commit, DumperMode, [], []);
 		{'EXIT', Reason} ->
-		    %% The others have logged the commit 
+		    %% The others have logged the commit
 		    %% record but they are not uncertain
 		    mnesia_recover:note_decision(Tid, aborted),
 		    ?eval_debug_fun({?MODULE, multi_commit_asym_prepare_exit},
@@ -1564,7 +1564,7 @@ multi_commit(asym_trans, Majority, Tid, CR, Store) ->
     end.
 
 %% Returns do_commit or {do_abort, Reason}
-rec_acc_pre_commit([Pid | Tail], Tid, Store, Commit, Res, DumperMode, 
+rec_acc_pre_commit([Pid | Tail], Tid, Store, Commit, Res, DumperMode,
 		   GoodPids, SchemaAckPids) ->
     receive
 	{?MODULE, _, {acc_pre_commit, Tid, Pid, true}} ->
@@ -1598,7 +1598,7 @@ rec_acc_pre_commit([], Tid, Store, {Commit,OrigC}, Res, DumperMode, GoodPids, Sc
 	    %% everybody are uncertain.
 	    prepare_sync_schema_commit(Store, SchemaAckPids),
 	    tell_participants(GoodPids, {Tid, committed}),
-	    D2 = D#decision{outcome = committed},		
+	    D2 = D#decision{outcome = committed},
 	    mnesia_recover:log_decision(D2),
             ?eval_debug_fun({?MODULE, rec_acc_pre_commit_log_commit},
 			    [{tid, Tid}]),
@@ -1611,10 +1611,10 @@ rec_acc_pre_commit([], Tid, Store, {Commit,OrigC}, Res, DumperMode, GoodPids, Sc
 	    sync_schema_commit(Tid, Store, SchemaAckPids),
 	    mnesia_locker:release_tid(Tid),
 	    ?MODULE ! {delete_transaction, Tid};
-	
+
 	{do_abort, Reason} ->
 	    tell_participants(GoodPids, {Tid, {do_abort, Reason}}),
-	    D2 = D#decision{outcome = aborted},		
+	    D2 = D#decision{outcome = aborted},
 	    mnesia_recover:log_decision(D2),
             ?eval_debug_fun({?MODULE, rec_acc_pre_commit_log_abort},
 			    [{tid, Tid}]),
@@ -1702,7 +1702,7 @@ commit_participant(Coord, Tid, Bin, C0, DiscNs, _RamNs) ->
 			    end,
 			    ?eval_debug_fun({?MODULE, commit_participant, do_commit},
 					    [{tid, Tid}]);
-			
+
 			{Tid, {do_abort, _Reason}} ->
 			    mnesia_recover:log_decision(D#decision{outcome = aborted}),
 			    ?eval_debug_fun({?MODULE, commit_participant, log_abort},
@@ -1710,7 +1710,7 @@ commit_participant(Coord, Tid, Bin, C0, DiscNs, _RamNs) ->
 			    mnesia_schema:undo_prepare_commit(Tid, C0),
 			    ?eval_debug_fun({?MODULE, commit_participant, undo_prepare},
 					    [{tid, Tid}]);
-			
+
 			{'EXIT', _, _} ->
 			    mnesia_recover:log_decision(D#decision{outcome = aborted}),
 			    ?eval_debug_fun({?MODULE, commit_participant, exit_log_abort},
@@ -1718,7 +1718,7 @@ commit_participant(Coord, Tid, Bin, C0, DiscNs, _RamNs) ->
 			    mnesia_schema:undo_prepare_commit(Tid, C0),
 			    ?eval_debug_fun({?MODULE, commit_participant, exit_undo_prepare},
 					    [{tid, Tid}]);
-			
+
 			Msg ->
 			    verbose("** ERROR ** commit_participant ~p, got unexpected msg: ~p~n",
 				    [Tid, Msg])
@@ -1739,7 +1739,7 @@ commit_participant(Coord, Tid, Bin, C0, DiscNs, _RamNs) ->
 		    verbose("** ERROR ** commit_participant ~p, got unexpected msg: ~p~n",
 			    [Tid, Msg])
 	    end;
-	
+
 	{'EXIT', Reason} ->
 	    ?eval_debug_fun({?MODULE, commit_participant, vote_no},
 			    [{tid, Tid}]),
@@ -1750,7 +1750,7 @@ commit_participant(Coord, Tid, Bin, C0, DiscNs, _RamNs) ->
     ?MODULE ! {delete_transaction, Tid},
     unlink(whereis(?MODULE)),
     exit(normal).
-    
+
 do_abort(Tid, Bin) when is_binary(Bin) ->
     %% Possible optimization:
     %% If we want we could pass arround a flag
@@ -1761,7 +1761,7 @@ do_abort(Tid, Bin) when is_binary(Bin) ->
     %% mnesia_schema:undo_prepare_commit/1.
     do_abort(Tid, binary_to_term(Bin));
 do_abort(Tid, Commit) ->
-    mnesia_schema:undo_prepare_commit(Tid, Commit), 
+    mnesia_schema:undo_prepare_commit(Tid, Commit),
     Commit.
 
 do_dirty(Tid, Commit) when Commit#commit.schema_ops == [] ->
@@ -1799,7 +1799,7 @@ do_update(Tid, Storage, [Op | Ops], OldRes) ->
 
 	    verbose("do_update in ~w failed: ~p -> {'EXIT', ~p}~n",
 		    [Tid, Op, Reason]),
-	    do_update(Tid, Storage, Ops, OldRes); 
+	    do_update(Tid, Storage, Ops, OldRes);
 	NewRes ->
 	    do_update(Tid, Storage, Ops, NewRes)
     end;
@@ -1807,7 +1807,7 @@ do_update(_Tid, _Storage, [], Res) ->
     Res.
 
 do_update_op(Tid, Storage, {{Tab, K}, Obj, write}) ->
-    commit_write(?catch_val({Tab, commit_work}), Tid, 
+    commit_write(?catch_val({Tab, commit_work}), Tid,
 		 Tab, K, Obj, undefined),
     mnesia_lib:db_put(Storage, Tab, Obj);
 
@@ -1816,7 +1816,7 @@ do_update_op(Tid, Storage, {{Tab, K}, Val, delete}) ->
     mnesia_lib:db_erase(Storage, Tab, K);
 
 do_update_op(Tid, Storage, {{Tab, K}, {RecName, Incr}, update_counter}) ->
-    {NewObj, OldObjs} = 
+    {NewObj, OldObjs} =
         case catch mnesia_lib:db_update_counter(Storage, Tab, K, Incr) of
             NewVal when is_integer(NewVal), NewVal >= 0 ->
                 {{RecName, K, NewVal}, [{RecName, K, NewVal - Incr}]};
@@ -1824,17 +1824,17 @@ do_update_op(Tid, Storage, {{Tab, K}, {RecName, Incr}, update_counter}) ->
                 New = {RecName, K, Incr},
                 mnesia_lib:db_put(Storage, Tab, New),
                 {New, []};
-	    _ -> 
+	    _ ->
 		Zero = {RecName, K, 0},
 		mnesia_lib:db_put(Storage, Tab, Zero),
 		{Zero, []}
         end,
-    commit_update(?catch_val({Tab, commit_work}), Tid, Tab, 
+    commit_update(?catch_val({Tab, commit_work}), Tid, Tab,
 		  K, NewObj, OldObjs),
     element(3, NewObj);
 
 do_update_op(Tid, Storage, {{Tab, Key}, Obj, delete_object}) ->
-    commit_del_object(?catch_val({Tab, commit_work}), 
+    commit_del_object(?catch_val({Tab, commit_work}),
 		      Tid, Tab, Key, Obj, undefined),
     mnesia_lib:db_match_erase(Storage, Tab, Obj);
 
@@ -1846,11 +1846,11 @@ commit_write([], _, _, _, _, _) -> ok;
 commit_write([{checkpoints, CpList}|R], Tid, Tab, K, Obj, Old) ->
     mnesia_checkpoint:tm_retain(Tid, Tab, K, write, CpList),
     commit_write(R, Tid, Tab, K, Obj, Old);
-commit_write([H|R], Tid, Tab, K, Obj, Old) 
+commit_write([H|R], Tid, Tab, K, Obj, Old)
   when element(1, H) == subscribers ->
     mnesia_subscr:report_table_event(H, Tab, Tid, Obj, write, Old),
     commit_write(R, Tid, Tab, K, Obj, Old);
-commit_write([H|R], Tid, Tab, K, Obj, Old) 
+commit_write([H|R], Tid, Tab, K, Obj, Old)
   when element(1, H) == index ->
     mnesia_index:add_index(H, Tab, K, Obj, Old),
     commit_write(R, Tid, Tab, K, Obj, Old).
@@ -1859,11 +1859,11 @@ commit_update([], _, _, _, _, _) -> ok;
 commit_update([{checkpoints, CpList}|R], Tid, Tab, K, Obj, _) ->
     Old = mnesia_checkpoint:tm_retain(Tid, Tab, K, write, CpList),
     commit_update(R, Tid, Tab, K, Obj, Old);
-commit_update([H|R], Tid, Tab, K, Obj, Old) 
+commit_update([H|R], Tid, Tab, K, Obj, Old)
   when element(1, H) == subscribers ->
     mnesia_subscr:report_table_event(H, Tab, Tid, Obj, write, Old),
     commit_update(R, Tid, Tab, K, Obj, Old);
-commit_update([H|R], Tid, Tab, K, Obj, Old) 
+commit_update([H|R], Tid, Tab, K, Obj, Old)
   when element(1, H) == index ->
     mnesia_index:add_index(H, Tab, K, Obj, Old),
     commit_update(R, Tid, Tab, K, Obj, Old).
@@ -1872,11 +1872,11 @@ commit_delete([], _, _, _, _, _) ->  ok;
 commit_delete([{checkpoints, CpList}|R], Tid, Tab, K, Obj, _) ->
     Old = mnesia_checkpoint:tm_retain(Tid, Tab, K, delete, CpList),
     commit_delete(R, Tid, Tab, K, Obj, Old);
-commit_delete([H|R], Tid, Tab, K, Obj, Old) 
+commit_delete([H|R], Tid, Tab, K, Obj, Old)
   when element(1, H) == subscribers ->
     mnesia_subscr:report_table_event(H, Tab, Tid, Obj, delete, Old),
     commit_delete(R, Tid, Tab, K, Obj, Old);
-commit_delete([H|R], Tid, Tab, K, Obj, Old) 
+commit_delete([H|R], Tid, Tab, K, Obj, Old)
   when element(1, H) == index ->
     mnesia_index:delete_index(H, Tab, K),
     commit_delete(R, Tid, Tab, K, Obj, Old).
@@ -1885,12 +1885,12 @@ commit_del_object([], _, _, _, _, _) -> ok;
 commit_del_object([{checkpoints, CpList}|R], Tid, Tab, K, Obj, _) ->
     Old = mnesia_checkpoint:tm_retain(Tid, Tab, K, delete_object, CpList),
     commit_del_object(R, Tid, Tab, K, Obj, Old);
-commit_del_object([H|R], Tid, Tab, K, Obj, Old) 
-  when element(1, H) == subscribers -> 
+commit_del_object([H|R], Tid, Tab, K, Obj, Old)
+  when element(1, H) == subscribers ->
     mnesia_subscr:report_table_event(H, Tab, Tid, Obj, delete_object, Old),
     commit_del_object(R, Tid, Tab, K, Obj, Old);
-commit_del_object([H|R], Tid, Tab, K, Obj, Old) 
-  when element(1, H) == index -> 
+commit_del_object([H|R], Tid, Tab, K, Obj, Old)
+  when element(1, H) == index ->
     mnesia_index:del_object_index(H, Tab, K, Obj, Old),
     commit_del_object(R, Tid, Tab, K, Obj, Old).
 
@@ -1898,11 +1898,11 @@ commit_clear([], _, _, _, _) ->  ok;
 commit_clear([{checkpoints, CpList}|R], Tid, Tab, K, Obj) ->
     mnesia_checkpoint:tm_retain(Tid, Tab, K, clear_table, CpList),
     commit_clear(R, Tid, Tab, K, Obj);
-commit_clear([H|R], Tid, Tab, K, Obj) 
+commit_clear([H|R], Tid, Tab, K, Obj)
   when element(1, H) == subscribers ->
     mnesia_subscr:report_table_event(H, Tab, Tid, Obj, clear_table, undefined),
     commit_clear(R, Tid, Tab, K, Obj);
-commit_clear([H|R], Tid, Tab, K, Obj) 
+commit_clear([H|R], Tid, Tab, K, Obj)
   when element(1, H) == index ->
     mnesia_index:clear_index(H, Tab, K, Obj),
     commit_clear(R, Tid, Tab, K, Obj).
@@ -1913,7 +1913,7 @@ do_snmp(Tid, [Head | Tail]) ->
 	{'EXIT', Reason} ->
 	    %% This should only happen when we recently have
 	    %% deleted our local replica or recently deattached
-	    %% the snmp table 
+	    %% the snmp table
 
 	    verbose("do_snmp in ~w failed: ~p -> {'EXIT', ~p}~n",
 		    [Tid, Head, Reason]);
@@ -1922,7 +1922,7 @@ do_snmp(Tid, [Head | Tail]) ->
     end,
     do_snmp(Tid, Tail).
 
-commit_nodes([C | Tail], AccD, AccR) 
+commit_nodes([C | Tail], AccD, AccR)
         when C#commit.disc_copies == [],
              C#commit.disc_only_copies  == [],
              C#commit.schema_ops == [] ->
@@ -1934,7 +1934,7 @@ commit_nodes([], AccD, AccR) ->
 
 commit_decision(D, [C | Tail], AccD, AccR) ->
     N = C#commit.node,
-    {D2, Tail2} = 
+    {D2, Tail2} =
 	case C#commit.schema_ops of
 	    [] when C#commit.disc_copies == [],
 		    C#commit.disc_only_copies  == [] ->
@@ -1954,8 +1954,8 @@ commit_decision(D, [], AccD, AccR) ->
     {D#decision{disc_nodes = AccD, ram_nodes = AccR}, []}.
 
 ram_only_ops(N, [{op, change_table_copy_type, N, _FromS, _ToS, Cs} | _Ops ]) ->
-    case lists:member({name, schema}, Cs) of 
-	true -> 
+    case lists:member({name, schema}, Cs) of
+	true ->
 	    %% We always use disk if change type of the schema
 	    false;
 	false ->
@@ -2025,12 +2025,12 @@ get_dirty_reply(Node, Res) ->
 	    Reply;
 	{mnesia_down, Node} ->
 	    case get(mnesia_activity_state) of
-		{_, Tid, _Ts} when element(1,Tid) == tid -> 
+		{_, Tid, _Ts} when element(1,Tid) == tid ->
 		    %% Hmm dirty called inside a transaction, to avoid
 		    %% hanging transaction we need to restart the transaction
 		    mnesia:abort({node_not_running, Node});
 		_ ->
-		    %% It's ok to ignore mnesia_down's since we will make 
+		    %% It's ok to ignore mnesia_down's since we will make
 		    %% the replicas consistent again when Node is started
 		    Res
 	    end
@@ -2068,10 +2068,10 @@ ask_commit(_Protocol, _Tid, [], _DiscNs, _RamNs, WaitFor, Local) ->
 %% to be safe we let erts do the translation (many times maybe and thus
 %% slower but it works.
 % opt_term_to_binary(asym_trans, Head, Nodes) ->
-%     opt_term_to_binary(Nodes, Head);    
+%     opt_term_to_binary(Nodes, Head);
 opt_term_to_binary(_Protocol, Head, _Nodes) ->
     Head.
-	    
+
 rec_all([Node | Tail], Tid, Res, Pids) ->
     receive
 	{?MODULE, Node, {vote_yes, Tid}} ->
@@ -2085,7 +2085,7 @@ rec_all([Node | Tail], Tid, Res, Pids) ->
 	{?MODULE, Node, {aborted, Tid}} ->
 	    rec_all(Tail, Tid, Res, Pids);
 
-	{mnesia_down, Node} ->  
+	{mnesia_down, Node} ->
 	    %% Make sure that mnesia_tm knows it has died
 	    %% it may have been restarted
 	    Abort = {do_abort, {bad_commit, Node}},
@@ -2095,7 +2095,7 @@ rec_all([Node | Tail], Tid, Res, Pids) ->
 rec_all([], _Tid, Res, Pids) ->
     {Res, Pids}.
 
-get_transactions() -> 
+get_transactions() ->
     {info, Participant, Coordinator} = req(info),
     lists:map(fun({Tid, _Tabs}) ->
 		      Status = tr_status(Tid,Participant),
@@ -2125,7 +2125,7 @@ get_info(Timeout) ->
 display_info(Stream, {timeout, T}) ->
     io:format(Stream, "---> No info about coordinator and participant transactions, "
 	      "timeout ~p <--- ~n", [T]);
-    
+
 display_info(Stream, {info, Part, Coord}) ->
     io:format(Stream, "---> Participant transactions <--- ~n", []),
     lists:foreach(fun(P) -> pr_participant(Stream, P) end, Part),
@@ -2134,7 +2134,7 @@ display_info(Stream, {info, Part, Coord}) ->
 
 pr_participant(Stream, P) ->
     Commit0 = P#participant.commit,
-    Commit = 
+    Commit =
 	if
 	    is_binary(Commit0) -> binary_to_term(Commit0);
 	    true -> Commit0
@@ -2161,11 +2161,11 @@ search_pr_coordinator(S, [{Tid, _Ts}|Tail]) ->
 	    io:format( "Tid is coordinator, owner == \n", []),
 	    display_pid_info(Tid#tid.pid),
 	    search_pr_coordinator(S, Tail);
-	_ -> 
+	_ ->
 	    search_pr_coordinator(S, Tail)
     end.
 
-search_pr_participant(_S, []) -> 
+search_pr_participant(_S, []) ->
     false;
 search_pr_participant(S, [ P | Tail]) ->
     Tid = P#participant.tid,
@@ -2176,15 +2176,15 @@ search_pr_participant(S, [ P | Tail]) ->
 	    Pid = Tid#tid.pid,
 	    display_pid_info(Pid),
 	    io:format( "Tid wants to write objects \n",[]),
-	    Commit = 
+	    Commit =
 		if
 		    is_binary(Commit0) -> binary_to_term(Commit0);
 		    true -> Commit0
 		end,
-	    
+
 	    io:format("~p~n", [Commit]),
 	    search_pr_participant(S,Tail);  %% !!!!!
-	true -> 
+	true ->
 	    search_pr_participant(S, Tail)
     end.
 
@@ -2200,7 +2200,7 @@ display_pid_info(Pid) ->
 		       Other ->
 			   Other
 		   end,
-	    Reds  = fetch(reductions, Info), 
+	    Reds  = fetch(reductions, Info),
 	    LM = length(fetch(messages, Info)),
 	    pformat(io_lib:format("~p", [Pid]),
 		    io_lib:format("~p", [Call]),
@@ -2254,7 +2254,7 @@ send_to_pids([_ | Pids], Msg) ->
     send_to_pids(Pids, Msg);
 send_to_pids([], _Msg) ->
     ok.
-    
+
 reconfigure_participants(N, [P | Tail]) ->
     case lists:member(N, P#participant.disc_nodes) or
 	 lists:member(N, P#participant.ram_nodes) of
@@ -2262,25 +2262,25 @@ reconfigure_participants(N, [P | Tail]) ->
 	    %% Ignore, since we are not a participant
 	    %% in the transaction.
 	    reconfigure_participants(N, Tail);
- 
+
 	true ->
 	    %% We are on a participant node, lets
 	    %% check if the dead one was a
 	    %% participant or a coordinator.
 	    Tid  = P#participant.tid,
-	    if 
+	    if
 		node(Tid#tid.pid) /= N ->
 		    %% Another participant node died. Ignore.
 		    reconfigure_participants(N, Tail);
 
 		true ->
-		    %% The coordinator node has died and 
+		    %% The coordinator node has died and
 		    %% we must determine the outcome of the
 		    %% transaction and tell mnesia_tm on all
 		    %% nodes (including the local node) about it
 		    verbose("Coordinator ~p in transaction ~p died~n",
 			    [Tid#tid.pid, Tid]),
-			    
+
 		    Nodes = P#participant.disc_nodes ++
 			    P#participant.ram_nodes,
 		    AliveNodes = Nodes  -- [N],
@@ -2332,8 +2332,8 @@ system_terminate(_Reason, _Parent, _Debug, State) ->
 
 system_code_change(State=#state{coordinators=Cs0,participants=Ps0},_Module,_OldVsn,downgrade) ->
     case is_tuple(Cs0) of
-	true -> 
-	    Cs = gb_trees:to_list(Cs0),	    
+	true ->
+	    Cs = gb_trees:to_list(Cs0),
 	    Ps = gb_trees:values(Ps0),
 	    {ok, State#state{coordinators=Cs,participants=Ps}};
 	false ->
@@ -2342,7 +2342,7 @@ system_code_change(State=#state{coordinators=Cs0,participants=Ps0},_Module,_OldV
 
 system_code_change(State=#state{coordinators=Cs0,participants=Ps0},_Module,_OldVsn,_Extra) ->
     case is_list(Cs0) of
-	true -> 
+	true ->
 	    Cs = gb_trees:from_orddict(lists:sort(Cs0)),
 	    Ps1 = [{P#participant.tid,P}|| P <- Ps0],
 	    Ps = gb_trees:from_orddict(lists:sort(Ps1)),
diff --git a/lib/mnesia/test/mnesia_atomicity_test.erl b/lib/mnesia/test/mnesia_atomicity_test.erl
index cf878fc820..06c4d16d71 100644
--- a/lib/mnesia/test/mnesia_atomicity_test.erl
+++ b/lib/mnesia/test/mnesia_atomicity_test.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -31,13 +31,13 @@ end_per_testcase(Func, Conf) ->
     mnesia_test_lib:end_per_testcase(Func, Conf).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-all() -> 
+all() ->
     [explicit_abort_in_middle_of_trans,
      runtime_error_in_middle_of_trans,
      kill_self_in_middle_of_trans, throw_in_middle_of_trans,
      {group, mnesia_down_in_middle_of_trans}].
 
-groups() -> 
+groups() ->
     [{mnesia_down_in_middle_of_trans, [],
       [mnesia_down_during_infinite_trans,
        {group, lock_waiter}, {group, restart_check}]},
@@ -297,7 +297,7 @@ mnesia_down_during_infinite_trans(Config) when is_list(Config) ->
     ?match({atomic, ok},
 	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, test_ok}) end)),
     mnesia_test_lib:start_sync_transactions([A2, A1]),
-    
+
     %% Obtain a write lock and wait forever
     RecA = {Tab, 1, test_not_ok},
     A1 ! fun() -> mnesia:write(RecA) end,
@@ -471,12 +471,12 @@ lock_waiter_w_wt(Config) when is_list(Config) ->
 
 start_lock_waiter(BlockOpA, BlockOpB, Config) ->
     [N1, N2] = Nodes = ?acquire_nodes(2, Config),
-    
+
     TabName = mk_tab_name(lock_waiter_),
     ?match({atomic, ok}, mnesia:create_table(TabName,
 					     [{ram_copies, [N1, N2]}])),
-    
-    %% initialize the table with object {1, c} - when there 	
+
+    %% initialize the table with object {1, c} - when there
     %% is a read transaction, the read will find that  value
     ?match({atomic, ok}, mnesia:sync_transaction(fun() -> mnesia:write({TabName, 1, c}) end)),
     rpc:call(N2, ?MODULE, sync_tid_release, []),
@@ -484,7 +484,7 @@ start_lock_waiter(BlockOpA, BlockOpB, Config) ->
     Tester = self(),
     Fun_A =fun() ->
 		   NewCounter = incr_restart_counter(),
-		   if 
+		   if
 		       NewCounter == 1 ->
 			   Tester ! go_ahead_test,
 			   receive go_ahead -> ok end;
@@ -493,13 +493,13 @@ start_lock_waiter(BlockOpA, BlockOpB, Config) ->
 		   lock_waiter_fun(BlockOpA, TabName, a),
 		   NewCounter
 	   end,
-        
+
     %% it's not possible to just spawn the transaction, because
     %% the result shall be evaluated
     A = spawn_link(N1, ?MODULE, perform_restarted_transaction, [Fun_A]),
-    
+
     ?match(ok, receive go_ahead_test -> ok after 10000 -> timeout end),
-    
+
     mnesia_test_lib:sync_trans_tid_serial([N1, N2]),
 
     Fun_B = fun() ->
@@ -507,21 +507,21 @@ start_lock_waiter(BlockOpA, BlockOpB, Config) ->
 		    A ! go_ahead,
 		    wait(infinity)
 	    end,
-    
+
     B = spawn_link(N2, mnesia, transaction, [Fun_B, 100]),
-    
+
     io:format("waiting for A (~p on ~p) to be in the queue ~n", [A, [N1, N2]]),
     wait_for_a(A, [N1, N2]),
-    
-    io:format("Queus ~p~n", 
+
+    io:format("Queus ~p~n",
 	      [[{N,rpc:call(N, mnesia, system_info, [lock_queue])} || N <- Nodes]]),
-    
+
     KillNode = node(B),
     io:format("A was in the queue, time to kill Mnesia on B's node (~p on ~p)~n",
 	      [B, KillNode]),
-    
+
     mnesia_test_lib:kill_mnesia([KillNode]), % kill mnesia of fun B
-    
+
     %% Read Ops does not need to be restarted
     ExpectedCounter =
 	if
@@ -535,20 +535,22 @@ start_lock_waiter(BlockOpA, BlockOpB, Config) ->
 	    BlockOpA == rt, BlockOpB /= sw -> 1;
 	    true -> 2
 	end,
-    ?match_multi_receive([{'EXIT', A, {atomic, ExpectedCounter}}, 
-			  {'EXIT', B, killed}]),
-    
+    receive {'EXIT', B, _} -> ok
+    after 3000 -> ?error("Timeout~n", []) end,
+    receive {'EXIT', A, Exp1} -> ?match({atomic, ExpectedCounter}, Exp1)
+    after 3000 -> ?error("Timeout~n", []) end,
+
     %% the expected result depends on the transaction of
     %% fun A - when that doesn't change the object in the
     %% table (e.g. it is a read) then the predefined
     %% value {Tabname, 1, c} is expected to be the result here
-    ExpectedResult = 
+    ExpectedResult =
 	case BlockOpA of
 	    w -> {TabName, 1, a};
 	    sw ->{TabName, 1, a};
 	    _all_other -> {TabName, 1, c}
 	end,
-    
+
     ?match({atomic, [ExpectedResult]},
 	   mnesia:transaction(fun() -> mnesia:read({TabName, 1}) end, 100)),
     ?verify_mnesia([N1], [N2]).
@@ -567,7 +569,7 @@ lock_waiter_fun(Op, TabName, Val) ->
 	srw -> mnesia:read(TabName, 1, sticky_write);
 	sw ->  mnesia:s_write({TabName, 1, Val})
     end.
-    
+
 wait_for_a(Pid, Nodes) ->
     wait_for_a(Pid, Nodes, 5).
 
@@ -589,12 +591,12 @@ check_q(Pid, [_ | Tail], N, Count) ->
 check_q(Pid, [], N, Count) ->
     timer:sleep(500),
     wait_for_a(Pid, N, Count - 1).
-    
+
 perform_restarted_transaction (Fun_Trans) ->
     %% the result of the transaction shall be:
     %%  - undefined (if the transaction was never executed)
     %%  - Times ( number of times that the transaction has been executed)
-    
+
     Result = mnesia:transaction(Fun_Trans, 100),
     exit(Result).
 
@@ -666,10 +668,10 @@ restart_sw_two(Config) when is_list(Config) ->
 
 start_restart_check(RestartOp, ReplicaNeed, Config) ->
     [N1, N2, N3] = Nodes = ?acquire_nodes(3, Config),
-    
+
     {TabName, _TabNodes} = create_restart_table(ReplicaNeed, Nodes),
-    
-    %% initialize the table with object {1, c} - when there 	
+
+    %% initialize the table with object {1, c} - when there
     %% is a read transaction, the read will find that  value
     ?match({atomic, ok}, mnesia:sync_transaction(fun() -> mnesia:write({TabName, 1, c}) end)),
 
@@ -681,9 +683,9 @@ start_restart_check(RestartOp, ReplicaNeed, Config) ->
 		    NewCounter = incr_restart_counter(),
 		    case NewCounter of
 			1 ->
-			    mnesia:write({TabName, 1, d}),			    
+			    mnesia:write({TabName, 1, d}),
 			    %% send a message to the test proc
-			    Coord ! {self(),fun_a_is_blocked}, 			    
+			    Coord ! {self(),fun_a_is_blocked},
 			    receive go_ahead -> ok end;
 			_ ->
 			    %% the fun will NOT be blocked here
@@ -691,19 +693,19 @@ start_restart_check(RestartOp, ReplicaNeed, Config) ->
 		    end,
 		    NewCounter
 	    end,
-    
+
     A = spawn_link(N1, ?MODULE, perform_restarted_transaction, [Fun_A]),
-    ?match_receive({A,fun_a_is_blocked}),    		
-    
+    ?match_receive({A,fun_a_is_blocked}),
+
     %% mnesia shall be killed at that node, where A is reading
     %% the information from
     kill_where_to_read(TabName, N1, [N2, N3]),
-    
+
     %% wait some time to let mnesia go down and spread those news around
     %% fun A shall be able to finish its job before being restarted
-    wait(500), 
+    wait(500),
     A ! go_ahead,
-    
+
     %% the sticky write doesnt work on remote nodes !!!
     ExpectedMsg =
 	case RestartOp of
@@ -717,19 +719,19 @@ start_restart_check(RestartOp, ReplicaNeed, Config) ->
 			{'EXIT',A,{atomic, 2}}
 		end
 	end,
-    
-    ?match_receive(ExpectedMsg),    		
-    
+
+    ?match_receive(ExpectedMsg),
+
     %% now mnesia has to be started again on the node KillNode
     %% because the next test suite will need it
     ?match([], mnesia_test_lib:start_mnesia(Nodes, [TabName])),
-    
-    
+
+
     %%  the expected result depends on the transaction of
     %%  fun A - when that doesnt change the object in the
     %%  table (e.g. it is a read) then the predefined
     %%  value {Tabname, 1, c} is expected to be the result here
-    
+
     ExpectedResult =
 	case ReplicaNeed of
 	    one ->
@@ -746,7 +748,7 @@ start_restart_check(RestartOp, ReplicaNeed, Config) ->
     ?verify_mnesia(Nodes, []).
 
 create_restart_table(ReplicaNeed, [_N1, N2, N3]) ->
-    TabNodes = 
+    TabNodes =
 	case ReplicaNeed of
 	    one ->  [N2];
 	    two ->  [N2, N3]
@@ -754,7 +756,7 @@ create_restart_table(ReplicaNeed, [_N1, N2, N3]) ->
     TabName = mk_tab_name(restart_check_),
     ?match({atomic, ok}, mnesia:create_table(TabName, [{ram_copies, TabNodes}])),
     {TabName, TabNodes}.
-    
+
 restart_fun_A(Op, TabName) ->
     case Op of
 	rt -> mnesia:read_lock_table(TabName);
@@ -774,8 +776,8 @@ kill_where_to_read(TabName, N1, Nodes) ->
 	    ?error("Fault while killing Mnesia: ~p~n", [Read]),
 	    mnesia_test_lib:kill_mnesia(Nodes)
     end.
-    
-sync_tid_release() ->    
+
+sync_tid_release() ->
     sys:get_status(whereis(mnesia_tm)),
     sys:get_status(whereis(mnesia_locker)),
     ok.
diff --git a/lib/mnesia/test/mnesia_evil_coverage_test.erl b/lib/mnesia/test/mnesia_evil_coverage_test.erl
index 17d6c6c212..64b61288ef 100644
--- a/lib/mnesia/test/mnesia_evil_coverage_test.erl
+++ b/lib/mnesia/test/mnesia_evil_coverage_test.erl
@@ -37,7 +37,8 @@ end_per_testcase(Func, Conf) ->
 all() -> 
     [system_info, table_info, error_description,
      db_node_lifecycle, evil_delete_db_node, start_and_stop,
-     checkpoint, table_lifecycle, add_copy_conflict,
+     checkpoint, table_lifecycle, storage_options, 
+     add_copy_conflict,
      add_copy_when_going_down, replica_management,
      schema_availability, local_content,
      {group, table_access_modifications}, replica_location,
@@ -244,7 +245,7 @@ db_node_lifecycle(Config) when is_list(Config) ->
     ?match([], mnesia_test_lib:start_mnesia(AllNodes)),
 
     ?match([SNs, SNs, SNs], 
-	   lists:map({lists, sort}, 
+	   lists:map(fun lists:sort/1,
 		     element(1, rpc:multicall(AllNodes, mnesia, table_info, 
 					      [schema, disc_copies])))),
 
@@ -259,7 +260,7 @@ db_node_lifecycle(Config) when is_list(Config) ->
            mnesia:change_table_copy_type(schema, Node2, disc_copies)),
 
     ?match([SNs, SNs, SNs], 
-	   lists:map({lists, sort}, 
+	   lists:map(fun lists:sort/1,
 		     element(1, rpc:multicall(AllNodes, mnesia, table_info, 
 					      [schema, disc_copies])))),
 
@@ -462,7 +463,7 @@ table_lifecycle(Config) when is_list(Config) ->
     ?match({atomic, ok}, mnesia:create_table([{name, already_exists},
 					      {ram_copies, [Node1]}])),
     ?match({aborted, Reason23 } when element(1, Reason23) ==already_exists,
-	   mnesia:create_table([{name, already_exists}, 
+	   mnesia:create_table([{name, already_exists},
 				{ram_copies, [Node1]}])),
     ?match({aborted, Reason21 } when element(1, Reason21) == bad_type,
            mnesia:create_table([{name, bad_node}, {ram_copies, ["foo"]}])),
@@ -520,12 +521,57 @@ table_lifecycle(Config) when is_list(Config) ->
     ?match({atomic, ok},
            mnesia:create_table([{name, create_with_index}, {index, [3]},
                                 {ram_copies, [Node1]}])),
-    ets:new(ets_table, [named_table]),
 
+    ets:new(ets_table, [named_table]),
     ?match({aborted, _}, mnesia:create_table(ets_table, [{ram_copies, Nodes}])),
+    ?match({aborted, _}, mnesia:create_table(ets_table, [{ram_copies, [Node1]}])),
+    ets:delete(ets_table),
+    ?match({atomic, ok}, mnesia:create_table(ets_table, [{ram_copies, [Node1]}])),
+    ?match(Node1, rpc:call(Node1, mnesia_lib, val, [{ets_table,where_to_read}])),
+    ?match(Node1, rpc:call(Node2, mnesia_lib, val, [{ets_table,where_to_read}])),
+    ?match({atomic, ok}, mnesia:change_table_copy_type(ets_table, Node1, disc_only_copies)),    
+    ?match(Node1, rpc:call(Node2, mnesia_lib, val, [{ets_table,where_to_read}])),
+    
+    ?verify_mnesia(Nodes, []).
+
+
+storage_options(suite) -> [];
+storage_options(Config) when is_list(Config) ->
+    [N1,N2,N3] = Nodes = ?acquire_nodes(3, Config),
+
+    ?match({aborted,_}, mnesia:create_table(a, [{storage_properties, [{ets,foobar}]}])),
+    ?match({aborted,_}, mnesia:create_table(a, [{storage_properties, [{ets,[foobar]}]}])),
+    ?match({aborted,_}, mnesia:create_table(a, [{storage_properties, [{ets,[duplicate_bag]}]}])),
+    ?match({aborted,_}, mnesia:create_table(a, [{storage_properties, [{dets,[{type,bag}]}]}])),
+
+    ?match({atomic, ok}, mnesia:create_table(a, [{ram_copies, [N1]},
+						 {disc_only_copies, [N2]},
+						 {storage_properties,
+						  [{ets,[compressed]},
+						   {dets, [{auto_save, 5000}]} ]}])),
+    ?match(true, ets:info(a, compressed)),
+    ?match(5000, rpc:call(N2, dets, info, [a, auto_save])),
+    ?match(ok, mnesia:dirty_write({a,1,1})),
+    ?match([{a,1,1}], mnesia:dirty_read({a,1})),
+    mnesia:dump_log(),
+    W2C1 = [{N2, disc_only_copies}, {N1, ram_copies}],
+    ?match(W2C1, lists:sort(rpc:call(N2, mnesia_lib, val, [{a, where_to_commit}]))),
+    ?match(W2C1, lists:sort(rpc:call(N3, mnesia_lib, val, [{a, where_to_commit}]))),
+    ?match({atomic,ok}, mnesia:change_table_copy_type(a, N1, disc_only_copies)),
+    W2C2 = [{N2, disc_only_copies}, {N1, disc_only_copies}],
+    ?match(W2C2, lists:sort(rpc:call(N2, mnesia_lib, val, [{a, where_to_commit}]))),
+    ?match(W2C2, lists:sort(rpc:call(N3, mnesia_lib, val, [{a, where_to_commit}]))),
+    ?match(undefined, ets:info(a, compressed)),
+    ?match(5000, dets:info(a, auto_save)),
+    ?match({atomic,ok}, mnesia:change_table_copy_type(a, N1, disc_copies)),
+    ?match(true, ets:info(a, compressed)),
 
     ?verify_mnesia(Nodes, []).
 
+
+
+
+
 add_copy_conflict(suite) -> [];
 add_copy_conflict(doc) -> 
     ["Verify that OTP-5065 doesn't happen again, whitebox testing"];
diff --git a/lib/mnesia/test/mnesia_install_test.erl b/lib/mnesia/test/mnesia_install_test.erl
index 3a2d44aa95..06d53d3912 100644
--- a/lib/mnesia/test/mnesia_install_test.erl
+++ b/lib/mnesia/test/mnesia_install_test.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/mnesia/test/mnesia_test_lib.erl b/lib/mnesia/test/mnesia_test_lib.erl
index 9da45975d5..ba5bf84e24 100644
--- a/lib/mnesia/test/mnesia_test_lib.erl
+++ b/lib/mnesia/test/mnesia_test_lib.erl
@@ -99,7 +99,7 @@
 	 slave_start_link/0,
 	 slave_start_link/1,
 	 slave_sup/0,
-	
+
 	 start_mnesia/1,
 	 start_mnesia/2,
 	 start_appls/2,
@@ -131,7 +131,7 @@
 	 struct/1,
 	 init_per_testcase/2,
 	 end_per_testcase/2,
-	 kill_tc/2	
+	 kill_tc/2
 	]).
 
 -include("mnesia_test_lib.hrl").
@@ -187,7 +187,7 @@ verbose(Format, Args, File, Line) ->
 		    ok
 	    end
     end.
-    
+
 -record('REASON', {file, line, desc}).
 
 error(Format, Args, File, Line) ->
@@ -196,9 +196,9 @@ error(Format, Args, File, Line) ->
 		     line = Line,
 		     desc = Args},
     case global:whereis_name(mnesia_test_case_sup) of
-	undefined -> 
+	undefined ->
 	    ignore;
-	Pid -> 
+	Pid ->
 	    Pid ! Fail
 %% 	    global:send(mnesia_test_case_sup, Fail),
     end,
@@ -217,7 +217,7 @@ storage_type(Default, Config) ->
 default_config() ->
     [{nodes, default_nodes()}].
 
-default_nodes() ->    
+default_nodes() ->
     mk_nodes(3, []).
 
 mk_nodes(0, Nodes) ->
@@ -231,7 +231,7 @@ mk_nodes(N, Nodes) when N > 0 ->
 
 mk_node(N, Name, Host) ->
     list_to_atom(lists:concat([Name ++ integer_to_list(N) ++ "@" ++ Host])).
-    
+
 slave_start_link() ->
     slave_start_link(node()).
 
@@ -247,11 +247,11 @@ slave_start_link(Host, Name) ->
 
 slave_start_link(Host, Name, Retries) ->
     Debug = atom_to_list(mnesia:system_info(debug)),
-    Args = "-mnesia debug " ++ Debug ++ 
+    Args = "-mnesia debug " ++ Debug ++
+	" -pa " ++
+	filename:dirname(code:which(?MODULE)) ++
 	" -pa " ++
-	filename:dirname(code:which(?MODULE)) ++ 
-	" -pa " ++ 
-	filename:dirname(code:which(mnesia)),    
+	filename:dirname(code:which(mnesia)),
     case starter(Host, Name, Args) of
 	{ok, NewNode} ->
 	    ?match(pong, net_adm:ping(NewNode)),
@@ -264,8 +264,8 @@ slave_start_link(Host, Name, Retries) ->
 	    {ok, NewNode};
 	{error, Reason} when Retries == 0->
 	    {error, Reason};
-	{error, Reason} ->	    
-	    io:format("Could not start slavenode ~p ~p retrying~n", 
+	{error, Reason} ->
+	    io:format("Could not start slavenode ~p ~p retrying~n",
 		      [{Host, Name, Args}, Reason]),
 	    timer:sleep(500),
 	    slave_start_link(Host, Name, Retries - 1)
@@ -284,7 +284,7 @@ starter(Host, Name, Args) ->
 slave_sup() ->
     process_flag(trap_exit, true),
     receive
-	{'EXIT', _, _} -> 
+	{'EXIT', _, _} ->
 	    case os:type() of
 		vxworks ->
 		    erlang:halt();
@@ -292,7 +292,7 @@ slave_sup() ->
 		    ignore
 	    end
     end.
-    
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Index the test case structure
 
@@ -305,7 +305,7 @@ doc(TestCases) when is_list(TestCases) ->
     io:format(Fd, "<TITLE>Test specification for ~p</TITLE>.~n", [TestCases]),
     io:format(Fd, "<H1>Test specification for ~p</H1>~n", [TestCases]),
     io:format(Fd, "Test cases which not are implemented yet are written in <B>bold face</B>.~n~n", []),
-    
+
     io:format(Fd, "<BR><BR>~n", []),
     io:format(Fd, "~n<DL>~n", []),
     do_doc(Fd, TestCases, []),
@@ -349,7 +349,7 @@ do_doc(Fd, Module, TestCase, List) ->
 
 print_doc(Fd, Mod, Fun, Head) ->
     case catch (apply(Mod, Fun, [doc])) of
-	{'EXIT', _} -> 
+	{'EXIT', _} ->
 	    io:format(Fd, "<DT>~s</DT>~n", [Head]);
 	Doc when is_list(Doc) ->
 	    io:format(Fd, "<DT><U>~s</U><BR><DD>~n", [Head]),
@@ -428,10 +428,10 @@ test_driver({Module, TestCase}, Config) ->
 	_ ->
 	    log("Eval test case: ~w~n", [{Module, TestCase}]),
 	    try timer:tc(?MODULE, eval_test_case, [Module, TestCase, Config]) of
-		{T, Res} -> 
+		{T, Res} ->
 		    log("Tested ~w in ~w sec~n", [TestCase, T div Sec]),
 		    {T div Sec, Res}
-	    catch error:function_clause -> 
+	    catch error:function_clause ->
 		    log("<WARNING> Test case ~w NYI~n", [{Module, TestCase}]),
 		    {0, {skip, {Module, TestCase}, "NYI"}}
 	    end
@@ -472,13 +472,13 @@ get_suite(Module, TestCase, Config) ->
 
 %% Returns a list (possibly empty) or the atom 'NYI'
 get_suite(Mod, {group, Suite}) ->
-    try 
+    try
 	Groups = Mod:groups(),
 	{_, _, TCList} = lists:keyfind(Suite, 1, Groups),
 	TCList
     catch
 	_:Reason ->
-	    io:format("Not implemented ~p ~p (~p ~p)~n", 
+	    io:format("Not implemented ~p ~p (~p ~p)~n",
 		      [Mod,Suite,Reason, erlang:get_stacktrace()]),
 	    'NYI'
     end;
@@ -487,7 +487,7 @@ get_suite(Mod, all) ->
 	{'EXIT', _} -> 'NYI';
 	List when is_list(List) -> List
     end;
-get_suite(_Mod, _Fun) -> 
+get_suite(_Mod, _Fun) ->
     [].
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -511,7 +511,7 @@ wait_for_evaluator(Pid, Mod, Fun, Config) ->
     receive
 	{'EXIT', Pid, {test_case_ok, _PidRes}} ->
 	    Errors = flush(),
-	    Res = 
+	    Res =
 		case Errors of
 		    [] -> ok;
 		    Errors -> failed
@@ -531,7 +531,7 @@ wait_for_evaluator(Pid, Mod, Fun, Config) ->
 
 test_case_evaluator(Mod, Fun, [Config]) ->
     NewConfig = Mod:init_per_testcase(Fun, Config),
-    try 
+    try
 	R = apply(Mod, Fun, [NewConfig]),
 	Mod:end_per_testcase(Fun, NewConfig),
 	exit({test_case_ok, R})
@@ -588,7 +588,7 @@ mapl(_Fun, []) ->
 
 diskless(Config) ->
     case lists:keysearch(diskless, 1, Config) of
-	{value, {diskless, true}} -> 
+	{value, {diskless, true}} ->
 	    true;
 	_Else ->
 	    false
@@ -634,7 +634,7 @@ sync_trans_tid_serial(Nodes) ->
 
 select_nodes(N, Config, File, Line) ->
     prepare_test_case([], N, Config, File, Line).
-    
+
 prepare_test_case(Actions, N, Config, File, Line) ->
     NodeList1 = lookup_config(nodes, Config),
     NodeList2 = lookup_config(nodenames, Config), %% For testserver
@@ -666,10 +666,10 @@ do_prepare([delete_schema | Actions], Selected, All, Config, File, Line) ->
 	true ->
 	    skip;
 	false ->
-	    Del = fun(Node) -> 
+	    Del = fun(Node) ->
 			  case mnesia:delete_schema([Node]) of
 			      ok -> ok;
-			      {error, {"All nodes not running",_}} -> 
+			      {error, {"All nodes not running",_}} ->
 				  ok;
 			      Else ->
 				  ?log("Delete schema error ~p ~n", [Else])
@@ -680,7 +680,7 @@ do_prepare([delete_schema | Actions], Selected, All, Config, File, Line) ->
     do_prepare(Actions, Selected, All, Config, File, Line);
 do_prepare([create_schema | Actions], Selected, All, Config, File, Line) ->
     case diskless(Config) of
-	true -> 
+	true ->
 	    skip;
 	_Else ->
 	    case mnesia:create_schema(Selected) of
@@ -705,12 +705,12 @@ set_kill_timer(Config) ->
     case init:get_argument(mnesia_test_timeout) of
 	{ok, _ } -> ok;
 	_ ->
-	    Time0 = 
+	    Time0 =
 		case lookup_config(tc_timeout, Config) of
 		    [] -> timer:minutes(5);
 		    ConfigTime when is_integer(ConfigTime) -> ConfigTime
 		end,
-	    Mul = try 
+	    Mul = try
 		      test_server:timetrap_scale_factor()
 		  catch _:_ -> 1 end,
 	    (catch test_server:timetrap(Mul*Time0 + 1000)),
@@ -718,7 +718,7 @@ set_kill_timer(Config) ->
     end.
 
 kill_tc(Pid, Time) ->
-    receive 
+    receive
     after Time ->
 	    case process_info(Pid) of
 		undefined ->  ok;
@@ -739,10 +739,10 @@ kill_tc(Pid, Time) ->
 		    exit(Pid, kill)
 	    end
     end.
-    
+
 
 append_unique([], List) -> List;
-append_unique([H|R], List) -> 
+append_unique([H|R], List) ->
     case lists:member(H, List) of
 	true -> append_unique(R, List);
 	false -> [H | append_unique(R, List)]
@@ -751,13 +751,13 @@ append_unique([H|R], List) ->
 pick_nodes(all, Nodes, File, Line) ->
     pick_nodes(length(Nodes), Nodes, File, Line);
 pick_nodes(N, [H | T], File, Line) when N > 0 ->
-    [H | pick_nodes(N - 1, T, File, Line)]; 
+    [H | pick_nodes(N - 1, T, File, Line)];
 pick_nodes(0, _Nodes, _File, _Line) ->
     [];
 pick_nodes(N, [], File, Line) ->
     ?skip("Test case (~p(~p)) ignored: ~p nodes missing~n",
 	  [File, Line, N]).
-   
+
 init_nodes([Node | Nodes], File, Line) ->
     case net_adm:ping(Node) of
 	pong ->
@@ -777,7 +777,7 @@ init_nodes([Node | Nodes], File, Line) ->
 init_nodes([], _File, _Line) ->
     [].
 
-%% Returns [Name, Host]    
+%% Returns [Name, Host]
 node_to_name_and_host(Node) ->
     string:tokens(atom_to_list(Node), [$@]).
 
@@ -793,7 +793,7 @@ lookup_config(Key,Config) ->
 
 start_appls(Appls, Nodes) ->
     start_appls(Appls, Nodes, [],  [schema]).
-    
+
 start_appls(Appls, Nodes, Config) ->
     start_appls(Appls, Nodes, Config, [schema]).
 
@@ -815,9 +815,9 @@ start_appls([], _Nodes, _Config, _Tabs) ->
 
 remote_start(mnesia, Config, Nodes) ->
     case diskless(Config) of
-	true -> 
-	    application_controller:set_env(mnesia, 
-					   extra_db_nodes, 
+	true ->
+	    application_controller:set_env(mnesia,
+					   extra_db_nodes,
 					   Nodes -- [node()]),
 	    application_controller:set_env(mnesia,
 					   schema_location,
@@ -830,7 +830,7 @@ remote_start(mnesia, Config, Nodes) ->
     end,
     {node(), mnesia:start()};
 remote_start(Appl, _Config, _Nodes) ->
-    Res = 
+    Res =
 	case application:start(Appl) of
 	    {error, {already_started, Appl}} ->
 		ok;
@@ -842,13 +842,13 @@ remote_start(Appl, _Config, _Nodes) ->
 %% Start Mnesia on all given nodes and wait for specified
 %% tables to be accessible on each node. The atom all means
 %% that we should wait for all tables to be loaded
-%% 
+%%
 %% Returns a list of error tuples {BadNode, mnesia, Reason}
 start_mnesia(Nodes) ->
     start_appls([mnesia], Nodes).
 start_mnesia(Nodes, Tabs) when is_list(Nodes) ->
     start_appls([mnesia], Nodes, [], Tabs).
-    
+
 %% Wait for the tables to be accessible from all nodes in the list
 %% and that all nodes are aware of that the other nodes also ...
 sync_tables(Nodes, Tabs) ->
@@ -924,26 +924,26 @@ verify_nodes([Tab| Tabs], N) ->
 	mnesia:table_info(Tab, ram_copies),
     Local = mnesia:table_info(Tab, local_content),
     case Copies -- Nodes of
-	[] -> 
+	[] ->
 	    verify_nodes(Tabs, 0);
 	_Else when Local == true, Nodes /= [] ->
 	    verify_nodes(Tabs, 0);
         Else ->
-	    N2 = 
+	    N2 =
 		if
-		    N > 20 -> 
-			log("<>WARNING<> ~w Waiting for table: ~p on ~p ~n", 
+		    N > 20 ->
+			log("<>WARNING<> ~w Waiting for table: ~p on ~p ~n",
 				 [node(), Tab, Else]),
 			0;
 		    true -> N+1
-		end,	    
+		end,
 	    timer:sleep(500),
 	    verify_nodes([Tab| Tabs], N2)
     end.
 
 
 %% Nicely stop Mnesia on all given nodes
-%% 
+%%
 %% Returns a list of error tuples {BadNode, Reason}
 stop_mnesia(Nodes) when is_list(Nodes) ->
     stop_appls([mnesia], Nodes).
@@ -1047,7 +1047,7 @@ verify_replica_location(Tab, DiscOnly0, Ram0, Disc0, AliveNodes0) ->
     Read = ignore_dead(DiscOnly ++ Ram ++ Disc, AliveNodes),
     This = node(),
 
-    timer:sleep(100), 
+    timer:sleep(100),
 
     S1 = ?match(AliveNodes, lists:sort(mnesia:system_info(running_db_nodes))),
     S2 = ?match(DiscOnly, lists:sort(mnesia:table_info(Tab, disc_only_copies))),
@@ -1080,7 +1080,7 @@ do_remote_activate_debug_fun(From, I, F, C, File, Line) ->
     timer:sleep(infinity).  % Dies whenever the test process dies !!
 
 
-sort(L) when is_list(L) -> 
+sort(L) when is_list(L) ->
     lists:sort(L);
 sort({atomic, L}) when is_list(L) ->
     {atomic, lists:sort(L)};
diff --git a/lib/mnesia/test/mnesia_test_lib.hrl b/lib/mnesia/test/mnesia_test_lib.hrl
index fc377dbd2c..281634c239 100644
--- a/lib/mnesia/test/mnesia_test_lib.hrl
+++ b/lib/mnesia/test/mnesia_test_lib.hrl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
+%%
 %% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -112,7 +112,7 @@
 -define(remote_deactivate_debug_fun(N, I),
 	rpc:call(N, mnesia_lib, deactivate_debug_fun, [I, ?FILE, ?LINE])).
 
--define(is_debug_compiled, 
+-define(is_debug_compiled,
 	case mnesia_lib:is_debug_compiled() of
 	    false ->
 		?skip("Mnesia is not debug compiled, test case ignored.~n", []);
@@ -120,7 +120,7 @@
 		ok
 	end).
 
--define(needs_disc(Config), 
+-define(needs_disc(Config),
 	case mnesia_test_lib:diskless(Config) of
 	    false ->
 		ok;
@@ -128,5 +128,5 @@
 		?skip("Must have disc, test case ignored.~n", [])
 	end).
 
--define(verify_mnesia(Ups, Downs), 
+-define(verify_mnesia(Ups, Downs),
 	mnesia_test_lib:verify_mnesia(Ups, Downs, ?FILE, ?LINE)).
diff --git a/lib/mnesia/test/mnesia_trans_access_test.erl b/lib/mnesia/test/mnesia_trans_access_test.erl
index ca3f0fbf49..c040d0ca3f 100644
--- a/lib/mnesia/test/mnesia_trans_access_test.erl
+++ b/lib/mnesia/test/mnesia_trans_access_test.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
+%%
 %% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -31,22 +31,22 @@ end_per_testcase(Func, Conf) ->
 
 -define(receive_messages(Msgs), mnesia_recovery_test:receive_messages(Msgs, ?FILE, ?LINE)).
 
-% First Some debug logging 
+% First Some debug logging
 -define(dgb, true).
 -ifdef(dgb).
 -define(dl(X, Y), ?verbose("**TRACING: " ++ X ++ "**~n", Y)).
--else. 
+-else.
 -define(dl(X, Y), ok).
 -endif.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-all() -> 
+all() ->
     [write, read, wread, delete, delete_object,
      match_object, select, select14, all_keys, transaction,
      {group, nested_activities}, {group, index_tabs},
      {group, index_lifecycle}].
 
-groups() -> 
+groups() ->
     [{nested_activities, [],
       [basic_nested, {group, nested_transactions},
        mix_of_nested_activities]},
@@ -80,128 +80,133 @@ end_per_group(_GroupName, Config) ->
 
 write(suite) -> [];
 write(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = write, 
-    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:write([]) end)), 
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 2}) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:write({foo, 2}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:write({Tab, 1, 2})), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = write,
+    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:write([]) end)),
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 2}) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:write({foo, 2}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:write({Tab, 1, 2})),
     ?verify_mnesia(Nodes, []).
 
 %% Read records
 
 read(suite) -> [];
 read(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = read, 
-    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-
-    OneRec = {Tab, 1, 2}, 
-    TwoRec = {Tab, 1, 3}, 
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:read([]) end)), 
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:read({Tab}) end)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = read,
+    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+
+    OneRec = {Tab, 1, 2},
+    TwoRec = {Tab, 1, 3},
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:read([]) end)),
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:read({Tab}) end)),
     ?match({aborted, {bad_type, _}}
-	   ,  mnesia:transaction(fun() -> mnesia:read(OneRec) end)), 
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:read({Tab, 1}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-    ?match({atomic, [OneRec]}, 
-	   mnesia:transaction(fun() -> mnesia:read({Tab, 1}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)), 
-    ?match({atomic, [OneRec, TwoRec]}, 
-	   mnesia:transaction(fun() -> mnesia:read({Tab, 1}) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:read({Tab, 1})), 
+	   ,  mnesia:transaction(fun() -> mnesia:read(OneRec) end)),
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:read({Tab, 1}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+    ?match({atomic, [OneRec]},
+	   mnesia:transaction(fun() -> mnesia:read({Tab, 1}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)),
+    ?match({atomic, [OneRec, TwoRec]},
+	   mnesia:transaction(fun() -> mnesia:read({Tab, 1}) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:read({Tab, 1})),
     ?verify_mnesia(Nodes, []).
 
 %% Read records and set write lock
 
 wread(suite) -> [];
 wread(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = wread, 
-    Schema = [{name, Tab}, {type, set}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    
-    OneRec = {Tab, 1, 2}, 
-    TwoRec = {Tab, 1, 3}, 
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:wread([]) end)), 
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:wread({Tab}) end)), 
+    [_N1,N2] = Nodes = ?acquire_nodes(2, Config),
+    Tab = wread,
+    Schema = [{name, Tab}, {type, set}, {attributes, [k, v]}, {ram_copies, Nodes}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+
+    OneRec = {Tab, 1, 2},
+    TwoRec = {Tab, 1, 3},
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:wread([]) end)),
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:wread({Tab}) end)),
     ?match({aborted, {bad_type, _}}
-	   ,  mnesia:transaction(fun() -> mnesia:wread(OneRec) end)), 
-    
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:wread({Tab, 1}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-    
-    ?match({atomic, [OneRec]}, 
-	   mnesia:transaction(fun() -> mnesia:wread({Tab, 1}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)), 
-    ?match({atomic, [TwoRec]}, 
-	   mnesia:transaction(fun() -> mnesia:wread({Tab, 1}) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:wread({Tab, 1})), 
+	   ,  mnesia:transaction(fun() -> mnesia:wread(OneRec) end)),
+
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:wread({Tab, 1}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+
+    ?match({atomic, [OneRec]},
+	   mnesia:transaction(fun() -> mnesia:wread({Tab, 1}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)),
+    ?match({atomic, [TwoRec]},
+	   mnesia:transaction(fun() -> mnesia:wread({Tab, 1}) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:wread({Tab, 1})),
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Tab, {Tab, 42, a}, sticky_write) end)),
+    ?match({atomic, [{Tab,42, a}]},
+	   rpc:call(N2, mnesia, transaction, [fun() -> mnesia:wread({Tab, 42}) end])),
     ?verify_mnesia(Nodes, []).
 
 %% Delete record
 
 delete(suite) -> [];
 delete(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = delete, 
-    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:delete([]) end)), 
-    ?match({aborted, {bad_type, _}}, 
-	   mnesia:transaction(fun() -> mnesia:delete({Tab}) end)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = delete,
+    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:delete([]) end)),
+    ?match({aborted, {bad_type, _}},
+	   mnesia:transaction(fun() -> mnesia:delete({Tab}) end)),
     ?match({aborted, {bad_type, _}}
-	   ,  mnesia:transaction(fun() -> mnesia:delete({Tab, 1, 2}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:delete({Tab, 1}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:delete({Tab, 1}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:delete({Tab, 1}) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:delete({Tab, 1})), 
+	   ,  mnesia:transaction(fun() -> mnesia:delete({Tab, 1, 2}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:delete({Tab, 1}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:delete({Tab, 1}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 1, 2}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:delete({Tab, 1}) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:delete({Tab, 1})),
     ?verify_mnesia(Nodes, []).
 
 %% Delete matching record
 
 delete_object(suite) -> [];
 delete_object(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = delete_object, 
-    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = delete_object,
+    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
 
-    OneRec = {Tab, 1, 2}, 
+    OneRec = {Tab, 1, 2},
     ?match({aborted, {bad_type, _}},
 	   mnesia:transaction(fun() -> mnesia:delete_object([]) end)),
     ?match({aborted, {bad_type, _}},
@@ -215,17 +220,17 @@ delete_object(Config) when is_list(Config) ->
     ?match({atomic, ok},
 	   mnesia:transaction(fun() -> mnesia:delete_object(OneRec) end)),
     ?match({atomic, ok},
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-    ?match({atomic, ok}, 
 	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
-    ?match({atomic, ok}, 
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+    ?match({atomic, ok},
 	   mnesia:transaction(fun() -> mnesia:delete_object(OneRec) end)),
-    
+
     ?match({'EXIT', {aborted, no_transaction}},  mnesia:delete_object(OneRec)),
 
-    ?match({aborted, {bad_type, Tab, _}}, 
+    ?match({aborted, {bad_type, Tab, _}},
 	   mnesia:transaction(fun() -> mnesia:delete_object({Tab, {['_']}, 21}) end)),
-    ?match({aborted, {bad_type, Tab, _}}, 
+    ?match({aborted, {bad_type, Tab, _}},
 	   mnesia:transaction(fun() -> mnesia:delete_object({Tab, {['$5']}, 21}) end)),
 
     ?verify_mnesia(Nodes, []).
@@ -234,108 +239,108 @@ delete_object(Config) when is_list(Config) ->
 
 match_object(suite) -> [];
 match_object(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = match, 
-    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    
-    OneRec = {Tab, 1, 2}, 
-    OnePat = {Tab, '$1', 2}, 
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:match_object(OnePat) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-    ?match({atomic, [OneRec]}, 
-	   mnesia:transaction(fun() -> mnesia:match_object(OnePat) end)), 
-    
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:match_object({foo, '$1', 2}) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:match_object({[], '$1', 2}) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:match_object(OnePat)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = match,
+    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+
+    OneRec = {Tab, 1, 2},
+    OnePat = {Tab, '$1', 2},
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:match_object(OnePat) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+    ?match({atomic, [OneRec]},
+	   mnesia:transaction(fun() -> mnesia:match_object(OnePat) end)),
+
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:match_object({foo, '$1', 2}) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:match_object({[], '$1', 2}) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:match_object(OnePat)),
     ?verify_mnesia(Nodes, []).
 
 %% select
 select(suite) -> [];
 select(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = match, 
-    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = match,
+    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
 
-    OneRec = {Tab, 1, 2}, 
-    TwoRec = {Tab, 2, 3}, 
+    OneRec = {Tab, 1, 2},
+    TwoRec = {Tab, 2, 3},
     OnePat = [{{Tab, '$1', 2}, [], ['$_']}],
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:select(Tab, OnePat) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)), 
-    ?match({atomic, [OneRec]}, 
-	   mnesia:transaction(fun() -> mnesia:select(Tab, OnePat) end)), 
-
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:select(Tab, {match, '$1', 2}) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:select(Tab, [{'_', [], '$1'}]) end)), 
-
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:select(Tab, OnePat)), 
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:select(Tab, OnePat) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)),
+    ?match({atomic, [OneRec]},
+	   mnesia:transaction(fun() -> mnesia:select(Tab, OnePat) end)),
+
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:select(Tab, {match, '$1', 2}) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:select(Tab, [{'_', [], '$1'}]) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:select(Tab, OnePat)),
     ?verify_mnesia(Nodes, []).
 
 
 %% more select
 select14(suite) -> [];
 select14(Config) when is_list(Config) ->
-    [Node1,Node2] = Nodes = ?acquire_nodes(2, Config), 
-    Tab1 = select14_ets, 
-    Tab2 = select14_dets, 
-    Tab3 = select14_remote, 
-    Tab4 = select14_remote_dets, 
-    Schemas = [[{name, Tab1}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-	       [{name, Tab2}, {attributes, [k, v]}, {disc_only_copies, [Node1]}], 
+    [Node1,Node2] = Nodes = ?acquire_nodes(2, Config),
+    Tab1 = select14_ets,
+    Tab2 = select14_dets,
+    Tab3 = select14_remote,
+    Tab4 = select14_remote_dets,
+    Schemas = [[{name, Tab1}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+	       [{name, Tab2}, {attributes, [k, v]}, {disc_only_copies, [Node1]}],
 	       [{name, Tab3}, {attributes, [k, v]}, {ram_copies, [Node2]}],
-	       [{name, Tab4}, {attributes, [k, v]}, {disc_only_copies, [Node2]}]], 
+	       [{name, Tab4}, {attributes, [k, v]}, {disc_only_copies, [Node2]}]],
     [?match({atomic, ok},  mnesia:create_table(Schema)) || Schema <- Schemas],
 
     %% Some Helpers
     Trans = fun(Fun) -> mnesia:transaction(Fun) end,
     LoopHelp = fun('$end_of_table',_) -> [];
-		  ({Recs,Cont},Fun) -> 
+		  ({Recs,Cont},Fun) ->
 		       Sel = mnesia:select(Cont),
 		       Recs ++ Fun(Sel, Fun)
 	       end,
-    Loop = fun(Table,Pattern) -> 
+    Loop = fun(Table,Pattern) ->
 		   Sel = mnesia:select(Table, Pattern, 1, read),
 		   Res = LoopHelp(Sel,LoopHelp),
 		   case mnesia:table_info(Table, type) of
 		       ordered_set -> Res;
 		       _ -> lists:sort(Res)
-		   end 
+		   end
 	   end,
-    Test = 
+    Test =
 	fun(Tab) ->
-		OneRec = {Tab, 1, 2}, 
-		TwoRec = {Tab, 2, 3}, 
+		OneRec = {Tab, 1, 2},
+		TwoRec = {Tab, 2, 3},
 		OnePat = [{{Tab, '$1', 2}, [], ['$_']}],
 		All = [OneRec,TwoRec],
 		AllPat = [{'_', [], ['$_']}],
 
-		?match({atomic, []}, Trans(fun() -> Loop(Tab, OnePat) end)), 
-		?match({atomic, ok},   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-		?match({atomic, ok},   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)), 
-		?match({atomic, [OneRec]}, Trans(fun() -> Loop(Tab, OnePat) end)), 
-		?match({atomic, All}, Trans(fun() -> Loop(Tab, AllPat) end)), 
-		
+		?match({atomic, []}, Trans(fun() -> Loop(Tab, OnePat) end)),
+		?match({atomic, ok},   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+		?match({atomic, ok},   mnesia:transaction(fun() -> mnesia:write(TwoRec) end)),
+		?match({atomic, [OneRec]}, Trans(fun() -> Loop(Tab, OnePat) end)),
+		?match({atomic, All}, Trans(fun() -> Loop(Tab, AllPat) end)),
+
 		{atomic,{_, Cont}} = Trans(fun() -> mnesia:select(Tab, OnePat, 1, read) end),
 		?match({aborted, wrong_transaction}, Trans(fun() -> mnesia:select(Cont) end)),
-		
-		?match({aborted, _}, Trans(fun() -> mnesia:select(Tab, {match, '$1', 2},1,read) end)), 
-		?match({aborted, _}, Trans(fun() -> mnesia:select(Tab, [{'_', [], '$1'}],1,read) end)), 
-		?match({aborted, _}, Trans(fun() -> mnesia:select(sune) end)),     
-		?match({'EXIT', {aborted, no_transaction}},  mnesia:select(Tab, OnePat,1,read)), 
-		?match({aborted, {badarg,sune}}, 
+
+		?match({aborted, _}, Trans(fun() -> mnesia:select(Tab, {match, '$1', 2},1,read) end)),
+		?match({aborted, _}, Trans(fun() -> mnesia:select(Tab, [{'_', [], '$1'}],1,read) end)),
+		?match({aborted, _}, Trans(fun() -> mnesia:select(sune) end)),
+		?match({'EXIT', {aborted, no_transaction}},  mnesia:select(Tab, OnePat,1,read)),
+		?match({aborted, {badarg,sune}},
 		       Trans(fun() -> mnesia:select(sune) end))
 	end,
     Test(Tab1),
@@ -349,28 +354,28 @@ select14(Config) when is_list(Config) ->
 
 all_keys(suite) ->[];
 all_keys(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = all_keys, 
-    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    
-    Write = fun() -> mnesia:write({Tab, 14, 4}) end, 
-    AllKeys = fun() -> mnesia:all_keys(Tab) end, 
-    
-    ?match({atomic, []},  mnesia:transaction(AllKeys)), 
-    
-    ?match({atomic, ok},  mnesia:transaction(Write)), 
-    ?match({atomic, [14]},  mnesia:transaction(AllKeys)), 
-    
-    ?match({atomic, ok},  mnesia:transaction(Write)), 
-    ?match({atomic, [14]},  mnesia:transaction(AllKeys)), 
-    
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:all_keys(foo) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:all_keys([]) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:all_keys(Tab)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = all_keys,
+    Schema = [{name, Tab}, {type, bag}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+
+    Write = fun() -> mnesia:write({Tab, 14, 4}) end,
+    AllKeys = fun() -> mnesia:all_keys(Tab) end,
+
+    ?match({atomic, []},  mnesia:transaction(AllKeys)),
+
+    ?match({atomic, ok},  mnesia:transaction(Write)),
+    ?match({atomic, [14]},  mnesia:transaction(AllKeys)),
+
+    ?match({atomic, ok},  mnesia:transaction(Write)),
+    ?match({atomic, [14]},  mnesia:transaction(AllKeys)),
+
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:all_keys(foo) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:all_keys([]) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:all_keys(Tab)),
     ?verify_mnesia(Nodes, []).
 
 
@@ -436,49 +441,49 @@ transaction(Config) when is_list(Config) ->
 basic_nested(doc) -> ["Test the basic functionality of nested transactions"];
 basic_nested(suite) -> [];
 basic_nested(Config) when is_list(Config) ->
-    Nodes = ?acquire_nodes(3, Config), 
-    Args =  [{ram_copies,  Nodes}, 
-	     {attributes,  record_info(fields,  ntab)}], 
-    ?match({atomic,  ok},  mnesia:create_table(ntab,  Args)), 
-    do_nested(top), 
+    Nodes = ?acquire_nodes(3, Config),
+    Args =  [{ram_copies,  Nodes},
+	     {attributes,  record_info(fields,  ntab)}],
+    ?match({atomic,  ok},  mnesia:create_table(ntab,  Args)),
+    do_nested(top),
     case mnesia_test_lib:diskless(Config) of
 	false ->
 	    lists:foreach(fun(N) ->
-				  ?match({atomic,  ok}, 
+				  ?match({atomic,  ok},
 					 mnesia:change_table_copy_type(ntab,  N,  disc_only_copies))
-			  end,  Nodes), 
+			  end,  Nodes),
 	    do_nested(top);
-	true -> 
+	true ->
 	    skip
     end,
     ?verify_mnesia(Nodes, []).
 
 do_nested(How) ->
     F1 = fun() ->
-		mnesia:write(#ntab{a= 1}), 
+		mnesia:write(#ntab{a= 1}),
 		mnesia:write(#ntab{a= 2})
-	end, 
+	end,
     F2 = fun() ->
 		 mnesia:read({ntab,  1})
-	 end, 
-    ?match({atomic,  ok},  mnesia:transaction(F1)), 
-    ?match({atomic,  _},  mnesia:transaction(F2)), 
+	 end,
+    ?match({atomic,  ok},  mnesia:transaction(F1)),
+    ?match({atomic,  _},  mnesia:transaction(F2)),
 
-    ?match({atomic,  {aborted,  _}}, 
-	   mnesia:transaction(fun() -> n_f1(), 
+    ?match({atomic,  {aborted,  _}},
+	   mnesia:transaction(fun() -> n_f1(),
 				mnesia:transaction(fun() -> n_f2() end)
-		       end)), 
+		       end)),
 
-    ?match({atomic,  {aborted,  _}}, 
-	   mnesia:transaction(fun() -> n_f1(), 
+    ?match({atomic,  {aborted,  _}},
+	   mnesia:transaction(fun() -> n_f1(),
 				mnesia:transaction(fun() -> n_f3() end)
-		       end)), 
-    ?match({atomic,  {atomic,  [#ntab{a = 5}]}}, 
-	   mnesia:transaction(fun() -> mnesia:write(#ntab{a = 5}), 
+		       end)),
+    ?match({atomic,  {atomic,  [#ntab{a = 5}]}},
+	   mnesia:transaction(fun() -> mnesia:write(#ntab{a = 5}),
 				       mnesia:transaction(fun() -> n_f4() end)
-			      end)), 
-    Cyclic = fun() -> mnesia:abort({cyclic,a,a,a,a,a}) end,  %% Ugly 
-    NodeNotR = fun() -> mnesia:abort({node_not_running, testNode}) end,   
+			      end)),
+    Cyclic = fun() -> mnesia:abort({cyclic,a,a,a,a,a}) end,  %% Ugly
+    NodeNotR = fun() -> mnesia:abort({node_not_running, testNode}) end,
 
     TestAbort = fun(Fun) ->
 			case get(restart_counter) of
@@ -490,46 +495,46 @@ do_nested(How) ->
 				ok
 			end
 		end,
-    
-    ?match({atomic,{atomic,ok}}, 
+
+    ?match({atomic,{atomic,ok}},
 	   mnesia:transaction(fun()->mnesia:transaction(TestAbort,
 							[Cyclic])end)),
-    
-    ?match({atomic,{atomic,ok}}, 
+
+    ?match({atomic,{atomic,ok}},
 	   mnesia:transaction(fun()->mnesia:transaction(TestAbort,
 							[NodeNotR])end)),
-							    
+
     %% Now try the restart thingie
     case How of
-	top ->	    
-	    Pids = [spawn(?MODULE,  do_nested,  [{spawned,  self()}]), 
-		    spawn(?MODULE,  do_nested,  [{spawned,  self()}]), 
-		    spawn(?MODULE,  do_nested,  [{spawned,  self()}]), 
-		    spawn(?MODULE,  do_nested,  [{spawned,  self()}])], 
-	    ?match({info, _, _}, mnesia_tm:get_info(2000)),	    
+	top ->
+	    Pids = [spawn(?MODULE,  do_nested,  [{spawned,  self()}]),
+		    spawn(?MODULE,  do_nested,  [{spawned,  self()}]),
+		    spawn(?MODULE,  do_nested,  [{spawned,  self()}]),
+		    spawn(?MODULE,  do_nested,  [{spawned,  self()}])],
+	    ?match({info, _, _}, mnesia_tm:get_info(2000)),
 	    lists:foreach(fun(P) -> receive
 					{P,  ok} -> ok
 				    end
-			  end,  Pids), 
+			  end,  Pids),
 	    ?match([],  [Tab || Tab <- ets:all(), mnesia_trans_store == ets:info(Tab, name)]);
-				
+
 	{spawned,  Pid} ->
-	    ?match({info, _, _}, mnesia_tm:get_info(2000)),	    
+	    ?match({info, _, _}, mnesia_tm:get_info(2000)),
 	    Pid ! {self(),  ok},
 	    exit(normal)
     end.
 
 
 n_f1() ->
-    mnesia:read({ntab,  1}), 
+    mnesia:read({ntab,  1}),
     mnesia:write(#ntab{a = 3}).
 
 n_f2() ->
-    mnesia:write(#ntab{a = 4}), 
+    mnesia:write(#ntab{a = 4}),
     erlang:error(exit_here).
 
 n_f3() ->
-    mnesia:write(#ntab{a = 4}), 
+    mnesia:write(#ntab{a = 4}),
     throw(funky).
 
 n_f4() ->
@@ -555,24 +560,24 @@ nested_trans_both_dies(Config) when is_list(Config) ->
     nested_transactions(Config, abort, abort).
 
 nested_transactions(Config, Child, Father) ->
-    [Node1, Node2, Node3] = Nodes = ?acquire_nodes(3, Config),    
+    [Node1, Node2, Node3] = Nodes = ?acquire_nodes(3, Config),
     Tab = nested_trans,
 
-    Def = 
+    Def =
 	case mnesia_test_lib:diskless(Config) of
 	    true ->
 		[{name, Tab}, {ram_copies, Nodes}];
 	    false ->
-		[{name, Tab}, {ram_copies, [Node1]}, 
+		[{name, Tab}, {ram_copies, [Node1]},
 		 {disc_copies, [Node2]}, {disc_only_copies, [Node3]}]
 	end,
 
     ?match({atomic, ok}, mnesia:create_table(Def)),
     ?match(ok, mnesia:dirty_write({Tab, father, not_updated})),
-    ?match(ok, mnesia:dirty_write({Tab, child, not_updated})),    
+    ?match(ok, mnesia:dirty_write({Tab, child, not_updated})),
 
     ChildOk = fun() -> mnesia:write({Tab, child, updated}) end,
-    ChildAbort = fun() -> 
+    ChildAbort = fun() ->
 			 mnesia:write({Tab, child, updated}),
 			 erlang:error(exit_here)
 		 end,
@@ -616,7 +621,7 @@ nested_transactions(Config, Child, Father) ->
     ?verify_mnesia(Nodes, []).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-mix_of_nested_activities(doc) -> 
+mix_of_nested_activities(doc) ->
     ["Verify that dirty operations in a transaction are handled like ",
      "normal transactions"];
 mix_of_nested_activities(suite) ->   [];
@@ -624,27 +629,27 @@ mix_of_nested_activities(Config) when is_list(Config) ->
     [Node1, Node2, Node3] = Nodes = ?acquire_nodes(3, Config),
     Tab = tab,
 
-    Def = 
+    Def =
 	case mnesia_test_lib:diskless(Config) of
 	    true -> [{ram_copies, Nodes}];
-	    false -> 
-		[{ram_copies, [Node1]}, 
-		 {disc_copies, [Node2]}, 
+	    false ->
+		[{ram_copies, [Node1]},
+		 {disc_copies, [Node2]},
 		 {disc_only_copies, [Node3]}]
 	end,
 
     ?match({atomic, ok}, mnesia:create_table(Tab, [{type,bag}|Def])),
-    Activities = [transaction, sync_transaction, 
+    Activities = [transaction, sync_transaction,
 		  ets, async_dirty, sync_dirty],
     %% Make a test for all 3000 combinations
-    Tests = [[A,B,C,D,E] || 
+    Tests = [[A,B,C,D,E] ||
 		A <- Activities,
 		B <- Activities,
 		C <- Activities,
 		D <- Activities,
 		E <- Activities],
-    Foreach = 
-	fun(Test,No) -> 
+    Foreach =
+	fun(Test,No) ->
 		Result = lists:reverse(Test),
 		?match({No,Result},{No,catch apply_op({Tab,No},Test)}),
 		No+1
@@ -661,9 +666,9 @@ apply_op(Oid = {Tab,Key},[Type|Next]) ->
 				       apply_op(Oid,Next)
 			       end)).
 
-check_res(transaction, {atomic,Res}) -> 
+check_res(transaction, {atomic,Res}) ->
     Res;
-check_res(sync_transaction, {atomic,Res}) -> 
+check_res(sync_transaction, {atomic,Res}) ->
     Res;
 check_res(async_dirty, Res) when is_list(Res) ->
     Res;
@@ -673,11 +678,11 @@ check_res(ets, Res) when is_list(Res) ->
     Res;
 check_res(Type,Res) ->
     ?match(bug,{Type,Res}).
-    
+
 read_op(Oid) ->
     case lists:reverse(mnesia:read(Oid)) of
 	[] -> [];
-	[{_,_,Ops}|_] -> 
+	[{_,_,Ops}|_] ->
 	    Ops
     end.
 
@@ -686,24 +691,24 @@ read_op(Oid) ->
 
 index_match_object(suite) -> [];
 index_match_object(Config) when is_list(Config) ->
-    [Node1, Node2] = Nodes = ?acquire_nodes(2, Config), 
-    Tab = index_match_object, 
-    Schema = [{name, Tab}, {attributes, [k, v, e]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    ValPos = 3, 
-    BadValPos = ValPos + 2, 
-    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)), 
-
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:index_match_object({Tab, '$1', 2}, ValPos) end)), 
-    OneRec = {Tab, {1, 1}, 2, {1, 1}}, 
-    OnePat = {Tab, '$1', 2, '_'},     
+    [Node1, Node2] = Nodes = ?acquire_nodes(2, Config),
+    Tab = index_match_object,
+    Schema = [{name, Tab}, {attributes, [k, v, e]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+    ValPos = 3,
+    BadValPos = ValPos + 2,
+    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)),
+
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:index_match_object({Tab, '$1', 2}, ValPos) end)),
+    OneRec = {Tab, {1, 1}, 2, {1, 1}},
+    OnePat = {Tab, '$1', 2, '_'},
     BadPat = {Tab, '$1', '$2', '_'},  %% See ref guide
 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
 
-    Imatch = fun(Patt, Pos) -> 
+    Imatch = fun(Patt, Pos) ->
 		     mnesia:transaction(fun() -> lists:sort(mnesia:index_match_object(Patt, Pos)) end)
 	     end,
     ?match({atomic, [OneRec]}, Imatch(OnePat, ValPos)),
@@ -711,13 +716,13 @@ index_match_object(Config) when is_list(Config) ->
     ?match({aborted, _}, Imatch({foo, '$1', 2, '_'}, ValPos)),
     ?match({aborted, _}, Imatch({[], '$1', 2, '_'}, ValPos)),
     ?match({aborted, _}, Imatch(BadPat, ValPos)),
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:index_match_object(OnePat, ValPos)), 
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:index_match_object(OnePat, ValPos)),
 
     Another = {Tab, {3,1}, 2, {4,4}},
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Another) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, {4, 4}, 3, {4, 4}}) end)), 
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Another) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, {4, 4}, 3, {4, 4}}) end)),
 
     ?match({atomic, [OneRec]}, Imatch({Tab, {1,1}, 2, {1,1}}, ValPos)),
     ?match({atomic, [OneRec]}, Imatch({Tab, {1,1}, 2, '$1'}, ValPos)),
@@ -727,110 +732,110 @@ index_match_object(Config) when is_list(Config) ->
     ?match({atomic, [OneRec]}, Imatch({Tab, {'$2', '$1'}, 2, {'_', '$1'}}, ValPos)),
     ?match({atomic, [OneRec, Another]}, Imatch({Tab, '_', 2, '_'}, ValPos)),
 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 4, 5, {7, 4}}) end)),     
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write({Tab, 7, 5, {7, 5}}) end)),     
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 4, 5, {7, 4}}) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write({Tab, 7, 5, {7, 5}}) end)),
 
     ?match({atomic, [{Tab, 4, 5, {7, 4}}]}, Imatch({Tab, '$1', 5, {'_', '$1'}}, ValPos)),
 
     ?match({atomic, [OneRec]}, rpc:call(Node2, mnesia, transaction,
-					[fun() -> 
-						lists:sort(mnesia:index_match_object({Tab, {1,1}, 2, 
+					[fun() ->
+						lists:sort(mnesia:index_match_object({Tab, {1,1}, 2,
 										      {1,1}}, ValPos))
-					 end])),    
+					 end])),
     ?verify_mnesia(Nodes, []).
 
 %% Read records by using an index
 
 index_read(suite) -> [];
 index_read(Config) when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = index_read, 
-    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    ValPos = 3, 
-    BadValPos = ValPos + 1, 
-    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)), 
-
-    OneRec = {Tab, 1, 2}, 
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)), 
-    ?match({atomic, [OneRec]}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, BadValPos) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(foo, 2, ValPos) end)), 
-    ?match({aborted, _}, 
-	   mnesia:transaction(fun() -> mnesia:index_read([], 2, ValPos) end)), 
-    
-    ?match({'EXIT', {aborted, no_transaction}},  mnesia:index_read(Tab, 2, ValPos)), 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = index_read,
+    Schema = [{name, Tab}, {attributes, [k, v]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+    ValPos = 3,
+    BadValPos = ValPos + 1,
+    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)),
+
+    OneRec = {Tab, 1, 2},
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(OneRec) end)),
+    ?match({atomic, [OneRec]},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, BadValPos) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:index_read(foo, 2, ValPos) end)),
+    ?match({aborted, _},
+	   mnesia:transaction(fun() -> mnesia:index_read([], 2, ValPos) end)),
+
+    ?match({'EXIT', {aborted, no_transaction}},  mnesia:index_read(Tab, 2, ValPos)),
     ?verify_mnesia(Nodes, []).
 
 index_update_set(suite) -> [];
 index_update_set(Config)when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = index_test, 
-    Schema = [{name, Tab}, {attributes, [k, v1, v2, v3]}, {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    ValPos = v1, 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = index_test,
+    Schema = [{name, Tab}, {attributes, [k, v1, v2, v3]}, {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+    ValPos = v1,
     ValPos2 = v3,
-    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)), 
-    
+    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)),
+
     Pat1 = {Tab, '$1',  2,   '$2', '$3'},
-    Pat2 = {Tab, '$1', '$2', '$3', '$4'}, 
-    
-    Rec1 = {Tab, 1, 2, 3, 4}, 
+    Pat2 = {Tab, '$1', '$2', '$3', '$4'},
+
+    Rec1 = {Tab, 1, 2, 3, 4},
     Rec2 = {Tab, 2, 2, 13, 14},
-    Rec3 = {Tab, 1, 12, 13, 14}, 
-    Rec4 = {Tab, 4, 2, 13, 14}, 
-    
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec1) end)), 
-    ?match({atomic, [Rec1]}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-    
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec2) end)), 
-    {atomic, R1} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end), 
+    Rec3 = {Tab, 1, 12, 13, 14},
+    Rec4 = {Tab, 4, 2, 13, 14},
+
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec1) end)),
+    ?match({atomic, [Rec1]},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec2) end)),
+    {atomic, R1} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1, Rec2], lists:sort(R1)),
-    
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec3) end)), 
-    {atomic, R2} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end), 
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec3) end)),
+    {atomic, R2} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec2], lists:sort(R2)),
-    ?match({atomic, [Rec2]}, 
-	   mnesia:transaction(fun() -> mnesia:index_match_object(Pat1, ValPos) end)), 
-    
-    {atomic, R3} = mnesia:transaction(fun() -> mnesia:match_object(Pat2) end), 
+    ?match({atomic, [Rec2]},
+	   mnesia:transaction(fun() -> mnesia:index_match_object(Pat1, ValPos) end)),
+
+    {atomic, R3} = mnesia:transaction(fun() -> mnesia:match_object(Pat2) end),
     ?match([Rec3, Rec2], lists:sort(R3)),
-    
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec4) end)), 
-    {atomic, R4} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end), 
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec4) end)),
+    {atomic, R4} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec2, Rec4], lists:sort(R4)),
-    
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:delete({Tab, 4}) end)), 
-    ?match({atomic, [Rec2]}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-    
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:delete({Tab, 4}) end)),
+    ?match({atomic, [Rec2]},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+
     ?match({atomic, ok}, mnesia:del_table_index(Tab, ValPos)),
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:write(Rec4) end)),
     ?match({atomic, ok}, mnesia:add_table_index(Tab, ValPos)),
     ?match({atomic, ok}, mnesia:add_table_index(Tab, ValPos2)),
-    
-    {atomic, R5} = mnesia:transaction(fun() -> mnesia:match_object(Pat2) end), 
+
+    {atomic, R5} = mnesia:transaction(fun() -> mnesia:match_object(Pat2) end),
     ?match([Rec3, Rec2, Rec4], lists:sort(R5)),
-    
+
     {atomic, R6} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec2, Rec4], lists:sort(R6)),
-    
+
     ?match({atomic, []},
 	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 4, ValPos2) end)),
     {atomic, R7} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 14, ValPos2) end),
@@ -857,62 +862,62 @@ index_update_set(Config)when is_list(Config) ->
     ?match([Rec1], lists:sort(R11)),
     ?match({atomic, [Rec1]},mnesia:transaction(fun() -> mnesia:index_read(Tab, 4, ValPos2) end)),
     ?match({atomic, []},mnesia:transaction(fun() -> mnesia:index_read(Tab, 14, ValPos2) end)),
-    
+
     ?verify_mnesia(Nodes, []).
 
 index_update_bag(suite) -> [];
 index_update_bag(Config)when is_list(Config) ->
-    [Node1] = Nodes = ?acquire_nodes(1, Config), 
-    Tab = index_test, 
+    [Node1] = Nodes = ?acquire_nodes(1, Config),
+    Tab = index_test,
     Schema = [{name, Tab},
 	      {type, bag},
-	      {attributes, [k, v1, v2, v3]}, 
-	      {ram_copies, [Node1]}], 
-    ?match({atomic, ok},  mnesia:create_table(Schema)), 
-    ValPos = v1, 
+	      {attributes, [k, v1, v2, v3]},
+	      {ram_copies, [Node1]}],
+    ?match({atomic, ok},  mnesia:create_table(Schema)),
+    ValPos = v1,
     ValPos2 = v3,
 
-    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)), 
+    ?match({atomic, ok},  mnesia:add_table_index(Tab, ValPos)),
 
     Pat1 = {Tab, '$1',  2,   '$2', '$3'},
-    Pat2 = {Tab, '$1', '$2', '$3', '$4'}, 
+    Pat2 = {Tab, '$1', '$2', '$3', '$4'},
 
-    Rec1 = {Tab, 1, 2, 3, 4},    
-    Rec2 = {Tab, 2, 2, 13, 14},  
-    Rec3 = {Tab, 1, 12, 13, 14}, 
-    Rec4 = {Tab, 4, 2, 13, 4}, 
+    Rec1 = {Tab, 1, 2, 3, 4},
+    Rec2 = {Tab, 2, 2, 13, 14},
+    Rec3 = {Tab, 1, 12, 13, 14},
+    Rec4 = {Tab, 4, 2, 13, 4},
     Rec5 = {Tab, 1, 2, 234, 14},
 
     %% Simple Index
-    ?match({atomic, []}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec1) end)), 
-    ?match({atomic, [Rec1]}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
-
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec2) end)), 
+    ?match({atomic, []},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec1) end)),
+    ?match({atomic, [Rec1]},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec2) end)),
     {atomic, R1} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1, Rec2], lists:sort(R1)),
 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec3) end)), 
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec3) end)),
     {atomic, R2} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1, Rec2], lists:sort(R2)),
 
     {atomic, R3} = mnesia:transaction(fun() -> mnesia:index_match_object(Pat1, ValPos) end),
     ?match([Rec1, Rec2], lists:sort(R3)),
- 
+
     {atomic, R4} = mnesia:transaction(fun() -> mnesia:match_object(Pat2) end),
     ?match([Rec1, Rec3, Rec2], lists:sort(R4)),
- 
-    ?match({atomic, ok}, 
-	   mnesia:transaction(fun() -> mnesia:write(Rec4) end)), 
-    {atomic, R5} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end), 
+
+    ?match({atomic, ok},
+	   mnesia:transaction(fun() -> mnesia:write(Rec4) end)),
+    {atomic, R5} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1, Rec2, Rec4], lists:sort(R5)),
 
-    ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:delete({Tab, 4}) end)), 
+    ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:delete({Tab, 4}) end)),
     {atomic, R6} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1, Rec2], lists:sort(R6)),
 
@@ -922,20 +927,20 @@ index_update_bag(Config)when is_list(Config) ->
     ITab = mnesia_lib:val({index_test,{index, IPos}}),
     io:format("~n Index ~p @ ~p => ~p ~n~n",[IPos,ITab, ets:tab2list(ITab)]),
     ?match([{2,1},{2,2},{12,1}], ets:tab2list(ITab)),
-    
+
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:write(Rec5) end)),
     {atomic, R60} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1,Rec5,Rec2], lists:sort(R60)),
 
     ?match([{2,1},{2,2},{12,1}], ets:tab2list(ITab)),
-    
+
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:delete_object(Rec3) end)),
     {atomic, R61} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1,Rec5,Rec2], lists:sort(R61)),
     {atomic, R62} = mnesia:transaction(fun() -> mnesia:index_read(Tab,12, ValPos) end),
     ?match([], lists:sort(R62)),
     ?match([{2,1},{2,2}], ets:tab2list(ITab)),
-    
+
     %% reset for rest of testcase
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:write(Rec3) end)),
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:delete_object(Rec5) end)),
@@ -943,19 +948,19 @@ index_update_bag(Config)when is_list(Config) ->
     ?match([Rec1, Rec2], lists:sort(R6)),
     %% OTP-6587
 
-    ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:delete_object(Rec1) end)), 
-    ?match({atomic, [Rec2]}, 
-	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)), 
+    ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:delete_object(Rec1) end)),
+    ?match({atomic, [Rec2]},
+	   mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end)),
     {atomic, R7} = mnesia:transaction(fun() -> mnesia:match_object(Pat2) end),
     ?match([Rec3, Rec2], lists:sort(R7)),
-    
+
     %% Two indexies
     ?match({atomic, ok}, mnesia:del_table_index(Tab, ValPos)),
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:write(Rec1) end)),
     ?match({atomic, ok}, mnesia:transaction(fun() -> mnesia:write(Rec4) end)),
     ?match({atomic, ok}, mnesia:add_table_index(Tab, ValPos)),
     ?match({atomic, ok}, mnesia:add_table_index(Tab, ValPos2)),
-    
+
     {atomic, R8} = mnesia:transaction(fun() -> mnesia:index_read(Tab, 2, ValPos) end),
     ?match([Rec1, Rec2, Rec4], lists:sort(R8)),
 
@@ -1001,12 +1006,12 @@ index_update_bag(Config)when is_list(Config) ->
 index_write(suite) -> [];
 index_write(doc) -> ["See ticket OTP-8072"];
 index_write(Config)when is_list(Config) ->
-    Nodes = ?acquire_nodes(1, Config), 
+    Nodes = ?acquire_nodes(1, Config),
     mnesia:create_table(a, [{index, [val]}]),
     mnesia:create_table(counter, []),
 
     CreateIfNonExist =
-	fun(Index) ->			       
+	fun(Index) ->
 		case mnesia:index_read(a, Index, 3) of
 		    [] ->
 			Id = mnesia:dirty_update_counter(counter, id, 1),
@@ -1017,7 +1022,7 @@ index_write(Config)when is_list(Config) ->
 			Found
 		end
 	end,
-    
+
     Trans = fun(A) ->
 		    mnesia:transaction(CreateIfNonExist, [A])
 		    %% This works better most of the time
@@ -1030,9 +1035,9 @@ index_write(Config)when is_list(Config) ->
 		     Res = lists:map(Trans, lists:seq(1,10)),
 		     Self ! {self(), Res}
 	     end,
-    
+
     Pids = [spawn(Update) || _ <- lists:seq(1,5)],
-    
+
     Gather = fun(Pid, Acc) -> receive {Pid, Res} -> [Res|Acc] end end,
     Results = lists:foldl(Gather, [], Pids),
     Expected = hd(Results),
@@ -1075,7 +1080,7 @@ add_table_index(Config, Storage) ->
            mnesia:add_table_index(Tab, 1)),
     ?match({aborted, Reason44 } when element(1, Reason44) == bad_type,
            mnesia:add_table_index(Tab, 0)),
-    ?match({aborted, Reason45 } when element(1, Reason45) == bad_type, 
+    ?match({aborted, Reason45 } when element(1, Reason45) == bad_type,
            mnesia:add_table_index(Tab, -1)),
     ?match({atomic, ok}, mnesia:add_table_index(Tab, ValPos)),
     ?match({aborted, Reason46 } when element(1, Reason46) == already_exists,
@@ -1083,10 +1088,10 @@ add_table_index(Config, Storage) ->
 
     NestedFun = fun() ->
                         ?match({aborted, nested_transaction},
-                               mnesia:add_table_index(Tab, ValPos)), 
+                               mnesia:add_table_index(Tab, ValPos)),
                         ok
                 end,
-    ?match({atomic, ok}, mnesia:transaction(NestedFun)), 
+    ?match({atomic, ok}, mnesia:transaction(NestedFun)),
     ?verify_mnesia(Nodes, []).
 
 create_live_table_index_ram(suite) -> [];
@@ -1110,7 +1115,7 @@ create_live_table_index(Config, Storage) ->
     mnesia:dirty_write({Tab, 1, 2}),
 
     Fun = fun() ->
-                  ?match(ok, mnesia:write({Tab, 2, 2})),        
+                  ?match(ok, mnesia:write({Tab, 2, 2})),
                   ok
           end,
     ?match({atomic, ok}, mnesia:transaction(Fun)),
@@ -1133,17 +1138,17 @@ create_live_table_index(Config, Storage) ->
 	     end,
 
     ?match([{atomic,ok}|_], [Create(N) || N <- lists:seq(1,50)]),
-    
+
     ?match([], mnesia_test_lib:stop_mnesia([N2,N3])),
     ?match(ok, rpc:call(N2, mnesia, start, [[{extra_db_nodes,[N1]}]])),
     ?match(ok, rpc:call(N3, mnesia, start, [[{extra_db_nodes,[N1]}]])),
-    
+
     ?match({atomic, ok}, mnesia:add_table_index(Tab, ValPos)),
-    
+
     ?match({atomic, [{Tab, 1, 2},{Tab, 2, 2}]}, mnesia:transaction(IRead)),
-    ?match({atomic, [{Tab, 1, 2},{Tab, 2, 2}]}, 
+    ?match({atomic, [{Tab, 1, 2},{Tab, 2, 2}]},
 	   rpc:call(N2, mnesia, transaction, [IRead])),
-    
+
     ?verify_mnesia(Nodes, []).
 
 %% Drop table index
@@ -1210,49 +1215,49 @@ idx_schema_changes(Config, Storage) ->
 	    ram_copies ->
 		{disc_copies, disc_only_copies}
 	end,
-    
+
     Write = fun(N) ->
 		    mnesia:write({Tab, N, N+50})
-	    end,   
-    
+	    end,
+
     [mnesia:sync_transaction(Write, [N]) || N <- lists:seq(1, 10)],
     ?match([{Tab, 1, 51}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 51, Idx])),
     ?match([{Tab, 1, 51}], rpc:call(N2, mnesia, dirty_index_read, [Tab, 51, Idx])),
 
     ?match({atomic, ok}, mnesia:change_table_copy_type(Tab, N1, Storage1)),
-    
+
     ?match({atomic, ok}, rpc:call(N1, mnesia, sync_transaction, [Write, [17]])),
     ?match({atomic, ok}, rpc:call(N2, mnesia, sync_transaction, [Write, [18]])),
-    
+
     ?match([{Tab, 17, 67}], rpc:call(N2, mnesia, dirty_index_read, [Tab, 67, Idx])),
     ?match([{Tab, 18, 68}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 68, Idx])),
-    
+
     ?match({atomic, ok}, mnesia:del_table_copy(Tab, N1)),
     ?match({atomic, ok}, rpc:call(N1, mnesia, sync_transaction, [Write, [11]])),
     ?match({atomic, ok}, rpc:call(N2, mnesia, sync_transaction, [Write, [12]])),
-    
+
     ?match([{Tab, 11, 61}], rpc:call(N2, mnesia, dirty_index_read, [Tab, 61, Idx])),
     ?match([{Tab, 12, 62}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 62, Idx])),
 
     ?match({atomic, ok}, mnesia:move_table_copy(Tab, N2, N1)),
     ?match({atomic, ok}, rpc:call(N1, mnesia, sync_transaction, [Write, [19]])),
     ?match({atomic, ok}, rpc:call(N2, mnesia, sync_transaction, [Write, [20]])),
-    
+
     ?match([{Tab, 19, 69}], rpc:call(N2, mnesia, dirty_index_read, [Tab, 69, Idx])),
-    ?match([{Tab, 20, 70}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 70, Idx])),   
-    
+    ?match([{Tab, 20, 70}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 70, Idx])),
+
     ?match({atomic, ok}, mnesia:add_table_copy(Tab, N2, Storage)),
     ?match({atomic, ok}, rpc:call(N1, mnesia, sync_transaction, [Write, [13]])),
     ?match({atomic, ok}, rpc:call(N2, mnesia, sync_transaction, [Write, [14]])),
-    
+
     ?match([{Tab, 13, 63}], rpc:call(N2, mnesia, dirty_index_read, [Tab, 63, Idx])),
     ?match([{Tab, 14, 64}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 64, Idx])),
-    
+
     ?match({atomic, ok}, mnesia:change_table_copy_type(Tab, N2, Storage2)),
-    
+
     ?match({atomic, ok}, rpc:call(N1, mnesia, sync_transaction, [Write, [15]])),
     ?match({atomic, ok}, rpc:call(N2, mnesia, sync_transaction, [Write, [16]])),
-    
+
     ?match([{Tab, 15, 65}], rpc:call(N2, mnesia, dirty_index_read, [Tab, 65, Idx])),
     ?match([{Tab, 16, 66}], rpc:call(N1, mnesia, dirty_index_read, [Tab, 66, Idx])),
 
diff --git a/lib/mnesia/vsn.mk b/lib/mnesia/vsn.mk
index ebf79dd2ae..080548acac 100644
--- a/lib/mnesia/vsn.mk
+++ b/lib/mnesia/vsn.mk
@@ -1 +1 @@
-MNESIA_VSN = 4.5.1
+MNESIA_VSN = 4.6
diff --git a/lib/observer/doc/src/Makefile b/lib/observer/doc/src/Makefile
index f82a49abbe..cd9f9466ca 100644
--- a/lib/observer/doc/src/Makefile
+++ b/lib/observer/doc/src/Makefile
@@ -36,6 +36,7 @@ RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
 XML_APPLICATION_FILES = ref_man.xml
 XML_REF3_FILES = \
 	crashdump.xml \
+	observer.xml \
 	etop.xml \
 	ttb.xml
 XML_REF6_FILES = observer_app.xml
@@ -48,6 +49,7 @@ XML_PART_FILES = \
 XML_CHAPTER_FILES = \
 	crashdump_ug.xml \
 	etop_ug.xml \
+	observer_ug.xml \
 	ttb_ug.xml \
 	notes.xml \
 	notes_history.xml
diff --git a/lib/observer/doc/src/notes.xml b/lib/observer/doc/src/notes.xml
index baa1354268..a9554a08f4 100644
--- a/lib/observer/doc/src/notes.xml
+++ b/lib/observer/doc/src/notes.xml
@@ -31,6 +31,125 @@
   <p>This document describes the changes made to the Observer
     application.</p>
 
+<section><title>Observer 1.0</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    The following bugs in <c>ttb</c> have been corrected:</p>
+          <p>
+	    <list> <item><c>ttb:tracer/2</c> would earlier crash when
+	    trying to set up tracing for a diskless node to wrap
+	    files, i.e. when option
+	    <c>{file,{local,{wrap,Filename,Size,Count}}}</c> was
+	    used.</item> <item><c>ttb:stop([fetch])</c> would
+	    sometimes silently fail if multiple nodes with different
+	    current working directories were traced.</item>
+	    <item><c>ttb:stop([fetch])</c> would crash if the tracer
+	    was started with option
+	    <c>{file,{local,Filename}}</c></item> <item>A deadlock
+	    would sometimes occur due to an information printout from
+	    the <c>ttb_control</c> process when <c>ttb</c> was
+	    stopped.</item> </list></p>
+          <p>
+	    Own Id: OTP-9431</p>
+        </item>
+        <item>
+          <p>
+	    The file trace port to which the IP trace client relays
+	    all traces from diskless nodes was not flushed and closed
+	    properly on ttb:stop. This has been corrected.</p>
+          <p>
+	    Own Id: OTP-9665</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    A new GUI for Observer. Integrating pman, etop, appmon
+	    and tv into observer with tracing facilities.</p>
+          <p>
+	    Own Id: OTP-4779</p>
+        </item>
+        <item>
+          <p>
+	    The following new features are added to <c>ttb</c>:</p>
+          <p>
+	    <list> <item>A one-command trace setup is added,
+	    <c>ttb:start_trace/4</c>.</item> <item>The following new
+	    options are added to <c>ttb:tracer/2</c>: <list>
+	    <item><em><c>shell</c></em> - Show trace messages on the
+	    console in real time</item> <item><em><c>timer</c></em> -
+	    Time constrained tracing</item>
+	    <item><em><c>overload</c></em> - Overload
+	    protection</item> <item><em><c>flush</c></em> - Flush
+	    file trace port buffers with given frequency</item>
+	    <item><em><c>resume</c></em> - Automatically resume
+	    tracing after node restart</item> </list> </item> <item>
+	    A new shortcut is added for common tracer settings
+	    similar to using the <c>dbg</c> module directly,
+	    <c>ttb:tracer(shell | dbg)</c>. </item> <item> Some
+	    shortcuts are added for commonly used match
+	    specifications in <c>ttb:tp</c> and <c>ttb:tpl</c>.
+	    </item> <item> The <c>Options</c> argument to functions
+	    <c>ttb:tracer</c>, <c>ttb:write_config</c>,
+	    <c>ttb:stop</c> and <c>ttb:format</c> may now be one
+	    single option instead of a list. </item> <item> The
+	    history buffer of the last trace is now always
+	    automatically dumped to the file <c>ttb_last_config</c>
+	    when <c>ttb:stop</c> is called. </item> <item> The
+	    following new options are added to <c>ttb:stop/1</c>:
+	    <list> <item><em><c>fetch_dir</c></em> - Specify where to
+	    store fetched logs</item>
+	    <item><em><c>{format,FormatOpts}</c></em> - Specify
+	    options to use when formatting the fetched logs</item>
+	    <item><em><c>return_fetch_dir</c></em> - Indicate that
+	    the return value from <c>ttb:stop/1</c> should include
+	    the name of the directory where the fetched logs are
+	    stored</item> </list> </item> <item> The option
+	    <c>disable_sort</c> is added to <c>ttb:format/2</c>. When
+	    this option is used, trace messages from different logs
+	    are not merged according to timestamps, but just appended
+	    one log after the other. </item> </list></p>
+          <p>
+	    Own Id: OTP-9403</p>
+        </item>
+        <item>
+          <p>
+	    The following non backwards compatible changes are done
+	    in <c>ttb</c>:</p>
+          <p>
+	    <list> <item> When setting up trace with ttb, the
+	    'timestamp' trace flag will now always be set. </item>
+	    <item> The 'fetch' option to ttb:stop/1 is removed since
+	    it is now default behavior that trace logs are fetched
+	    when stopping ttb. Fetching can be disabled with the
+	    'nofetch' option to ttb:stop/1. </item> <item> The name
+	    of the upload directory is changed from
+	    ttb_upload-Timestamp to ttb_upload_FileName-Timestamp.
+	    </item> <item> To format the output using 'et', you now
+	    need to provide the option {handler,ttb:get_et_handler()}
+	    instead of {handler,et}. </item> <item> When formatting a
+	    trace log, the handler state was earlier reset after each
+	    trace file, this is now changed so the handler state is
+	    passed not only from one trace message to the next in the
+	    same file, but also from one file to the next. </item>
+	    </list></p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9430</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Observer 0.9.10</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/observer/doc/src/observer.xml b/lib/observer/doc/src/observer.xml
new file mode 100644
index 0000000000..03830f2b1c
--- /dev/null
+++ b/lib/observer/doc/src/observer.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE erlref SYSTEM "erlref.dtd">
+
+<erlref>
+  <header>
+    <copyright>
+      <year>2011</year>
+      <holder>Ericsson AB, All Rights Reserved</holder>
+    </copyright>
+    <legalnotice>
+  The contents of this file are subject to the Erlang Public License,
+  Version 1.1, (the "License"); you may not use this file except in
+  compliance with the License. You should have received a copy of the
+  Erlang Public License along with this software. If not, it can be
+  retrieved online at http://www.erlang.org/.
+
+  Software distributed under the License is distributed on an "AS IS"
+  basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+  the License for the specific language governing rights and limitations
+  under the License.
+
+  The Initial Developer of the Original Code is Ericsson AB.
+    </legalnotice>
+
+    <title>Observer</title>
+    <prepared>Dan Gudmundsson</prepared>
+    <responsible></responsible>
+    <docno>1</docno>
+    <approved></approved>
+    <checked></checked>
+    <date>2011-12-08</date>
+    <rev>PA1</rev>
+    <file>observer.xml</file>
+  </header>
+  <module>observer</module>
+  <modulesummary>A GUI tool for observing an erlang system.</modulesummary>
+  <description>
+    <p>The observer is gui frontend containing various tools to
+    inspect a system.  It displays system information, application
+    structures, process information, ets or mnesia tables and a frontend
+    for tracing with <seealso marker="ttb">ttb</seealso>.
+    </p>
+
+    <p>See the <seealso marker="observer_ug">user's guide</seealso>
+    for more information about how to get started.</p>
+  </description>
+  <funcs>
+    <func>
+      <name>start() -> ok</name>
+      <fsummary>Start the observer gui</fsummary>
+      <desc>
+        <p>This function starts the <c>observer</c> gui.
+	Close the window to stop the application.
+	</p>
+      </desc>
+    </func>
+  </funcs>
+</erlref>
diff --git a/lib/observer/doc/src/observer_ug.xml b/lib/observer/doc/src/observer_ug.xml
new file mode 100644
index 0000000000..569d72e71e
--- /dev/null
+++ b/lib/observer/doc/src/observer_ug.xml
@@ -0,0 +1,190 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+  <header>
+    <copyright>
+      <year>2011</year>
+      <holder>Ericsson AB. All Rights Reserved.</holder>
+    </copyright>
+    <legalnotice>
+      The contents of this file are subject to the Erlang Public License,
+      Version 1.1, (the "License"); you may not use this file except in
+      compliance with the License. You should have received a copy of the
+      Erlang Public License along with this software. If not, it can be
+      retrieved online at http://www.erlang.org/.
+
+      Software distributed under the License is distributed on an "AS IS"
+      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+      the License for the specific language governing rights and limitations
+      under the License.
+
+    </legalnotice>
+
+    <title>Observer</title>
+    <prepared></prepared>
+    <docno></docno>
+    <date></date>
+    <rev></rev>
+    <file>observer_ug.xml</file>
+  </header>
+
+  <section>
+    <title>Introduction</title>
+    <p>Observer, is a graphical tool for observing the characteristics of
+    erlang systems.  Observer displays system information, application
+    supervisor trees, process information, ets or mnesia tables and contains
+    a frontend for erlang tracing.
+    </p>
+  </section>
+
+  <section>
+    <title>General</title>
+    <p>Normally observer should be run from a standalone node to minimize
+    the impact of the system being observed. Example:
+    </p>
+    <code>
+ > erl -sname observer -hidden -setcookie MyCookie -run observer
+    </code>
+    <p>
+      Choose which node to observe via <c>Nodes</c> menu. The <c>View/Refresh
+      Interval</c> controls how frequent the view should be updated.
+      The refresh interval is set per viewer so you can
+      have different settings for each viewer. To minimize the system
+      impact only the active viewer is updated and the other
+      views will be updated when activated.
+    </p>
+    <note>
+      <p>Only R15B nodes can be observed.</p>
+    </note>
+
+    <p> In general the mouse buttons behaves as expected, use left click
+    to select objects, right click to pop up a menu with most used
+    choices and double click to bring up information about the
+    selected object. In most viewers with several columns you can change
+    sort order by left clicking on column header.
+    </p>
+  </section>
+
+  <section>
+    <title>Applications</title>
+    <p>The <c>Applications</c> view lists application information.
+    Select an application in the left list to display its supervisor
+    tree.
+    </p>
+    <p><c>Trace process</c> will add the selected process identifier
+    to <c>Trace Overview</c> view and the node the process resides on
+    will be added as well.
+    </p>
+    <p><c>Trace named process</c> will add the
+    registered name of the process. This can be useful when tracing on
+    several nodes, then processes with that name will be traced on all traced
+    nodes.
+    </p>
+    <p><c>Trace process tree</c> and <c>Trace named process
+    tree</c> will add the selected process and all processes below,
+    right of, it to  the <c>Trace Overview</c> view.
+    </p>
+  </section>
+
+  <section>
+    <title>Processes</title>
+    <p>The <c>Processes</c> view lists process information.
+    For each process the following information is presented:
+    </p>
+    <taglist>
+      <tag>Pid</tag>
+      <item>The process identifier.</item>
+      <tag>Reds</tag>
+      <item>This is the number of reductions that has been executed
+       on the process</item>
+      <tag>Memory</tag>
+      <item>This is the size of the process in bytes, obtained by a
+       call to <c>process_info(Pid,memory)</c>.</item>
+      <tag>MsgQ</tag>
+      <item>This is the length of the message queue for the process.</item>
+    </taglist>
+    <note>
+      <p><em>Reds</em> can be presented as accumulated values or as values since last update.</p>
+    </note>
+    <p><c>Trace Processes</c> will add the selected process identifiers to the <c>Trace Overview</c> view and the
+    node the processes reside on will be added as well.
+    <c>Trace Named Processes</c> will add the registered name of processes. This can be useful
+    when tracing is done on several nodes, then processes with that name will be traced on all traced nodes.
+    </p>
+  </section>
+
+  <section>
+    <title>Table Viewer</title>
+    <p>The <c>Table Viewer</c> view lists tables. By default ets tables
+    are visible and unreadable, private ets, tables and tables created by the OTP
+    applications are not visible.  Use <c>View</c> menu to view "system"
+    ets tables, unreadable ets tables or mnesia tables.
+    </p>
+    <p>Double click to view the content of the table. Select table and activate <c>View/Table Information</c>
+    menu to view table information.
+    </p>
+    <p>In the table viewer you can regexp search for objects, edit and delete objects.
+    </p>
+  </section>
+
+  <section>
+    <title>Trace Overview</title>
+    <p>The <c>Trace Overview</c> view handles tracing. Tracing is done
+    by selecting which processes to be traced and how to trace
+    them. You can trace messages, function calls and events, where
+    events are process related events such as <c>spawn</c>,
+    <c>exit</c> and several others.
+    </p>
+
+    <p>When you want to trace function calls, you also need to setup
+    <c>trace patterns</c>.  Trace patterns selects the function calls
+    that will be traced. The number of traced function calls can be
+    further reduced with <c>match specifications</c>.  Match
+    specifications can also be used to trigger additional information
+    in the trace messages.
+    </p>
+    <note><p>Trace patterns only applies to the traced processes.</p></note>
+
+    <p>
+      Processes are added from the <c>Applications</c> or <c>Processes</c> views.
+      A special <c>new</c> identifier, meaning all processes spawned after trace start,
+      can be added with the <c>Add 'new' Process</c> button.
+    </p>
+    <p>
+      When adding processes, a window with trace options will pop up. The chosen options will
+      be set for the selected processes.
+      Process options can be changed by right clicking on a process.
+    </p>
+    <p>
+      Processes added by process identifiers will add the nodes these
+      processes resides on in the node list. Additional nodes can be added by the <c>Add
+      Nodes</c> button.
+    </p>
+    <p>
+      If function calls are traced, trace patterns must be added by <c>Add Trace Pattern</c> button.
+      Select a module, function(s) and a match specification.
+      If no functions are selected, all functions in the module will be traced.
+      A few basic match specifications are provided in the tool, and
+      you can provide your own match specifications. The syntax of match
+      specifications are described in the <seealso
+      marker="erts:match_spec">ERTS User's Guide</seealso>.  To simplify
+      the writing of a match specification they can also be written as
+      <c>fun/1</c> see <seealso marker="stdlib:ms_transform">ms_transform manual page</seealso> for
+      further information.
+    </p>
+
+    <p>Use the <c>Start trace</c> button to start the trace.
+    By default trace output is written to a new window, tracing is stopped when the
+    window is closed, or with <c>Stop Trace</c> button.
+    Trace output can be changed via <c>Options/Output</c> menu.
+    The trace settings, including match specifications, can be saved to, or loaded from, a file.
+    </p>
+    <p>More information about tracing can be found in <seealso
+    marker="runtime_tools:dbg">dbg</seealso> and in the chapter "Match
+    specifications in Erlang" in <seealso marker="erts:match_spec">ERTS User's
+    Guide</seealso> and the
+    <seealso marker="stdlib:ms_transform">ms_transform manual page</seealso>.
+    </p>
+  </section>
+</chapter>
diff --git a/lib/observer/doc/src/part.xml b/lib/observer/doc/src/part.xml
index bd6c2b6c77..0d6aad09f2 100644
--- a/lib/observer/doc/src/part.xml
+++ b/lib/observer/doc/src/part.xml
@@ -4,7 +4,7 @@
 <part xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>2002</year><year>2009</year>
+      <year>2002</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -31,6 +31,7 @@
     <p>The <em>Observer</em> application contains tools for tracing
       and investigation of distributed systems.</p>
   </description>
+  <xi:include href="observer_ug.xml"/>
   <xi:include href="ttb_ug.xml"/>
   <xi:include href="etop_ug.xml"/>
   <xi:include href="crashdump_ug.xml"/>
diff --git a/lib/observer/doc/src/ref_man.xml b/lib/observer/doc/src/ref_man.xml
index 3d37570d2d..c33ce74141 100644
--- a/lib/observer/doc/src/ref_man.xml
+++ b/lib/observer/doc/src/ref_man.xml
@@ -4,7 +4,7 @@
 <application xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>2002</year><year>2009</year>
+      <year>2002</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -34,6 +34,7 @@
     <br></br>
   </description>
   <xi:include href="observer_app.xml"/>
+  <xi:include href="observer.xml"/>
   <xi:include href="ttb.xml"/>
   <xi:include href="etop.xml"/>
   <xi:include href="crashdump.xml"/>
diff --git a/lib/observer/doc/src/ttb_ug.xml b/lib/observer/doc/src/ttb_ug.xml
index 4f2b55a22a..08093a9451 100644
--- a/lib/observer/doc/src/ttb_ug.xml
+++ b/lib/observer/doc/src/ttb_ug.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2002</year><year>2010</year>
+      <year>2002</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/observer/src/Makefile b/lib/observer/src/Makefile
index 95954d8587..ca26afc11d 100644
--- a/lib/observer/src/Makefile
+++ b/lib/observer/src/Makefile
@@ -42,6 +42,7 @@ MODULES= \
 	etop_tr \
 	etop_txt \
 	observer \
+	observer_app_wx \
 	observer_lib \
 	observer_wx \
 	observer_pro_wx \
@@ -57,6 +58,8 @@ MODULES= \
 HRL_FILES= \
 	../include/etop.hrl
 INTERNAL_HRL_FILES= \
+	observer_tv.hrl \
+	observer_defs.hrl \
 	crashdump_viewer.hrl \
 	etop_defs.hrl
 ERL_FILES= $(MODULES:%=%.erl)
@@ -103,8 +106,7 @@ ERL_COMPILE_FLAGS += \
 # ----------------------------------------------------
 # Targets
 # ----------------------------------------------------
-
-debug opt: $(TARGET_FILES)
+opt debug: $(TARGET_FILES)
 
 clean:
 	rm -f $(TARGET_FILES)
@@ -116,6 +118,8 @@ $(APP_TARGET): $(APP_SRC) ../vsn.mk
 $(APPUP_TARGET): $(APPUP_SRC) ../vsn.mk
 	sed -e 's;%VSN%;$(VSN);' $< > $@
 
+$(TARGET_FILES): $(INTERNAL_HRL_FILES)
+
 docs:
 
 # ----------------------------------------------------
diff --git a/lib/observer/src/etop_gui.erl b/lib/observer/src/etop_gui.erl
index ff1b8078ad..9248d67344 100644
--- a/lib/observer/src/etop_gui.erl
+++ b/lib/observer/src/etop_gui.erl
@@ -17,6 +17,13 @@
 %% %CopyrightEnd%
 %%
 -module(etop_gui).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
+
 -author('[email protected]').
 
 -export([init/1,stop/1]).
diff --git a/lib/observer/src/observer_app_wx.erl b/lib/observer/src/observer_app_wx.erl
new file mode 100644
index 0000000000..62046577ad
--- /dev/null
+++ b/lib/observer/src/observer_app_wx.erl
@@ -0,0 +1,524 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+-module(observer_app_wx).
+
+-export([start_link/2]).
+
+%% wx_object callbacks
+-export([init/1, handle_info/2, terminate/2, code_change/3, handle_call/3,
+	 handle_event/2, handle_sync_event/3, handle_cast/2]).
+
+-behaviour(wx_object).
+-include_lib("wx/include/wx.hrl").
+-include("observer_defs.hrl").
+
+-record(state,
+	{
+	  parent,
+	  panel,
+	  apps_w,
+	  app_w,
+	  paint,
+	  current,
+	  app,
+	  sel,
+	  appmon
+	}).
+
+-record(paint, {font, pen, brush, sel, links}).
+
+-record(app, {ptree, n2p, links, dim}).
+-record(box, {x,y, w,h, s1}).
+-record(str, {x,y,text,pid}).
+
+-define(BX_E, 10). %% Empty width between text and box
+-define(BX_HE, (?BX_E div 2)).
+-define(BY_E, 10). %% Empty height between text and box
+-define(BY_HE, (?BY_E div 2)).
+
+-define(BB_X, 16). %% Empty width between boxes
+-define(BB_Y, 12). %% Empty height between boxes
+
+-define(DRAWAREA, 5).
+-define(ID_PROC_INFO, 101).
+-define(ID_PROC_MSG,  102).
+-define(ID_PROC_KILL, 103).
+-define(ID_TRACE_PID, 104).
+-define(ID_TRACE_NAME, 105).
+-define(ID_TRACE_TREE_PIDS, 106).
+-define(ID_TRACE_TREE_NAMES, 107).
+
+start_link(Notebook, Parent) ->
+    wx_object:start_link(?MODULE, [Notebook, Parent], []).
+
+init([Notebook, Parent]) ->
+    Panel = wxPanel:new(Notebook, [{size, wxWindow:getClientSize(Notebook)},
+				   {winid, 1}
+				  ]),
+    Main = wxBoxSizer:new(?wxHORIZONTAL),
+    Splitter = wxSplitterWindow:new(Panel, [{size, wxWindow:getClientSize(Panel)},
+					    {style, ?wxSP_LIVE_UPDATE},
+					    {id, 2}
+					   ]),
+    Apps = wxListBox:new(Splitter, 3, []),
+    %% Need extra panel and sizer to get correct size updates
+    %% in draw area for some reason
+    P2 = wxPanel:new(Splitter, [{winid, 4}]),
+    Extra = wxBoxSizer:new(?wxVERTICAL),
+    DrawingArea = wxScrolledWindow:new(P2, [{winid, ?DRAWAREA},
+					    {style,?wxFULL_REPAINT_ON_RESIZE}]),
+    wxWindow:setBackgroundColour(DrawingArea, ?wxWHITE),
+    wxWindow:setVirtualSize(DrawingArea, 800, 800),
+    wxSplitterWindow:setMinimumPaneSize(Splitter,50),
+    wxSizer:add(Extra, DrawingArea, [{flag, ?wxEXPAND},{proportion, 1}]),
+    wxWindow:setSizer(P2, Extra),
+    wxSplitterWindow:splitVertically(Splitter, Apps, P2, [{sashPosition, 150}]),
+    wxWindow:setSizer(Panel, Main),
+
+    wxSizer:add(Main, Splitter, [{flag, ?wxEXPAND bor ?wxALL},
+				 {proportion, 1}, {border, 5}]),
+    wxWindow:setSizer(Panel, Main),
+    wxListBox:connect(Apps, command_listbox_selected),
+    wxPanel:connect(DrawingArea, paint, [callback]),
+    wxPanel:connect(DrawingArea, size, [{skip, true}]),
+    wxPanel:connect(DrawingArea, left_up),
+    wxPanel:connect(DrawingArea, left_dclick),
+    wxPanel:connect(DrawingArea, right_down),
+
+    DefFont  = wxSystemSettings:getFont(?wxSYS_DEFAULT_GUI_FONT),
+    SelCol   = wxSystemSettings:getColour(?wxSYS_COLOUR_HIGHLIGHT),
+    SelBrush = wxBrush:new(SelCol),
+    LinkPen  = wxPen:new(SelCol, [{width, 2}]),
+    %%  GC = wxGraphicsContext:create(DrawingArea),
+    %%  _Font = wxGraphicsContext:createFont(GC, DefFont),
+    {Panel, #state{parent=Parent,
+		   panel =Panel,
+		   apps_w=Apps,
+		   app_w =DrawingArea,
+		   paint=#paint{font= DefFont,
+				pen=  ?wxBLACK_PEN,
+				brush=?wxLIGHT_GREY_BRUSH,
+				sel=  SelBrush,
+				links=LinkPen
+			       }
+		  }}.
+
+setup_scrollbar(AppWin, App) ->
+    setup_scrollbar(wxWindow:getClientSize(AppWin), AppWin, App).
+
+setup_scrollbar({CW, CH}, AppWin, #app{dim={W0,H0}}) ->
+    W = max(W0,CW),
+    H = max(H0,CH),
+    PPC = 20,
+    if W0 =< CW, H0 =< CH ->
+	    wxScrolledWindow:setScrollbars(AppWin, W, H, 1, 1);
+       H0 =< CH ->
+	    wxScrolledWindow:setScrollbars(AppWin, PPC, H, W div PPC+1, 1);
+       W0 =< CW ->
+	    wxScrolledWindow:setScrollbars(AppWin, W, PPC, 1, H div PPC+1);
+       true ->
+	    wxScrolledWindow:setScrollbars(AppWin, PPC, PPC, W div PPC+1, H div PPC+1)
+    end;
+setup_scrollbar(_, _, undefined) -> ok.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+handle_event(#wx{event=#wxCommand{type=command_listbox_selected, cmdString=AppStr}},
+	     State = #state{appmon=AppMon, current=Prev}) ->
+    case AppStr of
+	[] ->
+	    {noreply, State};
+	_ ->
+	    App = list_to_atom(AppStr),
+	    (Prev =/= undefined) andalso appmon_info:app(AppMon, Prev, false, []),
+	    appmon_info:app(AppMon, App, true, []),
+	    {noreply, State#state{current=App}}
+    end;
+
+handle_event(#wx{id=Id, event=_Sz=#wxSize{size=Size}},
+	     State=#state{app=App, app_w=AppWin}) ->
+    Id =:= ?DRAWAREA andalso setup_scrollbar(Size,AppWin,App),
+    {noreply, State};
+
+handle_event(#wx{event=#wxMouse{type=Type, x=X0, y=Y0}},
+	     S0=#state{app=#app{ptree=Tree}, app_w=AppWin}) ->
+    {X,Y} = wxScrolledWindow:calcUnscrolledPosition(AppWin, X0, Y0),
+    Hit   = locate_node(X,Y, [Tree]),
+    State = handle_mouse_click(Hit, Type, S0),
+    {noreply, State};
+
+handle_event(#wx{event=#wxCommand{type=command_menu_selected}},
+	     State = #state{sel=undefined}) ->
+    observer_lib:display_info_dialog("Select process first"),
+    {noreply, State};
+
+handle_event(#wx{id=?ID_PROC_INFO, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{panel=Panel, sel={#box{s1=#str{pid=Pid}},_}}) ->
+    observer_procinfo:start(Pid, Panel, self()),
+    {noreply, State};
+
+handle_event(#wx{id=?ID_PROC_MSG, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{panel=Panel, sel={#box{s1=#str{pid=Pid}},_}}) ->
+    case observer_lib:user_term(Panel, "Enter message", "") of
+	cancel ->         ok;
+	{ok, Term} ->     Pid ! Term;
+	{error, Error} -> observer_lib:display_info_dialog(Error)
+    end,
+    {noreply, State};
+
+handle_event(#wx{id=?ID_PROC_KILL, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{panel=Panel, sel={#box{s1=#str{pid=Pid}},_}}) ->
+    case observer_lib:user_term(Panel, "Enter Exit Reason", "") of
+	cancel ->         ok;
+	{ok, Term} ->     exit(Pid, Term);
+	{error, Error} -> observer_lib:display_info_dialog(Error)
+    end,
+    {noreply, State};
+
+%%% Trace api
+handle_event(#wx{id=?ID_TRACE_PID, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{sel={Box,_}}) ->
+    observer_trace_wx:add_processes(observer_wx:get_tracer(), [box_to_pid(Box)]),
+    {noreply, State};
+handle_event(#wx{id=?ID_TRACE_NAME, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{sel={Box,_}}) ->
+    observer_trace_wx:add_processes(observer_wx:get_tracer(), [box_to_reg(Box)]),
+    {noreply, State};
+handle_event(#wx{id=?ID_TRACE_TREE_PIDS, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{sel=Sel}) ->
+    Get = fun(Box) -> box_to_pid(Box) end,
+    observer_trace_wx:add_processes(observer_wx:get_tracer(), tree_map(Sel, Get)),
+    {noreply, State};
+handle_event(#wx{id=?ID_TRACE_TREE_NAMES, event=#wxCommand{type=command_menu_selected}},
+	     State = #state{sel=Sel}) ->
+    Get = fun(Box) -> box_to_reg(Box) end,
+    observer_trace_wx:add_processes(observer_wx:get_tracer(), tree_map(Sel, Get)),
+    {noreply, State};
+
+handle_event(Event, _State) ->
+    error({unhandled_event, Event}).
+
+%%%%%%%%%%
+handle_sync_event(#wx{event = #wxPaint{}},_,
+		  #state{app_w=DA, app=App, sel=Sel, paint=Paint}) ->
+    %% PaintDC must be created in a callback to work on windows.
+    DC = wxPaintDC:new(DA),
+    wxScrolledWindow:doPrepareDC(DA,DC),
+    %% Nothing is drawn until wxPaintDC is destroyed.
+    draw(DC, App, Sel, Paint),
+    wxPaintDC:destroy(DC),
+    ok.
+%%%%%%%%%%
+handle_call(Event, From, _State) ->
+    error({unhandled_call, Event, From}).
+
+handle_cast(Event, _State) ->
+    error({unhandled_cast, Event}).
+%%%%%%%%%%
+handle_info({active, Node}, State = #state{parent=Parent, current=Curr, appmon=Appmon}) ->
+    create_menus(Parent, []),
+    {ok, Pid} = appmon_info:start_link(Node, self(), []),
+    case Appmon of
+	undefined -> ok;
+	Pid -> ok;
+	_ -> %% Deregister me as client (and stop appmon if last)
+	    exit(Appmon, normal)
+    end,
+    appmon_info:app_ctrl(Pid, Node, true, []),
+    (Curr =/= undefined) andalso appmon_info:app(Pid, Curr, true, []),
+    {noreply, State#state{appmon=Pid}};
+
+handle_info(not_active, State = #state{appmon=AppMon, current=Prev}) ->
+    appmon_info:app_ctrl(AppMon, node(AppMon), false, []),
+    (Prev =/= undefined) andalso appmon_info:app(AppMon, Prev, false, []),
+    {noreply, State};
+
+handle_info({delivery, Pid, app_ctrl, _, Apps0},
+	    State = #state{appmon=Pid, apps_w=LBox}) ->
+    Apps = [atom_to_list(App) || {_, App, {_, _, _}} <- Apps0],
+    wxListBox:clear(LBox),
+    wxListBox:appendStrings(LBox, [App || App <- lists:sort(Apps)]),
+    {noreply, State};
+
+handle_info({delivery, _Pid, app, _Curr, {[], [], [], []}},
+	    State = #state{panel=Panel}) ->
+    wxWindow:refresh(Panel),
+    {noreply, State#state{app=undefined, sel=undefined}};
+
+handle_info({delivery, Pid, app, Curr, AppData},
+	    State = #state{panel=Panel, appmon=Pid, current=Curr,
+			   app_w=AppWin, paint=#paint{font=Font}}) ->
+    App = build_tree(AppData, {AppWin,Font}),
+    setup_scrollbar(AppWin, App),
+    wxWindow:refresh(Panel),
+    wxWindow:layout(Panel),
+    {noreply, State#state{app=App, sel=undefined}};
+
+handle_info(_Event, State) ->
+    %% io:format("~p:~p: ~p~n",[?MODULE,?LINE,_Event]),
+    {noreply, State}.
+
+%%%%%%%%%%
+terminate(_Event, _State) ->
+    ok.
+code_change(_, _, State) ->
+    State.
+
+handle_mouse_click(Node = {#box{s1=#str{pid=Pid}},_}, Type,
+		   State=#state{app_w=AppWin,panel=Panel}) ->
+    case Type of
+	left_dclick -> observer_procinfo:start(Pid, Panel, self());
+	right_down ->    popup_menu(Panel);
+	_ ->           ok
+    end,
+    wxWindow:refresh(AppWin),
+    State#state{sel=Node};
+handle_mouse_click(_, _, State = #state{sel=undefined}) ->
+    State;
+handle_mouse_click(_, right_down, State=#state{panel=Panel}) ->
+    popup_menu(Panel),
+    State;
+handle_mouse_click(_, _, State=#state{app_w=AppWin}) ->
+    wxWindow:refresh(AppWin),
+    State#state{sel=undefined}.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+create_menus(Parent, _) ->
+    MenuEntries =
+	[{"File",
+	  [#create_menu{id=?ID_PROC_INFO, text="Process info"},
+	   #create_menu{id=?ID_PROC_MSG,  text="Send Msg"},
+	   #create_menu{id=?ID_PROC_KILL, text="Kill process"}
+	  ]},
+	 {"Trace",
+	  [#create_menu{id=?ID_TRACE_PID,  text="Trace process"},
+	   #create_menu{id=?ID_TRACE_NAME, text="Trace named process"},
+	   #create_menu{id=?ID_TRACE_TREE_PIDS,  text="Trace process tree"},
+	   #create_menu{id=?ID_TRACE_TREE_NAMES,  text="Trace named process tree"}
+	  ]}],
+    observer_wx:create_menus(Parent, MenuEntries).
+
+popup_menu(Panel) ->
+    Menu = wxMenu:new(),
+    wxMenu:append(Menu, ?ID_PROC_INFO,  "Process info"),
+    wxMenu:append(Menu, ?ID_TRACE_PID,  "Trace process"),
+    wxMenu:append(Menu, ?ID_TRACE_NAME, "Trace named process"),
+    wxMenu:append(Menu, ?ID_TRACE_TREE_PIDS, "Trace process tree"),
+    wxMenu:append(Menu, ?ID_TRACE_TREE_NAMES, "Trace named process tree"),
+    wxWindow:popupMenu(Panel, Menu),
+    wxMenu:destroy(Menu).
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+locate_node(X, _Y, [{Box=#box{x=BX}, _Chs}|_Rest])
+  when X < BX ->
+    {left, Box};
+locate_node(X,Y, [Node={Box=#box{x=BX,y=BY,w=BW,h=BH}, _Chs}|Rest])
+  when X =< (BX+BW)->
+    if
+	Y < BY -> {above, Box}; %% Above
+	Y =< (BY+BH) -> Node;
+	true -> locate_node(X,Y,Rest)
+    end;
+locate_node(X,Y, [{_, Chs}|Rest]) ->
+    case locate_node(X,Y,Chs) of
+	Node = {#box{},_} -> Node;
+	_Miss ->
+	    locate_node(X,Y,Rest)
+    end;
+locate_node(_, _, []) -> false.
+
+locate_box(From, [{Box=#box{s1=#str{pid=From}},_}|_]) -> Box;
+locate_box(From, [{_,Chs}|Rest]) ->
+    case locate_box(From, Chs) of
+	Box = #box{} -> Box;
+	_ -> locate_box(From, Rest)
+    end;
+locate_box(From, []) -> {false, From}.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+build_tree({Root, P2Name, Links, XLinks0}, Font) ->
+    Fam = sofs:relation_to_family(sofs:relation(Links)),
+    Name2P = gb_trees:from_orddict(lists:sort([{Name,Pid} || {Pid,Name} <- P2Name])),
+    Lookup = gb_trees:from_orddict(sofs:to_external(Fam)),
+    {_, Tree0} = build_tree2(Root, Lookup, Name2P, Font),
+    {Tree, Dim} = calc_tree_size(Tree0),
+    Fetch = fun({From, To}, Acc) ->
+		    try {value, ToPid} = gb_trees:lookup(To, Name2P),
+			 FromPid = gb_trees:get(From, Name2P),
+			 [{locate_box(FromPid, [Tree]),locate_box(ToPid, [Tree])}|Acc]
+		    catch _:_ ->
+			    Acc
+		    end
+	    end,
+    XLinks = lists:foldl(Fetch, [], XLinks0),
+    #app{ptree=Tree, dim=Dim, links=XLinks}.
+
+build_tree2(Root, Tree0, N2P, Font) ->
+    case gb_trees:lookup(Root, Tree0) of
+	none -> {Tree0, {box(Root, N2P, Font), []}};
+	{value, Children} ->
+	    Tree1 = gb_trees:delete(Root, Tree0),
+	    {Tree, CHs} = lists:foldr(fun("port " ++_, Acc) ->
+					      Acc; %% Skip ports
+					 (Child,{T0, Acc}) ->
+					      {T, C} = build_tree2(Child, T0, N2P, Font),
+					      {T, [C|Acc]}
+				      end, {Tree1, []}, Children),
+	    {Tree, {box(Root, N2P, Font), CHs}}
+    end.
+
+calc_tree_size(Tree) ->
+    Cols = calc_col_start(Tree, [0]),
+    {Boxes,{W,Hs}} = calc_tree_size(Tree, Cols, ?BB_X, [?BB_Y]),
+    {Boxes, {W,lists:max(Hs)}}.
+
+calc_col_start({#box{w=W}, Chs}, [Max|Acc0]) ->
+    Acc = if Acc0 == [] -> [0]; true -> Acc0 end,
+    Depth = lists:foldl(fun(Child, MDepth) -> calc_col_start(Child, MDepth) end,
+			Acc, Chs),
+    [max(W,Max)|Depth].
+
+calc_tree_size({Box=#box{w=W,h=H}, []}, _, X, [Y|Ys]) ->
+    {{Box#box{x=X,y=Y}, []}, {X+W+?BB_X,[Y+H+?BB_Y|Ys]}};
+calc_tree_size({Box, Children}, [Col|Cols], X, [H0|Hs0]) ->
+    Hs1 = calc_row_start(Children, H0, Hs0),
+    StartX = X+Col+?BB_X,
+    {Boxes, {W,Hs}} = calc_tree_sizes(Children, Cols, StartX, StartX, Hs1, []),
+    Y = middle(Boxes, H0),
+    H = Y+Box#box.h+?BB_Y,
+    {{Box#box{x=X,y=Y}, Boxes}, {W,[H|Hs]}}.
+
+calc_tree_sizes([Child|Chs], Cols, X0, W0, Hs0, Acc) ->
+    {Tree, {W,Hs}} = calc_tree_size(Child, Cols, X0, Hs0),
+    calc_tree_sizes(Chs, Cols, X0, max(W,W0), Hs, [Tree|Acc]);
+calc_tree_sizes([], _, _, W,Hs, Acc) ->
+    {lists:reverse(Acc), {W,Hs}}.
+
+calc_row_start(Chs = [{#box{h=H},_}|_], Start, Hs0) ->
+    NChs = length(Chs),
+    Wanted = (H*NChs + ?BB_Y*(NChs-1)) div 2 - H div 2,
+    case Hs0 of
+	[] -> [max(?BB_Y, Start - Wanted)];
+	[Next|Hs] ->
+	    [max(Next, Start - Wanted)|Hs]
+    end.
+
+middle([], Y) -> Y;
+middle([{#box{y=Y}, _}], _) -> Y;
+middle([{#box{y=Y0},_}|List], _) ->
+    {#box{y=Y1},_} = lists:last(List),
+    (Y0+Y1) div 2.
+
+box(Str0, N2P, {Win,Font}) ->
+    Pid = gb_trees:get(Str0, N2P),
+    Str = if hd(Str0) =:= $< -> lists:append(io_lib:format("~w", [Pid]));
+	     true -> Str0
+	  end,
+    {TW,TH, _, _} = wxWindow:getTextExtent(Win, Str, [{theFont, Font}]),
+    Data = #str{text=Str, x=?BX_HE, y=?BY_HE, pid=Pid},
+    %% Add pid
+    #box{w=TW+?BX_E, h=TH+?BY_E, s1=Data}.
+
+box_to_pid(#box{s1=#str{pid=Pid}}) -> Pid.
+box_to_reg(#box{s1=#str{text=[$<|_], pid=Pid}}) -> Pid;
+box_to_reg(#box{s1=#str{text=Name}}) -> list_to_atom(Name).
+
+tree_map({Box, Chs}, Fun) ->
+    tree_map(Chs, Fun, [Fun(Box)]).
+tree_map([{Box, Chs}|Rest], Fun, Acc0) ->
+    Acc = tree_map(Chs, Fun, [Fun(Box)|Acc0]),
+    tree_map(Rest, Fun, Acc);
+tree_map([], _ , Acc) -> Acc.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+draw(_DC, undefined, _, _) ->
+    ok;
+draw(DC, #app{dim={_W,_H}, ptree=Tree, links=Links}, Sel,
+     #paint{font=Font, pen=Pen, brush=Brush, links=LPen, sel=SelBrush}) ->
+    %% Canvas = wxGraphicsContext:create(DC),
+    %% Pen    = wxGraphicsContext:createPen(Canvas, ?wxBLACK_PEN),
+    %% wxGraphicsContext:setPen(Canvas, Pen),
+    %% Brush = wxGraphicsContext:createBrush(Canvas, ?wxLIGHT_GREY_BRUSH),
+    %% wxGraphicsContext:setBrush(Canvas, Brush),
+    %% Font  = wxGraphicsContext:createFont(Canvas, wxSystemSettings:getFont(?wxSYS_DEFAULT_GUI_FONT)),
+    %% wxGraphicsContext:setFont(Canvas, Font),
+    %% draw_tree(Tree, Canvas).
+    wxDC:setPen(DC, LPen),
+    [draw_xlink(Link, DC) || Link <- Links],
+    wxDC:setPen(DC, Pen),
+    %% wxDC:drawRectangle(DC, {2,2}, {W-2,H-2}), %% DEBUG
+    wxDC:setBrush(DC, Brush),
+    wxDC:setFont(DC, Font),
+    draw_tree(Tree, root, DC),
+    case Sel of
+	undefined -> ok;
+	{#box{x=X,y=Y,w=W,h=H,s1=Str1}, _} ->
+	    wxDC:setBrush(DC, SelBrush),
+	    wxDC:drawRoundedRectangle(DC, {X-1,Y-1}, {W+2,H+2}, 8.0),
+	    draw_str(DC, Str1, X, Y)
+    end.
+
+draw_tree({Box=#box{x=X,y=Y,w=W,h=H,s1=Str1}, Chs}, Parent, DC) ->
+    %%wxGraphicsContext:drawRoundedRectangle(DC, float(X), float(Y), float(W), float(H), 8.0),
+    wxDC:drawRoundedRectangle(DC, {X,Y}, {W,H}, 8.0),
+    draw_str(DC, Str1, X, Y),
+    Dot = case Chs of
+	      [] -> ok;
+	      [{#box{x=CX0},_}|_] ->
+		  CY = Y+(H div 2),
+		  CX = CX0-(?BB_X div 2),
+		  wxDC:drawLine(DC, {X+W, CY}, {CX, CY}),
+		  {CX, CY}
+	  end,
+    draw_link(Parent, Box, DC),
+    [draw_tree(Child, Dot, DC) || Child <- Chs].
+
+draw_link({CX,CY}, #box{x=X,y=Y0,h=H}, DC) ->
+    Y = Y0+(H div 2),
+    case Y =:= CY of
+	true ->
+	    wxDC:drawLine(DC, {CX, CY}, {X, CY});
+	false ->
+	    wxDC:drawLines(DC, [{CX, CY}, {CX, Y}, {X,Y}])
+    end;
+draw_link(_, _, _) -> ok.
+
+draw_xlink({#box{x=X0, y=Y0, h=BH}, #box{x=X1, y=Y1}}, DC)
+  when X0 =:= X1 ->
+    draw_xlink(X0,Y0,X1,Y1,BH,DC);
+draw_xlink({#box{x=X0, y=Y0, h=BH, w=BW}, #box{x=X1, y=Y1}}, DC)
+  when X0 < X1 ->
+    draw_xlink(X0+BW,Y0,X1,Y1,BH,DC);
+draw_xlink({#box{x=X0, y=Y0, h=BH}, #box{x=X1, w=BW, y=Y1}}, DC)
+  when X0 > X1 ->
+    draw_xlink(X1+BW,Y1,X0,Y0,BH,DC);
+draw_xlink({_From, _To}, _DC) ->
+    ignore.
+draw_xlink(X0, Y00, X1, Y11, BH, DC) ->
+    {Y0,Y1} = if Y00 < Y11 -> {Y00+BH-6, Y11+6};
+		 true -> {Y00+6, Y11+BH-6}
+	      end,
+    wxDC:drawLines(DC, [{X0,Y0}, {X0+5,Y0}, {X1-5,Y1}, {X1,Y1}]).
+
+draw_str(DC, #str{x=Sx,y=Sy, text=Text}, X, Y) ->
+    %%wxGraphicsContext:drawText(DC, Text, float(Sx+X), float(Sy+Y));
+    wxDC:drawText(DC, Text, {X+Sx,Y+Sy});
+draw_str(_, _, _, _) -> ok.
diff --git a/lib/observer/src/observer_defs.hrl b/lib/observer/src/observer_defs.hrl
index d83a1e2fa5..586e7bbff9 100644
--- a/lib/observer/src/observer_defs.hrl
+++ b/lib/observer/src/observer_defs.hrl
@@ -16,16 +16,6 @@
 %%
 %% %CopyrightEnd%
 
--record(trace_options, {send         = false,
-			treceive     = false,
-			functions    = false,
-			events       = false,
-			on_1st_spawn = false,
-			on_all_spawn = false,
-			on_1st_link  = false,
-			on_all_link  = false,
-			main_window  = true}).
-
 -record(match_spec, {name = "",
 		     term = [],
 		     str  = [],
@@ -37,15 +27,10 @@
 		      arity, %integer
 		      match_spec = #match_spec{}}).
 
--record(on_spawn, {checkbox, all_spawn, first_spawn}).
-
--record(on_link, {checkbox, all_link, first_link}).
-
--record(pid, {window, traced}).
-
 -record(create_menu,
 	{id,
 	 text,
+	 help = [],
 	 type = append,
 	 check = false
 	}).
diff --git a/lib/observer/src/observer_lib.erl b/lib/observer/src/observer_lib.erl
index 90c270e977..5260861497 100644
--- a/lib/observer/src/observer_lib.erl
+++ b/lib/observer/src/observer_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2011. All Rights Reserved.
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -19,11 +19,12 @@
 -module(observer_lib).
 
 -export([get_wx_parent/1,
-	 display_info_dialog/1,
+	 display_info_dialog/1, user_term/3,
 	 interval_dialog/4, start_timer/1, stop_timer/1,
 	 display_info/2, fill_info/2, update_info/2, to_str/1,
 	 create_menus/3, create_menu_item/3,
-	 create_attrs/0
+	 create_attrs/0,
+	 set_listctrl_col_size/2
 	]).
 
 -include_lib("wx/include/wx.hrl").
@@ -195,6 +196,7 @@ to_str(No) when is_integer(No) ->
 to_str(Term) ->
     io_lib:format("~w", [Term]).
 
+create_menus([], _MenuBar, _Type) -> ok;
 create_menus(Menus, MenuBar, Type) ->
     Add = fun({Tag, Ms}, Index) ->
 		  create_menu(Tag, Ms, Index, MenuBar, Type)
@@ -239,15 +241,21 @@ create_menu(Name, MenuItems, Index, MenuBar, _Type) ->
 create_menu_item(#create_menu{id = ?wxID_HELP=Id}, Menu, Index) ->
     wxMenu:insert(Menu, Index, Id),
     Index+1;
-create_menu_item(#create_menu{id = Id, text = Text, type = Type, check = Check}, Menu, Index) ->
+create_menu_item(#create_menu{id=Id, text=Text, help=Help, type=Type, check=Check},
+		 Menu, Index) ->
+    Opts = case Help of
+	       [] -> [];
+	       _ -> [{help, Help}]
+	   end,
     case Type of
 	append ->
-	    wxMenu:insert(Menu, Index, Id, [{text, Text}]);
+	    wxMenu:insert(Menu, Index, Id,
+			  [{text, Text}|Opts]);
 	check ->
-	    wxMenu:insertCheckItem(Menu, Index, Id, Text),
+	    wxMenu:insertCheckItem(Menu, Index, Id, Text, Opts),
 	    wxMenu:check(Menu, Id, Check);
 	radio ->
-	    wxMenu:insertRadioItem(Menu, Index, Id, Text),
+	    wxMenu:insertRadioItem(Menu, Index, Id, Text, Opts),
 	    wxMenu:check(Menu, Id, Check);
 	separator ->
 	    wxMenu:insertSeparator(Menu, Index)
@@ -295,3 +303,73 @@ create_box(Panel, Data) ->
     wxSizer:add(Box, Right),
     wxSizer:addSpacer(Box, 30),
     {Box, InfoFields}.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+set_listctrl_col_size(LCtrl, Total) ->
+    wx:batch(fun() -> calc_last(LCtrl, Total) end).
+
+calc_last(LCtrl, _Total) ->
+    Cols = wxListCtrl:getColumnCount(LCtrl),
+    {Total, _} = wxWindow:getClientSize(LCtrl),
+    SBSize = scroll_size(LCtrl),
+    Last = lists:foldl(fun(I, Last) ->
+			       Last - wxListCtrl:getColumnWidth(LCtrl, I)
+		       end, Total-SBSize, lists:seq(0, Cols - 2)),
+    Size = max(150, Last),
+    wxListCtrl:setColumnWidth(LCtrl, Cols-1, Size).
+
+scroll_size(LCtrl) ->
+    case os:type() of
+	{win32, nt} -> 0;
+	{unix, darwin} ->
+	    %% I can't figure out is there is a visible scrollbar
+	    %% Always make room for it
+	    wxSystemSettings:getMetric(?wxSYS_VSCROLL_X);
+	_ ->
+	    case wxWindow:hasScrollbar(LCtrl, ?wxVERTICAL) of
+		true -> wxSystemSettings:getMetric(?wxSYS_VSCROLL_X);
+		false -> 0
+	    end
+    end.
+
+
+user_term(Parent, Title, Default) ->
+    Dialog = wxTextEntryDialog:new(Parent, Title, [{value, Default}]),
+    case wxTextEntryDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    Str = wxTextEntryDialog:getValue(Dialog),
+	    wxTextEntryDialog:destroy(Dialog),
+	    parse_string(ensure_last_is_dot(Str));
+	?wxID_CANCEL ->
+	    wxTextEntryDialog:destroy(Dialog),
+	    cancel
+    end.
+
+parse_string(Str) ->
+    try
+	Tokens = case erl_scan:string(Str) of
+		     {ok, Ts, _} -> Ts;
+		     {error, {_SLine, SMod, SError}, _} ->
+			 throw(io_lib:format("~s", [SMod:format_error(SError)]))
+		 end,
+	case erl_parse:parse_term(Tokens) of
+	    {error, {_PLine, PMod, PError}} ->
+		throw(io_lib:format("~s", [PMod:format_error(PError)]));
+	    Res -> Res
+	end
+    catch
+	throw:ErrStr ->
+	    {error, ErrStr};
+	_:_Err ->
+	    {error, ["Syntax error in: ", Str]}
+    end.
+
+ensure_last_is_dot([]) ->
+    ".";
+ensure_last_is_dot(String) ->
+    case lists:last(String) =:= $. of
+	true ->
+	    String;
+	false ->
+	    String ++ "."
+    end.
diff --git a/lib/observer/src/observer_pro_wx.erl b/lib/observer/src/observer_pro_wx.erl
index cfc1c0665f..7578215ff9 100644
--- a/lib/observer/src/observer_pro_wx.erl
+++ b/lib/observer/src/observer_pro_wx.erl
@@ -32,22 +32,29 @@
 
 %% Defines
 -define(COL_PID,  0).
--define(COL_NAME, 1).
--define(COL_TIME, 2).
--define(COL_REDS, 3).
--define(COL_MEM,  4).
--define(COL_MSG,  5).
--define(COL_FUN,  6).
+-define(COL_NAME, ?COL_PID+1).
+%%-define(COL_TIME, 2).
+-define(COL_REDS, ?COL_NAME+1).
+-define(COL_MEM,  ?COL_REDS+1).
+-define(COL_MSG,  ?COL_MEM+1).
+-define(COL_FUN,  ?COL_MSG+1).
 
 -define(ID_KILL, 201).
 -define(ID_PROC, 202).
 -define(ID_REFRESH, 203).
 -define(ID_REFRESH_INTERVAL, 204).
 -define(ID_DUMP_TO_FILE, 205).
--define(ID_TRACEMENU, 206).
--define(ID_TRACE_ALL_MENU, 207).
--define(ID_TRACE_NEW_MENU, 208).
--define(ID_ACCUMULATE, 209).
+-define(ID_TRACE_PIDS, 206).
+-define(ID_TRACE_NAMES, 207).
+-define(ID_TRACE_NEW, 208).
+-define(ID_TRACE_ALL, 209).
+-define(ID_ACCUMULATE, 210).
+
+-define(TRACE_PIDS_STR, "Trace selected process identifiers").
+-define(TRACE_NAMES_STR, "Trace selected processes, "
+	"if a process have a registered name "
+	"processes with same name will be traced on all nodes").
+
 
 %% Records
 
@@ -98,12 +105,9 @@ setup(Notebook, Parent, Holder) ->
 
     wxWindow:setSizer(ProPanel, Sizer),
 
-    Popup = create_popup_menu(ProPanel),
-
     State = #state{parent=Parent,
 		   grid=Grid,
 		   panel=ProPanel,
-		   popup_menu=Popup,
 		   parent_notebook=Notebook,
 		   holder=Holder,
 		   timer={false, 10}
@@ -124,34 +128,14 @@ create_pro_menu(Parent, Holder) ->
 		     #create_menu{id=?ID_REFRESH, text="Refresh\tCtrl-R"},
 		     #create_menu{id=?ID_REFRESH_INTERVAL, text="Refresh Interval"}]},
 		   {"Trace",
-		    [#create_menu{id=?ID_TRACEMENU, text="Trace selected processes"},
-		     #create_menu{id=?ID_TRACE_NEW_MENU, text="Trace new processes"}
+		    [#create_menu{id=?ID_TRACE_PIDS, text="Trace processes"},
+		     #create_menu{id=?ID_TRACE_NAMES, text="Trace named processes (all nodes)"},
+		     #create_menu{id=?ID_TRACE_NEW, text="Trace new processes"}
 		     %% , #create_menu{id=?ID_TRACE_ALL_MENU, text="Trace all processes"}
 		    ]}
 		  ],
     observer_wx:create_menus(Parent, MenuEntries).
 
-create_popup_menu(ParentFrame) ->
-    MiniFrame = wxMiniFrame:new(ParentFrame, ?wxID_ANY, "Options", [{style, ?wxFRAME_FLOAT_ON_PARENT}]),
-    Panel = wxPanel:new(MiniFrame),
-    Sizer = wxBoxSizer:new(?wxVERTICAL),
-    TraceBtn = wxButton:new(Panel, ?ID_TRACEMENU, [{label, "Trace selected"},
-						   {style, ?wxNO_BORDER}]),
-    ProcBtn = wxButton:new(Panel, ?ID_PROC, [{label, "Process info"},
-					     {style, ?wxNO_BORDER}]),
-    KillBtn = wxButton:new(Panel, ?ID_KILL, [{label, "Kill process"},
-					     {style, ?wxNO_BORDER}]),
-
-    wxButton:connect(TraceBtn, command_button_clicked),
-    wxButton:connect(ProcBtn, command_button_clicked),
-    wxButton:connect(KillBtn, command_button_clicked),
-    wxSizer:add(Sizer, TraceBtn, [{flag, ?wxEXPAND}, {proportion, 1}]),
-    wxSizer:add(Sizer, ProcBtn, [{flag, ?wxEXPAND}, {proportion, 1}]),
-    wxSizer:add(Sizer, KillBtn, [{flag, ?wxEXPAND}, {proportion, 1}]),
-    wxPanel:setSizer(Panel, Sizer),
-    wxSizer:setSizeHints(Sizer, MiniFrame),
-    MiniFrame.
-
 create_list_box(Panel, Holder) ->
     Style = ?wxLC_REPORT bor ?wxLC_VIRTUAL bor ?wxLC_HRULES,
     ListCtrl = wxListCtrl:new(Panel, [{style, Style},
@@ -174,7 +158,7 @@ create_list_box(Panel, Holder) ->
 		   end,
     ListItems = [{"Pid", ?wxLIST_FORMAT_CENTRE,  120},
 		 {"Name or Initial Func", ?wxLIST_FORMAT_LEFT, 200},
-		 {"Time", ?wxLIST_FORMAT_CENTRE, 50},
+%%		 {"Time", ?wxLIST_FORMAT_CENTRE, 50},
 		 {"Reds", ?wxLIST_FORMAT_RIGHT, 100},
 		 {"Memory", ?wxLIST_FORMAT_RIGHT, 100},
 		 {"MsgQ",  ?wxLIST_FORMAT_RIGHT, 50},
@@ -257,10 +241,6 @@ handle_info(not_active, #state{timer=Timer0}=State) ->
     Timer = observer_lib:stop_timer(Timer0),
     {noreply, State#state{timer=Timer}};
 
-handle_info({node, Node}, #state{holder=Holder}=State) ->
-    Holder ! {change_node, Node},
-    {noreply, State};
-
 handle_info(Info, State) ->
     io:format("~p:~p, Unexpected info: ~p~n", [?MODULE, ?LINE, Info]),
     {noreply, State}.
@@ -314,25 +294,17 @@ handle_event(#wx{id=?ID_REFRESH_INTERVAL},
     Timer = observer_lib:interval_dialog(Panel, Timer0, 1, 5*60),
     {noreply, State#state{timer=Timer}};
 
-handle_event(#wx{id=?ID_KILL},
-	     #state{popup_menu=Pop,sel={[_|Ids], [ToKill|Pids]}}=State) ->
-    wxWindow:show(Pop, [{show, false}]),
+handle_event(#wx{id=?ID_KILL}, #state{sel={[_|Ids], [ToKill|Pids]}}=State) ->
     exit(ToKill, kill),
     {noreply, State#state{sel={Ids,Pids}}};
 
 
-handle_event(#wx{id = ?ID_PROC},
-	     #state{panel=Panel,
-		    popup_menu=Pop,
-		    sel={_, [Pid|_]},
-		    procinfo_menu_pids=Opened}=State) ->
-    wxWindow:show(Pop, [{show, false}]),
+handle_event(#wx{id=?ID_PROC},
+	     #state{panel=Panel, sel={_, [Pid|_]},procinfo_menu_pids=Opened}=State) ->
     Opened2 = start_procinfo(Pid, Panel, Opened),
     {noreply, State#state{procinfo_menu_pids=Opened2}};
 
-handle_event(#wx{id = ?ID_TRACEMENU},
-	     #state{popup_menu=Pop, sel={_, Pids}, panel=Panel}=State)  ->
-    wxWindow:show(Pop, [{show, false}]),
+handle_event(#wx{id=?ID_TRACE_PIDS}, #state{sel={_, Pids}, panel=Panel}=State)  ->
     case Pids of
 	[] ->
 	    observer_wx:create_txt_dialog(Panel, "No selected processes", "Tracer", ?wxICON_EXCLAMATION),
@@ -342,50 +314,54 @@ handle_event(#wx{id = ?ID_TRACEMENU},
 	    {noreply,  State}
     end;
 
-handle_event(#wx{id=?ID_TRACE_NEW_MENU, event=#wxCommand{type=command_menu_selected}}, State) ->
+handle_event(#wx{id=?ID_TRACE_NAMES}, #state{sel={SelIds,_Pids}, holder=Holder, panel=Panel}=State)  ->
+    case SelIds of
+	[] ->
+	    observer_wx:create_txt_dialog(Panel, "No selected processes", "Tracer", ?wxICON_EXCLAMATION),
+	    {noreply, State};
+	_ ->
+	    PidsOrReg = call(Holder, {get_name_or_pid, self(), SelIds}),
+	    observer_trace_wx:add_processes(observer_wx:get_tracer(), PidsOrReg),
+	    {noreply,  State}
+    end;
+
+handle_event(#wx{id=?ID_TRACE_NEW, event=#wxCommand{type=command_menu_selected}}, State) ->
     observer_trace_wx:add_processes(observer_wx:get_tracer(), [new]),
     {noreply,  State};
 
 handle_event(#wx{event=#wxSize{size={W,_}}},
 	     #state{grid=Grid}=State) ->
-    wx:batch(fun() ->
-		     Cols = wxListCtrl:getColumnCount(Grid),
-		     Last = lists:foldl(fun(I, Last) ->
-						Last - wxListCtrl:getColumnWidth(Grid, I)
-					end, W-Cols*3-?LCTRL_WDECR, lists:seq(0, Cols - 2)),
-		     Size = max(200, Last),
-		     %% io:format("Width ~p ~p => ~p~n",[W, Last, Size]),
-		     wxListCtrl:setColumnWidth(Grid, Cols-1, Size)
-	     end),
+    observer_lib:set_listctrl_col_size(Grid, W),
     {noreply, State};
 
 handle_event(#wx{event=#wxList{type=command_list_item_right_click,
 			       itemIndex=Row}},
-	     #state{popup_menu=Popup,
-		    holder=Holder}=State) ->
+	     #state{panel=Panel, holder=Holder}=State) ->
 
     case call(Holder, {get_row, self(), Row, pid}) of
 	{error, undefined} ->
-	    wxWindow:show(Popup, [{show, false}]),
 	    undefined;
 	{ok, _} ->
-	    wxWindow:move(Popup, wx_misc:getMousePosition()),
-	    wxWindow:show(Popup)
+	    Menu = wxMenu:new(),
+	    wxMenu:append(Menu, ?ID_PROC, "Process info"),
+	    wxMenu:append(Menu, ?ID_TRACE_PIDS, "Trace processes", [{help, ?TRACE_PIDS_STR}]),
+	    wxMenu:append(Menu, ?ID_TRACE_NAMES, "Trace named processes (all nodes)",
+			  [{help, ?TRACE_NAMES_STR}]),
+	    wxMenu:append(Menu, ?ID_KILL, "Kill Process"),
+	    wxWindow:popupMenu(Panel, Menu),
+	    wxMenu:destroy(Menu)
     end,
     {noreply, State};
 
 handle_event(#wx{event=#wxList{type=command_list_item_focused,
 			       itemIndex=Row}},
-	     #state{grid=Grid,popup_menu=Pop,holder=Holder} = State) ->
+	     #state{grid=Grid,holder=Holder} = State) ->
     case Row >= 0 of
 	true ->
-	    wxWindow:show(Pop, [{show, false}]),
 	    SelIds = [Row|lists:delete(Row, get_selected_items(Grid))],
 	    Pids = call(Holder, {get_pids, self(), SelIds}),
-	    %% io:format("Focused ~p -> ~p~n",[State#state.sel, {SelIds, Pids}]),
 	    {noreply, State#state{sel={SelIds, Pids}}};
 	false ->
-	    %% io:format("Focused -1~n",[]),
 	    {noreply, State}
     end;
 
@@ -448,7 +424,6 @@ set_focus([Old|_], [New|_], Grid) ->
     wxListCtrl:setItemState(Grid, Old, 0, ?wxLIST_STATE_FOCUSED),
     wxListCtrl:setItemState(Grid, New, 16#FFFF, ?wxLIST_STATE_FOCUSED).
 
-
 %%%%%%%%%%%%%%%%%%%%%%%%%%%TABLE HOLDER%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 init_table_holder(Parent, Attrs) ->
@@ -486,6 +461,9 @@ table_holder(#holder{info=#etop_info{procinfo=Info}, attrs=Attrs,
 	{get_rows_from_pids, From, Pids} ->
 	    get_rows_from_pids(From, Pids, Info),
 	    table_holder(S0);
+	{get_name_or_pid, From, Indices} ->
+	    get_name_or_pid(From, Indices, Info),
+	    table_holder(S0);
 
 	{get_node, From} ->
 	    From ! {self(), Node},
@@ -562,7 +540,7 @@ get_procinfo_data(Col, Info) ->
 col_to_element(?COL_PID)  -> #etop_proc_info.pid;
 col_to_element(?COL_NAME) -> #etop_proc_info.name;
 col_to_element(?COL_MEM)  -> #etop_proc_info.mem;
-col_to_element(?COL_TIME) -> #etop_proc_info.runtime;
+%%col_to_element(?COL_TIME) -> #etop_proc_info.runtime;
 col_to_element(?COL_REDS) -> #etop_proc_info.reds;
 col_to_element(?COL_FUN)  -> #etop_proc_info.cf;
 col_to_element(?COL_MSG)  -> #etop_proc_info.mq.
@@ -571,6 +549,14 @@ get_pids(From, Indices, ProcInfo) ->
     Processes = [(lists:nth(I+1, ProcInfo))#etop_proc_info.pid || I <- Indices],
     From ! {self(), Processes}.
 
+get_name_or_pid(From, Indices, ProcInfo) ->
+    Get = fun(#etop_proc_info{name=Name}) when is_atom(Name) -> Name;
+	     (#etop_proc_info{pid=Pid}) -> Pid
+	  end,
+    Processes = [Get(lists:nth(I+1, ProcInfo)) || I <- Indices],
+    From ! {self(), Processes}.
+
+
 get_row(From, Row, pid, Info) ->
     Pid = case Row =:= -1 of
 	      true ->  {error, undefined};
diff --git a/lib/observer/src/observer_procinfo.erl b/lib/observer/src/observer_procinfo.erl
index 127599a39e..ec08d3aff1 100644
--- a/lib/observer/src/observer_procinfo.erl
+++ b/lib/observer/src/observer_procinfo.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2011. All Rights Reserved.
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -41,7 +41,7 @@
 -record(worker, {panel, callback}).
 
 start(Process, ParentFrame, Parent) ->
-    wx_object:start(?MODULE, [Process, ParentFrame, Parent], []).
+    wx_object:start_link(?MODULE, [Process, ParentFrame, Parent], []).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -52,7 +52,7 @@ init([Pid, ParentFrame, Parent]) ->
 		  {registered_name, Registered} -> atom_to_list(Registered)
 	      end,
 	Frame=wxFrame:new(ParentFrame, ?wxID_ANY, [atom_to_list(node(Pid)), $:, Title],
-			  [{style, ?wxDEFAULT_FRAME_STYLE}, {size, {800,700}}]),
+			  [{style, ?wxDEFAULT_FRAME_STYLE}, {size, {850,600}}]),
 	MenuBar = wxMenuBar:new(),
 	create_menus(MenuBar),
 	wxFrame:setMenuBar(Frame, MenuBar),
@@ -75,10 +75,7 @@ init([Pid, ParentFrame, Parent]) ->
 		      }}
     catch error:{badrpc, _} ->
 	    observer_wx:return_to_localnode(ParentFrame, node(Pid)),
-	    {stop, badrpc, #state{parent=Parent, pid=Pid}};
-	  Error:Reason ->
-	    io:format("~p:~p: ~p ~p~n ~p~n",
-		      [?MODULE, ?LINE, Error, Reason, erlang:get_stacktrace()])
+	    {stop, badrpc, #state{parent=Parent, pid=Pid}}
     end.
 
 init_panel(Notebook, Str, Pid, Fun) ->
@@ -92,30 +89,27 @@ init_panel(Notebook, Str, Pid, Fun) ->
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%Callbacks%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 handle_event(#wx{event=#wxClose{type=close_window}}, State) ->
-    {stop, shutdown, State};
+    {stop, normal, State};
 
 handle_event(#wx{id=?wxID_CLOSE, event=#wxCommand{type=command_menu_selected}}, State) ->
-    {stop, shutdown, State};
+    {stop, normal, State};
 
 handle_event(#wx{id=?REFRESH}, #state{pages=Pages}=State) ->
     [(W#worker.callback)() || W <- Pages],
     {noreply, State};
 
-handle_event(Event, State) ->
-    io:format("~p: ~p, Handle event: ~p~n", [?MODULE, ?LINE, Event]),
-    {noreply, State}.
+handle_event(Event, _State) ->
+    error({unhandled_event, Event}).
 
-handle_info(Info, State) ->
-    io:format("~p: ~p, Handle info: ~p~n", [?MODULE, ?LINE, Info]),
+handle_info(_Info, State) ->
+    %% io:format("~p: ~p, Handle info: ~p~n", [?MODULE, ?LINE, Info]),
     {noreply, State}.
 
-handle_call(Call, _From, State) ->
-    io:format("~p ~p: Got call ~p~n",[?MODULE, ?LINE, Call]),
-    {reply, ok, State}.
+handle_call(Call, From, _State) ->
+    error({unhandled_call, Call, From}).
 
-handle_cast(Cast, State) ->
-    io:format("~p ~p: Got cast ~p~n", [?MODULE, ?LINE, Cast]),
-    {noreply, State}.
+handle_cast(Cast, _State) ->
+    error({unhandled_cast, Cast}).
 
 terminate(_Reason, #state{parent=Parent,pid=Pid,frame=Frame}) ->
     Parent ! {procinfo_menu_closed, Pid},
@@ -130,9 +124,14 @@ code_change(_, _, State) ->
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 init_process_page(Panel, Pid) ->
-    Fields = process_info_fields(Pid),
-    {FPanel, _, UpFields} = observer_lib:display_info(Panel, Fields),
-    {FPanel, fun() -> observer_lib:update_info(UpFields, process_info_fields(Pid)) end}.
+    Fields0 = process_info_fields(Pid),
+    {FPanel, _, UpFields} = observer_lib:display_info(Panel, Fields0),
+    {FPanel, fun() -> case process_info_fields(Pid) of
+			  Fields when is_list(Fields) ->
+			      observer_lib:update_info(UpFields, Fields);
+			  _ -> ok
+		      end
+	     end}.
 
 init_text_page(Parent) ->
     Style = ?wxTE_MULTILINE bor ?wxTE_RICH2 bor ?wxTE_READONLY,
@@ -150,16 +149,20 @@ init_message_page(Parent, Pid) ->
 		      Number+1}
 	     end,
     Update = fun() ->
-		     {messages,RawMessages} =
-			 observer_wx:try_rpc(node(Pid), erlang, process_info, [Pid, messages]),
-		     {Messages,_} = lists:mapfoldl(Format, 1, RawMessages),
-		     Last = wxTextCtrl:getLastPosition(Text),
-		     wxTextCtrl:remove(Text, 0, Last),
-		     case Messages =:= [] of
-			 true ->
-			     wxTextCtrl:writeText(Text, "No messages");
-			 false ->
-			     wxTextCtrl:writeText(Text, Messages)
+		     case observer_wx:try_rpc(node(Pid), erlang, process_info,
+					      [Pid, messages])
+		     of
+			 {messages,RawMessages} ->
+			     {Messages,_} = lists:mapfoldl(Format, 1, RawMessages),
+			     Last = wxTextCtrl:getLastPosition(Text),
+			     wxTextCtrl:remove(Text, 0, Last),
+			     case Messages =:= [] of
+				 true ->
+				     wxTextCtrl:writeText(Text, "No messages");
+				 false ->
+				     wxTextCtrl:writeText(Text, Messages)
+			     end;
+			 _ -> ok
 		     end
 	     end,
     Update(),
@@ -168,37 +171,61 @@ init_message_page(Parent, Pid) ->
 init_dict_page(Parent, Pid) ->
     Text = init_text_page(Parent),
     Update = fun() ->
-		     {dictionary,RawDict} =
-			 observer_wx:try_rpc(node(Pid), erlang, process_info, [Pid, dictionary]),
-		     Dict = [io_lib:format("~-20.w ~p~n", [K, V]) || {K, V} <- RawDict],
-		     Last = wxTextCtrl:getLastPosition(Text),
-		     wxTextCtrl:remove(Text, 0, Last),
-		     wxTextCtrl:writeText(Text, Dict)
+		     case observer_wx:try_rpc(node(Pid), erlang, process_info, [Pid, dictionary])
+		     of
+			 {dictionary,RawDict} ->
+			     Dict = [io_lib:format("~-20.w ~p~n", [K, V]) || {K, V} <- RawDict],
+			     Last = wxTextCtrl:getLastPosition(Text),
+			     wxTextCtrl:remove(Text, 0, Last),
+			     wxTextCtrl:writeText(Text, Dict);
+			 _ -> ok
+		     end
 	     end,
     Update(),
     {Text, Update}.
 
 init_stack_page(Parent, Pid) ->
-    Text = init_text_page(Parent),
-    Format = fun({Mod, Fun, Arg, Info}) ->
-		     Str = io_lib:format("~w:~w/~w", [Mod,Fun,Arg]),
-		     case Info of
-			 [{file,File},{line,Line}] ->
-			     io_lib:format("~-45.s ~s:~w~n", [Str,File,Line]);
-			 _ ->
-			     [Str,$\n]
+    LCtrl = wxListCtrl:new(Parent, [{style, ?wxLC_REPORT bor ?wxLC_HRULES}]),
+    Li = wxListItem:new(),
+    wxListItem:setText(Li, "Module:Function/Arg"),
+    wxListCtrl:insertColumn(LCtrl, 0, Li),
+    wxListCtrl:setColumnWidth(LCtrl, 0, 300),
+    wxListItem:setText(Li, "File:LineNumber"),
+    wxListCtrl:insertColumn(LCtrl, 1, Li),
+    wxListCtrl:setColumnWidth(LCtrl, 1, 300),
+    wxListItem:destroy(Li),
+    Update = fun() ->
+		     case observer_wx:try_rpc(node(Pid), erlang, process_info,
+					      [Pid, current_stacktrace])
+		     of
+			 {current_stacktrace,RawBt} ->
+			     observer_wx:try_rpc(node(Pid), erlang, process_info,
+						 [Pid, current_stacktrace]),
+			     wxListCtrl:deleteAllItems(LCtrl),
+			     wx:foldl(fun({M, F, A, Info}, Row) ->
+					      _Item = wxListCtrl:insertItem(LCtrl, Row, ""),
+					      ?EVEN(Row) andalso
+						  wxListCtrl:setItemBackgroundColour(LCtrl, Row, ?BG_EVEN),
+					      wxListCtrl:setItem(LCtrl, Row, 0, observer_lib:to_str({M,F,A})),
+					      FileLine = case Info of
+							     [{file,File},{line,Line}] ->
+								 io_lib:format("~s:~w", [File,Line]);
+							     _ ->
+								 []
+							 end,
+					      wxListCtrl:setItem(LCtrl, Row, 1, FileLine),
+					      Row+1
+				      end, 0, RawBt);
+			 _ -> ok
 		     end
 	     end,
-    Update = fun() ->
-		     {current_stacktrace,RawBt} =
-			 observer_wx:try_rpc(node(Pid), erlang, process_info,
-					     [Pid, current_stacktrace]),
-		     Last = wxTextCtrl:getLastPosition(Text),
-		     wxTextCtrl:remove(Text, 0, Last),
-		     [wxTextCtrl:writeText(Text, Format(Entry)) || Entry <- RawBt]
+    Resize = fun(#wx{event=#wxSize{size={W,_}}},Ev) ->
+		     wxEvent:skip(Ev),
+		     observer_lib:set_listctrl_col_size(LCtrl, W)
 	     end,
+    wxListCtrl:connect(LCtrl, size, [{callback, Resize}]),
     Update(),
-    {Text, Update}.
+    {LCtrl, Update}.
 
 create_menus(MenuBar) ->
     Menus = [{"File", [#create_menu{id=?wxID_CLOSE, text="Close"}]},
@@ -206,7 +233,6 @@ create_menus(MenuBar) ->
     observer_lib:create_menus(Menus, MenuBar, new_window).
 
 process_info_fields(Pid) ->
-    RawInfo = observer_wx:try_rpc(node(Pid), erlang, process_info, [Pid, item_list()]),
     Struct = [{"Overview",
 	       [{"Initial Call",     initial_call},
 		{"Current Function", current_function},
@@ -236,7 +262,12 @@ process_info_fields(Pid) ->
 		{"GC Min Heap Size", {bytes, get_gc_info(min_heap_size)}},
 		{"GC FullSweep After", get_gc_info(fullsweep_after)}
 	       ]}],
-    observer_lib:fill_info(Struct, RawInfo).
+    case observer_wx:try_rpc(node(Pid), erlang, process_info, [Pid, item_list()]) of
+	RawInfo when is_list(RawInfo) ->
+	    observer_lib:fill_info(Struct, RawInfo);
+	_ ->
+	    ok
+    end.
 
 item_list() ->
     [ %% backtrace,
diff --git a/lib/observer/src/observer_sys_wx.erl b/lib/observer/src/observer_sys_wx.erl
index ddedcf3829..09602bbd9e 100644
--- a/lib/observer/src/observer_sys_wx.erl
+++ b/lib/observer/src/observer_sys_wx.erl
@@ -24,8 +24,6 @@
 -export([init/1, handle_info/2, terminate/2, code_change/3, handle_call/3,
 	 handle_event/2, handle_cast/2]).
 
--export([sys_info/0]).
-
 -include_lib("wx/include/wx.hrl").
 -include("observer_defs.hrl").
 
@@ -48,7 +46,7 @@ start_link(Notebook, Parent) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 init([Notebook, Parent]) ->
-    SysInfo = sys_info(),
+    SysInfo = observer_backend:sys_info(),
     {Info, Stat} = info_fields(),
     Panel = wxPanel:new(Notebook),
     Sizer = wxBoxSizer:new(?wxHORIZONTAL),
@@ -73,7 +71,7 @@ create_sys_menu(Parent) ->
     observer_wx:create_menus(Parent, [View]).
 
 update_syspage(#sys_wx_state{node = Node, fields=Fields, sizer=Sizer}) ->
-    SysInfo = observer_wx:try_rpc(Node, ?MODULE, sys_info, []),
+    SysInfo = observer_wx:try_rpc(Node, observer_backend, sys_info, []),
     {Info, Stat} = info_fields(),
     observer_lib:update_info(Fields, observer_lib:fill_info(Info, SysInfo) ++
 				 observer_lib:fill_info(Stat, SysInfo)),
@@ -97,20 +95,20 @@ info_fields() ->
 	     ]}
 	   ],
     Stat = [{"Memory Usage", right,
-	     [{"Total", total},
-	      {"Processes", processes},
-	      {"Atoms", atom},
-	      {"Binaries", binary},
-	      {"Code", code},
-	      {"Ets", ets}
+	     [{"Total", {bytes, total}},
+	      {"Processes", {bytes, processes}},
+	      {"Atoms", {bytes, atom}},
+	      {"Binaries", {bytes, binary}},
+	      {"Code", {bytes, code}},
+	      {"Ets", {bytes, ets}}
 	     ]},
 	    {"Statistics", right,
-	     [{"Up time", uptime},
+	     [{"Up time", {time_ms, uptime}},
 	      {"Max Processes", process_limit},
 	      {"Processes", process_count},
 	      {"Run Queue", run_queue},
-	      {"IO Input",  io_input},
-	      {"IO Output",  io_output}
+	      {"IO Input",  {bytes, io_input}},
+	      {"IO Output", {bytes, io_output}}
 	     ]}
 	   ],
     {Info, Stat}.
@@ -126,16 +124,6 @@ handle_info(refresh_interval, #sys_wx_state{panel = Panel,
     end,
     {noreply, State};
 
-handle_info({node, Node}, #sys_wx_state{panel = Panel} = State) ->
-    UpdState = State#sys_wx_state{node = Node},
-    try
-	update_syspage(UpdState),
-	{noreply, UpdState}
-    catch error:{badrpc, _} ->
-	    observer_wx:return_to_localnode(Panel, Node),
-	    {noreply, State}
-    end;
-
 handle_info({active, Node}, #sys_wx_state{parent = Parent, panel = Panel,
 					  timer = Timer} = State) ->
     UpdState = State#sys_wx_state{node = Node},
@@ -148,7 +136,6 @@ handle_info({active, Node}, #sys_wx_state{parent = Parent, panel = Panel,
 	    {noreply, State}
     end;
 
-
 handle_info(not_active, #sys_wx_state{timer = Timer} = State) ->
     {noreply, State#sys_wx_state{timer = observer_lib:stop_timer(Timer)}};
 
@@ -188,36 +175,3 @@ handle_event(#wx{id = ?ID_REFRESH_INTERVAL,
 handle_event(Event, State) ->
     io:format("~p:~p: Unhandled event ~p\n", [?MODULE,?LINE,Event]),
     {noreply, State}.
-
-
-sys_info() ->
-    {{_,Input},{_,Output}} = erlang:statistics(io),
-    [{process_count, erlang:system_info(process_count)},
-     {process_limit, erlang:system_info(process_limit)},
-     {uptime, {time_ms, element(1, erlang:statistics(wall_clock))}},
-     {run_queue, erlang:statistics(run_queue)},
-     {io_input, {bytes, Input}},
-     {io_output, {bytes, Output}},
-     {logical_processors, erlang:system_info(logical_processors)},
-     {logical_processors_available, erlang:system_info(logical_processors_available)},
-     {logical_processors_online, erlang:system_info(logical_processors_online)},
-
-     {total, {bytes, erlang:memory(total)}},
-     %%{processes_used, erlang:memory(processes_used)},
-     {processes, {bytes, erlang:memory(processes)}},
-     %%{atom_used, erlang:memory(atom_used)},
-     {atom, {bytes, erlang:memory(atom)}},
-     {binary, {bytes, erlang:memory(binary)}},
-     {code, {bytes, erlang:memory(code)}},
-     {ets, {bytes, erlang:memory(ets)}},
-
-     {otp_release, erlang:system_info(otp_release)},
-     {version, erlang:system_info(version)},
-     {system_architecture, erlang:system_info(system_architecture)},
-     {kernel_poll, erlang:system_info(kernel_poll)},
-     {smp_support, erlang:system_info(smp_support)},
-     {threads, erlang:system_info(threads)},
-     {thread_pool_size, erlang:system_info(thread_pool_size)},
-     {wordsize_internal, erlang:system_info({wordsize, internal})},
-     {wordsize_external, erlang:system_info({wordsize, external})}
-    ].
diff --git a/lib/observer/src/observer_trace_wx.erl b/lib/observer/src/observer_trace_wx.erl
index 0ab7db121b..d0b6a1e063 100644
--- a/lib/observer/src/observer_trace_wx.erl
+++ b/lib/observer/src/observer_trace_wx.erl
@@ -27,30 +27,43 @@
 -include_lib("wx/include/wx.hrl").
 -include("observer_defs.hrl").
 
--define(OPTIONS, 301).
--define(SAVE_BUFFER, 302).
--define(CLOSE, 303).
--define(CLEAR, 304).
 -define(SAVE_TRACEOPTS, 305).
 -define(LOAD_TRACEOPTS, 306).
 -define(TOGGLE_TRACE, 307).
 -define(ADD_NEW, 308).
 -define(ADD_TP, 309).
--define(PROCESSES, 350).
--define(MODULES, 351).
--define(FUNCTIONS, 352).
--define(TRACERWIN, 353).
+-define(TRACE_OUTPUT, 310).
+-define(TRACE_DEFMS,  311).
+-define(TRACE_DEFPS,  312).
+
+-define(NODES_WIN, 330).
+-define(ADD_NODES, 331).
+-define(REMOVE_NODES, 332).
+
+-define(PROC_WIN, 340).
+-define(EDIT_PROCS, 341).
+-define(REMOVE_PROCS, 342).
+
+-define(MODULES_WIN, 350).
+
+-define(FUNCS_WIN, 360).
+-define(EDIT_FUNCS_MS, 361).
+-define(REMOVE_FUNCS_MS, 362).
+
+-define(LOG_WIN, 370).
+-define(LOG_SAVE, 321).
+-define(LOG_CLEAR, 322).
 
 -record(state,
 	{parent,
 	 panel,
-	 p_view,
-	 m_view,
-	 f_view,
+	 n_view,  p_view, m_view, f_view,  %% The listCtrl's
+	 logwin, %% The latest log window
 	 nodes = [],
 	 toggle_button,
 	 tpids = [],  %% #tpid
 	 def_trace_opts = [],
+	 output = [],
 	 tpatterns = dict:new(), % Key =:= Module::atom, Value =:= {M, F, A, MatchSpec}
 	 match_specs = []}). % [ #match_spec{} ]
 
@@ -72,26 +85,27 @@ create_window(Notebook, ParentPid) ->
     Panel = wxPanel:new(Notebook, [{size, wxWindow:getClientSize(Notebook)}]),
     Sizer = wxBoxSizer:new(?wxVERTICAL),
     Splitter = wxSplitterWindow:new(Panel, [{size, wxWindow:getClientSize(Panel)}]),
-    ProcessView = create_process_view(Splitter),
+    {NodeProcView, NodeView, ProcessView} = create_process_view(Splitter),
     {MatchSpecView,ModView,FuncView} = create_matchspec_view(Splitter),
     wxSplitterWindow:setSashGravity(Splitter, 0.5),
     wxSplitterWindow:setMinimumPaneSize(Splitter,50),
-    wxSplitterWindow:splitHorizontally(Splitter, ProcessView, MatchSpecView),
+    wxSplitterWindow:splitHorizontally(Splitter, NodeProcView, MatchSpecView),
     wxSizer:add(Sizer, Splitter, [{flag, ?wxEXPAND bor ?wxALL}, {border, 5}, {proportion, 1}]),
     %% Buttons
     Buttons = wxBoxSizer:new(?wxHORIZONTAL),
     ToggleButton = wxToggleButton:new(Panel, ?TOGGLE_TRACE, "Start Trace", []),
-    wxSizer:add(Buttons, ToggleButton),
-    New = wxButton:new(Panel, ?ADD_NEW, [{label, "Trace New Processes"}]),
-    wxSizer:add(Buttons, New),
-    ATP = wxButton:new(Panel, ?ADD_TP, [{label, "Add Trace Pattern"}]),
-    wxSizer:add(Buttons, ATP),
-    wxMenu:connect(Panel, command_togglebutton_clicked, []),
-    wxMenu:connect(Panel, command_button_clicked, []),
-    wxSizer:add(Sizer, Buttons, [{flag, ?wxALL},{border, 2}, {proportion,0}]),
+    wxSizer:add(Buttons, ToggleButton, [{flag, ?wxALIGN_CENTER_VERTICAL}]),
+    wxSizer:addSpacer(Buttons, 15),
+    wxSizer:add(Buttons, wxButton:new(Panel, ?ADD_NODES, [{label, "Add Nodes"}])),
+    wxSizer:add(Buttons, wxButton:new(Panel, ?ADD_NEW, [{label, "Add 'new' Process"}])),
+    wxSizer:add(Buttons, wxButton:new(Panel, ?ADD_TP, [{label, "Add Trace Pattern"}])),
+    wxMenu:connect(Panel, command_togglebutton_clicked, [{skip, true}]),
+    wxMenu:connect(Panel, command_button_clicked, [{skip, true}]),
+    wxSizer:add(Sizer, Buttons, [{flag, ?wxLEFT bor ?wxRIGHT bor ?wxDOWN},
+				 {border, 5}, {proportion,0}]),
     wxWindow:setSizer(Panel, Sizer),
     {Panel, #state{parent=ParentPid, panel=Panel,
-		   p_view=ProcessView, m_view=ModView, f_view=FuncView,
+		   n_view=NodeView, p_view=ProcessView, m_view=ModView, f_view=FuncView,
 		   toggle_button = ToggleButton,
 		   match_specs=default_matchspecs()}}.
 
@@ -103,36 +117,51 @@ default_matchspecs() ->
     [make_ms(Name,Term,FunStr) || {Name,Term,FunStr} <- Ms].
 
 create_process_view(Parent) ->
-    Style = ?wxLC_REPORT bor ?wxLC_SINGLE_SEL bor ?wxLC_HRULES,
-    Grid = wxListCtrl:new(Parent, [{winid, ?PROCESSES}, {style, Style}]),
+    Panel  = wxPanel:new(Parent),
+    MainSz = wxBoxSizer:new(?wxHORIZONTAL),
+    Style = ?wxLC_REPORT bor ?wxLC_HRULES,
+    Splitter = wxSplitterWindow:new(Panel, []),
+    Nodes = wxListCtrl:new(Splitter, [{winid, ?NODES_WIN}, {style, Style}]),
+    Procs = wxListCtrl:new(Splitter, [{winid, ?PROC_WIN}, {style, Style}]),
     Li = wxListItem:new(),
-    AddListEntry = fun({Name, Align, DefSize}, Col) ->
+    wxListItem:setText(Li, "Nodes"),
+    wxListCtrl:insertColumn(Nodes, 0, Li),
+
+    AddProc = fun({Name, Align, DefSize}, Col) ->
 			   wxListItem:setText(Li, Name),
 			   wxListItem:setAlign(Li, Align),
-			   wxListCtrl:insertColumn(Grid, Col, Li),
-			   wxListCtrl:setColumnWidth(Grid, Col, DefSize),
+			   wxListCtrl:insertColumn(Procs, Col, Li),
+			   wxListCtrl:setColumnWidth(Procs, Col, DefSize),
 			   Col + 1
 		   end,
     ListItems = [{"Process Id",    ?wxLIST_FORMAT_CENTER,  120},
 		 {"Trace Options", ?wxLIST_FORMAT_LEFT, 300}],
-    lists:foldl(AddListEntry, 0, ListItems),
+    lists:foldl(AddProc, 0, ListItems),
     wxListItem:destroy(Li),
 
-    %% wxListCtrl:connect(Grid, command_list_item_activated),
-    %% wxListCtrl:connect(Grid, command_list_item_selected),
-    wxListCtrl:connect(Grid, size, [{skip, true}]),
+    wxSplitterWindow:setSashGravity(Splitter, 0.0),
+    wxSplitterWindow:setMinimumPaneSize(Splitter,50),
+    wxSplitterWindow:splitVertically(Splitter, Nodes, Procs, [{sashPosition, 155}]),
+    wxSizer:add(MainSz, Splitter, [{flag, ?wxEXPAND}, {proportion, 1}]),
+
+    wxListCtrl:connect(Procs, command_list_item_right_click),
+    wxListCtrl:connect(Nodes, command_list_item_right_click),
+    wxListCtrl:connect(Procs, size, [{skip, true}]),
+    wxListCtrl:connect(Nodes, size, [{skip, true}]),
 
-    wxWindow:setFocus(Grid),
-    Grid.
+    wxPanel:setSizer(Panel, MainSz),
+    wxWindow:setFocus(Procs),
+    {Panel, Nodes, Procs}.
 
 create_matchspec_view(Parent) ->
     Panel  = wxPanel:new(Parent),
     MainSz = wxBoxSizer:new(?wxHORIZONTAL),
-    Style = ?wxLC_REPORT bor ?wxLC_SINGLE_SEL bor ?wxLC_HRULES,
+    Style = ?wxLC_REPORT bor ?wxLC_HRULES,
     Splitter = wxSplitterWindow:new(Panel, []),
-    Modules = wxListCtrl:new(Splitter, [{winid, ?MODULES}, {style, Style}]),
-    Funcs   = wxListCtrl:new(Splitter, [{winid, ?FUNCTIONS}, {style, Style}]),
+    Modules = wxListCtrl:new(Splitter, [{winid, ?MODULES_WIN}, {style, Style}]),
+    Funcs   = wxListCtrl:new(Splitter, [{winid, ?FUNCS_WIN}, {style, Style}]),
     Li = wxListItem:new(),
+
     wxListItem:setText(Li, "Modules"),
     wxListCtrl:insertColumn(Modules, 0, Li),
     wxListItem:setText(Li, "Functions"),
@@ -142,49 +171,45 @@ create_matchspec_view(Parent) ->
     wxListCtrl:insertColumn(Funcs, 1, Li),
     wxListCtrl:setColumnWidth(Funcs, 1, 300),
     wxListItem:destroy(Li),
+
     wxSplitterWindow:setSashGravity(Splitter, 0.0),
     wxSplitterWindow:setMinimumPaneSize(Splitter,50),
-    wxSplitterWindow:splitVertically(Splitter, Modules, Funcs, [{sashPosition, 150}]),
+    wxSplitterWindow:splitVertically(Splitter, Modules, Funcs, [{sashPosition, 155}]),
     wxSizer:add(MainSz, Splitter,   [{flag, ?wxEXPAND}, {proportion, 1}]),
 
     wxListCtrl:connect(Modules, size, [{skip, true}]),
     wxListCtrl:connect(Funcs,   size, [{skip, true}]),
     wxListCtrl:connect(Modules, command_list_item_selected),
-    %% wxListCtrl:connect(Funcs, command_list_item_selected),
+    wxListCtrl:connect(Funcs, command_list_item_right_click),
     wxPanel:setSizer(Panel, MainSz),
     {Panel, Modules, Funcs}.
 
 create_menues(Parent) ->
-    Menus = [{"File", [#create_menu{id = ?LOAD_TRACEOPTS, text = "Load settings"},
-		       #create_menu{id = ?SAVE_TRACEOPTS, text = "Save settings"}]
-	     }],
+    Menus = [{"File",
+	      [#create_menu{id = ?LOAD_TRACEOPTS, text = "Load settings"},
+	       #create_menu{id = ?SAVE_TRACEOPTS, text = "Save settings"}]},
+	     {"Options",
+	      [#create_menu{id = ?TRACE_OUTPUT, text = "Output"},
+	       #create_menu{id = ?TRACE_DEFMS, text = "Match Specifications"},
+	       #create_menu{id = ?TRACE_DEFPS, text = "Default Process Options"}]}
+	    ],
     observer_wx:create_menus(Parent, Menus).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%Main window
 handle_event(#wx{obj=Obj, event=#wxSize{size={W,_}}}, State) ->
     case wx:getObjectType(Obj) =:= wxListCtrl of
-	true ->
-	    wx:batch(fun() ->
-			     Cols = wxListCtrl:getColumnCount(Obj),
-			     Last = lists:foldl(fun(I, Last) ->
-							Last - wxListCtrl:getColumnWidth(Obj, I)
-						end, W-?LCTRL_WDECR, lists:seq(0, Cols - 2)),
-			     Size = max(150, Last),
-			     wxListCtrl:setColumnWidth(Obj, Cols-1, Size)
-		     end);
-	false ->
-	    ok
+	true ->  observer_lib:set_listctrl_col_size(Obj, W);
+	false -> ok
     end,
     {noreply, State};
 
 handle_event(#wx{id=?ADD_NEW}, State = #state{panel=Parent, def_trace_opts=TraceOpts}) ->
-    case observer_traceoptions_wx:process_trace(Parent, TraceOpts) of
-	{ok, Opts} ->
-	    Process = #tpid{pid=new, opts=Opts},
-	    {noreply, do_add_processes([Process], State#state{def_trace_opts=Opts})};
-	cancel ->
-	    {noreply, State}
+    try
+	Opts = observer_traceoptions_wx:process_trace(Parent, TraceOpts),
+	Process = #tpid{pid=new, opts=Opts},
+	{noreply, do_add_processes([Process], State#state{def_trace_opts=Opts})}
+    catch cancel -> {noreply, State}
     end;
 
 handle_event(#wx{id=?ADD_TP},
@@ -200,98 +225,101 @@ handle_event(#wx{id=?ADD_TP},
 	    {noreply, do_add_patterns(Patterns, State)}
     end;
 
-handle_event(#wx{id=?MODULES, event=#wxList{type=command_list_item_selected, itemIndex=Row}},
+handle_event(#wx{id=?MODULES_WIN, event=#wxList{type=command_list_item_selected, itemIndex=Row}},
 	     State = #state{tpatterns=TPs, m_view=Mview, f_view=Fview}) ->
     Module = list_to_atom(wxListCtrl:getItemText(Mview, Row)),
     update_functions_view(dict:fetch(Module, TPs), Fview),
     {noreply, State};
 
-
 handle_event(#wx{event = #wxCommand{type = command_togglebutton_clicked, commandInt = 1}},
 	     #state{panel = Panel,
 		    nodes = Nodes,
 		    tpids = TProcs,
-		    tpatterns = TPs,
-		    toggle_button = ToggleBtn} = State) ->
-    LogWin = wxFrame:new(Panel, ?TRACERWIN, "Trace Log", [{size, {750, 800}}]),
-    Text   = wxTextCtrl:new(LogWin, ?wxID_ANY,
-			    [{style, ?wxTE_MULTILINE bor ?wxTE_RICH2 bor
-				  ?wxTE_DONTWRAP bor ?wxTE_READONLY}]),
-    Font = observer_wx:get_attrib({font, fixed}),
-    Attr = wxTextAttr:new(?wxBLACK, [{font, Font}]),
-    true = wxTextCtrl:setDefaultStyle(Text, Attr),
-    Env = wx:get_env(),
-    Write = fun(Trace) ->
-		    wx:set_env(Env),
-		    wxTextCtrl:appendText(Text, textformat(Trace))
-	    end,
-    {ok, _} = ttb:tracer(Nodes, [{file, {local,"/tmp/foo"}}, {shell, {only, Write}}]),
-    setup_ttb(dict:to_list(TPs), TProcs),
-    wxFrame:connect(LogWin, close_window, [{skip, true}]),
-    wxFrame:show(LogWin),
-    wxToggleButton:setLabel(ToggleBtn, "Stop Trace"),
-    {noreply, State};
+		    tpatterns = TPs0,
+		    toggle_button = ToggleBtn,
+		    output = Opts
+		   } = State) ->
+    try
+	TPs = dict:to_list(TPs0),
+	(TProcs == []) andalso throw({error, "No processes traced"}),
+	(Nodes == []) andalso throw({error, "No nodes traced"}),
+	HaveCallTrace = fun(#tpid{opts=Os}) -> lists:member(functions,Os) end,
+	WStr = "Call trace actived but no trace patterns used",
+	(TPs == []) andalso lists:any(HaveCallTrace, TProcs) andalso
+	    observer_wx:create_txt_dialog(Panel, WStr, "Warning", ?wxICON_WARNING),
+
+	{TTB, LogWin}  = ttb_output_args(Panel, Opts),
+	{ok, _} = ttb:tracer(Nodes, TTB),
+	setup_ttb(TPs, TProcs),
+	wxToggleButton:setLabel(ToggleBtn, "Stop Trace"),
+	{noreply, State#state{logwin=LogWin}}
+    catch {error, Msg} ->
+	    observer_wx:create_txt_dialog(Panel, Msg, "Error", ?wxICON_ERROR),
+	    wxToggleButton:setValue(ToggleBtn, false),
+	    {noreply, State}
+    end;
 
 handle_event(#wx{event = #wxCommand{type = command_togglebutton_clicked, commandInt = 0}},
 	     #state{toggle_button = ToggleBtn} = State) ->
     %%Stop tracing
     ttb:stop(nofetch),
     wxToggleButton:setLabel(ToggleBtn, "Start Trace"),
+    wxToggleButton:setValue(ToggleBtn, false),
+    {noreply, State#state{logwin=false}};
+
+handle_event(#wx{id=Id, obj=LogWin, event=Ev},
+	     #state{toggle_button = ToggleBtn, logwin=Latest} = State)
+  when Id =:= ?LOG_WIN; is_record(Ev, wxClose) ->
+    case LogWin of
+	Latest ->
+	    %%Stop tracing
+	    ttb:stop(nofetch),
+	    wxToggleButton:setLabel(ToggleBtn, "Start Trace"),
+	    wxToggleButton:setValue(ToggleBtn, false),
+	    {noreply, State#state{logwin=false}};
+	_ ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?LOG_CLEAR, userData=TCtrl}, State) ->
+    wxTextCtrl:clear(TCtrl),
     {noreply, State};
 
-handle_event(#wx{id=?TRACERWIN, event=#wxClose{}},
-	     #state{toggle_button = ToggleBtn} = State) ->
-    %%Stop tracing
-    ttb:stop(nofetch),
-    wxToggleButton:setLabel(ToggleBtn, "Start Trace"),
+handle_event(#wx{id=?LOG_SAVE, userData=TCtrl}, #state{panel=Panel} = State) ->
+    Dialog = wxFileDialog:new(Panel, [{style, ?wxFD_SAVE bor ?wxFD_OVERWRITE_PROMPT}]),
+    case wxFileDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    Path = wxFileDialog:getPath(Dialog),
+	    wxDialog:destroy(Dialog),
+	    wxTextCtrl:saveFile(TCtrl, [{file, Path}]);
+	_ ->
+	    wxDialog:destroy(Dialog),
+	    ok
+    end,
     {noreply, State};
 
-%% handle_event(#wx{id = ?CLEAR, event = #wxCommand{type = command_menu_selected}},
-%% 	     #state{text_ctrl = TxtCtrl} = State) ->
-%%     wxTextCtrl:clear(TxtCtrl),
-%%     {noreply, State};
-
-%% handle_event(#wx{id = ?SAVE_BUFFER, event = #wxCommand{type = command_menu_selected}},
-%% 	     #state{frame = Frame, text_ctrl = TxtCtrl} = State) ->
-%%     Dialog = wxFileDialog:new(Frame, [{style, ?wxFD_SAVE bor ?wxFD_OVERWRITE_PROMPT}]),
-%%     case wxFileDialog:showModal(Dialog) of
-%% 	?wxID_OK ->
-%% 	    Path = wxFileDialog:getPath(Dialog),
-%% 	    wxDialog:destroy(Dialog),
-%% 	    case filelib:is_file(Path) of
-%% 		true ->
-%% 		    observer_wx:create_txt_dialog(Frame, "File already exists: " ++ Path ++ "\n",
-%% 						  "Error", ?wxICON_ERROR);
-%% 		false ->
-%% 		    wxTextCtrl:saveFile(TxtCtrl, [{file, Path}])
-%% 	    end;
-%% 	_ ->
-%% 	    wxDialog:destroy(Dialog),
-%% 	    ok
-%%     end,
-%%     {noreply, State};
-
-handle_event(#wx{id = ?SAVE_TRACEOPTS,
-		 event = #wxCommand{type = command_menu_selected}},
+handle_event(#wx{id = ?SAVE_TRACEOPTS},
 	     #state{panel = Panel,
 		    def_trace_opts = TraceOpts,
 		    match_specs = MatchSpecs,
-		    tpatterns = TracePatterns
+		    tpatterns = TracePatterns,
+		    output = Output
 		   } = State) ->
     Dialog = wxFileDialog:new(Panel, [{style, ?wxFD_SAVE bor ?wxFD_OVERWRITE_PROMPT}]),
     case wxFileDialog:showModal(Dialog) of
 	?wxID_OK ->
 	    Path = wxFileDialog:getPath(Dialog),
-	    write_file(Panel, Path, TraceOpts, MatchSpecs, dict:to_list(TracePatterns));
+	    write_file(Panel, Path,
+		       TraceOpts, MatchSpecs, Output,
+		       dict:to_list(TracePatterns)
+		      );
 	_ ->
 	    ok
     end,
     wxDialog:destroy(Dialog),
     {noreply, State};
 
-handle_event(#wx{id = ?LOAD_TRACEOPTS,
-		 event = #wxCommand{type = command_menu_selected}},
-	     #state{panel = Panel} = State) ->
+handle_event(#wx{id = ?LOAD_TRACEOPTS}, #state{panel = Panel} = State) ->
     Dialog = wxFileDialog:new(Panel, [{style, ?wxFD_FILE_MUST_EXIST}]),
     State2 = case wxFileDialog:showModal(Dialog) of
 		 ?wxID_OK ->
@@ -303,27 +331,142 @@ handle_event(#wx{id = ?LOAD_TRACEOPTS,
     wxDialog:destroy(Dialog),
     {noreply, State2};
 
+handle_event(#wx{id=Type, event=#wxList{type=command_list_item_right_click}},
+	     State = #state{panel=Panel}) ->
+    Menus = case Type of
+		?PROC_WIN ->
+		    [{?EDIT_PROCS, "Edit process options"},
+		     {?REMOVE_PROCS, "Remove processes"}];
+		?FUNCS_WIN ->
+		    [{?EDIT_FUNCS_MS, "Edit matchspecs"},
+		     {?REMOVE_FUNCS_MS, "Remove trace patterns"}];
+		?NODES_WIN ->
+		    [{?ADD_NODES, "Trace other nodes"},
+		     {?REMOVE_NODES, "Remove nodes"}]
+	    end,
+    Menu = wxMenu:new(),
+    [wxMenu:append(Menu,Id,Str) || {Id,Str} <- Menus],
+    wxWindow:popupMenu(Panel, Menu),
+    wxMenu:destroy(Menu),
+    {noreply, State};
+
+handle_event(#wx{id=?EDIT_PROCS}, #state{panel=Panel, tpids=Tpids, p_view=Ps} = State) ->
+    try
+	[#tpid{opts=DefOpts}|_] = Selected = get_selected_items(Ps, Tpids),
+	Opts = observer_traceoptions_wx:process_trace(Panel, DefOpts),
+	Changed = [Tpid#tpid{opts=Opts} || Tpid <- Selected],
+	{noreply, do_add_processes(Changed, State#state{def_trace_opts=Opts})}
+    catch _:_ ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?REMOVE_PROCS}, #state{tpids=Tpids, p_view=LCtrl} = State) ->
+    Selected = get_selected_items(LCtrl, Tpids),
+    Pids = Tpids -- Selected,
+    update_process_view(Pids, LCtrl),
+    {noreply, State#state{tpids=Pids}};
+
+handle_event(#wx{id=?TRACE_DEFPS}, #state{panel=Panel, def_trace_opts=PO} = State) ->
+    try
+	Opts = observer_traceoptions_wx:process_trace(Panel, PO),
+	{noreply, State#state{def_trace_opts=Opts}}
+    catch _:_ ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?TRACE_DEFMS}, #state{panel=Panel, match_specs=Ms} = State) ->
+    try %% Return selected MS and sends new MS's to us
+	observer_traceoptions_wx:select_matchspec(self(), Panel, Ms)
+    catch _:_ ->
+	    cancel
+    end,
+    {noreply, State};
+
+handle_event(#wx{id=?EDIT_FUNCS_MS}, #state{panel=Panel, tpatterns=TPs,
+					    f_view=LCtrl, m_view=Mview,
+					    match_specs=Mss
+					   } = State) ->
+    try
+	[Module] = get_selected_items(Mview, lists:sort(dict:fetch_keys(TPs))),
+	Selected = get_selected_items(LCtrl, dict:fetch(Module, TPs)),
+	Ms = observer_traceoptions_wx:select_matchspec(self(), Panel, Mss),
+	Changed = [TP#tpattern{ms=Ms} || TP <- Selected],
+	{noreply, do_add_patterns({Module, Changed}, State)}
+    catch _:_ ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?REMOVE_FUNCS_MS}, #state{tpatterns=TPs0, f_view=LCtrl, m_view=Mview} = State) ->
+    case get_selected_items(Mview, lists:sort(dict:fetch_keys(TPs0))) of
+	[] -> {noreply, State};
+	[Module] ->
+	    FMs0 = dict:fetch(Module, TPs0),
+	    Selected = get_selected_items(LCtrl, FMs0),
+	    FMs = FMs0 -- Selected,
+	    update_functions_view(FMs, LCtrl),
+	    TPs = case FMs of
+		      [] ->
+			  New = dict:erase(Module, TPs0),
+			  update_modules_view(lists:sort(dict:fetch_keys(New)), Module, Mview),
+			  New;
+		      _ ->
+			  dict:store(Module, FMs, TPs0)
+		  end,
+	    {noreply, State#state{tpatterns=TPs}}
+    end;
+
+handle_event(#wx{id=?TRACE_OUTPUT}, #state{panel=Panel, output=Out0} = State) ->
+    try
+	Out = observer_traceoptions_wx:output(Panel, Out0),
+	{noreply, State#state{output=Out}}
+    catch _:_ ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?ADD_NODES}, #state{panel=Panel, n_view=Nview, nodes=Ns0} = State) ->
+    try
+	Possible = [node()|nodes()] -- Ns0,
+	case Possible of
+	    [] ->
+		Msg = "Already selected all connected nodes\n"
+		    "Use the Nodes menu to connect to new nodes first.",
+		observer_wx:create_txt_dialog(Panel, Msg, "No available nodes", ?wxICON_INFORMATION),
+		throw(cancel);
+	    _ ->
+		Ns = lists:usort(Ns0 ++ observer_traceoptions_wx:select_nodes(Panel, Possible)),
+		update_nodes_view(Ns, Nview),
+		{noreply, State#state{nodes=Ns}}
+	end
+    catch cancel ->
+	    {noreply, State}
+    end;
+
+handle_event(#wx{id=?REMOVE_NODES}, #state{n_view=Nview, nodes=Ns0} = State) ->
+    Sel = get_selected_items(Nview, Ns0),
+    Ns = Ns0 -- Sel,
+    update_nodes_view(Ns, Nview),
+    {noreply, State#state{nodes = Ns}};
+
 handle_event(#wx{id=ID, event = What}, State) ->
-    io:format("~p:~p: Unhandled event: ~p, ~p ~n", [?MODULE, self(), ID, What]),
+    io:format("~p:~p: Unhandled event: ~p, ~p ~n", [?MODULE, ?LINE, ID, What]),
     {noreply, State}.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-handle_call(Msg, _From, State) ->
-    io:format("~p~p: Got Call ~p~n",[?MODULE, ?LINE, Msg]),
-    {reply, ok, State}.
+handle_call(Msg, From, _State) ->
+    error({unhandled_call, Msg, From}).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 handle_cast({add_processes, Pids}, State = #state{panel=Parent, def_trace_opts=TraceOpts}) ->
-    case observer_traceoptions_wx:process_trace(Parent, TraceOpts) of
-	{ok, Opts} ->
-	    POpts = [#tpid{pid=Pid, opts=Opts} || Pid <- Pids],
-	    {noreply, do_add_processes(POpts, State#state{def_trace_opts=Opts})};
-	cancel ->
+    try
+	Opts = observer_traceoptions_wx:process_trace(Parent, TraceOpts),
+	POpts = [#tpid{pid=Pid, opts=Opts} || Pid <- Pids],
+	S = do_add_processes(POpts, State#state{def_trace_opts=Opts}),
+	{noreply, S}
+    catch cancel ->
 	    {noreply, State}
     end;
-handle_cast(Msg, State) ->
-    io:format("~p ~p: Unhandled cast ~p~n", [?MODULE, ?LINE, Msg]),
-    {noreply, State}.
+handle_cast(Msg, _State) ->
+    error({unhandled_cast, Msg}).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -342,18 +485,30 @@ handle_info(Any, State) ->
     {noreply, State}.
 
 terminate(_Reason, #state{nodes=_Nodes}) ->
-    %% case observer_wx:try_rpc(Node, erlang, whereis, [dbg]) of
-    %% 	undefined -> fine;
-    %% 	Pid -> exit(Pid, kill)
-    %% end,
+    ttb:stop(nofetch),
     ok.
 
 code_change(_, _, State) ->
     {stop, not_yet_implemented, State}.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+do_add_patterns({Module, NewPs}, State=#state{tpatterns=TPs0, m_view=Mview, f_view=Fview}) ->
+    Old = case dict:find(Module, TPs0) of
+	      {ok, Prev}  -> Prev;
+	      error -> []
+	  end,
+    case merge_patterns(NewPs, Old) of
+	{Old, [], []} ->
+	    State;
+	{MPatterns, _New, _Changed} ->
+	    %% if dynamicly updates update New and Changed
+	    TPs = dict:store(Module, MPatterns, TPs0),
+	    update_modules_view(lists:sort(dict:fetch_keys(TPs)), Module, Mview),
+	    update_functions_view(dict:fetch(Module, TPs), Fview),
+	    State#state{tpatterns=TPs}
+    end.
 
-do_add_processes(POpts, S0=#state{p_view=LCtrl, tpids=OldPids, nodes=Ns0}) ->
+do_add_processes(POpts, S0=#state{n_view=Nview, p_view=LCtrl, tpids=OldPids, nodes=Ns0}) ->
     case merge_pids(POpts, OldPids) of
 	{OldPids, [], []} ->
 	    S0;
@@ -363,13 +518,15 @@ do_add_processes(POpts, S0=#state{p_view=LCtrl, tpids=OldPids, nodes=Ns0}) ->
 	    Nodes = case ordsets:subtract(Ns1, Ns0) of
 			[] -> Ns0; %% No new Nodes
 			NewNs ->
-			    %% Handle new nodes
-			    %% BUGBUG add trace patterns for new nodes
-			    ordsets:union(NewNs, Ns0)
+			    %% if dynamicly updates add trace patterns for new nodes
+			    All = ordsets:union(NewNs, Ns0),
+			    update_nodes_view(All, Nview),
+			    All
 		    end,
 	    S0#state{tpids=Pids, nodes=Nodes}
     end.
 
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 update_process_view(Pids, LCtrl) ->
     wxListCtrl:deleteAllItems(LCtrl),
     wx:foldl(fun(#tpid{pid=Pid, opts=Opts}, Row) ->
@@ -381,20 +538,15 @@ update_process_view(Pids, LCtrl) ->
 		     Row+1
 	     end, 0, Pids).
 
-do_add_patterns({Module, NewPs}, State=#state{tpatterns=TPs0, m_view=Mview, f_view=Fview}) ->
-    Old = case dict:find(Module, TPs0) of
-	      {ok, Prev}  -> Prev;
-	      error -> []
-	  end,
-    case merge_patterns(NewPs, Old) of
-	{Old, [], []} ->
-	    State;
-	{MPatterns, _New, _Changed} ->
-	    TPs = dict:store(Module, MPatterns, TPs0),
-	    update_modules_view(lists:sort(dict:fetch_keys(TPs)), Module, Mview),
-	    update_functions_view(dict:fetch(Module, TPs), Fview),
-	    State#state{tpatterns=TPs}
-    end.
+update_nodes_view(Nodes, LCtrl) ->
+    wxListCtrl:deleteAllItems(LCtrl),
+    wx:foldl(fun(Node, Row) ->
+		     _Item = wxListCtrl:insertItem(LCtrl, Row, ""),
+		     ?EVEN(Row) andalso
+			 wxListCtrl:setItemBackgroundColour(LCtrl, Row, ?BG_EVEN),
+		     wxListCtrl:setItem(LCtrl, Row, 0, observer_lib:to_str(Node)),
+		     Row+1
+	     end, 0, Nodes).
 
 update_modules_view(Mods, Module, LCtrl) ->
     wxListCtrl:deleteAllItems(LCtrl),
@@ -419,7 +571,6 @@ update_functions_view(Funcs, LCtrl) ->
 	     end, 0, Funcs).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
 merge_pids([N1=#tpid{pid=new}|Ns], [N2=#tpid{pid=new}|Old]) ->
     {Pids, New, Changed} = merge_pids_1(Ns,Old),
     {[N1|Pids], New, [{N2,N2}|Changed]};
@@ -438,7 +589,6 @@ merge_pids_1(New, Old) ->
 merge_patterns(New, Old) ->
     merge(lists:sort(New), Old, #tpattern.fa, [], [], []).
 
-
 merge([N|Ns], [N|Os], El, New, Ch, All) ->
     merge(Ns, Os, El, New, Ch, [N|All]);
 merge([N|Ns], [O|Os], El, New, Ch, All)
@@ -456,13 +606,78 @@ merge(Ns, [], _El, New, Ch, All) ->
     {lists:reverse(All, Ns), Ns++New, Ch}.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+ttb_output_args(Parent, Opts) ->
+    ToWindow = proplists:get_value(window, Opts, true),
+    ToShell = proplists:get_value(shell, Opts, false),
+    ToFile = proplists:get_value(file, Opts, false),
+    ToWindow orelse ToShell orelse ToFile orelse
+	throw({error, "No output of trace"}),
+    {LogWin,Text} = create_logwindow(Parent, ToWindow),
+    Write = output_fun(Text, ToShell),
+    Shell = output_shell(ToFile, Write),
+    FileOpts = output_file(ToFile, proplists:get_value(wrap, Opts, false), Opts),
+    {[{file, {local,FileOpts}}|Shell], LogWin}.
+
+output_shell(true, false) ->
+    []; %% File only
+output_shell(true, Write) when is_function(Write) ->
+    [{shell, Write}];
+output_shell(false, Write) when is_function(Write) ->
+    [{shell, {only, Write}}].
+
+output_fun(false, false) -> false;
+output_fun(false, true) -> fun(Trace) -> io:put_chars(textformat(Trace)) end;
+output_fun(Text, false) ->
+    Env = wx:get_env(),
+    fun(Trace) ->
+	    wx:set_env(Env),
+	    wxTextCtrl:appendText(Text, textformat(Trace))
+    end;
+output_fun(Text, true) ->
+    Env = wx:get_env(),
+    fun(Trace) ->
+	    wx:set_env(Env),
+	    IoList = textformat(Trace),
+	    wxTextCtrl:appendText(Text, IoList),
+	    io:put_chars(textformat(Trace))
+    end.
+
+output_file(false, _, _Opts) ->
+    "ttb";  %% Will be ignored
+output_file(true, false, Opts) ->
+    proplists:get_value(filename, Opts, "ttb");
+output_file(true, true, Opts) ->
+    Name = proplists:get_value(filename, Opts, "ttb"),
+    Size = proplists:get_value(wrap_sz, Opts, 128),
+    Count = proplists:get_value(wrap_c, Opts, 8),
+    {wrap, Name, Size*1024, Count}.
+
+
+create_logwindow(_Parent, false) -> {false, false};
+create_logwindow(Parent, true) ->
+    LogWin = wxFrame:new(Parent, ?LOG_WIN, "Trace Log", [{size, {750, 800}}]),
+    MB = wxMenuBar:new(),
+    File = wxMenu:new(),
+    wxMenu:append(File, ?LOG_CLEAR, "Clear Log\tCtrl-C"),
+    wxMenu:append(File, ?LOG_SAVE, "Save Log\tCtrl-S"),
+    wxMenu:append(File, ?wxID_CLOSE, "Close"),
+    wxMenuBar:append(MB, File, "File"),
+    wxFrame:setMenuBar(LogWin, MB),
+    Text = wxTextCtrl:new(LogWin, ?wxID_ANY,
+			  [{style, ?wxTE_MULTILINE bor ?wxTE_RICH2 bor
+				?wxTE_DONTWRAP bor ?wxTE_READONLY}]),
+    Font = observer_wx:get_attrib({font, fixed}),
+    Attr = wxTextAttr:new(?wxBLACK, [{font, Font}]),
+    true = wxTextCtrl:setDefaultStyle(Text, Attr),
+    wxFrame:connect(LogWin, close_window, [{skip, true}]),
+    wxFrame:connect(LogWin, command_menu_selected, [{userData, Text}]),
+    wxFrame:show(LogWin),
+    {LogWin, Text}.
 
 setup_ttb(TPs, TPids) ->
     _R1 = [setup_tps(FTP, []) || {_, FTP} <- TPs],
     _R2 = [ttb:p(Pid, dbg_flags(Flags)) || #tpid{pid=Pid, opts=Flags} <- TPids],
     [#tpid{pid=_Pid, opts=_Flags}|_] = TPids,
-    %% io:format("ttb:p(pid(\"~w\", ~w).", [Pid, Flags]),
-    %% io:format("TTB ~w ~w~n",[R2, R1]),
     ok.
 
 %% Sigh order is important
@@ -511,33 +726,33 @@ format_trace(Trace, Size, TS0={_,_,MS}) ->
 	    case element(4, Trace) of
 		{dbg,ok} -> "";
 		Message ->
-		    io_lib:format("~s (~100p) << ~100p ~n", [TS,From,Message])
+		    io_lib:format("~s (~100p) << ~100p~n", [TS,From,Message])
 	    end;
 	'send' ->
 	    Message = element(4, Trace),
 	    To = element(5, Trace),
-	    io_lib:format("~s (~100p) ~100p ! ~100p ~n", [TS,From,To,Message]);
+	    io_lib:format("~s (~100p) ~100p ! ~100p~n", [TS,From,To,Message]);
 	call ->
 	    case element(4, Trace) of
 		MFA when Size == 5 ->
 		    Message = element(5, Trace),
 		    io_lib:format("~s (~100p) call ~s (~100p) ~n", [TS,From,ffunc(MFA),Message]);
 		MFA ->
-		    io_lib:format("~s (~100p) call ~s ~n", [TS,From,ffunc(MFA)])
+		    io_lib:format("~s (~100p) call ~s~n", [TS,From,ffunc(MFA)])
 	    end;
 	return_from ->
 	    MFA = element(4, Trace),
 	    Ret = element(5, Trace),
-	    io_lib:format("~s (~100p) returned from ~s -> ~100p ~n", [TS,From,ffunc(MFA),Ret]);
+	    io_lib:format("~s (~100p) returned from ~s -> ~100p~n", [TS,From,ffunc(MFA),Ret]);
 	return_to ->
 	    MFA = element(4, Trace),
-	    io_lib:format("~s (~100p) returning to ~s ~n", [TS,From,ffunc(MFA)]);
+	    io_lib:format("~s (~100p) returning to ~s~n", [TS,From,ffunc(MFA)]);
 	spawn when Size == 5 ->
 	    Pid = element(4, Trace),
 	    MFA = element(5, Trace),
-	    io_lib:format("~s (~100p) spawn ~100p as ~s ~n", [TS,From,Pid,ffunc(MFA)]);
+	    io_lib:format("~s (~100p) spawn ~100p as ~s~n", [TS,From,Pid,ffunc(MFA)]);
 	Op ->
-	    io_lib:format("~s (~100p) ~100p ~s ~n", [TS,From,Op,ftup(Trace,4,Size)])
+	    io_lib:format("~s (~100p) ~100p ~s~n", [TS,From,Op,ftup(Trace,4,Size)])
     end.
 
 %%% These f* functions returns non-flat strings
@@ -567,7 +782,7 @@ ftup(Trace, Index, Size) ->
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
-write_file(Frame, Filename, TraceOps, MatchSpecs, TPs) ->
+write_file(Frame, Filename, TraceOps, MatchSpecs, Output, TPs) ->
     FormatMS = fun(#match_spec{name=Id, term=T, func=F}) ->
 		       io_lib:format("[{name,\"~s\"}, {term, ~w}, {func, \"~s\"}]",
 				     [Id, T, F])
@@ -581,6 +796,7 @@ write_file(Frame, Filename, TraceOps, MatchSpecs, TPs) ->
 	 "%%%\n%%% DO NOT EDIT!\n%%%\n",
 	 [["{ms, ", FormatMS(Ms), "}.\n"] || Ms <- MatchSpecs],
 	 "{traceopts, ", io_lib:format("~w",[TraceOps]) ,"}.\n",
+	 "{output, ", io_lib:format("~w",[Output]) ,"}.\n",
 	 [FormatTP(TP) || TP <- TPs]
 	],
     case file:write_file(Filename, list_to_binary(Str)) of
@@ -602,8 +818,9 @@ read_settings(Filename, #state{match_specs=Ms0, def_trace_opts=TO0} = State) ->
 	{ok, Terms} ->
 	    Ms  = lists:usort(Ms0 ++ [parse_ms(MsList) || {ms, MsList} <- Terms]),
 	    TOs = lists:usort(TO0 ++ proplists:get_value(traceopts, Terms, [])),
+	    Out = proplists:get_value(output, Terms, []),
 	    lists:foldl(fun parse_tp/2,
-			State#state{match_specs=Ms, def_trace_opts=TOs},
+			State#state{match_specs=Ms, def_trace_opts=TOs, output=Out},
 			Terms);
 	{error, _} ->
 	    observer_wx:create_txt_dialog(State#state.panel, "Could not load settings",
@@ -626,3 +843,24 @@ parse_tp({tp, Mod, FAs}, State) ->
     do_add_patterns({Mod, Patterns}, State);
 parse_tp(_, State) ->
     State.
+
+get_selected_items(Grid, Data) ->
+    get_indecies(get_selected_items(Grid, -1, []), Data).
+get_selected_items(Grid, Index, ItemAcc) ->
+    Item = wxListCtrl:getNextItem(Grid, Index, [{geometry, ?wxLIST_NEXT_ALL},
+						{state, ?wxLIST_STATE_SELECTED}]),
+    case Item of
+	-1 ->
+	    lists:reverse(ItemAcc);
+	_ ->
+	    get_selected_items(Grid, Item, [Item | ItemAcc])
+    end.
+
+get_indecies(Items, Data) ->
+    get_indecies(Items, 0, Data).
+get_indecies([I|Rest], I, [H|T]) ->
+    [H|get_indecies(Rest, I+1, T)];
+get_indecies(Rest = [_|_], I, [_|T]) ->
+    get_indecies(Rest, I+1, T);
+get_indecies(_, _, _) ->
+    [].
diff --git a/lib/observer/src/observer_traceoptions_wx.erl b/lib/observer/src/observer_traceoptions_wx.erl
index bad05ec016..6a634e06f0 100644
--- a/lib/observer/src/observer_traceoptions_wx.erl
+++ b/lib/observer/src/observer_traceoptions_wx.erl
@@ -21,9 +21,8 @@
 -include_lib("wx/include/wx.hrl").
 -include("observer_defs.hrl").
 
--export([process_trace/2, trace_pattern/4]).
-
--compile(export_all).
+-export([process_trace/2, trace_pattern/4, select_nodes/2,
+	 output/2, select_matchspec/3]).
 
 process_trace(Parent, Default) ->
     Dialog = wxDialog:new(Parent, ?wxID_ANY, "Process Options",
@@ -53,19 +52,15 @@ process_trace(Parent, Default) ->
     check_box(LinkBox,  LinkBool),
     enable(SpawnBox, [SpwnAllRadio, SpwnFirstRadio]),
     enable(LinkBox, [LinkAllRadio, LinkFirstRadio]),
-    wxRadioButton:setValue(SpwnAllRadio, lists:member(on_spawn, Default)),
-    wxRadioButton:setValue(SpwnFirstRadio, lists:member(on_first_spawn, Default)),
-    wxRadioButton:setValue(LinkAllRadio, lists:member(on_link, Default)),
-    wxRadioButton:setValue(LinkFirstRadio, lists:member(on_first_link, Default)),
-
-    wxSizer:add(LeftSz, FuncBox, []),
-    wxSizer:add(LeftSz, SendBox, []),
-    wxSizer:add(LeftSz, RecBox, []),
-    wxSizer:add(LeftSz, EventBox, []),
+    [wxRadioButton:setValue(Radio, lists:member(Opt, Default)) ||
+	{Radio, Opt} <- [{SpwnAllRadio, on_spawn}, {SpwnFirstRadio, on_first_spawn},
+			 {LinkAllRadio, on_link},  {LinkFirstRadio, on_first_link}]],
+
+    [wxSizer:add(LeftSz, CheckBox, []) || CheckBox <- [FuncBox,SendBox,RecBox,EventBox]],
     wxSizer:add(LeftSz, 150, -1),
 
-    wxSizer:add(PanelSz, LeftSz, [{flag, ?wxEXPAND}]),
-    wxSizer:add(PanelSz, RightSz,[{flag, ?wxEXPAND}]),
+    wxSizer:add(PanelSz, LeftSz, [{flag, ?wxEXPAND}, {proportion,1}]),
+    wxSizer:add(PanelSz, RightSz,[{flag, ?wxEXPAND}, {proportion,1}]),
     wxPanel:setSizer(Panel, PanelSz),
     wxSizer:add(MainSz, Panel, [{flag, ?wxEXPAND}, {proportion,1}]),
     Buttons = wxDialog:createButtonSizer(Dialog, ?wxOK bor ?wxCANCEL),
@@ -81,26 +76,26 @@ process_trace(Parent, Default) ->
 					   enable(LinkBox, [LinkAllRadio, LinkFirstRadio])
 				   end}]),
 
-    Res = case wxDialog:showModal(Dialog) of
-	      ?wxID_OK ->
-		  All = [{SendBox, send}, {RecBox, 'receive'},
-			 {FuncBox, functions}, {EventBox, events},
-			 {{SpawnBox, SpwnAllRadio}, on_spawn},
-			 {{SpawnBox,SpwnFirstRadio}, on_first_spawn},
-			 {{LinkBox, LinkAllRadio}, on_link},
-			 {{LinkBox, LinkFirstRadio}, on_first_link}],
-		  Check = fun({Box, Radio}) ->
-				  wxCheckBox:getValue(Box) andalso wxRadioButton:getValue(Radio);
-			     (Box) ->
-				  wxCheckBox:getValue(Box)
-			  end,
-		  Opts = [Id || {Tick, Id} <- All, Check(Tick)],
-		  {ok, lists:reverse(Opts)};
-	      ?wxID_CANCEL ->
-		  cancel
-	  end,
-    wxDialog:destroy(Dialog),
-    Res.
+    case wxDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    All = [{SendBox, send}, {RecBox, 'receive'},
+		   {FuncBox, functions}, {EventBox, events},
+		   {{SpawnBox, SpwnAllRadio}, on_spawn},
+		   {{SpawnBox,SpwnFirstRadio}, on_first_spawn},
+		   {{LinkBox, LinkAllRadio}, on_link},
+		   {{LinkBox, LinkFirstRadio}, on_first_link}],
+	    Check = fun({Box, Radio}) ->
+			    wxCheckBox:getValue(Box) andalso wxRadioButton:getValue(Radio);
+		       (Box) ->
+			    wxCheckBox:getValue(Box)
+		    end,
+	    Opts = [Id || {Tick, Id} <- All, Check(Tick)],
+	    wxDialog:destroy(Dialog),
+	    lists:reverse(Opts);
+	?wxID_CANCEL ->
+	    wxDialog:destroy(Dialog),
+	    throw(cancel)
+    end.
 
 trace_pattern(ParentPid, Parent, Node, MatchSpecs) ->
     try
@@ -111,6 +106,10 @@ trace_pattern(ParentPid, Parent, Node, MatchSpecs) ->
     catch cancel -> cancel
     end.
 
+select_nodes(Parent, Nodes) ->
+    Choices = [{atom_to_list(X), X} || X <- Nodes],
+    check_selector(Parent, Choices).
+
 module_selector(Parent, Node) ->
     Dialog = wxDialog:new(Parent, ?wxID_ANY, "Select Module",
 			  [{style, ?wxDEFAULT_DIALOG_STYLE bor ?wxRESIZE_BORDER},
@@ -167,6 +166,17 @@ module_selector(Parent, Node) ->
     end.
 
 function_selector(Parent, Node, Module) ->
+    Functions = observer_wx:try_rpc(Node, Module, module_info, [functions]),
+    Choices = lists:sort([{Name, Arity} || {Name, Arity} <- Functions,
+					   not(erl_internal:guard_bif(Name, Arity))]),
+    ParsedChoices = parse_function_names(Choices),
+    case check_selector(Parent, ParsedChoices) of
+	[] -> [{Module, '_', '_'}];
+	FAs ->
+	    [{Module, F, A} || {F,A} <- FAs]
+    end.
+
+check_selector(Parent, ParsedChoices) ->
     Dialog = wxDialog:new(Parent, ?wxID_ANY, "Trace Functions",
 			  [{style, ?wxDEFAULT_DIALOG_STYLE bor ?wxRESIZE_BORDER},
 			   {size, {400, 400}}]),
@@ -195,10 +205,6 @@ function_selector(Parent, Node, Module) ->
     wxWindow:setSizer(Dialog, MainSz),
     wxWindow:setFocus(TxtCtrl),
     %% Init
-    Functions = observer_wx:try_rpc(Node, Module, module_info, [functions]),
-    Choices = lists:sort([{Name, Arity} || {Name, Arity} <- Functions,
-					   not(erl_internal:guard_bif(Name, Arity))]),
-    ParsedChoices = parse_function_names(Choices),
     filter_listbox_data("", ParsedChoices, ListBox, false),
     %% Setup Event handling
     wxTextCtrl:connect(TxtCtrl, command_text_updated,
@@ -242,22 +248,19 @@ function_selector(Parent, Node, Module) ->
     case wxDialog:showModal(Dialog) of
 	?wxID_OK ->
 	    wxDialog:destroy(Dialog),
-	    case get_checked_funcs(ListBox, []) of
-		[] -> [{Module, '_', '_'}];
-		FAs ->
-		    [{Module, F, A} || {F,A} <- FAs]
-	    end;
+	    get_checked(ListBox, []);
 	?wxID_CANCEL ->
 	    wxDialog:destroy(Dialog),
+	    get_checked(ListBox, []),
 	    throw(cancel)
     end.
 
-get_checked_funcs(ListBox, Acc) ->
+get_checked(ListBox, Acc) ->
     receive
 	{ListBox, true, FA} ->
-	    get_checked_funcs(ListBox, [FA|lists:delete(FA,Acc)]);
+	    get_checked(ListBox, [FA|lists:delete(FA,Acc)]);
 	{ListBox, false, FA} ->
-	    get_checked_funcs(ListBox, lists:delete(FA,Acc))
+	    get_checked(ListBox, lists:delete(FA,Acc))
     after 0 ->
 	    lists:reverse(Acc)
     end.
@@ -370,6 +373,38 @@ select_matchspec(Pid, Parent, MatchSpecs) ->
 	    throw(cancel)
     end.
 
+output(Parent, Default) ->
+    Dialog = wxDialog:new(Parent, ?wxID_ANY, "Process Options",
+			  [{style, ?wxDEFAULT_DIALOG_STYLE bor ?wxRESIZE_BORDER}]),
+    Panel = wxPanel:new(Dialog),
+    MainSz = wxBoxSizer:new(?wxVERTICAL),
+    PanelSz = wxStaticBoxSizer:new(?wxVERTICAL, Panel,  [{label, "Output"}]),
+
+    %% Output select
+    WinB = wxCheckBox:new(Panel, ?wxID_ANY, "Window", []),
+    check_box(WinB, proplists:get_value(window, Default, true)),
+    ShellB = wxCheckBox:new(Panel, ?wxID_ANY, "Shell", []),
+    check_box(ShellB, proplists:get_value(shell, Default, false)),
+    [wxSizer:add(PanelSz, CheckBox, []) || CheckBox <- [WinB, ShellB]],
+    GetFileOpts = ttb_file_options(Panel, PanelSz, Default),
+    %% Set sizer and show dialog
+    wxPanel:setSizer(Panel, PanelSz),
+    wxSizer:add(MainSz, Panel, [{flag, ?wxEXPAND bor ?wxALL}, {proportion,1}, {border, 3}]),
+    Buttons = wxDialog:createButtonSizer(Dialog, ?wxOK bor ?wxCANCEL),
+    wxSizer:add(MainSz, Buttons, [{flag, ?wxEXPAND bor ?wxALL}, {border, 5}]),
+    wxWindow:setSizerAndFit(Dialog, MainSz),
+    wxSizer:setSizeHints(MainSz, Dialog),
+    case wxDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    Res = [{window, wxCheckBox:getValue(WinB)},
+		   {shell, wxCheckBox:getValue(ShellB)} | GetFileOpts()],
+	    wxDialog:destroy(Dialog),
+	    Res;
+	?wxID_CANCEL ->
+	    wxDialog:destroy(Dialog),
+	    throw(cancel)
+    end.
+
 edit_ms(TextCtrl, Label0, Parent) ->
     Str = ensure_last_is_dot(wxStyledTextCtrl:getText(TextCtrl)),
     try
@@ -570,3 +605,69 @@ ensure_last_is_dot(String) ->
 	false ->
 	    String ++ "."
     end.
+
+ttb_file_options(Panel, Sizer, Default) ->
+    Top   = wxBoxSizer:new(?wxVERTICAL),
+    NameS = wxBoxSizer:new(?wxHORIZONTAL),
+    FileBox = wxCheckBox:new(Panel, ?wxID_ANY, "File (Using ttb file tracer)", []),
+    check_box(FileBox, proplists:get_value(file, Default, false)),
+    wxSizer:add(Sizer, FileBox),
+    Desc  = wxStaticText:new(Panel, ?wxID_ANY, "File"),
+    FileName = proplists:get_value(filename, Default, "ttb"),
+    FileT = wxTextCtrl:new(Panel, ?wxID_ANY, [{size, {150,-1}}, {value, FileName}]),
+    FileB = wxButton:new(Panel, ?wxID_ANY, [{label, "Browse"}]),
+    wxSizer:add(NameS, Desc,  [{proportion, 0}, {flag, ?wxALIGN_CENTER_VERTICAL}]),
+    wxSizer:add(NameS, FileT, [{proportion, 1}, {flag, ?wxEXPAND bor ?wxALIGN_CENTER_VERTICAL}]),
+    wxSizer:add(NameS, FileB, [{proportion, 0}, {flag, ?wxALIGN_CENTER_VERTICAL}]),
+
+    WrapB = wxCheckBox:new(Panel, ?wxID_ANY, "Wrap logs"),
+    WrapSz = wxSlider:new(Panel, ?wxID_ANY, proplists:get_value(wrap_sz, Default, 128),
+			  64, 10*1024, [{style, ?wxSL_HORIZONTAL bor ?wxSL_LABELS}]),
+    WrapC = wxSlider:new(Panel, ?wxID_ANY, proplists:get_value(wrap_c, Default, 8),
+			 2, 100, [{style, ?wxSL_HORIZONTAL bor ?wxSL_LABELS}]),
+
+    wxSizer:add(Top, NameS, [{flag, ?wxEXPAND}]),
+    wxSizer:add(Top, WrapB, []),
+    wxSizer:add(Top, WrapSz,[{flag, ?wxEXPAND}]),
+    wxSizer:add(Top, WrapC, [{flag, ?wxEXPAND}]),
+    wxSizer:add(Sizer, Top, [{flag, ?wxEXPAND bor ?wxLEFT},{border, 20}]),
+
+    Enable = fun(UseFile, UseWrap0) ->
+		     UseWrap = UseFile andalso UseWrap0,
+		     [wxWindow:enable(W, [{enable, UseFile}]) || W <- [Desc,FileT,FileB,WrapB]],
+		     [wxWindow:enable(W, [{enable, UseWrap}]) || W <- [WrapSz, WrapC]],
+		     check_box(WrapB, UseWrap0)
+	     end,
+    Enable(proplists:get_value(file, Default, false), proplists:get_value(wrap, Default, false)),
+    wxPanel:connect(FileBox, command_checkbox_clicked,
+		    [{callback, fun(_,_) ->
+					Enable(wxCheckBox:getValue(FileBox),
+					       wxCheckBox:getValue(WrapB))
+				end}]),
+    wxPanel:connect(WrapB, command_checkbox_clicked,
+		    [{callback, fun(_,_) ->
+					Enable(true, wxCheckBox:getValue(WrapB))
+				end}]),
+    wxPanel:connect(FileB, command_button_clicked,
+		    [{callback, fun(_,_) ->  get_file(FileT) end}]),
+    fun() ->
+	    [{file, wxCheckBox:getValue(FileBox)},
+	     {filename, wxTextCtrl:getValue(FileT)},
+	     {wrap, wxCheckBox:getValue(WrapB)},
+	     {wrap_sz, wxSlider:getValue(WrapSz)},
+	     {wrap_c, wxSlider:getValue(WrapC)}]
+    end.
+
+get_file(Text) ->
+    Str = wxTextCtrl:getValue(Text),
+    Dialog = wxFileDialog:new(Text,
+			      [{message, "Select a file"},
+			       {default_file, Str}]),
+    case wxDialog:showModal(Dialog) of
+	?wxID_OK ->
+	    Dir = wxFileDialog:getDirectory(Dialog),
+	    File = wxFileDialog:getFilename(Dialog),
+	    wxTextCtrl:setValue(Text, filename:join(Dir, File));
+	_ -> ok
+    end,
+    wxFileDialog:destroy(Dialog).
diff --git a/lib/observer/src/observer_tv_table.erl b/lib/observer/src/observer_tv_table.erl
index 7b5cdb44b9..f432173f57 100644
--- a/lib/observer/src/observer_tv_table.erl
+++ b/lib/observer/src/observer_tv_table.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2011. All Rights Reserved.
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -24,8 +24,6 @@
 -export([init/1, handle_info/2, terminate/2, code_change/3, handle_call/3,
 	 handle_event/2, handle_sync_event/3, handle_cast/2]).
 
--export([get_table/3]).
-
 -include("observer_defs.hrl").
 -import(observer_lib, [to_str/1]).
 
@@ -60,7 +58,7 @@
 	  source,
 	  tab,
 	  attrs,
-	  timer
+	  timer={false, 30}
 	}).
 
 -record(opt,
@@ -221,33 +219,10 @@ search_area(Parent) ->
 
 edit(Index, #state{pid=Pid, frame=Frame}) ->
     Str = get_row(Pid, Index, all),
-    Dialog = wxTextEntryDialog:new(Frame, "Edit object:", [{value, Str}]),
-    case wxTextEntryDialog:showModal(Dialog) of
-	?wxID_OK ->
-	    New = wxTextEntryDialog:getValue(Dialog),
-	    wxTextEntryDialog:destroy(Dialog),
-	    case Str =:= New of
-		true -> ok;
-		false ->
-		    complete_edit(Index, New, Pid)
-	    end;
-	?wxID_CANCEL ->
-	    wxTextEntryDialog:destroy(Dialog)
-    end.
-
-complete_edit(Row, New0, Pid) ->
-    New = case lists:reverse(New0) of
-	      [$.|_] -> New0;
-	      _ -> New0 ++ "."
-	  end,
-    try
-	{ok, Tokens, _} = erl_scan:string(New),
-	{ok, Term} = erl_parse:parse_term(Tokens),
-	Pid ! {edit, Row, Term}
-    catch _:{badmatch, {error, {_, _, Err}}} ->
-	    self() ! {error, ["Parse error: ", Err]};
-	  _Err ->
-	    self() ! {error, ["Syntax error in: ", New]}
+    case observer_lib:user_term(Frame, "Edit object:", Str) of
+	cancel -> ok;
+	{ok, Term} -> Pid ! {edit, Index, Term};
+	Err = {error, _} -> self() ! Err
     end.
 
 handle_event(#wx{id=?ID_REFRESH},State = #state{pid=Pid}) ->
@@ -260,14 +235,7 @@ handle_event(#wx{event=#wxList{type=command_list_col_click, col=Col}},
     {noreply, State};
 
 handle_event(#wx{event=#wxSize{size={W,_}}},  State=#state{grid=Grid}) ->
-    wx:batch(fun() ->
-		     Cols = wxListCtrl:getColumnCount(Grid),
-		     Last = lists:foldl(fun(I, Last) ->
-						Last - wxListCtrl:getColumnWidth(Grid, I)
-					end, W-?LCTRL_WDECR, lists:seq(0, Cols - 2)),
-		     Size = max(?DEFAULT_COL_WIDTH, Last),
-		     wxListCtrl:setColumnWidth(Grid, Cols-1, Size)
-	     end),
+    observer_lib:set_listctrl_col_size(Grid, W),
     {noreply, State};
 
 handle_event(#wx{event=#wxList{type=command_list_item_selected, itemIndex=Index}},
@@ -300,8 +268,8 @@ handle_event(#wx{id=?ID_DELETE},
 handle_event(#wx{id=?wxID_CLOSE}, State) ->
     {stop, normal, State};
 
-handle_event(Help = #wx{id=?wxID_HELP}, State = #state{parent=Parent}) ->
-    Parent ! Help,
+handle_event(Help = #wx{id=?wxID_HELP}, State) ->
+    observer ! Help,
     {noreply, State};
 
 handle_event(#wx{id=?GOTO_ENTRY, event=#wxCommand{cmdString=Str}},
@@ -406,40 +374,51 @@ handle_event(#wx{id=?ID_REFRESH_INTERVAL},
     Timer = observer_lib:interval_dialog(Grid, Timer0, 10, 5*60),
     {noreply, State#state{timer=Timer}};
 
-handle_event(Event, State) ->
-    io:format("~p:~p, handle event ~p\n", [?MODULE, ?LINE, Event]),
+handle_event(_Event, State) ->
+    %io:format("~p:~p, handle event ~p\n", [?MODULE, ?LINE, Event]),
     {noreply, State}.
 
-handle_sync_event(Event, _Obj, _State) ->
-    io:format("~p:~p, handle sync_event ~p\n", [?MODULE, ?LINE, Event]),
+handle_sync_event(_Event, _Obj, _State) ->
+    %io:format("~p:~p, handle sync_event ~p\n", [?MODULE, ?LINE, Event]),
     ok.
 
-handle_call(Event, From, State) ->
-    io:format("~p:~p, handle call (~p) ~p\n", [?MODULE, ?LINE, From, Event]),
+handle_call(_Event, _From, State) ->
+    %io:format("~p:~p, handle call (~p) ~p\n", [?MODULE, ?LINE, From, Event]),
     {noreply, State}.
 
-handle_cast(Event, State) ->
-    io:format("~p:~p, handle cast ~p\n", [?MODULE, ?LINE, Event]),
+handle_cast(_Event, State) ->
+    %io:format("~p:~p, handle cast ~p\n", [?MODULE, ?LINE, Event]),
     {noreply, State}.
 
 handle_info({no_rows, N}, State = #state{grid=Grid, status=StatusBar}) ->
     wxListCtrl:setItemCount(Grid, N),
     wxStatusBar:setStatusText(StatusBar, io_lib:format("Objects: ~w",[N])),
     {noreply, State};
+
 handle_info({new_cols, New}, State = #state{grid=Grid, columns=Cols0}) ->
     Cols = add_columns(Grid, Cols0, New),
     {noreply, State#state{columns=Cols}};
+
 handle_info({refresh, Min, Max}, State = #state{grid=Grid}) ->
     wxListCtrl:refreshItems(Grid, Min, Max),
     {noreply, State};
+
+handle_info(refresh_interval, State = #state{pid=Pid}) ->
+    Pid ! refresh,
+    {noreply, State};
+
 handle_info({error, Error}, State = #state{frame=Frame}) ->
-    Dlg = wxMessageDialog:new(Frame, Error),
+    ErrorStr =
+	try io_lib:format("~ts", [Error]), Error
+	catch _:_ -> io_lib:format("~p", [Error])
+	end,
+    Dlg = wxMessageDialog:new(Frame, ErrorStr),
     wxMessageDialog:showModal(Dlg),
     wxMessageDialog:destroy(Dlg),
     {noreply, State};
 
-handle_info(Event, State) ->
-    io:format("~p:~p, handle info ~p\n", [?MODULE, ?LINE, Event]),
+handle_info(_Event, State) ->
+    %% io:format("~p:~p, handle info ~p\n", [?MODULE, ?LINE, _Event]),
     {noreply, State}.
 
 terminate(_Event, #state{pid=Pid, attrs=Attrs}) ->
@@ -537,7 +516,7 @@ table_holder(S0 = #holder{parent=Parent, pid=Pid, table=Table}) ->
 	    %% io:format("ignoring refresh", []),
 	    table_holder(S0);
 	refresh ->
-	    GetTab = rpc:call(S0#holder.node, ?MODULE, get_table,
+	    GetTab = rpc:call(S0#holder.node, observer_backend, get_table,
 			      [self(), S0#holder.tabid, S0#holder.source]),
 	    table_holder(S0#holder{pid=GetTab});
 	{delete, Row} ->
@@ -620,19 +599,22 @@ search([Str, Row, Dir0, CaseSens],
 	      true -> [];
 	      false -> [caseless]
 	  end,
-    {ok, Re} = re:compile(Str, Opt),
     Dir = case Dir0 of
 	      true -> 1;
 	      false -> -1
 	  end,
-    Res = search(Row, Dir, Re, Table),
+    Res = case re:compile(Str, Opt) of
+	      {ok, Re} ->
+		  search(Row, Dir, Re, Table);
+	      {error, _} -> false
+	  end,
     Parent ! {self(), Res},
     S#holder{search=Res}.
 
 search(Row, Dir, Re, Table) ->
     Res = try lists:nth(Row+1, Table) of
 	      Term ->
-		  Str = io_lib:format("~w", [Term]),
+		  Str = format(Term),
 		  re:run(Str, Re)
 	  catch _:_ -> no_more
 	  end,
@@ -645,9 +627,9 @@ search(Row, Dir, Re, Table) ->
 get_row(From, Row, Col, Table) ->
     case lists:nth(Row+1, Table) of
 	[Object|_] when Col =:= all ->
-	    From ! {self(), io_lib:format("~w", [Object])};
+	    From ! {self(), format(Object)};
 	[Object|_] when tuple_size(Object) >= Col ->
-	    From ! {self(), io_lib:format("~w", [element(Col, Object)])};
+	    From ! {self(), format(element(Col, Object))};
 	_ ->
 	    From ! {self(), ""}
     end.
@@ -738,49 +720,6 @@ insert(Object, #holder{tabid=Id, source=Source, node=Node}) ->
     end.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-get_table(Parent, Table, Module) ->
-    spawn(fun() ->
-		  link(Parent),
-		  get_table2(Parent, Table, Module)
-	  end).
-
-get_table2(Parent, Table, Type) ->
-    Size = case Type of
-	       ets -> ets:info(Table, size);
-	       mnesia -> mnesia:table_info(Table, size)
-	   end,
-    case Size > 0 of
-	false ->
-	    Parent ! {self(), '$end_of_table'},
-	    normal;
-	true when Type =:= ets ->
-	    Mem = ets:info(Table, memory),
-	    Average = Mem div Size,
-	    NoElements = max(10, 20000 div Average),
-	    get_ets_loop(Parent, ets:match(Table, '$1', NoElements));
-	true ->
-	    Mem = mnesia:table_info(Table, memory),
-	    Average = Mem div Size,
-	    NoElements = max(10, 20000 div Average),
-	    Ms = [{'$1', [], ['$1']}],
-	    Get = fun() ->
-			  get_mnesia_loop(Parent, mnesia:select(Table, Ms, NoElements, read))
-		  end,
-	    %% Not a transaction, we don't want to grab locks when inspecting the table
-	    mnesia:async_dirty(Get)
-    end.
-
-get_ets_loop(Parent, '$end_of_table') ->
-    Parent ! {self(), '$end_of_table'};
-get_ets_loop(Parent, {Match, Cont}) ->
-    Parent ! {self(), Match},
-    get_ets_loop(Parent, ets:match(Cont)).
-
-get_mnesia_loop(Parent, '$end_of_table') ->
-    Parent ! {self(), '$end_of_table'};
-get_mnesia_loop(Parent, {Match, Cont}) ->
-    Parent ! {self(), Match},
-    get_ets_loop(Parent, mnesia:select(Cont)).
 
 column_names(Node, Type, Table) ->
     case Type of
@@ -799,3 +738,58 @@ key_pos(Node, ets, TabId) ->
     KeyPos = rpc:call(Node, ets, info, [TabId, keypos]),
     is_integer(KeyPos) orelse throw(node_or_table_down),
     KeyPos.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+format(Tuple) when is_tuple(Tuple) ->
+    [${ |format_tuple(Tuple, 1, tuple_size(Tuple))];
+format(List) when is_list(List) ->
+    format_list(List);
+format(Bin) when is_binary(Bin), byte_size(Bin) > 100 ->
+    io_lib:format("<<#Bin:~w>>", [byte_size(Bin)]);
+format(Float) when is_float(Float) ->
+    io_lib:format("~.3g", [Float]);
+format(Term) ->
+    io_lib:format("~w", [Term]).
+
+format_tuple(Tuple, I, Max) when I < Max ->
+    [format(element(I, Tuple)), $,|format_tuple(Tuple, I+1, Max)];
+format_tuple(Tuple, Max, Max) ->
+    [format(element(Max, Tuple)), $}];
+format_tuple(_Tuple, 1, 0) ->
+    [$}].
+
+format_list([]) -> "[]";
+format_list(List) ->
+    case printable_list(List) of
+	true ->  io_lib:format("\"~ts\"", [List]);
+	false -> [$[ | make_list(List)]
+    end.
+
+make_list([Last]) ->
+    [format(Last), $]];
+make_list([Head|Tail]) ->
+    [format(Head), $,|make_list(Tail)].
+
+%% printable_list([Char]) -> bool()
+%%  Return true if CharList is a list of printable characters, else
+%%  false.
+
+printable_list([C|Cs]) when is_integer(C), C >= $ , C =< 255 ->
+    printable_list(Cs);
+printable_list([$\n|Cs]) ->
+    printable_list(Cs);
+printable_list([$\r|Cs]) ->
+    printable_list(Cs);
+printable_list([$\t|Cs]) ->
+    printable_list(Cs);
+printable_list([$\v|Cs]) ->
+    printable_list(Cs);
+printable_list([$\b|Cs]) ->
+    printable_list(Cs);
+printable_list([$\f|Cs]) ->
+    printable_list(Cs);
+printable_list([$\e|Cs]) ->
+    printable_list(Cs);
+printable_list([]) -> true;
+printable_list(_Other) -> false.	     %Everything else is false
diff --git a/lib/observer/src/observer_tv_wx.erl b/lib/observer/src/observer_tv_wx.erl
index ded03fadb1..b276965f83 100644
--- a/lib/observer/src/observer_tv_wx.erl
+++ b/lib/observer/src/observer_tv_wx.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2011. All Rights Reserved.
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,8 +23,6 @@
 -export([init/1, handle_info/2, terminate/2, code_change/3, handle_call/3,
 	 handle_event/2, handle_sync_event/3, handle_cast/2]).
 
--export([get_table_list/1]). %% RPC called move to runtime tools?
-
 -behaviour(wx_object).
 -include_lib("wx/include/wx.hrl").
 -include("observer_defs.hrl").
@@ -92,8 +90,7 @@ init([Notebook, Parent]) ->
     wxListCtrl:connect(Grid, size, [{skip, true}]),
 
     wxWindow:setFocus(Grid),
-    Timer = observer_lib:start_timer(10),
-    {Panel, #state{grid=Grid, parent=Parent, timer=Timer}}.
+    {Panel, #state{grid=Grid, parent=Parent, timer={false, 10}}}.
 
 handle_event(#wx{id=?ID_REFRESH},
 	     State = #state{node=Node, grid=Grid, opt=Opt}) ->
@@ -121,20 +118,18 @@ handle_event(#wx{id=Id}, State = #state{node=Node, grid=Grid, opt=Opt0})
 	      ?ID_UNREADABLE -> Opt0#opt{unread_hidden= not Opt0#opt.unread_hidden};
 	      ?ID_SYSTEM_TABLES -> Opt0#opt{sys_hidden= not Opt0#opt.sys_hidden}
 	  end,
-    Tables = get_tables(Node, Opt),
-    Tabs = update_grid(Grid, Opt, Tables),
-    wxWindow:setFocus(Grid),
-    {noreply, State#state{opt=Opt, tabs=Tabs}};
+    case get_tables2(Node, Opt) of
+	Error = {error, _} ->
+	    self() ! Error,
+	    {noreply, State};
+	Tables ->
+	    Tabs = update_grid(Grid, Opt, Tables),
+	    wxWindow:setFocus(Grid),
+	    {noreply, State#state{opt=Opt, tabs=Tabs}}
+    end;
 
 handle_event(#wx{event=#wxSize{size={W,_}}},  State=#state{grid=Grid}) ->
-    wx:batch(fun() ->
-		     Cols = wxListCtrl:getColumnCount(Grid),
-		     Last = lists:foldl(fun(I, Last) ->
-						Last - wxListCtrl:getColumnWidth(Grid, I)
-					end, W-?LCTRL_WDECR, lists:seq(0, Cols - 2)),
-		     Size = max(200, Last),
-		     wxListCtrl:setColumnWidth(Grid, Cols-1, Size)
-	     end),
+    observer_lib:set_listctrl_col_size(Grid, W),
     {noreply, State};
 
 handle_event(#wx{obj=Grid, event=#wxList{type=command_list_item_activated,
@@ -169,18 +164,17 @@ handle_event(#wx{id=?ID_REFRESH_INTERVAL},
     Timer = observer_lib:interval_dialog(Grid, Timer0, 10, 5*60),
     {noreply, State#state{timer=Timer}};
 
-handle_event(Event, State) ->
-    io:format("~p:~p, handle event ~p\n", [?MODULE, ?LINE, Event]),
-    {noreply, State}.
+handle_event(Event, _State) ->
+    error({unhandled_event, Event}).
 
 handle_sync_event(_Event, _Obj, _State) ->
     ok.
 
-handle_call(_Event, _From, State) ->
-    {noreply, State}.
+handle_call(Event, From, _State) ->
+    error({unhandled_call, Event, From}).
 
-handle_cast(_Event, State) ->
-    {noreply, State}.
+handle_cast(Event, _State) ->
+    error({unhandled_cast, Event}).
 
 handle_info(refresh_interval, State = #state{node=Node, grid=Grid, opt=Opt}) ->
     Tables = get_tables(Node, Opt),
@@ -200,12 +194,6 @@ handle_info(not_active, State = #state{timer = Timer0}) ->
     Timer = observer_lib:stop_timer(Timer0),
     {noreply, State#state{timer=Timer}};
 
-handle_info({node, Node}, State = #state{grid=Grid, opt=Opt}) ->
-    Tables = get_tables(Node, Opt),
-    Tabs = update_grid(Grid, Opt, Tables),
-    wxWindow:setFocus(Grid),
-    {noreply, State#state{node=Node, tabs=Tabs}};
-
 handle_info({error, Error}, State) ->
     handle_error(Error),
     {noreply, State};
@@ -240,95 +228,41 @@ create_menus(Parent, #opt{sys_hidden=Sys, unread_hidden=UnR, type=Type}) ->
 		    ]}],
     observer_wx:create_menus(Parent, MenuEntries).
 
-get_tables(Node, Opt) ->
-    case rpc:call(Node, ?MODULE, get_table_list, [Opt]) of
-	{badrpc, Error} ->
-	    self() ! {error, Error},
-	    [];
-	{error, Error} ->
-	    self() ! {error, Error},
+get_tables(Node, Opts) ->
+    case get_tables2(Node, Opts) of
+	Error = {error, _} ->
+	    self() ! Error,
 	    [];
+	Res ->
+	    Res
+    end.
+get_tables2(Node, #opt{type=Type, sys_hidden=Sys, unread_hidden=Unread}) ->
+    Args = [Type, [{sys_hidden,Sys}, {unread_hidden,Unread}]],
+    case rpc:call(Node, observer_backend, get_table_list, Args) of
+	{badrpc, Error} ->
+	    {error, Error};
+	Error = {error, _} ->
+	    Error;
 	Result ->
-	    Result
+	    [list_to_tabrec(Tab) || Tab <- Result]
     end.
 
-get_table_list(#opt{type=ets, unread_hidden=HideUnread, sys_hidden=HideSys}) ->
-    Info = fun(Id, Acc) ->
-		   try
-		       TabId = case ets:info(Id, named_table) of
-				   true -> ignore;
-				   false -> Id
-			       end,
-		       Name = ets:info(Id, name),
-		       Protection = ets:info(Id, protection),
-		       ignore(HideUnread andalso Protection == private, unreadable),
-		       Owner = ets:info(Id, owner),
-		       RegName = case catch process_info(Owner, registered_name) of
-				     [] -> ignore;
-				     {registered_name, ProcName} -> ProcName
-				 end,
-		       ignore(HideSys andalso ordsets:is_element(RegName, sys_processes()), system_tab),
-		       ignore(HideSys andalso ordsets:is_element(Name, sys_tables()), system_tab),
-		       ignore((RegName == mnesia_monitor)
-			      andalso Name /= schema
-			      andalso is_atom((catch mnesia:table_info(Name, where_to_read))), mnesia_tab),
-		       Memory = ets:info(Id, memory) * erlang:system_info(wordsize),
-		       Tab = #tab{name = Name,
-				  id = TabId,
-				  protection = Protection,
-				  owner = Owner,
-				  size = ets:info(Id, size),
-				  reg_name = RegName,
-				  type = ets:info(Id, type),
-				  keypos = ets:info(Id, keypos),
-				  heir = ets:info(Id, heir),
-				  memory = Memory,
-				  compressed = ets:info(Id, compressed),
-				  fixed = ets:info(Id, fixed)
-				 },
-		       [Tab|Acc]
-		   catch _:_What ->
-			   %% io:format("Skipped ~p: ~p ~n",[Id, _What]),
-			   Acc
-		   end
-	   end,
-    lists:foldl(Info, [], ets:all());
-get_table_list(#opt{type=mnesia, sys_hidden=HideSys}) ->
-    Owner = ets:info(schema, owner),
-    Owner /= undefined orelse
-	throw({error, "Mnesia is not running on: " ++ atom_to_list(node())}),
-    {registered_name, RegName} = process_info(Owner, registered_name),
-    Info = fun(Id, Acc) ->
-		   try
-		       Name = Id,
-		       ignore(HideSys andalso ordsets:is_element(Name, mnesia_tables()), system_tab),
-		       ignore(Name =:= schema, mnesia_tab),
-		       Storage = mnesia:table_info(Id, storage_type),
-		       Tab0 = #tab{name = Name,
-				   owner = Owner,
-				   size = mnesia:table_info(Id, size),
-				   reg_name = RegName,
-				   type = mnesia:table_info(Id, type),
-				   keypos = 2,
-				   memory = mnesia:table_info(Id, memory) * erlang:system_info(wordsize),
-				   storage = Storage,
-				   index = mnesia:table_info(Id, index)
-				  },
-		       Tab = if Storage == disc_only_copies ->
-				     Tab0#tab{fixed = element(2, dets:info(Id, safe_fixed)) /= []};
-				(Storage == ram_copies) orelse
-				(Storage == disc_copies) ->
-				     Tab0#tab{fixed = ets:info(Id, fixed),
-					      compressed = ets:info(Id, compressed)};
-				true -> Tab0
-			     end,
-		       [Tab|Acc]
-		   catch _:_What ->
-			   %% io:format("Skipped ~p: ~p ~n",[Id, _What]),
-			   Acc
-		   end
-	   end,
-    lists:foldl(Info, [], mnesia:system_info(tables)).
+list_to_tabrec(PL) ->
+    #tab{name = proplists:get_value(name, PL),
+	 id = proplists:get_value(id, PL, ignore),
+	 size = proplists:get_value(size, PL, 0),
+	 memory= proplists:get_value(memory, PL, 0),   %% In bytes
+	 owner=proplists:get_value(owner, PL),
+	 reg_name=proplists:get_value(reg_name, PL),
+	 protection = proplists:get_value(protection, PL, public),
+	 type=proplists:get_value(type, PL, set),
+	 keypos=proplists:get_value(keypos, PL, 1),
+	 heir=proplists:get_value(heir, PL, none),
+	 compressed=proplists:get_value(compressed, PL, false),
+	 fixed=proplists:get_value(fixed, PL, false),
+	 %% Mnesia Info
+	 storage =proplists:get_value(storage, PL),
+	 index = proplists:get_value(index, PL)}.
 
 display_table_info(Parent0, Node, Source, Table) ->
     Parent = observer_lib:get_wx_parent(Parent0),
@@ -379,62 +313,9 @@ display_table_info(Parent0, Node, Source, Table) ->
 
 list_to_strings([]) -> "None";
 list_to_strings([A]) -> integer_to_list(A);
-list_to_strings([A,B]) ->
+list_to_strings([A|B]) ->
     integer_to_list(A) ++ " ," ++ list_to_strings(B).
 
-sys_tables() ->
-    [ac_tab,  asn1,
-     cdv_dump_index_table,  cdv_menu_table,  cdv_decode_heap_table,
-     cell_id,  cell_pos,  clist,
-     cover_internal_data_table,   cover_collected_remote_data_table, cover_binary_code_table,
-     code, code_names,  cookies,
-     corba_policy,  corba_policy_associations,
-     dets, dets_owners, dets_registry,
-     disk_log_names, disk_log_pids,
-     eprof,  erl_atom_cache, erl_epmd_nodes,
-     etop_accum_tab,  etop_tr,
-     ets_coverage_data,
-     file_io_servers,
-     gs_mapping, gs_names,  gstk_db,
-     gstk_grid_cellid, gstk_grid_cellpos, gstk_grid_id,
-     httpd,
-     id,
-     ign_req_index, ign_requests,
-     index,
-     inet_cache, inet_db, inet_hosts,
-     'InitialReferences',
-     int_db,
-     interpreter_includedirs_macros,
-     ir_WstringDef,
-     lmcounter,  locks,
-%     mnesia_decision,
-     mnesia_gvar, mnesia_stats,
-%     mnesia_transient_decision,
-     pg2_table,
-     queue,
-     schema,
-     shell_records,
-     snmp_agent_table, snmp_local_db2, snmp_mib_data, snmp_note_store, snmp_symbolic_ets,
-     tkFun, tkLink, tkPriv,
-     ttb, ttb_history_table,
-     udp_fds, udp_pids
-    ].
-
-sys_processes() ->
-    [auth, code_server, global_name_server, inet_db,
-     mnesia_recover, net_kernel, timer_server, wxe_master].
-
-mnesia_tables() ->
-    [ir_AliasDef, ir_ArrayDef, ir_AttributeDef, ir_ConstantDef,
-     ir_Contained, ir_Container, ir_EnumDef, ir_ExceptionDef,
-     ir_IDLType, ir_IRObject, ir_InterfaceDef, ir_ModuleDef,
-     ir_ORB, ir_OperationDef, ir_PrimitiveDef, ir_Repository,
-     ir_SequenceDef, ir_StringDef, ir_StructDef, ir_TypedefDef,
-     ir_UnionDef, logTable, logTransferTable, mesh_meas,
-     mesh_type, mnesia_clist, orber_CosNaming,
-     orber_objkeys, user
-    ].
-
 handle_error(Foo) ->
     Str = io_lib:format("ERROR: ~s~n",[Foo]),
     observer_lib:display_info_dialog(Str).
@@ -470,6 +351,3 @@ update_grid2(Grid, #opt{sort_key=Sort,sort_incr=Dir}, Tables) ->
 	       end,
     lists:foldl(Update, 0, ProcInfo),
     ProcInfo.
-
-ignore(true, Reason) -> throw(Reason);
-ignore(_,_ ) -> ok.
diff --git a/lib/observer/src/observer_wx.erl b/lib/observer/src/observer_wx.erl
index f9dec1ab1b..5a593abf11 100644
--- a/lib/observer/src/observer_wx.erl
+++ b/lib/observer/src/observer_wx.erl
@@ -54,13 +54,17 @@
 	 tv_panel,
 	 sys_panel,
 	 trace_panel,
+	 app_panel,
 	 active_tab,
 	 node,
 	 nodes
 	}).
 
 start() ->
-    wx_object:start(?MODULE, [], []).
+    case wx_object:start(?MODULE, [], []) of
+	Err = {error, _} -> Err;
+	_Obj -> ok
+    end.
 
 create_menus(Object, Menus) when is_list(Menus) ->
     wx_object:call(Object, {create_menus, Menus}).
@@ -78,7 +82,7 @@ init(_Args) ->
     wx:new(),
     catch wxSystemOptions:setOption("mac.listctrl.always_use_generic", 1),
     Frame = wxFrame:new(wx:null(), ?wxID_ANY, "Observer",
-			[{size, {1000, 500}}, {style, ?wxDEFAULT_FRAME_STYLE}]),
+			[{size, {850, 600}}, {style, ?wxDEFAULT_FRAME_STYLE}]),
     IconFile = filename:join(code:priv_dir(observer), "erlang_observer.png"),
     Icon = wxIcon:new(IconFile, [{type,?wxBITMAP_TYPE_PNG}]),
     wxFrame:setIcon(Frame, Icon),
@@ -125,6 +129,10 @@ setup(#state{frame = Frame} = State) ->
     %% I postpone the creation of the other tabs so they can query/use
     %% the window size
 
+    %% App Viewer Panel
+    AppPanel = observer_app_wx:start_link(Notebook, self()),
+    wxNotebook:addPage(Notebook, AppPanel, "Applications", []),
+
     %% Process Panel
     ProPanel = observer_pro_wx:start_link(Notebook, self()),
     wxNotebook:addPage(Notebook, ProPanel, "Processes", []),
@@ -137,6 +145,7 @@ setup(#state{frame = Frame} = State) ->
     TracePanel = observer_trace_wx:start_link(Notebook, self()),
     wxNotebook:addPage(Notebook, TracePanel, ?TRACE_STR, []),
 
+
     %% Force redraw (window needs it)
     wxWindow:refresh(Panel),
 
@@ -150,16 +159,24 @@ setup(#state{frame = Frame} = State) ->
 			   pro_panel = ProPanel,
 			   tv_panel  = TVPanel,
 			   trace_panel = TracePanel,
+			   app_panel = AppPanel,
 			   active_tab = SysPid,
 			   node  = node(),
 			   nodes = Nodes
 			  },
     %% Create resources which we don't want to duplicate
-    SysFont = wxSystemSettings:getFont(?wxSYS_DEFAULT_GUI_FONT),
-    SysFontSize = wxFont:getPointSize(SysFont),
-    Modern = wxFont:new(SysFontSize, ?wxFONTFAMILY_MODERN, ?wxFONTSTYLE_NORMAL, ?wxFONTWEIGHT_NORMAL),
-    put({font, modern}, Modern),
-    put({font, fixed}, Modern),
+    SysFont = wxSystemSettings:getFont(?wxSYS_SYSTEM_FIXED_FONT),
+    %% OemFont = wxSystemSettings:getFont(?wxSYS_OEM_FIXED_FONT),
+    %% io:format("Sz sys ~p(~p) oem ~p(~p)~n",
+    %% 	      [wxFont:getPointSize(SysFont), wxFont:isFixedWidth(SysFont),
+    %% 	       wxFont:getPointSize(OemFont), wxFont:isFixedWidth(OemFont)]),
+    Fixed = case wxFont:isFixedWidth(SysFont) of
+		true -> SysFont;
+		false -> %% Sigh
+		    SysFontSize = wxFont:getPointSize(SysFont),
+		    wxFont:new(SysFontSize, ?wxFONTFAMILY_MODERN, ?wxFONTSTYLE_NORMAL, ?wxFONTWEIGHT_NORMAL)
+	    end,
+    put({font, fixed}, Fixed),
     UpdState.
 
 
@@ -270,10 +287,13 @@ handle_cast(_Cast, State) ->
 
 handle_call({create_menus, TabMenus}, _From,
 	    State = #state{menubar=MenuBar, menus=PrevTabMenus}) ->
-    wx:batch(fun() ->
-		     clean_menus(PrevTabMenus, MenuBar),
-		     observer_lib:create_menus(TabMenus, MenuBar, plugin)
-	     end),
+    if TabMenus == PrevTabMenus -> ignore;
+       true ->
+	    wx:batch(fun() ->
+			     clean_menus(PrevTabMenus, MenuBar),
+			     observer_lib:create_menus(TabMenus, MenuBar, plugin)
+		     end)
+    end,
     {reply, ok, State#state{menus=TabMenus}};
 
 handle_call({get_attrib, Attrib}, _From, State) ->
@@ -302,6 +322,10 @@ handle_info({nodedown, Node},
     create_txt_dialog(Frame, Msg, "Node down", ?wxICON_EXCLAMATION),
     {noreply, State3};
 
+handle_info({'EXIT', _Pid, _Reason}, State) ->
+    io:format("Child crashed exiting:  ~p ~p~n", [_Pid,_Reason]),
+    {stop, normal, State};
+
 handle_info(_Info, State) ->
     {noreply, State}.
 
@@ -368,9 +392,8 @@ connect2(NodeName, Opts, Cookie) ->
 	    {error, net_kernel, Reason}
     end.
 
-change_node_view(Node, State = #state{pro_panel=Pro, sys_panel=Sys, tv_panel=Tv}) ->
-    lists:foreach(fun(Pid) -> wx_object:get_pid(Pid) ! {node, Node} end,
-		  [Pro, Sys, Tv]),
+change_node_view(Node, State) ->
+    get_active_pid(State) ! {active, Node},
     StatusText = ["Observer - " | atom_to_list(Node)],
     wxFrame:setTitle(State#state.frame, StatusText),
     wxStatusBar:setStatusText(State#state.status_bar, StatusText),
@@ -380,12 +403,14 @@ check_page_title(Notebook) ->
     Selection = wxNotebook:getSelection(Notebook),
     wxNotebook:getPageText(Notebook, Selection).
 
-get_active_pid(#state{notebook=Notebook, pro_panel=Pro, sys_panel=Sys, tv_panel=Tv, trace_panel=Trace}) ->
+get_active_pid(#state{notebook=Notebook, pro_panel=Pro, sys_panel=Sys,
+		      tv_panel=Tv, trace_panel=Trace, app_panel=App}) ->
     Panel = case check_page_title(Notebook) of
 		"Processes" -> Pro;
 		"System" -> Sys;
 		"Table Viewer" -> Tv;
-		?TRACE_STR -> Trace
+		?TRACE_STR -> Trace;
+		"Applications" -> App
 	    end,
     wx_object:get_pid(Panel).
 
@@ -468,7 +493,7 @@ default_menus(NodesMenuItems) ->
 				 [#create_menu{id = ?ID_CONNECT, text = "Enable distribution"}]}
 	       end,
     case os:type() =:= {unix, darwin} of
-	false -> 
+	false ->
 	    FileMenu = {"File", [Quit]},
 	    HelpMenu = {"Help", [About,Help]},
 	    [FileMenu, NodeMenu, HelpMenu];
diff --git a/lib/observer/test/crashdump_helper.erl b/lib/observer/test/crashdump_helper.erl
index d1c65f97e8..520fcdfd0d 100644
--- a/lib/observer/test/crashdump_helper.erl
+++ b/lib/observer/test/crashdump_helper.erl
@@ -19,7 +19,7 @@
 
 -module(crashdump_helper).
 -export([n1_proc/2,remote_proc/2]).
--compile(r12).
+-compile(r13).
 -include("test_server.hrl").
 
 n1_proc(N2,Creator) ->
diff --git a/lib/observer/test/crashdump_viewer_SUITE.erl b/lib/observer/test/crashdump_viewer_SUITE.erl
index fdc4a2f1ff..79ece7edf5 100644
--- a/lib/observer/test/crashdump_viewer_SUITE.erl
+++ b/lib/observer/test/crashdump_viewer_SUITE.erl
@@ -70,7 +70,7 @@ init_per_suite(Config) when is_list(Config) ->
     application:start(inets), % will be using the http client later
     httpc:set_options([{ipfamily,inet6fb4}]),
     DataDir = ?config(data_dir,Config),
-    Rels = [R || R <- [r12b,r13b], ?t:is_release_available(R)] ++ [current],
+    Rels = [R || R <- [r13b,r14b], ?t:is_release_available(R)] ++ [current],
     io:format("Creating crash dumps for the following releases: ~p", [Rels]),
     AllDumps = create_dumps(DataDir,Rels),
     ?t:timetrap_cancel(Dog),
@@ -722,7 +722,8 @@ dump_prefix(Rel) ->
 	r11b -> "r11b_dump.";
 	r12b -> "r12b_dump.";
 	r13b -> "r13b_dump.";
-	current -> "r14b_dump."
+	r14b -> "r14b_dump.";
+	current -> "r15b_dump."
     end.
 
 compat_rel(Rel) ->
@@ -733,5 +734,6 @@ compat_rel(Rel) ->
 	r11b -> "+R11 ";
 	r12b -> "+R12 ";
 	r13b -> "+R13 ";
+	r14b -> "+R13 ";
 	current -> ""
     end.
diff --git a/lib/observer/test/etop_SUITE.erl b/lib/observer/test/etop_SUITE.erl
index a0782ea809..a277453620 100644
--- a/lib/observer/test/etop_SUITE.erl
+++ b/lib/observer/test/etop_SUITE.erl
@@ -57,11 +57,14 @@ end_per_group(_GroupName, Config) ->
     Config.
 
 
-text(suite) ->
-    [];
-text(doc) ->
-    ["Start etop with text presentation"];
-text(Config) when is_list(Config) ->
+%% Start etop with text presentation
+text(_) ->
+    case test_server:is_native(lists) of
+	true -> {skip,"Native libs -- tracing does not work"};
+	false -> text()
+    end.
+
+text() ->
     ?line {ok,Node} = ?t:start_node(node2,peer,[]),
 
     %% Must spawn this process, else the test case will never end.
diff --git a/lib/observer/vsn.mk b/lib/observer/vsn.mk
index 76e2f591fa..fa104ede01 100644
--- a/lib/observer/vsn.mk
+++ b/lib/observer/vsn.mk
@@ -1 +1 @@
-OBSERVER_VSN = 0.9.10
+OBSERVER_VSN = 1.0
diff --git a/lib/odbc/aclocal.m4 b/lib/odbc/aclocal.m4
index 151fd5ea5a..339a15a2bb 120000..100644
--- a/lib/odbc/aclocal.m4
+++ b/lib/odbc/aclocal.m4
@@ -1 +1,1766 @@
-../../erts/aclocal.m4
\ No newline at end of file
+dnl
+dnl %CopyrightBegin%
+dnl
+dnl Copyright Ericsson AB 1998-2011. All Rights Reserved.
+dnl
+dnl The contents of this file are subject to the Erlang Public License,
+dnl Version 1.1, (the "License"); you may not use this file except in
+dnl compliance with the License. You should have received a copy of the
+dnl Erlang Public License along with this software. If not, it can be
+dnl retrieved online at http://www.erlang.org/.
+dnl
+dnl Software distributed under the License is distributed on an "AS IS"
+dnl basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+dnl the License for the specific language governing rights and limitations
+dnl under the License.
+dnl
+dnl %CopyrightEnd%
+dnl
+
+dnl
+dnl aclocal.m4
+dnl
+dnl Local macros used in configure.in. The Local Macros which
+dnl could/should be part of autoconf are prefixed LM_, macros specific
+dnl to the Erlang system are prefixed ERL_.
+dnl
+
+AC_DEFUN(LM_PRECIOUS_VARS,
+[
+
+dnl ERL_TOP
+AC_ARG_VAR(ERL_TOP, [Erlang/OTP top source directory])
+
+dnl Tools
+AC_ARG_VAR(CC, [C compiler])
+AC_ARG_VAR(CFLAGS, [C compiler flags])
+AC_ARG_VAR(STATIC_CFLAGS, [C compiler static flags])
+AC_ARG_VAR(CFLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag passed via C compiler])
+AC_ARG_VAR(CPP, [C/C++ preprocessor])
+AC_ARG_VAR(CPPFLAGS, [C/C++ preprocessor flags])
+AC_ARG_VAR(CXX, [C++ compiler])
+AC_ARG_VAR(CXXFLAGS, [C++ compiler flags])
+AC_ARG_VAR(LD, [linker (is often overridden by configure)])
+AC_ARG_VAR(LDFLAGS, [linker flags (can be risky to set since LD may be overriden by configure)])
+AC_ARG_VAR(LIBS, [libraries])
+AC_ARG_VAR(DED_LD, [linker for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LDFLAGS, [linker flags for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LD_FLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(LFS_CFLAGS, [large file support C compiler flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LDFLAGS, [large file support linker flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LIBS, [large file support libraries (set all LFS_* variables or none)])
+AC_ARG_VAR(RANLIB, [ranlib])
+AC_ARG_VAR(AR, [ar])
+AC_ARG_VAR(GETCONF, [getconf])
+
+dnl Cross system root
+AC_ARG_VAR(erl_xcomp_sysroot, [Absolute cross system root path (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_isysroot, [Absolute cross system root include path (only used when cross compiling)])
+
+dnl Cross compilation variables
+AC_ARG_VAR(erl_xcomp_bigendian, [big endian system: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_clock_gettime_correction, [clock_gettime() can be used for time correction: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_nptl, [have Native POSIX Thread Library: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigusrx, [SIGUSR1 and SIGUSR2 can be used: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigaltstack, [have working sigaltstack(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_poll, [have working poll(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_kqueue, [have working kqueue(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_putenv_copy, [putenv() stores key-value copy: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_reliable_fpe, [have reliable floating point exceptions: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_getaddrinfo, [have working getaddrinfo() for both IPv4 and IPv6: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_gethrvtime_procfs_ioctl, [have working gethrvtime() which can be used with procfs ioctl(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_clock_gettime_cpu_time, [clock_gettime() can be used for retrieving process CPU time: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_after_morecore_hook, [__after_morecore_hook can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_dlsym_brk_wrappers, [dlsym(RTLD_NEXT, _) brk wrappers can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+
+])
+
+AC_DEFUN(ERL_XCOMP_SYSROOT_INIT,
+[
+erl_xcomp_without_sysroot=no
+if test "$cross_compiling" = "yes"; then
+    test "$erl_xcomp_sysroot" != "" || erl_xcomp_without_sysroot=yes
+    test "$erl_xcomp_isysroot" != "" || erl_xcomp_isysroot="$erl_xcomp_sysroot"
+else
+    erl_xcomp_sysroot=
+    erl_xcomp_isysroot=
+fi
+])
+
+AC_DEFUN(LM_CHECK_GETCONF,
+[
+if test "$cross_compiling" != "yes"; then
+    AC_CHECK_PROG([GETCONF], [getconf], [getconf], [false])
+else
+    dnl First check if we got a `<HOST>-getconf' in $PATH
+    host_getconf="$host_alias-getconf"
+    AC_CHECK_PROG([GETCONF], [$host_getconf], [$host_getconf], [false])
+    if test "$GETCONF" = "false" && test "$erl_xcomp_sysroot" != ""; then
+	dnl We should perhaps give up if we have'nt found it by now, but at
+	dnl least in one Tilera MDE `getconf' under sysroot is a bourne
+	dnl shell script which we can use. We try to find `<HOST>-getconf'
+    	dnl or `getconf' under sysconf, but only under sysconf since
+	dnl `getconf' in $PATH is almost guaranteed to be for the build
+	dnl machine.
+	GETCONF=
+	prfx="$erl_xcomp_sysroot"
+        AC_PATH_TOOL([GETCONF], [getconf], [false],
+	             ["$prfx/usr/bin:$prfx/bin:$prfx/usr/local/bin"])
+    fi
+fi
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_WINDOWS_ENVIRONMENT
+dnl
+dnl
+dnl Tries to determine thw windows build environment, i.e. 
+dnl MIXED_CYGWIN_VC or MIXED_MSYS_VC 
+dnl
+
+AC_DEFUN(LM_WINDOWS_ENVIRONMENT,
+[
+MIXED_CYGWIN=no
+MIXED_MSYS=no
+
+AC_MSG_CHECKING(for mixed cygwin or msys and native VC++ environment)
+if test "X$host" = "Xwin32" -a "x$GCC" != "xyes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([Cygwin and VC])
+		MIXED_CYGWIN_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_VC"
+	elif test -x /usr/bin/msysinfo; then
+	        CFLAGS="-O2"
+		MIXED_MSYS=yes
+		AC_MSG_RESULT([MSYS and VC])
+		MIXED_MSYS_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_MSYS_VC"
+	else		    
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_VC=no
+	MIXED_MSYS_VC=no
+fi
+AC_SUBST(MIXED_CYGWIN_VC)
+AC_SUBST(MIXED_MSYS_VC)
+
+MIXED_VC=no
+if test "x$MIXED_MSYS_VC" = "xyes" -o  "x$MIXED_CYGWIN_VC" = "xyes" ; then
+   MIXED_VC=yes
+fi
+
+AC_SUBST(MIXED_VC)
+
+if test "x$MIXED_MSYS" != "xyes"; then
+   AC_MSG_CHECKING(for mixed cygwin and native MinGW environment)
+   if test "X$host" = "Xwin32" -a "x$GCC" = x"yes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([yes])
+		MIXED_CYGWIN_MINGW=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_MINGW"
+	else
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+    else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_MINGW=no
+    fi
+else
+	MIXED_CYGWIN_MINGW=no
+fi	
+AC_SUBST(MIXED_CYGWIN_MINGW)
+
+AC_MSG_CHECKING(if we mix cygwin with any native compiler)
+if test "X$MIXED_CYGWIN" = "Xyes"; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_CYGWIN)
+	
+AC_MSG_CHECKING(if we mix msys with another native compiler)
+if test "X$MIXED_MSYS" = "Xyes" ; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_MSYS)
+])		
+	
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_FIND_EMU_CC
+dnl
+dnl
+dnl Tries fairly hard to find a C compiler that can handle jump tables.
+dnl Defines the @EMU_CC@ variable for the makefiles and 
+dnl inserts NO_JUMP_TABLE in the header if one cannot be found...
+dnl
+
+AC_DEFUN(LM_FIND_EMU_CC,
+	[AC_CACHE_CHECK(for a compiler that handles jumptables,
+			ac_cv_prog_emu_cc,
+			[
+AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    __label__ lbl1;
+    __label__ lbl2;
+    int x = magic();
+    static void *jtab[2];
+
+    jtab[0] = &&lbl1;
+    jtab[1] = &&lbl2;
+    goto *jtab[x];
+lbl1:
+    return 1;
+lbl2:
+    return 2;
+],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+
+if test $ac_cv_prog_emu_cc = no; then
+	for ac_progname in emu_cc.sh gcc-4.2 gcc; do
+  		IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  		ac_dummy="$PATH"
+  		for ac_dir in $ac_dummy; do
+    			test -z "$ac_dir" && ac_dir=.
+    			if test -f $ac_dir/$ac_progname; then
+      				ac_cv_prog_emu_cc=$ac_dir/$ac_progname
+      				break
+    			fi
+  		done
+  		IFS="$ac_save_ifs"
+		if test $ac_cv_prog_emu_cc != no; then
+			break
+		fi
+	done
+fi
+
+if test $ac_cv_prog_emu_cc != no; then
+	save_CC=$CC
+	save_CFLAGS=$CFLAGS
+	save_CPPFLAGS=$CPPFLAGS
+	CC=$ac_cv_prog_emu_cc
+	CFLAGS=""
+	CPPFLAGS=""
+	AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    	__label__ lbl1;
+    	__label__ lbl2;
+    	int x = magic();
+    	static void *jtab[2];
+
+    	jtab[0] = &&lbl1;
+    	jtab[1] = &&lbl2;
+    	goto *jtab[x];
+	lbl1:
+    	return 1;
+	lbl2:
+    	return 2;
+	],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+	CC=$save_CC
+	CFLAGS=$save_CFLAGS
+	CPPFLAGS=$save_CPPFLAGS
+fi
+])
+if test $ac_cv_prog_emu_cc = no; then
+	AC_DEFINE(NO_JUMP_TABLE,[],[Defined if no found C compiler can handle jump tables])
+	EMU_CC=$CC
+else
+	EMU_CC=$ac_cv_prog_emu_cc
+fi
+AC_SUBST(EMU_CC)
+])		
+			
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_INSTALL_DIR
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl Figure out how to create directories with parents.
+dnl (In my opinion INSTALL_DIR is a bad name, MKSUBDIRS or something is better)
+dnl
+dnl We prefer 'install -d', but use 'mkdir -p' if it exists.
+dnl If none of these methods works, we give up.
+dnl
+
+
+AC_DEFUN(LM_PROG_INSTALL_DIR,
+[AC_CACHE_CHECK(how to create a directory including parents,
+ac_cv_prog_mkdir_p,
+[
+temp_name_base=config.$$
+temp_name=$temp_name_base/x/y/z
+$INSTALL -d $temp_name >/dev/null 2>&1
+ac_cv_prog_mkdir_p=none
+if test -d $temp_name; then
+        ac_cv_prog_mkdir_p="$INSTALL -d"
+else
+        mkdir -p $temp_name >/dev/null 2>&1
+        if test -d $temp_name; then
+                ac_cv_prog_mkdir_p="mkdir -p"
+        fi
+fi
+rm -fr $temp_name_base           
+])
+
+case "${ac_cv_prog_mkdir_p}" in
+  none) AC_MSG_ERROR(don't know how create directories with parents) ;;
+  *)    INSTALL_DIR="$ac_cv_prog_mkdir_p" AC_SUBST(INSTALL_DIR)     ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_PERL5
+dnl
+dnl Try to find perl version 5. If found set PERL to the absolute path
+dnl of the program, if not found set PERL to false.
+dnl
+dnl On some systems /usr/bin/perl is perl 4 and e.g.
+dnl /usr/local/bin/perl is perl 5. We try to handle this case by
+dnl putting a couple of 
+dnl Tries to handle the case that there are two programs called perl
+dnl in the path and one of them is perl 5 and the other isn't. 
+dnl
+AC_DEFUN(LM_PROG_PERL5,
+[AC_PATH_PROGS(PERL, perl5 perl, false,
+   /usr/local/bin:/opt/local/bin:/usr/local/gnu/bin:${PATH})
+changequote(, )dnl
+dnl[ That bracket is needed to balance the right bracket below
+if test "$PERL" = "false" || $PERL -e 'exit ($] >= 5)'; then
+changequote([, ])dnl
+  ac_cv_path_PERL=false
+  PERL=false
+dnl  AC_MSG_WARN(perl version 5 not found)
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SO_BSDCOMPAT
+dnl
+dnl Check if the system has the SO_BSDCOMPAT flag on sockets (linux) 
+dnl
+AC_DEFUN(LM_DECL_SO_BSDCOMPAT,
+[AC_CACHE_CHECK([for SO_BSDCOMPAT declaration], ac_cv_decl_so_bsdcompat,
+AC_TRY_COMPILE([#include <sys/socket.h>], [int i = SO_BSDCOMPAT;],
+               ac_cv_decl_so_bsdcompat=yes,
+               ac_cv_decl_so_bsdcompat=no))
+
+case "${ac_cv_decl_so_bsdcompat}" in
+  "yes" ) AC_DEFINE(HAVE_SO_BSDCOMPAT,[],
+		[Define if you have SO_BSDCOMPAT flag on sockets]) ;;
+  * ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_INADDR_LOOPBACK
+dnl
+dnl Try to find declaration of INADDR_LOOPBACK, if nowhere provide a default
+dnl
+
+AC_DEFUN(LM_DECL_INADDR_LOOPBACK,
+[AC_CACHE_CHECK([for INADDR_LOOPBACK in netinet/in.h],
+ ac_cv_decl_inaddr_loopback,
+[AC_TRY_COMPILE([#include <sys/types.h>
+#include <netinet/in.h>], [int i = INADDR_LOOPBACK;],
+ac_cv_decl_inaddr_loopback=yes, ac_cv_decl_inaddr_loopback=no)
+])
+
+if test ${ac_cv_decl_inaddr_loopback} = no; then
+  AC_CACHE_CHECK([for INADDR_LOOPBACK in rpc/types.h],
+                   ac_cv_decl_inaddr_loopback_rpc,
+                   AC_TRY_COMPILE([#include <rpc/types.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_rpc=yes,
+                                   ac_cv_decl_inaddr_loopback_rpc=no))
+
+   case "${ac_cv_decl_inaddr_loopback_rpc}" in
+     "yes" )
+        AC_DEFINE(DEF_INADDR_LOOPBACK_IN_RPC_TYPES_H,[],
+		[Define if you need to include rpc/types.h to get INADDR_LOOPBACK defined]) ;;
+      * )
+  	AC_CACHE_CHECK([for INADDR_LOOPBACK in winsock2.h],
+                   ac_cv_decl_inaddr_loopback_winsock2,
+                   AC_TRY_COMPILE([#define WIN32_LEAN_AND_MEAN
+				   #include <winsock2.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_winsock2=yes,
+                                   ac_cv_decl_inaddr_loopback_winsock2=no))
+	case "${ac_cv_decl_inaddr_loopback_winsock2}" in
+     		"yes" )
+			AC_DEFINE(DEF_INADDR_LOOPBACK_IN_WINSOCK2_H,[],
+				[Define if you need to include winsock2.h to get INADDR_LOOPBACK defined]) ;;
+		* )
+			# couldn't find it anywhere
+        		AC_DEFINE(HAVE_NO_INADDR_LOOPBACK,[],
+				[Define if you don't have a definition of INADDR_LOOPBACK]) ;;
+	esac;;
+   esac
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_SOCKADDR_SA_LEN
+dnl
+dnl Check if the sockaddr structure has the field sa_len
+dnl
+
+AC_DEFUN(LM_STRUCT_SOCKADDR_SA_LEN,
+[AC_CACHE_CHECK([whether struct sockaddr has sa_len field],
+                ac_cv_struct_sockaddr_sa_len,
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <sys/socket.h>], [struct sockaddr s; s.sa_len = 10;],
+  ac_cv_struct_sockaddr_sa_len=yes, ac_cv_struct_sockaddr_sa_len=no))
+
+dnl FIXME convbreak
+case ${ac_cv_struct_sockaddr_sa_len} in
+  "no" ) AC_DEFINE(NO_SA_LEN,[1],[Define if you dont have salen]) ;;
+  *) ;;
+esac
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_EXCEPTION
+dnl
+dnl Check to see whether the system supports the matherr function
+dnl and its associated type "struct exception".
+dnl
+
+AC_DEFUN(LM_STRUCT_EXCEPTION,
+[AC_CACHE_CHECK([for struct exception (and matherr function)],
+ ac_cv_struct_exception,
+AC_TRY_COMPILE([#include <math.h>],
+  [struct exception x; x.type = DOMAIN; x.type = SING;],
+  ac_cv_struct_exception=yes, ac_cv_struct_exception=no))
+
+case "${ac_cv_struct_exception}" in
+  "yes" ) AC_DEFINE(USE_MATHERR,[1],[Define if you have matherr() function and struct exception type]) ;;
+  *  ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_IPV6
+dnl
+dnl Check for ipv6 support and what the in6_addr structure is called.
+dnl (early linux used in_addr6 insted of in6_addr)
+dnl
+
+AC_DEFUN(LM_SYS_IPV6,
+[AC_MSG_CHECKING(for IP version 6 support)
+AC_CACHE_VAL(ac_cv_sys_ipv6_support,
+[ok_so_far=yes
+ AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+   [struct in6_addr a6; struct sockaddr_in6 s6;], ok_so_far=yes, ok_so_far=no)
+
+if test $ok_so_far = yes; then
+  ac_cv_sys_ipv6_support=yes
+else
+  AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+    [struct in_addr6 a6; struct sockaddr_in6 s6;],
+    ac_cv_sys_ipv6_support=in_addr6, ac_cv_sys_ipv6_support=no)
+fi
+])dnl
+
+dnl
+dnl Have to use old style AC_DEFINE due to BC with old autoconf.
+dnl
+
+case ${ac_cv_sys_ipv6_support} in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    ;;
+  in_addr6)
+    AC_MSG_RESULT([yes (but I am redefining in_addr6 to in6_addr)])
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    AC_DEFINE(HAVE_IN_ADDR6_STRUCT,[],[Early linux used in_addr6 instead of in6_addr, define if you have this])
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_MULTICAST
+dnl
+dnl Check for multicast support. Only checks for multicast options in
+dnl setsockopt(), no check is performed that multicasting actually works.
+dnl If options are found defines HAVE_MULTICAST_SUPPORT
+dnl
+
+AC_DEFUN(LM_SYS_MULTICAST,
+[AC_CACHE_CHECK([for multicast support], ac_cv_sys_multicast_support,
+[AC_EGREP_CPP(yes,
+[#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#if defined(IP_MULTICAST_TTL) && defined(IP_MULTICAST_LOOP) && defined(IP_MULTICAST_IF) && defined(IP_ADD_MEMBERSHIP) && defined(IP_DROP_MEMBERSHIP)
+yes
+#endif
+], ac_cv_sys_multicast_support=yes, ac_cv_sys_multicast_support=no)])
+if test $ac_cv_sys_multicast_support = yes; then
+  AC_DEFINE(HAVE_MULTICAST_SUPPORT,[1],
+	[Define if setsockopt() accepts multicast options])
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SYS_ERRLIST
+dnl
+dnl Define SYS_ERRLIST_DECLARED if the variable sys_errlist is declared
+dnl in a system header file, stdio.h or errno.h.
+dnl
+
+AC_DEFUN(LM_DECL_SYS_ERRLIST,
+[AC_CACHE_CHECK([for sys_errlist declaration in stdio.h or errno.h],
+  ac_cv_decl_sys_errlist,
+[AC_TRY_COMPILE([#include <stdio.h>
+#include <errno.h>], [char *msg = *(sys_errlist + 1);],
+  ac_cv_decl_sys_errlist=yes, ac_cv_decl_sys_errlist=no)])
+if test $ac_cv_decl_sys_errlist = yes; then
+  AC_DEFINE(SYS_ERRLIST_DECLARED,[],
+	[define if the variable sys_errlist is declared in a system header file])
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_FUNC_DECL( funname, declaration [, extra includes 
+dnl                     [, action-if-found [, action-if-not-found]]] )
+dnl
+dnl Checks if the declaration "declaration" of "funname" conflicts
+dnl with the header files idea of how the function should be
+dnl declared. It is useful on systems which lack prototypes and you
+dnl need to provide your own (e.g. when you want to take the address
+dnl of a function). The 4'th argument is expanded if conflicting, 
+dnl the 5'th argument otherwise
+dnl
+dnl
+
+AC_DEFUN(LM_CHECK_FUNC_DECL,
+[AC_MSG_CHECKING([for conflicting declaration of $1])
+AC_CACHE_VAL(ac_cv_func_decl_$1,
+[AC_TRY_COMPILE([#include <stdio.h>
+$3],[$2
+char *c = (char *)$1;
+], eval "ac_cv_func_decl_$1=no", eval "ac_cv_func_decl_$1=yes")])
+if eval "test \"`echo '$ac_cv_func_decl_'$1`\" = yes"; then
+  AC_MSG_RESULT(yes)
+  ifelse([$4], , :, [$4])
+else
+  AC_MSG_RESULT(no)
+ifelse([$5], , , [$5
+])dnl
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_THR_LIB
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl LM_CHECK_THR_LIB sets THR_LIBS, THR_DEFS, and THR_LIB_NAME. It also
+dnl checks for some pthread headers which will appear in DEFS or config.h.
+dnl
+
+AC_DEFUN(LM_CHECK_THR_LIB,
+[
+
+NEED_NPTL_PTHREAD_H=no
+
+dnl win32?
+AC_MSG_CHECKING([for native win32 threads])
+if test "X$host_os" = "Xwin32"; then
+    AC_MSG_RESULT(yes)
+    THR_DEFS="-DWIN32_THREADS"
+    THR_LIBS=
+    THR_LIB_NAME=win32_threads
+    THR_LIB_TYPE=win32_threads
+else
+    AC_MSG_RESULT(no)
+    THR_DEFS=
+    THR_LIBS=
+    THR_LIB_NAME=
+    THR_LIB_TYPE=posix_unknown
+
+dnl Try to find POSIX threads
+
+dnl The usual pthread lib...
+    AC_CHECK_LIB(pthread, pthread_create, THR_LIBS="-lpthread")
+
+dnl FreeBSD has pthreads in special c library, c_r...
+    if test "x$THR_LIBS" = "x"; then
+	AC_CHECK_LIB(c_r, pthread_create, THR_LIBS="-lc_r")
+    fi
+
+dnl On ofs1 the '-pthread' switch should be used
+    if test "x$THR_LIBS" = "x"; then
+	AC_MSG_CHECKING([if the '-pthread' switch can be used])
+	saved_cflags=$CFLAGS
+	CFLAGS="$CFLAGS -pthread"
+	AC_TRY_LINK([#include <pthread.h>],
+		    pthread_create((void*)0,(void*)0,(void*)0,(void*)0);,
+		    [THR_DEFS="-pthread"
+		     THR_LIBS="-pthread"])
+	CFLAGS=$saved_cflags
+	if test "x$THR_LIBS" != "x"; then
+	    AC_MSG_RESULT(yes)
+	else
+	    AC_MSG_RESULT(no)
+	fi
+    fi
+
+    if test "x$THR_LIBS" != "x"; then
+	THR_DEFS="$THR_DEFS -D_THREAD_SAFE -D_REENTRANT -DPOSIX_THREADS"
+	THR_LIB_NAME=pthread
+	case $host_os in
+	    solaris*)
+		THR_DEFS="$THR_DEFS -D_POSIX_PTHREAD_SEMANTICS" ;;
+	    linux*)
+		THR_DEFS="$THR_DEFS -D_POSIX_THREAD_SAFE_FUNCTIONS"
+
+		LM_CHECK_GETCONF
+		AC_MSG_CHECKING(for Native POSIX Thread Library)
+		libpthr_vsn=`$GETCONF GNU_LIBPTHREAD_VERSION 2>/dev/null`
+		if test $? -eq 0; then
+		    case "$libpthr_vsn" in
+			*nptl*|*NPTL*) nptl=yes;;
+			*) nptl=no;;
+		    esac
+		elif test "$cross_compiling" = "yes"; then
+		    case "$erl_xcomp_linux_nptl" in
+			"") nptl=cross;;
+			yes|no) nptl=$erl_xcomp_linux_nptl;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_nptl value: $erl_xcomp_linux_nptl]);;
+		    esac
+		else
+		    nptl=no
+		fi
+		AC_MSG_RESULT($nptl)
+		if test $nptl = cross; then
+		    nptl=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $nptl = yes; then
+		    THR_LIB_TYPE=posix_nptl
+		    need_nptl_incldir=no
+		    AC_CHECK_HEADER(nptl/pthread.h,
+				    [need_nptl_incldir=yes
+				     NEED_NPTL_PTHREAD_H=yes])
+		    if test $need_nptl_incldir = yes; then
+			# Ahh...
+			nptl_path="$C_INCLUDE_PATH:$CPATH"
+			if test X$cross_compiling != Xyes; then
+			    nptl_path="$nptl_path:/usr/local/include:/usr/include"
+			else
+			    IROOT="$erl_xcomp_isysroot"
+			    test "$IROOT" != "" || IROOT="$erl_xcomp_sysroot"
+			    test "$IROOT" != "" || AC_MSG_ERROR([Don't know where to search for includes! Please set erl_xcomp_isysroot])
+			    nptl_path="$nptl_path:$IROOT/usr/local/include:$IROOT/usr/include"
+			fi
+			nptl_ws_path=
+			save_ifs="$IFS"; IFS=":"
+			for dir in $nptl_path; do
+			    if test "x$dir" != "x"; then
+				nptl_ws_path="$nptl_ws_path $dir"
+			    fi
+			done
+			IFS=$save_ifs
+			nptl_incldir=
+			for dir in $nptl_ws_path; do
+		            AC_CHECK_HEADER($dir/nptl/pthread.h,
+					    nptl_incldir=$dir/nptl)
+			    if test "x$nptl_incldir" != "x"; then
+				THR_DEFS="$THR_DEFS -isystem $nptl_incldir"
+				break
+			    fi
+			done
+			if test "x$nptl_incldir" = "x"; then
+			    AC_MSG_ERROR(Failed to locate nptl system include directory)
+			fi
+		    fi
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need THR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags=$CPPFLAGS
+	CPPFLAGS="$CPPFLAGS $THR_DEFS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h,
+			AC_DEFINE(HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+    fi
+fi
+
+])
+
+AC_DEFUN(ERL_INTERNAL_LIBS,
+[
+
+ERTS_INTERNAL_X_LIBS=
+
+AC_CHECK_LIB(kstat, kstat_open,
+[AC_DEFINE(HAVE_KSTAT, 1, [Define if you have kstat])
+ERTS_INTERNAL_X_LIBS="$ERTS_INTERNAL_X_LIBS -lkstat"])
+
+AC_SUBST(ERTS_INTERNAL_X_LIBS)
+
+])
+
+AC_DEFUN(ETHR_CHK_SYNC_OP,
+[
+    AC_MSG_CHECKING([for $3-bit $1()])
+    case "$2" in
+	"1") sync_call="$1(&var);";;
+	"2") sync_call="$1(&var, ($4) 0);";;
+	"3") sync_call="$1(&var, ($4) 0, ($4) 0);";;
+    esac
+    have_sync_op=no
+    AC_TRY_LINK([],
+	[
+	    $4 res;
+	    volatile $4 var;
+	    res = $sync_call
+	],
+	[have_sync_op=yes])
+    test $have_sync_op = yes && $5
+    AC_MSG_RESULT([$have_sync_op])
+])
+
+AC_DEFUN(ETHR_CHK_INTERLOCKED,
+[
+    ilckd="$1"
+    AC_MSG_CHECKING([for ${ilckd}()])
+    case "$2" in
+	"1") ilckd_call="${ilckd}(var);";;
+	"2") ilckd_call="${ilckd}(var, ($3) 0);";;
+	"3") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0);";;
+	"4") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0, arr);";;
+    esac
+    have_interlocked_op=no
+    AC_TRY_LINK(
+	[
+	#define WIN32_LEAN_AND_MEAN
+	#include <windows.h>
+	#include <intrin.h>
+	],
+	[
+	    volatile $3 *var;
+	    volatile $3 arr[2];
+
+	    $ilckd_call
+	    return 0;
+	],
+	[have_interlocked_op=yes])
+    test $have_interlocked_op = yes && $4
+    AC_MSG_RESULT([$have_interlocked_op])
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_FIND_ETHR_LIB
+dnl
+dnl NOTE! This macro may be changed at any time! Should *only* be used by
+dnl       ERTS!
+dnl
+dnl Find a thread library to use. Sets ETHR_LIBS to libraries to link
+dnl with, ETHR_X_LIBS to extra libraries to link with (same as ETHR_LIBS
+dnl except that the ethread lib itself is not included), ETHR_DEFS to
+dnl defines to compile with, ETHR_THR_LIB_BASE to the name of the
+dnl thread library which the ethread library is based on, and ETHR_LIB_NAME
+dnl to the name of the library where the ethread implementation is located.
+dnl  ERL_FIND_ETHR_LIB currently searches for 'pthreads', and
+dnl 'win32_threads'. If no thread library was found ETHR_LIBS, ETHR_X_LIBS,
+dnl ETHR_DEFS, ETHR_THR_LIB_BASE, and ETHR_LIB_NAME are all set to the
+dnl empty string.
+dnl
+
+AC_DEFUN(ERL_FIND_ETHR_LIB,
+[
+
+LM_CHECK_THR_LIB
+ERL_INTERNAL_LIBS
+
+ethr_have_native_atomics=no
+ethr_have_native_spinlock=no
+ETHR_THR_LIB_BASE="$THR_LIB_NAME"
+ETHR_THR_LIB_BASE_TYPE="$THR_LIB_TYPE"
+ETHR_DEFS="$THR_DEFS"
+ETHR_X_LIBS="$THR_LIBS $ERTS_INTERNAL_X_LIBS"
+ETHR_LIBS=
+ETHR_LIB_NAME=
+
+ethr_modified_default_stack_size=
+
+dnl Name of lib where ethread implementation is located
+ethr_lib_name=ethread
+
+case "$THR_LIB_NAME" in
+
+    win32_threads)
+	ETHR_THR_LIB_BASE_DIR=win
+	# * _WIN32_WINNT >= 0x0400 is needed for
+	#   TryEnterCriticalSection
+	# * _WIN32_WINNT >= 0x0403 is needed for
+	#   InitializeCriticalSectionAndSpinCount
+	# The ethread lib will refuse to build if _WIN32_WINNT < 0x0403.
+	#
+	# -D_WIN32_WINNT should have been defined in $CPPFLAGS; fetch it
+	# and save it in ETHR_DEFS.
+	found_win32_winnt=no
+	for cppflag in $CPPFLAGS; do
+	    case $cppflag in
+		-DWINVER*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    ;;
+		-D_WIN32_WINNT*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    found_win32_winnt=yes
+		    ;;
+		*)
+		    ;;
+	    esac
+        done
+        if test $found_win32_winnt = no; then
+	    AC_MSG_ERROR([-D_WIN32_WINNT missing in CPPFLAGS])
+        fi
+
+	AC_DEFINE(ETHR_WIN32_THREADS, 1, [Define if you have win32 threads])
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT, 1, [Define if you have _InterlockedDecrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement_rel], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT_REL, 1, [Define if you have _InterlockedDecrement_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT, 1, [Define if you have _InterlockedIncrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement_acq], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT_ACQ, 1, [Define if you have _InterlockedIncrement_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD, 1, [Define if you have _InterlockedExchangeAdd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd_acq], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD_ACQ, 1, [Define if you have _InterlockedExchangeAdd_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND, 1, [Define if you have _InterlockedAnd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR, 1, [Define if you have _InterlockedOr()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE, 1, [Define if you have _InterlockedExchange()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE, 1, [Define if you have _InterlockedCompareExchange()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_acq], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_ACQ, 1, [Define if you have _InterlockedCompareExchange_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_rel], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_REL, 1, [Define if you have _InterlockedCompareExchange_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64, 1, [Define if you have _InterlockedDecrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64_rel], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64_REL, 1, [Define if you have _InterlockedDecrement64_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64, 1, [Define if you have _InterlockedIncrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64_acq], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64_ACQ, 1, [Define if you have _InterlockedIncrement64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64, 1, [Define if you have _InterlockedExchangeAdd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64_acq], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64_ACQ, 1, [Define if you have _InterlockedExchangeAdd64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND64, 1, [Define if you have _InterlockedAnd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR64, 1, [Define if you have _InterlockedOr64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE64, 1, [Define if you have _InterlockedExchange64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64, 1, [Define if you have _InterlockedCompareExchange64()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_acq], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_ACQ, 1, [Define if you have _InterlockedCompareExchange64_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_rel], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_REL, 1, [Define if you have _InterlockedCompareExchange64_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange128], [4], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE128, 1, [Define if you have _InterlockedCompareExchange128()]))
+
+	test "$ethr_have_native_atomics" = "yes" && ethr_have_native_spinlock=yes
+	;;
+
+    pthread)
+	ETHR_THR_LIB_BASE_DIR=pthread
+    	AC_DEFINE(ETHR_PTHREADS, 1, [Define if you have pthreads])
+	case $host_os in
+	    openbsd*)
+		# The default stack size is insufficient for our needs
+		# on OpenBSD. We increase it to 256 kilo words.
+		ethr_modified_default_stack_size=256;;
+	    linux*)
+		ETHR_DEFS="$ETHR_DEFS -D_GNU_SOURCE"
+
+		if test	X$cross_compiling = Xyes; then
+		    case X$erl_xcomp_linux_usable_sigusrx in
+			X) usable_sigusrx=cross;;
+			Xyes|Xno) usable_sigusrx=$erl_xcomp_linux_usable_sigusrx;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigusrx value: $erl_xcomp_linux_usable_sigusrx]);;
+		    esac
+		    case X$erl_xcomp_linux_usable_sigaltstack in
+			X) usable_sigaltstack=cross;;
+			Xyes|Xno) usable_sigaltstack=$erl_xcomp_linux_usable_sigaltstack;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigaltstack value: $erl_xcomp_linux_usable_sigaltstack]);;
+		    esac
+		else
+		    # FIXME: Test for actual problems instead of kernel versions
+		    linux_kernel_vsn_=`uname -r`
+		    case $linux_kernel_vsn_ in
+			[[0-1]].*|2.[[0-1]]|2.[[0-1]].*)
+			    usable_sigusrx=no
+			    usable_sigaltstack=no;;
+			2.[[2-3]]|2.[[2-3]].*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=no;;
+		    	*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=yes;;
+		    esac
+		fi
+
+		AC_MSG_CHECKING(if SIGUSR1 and SIGUSR2 can be used)
+		AC_MSG_RESULT($usable_sigusrx)
+		if test $usable_sigusrx = cross; then
+		    usable_sigusrx=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigusrx = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGUSRX"
+		fi
+
+		AC_MSG_CHECKING(if sigaltstack can be used)
+		AC_MSG_RESULT($usable_sigaltstack)
+		if test $usable_sigaltstack = cross; then
+		    usable_sigaltstack=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigaltstack = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGALTSTACK"
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need ETHR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags="$CPPFLAGS"
+	CPPFLAGS="$CPPFLAGS $ETHR_DEFS"
+
+	dnl We need the thread library in order to find some functions
+	saved_libs="$LIBS"
+	LIBS="$LIBS $ETHR_X_LIBS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(ETHR_HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	if test $NEED_NPTL_PTHREAD_H = yes; then
+	    AC_DEFINE(ETHR_NEED_NPTL_PTHREAD_H, 1, \
+[Define if you need the <nptl/pthread.h> header file.])
+	fi
+
+	AC_CHECK_HEADER(sched.h, \
+			AC_DEFINE(ETHR_HAVE_SCHED_H, 1, \
+[Define if you have the <sched.h> header file.]))
+
+	AC_CHECK_HEADER(sys/time.h, \
+			AC_DEFINE(ETHR_HAVE_SYS_TIME_H, 1, \
+[Define if you have the <sys/time.h> header file.]))
+
+	AC_TRY_COMPILE([#include <time.h>
+			#include <sys/time.h>], 
+			[struct timeval *tv; return 0;],
+			AC_DEFINE(ETHR_TIME_WITH_SYS_TIME, 1, \
+[Define if you can safely include both <sys/time.h> and <time.h>.]))
+
+
+	dnl
+	dnl Check for functions
+	dnl
+
+	AC_CHECK_FUNC(pthread_spin_lock, \
+			[ethr_have_native_spinlock=yes \
+			 AC_DEFINE(ETHR_HAVE_PTHREAD_SPIN_LOCK, 1, \
+[Define if you have the pthread_spin_lock function.])])
+
+	have_sched_yield=no
+	have_librt_sched_yield=no
+	AC_CHECK_FUNC(sched_yield, [have_sched_yield=yes])
+	if test $have_sched_yield = no; then
+	    AC_CHECK_LIB(rt, sched_yield,
+			 [have_librt_sched_yield=yes
+			  ETHR_X_LIBS="$ETHR_X_LIBS -lrt"])
+	fi
+	if test $have_sched_yield = yes || test $have_librt_sched_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_SCHED_YIELD, 1, [Define if you have the sched_yield() function.])
+	    AC_MSG_CHECKING([whether sched_yield() returns an int])
+	    sched_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#ifdef ETHR_HAVE_SCHED_H
+				#include <sched.h>
+				#endif
+			   ],
+			   [int sched_yield();],
+			   [sched_yield_ret_int=yes])
+	    AC_MSG_RESULT([$sched_yield_ret_int])
+	    if test $sched_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_SCHED_YIELD_RET_INT, 1, [Define if sched_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_yield=no
+	AC_CHECK_FUNC(pthread_yield, [have_pthread_yield=yes])
+	if test $have_pthread_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_PTHREAD_YIELD, 1, [Define if you have the pthread_yield() function.])
+	    AC_MSG_CHECKING([whether pthread_yield() returns an int])
+	    pthread_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			   ],
+			   [int pthread_yield();],
+			   [pthread_yield_ret_int=yes])
+	    AC_MSG_RESULT([$pthread_yield_ret_int])
+	    if test $pthread_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_PTHREAD_YIELD_RET_INT, 1, [Define if pthread_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_rwlock_init=no
+	AC_CHECK_FUNC(pthread_rwlock_init, [have_pthread_rwlock_init=yes])
+	if test $have_pthread_rwlock_init = yes; then
+
+	    ethr_have_pthread_rwlockattr_setkind_np=no
+	    AC_CHECK_FUNC(pthread_rwlockattr_setkind_np,
+			  [ethr_have_pthread_rwlockattr_setkind_np=yes])
+
+	    if test $ethr_have_pthread_rwlockattr_setkind_np = yes; then
+		AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCKATTR_SETKIND_NP, 1, \
+[Define if you have the pthread_rwlockattr_setkind_np() function.])
+
+		AC_MSG_CHECKING([for PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP])
+		ethr_pthread_rwlock_writer_nonrecursive_initializer_np=no
+		AC_TRY_LINK([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			    ],
+			    [
+				pthread_rwlockattr_t *attr;
+				return pthread_rwlockattr_setkind_np(attr,
+				    PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP);
+			    ],
+			    [ethr_pthread_rwlock_writer_nonrecursive_initializer_np=yes])
+		AC_MSG_RESULT([$ethr_pthread_rwlock_writer_nonrecursive_initializer_np])
+		if test $ethr_pthread_rwlock_writer_nonrecursive_initializer_np = yes; then
+		    AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP, 1, \
+[Define if you have the PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP rwlock attribute.])
+		fi
+	    fi
+	fi
+
+	if test "$force_pthread_rwlocks" = "yes"; then
+
+	    AC_DEFINE(ETHR_FORCE_PTHREAD_RWLOCK, 1, \
+[Define if you want to force usage of pthread rwlocks])
+
+	    if test $have_pthread_rwlock_init = yes; then
+		AC_MSG_WARN([Forced usage of pthread rwlocks. Note that this implementation may suffer from starvation issues.])
+	    else
+		AC_MSG_ERROR([User forced usage of pthread rwlock, but no such implementation was found])
+	    fi
+	fi
+
+	AC_CHECK_FUNC(pthread_attr_setguardsize, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_ATTR_SETGUARDSIZE, 1, \
+[Define if you have the pthread_attr_setguardsize function.]))
+
+	linux_futex=no
+	AC_MSG_CHECKING([for Linux futexes])
+	AC_TRY_LINK([
+			#include <sys/syscall.h>
+			#include <unistd.h>
+			#include <linux/futex.h>
+			#include <sys/time.h>
+		    ],
+		    [
+			int i = 1;
+			syscall(__NR_futex, (void *) &i, FUTEX_WAKE, 1,
+				(void*)0,(void*)0, 0);
+			syscall(__NR_futex, (void *) &i, FUTEX_WAIT, 0,
+				(void*)0,(void*)0, 0);
+			return 0;
+		    ],
+		    linux_futex=yes)
+	AC_MSG_RESULT([$linux_futex])
+	test $linux_futex = yes && AC_DEFINE(ETHR_HAVE_LINUX_FUTEX, 1, [Define if you have a linux futex implementation.])
+
+	AC_CHECK_SIZEOF(int)
+	AC_CHECK_SIZEOF(long)
+	AC_CHECK_SIZEOF(long long)
+	AC_CHECK_SIZEOF(__int128_t)
+
+	if test "$ac_cv_sizeof_int" = "4"; then
+	    int32="int"
+	elif test "$ac_cv_sizeof_long" = "4"; then
+	    int32="long"
+	elif test "$ac_cv_sizeof_long_long" = "4"; then
+	    int32="long long"
+	else
+	    AC_MSG_ERROR([No 32-bit type found])
+	fi
+
+	if test "$ac_cv_sizeof_int" = "8"; then
+	    int64="int"
+	elif test "$ac_cv_sizeof_long" = "8"; then
+	    int64="long"
+	elif test "$ac_cv_sizeof_long_long" = "8"; then
+	    int64="long long"
+	else
+	    AC_MSG_ERROR([No 64-bit type found])
+	fi
+
+	int128=no
+	if test "$ac_cv_sizeof___int128_t" = "16"; then
+	    int128="__int128_t"
+	fi
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP32, 1, [Define if you have __sync_val_compare_and_swap() for 32-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH32, 1, [Define if you have __sync_add_and_fetch() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND32, 1, [Define if you have __sync_fetch_and_and() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR32, 1, [Define if you have __sync_fetch_and_or() for 32-bit integers]))
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP64, 1, [Define if you have __sync_val_compare_and_swap() for 64-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH64, 1, [Define if you have __sync_add_and_fetch() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND64, 1, [Define if you have __sync_fetch_and_and() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR64, 1, [Define if you have __sync_fetch_and_or() for 64-bit integers]))
+
+	if test $int128 != no; then
+	    ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [128], [$int128], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP128, 1, [Define if you have __sync_val_compare_and_swap() for 128-bit integers]))
+	fi
+
+	AC_MSG_CHECKING([for a usable libatomic_ops implementation])
+	case "x$with_libatomic_ops" in
+	    xno | xyes | x)
+		libatomic_ops_include=
+		;;
+	    *)
+		if test -d "${with_libatomic_ops}/include"; then
+		    libatomic_ops_include="-I$with_libatomic_ops/include"
+		    CPPFLAGS="$CPPFLAGS $libatomic_ops_include"
+		else
+		    AC_MSG_ERROR([libatomic_ops include directory $with_libatomic_ops/include not found])
+		fi;;
+	esac
+	ethr_have_libatomic_ops=no
+	AC_TRY_LINK([#include "atomic_ops.h"],
+		    [
+			volatile AO_t x;
+			AO_t y;
+			int z;
+
+			AO_nop_full();
+			AO_store(&x, (AO_t) 0);
+			z = AO_load(&x);
+			z = AO_compare_and_swap_full(&x, (AO_t) 0, (AO_t) 1);
+		    ],
+		    [ethr_have_native_atomics=yes
+		     ethr_have_libatomic_ops=yes])
+	AC_MSG_RESULT([$ethr_have_libatomic_ops])
+	if test $ethr_have_libatomic_ops = yes; then
+	    AC_CHECK_SIZEOF(AO_t, ,
+			    [
+				#include <stdio.h>
+				#include "atomic_ops.h"
+			    ])
+	    AC_DEFINE_UNQUOTED(ETHR_SIZEOF_AO_T, $ac_cv_sizeof_AO_t, [Define to the size of AO_t if libatomic_ops is used])
+
+	    AC_DEFINE(ETHR_HAVE_LIBATOMIC_OPS, 1, [Define if you have libatomic_ops atomic operations])
+	    if test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+		AC_DEFINE(ETHR_PREFER_LIBATOMIC_OPS_NATIVE_IMPLS, 1, [Define if you prefer libatomic_ops native ethread implementations])
+	    fi
+	    ETHR_DEFS="$ETHR_DEFS $libatomic_ops_include"
+	elif test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+	    AC_MSG_ERROR([No usable libatomic_ops implementation found])
+	fi
+
+	case "$host_cpu" in
+	  sparc | sun4u | sparc64 | sun4v)
+		case "$with_sparc_memory_order" in
+		    "TSO")
+			AC_DEFINE(ETHR_SPARC_TSO, 1, [Define if only run in Sparc TSO mode]);;
+		    "PSO")
+			AC_DEFINE(ETHR_SPARC_PSO, 1, [Define if only run in Sparc PSO, or TSO mode]);;
+		    "RMO"|"")
+			AC_DEFINE(ETHR_SPARC_RMO, 1, [Define if run in Sparc RMO, PSO, or TSO mode]);;
+		    *)
+			AC_MSG_ERROR([Unsupported Sparc memory order: $with_sparc_memory_order]);;
+		esac
+		ethr_have_native_atomics=yes;; 
+	  i86pc | i*86 | x86_64 | amd64)
+		if test "$enable_x86_out_of_order" = "yes"; then
+			AC_DEFINE(ETHR_X86_OUT_OF_ORDER, 1, [Define if x86/x86_64 out of order instructions should be synchronized])
+		fi
+		ethr_have_native_atomics=yes;;
+	  macppc | ppc | "Power Macintosh")
+		ethr_have_native_atomics=yes;;
+	  tile)
+		ethr_have_native_atomics=yes;;
+	  *)
+		;;
+	esac
+
+	test ethr_have_native_atomics = "yes" && ethr_have_native_spinlock=yes
+
+	dnl Restore LIBS
+	LIBS=$saved_libs
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+	;;
+    *)
+	;;
+esac
+
+AC_MSG_CHECKING([whether default stack size should be modified])
+if test "x$ethr_modified_default_stack_size" != "x"; then
+	AC_DEFINE_UNQUOTED(ETHR_MODIFIED_DEFAULT_STACK_SIZE, $ethr_modified_default_stack_size, [Define if you want to modify the default stack size])
+	AC_MSG_RESULT([yes; to $ethr_modified_default_stack_size kilo words])
+else
+	AC_MSG_RESULT([no])
+fi
+
+if test "x$ETHR_THR_LIB_BASE" != "x"; then
+	ETHR_DEFS="-DUSE_THREADS $ETHR_DEFS"
+	ETHR_LIBS="-l$ethr_lib_name -lerts_internal_r $ETHR_X_LIBS"
+	ETHR_LIB_NAME=$ethr_lib_name
+fi
+
+AC_CHECK_SIZEOF(void *)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_PTR, $ac_cv_sizeof_void_p, [Define to the size of pointers])
+
+AC_CHECK_SIZEOF(int)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_INT, $ac_cv_sizeof_int, [Define to the size of int])
+AC_CHECK_SIZEOF(long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG, $ac_cv_sizeof_long, [Define to the size of long])
+AC_CHECK_SIZEOF(long long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG_LONG, $ac_cv_sizeof_long_long, [Define to the size of long long])
+AC_CHECK_SIZEOF(__int64)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT64, $ac_cv_sizeof___int64, [Define to the size of __int64])
+AC_CHECK_SIZEOF(__int128_t)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT128_T, $ac_cv_sizeof___int128_t, [Define to the size of __int128_t])
+
+
+case X$erl_xcomp_bigendian in
+    X) ;;
+    Xyes|Xno) ac_cv_c_bigendian=$erl_xcomp_bigendian;;
+    *) AC_MSG_ERROR([Bad erl_xcomp_bigendian value: $erl_xcomp_bigendian]);;
+esac
+
+AC_C_BIGENDIAN
+
+if test "$ac_cv_c_bigendian" = "yes"; then
+    AC_DEFINE(ETHR_BIGENDIAN, 1, [Define if bigendian])
+fi
+
+AC_ARG_ENABLE(native-ethr-impls,
+	      AS_HELP_STRING([--disable-native-ethr-impls],
+                             [disable native ethread implementations]),
+[ case "$enableval" in
+    no) disable_native_ethr_impls=yes ;;
+    *)  disable_native_ethr_impls=no ;;
+  esac ], disable_native_ethr_impls=no)
+
+AC_ARG_ENABLE(x86-out-of-order,
+	      AS_HELP_STRING([--enable-x86-out-of-order],
+                             [enable x86/x84_64 out of order support (default disabled)]))
+
+test "X$disable_native_ethr_impls" = "Xyes" &&
+  AC_DEFINE(ETHR_DISABLE_NATIVE_IMPLS, 1, [Define if you want to disable native ethread implementations])
+
+AC_ARG_ENABLE(prefer-gcc-native-ethr-impls,
+	      AS_HELP_STRING([--enable-prefer-gcc-native-ethr-impls],
+			     [prefer gcc native ethread implementations]),
+[ case "$enableval" in
+    yes) enable_prefer_gcc_native_ethr_impls=yes ;;
+    *)  enable_prefer_gcc_native_ethr_impls=no ;;
+  esac ], enable_prefer_gcc_native_ethr_impls=no)
+
+test $enable_prefer_gcc_native_ethr_impls = yes &&
+  AC_DEFINE(ETHR_PREFER_GCC_NATIVE_IMPLS, 1, [Define if you prefer gcc native ethread implementations])
+
+AC_ARG_WITH(libatomic_ops,
+	    AS_HELP_STRING([--with-libatomic_ops=PATH],
+			   [specify and prefer usage of libatomic_ops in the ethread library]))
+
+AC_ARG_WITH(with_sparc_memory_order,
+	    AS_HELP_STRING([--with-sparc-memory-order=TSO|PSO|RMO],
+			   [specify sparc memory order (defaults to RMO)]))
+
+ETHR_X86_SSE2_ASM=no
+case "$GCC-$ac_cv_sizeof_void_p-$host_cpu" in
+  yes-4-i86pc | yes-4-i*86 | yes-4-x86_64 | yes-4-amd64)
+    AC_MSG_CHECKING([for gcc sse2 asm support])
+    save_CFLAGS="$CFLAGS"
+    CFLAGS="$CFLAGS -msse2"
+    gcc_sse2_asm=no
+    AC_TRY_COMPILE([],
+	[
+		long long x, *y;
+		__asm__ __volatile__("movq %1, %0\n\t" : "=x"(x) : "m"(*y) : "memory");
+	],
+	[gcc_sse2_asm=yes])
+    CFLAGS="$save_CFLAGS"
+    AC_MSG_RESULT([$gcc_sse2_asm])
+    if test "$gcc_sse2_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_SSE2_ASM_SUPPORT, 1, [Define if you use a gcc that supports -msse2 and understand sse2 specific asm statements])
+      ETHR_X86_SSE2_ASM=yes
+    fi
+    ;;
+  *)
+    ;;
+esac
+
+case "$GCC-$host_cpu" in
+  yes-i86pc | yes-i*86 | yes-x86_64 | yes-amd64)
+    gcc_dw_cmpxchg_asm=no
+    AC_MSG_CHECKING([for gcc double word cmpxchg asm support])    
+    AC_TRY_COMPILE([],
+	[
+    char xchgd;
+    long new[2], xchg[2], *p;		  
+    __asm__ __volatile__(
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"pushl %%ebx\n\t"
+	"movl %8, %%ebx\n\t"
+#endif
+#if ETHR_SIZEOF_PTR == 4
+	"lock; cmpxchg8b %0\n\t"
+#else
+	"lock; cmpxchg16b %0\n\t"
+#endif
+	"setz %3\n\t"
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"popl %%ebx\n\t"
+#endif
+	: "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	: "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new[1]),
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	  "r"(new[0])
+#else
+	  "b"(new[0])
+#endif
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+    if test $gcc_dw_cmpxchg_asm = no && test $ac_cv_sizeof_void_p = 4; then
+      AC_TRY_COMPILE([],
+	  [
+      char xchgd;
+      long new[2], xchg[2], *p;
+#if !defined(__PIC__) || !__PIC__
+#  error nope
+#endif
+      __asm__ __volatile__(
+    	  "pushl %%ebx\n\t"
+	  "movl (%7), %%ebx\n\t"
+	  "movl 4(%7), %%ecx\n\t"
+	  "lock; cmpxchg8b %0\n\t"
+  	  "setz %3\n\t"
+	  "popl %%ebx\n\t"
+	  : "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	  : "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new)
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+      if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+        AC_DEFINE(ETHR_CMPXCHG8B_REGISTER_SHORTAGE, 1, [Define if you get a register shortage with cmpxchg8b and position independent code])
+      fi
+    fi
+    AC_MSG_RESULT([$gcc_dw_cmpxchg_asm])
+    if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_DW_CMPXCHG_ASM_SUPPORT, 1, [Define if you use a gcc that supports the double word cmpxchg instruction])
+    fi;;
+  *)
+    ;;
+esac
+
+AC_DEFINE(ETHR_HAVE_ETHREAD_DEFINES, 1, \
+[Define if you have all ethread defines])
+
+AC_SUBST(ETHR_X_LIBS)
+AC_SUBST(ETHR_LIBS)
+AC_SUBST(ETHR_LIB_NAME)
+AC_SUBST(ETHR_DEFS)
+AC_SUBST(ETHR_THR_LIB_BASE)
+AC_SUBST(ETHR_THR_LIB_BASE_DIR)
+AC_SUBST(ETHR_X86_SSE2_ASM)
+
+])
+
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_TIME_CORRECTION
+dnl
+dnl In the presence of a high resolution realtime timer Erlang can adapt
+dnl its view of time relative to this timer. On solaris such a timer is
+dnl available with the syscall gethrtime(). On other OS's a fallback
+dnl solution using times() is implemented. (However on e.g. FreeBSD times()
+dnl is implemented using gettimeofday so it doesn't make much sense to
+dnl use it there...) On second thought, it seems to be safer to do it the
+dnl other way around. I.e. only use times() on OS's where we know it will
+dnl work...
+dnl
+
+AC_DEFUN(ERL_TIME_CORRECTION,
+[if test x$ac_cv_func_gethrtime = x; then
+  AC_CHECK_FUNC(gethrtime)
+fi
+if test x$clock_gettime_correction = xunknown; then
+	AC_TRY_COMPILE([#include <time.h>],
+			[struct timespec ts;
+     			 long long result;
+			 clock_gettime(CLOCK_MONOTONIC,&ts);
+                         result = ((long long) ts.tv_sec) * 1000000000LL + 
+			 ((long long) ts.tv_nsec);],
+			clock_gettime_compiles=yes,
+			clock_gettime_compiles=no)
+else
+	clock_gettime_compiles=no
+fi
+			
+
+AC_CACHE_CHECK([how to correct for time adjustments], erl_cv_time_correction,
+[
+case $clock_gettime_correction in
+    yes)
+	erl_cv_time_correction=clock_gettime;;	
+    no|unknown)
+	case $ac_cv_func_gethrtime in
+  	    yes)
+    		erl_cv_time_correction=hrtime ;;
+  	    no)
+    		case $host_os in
+        	    linux*)
+			case $clock_gettime_correction in
+			    unknown)
+				if test x$clock_gettime_compiles = xyes; then
+				    if test X$cross_compiling != Xyes; then
+				    	linux_kernel_vsn_=`uname -r`
+				    	case $linux_kernel_vsn_ in
+					    [[0-1]].*|2.[[0-5]]|2.[[0-5]].*)
+					    	erl_cv_time_correction=times ;;
+					    *)
+					    	erl_cv_time_correction=clock_gettime;;
+				    	esac
+				    else
+					case X$erl_xcomp_linux_clock_gettime_correction in
+					    X)
+						erl_cv_time_correction=cross;;
+					    Xyes|Xno)
+						if test $erl_xcomp_linux_clock_gettime_correction = yes; then
+						    erl_cv_time_correction=clock_gettime
+						else
+					    	    erl_cv_time_correction=times
+						fi;;
+					    *)
+						AC_MSG_ERROR([Bad erl_xcomp_linux_clock_gettime_correction value: $erl_xcomp_linux_clock_gettime_correction]);;
+					esac
+				    fi
+				else
+				    erl_cv_time_correction=times
+				fi
+				;;
+			     *)				
+        			erl_cv_time_correction=times ;;
+			esac
+			;;
+            	    *)
+        		erl_cv_time_correction=none ;;
+    		esac
+    		;;
+	esac
+	;;
+esac
+])
+
+xrtlib=""
+case $erl_cv_time_correction in
+  times)
+    AC_DEFINE(CORRECT_USING_TIMES,[],
+	[Define if you do not have a high-res. timer & want to use times() instead])
+    ;;
+  clock_gettime|cross)
+    if test $erl_cv_time_correction = cross; then
+	erl_cv_time_correction=clock_gettime
+	AC_MSG_WARN([result clock_gettime guessed because of cross compilation])
+    fi
+    xrtlib="-lrt"
+    AC_DEFINE(GETHRTIME_WITH_CLOCK_GETTIME,[1],
+	[Define if you want to use clock_gettime to simulate gethrtime])
+    ;;
+esac
+dnl
+dnl Check if gethrvtime is working, and if to use procfs ioctl
+dnl or (yet to be written) write to the procfs ctl file.
+dnl
+
+AC_MSG_CHECKING([if gethrvtime works and how to use it])
+AC_TRY_RUN([
+/* gethrvtime procfs ioctl test */
+/* These need to be undef:ed to not break activation of
+ * micro level process accounting on /proc/self 
+ */
+#ifdef _LARGEFILE_SOURCE
+#  undef _LARGEFILE_SOURCE
+#endif
+#ifdef _FILE_OFFSET_BITS
+#  undef _FILE_OFFSET_BITS
+#endif
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/signal.h>
+#include <sys/fault.h>
+#include <sys/syscall.h>
+#include <sys/procfs.h>
+#include <fcntl.h>
+
+int main() {
+    long msacct = PR_MSACCT;
+    int fd;
+    long long start, stop;
+    int i;
+    pid_t pid = getpid();
+    char proc_self[30] = "/proc/";
+
+    sprintf(proc_self+strlen(proc_self), "%lu", (unsigned long) pid);
+    if ( (fd = open(proc_self, O_WRONLY)) == -1)
+	exit(1);
+    if (ioctl(fd, PIOCSET, &msacct) < 0)
+	exit(2);
+    if (close(fd) < 0)
+	exit(3);
+    start = gethrvtime();
+    for (i = 0; i < 100; i++)
+	stop = gethrvtime();
+    if (start == 0)
+	exit(4);
+    if (start == stop)
+	exit(5);
+    exit(0); return 0;
+}
+],
+erl_gethrvtime=procfs_ioctl,
+erl_gethrvtime=false,
+[
+case X$erl_xcomp_gethrvtime_procfs_ioctl in
+    X)
+	erl_gethrvtime=cross;;
+    Xyes|Xno)
+	if test $erl_xcomp_gethrvtime_procfs_ioctl = yes; then
+	    erl_gethrvtime=procfs_ioctl
+	else
+	    erl_gethrvtime=false
+	fi;;
+    *)
+	AC_MSG_ERROR([Bad erl_xcomp_gethrvtime_procfs_ioctl value: $erl_xcomp_gethrvtime_procfs_ioctl]);;
+esac
+])
+
+case $erl_gethrvtime in
+  procfs_ioctl)
+	AC_DEFINE(HAVE_GETHRVTIME_PROCFS_IOCTL,[1],
+		[define if gethrvtime() works and uses ioctl() to /proc/self])
+	AC_MSG_RESULT(uses ioctl to procfs)
+	;;
+  *)
+	if test $erl_gethrvtime = cross; then
+	    erl_gethrvtime=false
+	    AC_MSG_RESULT(cross)
+	    AC_MSG_WARN([result 'not working' guessed because of cross compilation])
+	else
+	    AC_MSG_RESULT(not working)
+	fi
+
+	dnl
+	dnl Check if clock_gettime (linux) is working
+	dnl
+
+	AC_MSG_CHECKING([if clock_gettime can be used to get process CPU time])
+	save_libs=$LIBS
+	LIBS="-lrt"
+	AC_TRY_RUN([
+	#include <stdlib.h>
+	#include <unistd.h>
+	#include <string.h>
+	#include <stdio.h>
+	#include <time.h>
+	int main() {
+	    long long start, stop;
+	    int i;
+	    struct timespec tp;
+
+	    if (clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp) < 0)
+	      exit(1);
+	    start = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    for (i = 0; i < 100; i++)
+	      clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp);
+	    stop = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    if (start == 0)
+	      exit(4);
+	    if (start == stop)
+	      exit(5);
+	    exit(0); return 0;
+	  }
+	],
+	erl_clock_gettime=yes,
+	erl_clock_gettime=no,
+	[
+	case X$erl_xcomp_clock_gettime_cpu_time in
+	    X) erl_clock_gettime=cross;;
+	    Xyes|Xno) erl_clock_gettime=$erl_xcomp_clock_gettime_cpu_time;;
+	    *) AC_MSG_ERROR([Bad erl_xcomp_clock_gettime_cpu_time value: $erl_xcomp_clock_gettime_cpu_time]);;
+	esac
+	])
+	LIBS=$save_libs
+	case $host_os in
+		linux*)
+			AC_MSG_RESULT([no; not stable])
+			LIBRT=$xrtlib
+			;;
+		*)
+			AC_MSG_RESULT($erl_clock_gettime)
+			case $erl_clock_gettime in
+	  			yes)
+					AC_DEFINE(HAVE_CLOCK_GETTIME,[],
+						  [define if clock_gettime() works for getting process time])
+					LIBRT=-lrt
+					;;
+	  			cross)
+					erl_clock_gettime=no
+					AC_MSG_WARN([result no guessed because of cross compilation])
+					LIBRT=$xrtlib
+					;;
+	  			*)
+					LIBRT=$xrtlib
+					;;
+			esac
+			;;
+	esac
+	AC_SUBST(LIBRT)
+	;;
+esac
+])dnl
+
+dnl ERL_TRY_LINK_JAVA(CLASSES, FUNCTION-BODY
+dnl                   [ACTION_IF_FOUND [, ACTION-IF-NOT-FOUND]])
+dnl Freely inspired by AC_TRY_LINK. (Maybe better to create a 
+dnl AC_LANG_JAVA instead...)
+AC_DEFUN(ERL_TRY_LINK_JAVA,
+[java_link='$JAVAC conftest.java 1>&AC_FD_CC'
+changequote(, )dnl
+cat > conftest.java <<EOF
+$1
+class conftest { public static void main(String[] args) {
+   $2
+   ; return; }}
+EOF
+changequote([, ])dnl
+if AC_TRY_EVAL(java_link) && test -s conftest.class; then
+   ifelse([$3], , :, [rm -rf conftest*
+   $3])
+else
+   echo "configure: failed program was:" 1>&AC_FD_CC
+   cat conftest.java 1>&AC_FD_CC
+   echo "configure: PATH was $PATH" 1>&AC_FD_CC
+ifelse([$4], , , [  rm -rf conftest*
+  $4
+])dnl
+fi
+rm -f conftest*])
+#define UNSAFE_MASK  0xc0000000 /* Mask for bits that must be constant */
+
+
diff --git a/lib/odbc/c_src/Makefile.in b/lib/odbc/c_src/Makefile.in
index dda896bcd2..3a96a53ef8 100644
--- a/lib/odbc/c_src/Makefile.in
+++ b/lib/odbc/c_src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1999-2010. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/odbc/configure.in b/lib/odbc/configure.in
index 2369e16813..bec65c71bf 100644
--- a/lib/odbc/configure.in
+++ b/lib/odbc/configure.in
@@ -1,7 +1,7 @@
 dnl
 dnl %CopyrightBegin%
 dnl
-dnl Copyright Ericsson AB 2005-2010. All Rights Reserved.
+dnl Copyright Ericsson AB 2005-2011. All Rights Reserved.
 dnl
 dnl The contents of this file are subject to the Erlang Public License,
 dnl Version 1.1, (the "License"); you may not use this file except in
@@ -63,25 +63,11 @@ AC_PROG_CC
 dnl ---------------------------------------------------------------------
 dnl Special windows stuff regarding CFLAGS and details in the environment...
 dnl ---------------------------------------------------------------------
-AC_MSG_CHECKING(for mixed cygwin and native VC++ environment)
-if test "X$CC" = "Xcc.sh" -a "X$host" = "Xwin32"; then
-	if test -x /usr/bin/cygpath; then
-		CFLAGS="-O2"
-		AC_MSG_RESULT([yes])
-		MIXED_CYGWIN_VC=yes
-	else
-		AC_MSG_RESULT([undeterminable])
-		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
-	fi
-else
-	AC_MSG_RESULT([no])
-	MIXED_CYGWIN_VC=no
-fi
-AC_SUBST(MIXED_CYGWIN_VC)
-
+LM_WINDOWS_ENVIRONMENT
+	
 AC_PROG_MAKE_SET
 
-AC_CHECK_PROG(LD, ld.sh)
+AC_CHECK_PROGS(LD, ld.sh)
 AC_CHECK_TOOL(LD, ld, '$(CC)')
 
 AC_SUBST(LD)
diff --git a/lib/odbc/doc/src/Makefile b/lib/odbc/doc/src/Makefile
index 3e648d854d..0d456085f3 100644
--- a/lib/odbc/doc/src/Makefile
+++ b/lib/odbc/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1999-2010. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/odbc/doc/src/notes.xml b/lib/odbc/doc/src/notes.xml
index 9c6ca8a017..08763163b8 100644
--- a/lib/odbc/doc/src/notes.xml
+++ b/lib/odbc/doc/src/notes.xml
@@ -31,7 +31,43 @@
   <p>This document describes the changes made to the odbc application.
   </p>
 
-  <section><title>ODBC 2.10.11</title>
+  <section><title>ODBC 2.10.12</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    An ODBC process should exit normally if its client exits
+	    with 'shutdown'</p>
+          <p>
+	    There is nothing strange about the client shutting down,
+	    so the ODBC process should exit normally to avoid
+	    generating a crash report for a non-problem. (Thanks to
+	    Magnus Henoch)</p>
+          <p>
+	    Own Id: OTP-9716</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>ODBC 2.10.11</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/odbc/vsn.mk b/lib/odbc/vsn.mk
index 120ed9ee3d..fb6e208a52 100644
--- a/lib/odbc/vsn.mk
+++ b/lib/odbc/vsn.mk
@@ -1 +1 @@
-ODBC_VSN = 2.10.11
+ODBC_VSN = 2.10.12
diff --git a/lib/orber/COSS/CosNaming/Makefile b/lib/orber/COSS/CosNaming/Makefile
index d4b2079036..064447f148 100644
--- a/lib/orber/COSS/CosNaming/Makefile
+++ b/lib/orber/COSS/CosNaming/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/orber/doc/src/Makefile b/lib/orber/doc/src/Makefile
index 8a555cb408..68fbe3dce0 100644
--- a/lib/orber/doc/src/Makefile
+++ b/lib/orber/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1997-2010. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/orber/doc/src/ch_install.xml b/lib/orber/doc/src/ch_install.xml
index dde4bf4006..de9c0e3a9d 100644
--- a/lib/orber/doc/src/ch_install.xml
+++ b/lib/orber/doc/src/ch_install.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE chapter SYSTEM "chapter.dtd">
 
 <chapter>
   <header>
     <copyright>
-      <year>1997</year><year>2010</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -394,84 +394,16 @@ nodeB@hostB> orber:start().
         <cell align="left" valign="middle">The same as <c>iiop_ssl_port</c></cell>
       </row>
       <row>
-        <cell align="left" valign="middle">ssl_server_cacertfile</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_server_certfile</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_server_verify</cell>
-        <cell align="left" valign="middle">0 | 1 | 2</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_server_depth</cell>
-        <cell align="left" valign="middle">integer()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_server_password</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_server_keyfile</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_server_ciphers</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
+        <cell align="left" valign="middle">ssl_server_options</cell>
+        <cell align="left" valign="middle">list()</cell>
+        <cell align="left" valign="middle">See the <seealso marker="ssl:ssl">SSL</seealso> application 
+	for valid options.</cell>
       </row>
       <row>
-        <cell align="left" valign="middle">ssl_server_cachetimeout</cell>
-        <cell align="left" valign="middle">integer() | infinity</cell>
-        <cell align="left" valign="middle">infinity</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_cacertfile</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_certfile</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_verify</cell>
-        <cell align="left" valign="middle">0 | 1 | 2</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_depth</cell>
-        <cell align="left" valign="middle">integer()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_password</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_keyfile</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_ciphers</cell>
-        <cell align="left" valign="middle">string()</cell>
-        <cell align="left" valign="middle">-</cell>
-      </row>
-      <row>
-        <cell align="left" valign="middle">ssl_client_cachetimeout</cell>
-        <cell align="left" valign="middle">integer() | infinity</cell>
-        <cell align="left" valign="middle">infinity</cell>
+        <cell align="left" valign="middle">ssl_client_options</cell>
+        <cell align="left" valign="middle">list()</cell>
+        <cell align="left" valign="middle">See the <seealso marker="ssl:ssl">SSL</seealso> application 
+	for valid options.</cell>
       </row>
       <row>
         <cell align="left" valign="middle">iiop_ssl_out_keepalive</cell>
@@ -698,40 +630,10 @@ nodeB@hostB> orber:start().
       <item>If set, the value must be an integer greater than zero or 
       <c>{local, DefaultNATPort, [{Port, NATPort}]}</c>. See also
       <seealso marker="ch_install#firewall">Firewall Configuration</seealso>.</item>
-      <tag><em>ssl_server_cacertfile</em></tag>
+      <tag><em>ssl_server_options</em></tag>
       <item>the file path to a server side CA certificate.</item>
-      <tag><em>ssl_server_certfile</em></tag>
-      <item>The path to a file containing a chain of PEM encoded certificates.</item>
-      <tag><em>ssl_server_verify</em></tag>
-      <item>The type of verification used by SSL during authentication of the
-       other peer for incoming calls.</item>
-      <tag><em>ssl_server_depth</em></tag>
-      <item>The SSL verification depth for outgoing calls.</item>
-      <tag><em>ssl_server_password</em></tag>
-      <item>The server side key string.</item>
-      <tag><em>ssl_server_keyfile</em></tag>
-      <item>The file path to a server side key.</item>
-      <tag><em>ssl_server_ciphers</em></tag>
-      <item>The server side cipher string.</item>
-      <tag><em>ssl_server_cachetimeout</em></tag>
-      <item>The server side cache timeout.</item>
-      <tag><em>ssl_client_cacertfile</em></tag>
-      <item>The file path to a client side CA certificate.</item>
-      <tag><em>ssl_client_certfile</em></tag>
+      <tag><em>ssl_client_options</em></tag>
       <item>The path to a file containing a chain of PEM encoded certificates.</item>
-      <tag><em>ssl_client_verify</em></tag>
-      <item>The type of verification used by SSL during authentication of the
-       other peer for outgoing calls.</item>
-      <tag><em>ssl_client_depth</em></tag>
-      <item>The SSL verification depth for incoming calls.</item>
-      <tag><em>ssl_client_password</em></tag>
-      <item>The client side key string.</item>
-      <tag><em>ssl_client_keyfile</em></tag>
-      <item>The file path to a client side key.</item>
-      <tag><em>ssl_client_ciphers</em></tag>
-      <item>The client side cipher string.</item>
-      <tag><em>ssl_client_cachetimeout</em></tag>
-      <item>The client side cache timeout.</item>
       <tag><em>iiop_ssl_out_keepalive</em></tag>
       <item>Enables periodic transmission on a connected socket, when no other 
        data is being exchanged. If the other end does not respond, the 
diff --git a/lib/orber/doc/src/ch_security.xml b/lib/orber/doc/src/ch_security.xml
index 938025a629..a25a8a5052 100644
--- a/lib/orber/doc/src/ch_security.xml
+++ b/lib/orber/doc/src/ch_security.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE chapter SYSTEM "chapter.dtd">
 
 <chapter>
   <header>
     <copyright>
-      <year>1999</year><year>2009</year>
+      <year>1999</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -55,40 +55,15 @@
 
     <section>
       <title>Configurations when Orber is Used on the Server Side</title>
-      <p>The following three configuration variables can be used to configure Orber's SSL
-        behavior on the server side.</p>
+      <p>There is a variable to conficure Orber's SSL behavior on the server side.</p>
       <list type="bulleted">
-        <item><em>ssl_server_certfile</em> - which is a path to a file containing a
-         chain of PEM encoded certificates for the Orber domain as server.</item>
-        <item><em>ssl_server_cacertfile</em> - which is a path to a file containing 
-         a chain of PEM encoded certificates for the Orber domain as server.</item>
-        <item><em>ssl_server_verify</em> - which specifies type of verification: 
-         0 = do not verify peer; 1 = verify peer, verify client once,
-         2 = verify peer, verify client once, fail if no peer certificate. 
-         The default value is 0.</item>
-        <item><em>ssl_server_depth</em> - which specifies verification depth, i.e. 
-         how far in a chain of certificates the verification process shall
-         proceed before the verification is considered successful. The default
-         value is 1. </item>
-        <item><em>ssl_server_keyfile</em> - which is a path to a file containing a
-         PEM encoded key for the Orber domain as server.</item>
-        <item><em>ssl_server_password</em> - only used if the private keyfile is
-         password protected.</item>
-        <item><em>ssl_server_ciphers</em> - which is string of ciphers as a colon
-         separated list of ciphers.</item>
-        <item><em>ssl_server_cachetimeout</em> - which is the session cache timeout
-         in seconds.</item>
+        <item><em>ssl_server_options</em> - which is a list of options to ssl. 
+        See the <seealso marker="ssl:ssl">SSL</seealso> application for further 
+	descriptions on these options.</item>
       </list>
-      <p>There also exist a number of API functions for accessing the values of these variables:</p>
+      <p>There also exist an API function for accessing the value of this variable:</p>
       <list type="bulleted">
-        <item>orber:ssl_server_certfile/0</item>
-        <item>orber:ssl_server_cacertfile/0</item>
-        <item>orber:ssl_server_verify/0</item>
-        <item>orber:ssl_server_depth/0</item>
-        <item>orber:ssl_server_keyfile/0</item>
-        <item>orber:ssl_server_password/0</item>
-        <item>orber:ssl_server_ciphers/0</item>
-        <item>orber:ssl_server_cachetimeout/0</item>
+        <item>orber:ssl_server_options/0</item>
       </list>
     </section>
 
@@ -97,50 +72,22 @@
       <p>When the Orber enabled application is the client side in the secure connection the 
         different configurations can be set per client process instead and not for the whole domain
         as for incoming calls.</p>
-      <p>One can use configuration variables to set default values for the domain but they can be changed 
-        per client process. Below is the list of client configuration variables.</p>
+      <p>There is a variable to set default values for the domain but they can be changed 
+        per client process.</p>
       <list type="bulleted">
-        <item><em>ssl_client_certfile</em> - which is a path to a file containing a
-         chain of PEM encoded certificates used in outgoing calls in the current
-         process.</item>
-        <item><em>ssl_client_cacertfile</em> - which is a path to a file containing a
-         chain of PEM encoded CA certificates used in outgoing calls in the
-         current process.</item>
-        <item><em>ssl_client_verify</em> - which specifies type of verification: 
-         0 = do not verify peer; 1 = verify peer, verify client once, 
-         2 = verify peer, verify client once, fail if no peer certificate. 
-         The default value is 0.</item>
-        <item><em>ssl_client_depth</em> - which specifies verification depth, i.e. 
-         how far in a chain of certificates the verification process shall proceed
-         before the verification is considered successful. The default value is 1. </item>
-        <item><em>ssl_client_keyfile</em> - which is a path to a file containing a
-         PEM encoded key when Orber act as client side ORB.</item>
-        <item><em>ssl_client_password</em> - only used if the private keyfile is
-         password protected.</item>
-        <item><em>ssl_client_ciphers</em> - which is string of ciphers as a colon
-         separated list of ciphers.</item>
-        <item><em>ssl_client_cachetimeout</em> - which is the session cache timeout
-         in seconds.</item>
+        <item><em>ssl_client_options</em> - which is a list of options to ssl.
+        See the <seealso marker="ssl:ssl">SSL</seealso> application for further 
+	descriptions on these options.</item>
       </list>
-      <p>There also exist a number of API functions for accessing and changing the values of this 
-        variables in the client processes.</p>
-      <p>Access functions:</p>
+      <p>There also exist two API functions for accessing and changing the values of this 
+        variable in the client processes.</p>
+      <p>Access function:</p>
       <list type="bulleted">
-        <item>orber:ssl_client_certfile/0</item>
-        <item>orber:ssl_client_cacertfile/0</item>
-        <item>orber:ssl_client_verify/0</item>
-        <item>orber:ssl_client_depth/0</item>
-        <item>orber:ssl_client_keyfile/0</item>
-        <item>orber:ssl_client_password/0</item>
-        <item>orber:ssl_client_ciphers/0</item>
-        <item>orber:ssl_client_cachetimeout/0</item>
+        <item>orber:ssl_client_options/0</item>
       </list>
-      <p>Modify functions:</p>
+      <p>Modify function:</p>
       <list type="bulleted">
-        <item>orber:set_ssl_client_certfile/1</item>
-        <item>orber:set_ssl_client_cacertfile/1</item>
-        <item>orber:set_ssl_client_verify/1</item>
-        <item>orber:set_ssl_client_depth/1</item>
+        <item>orber:set_ssl_client_options/1</item>
       </list>
     </section>
   </section>
diff --git a/lib/orber/doc/src/corba.xml b/lib/orber/doc/src/corba.xml
index cae0e09b0b..08ec555f94 100644
--- a/lib/orber/doc/src/corba.xml
+++ b/lib/orber/doc/src/corba.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE erlref SYSTEM "erlref.dtd">
 
 <erlref>
   <header>
     <copyright>
-      <year>1997</year><year>2009</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -221,8 +221,7 @@ Example:
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>Object = #objref</v>
       </type>
@@ -287,8 +286,7 @@ Example:
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>Object = #objref</v>
       </type>
@@ -319,8 +317,7 @@ Example:
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>ObjectId = string()</v>
       </type>
@@ -360,8 +357,7 @@ Example:
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>Object = #objref</v>
       </type>
diff --git a/lib/orber/doc/src/corba_object.xml b/lib/orber/doc/src/corba_object.xml
index e0f9a9f503..ef440f1a2d 100644
--- a/lib/orber/doc/src/corba_object.xml
+++ b/lib/orber/doc/src/corba_object.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE erlref SYSTEM "erlref.dtd">
 
 <erlref>
@@ -75,8 +75,7 @@
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>Return = boolean() | {'EXCEPTION', E}</v>
       </type>
@@ -117,8 +116,7 @@
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>Return = boolean() | {'EXCEPTION', E}</v>
       </type>
@@ -149,8 +147,7 @@
         <v>CtxData = {interface, Interface} | {userspecific, term()} | {configuration, Options}</v>
         <v>Interface = string()</v>
         <v>Options = [{Key, Value}]</v>
-        <v>Key = ssl_client_verify | ssl_client_depth | ssl_client_certfile | ssl_client_cacertfile |
-                 ssl_client_password | ssl_client_keyfile | ssl_client_ciphers | ssl_client_cachetimeout</v>
+        <v>Key = ssl_client_options</v>
         <v>Value = allowed value associated with the given key</v>
         <v>Return = boolean() | {'EXCEPTION', E}</v>
       </type>
diff --git a/lib/orber/doc/src/notes.xml b/lib/orber/doc/src/notes.xml
index c8477d9252..35ee5e35dd 100644
--- a/lib/orber/doc/src/notes.xml
+++ b/lib/orber/doc/src/notes.xml
@@ -32,7 +32,51 @@
     <file>notes.xml</file>
   </header>
 
-  <section><title>Orber 3.6.22</title>
+  <section><title>Orber 3.6.23</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+	    <p> Remove usage of ssl:seed/1 in orber test cases. </p>
+          <p>
+	    Own Id: OTP-9728</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+	    <p> The SSL option handling has been changed. There are
+	    now two new orber options <c>ssl_server_options</c> and
+	    <c>ssl_client_options</c> which takes a list of options
+	    to the socket. </p> <p> The old options are now
+	    deprecated and removed from the documentation but they
+	    can still be used for backward compatibility as long as
+	    the two new options not are used. </p> <p> If
+	    <c>ssl_server_options</c> and <c>ssl_client_options</c>
+	    contain an TCP option that <c>orber</c> needs to set to a
+	    specific value it will be skipped and a warning will be
+	    written to the error_log. </p>
+          <p>
+	    Own Id: OTP-9773 Aux Id: seq11932 </p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Orber 3.6.22</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/orber/doc/src/orber.xml b/lib/orber/doc/src/orber.xml
index 5e38e4cf9f..35e9f57008 100644
--- a/lib/orber/doc/src/orber.xml
+++ b/lib/orber/doc/src/orber.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE erlref SYSTEM "erlref.dtd">
 
 <erlref>
   <header>
     <copyright>
-      <year>1997</year><year>2010</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -356,7 +356,7 @@
         <v>Type = normal | ssl</v>
         <v>Port = integer() > 0</v>
         <v>ConfigurationParameters = [{Key, Value}]</v>
-        <v>Key = flags | iiop_in_connection_timeout | iiop_max_fragments | iiop_max_in_requests | interceptors | iiop_port | iiop_ssl_port</v>
+        <v>Key = flags | iiop_in_connection_timeout | iiop_max_fragments | iiop_max_in_requests | interceptors | iiop_port | iiop_ssl_port | ssl_server_options</v>
         <v>Value = as described in the User's Guide</v>
         <v>Result = {ok, Ref} | {error, Reason} | {'EXCEPTION', #'BAD_PARAM'{}}</v>
         <v>Ref = #Ref</v>
@@ -378,7 +378,7 @@
           counterparts (See the
           <seealso marker="ch_install#config">Configuration</seealso> chapter
           in the User's Guide). 
-          But the following parameters there are a few restrictions:</p>
+          But for the following parameters there are a few restrictions:</p>
         <list type="bulleted">
           <item><em>flags</em> - currently it is only possible to override the global
            setting for the <c>Use Current Interface in IOR</c> and 
@@ -450,92 +450,32 @@
       </desc>
     </func>
     <func>
-      <name>ssl_server_certfile() -> string()</name>
-      <fsummary>Display  the path to the server certificate</fsummary>
+      <name>ssl_server_options() -> list()</name>
+      <fsummary>Display the SSL server options</fsummary>
       <desc>
-        <p>This function returns a path to a file containing a chain of PEM encoded 
-          certificates for the Orber domain as server. 
+        <p>This function returns the list of SSL options set for the Orber domain as server. 
           This is configured by setting the application variable 
-          <em>ssl_server_certfile</em>.</p>
+          <em>ssl_server_options</em>.</p>
       </desc>
     </func>
     <func>
-      <name>ssl_client_certfile() -> string()</name>
-      <fsummary>Display the path to the client certificate</fsummary>
+      <name>ssl_client_options() -> list()</name>
+      <fsummary>Display the SSL client options</fsummary>
       <desc>
-        <p>This function returns a path to a file containing a chain of PEM encoded 
-          certificates used in outgoing calls in the current process.
+        <p>This function returns the list of SSL options used in outgoing calls in the current process.
           The default value is configured by setting the application variable 
-          <em>ssl_client_certfile</em>.</p>
+          <em>ssl_client_options</em>.</p>
       </desc>
     </func>
     <func>
-      <name>set_ssl_client_certfile(Path) -> ok</name>
-      <fsummary>Set the value of the client certificate</fsummary>
+      <name>set_ssl_client_options(Options) -> ok</name>
+      <fsummary>Set the SSL options for the client</fsummary>
       <type>
-        <v>Path = string()</v>
+        <v>Options = list()</v>
       </type>
       <desc>
-        <p>This function takes a path to a file containing a chain of PEM encoded 
-          certificates as parameter and sets it for the current process.</p>
-      </desc>
-    </func>
-    <func>
-      <name>ssl_server_verify() -> 0 | 1 | 2</name>
-      <fsummary>Display the SSL verification type for incoming calls</fsummary>
-      <desc>
-        <p>This function returns the type of verification used by SSL during authentication of the other 
-          peer for incoming calls. 
-          It is configured by setting the application variable 
-          <em>ssl_server_verify</em>.</p>
-      </desc>
-    </func>
-    <func>
-      <name>ssl_client_verify() -> 0 | 1 | 2</name>
-      <fsummary>Display the SSL verification type for outgoing calls</fsummary>
-      <desc>
-        <p>This function returns  the type of verification used by SSL during authentication of the other 
-          peer for outgoing calls. 
-          The default value is configured by setting the application variable 
-          <em>ssl_client_verify</em>.</p>
-      </desc>
-    </func>
-    <func>
-      <name>set_ssl_client_verify(Value) -> ok</name>
-      <fsummary>Set the value of the SSL verification type for outgoing calls</fsummary>
-      <type>
-        <v>Value = 0 | 1 | 2</v>
-      </type>
-      <desc>
-        <p>This function sets the SSL verification type for the other peer of outgoing calls.</p>
-      </desc>
-    </func>
-    <func>
-      <name>ssl_server_depth() -> int()</name>
-      <fsummary>Display the SSL verification depth for incoming calls</fsummary>
-      <desc>
-        <p>This function returns the SSL verification depth for incoming calls. 
-          It is configured by setting the application variable 
-          <em>ssl_server_depth</em>.</p>
-      </desc>
-    </func>
-    <func>
-      <name>ssl_client_depth() ->  int()</name>
-      <fsummary>Display the SSL verification depth for outgoing calls</fsummary>
-      <desc>
-        <p>This function returns the SSL verification depth for outgoing calls. 
-          The default value is configured by setting the application variable 
-          <em>ssl_client_depth</em>.</p>
-      </desc>
-    </func>
-    <func>
-      <name>set_ssl_client_depth(Depth) -> ok</name>
-      <fsummary>Sets the value of the SSL verification depth for outgoing calls</fsummary>
-      <type>
-        <v>Depth = int()</v>
-      </type>
-      <desc>
-        <p>This function sets the SSL verification depth for the other peer of outgoing calls.</p>
+        <p>This function takes a list of SSL options as parameter and sets 
+	it for the current process.</p>
       </desc>
     </func>
     <func>
diff --git a/lib/orber/examples/Stack/Makefile b/lib/orber/examples/Stack/Makefile
index 215e57fcbe..b985f348fa 100644
--- a/lib/orber/examples/Stack/Makefile
+++ b/lib/orber/examples/Stack/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/orber/priv/Makefile b/lib/orber/priv/Makefile
index 2847727035..af82177466 100644
--- a/lib/orber/priv/Makefile
+++ b/lib/orber/priv/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2001-2009. All Rights Reserved.
+# Copyright Ericsson AB 2001-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/orber/src/Makefile b/lib/orber/src/Makefile
index e812e22b46..d2e98686da 100644
--- a/lib/orber/src/Makefile
+++ b/lib/orber/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/orber/src/orber.erl b/lib/orber/src/orber.erl
index 386c07d227..5ab240e046 100644
--- a/lib/orber/src/orber.erl
+++ b/lib/orber/src/orber.erl
@@ -36,6 +36,7 @@
 -export([start/0, start/1, stop/0, install/1, install/2, orber_nodes/0, iiop_port/0,
 	 domain/0, iiop_ssl_port/0, iiop_out_ports/0, iiop_out_ports_random/0,
 	 iiop_out_ports_attempts/0,
+	 ssl_server_options/0, ssl_client_options/0, set_ssl_client_options/1,
 	 ssl_server_certfile/0, ssl_client_certfile/0, set_ssl_client_certfile/1,
 	 ssl_server_verify/0, ssl_client_verify/0, set_ssl_client_verify/1,
 	 ssl_server_depth/0, ssl_client_depth/0, set_ssl_client_depth/1,
@@ -524,6 +525,15 @@ iiop_ssl_port() ->
 nat_iiop_ssl_port() ->
     orber_env:nat_iiop_ssl_port().
 
+ssl_server_options() ->
+        orber_env:ssl_server_options().
+
+ssl_client_options() ->
+        orber_env:ssl_client_options().
+
+set_ssl_client_options(Value) ->
+        orber_env:set_ssl_client_options(Value).
+
 ssl_server_certfile() ->
     orber_env:ssl_server_certfile().
     
diff --git a/lib/orber/src/orber_diagnostics.erl b/lib/orber/src/orber_diagnostics.erl
index c115d79524..3ab55c448d 100644
--- a/lib/orber/src/orber_diagnostics.erl
+++ b/lib/orber/src/orber_diagnostics.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/orber/src/orber_env.erl b/lib/orber/src/orber_env.erl
index d80edb4ee0..8758450104 100644
--- a/lib/orber/src/orber_env.erl
+++ b/lib/orber/src/orber_env.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -20,7 +20,7 @@
 %%
 %%-----------------------------------------------------------------
 %% File: orber_env.erl
-%% 
+%%
 %% Description:
 %%    Handling environment parameters for Orber.
 %%
@@ -49,20 +49,22 @@
 	 iiop_max_in_connections/0, iiop_backlog/0, objectkeys_gc_time/0,
 	 get_ORBInitRef/0, get_ORBDefaultInitRef/0, get_interceptors/0,
 	 get_local_interceptors/0, get_cached_interceptors/0,
-	 set_interceptors/1, is_lightweight/0, get_lightweight_nodes/0, secure/0, 
+	 set_interceptors/1, is_lightweight/0, get_lightweight_nodes/0, secure/0,
 	 iiop_ssl_backlog/0, iiop_ssl_port/0, nat_iiop_ssl_port/0, nat_iiop_ssl_port/1,
+	 ssl_server_options/0, ssl_client_options/0, set_ssl_client_options/1,
 	 ssl_server_certfile/0, ssl_client_certfile/0, set_ssl_client_certfile/1,
 	 ssl_server_verify/0, ssl_client_verify/0, set_ssl_client_verify/1,
 	 ssl_server_depth/0, ssl_client_depth/0, set_ssl_client_depth/1,
-	 ssl_server_cacertfile/0, ssl_client_cacertfile/0, 
+	 ssl_server_cacertfile/0, ssl_client_cacertfile/0,
 	 set_ssl_client_cacertfile/1, ssl_client_password/0,
 	 ssl_server_password/0, ssl_client_keyfile/0, ssl_server_keyfile/0,
 	 ssl_client_ciphers/0, ssl_server_ciphers/0, ssl_client_cachetimeout/0,
-	 ssl_server_cachetimeout/0, get_flags/0, typechecking/0,  
+	 ssl_server_cachetimeout/0,
+	 get_flags/0, typechecking/0,
 	 exclude_codeset_ctx/0, exclude_codeset_component/0, partial_security/0,
 	 use_CSIv2/0, use_FT/0, ip_version/0, light_ifr/0, bidir_context/0,
 	 get_debug_level/0, getaddrstr/2, addr2str/1, iiop_packet_size/0,
-	 iiop_ssl_ip_address_local/0, ip_address_local/0, iiop_in_keepalive/0, 
+	 iiop_ssl_ip_address_local/0, ip_address_local/0, iiop_in_keepalive/0,
 	 iiop_out_keepalive/0, iiop_ssl_in_keepalive/0, iiop_ssl_out_keepalive/0,
 	 iiop_ssl_accept_timeout/0, ssl_generation/0]).
 
@@ -87,38 +89,39 @@
 	[flags, iiop_port, nat_iiop_port, iiop_out_ports, domain, ip_address,
 	 nat_ip_address, giop_version, iiop_timeout, iiop_connection_timeout,
 	 iiop_setup_connection_timeout, iiop_in_connection_timeout, iiop_acl,
-	 iiop_max_fragments, iiop_max_in_requests, iiop_max_in_connections, 
+	 iiop_max_fragments, iiop_max_in_requests, iiop_max_in_connections,
 	 iiop_backlog, objectkeys_gc_time, orbInitRef, orbDefaultInitRef,
 	 interceptors, local_interceptors, lightweight, ip_address_local,
-	 secure, iiop_ssl_ip_address_local, iiop_ssl_backlog, 
-	 iiop_ssl_port, nat_iiop_ssl_port, ssl_server_certfile, 
-	 ssl_client_certfile, ssl_server_verify, ssl_client_verify, ssl_server_depth, 
-	 ssl_client_depth, ssl_server_cacertfile, ssl_client_cacertfile, 
-	 ssl_client_password, ssl_server_password, ssl_client_keyfile, 
-	 ssl_server_keyfile, ssl_client_ciphers, ssl_server_ciphers, 
+	 secure, iiop_ssl_ip_address_local, iiop_ssl_backlog,
+	 iiop_ssl_port, nat_iiop_ssl_port, ssl_server_certfile,
+	 ssl_client_certfile, ssl_server_verify, ssl_client_verify, ssl_server_depth,
+	 ssl_client_depth, ssl_server_cacertfile, ssl_client_cacertfile,
+	 ssl_client_password, ssl_server_password, ssl_client_keyfile,
+	 ssl_server_keyfile, ssl_client_ciphers, ssl_server_ciphers,
 	 ssl_client_cachetimeout, ssl_server_cachetimeout, orber_debug_level,
 	 iiop_packet_size, iiop_in_keepalive, iiop_out_keepalive,
-	 iiop_ssl_in_keepalive, iiop_ssl_out_keepalive, iiop_ssl_accept_timeout]).
+	 iiop_ssl_in_keepalive, iiop_ssl_out_keepalive, iiop_ssl_accept_timeout,
+	 ssl_server_options, ssl_client_options]).
 
 %% The 'flags' parameter must be first in the list.
 %-define(ENV_KEYS,
-%	[{flags, ?ORB_ENV_INIT_FLAGS}, {iiop_port, 4001}, nat_iiop_port, 
-%	 {iiop_out_ports, 0}, {domain, "ORBER"}, ip_address, nat_ip_address, 
-%	 {giop_version, {1, 1}}, {iiop_timeout, infinity}, 
-%	 {iiop_connection_timeout, infinity}, {iiop_setup_connection_timeout, infinity}, 
+%	[{flags, ?ORB_ENV_INIT_FLAGS}, {iiop_port, 4001}, nat_iiop_port,
+%	 {iiop_out_ports, 0}, {domain, "ORBER"}, ip_address, nat_ip_address,
+%	 {giop_version, {1, 1}}, {iiop_timeout, infinity},
+%	 {iiop_connection_timeout, infinity}, {iiop_setup_connection_timeout, infinity},
 %	 {iiop_in_connection_timeout, infinity}, {iiop_acl, []},
-%	 {iiop_max_fragments, infinity}, {iiop_max_in_requests, infinity}, 
-%	 {iiop_max_in_connections, infinity}, {iiop_backlog, 5}, 
-%	 {objectkeys_gc_time, infinity}, 
+%	 {iiop_max_fragments, infinity}, {iiop_max_in_requests, infinity},
+%	 {iiop_max_in_connections, infinity}, {iiop_backlog, 5},
+%	 {objectkeys_gc_time, infinity},
 %	 {orbInitRef, undefined}, {orbDefaultInitRef, undefined},
 %	 {interceptors, false}, {local_interceptors, false}, {lightweight, false},
-%	 {secure, no}, {iiop_ssl_backlog, 5}, {iiop_ssl_port, 4002}, 
+%	 {secure, no}, {iiop_ssl_backlog, 5}, {iiop_ssl_port, 4002},
 %	 nat_iiop_ssl_port, {ssl_server_certfile, []}, {ssl_client_certfile, []},
-%	 {ssl_server_verify, 0}, {ssl_client_verify, 0}, {ssl_server_depth, 1}, 
-%	 {ssl_client_depth, 1}, {ssl_server_cacertfile, []}, 
+%	 {ssl_server_verify, 0}, {ssl_client_verify, 0}, {ssl_server_depth, 1},
+%	 {ssl_client_depth, 1}, {ssl_server_cacertfile, []},
 %	 {ssl_client_cacertfile, []}, {ssl_client_password, []},
-%	 {ssl_server_password, []}, {ssl_client_keyfile, []}, 
-%	 {ssl_server_keyfile, []}, {ssl_client_ciphers, []}, 
+%	 {ssl_server_password, []}, {ssl_client_keyfile, []},
+%	 {ssl_server_keyfile, []}, {ssl_client_ciphers, []},
 %	 {ssl_server_ciphers, []}, {ssl_client_cachetimeout, infinity},
 %	 {ssl_server_cachetimeout, infinity}, {orber_debug_level, 0}]).
 
@@ -129,33 +132,33 @@
 
 %%-----------------------------------------------------------------
 %% External functions
-%%-----------------------------------------------------------------    
 %%-----------------------------------------------------------------
-%% function : 
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%%-----------------------------------------------------------------
+%% function :
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 start(Opts) ->
     gen_server:start_link({local, orber_env}, ?MODULE, Opts, []).
 
 %%-----------------------------------------------------------------
 %% function : get_keys
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 get_keys() ->
     ?ENV_KEYS.
 
 %%-----------------------------------------------------------------
 %% function : get_env
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 get_env(Key) when is_atom(Key) ->
     case catch ets:lookup(?ENV_DB, Key) of
@@ -164,13 +167,13 @@ get_env(Key) when is_atom(Key) ->
 	_ ->
 	    undefined
     end.
- 
+
 %%-----------------------------------------------------------------
 %% function : get_env
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 set_env(Key, Value) when is_atom(Key) ->
     case catch ets:insert(?ENV_DB, #parameters{key = Key, value = Value}) of
@@ -179,20 +182,20 @@ set_env(Key, Value) when is_atom(Key) ->
 	_ ->
 	    undefined
     end.
- 
+
 
 %%-----------------------------------------------------------------
 %% function : info
 %% Arguments: IoDervice - info_msg | string | io | {io, Dev}
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 info() ->
     info(info_msg).
 
 info(IoDevice) ->
-    Info = 
+    Info =
 	case orber_tb:is_running() of
 	    true ->
 		Info1 = create_main_info(),
@@ -211,7 +214,7 @@ info(IoDevice) ->
 	string ->
 	    Info;
 	io ->
-	    io:format("~s", [Info]); 
+	    io:format("~s", [Info]);
 	{io, Dev} ->
 	    io:format(Dev, "~s", [Info]);
 	_ ->
@@ -220,14 +223,14 @@ info(IoDevice) ->
 
 create_main_info() ->
     {Major, Minor} = giop_version(),
-    [io_lib:format("======= Orber Execution Environment ======~n"		   
+    [io_lib:format("======= Orber Execution Environment ======~n"
 		   "Orber version.................: ~s~n"
 		   "Orber domain..................: ~s~n"
 		   "IIOP port number..............: ~p~n"
 		   "IIOP NAT port number..........: ~p~n"
 		   "Interface(s)..................: ~p~n"
 		   "Interface(s) NAT..............: ~p~n"
-		   "Local Interface (default).....: ~p~n"		   
+		   "Local Interface (default).....: ~p~n"
 		   "Nodes in domain...............: ~p~n"
 		   "GIOP version (default)........: ~p.~p~n"
 		   "IIOP out timeout..............: ~p msec~n"
@@ -254,18 +257,18 @@ create_main_info() ->
 		   "Debug Level...................: ~p~n"
 		   "orbInitRef....................: ~p~n"
 		   "orbDefaultInitRef.............: ~p~n",
-		   [?ORBVSN, domain(), iiop_port(), nat_iiop_port(), host(), 
+		   [?ORBVSN, domain(), iiop_port(), nat_iiop_port(), host(),
 		    nat_host(), ip_address_local(),
 		    orber:orber_nodes(), Major, Minor,
-		    iiop_timeout(), iiop_connection_timeout(), 
+		    iiop_timeout(), iiop_connection_timeout(),
 		    iiop_setup_connection_timeout(), iiop_out_ports(),
 		    iiop_out_ports_attempts(), iiop_out_ports_random(),
-		    orber:iiop_connections(out), orber:iiop_connections_pending(), 
-		    iiop_out_keepalive(), orber:iiop_connections(in), 
-		    iiop_in_connection_timeout(), iiop_in_keepalive(), 
-		    iiop_max_fragments(), iiop_max_in_requests(), 
+		    orber:iiop_connections(out), orber:iiop_connections_pending(),
+		    iiop_out_keepalive(), orber:iiop_connections(in),
+		    iiop_in_connection_timeout(), iiop_in_keepalive(),
+		    iiop_max_fragments(), iiop_max_in_requests(),
 		    iiop_max_in_connections(), iiop_backlog(), iiop_acl(),
-		    iiop_packet_size(), objectkeys_gc_time(), get_interceptors(), 
+		    iiop_packet_size(), objectkeys_gc_time(), get_interceptors(),
 		    get_local_interceptors(), get_debug_level(), get_ORBInitRef(),
 		    get_ORBDefaultInitRef()])].
 
@@ -277,7 +280,7 @@ create_flag_info(Info) ->
 	    FlagData = check_flags(?ORB_ENV_FLAGS, Flags, []),
 	    [Info, "System Flags Set..............: \n", FlagData, "\n"]
     end.
-  
+
 check_flags([], _, Acc) ->
     Acc;
 check_flags([{Flag, Txt}|T], Flags, Acc) when ?ORB_FLAG_TEST(Flags, Flag) ->
@@ -289,7 +292,7 @@ check_flags([_|T], Flags, Acc) ->
 create_security_info(no, Info) ->
     lists:flatten([Info, "=========================================\n"]);
 create_security_info(ssl, Info) ->
-    lists:flatten([Info, 
+    lists:flatten([Info,
 		   io_lib:format("ORB security..................: ssl~n"
 				 "SSL generation................: ~p~n"
 				 "SSL IIOP in keepalive.........: ~p~n"
@@ -316,26 +319,26 @@ create_security_info(ssl, Info) ->
 				 "SSL client ciphers............: ~p~n"
 				 "SSL client cachetimeout.......: ~p~n"
 				 "=========================================~n",
-				 [ssl_generation(), iiop_ssl_port(), 
+				 [ssl_generation(), iiop_ssl_port(),
 				  iiop_ssl_in_keepalive(), iiop_ssl_out_keepalive(),
-				  nat_iiop_ssl_port(), iiop_ssl_accept_timeout(), 
+				  nat_iiop_ssl_port(), iiop_ssl_accept_timeout(),
 				  iiop_ssl_backlog(), iiop_ssl_ip_address_local(),
 				  ssl_server_certfile(), ssl_server_verify(),
-				  ssl_server_depth(), ssl_server_cacertfile(), 
-				  ssl_server_keyfile(), ssl_server_password(), 
+				  ssl_server_depth(), ssl_server_cacertfile(),
+				  ssl_server_keyfile(), ssl_server_password(),
 				  ssl_server_ciphers(), ssl_server_cachetimeout(),
-				  ssl_client_certfile(), ssl_client_verify(), 
-				  ssl_client_depth(), ssl_client_cacertfile(), 
+				  ssl_client_certfile(), ssl_client_verify(),
+				  ssl_client_depth(), ssl_client_cacertfile(),
 				  ssl_client_keyfile(), ssl_client_password(),
 				  ssl_client_ciphers(), ssl_client_cachetimeout()])]).
 
 
 %%-----------------------------------------------------------------
 %% function : iiop_acl
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 iiop_acl() ->
     case application:get_env(orber, iiop_acl) of
@@ -352,7 +355,7 @@ iiop_packet_size() ->
 	_ ->
 	    infinity
     end.
-  
+
 
 iiop_port() ->
     case application:get_env(orber, iiop_port) of
@@ -368,7 +371,7 @@ nat_iiop_port() ->
 	    Port;
 	{ok, {local, Default, _NATList}} ->
 	    Default;
-	_ -> 
+	_ ->
 	    iiop_port()
     end.
 
@@ -378,7 +381,7 @@ nat_iiop_port(LocalPort) ->
 	    Port;
 	{ok, {local, Default, NATList}} ->
 	    orber_tb:keysearch(LocalPort, NATList, Default);
-	_ -> 
+	_ ->
 	    iiop_port()
     end.
 
@@ -407,9 +410,9 @@ iiop_out_ports_attempts() ->
 	_ ->
 	    1
     end.
-   
 
-domain() -> 
+
+domain() ->
     case application:get_env(orber, domain) of
 	{ok, Domain} when is_list(Domain) ->
 	    Domain;
@@ -449,7 +452,7 @@ nat_host([Host]) ->
 	{ok,{multiple, [I|_] = IList}} when is_list(I) ->
 	    IList;
 	{ok,{local, Default, NATList}} ->
-	    [orber_tb:keysearch(Host, NATList, Default)]; 
+	    [orber_tb:keysearch(Host, NATList, Default)];
 	_ ->
 	    host()
     end.
@@ -462,7 +465,7 @@ host() ->
 	{ok,{multiple, [I|_] = IList}} when is_list(I) ->
 	    IList;
 	%% IPv4. For IPv6 we only accept a string, but we must support this format
-	%% for IPv4 
+	%% for IPv4
 	{ok, {A1, A2, A3, A4}} when is_integer(A1+A2+A3+A4) ->
 	    [integer_to_list(A1) ++ "." ++ integer_to_list(A2) ++ "." ++ integer_to_list(A3)
 	     ++ "." ++ integer_to_list(A4)];
@@ -489,7 +492,7 @@ ip_address_local() ->
 	_ ->
 	    []
     end.
- 
+
 
 ip_address() ->
     ip_address(ip_version()).
@@ -526,7 +529,7 @@ addr2str({A1, A2, A3, A4, A5, A6, A7, A8}) ->
 	int16_to_hex(A3) ++ ":" ++ int16_to_hex(A4) ++ ":" ++
 	int16_to_hex(A5) ++ ":" ++ int16_to_hex(A6) ++ ":" ++
 	int16_to_hex(A7) ++ ":" ++ int16_to_hex(A8).
-    
+
 
 int16_to_hex(0) ->
     [$0];
@@ -613,7 +616,7 @@ iiop_max_fragments() ->
 	_ ->
 	    infinity
     end.
-    
+
 iiop_max_in_requests() ->
     case application:get_env(orber, iiop_max_in_requests) of
 	{ok, Max} when is_integer(Max) andalso Max > 0 ->
@@ -653,7 +656,7 @@ iiop_out_keepalive() ->
 	_ ->
 	    false
     end.
- 
+
 
 
 get_flags() ->
@@ -706,9 +709,9 @@ bidir_context() ->
 	?ORB_FLAG_TEST(Flags, ?ORB_ENV_USE_BI_DIR_IIOP) ->
 	    [#'IOP_ServiceContext'
 	     {context_id=?IOP_BI_DIR_IIOP,
-	      context_data = 
-	      #'IIOP_BiDirIIOPServiceContext'{listen_points = 
-					      [#'IIOP_ListenPoint'{host=host(), 
+	      context_data =
+	      #'IIOP_BiDirIIOPServiceContext'{listen_points =
+					      [#'IIOP_ListenPoint'{host=host(),
 								   port=iiop_port()}]}}];
 	true ->
 	    []
@@ -819,7 +822,7 @@ get_lightweight_nodes() ->
 	_ ->
 	    false
     end.
-   
+
 
 %%-----------------------------------------------------------------
 %% Security access operations (SSL)
@@ -838,8 +841,8 @@ ssl_generation() ->
 	    V;
 	_ ->
 	    2
-    end.	 
- 
+    end.
+
 iiop_ssl_ip_address_local() ->
     case application:get_env(orber, iiop_ssl_ip_address_local) of
 	{ok,I} when is_list(I) ->
@@ -876,10 +879,10 @@ iiop_ssl_accept_timeout() ->
     case application:get_env(orber, iiop_ssl_accept_timeout) of
 	{ok, N} when is_integer(N) ->
 	    N * 1000;
-	_  -> 
+	_  ->
 	    infinity
     end.
- 
+
 iiop_ssl_port() ->
     case application:get_env(orber, secure) of
 	{ok, ssl} ->
@@ -923,6 +926,52 @@ nat_iiop_ssl_port(LocalPort) ->
 	    -1
     end.
 
+ssl_server_options() ->
+    case application:get_env(orber, ssl_server_options) of
+	{ok, V1}  when is_list(V1) ->
+	    V1;
+	_ ->
+	    []
+    end.
+
+ssl_client_options() ->
+    case application:get_env(orber, ssl_client_options) of
+	{ok, V1}  when is_list(V1) ->
+	    V1;
+	_ ->
+	    []
+    end.
+
+check_ssl_opts(Value) ->
+    check_ssl_opts(Value, []).
+check_ssl_opts([], []) ->
+    ok;
+check_ssl_opts([], Acc) ->
+    {error, Acc};
+check_ssl_opts([{active, _} |T], Acc) ->
+    check_ssl_opts(T, [active |Acc]);
+check_ssl_opts([{packet, _} |T], Acc) ->
+    check_ssl_opts(T, [packet |Acc]);
+check_ssl_opts([{mode, _} |T], Acc) ->
+    check_ssl_opts(T, [mode |Acc]);
+check_ssl_opts([list |T], Acc) ->
+    check_ssl_opts(T, [list |Acc]);
+check_ssl_opts([binary |T], Acc) ->
+    check_ssl_opts(T, [binary |Acc]);
+check_ssl_opts([_ |T], Acc) ->
+    check_ssl_opts(T, Acc).
+
+set_ssl_client_options(Value) when is_list(Value) ->
+    case check_ssl_opts(Value) of
+	ok ->
+	    ok;
+	{error, List} ->
+	    exit(lists:flatten(
+		   io_lib:format("TCP options ~p is not allowed in set_ssl_client_options()",
+				 [List])))
+    end,
+    put(ssl_client_options, Value), ok.
+
 ssl_server_certfile() ->
     case application:get_env(orber, ssl_server_certfile) of
 	{ok, V1}  when is_list(V1) ->
@@ -932,7 +981,7 @@ ssl_server_certfile() ->
 	_ ->
 	    []
     end.
-    
+
 ssl_client_certfile() ->
     case get(ssl_client_certfile) of
 	undefined ->
@@ -950,7 +999,7 @@ ssl_client_certfile() ->
 
 set_ssl_client_certfile(Value) when is_list(Value) ->
     put(ssl_client_certfile, Value).
-    
+
 ssl_server_verify() ->
     Verify = case application:get_env(orber, ssl_server_verify) of
 	{ok, V} when is_integer(V) ->
@@ -964,7 +1013,7 @@ ssl_server_verify() ->
 	true ->
 	   0
     end.
-    
+
 ssl_client_verify() ->
     Verify = case get(ssl_client_verify) of
 		 undefined ->
@@ -986,7 +1035,7 @@ ssl_client_verify() ->
 
 set_ssl_client_verify(Value) when is_integer(Value) andalso Value =< 2 andalso Value >= 0 ->
     put(ssl_client_verify, Value), ok.
-    
+
 ssl_server_depth() ->
     case application:get_env(orber, ssl_server_depth) of
 	{ok, V1} when is_integer(V1) ->
@@ -994,7 +1043,7 @@ ssl_server_depth() ->
 	_ ->
 	    1
     end.
-    
+
 ssl_client_depth() ->
     case get(ssl_client_depth) of
 	undefined ->
@@ -1010,7 +1059,7 @@ ssl_client_depth() ->
 
 set_ssl_client_depth(Value) when is_integer(Value) ->
     put(ssl_client_depth, Value), ok.
-    
+
 
 
 ssl_server_cacertfile() ->
@@ -1022,7 +1071,7 @@ ssl_server_cacertfile() ->
 	_ ->
 	    []
     end.
-    
+
 ssl_client_cacertfile() ->
     case get(ssl_client_cacertfile) of
 	undefined ->
@@ -1040,7 +1089,7 @@ ssl_client_cacertfile() ->
 
 set_ssl_client_cacertfile(Value) when is_list(Value) ->
     put(ssl_client_cacertfile, Value), ok.
-    
+
 
 ssl_client_password() ->
     case application:get_env(orber, ssl_client_password) of
@@ -1108,10 +1157,10 @@ ssl_server_cachetimeout() ->
 
 %%-----------------------------------------------------------------
 %% function : configure
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 configure(Key, Value) when is_atom(Key) ->
     configure(Key, Value, check);
@@ -1125,10 +1174,10 @@ configure_override(Key, _) ->
 
 %%-----------------------------------------------------------------
 %% function : multi_configure
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 multi_configure(KeyValueList) when is_list(KeyValueList) ->
     case orber_tb:is_loaded() of
@@ -1144,7 +1193,7 @@ multi_configure(KeyValueList) when is_list(KeyValueList) ->
 	    end
     end;
 multi_configure(KeyValueList) ->
-    ?EFORMAT("Given configuration parameters not a Key-Value-pair list: ~p", 
+    ?EFORMAT("Given configuration parameters not a Key-Value-pair list: ~p",
 	     [KeyValueList]).
 
 multi_configure_helper([], _) ->
@@ -1237,7 +1286,7 @@ configure(iiop_port, Value, Status) when is_integer(Value) ->
 %% Set the NAT listen port
 configure(nat_iiop_port, Value, Status) when is_integer(Value) andalso Value > 0 ->
     do_safe_configure(nat_iiop_port, Value, Status);
-configure(nat_iiop_port, {local, Value1, Value2}, Status) when is_integer(Value1) andalso 
+configure(nat_iiop_port, {local, Value1, Value2}, Status) when is_integer(Value1) andalso
 							       Value1 > 0 andalso
 							       is_list(Value2) ->
     do_safe_configure(nat_iiop_port, {local, Value1, Value2}, Status);
@@ -1312,12 +1361,20 @@ configure(iiop_ssl_backlog, Value, Status) when is_integer(Value) andalso Value
     do_safe_configure(iiop_ssl_backlog, Value, Status);
 configure(nat_iiop_ssl_port, Value, Status) when is_integer(Value) andalso Value > 0 ->
     do_safe_configure(nat_iiop_ssl_port, Value, Status);
-configure(nat_iiop_ssl_port, {local, Value1, Value2}, Status) when is_integer(Value1) andalso 
+configure(nat_iiop_ssl_port, {local, Value1, Value2}, Status) when is_integer(Value1) andalso
 								   Value1 > 0 andalso
 								   is_list(Value2) ->
     do_safe_configure(nat_iiop_ssl_port, {local, Value1, Value2}, Status);
 configure(iiop_ssl_port, Value, Status) when is_integer(Value) ->
     do_safe_configure(iiop_ssl_port, Value, Status);
+
+%% New SSL options
+configure(ssl_server_options, Value, Status) when is_list(Value) ->
+    do_safe_configure(ssl_server_options, Value, Status);
+configure(ssl_client_options, Value, Status) when is_list(Value) ->
+    do_safe_configure(ssl_client_options, Value, Status);
+
+%% Old SSL options
 configure(ssl_server_certfile, Value, Status) when is_list(Value) ->
     do_safe_configure(ssl_server_certfile, Value, Status);
 configure(ssl_server_certfile, Value, Status) when is_atom(Value) ->
@@ -1434,9 +1491,9 @@ code_change(_OldVsn, State, _Extra) ->
 
 %%-----------------------------------------------------------------
 %% function : env
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
+%% Arguments:
+%% Returns  :
+%% Exception:
 %% Effect   : Used when Key always exists (Default Value)
 %%-----------------------------------------------------------------
 env(Key) ->
@@ -1445,10 +1502,10 @@ env(Key) ->
 
 %%-----------------------------------------------------------------
 %% function : init_env
-%% Arguments: 
-%% Returns  : 
-%% Exception: 
-%% Effect   : 
+%% Arguments:
+%% Returns  :
+%% Exception:
+%% Effect   :
 %%-----------------------------------------------------------------
 init_env() ->
     application:load(orber),
diff --git a/lib/orber/src/orber_ifr.erl b/lib/orber/src/orber_ifr.erl
index 9631a268e4..6799bc1db4 100644
--- a/lib/orber/src/orber_ifr.erl
+++ b/lib/orber/src/orber_ifr.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -478,7 +478,7 @@ get_module(Id, Type) ->
 	What ->
 	    orber:dbg("[~p] ~p:get_module(~p, ~p).~n"
 		      "Id doesn't exist, mismatch Id vs Type or DB error: ~p", 
-		      [?LINE, ?MODULE, Id, What], ?DEBUG_LEVEL),
+		      [?LINE, ?MODULE, Id, Type, What], ?DEBUG_LEVEL),
 	    corba:raise(#'MARSHAL'{completion_status=?COMPLETED_MAYBE})
     end.
 
diff --git a/lib/orber/src/orber_iiop_net.erl b/lib/orber/src/orber_iiop_net.erl
index 58eba9f039..2eed0b538a 100644
--- a/lib/orber/src/orber_iiop_net.erl
+++ b/lib/orber/src/orber_iiop_net.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -161,31 +161,51 @@ terminate(_Reason, _State) ->
 %%-----------------------------------------------------------------
 get_options(normal, _Options) ->
     [];
-get_options(ssl, Options) ->
-    Verify = orber_tb:keysearch(ssl_server_verify, Options, 
-				orber_env:ssl_server_verify()),
-    Depth = orber_tb:keysearch(ssl_server_depth, Options, 
-			       orber_env:ssl_server_depth()),
-    Cert = orber_tb:keysearch(ssl_server_certfile, Options, 
-			      orber_env:ssl_server_certfile()),
-    CaCert = orber_tb:keysearch(ssl_server_cacertfile, Options, 
-				orber_env:ssl_server_cacertfile()),
-    Pwd = orber_tb:keysearch(ssl_server_password, Options, 
-			     orber_env:ssl_server_password()),
-    Key = orber_tb:keysearch(ssl_server_keyfile, Options, 
-			       orber_env:ssl_server_keyfile()),
-    Ciphers = orber_tb:keysearch(ssl_server_ciphers, Options, 
-				 orber_env:ssl_server_ciphers()),
-    Timeout = orber_tb:keysearch(ssl_server_cachetimeout, Options, 
-				 orber_env:ssl_server_cachetimeout()),
-    [{verify, Verify},
-     {depth, Depth} |
-     ssl_server_extra_options([{certfile, Cert},
-			       {cacertfile, CaCert},
-			       {password, Pwd},
-			       {keyfile, Key},
-			       {ciphers, Ciphers},
-			       {cachetimeout, Timeout}], [])].
+get_options(ssl, Options) ->    
+    SSLOpts = 
+	case orber_tb:keysearch(ssl_server_options, Options,
+				orber_env:ssl_server_options()) of
+	    [] ->
+		Verify = orber_tb:keysearch(ssl_server_verify, Options, 
+					    orber_env:ssl_server_verify()),
+		Depth = orber_tb:keysearch(ssl_server_depth, Options, 
+					   orber_env:ssl_server_depth()),
+		Cert = orber_tb:keysearch(ssl_server_certfile, Options, 
+					  orber_env:ssl_server_certfile()),
+		CaCert = orber_tb:keysearch(ssl_server_cacertfile, Options, 
+					    orber_env:ssl_server_cacertfile()),
+		Pwd = orber_tb:keysearch(ssl_server_password, Options, 
+					 orber_env:ssl_server_password()),
+		Key = orber_tb:keysearch(ssl_server_keyfile, Options, 
+					 orber_env:ssl_server_keyfile()),
+		Ciphers = orber_tb:keysearch(ssl_server_ciphers, Options, 
+					     orber_env:ssl_server_ciphers()),
+		Timeout = orber_tb:keysearch(ssl_server_cachetimeout, Options, 
+					     orber_env:ssl_server_cachetimeout()),
+		KeepAlive = orber_tb:keysearch(ssl_server_cachetimeout, Options, 
+					       orber_env:iiop_ssl_in_keepalive()),
+		[{verify, Verify},
+		 {depth, Depth},
+		 {certfile, Cert},
+		 {cacertfile, CaCert},
+		 {password, Pwd},
+		 {keyfile, Key},
+		 {ciphers, Ciphers},
+		 {cachetimeout, Timeout},
+		 {keepalive, KeepAlive}];
+	    Opts ->	
+		case orber_tb:check_illegal_tcp_options(Opts) of
+		    ok -> 
+			check_old_ssl_server_options(Options),
+			Opts;
+		    {error, IllegalOpts} ->
+			error_logger:error_report([{application, orber},
+						   "TCP options not allowed to set on a connection", 
+						   IllegalOpts]),
+			error("Illegal TCP option")
+		end
+	end,
+    ssl_server_extra_options(SSLOpts, []).
 
 %%-----------------------------------------------------------------
 %% Func: parse_options/2
@@ -266,23 +286,28 @@ handle_call({add, IP, Type, Port, AllOptions}, _From, State) ->
     Family = orber_env:ip_version(),
     case inet:getaddr(IP, Family) of
 	{ok, IPTuple} ->
-	    Options = [{ip, IPTuple}|get_options(Type, AllOptions)],
-	    Ref = make_ref(),
-	    ProxyOptions = filter_options(AllOptions, []),
-	    case orber_socket:listen(Type, Port, Options, false) of
-		{ok, Listen, NewPort} ->
-		    {ok, Pid} = orber_iiop_socketsup:start_accept(Type, Listen, Ref,
-								  ProxyOptions),
-		    link(Pid),
-		    ets:insert(?CONNECTION_DB, #listen{pid = Pid, 
-						       socket = Listen, 
-						       port = NewPort, 
-						       type = Type, ref = Ref,
-						       options = Options,
-						       proxy_options = ProxyOptions}),
-		    {reply, {ok, Ref}, State};
-		Error ->
-		    {reply, Error, State}
+	    try [{ip, IPTuple} |get_options(Type, AllOptions)] of
+		Options ->
+     	            Ref = make_ref(),
+		    ProxyOptions = filter_options(AllOptions, []),
+	            case orber_socket:listen(Type, Port, Options, false) of
+		        {ok, Listen, NewPort} ->
+		            {ok, Pid} = orber_iiop_socketsup:start_accept(Type, Listen, Ref,
+		       					                  ProxyOptions),
+		            link(Pid),
+		            ets:insert(?CONNECTION_DB, #listen{pid = Pid, 
+						               socket = Listen, 
+						               port = NewPort, 
+						               type = Type, ref = Ref,
+						               options = Options,
+						               proxy_options = ProxyOptions}),
+		            {reply, {ok, Ref}, State};
+	          	Error ->
+		            {reply, Error, State}
+	            end
+            catch
+		error:Reason ->
+		    {reply, {error, Reason}, State}
 	    end;
 	Other ->
 	    {reply, Other, State}
@@ -461,3 +486,31 @@ update_counter(#state{max_connections = infinity} = State, _) ->
 update_counter(State, Value) ->
     State#state{counter = State#state.counter + Value}.
 
+
+check_old_ssl_server_options(Options) ->
+    try
+	0 = orber_tb:keysearch(ssl_server_verify, Options, 
+			       orber_env:ssl_server_verify()),
+    	1 = orber_tb:keysearch(ssl_server_depth, Options, 
+			       orber_env:ssl_server_depth()),
+     	[] = orber_tb:keysearch(ssl_server_certfile, Options, 
+				orber_env:ssl_server_certfile()),
+	[] = orber_tb:keysearch(ssl_server_cacertfile, Options, 
+				orber_env:ssl_server_cacertfile()),
+	[] = orber_tb:keysearch(ssl_server_password, Options, 
+				orber_env:ssl_server_password()),
+	[] = orber_tb:keysearch(ssl_server_keyfile, Options, 
+				orber_env:ssl_server_keyfile()),
+	[] = orber_tb:keysearch(ssl_server_ciphers, Options, 
+				orber_env:ssl_server_ciphers()),
+	infinity = orber_tb:keysearch(ssl_server_cachetimeout, Options, 
+				      orber_env:ssl_server_cachetimeout()),
+	false = orber_tb:keysearch(iiop_ssl_in_keepalive, Options, 
+				   orber_env:iiop_ssl_in_keepalive())
+    catch
+	_:_ ->
+					      io:format("hej\n",[]),
+	    error_logger:warning_report([{application, orber},
+			 "Ignoring deprecated ssl server options used together with the ssl_server_options"])
+    end.
+   
diff --git a/lib/orber/src/orber_iiop_pm.erl b/lib/orber/src/orber_iiop_pm.erl
index bf36b353bc..927d12b3b2 100644
--- a/lib/orber/src/orber_iiop_pm.erl
+++ b/lib/orber/src/orber_iiop_pm.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -108,44 +108,82 @@ connect(Host, Port, SocketType, Timeout, Chars, Wchars, Ctx)
     end.
 
 get_ssl_socket_options([]) ->
-    [{verify, orber:ssl_client_verify()},
-     {depth, orber:ssl_client_depth()} |
-     ssl_client_extra_options([{certfile, orber:ssl_client_certfile()},
-			       {cacertfile, orber:ssl_client_cacertfile()},
-			       {password, orber:ssl_client_password()},
-			       {keyfile, orber:ssl_client_keyfile()},
-			       {ciphers, orber:ssl_client_ciphers()},
-			       {cachetimeout, orber:ssl_client_cachetimeout()}], [])];
+    SSLOpts = 
+	case orber_env:ssl_client_options() of
+	    [] ->
+		[{verify, orber_env:ssl_client_verify()},
+		 {depth, orber_env:ssl_client_depth()},
+		 {certfile, orber_env:ssl_client_certfile()},
+		 {cacertfile, orber_env:ssl_client_cacertfile()},
+		 {password, orber_env:ssl_client_password()},
+		 {keyfile, orber_env:ssl_client_keyfile()},
+		 {ciphers, orber_env:ssl_client_ciphers()},
+		 {cachetimeout, orber_env:ssl_client_cachetimeout()},
+		 {keepalive, orber_env:iiop_ssl_out_keepalive()}];
+	    Opts ->
+		case orber_tb:check_illegal_tcp_options(Opts) of
+		    ok -> 
+			check_old_ssl_client_options([]),
+			Opts;
+		    {error, IllegalOpts} ->
+			error_logger:error_report([{application, orber},
+						   "TCP options not allowed to set on a connection", 
+						   IllegalOpts]),
+			error("Illegal TCP option")
+		end
+	end,
+    ssl_client_extra_options(SSLOpts, []);
 get_ssl_socket_options([#'IOP_ServiceContext'
 			{context_id=?ORBER_GENERIC_CTX_ID, 
 			 context_data = {configuration, Options}}|_]) ->
-    Verify = orber_tb:keysearch(ssl_client_verify, Options, 
-				orber_env:ssl_client_verify()),
-    Depth = orber_tb:keysearch(ssl_client_depth, Options, 
-			       orber_env:ssl_client_depth()),
-    Cert = orber_tb:keysearch(ssl_client_certfile, Options, 
-			      orber_env:ssl_client_certfile()),
-    CaCert = orber_tb:keysearch(ssl_client_cacertfile, Options, 
-				orber_env:ssl_client_cacertfile()),
-    Pwd = orber_tb:keysearch(ssl_client_password, Options, 
-			     orber_env:ssl_client_password()),
-    Key = orber_tb:keysearch(ssl_client_keyfile, Options, 
-			     orber_env:ssl_client_keyfile()),
-    Ciphers = orber_tb:keysearch(ssl_client_ciphers, Options, 
-				 orber_env:ssl_client_ciphers()),
-    Timeout = orber_tb:keysearch(ssl_client_cachetimeout, Options, 
-				 orber_env:ssl_client_cachetimeout()),
-    [{verify, Verify},
-     {depth, Depth} |
-     ssl_client_extra_options([{certfile, Cert},
-			       {cacertfile, CaCert},
-			       {password, Pwd},
-			       {keyfile, Key},
-			       {ciphers, Ciphers},
-			       {cachetimeout, Timeout}], [])];
+    SSLOpts = 
+	case orber_tb:keysearch(ssl_client_options, Options,
+				orber_env:ssl_client_options()) of
+	    [] ->
+		Verify = orber_tb:keysearch(ssl_client_verify, Options, 
+					    orber_env:ssl_client_verify()),
+		Depth = orber_tb:keysearch(ssl_client_depth, Options, 
+					   orber_env:ssl_client_depth()),
+		Cert = orber_tb:keysearch(ssl_client_certfile, Options, 
+					  orber_env:ssl_client_certfile()),
+		CaCert = orber_tb:keysearch(ssl_client_cacertfile, Options, 
+					    orber_env:ssl_client_cacertfile()),
+		Pwd = orber_tb:keysearch(ssl_client_password, Options, 
+					 orber_env:ssl_client_password()),
+		Key = orber_tb:keysearch(ssl_client_keyfile, Options, 
+					 orber_env:ssl_client_keyfile()),
+		Ciphers = orber_tb:keysearch(ssl_client_ciphers, Options, 
+					     orber_env:ssl_client_ciphers()),
+		Timeout = orber_tb:keysearch(ssl_client_cachetimeout, Options, 
+					     orber_env:ssl_client_cachetimeout()),
+		KeepAlive = orber_tb:keysearch(ssl_server_cachetimeout, Options, 
+					       orber_env:iiop_ssl_out_keepalive()),
+		[{verify, Verify},
+		 {depth, Depth},
+		 {certfile, Cert},
+		 {cacertfile, CaCert},
+		 {password, Pwd},
+		 {keyfile, Key},
+		 {ciphers, Ciphers},
+		 {cachetimeout, Timeout},
+		 {keepalive, KeepAlive}];
+	    Opts ->	
+		case orber_tb:check_illegal_tcp_options(Opts) of
+		    ok -> 
+			check_old_ssl_client_options(Options),
+			Opts;
+		    {error, IllegalOpts} ->
+			error_logger:error_report([{application, orber},
+						   "TCP options not allowed to set on a connection", 
+						   IllegalOpts]),
+			error("Illegal TCP option")
+		end
+	end,
+    ssl_client_extra_options(SSLOpts, []);
 get_ssl_socket_options([_|T]) ->
     get_ssl_socket_options(T).
 
+
 ssl_client_extra_options([], Acc) ->
     Acc;
 ssl_client_extra_options([{_Type, []}|T], Acc) ->
@@ -814,6 +852,36 @@ init_interceptors(Host, Port, {SHost, SPort}) ->
             %% Either 'false' or {Type, PIs}.
 	    Other
     end.
+
+
+check_old_ssl_client_options(Options) ->
+    try
+	0 = orber_tb:keysearch(ssl_client_verify, Options, 
+			       orber_env:ssl_client_verify()),
+    	1 = orber_tb:keysearch(ssl_client_depth, Options, 
+			       orber_env:ssl_client_depth()),
+     	[] = orber_tb:keysearch(ssl_client_certfile, Options, 
+				orber_env:ssl_client_certfile()),
+	[] = orber_tb:keysearch(ssl_client_cacertfile, Options, 
+				orber_env:ssl_client_cacertfile()),
+	[] = orber_tb:keysearch(ssl_client_password, Options, 
+				orber_env:ssl_client_password()),
+	[] = orber_tb:keysearch(ssl_client_keyfile, Options, 
+				orber_env:ssl_client_keyfile()),
+	[] = orber_tb:keysearch(ssl_client_ciphers, Options, 
+				orber_env:ssl_client_ciphers()),
+	infinity = orber_tb:keysearch(ssl_client_cachetimeout, Options, 
+				      orber_env:ssl_client_cachetimeout()),
+	false = orber_tb:keysearch(iiop_ssl_out_keepalive, Options, 
+				   orber_env:iiop_ssl_out_keepalive())
+
+    catch
+	_:_ ->
+	    error_logger:warning_report([{application, orber},
+			 "Ignoring deprecated ssl client options used together with the ssl_client_options"])
+    end.
+   
+
     
 
 %%-----------------------------------------------------------------
diff --git a/lib/orber/src/orber_socket.erl b/lib/orber/src/orber_socket.erl
index ec2cf8f42a..07a0e09ccc 100644
--- a/lib/orber/src/orber_socket.erl
+++ b/lib/orber/src/orber_socket.erl
@@ -14,8 +14,7 @@
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%%
-%% %CopyrightEnd%
+%%%% %CopyrightEnd%
 %%
 %%
 %%-----------------------------------------------------------------
@@ -37,7 +36,7 @@
 %%-----------------------------------------------------------------
 -export([start/0, connect/4, listen/3, listen/4, accept/2, accept/3, write/3,
 	 controlling_process/3, close/2, peername/2, sockname/2, 
-	 peerdata/2, peercert/2, sockdata/2, setopts/3, 
+	 peerdata/2, peercert/2, sockdata/2, setopts/3,
 	 clear/2, shutdown/3, post_accept/2, post_accept/3]).
 
 %%-----------------------------------------------------------------
@@ -75,8 +74,6 @@ connect(Type, Host, Port, Options) ->
 	case Type of
 	    normal ->
 		[{keepalive, orber_env:iiop_out_keepalive()}|Options1];
-	    _ when Generation > 2 ->
-		[{keepalive, orber_env:iiop_ssl_out_keepalive()}|Options1];
 	    _ ->
 		Options1
 	end,
@@ -251,8 +248,7 @@ listen(ssl, Port, Options, Exception) ->
 	       end,
     Options4 = if
 		   Generation > 2 ->
-		       [{reuseaddr, true}, 
-			{keepalive, orber_env:iiop_ssl_in_keepalive()}|Options3];
+		       [{reuseaddr, true} |Options3];
 		   true ->
 		       Options3
 	       end,
@@ -362,8 +358,8 @@ peercert(ssl, Socket) ->
     ssl:peercert(Socket);
 peercert(Type, _Socket) ->
     orber:dbg("[~p] orber_socket:peercert(~p);~n"
-	      "Only available for SSL sockets.", 
-	      [?LINE, Type], ?DEBUG_LEVEL),
+ 	      "Only available for SSL sockets.",
+ 	      [?LINE, Type], ?DEBUG_LEVEL),
     {error, ebadsocket}.
 
 %%-----------------------------------------------------------------
diff --git a/lib/orber/src/orber_tb.erl b/lib/orber/src/orber_tb.erl
index e6d5ee4400..d3e3a8497d 100644
--- a/lib/orber/src/orber_tb.erl
+++ b/lib/orber/src/orber_tb.erl
@@ -2,7 +2,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -39,7 +39,8 @@
 -compile({no_auto_import,[error/2]}).
 -export([wait_for_tables/1, wait_for_tables/2, wait_for_tables/3,
 	 is_loaded/0, is_loaded/1, is_running/0, is_running/1, 
-	 info/2, error/2, unique/1, keysearch/2, keysearch/3]).
+	 info/2, error/2, unique/1, keysearch/2, keysearch/3,
+	check_illegal_tcp_options/1]).
 
 %%----------------------------------------------------------------------
 %% Internal exports
@@ -179,6 +180,38 @@ error(Format, Args) ->
 				 Args).
 
 
+
+
+
+%%----------------------------------------------------------------------
+%% function : check_illegal_tcp_options/1
+%% Arguments: 
+%% Returns  : 
+%% Exception: 
+%% Effect   : 
+%%----------------------------------------------------------------------
+check_illegal_tcp_options(Options) ->
+    check_illegal_tcp_options(Options, []).
+
+check_illegal_tcp_options([],[]) ->
+    ok;
+check_illegal_tcp_options([],IllegalOpts) ->
+    {error, IllegalOpts};
+check_illegal_tcp_options([{active, V} |T], IllegalOpts) ->
+    check_illegal_tcp_options(T,[{active, V} |IllegalOpts]);
+check_illegal_tcp_options([{packet, V} |T], IllegalOpts) ->
+    check_illegal_tcp_options(T,[{packet, V} |IllegalOpts]);
+check_illegal_tcp_options([{mode, V} |T], IllegalOpts) ->
+    check_illegal_tcp_options(T,[{mode, V} |IllegalOpts]);
+check_illegal_tcp_options([list |T], IllegalOpts) ->
+    check_illegal_tcp_options(T,[list |IllegalOpts]);
+check_illegal_tcp_options([binary |T], IllegalOpts) ->
+    check_illegal_tcp_options(T,[binary |IllegalOpts]);
+check_illegal_tcp_options([{reuseaddr, V} |T], IllegalOpts) ->
+    check_illegal_tcp_options(T,[{reuseaddr, V} |IllegalOpts]);
+check_illegal_tcp_options([_H|T], IllegalOpts) ->
+    check_illegal_tcp_options(T, IllegalOpts).
+
 %%----------------------------------------------------------------------
 %% Internal functions
 %%----------------------------------------------------------------------
diff --git a/lib/orber/test/Makefile b/lib/orber/test/Makefile
index 996d0d1874..d4be009af3 100644
--- a/lib/orber/test/Makefile
+++ b/lib/orber/test/Makefile
@@ -176,6 +176,7 @@ clean:
 	rm -f idl_output/*
 	rm -f $(TARGET_FILES) 
 	rm -f errs core *~
+	rm IDL-GENERATED
 
 
 docs:
diff --git a/lib/orber/test/csiv2_SUITE.erl b/lib/orber/test/csiv2_SUITE.erl
index 406a8ea693..60ffa1eb09 100644
--- a/lib/orber/test/csiv2_SUITE.erl
+++ b/lib/orber/test/csiv2_SUITE.erl
@@ -70,46 +70,46 @@
 	 profiles =
 	 [#'IOP_TaggedProfile'
 	  {tag = ?TAG_INTERNET_IOP,
-	   profile_data = 
+	   profile_data =
 	   #'IIOP_ProfileBody_1_1'{
 	     iiop_version = #'IIOP_Version'{major = 1,
 					    minor = 2},
 	     host =  "127.0.0.1",
 	     port = 0,
 	     object_key = [0,86,66,1,0,0,0,24,47,70,77,65,95,67,73,82,80,77,65,78,95,80,79,65,95,83,69,67,85,82,69,0,0,0,0,4,0,0,4,186,0,0,2,10,81,218,65,185],
-	     components = 
+	     components =
 	     [#'IOP_TaggedComponent'{tag = ?TAG_SSL_SEC_TRANS,
 				     component_data = #'SSLIOP_SSL'{
 				       target_supports = 102,
 				       target_requires = 66,
 				       port = 49934}},
 	      #'IOP_TaggedComponent'{tag = ?TAG_CSI_SEC_MECH_LIST,
-				     component_data = 
+				     component_data =
 	      #'CSIIOP_CompoundSecMechList'{stateful = true,
-					    mechanism_list = 
+					    mechanism_list =
 					    [#'CSIIOP_CompoundSecMech'
 					     {target_requires = 66,
 					      transport_mech = #'IOP_TaggedComponent'{
 						tag = ?TAG_TLS_SEC_TRANS,
-						component_data = 
+						component_data =
 						#'CSIIOP_TLS_SEC_TRANS'{
 						  target_supports = 102,
 						  target_requires = 66,
-						  addresses = 
+						  addresses =
 						  [#'CSIIOP_TransportAddress'
 						   {host_name = "127.0.0.1",
 						    port = 49934}]}},
-					      as_context_mech = 
+					      as_context_mech =
 					      #'CSIIOP_AS_ContextSec'{
 						target_supports = 0,
 						target_requires = 0,
 						client_authentication_mech = [],
 						target_name = []},
-					      sas_context_mech = 
+					      sas_context_mech =
 					      #'CSIIOP_SAS_ContextSec'{
 						target_supports = 1024,
 						target_requires = 0,
-						privilege_authorities = 
+						privilege_authorities =
 						[#'CSIIOP_ServiceConfiguration'
 						 {syntax = 1447174401,
 						  name = "Borland"}],
@@ -124,7 +124,7 @@
 						supported_identity_types = 15}}]}},
 	      #'IOP_TaggedComponent'
 	      {tag = ?TAG_CODE_SETS,
-	       component_data = 
+	       component_data =
 	       #'CONV_FRAME_CodeSetComponentInfo'{'ForCharData' =
 						  #'CONV_FRAME_CodeSetComponent'{
 						    native_code_set = 65537,
@@ -151,15 +151,15 @@
 
 -ifdef(false).
 %% PKIX1Explicit88
--define(AlgorithmIdentifier, 
+-define(AlgorithmIdentifier,
 	#'AlgorithmIdentifier'{algorithm = ?OID,
 			       parameters = ?ANY}).
 
 -define(Validity, #'Validity'{notBefore = {utcTime, "19820102070533.8"},
 			      notAfter = {generalTime, "19820102070533.8"}}).
 
--define(SubjectPublicKeyInfo, 
-	#'SubjectPublicKeyInfo'{algorithm = ?AlgorithmIdentifier, 
+-define(SubjectPublicKeyInfo,
+	#'SubjectPublicKeyInfo'{algorithm = ?AlgorithmIdentifier,
 				subjectPublicKey = ?BIT_STR}).
 
 -define(AttributeTypeAndValue,
@@ -178,26 +178,26 @@
 
 -define(UniqueIdentifier, ?BIT_STR).
 
--define(Extension, #'Extension'{extnID = ?OID, 
-				critical = ?BOOLEAN, 
+-define(Extension, #'Extension'{extnID = ?OID,
+				critical = ?BOOLEAN,
 				extnValue = ?OCTET_STR}).
 
 -define(Extensions, [?Extension]).
 
 -define(TBSCertificate,
-	#'TBSCertificate'{version = ?Version, 
-			  serialNumber = ?CertificateSerialNumber, 
-			  signature = ?AlgorithmIdentifier, 
-			  issuer = ?Name, 
-			  validity = ?Validity, 
-			  subject = ?Name, 
-			  subjectPublicKeyInfo = ?SubjectPublicKeyInfo, 
-			  issuerUniqueID = ?UniqueIdentifier, 
-			  subjectUniqueID = ?UniqueIdentifier, 
+	#'TBSCertificate'{version = ?Version,
+			  serialNumber = ?CertificateSerialNumber,
+			  signature = ?AlgorithmIdentifier,
+			  issuer = ?Name,
+			  validity = ?Validity,
+			  subject = ?Name,
+			  subjectPublicKeyInfo = ?SubjectPublicKeyInfo,
+			  issuerUniqueID = ?UniqueIdentifier,
+			  subjectUniqueID = ?UniqueIdentifier,
 			  extensions = ?Extensions}).
 
--define(Certificate, #'Certificate'{tbsCertificate = ?TBSCertificate, 
-				    signatureAlgorithm = ?AlgorithmIdentifier, 
+-define(Certificate, #'Certificate'{tbsCertificate = ?TBSCertificate,
+				    signatureAlgorithm = ?AlgorithmIdentifier,
 				    signature = ?BIT_STR}).
 
 %% PKIX1Implicit88
@@ -206,66 +206,66 @@
 
 -define(GeneralNames, [?GeneralName]).
 
-%% PKIXAttributeCertificate	
--define(AttCertValidityPeriod, 
-	#'AttCertValidityPeriod'{notBeforeTime = "19820102070533.8", 
+%% PKIXAttributeCertificate
+-define(AttCertValidityPeriod,
+	#'AttCertValidityPeriod'{notBeforeTime = "19820102070533.8",
 				 notAfterTime = "19820102070533.8"}).
 
 
--define(Attribute, #'Attribute'{type = ?OID, 
+-define(Attribute, #'Attribute'{type = ?OID,
 				values = []}).
 
 -define(Attributes, [?Attribute]).
 
--define(IssuerSerial, #'IssuerSerial'{issuer = ?GeneralNames, 
-				      serial = ?CertificateSerialNumber, 
+-define(IssuerSerial, #'IssuerSerial'{issuer = ?GeneralNames,
+				      serial = ?CertificateSerialNumber,
 				      issuerUID = ?UniqueIdentifier}).
 
 -define(DigestedObjectType, publicKey). %% Enum
 
--define(ObjectDigestInfo, 
-	#'ObjectDigestInfo'{digestedObjectType = ?DigestedObjectType, 
-			    otherObjectTypeID = ?OID, 
-			    digestAlgorithm = ?AlgorithmIdentifier, 
+-define(ObjectDigestInfo,
+	#'ObjectDigestInfo'{digestedObjectType = ?DigestedObjectType,
+			    otherObjectTypeID = ?OID,
+			    digestAlgorithm = ?AlgorithmIdentifier,
 			    objectDigest = ?BIT_STR}).
 
--define(V2Form, #'V2Form'{issuerName = ?GeneralNames, 
-			  baseCertificateID = ?IssuerSerial, 
+-define(V2Form, #'V2Form'{issuerName = ?GeneralNames,
+			  baseCertificateID = ?IssuerSerial,
 			  objectDigestInfo = ?ObjectDigestInfo}).
 
 -define(AttCertVersion, v2).
 
--define(Holder, #'Holder'{baseCertificateID = ?IssuerSerial, 
-			  entityName = ?GeneralNames, 
+-define(Holder, #'Holder'{baseCertificateID = ?IssuerSerial,
+			  entityName = ?GeneralNames,
 			  objectDigestInfo = ?ObjectDigestInfo}).
 
 -define(AttCertIssuer, {v2Form, ?V2Form}).
 
 -define(AttributeCertificateInfo,
-	#'AttributeCertificateInfo'{version = ?AttCertVersion, 
-				    holder = ?Holder, 
-				    issuer = ?AttCertIssuer, 
-				    signature = ?AlgorithmIdentifier, 
-				    serialNumber = ?CertificateSerialNumber, 
+	#'AttributeCertificateInfo'{version = ?AttCertVersion,
+				    holder = ?Holder,
+				    issuer = ?AttCertIssuer,
+				    signature = ?AlgorithmIdentifier,
+				    serialNumber = ?CertificateSerialNumber,
 				    attrCertValidityPeriod = ?AttCertValidityPeriod,
-				    attributes = ?Attributes, 
-				    issuerUniqueID = ?UniqueIdentifier, 
+				    attributes = ?Attributes,
+				    issuerUniqueID = ?UniqueIdentifier,
 				    extensions = ?Extensions}).
 
--define(AttributeCertificate, 
-	#'AttributeCertificate'{acinfo = ?AttributeCertificateInfo, 
-				signatureAlgorithm = ?AlgorithmIdentifier, 
+-define(AttributeCertificate,
+	#'AttributeCertificate'{acinfo = ?AttributeCertificateInfo,
+				signatureAlgorithm = ?AlgorithmIdentifier,
 				signatureValue = ?BIT_STR}).
 
 
 %% OrberCSIv2
--define(AttributeCertChain, 
-	#'AttributeCertChain'{attributeCert = ?AttributeCertificate, 
+-define(AttributeCertChain,
+	#'AttributeCertChain'{attributeCert = ?AttributeCertificate,
 			      certificateChain = ?CertificateChain}).
 
 -define(CertificateChain, [?Certificate]).
 
--define(VerifyingCertChain, [?Certificate]).	
+-define(VerifyingCertChain, [?Certificate]).
 
 -endif.
 
@@ -314,15 +314,15 @@
 
 %%-----------------------------------------------------------------
 %% Func: all/1
-%% Args: 
-%% Returns: 
+%% Args:
+%% Returns:
 %%-----------------------------------------------------------------
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
-all() -> 
+all() ->
     cases().
 
-groups() -> 
+groups() ->
     [].
 
 init_per_group(_GroupName, Config) ->
@@ -335,7 +335,7 @@ end_per_group(_GroupName, Config) ->
 %% NOTE - the fragment test cases must bu first since we explicitly set a request
 %% id. Otherwise, the request-id counter would be increased and we cannot know
 %% what it is.
-cases() -> 
+cases() ->
     [ssl_server_peercert_api, ssl_client_peercert_api].
 
 %%-----------------------------------------------------------------
@@ -361,14 +361,20 @@ end_per_testcase(_Case, Config) ->
     ok.
 
 init_per_suite(Config) ->
-    case orber_test_lib:ssl_version() of
-	no_ssl ->
-	    {skip,"SSL is not installed!"};
-	_ ->
-	    Config
+    try crypto:start() of
+        ok ->
+	    case orber_test_lib:ssl_version() of
+		no_ssl ->
+		    {skip, "SSL is not installed!"};
+		_ ->
+		    Config
+	    end
+	catch _:_ ->
+	    {skip, "Crypto did not start"}
     end.
 
 end_per_suite(Config) ->
+    application:stop(crypto),
     Config.
 
 %%-----------------------------------------------------------------
@@ -385,272 +391,272 @@ end_per_suite(Config) ->
 code_CertificateChain_api(doc) -> ["Code CertificateChain"];
 code_CertificateChain_api(suite) -> [];
 code_CertificateChain_api(_Config) ->
-    {ok, Enc} =	
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('CertificateChain', ?CertificateChain)),
-    ?match({ok, [#'Certificate'{}]}, 
+    ?match({ok, [#'Certificate'{}]},
 	   'OrberCSIv2':decode('CertificateChain', list_to_binary(Enc))),
     ok.
 
 code_AttributeCertChain_api(doc) -> ["Code AttributeCertChain"];
 code_AttributeCertChain_api(suite) -> [];
 code_AttributeCertChain_api(_Config) ->
-     {ok, Enc} = 
-	?match({ok, _}, 
+     {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('AttributeCertChain', ?AttributeCertChain)),
-    ?match({ok, #'AttributeCertChain'{}}, 
-	   'OrberCSIv2':decode('AttributeCertChain', list_to_binary(Enc))),   
+    ?match({ok, #'AttributeCertChain'{}},
+	   'OrberCSIv2':decode('AttributeCertChain', list_to_binary(Enc))),
     ok.
 
 code_VerifyingCertChain_api(doc) -> ["Code VerifyingCertChain"];
 code_VerifyingCertChain_api(suite) -> [];
 code_VerifyingCertChain_api(_Config) ->
-     {ok, Enc} = 
-	?match({ok, _}, 
+     {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('VerifyingCertChain', ?VerifyingCertChain)),
-    ?match({ok, [#'Certificate'{}]}, 
-	   'OrberCSIv2':decode('VerifyingCertChain', list_to_binary(Enc))),       
+    ?match({ok, [#'Certificate'{}]},
+	   'OrberCSIv2':decode('VerifyingCertChain', list_to_binary(Enc))),
     ok.
 
 %% PKIXAttributeCertificate
 code_AttributeCertificate_api(doc) -> ["Code AttributeCertificate"];
 code_AttributeCertificate_api(suite) -> [];
 code_AttributeCertificate_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('AttributeCertificate', ?AttributeCertificate)),
-    ?match({ok, #'AttributeCertificate'{}}, 
-	   'OrberCSIv2':decode('AttributeCertificate', list_to_binary(Enc))),   
+    ?match({ok, #'AttributeCertificate'{}},
+	   'OrberCSIv2':decode('AttributeCertificate', list_to_binary(Enc))),
     ok.
 
 code_AttributeCertificateInfo_api(doc) -> ["Code AttributeCertificateInfo"];
 code_AttributeCertificateInfo_api(suite) -> [];
 code_AttributeCertificateInfo_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('AttributeCertificateInfo', ?AttributeCertificateInfo)),
-    ?match({ok, #'AttributeCertificateInfo'{}}, 
-	   'OrberCSIv2':decode('AttributeCertificateInfo', list_to_binary(Enc))),   
+    ?match({ok, #'AttributeCertificateInfo'{}},
+	   'OrberCSIv2':decode('AttributeCertificateInfo', list_to_binary(Enc))),
     ok.
 
 code_AttCertVersion_api(doc) -> ["Code AttCertVersion"];
 code_AttCertVersion_api(suite) -> [];
 code_AttCertVersion_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('AttCertVersion', ?AttCertVersion)),
-    ?match({ok, ?AttCertVersion}, 
-	   'OrberCSIv2':decode('AttCertVersion', list_to_binary(Enc))),   
+    ?match({ok, ?AttCertVersion},
+	   'OrberCSIv2':decode('AttCertVersion', list_to_binary(Enc))),
     ok.
 
 code_Holder_api(doc) -> ["Code Holder"];
 code_Holder_api(suite) -> [];
 code_Holder_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('Holder', ?Holder)),
-    ?match({ok, #'Holder'{}}, 
-	   'OrberCSIv2':decode('Holder', list_to_binary(Enc))),   
+    ?match({ok, #'Holder'{}},
+	   'OrberCSIv2':decode('Holder', list_to_binary(Enc))),
     ok.
 
 code_AttCertIssuer_api(doc) -> ["Code AttCertIssuer"];
 code_AttCertIssuer_api(suite) -> [];
 code_AttCertIssuer_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('AttCertIssuer', ?AttCertIssuer)),
-    ?match({ok, {v2Form, _}}, 
-	   'OrberCSIv2':decode('AttCertIssuer', list_to_binary(Enc))),   
+    ?match({ok, {v2Form, _}},
+	   'OrberCSIv2':decode('AttCertIssuer', list_to_binary(Enc))),
     ok.
 
 code_AttCertValidityPeriod_api(doc) -> ["Code AttCertValidityPeriod"];
 code_AttCertValidityPeriod_api(suite) -> [];
 code_AttCertValidityPeriod_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('AttCertValidityPeriod', ?AttCertValidityPeriod)),
-    ?match({ok, #'AttCertValidityPeriod'{}}, 
-	   'OrberCSIv2':decode('AttCertValidityPeriod', list_to_binary(Enc))),   
+    ?match({ok, #'AttCertValidityPeriod'{}},
+	   'OrberCSIv2':decode('AttCertValidityPeriod', list_to_binary(Enc))),
     ok.
 
 code_V2Form_api(doc) -> ["Code V2Form"];
 code_V2Form_api(suite) -> [];
 code_V2Form_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('V2Form', ?V2Form)),
-    ?match({ok, #'V2Form'{}}, 
-	   'OrberCSIv2':decode('V2Form', list_to_binary(Enc))),   
+    ?match({ok, #'V2Form'{}},
+	   'OrberCSIv2':decode('V2Form', list_to_binary(Enc))),
     ok.
 
 code_IssuerSerial_api(doc) -> ["Code IssuerSerial"];
 code_IssuerSerial_api(suite) -> [];
 code_IssuerSerial_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('IssuerSerial', ?IssuerSerial)),
-    ?match({ok, #'IssuerSerial'{}}, 
-	   'OrberCSIv2':decode('IssuerSerial', list_to_binary(Enc))),   
+    ?match({ok, #'IssuerSerial'{}},
+	   'OrberCSIv2':decode('IssuerSerial', list_to_binary(Enc))),
     ok.
 
 code_ObjectDigestInfo_api(doc) -> ["Code ObjectDigestInfo"];
 code_ObjectDigestInfo_api(suite) -> [];
 code_ObjectDigestInfo_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('ObjectDigestInfo', ?ObjectDigestInfo)),
-    ?match({ok, #'ObjectDigestInfo'{}}, 
-	   'OrberCSIv2':decode('ObjectDigestInfo', list_to_binary(Enc))),   
+    ?match({ok, #'ObjectDigestInfo'{}},
+	   'OrberCSIv2':decode('ObjectDigestInfo', list_to_binary(Enc))),
     ok.
 
 %% PKIX1Explicit88
 code_Certificate_api(doc) -> ["Code Certificate"];
 code_Certificate_api(suite) -> [];
 code_Certificate_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('Certificate', ?Certificate)),
-    ?match({ok, #'Certificate'{}}, 
-	   'OrberCSIv2':decode('Certificate', list_to_binary(Enc))),   
+    ?match({ok, #'Certificate'{}},
+	   'OrberCSIv2':decode('Certificate', list_to_binary(Enc))),
     ok.
 
 code_TBSCertificate_api(doc) -> ["Code TBSCertificate"];
 code_TBSCertificate_api(suite) -> [];
 code_TBSCertificate_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('TBSCertificate', ?TBSCertificate)),
-    ?match({ok, #'TBSCertificate'{}}, 
-	   'OrberCSIv2':decode('TBSCertificate', list_to_binary(Enc))),   
+    ?match({ok, #'TBSCertificate'{}},
+	   'OrberCSIv2':decode('TBSCertificate', list_to_binary(Enc))),
     ok.
 
 code_CertificateSerialNumber_api(doc) -> ["Code CertificateSerialNumber"];
 code_CertificateSerialNumber_api(suite) -> [];
 code_CertificateSerialNumber_api(_Config) ->
-    {ok, Enc} = 
-	?match({ok, _}, 
+    {ok, Enc} =
+	?match({ok, _},
 	       'OrberCSIv2':encode('CertificateSerialNumber', ?CertificateSerialNumber)),
-    ?match({ok, ?CertificateSerialNumber}, 
-	   'OrberCSIv2':decode('CertificateSerialNumber', list_to_binary(Enc))),   
+    ?match({ok, ?CertificateSerialNumber},
+	   'OrberCSIv2':decode('CertificateSerialNumber', list_to_binary(Enc))),
     ok.
 
 code_Version_api(doc) -> ["Code Version"];
 code_Version_api(suite) -> [];
 code_Version_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('Version', ?Version)),
-    ?match({ok, ?Version}, 'OrberCSIv2':decode('Version', list_to_binary(Enc))),   
+    ?match({ok, ?Version}, 'OrberCSIv2':decode('Version', list_to_binary(Enc))),
     ok.
 
 code_AlgorithmIdentifier_api(doc) -> ["Code AlgorithmIdentifier"];
 code_AlgorithmIdentifier_api(suite) -> [];
 code_AlgorithmIdentifier_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('AlgorithmIdentifier', ?AlgorithmIdentifier)),
-    ?match({ok, #'AlgorithmIdentifier'{}}, 
-	   'OrberCSIv2':decode('AlgorithmIdentifier', list_to_binary(Enc))),   
+    ?match({ok, #'AlgorithmIdentifier'{}},
+	   'OrberCSIv2':decode('AlgorithmIdentifier', list_to_binary(Enc))),
     ok.
 
 code_Name_api(doc) -> ["Code Name"];
 code_Name_api(suite) -> [];
 code_Name_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('Name', ?Name)),
-    ?match({ok, {rdnSequence,_}}, 
-	   'OrberCSIv2':decode('Name', list_to_binary(Enc))),   
+    ?match({ok, {rdnSequence,_}},
+	   'OrberCSIv2':decode('Name', list_to_binary(Enc))),
     ok.
 
 code_RDNSequence_api(doc) -> ["Code RDNSequence"];
 code_RDNSequence_api(suite) -> [];
 code_RDNSequence_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('RDNSequence', ?RDNSequence)),
-    ?match({ok, [[#'AttributeTypeAndValue'{}]]}, 
-	   'OrberCSIv2':decode('RDNSequence', list_to_binary(Enc))),   
+    ?match({ok, [[#'AttributeTypeAndValue'{}]]},
+	   'OrberCSIv2':decode('RDNSequence', list_to_binary(Enc))),
     ok.
 
 code_RelativeDistinguishedName_api(doc) -> ["Code RelativeDistinguishedName"];
 code_RelativeDistinguishedName_api(suite) -> [];
 code_RelativeDistinguishedName_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('RelativeDistinguishedName', ?RelativeDistinguishedName)),
-    ?match({ok, [#'AttributeTypeAndValue'{}]}, 
-	   'OrberCSIv2':decode('RelativeDistinguishedName', list_to_binary(Enc))),   
+    ?match({ok, [#'AttributeTypeAndValue'{}]},
+	   'OrberCSIv2':decode('RelativeDistinguishedName', list_to_binary(Enc))),
     ok.
 
 code_AttributeTypeAndValue_api(doc) -> ["Code AttributeTypeAndValue"];
 code_AttributeTypeAndValue_api(suite) -> [];
 code_AttributeTypeAndValue_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('AttributeTypeAndValue', ?AttributeTypeAndValue)),
-    ?match({ok, #'AttributeTypeAndValue'{}}, 
-	   'OrberCSIv2':decode('AttributeTypeAndValue', list_to_binary(Enc))),   
+    ?match({ok, #'AttributeTypeAndValue'{}},
+	   'OrberCSIv2':decode('AttributeTypeAndValue', list_to_binary(Enc))),
     ok.
 
 code_Attribute_api(doc) -> ["Code Attribute"];
 code_Attribute_api(suite) -> [];
 code_Attribute_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('Attribute', ?Attribute)),
-    ?match({ok, #'Attribute'{}}, 
-	   'OrberCSIv2':decode('Attribute', list_to_binary(Enc))),   
+    ?match({ok, #'Attribute'{}},
+	   'OrberCSIv2':decode('Attribute', list_to_binary(Enc))),
     ok.
 
 code_Validity_api(doc) -> ["Code Validity"];
 code_Validity_api(suite) -> [];
 code_Validity_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('Validity', ?Validity)),
-    ?match({ok, #'Validity'{}}, 
-	   'OrberCSIv2':decode('Validity', list_to_binary(Enc))),   
+    ?match({ok, #'Validity'{}},
+	   'OrberCSIv2':decode('Validity', list_to_binary(Enc))),
     ok.
 
 code_SubjectPublicKeyInfo_api(doc) -> ["Code SubjectPublicKeyInfo"];
 code_SubjectPublicKeyInfo_api(suite) -> [];
 code_SubjectPublicKeyInfo_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('SubjectPublicKeyInfo', ?SubjectPublicKeyInfo)),
-    ?match({ok, #'SubjectPublicKeyInfo'{}}, 
-	   'OrberCSIv2':decode('SubjectPublicKeyInfo', list_to_binary(Enc))),   
+    ?match({ok, #'SubjectPublicKeyInfo'{}},
+	   'OrberCSIv2':decode('SubjectPublicKeyInfo', list_to_binary(Enc))),
     ok.
 
 code_UniqueIdentifier_api(doc) -> ["Code UniqueIdentifier"];
 code_UniqueIdentifier_api(suite) -> [];
 code_UniqueIdentifier_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('UniqueIdentifier', ?UniqueIdentifier)),
-    ?match({ok, _}, 'OrberCSIv2':decode('UniqueIdentifier', list_to_binary(Enc))),   
+    ?match({ok, _}, 'OrberCSIv2':decode('UniqueIdentifier', list_to_binary(Enc))),
     ok.
 
 code_Extensions_api(doc) -> ["Code Extensions"];
 code_Extensions_api(suite) -> [];
 code_Extensions_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('Extensions', ?Extensions)),
-    ?match({ok, [#'Extension'{}]}, 
-	   'OrberCSIv2':decode('Extensions', list_to_binary(Enc))),   
+    ?match({ok, [#'Extension'{}]},
+	   'OrberCSIv2':decode('Extensions', list_to_binary(Enc))),
     ok.
 
 code_Extension_api(doc) -> ["Code Extension"];
 code_Extension_api(suite) -> [];
 code_Extension_api(_Config) ->
-    {ok, Enc} = 
+    {ok, Enc} =
 	?match({ok, _}, 'OrberCSIv2':encode('Extension', ?Extension)),
-    ?match({ok, #'Extension'{}}, 
-	   'OrberCSIv2':decode('Extension', list_to_binary(Enc))),   
+    ?match({ok, #'Extension'{}},
+	   'OrberCSIv2':decode('Extension', list_to_binary(Enc))),
     ok.
 
 %% OpenSSL generated x509 Certificate
 code_OpenSSL509_api(doc) -> ["Code OpenSSL generated x509 Certificate"];
 code_OpenSSL509_api(suite) -> [];
 code_OpenSSL509_api(_Config) ->
-    {ok, Cert} = 
-	?match({ok, #'Certificate'{}}, 
+    {ok, Cert} =
+	?match({ok, #'Certificate'{}},
 	       'OrberCSIv2':decode('Certificate', ?X509DER)),
-    AttrCertChain = #'AttributeCertChain'{attributeCert = ?AttributeCertificate, 
+    AttrCertChain = #'AttributeCertChain'{attributeCert = ?AttributeCertificate,
 					  certificateChain = [Cert]},
-    {ok, EAttrCertChain} = 
+    {ok, EAttrCertChain} =
 	?match({ok, _}, 'OrberCSIv2':encode('AttributeCertChain', AttrCertChain)),
-    ?match({ok, #'AttributeCertChain'{}}, 
+    ?match({ok, #'AttributeCertChain'{}},
 	   'OrberCSIv2':decode('AttributeCertChain', list_to_binary(EAttrCertChain))),
     ok.
 
@@ -663,65 +669,65 @@ ssl_server_peercert_api(doc) -> ["Test ssl:peercert (server side)"];
 ssl_server_peercert_api(suite) -> [];
 ssl_server_peercert_api(_Config) ->
     case os:type() of
-        vxworks ->
-	    {skipped, "No SSL-support for VxWorks."};
-        _ ->
-	    Options = orber_test_lib:get_options(iiop_ssl, server, 
-						 2, [{iiop_ssl_port, 0}]),
-	    {ok, ServerNode, ServerHost} = 
-		?match({ok,_,_}, orber_test_lib:js_node(Options)),
-	    ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
-	    SSLOptions = orber_test_lib:get_options(ssl, client),
- 	    {ok, Socket} = 
-		?match({ok, _}, fake_client_ORB(ssl, ServerHost, ServerPort, SSLOptions)),
-	    {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)),
-%% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])),
-%% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])),
-%	    ?match({ok, #'Certificate'{}}, 
-%		   'OrberCSIv2':decode('Certificate', PeerCert)),
-	    destroy_fake_ORB(ssl, Socket),
-	    ok
+	vxworks ->
+ 	    {skipped, "No SSL-support for VxWorks."};
+	_ ->
+ 	    Options = orber_test_lib:get_options(iiop_ssl, server,
+ 						 2, [{iiop_ssl_port, 0}]),
+ 	    {ok, ServerNode, ServerHost} =
+ 		?match({ok,_,_}, orber_test_lib:js_node(Options)),
+ 	    ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
+ 	    SSLOptions = orber_test_lib:get_options(ssl, client),
+  	    {ok, Socket} =
+ 		?match({ok, _}, fake_client_ORB(ssl, ServerHost, ServerPort, SSLOptions)),
+ 	    {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)),
+	    %% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])),
+	    %% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])),
+						%	    ?match({ok, #'Certificate'{}},
+						%		   'OrberCSIv2':decode('Certificate', PeerCert)),
+ 	    destroy_fake_ORB(ssl, Socket),
+ 	    ok
     end.
 
 ssl_client_peercert_api(doc) -> ["Test ssl:peercert (client side)"];
 ssl_client_peercert_api(suite) -> [];
 ssl_client_peercert_api(_Config) ->
     case os:type() of
-        vxworks ->
-	    {skipped, "No SSL-support for VxWorks."};
-        _ ->
-	    Options = orber_test_lib:get_options(iiop_ssl, client, 
-						 2, [{iiop_ssl_port, 0}]),
-	    {ok, ClientNode, _ClientHost} = 
-		?match({ok,_,_}, orber_test_lib:js_node(Options)),
-	    crypto:start(),
-	    ssl:start(),
-	    SSLOptions = orber_test_lib:get_options(ssl, server),
-	    {ok, LSock} = ?match({ok, _}, ssl:listen(0, SSLOptions)),
-	    {ok, {_Address, LPort}} = ?match({ok, {_, _}}, ssl:sockname(LSock)),
-	    IOR = ?match({'IOP_IOR',_,_}, 
-			 iop_ior:create_external({1, 2}, "IDL:FAKE:1.0", 
-						 "localhost", 6004, "FAKE", 
-						 [#'IOP_TaggedComponent'
-						  {tag=?TAG_SSL_SEC_TRANS, 
-						   component_data=#'SSLIOP_SSL'
-						   {target_supports = 2, 
-						    target_requires = 2, 
-						    port = LPort}}])),
-	    spawn(orber_test_lib, remote_apply, 
-		  [ClientNode, corba_object, non_existent, [IOR]]),
-	    {ok, Socket} = ?match({ok, _}, ssl:transport_accept(LSock)),
-	    ?match(ok, ssl:ssl_accept(Socket)),
-	    
-	    {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)),
-%% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])),
-%% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])),
-%	    ?match({ok, #'Certificate'{}}, 
-%		   'OrberCSIv2':decode('Certificate', PeerCert)),
-	    ssl:close(Socket),
-	    ssl:close(LSock),
-	    ssl:stop(),
-	    ok
+	vxworks ->
+ 	    {skipped, "No SSL-support for VxWorks."};
+	_ ->
+ 	    Options = orber_test_lib:get_options(iiop_ssl, client,
+ 						 2, [{iiop_ssl_port, 0}]),
+ 	    {ok, ClientNode, _ClientHost} =
+ 		?match({ok,_,_}, orber_test_lib:js_node(Options)),
+ 	    crypto:start(),
+ 	    ssl:start(),
+ 	    SSLOptions = orber_test_lib:get_options(ssl, server),
+ 	    {ok, LSock} = ?match({ok, _}, ssl:listen(0, SSLOptions)),
+ 	    {ok, {_Address, LPort}} = ?match({ok, {_, _}}, ssl:sockname(LSock)),
+ 	    IOR = ?match({'IOP_IOR',_,_},
+ 			 iop_ior:create_external({1, 2}, "IDL:FAKE:1.0",
+ 						 "localhost", 6004, "FAKE",
+ 						 [#'IOP_TaggedComponent'
+ 						  {tag=?TAG_SSL_SEC_TRANS,
+ 						   component_data=#'SSLIOP_SSL'
+ 						   {target_supports = 2,
+ 						    target_requires = 2,
+ 						    port = LPort}}])),
+ 	    spawn(orber_test_lib, remote_apply,
+ 		  [ClientNode, corba_object, non_existent, [IOR]]),
+ 	    {ok, Socket} = ?match({ok, _}, ssl:transport_accept(LSock)),
+ 	    ?match(ok, ssl:ssl_accept(Socket)),
+
+ 	    {ok, _PeerCert} = ?match({ok, _}, orber_socket:peercert(ssl, Socket)),
+	    %% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [pkix, subject])),
+	    %% 	    ?match({ok, {rdnSequence, _}}, orber_socket:peercert(ssl, Socket, [ssl, subject])),
+						%	    ?match({ok, #'Certificate'{}},
+						%		   'OrberCSIv2':decode('Certificate', PeerCert)),
+ 	    ssl:close(Socket),
+ 	    ssl:close(LSock),
+ 	    ssl:stop(),
+ 	    ok
     end.
 
 %%-----------------------------------------------------------------
@@ -730,105 +736,105 @@ ssl_client_peercert_api(_Config) ->
 -ifdef(false).
 %% Not used yet.
 context_test(Obj) ->
-    IDToken1 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAbsent, 
+    IDToken1 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAbsent,
 				    value = true},
-    IDToken2 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAnonymous, 
+    IDToken2 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAnonymous,
 				    value = false},
-    IDToken3 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTPrincipalName, 
+    IDToken3 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTPrincipalName,
 				    value = [0,255]},
-    IDToken4 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTX509CertChain, 
+    IDToken4 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTX509CertChain,
 				    value = [1,255]},
-    IDToken5 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTDistinguishedName, 
+    IDToken5 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTDistinguishedName,
 				    value = [2,255]},
-    IDToken6 = #'CSI_IdentityToken'{label = ?ULONGMAX, 
+    IDToken6 = #'CSI_IdentityToken'{label = ?ULONGMAX,
 				    value = [3,255]},
 
     MTEstablishContext1 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken1, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken1,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext2 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken2, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken2,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext3 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken3, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken3,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext4 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken4, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken4,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext5 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken5, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken5,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext6 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken6, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken6,
 				       client_authentication_token = [1, 255]}},
     MTCompleteEstablishContext = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTCompleteEstablishContext, 
-       value = #'CSI_CompleteEstablishContext'{client_context_id = ?ULONGLONGMAX, 
+      {label = ?CSI_MsgType_MTCompleteEstablishContext,
+       value = #'CSI_CompleteEstablishContext'{client_context_id = ?ULONGLONGMAX,
 					       context_stateful = false,
 					       final_context_token = [1, 255]}},
     MTContextError = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTContextError, 
+      {label = ?CSI_MsgType_MTContextError,
        value = #'CSI_ContextError'{client_context_id = ?ULONGLONGMAX,
-				   major_status = 1, 
-				   minor_status = 2, 
+				   major_status = 1,
+				   minor_status = 2,
 				   error_token = [2,255]}},
     MTMessageInContext = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTMessageInContext, 
-       value = #'CSI_MessageInContext'{client_context_id = ?ULONGLONGMAX, 
+      {label = ?CSI_MsgType_MTMessageInContext,
+       value = #'CSI_MessageInContext'{client_context_id = ?ULONGLONGMAX,
 				       discard_context = true}},
-    Ctx = [#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+    Ctx = [#'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext1},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext2},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext3},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext4},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext5},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext6},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTCompleteEstablishContext},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTContextError},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTMessageInContext}],
     ?line ?match(ok, orber_test_server:testing_iiop_context(Obj, [{context, Ctx}])).
 
@@ -836,7 +842,7 @@ context_test(Obj) ->
 fake_server_ORB(Type, Port, Options) ->
     start_ssl(Type),
     {ok, ListenSocket, NewPort} =
-	orber_socket:listen(Type, Port, 
+	orber_socket:listen(Type, Port,
 			    [{active, false}|Options]),
     Socket = orber_socket:accept(Type, ListenSocket),
     orber_socket:post_accept(Type, Socket),
@@ -846,7 +852,7 @@ fake_server_ORB(Type, Port, Options) ->
 
 fake_server_ORB(Type, Port, Options, Action, Data) ->
     start_ssl(Type),
-    {ok, ListenSocket, _NewPort} = 
+    {ok, ListenSocket, _NewPort} =
 	orber_socket:listen(Type, Port, [{active, false}|Options]),
     Socket = orber_socket:accept(Type, ListenSocket),
     orber_socket:post_accept(Type, Socket),
@@ -885,13 +891,13 @@ fake_client_ORB(Type, Host, Port, Options, Action, Data) ->
 do_client_action(Type, Socket, fragments, FragList) ->
     ok = send_data(Type, Socket, FragList),
     {ok, Bytes} = gen_tcp:recv(Socket, 0),
-    {#reply_header{request_id = ?REQUEST_ID, reply_status = no_exception}, ok, [Par]} = 
+    {#reply_header{request_id = ?REQUEST_ID, reply_status = no_exception}, ok, [Par]} =
 	cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes),
     Par;
 do_client_action(Type, Socket, fragments_max, FragList) ->
     ok = send_data(Type, Socket, FragList),
     {ok, Bytes} = gen_tcp:recv(Socket, 0),
-    {#reply_header{request_id = ?REQUEST_ID, reply_status = system_exception}, Exc, []} = 
+    {#reply_header{request_id = ?REQUEST_ID, reply_status = system_exception}, Exc, []} =
 	cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes),
     Exc;
 do_client_action(Type, Socket, message_error, Data) ->
@@ -916,4 +922,4 @@ send_data(_Type, _Socket, []) ->
 send_data(Type, Socket, [H|T]) ->
     orber_socket:write(Type, Socket, H),
     send_data(Type, Socket, T).
-    
+
diff --git a/lib/orber/test/multi_ORB_SUITE.erl b/lib/orber/test/multi_ORB_SUITE.erl
index b9453663c3..3c1ffd59d3 100644
--- a/lib/orber/test/multi_ORB_SUITE.erl
+++ b/lib/orber/test/multi_ORB_SUITE.erl
@@ -50,30 +50,33 @@
 %%-----------------------------------------------------------------
 %% External exports
 %%-----------------------------------------------------------------
--export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0, 
+-export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0,
 	 init_per_suite/1, end_per_suite/1, basic_PI_api/1, multi_orber_api/1,
-	 init_per_testcase/2, end_per_testcase/2, multi_pseudo_orber_api/1, 
-	 light_orber_api/1, light_orber2_api/1, 
+	 init_per_testcase/2, end_per_testcase/2, multi_pseudo_orber_api/1,
+	 light_orber_api/1, light_orber2_api/1,
 	 ssl_1_multi_orber_api/1, ssl_2_multi_orber_api/1, ssl_reconfigure_api/1,
 	 iiop_timeout_api/1, iiop_timeout_added_api/1, setup_connection_timeout_api/1,
 	 setup_multi_connection_timeout_api/1, setup_multi_connection_timeout_random_api/1,
 	 setup_multi_connection_timeout_attempts_api/1,
-	 fragments_server_api/1, fragments_max_server_api/1, 
+	 fragments_server_api/1, fragments_max_server_api/1,
 	 fragments_max_server_added_api/1, fragments_client_api/1,
 	 light_ifr_api/1, max_requests_api/1, max_requests_added_api/1,
-	 max_connections_api/1, max_packet_size_exceeded_api/1, 
+	 max_connections_api/1, max_packet_size_exceeded_api/1,
 	 max_packet_size_ok_api/1, proxy_interface_api/1, proxy_interface_ipv6_api/1,
 	 multiple_accept_api/1, implicit_context_api/1,
-	 pseudo_implicit_context_api/1, pseudo_two_implicit_context_api/1, 
+	 pseudo_implicit_context_api/1, pseudo_two_implicit_context_api/1,
 	 oneway_implicit_context_api/1, implicit_context_roundtrip_api/1,
 	 oneway_pseudo_implicit_context_api/1, flags_added_api/1,
-	 oneway_pseudo_two_implicit_context_api/1, 
+	 oneway_pseudo_two_implicit_context_api/1,
 	 local_interface_api/1, local_interface_ctx_override_api/1,
 	 local_interface_acl_override_api/1, bad_giop_header_api/1,
 	 bad_fragment_id_client_api/1, bad_id_cancel_request_api/1,
 	 close_connections_api/1, close_connections_local_interface_api/1,
-	 close_connections_local_interface_ctx_override_api/1, ssl_reconfigure_generation_3_api/1,
+	 close_connections_local_interface_ctx_override_api/1,
 	 ssl_1_multi_orber_generation_3_api/1, ssl_2_multi_orber_generation_3_api/1,
+	 ssl_reconfigure_generation_3_api/1,
+	 ssl_1_multi_orber_generation_3_api_old/1, ssl_2_multi_orber_generation_3_api_old/1,
+	 ssl_reconfigure_generation_3_api_old/1,
 	 close_connections_alt_iiop_addr_api/1, close_connections_multiple_profiles_api/1]).
 
 
@@ -84,15 +87,15 @@
 
 %%-----------------------------------------------------------------
 %% Func: all/1
-%% Args: 
-%% Returns: 
+%% Args:
+%% Returns:
 %%-----------------------------------------------------------------
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
-all() -> 
+all() ->
     cases().
 
-groups() -> 
+groups() ->
     [].
 
 init_per_group(_GroupName, Config) ->
@@ -105,7 +108,7 @@ end_per_group(_GroupName, Config) ->
 %% NOTE - the fragment test cases must be first since we explicitly set a request
 %% id. Otherwise, the request-id counter would be increased and we cannot know
 %% what it is.
-cases() -> 
+cases() ->
     [fragments_server_api, fragments_max_server_api,
      fragments_max_server_added_api, fragments_client_api,
      flags_added_api, bad_fragment_id_client_api,
@@ -134,21 +137,28 @@ cases() ->
      setup_multi_connection_timeout_attempts_api,
      setup_multi_connection_timeout_random_api,
      ssl_1_multi_orber_api,
+     ssl_1_multi_orber_generation_3_api_old,
      ssl_1_multi_orber_generation_3_api,
      ssl_2_multi_orber_api,
+     ssl_2_multi_orber_generation_3_api_old,
      ssl_2_multi_orber_generation_3_api,
-     ssl_reconfigure_generation_3_api, ssl_reconfigure_api].
+     ssl_reconfigure_api,
+     ssl_reconfigure_generation_3_api_old,
+     ssl_reconfigure_generation_3_api].
 
 %%-----------------------------------------------------------------
 %% Init and cleanup functions.
 %%-----------------------------------------------------------------
-init_per_testcase(TC,Config) 
+init_per_testcase(TC,Config)
   when TC =:= ssl_1_multi_orber_api;
        TC =:= ssl_2_multi_orber_api;
        TC =:= ssl_reconfigure_api ->
     init_ssl(Config);
-init_per_testcase(TC,Config) 
-  when TC =:= ssl_1_multi_orber_generation_3_api; 
+init_per_testcase(TC,Config)
+  when TC =:= ssl_1_multi_orber_generation_3_api_old;
+       TC =:= ssl_2_multi_orber_generation_3_api_old;
+       TC =:= ssl_reconfigure_generation_3_api_old;
+       TC =:= ssl_1_multi_orber_generation_3_api;
        TC =:= ssl_2_multi_orber_generation_3_api;
        TC =:= ssl_reconfigure_generation_3_api ->
     init_ssl_3(Config);
@@ -156,21 +166,31 @@ init_per_testcase(_Case, Config) ->
     init_all(Config).
 
 init_ssl(Config) ->
-    case orber_test_lib:ssl_version() of
-	no_ssl ->
-	    {skip,"SSL is not installed!"};
-	_ ->
-	    init_all(Config)
+    case  ?config(crypto_started, Config) of
+	true ->
+	    case orber_test_lib:ssl_version() of
+		no_ssl ->
+		    {skip, "SSL is not installed!"};
+		_ ->
+		    init_all(Config)
+	    end;
+	false ->
+	    {skip, "Crypto did not start"}
     end.
 
 init_ssl_3(Config) ->
-    case orber_test_lib:ssl_version() of
-	3 ->
-	    init_all(Config);
-	2 ->
-	    {skip,"Could not find the correct SSL version!"};
-	no_ssl ->
-	    {skip,"SSL is not installed!"}
+    case  ?config(crypto_started, Config) of
+	true ->
+	    case orber_test_lib:ssl_version() of
+		3 ->
+		    init_all(Config);
+		2 ->
+		    {skip, "Could not find the correct SSL version!"};
+		no_ssl ->
+		    {skip, "SSL is not installed!"}
+	    end;
+	false ->
+	    {skip, "Crypto did not start"}
     end.
 
 init_all(Config) ->
@@ -194,12 +214,18 @@ end_per_testcase(_Case, Config) ->
 init_per_suite(Config) ->
     if
 	is_list(Config) ->
-	    Config;
+            try crypto:start() of
+                ok ->
+		    [{crypto_started, true} | Config]
+            catch _:_ ->
+	       [{crypto_started, false} | Config]
+            end;
 	true ->
 	    exit("Config not a list")
     end.
 
 end_per_suite(Config) ->
+    application:stop(crypto),    
     Config.
 
 %%-----------------------------------------------------------------
@@ -211,238 +237,238 @@ implicit_context_api(suite) -> [];
 implicit_context_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     Relay = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([])),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_call(Relay, 
+	   relay_call(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
-    
+
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
 
-implicit_context_roundtrip_api(doc) -> 
+implicit_context_roundtrip_api(doc) ->
     ["IIOP Implicit Contex roundtrip tests"];
 implicit_context_roundtrip_api(suite) -> [];
 implicit_context_roundtrip_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     Relay = ?match(#'IOP_IOR'{},
 		   corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     IOR = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [])),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_call(Relay, 
+	   relay_call(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
-    
 
-    
+
+
 oneway_implicit_context_api(doc) -> ["IIOP Implicit Contex oneway tests"];
 oneway_implicit_context_api(suite) -> [];
 oneway_implicit_context_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     Relay = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([])),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_cast(Relay, 
+	   relay_cast(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
 
-    %% We must wait for a few seconds for the client to be able to set up the 
+    %% We must wait for a few seconds for the client to be able to set up the
     %% connection (since it's a oneway operation).
     timer:sleep(5000),
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
 
-    
+
 pseudo_implicit_context_api(doc) -> ["IIOP Implicit Contex tests (via pseudo object)"];
 pseudo_implicit_context_api(suite) -> [];
 pseudo_implicit_context_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     Relay = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [{pseudo,true}])),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_call(Relay, 
+	   relay_call(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
-    
-pseudo_two_implicit_context_api(doc) -> 
+
+pseudo_two_implicit_context_api(doc) ->
     ["IIOP two Implicit Contex tests (via pseudo object)"];
 pseudo_two_implicit_context_api(suite) -> [];
 pseudo_two_implicit_context_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     Relay = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [{pseudo,true}])),
-    put(oe_server_in_context, 
-	[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
+    put(oe_server_in_context,
+	[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
 			       context_data = {interface,
 					       IP}}]),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_call(Relay, 
+	   relay_call(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
-    
+
 oneway_pseudo_implicit_context_api(doc) -> ["IIOP Implicit Contex tests (via pseudo object oneway)"];
 oneway_pseudo_implicit_context_api(suite) -> [];
 oneway_pseudo_implicit_context_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     Relay = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [{pseudo,true}])),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_cast(Relay, 
+	   relay_cast(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
-    
-oneway_pseudo_two_implicit_context_api(doc) -> 
+
+oneway_pseudo_two_implicit_context_api(doc) ->
     ["IIOP two Implicit Contex tests (via pseudo object oneway)"];
 oneway_pseudo_two_implicit_context_api(suite) -> [];
 oneway_pseudo_two_implicit_context_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     %% Create a remote server
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaname::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
-    
+
     Relay = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [{pseudo,true}])),
     %% Add incoming implicit context which must be removed.
-    put(oe_server_in_context, 
-	[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
+    put(oe_server_in_context,
+	[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
 			       context_data = {interface,
 					       IP}}]),
-    ?match(ok, 
+    ?match(ok,
 	   orber_test_server:
-	   relay_cast(Relay, 
+	   relay_cast(Relay,
 		      [{context,
-			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					       context_data = {interface, 
+			[#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					       context_data = {interface,
 							       Loopback}}]}],
 		      IOR)),
     ?match([_,_], orber:iiop_connections(out)),
-    Conns = ?match([_,_], 
+    Conns = ?match([_,_],
 		   orber_test_lib:remote_apply(ServerNode, orber, iiop_connections, [in])),
     ?match(true, lists:keymember(Loopback, 1, Conns)),
     ok.
-    
+
 
 
 multiple_accept_api(doc) -> ["IIOP Multiple Accept tests"];
@@ -450,7 +476,7 @@ multiple_accept_api(suite) -> [];
 multiple_accept_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
@@ -461,84 +487,84 @@ multiple_accept_api(_Config) ->
 
     IOR1 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR1)),
     ?match([_], orber:iiop_connections(out)),
 
     {ok, Ref1} = ?match({ok, _},
-			orber_test_lib:remote_apply(ServerNode, orber, 
-						    add_listen_interface, 
+			orber_test_lib:remote_apply(ServerNode, orber,
+						    add_listen_interface,
 						    [Loopback, normal])),
 
     IOR2 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++Loopback++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR2)),
     ?match([_,_], orber:iiop_connections(out)),
 
     {ok, Ref2} = ?match({ok, _},
-			orber_test_lib:remote_apply(ServerNode, orber, 
-						    add_listen_interface, 
+			orber_test_lib:remote_apply(ServerNode, orber,
+						    add_listen_interface,
 						    [Loopback, normal, 9543])),
     ?match({error, eaddrinuse},
-	   orber_test_lib:remote_apply(ServerNode, orber, 
-				       add_listen_interface, 
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       add_listen_interface,
 				       [Loopback, normal, 9543])),
 
     IOR3 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++Loopback++":9543/NameService")),
-    ?match({'external', {Loopback, 9543, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {Loopback, 9543, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR3)),
     ?match([_,_,_], orber:iiop_connections(out)),
 
-    ?match(ok, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       remove_listen_interface, [Ref1])),
     %% Wait a few seconds to be sure that the connections really has been removed.
     timer:sleep(4000),
     ?match([_,_], orber:iiop_connections(out)),
-    
-    ?match(ok, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       remove_listen_interface, [Ref2])),
     %% Wait a few seconds to be sure that the connections really has been removed.
     timer:sleep(4000),
     ?match([_], orber:iiop_connections(out)),
-    
+
     ?match({'EXCEPTION',_},
 	   corba:string_to_object("corbaloc::1.2@"++Loopback++":9543/NameService")),
     ?match({'EXCEPTION',_},
 	   corba:string_to_object("corbaloc::1.2@"++Loopback++":"++integer_to_list(ServerPort)++"/NameService")),
-   
+
     IOR4 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR4)),
 
     ok.
 
 
-proxy_interface_api(doc) -> ["IIOP Proxy Interface tests", 
+proxy_interface_api(doc) -> ["IIOP Proxy Interface tests",
 			     "This case test if the server ORB use the correct",
 			     "interface when exporting IOR:s"];
 proxy_interface_api(suite) -> [];
 proxy_interface_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_LOCAL_INTERFACE}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR1 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR1)),
     IOR2 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++Loopback++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR2)),
     ok.
 
-proxy_interface_ipv6_api(doc) -> ["IIOP Proxy Interface tests", 
+proxy_interface_ipv6_api(doc) -> ["IIOP Proxy Interface tests",
 				  "This case test if the server ORB use the correct",
 				  "IPv6 interface when exporting IOR:s"];
 proxy_interface_ipv6_api(suite) -> [];
@@ -550,103 +576,103 @@ proxy_interface_ipv6_api(_Config) ->
 	    Reason
     end.
 
-proxy_interface_ipv6_api2() ->		    
+proxy_interface_ipv6_api2() ->
     Loopback = orber_test_lib:get_loopback_interface(inet6),
-    {ok, ServerNode, _ServerHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor 
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node([{flags, (?ORB_ENV_USE_IPV6 bor
 							  ?ORB_ENV_LOCAL_INTERFACE)}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
 
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_USE_IPV6}])),
-    
+
     IP = orber_test_lib:remote_apply(ClientNode, orber_test_lib, get_host, []),
 
     IOR1 = ?match(#'IOP_IOR'{},
-		  orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+		  orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 					      ["corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService"])),
-    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {IP, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   orber_test_lib:remote_apply(ClientNode, iop_ior, get_key, [IOR1])),
     IOR2 = ?match(#'IOP_IOR'{},
-		  orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+		  orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 					      ["corbaloc::1.2@"++Loopback++":"++integer_to_list(ServerPort)++"/NameService"])),
-    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   orber_test_lib:remote_apply(ClientNode, iop_ior, get_key, [IOR2])),
     ok.
 
-local_interface_api(doc) -> ["IIOP Local Interface tests", 
+local_interface_api(doc) -> ["IIOP Local Interface tests",
 			     "This case test if the server ORB use the correct",
 			     "local interface when connecting to another ORB"];
 local_interface_api(suite) -> [];
 local_interface_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address_local, Loopback}])),
     Port = orber:iiop_port(),
     ?match(#'IOP_IOR'{},
-	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 				       ["corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService"])),
-    [{Loopback, RemotePort}] = 
+    [{Loopback, RemotePort}] =
 	?match([{Loopback,_RemotePort}], orber:iiop_connections(in)),
 
-    ?match([{IP, Port}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([{IP, Port}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
 				       iiop_connections, [out])),
     ?match([{IP, Port}], orber:find_sockname_by_peername(Loopback,RemotePort)),
     ?match([{Loopback, RemotePort}], orber:find_peername_by_sockname(IP, Port)),
 
-    ?match([{Loopback, RemotePort}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
-				       find_sockname_by_peername, 
+    ?match([{Loopback, RemotePort}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
+				       find_sockname_by_peername,
 				       [IP, Port])),
-    ?match([{IP, Port}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
-				       find_peername_by_sockname, 
+    ?match([{IP, Port}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
+				       find_peername_by_sockname,
 				       [Loopback,RemotePort])),
 
 
     ok.
 
-local_interface_ctx_override_api(doc) -> 
-    ["IIOP Local Interface tests", 
+local_interface_ctx_override_api(doc) ->
+    ["IIOP Local Interface tests",
      "This case test if the server ORB use the correct",
      "local interface when connecting to another ORB"];
 local_interface_ctx_override_api(suite) -> [];
 local_interface_ctx_override_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address_local, IP}])),
     Port = orber:iiop_port(),
     ?match(#'IOP_IOR'{},
-	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 				       ["corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService",
 					[#'IOP_ServiceContext'
-					 {context_id=?ORBER_GENERIC_CTX_ID, 
+					 {context_id=?ORBER_GENERIC_CTX_ID,
 					  context_data = {interface, Loopback}}]])),
-    [{Loopback, RemotePort}] = 
+    [{Loopback, RemotePort}] =
 	?match([{Loopback,_RemotePort}], orber:iiop_connections(in)),
 
-    ?match([{IP, Port, Loopback}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([{IP, Port, Loopback}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
 				       iiop_connections, [out])),
     ?match([{IP, Port}], orber:find_sockname_by_peername(Loopback,RemotePort)),
     ?match([{Loopback, RemotePort}], orber:find_peername_by_sockname(IP, Port)),
 
-    ?match([{Loopback, RemotePort}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
-				       find_sockname_by_peername, 
+    ?match([{Loopback, RemotePort}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
+				       find_sockname_by_peername,
 				       [IP, Port])),
-    ?match([{IP, Port}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
-				       find_peername_by_sockname, 
+    ?match([{IP, Port}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
+				       find_peername_by_sockname,
 				       [Loopback,RemotePort])),
 
     ok.
 
-local_interface_acl_override_api(doc) -> 
-    ["IIOP Local Interface tests", 
+local_interface_acl_override_api(doc) ->
+    ["IIOP Local Interface tests",
      "This case test if the server ORB use the correct",
      "local interface when connecting to another ORB"];
 local_interface_acl_override_api(suite) -> [];
@@ -654,74 +680,74 @@ local_interface_acl_override_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
     ACL = [{tcp_out, IP ++ "/18", [Loopback]}],
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address_local, IP},
 						 {iiop_acl, ACL},
 						 {flags, ?ORB_ENV_USE_ACL_OUTGOING}])),
     Port = orber:iiop_port(),
     ?match(#'IOP_IOR'{},
-	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 				       ["corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService",
 					[#'IOP_ServiceContext'
-					 {context_id=?ORBER_GENERIC_CTX_ID, 
+					 {context_id=?ORBER_GENERIC_CTX_ID,
 					  context_data = {interface, IP}}]])),
     ?match([{Loopback,_RemotePort}], orber:iiop_connections(in)),
     ?match(#'IOP_IOR'{},
-	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+	   orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 				       ["corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService"])),
 
-    [{Loopback, RemotePort}] = 
+    [{Loopback, RemotePort}] =
 	?match([{Loopback,_RemotePort}], orber:iiop_connections(in)),
-    ?match([{IP, Port, IP}], orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([{IP, Port, IP}], orber_test_lib:remote_apply(ClientNode, orber,
 							 iiop_connections, [out])),
     ?match([{IP, Port}], orber:find_sockname_by_peername(Loopback,RemotePort)),
     ?match([{Loopback, RemotePort}], orber:find_peername_by_sockname(IP, Port)),
 
-    ?match([{Loopback, RemotePort}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
-				       find_sockname_by_peername, 
+    ?match([{Loopback, RemotePort}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
+				       find_sockname_by_peername,
 				       [IP, Port])),
-    ?match([{IP, Port}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
-				       find_peername_by_sockname, 
+    ?match([{IP, Port}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
+				       find_peername_by_sockname,
 				       [Loopback,RemotePort])),
 
     ok.
 
 
-iiop_timeout_api(doc) -> ["IIOP TIMEOUT API tests", 
+iiop_timeout_api(doc) -> ["IIOP TIMEOUT API tests",
 			 "This case test if timeout configuration behaves correctly"];
 iiop_timeout_api(suite) -> [];
 iiop_timeout_api(_Config) ->
-    
+
     %% Install two secure orber.
-    {ok, ClientNode, ClientHost} = 
+    {ok, ClientNode, ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{iiop_timeout, 6},
 						 {iiop_connection_timeout, 3},
 						 {iiop_in_connection_timeout, 3}])),
     ClientPort = orber_test_lib:remote_apply(ClientNode, orber, iiop_port, []),
-    
-    {ok, ServerNode, ServerHost} = 
+
+    {ok, ServerNode, ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{iiop_timeout, 6},
 						 {iiop_connection_timeout, 3},
 						 {iiop_in_connection_timeout, 12}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [timeout])),
 
-    %% Tell client_orb to interoperate with server_orb. 
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
+    %% Tell client_orb to interoperate with server_orb.
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
 					   lookup,
 					   [ServerHost, ServerPort])),
     %% Interop worked fine, perform delay tests.
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
 					   timeouts,
 					   [ServerHost, ServerPort, 6000])),
-    
+
     %% Create a connection to the "client_orb", which will now act as server.
-    ?match({'IOP_IOR',_,_}, 
+    ?match({'IOP_IOR',_,_},
 	   corba:string_to_object("corbaloc::1.2@"++ClientHost++":"++integer_to_list(ClientPort)++"/NameService")),
     %% Check that the connection is established.
     ?match([{_, ClientPort}], orber:iiop_connections(out)),
@@ -729,13 +755,13 @@ iiop_timeout_api(_Config) ->
     %% have been closed.
     timer:sleep(8000),
     ?match([], orber:iiop_connections(out)),
-    
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   uninstall_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   uninstall_test_data,
 					   [timeout])),
     ok.
 
-iiop_timeout_added_api(doc) -> ["IIOP TIMEOUT API tests", 
+iiop_timeout_added_api(doc) -> ["IIOP TIMEOUT API tests",
 			 "This case test if timeout configuration behaves correctly"];
 iiop_timeout_added_api(suite) -> [];
 iiop_timeout_added_api(_Config) ->
@@ -743,18 +769,18 @@ iiop_timeout_added_api(_Config) ->
     {ok, Node, _Host} = ?match({ok,_,_}, orber_test_lib:js_node([])),
     Port = 1 + orber_test_lib:remote_apply(Node, orber, iiop_port, []),
     ?match({ok, _},
-	   orber_test_lib:remote_apply(Node, orber, 
-				       add_listen_interface, 
-				       [IP, normal, 
+	   orber_test_lib:remote_apply(Node, orber,
+				       add_listen_interface,
+				       [IP, normal,
 					[{iiop_in_connection_timeout, 3},
 					 {flags, ?ORB_ENV_LOCAL_INTERFACE},
 					 {iiop_port, Port}]])),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   install_test_data,
 					   [timeout])),
 
-    ?match({'IOP_IOR',_,_}, 
+    ?match({'IOP_IOR',_,_},
 	   corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService")),
     %% Check that the connection is established.
     ?match([{_, Port}], orber:iiop_connections(out)),
@@ -762,9 +788,9 @@ iiop_timeout_added_api(_Config) ->
     %% have been closed.
     timer:sleep(8000),
     ?match([], orber:iiop_connections(out)),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   uninstall_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   uninstall_test_data,
 					   [timeout])),
     ok.
 
@@ -772,27 +798,27 @@ iiop_timeout_added_api(_Config) ->
 %%  API tests for ORB to ORB using pseudo call/cast, no security
 %%-----------------------------------------------------------------
 
-multi_pseudo_orber_api(doc) -> 
-    ["MULTI ORB PSEUDO API tests", 
+multi_pseudo_orber_api(doc) ->
+    ["MULTI ORB PSEUDO API tests",
      "This case test if data encode/decode (IIOP) for pseudo objects",
      "produce the correct result, i.e., the test_server echos",
      "the input parameter or an exception is raised (MARSHAL)."];
 multi_pseudo_orber_api(suite) -> [];
 multi_pseudo_orber_api(_Config) ->
     %% --- Create a slave-node ---
-    {ok, Node, Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node()),    
+    {ok, Node, Host} =
+	?match({ok,_,_}, orber_test_lib:js_node()),
     Port = orber_test_lib:remote_apply(Node, orber, iiop_port, []),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   install_test_data,
 					   [pseudo])),
-    
+
     NSR = ?match({'IOP_IOR',"IDL:omg.org/CosNaming/NamingContextExt:1.0",_},
 		 corba:string_to_object("corbaloc::1.1@"++Host++":"++
 					integer_to_list(Port)++"/NameService")),
-    Obj = 
-	?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+    Obj =
+	?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 	       'CosNaming_NamingContext':resolve(NSR, lname:new(["mamba"]))),
     orber_test_lib:corba_object_tests(Obj, NSR),
 
@@ -809,11 +835,11 @@ multi_pseudo_orber_api(_Config) ->
     orber_test_lib:test_coding(Obj),
 
     %% Test if exit is handled properly.
-    ?match({'EXCEPTION',{'TRANSIENT',_,_,_}}, 
+    ?match({'EXCEPTION',{'TRANSIENT',_,_,_}},
 	   orber_test_server:stop_brutal(Obj)),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   uninstall_test_data,
 					   [pseudo])),
     ok.
 
@@ -821,77 +847,77 @@ multi_pseudo_orber_api(_Config) ->
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB with local flags definition set.
 %%-----------------------------------------------------------------
-flags_added_api(doc) -> 
+flags_added_api(doc) ->
     ["MULTI ORB PSEUDO with local flags definition set"];
 flags_added_api(suite) -> [];
 flags_added_api(_Config) ->
     %% --- Create a slave-node ---
     IP = orber_test_lib:get_host(),
-    {ok, Node, _Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node([])),    
+    {ok, Node, _Host} =
+	?match({ok,_,_}, orber_test_lib:js_node([])),
     Port = 1 + orber_test_lib:remote_apply(Node, orber, iiop_port, []),
     ?match({ok, _},
-	   orber_test_lib:remote_apply(Node, orber, 
-				       add_listen_interface, 
-				       [IP, normal, 
+	   orber_test_lib:remote_apply(Node, orber,
+				       add_listen_interface,
+				       [IP, normal,
 					[{flags, (?ORB_ENV_LOCAL_INTERFACE bor
 						  ?ORB_ENV_EXCLUDE_CODESET_COMPONENT)},
 					 {iiop_port, Port}]])),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-						 install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+						 install_test_data,
 						 [pseudo])),
     Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		       corba:string_to_object("corbaname::1.1@"++IP++":"++
 					      integer_to_list(Port)++"/NameService#mamba")),
-    ?match({'external', {IP, Port, _ObjectKey, _Counter, 
-			 #'IOP_TaggedProfile'{tag=?TAG_INTERNET_IOP, 
-					      profile_data= 
-					      #'IIOP_ProfileBody_1_1'{components=[]}}, 
-			 _NewHD}}, 
+    ?match({'external', {IP, Port, _ObjectKey, _Counter,
+			 #'IOP_TaggedProfile'{tag=?TAG_INTERNET_IOP,
+					      profile_data=
+					      #'IIOP_ProfileBody_1_1'{components=[]}},
+			 _NewHD}},
 	   iop_ior:get_key(Obj)),
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-						 uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+						 uninstall_test_data,
 						 [pseudo])),
 
     ok.
 
 
-					 
+
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB with limited concurrent requests
 %%-----------------------------------------------------------------
-max_requests_api(doc) -> 
+max_requests_api(doc) ->
     ["MULTI ORB PSEUDO with limited concurrent requests tests"];
 max_requests_api(suite) -> [];
 max_requests_api(_Config) ->
     %% --- Create a slave-node ---
-    {ok, Node, Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{iiop_max_in_requests, 1}])),    
+    {ok, Node, Host} =
+	?match({ok,_,_}, orber_test_lib:js_node([{iiop_max_in_requests, 1}])),
     Port = orber_test_lib:remote_apply(Node, orber, iiop_port, []),
     max_requests(Node, Host, Port).
 
-max_requests_added_api(doc) -> 
+max_requests_added_api(doc) ->
     ["MULTI ORB PSEUDO with limited concurrent requests tests"];
 max_requests_added_api(suite) -> [];
 max_requests_added_api(_Config) ->
     %% --- Create a slave-node ---
     [IP] = ?match([_], orber:host()),
-    {ok, Node, _Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node([])),    
+    {ok, Node, _Host} =
+	?match({ok,_,_}, orber_test_lib:js_node([])),
     Port = 1 + orber_test_lib:remote_apply(Node, orber, iiop_port, []),
     ?match({ok, _},
-	   orber_test_lib:remote_apply(Node, orber, 
-				       add_listen_interface, 
-				       [IP, normal, 
+	   orber_test_lib:remote_apply(Node, orber,
+				       add_listen_interface,
+				       [IP, normal,
 					[{iiop_max_in_requests, 1},
 					 {flags, ?ORB_ENV_LOCAL_INTERFACE},
 					 {iiop_port, Port}]])),
     max_requests(Node, IP, Port).
 
-max_requests(Node, Host, Port) ->    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-						 install_test_data, 
+max_requests(Node, Host, Port) ->
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+						 install_test_data,
 						 [pseudo])),
     Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		       corba:string_to_object("corbaname::1.1@"++Host++":"++
@@ -899,7 +925,7 @@ max_requests(Node, Host, Port) ->
 
     %% Can we even contact the object?
     ?match(ok, orber_test_server:print(Obj)),
-    
+
     %% Invoke one blocking call followed by several invokations.
     spawn(orber_test_server, pseudo_call_delay, [Obj, 15000]),
     %% Wait for a second to be sure that the previous request has been sent
@@ -912,8 +938,8 @@ max_requests(Node, Host, Port) ->
     %% allow one request at a time to the target ORB.
     ?match(true, (MegaSecsB + (Before+8)*1000000) < (MegaSecsA + After*1000000)),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-						 uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+						 uninstall_test_data,
 						 [pseudo])),
 
     ok.
@@ -921,17 +947,17 @@ max_requests(Node, Host, Port) ->
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB with limited concurrent connections
 %%-----------------------------------------------------------------
-max_connections_api(doc) -> 
+max_connections_api(doc) ->
     ["MULTI ORB PSEUDO with limited concurrent connections tests"];
 max_connections_api(suite) -> [];
 max_connections_api(_Config) ->
     %% --- Create a slave-node ---
-    {ok, ServerNode, ServerHost} = 
+    {ok, ServerNode, ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{iiop_backlog, 0},
 						 {iiop_max_in_connections, 2}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-						 install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+						 install_test_data,
 						 [nameservice])),
 
     %% Claim connection 1 & 2
@@ -939,26 +965,26 @@ max_connections_api(_Config) ->
 		       corba:string_to_object("corbaname::1.2@"++ServerHost++":"++
 					      integer_to_list(ServerPort)++"/NameService#mamba")),
     %% Claim backlog
-    {ok, ClientNode, _ClientHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node()),    
+    {ok, ClientNode, _ClientHost} =
+	?match({ok,_,_}, orber_test_lib:js_node()),
 
     spawn(ClientNode, orber_test_server, print, [Obj]),
     timer:sleep(5000),
     ?match([_], orber_test_lib:remote_apply(ClientNode, orber,
 						  iiop_connections, [])),
-    
+
     %% Try to connect. Should fail. Due to the behavior of different TCP stacks, backlog 1
     %% might not be the precise value. Hence, we also need to define the iiop_timeout. Otherwise
     %% this test case will fail. For the same reason we must GC this connection.
-    {ok, ClientNodeII, _ClientHostII} = 
+    {ok, ClientNodeII, _ClientHostII} =
 	?match({ok,_,_}, orber_test_lib:js_node([{iiop_setup_connection_timeout, 5},
 						 {iiop_timeout, 5},
 						 {iiop_connection_timeout, 8}])),
 
-    ?match({'EXCEPTION', _}, 
-	   orber_test_lib:remote_apply(ClientNodeII, orber_test_server, 
+    ?match({'EXCEPTION', _},
+	   orber_test_lib:remote_apply(ClientNodeII, orber_test_server,
 				       testing_iiop_string, [Obj, "Fail"])),
-    
+
     %% Remove 2 connections. We need to wait a moment so that both sides has detected it.
     timer:sleep(5000),
     ?match([_,_], orber:iiop_connections()),
@@ -968,23 +994,23 @@ max_connections_api(_Config) ->
     ?match(ok, orber_iiop_pm:close_connection([{Host, Port}])),
     timer:sleep(5000),
     ?match([], orber:iiop_connections()),
-    
+
     ?match([_], orber_test_lib:remote_apply(ClientNode, orber,
 					    iiop_connections, [])),
 
     ?match([], orber_test_lib:remote_apply(ClientNodeII, orber,
 					   iiop_connections, [])),
 
-    ?match({ok, "OK"}, 
-	   orber_test_lib:remote_apply(ClientNodeII, orber_test_server, 
+    ?match({ok, "OK"},
+	   orber_test_lib:remote_apply(ClientNodeII, orber_test_server,
 				       testing_iiop_string, [Obj, "OK"])),
-    
+
     timer:sleep(4000),
     ?match([_], orber_test_lib:remote_apply(ClientNodeII, orber,
 					    iiop_connections, [])),
 
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-						 uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+						 uninstall_test_data,
 						 [pseudo])),
 
     ok.
@@ -993,18 +1019,18 @@ max_connections_api(_Config) ->
 %%-----------------------------------------------------------------
 %%  API tests for terminating connection by using an IOR.
 %%-----------------------------------------------------------------
-close_connections_api(doc) -> 
+close_connections_api(doc) ->
     ["Close outgoing connection "];
 close_connections_api(suite) -> [];
 close_connections_api(_Config) ->
     %% --- Create a slave-node ---
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IP = orber_test_lib:get_host(),
@@ -1028,108 +1054,108 @@ close_connections_api(_Config) ->
     ok.
 
 
-close_connections_local_interface_api(doc) -> 
-    ["IIOP Local Interface disconnect tests", 
+close_connections_local_interface_api(doc) ->
+    ["IIOP Local Interface disconnect tests",
      "This case test if the server ORB use the correct",
      "local interface when connecting to another ORB"];
 close_connections_local_interface_api(suite) -> [];
 close_connections_local_interface_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address_local, Loopback}])),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address, IP}])),
     Port = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
-		 orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+		 orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 					     ["corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService"])),
 
     %% Check that the connnection is up and running using the default interface
-    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber,
 								 iiop_connections, [in])),
-    ?match([{IP, Port}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([{IP, Port}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
 				       iiop_connections, [out])),
     %% Try to close the connection
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber,
 					   close_connection, [IOR])),
     %% Wait a moment so that both sides has detected it.
     timer:sleep(5000),
     %% Now the connection shall be gone.
-    ?match([], orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([], orber_test_lib:remote_apply(ClientNode, orber,
 					   iiop_connections, [out])),
-    ?match([], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([], orber_test_lib:remote_apply(ServerNode, orber,
 					   iiop_connections, [in])),
 
     ok.
 
-close_connections_local_interface_ctx_override_api(doc) -> 
-    ["IIOP Local Interface disconnect tests", 
+close_connections_local_interface_ctx_override_api(doc) ->
+    ["IIOP Local Interface disconnect tests",
      "This case test if the server ORB use the correct",
      "local interface when connecting to another ORB"];
 close_connections_local_interface_ctx_override_api(suite) -> [];
 close_connections_local_interface_ctx_override_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address_local, IP},
 						 {ip_address, IP}])),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{ip_address, IP}])),
     Port = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
-		 orber_test_lib:remote_apply(ClientNode, corba, string_to_object, 
+		 orber_test_lib:remote_apply(ClientNode, corba, string_to_object,
 					     ["corbaloc::1.2@"++IP++":"++integer_to_list(Port)++"/NameService",
 					      [#'IOP_ServiceContext'
-					       {context_id=?ORBER_GENERIC_CTX_ID, 
+					       {context_id=?ORBER_GENERIC_CTX_ID,
 						context_data = {interface, Loopback}}]])),
 
     timer:sleep(2000),
     %% Check that the connnection is up and running using the default interface
-    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber,
 								 iiop_connections, [in])),
-    
-    ?match([{IP, Port, Loopback}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
+
+    ?match([{IP, Port, Loopback}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
 				       iiop_connections, [out])),
     %% Try to close not supplying the interface.
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber,
 					   close_connection, [IOR])),
-    
+
     timer:sleep(2000),
     %% The connection shall still be up and running
-    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber,
 								 iiop_connections, [in])),
-    ?match([{IP, Port, Loopback}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([{IP, Port, Loopback}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
 				       iiop_connections, [out])),
     %% Try to close not supplying the interface.
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber,
 					   close_connection, [IOR, IP])),
 
-    timer:sleep(2000),    
+    timer:sleep(2000),
     %% The connection shall still be up and running
-    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([{Loopback,_RemotePort}], orber_test_lib:remote_apply(ServerNode, orber,
 								 iiop_connections, [in])),
-    ?match([{IP, Port, Loopback}], 
-	   orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([{IP, Port, Loopback}],
+	   orber_test_lib:remote_apply(ClientNode, orber,
 				       iiop_connections, [out])),
-    
+
     %% Try to close supplying the correct interface.
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber,
 					   close_connection, [IOR, Loopback])),
     %% Wait a moment so that both sides has detected it.
     timer:sleep(5000),
     %% Now the connection shall be gone.
-    ?match([], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([], orber_test_lib:remote_apply(ServerNode, orber,
 					   iiop_connections, [in])),
-    ?match([], orber_test_lib:remote_apply(ClientNode, orber, 
+    ?match([], orber_test_lib:remote_apply(ClientNode, orber,
 					   iiop_connections, [out])),
     ok.
 
-close_connections_alt_iiop_addr_api(doc) -> 
-    ["IIOP alternate address disconnect tests", 
+close_connections_alt_iiop_addr_api(doc) ->
+    ["IIOP alternate address disconnect tests",
      "This case test if the server ORB use the correct",
      "local interface when connecting to another ORB"];
 close_connections_alt_iiop_addr_api(suite) -> [];
@@ -1137,12 +1163,12 @@ close_connections_alt_iiop_addr_api(_Config) ->
     %% --- Create a slave-node ---
     Loopback = orber_test_lib:get_loopback_interface(),
     IP = orber_test_lib:get_host(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{giop_version, {1, 2}},
 						 {ip_address, {multiple, [IP, Loopback]}}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [{nameservice, Loopback, ServerPort}])),
     %% Create two connections
     Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
@@ -1151,25 +1177,25 @@ close_connections_alt_iiop_addr_api(_Config) ->
     ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 	   corba:string_to_object("corbaname::1.2@"++Loopback++":"++
 				  integer_to_list(ServerPort)++"/NameService#mamba")),
-    timer:sleep(2000),    
+    timer:sleep(2000),
     %% The connection shall still be up and running
     ?match([{_,_}, {_,_}], orber:iiop_connections(out)),
     ?match([{_,_}, {_,_}],
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       iiop_connections, [in])),
-    
+
     %% Try to close the connection
     ?match(ok, orber:close_connection(Obj)),
     %% Wait a moment so that both sides has detected it.
     timer:sleep(5000),
     %% Now the connections shall be gone.
     ?match([], orber:iiop_connections(out)),
-    ?match([], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([], orber_test_lib:remote_apply(ServerNode, orber,
 					   iiop_connections, [in])),
     ok.
 
-close_connections_multiple_profiles_api(doc) -> 
-    ["IIOP alternate address disconnect tests", 
+close_connections_multiple_profiles_api(doc) ->
+    ["IIOP alternate address disconnect tests",
      "This case test if the server ORB use the correct",
      "local interface when connecting to another ORB"];
 close_connections_multiple_profiles_api(suite) -> [];
@@ -1177,11 +1203,11 @@ close_connections_multiple_profiles_api(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
     %% --- Create a slave-node ---
-    {ok, ServerNode, _ServerHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{ip_address, 
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node([{ip_address,
 						  {multiple, [Loopback, IP]}}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
 					   install_test_data, [nameservice])),
     %% Create two connections
     Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
@@ -1193,23 +1219,23 @@ close_connections_multiple_profiles_api(_Config) ->
     %% The connection shall still be up and running
     ?match([{_,_}, {_,_}], orber:iiop_connections(out)),
     ?match([{_,_}, {_,_}],
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       iiop_connections, [in])),
-    
+
     %% Try to close the connection
     ?match(ok, orber:close_connection(Obj)),
     %% Wait a moment so that both sides has detected it.
     timer:sleep(5000),
     %% Now the connections shall be gone.
     ?match([], orber:iiop_connections(out)),
-    ?match([], orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match([], orber_test_lib:remote_apply(ServerNode, orber,
 					   iiop_connections, [in])),
     ok.
 
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB with iiop_packet_size set
 %%-----------------------------------------------------------------
-max_packet_size_exceeded_api(doc) -> 
+max_packet_size_exceeded_api(doc) ->
     ["Exceed the maximum request size"];
 max_packet_size_exceeded_api(suite) -> [];
 max_packet_size_exceeded_api(_Config) ->
@@ -1219,11 +1245,11 @@ max_packet_size_exceeded_api(_Config) ->
 	{ok, LS} ->
 	    (catch gen_tcp:close(LS)),
 	    %% --- Create a slave-node ---
-	    {ok, ServerNode, ServerHost} = 
+	    {ok, ServerNode, ServerHost} =
 		?match({ok,_,_}, orber_test_lib:js_node([{iiop_packet_size, 1}])),
 	    ServerPort = orber_test_lib:remote_apply(ServerNode, orber,
 						     iiop_port, []),
-	    ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}}, 
+	    ?match({'EXCEPTION', #'CosNaming_NamingContextExt_InvalidAddress'{}},
 		   corba:string_to_object("corbaloc::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService")),
 	    ok
     end.
@@ -1231,7 +1257,7 @@ max_packet_size_exceeded_api(_Config) ->
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB with iiop_packet_size set
 %%-----------------------------------------------------------------
-max_packet_size_ok_api(doc) -> 
+max_packet_size_ok_api(doc) ->
     ["Not exceed the maximum request size"];
 max_packet_size_ok_api(suite) -> [];
 max_packet_size_ok_api(_Config) ->
@@ -1241,7 +1267,7 @@ max_packet_size_ok_api(_Config) ->
 	{ok, LS} ->
 	    (catch gen_tcp:close(LS)),
 	    %% --- Create a slave-node ---
-	    {ok, ServerNode, ServerHost} = 
+	    {ok, ServerNode, ServerHost} =
 		?match({ok,_,_}, orber_test_lib:js_node([{iiop_packet_size, 5000}])),
 	    ServerPort = orber_test_lib:remote_apply(ServerNode, orber,
 						     iiop_port, []),
@@ -1251,7 +1277,7 @@ max_packet_size_ok_api(_Config) ->
     end.
 
 
- 
+
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB, no security
 %%-----------------------------------------------------------------
@@ -1259,49 +1285,49 @@ max_packet_size_ok_api(_Config) ->
 light_ifr_api(doc) -> ["LIGHT IFR ORB API tests"];
 light_ifr_api(suite) -> [];
 light_ifr_api(_Config) ->
-    
-    {ok, ClientNode, _ClientHost} = 
+
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, 128}])),
 
     ?match([_,_,_,_], orber_test_lib:remote_apply(ClientNode, orber, get_tables, [])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
-                                                 install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
+                                                 install_test_data,
                                                  [nameservice])),
 
 
-    {ok, ServerNode, ServerHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{flags, 128}])),    
+    {ok, ServerNode, ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node([{flags, 128}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     ?match([_,_,_,_], orber_test_lib:remote_apply(ServerNode, orber, get_tables, [])),
 
-    Obj = ?match({'IOP_IOR',_,_}, 
+    Obj = ?match({'IOP_IOR',_,_},
 		 corba:string_to_object("corbaname::1.2@"++ServerHost++":"++integer_to_list(ServerPort)++"/NameService#mamba")),
     ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, test_coding, [Obj])),
 
     ?match(0, orber_test_lib:remote_apply(ClientNode, orber_diagnostics, missing_modules, [])),
 
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write,
 					   [#orber_light_ifr{id = "FakeId1",
-							     module=non_existing, 
+							     module=non_existing,
 							     type=?IFR_StructDef}])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write,
 					   [#orber_light_ifr{id = "FakeId2",
-							     module=non_existing, 
+							     module=non_existing,
 							     type=?IFR_UnionDef}])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write,
 					   [#orber_light_ifr{id = "FakeId3",
-							     module=non_existing, 
+							     module=non_existing,
 							     type=?IFR_ExceptionDef}])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write,
 					   [#orber_light_ifr{id = "FakeId4",
-							     module=non_existing, 
+							     module=non_existing,
 							     type=?IFR_InterfaceDef}])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, mnesia, dirty_write,
 					   [#orber_light_ifr{id = "FakeId5",
-							     module=orber_test_lib, 
+							     module=orber_test_lib,
 							     type=?IFR_InterfaceDef}])),
     ?match(5, orber_test_lib:remote_apply(ClientNode, orber_diagnostics, missing_modules, [])),
 
@@ -1316,14 +1342,14 @@ light_ifr_api(_Config) ->
 							 absolute_name="::Module::NonExisting"})),
     ?match(ok, mnesia:dirty_write(#ir_InterfaceDef{ir_Internal_ID = "FakedIId5",
 							 absolute_name="::orber::test::lib"})),
-    
+
     ?match(5, orber_diagnostics:missing_modules()),
 
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-						 uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+						 uninstall_test_data,
 						 [nameservice])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
-						 uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
+						 uninstall_test_data,
 						 [nameservice])),
     ok.
 
@@ -1331,23 +1357,23 @@ light_ifr_api(_Config) ->
 %%  API tests for ORB to ORB, no security
 %%-----------------------------------------------------------------
 
-light_orber_api(doc) -> ["LIGHT ORB API tests", 
+light_orber_api(doc) -> ["LIGHT ORB API tests",
 			 "This case test if a light Orber can communicate correctly",
 			 "with an fully installed Orber."];
 light_orber_api(suite) -> [];
 light_orber_api(_Config) ->
     %% --- Create a slave-node ---
     LocalHost = net_adm:localhost(),
-    {ok, Node, _Host} = 
+    {ok, Node, _Host} =
 	?match({ok,_,_}, orber_test_lib:js_node([{lightweight, ["iiop://"++LocalHost++":"++integer_to_list(orber:iiop_port())]}],
 						lightweight)),
     ?match(ok, orber:info(io)),
     ?match([_], orber_test_lib:remote_apply(Node, orber_env, get_lightweight_nodes,[])),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-						 install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+						 install_test_data,
 						 [light])),
-    
+
     Obj1=(catch orber_test_server:oe_create(state,[{pseudo,true}])),
     ?match({_,pseudo,orber_test_server_impl, _,_, _}, Obj1),
     Obj2=(catch orber_test_server:oe_create(state,[])),
@@ -1357,11 +1383,11 @@ light_orber_api(_Config) ->
     'CosNaming_NamingContext':bind(NS, lname:new(["mamba"]), Obj1),
     'CosNaming_NamingContext':bind(NS, lname:new(["viper"]), Obj2),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
 					   light_tests,
 					   [LocalHost,
 					    orber:iiop_port(), "viper"])),
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
 					   light_tests,
 					   [LocalHost,
 					    orber:iiop_port(), "mamba"])),
@@ -1370,17 +1396,17 @@ light_orber_api(_Config) ->
 
     catch corba:dispose(Obj1),
     catch corba:dispose(Obj2),
-    catch 'CosNaming_NamingContext':destroy(NS),    
+    catch 'CosNaming_NamingContext':destroy(NS),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-						 uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+						 uninstall_test_data,
 						 [light])),
     ok.
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB, no security
 %%-----------------------------------------------------------------
 
-light_orber2_api(doc) -> ["LIGHT ORB API tests", 
+light_orber2_api(doc) -> ["LIGHT ORB API tests",
 			 "This case test if a light Orber can communicate correctly",
 			 "with an fully installed Orber. This case test if we can",
 			 "start as lightweight without first setting the environment",
@@ -1389,16 +1415,16 @@ light_orber2_api(suite) -> [];
 light_orber2_api(_Config) ->
     %% --- Create a slave-node ---
     LocalHost = net_adm:localhost(),
-    {ok, Node, _Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node([], 
+    {ok, Node, _Host} =
+	?match({ok,_,_}, orber_test_lib:js_node([],
 						{lightweight, ["iiop://"++LocalHost++":"++integer_to_list(orber:iiop_port())]})),
     ?match(ok, orber:info(io)),
     ?match([_], orber_test_lib:remote_apply(Node, orber_env, get_lightweight_nodes,[])),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   install_test_data,
 					   [light])),
-    
+
     Obj1=(catch orber_test_server:oe_create(state,[{pseudo,true}])),
     ?match({_,pseudo,orber_test_server_impl, _,_, _}, Obj1),
     Obj2=(catch orber_test_server:oe_create(state,[])),
@@ -1407,12 +1433,12 @@ light_orber2_api(_Config) ->
     NS  = corba:resolve_initial_references("NameService"),
     'CosNaming_NamingContext':bind(NS, lname:new(["mamba"]), Obj1),
     'CosNaming_NamingContext':bind(NS, lname:new(["viper"]), Obj2),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
 					   light_tests,
 					   [LocalHost,
 					    orber:iiop_port(), "viper"])),
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
 					   light_tests,
 					   [LocalHost,
 					    orber:iiop_port(), "mamba"])),
@@ -1421,10 +1447,10 @@ light_orber2_api(_Config) ->
 
     catch corba:dispose(Obj1),
     catch corba:dispose(Obj2),
-    catch 'CosNaming_NamingContext':destroy(NS),    
+    catch 'CosNaming_NamingContext':destroy(NS),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   uninstall_test_data,
 					   [light])),
     ok.
 
@@ -1432,13 +1458,13 @@ light_orber2_api(_Config) ->
 %%  API tests for ORB to ORB, no security
 %%-----------------------------------------------------------------
 
-multi_orber_api(doc) -> ["MULTI ORB API tests", 
+multi_orber_api(doc) -> ["MULTI ORB API tests",
 			 "This case test if data encode/decode (IIOP)",
 			 "produce the correct result, i.e., the test_server echos",
 			 "the input parameter or an exception is raised (MARSHAL)."];
 multi_orber_api(suite) -> [];
 multi_orber_api(_Config) ->
-    
+
     NewICObj1 = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([])),
     NewICObj2 = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [{regname, {local, newic2}}])),
     NewICObj3 = ?match({_,_,_,_,_,_}, orber_test_server:oe_create([], [{regname, {global, newic3}}])),
@@ -1448,34 +1474,34 @@ multi_orber_api(_Config) ->
     catch corba:dispose(NewICObj1),
     catch corba:dispose(NewICObj2),
     catch corba:dispose(NewICObj3),
-    
+
     %% --- Create a slave-node ---
-    {ok, Node, Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node()),    
+    {ok, Node, Host} =
+	?match({ok,_,_}, orber_test_lib:js_node()),
     Port = orber_test_lib:remote_apply(Node, orber, iiop_port, []),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
-    
+
     NSR = ?match({'IOP_IOR',"IDL:omg.org/CosNaming/NamingContextExt:1.0",_},
 		 corba:string_to_object("corbaloc::1.2@"++Host++":"++
 					integer_to_list(Port)++"/NameService")),
-    
+
     ?match({'EXCEPTION',{'CosNaming_NamingContext_NotFound',_,_,_}},
 	   'CosNaming_NamingContext':resolve(NSR, lname:new(["not_exist"]))),
 
-    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		 'CosNaming_NamingContext':resolve(NSR, lname:new(["mamba"]))),
     ?match(ok, orber_test_server:print(Obj)),
 
-    Obj12B = ?match({'IOP_IOR',_,_}, 
+    Obj12B = ?match({'IOP_IOR',_,_},
 		    corba:string_to_object("corbaloc::1.2@"++Host++":"++integer_to_list(Port)++"/Mamba")),
-    
-    Obj11B = ?match({'IOP_IOR',_,_}, 
+
+    Obj11B = ?match({'IOP_IOR',_,_},
 		    corba:string_to_object("corbaloc::1.1@"++Host++":"++integer_to_list(Port)++"/Mamba")),
 
-    Obj10B = ?match({'IOP_IOR',_,_}, 
+    Obj10B = ?match({'IOP_IOR',_,_},
 		    corba:string_to_object("corbaloc::1.0@"++Host++":"++integer_to_list(Port)++"/Mamba")),
 
     context_test(Obj12B),
@@ -1484,7 +1510,7 @@ multi_orber_api(_Config) ->
     ?match(ok, orber_test_server:print(Obj12B)),
     ?match(ok, orber_test_server:print(Obj11B)),
     ?match(ok, orber_test_server:print(Obj10B)),
-    ?match({'EXCEPTION',{'CosNaming_NamingContextExt_InvalidAddress',_}}, 
+    ?match({'EXCEPTION',{'CosNaming_NamingContextExt_InvalidAddress',_}},
 	   corba:string_to_object("corbaloc::1.0@"++Host++":"++integer_to_list(Port)++"/Wrong")),
 
     ?match(ok, orber_test_lib:corba_object_tests(Obj12B, NSR)),
@@ -1493,22 +1519,22 @@ multi_orber_api(_Config) ->
 
     %%--- Testing code and decode arguments ---
     orber_test_lib:test_coding(Obj),
-    
-    ?match({'EXCEPTION',#'BAD_CONTEXT'{}}, 
+
+    ?match({'EXCEPTION',#'BAD_CONTEXT'{}},
 	   orber_test_server:
-	   print(Obj12B, 
+	   print(Obj12B,
 		 [{context,
-		   [#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
-					  context_data = {interface, 
+		   [#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+					  context_data = {interface,
 							  {127,0,0,1}}}]}])),
-    
-    ?match({'EXCEPTION',{'TRANSIENT',_,_,_}}, 
+
+    ?match({'EXCEPTION',{'TRANSIENT',_,_,_}},
 	   orber_test_server:stop_brutal(Obj12B)),
-    ?match({'EXCEPTION',{'TRANSIENT',_,_,_}}, 
+    ?match({'EXCEPTION',{'TRANSIENT',_,_,_}},
 		 orber_test_server:print(Obj12B)),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   uninstall_test_data,
 					   [nameservice])),
     ok.
 
@@ -1516,9 +1542,9 @@ multi_orber_api(_Config) ->
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB, no security, using basic interceptors
 %%-----------------------------------------------------------------
-basic_PI_api(doc) -> ["MULTI ORB API tests", 
+basic_PI_api(doc) -> ["MULTI ORB API tests",
 		      "This case test if data encode/decode (IIOP)",
-		      "produce the correct result when using basic interceptors,", 
+		      "produce the correct result when using basic interceptors,",
 		      "i.e., the test_server echos",
 		      "the input parameter or an exception is raised (MARSHAL)."];
 basic_PI_api(suite) -> [];
@@ -1526,21 +1552,21 @@ basic_PI_api(_Config) ->
     %% Change configuration to use Basic Interceptors.
     orber:configure_override(interceptors, {native, [orber_test_lib]}),
     %% --- Create a slave-node ---
-    {ok, Node, Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{interceptors, {native, [orber_test_lib]}}])),    
+    {ok, Node, Host} =
+	?match({ok,_,_}, orber_test_lib:js_node([{interceptors, {native, [orber_test_lib]}}])),
     Port = orber_test_lib:remote_apply(Node, orber, iiop_port, []),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
-    
-    Obj12 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+
+    Obj12 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		   corba:string_to_object("corbaname::1.2@"++Host++":"++integer_to_list(Port)++"/NameService#mamba")),
-    
-    Obj11 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+
+    Obj11 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		   corba:string_to_object("corbaname::1.1@"++Host++":"++integer_to_list(Port)++"/NameService#mamba")),
-    
-    Obj10 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+
+    Obj10 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		   corba:string_to_object("corbaname::1.0@"++Host++":"++integer_to_list(Port)++"/NameService#mamba")),
 
     ?match(ok, corba:print_object(Obj12)),
@@ -1552,13 +1578,13 @@ basic_PI_api(_Config) ->
     ?match(ok, orber_test_server:print(Obj10)),
 
 
-    Obj12B = ?match({'IOP_IOR',_,_}, 
+    Obj12B = ?match({'IOP_IOR',_,_},
 		    corba:string_to_object("corbaloc::1.2@"++Host++":"++integer_to_list(Port)++"/Mamba")),
-    
-    Obj11B = ?match({'IOP_IOR',_,_}, 
+
+    Obj11B = ?match({'IOP_IOR',_,_},
 		    corba:string_to_object("corbaloc::1.1@"++Host++":"++integer_to_list(Port)++"/Mamba")),
-    
-    Obj10B = ?match({'IOP_IOR',_,_}, 
+
+    Obj10B = ?match({'IOP_IOR',_,_},
 		    corba:string_to_object("corbaloc::1.0@"++Host++":"++integer_to_list(Port)++"/Mamba")),
 
     ?match(ok, corba:print_object(Obj12B, info_msg)),
@@ -1568,7 +1594,7 @@ basic_PI_api(_Config) ->
     ?match(ok, orber_test_server:print(Obj12B)),
     ?match(ok, orber_test_server:print(Obj11B)),
     ?match(ok, orber_test_server:print(Obj10B)),
-    ?match({'EXCEPTION',{'CosNaming_NamingContextExt_InvalidAddress',_}}, 
+    ?match({'EXCEPTION',{'CosNaming_NamingContextExt_InvalidAddress',_}},
 		 corba:string_to_object("corbaloc::1.0@"++Host++":"++integer_to_list(Port)++"/Wrong")),
 
     ?match(ok, orber_test_lib:alternate_iiop_address(Host, Port)),
@@ -1583,8 +1609,8 @@ basic_PI_api(_Config) ->
 
     application:set_env(orber, interceptors, false),
 
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   uninstall_test_data,
 					   [nameservice])),
     ok.
 
@@ -1593,62 +1619,95 @@ basic_PI_api(_Config) ->
 %%  API tests for ORB to ORB, ssl security depth 1
 %%-----------------------------------------------------------------
 
-ssl_1_multi_orber_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)", 
+ssl_1_multi_orber_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
 			       "This case set up two secure orbs and test if they can",
 			     "communicate. The case also test to access one of the",
 			     "secure orbs which must raise a NO_PERMISSION exception."];
 ssl_1_multi_orber_api(suite) -> [];
 ssl_1_multi_orber_api(_Config) ->
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
 					       1, [{iiop_ssl_port, 0}]),
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
 					       1, [{iiop_ssl_port, 0}]),
     ssl_suite(ServerOptions, ClientOptions).
-    
-ssl_1_multi_orber_generation_3_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)", 
+
+
+ssl_1_multi_orber_generation_3_api_old(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
+			       "This case set up two secure orbs and test if they can",
+			     "communicate. The case also test to access one of the",
+			     "secure orbs which must raise a NO_PERMISSION exception."];
+ssl_1_multi_orber_generation_3_api_old(suite) -> [];
+ssl_1_multi_orber_generation_3_api_old(_Config) ->
+
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
+					       1, [{ssl_generation, 3},
+						   {iiop_ssl_port, 0}]),
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
+					       1, [{ssl_generation, 3},
+						   {iiop_ssl_port, 0}]),
+    ssl_suite(ServerOptions, ClientOptions).
+
+
+ssl_1_multi_orber_generation_3_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
 			       "This case set up two secure orbs and test if they can",
 			     "communicate. The case also test to access one of the",
 			     "secure orbs which must raise a NO_PERMISSION exception."];
 ssl_1_multi_orber_generation_3_api(suite) -> [];
 ssl_1_multi_orber_generation_3_api(_Config) ->
-   
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
+
+    ServerOptions = orber_test_lib:get_options(iiop_ssl, server,
 					       1, [{ssl_generation, 3},
 						   {iiop_ssl_port, 0}]),
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options(iiop_ssl, client,
 					       1, [{ssl_generation, 3},
 						   {iiop_ssl_port, 0}]),
     ssl_suite(ServerOptions, ClientOptions).
-    
 
 %%-----------------------------------------------------------------
 %%  API tests for ORB to ORB, ssl security depth 2
 %%-----------------------------------------------------------------
 
-ssl_2_multi_orber_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)", 
+ssl_2_multi_orber_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)",
 			     "This case set up two secure orbs and test if they can",
 			     "communicate. The case also test to access one of the",
 			     "secure orbs which must raise a NO_PERMISSION exception."];
 ssl_2_multi_orber_api(suite) -> [];
-ssl_2_multi_orber_api(_Config) -> 
-    
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
+ssl_2_multi_orber_api(_Config) ->
+
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
 					       2, [{iiop_ssl_port, 0}]),
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
 					       2, [{iiop_ssl_port, 0}]),
     ssl_suite(ServerOptions, ClientOptions).
 
-ssl_2_multi_orber_generation_3_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)", 
+
+ssl_2_multi_orber_generation_3_api_old(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)",
+			     "This case set up two secure orbs and test if they can",
+			     "communicate. The case also test to access one of the",
+			     "secure orbs which must raise a NO_PERMISSION exception."];
+ssl_2_multi_orber_generation_3_api_old(suite) -> [];
+ssl_2_multi_orber_generation_3_api_old(_Config) ->
+
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
+					       2, [{ssl_generation, 3},
+						   {iiop_ssl_port, 0}]),
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
+					       2, [{ssl_generation, 3},
+						   {iiop_ssl_port, 0}]),
+    ssl_suite(ServerOptions, ClientOptions).
+
+
+ssl_2_multi_orber_generation_3_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)",
 			     "This case set up two secure orbs and test if they can",
 			     "communicate. The case also test to access one of the",
 			     "secure orbs which must raise a NO_PERMISSION exception."];
 ssl_2_multi_orber_generation_3_api(suite) -> [];
-ssl_2_multi_orber_generation_3_api(_Config) -> 
-    
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
+ssl_2_multi_orber_generation_3_api(_Config) ->
+
+    ServerOptions = orber_test_lib:get_options(iiop_ssl, server,
 					       2, [{ssl_generation, 3},
 						   {iiop_ssl_port, 0}]),
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options(iiop_ssl, client,
 					       2, [{ssl_generation, 3},
 						   {iiop_ssl_port, 0}]),
     ssl_suite(ServerOptions, ClientOptions).
@@ -1656,77 +1715,135 @@ ssl_2_multi_orber_generation_3_api(_Config) ->
 %%  API tests for ORB to ORB, ssl security depth 2
 %%-----------------------------------------------------------------
 
-ssl_reconfigure_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)", 
+ssl_reconfigure_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)",
 			     "This case set up two secure orbs and test if they can",
 			     "communicate. The case also test to access one of the",
 			     "secure orbs which must raise a NO_PERMISSION exception."];
 ssl_reconfigure_api(suite) -> [];
-ssl_reconfigure_api(_Config) -> 
-    ssl_reconfigure([]).
+ssl_reconfigure_api(_Config) ->
+    ssl_reconfigure_old([]).
+
 
-ssl_reconfigure_generation_3_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)", 
+ssl_reconfigure_generation_3_api_old(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)",
+			     "This case set up two secure orbs and test if they can",
+			     "communicate. The case also test to access one of the",
+			     "secure orbs which must raise a NO_PERMISSION exception."];
+ssl_reconfigure_generation_3_api_old(suite) -> [];
+ssl_reconfigure_generation_3_api_old(_Config) ->
+    ssl_reconfigure_old([{ssl_generation, 3}]).
+
+ssl_reconfigure_old(ExtraSSLOptions) ->
+
+    IP = orber_test_lib:get_host(),
+    Loopback = orber_test_lib:get_loopback_interface(),
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_},
+	       orber_test_lib:js_node([{iiop_port, 0},
+				       {flags, ?ORB_ENV_LOCAL_INTERFACE},
+				       {ip_address, IP}|ExtraSSLOptions])),
+    orber_test_lib:remote_apply(ServerNode, ssl, start, []),
+    orber_test_lib:remote_apply(ServerNode, crypto, start, []),
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
+					   [ssl])),
+    ?match({ok, _},
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       add_listen_interface,
+				       [Loopback, normal, [{iiop_port, 5648},
+							   {iiop_ssl_port, 5649},
+							   {interceptors, {native, [orber_iiop_tracer_silent]}}|ExtraSSLOptions]])),
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
+					       2, [{flags, ?ORB_ENV_LOCAL_INTERFACE},
+						   {iiop_port, 5648},
+						   {iiop_ssl_port, 5649},
+						   {interceptors, {native, [orber_iiop_tracer_silent]}}|ExtraSSLOptions]),
+    ?match({ok, _},
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       add_listen_interface,
+				       [Loopback, ssl, ServerOptions])),
+
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
+					       2, [{iiop_ssl_port, 0}|ExtraSSLOptions]),
+    {ok, ClientNode, _ClientHost} =
+	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
+
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
+					   install_test_data,
+					   [ssl])),
+    orber_test_lib:remote_apply(ClientNode, ssl, start, []),
+    orber_test_lib:remote_apply(ServerNode, crypto, start, []),
+    Obj = ?match(#'IOP_IOR'{},
+		 orber_test_lib:remote_apply(ClientNode, corba,
+					     string_to_object, ["corbaname:iiop:1.1@"++Loopback++":5648/NameService#mamba",
+								[{context, [#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
+												  context_data = {configuration, ClientOptions}}]}]])),
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_server,
+					   print, [Obj])).
+
+
+ssl_reconfigure_generation_3_api(doc) -> ["SECURE MULTI ORB API tests (SSL depth 2)",
 			     "This case set up two secure orbs and test if they can",
 			     "communicate. The case also test to access one of the",
 			     "secure orbs which must raise a NO_PERMISSION exception."];
 ssl_reconfigure_generation_3_api(suite) -> [];
-ssl_reconfigure_generation_3_api(_Config) -> 
+ssl_reconfigure_generation_3_api(_Config) ->
     ssl_reconfigure([{ssl_generation, 3}]).
 
+
 ssl_reconfigure(ExtraSSLOptions) ->
 
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
-	?match({ok,_,_}, 
-	       orber_test_lib:js_node([{iiop_port, 0}, 
-				       {flags, ?ORB_ENV_LOCAL_INTERFACE}, 
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_},
+	       orber_test_lib:js_node([{iiop_port, 0},
+				       {flags, ?ORB_ENV_LOCAL_INTERFACE},
 				       {ip_address, IP}|ExtraSSLOptions])),
     orber_test_lib:remote_apply(ServerNode, ssl, start, []),
     orber_test_lib:remote_apply(ServerNode, crypto, start, []),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [ssl])),
-    ?match({ok, _}, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
-				       add_listen_interface, 
+    ?match({ok, _},
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       add_listen_interface,
 				       [Loopback, normal, [{iiop_port, 5648},
 							   {iiop_ssl_port, 5649},
 							   {interceptors, {native, [orber_iiop_tracer_silent]}}|ExtraSSLOptions]])),
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
-					       2, [{flags, ?ORB_ENV_LOCAL_INTERFACE}, 
+    ServerOptions = orber_test_lib:get_options(iiop_ssl, server,
+					       2, [{flags, ?ORB_ENV_LOCAL_INTERFACE},
 						   {iiop_port, 5648},
 						   {iiop_ssl_port, 5649},
 						   {interceptors, {native, [orber_iiop_tracer_silent]}}|ExtraSSLOptions]),
-    ?match({ok, _}, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
-				       add_listen_interface, 
+    ?match({ok, _},
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       add_listen_interface,
 				       [Loopback, ssl, ServerOptions])),
 
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options(iiop_ssl, client,
 					       2, [{iiop_ssl_port, 0}|ExtraSSLOptions]),
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
 
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
+					   install_test_data,
 					   [ssl])),
     orber_test_lib:remote_apply(ClientNode, ssl, start, []),
     orber_test_lib:remote_apply(ServerNode, crypto, start, []),
-    Obj = ?match(#'IOP_IOR'{}, 
+    Obj = ?match(#'IOP_IOR'{},
 		 orber_test_lib:remote_apply(ClientNode, corba,
 					     string_to_object, ["corbaname:iiop:1.1@"++Loopback++":5648/NameService#mamba",
-								[{context, [#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
+								[{context, [#'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
 												  context_data = {configuration, ClientOptions}}]}]])),
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_server, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_server,
 					   print, [Obj])).
 
 
-
 %%-----------------------------------------------------------------
 %%  API tests for Orber to Java ORB, no security
 %%-----------------------------------------------------------------
 
-%orber_java_api(doc) -> ["ERLANG-ORB <-> JAVA-ORB API tests", 
+%orber_java_api(doc) -> ["ERLANG-ORB <-> JAVA-ORB API tests",
 %			"This case test if data encode/decode (IIOP)",
 %			"produce the correct result, i.e., the test_server echos",
 %			"the input parameter or an exception is raised (MARSHAL)."];
@@ -1739,38 +1856,38 @@ ssl_reconfigure(ExtraSSLOptions) ->
 %% Arguments: Config
 %%            Depth
 %% Returns  : ok
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 
 ssl_suite(ServerOptions, ClientOptions) ->
 
-    {ok, ServerNode, ServerHost} = 
+    {ok, ServerNode, ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ServerOptions)),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     SSLServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
 
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
-    
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [ssl])),
     %% Tell the client to interoperate with the server. The purpose of this
     %% operation is to look up, using NameService, an object reference and
     %% use it to contact the object.
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
 					   lookup,
 					   [ServerHost, ServerPort])),
-    
-    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib, 
+
+    ?match(ok, orber_test_lib:remote_apply(ClientNode, orber_test_lib,
 					   alternate_ssl_iiop_address,
 					   [ServerHost, ServerPort, SSLServerPort])),
-    
+
     %% 'This' node is not secure. Contact the server. Must refuse connection.
     NSR = ?match({'IOP_IOR',"IDL:omg.org/CosNaming/NamingContextExt:1.0",_},
 		       corba:string_to_object("corbaloc::1.2@"++ServerHost++":"++
 					      integer_to_list(ServerPort)++"/NameService")),
-    
+
     %% Should be 'NO_PERMISSION'??
     ?match({'EXCEPTION',{'COMM_FAILURE',_,_,_}},
 		 'CosNaming_NamingContext':resolve(NSR, lname:new(["not_exist"]))),
@@ -1780,8 +1897,8 @@ ssl_suite(ServerOptions, ClientOptions) ->
 		 'CosNaming_NamingContext':resolve(NSR, lname:new(["mamba"]))),
 
     %% Uninstall.
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   uninstall_test_data,
 					   [ssl])),
     ok.
 
@@ -1793,7 +1910,7 @@ setup_connection_timeout_api(suite) -> [];
 setup_connection_timeout_api(_Config) ->
     ?match(ok, application:set_env(orber, iiop_backlog, 0)),
     %% Wait to be sure that the configuration has kicked in.
-    timer:sleep(2000),    
+    timer:sleep(2000),
     {ok, Ref, Port} = create_fake_server_ORB(normal, 0, [], listen, []),
     ?match(ok, orber:configure(iiop_setup_connection_timeout, 5)),
     ?match(ok, orber:info(io)),
@@ -1813,7 +1930,7 @@ setup_connection_timeout_api(_Config) ->
 %%-----------------------------------------------------------------
 %%  iiop_setup_connection_timeout API tests for ORB to ORB.
 %%-----------------------------------------------------------------
-setup_multi_connection_timeout_api(doc) -> 
+setup_multi_connection_timeout_api(doc) ->
     ["iiop_multi_setup_connection_timeout API tests for ORB to ORB."];
 setup_multi_connection_timeout_api(suite) -> [];
 setup_multi_connection_timeout_api(_Config) ->
@@ -1838,7 +1955,7 @@ setup_multi_connection_timeout_api(_Config) ->
     ?match(ok, application:set_env(orber, iiop_out_ports, undefined)),
     ok.
 
-setup_multi_connection_timeout_attempts_api(doc) -> 
+setup_multi_connection_timeout_attempts_api(doc) ->
     ["iiop_multi_setup_connection_timeout API tests for ORB to ORB."];
 setup_multi_connection_timeout_attempts_api(suite) -> [];
 setup_multi_connection_timeout_attempts_api(_Config) ->
@@ -1864,7 +1981,7 @@ setup_multi_connection_timeout_attempts_api(_Config) ->
     ?match(ok, application:set_env(orber, iiop_out_ports, undefined)),
     ok.
 
-setup_multi_connection_timeout_random_api(doc) -> 
+setup_multi_connection_timeout_random_api(doc) ->
     ["iiop_multi_setup_connection_timeout API tests for ORB to ORB."];
 setup_multi_connection_timeout_random_api(suite) -> [];
 setup_multi_connection_timeout_random_api(_Config) ->
@@ -1899,17 +2016,17 @@ bad_giop_header_api(_Config) ->
     orber:configure_override(interceptors, {native,[orber_iiop_tracer]}),
     orber:configure(orber_debug_level, 10),
     ?match(ok, orber:info(io)),
-    {ok, ServerNode, ServerHost} = 
+    {ok, ServerNode, ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node()),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     Req = <<"GIOP",1,2,0,100,0,0,0,5,0,0,0,10,50>> ,
-    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [], 
+    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [],
 				     message_error, [Req])),
-    
+
     application:set_env(orber, interceptors, false),
     orber:configure(orber_debug_level, 0),
     ok.
-    
+
 
 %%-----------------------------------------------------------------
 %%  Fragmented IIOP tests (Server-side).
@@ -1927,34 +2044,34 @@ fragments_server_api(doc) -> ["fragments API tests for server-side ORB."];
 fragments_server_api(suite) -> [];
 fragments_server_api(_Config) ->
     %% --- Create a slave-node ---
-    {ok, Node, Host} = 
-	?match({ok,_,_}, orber_test_lib:js_node()),    
+    {ok, Node, Host} =
+	?match({ok,_,_}, orber_test_lib:js_node()),
     Port = orber_test_lib:remote_apply(Node, orber, iiop_port, []),
-    
-    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib, 
-					   install_test_data, 
+
+    ?match(ok, orber_test_lib:remote_apply(Node, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
-    
+
     NSR = ?match({'IOP_IOR',"IDL:omg.org/CosNaming/NamingContextExt:1.0",_},
 		 corba:string_to_object("corbaloc::1.2@"++Host++":"++
 					integer_to_list(Port)++"/NameService")),
-    
-    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+
+    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		 'CosNaming_NamingContext':resolve(NSR, lname:new(["mamba"]))),
 
     Any = #any{typecode = {tk_string,0},
 	       value = "123"},
-    Target = #'GIOP_TargetAddress'{label = ?GIOP_KeyAddr, 
+    Target = #'GIOP_TargetAddress'{label = ?GIOP_KeyAddr,
 				   value = iop_ior:get_objkey(Obj)},
-    %% Fix a request header. 
+    %% Fix a request header.
     {Hdr, Body, HdrLen, _What, _Flags} =
 	cdr_encode:enc_request_split(
-	  #giop_env{version = {1,2}, objkey = Target, 
+	  #giop_env{version = {1,2}, objkey = Target,
 		    request_id = ?REQUEST_ID,
-		    response_expected = true, 
-		    op = testing_iiop_any, 
-		    parameters = [49], ctx = [], 
-		    tc = {tk_void,[tk_char],[]}, 
+		    response_expected = true,
+		    op = testing_iiop_any,
+		    parameters = [49], ctx = [],
+		    tc = {tk_void,[tk_char],[]},
 		    host = [orber_test_lib:get_host()],
 		    iiop_port = orber:iiop_port(),
 		    iiop_ssl_port = orber:iiop_ssl_port(),
@@ -1969,11 +2086,11 @@ fragments_server_api(_Config) ->
 		<<AligmnetData:Aligned/binary,49>> = Body,
 		list_to_binary([AligmnetData, <<0,0,0,18,0,0,0,0,0,0,0,4,49>> ])
 	end,
-    
+
     MessSize = HdrLen+size(NewBody),
     ReqFrag = list_to_binary([ <<"GIOP",1:8,2:8,2:8,0:8,
 			       MessSize:32/big-unsigned-integer>> , Hdr |NewBody]),
-    ?match(Any, fake_client_ORB(normal, Host, Port, [], fragments, 
+    ?match(Any, fake_client_ORB(normal, Host, Port, [], fragments,
 				[ReqFrag, ?FRAG_2, ?FRAG_3, ?FRAG_4])),
 
     ok.
@@ -1986,9 +2103,9 @@ fragments_max_server_api(suite) -> [];
 fragments_max_server_api(_Config) ->
     %% --- Create a slave-node ---
     IP = orber_test_lib:get_host(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{iiop_max_fragments, 2},
-						 {ip_address, IP}])),    
+						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     fragments_max_server(ServerNode, IP, ServerPort).
 
@@ -1997,37 +2114,37 @@ fragments_max_server_added_api(suite) -> [];
 fragments_max_server_added_api(_Config) ->
     %% --- Create a slave-node ---
     IP = orber_test_lib:get_host(),
-    {ok, ServerNode, _ServerHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node([])),    
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node([])),
     ServerPort = 1 + orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     ?match({ok, _},
-	   orber_test_lib:remote_apply(ServerNode, orber, 
-				       add_listen_interface, 
-				       [IP, normal, 
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       add_listen_interface,
+				       [IP, normal,
 					[{iiop_max_fragments, 2},
 					 {flags, ?ORB_ENV_LOCAL_INTERFACE},
 					 {iiop_port, ServerPort}]])),
     fragments_max_server(ServerNode, IP, ServerPort).
 
 fragments_max_server(ServerNode, ServerHost, ServerPort) ->
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [nameservice])),
     Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		 corba:string_to_object("corbaname::1.2@"++ServerHost++":"++
 					integer_to_list(ServerPort)++"/NameService#mamba")),
-    Target = #'GIOP_TargetAddress'{label = ?GIOP_KeyAddr, 
+    Target = #'GIOP_TargetAddress'{label = ?GIOP_KeyAddr,
 				   value = iop_ior:get_objkey(Obj)},
-    %% Fix a request header. 
+    %% Fix a request header.
     {Hdr, Body, HdrLen, _What, _Flags} =
 	cdr_encode:enc_request_split(
-	  #giop_env{version = {1,2}, 
-		    objkey = Target, 
-		    request_id = ?REQUEST_ID, 
-		    response_expected = true, 
-		    op = testing_iiop_any, 
-		    parameters = [49], ctx = [], 
-		    tc = {tk_void,[tk_char],[]}, 
+	  #giop_env{version = {1,2},
+		    objkey = Target,
+		    request_id = ?REQUEST_ID,
+		    response_expected = true,
+		    op = testing_iiop_any,
+		    parameters = [49], ctx = [],
+		    tc = {tk_void,[tk_char],[]},
 		    host = [orber_test_lib:get_host()],
 		    iiop_port = orber:iiop_port(),
 		    iiop_ssl_port = orber:iiop_ssl_port(),
@@ -2046,8 +2163,8 @@ fragments_max_server(ServerNode, ServerHost, ServerPort) ->
     MessSize = HdrLen+size(NewBody),
     ReqFrag = list_to_binary([ <<"GIOP",1:8,2:8,2:8,0:8,
 			       MessSize:32/big-unsigned-integer>> , Hdr |NewBody]),
-    ?match(#'IMP_LIMIT'{}, 
-	   fake_client_ORB(normal, ServerHost, ServerPort, [], fragments_max, 
+    ?match(#'IMP_LIMIT'{},
+	   fake_client_ORB(normal, ServerHost, ServerPort, [], fragments_max,
 			   [ReqFrag, ?FRAG_2, ?FRAG_3, ?FRAG_4])),
 
     ok.
@@ -2063,11 +2180,11 @@ fragments_client_api(_Config) ->
     application:set_env(orber, interceptors, {native,[orber_iiop_tracer]}),
     orber:configure(orber_debug_level, 10),
     orber:info(),
-    IOR = ?match({'IOP_IOR',_,_}, 
-		       iop_ior:create_external({1, 2}, "IDL:FAKE:1.0", 
+    IOR = ?match({'IOP_IOR',_,_},
+		       iop_ior:create_external({1, 2}, "IDL:FAKE:1.0",
 					       "localhost", 6004, "FAKE", [])),
-    spawn(?MODULE, create_fake_server_ORB, [normal, 6004, [], fragments, 
-					    [?REPLY_FRAG_1, ?FRAG_2, 
+    spawn(?MODULE, create_fake_server_ORB, [normal, 6004, [], fragments,
+					    [?REPLY_FRAG_1, ?FRAG_2,
 					     ?FRAG_3, ?FRAG_4]]),
     ?match({ok, Any}, orber_test_server:testing_iiop_any(IOR, Any)),
     application:set_env(orber, interceptors, false),
@@ -2083,16 +2200,16 @@ bad_fragment_id_client_api(_Config) ->
     application:set_env(orber, interceptors, {native,[orber_iiop_tracer]}),
     orber:configure(orber_debug_level, 10),
     orber:info(),
-    {ok, ServerNode, ServerHost} = 
+    {ok, ServerNode, ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node()),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     Req = <<71,73,79,80,1,2,2,7,0,0,0,5,0,0,0,100,50>> ,
-    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [], 
+    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [],
 			       message_error, [Req])),
-    
+
     application:set_env(orber, interceptors, false),
     orber:configure(orber_debug_level, 0),
-    
+
     ok.
 
 %%-----------------------------------------------------------------
@@ -2100,22 +2217,22 @@ bad_fragment_id_client_api(_Config) ->
 %%-----------------------------------------------------------------
 bad_id_cancel_request_api(doc) -> ["Description", "more description"];
 bad_id_cancel_request_api(suite) -> [];
-bad_id_cancel_request_api(Config) when is_list(Config) ->   
-    Req10 = cdr_encode:enc_cancel_request(#giop_env{version = {1, 0}, 
+bad_id_cancel_request_api(Config) when is_list(Config) ->
+    Req10 = cdr_encode:enc_cancel_request(#giop_env{version = {1, 0},
 						    request_id = 556}),
-    Req11 = cdr_encode:enc_cancel_request(#giop_env{version = {1, 1}, 
+    Req11 = cdr_encode:enc_cancel_request(#giop_env{version = {1, 1},
 						    request_id = 556}),
-    Req12 = cdr_encode:enc_cancel_request(#giop_env{version = {1, 2}, 
+    Req12 = cdr_encode:enc_cancel_request(#giop_env{version = {1, 2},
 						    request_id = 556}),
-    {ok, ServerNode, ServerHost} = 
+    {ok, ServerNode, ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node()),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
-    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [], 
-			       message_error, [Req10])),    
-    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [], 
-			       message_error, [Req11])),    
-    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [], 
-			       message_error, [Req12])),    
+    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [],
+			       message_error, [Req10])),
+    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [],
+			       message_error, [Req11])),
+    ?match(ok, fake_client_ORB(normal, ServerHost, ServerPort, [],
+			       message_error, [Req12])),
     ok.
 
 %%-----------------------------------------------------------------
@@ -2131,141 +2248,141 @@ pseudo_calls(0, _) ->
 pseudo_calls(Times, Obj) ->
     orber_test_server:pseudo_call(Obj),
     New = Times - 1,
-    pseudo_calls(New, Obj). 
+    pseudo_calls(New, Obj).
 pseudo_casts(0, _) ->
     ok;
 pseudo_casts(Times, Obj) ->
     orber_test_server:pseudo_cast(Obj),
     New = Times - 1,
-    pseudo_casts(New, Obj). 
+    pseudo_casts(New, Obj).
 
 context_test(Obj) ->
-    CodeSetCtx = #'CONV_FRAME_CodeSetContext'{char_data =  65537, 
+    CodeSetCtx = #'CONV_FRAME_CodeSetContext'{char_data =  65537,
 					      wchar_data = 65801},
     FTGrp = #'FT_FTGroupVersionServiceContext'{object_group_ref_version = ?ULONGMAX},
-    FTReq = #'FT_FTRequestServiceContext'{client_id = "ClientId", 
-					  retention_id = ?LONGMAX, 
+    FTReq = #'FT_FTRequestServiceContext'{client_id = "ClientId",
+					  retention_id = ?LONGMAX,
 					  expiration_time = ?ULONGLONGMAX},
 
-    IDToken1 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAbsent, 
+    IDToken1 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAbsent,
 				    value = true},
-    IDToken2 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAnonymous, 
+    IDToken2 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTAnonymous,
 				    value = false},
-    IDToken3 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTPrincipalName, 
+    IDToken3 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTPrincipalName,
 				    value = [0,255]},
-    IDToken4 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTX509CertChain, 
+    IDToken4 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTX509CertChain,
 				    value = [1,255]},
-    IDToken5 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTDistinguishedName, 
+    IDToken5 = #'CSI_IdentityToken'{label = ?CSI_IdentityTokenType_ITTDistinguishedName,
 				    value = [2,255]},
-    IDToken6 = #'CSI_IdentityToken'{label = ?ULONGMAX, 
+    IDToken6 = #'CSI_IdentityToken'{label = ?ULONGMAX,
 				    value = [3,255]},
 
     MTEstablishContext1 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken1, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken1,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext2 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken2, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken2,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext3 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken3, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken3,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext4 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken4, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken4,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext5 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken5, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken5,
 				       client_authentication_token = [1, 255]}},
     MTEstablishContext6 = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTEstablishContext, 
-       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX, 
-				       authorization_token = 
+      {label = ?CSI_MsgType_MTEstablishContext,
+       value = #'CSI_EstablishContext'{client_context_id = ?ULONGLONGMAX,
+				       authorization_token =
 				       [#'CSI_AuthorizationElement'
-					{the_type = ?ULONGMAX, 
-					 the_element = [0,255]}], 
-				       identity_token = IDToken6, 
+					{the_type = ?ULONGMAX,
+					 the_element = [0,255]}],
+				       identity_token = IDToken6,
 				       client_authentication_token = [1, 255]}},
     MTCompleteEstablishContext = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTCompleteEstablishContext, 
-       value = #'CSI_CompleteEstablishContext'{client_context_id = ?ULONGLONGMAX, 
+      {label = ?CSI_MsgType_MTCompleteEstablishContext,
+       value = #'CSI_CompleteEstablishContext'{client_context_id = ?ULONGLONGMAX,
 					       context_stateful = false,
 					       final_context_token = [1, 255]}},
     MTContextError = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTContextError, 
+      {label = ?CSI_MsgType_MTContextError,
        value = #'CSI_ContextError'{client_context_id = ?ULONGLONGMAX,
-				   major_status = 1, 
-				   minor_status = 2, 
+				   major_status = 1,
+				   minor_status = 2,
 				   error_token = [2,255]}},
     MTMessageInContext = #'CSI_SASContextBody'
-      {label = ?CSI_MsgType_MTMessageInContext, 
-       value = #'CSI_MessageInContext'{client_context_id = ?ULONGLONGMAX, 
+      {label = ?CSI_MsgType_MTMessageInContext,
+       value = #'CSI_MessageInContext'{client_context_id = ?ULONGLONGMAX,
 				       discard_context = true}},
-    Ctx = [#'IOP_ServiceContext'{context_id=?IOP_CodeSets, 
+    Ctx = [#'IOP_ServiceContext'{context_id=?IOP_CodeSets,
 				 context_data = CodeSetCtx},
-	   #'IOP_ServiceContext'{context_id=?IOP_FT_GROUP_VERSION, 
+	   #'IOP_ServiceContext'{context_id=?IOP_FT_GROUP_VERSION,
 				 context_data = FTGrp},
-	   #'IOP_ServiceContext'{context_id=?IOP_FT_REQUEST, 
+	   #'IOP_ServiceContext'{context_id=?IOP_FT_REQUEST,
 				 context_data = FTReq},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext1},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext2},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext3},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext4},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext5},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTEstablishContext6},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTCompleteEstablishContext},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTContextError},
-	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService, 
+	   #'IOP_ServiceContext'{context_id=?IOP_SecurityAttributeService,
 				 context_data = MTMessageInContext},
-	   #'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID, 
+	   #'IOP_ServiceContext'{context_id=?ORBER_GENERIC_CTX_ID,
 				 context_data = {any_kind_of_data, {127,0,0,1}, 4001}}],
     ?match(ok, orber_test_server:testing_iiop_context(Obj, [{context, Ctx}])).
 
 
 create_fake_server_ORB(Type, Port, Options, listen, _Data) ->
     {ok, _ListenSocket, NewPort} =
-	orber_socket:listen(Type, Port, 
+	orber_socket:listen(Type, Port,
 			    [{backlog, 0}, {active, false}|Options]),
     Socket = orber_socket:connect(Type, 'localhost', NewPort, [{active, false}|Options]),
     {ok, {Type, Socket}, NewPort};
 create_fake_server_ORB(Type, Port, Options, Action, Data) ->
-    {ok, ListenSocket, _NewPort} = 
+    {ok, ListenSocket, _NewPort} =
 	orber_socket:listen(Type, Port, [{active, false}|Options]),
     Socket = orber_socket:accept(Type, ListenSocket),
     do_server_action(Type, Socket, Action, Data),
@@ -2299,14 +2416,14 @@ do_client_action(Type, Socket, fragments, FragList) ->
     ok = send_data(Type, Socket, FragList),
     timer:sleep(3000),
     {ok, Bytes} = gen_tcp:recv(Socket, 0),
-    {#reply_header{request_id = ?REQUEST_ID, reply_status = no_exception}, ok, [Par]} = 
+    {#reply_header{request_id = ?REQUEST_ID, reply_status = no_exception}, ok, [Par]} =
 	cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes),
     Par;
 do_client_action(Type, Socket, fragments_max, FragList) ->
     ok = send_data(Type, Socket, FragList),
     timer:sleep(3000),
     {ok, Bytes} = gen_tcp:recv(Socket, 0),
-    {#reply_header{request_id = ?REQUEST_ID, reply_status = system_exception}, Exc, []} = 
+    {#reply_header{request_id = ?REQUEST_ID, reply_status = system_exception}, Exc, []} =
 	cdr_decode:dec_message({tk_void,[tk_any],[tk_any]}, Bytes),
     Exc;
 do_client_action(Type, Socket, message_error, Data) ->
@@ -2323,4 +2440,4 @@ send_data(_Type, _Socket, []) ->
 send_data(Type, Socket, [H|T]) ->
     orber_socket:write(Type, Socket, H),
     send_data(Type, Socket, T).
-    
+
diff --git a/lib/orber/test/orber_SUITE.erl b/lib/orber/test/orber_SUITE.erl
index be6ffa201c..72b0db1e0d 100644
--- a/lib/orber/test/orber_SUITE.erl
+++ b/lib/orber/test/orber_SUITE.erl
@@ -20,7 +20,6 @@
 -module(orber_SUITE).
 -include_lib("test_server/include/test_server.hrl").
 
-
 -define(default_timeout, ?t:minutes(15)).
 -define(application, orber).
 
@@ -31,7 +30,11 @@
 
 % Test cases must be exported.
 -export([app_test/1, undefined_functions/1, install_load_order/1,
-	 install_local_content/1]).
+	 install_local_content/1, 
+         otp_9887/1]).
+
+%% Exporting error handler callbacks for use in otp_9887
+-export([init/1, handle_event/2]).
 
 %%
 %% all/1
@@ -40,7 +43,8 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
     [app_test, undefined_functions, install_load_order,
-     install_local_content].
+     install_local_content,
+     otp_9887].
 
 groups() -> 
     [].
@@ -76,6 +80,27 @@ app_test(_Config) ->
     ?line ok=?t:app_test(orber),
     ok.
 
+otp_9887(_Config) ->
+    orber:jump_stop(),
+    application:set_env(orber, orber_debug_level, 10),
+    orber:jump_start([]),
+    
+    mnesia:create_table(orber_light_ifr, []),
+
+    error_logger:add_report_handler(?MODULE,[self()]),
+    catch orber_ifr:get_module(foo, bar),
+    
+    receive
+	{stolen,Reason} ->
+            {error,_Pid1, {_Pid2, _ErrorString, ArgumentList}} = Reason,
+            5 = length(ArgumentList)
+    after 500 ->
+            test_server:fail("OTP_9887 TIMED OUT")
+    end,
+
+    orber:jump_stop(),
+    ok.
+
 %% Install Orber using the load_order option.
 install_load_order(suite) ->
     [];
@@ -192,5 +217,10 @@ key1search(Key, L) ->
 fail(Reason) ->
     exit({suite_failed, Reason}).
 
+%% Error handler 
 
+init([Proc]) -> {ok,Proc}.
 
+handle_event(Event, Proc) -> 
+    Proc ! {stolen,Event},
+    {ok,Proc}.
diff --git a/lib/orber/test/orber_acl_SUITE.erl b/lib/orber/test/orber_acl_SUITE.erl
index b43a00be19..49107cde84 100644
--- a/lib/orber/test/orber_acl_SUITE.erl
+++ b/lib/orber/test/orber_acl_SUITE.erl
@@ -80,7 +80,7 @@ end_per_group(_GroupName, Config) ->
 %%-----------------------------------------------------------------
 init_per_suite(Config) ->
     if
-        list(Config) ->
+        is_list(Config) ->
             Config;
         true ->
             exit("Config not a list")
diff --git a/lib/orber/test/orber_nat_SUITE.erl b/lib/orber/test/orber_nat_SUITE.erl
index 625f168520..ee31b162c2 100644
--- a/lib/orber/test/orber_nat_SUITE.erl
+++ b/lib/orber/test/orber_nat_SUITE.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
+%%
 %% Copyright Ericsson AB 2006-2011. All Rights Reserved.
-%% 
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 %%
@@ -50,14 +50,15 @@
 %%-----------------------------------------------------------------
 %% External exports
 %%-----------------------------------------------------------------
--export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0, 
+-export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2, cases/0,
 	 init_per_suite/1, end_per_suite/1,
-	 init_per_testcase/2, end_per_testcase/2, 
+	 init_per_testcase/2, end_per_testcase/2,
 	 nat_ip_address/1, nat_ip_address_multiple/1,
 	 nat_ip_address_local/1, nat_ip_address_local_local/1,
 	 nat_iiop_port/1, nat_iiop_port_local/1,
-	 nat_iiop_port_local_local/1, nat_iiop_ssl_port/1,
-	 nat_iiop_ssl_port_local/1]).
+	 nat_iiop_port_local_local/1,
+	 nat_iiop_ssl_port_old/1, nat_iiop_ssl_port_local_old/1,
+	 nat_iiop_ssl_port/1, nat_iiop_ssl_port_local/1]).
 
 
 %%-----------------------------------------------------------------
@@ -66,15 +67,15 @@
 
 %%-----------------------------------------------------------------
 %% Func: all/1
-%% Args: 
-%% Returns: 
+%% Args:
+%% Returns:
 %%-----------------------------------------------------------------
 suite() -> [{ct_hooks,[ts_install_cth]}].
 
-all() -> 
+all() ->
     cases().
 
-groups() -> 
+groups() ->
     [].
 
 init_per_group(_GroupName, Config) ->
@@ -84,25 +85,38 @@ end_per_group(_GroupName, Config) ->
     Config.
 
 
-cases() -> 
-    [nat_ip_address, nat_ip_address_multiple,
-     nat_ip_address_local, nat_iiop_port,
-     nat_iiop_port_local, nat_ip_address_local_local,
-     nat_iiop_port_local_local, nat_iiop_ssl_port,
+cases() ->
+    [nat_ip_address,
+     nat_ip_address_multiple,
+     nat_ip_address_local,
+     nat_iiop_port,
+     nat_iiop_port_local,
+     nat_ip_address_local_local,
+     nat_iiop_port_local_local,
+     nat_iiop_ssl_port_old,
+     nat_iiop_ssl_port_local_old,
+     nat_iiop_ssl_port,
      nat_iiop_ssl_port_local].
 
 %%-----------------------------------------------------------------
 %% Init and cleanup functions.
 %%-----------------------------------------------------------------
-init_per_testcase(TC, Config) 
+init_per_testcase(TC, Config)
  when TC =:= nat_iiop_ssl_port;
-      TC =:= nat_iiop_ssl_port_local ->
-    case orber_test_lib:ssl_version() of
-	no_ssl ->
-	    {skip,"SSL not installed!"};
-	_ ->
-	    init_per_testcase(dummy_tc, Config)
-    end;
+      TC =:= nat_iiop_ssl_port_local;
+      TC =:= nat_iiop_ssl_port_old;
+      TC =:= nat_iiop_ssl_port_local_old ->
+      case  ?config(crypto_started, Config) of
+	  true ->
+	      case orber_test_lib:ssl_version() of
+		  no_ssl ->
+		      {skip,"SSL not installed!"};
+		  _ ->
+		      init_per_testcase(dummy_tc, Config)
+	      end;
+	  false ->
+	      {skip, "Crypto did not start"}
+      end;
 init_per_testcase(_Case, Config) ->
     Path = code:which(?MODULE),
     code:add_pathz(filename:join(filename:dirname(Path), "idl_output")),
@@ -125,12 +139,18 @@ end_per_testcase(_Case, Config) ->
 init_per_suite(Config) ->
     if
 	is_list(Config) ->
-	    Config;
+            try crypto:start() of
+                ok ->
+		    [{crypto_started, true} | Config]
+            catch _:_ ->
+	       [{crypto_started, false} | Config]
+            end;
 	true ->
 	    exit("Config not a list")
     end.
 
 end_per_suite(Config) ->
+    application:stop(crypto),    
     Config.
 
 %%-----------------------------------------------------------------
@@ -143,13 +163,13 @@ nat_ip_address(suite) -> [];
 nat_ip_address(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_ENABLE_NAT},
 						 {nat_ip_address, Loopback}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {Loopback, ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR)),
     ok.
 
@@ -158,14 +178,14 @@ nat_ip_address_multiple(doc) -> ["This case test if the server ORB use the corre
 nat_ip_address_multiple(suite) -> [];
 nat_ip_address_multiple(_Config) ->
     IP = orber_test_lib:get_host(),
-   
-    {ok, ServerNode, _ServerHost} = 
+
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_ENABLE_NAT},
 						 {nat_ip_address, {multiple, ["10.0.0.1"]}}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {"10.0.0.1", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {"10.0.0.1", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR)),
     ok.
 
@@ -174,13 +194,13 @@ nat_ip_address_local(doc) -> ["This case test if the server ORB use the correct"
 nat_ip_address_local(suite) -> [];
 nat_ip_address_local(_Config) ->
     IP = orber_test_lib:get_host(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_ENABLE_NAT},
 						 {nat_ip_address, {local, "10.0.0.1", [{IP, "127.0.0.1"}]}}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {"10.0.0.1", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {"10.0.0.1", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR)),
     ok.
 
@@ -190,19 +210,19 @@ nat_ip_address_local_local(suite) -> [];
 nat_ip_address_local_local(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{flags, 
-						  (?ORB_ENV_LOCAL_INTERFACE bor 
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node([{flags,
+						  (?ORB_ENV_LOCAL_INTERFACE bor
 						   ?ORB_ENV_ENABLE_NAT)},
 						 {nat_ip_address, {local, "10.0.0.1", [{IP, "10.0.0.2"}]}}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR1 = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {"10.0.0.2", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {"10.0.0.2", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR1)),
     IOR2 = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++Loopback++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {"10.0.0.1", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {"10.0.0.1", ServerPort, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR2)),
     ok.
 
@@ -211,13 +231,13 @@ nat_iiop_port(doc) -> ["This case test if the server ORB use the correct",
 nat_iiop_port(suite) -> [];
 nat_iiop_port(_Config) ->
     IP = orber_test_lib:get_host(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_ENABLE_NAT},
 						 {nat_iiop_port, 42}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {_IP, 42, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {_IP, 42, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR)),
     ok.
 
@@ -226,13 +246,13 @@ nat_iiop_port_local(doc) -> ["This case test if the server ORB use the correct",
 nat_iiop_port_local(suite) -> [];
 nat_iiop_port_local(_Config) ->
     IP = orber_test_lib:get_host(),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node([{flags, ?ORB_ENV_ENABLE_NAT},
 						 {nat_iiop_port, {local, 42, [{4001, 43}]}}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     IOR = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {_IP, 42, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {_IP, 42, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR)),
     ok.
 
@@ -242,27 +262,27 @@ nat_iiop_port_local_local(suite) -> [];
 nat_iiop_port_local_local(_Config) ->
     IP = orber_test_lib:get_host(),
     Loopback = orber_test_lib:get_loopback_interface(),
-    {ok, ServerNode, _ServerHost} = 
-	?match({ok,_,_}, orber_test_lib:js_node([{flags, 
-						  (?ORB_ENV_LOCAL_INTERFACE bor 
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node([{flags,
+						  (?ORB_ENV_LOCAL_INTERFACE bor
 						   ?ORB_ENV_ENABLE_NAT)},
 						 {ip_address, IP}])),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     orber_test_lib:remote_apply(ServerNode, orber_env, configure_override, [nat_iiop_port, {local, 42, [{ServerPort, 43}]}]),
     IOR1 = ?match(#'IOP_IOR'{},
 		 corba:string_to_object("corbaloc::1.2@"++IP++":"++integer_to_list(ServerPort)++"/NameService")),
-    ?match({'external', {IP, 43, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {IP, 43, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR1)),
     {ok, Ref} = ?match({ok, _},
-			orber_test_lib:remote_apply(ServerNode, orber, 
-						    add_listen_interface, 
+			orber_test_lib:remote_apply(ServerNode, orber,
+						    add_listen_interface,
 						    [Loopback, normal, 10088])),
     IOR2 = ?match(#'IOP_IOR'{},
 		  corba:string_to_object("corbaloc::1.2@"++Loopback++":10088/NameService")),
-    ?match({'external', {IP, 42, _ObjectKey, _Counter, _TP, _NewHD}}, 
+    ?match({'external', {IP, 42, _ObjectKey, _Counter, _TP, _NewHD}},
 	   iop_ior:get_key(IOR2)),
-    ?match(ok, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       remove_listen_interface, [Ref])),
     ok.
 
@@ -271,103 +291,204 @@ nat_iiop_port_local_local(_Config) ->
 %%  API tests for ORB to ORB, ssl security depth 1
 %%-----------------------------------------------------------------
 
-nat_iiop_ssl_port(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)", 
+nat_iiop_ssl_port_old(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
+			   "Make sure NAT works for SSL"];
+nat_iiop_ssl_port_old(suite) -> [];
+nat_iiop_ssl_port_old(_Config) ->
+
+    IP = orber_test_lib:get_host(),
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
+					       1, [{iiop_ssl_port, 0},
+						   {flags, ?ORB_ENV_ENABLE_NAT},
+						   {ip_address, IP}]),
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
+					       1, [{iiop_ssl_port, 0}]),
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node(ServerOptions)),
+    ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
+    SSLServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
+    NATSSLServerPort = SSLServerPort+1,
+    {ok, Ref} = ?match({ok, _},
+		       orber_test_lib:remote_apply(ServerNode, orber,
+						   add_listen_interface,
+						   [IP, ssl, NATSSLServerPort])),
+    orber_test_lib:remote_apply(ServerNode, orber_env, configure_override,
+				[nat_iiop_ssl_port,
+				 {local, NATSSLServerPort, [{4001, 43}]}]),
+
+    {ok, ClientNode, _ClientHost} =
+	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
+					   [ssl])),
+
+    IOR1 = ?match(#'IOP_IOR'{},
+		  orber_test_lib:remote_apply(ClientNode, corba,
+					      string_to_object,
+					      ["corbaname::1.2@"++IP++":"++
+						   integer_to_list(ServerPort)++"/NameService#mamba"])),
+
+    ?match({'external', {_IP, _Port, _ObjectKey, _Counter, _TP,
+			 #host_data{protocol = ssl,
+				    ssl_data = #'SSLIOP_SSL'{port = NATSSLServerPort}}}},
+	   iop_ior:get_key(IOR1)),
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   uninstall_test_data,
+					   [ssl])),
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       remove_listen_interface, [Ref])),
+    ok.
+
+nat_iiop_ssl_port_local_old(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
+				 "Make sure NAT works for SSL"];
+nat_iiop_ssl_port_local_old(suite) -> [];
+nat_iiop_ssl_port_local_old(_Config) ->
+
+    IP = orber_test_lib:get_host(),
+    ServerOptions = orber_test_lib:get_options_old(iiop_ssl, server,
+					       1, [{iiop_ssl_port, 0},
+						   {flags,
+						    (?ORB_ENV_LOCAL_INTERFACE bor
+							 ?ORB_ENV_ENABLE_NAT)},
+						   {ip_address, IP}]),
+    ClientOptions = orber_test_lib:get_options_old(iiop_ssl, client,
+					       1, [{iiop_ssl_port, 0}]),
+    {ok, ServerNode, _ServerHost} =
+	?match({ok,_,_}, orber_test_lib:js_node(ServerOptions)),
+    ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
+    SSLServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
+    NATSSLServerPort = SSLServerPort+1,
+    {ok, Ref} = ?match({ok, _},
+		       orber_test_lib:remote_apply(ServerNode, orber,
+						   add_listen_interface,
+						   [IP, ssl, NATSSLServerPort])),
+    orber_test_lib:remote_apply(ServerNode, orber_env, configure_override,
+				[nat_iiop_ssl_port,
+				 {local, NATSSLServerPort, [{NATSSLServerPort, NATSSLServerPort}]}]),
+
+    {ok, ClientNode, _ClientHost} =
+	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
+					   [ssl])),
+
+    IOR1 = ?match(#'IOP_IOR'{},
+		  orber_test_lib:remote_apply(ClientNode, corba,
+					      string_to_object,
+					      ["corbaname::1.2@"++IP++":"++
+						   integer_to_list(ServerPort)++"/NameService#mamba"])),
+
+    ?match({'external', {_IP, _Port, _ObjectKey, _Counter, _TP,
+			 #host_data{protocol = ssl,
+				    ssl_data = #'SSLIOP_SSL'{port = NATSSLServerPort}}}},
+	   iop_ior:get_key(IOR1)),
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   uninstall_test_data,
+					   [ssl])),
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
+				       remove_listen_interface, [Ref])),
+    ok.
+
+
+nat_iiop_ssl_port(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
 			   "Make sure NAT works for SSL"];
 nat_iiop_ssl_port(suite) -> [];
 nat_iiop_ssl_port(_Config) ->
 
     IP = orber_test_lib:get_host(),
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
+    ServerOptions = orber_test_lib:get_options(iiop_ssl, server,
 					       1, [{iiop_ssl_port, 0},
 						   {flags, ?ORB_ENV_ENABLE_NAT},
 						   {ip_address, IP}]),
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options(iiop_ssl, client,
 					       1, [{iiop_ssl_port, 0}]),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ServerOptions)),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     SSLServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
     NATSSLServerPort = SSLServerPort+1,
     {ok, Ref} = ?match({ok, _},
-		       orber_test_lib:remote_apply(ServerNode, orber, 
-						   add_listen_interface, 
+		       orber_test_lib:remote_apply(ServerNode, orber,
+						   add_listen_interface,
 						   [IP, ssl, NATSSLServerPort])),
-    orber_test_lib:remote_apply(ServerNode, orber_env, configure_override, 
-				[nat_iiop_ssl_port, 
+    orber_test_lib:remote_apply(ServerNode, orber_env, configure_override,
+				[nat_iiop_ssl_port,
 				 {local, NATSSLServerPort, [{4001, 43}]}]),
 
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [ssl])),
 
-    IOR1 = ?match(#'IOP_IOR'{}, 
-		  orber_test_lib:remote_apply(ClientNode, corba, 
+    IOR1 = ?match(#'IOP_IOR'{},
+		  orber_test_lib:remote_apply(ClientNode, corba,
 					      string_to_object,
 					      ["corbaname::1.2@"++IP++":"++
 						   integer_to_list(ServerPort)++"/NameService#mamba"])),
 
-    ?match({'external', {_IP, _Port, _ObjectKey, _Counter, _TP, 
-			 #host_data{protocol = ssl, 
-				    ssl_data = #'SSLIOP_SSL'{port = NATSSLServerPort}}}}, 
+    ?match({'external', {_IP, _Port, _ObjectKey, _Counter, _TP,
+			 #host_data{protocol = ssl,
+				    ssl_data = #'SSLIOP_SSL'{port = NATSSLServerPort}}}},
 	   iop_ior:get_key(IOR1)),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   uninstall_test_data,
 					   [ssl])),
-    ?match(ok, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       remove_listen_interface, [Ref])),
     ok.
 
-nat_iiop_ssl_port_local(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)", 
+nat_iiop_ssl_port_local(doc) -> ["SECURE MULTI ORB API tests (SSL depth 1)",
 				 "Make sure NAT works for SSL"];
 nat_iiop_ssl_port_local(suite) -> [];
 nat_iiop_ssl_port_local(_Config) ->
 
     IP = orber_test_lib:get_host(),
-    ServerOptions = orber_test_lib:get_options(iiop_ssl, server, 
+    ServerOptions = orber_test_lib:get_options(iiop_ssl, server,
 					       1, [{iiop_ssl_port, 0},
-						   {flags, 
-						    (?ORB_ENV_LOCAL_INTERFACE bor 
+						   {flags,
+						    (?ORB_ENV_LOCAL_INTERFACE bor
 							 ?ORB_ENV_ENABLE_NAT)},
 						   {ip_address, IP}]),
-    ClientOptions = orber_test_lib:get_options(iiop_ssl, client, 
+    ClientOptions = orber_test_lib:get_options(iiop_ssl, client,
 					       1, [{iiop_ssl_port, 0}]),
-    {ok, ServerNode, _ServerHost} = 
+    {ok, ServerNode, _ServerHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ServerOptions)),
     ServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_port, []),
     SSLServerPort = orber_test_lib:remote_apply(ServerNode, orber, iiop_ssl_port, []),
     NATSSLServerPort = SSLServerPort+1,
     {ok, Ref} = ?match({ok, _},
-		       orber_test_lib:remote_apply(ServerNode, orber, 
-						   add_listen_interface, 
+		       orber_test_lib:remote_apply(ServerNode, orber,
+						   add_listen_interface,
 						   [IP, ssl, NATSSLServerPort])),
-    orber_test_lib:remote_apply(ServerNode, orber_env, configure_override, 
-				[nat_iiop_ssl_port, 
+    orber_test_lib:remote_apply(ServerNode, orber_env, configure_override,
+				[nat_iiop_ssl_port,
 				 {local, NATSSLServerPort, [{NATSSLServerPort, NATSSLServerPort}]}]),
 
-    {ok, ClientNode, _ClientHost} = 
+    {ok, ClientNode, _ClientHost} =
 	?match({ok,_,_}, orber_test_lib:js_node(ClientOptions)),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   install_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   install_test_data,
 					   [ssl])),
 
-    IOR1 = ?match(#'IOP_IOR'{}, 
-		  orber_test_lib:remote_apply(ClientNode, corba, 
+    IOR1 = ?match(#'IOP_IOR'{},
+		  orber_test_lib:remote_apply(ClientNode, corba,
 					      string_to_object,
 					      ["corbaname::1.2@"++IP++":"++
 						   integer_to_list(ServerPort)++"/NameService#mamba"])),
 
-    ?match({'external', {_IP, _Port, _ObjectKey, _Counter, _TP, 
-			 #host_data{protocol = ssl, 
-				    ssl_data = #'SSLIOP_SSL'{port = NATSSLServerPort}}}}, 
+    ?match({'external', {_IP, _Port, _ObjectKey, _Counter, _TP,
+			 #host_data{protocol = ssl,
+				    ssl_data = #'SSLIOP_SSL'{port = NATSSLServerPort}}}},
 	   iop_ior:get_key(IOR1)),
-    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib, 
-					   uninstall_test_data, 
+    ?match(ok, orber_test_lib:remote_apply(ServerNode, orber_test_lib,
+					   uninstall_test_data,
 					   [ssl])),
-    ?match(ok, 
-	   orber_test_lib:remote_apply(ServerNode, orber, 
+    ?match(ok,
+	   orber_test_lib:remote_apply(ServerNode, orber,
 				       remove_listen_interface, [Ref])),
     ok.
 
diff --git a/lib/orber/test/orber_test_lib.erl b/lib/orber/test/orber_test_lib.erl
index 903ab1d771..0ddde49cd6 100644
--- a/lib/orber/test/orber_test_lib.erl
+++ b/lib/orber/test/orber_test_lib.erl
@@ -41,28 +41,31 @@
 	       end
        end()).
 
--export([js_node/2, 
+-export([js_node/2,
 	 js_node/1,
 	 js_node/0,
-	 slave_sup/0, 
-	 remote_apply/4, 
+	 slave_sup/0,
+	 remote_apply/4,
 	 install_test_data/1,
 	 light_tests/3,
-	 uninstall_test_data/1, 
-	 destroy_node/2, 
+	 uninstall_test_data/1,
+	 destroy_node/2,
 	 lookup/2,
 	 alternate_iiop_address/2,
 	 create_alternate_iiop_address/2,
 	 alternate_ssl_iiop_address/3,
 	 create_alternate_ssl_iiop_address/3,
-	 test_coding/1, 
-	 test_coding/2, 
-	 corba_object_tests/2, 
+	 test_coding/1,
+	 test_coding/2,
+	 corba_object_tests/2,
 	 timeouts/3,
 	 precond/3,
 	 postcond/4,
 	 oe_get_interface/0,
 	 create_components_IOR/1,
+	 get_options_old/2,
+	 get_options_old/3,
+	 get_options_old/4,
 	 get_options/2,
 	 get_options/3,
 	 get_options/4,
@@ -89,13 +92,13 @@
 
 %%------------------------------------------------------------
 %% function : ssl_version
-%% Arguments: 
+%% Arguments:
 %% Returns  : integer()
-%% Effect   : 
-%%            
+%% Effect   :
+%%
 %%------------------------------------------------------------
 ssl_version() ->
-    try 
+    try
 	ssl:module_info(),
 	case catch erlang:system_info(otp_release) of
 	    Version when is_list(Version) ->
@@ -114,10 +117,10 @@ ssl_version() ->
 
 %%------------------------------------------------------------
 %% function : version_ok
-%% Arguments: 
+%% Arguments:
 %% Returns  : true | {skipped, Reason}
-%% Effect   : 
-%%            
+%% Effect   :
+%%
 %%------------------------------------------------------------
 version_ok() ->
     {ok, Hostname} = inet:gethostname(),
@@ -151,8 +154,8 @@ version_ok() ->
 %% function : get_host
 %% Arguments: Family - inet | inet6
 %% Returns  : string()
-%% Effect   : 
-%%            
+%% Effect   :
+%%
 %%------------------------------------------------------------
 get_host() ->
     get_host(inet).
@@ -172,13 +175,13 @@ get_host(Family) ->
 	    [IP] = ?match([_], orber:host()),
 	    IP
     end.
-  
+
 %%------------------------------------------------------------
 %% function : get_loopback_interface
 %% Arguments: Family - inet | inet6
 %% Returns  : string()
-%% Effect   : 
-%%            
+%% Effect   :
+%%
 %%------------------------------------------------------------
 get_loopback_interface() ->
     get_loopback_interface(inet).
@@ -193,12 +196,12 @@ get_loopback_interface(Family) ->
 		_ when Family == inet ->
 		    "127.0.0.1";
 		_ ->
-		    "0:0:0:0:0:FFFF:7F00:0001" 
+		    "0:0:0:0:0:FFFF:7F00:0001"
 	    end;
 	_ when Family == inet ->
 	    "127.0.0.1";
 	_ ->
-	    "0:0:0:0:0:FFFF:7F00:0001" 
+	    "0:0:0:0:0:FFFF:7F00:0001"
     end.
 
 %%------------------------------------------------------------
@@ -220,7 +223,7 @@ js_node(InitOptions, StartOptions) when is_list(InitOptions) ->
     {A,B,C} = erlang:now(),
     [_, Host] = string:tokens(atom_to_list(node()), [$@]),
     _NewInitOptions = check_options(InitOptions),
-    js_node_helper(Host, 0, lists:concat([A,'_',B,'_',C]), 
+    js_node_helper(Host, 0, lists:concat([A,'_',B,'_',C]),
 		   InitOptions, 10, StartOptions).
 
 js_node_helper(Host, Port, Name, Options, Retries, StartOptions) ->
@@ -234,8 +237,8 @@ js_node_helper(Host, Port, Name, Options, Retries, StartOptions) ->
 		    ok = rpc:call(NewNode, file, set_cwd, [Cwd]),
 		    true = rpc:call(NewNode, code, set_path, [Path]),
 		    rpc:call(NewNode, application, load, [orber]),
-		    ok = rpc:call(NewNode, corba, orb_init, 
-				  [[{iiop_port, Port}, 
+		    ok = rpc:call(NewNode, corba, orb_init,
+				  [[{iiop_port, Port},
 				    {orber_debug_level, 10}|Options]]),
 		    start_orber(StartOptions, NewNode),
 		    spawn_link(NewNode, ?MODULE, slave_sup, []),
@@ -247,8 +250,8 @@ js_node_helper(Host, Port, Name, Options, Retries, StartOptions) ->
 	    end;
         {error, Reason} when Retries == 0 ->
             {error, Reason};
-        {error, Reason} ->          
-            io:format("Could not start slavenode ~p:~p due to: ~p~n", 
+        {error, Reason} ->
+            io:format("Could not start slavenode ~p:~p due to: ~p~n",
                       [Host, Port, Reason]),
             timer:sleep(500),
 	    js_node_helper(Host, Port, Name, Options, Retries-1, StartOptions)
@@ -285,7 +288,7 @@ starter(Host, Name, Args) ->
 slave_sup() ->
     process_flag(trap_exit, true),
     receive
-        {'EXIT', _, _} -> 
+        {'EXIT', _, _} ->
             case os:type() of
                 vxworks ->
                     erlang:halt();
@@ -309,68 +312,106 @@ start_orber(lightweight, Node) ->
 start_orber(_, Node) ->
     ok = rpc:call(Node, orber, jump_start, []).
 
-
 %%-----------------------------------------------------------------
 %% Type    - ssl | iiop_ssl
 %% Role    - 'server' | 'client'
 %% Options - [{Key, Value}]
 %%-----------------------------------------------------------------
-get_options(Type, Role) -> 
-    get_options(Type, Role, 2, []).
+get_options_old(Type, Role) ->
+    get_options_old(Type, Role, 2, []).
 
-get_options(ssl, Role, Level) -> 
-    get_options(ssl, Role, Level, []).
+get_options_old(ssl, Role, Level) ->
+    get_options_old(ssl, Role, Level, []).
 
-get_options(ssl, Role, 2, Options) -> 
+get_options_old(ssl, Role, 2, Options) ->
     Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
     [{depth, 2},
      {verify, 2},
      {keyfile, filename:join([Dir, Role, "key.pem"])},
-     {cacertfile, filename:join([Dir, Role, "cacerts.pem"])}, 
-     {certfile, filename:join([Dir, Role, "cert.pem"])}|Options];
-get_options(iiop_ssl, _Role, 2, Options) ->
+     {cacertfile, filename:join([Dir, Role, "cacerts.pem"])},
+     {certfile, filename:join([Dir, Role, "cert.pem"])} |Options];
+get_options_old(iiop_ssl, _Role, 2, Options) ->
     Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
     [{ssl_server_depth, 2},
      {ssl_server_verify, 2},
      {ssl_server_certfile, filename:join([Dir, "server", "cert.pem"])},
-     {ssl_server_cacertfile, filename:join([Dir, "server", "cacerts.pem"])}, 
+     {ssl_server_cacertfile, filename:join([Dir, "server", "cacerts.pem"])},
      {ssl_server_keyfile, filename:join([Dir, "server", "key.pem"])},
      {ssl_client_depth, 2},
      {ssl_client_verify, 2},
      {ssl_client_certfile, filename:join([Dir, "client", "cert.pem"])},
-     {ssl_client_cacertfile, filename:join([Dir, "client", "cacerts.pem"])}, 
+     {ssl_client_cacertfile, filename:join([Dir, "client", "cacerts.pem"])},
      {ssl_client_keyfile, filename:join([Dir, "client", "key.pem"])},
-     {secure, ssl}|Options];
-get_options(iiop_ssl, _Role, 1, Options) ->
+     {secure, ssl} |Options];
+get_options_old(iiop_ssl, _Role, 1, Options) ->
     Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
     [{ssl_server_depth, 1},
      {ssl_server_verify, 0},
      {ssl_server_certfile, filename:join([Dir, "server", "cert.pem"])},
-     {ssl_server_cacertfile, filename:join([Dir, "server", "cacerts.pem"])}, 
+     {ssl_server_cacertfile, filename:join([Dir, "server", "cacerts.pem"])},
      {ssl_server_keyfile, filename:join([Dir, "server", "key.pem"])},
      {ssl_client_depth, 1},
      {ssl_client_verify, 0},
      {ssl_client_certfile, filename:join([Dir, "client", "cert.pem"])},
-     {ssl_client_cacertfile, filename:join([Dir, "client", "cacerts.pem"])}, 
+     {ssl_client_cacertfile, filename:join([Dir, "client", "cacerts.pem"])},
      {ssl_client_keyfile, filename:join([Dir, "client", "key.pem"])},
-     {secure, ssl}|Options].
+     {secure, ssl} |Options].
 
+get_options(Type, Role) ->
+    get_options(Type, Role, 2, []).
+
+get_options(ssl, Role, Level) ->
+    get_options(ssl, Role, Level, []).
+
+get_options(ssl, Role, 2, Options) ->
+    Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
+    [{depth, 2},
+     {verify, 2},
+     {keyfile, filename:join([Dir, Role, "key.pem"])},
+     {cacertfile, filename:join([Dir, Role, "cacerts.pem"])},
+     {certfile, filename:join([Dir, Role, "cert.pem"])} |Options];
+get_options(iiop_ssl, _Role, 2, Options) ->
+    Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
+    [{ssl_server_options, [{depth, 2},
+			{verify, 2},
+			{certfile, filename:join([Dir, "server", "cert.pem"])},
+			{cacertfile, filename:join([Dir, "server", "cacerts.pem"])},
+			{keyfile, filename:join([Dir, "server", "key.pem"])}]},
+     {ssl_client_options, [{depth, 2},
+			{verify, 2},
+			{certfile, filename:join([Dir, "client", "cert.pem"])},
+			{cacertfile, filename:join([Dir, "client", "cacerts.pem"])},
+			{keyfile, filename:join([Dir, "client", "key.pem"])}]},
+     {secure, ssl} |Options];
+get_options(iiop_ssl, _Role, 1, Options) ->
+    Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
+    [{ssl_server_options, [{depth, 1},
+			{verify, 0},
+			{certfile, filename:join([Dir, "server", "cert.pem"])},
+			{cacertfile, filename:join([Dir, "server", "cacerts.pem"])},
+			{keyfile, filename:join([Dir, "server", "key.pem"])}]},
+     {ssl_client_options, [{depth, 1},
+			{verify, 0},
+			{certfile, filename:join([Dir, "client", "cert.pem"])},
+			{cacertfile, filename:join([Dir, "client", "cacerts.pem"])},
+			{keyfile, filename:join([Dir, "client", "key.pem"])}]},
+     {secure, ssl} |Options].
 
 create_paths() ->
     Path = filename:dirname(code:which(?MODULE)),
     " -pa " ++ Path ++ " -pa " ++
-        filename:join(Path, "idl_output") ++ 
+        filename:join(Path, "idl_output") ++
 	" -pa " ++
-        filename:join(Path, "all_SUITE_data") ++ 
-        " -pa " ++ 
+        filename:join(Path, "all_SUITE_data") ++
+        " -pa " ++
         filename:dirname(code:which(orber)).
 
 %%------------------------------------------------------------
 %% function : destroy_node
 %% Arguments: Node - which node to destroy.
 %%            Type - normal | ssl
-%% Returns  : 
-%% Effect   : 
+%% Returns  :
+%% Effect   :
 %%------------------------------------------------------------
 
 destroy_node(Node, Type) ->
@@ -384,13 +425,13 @@ stopper(Node, _Type) ->
             slave:stop(Node)
     end.
 
-  
+
 %%------------------------------------------------------------
 %% function : remote_apply
 %% Arguments: N - Node, M - Module,
 %%            F - Function, A - Arguments (list)
-%% Returns  : 
-%% Effect   : 
+%% Returns  :
+%% Effect   :
 %%------------------------------------------------------------
 remote_apply(N, M,F,A) ->
     case rpc:call(N, M, F, A) of
@@ -411,7 +452,7 @@ remote_apply(N, M,F,A) ->
 
 install_test_data(nameservice) ->
     oe_orber_test_server:oe_register(),
-    Mamba = orber_test_server:oe_create([], [{regname, {local, mamba}}]), 
+    Mamba = orber_test_server:oe_create([], [{regname, {local, mamba}}]),
     true = corba:add_initial_service("Mamba", Mamba),
     NS = corba:resolve_initial_references("NameService"),
     NC1 = lname_component:set_id(lname_component:create(), "mamba"),
@@ -420,7 +461,7 @@ install_test_data(nameservice) ->
 
 install_test_data({nameservice, AltAddr, AltPort}) ->
     oe_orber_test_server:oe_register(),
-    Obj = orber_test_server:oe_create([], [{regname, {local, mamba}}]), 
+    Obj = orber_test_server:oe_create([], [{regname, {local, mamba}}]),
     Mamba = corba:add_alternate_iiop_address(Obj, AltAddr, AltPort),
     true = corba:add_initial_service("Mamba", Mamba),
     NS = corba:resolve_initial_references("NameService"),
@@ -430,8 +471,8 @@ install_test_data({nameservice, AltAddr, AltPort}) ->
 
 install_test_data(timeout) ->
     oe_orber_test_server:oe_register(),
-    Mamba = orber_test_server:oe_create([], {local, mamba}), 
-    Viper = orber_test_timeout_server:oe_create([], {local, viper}), 
+    Mamba = orber_test_server:oe_create([], {local, mamba}),
+    Viper = orber_test_timeout_server:oe_create([], {local, viper}),
     NS = corba:resolve_initial_references("NameService"),
     NC1 = lname_component:set_id(lname_component:create(), "mamba"),
     N1 = lname:insert_component(lname:create(), 1, NC1),
@@ -450,7 +491,7 @@ install_test_data(pseudo) ->
 
 install_test_data(ssl) ->
     oe_orber_test_server:oe_register(),
-    Mamba = orber_test_server:oe_create([], [{regname, {local, mamba}}]), 
+    Mamba = orber_test_server:oe_create([], [{regname, {local, mamba}}]),
     NS = corba:resolve_initial_references("NameService"),
     NC1 = lname_component:set_id(lname_component:create(), "mamba"),
     N = lname:insert_component(lname:create(), 1, NC1),
@@ -458,7 +499,7 @@ install_test_data(ssl) ->
 
 install_test_data(ssl_simple) ->
     oe_orber_test_server:oe_register();
-    
+
 install_test_data(light) ->
     %% Nothing to do at the moment but we might in the future
     ok;
@@ -479,7 +520,7 @@ uninstall_test_data(pseudo) ->
     NC1 = lname_component:set_id(lname_component:create(), "mamba"),
     N = lname:insert_component(lname:create(), 1, NC1),
     _Obj = (catch 'CosNaming_NamingContext':resolve(NS, N)),
-    catch 'CosNaming_NamingContext':destroy(NS),    
+    catch 'CosNaming_NamingContext':destroy(NS),
     oe_orber_test_server:oe_unregister();
 
 uninstall_test_data(timeout) ->
@@ -493,7 +534,7 @@ uninstall_test_data(timeout) ->
     Viper = (catch 'CosNaming_NamingContext':resolve(NS, N2)),
     catch corba:dispose(Mamba),
     catch corba:dispose(Viper),
-    catch 'CosNaming_NamingContext':destroy(NS),    
+    catch 'CosNaming_NamingContext':destroy(NS),
     oe_orber_test_server:oe_unregister();
 
 uninstall_test_data(nameservice) ->
@@ -503,7 +544,7 @@ uninstall_test_data(nameservice) ->
     N = lname:insert_component(lname:create(), 1, NC1),
     Obj = (catch 'CosNaming_NamingContext':resolve(NS, N)),
     catch corba:dispose(Obj),
-    catch 'CosNaming_NamingContext':destroy(NS),    
+    catch 'CosNaming_NamingContext':destroy(NS),
     oe_orber_test_server:oe_unregister();
 
 uninstall_test_data(ssl) ->
@@ -512,7 +553,7 @@ uninstall_test_data(ssl) ->
     N = lname:insert_component(lname:create(), 1, NC1),
     Obj = (catch 'CosNaming_NamingContext':resolve(NS, N)),
     catch corba:dispose(Obj),
-    catch 'CosNaming_NamingContext':destroy(NS),    
+    catch 'CosNaming_NamingContext':destroy(NS),
     oe_orber_test_server:oe_unregister();
 
 uninstall_test_data(ssl_simple) ->
@@ -530,27 +571,27 @@ uninstall_test_data(_) ->
 %% Arguments: TestServerObj a orber_test_server ref
 %%            OtherObj - any other Orber object.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 
 corba_object_tests(TestServerObj, OtherObj) ->
-    ?match(false,  
+    ?match(false,
 	   corba_object:is_a(TestServerObj, "IDL:orber_parent/inherrit:1.0")),
-    ?match(true,  
+    ?match(true,
 	   corba_object:is_a(TestServerObj, "IDL:omg.org/orber_parent/inherrit:1.0")),
-    ?match(true,  
+    ?match(true,
 	   corba_object:is_a(TestServerObj, "IDL:omg.org/orber_test/server:1.0")),
-    ?match(false,  
+    ?match(false,
 	   corba_object:is_a(TestServerObj, "IDL:orber_test/server:1.0")),
-    ?match(false, 
+    ?match(false,
 	   corba_object:is_a(TestServerObj, "IDL:omg.org/orber_parent/inherrit:1.1")),
-    ?match(false, 
+    ?match(false,
 	   corba_object:is_a(TestServerObj, "NotValidIFRID")),
-    ?match(false, 
+    ?match(false,
 	   corba_object:is_nil(TestServerObj)),
-    ?match(false, 
+    ?match(false,
 	   corba_object:is_equivalent(OtherObj,TestServerObj)),
-    ?match(true,  
+    ?match(true,
 	   corba_object:is_equivalent(TestServerObj,TestServerObj)),
     ?match(false, corba_object:non_existent(TestServerObj)),
     ?match(false, corba_object:not_existent(TestServerObj)),
@@ -562,32 +603,32 @@ corba_object_tests(TestServerObj, OtherObj) ->
 %% function : lookup
 %% Arguments: Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 
 lookup(Host, Port) ->
     Key = Host++":"++integer_to_list(Port),
-    NSR = corba:resolve_initial_references_remote("NameService", 
+    NSR = corba:resolve_initial_references_remote("NameService",
 						  ["iiop://"++Key]),
 
     NC1 = lname_component:set_id(lname_component:create(), "not_exist"),
     N1 =  lname:insert_component(lname:create(), 1, NC1),
     ?match({'EXCEPTION',{'CosNaming_NamingContext_NotFound',_,_,_}},
 	   'CosNaming_NamingContext':resolve(NSR, N1)),
-    
+
     NC2 = lname_component:set_id(lname_component:create(), "mamba"),
     N2  = lname:insert_component(lname:create(), 1, NC2),
-    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		 'CosNaming_NamingContext':resolve(NSR, N2)),
     orber_test_server:print(Obj),
-    Obj2 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+    Obj2 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		  corba:string_to_object("corbaname:iiop:1.1@"++Key++"/NameService#mamba")),
-    
+
     orber_test_server:print(Obj2),
 
-    NSR2 = ?match({'IOP_IOR',"IDL:omg.org/CosNaming/NamingContextExt:1.0",_}, 
+    NSR2 = ?match({'IOP_IOR',"IDL:omg.org/CosNaming/NamingContextExt:1.0",_},
 		  corba:string_to_object("corbaloc:iiop:1.1@"++Key++"/NameService")),
-    Obj3 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+    Obj3 = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		  'CosNaming_NamingContext':resolve(NSR2, N2)),
     orber_test_server:print(Obj3).
 
@@ -595,11 +636,11 @@ lookup(Host, Port) ->
 %% function : alternate_iiop_address
 %% Arguments: Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 alternate_iiop_address(Host, Port) ->
     IOR = create_alternate_iiop_address(Host, Port),
-    
+
     ?match(false, corba_object:non_existent(IOR)),
     ?match({'object_forward',_}, corba:locate(IOR)),
     ?match({'object_forward',_}, corba:locate(IOR, 10000)),
@@ -609,145 +650,145 @@ alternate_iiop_address(Host, Port) ->
 %% function : create_alternate_iiop_address
 %% Arguments: Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 create_alternate_iiop_address(Host, Port) ->
-    MC = [#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE, 
+    MC = [#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE,
 				 component_data = ?ORBER_ORB_TYPE_1},
-	  #'IOP_TaggedComponent'{tag = ?TAG_CODE_SETS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_CODE_SETS,
 				 component_data = ?DEFAULT_CODESETS},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = Host, 
+				   'HostID' = Host,
 				   'Port' = Port}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = Host, 
+				   'HostID' = Host,
 				   'Port' = 8000}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = Host, 
+				   'HostID' = Host,
 				   'Port' = 8000}}],
     #'IOP_IOR'{type_id=TypeID,
-	       profiles=P1} = _IORA = iop_ior:create({1,2}, 
+	       profiles=P1} = _IORA = iop_ior:create({1,2},
 						     "IDL:omg.org/CosNaming/NamingContextExt:1.0",
-						     [Host], 8000, -1, 
+						     [Host], 8000, -1,
 						     "NameService", MC, 0, 0),
-    #'IOP_IOR'{profiles=P2} = _IORB = iop_ior:create({1,1}, 
+    #'IOP_IOR'{profiles=P2} = _IORB = iop_ior:create({1,1},
 						     "IDL:omg.org/CosNaming/NamingContextExt:1.0",
 						     [Host], 8000, -1,
 						     "NameService", [], 0, 0),
     #'IOP_IOR'{type_id=TypeID, profiles=P2++P1}.
-    
+
 
 %%------------------------------------------------------------
 %% function : create_components_IOR
-%% Arguments: 
+%% Arguments:
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 create_components_IOR(Version) ->
-    MC = [#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE, 
+    MC = [#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE,
 				 component_data = ?ORBER_ORB_TYPE_1},
-	  #'IOP_TaggedComponent'{tag = ?TAG_CODE_SETS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_CODE_SETS,
 				 component_data = ?DEFAULT_CODESETS},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = "127.0.0.1", 
+				   'HostID' = "127.0.0.1",
 				   'Port' = 4001}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_SSL_SEC_TRANS, 
-				 component_data = #'SSLIOP_SSL'{target_supports = 0, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_SSL_SEC_TRANS,
+				 component_data = #'SSLIOP_SSL'{target_supports = 0,
 								target_requires = 1,
 								port = 2}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_FT_GROUP, 
-				 component_data = 
+	  #'IOP_TaggedComponent'{tag = ?TAG_FT_GROUP,
+				 component_data =
 				 #'FT_TagFTGroupTaggedComponent'
-				 {version = #'GIOP_Version'{major = 1, 
-							    minor = 2}, 
-				  ft_domain_id = "FT_FTDomainId",		
+				 {version = #'GIOP_Version'{major = 1,
+							    minor = 2},
+				  ft_domain_id = "FT_FTDomainId",
 				  object_group_id = ?ULONGLONGMAX,
 				  object_group_ref_version = ?LONGMAX}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_FT_PRIMARY, 
-				 component_data = 
+	  #'IOP_TaggedComponent'{tag = ?TAG_FT_PRIMARY,
+				 component_data =
 				 #'FT_TagFTPrimaryTaggedComponent'{primary = true}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_FT_HEARTBEAT_ENABLED, 
-				 component_data = 
+	  #'IOP_TaggedComponent'{tag = ?TAG_FT_HEARTBEAT_ENABLED,
+				 component_data =
 				 #'FT_TagFTHeartbeatEnabledTaggedComponent'{heartbeat_enabled = true}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_CSI_SEC_MECH_LIST, 
-				 component_data = 
+	  #'IOP_TaggedComponent'{tag = ?TAG_CSI_SEC_MECH_LIST,
+				 component_data =
 				 #'CSIIOP_CompoundSecMechList'
 				 {stateful = false,
-				  mechanism_list = 
+				  mechanism_list =
 				  [#'CSIIOP_CompoundSecMech'
-				   {target_requires = 6, 
-				    transport_mech = 
+				   {target_requires = 6,
+				    transport_mech =
 				    #'IOP_TaggedComponent'
 				    {tag=?TAG_TLS_SEC_TRANS,
 				     component_data=#'CSIIOP_TLS_SEC_TRANS'
-				    {target_supports = 7, 
-				     target_requires = 8, 
-				     addresses = 
-				     [#'CSIIOP_TransportAddress'{host_name = "127.0.0.1", 
+				    {target_supports = 7,
+				     target_requires = 8,
+				     addresses =
+				     [#'CSIIOP_TransportAddress'{host_name = "127.0.0.1",
 								 port = 6001}]}},
-				    as_context_mech = 
+				    as_context_mech =
 				    #'CSIIOP_AS_ContextSec'
 				    {target_supports = 9, target_requires = 10,
-				     client_authentication_mech = [1, 255], 
-				     target_name = [2,255]}, 
-				    sas_context_mech = 
+				     client_authentication_mech = [1, 255],
+				     target_name = [2,255]},
+				    sas_context_mech =
 				    #'CSIIOP_SAS_ContextSec'
 				    {target_supports = 11, target_requires = 12,
-				     privilege_authorities = 
+				     privilege_authorities =
 				     [#'CSIIOP_ServiceConfiguration'
-				      {syntax = ?ULONGMAX, 
-				       name = [3,255]}], 
+				      {syntax = ?ULONGMAX,
+				       name = [3,255]}],
 				     supported_naming_mechanisms = [[4,255],[5,255]],
 				     supported_identity_types = ?ULONGMAX}},
 				   #'CSIIOP_CompoundSecMech'
-				   {target_requires = 6, 
-				    transport_mech = 
+				   {target_requires = 6,
+				    transport_mech =
 				    #'IOP_TaggedComponent'
 				    {tag=?TAG_NULL_TAG,
 				     component_data=[]},
-				    as_context_mech = 
+				    as_context_mech =
 				    #'CSIIOP_AS_ContextSec'
 				    {target_supports = 9, target_requires = 10,
-				     client_authentication_mech = [1, 255], 
-				     target_name = [2,255]}, 
-				    sas_context_mech = 
+				     client_authentication_mech = [1, 255],
+				     target_name = [2,255]},
+				    sas_context_mech =
 				    #'CSIIOP_SAS_ContextSec'
 				    {target_supports = 11, target_requires = 12,
-				     privilege_authorities = 
+				     privilege_authorities =
 				     [#'CSIIOP_ServiceConfiguration'
-				      {syntax = ?ULONGMAX, 
-				       name = [3,255]}], 
+				      {syntax = ?ULONGMAX,
+				       name = [3,255]}],
 				     supported_naming_mechanisms = [[4,255],[5,255]],
 				     supported_identity_types = ?ULONGMAX}},
 				   #'CSIIOP_CompoundSecMech'
-				   {target_requires = 6, 
-				    transport_mech = 
+				   {target_requires = 6,
+				    transport_mech =
 				    #'IOP_TaggedComponent'
 				    {tag=?TAG_SECIOP_SEC_TRANS,
 				     component_data=#'CSIIOP_SECIOP_SEC_TRANS'
-				    {target_supports = 7, 
-				     target_requires = 8, 
+				    {target_supports = 7,
+				     target_requires = 8,
 				     mech_oid = [0,255],
 				     target_name = [0,255],
-				     addresses = 
-				     [#'CSIIOP_TransportAddress'{host_name = "127.0.0.1", 
+				     addresses =
+				     [#'CSIIOP_TransportAddress'{host_name = "127.0.0.1",
 								 port = 6001}]}},
-				    as_context_mech = 
+				    as_context_mech =
 				    #'CSIIOP_AS_ContextSec'
 				    {target_supports = 9, target_requires = 10,
-				     client_authentication_mech = [1, 255], 
-				     target_name = [2,255]}, 
-				    sas_context_mech = 
+				     client_authentication_mech = [1, 255],
+				     target_name = [2,255]},
+				    sas_context_mech =
 				    #'CSIIOP_SAS_ContextSec'
 				    {target_supports = 11, target_requires = 12,
-				     privilege_authorities = 
+				     privilege_authorities =
 				     [#'CSIIOP_ServiceConfiguration'
-				      {syntax = ?ULONGMAX, 
-				       name = [3,255]}], 
+				      {syntax = ?ULONGMAX,
+				       name = [3,255]}],
 				     supported_naming_mechanisms = [[4,255],[5,255]],
 				     supported_identity_types = ?ULONGMAX}}]}}],
     iop_ior:create(Version, "IDL:omg.org/CosNaming/NamingContextExt:1.0",
@@ -759,11 +800,11 @@ create_components_IOR(Version) ->
 %% function : alternate_ssl_iiop_address
 %% Arguments: Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 alternate_ssl_iiop_address(Host, Port, SSLPort) ->
     IOR = create_alternate_ssl_iiop_address(Host, Port, SSLPort),
-    
+
     ?match(false, corba_object:non_existent(IOR)),
     ?match({'object_forward',_}, corba:locate(IOR)),
     ?match({'object_forward',_}, corba:locate(IOR, 10000)),
@@ -774,37 +815,37 @@ alternate_ssl_iiop_address(Host, Port, SSLPort) ->
 %% function : create_alternate_ssl_iiop_address
 %% Arguments: Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 create_alternate_ssl_iiop_address(Host, Port, SSLPort) ->
-    MC = [#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE, 
+    MC = [#'IOP_TaggedComponent'{tag = ?TAG_ORB_TYPE,
 				 component_data = ?ORBER_ORB_TYPE_1},
-	  #'IOP_TaggedComponent'{tag = ?TAG_CODE_SETS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_CODE_SETS,
 				 component_data = ?DEFAULT_CODESETS},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = Host, 
+				   'HostID' = Host,
 				   'Port' = Port}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = Host, 
+				   'HostID' = Host,
 				   'Port' = 8000}},
-	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS, 
+	  #'IOP_TaggedComponent'{tag = ?TAG_ALTERNATE_IIOP_ADDRESS,
 				 component_data = #'ALTERNATE_IIOP_ADDRESS'{
-				   'HostID' = Host, 
+				   'HostID' = Host,
 				   'Port' = 8000}},
-	  #'IOP_TaggedComponent'{tag=?TAG_SSL_SEC_TRANS, 
-				 component_data=#'SSLIOP_SSL'{target_supports = 2, 
-							      target_requires = 2, 
+	  #'IOP_TaggedComponent'{tag=?TAG_SSL_SEC_TRANS,
+				 component_data=#'SSLIOP_SSL'{target_supports = 2,
+							      target_requires = 2,
 							      port = SSLPort}}],
     #'IOP_IOR'{type_id=TypeID,
-	       profiles=P1} = _IORA = iop_ior:create_external({1,2}, 
+	       profiles=P1} = _IORA = iop_ior:create_external({1,2},
 							      "IDL:omg.org/CosNaming/NamingContextExt:1.0",
-							      Host, 8000, 
+							      Host, 8000,
 							      "NameService", MC),
-    #'IOP_IOR'{profiles=P2} = _IORB = iop_ior:create_external({1,1}, 
+    #'IOP_IOR'{profiles=P2} = _IORB = iop_ior:create_external({1,1},
 							      "IDL:omg.org/CosNaming/NamingContextExt:1.0",
-							      Host, 8000, 
+							      Host, 8000,
 							      "NameService", []),
     #'IOP_IOR'{type_id=TypeID, profiles=P2++P1}.
 
@@ -813,11 +854,11 @@ create_alternate_ssl_iiop_address(Host, Port, SSLPort) ->
 %% function : timeouts
 %% Arguments: Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 
 timeouts(Host, Port, ReqT) ->
-    NSR = corba:resolve_initial_references_remote("NameService", 
+    NSR = corba:resolve_initial_references_remote("NameService",
             ["iiop://"++Host++":"++integer_to_list(Port)]),
     NC1 = lname_component:set_id(lname_component:create(), "mamba"),
     N1 = lname:insert_component(lname:create(), 1, NC1),
@@ -827,21 +868,21 @@ timeouts(Host, Port, ReqT) ->
     Viper = 'CosNaming_NamingContext':resolve(NSR, N2),
 
     ?match({'EXCEPTION',{'TIMEOUT',_,_,_}},
-	   orber_test_timeout_server:twoway_function(Viper, ReqT, ReqT*2)), 
-    ?match(ok, orber_test_timeout_server:oneway_function(Viper, ReqT*2)), 
+	   orber_test_timeout_server:twoway_function(Viper, ReqT, ReqT*2)),
+    ?match(ok, orber_test_timeout_server:oneway_function(Viper, ReqT*2)),
 
     ?match({'EXCEPTION',{'TIMEOUT',_,_,_}},
-		 orber_test_server:testing_iiop_twoway_delay(Mamba, ReqT)), 
+		 orber_test_server:testing_iiop_twoway_delay(Mamba, ReqT)),
     ?match(ok, orber_test_server:testing_iiop_oneway_delay(Mamba, ReqT)),
-    
+
     %% Since the objects are stalled we must wait until they are available again
     %% to be able to run any more tests and get the correct results.
     timer:sleep(ReqT*4),
-    
-    ?match(ok, orber_test_timeout_server:twoway_function(Viper, ReqT*2, ReqT)), 
-    ?match(ok, orber_test_timeout_server:oneway_function(Viper, ReqT*2)), 
-    
-    ?match(ok, orber_test_server:testing_iiop_twoway_delay(Mamba, 0)), 
+
+    ?match(ok, orber_test_timeout_server:twoway_function(Viper, ReqT*2, ReqT)),
+    ?match(ok, orber_test_timeout_server:oneway_function(Viper, ReqT*2)),
+
+    ?match(ok, orber_test_server:testing_iiop_twoway_delay(Mamba, 0)),
     ?match(ok, orber_test_server:testing_iiop_oneway_delay(Mamba, 0)),
 
     timer:sleep(ReqT*4),
@@ -852,11 +893,11 @@ timeouts(Host, Port, ReqT) ->
 %% Arguments: Host - which node to contact.
 %%            Port - which port the other orb uses.
 %% Returns  : term()
-%% Effect   : 
+%% Effect   :
 %%------------------------------------------------------------
 
 light_tests(Host, Port, ObjName) ->
-    NSR = corba:resolve_initial_references_remote("NameService", 
+    NSR = corba:resolve_initial_references_remote("NameService",
             ["iiop://"++Host++":"++integer_to_list(Port)]),
     NC1 = lname_component:set_id(lname_component:create(), "not_exist"),
     N1 =  lname:insert_component(lname:create(), 1, NC1),
@@ -867,7 +908,7 @@ light_tests(Host, Port, ObjName) ->
 	   'CosNaming_NamingContext':resolve(NSR, N1)),
     NC2 = lname_component:set_id(lname_component:create(), ObjName),
     N2  = lname:insert_component(lname:create(), 1, NC2),
-    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_}, 
+    Obj = ?match({'IOP_IOR',"IDL:omg.org/orber_test/server:1.0",_},
 		 'CosNaming_NamingContext':resolve(NSR, N2)),
     Nodes = orber:get_lightweight_nodes(),
     io:format("Light Nodes: ~p~n", [Nodes]),
@@ -889,165 +930,165 @@ test_coding(Obj) ->
 test_coding(Obj, Local) ->
     %%--- Testing code and decode arguments ---
     ?match({ok, 1.5}, orber_test_server:testing_iiop_float(Obj, 1.5)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_float(Obj, atom)),
 
     ?match({ok,1.0}, orber_test_server:testing_iiop_double(Obj, 1.0)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_double(Obj, "wrong")),
-    
+
     ?match({ok,0}, orber_test_server:testing_iiop_short(Obj, 0)),
     ?match({ok,?SHORTMAX}, orber_test_server:testing_iiop_short(Obj, ?SHORTMAX)),
     ?match({ok,?SHORTMIN}, orber_test_server:testing_iiop_short(Obj, ?SHORTMIN)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_short(Obj, atomic)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_short(Obj, ?SHORTMAX+1)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_short(Obj, ?SHORTMIN-1)),
-    
+
     ?match({ok,0}, orber_test_server:testing_iiop_ushort(Obj, 0)),
     ?match({ok,?USHORTMAX}, orber_test_server:testing_iiop_ushort(Obj, ?USHORTMAX)),
     ?match({ok,?USHORTMIN}, orber_test_server:testing_iiop_ushort(Obj, ?USHORTMIN)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_ushort(Obj, ?USHORTMAX+1)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_ushort(Obj, ?USHORTMIN-1)),
-    
+
     ?match({ok,0}, orber_test_server:testing_iiop_long(Obj, 0)),
     ?match({ok,?LONGMAX}, orber_test_server:testing_iiop_long(Obj, ?LONGMAX)),
     ?match({ok,?LONGMIN}, orber_test_server:testing_iiop_long(Obj, ?LONGMIN)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_long(Obj, "wrong")),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_long(Obj, ?LONGMAX+1)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_long(Obj, ?LONGMIN-1)),
-    
+
     ?match({ok,0}, orber_test_server:testing_iiop_longlong(Obj, 0)),
     ?match({ok,?LONGLONGMAX}, orber_test_server:testing_iiop_longlong(Obj, ?LONGLONGMAX)),
     ?match({ok,?LONGLONGMIN}, orber_test_server:testing_iiop_longlong(Obj, ?LONGLONGMIN)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_longlong(Obj, "wrong")),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_longlong(Obj, ?LONGLONGMAX+1)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_longlong(Obj, ?LONGLONGMIN-1)),
-    
+
     ?match({ok,0}, orber_test_server:testing_iiop_ulong(Obj, 0)),
     ?match({ok,?ULONGMAX}, orber_test_server:testing_iiop_ulong(Obj, ?ULONGMAX)),
     ?match({ok,?ULONGMIN}, orber_test_server:testing_iiop_ulong(Obj, ?ULONGMIN)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 		 orber_test_server:testing_iiop_ulong(Obj, ?ULONGMAX+1)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 		 orber_test_server:testing_iiop_ulong(Obj, ?ULONGMIN-1)),
-    
+
     ?match({ok,0}, orber_test_server:testing_iiop_ulonglong(Obj, 0)),
     ?match({ok,?ULONGLONGMAX}, orber_test_server:testing_iiop_ulonglong(Obj, ?ULONGLONGMAX)),
     ?match({ok,?ULONGLONGMIN}, orber_test_server:testing_iiop_ulonglong(Obj, ?ULONGLONGMIN)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_ulonglong(Obj, ?ULONGLONGMAX+1)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_ulonglong(Obj, ?ULONGLONGMIN-1)),
-    
+
     ?match({ok,98}, orber_test_server:testing_iiop_char(Obj, 98)),
     ?match({ok,$b}, orber_test_server:testing_iiop_char(Obj, $b)),
 
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_char(Obj, atomic)),
 
     ?match({ok,65535}, orber_test_server:testing_iiop_wchar(Obj, 65535)),
     ?match({ok,$b}, orber_test_server:testing_iiop_wchar(Obj, $b)),
 
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_wchar(Obj, atomic)),
-    
+
     ?match({ok,true}, orber_test_server:testing_iiop_bool(Obj, true)),
     ?match({ok,false}, orber_test_server:testing_iiop_bool(Obj, false)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_bool(Obj, atom)),
-    
+
     ?match({ok,1}, orber_test_server:testing_iiop_octet(Obj, 1)),
 % No real guards for this case.
-%    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+%    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 %	   orber_test_server:testing_iiop_octet(Obj, 1.5)),
     IOR12 = create_components_IOR({1,2}),
     ?match({ok,Obj}, orber_test_server:testing_iiop_obj(Obj, Obj)),
     ?match({ok,IOR12}, orber_test_server:testing_iiop_obj(Obj, IOR12)),
     PObj = orber_test_server:oe_create([], [{pseudo,true}]),
     ?match({ok, _}, orber_test_server:testing_iiop_obj(Obj, PObj)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_obj(Obj, "no_object")),
     ?match({ok,"string"}, orber_test_server:testing_iiop_string(Obj, "string")),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_string(Obj, "ToLongString")),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_string(Obj, atomic)),
 
     ?match({ok,[65535]}, orber_test_server:testing_iiop_wstring(Obj, [65535])),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_wstring(Obj, "ToLongWstring")),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_wstring(Obj, atomic)),
 
-    ?match({ok, one}, 
+    ?match({ok, one},
 		 orber_test_server:testing_iiop_enum(Obj, one)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_enum(Obj, three)),
-    ?match({ok,[1,2,3]}, 
+    ?match({ok,[1,2,3]},
 		 orber_test_server:testing_iiop_seq(Obj, [1,2,3])),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_seq(Obj, [1,2,3,4])),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_seq(Obj, false)),
 
 
-    ?match({ok,[#orber_test_server_struc{a=1, b=2}]}, 
-		 orber_test_server:testing_iiop_struc_seq(Obj, 
+    ?match({ok,[#orber_test_server_struc{a=1, b=2}]},
+		 orber_test_server:testing_iiop_struc_seq(Obj,
 					  [#orber_test_server_struc{a=1, b=2}])),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_struc_seq(Obj, false)),
 
-    ?match({ok,[#orber_test_server_uni{label=1, value=66}]}, 
-		 orber_test_server:testing_iiop_uni_seq(Obj, 
+    ?match({ok,[#orber_test_server_uni{label=1, value=66}]},
+		 orber_test_server:testing_iiop_uni_seq(Obj,
 					  [#orber_test_server_uni{label=1, value=66}])),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_uni_seq(Obj, false)),
 
-    ?match({ok,{"one", "two"}}, 
+    ?match({ok,{"one", "two"}},
 		 orber_test_server:testing_iiop_array(Obj, {"one", "two"})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_array(Obj, {"one", "two", "three"})),
-    ?match({ok,#orber_test_server_struc{a=1, b=2}}, 
-		 orber_test_server:testing_iiop_struct(Obj, 
+    ?match({ok,#orber_test_server_struc{a=1, b=2}},
+		 orber_test_server:testing_iiop_struct(Obj,
                                          #orber_test_server_struc{a=1, b=2})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_struct(Obj, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_struct(Obj,
                                          #orber_test_server_struc{a="WRONG", b=2})),
-    ?match({ok,#orber_test_server_uni{label=1, value=66}}, 
-	   orber_test_server:testing_iiop_union(Obj, 
+    ?match({ok,#orber_test_server_uni{label=1, value=66}},
+	   orber_test_server:testing_iiop_union(Obj,
                                            #orber_test_server_uni{label=1, value=66})),
 
-    ?match({ok,#orber_test_server_uni_d{label=1, value=66}}, 
-	   orber_test_server:testing_iiop_union_d(Obj, 
+    ?match({ok,#orber_test_server_uni_d{label=1, value=66}},
+	   orber_test_server:testing_iiop_union_d(Obj,
                                            #orber_test_server_uni_d{label=1, value=66})),
 
-    ?match({ok,#orber_test_server_uni_d{label=2, value=true}}, 
-	   orber_test_server:testing_iiop_union_d(Obj, 
+    ?match({ok,#orber_test_server_uni_d{label=2, value=true}},
+	   orber_test_server:testing_iiop_union_d(Obj,
                                            #orber_test_server_uni_d{label=2, value=true})),
 
     ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
-	   orber_test_server:testing_iiop_union_d(Obj, 
+	   orber_test_server:testing_iiop_union_d(Obj,
                                            #orber_test_server_uni_d{label=2, value=66})),
 
     case Local of
 	true ->
-	    ?match({ok,#orber_test_server_uni{label=2, value=66}}, 
-		   orber_test_server:testing_iiop_union(Obj, 
+	    ?match({ok,#orber_test_server_uni{label=2, value=66}},
+		   orber_test_server:testing_iiop_union(Obj,
 							#orber_test_server_uni{label=2, value=66}));
 	false ->
-	    ?match({ok,#orber_test_server_uni{label=2, value=undefined}}, 
-		   orber_test_server:testing_iiop_union(Obj, 
+	    ?match({ok,#orber_test_server_uni{label=2, value=undefined}},
+		   orber_test_server:testing_iiop_union(Obj,
 							#orber_test_server_uni{label=2, value=66}))
     end,
 
@@ -1058,258 +1099,258 @@ test_coding(Obj, Local) ->
     C4 = orber_test_server:fixed52negconst1(),
     C5 = orber_test_server:fixed52negconst2(),
     C6 = orber_test_server:fixed52negconst3(),
-    
+
     ?match({ok,C1}, orber_test_server:testing_iiop_fixed(Obj, C1)),
     ?match({ok,C2}, orber_test_server:testing_iiop_fixed(Obj, C2)),
     ?match({ok,C3}, orber_test_server:testing_iiop_fixed(Obj, C3)),
     ?match({ok,C4}, orber_test_server:testing_iiop_fixed(Obj, C4)),
     ?match({ok,C5}, orber_test_server:testing_iiop_fixed(Obj, C5)),
     ?match({ok,C6}, orber_test_server:testing_iiop_fixed(Obj, C6)),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-		 orber_test_server:testing_iiop_fixed(Obj, #fixed{digits = 5, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+		 orber_test_server:testing_iiop_fixed(Obj, #fixed{digits = 5,
 								  scale = 2,
 								  value = 123450})),
 
     ?match(ok, orber_test_server:testing_iiop_void(Obj)),
 
-    ?match({'EXCEPTION',{'BAD_QOS',_,_,_}}, 
+    ?match({'EXCEPTION',{'BAD_QOS',_,_,_}},
 	   orber_test_server:pseudo_call_raise_exc(Obj, 1)),
-    ?match({'EXCEPTION',{'BAD_QOS',_,_,_}}, 
+    ?match({'EXCEPTION',{'BAD_QOS',_,_,_}},
 	   orber_test_server:pseudo_call_raise_exc(Obj, 2)),
-    ?match({'EXCEPTION',{'orber_test_server_UserDefinedException',_}}, 
+    ?match({'EXCEPTION',{'orber_test_server_UserDefinedException',_}},
 		 orber_test_server:raise_local_exception(Obj)),
     ?match({'EXCEPTION',{'orber_test_server_ComplexUserDefinedException',_,
-			       [#orber_test_server_struc{a=1, b=2}]}}, 
+			       [#orber_test_server_struc{a=1, b=2}]}},
 		 orber_test_server:raise_complex_local_exception(Obj)),
     %% Test all TypeCodes
-    ?match({ok, #any{typecode = tk_long, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long, 
+    ?match({ok, #any{typecode = tk_long, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long,
 							      value = 1})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long,
 							value = "wrong"})),
-    ?match({ok, #any{typecode = tk_float, value = 1.5}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_float, 
+    ?match({ok, #any{typecode = tk_float, value = 1.5}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_float,
 							      value = 1.5})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long,
 							value = "wrong"})),
-    ?match({ok, #any{typecode = tk_double}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_double, 
+    ?match({ok, #any{typecode = tk_double}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_double,
 							      value = 1.0})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_double, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_double,
 							value = "wrong"})),
-    ?match({ok, #any{typecode = tk_short, value = -1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_short, 
+    ?match({ok, #any{typecode = tk_short, value = -1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_short,
 							      value = -1})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_short, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_short,
 							value = atomic})),
-    ?match({ok, #any{typecode = tk_ushort, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ushort, 
+    ?match({ok, #any{typecode = tk_ushort, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ushort,
 							      value = 1})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ushort, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ushort,
 							value = -1})),
-    ?match({ok, #any{typecode = tk_long, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long, 
+    ?match({ok, #any{typecode = tk_long, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long,
 							      value = 1})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_long,
 							value = "wrong"})),
-    ?match({ok, #any{typecode = tk_longlong, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_longlong, 
+    ?match({ok, #any{typecode = tk_longlong, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_longlong,
 							      value = 1})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_longlong, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_longlong,
 							value = "wrong"})),
-    ?match({ok, #any{typecode = tk_ulong, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong, 
+    ?match({ok, #any{typecode = tk_ulong, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong,
 							      value = 1})),
-    ?match({ok, #any{typecode = tk_ulong, value = 4294967295}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong, 
+    ?match({ok, #any{typecode = tk_ulong, value = 4294967295}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong,
 							      value = 4294967295})),
     ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong, 
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong,
 							      value = 4294967296})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulong,
 							value = -1})),
-    ?match({ok, #any{typecode = tk_ulonglong, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulonglong, 
+    ?match({ok, #any{typecode = tk_ulonglong, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulonglong,
 							      value = 1})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulonglong, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_ulonglong,
 							value = -1})),
-    ?match({ok, #any{typecode = tk_char, value = 98}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_char, 
+    ?match({ok, #any{typecode = tk_char, value = 98}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_char,
 							      value = 98})),
-    ?match({ok, #any{typecode = tk_char, value = $b}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_char, 
+    ?match({ok, #any{typecode = tk_char, value = $b}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_char,
 							      value = $b})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_char, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_char,
 							value = atomic})),
-    ?match({ok, #any{typecode = tk_wchar, value = 65535}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_wchar, 
+    ?match({ok, #any{typecode = tk_wchar, value = 65535}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_wchar,
 							      value = 65535})),
-    ?match({ok, #any{typecode = tk_wchar, value = $b}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_wchar, 
+    ?match({ok, #any{typecode = tk_wchar, value = $b}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_wchar,
 							      value = $b})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_wchar, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_wchar,
 							value = atomic})),
-    ?match({ok, #any{typecode = tk_boolean, value = true}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_boolean, 
+    ?match({ok, #any{typecode = tk_boolean, value = true}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_boolean,
 							      value = true})),
-    ?match({ok, #any{typecode = tk_boolean, value = false}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_boolean, 
+    ?match({ok, #any{typecode = tk_boolean, value = false}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_boolean,
 							      value = false})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_boolean, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_boolean,
 							value = 1})),
-    ?match({ok, #any{typecode = tk_octet, value = 1}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_octet, 
+    ?match({ok, #any{typecode = tk_octet, value = 1}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_octet,
 							      value = 1})),
-    ?match({ok, #any{typecode = {tk_objref, "IDL:omg.org/orber_test/server:1.0", "server"}, value = Obj}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_objref, "IDL:omg.org/orber_test/server:1.0", "server"}, 
+    ?match({ok, #any{typecode = {tk_objref, "IDL:omg.org/orber_test/server:1.0", "server"}, value = Obj}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_objref, "IDL:omg.org/orber_test/server:1.0", "server"},
 							      value = Obj})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_objref, "IDL:omg.org/orber_test/server:1.0", "server"}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_objref, "IDL:omg.org/orber_test/server:1.0", "server"},
 							value = "No Object"})),
-    ?match({ok, #any{typecode = {tk_string, 6}, value = "string"}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_string, 6}, 
+    ?match({ok, #any{typecode = {tk_string, 6}, value = "string"}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_string, 6},
 							      value = "string"})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_string, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = tk_string,
 							value = atomic})),
-    ?match({ok, #any{typecode = {tk_wstring, 1}, value = [65535]}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_wstring, 1}, 
+    ?match({ok, #any{typecode = {tk_wstring, 1}, value = [65535]}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_wstring, 1},
 							      value = [65535]})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_wstring, 1}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_wstring, 1},
 							value = atomic})),
-    ?match({ok, #any{typecode = {tk_enum, "IDL:omg.org/orber_test/server/enumerant:1.0", "enumerant", ["one","two"]}, 
-			   value = two}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_enum, "IDL:omg.org/orber_test/server/enumerant:1.0", "enumerant", ["one","two"]}, 
+    ?match({ok, #any{typecode = {tk_enum, "IDL:omg.org/orber_test/server/enumerant:1.0", "enumerant", ["one","two"]},
+			   value = two}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_enum, "IDL:omg.org/orber_test/server/enumerant:1.0", "enumerant", ["one","two"]},
 							      value = two})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_enum, "IDL:omg.org/orber_test/server/enumerant:1.0", "enumerant", ["one","two"]}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_enum, "IDL:omg.org/orber_test/server/enumerant:1.0", "enumerant", ["one","two"]},
 							      value = three})),
 
 
-    ?match({ok, #any{typecode = {tk_sequence, tk_long, 3}, 
-			   value = [1,2,3]}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_sequence, tk_long, 3}, 
+    ?match({ok, #any{typecode = {tk_sequence, tk_long, 3},
+			   value = [1,2,3]}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_sequence, tk_long, 3},
 							      value = [1,2,3]})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_sequence, tk_long, 3}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_sequence, tk_long, 3},
 							value = false})),
 
 
 
-    ?match({ok, #any{typecode = {tk_array,{tk_string,0},2}, 
-			   value = {"one", "two"}}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_array,{tk_string,0},2}, 
+    ?match({ok, #any{typecode = {tk_array,{tk_string,0},2},
+			   value = {"one", "two"}}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_array,{tk_string,0},2},
 							      value = {"one", "two"}})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_array,{tk_string,0},2}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_array,{tk_string,0},2},
 							value = {"one", "two", "three"}})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
-	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_array,{tk_string,0},2}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
+	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_array,{tk_string,0},2},
 							value = {1, 2}})),
     ?match({ok, #any{typecode = {tk_struct,"IDL:omg.org/orber_test/server/struc:1.0",
 				       "struc",
-				       [{"a",tk_long},{"b",tk_short}]}, 
-			   value = #orber_test_server_struc{a=1, b=2}}}, 
+				       [{"a",tk_long},{"b",tk_short}]},
+			   value = #orber_test_server_struc{a=1, b=2}}},
 		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_struct,"IDL:omg.org/orber_test/server/struc:1.0",
 									  "struc",
 									  [{"a",tk_long},{"b",tk_short}]},
 							      value = #orber_test_server_struc{a=1, b=2}})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_struct,"IDL:omg.org/orber_test/server/struc:1.0",
 								    "struc",
-								    [{"a",tk_long},{"b",tk_short}]}, 
+								    [{"a",tk_long},{"b",tk_short}]},
 							value = #orber_test_server_struc{a=1, b="string"}})),
-    ?match({ok, #any{typecode = 
+    ?match({ok, #any{typecode =
 			   {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-			    "uni", tk_long, -1, [{1,"a",tk_long}]}, 
-			   value = #orber_test_server_uni{label=1, value=66}}}, 
+			    "uni", tk_long, -1, [{1,"a",tk_long}]},
+			   value = #orber_test_server_uni{label=1, value=66}}},
 		 orber_test_server:
-		 testing_iiop_any(Obj, 
-				  #any{typecode = 
+		 testing_iiop_any(Obj,
+				  #any{typecode =
 				       {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-					"uni", tk_long,	-1, [{1,"a",tk_long}]}, 
+					"uni", tk_long,	-1, [{1,"a",tk_long}]},
 				       value = #orber_test_server_uni{label=1, value=66}})),
     case Local of
 	true ->
-	    ?match({ok, #any{typecode = 
+	    ?match({ok, #any{typecode =
 				   {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-				    "uni", tk_long, -1, [{1,"a",tk_long}]}, 
-				   value = #orber_test_server_uni{label=2, value=66}}}, 
+				    "uni", tk_long, -1, [{1,"a",tk_long}]},
+				   value = #orber_test_server_uni{label=2, value=66}}},
 			 orber_test_server:
 			 testing_iiop_any(Obj,
-					  #any{typecode = 
+					  #any{typecode =
 					       {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-						"uni", tk_long,	-1, [{1,"a",tk_long}]}, 
+						"uni", tk_long,	-1, [{1,"a",tk_long}]},
 					       value = #orber_test_server_uni{label=2, value=66}}));
 	false ->
-	    ?match({ok, #any{typecode = 
+	    ?match({ok, #any{typecode =
 				   {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-				    "uni", tk_long, -1, [{1,"a",tk_long}]}, 
-				   value = #orber_test_server_uni{label=2, value=undefined}}}, 
+				    "uni", tk_long, -1, [{1,"a",tk_long}]},
+				   value = #orber_test_server_uni{label=2, value=undefined}}},
 			 orber_test_server:
 			 testing_iiop_any(Obj,
-					  #any{typecode = 
+					  #any{typecode =
 					       {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-						"uni", tk_long,	-1, [{1,"a",tk_long}]}, 
+						"uni", tk_long,	-1, [{1,"a",tk_long}]},
 					       value = #orber_test_server_uni{label=2, value=66}}))
     end,
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
 	   orber_test_server:
-		 testing_iiop_any(Obj, 
-				  #any{typecode = 
+		 testing_iiop_any(Obj,
+				  #any{typecode =
 				       {tk_union,"IDL:omg.org/orber_test/server/uni:1.0",
-					"uni", tk_long, -1, [{1,"a",tk_long}]}, 
+					"uni", tk_long, -1, [{1,"a",tk_long}]},
 				       value = #orber_test_server_uni{label=1, value="string"}})),
 
-    ?match({ok, #any{typecode = {tk_fixed,5,2}, 
-			   value = #fixed{digits = 5, scale = 2, value = 12345}}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_fixed,5,2}, 
-							      value = #fixed{digits = 5, 
-									     scale = 2, 
+    ?match({ok, #any{typecode = {tk_fixed,5,2},
+			   value = #fixed{digits = 5, scale = 2, value = 12345}}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_fixed,5,2},
+							      value = #fixed{digits = 5,
+									     scale = 2,
 									     value = 12345}})),
-    ?match({ok, #any{typecode = {tk_fixed,10,2}, 
-			   value = #fixed{digits = 10, scale = 2, value = 1234567890}}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_fixed,10,2}, 
-							      value = #fixed{digits = 10, 
-									     scale = 2, 
+    ?match({ok, #any{typecode = {tk_fixed,10,2},
+			   value = #fixed{digits = 10, scale = 2, value = 1234567890}}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_fixed,10,2},
+							      value = #fixed{digits = 10,
+									     scale = 2,
 									     value = 1234567890}})),
-    ?match({ok, #any{typecode = {tk_fixed,6,2}, 
-			   value = #fixed{digits = 6, scale = 2, value = 300000}}}, 
-		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_fixed,6,2}, 
-							      value = #fixed{digits = 6, 
-									     scale = 2, 
+    ?match({ok, #any{typecode = {tk_fixed,6,2},
+			   value = #fixed{digits = 6, scale = 2, value = 300000}}},
+		 orber_test_server:testing_iiop_any(Obj, #any{typecode = {tk_fixed,6,2},
+							      value = #fixed{digits = 6,
+									     scale = 2,
 									     value = 300000}})),
-    ?match({'EXCEPTION',{'MARSHAL',_,_,_}}, 
+    ?match({'EXCEPTION',{'MARSHAL',_,_,_}},
           orber_test_server:
 		 testing_iiop_server_marshal(Obj, "string")),
-    
+
     RecS = #orber_test_server_rec_struct{chain = [#orber_test_server_rec_struct{chain = []}]},
     ?match(RecS, orber_test_server:testing_iiop_rec_struct(Obj, RecS)),
-    
-    RecU = #orber_test_server_rec_union{label = 'RecursiveType', 
+
+    RecU = #orber_test_server_rec_union{label = 'RecursiveType',
 					value = [#orber_test_server_rec_union{label = 'RecursiveType',
 									      value = []}]},
     ?match(RecU, orber_test_server:testing_iiop_rec_union(Obj, RecU)),
 
 %%     RecA1 = #any{typecode = unsupported, value = RecS},
 %%     RecA2 = #any{typecode = unsupported, value = RecU},
-%%     ?match(RecA1, 
-%% 	   orber_test_server:testing_iiop_rec_any(Obj, RecA1)),    
-%%     ?match(RecA2, 
-%% 	   orber_test_server:testing_iiop_rec_any(Obj, RecA2)),    
+%%     ?match(RecA1,
+%% 	   orber_test_server:testing_iiop_rec_any(Obj, RecA1)),
+%%     ?match(RecA2,
+%% 	   orber_test_server:testing_iiop_rec_any(Obj, RecA2)),
 
     ok.
 
@@ -1332,14 +1373,14 @@ Result    : ~p
     ok.
 
 %%--------------- Testing Missing Module ---------------------
-oe_get_interface() ->  
+oe_get_interface() ->
     non_existing_module:tc(foo).
 
 %%--------------- INTERCEPTOR FUNCTIONS ----------------------
 %%------------------------------------------------------------
 %% function : new_in_connection
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 new_in_connection(Arg, CHost, Port) ->
     Host = node(),
@@ -1353,14 +1394,14 @@ To Host   : ~p
 To Port   : ~p
 Peers     : ~p
 Arg       : ~p
-==========================================~n", 
+==========================================~n",
 			  [Host, CHost, Port, SHost, SPort, Peers, Arg]),
     {Host}.
 
 %%------------------------------------------------------------
 %% function : new_out_connection
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 new_out_connection(Arg, SHost, Port) ->
     Host = node(),
@@ -1369,73 +1410,73 @@ Node      : ~p
 To Host   : ~p
 To Port   : ~p
 Arg       : ~p
-==========================================~n", 
+==========================================~n",
 			  [Host, SHost, Port, Arg]),
     {Host}.
 
 %%------------------------------------------------------------
 %% function : closed_in_connection
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 closed_in_connection(Arg) ->
     error_logger:info_msg("=============== closed_in_connection =====
 Node      : ~p
 Connection: ~p
-==========================================~n", 
+==========================================~n",
 			  [node(), Arg]),
     Arg.
 
 %%------------------------------------------------------------
 %% function : closed_out_connection
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 closed_out_connection(Arg) ->
     error_logger:info_msg("=============== closed_out_connection ====
 Node      : ~p
 Connection: ~p
-==========================================~n", 
+==========================================~n",
 			  [node(), Arg]),
     Arg.
 
 %%------------------------------------------------------------
 %% function : in_request_encoded
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
-in_request_encoded(Ref, _ObjKey, Ctx, Op, 
+in_request_encoded(Ref, _ObjKey, Ctx, Op,
 	   <<100:8,101:8,102:8,103:8,104:8,105:8,106:8,107:8,108:8,109:8,110:8,T/binary>>, _Args) ->
     error_logger:info_msg("=============== in_request_encoded =======
 Connection: ~p
 Operation : ~p
 Body      : ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, T, Ctx]),
     {T, "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : in_reply_encoded
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 in_reply_encoded(Ref, _ObjKey, Ctx, Op,
-	 <<100:8,101:8,102:8,103:8,104:8,105:8,106:8,107:8,108:8,109:8,110:8,T/binary>>, 
+	 <<100:8,101:8,102:8,103:8,104:8,105:8,106:8,107:8,108:8,109:8,110:8,T/binary>>,
 	 _Args) ->
     error_logger:info_msg("============== in_reply_encoded ==========
 Connection: ~p
 Operation : ~p
 Body      : ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, T, Ctx]),
     {T, "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : out_reply_encoded
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 out_reply_encoded(Ref, _ObjKey, Ctx, Op, List, _Args) ->
     error_logger:info_msg("============== out_reply_encoded =========
@@ -1443,14 +1484,14 @@ Connection: ~p
 Operation : ~p
 Body      : ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, List, Ctx]),
     {list_to_binary([<<100:8,101:8,102:8,103:8,104:8,105:8,106:8,107:8,108:8,109:8,110:8>>|List]), "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : out_request_encoded
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 out_request_encoded(Ref, _ObjKey, Ctx, Op, List, _Args) ->
     error_logger:info_msg("============== out_request_encoded =======
@@ -1458,14 +1499,14 @@ Connection: ~p
 Operation : ~p
 Body      : ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, List, Ctx]),
     {list_to_binary([<<100:8,101:8,102:8,103:8,104:8,105:8,106:8,107:8,108:8,109:8,110:8>>|List]), "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : in_request
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 in_request(Ref, _ObjKey, Ctx, Op, Params, _Args) ->
     error_logger:info_msg("=============== in_request ===============
@@ -1473,14 +1514,14 @@ Connection: ~p
 Operation : ~p
 Parameters: ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, Params, Ctx]),
     {Params, "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : in_reply
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 in_reply(Ref, _ObjKey, Ctx, Op, Reply, _Args) ->
     error_logger:info_msg("=============== in_reply =================
@@ -1488,14 +1529,14 @@ Connection: ~p
 Operation : ~p
 Reply     : ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, Reply, Ctx]),
     {Reply, "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : postinvoke
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 out_reply(Ref, _ObjKey, Ctx, Op, Reply, _Args) ->
     error_logger:info_msg("=============== out_reply ================
@@ -1503,14 +1544,14 @@ Connection: ~p
 Operation : ~p
 Reply     : ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, Reply, Ctx]),
     {Reply, "NewArgs"}.
 
 %%------------------------------------------------------------
 %% function : postinvoke
-%% Arguments: 
-%% Returns  : 
+%% Arguments:
+%% Returns  :
 %%------------------------------------------------------------
 out_request(Ref, _ObjKey, Ctx, Op, Params, _Args) ->
     error_logger:info_msg("=============== out_request ==============
@@ -1518,7 +1559,7 @@ Connection: ~p
 Operation : ~p
 Parameters: ~p
 Context   : ~p
-==========================================~n", 
+==========================================~n",
 			  [Ref, Op, Params, Ctx]),
     {Params, "NewArgs"}.
 
diff --git a/lib/os_mon/c_src/Makefile.in b/lib/os_mon/c_src/Makefile.in
index b81d3f564b..bac0413ece 100644
--- a/lib/os_mon/c_src/Makefile.in
+++ b/lib/os_mon/c_src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/os_mon/c_src/memsup.c b/lib/os_mon/c_src/memsup.c
index 241e7718db..b6e417eaa0 100644
--- a/lib/os_mon/c_src/memsup.c
+++ b/lib/os_mon/c_src/memsup.c
@@ -327,27 +327,27 @@ get_mem_procfs(memory_ext *me){
     /* Total and free is NEEDED! */
     
     bp = strstr(buffer, "MemTotal:");    
-    if (sscanf(bp, "MemTotal: %lu kB\n", &(me->total)))  me->flag |= F_MEM_TOTAL;
+    if (bp != NULL && sscanf(bp, "MemTotal: %lu kB\n", &(me->total)))  me->flag |= F_MEM_TOTAL;
 
     bp = strstr(buffer, "MemFree:");    
-    if (sscanf(bp, "MemFree: %lu kB\n", &(me->free)))    me->flag |= F_MEM_FREE;
+    if (bp != NULL && sscanf(bp, "MemFree: %lu kB\n", &(me->free)))    me->flag |= F_MEM_FREE;
     
     /* Extensions */
     
     bp = strstr(buffer, "Buffers:");    
-    if (sscanf(bp, "Buffers: %lu kB\n", &(me->buffered))) me->flag |= F_MEM_BUFFERS;
+    if (bp != NULL && sscanf(bp, "Buffers: %lu kB\n", &(me->buffered))) me->flag |= F_MEM_BUFFERS;
     
     bp = strstr(buffer, "Cached:");    
-    if (sscanf(bp, "Cached: %lu kB\n", &(me->cached)))   me->flag |= F_MEM_CACHED;
+    if (bp != NULL && sscanf(bp, "Cached: %lu kB\n", &(me->cached)))   me->flag |= F_MEM_CACHED;
     
 
     /* Swap */
     
     bp = strstr(buffer, "SwapTotal:");    
-    if (sscanf(bp, "SwapTotal: %lu kB\n", &(me->total_swap))) me->flag |= F_SWAP_TOTAL;
+    if (bp != NULL && sscanf(bp, "SwapTotal: %lu kB\n", &(me->total_swap))) me->flag |= F_SWAP_TOTAL;
     
     bp = strstr(buffer, "SwapFree:");    
-    if (sscanf(bp, "SwapFree: %lu kB\n", &(me->free_swap))) me->flag |= F_SWAP_FREE;
+    if (bp != NULL && sscanf(bp, "SwapFree: %lu kB\n", &(me->free_swap))) me->flag |= F_SWAP_FREE;
     
     me->pagesize = 1024; /* procfs defines its size in kB */
     
diff --git a/lib/os_mon/doc/src/notes.xml b/lib/os_mon/doc/src/notes.xml
index f641bbd828..b459e31fa5 100644
--- a/lib/os_mon/doc/src/notes.xml
+++ b/lib/os_mon/doc/src/notes.xml
@@ -30,6 +30,35 @@
   </header>
   <p>This document describes the changes made to the OS_Mon application.</p>
 
+<section><title>Os_Mon 2.2.8</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Os_Mon 2.2.7</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/os_mon/mibs/Makefile b/lib/os_mon/mibs/Makefile
index a361fef378..655190edf4 100644
--- a/lib/os_mon/mibs/Makefile
+++ b/lib/os_mon/mibs/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/os_mon/src/cpu_sup.erl b/lib/os_mon/src/cpu_sup.erl
index e414e2c10b..34251178ee 100644
--- a/lib/os_mon/src/cpu_sup.erl
+++ b/lib/os_mon/src/cpu_sup.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -764,8 +764,7 @@ port_receive_cpu_util_entries(_, _, Data) ->
      exit({data_mismatch, Data}).
 
 start_portprogram() ->
-    Command = filename:join([code:priv_dir(os_mon), "bin", "cpu_sup"]),
-    Port = open_port({spawn, Command}, [stream]),
+    Port = os_mon:open_port("cpu_sup", [stream]),
     port_command(Port, ?ping),
     4711 = port_receive_uint32(Port, 5000),
     Port.
diff --git a/lib/os_mon/src/memsup.erl b/lib/os_mon/src/memsup.erl
index ba07a529bc..49533da1f7 100644
--- a/lib/os_mon/src/memsup.erl
+++ b/lib/os_mon/src/memsup.erl
@@ -802,8 +802,7 @@ port_init() ->
     port_idle(Port).
 
 start_portprogram() ->
-    Command = filename:join([code:priv_dir(os_mon), "bin", "memsup"]),
-    open_port({spawn, Command}, [{packet, 1}]).
+    os_mon:open_port("memsup",[{packet,1}]).
 
 %% The connected process loops are a bit awkward (several different
 %% functions doing almost the same thing) as
diff --git a/lib/os_mon/src/os_mon.erl b/lib/os_mon/src/os_mon.erl
index ef368571db..3098c38808 100644
--- a/lib/os_mon/src/os_mon.erl
+++ b/lib/os_mon/src/os_mon.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2012. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -22,7 +22,7 @@
 -behaviour(supervisor).
 
 %% API
--export([call/2, call/3, get_env/2]).
+-export([call/2, call/3, get_env/2, open_port/2]).
 
 %% Application callbacks
 -export([start/2, stop/1]).
@@ -79,6 +79,22 @@ get_env(Service, Param) ->
 	    Service:param_default(Param)
     end.
 
+open_port(Name, Opts) ->
+    PrivDir = code:priv_dir(os_mon),
+    ReleasedPath = filename:join([PrivDir,"bin",Name]),
+    %% Check os_mon*/priv/bin/Name
+    case filelib:is_regular(ReleasedPath) of
+	true ->
+	    erlang:open_port({spawn, ReleasedPath}, Opts);
+	false ->
+	    %% Use os_mon*/priv/bin/Arch/Name
+	    ArchPath =
+		filename:join(
+		  [PrivDir,"bin",erlang:system_info(system_architecture),Name]),
+	    erlang:open_port({spawn, ArchPath}, Opts)
+    end.
+
+
 %%%-----------------------------------------------------------------
 %%% Application callbacks
 %%%-----------------------------------------------------------------
diff --git a/lib/os_mon/src/os_mon_mib.erl b/lib/os_mon/src/os_mon_mib.erl
index a4ce274a16..ea17f928cc 100644
--- a/lib/os_mon/src/os_mon_mib.erl
+++ b/lib/os_mon/src/os_mon_mib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -65,11 +65,11 @@
 %% Shadow argument macros 
 -define(loadShadowArgs, 
 	{loadTable, string, record_info(fields, loadTable), 5000,
-	 {os_mon_mib, update_load_table}}). 
+	 fun os_mon_mib:update_load_table/0}).
 	
 -define(diskShadowArgs, 
 	{diskTable, {integer, integer}, record_info(fields, diskTable), 5000,
-	 {os_mon_mib, update_disk_table}}). 
+	 fun os_mon_mib:update_disk_table/0}).
 
 %% Misc
 -record(diskAlloc, {diskDescr, diskId}).
diff --git a/lib/os_mon/src/os_mon_sysinfo.erl b/lib/os_mon/src/os_mon_sysinfo.erl
index 5d12bd95d1..080885d5d6 100644
--- a/lib/os_mon/src/os_mon_sysinfo.erl
+++ b/lib/os_mon/src/os_mon_sysinfo.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -108,9 +108,7 @@ code_change(_OldVsn, State, _Extra) ->
 %%----------------------------------------------------------------------
 
 start_portprogram() ->
-    Command =
-	filename:join([code:priv_dir(os_mon),"bin","win32sysinfo.exe"]),
-    Port = open_port({spawn,Command}, [{packet,1}]),
+    Port = os_mon:open_port("win32sysinfo.exe", [{packet,1}]),
     receive
 	{Port, {data, [?OK]}} ->
 	    Port;
diff --git a/lib/os_mon/test/os_mon_mib_SUITE.erl b/lib/os_mon/test/os_mon_mib_SUITE.erl
index 4bd256a3f7..a137efc441 100644
--- a/lib/os_mon/test/os_mon_mib_SUITE.erl
+++ b/lib/os_mon/test/os_mon_mib_SUITE.erl
@@ -718,7 +718,7 @@ del_dir(Dir) ->
     {ok, Files} = file:list_dir(Dir),
     FullPathFiles = lists:map(fun(File) -> filename:join(Dir, File) end,
 			      Files),
-    lists:foreach({file, delete}, FullPathFiles),
+    lists:foreach(fun file:delete/1, FullPathFiles),
     file:del_dir(Dir).
 
 %%---------------------------------------------------------------------
diff --git a/lib/os_mon/vsn.mk b/lib/os_mon/vsn.mk
index f000e24a8f..89dfa59dd9 100644
--- a/lib/os_mon/vsn.mk
+++ b/lib/os_mon/vsn.mk
@@ -1 +1 @@
-OS_MON_VSN = 2.2.7
+OS_MON_VSN = 2.2.8
diff --git a/lib/otp_mibs/doc/src/notes.xml b/lib/otp_mibs/doc/src/notes.xml
index 94c1dd4228..71e33fceb9 100644
--- a/lib/otp_mibs/doc/src/notes.xml
+++ b/lib/otp_mibs/doc/src/notes.xml
@@ -31,6 +31,26 @@
   <p>This document describes the changes made to the OTP_Mibs
     application.</p>
 
+<section><title>Otp_Mibs 1.0.7</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Otp_Mibs 1.0.6</title>
 
     <section><title>Improvements and New Features</title>
diff --git a/lib/otp_mibs/src/otp_mib.erl b/lib/otp_mibs/src/otp_mib.erl
index e8b0e51b91..619104007c 100644
--- a/lib/otp_mibs/src/otp_mib.erl
+++ b/lib/otp_mibs/src/otp_mib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -48,11 +48,11 @@
 %% Shadow argument macros 
 -define(erlNodeShadowArgs, 
 	{erlNodeTable, integer, record_info(fields, erlNodeTable), 5000,
-	 {otp_mib, update_erl_node_table}}). 
+	 fun otp_mib:update_erl_node_table/0}).
 
 -define(applShadowArgs,
 	{applTable, {integer, integer}, record_info(fields, applTable), 
-	 5000, {otp_mib, update_appl_table}}).
+	 5000, fun otp_mib:update_appl_table/0}).
 
 %% Misc
 -record(erlNodeAlloc, {nodeName, nodeId}).
diff --git a/lib/otp_mibs/vsn.mk b/lib/otp_mibs/vsn.mk
index c2fa7c9474..f070288032 100644
--- a/lib/otp_mibs/vsn.mk
+++ b/lib/otp_mibs/vsn.mk
@@ -1,4 +1,4 @@
-OTP_MIBS_VSN = 1.0.6
+OTP_MIBS_VSN = 1.0.7
 
 # Note: The branch 'otp_mibs' is defunct as of otp_mibs-1.0.4 and
 # should NOT be used again.
diff --git a/lib/parsetools/doc/src/notes.xml b/lib/parsetools/doc/src/notes.xml
index 0c611db1ec..ac29cbb893 100644
--- a/lib/parsetools/doc/src/notes.xml
+++ b/lib/parsetools/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1997</year><year>2010</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -30,6 +30,26 @@
   </header>
   <p>This document describes the changes made to the Parsetools application.</p>
 
+<section><title>Parsetools 2.0.7</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Parsetools 2.0.6</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/parsetools/include/yeccpre.hrl b/lib/parsetools/include/yeccpre.hrl
index f638529aa4..3672394fc5 100644
--- a/lib/parsetools/include/yeccpre.hrl
+++ b/lib/parsetools/include/yeccpre.hrl
@@ -28,10 +28,11 @@ parse(Tokens) ->
 
 -spec parse_and_scan({function() | {atom(), atom()}, [_]}
                      | {atom(), atom(), [_]}) -> yecc_ret().
-parse_and_scan({F, A}) -> % Fun or {M, F}
+parse_and_scan({F, A}) ->
     yeccpars0([], {{F, A}, no_line}, 0, [], []);
 parse_and_scan({M, F, A}) ->
-    yeccpars0([], {{{M, F}, A}, no_line}, 0, [], []).
+    Arity = length(A),
+    yeccpars0([], {{fun M:F/Arity, A}, no_line}, 0, [], []).
 
 -spec format_error(any()) -> [char() | list()].
 format_error(Message) ->
diff --git a/lib/parsetools/test/yecc_SUITE.erl b/lib/parsetools/test/yecc_SUITE.erl
index a5f66b48e9..3d26adf1be 100644
--- a/lib/parsetools/test/yecc_SUITE.erl
+++ b/lib/parsetools/test/yecc_SUITE.erl
@@ -1197,7 +1197,7 @@ yeccpre(Config) when is_list(Config) ->
                 catch error: error ->
                         ok
                 end,
-                try parse_and_scan({{yecc_test, scan}, [exit]})
+                try parse_and_scan({fun yecc_test:scan/1, [exit]})
                 catch exit: exit ->
                         ok
                 end,
@@ -1650,10 +1650,11 @@ yeccpre_v1_2() ->
 parse(Tokens) ->
     yeccpars0(Tokens, false).
 
-parse_and_scan({F, A}) -> % Fun or {M, F}
+parse_and_scan({F, A}) ->
     yeccpars0([], {F, A});
 parse_and_scan({M, F, A}) ->
-    yeccpars0([], {{M, F}, A}).
+    Arity = length(A),
+    yeccpars0([], {fun M:F/Arity, A}).
 
 format_error(Message) ->
     case io_lib:deep_char_list(Message) of
diff --git a/lib/parsetools/vsn.mk b/lib/parsetools/vsn.mk
index 093523f0e7..e2594564cb 100644
--- a/lib/parsetools/vsn.mk
+++ b/lib/parsetools/vsn.mk
@@ -1 +1 @@
-PARSETOOLS_VSN = 2.0.6
+PARSETOOLS_VSN = 2.0.7
diff --git a/lib/percept/doc/src/notes.xml b/lib/percept/doc/src/notes.xml
index 95c2bbda56..1ac1a5ab62 100644
--- a/lib/percept/doc/src/notes.xml
+++ b/lib/percept/doc/src/notes.xml
@@ -32,6 +32,21 @@
   </header>
   <p>This document describes the changes made to the Percept application.</p>
 
+<section><title>Percept 0.8.6.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Miscellaneous documentation build updates</p>
+          <p>
+	    Own Id: OTP-9813</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Percept 0.8.6</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/percept/vsn.mk b/lib/percept/vsn.mk
index 3b4d9bbb64..9267a41055 100644
--- a/lib/percept/vsn.mk
+++ b/lib/percept/vsn.mk
@@ -1 +1 @@
-PERCEPT_VSN = 0.8.6
+PERCEPT_VSN = 0.8.6.1
diff --git a/lib/pman/doc/src/notes.xml b/lib/pman/doc/src/notes.xml
index 27e3b5e5fe..407a10a50a 100644
--- a/lib/pman/doc/src/notes.xml
+++ b/lib/pman/doc/src/notes.xml
@@ -30,6 +30,21 @@
   </header>
   <p>This document describes the changes made to the Pman application.</p>
 
+<section><title>Pman 2.7.1.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Miscellaneous documentation build updates</p>
+          <p>
+	    Own Id: OTP-9813</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Pman 2.7.1</title>
 
     <section><title>Improvements and New Features</title>
diff --git a/lib/pman/doc/src/pman.xml b/lib/pman/doc/src/pman.xml
index 84d5a5772a..5f95aecc04 100644
--- a/lib/pman/doc/src/pman.xml
+++ b/lib/pman/doc/src/pman.xml
@@ -32,6 +32,12 @@
   <module>pman</module>
   <modulesummary>A graphical process manager.</modulesummary>
   <description>
+    <warning>
+      <p>
+	The Pman application has been superseded by the Observer application.
+	Pman will be removed in R16.
+      </p>
+    </warning>
     <p>A graphical tool used to inspect the Erlang processes executing either
       locally or on remote nodes. It is also possible to trace events in
       the individual processes.</p>
diff --git a/lib/pman/doc/src/pman_chapter.xml b/lib/pman/doc/src/pman_chapter.xml
index 141b488415..8668628bfa 100644
--- a/lib/pman/doc/src/pman_chapter.xml
+++ b/lib/pman/doc/src/pman_chapter.xml
@@ -32,6 +32,12 @@
 
   <section>
     <title>Introduction</title>
+    <warning>
+      <p>
+	The Pman application has been superseded by the Observer application.
+	Pman will be removed in R16.
+      </p>
+    </warning>
     <p>The process manager Pman is a tool for viewing processes executing
       locally or on remote nodes. Its main purpose is to locate
       erroneous code by inspecting the state of the processes and by tracing
diff --git a/lib/pman/src/pman_buf_converter.erl b/lib/pman/src/pman_buf_converter.erl
index b6f560411c..c6cd8ec9ee 100644
--- a/lib/pman/src/pman_buf_converter.erl
+++ b/lib/pman/src/pman_buf_converter.erl
@@ -29,6 +29,7 @@
 %%----------------------------------------------------------------------
 
 -module(pman_buf_converter).
+-compile([{nowarn_deprecated_function,{gs,start,0}}]).
 
 %%-compile(export_all).
 -export([init/2]).
diff --git a/lib/pman/src/pman_buf_printer.erl b/lib/pman/src/pman_buf_printer.erl
index 74e935171a..62407648d5 100644
--- a/lib/pman/src/pman_buf_printer.erl
+++ b/lib/pman/src/pman_buf_printer.erl
@@ -18,6 +18,8 @@
 %%
 
 -module(pman_buf_printer).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
 
 %%-compile(export_all).
 -export([init/2]).
diff --git a/lib/pman/src/pman_main.erl b/lib/pman/src/pman_main.erl
index b68da1d2c3..adb5b65cd4 100644
--- a/lib/pman/src/pman_main.erl
+++ b/lib/pman/src/pman_main.erl
@@ -17,6 +17,8 @@
 %% %CopyrightEnd%
 %%
 -module(pman_main).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,read,2}}]).
 
 %% Main process and window
 
diff --git a/lib/pman/src/pman_module_info.erl b/lib/pman/src/pman_module_info.erl
index cfd711a6e1..58f956aa42 100644
--- a/lib/pman/src/pman_module_info.erl
+++ b/lib/pman/src/pman_module_info.erl
@@ -17,6 +17,8 @@
 %% %CopyrightEnd%
 %%
 -module(pman_module_info).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,start,1}}]).
 
 %% Window with module information (View->Module Info...)
 
diff --git a/lib/pman/src/pman_shell.erl b/lib/pman/src/pman_shell.erl
index 0b13890460..393ef5f84d 100644
--- a/lib/pman/src/pman_shell.erl
+++ b/lib/pman/src/pman_shell.erl
@@ -25,6 +25,10 @@
 %% ---------------------------------------------------------------
 
 -module(pman_shell).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,start,1}}]).
 
 %% ---------------------------------------------------------------
 %% The user interface exports 
diff --git a/lib/pman/src/pman_tool.erl b/lib/pman/src/pman_tool.erl
index 1d33fb9764..c548e17d00 100644
--- a/lib/pman/src/pman_tool.erl
+++ b/lib/pman/src/pman_tool.erl
@@ -17,6 +17,7 @@
 %% %CopyrightEnd%
 %%
 -module(pman_tool).
+-compile([{nowarn_deprecated_function,{gs,read,2}}]).
 
 %% Listbox selection window
 
diff --git a/lib/pman/src/pman_win.erl b/lib/pman/src/pman_win.erl
index 52d5a237cf..9dd446cd81 100644
--- a/lib/pman/src/pman_win.erl
+++ b/lib/pman/src/pman_win.erl
@@ -21,6 +21,16 @@
 %% ------------------------------------------------------------
 
 -module(pman_win).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,canvas,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,create,4}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,1}},
+          {nowarn_deprecated_function,{gs,text,2}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 %% ---------------------------------------------------------------
 %% The user interface exports 
diff --git a/lib/pman/vsn.mk b/lib/pman/vsn.mk
index d190164053..a62a9d7c89 100644
--- a/lib/pman/vsn.mk
+++ b/lib/pman/vsn.mk
@@ -1 +1 @@
-PMAN_VSN = 2.7.1
+PMAN_VSN = 2.7.1.1
diff --git a/lib/public_key/.gitignore b/lib/public_key/.gitignore
index db24906676..d30fe62c9d 100644
--- a/lib/public_key/.gitignore
+++ b/lib/public_key/.gitignore
@@ -1,7 +1,7 @@
 # public_key
 
-/lib/public_key/asn1/*.asn1db
-/lib/public_key/asn1/*.erl
-/lib/public_key/asn1/*.hrl
-/lib/public_key/include/OTP-PUB-KEY.hrl
-/lib/public_key/include/PKCS-FRAME.hrl
+asn1/*.asn1db
+asn1/*.erl
+asn1/*.hrl
+include/OTP-PUB-KEY.hrl
+include/PKCS-FRAME.hrl
diff --git a/lib/public_key/asn1/InformationFramework.asn1 b/lib/public_key/asn1/InformationFramework.asn1
deleted file mode 100644
index 40fbd11a2a..0000000000
--- a/lib/public_key/asn1/InformationFramework.asn1
+++ /dev/null
@@ -1,682 +0,0 @@
-InformationFramework {joint-iso-itu-t ds(5) module(1) informationFramework(1) 
-  6} DEFINITIONS ::=
-BEGIN
-
--- EXPORTS All 
--- The types and values defined in this module are exported for use in the other ASN.1 modules contained 
--- within the Directory Specifications, and for the use of other applications which will use them to access 
--- Directory services. Other applications may use them for their own purposes, but this will not constrain
--- extensions and modifications needed to maintain or improve the Directory service.
-IMPORTS
-  -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
-  directoryAbstractService, id-ar, id-at, id-mr, id-nf, id-oa, id-oc, 
-    id-sc, selectedAttributeTypes, serviceAdministration
-    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
-      usefulDefinitions(0) 6}
-  SearchRule
-    FROM ServiceAdministration serviceAdministration
-  -- from ITU-T Rec. X.511 | ISO/IEC 9594-3
-  TypeAndContextAssertion
-    FROM DirectoryAbstractService directoryAbstractService
-  -- from ITU-T Rec. X.520 | ISO/IEC 9594-6
-  booleanMatch, commonName, generalizedTimeMatch, generalizedTimeOrderingMatch,
-    integerFirstComponentMatch, integerMatch, integerOrderingMatch,
-    objectIdentifierFirstComponentMatch, UnboundedDirectoryString
-    FROM SelectedAttributeTypes selectedAttributeTypes;
-
--- attribute data types 
-Attribute{ATTRIBUTE:SupportedAttributes} ::= SEQUENCE {
-  type               ATTRIBUTE.&id({SupportedAttributes}),
-  values
-    SET SIZE (0..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}{@type}),
-  valuesWithContext
-    SET SIZE (1..MAX) OF
-      SEQUENCE {value        ATTRIBUTE.&Type({SupportedAttributes}{@type}),
-                contextList  SET SIZE (1..MAX) OF Context} OPTIONAL
-}
-
-AttributeType ::= ATTRIBUTE.&id
-
-AttributeValue ::= ATTRIBUTE.&Type
-
-Context ::= SEQUENCE {
-  contextType    CONTEXT.&id({SupportedContexts}),
-  contextValues
-    SET SIZE (1..MAX) OF CONTEXT.&Type({SupportedContexts}{@contextType}),
-  fallback       BOOLEAN DEFAULT FALSE
-}
-
-AttributeValueAssertion ::= SEQUENCE {
-  type              ATTRIBUTE.&id({SupportedAttributes}),
-  assertion
-    ATTRIBUTE.&equality-match.&AssertionType
-      ({SupportedAttributes}{@type}),
-  assertedContexts
-    CHOICE {allContexts       [0]  NULL,
-            selectedContexts  [1]  SET SIZE (1..MAX) OF ContextAssertion
-  } OPTIONAL
-}
-
-ContextAssertion ::= SEQUENCE {
-  contextType    CONTEXT.&id({SupportedContexts}),
-  contextValues
-    SET SIZE (1..MAX) OF
-      CONTEXT.&Assertion({SupportedContexts}{@contextType})
-}
-
-AttributeTypeAssertion ::= SEQUENCE {
-  type              ATTRIBUTE.&id({SupportedAttributes}),
-  assertedContexts  SEQUENCE SIZE (1..MAX) OF ContextAssertion OPTIONAL
-}
-
--- Definition of the following information object set is deferred, perhaps to standardized
--- profiles or to protocol implementation conformance statements. The set is required to
--- specify a table constraint on the values component of Attribute, the value component 
--- of AttributeTypeAndValue, and the assertion component of AttributeValueAssertion.
-SupportedAttributes ATTRIBUTE ::=
-  {objectClass | aliasedEntryName, ...}
-
--- Definition of the following information object set is deferred, perhaps to standardized
--- profiles or to protocol implementation conformance statements. The set is required to
--- specify a table constraint on the context specifications
-SupportedContexts CONTEXT ::=
-  {...}
-
--- naming data types 
-Name ::= CHOICE { -- only one possibility for now --rdnSequence  RDNSequence
-}
-
-RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-DistinguishedName ::= RDNSequence
-
-RelativeDistinguishedName ::=
-  SET SIZE (1..MAX) OF AttributeTypeAndDistinguishedValue
-
-AttributeTypeAndDistinguishedValue ::= SEQUENCE {
-  type                  ATTRIBUTE.&id({SupportedAttributes}),
-  value                 ATTRIBUTE.&Type({SupportedAttributes}{@type}),
-  primaryDistinguished  BOOLEAN DEFAULT TRUE,
-  valuesWithContext
-    SET SIZE (1..MAX) OF
-      SEQUENCE {distingAttrValue
-                  [0]  ATTRIBUTE.&Type({SupportedAttributes}{@type})
-                    OPTIONAL,
-                contextList       SET SIZE (1..MAX) OF Context} OPTIONAL
-}
-
--- subtree data types 
-SubtreeSpecification ::= SEQUENCE {
-  base                 [0]  LocalName DEFAULT {},
-  COMPONENTS OF ChopSpecification,
-  specificationFilter  [4]  Refinement OPTIONAL
-}
-
--- empty sequence specifies whole administrative area
-LocalName ::= RDNSequence
-
-ChopSpecification ::= SEQUENCE {
-  specificExclusions
-    [1]  SET SIZE (1..MAX) OF
-           CHOICE {chopBefore  [0]  LocalName,
-                   chopAfter   [1]  LocalName} OPTIONAL,
-  minimum             [2]  BaseDistance DEFAULT 0,
-  maximum             [3]  BaseDistance OPTIONAL
-}
-
-BaseDistance ::= INTEGER(0..MAX)
-
-Refinement ::= CHOICE {
-  item  [0]  OBJECT-CLASS.&id,
-  and   [1]  SET SIZE (1..MAX) OF Refinement,
-  or    [2]  SET SIZE (1..MAX) OF Refinement,
-  not   [3]  Refinement
-}
-
--- OBJECT-CLASS information object class specification 
-OBJECT-CLASS ::= CLASS {
-  &Superclasses         OBJECT-CLASS OPTIONAL,
-  &kind                 ObjectClassKind DEFAULT structural,
-  &MandatoryAttributes  ATTRIBUTE OPTIONAL,
-  &OptionalAttributes   ATTRIBUTE OPTIONAL,
-  &id                   OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
-  [SUBCLASS OF &Superclasses]
-  [KIND &kind]
-  [MUST CONTAIN &MandatoryAttributes]
-  [MAY CONTAIN &OptionalAttributes]
-  ID &id
-}
-
-ObjectClassKind ::= ENUMERATED {abstract(0), structural(1), auxiliary(2)}
-
--- object classes 
-top OBJECT-CLASS ::= {
-  KIND          abstract
-  MUST CONTAIN  {objectClass}
-  ID            id-oc-top
-}
-
-alias OBJECT-CLASS ::= {
-  SUBCLASS OF   {top}
-  MUST CONTAIN  {aliasedEntryName}
-  ID            id-oc-alias
-}
-
-parent OBJECT-CLASS ::= {KIND  abstract
-                         ID    id-oc-parent
-}
-
-child OBJECT-CLASS ::= {KIND  auxiliary
-                        ID    id-oc-child
-}
-
--- ATTRIBUTE information object class specification 
-ATTRIBUTE ::= CLASS {
-  &derivation            ATTRIBUTE OPTIONAL,
-  &Type                  OPTIONAL, -- either &Type or &derivation required 
-  &equality-match        MATCHING-RULE OPTIONAL,
-  &ordering-match        MATCHING-RULE OPTIONAL,
-  &substrings-match      MATCHING-RULE OPTIONAL,
-  &single-valued         BOOLEAN DEFAULT FALSE,
-  &collective            BOOLEAN DEFAULT FALSE,
-  &dummy                 BOOLEAN DEFAULT FALSE,
-  -- operational extensions 
-  &no-user-modification  BOOLEAN DEFAULT FALSE,
-  &usage                 AttributeUsage DEFAULT userApplications,
-  &id                    OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
-  [SUBTYPE OF &derivation]
-  [WITH SYNTAX &Type]
-  [EQUALITY MATCHING RULE &equality-match]
-  [ORDERING MATCHING RULE &ordering-match]
-  [SUBSTRINGS MATCHING RULE &substrings-match]
-  [SINGLE VALUE &single-valued]
-  [COLLECTIVE &collective]
-  [DUMMY &dummy]
-  [NO USER MODIFICATION &no-user-modification]
-  [USAGE &usage]
-  ID &id
-}
-
-AttributeUsage ::= ENUMERATED {
-  userApplications(0), directoryOperation(1), distributedOperation(2),
-  dSAOperation(3)}
-
--- attributes 
-objectClass ATTRIBUTE ::= {
-  WITH SYNTAX             OBJECT IDENTIFIER
-  EQUALITY MATCHING RULE  objectIdentifierMatch
-  ID                      id-at-objectClass
-}
-
-aliasedEntryName ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  SINGLE VALUE            TRUE
-  ID                      id-at-aliasedEntryName
-}
-
--- MATCHING-RULE information object class specification 
-MATCHING-RULE ::= CLASS {
-  &ParentMatchingRules   MATCHING-RULE OPTIONAL,
-  &AssertionType         OPTIONAL,
-  &uniqueMatchIndicator  ATTRIBUTE OPTIONAL,
-  &id                    OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
-  [PARENT &ParentMatchingRules]
-  [SYNTAX &AssertionType]
-  [UNIQUE-MATCH-INDICATOR &uniqueMatchIndicator]
-  ID &id
-}
-
--- matching rules 
-objectIdentifierMatch MATCHING-RULE ::= {
-  SYNTAX  OBJECT IDENTIFIER
-  ID      id-mr-objectIdentifierMatch
-}
-
-distinguishedNameMatch MATCHING-RULE ::= {
-  SYNTAX  DistinguishedName
-  ID      id-mr-distinguishedNameMatch
-}
-
-MAPPING-BASED-MATCHING{SelectedBy, BOOLEAN:combinable, MappingResult,
-                       OBJECT IDENTIFIER:matchingRule} ::= CLASS {
-  &selectBy          SelectedBy OPTIONAL,
-  &ApplicableTo      ATTRIBUTE,
-  &subtypesIncluded  BOOLEAN DEFAULT TRUE,
-  &combinable        BOOLEAN(combinable),
-  &mappingResults    MappingResult OPTIONAL,
-  &userControl       BOOLEAN DEFAULT FALSE,
-  &exclusive         BOOLEAN DEFAULT TRUE,
-  &matching-rule     MATCHING-RULE.&id(matchingRule),
-  &id                OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
-  [SELECT BY &selectBy]
-  APPLICABLE TO &ApplicableTo
-  [SUBTYPES INCLUDED &subtypesIncluded]
-  COMBINABLE &combinable
-  [MAPPING RESULTS &mappingResults]
-  [USER CONTROL &userControl]
-  [EXCLUSIVE &exclusive]
-  MATCHING RULE &matching-rule
-  ID &id
-}
-
--- NAME-FORM information object class specification 
-NAME-FORM ::= CLASS {
-  &namedObjectClass     OBJECT-CLASS,
-  &MandatoryAttributes  ATTRIBUTE,
-  &OptionalAttributes   ATTRIBUTE OPTIONAL,
-  &id                   OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
-  NAMES &namedObjectClass
-  WITH ATTRIBUTES &MandatoryAttributes
-  [AND OPTIONALLY &OptionalAttributes]
-  ID &id
-}
-
--- STRUCTURE-RULE class and DIT structure rule data types 
-DITStructureRule ::= SEQUENCE {
-  ruleIdentifier          RuleIdentifier,
-  -- shall be unique within the scope of the subschema
-  nameForm                NAME-FORM.&id,
-  superiorStructureRules  SET SIZE (1..MAX) OF RuleIdentifier OPTIONAL
-}
-
-RuleIdentifier ::= INTEGER
-
-STRUCTURE-RULE ::= CLASS {
-  &nameForm                NAME-FORM,
-  &SuperiorStructureRules  STRUCTURE-RULE OPTIONAL,
-  &id                      RuleIdentifier
-}
-WITH SYNTAX {
-  NAME FORM &nameForm
-  [SUPERIOR RULES &SuperiorStructureRules]
-  ID &id
-}
-
--- DIT content rule data type and CONTENT-RULE class
-DITContentRule ::= SEQUENCE {
-  structuralObjectClass  OBJECT-CLASS.&id,
-  auxiliaries            SET SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL,
-  mandatory              [1]  SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL,
-  optional               [2]  SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL,
-  precluded              [3]  SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL
-}
-
-CONTENT-RULE ::= CLASS {
-  &structuralClass  OBJECT-CLASS.&id UNIQUE,
-  &Auxiliaries      OBJECT-CLASS OPTIONAL,
-  &Mandatory        ATTRIBUTE OPTIONAL,
-  &Optional         ATTRIBUTE OPTIONAL,
-  &Precluded        ATTRIBUTE OPTIONAL
-}
-WITH SYNTAX {
-  STRUCTURAL OBJECT-CLASS &structuralClass
-  [AUXILIARY OBJECT-CLASSES &Auxiliaries]
-  [MUST CONTAIN &Mandatory]
-  [MAY CONTAIN &Optional]
-  [MUST-NOT CONTAIN &Precluded]
-}
-
-CONTEXT ::= CLASS {
-  &Type          ,
-  &DefaultValue  OPTIONAL,
-  &Assertion     OPTIONAL,
-  &absentMatch   BOOLEAN DEFAULT TRUE,
-  &id            OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
-  WITH SYNTAX &Type
-  [DEFAULT-VALUE &DefaultValue]
-  [ASSERTED AS &Assertion]
-  [ABSENT-MATCH &absentMatch]
-  ID &id
-}
-
-DITContextUse ::= SEQUENCE {
-  attributeType      ATTRIBUTE.&id,
-  mandatoryContexts  [1]  SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL,
-  optionalContexts   [2]  SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL
-}
-
-DIT-CONTEXT-USE-RULE ::= CLASS {
-  &attributeType  ATTRIBUTE.&id UNIQUE,
-  &Mandatory      CONTEXT OPTIONAL,
-  &Optional       CONTEXT OPTIONAL
-}
-WITH SYNTAX {
-  ATTRIBUTE TYPE &attributeType
-  [MANDATORY CONTEXTS &Mandatory]
-  [OPTIONAL CONTEXTS &Optional]
-}
-
-FRIENDS ::= CLASS {
-  &anchor   ATTRIBUTE.&id UNIQUE,
-  &Friends  ATTRIBUTE
-}WITH SYNTAX {ANCHOR &anchor
-              FRIENDS &Friends
-}
-
--- system schema information objects 
--- object classes 
-subentry OBJECT-CLASS ::= {
-  SUBCLASS OF   {top}
-  KIND          structural
-  MUST CONTAIN  {commonName | subtreeSpecification}
-  ID            id-sc-subentry
-}
-
-subentryNameForm NAME-FORM ::= {
-  NAMES            subentry
-  WITH ATTRIBUTES  {commonName}
-  ID               id-nf-subentryNameForm
-}
-
-subtreeSpecification ATTRIBUTE ::= {
-  WITH SYNTAX  SubtreeSpecification
-  USAGE        directoryOperation
-  ID           id-oa-subtreeSpecification
-}
-
-administrativeRole ATTRIBUTE ::= {
-  WITH SYNTAX             OBJECT-CLASS.&id
-  EQUALITY MATCHING RULE  objectIdentifierMatch
-  USAGE                   directoryOperation
-  ID                      id-oa-administrativeRole
-}
-
-createTimestamp ATTRIBUTE ::= {
-  WITH SYNTAX             GeneralizedTime
-  -- as per 46.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
-  EQUALITY MATCHING RULE  generalizedTimeMatch
-  ORDERING MATCHING RULE  generalizedTimeOrderingMatch
-  SINGLE VALUE            TRUE
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-createTimestamp
-}
-
-modifyTimestamp ATTRIBUTE ::= {
-  WITH SYNTAX             GeneralizedTime
-  -- as per 46.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
-  EQUALITY MATCHING RULE  generalizedTimeMatch
-  ORDERING MATCHING RULE  generalizedTimeOrderingMatch
-  SINGLE VALUE            TRUE
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-modifyTimestamp
-}
-
-subschemaTimestamp ATTRIBUTE ::= {
-  WITH SYNTAX             GeneralizedTime
-  -- as per 46.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
-  EQUALITY MATCHING RULE  generalizedTimeMatch
-  ORDERING MATCHING RULE  generalizedTimeOrderingMatch
-  SINGLE VALUE            TRUE
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-subschemaTimestamp
-}
-
-creatorsName ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  SINGLE VALUE            TRUE
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-creatorsName
-}
-
-modifiersName ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  SINGLE VALUE            TRUE
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-modifiersName
-}
-
-subschemaSubentryList ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  SINGLE VALUE            TRUE
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-subschemaSubentryList
-}
-
-accessControlSubentryList ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-accessControlSubentryList
-}
-
-collectiveAttributeSubentryList ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-collectiveAttributeSubentryList
-}
-
-contextDefaultSubentryList ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-contextDefaultSubentryList
-}
-
-serviceAdminSubentryList ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-serviceAdminSubentryList
-}
-
-hasSubordinates ATTRIBUTE ::= {
-  WITH SYNTAX             BOOLEAN
-  EQUALITY MATCHING RULE  booleanMatch
-  SINGLE VALUE            TRUE
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-hasSubordinates
-}
-
-accessControlSubentry OBJECT-CLASS ::= {
-  KIND  auxiliary
-  ID    id-sc-accessControlSubentry
-}
-
-collectiveAttributeSubentry OBJECT-CLASS ::= {
-  KIND  auxiliary
-  ID    id-sc-collectiveAttributeSubentry
-}
-
-collectiveExclusions ATTRIBUTE ::= {
-  WITH SYNTAX             OBJECT IDENTIFIER
-  EQUALITY MATCHING RULE  objectIdentifierMatch
-  USAGE                   directoryOperation
-  ID                      id-oa-collectiveExclusions
-}
-
-contextAssertionSubentry OBJECT-CLASS ::= {
-  KIND          auxiliary
-  MUST CONTAIN  {contextAssertionDefaults}
-  ID            id-sc-contextAssertionSubentry
-}
-
-contextAssertionDefaults ATTRIBUTE ::= {
-  WITH SYNTAX             TypeAndContextAssertion
-  EQUALITY MATCHING RULE  objectIdentifierFirstComponentMatch
-  USAGE                   directoryOperation
-  ID                      id-oa-contextAssertionDefault
-}
-
-serviceAdminSubentry OBJECT-CLASS ::= {
-  KIND          auxiliary
-  MUST CONTAIN  {searchRules}
-  ID            id-sc-serviceAdminSubentry
-}
-
-searchRules ATTRIBUTE ::= {
-  WITH SYNTAX             SearchRuleDescription
-  EQUALITY MATCHING RULE  integerFirstComponentMatch
-  USAGE                   directoryOperation
-  ID                      id-oa-searchRules
-}
-
-SearchRuleDescription ::= SEQUENCE {
-  COMPONENTS OF SearchRule,
-  name         [28]  SET SIZE (1..MAX) OF UnboundedDirectoryString OPTIONAL,
-  description  [29]  UnboundedDirectoryString OPTIONAL
-}
-
-hierarchyLevel ATTRIBUTE ::= {
-  WITH SYNTAX             HierarchyLevel
-  EQUALITY MATCHING RULE  integerMatch
-  ORDERING MATCHING RULE  integerOrderingMatch
-  SINGLE VALUE            TRUE
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-hierarchyLevel
-}
-
-HierarchyLevel ::= INTEGER
-
-hierarchyBelow ATTRIBUTE ::= {
-  WITH SYNTAX             HierarchyBelow
-  EQUALITY MATCHING RULE  booleanMatch
-  SINGLE VALUE            TRUE
-  NO USER MODIFICATION    TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-hierarchyBelow
-}
-
-HierarchyBelow ::= BOOLEAN
-
-hierarchyParent ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  SINGLE VALUE            TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-hierarchyParent
-}
-
-hierarchyTop ATTRIBUTE ::= {
-  WITH SYNTAX             DistinguishedName
-  EQUALITY MATCHING RULE  distinguishedNameMatch
-  SINGLE VALUE            TRUE
-  USAGE                   directoryOperation
-  ID                      id-oa-hierarchyTop
-}
-
--- object identifier assignments 
--- object classes 
-id-oc-top OBJECT IDENTIFIER ::=
-  {id-oc 0}
-
-id-oc-alias OBJECT IDENTIFIER ::= {id-oc 1}
-
-id-oc-parent OBJECT IDENTIFIER ::= {id-oc 28}
-
-id-oc-child OBJECT IDENTIFIER ::= {id-oc 29}
-
--- attributes 
-id-at-objectClass OBJECT IDENTIFIER ::= {id-at 0}
-
-id-at-aliasedEntryName OBJECT IDENTIFIER ::= {id-at 1}
-
--- matching rules 
-id-mr-objectIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 0}
-
-id-mr-distinguishedNameMatch OBJECT IDENTIFIER ::= {id-mr 1}
-
--- operational attributes 
-id-oa-excludeAllCollectiveAttributes OBJECT IDENTIFIER ::=
-  {id-oa 0}
-
-id-oa-createTimestamp OBJECT IDENTIFIER ::= {id-oa 1}
-
-id-oa-modifyTimestamp OBJECT IDENTIFIER ::= {id-oa 2}
-
-id-oa-creatorsName OBJECT IDENTIFIER ::= {id-oa 3}
-
-id-oa-modifiersName OBJECT IDENTIFIER ::= {id-oa 4}
-
-id-oa-administrativeRole OBJECT IDENTIFIER ::= {id-oa 5}
-
-id-oa-subtreeSpecification OBJECT IDENTIFIER ::= {id-oa 6}
-
-id-oa-collectiveExclusions OBJECT IDENTIFIER ::= {id-oa 7}
-
-id-oa-subschemaTimestamp OBJECT IDENTIFIER ::= {id-oa 8}
-
-id-oa-hasSubordinates OBJECT IDENTIFIER ::= {id-oa 9}
-
-id-oa-subschemaSubentryList OBJECT IDENTIFIER ::= {id-oa 10}
-
-id-oa-accessControlSubentryList OBJECT IDENTIFIER ::= {id-oa 11}
-
-id-oa-collectiveAttributeSubentryList OBJECT IDENTIFIER ::= {id-oa 12}
-
-id-oa-contextDefaultSubentryList OBJECT IDENTIFIER ::= {id-oa 13}
-
-id-oa-contextAssertionDefault OBJECT IDENTIFIER ::= {id-oa 14}
-
-id-oa-serviceAdminSubentryList OBJECT IDENTIFIER ::= {id-oa 15}
-
-id-oa-searchRules OBJECT IDENTIFIER ::= {id-oa 16}
-
-id-oa-hierarchyLevel OBJECT IDENTIFIER ::= {id-oa 17}
-
-id-oa-hierarchyBelow OBJECT IDENTIFIER ::= {id-oa 18}
-
-id-oa-hierarchyParent OBJECT IDENTIFIER ::= {id-oa 19}
-
-id-oa-hierarchyTop OBJECT IDENTIFIER ::= {id-oa 20}
-
--- subentry classes 
-id-sc-subentry OBJECT IDENTIFIER ::= {id-sc 0}
-
-id-sc-accessControlSubentry OBJECT IDENTIFIER ::= {id-sc 1}
-
-id-sc-collectiveAttributeSubentry OBJECT IDENTIFIER ::= {id-sc 2}
-
-id-sc-contextAssertionSubentry OBJECT IDENTIFIER ::= {id-sc 3}
-
-id-sc-serviceAdminSubentry OBJECT IDENTIFIER ::= {id-sc 4}
-
---  Name forms 
-id-nf-subentryNameForm OBJECT IDENTIFIER ::= {id-nf 16}
-
--- administrative roles 
-id-ar-autonomousArea OBJECT IDENTIFIER ::= {id-ar 1}
-
-id-ar-accessControlSpecificArea OBJECT IDENTIFIER ::= {id-ar 2}
-
-id-ar-accessControlInnerArea OBJECT IDENTIFIER ::= {id-ar 3}
-
-id-ar-subschemaAdminSpecificArea OBJECT IDENTIFIER ::= {id-ar 4}
-
-id-ar-collectiveAttributeSpecificArea OBJECT IDENTIFIER ::= {id-ar 5}
-
-id-ar-collectiveAttributeInnerArea OBJECT IDENTIFIER ::= {id-ar 6}
-
-id-ar-contextDefaultSpecificArea OBJECT IDENTIFIER ::= {id-ar 7}
-
-id-ar-serviceSpecificArea OBJECT IDENTIFIER ::= {id-ar 8}
-
-END -- InformationFramework
diff --git a/lib/public_key/asn1/Makefile b/lib/public_key/asn1/Makefile
index 2ce1168349..943d97bdb8 100644
--- a/lib/public_key/asn1/Makefile
+++ b/lib/public_key/asn1/Makefile
@@ -40,7 +40,7 @@ RELSYSDIR = $(RELEASE_PATH)/lib/public_key-$(VSN)
 
 ASN_TOP = OTP-PUB-KEY PKCS-FRAME
 ASN_MODULES = PKIX1Explicit88 PKIX1Implicit88 PKIX1Algorithms88 \
-	PKIXAttributeCertificate PKCS-1 PKCS-3 PKCS-8 InformationFramework PKCS5v2-0  OTP-PKIX 
+	PKIXAttributeCertificate PKCS-1 PKCS-3 PKCS-8 PKCS5v2-0  OTP-PKIX 
 ASN_ASNS = $(ASN_MODULES:%=%.asn1)
 ASN_ERLS = $(ASN_TOP:%=%.erl)
 ASN_HRLS = $(ASN_TOP:%=%.hrl)
@@ -117,5 +117,4 @@ OTP-PUB-KEY.asn1db:		PKIX1Algorithms88.asn1 \
 $(EBIN)/PKCS-FRAME.beam: 	        PKCS-FRAME.erl PKCS-FRAME.hrl
 PKCS-FRAME.erl PKCS-FRAME.hrl:			PKCS-FRAME.asn1db
 PKCS-FRAME.asn1db:			PKCS-8.asn1\
-					InformationFramework.asn1\
 					PKCS5v2-0.asn1
\ No newline at end of file
diff --git a/lib/public_key/asn1/OTP-PKIX.asn1 b/lib/public_key/asn1/OTP-PKIX.asn1
index ad704191a9..fbf531df40 100644
--- a/lib/public_key/asn1/OTP-PKIX.asn1
+++ b/lib/public_key/asn1/OTP-PKIX.asn1
@@ -91,7 +91,7 @@ IMPORTS
        id-ce-certificateIssuer, CertificateIssuer,
        id-ce-holdInstructionCode, HoldInstructionCode,
        id-ce-invalidityDate, InvalidityDate
-
+       
        FROM PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) 
        internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) 
        id-pkix1-implicit(19) }
@@ -114,8 +114,20 @@ IMPORTS
 	id-ecPublicKey, EcpkParameters, ECPoint
 	FROM PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6)
 	     internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
-	     id-mod-pkix1-algorithms(17) };
-
+	     id-mod-pkix1-algorithms(17) }
+	     
+       md2WithRSAEncryption,
+       md5WithRSAEncryption,
+       sha1WithRSAEncryption,
+       sha256WithRSAEncryption,
+       sha384WithRSAEncryption,
+       sha512WithRSAEncryption	     
+    	     
+      FROM PKCS-1 {
+       iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)
+        modules(0) pkcs-1(1)
+	};	   
+	     
 --
 -- Certificate
 --
@@ -295,6 +307,9 @@ PublicKeyAlgorithm ::=  SEQUENCE  {
 SupportedSignatureAlgorithms SIGNATURE-ALGORITHM-CLASS ::= { 
 		    dsa-with-sha1 | md2-with-rsa-encryption |
 		    md5-with-rsa-encryption | sha1-with-rsa-encryption |
+		    sha256-with-rsa-encryption |
+		    sha384-with-rsa-encryption |
+		    sha512-with-rsa-encryption |
 		    ecdsa-with-sha1 } 
 
 SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= { 
@@ -340,6 +355,18 @@ SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= {
 			    ID sha1WithRSAEncryption 
 			    TYPE NULL }
 
+   sha256-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= {
+			    ID sha256WithRSAEncryption 
+			    TYPE NULL }
+
+   sha384-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= {
+			    ID sha384WithRSAEncryption 
+			    TYPE NULL }
+	    
+   sha512-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= {
+			    ID sha512WithRSAEncryption 
+			    TYPE NULL }
+
    -- Certificate.signature
    -- See PKCS #1 (RFC 2313). XXX
 
diff --git a/lib/public_key/asn1/PKCS-8.asn1 b/lib/public_key/asn1/PKCS-8.asn1
index 7413519b57..8412345b68 100644
--- a/lib/public_key/asn1/PKCS-8.asn1
+++ b/lib/public_key/asn1/PKCS-8.asn1
@@ -14,15 +14,15 @@ BEGIN
 -- All types and values defined in this module is exported for use in other
 -- ASN.1 modules.
 
-IMPORTS
+--IMPORTS
 
 -- informationFramework
 --        FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
 --                                usefulDefinitions(0) 3} 
 
-Attribute
+--Attribute
 --        FROM InformationFramework informationFramework
-        FROM InformationFramework;
+--        FROM InformationFramework;
 
 -- This import is really unnecessary since ALGORITHM-IDENTIFIER is defined as a 
 -- TYPE-IDENTIFIER
@@ -55,8 +55,8 @@ Version ::= INTEGER {v1(0)} (v1,...)
 
 PrivateKey ::= OCTET STRING
 
--- Attributes ::= SET OF Attribute
-Attributes ::= SET OF Attribute {{...}}
+-- Attributes ::= SET OF PKAttribute
+Attributes ::= SET OF PKAttribute {{...}}
 
 -- Encrypted private-key information syntax
 
@@ -78,6 +78,66 @@ KeyEncryptionAlgorithms TYPE-IDENTIFIER ::= {
     ... -- For local profiles
 }
 
+-- From InformationFramework
+PKAttribute{ATTRIBUTE:SupportedAttributes} ::= SEQUENCE {
+  type               ATTRIBUTE.&id({SupportedAttributes}),
+  values
+    SET SIZE (0..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}{@type}),
+  valuesWithContext
+    SET SIZE (1..MAX) OF
+      SEQUENCE {value        ATTRIBUTE.&Type({SupportedAttributes}{@type}),
+                contextList  SET SIZE (1..MAX) OF Context} OPTIONAL
+}
+
+Context ::= SEQUENCE {
+  contextType    CONTEXT.&id({SupportedContexts}),
+  contextValues
+    SET SIZE (1..MAX) OF CONTEXT.&Type({SupportedContexts}{@contextType}),
+  fallback       BOOLEAN DEFAULT FALSE
+}
+-- Definition of the following information object set is deferred, perhaps to standardized
+-- profiles or to protocol implementation conformance statements. The set is required to
+-- specify a table constraint on the context specifications
+SupportedContexts CONTEXT ::=
+  {...}
+
+
+CONTEXT ::= CLASS {
+  &Type          ,
+  &DefaultValue  OPTIONAL,
+  &Assertion     OPTIONAL,
+  &absentMatch   BOOLEAN DEFAULT TRUE,
+  &id            OBJECT IDENTIFIER UNIQUE
+}
+  
+-- ATTRIBUTE information object class specification 
+ATTRIBUTE ::= CLASS {
+  &derivation            ATTRIBUTE OPTIONAL,
+  &Type                  OPTIONAL, -- either &Type or &derivation required 
+  &equality-match        MATCHING-RULE OPTIONAL,
+  &ordering-match        MATCHING-RULE OPTIONAL,
+  &substrings-match      MATCHING-RULE OPTIONAL,
+  &single-valued         BOOLEAN DEFAULT FALSE,
+  &collective            BOOLEAN DEFAULT FALSE,
+  &dummy                 BOOLEAN DEFAULT FALSE,
+  -- operational extensions 
+  &no-user-modification  BOOLEAN DEFAULT FALSE,
+  &usage                 AttributeUsage DEFAULT userApplications,
+  &id                    OBJECT IDENTIFIER UNIQUE
+}
+
+-- MATCHING-RULE information object class specification 
+MATCHING-RULE ::= CLASS {
+  &ParentMatchingRules   MATCHING-RULE OPTIONAL,
+  &AssertionType         OPTIONAL,
+  &uniqueMatchIndicator  ATTRIBUTE OPTIONAL,
+  &id                    OBJECT IDENTIFIER UNIQUE
+}
+
+AttributeUsage ::= ENUMERATED {
+  userApplications(0), directoryOperation(1), distributedOperation(2),
+  dSAOperation(3)}
+
 END
 
 
diff --git a/lib/public_key/asn1/PKCS-FRAME.set.asn b/lib/public_key/asn1/PKCS-FRAME.set.asn
index a0777ff260..69b6727bef 100644
--- a/lib/public_key/asn1/PKCS-FRAME.set.asn
+++ b/lib/public_key/asn1/PKCS-FRAME.set.asn
@@ -1,3 +1,2 @@
 PKCS-8.asn1
-InformationFramework.asn1	
 PKCS5v2-0.asn1
diff --git a/lib/public_key/doc/src/notes.xml b/lib/public_key/doc/src/notes.xml
index efd4a37eb9..c9a5561e3f 100644
--- a/lib/public_key/doc/src/notes.xml
+++ b/lib/public_key/doc/src/notes.xml
@@ -34,6 +34,28 @@
     <file>notes.xml</file>
   </header>
 
+<section><title>Public_Key 0.14</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    public_key, ssl and crypto now supports PKCS-8</p>
+          <p>
+	    Own Id: OTP-9312</p>
+        </item>
+        <item>
+          <p>
+	    The asn1 decoder/encoder now uses a runtime nif from the
+	    asn1 application if it is available.</p>
+          <p>
+	    Own Id: OTP-9414</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Public_Key 0.13</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index 821e7a2300..0b6673e826 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -453,7 +453,7 @@
   <desc>
     <p>Encodes a list of ssh file entries (public keys and attributes) to a binary. Possible
     attributes depends on the file type, see <seealso
-    marker="ssh_decode"> ssh_decode/2 </seealso></p>
+    marker="#ssh_decode-2"> ssh_decode/2 </seealso></p>
   </desc>
   </func>
 
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index 5ab9642279..b76e32a2a0 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -351,7 +351,7 @@ extensions_list(Extensions) ->
 
 
 extract_verify_data(OtpCert, DerCert) ->
-    {0, Signature} = OtpCert#'OTPCertificate'.signature,
+    {_, Signature} = OtpCert#'OTPCertificate'.signature,
     SigAlgRec = OtpCert#'OTPCertificate'.signatureAlgorithm,
     SigAlg = SigAlgRec#'SignatureAlgorithm'.algorithm,
     PlainText = encoded_tbs_cert(DerCert),
@@ -376,6 +376,10 @@ encoded_tbs_cert(Cert) ->
 
 digest_type(?sha1WithRSAEncryption) ->
     sha;
+digest_type(?sha256WithRSAEncryption) ->
+    sha256;
+digest_type(?sha512WithRSAEncryption) ->
+    sha512;
 digest_type(?md5WithRSAEncryption) ->
     md5;
 digest_type(?'id-dsa-with-sha1') ->
diff --git a/lib/public_key/src/pubkey_ssh.erl b/lib/public_key/src/pubkey_ssh.erl
index f342eab159..f0c94e29a5 100644
--- a/lib/public_key/src/pubkey_ssh.erl
+++ b/lib/public_key/src/pubkey_ssh.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2011-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -146,16 +146,7 @@ do_openssh_decode(auth_keys = FileType, [Line | Lines], Acc) ->
     Split = binary:split(Line, <<" ">>, [global]),
     case mend_split(Split, []) of
 	%% ssh2
-	[Options, KeyType, Base64Enc, Comment] when KeyType == <<"ssh-rsa">>;
-						     KeyType == <<"ssh-dss">> ->
-	    do_openssh_decode(FileType, Lines,
-			      [{openssh_pubkey_decode(KeyType, Base64Enc),
-				[{comment, string_decode(Comment)},
-				 {options, comma_list_decode(Options)}]}
-			       | Acc]);
-
-	[KeyType, Base64Enc, Comment] when KeyType == <<"ssh-rsa">>;
-					    KeyType == <<"ssh-dss">> ->
+	[KeyType, Base64Enc, Comment] ->
 	    do_openssh_decode(FileType, Lines,
 			      [{openssh_pubkey_decode(KeyType, Base64Enc),
 				[{comment, string_decode(Comment)}]} | Acc]);
@@ -166,44 +157,32 @@ do_openssh_decode(auth_keys = FileType, [Line | Lines], Acc) ->
 				[{comment, string_decode(Comment)},
 				 {options, comma_list_decode(Options)},
 				 {bits, integer_decode(Bits)}]} | Acc]);
-	[Bits, Exponent, Modulus, Comment]  ->
-	    do_openssh_decode(FileType, Lines,
-			      [{ssh1_rsa_pubkey_decode(Modulus, Exponent),
-				[{comment, string_decode(Comment)},
-				 {bits, integer_decode(Bits)}]} | Acc])
-	end;
+	[A, B, C, D]  ->
+	    ssh_2_or_1(FileType, Lines, Acc, A,B,C,D)
+    end;
 
 do_openssh_decode(known_hosts = FileType, [Line | Lines], Acc) ->
-    case binary:split(Line, <<" ">>, [global]) of
+    Split = binary:split(Line, <<" ">>, [global]),
+    case mend_split(Split, []) of
 	%% ssh 2
-	[HostNames, KeyType, Base64Enc] when KeyType == <<"ssh-rsa">>;
-					     KeyType == <<"ssh-dss">> ->
+	[HostNames, KeyType, Base64Enc] ->
 	    do_openssh_decode(FileType, Lines,
 			      [{openssh_pubkey_decode(KeyType, Base64Enc),
 				[{hostnames, comma_list_decode(HostNames)}]}| Acc]);
-	[HostNames, KeyType, Base64Enc, Comment] when KeyType == <<"ssh-rsa">>;
-						       KeyType == <<"ssh-dss">> ->
-	    do_openssh_decode(FileType, Lines,
-			      [{openssh_pubkey_decode(KeyType, Base64Enc),
-				[{comment, string_decode(Comment)},
-				 {hostnames, comma_list_decode(HostNames)}]} | Acc]);
+	[A, B, C, D] ->
+	    ssh_2_or_1(FileType, Lines, Acc, A, B, C, D);			  
 	%% ssh 1
 	[HostNames, Bits, Exponent, Modulus, Comment] ->
 	    do_openssh_decode(FileType, Lines,
 			      [{ssh1_rsa_pubkey_decode(Modulus, Exponent),
 				[{comment, string_decode(Comment)},
 				 {hostnames, comma_list_decode(HostNames)},
-				 {bits, integer_decode(Bits)}]} | Acc]);
-	[HostNames, Bits, Exponent, Modulus]  ->
-	    do_openssh_decode(FileType, Lines,
-			      [{ssh1_rsa_pubkey_decode(Modulus, Exponent),
-				[{comment, []},
-				 {hostnames, comma_list_decode(HostNames)},
 				 {bits, integer_decode(Bits)}]} | Acc])
 	end;
 
 do_openssh_decode(openssh_public_key = FileType, [Line | Lines], Acc) ->
-    case binary:split(Line, <<" ">>, [global]) of
+    Split = binary:split(Line, <<" ">>, [global]),
+    case mend_split(Split, []) of
 	[KeyType, Base64Enc, Comment0] when KeyType == <<"ssh-rsa">>;
 					    KeyType == <<"ssh-dss">> ->
 	    Comment = string:strip(binary_to_list(Comment0), right, $\n),
@@ -212,6 +191,46 @@ do_openssh_decode(openssh_public_key = FileType, [Line | Lines], Acc) ->
 				[{comment, Comment}]} | Acc])
     end.
 
+ssh_2_or_1(known_hosts = FileType, Lines, Acc, A, B, C, D) ->
+    try integer_decode(B) of
+	Int -> 
+	    file_type_decode_ssh1(FileType, Lines, Acc, A, Int, C,D)
+    catch
+	error:badarg  ->
+	    file_type_decode_ssh2(FileType, Lines, Acc, A,B,C,D)
+    end;
+ssh_2_or_1(auth_keys = FileType, Lines, Acc, A, B, C, D) ->
+  try integer_decode(A) of
+	Int -> 
+	    file_type_decode_ssh1(FileType, Lines, Acc, Int, B, C,D)
+    catch
+	error:badarg  ->
+	    file_type_decode_ssh2(FileType, Lines, Acc, A,B,C,D)
+    end.
+
+file_type_decode_ssh1(known_hosts = FileType, Lines, Acc, HostNames, Bits, Exponent, Modulus) ->
+    do_openssh_decode(FileType, Lines,
+		      [{ssh1_rsa_pubkey_decode(Modulus, Exponent),
+			[{comment, []},
+			 {hostnames, comma_list_decode(HostNames)},
+			 {bits, Bits}]} | Acc]);  
+file_type_decode_ssh1(auth_keys = FileType, Lines, Acc, Bits, Exponent, Modulus, Comment) ->
+    do_openssh_decode(FileType, Lines,
+		      [{ssh1_rsa_pubkey_decode(Modulus, Exponent),
+			[{comment, string_decode(Comment)},
+			 {bits, Bits}]} | Acc]).
+
+file_type_decode_ssh2(known_hosts = FileType, Lines, Acc, HostNames, KeyType, Base64Enc, Comment) ->
+    do_openssh_decode(FileType, Lines,
+		      [{openssh_pubkey_decode(KeyType, Base64Enc),
+			[{comment, string_decode(Comment)},
+			 {hostnames, comma_list_decode(HostNames)}]} | Acc]);
+file_type_decode_ssh2(auth_keys = FileType, Lines, Acc, Options, KeyType, Base64Enc, Comment) ->
+    do_openssh_decode(FileType, Lines,
+		      [{openssh_pubkey_decode(KeyType, Base64Enc),
+			[{comment, string_decode(Comment)},
+			 {options, comma_list_decode(Options)}]}
+		       | Acc]).
 
 openssh_pubkey_decode(<<"ssh-rsa">>, Base64Enc) ->
     <<?UINT32(StrLen), _:StrLen/binary,
@@ -231,7 +250,9 @@ openssh_pubkey_decode(<<"ssh-dss">>, Base64Enc) ->
     {erlint(SizeY, Y),
      #'Dss-Parms'{p = erlint(SizeP, P),
 		  q = erlint(SizeQ, Q),
-		  g = erlint(SizeG, G)}}.
+		  g = erlint(SizeG, G)}};
+openssh_pubkey_decode(KeyType, Base64Enc) ->
+    {KeyType, base64:mime_decode(Base64Enc)}.
 
 erlint(MPIntSize, MPIntValue) ->
     Bits= MPIntSize * 8,
@@ -412,6 +433,12 @@ is_key_field(<<"ssh-dss">>) ->
     true;
 is_key_field(<<"ssh-rsa">>) ->
     true;
+is_key_field(<<"ecdsa-sha2-nistp256">>) ->
+    true;
+is_key_field(<<"ecdsa-sha2-nistp384">>) ->
+    true;
+is_key_field(<<"ecdsa-sha2-nistp521">>) ->
+    true;
 is_key_field(_) ->
     false.
 
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 753322b46d..2e2a6cd296 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -48,7 +48,7 @@
 -type rsa_padding()          :: 'rsa_pkcs1_padding' | 'rsa_pkcs1_oaep_padding' 
 			      | 'rsa_no_padding'.
 -type public_crypt_options() :: [{rsa_pad, rsa_padding()}].
--type rsa_digest_type()      :: 'md5' | 'sha'.
+-type rsa_digest_type()      :: 'md5' | 'sha'| 'sha256' | 'sha512'.
 -type dss_digest_type()      :: 'none' | 'sha'.
 
 -define(UINT32(X), X:32/unsigned-big-integer).
@@ -354,7 +354,10 @@ sign(PlainText, sha, #'DSAPrivateKey'{p = P, q = Q, g = G, x = X})
 %%--------------------------------------------------------------------
 verify(PlainText, DigestType, Signature, 
        #'RSAPublicKey'{modulus = Mod, publicExponent = Exp}) 
-  when is_binary (PlainText), DigestType == sha; DigestType == md5 ->
+  when is_binary (PlainText) and (DigestType == sha orelse
+				  DigestType == sha256 orelse 
+				  DigestType == sha512 orelse 
+				  DigestType == md5) ->
     crypto:rsa_verify(DigestType,
 		      sized_binary(PlainText), 
 		      sized_binary(Signature), 
diff --git a/lib/public_key/test/erl_make_certs.erl b/lib/public_key/test/erl_make_certs.erl
index 8b01ca3ad4..254aa6d2f9 100644
--- a/lib/public_key/test/erl_make_certs.erl
+++ b/lib/public_key/test/erl_make_certs.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -175,7 +175,7 @@ issuer(true, Opts, SubjectKey) ->
 issuer({Issuer, IssuerKey}, _Opts, _SubjectKey) when is_binary(Issuer) ->
     {issuer_der(Issuer), decode_key(IssuerKey)};
 issuer({File, IssuerKey}, _Opts, _SubjectKey) when is_list(File) ->
-    {ok, [{cert, Cert, _}|_]} = public_key:pem_to_der(File),
+    {ok, [{cert, Cert, _}|_]} = pem_to_der(File),
     {issuer_der(Cert), decode_key(IssuerKey)}.
 
 issuer_der(Issuer) ->
@@ -185,7 +185,7 @@ issuer_der(Issuer) ->
     Subject.
 
 subject(undefined, IsRootCA) ->
-    User = if IsRootCA -> "RootCA"; true -> os:getenv("USER") end,
+    User = if IsRootCA -> "RootCA"; true -> user() end,
     Opts = [{email, User ++ "@erlang.org"},
 	    {name, User},
 	    {city, "Stockholm"},
@@ -196,6 +196,14 @@ subject(undefined, IsRootCA) ->
 subject(Opts, _) ->
     subject(Opts).
 
+user() ->
+    case os:getenv("USER") of
+	false ->
+	    "test_user";
+	User ->
+	    User
+    end.
+
 subject(SubjectOpts) when is_list(SubjectOpts) ->
     Encode = fun(Opt) ->
 		     {Type,Value} = subject_enc(Opt),
diff --git a/lib/public_key/test/pkits_SUITE.erl b/lib/public_key/test/pkits_SUITE.erl
index a325a975e9..e59f299399 100644
--- a/lib/public_key/test/pkits_SUITE.erl
+++ b/lib/public_key/test/pkits_SUITE.erl
@@ -72,7 +72,8 @@ groups() ->
       [invalid_name_chain, whitespace_name_chain, capitalization_name_chain,
        uid_name_chain, attrib_name_chain, string_name_chain]},
      {verifying_paths_with_self_issued_certificates, [],
-      [basic_valid, basic_invalid, crl_signing_valid, crl_signing_invalid]},
+      [basic_valid, %%basic_invalid, 
+       crl_signing_valid, crl_signing_invalid]},
      %% {basic_certificate_revocation_tests, [],
      %%  [missing_CRL, revoked_CA, revoked_peer, invalid_CRL_signature,
      %%   invalid_CRL_issuer, invalid_CRL, valid_CRL,
@@ -116,14 +117,12 @@ end_per_testcase(_Func, Config) ->
     Config.
 
 init_per_suite(Config) ->
-    {skip, "PKIX Conformance test certificates expired 14 of April 2011,"
-     " new conformance test suite uses new format so skip until PKCS-12 support is implemented"}.
-    %% try crypto:start() of
-    %% 	ok ->
-    %% 	    Config
-    %% catch _:_ ->
-    %% 	    {skip, "Crypto did not start"}
-    %% end.
+    try crypto:start() of
+     	ok ->
+	  crypto_support_check(Config)  
+    catch _:_ ->
+     	    {skip, "Crypto did not start"}
+    end.
 
 end_per_suite(_Config) ->
     application:stop(crypto).
@@ -134,109 +133,109 @@ valid_rsa_signature(doc) ->
 valid_rsa_signature(suite) ->
     [];
 valid_rsa_signature(Config) when is_list(Config) ->
-    run([{ "4.1.1", "Valid Signatures Test1", ok}]).
+    run([{ "4.1.1", "Valid Certificate Path Test1 EE", ok}]).
 
 invalid_rsa_signature(doc) ->
     ["Test rsa signatur verification"];
 invalid_rsa_signature(suite) ->
     [];
 invalid_rsa_signature(Config) when is_list(Config) ->
-    run([{ "4.1.2", "Invalid CA Signature Test2", {bad_cert,invalid_signature}},
-	 { "4.1.3", "Invalid EE Signature Test3", {bad_cert,invalid_signature}}]).
+    run([{ "4.1.2", "Invalid CA Signature Test2 EE", {bad_cert,invalid_signature}},
+	 { "4.1.3", "Invalid EE Signature Test3 EE", {bad_cert,invalid_signature}}]).
 
 valid_dsa_signature(doc) ->
     ["Test dsa signatur verification"];
 valid_dsa_signature(suite) ->
     [];
 valid_dsa_signature(Config) when is_list(Config) ->
-    run([{ "4.1.4", "Valid DSA Signatures Test4", ok},
-	 { "4.1.5", "Valid DSA Parameter Inheritance Test5", ok}]).
+    run([{ "4.1.4", "Valid DSA Signatures Test4 EE", ok},
+	 { "4.1.5", "Valid DSA Parameter Inheritance Test5 EE", ok}]).
 
 invalid_dsa_signature(doc) ->
     ["Test dsa signatur verification"];
 invalid_dsa_signature(suite) ->
     [];
 invalid_dsa_signature(Config) when is_list(Config) ->
-    run([{ "4.1.6", "Invalid DSA Signature Test6",{bad_cert,invalid_signature}}]).
+    run([{ "4.1.6", "Invalid DSA Signature Test6 EE",{bad_cert,invalid_signature}}]).
 %%-----------------------------------------------------------------------------
 not_before_invalid(doc) ->
     [""];
 not_before_invalid(suite) ->
     [];
 not_before_invalid(Config) when is_list(Config) ->
-    run([{ "4.2.1", "Invalid CA notBefore Date Test1",{bad_cert, cert_expired}},
-	 { "4.2.2", "Invalid EE notBefore Date Test2",{bad_cert, cert_expired}}]).
+    run([{ "4.2.1", "Invalid CA notBefore Date Test1 EE",{bad_cert, cert_expired}},
+	 { "4.2.2", "Invalid EE notBefore Date Test2 EE",{bad_cert, cert_expired}}]).
 
 not_before_valid(doc) ->
     [""];
 not_before_valid(suite) ->
     [];
 not_before_valid(Config) when is_list(Config) ->
-    run([{ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", ok},
-	 { "4.2.4", "Valid GeneralizedTime notBefore Date Test4", ok}]).
+    run([{ "4.2.3", "Valid pre2000 UTC notBefore Date Test3 EE", ok},
+	 { "4.2.4", "Valid GeneralizedTime notBefore Date Test4 EE", ok}]).
 
 not_after_invalid(doc) ->
     [""];
 not_after_invalid(suite) ->
     [];
 not_after_invalid(Config) when is_list(Config) ->
-    run([{ "4.2.5", "Invalid CA notAfter Date Test5", {bad_cert, cert_expired}},
-	 { "4.2.6", "Invalid EE notAfter Date Test6", {bad_cert, cert_expired}},
-	 { "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7",{bad_cert, cert_expired}}]).
+    run([{ "4.2.5", "Invalid CA notAfter Date Test5 EE", {bad_cert, cert_expired}},
+	 { "4.2.6", "Invalid EE notAfter Date Test6 EE", {bad_cert, cert_expired}},
+	 { "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7 EE",{bad_cert, cert_expired}}]).
 
 not_after_valid(doc) ->
     [""];
 not_after_valid(suite) ->
     [];
 not_after_valid(Config) when is_list(Config) ->
-    run([{ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", ok}]).
+    run([{ "4.2.8", "Valid GeneralizedTime notAfter Date Test8 EE", ok}]).
 %%-----------------------------------------------------------------------------
 invalid_name_chain(doc) ->
     [""];
 invalid_name_chain(suite) ->
     [];
 invalid_name_chain(Config) when is_list(Config) ->
-    run([{ "4.3.1", "Invalid Name Chaining EE Test1", {bad_cert, invalid_issuer}},
-	 { "4.3.2", "Invalid Name Chaining Order Test2", {bad_cert, invalid_issuer}}]).
+    run([{ "4.3.1", "Invalid Name Chaining Test1 EE", {bad_cert, invalid_issuer}},
+	 { "4.3.2", "Invalid Name Chaining Order Test2 EE", {bad_cert, invalid_issuer}}]).
 
 whitespace_name_chain(doc) ->
     [""];
 whitespace_name_chain(suite) ->
     [];
 whitespace_name_chain(Config) when is_list(Config) ->
-    run([{ "4.3.3", "Valid Name Chaining Whitespace Test3", ok},
-	 { "4.3.4", "Valid Name Chaining Whitespace Test4", ok}]).
+    run([{ "4.3.3", "Valid Name Chaining Whitespace Test3 EE", ok},
+	 { "4.3.4", "Valid Name Chaining Whitespace Test4 EE", ok}]).
 
 capitalization_name_chain(doc) ->
     [""];
 capitalization_name_chain(suite) ->
     [];
 capitalization_name_chain(Config) when is_list(Config) ->
-    run([{ "4.3.5", "Valid Name Chaining Capitalization Test5",ok}]).
+    run([{ "4.3.5", "Valid Name Chaining Capitalization Test5 EE",ok}]).
 
 uid_name_chain(doc) ->
     [""];
 uid_name_chain(suite) ->
     [];
 uid_name_chain(Config) when is_list(Config) ->
-    run([{ "4.3.6", "Valid Name Chaining UIDs Test6",ok}]).
+    run([{ "4.3.6", "Valid Name UIDs Test6 EE",ok}]).
 
 attrib_name_chain(doc) ->
     [""];
 attrib_name_chain(suite) ->
     [];
 attrib_name_chain(Config) when is_list(Config) ->
-    run([{ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", ok},
-	 { "4.3.8", "Valid RFC3280 Optional Attribute Types Test8",  ok}]).
+    run([{ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7 EE", ok},
+	 { "4.3.8", "Valid RFC3280 Optional Attribute Types Test8 EE",  ok}]).
 
 string_name_chain(doc) ->
     [""];
 string_name_chain(suite) ->
     [];
 string_name_chain(Config) when is_list(Config) ->
-    run([{ "4.3.9", "Valid UTF8String Encoded Names Test9", ok},
-	 { "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", ok},
-	 { "4.3.11", "Valid UTF8String Case Insensitive Match Test11", ok}]).
+    run([{ "4.3.9", "Valid UTF8String Encoded Names Test9 EE", ok},
+	 %%{ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10 EE", ok},
+	 { "4.3.11", "Valid UTF8String Case Insensitive Match Test11 EE", ok}]).
 
 %%-----------------------------------------------------------------------------
 
@@ -245,9 +244,9 @@ basic_valid(doc) ->
 basic_valid(suite) ->
     [];
 basic_valid(Config) when is_list(Config) ->
-    run([{ "4.5.1",  "Valid Basic Self-Issued Old With New Test1", ok},
-	 { "4.5.3",  "Valid Basic Self-Issued New With Old Test3", ok},
-	 { "4.5.4",  "Valid Basic Self-Issued New With Old Test4", ok}
+    run([{ "4.5.1",  "Valid Basic Self-Issued Old With New Test1 EE", ok},
+	 { "4.5.3",  "Valid Basic Self-Issued New With Old Test3 EE", ok},
+	 { "4.5.4",  "Valid Basic Self-Issued New With Old Test4 EE", ok}
 	]).
 
 basic_invalid(doc) ->
@@ -255,9 +254,9 @@ basic_invalid(doc) ->
 basic_invalid(suite) ->
     [];
 basic_invalid(Config) when is_list(Config) ->
-    run([{"4.5.2",  "Invalid Basic Self-Issued Old With New Test2",
+    run([{"4.5.2",  "Invalid Basic Self-Issued Old With New Test2 EE",
 	  {bad_cert, {revoked, keyCompromise}}},
-	 {"4.5.5",  "Invalid Basic Self-Issued New With Old Test5",
+	 {"4.5.5",  "Invalid Basic Self-Issued New With Old Test5 EE",
 	  {bad_cert, {revoked, keyCompromise}}}
 	]).
 
@@ -266,16 +265,16 @@ crl_signing_valid(doc) ->
 crl_signing_valid(suite) ->
     [];
 crl_signing_valid(Config) when is_list(Config) ->
-    run([{ "4.5.6",  "Valid Basic Self-Issued CRL Signing Key Test6", ok}]).
+    run([{ "4.5.6",  "Valid Basic Self-Issued CRL Signing Key Test6 EE", ok}]).
 
 crl_signing_invalid(doc) ->
     [""];
 crl_signing_invalid(suite) ->
     [];
 crl_signing_invalid(Config) when is_list(Config) ->
-    run([{ "4.5.7",  "Invalid Basic Self-Issued CRL Signing Key Test7",
-	   {bad_cert, {revoked, keyCompromise}}},
-	 { "4.5.8",  "Invalid Basic Self-Issued CRL Signing Key Test8",
+    run([%% { "4.5.7",  "Invalid Basic Self-Issued CRL Signing Key Test7 EE",
+	 %%   {bad_cert, {revoked, keyCompromise}}},
+	 { "4.5.8",  "Invalid Basic Self-Issued CRL Signing Key Test8 EE",
 	   {bad_cert, invalid_key_usage}}
 	]).
 
@@ -285,7 +284,7 @@ missing_CRL(doc) ->
 missing_CRL(suite) ->
     [];
 missing_CRL(Config) when is_list(Config) ->
-    run([{ "4.4.1", "Missing CRL Test1",{bad_cert,
+    run([{ "4.4.1", "Missing CRL Test1 EE",{bad_cert,
     revocation_status_undetermined}}]).
 
 revoked_CA(doc) ->
@@ -293,7 +292,7 @@ revoked_CA(doc) ->
 revoked_CA(suite) ->
     [];
 revoked_CA(Config) when is_list(Config) ->
-    run([{ "4.4.2", "Invalid Revoked CA Test2", {bad_cert,
+    run([{ "4.4.2", "Invalid Revoked CA Test2 EE", {bad_cert,
     {revoked, keyCompromise}}}]).
 
 revoked_peer(doc) ->
@@ -301,7 +300,7 @@ revoked_peer(doc) ->
 revoked_peer(suite) ->
     [];
 revoked_peer(Config) when is_list(Config) ->
-    run([{ "4.4.3", "Invalid Revoked EE Test3", {bad_cert,
+    run([{ "4.4.3", "Invalid Revoked EE Test3 EE", {bad_cert,
     {revoked, keyCompromise}}}]).
 
 invalid_CRL_signature(doc) ->
@@ -309,7 +308,7 @@ invalid_CRL_signature(doc) ->
 invalid_CRL_signature(suite) ->
     [];
 invalid_CRL_signature(Config) when is_list(Config) ->
-    run([{ "4.4.4", "Invalid Bad CRL Signature Test4",
+    run([{ "4.4.4", "Invalid Bad CRL Signature Test4 EE",
 	   {bad_cert, revocation_status_undetermined}}]).
 
 invalid_CRL_issuer(doc) ->
@@ -317,7 +316,7 @@ invalid_CRL_issuer(doc) ->
 invalid_CRL_issuer(suite) ->
     [];
 invalid_CRL_issuer(Config) when is_list(Config) ->
-    run({ "4.4.5", "Invalid Bad CRL Issuer Name Test5",
+    run({ "4.4.5", "Invalid Bad CRL Issuer Name Test5 EE",
 	  {bad_cert, revocation_status_undetermined}}).
 
 invalid_CRL(doc) ->
@@ -325,7 +324,7 @@ invalid_CRL(doc) ->
 invalid_CRL(suite) ->
     [];
 invalid_CRL(Config) when is_list(Config) ->
-    run([{ "4.4.6", "Invalid Wrong CRL Test6",
+    run([{ "4.4.6", "Invalid Wrong CRL Test6 EE",
 	   {bad_cert, revocation_status_undetermined}}]).
 
 valid_CRL(doc) ->
@@ -333,18 +332,18 @@ valid_CRL(doc) ->
 valid_CRL(suite) ->
     [];
 valid_CRL(Config) when is_list(Config) ->
-    run([{ "4.4.7", "Valid Two CRLs Test7", ok}]).
+    run([{ "4.4.7", "Valid Two CRLs Test7 EE", ok}]).
 
 unknown_CRL_extension(doc) ->
     [""];
 unknown_CRL_extension(suite) ->
     [];
 unknown_CRL_extension(Config) when is_list(Config) ->
-    run([{ "4.4.8", "Invalid Unknown CRL Entry Extension Test8",
+    run([{ "4.4.8", "Invalid Unknown CRL Entry Extension Test8 EE",
 	   {bad_cert, {revoked, keyCompromise}}},
-	 { "4.4.9", "Invalid Unknown CRL Extension Test9",
+	 { "4.4.9", "Invalid Unknown CRL Extension Test9 EE",
 	   {bad_cert, {revoked, keyCompromise}}},
-	 { "4.4.10", "Invalid Unknown CRL Extension Test10",
+	 { "4.4.10", "Invalid Unknown CRL Extension Test10 EE",
 	   {bad_cert, revocation_status_undetermined}}]).
 
 old_CRL(doc) ->
@@ -352,9 +351,9 @@ old_CRL(doc) ->
 old_CRL(suite) ->
     [];
 old_CRL(Config) when is_list(Config) ->
-    run([{ "4.4.11", "Invalid Old CRL nextUpdate Test11",
+    run([{ "4.4.11", "Invalid Old CRL nextUpdate Test11 EE",
 	   {bad_cert, revocation_status_undetermined}},
-	 { "4.4.12", "Invalid pre2000 CRL nextUpdate Test12",
+	 { "4.4.12", "Invalid pre2000 CRL nextUpdate Test12 EE",
 	   {bad_cert, revocation_status_undetermined}}]).
 
 fresh_CRL(doc) ->
@@ -362,7 +361,7 @@ fresh_CRL(doc) ->
 fresh_CRL(suite) ->
     [];
 fresh_CRL(Config) when is_list(Config) ->
-    run([{ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", ok}]).
+    run([{ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13 EE", ok}]).
 
 valid_serial(doc) ->
     [""];
@@ -370,9 +369,9 @@ valid_serial(suite) ->
     [];
 valid_serial(Config) when is_list(Config) ->
     run([
-	 { "4.4.14", "Valid Negative Serial Number Test14",ok},
-	 { "4.4.16", "Valid Long Serial Number Test16", ok},
-	 { "4.4.17", "Valid Long Serial Number Test17", ok}
+	 { "4.4.14", "Valid Negative Serial Number Test14 EE",ok},
+	 { "4.4.16", "Valid Long Serial Number Test16 EE", ok},
+	 { "4.4.17", "Valid Long Serial Number Test17 EE", ok}
 	]).
 
 invalid_serial(doc) ->
@@ -380,9 +379,9 @@ invalid_serial(doc) ->
 invalid_serial(suite) ->
     [];
 invalid_serial(Config) when is_list(Config) ->
-    run([{ "4.4.15", "Invalid Negative Serial Number Test15",
+    run([{ "4.4.15", "Invalid Negative Serial Number Test15 EE",
 	   {bad_cert, {revoked, keyCompromise}}},
-	 { "4.4.18", "Invalid Long Serial Number Test18",
+	 { "4.4.18", "Invalid Long Serial Number Test18 EE",
 	   {bad_cert, {revoked, keyCompromise}}}]).
 
 valid_seperate_keys(doc) ->
@@ -390,7 +389,7 @@ valid_seperate_keys(doc) ->
 valid_seperate_keys(suite) ->
     [];
 valid_seperate_keys(Config) when is_list(Config) ->
-    run([{ "4.4.19", "Valid Separate Certificate and CRL Keys Test19",   ok}]).
+    run([{ "4.4.19", "Valid Separate Certificate and CRL Keys Test19 EE",   ok}]).
 
 invalid_separate_keys(doc) ->
     [""];
@@ -408,11 +407,11 @@ missing_basic_constraints(doc) ->
 missing_basic_constraints(suite) ->
     [];
 missing_basic_constraints(Config) when is_list(Config) ->
-    run([{ "4.6.1",  "Invalid Missing basicConstraints Test1",
+    run([{ "4.6.1",  "Invalid Missing basicConstraints Test1 EE",
 	   {bad_cert, missing_basic_constraint}},
-	 { "4.6.2",  "Invalid cA False Test2",
+	 { "4.6.2",  "Invalid cA False Test2 EE",
 	   {bad_cert, missing_basic_constraint}},
-	 { "4.6.3",  "Invalid cA False Test3",
+	 { "4.6.3",  "Invalid cA False Test3 EE",
 	   {bad_cert, missing_basic_constraint}}]).
 
 valid_basic_constraint(doc) ->
@@ -420,20 +419,20 @@ valid_basic_constraint(doc) ->
 valid_basic_constraint(suite) ->
     [];
 valid_basic_constraint(Config) when is_list(Config) ->
-    run([{"4.6.4", "Valid basicConstraints Not Critical Test4", ok}]).
+    run([{"4.6.4", "Valid basicConstraints Not Critical Test4 EE", ok}]).
 
 invalid_path_constraints(doc) ->
     [""];
 invalid_path_constraints(suite) ->
     [];
 invalid_path_constraints(Config) when is_list(Config) ->
-    run([{ "4.6.5", "Invalid pathLenConstraint Test5", {bad_cert, max_path_length_reached}},
-	 { "4.6.6", "Invalid pathLenConstraint Test6", {bad_cert, max_path_length_reached}},
-	 { "4.6.9", "Invalid pathLenConstraint Test9", {bad_cert, max_path_length_reached}},
-	 { "4.6.10", "Invalid pathLenConstraint Test10", {bad_cert, max_path_length_reached}},
-	 { "4.6.11", "Invalid pathLenConstraint Test11", {bad_cert, max_path_length_reached}},
-	 { "4.6.12", "Invalid pathLenConstraint Test12", {bad_cert, max_path_length_reached}},
-	 { "4.6.16", "Invalid Self-Issued pathLenConstraint Test16",
+    run([{ "4.6.5", "Invalid pathLenConstraint Test5 EE", {bad_cert, max_path_length_reached}},
+	 { "4.6.6", "Invalid pathLenConstraint Test6 EE", {bad_cert, max_path_length_reached}},
+	 { "4.6.9", "Invalid pathLenConstraint Test9 EE", {bad_cert, max_path_length_reached}},
+	 { "4.6.10", "Invalid pathLenConstraint Test10 EE", {bad_cert, max_path_length_reached}},
+	 { "4.6.11", "Invalid pathLenConstraint Test11 EE", {bad_cert, max_path_length_reached}},
+	 { "4.6.12", "Invalid pathLenConstraint Test12 EE", {bad_cert, max_path_length_reached}},
+	 { "4.6.16", "Invalid Self-Issued pathLenConstraint Test16 EE",
 	   {bad_cert, max_path_length_reached}}]).
 
 valid_path_constraints(doc) ->
@@ -441,12 +440,12 @@ valid_path_constraints(doc) ->
 valid_path_constraints(suite) ->
     [];
 valid_path_constraints(Config) when is_list(Config) ->
-    run([{ "4.6.7",  "Valid pathLenConstraint Test7", ok},
-	 { "4.6.8",  "Valid pathLenConstraint Test8", ok},
-	 { "4.6.13", "Valid pathLenConstraint Test13", ok},
-	 { "4.6.14", "Valid pathLenConstraint Test14", ok},
-	 { "4.6.15", "Valid Self-Issued pathLenConstraint Test15", ok},
-	 { "4.6.17", "Valid Self-Issued pathLenConstraint Test17", ok}]).
+    run([{ "4.6.7",  "Valid pathLenConstraint Test7 EE", ok},
+	 { "4.6.8",  "Valid pathLenConstraint Test8 EE", ok},
+	 { "4.6.13", "Valid pathLenConstraint Test13 EE", ok},
+	 { "4.6.14", "Valid pathLenConstraint Test14 EE", ok},
+	 { "4.6.15", "Valid Self-Issued pathLenConstraint Test15 EE", ok},
+	 { "4.6.17", "Valid Self-Issued pathLenConstraint Test17 EE", ok}]).
 
 %%-----------------------------------------------------------------------------
 invalid_key_usage(doc) ->
@@ -454,14 +453,14 @@ invalid_key_usage(doc) ->
 invalid_key_usage(suite) ->
     [];
 invalid_key_usage(Config) when is_list(Config) ->
-    run([{ "4.7.1",  "Invalid keyUsage Critical keyCertSign False Test1",
+    run([{ "4.7.1",  "Invalid keyUsage Critical keyCertSign False Test1 EE",
 	   {bad_cert,invalid_key_usage} },
-	 { "4.7.2",  "Invalid keyUsage Not Critical keyCertSign False Test2",
-	   {bad_cert,invalid_key_usage}},
-	{ "4.7.4",  "Invalid keyUsage Critical cRLSign False Test4",
-	  {bad_cert, revocation_status_undetermined}},
-	 { "4.7.5",  "Invalid keyUsage Not Critical cRLSign False Test5",
-	   {bad_cert, revocation_status_undetermined}}
+	 { "4.7.2",  "Invalid keyUsage Not Critical keyCertSign False Test2 EE",
+	   {bad_cert,invalid_key_usage}}
+	%% { "4.7.4",  "Invalid keyUsage Critical cRLSign False Test4 EE",
+	%%   {bad_cert, revocation_status_undetermined}},
+	%%  { "4.7.5",  "Invalid keyUsage Not Critical cRLSign False Test5 EE",
+	%%    {bad_cert, revocation_status_undetermined}}
 	]).
 
 valid_key_usage(doc) ->
@@ -469,7 +468,7 @@ valid_key_usage(doc) ->
 valid_key_usage(suite) ->
     [];
 valid_key_usage(Config) when is_list(Config) ->
-    run([{ "4.7.3",  "Valid keyUsage Not Critical Test3", ok}]).
+    run([{ "4.7.3",  "Valid keyUsage Not Critical Test3 EE", ok}]).
 
 %%-----------------------------------------------------------------------------
 certificate_policies(doc) ->    [""];
@@ -503,32 +502,32 @@ valid_DN_name_constraints(doc) ->
 valid_DN_name_constraints(suite) ->
     [];
 valid_DN_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.1",  "Valid DN nameConstraints Test1", ok},
-	 { "4.13.4",  "Valid DN nameConstraints Test4", ok},
-	 { "4.13.5",  "Valid DN nameConstraints Test5", ok},
-	 { "4.13.6",  "Valid DN nameConstraints Test6", ok},
-	 { "4.13.11", "Valid DN nameConstraints Test11", ok},
-	 { "4.13.14", "Valid DN nameConstraints Test14", ok},
-	 { "4.13.18", "Valid DN nameConstraints Test18", ok},
-	 { "4.13.19", "Valid Self-Issued DN nameConstraints Test19", ok}]).
+    run([{ "4.13.1",  "Valid DN nameConstraints Test1 EE", ok},
+	 { "4.13.4",  "Valid DN nameConstraints Test4 EE", ok},
+	 { "4.13.5",  "Valid DN nameConstraints Test5 EE", ok},
+	 { "4.13.6",  "Valid DN nameConstraints Test6 EE", ok},
+	 { "4.13.11", "Valid DN nameConstraints Test11 EE", ok},
+	 { "4.13.14", "Valid DN nameConstraints Test14 EE", ok},
+	 { "4.13.18", "Valid DN nameConstraints Test18 EE", ok},
+	 { "4.13.19", "Valid DN nameConstraints Test19 EE", ok}]).
 
 invalid_DN_name_constraints(doc) ->
     [""];
 invalid_DN_name_constraints(suite) ->
     [];
 invalid_DN_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.2", "Invalid DN nameConstraints Test2", {bad_cert, name_not_permitted}},
-	 { "4.13.3",  "Invalid DN nameConstraints Test3", {bad_cert, name_not_permitted}},
-	 { "4.13.7",  "Invalid DN nameConstraints Test7", {bad_cert, name_not_permitted}},
-	 { "4.13.8",  "Invalid DN nameConstraints Test8", {bad_cert, name_not_permitted}},
-	 { "4.13.9",  "Invalid DN nameConstraints Test9", {bad_cert, name_not_permitted}},
-	 { "4.13.10", "Invalid DN nameConstraints Test10",{bad_cert, name_not_permitted}},
-	 { "4.13.12", "Invalid DN nameConstraints Test12",{bad_cert, name_not_permitted}},
-	 { "4.13.13", "Invalid DN nameConstraints Test13",{bad_cert, name_not_permitted}},
-	 { "4.13.15", "Invalid DN nameConstraints Test15",{bad_cert, name_not_permitted}},
-	 { "4.13.16", "Invalid DN nameConstraints Test16",{bad_cert, name_not_permitted}},
-	 { "4.13.17", "Invalid DN nameConstraints Test17",{bad_cert, name_not_permitted}},
-	 { "4.13.20", "Invalid Self-Issued DN nameConstraints Test20",
+    run([{ "4.13.2", "Invalid DN nameConstraints Test2 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.3",  "Invalid DN nameConstraints Test3 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.7",  "Invalid DN nameConstraints Test7 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.8",  "Invalid DN nameConstraints Test8 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.9",  "Invalid DN nameConstraints Test9 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.10", "Invalid DN nameConstraints Test10 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.12", "Invalid DN nameConstraints Test12 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.13", "Invalid DN nameConstraints Test13 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.15", "Invalid DN nameConstraints Test15 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.16", "Invalid DN nameConstraints Test16 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.17", "Invalid DN nameConstraints Test17 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.20", "Invalid DN nameConstraints Test20 EE",
 	   {bad_cert, name_not_permitted}}]).
 
 valid_rfc822_name_constraints(doc) ->
@@ -536,9 +535,9 @@ valid_rfc822_name_constraints(doc) ->
 valid_rfc822_name_constraints(suite) ->
     [];
 valid_rfc822_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.21", "Valid RFC822 nameConstraints Test21", ok},
-	 { "4.13.23", "Valid RFC822 nameConstraints Test23", ok},
-	 { "4.13.25", "Valid RFC822 nameConstraints Test25", ok}]).
+    run([{ "4.13.21", "Valid RFC822 nameConstraints Test21 EE", ok},
+	 { "4.13.23", "Valid RFC822 nameConstraints Test23 EE", ok},
+	 { "4.13.25", "Valid RFC822 nameConstraints Test25 EE", ok}]).
 
 
 invalid_rfc822_name_constraints(doc) ->
@@ -546,11 +545,11 @@ invalid_rfc822_name_constraints(doc) ->
 invalid_rfc822_name_constraints(suite) ->
     [];
 invalid_rfc822_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.22", "Invalid RFC822 nameConstraints Test22",
+    run([{ "4.13.22", "Invalid RFC822 nameConstraints Test22 EE",
 	   {bad_cert, name_not_permitted}},
-	 { "4.13.24", "Invalid RFC822 nameConstraints Test24",
+	 { "4.13.24", "Invalid RFC822 nameConstraints Test24 EE",
 	   {bad_cert, name_not_permitted}},
-	 { "4.13.26", "Invalid RFC822 nameConstraints Test26",
+	 { "4.13.26", "Invalid RFC822 nameConstraints Test26 EE",
 	   {bad_cert, name_not_permitted}}]).
 
 valid_DN_and_rfc822_name_constraints(doc) ->
@@ -558,16 +557,16 @@ valid_DN_and_rfc822_name_constraints(doc) ->
 valid_DN_and_rfc822_name_constraints(suite) ->
     [];
 valid_DN_and_rfc822_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", ok}]).
+    run([{ "4.13.27", "Valid DN and RFC822 nameConstraints Test27 EE", ok}]).
 
 invalid_DN_and_rfc822_name_constraints(doc) ->
     [""];
 invalid_DN_and_rfc822_name_constraints(suite) ->
     [];
 invalid_DN_and_rfc822_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28",
+    run([{ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28 EE",
 	   {bad_cert, name_not_permitted}},
-	 { "4.13.29", "Invalid DN and RFC822 nameConstraints Test29",
+	 { "4.13.29", "Invalid DN and RFC822 nameConstraints Test29 EE",
 	   {bad_cert, name_not_permitted}}]).
 
 valid_dns_name_constraints(doc) ->
@@ -575,33 +574,33 @@ valid_dns_name_constraints(doc) ->
 valid_dns_name_constraints(suite) ->
     [];
 valid_dns_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.30", "Valid DNS nameConstraints Test30", ok},
-	 { "4.13.32", "Valid DNS nameConstraints Test32", ok}]).
+    run([{ "4.13.30", "Valid DNS nameConstraints Test30 EE", ok},
+	 { "4.13.32", "Valid DNS nameConstraints Test32 EE", ok}]).
 
 invalid_dns_name_constraints(doc) ->
     [""];
 invalid_dns_name_constraints(suite) ->
     [];
 invalid_dns_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.31", "Invalid DNS nameConstraints Test31", {bad_cert, name_not_permitted}},
-	 { "4.13.33", "Invalid DNS nameConstraints Test33", {bad_cert, name_not_permitted}},
-	 { "4.13.38", "Invalid DNS nameConstraints Test38", {bad_cert, name_not_permitted}}]).
+    run([{ "4.13.31", "Invalid DNS nameConstraints Test31 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.33", "Invalid DNS nameConstraints Test33 EE", {bad_cert, name_not_permitted}},
+	 { "4.13.38", "Invalid DNS nameConstraints Test38 EE", {bad_cert, name_not_permitted}}]).
 
 valid_uri_name_constraints(doc) ->
     [""];
 valid_uri_name_constraints(suite) ->
     [];
 valid_uri_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.34", "Valid URI nameConstraints Test34", ok},
-	 { "4.13.36", "Valid URI nameConstraints Test36", ok}]).
+    run([{ "4.13.34", "Valid URI nameConstraints Test34 EE", ok},
+	 { "4.13.36", "Valid URI nameConstraints Test36 EE", ok}]).
 
 invalid_uri_name_constraints(doc) ->
     [""];
 invalid_uri_name_constraints(suite) ->
     [];
 invalid_uri_name_constraints(Config) when is_list(Config) ->
-    run([{ "4.13.35", "Invalid URI nameConstraints Test35",{bad_cert, name_not_permitted}},
-	 { "4.13.37", "Invalid URI nameConstraints Test37",{bad_cert, name_not_permitted}}]).
+    run([{ "4.13.35", "Invalid URI nameConstraints Test35 EE",{bad_cert, name_not_permitted}},
+	 { "4.13.37", "Invalid URI nameConstraints Test37 EE",{bad_cert, name_not_permitted}}]).
 
 %%-----------------------------------------------------------------------------
 delta_without_crl(doc) ->
@@ -609,20 +608,20 @@ delta_without_crl(doc) ->
 delta_without_crl(suite) ->
     [];
 delta_without_crl(Config) when is_list(Config) ->
-  run([{ "4.15.1",  "Invalid deltaCRLIndicator No Base Test1",{bad_cert,
+  run([{ "4.15.1",  "Invalid deltaCRLIndicator No Base Test1 EE",{bad_cert,
 							       revocation_status_undetermined}},
-       {"4.15.10", "Invalid delta-CRL Test10", {bad_cert,
-						revocation_status_undetermined}}]).
+       {"4.15.10", "Invalid delta-CRL Test10 EE", {bad_cert,
+						   revocation_status_undetermined}}]).
 
 valid_delta_crls(doc) ->
     [""];
 valid_delta_crls(suite) ->
     [];
 valid_delta_crls(Config) when is_list(Config) ->
-    run([{ "4.15.2",  "Valid delta-CRL Test2", ok},
-	 { "4.15.5",  "Valid delta-CRL Test5", ok},
-	 { "4.15.7",  "Valid delta-CRL Test7", ok},
-	 { "4.15.8",  "Valid delta-CRL Test8", ok}
+    run([{ "4.15.2",  "Valid delta-CRL Test2 EE", ok},
+	 { "4.15.5",  "Valid delta-CRL Test5 EE", ok},
+	 { "4.15.7",  "Valid delta-CRL Test7 EE", ok},
+	 { "4.15.8",  "Valid delta-CRL Test8 EE", ok}
 	]).
 
 invalid_delta_crls(doc) ->
@@ -630,10 +629,10 @@ invalid_delta_crls(doc) ->
 invalid_delta_crls(suite) ->
     [];
 invalid_delta_crls(Config) when is_list(Config) ->
-    run([{ "4.15.3",  "Invalid delta-CRL Test3", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.15.4",  "Invalid delta-CRL Test4", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.15.6",  "Invalid delta-CRL Test6", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.15.9",  "Invalid delta-CRL Test9", {bad_cert,{revoked, keyCompromise}}}]).
+    run([{ "4.15.3",  "Invalid delta-CRL Test3 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.15.4",  "Invalid delta-CRL Test4 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.15.6",  "Invalid delta-CRL Test6 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.15.9",  "Invalid delta-CRL Test9 EE", {bad_cert,{revoked, keyCompromise}}}]).
 
 %%-----------------------------------------------------------------------------
 
@@ -642,10 +641,10 @@ valid_distribution_points(doc) ->
 valid_distribution_points(suite) ->
     [];
 valid_distribution_points(Config) when is_list(Config) ->
-    run([{ "4.14.1",  "Valid distributionPoint Test1", ok},
-	 { "4.14.4",  "Valid distributionPoint Test4", ok},
-	 { "4.14.5",  "Valid distributionPoint Test5", ok},
-	 { "4.14.7",  "Valid distributionPoint Test7", ok}
+    run([{ "4.14.1",  "Valid distributionPoint Test1 EE", ok},
+	 { "4.14.4",  "Valid distributionPoint Test4 EE", ok},
+	 { "4.14.5",  "Valid distributionPoint Test5 EE", ok},
+	 { "4.14.7",  "Valid distributionPoint Test7 EE", ok}
 	]).
 
 valid_distribution_points_no_issuing_distribution_point(doc) ->
@@ -661,13 +660,13 @@ invalid_distribution_points(doc) ->
 invalid_distribution_points(suite) ->
     [];
 invalid_distribution_points(Config) when is_list(Config) ->
-    run([{ "4.14.2",  "Invalid distributionPoint Test2", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.3",  "Invalid distributionPoint Test3", {bad_cert,
+    run([{ "4.14.2",  "Invalid distributionPoint Test2 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.14.3",  "Invalid distributionPoint Test3 EE", {bad_cert,
 							  revocation_status_undetermined}},
-	 { "4.14.6",  "Invalid distributionPoint Test6", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.8",  "Invalid distributionPoint Test8", {bad_cert,
+	 { "4.14.6",  "Invalid distributionPoint Test6 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.14.8",  "Invalid distributionPoint Test8 EE", {bad_cert,
 							  revocation_status_undetermined}},
-	 { "4.14.9",  "Invalid distributionPoint Test9", {bad_cert,
+	 { "4.14.9",  "Invalid distributionPoint Test9 EE", {bad_cert,
 							  revocation_status_undetermined}}
 	]).
 
@@ -676,7 +675,7 @@ valid_only_contains(doc) ->
 valid_only_contains(suite) ->
     [];
 valid_only_contains(Config) when is_list(Config) ->
-    run([{ "4.14.13", "Valid onlyContainsCACerts CRL Test13", ok}]).
+    run([{ "4.14.13", "Valid onlyContainsCACerts CRL Test13 EE", ok}]).
 
 
 invalid_only_contains(doc) ->
@@ -684,11 +683,11 @@ invalid_only_contains(doc) ->
 invalid_only_contains(suite) ->
     [];
 invalid_only_contains(Config) when is_list(Config) ->
-    run([{ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11",
+    run([{ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11 EE",
 	   {bad_cert, revocation_status_undetermined}},
-	 { "4.14.12", "Invalid onlyContainsCACerts CRL Test12",
+	 { "4.14.12", "Invalid onlyContainsCACerts CRL Test12 EE",
 	   {bad_cert, revocation_status_undetermined}},
-	 { "4.14.14", "Invalid onlyContainsAttributeCerts Test14",
+	 { "4.14.14", "Invalid onlyContainsAttributeCerts Test14 EE",
 	   {bad_cert, revocation_status_undetermined}}
 	]).
 
@@ -697,8 +696,8 @@ valid_only_some_reasons(doc) ->
 valid_only_some_reasons(suite) ->
     [];
 valid_only_some_reasons(Config) when is_list(Config) ->
-    run([{ "4.14.18", "Valid onlySomeReasons Test18", ok},
-	 { "4.14.19", "Valid onlySomeReasons Test19", ok}
+    run([{ "4.14.18", "Valid onlySomeReasons Test18 EE", ok},
+	 { "4.14.19", "Valid onlySomeReasons Test19 EE", ok}
 	]).
 
 invalid_only_some_reasons(doc) ->
@@ -706,15 +705,15 @@ invalid_only_some_reasons(doc) ->
 invalid_only_some_reasons(suite) ->
     [];
 invalid_only_some_reasons(Config) when is_list(Config) ->
-    run([{ "4.14.15", "Invalid onlySomeReasons Test15",
+    run([{ "4.14.15", "Invalid onlySomeReasons Test15 EE",
 	   {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.16", "Invalid onlySomeReasons Test16",
+	 { "4.14.16", "Invalid onlySomeReasons Test16 EE",
 	   {bad_cert,{revoked, certificateHold}}},
-	 { "4.14.17", "Invalid onlySomeReasons Test17",
+	 { "4.14.17", "Invalid onlySomeReasons Test17 EE",
 	   {bad_cert, revocation_status_undetermined}},
-	 { "4.14.20", "Invalid onlySomeReasons Test20",
+	 { "4.14.20", "Invalid onlySomeReasons Test20 EE",
 	   {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.21", "Invalid onlySomeReasons Test21",
+	 { "4.14.21", "Invalid onlySomeReasons Test21 EE",
 	   {bad_cert,{revoked, affiliationChanged}}}
 	]).
 
@@ -723,9 +722,9 @@ valid_indirect_crl(doc) ->
 valid_indirect_crl(suite) ->
     [];
 valid_indirect_crl(Config) when is_list(Config) ->
-    run([{ "4.14.22", "Valid IDP with indirectCRL Test22", ok},
-	 { "4.14.24", "Valid IDP with indirectCRL Test24", ok},
-	 { "4.14.25", "Valid IDP with indirectCRL Test25", ok}
+    run([{ "4.14.22", "Valid IDP with indirectCRL Test22 EE", ok},
+	 { "4.14.24", "Valid IDP with indirectCRL Test24 EE", ok},
+	 { "4.14.25", "Valid IDP with indirectCRL Test25 EE", ok}
 	]).
 
 invalid_indirect_crl(doc) ->
@@ -733,9 +732,9 @@ invalid_indirect_crl(doc) ->
 invalid_indirect_crl(suite) ->
     [];
 invalid_indirect_crl(Config) when is_list(Config) ->
-    run([{ "4.14.23", "Invalid IDP with indirectCRL Test23",
+    run([{ "4.14.23", "Invalid IDP with indirectCRL Test23 EE",
 	   {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.26", "Invalid IDP with indirectCRL Test26",
+	 { "4.14.26", "Invalid IDP with indirectCRL Test26 EE",
 	   {bad_cert, revocation_status_undetermined}}
 	]).
 
@@ -744,9 +743,9 @@ valid_crl_issuer(doc) ->
 valid_crl_issuer(suite) ->
     [];
 valid_crl_issuer(Config) when is_list(Config) ->
-    run([{ "4.14.28", "Valid cRLIssuer Test28", ok}%%,
-	 %%{ "4.14.29", "Valid cRLIssuer Test29", ok},
-	 %%{ "4.14.33", "Valid cRLIssuer Test33", ok}
+    run([{ "4.14.28", "Valid cRLIssuer Test28 EE", ok}%%,
+	 %%{ "4.14.29", "Valid cRLIssuer Test29 EE", ok},
+	 %%{ "4.14.33", "Valid cRLIssuer Test33 EE", ok}
 	]).
 
 invalid_crl_issuer(doc) ->
@@ -755,11 +754,11 @@ invalid_crl_issuer(suite) ->
     [];
 invalid_crl_issuer(Config) when is_list(Config) ->
     run([
-	 { "4.14.27", "Invalid cRLIssuer Test27", {bad_cert, revocation_status_undetermined}},
-	 { "4.14.31", "Invalid cRLIssuer Test31", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.32", "Invalid cRLIssuer Test32", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.34", "Invalid cRLIssuer Test34", {bad_cert,{revoked, keyCompromise}}},
-	 { "4.14.35", "Invalid cRLIssuer Test35", {bad_cert, revocation_status_undetermined}}
+	 { "4.14.27", "Invalid cRLIssuer Test27 EE", {bad_cert, revocation_status_undetermined}},
+	 { "4.14.31", "Invalid cRLIssuer Test31 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.14.32", "Invalid cRLIssuer Test32 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.14.34", "Invalid cRLIssuer Test34 EE", {bad_cert,{revoked, keyCompromise}}},
+	 { "4.14.35", "Invalid cRLIssuer Test35 EE", {bad_cert, revocation_status_undetermined}}
 	]).
 
 
@@ -780,7 +779,7 @@ unknown_critical_extension(doc) ->
 unknown_critical_extension(suite) ->
     [];
 unknown_critical_extension(Config) when is_list(Config) ->
-    run([{ "4.16.2",  "Invalid Unknown Critical Certificate Extension Test2",
+    run([{ "4.16.2",  "Invalid Unknown Critical Certificate Extension Test2 EE",
 	   {bad_cert,unknown_critical_extension}}]).
 
 unknown_not_critical_extension(doc) ->
@@ -788,16 +787,18 @@ unknown_not_critical_extension(doc) ->
 unknown_not_critical_extension(suite) ->
     [];
 unknown_not_critical_extension(Config) when is_list(Config) ->
-    run([{ "4.16.1",  "Valid Unknown Not Critical Certificate Extension Test1", ok}]).
+    run([{ "4.16.1",  "Valid Unknown Not Critical Certificate Extension Test1 EE", ok}]).
 
 %%-----------------------------------------------------------------------------
 run(Tests) ->    
-    File = file(?CERTS,"TrustAnchorRootCertificate.crt"),
-    {ok, TA} = file:read_file(File),
+    [TA] = read_certs("Trust Anchor Root Certificate"),
     run(Tests, TA).
 
 run({Chap, Test, Result}, TA) ->
-    CertChain = sort_chain(read_certs(Test),TA, [], false, Chap),
+    CertChain = cas(Chap) ++ read_certs(Test),
+    lists:foreach(fun(C) ->
+			  io:format("CERT: ~p~n", [public_key:pkix_decode_cert(C, otp)])
+		  end, CertChain),
     Options = path_validation_options(TA, Chap,Test),
     try public_key:pkix_path_validation(TA, CertChain, Options) of
 	{Result, _} -> ok;
@@ -1134,6 +1135,7 @@ read_crls(Test) ->
     [CRL || {'CertificateList', CRL, not_encrypted} <- Ders].
 
 test_file(Test) ->
+    io:format("TEST: ~p~n", [Test]),
     file(?CONV, lists:append(string:tokens(Test, " -")) ++ ".pem").
 
 file(Sub,File) ->
@@ -1150,79 +1152,246 @@ file(Sub,File) ->
     end,
     AbsFile.
 
-sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.5.3"->
-     [CA, Entity, Self] = do_sort_chain(Certs, TA, Acc, Bool, Chap),
-     [CA, Self, Entity];
-sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.5.4";
-					    Chap == "4.5.5" ->
-     [CA, Entity, _Self] = do_sort_chain(Certs, TA, Acc, Bool, Chap),
-     [CA, Entity];
-
-sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.14.24";
-					    Chap == "4.14.25";
-					    Chap == "4.14.26";
-					    Chap == "4.14.27";
-					    Chap == "4.14.31";
-					    Chap == "4.14.32";
-					    Chap == "4.14.33" ->
-    [_OtherCA, Entity, CA] = do_sort_chain(Certs, TA, Acc, Bool, Chap),
-    [CA, Entity];
-
-sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.14.28";
-					    Chap == "4.14.29" ->
-    [CA, _OtherCA, Entity] = do_sort_chain(Certs, TA, Acc, Bool, Chap),
-    [CA, Entity];
-
-
-sort_chain(Certs, TA, Acc, Bool, Chap) when Chap == "4.14.33" ->
-    [Entity, CA, _OtherCA] = do_sort_chain(Certs, TA, Acc, Bool, Chap),
-    [CA, Entity];
-
-
-sort_chain(Certs, TA, Acc, Bool, Chap) ->
-    do_sort_chain(Certs, TA, Acc, Bool, Chap).
-
-do_sort_chain([First], TA, Try, Found, Chap) when Chap == "4.5.6";
-						  Chap == "4.5.7";
-						  Chap == "4.4.19";
-						  Chap == "4.4.20";
-						  Chap == "4.4.21"->
-    case public_key:pkix_is_issuer(First,TA) of
-	true -> 
-	    [First|do_sort_chain([],First,Try,true, Chap)];
-	false ->
-	    do_sort_chain([],TA,[First|Try],Found, Chap)
-    end;
-do_sort_chain([First|Certs], TA, Try, Found, Chap) when Chap == "4.5.6";
-							Chap == "4.5.7";
-							Chap == "4.4.19";
-							Chap  == "4.4.20";
-							Chap == "4.4.21"->
-%%    case check_extension_cert_signer(public_key:pkix_decode_cert(First, otp)) of
-%%	true ->
-    case public_key:pkix_is_issuer(First,TA) of
-	true ->
-	    [First|do_sort_chain(Certs,First,Try,true, Chap)];
-	false ->
-	    do_sort_chain(Certs,TA,[First|Try],Found, Chap)
-    end;
-%%	false ->
-%%	    do_sort_chain(Certs, TA, Try, Found, Chap)
-%%   end;
-
-do_sort_chain([First|Certs], TA, Try, Found, Chap) ->
-    case public_key:pkix_is_issuer(First,TA) of
-	true ->
-	    [First|do_sort_chain(Certs,First,Try,true, Chap)];
-	false ->
-	    do_sort_chain(Certs,TA,[First|Try],Found, Chap)
-    end;
-
-do_sort_chain([], _, [],_, _) -> [];
-do_sort_chain([], Valid, Check, true, Chap) ->
-    do_sort_chain(lists:reverse(Check), Valid, [], false, Chap);
-do_sort_chain([], _Valid, Check, false, _) ->
-    Check.
+cas(Chap) ->
+    CAS = intermidiate_cas(Chap),
+    lists:foldl(fun([], Acc) ->
+			Acc;
+		   (CA, Acc) -> 
+			[CACert] = read_certs(CA),
+			[CACert | Acc]
+		end, [], CAS).
+ 
+intermidiate_cas(Chap) when Chap == "4.1.1";
+			    Chap == "4.1.3";
+			    Chap == "4.2.2";
+			    Chap == "4.2.3";
+			    Chap == "4.2.4";
+			    Chap == "4.2.6";
+			    Chap == "4.2.7";
+			    Chap == "4.2.8";
+			    Chap == "4.3.1";
+			    Chap == "4.3.3";
+			    Chap == "4.3.4";
+			    Chap == "4.3.5";
+			    Chap == "4.4.3"
+			    ->
+    ["Good CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.1.2" ->
+    ["Bad Signed CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.1.4";
+			    Chap == "4.1.6" ->
+    ["DSA CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.1.5" ->
+    ["DSA Parameters Inherited CA Cert", "DSA CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.2.1";
+			   Chap == "4.2.5" ->
+    ["Bad notBefore Date CA Cert"];
+
+intermidiate_cas(Chap) when  Chap == "4.16.1";
+			    Chap == "4.16.2" ->
+    ["Trust Anchor Root Certificate"];			    
+
+intermidiate_cas(Chap) when Chap == "4.3.2" ->
+    ["Name Ordering CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.34";
+			    Chap == "4.13.35" ->
+    ["nameConstraints URI1 CA Cert"];
+intermidiate_cas(Chap) when Chap == "4.13.36";
+			   Chap == "4.13.37" ->
+    ["nameConstraints URI2 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.30";
+			    Chap == "4.13.31";
+			    Chap == "4.13.38"
+			    ->
+    ["nameConstraints DNS1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.32";
+			   Chap == "4.13.33" ->
+    ["nameConstraints DNS2 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.27";
+			    Chap == "4.13.28";
+			    Chap == "4.13.29" ->
+    ["nameConstraints DN1 subCA3 Cert", 
+     "nameConstraints DN1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.21";
+			    Chap == "4.13.22" ->
+    ["nameConstraints RFC822 CA1 Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.23";
+			    Chap == "4.13.24" ->
+    ["nameConstraints RFC822 CA2 Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.25";
+			    Chap == "4.13.26" ->
+    ["nameConstraints RFC822 CA3 Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.1" ->
+    ["Missing basicConstraints CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.2" ->
+    ["basicConstraints Critical cA False CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.3" ->
+    ["basicConstraints Not Critical cA False CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.5.2";
+			    Chap == "4.5.5" ->
+    ["Basic Self-Issued New Key CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.5.1" ->
+    ["Basic Self-Issued New Key OldWithNew CA Cert", "Basic Self-Issued New Key CA Cert"];
+
+intermidiate_cas(Chap) when	Chap == "4.5.3" ->
+    ["Basic Self-Issued Old Key NewWithOld CA Cert", "Basic Self-Issued Old Key CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.5.4" ->
+    ["Basic Self-Issued Old Key CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.1"; 
+			    Chap == "4.13.2";
+			    Chap == "4.13.3";
+			    Chap == "4.13.4";
+			    Chap == "4.13.20"
+			    ->
+    ["nameConstraints DN1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.5" ->
+    ["nameConstraints DN2 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.6";
+			    Chap == "4.13.7" ->
+    ["nameConstraints DN3 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.8";
+			    Chap == "4.13.9" ->
+    ["nameConstraints DN4 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.10";
+			    Chap == "4.13.11" ->
+    ["nameConstraints DN5 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.12" ->
+    ["nameConstraints DN1 subCA1 Cert",
+     "nameConstraints DN1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.13";
+			    Chap == "4.13.14" ->
+    ["nameConstraints DN1 subCA2 Cert",
+     "nameConstraints DN1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.15";
+			    Chap == "4.13.16" ->
+    ["nameConstraints DN3 subCA1 Cert",
+     "nameConstraints DN3 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.17";
+			    Chap == "4.13.18" ->
+    ["nameConstraints DN3 subCA2 Cert",
+     "nameConstraints DN3 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.13.19" ->
+    ["nameConstraints DN1 Self-Issued CA Cert",
+     "nameConstraints DN1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.5.6" ->
+    ["Basic Self-Issued CRL Signing Key CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.7.1";
+			    Chap == "4.7.4" -> 
+    ["keyUsage Critical keyCertSign False CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.7.2";
+			    Chap == "4.7.5" -> 
+    ["keyUsage Not Critical keyCertSign False CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.7.3" -> 
+    ["keyUsage Not Critical CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.3.7" -> 
+    ["RFC3280 Mandatory Attribute Types CA Cert"];
+intermidiate_cas(Chap) when Chap == "4.3.8" -> 
+    ["RFC3280 Optional Attribute Types CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.3.6" -> 
+    ["UIDCACert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.4" -> 
+    ["basicConstraints Not Critical CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.1.26" -> 
+    ["nameConstraints RFC822 CA3 Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.3.9" -> 
+    ["UTF8String Encoded Names CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.3.10" -> 
+    ["Rollover from PrintableString to UTF8String CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.3.11" -> 
+    ["UTF8String Case Insensitive Match CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.7";
+			    Chap == "4.6.8"
+			    -> 
+    ["pathLenConstraint0 CA Cert"];
+intermidiate_cas(Chap) when Chap == "4.6.13" -> 
+    [ "pathLenConstraint6 subsubsubCA41X Cert",
+      "pathLenConstraint6 subsubCA41 Cert", 
+      "pathLenConstraint6 subCA4 Cert", 
+      "pathLenConstraint6 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.14" -> 
+    [ "pathLenConstraint6 subsubsubCA41X Cert",
+      "pathLenConstraint6 subsubCA41 Cert", 
+      "pathLenConstraint6 subCA4 Cert", 
+      "pathLenConstraint6 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.15" -> 
+     [ "pathLenConstraint0 Self-Issued CA Cert",
+       "pathLenConstraint0 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.17" -> 
+    ["pathLenConstraint1 Self-Issued subCA Cert",
+     "pathLenConstraint1 subCA Cert", 
+     "pathLenConstraint1 Self-Issued CA Cert", 
+     "pathLenConstraint1 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.5";
+			    Chap == "4.6.6" -> 
+    ["pathLenConstraint0 subCA Cert", 
+     "pathLenConstraint0 CA Cert"]; 
+
+intermidiate_cas(Chap) when Chap == "4.6.9";
+			    Chap == "4.6.10" -> 
+    ["pathLenConstraint6 subsubCA00 Cert",
+     "pathLenConstraint6 subCA0 Cert",
+     "pathLenConstraint6 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.11";
+			    Chap == "4.6.12" -> 
+    ["pathLenConstraint6 subsubsubCA11X Cert",
+     "pathLenConstraint6 subsubCA11 Cert",
+     "pathLenConstraint6 subCA1 Cert",
+     "pathLenConstraint6 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.6.16" ->
+    ["pathLenConstraint0 subCA2 Cert",
+     "pathLenConstraint0 Self-Issued CA Cert",
+     "pathLenConstraint0 CA Cert"];
+
+intermidiate_cas(Chap) when Chap == "4.5.7";
+			    Chap == "4.5.8"
+			    ->
+    ["Basic Self-Issued CRL Signing Key CRL Cert", 
+     "Basic Self-Issued CRL Signing Key CA Cert"].
 
 error(Format, Args, File0, Line) ->
     File = filename:basename(File0),
@@ -1340,3 +1509,12 @@ inhibit_any_policy() ->
      {"4.12.8",  "Invalid Self-Issued inhibitAnyPolicy Test8",    43 },
      {"4.12.9",  "Valid Self-Issued inhibitAnyPolicy Test9",      ok},
      {"4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10",   43 }].
+
+crypto_support_check(Config) ->
+    try crypto:sha256(<<"Test">>) of
+     	_ ->
+	    Config
+    catch error:notsup ->
+	    crypto:stop(),
+     	    {skip, "To old version of openssl"}
+    end.
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesAnyPolicyTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesAnyPolicyTest11.pem
deleted file mode 100644
index 8f00499440..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesAnyPolicyTest11.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=anyPolicy CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfDCCAeWgAwIBAgIBJjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMYW55UG9saWN5
-IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGOGYJ7e91FozKo0McZ6T1
-zTYa4IXfHqChuqKgri79fgKVZZsKwOyoHWJfsLn6ClknlWE9NJATHZfQp8GfLy9k
-MbdXEKgZQoyWOV2Q0s37ez+I4yuR33JZpxtpKqYQW2fKdhhOdR+DcLwgWUJ4s1Gg
-KCXhxYnC4nfSho/lgR3h/QIDAQABo4GFMIGCMB8GA1UdIwQYMBaAFPts1C2Bnson
-ep4NsDzqmryH/0nqMB0GA1UdDgQWBBQ+s56i5EOF+2dAMYYTm8Zh7YbV4jAOBgNV
-HQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAAMA8GA1UdEwEB/wQFMAMBAf8w
-DAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQA8JxYIM/manOaFxyoO3y+p
-th/jCQFiR6fDo5mhYEOjZuHDWdejSZvNtbpPfNnKmM6W/qI57hZBgVDil9P/CMSi
-wYPJvKl0ofonnhhPd+uMPhJENho/NhWyc1cgruABceTtBP966dRIhejL3K7SewrT
-aV+IWdHVMKREjOXtHakoKQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=All Certificates anyPolicy EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=anyPolicy CA
------BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBD
-QTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMwQWxsIENlcnRp
-ZmljYXRlcyBhbnlQb2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVzdDExMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQDXI8MbFkMJTmeIdP1EpYg8qYdNkQRq1yNQYMHH
-9TxFgw3L7sCGGxJS6PN4SS67CdnNZKNseFT+qAIDIbBw+p6uuAB4PWZEireOFo+s
-PSdbG2Os76qFi12SpIniE64W5aSMzmccMf6RqzuqUROYH8wOzk8w6y+RI2qnkqDx
-0HxJrwIDAQABo2UwYzAfBgNVHSMEGDAWgBQ+s56i5EOF+2dAMYYTm8Zh7YbV4jAd
-BgNVHQ4EFgQUC8LFyye3gbbbFeNrasBg1Fq10JYwDgYDVR0PAQH/BAQDAgTwMBEG
-A1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQUFAAOBgQAmASNJNMm+5XfUYE/I
-IhtOmsbGvCrIWyMyhcv7gosAMSsXYU+8CzWpkjP0zS42rEphyqP8zUAWjR/BqUJV
-9uwenHlpNeVflKgq0UVqYeoqc+afpvgLe+2o2Fe81Uz2tQ+LjwRQCm0/dhEVeZ4B
-JutCF8LtmT3hv2RlWp5v1mmG4w==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=anyPolicy CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3E:B3:9E:A2:E4:43:85:FB:67:40:31:86:13:9B:C6:61:ED:86:D5:E2
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2a:c3:2d:e7:f3:91:d6:67:7b:66:88:f9:22:e8:64:c9:80:a2:
-        88:bb:d7:a0:84:a3:75:ab:d5:af:72:d0:fa:1f:ed:4e:42:29:
-        62:23:32:25:59:4d:a3:45:c1:bc:ae:37:c8:b2:d0:79:00:96:
-        84:0d:7d:a2:f0:58:d7:c4:99:64:cc:4e:8b:5f:88:f6:6f:cf:
-        ee:39:54:34:8c:7b:0f:e7:43:0b:26:d8:6e:c4:f8:6a:ed:80:
-        9a:47:d3:38:bb:82:9b:fe:bf:6b:01:6e:c9:e7:8f:3e:cc:b1:
-        4a:a3:df:86:3a:2d:ca:62:6c:dd:27:a8:51:c2:b4:3f:c5:ba:
-        90:6c
------BEGIN X509 CRL-----
-MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBDQRcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUPrOeouRD
-hftnQDGGE5vGYe2G1eIwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAKsMt
-5/OR1md7Zoj5IuhkyYCiiLvXoISjdavVr3LQ+h/tTkIpYiMyJVlNo0XBvK43yLLQ
-eQCWhA19ovBY18SZZMxOi1+I9m/P7jlUNIx7D+dDCybYbsT4au2AmkfTOLuCm/6/
-awFuyeePPsyxSqPfhjotymJs3SeoUcK0P8W6kGw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2.pem
deleted file mode 100644
index ea336fce35..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2.pem
+++ /dev/null
@@ -1,107 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=No Policies CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICWzCCAcSgAwIBAgIBIjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEIxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEXMBUGA1UEAxMOTm8gUG9saWNp
-ZXMgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWH/haSHmzYQAYFLKMA
-cbwROk7OaY3N6TMLQIz4yWrwGzpy+kiIDZ2xVPnyHRHp12VlAI5u78kQKAivhpNw
-ovjgrUmE86zb3/OOa341tubElI6Y9G1Y1tnzPCK+hi1vjrHAHr1Glf8VOgZ9ijpU
-SjXOsw5pFlz22uc7BRI7S/K1AgMBAAGjYzBhMB8GA1UdIwQYMBaAFPts1C2Bnson
-ep4NsDzqmryH/0nqMB0GA1UdDgQWBBRTwRQlfeVbPleR+JYOkJ5dxiWoujAOBgNV
-HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBr
-G1ayCZm1VdyAqi1JuxUTt6bQcd8iNR0vvnl49QzjKgCNRqNV69RCH0U4ZST8D57t
-TVN8DJITlnH+Kbid6OWcgkb+vi5C0SPLPNym18RVzKNQtR88lJCByvNbx/CprRYl
-EfsMrs6FA8loVY0rVrUpEsTjVxyDh+fb8GZ3CAJIng==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=All Certificates No Policies EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=No Policies CA
------BEGIN CERTIFICATE-----
-MIICbzCCAdigAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDk5vIFBvbGljaWVz
-IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQDEzFBbGwgQ2Vy
-dGlmaWNhdGVzIE5vIFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3QyMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbFHIGRAKQBl4eS/EWvFaVcb/7H30je7Yf
-LmXoIYQGeWJZQfXWSsJyXyoaMhf4uLonxy8mi1Ap8vy3Fqc9b55Cm48xatNCao6D
-W6YbSQu9hiSXCMxjXWnrYfi62KywO6I2y5JbT0CZ2PbQO0lFXYKPaTFDKzgf9l4x
-ppvlkUQdsQIDAQABo1IwUDAfBgNVHSMEGDAWgBRTwRQlfeVbPleR+JYOkJ5dxiWo
-ujAdBgNVHQ4EFgQUy5AB5Gdr2u2a+KXtJZFHFSHyopEwDgYDVR0PAQH/BAQDAgTw
-MA0GCSqGSIb3DQEBBQUAA4GBAGk2l02zPeeK5Xca7UysnHmcjV08jAnZw6WqKJlS
-ZK/upXnIu/i4JXjxhC/aBpFDs1foGPEPb7vPwJBq6psJ/qvrL3FxzWnmp08P4iUP
-c7e9vxXYaMIQC3duKeV6SOn5VrpSPYRfchw/i70FJ+QCw9xAvNZ2X45Pzi9k9xUg
-VfLw
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=No Policies CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:53:C1:14:25:7D:E5:5B:3E:57:91:F8:96:0E:90:9E:5D:C6:25:A8:BA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        32:a4:9a:ca:5f:51:9e:91:db:fb:8a:0a:85:9b:64:c7:08:ef:
-        d5:17:43:34:7b:ad:53:90:4d:d1:43:10:f9:47:88:de:f3:78:
-        67:2a:3a:4b:0e:5c:1a:a5:ee:19:b9:ef:f9:eb:3f:f1:39:2c:
-        31:ab:e5:14:a7:90:8a:87:71:c6:78:a1:75:df:84:aa:3a:68:
-        37:8a:ba:65:79:1f:31:93:8c:4e:6a:f1:1c:3b:fb:68:79:34:
-        55:5b:42:55:8d:f3:2d:9f:f6:47:8d:64:6a:02:84:0b:97:aa:
-        2c:c6:96:18:ed:b3:b1:a1:62:b4:73:40:83:00:1f:1e:96:ec:
-        d2:ff
------BEGIN X509 CRL-----
-MIIBOzCBpQIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDk5vIFBvbGljaWVzIENBFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBRTwRQl
-feVbPleR+JYOkJ5dxiWoujAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQAy
-pJrKX1Gekdv7igqFm2THCO/VF0M0e61TkE3RQxD5R4je83hnKjpLDlwape4Zue/5
-6z/xOSwxq+UUp5CKh3HGeKF134SqOmg3irpleR8xk4xOavEcO/toeTRVW0JVjfMt
-n/ZHjWRqAoQLl6osxpYY7bOxoWK0c0CDAB8eluzS/w==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2EE.pem
new file mode 100644
index 0000000000..0c32ce2edb
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesNoPoliciesTest2EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 2A D0 22 62 8A 0E 0C C6 9F EB 81 2D 56 D1 0F 7A 3D B2 F9 79 
+    friendlyName: All Certificates No Policies Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=All Certificates No Policies EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=No Policies CA
+-----BEGIN CERTIFICATE-----
+MIIDfjCCAmagAwIBAgIBATANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEXMBUGA1UEAxMOTm8gUG9s
+aWNpZXMgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBqMQswCQYD
+VQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE6MDgGA1UE
+AxMxQWxsIENlcnRpZmljYXRlcyBObyBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6WDyHxhLZpA4ge
+LxU8BbeIOR03CkUXr/Vvnl1X/ncT1gvBBBnQ7Po7o90+gGpGzBPMjif4gMSkUJ8q
+Q+R0STU5SIHBBPl3mxEKU6htvRX47h0hvUzRWKnN2lvQyzD4GkwQhJC7Tv2TDLCr
+tVm5E324xPUAmBYLnbILJ4yQjLXWIa+usF0r1rm0L77cjkVz7HQp9hT/VAOEof8u
+/TWuHTr6CoPEJQLsybS6/tP9WbyD3aPS0F/X//QGM2jwbVVcwlkuodxKrFz5DaMb
+D4EaG5cr5NdDyjbnd71OUXG6j/LuQYuRb2fmXo3YQE3KK6/iStbqEudSUqma7DdD
+7PhI3McCAwEAAaNSMFAwHwYDVR0jBBgwFoAUQiQD7aVLdpyXmFx06gU6G/w15Jww
+HQYDVR0OBBYEFNpNr/S+ZFlUsYAeWIckHljqxZp+MA4GA1UdDwEB/wQEAwIE8DAN
+BgkqhkiG9w0BAQsFAAOCAQEA0xqFOkeCtxlsvCwBTB4pfZNN6qpoRnJFjYD7vmaU
+6XJQAO2EUUCVefK8eYoxPYwgbg2uTYk4HtTTF4cbvsr04hNjh0rBm7F0X7BlyvcF
+TLBW7FEk5aAKjtNGca9kJw7aPo/5vaDkPjnrwTwkUBzEfRveXJE8JqS7KIL/0+SS
+QCNhqf/Fn9KOpcwhQRKZXLcLlvVGtAqkexNM8ZNWuSLidt1Aeihudf0h/dC7g/fx
+NTGfhBSvoKVyGS3AdadQvv9Ce3l2IY3P1NAczdaY/RY+gE2ccmEiRSc3IXETiUXj
+gyzsUXK129XEY9fOQ88ns7RLifh3JBp4NhIvCx0oDWcezQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2A D0 22 62 8A 0E 0C C6 9F EB 81 2D 56 D1 0F 7A 3D B2 F9 79 
+    friendlyName: All Certificates No Policies Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F93E81F0FC4D6CD1
+
+8/7NnGtFRy+0fJgWW6hMw8LZ4Hm65YTBb/+ft8ET419gDdlc4exP6dWbvUNTx+3n
+xM59XpMjLFRFKhM72sBWc5ORymftUErbvWz6Mk2Uij6V2kVGUZ9GyCwQIkcixem6
+BH9vjXvu/v8R78fYfXbwhRFLmDxVs7d+J08a4vRR5bZkNkVHycGPBPojQYQ2AUrt
+IBgn5l/HY6tMMNDOBe3VGXCHesGcnsxnjmTcYhG4VTAFchZj6NqSwCmEuV8RDwCd
+odkN9BqFvbYp8uuBT87THx8+QYYySFmMfSlpJcTibQVkvCEyBSF0lccAeqW5WPCW
+6l4ACED5lBBoVzxYERtfiEE1i1C/c0tMYahGDyRtjX5khh3IT2WDLbt0ktaBBViB
+3BbBv7pkJEyMp1SjjFXwXiBwOqEWqEjGgnQB9LYafpjxSn7ZwGZ8/ihnqBUUr27Z
+o3TmQV4JV+Ar4/sSz3vjg3/vKgjCymjLKw0hAB4fodJN0CAdTeK6gPhFp4gjcu5B
+a4sc4loF6xKf5YCOIGb9xWZLi+w4M5Yp6wWHI6KvNTC8Pp9/dt+7F/hiZ7q1YeG5
+YN2LDHmHgCjMAGMlScJ0+D/fgCFrCA30BkOmzXPRaudCSg75zSuBh/oYPkLBDOof
+ko4zs4TFplXqL1Omi25H2h6eF/0PBo8DQL6KYzBrCvzw5hLcrAY3cHRCLMfBUY7y
+bE56+LTb53z/dGK/2KfjgdTGcimGe5AQ6DQTFnelqDNzODXjnc7x+Bt5ngK16N/H
+cEWE5IUvmYf66aUGiImP4cyvDq4gChNj8AUxh2HpXYN9kYGz0qjPJyS8jsvN0cMe
+SWN38A8jXCc63Di6Bqj8JLTJ0kSFnTyiu1tFm2EDCgLT5JLMe8dkfKCX1eN9vvZQ
+JG9iMt0SMm/kNnxKWP/aV79W112FYZKjkceus6MUDkxqGXbcmF6TRSEFl7E2Nh9t
+ebEHGznMVUef0v2o/ksggndfQZGYrvPJZ6/rBiWA85FHCerbtATm2JuIP0uuGpLw
+Hp9xZJTo7Q8sMvP7KCKAq+3c/c1gRgggWsmGvLhTNg1Y2InGGVGcF4TA5PfNxHrM
+XRFwqMwt7hEZpzJFzuc+Q2QwbUcjIgTmzYgPc0u22L7cgB7zykihmuqHNtA8jZFn
+dEVffyO6kPM579Ebrb75d3QUtY8mJXzc4ZFczV9sXlzxC0MctvB2INUfgYwTBHqh
+kNv1vh0HvXEkKUCMmmvEMY+dmscDZN4HzLfqRsOBTbNQPIwOxj4RnSco1tiz/JxM
+EmIrjUvX6/5FrHdr3IeRdECO2+/oGO9MYj+siqKwnPsqbIcX1Agz2h6KGJYxXPPz
+IoTM8g7AKjL3z2zkuckW47EvH2tJgBi3GXxVMUzOxhZKrvTVyA4UgNq5B5dZqnJL
+JOK7xlbGCf1D4hXNG8Hzv7Gf/uesog2pUt8wEApRAUDxXTWrhUQyXfRkkc9FDWBy
+36QCTtRt4EE2kn+TLSbtAoVzHXb5lxBdHEoQ+57yXA9tLxDUgNE79c1LSi1AqRdD
+27CN5LFKEEPf1RzHhrlc6u9KVYke1Z+PhXHE4x2/RlLLmzTLmDNcdg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10.pem
deleted file mode 100644
index 62412e9602..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBJTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPUG9saWNpZXMg
-UDEyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5unCMuN8PuVFWbqxO
-/wnIQsciPiEo1GoKWjM6+kb9l3h6wWyWYwmst2c158qcJLY9PxaUMhqQd/SY0Tt9
-WlHXVcE8rMoWSGmFxfK33UpeCtqwz9ugPSWwZkqx2lI/0ozQXgjYb0J9/EoKw1O0
-CxxrdQdPQkyLD4Uxe87/MlpzsQIDAQABo4GZMIGWMB8GA1UdIwQYMBaAFPts1C2B
-nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQA42XpgdSGuccd5/MzOQZeTBGl+TAO
-BgNVHQ8BAf8EBAMCAQYwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFl
-AwIBMAIwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEB
-BQUAA4GBABX9GMyAC90FH8BvpnNh6SDn2MIT7iINc4/9u64d1dxEhqogqcR58khK
-btHyx8YrgbCcqUNS4Xs7ckW5k2VNAd9dG0Chc0uk6rwkv+sD1/zJi8LIGd/3cFjk
-biIVYqPxb7WpKqo97V+43tMFsTqJNBSh+6W14vlP55+Ep5IlxcOm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=All Certificates Same Policies EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=Policies P12 CA
------BEGIN CERTIFICATE-----
-MIICmjCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAx
-MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGgxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE9MDsGA1UEAxM0QWxsIENl
-cnRpZmljYXRlcyBTYW1lIFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3QxMDCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmrdM0DTddXChaxuvVK1/9AmbK3pj
-B7nrBT7FrZ4f+6sp0e/vN7kCNEiAaRq1BDUFjyiesHIoL7gVKw96xoYTQ1qdCGZO
-04GFQtVjtBx8SZCDsvjWgaXxs2BPj3ooNV199aMCiKTeNPm1TwL2zpmGRBaV5As8
-X8eCNYjiya9c6jMCAwEAAaN5MHcwHwYDVR0jBBgwFoAUAONl6YHUhrnHHefzMzkG
-XkwRpfkwHQYDVR0OBBYEFMb2N25TEoHRRp8AmP8/XLXv9HDaMA4GA1UdDwEB/wQE
-AwIE8DAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjANBgkq
-hkiG9w0BAQUFAAOBgQBM+wZzcjByDVKWb9MADcwg0VTmgmhOhSmt3fqhHagC9q3G
-ZY6+OWkM6gCdmw1JBr9JRTHPl1uo/W5dI4OVIupjsct4ObPWx1yn29VM30lyaYDR
-iBhgjOp5tonCixdFbt7pMnviPwsIDKdQLQz0k8m7d/au9BVHVSlyDoqm0I0uSg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:00:E3:65:E9:81:D4:86:B9:C7:1D:E7:F3:33:39:06:5E:4C:11:A5:F9
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a2:21:e6:6b:0b:99:66:79:2d:86:a7:9b:cd:37:9b:4d:73:1f:
-        df:91:63:c4:de:55:15:53:b0:32:ac:c8:3c:bd:96:aa:ae:c9:
-        4f:b2:7c:9d:40:d7:f4:5d:99:8e:fa:2b:44:2d:75:ef:01:38:
-        86:c8:59:ae:e4:62:e4:83:b4:73:03:34:d1:7f:52:bc:3d:bb:
-        77:7e:7c:c9:41:09:4c:08:4f:a9:7f:d9:d9:0f:bc:46:9d:05:
-        70:2f:66:0b:d4:0d:80:ec:11:83:4e:1b:90:95:ad:86:02:77:
-        e8:19:aa:a6:48:29:a3:9f:36:c3:ec:9a:f5:a4:9a:0b:f5:11:
-        1d:72
------BEGIN X509 CRL-----
-MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAxMiBDQRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUAONl
-6YHUhrnHHefzMzkGXkwRpfkwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-oiHmawuZZnkthqebzTebTXMf35FjxN5VFVOwMqzIPL2Wqq7JT7J8nUDX9F2Zjvor
-RC117wE4hshZruRi5IO0cwM00X9SvD27d358yUEJTAhPqX/Z2Q+8Rp0FcC9mC9QN
-gOwRg04bkJWthgJ36Bmqpkgpo582w+ya9aSaC/URHXI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10EE.pem
new file mode 100644
index 0000000000..3db8e63cbc
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest10EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: ED 37 7A 96 E4 F4 B9 50 1C 32 6F C3 52 F4 15 29 25 8A CA 1D 
+    friendlyName: All Certificates Same Policies Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=All Certificates Same Policies EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P12 CA
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPUG9saWNp
+ZXMgUDEyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowbTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExPTA7BgNV
+BAMTNEFsbCBDZXJ0aWZpY2F0ZXMgU2FtZSBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0MTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQIvsOjHjY
+csCDpWm9SJNK2Lwz8/4bpvlcdaG59lROqyk6OL+0/Rd214G74S26m6BrgZuzoLbH
+MlAaCjdFDbUSjh086jFDMgXHwdud78f442+V3ms02gqmijFPvSsOWWyRu0BzTz0P
+bW9IWYtIAG8DDqGflBISatXkxS8wQHCuZdY/x+XjjISn7oSOjPamfdoqT5jEThof
+50jzBxDEdW1vbjU4afAwQBD28t6fZCdCG5kUO1uZ3CED0R44ZV0gajS1Oah9qvrH
+jeCFGGRmoi1biVzNqe9N9tyqw4PWZ+TnzANsaf+InI09mZGyPoiQXB6mbfJFnuCD
+ZQ7AcQiP1VPbAgMBAAGjeTB3MB8GA1UdIwQYMBaAFNhfNeKawTcqJs6DzHMOcBUq
+OuIxMB0GA1UdDgQWBBQKlt4EYF5FmsVHFjO1gRk49P4KtzAOBgNVHQ8BAf8EBAMC
+BPAwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwDQYJKoZI
+hvcNAQELBQADggEBACu8kiAp80ujcBGHavjXgp+HpVSQTqRzTLKbf0EFFib6KedE
+sT67cvLjuTZMcPmwYHnUjBk/KGdyn9IwetblMTj3hueKNx1yKXfYYNVmE13KPPpN
+NcPe4Eal9g4I2noPVt8Eg3SgNIghPFz3XJQNGjN5hMdhmcQfeaEJe1Mlwv2cdgs3
+D02kpjI/KGca9whyDpE0jpu77gkO4ZmRXZxaGe8i35xaRrrs124Zhz0qtJn7iIaV
+s7ouezKkvE1UinCY2pdTZHMTs8LSklBE/IL0Ojwqpt81FptUFMihOaMtMrg01E/D
+rahtaL5Nbj8nVUGlVwiEkUy1CII3ALs50xqw8gM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: ED 37 7A 96 E4 F4 B9 50 1C 32 6F C3 52 F4 15 29 25 8A CA 1D 
+    friendlyName: All Certificates Same Policies Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0EB98A807DC3D399
+
+fhnzBwxtkklORe+Yh4iudRuENOFlYa9T0GStebQUNLB4fpdxlVUWKCd6hGDhVdAh
+xrTDyXWAE/CUquhCUphGt3vhZgThk03pYX4MiAGyC/Dyw4VGSkqujc+P/3oMpWyI
+Z7Q5yKYxmXIPo0ueQMXL9gMJjOJfmHweVMEaGZGozIh0fNO3QLC8X65yttS9xxT+
+dMG+3o5B+wRcwFMxe5i44FbGiDHdarsaHTYrmxiuWgsQaxD5iSM4TSXfFReAerkG
+3/M6GdeHGbyd/ePTzbLY6APLoj3zREmrRlxPdV+pqMXp1TJORyoea3Dwwn8tzlEC
+juh/7dvzeUCX3yFZmO70nyC3YY3pVHE44yj8tx5JswNvQUWnXPK/imvJbRgs7RfH
+syU6uFD2nOrHa9DoKNDUENZuSt8Ck+6xpLwUfgrzE0IcP0S+o7xC7lfs8KfjbkgO
+CtMxS8AacRkfv5GQCDcS7aT37aQz1Z3chZkjbacW/FljDupK6FZBmQo/KIvrRZWQ
+KhaTG7EfLEwDGzHQB85dAyTcacNRzpZg0tccdfBFNzj/52vLVWm+ng2pvR/TudaL
+M5xA9I6Ykp5VNFR5jwNwNvOhxQ7T2I4dfTXbhFW9VgMJYTqoTxtdt5skL8mSiRHd
+24pnV+B3Io17jPhuNXPpJgtbCFd+H8Nx24yo9Lo3L/lAQvgvwuAD8rrAnSBVY7mG
+vXuabzh93vgEt6tL4UJEVBMTIEuclcDTsSPPWVAcdcHqFFbXseQwJDGRSHRRMIP7
+UAb71S6jx0CBeO5igiIwpPBpfmDujskCo6CihN9fxH2TqaCvR2dYaE/V9qj0tBWb
+nze8mdsTfo0l2zKp5F2EWfnE047vDRS2M6fCS1hCIkvN1DLsDcSd19dafG4SKEgM
+lHeY6wf0cnus/fhK6Z7yaG6mffHALPHhZBk4yGV8pwB3413DCG/0cEHNO4DSSQBB
+113ZUUcnzeSvjYYeUV2LHRPi1+bc+Go35j12PZ1xk3wQq23yPfcJdGdNzpNvMM5g
+F2KMJhdJXfZoDgqDpiS0F/UNnivYl0/IDmcdalMhc9NATBtDSQvSVvCcDlKeo7QK
+cc08JwoBN1aF7XDCqb1fxr4GZDk6V5qgRFOAEXm83QjE9ADNJ3tS/1u6PwEAebWs
+KJjE4EvYG3bcADvoyoU6I1BbewUtHCxEvorYuj0t0wZxodnOew9Lx7JeDNFQTmxW
+PB10T16LEu4Myw+/W3zZ/oGOJsGfVZ/f0eSnkrfHMMGiBg+BYpliyZvBtrXTkGLA
+7yAFUwu0yiIfpt3y7aJjjYyujyKDqKuMz3nSIoAANEVHyGdlMIknlxqsf1FVpM7L
+muN46G5nn5howKX52NPe7zyEb61NwkalDHriVl6a8pImGv991ZMfVjavc5ODubXf
+sJl+hTCejauRGf878kyomrb/ullIz8t2WgaAePfKvw4cGsmZ2N3kqfjKYWg7K/gJ
+jC4HrmnRc/Wak01ZVgRL4hk3R2AQu1lklzdSBSZKO3rbzIOe65qsSK/Bh2ViA7y2
+hUlzqaotDhjZ21oOa6+wfzYx0oe/I+jzmOvV7Qb8XyVJWS4BDFTC1ZLLS/SyIYoM
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13.pem
deleted file mode 100644
index 888f8c117a..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P123 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICojCCAgugAwIBAgIBJDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEQxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UEAxMQUG9saWNpZXMg
-UDEyMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuGtVArq1otVEuN/s
-xR5XSOEfVzIms1FiprO4UReYXUDbKzmCYC6YypbEnOP2JpLQOPwAfVqLL8FV7xiS
-o+HmK25R0aK9nQGFUPX0U9o4b5NRcWFAoYBAF2GOFBNqGF6d9wBFPlijGMT8nWr5
-ahnujYSC1Emy88N4hkp1fj4o7yMCAwEAAaOBpzCBpDAfBgNVHSMEGDAWgBT7bNQt
-gZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcww
-DgYDVR0PAQH/BAQDAgEGMDMGA1UdIAQsMCowDAYKYIZIAWUDAgEwATAMBgpghkgB
-ZQMCATACMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTAD
-gAEAMA0GCSqGSIb3DQEBBQUAA4GBAHcVVBwhebD5vRKleXMh71kleQIL8QOQFpHM
-jVYS/KJiBsVUTebOeONSU0cuPmzomEkpLyYPz8cDroidExtxGEpkKgYBGi1c5ext
-cDUGFsTWENTFFWjZ7xA56XUtGd8alXJfY0v6QSHqoYFosJvoqU2bjX6jqQVK5HbY
-kko1SxlW
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=All Certificates Same Policies EE Certificate Test13
-issuer=/C=US/O=Test Certificates/CN=Policies P123 CA
------BEGIN CERTIFICATE-----
-MIICqzCCAhSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAx
-MjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBoMQswCQYDVQQG
-EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPTA7BgNVBAMTNEFsbCBD
-ZXJ0aWZpY2F0ZXMgU2FtZSBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTMw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ6RCve4HAIbl7RQiw7tPY3IJ0oT
-KvS2jsUu4eNuzThRoKW0cWW3N+Jk1rkqgaaebVodXrb9cuDFONWRL0X2DZazb5h/
-4FX3obShqywkydsz7vBoixmRXa/oKtIa78h5zQTSDPR0sJeWIikOUJZMIJv4CNw1
-Pwvu3Y3i9CwT6m2fAgMBAAGjgYgwgYUwHwYDVR0jBBgwFoAU0L/Nm9/xkf2Ch1oQ
-z5Cvi7zyxcwwHQYDVR0OBBYEFGqUba1DKQxc60sgeqLAqyOR/22bMA4GA1UdDwEB
-/wQEAwIE8DAzBgNVHSAELDAqMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjAM
-BgpghkgBZQMCATADMA0GCSqGSIb3DQEBBQUAA4GBAAd1diIEB4YaH7gH6DO1vptE
-G2YpbuvISfPDhWjrLI/sLSJTH3l+kC/GE4FDEHJ0Rc76la5gyUbRwX1zTZKHGyxx
-NhuE3i0XkrAlR6xRUJRcb1SgD7JqMzup7ZuFP9h3+txi71G33fMStCxKGa6ijUKd
-LTzImFXGxbWm6SZujuyJ
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D0:BF:CD:9B:DF:F1:91:FD:82:87:5A:10:CF:90:AF:8B:BC:F2:C5:CC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        81:c2:63:b3:65:bd:c4:2d:98:7c:e0:85:dd:5f:07:d7:b4:1b:
-        7a:64:a7:7f:60:3d:62:3a:70:af:d5:97:23:23:9a:48:e3:b7:
-        8b:c0:3d:43:c1:66:e8:24:db:ed:a9:ab:0a:70:51:d8:7d:65:
-        92:ea:e9:6f:cb:96:8e:3b:cf:94:e9:9c:d2:27:54:29:8c:81:
-        84:1d:a6:22:65:85:46:70:07:da:1d:e9:79:9f:e7:3c:4e:96:
-        1b:11:d9:08:ec:f7:95:15:c9:db:8d:a7:17:16:3e:76:bb:41:
-        98:15:94:b3:1a:19:6f:1e:dc:10:24:c8:ae:bc:38:93:c5:04:
-        ef:9d
------BEGIN X509 CRL-----
-MIIBPTCBpwIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAxMjMgQ0EX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNC/
-zZvf8ZH9godaEM+Qr4u88sXMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AIHCY7NlvcQtmHzghd1fB9e0G3pkp39gPWI6cK/VlyMjmkjjt4vAPUPBZugk2+2p
-qwpwUdh9ZZLq6W/Llo47z5TpnNInVCmMgYQdpiJlhUZwB9od6Xmf5zxOlhsR2Qjs
-95UVyduNpxcWPna7QZgVlLMaGW8e3BAkyK68OJPFBO+d
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13EE.pem
new file mode 100644
index 0000000000..286627830f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePoliciesTest13EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 98 55 92 32 22 6E A5 AD A2 4F EE 02 A2 E5 67 24 74 DF 79 20 
+    friendlyName: All Certificates Same Policies Test13 EE
+subject=/C=US/O=Test Certificates 2011/CN=All Certificates Same Policies EE Certificate Test13
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 CA
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEZMBcGA1UEAxMQUG9saWNp
+ZXMgUDEyMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMG0xCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMT0wOwYD
+VQQDEzRBbGwgQ2VydGlmaWNhdGVzIFNhbWUgUG9saWNpZXMgRUUgQ2VydGlmaWNh
+dGUgVGVzdDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuonnfN9t
+4ddPZ+ia26RVmETsLKghhyuChxjPOzey0QTTUvM7qpHFYdIxV33GrQo6A7gFqhHd
+fWyAk0/BneTtf7NMzEVpBhgN/ALibFRF+gtg+9+PRECBOBTE4/Fn3NTVei0br+vY
+IHq3/S1YmJfbaT75IMLxJLevjBaIEg1ZAC8e42BydhD6yOvclRCtQaTmlVMPAF2w
+16xXisHhOlIdkmoTvVUNsggM7sfp3Mh7rdUsUgZTdx7lN7COEYIo+i3IU8YqOfeo
+nonwyxPR9p+vHCCau0445QquJxq6BBiIIFBqyEKPbw2y0a5tXWu9HAqkWSZD+1oJ
+y15//w8dWuiHwwIDAQABo4GIMIGFMB8GA1UdIwQYMBaAFIwoCtoNCRRi7j09lrhx
+kxKJ6uhjMB0GA1UdDgQWBBQV5I2I9FFatmEJLjYrRhl3ENmoajAOBgNVHQ8BAf8E
+BAMCBPAwMwYDVR0gBCwwKjAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwDAYK
+YIZIAWUDAgEwAzANBgkqhkiG9w0BAQsFAAOCAQEAebUg/2b+Scy+m8LoFzpVGpLL
+81MsDH+Ft+90ub0m3BPmLhy6M+pL6I3w4roiOqdnbokcNWiUKLV+0aGR0T+fLw7H
+mhltaORuZHTZAPZq3X1GwRS80r7kPBJDCmT5sf0DrxMg9e0tpJSKu3UQrONk8DyH
+z64u6w4tlg702fdr2VZv4VLlUtLkx2cMPwMK+ZKJ+FBK07z/69EroGdakfaJqMA8
+SW+VOyqg+koUo35DUv1n/t8/DaE7rNux298Ii1JZj8umtVmIet4sHBuIf5Y4nmYD
+KJxml+xOmIJ2jXfAb0A0VmpGg4SYCcUTH4gWKA7oPAYnic4llcUeM71RGKzuoA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 98 55 92 32 22 6E A5 AD A2 4F EE 02 A2 E5 67 24 74 DF 79 20 
+    friendlyName: All Certificates Same Policies Test13 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6598F90C651D7B14
+
+gLVeHzEcRzOUseMCKz1TMOnYdSgh9Vc/Miav9QDr3v24THseAgHafvP/HSB4YUSL
+O83vdnoePDKsNavnbhgKIeW+c6N+ByqWGbuerECn6m41aJJ5VSoch6RwMva8W1T1
+DiW1WR1mqU0heCgd6iMP3ja+oL49GQdBcT3RHBT5Vj+eHJaruOTCGMlG1q2Z5vVy
+Ofj7ZXIx42RP5AkLRTXXTORpLqnG8E0wA5u+S3EYDpEecrjNlq/lejCgwEWh2++U
+ODFw4FqZ24v03RLqpzeWQvT8oCrLv/HuZUqeGHK/PBCMNzRkNHsF7E78m2SdhbCo
+ysIGCwfZzHk+yKf6+xktAfDFf1XpFZ4gEfjddfH/IsKLMcrAwLQnqKUpN1eUvG6l
+JUteVwwpxHIP46ZdOvMHExYp82uGFE92yyGrJS/3z5JGISpLqh1PqA5lhqd5a5eW
+7p6qdcvwzSuBPLVKbwgKE3QROHNjvmCmVDeY/U+U7bYhZ535Zq5vdm1ZLpclhcP9
+qE1XOGl+Nf1nnyGEk2ITECnZFSdsUo+HdSA27qCqQ6IHgI1P6I5vGCLWuuE2OQ6N
+EckKeOw+NXKUxqDJDCXhOLa2UMDYHopOO3hx4MjMg5d0CZHv9Dbc11sPnpENx+dX
+XO2qJGuhQV2a1O0B2hFMGkDAUkcSoFXyWf8kJVh5s9Og8GDP3IeskUzbEKmhBsb6
+5nKBq/OX0dZFuObEBiDuG069yGlxSut8L5d3agB8F965efezS/tJmAjfK+JVXxGw
+Kq4rE30aOhxVybbUrJYCLsq6g4GmRtPGxWyCGrteJHSr6iMJwU8IqpKShM3XV+KD
+I/8V5H+3/QoF2BLiz6HaP+uwQZmoXX1/5QCvzqArLYeBGx8ucoPDuAnw6acS9khi
+pKuZwBsVX2UfuqPdWNNR/DC5kf95/ldg31cfgiU/5YyjtvuK82PU06nJ7SYchlZW
+QZ+4b6LY4X+rhxIzDJ6CeTDnYq5RuqaUA5Kteu9Tg+4xmijS1paatZghRJjnYrgc
+Gy96sn6LwmHWcIvlEXPEZJ0YKkF189FpJNWRpnpjz3+bvLDi/MeBx4c6zWOlDmtU
+OZyU4k4C9sphpmX3QslS6pVNV0wkkGJNScgGePjkviAC3RIwf8fHozAub4tLKG9Q
+onhrdCV+ivoHO193GZq2FbKn9XkeGKfJLrA3mQaebjiYln0O79+B9vdzF5ceDDLS
+eLvK2sFmyxt9EWtCRy847uW08xUU3Get2g50v8o4blbRh0G0I0JcMjFGaoFPaMP7
+kWC4DaBEHHSP131NV0rq6boQx4kWTaEZnXBf+F/A838+7jSTXfsWbvwhkLmi7XtI
+trFU11oYTHx1KHhhyA68GdDH+kCbg7NrPdF+ur06kpG4N87iSBeCpiodYmlDv0wA
+7MUYlH3cZ3OYG6MJdWwA2hjSNeqeNvqLJE4+wfFUxkSs8JZEMQLCqaS8+4rvXAgb
+/rzzTnI+MVFQWNen6bvobvMFHpEhn77FMmE6WPdhvp/bR2nFoEH4QAXUbgpIw9K5
+wwhVODTI4Ux0eIpKFKeC+7OXUmFQdESB2qdSHEhyVwuFrJL2YPMOKA9yyNT0LxyG
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePolicyTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePolicyTest1.pem
deleted file mode 100644
index de409f5895..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesSamePolicyTest1.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICajCCAdOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlZhbGlkIEVFIENlcnRp
-ZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtpKu/a6Co
-7KcKOymboEA+MmgoryXHT1dxExmQ1lO7yah2L8j8RG6ox5Tr37TV8Y21ti3MopcF
-H+iXDSX31fixsYCZkcpjMI4kbjXmjGOeFKu1vnbBmcb5JBISiUeg22tIRFoJ4zTh
-i3GLVecGijyOVReA5LiPymEKG7fAB3241wIDAQABo2swaTAfBgNVHSMEGDAWgBS3
-LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUOsyUZQyFqTzB4K9RMyoUSI+e
-kVswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
-hkiG9w0BAQUFAAOBgQCkaGfCqYi0681n9Dit36lg3U/9gTZoNqPMaAaLUQV3Crzx
-x2MGInhTyKchYydbV8HD89N2jzzYq7J2KM/ZEAfjskCdsj1SiMNkbYZe3rZZOldr
-PCGFgzUGTNakQxkpxU5j7plivQic/OZ7+mMTi0fnjGRi9M+aa744VmH6FgCt1w==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesanyPolicyTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesanyPolicyTest11EE.pem
new file mode 100644
index 0000000000..4cc6cfff41
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AllCertificatesanyPolicyTest11EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 59 4F 91 03 49 2A 65 52 E3 14 F7 53 14 56 CF 19 A0 86 25 43 
+    friendlyName: All Certificates anyPolicy Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=All Certificates anyPolicy EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=anyPolicy CA
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMYW55UG9s
+aWN5IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowaTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExOTA3BgNVBAMT
+MEFsbCBDZXJ0aWZpY2F0ZXMgYW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRlc3Qx
+MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKLRwAzuUEtOy/V47M/
+rUpbPiMDRXuhXbrcDN+erHgrUrGHJA5FpjmB6PRYL7fR1mJl+yGRCDrquNaHkEoi
+iUVGpuC59jBUIguJr46ZPrAg4XYzWe/Wh8JTCDubDKEVlbN5F3c+ih8N8aKxQpGW
+ZPm/CWaMljKSBgZeyFzDN4lrAvQYfFeR5yvRQ1rZbQPi3mLjUHG0JwsaCbPYSv3y
+v8XSye1NENSaPaDQ9H/CzLfUKldvkNCnZmeFaI6UKkaqr7RMvqymdIpSjz/Ic7fR
+96ZZgQzCX3EPZ5k4qyaTDgvuLCvlMrYVmHRy3oj8XHkb0VP1zEFmVYyx8gM1UBk0
+HKkCAwEAAaNlMGMwHwYDVR0jBBgwFoAUu8neyByV50LikKKOrgNcqyRgfoUwHQYD
+VR0OBBYEFP0x7qhv8jhIP4wDRMsNB2Ztq9jpMA4GA1UdDwEB/wQEAwIE8DARBgNV
+HSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAGpQqQ5cWZS64sgYSqdC
+NW7g6xU43pbHIqs0NxBefMaYoHRcnBZKZZ51mesxhLHBqOQmJZfEGmUVDJvdOfDD
+N2ShmiO9sZhVqkPZ+PMu3M1hNcnuhyNO7XnlmKKzWXApasvMivL9qM6ZNa0yHELY
+2sgKEo3y/pL4Pxld5usNH+dBib7FrhEvCZzgOKZcfC6ZQskkVDiduhtPlRM8FRtl
+wlrWwLPEPMrYe9rtqGozEOKS7HP8SWI2zzkhIZK5dVXYUpJ+oRAYtLmKuiIAJ+PY
+hWFAwNYtyafe1P164tjeT/JtHAGPQ5ogzcelmzRk8UDG+G/V/MW9wqQTCDzkCR1c
+Fmo=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 59 4F 91 03 49 2A 65 52 E3 14 F7 53 14 56 CF 19 A0 86 25 43 
+    friendlyName: All Certificates anyPolicy Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F7043571D5460386
+
+EEhobVClGaXIyJ/GA9o6jtbCSsogPBfCwuUDW0AsT/M5xV1I8L0q5D/IhNM3QJj+
+acq0D04zTNEJQC+06OdxYA4XiLXLJrepc8+e6crkS25+YkCPaWhxVElquJIrORca
+nl7fH8CbF/sTzNVs3dO8pA+WmIqaYdkZCMOT4U3P7chwyqszBQn8PHvS14Il1YCX
+MINX3YiYr9YCsA2yMy5QwBnQx2G74O/+gdyfpJzbP5Rs8L2x4aYHm+w+MlQTF0Hl
+wo+LMbGC2Eu0AWTOSH88d41nDzZPBnCY8CKUWu00JP7OAWEODTe/MAlqn5AZ5Edx
+M9c1PknSgHFB3atXTgc7oEMaX14xDmCxET26mWOfmixDvBVIGh613Eh9FUba0rlV
+BsUhD49w4E2phyz4vy12BPihlthYGHtg9osWOSPFtAWGk0JjcbwgvwT2SlBUs5/E
+zl5lfB2YIA+OkdyTKIG0sdAZqyXdZX0cuwV7sir8WtfJQusXRqEtFIqbNaTFpoB3
+r32YavVyG7Vjlz12BuznCmlGazQeLlHw1LZISVFBzPaIwzDwJPRXjVyB19sxOLCv
+LdrTQHSRLJosfFoMxbKOqm1Lzhh/ExOQ2ZLBCul4PH3e9Txy+h/eQbuS/P5ee2G1
+6zFXhMQT+M8oyDfJJ+QsfOoevk4bG98uQr+6IRx+1IifUpx63DYHTpnQUVzdnhCg
+qHTgxbyJRRkxNWgXb3feSw0T0ZUkyG4XMOF+iqCuaADwtk1DlAG7Dxq0D8YnbUAF
+JNRRxTFgrIW5Rea9zqAyg2dPLqJ6vAl7QezVRIc8QG1QQr0z24neQ6hKLOhhHzdD
+X7NNfAQHEFmMncJBd4EsY0HdBYK3ZkXIYgJtzVopBEW6XTlmRe0mj+LQ//Vz2nzj
+SP63MY6zmNlCklF30O2raSKjBew2EM602jNHu/S5RYDPzFASWDvzWboY2gDYGDzF
+zhhucl1Ij/kyejH6EF8uSOdAJvxfolXlVn73+zAHt3lk1TaHDygtBdD3lRWVYa7Z
+GUg08X2GBrEGo9v0CkdD6/YiFU2M0/oFhNdm6Wej2MJ9+a3LDuXAi8/HsU7QtxA6
+xg2wCB58x4Lk+dR/sUWQxjVeQfkiZkjJfGYtOMp1b07AjCWI5w+EQmc0THwrteE9
+WAq2RKmqexXkTmCEMzgzeJnk5YxuwgzNqwxzl9O5ja95H8iXQgy94RDIIqIsX4oZ
+nRVlr15PpH3oAHlkX7+uCBYuZb84I5pz+lqiXEOkEDIXRc2oSExxW5tEhkmTmSB8
+KLlCtzxg3ALXulXc4VbqJUrRkJGRFx8GJlhuNE9bnc1stcpg5fpbEqTMD+NQuiDz
+0m5NZSS83hHClPyFebiOlXYrZQR9FThWezPmDOzCuVVFO3szL/IZ7YOG3Lt0NJaM
+Kz4HmJsF8h9SENI6+nWbYAow7F/gwgADx5AsqLBdmmq0pouawsZYPNZSqz+++p+u
+/ZYzPflLW8HOwqbH0H/gq89H3675/YbwHSPNpfTLkUOBSkwpwerkF40/U1w5a3e3
+fMs8UNwxyv2h1hhEO7CCVE2hmODBsyM5tOAAF7abgVXqNL90ztjoOg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14.pem
deleted file mode 100644
index 82576fb4a3..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=anyPolicy EE Certificate Test14
-issuer=/C=US/O=Test Certificates/CN=anyPolicy CA
------BEGIN CERTIFICATE-----
-MIICdDCCAd2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBD
-QTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEoMCYGA1UEAxMfYW55UG9saWN5
-IEVFIENlcnRpZmljYXRlIFRlc3QxNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAosJmcfDGby4vpcrZs7/LeCfqnvDfXgZakoRonLHgudPwLK839x7AtBqsAAsx
-wYNmtj+gGNu9x2hjBOrEFHjxVhCZbr+V2b3NuZ0C2p+OcSZ6nKYxxmgtP9NrTYZs
-MVo8uJ/d9zDXB7/Hflbl2iOtwHe4CpWlWkAcb55leIZdFx0CAwEAAaNrMGkwHwYD
-VR0jBBgwFoAUPrOeouRDhftnQDGGE5vGYe2G1eIwHQYDVR0OBBYEFEAG933vDjVc
-5TJ4xVFIKNj24AmHMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFl
-AwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAHS2x3KJlEZ/YeT5mje964ccV/zmiYkiy
-SP02lLjIQuB7b4R8xS4TYb6lXC18dc0776mMu6BQVqECrBq71A77N5cd5Xuc/+5U
-5ZMyLiowPxjhgjqMOZV6Vno6zYQh+4bdFIqNZ4Wv1l0KyhvD5KU5gBQ6uK/Gbmgx
-gC2356iQiJE=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=anyPolicy CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfDCCAeWgAwIBAgIBJjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMYW55UG9saWN5
-IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGOGYJ7e91FozKo0McZ6T1
-zTYa4IXfHqChuqKgri79fgKVZZsKwOyoHWJfsLn6ClknlWE9NJATHZfQp8GfLy9k
-MbdXEKgZQoyWOV2Q0s37ez+I4yuR33JZpxtpKqYQW2fKdhhOdR+DcLwgWUJ4s1Gg
-KCXhxYnC4nfSho/lgR3h/QIDAQABo4GFMIGCMB8GA1UdIwQYMBaAFPts1C2Bnson
-ep4NsDzqmryH/0nqMB0GA1UdDgQWBBQ+s56i5EOF+2dAMYYTm8Zh7YbV4jAOBgNV
-HQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAAMA8GA1UdEwEB/wQFMAMBAf8w
-DAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQA8JxYIM/manOaFxyoO3y+p
-th/jCQFiR6fDo5mhYEOjZuHDWdejSZvNtbpPfNnKmM6W/qI57hZBgVDil9P/CMSi
-wYPJvKl0ofonnhhPd+uMPhJENho/NhWyc1cgruABceTtBP966dRIhejL3K7SewrT
-aV+IWdHVMKREjOXtHakoKQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=anyPolicy CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3E:B3:9E:A2:E4:43:85:FB:67:40:31:86:13:9B:C6:61:ED:86:D5:E2
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2a:c3:2d:e7:f3:91:d6:67:7b:66:88:f9:22:e8:64:c9:80:a2:
-        88:bb:d7:a0:84:a3:75:ab:d5:af:72:d0:fa:1f:ed:4e:42:29:
-        62:23:32:25:59:4d:a3:45:c1:bc:ae:37:c8:b2:d0:79:00:96:
-        84:0d:7d:a2:f0:58:d7:c4:99:64:cc:4e:8b:5f:88:f6:6f:cf:
-        ee:39:54:34:8c:7b:0f:e7:43:0b:26:d8:6e:c4:f8:6a:ed:80:
-        9a:47:d3:38:bb:82:9b:fe:bf:6b:01:6e:c9:e7:8f:3e:cc:b1:
-        4a:a3:df:86:3a:2d:ca:62:6c:dd:27:a8:51:c2:b4:3f:c5:ba:
-        90:6c
------BEGIN X509 CRL-----
-MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGFueVBvbGljeSBDQRcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUPrOeouRD
-hftnQDGGE5vGYe2G1eIwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAKsMt
-5/OR1md7Zoj5IuhkyYCiiLvXoISjdavVr3LQ+h/tTkIpYiMyJVlNo0XBvK43yLLQ
-eQCWhA19ovBY18SZZMxOi1+I9m/P7jlUNIx7D+dDCybYbsT4au2AmkfTOLuCm/6/
-awFuyeePPsyxSqPfhjotymJs3SeoUcK0P8W6kGw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14EE.pem
new file mode 100644
index 0000000000..2ea5812527
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/AnyPolicyTest14EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 5F 71 8A 9C 9E FA B6 77 CB 18 B2 A0 2F 5D 73 4E 72 B5 2C D8 
+    friendlyName: AnyPolicy Test14 EE
+subject=/C=US/O=Test Certificates 2011/CN=anyPolicy EE Certificate Test14
+issuer=/C=US/O=Test Certificates 2011/CN=anyPolicy CA
+-----BEGIN CERTIFICATE-----
+MIIDgzCCAmugAwIBAgIBAjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMYW55UG9s
+aWN5IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowWDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExKDAmBgNVBAMT
+H2FueVBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDKV4x9YSxioiuPeQ7ngd0MdwlQUnIwpX/DTeU+Zjxw
+UXS4MzHRn8zuzbGP7DfS6lmx9RMpFE0UV+zyo6/iXaeGgSYIoDoP+mX+o2Fy1ctK
+sJjDmq42VSs4OOKsYGm4kVvLhRI3xPdj/OzB38aukiJgBpyBa6d/y9RoTSdRibE1
+yjgI7GeZq1Oe8L6U4JwHTDG4HXZe1cHYROPtr0favOsOsROEvScIOG6nzNtcdCgy
+yHcRODBMqI7huxuQdgdUDk1oc7upF6H/RHLIWnIYPTT7zR1J5+6LEt4OG9jKB2/X
+M8FbTR0OYcg5gpAHMNfWozYLLolyNdo/PUz8os9N9T9BAgMBAAGjazBpMB8GA1Ud
+IwQYMBaAFLvJ3sgcledC4pCijq4DXKskYH6FMB0GA1UdDgQWBBSxz2HJeKGhgtmf
+nkgFMNb1Oc+6ZzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
+ATABMA0GCSqGSIb3DQEBCwUAA4IBAQBPBpWPbfq2YB7SyxdRFRsYl0Y88JvLRKme
+jmCrJlUPetIxVd64HNJrcrguqsXM/iWn+U4Z3lyNS0gGDUkazuKi5yoWonFqdrzg
+z9e7c7HY9NoLfb0c3dNmfll9ZGLB977XFWOIPj7Nwrfaoge6LvjyUT/hT1QqZ1aX
+2DOGOwucC6HoO1S3uDQuWDO5ZvVrLLP9oydpd3nfHtBu1S04qG1fZ0A58YYLhT1k
++IiZX35xhNtNDKbiCQPu6uYeN5zABQuL+e5SjDujOPVHJDeHphAGLgpbFIu5+NkO
+SXbxdzrX+dllyieqlkyWIuEPHWa9SSNRRUv1kQSqd9ON+iL7DilL
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5F 71 8A 9C 9E FA B6 77 CB 18 B2 A0 2F 5D 73 4E 72 B5 2C D8 
+    friendlyName: AnyPolicy Test14 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,057D52701BD0DDD5
+
+JLZVDDBeeuWyNhonJgsHH8oLBq9lCLmBtMlJcSnDCCd1p3q8BwqpnXKEu06luy1d
+pBBSnx1UrYdslgGV7NumlcuOnDY/YwgpqxvFVHWk8cpUTZArqkij36YDj5ItGuhN
+V7OtGMxz/9dvc/8X9QiSaINo7WWkNr2ac4mHjltgCCnIiyFRKeX156inNdrrHhr6
+0UU0I8Q4CYf6rRH03pLhGCdDFV8fI1fSagJ80nGsYNPis06RFXjIS3vwNfT7PNeM
+LGnLjTnRJWjIQ4Oes6gQ63GFrq2Pyhrd9sBuZZDidhLGosbYWWMlVcX4lEsuN/Wo
+BIRIS4C37WGLCQPTizlTHFLlUBZEVkhW9yiTxDeKeg6cZDEuYLKPaiD6+UnmxUlN
+WW+ag+BMisyGSBJHcTMRiV4yisNM2Hfwl9yd0RLK8my8iXXjpx0DEy4Eqmol9vwF
+GqC3TfhqDCKVN311JeDJDj+4JZ7Cf1EtNT6SYgu1feS1cPX9MJOm4xshF3Dpys/3
+Wv0Z7rZi3QczqFt4D+Dr5YV7iYXuX+i27zECMQsjFhT283f4YdZVJ2OegCXNQIKY
+g75IiIUqNRJPlkolyeUHs0q1fP6DyTfOMRzu/WmQtnmwqLml6+pE62ZjxKyJz3bB
+H/9cm7WmsFKzRMPf/53NsofLHzkr3VXxC5hb3zLKoAKfAyih2jpov5EWDr2USEMF
+gII54p2s7x1dh43/sBCfZ9ujM0MMuhvI6nG2mkvOf+XnnSA4zP1Chvo3JlcBmJVf
+dWamIjZi0EeBcSo9oqXj3lo96fFBIzx+pPb4E/mxdnBagWCWyu4s7/GTm23Pf9AI
+UdzlMpZuzEMQslRMJy0ikb6OGL21qs7JkhQ3XnQxawSl0+sBto5Em6jkIB1FhAeR
+UCuN7MZQ9QuxOHJwO5yMqG6IeslWGex96GVaoq3dKQh6SPkFXO0WaTOlvs4836c7
+jpBEZdJq3180WYwMOvm6U09FiIP0oWDsnn2REydlO579DuT8vkpDdJCJmNRwqcAb
+uDTulMEDuodGP28cojooGzRh6SaqXHXLUqUD0iPgzo5+jtvww7IdNCsCaC8DbvT8
+OGdjpZm/QMtjpl8C9sAIMhB8UvrT6uJfeknPshrzpmi90YM6eRZsoRtCNWNyZFJq
+ATbOY0EdCyujOknEVO9sqdKIRyFaA3nyOpalT54Gp5Y0LiQPZsWvuEigC00JLwD9
+AsVjnhr65mA7ySL8+8A4QVmVTokByWxc7byp+AG40FkzYcnUw/3Z1+klikpnXCDQ
+mIaEiPvH27OVHL37jtp3y0umbsrd58YsdUqo8nRa/5jv6MRqt6GmfN0mB//MkBFS
+MZBikweEmGj0YVW33o6wlNpxL8l+AMMw8lucu2ZtpqDrwq/n95GjIuIWwo+qRvWH
+GBiV/T77L8ktuE2PPhgPaDnh0/LspJ017ocHGANHOLbdeDHj6AQcJjP2Ow+R0Rzx
+4EjDxGPmmZ/LPKXqOnVKpJRNp0Na05ZjnyYY9m3HKEpwVUG9soKUYZ9iTukBcWbP
+jwx8Z+YPZWQ7Khze0JL6hORGf4vyu0udFl5IcaX49C3nFKb5Ld6Zdg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadCRLIssuerNameCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadCRLIssuerNameCACert.pem
new file mode 100644
index 0000000000..af919d4076
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadCRLIssuerNameCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 6C 2E 70 1D 7D 2F 76 3F DB 8C 72 E3 FE F8 E8 EC F0 51 EA 09 
+    friendlyName: Bad CRL Issuer Name CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Bad CRL Issuer Name CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDizCCAnOgAwIBAgIBCTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+FkJhZCBDUkwgSXNzdWVyIE5hbWUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDF7G8LGjdh/MYdt6lQvrWQX7aQBOGHFSdheaon8f6pFkeQ6kE4aIKq
+Iw++7OQ6YfzkVfZRRJXC9SxqjdR+hGjUlGcwV4g5hDHRzZwyDa14++AMjmSMM+VB
+j9qcz3OviM4zmJf0Rlt6znCxVO72cARGJ2Qzly+RKlkN+/uKdayvHKhnVp+YVfyr
+C7gt7bfq7pjNXSrfS8F6UAU5u9f2z46volJYEaCzAoWa88PGtNbg8hwwydsZxuZ4
+WtZFuogcZJG+G1+gOA0Fz75xb8WL5dVLj4SCiqwjmncy1x3nosWjalb3kmHF5RXQ
+mLlVX6TRuOlS1MoOuucFEULpC7hNcCDtAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9
+X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQRcvI1XQTVDkogBwdBKP2UcAAc
+cTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACss9Ku6BdiLgwVZq4DX+N6E
+dZWy5a3zfTRVo7Xb9nLTuzxlu+OeoCwgMf/+hCtFxJoAuQWWvhU00AaYQHGyG7ol
+odpaA1Ys/vqEg3XnDpIlHWbTYE5PSRS5Kcfh2bUk+o2BimVwxMYazaltdktclOXD
+ajPu5aE5fgLHoCi/fLghLGcr5WEzBR2l/pYvK40CtsUutuA1PgL1GIGql8yYeZT0
+jQ6ohUM7I/kTzvQcMjML7rFPJkyzjEuji2d5/4Vehh29wg3kap/FuDiPSYwAsxto
+0+uPT9Uu/vgcMq/js5sP65AJ6A3NiciYaq4/Mgfic+zOKz5MDq6+WILzoWnY96I=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6C 2E 70 1D 7D 2F 76 3F DB 8C 72 E3 FE F8 E8 EC F0 51 EA 09 
+    friendlyName: Bad CRL Issuer Name CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7EC803DAA0D9D267
+
+7RECEzxjaCmI3Tg6198FOdR4qkfyYprNug4mGyspIeBsHfpsfkyNOi7Iz+zR/NjB
+ad52bL9B9MIxU7VDN2+dPQtPoBIhir23O59ct7S/2Jxlw6W0aFOUZ+KuuAuuwsVg
+2wGJ+kdpzn2M/Gg8MZ3DBzIB7GUWzUU5EBF2M7TmgrPZ8Ga6UoIvo9ae02hkTXeR
+YASFVlLbfr30RF6h7XPVzwVHDmsikdcdbFAafFJuKMeCz4/JurpSf8ywbgw5BfJD
+Jx60v8JWEGt5JuXYCMd8ZeGGDJfO8NXjV54sp5oiKRM5b1ldeQfzciihmtCwEbrt
+Jxk0Mu3tyl3tvnzHTK7MiRU3txvA22//MkR9XpGZDTEKh+OSG0hcDf5Y6Qzwp7FK
+1elWJ6DDZrXyZeqQMnVFy1K+ZdGFG0K2Q9D9Ff6GfD8gurEDrGOuuY2DRVvGpvKp
+yZcPcjAnMB85oQKmw5k2JLWmMhtf6Ur5Zim/HqbXUTh+pGS+pa7SCT/G2Rj9uPa3
+1sYPhI9AYMmP8lMfUycc2UF0Oh7yIUou57MzcwK1YatEmsnnnkbMB3dOngv8nS/7
+FV+maszUmn7YvP5+HRqsLfN2qA8aV4ovBdBdD7XGbznyvFS/bHbfbiMKPfRhPf4H
+CmSfgFa3n3dA2Htokp3vhxds/6tKFf+zZclN8Yb9TWrXhlahkGVtBe6Y0nt8u0oz
+LBQSJJ458dzU9Q0aeU8tSAmbYZo19FkzveMpQihSHWrCxJUw+vYV0JYkKBobjsnV
+8aq2HIgvHv168rZisoNxJ+AVc8wYheGhHiZDQFXHe9NRyt5p0buCof4eMeEDenUP
+N2VAvRIjm+YWt0EbcPS1xknormptWPH8QvRS95R7nivsPPRbijQidrqmZ9VIbBd4
+JWJ5XqFqdZmVl/Bneid/DqMMkd4ATNnPow16MUWLi61xuLY8ILLJoYGVGZ8Y+fyC
+DGTlbSS5RLCIncImxui/yVmL/ZCdryvAs7yutkNFYkMqfz0fTvhTTklzsktt5MN8
+BlW6JR46qbj0rksJ0ELoCfxY07JaNDZakkC/aY8fvuNX9HP3A4BhNBDHAO0AnbQU
+Pq3bM3PLdopsWeFraQlHj1gex0RbjCzBXJX8eQB2UEyOjqOiWZfSvHBAODKnKFu9
+DUup46HrdBSYMEsJ3voQtyT3tLW2FTP8HiX3zm6/qittG0rOdyB3syW55QtqXt6m
+CmsJ14b7JDbeRhBXZMjKG8HCw3RuCIXifUqnWpTBArKm3bKV5qx5JaPQyvSKpTXZ
+p/yDEREYJCKUrRoAQC5aN1hHiNThmMaXoxBvI9iYliB7ql/1NkZ2TW9OfkkNr67o
+cv1AtD6i9u7BDqKFMH7LTUbd2Y5k1+97AXYW4nQW/5bdZQ+93E/KJoTG52YJ6/Lm
+I6e+GR/UMPS4OcdFEaqPAJZmjlULKB6WltEiiSJlGKbK1q5lWIZj+cpDW2BY7NW/
+kq2r4zHwbDsHTojGQE48B3ng2qv9xvSADJeq+w4DzmDMB012+ejFBSB9orJYs/w9
+Y4551TT74ecSgtHQf1m8+HhVilIQk0t3nen5hWsxLPbfY8aax5Ee9E3NKl91JV3d
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadCRLSignatureCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadCRLSignatureCACert.pem
new file mode 100644
index 0000000000..b9676c0c12
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadCRLSignatureCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: DA B9 9D 19 8C B0 DB E4 62 3D DB 90 AF C6 87 F0 8E A1 DB AF 
+    friendlyName: Bad CRL Signature CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Bad CRL Signature CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNVBAMT
+FEJhZCBDUkwgU2lnbmF0dXJlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAopjCrwdkeFD3gKtDsVn8LE7eimUrRMYO2xbIQvoovb7ovBhk5DSjwQcH
+IPV10+5GZi2mTMN1/EIVbljKPn+flNvMv/TQRlyGL4OlX6Cn8jgs+YQomw+xPWC6
+jW5x3lLxzkGF+5XJEJFMLDBAYOQUNj41BMlJX47wWalyulucuJAnbbesOdJ3DUso
+1sDlkZ+GGHQB/U49naBOqf4EbSP/TAQbGNfOd8vuZl77D97eDYD1/SpgW6BbwdU7
+2aeKVkOqg7l0efHzTlgpnKmrlyDrAj5HFD3aqbOdOBezhTwz57rAufiJbpPJo8PY
+zTJ6YxBtJ5z11P80SN5IPgI6rUpTbwIDAQABo3wwejAfBgNVHSMEGDAWgBTkfV/R
+XJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUMYs1jZ5EYTAU3ucLLhQZSCTb+b0w
+DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
+Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAsBDSBWEBw5h39jknYGFWZO8XM
+4ZH0g/9MXqCIhvGwQqAqs62pcMlEWhhXJkxTlKHEBeNqb+L5iffq7RhfH2CMeWbM
+FW896V2CHxnYXToKQTq+y550qOX0m7Wm9OvFebCW4B2OCKWZde9esxkTZvlNCCkm
+wVFBvb3+nrlW3fLFsAmfixxftD+pYkA91Bud0M9zJElT/vKwzXa5nNrvc2UmIATg
+D4i3+iR75+yXdJ3e4xe8LAjJqqMXJfjgHOmM2IJTIuBOKKwkuEFuQYRAQsrPd4j6
+l7ibnhqlEkAF2gsaHkQhL55l/8d7H//Qjk5TSUuYThqhqeZEHfabdVUJAUEv
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DA B9 9D 19 8C B0 DB E4 62 3D DB 90 AF C6 87 F0 8E A1 DB AF 
+    friendlyName: Bad CRL Signature CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F7EBA9B2412BFCCD
+
+JfZvfm1e18aeiPLCPi8xpXJui/JMWaxa2yNeIaDVWvfIvLxKPKUZrwj4bvCColo4
+H5z2ibaZaHjkykulFaLTDfZd4RwQdKy4kL35IzfQj1ZwczXvq0vrqbmk7t2os1JN
+6X7D4rAl/cjzjnmjeMVqkv+M1I0vew7UQ0AzSPrtoDQn4Tn9ePu1RUFzYPa4z+fZ
+umqxCXQJ7OdYMtc4Sryjehc930DTXa9FMKjnckpq7AJ1vJbMn+FdOEv34tzVmwiv
+7XT+/7Db1e/lfVyPb+eoltGANuzku5Ov1Ow9gzhuN1rFWXAsCKlnpGm86Oeo5Xh5
+mUx0nyYt+OXkb/HwaLVHYVglUcN/BdUu6YFRjnyoebwFltoniCslfRko4Jntn1XN
+PazLe7yDBGCYDE+mNlHhpsNQm1GU52HxDknb4QQ/UiqmIh0+hABQL/xWmPkh87mi
+0QfHJClNeATOoux4vERgRnQBAwjNp2kumDbYZopQzRlR/4APL+Rj+gZQDwSdPar/
+PGLm4hKwoHkR/qql60Y/9UOzkmMAND3Gx2mg02uwr34XkNUtpssc7I5S6W+C8lJ8
+jbZledwVLWP9Nc5heZHo51HejD6ewzuC3QLfkkSfo3TO+NcZt/nBmnvf1avg4t35
+eRQVeWAk2SclJ2snD69sYxQKRN6owRZz3KnDUZaGXyVjzKmLlGg/rkiXvD8h1V0u
+tgEsSF2EPeGIQiExgbausGNxZMxPgOxc2esdjipxZJ9Kd3P4DeBrhF5eOyE68Ikc
+g2E1omF1ZgUv5OlEjfpS4k7d0kQXaSfYAuCBMA3ayvaIDe8cXpKXMJ1hGB/o7mvg
+rEkQAAWExtdJofFSfGI4KtMKgcxcMDbTZoAQNL2s5D5ImnsDjnyonFGL8zxYIhFo
+g9N4I495b7yy7v1e/6m6TLB2BAWRaa2M6aI6f8w3vEuMclloDP6AUJCiLavld0E6
+iOk9uUB45XLM9ZnZRC5uzJZ3JwI6kBrEatHOkLxXevUfnxyCvEqKsJAIlC4NNkvm
+aE6LCfCK+Tq2joGWAxArBK/ZwGLskJWGddmCcaH2Z78mOmLdwqUsk0xAuQIQLtvO
+Roj1rJqhlukXgzu/6VD6u0rCLIPK6+wKNIoFT9IPRpf2FqD7JntSRPUjb4WEE+6d
+AqA7+5T04cc1VDGqjy39zz8AgQkV2ze5/y57d0YkyfEFzbM0HU2xFplnuuq4/8VE
+RZtJvOohrq+7qrG1d0MVWtxCJl+0cwM/pX7x3iphtM1f7KiiJpYvSHXvEKkO6eFr
+e276hHFQ2+qHmTGpXhjAgCUdoWJ/F4XL5GKaKzei7vMnJrJIV9E6GEHJcvbH0C69
+wAuuYznu2eujeryPtb85ze+BHStBuRDhGTWURZV7bMCkS4lrSI/WxyFjJCOJh5yl
+spIykbdqDeKHtXcB42GL0WGtiwhLIul+VKTfqEBK6RS0t/JiN/n5iViGTvwnBrHy
+E+mYHMlrBDiMUQGgktAmf1+Aoo+5ArXOuTsGoCEdHy/u3y01PGS5kIP/nofNriEC
++/8fQh5CTahXzAZs4kgxb4WYCm12CEoc43xIHWSz3YRgD1XprueTa4m5oHsjZ52l
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadSignedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadSignedCACert.pem
new file mode 100644
index 0000000000..7e1c0cbd44
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadSignedCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 78 48 C3 C1 72 F3 54 5B C2 57 A6 5C BD AA 01 AB 25 C7 06 D9 
+    friendlyName: Bad Signed CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Bad Signed CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgjCCAmqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFjAUBgNVBAMT
+DUJhZCBTaWduZWQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf
+77zrq/d3vnq9i8r8Trn+BmzL4FkkTxewQRXNUnk6QnZ3Zi929sKAyv6cHCJK0r3p
+JQj89gjkcHFt4Wsqzo9cRS/39ynAiCBoPqdOdCiy6J1AhKjMAVjrx0U597QUMKXj
+jQvxpsLptqnn6kEX0VQzHqrChCbYogCHGVzyOEM8EA4KK8byAf2ZwUE34FqcSYjb
+XtX2Kl+NsNGEBMTiqNEE82w+HmuRM5XYxG9+3EnCuT5O5b4WWqzsvYHAXEzgu+K0
+ghe4Wail7rFP1Ho046GZCwUzi+U518bek8liQ9qiqS1L6oVa8dnQf7QDImDBIb5F
++2IJmU/NPAJwTNAhK3mBAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWu
+vnW2ZafZXahmMB0GA1UdDgQWBBR73RA7SuDI3USFTog8WovNmSKTrzAOBgNVHQ8B
+Af8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMB
+Af8wDQYJKoZIhvcNAQELBQADggEBAWS/T/8EU0O0tLjvTs5hWudZV+co6/NMpRBk
+gUjCI8VuNjpi/bmhLuNioJ3tCgLWlZ4Lhd9fLyOvktEo5HtJ0HNedz1Nq6+L4S+u
+h8yYAIXSawnnyZLof8p67U4Z0hz7typr+a9FLpbkvOi6KUykbEgNOwES0+2PZLlf
+0O3/I4JLkA7w0JXQi6CyOgVlRxF6fxw4O3Z/C+u560TndrUaISdyugt9a00gTmZc
+9cQpAfZUn6WS0xp4D+xQ1h1l8BU0nXR32uODwxTh4PHh6sjZhY4pWrwbRgBjKkzI
+iqEDzQlzqYwtPjIntlbAkwC4KM1pFaMwZU+WJ79rrPJGMGWFF3Y=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 78 48 C3 C1 72 F3 54 5B C2 57 A6 5C BD AA 01 AB 25 C7 06 D9 
+    friendlyName: Bad Signed CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C048FC6B63AB6285
+
+DawdHO3mXL21Xkgpb/P19gucgX1ie3SOsq91XIvu5o6fhnoWjLjyhXCAFEAW81Ch
+lZqDMwAHIh7VVGpaSh2lhbaX3gncOiPbI7JXoZtBKuv8tRSY24/B6Bllnp2igveS
+7uTrD6RZKgiZ11zbPzUk31ikV8s28GXkhFd9wXDKYqvyBUHnPHBJ283RxirE6KTA
+e6LASDhQckX47Knjb2tQFuH/geRGxvaE9DpR45gppDqvguMsaKNOFl5cB/XotePj
+VDqCOB5+Syj+yVM86U92fB9lYnIzhwT+fPuZoBnXolegb0FxzzBvp2A8X9srQ5Iy
++W1mIXtSLzjXUhoKyVH0LEaw0/gS5qTfNTBpJJ2qCxahiUviydXBaOPxU0k+EC+S
+2tVJDgC8P+uQML/X02kHdzhf1y/0j40GBUCUhiXVcv2koXpjxrNt732RhsH+2z1s
+5FbtgZ8OCNGtyx8CwUBrL6eqEhN/QJWypDlAbaidZb8OAljVv457nQYvztoRBS7S
+e/zwpUQb6afUHij5ZkrRA4DxT88HUIiCxOhlbTbY1a+f+4pk3I1zCqZlutITvIx7
+RbAzmXKCGbsb+W087tew4MmqqNw9f+RTTia0ZzB0+Y1O6ABL5OBj+/lK57nQHzLK
+g4s1MOLqM3BSuAMqVfoHcWuzew8xGKoPm0W7aGU8oRTeSGQRgqsFUd57F9x5ekB8
+HzWlyVjoSMNiaijy0dqAzsQmz2AzpAQzD3Ri8PG+nRysvu0xuRLfgE/23zW619Hh
+1Sj0P/S+GiSZF2K2Tt4jkWGzZytfEoyRpueDxxM45wRHSzLfg+4EsWpKyFRNQMI4
+arYmsiZeQwSZbwgT//rJbpxuUQyDVa0u6xR6EIL7USqH/ZoPBVfeGG3Q3E9swzjb
+/DXh7aTNt4ACBVfIe94p1cLkxB2px1aONmtA66gsmHPkR4YLydySdcdqlBwH1+h0
+FrheWxP48P6okxZit3HJgTENa6CTLfGnC5QHARU6zvpFC1OuZxyWmM9xXmERGOUy
+fff499oyEl86KDjCySX2nAGRzJ1UqPIL5xu2NwEIsGF/IP2kG5BsmBoEoHy6SjLz
+0U3Esx6aUCFS7tI8QiqE16N1yzswtG2GHBVurhHvsU6q08b3nP4RQYSlnBrWsAGp
+D6xBuIFQY8LVuhDbM3iLiEiZThbv7iEw2olJWCxsiyuyFAiVs13xfMwIFVW9QRtU
+zSISktCZ0h2qT0+R5o97cetHR3YKoDgpGT6Vf/asm2HwwcBjAsDnUOJrbfW+Aqar
+Igi8lNhTPKXXowc93l6rXvRY1P62pRnu4IMSdqWFboDOS5aTTzPWJX+lywKH8aY+
+BEnVMVwMHR21Wi6vMbMU3l89TCOLTtdDzwv47vEMPhn6y6Wv7H+jRPKNmLYPFptt
+/utX9RtwsPLLqGqtX1/ZXWFaQbV0iGLLEV02h6kTiW75qyqZMKaQItmThIbKzV5D
+EA62TMKyKfbXmEd/6TU6V2MATTGJjLhTIan6gxAeYSpolrirXrukOEGUPEXLDbaJ
+2UR+KFUiXm8wtzNIorzqVOpPfSdOsqcAzaGnus/d9QBXj6r7CT79Rdfbm1XN+hIf
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadnotAfterDateCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadnotAfterDateCACert.pem
new file mode 100644
index 0000000000..948c1aaeaa
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadnotAfterDateCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 9F 98 F9 64 49 AB 11 7B 7E 52 9C 0F BD C6 5E DC 60 CF B9 66 
+    friendlyName: Bad notAfter Date CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Bad notAfter Date CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTExMDEwMTA4MzAwMFowTTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNVBAMT
+FEJhZCBub3RBZnRlciBEYXRlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAypzKnjMK9B852wzLGnbU3ueOStmx1eypNdu7Hp4p+tGo4yA+MtHxmowk
+V6+nvIJPlouENL+PsGm5hG78ZUcZdyJxIWDjSwdq3xI8nLFWfNftlDBg46lWJUoq
+NLktefuraN7VVdxT3BAS2qTV0t4jjXHwgwln+cnQbxWPD1wjLY87yip9vkhPVMnR
+bLjdPIkvW5C99JjcqCyDn29T0mbWuYtUmsYbYYdIAbwAHU915tJQJ15JqHucNfu8
+Xk67nakILTO6vzc++lmYSkVJEkGE7Gen2BMpOCAjLjmRU9nFBfp2d8SOVl5aggu2
+hJrok70GS9auRuJBwZoQJjp0PiTJkwIDAQABo3wwejAfBgNVHSMEGDAWgBTkfV/R
+XJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQULA799+4886Rm7OcFn4iz4s90Rtgw
+DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
+Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCmiMVZwyJLiTnmwJLfGZ5jfdi4
+nNcnS202Eao1JeJ7+N1npN3KyAj6lHsey8PtRvsliHAtTOgILzAKdY7pfXoqbUKg
+KB0lwXQAquIA0yXuVZRledjaSvqoyadymyDds+5oFuk1X1i4VQAxzF6PmTu669E5
+WGQryGH8oR6+xLAB+kQ3xAkE/X1NsQSrwp87GKGBAG2VXTvBEVCXovRBWEhqQLaK
+OXS/YMCySS+G9WHXQdW4IPj7lB/2ri/N/+zUE59szrmO5Q2uqZsMqHAiSzj3cWhq
+o7jIJZfyQ9biZZVo5NnR4Eltpev0Tl+4Z/OqZt4is6dHKI2A1p7ze4KqZrQm
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9F 98 F9 64 49 AB 11 7B 7E 52 9C 0F BD C6 5E DC 60 CF B9 66 
+    friendlyName: Bad notAfter Date CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B48D9A8A87153757
+
+/XVUIfzT/dqBk4T1wAytV/NIEjXjYgeCG73089udaZQ+0uvOxpWaMlyeX3pi0fQ9
+Cff16gFGpthFZV1FGzghdG8Ycb8Pkaxz8f5b6E6rfgUuoWdY+TJnS1l/hIPrK7jp
+NaL0/atBVOEiFucipTPZ2DTfNCtZ0oRh7R6BSKosy7WVERrQWMy9PCNH4BqlezbS
+dgiGKwQ1CNFrrePRoJLzfesRFZ1ogw9F0v9WzbV+8hHNiJKnJCEFYlHnNKiJKFX1
+YhnSnNFQfJ/RGSLUVpOZziU9yJs6DwpO7rcLY9WW+H8KGhzD8b5pVoE/SFd5MznM
+0HjAkk6hAJ9wRiOFCPaE0ziBg73yfR51I307JY0FmWMfcQQp/t8aBfMnUP9irRwV
+sb2g7ud4zGDzc1dq9qPMvT2pjrLJVLJnAg07cYg6RjFw7DdnradQICVEnmuDbry2
+aggynkfiFKvNiZ+57LQJYzNJZpTjJcTdpfEL4UBK3PuUSpz6W8AHLnPcm8m3zUXd
+dqCgkIPVy2kCAD5pvLA1wtl8Q13VMT0/SJywjJWx/vx+g8jDirxXN8TwOa0hc2BK
++gyXufS/phlv6NqMKYxmMGkoScCkcxaUidHP3h0H/RpaLhPxD5JpgCjvHtMWhCHS
+s1JXAPBLDewrZdvc7R6A/GCnznrJ/BpV8iwDjtC5vKf4mSdqm/1KJMdi/PHYRDBr
+EqsQfBa2Y11DL0OqMBkBUT+2aYc3cDfIZqsIj91Hk6z7E41/j0b5SfaXFqWSL3rH
+mbkUCoH45UR2Yo/dHFIOyyMCckfkQChbjOiVpJ/pX2qaG0u/j7JkF5eqdBpsEK3d
+ke1OOLvbwkHhwmj9u6Fy+HobF3F3he81L72iuYkqTqPPx+qT138ovbrgj/1thYox
+xEj8tDJv4R4w3vG1pebV1Rq/2HN+Z9c2I16xO5lQJrHtnMEIksO1UuQ6pyDF5hX/
+p4ez0TSq9PEXMC4iqaz4du4Zx7/sUYmo2fFVEll9jWpURcsRf4qbQXEsFf19hsuh
+bsv3bV5gWEgxSruXYcCAXDzuYnW29yh3XQuq1w3T0XiSZLp6rYoU2GNxTRjJgyOm
+UBGr4zyHJa3pauo1+C3XftpmmFvu7tCGH39ZlFk0iMuCDVrTeMAiaCeMrgfbIDr/
+K8c13FwapkpFxy3Pm3cnGN6/vtxyxWB6TgEuILQJrO4Msnmoh/AF9mkZ+odeLD/s
+9BuiIH5CaF8pTF410b/xIVeRhc6K2HZRRf9LNBNYeDu+c8ji/RBWWNj0nJpMyzJc
+DMfuf3EmN92pt77t1/Ow2M/MgsFhTdQQjfuLAP8NOABumYXLpjgAivirhwEbhMF1
+SOPy719UpJ871VLAAobjNxVvq/kgLxmdFBbw/Vpk5wjBCtppRYyum4XRE1QBK2EK
+imLZvpFn65RK0yr1cG2e6MukI5bAcZshBn0Yxr5q4C9GN+5UDDytLVAf+hfFwcBu
+CHt5ec385GqphIYFxJ90h9dLRYDbJNglEm7fc2lT80dhTBepbVVn1GkCNsi+bcf3
+aGITjjQBqGHXYBrzRhuaSy95ZqVqjJKmHyvBv+rSznGUeh+e/XaN9Mb2p5BX6tLf
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadnotBeforeDateCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadnotBeforeDateCACert.pem
new file mode 100644
index 0000000000..65a6a205a7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BadnotBeforeDateCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: D0 48 89 61 17 78 37 17 95 F7 CA 06 62 4B 39 71 31 8A C7 5E 
+    friendlyName: Bad notBefore Date CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Bad notBefore Date CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTQ3MDEwMTEyMDEwMFoXDTQ5MDEwMTEyMDEwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FUJhZCBub3RCZWZvcmUgRGF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKdTl1qhx5hGD+CvPHQU/pDSJCVnLWeXmdblHoJ746b/bW3/GkXFSUPl
+1yT36yl6CZJzUJqOYzFkSE3aN2vDcrjviJOAInET39JOxLTkc7J8DxCpz13PmliN
+KpQl5p3fY3Lll8UumG/5mZsdphQSp2gIN6w68nJKS6Nmad46or/5l1qsAteEjIGx
+a26CC6tV5yEqchk1Htsd4hJz7xUi7vijBM987pOidUjCYNltpZYQYvdbGIjl2LnX
+ILVLy2B7Sska+bMVllQM6d932/mzFUxCXCR7eow5ZKo3dPAKOuwTnjTAR3MHfCij
+/mRVgxSBDh017j55dVB16y0Si9flCfkCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFGM+vBqe+6HyWaEvS5X+5t5WuIZA
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAtkgaLAbOwuudAqkh/5xJw8ur
+RsA3e1joOqVXy3iP5Uj8o663gzdoBl+sIyDGntdx0h5GjR4QM/SWPlz5yxFrExe/
+AaoxXHr77fYZfkgGBCLblxo3wb0iNpKz5OKmb4qtwEOpHygOpSSiV5e2wZDjhN1q
+yR3v2lR5L2exD+k4l2Td/0w4uCpom62k+sWY36/h/zKiWFWhnIWqpHYyYOGhYzTM
+EtJNWj6H0EWEoB1YNsNZYT3f2w4jOFa7oxfiqFS9kzXIjenc+MIt9uU6+oLFjdzt
+jVCxa181mRD3+OiQw9SDtTZXEwPQmp0jj7B5bLGSKK477cAIX1uqxE7jyO8t2g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D0 48 89 61 17 78 37 17 95 F7 CA 06 62 4B 39 71 31 8A C7 5E 
+    friendlyName: Bad notBefore Date CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0854315DC810CC2B
+
+oU+cNRSsrQLPHupZquTWR5MxFD5aQCMQ98zPAIBMby8OcQgmJK75sTatLp3R2tTO
+uux6L2ITikqV4OX5oWqF5rkqsukF7OvtXpFjZfOvg+an+3LymMhWfMRT+YflUGvJ
+XFu2tq9CbQ7Ov1Dwv35SFAzX6lDG0/c9ct148i90vMFrLZUpIl5fxI2x6B+lLALL
+tJ3T0oXCh5Ux4x3YEgG/NpCMyfB5QeX6C69/Dv/qbr4GkK35OktT2LkcO+9o2dj9
+lC/B8Jx2lpNDw+wAw/nURngTRMvSoYCInCq3m3PnZaSAzq4/XKS0wjznYqBhSDrD
+uUjf0K3b6MK/DxKFdp/F6sH77CwNapTH5SLrXL8wEKK9AHM3HEab8Ec8i9gFFrku
+irVkDXFkvFNDohE6xAPcHRHKLmQI90L92lepUuBp7Eb3AQu3V3OKfLW1Onpuh3kd
+RAUbhtzGAEGB1Nl+C9GJ8G6gCS3hKPBDyM+QXdulkurz3XuVRxcxboH7eB5HFA2q
+NH1kjmvHCXszOHltUDq4MxcjaGlI7apBtyrgWaPBWjGg7M+yiCHhTC9hl0ZOxgzV
+NaatnTAJk0JwZ5I5b8hy5SyTV38QRQo3DmW6TC/oS2jmAC9dWUXh0SwGoViWRqBF
+6Xx3B9To9tgEtpfTG5m7snLNwxqtW/FX3uZn01Yz2WMwUYxh8DTTOF5q+dWyhTYF
+vBvSxqmetd9zVGJHIdik5zfVwnzbHanrMhW1+zEVUeO+kz+2i/clJmvnmBhWNMHe
+ElLj8tGifpWMGAZbz270k539SZL+O4DcMaukA5oyp0vhl8kVWkvmw9L5+pZH2gUR
+PoV0AZ/9gYEAgzFqvNLcNkkjQWcjYkc+htxVbaKdCVFTm+LC4hEkjT0WUz38IZoF
+vufOUTlaRHZpHOIALn5vlmnt2VZ9LUWKdWLQHU87pDBKkwLNl7i03+PGnzVhdUrf
+daSY38cOxEOaqkaV8ZPu7p7nSRMTwrrC4aaUYLjrKVNVXY+ULj2Jy+K0tgOa1ast
+p3VXCnAEBmbvQ0xAiWnkTz2iljE1GTPs0i8iZYfuCM5Y0ZzBcdD2KDjM/C9MykUR
+iv+1QQ2uvYwOlQw9jMVsXfqAvh6Bwlzacc5bIZNO/C2EQZiXBW/w1AmNcqU2I+bS
+h3rAnBIpR3yYFH/E+m78m70hQt2b9a/OF54ncjBoJPI/wCyEkbuX6BdZzmnwEeon
+NzKqgO3auHBnaGwmV58jnhHm8nSUttj2D/9xHgPmkbIMeF4Rb9ri558XXh4yF1Q7
+P+vxmk7Lev8qxCV7S1Cuj7zjkiIKM32qT0gJO57dSxHYY6LwGWlCHHkdXFMBMNNz
+2FqjzPyPqfA9vA8hd/y8E6mGAibIrJtbn+XAd4tG2qVI+AObYGWUR7N/AR/NDLdV
+e+n8xyudrcdhxQ2VzLN+R75H8ogNyUypp/COlULBnj5GsxCfmiujqIpfM6mOUyoj
+f4c4B70aDbf+GTMmVU/w3XjPCRfft83tQDdDj58iOh5h5kHTHIRypLp5atXJDKIN
+1E8ar3xB+hKJutkBoP+xIRQTE9ma52+nJ0OMuZWnFI3hkpfTFHCbBusGentg38Ty
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedCRLSigningKeyCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedCRLSigningKeyCACert.pem
new file mode 100644
index 0000000000..914736b9ef
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedCRLSigningKeyCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F7 AB 05 2F BA 7C E0 A7 7C A8 B9 C5 C7 44 3B A3 F3 79 36 83 
+    friendlyName: Basic Self-Issued CRL Signing Key CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued CRL Signing Key CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBFTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLTArBgNVBAMT
+JEJhc2ljIFNlbGYtSXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJvLh5HoW8mGRzWeJaiULtvBNwejGSVKBBvs
+kgOl3tZPkDrTH+O8gQ1os1sTlAGpEbCeXJ4wBFM7++R2BT5uxrAM/DThMcSakEuz
+IK7p896N+CzCy+ylZt8q/3mlND5z4uWH9f9sUSv/iA9Gppye3aqQWQfFcgeCF4PX
+6loBMiEpfccBQL1bWSRYklkZFVzMwqVZurxqOqlLVkX3YiWuKdP4d1H92NzMCSY6
+bd4qYOeNx3pEHeW//Xn6JV9UPa2NrsBgAFxsXCEq3EgIk/Vy6yrJ1gM4c6hQZNo5
+mMHHhfwFJ9W7nI4v6G38Ih8R1BimvAMgbB67QWbB1M9fvs7dKfcCAwEAAaN8MHow
+HwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFCmaRS42
+lZ3s8l5UnBPV2fZEkSwTMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAlYZp
+OypzMxPbyQTGr4YyG6KfC6jsXWoDPjKTQ0Hf1MxJqwRhwmS4VfAff+mVu4E/c7D5
+6RM94oLGUSvhDOY/i4Sd3GvRMCHcMl+oIx+2ixhSVhekvtdZayPWTmSDzAjw02yg
+6KSCHolEL0pKs9+SuvelVQtO/r8/7AL3vVfJyS/S8bG3Q8rPG1G7LY6y92kbsq4i
+uxHWR8y9kY4nJDgXztdPmQND89UeqmhhgiSj2vEI7nSFDNRqtVFmLJubjhc335q1
+O4ziqvRFfhrFoEAuZdo5ivsYA4lVR7OSiAA2CBu7p5AKhn5njeGXSfqXRE32xzAj
+AlBwl0hRSkow5npWfw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F7 AB 05 2F BA 7C E0 A7 7C A8 B9 C5 C7 44 3B A3 F3 79 36 83 
+    friendlyName: Basic Self-Issued CRL Signing Key CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,44D03361F214F3FE
+
+4G8csmNRDxV5P5lDILi1qKO7gK12cBhwKnzMbPzpxMmABdmisgALWgDBfLBBaimq
+d0YAT4S+O++fBaJnFwO441VMAy1qKWdcfGmyBOqKyAE1jeLV6lBKr96rLjZ0Ues7
+L9e3AsIE45dpn0cP3VENj8BKD8g5kK3QeqsoRSybF88FtJGdemx4kuulMfBSoDja
+wBB+4p6HHZqgDl8/bOFY+KI5p3ToROyhmcM6DioCDRcxrMh0bco9LoES3WHmBROH
+w8NcMv22BG6armqMW8iIG3u/f1RtEy9fSfKTX3bt8qRPMKhJIov6I9YuEWpjUPee
+Jq+I1IHof4GMKh1wQQIXG23Ya18vLTwg9NFh8PL6eu5s3Z3gef+POGIJqsY+25Sq
+mLTqjSNUur1yCm2JEshgu9aFQs7kQwwjcbozxKlRVQWY2QmSdbkuZnxXtRrZJqy6
+e/DHG/URstn7u0Z91cvjhwgeOkDc0HToqNRu50gn2QiSXvYJnHI+FKjcfRpNiCgl
+dA7e6dBOZiXiev7Jj6ThYH4uwiGsABkiwY/Lm25ufrnl6DFERC10Phw7qpyPt6YO
+Saw8u+6OzyhDMFVRXquOxVp0R0my398OWPZgU2CUa4ofJTYq5xZPYoFnd9VGElTY
+wDnWIF7O0QpSiyVoFHeV7WuZH6JHzXZB/r8KcrW4qNYOztOuuKMNshxBaJAPqKVr
+uvSRqd14518ZyLfPzRSFbJXEOLL9tAwLFcbFC3SpdJdHBYUQ+oB9ULxqMS6PBw+P
+m6pBVK84a5VCmQp0e4wlmSG34i/Sjm2aZ20avaUrlu/PvJR572wzrmY6CzV4L8ea
+lhTpJGjop+o9XUUeCSldvNPRoCJJOEV3q+3MVGnh7/on5buBEj7pbULd/IzV8p4N
+/krV1N99ikIELRoSNKzFVPF7ivgkQOCdVw3+rwa8nCSCOC6bqVfx6145fFouGUoI
+COEzt3HG187d2aUvXwcACvlxkjPLN05pzHrrKu019AU/6mDOZLm+wxzsrfQYqSjK
+n9hHpdOkf0MTwaO5mYDP/J0/fUE0KPla491SJIoPwGUHFG6t77xj+PlyOZK3u1op
+ySmC7aBx0WwbQ8RaX1WBAVTmo++J4tGxobpftJx7dlpjs98rP5+EUjph2oBoszCY
+hgXOWxVpAhEup9MSKx5TZI0qkH1Ory7/p4lNOgSpAALFlXpTTZmGMGhR40i+N+uR
+iM4akQ9A0tVUvXZEynMEK10n4W8G51HhbJB/BPcq20VeJaPm3hdDgHmbyDmnn51n
+iDKJCSJ5wn3EsB7qDwxbMsMN8OTLM1c6nsvdvoZzITUVG2VMSYx2py636OXwRClB
+3okmWP1CM0XyKF/ZjTpcKcoGK/k5UfEgM9qtfiK63Lrj+ZCTcTAU6msTUqjd30Xb
+X+JLvgWfWHzJjx4gV4OjiSY9SeFKtZRL0BU5GWvEMzN9bh8ypSZhgvcXVakuGpnU
+7WpSHjtVHCMNsTIK+QcmBwQL8TU/yeBQcc+Bv2VlkwdwdjP1YEhlwRj2xqqDaKj5
+Z3SWFzdYa0C37X91LrmgA4jyOQ5JDwvmSuiyEXgB2b2ubQ5aL9hDCA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedCRLSigningKeyCRLCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedCRLSigningKeyCRLCert.pem
new file mode 100644
index 0000000000..d26b6e327a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedCRLSigningKeyCRLCert.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 7B 46 A6 9E 26 6A DE 25 57 81 65 81 4B 80 C3 BB DC 97 03 B4 
+    friendlyName: Basic Self-Issued CRL Signing Key CRL Cert
+subject=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued CRL Signing Key CA
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued CRL Signing Key CA
+-----BEGIN CERTIFICATE-----
+MIIELjCCAxagAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEtMCsGA1UEAxMkQmFzaWMg
+U2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMB4XDTEwMDEwMTA4MzAwMFoX
+DTMwMTIzMTA4MzAwMFowXTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2Vy
+dGlmaWNhdGVzIDIwMTExLTArBgNVBAMTJEJhc2ljIFNlbGYtSXNzdWVkIENSTCBT
+aWduaW5nIEtleSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMB7
+JPY6CCsaf7+x7xOXYuekYA6S8sncRWor8AbIH0EXsWYHwfoE6cWVmtYrvewbvug4
+iO39JecD8f5/U3v400q9tM9wnLK1WQeGMktU9y9kv5qcbLDpO+ayIo64MCT+N1zP
+QMMjaTTT0p7bKxDBXJ9xfQ/WRDd4XCHpR/i1VdJwUz3XM1NF3rwdYQo9N4ZOCqlw
+oWo5cUiAsU8kJNqO7oS6O4SbEgTpE4b3k0+a0vWFbLB4GVgC33VBPYW2yh+0f9b5
+4XUkz2xTk8q48xHxQSD0QV4F2AyHLjuTg+ynSZwLVoQ/Z6muzDjmDZ92lX1aWp+G
+IflBWKEVf9NcFb0e4kECAwEAAaOB+DCB9TAfBgNVHSMEGDAWgBQpmkUuNpWd7PJe
+VJwT1dn2RJEsEzAdBgNVHQ4EFgQUJMFVcfqe4SGFKvCtYacVudVNQxcwFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMA4GA1UdDwEB/wQEAwIBAjCBiQYDVR0fBIGBMH8w
+faB7oHmkdzB1MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTFFMEMGA1UEAxM8U2VsZi1Jc3N1ZWQgQ2VydCBEUCBmb3IgQmFzaWMg
+U2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMA0GCSqGSIb3DQEBCwUAA4IB
+AQApbC4TkWyKb+M6KLhhxF8tjfw/GjGv1laoCAlhW/kUWaJluNiOjIPvcrd+yx9y
+1Fqq6HGPaNv73GaO+rEp8aGG3tiCiviCaWq9SB2JpTgvQRz7qOGJ3boMTN4i55zl
+5+acq11NdMbLxnFb7Lpzc2QbnIKIuXQ2EJ2wgGm9jfs6cFLNKfNQiBkObeQVRSf2
+es9xqkY9X4Dj4h0HDYW9qOg/50r9/6kCByUWmTNAFm17IgqBwMK6n8N9O8qAPnhr
+E55WLuUUTllwQME1BukTrtrALVXFlFohEzA58wtNoZQ2PPGPP0TO/pQ7VtGCi8pW
+TJxkdlqxBhl/uyOGYopFSjw2
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7B 46 A6 9E 26 6A DE 25 57 81 65 81 4B 80 C3 BB DC 97 03 B4 
+    friendlyName: Basic Self-Issued CRL Signing Key CRL Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,81E92508AFE521EF
+
+VYXB1vTlA6McBsEVnThW2sKdDnJiTghN6vmfRJ9gytkwgmlpc6zY9AmNg9xhDRQL
+zf96D+W6HoI+sU8Qv1s7zADF9FOxtDntwgH9Uhw0Fj6QWsXRcGbs6m6KgmdDGN9G
+fZWct3qI0j8n4LFn8Kc2ygR/WbeOZAthBD5Rj8rCceoEMbKmCh43XOJe/0UGybZi
+p3C2HMfkNPPeKZ37Mpwy3ucM3gVjk71fTbi9VXHRvn9SSAjiFQSstKGH23TuP3gj
+wxBMvzOqDZhtmRtzXFV9RAEhs/ryKpZg61OV97tW9wZm8p3tJePKxbmdaa/VHurf
+As8OKzG3x3VR/fUN95uTjchxMSckeAoVuQNCW3z4SI4RO/eA6LhZED03sSe1M1W6
+qCquSGVmkHknb5AqxgrWtINKQOqu/iV+gD+rlzcGjCSrzIKbNbElrE2YRtdvEf+d
+E7hm/zdFwo0Ag/lF8o5s7A+ygTI+3dkwwVuWPTq7JINGApspXDgehIJf7zIKregK
+XnwNr+MvlP9qJm6LrzTrJW6IW8aaJo7vSLg7jKRXcjMOhnkkYag2pvYgeTODARIl
+2LUaH9xcfKQwuo7hXOCOgz3mDzuFNSrqA/8LPKaGASFQCsJ+JWlqQNqMxTxU57RE
+4DyrEezMmUMBGgtf5k5QyrAThx16+zdbJPbkLJ1F4cMHYhDfowRXwNkZNCOqW3zl
+u7fciLynocwD0xwh8z/Fr6wSelVRL8cb7iTc3aEfMSBPGp6GLUcO8wDT8Kg5dQUM
+F+AgxooIUdHqZbwIT25g9hZWhv78hJfUPdRCFzi3LE7owvwyKxinUw5gZ8eqcqrJ
+AAuNRPUJWfbk7q5JuImHIgQltwiCycYRazjwvckJvX3KTsxDOJR44Zkl9cS3AA1r
+abBpI8MDjEIoC8Is+IuXdqX1wyA7fK9w6UUXSqzfd23CNpXZDLH2gV7U4WiMVJjB
++6Vr/j7uRTjUmEQ7H/UuCgQprs/4HD09L6J7rvncs+dq8CGccQG4HLuywBgzQd+N
+6I3WpMtmnflPJAHRMb7Z/XLeed5wAy+GHX2oYnauMdIvBfMiycXtx0U03Dmei8YQ
+ymgR0+AR3tCjKZkWFDcutED1Bs8+uvYx8Quc1CMM3Aoclkov/yMbldwOzMyBY8uY
+9GBSd7HYk7y51ksbOKyusHO43v8vh+Y+jkoOKGYqwCMBRepXhPn6Zi/lhuduITXn
+Jp+CFzzdglaqXNXoBzm0i3BdMrymmHpOOax5WOb3RCePNHau94Ohck+7WizVJd38
+2dhAEPnOyTS4ABhCkV1VkLHvXEFFgGBqHG1oqJxz8UI20jc5NXiaJeHX11/U9Znu
+itcrTBZ3VgLkIXkd4bV1olpXNM33GK0tvOA+pOqeG6kYJiIW9XVILwZcCJTLyFVj
+w31PCbEVD+RDQNw5brCOtTFA2xhnKjqEo5JrBNJbzQvZaPp8W88wuGDGeu6S4q4R
+gAZmcYpUrMfpM2bHk8di/clepLwlT551b6aFfPbuLvgYZbPauJM8Mm/L06P4WXRu
+mow3wA49YZtkBqfUPrGyO9sLMsOFO8T4lYBuqVLQTwFH21q5+fJFDWEtcqoDKwSu
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedNewKeyCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedNewKeyCACert.pem
new file mode 100644
index 0000000000..0c57da8dda
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedNewKeyCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 8A B0 4E 26 B4 94 C4 F4 FB 01 1C 89 1E 7A 47 7F 7E F3 90 EE 
+    friendlyName: Basic Self-Issued New Key CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued New Key CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBEzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJTAjBgNVBAMT
+HEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBLZXkgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC5XNHuGz6iZWNrbQQ+XdMzbP1SPooVGGXGj+rqjwsBJMBd
+apOl0bPLVFAikdp9fDHrH35OtKliNJDYMF8bHIDNAslp4XzXSL5c375aKBwBh45E
+qqMf5Ny3Hx4rD6T8bGgusQfLpkByPW3vXvJdvMVOxBebK86wjlRzqtkJmR8sUFZb
+1LvX2lqPV+kAEMRET7EpvYYsEtWK2v4JxwM3AXn4BO6/q4CZnOkdscQ0s0l6wE81
+TWepi1DQ2gXQdCsRYMT38MhKfUnOC2E3N7YKgR7lvs19p15Zbjzo7yhC+jNvbDdu
+/IpQFYp7Zx5FXN7VVoYnUL9LtVlDRx8lekzidFo7AgMBAAGjfDB6MB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBSg/MAs61XukgZsqR7p
+X1+in2IjlTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEVk+zdazhBmjrFG
+k8gFU/zIFK2usFkMJEJKlrNib05uBQZOb2CImrFQyPnxtBb8ejZRk9d1zlTXQs4G
+6O4k9Z24Pd9zbTq/rponVyu7VmW1vAkNJg+716lTeH1VtuqTuqX63mBkISHRY7Tb
+O/KpL7cla8EfoH/I8iITinQR6c2jbqtUhuiEPsgvLXJg1MRuLY4fjJavcH156FZE
+R3ctID4Ww0uesZfVsV6sIBkw8S/EbCmGxs0aSph4qPIzSa/ay+HWN+gXR3PucFoL
+K8Ryx/7FB2JHAUu52idJF2liIhrEeA0Mneiu+RY1RPUel3t/YIVFtqcFJvVz143U
+M6elH8Y=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8A B0 4E 26 B4 94 C4 F4 FB 01 1C 89 1E 7A 47 7F 7E F3 90 EE 
+    friendlyName: Basic Self-Issued New Key CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1CA182710FD852CF
+
+NoTa0aX1LM2mIEhbAb/Dfvueb+Io0G+kEJcuIV/07hQ09nMvb6azUEYh9T8b5nul
+a+tsYrIba7vB+xqhk595df66YKMay0JwLzBF9zABlRB/XpomHTcyA1cc6r9kclpw
+fyhLMiN6GxW4zJZrq6/UipFIhBHSdYcf7SnqeweaUO+Al0691ieWrDzc6qC781Pm
+gBsvTwOtehUJhd58G+rZAcz8XKKlNKmPedD9Ljoba+pQLe16jTqKLEmYOkqfROng
+nUAp60UhDZiM8ea6VTvQpE+TT/as91msr0daH6II/ztVALFKnYGg+0JMA3XEo1lU
+QTvxpc30u7XCIcPWO3yiyvmkiyQFUFslfuMK4yfM2GVTDNs3q53X/32iiQEjR2B1
+/bHXWCXrJfjTw/R0oSyKZAIRE6oiVnBD+HxmaQPAAOU5yVQMRdPAWEhlmt8iJzsM
+zb2GU32FF6G5P4KPM8e5bQXIv1wOS5OHOJ6FF9UMW2uMa3IgVWR1fvc/r6L3nauV
+BK3QWDfrqWargvW/tYnK+oKKJfbKwl2uUO4uBaENZQDxOptmCMjRi1xcNBnmvPzV
+EJVM+Az3fpL7wEmJJW1rap6DmoLiMC1qNvIIAo23PjUnz0CVbrYlXY3WMHzoSnrA
+aZF63VS0wKdlVQzvX07nbck0XoPAeaU4imj1Uo5DiSeaaHZtI6HjvydDpO00jJ/x
+r6pBphRUZrLyO+qm2X4iM8yZV+Tpx00DdwFxOqCq1nkOOxo6sgmc2SS+p6Bjo/Qw
+PfY48SyXaYPyDYuJNnjiYG69Vn/LxCbUH9iIpOzNNhR5V4L08C9fGsAnCIWD58Gu
+vQFM2eCwJoWpSpO33K8hlrgkODcNW4djbFY59qDNhSeSN2Vek+R7Mxg5s1n+WEb/
+ETMnmZXhar4eazlYlbTyBJC/GP6W7bT+TCSpMmBdEpQ/oaMVanax/gnVB8LFaa0D
+LadAY/fD2jgM7tZS7k2g8c3M07pMjE8Mhv3CJkgalH0Ruzf8wndfqWp0BRw0EKss
+yamMO9RUhCHXdBVdmkgOy49v8BhC+yCd9Jml8s83pGNkqprU36Zz+hZTLYxtouU0
+HeMw3aa5D78CpO/Hr4PN5QxVQMvzvBBG3SQFE8M0Au+u316pIZjUp5qHEJATazFz
+o9ZlAieuN9O21drccNYPBCWssXbV+GtfQxTjngHnqrrJtBhiUyqQOH6FzBmQnjfu
+uZaP5wNeWxdejV7/QQlt4mtNdEztHyKqNe2q4l1FR/VeBCi79uA/uSuazSe4xqoC
+nY1tEpKtQ0u/Z0uu8jjVtNlFskvWUJUikM0o/LOHkk/9DuphqoR2gKXdVsDpA5u4
+SFk7LSdEKnkDCyx7flzoIcyfWFhN6UCkKlmypHpnCRhWEeIRhtwILLUNNU9hBd8W
+80bmUd1bOVzlEHqmzmJA5qlxiBn7Fo6j5zemA5CtiPhduNsecKvdOa4hIzvtuJev
+vUI+qurHN9ep4FVVXzsExW7aLRKEpm9QhNj3N1ubTSic8B++RkrAAzBgQqpnAJxB
+BLWHT6NyCCm/sBAXTwlLr+uasGFbJAOOF+k4ENapkAbrtkQmPG+wfg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedNewKeyOldWithNewCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedNewKeyOldWithNewCACert.pem
new file mode 100644
index 0000000000..c04ed686f5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedNewKeyOldWithNewCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 11 8B BC C3 76 8B 8A 53 89 80 E1 B5 AC 95 25 AB 3F 34 CB 36 
+    friendlyName: Basic Self-Issued New Key OldWithNew CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued New Key CA
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued New Key CA
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgTmV3IEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSUwIwYDVQQDExxCYXNpYyBTZWxmLUlzc3VlZCBOZXcgS2V5IENBMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuYeWkqqoBSkNp3YdQQ4G+ay
+LFZFCn+bnYVlzzsOkYPtTBLCrGmO4pbRT17KlawJz6BHgKuorO6P3gDDtxyJA4Ia
+i4E3JFxtv496ZacKkj8ktM4GpSPK3e7GioWaGd7lUqS9OYAIJxrphwHE2Vg069r+
+EmwSDZFGl97qxJsEkapd/FfrnYGCmCeIxZix5ulH8+cQbBwZJ3sLCW4S/HYhmYc+
+9yaL3A29enmnPMRtqhqv0yeSugUweimx9BcZ5LmQL3usvWnsvC/OwuuXVt9u9SMF
+NvrM1YNraYPYDCXt5Iin38J/N7tQDoohgbZJ08nBfQk8ki+wSYiu/e5dC2UKlQID
+AQABo3wwejAfBgNVHSMEGDAWgBSg/MAs61XukgZsqR7pX1+in2IjlTAdBgNVHQ4E
+FgQUdnzYZAQ0CU/fcSF0DwwWmzaogtcwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBAQANwgEHq+Gto3HLdtdiToVQjR+jvcI2oAMSwxwU0eHK1gxXvcT4zZR6i+aq
+Y7wtO+dHmo30QF4AeHGK7k1sYrlg3gbmd2dYKkhDmGO/Jz+Ca+4ekt/6TKgNMaVp
+30vI4wZrWaF0WGgjAhmvnqVn2FJR3QvYODBnLP+FI7wPejWa8zotkGqwfItm0UMF
+0VSKJ9OYB6hdNX01INtZmCdP7oPaH2syEHAmjjrotbQjdX1IQCzUCRoWAY6vs1ig
+pFuraG04tCBR/iqw1FYiASQuYEnlDezh6/g5939WqY4DFdXZDDmPx5P6E8hsLeNN
+1KkYRLxXEMcNVa9szORpOQP16nuU
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 11 8B BC C3 76 8B 8A 53 89 80 E1 B5 AC 95 25 AB 3F 34 CB 36 
+    friendlyName: Basic Self-Issued New Key OldWithNew CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B88FDDABBD002B91
+
+Ye82Wk/TIzdwItiZon6+kZrsjnbUdVdTaw8BxIwYtP5m1nbKHpKCtGzk4kM79iLD
+gqjwSidKu8aaK0on/QJiUvAv/r8PusRTcSuJ/2tXeLAxcPjFjoamHmfJtfW/sx1z
+nahpijCH6qL/GlznyvbokF3Ay6PRWYhcCyc6KBKkJtNs2wLDNV+cwjr/9xjRKmvz
+MbPBfzScPyYHTnKs7OtvVXBCrIw8yX0xkfTOd+o9JVJVoGjwvIofau1jQwbWXOn9
+KBJw0hO+yTd1xHC0YdEIJJcCfkd4m3IMCmREgASTtIyc9aEtNB+5goC2hj31g8yn
+ma77pYegInyt3mzN5idiBq3DfSsj4k1McsllrtJ6ZhThmEkKRw0y1iyXUDJt8HZe
+Mh99A2M0I/kafvqnfkBp50pEfLY5mOw1LlKfYSWncmgtUpnZRTl5mm/gw9x5zVLU
+Fn5xuPo+5fSqf73FTfww9cJ7iB9Q5Ye6B8081KPJYD/0tyBi51+2KEy0iltcNRhi
+Pe8vLKNfMWJYx0FneZWdLg2d9NyfderEZSkFuIjwKGpoRQL0DQoUxqOrKjudDy6V
+eotuDpp1J1iZjxgUejtzTbmH9pxASFAfuhMyaQo5ktDjVVpjABC0Uy2CHMhcJ5CI
+EGb6lVRAnAiYSnH+FKDa3EqYFGEYLMn6bs9eo6htWJF/P1uWPve6ID59Fa/QzHVS
+B/xiiLsy6XmAETsh5kUwvftJ45SXEOBVhfFOGqU0N7aQ8dBWwjUD2CsiKn5IWyw+
+J8H1cerc0jPsB+K8Wj6NO3TbLr/GmeefvxjvKi3GlUApf479L8Mw2SBnUBnPDnmp
+aw95YfWaCs/3DgqOcAfpEXt8stsuZSoLQfYkMfJBJObIcvd6mQChe2/ifFVNtknD
++5DBeKB/+HH3fpTU/57uQQpO7hfLebSVIf7O07ToPOo9FLevTMg5iTcux3NvsfCW
+kVmIOfkT8sPgeeGbqpCHGMRSZB56ZJlogQE7zXjJeSeR2/uTQT3amiRLZDBIxk0V
+sA9tcMNW8re79QjQQnTOjYYrRmrq6Dg6fLLbWWdJZUpAhXBE5J2Qk+BI/8rY0AU5
+VRnjqq5TfURuPPozQhVsQZHBGDNJQUOICeF0ELNn7/PAtNdh0BtqiAfowZx+2Adq
+2nw2CaqaGOdyxbrRC9rYHULA6nrjCGquL9XGWONFjL5qwCyprasYOuE/N3g5dEiF
+I9STgmrTjqR98ydBPo7iORWPWgtmAv/YEywjOahKYWcSaymJMkFMvvyLEaswdR74
+0ETMllJlun83DpRiAiYBcQ3aHN7QEcB//YcVnXAp0Ce9BZKZfU/OqJyMrQVznCjq
+p7nXXcUdw6xolRwumuWdzADiwbs+0WKQbDnQZAIGe9Btl1JhZk5ZUJq9TWjLHdfT
+x3vAy8/PHh1qsY5D16r/If9wlKftSQqABEqKJTkD95dZx6QEvoYb+6S8EPcJsSgI
+p+aMnTcupRxrPMd32SYDkhsCIo3QD3myJvr2r/81cV2jaKusihdSvxD6B4Aw6kjI
+R+9itv+ciAr5D9woo+ty0S+qLx524wd919/UgYhzBlTGhOEntgNVQw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedOldKeyCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedOldKeyCACert.pem
new file mode 100644
index 0000000000..13d9b8cad7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedOldKeyCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C1 21 F7 65 9F 11 1C DC 53 33 E9 C3 7D 17 B2 88 64 29 E6 81 
+    friendlyName: Basic Self-Issued Old Key CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued Old Key CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBFDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJTAjBgNVBAMT
+HEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBLZXkgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDON/+4hQq8n9yn0+zOChnBhoToiUxpbFbxeXd2nZuipHsT
+I6CihmiMA+KSX2Dmugp79bMcGt2V0q8wpFzH7unuyGj2J46gLJzE59a9CY9K9SaW
+aW3cnQdpY3XpaqvYX/5VNvbC9xNsdM78d3wYQtWGWF4q19orG5zbWkASYmDjiwGR
+inJcWBtZ+wcBiAKjMBIthvuKlr48QCwhda7xETbcd6Ms1xPVJNMF9NHEVcLgpXbl
+4ZEAlsUu9pqT+4re9wzgNrHCGTxzsz5uOHUl/kFhpSaSbEYmqwGnMH0Y0W/okVZX
+/sXUaaGeyEgLeoT/3/WjQte2X1Axbi33LFnm6egPAgMBAAGjfDB6MB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBTdDXWNU2gSxMsVQMAU
+hhQWMKG+rzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAI+gcK03dWLaBlfh
+1iFqzeQoN9IffPfdEr45bA0kKELDQ2mhez7xqmZc05p54BJQVCldcZ5L+L8HRuYA
+rDXQxoaahQE6QevQtsvdcoVfixLF5xc4nkizsHCx5foyZlo9l9mkeyBmLQtMn8iN
+UnOkZOhkPxsWrgOLE5F/3y+UAf2vYu9AblcXz0w9UOecDkNrzt/6BB54DzIHYWCZ
+v/CC9cwPpwVOgOAwZ9oUfb3IPDhsolRLFlXKSdZEK2MO3B/ATqrvDm1ndETnPs5N
+PB2K5jXS9ydHxNJhm8SUT10gxOV/WNIqATHZAHxEWL/7wGi3sZVqLdUegxBDV2Ap
+8GR6OMg=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C1 21 F7 65 9F 11 1C DC 53 33 E9 C3 7D 17 B2 88 64 29 E6 81 
+    friendlyName: Basic Self-Issued Old Key CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,686BA42463727BE8
+
+eCspoSk+HBiBPxPw3/jc6CjBbtpzrvvAvUdXwjNr4dVcyUBoApqhs7DvMk9WaHNz
+hvKgkqB3uis+cS7nJqYD75/Fkkm9hNQBj0jSORAlkLdhERMURTLE51Lgfw1U8wX0
+n0jcO+6tQaN3VADG8haui4RRZ01y6pTtYxnN9ry98/WDKgNdkMI76U9o1k6dTXhO
+anSzkbtCL/N/nlTDvcZGdT+PQcHUy1pjYgpfcE6xxC4vNWpgcfMRFtZ7KZHv5QzW
+dexqgBoTP6VMgVUpbpUm26L4sQ0Vs6wpVQrHrHjIo2ZThuIUH8iX8GNreZl/LhIH
+foYNeY2LtWca9+qOZGUNWzFwnXtK6vtfbmQMWYtYg3YxOIlqKbzkbkJufErP4dnL
+6Idfwz7mgw8KfNpvh1VamoHiGZV2FksZazv5N5fsKvuUokK82FvyfY9eIIU6ObRA
+fROowXltBFobm0VGIfjGvRlZrNFFJdkbDTIZLqF01+u2/E5SO92QiZ6N16SmuJxE
+hAEcW/NRFz4b2JhHaYO3dLxtI/QLXhuW0jvMZaRyAB3jTdsVIzT7S4HIOgHnJi/G
+Z3o39Ss/cdGCuejzDfVarPx2CTSmFI5Xy2T20DJkvQU4gKYeZWZarr1UMIUybXPs
+A9aBZHjisoSWe8eevsIH3ywbeP9TUC9OFQy2K8gZ49g4/Is9ETMz+FpuqVXIqDLl
+gm7nVFX5nNDEvnzHcJKa0Sor28I8mI6a7Fr8/6eXjWkJdn9xWoMTiqnFiZ7+6kmK
+hIJ457ZLJ1LVwD3vHA9xtZTv6S0CiaJp+qUpTT94WuZm+bE6/10h15JHTWIR1Cz8
+z4lAI7EDNMoeso2Z9F9UvhLnfcwRqsZ2DqSlYv+DBPH/3GaEk1CbLhMc+CFoiSJ1
+YAs6utmbPxqDRuKnvBrlLUGdFuIepzcCWv6z/IH/gCcnrmE8domcnQQHAm+nNQWa
+0K/XX1uPjhdMaq/vsj1LT8Lx2atmVFVEHTRJTPlPB0Pn8ySmgutIqn1+7JrWBwqF
+oNX1aTDg6tOm5Au3CD4Pn0kQYuR3aQouc+QHBjlDoMXfQAEThnZTPpkUEqFWmkCD
+yQh1ptEbp4OLDasG/4ZSqW+8hisy6KBw94vnuDihyipEjXCcNyl7OuiaLnaoqlpC
+2f3uAdWPl1SiQmqdpvNeTAa13P7ZhZM9bhY4+5ihczRv0OTMYevfjpNJWfdG7cI9
+8MKRMsGL4SmlZHAhQnalvjrH5+5xO3u2Jpne2rwe5kAqx0tXKfVCIQo/gXfCg3Rj
+qgGizdk3DebGq0NPSju+iaqhcXGTz6nkpGrIoUYq72RBQ7zDN4xN5x6ujeCMHCHG
+vXrk9M+QMzWy8IPKjpWVSWwA8OMLAq8UeN3xlvMxpeDsY3j8PQ41mjyXTzi1xGxB
+jmFj0AiC5VFEds/UA5RRU74QYpjD6I9ugIj1nZgsF03k2nPo9736UNt0vsc1HQrI
+GyTU+JI/eT2lAT6jSW2LFkRf3QtNOqhdQfLx2qHZxmUpkeFf5SkBUWixNPsEm1kM
+V4SsRP8ofaSV/ek6/mSw9E2sJ1dDXVeToBEsSpa6hv3mDGxXunJDgg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedOldKeyNewWithOldCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedOldKeyNewWithOldCACert.pem
new file mode 100644
index 0000000000..25358166c3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/BasicSelfIssuedOldKeyNewWithOldCACert.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 8A 32 06 AC 0D 6B 5A F8 27 70 A5 01 B0 CF FE DF B4 D7 33 5C 
+    friendlyName: Basic Self-Issued Old Key NewWithOld CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued Old Key CA
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued Old Key CA
+-----BEGIN CERTIFICATE-----
+MIIEJzCCAw+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgT2xkIEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSUwIwYDVQQDExxCYXNpYyBTZWxmLUlzc3VlZCBPbGQgS2V5IENBMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnBPMPPNq8WIRK88icq0J2qG
+OEExybgfxxPFyBcrFCWbj0inqiig0WPqiSCrcW4ZT6VZISTr6QCAl1dLOcVbuQee
+RAb0cAmOQjJi0uwwJbU0x7v/SXnDVRLsfSVEr/MidweYBGypXZGAKgkdc970LaZG
+929yh9RUliQ5BCSskTfrigH49LEgGBAW3apYmxtEMQb/ut/RcDXHKd7737AGlOAt
+b8X8scwNro1xtAg65ZAZC/QJUtSb/M8RuwWFoR5MJJPJIIqseUnWEfdJkbD847eJ
+GdqXrOG1mg7sbrV7ZP15aGoDPQBxaMMfIZfHcHUGqTQ3IiGzC7yr69PtEN9ZCQID
+AQABo4IBADCB/TAfBgNVHSMEGDAWgBTdDXWNU2gSxMsVQMAUhhQWMKG+rzAdBgNV
+HQ4EFgQUiF++PzU5ZprrTcImGyaxKie1CCowDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MIGABgNVHR8EeTB3
+MHWgc6BxpG8wbTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExPTA7BgNVBAMTNFNlbGYtSXNzdWVkIENlcnQgRFAgZm9yIEJhc2lj
+IFNlbGYtSXNzdWVkIE9sZCBLZXkgQ0EwDQYJKoZIhvcNAQELBQADggEBAGstwlRN
+EPUE3/8XGiiovpDxI2IFDQui4YhbkoxuY0Cn99tG6XeAnO2RNmERe02iTqDTM+dQ
+VRBNkmCSN4doDsi8/14pFeoDz4KSwQeV8H1bFZn+BPHs3E1rCiZOxNSPsgPseReT
+F/FkVyLsChKEJpPC+mCFB6DUUAaoun3EMFKFZzL0BqAHOnQPWj5mff1XKth0CyPD
+4KLl/n+n/IXyMPftmCDaFpvC3QcYDll2jnSXB7VVcipEcSJbzbCRKU0WEEYl7cd+
+agEmeuwWa3KldkWU2hZ5iiGxPPrZOzemyRRu1a2bWARcGJIrnZaJHiDrPmRZmYNX
+VIztjeAlYFC/hDU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8A 32 06 AC 0D 6B 5A F8 27 70 A5 01 B0 CF FE DF B4 D7 33 5C 
+    friendlyName: Basic Self-Issued Old Key NewWithOld CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EE464B14C12B703D
+
+kPOe+CWFp+pW4sWunL4ROXcBMn2cNwjylW9O5KugAhvwh8zRntaVyltp/JQTz5ly
+zVIeTOsdWkaOq0sT1gAXqBQ8ZAsHFPFxuxYGMLHZaIllbgZh9DV0AV9NjmDpsCJv
+eqTg/uvwLY1qbMF6qkiaM6pHxglhF0sgkZBhmJGXTkoyuoB+PpBtm5E4to22ks/s
+WkPKFgOt9qX5Pe8qEYfCxvnZ0mfg+iyQFPLMgTH+NaOzvGoQl0KrsNDCiuWEFswA
+2Y0mJ7y+dVkeaYyIy6XSjymvWF9vMuqozC5jpbc1OloAtdCNClsPJ3sD75Jz/+Rd
+TMxgamq9oeB6OZrLK2Ep25uBF7NsHxgidcoBLdxck1LlJD90vs/9+dockrwfFScj
+FSfU9O9Tkg3+m5oYchI2jeIQuscVGJHKxd7/j6sBEhJyYiZzQsbMqhZjNGuYZxBm
+wDih9bawzIdu7GGE63bu58gdYrEFuU2/DNUuu7OcGn106TYiEkQZC2yMIud5lOYe
+Vt/m9t8iBxZBDXRWqer+YCcYvsN5fRDmtAKbJe3Josi0RRpCcEL0+J8PcSbA51yE
+q94iEPWIA5gAuROzDs8BzUxqefMVh2jfMCmnmCT7/TSQsTaYs2lm3MuUg2MDEN4W
+xe5Tv4JHIvx6bx+wfU+Qt31MGoVEhhdtLCUlJVkbv0rwLZWbllmBPVlqkBBMFP9V
+CPQN+ujEpFH9v76uBnYf66bQYcMYcnRC5ZAgI3aEgG1sCdTL6WIewqaSBhV2rzeR
+ZG0THu/a68IuQ4RFmNOBxYBSV0U5j3qTgQWNtritn9yA2sJBqtYrxeJBOaLGvs/G
+70VVNv7JH7VfY2BpefcmixoyOUHegj6/y1kTy2PAnchF+uW/MndqdgZQwBp2WqWI
+yYAXyqteQedhXKPAIkSqhkXuRTzFmNs+0ePk0ai6D3Emjujx+9JPu/onex6ft+lm
+4tctQL3O7m3TMqhJ4epyWHOeinIu7794NBH8BM1eCJg+Hnmfy9eHGhcmBUH3FBR/
+cuENsrlPAhZrZ55P0vIMq4CL8sImcDKmjDuf1HNftTLRfu1ujq9VISwV5jIGWm2v
+zNG+E+H9oDWOwVWihVn7RW8pOQnsy3JS0dMw5JTUHl3096uZvfy4P9sFicKRrFm7
+AaH1266VcV9dcmVwIKy5QUYiXdAQoY8AGzLBbMqo+ItjNrvyiFYeAjRZevBLnyhk
+vFHK+L3V3IcHgag2Y+ELzLXu1vrKYKA5b1jJGvYsCZACgDFJjlIg1uwbPZAwb65/
+50+7UFjhiC9DnrW73d6LnsmsronNhUqUMmQbt3+U5b97+5EOdrHl33DiAEE5oWYt
+4BWaKJ/aEPIKTFAVKdm1N6G83CinQDnpYTMWIVNt5+m1MVm+eyEi1j4pXI6JxePG
+3cK+1Byg4y8dQJDRMdbUfeYqjCgSMT4L2th14w6bDmy128TEqXo2K3Rv9qvgr11o
+rl1uyVR3pVbMTU/X5qdk1W36JaUqdByX3jyXjdApecfKMCXccwWI2gl/V9MmLZ8d
+tg4dAMfeLNZHpQJ5cYSH/OXLCmjEkqGlOUTkbUUxa6s42ENKBGE21/Ti9e/XMOa+
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20.pem
deleted file mode 100644
index bd06526d83..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20.pem
+++ /dev/null
@@ -1,120 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=CPS Pointer Qualifier EE Certificate Test20
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICuTCCAiKgAwIBAgIBFTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK0NQUyBQb2ludGVyIFF1
-YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjAwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAMoJaBG/FNuQhA4cgeiGiLpg79tevgtM1J+7DRztxWNGR1ETJ2fT
-76YKUm8p81GifGLyp0GPixlRYrORVU04fWNYnx8Zf7rkoCPeVEDinuLDtIrrENam
-41t/iHh8pI2pzuA+AUUT9MOXDyVHFx+hGhjOseGtcUIJB0h641auD/XtAgMBAAGj
-gagwgaUwHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYE
-FMLcmlwicNMKSIWer8jYAJSooOpzMA4GA1UdDwEB/wQEAwIE8DBTBgNVHSAETDBK
-MEgGCmCGSAFlAwIBMAEwOjA4BggrBgEFBQcCARYsaHR0cDovL2NzcmMubmlzdC5n
-b3YvY3Nvci9wa2lyZWcuaHRtI3BraXRlc3QwDQYJKoZIhvcNAQEFBQADgYEAfDo9
-XQCL4ynO7TfTvX9MENaHI304AZw1YU+SP2zkPuDd4HxsI1FK04q1NbIaJ+TOVfk3
-Fke0kNKWelXWa4JcqZ8eg1RxzRsqB47a0IdMOcVwwjKNI5U9KkHRvHjCBMip0wjU
-j6Qw2ktcJRAOZf2zsNks/lq7d2+7udwTCiASQ84=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20EE.pem
new file mode 100644
index 0000000000..88d531697b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/CPSPointerQualifierTest20EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 10 DB EA EB 83 D9 52 B0 6E 6B FB F7 D3 A1 04 D5 B2 47 49 0F 
+    friendlyName: CPS Pointer Qualifier Test20 EE
+subject=/C=US/O=Test Certificates 2011/CN=CPS Pointer Qualifier EE Certificate Test20
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBFTANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGQxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTQwMgYDVQQDEytDUFMg
+UG9pbnRlciBRdWFsaWZpZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDIwMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhW1cwuWNSLDxdyrOixpJM40XwVpspuF
+pFGa73TiwQs58B/3i6tfcGygyAAmZHYGoVKjIq5LvPbirMTnCYQ4AtPQwji0AuQN
+KmCwSAAjY8WPT73mSvAEpv1C6vhWq/PYcNbHq1PHstsD+V3dXc/sLvBXAXPFEbD+
+nyhBpIReB+efZ+fcLDRg34th2GezPq07Q7OsROHL+35JDqtMTPibpsNSSMETa8B/
+5wW0j9PxpQqufx0sVPpSXtrcK7tn0dlhhwW6UnDfOQn1XwFqmYG/UQ7fKU/uIH1a
+VQTAA7GnemZ4W0XFZwoccOOiDapNmlMfMIs4JhlkpUd1uTinDGCzPwIDAQABo4HP
+MIHMMB8GA1UdIwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1rzrJMB0GA1UdDgQWBBTu
+QtAPWnapZlaIwYeYrcROSL3D4zAOBgNVHQ8BAf8EBAMCBPAwegYDVR0gBHMwcTBv
+BgpghkgBZQMCATABMGEwXwYIKwYBBQUHAgEWU2h0dHA6Ly9jc3JjLm5pc3QuZ292
+L2dyb3Vwcy9TVC9jcnlwdG9fYXBwc19pbmZyYS9jc29yL3BraV9yZWdpc3RyYXRp
+b24uaHRtbCNQS0lUZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQBqPx9Nphzkn+AqwLQC
+tz30JaETh2kPhqKYjS7nUwbHzXz/zxeTrbQ7fRy6UGa8c1hyUtnekKZ7Y8T/cNAv
+ltT+mxWtye/58YbSBSu+RdTJmJZIXbr7ZHFDwZC6gcMwvIuOe5nGRom6Yxthmciz
+rCQ7m6H0VqkwZLMc2rKPKw9t2MmkUMHgxCIyh+Fa0x7jvkbe4cUP/7+CRr9tT7m+
+Lh/94RYNQ16zIN/GCZnH9s4sjQLnOiGMQ41fa9zKngazpS4fMrxXPGc+NgFjVrk6
+qZ+NRavzckQPEGoIZrR+8i4GFxfjFzTD+rGUiKHb/LO+n/+GKJhc3EhyIuHulRV4
+eB2G
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 10 DB EA EB 83 D9 52 B0 6E 6B FB F7 D3 A1 04 D5 B2 47 49 0F 
+    friendlyName: CPS Pointer Qualifier Test20 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7280BC01FA9C2DEF
+
+hO0TJe62lPeI7f8ZwXJ6u89ylbiT79g54Mbri0gQDYk1oAZDn+7JkkNOwsZyI7Bw
+mdPQYqnSaWYkIZXCqm/vuQuWpO58SgxqLoL9PfAkG9M0I8FpEmI4BaXrv9m30Kkx
+1d52XSE3h6d9LdJ51qXsxgSngM7tUaKo/6mk3u/MLdfhETfqB19Q19wLR2yoeYsn
+SaizInE9STM6yswayHOrlrhVDGDtbRi7gavaxaM6WgQ/8P98JwrcZ+IK+4K/kdkl
+KhhOZsyZYrJ19HlWccv0Vxn/rX/K+2Ddu8MLr/g79E7Q8k6TAcS1ExAhmMtqXVlR
+oF3fGa96Ai3cjehUgIrgsx/lKjB9bMTV0m7Nvzlfr5ERuaEHR/Xr7jl+rpAU3jPc
+7gAThCQe90xFzOnNhFhw7xcAPMZX4NFtED6LXt0sEV/NbBxVcHBeYaLBZRXi7dNu
+PggRhqAA19Sl7DDyf+VFAdlVTbHRllU4SMsW/2xbicM0SzVrjs1h47n4SiJZzR1n
+RXZ5WY11ADHUyep74Ba+wgZJASPj0t2/gjRg8FCmUq+sAy8oAo95Khkm1rx/wOBA
+gINsYtfVql7Rj7Nnh1e6W28Mml1o4xrjYzLcqHWTqnt3NH1xHSPm51PKKUnb74qT
+JzgXbABQ4u1JTKMmlxPPUBnKLswap3fdazvr5rlNiKN+tW4qEj4JLNtib2NpLExn
+aceBVaH2G5IuuUGAachdvEGO61ZC+lXHEarffCsQD7xAt0w3zu4nYs4FTudtdn3X
+iVFqC+a9fPPR93YfHB+m6pD3LfTeP2IVGhSAIS5C9OV7iHqR/Hzzt+kitaQxjj4S
+dZpKFh3w1G5hbkfyHII0AWWPgIKJyOEz+9pJVsIogXRC9elZIFwAcDPr/ugoiErL
+hVWKxgbQe9KkPEnEogrU3zcAlqTPiDIHWSqZ7nEdImBDR0LF9yAXBEy0tyPynNHU
+vqR0vjp372HN3CyH1huszkJ6l58qiU8JnOBS8xjnwnE+aZR1zPVuLFyqYmUxwhFd
+rR8LCCR6k1JhKFgZoGDYEqRmFB78pKajK8YoZlF/7oYAfjVh8bygHMYuFIXl2+BX
+lyHOmGUGawsW3VuHMWM6nprLckqt3EA7faG5ifXYvYUy2REqzfUaRocHHm3sNs8V
+vhkSDakppHozbUyfnqU4GWkp5xI8rPHRyoKl14RRsVd2vphVTACoACXLzZNh0u2C
+iX5dXJ4wQdoecDKtF0mgtRqjJ14ps8pBVFk5wA2oZGUO6t89cdKdYNGW2o+agmep
+u5xAh9rhPd5tWSoyzydM1jBfKcGGa9RyqoHe6YYjfpYdGnI+gHsm+qr21FaT2CAt
+hVB4pygAoB6l9uFXsPbm4QMRTPwloquHOHJUUN5bEjxhcQR79T5qPtYxSEWzRxda
+Eb6qiD0x143h94j7PAV5uC750Vr5abQqMpqwfV7Q6JgNBvhqw3CLN91G/1YBZ+e5
+2gxfSR3a8T0ExkFEtYjB1XCs62jnujUcqrEWYuiE6lmxUidXyIyw5FQHwmIPPFq2
+axismUOyMVjarITj+KlE30ZLrolKzgkQMpC0vwjMJYlIhdPZY65UXX8T+n/wqSQ4
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DSACACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DSACACert.pem
new file mode 100644
index 0000000000..b6eb97d8bc
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DSACACert.pem
@@ -0,0 +1,48 @@
+Bag Attributes
+    localKeyID: 6D FE 06 FE 1E 1C B9 70 5C 82 34 BE 5A E9 49 2C 2D E1 99 AF 
+    friendlyName: DSA CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=DSA CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIEETCCAvmgAwIBAgICB9EwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDFRydXN0
+IEFuY2hvcjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMD8xCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMQ8wDQYDVQQD
+EwZEU0EgQ0EwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA3+URPtrptm4Q1uqd4p06
+sEe9RADHVsjMbtAzhFZHNT32VMjjwq27unXzLzMMpvkx7Gfj5Zlt/CluqleIcjTi
+jgCQ4KOsZI7A9jwdj7TISkgwXn+qnHYmC9sTczODl8DFs+Y39T7/FQ3UoS66Mfir
+h9gLzHeYQm6sk5jCvS57NAsCFQDPBgTY/4vrAOn2XAeWc/2WZTovBwKBgQDM4Xyw
+zpJfY+w4u0S63ZI0tl6+ZXvYcXcEnexmfDsEzrbzUv4PklUC704Sq12aLi9uVvNw
+7GrtmyK4qBPLDJwW6sEKjiEmRKUM+aDsYuBwMcxo9QuFpEobbnn0wfk2WjhvTu+E
+U99n/cz3WWKPnJzNEI9cpA+ctwfsYPO+r345mAOBhAACgYAm8r68RrnkebglcwaR
+1iwnDKicj8nv2gXOXfK9O7sigjC4yPmhGy9h5RrMWu/BS88O0U+nfGtn37ap9xYy
+cmH0x6ionWK0gfjwiP274z1r27bbXVQ6hbaP9z1vizdHHPPNiP1sRFJMWBSKt5SO
+cfWhPir+cD8ln0CrcSVAm6e5x6N8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+
+dbZlp9ldqGYwHQYDVR0OBBYEFI+Qxox06HsMyFnHfTxbVFlgJQuxMA4GA1UdDwEB
+/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAGE4aQgafVYNodDWs4oastLldKjYFnOlegU3B
+iKKfHJTPRF7ibMpIEx26666j+8r/yAo3mdO3AjjEcRYpY861CTnwXFbwvkZ+LDCm
+oWVRj4E7yElt9B6VlL0kkKGvsQsuVTOF6wBApuBRezet6egoy/tlnvhy/BIzEWpd
+2O1Id4Ty8p52hujNqVLWS4WV0zObdvNc9hv028L/hcuXPKFsSUBZLxdAezJqu5Lp
+SS5XKS8jW7qkkzMqnlj5JwZlZ/MkbR74zHzr2YYf4N4oH4LjlQLaTMeoul/Gx4c1
+4baQloxKPHAS6pZgSLW4Q2FEGJMAz8CXT3sFjrX3m+H4V/u1UA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6D FE 06 FE 1E 1C B9 70 5C 82 34 BE 5A E9 49 2C 2D E1 99 AF 
+    friendlyName: DSA CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FF088FBCDF515038
+
+0/MfMzElgraRX9os51FaeJdcx6A9jjAzUNa5OUxtrvUKd6DzckyDweCe1boFF/hF
+29DeFyqQZPiHcRA1/hKgGaXhOD469xGlbcdBEVfP+uhdknwihEer+llPlZBndbQx
+ue6w3urDVOI6bU/YkQtFIGah8FCvviPVK08/6HFHqn47+S1cyqaZwGUpwKqDFqI3
+mwujq3jFLs5iqb9q6pBybrxQ8Dq9rYyxM9LW15PjU2qev4e18vK3zhyY4l61xPqr
+m/9PWTvt10OFsusjOnQFsrnhGmKfAYBVlFZMGjJOkmGuuWr2GCdAih0r0rpys2hF
+5G2HvFB1fUbYz0YNnsR+HmGel7FkLlhkVwLmKE/shXGKaLOKEM5A1VxfHAyl/4Xw
+d7ytkUScDWJ1Q0MOZRI8NZXCPagVUFwxYy0GyrSqSyKJS+nlIGSDuokuUYNBEDYT
+5eYamXAS6QvyK71nQa9/+8LTqoWblvUITYlXgfABxiNQklxjc1PfOfihqeLHuMyz
+j+JwpUK+OVAXkyo7jY6AgjQFehk1ce/2VQtVkvo/KZKw8q1z+4p/WNeeMUbXe+H3
+Ni9y/gecu4oNjYZK1ZQIlm+ucDFs6J4e
+-----END DSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DSAParametersInheritedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DSAParametersInheritedCACert.pem
new file mode 100644
index 0000000000..eb0e3f5a1b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DSAParametersInheritedCACert.pem
@@ -0,0 +1,38 @@
+Bag Attributes
+    localKeyID: 17 40 D3 E7 90 C7 A5 D9 5D 9E C7 97 9F FC AB DD 19 CC 36 F7 
+    friendlyName: DSA Parameters Inherited CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=DSA Parameters Inherited CA
+issuer=/C=US/O=Test Certificates 2011/CN=DSA CA
+-----BEGIN CERTIFICATE-----
+MIICHjCCAd2gAwIBAgIBAjAJBgcqhkjOOAQDMD8xCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMQ8wDQYDVQQDEwZEU0EgQ0EwHhcN
+MTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBUMQswCQYDVQQGEwJVUzEfMB0G
+A1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbRFNBIFBhcmFt
+ZXRlcnMgSW5oZXJpdGVkIENBMIGSMAkGByqGSM44BAEDgYQAAoGAdC9PddCBVyNv
+LWZjkNFCIMtDn07i9ToU0tjH6t3zsh6BmmEQQAmyelHzZvk2I3BU6OlmepSlsfQb
+MRhWXb+KGRZHkWCq+Y1FXAJLf2ezAvaPbRS5zWSQ3QyIx8RLEtG4vjKgn7lKhDPD
+q7ZCS0sy7Sk9B/gHfqL32KJWU3EqU3ujfDB6MB8GA1UdIwQYMBaAFI+Qxox06HsM
+yFnHfTxbVFlgJQuxMB0GA1UdDgQWBBRlgZ9wOoyt9kMdyOePVY7oS9uH4jAOBgNV
+HQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQF
+MAMBAf8wCQYHKoZIzjgEAwMwADAtAhRH8JjJuwWpgsURK3pfyRHlg5C32QIVAJPh
+C76tJQgAB4hw38NZTyKc6tQP
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 17 40 D3 E7 90 C7 A5 D9 5D 9E C7 97 9F FC AB DD 19 CC 36 F7 
+    friendlyName: DSA Parameters Inherited CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4582A07BDBECD705
+
+pDmXrWFfJ+/o5nvbPDvx4ixcy5zuqvwYuAIkUqfl0KbsgtnEtnbmx/Nx0PnELeTF
+CsC9BXd0ojXHd5kV/xp8iU0IT3YoKl7OZ2wzm2rKQ3EA4GhKLlJGcVjpTX1Xu78s
+Yl2qUhl/Y9UCfT8bltXeLxT3A2qJAkiGE2UC0BKz7ZRjVWeus8eSw6mjtuZxquqr
+vAwC1ridF+Xg/ENgv+NpxqXvN8alKjiBdI2t+hjyKsYjEjf+fCX8XXObLmpRru8s
+MZdn/Zxi6FODJE6lm1no+k7zc9Em+MQ3ZCcdy9ebI4ibFCf1uCzzOR+SOGUe+6Hh
+1vX9wch8GYLaCg4nZDj+TI1YxcxVP0lKhRJrvUaeiGBd61s9iqwpctGvLFGGG7zw
+eEpWnrecPtXrqAadYyK7y1SFABf9rxiyBz8VsXgeDnXK4LbK0ftkA71neFi+dXM8
+AewSr0h+K5isEQrUneGwRGohVuedL/W3PnEZEHMg20ixOm4oPBO4EpoBbb0oJVg2
++wfMFUnyil66xR3YI3uAZjh17TbFYhvx+jb5+5YF9GucBsbZxgEt9bkwHJpmjss5
+YSuS69n7MCK69o1y3cW3MA==
+-----END DSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12.pem
deleted file mode 100644
index 4084a4851c..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test12
-issuer=/C=US/O=Test Certificates/CN=Policies P3 CA
------BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDlBvbGljaWVzIFAz
-IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTEwLwYDVQQDEyhEaWZmZXJl
-bnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDEyMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCyCzdT70A8+vsLoViq8TWIYg7Eta6CLxVYgGuIT/jHnsK+
-+FbOsG9GIxdLYhdZrrlKG4cAlkpS/6K9L23KfQGiNNjQ4LaWC/geLyNeOOOrnXBk
-nMhffhtlQ4PzTnEtjtr0fUr5iNZtCZpTUSQKxvZfEL8s8HUbsiPagLV9TwXO3QID
-AQABo2swaTAfBgNVHSMEGDAWgBSOvWaPjlVlz1HkWabJKh5iv/elvDAdBgNVHQ4E
-FgQUgYdlKg2WZsyn5n9xnCVxsVRQwz4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwBDANBgkqhkiG9w0BAQUFAAOBgQA+sKsTmg7nH6jqpWTD
-0+ku3zH37P/CeNynrYlFtFA/3QZZNSeBUtmPEgSANp/iYSgpIOeqcUR+vJZhsIXT
-+0wX4SS7+hy3sHAuDmSZ7d4XXowNWmfn2MElY7INaPvTzjRY3+XIeTfMK43LglF5
-sftSt0FIy+7QSZiQwKIX35Hdig==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBJzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEIxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEXMBUGA1UEAxMOUG9saWNpZXMg
-UDMgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKzB4tlymiLVW8a6Ps0y
-porV4ZwLRY6O21qBHaMeOvMroSc49aMMmsNM5Hq1c37ETR2NROBT065S3xFyQT58
-Q+6gu30masLdypu0ewe1f4waXVKzrOrXleRrha2wyu33duzC9XoU5rLxLJUrPXjd
-F7bYw/NIHmdKb2gKdGDD5ZhlAgMBAAGjgYswgYgwHwYDVR0jBBgwFoAU+2zULYGe
-yid6ng2wPOqavIf/SeowHQYDVR0OBBYEFI69Zo+OVWXPUeRZpskqHmK/96W8MA4G
-A1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/
-BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEBBQUAA4GBAGIeHrFlfEpz
-33KeWUQrArkcbXi4ONGl0zsMAelL8FjVyZJqVjBi4/z+31K608b9FleH0H4QlO1V
-pADcQhn+/9ChWXCvHtSUuBsIPFO3WWIdgYTtmSAqxsEq3uwQIR3ku8NoMpgiak6B
-EdVSLx709Z1oHVmuqVn1fYV/0968h9fo
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8E:BD:66:8F:8E:55:65:CF:51:E4:59:A6:C9:2A:1E:62:BF:F7:A5:BC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        70:a1:09:11:c0:05:80:09:b9:cb:96:bd:30:59:49:1e:07:57:
-        d3:9b:e2:f1:41:3f:f5:f1:d7:90:67:ab:db:81:2f:1f:b6:6d:
-        b4:e5:45:ba:94:55:25:9c:e1:11:06:71:a3:dc:ed:1f:6d:eb:
-        91:33:7f:7d:1f:40:2e:1c:84:1a:c2:45:8a:26:ed:0c:a5:6f:
-        1c:00:50:99:fd:7b:d1:3a:cf:a0:1a:da:0c:f0:7a:9a:4e:b5:
-        f1:fb:90:9b:ab:54:57:1d:55:ab:b7:c3:a6:c4:27:e9:c8:6b:
-        83:28:68:cc:9e:0b:f0:99:7e:0a:f5:f2:ca:35:28:7b:78:59:
-        7c:88
------BEGIN X509 CRL-----
-MIIBOzCBpQIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFzAVBgNVBAMTDlBvbGljaWVzIFAzIENBFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBSOvWaP
-jlVlz1HkWabJKh5iv/elvDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQBw
-oQkRwAWACbnLlr0wWUkeB1fTm+LxQT/18deQZ6vbgS8ftm205UW6lFUlnOERBnGj
-3O0fbeuRM399H0AuHIQawkWKJu0MpW8cAFCZ/XvROs+gGtoM8HqaTrXx+5Cbq1RX
-HVWrt8OmxCfpyGuDKGjMngvwmX4K9fLKNSh7eFl8iA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12EE.pem
new file mode 100644
index 0000000000..9f256c30ff
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest12EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 00 D8 F9 29 B3 56 E8 17 FD 7D D0 C2 BC 92 05 FD 79 AA 2B A9 
+    friendlyName: Different Policies Test12 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test12
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P3 CA
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIBATANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEXMBUGA1UEAxMOUG9saWNp
+ZXMgUDMgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBhMQswCQYD
+VQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTExMC8GA1UE
+AxMoRGlmZmVyZW50IFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3QxMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPN0T7wjQBhGUgt53voETJXwpFYH
+7LSwR966p1DkDY/sTYGE7D/xxxxrz8FP0BPUvcAncfBKwBkEJ0ioEc7Wjgz9vnaJ
+o+tzJxiC3Ez1aRXEcEUNCYybApVy4hWAoKBqFp3sSZJjrZ97hzYkihCJEkTewMDg
+nE7Ru8WTt1JjSaplKZ5OajYdhdLGvESIOpFGMEbA4RlptpHeUjN8TU5a2E18vHfP
+yOs5tZzD3H9ZnmdKosn6RswkMO2W7gMO+nmvo4BfDnpmXgwMzBzDVoS+rW7MGVwP
+eMNNVz7h9UYlBYhRDSceAjF8DThevpzMAYfr4+g1lmdxmVT0ATXZ1OYl6FECAwEA
+AaNrMGkwHwYDVR0jBBgwFoAU2AWrLKCLw5Lcxq1qP7/zxpjl3P0wHQYDVR0OBBYE
+FMNvgVWsNk7EWKBgwL8ilshd+5PVMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAQwDQYJKoZIhvcNAQELBQADggEBAKMG4iNWYroyty8c3qaz
+37GdWGbiDQEhIQ6xJqxykoNZoi7D+ixkbH4OxT3pGB407ig84zH6rSHTgUrGh+gZ
+nrNWzDJY1qUc6NDcmH4VkoX0XpGoxqcWe3F9WV9HA1ZHY24Oa9wPTg3Srjdg9V7/
+eMe8KiObAMGy19rgrmiPX1NrhsYL+E79qfp9UpjwrSr4YWwQo8vzxwFxClAdFbK0
+eeNxr8/kn4+9Q8+z2R9L7NMpKU4nSsZdozcJBqPsmRRKDjbBxKQg1defVscbp0Wk
+i8eOL7EJYT0oljx5QMQ1o3HUDzsYGQ84MfJ7fCkLcT2kQpRR9cF743q0CZMYl4JA
+XTo=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 00 D8 F9 29 B3 56 E8 17 FD 7D D0 C2 BC 92 05 FD 79 AA 2B A9 
+    friendlyName: Different Policies Test12 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DBA3E0F11E927D17
+
+eYd1nqpaoKS3dlDv+Ge3fOtBToNio0qP5xYCCdtWRoW6cBAMGLAeU6fA+225MCD/
+cc4sDMIs+17o8sGH+CHZosLY/MJyEnM/uZELt1VbQ7vKvvz2Umkotv5HEoyk/BWX
+BK0iWlYwL6rzYZMKssKczdCpSnUB06lKAx54LsIm2Zvjk96FkD2uDyDyvq8qVzCH
+ssyjbWiybrlYVIJsqW3Q/5SnEBv+GJ6kVqPEhfILLzSgJS9mL+DdINawWTL0IIJU
+eYjxfz+McHYGP7EYyVNUpCoUmv5kojy9b93gAXXiXpskseBC7Smxiw6SSupWVcDG
+Sv8+3gIRW0P2emzaLBUf5z5y6o6++s7NMFIieMiRk/BXr9jjjXyQjmfXNb/YxHFw
+9RSn3wou5v7z6dLjgAmMiTaQdkAhsXBp+Lyg5l2Sy25K4b2TEN9WFb4VKZzg4vM8
+GdUpxlcaOQoPfSGdzqq3D9SPyzGBpflkPv3isJo3P7EL6B9fPXC6ZG7AlTWAsUIL
+v7JJvtbe02P/mVObkqINnYztAsbQT0goDA2l09Lv4QlqC0qDFv755kLCoZiUABS8
+gs6+OUmouBrog2YmmHk/WWTrzdqq1yIXSiZNztTkgkcVc76OfpspeOt2B4FEFlAj
+Vpr42EPjVYlfxUr10Eotv5UsKmpYo0bxJvH7HZMC8JOC93mw7IuLRqsIncRov+Z3
+3OkYFM1NCxSMWi9csQM03EG6gs0jG8ofeWryySKfTy5oGYDO19YrYw1/v3Ydmyj0
+0xY9oz5eoQEFjsaikfcAKJMLlfg4G8HNJsrl6WFSXxqtKn8mP+dHU9QNHLOpU48x
+t//Yw6yrRg0KajrxmCCQLhyk/qmfTYV0RBmpPtcQGPGznY+Xfro78q1gpKKkjwmC
+scxb3SHnMAZ2m3w/szPxjnKHsT8URkrYga69McNgNUtupckDrQqaIvRciIap44Oy
+pw1YBuj4YVUlsy5JjSIXuFDHts/bF4lbwgvYb9fwEaUmU94INnyaIccbxuXHB0Np
+1uFHo0Trjr4uNpWrbdk4V0SfpU9wTF/pztciVIIfjItjJJM/HWUZrvilKl6LbmA7
+OxV0S6BkO+elzNOD7GTuGvNytta3GSD74rfy2ybIFSzOU/o0AMANCfk3HHEMHJoK
+QhnC3a0P2QaPF3y7IpCNDtYd4MgQjYjO0f2IZCbbnGc8Dz8e8qV05uHaA6A8VnWT
+oAFJXrfGrGHCa6JfjQensBph7R0gi8aMSlde+MWgVuCsegHe4hwWHNR6dfuVA66z
+zp96xLgpe5nhYKheXsbNfGaa5mpfr6LqPPfgl2Ea9/IVO0QPVLsLLIrPc2mAU6Hw
+Zch6w6ncqE//Rba48b5/t/21gZhVGD5W5lrP3CDPd0qX5Y6FivVEFZIYdaMIzW74
+fdJtdoXrY0X8TqsLqWXQSyCn8hndq/QasfLBXcBHEjA/lwZ9xsaGuH5egnSDaV1M
+sTxWTAxywse94eFTxopJ4dkQ/i5gMHfEiRvsKOrgbjVVl7dMwUgg2+aIIVojxbKK
+LdITZTwfoqtKRYl1o3xsy2i7CV/ptgC1/EvL/UU5MA+kyGcBBTc9q/Hq1o/Icsp8
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3.pem
deleted file mode 100644
index 81624cdd69..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3.pem
+++ /dev/null
@@ -1,170 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P2 subCA
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBEDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBFMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAyIHN1
-YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFuj/BeKqm7wDc+UMIp7Qh
-eY7RqfB/VGqZuKUb5UNpLiXT37UrhteMqYSqBkd76l1qvhhBwRPJt9Nq2tf5slrS
-NJOAnUfF0McB9RUJMGhkITa9As3KZy0u31hre09MUaacltcuJx4irpHKUEjn+qY1
-ZdZ7NNEzH9VXWN+6lARLIQIDAQABo3wwejAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7
-J0TXNTPfmhWUxzAdBgNVHQ4EFgQU5FhKqtjykfUZF2iehQcjbgo0680wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAGilgDaBiDA1cbd6xUxAl/K5DVQ8ack+2fk1
-P8G5fTuQoQtDbWX6eA7Q/nXFXBCj2i1tmJF/q8Pzh1GU6MKQ5f7J5ibEstM1+lgb
-hidM5kd85uVTxTBL7GSS94BSfXFnNOOSWbRTyhSIZRxScCjERfnSfF8yBDRIbFGO
-ma6qPeAC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=Policies P2 subCA
------BEGIN CERTIFICATE-----
-MIICgTCCAeqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAy
-IHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowWzELMAkGA1UE
-BhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTAwLgYDVQQDEydEaWZm
-ZXJlbnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDMwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBANc03XT9xYcVcwSWI/zfZ5VWnTC4uy5WFMe8/BNL8QuP
-5xFw/xGTjgkS/ABNJJJ+a/RWsi0Q92MSeMbVNkgD0/i94SgjALWOdsg9k4LI3iH1
-ziOZ1OWKjKsJIxgCbTls+JRu7bRi4dnVYHB96WnGFVsVp9xyoS3hUYYwpCFXYLWz
-AgMBAAGjazBpMB8GA1UdIwQYMBaAFORYSqrY8pH1GRdonoUHI24KNOvNMB0GA1Ud
-DgQWBBRyOnvPdzFG1aaQtBqWQiKlfmoaPjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATACMA0GCSqGSIb3DQEBBQUAA4GBACWQn4A03gqLgppl
-ROwBGIIxHZD+wVr9BgoDJj2xwX6NaofqHfhAyVq9hDqEwylmfr0rH6m8PBAgnST0
-CnoWgQEQQ2sESHf6f/7/CTcVLlx8UQDXaTlA22nhmoJG9Y4iOdjdzhgvn/9yYySs
-aTByh3KCB3TV4q9GJw6nUNAmnoOo
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P2 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E4:58:4A:AA:D8:F2:91:F5:19:17:68:9E:85:07:23:6E:0A:34:EB:CD
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c3:6b:fd:b1:c9:49:fe:a7:76:33:87:24:1f:f7:df:41:31:b8:
-        37:15:f2:3c:ae:8e:c7:17:a1:30:ea:a6:53:99:4a:8b:a1:7c:
-        ae:c1:4e:58:81:4f:65:e2:0d:eb:a0:cc:2d:f5:a2:ba:03:ee:
-        1e:81:1c:64:3a:b1:9f:2b:d2:40:27:69:6f:32:95:fa:85:f7:
-        c8:76:8b:4b:7a:11:12:8d:7c:fa:1f:54:84:d7:ff:72:23:63:
-        46:55:0a:e4:d2:38:1d:83:2c:57:bb:60:21:dc:44:0d:6a:95:
-        11:ad:f0:b5:57:82:68:f4:20:37:f4:d7:46:93:cd:c4:c6:90:
-        fd:c1
------BEGIN X509 CRL-----
-MIIBPjCBqAIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAyIHN1YkNB
-Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBTk
-WEqq2PKR9RkXaJ6FByNuCjTrzTAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOB
-gQDDa/2xyUn+p3YzhyQf999BMbg3FfI8ro7HF6Ew6qZTmUqLoXyuwU5YgU9l4g3r
-oMwt9aK6A+4egRxkOrGfK9JAJ2lvMpX6hffIdotLehESjXz6H1SE1/9yI2NGVQrk
-0jgdgyxXu2Ah3EQNapURrfC1V4Jo9CA39NdGk83ExpD9wQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3EE.pem
new file mode 100644
index 0000000000..1862cf4545
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: BF 95 B8 E8 8F 67 D3 65 DD E4 08 43 E1 5E 46 35 4E DB B2 AC 
+    friendlyName: Different Policies Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P2 subCA
+-----BEGIN CERTIFICATE-----
+MIIDkDCCAnigAwIBAgIBATANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UEAxMRUG9saWNp
+ZXMgUDIgc3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBgMQsw
+CQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEwMC4G
+A1UEAxMnRGlmZmVyZW50IFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3QzMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2L32QT0g01F68LYjocgXqdQT
+T3dlBxvACUPsrp2+NKeweuoSK2yPKvs/QN4Ce4ox41QANy0KredM+kotXEl38eDC
+PTdSueu4Aib8XwXqNN47H0jXb3GXebDzdSdJRbrkLvV4hNYaf/PVWxtKdL/W4R7Y
+zWCisxXow4MIXFcGS29ZGcx4yReMxwZ1UCbk0Vg7lfxIIsM0AJ7mCKXWKpGAYxrl
+nAOjI1fvdD/NdEncadoeBL/Nv0wa9MA1k+EumSoPggSSZEmQJICZOJMeEiI12Lqv
+oOgbPaCkDIlpnRzk06h8D2JC1LxIxoX56lSkzQKLBBtS0X4Y0LNOqjHUr0KZYwID
+AQABo2swaTAfBgNVHSMEGDAWgBRePIRznjBwcnGYroE2GdsiDnyvAzAdBgNVHQ4E
+FgQUWCD2nzAOZgQ9p8fRaOygrwpU7vYwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOCAQEAZKkhGrleiJkNwbr5
+/sNaPHcU8EvmcsUyyxHIUoQmXOcVDAFiUxs0TVTDoopeTMD6Mw/H2HXX1EOz41dI
+MiHRWAZGKl9v1Y0t67D5aNoZly9QZxm7hkZ7O9SdC2pdE3y9xyQK4cTIafEedLLh
+2+qOIFhB8GZlU+drtdCV9SVK+1R2vcurVkTHYeOeK7Clisfo4vEdhqFNnxKtnIvu
++LXurxBQvol14NuLoOTPvysuR+K9oNogoAUZMbpy76fkDO4usRkrE3+cJb3kx/pd
+W1BlJ95+daVa30HVXq+jD1VwFyoX9wonijkfjgmk/nWBxjgeVxk/xwAdvF0qI8CH
+Ggqn5g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: BF 95 B8 E8 8F 67 D3 65 DD E4 08 43 E1 5E 46 35 4E DB B2 AC 
+    friendlyName: Different Policies Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,57D8FF98C92B6676
+
+1JVtB1HPXYvncvcKeUmtRWpZQ9fnqS4ea22mgzVZpRjqq3EuU8O2cfb0gi+ZnaUg
+sWjSUaK9nEnEnxTCHrfr7+IQAG6DcdwOYv0nH4udLEQbj2avZ0hn2XI2UGalEp3q
+vquIqtI7SLVF8U2vYc2e8XXJ6lsKv2CR+5z9mP4uL2KnwhXYz94sD3K7r9ForKo/
+TBl5lfXK5rGoYRV2PbtyX/YnACsIlj/RuCCxiTqZIxUJ0Ic4F9APYLd6yrNhe0PX
+2jahWnYkJUaAk1fn1x9X+rQiC732WvEXPcWgM644i+6u1qRGNNMmCw/kRCxXFN2E
+gLWeRpeNZYxiqzcQlDD1N61FwmRDIomCtPvMVvhhYB0N8JKyMMpSz8qEU3Q5bStG
+KYUvOsyt0dulrA9cWqSB5sLGeSIaqvVwE8BrP26m2T6D3E6BvlbD9dPpFhnAFnmI
+mrHU0nWV1x9DEEACBTVVohQ7f+235UUjXjt93aTxVaKqWv9yr6M9NozKTukoxAQI
+6rcyBwwIBpTeQwOGcb9PcROWmN7xoUqahxerxN1Ti6ePcOlXAe1RAiMV9WRrJudj
+OnQzcFHXCZ2qzYDcr1dIDPqnsLF5N6pHvMFvkYSXKd9eWT+BfOrrvCHiMGJQgsBf
+NfLBBgdomEoCwarvjt8fW6p38HZ0EpUbKtb9e+Zv+bY3W2je4t301w1zqlLbV7hT
+gmd/P/opiILDj0pg4cUmJH6IFxmeSQ2jPb7TV4uUhaJWTWaTb67FUKvijT6QGMZC
+uYxIG5dw8caYb9hlYzwI6Uy6PO609Y387QZTpi1ZdVyH392s9YdC1I4eYkYCbF5s
+pYKxCP9CFtstwe9FNnDrt8UIF2rEzlurLAgo9lUP8RTqOPKpt5jY2TZn3t9Zw//c
+LfTvOCFw1KDRhJyCjhXg1XCqxCF2JzGd+YLhoNA0feZAWdif1lvHNoHCy1ypP1V6
+ErsMpQAz4KD3k0gpVbIZYdj4nrPpSc8hRWKMSHmihanPG6VKETm4wuzL+FY6jtPa
+bSZ79R1ckie+TpCV3EEQhUkFOtFG7qWDk8Ypo0XqeN19YVo9JS5ACBpBOxkRTRZc
+8pr2CqWEEGQr4aUBe1ba4JkKV/AWOyGiVoFETO5efL0UF2JNEQgDqyEwHhfX34it
+CZrowX/1TjAYV/Jq5KrlP6PIWmKaDKge2iUJ9ED1IJdtM3LFqCTeHsi1xbnNdcHl
+h3oJAPKT+dC6+2CdZHuzPJCDXr0JHGsT/Hw0b9UlhkYRpWEYlh1owfUAeZYFz6AN
+7BkOwU/Bv1my8OmgwTu6v7X08+9kjmhG62x0c8Mj4iXy1/kIn2Wbp00pceXkwWqr
+ZTtMoVHkd0JfuSXxjAyPfUdTy6z8fPWT6SpKTLRG8B2PSKw+BpHlVkf1QxzzLgmI
+SA9VX3tfrBJ3DySTdC6AH1dVElLeIz5+Gopts7+tK7H9PQYp+6vhjO7W7r/9ePSy
+wM3SWtnLS7pm9qeNJSgRzuDa9pPue+EKlJnjypzB+Xhq8w9QROKe56oHFAQOSk4U
+NUkVhKDzT0o9vuVFbgIPKosfWYbMuB/NwfP+8miY9wqyXjOd2S6tqQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4.pem
deleted file mode 100644
index 42c902dac2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4.pem
+++ /dev/null
@@ -1,170 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=Good subCA
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgNVBAMTCkdvb2Qgc3ViQ0Ew
-HhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBbMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMDAuBgNVBAMTJ0RpZmZlcmVudCBQ
-b2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAo97r9TnN6B3H+x4fSXruIfEelkjmA4Ti1Q93FP3Op0Pfk8ybf7W8
-/meQsMFMMXAVrZ+pwfLj3YvzTspivZUbJGWA4o7r2DwkVkuXr6Rv2n3OhPlCwljb
-TAFxb5S3wOOJ53FHJw33R19R8d3B0CpxKxLK1oXQVOOu0t3UKizFJakCAwEAAaNr
-MGkwHwYDVR0jBBgwFoAUfFxpfJ3IVbEiBSlD+8R7j+rquH0wHQYDVR0OBBYEFOIy
-WsL+F3ByhN7vnBDlbJNEkZS3MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAIwDQYJKoZIhvcNAQEFBQADgYEAVoBWMI/tY2C3bNKXPdDQHwOq
-+JplKCmu37pLQlMNSVP8yssW5khRqkKYi48Jz7b21NKFN3w3/0MuV2AxjEA6ROZX
-MBwaIKyeHMRCRDJndHYU3CkOvex/eDDnLXvNxTXuda755S3qZUbhNKRZnLv1iDzH
-KN6TmIq39yQReXlNoNo=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good subCA
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBETANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA+MQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgNVBAMTCkdvb2Qgc3ViQ0EwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPPDgvwjnBtonTcZM5RPe+FqtX3glBmw
-zdb+WOm6gKoAp5euYnW2UZOOjSztJyTUKsmnK3qhKgntDjO8z/ito6Pz0Uo7zoby
-wftFeKr76K0iBIp0t2DJQ4khnA8KjIB7LJp5CKIT1rhPdrLhPbc/r+LcUTZrAfRt
-ZcQkxbznhxZxAgMBAAGjgYswgYgwHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz
-35oVlMcwHQYDVR0OBBYEFHxcaXydyFWxIgUpQ/vEe4/q6rh9MA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAM
-BgNVHSQEBTADgAEAMA0GCSqGSIb3DQEBBQUAA4GBAI8yIYi19lr+NUCxlq3CXkpZ
-TAgRtU0pqH1VbEootkv0o7apbF2cC8SHB0UDiih/yqZjqw3kHtpbBaf75KHxqoQ4
-PKqoZXt3K4rjiQooU+2cyC+mxI3uegcFjQ444R10jXwv5EqNQ4joXhz5hocJA/PF
-JGFA0gkGm2pMEBR567ka
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:7C:5C:69:7C:9D:C8:55:B1:22:05:29:43:FB:C4:7B:8F:EA:EA:B8:7D
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a1:14:35:58:41:58:4a:93:ea:8a:e7:cc:c1:be:02:22:8c:9a:
-        21:32:d6:a9:bf:1d:df:7d:60:8c:ba:f2:8c:01:a9:38:a4:94:
-        8a:6d:69:46:e5:ac:63:48:17:e5:c9:c0:de:df:13:73:c6:ec:
-        3f:b7:ed:61:a2:6c:42:d8:cf:7a:ff:3b:35:41:8a:04:c8:fe:
-        85:37:b8:7d:dc:a0:05:35:ba:e0:bb:39:c8:be:2a:79:57:82:
-        db:f1:da:21:e0:c6:54:2b:37:2a:e1:0d:82:aa:2f:47:ab:15:
-        fc:30:11:dd:52:ba:93:cf:bc:46:39:a7:94:29:7d:e0:2a:5c:
-        d4:ce
------BEGIN X509 CRL-----
-MIIBNzCBoQIBATANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgNVBAMTCkdvb2Qgc3ViQ0EXDTAxMDQx
-OTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHxcaXydyFWx
-IgUpQ/vEe4/q6rh9MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAKEUNVhB
-WEqT6ornzMG+AiKMmiEy1qm/Hd99YIy68owBqTiklIptaUblrGNIF+XJwN7fE3PG
-7D+37WGibELYz3r/OzVBigTI/oU3uH3coAU1uuC7Oci+KnlXgtvx2iHgxlQrNyrh
-DYKqL0erFfwwEd1SupPPvEY5p5QpfeAqXNTO
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4EE.pem
new file mode 100644
index 0000000000..c03b2ee55f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest4EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: E7 47 03 92 87 C2 13 AA D2 64 83 7F E3 21 B5 CE 86 91 D5 66 
+    friendlyName: Different Policies Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=Good subCA
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBDMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTETMBEGA1UEAxMKR29vZCBz
+dWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGAxCzAJBgNVBAYT
+AlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTAwLgYDVQQDEydE
+aWZmZXJlbnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxty81j9zfbcl+YtNeRrNlpCRHCO1tJ7MZ
+0EjEu8j64WkbvrzcPfxHeYAyzwduXLOORu3FJar1wJ+ZTJ4ay4ONqvTiOnnw/tLx
+KFI3aQSu4SWDl/F16bL6cfelY+B+tc2J7QoMMNQLvNGShnaefeqtS2xNQeCB8Zjk
+quY9lsQlmafVfOPxKtJA9EjnokOU9+mfnhh/ngbr24NKkT1uuRQ0Tg6sWoa7QB0V
+S+gGV6CNGEB7pJo58cCEOu7Tsxjd3q4bhazCXf4BQCtsF/MtkyFXfdkL2D+WzYzu
+XoEyQL/o/2SM4SU13PfhtrF0StEnRbvlNF5Hefxhd8SLPFRjf9uXAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFDIHLJ50XS1dKbuxeo07FVK0fUJ4MB0GA1UdDgQWBBSxPono
+OMkTA43/Ahv4n1sw3dzLdjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATACMA0GCSqGSIb3DQEBCwUAA4IBAQBiTlDMrFBwu0cpUufJeAXPXKdQ
+ohGYFCCTW2DA/T+PsQHnvRlRizHgt9kIJI6+4lqKAKmw240r1rsVecwDBd/Y++HP
+LGofEWvgA66DjnSOI45C7uJC01fu9Xhc4QJ3FGgDNHncsqFIJs/Bijol94PnPYjZ
+Tf6xUYy4pAU/CMWuc+sox34TZE9KjXgQp7JbjYHRrFWNTyDoFBQKqoechN3tWGH+
+bIRx9Ck8RT6mhkUouR2KP+d8212wOEE/6ctpFCslGXyMt7jZjcuSlYAOcRNQWhkM
+hiRoCMkvqO1yGAHvXCo+kGeHe5flqzQdcmuEknkDmPZx8XEse+XjtR5hI7D3
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E7 47 03 92 87 C2 13 AA D2 64 83 7F E3 21 B5 CE 86 91 D5 66 
+    friendlyName: Different Policies Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,78D7FC965498441D
+
+P87XTD3VLVwqhAUwYB4Ulb8Xi35NMdW+5ajmm2za5Pk99uwJ9iXEchDPEG4LRhOp
+sR9q0d7Sn3Z5cs2odT0+a6sun2ijAy4tTC7ZqDJRsW2NPzo4mbUamsLqcS9jLNAM
+8cq/RA2EdTb40bKOgherEPZmwiZYkLrGoYApUCP8uneOGZf2wVifSOSTKxysNELC
+XSlz+sISR5Nj8gfMDVtlZf2k38kUn8GE1YfJItr4ALAva66Vo4ix6YRhQqLRdw8e
+vjGoDG7gXfhQttgqr5pTaMYcrhEH4IRpeB6AIgthKZkrYXHniYL30tiCghHhdtob
+Sjoym+I4TAnZu5PgfuJeAX6xaxRlFJcZtl1/+Of4Z0w5Ap2qXB52yDp2fMzxLkOL
+A5Cu94A9XXJTVU1R54LnF2BPOFYW9pt0eKdQ4RwbxXHIpq5ik5/JVZZQb8FiRxEL
+1Oapr+339WsRdpAHbksFGfhY9IEsS4P4nfPqW08moc1ryM6aNIjr/J4XO23Qmgw1
+WMxH52fg1cR2nHWpw8NmHWGxoNi7rIC0QjUMlTZlLM1ZASWrBwY1xaNgAfO1kj6/
+BTgbHBqXq6bhTBJ8lBaQm21IfCBv4GUKyFzCnAcVtqWJiCiXP99arSyBWIqkh02K
+Hejinsb3zYgYbZrurPcWEr96LQL8hjDlrMSD8Jiw8wQzSpasvMiaexBxG3gQ0MNq
+VIkpNd2QtvdhiK7zRVdkvRv02vu4ELYPNFzCgud+aapH4Zun/QfFKrvSgmX6AoUL
+HOc2ufDHxfj6JcFoT/MvAHM11xcSANhOKB5lb1fPi+8G3BoSfoxf043+aShIPX4p
+d2xTreOmA919uhGS2zuGrvFse2xkiTFHWBXtcpX1qOLCnQ7CDvGkx9NMJpjHMpQn
+MPgcJuxHHQo3l8MdOesfs8gTnX2wTAkEEla6v5sYtGsxUfoFlUoUaElbtBkP5Xul
+imdt75jxlE6AifsZ6mw4a1XGqCU8yvkKCFleuR+6ZntfRQ617j8EAD8G0nxoAbdb
+hmUL1h7q6HxxjxrHcw4SiaeZPkEeKhxkdW1baQ1zi96obw9PGR5BBaCSVS9OQ15T
+4D3lumHaXoqJihul8xapaISU9a97ApOuJiKYsLTPyctV0gSYymlUAFhpZIVKt/vA
+7043fcoElNWwhq+FvHUtRCl+go7lftinYJyaf1mWTRumm45jxtvgsXw7eUc8qqMK
+F7rpOmSSV0jD1eEXAgcLc1l1COL4Vm7Cv+s8CzKXYAFp9HM7PbgzKc+z/frW+RYT
+pEWN+7WyufYPIcbXXtG2pkI/TfqKpPGNlUN/1NOJpssZHxGYUJZaZO8lN9eH8aE8
+ppD3bwrfB2XMY+2Qq0G0ous5pX98fWp8hsQ5BIyqP9/fZTI7PCKUN5toJqJwlvBs
+dY+7QRe9xxSpQCX5XzD+swQHuWtYPvgukpgumg1wgwxBz+GqctFbzNs24zY0NDQ/
+EHMFDdBZalY8uC5NT9j871DeJlnLhK3TNVB0zwtCid8R0fP0tV22oDJ4oyt0biE/
+ChrQlI6SVqRXaWdCjGcp5xEpiGi8aBnWlINayceaLFQ37yoESDMgjNplZCs2zuLP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5.pem
deleted file mode 100644
index bb476975c0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5.pem
+++ /dev/null
@@ -1,170 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=Policies P2 subCA2
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBATANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGzAZBgNVBAMTElBvbGljaWVzIFAy
-IHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNV
-BAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnRGlm
-ZmVyZW50IFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3Q1MIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQCwZH5VW/9MO5bUFBrHnWcQmxnLKiqHAu593o6kFZKt
-zkkYkVCA/vu0Wqgk09UeJz2jQPFuJEFYl/VdkkyS3U5TMdJBBcIHMYpmVTeTJSzP
-G+II79/nOVLpVRfuMtKclAU+oCCJb29oiXRaOFzZjzbXuU/NvSXZu24sVctBtFQA
-DQIDAQABo2swaTAfBgNVHSMEGDAWgBRx6y8V7VGl/4VJjHwa9kumm6SUBjAdBgNV
-HQ4EFgQU0BTRTBvIbX1D6I9/J/Wkp7/iGNwwDgYDVR0PAQH/BAQDAgTwMBcGA1Ud
-IAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAVgTBnKECQtHJE
-rSdkBjW41mPMbdbsbYgsl00518Qv4kS2bIsmMOB4V6kl48oIlmIql2dgUqb0QgvA
-JFFmwyLWdyUy1Ngv1H4tT2i9htTQAG7Yhx619BHqWCfqCiue49ySUsKOefY3ZYuy
-Ew2nYu2yBbFQuBajQDA+6rT6RjvF+Q==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P2 subCA2
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICgzCCAeygAwIBAgIBEjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBGMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGzAZBgNVBAMTElBvbGljaWVzIFAyIHN1
-YkNBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtLTO6yKdiF3dWPmvdMIU
-ljhMl5k5/mSISipm74fsNPvCJOAfdPJa7ZsmCH2mXZeXa5xOUPG9YzcqgSoj8YEa
-L6h9u4t40L+OyapOZKiYykXi9hoZEzCuilIIu3km9rU0jF/hTntZ5QSdE65fM5qn
-iMQnAPkod5ehi3XASsHZu9cCAwEAAaOBizCBiDAfBgNVHSMEGDAWgBS3LqaCy8LI
-vKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUcesvFe1Rpf+FSYx8GvZLppuklAYwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8E
-BTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEApvxtR+QrmkV9
-u+IYUO9+MXgIGn7U3aab9pnQfxH2Dqkx2uPGGYsw3+Md7m0+Y29god0WgGwgrmlS
-9VnFhuDw0Sks4ofgjOWCrO0gK10fO2AHzYMwxcbsaqrIPS0dIkUflnnB6vUPoz1t
-0/y853VkBY8fwZC5lSrXe1j/wkrITt4=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P2 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:71:EB:2F:15:ED:51:A5:FF:85:49:8C:7C:1A:F6:4B:A6:9B:A4:94:06
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0f:c9:61:2b:d8:db:62:52:36:67:85:d2:bf:79:00:4e:44:4c:
-        3b:2e:a1:0f:58:1d:06:1d:47:bb:2d:b2:3f:62:d5:9c:7d:da:
-        bd:34:86:5d:44:f2:ec:42:d8:cb:37:16:8d:87:d7:73:3b:d1:
-        82:e3:e9:2c:d6:db:6f:f5:f3:db:d4:11:bf:bf:aa:15:10:7a:
-        51:76:d6:56:e5:f6:27:00:54:54:87:14:e8:0f:5a:e1:5b:64:
-        16:53:de:31:1a:69:c2:6b:a5:fe:77:8c:bc:f2:42:d6:ad:84:
-        6a:f5:bb:94:16:c0:12:64:af:4a:2e:68:64:2f:f5:14:5c:b1:
-        c5:cf
------BEGIN X509 CRL-----
-MIIBPzCBqQIBATANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGzAZBgNVBAMTElBvbGljaWVzIFAyIHN1YkNB
-MhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU
-cesvFe1Rpf+FSYx8GvZLppuklAYwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQAD
-gYEAD8lhK9jbYlI2Z4XSv3kATkRMOy6hD1gdBh1Huy2yP2LVnH3avTSGXUTy7ELY
-yzcWjYfXczvRguPpLNbbb/Xz29QRv7+qFRB6UXbWVuX2JwBUVIcU6A9a4VtkFlPe
-MRppwmul/neMvPJC1q2EavW7lBbAEmSvSi5oZC/1FFyxxc8=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5EE.pem
new file mode 100644
index 0000000000..5b2666edb1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: BB 77 D6 04 86 C7 AF 5A 53 52 F6 9C AF 07 E5 C4 57 9E B2 73 
+    friendlyName: Different Policies Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P2 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEbMBkGA1UEAxMSUG9saWNp
+ZXMgUDIgc3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYDEL
+MAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMDAu
+BgNVBAMTJ0RpZmZlcmVudCBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANc7eW7KCq7KAlGjq9aqVs2M
+lsnXH8C8SqOXRofpJ0M/j53afDE0ILmH4hgoaOVhxyRcpVmcC/72sVP4gSTpAHck
+XHULhlvx5E3tUr+ki6goatM9qKTboJymwV/hmx10idGMNVWT6ejet9ji/J23RiC+
+EQ+TxjIsAF/fWdB74H4zCvPXnxRWy1CitydVL26GH8MnekOcp4njmDmIyVWrAwUF
+geTwAB3xHz6/7iA9C9W95xRCTtHXUHeMAIEdELouBZotgsP725TXCC+pm1tUvbZi
+a0P2LxR9QcMgZCsDfO7t7My49fegLLaZpJqd7V6+b/2JlJeIcNrDmmrNiopd9VkC
+AwEAAaNrMGkwHwYDVR0jBBgwFoAUFyzqA7gHd4E9ZaW/Mx/MetKY/L4wHQYDVR0O
+BBYEFJiUy7I6Fq3xRsRaizIrMbUtUg75MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAE
+EDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAB+8jMz17pv82w09
+6pJhu2R2WHjLME/wzJ5dRBzcG8tniwcSXKzravLiOVJPFIHt4K2WGHK5D06E+6yw
+VU4BLu1lvL8jsZwsmdXishdolGNpmZEdOH8X9siOUvtxmApeVnwsyKCEsc41Y4Sr
+itz2siDC2nNtvG+MtVGi4tbGBsAD2+COHFWGSqjc5nBG7RBTxJL9c2JpZ+Ln8udp
+7ccOfxSrF/LgVkdPyHj+6CvO7R57WWjcBIT2UTACl9ERGGxhAIEe0T/odhaU+9P9
++qkb4ZxyYBAuarU8/qRGzk2lAnjv0gfnurCrRCjLwh83uF9dF/eo9SF0N9/6J1bT
+OOZB0Ek=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: BB 77 D6 04 86 C7 AF 5A 53 52 F6 9C AF 07 E5 C4 57 9E B2 73 
+    friendlyName: Different Policies Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CBA4E381EE361867
+
+p9Hn+TnHC4Q+ErF33Ril0s0y84bpX+RK9zwxK1s0I/xSEneCjV9TaL7BORl8P6kB
+3+zZKnNR9jb2fqJVG3UWW+UIpjxsDsplIcn+QAbUfU7mzGwsTa3yb7K/0omItCWI
+XJvlbxhytb+zgOOZGg9ES28quIGJtXpAwEx4fLKQuXaMKsnUMFUjPt+KZTCDcsNs
+e4cM9PFk5L1w2JFckYyfe7eW0DTuNsmLH0QQqq/QkspIQXhJYeE1JTNEW9LlV9cT
+ZGTTK2JBWg7ipKX2F1OgXW2OvMKUkdTke1U95FkJh6oGD4kGgwhdtB9EnnbTrc3L
+vvEzvNCeZZaVNazhby2e/+5qPOfxhe4EPPHhtHejZdmt2xwqcRU3JjMF78zab8ro
+m5zIUdKkU0X1YLO2O6QE1yA1Hyy+AvOfT27aU4+nE8hAkZxcp4E0uG5N4IJVRKbW
+MuOWJZgEGSRI31Z5yhhthGbM7B9Su/lS8lKqTv0ZuZvwtjAZIBbLocVvjt47KTY1
+q7MHB0wlrgPUVv4zqbfkp40Mgr892Jow7gHeVTCTSbeF48zg/I2NbrDGaSMkuqee
+X6fpbXPiYMcHMMZWaBXmhqqsBB035JeAIG7cfkcJi5+6IrM3Ttg41klvdJTihrV3
+iEfJLwQcIR62Qa9OGVdanT9oJKoDhkFbO8KjI36Lj5XcJR+SvtJ4WnFI87U2vEY+
+TqL9B9M41wLPh8RPyKWXd4ppqUV5TsGvAakVFUeTlDMET/1smHC544vryJnLTdCH
+2IWJaRjqUi7oUazKvXcgEETQ4sko9F5Hgjf34OVchxUe1QZOOOUfCP4tSTtUG3AJ
+bkSTtAJ5mHviEL115RYwLbJMD5j3y10ynQkmQHQbT/v1/3zBsiUPJ4lq+ELvRSSS
+rYYileo/RTH0kp5hD0tOyJRSLXmWfhpEtccpJZOw6EBFOHs8l0RubK0kvQgCnqn5
+MxZwxP0JnL+amE1MsttK724Uo2bXcf8rInBwsuyhNobHsApli7buerVhSGn7xa7b
+EmO5GZUMEywe5SMKNMyk9L4G6G7in0tW+qrAHRbpid+BpOFmZ7hTs4hGEfDd2gbH
+NP4HuOiMMQz24ckcyPq4fPECCWYyaixxt39TbD0RSgwwQxzRj/V8OyL8+PLN1Eld
+i7ijnvpasIz1Xa1FyrynYjfU0KMRr+Xh2R2iPAR6kZxQu1Y1ORAm7Lhe2aElHiDb
+oNCcoufceGTkXB8uzMYOgH6LrtfQcrjRIZdZyvHlZPlbMsMbKokamAJNtzHuhH0T
+QDkQVtHV4ext11mf1ebSt4wKmTVTiXS79ieVHWAcxVX0OOFOQeKKfrlpY3UNxUF1
+y1rSWp879v9DyiJmy0/pVrtAXf8a4WHoU1btyAQBvFv0LL2Ta7em35ytmpYS8cst
+hUjXbUtMDha08no0jzwFLsX5SZ975ILA26E/qtP7PLcbwezb8B0VKQpsPmbp+/1m
+iyoUQaMdYo2I/lkAHj/MLjXLwZBn5jTYGtLewVNTRSFRze8doZ1JD5G1Extd0bBh
+FjKSe4WmSXZ/EO5M1ADH4JOEUnK045DCYSxPfAhuueIUulKXr8cvLw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7.pem
deleted file mode 100644
index 64913817fc..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7.pem
+++ /dev/null
@@ -1,211 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P1
-issuer=/C=US/O=Test Certificates/CN=Policies P123 subCAP12
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAx
-MjMgc3ViQ0FQMTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBPMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMT
-G1BvbGljaWVzIFAxMjMgc3Vic3ViQ0FQMTJQMTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEA3JEcFcmqBaOdX0aQIeLKgr184G8kZkUDCWXFVa8Rl8JEbH8nKumt
-oT+D502p0fAxQ/lu67/+Wz9X+0bAwkuPsCzJ1QCXR2UIRpVr1NxN7Rpz/7c6kzfL
-/DJwrly/lSBnj0R0YirNdtTRRbIo0/YEP7P2B0gorC16aSbZViLod4ECAwEAAaN8
-MHowHwYDVR0jBBgwFoAUWocIIfvckxBtmgt8x2qxaEvfVdcwHQYDVR0OBBYEFCOJ
-nPgjYULoGZabFjVqvDC9XoqCMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBE
-8ZcL9nvf0LT9xC+cY0M+u5LPMYNxkecfdmiF5H1xmtqQ+pyLB7lUIyeSE0FWSbFS
-HxkKQAkO31yPfR0lvAkmJS8uVhZf7kiMfNhK/iHQA2LE4ubMmgyfbnAidPaVhPJ/
-waAqgUmU3waTfWo4RyKCWsWN6L95KJNO3HkS5l83zg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P123 subCAP12
-issuer=/C=US/O=Test Certificates/CN=Policies P123 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAx
-MjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQswCQYDVQQG
-EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGlj
-aWVzIFAxMjMgc3ViQ0FQMTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOll
-J21WulD37Mn1rV21nTiHp+5zJm7d2iKVBk051MbS63EnC5jnUm0D6a5QJiQR8Ai2
-tuB17ppJED42WQtI7o8exytiya4Y4BvDOeGlVbVZSGgbk2vjlTzg+caDcAkVSzWD
-YMs02A14NrbFODXEyAyJ7rsOTycvQorNHm6zUBvRAgMBAAGjgYswgYgwHwYDVR0j
-BBgwFoAU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcwwHQYDVR0OBBYEFFqHCCH73JMQbZoL
-fMdqsWhL31XXMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFlAwIB
-MAEwDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAD9AiTI21pU5RaP49a5YdThygUEjL+Hvvoq4cbbg7dN3qbjYJBXUruTWyY+c
-pSqrS3q3rUlt99O+9JFqZSX8LCVRMg0yWSlwymdeY8a5EBS099ZFB+r9v4tIndk0
-r1uaX/PyEiMNd+eT8GdxBwl+Jo+AHTvuHx0G9iRwLbS5Es0u
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P1
------BEGIN CERTIFICATE-----
-MIICnDCCAgWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAx
-MjMgc3Vic3ViQ0FQMTJQMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFsxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4G
-A1UEAxMnRGlmZmVyZW50IFBvbGljaWVzIEVFIENlcnRpZmljYXRlIFRlc3Q3MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq7BLYQUkQ5JoVVov7G3lnh8JAEwYq
-LMbqpRCqw7cUk5pzpmQsxkZs6/Ucuz/aR9dCCaRZJ+YQ8GZSQ+igOWzOfGwugT2P
-1F9uHaqW5hLEm4nKD0sCR7e+SSsZcVLDu43aKeP9M9W+eIiVgBDqqO/sIiP+H9lA
-XGxBY7aZKR9PbQIDAQABo3wwejAfBgNVHSMEGDAWgBQjiZz4I2FC6BmWmxY1arww
-vV6KgjAdBgNVHQ4EFgQU8kOeHdO942r3cR78izbu/QscRBMwDgYDVR0PAQH/BAQD
-AgH2MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0G
-CSqGSIb3DQEBBQUAA4GBAB7JKK79k5557tO3m4Z6Ggwb+wna9YjHdiEEmFrP0CbG
-ydKsCOn176W5roPXJfVz4LNWRaQ1VD9hJBRNk7l7hCgrbazLj9TtrU9RrklDu54/
-tyZH3BQrH0znl+dxlEgYdfzhd0XQhMP4AGAlIzZUANHCnmjRKkqikPNXO5bMpnza
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P123 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICojCCAgugAwIBAgIBJDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEQxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UEAxMQUG9saWNpZXMg
-UDEyMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuGtVArq1otVEuN/s
-xR5XSOEfVzIms1FiprO4UReYXUDbKzmCYC6YypbEnOP2JpLQOPwAfVqLL8FV7xiS
-o+HmK25R0aK9nQGFUPX0U9o4b5NRcWFAoYBAF2GOFBNqGF6d9wBFPlijGMT8nWr5
-ahnujYSC1Emy88N4hkp1fj4o7yMCAwEAAaOBpzCBpDAfBgNVHSMEGDAWgBT7bNQt
-gZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcww
-DgYDVR0PAQH/BAQDAgEGMDMGA1UdIAQsMCowDAYKYIZIAWUDAgEwATAMBgpghkgB
-ZQMCATACMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTAD
-gAEAMA0GCSqGSIb3DQEBBQUAA4GBAHcVVBwhebD5vRKleXMh71kleQIL8QOQFpHM
-jVYS/KJiBsVUTebOeONSU0cuPmzomEkpLyYPz8cDroidExtxGEpkKgYBGi1c5ext
-cDUGFsTWENTFFWjZ7xA56XUtGd8alXJfY0v6QSHqoYFosJvoqU2bjX6jqQVK5HbY
-kko1SxlW
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D0:BF:CD:9B:DF:F1:91:FD:82:87:5A:10:CF:90:AF:8B:BC:F2:C5:CC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        81:c2:63:b3:65:bd:c4:2d:98:7c:e0:85:dd:5f:07:d7:b4:1b:
-        7a:64:a7:7f:60:3d:62:3a:70:af:d5:97:23:23:9a:48:e3:b7:
-        8b:c0:3d:43:c1:66:e8:24:db:ed:a9:ab:0a:70:51:d8:7d:65:
-        92:ea:e9:6f:cb:96:8e:3b:cf:94:e9:9c:d2:27:54:29:8c:81:
-        84:1d:a6:22:65:85:46:70:07:da:1d:e9:79:9f:e7:3c:4e:96:
-        1b:11:d9:08:ec:f7:95:15:c9:db:8d:a7:17:16:3e:76:bb:41:
-        98:15:94:b3:1a:19:6f:1e:dc:10:24:c8:ae:bc:38:93:c5:04:
-        ef:9d
------BEGIN X509 CRL-----
-MIIBPTCBpwIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAxMjMgQ0EX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNC/
-zZvf8ZH9godaEM+Qr4u88sXMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AIHCY7NlvcQtmHzghd1fB9e0G3pkp39gPWI6cK/VlyMjmkjjt4vAPUPBZugk2+2p
-qwpwUdh9ZZLq6W/Llo47z5TpnNInVCmMgYQdpiJlhUZwB9od6Xmf5zxOlhsR2Qjs
-95UVyduNpxcWPna7QZgVlLMaGW8e3BAkyK68OJPFBO+d
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 subCAP12
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5A:87:08:21:FB:DC:93:10:6D:9A:0B:7C:C7:6A:B1:68:4B:DF:55:D7
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        67:b8:b5:f3:01:89:95:0b:52:9b:23:ed:15:82:33:84:16:99:
-        d5:19:f9:2a:ba:7a:1a:fd:61:2e:32:9b:bf:50:d0:02:cc:b8:
-        5e:0c:f9:8f:7d:6b:d7:ce:29:7d:cd:9a:0d:01:4a:c9:ef:38:
-        13:2e:a6:46:a5:13:4a:ba:01:58:71:13:21:6a:52:1a:e5:2f:
-        c8:58:ba:dd:bb:b5:18:3e:a0:5b:94:3a:96:d0:47:05:fa:a4:
-        84:37:c0:e4:5a:42:31:19:c3:86:cc:42:90:32:85:aa:e4:70:
-        23:e2:cf:eb:fe:f3:fe:e0:83:17:bc:c4:15:07:0f:b8:c0:d9:
-        57:d2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAxMjMgc3Vi
-Q0FQMTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFFqHCCH73JMQbZoLfMdqsWhL31XXMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAGe4tfMBiZULUpsj7RWCM4QWmdUZ+Sq6ehr9YS4ym79Q0ALMuF4M+Y99
-a9fOKX3Nmg0BSsnvOBMupkalE0q6AVhxEyFqUhrlL8hYut27tRg+oFuUOpbQRwX6
-pIQ3wORaQjEZw4bMQpAyharkcCPiz+v+8/7ggxe8xBUHD7jA2VfS
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:23:89:9C:F8:23:61:42:E8:19:96:9B:16:35:6A:BC:30:BD:5E:8A:82
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        38:53:72:c0:cb:e3:f9:84:7d:49:58:c4:73:96:61:3f:7d:1a:
-        78:47:82:fa:be:2b:9a:55:99:d4:73:ad:49:14:9d:a3:3c:5e:
-        99:66:20:f4:df:d9:c3:d3:03:61:75:0d:18:f6:c4:b8:29:0f:
-        e7:e3:e9:37:f3:0d:e0:74:a0:ef:8e:9f:fa:12:18:20:a2:8a:
-        3a:bb:72:e6:20:4f:2a:2b:7f:22:5d:56:01:e8:fb:76:fd:62:
-        44:16:83:a8:7e:53:4d:6a:4a:0c:94:10:64:85:02:07:1d:d3:
-        28:57:9f:e7:57:65:99:37:99:f4:52:ae:de:5e:4f:5c:e9:08:
-        f2:cc
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAxMjMgc3Vi
-c3ViQ0FQMTJQMRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUI4mc+CNhQugZlpsWNWq8ML1eioIwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAOFNywMvj+YR9SVjEc5ZhP30aeEeC+r4rmlWZ1HOtSRSdozxe
-mWYg9N/Zw9MDYXUNGPbEuCkP5+PpN/MN4HSg746f+hIYIKKKOrty5iBPKit/Il1W
-Aej7dv1iRBaDqH5TTWpKDJQQZIUCBx3TKFef51dlmTeZ9FKu3l5PXOkI8sw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7EE.pem
new file mode 100644
index 0000000000..37fd72a219
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E3 C8 85 A5 89 54 F8 7A 74 DA 95 B7 7D 60 D7 81 41 5E 30 A6 
+    friendlyName: Different Policies Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 subsubCAP12P1
+-----BEGIN CERTIFICATE-----
+MIIDqzCCApOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbUG9saWNp
+ZXMgUDEyMyBzdWJzdWJDQVAxMlAxMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowYDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExMDAuBgNVBAMTJ0RpZmZlcmVudCBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALX5qIQqd/Uw
+7MRg2gQjHoTe735/Mxlza2yZGICgJIvj2V7auQHGGXTgsFg1rWaJUXJMGGql2z07
+xZa7WLruITA+1kU1BZ87zY4aifFG/WvgItXFhtDB+OT4kSEJZiNWOg8996AwuhcV
+6w8pZ0cm7idgb/gMJ6lbeI5DN04of9ojxKbuq6JzLKLLxLQmha1XC2PqSUHOHiS3
+yfX9hElPnrORJGjnDZ03p/l8eIb/J8s+L9osoqQ363Km837bdxuioYv42D4YHHLy
+lBm9vTuxd7R234qTINJ7jOSg43/0DPg0gO8gMfZ12JRvy+DyP+Askl7RDGMuxTRq
+z8moPGpV1TkCAwEAAaN8MHowHwYDVR0jBBgwFoAU5Bs+RrfmyKnY7dEzfwXh8V0S
+JMIwHQYDVR0OBBYEFJn4esVCw8dzBLgHq2Sp4l01/p9yMA8GA1UdEwEB/wQFMAMB
+Af8wFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMA4GA1UdDwEB/wQEAwIB9jANBgkq
+hkiG9w0BAQsFAAOCAQEAfzbl1OcrDaD7SGeIH23hl+fmPWKKJhbP6QUM9NRGHVIr
+FaxxdfvL1YJrU5Y4zcqK0O2pYespDfNRJOFJMVAoOzwWrhi4f9lkZIiEaUyIppXP
+mDpI2UQeru/mvOrMvuvd9/FeKi2KtqyxNHCJgj3Z9pdYPUv3pad7cdIILVV3jRbz
+YPS4WguwQhCEEw3ft9D+B2PXMSPhvEBNfAUC0xan6yODR1XjgIihkLuiQe/80Bql
+d5EX0ib/SO9JK/7ybfssFcmxzjas+0geZyg2gDP4H1J1PBoZLw6SXTJ4DO6CIud0
+EhNY3lZQpWUlN7CXlAJiqiQ4tPDto9XZcQJ4S2nHJQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E3 C8 85 A5 89 54 F8 7A 74 DA 95 B7 7D 60 D7 81 41 5E 30 A6 
+    friendlyName: Different Policies Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C81C50A3417BD7AC
+
+35uZCwoHIukL6Eoc7HT9txdqgFWZO7UvF2/K1+AU8WplGZAL/D62oWsT+xlEOrug
+FsGiIH/6GpVkF/8NOB2nlWAVv4F6hkDdzfFRIt4vJJmQlGZnG5YKpMfmm95ZnFre
+TE5l3eGnZyhEUK++4Bfq3GwN3AHMV9QSKSjq+EY3D00yaThjWJw3D8YHvXjSIAFz
+gQq6PY9YjtrTFbTgwYo5C7VscvMEhClQs4awU8lBKzt8SFQJVnrG6c8TrQDCq8T5
+N7jNbraxlX0A68djM1ZtisIOTJ5ZoiamshSBU6RFoxPPo714AcSeAYd8dy/7AzAC
+o9FGqxjQe5vRu7OBDTVvKez9hqVgQhEoXBYFDGq1ztRdbBSPc8osXSOlrh+TZjWf
+BrMBznxsP5I07MNaRteQpfFZVQCyIbaeyMO7u5Vb65RNvl/KBoVrN/mu6ONoWInY
++cJBxeA9T9TJmHkA+X1ljR9ofdiRG6C1TQx3XSy5BS7ABaO5RfJpk3tDokAZLB6k
+GnQGu1qfaERGPhOgmejatEs8YKHbUss4jFTzehteJzC9YTvjnd6azAQ1ig2/i0ki
+9PZ1if7o+LkQ9otIM9PzHK04VMf5kv9OgfYSFOTx3wZXisj6kplBgEFl5owKzNHZ
+uAQd/hdPvZU9Cg2MjOnnQg0N6w6ld9GFyVmBWqStibYxLu7z5XrmGrhy5o4C+zTw
+PUjUxKW15GgG3StbOPD/IEgMPOJYgBMZiIM/9kJ1PfmSCVVc4gsKeqTsLsMDzKMM
+QwgAz5Ay1fsJBefxv46KGnubeVPJ427UcUUOMQIajrP6zdKRkPDY1H10l2SV7Jgh
+MQV3lO032PkT/bj+DyXSUnnj5Lr9T/zvPYMml+Rws+P6HFkq1o3VaMxt2p1hHkLY
+ytjaGOsvwGGhIRom0zFsZx39elkG88hqQS46yjR+sV19k+TozKgWwd34LxYhejE+
+qtMa1tunKwJPk7x8zZZRS9X402ZCuds9/6knwlMBtIiSjW3wLv2wYJxyZoyljZ1o
+jUjLzG89VwbLGigf+MZxBMvCH242Gbt8TeyquMTZgX9soXVxqiItzH+jWpEoq8Dp
+CkNOa8bpxFi2ff2hNmfejFB+qdYEWX6Bha4wvXtazSySwKgQjzZZ2++UHOuH+k+v
+/7M7GutB1ZEzsGIErH0FUPKORFHAFR8bbW0GYz3Lxr264HW1JQL31+WDGMUfiRLG
+iI6uwn5ZoCxfjaQ7NKgjlGQsmplDCEeiOEjQEypYdNE01pv5vhIdF9BOGjFVq+Ud
+wnrLYQqk1v1EucB/sb8IatsHu+eQDS4kIRJBlxiMKSNc0uEVqBDBGnE5QXOb2fKi
+pCw7dkdVjgsl92ZJpAhUOQ1KVNTMQku2hi+cCJXtHes8+DcB6G5saJHrNoZBi85O
+gtJQOVbhTqdLke3/6ZuAt3aJHGhUDosQGKAsM7UFJWJWYau5AfA+oiqwtkwF9PxT
+RIrjwmgEMU1xqxssAGvwQFYOXs5IsA4BZg5fL6aTiJFfRWc9nrsrwod7ddU9dPOx
+TbblMBSQCMWjuLIgYXfYx2FHGjdJ1VZKosl4EG3h4rVdtTxrFkP6jza1fgGyJbkq
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8.pem
deleted file mode 100644
index 0468f302f0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8.pem
+++ /dev/null
@@ -1,210 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P12 subCAP1
-issuer=/C=US/O=Test Certificates/CN=Policies P12 CA
------BEGIN CERTIFICATE-----
-MIICfTCCAeagAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAx
-MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUUG9saWNp
-ZXMgUDEyIHN1YkNBUDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKniBOhW
-3+GUH9cLSjfU8TnmUuKC8zu+bx+7Vd8N20wFU83y33ReAvzS9j5mBAT6qqLMg52i
-t5h4ni8MAttxqQivCwZR6U+Mg2KMdHEAbvTp8ya69ZdGzc8StBaJ1OIIRHtRicl2
-Ek85wzHazjfWPtmnO0EaIzJImL3U24pAKDq3AgMBAAGjfDB6MB8GA1UdIwQYMBaA
-FADjZemB1Ia5xx3n8zM5Bl5MEaX5MB0GA1UdDgQWBBRCiBzBeLdD2gCvvd66Q6fl
-tWH/8jAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
-A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAYKVZU12G6lcEkxyRYlMJ
-umN4xtytcDe50I4AFgMJlgCcLvupgFN+5QWwSGtdBpSrN3lDBFTUQ/ZrAL3O4nzA
-HaKM6LaBCQS1//FE6qbi2UvRHfp8RoYUH4hM1nzTb7/Za0wsWTwegcz1uOZ4aLQ5
-M7QKfWfzax6EarTJ4jorUQA=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P12 subsubCAP1P2
-issuer=/C=US/O=Test Certificates/CN=Policies P12 subCAP1
------BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFBvbGljaWVzIFAx
-MiBzdWJDQVAxMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTTELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQDExlQ
-b2xpY2llcyBQMTIgc3Vic3ViQ0FQMVAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQCgzy2UzpvEK8JSY1wMRMaoYi/MuP+Hkmtwerm88lsIWe07HlT55nuxjp5/
-vSPZEgCYm+wk0AU87yD2n6OkCJn+oUVbeucGoJSwuTEs7HK0YZq+RyYdzcoZ7Z4Z
-EzNUC2I+vPj01u9NL0XBZLJ7g5h6Au8d3zGEkn6bEPk565LiewIDAQABo3wwejAf
-BgNVHSMEGDAWgBRCiBzBeLdD2gCvvd66Q6fltWH/8jAdBgNVHQ4EFgQUZ+UNjYxs
-KrtVbS3oIqoES3MriCowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI
-AWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAESq+2Cg
-vywkdxLqsugNl7K/+BK8s0yadUr/Q/DZKPALlPRaVW7GzKJ7aCGw1xRiMmkV5Z1Z
-UjSdHXTJetXdNpCfjpVnnrAB9DjkA7RrKI1KTPxhnywtwQNTpD4gceRP6icRwaN6
-7Y/GlL6Fi1LbuHlGF94I9XchvB1mTQ0PF52O
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBJTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPUG9saWNpZXMg
-UDEyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5unCMuN8PuVFWbqxO
-/wnIQsciPiEo1GoKWjM6+kb9l3h6wWyWYwmst2c158qcJLY9PxaUMhqQd/SY0Tt9
-WlHXVcE8rMoWSGmFxfK33UpeCtqwz9ugPSWwZkqx2lI/0ozQXgjYb0J9/EoKw1O0
-CxxrdQdPQkyLD4Uxe87/MlpzsQIDAQABo4GZMIGWMB8GA1UdIwQYMBaAFPts1C2B
-nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQA42XpgdSGuccd5/MzOQZeTBGl+TAO
-BgNVHQ8BAf8EBAMCAQYwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFl
-AwIBMAIwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEB
-BQUAA4GBABX9GMyAC90FH8BvpnNh6SDn2MIT7iINc4/9u64d1dxEhqogqcR58khK
-btHyx8YrgbCcqUNS4Xs7ckW5k2VNAd9dG0Chc0uk6rwkv+sD1/zJi8LIGd/3cFjk
-biIVYqPxb7WpKqo97V+43tMFsTqJNBSh+6W14vlP55+Ep5IlxcOm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=Policies P12 subsubCAP1P2
------BEGIN CERTIFICATE-----
-MIICmjCCAgOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVBvbGljaWVzIFAx
-MiBzdWJzdWJDQVAxUDIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBb
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMDAuBgNV
-BAMTJ0RpZmZlcmVudCBQb2xpY2llcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxJrMY6Ju+VhfX1vaWidfiPUdCuUMy5lF
-7s2Vle2r9FOQQ8se76y2jPKssqb3XIIG+VLRlS5GMp8T4t6VgLtE+gqb4mcBuIdV
-KMwJtDrYnfNFML4yyCKSvh51ionton2akkJGnJ2POvQ4z7sLXrKKCKcGTWvbVqej
-BwfkNvwk9KcCAwEAAaN8MHowHwYDVR0jBBgwFoAUZ+UNjYxsKrtVbS3oIqoES3Mr
-iCowHQYDVR0OBBYEFOEf7/tJiP53/PPTMiuw+1ENh3KRMA4GA1UdDwEB/wQEAwIB
-9jAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDwYDVR0TAQH/BAUwAwEB/zANBgkq
-hkiG9w0BAQUFAAOBgQAkAFezJ/Jf3nv9Kuw+VwXEuX91e8e8wClFff+eY0Af+kXl
-fvUJnXN2TOh1iBU8C21WkavgIS9o8grJb3hbDpS03Yodnt/0151BiCMdLQI02sFK
-mHABJwiZZlLj7peF4avVV4Piw4arjXD7Z1bKYlHOZeTHF1hgS/XINAc8IUsfDQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:00:E3:65:E9:81:D4:86:B9:C7:1D:E7:F3:33:39:06:5E:4C:11:A5:F9
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a2:21:e6:6b:0b:99:66:79:2d:86:a7:9b:cd:37:9b:4d:73:1f:
-        df:91:63:c4:de:55:15:53:b0:32:ac:c8:3c:bd:96:aa:ae:c9:
-        4f:b2:7c:9d:40:d7:f4:5d:99:8e:fa:2b:44:2d:75:ef:01:38:
-        86:c8:59:ae:e4:62:e4:83:b4:73:03:34:d1:7f:52:bc:3d:bb:
-        77:7e:7c:c9:41:09:4c:08:4f:a9:7f:d9:d9:0f:bc:46:9d:05:
-        70:2f:66:0b:d4:0d:80:ec:11:83:4e:1b:90:95:ad:86:02:77:
-        e8:19:aa:a6:48:29:a3:9f:36:c3:ec:9a:f5:a4:9a:0b:f5:11:
-        1d:72
------BEGIN X509 CRL-----
-MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAxMiBDQRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUAONl
-6YHUhrnHHefzMzkGXkwRpfkwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-oiHmawuZZnkthqebzTebTXMf35FjxN5VFVOwMqzIPL2Wqq7JT7J8nUDX9F2Zjvor
-RC117wE4hshZruRi5IO0cwM00X9SvD27d358yUEJTAhPqX/Z2Q+8Rp0FcC9mC9QN
-gOwRg04bkJWthgJ36Bmqpkgpo582w+ya9aSaC/URHXI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P12 subCAP1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:42:88:1C:C1:78:B7:43:DA:00:AF:BD:DE:BA:43:A7:E5:B5:61:FF:F2
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        38:85:fb:83:ec:f4:d5:e4:42:27:68:d3:d6:5f:c9:d5:60:4a:
-        fc:33:39:94:ce:d9:28:71:4e:fe:aa:e6:61:05:6b:1c:42:96:
-        56:40:e4:48:e6:96:65:21:17:f2:e6:8e:69:50:6f:44:8f:33:
-        a3:8c:28:e9:f5:85:d6:de:55:bb:03:30:02:eb:bc:49:70:3b:
-        bb:12:c6:f0:8c:8e:d6:5f:3f:30:aa:58:a9:6a:4e:3e:46:a1:
-        f6:76:e7:a8:7d:28:e8:d8:44:32:58:76:88:f0:05:5f:37:27:
-        03:28:e0:b3:88:c3:75:41:50:81:c2:fe:04:22:be:ea:4a:2b:
-        fc:a1
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFBvbGljaWVzIFAxMiBzdWJD
-QVAxFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRCiBzBeLdD2gCvvd66Q6fltWH/8jAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQA4hfuD7PTV5EInaNPWX8nVYEr8MzmUztkocU7+quZhBWscQpZWQORI5pZl
-IRfy5o5pUG9EjzOjjCjp9YXW3lW7AzAC67xJcDu7EsbwjI7WXz8wqlipak4+RqH2
-dueofSjo2EQyWHaI8AVfNycDKOCziMN1QVCBwv4EIr7qSiv8oQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P12 subsubCAP1P2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:67:E5:0D:8D:8C:6C:2A:BB:55:6D:2D:E8:22:AA:04:4B:73:2B:88:2A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        25:a2:e2:75:db:ff:f0:10:9c:e2:59:90:7c:f9:c6:8e:63:cc:
-        d4:d1:19:7e:d4:97:09:0e:ea:09:59:88:13:b4:ec:07:f9:58:
-        7d:fd:87:4e:85:00:16:e2:e4:54:c3:ec:fe:0e:bf:f3:ab:59:
-        af:49:e4:97:ba:c2:df:6e:45:e9:4f:e9:0e:4a:07:41:85:8e:
-        f5:7c:da:c7:21:73:33:37:ff:e1:e0:fc:ae:98:29:f6:04:2d:
-        d1:4b:54:a4:fb:ee:17:ae:4d:73:b9:ff:ca:6e:6d:56:c3:27:
-        d8:d2:b4:d5:9c:c6:3d:40:48:f9:37:8d:2f:22:bb:55:4f:84:
-        07:65
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVBvbGljaWVzIFAxMiBzdWJz
-dWJDQVAxUDIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFGflDY2MbCq7VW0t6CKqBEtzK4gqMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBACWi4nXb//AQnOJZkHz5xo5jzNTRGX7UlwkO6glZiBO07Af5WH39
-h06FABbi5FTD7P4Ov/OrWa9J5Je6wt9uRelP6Q5KB0GFjvV82schczM3/+Hg/K6Y
-KfYELdFLVKT77heuTXO5/8pubVbDJ9jStNWcxj1ASPk3jS8iu1VPhAdl
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8EE.pem
new file mode 100644
index 0000000000..768abb6848
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B0 E5 E0 9E 85 E8 D6 CB 4B DC EE DE 28 1C 24 C5 7D 32 B6 7A 
+    friendlyName: Different Policies Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P12 subsubCAP1P2
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZUG9saWNp
+ZXMgUDEyIHN1YnN1YkNBUDFQMjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMGAxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMTAwLgYDVQQDEydEaWZmZXJlbnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUg
+VGVzdDgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBmcAEklgPYV1v
+LOS3HNnWEIU4xixNfJqIAwV8nqXrQx7a0eymXeQ7ijyCkGPTOG+X5SHl7MT1EYun
+ASdRHbAgauU8IMhcG3a9GW6cP1uT04cHpS5WJ9SU71MDPRmLN9YorypgZP3ZxqIm
+Jp4g1KWYqwqegJ26wu+8JpmFFhj79MYGRmbM9TisxgPZP0kyJroYcSrdNJMXOXaU
+bmsJpQwwuzuDn4NtH+nTpaHx7ab2BKyqKYKyxkFLmr84YbD9Hqa9/czLJGF0Tf+u
+IUwenhHylbsWRlHirRA0FqHagTIl1O9+ptNsYcQGtYKE4mqMtRohd3GMgKqJx7IK
+yjG9uSWHAgMBAAGjfDB6MB8GA1UdIwQYMBaAFMelN6fQ+iTlfN/b8l1p2+7K9pnu
+MB0GA1UdDgQWBBQXoW+qF2xTgQ0UHV2q7B8e9Jbn9DAPBgNVHRMBAf8EBTADAQH/
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjAOBgNVHQ8BAf8EBAMCAfYwDQYJKoZI
+hvcNAQELBQADggEBAASApMwfhokiI14ONWgsD8Q0fVCOMZAHpFBEFWWsI7FPtyPR
+sLVIdpHCBg1CqlW8hM9EMOa8IGBlN/rfsX/EbWFtOTUD5VNXG7HD9qfexVdddf01
+hqyLKW6IQUZdiGy8ljN2nuLN5kjrv6EaAYbbcrfgkrSiB1dNMvSG0ZCZfALNXAl8
+5ny4g1l6uvzGmb6k3O6F6s1NOMpJuUpHlgZ9Ggd6NZG61vpYDSMHzknfduvzbHhy
+r5A57ceLPfJrCzdGXNhKhtIrq63zfkIFCC8MygAWcySXN3HtxcHu7QTz4M3rVID6
+tVUg+PqT+oteuGr6tqeJpZwM4xZk9VabHaVr4i0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B0 E5 E0 9E 85 E8 D6 CB 4B DC EE DE 28 1C 24 C5 7D 32 B6 7A 
+    friendlyName: Different Policies Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0FB51308505B1026
+
+tYU/hbHcZnDlwz+bcFhFWFNLw8Ha/+9Rg+i9j1SaFMEQAWkj/tBkhoXKd3+8F/IQ
+gIonTU2u3keet25wJueGZnryg8c/tGAcWaZby36qIA6Q2BFK8UYu1NsRKKGMJF+V
+RQ2W0NuHNCfvM8J//9BmFggNtK/IDWa9KgbDstIJW70Q3Y4pJdrgSiiR4+nj0G/4
+oxH+rIy9Wds+8BgacJkwbPSVgzNjFwlxDZHefOeA6kUBcp9G6ZhnoAv0C4IBL2nH
+rIGzuyJuZ4ziU7I2D6ABGdzc0kcLqbP3D4d7iVILh7Bn2P1RWqmnzwHmFO3Obcvm
+e7amM0y2KCQyPqrtCXB+1a5jBsYE/KI4w7Ckp1X4ZylFx8gNgW4OHJHoHBor6nss
+rb+sL8sRviary3nbtUFIjWSHxDaebo7m4nP32dk7k3fd+EKq3FegSCLeUpbhk0+L
+dw/Gn0xWJIgrMcHgYYil+h+VKIJ8zhLY2BmRb1u8uGcGzKh7XkKLP1tBuzxdmwa8
+gLfpBeqT+4GAxFb1CeiTgoBoJSci0taRyNa8+BAtiVfZTf1NgAneqvK0ElpmAu6F
+H3cH1H+Suq+rL0nBDKtY6VwTZsSAigYVky4ZI6lGKUFT+qilK6V0TqTWNfTJ+Cxg
+RqK8jESxzRWWkF7cXe7FCEuUiBIQPjEp4CJiv5pfVfUoFpIF2yWw29MxmlZvb1g2
+xAaY7m6jjXuHovWMzKJfc1bXCW3uq02hTlk5NHcJtnSOYok1tZ+YjmJU1Uv8wKYF
+A3IzGAqUMQUjIxYNQDe3Osy90tqKnqjX9FrwRi58cpdWu4vejPp91mnWuvGvfdBQ
+FIi3m6hUFTCIN8bZXwBswEjCcztjWgPCDBthLST1B2MKgdHHbSQ15L6o8njMvN4j
+zeufk1L5/+RaBPvKtaE5Oa542DdZIMOSx6u9FeZ7PtPqw8bU8JfMqvt9iP1SPvvo
+55OC8Nmxv+liwEgZ6bK3PwBGJDBEutgNvrlh8LC9DxYh3Xp+DTdeZHLljr6FWmWq
+f2gGHh5lP0L2bLLVk8rioiTy/SYaX0ik96cBzAyy4IUMIbfFB8B0zYNyP8YSbDHD
+gnk39nwpDHm7LaT3LL8zg+8nSSAnXdJonjOCV8s1f5At2Gg0JJXx197FlH8S/tIm
+VLe49xTMs4MsXgW7Yn7Pe+obc8P5GkYBaprXW7b3JTpox8AhTJPXcwIXs3CorosN
+yTdDunGLXbSFIUdA/xEzJOfiuOaiBTk7ippGeT+2ZgMVRvaztnH2hcgAjTJ0I3t0
+HYu4Ax1y3w+q+x5viRvDbC2zQF1Mpl041dvwngI0kevx7p/BOdZaslZiAwVm0k8m
+1+KZFkVTxa06uVCOas3LnaxF49NOrLnW0dVLJPVl85ucPpZp5y7wKV9Z2lSNF2m8
+hBbVT7JV+gQjJC9l1CFbtzTNV54XHEsNYptv73/JkdVz5IBOylfrY7QzILF47BYG
+ecmTZqvFuNS0bFSyev5OEL4ZtQoA6Bvnpmq0+prtQ4lbyahCBmXaCaF8xATLbVB6
+wwOMl2DL64fIIAtNzq2tDE5oqWr5T8+9t3jp8jdeMVTn8D7vK11HKg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9.pem
deleted file mode 100644
index 4b2ed859a9..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9.pem
+++ /dev/null
@@ -1,263 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P2
-issuer=/C=US/O=Test Certificates/CN=Policies P123 subCAP12
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAx
-MjMgc3ViQ0FQMTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBPMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMT
-G1BvbGljaWVzIFAxMjMgc3Vic3ViQ0FQMTJQMjCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEA/QzSHTVMWeTWiSZ9qa++M+UWF0AfCPT9oTdaLUwN0Tnb845G4Jh5
-Ov5u75dfUmAmvRM1brlhZoYZZa3cBvQP+1YoAOosVY1qy4xX/6OE2zqM45IRhyLd
-VlAJ2WJ96jOpb/HV3vodX2vjDndDMMxKRXd0WIHzbC/aZGzWYXwUvfkCAwEAAaN8
-MHowHwYDVR0jBBgwFoAUWocIIfvckxBtmgt8x2qxaEvfVdcwHQYDVR0OBBYEFIvs
-OfOjrm45cGR/aCtNVJAsjgXAMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCg
-uNxU4/XUIM6O0+DSr6607Epm4PaQEAnvLsgMdHGHCLXL0mwL/9sNnSXGQg08zVpa
-k5RjmIGMD+UcMJ28kArNA9u3q4QNB5OXZtrhoPTGhBaBtwR3rL2ZEvQxUw67t2wV
-TpBcguqwCt7IIuNbBOoN3Uilox3T4WptJ/A7+zW8oA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P123 subCAP12
-issuer=/C=US/O=Test Certificates/CN=Policies P123 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAx
-MjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQswCQYDVQQG
-EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGlj
-aWVzIFAxMjMgc3ViQ0FQMTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOll
-J21WulD37Mn1rV21nTiHp+5zJm7d2iKVBk051MbS63EnC5jnUm0D6a5QJiQR8Ai2
-tuB17ppJED42WQtI7o8exytiya4Y4BvDOeGlVbVZSGgbk2vjlTzg+caDcAkVSzWD
-YMs02A14NrbFODXEyAyJ7rsOTycvQorNHm6zUBvRAgMBAAGjgYswgYgwHwYDVR0j
-BBgwFoAU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcwwHQYDVR0OBBYEFFqHCCH73JMQbZoL
-fMdqsWhL31XXMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFlAwIB
-MAEwDAYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAD9AiTI21pU5RaP49a5YdThygUEjL+Hvvoq4cbbg7dN3qbjYJBXUruTWyY+c
-pSqrS3q3rUlt99O+9JFqZSX8LCVRMg0yWSlwymdeY8a5EBS099ZFB+r9v4tIndk0
-r1uaX/PyEiMNd+eT8GdxBwl+Jo+AHTvuHx0G9iRwLbS5Es0u
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Different Policies EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=Policies P123 subsubsubCAP12P2P1
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIFBvbGljaWVzIFAx
-MjMgc3Vic3Vic3ViQ0FQMTJQMlAxMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0
-NTcyMFowWzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVz
-MTAwLgYDVQQDEydEaWZmZXJlbnQgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKiBlSODZy8jLC4WxxNVbFCA
-SbxY2A4DLV2OXhCjWmUmHQvZhiXk2p/wQCX/9VMcX7XRH9a3JLM9l6ZSEIGVT6lO
-R55lGOjNfpF8x+pGe/t0yPB/6ntPn5e9ZSNhDJDoYkJHfdplTFu2AZLbaVPlysXL
-AoO69sbnDPVxAjxFX2zLAgMBAAGjazBpMB8GA1UdIwQYMBaAFNMqu/C1V0GVUt3P
-qLuSnOARbnO8MB0GA1UdDgQWBBQg7JO9uU0ScBZcuzznmEWH36QRTzAOBgNVHQ8B
-Af8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUA
-A4GBAEeaZ7Bsae+J0lNKAzqJhR4MHfT/5SBBazWGVSwIbpWl02esU9RtrStOTA8d
-zcMp2eLg3KDI+XRsYkxFb+fmJDckIYhGk2g3B9kW1a24k8DetYIqOXtFvleJ55dG
-iROwoCaH8/bW75CMK0alSXqJCAnTq+Pbg5i0nPX0ShJlSjAf
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P123 subsubsubCAP12P2P1
-issuer=/C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P2
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAx
-MjMgc3Vic3ViQ0FQMTJQMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFQxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEpMCcG
-A1UEAxMgUG9saWNpZXMgUDEyMyBzdWJzdWJzdWJDQVAxMlAyUDEwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAMa9AAnNzFuqJqv1OdC4F1PtY4Lqcc+JJQBnnaIi
-roTN/plb6fUL5m/SFbfSZnf/qQbYUkosko2p0cdF5VrblaCvx7vB6l12at9Zskn4
-wKneBrfSJUVDEgSyWm7mY6t1Fla7OSfywUObt1NWEzq3pyWoSKTIQxpMJ3jnYERr
-/wJ9AgMBAAGjfDB6MB8GA1UdIwQYMBaAFIvsOfOjrm45cGR/aCtNVJAsjgXAMB0G
-A1UdDgQWBBTTKrvwtVdBlVLdz6i7kpzgEW5zvDAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
-AQEFBQADgYEAgk/D/ABBm/yIi8Qk1ISreDz7OgEaqXoqyrQY9uq3nf/Xzlmrktxe
-C7bEDiYGugly0cHFHGProTJppes2ECdcVmrpXoIHSlbP3WucAOsWcyIW9tfH+Xsk
-HAts3bXwDmfI5WEndwM+p6kMKwRsMT8/q8XJ3ZCNgsu34eoKRWhBzlQ=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P123 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICojCCAgugAwIBAgIBJDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEQxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UEAxMQUG9saWNpZXMg
-UDEyMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuGtVArq1otVEuN/s
-xR5XSOEfVzIms1FiprO4UReYXUDbKzmCYC6YypbEnOP2JpLQOPwAfVqLL8FV7xiS
-o+HmK25R0aK9nQGFUPX0U9o4b5NRcWFAoYBAF2GOFBNqGF6d9wBFPlijGMT8nWr5
-ahnujYSC1Emy88N4hkp1fj4o7yMCAwEAAaOBpzCBpDAfBgNVHSMEGDAWgBT7bNQt
-gZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU0L/Nm9/xkf2Ch1oQz5Cvi7zyxcww
-DgYDVR0PAQH/BAQDAgEGMDMGA1UdIAQsMCowDAYKYIZIAWUDAgEwATAMBgpghkgB
-ZQMCATACMAwGCmCGSAFlAwIBMAMwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTAD
-gAEAMA0GCSqGSIb3DQEBBQUAA4GBAHcVVBwhebD5vRKleXMh71kleQIL8QOQFpHM
-jVYS/KJiBsVUTebOeONSU0cuPmzomEkpLyYPz8cDroidExtxGEpkKgYBGi1c5ext
-cDUGFsTWENTFFWjZ7xA56XUtGd8alXJfY0v6QSHqoYFosJvoqU2bjX6jqQVK5HbY
-kko1SxlW
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D0:BF:CD:9B:DF:F1:91:FD:82:87:5A:10:CF:90:AF:8B:BC:F2:C5:CC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        81:c2:63:b3:65:bd:c4:2d:98:7c:e0:85:dd:5f:07:d7:b4:1b:
-        7a:64:a7:7f:60:3d:62:3a:70:af:d5:97:23:23:9a:48:e3:b7:
-        8b:c0:3d:43:c1:66:e8:24:db:ed:a9:ab:0a:70:51:d8:7d:65:
-        92:ea:e9:6f:cb:96:8e:3b:cf:94:e9:9c:d2:27:54:29:8c:81:
-        84:1d:a6:22:65:85:46:70:07:da:1d:e9:79:9f:e7:3c:4e:96:
-        1b:11:d9:08:ec:f7:95:15:c9:db:8d:a7:17:16:3e:76:bb:41:
-        98:15:94:b3:1a:19:6f:1e:dc:10:24:c8:ae:bc:38:93:c5:04:
-        ef:9d
------BEGIN X509 CRL-----
-MIIBPTCBpwIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAMTEFBvbGljaWVzIFAxMjMgQ0EX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNC/
-zZvf8ZH9godaEM+Qr4u88sXMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AIHCY7NlvcQtmHzghd1fB9e0G3pkp39gPWI6cK/VlyMjmkjjt4vAPUPBZugk2+2p
-qwpwUdh9ZZLq6W/Llo47z5TpnNInVCmMgYQdpiJlhUZwB9od6Xmf5zxOlhsR2Qjs
-95UVyduNpxcWPna7QZgVlLMaGW8e3BAkyK68OJPFBO+d
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 subCAP12
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5A:87:08:21:FB:DC:93:10:6D:9A:0B:7C:C7:6A:B1:68:4B:DF:55:D7
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        67:b8:b5:f3:01:89:95:0b:52:9b:23:ed:15:82:33:84:16:99:
-        d5:19:f9:2a:ba:7a:1a:fd:61:2e:32:9b:bf:50:d0:02:cc:b8:
-        5e:0c:f9:8f:7d:6b:d7:ce:29:7d:cd:9a:0d:01:4a:c9:ef:38:
-        13:2e:a6:46:a5:13:4a:ba:01:58:71:13:21:6a:52:1a:e5:2f:
-        c8:58:ba:dd:bb:b5:18:3e:a0:5b:94:3a:96:d0:47:05:fa:a4:
-        84:37:c0:e4:5a:42:31:19:c3:86:cc:42:90:32:85:aa:e4:70:
-        23:e2:cf:eb:fe:f3:fe:e0:83:17:bc:c4:15:07:0f:b8:c0:d9:
-        57:d2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlBvbGljaWVzIFAxMjMgc3Vi
-Q0FQMTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFFqHCCH73JMQbZoLfMdqsWhL31XXMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAGe4tfMBiZULUpsj7RWCM4QWmdUZ+Sq6ehr9YS4ym79Q0ALMuF4M+Y99
-a9fOKX3Nmg0BSsnvOBMupkalE0q6AVhxEyFqUhrlL8hYut27tRg+oFuUOpbQRwX6
-pIQ3wORaQjEZw4bMQpAyharkcCPiz+v+8/7ggxe8xBUHD7jA2VfS
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 subsubCAP12P2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:EC:39:F3:A3:AE:6E:39:70:64:7F:68:2B:4D:54:90:2C:8E:05:C0
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9a:7c:38:8c:95:0d:e2:8e:c6:fb:4c:43:f5:4f:c6:0f:4b:ec:
-        2e:bb:a1:8b:67:77:3f:7f:55:8a:02:ed:2a:f0:4e:0a:7c:e8:
-        d8:c1:26:37:47:28:ba:e5:47:de:79:74:30:b4:a1:66:8f:bd:
-        8e:7d:9a:4f:37:52:71:ad:c6:50:b1:fb:ce:eb:0b:f0:58:54:
-        a8:22:51:9f:d5:d3:92:06:20:35:f6:e2:4b:8e:7f:a8:12:f8:
-        38:a3:51:fb:cd:92:4b:2d:40:2f:f9:b9:ff:25:4d:f0:7d:9d:
-        20:00:e3:eb:94:24:fe:05:ed:e2:b3:7e:fc:fb:1b:c1:4e:cf:
-        9d:30
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1BvbGljaWVzIFAxMjMgc3Vi
-c3ViQ0FQMTJQMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUi+w586OubjlwZH9oK01UkCyOBcAwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAmnw4jJUN4o7G+0xD9U/GD0vsLruhi2d3P39VigLtKvBOCnzo
-2MEmN0couuVH3nl0MLShZo+9jn2aTzdSca3GULH7zusL8FhUqCJRn9XTkgYgNfbi
-S45/qBL4OKNR+82SSy1AL/m5/yVN8H2dIADj65Qk/gXt4rN+/PsbwU7PnTA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P123 subsubsubCAP12P2P1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D3:2A:BB:F0:B5:57:41:95:52:DD:CF:A8:BB:92:9C:E0:11:6E:73:BC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        37:cf:8e:70:a0:12:c6:cf:ee:13:28:cd:1d:e3:f8:8c:6b:09:
-        fd:d7:31:1a:c3:2c:77:f5:13:3e:ff:6e:b7:23:0d:4d:33:3f:
-        a1:f4:37:4d:c2:84:0f:6d:2a:25:df:40:f8:25:96:40:7a:fb:
-        59:29:4e:99:c8:8d:63:7b:23:b6:c8:eb:72:70:8e:f3:ca:5a:
-        2a:36:bb:c6:9a:80:45:63:49:c9:9f:68:32:90:84:e4:a6:ca:
-        22:52:d9:99:16:fa:34:93:38:ec:ba:f9:81:0d:26:b9:5b:03:
-        3b:0a:ce:85:43:8e:bd:47:ca:de:50:4b:42:e8:97:91:74:12:
-        ac:5a
------BEGIN X509 CRL-----
-MIIBTTCBtwIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIFBvbGljaWVzIFAxMjMgc3Vi
-c3Vic3ViQ0FQMTJQMlAxFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8w
-LTAfBgNVHSMEGDAWgBTTKrvwtVdBlVLdz6i7kpzgEW5zvDAKBgNVHRQEAwIBATAN
-BgkqhkiG9w0BAQUFAAOBgQA3z45woBLGz+4TKM0d4/iMawn91zEawyx39RM+/263
-Iw1NMz+h9DdNwoQPbSol30D4JZZAevtZKU6ZyI1jeyO2yOtycI7zyloqNrvGmoBF
-Y0nJn2gykITkpsoiUtmZFvo0kzjsuvmBDSa5WwM7Cs6FQ469R8reUEtC6JeRdBKs
-Wg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9EE.pem
new file mode 100644
index 0000000000..6771c05fc5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/DifferentPoliciesTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 81 22 E6 1F 10 35 F9 D3 8E 1C 0B 35 C9 38 1A BE 5E CA 1B 30 
+    friendlyName: Different Policies Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Different Policies EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 subsubsubCAP12P2P1
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBATANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEpMCcGA1UEAxMgUG9saWNp
+ZXMgUDEyMyBzdWJzdWJzdWJDQVAxMlAyUDEwHhcNMTAwMTAxMDgzMDAwWhcNMzAx
+MjMxMDgzMDAwWjBgMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZp
+Y2F0ZXMgMjAxMTEwMC4GA1UEAxMnRGlmZmVyZW50IFBvbGljaWVzIEVFIENlcnRp
+ZmljYXRlIFRlc3Q5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvves
+edFLgv8vlu0sxCTplwV97n0bNnx9po9ihH5BWII4NuhB1SG566w+qeo+LxlUDCr7
+SF3lwgxIvo+PaKcNP7SIiFEt++kSyhk8DjX5qKNZjPWDNWDDD6ZJBTLAl9YGlUdY
+knJdMBfjmsCQ0BP66ip203PSnQTCuhLdRN/syXTP5GC7MejAmILFCyIddxBi9wwd
+nDNMKNl4qhwcYdU8gCAB52ERHJ/WFJ9fSGkVWus81ViI5FaWblGC33EgUm8jqFX4
+hlvygwD4Q/9bjVVJefDXXXJ6uStLrY+K6Vf8rwtTLneOo51ZE3QMfkL2VqR9sB1v
+8Yx4HcOez04D3XiIvQIDAQABo2swaTAfBgNVHSMEGDAWgBSJIBeE+6y7CdfeXl6e
+aPY5UB9AiDAdBgNVHQ4EFgQU4wZXd/NUEr4ONS0cVpjBz6mlU+gwDgYDVR0PAQH/
+BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOC
+AQEAO8XGc+e+gxRvjmGI9a7myCl3mhrS9UuU+yid6C6u+C00it+ummR7SeHikTDJ
+j4VGXGpsaIRTPg0O+ddfegXB+WsQ8Rls4dpjUz7RLfMZFVvr7vWBMBDSZjQPYieE
+BYvzK0boQRrTeAchP06/SOl9JHfFuYm/YOqvgofTJaG1SiEULCdC3kqhU6V5rY1w
+oJPvgmBOyw0Cudj4H2zdLlcWqF0wl9Tc+BECqyJe+A4WW1nbrCmS98aHtLOnWlSI
+nAfWDY6emd7hja7EuJdNqWVenkX/mske6yMlH7PNNEhMjeNVQMt9YlLNb+A7i/XP
++W/k74kCn3JDwq9dfLK1kya+xQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 81 22 E6 1F 10 35 F9 D3 8E 1C 0B 35 C9 38 1A BE 5E CA 1B 30 
+    friendlyName: Different Policies Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EA41D9D067E8186F
+
+20aVc5sPdsVTrKZiDEgRPqQDKgU5ItFmVr9RfnxMnSqLAS35g5nTuIpKrpX1n4oi
+rUqa86/MEW//0BFkaw9+N4wTfhbuASR5PulqxwaREjhlcbwQaeGyenJMv/Kk0ZlR
+EvTQl8ATW6Z3zAnfmDB5AEwjy/0uddw1ApYgk8uRh5K1aXYKYW7iBIju0nqu8+Dm
+7lwlVvJXGRf+YUUeMIYHFPAY6OIdLFGPJrIGxmc717a4pGXKRyUw8g0EGAc/wR7+
+ZzJCo1DBMphBXIF9NOYBbOBjQqXW7+Pq9lFfXq7SbVzGCnJnJ3rJm54Pkh+RBosS
+Dhv8WsKHwH4szC2isG8vWiK0ymIDYak6ii1joPmR9kRBjxGRgdfVoluUHdWZ9XcT
+y5w/XULCdiRv0j1rLtGTP/A7th+urJUONHd4S5fh/RQVhGN7MCK54V9pwULHvGz7
+qWSE221o2lAjPW73G0aGESqMTE5w9Hx70GWtdeCO0uBTizf0TVL73Ycfa0+5bGpc
+tT/kNvYT2cxiM9dgSY9fc4v3X77V9AdibgA5/rVS1w+XQpsYVA4OpeOiNoT5+3X9
+cq1eS5U2iceom/uL2lXa+s3WGopFpl31b8zRyd49AMnqFD2OSn7VSy9SXff8nj1Q
+7QdU8d+3seGzEqolAfJuOmPUDAL6C2gx0Fyov9BIFcuTYfsS5XB77uxcdoaMsUSN
+Oq7F0DEHYEi09ZJtxjvsUXMALib12j8v0YhU1oOF6S+XGytBhfzNeZlKFXiiY5o3
+TRyJyldpH3uLn7CC17NoCqC4SEmDxJTHFdItvGNX1YnRz1TGw4wiLKdao+IBytqB
+MV7RzC0PGFVeEkbd5w6NoLdyydT1lYMN6WntX+maf0VPUfDjoEp6qAPctW05Hj/I
+4VjdBpf5AlNHh0heOgEMYhbckyLvfUAEBCCKSAAnxkHIoqF4IcQpYXG1IEQg63KJ
+EeFAX+ea8U0ggzbHMkCWKTFp4FmBbDR9mgggv+eCNWKhmU23yxuBXDIilqRlBA01
+5QbwHLJEyUcznsAuyU1q7EC957Zxu4rFrxVmE59Fh9rRY9WyoCE7unHoqYpP8HFE
+fJw9+xYYgDnyfGad6q0o+RwSXNhvaG2nxMGap48nkHISmONY1um5ikFotyir6sA3
+4p25JKJADhHWFHMvZzReaS749hAlduWfN8Es9vwzuPGxSiimfBeMBblcOC4j7AO7
+iJF6cQXvrR437XxkJ7UbB0zp+6bFXjQuYOtbTP3tEYKuovdGSD76PsqSzcZYdEC5
+6dWvIGO+1ThdJQwrRyKAG19cXdPwPW79ziPeiOrLXPEHwADOVebpfBCGUz0aY/eq
+NDJhwxRBttgQZRojV7DMQt0wVGlW2eFWBHmrxKk08gx3BUcurW7+3Y30esB9kQdn
+/EvI5GTmUaGxhpSAftvlVL5JCw6ro2f5MFr8xtKIgFX5EpVeEDDIF0Mq19kgkTFq
+hKPA9joU4FFX4DR046n0IIonsH+uFig8p0n1TvqEWNX8CO754ppQauoxfr/uysxp
+rgFIGwVhUmzE0iDEnuleLTKZZ/Tmb3Kk7kApVhnAw5EChe1GzSEx/g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GeneralizedTimeCRLnextUpdateCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GeneralizedTimeCRLnextUpdateCACert.pem
new file mode 100644
index 0000000000..5b4e1a8184
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GeneralizedTimeCRLnextUpdateCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 4A AD A2 3C FC C5 21 08 24 A2 27 F2 BF FB F5 69 7E FA DD 72 
+    friendlyName: GeneralizedTime CRL nextUpdate CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=GenerizedTime CRL nextUpdate CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAnygAwIBAgIBEDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowWDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExKDAmBgNVBAMT
+H0dlbmVyaXplZFRpbWUgQ1JMIG5leHRVcGRhdGUgQ0EwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDIYwPTkYLo2i4nGu322ECa0tqWdZ8/nED3T6b9CkeI
+qHuEoNkfyqjF5BUs0WdomqKXQtJ3UB0MOX0E5j0QUBaU/Hlg8/JQw7v1E44AeNFQ
+nAaQIXzIppIPl9DXe1UZebGRW2DzYS5sBhtxqpJ9xsdcK5oAUKETy/SoBNL7k9r9
+d5vdC0Au1b0W++GhavoJvgPDaoiYNZB2Mm8D4Q/KlR6WpWkOK4PVxFpOdteyJOIP
+6Iw17x6g7WKiBg3NhJnKjmACxPjZLJSqSocyFRRGGLiHd5/drpO8zPysx52IklDz
+dYm2VWvGTqPUJYzTGExj3ZJfOReyHnBDr3aOkRT/+503AgMBAAGjfDB6MB8GA1Ud
+IwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBR+KnXvDDbHS+cg
+2X9hSEeOEoMaLDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
+ATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKpBfr1XfvGm
+jFyTY4aoS/B9PFwiKgDbh0QVQ98D5vH/1kEsz45DwjaIbhiPXQd4pa/y+om6j/Vj
+dNrbxhUTKGsl/HHQN0kUDK8h2HbNEzgaRSiaENVcCef8N8HzoljsF+M1CglctyaP
+j4b2oFcqoJDezN1Bcmvwte0WmQ8zEhIh4gwzhmoMcSlV0cOoZtB66JRou28Z8FeD
+q5ns/Q+C/fOlFv19RuzhLhps9l4LylzzBx72fUdAGzeyvsVxJCG6if/jBG+DB1Ty
+hqKBozIY/MncXochP7Pkkixx43pomL942n5eLmflhJS9g/Yl0tutw7EtjTDmURCa
+TpyqzihsbBQ=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4A AD A2 3C FC C5 21 08 24 A2 27 F2 BF FB F5 69 7E FA DD 72 
+    friendlyName: GeneralizedTime CRL nextUpdate CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,82A93BC67947ED12
+
+TwDHTK6R5L4AYOO4XVPJjzV+CvgWSREM7UgQDzniSlI/Ll4jLylVXELbgrbfChDl
+tpVy01j3pzzXAdLLyJlafT/LMOzO6XkC+IBPEtK0OmkTZy74yy9qF1/s0Rcn5y4x
+0OcvUvKiB5BdmNYwsWVIPxIewExuXJXFpiUzAsSKfVQGfrBHI87QvXfLv6ozTlcX
+YeTAF+7yvQjkYYi7ibO9+Tc2VNlUNRsx86EnMjN8osqQYG4cUnpYeYGDhdeTd3nh
+gHXq0cuHYjMr4RWj7ZtDOLAxahDv1qRL6V/mfdWtXuiaMyN8f23s7GI8hDNSsxXA
+PlvE7tiSGlvCZNtRR7rXWo6tkZdvot+yn3XoRE8fwOm7gIAeD2GQDKaGr5B6XWG0
+dXFwZ10kIXeYEMSFOMWf17AT1cXl0JyfFLCpzPXuWPBgeMeuESrOm+f51pgbYMJL
+7iRwAWppAdQXCNcXSaAs4XCHOm89tEFT6uNUVwatzdMpYwWe0lE+W+pImWcH8/rp
+Mcn5j8mL50KDH3nKjLisj4nSu8t/A1mUfspLsz3GymnTsPO7pRhFhl92nQp+GGSK
+kNFCEYkFTk02eJE6XhGVP9+0pdG7tK1aGlnymQkqDTvhYID1dxIGGIg7pb1ZQy2Z
+zc9w9ka/bJsVTxt+v3ey8r6K3oqM7chOkOQOK/7HXHK/NSoejWoT4Wne8GxDIWbY
+ok63wZ2bLxumA2Odg3kzNSB/pvwzhK4GMJ1ETuFsAQJv4zkxUBf1+2P9g2i6OKOD
+P1sY3VjkbuSsRHUC/qxGsM7sMLjDmSKSJYcf/0vnJbAEG1Qo+r1g+wO7nFnRw50m
+/3sRYQtmgjP78ikN2fLedqzJluF/xj44beluU2mCoHsDAd4z5szK2YlHrTf8Wib9
+0Aef1QI7leym+/8meKpkL2HxWb1O4FnUJelmJIxgTT1pMZ9pYn5U2TMNIN+Zt5Yo
+Z1KfZN+4BuUc1v3jsZ/WuRI+zoRer36iCf7OwwvjOE6uX/4UZHVNRX0EhDEf5+Xt
+fVjeT3NE+6Y/E2kYHT7mnHOTL7wNEvL1FRyt2Ii9161VIP4BZTA/pc/1MTuwN6O/
+rCLM4q08VucXxc10fW6y0HfMci1XK3sw7VhQtxEjBlZk4fS8aUPm+QPKvHfn1h8M
+8H21FWaFDzuDPBQutOdjE8SZPejQinPAfYkYWpynBrmio+1gv1F0NBUcjYbSVZwO
+tYMTu8/7tfcT3zhsBblP+g9CGetVxw9eDrRTQF7+K/nCgToPTCg5znHMZ1j8N59X
+GwS/YsGM2DNrW8aldQ5nJxRS+aEGwlcHfqLc1CXv1uHkUxBUMwqm8aoGF2hIGGJ/
+62l06ZzkirqlJtxMxAZ8MOz0v05bqkvggVoafiNQBgZLg/rMO8KNRIYckszQOwLK
+L1UOupVEgPtrQvmjw16yuUbTDk5Q/cBuB4FytxmPD29RiBYVkk3bn8/oum7PRm1V
+TJtWPmsZf9kymTmHZaYarR3G5DgVFM7sdEDGtCUtGHwc3CtToHg6dmMLmU8Ap7bw
+UfjUmU25Ys9rt/j3QTNMfM6hf2tVZyguLPqD4+NIjzfd+MJ7i10eBdZhMd3gpaUa
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodCACert.pem
new file mode 100644
index 0000000000..ac9006fab1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 6F 49 77 95 33 D5 65 E8 B7 C1 06 25 03 EA B4 14 92 C3 8E 4D 
+    friendlyName: Good CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Good CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowQDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExEDAOBgNVBAMT
+B0dvb2QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQWJpHYo37
+Xfb7oJSPe+WvfTlzIG21WQ7MyMbGtK/m8mejCzR6c+f/pJhEH/OcDSMsXq8h5kXa
+BGqWK+vSwD/Pzp5OYGptXmGPcthDtAwlrafkGOS4GqIJ8+k9XGKs+vQUXJKsOk47
+RuzD6PZupq4s16xaLVqYbUC26UcY08GpnoLNHJZS/EmXw1ZZ3d4YZjNlpIpWFNHn
+UGmdiGKXUPX/9H0fVjIAaQwjnGAbpgyCumWgzIwPpX+ElFOUr3z7BoVnFKhIXze+
+VmQGSWxZxvWDUN90Ul0tLEpLgk3OVxUB4VUGuf15OJOpgo1xibINPmWt14Vda2N9
+yrNKloJGZNqLAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZ
+XahmMB0GA1UdDgQWBBRYAYQkG7wrUpRKPaUQchRR9a86yTAOBgNVHQ8BAf8EBAMC
+AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBADWHlxbmdTXNwBL/llwhQqwnazK7CC2WsXBBqgNPWj7m
+tvQ+aLG8/50Qc2Sun7o2VnwF9D18UUe8Gj3uPUYH+oSI1vDdyKcjmMbKRU4rk0eo
+3UHNDXwqIVc9CQS9smyV+x1HCwL4TTrq+LXLKx/qVij0Yqk+UJfAtrg2jnYKXsCu
+FMBQQnWCGrwa1g1TphRp/RmYHnMynYFmZrXtzFz+U9XEA7C+gPq4kqDI/iVfIT1s
+6lBtdB50lrDVwl2oYfAvW/6sC2se2QleZidUmrziVNP4oEeXINokU6T6p//HM1FG
+QYw2jOvpKcKtWCSAnegEbgsGYzATKjmPJPJ0npHFqzM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6F 49 77 95 33 D5 65 E8 B7 C1 06 25 03 EA B4 14 92 C3 8E 4D 
+    friendlyName: Good CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A56D1AC2450522CA
+
+ie3dH3qeOIyFqScl7j3cb0iu+A+OWH0vEz1BO1dVcqv/APWWvSbNl4zsBoFdeIHn
+SGSDnSskPpBgH0ca25h7xo3jOfxxAVoA7lCGT1fNlFtxCNaztHSP31Dyyn6ZpXY1
+OMSllMqNfH0aateQFl8aE+0TPg8oUq2wS0axrWMU0qQe/TOxuliDTfXskJxp7Jag
+jk8sp5PoZ2qmlO7fhvbWL6jljFdoTYeJGCHGEkc57FpD0gE6PVfJ+hZ9DYwpz//5
+yiONS1IjuY3b5BB53/cZ5WerPNZoHpGmAq4FsrP19IAXz9GdRvTlfNelBh8lwhoU
+T/YLB90JRegpbcFzzVCenD7NvXk/0Tk6qwP6JfED+1755HnknP8M1E26uFZYKFLf
+N7KCKEdZ+cim0EYH5cJyeHk3dD1laBdaxz1bK1n2Vle4Ymps1xpyj1YKAhIjEl3s
+guJg2TRDL2t056AhuXrk6J0qzO8Zj17KVq2RMXKqIGLJqi3ggfin52hL1n1idkoR
+IRj9Oo9TN8/qxt6i7xXr9Hmt4oyrJE1xfoRofwgNNM8N8Ku3Q67g4Ky2iAI6SGgU
+aqPCCPdrEIh+bQyklS6yOCtHb4S477sPr3R7raypUmrD4zqczA8sE56OCnOyW69C
+Y3JKGcfOAL3v3e8YehGmgtpMRitAIDQEIYyvBr+Bup8lNyEF4PZF4zdeuDmuk1ga
+BtPKyz6VxCoK3lLTyuky8SqL/SaAVWpazrZpbMlv8XDUIbZOcRlaAhowyyW9MSKg
+j1jJ4u3zkqUL6nJIUcjqVTKWPJC4f10LcHa63SGYu6IWK6YKbtKKXKOpuOc/HVUt
+3YStOhVdB2OJZvPGqp0xVo9alhjQrHnIQ/CAkfOWt3x5VneHw1cli4PJAzlzs11L
+isLtJTIlPSxCK1BIWH7KbSMUj3TWQYzanvomOiLqNdE+HH8EbusylOUhJilCj9tO
+lcxHwwRu5lhoYvnlDLy9ulocCsPpiNzVyZsI/efRXf1NAcjASVSO8S9KBFw27kqV
+/jKHME01NPM4sFZmbnbcH9HoNk+XBhxNcsEnIhh7CKcf0QH6M2x3eTKyomHwB3G0
+MZxp0TtlgB2ynGsDgnWkSAduKZdDruGauUvj3ykT6ErYkK/nrXPZspRlrYaoFiHt
+n++sACgyrhDY5EyZrx8kiBjvdoTpXvG2jD2tPkj7VO5jYP9kmfwya+VYXI3pm2zp
+qIDgP3Rj8ZwmMuZJbSgwfjEJ2wBGOIAoDWYlVaJ+CRXe5/z6NPSjgOheOATOXZJJ
+3+HCe+8V79k6W+pWlA0lIPYmHvpTZvvGgpEB8DEFqvVCYuxh8TNxUREGi4vzUf0/
+/7T21PeCuTUzUDLMxV3a5C7Y88G2DxiupE3xD5SnQ0Yue51RUurVEGTD4dIuPSR9
+T8luhGHJon1BtsYDHPKRqqO12tIEZCVOHOkPcIVjxuQQtV00/rAFiIN7x4Z/Y7bH
+yqr/dRb+t0l0crgk8GlW5ReLokplkaApD58ypueken9PifDbfehz/yChLA/7SlFY
+8BJC7dF3t6lQSw9BXZmgP5Ukx7Wqqjn4bOBi5WYan7MZxD02Ovnpfg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodsubCACert.pem
new file mode 100644
index 0000000000..c169547ead
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodsubCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: CF B2 F3 BA B8 E9 70 C8 5A B2 DA A5 F8 DE 28 23 A2 59 BE 41 
+    friendlyName: Good subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Good subCA
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBETANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMEMxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRMwEQYDVQQDEwpHb29k
+IHN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsg6YlsgUI+Jx
+eULQ+eIB+57x/d39rz5zlcqfjzxk95+il+BC1o3VuwtIIxYMSNmi/5GvBuGLtjA0
+/XLCvM9GnONzZhmBUGU6voomA7W/WFZAqi7cDNEEzT9E7oJAoiQBNXPXngmJX8OL
+G9yLMOTolFlLoUvmAoDGryln42gYcYXdJMoWCq+JkAaxs4tVCl+OkAfLRM7yh/IZ
+rhjfeQpMcy01e+Oku2AqdJTQSDjDBrvI21+rB3LnjJvWbpm7NbJL35LmOc/kd2YP
+yFw4vJ0uFdn95lKEuM6HY/PtkJNr36/qwJ0ixntXPCyYLyDSFqaSa+9LGbcJrp6y
+RoCD4hcZOwIDAQABo4GLMIGIMB8GA1UdIwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1
+rzrJMB0GA1UdDgQWBBQyByyedF0tXSm7sXqNOxVStH1CeDAOBgNVHQ8BAf8EBAMC
+AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDAYD
+VR0kBAUwA4ABADANBgkqhkiG9w0BAQsFAAOCAQEAcX2vRsH1O1HQsB/7Jlf+ov4p
+fIwfT5PAvv+p4bo+wWcumPIC1DjUk8xnOQUz3RkhQyqTbE+1OGuA1fjO0VJZ7Yev
+KlO6MHkMYT4N5mge2ZuxMW+35ohZ23DHEHGk174QY6V8l4ICau2s1/SRajFqfRmY
+3s8gZFo0UBX0KIcmXSu0YHfaHWXnq7bs8kCODW0qMQnlpsUtbwdlPn5jt1kbMnRk
+rKzjruehXGm7gXC2QlHgH/MfJgpawne/n0DwPBVMs/KVuR/HRadunSuGf5Vy/rm6
+kZ8Lnu8+sk3pfWXdwEK2tWArcVUv3wh6jROOasEQC1Ah3H0iXv/ETCv3BnBHFQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CF B2 F3 BA B8 E9 70 C8 5A B2 DA A5 F8 DE 28 23 A2 59 BE 41 
+    friendlyName: Good subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0C57A135D4BC7FE7
+
+MudOD7QTH7R0S0CeaqyAAHnkZQhrmWUqA+ZRYQLsN48JP/xaCrJ0yn8dcKpPxCr/
+Qv9TCnMStiRu4wRBqVSx1yIrIkEnWNFEXntzRM2+I486+kpXO038R9tg0U8Is9hl
+A++U5DM5+W07bhlJ5BRbwmBSXhqIqWozjOclAw4bTpkQEiiJFBgwo7ZBxZW0pDWq
+cldBvQvswXPkn42XBNKKebz+cAQENWqGUuz8GEx59UjUVg5Bj6GFknUSc6q41pdF
+dQw5acMtkHQwY7kvMBiy26Upx/vuZwlkPZxdf4C8jBwg9r/dCtHcQRhjZV70fiax
+SAwZbPwmf9cMweSrKPZ1WmG1fTqKW9zPd+tEsPTQTeri2zS70s6EsqwIYIZIifGI
+P1mS+LZ9cUXHfaQT9R9WjLM+mPZjzSkeEltx/30e9L2/UvE6/cYXYeTiKmusxD8b
+nb1ZQGhoqf3efij0+pfvCp709156LGyLe/g6Xg5SgpijQfTQkFfuXtk8cyHpa4/n
+9/JDAClHTa4sRo3uii30Y0Gvcu2bzG5McPmhjRQiIsHrEKq8M3f2h8VMeAktEwiO
+cc9FQy4ODUlO3TQ5CwUsTSBUhF/SvHP3e0jMpgEj+l88bxIyfVLz5grnbwTm3BHA
+4sjm4cCCae/OdRb6kqtyrKdFXRaiAfTX9d6gdJwrQPsaeW9bjeMJDHviMkwJ13Jx
+YBeaU9VOi/sf0vxgnWDndRcLQzKwDeGwH+LlNIur94QcKv98X4wpFJ9CrpDpap0W
+wHnWit/2dNWkbL8GeAsCnLhx5blaPY/TvAxnuUKgZ9o97MEUf2gBDhg/buHA8YGi
+c9eg5XWtwrfny7/HWRYtdnrG0eqY1uhBKeFCNz7sG5IY6vT0RHadOlTFzmFAmHp7
+8UG01hUHnMZKFPVTb19PQw8ZgmjmnIAhhwXvrVjddFtqqOjIkIg/Vfzyjl6aE4UN
+jPzc8j24p78EYqo+6gqT73Mci4x3wSjlYNQRVCKDMOQ6fhWV/TRe6jEpykRLdTJb
+B9oeRIbwIH90VcbTarhW5MqRSgpPi8dNc5XkrYlqXzJjghQGEnnjbHYYUvJkbNfk
+08XVP1SIDk212veafCGou78BzCUM1NXyQwy9zcKlb02/F7KYItaPQ99oyKxOk0h3
+/1iNUdesBBKfyowG6BOpD/aknUxVJVehKutmDTirbEMcIBWyu/7ehp7J1+GhmtTC
+CxhgoWtqozHDTf+O0ZHk9cYb0/SzveAvziJOuKzAP0cEW4+VWD+JSj6E/B5h0AGl
+Fr6ROjVTNFDZRdAPGisW79klZZuiqllWgwLTVOnSuFrwn+BHsYk9XuYBWBTXxDfN
+424SLBEHpWNcad8syLz5bpx9EOLrE2llWwXlYc/3DjN+bOFzkRrapZwHtUKjLIZ+
+Q0HF/rwYTaC5HiFuznGj98yhFlZ6r7pMSZtSs6e4ZDWe26B6WiGkFw3PIOXzwKNM
+4NrG6c1x8ERwKA1tI7bn+OGhthjj9oHVFBGnIesR/F86iU4pq9kLlcNTTf9IVSFh
+h3fgE5MREQNeJ2VxNmoNwEc/qYBfejVGA/fLsi85FJoJ39JTqbpAQTDo2o+1fn0a
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodsubCAPanyPolicyMapping1to2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodsubCAPanyPolicyMapping1to2CACert.pem
new file mode 100644
index 0000000000..a06c938cbc
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/GoodsubCAPanyPolicyMapping1to2CACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 8B 5F BB 21 90 3F 65 D3 30 D6 81 F7 76 B1 A6 AC 31 5D 51 42 
+    friendlyName: Good subCA PanyPolicy Mapping 1to2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Good subCA PanyPolicy Mapping 1to2
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDxDCCAqygAwIBAgIBFjANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMFsxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSswKQYDVQQDEyJHb29k
+IHN1YkNBIFBhbnlQb2xpY3kgTWFwcGluZyAxdG8yMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAyHIxLkjNU7QX3AYrkULGwUqy03uLcvbUEHQInt9Bp/Pg
+XVX+CqX7DX4nF+BumfO3NZ1vgPO7fYrpw2igH+2wgB/eebl5xHhGzurjNNKJf1Rj
+ikk0VDg7HVHpEoFZO+LQj+GVNj42mkrjEF9zhk8Gz1+K7I+MsdNN4qqJsavkO99s
+ZKh8tuleFRUakUSdMDA8LrJbQgsfvVgrO2/AYiIwPiLbSRDqhNse3Hg4/+c9rQ5f
+AxUBaW6j5gyNDbo3x9Zv4frFmtKqutRSzCHTfPXPsPduRozkQ9klYGOw2BDxiWfj
+QTJYTESOFXwamS5hui8Y8J4Vunngk6WFtse3+VSTQQIDAQABo4GtMIGqMB8GA1Ud
+IwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1rzrJMB0GA1UdDgQWBBRbc3mZ464G04qm
+M04UeOSgHbHkyTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBgNV
+HSQEBTADgAEAMBEGA1UdIAQKMAgwBgYEVR0gADAmBgNVHSEBAf8EHDAaMBgGCmCG
+SAFlAwIBMAEGCmCGSAFlAwIBMAIwDQYJKoZIhvcNAQELBQADggEBACIjsluMNLOx
+owudQB61hn4d2AhLpSGzbgqU0PE7p/666w49TrJ66XGuIq0c+z/Xtl8mdGQ/lz2Q
+CZqGNX0rb5NdjMV1MNJtEaiied89eI9sLBwbvu0cFAXeW6EYjyRCaQwh8/kn3K/b
+Wvr1Tnj9SmBfyGaPoTZDpQ60rE2mrDL0CbKGnp4H/jIYtHnItuRe+ETOvkSiF0qG
+X382kqIBHKji6xTF7HNHQr+C86OzdU0hffbCf38gt3LwUYn8MOKdInt1UEmKwG8W
+1kqf3Y/IaGhhfBNEN8yNaJFNr+Bjj0blSkuqtt53jxHjXrZ9NPVmE6A7IAIx8av/
+u7BUc8H7ALE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8B 5F BB 21 90 3F 65 D3 30 D6 81 F7 76 B1 A6 AC 31 5D 51 42 
+    friendlyName: Good subCA PanyPolicy Mapping 1to2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0C5018292BD2605F
+
+M3Ol5bfO74yfUMcETlL+y/qZXK6sPzgX7ae0iWbHucn1l9UGwfDbdq9GMhjdXoeH
+LcZhgBNNhQ9uqABdmHnULn/0oot9BntYDLtj5j2TAK1a8HHf0sAhNuugpEcSuN1Q
+m6ewmF2HKpFBE0QIxn52GOussAQkwqQ1TFpCBK39E3pUf23U1KZxtZnTWMuIxX6q
+TwrjKb20AAzLIkja0dlFluQzQyRLDbUo17yXjoiYMzqUtbQekvNcxThtH6xnAsjv
+ItIRWOiSmoMoNwTHMuuhhKOacYpHpdofbfxeLphvXRBGnwGuG6r4+mepxDTKUa7D
+DiFLRT95vPfGCd7SiOEK8IadIjIMDEPLoW1eTVKMgESCxaULDM9O1X/qLq/17wDD
++a+9/+jOhfypJ+tb0qVlfRY/uzrwsYqepKcg5OwhWRc/c9moSv6GNbDrA5QJRV/r
+I0sQ0KzK8AkapeQXDhkM5Bmr21HVtaQtTSozf5xIhninpRSIQMfxDPHRqgKgP9xH
+tqG8bBFSygzlmHR7U9YBvm5G0tNXhyIyumEMj3ljpJqbxe08+feIiZqv17HwEhVE
+/N+J1Ou+dk5p3CwUH0Zs61NY3W90TwVut7L0nF30VaGg4FHFKmUNZIZR4zxcgBec
+Wyich+jHlowm91DQeazmTec6EJKCyPlLGOP6p0ez2qX3+Qnu4zrFBmFkpqYdpbOp
+maCnsvzrYn3J5gC0yp7UhPFduDLi7oSFlNQs6GYVKjGjVhghx+un2mb+SwPboC1f
+6ok3Y5q3POY2WL/ox4qzToppMjulYiXJwCPv1IqxJGc4xyOplJfJSvCjJOg1StT+
+8+MjWcBMrjnWDB7YO/ZXFfnecQVlskbFG2u3TCjpMMdkyIZTTBgUZAm1dy3TJM1x
+EczaWDipUsgrs9p6Ip9UHwytclLk3Sl2Xf/V260myoWj6Nfv8QpXOzYH4lID3kp9
+tMw8wXUpZDXQAB6VvyAgrJX6s/9jCGDZn6WXvahaRN7eEyvMT1AbTgKmPzbjZOO9
+/JR3dIpAdeUHjfhrfec+x3qo3JZFKWn+2M2z8TQfng6jTs+o9+Tzh3xsclAO8lB8
+08T/Mp84hSZJ2sYHpLFi9qpmQCdMOJ209FIoP/q6yqlivU2ZEcWdoWIzuNw4s+6R
+29KQ8+nDm89nlsBR1jgJUJO6nX2IiLjQSr9TEUdcpTwvlKGz6lkr+WuvyfzgV4fm
+5sBczXMHmudkV14TWfHEUH2wb5TzLk+6EbFLb20y7knwu7TIaw9TAtXA6wgsFCkg
+1tcXzWnt70cZHOOVWHc3V3mlUx6lmWgakLwS8NaQp5MpqLucS+YuZAbyBvKjWOW2
+IEQyuKKRC9iNCWzg6D1MvBF9A0bZ6iIu4mNj6NhMEul5/dmTKQSy5pCo6mv36kYx
+NWaZsie3Dwqk63op5VPBoz9xkGzTcUDPr3kqQ/kwZPMsdx6+aasyWY6w9f511dDr
+ml08wn/zF72P00Go2Jl7PCdwJIeK0Ggu+4nMJSrTp8jn2wKt6NREjY1tA/C/8MCu
+ivdfNGnhMjBwfkO4nodwc2+tyIikYP1+LCXHGgsxCbB4T6KNsNmyGpgKOGuuvkyn
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5.pem
deleted file mode 100644
index f8cfbfdebc..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Bad CRL Issuer Name CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfDCCAeWgAwIBAgIBCTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWQmFkIENSTCBJ
-c3N1ZXIgTmFtZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA8VTZxnGg
-pV60/E3F2RBR9N0VgI/w8ZdVENnRoqcpmY276I2t0UaRM95qNori4u/6Rb6RI6Jy
-BL5dPaJuS4hoVphnqLjMMF+huDF61ov49vcOtMo9Qw7NJYgeoINC4KcUrxvn5O33
-IjvyvGkMbrzczslZh1IaGrquWlS9DQDv3jECAwEAAaN8MHowHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMg02+C1YxZR0VCkMtLFWfhD
-jOBnMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCYg+l+IX369jmWSOMWB2Gw
-tuancmzEylYvy1g4di3sVNNOTRaST6hG6M0QkyVJDpr5wYwDCAu1me4CkJlaRHT9
-RZB8rW2LK9ydBJG5peFQa8QPQv9phrb4Hc7/2xjr0Eq6sUAQOBsCL09IY5pi2jxH
-o4m0vETRDlhl/Lqsc3dLTQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Bad CRL Issuer Name EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=Bad CRL Issuer Name CA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFkJhZCBDUkwgSXNz
-dWVyIE5hbWUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBkMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxOTA3BgNVBAMT
-MEludmFsaWQgQmFkIENSTCBJc3N1ZXIgTmFtZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0
-NTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmWwjDb3FCLH56CnXApSXwVHB
-KUEdYLsDL5afA0uwYq3CutM9nFTfpI4wfWoh8z8rbcyzMhNU/b90XnkcJeUlLe4R
-GVC87g/Oh67ONY431E5nS0t2mU3gA5A+QJwCJ5GgkoRJy4aZS7IhIVayya97aITa
-eeInMge1hpOIbhG4RWMCAwEAAaNrMGkwHwYDVR0jBBgwFoAUyDTb4LVjFlHRUKQy
-0sVZ+EOM4GcwHQYDVR0OBBYEFLIo4xfziwpQ8zkzEpaYHC7RAmffMA4GA1UdDwEB
-/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQAD
-gYEAYRbr0XdXa3sve8krgu8sJ/Dj90/LJexPg4kRViyO7965tP3sBCNUAIO1Q8QW
-n27WeL4IjVXDSrspE/72yM2b8MNWJ4phd+PJMkQb+ioBbC8qPrNvnesSKPbqNcDR
-qLz/G2oPMHBWA5zuzG1O2ecxU1MLUV3tY4QxY1oNRuMunPo=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Incorrect CRL Issuer Name
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C8:34:DB:E0:B5:63:16:51:D1:50:A4:32:D2:C5:59:F8:43:8C:E0:67
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2a:95:96:bc:9d:a1:bc:e9:8b:10:db:0c:3a:19:c0:f6:b3:bc:
-        a0:15:ef:97:6c:c5:83:6b:e6:ee:c3:8b:fa:54:c7:86:7b:ba:
-        e8:73:c0:9d:d6:e5:1a:90:74:4c:8c:71:bf:ce:81:e7:36:df:
-        95:4a:d8:6a:71:e6:16:6a:20:ab:9b:7b:de:eb:c6:ec:2e:83:
-        e9:0d:61:4f:62:df:3b:5f:02:28:98:01:04:5b:d7:19:18:1a:
-        f9:18:63:83:62:2f:de:0b:9f:a8:5a:d4:8b:91:5b:94:cf:bf:
-        44:d8:18:71:89:fd:99:14:c9:92:7a:a0:6b:ed:15:13:5d:37:
-        91:fd
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGUluY29ycmVjdCBDUkwgSXNz
-dWVyIE5hbWUXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFMg02+C1YxZR0VCkMtLFWfhDjOBnMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBACqVlrydobzpixDbDDoZwPazvKAV75dsxYNr5u7Di/pUx4Z7uuhz
-wJ3W5RqQdEyMcb/Ogec235VK2Gpx5hZqIKube97rxuwug+kNYU9i3ztfAiiYAQRb
-1xkYGvkYY4NiL94Ln6ha1IuRW5TPv0TYGHGJ/ZkUyZJ6oGvtFRNdN5H9
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5EE.pem
new file mode 100644
index 0000000000..c3d5661683
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLIssuerNameTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 83 38 B9 B1 1E 8B 1A B1 01 EC 85 06 77 73 50 80 9E 77 8D 72 
+    friendlyName: Invalid Bad CRL Issuer Name Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Bad CRL Issuer Name EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=Bad CRL Issuer Name CA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWQmFkIENS
+TCBJc3N1ZXIgTmFtZSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MGkxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MTkwNwYDVQQDEzBJbnZhbGlkIEJhZCBDUkwgSXNzdWVyIE5hbWUgRUUgQ2VydGlm
+aWNhdGUgVGVzdDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbUQc/
+aDfzozsGi/PMBuOvwbdh4u/eGd5PwWOqPgwARtSrxA+gRKdsLq/Gh9ySRhABGV+h
+92N/B4xPnilGJJt2SUULOZz65G2Jb8yUZrO2RSLXcGSzExmQL58GC8jQ13rPveDn
+tChy8oiRh1Q+Qswy1dIP/iya8fhceDjt6YhP35Du/CzDaPIEdxlMYfnsiM5PZukl
+Yc/0+bg/T59xvjypk1oAOxVdGngaXEpkpwDyKoTdXMATrWWIIoA+NgmsJfTRlwes
+l/Mzy2pJxRRql9tW8yteW78ddNBIMHeSfJkqcwJ9y3rdW6CC4qE2ih+5O119FMTU
+hlkdv0bKseMyrb8zAgMBAAGjazBpMB8GA1UdIwQYMBaAFBFy8jVdBNUOSiAHB0Eo
+/ZRwABxxMB0GA1UdDgQWBBTJMGp5bfvpKIG6aOzEVAK6YN1WYzAOBgNVHQ8BAf8E
+BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IB
+AQCNUhve7sX9MgDZzE0LREXi85Qx+HDApJzt7BZ0n7jjN+mKBR7z3mGqfvIWd+nd
+yEtDj2G5+PEd59nPp/tlNGwcKHuD2ht/83jX2tjrNZE1XizGyPS6m7vI07OiVhNi
+8CODBlCX5jimwwqH6i+2WNFI/3xQZwqjx//q5izI9TMryIDbX8mwWGYtDd9O04u5
+3Ey1oZdm7fxE9QJ5Hsg3zOGHKNVr0JFlIHx2yaub9F4CUEHVx56rAdY/13v89iUD
+yD3KEZHOxuGRLD1nKvK4rU7vEmYOXRF1z2iobzxA9VbBuybrsJwZyaCZRZ9C09XU
+kw1e5M/h7zZuDUtLKIyzA0pJ
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 83 38 B9 B1 1E 8B 1A B1 01 EC 85 06 77 73 50 80 9E 77 8D 72 
+    friendlyName: Invalid Bad CRL Issuer Name Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,619AE424395184AF
+
+fidkvMzQmt7seLs9JoKXAFeoeWyIs/Dn0wWqjju6InvbFGt5e9dBqJOHqXOiR2Ad
+hSGbVkcvXRyUokJudi60t1cHjXd37l/8tK1f0Cji6EUUMUekG08BlF4jrsA2R3Pb
+5Q2Ya9uhNO+2FDf1dYk7+Tyvg2SOUPtyN3xS8S54+Ao6761jSy9yGHm4KOws8ViQ
+c0njkI8erjzYo/H9TPgOtW48JHBxa/GA5gBWFF/2z/AOIhSLtOMeIiJEcqiENlnm
+pOzHXp+UnCDdVb+xEO5lYKyNA9h2BPhZ6x9SA5VXjNK+S+rC6g0Vj6bgX58JfAg3
+DoFKy+RpkYBB4MXskmU8+SWVXrXmcd3JTZS2dN+pkFRxEvdR+Xj6Wi7XIpZIY9Dw
+BL/YNX5+ruefdisDncgR4WdDy0rWuKnJvFl8FyE3M3cQl+LBUwxwf46TotGcIHwj
+Lb43hD0p1xPSPwcElVi0iJIZClVEDM4jNXv0rYk0fD1GUD5I3f3jTILxlTrIjWcr
+y0I3c74aRgRBp4B+Wh6Vh8OzHDVZeko4e8WCWT9QnknQw0b56/yKQErymhT5xCSe
+ZxLZ+JsveW5s6u8ySC2iScdRh/TTHag8Y2y1aIkc4iZRCFcLi/Udh/EuZ9unNHOE
+4lSEMD5gwHaeb+y8iVdwHOVIdelp0RceTmHiyzd/OlDCZOKt2Ha2TasdVdK1g43e
+MNqvW77Lz4isgIuROIZmn8vwBoprFXXSPZBnjDvEtichw6i3kRJbLtI60CkVK7dx
+P5Ffx7IhwOIFoxfxzMxOaxB2FknnciEoUpAyTUOqI007BVuwx+mQk6Anzh2/Osc6
+AvVf8SvuufJYAaTYovAmJlwFpTETkwUui6zH2Qt1k3x5njTN2EXscUJDLAJ8PWGW
+QNj3YlKdQdT5bfQGRolmQN/Aki5BhjhNamGzN66T5Bi+MjTmaK9o2kz+ed1sdGUO
+M9g7RPJ390RzTjMf2g+pagVw6Q5jzNFmgKn/3QPnhREeFZXUby2KkrENqf5Gv34C
+s10//lqT2ln0Qx6OZjYn/ydWt0fmdn3msDYzMn0UcSxSRqHZgf5Z/J7GAPeUtxzE
+1sTo/qx5gkZ7KV+HAkODoGOjUWDY56aVTzNvukzZ7g/HoB+71m06ce01hgxEhduu
+eDdVoWlRaV3MWATYKGsEO7G2dOP8oouzYYXxip8TZClYy0QJkfSxrHx+eoYDU16M
+SxGrtYkSRf9SvBTAjpcI1IYJwCmLOXbyJldhNDz/XgXjE7VNjwpucy4n/NSkGA98
++cE4oG8FKPvU1rlAZP8uSi+jW64yOykMYrGyCRfe72Gc0WrDp/TPVoJpFiDulLJt
+06XV+LA1A7Iv+aOgej4NMYvQDHUuDlQGgTPeU6aWSgiFQZkMWyxt1r63MTC0qeK6
+6buWTP/teEyzDyJlTb2dTwsUJaK9BwT6Cm4M0MW75zlQw0lnR4VWwKHCnAn1OQka
+ojcVVmSs2ixDCAB8fOBrcqRZIEw427lb8rJyHhvqCdMyje+D3s/T87vTtPaYaaYV
+SAF6BFFcV+3bAymDNnVB01QLIOlQbucjE/M49Y+J+ZS1gke6WFRGPdV4SvcHtYaR
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4.pem
deleted file mode 100644
index 6fd7c1dc31..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Bad CRL Signature CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBCDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUQmFkIENSTCBT
-aWduYXR1cmUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJdogWv9CPXo
-9rQEcxwXXws6b/WT7R/AspFsq4aVO/l7puHNxGIQybx5jK5W55wqPtHa5PPGSpJA
-YkcuKVXL1ZqZh8A+VenvazNg0XoldwJZalTN0AwR3FprLL3cXYIwu8FFFERp8l/S
-YgHz8wHRlA37Ph4a7cU78oLWK0wziElzAgMBAAGjfDB6MB8GA1UdIwQYMBaAFPts
-1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBT7CxX9unvmOEiZWhVgVVCXqjZs
-QzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
-EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAmZ8+7Hn2elBnvNREi2gDIa3P
-POFc8RHEq6ajCkhgeJoQRygSFdfenhTKGtfvet/3j6hBZRHEVI2e8x5yiyBN/ZKV
-SAdRCjXTg99nJJtkkqDhifkO5uUaxfcgj2LFt9DI7/b/jZzlNSD8BXqcifbjAf1s
-IIlWmY0HVZgwucYLmC8=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Bad CRL Signature EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=Bad CRL Signature CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFEJhZCBDUkwgU2ln
-bmF0dXJlIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYjELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTcwNQYDVQQDEy5J
-bnZhbGlkIEJhZCBDUkwgU2lnbmF0dXJlIEVFIENlcnRpZmljYXRlIFRlc3Q0MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQDbS7uYXT/RjXcp9qBIMFgzo5WJJA
-3/1rXCiA/BzowTDl87A4iGOmZ+LEkwpLarYI8mFzGmQAVIlJCn3KlTO4AuTWaMth
-VZPgVZ5gVxVHQbqdb2VZXHVJGYB/yn+PJrghL5uy+kv9qzocq/jUrEHcnvBTQ+iI
-8mutd/z8C/Qy9QIDAQABo2swaTAfBgNVHSMEGDAWgBT7CxX9unvmOEiZWhVgVVCX
-qjZsQzAdBgNVHQ4EFgQUK1L621YMk2XrXnaVZG9PC/61mSYwDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQA5
-Kis0tSW5S+c/zwTmKqh6DTRRISk2nn+KeQSUJdi6YXcuX3YIX/P4SxWNQ46dwKDl
-lNNDVR3u7fiwwYf9BxICorMqY2FhrdFOoGclO1mCpRuBMhmER7hWivrftdi7ekeE
-2aEHKWWnWwzU/qs6Z/6FK9waN4GviF8X+sqt/EHo+A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Bad CRL Signature CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:0B:15:FD:BA:7B:E6:38:48:99:5A:15:60:55:50:97:AA:36:6C:43
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        68:7d:ef:9b:2c:27:82:c2:3c:2f:16:6a:09:27:73:ac:90:da:
-        2e:66:07:a0:f4:c2:4e:4c:3a:52:02:f7:23:dc:52:f5:3e:2e:
-        94:29:22:b8:f4:f1:c7:44:85:5e:84:8a:6e:37:5c:84:16:5e:
-        70:b5:f5:13:81:8e:89:09:b6:48:0e:51:9c:15:94:21:f1:21:
-        e6:38:14:50:a4:c3:85:4c:84:e9:eb:f6:b7:6a:a4:cc:12:02:
-        a5:0f:42:af:9a:1c:d9:c0:4c:98:c3:1c:12:2e:f7:84:d8:fa:
-        24:4b:68:3c:20:c6:7c:60:78:d6:46:37:68:28:4f:81:c1:b7:
-        32:30
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFEJhZCBDUkwgU2lnbmF0dXJl
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBT7CxX9unvmOEiZWhVgVVCXqjZsQzAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQBofe+bLCeCwjwvFmoJJ3OskNouZgeg9MJOTDpSAvcj3FL1Pi6UKSK49PHH
-RIVehIpuN1yEFl5wtfUTgY6JCbZIDlGcFZQh8SHmOBRQpMOFTITp6/a3aqTMEgKl
-D0KvmhzZwEyYwxwSLveE2PokS2g8IMZ8YHjWRjdoKE+BwbcyMA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4EE.pem
new file mode 100644
index 0000000000..2ee07eb3f4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBadCRLSignatureTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1A DE BE 1C 7E 70 F5 E1 0E BA 55 EB 2D 41 E2 4C 7D F6 6A 8F 
+    friendlyName: Invalid Bad CRL Signature Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Bad CRL Signature EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=Bad CRL Signature CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUQmFkIENS
+TCBTaWduYXR1cmUgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBn
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE3
+MDUGA1UEAxMuSW52YWxpZCBCYWQgQ1JMIFNpZ25hdHVyZSBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoh2hBRa2n/
+4/sUJnItoF7DlFyPUGn2CSBjfW61rFCpa0UFPhjN18/5HPV2AvDSyfeVsQbaOqBN
+mGcN+3ClEaDM0MxDR373PtXwfZlqxBeyufsFrgskpV77KB0dwTPJBkFDDf5K8Z+d
+kRv6wf8L3TVQkWCZmqtBGyYpb+ciqjqlON79M+mX5rGy+95P49jqzq3Ufe7/frQ3
+twWzfLyvT16+X3erXinXrkMBOJqKvH9n0AmeV7H244Ekak/kyYjn8cMKCHptmpyO
+XXB2dhDrSSkFClVE6Qyk/ynFBPo29lq1ZBM4WeKI961/Sku3DL8cE9LgNvzRx448
+wM8vF++T9EUCAwEAAaNrMGkwHwYDVR0jBBgwFoAUMYs1jZ5EYTAU3ucLLhQZSCTb
++b0wHQYDVR0OBBYEFDFtEQEQ4iF+FFSg1ZEs2O0msQvFMA4GA1UdDwEB/wQEAwIE
+8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBACXx
+1TSmGPZscKlY2e9Zuqp5LP8ehTiXLtWOErouEeF9tfobMh+hOGruSmdtJv7tmqz7
+ePchR3c+ROsT51qEpOW+y7Hjv8opoRaWJdMJZ4zVGiH6wlaj9Iy1rrxFMnbRM2ZN
++md4SDJnKmMzbUf1H05qAuiCDiDleVkPycyIOLWInwEX+5cW9SOaeoiBnO0GmkBe
+RJPNV9rrTNpcq8cDoQh08xaaoKRPtIlxR14XP25SNfljdbCVZQXIoKHEsQV+UV27
+RVKCSqzZAv9W1nXeZX7rH+8kEKvQR8y5fMYi7Hi9zk3tqH53A/8QGPKrCqRJaw/+
+UAQA3LZBkaU9hpO5JAU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1A DE BE 1C 7E 70 F5 E1 0E BA 55 EB 2D 41 E2 4C 7D F6 6A 8F 
+    friendlyName: Invalid Bad CRL Signature Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6CD186847B6D8CF0
+
+e+e0uY4ANLFnP1kBMLdAz6JO7+Tq5FRSVOAEOGNG8Sx3QgbEpLfgJ/MkMC6n3Fw/
+AqnQFZh7Edi0RsFAr0GWyOzcyz3fpUfMS1WtRpIgC7E5Cx6MK4iOQN3yUinvtKnI
+9qV1nHMw+UlvBV7mfODEBHOum3M4wXtgWcjDXGE3VrDqwxeYTqb2z/gMMFSUDRGZ
+2ZFYveiiIT8B2nGAxtTKTeG0Yv4BzRhArKLSMD0zJl+x3QM3PH7a5WhKS+b69uzy
+PaCxjdRzYsNsVNjnIhVFdnXtFJ3njDL6Shn5yCJkNWdoJk3wnG4FUuhR5FKCCEtO
+2mLRGcVXj6fonOy5KZ79GN7kp6N0L6EtUhZiO7Gn2Xp34EjfoXyCoGRKQsVr6Xmk
+vyaR+Ui+81ro1xGRpMGRyyFzovXFWTMSIvq6RDC3ru555/OCQ0HisCSDfxu/xAIQ
+VhAENI1Fmj5TJuzS39nZsDfNX+G9mkv0W8V5YNR2mZSEeurGWFOYEqxPNXEdZgci
+pMkjN8vVIv12pDds9YYqpJuexjCFLaS8ZS3ZU/55KBNY/U+/q9MuhKO49sdtNBxq
+5ffXYc2ybnHKDTcN9bzLgbBuqYP3bfGtgn+BSK2nxX24PRckFjj9h7QqSXot05mX
+Z9WdQMRs0vAsnhhEZXOjMhxusLeJIOssnXY2EuXt79Z/Sc4BEE7KFWQ+ZTgZ7kv2
+l/vJWlYBLcUrlbcgWdu5DgLau45fgWFfx7Z7R+cg5cB6W0ZVlE89+c8FRTh4v1UR
+rfG/k0QMIzP1CNMuc4rngEjVLpWn53jXlNM1ljeQynOYQTBZuCiwyXCJs59ZU3v+
+AYr129U2ooPpe24N+Nvu6qHnQ9V+jeHgoU4nbOD9/akhy68xukVaeDIDgezVD7oa
+BIAOziVFo37SHFC6Fbi0/JNQCoByhRbpUnHiG5PRsBO5OEY3Ud3irlhuPFofg27y
+QJ5qnl+qdlGbH0iBZrGXwiE7ZUjpEPPxR3+IaLSvj7k0l7zxOtK4JoHAa4njxXNC
+VAKdjrekp+6lbfJwZjrAVVSU2wuTQ5UFbdZLugfyHgWH7qb6BFePytfM69eD73b5
+ZaU4lWcTFaa+IEdqAZZG+DJ79jcYiynBHdOVOcLnRt+hKlo/NGY7nP46hytuEefh
+0ppwNMkXXWxNGVzfUKiWoKBUNpkMyRcPveQKJhBQpbNt/soCTkh0csH7CieRXQj8
+7LQMKC15St07nncPVsXYtcD9fPMh0aU576SdoYTW9sb0kTThV9evEAdS/NFervwJ
+yqBa/a5kCxhpi78LrfljTkfL2/9weS80UNj/4ebC/Et8uuES1WeUyDE7ELFqMoHg
+NBfBnsyu82KRRxU8BpEqZ05CX7VrZHHL9hGPIp9+7isSFyjx2t4PUZmab93CwI5z
+Psj+z+IsR2ZLA25ttpi3bOcnqKJ91okUBVJCaiR533Ss3Ar+/tl+ZRESSDhh8vbP
+Wqgd6YpXVOADF3F4tdRwPhwTSUM4mJ/0JFVNINOkONfMai/hEbHZfPh9XMfctspF
+XWXsaBMejr6WBE8wUYQ9tI68cQld2Y6tr+LyBYy04fglExIn9GmPYWsfEMoUipC0
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7.pem
deleted file mode 100644
index a70e68731c..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7.pem
+++ /dev/null
@@ -1,175 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBFTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEtMCsGA1UEAxMkQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCfjlwgIWm+Taynv+38GP1Yf2hDPMT5pcsPYlRaeFeg7Tsr/GhTZQKB
-qfO7h8J6JjoKD1m1BTcrdiHbRBnn183kxyhljulJLu87gOUt6LlTGTBFeaUhNNxv
-wpzF5uQ7xQcChTE7GF4kxt/oyehJFi9TGtnjdjlSi3LXG/xfQn81GwIDAQABo3ww
-ejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUScn8
-twM8Z20KAJOp5NalHpIftREwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABV8
-zJCN9czUhadFLy10H1usL1xGEcB8SRR3Row0a+Zmj8T9Se71hTgW7LfXQj3bCDJV
-3AyAd+WA4N0y0+eSRWRGNAcMrOeqNp1/Ki6iGNYceZ41Goudsc34StO7symFfatg
-hTr8/7eU6NXu2o9cDREBOJujBK/Uy52E4rx/Faxk
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Basic Self-Issued CRL Signing Key EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
------BEGIN CERTIFICATE-----
-MIICqzCCAhSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt
-SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0
-MTkxNDU3MjBaMHIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj
-YXRlczFHMEUGA1UEAxM+SW52YWxpZCBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2ln
-bmluZyBLZXkgRUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBANehtRiWYBhPipRRR0tIxuV4U49+DofUBRVQP5JDT79DtTbKaVOR
-HWgSi30ZrKSm3WkblfZoncF9ZMN/ocoqxeUNXwBqp8/wJYbE6js5YwBGTsfi3UfP
-s14vC1mU4ssE+ogwozLkXRcJGuFtJwNTZcEf43OkjdjLWiIH5DVhj9ZXAgMBAAGj
-azBpMB8GA1UdIwQYMBaAFEnJ/LcDPGdtCgCTqeTWpR6SH7URMB0GA1UdDgQWBBTa
-6ZIK1lgoOotgyyB2SLZbDxCDHDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAA/4ne7fgjMJuty5+P1V3QiH
-TxmpO+boz9+NO3Wc2Nj23sToATQqIcc6W1G3yKbN7uQEXtHgtPcIz5diAIJ8JNQl
-INBUxGlFASTWHNfnNJDgN7lwn4VjSAE7HzEKIJ3+HVTXI6+mdiCl/IYL9q02KSGi
-djAHT73bFgK6ydVH8Cal
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
------BEGIN CERTIFICATE-----
-MIIDGTCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt
-SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0
-MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj
-YXRlczEtMCsGA1UEAxMkQmFzaWMgU2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5
-IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXGyrLR0BviK/81C9C/igI
-9zh+808dGICz2wS1Oh2CWCeYia4J/65Y7XBDRBW1TJbQLdrxt2289Lc/gc9+PW9j
-gwVpGRuYkFf+AwbMgLa1Ro5zqoIbD7WjTu7vgGdDvJmrSVLfSXavpeUBzp37Dsw6
-KzSHcBjPwGes7q3pjfhOMwIDAQABo4HyMIHvMB8GA1UdIwQYMBaAFEnJ/LcDPGdt
-CgCTqeTWpR6SH7URMB0GA1UdDgQWBBQPcsozQ6nEEVGrY9pEhw9hpPS+RzAOBgNV
-HQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGDBgNVHR8EfDB6
-MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm
-LUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJKoZIhvcNAQEFBQADgYEAjoyS
-h7zhrGkL40stundacKPqIEZ3HyWW0NQhD0wBhWslGAOvlCaf44kuTKggRY6r96sy
-4kWEjvfGu/r/dBgrFaCCGNv0ui5FfXu8WeZ4jvHg7wZbx5ATx5Jpumqbm0PcEYCr
-YnA6WBCstG0lohNV2ohM/wqRFmBB0WL1K+9IdfQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:0F:72:CA:33:43:A9:C4:11:51:AB:63:DA:44:87:0F:61:A4:F4:BE:47
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        5c:cd:8f:a3:3d:9e:64:f7:64:73:9c:2c:39:e2:e7:d7:0e:b8:
-        1c:3e:9b:1d:14:dc:98:c2:8e:5a:1f:e5:47:31:fd:7e:a7:d5:
-        9f:52:31:c8:10:f7:d0:a2:84:3f:77:c7:f1:ba:7e:24:62:ad:
-        05:ae:1c:7b:ff:f0:e2:ce:55:f5:27:d3:cc:24:7f:c8:1d:a6:
-        b8:ce:42:05:e1:06:ec:1f:87:4c:d5:69:8d:78:59:d2:33:94:
-        1c:3b:27:68:80:3d:6f:3d:a6:c7:9f:2b:39:9f:d7:c3:83:eb:
-        77:bd:cc:7f:96:b3:ad:24:68:99:d1:1a:bf:05:1c:8c:3e:2a:
-        02:f8
------BEGIN X509 CRL-----
-MIIBdTCB3wIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYtSXNzdWVk
-IENSTCBTaWduaW5nIEtleSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjAiMCACAQMXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0j
-BBgwFoAUD3LKM0OpxBFRq2PaRIcPYaT0vkcwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAXM2Poz2eZPdkc5wsOeLn1w64HD6bHRTcmMKOWh/lRzH9fqfVn1Ix
-yBD30KKEP3fH8bp+JGKtBa4ce//w4s5V9SfTzCR/yB2muM5CBeEG7B+HTNVpjXhZ
-0jOUHDsnaIA9bz2mx58rOZ/Xw4Prd73Mf5azrSRomdEavwUcjD4qAvg=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:49:C9:FC:B7:03:3C:67:6D:0A:00:93:A9:E4:D6:A5:1E:92:1F:B5:11
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0x.v.t.r0p1.0...U....US1.0...U.
-..Test Certificates1E0C..U...<Self-Issued Cert DP for Basic Self-Issued CRL Signing Key CA
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2e:12:1f:54:36:68:73:b2:5c:f6:11:48:f1:d6:7a:bf:ce:1d:
-        d9:21:7a:96:29:44:bc:83:26:d8:8c:f5:11:36:9a:f1:23:78:
-        57:00:8b:13:c6:74:57:4d:3d:ba:ee:d4:ac:d4:40:b1:d0:80:
-        91:f1:06:81:91:ba:a4:f8:1e:c7:6b:d6:20:3c:92:26:23:94:
-        80:33:df:c7:3b:ac:fc:94:ea:e8:3d:d0:37:c1:d5:e9:ba:53:
-        83:9e:26:ed:da:fb:10:0a:6e:d8:cd:d7:20:42:2c:d6:7d:18:
-        32:6b:75:2a:3c:51:03:dd:4d:a1:80:e6:d8:95:6a:2c:b0:b6:
-        72:31
------BEGIN X509 CRL-----
-MIIB2zCCAUQCAQEwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMS0wKwYDVQQDEyRCYXNpYyBTZWxmLUlzc3Vl
-ZCBDUkwgU2lnbmluZyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFqggbcwgbQwHwYDVR0jBBgwFoAUScn8twM8Z20KAJOp5NalHpIftREwCgYDVR0U
-BAMCAQEwgYQGA1UdHAEB/wR6MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0
-IERQIGZvciBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJ
-KoZIhvcNAQEFBQADgYEALhIfVDZoc7Jc9hFI8dZ6v84d2SF6lilEvIMm2Iz1ETaa
-8SN4VwCLE8Z0V009uu7UrNRAsdCAkfEGgZG6pPgex2vWIDySJiOUgDPfxzus/JTq
-6D3QN8HV6bpTg54m7dr7EApu2M3XIEIs1n0YMmt1KjxRA91NoYDm2JVqLLC2cjE=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.pem
new file mode 100644
index 0000000000..f5ae145d4c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E6 12 3F 89 00 F0 C6 9C 39 A2 C7 8F 9B 88 6B D5 E4 71 62 9F 
+    friendlyName: Invalid Basic Self-Issued CRL Signing Key Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Basic Self-Issued CRL Signing Key EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued CRL Signing Key CA
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEtMCsGA1UEAxMkQmFzaWMg
+U2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMB4XDTEwMDEwMTA4MzAwMFoX
+DTMwMTIzMTA4MzAwMFowdzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2Vy
+dGlmaWNhdGVzIDIwMTExRzBFBgNVBAMTPkludmFsaWQgQmFzaWMgU2VsZi1Jc3N1
+ZWQgQ1JMIFNpZ25pbmcgS2V5IEVFIENlcnRpZmljYXRlIFRlc3Q3MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJ1Ncwjk9f7Jh7x49a+7BccpR9imE9kX
+WNxzQRvvBx/ps0H6O0u1zIdwap06h2+FtZTsrSUn86di4rh93ebVSvSdyvjRTZ8C
+9Wzp2bL+hkeKHLwDWu9EMXUGCudejQGRzcSdR3UBA8vyQcxzG0fNqaXVv6R9OLcW
+fOg4hZCB7eROyjQlGw5EbDQb1Mwn5b3uqTtW13lFLIcCcoW4RfhyW75japyyi9Oh
++tCN54yJsOOwjZ52PLbHTYr6/iRRKXkosL8BLS5B+B4WkIRXeFkwlq7wJRFfFiI7
+tyd9h5vHk7cwBl2ZiZCvxQ/Nlfi9wzXEFPto0LbD1feSoZ1BkWDmqwIDAQABo2sw
+aTAfBgNVHSMEGDAWgBQpmkUuNpWd7PJeVJwT1dn2RJEsEzAdBgNVHQ4EFgQUV4fq
+Vxkw9RXSdq1WA6DhF8IkJzcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEATKc5gYlWDtz8z6JjAO7O2AuY
+LB9lOLe6vRxZHjGME9s9lrupp3rM1lMEvDEcOkfo/36AR0ZWmdWbW0m94TUyu8wd
+MmF3aXQxxkJGHAdwgD8OzpzVQWYM966uD4awzXMLvzx3IqymLwiLK4veDIaNeOVU
++LTZO/CgO8jp9lbyhNs3PLU/jeeAXSpx2WCIwHVMzuetpicwWAab57FAov7p5MPo
+Est9Pk7dk9iXe5XvnnNyOavoCSbOP5XddVUR370ghSNXnoFsgzh40LWDe6HSrgXO
+ZyaArB/ECUADegv99A29DiKxDSmM0zM5NzTrmbQEpALzt57CfnsHt1T2C5ck2Q==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E6 12 3F 89 00 F0 C6 9C 39 A2 C7 8F 9B 88 6B D5 E4 71 62 9F 
+    friendlyName: Invalid Basic Self-Issued CRL Signing Key Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,276B857A89B89609
+
+ucRyf9n3BU/DKfv7RVXPVBnyhidmBvM5gIlW+KzmUFP/h6oGZaW8OaU7HC5frMZ2
+GTMBvXwAootFy2HHGOoiKawgo2Zq+Fs3O0amgrn4RTIFYwfn3Dlg1fU+JnCU+ST+
+ZlGtAjPQ8vfSeCRlxkz1SSA28R+8mKQymBFF6ZkLGBraZNVFmIxGPs9PFJewX2hD
+iC+UoIdLulYgwg1RrXRy5hVxKkvaYDBUIMlYOyqzUmkQRaJhC3pr+ngb5THJj6y5
+T78tVRhkuo70/WoB6fVXF2XTd3fujEN4ksW5S2LkgWs+9XfMsntP3jeVZouOyinP
+SHySjke0TCOdzcZYedAaLcHZUsnheevsvQa5pmNSuxJBYX10f5y5sehojgcvL/uy
+c928kBlyd3b3jTzbuirTV0/AO4081BT1733bQmIfArplPWngSex4ADIF8cgIPjT0
+A2WgBOaZWNIsP5KyNiokVc4hM7ulcyurI37E1mgHMlS0cUyv53dvZcrg6g+ScjMu
+rco2GhA1LlGKWofyTC8dWpikip8S00FR2JAggL/4LQMoPJioqLv3PywU43FJyK41
+OG7CZ3GEzXJgkx2h7bbJINjz/CvhC12CBGXejXJP0kU+1fp2Pr0LBYMYOUbj2tXA
+hfMpSWElN+XZaRRsIOaYxgVIMvTpsKHudr4o4Jo7+BgJZ3V6Po60z4QZCZi7TdOV
+FZVFM9yjCzFPRU5Xv09eSf9zTVM8AKXDJvMIQ+FcaErTsO4EpdB90/jCgsk4W9R/
+ZooWrSARU0DBd7V+OIRLt0FbSXC0BKm68zg5eqLG/skbWVvZzrU0ef9BNiOuAyck
+IKcex2M0Aw3TAvpj4ZKW6ADGfBANl4/IbNDn6kU+c/7NoGGIo9c5AqAlGFKSaHkq
+y7AJdC55HqR03Y9604mB48cHwcHhpqjw6L3TF4/nv/CTYeUGw3ng1er3bxDdLdZJ
+A2ephKjF1uYYWsjmXWmAxLs1zasXC5QCTRKOWr3J/UN7f2jtTYfux5hmnh+73aQ7
+3khln5kT0s7AoWt9ML69TivVT1rdZnPDxyIBUBfmplrnHZobdpDNpapwuJxzFyQn
+QrFd/flMDvMaoTczflg0+koN4iEmOhPQpzcIDC9DikHSbryf9zcVl044qdUADI88
+saczJwKYSSKdtCAF7oldisvekfhZcERLkXLi6WrNGzI1YX4Qf6MhWyOvTs9danxR
+ukGQ8WOmb/TfQftwa/r5v9L122qJVZLjPAOPO9lGgUa/DydPYiABjOKVIfbo8u28
+KFDoP/BSAZ6ibH/2XmIfEPyf9Hr0BXDWgFiV0IbuPxE/TD6SCH0dnu/MOZiHC2Gh
+Tq14PMr/8+kmZkw0btc9/3rOsm/Phmf5BaqpQzp+KjQim7XYx2VwbJUyEXoAPNBY
+Vq8WstHlvZWe87WeMlCfjAxzP14BqqC6tCUEHi47dVoOEmC6QR3VxESWBPV6VE6j
+1vP4d9TFkamwfxQHFSdbverYgfxnWw5DcJGDaOc/BKmucFi7RwO7PImw5mYnPdSF
+Z8pTqupvQEz2ZL6gYBAHptwykG16VqNYI+4t65ZmVk2HW7Tw0/1BIR5qefjXL8BR
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8.pem
deleted file mode 100644
index 1865a68006..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8.pem
+++ /dev/null
@@ -1,175 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBFTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEtMCsGA1UEAxMkQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCfjlwgIWm+Taynv+38GP1Yf2hDPMT5pcsPYlRaeFeg7Tsr/GhTZQKB
-qfO7h8J6JjoKD1m1BTcrdiHbRBnn183kxyhljulJLu87gOUt6LlTGTBFeaUhNNxv
-wpzF5uQ7xQcChTE7GF4kxt/oyehJFi9TGtnjdjlSi3LXG/xfQn81GwIDAQABo3ww
-ejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUScn8
-twM8Z20KAJOp5NalHpIftREwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABV8
-zJCN9czUhadFLy10H1usL1xGEcB8SRR3Row0a+Zmj8T9Se71hTgW7LfXQj3bCDJV
-3AyAd+WA4N0y0+eSRWRGNAcMrOeqNp1/Ki6iGNYceZ41Goudsc34StO7symFfatg
-hTr8/7eU6NXu2o9cDREBOJujBK/Uy52E4rx/Faxk
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Basic Self-Issued CRL Signing Key EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
------BEGIN CERTIFICATE-----
-MIICqzCCAhSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt
-SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0
-MTkxNDU3MjBaMHIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj
-YXRlczFHMEUGA1UEAxM+SW52YWxpZCBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2ln
-bmluZyBLZXkgRUUgQ2VydGlmaWNhdGUgVGVzdDgwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAKvhIgfCe7osai3K6RoZSmpIrNAB/YJ7ImOrOZihxenRuEczoaGn
-0dC3ajSeX3sg2RIomf4JTDpzcBM2swr8JOcChUwnFzOZ/Fz6Q6OREST65hRxXECk
-GbkjgRrFnTgv3/s/v9Ilt/GbdIcgBxJ1797Fr+rOEDkwld4TGgIAIOO/AgMBAAGj
-azBpMB8GA1UdIwQYMBaAFA9yyjNDqcQRUatj2kSHD2Gk9L5HMB0GA1UdDgQWBBRx
-0uz3/5i8F8pGl1n7xes8mS3ymzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBABvl4GhXI+6jjTcXaeraQVtN
-9WsB0kIXPXptGui6yVAMTsB6MhCgqlhY3xihDUJIIXRy1oV4efSfFO7UbRWOoN5T
-MikwqCAVoLnl3KAZZ4qXuwi6+OIUSXx0m8CfPRNAYdEAHCHJT+KFR8wtY4eAgyVw
-ZVhFDwnSxbqX6ThJ5wdN
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
------BEGIN CERTIFICATE-----
-MIIDGTCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt
-SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0
-MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj
-YXRlczEtMCsGA1UEAxMkQmFzaWMgU2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5
-IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXGyrLR0BviK/81C9C/igI
-9zh+808dGICz2wS1Oh2CWCeYia4J/65Y7XBDRBW1TJbQLdrxt2289Lc/gc9+PW9j
-gwVpGRuYkFf+AwbMgLa1Ro5zqoIbD7WjTu7vgGdDvJmrSVLfSXavpeUBzp37Dsw6
-KzSHcBjPwGes7q3pjfhOMwIDAQABo4HyMIHvMB8GA1UdIwQYMBaAFEnJ/LcDPGdt
-CgCTqeTWpR6SH7URMB0GA1UdDgQWBBQPcsozQ6nEEVGrY9pEhw9hpPS+RzAOBgNV
-HQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGDBgNVHR8EfDB6
-MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm
-LUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJKoZIhvcNAQEFBQADgYEAjoyS
-h7zhrGkL40stundacKPqIEZ3HyWW0NQhD0wBhWslGAOvlCaf44kuTKggRY6r96sy
-4kWEjvfGu/r/dBgrFaCCGNv0ui5FfXu8WeZ4jvHg7wZbx5ATx5Jpumqbm0PcEYCr
-YnA6WBCstG0lohNV2ohM/wqRFmBB0WL1K+9IdfQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:0F:72:CA:33:43:A9:C4:11:51:AB:63:DA:44:87:0F:61:A4:F4:BE:47
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        5c:cd:8f:a3:3d:9e:64:f7:64:73:9c:2c:39:e2:e7:d7:0e:b8:
-        1c:3e:9b:1d:14:dc:98:c2:8e:5a:1f:e5:47:31:fd:7e:a7:d5:
-        9f:52:31:c8:10:f7:d0:a2:84:3f:77:c7:f1:ba:7e:24:62:ad:
-        05:ae:1c:7b:ff:f0:e2:ce:55:f5:27:d3:cc:24:7f:c8:1d:a6:
-        b8:ce:42:05:e1:06:ec:1f:87:4c:d5:69:8d:78:59:d2:33:94:
-        1c:3b:27:68:80:3d:6f:3d:a6:c7:9f:2b:39:9f:d7:c3:83:eb:
-        77:bd:cc:7f:96:b3:ad:24:68:99:d1:1a:bf:05:1c:8c:3e:2a:
-        02:f8
------BEGIN X509 CRL-----
-MIIBdTCB3wIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYtSXNzdWVk
-IENSTCBTaWduaW5nIEtleSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjAiMCACAQMXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0j
-BBgwFoAUD3LKM0OpxBFRq2PaRIcPYaT0vkcwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAXM2Poz2eZPdkc5wsOeLn1w64HD6bHRTcmMKOWh/lRzH9fqfVn1Ix
-yBD30KKEP3fH8bp+JGKtBa4ce//w4s5V9SfTzCR/yB2muM5CBeEG7B+HTNVpjXhZ
-0jOUHDsnaIA9bz2mx58rOZ/Xw4Prd73Mf5azrSRomdEavwUcjD4qAvg=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:49:C9:FC:B7:03:3C:67:6D:0A:00:93:A9:E4:D6:A5:1E:92:1F:B5:11
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0x.v.t.r0p1.0...U....US1.0...U.
-..Test Certificates1E0C..U...<Self-Issued Cert DP for Basic Self-Issued CRL Signing Key CA
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2e:12:1f:54:36:68:73:b2:5c:f6:11:48:f1:d6:7a:bf:ce:1d:
-        d9:21:7a:96:29:44:bc:83:26:d8:8c:f5:11:36:9a:f1:23:78:
-        57:00:8b:13:c6:74:57:4d:3d:ba:ee:d4:ac:d4:40:b1:d0:80:
-        91:f1:06:81:91:ba:a4:f8:1e:c7:6b:d6:20:3c:92:26:23:94:
-        80:33:df:c7:3b:ac:fc:94:ea:e8:3d:d0:37:c1:d5:e9:ba:53:
-        83:9e:26:ed:da:fb:10:0a:6e:d8:cd:d7:20:42:2c:d6:7d:18:
-        32:6b:75:2a:3c:51:03:dd:4d:a1:80:e6:d8:95:6a:2c:b0:b6:
-        72:31
------BEGIN X509 CRL-----
-MIIB2zCCAUQCAQEwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMS0wKwYDVQQDEyRCYXNpYyBTZWxmLUlzc3Vl
-ZCBDUkwgU2lnbmluZyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFqggbcwgbQwHwYDVR0jBBgwFoAUScn8twM8Z20KAJOp5NalHpIftREwCgYDVR0U
-BAMCAQEwgYQGA1UdHAEB/wR6MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0
-IERQIGZvciBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJ
-KoZIhvcNAQEFBQADgYEALhIfVDZoc7Jc9hFI8dZ6v84d2SF6lilEvIMm2Iz1ETaa
-8SN4VwCLE8Z0V009uu7UrNRAsdCAkfEGgZG6pPgex2vWIDySJiOUgDPfxzus/JTq
-6D3QN8HV6bpTg54m7dr7EApu2M3XIEIs1n0YMmt1KjxRA91NoYDm2JVqLLC2cjE=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.pem
new file mode 100644
index 0000000000..f615bcf744
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F4 66 4F DE C2 E1 DB FC FB 51 0B 82 61 B3 31 5C 81 09 D3 DD 
+    friendlyName: Invalid Basic Self-Issued CRL Signing Key Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Basic Self-Issued CRL Signing Key EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued CRL Signing Key CA
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEtMCsGA1UEAxMkQmFzaWMg
+U2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMB4XDTEwMDEwMTA4MzAwMFoX
+DTMwMTIzMTA4MzAwMFowdzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2Vy
+dGlmaWNhdGVzIDIwMTExRzBFBgNVBAMTPkludmFsaWQgQmFzaWMgU2VsZi1Jc3N1
+ZWQgQ1JMIFNpZ25pbmcgS2V5IEVFIENlcnRpZmljYXRlIFRlc3Q4MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAol4o/PaoUHfmfauJSNBudpqdHZMlL9Sy
+AWTgosb1N1sDIAswsQmo0kHLjxW1p1zcVljpQso+13cnjBtP+k6PGCmfQ7uAuRGb
+r4zljd0X5talJ+jaCcQrmoDDcl/aznqVQySJ1jLSuDKLqSEjvObatrLvyhrawMH6
+9oEuno612WHt2L0kxjDtrTqauVCkUDsbC40LK4Qc4UBponYRqgOedeFnGJSmt5WF
+SeLEELadfaxCSVeT+IEUFQ3HV6D3icKhRsS9YKneOnOUn7BvuTHFUEisz07Q7wJp
+3NatsukCsRMW0w7KJhzYh8QElm188tzJoScQR/ETIQw49tDBH1M1qwIDAQABo2sw
+aTAfBgNVHSMEGDAWgBQkwVVx+p7hIYUq8K1hpxW51U1DFzAdBgNVHQ4EFgQUaAjV
+TuVUjiYIJGsaF16hnMaOnu0wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAmAQkit0tiMpNN+36ZZKdZgJ4
+h4s5B/oh+1NS53RzqD2fSEcLuh2zaX5Lq4GJJ5q0KQTn4yhyLDZbXSGNnmR+T3vM
+b6cBIA173e2na7ZaYmNsdTLeSdX29QFxJvWGFeGrnpft1JW0uQStrRTaqu5WCCJF
+7tWCNs/Y4V6VmnjXKs54TophgffFFSizMHOq5eedZ0ZLDQCct36gPPHcF4MFdEDB
+kpatcioxP7NA+ANWxkkQ3bm469ivlolt6cM3qhVwaQdXgv1kPUNsgpe1rZi4n4pJ
+ldddkxuiu0SYBnxtAsutBl9tA0cfUrORcDyMOTJI51Ql1FKq4qVPHBCi/uDn/A==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F4 66 4F DE C2 E1 DB FC FB 51 0B 82 61 B3 31 5C 81 09 D3 DD 
+    friendlyName: Invalid Basic Self-Issued CRL Signing Key Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C9EEE21DB0A49417
+
+kjbZTeNlxh/qNwryOSveCeSjWhfJXP2/eMetmVAJ2roO5FIoy2WK8fqpsRu68rq2
+1UIwv3hl39NmfxIXzvX5s70HyzXzNLfm82ElvVKjrCzFS3b47pdcZQCczMYzz3ht
+2XDxqubJqaj8zIZxizdokvkg8656jRM78sr5vhxd59Wkp6VHwh/8Z1iYnx0RuRRd
+7K4GwkfbBqn4BMEvw5j40MSC//48hGDljNVwLNIcWPHybzGXHwjvwaynkqjYo9X4
+BuwlBZZdd4sPKUCaGmpz2gOTBOyPVuVJFKjCjZYAV333CQu0WBJu0r+BB96RJ7c4
+Hoby3fkmO/QlIYtCCWrHOCnulUTyP5HNWy7qN22Cs7XTaWFw0hAV3EmJ9xDdYyMp
+DoEoJAdu1npfDCw69qURfJqZdZWcRHV0IdEiW0lEDaXwarHO4465+rLQ6Cz+fXoq
+ThRxbMwqWC0xcaMvrzu4DmQ/0gaWxAOgBm6mhhcgVXEAs/gmytGwesTBWLFembLg
+DT8HEYuaP+JUzvblpPNqNsmDy7Awg8VFns6UmdN1/BPcjcN55Ex/S8HUi/6nrcTc
+EEEp36OKRG+MeYKLN6M5XKVFIyjpba/3uN4cftvcp93R4tPaopfOvZeVua5SVVch
+Q8pYrCwe6h6Cjo+SkYiIKsMZWN9azFaj5cHHDbqy8v9kXvVtnumAKJarb6l3ET9W
+R9IKboeoNWFxNdrJJ0nIwVW8bFdBGSNU3nRdunLcukvyNk9kKMNtKW31MmnDTPvX
+lyzE63H4U6HiXxYGF0Kkw9URCL42qkUumDgjQEOOCaVdA5/FfuhiPJH9m9cHVBO5
+ZivnvMw1SExTthqUgMZCWhRpTR+rvfnUi7OJ1bWcjcz7Ot0CkXrFkbqeOb4o1Zvf
+LKQxtD/rV+7A2hvjFvDvYG72txT7JSlpPmK3/70MVB21DVKQf1vLYeEV+Tc/9zPh
+UKezzpUhZVfn0EJXtxItuwT8ZR+LQdsZRTGFA1U/PjXDamBfmHFQCOkdFkAgnNLz
+ErRq13os5jChZ23citg5+cQnmlzgQXHMidyOylHqagohJ2ZVuo3hXna+dVD2yTTs
+UMPO4JJ6MLtsNbtFJ9wI8wpC9upnr0jIxVcPhzNi4uIi6B5qkQGcjSTFtqwHxll4
+n1WW4PKArth+v54FGI7BzROHzsU0rX2y8eZJSuWH/yLwFpj/osQtrdsYP0If+ZqN
+AHuf1LyFA+8XOGU1HAgxu5dVWdaqpIVib8BdkLBSMsvXtBY8vx16KIYyD5Wnrcds
+dj9fy1wgpBoalkOuDG4UXPf2tEZ58oM64fgho56z721RT5WKLqIMpvS7dclkzAs6
+IBCDrZwGWl5oEGmyqQAqBjSxrDUfzrwDS2y85ULfukqqw7rWdNH74jUvYsny1uq8
+FzGUbfLeDlyyGX0GIKilL5e1eNVoYgH66lYqDATpfwxWqV3Hx9eZviOUr4dYbI1J
+f8k3Y8x8Yz9ooAuWXJq0c46Zt5mOiSMpu457+fK6/AW1n313s15Dx6Lor8DgQLrv
+rR264AasTQDI2rZdYqrMRj2UTkE7sfpHK9kbGbnqInm/KWYUXKALuph4ZACiQj+T
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5.pem
deleted file mode 100644
index 51a795fa99..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5.pem
+++ /dev/null
@@ -1,175 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBFDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgT2xkIEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-q8Gbt04t1VYDzow3lv3G+lNNQ/gCP0fz7/PBxNPzAwluA2Qzeix8gg74cXMpRe8u
-PosT3EZZ9iK1PyFmcNq+CjzCuvi8d+1gaGS36wkcQBB6g7HiKRQ8ERQ4cEE6CH21
-ntbFzVbn3d+NofzVo6e1AIdHDNPm7G0+F6f034Lo508CAwEAAaN8MHowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPqiarnu+k/Fcp11
-00t6bYzkXDkkMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBzQl++7X/MYd9h
-3E0XroNDuD8TflER0UTgWOwN5UO8BXz8j402hmhEPyw66u6R27V7U1/wf8wtCAli
-W7LnTcJKWFy9HKnpibiz50ike8zgsVmv1godVgDn/xvQPRAnWq+OX9Abc+6OTqiw
-aDNRQp2WD1ph+daLu1XQgeAoD4Gajw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Basic Self-Issued New With Old EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
------BEGIN CERTIFICATE-----
-MIICoDCCAgmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBvMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRDBC
-BgNVBAMTO0ludmFsaWQgQmFzaWMgU2VsZi1Jc3N1ZWQgTmV3IFdpdGggT2xkIEVF
-IENlcnRpZmljYXRlIFRlc3Q1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCT
-jnQuWQQfSAPHMxbQs5/JPin7talEYrAwqnyOVuFLu5omsqP9HAX7nkKxNRfOUlP6
-af7Ha9u8C+frLG5WwPmnf9XYIBaisUdEiga8saNMEGChSlZmaPoLD/LTNlCcwCEt
-HaHuhAAN62AgP9WMXsrfctRTccjIaQVsJnnTOCUAqwIDAQABo2swaTAfBgNVHSME
-GDAWgBT6omq57vpPxXKdddNLem2M5Fw5JDAdBgNVHQ4EFgQUUw9DlHqj5ferws7b
-XdljGKM4E7cwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATANBgkqhkiG9w0BAQUFAAOBgQAzzPXRKubQgAmne7+Rqggy+8Ezi3Q7+1cNjILV
-wVSnnVggqbd6C/cOV9P4aw1ljohm6fH5IXxfCpP1UqahccTT/m0482gfIxmCobF4
-MBi/cq6qlhQQIjBxGRkyysQIb911FCME2mVUlLQJbjkgpzl6oMu0M2Lt8m8ypgVf
-YqDhRA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
------BEGIN CERTIFICATE-----
-MIIDETCCAnqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj
-BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBLZXkgQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBALQ4a61C9wpu5W0cACccONm+QLNESmbHtLwy498fByU6
-h5UnHkutUfy7DbIv3rELFXUd2yM5xQI/QuQZ20EjXOZiCSJEcvzfoAyFLrAPf1pN
-xQybX5HhLnJK+oGlwmD4ZatL7oDqV5IhlIS0So7g+SBOCh5lkKdzbH3l6D7nQXSD
-AgMBAAGjgfowgfcwHwYDVR0jBBgwFoAU+qJque76T8VynXXTS3ptjORcOSQwHQYD
-VR0OBBYEFBu6jCGHcwcFmPrrudlvQaRF1YbqMA4GA1UdDwEB/wQEAwIBBjAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDBy
-MHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm
-LUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAHDVnYLXKN//Mu1w
-BZS8DbfQ8p/DlXZ0n9EmdXRzoHXReDWeOaoiHU1H1HNJcLMe4YgEjsttTEBGfsZo
-OvyNNUZ7C/oQymaDykP9W/m1TX3ZVLmx96zj36gCkVPczoG78kQ5zVjoLl5G5BJQ
-4YX3NumsNd2WpHY34K21Cd/KJ5KJ
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:1B:BA:8C:21:87:73:07:05:98:FA:EB:B9:D9:6F:41:A4:45:D5:86:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        62:de:93:8c:36:dd:b2:71:56:bb:4e:e4:32:37:51:de:6e:19:
-        01:dd:3e:25:8c:d4:81:7e:fc:66:54:74:0d:32:30:d2:11:49:
-        dc:ad:6a:b4:fc:8f:ec:e6:56:fe:e6:ec:53:9e:41:66:31:2c:
-        ee:3a:be:bd:74:34:9b:71:c1:67:1d:3b:28:04:b9:85:e5:72:
-        cd:f0:2b:a7:d9:d5:e3:43:25:4a:52:2e:79:24:52:cf:75:e1:
-        3c:35:82:d1:5d:1e:f6:05:8b:45:24:67:ed:84:9f:c7:8d:c0:
-        19:55:5e:52:76:3e:2f:f4:af:13:ae:d8:24:a3:17:68:5d:b5:
-        45:74
------BEGIN X509 CRL-----
-MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk
-IE9sZCBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEE
-Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFBu6
-jCGHcwcFmPrrudlvQaRF1YbqMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AGLek4w23bJxVrtO5DI3Ud5uGQHdPiWM1IF+/GZUdA0yMNIRSdytarT8j+zmVv7m
-7FOeQWYxLO46vr10NJtxwWcdOygEuYXlcs3wK6fZ1eNDJUpSLnkkUs914Tw1gtFd
-HvYFi0UkZ+2En8eNwBlVXlJ2Pi/0rxOu2CSjF2hdtUV0
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FA:A2:6A:B9:EE:FA:4F:C5:72:9D:75:D3:4B:7A:6D:8C:E4:5C:39:24
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0p.n.l.j0h1.0...U....US1.0...U.
-..Test Certificates1=0;..U...4Self-Issued Cert DP for Basic Self-Issued Old Key CA
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:6b:ec:1f:5b:3d:31:1c:fe:c6:40:ca:e3:c5:52:30:a0:9a:
-        55:ee:f8:c3:bd:cd:b1:45:d0:7f:44:f6:42:1c:0f:b9:df:8f:
-        4d:25:0b:ba:5b:bd:0c:68:c2:ce:b0:c4:17:e7:be:81:de:73:
-        55:5c:6b:d6:3d:e5:e2:18:31:d7:5f:6e:1d:4b:0b:31:cd:44:
-        fe:29:d5:27:77:f5:83:bc:ee:3f:46:31:d5:66:5a:a1:9b:1f:
-        16:d0:8c:ef:ae:bb:36:75:a4:b3:62:be:16:cd:de:b8:90:bd:
-        5f:26:1f:a7:d8:1e:59:ce:27:af:ee:ab:de:9d:1d:66:ef:9e:
-        49:cb
------BEGIN X509 CRL-----
-MIIByjCCATMCAQEwDQYJKoZIhvcNAQEFBQAwUDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSUwIwYDVQQDExxCYXNpYyBTZWxmLUlzc3Vl
-ZCBPbGQgS2V5IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIGuMIGr
-MB8GA1UdIwQYMBaAFPqiarnu+k/Fcp1100t6bYzkXDkkMAoGA1UdFAQDAgEBMHwG
-A1UdHAEB/wRyMHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg
-Q2VydGlmaWNhdGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBC
-YXNpYyBTZWxmLUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAIxr
-7B9bPTEc/sZAyuPFUjCgmlXu+MO9zbFF0H9E9kIcD7nfj00lC7pbvQxows6wxBfn
-voHec1Vca9Y95eIYMddfbh1LCzHNRP4p1Sd39YO87j9GMdVmWqGbHxbQjO+uuzZ1
-pLNivhbN3riQvV8mH6fYHlnOJ6/uq96dHWbvnknL
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5EE.pem
new file mode 100644
index 0000000000..b517fee0c2
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedNewWithOldTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E0 6A 28 AF FC A8 53 FD 75 C8 02 E3 3A 5D BD AE F4 8C EA 46 
+    friendlyName: Invalid Basic Self-Issued New With Old Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Basic Self-Issued New With Old EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued Old Key CA
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIBBDANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgT2xkIEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUQwQgYDVQQDEztJbnZhbGlkIEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBX
+aXRoIE9sZCBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAKdBgafx2op0ilCfXFnMomtQos2eWUOojL0pa0weh+1coc/s
+JP0Bi4a/lqr4zKPuomUMUG9rjaA+PW85qbCBh3I7MliOmaEfIrbjrBjXv5xOv7PL
+IJSUAYCfCsvLtm2djtMOxfSiOFCqCcP0wBUI7lKRAvFvodF+cNs6h8Uyb7Q29DgS
+W9Qz6oAXIXLCkLGbIE1aPqwja7bznjJOd7YcpH7muDaVIripW2INqJViDvHDPXnA
+29KTjY4i5sre9W/k9iudexcHircRRdLDCeSjccmhR0ogzZEeVctQ32icG2+Yl4ak
+PgqCrMwCVOXomDyVYakR9eo9vLC39EUNssATgtECAwEAAaNrMGkwHwYDVR0jBBgw
+FoAU3Q11jVNoEsTLFUDAFIYUFjChvq8wHQYDVR0OBBYEFLQGHiravKZOSLcCXHIN
+6rlg79jcMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DQYJKoZIhvcNAQELBQADggEBAHlrlGfh2haGDB2u/qW9ngyAyYIMXbEOf9548qyp
+yNLIu5SKP4oMnhJoMQ4sG2rxAtABo9UjGv+yOLAGOZQlP8n1dPc3n09i5QFroAnQ
+mV2SwHnalmq2IIxhsvs1TcLDLwIV3bOikZq4U8rFdly/Qh9j3VcJvmJdBhP+0roW
+XDyLIfqQdAeTtxszKdDSTatd2uKyGh/Sef2Z6A2T2s7Yn8txRWHPIj0QeTaE49r9
+TQVjJZ3lLD4O2f0qXFbvYWy2x19LizWWkNR+79Xivfo1lSxp2D32gwd0HFvpqVHp
+RyA9g3kOvZuzTe3J5n50iTH4fxWotF1tNnmuwZFHC1qs+q8=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E0 6A 28 AF FC A8 53 FD 75 C8 02 E3 3A 5D BD AE F4 8C EA 46 
+    friendlyName: Invalid Basic Self-Issued New With Old Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C00A44F6FBA277D7
+
+OWjEf2A/4WUr/ODkDuwfwtuhFPz1X11cB7hYcaiY54tjOo8QdWjFHI77buK+Q46m
+fL7Mq/GE3KINNNIxCMNN9HLMBNG+g2724TCsJZq+misTQiVx1FWk+rtKs5W/HIrD
+PfJ8youcyd9Ngw1BWDZ6QWuBcsu/MmCBZxA/vUyplhOac4MZH6Gorkb3yBZiWrCj
+xbq02XsImhif45rOjtJ4yHVJEpBLSasjbO+lMB4sQ1ihHU7pZIWrd5epVKSLXkRU
+355xjT2Nsw9UY5KSN258FgEHzQq7G/sUGXw8vp7S2rT/P/3iJr+Q72AZKsKT9yBG
+OGNBEfGy/CsptoKU1sOlbpVZml8vV30pM1SMPAvyqau4Chj3K2Sj+DT0CcRgqAjC
+JW3NHqZpTR0A4I77unNOfT0LWwCAAQNxcC+RjjN7ZHL8F1PzIB/9JzCey8sXYgHf
+X97E8lAH905xdfhyBg+R5CsLRL62KCdebu5wJj8993jNCIQKuHlLqnUXdOFS0s/C
+KjHYgL3aMDIf36QxCk0Fsmdqhxp7DdRihw0Kv00IhrRZHKW+7bMrR1I+9kh3L6sB
+zrjWGNXFbIkB6/ZuW4t4l3mc6pOLfFS0yuRxfZbEVCKO9bjoASTfImELoeeHj7qA
+n50NFidOD9AKn220BrDgnH/9vuDp8bRrEQTLNpncVyp2gv47REosIDfn+0AdxcrD
+JUB8gzN1lvqQl5Sns17zTl/74kkxW0B020ih7acF0d38DnDkiVGUrZd3OcabpKxd
+axZ1WxY9ZhNxr7+Nz774twnL4NRX9RVy9Ofw9XQMqA4yl3nYrl/tD3PE4DvDivSg
+o/HpfldrBnYVfS1Ts7HdhidXqm5EW0sFYNXysOnDHiqM7YSaya2xFPI+37jhMOlL
+Nn3WrKEfPUXlBhkEVNNPC+1ANpLoGgf6hEwHbjho/znOzPWAlWITqtaiZoL82gZD
+zGox5aBSOfdkRX+tFSn+wOD4QkH0YUr7jUtLROIAPUUCs+OWCwdwc05fTmaz9vi3
+r3WeU329HUtl/NUOgxidZSMDw9+HHKLzRfRASEmK7qvy/FEL7zC2mAiThv+90Tct
+37KnfMifUcsRyORjontpmmor5Y5agaE2h3CnPQpxKKs7SyrUGAhpHJ7zzd+Q1HXY
+Ya7JGduB7T83EJv2mRpNQxJ5kXcIk3RBEhwVUjVVtqK+FP+/ZZL14VaNbxgps2j4
+LakQAZG2WOi/wv46fVrS63seYG8yu1/c2D21jfRT6kK8+Qs6V/zaXbuDxhd7TsMy
+T/khtdChhr1kt8Rz7XNbc2H4DREeKTqwhpVFG+o73ySfALgO0ECVMBS8POhytBqf
+URP5GUQwGDqDwBKvS7JotpJSkrCApAesduv/7Vq5I/+7B2HUiYt5RLVUYL4tgYdo
+gtPKrerlGu+zXJ672z2kmKg5LVWd2zsw96efGgFop5s129BpCzY+d5axCP0Y/oCj
+Jpas8ODtvadh611R2YqNOcgKcTH7lhTEOGc9IzKI0rf2pFL1eUvDOwe8Edwldn0M
+EgZAf9jZm8yVb+AdTBfhiusnDtftQge5PXiJQFnpujVe8LNy4SWPJjBxhbidx54/
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2.pem
deleted file mode 100644
index e0924953b8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2.pem
+++ /dev/null
@@ -1,134 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBEzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgTmV3IEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-tCkygqcMEOy3i8p6ZV3685us1lOugSU4pUMRJNRH/lV2ykesk+JRcQy1s7WS12j9
-GCnSJ919/TgeKLmV3ps1fC1B8HziC0mzBAr+7f5LkJqSf0kS0kfpyLOoO8VSJCip
-/8uENkSkpvX+Lak96OKzhtyvi4KpUdQKfwpg6xUqakECAwEAAaN8MHowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFK+5+R3CRRjMuCHi
-p0e8Sb0ZtXgoMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCuRBfDy2gSPp2k
-ZR7OAvt+xDx4toJ9ImImUvJ94AOLd6Uxsi2dvQT5HLrIBrTYsSfQj1pA50XY2F7k
-3eM/+JhYCcyZD9XtAslpOkjwACPJnODFAY8PWC00CcOxGb6q+S/VkrCwvlBeMjev
-IH4bHvAymWsZndBZhcG8gBmDrZMwhQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE5ldyBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj
-BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBLZXkgQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBANa7RRhusOV0Ub10qBKMsUMG7QViaonYz0IcJLX0FKEI
-EpTq0SV6NeVjjzmcrSrzjHQfJpkywOHRiMw7XvYunmzlwGSoD6TW1ZUYVDaQbKUT
-oWooVoCzVstf6AsZiJiHQtBt4x4OHap7QRcJdlh7aPhp6TR+zq8gB1HsG8yUlG0x
-AgMBAAGjfDB6MB8GA1UdIwQYMBaAFK+5+R3CRRjMuCHip0e8Sb0ZtXgoMB0GA1Ud
-DgQWBBTJW9PRvwbxAcF5XLtzDY1MRsst2TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF
-BQADgYEAhIZ09WrNK3jX+b8HugQygNCBEVVfX7TOCCFkmRaxp4R/QBHWvcts0YQT
-6M5ZC6b877id6zRYegHadKekVVqwFbLKEO0MnpD2yGhGgDpbil2HlEaQ9yKQXpGF
-CBx05/e7jkNhk/zGDsBqmNzkozrJOYBohkwUOjVFkAuLyovPhTY=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Basic Self-Issued Old With New EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
------BEGIN CERTIFICATE-----
-MIICoDCCAgmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE5ldyBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBvMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRDBC
-BgNVBAMTO0ludmFsaWQgQmFzaWMgU2VsZi1Jc3N1ZWQgT2xkIFdpdGggTmV3IEVF
-IENlcnRpZmljYXRlIFRlc3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv
-b2Xj8btEB2QsPM7mVVrsnON6Aw/LdDQc2nszxDNBn133XQWeVkHORkod3p9DEg4i
-TEdCG+rweF78vMSAhWAucXcFC59NAjUgxMiaIneUK2lKDW3afmmLHzV3nHjlNkj2
-DN/BvUmo3Pp2lhrmdTY1WFfvQdueeiZKbCB5dor8+QIDAQABo2swaTAfBgNVHSME
-GDAWgBTJW9PRvwbxAcF5XLtzDY1MRsst2TAdBgNVHQ4EFgQUJuUNG88pizoZguKT
-iPPiMZLmggYwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATANBgkqhkiG9w0BAQUFAAOBgQDGIVBl9ctXIMIN1Zy2QYgGnP8POYBiHPRkHZwT
-IGhox7QsinsIS/Lc83H8Y4OeUaJWrGGL2HkSTR/eQgSFGwf2u297IhHOwtutllNJ
-MvzlnvuG6uNAfRCuJftf8hSU3ouJoVVCi9CuCg1IhW6Eg61/oFIqZW33Jr6EvI8R
-WDDSrQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AF:B9:F9:1D:C2:45:18:CC:B8:21:E2:A7:47:BC:49:BD:19:B5:78:28
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        73:fe:c5:db:86:ee:6b:0e:f8:68:85:d2:0d:c1:44:01:d1:33:
-        5d:9a:42:14:a7:a9:20:bd:38:30:c1:f1:3e:c1:b8:d9:4c:ba:
-        fd:3d:7c:a9:66:5f:94:fa:46:e8:23:94:4e:8d:09:1c:45:6b:
-        21:ce:b5:cf:3f:e6:18:33:d0:ac:a6:ea:c5:f9:32:6e:75:31:
-        79:6b:1a:8e:50:05:86:89:f9:f3:e9:8f:67:e7:93:b7:d3:05:
-        b0:9f:2c:97:9c:b7:7e:01:7e:c6:5e:f8:72:4d:11:6b:9d:30:
-        f2:69:df:68:5d:aa:a0:84:f1:07:68:15:fd:93:f6:14:a1:f9:
-        90:ce
------BEGIN X509 CRL-----
-MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk
-IE5ldyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgED
-Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFK+5
-+R3CRRjMuCHip0e8Sb0ZtXgoMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AHP+xduG7msO+GiF0g3BRAHRM12aQhSnqSC9ODDB8T7BuNlMuv09fKlmX5T6Rugj
-lE6NCRxFayHOtc8/5hgz0Kym6sX5Mm51MXlrGo5QBYaJ+fPpj2fnk7fTBbCfLJec
-t34BfsZe+HJNEWudMPJp32hdqqCE8QdoFf2T9hSh+ZDO
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2EE.pem
new file mode 100644
index 0000000000..add056fc3c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidBasicSelfIssuedOldWithNewTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 93 4A 83 29 A5 7E 8E 01 5A 7D 6E 64 BB BC 80 08 D1 AD EC 46 
+    friendlyName: Invalid Basic Self-Issued Old With New Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Basic Self-Issued Old With New EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued New Key CA
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIBAzANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgTmV3IEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUQwQgYDVQQDEztJbnZhbGlkIEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBX
+aXRoIE5ldyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAONFtaBbEeY/tf224reAYPfWB1koSJrZRslSjHqNiok5MQ1J
+d8kfXe8BJafeKWnWfmwg4aoVR82DdeUlRjZwiypHduV85fP4Vt/BYAmlM3xZB9bX
+Pz0H4Frzk7//+RXs5TOhdpgVoCD6GmVvx/leAjdcPXbFoM+QmDa7ZZ9ef6Cdy71d
+4Wed7Ps/2NlGda2fBbVAeVE1RVNAeEEzu/6y431aoCaIZgNRMKqu6AhieUV9Ivzr
+Z4pdThxoR+nLSATSD2/hT+OENQuU58KeluxHOSSrNdcikbLU2dg7ZEeAh0lt8kJr
+IVmHxiXAB4ijXHjsExkbOrXtztcaZR89K/cko1kCAwEAAaNrMGkwHwYDVR0jBBgw
+FoAUdnzYZAQ0CU/fcSF0DwwWmzaogtcwHQYDVR0OBBYEFGCc3XbGoH8/97MyHZJe
+FFeD8q91MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DQYJKoZIhvcNAQELBQADggEBADwA+jd4g5vKoR+8C1UXnL8eCHaiO3TNCL58JLqe
+BAErAUSEzOtdZ7g4eefuWwOGiLy0gP8CmnZ8F0g9urAVT18h8VmbnT+h9sfUI/6V
+bcTourPNHdB3YzcwC9rX/wx3DK14NNIMPMM8vwLaroGNYvVZjyTWkIQGmDlZqC32
+ibV4zFYTaw+MuqcqmKC2IrUXQoNLE/aQzEKZk4rSs6o0l/0ikDrsQUgvJMf1DBVV
+cae81wsyvqyg+mbm+lBXnE8D3lfuQHZisx9zxCMmk/VHCtHG8FBZtyvuobSpfMKq
+uUwnwRtDO35UgLdA5/SGtuSvGrMUyjUTH/PK+VySElBtA14=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 93 4A 83 29 A5 7E 8E 01 5A 7D 6E 64 BB BC 80 08 D1 AD EC 46 
+    friendlyName: Invalid Basic Self-Issued Old With New Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2767B788F932E013
+
+xnFbMzgh5RkhuVCWZqr0bLQ7assqqQTViX9rNT41QM6gCGKywyGn14fB6i6fSRe6
+xeRXske/LUmJO8Vi8hcCANGj6Bb3WUBqxfGO2LX2q+pBvqh9qztx51/7uF0x7A/p
+w/1M4eIVltBJl3gpDzc78ISRUIb6KRAQswcNSOhvavlE+e3VbJ3iFP5c5hLvTBC6
+ogT8GcjpvQIMWHyDIZIXJuZyMojWhuddQxGplB4korkB4cSRcM0uleTSkyVFyjgA
+n/wm0k5juurwdhXP89Gp0TtiC3eL4+b7ygwFZpND81eFptXzwNCE1cLZX38ubFcU
+jY0cqufvpvCcU2afW01OtFObc+3RXPAjSz3anaX6Hu4etKZAjGw9fiqRcqdNTYE7
+GEzWqfCIAG/7mE/lcNT9HVJtolLQhjcl+LoYrWc5IWSuoJauZ7gs6/ENM6PPeU+h
+nktNe+J8flQLiPufJDdsbICYIBYyA+rBJWRyHAxb7WBrNFuFfrkLEKRAj39YlbzP
+ryQ92uXCLGWcp/d6uKYNuegjw12mxnP3yb+6ngUYQkoeZNXLRAEyWb5nO/iZQiNO
+RwDyFBmmJTFnO+dSoKE1Mf4EyppwrHoi/dITvqu55bOohIHQ4+XaX2we+G5CQzb/
+QiTreQudv57y1tH9alx9Hw6WdW225TpDDCNG/PI8OpQZLpK6duUoEN8I1tG8kTq7
+kJwOS9x8QymT0gIUQ5zOCH0SWHodM3+JdukocKds+J6St0YmCIjFpKNeMAEpg7VX
+oVjEWCEOHaDuViRerXiEkPzZGh0/BLqjiBeyTogXfjvN31hZAyxmDxst1MlwhiAz
+H8KIDqPZmDSxUHAYouulA0grrpA77OJFGXgINXxi5OtkEywe/6fmy0gWg+U/o9nK
+ctkURuXfJej398hjRI7Z2/gN5vM5GeDPMJBIp8sQrbZqueXXuyyXSbBV9X7I05WS
+m09jBpflDoRZANx5CLz3o+EXA1pb3carkCipakcHVunCCjT6RZv043leZVymREd0
+WmHngxm+gDreNJPzcxWpbj3lRsrq9lzZZHQRYosyga1fLOK9966G9AwJnClaI5EV
+Gp/fMMkBQS5n6s4k9uwX3m95PLkypG2gK7vyXmsdQGMx8RSeJT4gx/l3zoOibn61
+EONf9A7geaApsEDDoxS9i1m2N7dUbv73E0IUT4W5qSBidNCj+PniWB2ostRiH80d
+6r0GkvboaAMxfKTYatdo2ZURmFC0P1JNmM9tCuhhxBkQ3RGgnqgUcKE8vFV/S0Aw
+nBqatpC+r1KpmoMG7AzunAeA7nZJXkBbq8lGEcArKiEvxo4brDM+OnxE3o3Kn8/W
+mmpOwuaUTfNbGgAvwLYf18ltCqXHRwqm74T/o1pl9Ax8UoHVR2n3rn6ivs7idtDQ
+d4aEfaLer3trPOZ2Ljesend2A7P6mqvEAnF5bSebx+VE8HgxrEpnPUBKmx7DtIVO
+PGTedGW+Y8MOLBhtKQEcM4240pBCDSda9E3LkB7kAtGiwf9ncvRKlxRSwj5uhKSt
+QX5nyHBLdRv/woaLUhTJrPQu7WbIlHYBgjCDGvHmi5TCR3fXZqJqkg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2.pem
deleted file mode 100644
index 520f583902..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid CA Signature Test2
-issuer=/C=US/O=Test Certificates/CN=Bad Signed CA
------BEGIN CERTIFICATE-----
-MIICcDCCAdmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDUJhZCBTaWduZWQg
-Q0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGkludmFsaWQg
-Q0EgU2lnbmF0dXJlIFRlc3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw
-QAB1tOhQDQfPXGHNyIA/wyXWG+GAx10kyG++1vTg81Le2VcCJjiZqVFLmLfBA9n1
-cD4b9zSs2MrdUpnwVRWbHmeVYLW558PktB5UwAoEPQuV73PuRiN3GQQULGgh2AlF
-k8PciufvFGkmYEco5d8AEM9Gv3QIgOKEraQME0I/NQIDAQABo2swaTAfBgNVHSME
-GDAWgBRCG2+XCyN5H8EIV546pgqckIgf2DAdBgNVHQ4EFgQUfIdcwY2/jxziMCvk
-H33rpDMUuV4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATANBgkqhkiG9w0BAQUFAAOBgQBgBJI+iPa3EWEHQqZr88JOAiU+tMO54vqLZ56J
-visDO48tZuOHCSkrqHvBzsabiTuHjDvcHtivavtV43IyHAnyrajntNrs4lPBJlr3
-XvTn5qVlsmuNGJqUrbxiyeNH/y1OB1Embx/RaoSOy0ffruRpL5PXyFvhn9z30I8f
-2zkCOA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Bad Signed CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICczCCAdygAwIBAgIBAzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEExCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEWMBQGA1UEAxMNQmFkIFNpZ25l
-ZCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA16COIB4MAs+kpSoCuSHv
-grtYTFABazGQDi3rvkQzAbL4QlKE64PAaeN4S3E9A1wg7uWYiru7ZM2D4k6grNKR
-3QGx9APutE7yZHZt8Wd2upDOP62BTYHPrP7hWBSDWBmOKi367A3eviObljIH6BeF
-EY6XcgDZg3o5AisPFzKK/pECAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6
-ng2wPOqavIf/SeowHQYDVR0OBBYEFEIbb5cLI3kfwQhXnjqmCpyQiB/YMA4GA1Ud
-DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw
-AwEB/zANBgkqhkiG9w0BAQUFAAOBgQASa6C+NTUfhhObLuxx8/8DFxAuEv5l+BQV
-S7NV/MAZBPHBSw89ffEPEfbxBTcBYRI+UP59a/zHrzscTSqri7WoTEy/8tKIegHd
-QDjTSXNL6oYGiQXDJY/r2kQB2mArrcL+KzKkC++gNgrdoJlpk6+4lfaBLiETQNtD
-RBJVYzR5MA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Bad Signed CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:42:1B:6F:97:0B:23:79:1F:C1:08:57:9E:3A:A6:0A:9C:90:88:1F:D8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        11:91:7d:19:a5:03:4e:a7:f1:1f:18:62:94:fa:97:a0:46:41:
-        96:31:95:19:49:79:a9:e5:f1:84:aa:c8:dc:c8:7f:92:07:e4:
-        fc:66:96:9b:2e:8e:73:aa:ad:70:11:19:fd:8e:be:f2:74:3f:
-        79:02:5a:e6:2a:67:b4:46:d7:1d:8a:de:c8:d0:b7:cc:f6:85:
-        db:90:a6:46:9c:ad:23:09:47:aa:f0:44:45:63:f5:40:dd:fc:
-        75:bf:4b:85:2f:fa:74:09:f8:19:8f:29:97:92:ae:34:5c:6e:
-        6b:6b:40:74:51:58:26:df:95:b7:72:13:3d:b1:76:9a:0a:43:
-        37:31
------BEGIN X509 CRL-----
-MIIBOjCBpAIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDUJhZCBTaWduZWQgQ0EXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFEIbb5cL
-I3kfwQhXnjqmCpyQiB/YMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBABGR
-fRmlA06n8R8YYpT6l6BGQZYxlRlJeanl8YSqyNzIf5IH5PxmlpsujnOqrXARGf2O
-vvJ0P3kCWuYqZ7RG1x2K3sjQt8z2hduQpkacrSMJR6rwREVj9UDd/HW/S4Uv+nQJ
-+BmPKZeSrjRcbmtrQHRRWCbflbdyEz2xdpoKQzcx
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2EE.pem
new file mode 100644
index 0000000000..6bb7e343f8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCASignatureTest2EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 1D C0 51 02 E4 A0 E0 B0 BF 9D 2A F0 E7 6B 23 E0 39 16 90 FC 
+    friendlyName: Invalid CA Signature Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid CA Signature Test2
+issuer=/C=US/O=Test Certificates 2011/CN=Bad Signed CA
+-----BEGIN CERTIFICATE-----
+MIIDfzCCAmegAwIBAgIBATANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEWMBQGA1UEAxMNQmFkIFNp
+Z25lZCBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMFMxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSMwIQYDVQQD
+ExpJbnZhbGlkIENBIFNpZ25hdHVyZSBUZXN0MjCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJpto6V//mi4jC6Q4e/y1J79mi//TInYf0KaP3Aw5rsaMhC8
+IJbEAdkIhfj6Skvg6uPj6gJB0zsmN9Tf8NVArEfcRwjAq7IvvDtVrDz6I5Ie0bFD
+8MGkcdP0otJIpbTTHAcefxoqQQeTCt39X9viZokrLeBHWnB4L6zE4d05f/7Wh8ca
+KlDiKjRQl8aIqj8wPsu4MlVC4jnSYTQ6wEd6cA3gJRygcUWkaLaVleaV+PYyUqD7
+8X7p3+i16q1DzgtL9yXUP1b0rt48UWqfGBiIkTNUB0zN9heA7GyI/ilo1Ga8THpN
+pha2SLqNB1rMWl3T9fRTsu0HGKRHZobhzGi7zJsCAwEAAaNrMGkwHwYDVR0jBBgw
+FoAUe90QO0rgyN1EhU6IPFqLzZkik68wHQYDVR0OBBYEFK0h9T1WA6JYJDOopjeq
+QZiYko4FMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DQYJKoZIhvcNAQELBQADggEBAJKcaDXNDhjePhSydqe+QrUBUS0YNqamRezwkiQ/
+NoKO8CMTNvta/bbq/tIYarPtac6n4d0rTuHURuCSC1l6VsruAWsNgn6Ja+G3nqeV
+MP8WM5XYIToIPHy8OMzCXfu04IV2dAuaX4igWL3hn0PXrh7JnrTwfnK5ytSbzxbh
+IWcFLpSqxL0XzEAfJz24325SbAyXqvwx+McF5UU34JHgEUQcvTUTXjr2Xp1i5moV
+68a0CjqYABdZ2pDpHAWoFzvVrcv7o93Y+/DbR+5dVpuN2184q7cJcoez/c7aSp8W
+A7R6Ggi+lJEic2RkktRRZTjh0oMM0ndj5c9Ya7CGfEN3gEY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1D C0 51 02 E4 A0 E0 B0 BF 9D 2A F0 E7 6B 23 E0 39 16 90 FC 
+    friendlyName: Invalid CA Signature Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AB5FA72411EBEACC
+
+W5xxITU6f1vDKkdkfxFdGDxGjjQPgqDQzeqA7LqNAtn8uc814vH8D5HzzMTau2HX
+M/NMlo21ewfEUKlm7VFKu1GLnTKS1gOJ2KQTg6/IUTx+OPPN5AnwFZsnsJ2z1RqA
+M3VZQPEofeODlNBTxujCQr2TR+F2pQd/uZCuiiLtY/I4YjYMu9ueyycgyhh9Xu4r
+UKqaQD/JYtSkW+pQelS+pK1FoHn+5wOUXEO+02cAn+n9L8/1ztSZalEZcpmEZ60O
+tXNhIaPtAVlMKRh9LP2kD35deL6I7VDEeqLrz+4L150w9mCNFEYeiHrr9EszeGf0
+KAvej45ALQqZhVTPhP8ySZvUy0C7bVk+eY3XWZ9BIevmIhoruZNGFapoSSyDbp0j
+FBXptGYFi2FUKQClSUAg6YEoHV8Sh/r4vWJBdhWbaiGSl2umak4kTE15tUdv6QuJ
+qWcEQwgAEGhfjm+fCJ6Pf2KA6R1Ywe8TulmCtIjEPk6+jTQ4AXEqfw0gIvQ7STYj
+9kwTeYvtYODk7QHYBUEH30IQKTj/KhDq2Ld8/2V2GDPsj6zTzEM8PW6UHZj1Ngj6
+14qFEc21iDRKhAiRjQ6G40mZVtBdONL7HrG6CKrAfsniEMXrdmceRCI6/mWmVUNF
+WQzQUbMUtFj6h8aemQhUUR+AT1MgzKhNQwSNhKiIjmGRniLEaZ4CkAuZyQzwmr/x
+GckD0Nho39EhoTNGHl08gN6yQM/1mYf4lQg0w6DZN2hazEplBvnn87b0BT0/Gji1
+WfVGIsiYqnhtP9pC12TQbQnpg3ICxZBKLsrKxIdnMlwJRidKhsWzWRuDrwa9f4ox
+6ZAGYICdaaxur2xwWk3xQrzRgSJOqqFh99U5VGnASr76OoX58yLnF1UvB7nnhaKK
+GOKVhgRnIqB68Vr7FBAAy0qq6o2xQZD8djMsTHS0Oyl9bzy5Ov8eW1+1j0uREfsg
+Z3rGVxcnPdQSvbN42xHF2qJ4P9IrMZB8EDfVLcfuUKAb8VsT0eN6gR5OsWaOlHTu
+C+DHXaBgp7qeIFCDKZYdj1mOEhSoEVI7h4IYnrqlRAD7U3sYNNMaWLiZnu6n6Lk2
+ECLUomojHHljU4EoJYGVft4cDy5uijcZv25x60wJM+RnqYr6Xt0ckHWYLwyBp3kW
+YSlRJ7olV1mJqJp9FekUGcbR09KnOtksqLiaS2PSALTU527bFAVeHZCAPtk/7T/A
+I/Ek3TTaLSvj+3gA9u7Xdm82w/qxfn2H0snLaCyU8LDT5Y3JHD27gmCKBUqVAAHo
+qzSUOPr93j5LsXBRx7mcZPESjz3MmxZxYovo/OKtT2JDRGZgxU9BjYHpEW8jIdna
+qpXyvCLaz7zd4zSob530Wnhg21X5KKOhsatypGOkedBDBoGyMOOJyIycyhloHpCc
+GVti6QjBrx8tzYjJ8Zl6qmyn/NFftRK4S1+z7Hor68rPC/E5xgKWGXIR1BG5X7iw
+JTmzqVTLhdKDW5J2juyKMRh/AInLl4cH66R226yhzka4n9XR8uPGEfAsj/0RYkHK
+927AA61HiHcggeEhyHxxt7xxNQKCwJyy7XRWvHd+h8XVaCB3PDVdgQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5.pem
deleted file mode 100644
index db8f821780..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Bad notAfter Date CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBBTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0wMjAxMDExMjAxMDBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUQmFkIG5vdEFm
-dGVyIERhdGUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO8t6F1gCSiD
-eAh0EXEEP1RGW1G+zM3TmSeKbm0GLmH4SJp7HbsjBab4wtNEVlOrYMG5phm3dro3
-P6YEmVt0q2yzDo8OkpfbYwJEy6e/vdjF9itss2yajms7qA6xPbggpdYElK4y/1Ei
-o0+nUli6dZQpEz7/V5tSk8S3zvh+lJ+jAgMBAAGjfDB6MB8GA1UdIwQYMBaAFPts
-1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQtDCY+YSMuNxOnyukyqVHgELUF
-MjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
-EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMDkUbWtYhitXM+mGr3TBaTgM
-IlnMLUMsqxka0EQ7fiEaLtVsOD8CjMRKeNcWo6ZwVfJk7EDOnV4+E1TlAzNp1m9z
-rHB+fc97XJlIaQwOF1WMnjaZl96TO5Tb8FIaebsIeknz2m8IhfZ/EuWPfqs37ZxQ
-b0YPNilIGsUSrT3rTBk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid CA notAfter Date EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=Bad notAfter Date CA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFEJhZCBub3RBZnRl
-ciBEYXRlIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYTELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTYwNAYDVQQDEy1J
-bnZhbGlkIENBIG5vdEFmdGVyIERhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOhmxDd5kdaDqSlvran3+R64X7ilMaOb
-DINojoBxIW3XAxrXD3TFdV/twdn97GoxEkeh14g1W9IV7RTwfDoVf95tjNli7Zsg
-ye+NVj1gYVV+DdMpxy44biOW6s9l2wRqNqoeE1AFSj2su1PgamWIHiGo4BQkcE5F
-bMwHbJCR8znNAgMBAAGjazBpMB8GA1UdIwQYMBaAFC0MJj5hIy43E6fK6TKpUeAQ
-tQUyMB0GA1UdDgQWBBRsW4S+GLLshXYDAKY/yVcV2NlPtjAOBgNVHQ8BAf8EBAMC
-BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBANJW
-FdT2Ss72xFAtOuGm5EoRp7tP32SI2iyLmeLRi7YeIo/95FVK6xVzjZ8zT3pjyKvx
-7qe2O/cF9SyQssnebmTqLJQxCeWHWzt0BpbI4U9GZJF0vEeqTU/psLhr6p+20T6R
-XmeWECYyRGe0Wmndt5GJ74PBYrUjR5mtDojhKn/o
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Bad notAfter Date CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:2D:0C:26:3E:61:23:2E:37:13:A7:CA:E9:32:A9:51:E0:10:B5:05:32
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a6:dd:d9:bd:87:0d:1d:95:02:a5:1f:92:e9:dd:bc:1f:16:df:
-        b4:5d:31:d9:76:6f:06:90:cf:da:09:6e:f8:15:1e:bd:41:d6:
-        4f:a3:f4:78:a8:67:96:1d:ef:8a:c1:77:e8:b2:83:81:5e:d0:
-        f3:53:36:a8:78:39:d2:cf:eb:b7:57:e6:13:ac:33:87:9c:19:
-        64:08:a3:14:5d:71:79:b7:10:88:93:44:a5:32:79:85:fc:fa:
-        a5:a5:81:d6:99:60:2e:a5:2e:2e:6a:60:41:29:70:2a:27:b7:
-        9b:52:75:fd:9e:06:e2:80:f6:6e:0e:19:39:75:9e:a8:70:b3:
-        ca:d7
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFEJhZCBub3RBZnRlciBEYXRl
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBQtDCY+YSMuNxOnyukyqVHgELUFMjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQCm3dm9hw0dlQKlH5Lp3bwfFt+0XTHZdm8GkM/aCW74FR69QdZPo/R4qGeW
-He+KwXfosoOBXtDzUzaoeDnSz+u3V+YTrDOHnBlkCKMUXXF5txCIk0SlMnmF/Pql
-pYHWmWAupS4uamBBKXAqJ7ebUnX9ngbigPZuDhk5dZ6ocLPK1w==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5EE.pem
new file mode 100644
index 0000000000..3b3758fc03
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotAfterDateTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 71 89 00 06 55 9E 49 96 C1 F6 06 A4 66 6A 0E 6C AD 32 17 AD 
+    friendlyName: Invalid CA notAfter Date Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid CA notAfter Date EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=Bad notAfter Date CA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUQmFkIG5v
+dEFmdGVyIERhdGUgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBm
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE2
+MDQGA1UEAxMtSW52YWxpZCBDQSBub3RBZnRlciBEYXRlIEVFIENlcnRpZmljYXRl
+IFRlc3Q1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CcZ0DqE9Pw6
+P0I9jfc3becBcujw8y+uEiSGI2WWZvtY/5cEnif001zkbDJYCCXsaegUoJeh1/uv
+GL+wFCAw9ZKJ/po3NzuLSq9ER+jZrkjQeskhs1TWFVAL5Z1HphBRruutpMB31nhx
+P6MCP1ZS1wxbWwZRTtg2yINKqX2wRRGTIPB2dWa5Dlv0UL7DfypPfQsVoQF6XZ/7
+X6yWyYmRsiL9OJRh07ExsVAQFALZ/6tIXrWpgyQWRJInygoNwmkSTTc9gmetr53d
+5e0W/EPBSr8sCbmYpDI6MWJsyZvh16lAc3Zf6sx1PHJtaZ9tt6/WJ148aLV0ffUS
+gnvHrdBjjwIDAQABo2swaTAfBgNVHSMEGDAWgBQsDv337jzzpGbs5wWfiLPiz3RG
+2DAdBgNVHQ4EFgQUc086TbYTKqLTmNpBE0qlpFjKkKMwDgYDVR0PAQH/BAQDAgTw
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEANsYL
+aZkskh6vUFY0z42Z3HqV7ewk535l/Zcqytm9JFoUtt4tX11iVVLvzKRzE1xRZQrI
+1SIvfCSexc+vwMjw4bIRV8PSytQqXI6R27RERT5RLkpSBFfSXYJXrl6z4txFcEGD
+ed9220tfXUDOt5lZ/V9qlvOKInpq1gKj2C8mknHDYm6643I4Sefi+Mw5M3ohPfEs
+8y1AdEwow02R702NYa2dvBDu309BpjryhYrRxfXezN2l0Yc7z8Y2bISXclx3W2dh
+dqeABI571GE28EkfhPbRKuW+yQOUnjyMqvik6y5A7jtnFicTeoi/IIT8COWEg7gE
+/6N/kRUqqgeRucK71g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 71 89 00 06 55 9E 49 96 C1 F6 06 A4 66 6A 0E 6C AD 32 17 AD 
+    friendlyName: Invalid CA notAfter Date Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7AF8507B66BE68CC
+
+c+7/e3hmItJX4kdcx342E2hSdfXjFdUSN2T7OGDruPUtWjolA8t00FXibbhk4HFn
+J/PB5+gdQaouG63l9AIHGpSjIfc0djUVi+fr6ceQELkQ0JdsZvgPLD7OnRIN+GiH
+GGkiLschzGxHi/+GvhpACDSgPOhuOkO3aOaO3RfQxLmWNo2Ufpulh+pmii2mAcwz
+F9IblPWkFHj/86VQVxWC7OF/XnydfZA1QBTGOp8XCnmyUErrcXLqS9RsaTupxpzs
+MZINtHcluFL4jpoNDzkgmxts1zfqSRJAbcwzUd3OSPAYXHg5/NPt2PGRL+LL54YU
+D8yczY+FGwlVJcAJ6pVv2LJ+Qah7ynoo265+wtPX24WpdoecqPoBmYaIYQmnPAay
+CAn5Rgs3sjtfmb99/P3lOUsmguKbJCZFmnGEDzZHBlKDw2Q5EpyLGXV6khVsmaUC
+/+8BAeUkuHwA9tHYPHTFnlRSlN4eDVavE6dkOWXrgE8zkbMNTfxqi/UG0kdQR0RA
+P1ND+jLEwst5fauzSIIsTUwwB0M65fIdm5syQiLuyV7B5BwKshE4dbjFRSBMBWiC
+pyA+eEjuVwn9AoZLcnWyQ6nVtRIzx6YeP3B+SoeDpboTtXIlfIveO10bffctE2F9
+hsc9BXzWpjSvqF4uWM2dDnCTOhXDymOlynZQLphTChILPJihsdWtzIG6wtaJaZU1
+ucWncCwv+3nx8L5cH4PXHvn2gkCeHo/6E8maZwwVpfOWcc/azhS1F06jvIrN9DmZ
+wFBve3317ehzYAc4TpACqUqtI9oZusH84R2HBuATBBimzkBJjkMLGJy782MJQQf4
+P/uJJx5Ov2Op0YfSYrHxWlEqLnpKn4gLCzro7sjwbBp2rrZ96LL8qIxcOzisXz/t
+XYZiJS+PZsAsXHCBUf8UJ2Bb31Fl9HSKXqIUL22bOOtyZxyeZR57bZGmnsfYmjck
+GNPa8ZRupbYDCDiCPWA4cOiiSvqpPpr0ABYptZh2KkirQJ9kkU6CLnN7wjGCPJTd
+g89MxnUWF/FjdTcD8URi8oJ1EVMi28BqvYNLBtoG+oWCGZeejSPOJgbM4b+5gLBq
+AJqB54BUX8IoIW0So1AUwj1OhL5vsFYByNiPMe+suCLLi7KrljqROMWtavgEKxcE
+7VZEalyrUQ5kW5ctZ8TVjW58nRBgP1oQRaspqox5L6RxnGUpGlI4PU0/E/HAKcFm
+v0XMwoG2+03Sfa+H9gXjsjP2C5TR8RVb+AqsKKMH3FczH3h2mLVran/AQe72z8Gy
+h/LF4GtN/1W4tDWX9WqCpWzdhEt67mA1XjDtR3XmLjOYXnS1gcvcPDHVltfUNKYM
+MfjFepzaU57WmCy7o7LgwsP3qkhS5Cb8N37hyhCutyASsaQ2lM/AQu7SK2Lmwanr
+tGIt85QmIiSMuamLDz7RvnPQ+AaRwx7MRu9JMiA2ck1Saa2mdlHE8RDF7WylxSQ+
+91KDyN1ea+98COzfG40/jbIuw5uJyWV/SCsz/Z3WU18CKBdfRris+uRJRT99LIMb
+DkQPq+iK7PTI6bxDVCjUmXvv/Rmn8C0tnskXDMRP3zwVAewg4hjluwohXwUr5QOO
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1.pem
deleted file mode 100644
index 6a9d14d41f..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Bad notBefore Date CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw00NzAxMDExMjAxMDBaFw00OTAxMDExMjAxMDBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVQmFkIG5vdEJl
-Zm9yZSBEYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJp+RthgxM
-5Y+NQaGv+L8CNjnEejXyimG9JuXmo6Uc6ZjMhYgIlr3iAA+dcZRCJhsJxY7RXaS4
-q3rRLSR7ROQdjSDNbuGXRht0SGe3MlOoIJEqFVGWppp3BVY4GUwN/s5zmgj/vE+2
-eCwl96Fk8NWIm/qvugmG7+bvAy80zDvMLwIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUHnoz+COKGJwqbE84ItXL/Z2Q
-fVgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAJpC5ygICALpvY5i3Q5a3179
-Ao05EA6N8ZKZHoS49lok81lUMy/MLGY5zQlggicV916WyTdDd2CO8q/lSCMTRO3C
-CrsU9kd4w1V1J/OnfYDuHoRIH0hqowTdm6bEnyMhuq2YnRotAKhkX2g/ekDYuC9A
-Lo8Ispl3HslMbhf/mhGj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid CA notBefore Date EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Bad notBefore Date CA
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUJhZCBub3RCZWZv
-cmUgRGF0ZSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu
-SW52YWxpZCBDQSBub3RCZWZvcmUgRGF0ZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuT/PBuMdSN+JtQHVYA67GVmByJJV
-4dw76fphkGkaVX0EhLBs1ZK0jH4H+/rGlzrmDGTT5k2xwYc73ZJOkGDq+5EPnKy2
-0MMuiU34oORcfElE/rYu4tqGwh9aARFDBpjzBNqCNMTR6wD5uIJ1HpZI3KfyuP1b
-sX5KW83tw4qRbmsCAwEAAaNrMGkwHwYDVR0jBBgwFoAUHnoz+COKGJwqbE84ItXL
-/Z2QfVgwHQYDVR0OBBYEFGl/WT2zZWdmw1t+EsACdTdTWeWwMA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEA
-bf33IqIzT3eBs8IJCqw6hFy40WjrIDPUgfNMdPE02k+Z8/0y+QCczqm4PXynRsyk
-Zrn38tggQf2IVs/q+1IJsZS+3FWaj/iucO3twNWqPGqq60uc0xwpRhbIx1V8s1Dt
-1Jh1zD4+KU9o+ai5aN2ErGWfCjBpIlFhwI1XXT0NLKY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Bad notBefore Date CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:1E:7A:33:F8:23:8A:18:9C:2A:6C:4F:38:22:D5:CB:FD:9D:90:7D:58
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8a:4b:5c:e0:02:33:0e:3b:5e:59:a5:2d:7e:5c:16:2d:22:fc:
-        b4:11:aa:00:7f:9c:51:f3:38:85:a3:84:33:3e:68:e5:7a:0d:
-        d9:e1:c7:6a:f9:48:cc:f0:ee:0c:c8:15:b4:41:b7:a6:20:2a:
-        9d:68:8e:74:dd:b6:ee:eb:03:ae:fa:4d:50:c4:80:e7:7a:6a:
-        0a:0e:eb:64:ca:a5:a6:64:e4:98:96:75:f1:50:9f:c3:a6:c8:
-        b6:d5:b7:64:7b:8e:ce:40:f2:bc:13:1b:16:52:4a:e5:8b:22:
-        ae:9a:59:a9:e3:a7:44:0a:8f:92:b6:15:76:cc:25:f3:c7:a4:
-        1c:f0
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUJhZCBub3RCZWZvcmUgRGF0
-ZSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUHnoz+COKGJwqbE84ItXL/Z2QfVgwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAiktc4AIzDjteWaUtflwWLSL8tBGqAH+cUfM4haOEMz5o5XoN2eHHavlI
-zPDuDMgVtEG3piAqnWiOdN227usDrvpNUMSA53pqCg7rZMqlpmTkmJZ18VCfw6bI
-ttW3ZHuOzkDyvBMbFlJK5YsirppZqeOnRAqPkrYVdswl88ekHPA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1EE.pem
new file mode 100644
index 0000000000..832f36523f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidCAnotBeforeDateTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 85 27 76 BF 51 D8 74 A2 97 51 FD 88 33 89 7E E5 84 06 67 8A 
+    friendlyName: Invalid CA notBefore Date Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid CA notBefore Date EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Bad notBefore Date CA
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVQmFkIG5v
+dEJlZm9yZSBEYXRlIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NzA1BgNVBAMTLkludmFsaWQgQ0Egbm90QmVmb3JlIERhdGUgRUUgQ2VydGlmaWNh
+dGUgVGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8ENtBwoEZ
+CsDl8JmmxVIgE7Oxt2NxKj5KrXslioWozKJzjRKKK1N2jHF/RHEmzFYoolOnNMJJ
+gIFFYSeAeJshYirpGm9mI5xZ9l72ZfaxtA7SA8m2UhE78WwJJ+oa82CDIiqoOCEm
+26yEV1M8OgtFFu/g3by/PcknMXXLd3C7zYPynO/ExnHUfiPfTsorYCTEPqr/p7Ds
+yGjTRwdNbF9diPObop4B29TZanZ3gYOVBOTn9N0k1oy2eLF12W9W5CwY+FgywI4R
+ZMYQHNK3XNde4KuBoUxgXdAGUBzL/Puz2LY3Vd+2AjNS/hl3i76SKKwK9VrbUkXl
+v0EVWvc00ZDJAgMBAAGjazBpMB8GA1UdIwQYMBaAFGM+vBqe+6HyWaEvS5X+5t5W
+uIZAMB0GA1UdDgQWBBSp+Lh7Vm9xnfn/IdnPPSVIJfemjTAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBK
+OJZjmGp4sWnBQ541UKsMzBO4X8+YGKPA8tGpC/ZjLPG/G7zwq9IUaKekb6KZ3Q17
+KeX8YwORze2nSsMzAkED+rJKa8Bgx7+OFBU10b5qTdVc0Ac9PCDhhq9CGa/sj/yv
+ggEXLKq3f2BRnDLKdWO20hR2+FkOrmqtDx4q7wZQDtspGFl20AigOV83joWKHPcB
+DtjS5/N8zxeOzciNMHhxy1Sv6A9RCUw95ujhrs7c6WM7yXqWbsWhF2sT2856/FIH
+m+Hl4rSmu2MMsrZbcWSbga3AbanFdDX2wsccdmsqAPBzYGpJbTdR/s5HXnPei4fw
+PY7kH4Kc9zHuOqFxkL6k
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 85 27 76 BF 51 D8 74 A2 97 51 FD 88 33 89 7E E5 84 06 67 8A 
+    friendlyName: Invalid CA notBefore Date Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BEED679442F2FAAF
+
+DS4CtEvKIWfQlTyjruaWDz4w7XphOaMNg5RW4vKNL/VJ4D7UKOH9VqCPFrrdsybI
+S2BMpR3vwR84ZKF2ZOOjawzT9CC8ZFAjvCCnVJgetSNI93bvbrM6C38wwro51y9N
+P0vjOF1IaK9JZ/XPWG35Q2h09Z4oESK7HZyxD9FpiCueNW1wM5FQ0kGQdhvLWQaA
+S65EkfZZ1dBjAMywmxjsFdIYU51p6kLFhvh20p7ev+Y1kkwLiYB3/Bbo8z8Ktotc
+1bPC9HS0tjDxRVdg91uKto31VRRK0Lqi2/L5NsInQtxgGWkzxFgbM9BsmZ6WxJn7
+by5FvlzmNvwQZMwIE0XH5y+35RCeRY6Iy8FjbRO60567gh73b5gM8zD3C85gD0EX
+uZFJ3nBn+AaUaiPi99y0Vc+JKJmfVmGQ007FIQgjdlOO/XqPoanmzagfETI3tqgC
+blvTsK1eFnXu6INi7KkxQRkGqYi8T1LqcfKXF++woL6U8d5ypovRwtGWJPKc574h
+xagG5n0sw5/nTPH1YiK1KpP7/VuxRCjuWG9kQ8QPp0HsW8pRSZQnOUR0ySrRE19A
+SW6jO/1QZf75WkQFtGVYrA0GDfVzY31d8qtSv3+kcp2hkZuudqoEpR8TrZCgoUpW
+6sWOKEifzXTO1r3Hw9iPtP58BHDX+/Ojv2B+u8Jocv8MMicrxVaiEGyOtttkZ63Z
+uG4e0JBkxhWvztDP83/BtWRxm0yKs+PXntlIEz25wg79vzcDNZg5pP3/TW8GkrWW
+WxO4J2CzgVNvrWih8W5IGwfytslFhzzkNJRS3kY7CRT5VSWHu8pCG7scN8Vdia6Q
+1yjcxu7VwQ+lU2qbHPQAmbUqDU+F/Lq3SmMZ6fN9FrYPPoxAHRH9d+SyA9TyJdNQ
+kyxtpA2jLX66g1gIcrQGeOSIEKgWRi1XinUaMMRVeHmrjtYyEmKh/ydD+bZIDueN
+Lwgv3Gxwmykhux27PPo2LAP2Ep9+O5TCpDHz95mlpQrH+e4/up/x9ZTXCTMzp+tA
+YJ5CYqijDG/yOL2LPC50AFup0TIcF7MUlDMOrAxkZpjxJH9SeM6jM0voC2eASuQx
+9Y6ZWROyk8xNh0agvY/iCkjC0ko2hSANEDAE61+JDuby3kzk9s0XEtTw/c7lB1av
+dG0ZjaHcmlLrXpa97fdLVl5p09RU2mXkI147575EN/7odJFWPtbynSDVQpHRBtwB
+6yAR1nU0FUyl8KbJ7L9jbnPKPVqXsHSta2tpqNWCMN36d7688lAs0i5tP1vVDkxK
+LdwJSh964kFI0eYhrqyS08YIlk1x/HWQ6O+J/+Y4TJlOT5mkoJePzmdlBR4V34Te
+tHdbuBk4O1hQvw2m9WKNKuxgb2W3j4AIvc0ZJRJp9yKLBcPQRJroMeeB/kjPfGG8
+Qnxuy4ZRbhPaoRuJllTwunPc2m7ejbHr7yhJTEpGO2eB7YXjO3dGMMwIh1VZ9y2d
+Vdp5MJzNIofqXBfG1JOMQTlLkInZAAP6RN1PklLa8wzuelUIaPsIU+EYUdyvWhdH
+G2rOcQ8OhSZd7DtoSCqkjunKF3R8SwpX4aK4KRIxdg2L6cbLV4ZMxQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31.pem
deleted file mode 100644
index 732af1b50b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBRjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIEROUzEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKF4cGWB
-eAaOHCGkAPlmkE9/9XtvEpanIGNf1g0ab0PBnZR8ffY+IK2+rwOeMVtfXmJbaxi/
-Z70teNn94XkPXH6Pmz/pL170Q96CasAsPU2uQC4AtNjkUSeFbSoY7Ul2NaBYqLrW
-yQ7O3jEXdX76KQWqYcihAq1Jw+AEruMq98WrAgMBAAGjgaUwgaIwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFHXnZ0cYCavxiIjbno3V
-F1KO/HN4MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoIUdGVzdGNlcnRpZmlj
-YXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAzUV5anoiOD8wQQnetIFcg5wLnNlr
-dPixWje4q2JQcPnqZk3TW9O0GDtWHmZwVoS3PixQlJPHZGvkliTKM9vO7a8J2FDl
-/ZFRNrm2rHFjZxygk+UTwj+SI4CO8kmtSesvV0ViWwNNyfOV/nmvBjqy6pEbTnCD
-pax2/2P2ruVALCk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid DNS nameConstraints EE Certificate Test31
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
------BEGIN CERTIFICATE-----
-MIICwjCCAiugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBETlMxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD
-EzFJbnZhbGlkIEROUyBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDMxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8Xm5JY/SJcUmQCDr+0GM+
-besWWL+OVllIdYjVus23p+8nx/r0PV4GQIKxh/12lQHPVKesX5OzuXUnlrFs0MNS
-hDKURr8PbBBD9pCKfwqTuDVGjcYNbxgOR7uCxwIWs62VK/yw3NqulTjTxjVba+Ih
-NDJEggvzeyEavzd9UoppGQIDAQABo4GbMIGYMB8GA1UdIwQYMBaAFHXnZ0cYCavx
-iIjbno3VF1KO/HN4MB0GA1UdDgQWBBQvlbhY4sw3ciETxMClyRfo7svC/DAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMC0GA1UdEQQmMCSC
-InRlc3RzZXJ2ZXIuaW52YWxpZGNlcnRpZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEF
-BQADgYEAS0/t3TgdHeRWJY1IdcR6w3gBMrNIweoAzXNnKgrodk3esABKU4lZrMr8
-UMW4sDbD1yNjLhGagmSj+1joyqYLTCh0NYgGbj7xS+zQfAGBdbctVpKYJ1l/pmxe
-CVPOHHU/YkBHnWMouumAnTpEcgbtHTMvsxQNef/pH9IcCBlnOSY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:75:E7:67:47:18:09:AB:F1:88:88:DB:9E:8D:D5:17:52:8E:FC:73:78
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        90:61:77:a1:94:8e:c3:62:6b:dd:eb:ec:3f:0d:e0:dc:1f:b9:
-        04:fa:e1:74:e4:5d:d2:0a:cb:42:4f:41:9a:a5:91:d4:2d:57:
-        d2:6f:1d:5f:cd:9a:2c:24:5f:3d:21:9f:87:78:17:33:96:09:
-        1b:d1:bd:f9:50:b7:17:c1:e0:af:50:95:7a:9d:03:9e:2c:95:
-        ef:f2:c2:a2:74:93:d3:9c:c2:73:74:96:90:b0:78:15:69:e5:
-        eb:b4:5d:dd:19:4d:ea:9a:78:af:ae:a4:b5:69:78:58:aa:7d:
-        5d:9e:05:ee:a8:8d:2d:16:03:86:18:62:6b:cd:67:8c:5e:13:
-        1d:46
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE
-TlMxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBR152dHGAmr8YiI256N1RdSjvxzeDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQCQYXehlI7DYmvd6+w/DeDcH7kE+uF05F3SCstCT0GapZHULVfSbx1f
-zZosJF89IZ+HeBczlgkb0b35ULcXweCvUJV6nQOeLJXv8sKidJPTnMJzdJaQsHgV
-aeXrtF3dGU3qmnivrqS1aXhYqn1dngXuqI0tFgOGGGJrzWeMXhMdRg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31EE.pem
new file mode 100644
index 0000000000..7271d9b923
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest31EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: AB 42 AA 02 73 01 C7 1E AC CB 57 EC 44 91 72 EE B4 07 CC 97 
+    friendlyName: Invalid DNS nameConstraints Test31 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid DNS nameConstraints EE Certificate Test31
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS1 CA
+-----BEGIN CERTIFICATE-----
+MIID0TCCArmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIEROUzEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE6MDgGA1UEAxMxSW52YWxpZCBETlMgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRp
+ZmljYXRlIFRlc3QzMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMWz
+PkxcjfrTx5HDvt3XZVNg70GescrEk15PleNAp9F5sKxnbKvlJXk9Ei6imacf6tqY
+GH4gtc0fdD/Tk77oT26I+Q6E/hPk+QvoFi5CyHEKa1EsupAWS+/yudrVkKCxQgoi
+43pTUFPVZf2OgnTyGAqR+n4EjOeFKCQbXblGQjOQm0gHXiSDqYgsAam1Hw3P/R33
+6SNSrs1ClBL6m2cLE36e5zANzNfl9ev0avuc2QS46XNteE+Dol6d6B0StjCV2CSi
+Ipl0tqvurU/fYPJsYFVVPt2cdHEmig35BY3R+A+LLyYtT8j565p0tsoFtpTxC07e
+FaV7CAwwF6qtUj0TpPkCAwEAAaOBmzCBmDAfBgNVHSMEGDAWgBSxqhfw48/M0qeJ
+poMH3f9u2gfjSTAdBgNVHQ4EFgQUcth3X+ns0hx1Nih4TvYCKoI/bXMwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAtBgNVHREEJjAkgiJ0
+ZXN0c2VydmVyLmludmFsaWRjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBCwUA
+A4IBAQA6HLry6wY654Uab5ADefymDgTAUI+zFlTB4rxL+zz5H01iwjyFOQDhkpWO
+yJLbj7Ncwr1AZW19zYAeJ9et3mWTv6assHW22CRecv1M/oSFGmNlbTUYS/UPO4wc
+rCOx4rAnTXwIPaUdzF88HVdGqlTr45sUuH9OwQDnPmb+TKLCkLfRo+TUsvBhzjeF
++tuaca3sFhLvw8hZixlySkpYRmQ2Ih+w16G2ocA3tfqSb4U+vhM4PAqeRP/E1i5K
+1WRY5ZTuSn2nMS3s+ItayivhPoWjMBa3+LIqvlZM1vB6ALREKt9ab5B0lj9IO3Jf
+SHQ4skVRdnOis7u2cSrdZnbCy3Xx
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: AB 42 AA 02 73 01 C7 1E AC CB 57 EC 44 91 72 EE B4 07 CC 97 
+    friendlyName: Invalid DNS nameConstraints Test31 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,97EDBBB8B797E455
+
+5vqItS7ic0Fq6H4D7dklCCKzIo8FvyQsXz4LYVTLhRbBnAx5hO4oNNQB54+l0gpj
+zHOQUnJoexwy/3ozzhs/zRLswktS0b0gBOo2aiVnO8ypNuTFfOUuWt+lj3dx1UAe
+ILT5kGJjsI0wqEB8l9gZtm4042m1TaWuFTaMrQYWsb0DIU/Enf3XJmVDRwO2o3Sa
+jze7+pX+okd86ZHm5MAXSFPdAakWOz020sL9vt3EMue93lwP0kfn0FYJTnlJ5Qaj
+hez0VA3y17gzmT2TJyEYuI66wxLXPgYB5ppujH9DPOscQsioumiD2b1XhruXb9u4
+rcw8ppML7eyV/gB+SC0L3MkSBL7etxB9Is1RyyXh5WFgIn2Y/sLzLgWCxG67JVQ8
++Vfu/IevfQ1WwjH6JLLY6imBbNXyKLXQu9jjlH/IwixPzIi+LqjTcq26W9VBZkB/
+LOCmmO+t+x7LKUyFzeZ+sq5wKjVpVKV5mXni6FXKgmA0zbx+MK27LkGbd71ZEP/J
+bYp5oJqON2xKaXs+oAs/9KCHlz4VWCUl1yLxRN63XbhLtRc1xlQeSKoqzmWTQXdN
+xy6K+sutPJkLbmleAVDy3exyyz7Zs17b5Tk8yAUxdGpxnyYgNmOmjpZXVsxVLuz/
+TX2mAHAS0XHjT5Ry+oRwi6HXu0dGkpWxE6H96vhbQCg5boPz4aYj3acOqkXDQ0y9
+4LasYPgO6EE0u+tFtgQ4tHZ2MItQ7Lun6XFOMfBqAYYISwvrppNOO0VPd2ra/gd+
+1XVbWLCyM+C5HATHNB4unsEX9A1zqzmJeIJzRlwPUOgS3gSGULFoHjLS+Q6gzVIa
+HQqftYuiJ5oKw32UAHZK70WXbNd2yO9oOOWAgK06C1d5PDxe6y+eMb3Rr80upj3T
+OsFni+rOkX0TxT/3t2VXB0sxX7fw2NkvVnACV3P+udjqQcqHPQy0M4n5e8N4qgmS
+wnVosaDxL65vyRHrl3rDMsi0yCCBE+vJCvPPK2jmy64IUYsGi70Fe+K/ZGrQPkam
+0B6CNbF+DzOC8OHK4hZLMXhp5hwWSYmai3SMTJ0l366bajY24gN9KQVZ5Y+G1QCj
+3DgE08T3XhiMbz1wlTleQ09BmMUB4h+LPhSG3TdsthRCg6SBDq2eyUcLDU53XEin
+jWElYmxDV1XRTRHHhT1VBymtSKSvGwRZLFYhbTxWfpH7FgBxBdxyfeRLaoJLIsST
+ASKTuts+QcTQ2hadEmpg7kNZXmJ/Ccd4iCmiP/oV2P8vg7W4MkvUVk4ZIJtdNRlu
+L2Mg6wkr7Z8ENasEdDfCULwNlYFEE+AiDqgwl2Iw1fgVbize+eEFzwCNQLd7f8r6
+LlveOwtnUlVHqjDe/gOb2CuenWhVR2sNYMHImDMr13Hmxfsv9v/bYJSVd/jcpcfg
+1F2umrq10UPFzI5Lth9vWiws8AtJ88E7hTMJTRWGna2BHA/2Mvg3O5ggYacoNcUl
+sCFCA+hKCngy9c0PnqnXDLLtPT0HWIo4t7K4SQ2upcbU5PGrHYfitCIIjEWqLN/J
+Bjg1wDGNxsQ20K/2CPMYaRac1g4MXahKQWRiBWbq5asv/vrEJTmbWg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33.pem
deleted file mode 100644
index fc1e759012..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DNS2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBRzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIEROUzIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANmefIFU
-RUgrahNMyIfzibuPD5LXv1aF765kc/ROx4BQYuBUZehjaB0G3eHv0wGu5rSJbnoy
-Lpdv0XVvBKEai/K+9iIereljhcwZzKTbHHvAdhCtgImX/Zz/KZ7OU4GZJGkdcj9r
-e/szQBEqTWkWB7hT25WM4ghi5xAz1Tn3foOxAgMBAAGjgagwgaUwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFH6Q3Dvq3pzSm0JE73sa
-zW6PkuC0MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zApBgNVHR4BAf8EHzAdoRswGYIXaW52YWxpZGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAekwpteebcTHJ3RTTqNmNlRsw
-aSa2MtBlaOVNyWi/Qsgy/LO5We9Ahkq56VlKB4WTWCFBdrbbnZ4k1Dpgj+NA8YBD
-Ysuq9KofKqycs+alN4JOOMtKHzbm05wPqkhY1qbBFAUbrEm5felp5drbJys97mCX
-bm7XHTxTuImtWM4ESC4=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid DNS nameConstraints EE Certificate Test33
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS2 CA
------BEGIN CERTIFICATE-----
-MIICtzCCAiCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBETlMyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD
-EzFJbnZhbGlkIEROUyBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDMzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxL/NbfBumGy235WIg06BG
-/D3/nRm8g5DewpBeSbgEPD/1yljXiblJ9TItVB7HrbJsewZWk28/396FVXb69SeD
-rmYXPflrEmgQlCp6IT0axE+gS6zTeS6qCAeHVWGLLvKOx6/9j/xqw2zUUDb1kZTy
-IedQLQlkNsdE966MUxr7fwIDAQABo4GQMIGNMB8GA1UdIwQYMBaAFH6Q3Dvq3pzS
-m0JE73sazW6PkuC0MB0GA1UdDgQWBBTg13snqN9OjzwRLPdrP94IHHcERDAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCIGA1UdEQQbMBmC
-F2ludmFsaWRjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBALVLczfP
-n/oPIoeyzrVNW7swi6hL0k/Hp4Ki4rB1HA+cXcuGMJTM1mnk7gLd9Mjjyp0Iz7DP
-82k+Kv+9+EpOWHhwkvAJVJisKGVO4NrUbuxGhoYggP+ig5gsuHAfCAlzLfzQgW+V
-BtejP9VrkYTGxKno9uiIjXfO/VQ9w8pB1Kci
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:7E:90:DC:3B:EA:DE:9C:D2:9B:42:44:EF:7B:1A:CD:6E:8F:92:E0:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        02:f1:3c:9c:25:d8:e5:f3:99:97:72:47:d1:94:a1:f0:11:0a:
-        8d:ef:9f:4c:c6:3e:93:23:1c:76:92:f7:68:f7:8f:9d:d0:ab:
-        7d:73:20:ba:f8:ea:1c:90:10:59:01:07:c3:11:36:15:70:b3:
-        e1:80:3f:38:65:42:77:78:95:79:6d:a9:88:c7:54:59:b2:52:
-        9d:da:5a:58:a1:73:1e:07:78:00:01:67:02:41:9e:82:b4:ab:
-        f3:d1:74:00:8f:ce:fa:78:8b:c5:ff:ca:40:ca:88:90:ac:74:
-        78:41:4b:60:85:3f:43:31:7e:1c:60:bb:3d:91:09:df:9d:f3:
-        6a:40
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE
-TlMyIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBR+kNw76t6c0ptCRO97Gs1uj5LgtDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQAC8TycJdjl85mXckfRlKHwEQqN759Mxj6TIxx2kvdo94+d0Kt9cyC6
-+OockBBZAQfDETYVcLPhgD84ZUJ3eJV5bamIx1RZslKd2lpYoXMeB3gAAWcCQZ6C
-tKvz0XQAj876eIvF/8pAyoiQrHR4QUtghT9DMX4cYLs9kQnfnfNqQA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33EE.pem
new file mode 100644
index 0000000000..98e9795eb3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest33EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 37 53 53 19 AB 78 01 73 27 05 18 43 EE 87 32 9E C1 06 7A D1 
+    friendlyName: Invalid DNS nameConstraints Test33 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid DNS nameConstraints EE Certificate Test33
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS2 CA
+-----BEGIN CERTIFICATE-----
+MIIDxjCCAq6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIEROUzIgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE6MDgGA1UEAxMxSW52YWxpZCBETlMgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRp
+ZmljYXRlIFRlc3QzMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYb
+B1v9GpRI/WrpcpiPQwAnQbViU0MATTXN5t8MypI72+0ExFrnmC3gPpZkImwXOlIn
+EpFA/EU2xNrc5+1mzC+rfPUzZ9W1xpM189Nsdobp7UP8laTGpeP1qB/5bYKwHr3w
+poPYnm189HfyTcVfOBqrb4w8SxyfZBZv9znzHlNayguKAgx+7v1IBrPSYz2dQKpm
+44UfeKpdRLfBYmfwtFn8fo7G+gSzLev19SdPiiTM6Mm/7c3wvSjPfoFChOmCDjmR
+hHcDC/Y3IOp9913OU6MyfX1JWWtCekDmovPzH9FdYvmYA4qJEP+RTHLG3Tjjx1MY
+rGfjZf+FnQktoa7DG1kCAwEAAaOBkDCBjTAfBgNVHSMEGDAWgBRGSJxCCY5dU3DY
+Fh7gwckYFTUKBjAdBgNVHQ4EFgQUqPuoi5cYHAfhxk4Sb8kAu3oLs1MwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAiBgNVHREEGzAZghdp
+bnZhbGlkY2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQsFAAOCAQEAL59qoRdK
+H5WO0ZnkKiOAfs0egI4Hm9xbC+xax2LVNHxtmsXa1ksxOgX9dMuJH4uo6XXzNqyp
+KbZ3m6z6g1lAsdfww1o7d+7EOIGhTNOBWhRZOxYe+XEWxzIKKgO7qPGffYbEhpM4
+HI+2QsGnKGP2iBcVWS22KE3O/3xRGjiSUff9hGsroTtv8xTbPBA93d4Vr36VzRp6
+noAywsV0iZt45Zpoo368aX+Ph62TqXCg/1+VERrG8OJe3+lWQqeBfKo05pwZhh7D
+Vi1VnGCLRptvUiwJuiOBksuCI6Uidi9vEN2DaIz5K+8mGAWn9C9Qjps/Kat9dHFD
+ctZ9Gd4lR1XzyA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 37 53 53 19 AB 78 01 73 27 05 18 43 EE 87 32 9E C1 06 7A D1 
+    friendlyName: Invalid DNS nameConstraints Test33 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,42DDDCCC4E0E0812
+
+InO/EZ0bUhdxLdwVzylMQPQR9u4xMA41CFhQBlg8yS4ovqtRm1MVkKsVHOEm0VgT
+Xnez/9FZqk6KilG9MCXFGeQCbK3fhtIlRJMp4pft+7P3MpNYj09crslN4DqPWosc
+4ffNKCbHcfxYknEjn5CvxEmSwcSYXGs99n80jb4TNc9h22rIJPMxcA4JjZVJymyG
+Ym80H+9BKpgWgG47VWH9E4Pe7rsYKQNYlOEeK32xNQe/Ukj+/ANlPyCssMt1W6FZ
+1NVdme/Vhiwp4aYdCvUP4c878Yu3BcqWakw5JfKTghSiLosqu0YcqQGd5GATe0iI
+OWhANpFojMvJXeQdOzWL+VnSmqtMsixJ0l0DtiWJIF/PAA/j4Ab50yWUOoSrusp4
+9OWPdLfXRqEqdIL2GrEBbYd6AxP/5QG2cFq/K5oKpK4KzHWY3RhmWXy6rqD0VMZf
+y+GfjSUmrEH+S7oKhLPBH4Mq+iAfX8R2YfXFM3QCf8yhWQiOmUft2XDxq8BVULnH
+zLFZWY8WI6+ZgUAcDZGmN4Hki3sjmt6gGiI1CouN8wlrDs4doneb+GWyB18k4EmN
+8FboI5b1kjr//76kpIhAG7yIIDQcXS3GU7I1iD8wcjV3u0dYYnnsc9jcRnkgTbkD
+U8F42AVFdfC+nCKR9oKRBlqBnD97SFbneNcZS3PyOaEUY1AxeMPfbBXeEOmUBp/r
+YVYBNSUbIyIcwpe+gMkX76/pTZkaOnnzN/vLXnYTlW9Mbh0oNIpnAD+BAyT2dc0R
+LMUVlu1+t+RMQaBgDEiWw5jdHf9JRjYO6Lf8G8nNbZupbhGtkY+mAroK7MoPRGlc
+1WQkQD3P6Y31IEAli0iObCAS2MOLL75XPhbapja0KHiTX1QGWiY6JT1QTsJ5ZPDc
+r7ZtVHJRyL6omdz1xLKqD69IG0krmbjWZUq+aeFg1LbsEPX10r3yzaz12BMs0Gmy
+ZG2qA3GGiQMrh5toE0uWZCBvZCLqpM2GauWKF7R8Bsj59rSPtYpIpSGib80lUAbL
+eYB1NOeoPzQQOVRS+C2UiTGmZmq0ID94Vnb7vWcHVk3zLYi3sQ0XozqJ2T6vI2XU
+5DLzUqUW6jSnWDQA5Y93/Y5W3b8bdyxWKfTAKVBNjciGlTM2s2sk6sQie3/c8Gye
+SZ+HFnX1jGTROgprJvcFZTFUuVDIQx4mdIufm7IiwY4V/zJRiDTfybzVxDD6pr59
+8RTQNvZpggWvtwSM9zlxBGnQ4Pg5HWJi06xZsOwgZ8Pvve6TW+GgOlbVKrdUwdUe
+V8t8MMa/48rR77/xb5k2xI8uwWuxE/bpiYzUjpsi0ZPh/GX0ruNZn+hn9ph2thx8
+QYMHbNIszbBAY6FSZSuaOTUOKu7Jg2zzAR9rxYDkyaRbF431NRjHEIhS32EL6k2l
+98abtTqhtMUJ+Odq6B9vttvOBunGQh7ym3jiWbT54b9wFgVcHtu2CsPu3H7A/E9k
+5trrY8QKvcmyZt/Y57OQ8yDoYcVLG+6boI7F7c9IZWNDocF7gEV0/rEFwIudVRr3
+bxy1izO7o1l2X1V+/E0yvV21MY+0c/yrrO+n8yrK+wvy5xB/fns5eDhAyNkKByDu
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38.pem
deleted file mode 100644
index 7930eb4ddc..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBRjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIEROUzEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKF4cGWB
-eAaOHCGkAPlmkE9/9XtvEpanIGNf1g0ab0PBnZR8ffY+IK2+rwOeMVtfXmJbaxi/
-Z70teNn94XkPXH6Pmz/pL170Q96CasAsPU2uQC4AtNjkUSeFbSoY7Ul2NaBYqLrW
-yQ7O3jEXdX76KQWqYcihAq1Jw+AEruMq98WrAgMBAAGjgaUwgaIwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFHXnZ0cYCavxiIjbno3V
-F1KO/HN4MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoIUdGVzdGNlcnRpZmlj
-YXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAzUV5anoiOD8wQQnetIFcg5wLnNlr
-dPixWje4q2JQcPnqZk3TW9O0GDtWHmZwVoS3PixQlJPHZGvkliTKM9vO7a8J2FDl
-/ZFRNrm2rHFjZxygk+UTwj+SI4CO8kmtSesvV0ViWwNNyfOV/nmvBjqy6pEbTnCD
-pax2/2P2ruVALCk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid DNS nameConstraints EE Certificate Test38
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
------BEGIN CERTIFICATE-----
-MIICtjCCAh+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBETlMxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD
-EzFJbnZhbGlkIEROUyBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDM4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLztSKsWY+S4ZhmNgTffbb
-H8aIXhiw0mDQqoBzB40KjeMgX3OEnxCBBmDLNqdQtcMhlcKST+FbcFNUzrWySjDL
-UhFqTes5kgzTAyyIeMKHG/Y8b9D7mNuH3GJmtCWOCcajKBy7g9IuPRTtOu/f217J
-pqw42pwtbI+7PX2v2cTiVwIDAQABo4GPMIGMMB8GA1UdIwQYMBaAFHXnZ0cYCavx
-iIjbno3VF1KO/HN4MB0GA1UdDgQWBBQtwjU8JMdU3wDsp2MQVttA0RtaVTAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCEGA1UdEQQaMBiC
-Fm15dGVzdGNlcnRpZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAYzw7EH4l
-W8Vcu3FH96T5cE/RL5hRpoj2PU440l6/1ScnutWvY2WXwCAhO5LkkyDdE+a8Pv4S
-v5BusKldAEzFQy3H6jlDnK29Z9m/6RNIrskTys2Jqt04I+JWV85ZNVCyTu4px5iY
-SmR9uXP/4hfVB74Ct8bSrOBQVy0te1ZcR08=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:75:E7:67:47:18:09:AB:F1:88:88:DB:9E:8D:D5:17:52:8E:FC:73:78
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        90:61:77:a1:94:8e:c3:62:6b:dd:eb:ec:3f:0d:e0:dc:1f:b9:
-        04:fa:e1:74:e4:5d:d2:0a:cb:42:4f:41:9a:a5:91:d4:2d:57:
-        d2:6f:1d:5f:cd:9a:2c:24:5f:3d:21:9f:87:78:17:33:96:09:
-        1b:d1:bd:f9:50:b7:17:c1:e0:af:50:95:7a:9d:03:9e:2c:95:
-        ef:f2:c2:a2:74:93:d3:9c:c2:73:74:96:90:b0:78:15:69:e5:
-        eb:b4:5d:dd:19:4d:ea:9a:78:af:ae:a4:b5:69:78:58:aa:7d:
-        5d:9e:05:ee:a8:8d:2d:16:03:86:18:62:6b:cd:67:8c:5e:13:
-        1d:46
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE
-TlMxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBR152dHGAmr8YiI256N1RdSjvxzeDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQCQYXehlI7DYmvd6+w/DeDcH7kE+uF05F3SCstCT0GapZHULVfSbx1f
-zZosJF89IZ+HeBczlgkb0b35ULcXweCvUJV6nQOeLJXv8sKidJPTnMJzdJaQsHgV
-aeXrtF3dGU3qmnivrqS1aXhYqn1dngXuqI0tFgOGGGJrzWeMXhMdRg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38EE.pem
new file mode 100644
index 0000000000..dd33413a94
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNSnameConstraintsTest38EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 48 A3 C9 BB D3 CD F0 ED F5 84 3A 8C 2E 9D E2 86 7D 30 E7 6F 
+    friendlyName: Invalid DNS nameConstraints Test38 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid DNS nameConstraints EE Certificate Test38
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS1 CA
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIEROUzEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE6MDgGA1UEAxMxSW52YWxpZCBETlMgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRp
+ZmljYXRlIFRlc3QzODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKh6
+dMeji/U5K/ekBPo8CedDexJtu59S60Zbb3AdsoCF+t7mMkB7bkSY9aNOPXfsmBfi
+YH7FJFNzIwIoG0yHAB8qROxhbt4STVpB4c3XyqkWByLdHAzPM/+CAwX2ZtYTLF81
+FqT8KM7QmUMbjkcNx87nD+r8OQ795j0fAQQ3fC8XXgYVdDdfuoACAyYVgJplwLMF
+ejdjj72LERuDgiJKHy5BiUrtOr74ZRRoysDnX6C9cAD6BJjkrvFryQmCsnifit41
+3X5TWR3nSYY+93/ioiZ8kr+xDCtx6ODFs8DohTpue+SNnTW8w7QwtoR4gxnLWw2C
+3FNRWu1l++/VOOZEd0UCAwEAAaOBjzCBjDAfBgNVHSMEGDAWgBSxqhfw48/M0qeJ
+poMH3f9u2gfjSTAdBgNVHQ4EFgQUzkAnIqjWGiY7B5H+8RntUEbOS3cwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAhBgNVHREEGjAYghZt
+eXRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQBFZ1PNe87h
+xxEKYU1zDBenTJ4doWDxfNls/SC1fl9y4sV5gYdVvXMfMvFNpv3cuO9RdFhc/r7U
+an8zS8YA1bP+ts5EDma3yIuRkOAifEeE1ivPjzmEH0acOsfFmjgF5OBqS850KFqS
+Gtxa5YDgeuV6/GaUh+QTnkweGcQau51QIalB34UMxmG93hsNI3M4ZxPAiInJjb5n
++XKyQBWwAhaPhGPVbLIU0BtnyafxIs3fkksxFvp0TvrxNoDKmyGn1xMPf66rKgPV
+ziiayHvu9e8uhwEjXmugCy0T5zxb67CVVgHofZZfphlk99gUzeqr0rxA+7gPsoVt
+99WV0A+bbNk7
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 48 A3 C9 BB D3 CD F0 ED F5 84 3A 8C 2E 9D E2 86 7D 30 E7 6F 
+    friendlyName: Invalid DNS nameConstraints Test38 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6E7BE2BB1EBDA90D
+
+/3LYRb7V6mLvFHL6h6V+UcL+eHtdgcQIYRfMJnf9duANOgPmFcASfUGnwWP04Kzz
+cmG9hi7a5mHX1ZMLL6r5xw/TI+ui15RGKL1QqJKU/bs0W7A8Pv7fJPXIkRyozXvo
+qk4Y8oGUHYFGZ4CSNl6B6MiBghjHitDxcYq8HSiLpuZc0eoRNvGx+2K08tz5e99r
+69w3sRTMrjdwraRuH2I/KUVGd6zsYc0Y58EbimoakEuAmU85fQV5CSmFJrxY4VQ9
+W0EHnUMt6ay3eKe9CpdDVZL0REjaNeBA3wm+aD8o2ajnZgHZh3q/HTTAn+05x9mY
+bGzJE01HmJnqskot8RWGFUfgcIXFOH3I9w3gF7niJrRBl1IjXprZlPAxEMdas70w
+WMI7ereIJbe1HOYd7s8B5TZXhJr400rw/KkcPFJaYRTRPpe0k7R+hxzVI+o8zDV8
+Cq1/GKENTcnI9Y1FlrH7yt5vLo0nJD+jXhbj6etgshYQnfdyNs9qEJVftaYeKnGj
+C10l2YmsLrn1F/OtfDNUYIfEPw11t9PNxygTGBmOcZ0rCsPcpcimdWh+qWnhjcYr
+SqanW0CZj4RKhE0R7zPvUbBGkssGu165NkPSyTDLrwQJtoAX3hjPuJ9R58Wc50Cy
+fFdglrp7WhLJ3IGTlWSv4TbLYjQfrSVgwHcUnnUGjkK4Akd/bxNKFq7hCHosb9aC
+oiFwRuIPUh9Xk7cAhqL3ELZpmvHUMoU8KzXOu0zL81C5J7j5n4w0/64Ih3qe3MRP
+bLm9fyOQU2dNc+onffryZF7BhHOwicV57GqV2awUUGqSln6g+CGcFOMzvTv+txr5
+Gk7mjIoIM2Cm/Y+kRhJkKmAwystZMnxVJfauSO0uNCtOuU/ay29br7V4mixZPUAL
+xTF+aRlYQGsH91UVkAJZqqiUe4ZjCKuoYgahim9UMViyq7XHzCq9tvfMLTHT9Q/q
+NPbzmqXcupL2/o23dtPHcF9YBTvfZ1bFdJPianLBt0LrC0Rxz0E3t5glt7tPfDpf
+uFmoisv1/APxyo5m796LzJg+tYl1HjlKEw+CUEZczmuvCvLh5ChwofTGmg/cA/tw
+fMjkMeFBmd1Hgqf7+q7v4wlIZwNnINXPj6yBqTX35TTxEaotlnCD9IJ5yfQsoEEl
+0qPPiLBKwUDUK2GyA/+jJMOUTodoTc+vuFHngdrhQ0Y2y9gwwX/sy8DcgIcGfN/E
+wGZLMoaI3Cz6q6JPg9su+gEToivrWwJE9ESgOmBMPa2lguBU/4OKkYcmtNeNfWeZ
+Wcq1UavyfhJ92ybnEXHJnTYSDixbRQh4A8ghK01ES4LVGK2Bb1dC5lc8DECo+iLw
+ogpKsVPYjbyeMYq4AN/B8qDP7BSm8ejQ5yTy92HouO1e9rc7/9LFr1M24OhsTYTr
+ONzxGwxf4joBPYyuJQ4Om9llVpLEbXNYeuotga3cUnshAc/e+Aj+6pSlY16gfGsb
+vUHEKa24nvEaOD4Tan7ojRg6+dcgiG9OPLZb8gCuL3sU1jEecMNzaq63UDYmkokC
+2JXgDG9UngFxugmBrhhLKHm2y6pVtRx4DZ+ZIK/wezyGPiFKvNeHpg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28.pem
deleted file mode 100644
index 18fb09781b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIC0DCCAjmgAwIBAgIBCjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x
-IHN1YkNBMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA37aIkV7sYy0JnIQ6
-oLcZr4T5fsXvU6SzOxBfPrtNDpq884ix+hP3zDxAwCSO5mU0znQe9s5im5Mf9yKK
-0FIXOAHFwMb5M5mAZNwn7Tx0XYxDfBx94lsMvJdBDCddmTB5akZgQF5Iir+Y52y7
-yiWRJM+ZmowFfoi5rp/PgkSOJxsCAwEAAaOBpTCBojAfBgNVHSMEGDAWgBROLqPn
-2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQUV6v4nCfI0vTmz2+qIAs1ZwSDJGsw
-DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MCYGA1UdHgEB/wQcMBqgGDAWgRR0ZXN0Y2VydGlmaWNhdGVzLmdv
-djANBgkqhkiG9w0BAQUFAAOBgQBlTO2ECGQPZsbXzVHd/rGejurHrD9MHfTQYJCn
-pFjAPq3wSo4qFVopG5gl9s4rdpNU+XvoY5zO8MVxTnfFi5G+y2CWZTG0iIWQmC8b
-ReqDdpVeAV3ictgaDyoU1ApdemyOS2pHV0mgm7vPYCx+17EXzFBphUICViSFv45n
-cu1nCg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN and RFC822 nameConstraints EE Certificate Test28
-issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
------BEGIN CERTIFICATE-----
-MIIDBjCCAm+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1
-YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMzAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGLMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy
-ZWUxMUQwQgYDVQQDEztJbnZhbGlkIEROIGFuZCBSRkM4MjIgbmFtZUNvbnN0cmFp
-bnRzIEVFIENlcnRpZmljYXRlIFRlc3QyODCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEA5P+v5wlPmnZe/uEH6HyaKnq85ORqBL8HNiSn0EhAtQNHISd/M6VJvcrJ
-YCdSaQbE+A61yEjhCfckVgjt0lY081fJsDvDU757lDPe7SLP5hyrVS+myINWP3V3
-Fnu8BeK5Lz4Ytkx6uvnfE73jdWSregNtKqtyQD7kyLMTFVlVXt0CAwEAAaOBmTCB
-ljAfBgNVHSMEGDAWgBRXq/icJ8jS9ObPb6ogCzVnBIMkazAdBgNVHQ4EFgQUDvHN
-oL4nbNoIN4BmY5QBKMupyFQwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATArBgNVHREEJDAigSBUZXN0MjhFRUBpbnZhbGlkY2VydGlmaWNh
-dGVzLmdvdjANBgkqhkiG9w0BAQUFAAOBgQBtZkdww8Uz1loAnrdjOhd30Om7eO4h
-Ph2kKsyLJm3aeptHUIKnAXrY4+drzXmVlzMcMK0t7VT0CMP2vWSVrzHyUXnGxpsK
-ZGKNRLzdCrr4sEVtsYjGvMK9LzM66kx1CFVbl2IftM7cVEgadA7RyfakTHJJAAQw
-by2klF/gQrv13A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:57:AB:F8:9C:27:C8:D2:F4:E6:CF:6F:AA:20:0B:35:67:04:83:24:6B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9a:01:ff:a2:5a:8d:4a:16:d9:8f:d1:7d:40:a2:bc:eb:6f:fc:
-        4d:58:3b:b2:03:77:79:60:99:5e:f7:f5:b0:39:62:10:15:8f:
-        67:ad:12:b7:a6:2c:ef:de:76:3b:90:26:79:b7:1b:7c:3c:25:
-        b7:bd:11:82:78:21:93:5b:11:66:15:e2:e3:d9:77:e6:a1:18:
-        6d:dc:46:88:f9:13:7f:28:5e:17:95:7b:a6:da:4a:00:c3:44:
-        8e:f4:00:50:a6:a0:52:86:90:cd:40:54:66:92:30:0a:64:0d:
-        09:19:17:64:41:33:08:5d:c3:11:b5:ab:d8:61:5e:a2:60:56:
-        a7:d5
------BEGIN X509 CRL-----
-MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx
-MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMxcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUV6v4nCfI0vTmz2+q
-IAs1ZwSDJGswCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAmgH/olqNShbZ
-j9F9QKK862/8TVg7sgN3eWCZXvf1sDliEBWPZ60St6Ys7952O5AmebcbfDwlt70R
-gnghk1sRZhXi49l35qEYbdxGiPkTfyheF5V7ptpKAMNEjvQAUKagUoaQzUBUZpIw
-CmQNCRkXZEEzCF3DEbWr2GFeomBWp9U=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28EE.pem
new file mode 100644
index 0000000000..eed50ffe62
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest28EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: CD F3 00 7D CE 6A AB C7 2C 72 7B 2B A8 53 D8 C4 04 A5 77 3F 
+    friendlyName: Invalid DN and RFC822 nameConstraints Test28 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Invalid DN and RFC822 nameConstraints EE Certificate Test28
+issuer=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAv2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UECxMRcGVybWl0
+dGVkU3VidHJlZTExIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBETjEgc3ViQ0Ez
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgZAxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJt
+aXR0ZWRTdWJ0cmVlMTFEMEIGA1UEAxM7SW52YWxpZCBETiBhbmQgUkZDODIyIG5h
+bWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjgwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC4vbpQh0jJq3Nji3nx4Sfd4a9Ek4bG4H6jLwpj
+rsy/shoK6yz8nnXe/w8ZSIYH/pETrz72I3kEz5/VI6rxHf9Qo+lqLURImkRhxwSc
+ylpDPcbu6LApCackMGAms8ocHu+g6ZELzg5ubrcfg7IcHjnZMdUjXqEWptkZf74X
+cDGjkJtpA1jJgvEiwSy5A2MkBRkf51/4SGxpN0tbnLyW4P9T4s9p0ZECanXijTK0
+px8Ln6lAaV8/mwjat4G1WzpMsiMKYkzD7dC4uSunEY+1+M0NOsiWJwxS8oIA8AcF
+DOzTjx9WV8xeofZeY3ZJQJyJoCI+L70s+/9dwHxeXVbBbkGbAgMBAAGjgZkwgZYw
+HwYDVR0jBBgwFoAUJ0nkBNlF+myYlGz87Q3DJFJtVUQwHQYDVR0OBBYEFK8MG92q
+3AJ6cZcpow9Tp0emF1RiMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwKwYDVR0RBCQwIoEgVGVzdDI4RUVAaW52YWxpZGNlcnRpZmljYXRl
+cy5nb3YwDQYJKoZIhvcNAQELBQADggEBAIZk5m0SIfQF5ZF59PLUTrwGaG3jiJKm
++IdyCCM2JsVcKiJ/DoWkU3Ao14nmJkyjAFG3HoYqap5lxKyWpwvmv9VzBGmvJun5
+v38Z6zVGWSAKMt/w4yAJBVWWaDKHTP4nfBBYX8uAKmAewlNxn4LjWuZ3AWKfbuqx
+ve0yYWP9wBs95PlW47j9ky9uYjwAgXX3z4XnG3NkOH13uxPI6ZjBCdacVuIKDVZt
+3pqzHcBT5FV+9JrwvPxnaIauRpb07aWopvcl8vUF5Z2ndZjtBIjAtlnH8AHo3dwy
+b1v4tBbIjYfNUSlCtBjUC2SrlX0AiAqzq0jPL9YBiT+E0VnjRaYHmM8=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CD F3 00 7D CE 6A AB C7 2C 72 7B 2B A8 53 D8 C4 04 A5 77 3F 
+    friendlyName: Invalid DN and RFC822 nameConstraints Test28 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1D6AA7F606ABEB63
+
+B44Kh+Eawf7VN46/8/zrkiV2Nx5S/ABhA1JNcjIUoXWr1bsHOwPrru1/PZMzh2pT
+Xi+U5L0pAVLKGNxAzx2iyOEHQLKHNqmxLJ05kcn4edJYY38dmP/Mv/VobSmIFcQ0
+7o5ZSCP43dcSHCAtoRYvNfLRrWnaXkm4bMz5j1OfPSN5fu15F5HvAW84yd5WgGoI
++1d5dwdRrxtm0BYtdJqNjxk/zKsxAkP27Qj0YxaLZCEt5mMcKIqRvnW41k0vFDUZ
+xovH3/X+VeQJCJSQtibLqwhiN/16q+BLicADRiN6Tr+18nn7qYNjIPNBbGnYWKsi
+KkRx48nhkOa66HIqs3mPupQi8vLoYqB/nFkrT7kRwZt1fspbfUuSqWaGwYLbgwpH
+bTEWI82g/5emW21YXwIekvI13YwzQb0tXSJH8uUQENXqiWtQwJ2ke8tI/6sYqIWj
+CrDQEGX1iZmedCvuPtZpS1oPO70n+5RaKmBg43QP2fhp0mrCHR3zMof/wt6t/yUe
+Zs3KL5yp3pb00FxivqYlYhsBMwhc7LkBZz8auIsunXyoF6BZ9ZoHb2AkXHetQc/H
+GY1W0zpVWG1dFIrpQogNWtpZmd78915iepHXAHyl0cFTF30fj31Ae90lhJU3ivRM
+3LdqdnOAU3khHIIzJfEnFa1bP4860RBhbHoNmwykE68BrlOsdfpZ0DrcB4H6yhC3
+hl3DnJI+BARFWD4ApWkSNMbfYwFkHbcSebJ33k/bR2k0KjAIJYfcznVoPEXbGL8E
+5uKaqgTloQH8tCpPPd52IhyzMQBkqR3/Iv25jua2L4Cq9lgaQXoGYsxj0e0BCRqs
+cOgLQVahRPX8HJr9dZA1lyjg+0/usQAlm0GcpPqw/NZOFdGXyjxnPCXUQOxjSfSt
+PqUkTUzqUjK2SOKKxn4acil7O/zg7n0H9Y85rKB7pieouVen5du6Z824hZQySlMN
+JWEsjg4YbRVP6aqrU8sUpkXRyThJvtDA2dADGNVqUfD5k4UkP7XlNqEqmzXKZnXu
+S9pmo93kY7i0k6ebzzCurc5D3fg69TDcFREfXOow6Wo9VbP0PB+wo1FDrejQynAu
+4KaPN9KS5Cwv8SfH44T17VltAOuopHkZyLaFN30CyENyJksFvVGCi9UH9pLqQaaZ
+B1GU+twMzxG8uNwkhzy4Wen1D7PxfqiH35ruxQxRavodft2OXRCeq0Nemr9dnDGt
+wEymDDFVlYSdLgasWLosEQhnsgeUy5xdT06minlE9eOBuxA1Hx7tg5n0c+t3ulFT
+08nF7m0pxhCDpPF/RVEgoZp4eO2/4OUfNroGunAvNnL2zmKPMkZmREprfewa+q6z
+STCVLXjVmK97nZLjfZRPNFuqd17aSs9BMdGE6+eMCCXd612vAntzbKF5zzfQjlqU
+yHJ+c5h3VrYLxlgdBsZaMR6ymNk8KS4aKiZoSStplenXVO//N3+a95KOUGiqDVa6
+ZYVuQ4jxxmMFCK3wfvcR1PHE76eILoRH6TaOTKy044IY+/sE7+vDsDSBdEG4z7PH
+qQOPHsYzCmT/h7oK8fmRwk5Ka/xHO9Vl5phWbadMjFUY2aehN/WWqpgoWenOQafR
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29.pem
deleted file mode 100644
index cb31959b73..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIC0DCCAjmgAwIBAgIBCjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x
-IHN1YkNBMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA37aIkV7sYy0JnIQ6
-oLcZr4T5fsXvU6SzOxBfPrtNDpq884ix+hP3zDxAwCSO5mU0znQe9s5im5Mf9yKK
-0FIXOAHFwMb5M5mAZNwn7Tx0XYxDfBx94lsMvJdBDCddmTB5akZgQF5Iir+Y52y7
-yiWRJM+ZmowFfoi5rp/PgkSOJxsCAwEAAaOBpTCBojAfBgNVHSMEGDAWgBROLqPn
-2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQUV6v4nCfI0vTmz2+qIAs1ZwSDJGsw
-DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MCYGA1UdHgEB/wQcMBqgGDAWgRR0ZXN0Y2VydGlmaWNhdGVzLmdv
-djANBgkqhkiG9w0BAQUFAAOBgQBlTO2ECGQPZsbXzVHd/rGejurHrD9MHfTQYJCn
-pFjAPq3wSo4qFVopG5gl9s4rdpNU+XvoY5zO8MVxTnfFi5G+y2CWZTG0iIWQmC8b
-ReqDdpVeAV3ictgaDyoU1ApdemyOS2pHV0mgm7vPYCx+17EXzFBphUICViSFv45n
-cu1nCg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN and RFC822 nameConstraints EE Certificate Test29/[email protected]
-issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
------BEGIN CERTIFICATE-----
-MIIDCDCCAnGgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1
-YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMzAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIG8MQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy
-ZWUxMUQwQgYDVQQDEztJbnZhbGlkIEROIGFuZCBSRkM4MjIgbmFtZUNvbnN0cmFp
-bnRzIEVFIENlcnRpZmljYXRlIFRlc3QyOTEvMC0GCSqGSIb3DQEJARYgVGVzdDI5
-RUVAaW52YWxpZGNlcnRpZmljYXRlcy5nb3YwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBANFptsaiuqG58SeSbnVMTNr7XG3kbwY6wtsLkDomOXBGR/46vTeRu4CG
-CaubArviUAJ+JILIVs3bO02m4H6NUk6clLHjb1iou8cA0UR8XHkzJ1ZNmDZJiBJA
-CAqNmtpuolbgToov0SeuLYdDRTwLlkLpjykO6EMiAjI0bs0u769XAgMBAAGjazBp
-MB8GA1UdIwQYMBaAFFer+JwnyNL05s9vqiALNWcEgyRrMB0GA1UdDgQWBBR/JuUf
-MNbcNM7ktf6v5K72qnwyNzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
-hkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAHgiOAzfqxYOlP2ugGMXcXWDQai9
-VcfKXZM4zdBV3TmksgiLkZTyhj51RfoZOhQn8RB90lDZYdSqRGnGHuUZW6ejX+A2
-JXWuY3uhE2d2WwJIwYHItLSl+DVv2Jm0Wrv8BFY2PnKaDKJgLG3WM0bp2LKn2dzi
-FXK5SfJJE0q4WU2x
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:57:AB:F8:9C:27:C8:D2:F4:E6:CF:6F:AA:20:0B:35:67:04:83:24:6B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9a:01:ff:a2:5a:8d:4a:16:d9:8f:d1:7d:40:a2:bc:eb:6f:fc:
-        4d:58:3b:b2:03:77:79:60:99:5e:f7:f5:b0:39:62:10:15:8f:
-        67:ad:12:b7:a6:2c:ef:de:76:3b:90:26:79:b7:1b:7c:3c:25:
-        b7:bd:11:82:78:21:93:5b:11:66:15:e2:e3:d9:77:e6:a1:18:
-        6d:dc:46:88:f9:13:7f:28:5e:17:95:7b:a6:da:4a:00:c3:44:
-        8e:f4:00:50:a6:a0:52:86:90:cd:40:54:66:92:30:0a:64:0d:
-        09:19:17:64:41:33:08:5d:c3:11:b5:ab:d8:61:5e:a2:60:56:
-        a7:d5
------BEGIN X509 CRL-----
-MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx
-MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMxcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUV6v4nCfI0vTmz2+q
-IAs1ZwSDJGswCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAmgH/olqNShbZ
-j9F9QKK862/8TVg7sgN3eWCZXvf1sDliEBWPZ60St6Ys7952O5AmebcbfDwlt70R
-gnghk1sRZhXi49l35qEYbdxGiPkTfyheF5V7ptpKAMNEjvQAUKagUoaQzUBUZpIw
-CmQNCRkXZEEzCF3DEbWr2GFeomBWp9U=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29EE.pem
new file mode 100644
index 0000000000..90a2b0d652
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNandRFC822nameConstraintsTest29EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: D7 F1 F2 82 16 4C 9F 48 C4 47 62 0A 5F B4 7F 6C B0 9E 94 A6 
+    friendlyName: Invalid DN and RFC822 nameConstraints Test29 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Invalid DN and RFC822 nameConstraints EE Certificate Test29/[email protected]
+issuer=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
+-----BEGIN CERTIFICATE-----
+MIIEFzCCAv+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UECxMRcGVybWl0
+dGVkU3VidHJlZTExIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBETjEgc3ViQ0Ez
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgcExCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJt
+aXR0ZWRTdWJ0cmVlMTFEMEIGA1UEAxM7SW52YWxpZCBETiBhbmQgUkZDODIyIG5h
+bWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjkxLzAtBgkqhkiG9w0B
+CQEWIFRlc3QyOUVFQGludmFsaWRjZXJ0aWZpY2F0ZXMuZ292MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoHPUN2bg6yLDHBYTGVFhMWB7jFvgUuh1geM
+i3nK4E4UqszjE3nm6YRJDExcfBRCPuH4NoiF7aQtOXqAP90h6hY+6ikQ18WZDx07
+1FxSDTqwSgDpNS3UyheEDvTyD9d5GpcVasvuLmQ4ITibTT3GHaGcV6Tg7jwif3lY
+6GxNl73YoOzscwtYuzSNmVerlrUAoy+w5LhLjuwWxPzeoaUHayamLXipBwiaKLWL
+4WYr/S7rNHz92cHFzIHjF3bQuFLpP9r6El3MDfZbXmu6K5vj/LDGKcOj1gCHbIC5
+GZIW0tbPxuMfLh4CPZfsrpGw7Cw+fnTocUPTv1yasn46YzhA1wIDAQABo2swaTAf
+BgNVHSMEGDAWgBQnSeQE2UX6bJiUbPztDcMkUm1VRDAdBgNVHQ4EFgQUKqooRqSK
+ejekpkSf3GDoIwRd8JgwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZI
+AWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAIJzDlmebZhMjzkhP+mOudtaSDpex
+GaQjDFetxOQ84CcVDofcsMoxWqRv/DRBHd3YfY90nbRpxNVPx55/C8hjYugK+KIB
+tY8JfMZrLY+nb4Ol2IFdPIDBX129nKrpaudrRE7onKdCAmfneGQfZIA4Hy7PozB2
+I0AscYOZp+e4F/0YBo5iaO74fafllHCN5nj3WL5+hRcghhvTaOrmTea3D14OIl17
+wn1aIdclzOQoMu/SQUXuwflUDDbDHntudZBpr9TTtm0M+fuAYcJvsXdrT0PfoQSj
+BpV5kId6JE3tjhsIc0e+Hv27Hrifq2xQAIonuOgqlDLPqlTHeoAgofv43g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D7 F1 F2 82 16 4C 9F 48 C4 47 62 0A 5F B4 7F 6C B0 9E 94 A6 
+    friendlyName: Invalid DN and RFC822 nameConstraints Test29 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3D2649F13B51B3AB
+
+Ohs7+yDEVD1+Km2b7OswFMWhpy90ZHv69BL+zOULt5p9bpAMvG1kZwsIkdMqK/3N
+dT78GnLlgvLflgvVf8mCeJ0Vu7YG9wyD2hU058v7y5bELb2PZpP40y5QUDFI5gy9
+yoWfMy6/5DSpIP9uNgDNHRQ2DXo1hR7v/PSTSU21LvkwdaIsmSf2F/oOXD9UMbWm
+SnDmT6UuPqQaimgE4ejXrztGr5Bac1pPKj3t3iOnpVPTltN+A27bSKXgFUVJ3rxc
+DVUms/BzCwyxnnA2lT7IPidq0ZtZhX8075gFd7Fug5v6GRxd0OhBNC2TvO0Bt8m7
+K96BvurO7nveZqwtnL/zIRFVbnjAo2B6t5Y37uPzDtZcpB2sGhMcaZEA2aF4Pb6y
+ZiSY9BHm8AxoIiI5Wpo03vtPyAKvBXRP8xsEizmyPkf95ji57hB0zTsqx8SyiQLg
+HGigqleXR4aDMadnXlPUG6h7xcAimmSbxkIbdGNRf6pG8EcP8eE5Uk4gho1q+sji
+j6BZpu+7qy5UIlpLJIxoYEGA3+zMsUgzYokFyLfIf3Q9lNAwoSV72cpqkNHUKYH0
+IYk/kTk4Ej+Ypha/Ex2Yy0PJsJsaUQTlV0EC/GEkSyxu7nGItGfzIJoZPelC3PAU
+KwSzlKyJaR53QGN+kgd2K40XFxnpr0QPVJSGgQcq/rb1gPzoTxLOWC4bufVDvimW
+2VKVtlzcOPuSWM57psVWavi0XeIf1hAqtcWwbwXN6wYWkbtXIH32Arg5m9hYogKA
+ml1PIbgRyPK/2cK7y9DVW4UGZC14a0jUZ6JWZLA5sH+MtZ9TZ+lh5/0nEDPpxSKp
+HpO75Bs7aFywUwmGj3kxVZgmOBY97X+GpNnyye8RFaxQhXm6tQcGnYP8GnXnb2Ig
+YG5g4L+C3giVaUiYIVjGQY88kRC8u+ZwKFsnrkIzhtRmofuMwBhwJAZ5n0SIzUqh
+oDNPKWXWVTWV5cbssTdNAXiPwDh7om/htkf6rYn2HcWJssERFqD+WOWm61yKaa4N
+4CckPcH9G9gC/rVMAhBp/xmeH/KOHz72ygZYDgPskT35z4wpXy835OipyLJuDafg
+qtXtVPoXCzfdqjacQ0Y/yTXtGM+Ti9dri6Mbu8nSIa2RlVtf9GxAgv7lRbzRln14
+htlZpjrzdwnXV+kNbybqP525K+iKwjIwAwcqX8H+GMkkHRQOsyBDR5fRrnziC9yS
+Syl/5nkfiR2YR1qLpUK6/Nvs89vogX/o+rb+1ixw2ZevRG8rGLoY3OVaJ4HT6GWZ
+wN1Fpl3Iq7pxEpNvYkiVhf9QDRYLmZa0171LL2FWJGPQu3Z+d4JXg9PlWN2Gv7o1
+NIlF72ExRD5eRUjVKy1s7NxyxTK5McKm9OUNfn9VCW0nL7lj0X3iEz/SQRClAeSO
+YJheKoST8PKuyORHHI6PffbeShcgAl/N6Cj1RBb+87XlYAa8dSU3BpQ6jKJsgnXd
+/5PimVl9vbzWfxYu3oVMky8+GuDvY1njxuMBuam9ciQIfJVK9t026ZV4iamXxxxi
+bXyZYyVmO6BzIJ3toXCdNGCFdUoPlCOpzuudo2doNOomSEb64IDJ1Bu2kv4gmugX
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10.pem
deleted file mode 100644
index d79077aaba..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10.pem
+++ /dev/null
@@ -1,113 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN5 CA
------BEGIN CERTIFICATE-----
-MIICxzCCAjCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjCBmzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQL
-ExFwZXJtaXR0ZWRTdWJ0cmVlMTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMTE5
-MDcGA1UEAxMwSW52YWxpZCBETiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNh
-dGUgVGVzdDEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4wtLGQI2aSdxL
-gklYOXIk2EqQgeDaSAj8Qxcobr8rZ0rgMBdG0A4ygWX+jdsMNqu18m+WGLs4W84P
-I3+0QpnI7DrNez1cOAzew7lPKnkDW9tnBqKQaGzafp/L9i/QwFxw7q0/OyJXLNqx
-96I70felgr/e9i6Yk/NzhfHNoKqL1QIDAQABo2swaTAfBgNVHSMEGDAWgBQSNZ+s
-wbmh4zr+8S+6d7IITk1Z7TAdBgNVHQ4EFgQUwaAOiJj2GtamtV9rZWhiH3jfonUw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
-9w0BAQUFAAOBgQAsM+4rszF68aQzKZtZ+iLup5xun1WT0hwwvbL4qbzJuLAcCNWj
-22+3xcVPnJ/ODouOh8JN6vzYFUIm4Zojsdm6VJQlcf8Avp09vAMUWLyo7ScyNJgi
-/BXluYQ6PfjP/XwskA4RlOGYZ33Ewmh1xaic85c78iFgRWe1UfjmPxvMQA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN5 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDRjCCAq+gAwIBAgIBQjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIERONSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxmMyGO18
-wxt7plFRZcGPd5GxKiCL+NJ+O/UB82qQ1+GhwlsBTSo86QNLh9KPIjs3rrARYIo0
-FqA86FPnpIiE/yWOfuQOeI3t6yvWf0XsXvcffhjW6n6sErOqhXX7voiJODZMseiM
-wQ2Md8CcE3j78i6crfbdO6xGp2xNX63VmkMCAwEAAaOCAUQwggFAMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQSNZ+swbmh4zr+8S+6
-d7IITk1Z7TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wgcMGA1UdHgEB/wSBuDCBtaBLMEmkRzBFMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBl
-cm1pdHRlZFN1YnRyZWUxoWYwZKRiMGAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExGTAX
-BgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTEwDQYJKoZIhvcNAQEFBQADgYEAp32j43pb
-BqBj+2V14kyvmo+pgQ9H/ag1zf7WG4ei+McEkF7yvHSC6nfXJA19r+q2fAnvIU4M
-TriscCGq9oE6qzd3VIQ5wx8eJp8v9SG62gxZe3n1A8gzG37TvTwBOeEgxOKBa/BS
-8MNUbMO2SJwuE2pi9fnMhCgx9JxUQvQLou0=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN5 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:12:35:9F:AC:C1:B9:A1:E3:3A:FE:F1:2F:BA:77:B2:08:4E:4D:59:ED
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        74:3d:76:85:10:61:c5:e4:1e:19:16:23:27:99:ac:bf:2e:c9:
-        07:40:7b:fb:45:44:5d:c1:6e:d5:5a:e5:6d:35:d1:4e:9c:e1:
-        b7:21:0c:2a:7b:7f:27:ed:9f:f4:59:15:1c:67:1d:4b:8e:ca:
-        19:7c:a2:78:22:bf:28:67:31:5f:bf:f3:73:73:ed:c3:9c:fe:
-        2f:16:56:80:ea:ec:27:dd:7a:85:15:2c:e8:fd:c5:80:2d:ad:
-        36:ac:8f:39:5b:d9:79:ff:54:82:c6:61:37:e2:b6:07:46:8b:
-        df:2c:86:2b:69:ca:d1:c3:71:4f:3f:c7:e9:4c:c9:23:85:85:
-        19:9d
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjUgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFBI1n6zBuaHjOv7xL7p3sghOTVntMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAHQ9doUQYcXkHhkWIyeZrL8uyQdAe/tFRF3BbtVa5W010U6c4bchDCp7
-fyftn/RZFRxnHUuOyhl8ongivyhnMV+/83Nz7cOc/i8WVoDq7CfdeoUVLOj9xYAt
-rTasjzlb2Xn/VILGYTfitgdGi98shitpytHDcU8/x+lMySOFhRmd
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10EE.pem
new file mode 100644
index 0000000000..dc3b928db1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest10EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: A4 C4 39 FD 46 16 0B 83 D6 45 2A E7 E8 2A DC 7C FC 5D 92 26 
+    friendlyName: Invalid DN nameConstraints Test10 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN5 CA
+-----BEGIN CERTIFICATE-----
+MIID1jCCAr6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIERONSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGgMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExGTAXBgNVBAsTEGV4Y2x1ZGVk
+U3VidHJlZTExOTA3BgNVBAMTMEludmFsaWQgRE4gbmFtZUNvbnN0cmFpbnRzIEVF
+IENlcnRpZmljYXRlIFRlc3QxMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMtcOJE/RnaVHILDfZtHlUhM1+XAYb43ZVRpNwV5FSIRq9QuSR5liQ/UspVX
+Sf8+7TtcTN2jsJf8mpTsMFRg7bM7U9MYdtKkEMCuSZw23p7ViAdMXA8C1ZTrQP/a
+eqWRqjxcnywYAygYhxq3zJ+JPUzKJSOosgfd5bzhnteVXKUktQeOZkoJyi421/1b
+eXkMGK6EeMl7wQY0LofwaXVdjo07iv9T5c4CeHhTTctGqxEvpvkx5tf/eP7wEdvV
+5sQ9/FxcG+lzlnsi5G1ScvPoHrbWzSL18qnm7cVkTnl5qhKVWrGluFca9UDNgXEZ
+fMjrPn0KbHzma61GVkg9+W5SSRkCAwEAAaNrMGkwHwYDVR0jBBgwFoAUup8JypA5
+nE53Wuv7EJWs06dKXScwHQYDVR0OBBYEFPh89wp4MlOC1+WYAt+HqvvzZdLQMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
+AQELBQADggEBABeqoXPiGjUdCzGWnsb1grkUibPx8tfb31bfSFuo0iWoKA+RVecI
+xaepmZjcSRFdYN3lKRiPpmCXsBa8zN3vnQzAc53FGkxKmX/0FCUI/tKAKdeWN4Tj
+dahGQAjXBVWBUCaRlonqQ8xDzkWEGIuYS2/indcUZ3b4mp2QOD9tWMbglcRIpwoo
++Jp/VT0GjCncj/NOr5tnsImNUbZDSXUSQEatXsjQCK4kPqRhe56A7AWAXvS28L+2
+1BOYIyshE8G/2zYHwexSna4gvhrN23NbvLE0Jib+XzHekc2s2sss26qY7ZlkzMLq
+Ad88C6Kz0Va/w3kSxfmhF1fUrmYWgHkJ75w=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A4 C4 39 FD 46 16 0B 83 D6 45 2A E7 E8 2A DC 7C FC 5D 92 26 
+    friendlyName: Invalid DN nameConstraints Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,306CF9F2D3E6B1A6
+
+Zp9pcPFWANIirpQvHK1Oo/0T8DgG7mQeMIIuDWfKIv5pVvgFMchXizcEoqPCGtAA
+oH1UJhJCXbqO7Iwckv27OzpT8H6q9fQkQhd1sIYN++h0eOfwlC98Dc+Chq1sUFNx
+KzDU5qa51Io+K5m1KB+IDFmUmodpF2abmHC1EGF3DrR+a0GK/gZKEDiQ/80H0Uhq
+nyVj6Db3t8CQfFSvOoDFOQ4SnDOQ5Dd6yl55spw5LxO3fvFpXKtp8VMAmeAYMfKq
+2nJB0FhRNFNVDsnFmlHfAFrDZNCXWcCzE5s6uRirmnkNkwic6UZG1shPym/Ov6E7
+TxsMW5lLMPpHup2tCHcFl40LvH+6dIteDIvH/RW+/GU2RQMSqexoVjLKVeIRsCJN
+2YaSSYWXbu1r39ago1hxZpQpiAb/zSFX9WLnbwwkgF+LxXkRGhCDN9CF/+OaEvCR
+6zhuEChW8H24LCZ1Eiylv1jwL/tGaxgJgaW1WZx5+rgdtm1kDA3yljyPNzNQM5gq
+hQtvnCR8xvvl/oRpP1pfOJT01hw/CIGVMaAbuD4GkUbyq8qbACPoUV7VkAdyNYtC
+p+4cpsfibY3z2mG3Ln76zqCH8fFanAmKgvK8ywR0J7g6T9DWmIeqx2uexdoGNLag
+GWJkE7/Gl8149SN3Yl9foTf6+xnfHkgCZkLeYRaOU659pNrqsDjZ+/tXIaDh1de4
+YEs2F+LhKZB+U3+gh7vs1c/4+rViHcexFBagr8fSVnvFZyH968vb41al1tyPxXke
+I/MCqAvq84vA/WSE3jdpu1/1FdS8+hbiT5hGgClJJqYCFBXuQ5IeSQX75cNQgU4W
+BUkbiZqA/gMAjoT0Yr1C4dWgK6099WfEVqhlJTwRNGleDI6kQWTUnBUIo+ZU6u6C
+AXKllUPix9dlIKW+c2pOs+eAhM9oP4QXPP+63xFnVlTg7yuSzbZ8Xfnv66FKSq1c
+1HRbkIw1CO8A5r3u/ysK/iZdyA/EaBXSmgK0iy4Q3kMyYgqdbWrFyaxZIe4r0180
+dXE71fhUCiSIaF27KUPd/ZHQ+YDLec/ZW2nnA9DcLqAaMIEjLgszyt6DTqerS/YL
+zwv5fSZw9jlFQQPoiyuCRx1iXlVjeBDLwpH9iBBb1PZTbx544O+yYW/JtMwpBRg8
+d7zneCezW81dKMczmJvxhGEoGNIZ9FPAbfRbqWg2Il1Zz5mYyinUbso/UTYa1RUP
+tzkuZulPM6aPYEQbm+gMlFUqhZJ81VozDgj4k2XHIXiHApmMVXRyOvlEcCxOWJSh
+SksqVxwNjf+OlNZ0SwYDqdqxd/o3zovsSW0viH1dmorG+R9Yjil2HkZTxh9c8VOJ
+9EUWdlGmdV0YsiV2VkZ7Pl5x90mKZ8Jac5iZdPE1T8soQTlow/fGO3PCILun1Sym
+W5nR0amYd/xswerC63u5pd8XPGZZxcrLhZED9aipGSo51N2mwUFDcu2wI25VetDr
+DJdLglyIjWWIakrCEAYNcN8ekPDpxTJENPj1QoLMIb9T+n++TPiDAv+ourN4Cjfo
+FuwyMRdBEk9hRUo1oV2cdPO/oq6TTC0iEvYRjB7gCjoYXb4Va4y5W3PzVoYnmeu/
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12.pem
deleted file mode 100644
index 4b5c41460e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12.pem
+++ /dev/null
@@ -1,166 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test12
-issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA1
------BEGIN CERTIFICATE-----
-MIICzDCCAjWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1
-YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMTAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGAMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy
-ZWUxMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0
-aWZpY2F0ZSBUZXN0MTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK3EJPKm
-RDv1REuSTNdGYi/Gay9ESpl/z2BBw2n0WqiF9SLFNEuRfTZ7FQVNFQ0qhoP4V2xa
-YUeaSgmwZNcIdZg159xf8j2Qkc3uGAQoMGmRp4vbcj1Ev5yFXhvVLPnhp5eE8wKx
-u96ZMOfL8M/sxSRrI0zUKEUCMbzK2E0Mr/RBAgMBAAGjazBpMB8GA1UdIwQYMBaA
-FO65z9YvjsiFkwj+EBDuo1BY/kIwMB0GA1UdDgQWBBRlWUYl70WL4wPhhb56CsXD
-+SjqmzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
-CSqGSIb3DQEBBQUAA4GBAKnGr+IbKqqwN2t7AB4bae9QRHntR6fokA0gcPPMY7qA
-GxZGcA1fClTM+WZKr4AoCiDelOsxy45Pim+0bZUtzqtfhWKulkfgpS5cdPZmNj2r
-UkLeXnjjTjDm5s8YsQovhy20KPc4VoeYRMhkB5Wika28mXV2l0jFTG1VxcDZ2BxV
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA1
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIDHzCCAoigAwIBAgIBBTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x
-IHN1YkNBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtpBRaRDexKAJwtC+
-60QonOrQnFJ3VA/u5f6qj4iI30hKCIXL1aeAM5c2KmzL5gO3Vg7dZWw1f9gW2uaj
-mpHjfGmScQpaIFP7yNbI29PIlN0h8H2o4I6v7zDCteSnYy2qAkDkNLX6fbVENa7f
-eHcx8cvG7W1VNi0PKVQdVBz/PHkCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBROLqPn
-2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU7rnP1i+OyIWTCP4QEO6jUFj+QjAw
-DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MHUGA1UdHgEB/wRrMGmgZzBlpGMwYTELMAkGA1UEBhMCVVMxGjAY
-BgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0
-cmVlMTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTIwDQYJKoZIhvcNAQEFBQAD
-gYEAm5m4xlbfmnv2vDQ/hGoNbPv96saVQ2NMhkH3JVSF5lGUWfamMIsH866TS9Jm
-BDWOWMPDF1kL5hLEiGLSWA8ki5s+29AwhYXt0jcwdIbGfGCwVX1w3KF5k1nYv8RR
-FhwwXNlM+EKqqLc1nWgaXnsE8fSRMesdyNjQaJdCqRAYFXI=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:EE:B9:CF:D6:2F:8E:C8:85:93:08:FE:10:10:EE:A3:50:58:FE:42:30
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        31:75:7f:a7:8f:25:e4:4b:09:d0:29:6a:68:0c:3c:54:a8:42:
-        d4:f8:f7:6e:be:e5:b0:bb:f1:4a:e5:1d:e7:1d:b8:d6:98:ba:
-        3c:6f:23:4d:a0:8c:53:2a:5a:13:7e:4f:3c:1b:fc:16:c6:18:
-        54:05:e5:fe:b6:48:84:fb:c1:0b:7a:ea:bc:44:55:bf:4a:7a:
-        51:1a:e3:a6:d5:94:0f:37:3c:fa:4d:f8:51:ae:c6:74:de:06:
-        d8:41:69:92:8e:a2:a8:d9:6c:73:98:d1:63:5d:52:61:7d:90:
-        88:c2:0e:ee:ba:eb:74:c9:19:b8:c8:20:f3:09:a3:50:7f:10:
-        f9:e0
------BEGIN X509 CRL-----
-MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx
-MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMRcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU7rnP1i+OyIWTCP4Q
-EO6jUFj+QjAwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAMXV/p48l5EsJ
-0ClqaAw8VKhC1Pj3br7lsLvxSuUd5x241pi6PG8jTaCMUypaE35PPBv8FsYYVAXl
-/rZIhPvBC3rqvERVv0p6URrjptWUDzc8+k34Ua7GdN4G2EFpko6iqNlsc5jRY11S
-YX2QiMIO7rrrdMkZuMgg8wmjUH8Q+eA=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12EE.pem
new file mode 100644
index 0000000000..2905cbe756
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest12EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: E0 B4 95 9A 2A 9C 56 3B 18 FF 89 B7 70 82 97 38 1A 1E 3E 3F 
+    friendlyName: Invalid DN nameConstraints Test12 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test12
+issuer=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA1
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UECxMRcGVybWl0
+dGVkU3VidHJlZTExIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBETjEgc3ViQ0Ex
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgYUxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJt
+aXR0ZWRTdWJ0cmVlMTE5MDcGA1UEAxMwSW52YWxpZCBETiBuYW1lQ29uc3RyYWlu
+dHMgRUUgQ2VydGlmaWNhdGUgVGVzdDEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAsaY3YvZQ0g7cMEm8Ci7BM6eT6NjOLozJ+1H72HTRBstqGwFfoQow
+3jyt9v5Ea1qcrsDbzaCtV2JJDEx5jmt3//MkuJLNpXJRic2AZzK5zBlV5PoxzjId
+TiB28gPJ9JASOO6tC142FjxfZzn1/Id4xcEf4WccFfJiQbNMUe9kuIIBfEVLfVco
+gfEB1Vo5WblyMPbUWwt+b8xY7wFF2NQpNb8Cg6ebTGqPy9OSOaraNZQ+mLQOVVDT
+NqfwAaEY3QoqObS/zoI+aDE/ebim7U6MvWzZU1NZkbWY1ngD0+pLZX9l8op4NjJV
+Z4SOoUvhdn5NRdcEqYcpCXMW2ETJnMj9jwIDAQABo2swaTAfBgNVHSMEGDAWgBTh
+OA4UGBRDXM7nS2LHGsGS9maC6jAdBgNVHQ4EFgQUhQ2EBOSyja4LSx4MxUG0kb2e
+/jkwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
+hkiG9w0BAQsFAAOCAQEAj32dGQGImnemdjlbIgsR+DypC8tThQ6wED4/9HUarJ34
+NJ7yHV3s3GhPyfjGr+WiGgqp6Yo1Prd/epDxbDvdBKfrTV0yDZI/yCYZtZ6WHc9J
+x/ThYTx2XyTKdZs6GrgOMviX+ZgpV8147nxK6DKZv5jk0WoshMh7nYh84JeehjQY
+UON3XZ5NoiQD57HCUSNGrc0M7pUOK1CQHZzDh9pJnqSbR1sHERVgD8U38bEUFfUv
+mweQov0WolmQJmcVuzPZioDeNlhv72gt4qg9gAZEgbQDSyKo72qbcEZ7EMVB4nFU
+QOcPMqU0aq6HXBcML7OcgGZQm0iqDJrCpVwlqsaWlA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E0 B4 95 9A 2A 9C 56 3B 18 FF 89 B7 70 82 97 38 1A 1E 3E 3F 
+    friendlyName: Invalid DN nameConstraints Test12 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E3F57532B0E11C3A
+
+IhKIRIJX5AaatoF08s5ynXUb6FbIPL2Rbb0YcUFAw1pFgq87cvUAXWyyTkFna+H/
+bL395/7gnF7AdVAHYuRDhr38mgi5JPFkkB61s8j6Xts7RflSs87WV5lhDRV6d6z9
+/Ym13Ci9F9maC+ySb/ueTshw4htYQL8nK1wL7W8K+RKD3EHubHG4dd8fKkVWsA+C
+yrllIQKAxq03Biu0yjVqNweZXfLEer0nkh+3gh4xiS27EyuwOR875rdv+WXpHfdk
+bJWJVLCZ8KzwJumgQvHCWs7vXzjOtp9szlfshheA+VzngAw0wng03z9VqM60xtg0
+RfjgoTRkkGCgYTWDzrYIJ/pKYKIm+VmWlOXX4utPUtH2P3JQRJfjGVQiwlrQ4nP2
+m/aiLNGp4+wuaMg+fwDJGs1pZNZqy1EO3nuQSvVtwuZw1EcgAn0yn2XFoJWKxNZF
+rdSDpqV7zbmQMkRapqoRK89JG3wlaz+c5uCsHaAMBxmmxH10ZWz+uIIa69M3JCGj
+8pYA2KTI/e4Fic2sKrBMECzZvQf5AZvZIp9YbUR5PBzWLQ7FUDL2AAYtwBFi9QV6
+A9JAXFxH4Fe8Qop+zefRzcnl+8JPNNirkMx/GM+LsBhWyXUyRrC/PexSoL+S6L3J
+ub/zTPbIHUYUHn6Pt1yxQ1Xz0V0a28uaP/BVsDayC7dMcUJ9gYoJbTTNq0or18oy
+PyQ/Ws3vEYGYtmjvBJuXWdOi3vdhK+OGZ4qz/+/W2BKaVFoLD+x0rCZGrqTDR/Cd
+7yHlM6jAVlB27N3TiOLq+U7xHdTag5WQfhlAzJe3LpXzR3pngfw2+s5NYnEAf48k
+UIz5oonMVKGJ5s9XBIOOG9OXiooEfmRD4w+0YLiY2DEPaKAgU9VT+rdk3BZAdCtM
+4aeEe60YzTHU5xQJO/fe4BrEOGfyF5Lr9doWa0x7Bj1kZIUwuAX6Oa/egMqsReX9
+MxFb/fhRsl2x+O6LAcrWuS0ZagdUzpaKtqw77viXDO52fplUbRINyMtsjRHnZ5vP
+4e5z7NU/ER6IiFLLwXLATUPEmtozGUefL2wt9RzBH+UpZOohKWjc/eET5DvejBAU
+e+QepPEnLVVjqI1veeuo3gzdGMUczRwyPw7t6bhKaxf+fmR9xVxV1pjpX++QzMx6
+842Rd3eKMwPI9jdpSq5U21K/7NlNzQZKa9T6y1lBIgWY8F+ocdPU1Oi8x7X0Vhkr
+NP1kFG+D1kBMcd34gfQw+orvMACI++DgXWb8zQzwlTlPkQjmPTHjn0aeIZii1ZMt
+zTUGeojlP/9aaBrjhrhcAUdTvGBK5MS+TSxc2IAgDtM+XrmHxK/L5OJWhOLlfsvt
+OjOh4Bz8lRe4ybz7znywoGpISK9KtJsh47m+WON8XrIGRxlQDw4HlPi42XBbleqa
+FrQWaat16buFiG2OoJL6qKe2fqpuaT/zd4vQBEuBE0Be4zhBEoJZ1hJyFq157LBD
+9u6XAat3riRv6kzJ2G8RvFwGbTVoYtIOSIwzVdRtk2HHPaE6yp3cc/tpis1ig5cG
+xI5qksskLmPRC5FGvQ0i3K3t4YJrWQisrVwth4wSe/5YvfbNpD+QjA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13.pem
deleted file mode 100644
index f80308db49..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13.pem
+++ /dev/null
@@ -1,166 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test13
-issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
------BEGIN CERTIFICATE-----
-MIICzDCCAjWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1
-YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMjAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGAMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy
-ZWUxMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0
-aWZpY2F0ZSBUZXN0MTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKzBUwkX
-ODmjiKuO7MZlzTSc4Re/YVclO6AWzJbjVn1RazUtEisXPWkpv08n2R5ufbWSSnp9
-Q2/iMhNutgXf1w1kQ3tCZ/T3bhIR1c6w/ouwi8ykUP/dQlCo91V9PBaGbA/ARORv
-R5mJqw113jWqok2Mr9xcMe393f7kLFt8yx5fAgMBAAGjazBpMB8GA1UdIwQYMBaA
-FNWvaygNna1IbAyCKv/SaAkvFG1XMB0GA1UdDgQWBBSCt3/nyCSzztm6BrD2K2Fl
-4aJOtjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
-CSqGSIb3DQEBBQUAA4GBAJaAuvc9jA52+D7MggYkPmix9SdKXbI3nEcYpIXuzwO2
-hAzPuV6wpHgf4Ol9x+zrbWQ2KVvJ7zXGEKOjbKZb7O7ynb0yqDv9nRbOWIEU4lwD
-Fzj8Pb3n9FnnF7awDloK1pMoqxOXeLWsk7RP+psMqVuAQgVxrYYBbTwQXqMCAmIi
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIDAzCCAmygAwIBAgIBBjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x
-IHN1YkNBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAteRgCqKcIeCHmYMc
-xyzmM+fCjW6MAEl+OFQ9Q7UJ1n9YE0TuaGiSxjTkrTXwDF2JoDwMtC6FoqnvEyEk
-kAxNlM0oiLhRxM9FcNCow3VK458jtPozrIgd/7PAP+FXsqPanD2DRYj4c1gNKSl4
-U/l6HyTj+yV6ax5EkPgQDLQlJksCAwEAAaOB2DCB1TAfBgNVHSMEGDAWgBROLqPn
-2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU1a9rKA2drUhsDIIq/9JoCS8UbVcw
-DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMCVVMxGjAY
-BgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0
-cmVlMjANBgkqhkiG9w0BAQUFAAOBgQANN5YtrqXFWfdpK19qY+rn50d/fYdLaOU5
-dSIAqmnB5woTCXdWF0LUADF4DkPfcWBxbE36lwBuGXBfiInH/5yLRy0Y9cZbtHSg
-QwTIf2a+38pR6QyBniftVBmBTuhO/PV+/kA8gKAZ6X4+vGMv69YjU9avYeS1o+XW
-liQdX8l7vg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D5:AF:6B:28:0D:9D:AD:48:6C:0C:82:2A:FF:D2:68:09:2F:14:6D:57
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        af:f5:73:47:0b:2b:ce:c1:5c:82:7a:07:ed:cd:ce:55:02:85:
-        34:07:7e:46:10:13:e0:94:7e:8c:27:9c:f5:52:89:55:5b:fc:
-        e9:08:32:b3:54:75:03:c0:ad:8a:b7:e3:fa:5e:73:10:90:5f:
-        26:ca:6e:1c:e2:68:e4:99:4c:06:38:3b:56:25:ce:82:a5:7a:
-        3f:0e:c5:a4:78:8b:19:d2:fc:a6:4f:f2:6d:d6:12:5f:69:03:
-        98:b8:00:c2:0d:4f:9e:47:fd:66:3e:ac:e4:fb:55:f3:4b:bf:
-        42:54:ce:46:a2:5c:fd:c4:5f:d8:61:5a:61:9b:a1:2c:af:0a:
-        a2:2e
------BEGIN X509 CRL-----
-MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx
-MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMhcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU1a9rKA2drUhsDIIq
-/9JoCS8UbVcwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAr/VzRwsrzsFc
-gnoH7c3OVQKFNAd+RhAT4JR+jCec9VKJVVv86Qgys1R1A8Ctirfj+l5zEJBfJspu
-HOJo5JlMBjg7ViXOgqV6Pw7FpHiLGdL8pk/ybdYSX2kDmLgAwg1Pnkf9Zj6s5PtV
-80u/QlTORqJc/cRf2GFaYZuhLK8Koi4=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13EE.pem
new file mode 100644
index 0000000000..a630148db1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest13EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 4A 1F 06 92 A4 FF A8 63 D9 EB E7 9D D9 DB B8 18 BF BA 17 DD 
+    friendlyName: Invalid DN nameConstraints Test13 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test13
+issuer=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UECxMRcGVybWl0
+dGVkU3VidHJlZTExIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBETjEgc3ViQ0Ey
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgYUxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJt
+aXR0ZWRTdWJ0cmVlMTE5MDcGA1UEAxMwSW52YWxpZCBETiBuYW1lQ29uc3RyYWlu
+dHMgRUUgQ2VydGlmaWNhdGUgVGVzdDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuD/PFvZ4Qii7uYsJkBh3y1o8UCIOhlno/UJa9fVTjh3hwChhv4mR
+V2+1yfOib7xKN7694HOCyl/u13ZrsLG7rG/7FcQnZmEd43+1gpinF1Y9QNYv6Ilh
+/inHyGe4iLRveuNCzneUH5JcDtklbuaEhUZvVBch9BWEeD/Jp/th2q0ojbFzltMI
+3dG2a24zL4BGbNHBdD8PkbfKdE2N9CYC6f2Rd1c0TYdhZ8ZCW2WZ7zUiK70zUKAO
+Ng/Bs1VGhaB1DjWu3gbrC+d4z4Q77FN1h1ZPJP5ON/SC7Tf93TWHHXHfWT1lCot7
++abuzyuN6kCKjunaC5tRCaMXGTT5EMEt3QIDAQABo2swaTAfBgNVHSMEGDAWgBSi
+L1iDW0yVl7fu9oe0lw7gf+CXFTAdBgNVHQ4EFgQUwJd0yB0ypi+GIJqugHjmrt1C
+HB8wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
+hkiG9w0BAQsFAAOCAQEAJv/hxkQtOORch6bfYubBEe1urCmntR2Fj73iIooxcewT
+5iC1EPgWR3IluR44YUoWulHhmRNeUqnAtfJYJu5HhYIt1NLXU5yODWJKJ+ZSIUsa
+WkFqdPAVp1GDRhDUP4shZC1Nur3gH0wXBQQ3pxsWjwPWNccxF9ZHR7gJxPRPPdE+
+FYGeeTyfzpOaDdiQ8Tgihhjh3CTk463nA5XaFWd/7MG+YjnbvGQWb/ag5TZh4yHo
+O0Qm5dWFzqyY/UUDV8D2YaDY9DFEk0rpJsfRTCg6fvq+PviGAY+D6uC4YMe3mVBz
++HYIIgOC1OOet4dCoXsgIiy/0nyx5lRU1LSWOCUCSw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4A 1F 06 92 A4 FF A8 63 D9 EB E7 9D D9 DB B8 18 BF BA 17 DD 
+    friendlyName: Invalid DN nameConstraints Test13 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0EFE45D2311943BF
+
+t2sVjyqv8j4shfBShB9JGyHiR66fXfETyuBtShElRz9MZAEVETzBGUunQoY8nkcB
+VkntDIige6tpxLUM55A0JNqsd9wfaR16FtJyEa0yVjaaKHgLjKfp+Kjg/t6tXnmR
+V7RV6CpyVkyXaBnXFg35JC1KPl5SNJQM/RlYAPI1uigyFuEQdLdArA5L+eY4p+Xt
+m0xwkZDVFAkQDnjz/I1+d8HkXzNfwFZI/F/CkwCdkDaezKTxUix5h9DDmTcxa63+
+xWUF3jmXRw7UQP3WKAlAQQp0H8uWLfS3iEQSsq9L1vPFG99sXQG3QxRihDBilUKb
+Qj7JMst36B/xSRH8vHAU+VqellZaKHM2HB9p+wk9t76j2yS9HQqwW5InjM0KEabq
+Ik9dZg0TJ2lXJGHKWn0zUv1u+yCZZslES6n+7kFspDGhu4Z7tUnlBzWCM0xTyt+b
+PtE8cnudvqUzOgic2GOOyb8fZQ82IONasVHgkFSMt5swBcB9zp6vmNoi7U7POjxh
+h4HajSQiPRTUE1J5hePLVkAqC92PxsT/Nl8IJDuSOySojFGepuOddL2o1KbyYru/
+7UEnSJHliaEQPwiCCI4crMFx6Km4W7UagalhqF3g3aqjPS3TnID9gQKpv9SN67FQ
+9D3E98AEEV0G0SBLzSu6ZFD9cfDhg120FX5m7xwkLdFjy9P3n9M/sqTiV9GyewGa
+HO9tnJZ6fh6+PR+Yd+RYf6827KTCHbVs9Ure1g2SsAtzjjg84tnjpEm+aHQxGa12
+IGnWTdAFr2gNG+7nq4I0gaqPpbdTwpT108hrv/IO6JZnjolTl3fQ99QyiP8YPqXt
+kuAuJLf2wKM/KJzdq/UW/94s9G17FOkmxdnXKs5dh+wNivcpUtlWGPcEorCTU+mH
+I4Saic1oT1/zgH3ldvAlWjKc4ht4nxRJdnwAwssEZqu0beqUu+35IjeblkpATzAW
+6ec/DR3P/Cq5UwT1ZbEO9E0y/NzbDKb8TE4fTWe2G9PU6e1IQ3J70kCyMEcY9wJu
+UN9p8qEa8NZUL5b5fN4dOfg0MeeOIwGIu7H3j7OlBkdc15WEWUAnoKgg2m/E8mL/
+72JcmiWeWXvuwK0FVln2XhDdOSAn4S5xg02zftorRQSP4Mg8OMigG7goq0qZAX5F
+VOGJewlfsyq2vD4NRPxVhRw9AvECpox3hDW9xHaxiyf4VjDOZzAPgM2aYqnmxJ4o
+XxrAqlKu8mBf69eCd+WFdL+dzSht7x6s4FBZ87Bj+A0Yr8+X2G6+XMIY4xh/hrIN
+gtlNwVlqduguhFgBBN1mKAds/wQT4EiHoeP6ctveHI9c/FgRuT5NsVYQgum/cxIR
+MW9zMJxOySC77Q9OSMRP1TL2pBETBqVX+rI0Bhzoh4Aw+Eav9w6Be1zJN/8rW8Yx
+FLdRnKbXeUduW41E/MC4pnLMHWCriXjBzN4w3rAIHUz9Rb/rcBpicY9ELfGO4ynT
+nrTVGd/Pr/XOgartdpCBenRsnKAy3pOksHI6POpbEB4oNUspFIEPooJ9jH/xiDuV
+4UIBhmbDgt7yu+x2IJ4wwOhQHxRdFVaNaqHc57o0QLyePTBH+aQJDg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15.pem
deleted file mode 100644
index bc87ba867d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15.pem
+++ /dev/null
@@ -1,164 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test15
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1
------BEGIN CERTIFICATE-----
-MIICrjCCAhegAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBETjMgc3ViQ0ExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-fzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYD
-VQQLExBleGNsdWRlZFN1YnRyZWUxMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVD
-b25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTUwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBALLQPz8+2Ja6+sIASgBJ/ylBL061WtWS7vJK/LRNLFf9MyYG
-VjXkjZyk9ZzlafhinCiXgrG77RGH8mVjuSwDNewt+DGGphh4dSnvg/MHRdi+NdSX
-hjVOzH76HO6U0iKSSQCvNPSlTJrPWQkZDfj6AGO+5Pmn5RXRX7vwRuKDSsAdAgMB
-AAGjazBpMB8GA1UdIwQYMBaAFK2SFB0uK9H4irG3IS5+jhlpPDR1MB0GA1UdDgQW
-BBSpk2fPoInUxlgPeiQDw8iOa8Xp6DAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBACfYnz7Xr82ytcccJe6v
-+1rv6v8SSi/dupn3lA8ZLFPQiM8Ep2kf5XkmrQCHk498pBRQJirzWX20QQSTv83B
-M9DG721LCvFZuFB17sf03DMGDXw4ISy3bs+3I87HwHyziC9OtryWACWfZ2lAGUpD
-V3U25s5CA62+qbg1jhc5LAKq
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3
-pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl
-4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi
-LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH
-NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl
-ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn
-4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ
-Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA
-Wofw3VBcFpqgolnA
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
------BEGIN CERTIFICATE-----
-MIIC5jCCAk+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMT
-Gm5hbWVDb25zdHJhaW50cyBETjMgc3ViQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCmh9zeM9BeyKndgrRFYNxn7+qDC4AKVdFmpv1ciqlk3RwU04FCEhC9
-kN1hhqnghWi2XzHZ67kQD/azFMLQZU1b0JTg062pMox1ezyVsZCejrXUK8kMHEnW
-SNSHkU6KnrSC4aHU5jSV8T2uANRsR0wQ80iBfuq+XcyF3r8jVsbpqQIDAQABo4HX
-MIHUMB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBSt
-khQdLivR+IqxtyEufo4ZaTw0dTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wWAYDVR0eAQH/BE4wTKFKMEik
-RjBEMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAX
-BgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZIhvcNAQEFBQADgYEATe1pMNm0
-Ae3tuDLPpXrBaSog47WFgLklqGnB7xH9+4x4SGehRirWS/0TH839Rbb/rmp0XptG
-ECuOUS+tqrhiMPYmWxv65XMpPfwKHjxj9etcu/MgXytG7l1kFwuHP08zu43BEqRS
-JY0NuHpCTzI4Natc8cB3JTktdUOAF2P22c0=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22:
-        dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d:
-        c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25:
-        85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a:
-        db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17:
-        6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1:
-        7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b:
-        16:a2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC
-bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd
-F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:92:14:1D:2E:2B:D1:F8:8A:B1:B7:21:2E:7E:8E:19:69:3C:34:75
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2e:dc:3c:fd:cc:c2:50:20:4a:d3:de:11:60:93:75:ef:28:af:
-        87:35:19:c7:47:5e:f2:c0:73:35:5c:47:4a:bd:54:84:f9:04:
-        30:4c:a1:32:27:85:14:cb:ca:72:9e:77:70:14:ac:20:72:a9:
-        d2:6f:50:b2:ae:b4:29:03:fe:00:c4:92:96:14:68:81:b3:d2:
-        dd:60:41:d5:ee:d5:66:db:b4:f0:d4:5f:a0:6c:93:d8:3e:e7:
-        a2:59:90:af:9f:05:22:b0:1e:f1:67:06:2b:85:eb:dc:a3:16:
-        13:ad:74:89:dd:db:2a:71:8d:a8:22:8e:2f:f8:ca:7b:15:f3:
-        cf:32
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBE
-TjMgc3ViQ0ExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBStkhQdLivR+IqxtyEufo4ZaTw0dTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQAu3Dz9zMJQIErT3hFgk3XvKK+HNRnHR17ywHM1XEdKvVSE+QQw
-TKEyJ4UUy8pynndwFKwgcqnSb1CyrrQpA/4AxJKWFGiBs9LdYEHV7tVm27Tw1F+g
-bJPYPueiWZCvnwUisB7xZwYrhevcoxYTrXSJ3dsqcY2oIo4v+Mp7FfPPMg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15EE.pem
new file mode 100644
index 0000000000..f0fe0166dd
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest15EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 60 0A 20 9C 91 CF 51 0B 4C ED 5E 8F 9D 2F 1D 28 18 91 9E AE 
+    friendlyName: Invalid DN nameConstraints Test15 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test15
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 subCA1
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIEROMyBzdWJDQTEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjCBhDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExGTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTExOTA3BgNVBAMTMEludmFs
+aWQgRE4gbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3QxNTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK4B4XI7DVIEJPX7gqGREXO6XSno
+4X9Z4RamnbW0YiB1VGZeK6xusEN/StHlO4bDt/KfrvqUXJvm9D1oJjPX2rE6By+t
+Mi5al/5fCGE9rUov73jyKb4eUSCy5aTHfyjuu5b/ts46WkYOKqGEwSBCQLPqGR4O
+YXK5/QSZPIJwuvVJXwEp5/4dv9Fg2WRwRab7EXQfYut7AbQcyb4FrMwGPpja84JW
+q5jCvM7EsdmWZXhRvoDrqUtap+aotmfhps67INDFvoL4waIKzrTX2gmjO5kU62VT
+78gJfCWE2boB0tUsGGZLyRdvJ8SPbd0eEKykBejqvHcXb51ea205H8xZarECAwEA
+AaNrMGkwHwYDVR0jBBgwFoAUgLzHLveOGn/xOHv0Nevd6VjGPFAwHQYDVR0OBBYE
+FHfYNlCl24s86ePnQaSo5hQFK+GuMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAGqCCsaPWvIjVZbJd4Eh
+wY/G7O/cnYbUjVR4IRbj5Ce0lS2+nspJK3D6gqT+DCOxZF6LJQuGOJP6sQUX9OHR
+T2oAbrb02A0UqlrpA3s9DtbspM1/yWcHoU9hAP81zVcNq5VNrcdqdFMvmV2MwSiy
++Fvlc6K8QhHxnDaL6kSfdci+C27FWCahH5r2N/1l3Bpou8WhTtjsRqvAgzj2yHRd
+DgJhZKMjtieSQkSWQF4yvkUMH/AVnD5xOpSqceaiVFqUFfRSRhHKbtq/eCNZW0RY
+i1she5uNHI3aMZS7cajWOltPZ6GYCQ9ovLddg5foIcr6YMaH5u3BYAUCdvMwZeZw
+8Qw=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 60 0A 20 9C 91 CF 51 0B 4C ED 5E 8F 9D 2F 1D 28 18 91 9E AE 
+    friendlyName: Invalid DN nameConstraints Test15 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FC1B613AD21A2C7F
+
+Ebd82tkOQya0n0wh75My+7nzbmeoUtouc5grb4vdfB5fiU6VOE+W+tV6qJLOUBXr
+Bue1GRFfVMkOKhHdzfK6fKKoaVSOxMZJhM8uieJrFnfGPwMhl52el81y4A6lvN80
+VKwybkHXZZ43kyi2CwUN1Qrj/AsXSpwQ4pJntYt8ukqqp1NN52HUbNFraHP+/xrN
+qGinXGbcwYJCmBhwEyC9LvLWDP8svwJFBsRN2RCfZarlKNjNxqxiyJzej0C/1qp3
+0ATwsmMhGkLq8UBNeaJtzppKQJh/SEeLS0FpKybImxXJ4L5vKOkTsTeDH42SpQnq
+xQCBf+4S2ZMOtyyD6LYVeR4pkWycJIdDtlfKNdsNt0ynitlyLDPqGM3L1hShfqpE
+9O7TL5rNzccnejc4KzqiSISjAF3tM5nYTPbyfOlx44XS11K36OMnMewPQ2Yu1+os
+NGam/6TTM2wshx2zH2bgxq2gGKIEcNn9Tlab3bB2fxt5Gu0WJZ+LuMW0KtWEGLJy
+K1kWkUE7cnF/sqtsbz6sZd5ooyJyOuJfgI+Y3xNeqbAaBDddYUsuORrXbRzRNIrs
+PlwddJQzcZoQ9lyN2KsTUi44zv2oc1BNBWQtRDZqimgdFouybnnhcjAD7Nj3mNLG
+ewf1vFubZeQRIGFkgwBBMgjU5HST1BDNbOrMxZiwmvVF01k6sCDvRlxRVaSZepBA
+ewwenA4hoaYpcXkgooFDuLfRFzlrtkVsO/3mpLT9PYGrWbETfdkKbWhQ0dwi/Vo2
+7eptrrZNJy6oyLzNk7ptXf1M5DVXDCjqg0yH+dE1RrGH+ursq0q845j3iwhMX7sL
+xlJcj/Fi8kkKI2YrzsDNbB557JK3RuudID2WPu7EuUYgbSVckX8Jl8P2OhH+DrDi
+PBHkJvnxaWLs9tZA3edfS7uFGeTobNP2Lk5Xvc3ecf1vGsnnLsN3F4UgT7u2+cKP
+WQ1CO0fQcJd7V79NzDqf/q7fPn3XM4PlykhZIVQF6fZvGpo+BJKyqOGRuNz/0YSF
+D8mqyA3RJxxkiIuUi9hogA52kuuMd1Jb+rZWMJzpg9OB6/B1X8TVR9NGcSS7qxyl
+Fl8+Vu9MdDT1VTtrWrAV9WjdBHUfrZ7ZGeEMoe6ZZHz7V7H31mUZlNZ8TWrRlv4r
+e2ph1qYp2DPNpX2hFyp62q/2niSZ4o98Z6IcIxF3ARjP5NpEH/n4lyeegXhBfC+E
+BEc33I6FFiq/vLixq51DkE4Dl2ou4TOZzpdSive3WYU+KVCQSaOFQIMPFwjY0ObN
+5rk7in6sac7IxPgAr4wB1xdwiAwKisDs3okGAAXzhXmkiN48P1CGaznDKUqgViih
+xiA+3cxCn5xzviO+lpb6A7V8NEgIHeSqL8BeRTkx07a8smQEHZFi/wjIc9DNYd57
+xDtwbcdvXfoJmtTQGgkzIWdzXuy0Gy7f3FmDV83WBfsv9RN9Kpgy8wn9Wbj4Z5E6
+HaIwE1/hQkXQSft2EmUrnGH5zmHDNf6FS+HR2w0OauvIsfkZ5ULrj8iy4byTzVbi
+4YGMGQTdBSCuVV06seeFhQpdSkVIBSM2U4ks6o3hea9MRx2U1CeT8sYria7trvdJ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16.pem
deleted file mode 100644
index febf0898f0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16.pem
+++ /dev/null
@@ -1,164 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree2/CN=Invalid DN nameConstraints EE Certificate Test16
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1
------BEGIN CERTIFICATE-----
-MIICrjCCAhegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBETjMgc3ViQ0ExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-fzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYD
-VQQLExBleGNsdWRlZFN1YnRyZWUyMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVD
-b25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTYwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAOHnVdpKkQqlze09wh5nIsO6XQJwHBHVdhdaB5eaMXveb0Vj
-yiVBMk4NTrzIJ/7lL9J/qc4WzXAr1u1AFed4shRiiOEMAT10BXPoDfS3FjPytZC5
-UWXRE49DyE8Ksc9hSa0IBwf77wKXBAIM/ygc8XXYwFLHWy0Nbq1C2mo5AFpFAgMB
-AAGjazBpMB8GA1UdIwQYMBaAFK2SFB0uK9H4irG3IS5+jhlpPDR1MB0GA1UdDgQW
-BBT3GktmXZE00780GNgXA/GoC2kWPzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAJtYdflHLEVQC1ar27ke
-RBKtpwSsi61XphZ/gDlrI7bo3wG41pjy5tvPv8xuIOsC5isYgU8dyjJw3CF5LRdF
-FweDdftBHwQ/zmwL1sWj0h01k2ggA4c0AHDqG1J9gPKRO42rdqcRUQ2wgq1rZSDu
-iaJY1seFNoxyls5MxFF26Gue
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3
-pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl
-4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi
-LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH
-NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl
-ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn
-4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ
-Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA
-Wofw3VBcFpqgolnA
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
------BEGIN CERTIFICATE-----
-MIIC5jCCAk+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMT
-Gm5hbWVDb25zdHJhaW50cyBETjMgc3ViQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCmh9zeM9BeyKndgrRFYNxn7+qDC4AKVdFmpv1ciqlk3RwU04FCEhC9
-kN1hhqnghWi2XzHZ67kQD/azFMLQZU1b0JTg062pMox1ezyVsZCejrXUK8kMHEnW
-SNSHkU6KnrSC4aHU5jSV8T2uANRsR0wQ80iBfuq+XcyF3r8jVsbpqQIDAQABo4HX
-MIHUMB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBSt
-khQdLivR+IqxtyEufo4ZaTw0dTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wWAYDVR0eAQH/BE4wTKFKMEik
-RjBEMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAX
-BgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZIhvcNAQEFBQADgYEATe1pMNm0
-Ae3tuDLPpXrBaSog47WFgLklqGnB7xH9+4x4SGehRirWS/0TH839Rbb/rmp0XptG
-ECuOUS+tqrhiMPYmWxv65XMpPfwKHjxj9etcu/MgXytG7l1kFwuHP08zu43BEqRS
-JY0NuHpCTzI4Natc8cB3JTktdUOAF2P22c0=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22:
-        dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d:
-        c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25:
-        85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a:
-        db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17:
-        6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1:
-        7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b:
-        16:a2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC
-bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd
-F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:92:14:1D:2E:2B:D1:F8:8A:B1:B7:21:2E:7E:8E:19:69:3C:34:75
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2e:dc:3c:fd:cc:c2:50:20:4a:d3:de:11:60:93:75:ef:28:af:
-        87:35:19:c7:47:5e:f2:c0:73:35:5c:47:4a:bd:54:84:f9:04:
-        30:4c:a1:32:27:85:14:cb:ca:72:9e:77:70:14:ac:20:72:a9:
-        d2:6f:50:b2:ae:b4:29:03:fe:00:c4:92:96:14:68:81:b3:d2:
-        dd:60:41:d5:ee:d5:66:db:b4:f0:d4:5f:a0:6c:93:d8:3e:e7:
-        a2:59:90:af:9f:05:22:b0:1e:f1:67:06:2b:85:eb:dc:a3:16:
-        13:ad:74:89:dd:db:2a:71:8d:a8:22:8e:2f:f8:ca:7b:15:f3:
-        cf:32
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBE
-TjMgc3ViQ0ExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBStkhQdLivR+IqxtyEufo4ZaTw0dTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQAu3Dz9zMJQIErT3hFgk3XvKK+HNRnHR17ywHM1XEdKvVSE+QQw
-TKEyJ4UUy8pynndwFKwgcqnSb1CyrrQpA/4AxJKWFGiBs9LdYEHV7tVm27Tw1F+g
-bJPYPueiWZCvnwUisB7xZwYrhevcoxYTrXSJ3dsqcY2oIo4v+Mp7FfPPMg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16EE.pem
new file mode 100644
index 0000000000..c316526811
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest16EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: AE 1E 1A 0A 94 59 91 60 A1 B2 34 57 3D 1B F4 FF 56 01 07 37 
+    friendlyName: Invalid DN nameConstraints Test16 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree2/CN=Invalid DN nameConstraints EE Certificate Test16
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 subCA1
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBAjANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIEROMyBzdWJDQTEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjCBhDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExGTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIxOTA3BgNVBAMTMEludmFs
+aWQgRE4gbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3QxNjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANZg8OxefrZytpf0OyjRrUzPyqCB
+BZveBF5ZuHB7qRZwF/Qq1v05U23mk3+7fz7oE6xGAgPvNKjktkfflGZI2hRdPNlN
+GGqlc2YwMWDwLTmtS0hyyT8Ui7AL0cwHJrDeau7litk6uFOBP6VE7FlUEnMU9ENm
+hHBOmYt/tjARDf+kzSle2+saArLbWqBPdMtLtRwD3vTS9Zr+DvccEn2Jx7YiSZDM
+tRJaPgoiv+15Voln0E2/XS2fDdog4olDCO5fZ51KNIokMmp+6r55yevXxWxUae2j
+ZBLFyfD7hS3NTGDBhCFEry2dbRZb/sXOlPSwKN+x+QwCWBRo63UArRoi348CAwEA
+AaNrMGkwHwYDVR0jBBgwFoAUgLzHLveOGn/xOHv0Nevd6VjGPFAwHQYDVR0OBBYE
+FGC39OnVftLAciz19L+MYPKsjyXGMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAE7YpcJArWSxTC/zSZh/
+22a7N/+JOQysAJJ+wKuudXUeN//eiycICbpkUy+hVF9JtZ8Ryy07GyEXm/CMg/Ub
+PX1EEvIkH3nyAI6rw13hw2PywCzRabDXwaipbRU8A4dhTh3IAcuQoCcnO4gYVBk5
+2Z2Wl5v1jXsCzgEj9gUuZdwLeWqJ2NIQvrOIvauRDP11OcUs69lC7zjJLWgCQ9y3
+2UC8nFkkN85P7Mc4A90HcGPJuc1DnPCTvhY5JdXem9/snjVcpa7PTbusyZbrh0X0
+inB2hldbyOVTyX4mpUsUW1h2X3rOETdkBHZuLwWRwbyXc01ElGuGnfgihaX1w1i5
+BoM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: AE 1E 1A 0A 94 59 91 60 A1 B2 34 57 3D 1B F4 FF 56 01 07 37 
+    friendlyName: Invalid DN nameConstraints Test16 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EF370C6F852FA1AF
+
+Q+F/GgVNCGwQOIJ1hUTYigCtf69Z66XJ4h79h2Tq3LzgC3OS55xpdLWgxqDXftbv
+gxZuben61n/Ui0vpQs5g870JJcYLJfic5DXAlRHsP+aXOyUssvJ4IV3UetqnGjF/
+0p2rC0jgjdIR+jdlXLjPU8JaegWMdd1/Mx67PW49CfWg+ZvnbIs0UB3ADwrjBrb4
+OKL9dkVXqg0+pPjXhOgD62GT8DUXtAH24o76E6gJLBaivXHnihxx36dVdmOYampv
+kVn9NHir0isprjjpY7Es8QLDXc16HvEyO2oUSRcE2x8tmblUyuTrm8+CFfYQ2Y8P
+0zfa8bwDdxr8L3/DTAgsam/ckjo6wdOhvkqvMiiErl8DdoLyAysCNRhhDROkr62V
+syFeJfzOP+5RvHDkMaHTt8QpsV/2yqW8LoIyxhnDHxh4+SrZDjxg/3sh0aNApWOl
+m/WVsBITcdX4w5XtnkqqOWVr3YH72aPy7RQ6MSYLHSh1q2vrYOrbigcFnwFWFag1
+ZlavGpxatKwADvpCslZqM7NtSQDF8onL0vDaZ/1hU7BsLamfSCmXhlzeLyqCKeLN
+XtC3fMog4Gy8qOYC/JEYAIptZMjjuocDfbGVhUrJVhXxqzBgUxxAtw4Pm1ZgNxTD
+0qS438itpk9U2ZT15YqTOidKclWOIYEtJx1BHIZXCbgXl+YToHH1WhSDlPrOEr8v
+6Ptbd6KgkZhlpkzEi5wFo5iWCtHSXPD3dcv36goD/eNU/FcjtuTSWUtQdrS6sBks
+m9luLlHosaVb8VImmbQpyzLyWBVWg5NnlO+DjWM7pmQbFRGsIuHc9eP8H4TJ+6ci
+P8AiV3GF0zQbYVBT4Uvkk3J8lGSsKYOFYkDIrxaLid66dWEjBvTO/McXTbs0EhqO
+iOLms7t+CH1Y0FWhL5fYOWj5GxjY+ZNPv9L1geVSPydGKw0nCtpASXyeC5RTJ0lC
+DOBEBL727nwXe847qxdt2IcKJPEHiTkyO2+wUxw52Ge/Wbb3iwF3uWJBDZwiMzdL
+3RGAYe1pCL/rh4nJ2abp7iLY5iaqqTlKebSV8KQf8jb0o/oNvNPP9Mpkcis3afIG
+ntlCE/lxCSSxG9VxMmRUZaYIiRP16c3yGCNaBi3DKXTNLXUZ7q+9USq0co5IgpkO
+f9eA+GZPYBkvfxXUgIN396nGpMOxlbkueDjK24oQmdYqynVRslmj0VxYGC53nrzw
+8EO5qdETufndMNCWWB1yy9xxxNjDI8DibSdC2nd/b/U4egRC6OJad7RwpOWy6Kdl
+dPQHosJBaLJLkpCjA8HXgnEcuk3PrdzjL7MiO67QxbW64ZRA1OD7ib8iS60/ijyi
+7kloHMH4WJlf956AKxTENts8dbKaXP5H45yxuc90H0LhZzenSOrgcFIIwGzGZtow
+yjFHY+5O/lXvXOgKSC3UnsdVXVqrw6pvKrnWioodr647xfUYw252KSD1D/xW54wc
+Mi337lAgoExNUJEzXilq/FVYksTvcnzCgIJarut6jqCuGPzTvVPWz6h6bgQv6A7T
+fyUTgdS3WCH5nBhGQ1k/CWySuIsDHuxrQVbYBpBl2u8xLEKxTgOx7q3IZly3FWj/
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17.pem
deleted file mode 100644
index 0c9aa3554b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17.pem
+++ /dev/null
@@ -1,163 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test17
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2
------BEGIN CERTIFICATE-----
-MIICrjCCAhegAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBETjMgc3ViQ0EyMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-fzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYD
-VQQLExBleGNsdWRlZFN1YnRyZWUxMTkwNwYDVQQDEzBJbnZhbGlkIEROIG5hbWVD
-b25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTcwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBANw5GunDquXK+XElcoKtGRzY1ESARSYhxi+qK4BM6L0rxSe5
-tXiajO4Eb379Qv2z7wkn224q4lkLiiry/gmRj27aTjhch3XF5C7E2hIeHz5qGtcu
-uY6vyT4DxweIYibYubyBZC/MCk2YuLtsLiSd5QuyXXmQYZzeyu2SpRax/nXHAgMB
-AAGjazBpMB8GA1UdIwQYMBaAFAtIvihxakgkCjziStQFKuLXHjXvMB0GA1UdDgQW
-BBRFrHYfuo8284F89Fc//hnutkf4KTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAEPuGBhTmRXtD/1JNHgo
-Jj8yfLsXQzG8AENHe1KZs7Kpj45M3p4u0TGUJI2S3MXh3IY8gEf33t9eQbJIY0s4
-AiUXe1G/CjtDeo5ZkfTpZHRd654czJ9oLQ3c2vczwYEeaeLxQXqEFS0xewIz5udq
-AUVVqV79i9BB/BOmAx9qBkiH
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
------BEGIN CERTIFICATE-----
-MIICyzCCAjSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMT
-Gm5hbWVDb25zdHJhaW50cyBETjMgc3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDCH3OWCAvPFZXpNTKMN3DoOML+FK32+icT19l0MQXIXBqoJyw8qF2z
-xcl4ahdLxfSFpf8OF3ttKbzN5fk2/Dxue6beAMs0L1r4VUilJaUhOmTMrlYXB6UI
-QX2nzlu6lZbNrI0VFt8qM2C9CdbG+2ZQuJQQO0BtHXWJC9el4t68/QIDAQABo4G8
-MIG5MB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBQL
-SL4ocWpIJAo84krUBSri1x417zAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wPQYDVR0eAQH/BDMwMaAvMC2k
-KzApMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMwDQYJ
-KoZIhvcNAQEFBQADgYEAV7W8Yarxgw2gPgl0gz1Vz7IdH6ZbzLBpsB0W+gyPTd+R
-toE/N42Efda3DIG5BoxqTj00uc9j2GF5LqBgKaEieenzkv5E6qbTrZ0F/FdX1c17
-DBpRvkchpd4FACNL+FhSq824LEKdBDOx669LmsH664nk6NSPtv04LjUxa+822aw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3
-pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl
-4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi
-LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH
-NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl
-ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn
-4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ
-Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA
-Wofw3VBcFpqgolnA
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22:
-        dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d:
-        c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25:
-        85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a:
-        db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17:
-        6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1:
-        7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b:
-        16:a2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC
-bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd
-F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:0B:48:BE:28:71:6A:48:24:0A:3C:E2:4A:D4:05:2A:E2:D7:1E:35:EF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c0:0c:a7:28:80:0d:2c:71:66:4d:67:82:ec:c7:30:4f:48:29:
-        fe:d4:20:82:f2:5c:e6:ef:24:8b:9f:f2:b8:c5:3b:e0:86:53:
-        f4:b5:fc:67:db:b2:1d:45:77:8a:78:47:eb:63:bb:43:b8:14:
-        c0:05:ff:ca:7b:d5:1f:fa:df:e7:7a:a5:39:e7:00:ed:4a:d9:
-        6d:fd:d1:78:a1:44:f0:71:f4:89:4c:52:d5:ef:99:5c:59:eb:
-        80:c4:5d:ed:48:2b:5a:55:0b:d1:df:4a:a5:49:69:f1:67:a2:
-        aa:ce:9d:99:9b:74:0f:ec:da:60:d9:3e:14:45:a3:6c:5b:47:
-        fa:d0
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBE
-TjMgc3ViQ0EyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBQLSL4ocWpIJAo84krUBSri1x417zAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQDADKcogA0scWZNZ4LsxzBPSCn+1CCC8lzm7ySLn/K4xTvghlP0
-tfxn27IdRXeKeEfrY7tDuBTABf/Ke9Uf+t/neqU55wDtStlt/dF4oUTwcfSJTFLV
-75lcWeuAxF3tSCtaVQvR30qlSWnxZ6Kqzp2Zm3QP7Npg2T4URaNsW0f60A==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17EE.pem
new file mode 100644
index 0000000000..7cf51db10e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest17EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 0A F8 83 93 BF 5D 4F FC 86 5C 8F 47 1B 63 B2 D7 BC F4 A3 A2 
+    friendlyName: Invalid DN nameConstraints Test17 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test17
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIEROMyBzdWJDQTIwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjCBhDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExGTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTExOTA3BgNVBAMTMEludmFs
+aWQgRE4gbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3QxNzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMP9rpCat1D5Io1BWYqPNBT3HkkQ
++k2vKuqHt9zXif0WRtnmGzqUvpy5crHBlToyawqJQAMVPMt5W/gTJrzzV+Bf79+X
+yetrlM3qs5n5eNfIU5D897S1AEfPIkRdjR9kdL1xZYkDZrEBmFHgsRS9TDK+01rt
+aJ2qOKscJI1z1ngZUZscSLwCwznvw44W5AP6WLxX+g0ERBsNRjakWQS6JlWgGvn5
+oq5PYqnrIh7TgtGgjL9jVX+xbz8lg/f5iLwbfTw6SxGMZV+89jrMPHjW+58NMUDy
+2kn5W7B6eUqUOA2Eb+oYKWLujNqYeaoUZa5TUBo2iUV9WnJ4ndiMHwzveOUCAwEA
+AaNrMGkwHwYDVR0jBBgwFoAUzATtaigdft5k6gCIKux1Eb+lLmcwHQYDVR0OBBYE
+FBFLTj7lB0xsW4f9PPb1I2VfHkVqMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBADjr4s6VekQmcVVddOQH
+8wbIQNXHEQINEtlqUQqaCE+wlszME24sKPs3qMNEuVyQVFvwZdpnPXF7/oSxAyMw
+yO/hzSGcJmBEd1VvlabY0IJ/PAy5vq5XuQk0sWbWRAOF4bcgAdn8gH0vCX+6+ajC
+o7znSglF/G0vsEkaqPhaUk7Ookee59hpHSKOOqhp/f82/BFjrF6lo+AJcRKqj3rx
+aMckYizxJ4+pLPEtG7shS5KKZsz8PW6DHDhJpNe733gSKU4wx/Lf9BNBRdlKmnqo
+EmIG/lzkZWwd4kh3/CGOko7qTLcLQy3ARHRQg6z+8qhmtTySJriamAHL/3nIFKCx
+z84=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0A F8 83 93 BF 5D 4F FC 86 5C 8F 47 1B 63 B2 D7 BC F4 A3 A2 
+    friendlyName: Invalid DN nameConstraints Test17 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,076EA454D8F48AD9
+
+znVgT6cIGCKODD69NLk8D1gEFWz5Z73ySLjV0FgXUrhyxphSEAeEcg0VI9bP7qzJ
+LBTpalVSXEaydZM6cHxjD68IYb3C6hnX4D0DHshzq425oK/BUTh8623SLxDTFLA3
+pt8iX21ubhngnFRNseZAZgZLp9xdH63mlW/DwAn0PGgks4mhdjHcJUmkKqsVUavZ
+GSoAjyC/xi1TEE/sasofRr5BvoO3xbn2NnzgO5hPPbZFgZzJ7KCHl/QHm0NH9LBl
+Vmmb0es8oAqL+z3NfcdAJJE7Czz2ItXfl/iZX9bmOv+u+RWPZlHI1PwTnaCCebcS
+Ks+n+9J1CaS1pu1ztvOSJXD5C2zOCpcWTwjTnsLs9y8Vc+MBls5PDWLA4qx9tiqR
+dF3rZBBN+xSWZt0ahbHLkI/F1jMBZtA8OOc0eKs3+kmadSUr/koGvyN51jydWBJx
+VRsku6Frhj6/RSfOEi2nB1wg6D7lryg29+x5/UCj1vZeT31r3J9k6UIZvd0c2D77
+rh9OiIwO2bNb3enSiEd2KfRPCHKK5LuEwq9sECZRYjCYksRt0vmFRflGbR22nvAV
+bBEwxxcGxC+T+XWgDJiIoWq2d/C77PiSAQTVaSE5WHEMFJ0MtxEvw5mAv2g74lIP
+cj/hD0tC27mB94xaLIfcHlQT6CtCHwYSB/7zlVdMBHJbwyjTIAvqIFYwhvLweCGC
+Q0aUKqXwBVaVvZypZkGKnjsUukLeX0ISLkrmMv0r156nTmh2pyY2AaSDJi3jcjbd
+UAnE1wHbuELkOTsyznDgxMiOFGlySEyyzGWSimzrmvCnecQOi8nV0YnfG7S+ITpb
+FBVY9tfP1ExOJT0TJURihJpWmXNKmd1LiJZTa+eXZVaqNKz3pgb81tPFcXZue9rA
+vtyG/fG67CFoJsPorFEO2r5PwbIgxl+S55/oTyc1DUDGF8jGa5CCj7V8OnPH2/fr
+eJ4x4pk/bsjzWIZg5cFHmQEFZZZTjVnsf5uiVGCxKgOImd4maWXZFv2nsG4RXUNf
+IwgJcNXeDxgEUA3RDFyljIRC/qtedSo+dRiPJ2O2yjsnjwg/o56MzjB8EkBIUrH6
+AD6CmUxweF90v1XShplFKa8/Z9suBTmXAvuwZPXLbES4PpLwXANxDGCSbLNaWfyl
+P5Vs9AmwuMbI0QBKjiWrxw4mijFy2Oim5JX8GP9HIYhtFIvYy7JcbBBsI6EZgyCi
+ZVAjdyHg/ECwrPBsRRIRckjYfCCJ02ZiIxYQNec/AMlvJUo6MeKl7Hl7cjyAANDQ
+GXZxilURtg+ITxh+8NtjIrtQDIjxKdyTNq99Bk5UuN0bAu5AklnA8asConrhp+su
+4VcFnYMnlrhwNra6BWna+Mlw79+DF484nMbaIcuDg0vPuzYCVwgJvdV6JOWWXM4b
+nb4cIr2oY6VD+he3ZkFYTArPS0A+aZ0eZphwJJdPy2T1B4Ed5bicBRIq1eEN5JEI
+L+eUyW9HdSf8lso6eMRZ7MWPO7L0KNfXf9yPMwMoATgrOoX/3H3ktIguKQWNiAuT
+ekMbzY4kgpm50T7wsBPBw7K4+1HLIdW0xxj/pGKKXstvNiEigu3BTtUqLSO5ZGGm
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2.pem
deleted file mode 100644
index 04a7eb62a5..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIICqTCCAhKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsT
-EGV4Y2x1ZGVkU3VidHJlZTExODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0
-cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCbvVmVPGFgKGPBqkMhQ8HfwsS10dQ7ark92qOnKM0cmOtqxp7Y+5xK
-fVwtP4znhPQr3rGzj2x81FCIghi3hwSRBg2O6DhpFdTAXAwHnM0QkUb29QTNqRfW
-E4jOPciTY/BonXFJXf+VM61ntdAT4aoVshmiy64p2SBUhRYA/QrYuQIDAQABo2sw
-aTAfBgNVHSMEGDAWgBROLqPn2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU3rps
-AkOOTOy07L8tC4ckaa3lRqMwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCOtc7hRrlpfYG3VtjPhElE0x7R
-VEiASfooTBrkKHNkajTVNgolaJq1+1UqMpIFCe0KBUL+k9YQgsjDbr3m/oL7ml3x
-9iNWxEjBOH8YRaPvArpcb6HMvMVTdbInB7T/ogFDs2bdUBWt4H2KJLoogGJjLBX/
-NkpGvXdFmxasmv0wkw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest20EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest20EE.pem
new file mode 100644
index 0000000000..3635391d3a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest20EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 3B 85 87 B8 28 20 E2 20 BE E0 2F 14 5E 60 AD D7 A5 CC DA A3 
+    friendlyName: Invalid DN nameConstraints Test20 EE
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBCTANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+ME8xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MR8wHQYDVQQDExZuYW1lQ29uc3RyYWludHMgRE4xIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA1ExvqY+GA/Rkxpv9Ks8KcNqtdknXm5idOg9XrvIe
+d8xy9vkyIs8iZbBgoOI9JI2mhabIchnw9ALe+XFtKL64UEWS2dTH8EqhLgkoIfBB
+B8kHZhNaiUxf6kjvOx+/H4TWeTws9iawctciW2FwmmP4G4bZlBP10tZFAspJj/fu
+UWJ4rZn4jks7qHNpUOpZw4z8Q8Xf7cKLLSloCIDIJtyUxpM2bT/fC5w2Q6Z3MmKQ
+BMi38zWscyG7z7zy6ceYyRBlG5xRsgCYUsj5sWVvtHn3uDpJ6XAW27Im3YxqnRuA
+R7fO/i4pNX2RZpkFuJhQ+CveyXXvj0loAbcyDAX8OcbnHQIDAQABo2swaTAfBgNV
+HSMEGDAWgBRBeEJGzU6ogufhOd/3qRbACvzvhjAdBgNVHQ4EFgQUWEq64IDyyEM8
+lrIC90qylY3WwjMwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUD
+AgEwATANBgkqhkiG9w0BAQsFAAOCAQEASvXlo2YzLidKbhlVkkfFsdclc0NAn1yT
+YgVEgLpFixmVilXQqH4lX1cZ/wkFljd90H7VUQacMnqfacLOyJyHLBhxA1kBv+bG
+bERpTDveXwmBgNxs2uMinO+EbCEZbWdSrALyUyLrJUaiqVln/m9gtA3tnLJ6/9lS
+uHcZ8uYHjZC05SQOgCp2GI6yo/nS0Pm4D9Z6Ljh676Zoc+Xqe8mbOPUdCNfnv/xS
+6jIIN7HtRNLUWlrq0RfT7T2oOls0lVX6vE6tunEwh5Nqw+aHLFcQNRJw8nqeoJ3o
++1t4936HAgpU6H9+qejS3qXKnGSalhyEZF4B7YIjMw+QgMq1iy3FDQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3B 85 87 B8 28 20 E2 20 BE E0 2F 14 5E 60 AD D7 A5 CC DA A3 
+    friendlyName: Invalid DN nameConstraints Test20 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3BAB1EB257C75977
+
+RJHzKgebVBCq5Ke0uIHW19JC7LSCkTYhTIdLpy9yRhD3dFndup70fBmZrWu6Sgsw
+FNU22CTI1L4JfftRwry0/xsM48FGHdW9Jo8D++OOeC1Rkzplw/SC7gPpDpE0YP/f
+iedr244vRtUemUI2Zqqh2Np/lzrIl8GWraoRKsCGbGzWe7axPtnrlMaP+/YR3m2D
+cOVmDl3iYwwkMYgDZrO7lHop6fdfCRnU32Aws3ooio/eR2/GUbYJVmkxP9p4Z1Uk
+t6SaBau1R/YnEKYAxJCbiUhStiSonBgvrMkZ7uMGdsMTkGUqAmHgtzsKWq8EKJct
+viHL5AZ2+tGB+feO4HGnT7ANEO5V9+ygYpfvbolGSpB2Ym4E8I1e7henuQtOSTu+
+dmib/dKHovXFtB5AVy3kdeP2cw74/bLScuads1oMR4GKn3VaNzyFbdY4JkQJiK6Z
+rfKYdJkna6Go6bSVHAb7nwvDLcyrFc+5mR6bEz8j25gq/RWm2N22dqRG8bBo85iM
+53KAhOYrYwd5AivXjGtZ2gkHAbZ6ilublmd5/7lNsFQbUatHMa0w7Db/8cFADDfC
+wB42czsmHFBE68jqV4AUvIWssDCPXiGyGsZbpRwxDPkZLg3iXS04LmB03m0+f+L2
+D0DxtBiVuczD4jhnfCYokjL41PWGT1gNaovyd3JcXNUjOit6m8ndZ3hih1B51i67
+gLXxjaj80ZFbNljAUXo58GFinvYM5PlRKTOGN96PZflivJQuy6RK8UY30O40Ir4k
+9RX7MFkaIKDnoprm3hv8KPaAP6QFXuCUNwG0XMdEX2Q5I0LKi+Gu2ADfMnEq9Ka1
+rQSzFt+Wq0AWrisUy48kgAlQeBYkfzE0t6njTO4gJJPnMwSptBhPnFhVHH9mF/Fw
+PQl5kn0sHi9sNucvQ0Oc7k1QuhbZPM2oK6YngEEBC10t5Bu/9mDZnBOqNQIJbUxL
+D8pBk5XiPNal5MQkeTCFqya0vJTXZNIcvsgZTKDEfmx1o+rblG2YSRZ+nKux4nGf
+iPAPYRjymw8+YyAnpbPRcI6pzF+aKY1C20gs2AqWC5dgQkOlcKY+8kFqeXp3Rh7t
+S2uz6p/uCupugKKd+q5DrGsNQB9eO0D5vdZ4Aw4rnLK67MEbJgIaneXzl34xoQ76
+5Lf9ws7jLo0jvhq7HztTyKTvHUJXG+8aOb6Zg/S1LK2LtlGly+h81FECtNmXR7LL
+t0F84jkQeMrIcEtmg0QYoJ4fTAvukwhdeRfggYgEO3EXl+CIDWMSXVcn0++/SFCO
+QXufLmU2ISwZGc53oRvC/eiDQmT46AygqJCV5fMoDwa5o7X4uYXh9+H9Ayxa9Zmu
+VT/59nvNhU5oNI1owaLgsDAywLm6l0vaRbQQVpHYxwH8D49uXXJu3Ad+cz1NcSlr
+/L3qrGJ+42FNaMrT8NfrC9MjjAOgGA/yHAs3C9KdJq3SVB9Ff9r7lFujJGHVIItd
+sO5nhzgGXwjDL5E/3CTuqm2eTiLm0xxeXX5aK2KwQ7dR7NXcriQgNSQv09jgWlqa
+KAopv//ImlmYGdOrb2UN6+ICTti1hhf6iXEJmAI9YLwEBvuqT66VPw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2EE.pem
new file mode 100644
index 0000000000..60e47e3724
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: DB 51 E4 D1 79 AE CD 38 A2 4C 2A CC 70 48 05 19 03 13 80 04 
+    friendlyName: Invalid DN nameConstraints Test2 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGDMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMTE4MDYGA1UEAxMvSW52YWxpZCBE
+TiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEhHHtIQeSm0sk2SFRU1s6R4tZgm0tafsm
+dRRDgwig7Ne2fUawQFelK+hr+kMzQJMCb+ogMkzZfPtgOjDnhH7Z2964MaZPHzpf
+JlxY4aM6A91wZ4WopRp24jyeMmKlH/CO19LqjOc+UBuhtGUHKk4ZFdPac3PMXIXj
+x9ogd57ttbYdjIk9Ix+X+o/tPnrL1Lp4RSjhkPs4VnsOkm90rgxEwNZTyCTgNVkc
+qhJE/0eXgBIV7ZXc59uS1TDVImybZa8NY79ClvJ0Lhl6mvtPnoUvOgOZh+SQu0nh
+OOuy8hzmhqNLqTYkTDzjtVzOHW4wKZ1qfwVjcmXq0fCR7uyHdup7AgMBAAGjazBp
+MB8GA1UdIwQYMBaAFEF4QkbNTqiC5+E53/epFsAK/O+GMB0GA1UdDgQWBBT8c/+k
+4lqB9ybLskI79g0ctafZ1TAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBW6ljxbVxaa654QlFBrLWa3bDc
+FfC1lnbmE0Ya1pzkcIbsD+ayZ0JcKcuLPUjWp36m7BpuIrmEpndmc1O0cEQyqveH
+R9vfSDxd3/R6jVMQbFfa10HVNDmlKrjYyIq+FQla0qv3qn3W2icJWRds031t92+6
+gb+fLBd3YMXEtEH7+VCQNyfVZo+9F2xoUTxKWSr52jsxsMaIdRXjZUIZBI8pZI21
+QcYSdNPk4TxvHgbQijY8+n9y8qV0aPUckZOjo00KczVPtytT9v5tzvNk3JubXJ9W
+hh+9WSe9uJT92xu6e3aAt1WVhCx0XIdg49GK0hFQs50dTT1mLAoi6aGEd8+R
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DB 51 E4 D1 79 AE CD 38 A2 4C 2A CC 70 48 05 19 03 13 80 04 
+    friendlyName: Invalid DN nameConstraints Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3A5D187640629E66
+
+R+I5lkrhsMjEbdFbvxmcljp5A0rL8EcZXNyXp1qZtrvNK2wLbKwGuYJfVhLnsKMJ
+y5Iloj/U8UHGe5GhUbxdE3iCmUu3UXheHTyU+IGWQvnH2F6KZm8dopYWMAqZAJfj
+PHJyz8Clv4c03i681QCQ7LBHSa7voWOEHp/9oeheeZFWeGrIR/sUJ9cfSxIBeeDR
+fkNwDsEzWmGtMhT+LAN5A/cA031ILesY3mdDY+ILePSAy5/+x1dcuU8vbebjgvSk
+qx2iXR++ygK6or8UWYP3Cf+xyAloCm5eKmLwQUMZ+IwrR66pXPdCEKEbrMw5p9Qx
+ZrCctSzIH1Aw+Gmy8gTSUCNdx85vRCa8Tn7joj2BK53YzMGtKGzA8BzsV8L3erKY
+oRT3fji5cT4dJRTvxROWU1GOwW/r2lYOYggg+uNjEo6OwWydX06X29rC3fymnkuL
+hsVNOPxDc2ie6rcDyGqHjDpmiYOEppQd23utZKIHQyPhag6rTC3V7AgPCjL92c19
+BT15n6Wa8VXXos6PBIQHWZb4dUj1B9XwTQtLoZZv/RVnUjEMo+NNCpUwvK+5ke0V
+9/xtiFNnKedcbaMVNku9XlmSaKjX+fsmT+wulA65Osc+ZEobJ/EXC4AVChRsMl9v
+ujiG1z+Vo/UKEmIf4/8PXVZMFSLNLEaUAO9wiJeDpeGAvfAT3ScIH70nTyR4q3qf
+4DRXq404NTy8AzCy36PufW944a5+3FP+q3afLuuzWVvytQun6byFZOE6fo7zcOn3
+mEnbG42n9f+3SyS1ND8yVwAR0VoqRcmk5QtacUE1tPrX5pvVyphIZaKsadmf9fsC
+X+TJ1jgkGDCY0RxGhR9uGiPNYPjNBg48o7/w1LSYiOQ6LHwf3PBYHe56E2MSOOeh
+bvpu7eN35J8uwswfXOZxefmEQ3COUGAZnMcHn/q46cyLpEqlf1s7tPyAjIAV2yvi
+9ETgUD+KCpcQSn5qednbVPStEgljRTTM4pR+PFNhNGNgqntuY8HMWzHFjsO2uafF
+0mhn8ytDbziAc6IvNo7xbkTOzjY+CcuirfN7FsRcyxs0qvwQTWcB4yj+c7Wg0W7S
+O8qZ0siZajvOXAgMNHNnYZFG7YiVl/IwMXWTQD2pk6Ff2PEw6pD1c+w4hPO51z5W
+7kUXuwb1tlcmSeYz1PDu1ozcbhJOpSuECq5E1ezX4HrNIbpysTrVlzx3cnSVyhhW
+0AJ7dvVH0NuRBSLhfKlr45K5uVTW/Y1zX5GPte6fauqj2JFvG9NNOeUYoK78HBk+
+dvrrrKpoLHsCiRPL5OJPRRb510+b6lZK7YLW5uIF0PvH3duS5v2m54jcB9HUBr4+
+z8Z2czuSirHRjH7gXp4OTfURUkCI9HMRz1neYw9G+SxwhJWOYoD8iOzEuqmAbLOE
++ErjtU9vz7So8VsvhDSmZy5cyY+pmg1HGAqZvUllR8ZEFPMXk5c53I7NEoHURO1k
+KQAPj3uIv8ONuReC/2/HLH/0qtaLmVdJNuRVqI9fX1X30Z2RmcvKio4GpZYzNddr
+MvwSluhTd8Ir/2KJJ/uQ6mgFSrTvtU/iWJAyft0DOIJMrcziBTDVpg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3.pem
deleted file mode 100644
index 7c2b410b91..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3.pem
+++ /dev/null
@@ -1,114 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIDPTCCAqagAwIBAgIBAzANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB/MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMTgwNgYDVQQDEy9JbnZhbGlkIEROIG5hbWVDb25z
-dHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAyUV/VUccWeiLd97UNg9PsfI5JBKyMkLviLCMbEGIggBG9W+5DKyu
-loDjDpVTzzz4pO4/LQqcZgxP61RsM9sdvJTyxHWpU8fEb3CFFPX47WEEdzFEjvay
-iqEorgwgt0OuiDc6ygpjvje94MD9/tn2oXGXiZXf225UPJOAg/4G2CECAwEAAaOB
-/TCB+jAfBgNVHSMEGDAWgBROLqPn2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU
-XNZp2F2DSh5YkgNExED/5j5eRE4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
-DAYKYIZIAWUDAgEwATCBjgYDVR0RBIGGMIGDpIGAMH4xCzAJBgNVBAYTAlVTMRow
-GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0
-cmVlMTE4MDYGA1UEAxMvSW52YWxpZCBETiBuYW1lQ29uc3RyYWludHMgRUUgQ2Vy
-dGlmaWNhdGUgVGVzdDMwDQYJKoZIhvcNAQEFBQADgYEAF0YtbEJ7UriPhjA5X7Ms
-bjlEt6/l18J5LUKX6SdvzojVZW6wSnfiinjESVIMS7+nvplPU1D5y6BBzB2jCHZx
-uxC/Db9r8CeNek1COMl9nvav4pyuA1e+INl/it59qgfHMZ/pBdsYkYKI3B31oinp
-TSHj4AKIIi1y358PHk3BZWw=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3EE.pem
new file mode 100644
index 0000000000..bbb2dabaed
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest3EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 8F 46 F1 9C B9 73 85 3F E8 0D 08 C5 23 3E 06 4A 97 E9 29 90 
+    friendlyName: Invalid DN nameConstraints Test3 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIEVTCCAz2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGEMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExODA2BgNVBAMTL0ludmFsaWQg
+RE4gbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3QzMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQ+BCdHFQbNq1Bp0GEuyOvaYS2gc2xwp
+YD7153M9L0wHxwNCAnjTjFdAc5e2SLlaCI8Bb3ZbGl8yTKyXaJ25CceHxpyzNWW+
+elq9FJDZjGpxZ5hbiYnhdkS9RVwgkDbVXwv4QfU2blSlQy1vyAH8gfy4mF5XJqfh
+58o+tcECrOZcD+116VHrK4HIMsp+FBGowH6VNhuyOOp3FaXII0NLLUVjBsjGwbkj
+3gFoTq5dPnTuFkr5Q3RQw55A9vcJkmzxHbZko1UiywiVIbcXHneqWrKgyJCp00sb
+w3gEc1Gk8jpKtluNsj3ogmnRrG27SKjcpVhZi+KLzOkAEOvBAVU2/wIDAQABo4IB
+BDCCAQAwHwYDVR0jBBgwFoAUQXhCRs1OqILn4Tnf96kWwAr874YwHQYDVR0OBBYE
+FDipyuJ4S5MA+1KCLlTd2a5ByjG0MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwgZQGA1UdEQSBjDCBiaSBhjCBgzELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGTAXBgNVBAsTEGV4Y2x1
+ZGVkU3VidHJlZTExODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0cmFpbnRz
+IEVFIENlcnRpZmljYXRlIFRlc3QzMA0GCSqGSIb3DQEBCwUAA4IBAQAbvjL5yhOt
+fWiiB5PSQ+FM3M39S/xDOI5uMQpo0Z/KMs/ENKT5SVqKeOGuNOItovk0pNpBfrOr
+8jHuo4KuZbWiVUFSrUeB7gX6lJHXoM+Vqa602UHkrxKeZVQGEQ899RTysUH/zW5e
+RIRTbU4GVuYYyFl6PXp5Ve7Fb5grC6moak+bzuF0eN/GTrp1o7l036LHSdAbi2qz
+Blg5KbihSptmhELFjnC2lZyD6eyYvpcBeW0qUjH+PqQzqdOnrxpfy2aH0qGWceMa
+y7RE3OZklQsUbF06hrhuviBgkz988Ih/fVXtANKOIrdsEZXx2UoHOGILDpZxa+WG
+Fov/1Hl0j699
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8F 46 F1 9C B9 73 85 3F E8 0D 08 C5 23 3E 06 4A 97 E9 29 90 
+    friendlyName: Invalid DN nameConstraints Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C504397326E13FA8
+
+JVQONDk8Fa+egVOWef6gv8NQR9V+3X5PzOPmNMWb3WIipTeXloazJEki4ei8DaPb
+CA2TkayTEfIm5jN072iS2aUQtSaQvwX6uh8xm6mEmPz+zcyeolxhMfTsIz8n1kVP
+a0FRWb7u75H953g/ojaR1JhiYXzo9RkjbQHnCu2iwt2lpE2aZ8nf1ngJx2p0hcSl
+xWZmWU7DFF1AQIK2oHCjd/iWQr/yEi+Btlr60Z8dVRiRHxVj+UHhmn2+mB2JzL0f
+CFwP2xOQ6z0ksg+GzvVu0CvM0NQn2/SrmlvfiGkoFbCzX3b/I/6raiS7hYR+G9Ju
+X4NK/2jOsFRX5itDjCn1SADuKz1hP4sy6B97psrvDr8aYvDw+nN4Z17mOI2zrvF6
+sP3OOTMnFuWfY9fs23qCnyZ0mmLfZrw3vKxQPH/oBlGDbtM+tRG7jUOdU/NP6XMG
+7mYRU31GKHHsQXYBWSLMRyEBtsnP/fbzU/krPk56v1EdZoEgXt5TeBIt+C5XQpe/
++8eZvxJp2VDkYjE1OTi9CGf4A5aobWy/OnjMMXLzm+R1O0Vc7Tn8rObEDgoEYNl8
+7DfH2ESGEWLbdrto7WmyI6oEPyqRcsxGSIgb7oKLKEcu1dqfmyNxrgRcUUB6t3XF
+1becWs93DrU2p1MIaqJ/rCOE/VavhLXsY1siAFS+04+Fpb0eKgCiffHjAVGa3pgB
+47urVqUo1ztDKZgX2mbrTrPfhfd3nockXoNq/+BJvNsMEXrwwn0SRrMAy4MGhU6Y
+vwlUbnEi2GIXjauvGEF3L1xLtL4m7IuhBuLld+bzo9tqcohdgKpnQttuOP2uz81r
+uphiyTcP5kvEdcY4qNx4C3N/VvryYzyrNK8VwiA790jTYJ4Vvquv9j13NAYYNkv+
+Bu6vkw0js6KZeKKsevMMfS/OR5HboXJjB4yiBpPRtt3jPIikXxfZpokAbfqKReeu
+4StZjZS6KrgRnVCUom7dhVU+N9+KByEk1kNna2dh+tt+bd4RNI6H0ZDb7nnW6yjc
+0rV45zcNH+Hwfn+H7+1wg2ayd8mF/DarKXANKGYXQ6BPa1n8oc39so6vsMO87CtK
+5n8UwiIgKpteEAEy/ktysgi3Hi8ieLJaTylOwZBec/rW8l91AqNzXQYas1xYQU2s
+nbuaLK8n6tgHQPDtq69KCRm2Ds2Mibxoa44uTSWFaWGVDCQT8HwmPdmQLe5xcD/0
+y5uHHsnMrUmw7uGh/BgcKI1D8jCKs8ehVAZNKcXLE5aYzVfKXFVps7L0BmFs3M6H
+6yH6Z6Xmn2oHH7aeuAjqPN+0KCFiDpi5+3yRovgvi0qUXI/h2qvKTLemmOO32Ld+
+x+itnJY6vLRt3q6RE/iLGvCPJTtd5DNyvsHFoaxGZp4arOzlAZfkbKNC5SFu0ijJ
+4LXOkaPYGR8p/2eroUtGqg02tUFz0f3jXOk8d5NTNoiqDawgXJ3E6yTGvJH9Km5e
+eH8WFD8g7OWvwSvcQVQ35hqnoDvpFptf79AZ2qymQAD3rghvmAA/nslcrHzEXk9x
+zVJXK/0I6gQhy1VV2pR0wBHO/XD2mAHrVATuEB+Z3bxQcgL3rP/pGXqui99BNKOS
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7.pem
deleted file mode 100644
index 66b10244d4..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
------BEGIN CERTIFICATE-----
-MIICqTCCAhKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsT
-EGV4Y2x1ZGVkU3VidHJlZTExODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0
-cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Q3MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCTL1HBt+N66tLKmFW98QfimYn+8h4asDqh1Q919/M7TSNyoUAS9y3U
-ZCRVwviSwB78P1HReztqDDX7dkKHazvtXY28fVhPwv1lCxj8sh+U3QoprauZoukz
-wx6J56XR40wEckL6qf6l2qNeVTuPEQW21ZRBgPEKIqikZYLjl1c/jQIDAQABo2sw
-aTAfBgNVHSMEGDAWgBSL47hYVp8Dat892Ac7swc24cu2yjAdBgNVHQ4EFgQU8nNR
-dG/7HQqs2Y/HH+yF2vQ6QYUwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQA4Lj7z67AHCPqJNPK30vJT6DzO
-BIMzF5uXn1uLFPibVYwzith0bxt+lS6X+XY0D8JVcCoGvQXIajaOz6SQW1Rjl9d4
-/ZtQK/Fa4aWO/SNJ/mUev7+CaFuSpzVNwU6TyY8mBs3THbFis9zVbllRK8ejAkZz
-CrLUsdP7tsReU49LLA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3
-pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl
-4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi
-LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH
-NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl
-ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn
-4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ
-Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA
-Wofw3VBcFpqgolnA
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22:
-        dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d:
-        c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25:
-        85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a:
-        db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17:
-        6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1:
-        7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b:
-        16:a2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC
-bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd
-F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7EE.pem
new file mode 100644
index 0000000000..57dea771a7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D7 12 98 EE 93 96 EE E1 85 90 C8 0F 4E 99 FF 95 78 10 1A 4A 
+    friendlyName: Invalid DN nameConstraints Test7 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 CA
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGDMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMTE4MDYGA1UEAxMvSW52YWxpZCBE
+TiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDcwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeg0Q4UuYbfP+YbFOzQ9YSaIj6bLj1XqVJ
+wNegsJlRNNFOlEqGjLx2s7WKQQz+GhTXN49e09Dnsf8V1uYS02UlaSMM5NKF5mJ/
+xq7eOAbq+yzYMjl9GsL8HQghiy9E6igRDOIrvfYDIJydWGMAyMO2AjW0MGJHzvFl
+F/kV3c9b9goVmWSvxCzHuv2aTyaPPzXQQpY5ZNkquU12xRiujJzCdiXU7csjySJA
+1FHHI3n8oE/+fi/LMnPdBO+rpaLfr/IA5XKUeJUHb3WEXJ3iwi+mMoZrn9doiUvb
+gnWUsKmPSoQ85RL0HWVSU/Qw7vItixSHKcKrXCSanL7A4jRWrI9VAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFAbcW77HEjdZpIpAdHwJnUU8SqHbMB0GA1UdDgQWBBSFsJW4
+SPk0c+uYjBzxBnzjY03dtTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAihLqlYMuqWs3P74TsKop+Ilgy
+d+zng8ltbEFodH7lYIIdbghsS4nHHmYIApf8Fd++zpf2Vg5NY1Celolriqb8v6nb
+VeygO1Mhtwq/yKUCAU2DgSpj3KkbcP4gaS8PwHtSTNzus/soD8jaRd1y3/37QGMl
+LxatbtPI3+nHsaVPqwQJfeeyQAnOXGyB2t11LD171aS2uoRkGp+9ZwX1lhXEGV2D
+oNnwQ9NzO1JJUWYtnDl0Q9xbWzT2AZ2FXQr4uVBnkdtTOPvpH88gNpRt8y5WIkjd
+0pQDFt+EyePgBAKk2HXPImtseHPPH3z+ZRoRUGet4iESVIFVekv5/olJrfeL
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D7 12 98 EE 93 96 EE E1 85 90 C8 0F 4E 99 FF 95 78 10 1A 4A 
+    friendlyName: Invalid DN nameConstraints Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B45FD083D1103F77
+
+SBwOS6JkHV4xazjf3hMz+pQIdJABaX+JxoOLhDp77GtVbTXTL7gVYK7JDAU2dSAv
+MUCI2V0EL+3lsu9afJcTqYMBa6dWAUXA+HQ+4ztQ7oqeHuHvYuAKIm+ks1QF+YdV
+CrYjmto1LN+UDt7HA0tFf0LEGC9Axdlc0hxf/EhX1UV7BiIs/AFL8dI2TEMzHBSL
+Ugx+7HxpZ86mJYwfqyV57lWFIlZHDZ0w221wcb9tZj0jPhfZQ6iWsiFB9uk8CA+M
+z7vFpCHc1+/m4G+gAX0R+diYA9rSVjSS3068O3kkW31aSQGwTlM3u/Fnr5ouRfSj
+JoQEhCSGY+Axo2lJi1jRdZ86Uc4Fy5k/ou/Na7YAuZRvFe88BgMonjrEaD8hZOaq
+F5sZFKfLfLInQ7mHj6RPR9lwYdh0MsoHKhJztSkVnCpkRJFwAgZavPQ2AiYE/Fiy
+WPOwQPszKyjSFCTWQxCefiOCj6RCkcW0y/2xvy+nvSGtD8Lbt42uz/8wErpnKnIC
+50LT5t8bwC2O2pcjnZ3wdaOXT4PVdUu/rc4UgetzkkLxBfpNyHSpjyamVIY3S95e
+dnmVEJ9P0Ga/rNxIHK9l/BNLouMf8n6f6DJTn/fFbWeUYByp/WZUi5MUngg9qfop
+Zw371/PhyhhpQghj3SJEmfLZZlZfVBYIlFUT5xQyNP3L840HTog+11LW+uFabsFf
+VqlWUDHGKJN/cVOMYiijTrtNF8kpemqXS7Y7eS7mvbW8U6nyHGqQXrji1pQo1O0W
+d1bfNY4jlPR9pIgP++TG1IqCeu4GFMo6BZMi0Exir+0Ag8VB0zcjKgXWZMzXOWYN
+aYZgI1bEkAAPC6HJ0UOwQ1BBT0SxiQyeyZSRyvO+rYNZPzHvrxB8ChM6QyDJD4Se
+DfnWcBwUeC37oKuqsk3abkWiF615/KnuEFF6AcR5sbiIq+STRZmCvS+GXqksR1Qd
++gdBaKBqhlbNrciNQXsFqX1Z4JYG0zRM/MC3tTEhq7xpU1rOVdCzyT0yd67chK8b
+G58ZXl+PckkWe8IC/06NWECsjtVAR8pqBnQmNfVIVCS1U9dHQ8L6j84n3/qF3fpN
+++OG8Wqmql/ZB9/X4yk1XWEnb7vI0chnDQBJPg/0sdLM3hzVwZ7xH9WC4CX/5URL
+NUlMazP5zFS49lUyY07kps+P6/jJdl6rqMQNDJ2BliBSUe6JXsgZ7fcLTehJ6ltJ
+bOrnelOfh9HyrGEgynGweEG2/ouCh+8k7L/Wfada8ad2G7MpSTrWF+IGvBSSlR/X
+pFv2Jc1W6LjjrrC0MTD1yojnykfN3jgU/9CVGnKFLdCc3WX7MeLki+aIJndlq6iF
+Co7/rN0aZsuNPpQQ+XXF5Zacn2iPgoAaLzrRCaG4wIG6sliuZIinMobi1aLruZOM
+JZFR7EQp8LZMkVxeNtdYWfk16NaASUJt+oeFRZW3sBs3WRZxuCErZzI7fBReCtGr
+mjrg2XXW0sEJy91PyPoN1EtxGvTTnibB1SivT+/o7ainX4BFXEd41uxWoRL7h+DM
+FIDNy7O4xM9N87c2WaUbA8ErtTghYapiEkfb74jQY1xd+2YEnB4Zmk0WttWKEnnV
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8.pem
deleted file mode 100644
index de2503fe99..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8.pem
+++ /dev/null
@@ -1,112 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN4 CA
------BEGIN CERTIFICATE-----
-MIICqTCCAhKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjQgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsT
-EGV4Y2x1ZGVkU3VidHJlZTExODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0
-cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Q4MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDRLWTNLHouiD2wN3hJ0jdnrj4fTjlz2+99l/B+6xTOCtwBUJpACTye
-HIN9D2KKM0Qmh9stFmyS37OoOs2WPy4d6zXJI09x3ENRMHVD4XL8zIYvdc554XCO
-r6r5F4NDD9PXfx7zbY5zIa8xvuuRodLcz7HjxXCATmiy/Ylbq/tAvQIDAQABo2sw
-aTAfBgNVHSMEGDAWgBQzKeiMgEymrSeDjSUCZ8XltnYEzDAdBgNVHQ4EFgQU2i3L
-WI4ETNSzaANnEBgojWiA0sowDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCF1bG1gRn+77BAUXRG0YGUPMgR
-9DHNB3htuZ16XVRT2TqgE6hFiTROTrYgQekzo37hAKapBXUk09KjbIEZZWimwkzo
-lsh96Mt3Mri/s1KHNnRsPWR7Z9noTDZW2doxIx9IdZnbpceQ/z+E9xHaEZZX2QTU
-oFgdRZWQ6koAHlJt+A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN4 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDKDCCApGgAwIBAgIBQTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIERONCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy/f6yuk+
-9T8iA8JCNC3qD0GOvAIXRNgKM4QLcAsVsDZkgrXmmyKyX3e+W5lgLeuzzgLxM9Fc
-Pm1NCRAX+AleMx8MI9Vyii9xcNT3KY90roWbXvSiixffCQyKwgjcNazm4nMgcKcY
-GCrTnvtjwDq4r0ov0chfZ4FYvOdxRXKJIscCAwEAAaOCASYwggEiMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQzKeiMgEymrSeDjSUC
-Z8XltnYEzDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wgaUGA1UdHgEB/wSBmjCBl6GBlDBIpEYwRDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBl
-eGNsdWRlZFN1YnRyZWUxMEikRjBEMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVz
-dCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZI
-hvcNAQEFBQADgYEABIMFw3c0vt6dsO0Lzu4cyBPZB6GobaJ9EVCLCKcuwdvmyMgo
-YamK8D4AEsT88YhCFji3zELvEeg4P8QsRhtIsr0nto5r+CV02degP3F2XAPQr8gw
-qBP/8ejUC0UPnOz3QlkiM4mZ3mN3A3KJPCmPmtRIVst622/8nt4HWGLYi38=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN4 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:33:29:E8:8C:80:4C:A6:AD:27:83:8D:25:02:67:C5:E5:B6:76:04:CC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        7d:57:1e:3d:c5:08:85:5b:0a:d1:cb:66:61:ba:9c:ad:1e:d1:
-        7c:28:1c:08:2f:2e:52:53:18:63:ac:0f:c1:fd:30:d2:f1:90:
-        bd:fa:89:97:c4:2f:73:a9:c7:36:bf:5d:e6:2a:21:f2:d9:81:
-        ae:f3:47:05:14:8c:ec:fc:80:c9:c5:3d:37:cb:5a:e5:8c:56:
-        d7:be:e7:ed:8f:f7:21:0f:d6:6c:e3:f8:cd:dc:c6:bd:70:90:
-        b6:30:bd:d1:76:47:62:33:02:ba:bf:97:41:a1:cf:62:12:21:
-        4c:1f:d0:49:a8:b7:50:f9:a3:63:40:5e:f9:0b:5b:ac:de:7e:
-        f4:27
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjQgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFDMp6IyATKatJ4ONJQJnxeW2dgTMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAH1XHj3FCIVbCtHLZmG6nK0e0XwoHAgvLlJTGGOsD8H9MNLxkL36iZfE
-L3Opxza/XeYqIfLZga7zRwUUjOz8gMnFPTfLWuWMVte+5+2P9yEP1mzj+M3cxr1w
-kLYwvdF2R2IzArq/l0Ghz2ISIUwf0Emot1D5o2NAXvkLW6zefvQn
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8EE.pem
new file mode 100644
index 0000000000..1e804be846
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B0 F4 81 5A CD C5 8B 61 B1 98 71 20 81 CB B9 D4 74 B9 44 6A 
+    friendlyName: Invalid DN nameConstraints Test8 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree1/CN=Invalid DN nameConstraints EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN4 CA
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIERONCBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGDMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMTE4MDYGA1UEAxMvSW52YWxpZCBE
+TiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDgwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDd8E++Do+azS0Y/46cd+mli2KpLKET6z1f
+h6a2XTdv41TEtc0FJwgrEUxzzPX9gbx/NVNU0lHpVs9xoZ3/g8k4sC3/tSB5Ud8o
+dNy5yjOzrkCqMmf3dwxQ5bmf/8pQUsN4qch/nCnnLH6LllR8S6ZlO7HD2+jqS7jS
+FnGm/ExZs1fvBz647RQi1RxojTdd8ek18y2xMMf5c+0BqNBjuuSQ2l7iWCSPsT9n
+UVrvwhJopi5irEti0QP/bUcax7okraeFT0RnJTGrrxIREx+/bvTJ8jc4yFAsmuu5
+KsMzROuEPWz6tPjXHJItIAy9hhtIjHOE5tkfFwfBQI6KJpwi0RzXAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFGxJNq0uWIkSNlFBO1RSJiQA08p1MB0GA1UdDgQWBBQdy6zN
+eXfT6urnrougyDWvP3JkPDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAmvLMakt11xX2Nh0adOhzCqqB2
+Ea9gZ1LAusrw87JblOzSrHUGrwR3cL/yTAdyNhuudqJQTe4aobU+7DorluFEF29v
+hvwtIEHAhw+WRmX/pNZ9txamcYTfH4Pi/HHaSxG0nFNNT4LWTr0ACO61wkIH8FhZ
+Y+K6iHx7+e1vvGfuUFimKyH6lW2Ia59LCo3E02OUEv7r/d8z4oc2sH7wYZ1fFlOF
+RHzcE/rMmO+3t41Ejwg8WXCrojdeYpWxXjA/kL7dOQoYs4E0fffiousFtMkAi57V
+daf/BhKsPsr6vCIucSZVcoFXqVTXhRdKR9bqcczLjG8um0VXD+GcABkC/5Rs
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B0 F4 81 5A CD C5 8B 61 B1 98 71 20 81 CB B9 D4 74 B9 44 6A 
+    friendlyName: Invalid DN nameConstraints Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D0469F3B107F0E0E
+
+uKVaM0Ffc6kK79EkfZBuI/L2JuyQphClPbrmZNq9puVY+VLlVLwjEq3S/JK7clhg
+ofOl5OJbVF0vWrqDW2hR/vbMplgtn9CJ/u8A0UJG4mHln+0EclUqZQlAg2MI2FCV
+3uEe6Z6Z2VD6R8QwNEMkC4bBLcX/kwvIKxUi4lRB5bPzWiHvEGjN70b1FEO1Ewy+
+CNEMJ82REYzZ1ddH+N6KfTYtZxT87Jv/4YjcRVK5vKdlMnEmuMWW4EQM8l/Ey0lx
+DL6tjTfjcQ/idf2lO+tPrYEWYKGQLwotsF8iHgcW3umgMPA9CbeId3em7Aa9Fuzy
+tGp6DUMGWdmeVFL6bipNXYNgwia/wSKZcLcldWzSzcMdWDm64rP7UF8bDi2UWSBb
+jGvLzmTlVORMHhkqF6qzDbZWJjN0HCpoOClux8H9hoEY3n/WGsyzZaMAzoemHMMt
+3adetPrQYXUt0qGeJzf8IZrgds3TQhjakzDhPoi0Vjf1MY/+THp5z5A5zWJrcL07
+0eZOdNt1ahys94lHeILgh3eeqHCPP+q5hcmDbuxSRzeEnu7wjtPACuExYYTpNnfW
+1aHtGicw29jQcucPJlh1V9Dq4rVJVtVnr+AtNyPvq3FxIQ5rzniPHvAoZgzB7pmj
+oE/TNR2Pf6LIbc5JoiuAuH+2wMynDqZbD6X8QbYOxZazu0FX6JkdsVk7luH+B7Wz
+fZsXijSC/Kb5VOoQddJ+4pLXBForVWgwfULvFyF0sXN7cwxfTIC93N3q7jfWfd/q
+dsizeO2v/qbcXL6PTCGxPBtXQu5oTeur31/xeXeYPMXp2QMAjgFJN03au3W48NCi
+vxjrTVkxHaK550B7i5KfYNrvCtqYBctZNaCcRVwTsbfyxKfLzW5n9jDp47ataDn+
+bxu/hjgJNaZ/eJl36bJXXMK+WsF50lMhtNztD32pCwCBC/wjHWQc67ughlhExuFM
+hOZTOZd8B9OTAQZcPf8g/aoXrd3rxHY/TsHgGQsTPUJPPkEnvXnwy70vn/6ORb0o
+K6ftAMAYwZ7epmnNs7o3eMgjyEA6FegUQBuSr6upvM1+xBHQ6dWnYJfRJYY8j06+
+Cffd0k7yd3700KSeFMHNyaXkzIs5ixyZ8Ambb6LsnLQta40HcT4hBG6fjCQMKBLn
+K2AKHxcwIOp/GZ7u6lrjamuZ6v8LHF3vNaS+lvMUkWTLXt2t8cw4ddG5qPzXhavL
+a1eBeOv03QuFXgTLo6xNDFlZYBReHCnPomU72UiM6F/Adl+FL5BtSd6lda5YYAxU
+QS77VUc4M+YjZCmfkisch1fQ/byksgP/e/dhNJAXg6nywNemjUOfk3CW7NZK+0SI
+nyghbuwcc94aOOcjdh7k+DtUQxOeAEXta7Jb/FQJnnvdqtsd7oCiadCnU6oP+DVv
+wxfE7dA7ghqaND6SG0RfM2ve9h+Odquq9Xo64xOyByHL7Vl+CiWz3SUOM4i8qZol
+eHIQe3FybwC5VLZJVTWBRPo4r3WMVaRlMtcFR7Z+M77KOoUfCMsv547hSXWbQVHl
+eOoaJIlqZkYDbYvtO2VZuD9A+S1ItU8eWDzBJXx8Csh/uNEAs/+hfA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9.pem
deleted file mode 100644
index 450c232004..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9.pem
+++ /dev/null
@@ -1,112 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=excludedSubtree2/CN=Invalid DN nameConstraints EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN4 CA
------BEGIN CERTIFICATE-----
-MIICqTCCAhKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjQgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsT
-EGV4Y2x1ZGVkU3VidHJlZTIxODA2BgNVBAMTL0ludmFsaWQgRE4gbmFtZUNvbnN0
-cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Q5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCh34/kUYUgkdgErLgpO39ywlNRcYoZme/9B+Qf6xXvtvQsMVSTRlYj
-SSl7WicS1s0i8wU0jrejAaH4wKVmEKpUXvDAnMWqnRTgL7EN4ni4vaorV9S5/6+A
-qXnmW+4GGg76TP9cj+SQ31mg5DHaHMGc5WeGygDJ0iaYXHqtUczkQwIDAQABo2sw
-aTAfBgNVHSMEGDAWgBQzKeiMgEymrSeDjSUCZ8XltnYEzDAdBgNVHQ4EFgQUWfRX
-bghjCb+4MfpDq1DFnXXWtZkwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQBqpi8ums5mTqAUxfvjuqAIdAzU
-vDfiJ9uAvSRyTLckdIKvbvqgn1xK4LFKEHh98dWr48RosYc8wkofI0wHpwYrhYcP
-y2kgyqtaTrdeSgbBcBibusuagwpz9o25LUTRTMVg9sq+1yJJYlGHGV9LuTnn/ZcP
-vCtQwWgLy74cJC0WvQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN4 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDKDCCApGgAwIBAgIBQTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIERONCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy/f6yuk+
-9T8iA8JCNC3qD0GOvAIXRNgKM4QLcAsVsDZkgrXmmyKyX3e+W5lgLeuzzgLxM9Fc
-Pm1NCRAX+AleMx8MI9Vyii9xcNT3KY90roWbXvSiixffCQyKwgjcNazm4nMgcKcY
-GCrTnvtjwDq4r0ov0chfZ4FYvOdxRXKJIscCAwEAAaOCASYwggEiMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQzKeiMgEymrSeDjSUC
-Z8XltnYEzDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wgaUGA1UdHgEB/wSBmjCBl6GBlDBIpEYwRDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBl
-eGNsdWRlZFN1YnRyZWUxMEikRjBEMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVz
-dCBDZXJ0aWZpY2F0ZXMxGTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZI
-hvcNAQEFBQADgYEABIMFw3c0vt6dsO0Lzu4cyBPZB6GobaJ9EVCLCKcuwdvmyMgo
-YamK8D4AEsT88YhCFji3zELvEeg4P8QsRhtIsr0nto5r+CV02degP3F2XAPQr8gw
-qBP/8ejUC0UPnOz3QlkiM4mZ3mN3A3KJPCmPmtRIVst622/8nt4HWGLYi38=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN4 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:33:29:E8:8C:80:4C:A6:AD:27:83:8D:25:02:67:C5:E5:B6:76:04:CC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        7d:57:1e:3d:c5:08:85:5b:0a:d1:cb:66:61:ba:9c:ad:1e:d1:
-        7c:28:1c:08:2f:2e:52:53:18:63:ac:0f:c1:fd:30:d2:f1:90:
-        bd:fa:89:97:c4:2f:73:a9:c7:36:bf:5d:e6:2a:21:f2:d9:81:
-        ae:f3:47:05:14:8c:ec:fc:80:c9:c5:3d:37:cb:5a:e5:8c:56:
-        d7:be:e7:ed:8f:f7:21:0f:d6:6c:e3:f8:cd:dc:c6:bd:70:90:
-        b6:30:bd:d1:76:47:62:33:02:ba:bf:97:41:a1:cf:62:12:21:
-        4c:1f:d0:49:a8:b7:50:f9:a3:63:40:5e:f9:0b:5b:ac:de:7e:
-        f4:27
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjQgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFDMp6IyATKatJ4ONJQJnxeW2dgTMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAH1XHj3FCIVbCtHLZmG6nK0e0XwoHAgvLlJTGGOsD8H9MNLxkL36iZfE
-L3Opxza/XeYqIfLZga7zRwUUjOz8gMnFPTfLWuWMVte+5+2P9yEP1mzj+M3cxr1w
-kLYwvdF2R2IzArq/l0Ghz2ISIUwf0Emot1D5o2NAXvkLW6zefvQn
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9EE.pem
new file mode 100644
index 0000000000..d0a035da68
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDNnameConstraintsTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 7B D8 8F 64 F4 1A 03 69 E2 8A 68 DD 4F 46 8B 56 B8 6A B4 FA 
+    friendlyName: Invalid DN nameConstraints Test9 EE
+subject=/C=US/O=Test Certificates 2011/OU=excludedSubtree2/CN=Invalid DN nameConstraints EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN4 CA
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIERONCBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGDMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMjE4MDYGA1UEAxMvSW52YWxpZCBE
+TiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyBT5iEc/Tv46A838epWd5siS3H6q5kdzw
+winlJhMTUca8dVCuiZ9Xwgh+N86g54NvIJXzQiAey/KJan+2DXRcMu5EGOJjABk8
+t6jc/oTvdX4KjMkvYobBKcSsRuhuMkCn3vy47e40e8nxhmVhO/f0crEsmWGE4Eaq
+pnrcFD3YPRZLaW/2HRWXiOn0TpwJLpus+NYxghAwvI/IKDh5ymBj2BywUvvxngT3
+iKQ4BgoT5W/4Ce5XMekn/S78BD/DWiQMHqNjBPeb6eH+WvyPXpn6pTuIGg/Vpn3d
+KJzpl9t3WMo0yQaFzYlrUhNYGOJMXWboX27tHetlmdhQ7kF+E8WPAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFGxJNq0uWIkSNlFBO1RSJiQA08p1MB0GA1UdDgQWBBRQpDE2
+BhuO18HQzangbKt4zr2s7zAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQCom5SmP8qsQSlBzA8HM0nOGzLG
+oD7VEV8/kxv8VBLzXzgI7bijCIWzSReTUFCp8gBzdMYLlvXHkfy+5kvC9fIEmzyw
+uq7vNwjmFOA2sXtoGcbn5LwOhEepf0qdi2Y5oOxqQRrj98FelZ62bsXjOEKdR5g9
+J+2+VcU3P0ENrAQisVy7mw/MteuUEL7v8iEtfpvxjR6ZP9IsRQY2XsPXNX5hzlzZ
+C+M3eKDVmg3c4QEjXvbBdhntVU9H+YYaEtQZ2F0vKH/lv2f2/Vj7yupxExakxpQP
+6ukRNeDvnG6ujitq8qhWu6QDEfCdzzEx2ZuAVZqTJjAKWC6HwfZUioDjhHFZ
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7B D8 8F 64 F4 1A 03 69 E2 8A 68 DD 4F 46 8B 56 B8 6A B4 FA 
+    friendlyName: Invalid DN nameConstraints Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,454FD50E5AA86909
+
+snoxER3TwKSfJIMUgfnKUjqQ96OcVNV92TihvkayHtqbUXsaqgQ9z+zIRp7Q+oiy
+7kkNkgPXPLVVM0SfIEIdtxRH70Fg6nwV+We8YH/3etFY8yxhr+qbbx9ouIVzk5YA
+4inJNfS2OU13J+26BGzi/eqosJzgNJ8jMBxsxbCQNb1TDC/WfFQiOUUW+Qxha5c9
+vNhJwQeI8s4YCic7HJ2a1xUviMLAkFXBtn+1uptLR4M0eZh9yZA4udYzsugk/uvW
+h5Wz3ZjZgM0mRYsBzsymxOBc/UhmXMFvMsiEmoO/TEexvGEXODhsALxzUhxQttgT
+7BlBko7cqKN01cxie8ePJKXa0BmLRcY2fQklVi5Nts90Yr15QFJ3R41Iah4zoigT
+PJ9U8f4fDhMkDdiriAcXYFpSDYd+jQ99EsoQi6c9LH/PtX4EUsVAWsM2xjlVUGCq
+iaVx5lKEjsN4UCtxEu/LdLwExnYUZwgiJEC0lCZoRTz8iPEoblMtB2mYmJp2coPx
+9JjULNwUiKa7+4UoxzBMOjGjsRel1J+NkXXjaA6tGI3ul3SeQ542SSAesv4MLwJR
+weNL6hEFdLtJ98TqhaXibr7iupjmAIqdN+IwdbViLeSHa/YaxtI/W/5D3ub/KdjX
+tegv0+IJrPg+HSFB7FZY+HDha8h5xNariyjz/K7EgfWqYl0XyMFvEHZ4VWr+M4aY
+kUGLfnoIVWBl+7n3YhzzCyyRgzos09SkWPuqsj5NAIDFIruFZ45TcQ6wRP1UV59a
+iPrEsmv+bwAYw+L71LtGKgWp4OfhjuxZp8XmEtcMcRPq+luNny/oZO2GVJ75mm++
+b9Aqdl8tkWjFRYleDv/IBu/eRqhQH387gICxQORpjIIo/tuHyOGdYbIIXL08cbMQ
+h+cNSGR3kQ24IFoFUGBnF/LgsfftretK09zV4Uk1uPUdOHZjt3eZf2VWk3aWoLQz
+krgL3yR2Y+yqfrdPeDAzfzQr2QtyS9ioN0fNDqk6vdCz138YGr/X/wfPZoj8ynxY
+1NbDQHKNl8Wp+4a/OQJT+SleL/SsHkCj/st+UBDZ5eGNdZGT9Zc+4wwPY5oXUFU0
+owqODQFLhEpU9a2tru39wTTrQQJJgUBTTHfjrMACCbatlOIDBNrf2kf8R4q8Jqtu
+wXrpbOiINsGqv+Mi9/qHOXXQO9M7keyMoIcg4nRCtTVmqz1aMs3NTEbPV8das8E8
+gd6AgGWOCmQUUh9z8v2U8zLOCR30mTmh3kstV+v6UniPzmVBMLj5SZSDJyCor/az
+bx2LQvTQ187fmKrSJwbVzQa5GHWeKQ5x6MU7la/5CjdlGxLmkzgd10Quk3RAOzAb
+aIPDUk49hV0Wb7VuMjkerhXyDX6ZE0o5O7UWNBXxDX6qUGKnq85f2XNxqUjvkZZ2
+fbUuVrbOC2gei52XzRhbaDiFbESg/mxTRprjIIBx+tPYgWzSFYBENRBYqUQQQSN4
+W1RM99Z6q838RXAFTKQr4jNtaZnSP3LOpDyuo9TbxHHSM6c+ldtgaL51mY8jHJO/
+p6clyR6EaRhKFeS4VmrTqUszOiaOeq2Cv/wRaxuXN+FDUrtV0FF9ZHpKDSxOTkFg
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6.pem
deleted file mode 100644
index 55164dda04..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6.pem
+++ /dev/null
@@ -1,104 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid DSA Signature EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=DSA CA
------BEGIN CERTIFICATE-----
-MIIDNzCCAvagAwIBAgIBAzAJBgcqhkjOOAQDMDoxCzAJBgNVBAYTAlVTMRowGAYD
-VQQKExFUZXN0IENlcnRpZmljYXRlczEPMA0GA1UEAxMGRFNBIENBMB4XDTAxMDQx
-OTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXjELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMTMwMQYDVQQDEypJbnZhbGlkIERTQSBTaWduYXR1
-cmUgRUUgQ2VydGlmaWNhdGUgVGVzdDYwggG2MIIBKwYHKoZIzjgEATCCAR4CgYEA
-vbB6Gzy0SX2N5smRzWMqz0VoZRd5JR2pZblQy69qF7L9wXPemawRZc4n8w8GB+4+
-IDHq2L8Uex+2KP9lRuXNnaUp+C/BCIB1cHBBJwA2Wzqhe0uyoVb9qvDOQuU27zRU
-dymarmOqSfc+ruHC+faJMv+ZaHv5zjRd8XwpZHs0ZK0CFQCXYwgNQsqfF7gNfgA6
-5QUzpC5bwwKBgGBfbUNGPILwforCRr06QOuBEKduLdWEZngS7RkwrK5N12jxDw34
-bvbzjzqlldmdKRu8kUG2bhSV9aF/EzvyppEkVBZ0j4NmnQtO/kvigCL12hmSucnN
-3Ir4+32prJX4ycxuECJYsbU5LPfHicJT9x5o8Yy4IcxJkzfkL/O3WE1KA4GEAAKB
-gC1pr90wK1tDu2BegyCB0M5MOerDtoYTJ+js/5N0yrMApqjdguHSRoq6nyc/33dn
-gAlOKsmYuClo4V9v5sQ1rPYYa4Pt9DL105oCu3uZAlASTSqiUc6FV1IYlEEyErXp
-JM5sYFEtet0LoIq2QvmcbHx3OZXrTS7ZgvKCNwNFBQ3Qo2swaTAdBgNVHQ4EFgQU
-3GZpOXKnsDrffRsT0zC/TrR+oPEwHwYDVR0jBBgwFoAUdBXVJBy9XmWIH+GLCX5/
-6hlITmEwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA4GA1UdDwEB/wQEAwIGwDAJ
-BgcqhkjOOAQDAzAAMC0CFQC8jW6jJtLFOVb/3gB8Ud6zDADC1AIUXggJS+znTQfq
-yuMe+SHndjnV3Gw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=DSA CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDhjCCAu+gAwIBAgICB9EwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxUcnVzdCBBbmNo
-b3IwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA6MQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBkRTQSBDQTCC
-AbcwggEsBgcqhkjOOAQBMIIBHwKBgQDf5RE+2um2bhDW6p3inTqwR71EAMdWyMxu
-0DOEVkc1PfZUyOPCrbu6dfMvMwym+THsZ+PlmW38KW6qV4hyNOKOAJDgo6xkjsD2
-PB2PtMhKSDBef6qcdiYL2xNzM4OXwMWz5jf1Pv8VDdShLrox+KuH2AvMd5hCbqyT
-mMK9Lns0CwIVAM8GBNj/i+sA6fZcB5Zz/ZZlOi8HAoGBAMzhfLDOkl9j7Di7RLrd
-kjS2Xr5le9hxdwSd7GZ8OwTOtvNS/g+SVQLvThKrXZouL25W83Dsau2bIrioE8sM
-nBbqwQqOISZEpQz5oOxi4HAxzGj1C4WkShtuefTB+TZaOG9O74RT32f9zPdZYo+c
-nM0Qj1ykD5y3B+xg876vfjmYA4GEAAKBgBHyudi+QivFhL6RAhz8jDJyi6hsIdeI
-ihS6MGV1wBw9gmllp6yQehQdhXvlU8Jg/LHPZ6/B8i4IMmo4x5FOO7w8CdD5cW0I
-3ydJjQV02L1G0NtRpVO6h/P6XSWDT38KdeWp44mnQXdjQF8rLITSwXF4CttrVxnh
-5xQMnsT2MjkOo3wwejAdBgNVHQ4EFgQUdBXVJBy9XmWIH+GLCX5/6hlITmEwHwYD
-VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
-DQEBBQUAA4GBADo7ch93LLrc7PUdW0XOP3+kP+Sywfqf2ApcmOLufmM60siw4rzA
-1ssoITB2Rs3TPQKBiJzMdFKrq8tQ+8TcpXJ9M4SVfbAFB0P0vB4UC2Eg6iSnVJbB
-tsZFj12gpqv5Gawo3yUTw34h3opDGSX1pz6eZUIZBFKpAX5gyIpiEBI2
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c7:32:ea:21:ff:7d:01:d4:f3:d9:c5:a9:ea:04:35:21:81:d2:
-        13:f2:35:d3:e4:53:c5:03:93:de:a1:2d:25:56:64:bc:52:20:
-        81:53:69:6a:a6:90:26:38:bd:ed:31:7f:a9:7b:c1:e8:a9:e5:
-        07:97:82:bb:3e:8a:f9:79:ec:2e:bd:16:4c:31:6b:b6:80:ca:
-        ba:ba:0c:35:0a:d6:08:3c:31:78:fe:d3:3d:06:69:6c:3a:e4:
-        07:4d:6e:84:21:d3:c3:90:60:8f:99:90:62:a9:16:38:25:2f:
-        7e:08:5f:2f:cc:59:d7:7d:9b:2f:d8:0b:e7:70:d9:64:f7:01:
-        38:8d
------BEGIN X509 CRL-----
-MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU+2zULYGe
-yid6ng2wPOqavIf/SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAxzLq
-If99AdTz2cWp6gQ1IYHSE/I10+RTxQOT3qEtJVZkvFIggVNpaqaQJji97TF/qXvB
-6KnlB5eCuz6K+XnsLr0WTDFrtoDKuroMNQrWCDwxeP7TPQZpbDrkB01uhCHTw5Bg
-j5mQYqkWOCUvfghfL8xZ132bL9gL53DZZPcBOI0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: dsaWithSHA1
-        Issuer: /C=US/O=Test Certificates/CN=DSA CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:74:15:D5:24:1C:BD:5E:65:88:1F:E1:8B:09:7E:7F:EA:19:48:4E:61
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: dsaWithSHA1
-        30:2c:02:14:46:20:d2:4b:f9:cd:91:09:e9:71:6a:bf:d2:3e:
-        88:5d:d0:47:ee:aa:02:14:25:ae:d3:6a:ca:3f:a4:54:41:d9:
-        a3:57:74:b3:48:ab:c5:9f:01:f9
------BEGIN X509 CRL-----
-MIHYMIGZAgEBMAkGByqGSM44BAMwOjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMQ8wDQYDVQQDEwZEU0EgQ0EXDTAxMDQxOTE0NTcyMFoX
-DTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHQV1SQcvV5liB/hiwl+f+oZ
-SE5hMAoGA1UdFAQDAgEBMAkGByqGSM44BAMDLwAwLAIURiDSS/nNkQnpcWq/0j6I
-XdBH7qoCFCWu02rKP6RUQdmjV3SzSKvFnwH5
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6EE.pem
new file mode 100644
index 0000000000..767c46f04a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidDSASignatureTest6EE.pem
@@ -0,0 +1,44 @@
+Bag Attributes
+    localKeyID: 9E E2 98 1C FE 0B 6B 55 A4 BD D5 C2 22 34 2D C3 98 4E F4 8A 
+    friendlyName: Invalid DSA Signature Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid DSA Signature EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=DSA CA
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAwCgAwIBAgIBAzAJBgcqhkjOOAQDMD8xCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMQ8wDQYDVQQDEwZEU0EgQ0EwHhcN
+MTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBjMQswCQYDVQQGEwJVUzEfMB0G
+A1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEzMDEGA1UEAxMqSW52YWxpZCBE
+U0EgU2lnbmF0dXJlIEVFIENlcnRpZmljYXRlIFRlc3Q2MIIBtjCCASsGByqGSM44
+BAEwggEeAoGBAL2wehs8tEl9jebJkc1jKs9FaGUXeSUdqWW5UMuvahey/cFz3pms
+EWXOJ/MPBgfuPiAx6ti/FHsftij/ZUblzZ2lKfgvwQiAdXBwQScANls6oXtLsqFW
+/arwzkLlNu80VHcpmq5jqkn3Pq7hwvn2iTL/mWh7+c40XfF8KWR7NGStAhUAl2MI
+DULKnxe4DX4AOuUFM6QuW8MCgYBgX21DRjyC8H6Kwka9OkDrgRCnbi3VhGZ4Eu0Z
+MKyuTddo8Q8N+G728486pZXZnSkbvJFBtm4UlfWhfxM78qaRJFQWdI+DZp0LTv5L
+4oAi9doZkrnJzdyK+Pt9qayV+MnMbhAiWLG1OSz3x4nCU/ceaPGMuCHMSZM35C/z
+t1hNSgOBhAACgYAQWbmkwRf6MP4B9U3eJlPnnlqXNvSHUkc20sM1M+rUzpCjtMD9
+A19x3QZBz2/6zKHJH5FErjnPtTzrGeTf5Z+TKVJZhnu0h7488ylP6DH1xHlIGotx
+192SGnw2XbuwsovncnWlqcT7+Agh9y+xdVzyUJ0FhE3Qx+x/teDgzlz4lqNrMGkw
+HwYDVR0jBBgwFoAUj5DGjHToewzIWcd9PFtUWWAlC7EwHQYDVR0OBBYEFIZoDvoq
+SWtJ8EVev2KlUt2FIGBFMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAOBgNVHQ8B
+Af8EBAMCBsAwCQYHKoZIzjgEAwM+ATAtAhQ/pOQA65i8c4YUyXW7sZs/U+tedgIV
+AIgP6varGB6QfVQJyKjqwXPCn5iiAAAAAAAAAAAAAAAAAAI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9E E2 98 1C FE 0B 6B 55 A4 BD D5 C2 22 34 2D C3 98 4E F4 8A 
+    friendlyName: Invalid DSA Signature Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4EAF1A94DD24EEA9
+
+DVXBBzQxV6Wl7CrTeW5ZOsIk2TDqnaxGZecFTO2LrzXipC8TwHQjNnB1qi/XHgUU
+z8fnnHYvcEexfyUpR79IWaZaf4e6i3ptKAPtVqxTZjic1Kjg/JTARpP51s3AkFwW
++5dvcjJbA4NRq29N5ciVs5kCTmXOOy7VvC81to5b2g6rZR+xEDNnjuMjbhph4vBV
+RyFpNGMjkC8ZMy8ykXGt14aHIv7tSdSjObIZO5/xrlpfx6ldAQxZS6RwgbjumPu9
+sRYxh+e//cOv+qbl+a4VCqEovlpCZAj2ycwPGRLxbQi8NpgM2LH0D+eVjDio9ft+
+Kxv7DFVQPGJvWD5ZtF8x90DAEM2qdx/5ILO8X85Spmc2zDzqd4Sq43BU9ftPTOw1
+A5ih2j1bZu9euZakhEB3v+XneXslXNwri0+N9WSXMthSWYzXVRQR+kYkfFEh1GUF
+GwUYg3YUKFO8B7gn4s/f7imqStJOftrYWz11cDuBNXDDHJwvWglwRfptuNwd96LL
+8rCYpqY6wvcq0zTKt72ohfqVkLa3DoKKX9id8AQ3XvD13/x39NXakiyUNcGGbz2K
+yKcBBRVnq4Q9FpNQPMV92Q==
+-----END DSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3.pem
deleted file mode 100644
index 998b139518..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid EE Signature Test3
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICajCCAdOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGkludmFsaWQgRUUgU2ln
-bmF0dXJlIFRlc3QzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYuEosZMlo
-4XLnLFz0FHAoAVIElosiQpT0Z0p3AtLcG9tCIN83S7m8WXOBhuRBoRLaHQvEnPE0
-n5azBwJ+zhWD4+MglyPcJ1FrO7SPiHOB9UotWr0EG4cjkAVUMrrkFRLfoLIPJqz3
-sNEYnP5qPOe32IGDKbXybjoddfzHbompcwIDAQABo2swaTAfBgNVHSMEGDAWgBS3
-LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUU/uacMtyT3ntU/H7h/8/HstM
-ebcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
-hkiG9w0BAQUFAAOBgQBHY2fzJrZTRjpqPLxzU7ZABeS9O/01ZTY/9uYl0JrJsfN4
-WlxaYMtSRcTJceQAvfyrafk1x354iJF+GjW7XIJR9RhGlkQXquT1Pqlv/Z2vpSjq
-glf4JuAbERm1V92qP2Acyiphm+P98Pu21c/Vq9xK3Jh/9/GUSOCmPIhvVG00MA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3EE.pem
new file mode 100644
index 0000000000..7f8cb9673c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEESignatureTest3EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: B2 88 B6 C1 D4 45 AC 2D 04 63 A5 A8 3F 32 C7 47 65 EA 65 78 
+    friendlyName: Invalid EE Signature Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid EE Signature Test3
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDeTCCAmGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMFMxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSMwIQYDVQQDExpJbnZh
+bGlkIEVFIFNpZ25hdHVyZSBUZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAL0hKwE3BTkysVg5uG7li7trnzIg3Nr5gt86tdXWBMvUxtobZoTirYpn
+xeWYd7nak/BcsY1/s2PG0eKHK7p0/U8TwSiOKrjaY4MbEXD9nnWdsOttQbNufHvj
+clD+rj4qxFjpUPhDNO4hlC97x+A3PUwarY7UfPbmHSOxwhXdaC+ewQ5PP0KpjYdV
+ImdRiDW/6ViFocaoEi7X6oxa7wq+fX0I+EIYF9ff5gQWXjH7627CGS5Mb4pPMIqu
+uNAucKCUhm5ebNp+4IGm0aS8NY/Nps5Ar2bj7tJqneiUDi/NtMRF1DG5f1hrNTMc
+URVDk+EGDknqLO8FfOH/T2ePhrYFo3MCAwEAAaNrMGkwHwYDVR0jBBgwFoAUWAGE
+JBu8K1KUSj2lEHIUUfWvOskwHQYDVR0OBBYEFMGDz5JBPp/wUvjh7G5TzmS74rxC
+MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZI
+hvcNAQELBQADggEBAAOz8GXBwa0o8jyF/ebFdC11whr/04CPLRHs8QK3VAeOaeKU
+qnN3retPzhN69/6vVl8ZngJqFZMQFVZ727iSDsva1w1j4eNbugjU6Hv8754pVBsz
+7aaR9Aza/JobeMmQ8iWZ0H3oR7ArV7vLbMwrDPpAMM4fT4lUnitVtbcggiY9H+LG
+guH2d8PbtEv2CZsE3nj3kSW+Tbo3cVd3BmRMyRvgqJGwEnRlJl33bWi2g0n2n5P9
+liABaYGW0oVeGPGHaKLrj7mIfKJHiz8xWHgouzjYv0amTHRqat01y9HCuRTvw0VS
+EXfdrlGih5HJj6SPux0KTr5O4PeaPJVrlFHi7Ts=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B2 88 B6 C1 D4 45 AC 2D 04 63 A5 A8 3F 32 C7 47 65 EA 65 78 
+    friendlyName: Invalid EE Signature Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B5DD1EEAB4CFFF8C
+
+eG6G3FYzv3Cw+pSy2czXeDfoSoe3uR0FcWK2ZHPR3ZqIPOJAytegNUW8e2rGwuA1
+dIJjE1FVKG7aREmp5MNNxxU4pS2LtmMh+tsoprWGuCHNGe3MMCkRpLDFhMI6HEKk
+I/XIWmGRAvXExp/u86IghVb7hLBOpBprtcX/AoYA3Wca/USq/XjG70dxcub2U5Al
+0Iu01dsYoNv1yjMBXAyDLwVeOBhgeAN/xb+xSaCG+i85lIL2GFQCi8B+mc7j5EVf
+DVhNrXR+uRZ2LeW72Z6XwMnbQRiaqd8rDTJWlLWGagPWYeCaKRB8eYR5GksZzmko
+YA0bUBuj9lhhmPWWq7ExifNlMBm+nqBxzOiDk0HkzvndGaUUaNPXOXL1ImjBZ3Uv
+iG76OcBh0OnABW2SGj7Nk8DRbJt0WpSKq413vZbfCxPZkbpw/Lo/Zil5tqDM+7G4
+aTW9DDx4lXGotgFVR0yn6AwSs71BjpzTf3AI1DzCc9N1xU6Q3M4YLezvX43WX3Zv
+wcygNFLrSJScJwhu9glNluPsD7leJfczNUMeclSbXSrIx6VWSEVuadQr1hriqZK6
+ELdGSeKeYU/Eg30umu6QcA8SoF5jIDpVjZSHI290rWLwEN38pgohBSZ58XrdObSO
+3gTHIQqcTBBucDKpAD0tcwx+tNyjht/4m8oer6ROk8/ewkCHOZFVpK97MJA0J9aB
+MFfqpe/yJ5uTXy8PR8uxw0r8DgvWOqM3VwCdguNlcKVE+SgIARi+gX6jq7InkQBu
+VCsnR6+ZosQNXNH248XzOoeiXL4JNUi+d3U6dlb5DbY2adC5VwNgC1JlUmkk1clF
+V/P42cCwDn9DmGM8+Wpe4eT9hwZ7iTkxb9s/kcjNGJg1cME1kFjFxZw9cPMfgqRA
+UOgEprTXSBFTuBsOnzQSQ6HsdaBCHrVwxBn0mn2NH+nwQ8Pyk7XW+WCKW2OT02fW
+PQz7KYPcm9Exoozkn1eHyULqpGNY4Sw9nKmmjMa8Zty/VfrYwwz8xfm/t9+LOi8m
+415J2IQIslxutzbD6/aNDsZLlvvnSLkGaTA5tPdT/GO9A2tk1kY3d7/nArnOQTWR
+jZulgzLWi33fABX8rXBU+JtWmX7RKbM9yP6cKXG2BumJb8xMqULGkupynv3a/iFX
+nmkkl99DFqwGmhliqQEm0swjB/p7lY4LpiaNkwMmX/jXkKXet+qtIpYMH4Uo88vZ
+oWfoyOzKEKl/p6/lRTVO2toLU79rejdzTwAbL3mbiMYWjFM38aJGQQ8GQiNVcLvq
+JFnpa3JxkFhTZPQlfqAHD3Y9dyR4cNU/6jP2rGYKJlrkqA1KmhgdJVDWyYRkiYgn
+vZFtbnuHSPrRmrdjoaSCR6UIm7Xmwpe9Tv35IHrXAi9wQphZo3CTMFedInQi5Z6o
+wrYifORXu0f1CBlJeWAgFw9yZIslVmKQiGsV7o5GXPC6sFSvAisJ5tL0nZkZaQ8Z
+gkubFwqQ06fOP/1UZK/ck2veBueNG7/PHgNSP2rhQGXhAoqdcmxXMvgEUNh15B9c
+TC3eQ+z+90tksKUZNmlx/U7eO97TMAXqx7KysqwAL4xXdnr6whxjIw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6.pem
deleted file mode 100644
index a9fb2b27fc..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid EE notAfter Date EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICfTCCAeagAwIBAgIBBjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMDIwMTAxMTIwMTAwWjBhMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUludmFsaWQgRUUgbm90
-QWZ0ZXIgRGF0ZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAyCOeDYaml7SOL+2x9UWcwqcMIR9a0vGlP8Do87TNFZz+wiLZ
-0nMYVMfnQWT28E37L2tcdoZUM7SW8dlvfMfTKIoSKeXUiD4bRftrWVj4/s9Ipb/h
-8Gl9k0GwUmg9gN3LDvdRw2z2CiBtP6xsNJZ9vFW+o5QIhd84r74TPs1H2xECAwEA
-AaNrMGkwHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYE
-FP4ipJtrQCKWa5Vq2wk2HfpPnJnGMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
-MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEADdATbChw44x7r1EYA7A2
-1BGzR/9Qmz2Dhd9d1stBum7SiD6Rclpo9A+CfwMmPhzNuaAScE6jL7LGwOYIbKp0
-LczJhPXVy5XLwf+pciCQFDFVc04/qEIugQJm25iQkm6W0E6kpOuwrOlpUU6SRAB8
-AktPedUhRoKNsB06vemChz8=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6EE.pem
new file mode 100644
index 0000000000..e80dbea823
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotAfterDateTest6EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: F6 4C 36 C8 65 51 7B A9 5F 73 BB 49 44 AC 4A EF CF DC A6 CF 
+    friendlyName: Invalid EE notAfter Date Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid EE notAfter Date EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDjDCCAnSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0xMTAxMDEwODMwMDBaMGYxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTYwNAYDVQQDEy1JbnZh
+bGlkIEVFIG5vdEFmdGVyIERhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDYwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVkIXCcTqIC0o6oloj+rv8wFYVu8ss
+0yLlBy5nINdpFsuWwMezsprPdut5NnThg0m+t6SiQpFqJcqQKVh2i+z8/DUWfWNr
+1H6ShCDO7xPupe2o5pSJe5dTonyC2LHLABc9HQxGxCvL6hAXz+/nMciADvYrCHlr
+n8ztVSKXI6jaBZwb0KzcsWHtjFxVWbPZ2KVp2yElWUJxUdX9rUnOYVATeKVKHohV
+QFYA6wAe/UETnkCdz1JWqs+vG3QMjw5/w1V1lthf+SFbJiT3PVV8VCxq23bNy4wF
+M5GVeDJYs3lIm7rIo0/d7PvLhVUCQWmsQKMyLwS3xgBrOeIWNsVAPM5LAgMBAAGj
+azBpMB8GA1UdIwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1rzrJMB0GA1UdDgQWBBQl
+6Mt3tdW2ryNfEQ9WI7oGr62koTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
+BgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBUXyfp0KcfRQdV031V8bA9
+gngzQtrEI05Aa0VbgTv3b7VKeIcgwsUMeNjuJZ5hUxAISm8+xwoY5e27EOHxWG+y
+Dtk2Czfv46Ga7Pau5P5wag2QkPk2WlmVovMp92zb+GI5vyLFnEdNY3zkTtFxCbYI
+LEMROtRjDM3EGkXmkoblz+Z+u7NaLW4cKI9gBYytP3Ezg0R8dCRjDRkXy+95CE8q
+6taAwnxIQ6FqGxjBgf84oXVW81qcIf8N3i+ZztMK2a3swEDY1CyeSnj9WAX4kt18
+Qou/YP2hqVJxApNFFcBfqybSUOyLu8mbYlBAAYNB70QchygcEayvAXOIXX/NunA5
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F6 4C 36 C8 65 51 7B A9 5F 73 BB 49 44 AC 4A EF CF DC A6 CF 
+    friendlyName: Invalid EE notAfter Date Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D12A38D94C74CBDE
+
+7qNutaQU4Li4WSh6pGKQKoSS5jbHR/a2L5H6DcpJYGjDaHRyWmf5FEC/VEC0NXda
+QA8xVcZD8AMM1e1HnlniqwGDE4+SwPSNHOZ5qnIPmnwz/9iW0HxkQT95bMzcur+Z
+Nuew4iwrJ0VfjbB5DeX8OZSW/Ut9kQMRakWSPsygjTudsC+RMG+/SJDBDsA+8A7N
+SELORpkRB8WL5szF+tifUMg1fCLeXIWk1S1ByBezSNYkUmtVkdpzBWCHWQ6CjL2s
+a0aU56Vb3AYex4srhgM1Hp6XOvrRAAYmSU0DMoy2xh1XHgi2pK9dx0+hveuHTTIU
+/XbK5CQgMFGvOvSMx6qlMlp3diEFsw6JtC0Iqc6RX5iSHmJ1S5uL0Uk6vw+/UV3W
+68D1DzaXr12gLF1kpMFq/16mVBzvBAlGBQAKNwvPtZRgU866V5rf3/bWh1p5FlAI
+vaiokUR/tUQuDQjAQ8PwgH1csHtKW6BpGHDZK5D9FXtAQOZNP8l6LOX+4LRpcgZx
+x2Yp8sOhuzjO359cxGt9TZnIKpEjX/M/tQEO298q8EMjHTWSRzTb03PwoUUIgZyZ
+3lyCGY456MORDM8DUpl028kG/hwJi68EyfDmDR9jFAy3UNHyK9fEhP+VInk+82Ix
+GemQXlGr998QeuOodUisUufn+yYyE7hIIahTDlHW05earGfg3UhYHjb+w4WYM3Gd
+aQRiEqF8srAGZL7HXnl5OGXSABheyIaqi0SLzPpJTtoWcKOi5TthXavMpHNnz+3q
+WXD2XkzJBCZyiMkDW/BYmmtOoVdIawEAuFoIuyIht3TmjQQmao6II2LlT3a/XFLB
+p8Rm2zw2IF23+nDdHQ1o3MJ6JBQPChAjDGMrXI4aKWXURqO75+9Z8VaK2zBwB0EQ
+HsJUAlFnCVrEic7m0PQbJcfU0XjCOaYT26ICmX6InwkdQH3p/jFxaSpT7dRiijUL
+SGqP4Gtv+Um+ZJ+IdfZvYDqZ54Ga9wFoJvDvuSkptasrzre2IfJXm2+sj2WNYP5L
+eNAaBWfY66NJ7Smfl9WBmyQ99yX8J50Yyq+CKOvRupNSYHWLnXOq8a7rhaTGNPse
+KjbVtsxG81wkOMed+7t2LWLj585FVBqIpHkAiAdFEZW54eWXC2Fc48VSmfBJfmqF
+Ub3petrSdSC642Bpx8FUlvLz8dQOMT9l0Y0MiHIrS579hihlEkC5D+ycYVO9PhtB
+gDV5xSHaILQ9IzMg1bmoFXvIOcFN0/qRfo257znG0nMUMeemQsQJLLzH2BQStHrM
+Htjbty4n03oYuiTd/B51ztLHd0Ou2y7X6hBpKuAHSsA95tAJ2rPG+nf5ylXXC4AY
+2CBysvFPm1TWthSiwL4X9TRTjxTw5PKB2hZzxBEZJ0o3/I7RMH6pq3KEn0Xl5yhC
+PErTitHGfMCUkol3o1C/C1PJJXIepEcrahZKSUriCTvRZgrg7wHfODGmKncroHHi
+i0g38wYLdqVy8GkK69zOuSexeJZk4G3/eZwxBDJ+ST1m9oYLVHCz8YAVIr9Jr5N8
+ZskNdz+wSV2xyfFTbzmG7s+dpb5y9CcP+jTfGZG5TvfpMzS1cuv611o8EzFlQJ6L
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2.pem
deleted file mode 100644
index 6208b7d277..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid EE notBefore Date EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-NDcwMTAxMTIwMTAwWhcNNDkwMTAxMTIwMTAwWjBiMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNzA1BgNVBAMTLkludmFsaWQgRUUgbm90
-QmVmb3JlIERhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDIwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAM6vu936ab1N3e528zJ2ryTW9quJh45gf03iwH7dWEYsZpO5
-t9UBImXpFR+j74ZQenhHmcgGQNy58Zc4KwbzxnNMnvW7INMVc36TZzdvq5hfXCsV
-SX5gBctkPQ1hgh6LZHLQoUnxJiI7iijUUE6P2p4HfaqfEkh1tQfjivyF2yo1AgMB
-AAGjazBpMB8GA1UdIwQYMBaAFLcupoLLwsi8qHsnRNc1M9+aFZTHMB0GA1UdDgQW
-BBShT/d1PnEn2vh4FZtBbivDFsd2djAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAGYyJnIuxfaHwIyiOnLc
-T3IRt4wcrAOMimrliGD1dHOozDxUnNA2gZqA11JYlTJ6QzScfOQ7Wg8XKu3mxA8u
-c2A/x1cX9PYiJ5Js37f4OBW3/sWTk+X+9G5iS3cDB4e7LDqCdf+Q4eEGlyEZ8xw3
-FgxmIZrL8hh7RlY8QIAMRc3S
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2EE.pem
new file mode 100644
index 0000000000..24330b19a6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidEEnotBeforeDateTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 44 B4 F4 DB 49 50 44 B5 A2 25 5B 57 D9 F2 92 13 9E 7E 9D 39 
+    friendlyName: Invalid EE notBefore Date Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid EE notBefore Date EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw00NzAxMDExMjAxMDBaFw00OTAxMDExMjAxMDBaMGcxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTcwNQYDVQQDEy5JbnZh
+bGlkIEVFIG5vdEJlZm9yZSBEYXRlIEVFIENlcnRpZmljYXRlIFRlc3QyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtc20YJ/j2rSNlGJ/J9rqsxZKwQvD
++f2lCf9yV6nowMsJGRYdX5ERKWoqW29xpRaseNUf38roqv9TiBy5bXzOoJ3a6zfN
+SvhWPf//uk4zP5fBAEwq7VL8+UrpZBsKpbTaVIvIeOfTpvWr9qW1N9J1aH0Y5B8D
+VsFsdzrGc7rjbDvb3bz2bymkDKGW2A4XClecaAIGJiJOguEuYMhq4B5tndQ0cAQN
+QcDXS9li//HO3vlYyiRYv40hZwaTt41m5cQ21xTfFOa/ORsCa96sAL2TR64sT/u4
+DWck/9kh3qxsw9gRSkRydr1xOX3HjA6gYUl7nv04OmUSHwf/w590ry4elwIDAQAB
+o2swaTAfBgNVHSMEGDAWgBRYAYQkG7wrUpRKPaUQchRR9a86yTAdBgNVHQ4EFgQU
+mXSnPUJsL24xEXiVXHTV4VzB9nIwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAPSuzpUlBOhAZ8lTzHWdq
+Zoo5cC8+mX8vg3YOTm02idO47H/HcqUjQMJZaUr/gsnr0dABy2kuiU802/JbLp3i
+jLGTygmGtU7Wqj2t9IEgDeZdQflrYfaCm8rPqNeiwrQb0Mw52dXLMz3YFLqG1BAG
+Fqrxg2utLDQfstLrpMs2BHXsSxSBq6ad7BS32qRweNr1KXQJ4QNnRGFrOARTMxi6
+MBY3zCiMJWYtgtV6aCt9t/q1kt1NFCkc8CzFdpgV8/rz4poS4FNweXhT+RqyF7UT
+PBzHycgL90/QG2N6LlTHxux9ElHQYy8HwwxlJoE+lPv89DSLNwra1mQ8MJMu7h9+
+qg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 44 B4 F4 DB 49 50 44 B5 A2 25 5B 57 D9 F2 92 13 9E 7E 9D 39 
+    friendlyName: Invalid EE notBefore Date Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CAAA900EEACAED9E
+
+d+pM/3UW90Y4Ig/6oE1g9MLVEkCn//6Oo3HubTLjk3NM88UFOAyLp1Ifm1Dhhz2r
+njXXB7Hxz1LkRin974RKvNfHZMmrFBHNCHHGpfWP6680dVmCBygdUnBX1Ex8d9Ua
+pt2+MIq/O4ceA5ajoCLENp/l1oBaqkBNEmzJ0vO6UWjOe9TipYzmhzyIbw8K6Q7E
+BoXnQCt5kKWOWFJx3wlfhap9ecd1YxFG9C+EXzI9rJhbZ72Nm5VJSFefQ+YmnerW
+oOV05pXUm76QrcpJH5SUAMdIajUnlrXlHKXTyBAIG8iKSBg17fU3kBJil9sLBrL6
+wp9/hW54KiUBdGhQ4jyqOp0rbHALHF7Rrj0iOn8oxG+vjXywMlvH6UDY9iLBRqwq
+q0fQ3W2T/fG9XQHLBjRD/y6OgG3k4nWtOatOzPsyZsUwU97jNzVtUd4gHR/vc3im
+DmecIfmNrt4owEv1dOi6vGoowgA+tSAzzD+r+brHwynTM5YFXHBtHKlt5EaA9A6M
+hBA4hpwnhBcBVI+Ai9FZhUfPl70K9vGYlF4Xv+yclGLlTKDryVfqrT/XH7I4oImB
+LwgcywnocjjP895Te9MDpxZE+FSeiTnLoI4dks0O/kMwZ4g2R4wmc+3h0RWXFCEL
+PMCgBbHVJ/n/8vt/L6AnKgShx5dcP6gEh+2zUxzPocQP4oJt/kJslGiINQlYXzXn
+wZ7b1iKz8zfFzPhzDp9qpYH13xs6/NvAXq/VdWUqZfkHSZEs6BL5wc3LHIsrwoQm
+aPqMTn2roBW1/gRaaa6bjErKf8Kfk7S/aVyyck1LB6hhgzAtHd6ZWBegRZaEguse
+0RlePqDtJ1Aj1FkogR26ZQhVmP1k7XpQtsvOO+fGE9IAEEv2OlxLCnD9IULxbeK2
+QDiPd/AKkMXtQ1C445ayKbEYOfIU1DEBRXzXz637dy0HiOHPyslRjEKz8KwvKcMt
+Z4uLTt7h9uNzn9GuNrDZPy5k8qieM4QTCKLvgA3NUxuEQnfrVo5ySQ5yNh635AOC
+NRRhv2wpEDivSUzpOK2rdw76K4Yu81st5nwi3NSvvfX5maEV0AqUneIzZr2qK42I
+Myrq9ZVqgt9mrrKIgV2qVfStVOpYaJ0aL8Qlo8MVtjpcZ06/eIpBsE3zVcTr9xfs
+QIV4LH+/5/pEXVRQuhYLMRcpTheIUDLex/dfELb4xe/Ekf0v7/RllB2nVgxMRauT
+Z54UTj5fE4aw8Sswcg00D8Bi/BuCEnNmtR6upGsVN/8Ltpj04Ql24+YzEt0YJ4ua
+3XjM9QVd1YwsNnwIUxX4GLBFfXVLmUKUM3Ou9CuIJPcW4Ea3H/bFgl6Zf9nAX7JU
+hE7esuv6KMOgKZsTjlPhZ/k/Z3NSyNqPRQdjlaL2Ax6DGBO2Pseiyp3idLjwMyov
+P9+y/IWlR+poqb5NvZnx6LVWvIc8Zc+0ygIvOi+olaB3F+ziiYse49V298CiAAVI
+E7a24HgcjkYVLihaZ+qZInQnu5eX3JznGC6s/PTToLjDqTWrb0MJeLTjEokc7S3e
+gKA4ka4Uwx0Qhcbiag8JCr4/RMm+JTeQ5pgwOXWAw2TxKm7+qa2p/hhgH07tXTGh
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23.pem
deleted file mode 100644
index e8f2b80b3d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23.pem
+++ /dev/null
@@ -1,116 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV
-EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t
-vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD
-ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki
-QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA
-tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc
-XHLxTJCox/SL
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid IDP with indirectCRL EE Certificate Test23
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA1
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGYxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE7MDkGA1UEAxMySW52YWxp
-ZCBJRFAgd2l0aCBpbmRpcmVjdENSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjMwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJR1Ogq33bnWdnMPT8T7u4psSBkPFbwr
-6mSgwNE1ZPPI3wkF66/zJAKMPK8LTskPhZ9QVaKvAt2MnLz004Yv+rS2N5H+cvTL
-oeXp0h0SbIgwRsgHWNBoOLACifcpIqR+dGuSakGD7dHG+NClC6jVJp8mf9EzxW84
-bjJvdhmADg7LAgMBAAGjazBpMB8GA1UdIwQYMBaAFGzBFF/Ypy3ghpMZXAvwSbkl
-W+gcMB0GA1UdDgQWBBTbRhIag+0VzAQ6Vki6uTqYN+IjxzAOBgNVHQ8BAf8EBAMC
-BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAGxw
-5QQhnpLypGVABOGVcbBYU+WO8Wkdo3htkGA1XHJSVggDQSbnHzX+1V/ETnAicQrh
-6ktOuzBTCLOG5TjmgKKcnS5y7rIndkGZ/3lo3DJydBzVGoLVUs5FWAvuWjIikQZO
-BEymYFtHwJh7iV0ma8n5No+re9BhnsQuWIfS7YXX
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5:
-        c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28:
-        a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2:
-        6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13:
-        25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e:
-        9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89:
-        a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e:
-        87:e8
------BEGIN X509 CRL-----
-MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy
-MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ
-uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF
-AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF
-lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b
-IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23EE.pem
new file mode 100644
index 0000000000..919f66170f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest23EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1C 9B 82 D8 89 4E 86 A0 03 5B 14 40 C5 CC 2F C7 D4 ED 03 97 
+    friendlyName: Invalid IDP with indirectCRL Test23 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid IDP with indirectCRL EE Certificate Test23
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowazELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExOzA5BgNV
+BAMTMkludmFsaWQgSURQIHdpdGggaW5kaXJlY3RDUkwgRUUgQ2VydGlmaWNhdGUg
+VGVzdDIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtm7caH1lpNAI
+shNu0OY69PXWaaBENPHHSe3ot0KHTb7EN9Rc4Ypl9KadClpdSmNdgUvL0QSqmdZA
+k592lYXRBS6kSlumWQpIx2SA3MWsc1XWAeWOE/aw0m6fhTQ8yL/4S97stjfJgjwl
+97G0sXcMF4DDeTNR3NHleo11/SPasoZqQvjCWfKEJ+vuzP0zW6JR6PzJdhll+VzO
+A9txxI6Vtq6gusfoq2e3Gf+9YTl03G/ta0S3Ssf/G1FZbNS9U1hSJlff969925kE
+Py2cgVq0i99mGGSf9dxLj21jgZH7lTuPYDiXz6mR6qdgK+5EKJroI+ev1qH6921R
+XOAzsi0wzwIDAQABo2swaTAfBgNVHSMEGDAWgBQl+K/8r7apGht5S9vLZCyLS7EV
+zTAdBgNVHQ4EFgQUTEZlYAf0YvkjTogjZLSWonv4Q1UwDgYDVR0PAQH/BAQDAgTw
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAdWW7
+g+KdfMOKQal4UHHE9pxyR/z3CLnVck4gGmGkdnsuaUV4BsuPC3PHCeKyNJcrLneS
+vb56GZm6WcLohMLBIsasqg7H7VK9ActQx4fC23qV2zRqtLsATIcWOKVLSYP0XNxS
+1yu967LvXoOlgF5RojE62aaLfAWgi9L8+DNyUiFMxM8ymKOr3K+AmgAQRtT3s+99
+V/t6q+2pHMQkA48GOU/0us9Pb5dQs6KDEZUmt8g5jvLiX1XrXKl1zBODmFJMViJx
+VWtSwncbqzE2DwWpmUPxN/tMFtzC9vcxf/Y3DW65hA6654YR6esTw6xJBknJv5NB
+PyJyp1AOs8KblEtA7w==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1C 9B 82 D8 89 4E 86 A0 03 5B 14 40 C5 CC 2F C7 D4 ED 03 97 
+    friendlyName: Invalid IDP with indirectCRL Test23 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,48A5FEA583B75121
+
+BvzSOqMhhehMvvoyLiaXS9wzeebKAz0sV7pRF6OjYeM1yV166w4vEaU86z4Q2rQ1
+GkvIfnJ0TP+EmpHmK/qUaJALEy7GCYEcceNLNF1+ciN1wBP8z/n16ff7pOeVQHsF
+N7Zwx1oPKKMl6K3zdsNrbIYMbLMa7dx/U4+0JtAI7EtMwZ6Xuj9htCjkf+KLkSU4
+2hfom4dyTjJLiffl2Wq5YqyoJZyVgq99/LOPjIltDpL1Atrv9BSbNpZpZV7c4i8r
+R82feIJqaQwT/T3rg+7hfp2EiJGwlQv2umtlywm5Se3W6y79tjC/CSBS/kKI03SZ
+d7RETnqczKXi27wB2vSjKIQIMP4LyydfLLvSNzKQyIlWAiSELLKR4hUD8vhFykGf
+/PFox9uXQ8hP/Mzd3ZXOZwOpiLKg8aJ4FUD4VWwtnuBA7YHxPXMr5egZaALp/aYa
+9FAQgLr6qkMXBwQu9XCr7E5eXlhh6DMghNwIrnrjnecpUcUpYO9i5Gsp6jGyoGJ/
+V7UroRL4cfw61Pegz5C5KbwXtWVn8Bj6EU+TNvTdLCKUGvaoyR/7Fw1FyjHn670V
+0/P+MWtaG/Wv9TFGr+xW6ytM0lJ4E7fNXyzMDnaRKZKYLFik+Z8VsqTmrNZp2MMi
+iOEre4X6sjYY9n4o5R16H2XjOPSzCokg9DfmVN/kRZU1RrVmlSUPFeQqnGFH/Prw
+f52/LPx6mECYYj3muFSIehzcDf2GAYn/JA8xTSbKdTiJzH8OZwVqdePMpwM+3bHz
+/JfdU/+6UKAhONcHCgaFnLCUXNiEIn0eAqGsxlFDlzxVsm7GOG8a3U+LLJohx1O7
+FTLKLE95MPryQ4exC3Q4U0VvqbI1aN8oYqoOyYor2A48oPo2ptc1kZqNVHKrvBEh
+ujJTGy7KZNaidCz8zgVBEKFz/LlmAdvMprMQdxz/00RSoWXugqDDdt7X9L7pY6Fv
+4vZAW6pDFORPGIV1q9Y1zninGaMn6Yjou8tWmTl3r/lT8DsKD6pi/djhSiU8/KWH
++c2odEWSU9YSlp7yG5eylV9d/ki0iBMEp5gE4pqiybfnqOjOKSYzNBWNWPtbc3EW
+rHSrcwVRecviTLrCfN2849oyibnoN2vf2N/8KNv6+ysivEgmMpq4lmDksmNkB3ir
+kgRzjASm4zZaXbgIghn4pFWxmcfOBpJLQegX7F3sFVSoUQv+DFBOlocMlAXJKCY8
+/H1THWUVJGwlw30uQc47qt9d9SfmxgsRfGR8fPLC5WtGf3o+S/UaMvwtHmTX42TC
+GbAS9bP/ymPmK0iUyxngTmGJ3Ke8kWRihRK6M5bPdHkOHFveFbBs34e0OfLMObc4
+tX1vi+wsNT1hPEpWJisKtzzXaZ+h7msiuZrb7IODtKzwUgDL756uCgK/vxrl+VLu
+LNd9QEnnNWlfteaDNSPB7PXb95BeJ3T8kX0NCjbSQRQWq2DW1NNrgy/E49+k4VPz
+PP9XZPo4+cabHWzv8GKF/N6YceD6qAZv06x4RuKV4oGuVtnr+REIcTb8dK3CxOyL
+WQD+zIEggED3WeiAyygyV7FANxi27LbSzYJQCJnDlDQSVZ052ZhnU4Ih/dUbA2S/
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26.pem
deleted file mode 100644
index ec66261d9d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26.pem
+++ /dev/null
@@ -1,137 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV
-EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t
-vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD
-ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki
-QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA
-tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc
-XHLxTJCox/SL
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDblDsGRxVahA98R7vE
-/DS4nbSbyoerDINPIyc8wkOtWcS+y+f9O5IIdDJOZm2I5px1PA840SXYHh15o3ZW
-Vn4gFU3AgKF/CWMJ1g79LAYAMnQN/T7kSfuz/0rqhLH9tjz3Qtjt+/zy45YIny80
-7JOBLH3eLX0H2aOmsJUenp5ExQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwa+CD9XTTxDwMWI8WIm5inS7nAEwDgYD
-VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEvc066az+E8sftMAgkECVeJVw0Mcr2y
-YlJ0SAbZUNaU7KbzXxm3j8Q5v8K8GDy7EB4H0Gyh0vgsbChTAdLip7xQf7V7SetA
-nE66H4ikF/UAhXlSz+E48Qe2+L3w2weGbU3zwmNMeYkI6dmGFMfEut7hL9ak0Ulc
-0meAGzOu5kHt
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid IDP with indirectCRL EE Certificate Test26
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA2
------BEGIN CERTIFICATE-----
-MIIC4zCCAkygAwIBAgIBAzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGYxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE7MDkGA1UEAxMySW52YWxp
-ZCBJRFAgd2l0aCBpbmRpcmVjdENSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjYwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJWG0QMGGkC8v7EYNdgiIW21p0tpEHdc
-A5GWLdFuWvXKCk0fjKc6H/xux8sQgSPzqQkSVwRCvoQZuP8YbELalcOpbU1KN+NY
-xJUjVXB1FZwvz+9tBl8EXV6h+WdvQ5i0H9q5HIhiRqKx3ol2pTbnbE7Tq2lSeFZs
-J9pjj19d2bEvAgMBAAGjgcMwgcAwHwYDVR0jBBgwFoAUwa+CD9XTTxDwMWI8WIm5
-inS7nAEwHQYDVR0OBBYEFNqqzRuM3BRGiQozMByWP0u9kYvjMA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwVQYDVR0fBE4wTDBKokikRjBE
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGTAXBgNV
-BAMTEGluZGlyZWN0Q1JMIENBMXgwDQYJKoZIhvcNAQEFBQADgYEASYGU+PXCspmb
-cqsXmUr/HLCeEc9QXXTDPtkqweBOdgVc27fLaugIkTOEcwkHnxGBst2VRxbG7TXR
-sdcakIKE52+VN4ll8u/oPLs+rp+Fp4Xe9nMj0scOzjcSzBRMTN1VtpVoFUM1Jp5T
-JFEnAXzAMD3ex1dtQYriGo4yHKWcpkc=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5:
-        c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28:
-        a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2:
-        6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13:
-        25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e:
-        9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89:
-        a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e:
-        87:e8
------BEGIN X509 CRL-----
-MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy
-MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ
-uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF
-AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF
-lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b
-IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26EE.pem
new file mode 100644
index 0000000000..6e70b85799
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidIDPwithindirectCRLTest26EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 3D B0 2E F2 05 35 87 13 B6 6F E8 54 C2 6B DF F5 0E DB AD E9 
+    friendlyName: Invalid IDP with indirectCRL Test26 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid IDP with indirectCRL EE Certificate Test26
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA2
+-----BEGIN CERTIFICATE-----
+MIID9zCCAt+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowazELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExOzA5BgNV
+BAMTMkludmFsaWQgSURQIHdpdGggaW5kaXJlY3RDUkwgRUUgQ2VydGlmaWNhdGUg
+VGVzdDI2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJp7Mm8AkEMq
+W4e034nVkgFmlWsFMdAxhIzcgHthAQ7sIQTi7sN7P0EenZOMSSeP0K10xy4EXyzW
+AQXFU9P4fsVpQDgh2U6fHO3t0YNikBvfOvaiZ9eQ4WPhIPx4RO0cw4iBpq5ysfSP
+WedNqTG/pc4qH3f7fXz2m85kMaNj2hUwe7/bJL00ey+PPtNU/Rt9p/fH9B+Y+iPw
+fjwIkzS79mhQqYrMlnozbZoNGPgEhIfOK7evenqKzx7uSF5U2Hl7Nhn8FyDKDSEj
+Hn7uwH0xyxwNiur6LEPT1tjp9UPAF1gkxkoTA6TsswvqYLv6AdZn9AQv2RShzjtU
+ATC1fwKXqwIDAQABo4HIMIHFMB8GA1UdIwQYMBaAFIgj4bOz8mz+Mam+i2GqO5KH
+BaSjMB0GA1UdDgQWBBQdm73CEymor8YNtVmDdOAPqDK4LDAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMFoGA1UdHwRTMFEwT6JNpEswSTEL
+MAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGTAX
+BgNVBAMTEGluZGlyZWN0Q1JMIENBMXgwDQYJKoZIhvcNAQELBQADggEBAAL+uBvK
+t4dq2d7MweVluDX0HLIGnti0R6b4E/IVXl10IPGh+X1XijPwVfV2Qm/5hDw6BXqh
+t/rs1JoEwEEJ6y+O2XAJjJtHWwI9hzwgW3DOj9qIK5BZ1iGlvINyF2zCbTfrralf
+6xWNJ1ranPB881cS0LzAMt0BhfhzjPC/NSs4gwu1MXY7MEUR6WPlUzhw/s4gnEtC
+0ZJFHYC8ZxC3WNHOgS9P4hVibw9dvZVFrtF+eNogqxuJqABvMv5qWJFd2h96ErVk
+ZjYHStm+iX+qoygvbRV/b88Oby7CCLevBru0T/TsyFPfxxx4m1bLjpdfaz2wPrZV
+RnN3PlAouVSXbb4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3D B0 2E F2 05 35 87 13 B6 6F E8 54 C2 6B DF F5 0E DB AD E9 
+    friendlyName: Invalid IDP with indirectCRL Test26 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,890D36A52515C723
+
+BuvcGzvcJdjeMJfbJwLTep9xfmuaoQmVL7ApyJF7FLCghz6Uay8cCpaULPB27Z69
+LRSHtaZB23jYdSSdC0dy/94a1QsAPRdt+OfrnXE2M/pd/TGLM36EKANr0uslDIaF
+B3DBHsM3fV00UqCVCLZANUEKGEF3DNQ7F9uXQYDgvpWkLdoenC/bnIw6f9NO7ZZE
+kQYLZj9WH8KIo0EH3DlAg456UeVkawsYYlBRQTnUUbFEOpsM1q+xwMjpiDJfg9vI
+72nGeElfy9O7QWDQzEKui8LrMiIk7YVev42awnwjCiEhGIqKrwpQv+JPv0tAf9KK
+v5nrzpitqv9/jtZTkGoIQDg9CueDr1UvDGSBOKgFSdgDihwTbmS7xzM2cS1awXMF
+2RgFIrRSg0fR4iU6mJn3tqzxFmzg7TKYWEKvGhcEuJsKo3637Ru6xzpq41iMfccw
+FtzLLAVdYW3t3DVd0Dwkg2WzJCxm8W0mLnQ1Sa6rsXiK4uaFKnbIC6L/wZyZqnCf
+GzyPHmjh1Watm/znXrbUV8wtpKPX4UD4kxt9O5HO0XdM50Fq3QkEw0KCfbKzkcqG
+2ARJzY/Z+DfK/atudcg1LNy8RieTPrgUcuPkrlN8Vvu/vpqGt8bHKFh1SOOju8fX
+WwWUb0MQBOordLkD+sTPBn9SYZ7GnfHxtIbzCWkzkuBIDVWx8bvW/01+i59k0wed
+96WRazUK5cz0w94DgZ9MLdY1tUGoR9LdykLdQxrQO6m5WuFy7+aqLrF8+1UBqqXj
+WmaP+soIGcc83f2Yx7No5PD0oEJzbTRCSVK7/Yf84UvrptHAF8bLYeX84D+9DTEp
+HuVpsteNClcXuw6qlj2+RgwjFtZ/a4dECtuIWg6yC17YB+kuso0A4F0ESSEC9ghL
+CWz7bcvtE2UxPG51RC1UY/xWDdOdtTVEWdrGen2ypU9h0m7Zgd78LivGZ0mL/mmF
+ykZDHY+zok28LJiKuLdX6VEoP82uKD7pJ389QkRVUIgseQtq3egGt0HZ73PRFB1E
+kXvqHtJz63voKyyd165fscJ7kl+gJO1m1cZa0pDRVGv491fNboukFrRDcaGyrp2d
+G1L54kvoy+gcKF630Ob4DYvRdi1ti78r7PJ/uwnNfpEE+bBu+AL7HO5TTYPn3V8h
+ARYmHJ3UOEOdoU0We3DSn3yYQSEsSlsL8asAat3qCNuPr8/1siCD52238TqPl5wA
+86fQmEd80rK87iJx8mpYZ4GVK54abh9FMuhajpR9wfNPF9ts+cwPnFOajKmK8IFU
+KXZbSVG2zFMl1wb6WEV0KVsVNZI1rmyrI8pa/l6ZxEKRKITtrV/pX2c7+4QWe6aJ
+iIPHTzjEDtLztB8GVFaRKtUp2GVXE0K1XN5WWTXLTmdG8ZqJ53lKfKrSnV3MOa5c
+Q3lT9dZnSc+kMPiGbJEVlZSqaNlbRtxpyssvRmH3apd76KdmYHSgs3R7rBJU1iA1
+4jzQFQvu1yA92Yy5ODuv8hTwrXxim7WH8oQmhvaQ2qkkhG+NMy/Hebrn3EMEFBoe
+cjIti5UdMcN9/kSmUuuQSHsTxyTwYpGjtgvFGwedSJ1XcOig+/xsVA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18.pem
deleted file mode 100644
index 81cb0d51d7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18.pem
+++ /dev/null
@@ -1,115 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Long Serial Number CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVTG9uZyBTZXJp
-YWwgTnVtYmVyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1mCudsqPk
-irIFe3XQBPzhyyRQyreJH26B3Yg6kYq1Obd6I1j7Ber4BDVyCCAvnS6rNkzsbaJf
-+sWVf27Vug0uhasZx/3XGc0DbhZNr5iYknU1LEh8Ccq1Oymq0LPolAHqaJNOaYpb
-K5Fq0P0RDcBK/ENgmtdY0CJrR7MWUTttqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU3z1I++My57kmUova7PgJT7PH
-36YwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHJqd5P8eBN05uB3+fPCfVjO
-qX7csbAx6X1LNibOoWDlB9Y6fElHQS+i8HDPmIIdC7N/9xoCW/fhzZqb6VKDQXNM
-9pwf6jOJKnNQOaQISdoIvj2Jn1FoE4Bo1SGGQo6ZgCWfXPA1TE93BXTua9Oa+FZ5
-fhG3y3gMYLC6ciKePSDf
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Long Serial Number EE Certificate Test18
-issuer=/C=US/O=Test Certificates/CN=Long Serial Number CA
------BEGIN CERTIFICATE-----
-MIICoTCCAgqgAwIBAgIUfwECAwQFBgcICQoLDA0ODxAREhMwDQYJKoZIhvcNAQEF
-BQAwSTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4w
-HAYDVQQDExVMb25nIFNlcmlhbCBOdW1iZXIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcN
-MTEwNDE5MTQ1NzIwWjBkMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0
-aWZpY2F0ZXMxOTA3BgNVBAMTMEludmFsaWQgTG9uZyBTZXJpYWwgTnVtYmVyIEVF
-IENlcnRpZmljYXRlIFRlc3QxODCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-2sI1yl0rje3fSYBkT9yPudlTELF0ndMo5oaWr8vE9UjhpBrgSFFtYu6GZAbqeZEB
-i0faI9SWBl06pWZj47auSdPeU0Akrzn6If3Vc2eVJKCtAHQuxnd9dToJDqjIiA0z
-YVT7YTE7zLs9d0HHhDhM/VYqBKqtqrOTEhss0ryQRSsCAwEAAaNrMGkwHwYDVR0j
-BBgwFoAU3z1I++My57kmUova7PgJT7PH36YwHQYDVR0OBBYEFLVbztWeCD3WQICU
-BucmQT4POFoDMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDQYJKoZIhvcNAQEFBQADgYEAZjyhu29ssno3io8WqDGabhCgGRL6lS3tgEsq
-k5sxDXO5xgZf//iGlwXTy8w2H+MZ/SX+2acfmFnALYXcGkK5ZHjKQjMOpJZwF/kB
-mzJP4HDEVY5lsvPyVKYqks4lRkbJOMXVBh3Ub5/ag1eOcTeljYhwU66DUMByVzQP
-1RwAcK8=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Long Serial Number CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DF:3D:48:FB:E3:32:E7:B9:26:52:8B:DA:EC:F8:09:4F:B3:C7:DF:A6
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 7F0102030405060708090A0B0C0D0E0F10111213
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        7a:20:63:9e:55:8d:d1:c3:ab:3f:37:97:45:61:6c:a3:21:9f:
-        83:bd:ce:63:48:7c:a8:ca:36:15:02:3b:1b:51:66:e0:23:df:
-        de:ea:86:72:e6:92:9a:63:c7:0e:31:30:ee:62:83:1c:3e:23:
-        20:29:23:ec:aa:2e:f6:18:ba:94:45:e7:af:5e:44:0d:3c:2b:
-        13:6b:8c:7c:7a:6d:a2:f7:b5:9e:ea:d6:f9:9d:4d:31:91:8f:
-        ea:4d:b7:ef:5f:5a:2e:63:fc:37:02:5a:db:a6:3e:de:6b:a7:
-        84:83:d2:a7:5b:e2:07:85:9f:0a:03:f0:33:53:eb:a3:d1:d4:
-        16:02
------BEGIN X509 CRL-----
-MIIBeTCB4wIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJl
-ciBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA1MDMCFH8BAgMEBQYH
-CAkKCwwNDg8QERITFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8G
-A1UdIwQYMBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAHogY55VjdHDqz83l0VhbKMhn4O9zmNIfKjKNhUCOxtRZuAj
-397qhnLmkppjxw4xMO5igxw+IyApI+yqLvYYupRF569eRA08KxNrjHx6baL3tZ7q
-1vmdTTGRj+pNt+9fWi5j/DcCWtumPt5rp4SD0qdb4geFnwoD8DNT66PR1BYC
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18EE.pem
new file mode 100644
index 0000000000..3fda53159a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidLongSerialNumberTest18EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 92 F9 81 17 68 15 DD D6 FE 9B CD 7C E0 AA 62 28 9A B4 D5 7E 
+    friendlyName: Invalid Long Serial Number Test18 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Long Serial Number EE Certificate Test18
+issuer=/C=US/O=Test Certificates 2011/CN=Long Serial Number CA
+-----BEGIN CERTIFICATE-----
+MIIDsDCCApigAwIBAgIUfwECAwQFBgcICQoLDA0ODxAREhMwDQYJKoZIhvcNAQEL
+BQAwTjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJlciBDQTAeFw0xMDAxMDEwODMw
+MDBaFw0zMDEyMzEwODMwMDBaMGkxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMTkwNwYDVQQDEzBJbnZhbGlkIExvbmcgU2VyaWFs
+IE51bWJlciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTgwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDGM6BFTNKAqi4hroDetUQaaLcSL1wz3qHK8yuKvBRb8Xfw
+OUPa8/hk8GA1HMsJSbs+X5vdq3mTlGehpLFFWimXhMUPY0GbYgo9wR68xGohj4SB
+57eYDXqc5X3Yu6N1nspAH7VxHkeLtKVbj8ggJzw1nsoW2f9Qd1FKHvH8+ds1HiqR
+FabGg2Aeyq0roXZNBASnXPagI+t2Qe3XME2ZDkdtUW8p4L15IegiNSNYnbVGiT94
+KVHtnEmuXmj7pslehnPu884Bi0KBzVRVQujp3bmu6lW59JAXRmNhTrMHyHrTdmOC
+zR5jds44d9e96mM25boq3k3Q8ItLi+FsIj6r86IZAgMBAAGjazBpMB8GA1UdIwQY
+MBaAFAtjt0euwgcyG39v4zq46gv/12SkMB0GA1UdDgQWBBSioFR+93C1hrptVnU8
+tv8CWImEdDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA0GCSqGSIb3DQEBCwUAA4IBAQBZtZv/5s2Km20KY3ZKpVYTYffZ/ITIojuqcInT
+P6lsq+tT5+Akm26rPffWJ7gUkjHKr5vpMpScFTMLYCIs9KWoSmv9INeZBjsbFt+N
+B/GPj7PM0zYlgoRdVZYlmXOgJ+XBhIZ3QwgK+Es2DBWpEdpXBmls8o6QfbwUx7bN
+mJ5UhtC8SOrPsHz9BkiZ5oD1PmbcMY4m8Z6wmjiQzHUw2c9sDdWrxqJ9Gw/uCZif
+C8OFAtKeCUbIS/1H4r+PQV6k51tgFZH8nluvWYTQPL/uCbAbfHlDpbWqQRRJce2/
+OtRZsO6qQznDK+2y75B5aTCq2fhT8UvxA6NgKHhh4rFBdTrG
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 92 F9 81 17 68 15 DD D6 FE 9B CD 7C E0 AA 62 28 9A B4 D5 7E 
+    friendlyName: Invalid Long Serial Number Test18 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,34BA072362B77DFE
+
+BP22t+h1zL/WWHrXvkKh5OFPlIwzhZ2jkQMTxl49VtK1AyIo58NsQQnghfoQ3Ct8
+mBfrFDuG3qyyshyDp47CvXiOyckjOX8eyG4BOhfuadqk8/d2bAUddXLSw9ijE/hL
+C9P6OdRU6WdTc1UiMF7sLfIcO22cewEuoR/+ZKMT4ZI4fCDyD6gbvtu5au9xcSdU
+q58vvWTOQ5zCZktiqWphRzv9cBe2B7bzvSRvzuFWiw4reIZZa30/H+Al5p+T98f8
+3Pujr5Fnigb+xHUnk3kokSoWXUX9gh0ckU5sGpeWXma00EF4gkW/qV9lOTlTAycV
+7X8lsIKwsUnBcE/nNmvku21M+BpKP4EKBefTLFCKqLUjltDobSzPqoNg2fdZGqDj
+tb32RwEowFV3kFfRe2OpdXiaTwMk0s9tytEf1F21NKVhqZ6ILNgnWHp/Vk263XXT
+bedwgSEel/I3c3DGRaR71ETabsrkpQ5vi6+0AUm4XuW5H84gqXXJ884Z+RNkXEAT
+lpRhfg3JV1WR5ardhyTDKcx3VZHjRSxBLUvDp9O5YwAEecENQgf+QTAYnPnOeXHX
+fye/sspezzKF3fb1rAB3yuUDjzTd2ov5Z1eJqmzsaI17lw60TONTACMEv4QL/T/f
+AKyE5h0f90EjVkU/vj9YhA8JF1kt1NEPZWaGvw3LdXY6vLa68/KQcS4auUI3CH2U
+MzgYT6VCjiOwZUlrW73oFRKA9dfQhgVjxeG6pj5GvN8gYkiHRLSJnBYrmZJGEveF
+WGYVQKr1HRz67GDGvAF9AnMcYaXJNrAGwMdO+xm0I9hKoYdfeLhxyXLMfl6+YZxN
+lHSvY4F0tv514A3P1ISELU306JtGuKiVI9ZwTJukak2QGYHd1ctokPJ/yvOJ3UfK
+QYOxGLgUR/HKVpkL+X7IuDoRoiybK+NaPhnJvQSttl8F3ZRkuhXkB5S5n4FdizXk
+kEpL8ojKm+C2oJqnrDLVUBfOFjShqDzbbfVBTY2T6vI8lyH/IwHn6rBkU8HaP/X6
+t4REr7Vk6F9f8PlBfIAGSIHeWhoPalUWcY8WxxatwODX3X7+o2ylvfqAyYwLn2lg
+kvIawM4Dpfv7n63NxLdNpG4g9pnPTicrasGCBRKiEJ9WvGGXJmClKoi+dXLaZsci
+0eS06glbt4Q7JU+BhM4ehnjOJNdKWBH9fLpTybEiT4o5mBbMPU3rsxhaClSA08iB
+v6tMSvltG3hZpfd6x0uz/j6x+Bby6F0plMVcLyf/4Vn9ld7N3Kml9fH9ACYZaiWx
+pmppHMiUMS+VRtbj4fS5IXe7lYEb3TTbtUccYGkUiI0lDkoF1fMlarQ+MLHjANWo
+cn3bi/+GHp8//dPcO8z1z7B/fTctrs7IsIp3foaqLLxGKIqrYApDLTzBDiX5PLcc
+/5uyy+q9F/jf4UWwHa0RhfwIRZJp4ZNbnMnbzuJpWQjG3609kw6eSJtE4czM2X+T
+3n252jwqRZFK77eXns9ovYU6eEISj5CoK/HFLOt0kHP5zVOWiKFm8x+qY4iyEXlh
+3ZVw3/MLrrLbmNbbgTfPeSUAvNZ+xJTpbHT/qFpFwmyzpH2x3CIg8lTzaUjCgGWV
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7.pem
deleted file mode 100644
index 792032e282..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Mapping From anyPolicy EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=Mapping From anyPolicy CA
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU1hcHBpbmcgRnJv
-bSBhbnlQb2xpY3kgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBn
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPDA6BgNV
-BAMTM0ludmFsaWQgTWFwcGluZyBGcm9tIGFueVBvbGljeSBFRSBDZXJ0aWZpY2F0
-ZSBUZXN0NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtfiBNk2i7y/WBuI5
-GCW0+6q3VwFnT3frj/wV+Ie2r2bKy2iasXlilOldX5jcywoO2qcMHUmoeK2eE6rM
-/ffDK4Zd4EhJJ5RJdgoWhjBpfKNGD73JlCIAVGGooCiVx9zJICN9DFl/X6hybpM8
-Gs/BWxcHB7vzpzCGqKwI91lstiUCAwEAAaNrMGkwHwYDVR0jBBgwFoAU98GrNdgv
-hgNaNjdZb8HBpG2kpEgwHQYDVR0OBBYEFNuifbLkKO+WtPZNnKM58l/XwUD6MA4G
-A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
-AQEFBQADgYEAXZ+i/Dd4d11xpuKLT90bOID/badZcsjgBbJ2hTG4JhzrHQN6kxzI
-Xt3L5FBaqgg1SfvC0K6/eex8SDEdEJ5LlbmflMths7r8DICoo3Dyo+y/G6ziqRR7
-fOrYKBk6zhliAHXNqrtQ/fUCCNke/OMk62U7WgbaQuELj+tzZHPHShA=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Mapping From anyPolicy CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICrjCCAhegAwIBAgIBMzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZTWFwcGluZyBG
-cm9tIGFueVBvbGljeSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmMII
-TPwdFq+61dFOwrrjLrVHakDcX3fO14s58oprgJ0Qcm88Fjs1+HyurbqB1r7rySfg
-zIZhJjb6ZZqV4qwd2fyQGhYHSctVTxOfxYc+JnK/eLQ09eCM0Uv2U2e9AyyObT0A
-Gt8DpfnfiMrkyadyKRICC/6dOHLb/OnT82jrw/UCAwEAAaOBqjCBpzAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU98GrNdgvhgNaNjdZ
-b8HBpG2kpEgwDgYDVR0PAQH/BAQDAgEGMBEGA1UdIAQKMAgwBgYEVR0gADAgBgNV
-HSEBAf8EFjAUMBIGBFUdIAAGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAP
-BgNVHSQBAf8EBTADgAEAMA0GCSqGSIb3DQEBBQUAA4GBAImTlpjaX4CkEQLrZZsd
-iyLe+gkOFWF7maBKcZQcCHDUNuIGFeYmRqB+eXsYqooAvYOUfSz30L709ODiWLH4
-Zm5y79xssrJYzS+sDfDHmNMjKo/U9Dj4nVO+ln6PGGe8PPW7P04gUXcQjJFHCLfh
-+czJLt8J7JUOUznIvSEIIsto
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Mapping From anyPolicy CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F7:C1:AB:35:D8:2F:86:03:5A:36:37:59:6F:C1:C1:A4:6D:A4:A4:48
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        05:b0:d2:68:c9:a0:5c:dd:e8:e0:e1:ed:95:35:cd:01:70:d6:
-        24:88:d7:37:d3:05:59:04:38:c3:51:64:ca:aa:c4:07:31:80:
-        c5:12:d7:9a:38:5f:67:c7:dd:0b:05:98:71:a1:b3:65:dd:09:
-        cb:87:c5:8a:e2:bf:26:27:0a:56:0b:8d:c3:46:b1:75:4f:f3:
-        03:5b:3d:ec:84:f9:e1:03:ee:a1:8a:c7:e9:22:6f:29:b2:6b:
-        64:02:e4:aa:7b:5e:bd:84:fe:af:a9:25:98:7d:7b:b8:f0:ef:
-        3f:df:f9:26:a6:84:d0:16:6e:b9:2d:bd:15:95:8f:47:7a:a8:
-        28:28
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU1hcHBpbmcgRnJvbSBhbnlQ
-b2xpY3kgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFPfBqzXYL4YDWjY3WW/BwaRtpKRIMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAAWw0mjJoFzd6ODh7ZU1zQFw1iSI1zfTBVkEOMNRZMqqxAcxgMUS
-15o4X2fH3QsFmHGhs2XdCcuHxYrivyYnClYLjcNGsXVP8wNbPeyE+eED7qGKx+ki
-bymya2QC5Kp7Xr2E/q+pJZh9e7jw7z/f+SamhNAWbrktvRWVj0d6qCgo
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7EE.pem
new file mode 100644
index 0000000000..f378d4d029
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingFromanyPolicyTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 0F 0F B4 FA C4 86 AD 59 C5 CB 92 28 10 E7 7E AF 50 2F 13 C3 
+    friendlyName: Invalid Mapping From anyPolicy Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Mapping From anyPolicy EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=Mapping From anyPolicy CA
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZTWFwcGlu
+ZyBGcm9tIGFueVBvbGljeSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMGwxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMTwwOgYDVQQDEzNJbnZhbGlkIE1hcHBpbmcgRnJvbSBhbnlQb2xpY3kgRUUg
+Q2VydGlmaWNhdGUgVGVzdDcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDF9e5qo1oWtVVI+OfFQW0ZD4HihKuXcOZyHrCSc/UQJuc4inG5/g8CLClzXX9g
+xSnOeyREom5k1AY0N+W/ynyH31lbKPVZvBmT/nMMhgzIVq691d3O3wSIiYEH44Oi
+wMyhkY+mCRHerh0LktpIX5fnmS0FvT1wYAVFiECrFPCOR2cNsvKL8KZOutoJYtIG
+nM2QtKcUYfdYhwpKq+3f1ae8nlErlhWS8GIn0C7E8x1HPeoCPAoPBuM9BDsa4q7R
+tQ8vkCiL+7mMMf02mBvY6qddPK+LpCvaFZSTFGFZwX7T+TQUXnZtYRFjI0aMWajm
+X7NGQYjwDrojn0v07UMmjLmlAgMBAAGjazBpMB8GA1UdIwQYMBaAFGhzFOALNM9y
+QNqUltYVq3qkby6MMB0GA1UdDgQWBBQxi4iTbnfO7LvkRyyrlaUs+tKzdTAOBgNV
+HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEB
+CwUAA4IBAQA730R9YAV/PansUKZky4hN5m2RQibLIju1MNH6xqQD0T7Bkq4aP1mQ
+TqzZbk7n7v1hcLpLxDZDQnZZ1AQAHQl5JNjLMwKgonL8gX0YLIypXXFeZtxU7oJR
+zdmVNPxTmcnPgLcMm6uPVRGR76qV2DhhgSWYV4C4ewIuEG1Zl6x4azJ5eOkL5xp1
+yM9ara/0T+lGywgOr06T0+76/Kmwrr+kF+fHXkb5r8unU32lvSpIuKKxkyjEcN6A
+1s9g6BxFkfpNVzZUuXphYoAy0olkMAvUWmrAeMz/jP9Zq4Bmq8UHLGmFFg4y5+fh
+6OV3RFRDk3BzX8WuG40rlzE1IYgDDmV/
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0F 0F B4 FA C4 86 AD 59 C5 CB 92 28 10 E7 7E AF 50 2F 13 C3 
+    friendlyName: Invalid Mapping From anyPolicy Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A906794B7E07D855
+
+oFcaEPtdmJzgte9y/6wrEQ3s6bIGNZNXWACnA+udLYD/fHdN62qALuN+ajqeeIPP
+Kr4BxU+M4TLcImd4zpqLqvJyDtySGIBZhc7dplXjviJOaG5/DzrvvSesg2oOugqI
+B721nJmoeKilLMd5StbBFt/4xPe60eB6IeUlura3IMMitV2WK3SR390LfnU9H48g
+10jlzTxyoyFpXfLkoV2SHlu6ujz5MXdvnaKeJUbFvsAGXnzyU+c+Z0sTzlkiE3Lu
+8CPDVMDNQDcbSoUOoI81v4cI71j2QVdnH2W2wtsrjImoxtUUkSOc2e2HM75UTorh
+PgsS7WzMxWONng6OurElcH7mbciVCmEc0razbJb2NHnbp5tp+iLeJAAeDSCgUpwM
+QaqLBciEY4ds5/6guGd3AuKOX3D6oi1ARTvyXSDAFoGVgMdiBj7yc28W2xatqJHI
+q8DBt6Qhl0JoYu9uyg74PZf9VBD85/vIlZXrNRWwwJ2iTwbY3pBehqpXMCbYBZ3F
+gjRj9tn+peVlpggZlvYo6gRm0Uo2HnLLqURljHCFKzxh7B2he3Ud+xJrxrMlpQsN
+XQDB87Ej1RjjRfzBIZbQhZsxoqEoHrSbsHDMa5zVLN0Uy/yCEmw99YaZx0utrsGK
+0ZWawS58TqvfFRFne8zFl/8ZFB420yXpBWh248IYCF45atHzGTAqxtpuKxAbxcc2
+DcuchCX1zGFpcoyBl5aytL9TVSaxeNARzk35nGx8JrO/niIM59VwgGVI5UCarhqI
+dfsS2wY3f74vSGlv8i2d1r3GT7UMM6hm9UDRqR+78KKicQ98eCVrqDylghOa1udZ
+mFaOcdlm1lJYh/rLPZynLBXjzaAqjCS/vo0zMV/+i/mOGOCcYzXCBw7oNSWSGOcX
+9jCZkDpNorgfzsuS7pl7xyUi2Lk/7LF5s+qwiT+DdQkNN+nPf0QfQBcB/cQcOM+U
+pksQbvIV7v2y2iqiQYpNp6I/PWROaKWpGAUjLevtKpxYezaJjjmtpx4y+5mQtSxh
+BZi8HUjSXA5qGtjj0eozhen9WFsweuXMQL1RmIBL8UWvXFNcH2DIZ92KnkwPcVKU
+0qF9TSkV/mMEPAXjxu03V4ByEaJiiQ1tmmT8MUJxR2DnPLDwXhLQrxC4atfNxPGH
+NNdLGFt9CEE7VSjyDs1H+sLlHEsK1Oh/ADVbHmg/iOR5ZfFyDS7vj9g6PjTB2qsQ
+Lv1qjtns+XpLkknri04PqcxEadolJPu9wfMERdjq4GVwTvoSb5H31IdcOZKoBksy
+bvSeTfpoIGXR39lDPfYWQdc1SyORg2JKYXvEUo2BVaAK6MDmhQ63nyTVxO9I6oNM
+ZUE15sTeuHmYU9MXVqjM4vviON0pTzuTSobTxtdCZljYZqoWI8yVUFiQTzwFGvCj
+kBvImf6h4G67dkLr1y8oWuEqVdVyTIUmgmdvtFhXI7M/7xtsGpOqbG53QYC73G5R
+nrNdMMLMBd+sCV+G2XFSYhlCCB2EctBqegMoN4/ZbXkC9QjFQT1Ce8B8JzxhwBOA
+tv2N8hHzXMH/gexgaIYjmweefcWMB5Mx22b0l7v5NNK8PwWoBmjYIXM3Py8MxrJ1
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8.pem
deleted file mode 100644
index 9981bba023..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Mapping To anyPolicy EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=Mapping To anyPolicy CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF01hcHBpbmcgVG8g
-YW55UG9saWN5IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD
-EzFJbnZhbGlkIE1hcHBpbmcgVG8gYW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRl
-c3Q4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1bl/gTqVbi6yVtJxnXxNx
-DlekTcCxPmcwCs7HEqTWzpbyvYxgoXfNIP7bjtabs/IK9+SG1YQpqAHt/UFImBzC
-jdgEBzfRwt2eGR4wSeGN09s2jAjT2aq9dbkF+Ib99D2DNKjlPKBbb4GeNWnNEDno
-yf4eZEPAx8P3QSsAfUqocQIDAQABo2UwYzAfBgNVHSMEGDAWgBS6gMx6LKdjWhCr
-Tj+ExFNVCmn6HTAdBgNVHQ4EFgQUm+ENjbV3/gxDFuaWw6Dwa1YRk3swDgYDVR0P
-AQH/BAQDAgTwMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQUFAAOBgQCQ
-H92kSHC9YZU7taUlRQda3eEkg775JMosyIMd1DwSzbT/wRoWU7/6BnsV99dq1Ja8
-2pZn316o7wfz6POeSg/VzNFd4HC+j84NTUMBrFt/SSdoqh1CkUXNAKbqffDzn4gN
-Sry4MX5zRGXwI3GYFol9TnNutj6HQl9Tr3iolkPufg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Mapping To anyPolicy CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICsjCCAhugAwIBAgIBNDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXTWFwcGluZyBU
-byBhbnlQb2xpY3kgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJrojWZR
-mKqz0wTzKWxK+BvdLHiNYkl7deU8v1nJqthPCd0D2ZxiM1IwaskiG9Nm+sO+91AZ
-pk/QFCW8XKa70to819onqj29QyYeO8ukMtlXuLI0pXVjyN4cWxfHH9o5IUH897/t
-hcTbFWYC1+TqZUNaPASnCw67YZejfdZZtD4VAgMBAAGjgbAwga0wHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFLqAzHosp2NaEKtOP4TE
-U1UKafodMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-IAYDVR0hAQH/BBYwFDASBgpghkgBZQMCATABBgRVHSAAMA8GA1UdEwEB/wQFMAMB
-Af8wDwYDVR0kAQH/BAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQC4HMzKV0x+spl2
-wCvBKf+ArCiSCklHEDKpj3HrJ7zIH1lqU73rZjOJQB3hsnSMYEB+ch4DQNDzOQIB
-bGspRwEeTIRjZ1u6CZ9h+kIVu2R4eyfq9mNYOvYFeY/kB/zwrMQnoeJtJ9sQ6IQi
-rwtT53uxl1gZv4pBZRIURDq8KEyoUQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Mapping To anyPolicy CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:BA:80:CC:7A:2C:A7:63:5A:10:AB:4E:3F:84:C4:53:55:0A:69:FA:1D
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        92:da:09:1f:2a:48:11:8d:5a:7b:8f:a6:74:bc:32:70:4a:03:
-        30:8b:f1:26:b4:cf:a0:9c:9d:89:84:98:71:48:4f:93:09:59:
-        08:c0:07:e4:65:bf:12:ca:49:90:3d:36:f3:31:83:3e:34:b3:
-        9a:df:d3:a4:f6:7d:cb:ee:5b:1e:cf:e0:70:25:94:0e:0e:54:
-        9c:32:4a:50:41:ea:bf:f4:57:d3:53:02:7c:c7:bc:d4:04:a9:
-        9f:36:51:04:26:6f:37:1f:62:8a:ea:f7:7b:2f:d1:24:53:17:
-        de:db:e1:ce:89:00:3e:71:23:73:b2:da:af:79:f7:4a:2b:a4:
-        2a:bb
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF01hcHBpbmcgVG8gYW55UG9s
-aWN5IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBS6gMx6LKdjWhCrTj+ExFNVCmn6HTAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQCS2gkfKkgRjVp7j6Z0vDJwSgMwi/EmtM+gnJ2JhJhxSE+TCVkIwAfk
-Zb8SykmQPTbzMYM+NLOa39Ok9n3L7lsez+BwJZQODlScMkpQQeq/9FfTUwJ8x7zU
-BKmfNlEEJm83H2KK6vd7L9EkUxfe2+HOiQA+cSNzstqvefdKK6Qquw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8EE.pem
new file mode 100644
index 0000000000..7ec0a9a27e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMappingToanyPolicyTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1D F9 67 26 C4 8C DA E1 53 C3 F9 DF DC FE BC EA E0 D8 AF 13 
+    friendlyName: Invalid Mapping To anyPolicy Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Mapping To anyPolicy EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=Mapping To anyPolicy CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXTWFwcGlu
+ZyBUbyBhbnlQb2xpY3kgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE6MDgGA1UEAxMxSW52YWxpZCBNYXBwaW5nIFRvIGFueVBvbGljeSBFRSBDZXJ0
+aWZpY2F0ZSBUZXN0ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMr1
+1erPw8vN57992tE1rFW83nzG1kHn6XMLHEmZkIdJASQbO/ZReTiFot1Xi+K6PpBO
+mGbcSQ8uXLxWZVCk4fIwD6a0MU2Jmy5oHWFd4dqDmsBUroCbhiU5wrDWv49zV6ap
+PmqPeQrLsN7FV0cwrFqS6YqU7MHaBkEoRlFvT8FyvyDb2SYaMbF1Vc3GPWudBQPo
+Uq8qwpBYriAflA3P2dO4bTnr09XDZxV2FGbH6cVuKVpwErEHFYZ77ykngP9VfTQO
+dXhygSD0jWvCgTqg5jXkcdfyyT1zxbVSGusMw+lBh3wBJKo0hJWq0Qup7GQkFV09
+m0iTMj1vhbasHvBCPDUCAwEAAaNlMGMwHwYDVR0jBBgwFoAUFCztk/EeGnAVlIst
+k7SY0rcFCKwwHQYDVR0OBBYEFKLkfME6MVHySnJusYPgXpJL2uCoMA4GA1UdDwEB
+/wQEAwIE8DARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAE2j
+J+NBiXf7fiA+1jBa1NWMTi/Fkrt7h35JicUUr6GGsfmS722UHOxcnqsxm22aqu04
+HYld9m4FA6/ntPRQj1uDw26FM3r9sPXKExdF+Ohufqd7ACiiE4KXF94Be5oHk6YP
+tfbMxoNx1C6gJqAr5nqLLGxuV/NfUKH2RnvU2QDVNZ1MjlooubzTtEeORrVnLqIh
+8Qt3olTa1dYY1t+bAmea7+vyVd7aK+CXQ/iSCyVpX+oMkJGh263OLXGsniXK1A3d
+HWf5jgBRLr5aUQe4prFZ/cgM+gFe0QNe88ObgrgKHL14OJw210WKHazf1xQKErar
+Jk9IJeH/nwZq46/Nhn0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1D F9 67 26 C4 8C DA E1 53 C3 F9 DF DC FE BC EA E0 D8 AF 13 
+    friendlyName: Invalid Mapping To anyPolicy Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4ECA13BB3BB90EC3
+
+SDIdiEs9qfLaXJ4j393SyXyi1O9vQdH+XanYSz8aVIMNPXL56Kz1UkiV+JBqhTVI
+C44UDsPE/Hra72K8RA9GeARFBS5SggpUm4UoefVHq/v6Utm+UAZQGLKr+W2NCLMH
+KpJPRs1iECtVZ4iyVVxtAAWZGE2kf2aEknOiVhiQnZfiR9YA/5wigmJKQJK8JrLh
+XWgTDqXtXVRI4sJjomLfVRSBy4Robmoed4o24rLY9MD2Te4v7ASDpJYGXH6oVBBf
+V5GB0vRWJ/nmNuNGLmcW2dS+gaaeFQl4+rECtsXUqT/AK+nLH1Cr2B+FN1IRBIzA
+Q7o4LsObBn6BDZyk8jpFgEkq3j4EPF3SB5zM6gFWmER9UQgaSZKSjwbbChKVAZDC
+DbKViSJ9WcyA2tQYI6rYYIkDHI3ipVcYwvg1cVzWqVvX4q68QOfesaZcOHApv3G1
+rgDdanA85hcf/2l8nGdlDBAjuPazygc1eZM2ircZtRQXFlEfqsc7vtQOg9y3no4w
+5G8C6EslaIgbncaNHdr1E8iEO6PKRsoQGmAZrodUnsXXxW3V0/XHHL5DM47Ye1UJ
+Xm8S9LUfH2F05p9YaJ2ZUlx6glE2q7SrRmALUVLWVzVRZHbFVx4cpvVEpTYANgBe
+qN6KpvjDCAxKly6GtoWuSH+HtjZaPoIi7Ksg8jnAg6VGolAenGUmdeIrMSHDLdt0
+bmJIp7o/Gx3U3deAcvyIGZzDK4A8z21HdxRu1/hLq4981wHJxHeZZPgHZToP0+PQ
+jSoSyeO7cKoBlex3xFz92y5fsf+xu8g2UR8ghYUzsrRK8jsbkQEhP8pmRgCBDkKe
+Gq5iVshIWSI9M8A8hmxwhNCAr83pEqmY4uIeQzMz8JA8fA5z7bZQ7/Kdo1MBac1D
+vGL7uO7rEijBMiL7K5Q5P8fTFG7z0tNd19OaTa/kZ38FSKa82lgZmEB7+mQoaRk+
+7JwmW39vGsKeJ9NxAZ+cBvS6ECCi1L4ze4uGRjos2X1yrjFziWdTp76Ys8MuHkWZ
+LIQhpSCVkYJBTtL9kWf4dWlBIU8LV3LdvKlHVUVxVgpFgWh68N/JSbPhL2G9NxQG
+mF/BR9NchW83nE79tOpUKv9Xz82xWphTgh1vx3pSBV21rxZtCwkE6aOzZtN1GOzf
+BlrAAzB5OE8LDm5RDSkDgVcOE5Wy3IWFn+1tbVY+TsnHExuyrBr8q/rfys50PfCc
+9mAQgXQpD+MR1MnkdTLKXi4hBbX/wlA8Jtq9nsuap2MgDPX0SfwLWeV1vKG7xnqL
+FfnG/ZYLuv1P+ia7dPdfQclay8kLLPd/fO4OAFOVAV7v4MbZHT8PCtIftGx6NkEs
+iFMiEyDC3oQBQvnUvq6PwEa7GXBfFV7gJGOrDZKiFcN7zdV+kF8LhiTYSvBL+xF1
+EN8Gz8RPFXekevqL5LQcwI2movy0uXKpzhCOKkvfLChBQQpl9gK8vPk6ZwDUMsSK
+qgTpuiKFdLZt3RSf/AwGaG6cQjHcPtg2qOgBM27fOQdt4L6v1yvW3FAkKhgM5GHt
+EvD30T+Xua1v1o0G3Y5AmoA1uU/Mshkvw1akhbmuD3HhEMri4zBcmrPd64Q4Iw66
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingCRLTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingCRLTest1EE.pem
new file mode 100644
index 0000000000..e424cc9db2
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingCRLTest1EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: A3 3F 2A A0 BF 95 C5 73 EC 6E B9 44 71 6A A6 87 2B 36 17 06 
+    friendlyName: Invalid Missing CRL Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Missing CRL EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=No CRL CA
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTESMBAGA1UEAxMJTm8gQ1JM
+IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYTELMAkGA1UEBhMC
+VVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMTAvBgNVBAMTKElu
+dmFsaWQgTWlzc2luZyBDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwDJ7k0JNn4/Y2C7aFezOHrjKJg7+w523p
+euAG+QWBedeSq3v7KwwmYK8B/xT4lqkMsujlYZ2VZOuClpvStmSE6/scFnoLSpjR
+Irw5ATpG3PuqclSElxMqufaxZbHo0Or/YOM3Ik6m+sP2bg+PZVzmM4EqylvF2Yfd
+BtlWSgNykgJ423auEY6eTc+bMtqD+76pBY30iBuDnEal+t+ToFP79JuY5MbbCRFG
+0ub7n1tJdJ4TIT59HBjrQhUevqtJWvP7B7RVu+aTyaCfupuqgU8DDgC9dtugV9RK
+T4obzxGqrazxH6Fc7EQ5YlhdnlOlZWPPDjjANxxtI5a6RlZws6HJAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFG6uRdP5/cyueml//bgG0kwH7AIWMB0GA1UdDgQWBBSApNzR
+MY0z53gpJM2Z2jxyk7abfDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQCnahkAQGoZS+74N7JrW2MEYonr
+q+Dj4rRjyMKBQtTfTMds6/6hkExRLIXBiqc5mlGpeP+QHggU1L+1KTlXxXxJNG1I
+dXCYV2JNRmS3rtt3taKtvZHiJmWI0anc0x04wqVffmiIECuLdjP26Kd02WlK6djp
+EVBYK9SzthVfNAiJ5FJbHcoG+wuMWmiL7V6JkLNJXlzPV5XqDfUvnjte8BDAyxYc
+uquJd1uKqX+pdCLhho4QL0QXth4lXtyyhQ1Y7b31QHI8hySnqXbrArZeuFg7o/Ed
+fOmwvmwt8Tu4YQ0Q7gdj5YLpxhthAPaNd0csdKXzfiIcMoWC3Y4L1vtszqPS
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A3 3F 2A A0 BF 95 C5 73 EC 6E B9 44 71 6A A6 87 2B 36 17 06 
+    friendlyName: Invalid Missing CRL Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,ADA5D50F350C44C2
+
+/hPizfAKmJuQrbvRfUq70yiL3owIVL25akrbu/Y4MqYc+RzLjB6c8k7tC8Rf+GQQ
+9Ky6ngj6wfiRSiFYkajAWRa7tHu3kw9TommWCSFVVVqx01+c3wshMWh5EBCCG0wY
+ysWw5vfDJYWlFj51rbEOeSJrVVeNusUmHATqbk/QRXm7DeAuTd5yQosYJTGQcebg
+6e3OfTV+e7ysUd28RBva72h+fHTXmL7KzO+RiVx5IMNd9fiYl2VVYovxJLRdVyhM
+iBqs59krueWWHxp/Z2FL9lIMmH1zU2VwDwgAG13IWNSeXKox1C/XuDG4OY+rSuFE
+l20xShbrEPoZ8HyIdwyUlqkIBz83hf1sifdC5mWWEBdMzZk2/25R2mx8idZuObRC
+xRzRUTyay0UOUVSQwKJKXhha3FdYlsQGODNRnX8wsleb8Ps1ME85P79XU8ymL/X6
+IkO1blRIec9U/q5cNeUr+6GlS28Rp7SnAuLSmVY4NxeUbyQVm/eCIKRE9Da38mph
+xyfLijm6j9J2UQvJdQY0NDTHQ1djJvHpGWZ1XfVfFF2mM7ur/zr+HijUWd0+0rbd
+iyMgXiuGsN5inZn53ge2KJM3OgQBDxXy47SRb4jzOlh0xmhAYsRANQ42V2R1Sj3z
+cWHcEzzsg2eumbqGVpOKWKG8YPe8OpRkvkSfh3F6fLhySCqkr576D7pF0PD6ZL/q
+nM6f05sIpQAGnRah9opHjLIVCggXREwrZXWnIEyUb4/UYGYxs3Sj5QIEVV7j8bdm
+8wlXmoUA648KxS/PUfPjFqjBisXrSmYtDUJCmKqCJhR+F8fuiAtGqnYkOelV8BqM
+697v7jtkPbond/WDa6MN7Ga2P5fwm6qaUht0tuqb59UFBeO37n+Ayc2kXCX5CL3j
+wtXajaiYfhcP5zpr6cmot1utKZ0WHYYx0srwMC9Derof6Tryj5aWnlS6cG4JZZC7
+qoAccg6d7dweMVq2KlYdUlwzln06L9hslorPq1jx9/kIdyM52hV6w7cTPDYZAczd
+JWbUQhluWFQlvuCju8LLYsN/HgHunEC2WV1Nirj02qEPGB2xFX75jMTykcUajKlw
+A7sQg9upSuDIqPy1H3vX/csj7JGX/uz7omF8DeFL7Jf6MjxGqf6nQXGk/pjiByQy
+R/+1qxUFccLE7ike9PolA07dUChNGYZ4uvAv2e6AMUiPW0dtF4o3ic+PIpAom+/9
+krfoHpk7poD/RbvMOOLG7jDpokt5EjU6HmQMYcKRPqNXO8ISHtc5E7w0OQoDnsTH
+nyjCLiRt1QnJPM4Fu1b59DcVfWTsgwaBrgAyTBCeC2E2QV/ph7KOJ1jL9VjIUXpr
+RmEeoZARSXjOWx2oq/NQ7yT0QOLDNHgCc8VWYwEfDiyEqkHAMbWL7gb3yv8h0qly
+Jh/y+LK+CIfXHwk79CBtH4vaC2RvXIK6Kos2+J12Ww+VA4Hc7afUGcjabggijjrC
+tKE7yfHjXjYe+KeLwjWJMWZPP0T798AdtNjm9KVUXY16Uv7qAhZToDNaB0yvGCpD
+kPEeaVZVhV7PHYSk0Ph8fFGeNDKj7YKLVsFL2cdvO4xTyFYKD6+0kYlzFCFSaAC7
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1.pem
deleted file mode 100644
index 77a888caf9..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Missing basicConstraints CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcDCCAdmgAwIBAgIBFjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbTWlzc2luZyBi
-YXNpY0NvbnN0cmFpbnRzIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO
-9yKuCeu6dhjdDO1FYBjOw7a3vWSCZ6ukoQAD5724THVzb548yc2GIGKHC0mWgXiX
-fB6PBIQAwAhwCIetZaZICbOaJLAEgrfYEc2BK1uYPcnPDq3akXxh5lwFwL8N/xT9
-ajSDOeq+fWCIH4K3cgzvQFksXSMBrCLeSqRqpxg7aQIDAQABo2swaTAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQURqBdN9KpBRGTRazt
-XDHnzRcB9gEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATANBgkqhkiG9w0BAQUFAAOBgQCIvIvzmMIwJ8YV4vFP0812ct/Jsheq3QAcCH22
-0akUpHCoryoLL8cVkdCCP6lG5QD0BdEszwovHnuu6X1kPCe/85mpvlueAMAcr3Wh
-sSZA7vot2fdmAqwje/64fADpW2pI3muEixUfmNSMsjXFzGSFT2tWJ1XNfFAI9EYK
-j0nmiw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Missing basicConstraints EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Missing basicConstraints CA
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG01pc3NpbmcgYmFz
-aWNDb25zdHJhaW50cyBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MGkxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE+MDwG
-A1UEAxM1SW52YWxpZCBNaXNzaW5nIGJhc2ljQ29uc3RyYWludHMgRUUgQ2VydGlm
-aWNhdGUgVGVzdDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIu/B3NsTKFd
-3NwujgznvY/HGzG+YIVddeXJ/bIUYqj0gIh6FNebF1p5DnC4tljBvuux5UMrmGOi
-6/MoDmiVL8VyVr87z69Hx4DKUjwmHa8KOQ8L5KcklyNCiqovL+IWvl/ifcvU3tQ2
-olOq4vjYRupu8NdmpY4IZl6UQScR5P6lAgMBAAGjazBpMB8GA1UdIwQYMBaAFEag
-XTfSqQURk0Ws7Vwx580XAfYBMB0GA1UdDgQWBBT7lvAQxDdV8M61puLxGf+ZGq5u
-WDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqG
-SIb3DQEBBQUAA4GBALqhV3pig7Li1sMxfgarLLYB4xxjsbFinx7EtEDlju0sTe3j
-F7e9rh62n7fnZqZ8KSyRCikPu3r3qBCLx2TV+i31inM/GqvU2yrBGdVm9HUi2CSp
-YUePLjOyojWECk+rYNq3vVYFVKJkonzfR3533mruAKakqDJ0PQLTEx84ugv9
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Missing basicConstraints CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:46:A0:5D:37:D2:A9:05:11:93:45:AC:ED:5C:31:E7:CD:17:01:F6:01
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        94:49:47:9b:06:de:66:8d:df:13:40:35:7f:95:83:f5:1c:92:
-        da:0d:33:78:99:cd:9c:34:02:32:14:17:ea:86:48:3a:9e:ba:
-        c6:5a:de:0e:5b:68:0d:1e:9c:f5:07:b6:81:e3:47:fe:29:45:
-        aa:c4:51:01:21:b6:70:ed:1b:28:cd:c1:81:f2:43:e7:12:00:
-        48:78:7b:6e:28:5f:71:8f:f9:56:2a:22:8f:3a:7c:8b:8b:7c:
-        8a:f4:2c:23:67:c7:b6:b4:85:02:99:d9:48:01:29:c8:6c:ad:
-        be:24:a7:3a:8e:56:ea:92:4b:e4:8d:d8:9b:f7:17:b3:e9:b5:
-        87:fa
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG01pc3NpbmcgYmFzaWNDb25z
-dHJhaW50cyBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAURqBdN9KpBRGTRaztXDHnzRcB9gEwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAlElHmwbeZo3fE0A1f5WD9RyS2g0zeJnNnDQCMhQX6oZIOp66
-xlreDltoDR6c9Qe2geNH/ilFqsRRASG2cO0bKM3BgfJD5xIASHh7bihfcY/5Vioi
-jzp8i4t8ivQsI2fHtrSFApnZSAEpyGytviSnOo5W6pJL5I3Ym/cXs+m1h/o=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1EE.pem
new file mode 100644
index 0000000000..b244a1b201
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidMissingbasicConstraintsTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F5 04 22 89 16 8F 33 16 74 FC EE 68 D4 17 0A 0A 64 05 88 D6 
+    friendlyName: Invalid Missing basicConstraints Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Missing basicConstraints EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Missing basicConstraints CA
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbTWlzc2lu
+ZyBiYXNpY0NvbnN0cmFpbnRzIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowbjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExPjA8BgNVBAMTNUludmFsaWQgTWlzc2luZyBiYXNpY0NvbnN0cmFpbnRz
+IEVFIENlcnRpZmljYXRlIFRlc3QxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAz0Q7jVXn/KP1L4kWn3MnNkLMHv4kNcWGV8Sz2Z2VUq8WlLhFuzpFvyPh
+NXcaZ98iVRqDqvSmb25/Gf5HoyrLTFxayY0wm72Drm5VW6REQ9evIg3xJV2x/4pg
+7qHE1ikSCD1yHSgrhQvWVVbkYnnTSgVERxm81TDFMmn6nOQzuvjLr50dgcdz9tI1
+sULjP7pyk7vDuBRNhsphW+QP7iUDr02Fph7IO2nJevAZ1p+80O4lMoLLAWelO7c5
+KKyhGa2NqZOCqSsS+cUMtkhUGhEyDdlxC1maCPpsS6zfmtWasUKBn1FLLGXDzALC
+COWJwxztub3n2UVKu2bFEn6aYK9iFQIDAQABo2swaTAfBgNVHSMEGDAWgBQwVrwV
+EY1PxibGtZyhcJLS+U8NeTAdBgNVHQ4EFgQUTfAA8MgHRVCO/ShtbVSoByR2AIQw
+DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
+9w0BAQsFAAOCAQEAVnYgcBUarDoQoiuDXLPNBtPKARX91BCSAJSI4s0yP8Ba307d
+28L6BUVWzbYevwBKK1042PTO3Baz5WTc8I/cgNMUolZKfSbjrTCZ5H3MLVpH1Zdj
+zr7Y4bNppL3aGwXPjjaDHHE6F3h4ukFZaoX9fTr1OTxcyOmz96/hLJ3NbHmRPHPv
+pA1y5yepi3RDltyIMQsXIGPIofZ19LQ/+hCjYuh01wrd2r4DEQYDmyEEDMXRaeFy
+LSZqGQBhvOwcrfX6iz2cIz8YnbfU/cte5C2Id7V7zW5GZP4oCgjHsANbe+hGVbsR
+AUSJ4G96MY5zlwVFYdpLldKm2BywOGs+CU+uxQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F5 04 22 89 16 8F 33 16 74 FC EE 68 D4 17 0A 0A 64 05 88 D6 
+    friendlyName: Invalid Missing basicConstraints Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FBCC7DE9B3E67417
+
+ddz83O0BO0HXwyO0stvbC3Vgu0Xdmk958NkNArfvUA6xAU11fif4N+53XHRy5azv
+4dcEBgdx1cMq2FH0Fsq3NjNKDALJV6jCewzHkPTOgqbJhkwbAZxpVDjnAf8j1cyK
+SV7f7aPg33n9/If8lOao3ZSIYZoKaiOY3oLxchNHNWLZoH83hocKgtx6rcZxOpEf
+Q4ySjllF+jn+jBMTpURJ+WBTwSebP+spHe3vi9jnKxpXhZq42GdMeFLa7RmFCmXZ
+yfgI9VJY/YFtCqivKmWRlAvTA7MTPGnGr7j1T7jAzg+wfgiuAtBssVAKmXFwSrYz
+r/TW6AxvVVj0sgovGPuxrpdSmHdThlm42UVUfw4HaSLjYBK3BD5vFPVaLfLwwYgr
+oN8/mOslZlUkPVr4JV+uAzpVniY5d98YAUSnYn7ASrH6KGrQgbPQFUv6IWY9nS9r
+n5stGf15Ncbx/NnnqsuuIglSHnYQlhXnoBdJGvqMiXAL/QPxxAMNJAsTA22Je55f
+M9xmPxOtszKXAiDB66bhVN1msfDC6i896vLgwsggdyPH3ljJbVHNh+YAmmVtrGgJ
+5sfoPCI8anpBf+LzIzV1rtmV2uQT9aR8cQ4nzkFViS/UKI9BfZPSlXeIkZbjb0fQ
+nwJXYn4xAXhXdV6B33zX2Ih6b/5aXVrdZ6AcZDtSfTwSEEdLgHmQaZAMX8IsGI+y
+gzGnbQTYk4jMyL/C0Z9ikmd/DOGrNCepM3ui9eXxal74qiDla4rVZGXMCghyNt7O
+Ak8TxTogNmcQUNKFWCT5eNCSq5Ewljq+ivdSWbw2vE42JFSWmXSDQycWyi2/bDcr
+0qEksyaJYgbcff+KON6zomidVZOeNl7vHjUHSAzdzN4uCQ1f/EgQsJy2kwUg+Q4Y
+/zM0wTLkl0gELwYi8IhpOkcNtBX8+IE9fG0wg3mzcD9iadOEymBfgGpxRk8MvGyF
+46LJRWZv9UtuuuJRnGGu7czCMYAMJfV+gzm47B6Kw21OHREoEZXtVZaJnUL4AIyD
+cWfTPZOOrUNgKlNIgxNGsHxYK9ATpdDCAh4bV9W7e4WdcBFDgI7e94bQhC2RrK4w
+xN9b1+inE8rlANVn2brIBYuFZoIHeVz0qRBAgNOWo/94puFcafWhyZ4uGZ4wS/a4
+slmsz/T5+sOArZxgrlcMdhtPntonDUZKv7uEvfNl78L8G6rkw6Y7ePDv/1723UuO
+p5SigZc0BFse3wJwvrLKkka/qX4ZXXBm96+atfIappYR4GNpGLKjRyThFp9MQ5AR
+u4be4qNfx2fTWJT+vODocWS0dx9QFZxP9QZan1/hP94Xl1wIMcFgDpATY7yZXfyI
+M0a2baduud6dzjnJ0V0pBYMHG/PmfeEWJU/xCCgHq8Eemxq28HXmNjXSAjOAyQWk
+gl8WRUh0MZm6F/hSR2r4IPbjGNbBVvmhYmXYw0iPMpimMIapI01eVHq8QvCfjjFW
+KTVDcHW/XgdX96k6fO9wVfpHhgGhWj6dPYvFQ+RxpvcyyHzZgaEYRC0mTFY++UW6
+KJk4OrJsoEbPA01cvfflIZNAIaz6HJDiUSUKCanbPbXT3Ca50evkPHMGkGpBNVXL
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingEETest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingEETest1.pem
deleted file mode 100644
index ce0428ec3b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingEETest1.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Name Chaining EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Good CA Root
------BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBCTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDEdvb2QgQ0EgUm9v
-dDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEzMDEGA1UEAxMqSW52YWxpZCBO
-YW1lIENoYWluaW5nIEVFIENlcnRpZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCtoV9f+SA4KyB9i+bRylcLprvUHWg6W/anXTtNepZjeYRI
-h45BCVfF9mYQIoBvqYkSOdB64I/qUShwGf3kj75YiGotm1AzP/e8A1dIyvdxVT75
-vZwCWaOjqX5wEyaGnXS2u1NDzvZ/5JBtwo1KumaVAd9bLw2nhHAwbJ65Hx1eWwID
-AQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4E
-FgQU0QFCXwgNnxwQuYUlKF7ehgYiFvYwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQB8cokOobcm6ZNTDk59
-Ieo9rWzeCUeh8ku0vO2bp0hyVadPHfCvXRRFlWZ6WKMTkBXOs/i5gHEtEGB9cLDO
-kmOOHijG06pi9KyYqh54As2hG8wKngUEyOZsIkKK6JfdMx9besNZ5lQlSK3SZpV4
-wTIx6poqzlbJx24yad7rPgiUxg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2.pem
deleted file mode 100644
index dd9f0a5d86..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2.pem
+++ /dev/null
@@ -1,113 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=Organizational Unit Name 1/OU=Organizational Unit Name 2/CN=Name Ordering CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICwTCCAiqgAwIBAgIBBjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGOMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAsTGk9yZ2FuaXph
-dGlvbmFsIFVuaXQgTmFtZSAxMSMwIQYDVQQLExpPcmdhbml6YXRpb25hbCBVbml0
-IE5hbWUgMjEZMBcGA1UEAxMQTmFtZSBPcmRlcmluZyBDQTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAz4GBJOnsdl/i9wT8fK6n4zN5AHkLGLTaV9MLbBL5heti
-HmMEj4t80NsHynN8WrNyxjxjeDoAnlUixCHAT6totgzgeWKumN7Pt48lWyP7K9eV
-j0mJ/e0X8EYCrm1idgjBevSpFpC8sT0m7Lgo60wWBrYqKBE2OW2oLqjK2a9itJkC
-AwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0O
-BBYEFP/4JkT0Lojo+NeoS4SRoshoYlphMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAE
-EDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOBgQCrzt7jsc3zpys78suxiiHSl9hYrO0L3UJE4TYhMKsTdu2r1KStNCY1MA05
-8U2gLxTSvnibuRTn81AHALvjm5bd3oiKFRr3ISzo9SkBx6wXO7x23f26giO4h6WR
-Yjce1wWutjpvkyXJWxLqKD5eE2PVqwjujs3eiNAV0KkiQTqZkQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Name Chaining Order EE Certificate Test2
-issuer=/C=US/O=Test Certificates/OU=Organizational Unit Name 2/OU=Organizational Unit Name 1/CN=Name Ordering CA
------BEGIN CERTIFICATE-----
-MIIC1DCCAj2gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSMwIQYDVQQLExpPcmdhbml6YXRp
-b25hbCBVbml0IE5hbWUgMjEjMCEGA1UECxMaT3JnYW5pemF0aW9uYWwgVW5pdCBO
-YW1lIDExGTAXBgNVBAMTEE5hbWUgT3JkZXJpbmcgQ0EwHhcNMDEwNDE5MTQ1NzIw
-WhcNMTEwNDE5MTQ1NzIwWjBkMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxOTA3BgNVBAMTMEludmFsaWQgTmFtZSBDaGFpbmluZyBPcmRl
-ciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAlIUiHjq7IwwwfDgHAnDwX3nPnYsaZ6Bu8w8lZNS/15MDdOmQg71tVoCIC0he
-PJBMDiqwuUQ3pbgsavDR26tQnAXGzmJllHIFry4XfdUozW3Du9KUR4eFHDkgiQCj
-IXj4VSgaMAXyDSGO8tQpZvweKQLreeur5220Pf3K7zabhcMCAwEAAaNrMGkwHwYD
-VR0jBBgwFoAU//gmRPQuiOj416hLhJGiyGhiWmEwHQYDVR0OBBYEFEu0FDAWAxWm
-n1pTTcqqIcZ0G7JJMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFl
-AwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAHrnqIOietTCGSRZ38iulDWfnU8JraF8Z
-x0MJGiOWHh5iM21Rfwux8XyoJ022fncuDoZAsUjriRwBn3u0faPPFouOEEVMglWU
-woUFoMYymfDUYmA+kavP7A4gRhSfhi4JJJHdb1AbnNkHbMfIBRSz48wsphGJEyk/
-NE5gmcum3Bg=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=Organizational Unit Name 1/OU=Organizational Unit Name 2/CN=Name Ordering CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FF:F8:26:44:F4:2E:88:E8:F8:D7:A8:4B:84:91:A2:C8:68:62:5A:61
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        b4:c4:1d:56:f0:e3:a4:27:bc:09:13:d4:99:6e:6a:94:5c:0a:
-        5e:33:09:0a:a0:6c:df:0f:3d:a5:03:15:e8:da:cd:53:10:e0:
-        26:82:d4:82:34:2e:75:62:f0:8d:a5:b0:17:ba:77:e5:1c:b2:
-        ca:d4:71:78:2c:fb:3c:cb:51:58:4f:1f:b8:90:22:7e:60:c1:
-        60:03:64:04:58:60:3d:a8:36:c4:37:6e:b4:c1:28:0c:4d:16:
-        89:5e:31:4b:1a:7d:4d:33:35:8d:0b:92:38:90:f2:70:e1:f4:
-        c6:14:7e:fd:3b:9c:c2:d7:da:8f:ce:1f:6d:36:3b:ce:5e:28:
-        1b:fb
------BEGIN X509 CRL-----
-MIIBiDCB8gIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSMwIQYDVQQLExpPcmdhbml6YXRpb25hbCBV
-bml0IE5hbWUgMTEjMCEGA1UECxMaT3JnYW5pemF0aW9uYWwgVW5pdCBOYW1lIDIx
-GTAXBgNVBAMTEE5hbWUgT3JkZXJpbmcgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQx
-OTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFP/4JkT0Lojo+NeoS4SRoshoYlphMAoG
-A1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBALTEHVbw46QnvAkT1JluapRcCl4z
-CQqgbN8PPaUDFejazVMQ4CaC1II0LnVi8I2lsBe6d+UcssrUcXgs+zzLUVhPH7iQ
-In5gwWADZARYYD2oNsQ3brTBKAxNFoleMUsafU0zNY0LkjiQ8nDh9MYUfv07nMLX
-2o/OH202O85eKBv7
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2EE.pem
new file mode 100644
index 0000000000..6cbfdc3a6a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingOrderTest2EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: D2 C7 3A EE 21 D6 E3 2F 8C 6A 2A BC 1A FF A1 9B 04 2E 74 92 
+    friendlyName: Invalid Name Chaining Order Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Name Chaining Order EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/OU=Organizational Unit Name 2/OU=Organizational Unit Name 1/CN=Name Ordering CA
+-----BEGIN CERTIFICATE-----
+MIID4zCCAsugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIzAhBgNVBAsTGk9yZ2Fu
+aXphdGlvbmFsIFVuaXQgTmFtZSAyMSMwIQYDVQQLExpPcmdhbml6YXRpb25hbCBV
+bml0IE5hbWUgMTEZMBcGA1UEAxMQTmFtZSBPcmRlcmluZyBDQTAeFw0xMDAxMDEw
+ODMwMDBaFw0zMDEyMzEwODMwMDBaMGkxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZU
+ZXN0IENlcnRpZmljYXRlcyAyMDExMTkwNwYDVQQDEzBJbnZhbGlkIE5hbWUgQ2hh
+aW5pbmcgT3JkZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDIwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCmGHtkF4itTUq3AQnzZatlEBh9xeYcGGHKW4YG71VW
+tuN7bK7l/LNJ2rANrU4d3FvjcjS/uz1mInuC8Jmc83z4O6E07zDERh3vJMuMYZRM
+/3Gq/b5MfGc2SSPiE0x3I8K7IVOjwa2GtYAKm7W3nEJ80//fkdRbzu9WYXLpKGfx
+ffEZq4j8kBwmNGYLO2eyOmIKLeY/UdnzN+IV/wy9u4CvNQEoagLCXsaAsLJZWPeO
+e+92n90GVdAdKB/Ml9PMTBfDh0R1jrmOFAEOcJfIYGpfj0tFIsAZ1AdcDNPXSx4s
+A0cLfSG0xuJu6iBxHHIsCRW2Q2cK8yo2aIq7FNNE8bvPAgMBAAGjazBpMB8GA1Ud
+IwQYMBaAFL9Ki4GbTYwUMYxb6czdL+h5ElFQMB0GA1UdDgQWBBRXIRom3xYohMEv
+pN0iRtvORdgoWDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
+ATABMA0GCSqGSIb3DQEBCwUAA4IBAQAynecH6qf01AWM0adG9SZ3BQ5N/oBfcu7e
+WjwU0dPuMZP5O3+Ak0x7lt9F4QRwmcoyHsB7AZgGMNu5xWE3dpebr4mF09RP0+pa
+T0lli8Vi5QMUCaqYkbXOfchl/A9k2py5H5xrZ0OJZrZonmAGZTMmSuAhY1xu6scW
+gs6X2CSnU8siNg9Zcd7jqbfHUWSLvz4k9N7UzTqT7Pzwof1vaTPqcggDGUC/jQV3
+v6BgnIcxxHjRL4VSg4Z/fMh4hwXQlEFZGHoyBzzYNhYPnpgpxU/64cVHbOLNC6X0
+sUVsT9JfCt/kFAPOoWnBOifSzjeqVXmteVsb/9SP4wF/f4gBmJjg
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D2 C7 3A EE 21 D6 E3 2F 8C 6A 2A BC 1A FF A1 9B 04 2E 74 92 
+    friendlyName: Invalid Name Chaining Order Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4EBB2B43D79854E2
+
+M4O8H3FXV/0Q8oJmUXqDk60NUbwnBWNKvGM2twA2XZU1rEodmvWWlwo0mmH+j8rX
++A0itJomhWox8Q88Sdi56G8PhZfBk2ocPPAIDrG2z4EFqbjCNATqJlIJmMyukzbl
+B6tYDt3Tx/vWdYRZSFyNPtn4GTuY+KIGTNlyf2F1hBhbSU4MKPoEAgF0JLRvKj5E
+tZIZO+EHfHctq6cTcqLdqBhP0bS70UqqqlvZ/232SwpPmaXWvMYjnqMo9W3neBID
+XIEP5mF4vmaTLoVcH2hoRM5qvh5DDSYfp5StfFcN0R6d5bl5v//bP+1tu79kLr4W
+HPvXQcApsUrNUgmtGNUiqM/uwEdlgYiyjN+yQpSrc7I5lT+5nBYWfJ4fsUD/K5Nb
+2/rECornDiP53DJ5daM26Q4P/mpNCHZQzBXCFb84aSSLtUvijvOtUxt4Ej2rGtHb
+t8F5ucVb9JmU7CkP9a5uy/t43z/NPxVqqgxltlb3Qh+4Pky8xUd9j24578KevBUd
+Ufi0kErFk+1ShcYBVab1QcQh4zeuq0oPWmfgyWjWZ3KyKwdMDo613YA41MgoCvbh
+OtZmi52rtoFJ/dIrYp7ls8o3L9H7UZDugRuSQmDNsFYN7+xSSb/6Tgzq1vQIo5CY
+g5At1yRtiirZoKPA4NlrCtXTVe4hAdGRQOKC2uSmZAC3pbES03lCxtTsAQncxBfL
+Z3eeR/n57waMKPykDwrIzIvbxebA7obPfpX2Pqapt/WGRbseX4/JPDYQVM/6vLfA
+DyTwC16eMO2XUIAMJ3ThBmRCzz/2cMxsMIVMGEZKFOSmcvL6FvqCtve9/vEUxCs1
+BbUWetauDkZypEPEHWPVYCGl7aMOG2SmeeUECx2xoTCCPC2gp03L2LlS4STvgKig
+Nwe+A7WwTVQlxUq+x2BXJEcU3lZh+qemj/b6bcomvkuszWyiiLh1yUSERdTZDUSC
+oYyasTIlDpERQGyyAcn3vqSKx3gdcOqX/bl8o8yR/EdUncAde5KMKegpBZlxbF5V
+TkXHeOUBJotq7qMjcxBbT4+YKwmBO6QwK79bwpuFuzBswCAquVPsg/uRylT78Qpz
+GRit5SxH+S4KkFxGAmPAzQLILGpS35qxVrFBv47MzWbxBOakFpFvBWujWC2eBVfq
+y1YnF5NU1++kIRFORX05sq6aDdeIhcA/OnCZESQKp92Nud2Br8wHHHpbDr9sF9tY
+17qjulQQ75JXuGm0CEp+wwud3Lfc++IlMRI8bUSn8xGe06bZng1mK3kdHyK2tkgM
++4pljAh3JVzfv2q2sB4ZAv7omkBFemfoeiqrxF+8jpOq961v+nySeFYsHV64LRyQ
+hoISt1GrdsCL59/dd7PX/3YYqUGIsKSdzxJVPlds+Gn7uku0jPSUgCF0RfVtri7t
+cpXGiz7irjZV4RDkvBKfM4NQpIKLGW/Hf1NnUM11Yc8aEhzaUgw6NwqB98CBTaUg
+8QhczEGBSQhzVBuEINKwbopB91UwsmdHQXhth75e2+miV+T15JBievUfS2LFC1jK
+qhBPfRfWK4I9JMzAiI3lN6sL07O/z74c9coci28MKLg0iSEtCw7H3//MdHsRLWek
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingTest1EE.pem
new file mode 100644
index 0000000000..97ff96bc49
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNameChainingTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 7D 6D BF 10 BB 59 DF EC 2A 3E D7 D5 26 AE CF 0A B3 5A 21 F5 
+    friendlyName: Invalid Name Chaining Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Name Chaining EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA Root
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIBCTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMR29vZCBD
+QSBSb290MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMzAxBgNVBAMT
+KkludmFsaWQgTmFtZSBDaGFpbmluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL+nEW5gQmCvT4PQ4bfEwb8YmHX2
+bhQjlGRTHO894s1c8ntn8sOGipmZujpyWKEnuLYYXnrx/8d6EaQ5iHWc2STa5xO2
+/FYakp8YF7+wGIrvAKI2gXIaIFzFC6BBtZiDBb9esrLPA3tiu6u5F9WBsGWuA1TQ
+jKqaTll9i5WvnXY8Fq4JbfHOeh9SCJKnyLtY/o6QqfJu4IvGIy3SVMUOpy35ZR6O
+Hdy4JXBISnOe44NDd27PQNnkb7VlcvspL873wQSp5YJKW5tvoPMtCGegEssZIGGN
+lN9bNTzeXAB+BfwtYoqP0Ej769uC6863UgGeWztLxe5YlvyS7CXaMmNdyosCAwEA
+AaNrMGkwHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2lEHIUUfWvOskwHQYDVR0OBBYE
+FBrADjt6tfm3fhTgKkOCvTN+XnXkMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAHmYLicHjD0aYoBwgy4J
+fY9KHQVyP3enwjKFrzxt3lLh0+hvUeJG49oxt3lRPjU5d7GJYSzB9hmbECnD8hYf
+/NVRIa6UnLTK/blp3yc0fgYrZSFgzU77f6i51hxScIwprI/rNKUKjwYwPBQ6XZoS
+Lb5nZkbFoSaPjorD7/rTBp1A0vPt9QNn8wBph59HSKyUnHm256Y5kv67Knkt5W11
+tazp3HAc2nsE21MClKg4S4IHQYCva6p3KhViH5Wntu0AaG6Cl3eVbMDe+rzu2i7a
+SsP+m1IhK/geXvUOHGkKQd0ESsNaHakpy5mQXpYbxxpem1NCcsbPPlipMa0AN5p/
+ksU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7D 6D BF 10 BB 59 DF EC 2A 3E D7 D5 26 AE CF 0A B3 5A 21 F5 
+    friendlyName: Invalid Name Chaining Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D8417684F15C42FF
+
+vKv6b2ZRAwVHf3IhthcuPQrJKx3OAjv8c+lHRnmJfHrFJkUf1am4rrCc05dszvUF
+TjTR92O3UYb41SmqEJhgidYEcM1I8ktzt5It1pItk/ZHlnrJ30qoWmtYx7GGI6En
+fXsV4tuL7jEvgKlkrYztkaUCpbauktbKcgLCeZM0YQ1WTHsDFK3KTGnz+a7Y0Wvs
+sl7UtwwjaiGLzJBF3AxKIDwGatxAxZaSUR5+9/17pLJ9Aw4irQUlERtjwKcs2LdS
+EZDbgbfPMqXOmZoZO1zCD+ZfyUM3BNOfXs9S7DqzHYjW0EeOmQiOLOWDApUPpSwl
+Ywp/hr/8DCv7POi0uiAO3xK+DNRMKHtig33+d3xU4YkEw8yZDmesgByeEEF8KlzW
+lWasO6kimeIBSmhccj7E2bu1+FEg6x3m5AJkVUxOs5hj+D5zOuihofhatD3aCJ4G
+jdRZenNZAre4l/5rKHsndQVsKOOFjVhMBP7Id+wv//eRez+OHS1yxlRzunm0O05T
+1a+jypMOV8v9lb/UYTx3CRsEtXJeqB6tObGZP/BcLDw4e3qhrEZ8wj4ys8J6Gk1q
+czlYliZzVEc6qCCnIRMf4q2jMSb++klUAuWO9ieU9uD5ms2CYyKDM2b+Swky852z
+PBh9b8/pKidwhXc5xSGxEP2lDjVHajBhlzloPpmTz31bACS1RMsYnmskU6PAFuWY
+sUVObgF3C0hbjCCZlubAqEgmfAJTfsta5ILZ9t3yn+ucS05fniAXQGPZ2dTg5zh+
+r86+Bz7h7ZVEF5aQIx4nYouJsW6vUYNBb6FV0ej7n1QbS25d9BtIlicncKaGNIis
+OIXYNICAD267B2Y0+7/NJTjO6LZwE2sFAZM5k/5fjK28DiR+Z7TqZxzcbMurTguZ
+FmbKunAe+wBaaN3cunbi33hwIMIVNuFfRYiYNnPvoLpIzm4zfxpDXfVNEqpWqIuN
+J0Aj+dq95RFo7cHiwp9wXAwkM36rMK9I0ahutISvEWIDDyw7qk9E9ivUHcMk5YT4
+Mn+IVromU0cXcM6sp1pxX8sDeu5M72nw4NDSvEvHtj0fIxHvzhlwsBy9US2yEAsK
+SUxlQsDnkDJrY5G+yEt7MkuibJBPgR4CYQKoq/GIGPyjB86TQqAeRTV4OTHE3xkY
+t4CuqoKOwzy1ieFZtgW67n6qpMsD0tPNYk4zWkIDM58yOpZ77PdMclSuUjffHAKm
+v5SAFXoAB2n/ld+k9j3cOsuBKvrlRZNADZmgeYM9ttNDM3n6pyPi2+yyc4RqfEfk
+CMckhOCI6OL8Rkl8UvPyo50+kYzBNsrEUDgtgXh6zTNzE+0KCoMcvgW/dRjjGJwQ
++VEKwPOSTXMQJAKx6g8qjOoM76gZrr10geiHhalicn6a16gaa8E2or3DlgXUV9ZG
+Mac3Esvn5x/gnljjLnkaNzf0ehfe/blTlaCeqJjLv7j+ZD+zt0tL5mfBmkS7zaY4
+3p9AvHVaLB/wFT2z6BCxBAm0hAu3Cxd54NhKrYg6aI5hKiJ8DMROCadRsc6ydM6h
+84WRHdKOI7J3jkTVDyKG/1Zug7IgHkv6nzC6xvpwMYIHJttUoz2F0g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15.pem
deleted file mode 100644
index 9310adbf42..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15.pem
+++ /dev/null
@@ -1,114 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Negative Serial Number CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBETANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZTmVnYXRpdmUg
-U2VyaWFsIE51bWJlciBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw5yD
-rVmP3dVETqSrKKVXvXWAnpc5K5Xh6mhHBvy/YpoERigE1MP8A/6eE3mY6OnMJVAh
-QJRWniYBrIDg5zR873cTAbn1O7MwSfs3LLxEO81iAf2k4nFFxAGtQp5AUwx0cQVK
-8oMVty8BEcAkazVA87HQgpycQySqDLmklHNqkncCAwEAAaN8MHowHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJCMpyNNS/fqobISh7nA
-0w4zWMuCMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBYz9xXPhMcniA6W0RG
-0A59JbhJJpAZmnLBusWQjWYIZsVit1M1OXc/zDGAP/ik3blednL+t+wbdJc1qg9m
-4bgoXS14lg+6IGMF2VWcoKkDJDIHpkVrdQc9WGNm0qqPyHGW0ggbi5VrBv1potkF
-xBtl1WkY3ZTLuI71pJ15ebGZ/A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Negative Serial Number EE Certificate Test15
-issuer=/C=US/O=Test Certificates/CN=Negative Serial Number CA
------BEGIN CERTIFICATE-----
-MIICljCCAf+gAwIBAgIB/zANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU5lZ2F0aXZlIFNl
-cmlhbCBOdW1iZXIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBo
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPTA7BgNV
-BAMTNEludmFsaWQgTmVnYXRpdmUgU2VyaWFsIE51bWJlciBFRSBDZXJ0aWZpY2F0
-ZSBUZXN0MTUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANKczL4/N4jrniwj
-6tO7tR683qVrEG+1DB4XcrWL4wENZS5O2qkppGZD7cOXkGuOemheT0QGmaEtQjOa
-yRVw86jvq4n3iQdSEvRb6C2GtYQ7hFASTBsQn4qKbcldkhv+XQAzLMc65GcFv0l6
-n0xR1miZq8E0mDxBLg9J5iv6abyHAgMBAAGjazBpMB8GA1UdIwQYMBaAFJCMpyNN
-S/fqobISh7nA0w4zWMuCMB0GA1UdDgQWBBR1iOR4fH+ykQ1KqxHgeC1Wl2TuQzAO
-BgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3
-DQEBBQUAA4GBAAAfyUd30ByRjggXgiu4vNE7KBbaY6fbiYYugGriPx/HPPIJM3M9
-3W2m85AhLW9Qt/dpaXQGeICkDfrLrpTCV8MWnedoVwQMBla8v5QNs4pUdkTXuV7R
-9LZqxgeDvUTEadGrNLjZ4WumiFApRA+DRjJE0LsnS58wWtklsYDoHJtH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Negative Serial Number CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:90:8C:A7:23:4D:4B:F7:EA:A1:B2:12:87:B9:C0:D3:0E:33:58:CB:82
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: -01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        7d:55:77:de:74:f8:ae:25:02:35:ad:53:74:92:6f:89:f9:ed:
-        b3:4c:bf:a7:70:b1:0e:20:4a:c3:03:7f:a9:99:01:5b:5a:a0:
-        67:df:cd:74:08:d6:80:2d:ca:f7:c0:be:9e:68:35:d3:79:89:
-        45:a7:6e:f2:75:86:e5:28:d0:00:2c:96:14:03:96:eb:75:d0:
-        fa:a7:78:f8:50:e7:70:6b:cc:1a:9d:8a:30:1e:c5:5d:22:a9:
-        ef:dd:07:48:85:87:d6:2f:15:02:d0:07:81:2c:bf:fa:c6:ce:
-        49:03:44:08:37:f3:f3:79:b1:61:ab:c7:f9:21:29:3f:4f:cb:
-        36:c0
------BEGIN X509 CRL-----
-MIIBajCB1AIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU5lZ2F0aXZlIFNlcmlhbCBO
-dW1iZXIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgH/Fw0w
-MTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFJCMpyNN
-S/fqobISh7nA0w4zWMuCMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAH1V
-d950+K4lAjWtU3SSb4n57bNMv6dwsQ4gSsMDf6mZAVtaoGffzXQI1oAtyvfAvp5o
-NdN5iUWnbvJ1huUo0AAslhQDlut10PqnePhQ53BrzBqdijAexV0iqe/dB0iFh9Yv
-FQLQB4Esv/rGzkkDRAg38/N5sWGrx/khKT9PyzbA
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15EE.pem
new file mode 100644
index 0000000000..7479b46674
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidNegativeSerialNumberTest15EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 17 72 29 99 FA BE 47 81 E4 B1 01 CE DF FF 1E 8F 24 20 D0 99 
+    friendlyName: Invalid Negative Serial Number Test15 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Negative Serial Number EE Certificate Test15
+issuer=/C=US/O=Test Certificates 2011/CN=Negative Serial Number CA
+-----BEGIN CERTIFICATE-----
+MIIDpTCCAo2gAwIBAgIB/zANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZTmVnYXRp
+dmUgU2VyaWFsIE51bWJlciBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMG0xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMT0wOwYDVQQDEzRJbnZhbGlkIE5lZ2F0aXZlIFNlcmlhbCBOdW1iZXIgRUUg
+Q2VydGlmaWNhdGUgVGVzdDE1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA62KPWxrURH3uoUly4l86zjX1hpi4DnpB94DYzQ9LSGGpGznlFDt+RyvkNjRB
+UomO6ZpzUw05LdrHNwEKY/Lt8l23PrRH6rUQW+epbYq8F7xXb2UMlmgjRw+IVY7+
+sVnLKk4bWzyCOOU4QXY1MZnoaOJGnZauWePVvA932WDny1MEV6THpnb3TUR4GVoY
+wP1rTv8knj+kMr822fT/QixZiAm6Jimm7ja0Nlj/FpXx/9Gv/LP8LMMnQ2esKJUM
+iLBZHPNtZhHcGKzVzqxAhrzRTZUddXmBS24k2doY1iV1KypyxgG7WBFX0MfLlqCK
+jC+9IpoPA6manH6k3R1UJfZ0KwIDAQABo2swaTAfBgNVHSMEGDAWgBRi5C41xg/F
+6JHQC8GN3rav2ojZPzAdBgNVHQ4EFgQUkfQx97LimEmUaVujcr+gLY2rJqkwDgYD
+VR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0B
+AQsFAAOCAQEASWqVVZv1Mi0Wor1uUCsSnDwNn1qBhzHRgCJ7RvTS5I/uKey6YqtG
+ozvw22AfDPOa43ltwuCuOeVX0rG1BpC57ZzHEJgQcksysR6iZ/uY/vN0tD4chgHp
+yi+8sTayGRPBqrpANbgTD2vzNULrcHo/nZIBiUAWs5I/38iWMAnRvuskzwEhAZcJ
+xU3Z7laFlU5TQGoTMxLeyMzKbJRJWW098aYscKWhG8bEy8CIRsXiuF+BcrFqqzTb
+jZA9n2Yn6S805yMK+TuDWDh+VzPwHRZliww4+ROGHT7LgRdxeN9ZlKx+XqJ1yvVo
+OSsRBKUwZyf/8dm9ItkC5J6XM6dfreX/bg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 17 72 29 99 FA BE 47 81 E4 B1 01 CE DF FF 1E 8F 24 20 D0 99 
+    friendlyName: Invalid Negative Serial Number Test15 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,89AF3DBDD02217E9
+
+uv4c65SWYATqAOZuPg0VAf2OWnVv4nfLYiMSqgjc5mHTtRKWvXrA6uP8otgl3iQb
+PmyXN/C2eFwFfzM+JU2VnREj7Y40YVLMPKARJ/sbY/SfUhZOVsI/IuKWk/o3EiBV
+LDulYfkt+9yPOdvJRivNx96Tr6+6ItdMGiNFfouZMIA8N6GI8PyWcygI+XQU43Bx
+hVdoQsD/yrpSKzNUVqXEYbPcK34D4W7wVMkxToQHwKe7N+GDFMQbc+yqC+do97of
+lK5Ps8dv7U1SAhXb+bAxnwvRqQ20+KKlXb4FGlS56rK7ksKrGpr5lTAVbDGrCu1K
+Ib6rmdLwDM6lz+it3JM4hwlDg5s3v0uND3BIBkVzIi5b71VRNBsEoXVt96LsTCoi
+pwW7cDZm7pG2uDH/jVrpEtqfDskRWuFz5KwB4uP3Ne9g4/uAOj8QIDkmqH4gxep6
+XEmTaVEQ1kDAn5NoURExr8Z6uW5EsVpfKeXiWg5AlnqrUKoCLXxf7+bYxzd8KbF9
+QixAGeUy2Hk4l39afPcAOg5/av/UZL6S8YHMWZ5H6ks8bPnLPoYMBtwegxFRMvXP
+QS/z83bhAkw2s1DKlU4jkBM2McFAJJgl3D5G10Ps8BNNERpZr9pdiKQOPXz1RIAp
+bhaYE4EvYWV8yV1pODnYH8Y0YN9RaG1L1D9PuGBpZAtsVc/kcMz0JLzNPzp3LYbb
+aoJzoXj3VdrqdgefYmj5FbjgdIl887ZcAnm+3t1MydwDZQDtk6WluSw13/Pm8nM1
+O/bRCUadOyCSIfUHP54AABGlpto4wH8pPB2OOSe+2oEHqDq2qBRZ4mH5gDquPSPo
+TdQTgQVltNiAE9H2P3wEOob0xk8uxZgq+tR7ZYrsevBkOMXL+egimccgqndEh0pn
+bg7j1TPC/6dj5UVYpvEhcvZ1oEWEPMcMxm6Tmvr2PtcfT2Z1M5+jGYVRQVknWL6R
+ELJMLeoZ8QchYnHBg7IlRaLyKt5OAl3PpAjrQOtnXdjmEy51C2ujrpTyelZ8q9lh
+KKzGg3N0wtT7Bwg97fyYQP37wHDi7fuyPtbdF8T4JnCZxeCXgNyXUOZ0NbEUgMVC
+tC7Azst1YdtyR1ErUirsu9kAbr91KWqF9dj49wgzzuoiOsuxr3O7WykzuGf4iBIe
+WSGoucPvyStZc0ZTDtJiLsqYE52VXAjJmGarh7i64bP2v2v/ssMEKY0WNPiX4Wtb
+955ippwJsI2b+MEr1BpisujKkzoreRLAT7Tnx9tz5Z7R12iNKP4w0uhPVwZDUHBT
+qz+GB5sukQMCzhSMXhbEkHZvQhZNVp4Vkn2E6CYi0LvLLGDF+Q7docAoo5ciw95Y
+tjffPgYVSaHSMg4ndhgGxFIxJMci6IbZF0j1Mmf6A8UQET05gr6trD/yj82irR/i
+Quyj4ZkV3Hjb0K7JXS5KCxGfYZHvN7y27s5712dhuO+fIr19VUc+erlMVbcEXGlg
+ligwtLjZDp74ZA7Vbi3HyRLlhHDN9bGQcRIL7CiJCC/9Bm1B3PRPZ1q8x2Bpakg4
+l3WIs6epQEaYWO7IrgHBeS2G/M34gl3jwV+DdaVSMU2Z+eOK6LOlQk/xKvFAoWFu
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11.pem
deleted file mode 100644
index 43f4c11eeb..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Old CRL nextUpdate CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBDjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVT2xkIENSTCBu
-ZXh0VXBkYXRlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3mWvvYS5A
-sFNH3PbxcSFtUQ/3TzWlO4y6wINHN6Ypk9Okpx3uHSwBpkQ1N0htmUhGQYFyhzBx
-ATrb4vlB4KzylhOwfX0F4cYko464NaCZNL7OzwjzOCgZ8097o6RD+Z2vsM0GmOeD
-ycpB9yeqLhC4e30k8dFJqxzCAEJC0Et5swIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwGrz/yOO0EdEUB5DUcJ8XjGJ
-zAcwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADOSGYLxhRxOj7gm33bTOeiQ
-PIlmAlvVtqg+44hgkcovBETHehNU1xBQRF/tdPACobZUA1/0YoyNZTHIY87qLDkJ
-Ks0twBDEHmgmadu+IKhutKIZzHSsU9xVfyipeAX7BfgDDeEaRdyPCan3KO9hpbhS
-CruOE+/WuIQiY2bS2SPs
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Old CRL nextUpdate EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=Old CRL nextUpdate CA
------BEGIN CERTIFICATE-----
-MIICjjCCAfegAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFU9sZCBDUkwgbmV4
-dFVwZGF0ZSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMw
-SW52YWxpZCBPbGQgQ1JMIG5leHRVcGRhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDEx
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvSHDwBMR2xa4zMZPJ+4WCtp4V
-RyIBBXrHretH519ipC4dqURqRrI7/N9ApYs6t/xevUxi+T2rDzXZB8L6x3AhE+BZ
-xOknZ/gpSN3du4ofSeM8DT7vzkwkj9S+bdEcU480Om0P40OwnQUIiR92HM8xO5r1
-qNrXauV14rf3F461HwIDAQABo2swaTAfBgNVHSMEGDAWgBTAavP/I47QR0RQHkNR
-wnxeMYnMBzAdBgNVHQ4EFgQU/pqWPiQxXU/VEoME39jSmPZFApEwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOB
-gQC2hDiZpMieKwCdZ3STNKZnLhmmgmcxMnshFx6iQ2B8XIbpY8fNvTUCPf9MMEvP
-a+1O7EDTEdrQCEpnKZWExBuB5qpOeP6ddjsedieij7YZUsPCn8aYxz3Cc8uBailz
-2ooOjU9ubv3hI/vnWXYKhZZwPdognMfenzqgqVonVkrt7A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Old CRL nextUpdate CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Jan  1 12:01:00 2002 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C0:6A:F3:FF:23:8E:D0:47:44:50:1E:43:51:C2:7C:5E:31:89:CC:07
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        09:dc:b4:50:29:96:87:a1:e0:b8:2e:39:6e:17:6e:95:7c:a2:
-        45:a8:24:5d:ce:da:6a:00:6f:8c:7a:19:77:5e:d8:d6:ff:63:
-        12:a5:68:c5:3e:e2:17:87:57:98:08:d7:2b:26:2e:1b:3d:12:
-        56:39:9c:93:8c:0e:c4:ed:19:af:37:4e:9c:2e:4a:54:85:8b:
-        54:2f:b2:a5:c9:ca:5a:9c:d2:a7:76:c5:00:1f:92:c0:cb:3e:
-        1d:0f:69:63:4c:f9:40:fe:40:d7:17:fa:ae:b2:5f:e2:f4:8b:
-        01:b1:2f:bc:7e:8a:b4:05:1a:97:21:8a:84:66:94:ec:5f:fa:
-        4d:28
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFU9sZCBDUkwgbmV4dFVwZGF0
-ZSBDQRcNMDEwNDE5MTQ1NzIwWhcNMDIwMTAxMTIwMTAwWqAvMC0wHwYDVR0jBBgw
-FoAUwGrz/yOO0EdEUB5DUcJ8XjGJzAcwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEACdy0UCmWh6HguC45bhdulXyiRagkXc7aagBvjHoZd17Y1v9jEqVoxT7i
-F4dXmAjXKyYuGz0SVjmck4wOxO0ZrzdOnC5KVIWLVC+ypcnKWpzSp3bFAB+SwMs+
-HQ9pY0z5QP5A1xf6rrJf4vSLAbEvvH6KtAUalyGKhGaU7F/6TSg=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11EE.pem
new file mode 100644
index 0000000000..61ed3e8504
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidOldCRLnextUpdateTest11EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 3D 56 D6 60 D6 34 00 EC 8D B6 50 91 FC DA 09 9A F3 9B 79 A5 
+    friendlyName: Invalid Old CRL nextUpdate Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Old CRL nextUpdate EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=Old CRL nextUpdate CA
+-----BEGIN CERTIFICATE-----
+MIIDnTCCAoWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVT2xkIENS
+TCBuZXh0VXBkYXRlIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+aTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+OTA3BgNVBAMTMEludmFsaWQgT2xkIENSTCBuZXh0VXBkYXRlIEVFIENlcnRpZmlj
+YXRlIFRlc3QxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMUCQ6ht
+nIHGtGfWIymBLnkyZ/b+51EMYGK3oG2KyVWoC+++h1CzZaDiG8p0Gv54dQjJm5Vi
+z3SPO5TTkzmEIWCa/1uKIQPjOVVRey0qApCvymRoXXEJf59gnBqPDx26bXb6NsoZ
+fGk6yEkvhH+MhGzQCHN95ARUNMtYSbPgooEDzJR0ym+qj2LFmZhRwKEp0IubF109
+JPVk/NQIbI3HPZXUdCzp5jK1clTWl+NGS958LnnO4jEK9xJ6euTg/6x/uR+t1oRa
+IxLnB28PFaavkhQG4vVQ+M4Nb8QGBsXmjl8XyOB0YLf+ZVbDXZ1f1UG3MYsjY/4Y
+vksxOmddND9NtIMCAwEAAaNrMGkwHwYDVR0jBBgwFoAUztof2lrMjpf6IBUpT6yW
+jSrNeBMwHQYDVR0OBBYEFFZ23wygTM9MCKaXTBWP52hKEFSlMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEB
+AK1ocp8QO0gPKOT/sFZ92czs4wkA6tiiPte/lWgK1OQ5bPt5u3kT51mqBp+7c2T5
+Vph6MyKO3mp9gLEwFQPyxp4DyZd2i0GfTz50sIM7JUYFvpjThENKLkBwIHDB+fFp
+O2K6JtboC2dutQXhseGvWNc9nadR6/MaNlYEZGBCtcRv7jkNzsqzrVCwKZySxh5a
+Gz+yM9JeDcTJQIIi9FTtiI5EmBAmWU9Ny2GuehF71srlR6Vv+TNxZHZCPc+jAzBh
+3CAV7MPCTIDXbBTtRrh60063/x94KJQ6RIvnqnkX+y3A0wIbEDv8XtwvG8GI8q7a
+Ff95NQbv9wnAVBcG7YoEI6k=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3D 56 D6 60 D6 34 00 EC 8D B6 50 91 FC DA 09 9A F3 9B 79 A5 
+    friendlyName: Invalid Old CRL nextUpdate Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6D678DE8D634ED06
+
+vwypvzYx+kueXlE9gvBOHTXYAezmvVluBqFSC8jJO+am6Qe6ky3oQFcPMZ2xP9n3
+nHwS5xwXEdabH/uLxZ0t0uE41oWW3L6cpnhR+Rc4zY7qHB4pF/9fBya2jUg0fREe
+ItQrFbLZdTfLNMF5+DGuLwxE5RblToi9InTMBrZyUHBvE6sj8YFuZ//qzkV1VnD+
+JmIRZUNOBwUXsfCG4qoBrjOcrFgktQz8SsAxGflwWkchf15X6s5OxtHm5dImXpPN
+EPzewQSvQnnE9P8/44BLtvEwFRLbuR8oT+YLFcyJO//KgoZN2ojpjRB1/skW5BNM
+ABe91qhsyAMdFmNcWQz5HZ+ouovZByaP2CI3+J1WDUjakAY9roWS7X1pBXV792+W
++w7S1gd62vKS/+lds/SF6mrKPzJz21NJlgAtqPj5QrKvgN88MYfpEp3GxN8D7k7A
+lgeMVrHhh/v3aFaJ/G/Hl+nJmzunNaIdTXrqwIj70sqy+QWVOZOTkVevaW31nG4v
+Hs5V/ZC7+4gdG+Pu4XCFoRgVQKJd+XBkOgZXaX2XDi2WvCDfnPJA0calf+eUVUjq
+owoYbQCX5brOwUgqmkBzHWyFRqxBxvJqOLCreFykvWDQpSN6gmGaBlpb/V28ltLr
+V3rFBoZ6+tVnocDlUhvOkCrxpd99E+hmBkofyaQRH2az1fJCv/0unooxNFdy3FAU
+tsaQik2vo5NUpBhn14/XkN7/qv84CXVek54ip+ho9zJiuz+tAyu39dGdlZ4W5pMx
+euuR6NdVoeXmGzsDMW7AV+d+skgDSajlBgurbN6uIZqUS4emRjDizbmmHkecg8K+
+Q8UwKFVc3lQYdetgIdHEXPebSrhtfjfGSo7Ie8LIkX0vx0CAGeElsUwIYDfQxZUi
+Pe0K0HiDGG0f+Cj5lozDJM/Qlf4a0QK00qwABuoI10Tn9dfa0snUJcSC0gi9X5j6
+gwLUzKhb6KlSeU2YxPQFioIzWBMEy4Fb4P3vkwnEeTYe8iAwXXGuZ80iVeIkU3sI
+CffT4O+u9OTNNHqXAa9AHtyNyjK7RybJAahPThzriiMrBAgJfA7JsDEYbBfDIuIM
+O5Tj6MPHcRXLjoZp4shSfLzREvoZ67iSjwfc5rXMVgdCez4TQiq2KGsiYtxSt/gY
+mlioWnkyLsMpITAt68rJBGxM3Q22hBI1VeDPg6HOk4IBb4oDruum+/DpHgx62T7F
+UCPRbxybGqIoIFd1m4toOh/Wtsgj6uukAqLCc2mZF6LZCzV2jS9+KdDi/2dISNEE
++R5KlNAXTtlnhlfjwWTmbw9Xk+x8Km8LSldHgDPC8J5ZlQskxECKcMD7mC6qxZoJ
+6mcdyMKpJo2fqwyAkrDMal7lnFt04/O43zCobhVojfptju0GFXpXVIgRsr37t08/
+ULdYl/ZU1aa5jJNrlxM7XnyzE9s5ln3dJOz36Un/VeoMF4ffOotex9EV5NOzrPnq
+fXv2YG3pDfGHPPhrnQ+VJPeQspYplCDaRSX7m1yFw5B7wKXxCgh5+cTlG2FadXYr
+vkGg7YiBDPVd3IF0NhrI55ghEo8Q71WhzWFZibnjqPFpeh0inSKAQw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10.pem
deleted file mode 100644
index 3c896b358d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10.pem
+++ /dev/null
@@ -1,172 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Policy Mapping EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0Eg
-UGFueVBvbGljeSBNYXBwaW5nIDF0bzIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBgMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxNTAzBgNVBAMTLEludmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNh
-dGUgVGVzdDEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChB9eTYlpZl1JR
-8TrbGxGjxB92HiDmmZ2KLK8LOAzDhLn6pDzsOGwkyo7M6CDyAoWz/eaCmRD1i6qy
-QKVu2sn162p7KlvlNyd1JYAVIAPjkGR/a8VfCm9q3N/lRKwsSj/GZIek/8iSW/KC
-FdaqSGbsEbHK6Fn8vcQ4Lh4eUroNKwIDAQABo2swaTAfBgNVHSMEGDAWgBSR1+G1
-pJYIkfGicS9m2Sd7SoKTmjAdBgNVHQ4EFgQUqFpT/L04k96R6J+5dQbd8YN6qoMw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
-9w0BAQUFAAOBgQADIM+40SMZ1r8wWXESNPXd8FCdvGJyWdeFjUA0Ads0pN+XIsnC
-4sPLYgWB1xdrSQyNdrwkLoyy2UGPHgSTwlhlX7NxZHyfxaMZRN1FKRPHs6alDc/M
-603qZ04FrwJd54rHiHLAI5/fgJzZRu5bOUBiDFxW7skEOp/4AiVZG4+8Wg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICtTCCAh6gAwIBAgIBFjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0EgUGFu
-eVBvbGljeSBNYXBwaW5nIDF0bzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ANGY6UqVJ9oB3KneANaPiYS3vFaEAo7CVhPn358boVTv2/wQv8iwT9MvDcASa4Fi
-5kaob+B5k7T8qjNOtxaZJb69UDUDsAYww6r/NK5pkS1KNf7CJZW6/RQC06GsivKO
-kQoudXfGEjAMhmHNuEXS4biTlRuVUXJqLPq2yLwAJPZ1AgMBAAGjga0wgaowHwYD
-VR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYEFJHX4bWklgiR
-8aJxL2bZJ3tKgpOaMA4GA1UdDwEB/wQEAwIBBjARBgNVHSAECjAIMAYGBFUdIAAw
-JgYDVR0hAQH/BBwwGjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMA8GA1UdEwEB
-/wQFMAMBAf8wDAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQBNuXYJvgOn
-wez9J/K4ZZhWpMPo/7Qso2S6BAoJh7QdTymJKxD6nDnPwetIpbQkbEtq+V30ZA+o
-6v+0cntT/I7cm9JKOXMOKn35BODzS8u5UJTDwWc/l5SA0scCSRfTT9LJambCyz+m
-C0/k+v5zw5VpFozVY4FoV4/KnwIhJPuDwg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:91:D7:E1:B5:A4:96:08:91:F1:A2:71:2F:66:D9:27:7B:4A:82:93:9A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        97:e7:b7:e3:46:cf:59:49:72:d2:0e:de:0e:f6:c3:1a:ca:34:
-        59:50:f1:2d:fb:11:31:f7:bb:b2:f7:dd:0e:fb:bd:6b:7a:7f:
-        e7:dd:02:be:6c:7b:36:1c:49:50:38:d9:85:67:97:a5:0f:84:
-        49:de:8a:d5:0b:d0:36:fc:6c:4a:82:cb:83:73:ed:1e:af:31:
-        dc:0f:6f:eb:69:18:67:b7:fb:1e:a8:1d:a5:36:84:dd:05:72:
-        52:f1:51:e1:93:6a:ff:2f:92:6b:7a:c1:67:90:0b:7f:66:0e:
-        f1:83:22:d9:52:5e:f7:58:5d:5c:7a:1b:69:84:91:da:b1:18:
-        11:c2
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0EgUGFueVBv
-bGljeSBNYXBwaW5nIDF0bzIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFJHX4bWklgiR8aJxL2bZJ3tKgpOaMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAJfnt+NGz1lJctIO3g72wxrKNFlQ8S37ETH3u7L3
-3Q77vWt6f+fdAr5sezYcSVA42YVnl6UPhEneitUL0Db8bEqCy4Nz7R6vMdwPb+tp
-GGe3+x6oHaU2hN0FclLxUeGTav8vkmt6wWeQC39mDvGDItlSXvdYXVx6G2mEkdqx
-GBHC
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10EE.pem
new file mode 100644
index 0000000000..9f7ffefc55
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest10EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C3 F9 93 C4 0D 7F C8 D2 5E 2B F1 AA FD B7 35 76 2B 93 F7 1D 
+    friendlyName: Invalid Policy Mapping Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Policy Mapping EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=Good subCA PanyPolicy Mapping 1to2
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMiR29vZCBz
+dWJDQSBQYW55UG9saWN5IE1hcHBpbmcgMXRvMjAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTUwMwYDVQQDEyxJbnZhbGlkIFBvbGljeSBNYXBwaW5nIEVF
+IENlcnRpZmljYXRlIFRlc3QxMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAKgYrs2bp2rDpT6ZXc4PgBYjMV+WHjSqGUgrAPdR62UDChqzNHrE1Pw0Lgh2
+IoWY+M7poGGp2Gsl9puYwBnXoViJ4dcD3EHwJGG0FvlWGpvKbV3l1AAd7cEJHokv
+S72hma5YVH20kPfdF3Kd34WZNZTY14L0k+h/COfBuL9EQfq47rmSAiWLy1K+4fBF
+jgc2Fo+UG37bpSxjZqTVt0dPmHzaJT5Ft9WfElx9GDQPl8tMES5gbY2asmubPk6q
+FmG6ey1hM5Tn4EvoouxgHEEAKqeo6jZVPbVgDgL6vKiMbmDUUvB+ujR+diuvmp2L
+HxrVx1s2bXkD9mkal41OxPy9/c0CAwEAAaNrMGkwHwYDVR0jBBgwFoAUW3N5meOu
+BtOKpjNOFHjkoB2x5MkwHQYDVR0OBBYEFPG//ujd6Iehzjh3gjYhBFAefR0kMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
+AQELBQADggEBAK96lyXiY85zaUn/7YefYb8m7f0S+IghFiiq8tbityudKhvMlna6
+0C/os+x2O5Mhy84okB3MBcjghp9/Nl2WUnyYyO+BjCeDk51xyAFNtXl5VkEsa029
+vfMKMWWOy51egYnVzErYmeud4H5pOFB7+x/55hMbMRrs6ww2eqtuM+i14iYKLNaM
+MIAMJKMjGUu20CoNnEeYz/lLCtcD3+/qlMrBcnM+H662A46e6L+5Q/o7mMyQQCvc
+jMKI90clD+5t7o6pA/rhv0wSpYz/GAcGciuAA5GMuJJOZjHSycMISz3nrBFvo6Jr
+F5tYb+cl5W0BUCJDswlj4X0wWsXvblfOG20=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C3 F9 93 C4 0D 7F C8 D2 5E 2B F1 AA FD B7 35 76 2B 93 F7 1D 
+    friendlyName: Invalid Policy Mapping Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A32053B6D3456380
+
+b3XSd0KkeY/Put6bpMXSPKWjmmmQGmo1oBTol3Gucht0gv9oVx3WQ2F2C0Kcl3q5
+GngVI39rccFLRt4uLbBugJ+FwvGuukeCW2OYF/PH+vuYZXfzKrS/DcuVV0q/KchN
+CkqWwSGFCLtUibk+jDwtSS0N7WzLmmXTBhBUrk7vXSP4dQex5xEuVJtl0/rXvV6j
+jQno4k5UwFldNY1Ynffaq15lxu0p0x67f4rR3mJjTwXS0mHR6T6t5uNqUUlQLl7f
+fVjSakaAHlVLhZmKNJ2vgVTaHDMOZaDOiQ99DFseaKajhUB/tCYd5sq7PLeOoeLW
+pLm5VcRt2LQyzMicoHTDfDSKNpcfzVxv7uCAExOaGE9DzPpe8WqwiWRvhuyN4+XT
+f4L2ZjOXxvcM05v41x/xxTKDDZEt7YitP53YQWgmLwR7mrba0jYYRWK6WyR0VzsS
+kW9KCvapfBNO0LVTfUhEVrpqk88pIy0X3vLk/Fa52G2N4bj8TU+hDyudilJCnL5c
+gHIPOyP2YGkatRdMsZh5janilmom28RV/wnoESMKIfRL0Gt8Ct7k6syg5rp1X6r8
+WRD9pK1vp3BQb7dGOzDM13S3ZFD49hqoIQb1p3Lc8S1hlDKQO0pVvuPHK2EltbwV
+R0nAFbGW506dTNdpEbAR13zXS0H/WtisIAxVtpiKPY3vEEFX+dmyU7uKICCcttkQ
+LV3LqGo30fg5NgX554g4x37pW4wj+SDbHnmw+YaTAgSJN+n2zfBYmh2nb7WZgBSO
+5cRRwDson3j4HUX4Kdxbi1zNzQy/R7PKwtq9i/BpSxFLvFFt/nVbKCH2AQ1p5bqT
+kaYdL2b9L8eb82nJE42gOJ2m9mLG6FmLWEcb5EAyH2MTCET403T//cun+EVu2raw
+iJ9oUuNQfVGbU9dIkrVQ+fpMKkO3yiB9GoPYy0U8zMXRvKJEruKZpLKGgz/RNWex
+Rb4umWp43DhxO0zCLVWVAdr/Bj2qgGjDDO8j6TuYO1zIb8M3Y6HlQJ//3GDmmEys
+yzuLmIMpSJTbqQG5+sXdjpUfH3UHEYSda3x9g8irkkAPv5GOlZwoSaw+un4VvAK5
+qE2zj0k3PH57/1YKdddUZUqYJm/L1TP9TzBxWYyDgWH3DxY/mGtz2hcIDs48wTj0
+IaiBenFCy0ulz/+zg5e8bgFXPqzyFkOYQg90Kj1Tm+E73Bd0/my7FpBGbDvs+xzV
+aZIrG5XxeOumLXRMr3SrjpgqMR1izY8oSpbWsBXGKyuBWaBGS3Qxd3riIOnFXPxO
+89XO/Jn2Ts3VneDvQaOotAcgrzNT/FwiMtfwk502Xes/Mg/Chb1C+hloIGwJBD0D
+NuE3R69v4Ky/BgvRUNmIvcK5sKuRgnDW0bMmEP6KdLx3IDxPVME6TV7W0pDVSiU3
+j3WmApXzM+Fha+W6aKfZuIu4rqVmQKaNc7zDD+5Zc4YkyjMW43r05vbjBR4GDp2K
+DptJ/xlDLNiUDJ8IdP8t+5Uz1rPRb9VL4aOuSvvM3F2CgaeECQ13BEzMqX3TIrKt
+n2BXWScOnLxDb8EpgA5AjjGRHrwtJ3LsaKC+ck5bYj2sM+aXuhduzA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2.pem
deleted file mode 100644
index 43fc124d7d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Policy Mapping EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=Mapping 1to2 CA
------BEGIN CERTIFICATE-----
-MIICgzCCAeygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD01hcHBpbmcgMXRv
-MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF8xCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE0MDIGA1UEAxMrSW52YWxp
-ZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAoadvCebWnauqUaHFp40w4mCV71scsCOfYsKd2A1Z
-qG7a+bY47N5PYZ3U5Ma08y9eYo1tp/KdyjpqVjRyjuThypOpD9w0G+SKNSSO9qWC
-MDvLPUi28tTApRjWztYYwN/g5vFkSu17fxV+2UFjktKI5L7kajObs+ukIn+CZjp2
-ZJsCAwEAAaNrMGkwHwYDVR0jBBgwFoAUNzuKobqNp3SbwOvWOcshDI2jVn0wHQYD
-VR0OBBYEFP3Ru6m0Dy03xmdc1XvYMeSY1zK/MA4GA1UdDwEB/wQEAwIE8DAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAGhBCvmaevxrJ
-N0Kz2kBu8iSaQ909Y6uo5N0DyRRCZQGADpcApXIr7/C/Uu4qBIyC3WTBsx2cxZFV
-5FThscR7x6s7loGSYxVh2GrCKj3t643zzznkIP7iMZxSGBdVJpEsjScMJ/7tXnkp
-IaawhSXoSuDs35Gvi32ldHbXmUh9NvY=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Mapping 1to2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICrTCCAhagAwIBAgIBMDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPTWFwcGluZyAx
-dG8yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXwTHRx8gVHWtSe1VX
-oLPFQmGX4Y0U4v535jowfMd9254hmwW4VbZzK7rrXGOAimFxGHKwa7mkPEo80MIW
-8YQC5HZs3jaXLh/xsmV1qlzwceCXooef+wu8W0pgoJ63MmY+ZJWiNK2ygRV/EVFF
-x2ii8ZGDW+SKEX2WIYI7JhmcTQIDAQABo4GzMIGwMB8GA1UdIwQYMBaAFPts1C2B
-nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQ3O4qhuo2ndJvA69Y5yyEMjaNWfTAO
-BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB
-/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/
-MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEAphAVDZECciXjDiCta9HU
-ZubezLaRjcl0IaUmTlvuhUqkfGG2x1KhB6QTq7JGCmBrlxL93qhU+8sGW1k26/3p
-c3hc60bKZ5oBG96iN05oLWWF3udbqBESMO7gn1zX14s97qLtuqQAyuERy2L2uOkk
-n/emInqTFTixe284WjHR3XY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Mapping 1to2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:37:3B:8A:A1:BA:8D:A7:74:9B:C0:EB:D6:39:CB:21:0C:8D:A3:56:7D
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        29:63:8c:57:a4:35:bb:2c:2e:a0:1e:7e:c1:e2:0e:39:2c:83:
-        d6:5f:29:3a:03:70:63:aa:1f:42:e8:fd:3f:64:f6:8b:ad:86:
-        27:c3:a6:5d:48:9d:ef:6d:bc:be:7a:24:a9:6d:b0:4e:4d:58:
-        4f:52:c8:bf:dc:70:7c:ea:8d:5e:54:12:db:5d:62:c5:63:06:
-        2e:00:b4:d2:fa:51:6c:da:3f:41:04:36:14:ce:63:b5:46:e6:
-        7d:10:01:db:50:07:69:82:6a:34:45:0b:38:5e:f2:d5:8b:77:
-        e4:ea:6a:7f:9a:18:fa:74:ed:b4:5a:ba:68:f2:68:c4:d2:55:
-        17:9e
------BEGIN X509 CRL-----
-MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD01hcHBpbmcgMXRvMiBDQRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUNzuK
-obqNp3SbwOvWOcshDI2jVn0wCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-KWOMV6Q1uywuoB5+weIOOSyD1l8pOgNwY6ofQuj9P2T2i62GJ8OmXUid7228vnok
-qW2wTk1YT1LIv9xwfOqNXlQS211ixWMGLgC00vpRbNo/QQQ2FM5jtUbmfRAB21AH
-aYJqNEULOF7y1Yt35Opqf5oY+nTttFq6aPJoxNJVF54=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2EE.pem
new file mode 100644
index 0000000000..d371a30fe0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: DD 2D 93 ED 79 0D 8A 49 8F 16 40 52 06 71 64 BC A0 C3 D0 B8 
+    friendlyName: Invalid Policy Mapping Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Policy Mapping EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=Mapping 1to2 CA
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPTWFwcGlu
+ZyAxdG8yIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowZDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExNDAyBgNV
+BAMTK0ludmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDIw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP0ZnJwVL9VAfdOd5XKlTy
+DBfVk0gJc5L/Xc1KAvdB4p8wMJnx08oy7X9zp2zJUdN8nMP8+C/PL9LssmwLIPCz
+MfZJmiCynpann3CPnoXjlRyYZtHFMeW6D8ganSXetE4O1vKrCR0KOVU0xEwp5PuE
+JvC2c9QrTyZQYKgv7Gj3zZ2QFNi46Mullsibu3FOWfVpncFDZMebzPS+qIfv5I5U
+Vjec7wYjoSY25aL1/vDLwkzlTBkrPjGJeGb2oKeK1cmuDzHB5k6kPTpyBXYpF2z6
+ifqjU/wLFo94hASA0l4cMh2IstJ+koKUZIuWOipTR5K2nDMywNpLyrHwdJ9Nwzwt
+AgMBAAGjazBpMB8GA1UdIwQYMBaAFJnFeGnLPTN2wpmsROWwDv659NvHMB0GA1Ud
+DgQWBBQc93qRn7CZN550xzB1rEvWIX+9tTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQDGxaCY0Qeaztw8
+J0tdbO75i+EoXmPj8SdrzEvPS4YNnCsOt0sgBKQeP5BpfFScQgIoGHTt3leCUXlM
+c6hu8rLTLB1Shs0ZSAPj+nmNx4LdppBbgZQ3KNBzhsgvz16CXK3PceMIuDfrcyRR
+DtpqeIXCTp66esYzwq1LsdJuBdusYlkywZ/Q4NR8cHubhcAFM+iA289XjucldDDK
+Xo1L2XERrSqXK3R4p1ZUIIcbYeFsOhZyBPU5UnXJcac4DG5LPZnnZxMAbUL8Rq+9
+nx4NpZeML+uuIu+heoU51t2PzKDjJZOFhnspC7ZwrTmAYYIxTblTaZULF97Zvvc5
+QKBZoV2y
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DD 2D 93 ED 79 0D 8A 49 8F 16 40 52 06 71 64 BC A0 C3 D0 B8 
+    friendlyName: Invalid Policy Mapping Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9AA315A6F70CA697
+
+UpFJgV3wr8eBPi/ZnZni/I2XHHWMLBoM8LbF33siJxRhRGuWxqbg8ja0HwbY1KCM
+whlDYTc+wWp1VwEf8vxSykcdwBjgPlS9ITjf09Qr9A+YquKVZD8kLt9kBWeoFtz9
+RKlsZ2a0MNoQ9aEA9KgrR21K3iuxHhyKgacba4anc4wDNOJgmMqww7KkTTVN+y5C
+4P2mFxPR+57MH7sDyAdCrtL21kXdlzoAUqp7HdExKqJhb9RDbSiaIPDuCdIV4GuG
+U1N1dVVJRU+dpnLVOACmBZWJF9RoavZzo/CIL9aSHgYCqBpqMyM9xRL0ZzXcHtyq
+jTeqkSY5L+ffKmZQrdpz5/zAYlcAgpWDfnvH2VhqTw9jOjbXT168/zIXhoX9ZfSw
+WTX6Ko3s6Hxdq2xds4AFAt4eFJ321JVuRa1pwMbm/B682QVxsEQMRGmsZQRd46rc
+Hk1RCP4IEkh1ERU/1R6s48rL72j3nhKgs3reh67p8Eyawh1UToF1nerghUBlqHu7
+KOaUBOHwHWAAdEINf2wQKnJsgJJ2+4u/g2nwhUgyvn/XikstUCHMkx7Sx80aq16C
+tyQHZohWFU91grZO6Xixxbj57nJgtzD8hrPsbhNZ530ECNiHBC7BilJ5QXGRGAjP
+BWFSuNpP7payaETMQkWts+m+yHFEgSsdEFo4q4kZLLm/unR1SYQGcJTMF68efBlg
+MUc+//uXGBkeL6r2iwPeg75l/T0vrSdhRDSH64+2vitoJ4MXu+QotDeZKBwPuJXG
+umk4Lusz2lKbaBGhKTCn7zqZPKR+7ixKDhOYMtlquczeoQVBv4qzCdeI0+EKpTCz
+zQeRkS6J9NUiaJopMqY0LAzisWfAEOIu0++kJ6t8+XyGTIKNR7Onlh14p66pP+EL
+WaPBrIB4gXlEj4Sf+lrrv+k8scah7iTsQA+y3vpqGv/f8clZ4vB2OHp2UtXFxhka
+bcYUuXrRk8z48Y8YinQr/KYXLWbJAqOcHn0K6IkhbNusT8FRrQFFKJmBFkWfWeW5
+7Nllrf3jsQC8qeVb+PiKt2nmaP5iJzK4Z9djxSyusDIszTklDTmX5L1+K4jEa8lv
+ch6pGEXNBr5LC5QOl8OBfKzRgFRjCjFchEAHiuw9eeMQLd5mxXA+z3xQxr7jdTpj
+K+SMIKIHzzsX7pGmzyZY1LbpyN/DvfCT2EgkXOtiGvV8GuHCsDMtkeMUIij4aTV3
+0aRkjOM58AVUVGNwN8TqnOZIxcv+1Jdb2/JGxK9b0y/ksinfBUr+bulHUx7C608F
+y5mbNEVA1mlRX7PV7cywWXeyPtcQchqHgi5IHIg2xKkUZhZOYbB6NIfaVhzNdV83
+7AlZ5w/04tFCZgkoCq95ndcov8Rxdjx/5KDDwx+07GcXalMQCfKO0lGFNYMlLtxJ
+NjFHh4RcIMS1gwQYwkuWbB4DYg63Vp+oUapeSMbxm4Jh3TatdMmh8fMV9fjE3hVJ
+XzD8mbBgD1SbU07CIWCFaYMmqZcaYparGe09XdbjoguNRiTQyMI+kVMeS3Iuk1wi
+bRn/dirFwfRdB1TkoEJZ10VUT7FAD7fosGgs8/wY6IK/jvf6T+Gs+A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4.pem
deleted file mode 100644
index 5c77a406bd..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4.pem
+++ /dev/null
@@ -1,214 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Policy Mapping EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA
------BEGIN CERTIFICATE-----
-MIICjTCCAfagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVAxMiBNYXBwaW5n
-IDF0bzMgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBf
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNV
-BAMTK0ludmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDQw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJprKoJhJkwv9iBN1IYtMV3uRD5s
-uHrGKo8QKVwNvqYLHai3buTlKV5MkXVGAX4jOoo4gsNST1yqaYHmB/PN8gpC5Zei
-k0+5yWdAraOAj6IeMEJzs6Vu9ajsCKNQ/hbc6SBJ7wYIxviyUzvUVS9L7tGbO9ww
-+pDzJ+GDcBzAhMJNAgMBAAGjazBpMB8GA1UdIwQYMBaAFPYssbcpta6Vf7D4OUFT
-LS4PBOPHMB0GA1UdDgQWBBSEY/EgMg6/W2kqOBHmu0ZzH+8FdjAOBgNVHQ8BAf8E
-BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATADMA0GCSqGSIb3DQEBBQUAA4GB
-AI26nbSlHGf56TsealBKtrzfLJm4+UtAODZ+a5qU/JtzajvXGdh66TgEK+NFB83w
-h3OtGs/OQ39fhXosCcXXmXk8mNBj6MokhRptFdnJz+edT9yqz96ufAHZSKpG1Di2
-d9bllknCKDikzWUOGTOiCuHc2n7ymexbgnYnUAdvLw2s
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICvzCCAiigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTUDEyIE1hcHBp
-bmcgMXRvMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmTEwLH6u6mb6
-kvz4ulbBVFC2Ea6WdEv2uH/vNi23mER2Nl+xAbeopiy3OLEiXavvD3uvVjX0bSOH
-BGk2j/ern/Urw6djfKt5V4O3NMYi6Grvfm346kdutjJuBcNlhLOE8mLXUguspocr
-AoAEjrQtuS4Bkb9A5wj3OYy4jr2JhtMCAwEAAaOBwTCBvjAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUreIKE61SbSWszamYogoEaK1y
-rrIwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpg
-hkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEw
-AzAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQAD
-gYEAEelnHhW6SAs3Zj4a5YMVTKDe7vCThen9bA1Awt3yFincViRt5/s2ZyzTN5fr
-Xi+2m42Gm+Anb3D7rpV9IJ/PahHq4yrKSrcAzhT3IcHbuHFNwiw8Z3T+31hhjJUx
-3atYpYOZZPYwuT0inFHJWRfBNA8NGBtqYlxI1C+/ucdy7ik=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA
------BEGIN CERTIFICATE-----
-MIICwTCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAxMiBNYXBwaW5n
-IDF0bzMgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBNMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMT
-GVAxMiBNYXBwaW5nIDF0bzMgc3Vic3ViQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAJjo4/4TekqllLI7gPzmE2OceB30SRuraEVWVdR/lmFpFTks5fKkqf96
-WjYpnJZwaqE1ZdUQxgeNsswPm4pUAhVmU9IHvqBaM+bNXFsrwBOYYhfZY3xnwcxp
-IZsvkLPuEq1vLwxpn+0zTDOpDGf9zhiTrswEUoGYBwOVqRDaToYdAgMBAAGjgbMw
-gbAwHwYDVR0jBBgwFoAUXcS6eHk0JsNyV9FZ9KPiVKcocdEwHQYDVR0OBBYEFPYs
-sbcpta6Vf7D4OUFTLS4PBOPHMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwG
-CmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNVHSEBAf8EHDAaMBgGCmCGSAFl
-AwIBMAQGCmCGSAFlAwIBMAgwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOBgQCass0kmtqSdWX5lffBs/tSTSvnGK38REo2IwTFLHduO4cvzAyS7ProbF/J
-al8FtT9mdnl+NpwrH4KlFNu+uti47wFj9xov/kbcmp21DvZ/m8ihmStk4FG2r6Ad
-0gdmVfBYem0mOu/1r/F8deNFP/Dpd8w3KFnv3Dd9wZd/Eb5hrg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
------BEGIN CERTIFICATE-----
-MIIC1TCCAj6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5n
-IDF0bzMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAx
-MiBNYXBwaW5nIDF0bzMgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AMsNrOgngQPHY/5QvmR5y8mHOJJ2T8Vjf+3/DPv5eMF+q11urxfCat4faDdtchBa
-QXOWQ2TEy6tqpR7u8UJ2wnI7phld51gAcT2I8V7swo/EM1Ga1i5bWa5G10vPmZw5
-l7QwqT/D6JkHdthcaJdQrBP9zesYPEp13RFQU9mP5451AgMBAAGjgc0wgcowHwYD
-VR0jBBgwFoAUreIKE61SbSWszamYogoEaK1yrrIwHQYDVR0OBBYEFF3Eunh5NCbD
-clfRWfSj4lSnKHHRMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFl
-AwIBMAIwDAYKYIZIAWUDAgEwBTBABgNVHSEBAf8ENjA0MBgGCmCGSAFlAwIBMAIG
-CmCGSAFlAwIBMAQwGAYKYIZIAWUDAgEwBQYKYIZIAWUDAgEwBzAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHwK+aOYJpXAoXSRQ1o82pqD++jA/uvr
-2eJoXbcch64CAdRNuCA7rQoRAx1nSUgjoLmHcTDrowQzodrVXVmCmYqXxB5XswG6
-z5Oj09NorxHxpAs7E/izElYwEXl5n0NMInD6S2r1SWOnRpGnCL8PYM3gW+xne8rJ
-CZMIMADOWvrc
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:E2:0A:13:AD:52:6D:25:AC:CD:A9:98:A2:0A:04:68:AD:72:AE:B2
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        94:34:62:ba:34:51:b4:ad:dd:01:40:fe:3d:eb:bc:6c:7c:89:
-        cb:f0:7e:e5:38:03:50:93:5b:68:ba:d1:ca:14:39:ec:a8:9c:
-        37:24:c3:0f:01:eb:14:67:8c:07:fc:37:1f:bb:45:b9:4f:5f:
-        56:ad:f3:85:03:23:a8:bd:93:1c:ca:01:e8:b5:1c:c8:60:18:
-        13:95:bf:5a:11:11:b2:3c:3c:27:69:bf:97:08:c0:b7:4a:7a:
-        39:5e:03:2c:67:5a:11:a0:4f:6f:8d:70:4e:e2:b5:31:73:2a:
-        bf:5b:15:af:5b:4e:14:e0:73:5b:f1:2d:cd:bc:75:44:42:d4:
-        da:3b
------BEGIN X509 CRL-----
-MIIBQDCBqgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5nIDF0bzMg
-Q0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaA
-FK3iChOtUm0lrM2pmKIKBGitcq6yMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUA
-A4GBAJQ0Yro0UbSt3QFA/j3rvGx8icvwfuU4A1CTW2i60coUOeyonDckww8B6xRn
-jAf8Nx+7RblPX1at84UDI6i9kxzKAei1HMhgGBOVv1oREbI8PCdpv5cIwLdKejle
-AyxnWhGgT2+NcE7itTFzKr9bFa9bThTgc1vxLc28dURC1No7
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5D:C4:BA:78:79:34:26:C3:72:57:D1:59:F4:A3:E2:54:A7:28:71:D1
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        15:bb:13:8f:22:9e:5f:ae:7d:26:76:5b:6f:8d:8b:a4:37:1d:
-        fa:87:83:61:23:70:ca:f2:bd:ba:ae:72:04:3e:0a:21:70:4e:
-        01:97:4c:e3:16:d0:ef:d9:31:50:6f:5b:ff:51:10:40:73:82:
-        0f:f2:00:90:1a:bb:f8:93:68:b9:0c:15:9d:b2:c3:5b:56:73:
-        52:d3:1c:0f:75:2f:51:5b:40:3f:8b:71:42:54:33:af:55:20:
-        c8:ff:bf:ff:68:43:78:93:55:01:fb:7e:4d:db:a8:57:36:34:
-        df:a2:90:75:bb:fa:23:f3:9f:de:e4:4d:92:30:65:8c:f2:64:
-        e0:01
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAxMiBNYXBwaW5nIDF0bzMg
-c3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFF3Eunh5NCbDclfRWfSj4lSnKHHRMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBABW7E48inl+ufSZ2W2+Ni6Q3HfqHg2EjcMryvbqucgQ+CiFwTgGXTOMW
-0O/ZMVBvW/9REEBzgg/yAJAau/iTaLkMFZ2yw1tWc1LTHA91L1FbQD+LcUJUM69V
-IMj/v/9oQ3iTVQH7fk3bqFc2NN+ikHW7+iPzn97kTZIwZYzyZOAB
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F6:2C:B1:B7:29:B5:AE:95:7F:B0:F8:39:41:53:2D:2E:0F:04:E3:C7
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        6f:b3:1a:29:36:35:76:c7:62:11:6e:e9:29:e6:83:8b:5e:bf:
-        25:ea:4d:71:56:16:50:25:92:68:a8:a2:e9:4d:09:a3:74:36:
-        e2:9b:c1:52:dd:87:0a:64:98:58:da:6a:96:e6:c4:02:90:d8:
-        cd:4c:10:71:4c:98:1d:bb:d4:8d:7d:74:f9:34:3f:98:f7:8a:
-        5e:eb:bf:7c:8f:90:2a:7b:c4:f3:29:cc:3c:62:a3:f8:08:c2:
-        0a:ae:35:92:8d:ed:c0:30:a3:f2:a1:c7:7c:a1:68:1d:b0:48:
-        4d:c1:4f:50:7f:1f:af:c6:f3:a1:d0:ad:8a:1a:78:05:84:6d:
-        d9:7e
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVAxMiBNYXBwaW5nIDF0bzMg
-c3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFPYssbcpta6Vf7D4OUFTLS4PBOPHMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAG+zGik2NXbHYhFu6Snmg4tevyXqTXFWFlAlkmiooulNCaN0NuKb
-wVLdhwpkmFjaapbmxAKQ2M1MEHFMmB271I19dPk0P5j3il7rv3yPkCp7xPMpzDxi
-o/gIwgquNZKN7cAwo/Khx3yhaB2wSE3BT1B/H6/G86HQrYoaeAWEbdl+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4EE.pem
new file mode 100644
index 0000000000..2ba54b3a1b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidPolicyMappingTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CD A2 F4 2B 63 C8 3E C1 A4 26 1B 31 5F A7 8C 6B EB 6A B7 B5 
+    friendlyName: Invalid Policy Mapping Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Policy Mapping EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDnDCCAoSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZUDEyIE1h
+cHBpbmcgMXRvMyBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMGQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMTQwMgYDVQQDEytJbnZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmlj
+YXRlIFRlc3Q0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOegev0I
+rw/xlikpHk/FMYCcY96SImlDS0RBDaTJkie8ehC41c2dn4GAWeTxoFn5c+joQ6dq
+Y1Po7teA59bYP4USHordfUKh7UjD36NPQnzbfU4GVUmVksb0f5PdABQnRwmYH+AX
+ZaCfS37WRuoge7+XqUza3YLgY32y1Fh9VPNRygcGfvbhyYv4S2T+qruvc70C5ILB
+lBGt+deKtqDqngE+7DZEZN6hn3H8Fgme8AAPdx48JNTLi4apId9Aag0BR7MMb0nC
+Ntz463ci+/EhcD3HYZihuoZQ+kDlF2/zQOukhnebBpUv3VZqDuCvGJUAZPRrDRRo
+dK5QZ6BSyfJ1zwIDAQABo2swaTAfBgNVHSMEGDAWgBQAXTk+D+WqKl4t9q5oKq0z
+mz2bczAdBgNVHQ4EFgQU8p5RygFbuse22sy2ekGu4lIT1zQwDgYDVR0PAQH/BAQD
+AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAzANBgkqhkiG9w0BAQsFAAOCAQEA
+bXWDCbc7hJbeoWLcbO9gVwLftrtj68acV7Z+Jq0giW79OirTxTOZz9qmrkHiVZ+M
+l5EdyY8TYchJBzxztll0mpbCc8j4tdin6H7I5X6/+RnTp3OBN6yln9X9Ap1iJTzA
+t8y0K0LR55ytAMboQBvv7Qzd5AaWV3LP5Ue1QbrSMBwy5CBeUz6wKktrgzXUn/UM
+Nmuf01iaEAt/GbhrSxC4EaUIF3P3H1u/TI/8Jw3uKdKnCMl1I/FGxeJyQL5CqJ9a
+jFoZCpRcYKFItuPzr3HIpcjqaiZTB/qJXCLOQr4Vc2HAIOtt/eV2FXIc3pgqi87p
+wojndjN58Fvx90EZIkOiMg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CD A2 F4 2B 63 C8 3E C1 A4 26 1B 31 5F A7 8C 6B EB 6A B7 B5 
+    friendlyName: Invalid Policy Mapping Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7784074D4170A74D
+
+QuOusDv3vk1IUQEPwqV+p8unoJTsvfgFwSOgKI4keWDWGC8v8jlcKduJkHrDAGmk
+X4oBRY82mcMjOtD7VvYVSvGkdVUPz/CQF6FdUNCpzTR9DrZHDO3dYnqNZfO6xFd0
+ZTa8HYiiiM7/NOb6Vjms/1HVg2dw3gWcUaiX4o27JYoEi3VvggMAv2W021HHGlud
+ppHw/RvY+VhLZsLT/JfgF5NvSUP/n2nkKvej+mFwuwuRRqp6TNqlwOF4iAgtiCWX
+fqdq8/XWmyvGf43M/n1Ipz/q4zQxIzNrq/ZNN7C255cQGKVf8n0H7b5zxoQcLDGz
+odVr16t01X/PM+i/wJiph1BcY/xYRXGkIGpu8l/JfGx7rwZCS4IhaEHnjOzosrnH
+U2wGuVkC+AVBBCz0dQzEcqm38TRl/c/8c+lrepDpY5H9WsMAfo7fBKPT2FyO0Diw
+G8PX6NDyEsE0L41Wbqpob7gmyApNmF5iH3LPTuLapXw0OQiwEj3KyBf6ktSO0dCP
+/gP9k8FKqVmzuwGd7/1f4NoZxYEg1F7CODSAxKxPJphSHKeQi7e0SxqvT7AsEFqe
++BZ7crQ+B0+sSDsMbSzNUeX5tQFg8NyHs9IbbvSCeDV/8mF1T/xxlIlUs0A6YKAY
+IByqE4dYbVvIXKcLPUdDMHu9nIusna7tcgHk7MDzLqRs5JLADdQRyLe3zolRaAdr
+QJFLiE1yDdspJS5iyfeYr4fDzSs7wg5A+M9oF4JNTRarZgUMz8CBwowV5QY1XZS2
+8i2LMKUSC2iTwz9TwwnkaSQSJHf9Zc50iAn+BW5Sq3QgDUATEiRDmmXQfq7DiFQI
+BTM/INoyYA/BoqnV1Tn5iJLC9m2XGBUNH+PEwcyADC1Jjv6gqZOe8XMizMUcqKko
+0yZMERleSwvDOeTIctkiHLaEFUwYOQnnHd4KIJ3UZMt+9Ce/UnwZYQMV+mtMiYEH
+2j8BIOz51h1GLCPa8Lc1KRVHDwn8riBpugH77NL6XcfsiAI/1DpUG2u/hcnt8Tp4
+VZeMQT1ugJQUVQNxqRFrT8vvwyk5IsmgVa9RbSGmuIJk7dT3lDMFMmgEpEFDa+wH
+A5bL6y83zbYV5bzNjv8rHn0Vj0Zoo8dnkBva20OyPSlLAWH7Uo3D7TPIZNJ2PJwa
++6OlaVaPOQ/iEJqv20TqJ4qHkTynkt5dpJZDeXTzE1w6+6CABcWPdnE1bhdDTY3u
+Mrsw17n4gRnp/AXCgUZSg7dO49x4ZdNcsOQwIrmRrjXZ1vtX4nMaewN3e61KHc2H
+q6llFD1//0qLmWC8tAkW+jLDJalblJPo+BqjefGcp9ts6+/RnqR0jfDX8nTVNf9T
+alpIef//juR9V/nEloUQm28tvW26MDd6k3ESgs9qBWtofx/4TQ8hfF2T0Qg7dLfQ
+tQVcWcQQ2ZcPdv9rV5y80k/sCJpWvSZYkRb0pTHMtueD/GZg36XK9kLsbw6OermC
+DI6qNMIywpC527nYgx2ENnjAB53TCylfaOWrNaOfCrXnkmapGcwrv1kMNRClGCQV
+aXeDZEQhpWrCGLfpRanYDUvUJ1BFc1XvULQGSOH2+9viVWuFMdfF3vo0NZ3U27kD
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22.pem
deleted file mode 100644
index 074716e415..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqzCCAhSgAwIBAgIBQzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0
-cmFpbnRzIFJGQzgyMiBDQTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOYG
-d2HszTJIsVTazKriCUJ/ExxUo4U4HEZN9+/XVXsQVkZYIzWtyCTC3IFmSAyb9ZED
-Gu3jmF/evXpfNXmxiURUu6W0bLEpIkZiVpPpTKqoJx2EHj+wXOfe31AD0OmKidXP
-66+LVgIJLWGMr3Msbzb4T3gpKb2ynQc2/XnE3RkbAgMBAAGjgaYwgaMwHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFON/hXqOojue7rgS
-HXkTqsS9LlmtMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAnBgNVHR4BAf8EHTAboBkwF4EVLnRlc3RjZXJ0
-aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAJjXEGmrQ1/Muud+NZwajR9x
-it/32SNVvHI+/O7bopout/RnhJudrmsdqGlcSk0KXfcXI22cJOkAYe1M39znxgba
-VitYYLxfsS+3O2pLpMgQMFCZuOJATfAQUlui+dVtPTaIam7jimms5Qam2K2SuZ/t
-eJ2J/rIDHCOrIGktQS8H
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid RFC822 nameConstraints EE Certificate Test22
-issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBSRkM4MjIgQ0ExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMT0wOwYD
-VQQDEzRJbnZhbGlkIFJGQzgyMiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNh
-dGUgVGVzdDIyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZ3Uy3P0KWoLsX
-XvhOf4ODgEJBTbtvW+xeevCGrTVdm3mG+1Lobp74rIRSpQShRCN+ltNnmEOHPIeJ
-YuV92pX3FQbBX9mz3ZgKznyb9qVBwysiyfX19PBeESDLn+O6Kcvl9XfUu3HdXMQP
-KA+UPU6txM1pbhkvRK5OSG/TBaRI+QIDAQABo4GWMIGTMB8GA1UdIwQYMBaAFON/
-hXqOojue7rgSHXkTqsS9LlmtMB0GA1UdDgQWBBT4EdpzVCY8SgosOEgawdqBAjYT
-5zAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCgGA1Ud
-EQQhMB+BHVRlc3QyMkVFQHRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEB
-BQUAA4GBAENRegfOIUdgTAhpzFZDtmSaJUrYqkW4ft0v2t+flv6Nf+uAjlYMXThj
-7Q4LUtevMKeoFkGX5gnGL7HKo0/QwTPETD0qTCYcQo9uw3SCdVie4kp7X0/w/rHo
-sNUMPAPe86k7l98/xN3/zO6P4o82pX4vp5xqgs5koOZKqExh8kzH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E3:7F:85:7A:8E:A2:3B:9E:EE:B8:12:1D:79:13:AA:C4:BD:2E:59:AD
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        b4:77:73:f7:12:e7:d7:20:9a:bd:e1:00:a8:b1:6a:7a:65:1e:
-        8e:56:c9:ca:38:33:7e:d5:37:41:c1:e7:95:a4:81:ab:9b:40:
-        31:1d:aa:6c:14:f9:19:e4:3f:85:6b:24:ff:d6:bf:cb:fd:27:
-        a9:65:35:5c:b7:6b:82:87:b7:e1:c2:4d:34:ca:42:5c:46:66:
-        45:11:d2:c0:48:0f:08:8c:b0:a7:58:66:63:9d:ae:0a:68:0a:
-        5b:5b:ee:fe:12:93:77:03:90:6e:a4:8d:32:2e:56:56:cf:1f:
-        85:b8:95:52:f7:73:78:5e:d0:04:66:2c:8c:ca:78:36:da:43:
-        10:07
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS
-RkM4MjIgQ0ExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBTjf4V6jqI7nu64Eh15E6rEvS5ZrTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQC0d3P3EufXIJq94QCosWp6ZR6OVsnKODN+1TdBweeVpIGrm0Ax
-HapsFPkZ5D+FayT/1r/L/SepZTVct2uCh7fhwk00ykJcRmZFEdLASA8IjLCnWGZj
-na4KaApbW+7+EpN3A5BupI0yLlZWzx+FuJVS93N4XtAEZiyMyng22kMQBw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22EE.pem
new file mode 100644
index 0000000000..1cb3880747
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest22EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 79 FA B2 5A 2B 67 0B FA 4F F3 76 2A BF 0E F3 F3 06 C0 C2 8D 
+    friendlyName: Invalid RFC822 nameConstraints Test22 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid RFC822 nameConstraints EE Certificate Test22
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA1
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIFJGQzgyMiBDQTEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBtMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE9MDsGA1UEAxM0SW52YWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVF
+IENlcnRpZmljYXRlIFRlc3QyMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBANL6mw8zfZFK7YonjGlE008qAPEdOsOk+EExeugqWGTUCv/Dq74SUVM5jDWf
+CsQtfPc/miyUEvcl5ep3fISwLriz3lSSQW3Qn5RzYJdpA5U4ahg4FKqMjNTqt9/2
+VAEsRiP3tdsyYREY1G0QT9ROpN95Cr6siEm2qVa2r4iPApydbxxYr2yR4uIk5HsY
+IZ5gnJvnrP68ibAoKrhVr0V5Y9bhsYEreS4LpBpHGwidcrN49vg3WhuRNFVhCNz7
+qgfAU2vnCJdWsE/4R4rlhmlm7uvorkDX2++YoOMKxS8Q7OreLzMHdDqAFMtjyj9C
+N+FEQZBku2asKYHBehARSa8nCL0CAwEAAaOBljCBkzAfBgNVHSMEGDAWgBTIao6x
+D0uqpYi4p4+R2+ozSujV4jAdBgNVHQ4EFgQUz4Q/P/5DzDB2OPkED44YfyyeisEw
+DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAoBgNVHREE
+ITAfgR1UZXN0MjJFRUB0ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQsF
+AAOCAQEAAU/7LeKzJxvHV8Z871YW+xG1i2nsULXHrweWhaKU3u6L7HYNxvZJSHti
+9vhgqOBc8JyyIvu8GUCyqED7S0/VDalPwCysrbAJDNTfgxx2amlOp9gb2LBgpMVv
+EROwfwFsZhl486M57w8qK/PvRuVFDhm1+QhDm1q7boTU4+az+9DgX+UjBtWPPYGq
+nAMyH/0X9Abmkv7Tm9egKtVxe3ScjV1P0Ti385LaUVqIekrxjItWZIU8lMBgsbXV
+1jA3HKOwHNJGyL8D0TnoF/8Q2GRA4j747hHyz4bkSxnLi/GwTLb4ldEab87vzzOp
+tlNkycHkL4+iAMH1ZBHG5CnoVVmg6g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 79 FA B2 5A 2B 67 0B FA 4F F3 76 2A BF 0E F3 F3 06 C0 C2 8D 
+    friendlyName: Invalid RFC822 nameConstraints Test22 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,55CCC16C61DECF36
+
+Xyu6redjnchvrC3oGfm0cnAJKK4XAWtzVg3aj7+4jh/7Gab9LDBBSzzoY9WFPKzi
+/FNaZotEfW4vgsTVGZk4HqI94RqX5CjAxbcrWivNVdc9whEsIOuEqKb8oYYfU1Q4
+ZA1Sv8UPfFOPKIw/IUyev7brY/BddG8zvbDqQNOYsZG3KhZ5s6n3i/taNhUmOWV8
+Oei/vLkW8SYjlaY2mgOohWmQQ9Pi449Tl0mX0Ng47cWCXqsy5k3AC8oQnyMMnQ4V
+FN+iDJyRePYNxTJRL6/7dAWAvlBRd4aL+4Qvwy/WAozfWWO6g/5/YOasbZph+Dav
+twZIgyV7QV410VRTNNA2ipqzSVl1/aPyq1Q15nS9GOa+HJMEuJUFjEl+q5Xa2lbt
+XeI/N77iJgmSWQvVuVyyr6azwiivDFL/Nq6RE00Vl938PgOnBiWwlik2VSzXuyD7
+ZbKgGpBt/hnF/mt3Vl71QW8FB9llffrYXvoBcAw/9mMeT5pt0lxKSTm619UdlAR7
+r2DB02VfWue58nhZ/UldpjkGVbALaCxlPavS8zi9Vhp3tIMrNX0K+BYY4vZhzgJZ
+HSw1png5MUqZVQQkSg6RuhW+cN9ZJWcmGZpvHKEOjRM6AG8qrsGc657Zg8D2eV+s
+S3w1ZssF2Eca9j2ZVdt+hDJ4yBZHDPgO+clM7oMqb0PP9LJSPHayFkrG2rtYniI3
+zwO/qrv+OuW1AIufZJtE3SQDjgf9sAcDi0iFcMtW7X748BvOKZJSDr7mgET8mPRS
+Zyt0RVKB/rvvajk1j5zgPncY4dQ1t+eNVtr5f4T6fZ2SwqfdDK/u11+PfJAL/owf
++yEHScSQm6EqOxLEdUli/H5QICT9yy5KkDgusc2yo8WDU2mqzdCEqq+0ZtA3hbZH
+33ZCqg+wfpGgMpxzSgOU1oFv4Fh+Pxenlj+GppLpX3STtDA/a/TaSeyHPyl+p2xX
+6k9heoiEPQRvD6PU9WMICMtjcvIOAdXBin4ImnpSOGOy2F6RTy2fbUIXN6qnWUU5
+5JOjoH+gr67lXOG3xDLViw5qLp9U3OyQlixU7ZdC7YlOEN2c4o4qWJGBfzIvN8Hj
+O3B5tBat+IxlozMLeWHmVwj1HsfkuKpw29ET4bh37vKGzU/U5cHNw+BSxlYoZjJ5
+7dtQjE+Nci1JWg927kpK8FnKuY7JxlW62l21S8MDHrCCgNVY6KTcU6YFbEVOWVhS
+WY588wAIR9bkMDq+mqinyHn6rV2jwoJR757vALTQOXG8F1XYpW5/axE203m/S0pq
+qWTLmY+IZP7xn7sApm0y4LTToBn/mb9VJ6xSkUWhwJfxbNtQDmkoBNwHwG2rABaT
+f5Q5hCrjzojFs4IvrALSj8WUJPTnsCUgr5MAXHVPdk0vFPhOaYDEKifFtKyDOOz5
+hM0p6PwdnbPin7UPM5gjXaVFqKzutZvIjUV4jWmMPylDGqXvD/HaPiVGg6a942bx
+T/cMrrCQEjm/LX6rkEpJnJJLWl1PDT7jIn9OXw22+j88QURqjbMHMiHxE8y3yMIP
+xUQNfSTPzbSP24llbuBfVYt2rcpIZ15dZ+b2sY2Wyga50SRu27FvThFzVvwVFfUq
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24.pem
deleted file mode 100644
index 10cf51c207..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBRDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0
-cmFpbnRzIFJGQzgyMiBDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMPZ
-S8+5+/2AgG2N8tsByPeKGxCC5bOrNXho0b3fSjvK452P3luNUPIf46KvIBU6UYAP
-4rGMqcUdmgFD+PdXq6TMW8bWNuYRICw6c6ni5uyre5bovptoJCsmBw/IqinDoqbO
-Qyoq0YDltds+lSROlTUCA/7qOBHOdwpcjhVfYJSJAgMBAAGjgaUwgaIwHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFBQbKzZmdEuTqzFV
-h6QxqzZjbzXJMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoEUdGVzdGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAsOYxl05xGFDRHUO8Myp9EM/X
-ahfChzUabmgo1Tqpk+TLbxcZw+GfesxOp+jCd7jtTBJKhB0HeX1vaCVUpURbWEAt
-fuE35slQQr/c9dgwCw/JwBNdkFFT2z/73nDEN96rUK3GYs2OO8OJVMqdKb4iBUxH
-M/bZyCy4CB3+hthr4to=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid RFC822 nameConstraints EE Certificate Test24
-issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2
------BEGIN CERTIFICATE-----
-MIICzjCCAjegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBSRkM4MjIgQ0EyMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMT0wOwYD
-VQQDEzRJbnZhbGlkIFJGQzgyMiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNh
-dGUgVGVzdDI0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqPW6bvTBs4Led
-75oTaGYT0mZgPeMvygJtDc882QlIF9vXBnhm4761p+ULe5iKwIWjfjyGva96UcKU
-bFfkfWeMxS+dDwb9v7pBjxCUMp9tTVWIFZDPZJTi/RpNCwPVSN9pE7JxoXKPHZsN
-20WcbrGJtUvvKFhei9eltGndiYkSrQIDAQABo4GhMIGeMB8GA1UdIwQYMBaAFBQb
-KzZmdEuTqzFVh6QxqzZjbzXJMB0GA1UdDgQWBBTyvLyqMRiaUCgziZZt9Dl46omW
-eDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMDMGA1Ud
-EQQsMCqBKFRlc3QyNEVFQG1haWxzZXJ2ZXIudGVzdGNlcnRpZmljYXRlcy5nb3Yw
-DQYJKoZIhvcNAQEFBQADgYEArrFpI+Kiy9ZDD8Q9WoEG1XixP5/icUu/fk+PYsad
-2fU9G82dE2gBtN0L/T5FqgYo7uMY8R/ZDptaB6l/exqrPIGsA7xvvOYBzO8sAPyS
-GZul8SmHmKX117/0ZhZ6Ln9vCMK/IablztFZ+LcEDvpldAu8ro/lW2XXgd/KLdY5
-m8g=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:14:1B:2B:36:66:74:4B:93:AB:31:55:87:A4:31:AB:36:63:6F:35:C9
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        47:93:cd:d6:9b:31:b0:dd:6a:d8:c4:e2:5e:3a:73:cd:2b:69:
-        5c:47:1a:75:56:6b:56:1c:a4:2f:c2:66:4c:6b:a4:9a:86:53:
-        fb:26:39:3e:61:d2:14:1b:85:1e:9c:f0:1e:ac:c8:c1:73:a5:
-        c3:29:1c:c6:12:21:08:4c:4a:5a:d6:1d:21:4e:eb:7d:16:14:
-        a4:a8:18:07:2e:e9:31:ef:39:ce:f8:6e:2b:d7:09:c1:ad:be:
-        6a:c3:d8:46:24:95:12:ea:cf:2c:c6:84:50:bf:78:31:91:79:
-        35:8c:02:47:d1:11:0d:aa:55:34:22:d6:d4:a2:ac:be:b8:07:
-        60:3c
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS
-RkM4MjIgQ0EyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBQUGys2ZnRLk6sxVYekMas2Y281yTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQBHk83WmzGw3WrYxOJeOnPNK2lcRxp1VmtWHKQvwmZMa6SahlP7
-Jjk+YdIUG4UenPAerMjBc6XDKRzGEiEITEpa1h0hTut9FhSkqBgHLukx7znO+G4r
-1wnBrb5qw9hGJJUS6s8sxoRQv3gxkXk1jAJH0RENqlU0ItbUoqy+uAdgPA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24EE.pem
new file mode 100644
index 0000000000..d17a9a393a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest24EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 33 67 FA 2A 63 B5 47 5E B4 8E 48 32 E1 20 9A E0 3E 2A A3 E5 
+    friendlyName: Invalid RFC822 nameConstraints Test24 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid RFC822 nameConstraints EE Certificate Test24
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA2
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIFJGQzgyMiBDQTIwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBtMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE9MDsGA1UEAxM0SW52YWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVF
+IENlcnRpZmljYXRlIFRlc3QyNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAO3QrhcrFnARNcuvNoKoiR9dNECwpiyjNYIMkr/sbcZQnnDHLTX+KgQf09Mm
+5DI6sXWmBwFlZCJYDP03ntCXO5thnb9X2fU5eYlsKivE/gPsasDXYjBCkhiztSzG
+n8P504ZOy/lfnn4AryvauvAnN/2PjPCoysWp5hUmSotCCbpu7i6MyLdjVx1slPbg
+W+nIthsZGIbo/6n4eXq70D+PA0fpnS47DLaT2wgmveiXE+493ilAE8LcQqhcHJo6
+Pw08KQtPo23Fpf3o3Kh5QWOPm8lw4AAE2A7btkYJr8LsN8hYF3EApmEjFelHI4wW
+3OpRe0FKh6l00rZzmWyrwom8nrMCAwEAAaOBoTCBnjAfBgNVHSMEGDAWgBRRgM36
+SXJIPO0OTgvOzh9AZRJwoDAdBgNVHQ4EFgQUjKQ6o0y35k1d94MC6HLB+wAbONAw
+DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAzBgNVHREE
+LDAqgShUZXN0MjRFRUBtYWlsc2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0G
+CSqGSIb3DQEBCwUAA4IBAQAw+N6NgtahpWR9GAlOpTU6BDQ1jAUlL04btBcufBrr
+6QCBibzNfigkYBS014FyJ86qCj7JoRLjzyYP7C6PE3tKBXklxB1hwoqE6CdLL200
+amMPsWfORjIBp5vSC1m99pPUOVyxFJSFV4oRZQ752AoXEWXJj7qYlqL+3hdNdxjH
+xw1UQQITlsEYmPJSmhh/HrBXNB6+5rRxyu0uYo3y3f1B8khq10wSrQV5pXj1Jowk
+oZjjqd/pMUWWJU7UoJom9FdwKUZ9hhfEwL8pT75yVgZLvqoqGsqR/o3ni1NJ5LK0
+GST2v+jrlvs4riCqbFPRMk70Ix6UOoO3Psv2urfsxTx0
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 33 67 FA 2A 63 B5 47 5E B4 8E 48 32 E1 20 9A E0 3E 2A A3 E5 
+    friendlyName: Invalid RFC822 nameConstraints Test24 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BC2846C0A372C848
+
+AOoji699wLDwE10c4MhSQDvO4d3D6IQwEESJ8cMXQwkQYJqgmLUf1xYbhpH0/+uu
+5CPbz5QcdyXuu50LnkTNXIkVfVC2Vx0w8Q9HuCZRQFjR+XQgRzzWC3LJkpTd5dy9
+OsMR9ZN2+TRvue8kFTt2zbV+JaHAWKOPQqx4+mEf9eI73jqIHhznjaNF+OaIfBB4
+t4BFo9yLDzabgD5WR15sQt/S1zzdm0jOZurcpB6gjlZMjjaMglynxeBR+JJIsf5L
+pGkC+AMP89ghoaNDMX3deD3x2pdZFGOQN9jVJzW7ambDl0ASQWqz9OROPwWxIU7K
+E5fmI2ZDizsKGo1+YE/3qeJwsNNEx2xMJDqjA3IeF4WcvEUmAcsEAPQ7awqH8Pwy
+u/cSLJqmwzN6F81VNX4u30VwR42pHqyKrGbHLHIDZxmbKvNx42zu9XzSTORIW6qj
+qouAQc3vz5NYs00S34llMvzNp+ncxEAmhEiF6YNjTBPnbYnBtXcGq/iDyU794j00
+T89FxT/4FT/gwbRugkEMYGZ6XqcGqoYRfYQANEZoUrVrzBEer+lrqMlz/IYvmktp
+3hbyZJAHpruaM3IdhDiEMWLABXqTZCu/nLal61nkhIFOWrmI+gAQ1rHFCRpwWgus
+mMLYAFyS3bve+M/vwSjmk3ZnjQ3J3TxhMSPGFPfdRSMo2hOY5ecw+f95am5zE4SB
+qhPekhGVtTiwfl2fafjHe08T8MNvM9rYMhgJqelqWmWSg3GSFEQ4svBBSAUOFnG7
+s2AzXvZesEiAhm/ocwmmWydgTUV2JGXC+WKC4O2LYNC/vJ8h47F9aoihYicwp/nE
+8QUlpcht+lOOKcVA5NeKbLDdKCbYiAqA85qW25Gzu7l3bAGboTo0IzyL1pe+GVrs
+sQgJLXXXn/xnh1A8KCEqr5KP8ZLEJk2rya0NQI+LFfUyomjGrrd7FZ1QXomBGTUJ
+mDqYqR4hwWHEPSPJ+jsV0TxdnlWgReeW5Ge1Ma2kj5UQz7GNZoCHRbFrMc81rMU7
+N30kI2UMo9yw/lN9G51GAVuq8tyZ6eEWG4xfCiBas0ilfyHlbkScmjbLQ6kh4YKg
+I3mAnJwqcBeF6AFIJB8T+ctp5IromVxW3qlZ/J1KlXUuszOqobGLoMzTIYMPwf/C
+SRZ9vwShbIqI1jr+nIsjaedUCmXGCFNDT4tqKryVZ6JBBYfDbFvYU66Q6lji3JIO
+ziDg250XZJYkpId7OcZlU1Cubh/onqSV534Ll9CJeLsBiXvarbn7bPtc5qE/h4by
+lZS/7YW1bmpxxerRFFuLBz+GhRVFUQ/NdQsvwinTQUbF5YF2YOHoq4rtwnuk079W
+f6yLLIJfycmtgIevnA8vhLk2zfwF+3eBXfHjT2c9bOOLItG+emBpiehmhiEzOHSP
+jFv7UaVlKUU4Pq8oer4rBvvvlIGK+DuI8HWhg93i1nEKvGWkaPVSmeLbbICGIdgH
+U6qIKB+fQJ8t+zQheYuOh9P5wn1Bs8OKcUFsYozfAkW/8bUJC85filjE0ClTTIUM
+m8AY8YcVBxNMQTF6KjxmL2FZOuNRzFMRoV+vll1XPUycub1HGn7xbE1tUpoo0Het
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26.pem
deleted file mode 100644
index 05b770b3f2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBRTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0
-cmFpbnRzIFJGQzgyMiBDQTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMii
-1odFMCSlNLo+1reNBLAhQ3rkRllmPUUfznMkHE+tVOXNCuGNSPuCJPQNO5495PH/
-vsBZUVltMrhOpo00ibzoFrcLwaxj5Gmb8rNV/aPwDiRX8frLslhpw+QEjxMZKP8O
-bdOlItBR3dFauvxrwLz1DUUlG7aX/QoEtws/fE59AgMBAAGjgaUwgaIwHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFOq3bporCYA2Z2m1
-jdo1pYY9KXgcMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoRgwFoEUdGVzdGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAcyB2R0h4mQZ671JhQ0r6cmPF
-iaEHtdJL+REJT8yGWiERgT/2wh65vHtCierHK8+0aJ8Wy/nJzUAWcKeGESTPVTey
-IxQg08VdFJIohXm1lvJ3hfzgHIcFPk2tXZvYSk3qYllYHt8tGCoyh4p3q4vpyTou
-HcOOTD0ogzE9KbjD3Dk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid RFC822 nameConstraints EE Certificate Test26
-issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBSRkM4MjIgQ0EzMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-aDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMT0wOwYD
-VQQDEzRJbnZhbGlkIFJGQzgyMiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNh
-dGUgVGVzdDI2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7jNtdzJgwipTJ
-BBs5x+7Zode/Av/i5gvFc0vC7CQSf8VCYp5gKT5H1lXopLZt6hYd0cr+IuDRVMCU
-ipwl1nRUgnh+5XOWwN83Eu4AVd8B/aAWOngoac5Th0S+Dm4jCE0MNgOEySMKDZEQ
-niPNQo8/t6RyIkKxWqVbIyazMwecSwIDAQABo4GWMIGTMB8GA1UdIwQYMBaAFOq3
-bporCYA2Z2m1jdo1pYY9KXgcMB0GA1UdDgQWBBSUvOjq7LDrQWg4ycgFgZma5kZn
-KjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCgGA1Ud
-EQQhMB+BHVRlc3QyNkVFQHRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEB
-BQUAA4GBAMNNCicEAT2nht/rinoSsxFccd2XKYncNITOUA/eKz2SqXcRPCimQjHn
-CEfGgdPU+/Sw47+dBQ2aFNUmGyJazLIdnx18TczXpVmTIcgyUQGWOkG+RdAeSn15
-kIsvSAdiDQuzrptYG9TvTicyLKcl+FuOCLN+uBJ5FutlSWvMNIpa
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:EA:B7:6E:9A:2B:09:80:36:67:69:B5:8D:DA:35:A5:86:3D:29:78:1C
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:6d:0a:0a:c4:67:91:af:de:5d:89:9f:fc:df:e2:7a:7a:52:
-        3e:4d:ec:50:b9:46:83:3a:7d:2d:9b:5d:84:8b:6d:ba:bf:4b:
-        41:74:e3:3b:c1:90:73:a2:83:02:4f:e4:04:b8:b9:7a:70:7b:
-        0c:bc:59:f7:db:83:93:00:87:98:53:43:a2:71:d5:2f:d0:fe:
-        2f:c2:46:55:d5:64:54:01:90:72:4f:a2:37:dd:88:b8:3b:63:
-        24:df:d3:ed:7e:6d:da:2f:57:9b:cc:d7:96:67:48:7e:a5:b0:
-        6d:cb:c9:5e:e9:78:58:c6:be:f0:cc:b1:16:e3:4a:57:45:86:
-        90:12
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS
-RkM4MjIgQ0EzFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBTqt26aKwmANmdptY3aNaWGPSl4HDAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQCMbQoKxGeRr95diZ/83+J6elI+TexQuUaDOn0tm12Ei226v0tB
-dOM7wZBzooMCT+QEuLl6cHsMvFn324OTAIeYU0OicdUv0P4vwkZV1WRUAZByT6I3
-3Yi4O2Mk39Ptfm3aL1ebzNeWZ0h+pbBty8le6XhYxr7wzLEW40pXRYaQEg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26EE.pem
new file mode 100644
index 0000000000..6922557d6d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRFC822nameConstraintsTest26EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 96 5F 97 3D 72 E1 88 14 07 36 12 E7 DA 47 93 EE 6A D1 1D 01 
+    friendlyName: Invalid RFC822 nameConstraints Test26 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid RFC822 nameConstraints EE Certificate Test26
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA3
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIFJGQzgyMiBDQTMwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBtMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE9MDsGA1UEAxM0SW52YWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVF
+IENlcnRpZmljYXRlIFRlc3QyNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAOPaHJrQm/Kqqf/4/xBLsdQP9fekUUNe2JiuIA3XdwLgabu6paTFdV5jVcR/
+imqnAWJ8Wx2IBlfy6li6la4rhHrc0aU1T2mmiqXcbFyxnslvKsPTOevBh++PfbLx
+zP+NkPl8tA6W33/oLnCQsDBYmqdZiLrjL5hZStWAq0YugLKE2HSjRorXTRT6Ged9
+xwawSrbCsG2RRP5+jJtvtu/AhCjx+75mVBsBinhlDN10/7TNmwA1hYNQ1BBiszxZ
+PuWkI72jCjsJtI4uG5Ds9B4FzWMLjCRMS/eCO4/wX3WbeQHzHsTbPg+qsgo4kElv
+XvInxXNc7ZJH8UC1WfKbryDd4L0CAwEAAaOBljCBkzAfBgNVHSMEGDAWgBSaujlN
+2iF1r+pBwzxsUdioRal/ozAdBgNVHQ4EFgQUImSefsikOFzboCbTld2bd2ooI/cw
+DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAoBgNVHREE
+ITAfgR1UZXN0MjZFRUB0ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQsF
+AAOCAQEAXr9hF23UlbewDYWKUwzUTOrAUaEQ3SiN8f+D9c0bX0S61RUZWDcsiqVb
+pThRuIamdDPEPoyxOSJOGNHKJc/mIixymmnjDRwSCho+FvbI75T710aOecpmrQ8k
+IymBEXfebP9GXc1jQxi0tDKYpv4avAz1zMnKs4JLxiUYftwiQd99JizQKnG9bqsS
+M2Ogn1QWsZRzW/YZD8i4k69WQIV/a4M45b510y/qHU6T5U61JO/EXiEJPxsjOwta
+W613Q0ow022r4b7pTyU8gKyDgi0sgF6k2GL+cD9Q0+rcFwT8w0OQlynq5yM9n1Dp
+gHWSV1lpJjz1R59LX1j77NESaDhDyw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 96 5F 97 3D 72 E1 88 14 07 36 12 E7 DA 47 93 EE 6A D1 1D 01 
+    friendlyName: Invalid RFC822 nameConstraints Test26 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4C6FCE24D6C96FB8
+
+wMA3pyp1K7bxUCEYDMA6/xklluUcN7LlYpYddtOz0PvbskbEANGyd3jWAdQDGDJv
+LZvSGYXEVYgXKO1kZJC27wGisYnnN1XpgiBrg3I84Uh34FB2iVioAK7Ngs4gaW7Z
+uPysTJSmurhCmp2HQ5p0hIHxtUsC1jVV8Un3lsnVlNVB2uWYXilqqb+9cJXL498o
+SdMn4R/F7/m5MipDlk12dBJQywbSlEj0tVR3MPxadpZRgMT6URFQEHbdqtLYE25m
+9DzFMuSQNQIDi5CPV9s2RLsHXUgGMhWDAMsNem7SXDkZ/0F95BIBtRLXtrVxp8Jf
+8lZV7+ndJlI+6Nx9dup366O6ogb4wQUZ0B9JNLJLy2n58CV3UQq4nz04fCZGg/M8
+vwFRxF9SAwsKstrm7+5CIK5hSriApS7W2QnKA0SyRcl4OkCBKCEya5OsIHuW+H4H
+LGo2NMbo6HKxIRuT2mvSH3EhIRQ/EJHsd9vsUQOB1ax6ZUT9GmUsdllntbnwJo3r
+bzhQ65PI/xe3lc7GU3NQylQjDND/RtS3ZahxRFFlPxD+vn4geVpdQDfjCSq9hoJy
+Kxjzzzt8aZKfKFAZoL/cuvN2c4KzRCjSIfPGhgeUg2g/rCYrFc3RrqaA8u4H5B4O
+hhGEca8g6oxwKNFICFOo4Oq/BE9u/HDXx/Fr30sPD5WbsqvwP3oa458Yjg5Sp2+2
+xvufYBFd09mVqSDn1VCaBEM7xUhs8ncRD2v4aklYS0ByBQSadL7xKvwsnPwD/d8i
+6nlPQvcDz2Lk9d+pmrJWBxMvfYxvl7H3z+GUJV3acVXamTr6Ju0xBZRHctrEDRId
+MDWXdy8ILy9mSD8RwAA+VV+YGUJ4XBTONGP2lb4tLcYIphXhTbm9jlI2Ey1IR334
+y4+LsYku5l8zUz6fqDVnZUbYfMxQ2gnlKUsD6SM26eRYdcG6QSheh8VoPQz6aM8s
+5Z1FLVCHr9HKKeAar8DtOwp1lfRRgCk0iG4bTzh4OwFGdR64rUZe6BnmH9F6C6PE
+jjm6G686fCIbuw22gM8DAE48XoA00rL3F2JjfiC1n8C1JqYFAVosU+LVAS10mbcf
+eWNCj81sknWtP25KZAKx8VJT6p1pYPGIYSYCQIMdxkSggXGvCMuRUmZ9RrBd+Ag4
+IpVOB8So5wWnwu7xX7/gcJMNepE9b/Iwr4bO+hbe2eycFrSSWZwfOD0IUCwMbVkR
+v/0D1QVOajeAA2Ns7WJ27ir579jR2CznW5Dpea2CbCw35CxlIwAxw+LJJqWZMX/F
+gj5DA0lFbch6XNgApfxoqOQeKRekjgghSLN6AnnIqYW/47FKdXWWYpmiY3rKfPOR
+vpG9liCJnNswSxV8TeV5zg9fFaR6Yn9Zu3AO8xbw9ZDG4tzUF+PDpnirhqFaqEaq
+2hXly5xFm7lhZ70l6v/POq6YEy6HIYFd7zI5yapB3Xk82fdP+ZbgktglT2Q94EgL
+SHW14KgNwT7XwgIJoYNVMVGK0QacrAB6wkyWk+hu7bfEr1asHRXGsVEwYJBBtcmK
+hjwDVnruEiH/GGhwnN1Xel4yL/ZBWCs0K+EomCXrlScm2Dq6KqDCWDArIKxiVLKZ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest3.pem
deleted file mode 100644
index 1b70f7cd0f..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest3.pem
+++ /dev/null
@@ -1,262 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid requireExplicitPolicy EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubsubCA
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBs
-aWNpdFBvbGljeTQgc3Vic3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBmMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxOzA5BgNVBAMTMkludmFsaWQgcmVxdWlyZUV4cGxpY2l0UG9saWN5IEVFIENl
-cnRpZmljYXRlIFRlc3QzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFGGwB
-xudAxGlVkjikIYygmyMRqHU1E/QoVNlt9Ebezg0wLbnUUkCIPw2HMIMfbDIHeaJN
-eOaIwT3f4QVMET9H4tp5gWQOKRBl8Lj3Qted/du3ZnX85zwGimmHpE5HPLUus1xJ
-FEDvx8tiCGFe/MThjl7mwPANLHMWEQN0JqJhNwIDAQABo1IwUDAfBgNVHSMEGDAW
-gBT3hCvdsfuVH7p6WmLgczEWsirIeTAdBgNVHQ4EFgQUT4ePIvuBwyFLywgAVQDh
-kO/dvOwwDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4GBAJkkSBpAtETJ
-/dkW/B+frVBgw9yRjQ5r03xtGarbShYju5enZfbWEg2t8HkbDzyw3b0Upp8GcSyX
-zrbFBiGyo2hxjN8U6j5w+MCd9NJtGEW1C2O8m3S2uP44Zi0rTALMCI1thhoiDezC
-+To+oSu15R1fOkNPNHwlpaFpryy8ZJM2
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 CA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTQgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV
-BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTQgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAKa5BuVP6ndJvlLbsZTTbB4nvZWYbY2Ihc7C5sly521U1EBj
-aLheGs9ObXh32aFJ3kZQuAj8VpBEakL9zChjwFkBU7dEWO9OQFf8NV+RD01i6c7g
-NquatLdDUmTvS16/E23aZBNa9jDAQ4nQffOf/cx06GbvOBF80dnNnM8TXve5AgMB
-AAGjfDB6MB8GA1UdIwQYMBaAFCV+kLQN0LLzwRNH8EF577JC5jX7MB0GA1UdDgQW
-BBQjYThxLAlhvqK819WJ1thQPr3rxTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-gYEAzVx4zKfg2OZPg4KGdTVJSzYGD69T0AfuFdTI101IvDNbKuc2SEmpmul33Px4
-z5gMKCZsIpsVXzf4rm6kuxl89PofVdztUuHIivKy5gr4iBt07YDmUNZZfl86CPoF
-7aARp2XRQ0rJCbF1RU0YVWZRyn//oFYyY49Bq1aDelri0WM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBLDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5NCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5LYa
-vXx/4T4pOwg2eV0ZZmBRTcjTivfmUhGf4t3BjAXalsDsWFkwmVCVg0jnQW4iuT3s
-a3lq9JO4ZUMcejACcPBO0AyXyrTo6DjXDy7Snf89AIpyDx/ct/WqvnO07ceHwTDO
-CZY11pYLMerONqANweAyCKsio69S35piBx1QqmcCAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUJX6QtA3QsvPBE0fw
-QXnvskLmNfswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQQwDQYJKoZIhvcNAQEF
-BQADgYEAPUNGMb0+cubTj0DAP3jW3mlPGZeGtc6jDLe/Fdrf30Au88GX5G2FJTql
-/I7wFlUgHTGQyHF3Zad9Qfzf6+dO0j9RhlEqgCk5+FqFsboPQ9E8rtCrABUUuovD
-RgkPDAKZsSLR7uQBUDgk0A3OqN1UpiMKKxFz1O1ya8u1DgGWxJU=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subCA
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTQgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm
-BgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBvbGljeTQgc3Vic3ViQ0EwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBANF3obVmdl9+Tj44uOFKTDkrdPu/AlUyitHu0YQC
-vsUY7GjYy3dKjm70g7hQfnCtA3XIwm3H1a36Wo41R0Dvj8QJ/8qPhQNejONRzBzB
-jnXx2Lr+bfh3zxebwgUmDyzCkPXj8tjFerVTpxc8aAgfWcSLD6xK9h5OtKy17aME
-zZ9zAgMBAAGjfDB6MB8GA1UdIwQYMBaAFCNhOHEsCWG+orzX1YnW2FA+vevFMB0G
-A1UdDgQWBBS+bKwACUxTlLgb5MIRkSOlqwdjCDAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
-AQEFBQADgYEAF1/+ajWFOu2Im9slgmi4YnPnqk5oWYqOrOh3yAR44wEchHfHD74/
-ed+jlGZewF+V4QotdYoG8dnld7lbYZzkdtTxcOUr4k/aUgml3yTeb5O8rBXNXytN
-JqEKXEp/ggaG4rKzUyA8zwYm9fIjG1jL0KU/1L9JSMzmwJAmR6aIq0Q=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubCA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBs
-aWNpdFBvbGljeTQgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-KzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBvbGljeTQgc3Vic3Vic3ViQ0EwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALjYqyTd452AWgD9QeSfn+Exc56nVJkK
-dx0FEleM5YEqeEUl33GTd7FRwtkYdznsQzeFYOWbWluYE5Gl3DapcqpMlu2PQmo6
-dZMbzh1Bi2yahE1wWmY15NSjOz3TFAJBZRZk0PgxvohpdPP8LLCwA9zQUlTnpG7D
-LBESzn390XCLAgMBAAGjfDB6MB8GA1UdIwQYMBaAFL5srAAJTFOUuBvkwhGRI6Wr
-B2MIMB0GA1UdDgQWBBT3hCvdsfuVH7p6WmLgczEWsirIeTAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQEFBQADgYEAJzvxMRdZl5IWypM7YNiMcWqk7GpMuRvozUyoRQq8cA+z
-fdskZk75lh97jsW2RFnP/fyA30/5NAfVuD2R8+TqJaF28jgHOnU/6qTcM5sxnRJ0
-h+icRKt6II8LNfWUQ1zv+pBxfuy/yOrYpw7/7ba2Zeson/cLpa0dhLFNCGEkfbs=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy4 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:25:7E:90:B4:0D:D0:B2:F3:C1:13:47:F0:41:79:EF:B2:42:E6:35:FB
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        98:e7:69:c4:4c:c3:6b:08:80:30:4c:81:3c:d8:b3:06:88:91:
-        e8:a3:c5:d3:c0:35:51:35:f0:16:8e:38:0f:b3:e6:26:20:d1:
-        45:39:1a:a9:08:be:f0:5f:e1:00:8c:a6:91:54:ff:ec:32:bd:
-        e2:17:92:a3:41:f3:c0:fc:e0:84:86:54:18:ff:b5:89:9d:15:
-        e9:a9:92:a8:96:a7:4e:97:02:2e:d5:e5:e5:f7:70:5a:1e:5d:
-        d2:6f:40:34:f5:c6:63:65:5b:85:c9:b7:6a:4b:60:5a:76:35:
-        12:01:1c:80:59:9a:d3:1a:a7:27:7d:f4:f8:00:ea:b7:f1:3a:
-        62:e6
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTQgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFCV+kLQN0LLzwRNH8EF577JC5jX7MAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAJjnacRMw2sIgDBMgTzYswaIkeijxdPANVE18BaOOA+z5iYg0UU5
-GqkIvvBf4QCMppFU/+wyveIXkqNB88D84ISGVBj/tYmdFempkqiWp06XAi7V5eX3
-cFoeXdJvQDT1xmNlW4XJt2pLYFp2NRIBHIBZmtMapyd99PgA6rfxOmLm
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy4 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:23:61:38:71:2C:09:61:BE:A2:BC:D7:D5:89:D6:D8:50:3E:BD:EB:C5
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a3:9c:67:02:44:57:a0:9d:d2:78:46:fb:e7:76:bb:66:cc:60:
-        1c:2c:7a:7e:d6:ec:a4:c2:4d:2c:51:8a:97:1a:e2:c2:7a:0e:
-        e7:7b:4d:79:49:c2:6c:a2:b7:a5:e1:74:64:9a:03:f5:7a:5d:
-        cc:18:2e:25:dd:a2:fd:84:03:ae:d8:cf:1d:17:ea:fa:59:77:
-        9e:22:3b:7e:97:f5:74:12:34:71:c1:10:6a:4b:03:6e:92:d0:
-        a9:6d:cd:ca:5f:69:7f:c8:b0:b5:97:78:5f:14:b1:34:d3:30:
-        09:36:f3:03:2e:dd:01:52:33:61:2c:8d:cf:74:01:71:47:9e:
-        f4:66
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTQgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFCNhOHEsCWG+orzX1YnW2FA+vevFMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAKOcZwJEV6Cd0nhG++d2u2bMYBwsen7W7KTCTSxRipca4sJ6
-Dud7TXlJwmyit6XhdGSaA/V6XcwYLiXdov2EA67Yzx0X6vpZd54iO36X9XQSNHHB
-EGpLA26S0KltzcpfaX/IsLWXeF8UsTTTMAk28wMu3QFSM2Esjc90AXFHnvRm
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:BE:6C:AC:00:09:4C:53:94:B8:1B:E4:C2:11:91:23:A5:AB:07:63:08
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        84:fa:09:1f:fe:84:d0:14:26:86:5c:37:6b:2c:31:aa:04:7a:
-        22:84:ec:b0:df:99:15:99:f0:b7:e9:d6:fc:70:9a:8f:4f:50:
-        d5:24:28:0b:12:79:90:85:69:a3:56:ca:0e:16:79:5e:77:d3:
-        7a:62:9f:14:58:8a:d5:7d:de:e2:6f:a4:0f:d1:2e:27:ec:25:
-        82:a2:91:67:0b:44:39:cc:b2:e5:21:49:ac:25:2c:91:df:33:
-        95:1d:08:6e:ab:8d:8b:fc:2a:59:7b:8d:5d:c2:68:90:c2:a7:
-        06:00:26:e0:cd:40:6e:f3:37:1f:37:61:f6:6a:50:a1:dd:92:
-        53:fe
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBv
-bGljeTQgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFL5srAAJTFOUuBvkwhGRI6WrB2MIMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBAIT6CR/+hNAUJoZcN2ssMaoEeiKE7LDfmRWZ8Lfp1vxw
-mo9PUNUkKAsSeZCFaaNWyg4WeV5303pinxRYitV93uJvpA/RLifsJYKikWcLRDnM
-suUhSawlLJHfM5UdCG6rjYv8Kll7jV3CaJDCpwYAJuDNQG7zNx83YfZqUKHdklP+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy4 subsubsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F7:84:2B:DD:B1:FB:95:1F:BA:7A:5A:62:E0:73:31:16:B2:2A:C8:79
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        05:e0:f0:e8:75:5d:d6:4f:dc:29:ea:db:22:b6:bb:72:13:f1:
-        ff:b5:e0:03:31:9c:64:d9:3b:2b:4d:78:f7:5e:ab:0b:e5:82:
-        13:7e:61:18:95:79:42:bb:9d:56:78:dd:9a:01:92:5e:0b:e8:
-        fa:78:b3:b3:e2:4a:9e:d7:d1:30:60:03:7d:31:e4:04:13:61:
-        a0:de:ac:e9:0e:a0:97:16:aa:03:81:40:56:de:36:a8:e2:13:
-        45:f6:08:72:c2:4e:d3:2d:55:25:9e:0c:dd:da:40:82:d8:75:
-        01:44:75:35:92:92:fc:79:bb:d8:b1:54:83:7f:ff:13:da:df:
-        11:ea
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBv
-bGljeTQgc3Vic3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFPeEK92x+5UfunpaYuBzMRayKsh5MAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAAXg8Oh1XdZP3Cnq2yK2u3IT8f+14AMxnGTZOytN
-ePdeqwvlghN+YRiVeUK7nVZ43ZoBkl4L6Pp4s7PiSp7X0TBgA30x5AQTYaDerOkO
-oJcWqgOBQFbeNqjiE0X2CHLCTtMtVSWeDN3aQILYdQFEdTWSkvx5u9ixVIN//xPa
-3xHq
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest5.pem
deleted file mode 100644
index 8eccc6c3b0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRequireExplicitPolicyTest5.pem
+++ /dev/null
@@ -1,266 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid requireExplicitPolicy EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubsubCARE2RE4
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMTAvBgNVBAMTKHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTcgc3Vic3Vic3ViQ0FSRTJSRTQwHhcNMDEwNDE5MTQ1NzIwWhcN
-MTEwNDE5MTQ1NzIwWjBmMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0
-aWZpY2F0ZXMxOzA5BgNVBAMTMkludmFsaWQgcmVxdWlyZUV4cGxpY2l0UG9saWN5
-IEVFIENlcnRpZmljYXRlIFRlc3Q1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQCg0lngplHQSomxVxizv8r33zMQpbWDB+H13FvEhgFq5KE02tWBVkz7vXAr2hXP
-Y7LVgaGSQIOZqHrbMR+Izv57cGr+79ResVXZ4ulw8qxCgVrA/1Bty6kmyvQiyQZ/
-1z8EARO+Mu2R/XgSx2uCasNmLtgo3Stuop+2coLPfwqW9QIDAQABo1IwUDAfBgNV
-HSMEGDAWgBTnAqvOKOVo6WoEaT4ppTZjcAShmjAdBgNVHQ4EFgQUUj/qKg3WunpK
-bbAcCDrHDB8Awg8wDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4GBAAZO
-rTXTH1bBaJ1hKzh+NWBuI+gHfWUhVlxs3mgw4oCtqqhrbDCBQwA+D5sN/91EPODR
-oEUqrZbyUgTQWas37LqDXhoxm9uvX0Z3521iA5pwllvHgtmrNpPxNE1ylbIT5lLa
-927kjS03tbzpOlbvFj/OTmh4yyPaeL2oJyvDaC3X
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBLjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5NyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoN8Q
-UsSTUjVJGaxxoQdGouge30kgdc3+9+sup5NAWj8oyZQiGa/FlrayJlgnNXIO5xbA
-Foe3dhwCEAfsrDIofXlPacb6W9dTxdlh3GwG4GJY9gvfuVfkEb4EaYVyU8J+tmPq
-WDI/P7B03nMhQNNChUFIcuBKaAzDRwqIIGd5I7cCAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnSIV59sBcIhO8mIv
-cMu1wc0QTk0wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQcwDQYJKoZIhvcNAQEF
-BQADgYEAL+ADYS2dJuo7zZ5LoNXv2wNfJcyaTU25ajW4jvi4dN4jwEPgqCfrQ1Vy
-lf1YHDAzKYc6nIZnG031PEqEFTZmuXCcngo+CFmOpT3O8WOb/vHVolb6Cd5MhCZj
-AWkQgkXQ7HW3nIEkPFqNC5ljPrmRkGtu1MjN5jAq70iztFF1hpw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subCARE2
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 CA
------BEGIN CERTIFICATE-----
-MIICpTCCAg6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTcgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBT
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNV
-BAMTH3JlcXVpcmVFeHBsaWNpdFBvbGljeTcgc3ViQ0FSRTIwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAN8u+z8KfD1wxuMq85cY2R9ISBwrx0kSTvHcxkgfd8Hh
-/aOd/f5SUqPS0TsXeUJZ4491ildJLBmeyOsaMXfR1wUCjs1GzCTV2lwmHy1v8TEA
-Y8Zk77Z0xk7JM+Qa6sYNBQDvcqMerys/5ky8Lvqentpzs/rW1L3SBQYg2PfJX3S9
-AgMBAAGjgY4wgYswHwYDVR0jBBgwFoAUnSIV59sBcIhO8mIvcMu1wc0QTk0wHQYD
-VR0OBBYEFOtoCcblL8PzCgZRS7NYc5w5GD9LMA4GA1UdDwEB/wQEAwIBBjAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8E
-BTADgAECMA0GCSqGSIb3DQEBBQUAA4GBACFHfp/nuX3TO1xb40P5+iKE+BZPRduA
-ftJoYKvefkbjxlmMHoUdIUcntVLAyhaJlW797m/y+C+FDfkqtbBUFDjycGuAmFgA
-y59FSYCF8j4X1ghg+neMHyCzvkhN2IokMmzt3IITVLINy17XKITOwuMtJJSaR34A
-e0IQMPlYYnGK
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubsubCARE2RE4
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubCARE2RE4
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTcgc3Vic3ViQ0FSRTJSRTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw
-NDE5MTQ1NzIwWjBcMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp
-Y2F0ZXMxMTAvBgNVBAMTKHJlcXVpcmVFeHBsaWNpdFBvbGljeTcgc3Vic3Vic3Vi
-Q0FSRTJSRTQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALo8WG8R0uWydjHS
-XfEB/PfNI/TnhECaPZoH2W5ht/eblnw1w1zAJGFgDQt3USnxkZvjIa/Eud0VJ3KP
-1WFyD2IA40YtxHQsVTWF608T2eRLc1URZ23e/C7Op7EiXdo+YoJ7KwhiUyhNxxS6
-oIa1OQlAEOurYT7cU1BSxe4X+oY5AgMBAAGjfDB6MB8GA1UdIwQYMBaAFMsSDLuK
-o5HnMkT9UFBgNQkdakUmMB0GA1UdDgQWBBTnAqvOKOVo6WoEaT4ppTZjcAShmjAO
-BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB
-/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAR64KcgRdPGS/TLDzWJlnI2aOww1U
-eFC/9/IQbIeFS6Q6uwO58GzT7DdeGDwBiztdMcGMUx0z0HX9lTVEQu1zWMNnTWuz
-7LJPjucrwXeA/s2vhMTA44l0hgMIJjjiLDOJWm3/gI2DWh0HPOGCo/cRdLeXKiyO
-O9E/0IzZw84Ul+k=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubCARE2RE4
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy7 subCARE2
------BEGIN CERTIFICATE-----
-MIICsTCCAhqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBs
-aWNpdFBvbGljeTcgc3ViQ0FSRTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBZMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-LjAsBgNVBAMTJXJlcXVpcmVFeHBsaWNpdFBvbGljeTcgc3Vic3ViQ0FSRTJSRTQw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALR5w4GO7XWupkCybIrksb86Qn9A
-XltnfkZIGhDabLaMyFOrnfcfJnh1RKKwqJfi8/pF7xDxJL301Qud+jUZc78vFUYT
-lMO6u7jmYYl6zLgoshCc4T95EMH8r/qoGx7U4S1o5B9maWm/Xrov12WP7mjPxeBb
-BmWY4BAPOQBt6gS9AgMBAAGjgY4wgYswHwYDVR0jBBgwFoAU62gJxuUvw/MKBlFL
-s1hznDkYP0swHQYDVR0OBBYEFMsSDLuKo5HnMkT9UFBgNQkdakUmMA4GA1UdDwEB
-/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
-/zAPBgNVHSQBAf8EBTADgAEEMA0GCSqGSIb3DQEBBQUAA4GBACwLeGO55YLNW2d9
-1sZkNe3ulFUkXCfVtxfO7FoO7gvCv9xKjnGOef+hnMFeLj5L4UtOUeekpnipm/51
-pi2QP8O9Vvwt6YtZ57t+ednuOPORQsvh/SaPSo7GT5H6ILwf4E/JaFiAtuwgYJQX
-D9YTw88ufWnBrPQ1yX8ReXseLZPN
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy7 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:22:15:E7:DB:01:70:88:4E:F2:62:2F:70:CB:B5:C1:CD:10:4E:4D
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        95:5b:d2:82:80:08:3a:f4:5f:8a:3a:63:b6:7e:46:e6:49:5f:
-        d1:ea:1e:82:24:cf:15:80:4b:37:bd:f2:e4:b7:28:10:54:eb:
-        60:d8:3b:e5:be:a0:3e:38:70:aa:d0:7b:0e:98:99:55:9a:0c:
-        30:2e:8d:86:ce:65:a1:16:5d:60:55:e9:b4:af:c1:a2:df:cb:
-        63:c7:a3:45:82:85:87:4e:2c:7a:3b:52:e7:3f:37:0b:0b:8a:
-        41:f2:a8:e8:d9:db:2a:a9:e5:e8:50:4a:bc:f5:51:b2:47:fd:
-        8c:73:13:57:cf:97:35:dd:0f:08:a3:c7:cb:ac:2a:cb:53:0d:
-        df:45
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTcgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFJ0iFefbAXCITvJiL3DLtcHNEE5NMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAJVb0oKACDr0X4o6Y7Z+RuZJX9HqHoIkzxWASze98uS3KBBU62DY
-O+W+oD44cKrQew6YmVWaDDAujYbOZaEWXWBV6bSvwaLfy2PHo0WChYdOLHo7Uuc/
-NwsLikHyqOjZ2yqp5ehQSrz1UbJH/YxzE1fPlzXdDwijx8usKstTDd9F
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy7 subCARE2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:EB:68:09:C6:E5:2F:C3:F3:0A:06:51:4B:B3:58:73:9C:39:18:3F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        00:dc:24:0a:9b:ba:25:d9:fb:09:b0:e6:d8:9c:61:d1:09:f9:
-        f9:d8:09:86:fb:ea:e4:13:5a:c6:0e:0c:53:c6:e2:38:78:70:
-        1e:6f:39:25:5c:b5:4f:b7:5c:07:7c:1a:7f:b4:8e:0b:7a:b3:
-        6e:85:c9:88:9a:8d:07:d4:f2:8b:8d:e0:49:f0:86:7e:b7:2b:
-        a2:be:c4:8d:e5:36:03:b4:47:3b:c1:8d:eb:8d:34:3e:a1:97:
-        ce:97:10:84:e9:06:79:72:c1:a1:4c:7a:b3:78:99:97:01:1f:
-        90:cd:a4:ed:30:2c:df:36:64:46:ff:c1:0a:9d:61:26:89:c7:
-        40:b2
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBv
-bGljeTcgc3ViQ0FSRTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFOtoCcblL8PzCgZRS7NYc5w5GD9LMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBAADcJAqbuiXZ+wmw5ticYdEJ+fnYCYb76uQTWsYODFPG
-4jh4cB5vOSVctU+3XAd8Gn+0jgt6s26FyYiajQfU8ouN4Enwhn63K6K+xI3lNgO0
-RzvBjeuNND6hl86XEITpBnlywaFMerN4mZcBH5DNpO0wLN82ZEb/wQqdYSaJx0Cy
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubCARE2RE4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:CB:12:0C:BB:8A:A3:91:E7:32:44:FD:50:50:60:35:09:1D:6A:45:26
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a6:50:12:5a:4a:b8:b4:85:a7:62:1c:b0:bf:67:05:d6:37:9f:
-        56:37:ff:51:90:9e:8e:f1:7a:27:03:e2:02:8d:2b:64:0f:fc:
-        db:28:76:69:63:2c:36:63:48:43:12:3f:06:7b:29:87:cf:2d:
-        7a:05:9f:8b:03:3f:be:fd:e7:0f:fb:5c:19:fb:c1:35:b1:27:
-        17:dd:00:b4:10:70:f0:92:79:33:0b:05:89:8b:07:c1:96:2e:
-        72:03:00:ce:db:e7:a0:f6:05:69:15:e4:c7:7f:4a:ba:e7:ff:
-        9a:f0:6f:98:f9:e9:aa:df:d4:c4:7b:14:d6:1e:8d:a7:83:48:
-        33:a8
------BEGIN X509 CRL-----
-MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTcgc3Vic3ViQ0FSRTJSRTQXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFqgLzAtMB8GA1UdIwQYMBaAFMsSDLuKo5HnMkT9UFBgNQkdakUmMAoGA1UdFAQD
-AgEBMA0GCSqGSIb3DQEBBQUAA4GBAKZQElpKuLSFp2IcsL9nBdY3n1Y3/1GQno7x
-eicD4gKNK2QP/NsodmljLDZjSEMSPwZ7KYfPLXoFn4sDP7795w/7XBn7wTWxJxfd
-ALQQcPCSeTMLBYmLB8GWLnIDAM7b56D2BWkV5Md/Srrn/5rwb5j56arf1MR7FNYe
-jaeDSDOo
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy7 subsubsubCARE2RE4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E7:02:AB:CE:28:E5:68:E9:6A:04:69:3E:29:A5:36:63:70:04:A1:9A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        01:2e:d1:19:d1:46:60:25:13:6f:1e:9c:04:5b:c9:4f:6e:e2:
-        fe:f6:3a:8c:eb:4d:50:cd:03:36:d9:aa:cf:ce:14:30:7e:8a:
-        0c:24:6d:67:63:c8:87:69:a4:1b:cd:86:aa:d2:3b:40:38:c9:
-        f9:ff:19:47:8d:23:f1:3e:dc:f8:9f:d1:af:30:a5:47:59:cf:
-        8a:c2:0e:8f:2a:8c:9c:d9:78:63:5d:8c:cf:18:1c:79:fa:13:
-        0e:3e:f0:8e:0f:97:dc:67:28:af:5f:19:6d:01:87:e5:e0:26:
-        8d:03:8b:91:f5:69:f6:09:30:f8:5e:d0:79:e2:86:51:36:32:
-        1f:48
------BEGIN X509 CRL-----
-MIIBVTCBvwIBATANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMTAvBgNVBAMTKHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTcgc3Vic3Vic3ViQ0FSRTJSRTQXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0
-NTcyMFqgLzAtMB8GA1UdIwQYMBaAFOcCq84o5WjpagRpPimlNmNwBKGaMAoGA1Ud
-FAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAAEu0RnRRmAlE28enARbyU9u4v72Oozr
-TVDNAzbZqs/OFDB+igwkbWdjyIdppBvNhqrSO0A4yfn/GUeNI/E+3Pif0a8wpUdZ
-z4rCDo8qjJzZeGNdjM8YHHn6Ew4+8I4Pl9xnKK9fGW0Bh+XgJo0Di5H1afYJMPhe
-0HnihlE2Mh9I
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2.pem
deleted file mode 100644
index da9273524d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2.pem
+++ /dev/null
@@ -1,170 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Revoked subCA
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICbjCCAdegAwIBAgIBDjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBBMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDVJldm9rZWQgc3ViQ0Ew
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOOm11GxhTUrNTzIsGL2HeKkXDSY
-fuue6iKn5fTFuhHFBY9sABHgqkRwS7lT9J5OL+Li0oTfq3En9SzqPZ1pTG7nI0tc
-qo/XLks9e9E5GrdjiSPJSvcdETspZ4MKgNIeEQXyX/KqhvOlFuIkvQ6CkB26h0Ys
-ds/2NM1G2HIcqoGdAgMBAAGjfDB6MB8GA1UdIwQYMBaAFLcupoLLwsi8qHsnRNc1
-M9+aFZTHMB0GA1UdDgQWBBR49b1LlhuzLeZAUDLruLRHVAvySDAOBgNVHQ8BAf8E
-BAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8w
-DQYJKoZIhvcNAQEFBQADgYEAUGhyEOC1558EMH9u+aVPXS5vZ39mJh2Y719gMZiT
-OXDZsqIbxJ5npOYdL40yZD5vhio5mvpKFm0DtAmAQsp6SF5nTdj9Rn70rqQI0rdN
-9m7nF1ZRRL6YBRkSymloliboDsspsoZUSitT7yMtxcIocV9V0QxcGFSFw1i6W3/H
-OYw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Revoked CA Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=Revoked subCA
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDVJldm9rZWQgc3Vi
-Q0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBYMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEludmFsaWQg
-UmV2b2tlZCBDQSBDZXJ0aWZpY2F0ZSBUZXN0MjCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEA2aktQuUqYvrSvuQR0Y5vu/X29VQgITZB3a39NV5uIZXvWgUWyD1Q
-SGYbtu0YzKSDMzLAeuSgs9c6u4r1wTxno9XgzSJvcaupysi94Eeqqt3OCaJmLg5Z
-sV12741X6CqpUSZ6Tap8rsFqYspyzMExUZqJ0d1zszbDQ9uqfCan5ocCAwEAAaNr
-MGkwHwYDVR0jBBgwFoAUePW9S5Ybsy3mQFAy67i0R1QL8kgwHQYDVR0OBBYEFD7V
-xiNcO7bHOzxBFfhSNMhrEZnyMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEA3uoPgaDGPEy7AddpjA6a7Dm4
-3Mm2CcAZuFUSURGmmoYfaTQldWpf6ySCHr9t7vOm+7Gv607TPdqF1Gw0BU6DpC7h
-Et/uaN0/vE/XHxyYEi3Gfzx//aNgr9ZcDnhr6iGmVAAxjfSmVoq1SYvWo2cskAq1
-UO8Ub1+lilBTCeJDLTo=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Revoked subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:78:F5:BD:4B:96:1B:B3:2D:E6:40:50:32:EB:B8:B4:47:54:0B:F2:48
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        38:13:8b:21:ea:c4:2e:36:3b:d1:23:d0:aa:e8:87:13:62:4b:
-        63:07:14:68:8d:92:b1:00:5a:22:3a:99:5e:72:a7:92:01:41:
-        b6:b0:85:f0:ff:48:ea:da:58:d2:77:26:c2:e1:56:52:69:45:
-        ca:38:98:f5:ab:9d:1b:4c:fe:9a:30:64:58:64:e3:68:f7:a5:
-        3f:86:1c:ff:3a:82:bd:56:a7:a3:a2:5b:fb:f7:21:8d:14:98:
-        0d:00:3b:81:bc:09:3d:94:90:8c:df:4f:6b:14:b5:10:68:3c:
-        07:cf:e7:06:69:71:4c:0d:b1:7a:53:24:5c:49:8f:fa:05:05:
-        18:9a
------BEGIN X509 CRL-----
-MIIBOjCBpAIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMTDVJldm9rZWQgc3ViQ0EXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHj1vUuW
-G7Mt5kBQMuu4tEdUC/JIMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBADgT
-iyHqxC42O9Ej0KrohxNiS2MHFGiNkrEAWiI6mV5yp5IBQbawhfD/SOraWNJ3JsLh
-VlJpRco4mPWrnRtM/powZFhk42j3pT+GHP86gr1Wp6OiW/v3IY0UmA0AO4G8CT2U
-kIzfT2sUtRBoPAfP5wZpcUwNsXpTJFxJj/oFBRia
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2EE.pem
new file mode 100644
index 0000000000..b3ebd9f981
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedCATest2EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: F8 11 2E B1 BB 28 D9 92 63 FB 6C E9 A9 9E AD 87 A3 15 51 D5 
+    friendlyName: Invalid Revoked CA Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Revoked CA Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=Revoked subCA
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEWMBQGA1UEAxMNUmV2b2tl
+ZCBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMF0xCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMS0wKwYDVQQD
+EyRJbnZhbGlkIFJldm9rZWQgQ0EgQ2VydGlmaWNhdGUgVGVzdDIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ9Y5RCWTe1kcC0UDNMfNbMB7mhZg2IYyd
+wVIZ0H7zUCGeRgP+EnH5/lCL7F2FAUGgC6iYOY89bJ3a5/CsYyMXrO4iRqxM9kUt
+fGKJRTCYlOjuWEEOPzcFTo9bdrZk9k5oxwhAqk17m0IvPpoOTAIDKqLaoIz0gqyy
+ziEmaRRxGehXBLCgJwDA7zs1qRZPOiJ7LI8EIXm7l940eGUbU5Rs+XlA/YY/HeG2
+IfKKo9I/fCwV3kFTvYWiL0TCrRtKEyihLwytrpa+NsG2Pk+lHjtmXnRnDCzTkDF8
+g4BT+6WYI8puLUFxzOEpRhVUycH8S9FLP3Gfrkosc4fb0ZaE5O4PAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFJZvkpmg6XZ0u1/U+PsZ2c8dBaDvMB0GA1UdDgQWBBSsAecm
+BprTTYb0YInq5LHji2iDxjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBy+xF3B7mOc/clEsV/pqovLkjI
+iBu5SIcDpgbLDC4ob53X0xFC6EPo+FTkjVNBMZ6ICQOI+NWCHrhAe9NgfWivzORF
+dDiP/w4v7n7QL8XFug9+Ib+KKO98TSEAO0X9DY0YNyOHHO17Zo5Ev0sU7UuZ/3za
+9A7gG8P7Fjl1u53FnR6BT7S7pLmQabCEy+cVnN41giSUX82Wtc+VLo7AuOAxbXqE
+/fy6+/bvldsbMz9KcgoG5Qdj6E6nVyaENDaJe7eWZhfLeXKb905YkqXU4H0T8bLM
+YA9BW15DSOhrylXqLHIg+pa79+ujLyqlw9Xz9shQQedLz4y4nf8DbjmYa/nA
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F8 11 2E B1 BB 28 D9 92 63 FB 6C E9 A9 9E AD 87 A3 15 51 D5 
+    friendlyName: Invalid Revoked CA Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,10B18725F104434C
+
+G1BIGWw8PiMynohCHUCkVX8obnqxs7hNDvjaAjqm70Tyli2vUjjH+o0IR2liO0VC
+2F2ecwJZUBuLGWGkd/8N1lXW2ishF0Y/7AtJGpOoUpH9kgRyShNbjIJzkBSDhxtP
+x3Uh6jJ7i64YnWdaW2/Cfm9s3SXYT9DJ4HJVohFosnLCKimaEdAfM0ui9OD+/kYU
+zsGqcXAqQ4St6oXmwPqcVbv1UP4+sLO+VQrddFvJbs8hkZpI2eoSo7LD+axsC+Tx
+fa0cRuregZlRm/xIKobBkdEeLANUszDcWKKNGNPa/ywX9brgkQlzS7vTUrZdeVKU
+/rLuQTjoh34h1NdZkux4LsdWnbff/TK3twj2Ge/ZsdmS6Sq9wKniqQDE+LUUlj+k
+BeL6jjxAsd36cTUWTDTU/zmCFoFjhQteSK1ldY+PWK59cQS13tawvn98I1FWz/83
+Q6O6bfzB3/8v5DDx6TPv37IuwN82WNxWPYyy/tFx8rlW5jHIxmP1foTnxgeQSDx9
+8lukOJJjPt0byE/pNcJbdfaU5mOOwsaXPiYrvCN36kQkPxWTrN6zqv+AXpU55r2N
+DB3oA1MS4FghmQjXr6uDA1ugmN3xQEJl7/biNdPk9TL/5ur38tJ2utb68hXKey/s
+xG1EWxvRO38btEZjlI7W4b5LlfmEOaEss5l5d9W3O+Fl8Pk1TD//5zx0ielHcqbd
+7wdAluO0Yq2KgSIzj8wHmzJsHqoamoP6VbwnIq9igYkzIw7wgOEGpf2iGCia3Ptw
+hqr0VYZwKODUj4ZaidckmjS4ncbf3Fk2TwXOPI0Udqo0qU50U0uV/6LM0i27/ygY
+EM0MqKU/9L6PC73Cm2Qgp8iCbN+nN2s8LQ95MfoJ/i9wWcB8xlx0cbdD6c+L72xq
+K4THPxfWkgULbZYVPbLvTlw5jVdyzxaH6szLGhiUz9Z2d2xFl29o0WWvlXtTQcHB
+m+WL83LmmvV508Rmi/yhHmGFSG9kUgyCZF9K4iPLQ+33kgAif6sg2fXaJ2Kxhfi4
+twLtue6PZsrJm4pjFhCMbG3LLFE0Epo/1D1dRfUab4Bi1L2hf9h0nijAwFh9eay4
+19Oldc2x7bB/KRk4i4/h4bmWscJj6nhFREzqs6dL87Gpl9pZHtTBnQEc0y4gacCz
+jv13Nl2g8PH/YTQd7tvdbOUn7MqZA8oP6lff511Ef3gHNWp6LaxqFDGB9wumwAy+
+9CY6dBPjRXf+Bfya6Q4qUrVrw8DL1LrUf5gta++eSOgWW2eFVjPiffY+FE3TqaHC
+J7QcbR6G8hJqFYrAc6yrbe8nCLF0CP5r5U2k/JaJJXA85ZtvPke1Q3LGd+anRLgg
+HE/BxMafRRQHEQQ4gCLT+3ZN+G1hi3dTBmP0ufSAXCwgYRIMikkXEOHG2DKLtYBb
+fULiXYAfFKqtgLqKKLunKHyI99gCGKLNZ2tBKPqypJoemFV9fCwlnXARsgwreRmX
+Kiu98Xc0SMImSL8N94jwGsHI6k5y4FlGn88JWlZjrtAo90A7Vj/UHPAdpUusLmXP
+uFIHQaQrCM+WpspxugtWAP3LuUOYoqvmkvcv9i1Ufn3ThDUtp00IHP9u80pkWmCv
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3.pem
deleted file mode 100644
index 1463a6fd34..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Revoked EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICdDCCAd2gAwIBAgIBDzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBYMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEludmFsaWQgUmV2b2tl
-ZCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEArULgNTYVsg53ILvaQpaeciApmyq6N0bmhjEiwYKYPdZSQ6A5tHN2X0hNYGEf
-Qg37W+OVgufTdQYW9KHRNQDisSLHoFpDaxdeSJbRshvd3iaY70ad01q0/L+mAhoq
-ULHc6QVDrE3PiDd2M2Rt+JNpIMX07CPN/nq8EyiJQUYI5AsCAwEAAaNrMGkwHwYD
-VR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYEFJyIJr6rimQM
-qOzR65FZzrJ1clsAMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFl
-AwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAHLF0HF9GpuEFWTdc4BuejhAejEBiOTAb
-YfTbYZYqwl0l+JU5CtXiOOdbOcY0XNpPI1XwN1HtIhTiFIxjaRLQ8uSd7yExaiJp
-HR2lqTC8A1efBd0eFY2MuknW6tGu3XWv+2I/NKGGyIKfWAwpPZbt3EdRnjKGhfgU
-VixHhlnpHlE=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3EE.pem
new file mode 100644
index 0000000000..2921552453
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidRevokedEETest3EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 1A 57 03 C4 6F 9F 1A 40 19 C8 9F F9 43 D9 A8 59 9D 9C A7 02 
+    friendlyName: Invalid Revoked EE Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Revoked EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDgzCCAmugAwIBAgIBDzANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMF0xCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMS0wKwYDVQQDEyRJbnZh
+bGlkIFJldm9rZWQgRUUgQ2VydGlmaWNhdGUgVGVzdDMwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC3CqKP+NqhATHU9Ype3p9gqwZT2yJYnoZS0jqLff20
+2TShaoPJ7V0RtaTdle3RMAw6nsu5jehIzYk21kGlNURVYcKO6y+undUfJgYTXX0F
+ZHSCMuMAWuGVdla5oFSqVlzNS9m4gIHlYunhBuzJRFSJQV+eKzPr/ITdO14QEGrO
+DNzu2N1MEMlBzwuExczNN5ZIRWvqLyd52380a+oD9vujGIM8oZQOHcBPZTvbgn7q
+RaH1719locD7oMhj67trLALbsHuRnP2APe/0vuaM7mNTlLzUpb9mAefSjY8o5t93
+38am1l2Z3BDBDLu4BgBi3q8131dczc3y6IrrBtYfpREzAgMBAAGjazBpMB8GA1Ud
+IwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1rzrJMB0GA1UdDgQWBBQHFry9nAga3iH1
+aQqYBs0caFrLfDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
+ATABMA0GCSqGSIb3DQEBCwUAA4IBAQCCPGXUH3RC5BlNt3cfMDGxsZkfsxYhftwU
+m2b9gwZwBYcHppIxBzHV1ktOPl3uJgpFar02ypnHKWANAcIUIjFZaHhZ6X2YlBeA
+5iQalPQvOyPEUwncGSwWTYNo1KdCev8p29UgyjvZnmdEtMMBUejzDfVHfdyvo0Le
+Z3Gvclnqpn7tu4xkMrYbVGwDmcNRAGhSpXzINk1SUDcHvONQk0n2swPZs3/NjxR5
+oQK3prqEj/ANim+ujHAWVIRIuRwhR1hOQ7SwbZ5CSF7rYB2QZVlpuORrsNurmonK
+JOLp2lDXvMiR6JFO7JAy89bQSCkUNqpPjNIaF8KQ9bEbCZ8qH9W3
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1A 57 03 C4 6F 9F 1A 40 19 C8 9F F9 43 D9 A8 59 9D 9C A7 02 
+    friendlyName: Invalid Revoked EE Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8B62CB31A9ACE059
+
+9GmR577tNmXpWrBhkP0uF+4EUaEXZt2RbDCE2iFeGK8muqDRlK9857ybYNuq0cQ+
+tMqJrXHtoqGEomrH3L0slGVhopdlZTuIyT4iy+XPQs0ArZYZfie0mfhtXWiNJrSd
+TJFdFsMp9KZ+/jaP90DltOPmg7CVt8PBBNEvdVtvHfRTOZ1ytNZACgNeMxMSDng/
+UXu4kZ+zEQWDttZxCv8DD4emZJ6PYei9szEHosjYGVFLCiPHvvMV5JBWq42tnvOm
+cRxmOxZ8qx2J8NMpluEZN2bgEPIjdlXbG7slayqFkUqoPgzKYnBDjR6Vi4Tq+1xd
++Zw5d2f6Z0LB/938imM8ZM+y6BTN+6v4I/Mc4vEnan+klMDqGCW/3wcYH0YaRfS9
+eD2ViJuGNApQ5t/Y9W+yOoqWkz43wL/9UUPzFlJOG3+Qoks95ZqhVaQI07vH61z/
+hUXHiaUmQOn07QKrgcRiFkSrV8v6B0hXK3FCOPIlzJkqGr4GswaNM6cd8y62UISX
+UqoZm3gUVBpPrgqbqmabyWEFtBk+RgObs8S3lbtvRaLJMSqiYfoUheXX+3USfOsp
+hS6O6CzeD0zPClicf8dekZWTge6vmUTZNyd8Wrze2X3nrQ0KFWlZjQkQAId3KK3I
+T3ZrBbnqNTyqqVWFbXwltMeqcfVj24GSaYWTcTPbzWPiwNkhbTsBATNtcgKVsPYr
+fpHcxmq4EZNSk5+aPiDrltrYAPgLjWV5+7wXs9wueRoQtsLEJdKa2B+8yak0OZ7E
+v8OILfX7oDaKYldahTBbYCZEAIh9YMcyPIwn/n8RrUM9Mqw+4kUnv7ug1nlrLT/0
+nk6NqtvDCHPMuwnGOvWs0b2qjhQ/8QELPgbp2vlg4Qc5/3owJ/3micil35WyOH2O
+8SmXgeDeBRiNAprlSjB0lCo0Z3cTECFqPpAVrmZMgC3yaTUbvywoDak8muqeh3zv
+Zv8UOgS5zzuKyUtKoB6pLaPPflX0uX89wGYZ2pZyvY2NzjYNRbKbSy6LTFFd3Krm
+c9ub/6N3F/p4JxOx47Baw0Dc7NlkNfuSZJDKK4oflW20DqNl+DPmO9Qmler3Z0a6
+cxAjfgZCOITJzQGL9DV99gAAy9KiNRuem8/5WutIX0wT3StvRK9r5yUyaF6hh6Ru
+c/4sgveqxox7wxEsX20IQVoNGNd+Tw87A+8xiXtL1jOWjApATepDygRRvzCZFCDZ
+jjL0p4TUth0xIfKVrLAeWYyO4s9VHQG3eh2XW9eOuQYK2+fFsqks28kkmI6E+eDi
+tnanUjjv/vTXVAGugmfxuNI6Qr02otA2TXipkfuTAl+b3z1RgKPC7SCB0FbTfFzK
+fx19/89KXHRi3078u/Dsgc1O6S3zNFlydgwIxFQCUQWMu649S/o4XGPb8oYEZ71+
+tlRBuecqmECiiOLSk6t4T8rtiVsP84j82/FFBu8LEP4AMpmMUAnecIue4nK4x680
+L4iI/tUZW9puzgC+qKS0w1kHaQU431yzR7A6RwpRAXZuAQzf3CdQCUajTCr2m3Y6
++Z1qmrV+7rN4Bp+goSuUcuf5kIFRsgh0QaIMKspzZ9zDP5t99zvbJuNYT2SCUwDK
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedDNnameConstraintsTest20.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedDNnameConstraintsTest20.pem
deleted file mode 100644
index eb302f72da..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedDNnameConstraintsTest20.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBCTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMT
-Fm5hbWVDb25zdHJhaW50cyBETjEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBANItJYQvAndzEuOPLnWhU3+T5fsnTmDZ6JJ02F66VAcrpMjpsFaFiojEgiY/
-nfnbJzFwi6A0VjvStsiM6fOFbVY0vALdhKMSl1OJvPspcf6YMW1MUg68akqffpG2
-1zIqiltFmmT4Lvq/yg9+q2A9W7yB68fS6173hf2h+fGzR8JDAgMBAAGjazBpMB8G
-A1UdIwQYMBaAFE4uo+fZ3YungjtBSsOefFkjV05TMB0GA1UdDgQWBBShuvXAVFzy
-kwUMm0EKULQY2GdPITAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAElrFa8GafGokZssZp8xXcrnM2FIcSbd
-JXCXQeSFsH7JvXS+3BT1v+0saEhJou7UQ55B7Z0t6COKHryuC0E0ySNyDAOMHGJy
-nbbqmdyyKeXb8cEzFUWN+jTte+P4bCc7qJW+mBGNMLjWFZ0sD6R//NF/LiS8kDhU
-CSYphECUPTcs
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10.pem
deleted file mode 100644
index 7462210961..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10.pem
+++ /dev/null
@@ -1,178 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgDCCAemgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp
-bmhpYml0QW55UG9saWN5MSBzdWJDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAOJaxR70a7a1EjJOHlf9fG9BEsSto4MGr1bnQLMud29/o1aka1mDrcT4ehXL
-RT2j2lOFHI+7Cv5UrjI2iI/CWsH+z+PM+sB19pJmrqshzC5FwfeHDzFTUsn8D+5R
-WJAx3NZbB++nDKkIIPql/K61Z8VyKD+3k7nNSHvXV+dKCWd3AgMBAAGjdjB0MB8G
-A1UdIwQYMBaAFKeFECzgAW7nVCNqd6KPFwSv++MSMB0GA1UdDgQWBBSryEEAJtDV
-TOYrVmfs74LEwt3yVTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAcBSBfFavoevmu4Jr
-Fzz3LyHSA3rWhajms8ZL6AtVPDfyQaJsZizVZqKYejWLXv3jNCri/c5BBB2XTXdD
-zAQfwr2W2FfXMkNDUWt95C0NOF7NK5Z2XbmFMGaqn8y/rsYv+Zj7zl98yp0efRKw
-JEDyqFgkV/+0sLFjQvvcCdY9ucM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR0wGwYDVQQDExRp
-bmhpYml0QW55UG9saWN5MSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vcxz0dHrlH/i+DaS78z2Y0O98xlH0yo64kCvWxGo//3ZvMZl+wyQwcAOqDnIH20X
-Fi+G9BhwuyzlaqMenvEQFImtvvDspxYtq/xqmTHET1+9rkF0f8Ex8uV9VgGGMJFB
-Kjax2S+jexoGNro4EeLopi6cOXBgeqwkzcpdi0C3ugECAwEAAaN8MHowHwYDVR0j
-BBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFKeFECzgAW7nVCNq
-d6KPFwSv++MSMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGuWkVLrBfOy6K
-Y46FaTMnWYkjBWyjC9mgPrq97h90tejc8Z+5Q7u+WD+f//iSoC19Uy65lnk10g56
-UqaqA7zZQ25N28un3YqnKwS1pWrtUGNiAi3vYPUkmwq+6PJvWAcVl56td6OmQOIO
-hDwXMBUcDUYTCVAMRY5fiMx7ARRmeQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBBTANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UE
-AxMYaW5oaWJpdEFueVBvbGljeTEgc3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCd/67ojjbNifZYVq2WHl1rQRvHb6qWjPGD/UvROusJiCTgq+tLG56G
-Yhb5//E5lAwUUzNZIfrwHml2Pn4iH3vJeRDzhdlPd0IIlP6Q2Dxy2/QrBf7k4luQ
-F9TLihsAH9NuOh1bR/+hB4tV3/E2fvztlVmHOlxbAW/c0xE3jI+WiwIDAQABo3Yw
-dDAfBgNVHSMEGDAWgBSryEEAJtDVTOYrVmfs74LEwt3yVTAdBgNVHQ4EFgQU7253
-ms8B2VtX6DNkqlHmWAPzWTgwDgYDVR0PAQH/BAQDAgH2MBEGA1UdIAQKMAgwBgYE
-VR0gADAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACgW+giBnGTr
-WXyUZ38pVKHUK9uAxjpPOw5UZC2krfC4nqifiItuVLJgqbPmvETc+8fGD4hi07Lv
-owJkVeBq0ZQGlYoxtz7z6/gEt46nf+lK5gU+al33eTzgga0845cxLE7kpKRYsyhX
-eCRGC8Cmifmc+1AJ12kj61Ys7XE8P9q+
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AB:C8:41:00:26:D0:D5:4C:E6:2B:56:67:EC:EF:82:C4:C2:DD:F2:55
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        85:eb:03:68:bb:91:5d:9a:09:2a:f7:5c:73:90:8d:e8:4b:23:
-        92:c3:d6:b3:8b:81:ba:d2:b9:dc:a1:e4:48:29:a8:98:cf:59:
-        db:2b:1e:de:1a:ce:db:cd:5a:dd:de:f5:f3:91:13:9c:1e:a6:
-        c8:4c:d1:ee:24:10:7c:95:df:a0:ed:4d:f9:a5:16:43:89:af:
-        18:f6:1c:24:b0:70:9c:62:86:07:f8:0c:e1:61:d6:99:ed:7b:
-        88:58:9f:79:d6:3a:1e:ba:aa:52:97:13:5e:00:7d:00:ce:9a:
-        d2:34:9f:0d:bc:18:09:f8:10:2d:c5:d2:8f:d7:eb:a9:59:25:
-        45:1c
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx
-IHN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUq8hBACbQ1UzmK1Zn7O+CxMLd8lUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAhesDaLuRXZoJKvdcc5CN6EsjksPWs4uButK53KHkSCmomM9Z2yse
-3hrO281a3d7185ETnB6myEzR7iQQfJXfoO1N+aUWQ4mvGPYcJLBwnGKGB/gM4WHW
-me17iFifedY6HrqqUpcTXgB9AM6a0jSfDbwYCfgQLcXSj9frqVklRRw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10EE.pem
new file mode 100644
index 0000000000..e1d36aaa9b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest10EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5E D2 45 B6 7F E4 4B 8E 8E 55 E5 51 AB A4 39 EA 62 3E 9D 43 
+    friendlyName: Invalid Self-Issued inhibitAnyPolicy Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBBTANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowUTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kxIHN1YkNBMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALF4YK3LWtJiBgUl5Tn3nfwLF69a8RzoolTy
+yaH+AC5GnpkNUDC8Mae8jF0rRErvKDlDgHmHFYrEXoZ6ROCsqx2m0PCYcM0aSc5I
+Nt0zfc0V/SjB8PEitoIsDTBNWQHoWBysMKdEvPcPgEbQ6g/I9AMuo2ENAu3JAK/k
+mFT7y5P4Auk3pwAzK9eM/qiVVSoK62ykN2e90B/v/W8Mp2B1oSLkbrUq+pZdG0Cl
+lqPw8jaA6/GRttWiOINW1MERdhyYXIZa9HrhE1vHQNBWT9ZNs0z8WXlSx0qSe5Bf
+ZRC6U4A7HagfKnp97XwcfgzLEZVeRzq8ydhdKyYL/GIQ6skBA00CAwEAAaN2MHQw
+HwYDVR0jBBgwFoAUjAXc335k22K+20tRZIxqZthco6MwHQYDVR0OBBYEFNeq4+x4
+jtMItdkkxE+pjUaRGjiSMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRV
+HSAAMA4GA1UdDwEB/wQEAwIB9jANBgkqhkiG9w0BAQsFAAOCAQEAw+zWEOZ2oOy7
+pak+z0Wn3q9yg06WNlv55x61qIF9FLPsUKHcq5HZNHUqYUXhsGP08cU5bIq20epK
+xuAj34fGieLjH1KgbgG+Bwe8pkG43gzh7ggqdqcUEXQZFOMLlZz6AnRWeG8/ZoKt
+J1u5XBLhBO6poXF8n3T8t0us4f+HtVOjdNeRdrS1QEiHrXLOanN6YIViBraciCOd
+ezeYCJvDquy2ZCoAUDpJS6dofveoHGr4BpMDgLe1g19JWAbZhvHQ/WHzTJrMnd/q
+rvpQcTRAwaLr/Sp3zY5tp4Mb7AV4iYYszVbwQQyHhsq0E590x6kQz6lVtKh7joOU
+4naDVzv2ig==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5E D2 45 B6 7F E4 4B 8E 8E 55 E5 51 AB A4 39 EA 62 3E 9D 43 
+    friendlyName: Invalid Self-Issued inhibitAnyPolicy Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9DBA21FEB1BBF3A3
+
+vEXQyEjZcFlzS31kO8IeWEvB/hYjpm7DzvDAFbfVZtfW9/khycLB1pUhbMEzVvH8
+L6pKBRETAoU33dCwAIkySaegzKzLCd9WFpmlOIeFH+WSyVoRs4nnSHPBk42mBKj/
+NK5ue63pzko+QZVIiFPt8x7R44i2lGRXRCgaqiyIJkSyby98aPlAxi3AUChU49vA
+ZXCDUg1YQIe4xVqJ6ONYRmyVk5DbIWY6aQSV7jQ0OL3olL8+WgXmUiQFuvva1rdL
+s3Z2MTGQMJH4wU0lpsAtX6UCgGvoSy6PSu+W0OUH7zG/4/MjCp82BnY5xJLzmPKi
++2jEWuw9CfdiFMLrFNLew1SIe1attx8CZ6sYAKakOcyZ856HiOsO634yzaRgOhh5
+SmmNN49StebbBv261z4cmVc4VeDPvjyvkGKjLxBYLMgWwsvZOhskednUDwGi3cJ2
++3FMFDorpbJ4+7o2MkyjIAMuvqVI/cWaKlzTsi7NWVeNQf1Shg1P+m6jLL1SueiH
++4Ce1Mah3OujFO+Rd3Vb0NcKgobKklL7Jc828ArMC2t1P6xmEUJPG2PngXC3mDII
+x3aj+ApQ7Fbt2UIXRGA10z+hRYvELAACGUA4lPMI/7/p2xoEgE/2+6pyKaGhZc7r
+VEhygISd46RcMUb053KqY4vPP4lDRjyZ7N1ebGVYGrJ85mMWR35B2Lh2jGqbCecx
+X2jMqvOUTGScgx0afxA4gPHO9McQwusrG3AePcmRrR4qxiur0DhK8veK1j8wFuRk
+ZwXhXSP87NLtUQ0F5TzJm8zFviF8Ad8+Tpb+nEYrZK4XEnwVzJZXwAeikJu/wWmZ
+23w56a8YAR5KEz/lXhFgJqXV1x2RteToTNKp7X5ofVHjJeySdRvrJbwEPokRoHgz
+mhwK8rEBeAjeQpImLzjjACV2gU1BybOnnB67WoM5z9mByscCFumy/bni+5Dogqua
+WApGMeRdqLPl3KX5bc9Q1F1b6gXygSYxGsBVAIFxwxmJdKlShat8qP2rYUySE4Pi
+c0WoXMwx4bHgLM7eXlMgfM1D9sV+kww9B2kQlC33cVMTkqcPcP87sJJXXO933xQQ
+RxNnPQ5SlkbapVZAiajhagcALhNLVFxgxz+wJX8cxoGj5aZutJcKEsRpt/UGgx78
+ZMDHLEelO5dt2KUci3Zd4qQTVBkxkfLIGyV/6nZUyPNK2l36yTRmd64DiAMyF8NY
+vU8aNb/aiVtTKLTr5edZOTJ84inTqLdsORpsWqRU2i25epB9TkHsTQHky83kUSqX
+at7iuELBsREAhhUmviJgnRwPiH/FZUVAwaS1frZ27kxEPuicZZKqTL7sz0tHduQA
+TiQvrbuKUDdyLjLRGYLow1LZFDpL1DXZcEI8YhzDVCfU5u0EaAGFeBq+3owBjpVi
+RJCdp9ZRl1SGdY/Lbs+/S+Jxgq4MLqFs/d2+NRijh+jTZfTHCggih5vbkB+A36pY
+CUYmYOsnLmcV4cD2K9S4X1Rgl51rLqnYRuJLIgNW2yRh/g2bCHakLqUeHOb7UlQq
+H8CIaxiSjdS5tVntPnQQYr9DwZ137JY4xBLMzasFYcU70DWkCO/xTA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8.pem
deleted file mode 100644
index c4536e1bc9..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8.pem
+++ /dev/null
@@ -1,230 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgDCCAemgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp
-bmhpYml0QW55UG9saWN5MSBzdWJDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAOJaxR70a7a1EjJOHlf9fG9BEsSto4MGr1bnQLMud29/o1aka1mDrcT4ehXL
-RT2j2lOFHI+7Cv5UrjI2iI/CWsH+z+PM+sB19pJmrqshzC5FwfeHDzFTUsn8D+5R
-WJAx3NZbB++nDKkIIPql/K61Z8VyKD+3k7nNSHvXV+dKCWd3AgMBAAGjdjB0MB8G
-A1UdIwQYMBaAFKeFECzgAW7nVCNqd6KPFwSv++MSMB0GA1UdDgQWBBSryEEAJtDV
-TOYrVmfs74LEwt3yVTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAcBSBfFavoevmu4Jr
-Fzz3LyHSA3rWhajms8ZL6AtVPDfyQaJsZizVZqKYejWLXv3jNCri/c5BBB2XTXdD
-zAQfwr2W2FfXMkNDUWt95C0NOF7NK5Z2XbmFMGaqn8y/rsYv+Zj7zl98yp0efRKw
-JEDyqFgkV/+0sLFjQvvcCdY9ucM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR0wGwYDVQQDExRp
-bmhpYml0QW55UG9saWN5MSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vcxz0dHrlH/i+DaS78z2Y0O98xlH0yo64kCvWxGo//3ZvMZl+wyQwcAOqDnIH20X
-Fi+G9BhwuyzlaqMenvEQFImtvvDspxYtq/xqmTHET1+9rkF0f8Ex8uV9VgGGMJFB
-Kjax2S+jexoGNro4EeLopi6cOXBgeqwkzcpdi0C3ugECAwEAAaN8MHowHwYDVR0j
-BBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFKeFECzgAW7nVCNq
-d6KPFwSv++MSMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGuWkVLrBfOy6K
-Y46FaTMnWYkjBWyjC9mgPrq97h90tejc8Z+5Q7u+WD+f//iSoC19Uy65lnk10g56
-UqaqA7zZQ25N28un3YqnKwS1pWrtUGNiAi3vYPUkmwq+6PJvWAcVl56td6OmQOIO
-hDwXMBUcDUYTCVAMRY5fiMx7ARRmeQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subsubCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
------BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8x
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UE
-AxMbaW5oaWJpdEFueVBvbGljeTEgc3Vic3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQCSWo7+2d9aVEIC1GxMTDBcE+ozTf3DLetgbtqH0eb/EK+ZLwVz
-cVTjWrdl1UTfNgUR9FkYIxWkXmme/JXqvYFtYTmNiz0Yj4KGpl25Mi4qoxtRFk2M
-BKLOpp+oY4PsNGSc5CMRc3sfZHeKe8jZK3nA4G5nv0/KELI4m69QKI7u4wIDAQAB
-o3YwdDAfBgNVHSMEGDAWgBSryEEAJtDVTOYrVmfs74LEwt3yVTAdBgNVHQ4EFgQU
-Iskd1THdwnbnw9yS/MCFk6rmzc4wDgYDVR0PAQH/BAQDAgEGMBEGA1UdIAQKMAgw
-BgYEVR0gADAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADf72Lgp
-rqTepmy2dScOvurWUGzi/mA303snWu2b/DOnZOn2MJmmN2OIau2+7H9N1CVJDq+9
-gF97Zy3sIukm2yyJ623TL2sO5JeKNIP87CGXEiuU8qe/7BaW8C4dkm9dE0hIq82/
-vPG+JF3KAey6HeGOdaLoj+DyiSWJsJmzb1OC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitAnyPolicy EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subsubCA2
------BEGIN CERTIFICATE-----
-MIICnTCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRBbnlQ
-b2xpY3kxIHN1YnN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MG0xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAG
-A1UEAxM5SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0QW55UG9saWN5IEVFIENl
-cnRpZmljYXRlIFRlc3Q4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQ/9Ia
-17vdObtOssUs8md1zwyBeKcC3f6mFfybdaruKZpzVmuAkDJec9ZV+ye3BJUB/5Vd
-FE+xni7v7HcxxRwnFHLMDEqoBYuAuMxi8tWDpWAT9bG9tlMH27i6in9PqUFDtMba
-A2eI2p7J64Nm+mtNtbwY8obe+0CbvRPJDnBU+wIDAQABo2swaTAfBgNVHSMEGDAW
-gBQiyR3VMd3CdufD3JL8wIWTqubNzjAdBgNVHQ4EFgQUON+KAQ3zmTRqwEhvTM0g
-vMZUZF4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAN
-BgkqhkiG9w0BAQUFAAOBgQBxH+ujnhDuJ8w84wkOZvsaXK8TaJMO7AkbWriyl9Bm
-rMj0tb0bKud0bFlnK+uuetnpFGNysBArTwGQMpQ8C9KsHDEDVoC5A7TAUXHJgtyG
-geWX6fiC8ZBA/LDkDjqLchdfF2r/Enjo84+EbjA28xHQeJt+AMv2PrX41z7EWjjj
-dA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AB:C8:41:00:26:D0:D5:4C:E6:2B:56:67:EC:EF:82:C4:C2:DD:F2:55
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        85:eb:03:68:bb:91:5d:9a:09:2a:f7:5c:73:90:8d:e8:4b:23:
-        92:c3:d6:b3:8b:81:ba:d2:b9:dc:a1:e4:48:29:a8:98:cf:59:
-        db:2b:1e:de:1a:ce:db:cd:5a:dd:de:f5:f3:91:13:9c:1e:a6:
-        c8:4c:d1:ee:24:10:7c:95:df:a0:ed:4d:f9:a5:16:43:89:af:
-        18:f6:1c:24:b0:70:9c:62:86:07:f8:0c:e1:61:d6:99:ed:7b:
-        88:58:9f:79:d6:3a:1e:ba:aa:52:97:13:5e:00:7d:00:ce:9a:
-        d2:34:9f:0d:bc:18:09:f8:10:2d:c5:d2:8f:d7:eb:a9:59:25:
-        45:1c
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx
-IHN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUq8hBACbQ1UzmK1Zn7O+CxMLd8lUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAhesDaLuRXZoJKvdcc5CN6EsjksPWs4uButK53KHkSCmomM9Z2yse
-3hrO281a3d7185ETnB6myEzR7iQQfJXfoO1N+aUWQ4mvGPYcJLBwnGKGB/gM4WHW
-me17iFifedY6HrqqUpcTXgB9AM6a0jSfDbwYCfgQLcXSj9frqVklRRw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subsubCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:22:C9:1D:D5:31:DD:C2:76:E7:C3:DC:92:FC:C0:85:93:AA:E6:CD:CE
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1d:88:c0:b5:68:f8:c5:35:0c:66:d2:54:82:7f:06:cd:fb:e4:
-        14:7b:81:fd:e0:ff:7f:0c:33:e4:b4:07:82:8e:40:8e:46:36:
-        5c:05:8c:72:bc:b9:83:50:2b:c9:d5:23:08:40:c9:a3:47:ca:
-        cf:41:15:86:1d:a8:fe:50:a9:ec:75:78:c9:d1:6f:94:00:86:
-        c3:05:3d:e4:39:af:b4:a0:9e:07:88:24:fe:66:f9:7b:f5:95:
-        7c:dc:08:c5:ca:e4:4c:d3:82:bb:6c:de:07:8a:f2:18:71:ff:
-        8b:d2:a0:95:2d:c4:e2:12:37:bf:12:cc:e9:bb:75:de:16:9f:
-        86:32
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRBbnlQb2xpY3kx
-IHN1YnN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUIskd1THdwnbnw9yS/MCFk6rmzc4wCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAHYjAtWj4xTUMZtJUgn8GzfvkFHuB/eD/fwwz5LQHgo5AjkY2
-XAWMcry5g1ArydUjCEDJo0fKz0EVhh2o/lCp7HV4ydFvlACGwwU95DmvtKCeB4gk
-/mb5e/WVfNwIxcrkTNOCu2zeB4ryGHH/i9KglS3E4hI3vxLM6bt13hafhjI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8EE.pem
new file mode 100644
index 0000000000..55fd665be7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitAnyPolicyTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CC 64 FB 32 6F 67 8A 1E 96 53 A4 EC FE 77 2C 95 89 CE E7 02 
+    friendlyName: Invalid Self-Issued inhibitAnyPolicy Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued inhibitAnyPolicy EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subsubCA2
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbaW5oaWJp
+dEFueVBvbGljeTEgc3Vic3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowcjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExQjBABgNVBAMTOUludmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdEFueVBv
+bGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANrGXh8C+n2LlFXpLZsOJgBIEL0cYBmcOraLKe7Uvg2hJc9AD8r/
+z8WHmVQlSq4B8l5SFHNeRfZ80BEnvnpsTYyLF8ANVwtG5OT/tYqaJnda7njYnjML
+hMkR8VHTaeplaXavFjQAesIG/JXDzHpX4U3FzcLo32jX30Jl0t1wSSVgufSYzPmz
+vN4snvG+K/U6wIwW1Zj+bzDTf+WFNTL2KW+jEr7X8XfWi7gqNUaWdqkskRAkBM0n
+CyiuRiEe9bFulCodYxEJB2pJKwdjXCxdHtJS3FiwOq86oOXgvThoQdHgxbAt7JWC
+RqwyDXmi1cLLG5sioGKwAKDcE1jtuL9Ep2UCAwEAAaNrMGkwHwYDVR0jBBgwFoAU
+EX3AnIp2+Ukz96SBS44wdZU76IgwHQYDVR0OBBYEFJ/nMvWSZoe1IShDy5EYfznX
+2OM+MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJ
+KoZIhvcNAQELBQADggEBAJjr02r+qm4q+XG/oDosR+zfakP0pcDGVwwLwHqHV6i6
+hf32iODdTy7N+3GfB1vOdWJ1HKJT8TbXcM/zyYyglvw9rXAWdeaTeZLExRaavB+k
+LlIAycxXFl4gSslEqbxnGl7FN4BN8DAa+4WtHwW0Ff3U0wTbSNMBx4x7skvP/9ZO
+8Qllw94V7dAwBUDwbVL185tJsJI87lMXUqxMdrBCGoa0lqS1I8ZFCYXV0TOCeeTI
+ruSYrANu8eHRJliHGb4+SAZ9xVWFqsqAJyqrs+pJHFm4+7q/YdBeVjV70jTjN+R+
+Jxh+nojv3Cn5l9DmG8xQZzc4Q3QTsd7Dpmb51+N+N7Y=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CC 64 FB 32 6F 67 8A 1E 96 53 A4 EC FE 77 2C 95 89 CE E7 02 
+    friendlyName: Invalid Self-Issued inhibitAnyPolicy Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6A1C69F9982793EE
+
+k71tl+AyI5R0Zaid9r0W4MdpNwhQHzNbrE0OybQzNpvyMYEd45AAPZSkTw3P0loK
+MyWXVvI9Y8xTBtorqE0bHlPbpJhdxBqv8NO2glThprJYVG+G8m9O3y2/vKSFCOqr
+nsHAHR7X4KjpPif3gTovYdKLGRDBSpFnTzwGGEHX47Ey/7goy+r6gbHYfpGaCHwQ
+UcDpatkSc3GUkgSwSodNZPvWeymvdZBXyHyp73GWN+tgX0WyQYsh5bADAjIsReXu
+D0wnzYcXQtHxmbQbqv6QyXiBPY91GNxcvAwa/1QcbiI5O20EIieOesTQI31yCRHT
+a8mp/E47C191Gn+9DrgXtk4/YyR2JIWxhsbHceTOCN3JLnPngFHKZ6A0bNfLtZP9
+Uj7ZclhcVz6dxoqs3hM3j4MEGJ2PMNp9u+03He2Rt1NMZuns81ioXSzHAWsGzVSn
+PcUyqUMafdzHlGYLxq7NHzw95+SpSvWAIXDnfOfrlZiP1LOnWNwxFXWnQ8JksahG
+rQQPCv7YFhTJzr8MvlKdDrOoG709ANpsnWgf+G1vD9MVuZ7ZrBHSFFzjnyZu4OW9
+c2JTlB+ZPWfspMDNMhuVhpVkOWktPFGpHz1sB+r/GsAq3MqeuefcQVeR9hHApbdZ
+CBwHqjZVatSDMV6DCXGPAjShRLLNAi22wa+Nsu/k4AqSiSnnT/6UWyFTwYDBxk0f
+fTqHgOd18A2vVjL90tlAlyzC6vcYM/fM1xmBaX9y8M+MesZPBIAhMHN1Axl4iX5W
+q5vkqh9u1pxtKJnhn9pQ9g/hqZbcRp1T/na7HWAzwOoty9157Kl6WrkRFiJXicy5
+7MsEzjyUPtCv51YVgvNHVGadCeQprKkVNYjuZAzXt0E901xqyOLMOeFv2LSwAe6N
+BE3BMBOq4QIUYw1ia9bKeju8GdfdDKpCwbtnjns1Pk5O04TCJFuAk/1VWzKnfGUp
+4+JrN9VCM6x+Rhwlw+uHiDDQwgRU0W41BUJv+EI3Ol47NnnuaaRYGx36q3k2XVhk
+/F/KoDDyDcc2P9oxGJTdkimmgSeW2XTkoiet7Oop+9SOmr8+6QiPuSe3hTJq5548
+5ihfZVZRzT8AOL3wYr1RTYfcEW3/Yhnlm3r2htLphB/05NxcZJTubVpybHFcfZSD
+KNqqjZicL5MwMR8Jx3/oDKJ0Y2Hl335HUZez3d4SFuNf2FTVe8gLPEe2l82SFLJJ
+WOyIpmKyGI3GzkIet7hi4V33va4Yvvh02IPfKd4JsDXYMNoj8cusVRuDwobFbLF6
+rB1UXfYH799oAUBnZBzNLip2WKCBqU8NJi4aYpyszq4afuZ6umG9oXuXzXBtSt0j
+32kdr8/7WrOJzAb4qpzKjY0uPrh/W8hR0tJphVQB71qFMs6jKc6TFdeuDORnX5Ky
+45U5ZL+WeRF9+s7Aoist+n0ObC6kdVUMd64Ft7VPmRwv0ayOuMvdBvKTUMOeDgFV
+c9vaPZHNo5d7Rd5WGn53A7f+9vs54sx/GcXyYZgsfewKqmautEGmzmwCxP2PA9KL
+6r2mgE3b7WI+AfaORZh3s6r5GK0jtbxLyobFxWfG+I/bjjj4cLDXJ6fzcpSWM7uD
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10.pem
deleted file mode 100644
index 5d5bad56aa..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10.pem
+++ /dev/null
@@ -1,200 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG
-A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE
-99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y
-emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID
-AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E
-FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu
-YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD
-OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA
-643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY
-Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk
-m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud
-IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK
-oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG
-9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb
-IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99
-pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICpTCCAg6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMHIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFH
-MEUGA1UEAxM+SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0UG9saWN5TWFwcGlu
-ZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBALSurY6um4v6Evz2ZZkBR0WlROEOIvWcYk9AFjbvZnEXlHBzmkfiz93q0Bi1
-a98FZyy05zNbGmfXdXDbAuNwWdWnYFJqFQF5yKUTSQOjNNy5afttfVbM3ibrmE52
-KsMfdN73UU2pHclkhpRJ9ex52s3nofBFCXZQVRZzoeOqe/tfAgMBAAGjazBpMB8G
-A1UdIwQYMBaAFEGmJOdLRsqNTr1i/ZUfoEVERdaDMB0GA1UdDgQWBBThQ779KH6I
-bjPzWxJ3ysMVnek3RjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATADMA0GCSqGSIb3DQEBBQUAA4GBAHsSdG99XQKSMIQzQLp/vngNcqtmTCC5
-jBCt3KnnUwJ/Nrk2oEQpRwjetItPwFFYN/IR1MUnb0TtKwr+WqFeMI5MgyzkuiG8
-b8Wi8Nfa+GP+ZaWx9W0hIwlvixhloYr/wO5roHJLmZdiyrUJlEGb/7VLK5ZlmSDd
-LhmwYoEZUDxg
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG
-A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/
-EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP
-uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt
-iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G
-A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw
-AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD
-6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC
-WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICwDCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEn
-MCUGA1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQC8nvl2y4d/yNUHP7aG5vOrKPi3d7UXdNZHRGzP
-KFYbJk+OVhNwnX26uR8hCEDDfjBI28f/541hjsDbgy60IS+nCklaPQkS5uD2R6Lq
-9WPZpnSNT+obNGFQqIuE0iQbBIXeXKy/E1lxCIQazKZHl7/QhjIso5/eRagUVF6m
-ahAnsQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFLamwerAUlPfhv1mSeS0Rr5jMwwV
-MB0GA1UdDgQWBBRBpiTnS0bKjU69Yv2VH6BFREXWgzAOBgNVHQ8BAf8EBAMCAQYw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUD
-AgEwAgYKYIZIAWUDAgEwAzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAKKfnJVgNVANlABGqhZPFB+MA6EeX9BLJIERR69poKaUCigLoIdovWQx9/sT
-MYvGE/gIulPhyTI2P+UM8yJHPmsucrlDwVwgyTE9WCsfVRZOV/DVqGzvHtpUGetp
-GZVUYWRIJtdAFXq1h04c6KSFenC2BqH6A19N8SkUyT9v8khC
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25:
-        50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2:
-        09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56:
-        7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7:
-        2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e:
-        74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86:
-        f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db:
-        f7:a4
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y
-CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC
-VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee:
-        4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51:
-        0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9:
-        c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64:
-        ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb:
-        cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22:
-        d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9:
-        45:a0
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw
-v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh
-zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10EE.pem
new file mode 100644
index 0000000000..c06445050d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest10EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 2A 05 D1 E1 38 BC D1 DA 42 C0 F7 50 50 DA 43 FD 84 D8 96 20 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApygAwIBAgIBBDANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowdzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExRzBFBgNVBAMTPkludmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdFBv
+bGljeU1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDEwMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAp5QAd+u/Uos7XJmpFiMxS2UfCoX4S7F2Z8X+H5aE
+ROK+YmaczS0wMScaDNXiqifUvntr2PEVPGpjAdVg711oP4yJUO6yxljUqZl/DVV7
+//qRPkD76MUCIxNx1dxLrsOd6PDmFV3ZcS1w5R6dB7E4AGV6jG2ikMHAp1UH69sJ
+nxbMKCtpigzpxYTQtcH9+oB59lMkkAtSk0k09NvW0GHlDR6+suZgQHHfmJMV8C1+
+WitpjZncCSlS6jc0QnYpGeytIPY3JVq5I9xaaiBsKLQAxf+N2XSNzs/SoUWDNfPy
+tBlUdU9h8HmLx5ZB6OV8fF0G8jTH/kJ9qhOtzOBGuz26BwIDAQABo2swaTAfBgNV
+HSMEGDAWgBRZuWxk6vOuluq2UVwljzvP7fWTDjAdBgNVHQ4EFgQUKnl4yMYjPGWd
+wygY26eKCylWgpowDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUD
+AgEwAzANBgkqhkiG9w0BAQsFAAOCAQEAmjzrR+7LxCOYhqiancHFg4jAXcy8IQNF
+w8M3p9yWNIusPl3UwTBGf1o6nn7Pbp+sWPrqsdRETfOk+14+UpVFwwIu4tpNdNZN
+KQGsovaMjGdr1ZawnSxGg7s7aRaTA/EN66brxdWQosoDVPByNjDIqzLx89UIcEPt
+qVSK6UukAx6UqPPyZSj31V3VK/5zCvpaSmekzBdmRYoRyhTyCE9Siqqtqh+MOJYn
+QRGpn1qPp+wZAqH9x4g+lsuUVjU3mll81rwQGHAWke/ZAbUmzZIkw2i6G08SJUhY
+M6a3CsWate1y1nryzWjsVOzERK1X1dkKC5GsYm1X36COcZq+lkIshw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2A 05 D1 E1 38 BC D1 DA 42 C0 F7 50 50 DA 43 FD 84 D8 96 20 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,45343F863105C0DC
+
+jROO6JFmYZtrJFFPJ803OpyapdIAijSNsy44v78PGRCPbqp5qCErYohOUfD+o/au
+iQZIeAOqfJQA4M8PISN7fyIQjfCoKT58HJ2O3R1x65CkbL7eSC1VKkTvOcZed4v4
+kSCqWp66spB51u1akvAwd9EYTtdZh6HPFg6wf89Lpav1sagKX42e5A3E6WhUasdk
+/WGvLJiar6rRbrCxw/ydicSgM2VmGV4X+drp7OVr2Mgl6mJ0FTbnSFFMREUHncE9
+MHM30XIU1/Cm4cH3jUspYftlRmJetghwLI1MZrKONIHz4Ko5ZXgKA++6f4cKKnCK
+ycCXTj3NOG3VRor/auTzMZ2lqYFsUjjH3QnrfxSKvz1K7Jj81mkdRQDP47vAbi3R
+gNgg2r7vwRpxzQgoVd4Bl2cL2VwQMspXH9RehhuAoMcVOuRBWUKed2abtjwuNBPC
+nENtMKeVfovnbEVkurNVSAROmQ4LEf2XA4HnAIXOKN2TvE4Z64yhuZvU9r9Si5JW
+VEXPpYUFrgFCr9lvGzYQWl2lbS1r8tmZJRbLz/FWm++fXHt3j60IEGMREZw96Wlz
+dasKD/sx96PSa/8PPzwsGGgn8+fvTc3T9F4rQ9AVNlvEs9ynU7Nzxk5NxomgMqBz
+NvTVA6+jzzGP3rmIV0fxdnmTXHSJVb5Z47R34KMmVXBHQBcJ/4jjQKK+ayItymSS
+TYDGlde65C8YRUKg/OGSrUvhKAPh1hxEDza279vTV46+HFDO2uus888+UH/M81tY
+Qjks7kz3l7SjXD9tb8bsI93nI5Ab1fjqJ44xN8GMVehUCFDsrpgQjZzHHUPagXig
+zotyOh5P2OCFuANf1KNmkkbP3xHqGMMnfA9VmGZHMrvfrAh0HfmfS/vrtL9iuPfK
+j/xi7cTHx23FuAx+aUbHzu6vkvdu4pcZoieI9CvZuQwmSTHsuD3XzLEKc51rI7HV
+W6GxUDWb4bSEQMidT9npTtIXpjyGoIYkZyChqJTxqi6UQmvf20AONH88crHpaID6
+cBbtcHjob13A/yxVD54es943TCWFdR8eAhXEcmbAiayhRULWSgNKlsLykPHQ3ldo
+AX4gQKZWtxm/aIEGyoGcWQ14JAz1Seo5B/lmG23gKIs9gtqwXN7rslKPR1dhGFMY
+g2KazhBpXinjFXQayRatQVWjko0R7jJoTlHOewHm1JiQzOcphLugrDIwVKRAnPJ4
+MTpbRrNAJp+zAhoS0PUB51cYzQrWNzgslN+g9D90+fYEPxhTlNkoG9oeSJPdT7sT
+JQhe2tucqY8BHB17uSMsdSlXDJvryefplRtfnveO/b2Q8xcauj/1BSDAw5FNHnAs
+meunYTQIT+DxdD3HWnoJGj0hqHGwzfO3pnFzMz/Y2f0Wl7BBC2exRYwrMmXLFr5Q
+IdQd4FSpg12EpBo7DsMyMGG3VejUa744Lg4cHMgpvHmVnUMzE1a1Yv+KWFLyfxzh
+w44r9fdyveDrtHxcQbyz7TngSRUcQKLcoUwVK6jDWEK7AG8uM2VbuRJwDetqMVAo
+ucVr5gScU6tepyHwSsC1/kSG8YDFtnJtdNy0hhuWcSSAEUAsfwkHbA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11.pem
deleted file mode 100644
index 30cfbd8ac3..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11.pem
+++ /dev/null
@@ -1,200 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG
-A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE
-99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y
-emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID
-AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E
-FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu
-YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD
-OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA
-643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY
-Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk
-m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud
-IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK
-oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG
-9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb
-IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99
-pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICpTCCAg6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMHIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFH
-MEUGA1UEAxM+SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0UG9saWN5TWFwcGlu
-ZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBALCdOCljPs8W35hbzEaZA4tSBiEAP7TpJfmh7c+CyK7UORyXxmyvM6U8V4Gs
-PBqmswzgVMkMhosS/Bhk73RmCn38i5dNYizu/3yOGp9piOxNNtktH6bhKyeHq/wM
-hHhgiZhACGBZZDdZFinn4ohF2SmbpxFuugZsJPnX4tj1KZJRAgMBAAGjazBpMB8G
-A1UdIwQYMBaAFEGmJOdLRsqNTr1i/ZUfoEVERdaDMB0GA1UdDgQWBBTTdhSEDG2I
-nAn6zC50pNDdzdZIezAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATACMA0GCSqGSIb3DQEBBQUAA4GBAK/N3uvvde9B7whxXVd4IA0MSe3DHGLK
-n/OBEw3cIXCYST42xPqPV8mkuz82JMTlete1834sdk/ayNFUloeyXzQTAdDg1JoD
-s6Cq3DzqfG1sVcu3wcsYbmpq7zxjXAERJQb2xSOYTvaJC0eb8FSfY6pXWx57qak/
-EPSox/J2fkc6
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG
-A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/
-EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP
-uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt
-iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G
-A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw
-AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD
-6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC
-WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICwDCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEn
-MCUGA1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQC8nvl2y4d/yNUHP7aG5vOrKPi3d7UXdNZHRGzP
-KFYbJk+OVhNwnX26uR8hCEDDfjBI28f/541hjsDbgy60IS+nCklaPQkS5uD2R6Lq
-9WPZpnSNT+obNGFQqIuE0iQbBIXeXKy/E1lxCIQazKZHl7/QhjIso5/eRagUVF6m
-ahAnsQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFLamwerAUlPfhv1mSeS0Rr5jMwwV
-MB0GA1UdDgQWBBRBpiTnS0bKjU69Yv2VH6BFREXWgzAOBgNVHQ8BAf8EBAMCAQYw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUD
-AgEwAgYKYIZIAWUDAgEwAzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAKKfnJVgNVANlABGqhZPFB+MA6EeX9BLJIERR69poKaUCigLoIdovWQx9/sT
-MYvGE/gIulPhyTI2P+UM8yJHPmsucrlDwVwgyTE9WCsfVRZOV/DVqGzvHtpUGetp
-GZVUYWRIJtdAFXq1h04c6KSFenC2BqH6A19N8SkUyT9v8khC
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25:
-        50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2:
-        09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56:
-        7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7:
-        2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e:
-        74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86:
-        f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db:
-        f7:a4
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y
-CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC
-VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee:
-        4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51:
-        0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9:
-        c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64:
-        ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb:
-        cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22:
-        d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9:
-        45:a0
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw
-v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh
-zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11EE.pem
new file mode 100644
index 0000000000..df95d54f0f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest11EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 13 79 42 A0 AC F6 47 3D B9 5E B6 E8 5D B5 7C 8B 86 3B 91 37 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApygAwIBAgIBBTANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowdzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExRzBFBgNVBAMTPkludmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdFBv
+bGljeU1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDExMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA7Ubrj1mNP+NcBMyG2sr7H6cZ6y3lj+3xG6IfCsfO
+TWglSnkb2CjlNIx/NjcGYn1YNubiDge31rG7CZNdO61NGtYgFxiAl3DQtg2HR+se
+TWg7h8ZdTt6bCV2ccoGTajtCzKtfJbxEjC+ah94NvIk+IHcEu7JSf9A94efdSxnH
+ESeVTat7aPkW7UlwTUZ/ua3oJ+1WwdUN3KgVmB9mDbATCYfiRk63RL/X1cKQZr2C
+qYGnhh8ugZme/BgoClJrvDw0rYnepgPxYyV/XDTHe1F/KCclUCt2X74n9kwIGcyk
+89i9pk4Tmr4WWDkSViuBBym+f/SDxnUFsgg4d2k265vaWQIDAQABo2swaTAfBgNV
+HSMEGDAWgBRZuWxk6vOuluq2UVwljzvP7fWTDjAdBgNVHQ4EFgQUsEmMF+z3zVR8
+cNCXb40wgeCroccwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUD
+AgEwAjANBgkqhkiG9w0BAQsFAAOCAQEAShWF28EnDlNq3BCLCZnLPBE173JUcUzG
+W8M3dA/+WBXujtD0xCKDnWMy+2QVNZkiao4ovBJBhZQXVVhkv1lGulx6kpuQwv/f
+G8HB0esbeYOvGsRntOQM28vpioCKn2+7jG79SURwXGLO9k4QtQKEVrbOyQq+ki1O
+r4ZUIBsKnsQe14SJJWN/vqAOfvoA6StL6l0LHoGr58TZdEyqINecPq0Uw+KWQLpN
+oq//RG53Vm9P6yujzumBLf6llJII1izqotfy7jjFPS0azvJUO+LrtNMZB0Zf+8/L
+0yj1hgvr5+em6YVvaOX4kG8xBQuSNYLyPF2O9aUo97lqZLKvyNm7Kw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 13 79 42 A0 AC F6 47 3D B9 5E B6 E8 5D B5 7C 8B 86 3B 91 37 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,713450B885AEA6B0
+
+XUgfUQQxUwpHLBeZxdJ/HzBHng6cMez7ndN+8M68U02XwYk6Ypa31Ny5FzdCV6Nn
+tNDPlFUuc3aoH28fAcVccb0wFmsGYcodnYDqlsEyB4ednidgyTB46m4wK34kPH7H
+86wztEN8ruPKZIXUQM/blOC6NMbJsbFSGS0v+izolbX9ne3YaHqUJ/8/fxJ7HV61
+ZPk8f0xlojgbYBetrzD0bAzmJfTTjUgnBDTwE7HxS0lydnqZM6BBE59usDZ+n0Py
++TzRl5v+IE8aC9Y6n2LzxzoXNNdsIG/ooSmPYwx9lGFW1meXtALaGDsEKS/fJLN7
+N1CEOpatI5lKbpJX/g5Z3sKmFLdDaqlOBWaY4rqp3OeKmCDsDonu4urBfCwGmWMl
+LCEXXqsz51BtVoLiP/x1zzjdutgLYx3M4dV4qkD9hiCPeaq+BCz/N8nc2bKu/ldt
+j1jV+/xQs3VYNitR/lhN3Hg32m0C/VSZ428jJUMKbjXQBca5CcYN2yGEpLAC7pnG
+C+IW2Z1w4nBJfs4KCeB0WIeDc6KMPgsiG5Joc4LlGEssmMJL4fHENyiXnA48Lc/s
+jF6vnWSjOU9Lck/0aoJYhNMoXebVhOddexAS9vjl90IV90MYMBChcPVfzqRbMOWB
+PMX8z5RDOV4lcDfE1whYmkkjwnU7H3iMYXv3vCxropvj/YRk3cu7DCS9FN60BrNJ
+ybU+uGsTFog1Rl4hFP5KQ233dy9+cpkkgc8qL6QSUeO9iebDPEVyP8uiHv/n5Add
+yEQTuyHIy4EsAFmeVZV1A3zXi0RX0UoHJ/275EJhh2apV4T9hhvAkoOxy8EC2n8m
+UocPHdBs5HQXcyVa2nmiRwSnXm04V6SldsunJ21XiGMWAckDLfSxPYuwNgZxZx+/
+lrd20Ol1tj6vic5k15iCnNK+kaTjO+EkS4/0XrJBtve1Fa5HO2RVuLiGG3ddqfsY
+Zdy6pH4N0Sb6B7y1d8qFRcRE56sWK6bGwQH6Uwq4IREMwfNjWKYghl0Vg/qh6+WU
+djCXwySkWkxzR4sswSisAAFqH+NBdBPRgFU0UBy6ayggEO8Ry12UnDV3Ver/TmpV
+KX/tiZ+lz4DRHj+MbVMIOXJtpNxlfiByof0MMIRQ3RE6Jne/S9JCVqUWTLVb030J
+RXEa0Z0K7w+6eWKF/oSaNj4u7TQvX+sO9+DNYAfwVcW4XXnIfTUovsfrC+rYaQ6P
+/9kuB4vDmV06sCzCcBs8Xuq+wywAUJOu9t9xGNHmiEfCCcHrz/qx849flTIAFrvB
+yxR7KQ/4bCJu5f7NmdN6ZY6T5luQY7BRmE8Sf0D9IdpWxXO8rlmhnnk8NJeY4YdJ
+Fz8xaWb2AtvBcaVHkgK/mxlE0GuHVQqXUVf7p9N2Jy8wCbgk+YN6ycEqD0DTJHAz
+MhsSbkHICtLQ+hccdAZyzQjVnggzjfgrejJRKvguDvTa4kS2Up0yfo7IZWkQITfU
+iyKgd5gs0yM1tnUEI720CKYkuwVmgeB8PhbvKeAUh4aMCsWGtYyo6EoQdFR/RvLN
+4LcYszGIv8kVZtUO1jNinHSCQ0S+aMUwv5MkVzgstZBudIY59YUR9A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8.pem
deleted file mode 100644
index c6ef8e0f7a..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8.pem
+++ /dev/null
@@ -1,233 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG
-A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE
-99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y
-emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID
-AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E
-FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu
-YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD
-OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA
-643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY
-Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk
-m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud
-IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK
-oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG
-9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb
-IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99
-pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czFGMEQGA1UEAxM9SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0UG9saWN5TWFw
-cGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEA2ZkYyttS3QceAgvQBMI8apGZ8GOGdNJJrZmaGrXTlkDpRqFBGwv5vx0I
-D958BpDYH1LIN7/T0VKWubFI7UIsU8brS5aic8C92RXCvZM2QdGkQKoiWLE66AeH
-+Fy35j8Tkrk/hoO764l/U3eQB3MD2u4Hf5NuqRAGcngjWAJyIjsCAwEAAaNrMGkw
-HwYDVR0jBBgwFoAUfpdDpAJ93mWROzcZfSe9EqTz0KMwHQYDVR0OBBYEFDKnsv6Y
-5OcDK1R9UWEjFuJ9ytbxMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAMwDQYJKoZIhvcNAQEFBQADgYEARAcPbJvFFgARsBpZO6o4SSHkn4if
-ZfTlwL3z5foZWrjQ0JDVIBj6uz9n3sP0V/xTfR+ZYVH13WgaoIxBIRMhV8lzW7yu
-d2Zz/d98BA0wwE8C9yxqVUuPje9zLRlmAEVQcYY4eWMlFZz2d8XHyckt/LcrCYrK
-iNQtbHdgmlb3dDM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG
-A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/
-EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP
-uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt
-iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G
-A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw
-AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD
-6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC
-WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMFUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEq
-MCgGA1UEAxMhaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YnN1YkNBMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDzSzQEVqFvTtWkK35YRQKG14a/Ui8zOCix
-lDhIv5FBbG4G15V4laMoRYB38uWxU4/v0K/7UsU7J2ZQZA0iJNgZdYZmM9mMF//t
-37x13Zxd4GcHDbX0FoSgZUNXxSF/AUN86GXCCjrFMhHZAFgqLuYaust5NQdTk9Li
-tSFfyfRl1QIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFLamwerAUlPfhv1mSeS0Rr5j
-MwwVMB0GA1UdDgQWBBR+l0OkAn3eZZE7Nxl9J70SpPPQozAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZI
-AWUDAgEwAgYKYIZIAWUDAgEwAzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
-BQUAA4GBALHfJ6kZFXxW875Sui9xpPd2/OXVv4ltULYqS4sYa6iAKR2nNl2dwe4x
-g4crvrxXC8Dp29uqsmno4zOqNaSVjEYctbN3htkL/k/QG4Y9GgklkdqZosT2UXV7
-BI1xQXAiQVbBwcABjHTEAoW4flzUO7+GhapXp36TsEUOYA32+n5X
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25:
-        50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2:
-        09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56:
-        7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7:
-        2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e:
-        74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86:
-        f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db:
-        f7:a4
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y
-CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC
-VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee:
-        4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51:
-        0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9:
-        c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64:
-        ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb:
-        cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22:
-        d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9:
-        45:a0
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw
-v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh
-zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:7E:97:43:A4:02:7D:DE:65:91:3B:37:19:7D:27:BD:12:A4:F3:D0:A3
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        04:cc:f2:b1:f4:89:f0:41:53:c8:66:c7:4d:6f:88:a1:63:45:
-        28:ff:81:51:07:c0:ef:98:b9:b5:a7:9b:b3:77:d9:1d:ed:f1:
-        6e:80:66:f4:0d:cf:35:ab:67:18:fd:e0:10:7c:0c:06:50:44:
-        fa:4e:bd:eb:1a:69:b4:e5:80:56:a2:21:b2:8c:0c:36:6d:13:
-        ac:b4:1a:00:86:bb:90:69:00:ff:66:c4:a2:16:bf:e3:70:5f:
-        2a:dd:c1:78:cf:a8:cf:1c:d3:33:4b:b2:67:6d:16:96:23:3b:
-        08:68:e3:00:c0:71:88:38:16:17:7e:fd:fb:f7:5a:79:77:f6:
-        6c:f5
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUfpdDpAJ93mWROzcZfSe9EqTz0KMwCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEABMzysfSJ8EFTyGbHTW+IoWNFKP+BUQfA75i5taeb
-s3fZHe3xboBm9A3PNatnGP3gEHwMBlBE+k696xpptOWAVqIhsowMNm0TrLQaAIa7
-kGkA/2bEoha/43BfKt3BeM+ozxzTM0uyZ20WliM7CGjjAMBxiDgWF379+/daeXf2
-bPU=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8EE.pem
new file mode 100644
index 0000000000..7f8ad6be61
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1D 6D 26 20 E8 AE 2F 69 0A A5 F2 4A A6 C3 8A B6 AD 96 4A 2B 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YnN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowdjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExRjBEBgNVBAMTPUludmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJp
+dFBvbGljeU1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDgwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC21AXVGQebH8AHBIoewxwmy42xH3DuTS5GYC9g
+FXijp4jeOhdLJCM2uAzHMM7Qib+uSYR0O/Cdz9NKQ/Np9gudh49XgtGMzflsjSM7
+SgijS2qF97/TYv3wq8BkFjATs/PXJWo2S2VQuPce/yHzo63LO8ObEjnHcC1j4r5G
+LY7718RgxXw6NeJDSXOxwJtFjPLMrXEFSVOiPh0vbew3EM1x9ieqJqVwcSaiBUpX
+qIawbxJczfi2UqTuj9SVa7zuObF8qrDdhkdNUYOEFc2IzuVVIOskotPcAB4PwbDE
+HFw02dcwdFrG5BUHhpdvIOmEy5IxQXwMyvsd0Phv/kwqNw/rAgMBAAGjazBpMB8G
+A1UdIwQYMBaAFD5FdKKL0vFWjEYBZnhwJMYiwQOeMB0GA1UdDgQWBBSyFwdJn4xf
+l/2lQPJVfyRDZWC6gTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATADMA0GCSqGSIb3DQEBCwUAA4IBAQAY3dfWtAt0zVsSibvIAi3jQ4bHtVq6
+jSo+i/7Cl2E2qevfmDrS/uUPwjjUXLOsJeiyFIPl/lB8yNC8KkT0oEe1PTr34gLw
+9TTnLt3ZRdCbKqg2WRMv9Y1PsBgWTRcYED+/0U8UQxePr2pyHDetdpJuT+phwvRc
+2GvvJ10UjVJvRCVw521PuHwDyF8JBmpsJQSPOe/L+jnLWOehAxHOeI7CMaqsddpq
+JEq6LZ5ofOV7JaFJMxYscuj9mLRKcXTAnnWUp/9PzrUGI6wr1WG5OdECNwQHqO9s
+uxeEelksAhiqK4Yg1BFJeppQvyfKwd/Njw7ohwTYBcsfojiSLl2a//HO
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1D 6D 26 20 E8 AE 2F 69 0A A5 F2 4A A6 C3 8A B6 AD 96 4A 2B 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,63347D0B822C10C3
+
+HPQLqJ3F6WsoqOtawonx9WdBroYveRAPN69bZFHKZ0pygr/kwvoCe7hY7FWZP/4k
+JlmpQ0fVTmh6nPRcl4KLc9Dk3CoJYLZwejlKMhjpF5SEBMuoYEqZYC8MGgV4NOZt
++KLZCxTsgXVz1HOXVbXXKZuWaf+X2ecbUPU71/aij6GZzYQ9uoJAZ8lPmW4T2Ndd
+ibtiMvwJO4R6V6CTdGvfaaQ2wrD0h5MsR6ZZXdLLKyu4KviFQtX5kOhn3K8eUFTT
+IDLmnE7mZahEiKmDDQ3p+eO9xlgUihwG9L7l2hXaSHvxEtdglqAPW52Ym4gzKzfD
+LJlA5la3tXz13c+syqO80xkhZOs9ZAJJYvvrcVG05kFWADr/Mx6qeik52uMdizVk
+a+ugMhLzdnaMQDGbH0DPaes0mV7vqkVv+3M9Zhad7S6VpqkE10SMy0zpOKuNdPu8
+ZpaEN/DyCwLGcpYRs7KnsCnI7pZV0stizEGx4SzuMiL0JTEcky550fxGVO72GLlM
+RuMHohNxAB9ie5kCJoM5QiNGaDaw8x1k0duTSGpsN+ZDFvE/0KTq46Mwumfx9cVU
+mPhkPiiJ89tQx7Ejv9wUK1J4w14DkATQyAEueZePTQ04YMF/spBGXb1YtaMqhbpF
+HDwcnwL+dXH5N8R3HBxUsVKk6fJMM9VfzmmJxw6g77quo/amRsQqQBptD8pBDms5
+LziokjnLT7Jpmc2g44HtTTwKFmFi1E/DZTRQp3nx6WcsYI4o8waHDk2KSY0A4ll0
+2OgNYwiEh5J60dsxMebTORFO/DsATVHE3kCUGvS0I2uwnADgteO8jrTCRaw6Mq08
+VucKsKddHLiC6McgdQukFiRq0w0vr1vcd+IWJwTSlHcRheDWOfaguJYoX8SMBPu9
+Et15NwYkYl03cZB3FNPXhUouRqYIwL85dNCdYlyp43hWQRg/LX+ENaSNr/hJ7+ea
+9f8jYvH1whWj34YKVYpFfbXu2yJyvw2Tz8yTBRiKWszcSXm/uXRJczIzWZFfWRp5
+Su1Qeh6CBjpj/yXd68xsqdOc/akI/ftZvrvklJxbUcJ7u35oTvcTtUE8k+aIvGBU
+HvA+cX/Jg12XuYFRIsdHaxyocuWNum35RY9IktqEkcc4xhY550kAzCvgTFawA8fj
+ODQexc0n8SEc3a57VpRnXLPRe7uKjvNeqjbymRrFhohyvB1pfqgFGKmAb7ppUk0d
+1KIART1MaKtG7/IbddaEmyZ60QaP5N6UtiOWbtZHMSGV265XOoh7YWiT15F9p5go
+voqg0d/RHqlxisDcXOyTS3c3dWsqixFEoocEgocpDVCQ8I6VB6cQ8bCicwdp2AXQ
+c1cTmuOlQHmnQbGR7wahWEauEMMa0QUFz75hEQO+qwygtrTxwetTmEzXlVVU2Ruq
+56Hu4IjlXrYpC2NAsE79hmbguTGZkdlCbVzTC/vKjKaOJ6KlWUDdfbgHFJzRkSoJ
+uC0D5I+fFy6kdBpavlCEYktrvR/PnHVRtrE32i3UevEsfc80+n5QENqutYS40d9P
+tL+xPb3QYYkiLbgfLBf2vttk52aImULXlPQWqzf288dSE+WUKaExM/qMVii0t2Ka
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9.pem
deleted file mode 100644
index ecd49f4f58..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9.pem
+++ /dev/null
@@ -1,233 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG
-A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE
-99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y
-emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID
-AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E
-FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu
-YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD
-OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA
-643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY
-Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk
-m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud
-IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK
-oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG
-9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb
-IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99
-pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czFGMEQGA1UEAxM9SW52YWxpZCBTZWxmLUlzc3VlZCBpbmhpYml0UG9saWN5TWFw
-cGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAylxeQoRBPgPQvR6PrLfrhYdQPa+pAircmIyNSp/en2b65foW6Dvx/sHc
-Y9lLvbx48Dv+XPUR4a0xsGGvX0GBy4GOUv+6nqaFOdce8VYwmIFybQGDaxoqytYo
-bhhZZD8g6dfyWuWMQ5LUt5vyIL2FbCnDevgD/ivnIwBKJFEn/B0CAwEAAaNrMGkw
-HwYDVR0jBBgwFoAUfpdDpAJ93mWROzcZfSe9EqTz0KMwHQYDVR0OBBYEFN+F7ghB
-89TFNj8vas0p8wMYmcU1MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAIwDQYJKoZIhvcNAQEFBQADgYEAKODQTLmhlOsijlIfpBZNXzohZOzj
-J27r0eok4ACPAFNwUCue2GMNerlrKqHiHChov8zvh4AoQDfcZBwRFcGnRMq8QyDn
-EkxvE9P/4Ib7XERwVDPmVPgvQYvcqC7hz7B7oYO7rigckrroh2X2x/tynphxnIRS
-6Mpc00/1Fs34Cv0=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG
-A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/
-EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP
-uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt
-iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G
-A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw
-AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD
-6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC
-WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMFUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEq
-MCgGA1UEAxMhaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YnN1YkNBMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDzSzQEVqFvTtWkK35YRQKG14a/Ui8zOCix
-lDhIv5FBbG4G15V4laMoRYB38uWxU4/v0K/7UsU7J2ZQZA0iJNgZdYZmM9mMF//t
-37x13Zxd4GcHDbX0FoSgZUNXxSF/AUN86GXCCjrFMhHZAFgqLuYaust5NQdTk9Li
-tSFfyfRl1QIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFLamwerAUlPfhv1mSeS0Rr5j
-MwwVMB0GA1UdDgQWBBR+l0OkAn3eZZE7Nxl9J70SpPPQozAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZI
-AWUDAgEwAgYKYIZIAWUDAgEwAzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
-BQUAA4GBALHfJ6kZFXxW875Sui9xpPd2/OXVv4ltULYqS4sYa6iAKR2nNl2dwe4x
-g4crvrxXC8Dp29uqsmno4zOqNaSVjEYctbN3htkL/k/QG4Y9GgklkdqZosT2UXV7
-BI1xQXAiQVbBwcABjHTEAoW4flzUO7+GhapXp36TsEUOYA32+n5X
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25:
-        50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2:
-        09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56:
-        7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7:
-        2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e:
-        74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86:
-        f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db:
-        f7:a4
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y
-CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC
-VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee:
-        4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51:
-        0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9:
-        c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64:
-        ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb:
-        cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22:
-        d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9:
-        45:a0
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw
-v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh
-zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:7E:97:43:A4:02:7D:DE:65:91:3B:37:19:7D:27:BD:12:A4:F3:D0:A3
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        04:cc:f2:b1:f4:89:f0:41:53:c8:66:c7:4d:6f:88:a1:63:45:
-        28:ff:81:51:07:c0:ef:98:b9:b5:a7:9b:b3:77:d9:1d:ed:f1:
-        6e:80:66:f4:0d:cf:35:ab:67:18:fd:e0:10:7c:0c:06:50:44:
-        fa:4e:bd:eb:1a:69:b4:e5:80:56:a2:21:b2:8c:0c:36:6d:13:
-        ac:b4:1a:00:86:bb:90:69:00:ff:66:c4:a2:16:bf:e3:70:5f:
-        2a:dd:c1:78:cf:a8:cf:1c:d3:33:4b:b2:67:6d:16:96:23:3b:
-        08:68:e3:00:c0:71:88:38:16:17:7e:fd:fb:f7:5a:79:77:f6:
-        6c:f5
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUfpdDpAJ93mWROzcZfSe9EqTz0KMwCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEABMzysfSJ8EFTyGbHTW+IoWNFKP+BUQfA75i5taeb
-s3fZHe3xboBm9A3PNatnGP3gEHwMBlBE+k696xpptOWAVqIhsowMNm0TrLQaAIa7
-kGkA/2bEoha/43BfKt3BeM+ozxzTM0uyZ20WliM7CGjjAMBxiDgWF379+/daeXf2
-bPU=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9EE.pem
new file mode 100644
index 0000000000..9529a12af2
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedinhibitPolicyMappingTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 03 9C 43 5D 1B 7D 07 1F 16 A4 A8 35 4A F8 11 40 8E FF 44 71 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued inhibitPolicyMapping EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YnN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowdjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExRjBEBgNVBAMTPUludmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJp
+dFBvbGljeU1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDh7DaIU7QitpglwGQwVBh4gziggxUNZYv4N9CF
+ua9cMz1wtL8igEcrkH3bS7ExC4XDquZH5UQpQ/rrMvW5McM8DB8yoHcDq6PdTHts
+swQ/IhF9IxGcHYlC6xXf2IDFk/QVa6PGEa8a+M///xPK5m3ikh6LJDJhWwOjcYyh
+uOh8CR5E7qN2F48w/Rn3JkOVEfYzR+x36DUE4qYZ9prP1EE9f8zurYqPNfGRRfou
+pSANSXjvEd4WJgWeL6Hc0KnEbxTvGywdIZFopeyxyWFpi5Dhl0XoM5ViS5IqL2yG
+6yJgtrnhkwRV6vTRr0pZlHul1LPLVf92wGHGe3VdiXRBwI7jAgMBAAGjazBpMB8G
+A1UdIwQYMBaAFD5FdKKL0vFWjEYBZnhwJMYiwQOeMB0GA1UdDgQWBBQGUJPs1t5H
+/XdkaQnJb4buZH4dZjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATACMA0GCSqGSIb3DQEBCwUAA4IBAQBd4fpr0FEBAS7pX+anaaynR6VwZngp
+VoG0SZ0FUwOTvUAU80cI8G0QJCcjQ7Ho6/KmeKznOb7zXJj0j6bmdlUvOTTQCDtd
+Qh3Exa0x4Yv1s/wp3FVMFt8kc5V31ABQDj480IrFjHW5TZF7lsSE3eHpxKkl70oK
+idmdbcVUbLHRm1+S8RYAUMrQn1kJpnP61URJZgiYoFzbCYgcswaIrf0oFZwdTZ/C
+ueXiVLJdlbVkYp4u6FoC77Oo7vcIe8kw8i1byu2PaOmIjpmI4xjOBlYbwnqOeG7X
+Z3vfgaVVMZ/fygknW+LpZZakKSnAkDun7Pm5WRNDCiRRn8rVL0NIYnuK
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 03 9C 43 5D 1B 7D 07 1F 16 A4 A8 35 4A F8 11 40 8E FF 44 71 
+    friendlyName: Invalid Self-Issued inhibitPolicyMapping Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E7BB37E587E6FC08
+
+qCYMlRWoxSwmtR9ff3GkkMZm92syFY5jMFQmaddFj3gBagBR7MCMlL8t8MUEvuFA
+VCyYG9xfgDyAGE4o0ALc4jy3ZQG1wqf1WuUeNxNmx1JHtmGGvUIIkIK21hIQVWP6
+1CgGOh1MoCOp3SEI7bBTC//3rqdelq1QvC0tCORmbFZYdNCn0YUjwmLOeaWh1VhE
+YK5O21MUkkcGOaeDEvq8TNQ8GXMCZQVYa0ooselhZpFG7puKQ3Gm4D2IIqXOXtnv
+HuUlxpCYedxF7ggNkJRLhEDYv4HQ7jyHiRompH8dYVTNEhHSw1ivI3TxVC0Rbd0R
+jspNZL3rn8yb4Lf3yembLHLozmREBoKArQPc7rY2SGeuz5lG2szibuJLTkx3qMGt
+6agb1wGVfdlnTd1AOgUL2ChoYiMR56IJFcNzbkfNI5jGuq4TaIStkgdWygnQGJzS
+N86elMc+LgnCUI1P0HZm4RzLV5MTrh4N7MK56rAU6OVCRSLPSqN7ds8V54owjHBt
+RycZLp3E/7o2m93Vp+/IcLSpuVHs3aW0hA49DbOH4UyONIKwSFpPfsfFRIgftrCy
+Tc1AD6rEuJzmbbHPeiB1sxbgSxMPL26r+DiDBwTo61FpGWAoRPEbBptjFzLyKESi
+B6I/DWpIIJLSq0uYtTpE1JzIYisK7GV2YUf2DcmWOT9kfXLlsLNGWOalk5taYuft
+T8vVPcF+ALXQElcr0Gf5WY2UnpWDZ8J2rQZvJZHYVm5SsnvmoX48aUvp1+HcC5BR
+2GLM7bMerNvLQDGBtFrbvLwhFDxBJ6b4MCQ5lLa5siw+tUqRoLJl9IbzruH1mGoe
+zilz8uYUeJ9MGy8vMkxFbG+LeQLQn6bT+3WiWjJoB3K1foloZHOHHYwjiUaguMWZ
+giMBC52RYZRfFI8TmwReTreJFFuEsTwceUaLKg1mlHq+c32MRrNb5133ir863rFu
+tKy7PNe2buXgC1Url8BBC9C3UYUy8ISVLbdUfWmjfeqBrk1uWRdGsb84ZvxMfVzw
+iBbdXCayyMX86PlVCp6NboTn/K+Tth4bQQx9wRSB+sfr/fe6eDnaIQ85LsdoXr+k
+sJ8pOoH8DtTwbiQRsTh6pnivOiN+zTJK4VGDT+7AeFBjRRi7sMF9AkuZWcNiiKj1
+bbYJAEMNVC6bioxnWb4240wCy1TBelFITStR7RtfnVFLTmV1SmFtkLDoGqe80w6c
+I+zPVrbTgoHfa6U7fFIFid5BEhf1oKoySYPV9JlFTvwvJZV7W7EmRx6ycH62r/1u
+lauM0tFYhhuwWvmGB7ha5uHne9wKPb4rJrzApG1lgQEi2IR/MYBGj1UkILAqx7sv
+3VxBP82zMKJ7otH1TiiDMPWqanj61jUFfGhKx3S0SpDNm1jklIKtO6U/1bC9T7Xy
+jXw7fVPDpH26/gBSycX199ve96uvolzAmeF1qY9PY1CF2fnJNaZRzoo6glAfNr5u
+LwCP3jKOT8YRVUfLDMKJlWU7/8OJDR5FQCIjjaIDaue5dzRQYPAmmqd69h1QcG/7
+bdJOy46SR5R0dMV2BpGkf5T5Vk7oP8I0I1Qtb6hy0Ew90HH5Dhut6kHr7Sju2kPm
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16.pem
deleted file mode 100644
index cec2eaaf87..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16.pem
+++ /dev/null
@@ -1,179 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk
-MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w
-LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1
-RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah
-b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt
-BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr
-NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE
-6cbcSe7zaz5qdojy0B72dLHC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMV
-cGF0aExlbkNvbnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDDqMCqoLUxLw5wCcxhD3+5J80k2C5ESu+Co4n3V3Nu2SyzcfKET0wx5QvxYm5V
-bzsntf6IudJpfXgzxHIwJ4i5v+Ycc8NYiqmCNhsW5sFRzhjQDyTWu0fEYm+tmyBv
-FavwXAcp8ptUMElDMAv/bKSD+7MDC9uHZQOmVsY0ndcNUQIDAQABo3wwejAfBgNV
-HSMEGDAWgBQhDLUBdnbTsyqsJvyqpk/y1qFvSzAdBgNVHQ4EFgQUOK0lyEJa1w3p
-SvQY5iylU6RQ9EwwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAA9NjcDXXcF4
-FXkwZWIDYtowLXCpbshsU80nGx0/7QVNApSTnUq9pe0t8qAClcYZuaXgB/uYINl5
-qozAW6KR4wFaNUv6mnm+0ppWeiTnIn5O37IycPbAKVZRhauf3p/cTkZ6RZ3MJ5Q+
-fMTJscvSXtMhU+Q3Pp5PGRXlXhs1zFNp
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA2
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBBjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQwIHN1YkNBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAsFRY6folIcigIrpQ/iMlyqdk9EBMIL6NqCJEqkvun/36zcYeHsPv8t29
-hFHDBrhQT/Fi+9MNOXx0uiJT0cetYETo/HiiAqub27NG0Z82sxwsEiLASEWZ4ctu
-8AIom0mQl11rsK/4z4OemcI4Mxh5j6fCiI1ouogv1Vx4us4ew/UCAwEAAaN8MHow
-HwYDVR0jBBgwFoAUOK0lyEJa1w3pSvQY5iylU6RQ9EwwHQYDVR0OBBYEFAJSemtC
-TrDjzYKlY89uAwAjlIk1MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCFLUIH
-3Nuh+TAs+Kpg/tZTFK3cl2DGM1+W+wnsgn3pQhJnqIYCI/iAuPRs2bJGH1lQ0CTr
-HAQU9y0kmWpsNCzI6k9ZyuLd2w7MdXezVhjpE3iwAQCnVG1vw0MTFGzyR7wMeWp0
-Ejrp6mVdwu8LV6lngeqmNv0QNjYSutrFAsDHUg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued pathLenConstraint EE Certificate Test16
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA2
------BEGIN CERTIFICATE-----
-MIICnTCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50MCBzdWJDQTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBv
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRDBCBgNV
-BAMTO0ludmFsaWQgU2VsZi1Jc3N1ZWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2Vy
-dGlmaWNhdGUgVGVzdDE2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfnEYg
-5tV8iksMhoNkR/PLNDStGXw9l6sTCiF+m+EF+/pDeN0Y/509SepxvXOZbQ8D7CkB
-PfgmSL8hs0dxdE3Fvf/AjvTFyyjI1q5wkFXd/qWMewquuMMm2j+FWn0fmSoFnyM6
-EEYvKLhqj1QuWiJJN/250ngjuufsh51HnlR/6QIDAQABo2swaTAfBgNVHSMEGDAW
-gBQCUnprQk6w482CpWPPbgMAI5SJNTAdBgNVHQ4EFgQURA7pZi8vxURs7KKf3U9B
-ItsxSAMwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAN
-BgkqhkiG9w0BAQUFAAOBgQAweIEFGj6V0Kr9Dz4wEyhUVK5bf5Frg+J8ap0YnoNT
-EmoLFqQtKPB3MVfcUkXrZAY149XFJJLI0v5VCK2mBN535do/Grxve2MMW8BbmmU4
-FQOKJruMJARneqYEHxbZUEmBvEoIoi4C/2SLxO7hOnhpiK+6UsetU35F19FPfGVp
-UQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba:
-        cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3:
-        d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f:
-        53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec:
-        b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80:
-        3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91:
-        55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da:
-        cd:a2
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6
-rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA
-Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:02:52:7A:6B:42:4E:B0:E3:CD:82:A5:63:CF:6E:03:00:23:94:89:35
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        23:10:0e:ae:60:60:7f:db:a0:d8:fe:8e:bb:0e:99:db:df:36:
-        32:a0:54:7c:1c:ea:79:12:34:f1:a5:cb:75:f7:4b:d6:5d:6e:
-        df:56:9d:c1:d9:a2:a1:ab:7e:53:ac:ab:4f:fb:61:c6:86:bb:
-        60:ec:f2:44:14:49:22:54:6e:5e:72:96:23:b0:bb:d7:8f:e8:
-        4b:c1:5e:f1:16:d7:1b:2a:68:ef:ca:25:1c:63:15:21:7b:a3:
-        80:c3:50:97:f6:41:81:b1:ec:5c:5b:77:b2:df:1c:cc:48:97:
-        61:56:01:b2:9e:6e:8e:c0:89:05:82:7c:42:1f:61:34:e8:12:
-        c6:72
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-MCBzdWJDQTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFAJSemtCTrDjzYKlY89uAwAjlIk1MAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBACMQDq5gYH/boNj+jrsOmdvfNjKgVHwc6nkSNPGly3X3S9Zdbt9W
-ncHZoqGrflOsq0/7YcaGu2Ds8kQUSSJUbl5yliOwu9eP6EvBXvEW1xsqaO/KJRxj
-FSF7o4DDUJf2QYGx7Fxbd7LfHMxIl2FWAbKebo7AiQWCfEIfYTToEsZy
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16EE.pem
new file mode 100644
index 0000000000..edf314a84d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedpathLenConstraintTest16EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 16 21 0C FD 5B A4 24 DF 48 9A F6 49 6E 38 F4 BF F7 79 21 9A 
+    friendlyName: Invalid Self-Issued pathLenConstraint Test16 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued pathLenConstraint EE Certificate Test16
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcGF0aExl
+bkNvbnN0cmFpbnQwIHN1YkNBMjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMHQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMUQwQgYDVQQDEztJbnZhbGlkIFNlbGYtSXNzdWVkIHBhdGhMZW5Db25zdHJh
+aW50IEVFIENlcnRpZmljYXRlIFRlc3QxNjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMUAJaSBrAZoZKqqNKxkwBcU+6HyF8FbDUmVONn7QXBreqY5hP/u
+iH4t1VgIIQfYuDq4KuFG8w+j8XlwNyG1/LRipLXAGFPTthfve4YqxksDMlEtjKEv
+6/Ed2/u27iRmTN4Xclfae50TcS/lPI7LcGhA3xb8i1zRV9jhwSOze/lUrH7w7XTd
+S0l+PZXwjFlz4rQF0nglux9GWUIIfi6j98lKkSlozIJ+i9UheODwktnaLcYIJdvW
+fh7c5g023RzmkF35VetdYnalZRQuAoqxRMMMJbUP4fQdHePTSG4N4tazyjeFebnE
+bvZcaXaTpXPe4EGW4oLQQ4yg6RP5f3hQEkECAwEAAaNrMGkwHwYDVR0jBBgwFoAU
+xgkqG/u46T5oYHrHl86zWFF7dt4wHQYDVR0OBBYEFPfHm47xpBBMA/uidLHze1WU
+6Yn1MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJ
+KoZIhvcNAQELBQADggEBAEaV6lhnnBOu4mwaZuNF2UldqMeLtPZchw0uoVW0fwjL
+9BLVSV6A8kwJnxINPrpcCOY56IHjfYR8cT1cbGRABEq+FDsdNFhRLXnUWnaPprGW
+fZo/Fb1KS6EfGupVp2h3jKG8fsSD81KfRaJNc/jbEJi0vKoHIlW87/SHk1B2sN57
+wMWG1d13zwbVULq34Dr125HMU4kgvvwyBPx2pf3tf4mAeXK8WlLyu5s3aTrLACso
+ZYRkh6hcY+LNx5nUa6xwU6LmwNg6VgnHu4aHCrjcofFDcF9Ww488XisnugMVo7FR
+8QiAz8k5MWqiBbvpfHkgvWLOdpj56uvH+waD3GjD+04=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 16 21 0C FD 5B A4 24 DF 48 9A F6 49 6E 38 F4 BF F7 79 21 9A 
+    friendlyName: Invalid Self-Issued pathLenConstraint Test16 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A518FB9EF9ABBD73
+
+bCPVUoj67Xsx51BOv9b+sk6qYULYNCbXCXzMs9Db8Aos1p3jz24J8z2RuPss3WuO
+AewIRUEoQXvJ1WomHEfON62mxw7RSi3stDFNLpQ/V1JiMv0WZzUQrIynJIXxSoGC
+rMIkBHvX3kV5FnImE1AwU1YXWwtR8Hi4vpZpQzwyEk/nR5kzVPfHmbflje8yy+aR
+ZNEpxrlpceZ3KcroyAItehWl0LbLutbFeQlWIUp8rh4O/rjoBvmiOR66FpL3KvKI
+gh8tOA575bG+dMBGOBvDFBSjP16VBxtg+goxkCBqDz3j+k7/VVP+N3FcssR5Bq/V
+3uqRLUuxQI8dsn+TY6UcGrJTNd37Lizb6z9rjxTQzGlCX6cOWeZDnmfIpyETNLOG
+e1q4/OB2ru+z2Os4N8wuBVQYFhO4RcZja5MkTut+e/gi7LS1Kpb2F5EfyllL8A6u
+BPj8HcDe51devdgojvwaq/0GwYR+DtvYfhXm0TwgqorNWhp3LTjw0ZAQxL9IX2Sb
+cBIwIR6TVIoHbFsOQUzsyZSujms7nRM3Hrmfod7Cv1gNRUJiNurQDKuOYFxj4Dlr
+vhDgQ5LxTPu2QLise8tS/a2wDhyVZ727D53n+iLSGZFEiIw2FMAZbG1nXTv46KZ1
+J/oXU7OSvKyKRroGPuXIk65yQnLcmINfgQgTeB8OpKEL4Wsyx9MHsRAMGhFLpYUI
+z6wvPis5Vi1hk0KTQOYFSRe2lRJpqAdgmxPyafRoOFwwJg1wqpqvy1kK/PHUbj/i
+r9biXV8SZ/6DBKdR9bqZm8EPzLx4Gs7ZDl2uQp/tSAuTKGPoBKzGIshMmC1/RhbP
+H8kb3uUu0VSgOQgU0d4dDkhLjYpEYRTkCcX6QFmnBG3GcNC9OyZeNvSyU3IfsTgD
+2DwPRkTF6HeLGSV9sQHM/+TQsof+wEnDEFmXdgdcMmBWzmOC8ljExx9YdWiocjz+
+NlJDEovng6ks3DNLf1xtsBDOsHarPwJG+spPQ3pwoyww9PrRYXi7VCyhxjMb+JbV
+xuxSFQiy7hdPZb3KGC95obRYXU+x+pJNaZaiU3jXMvo9UjlawHVxqr7h0pTTu/uD
+IeBshxhA1Ag/V+hd38Lm06lpM5pr6fXE73s6+ax4e+it6OEjUv8RkPSOpWcoIieD
+Ooqpruqq8KmXx1jpcxmCGyrAEGvzpFcc1/Zh/mO1G8cEpEAtEUQVhYMScKqTr0cH
+0A8Jy56wpolGumTNlMTGXFCzfemfrEchinpYJtRJzfdfcynjvtn2amrr9sgBk61L
+GL5kHYbBa+juZbIIKcRrNGZTpGkJcVgDs2hRkGQ9wjTfAmmVbDL2nSDR075u/SMC
+4wWX8JrSy2zAjN3gOxbmaJ2JlwUAqXE14TF/Lz93rJbh+bAfGhvkkaSArSX9CJbW
+c2Bv8GiHwUH2ZnFauxFJo/SrJDsvKj6AQlqn7vZS9dKrnscThEWRhC/EHWR/Y/Rc
+LYYoFX2aMNsY/xdyO1Wta52VTPBpoWHNdnEVTwhumd4wOWZj5R8l4iDWzyTxEwrU
+bCbEMR8d3sXJZI6Nmz1x8GghU/VVEItNQHS0FqwqPce9shcBpWA5+7DTjwPgYl4H
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7.pem
deleted file mode 100644
index 317350f047..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7.pem
+++ /dev/null
@@ -1,178 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued requireExplicitPolicy EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjByMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRzBF
-BgNVBAMTPkludmFsaWQgU2VsZi1Jc3N1ZWQgcmVxdWlyZUV4cGxpY2l0UG9saWN5
-IEVFIENlcnRpZmljYXRlIFRlc3Q3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDXic0buOl4pV10DvAMBMgoZ3V0agmq+0F+nQLwUbtdeSIl99vQg0Mm1p7TLuBE
-ABo1EoiXuHlZCog5DA4XokYy6FpTEonY7whLXSUYYCfOzPAvG9v83mIGwoIlGyAf
-r80gVbCuYRpW2LcaqwmGiplI/k7AW4HgDPnPNoTI6wndIwIDAQABo1IwUDAfBgNV
-HSMEGDAWgBTeKdbm40+XHQOoOqbqTeRGX4+CMDAdBgNVHQ4EFgQUq/kyDfFv0NrK
-Hsyq7J+/np0Fn38wDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4GBADdS
-qEYYNaD9ukw0/coVvMDpPV7exx7R58ORlWTm0f/OMOI/dQv35ePIHaJCgInLtKgZ
-/e6UcxGi76E3j9oFzHjd3B9LIYeleJD5w0oASN+63KCbbtpVphjTo7KdsJUli+Cl
-WZJMNDS1X6486Y2zjJcQZ6F8SWW3+ij1o/JqEyfq
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBN
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNV
-BAMTGXJlcXVpcmVFeHBsaWNpdFBvbGljeTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBALnxr9bA0oGlaihhiPR0d8F/y9ai99F6w8+DtAfGlFtJ4WU3GPih
-ftUTRqZelcu+u6hZgekMwVhjUHyo6sFt5SfbCzJEmjWxI1anTrGAAcH6pG7zF2Z0
-iae8kVE7C8GOgwm+F1Y1RHkw8Wz/UbZ4QGIhzA++KPDi2du40LEGD4BZAgMBAAGj
-fDB6MB8GA1UdIwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMB0GA1UdDgQWBBQT
-5ozBKw9nS0x6HQ62wCFaJJlQhDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
-B6X+ALEMO8yG/lXfGuoX4XPyaZrb1A8oWFk2ZNCx9QIzI6CQ0vRfO47TF20iK5wr
-HN8y7yXpJGZcNTa5+697/kRziJ/zrNiL4b4BP6QRxYv+3Edq7FOb842JguqWw6nP
-SfsshPhMilo3C4X3PESiI67m18AlqgJcYcmemF1R6Ng=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBAzANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV
-BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTIgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAJ2xj97xq5PBOjaij1jBcMKFCjaRE1wlUR+5Zz8QkwCtipee
-6O1spOPGECu/sOzZ766YgD6B9GrGQsjXYGzHSxnOl8rcgpkeN99/57f2LYSLxKfc
-/qvcMvgHk6SZiGtpkYOvlLl1r1qUMedtPK29920CI0sp5sxygDaL6PgMvtoVAgMB
-AAGjfDB6MB8GA1UdIwQYMBaAFBPmjMErD2dLTHodDrbAIVokmVCEMB0GA1UdDgQW
-BBTeKdbm40+XHQOoOqbqTeRGX4+CMDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-gYEAH0fkK5ieWFtKe6g/7cN3kI240vvPajxZTkTPnacLXOL4nCfA7kkHnhVVIgzP
-liF4TQ60/yMlUBSBBgTV3/AaMaSO4eZlEdLkKchYp9OwrZ9dfyKdJW3wuEFyGKpZ
-6END4vk7F87/ZyFQNkhMPLD890f4ArarDhqw5eHuFoarvxo=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBLzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5MiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnrdC
-9sroeA9MJlV1ukIu8XNT9cUF70XCDwxMm5vKZZc2+XVNwgxe4aGse4bPdZ9okZ7y
-2ZMuLyDLEBZaA7GsBzG6snQRgHkmMFS6v+pC3ep9ieqtpnrP3b1f743Y1jFp9zvX
-ZDoddeI/xvYF/73KgiYdTFPLa9ARaKiwpQPMXyECAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUccI8Tjs1Yvclh5+9
-owEeOOAldMgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQIwDQYJKoZIhvcNAQEF
-BQADgYEADGhYvyIjl02LK5PZdbH9TrAFF66SGgdk+7nl93vr3XB9UnpvJqUfyG55
-ljoX+kKaRd7Z2O+GLTMmH+tqjMQ6bW+7RawMpFVzfhE3EdAr9/K31K6Q6lft8NuP
-wgqhDrrVqYMPa3YM7n+ebATJ0DJ26evfQu5HfIL7Cs/w+CpXi2E=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:71:C2:3C:4E:3B:35:62:F7:25:87:9F:BD:A3:01:1E:38:E0:25:74:C8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        95:0a:96:af:24:83:ca:92:a2:7b:e7:d9:50:bb:49:ec:22:19:
-        7b:a3:b9:3d:5f:b4:8c:5b:76:25:27:88:6a:26:24:c1:e1:cd:
-        3e:b6:ef:b4:0f:ef:85:7c:0e:95:9b:13:fa:dd:c0:bf:7c:fe:
-        e1:d9:fc:2a:7a:2f:fd:48:0d:11:58:69:6d:5a:e8:37:26:30:
-        67:83:83:90:4c:b1:9e:6b:1b:04:d0:8d:60:42:88:13:25:91:
-        ae:42:24:ea:61:ba:5d:34:6a:7c:22:6b:be:cf:2c:e0:67:36:
-        db:28:0e:5c:be:bd:7a:75:3d:ac:cf:3c:9a:44:8e:ca:30:7a:
-        e9:97
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAJUKlq8kg8qSonvn2VC7SewiGXujuT1ftIxbdiUniGomJMHhzT62
-77QP74V8DpWbE/rdwL98/uHZ/Cp6L/1IDRFYaW1a6DcmMGeDg5BMsZ5rGwTQjWBC
-iBMlka5CJOphul00anwia77PLOBnNtsoDly+vXp1PazPPJpEjsoweumX
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DE:29:D6:E6:E3:4F:97:1D:03:A8:3A:A6:EA:4D:E4:46:5F:8F:82:30
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        85:5f:f9:84:20:e3:84:f0:ea:6b:4e:78:c8:18:98:e9:17:56:
-        9b:ed:99:2f:d5:94:89:60:a0:11:82:40:e0:7f:94:0b:36:76:
-        9e:1b:88:e2:bb:e2:41:81:cd:f7:66:e4:85:e7:ad:63:d7:e0:
-        07:7a:9b:4e:54:27:76:49:c4:8d:30:07:c6:ce:6a:e4:b7:d9:
-        f5:9d:94:02:e7:91:5a:17:bb:ef:23:8a:66:20:27:cc:34:f7:
-        3f:e0:f0:57:43:1e:72:4f:2f:ac:75:48:a6:ab:74:19:95:a1:
-        a2:38:5b:3b:6d:67:4b:69:6b:01:ca:96:b0:76:83:2a:b5:1e:
-        c3:fe
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFN4p1ubjT5cdA6g6pupN5EZfj4IwMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAIVf+YQg44Tw6mtOeMgYmOkXVpvtmS/VlIlgoBGCQOB/lAs2
-dp4biOK74kGBzfdm5IXnrWPX4Ad6m05UJ3ZJxI0wB8bOauS32fWdlALnkVoXu+8j
-imYgJ8w09z/g8FdDHnJPL6x1SKardBmVoaI4WzttZ0tpawHKlrB2gyq1HsP+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7EE.pem
new file mode 100644
index 0000000000..b33f740e03
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    friendlyName: 
+    localKeyID: 26 65 4C D2 03 03 A2 AA 2D 7A D7 81 A3 81 F7 32 DA 05 2E D3 
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued requireExplicitPolicy EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 subCA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMccmVxdWly
+ZUV4cGxpY2l0UG9saWN5MiBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHcxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUcwRQYDVQQDEz5JbnZhbGlkIFNlbGYtSXNzdWVkIHJlcXVpcmVFeHBs
+aWNpdFBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NzCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMpH5Ypo+vnXJBia4f1mbnxhkV5cPzmsJbefrK6N19Q1
+/eCApM79FHX9P+kh0bZnbdbjXiUKwNsQc9JAG1Il66+qu9bfOvF73Au7qAvYH4Yh
+bAvpARaQZD9sIXjUfOY1t4NK6uRdNOSoykfpVqwa2GhsI2NfVgKNzJj4HwO2/k2c
+qcOUTds82VbcOHM9Z9AcXwK4TvQo6gUs0HkNNXVO7Vj3+Y4JXG5BFG0K0xoJT1tj
+M4ZKn1z29+TOkIDoYD9qM2ZGVMGhDLam2+OXM/f/d6C3eVGMBc4wLPYZxwnExrwY
+07GQUBn6dgM2DVMY7BDVqQG8frfDa4kIZ+vZzD9BoysCAwEAAaNSMFAwHwYDVR0j
+BBgwFoAUIHf+TDCN4rNRHY+w9xx/HYOYDkcwHQYDVR0OBBYEFBdp3Tg8vwRCOWFC
+TfeJoRRkfWArMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQsFAAOCAQEABr0a
+hM0sHQk9v6Z/9xK3gKE0iphqV5SrOUgtJz/DBzm2VapDSY0No7dTsSweTR8toL4f
+1ynzt3V8u3NP4Se82nphDaFD2eaUDnGWcFCj604pfhlt+rJtjF1mWgWAy6HQP2qf
+5+jhDE+S0AqqlOwlkj4wVEVlodDTUJyeU54kR2aUIXMTs/OD2PtNJ+7w0Sl9UspB
+SBuiJ964Qi+MdZRoFOpYCR3avVagU3CpURNyLm/l5rNu15sbnpFLhCsDx2jffIGP
+yikRtq3rrmY/xeGj4lX06KJkOCa6jAjlZEjlOPDXWOZtx93nowyliPZI1yjVfCYj
+zVx3huyEnj+ozMCnlA==
+-----END CERTIFICATE-----
+Bag Attributes
+    friendlyName: 
+    localKeyID: 26 65 4C D2 03 03 A2 AA 2D 7A D7 81 A3 81 F7 32 DA 05 2E D3 
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,450C5A5904CAA6E4
+
+qgynPJ6g496fN3uZ6Wnmbobkj52yLp9F8A3yI+fjFvmrIdQuqsLS2h4bbItcHhvk
+ohe6axiG+WIkOrdzfjkPq53PbTdZ1/aW2AkKFcF8D6lQJFM678lYQpQq64m7h3Rq
+bLr9ood2HzXoKVh0b4lVSICXXyEj43WPPnkRQ8w2gSX93Ts+Yf/JEEr8E2u4div1
+6dkX8ifdp7vTt9ocCPTySRE7R3AAJX3sxBjTK/XCR8AHllQIRIVzsOQrq7kKCjcS
+1SZT9v3GLdyKKfsur5bNuHBaAv/B4UvNTlfsOcX4ul/MEet2cylhvIlhoNkvGCT5
+YgyelRm8IQ1hL+KNFIOWzomaDXETJBjpycHNg/RbhBcJf5pfb5tJNU0m3xPKsq2Y
+ZcSrmddcdICbgedZXaqYTkxrgl5cpdJG0OztIgXTw8WWhAe8LgLsjQ2W3T1+mBFL
+hKRzqXUgR0PHRwTvgJYHS36UWkSU8BUb3L1076CFssmdxKZe4ptiMIFQoDZqfv+0
+pY7RCCC2AoaaBR540myOWV/FgiQu6DP/KhFcqHa/Ba1LXJ9r1qgbZ+uGpZnZ1dOY
+7dtwcoLTBR3PUlp5BIzeWW2eDZuBE2pHmFhxiJlozmvN/ClKEO91SZ+RWEEnlu6s
+kWSYNUQSXrcrjBzfXserdVqYF8DU0qceFKwaX6dCYEkYQT0BEE/3/6d8PeygGzuJ
+fFKecRVK+vO36cXvxXIDVt2GRVZ9bo23yQRp+afNGQhJfjwwWOrjCaw6QM+cld+p
+nybgnPmkzMRhvAuz0r8qyc+gbiuiYIgGkP6a0QLWPz0UfdT1LtlVGd5Lkw1+0zsW
+mvaW4y+RqIzLqkOqlZ69N3e0OyKe4lB8znpCWYsmGCh/ZiMzIzFt7fxklbwcL/nx
+4Lbecqy19V4rbxmWQET5kHgh5T24TfYjuo+63f0s7pfiHTpXW7ledqdN+kWpXrt5
+p6aWCRuQMTpKvGCJUP4a/zj8ENrtiqv1+yHcyXTq1oILUrHnyxzBR2dwAZiRuZNf
+UJQzF//0g2XHbzjU4jgSmo34FC16mTSy5s6RfOwvBi+UGlInpVSo7Zrc9GZG346m
+Xvf1y9FY5ijOWKcW/EeL5Zwuvp7BFtA/jGSTFWZNbfOrpwvLTRibyjZNpzfg3lEZ
+w5i0SZpmi0elv8fiZuHfepdapbhu2lMIZS8nozbIDcsCFSI+4L47BQuuQYt4mLnx
+i/MwIS1xc/VLY99EqVw59meXjtmbCniX7LGjYRcE2bBJxTjH4lLfLMZ9FWSciom1
+Pqb2CHlMr8wEAamuKkqck5f2NskJn0svrz8gGHsdA15vmZ30Dnvwt2GxP9dB1F0J
+NgqlUdYNkbXE/czDp1RWygNgRgjAM3Vm6cwrtaiFLULbAvVio/fSfm4WVQXkKR4u
+wg//bgbIiLJc/u33LOaUiRBtNcsGoXSBF+Wy+4k681pzAGbNi4hWUS2eY77z8w0q
+5kKmemOpt1RWirmJMEbw5jZJGPY0Y1eKnGpwAKCXOQxHCpnGAslHlS5foSo1VHEq
+Vj0Ts24KKqUGNXxvKBaCMy4ZeycuWVUK1Vw6nfoeskq6422jkHev/azgbOXxdyRP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8.pem
deleted file mode 100644
index d87c1081b1..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8.pem
+++ /dev/null
@@ -1,197 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Self-Issued requireExplicitPolicy EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjByMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRzBF
-BgNVBAMTPkludmFsaWQgU2VsZi1Jc3N1ZWQgcmVxdWlyZUV4cGxpY2l0UG9saWN5
-IEVFIENlcnRpZmljYXRlIFRlc3Q4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDJsMQQW4ogbj2q9WRWxOqmrcy6BVtHesg3yJh2pcqzUxvNGZWtrZ3M/JI82WbD
-Ns4kgihlmrZZH3sZhjzcdMw/+m05p+rvy7//zB6P1qCRraiYdNJHquzG/7HSnf6f
-i6GdUBsK6YzhP7MtTwfpwVRIUepSCNPIXMVlbIqmh+7fdwIDAQABo1IwUDAfBgNV
-HSMEGDAWgBTTC/BpEgViARafFwSWNmeHq7iGMDAdBgNVHQ4EFgQUjuHoODqDJSoy
-729WEoyqq6oPRNYwDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4GBAKvn
-C5ifYeQnv76PvBmEmSAh1whhdRDKTrua+Zl86HgUZZY7/NJl3ny9FyJr0kE9DAN9
-+KRem7jju5ciq8gEwArflK87sdGcpAIq+jiPbGFnD698w7EANZIhIefy3d+lcB6k
-LWpjLAY3+ontoTQAB+/iTBtv4mXMzEh/M7kC3CSC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBN
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNV
-BAMTGXJlcXVpcmVFeHBsaWNpdFBvbGljeTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBALnxr9bA0oGlaihhiPR0d8F/y9ai99F6w8+DtAfGlFtJ4WU3GPih
-ftUTRqZelcu+u6hZgekMwVhjUHyo6sFt5SfbCzJEmjWxI1anTrGAAcH6pG7zF2Z0
-iae8kVE7C8GOgwm+F1Y1RHkw8Wz/UbZ4QGIhzA++KPDi2du40LEGD4BZAgMBAAGj
-fDB6MB8GA1UdIwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMB0GA1UdDgQWBBQT
-5ozBKw9nS0x6HQ62wCFaJJlQhDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
-B6X+ALEMO8yG/lXfGuoX4XPyaZrb1A8oWFk2ZNCx9QIzI6CQ0vRfO47TF20iK5wr
-HN8y7yXpJGZcNTa5+697/kRziJ/zrNiL4b4BP6QRxYv+3Edq7FOb842JguqWw6nP
-SfsshPhMilo3C4X3PESiI67m18AlqgJcYcmemF1R6Ng=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBAzANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV
-BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTIgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAJ2xj97xq5PBOjaij1jBcMKFCjaRE1wlUR+5Zz8QkwCtipee
-6O1spOPGECu/sOzZ766YgD6B9GrGQsjXYGzHSxnOl8rcgpkeN99/57f2LYSLxKfc
-/qvcMvgHk6SZiGtpkYOvlLl1r1qUMedtPK29920CI0sp5sxygDaL6PgMvtoVAgMB
-AAGjfDB6MB8GA1UdIwQYMBaAFBPmjMErD2dLTHodDrbAIVokmVCEMB0GA1UdDgQW
-BBTeKdbm40+XHQOoOqbqTeRGX4+CMDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-gYEAH0fkK5ieWFtKe6g/7cN3kI240vvPajxZTkTPnacLXOL4nCfA7kkHnhVVIgzP
-liF4TQ60/yMlUBSBBgTV3/AaMaSO4eZlEdLkKchYp9OwrZ9dfyKdJW3wuEFyGKpZ
-6END4vk7F87/ZyFQNkhMPLD890f4ArarDhqw5eHuFoarvxo=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj
-BgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTIgc3ViQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBANKdKlFcL/bTvKva2ieqdnoU22tpCEtz1o0HfL/Pz/O0
-4DV5ZVG6hKXh69ev5TjepWl25LTNShr/q+MzVRAEaZ2nxmlAcK9/bneomo1JEuyi
-nE2YDexqxrA8mvilh7k7KF88FBLM6x62rRoW5Pa3rImUa7BruBnOVENN9FiT+Bzr
-AgMBAAGjfDB6MB8GA1UdIwQYMBaAFN4p1ubjT5cdA6g6pupN5EZfj4IwMB0GA1Ud
-DgQWBBTTC/BpEgViARafFwSWNmeHq7iGMDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF
-BQADgYEAG301e612hE7Pdkp3cuJYqwZjTc3NpGnxXnr9uwU44o7qHInBBN0S9GDe
-L++I1sIIiGLIeCflVfEsrGNpkRdHUM2fpfAR7iI0fOfQE7bnAxzFMRyVXXnBoTu/
-N6DupbEncPs47o/raseXsxSBteu7BkiORxBEOXxGtbCktIZ+tRk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBLzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5MiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnrdC
-9sroeA9MJlV1ukIu8XNT9cUF70XCDwxMm5vKZZc2+XVNwgxe4aGse4bPdZ9okZ7y
-2ZMuLyDLEBZaA7GsBzG6snQRgHkmMFS6v+pC3ep9ieqtpnrP3b1f743Y1jFp9zvX
-ZDoddeI/xvYF/73KgiYdTFPLa9ARaKiwpQPMXyECAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUccI8Tjs1Yvclh5+9
-owEeOOAldMgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQIwDQYJKoZIhvcNAQEF
-BQADgYEADGhYvyIjl02LK5PZdbH9TrAFF66SGgdk+7nl93vr3XB9UnpvJqUfyG55
-ljoX+kKaRd7Z2O+GLTMmH+tqjMQ6bW+7RawMpFVzfhE3EdAr9/K31K6Q6lft8NuP
-wgqhDrrVqYMPa3YM7n+ebATJ0DJ26evfQu5HfIL7Cs/w+CpXi2E=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:71:C2:3C:4E:3B:35:62:F7:25:87:9F:BD:A3:01:1E:38:E0:25:74:C8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        95:0a:96:af:24:83:ca:92:a2:7b:e7:d9:50:bb:49:ec:22:19:
-        7b:a3:b9:3d:5f:b4:8c:5b:76:25:27:88:6a:26:24:c1:e1:cd:
-        3e:b6:ef:b4:0f:ef:85:7c:0e:95:9b:13:fa:dd:c0:bf:7c:fe:
-        e1:d9:fc:2a:7a:2f:fd:48:0d:11:58:69:6d:5a:e8:37:26:30:
-        67:83:83:90:4c:b1:9e:6b:1b:04:d0:8d:60:42:88:13:25:91:
-        ae:42:24:ea:61:ba:5d:34:6a:7c:22:6b:be:cf:2c:e0:67:36:
-        db:28:0e:5c:be:bd:7a:75:3d:ac:cf:3c:9a:44:8e:ca:30:7a:
-        e9:97
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAJUKlq8kg8qSonvn2VC7SewiGXujuT1ftIxbdiUniGomJMHhzT62
-77QP74V8DpWbE/rdwL98/uHZ/Cp6L/1IDRFYaW1a6DcmMGeDg5BMsZ5rGwTQjWBC
-iBMlka5CJOphul00anwia77PLOBnNtsoDly+vXp1PazPPJpEjsoweumX
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DE:29:D6:E6:E3:4F:97:1D:03:A8:3A:A6:EA:4D:E4:46:5F:8F:82:30
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        85:5f:f9:84:20:e3:84:f0:ea:6b:4e:78:c8:18:98:e9:17:56:
-        9b:ed:99:2f:d5:94:89:60:a0:11:82:40:e0:7f:94:0b:36:76:
-        9e:1b:88:e2:bb:e2:41:81:cd:f7:66:e4:85:e7:ad:63:d7:e0:
-        07:7a:9b:4e:54:27:76:49:c4:8d:30:07:c6:ce:6a:e4:b7:d9:
-        f5:9d:94:02:e7:91:5a:17:bb:ef:23:8a:66:20:27:cc:34:f7:
-        3f:e0:f0:57:43:1e:72:4f:2f:ac:75:48:a6:ab:74:19:95:a1:
-        a2:38:5b:3b:6d:67:4b:69:6b:01:ca:96:b0:76:83:2a:b5:1e:
-        c3:fe
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFN4p1ubjT5cdA6g6pupN5EZfj4IwMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAIVf+YQg44Tw6mtOeMgYmOkXVpvtmS/VlIlgoBGCQOB/lAs2
-dp4biOK74kGBzfdm5IXnrWPX4Ad6m05UJ3ZJxI0wB8bOauS32fWdlALnkVoXu+8j
-imYgJ8w09z/g8FdDHnJPL6x1SKardBmVoaI4WzttZ0tpawHKlrB2gyq1HsP+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8EE.pem
new file mode 100644
index 0000000000..6c39f75247
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSelfIssuedrequireExplicitPolicyTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D6 2A B2 F2 66 0C 2C 58 01 B2 A2 CB E5 34 90 29 F7 A6 DB 9D 
+    friendlyName: Invalid Self-Issued requireExplicitPolicy Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Self-Issued requireExplicitPolicy EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 subCA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMccmVxdWly
+ZUV4cGxpY2l0UG9saWN5MiBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHcxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUcwRQYDVQQDEz5JbnZhbGlkIFNlbGYtSXNzdWVkIHJlcXVpcmVFeHBs
+aWNpdFBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMy56QuuWL4z4T/hWo/3VB/kVEeDeGVv1rUBciSdtpBc
+G+dYzJ0Y4IhU5rTLKjCPgL9NWXJAlZ1xCHG1NKDtNXKhXFtWUBvjGg8cVn0K3g8Y
+FMOR9rxiDaXyzTQSBSMhUXfyc+T93eyt5OdlKSh5dljxtLI4L3UZunZ31hqCOxTd
+N41T7S7XBKlmFnh+ICv44ApWOxndOjY6X72Yfgn1JOaz52YyDDRK/fLzSevInhee
+IJVfWEqj3nSZ4SK1AFGID8JK5yxhtO/aa0M92TYNCBZDJb+Ow1aA1sS1gAt94kwV
+4l+VBqmLyJehvfNfH3zYDGLDN0AQ1Pt6bsuEu05JrKECAwEAAaNSMFAwHwYDVR0j
+BBgwFoAUSQpnYVZHjdJZl68iZjBRd1Cq3KIwHQYDVR0OBBYEFMgulWC04OIHYKL5
+NsodeizMbr+rMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQsFAAOCAQEAPXjo
+buDiYyD2GJrx/C5uDJWDWnvG8RQpPaPjexNQqyOXqopA8g/64QkBZHnzfDtsxmIo
+182199sp8LhA0IK1kOktpKdDwpVdwavDHmVwEdEBSaz9JL7kRUHZ7ui+Z9Ka/gi+
+/RyBOqMfVrugxdru0CthfGAtap7OpADZcbactgL6/F+jMgHhGQDkSY8fe3Dg+JvR
+BLW42PItCICC1LvD45w7oVHVgnQlgYfJhxf6ZKKqy5oHeOtpX6FMqs7TZ1+6V+qV
+9wGpYNk812vN8AykTv8MO6iTOoafhfTSDB8vuxSBA6ilQ8BXOzgf7iBGUedKAiDo
+Xf9GhVMsdvLU83Eogg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D6 2A B2 F2 66 0C 2C 58 01 B2 A2 CB E5 34 90 29 F7 A6 DB 9D 
+    friendlyName: Invalid Self-Issued requireExplicitPolicy Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2FE0DD66672C2306
+
+8Gn+x7A90lItKcrrp3OBpBvu1rQQRDWKvaHtLjjiX1WE1Wibym1iJfY0dq9ARYYf
+R/97+Bdrw3pufmLgOiFOKUpKFnDBWb4mgXOrkB1QK9s7E8v4PQFF2Sjhr408B4zp
+2obPk5j+snftrBhtNFsqnxcXdpmYXmO1RYys6LztVyg604OPpyQXTk5Gj49ZZjJt
++rS7r0Ecuy8SOXrR6rhPGLqS/fKd8b/36hI5x1nXKDkX02EwMksffpdufg2P6UGk
+7yXYriDXo2LDD4e8V4QwqbO2G5DYxIqqVoNgwnMyXMSsUPRLfESBKgKw730lCCps
+GOwD4Ae1B8Inr0Hsf9/bsQ3Ll9tgFHle4K0y3Kx6MRia1r+SZ4c6mjbjWXzMw7MJ
+s+66X6OqrrBs1NX7TfWD29NsYDOAv6fyheQo4FKYXMRSx43kr2N+fBZWsU2VKJ1C
+FvAO4W0zd9WsbZYKVaMZq7pT6I/+ZepE9tvMXeOTUm+3wTPcfIjcEq3JD9paOSYh
+92+JRCcW/KKGd+WPeUJR5HEoxnLi3uQHhBriG84xWEYSm/NMJFENFLPS144/K8D0
+PERXi5jqoB+TLS9NHcZgGmmW4tVUi5SqGURXArHdyN97wkh+wuisa8yDYPO1A5lH
+DghmYj8u1BpX9VCWgJGPN+IQJYea2gnoYIPXxy4p6xB6v+k4WytVzlkCVocWf/7a
+1ZgdbeOF9JKEYDmzV8gJLYDF05TONI9tN1czfcUReRHINp2WvMdoyup7n8JPbckg
+OcVnrUc7GyQNQMkCHDT81UTTgLOZJBfN20JCFqZRGAAtFavkE7uy+lP4UCLYrAsr
+pvw6MTdvJKbO/4vZey82M9mjwplCJrGNvwjhZLx/xcjPrOqjOUCTgEfuQphfv4yG
+s0zFzfq4wA9n9ecApPfkGl417/S+YST7sWSV+MsOxm92bQCk5rHyI7zENvTgfuvr
+L0+9Ld8mTUgS09Rl1IBxuA9KLJSK6dDjguxBS9uRoeGCm5IlDFZlqZ6hxR8K9gpn
+Io4ZbhBXbErk5DHpo4f6TgMPJtUmsvHq+V3mlybyFb6eLZyf/xMV31fOK7+bwa9V
+4F4ynGHiLxjy1hsHKwNqJvnFCx2Pq4Ps6fu8TEQ8zZ4QPgoeUdA45gp9e8pd7GUK
+Q/ikA8gq9JOpLb4ha1F73fDDu/eKQcaAOj/ddA3hJERfjMLUjn4PgeT5cfi+eNr9
+EIe0Gtg+7sS8bMmLZTN/TzpI2MYpEarIyAo4K3cLLZv2bsq70USTe+m1YSuqSQqu
+FaJW2NQTivug2pksUEkbXwAs3UoX3c2re4m9dLwtKmjoezaq0qYBydOQ0MlSlD33
+ssAd9Hi9ghURMGE6KqXZfGmXh6GWe7sT1eSsvCnwMkZOxMyZDunv+QsJSTUWoNWt
+NHqe9bA2DVTnxrLK2HwL2+4PX0Y1CkanADx//+seTPbeYVmkdGhHXMg4ZjXgsNie
+POVSEqQ0MkSYMjQtqMNJPnckMqCw1RWdZ2OQ7qIL6tSR9TV+sFqGSINGwGR5oLRR
+8Y5iwuytQ1NpwQ7GJu0cr4t1MOZ9GcnmK7Nu727vsyaXVCtaM8qqEPtrfZ49YCGH
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20.pem
deleted file mode 100644
index 8850f5ee64..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20.pem
+++ /dev/null
@@ -1,134 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBZjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg
-Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAzpVbQYnufknoy1tKbCSY840pKcfP2S+jFm6OFC9hzkLFn9uiYzCV
-rCjczQI8lFfM/4p9rUApMIgp4IUAxCOEcgJuKPKmiuoTwPD9XxbmZ/uv+iaLXqF+
-QVcbDGouj0z6RMNz3KGtf0pbgg+/+/wIK4c0XOIM9wTSK0aJVqweAnECAwEAAaNr
-MGkwHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIr9
-Qil7WXhSSvdIHHG3xHGKplfbMA4GA1UdDwEB/wQEAwIBAjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAo0h6slmGQJsCsth+yeyOMK3j
-2CqJ9gEajx3fWs7x2JJ8LM4zfbFFYctGPKpXdGRBTO8Dj9lQJCr7i1IMMHTitTa/
-xpjn8E0SQgzvkB/0BnSt7DiwV0LXCdtBlLxOS2Fw9NdvbE7jsuBK2W4KDOPElhHJ
-TKQ0T3TjKv8gwxTq8mw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBZTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg
-Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAtI4Yuumg8WznOojgeWHVZxG23imfdB9ntiQccDxAnvywEfQv6Vlq
-HNVQ5vsVQfvfUZCad2Nbf42DHRtpmVhlxIhKBjoNu/m6xdvz/A6/kvDvrEg+7M7N
-A2ZRVI0T3Z/mMaPuLHuCzKwU20TF6NonxgZXIbATrppAqRUfSY+UQCsCAwEAAaN8
-MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJtc
-UbwiJzEiQJQJJf/Pg3mto4EZMA4GA1UdDwEB/wQEAwICBDAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBs
-BZsxRaZk1qx3balE6qmVZd7jG6C9Gg/n+I5QfXR75ZIus+0Y6GAviBzywvJ8CDZ3
-kIOOrYolpnycedLS17Jnv4D/IDP6OwvmT6/0XvforKDQlmAk6ioJBRAwHRDYHBZg
-lj8FXyMNUS313Un0l2FXJBhfJNBqb1ZqYwWcmJ2t+w==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Separate Certificate and CRL Keys EE Certificate Test20
-issuer=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
------BEGIN CERTIFICATE-----
-MIICrTCCAhagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENl
-cnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw
-NDE5MTQ1NzIwWjBzMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp
-Y2F0ZXMxSDBGBgNVBAMTP0ludmFsaWQgU2VwYXJhdGUgQ2VydGlmaWNhdGUgYW5k
-IENSTCBLZXlzIEVFIENlcnRpZmljYXRlIFRlc3QyMDCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEA19qbNR+soft39JVcTiKn2OTKmaGswAGUpi1lZGYOE4O7xiq9
-FIlSEq2xDeNXvcOEx0GFhZxKefbPzGp8mxtaGpfnV17G1SS/dCxeGZL4D8FUGlzg
-Q0GmhbMZvgroxNvGQD6X/+kdpA34fc6mtgHcR94KE+O5sYTKO4MhqLczr7cCAwEA
-AaNrMGkwHwYDVR0jBBgwFoAUm1xRvCInMSJAlAkl/8+Dea2jgRkwHQYDVR0OBBYE
-FDep7bd0aDt8e8YpJLYhvRpdGYqPMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
-MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAAMSu/B2VpmHV3q3fxUJ3
-7MbeT000oqwthzAG8xJUMten8hTYui0iB5EdxQXBnai07+ZHPBKZVSu6kya/W/zU
-PbSkjS5Agq5eVUDUjCnuVkjOwQsZGA4V86i3oLxyrYeUgmxUSl2/O2tbonLm2u7o
-jkncAUpUj+Sk1N2wFIiBenI=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8A:FD:42:29:7B:59:78:52:4A:F7:48:1C:71:B7:C4:71:8A:A6:57:DB
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:7f:8e:79:fc:1e:57:0e:34:9e:bc:05:3c:28:df:90:bb:1f:
-        c7:f4:6a:a1:95:51:f1:d2:b4:1f:3a:64:41:35:b6:42:62:b7:
-        e7:14:1c:bf:0b:ed:6b:ca:f6:4c:c9:a7:48:ab:42:9e:04:9e:
-        0a:b5:f1:86:99:0f:b1:7e:6e:dd:d6:a6:b3:b1:3f:fc:79:6a:
-        bf:f0:39:3f:03:ac:69:15:b5:2f:5a:17:12:64:8b:e9:46:9f:
-        82:09:f2:09:91:90:b4:fd:56:a1:ab:04:79:a0:17:33:26:c6:
-        49:6a:96:d9:42:8b:44:a5:ed:ad:69:82:63:78:8e:e7:96:1d:
-        17:2d
------BEGIN X509 CRL-----
-MIIBdjCB4AIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENlcnRpZmlj
-YXRlIGFuZCBDUkwgS2V5cyBDQTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowIjAgAgECFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1Ud
-IwQYMBaAFIr9Qil7WXhSSvdIHHG3xHGKplfbMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAAV/jnn8HlcONJ68BTwo35C7H8f0aqGVUfHStB86ZEE1tkJit+cU
-HL8L7WvK9kzJp0irQp4Engq18YaZD7F+bt3WprOxP/x5ar/wOT8DrGkVtS9aFxJk
-i+lGn4IJ8gmRkLT9VqGrBHmgFzMmxklqltlCi0Sl7a1pgmN4jueWHRct
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20EE.pem
new file mode 100644
index 0000000000..99c9ac1734
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest20EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D7 96 E0 4A FD 8C 92 2F 28 EB F9 C9 A3 99 B0 57 7B 21 8E ED 
+    friendlyName: Invalid Separate Certificate and CRL Keys Test20 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Separate Certificate and CRL Keys EE Certificate Test20
+issuer=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA1
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEuMCwGA1UEAxMlU2VwYXJh
+dGUgQ2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTAeFw0xMDAxMDEwODMwMDBa
+Fw0zMDEyMzEwODMwMDBaMHgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENl
+cnRpZmljYXRlcyAyMDExMUgwRgYDVQQDEz9JbnZhbGlkIFNlcGFyYXRlIENlcnRp
+ZmljYXRlIGFuZCBDUkwgS2V5cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjAwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy9hAZ7ztyJhNh2rSY+hM5b60feX34
+EeKvDgFGMYroiDVjUnlDnvdS0bIDNbw2FPl1ArAutE8uxS6uu682pT15YJXGXUDV
+rgW+/IKHUDXOvoXL+CsaykJQv2Ev5L//GKsL1m9XsClk++WHcZoB+9CmV9rvWQkV
+OzOY2H+Ql8uCtaFb2bPEB5+p2z+wcRYG+flPR7g5VlzTjOeim6mH3g+KpPTl9CMR
+1QLFhkrJiSIKJCo/v1vSOHG7ZwVgwgwsS8+MJcA1syIhPktec8misa/3X22w7KeI
+/teFMGIfXfPQNhYRsz9KU8l48H+zLmBJr/8eJQcl0sYOZ6GHQDrYpBpDAgMBAAGj
+azBpMB8GA1UdIwQYMBaAFPBl2j8aF1re1bZImTsXFBDXTBSkMB0GA1UdDgQWBBQm
+qTfRPNZ64UsoODQnQmbEedR80jAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
+BgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBmHeWnPEFJr+PH5Qpxg/Kw
+jlLc1+sL/wVjqMyYsL2xZxalijHZaYrW48cT6fuLkOMLEZaJaXRu0rj+mTY6rhmu
+ZOpBA+rBaHFlC41h+z2sWmutmSbZPQuhqTzH3/5+8NKVgnpTdV0WElzqfC+vOjZ9
+3Etny1E5GpdwwOUZEcKW6xqhUCysVY9zJzWhMPCvs9GJaQbjAG2X8Sz0o5boSVux
+PX8oftrzRx4uAbAPDX/UCWpcOmLaBYqVxZEjyz3cqO3IPgwMifSggtlKFxsRVS37
+mu2+InNHi6pWLxFTgNRkK0tdEjpORbacDZwkWUWE89WtJ84WEgLuCZEO3kCepZuy
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D7 96 E0 4A FD 8C 92 2F 28 EB F9 C9 A3 99 B0 57 7B 21 8E ED 
+    friendlyName: Invalid Separate Certificate and CRL Keys Test20 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0EA55018A4C99C6A
+
+CQpOARkAEerLL+qYOQp9l2E9YcuNSOSPXcGnP0qV3KzZhC3LIHnVwVZu2htiwhZ4
+Qn8yddIzJKLm87TEmsMOV0Hp2Oz5XFbaNTbai92/EdNgu1MVp78SEqkr5STHyvmc
+yLREBia+D43509LGNRKAk610qUNf+RJ/mIGfiweEQITd435G2C5G4uKRUj6Zo6mB
+E0WYA36b27/RWPsjikQHKw8BkgMgc8Tc22vOfESUzx6Q8QAQ905QFAnOv5zrAsd2
+CjVL0XudrZXn+wDg9V1x9mvPdV8YEtA3j03L+ajSmYvafKqw6o0YW6hlxtwIZKnn
+MNn6CXVQ9J6fih9r+GAs0ouwk4l2y7Dxj3iL/WlEJE91y5YUpuwEPqihNVx2jJht
+5O30u+HXVypznzMirPLjuX7ORJF30r4rIzVu1KORYuvK5JY7741o2qCsDOCOJVQ3
+JB4v3aRxJoghUdzUwHtLWRMD+AAZ48bOr8pMcx2y1wCGBqQEyTt9ASUBR/lixfeH
+slm5KK02kB15V2RYiPpCeJ6wpHYueX6Tbwy0lxT9PTPOxE+NE5u5plfllU8tL8t1
+7ZB+olVdEVkmoZ+xGTySkRa3QC80gx9IzqcAprHlnfdWq2i9k4THDfDMxickEYxA
++ufhOI2iXe3apBs7Wa9caNuNwIfdziZ2/bc+hbJlJdPOsxGdk10ASAofk+7TkY41
+ntCNTPaa82AM8hTymWpK8yU5oKGzEV/4c2A9pLEEX36vi+D7/mJhs2gijNKA63UN
+aZfBfta43AKCoEpsgf5ijBtK9x+9lyjIQNYpG0o3s1b42K6g4q/DmjUHSJzFqBro
+7QGMbFtrdLfxehbhOLJa3U2+eCT2/nXx1xErzQIyUq7X+vxgcPEVJT1uEzg/9NoJ
+4v0w78L8izWg5nGEAVeQ4p9UHBSA6NQs2xrsfilUMWkbRLmRdYLFCzFjBhhJ4rcN
+ty+ZWj5xbcK7p2ix8rRDDpV8AHJ39+g+vHvTeZTxtjKw5yltcaF21IJPzrV85Q0O
+UTIRBiPIy8pI0j+JglRdS9WkIl4MSryC6lWLyk3bI1mbYwOuSxnP5F/j+L1F/mXu
+8GLaEIjqGvM9Jgm2wQ7hMdEdevy+FIF85cHUfUgKM9nIEWseV1lrIa7pgb3PwpUj
+cYaqzfu7ml3r5oVIXRQMsnQx+S8PC7agYmmTTDelgz14qhmjFIQTiktnCSCflBfE
+trcxcTfWSb7pRQzpkWOXGPQBvAiKtZnzWwbJkJ0uKfz3C98N6WjOi2RgvYvfGc3D
+2Dc+8yX++Q3V9TAI3o0wMDnvIgFBK8e9vmg/DYtBGWQ1+8VWM1ExTIzFRNTjvyxz
+fE8b8c+wO0rivUrRT+L3f9b0jxsj710DPZAfTI8bESvlSBujeX4GHyVEpqyz/Tf7
+J+H6G8mQqsj9lGrhKjf6E/RF+aPgqAh6GLRAdv703ySNLec71LMrWI8D6dmfNiB5
+J9wlJwVNr84SFdr6LtfliVUWvQK5QaGm0trFgidDvSxmGRLUw65VHfXtZwsrbUPi
+KFZBezCmGvPODOvRoA+8U5wbsSnErBceW32bSoPEcyNB3pNsLlNu6Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21.pem
deleted file mode 100644
index 10fae293df..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21.pem
+++ /dev/null
@@ -1,129 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBaDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg
-Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMjCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAkE8ewG6H/K9jn0Mr7uh5z08m2Q6L7j8F5TVV2RmRs5Pg7bhbYp84
-NplFussZhcF8atUil4VjtO7lRP7tJU1+whPYfXiGfJD4zPT/Xm6lmDdSFc8R2y0q
-tzJgoGWHlJgV//Pqd+n+UOLGZ5zGu6RW032gStSaTqwSKJZb4teHKEECAwEAAaNr
-MGkwHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFFX8
-0tqrZMOyYTeQKZ7TKM9hKhqnMA4GA1UdDwEB/wQEAwIBAjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAQED5V5G6uHHjObLE3i2wzZcA
-u6p/+2z2HqalTsdJp8Nrbi6HIYSknqTJISfZtamnd7a5yoevYv6NCt2pE35uXibI
-4RppXx1RfRHygFa/owUulclmTIfUnF2OqAvKJ2kIHyaEaS4xOZsH2czU9tHC63Nf
-ps1BS8MMZbABdGW8398=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBZzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg
-Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMjCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEA3KYLjNA57lhgkT+vLnGuU5pyEDLnM+ziS9ieLUKICACgJVoWIffi
-mlCwAibbpcCvUUXOXuJafNB0BrgRf40KooyTOQJUckIm4UsMNuth0c0rkM0uT8sO
-dzfZ2OmD4or6Og4QQlHHFnSJJ/Z8sELlzOot8jb1LmpNW+j9DamSUq8CAwEAAaN8
-MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFLgZ
-mHzJeDS0JL5/mP3lo87ejVq+MA4GA1UdDwEB/wQEAwICBDAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCt
-w82gQMooCa5xgbsT0eM6FUdx767nks7Ty/HLHe0EJ6NwKxIV1JQ7QO1A9+B/i3oX
-I4bStXzp7xb6I0F+9vkpjDf/rOLN384olQ5WMvck2yiud7606uYPGPKNY5pK2KbP
-Au452W+m5r1g5hzg7Cp/VolIepWLazfVISLk/D3EuA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Separate Certificate and CRL Keys EE Certificate Test21
-issuer=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA2
------BEGIN CERTIFICATE-----
-MIICrTCCAhagAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENl
-cnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw
-NDE5MTQ1NzIwWjBzMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp
-Y2F0ZXMxSDBGBgNVBAMTP0ludmFsaWQgU2VwYXJhdGUgQ2VydGlmaWNhdGUgYW5k
-IENSTCBLZXlzIEVFIENlcnRpZmljYXRlIFRlc3QyMTCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAz5LVC14LIVOAWSDaOhj3dMdR3uhZoXO8IIu2MptactPNTm0y
-vKDMchcc9c33HActpSJH6vGOrl1DWTMfFv7g+lAfhxAyD7/Pe+MY82bUCee/2y3M
-5hlk9MlVlFKCuZ3w3GST1bOxnwIunLQ3OuZw90o88OWQ56udtd1pDlFSs3sCAwEA
-AaNrMGkwHwYDVR0jBBgwFoAUuBmYfMl4NLQkvn+Y/eWjzt6NWr4wHQYDVR0OBBYE
-FIRTaV2lGD+eaFK3LoplVXGjlEG0MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
-MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAX8GUnKuy9YrVyKYhWiNY
-XXNHf78GfFyK+477KeBSUdNQlX3swh3jQZAMgEY0hy/SrunP4TcO/G9Wba1y+O3T
-dO7bBLaMNHNcbnfJZL7py11wtl0BryXFbQWeWQulRw/8AohgtrAzhz4C6KCNZBKl
-x5j9BiH1ClsZAQMLLFjZYEk=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:55:FC:D2:DA:AB:64:C3:B2:61:37:90:29:9E:D3:28:CF:61:2A:1A:A7
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        73:25:e2:82:ca:46:5a:88:06:0d:a4:bb:97:86:32:d8:a0:c7:
-        8e:04:6d:f3:43:05:d5:a5:e3:87:f6:6f:19:5a:56:49:87:15:
-        c1:f8:26:67:e2:ec:28:c3:e1:3f:ab:aa:ed:3f:40:9a:0d:e0:
-        16:22:47:ba:3a:c2:b4:ff:ea:5d:80:82:df:68:0d:ad:b0:11:
-        bd:15:3c:1d:1c:56:87:81:2e:d4:e8:cf:53:ac:c0:41:fa:5d:
-        22:53:3c:f5:6e:25:e4:8f:43:59:c8:17:22:4f:13:da:38:55:
-        dd:92:d3:b0:23:27:8e:c5:85:35:1e:28:e2:a7:6b:79:f9:25:
-        43:ee
------BEGIN X509 CRL-----
-MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENlcnRpZmlj
-YXRlIGFuZCBDUkwgS2V5cyBDQTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFqgLzAtMB8GA1UdIwQYMBaAFFX80tqrZMOyYTeQKZ7TKM9hKhqnMAoGA1UdFAQD
-AgEBMA0GCSqGSIb3DQEBBQUAA4GBAHMl4oLKRlqIBg2ku5eGMtigx44EbfNDBdWl
-44f2bxlaVkmHFcH4Jmfi7CjD4T+rqu0/QJoN4BYiR7o6wrT/6l2Agt9oDa2wEb0V
-PB0cVoeBLtToz1OswEH6XSJTPPVuJeSPQ1nIFyJPE9o4Vd2S07AjJ47FhTUeKOKn
-a3n5JUPu
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21EE.pem
new file mode 100644
index 0000000000..7979fc7e21
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidSeparateCertificateandCRLKeysTest21EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F4 5E 46 CB DF 93 A7 E4 A7 49 A0 16 D6 07 DD 5F 5B 7A F2 38 
+    friendlyName: Invalid Separate Certificate and CRL Keys Test21 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Separate Certificate and CRL Keys EE Certificate Test21
+issuer=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA2
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEuMCwGA1UEAxMlU2VwYXJh
+dGUgQ2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMjAeFw0xMDAxMDEwODMwMDBa
+Fw0zMDEyMzEwODMwMDBaMHgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENl
+cnRpZmljYXRlcyAyMDExMUgwRgYDVQQDEz9JbnZhbGlkIFNlcGFyYXRlIENlcnRp
+ZmljYXRlIGFuZCBDUkwgS2V5cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjEwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4eso2FdVu4KMbGh5ZSUiUNKvacwKd
+xo+zNg9SrAdzpn+b6f1MroSAsBHEt6nKNF2CxLET40hRCUzV/YWVIfSLhnA4J685
+PcSwahhEUdO0b0yHpre8eH4jzvccREjJYfY0GlMc4w0IwQ4GHFlazUZ0lSWyC8vQ
+OgldRnRIRwODBtaQeTe3Q18A14M1bvrhnyUcj55QzqOrHLLrN+e86TV5bIs0Ju1n
+9OmT9CiA4sQt4clJUWpKSfE92tMRN7MTQiSYQA6s25+TgAOJUVsrwHsqXKmLYN8n
+r5wJyCaZP+0m6t4OmYLIY1VL3Jecg9sgQMoyX+Rn/in5y8mrYDo0FhOnAgMBAAGj
+azBpMB8GA1UdIwQYMBaAFDijFoE4jhhORX8H9hGi4kBnm3TgMB0GA1UdDgQWBBQY
+XHzOUCQFF6+ld+krVQWdvRm5fTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
+BgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBTLc/iHmqWng5utaXE8hhP
+V3alhBweT+f8to1OhLB/2uwsFS2IUWtcalvNsfJQ6uxRzuC4Yomalxj/fHBUr5pT
+SnPlz+ToE+7Ic6rJ1UJrweZ+6t43+wgvpUVPj5kaCngZZ6qzHLd+kiaVHc2GQF9C
+/OZoBcY0AUvRDlvICdxlR0CLJXIvJG5mr0ypqS/zm0U70HDVgRkt2YX/uUbP2l2r
+ZUF2rnpVVjB3lyD3bweR6pJ3nKCdjf+LMKtDyWYow2o68NlQUArJdVqRdWCBsPJn
+923k+3wXHxmlYphFLXKrpzfvsnawWQZih/g/Vo1NQrbNeYEQu0x/WDoV1f6H1eba
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F4 5E 46 CB DF 93 A7 E4 A7 49 A0 16 D6 07 DD 5F 5B 7A F2 38 
+    friendlyName: Invalid Separate Certificate and CRL Keys Test21 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0201561735544790
+
+j71gmSgbPl7vHaG1iNScu8Fu8xpELkYq1CswaVOepZlXZk7seVupIl3gLzPBNLa0
+3YRX75NT6IZNKvzoKFcV0kwCpgZ0KFTahZbBpkzhdVnjE8C6Te9HB8OvtZlhP9z1
+6hHNcyCtoqB99PFLklIoTm52QXNN1hUIEfNIWFL/lZ00df3u/7Iq4gBhezIdSeQR
+JzPyTt8ymxMcFS+cdb/FvyIlgWoKDJ2KVl/+0KI38FMTGXIN0gdoJayRMfR/kx9i
+y9BmbWWvlXTr+bwOuCtw7Vr/RNynCa7YsJB10FnBDvvONFu/vzRNhAwsC4efuTVd
+ash4mKMKSNgALDS8y/vMpC1j7+cN7xNhxCAyI/RLVVc943NnxMK75G8q+C4rWCaH
+39/8aDAOLhUib7VMGgtPAvKWJXoTLqG0LRZIbmWYeeiEciqdgg0nEYVQ+0ycCakX
+zFwLfrLTYI1oMDVRJ24M5gLjO38kThlmzsxPyXLMAE01TENweoV/XkQ20NSnzP2x
+Tr8Sw6I2/o6PBZ0denVl1RER8VfeZd4K/PPXfQuC3bXOkHl1DCJxyuzrlhXI9e9U
+VADhdE4fACaq5PBLQNnDKNZEfO8L6AgCO0CixnoY+/fI/xQz5XDr6N+UFvwUNnW8
+fvwFyXKDLGIRRlO0xRtXHuqGiVbyDW5chziPqAuoODroA4+cA6DGk/pdTW8oicOB
+MYTtJL7v0yBwU3xDdflRXneJxPhAlbTYfrA9q4iM8BPoD7HSHuBd6jxMizUHN+7z
+GP+UpTvK/ulKF1gc55M9G9MpxLlMW7AIwe0oiZhv6oZLG7JeymuPoKtbzooIRqtL
+uXAEynKHPkNs00IwQ4S95uwjkv5gKKo8gNuG3X0lclle+9ZED6MCPxBN2+3xjBsi
+Jw3hQAG1W/D0sPlVS95gDQO8RntpMlV5CeRKBEgE+Psrsz5rbDtV2nd0o6ywCHGX
+gxS1qMLdXgsXVEzVhi1o01DSpuFPMZnV/Yx7mzG5wCB6Hwxqp/dOKQ7bOZy9MCtg
+6vjmoV+ftEbovwX6HxcTtvnxEfpDmTvhuvX/nnI4guFIthL+EACQnIgwYnUMhiMx
+CXCX56FdxqldA/Q+o8+XpnpoDl+v+d50kCOZKCPBGlWh5YUZD40OyFKQH8mmPKu5
+1TgwgzK2TC+qV1zZEA54fNsA0l8APfhjt9/3KGxxsReuHw/uMJkbY/NM/+pmCYAr
+uxzW7pxKT8EdqH5FsVj59OJegfK5adzS++VO5MffS/xA6pGsK3Jot5UOpW/FodTr
+xJMCuxTUi1TSXTRP06VmbGpQKy5kVHkNPeZyGP8KzV8EAwdZUIZPAuhgmiPaXFCO
+WFfjKcrYgi0p+2P3wsa83aSHsH8wUchQLGIADJMGkwA388lufE5OL2CEz9HJ2xpC
+nV8F0E4q3g/m8R+aRIVXWsnf1SD0FX8SA3NRWOggIdaHmd65V03c46a5dQtGASt+
+cwIrx44UWggJyZ6iwmmPo+eKK2Sc/fVbm3r0TVcDCta3flUda+uN+ZUEishDzok5
+W5Q3yy/nlsHJkLUo0JSWRq5fSRMAq22XyvVoMmX9EXFUyfVsTgO4gw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35.pem
deleted file mode 100644
index 8cda2ecdb0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints URI1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqDCCAhGgAwIBAgIBSDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIFVSSTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKxL9gyE
-2WbKCoEEU+RviucDsSOeDHQfoVxci7AD0RhpGDZkMaDQhM+DUHywwIo9zUpLVeGi
-xQNu1+1bQ4SzVBT6k7vcf8ZxPOUI+8WQzMNO5H2/PGz3XGpfIw/RJrRH79ICwZlC
-6QzvSbLJhOtJTQS9kFTECA4AeBzHEN3f0igTAgMBAAGjgaYwgaMwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFKwdFrpLHgtf4rxhruHZ
-ZFp5vkXWMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zAnBgNVHR4BAf8EHTAboBkwF4YVLnRlc3RjZXJ0aWZp
-Y2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAHbVqbpvjgN0GV8abRGms01xVNHT
-PtqMarG3/zQImm9xDzqUqv81kX/8DOy9I/lo3Mvp83M9B74mEEiTTnxkYEpaSouE
-fE3/VAW8dTJb35NeZcOCNWDQv3eA7bufOVO+4KjEHERlxBfEYlPEkJGSLD98SF62
-OYmmR3Cda8cKBk6p
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid URI nameConstraints EE Certificate Test35
-issuer=/C=US/O=Test Certificates/CN=nameConstraints URI1 CA
------BEGIN CERTIFICATE-----
-MIICyDCCAjGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBVUkkxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD
-EzFJbnZhbGlkIFVSSSBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDM1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq7pFXOed1oA+6DHAsdURi
-YtGnBPvAO55F3hR42UcP8vCvKmdtq0HpJsn34xYHoFPjGctei8AiFVXnj1jrbb8w
-LyDLTRVPFPFHmy3Q956KRU0DteJ8ptI4FRQRT7KeqKADvth4tP91aH2DyFy4MTr4
-wvUfV1mnYKgY7gpfBGlOPQIDAQABo4GhMIGeMB8GA1UdIwQYMBaAFKwdFrpLHgtf
-4rxhruHZZFp5vkXWMB0GA1UdDgQWBBRJujI3sGa+0thW8SoF9JqAlJH04zAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMDMGA1UdEQQsMCqG
-KGh0dHA6Ly90ZXN0Y2VydGlmaWNhdGVzLmdvdi9pbnZhbGlkLmh0bWwwDQYJKoZI
-hvcNAQEFBQADgYEAMZko+lW6d/NUyq1yPydllz9hzKbH8duOaaM8azG14FqmvYnz
-EylKSfh2WuqTwkvpusjhdtr/33S7AFU74OJ9dJy1IgqvLWhD/qCm4fbEq44Ejhr5
-sChHIwMIvecNIEOi6e2R7Ue9ivA2gtFEQCfse4ZVPf/f3MLErRsp1dtITxI=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints URI1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AC:1D:16:BA:4B:1E:0B:5F:E2:BC:61:AE:E1:D9:64:5A:79:BE:45:D6
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        48:8d:62:fe:d7:4c:f3:06:9a:78:4d:e0:96:d6:4b:12:b3:93:
-        23:96:6d:00:b6:6b:7f:35:25:e3:94:20:1b:fe:c8:cb:3d:5c:
-        7b:e8:f3:cf:c3:db:96:d3:62:4e:b7:5b:93:05:11:c3:7f:41:
-        94:e8:75:d2:8a:67:bf:f3:b0:81:25:22:99:a3:4c:02:9f:1c:
-        87:1d:b1:20:a6:0f:b7:c8:f2:2b:e5:b2:4d:b4:e1:bc:c3:85:
-        b7:54:29:13:e8:7e:53:ed:d2:cc:a7:95:3f:71:32:5d:3a:09:
-        a1:fe:af:ba:45:14:41:1a:67:fb:8f:46:03:6a:fb:78:26:71:
-        02:1b
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBV
-UkkxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBSsHRa6Sx4LX+K8Ya7h2WRaeb5F1jAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBIjWL+10zzBpp4TeCW1ksSs5Mjlm0Atmt/NSXjlCAb/sjLPVx76PPP
-w9uW02JOt1uTBRHDf0GU6HXSime/87CBJSKZo0wCnxyHHbEgpg+3yPIr5bJNtOG8
-w4W3VCkT6H5T7dLMp5U/cTJdOgmh/q+6RRRBGmf7j0YDavt4JnECGw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35EE.pem
new file mode 100644
index 0000000000..ea4090779e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest35EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: B9 9C EE E5 06 0B AB 05 CA 39 77 87 BA 12 4E B5 D9 31 F3 BC 
+    friendlyName: Invalid URI nameConstraints Test35 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid URI nameConstraints EE Certificate Test35
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints URI1 CA
+-----BEGIN CERTIFICATE-----
+MIID1zCCAr+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIFVSSTEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE6MDgGA1UEAxMxSW52YWxpZCBVUkkgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRp
+ZmljYXRlIFRlc3QzNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALA8
+CtHPii7fw28cFZaZuH3dG0rXPq84FZPv6pvNJw69Z2qgNbiwyudr+U3JacGVOQl0
+DxncAg+RfSCSzkZoIwtukH9TC+IFD3J4POTu1uLATudMVsiDM0gmzHR64zc9GRSQ
+2pfSDs5zHFStkdfcZau0xxSff0vXU59UtO+n6AuVOZcZfosrFWTxSf2hEyyt04MH
+FVH/vDIT0mym1kChxQ+NYLqo7A104ZTrJq4ejxFP7Fp62JGqvDGLSnisFNjkcVac
+5f1dehlAIm/ssRyMHK+Q6Dh2KrjPRdkcSuYzDFz82ZhWGaoBj3OrYYljISCZnT8p
+s0HqA6BFbBXhveCFVgMCAwEAAaOBoTCBnjAfBgNVHSMEGDAWgBT6KK1BFt4qaBfI
+DxwjPyYD3gIUAjAdBgNVHQ4EFgQUokLglRky7eXtrwkCdqZ9KB4g5tMwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAzBgNVHREELDAqhiho
+dHRwOi8vdGVzdGNlcnRpZmljYXRlcy5nb3YvaW52YWxpZC5odG1sMA0GCSqGSIb3
+DQEBCwUAA4IBAQBY+uta9QOhKurTMvpDULkPL4HU4wWHAN7+kL+Q9va6SDimwLTt
+N+PT5OfoPbALrC3ETTdcfyJXcvvEbuLcu2/mozR8ZPE76pLeV03v73UlApv3pfzM
+u0ydogvBtA+//I2cZv9JDN55LwM2NxHzEps0GBNjDSqgF5jEPqOqJYZF3U5JvIvd
+tx6OzIGAbq4Y1p4iiyMjEhOZUZ11V9V37LPl7wkWxbp7a6a2+jZCupfWJbDLJHiR
+MrEM7imDoSbkOkwgajrtmRHksuQi1fk/faJfP84fVRFIrBzHhPgG8yV5fLSmLgTp
+O7lmeu5uvo7psQ2Qa1JHtMbw+9YqgK23nR2I
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B9 9C EE E5 06 0B AB 05 CA 39 77 87 BA 12 4E B5 D9 31 F3 BC 
+    friendlyName: Invalid URI nameConstraints Test35 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,25C09EB350EDA71D
+
+fzMhGZFyuZHOZar1Ex1YnClyTLjlH99699MkjHMwap8R7dljeW2EcgW5AmE9FfZ6
+36OUWMoleVzXUc3Maz6Cmm+9uaaPY8/OyJN8F56Nkeyh66O/3C3ZpcYP6xLiPfRW
+qp3qtpDqrXlPQ+7agcnEAvcAkPtMU8+8LxSbam7AVdYegUrKBTF6n/8sXWQkBQ1b
+MaH6dsEqBI8dpa42mC+DSXtj68ep6uoLupbLkBy+1KAekkLTRARwjCjo2yPclMIO
+XvOF+o0/tIntRwmkyqV+m0aVTEoI828ptbjQsRXyIozdRiZBYQpb7evweLrr1OGE
+bQb3VU81mczr0gvaRoS3977eHasbPKnLRNaEhn/YtuqJZzWqM9m7F5ZhX18Jw2VT
+hKlShw0qHLQwO5RgelNxiq99l/EICtR1ZdAe0rW1UPyho17XTRDBSLVHB5/bKc78
+Qgpz0Jn7iCRSur4n3w+MYhtpH1B4lctNrcU4rbj2GLBwYaps3H9Zh6qtlyhiRgpq
+4mUhbELsVZgIAEA1I5coax6EKQ1INTEjNInQ2qXXfXpFOzQiXRZN5FyTdJcr3eYp
+lW4w1Ftx/gCcnd39ASOuNHFu9wI1zud0FglhuLYqP9MKzQxKp8vsri8DaU/08eDi
+/xhR9yhiNlTgoMrVXs9ymW5bMQVPuXOem1wnaOj10tS+7IUt4dMvWYaSwBhNhs4Z
+WYUNNF/+K+uXwGLLG7olR8KDGAz1Ntcj/YFJ0gFxHOO7VHzneJPQaEGV7F7S/+m0
+G6xqRTjv56ZA7RdZYvyhhcJ6+8040b7bXAuxeBILg/R2yoi26KDsXlUN8VkqTQJi
+rvlymcRkPdA1P77mcBZ2FIGvDT6kfpmQ4J3fgAlxeRA6Z1yud1MWYjI+QjhH8k98
+3TRmHiITXssfAAAvFauWBef9waFydBuksceDgMgVcMaAL89hC7SlKSJ9EIKBWqB0
+Z27UIZXVjz6qlLu+1k9yLVjE8v3isfIN6WUBb/Epw5tyOUReIH3a4Ejo7C7sG8W5
+SajwycO6+fGYpb5H1ins0CHbGYqFMkjKVsiI707ZC83D4hXuubXp2YbWM2LLqVlx
+MQHiISQRhS7u3Edqnx0iK2s7cxwgn4RnAglzgE7OwgrOF/tRVF68ljKNYyb2+dvJ
+P+B0tHWe9leMyoWNNl/cKkHmDXBbjSQlNkE154Af0q4ncKY2WRmCA9G4LuNIONuP
+TRnaBMxikRWAPEJBt8X5CEsiXzRC8+Aa9ULwdrid3Blv2QiaUlPJ9D6z5ffDDXue
+xJFEKYOcMwkVHzJ0+DO/gdtNLXsDdGrsjGRjDwJIKaOY5Z5YgEMQRnsjSoxhGqIP
+QfFFNaoyidM3paJ7+0Cj9J0716Sv4dNiALkA0wHuTQfGZ7JZITYGsQ0errFqnq8R
+ZmlUEs8gXMd8iE98D+gmegENCaUe1MtN3lTpuomzzN4p1PljDYGeioFSm96Uw4QA
+2IKLQuJi9Njfn6/E3sMdZpgZ4lxl1rOY1MQIYTYIdrOKRFyrJNJXRW4xdmmHdoFd
+Eb9YHCkR9DCy5hDRaVXxW3DJNKTEnwUD+e32UkOj9C5LaiwKwKzC4QoAIFsn95Ju
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37.pem
deleted file mode 100644
index 8564b40553..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints URI2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBSTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIFVSSTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANCu/tVS
-XB6TUXM4bU2lQ7EKvQrGMy49TSnHlIwEVZ9UNvbSA/ChnCxPIKWiVWlqdqr0evlL
-xdLPxQe6xHuVjkvgFleY6RjA9LqD7YFFvf8AnDD6BV0kIr3itChNI2abON8Dh6IG
-+o48bCPAt9bqxCepQbrSn4mYSlcKjyn66Ev7AgMBAAGjgagwgaUwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIakVWPxjKAjp6e8y2yq
-bdBaxg9aMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zApBgNVHR4BAf8EHzAdoRswGYYXaW52YWxpZGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAXeaQUlCHmmhg1rKHYxVfKaCq
-S574GPbDh1QtQoNmVqFF+yGHse9s4hcYcv7VZB74kYKCFUShbBWl1VcmgPbJLDnc
-MDjP1B35WdH4IGAxCBLHOiuv/1AWL9EfHUdhX2ZoFpJqNty9lFkahCZ6MARJwtS2
-fBh60OItInetzMDECnE=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid URI nameConstraints EE Certificate Test37
-issuer=/C=US/O=Test Certificates/CN=nameConstraints URI2 CA
------BEGIN CERTIFICATE-----
-MIICyDCCAjGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBVUkkyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTowOAYDVQQD
-EzFJbnZhbGlkIFVSSSBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDM3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7RoVBb6HAXuZfLDEJZHtZ
-ZqQoQWTPZt8PsM1IGx7uBWtoC8OpBufVE0QTJZV7uKwsbPCvIAHlsKsoTgxWMPpG
-83/daynjox1RbmbI9Vlc+tK/SbwbkIVJ7bO65t52t1SDIfnPSxBa24BxP8wPqbCj
-d1alYdvUt+5ERxY6pW+3tQIDAQABo4GhMIGeMB8GA1UdIwQYMBaAFIakVWPxjKAj
-p6e8y2yqbdBaxg9aMB0GA1UdDgQWBBQJ/mqtsTQDfDnYag36Bwgfh5EMFDAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMDMGA1UdEQQsMCqG
-KGZ0cDovL2ludmFsaWRjZXJ0aWZpY2F0ZXMuZ292OjIxL3Rlc3QzNy8wDQYJKoZI
-hvcNAQEFBQADgYEAWfo3+4bDtxvUvo7zJGGkAMWVXpX27OK57XmNG8U6Ge4H9ruL
-S3OImTHGFt4EbUhw7OIxtSSCdT9x3SAg+jLVLn5FZYM3tkPk83lLSgSS1kvoRJNN
-zf69vibTDpsT9yzeMDt0vFKe/YN4RJwfBWm0ty7yrI6uUu3oxcwLsV7+Wbo=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints URI2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:86:A4:55:63:F1:8C:A0:23:A7:A7:BC:CB:6C:AA:6D:D0:5A:C6:0F:5A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        73:1d:ee:ad:1d:21:24:88:c7:70:27:82:cf:68:1d:fa:61:18:
-        da:2c:a9:9e:05:0d:b4:7e:e3:ac:49:fc:82:76:d0:6c:80:1c:
-        b3:b0:36:4c:44:da:e9:0e:aa:9a:df:66:1e:0a:80:f4:f0:0c:
-        84:02:2f:57:47:96:e1:f7:ae:e6:be:85:9e:53:e0:97:1e:9a:
-        68:7e:f2:32:8c:d7:89:1e:63:dd:3f:47:06:30:44:e3:42:ee:
-        30:c2:d6:ce:3a:46:4f:6c:8c:e2:43:c3:7e:5a:51:ce:5e:73:
-        7a:ed:f7:5a:04:a8:0d:f2:f0:67:af:e1:0e:b8:eb:9f:cd:2b:
-        24:62
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBV
-UkkyIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBSGpFVj8YygI6envMtsqm3QWsYPWjAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBzHe6tHSEkiMdwJ4LPaB36YRjaLKmeBQ20fuOsSfyCdtBsgByzsDZM
-RNrpDqqa32YeCoD08AyEAi9XR5bh967mvoWeU+CXHppofvIyjNeJHmPdP0cGMETj
-Qu4wwtbOOkZPbIziQ8N+WlHOXnN67fdaBKgN8vBnr+EOuOufzSskYg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37EE.pem
new file mode 100644
index 0000000000..6bef580768
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidURInameConstraintsTest37EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 53 75 D0 B7 C9 37 05 AB BE 60 9B 70 09 E6 46 C4 1D BC 94 63 
+    friendlyName: Invalid URI nameConstraints Test37 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid URI nameConstraints EE Certificate Test37
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints URI2 CA
+-----BEGIN CERTIFICATE-----
+MIID1zCCAr+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIFVSSTIgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE6MDgGA1UEAxMxSW52YWxpZCBVUkkgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRp
+ZmljYXRlIFRlc3QzNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM2x
+nbrTtgYrZ7vvgjKR+rj+GcPuu7hubTLNz64dJYq4bO1F2Pp3AGeit4SFt5mWT67B
+p+jjMo8dpqoO7+Y6+sebnJv1pharZ0fzQodcfl9/wTPTCwQ3hd5hOIwIKEC5rwhF
+OfC7CfAG0LBIc3L8ayYbDu3rfvHr43tSrXeNQCDs4sT50yYrkmSc9cSx9zrBin7y
+1XEEsyvcxbwG6vfazFyBtWylBIxrryPqp8/tCpj4v+YKpjNtBXbtI/rh3NQRWqmC
+0/byyDKuu+ZqkOwBZ/VWX0QysdoH+z010rhboJp09kQqL9P9hgB8WW+8zBk1mjnK
+fhk9TBzniVk7SZFntLUCAwEAAaOBoTCBnjAfBgNVHSMEGDAWgBRN64lx3/AEAbL6
+djpYsbpg3YzTwzAdBgNVHQ4EFgQUtJ9QNnzYVFt58I4Udp2pJfKkuSAwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAzBgNVHREELDAqhihm
+dHA6Ly9pbnZhbGlkY2VydGlmaWNhdGVzLmdvdjoyMS90ZXN0MzcvMA0GCSqGSIb3
+DQEBCwUAA4IBAQBB9r2UKkXqMVYrheLH937+0QmR/JOtK+oaJcw+mJBOzy2NbIPO
+7m9OEAElkt/PSaONwtLyuoEm3/c2Z9DVyFE/ep1ndQ/58Ow9vj0WE2mwU1zhwn1x
+R/pZz2WAfFQrgJZLqFoACN38Hsb4SsGbDIWGQrJSabtJPr2XDfKE6TBhVAMHYtcs
+Xia5zyRiL8c4BEATlHrBlw1CngLBfBIDGDc9sKaXboOoz44uyisAwG6FJ9XR/v47
+Wt1hVvxa2WF7AJAI+HZn8KdlLyJK9zi+eCETErxPu0hwMLhe53M+MllHSzD9kOfq
+7gHu2jUzx/W4G4YH5jEo0EW8qEUcCEQX1cR9
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 53 75 D0 B7 C9 37 05 AB BE 60 9B 70 09 E6 46 C4 1D BC 94 63 
+    friendlyName: Invalid URI nameConstraints Test37 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,75BC6CB11B15DF92
+
+3DizqDfEvcgL0nq3ByKA+fh1S3y6pB6VUxFVsKq3gqNoh/y551DDwYTXq9f6ZlSD
+j984y50YtYufkDg948E+w31Ja4J2/Q6LWSQ6KsHSRzao+rYVIGY5Bi6ClPJRZH9/
+ffym90Xi3HHhmdqBbmUGeWGegYcXLUR8bxH/EMRP3QVuxeMr4oXkNWIa2Daw3SGO
+ea6hvfUOOqLVj/22zswqBiu2u8IJYhL4ZSECTck8uFLvs8ys4CP4RkSQ3lqW2cJ/
+BeGqWWTO1naMkNvyywaObDkiM5IuKH5AkN7aMYr+VTAWJXOlQnrsixMZgRQsBAD4
+sz4sN88En7ZnGCxVrzEKdigvYlwUqTOl5Al1Z7Lb/u+//jyHw8ooF92f9RcLhkFZ
+9o3riTn7PJUNiyHC1i7XfXm0o2TC0NEJrNeTTs6a7JQDjY+1vcUT0KGPJ9CYWWOn
+k6MTqq7Y0CwrOiI5LGnrXn0BGMLD3lLtCve03Io0XthCKcLWa7pyiHmlKyAg1LsH
+Q4uVRMIy/Vc50k4MF4q58UKj+LVZtoFOBBR/aMYK77QtfobrVLJk+9qgscS8iz7h
+YdeE08tvk64AOnzyOZGXXkvHDifXTILbdwsM9yiweKoAMMLRelX6IKaldcku+sa7
+OmR6bOXv6jqWl9PuYte/T6HOqQEqFGOUMR58pC9si8LWiNYzEEGXdcduysZ3lF+o
+UtmfmKHRKBWf5xFLma81mhhp3RbZG8gRKkDqnIJRUBBs7oJEDxZGMX3THCkx2FP+
+TfS2ToyOFk3fIUxR7s/e3ej4wmM3panPmZjwy88AKl4Vjd4c0FLR6FHORlYgdTj3
+c1Rfvj+8TNZVuzn4OL3L5mnuc0q9MqhELeQtNE9E4uVifD8//IAknnEABrJpGgcT
+XbJGmM7ZGMm21jMKnZkDgV4bvCNeuPp2SmM++v6tu8fX+nUePbMMbzFt8tbGfjLp
+6addsVIwNGrsh7XYIV9KvcwCDVMPFbQ3oJd3QS+UYvTwxNvSpAXBeMpmToxuCn9l
+E4JVRWrL9yKEo1GF+2mVGHOasuicjQ2RjXFJ2vtJBk4RDdE9/4b454hL9nXN2ghg
+mAKkn53PypLprugnvywhRSEQ3YBgqLQkq6bRjcJElUFv3YfQdWOamI/KAKn82J2r
+FO5AiNgFAilZHuBSxsfCmK3VAdKE+CZlWWkDEJsjlMFdYY8Lg5iHzDjfMJD8iSDm
++urOHgyvh2eSaOW9SB+7+1ucjga0xIIkotUzxv7HqLdCMYNk/6YYRR8fHmc+Czid
+mMTScS0FZaBLZrR6k6DUBvE2NCzhVu/8w8fYq2yeZch3sv7wIyhVvct91g99gIfr
+wUCw6KAOAJXtCSR4neqKQDh3yKUj9CPCeSUPAwtH+9KDRRaiNuGFgXejLjRsYlwe
+EpJPHcnXy2P7/AWCMmjx24CAgtezPoqkLr8aK8cJcA2CUkO3bSVe30MZzgqWxQ7R
+u26EjHPWF/fOmCPpx2D6mTh/nZa1yqSxmgOVecODKkD4y3m2iF0m1ZPAZdhZNDzb
+2KnX9sAjPjw9t3YFEd5+Jm607M9DfZLr+c6YnRiQKJ1GDCFhQt8LNw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8.pem
deleted file mode 100644
index 0834f93e74..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Unknown CRL Entry Extension CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBDDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFIxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUGA1UEAxMeVW5rbm93biBD
-UkwgRW50cnkgRXh0ZW5zaW9uIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQC4N3fv71Sg97CctA2gdnDYdBCxvD0dw26KQaNDbFJBOuoUZ2YczhV1669VascT
-67yTxIEcK9/IDZ3YH24KxfGvQ/QPio8W8AMrVyCcHJvX6LyAe8VOYc1STiqxmpxi
-lp0TtHeYT9eIybRSaoqtDChQrkbPKB3unwxZbFwK7EJz+QIDAQABo3wwejAfBgNV
-HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU9Vvr2srl76qI
-n9lsv1vOk2kRTYAwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAAHH0P2ABpSL
-gN0JmwJ5PRblM4ot5qt69t9Qxgui/fn5pIZa+tDA3zKtJx1/S1Sm3gdZb+2A71hS
-3h/LIkmSD7rTwgJTfjtKd2rVxvPhLlvC6Pt+8cOlOAfxT88Q5atXsU0P+7ZMw/4U
-3F6PnahEk6JTNn1ylgi/e3jRoVAew8qv
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Unknown CRL Entry Extension EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=Unknown CRL Entry Extension CA
------BEGIN CERTIFICATE-----
-MIICnzCCAgigAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHlVua25vd24gQ1JM
-IEVudHJ5IEV4dGVuc2lvbiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMGwxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFB
-MD8GA1UEAxM4SW52YWxpZCBVbmtub3duIENSTCBFbnRyeSBFeHRlbnNpb24gRUUg
-Q2VydGlmaWNhdGUgVGVzdDgwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPIB
-J/eXGbgEoIPq9cvpKM1LhdR/nU/V8FVZG6E6cGIPHhm6FpNthtmafeQMPHMkT4eV
-41lXx8f9O4+xj0BUXNv/WhGhsT1PHxs+VzLNTG2mp4a6gOaLprNo0vi8C0jMfyQ/
-QMqq0d3vM/QmM4H1AJnguuG4xoSFqLZqIAYC1Xb1AgMBAAGjazBpMB8GA1UdIwQY
-MBaAFPVb69rK5e+qiJ/ZbL9bzpNpEU2AMB0GA1UdDgQWBBQoe5/NueRG8dILVNg3
-c7z7YF5PVjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA0GCSqGSIb3DQEBBQUAA4GBADjyBhwUgM1wXGm948RATjxho9tRdPLLVwj3K0Mh
-JSy5uURrxX2u5UUutqr2ZOpMjUcO0KY0qePFA7Oi2i1Wh49awyxUEqYVxRgBxNtB
-sKxMJG/iV6sX+9X3ObXDCG960+AD2q16GmjPiVrqxE3JQE/1dvdEyHduVgugTEpu
-WOKs
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Unknown CRL Entry Extension CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F5:5B:EB:DA:CA:E5:EF:AA:88:9F:D9:6C:BF:5B:CE:93:69:11:4D:80
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.16.840.1.101.2.1.12.2: critical
-                ...
-    Signature Algorithm: sha1WithRSAEncryption
-        46:89:76:03:d1:a8:eb:7d:04:de:bf:a8:1f:86:48:8a:d9:78:
-        ae:21:21:62:91:3d:ba:79:b0:17:d4:ca:41:ae:d3:43:4c:77:
-        2d:9e:99:65:93:59:dc:72:dc:d4:90:04:e4:f3:ec:ed:63:bd:
-        09:59:3c:a8:0b:ae:fa:ef:11:73:b2:a4:9a:e7:6e:c2:fe:11:
-        04:f1:f5:58:78:95:d2:24:2d:4c:4b:7e:7b:f1:8e:9f:ce:82:
-        76:be:a5:5e:77:e2:33:10:a5:d1:2a:2a:c8:e2:f5:09:6d:e2:
-        e7:c7:9c:cc:5b:3c:52:29:f4:a0:3d:6e:8a:87:8a:94:2a:65:
-        74:fb
------BEGIN X509 CRL-----
-MIIBhDCB7gIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHlVua25vd24gQ1JMIEVudHJ5
-IEV4dGVuc2lvbiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA3MDUC
-AQEXDTAxMDQxOTE0NTcyMFowITAKBgNVHRUEAwoBATATBglghkgBZQIBDAIBAf8E
-AwIBAKAvMC0wHwYDVR0jBBgwFoAU9Vvr2srl76qIn9lsv1vOk2kRTYAwCgYDVR0U
-BAMCAQEwDQYJKoZIhvcNAQEFBQADgYEARol2A9Go630E3r+oH4ZIitl4riEhYpE9
-unmwF9TKQa7TQ0x3LZ6ZZZNZ3HLc1JAE5PPs7WO9CVk8qAuu+u8Rc7Kkmuduwv4R
-BPH1WHiV0iQtTEt+e/GOn86Cdr6lXnfiMxCl0SoqyOL1CW3i58eczFs8Uin0oD1u
-ioeKlCpldPs=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8EE.pem
new file mode 100644
index 0000000000..64d05c4a64
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLEntryExtensionTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CA 4B E6 E6 B1 A7 D1 4B 05 CA E0 3A 9C D6 BD CC 66 FA B4 EA 
+    friendlyName: Invalid Unknown CRL Entry Extension Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Unknown CRL Entry Extension EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=Unknown CRL Entry Extension CA
+-----BEGIN CERTIFICATE-----
+MIIDrjCCApagAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeVW5rbm93
+biBDUkwgRW50cnkgRXh0ZW5zaW9uIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowcTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExQTA/BgNVBAMTOEludmFsaWQgVW5rbm93biBDUkwgRW50cnkgRXh0
+ZW5zaW9uIEVFIENlcnRpZmljYXRlIFRlc3Q4MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA8pQkABHQjAg0Rtoy+Yv5tsEOzBdRIAZdfoierPmbsVp9mOZG
+LkHAevOhNvunCVK8NeFinVz7NEaIaxsBdbAOqcQOez338byeOKLTA3woSTTHK0Yz
+yE2P57stG28RtP6oDYBN/+7Em1V7HT3+nZmvut6hX/ijhYM3wCtq/wwb0Yvopms3
+fMKM8wJ2XCBHIdKhFrQ7d9rW03VYQvsRnLEasOCYIDaoguRgM60pHfdQVCj+ahUs
+9/ZEJCg6bSmnybJnhdEjiy48AOJJwx5dE51diw8aCruouIlpZcuAjx8QGHmtDl41
+VhjDT5UvvsI1Zl4LIF8aCnO/7PAZGtOaRB05dQIDAQABo2swaTAfBgNVHSMEGDAW
+gBQAphnLoS1NKC8i89JMN8//TDDN6jAdBgNVHQ4EFgQUmuFGJWWGdlodm00iyfNS
+V8B1N6wwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAN
+BgkqhkiG9w0BAQsFAAOCAQEAhom7StGhTRkAiy7XBsP7ToZ/jg3ErbepTvpGLQw3
+TH+zX5Sc1b3R8tR4zJ6RChxonMEWq3HvLNdn8ddyI/n0z9yJxanvt3MTg1OPYIBU
+zV6Oua7ryA4BaVNQ6Mg21pdYtFFxoVfhdP6O/2T97GeW8fp9cvKLagDIegl/KQoX
+CGM9uqjiFup6u/EllniCZsx0EKJXsjxA8CptSxbEgiqxFdo+t+7LM+UMMhcqynMx
+imHOzUGLh8H7WSiPo8H0+KNCDRCh8mO1CANEt+PuW6o3hD1K79QTd3b5qBzMPlW6
+5UWHk/Ncn72YrKxKZT8gc0QMdOtGO2L2h7fH2hPXZWETbA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CA 4B E6 E6 B1 A7 D1 4B 05 CA E0 3A 9C D6 BD CC 66 FA B4 EA 
+    friendlyName: Invalid Unknown CRL Entry Extension Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8ED5E5A518FD8B64
+
+5a8ty0N+/lsBZJVhArhMOdNjFyjrJZyD5xea97tdyu8+xtqWQguWvFbhvnHktP1J
+ZKEVrSa+KY/3RWa9/tYs7fpMrQf2FHBB8Dnrx0sw03RAdKiKEnB+9psQxGPBYfEG
+nGFtJvDgrASnrDdpRW1izeixNTMA3/w63wt0InU26KV+5CfV8iRVH0OFm1mmhEnY
+ZKvRxVAtR3WX7DvaYyaRhLRIHWOYT+NzQ+i/I4p0LXTaeYcMTEc3zVHNELpqGiEY
+FQ48IFvqR73reeC5T79OCfXRlDtRvTACZIeig6KsDQET60/cz3DKzJnBJ4m+uQF8
+kVoxz6zVSjTdqwUiA2QBeJ0HYwR5H0617M+OOegG8KC+UmKy3OSkq4DI1A7pzAMZ
+fRxSaQ3jVUX+BJZZt0QKRQdvlKCV7p2wnvb+YCaZ3WwczlM8MLgJ2XtEmHsqsy0m
+ReU/aP5BukEambvjwa/dw8zvDXZehCwqmNoLjT38u/Z4hAMS8vhH0B5bPMabWINU
+fv3uZUsssRg2/1cwtaOU1QaWWKruKDXMFoZ1Q6CEQpZCsYSEoEb3MCAKqZ72KGCh
+XWKWiXL533z8e1PoTJfaWplUSd0ki11xZVrawcJq+zY9nD8z2z5C5C3p97Cko9Hq
+F8Ub/eYPIb32S6jH+U0kbKnjXxq+3/71gianVgUoHb5+V9O9mwVUR6C6eVf68P3L
+tmcMQK6GUu+XKyVMM4lwd/Ql11fyj+LO7EYNCFtne9nYV1K70H4l83FM/ptDeh9u
+IADB8XPzHtm9cxDmEaDD0qSkZJdTWO54RSa9pXR6dljYA61b618ydq2uG9vz/PME
+VLQBy+7VyK8wU8srI9GWtTUD16GrX3CuYhZHo33pqbnkFPDwFqKHkaI0ya4y0lDD
+tUTpBkv9a9v6gzXvb4ZlRWr6Qapm1x5YeU0KZKrOrsbW5WqJeMaraIJPDJtNnCGu
+Uva+oAdtpXOa7yvw1nZS+uU22SoM4q8duLwd4xJO7++V0/iL0Mec5OBIKsSLuGdW
+bbzQs/r/u5wjXhn/iSUrPD+OrllCAHHZI/LYjBr7A/MFoXx3BTCGWKbGf78gPTpi
+fjCtBBxdlOSaDa29dkKddNJ3QHTaCY38e+pfY+nYTc6dzybH1azWKzEUDKWOX+/8
+SSNMLkOD81guneMVIduKhfujej+gQia1ZARIAcI1SoJI++LaEZBgvIxGuK6Es9pn
+mUEXWKWBk6cWEV4o98PdOK8Odx4qfXT0nEWJlrnIUeccfYjmfhwl9dmWoyPy0PlT
+/QNPPQ4/dgPwQc6MaDrxfqecIJs3ng1o+CEsJTLYgEKreD84HXNUoiOswbqGAHaX
+QUjiQFr8Xo6m5slci7Le2WFzNELJhwAYicEZXeBkN+cShcgOjbVHQiNmkaZBLhqZ
+plX0K9kGFRRsAstse5LIoIlgaq4DeKfvYglIukZy0JTGWDWdsnU2mqVwPuc15SbL
+yoPaVX5a3oPv5MxeLiZP3y2r3sisid0+AOCc9Ey6P/iZGiorVu+RBLfE3ft/cROr
+ZxLGPRV3YBguu1WnhBNneSDGaRm0O8O4NrtyQwXt7EAy4XAIqMP4w51RNrkjtSiP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10.pem
deleted file mode 100644
index 8dc7416970..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10.pem
+++ /dev/null
@@ -1,117 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Unknown CRL Extension CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBDTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYVW5rbm93biBD
-UkwgRXh0ZW5zaW9uIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCytAs/
-JAs2Ja8c89As83uwUulH9T9tQPZcA7nYHvlyElO2ck8TAyHsxyTJEX3dSXo5IOhG
-VD2Onq3BDeRFf6pu5OMpoQ3OGJbb4q22/qZtN6etR0haIBvS2ftAIPX1mJHU48rv
-TuMEQ0hoVtFxKdyYSeFaw9iBTbcaZdPUCMbnIwIDAQABo3wwejAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUao8V/5j0N/1M9CcF3W7o
-YaFVtKswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFoi3BNwtKmwgQu7YVgw
-RJCuLiqFCNPny8zbrLdJOyTSB1MqnPBzrnx0E2U6i+5RTiuIUrD5V54/46OcAenb
-ABT5jTygyoV5M03Iy6ZRQ71ZqeX2hc8LeHetvMTN1fZiNOtwt6Qn4LtWGyw5KH34
-KMAytthglbz5meZVb+cbK820
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Unknown CRL Extension EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=Unknown CRL Extension CA
------BEGIN CERTIFICATE-----
-MIIClDCCAf2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFVua25vd24gQ1JM
-IEV4dGVuc2lvbiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGcx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE8MDoGA1UE
-AxMzSW52YWxpZCBVbmtub3duIENSTCBFeHRlbnNpb24gRUUgQ2VydGlmaWNhdGUg
-VGVzdDEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCi6/iZeRoibZWIgFQb
-pVXsmxIdt4k56SpvzvPgJPyoxkehfaVCNpZQ9udynRLZaogzk1Js85Xmf+O3MBul
-a/xJq4BU0Mit5jPBDcfqEpOu4ovFBfX7i+nBDbBiS+2v+QkqntokkwaDKKCnDRV2
-qjQdAnTFbFNpkpyO3yhWJ6ASOwIDAQABo2swaTAfBgNVHSMEGDAWgBRqjxX/mPQ3
-/Uz0JwXdbuhhoVW0qzAdBgNVHQ4EFgQUkm2zSID0l7fhHwrbvsB+O9PRHtkwDgYD
-VR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0B
-AQUFAAOBgQCMYaiiImk6MCNreccITRisfSs0mHnXu7opjgpXuD6GcKnQtOhN/52T
-12dfAZMp+ROHHg2hZ1xWY7Uvn5IWbWEepjY0SpyGDsuzLgEO2xXg7DU5n1yxZpao
-mnsYHYHJPrTQK7jpsbutOP27RSNid2jQNfnyDoYsn2uCl6zen1aoCw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Unknown CRL Extension CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6A:8F:15:FF:98:F4:37:FD:4C:F4:27:05:DD:6E:E8:61:A1:55:B4:AB
-
-            X509v3 CRL Number: 
-                1
-            2.16.840.1.101.2.1.12.2: critical
-                ...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        87:83:34:a5:84:cb:5a:ea:95:df:cf:c0:15:aa:4a:32:5a:e7:
-        29:82:92:af:40:f0:c1:5b:0f:f8:4f:c5:ba:af:bf:12:16:85:
-        b2:d9:df:d5:f3:5a:da:bd:15:8a:ec:d3:a1:af:e7:8f:80:48:
-        54:1f:22:c2:8a:74:9e:c1:c8:5b:33:a4:8f:6a:30:43:91:35:
-        0b:08:c2:87:c5:5a:b0:b4:30:6c:f4:f7:22:7b:71:b6:ff:7e:
-        3f:ae:da:aa:b7:d2:4a:a7:10:7c:70:b7:6a:10:85:d1:9f:d1:
-        5d:bc:36:44:30:32:6c:bc:a6:8e:24:96:62:d6:68:c0:24:13:
-        55:3a
------BEGIN X509 CRL-----
-MIIBfjCB6AIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFVua25vd24gQ1JMIEV4dGVu
-c2lvbiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQEXDTAx
-MDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaBEMEIwHwYDVR0jBBgwFoAUao8V/5j0
-N/1M9CcF3W7oYaFVtKswCgYDVR0UBAMCAQEwEwYJYIZIAWUCAQwCAQH/BAMCAQAw
-DQYJKoZIhvcNAQEFBQADgYEAh4M0pYTLWuqV38/AFapKMlrnKYKSr0DwwVsP+E/F
-uq+/EhaFstnf1fNa2r0ViuzToa/nj4BIVB8iwop0nsHIWzOkj2owQ5E1CwjCh8Va
-sLQwbPT3Intxtv9+P67aqrfSSqcQfHC3ahCF0Z/RXbw2RDAybLymjiSWYtZowCQT
-VTo=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10EE.pem
new file mode 100644
index 0000000000..346ce3a3ad
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest10EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: A7 BB 02 45 25 F3 7D F1 D8 E1 43 94 79 35 18 70 BF 19 F4 03 
+    friendlyName: Invalid Unknown CRL Extension Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Unknown CRL Extension EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=Unknown CRL Extension CA
+-----BEGIN CERTIFICATE-----
+MIIDozCCAougAwIBAgIBAjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYVW5rbm93
+biBDUkwgRXh0ZW5zaW9uIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowbDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExPDA6BgNVBAMTM0ludmFsaWQgVW5rbm93biBDUkwgRXh0ZW5zaW9uIEVFIENl
+cnRpZmljYXRlIFRlc3QxMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKxv/RraXalQIMNtg/u4DOowVy6Z42Ie7yUF43FcKATg9O4UDlM6fPF/Kex2QvwX
+zFx5gy3obUkZ+IdCmuURe+zb5NpPWdvT6XnMG4gkNsXnjWIXA2aSLJocDfktOcZ8
+xDpagVh0LjRgXJ0sZqYBG5xV3AS60+2ZZ76F6sS5DieU5ZM8kjVPtZg+keG5iB66
+N0VSeoeunx12TABPn98i8pqkhqd29KWKLZ0fAa9nwx+W79BDvEhitdEl+RZtiHmI
+XojnB8nlNWNqQd22Ecr2HVxDXZ7K2rraHnjfecQL3Hfi5/0IGdPxO1GAjW+3v2bv
+Ok7qDdZt7DMnzmrCSMB0wwUCAwEAAaNrMGkwHwYDVR0jBBgwFoAU/f/+GU3bDJ3F
+otiCVuuw2RBh4zEwHQYDVR0OBBYEFOvpVndbfwazHTWOwGmszyZU2w5AMA4GA1Ud
+DwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEL
+BQADggEBACtOcemz0wi8/F5s10MSmAelSSFXOe9srcYq+E6wGW2tdBgf4hDZZ7wo
+RixYJgU0ia5ZhIcEvpU97rZV/wRwDhl/W9mSgj9WFpKNaS1BVl4dmLlQ366Ssxqj
+lMxugFKpqA1lK8R3CG/XlMXVfJYQD5yonkkw7H9Ozu5tqn7sXmRRvMGD2GpyoHDq
+h5TXQ9X/gEcEpvilOUqju0PxZ4XGqf7v12X+RaQRg3CSwZR1OufNQxBUYDkfhW91
+MD0rFQLdXZMTLtvWD7N/8Ycqb4d6BUWgWfIC3hzO+LBlGSPio+2G51XbsjoJbF2N
+1rHplRvqqoK7mUx5TaxKmRmB3O/N0C0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A7 BB 02 45 25 F3 7D F1 D8 E1 43 94 79 35 18 70 BF 19 F4 03 
+    friendlyName: Invalid Unknown CRL Extension Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,44BA9792D4E9C9EE
+
+7XjVfX5tOxPAvijjneOooE1jtYcjKeKaOAdWnwPa5hSobrsxgyIvTUKuTkaiNmFC
+viD5YeOMD02uRdoUE56QnSFFgm/7KUw7B+ei6b7x/Gw+T0o73Po7Kn0MSS6LZ81P
+kBCyETCrt8nGnVXunU1ufyKZQuoQr8egypfg+iNaOJ2m74KZMoXHeZWIfX2sh6HO
+8jZdlRbjQip1mR37c+pxf2aNMN7M1L2yy4HXGcATI3GRgWyoHT/Y2N96fplG7q/f
+ql72slc7kA2590sDFLLndIJYbkNTshjcwds6/EhimEdQ/ji4rnh2srp4mNgLbz3X
+GAsJxmrd1OHycZ4nhxgGHwk9ww/sI/sb7FNsc0+uKWUNcN7MPqVdX1R4N/hn/H3z
+S4UNFdRG6fX0qjDFccRzq4CSPqdcarNwRKrLSN2WairHdY1N60gSDPdt1rgdxhsm
+4myi2h+nIJc1qKU9ddUox3+mJ4r/xmXxeD1U1bXU5pvsiTP1GGQMQcVBsuzHINkP
+FCAVnOREP6wVCKbgZwg6kFe65NeJ19hBSFHZKFim9rjwFSfAfQoVsh7nUHCoAOGI
+FtabfzLbyucleuUk24s1Qtcc67FOGbZCsTgshzqjAkeyciEVDyx0JiuNb51DCsEP
+oav665KQodNU1rZHz2nBI1veDaiHBMsuoTytuVg5q77w9THo2HqJOp6zIiO4dJbt
+k95boKUOw5oQCPEj2ALumzBT3W6maYwNDXKiC4IPnJr6OcgqAKv3UdECgOUYNTAJ
+78ogF7fv4cSA3iwj05cIsiE2vN5Sqk/3HyD+OrSrk8BUQzD0MCv1B3M8GlVs3cvj
+/6q+p+u5q3VK2IymLnm7kb+cI6s/l5COpTA6P/Np4G2Y1JGus0L3p0Y5GsGbeFap
+YHl+e8TtvAZTqALnNlx1844VOOgp3GdYDlKpgChs+Od3ARuLTNpppm2yUhpbeQ2h
+uNkuzYgkZuXZT94ExPaOHEF4OmHz8iWLF3i22+F2UmvqGMYAO4EpS0y1CrIcNFTZ
+BiW2a98/uWmwffp8PuMAATABqbU8xbPJEhyxhl8VLnef8j+mlUJDsCq3Kq235Pvq
+zuSTK8mFz7NHbRzH+LUl588Xg42nhgLkDzVSpql6sONENrdoEU1KVxBEp/LpXA8c
+Wks+vQVkXLpNLB4PmtraOiRtYbmYk7QLNv/Woxjr4BljrOS6uz71dvHcZnCGopuY
+4FHDYF92Z2HmkTjHMEIKzVWlBAeBiYn4WQlS+n8Ov3t2odUBlXZYrcNU9uMsdrJF
+HH+Ja4B1QW1xT6qg736fssi5xD7hdOinNV8hliQ9mAlYuTtPVZSFvYDu5Xwe0N5g
+fqc49ifyy7RUOoK9m993sx+6JQc3MoaKZnW1GlgV0QX99AQ+60sVCJDqgm+kAioa
+sLuJZlBDGXnsxYktWvKVmgwndj3QfFXEx2CQr4csjrUzQEJNotrje644hd6dOHuu
+Ol8dWNgkRiJV0xmP9H9eX2ybFdmDadnind2ntwqV0z+UJxWnujqDC7oxnbb+gLO1
+K/w/PlfbJGpvhGqa24JelP2v5/zersCzPmliw6pzRCF73FcBLhJoozyxMfQrNVzQ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9.pem
deleted file mode 100644
index ed2ddac429..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9.pem
+++ /dev/null
@@ -1,117 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Unknown CRL Extension CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBDTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYVW5rbm93biBD
-UkwgRXh0ZW5zaW9uIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCytAs/
-JAs2Ja8c89As83uwUulH9T9tQPZcA7nYHvlyElO2ck8TAyHsxyTJEX3dSXo5IOhG
-VD2Onq3BDeRFf6pu5OMpoQ3OGJbb4q22/qZtN6etR0haIBvS2ftAIPX1mJHU48rv
-TuMEQ0hoVtFxKdyYSeFaw9iBTbcaZdPUCMbnIwIDAQABo3wwejAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUao8V/5j0N/1M9CcF3W7o
-YaFVtKswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFoi3BNwtKmwgQu7YVgw
-RJCuLiqFCNPny8zbrLdJOyTSB1MqnPBzrnx0E2U6i+5RTiuIUrD5V54/46OcAenb
-ABT5jTygyoV5M03Iy6ZRQ71ZqeX2hc8LeHetvMTN1fZiNOtwt6Qn4LtWGyw5KH34
-KMAytthglbz5meZVb+cbK820
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Unknown CRL Extension EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=Unknown CRL Extension CA
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFVua25vd24gQ1JM
-IEV4dGVuc2lvbiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGYx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE7MDkGA1UE
-AxMySW52YWxpZCBVbmtub3duIENSTCBFeHRlbnNpb24gRUUgQ2VydGlmaWNhdGUg
-VGVzdDkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN5hxrET3bqQkPGYoOqM
-k59f/6Bz8rfuR0w0CP8UqMM+W2xDKIj+J1+sHfl1rsbgm3kKLrIF/DeRgOUS9k+m
-1gTj4NxYqTLXRu3AeqoWe7Z04z8WxqhHyD40VbqJeZgRl960H7nqSS7FUCE5Uhrz
-cBhoLlhH2/lYNtZmNFemPVA9AgMBAAGjazBpMB8GA1UdIwQYMBaAFGqPFf+Y9Df9
-TPQnBd1u6GGhVbSrMB0GA1UdDgQWBBQ/ld8yhWsnGl6nmqhcM8TxDa9n7jAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEB
-BQUAA4GBADFhplcYCh5Wt/vpCzwZMGj0be5RMlPSh+6UWKY8gR+TknXyeyhIN0TU
-R7DRXv/XE6ZRQda9Pslooz1WB/VBez54Sg3EirsB8hK/E+PS//mo0NN5ooOdWb8s
-WqML3eEo3XVs0Fj1mYc+8U4bYRPrtDVO4Mr/SnyKNNCf1O5R+X74
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Unknown CRL Extension CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6A:8F:15:FF:98:F4:37:FD:4C:F4:27:05:DD:6E:E8:61:A1:55:B4:AB
-
-            X509v3 CRL Number: 
-                1
-            2.16.840.1.101.2.1.12.2: critical
-                ...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        87:83:34:a5:84:cb:5a:ea:95:df:cf:c0:15:aa:4a:32:5a:e7:
-        29:82:92:af:40:f0:c1:5b:0f:f8:4f:c5:ba:af:bf:12:16:85:
-        b2:d9:df:d5:f3:5a:da:bd:15:8a:ec:d3:a1:af:e7:8f:80:48:
-        54:1f:22:c2:8a:74:9e:c1:c8:5b:33:a4:8f:6a:30:43:91:35:
-        0b:08:c2:87:c5:5a:b0:b4:30:6c:f4:f7:22:7b:71:b6:ff:7e:
-        3f:ae:da:aa:b7:d2:4a:a7:10:7c:70:b7:6a:10:85:d1:9f:d1:
-        5d:bc:36:44:30:32:6c:bc:a6:8e:24:96:62:d6:68:c0:24:13:
-        55:3a
------BEGIN X509 CRL-----
-MIIBfjCB6AIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFVua25vd24gQ1JMIEV4dGVu
-c2lvbiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQEXDTAx
-MDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaBEMEIwHwYDVR0jBBgwFoAUao8V/5j0
-N/1M9CcF3W7oYaFVtKswCgYDVR0UBAMCAQEwEwYJYIZIAWUCAQwCAQH/BAMCAQAw
-DQYJKoZIhvcNAQEFBQADgYEAh4M0pYTLWuqV38/AFapKMlrnKYKSr0DwwVsP+E/F
-uq+/EhaFstnf1fNa2r0ViuzToa/nj4BIVB8iwop0nsHIWzOkj2owQ5E1CwjCh8Va
-sLQwbPT3Intxtv9+P67aqrfSSqcQfHC3ahCF0Z/RXbw2RDAybLymjiSWYtZowCQT
-VTo=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9EE.pem
new file mode 100644
index 0000000000..242a518027
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCRLExtensionTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 22 6C 84 58 83 E7 67 7B 55 13 23 18 2F 9F 0C 4A 9F 44 5D F1 
+    friendlyName: Invalid Unknown CRL Extension Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Unknown CRL Extension EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=Unknown CRL Extension CA
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYVW5rbm93
+biBDUkwgRXh0ZW5zaW9uIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowazELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExOzA5BgNVBAMTMkludmFsaWQgVW5rbm93biBDUkwgRXh0ZW5zaW9uIEVFIENl
+cnRpZmljYXRlIFRlc3Q5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+sZdrxzcECX8Ri0LLXI1mzV9xmBAlrK0DAO2FWpm7H/EojNUfwYjmGK5Im4UWJ/Gj
+HpOopwkum3ZmnsjIGZwv/8xZhzTvirJwlvXluaTLpxjjec38Ns/aS4KMRBZfYTe3
+nffklLOsmYUiEaDehtA8igBCA7PQCMmi/UzEPx4oBBErihBid80k1fooZy2Rdm1q
+Y9oWRDZtDZQnoloPzp0Z9NjqB7AzaTMYnhmo7kJu5LyUeGM/oWjHw6K5XFT0Ktiw
+d7RUquN0FbMKgYJlpuB0SygFqkO7Vd/Cik0qDfgzfSN3Q7e5bwF9gWKBxJHh8oeW
+vjJIhJlaDCJjyG6wCBq7SwIDAQABo2swaTAfBgNVHSMEGDAWgBT9//4ZTdsMncWi
+2IJW67DZEGHjMTAdBgNVHQ4EFgQUqInp6e7BpgRmX50LwW/1K/AeplgwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsF
+AAOCAQEAK0J7ckIbbVyqqgEXIzziD1qpliCNXcjw0ei9x873IYVdmkGqFF0aFAo5
+lRdzVw451cGt81zHoJekwpQSUKneH1bFEsXWY1Z2wSbu8VFSGwcdnvMHhvhRJ2vv
+qeX/GG4VZm8QH6Ut9MKQB0ouQ4WCNR9nSeomSomQd7NapE9JcxZ7s1c0nBpGeIaX
+q5+MN4vVMrkEv6RvaeXJEtQw2S+wz4ZLgT74bzi52VxpCW9L1ilH+LO6LVqL+LWO
+SghiO/N5LT7oPT6+uIUCAXZn1JQw0j5v3+ljPLiuxHzr8bJKQu/dnqgsz9VA4C+B
+HRsOqzFlVMaEjl4nJtiLhm3NEs4Xlw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 22 6C 84 58 83 E7 67 7B 55 13 23 18 2F 9F 0C 4A 9F 44 5D F1 
+    friendlyName: Invalid Unknown CRL Extension Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B4184B7D6FCDA35C
+
+yM86fFbHKFOUuwVFtV3YvfqNhikDBjZqcXZHqEErVMcks6oU5aSFzKXZKENZRSK/
+2mSlo2d2/9bNC+2Q+e7PPanZ/pyst2c3TcfL4Zvkx4qe9rR1Lys6el0eQEVv4reO
+Bvnh/kh7G/+bkYNiAIS54A3XH6bdSI+nde2B3ZODePJNFuRkAlOzEVzTSlxgia/B
+P3a6TrmlrkfMHavoue5AQj+pmNJkrSfWrzo/Qx0lrpJpOoHEpIyCM1vMEz5gR0xI
+OjuVcA9jVwaVttiOlSfPsPMwNbi3JwRc/x2IRFvL92z1ZkaEOlPIP0g4e1d2M//8
+OPqouTcPH/mFq1i0PPnQllX3+uhkk67Y4zFKcr745an9t5fH+g0gD/D+K8cZ7hha
+DRVRJx3kWhqv1TNrMQmssd3qgApmB++P/LlV3uEwu3Sam+Vv/DCesxSd4rEEFv7E
+KMWa+7aQfZ9HWdG7HEHfGrx9v06cWiBEN15SPF7+BERQSV137M8ElUlpwQj5WY5r
+Xo9dkqc6c2yt9s3xlHilUrinOi+fWhoE7cpd/6LEiOAEKq/j6QI3Uaj2/ih/tsBc
+7EVwSQeSIasf+eIPGq8BDouMCIQ3nBxGfUHwJ+U4zGLzqpPPGXT1QfvS+9SnstSq
+5RL3HpBHKfclSC5HYLdE7h9PVDYW1baVt+jDSOYJqntDK4+KeiIVTLQu3aIrzssv
+sLGKfofCAxDvNMCEZjyoPXjwo5qdltSx4qZ2u+7knsMmeIaP0no9dTS0ZbZaRfLW
+DfX2TMZdXl++jrQh9VHiNwvJN/vM0gOpLdOjvn3CPnms6m0/YRf/nj2yYkT6AMay
+EaxXlKPS6G3MAtPwoJ24X1k7WliDJztZzP11nF+CHllbtUpTgUoOfOKOmuPk4b8K
+SWO/udoNjrXFQwD/zI4RoF1z5Hz46JpmYDYH7XrX0y0rbUuLfEp9SCK3BfTEmMzM
+HZ1lefBDXDBImkbugtf2Zd6xaxTHL0BeE245mnOiEkwPon+lW6JkSavhSEfH7I5M
+LvO86Ovy2y5T+YZz2mXky8UfywFhGPPUW9SIOkTgGwrS71n+7c3j28U4OiCG4JB4
+8JzxqJ2O9rufxFYF+HcbWYK1vd5+jq47mnvSCRn7EMLZKtK/IenFyENRPHNhPicm
+0n52bn2lGz8BzD4EX/OTOzPyrS6Lm/g+82RMX5ygu4CRf4WwmNOi/3mPj/tNnLeN
+yGIYN9k70MTSdaoI1HBp4X8o9/tJGmcLEtu0/tLtRr66034kqqz/L6SZT5NV5wym
+W2HAGz2ae5LsOL19rr1Sr/x7PYPURTJnFY1N6nkEHZ/4+lfekAd1JKPtMk40RljG
+Vix75xnH4CVlb/DjXl5aq6kxrD2Xmpssw02VxGlcIu42FXyI9UfkH8qkQBuQYyE5
+8L3yOehKV/b5IdtCVMZ0JUfT8ugqK4g27KTXS4FCAvbJsbv3A0PpQ67XNU8eDAMo
+aKBPsM6gcyd3asAU5lERXuT8VQT2yxlYQo6l4pTk8WbTh8TmXDsYlldfkdIFtSkX
+gQMXf5gcj6XotTMchY97Qarv7mUsujxg23e9CnbijWpceV8aA4VUHVFLG6ctVn39
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2.pem
deleted file mode 100644
index bf772ff279..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2.pem
+++ /dev/null
@@ -1,58 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid Unknown Critical Certificate Extension EE Cert Test2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBXzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMHAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFFMEMGA1UEAxM8SW52YWxpZCBV
-bmtub3duIENyaXRpY2FsIENlcnRpZmljYXRlIEV4dGVuc2lvbiBFRSBDZXJ0IFRl
-c3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdgE9VN0Ghm/NmN4sGBIWC
-mYNYrK8ADbOxwu75ug/F5jR3Wq3Hlg4aC8SCNQ2h/sEnsGhZ1nsQwF1mDWMvsGrR
-87vV31pE9SlPQvMPG5S9UlqHO0b/4wj057sWoMHSvOcROdgJti2Dzt9p9+ArbK56
-kYAf4TYDVQi/UvCb4TYe9wIDAQABo4GAMH4wHwYDVR0jBBgwFoAU+2zULYGeyid6
-ng2wPOqavIf/SeowHQYDVR0OBBYEFCWr0F6axQ7dDvC4QVdDsvqzwEdgMA4GA1Ud
-DwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwEwYJYIZIAWUCAQwC
-AQH/BAMCAQAwDQYJKoZIhvcNAQEFBQADgYEAC49hK2AAPynegAqkmf6gK9o2lbGR
-G1PQFqTf+zLATRWYbB+S1lvMJEOYcf1/T2arOgWO6xXJHvQ2xvYr6VbfBSnIdhUW
-OoIQIAowM3RWpZaHu9Ze31BXnoiw3AJxmzIzuD5l+4RyE5OeqTtfJK15kOpeJVdH
-aMmBFW2/5/9zl0k=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2EE.pem
new file mode 100644
index 0000000000..1a90066703
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidUnknownCriticalCertificateExtensionTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 20 42 CE B3 BB 2A 33 9E E1 57 6F BA 05 88 00 FB 02 43 03 E9 
+    friendlyName: Invalid Unknown Critical Certificate Extension Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Unknown Critical Certificate Extension EE Cert Test2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIBXzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowdTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExRTBDBgNVBAMT
+PEludmFsaWQgVW5rbm93biBDcml0aWNhbCBDZXJ0aWZpY2F0ZSBFeHRlbnNpb24g
+RUUgQ2VydCBUZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL11
+HGmB8QxySRRl7MvXOzraGLZJeos5aZMRg3lNXzHEmkW+O4/2YkjzYUvj10VhEs9D
+lUAejvIboJ6ZXkYiFx87pZww1Ab7tp0TbrSzT4N2O3+oYosaRNTyYB9Rl6+JOmAQ
+nmk0Wz6Q7KbFzhQPG10mbFtP6WZPW36l9M+KNiLgTdpbPk3R+cVI+ICwaHBC+8Tv
+dNlDsK//6P5NwqS0LyYTT24Tjk7WTpt7f/i/Uczr4k+2hG3hGbMh9x18sZcsSsZi
+5QdsTU0PgefHt1dFlyRP+zY7xBEyCDkLR2KWZdPW6f19qPNagNOLzu7k88oa50v4
+YAegSLRu8SI2dA1Ys0UCAwEAAaOBgDB+MB8GA1UdIwQYMBaAFOR9X9FclYYILAWu
+vnW2ZafZXahmMB0GA1UdDgQWBBQK0YrYt0innsAmNsSrdytVebzazDAOBgNVHQ8B
+Af8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBMGCWCGSAFlAgEMAgEB
+/wQDAgEAMA0GCSqGSIb3DQEBCwUAA4IBAQAckvMPK/r5WshWWXP+qSdUqT7WOfj7
+hdAJfI0aAdCT4sNrR0boObpmHl7sqo9CVRhW9GCgsavFNl4yjEOOdjyz/9wzs08Q
+YI3qgnbqV/r6OiklMuSar8PLoy4v2EmSnB7RLQ2ErbAtLv/gK7lKYj/Rq3Ktyfds
+rnudx2kHpi7t4M1rmHa9SxlheEj4JCTTiDjkn0dVyMov0dvgegQ2bfvTBOmvjt6e
+yo7uiCo0UqrDyoV1ZFa00ylk4EgoenpMfsXbQMUgzS/m0w5O4nPA2YxyBxL+pJAf
+4XP9PD0Ro2E8EKk1i81OuEucKruaXBy774BEGrdZ72TTo0XJSp/TT4L1
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 20 42 CE B3 BB 2A 33 9E E1 57 6F BA 05 88 00 FB 02 43 03 E9 
+    friendlyName: Invalid Unknown Critical Certificate Extension Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,651BDA338F446BFF
+
+AZUCywxK4m9yRJrXqO2HqYZyh099Z1G0dOf0B9Bj3onzixwTb/2NJphl/KP3qeoR
+N/TqXCawDW6VtEHD2beiP/6AMbucgK0aPwHn6S/RYU0Y3tedPD9ZfiIx7Wu024Jf
+2XMCM+WhNv4MRcW8lq08lm3eRk6awQOtNJKUpA1AsPtxwjGVNSVKgaZS4/IHREdu
+r2AYg1R4amj7/PFfZFAymPyWXwNFGHIf4IlORu2yOyjnVFm96OZYm6H89DgKZtkk
+y29ZKEVhyljM4CIfqAT84OVRKLN4182dPL+F+GKoctQjVP/7+CgNya+d5SObsBSy
+s0SNwJ2bz9Ea3H40s2tjSy1tK/NbsgIf8QMODvUqzaB+09vBXrhH0fVR6NeA+8KV
+0gpoZI7lfcJUcCf90bosVxSSWcxNZkqbO5dUmrDS5ZeT8/O+62Ibnb5nmJCzqQZ8
+s7mlbzNaZ+gxQjdpPQufLN9iiVVR3hQPWxbev71DoQEI3HC1iq5/CwlDyOPKVUcp
+Yvboxki+vsYEpxDklSgOcVNnEnRZcSk/YnwGJbOCaWo4bWqAoR7EIfXFiSDW65Pn
+vuJOFQPDFXejfT6MIoqpxhquIh/9CtE0mnfFq4ZvqNzLlaTA0j8nb2tXiimXlMtX
+iosOCPSmKhkzam5NeoiXxo00LAJLISolPA0nfOEF/WWkzE6cw9+6UGo1UZYBKwp6
+O4bwHzv4LAjn98sXOQlEJF9n9ODH10oM+Q6b/ZTfeSA0OfZkV8g+s3/WkXVg2Pwn
+KiPdAnwzj1puY2sdeaDxraJdf8G1F7eerwMILDdkdftb2NjUl9dBhnQuOSp4srwb
+8oLvJMFDqqHWcRW+phkNIUDep19iDfgfiDDTzhSFZdeVIqHywzoXj/KttiQT57n+
+mZtRvdvoUJ//5OioMhuiXBaRL90GfA6/i326mTgWELdI6XGsohsVzH6rPZDJiWFU
+sABwl4fMTTAsSkDA76kFb4SwwENY01uRDbF/U3GqKt8Wl3gil0PkMs9vaBM/zyBb
+xuwjVrFAYl8qLyfYcs/r0prYwp8pIvjZNzo9po4RXGLIu0DXZaHCH0Gl4lgAfDar
+vK8U96JM6m1BW1ktNZO9WW7IVyiytxhRMVEL4qV9bwb/77aMAGe6mHrivh7N1HT6
+9pRrM+fUB2/8xIqpnGR7EJ3e+Ci79MPbD2Kt4UW7XuhzOBlY9Hc5Yh0SaYcVPfUO
+iBXwkUbuEIMIjJbnVowW0+fM8dCMABO5n4LTULJG4LejSLFhNC6RKhddHK471HbH
+Sunz1bsnOPkukh6ipjdZvn4jtRvR8frY66qvmi/bEqUJ9Zypy7iz1H3I8aD9v9ly
+WVuKLkDFOu/p4Yw0yU6UGZl+XNGmXm1eOw7Rqf0J4Xk8HA7XJB4fOplBhXbt79+P
+e5Z7u8uo8BZhXHAZaEPnFf7JAVBEfP4Y8J4ptcWLvISv+5cy3zX9VcrXOxPCBIm9
+crSxMn6VqbpnyEzvmZQlCJKBCNxckAciqHJsVOjSKi0yiJYNPc7q794H8dK2hXij
+szapKjWjmPPd3hzOrEMHqFqhuL1LPfZ4uD71D0RG9QJw7LC0UPOIIBM/E9APGIW5
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6.pem
deleted file mode 100644
index 7f10e7695f..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Wrong CRL CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBCjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMV3JvbmcgQ1JM
-IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrjpkZYUtNf/4W6weCyaK0
-JDUtJyXxK8YEL9R2hpnPnGceXRXEkq7XPWyNBAC+lpGPd+mWjvX4A/MAsGHsOiY3
-I35sJHR0ViNoDDIpACYBuNhtFTQ0JHS34zOZR+jG0BYSib4h+svHctlVWGOY3l8F
-lp8EWSm8YZ3kt7kycshWzQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQU1G3jwp/Wffea3VwN0SfwS1Rpd6gwDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAI844RkGSuDIY9HF+gW3Nd6C3sILutA0Zsqw
-Ih0wWh/y9VOV6TNvPd8BlF1i0WkAMcswgqhrODgySpG7fdDlgMTSI/Tz0ObYbsA/
-Dcd3OplmCfRKi8biDWnBn6LdZysZ9uiIOBFyOFr5cfWGlgSctiXxtZc15sju+TTA
-EwWcPVar
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Wrong CRL EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=Wrong CRL CA
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFdyb25nIENSTCBD
-QTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEvMC0GA1UEAxMmSW52YWxpZCBX
-cm9uZyBDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDYwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBALC3wWGmw5/yOOPg3RNvStJ9JJIfBz6CyFWksquf/4icnW/wL4rx
-hCxN1vNOSiH+IrOgWYTpkpGPiMvbvn4h9I2Ytzimw1O0EPTXFAE6CdJagxdcsFHA
-1UJMR/+666NEypeYmyaFMPduqmcR7rED7TZZgQGhltY2+06s0SghWO1fAgMBAAGj
-azBpMB8GA1UdIwQYMBaAFNRt48Kf1n33mt1cDdEn8EtUaXeoMB0GA1UdDgQWBBTI
-T2I2nkS+ARaPkr3QPXOlb30emTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAKM9XsZ6SDRWXHk1nyBsa28P
-ItsxtO1B0ZnK4Aboih9fOPg14udmRCVjgc7Z3UCl+F8YXFWKkisitt55o74MCv60
-2vlEaBrRBPMvTpHwqyNIWCcuDYBT4JrfC+iF8RwHtts9c0KUUn/bwXAuvDclEg79
-XUWTzrxsqFVOnMEktZUm
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c7:32:ea:21:ff:7d:01:d4:f3:d9:c5:a9:ea:04:35:21:81:d2:
-        13:f2:35:d3:e4:53:c5:03:93:de:a1:2d:25:56:64:bc:52:20:
-        81:53:69:6a:a6:90:26:38:bd:ed:31:7f:a9:7b:c1:e8:a9:e5:
-        07:97:82:bb:3e:8a:f9:79:ec:2e:bd:16:4c:31:6b:b6:80:ca:
-        ba:ba:0c:35:0a:d6:08:3c:31:78:fe:d3:3d:06:69:6c:3a:e4:
-        07:4d:6e:84:21:d3:c3:90:60:8f:99:90:62:a9:16:38:25:2f:
-        7e:08:5f:2f:cc:59:d7:7d:9b:2f:d8:0b:e7:70:d9:64:f7:01:
-        38:8d
------BEGIN X509 CRL-----
-MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU+2zULYGe
-yid6ng2wPOqavIf/SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAxzLq
-If99AdTz2cWp6gQ1IYHSE/I10+RTxQOT3qEtJVZkvFIggVNpaqaQJji97TF/qXvB
-6KnlB5eCuz6K+XnsLr0WTDFrtoDKuroMNQrWCDwxeP7TPQZpbDrkB01uhCHTw5Bg
-j5mQYqkWOCUvfghfL8xZ132bL9gL53DZZPcBOI0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6EE.pem
new file mode 100644
index 0000000000..8a764dae01
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidWrongCRLTest6EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 49 9A 22 5C 7E 4F 47 9C F9 9D 01 7F BA C4 B9 7D B7 18 B9 A2 
+    friendlyName: Invalid Wrong CRL Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid Wrong CRL EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=Wrong CRL CA
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMV3Jvbmcg
+Q1JMIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLzAtBgNVBAMT
+JkludmFsaWQgV3JvbmcgQ1JMIEVFIENlcnRpZmljYXRlIFRlc3Q2MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLSUqSQ+ff5gAG8H8PWG4MFHgx2SKmPN
+Rr1wAwhfFEIrA9cJWns8gYqTKXRkfTHoQlqHXdg+7dzmZ3QRy9DZ8FHDTGK1YikH
+lTTbTo3j19OmOY7pVmByLa7FOHitP+0ck0QdFTw1eS5frVgs7K9abmLbvz+4YZY5
+bPAdVttyOnw0h4IoHEftx1K+7F+aZUc0WR9GD/XL3gsrnRkiNYVOraX+07frVn4a
+3hLtDWqOEn/0GDZoSfDuMdsjFhwjkObbnzzOQGZOMZerLdwva9c3F5nl52H7iNk+
+4UfaSahjOPfcCNDSQf/teiId+VnO0mCMMqkDxDh+dAENlKwbjGfO1wIDAQABo2sw
+aTAfBgNVHSMEGDAWgBQMJUbgiXpRB0qvNa/NkMRyDreoBjAdBgNVHQ4EFgQUg4Fm
+s0iyLn2sM7+I9tk78gxwvKEwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAIhouVXz76OgM7KW9IxI4DJ5N
+SYjcUdKLaVKMmmxsvAt4M5dqPFEmpJMRon+gcR7rFF/M5BkNw0nBQZHUarzMG42F
+u73I2sJWTEbEbg3usXPJKnDISUrvJTBA9y5R+DZ9aRlnZ/OCJz05cS59R2MKdIJ4
+ntOEvWVKeRet0oz1UScIY1hc1DqdZ8YgjUR3waTMKLxRayESKysAAoOxDILlWovk
+WPTD32as+5goMh44r6+0Ntwj0vZ5W0Sg4F24m/R6ZEHhs+elV1ilPNCgghMJ85Tp
+pbE/8xN3Z2ndZzhXlXkFQLdWGQwpQ+2Lld2NFrsn+2+OXGEzT6v+QRLZse0WOw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 49 9A 22 5C 7E 4F 47 9C F9 9D 01 7F BA C4 B9 7D B7 18 B9 A2 
+    friendlyName: Invalid Wrong CRL Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DB3B0C652578E1F9
+
+WTacPVyIqEiSiv5N8GuiGcrH3xfwU/TZehvEIPBwkx9PginD2FwfwVqltOaCHSBd
+OXs9LCoWsAsAoCcp8GlNwSTYer4lgJsBNnJlGVF0WUMvMandeHrmnR9Ig4LJLH9M
+WHFtmLyY+2Il2aRYN5PPCKKAV9ifAB4bygdOsm76Rat8SFNLC1HD4lmjSEwPmvxR
+bhgs19wti5I708K7kFnV4OdQpqcMIbfgRLA3HZxPdTnN53tGxXUjRxEEAP6SG8pC
+WAleiIS2tyoIYTu0lZSO/OiPb2wQ5mLVxIDrN2PgN6HrqrpRRXwcaAQmuUpA3nkX
+Bx04EtNXHJo59kK8+a6r3BXlT9FxUl+liTZemxC+6aek79zhHgM7xaExOvUdgQWR
+2rY2KZtDkSp7k06hPe0f08kW8GfpRCmkBNIltk3Gn+PxszsPUwZSPZPKjMagmWGX
+AVEKrvMZoVmhTVJAlS4km+sQ246XjrztUGeWwKndsB7YmKYxc1mozguKt/pd9pwF
+DhGKjh9IHxWLSEc0DniLHEDWgwnVOa+TCZVwSPqQHNfXQzKeRSiGCvxBF3mLx4ge
+QGcFKkAPxBb30ZGKlrHxbkFHl+kusXXEZ3neSYZBDwR8H66aAb3lgDmybPeb0kgS
+XP5pW1yk4ldngaEr03NomxqxjtX8p4Dn2TUqnTRzBSGkBSw/2khdgk/s+bgF8QnO
+fEl3gzcGFEcqqH1R8UMJ5lEtRqA2ynVDlAb1d2+5pFkpLh7B3DqiYXz+a0ITf3/X
+sHR+7oTg7olwCLR5xEAPhTKC3QyNBtX4jpt3y0V+HqZCqphJnb49XcJjSPcZF2mk
+quE1kpgjP8U465PR6fmRl6lx82YOWXren0/QMH8FIL18dTXFVJr/+HqluARx4cIQ
+1R4bvG066jYOy4yUPrPDDhqIwBccxVfOWH18wHMBIM0GVUg43glYnKL4Vf8eJwnx
+YXXgC74daXMQK747+/CUsxn7OLk7OrIW8/7969TwQphEoKXxnSNbJy+P/32t5ikb
+HPQ48TBlRoXF+/pD1Jh/BDT2gZT35KrukCUdtzyqkIrl2pd6KVJfXHqObEInysQv
+QXSbhoug1lJZtmzkhF9LcGEFU6fp4suEhmsj39K5UpXIrjjcY17gGOafEVg3FN30
+tetlrlGSrzTg/7i9HwZoB1W2CQmr+D/2v6PdFDJOXAoeYft1clWKNowNY+t9X81v
+NHEwJ8/TY1//TOQHJ+TlrrHgmtP+Z4pehsXvU9ILopFxeaE56KTggsEE32QMC2Iw
+BiyxwYWiM/b3sirmxJ+KdCzKKX8WOvVKflsAYqK9UhrofEsjblwtGtoAvjm/5tjQ
+M+vPvwrHA1pr6O+Ttq7QA+AvVOGPTBSN0DJ+FJgIqLJa5mGZ1Aeshuh/4bqijoCl
+x5/02Hg+YMqxCgqObq/ddlgQRIRelNCyBJA+LD1PMT5wtg992udAFPjtpgISDXr9
+BjaGp9J29L1LevQNQa4T8wLs8XCgLWdW4jEt8mW+b5pPFvkMH7LRFIND+m6fjttO
+G7re6NHwzVsUImFR7pEgZvL1BLTOQUMbS53NBUtxux3wDhdnusPONg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2.pem
deleted file mode 100644
index f64a9bb06c..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=basicConstraints Critical cA False CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBFzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlYmFzaWNDb25z
-dHJhaW50cyBDcml0aWNhbCBjQSBGYWxzZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAsmocvHtIhy06xoGU8RgpDv0nBGXIPSXRG6Poy/+IGxarpbG06NmC
-maF9YsRYKMKl35fIYgRSJXsZQNbNdFp+OP0unEc2gkWnRFkd5UYXaUYUw+1joRBQ
-rv66WNwMkTSpFnzmb0Pvvxw+5Yy8MMzvfYTwnw4GIgLtTrffpS9B4V8CAwEAAaN5
-MHcwHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMdH
-T3Qigo2QmpSYRbO1Q8N1GDbOMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOBgQCYmJK2
-5OMOWxlviglY0yKGvQpDwTyJ4CJmsGGI/rtSjvfFiqHPmq2c/QGm+pAdKMqkhGXN
-FjVPKm8pLqrFbAnWXSG5OeWq5wEMckNe1Qjp91ag5gmWEVwdq86eNxkkA6w/+hjp
-BxoCAT74c74EqPpOX8c6NGlI3VyN0hODzePSHA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cA False EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=basicConstraints Critical cA False CA
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJWJhc2ljQ29uc3Ry
-YWludHMgQ3JpdGljYWwgY0EgRmFsc2UgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw
-NDE5MTQ1NzIwWjBZMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp
-Y2F0ZXMxLjAsBgNVBAMTJUludmFsaWQgY0EgRmFsc2UgRUUgQ2VydGlmaWNhdGUg
-VGVzdDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWAnb4eGXIMKqcvxV1N
-I1WYOIgPGw0pmor0ePIVaJFQZALxDndu3IUvzZCuK/m5nBAn3qtGItKULZEqeZx1
-sqbagMshYrHDkntnRShl1luH40b/RdWn0SnkWcYiA+ZTmcUYTV4t0OmgeUzQMtMj
-LRQ76i3JymtkR6MDgbJ6NWQzAgMBAAGjazBpMB8GA1UdIwQYMBaAFMdHT3Qigo2Q
-mpSYRbO1Q8N1GDbOMB0GA1UdDgQWBBTQ3jc8Qy+MJLvnf+0PWJpzZUdgHzAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEB
-BQUAA4GBAKhCguYapRZdH/DcOaj9Mtc/x8+/QbXwwWTyETUNHItDAWqwXgCbEHKN
-tbgWB6IZnzhzWvLcNk0HJrqf8jnYEC3EWj9ruOl7oaCWRuq5uLwtnf6MCI32zjzT
-yJDh7QLWt2STzMDmppGt84nl3PjN8MaQhp2qTJyP9f8ue+n+Ng0D
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=basicConstraints Critical cA False CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C7:47:4F:74:22:82:8D:90:9A:94:98:45:B3:B5:43:C3:75:18:36:CE
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        32:bc:12:1f:84:d0:b6:3e:72:a0:fb:d9:75:99:ca:e5:2a:05:
-        09:e6:c8:27:74:47:1c:dc:0c:d4:9f:bc:9f:b2:62:25:b4:6d:
-        5b:e5:0b:e8:2a:8e:07:eb:3e:6b:c5:1e:9a:d2:14:fd:89:5b:
-        c3:10:bf:19:77:67:0a:33:45:1b:bc:6c:ed:af:84:30:59:fb:
-        7c:71:95:63:60:31:9b:9b:0a:ea:77:f1:70:f1:b9:2e:d1:a9:
-        04:42:66:94:b9:54:48:db:44:56:56:1a:57:5a:01:0e:7c:4d:
-        d7:c0:1f:5c:6f:13:f5:a3:57:88:6a:9a:71:cd:d5:ae:c3:00:
-        b1:28
------BEGIN X509 CRL-----
-MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJWJhc2ljQ29uc3RyYWludHMg
-Q3JpdGljYWwgY0EgRmFsc2UgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFqgLzAtMB8GA1UdIwQYMBaAFMdHT3Qigo2QmpSYRbO1Q8N1GDbOMAoGA1UdFAQD
-AgEBMA0GCSqGSIb3DQEBBQUAA4GBADK8Eh+E0LY+cqD72XWZyuUqBQnmyCd0Rxzc
-DNSfvJ+yYiW0bVvlC+gqjgfrPmvFHprSFP2JW8MQvxl3ZwozRRu8bO2vhDBZ+3xx
-lWNgMZubCup38XDxuS7RqQRCZpS5VEjbRFZWGldaAQ58TdfAH1xvE/WjV4hqmnHN
-1a7DALEo
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2EE.pem
new file mode 100644
index 0000000000..1c8a8c279c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E5 65 2B 75 8B E9 2A F9 2E C8 83 32 11 38 9E 62 D2 61 91 73 
+    friendlyName: Invalid cA False Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cA False EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=basicConstraints Critical cA False CA
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEuMCwGA1UEAxMlYmFzaWND
+b25zdHJhaW50cyBDcml0aWNhbCBjQSBGYWxzZSBDQTAeFw0xMDAxMDEwODMwMDBa
+Fw0zMDEyMzEwODMwMDBaMF4xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENl
+cnRpZmljYXRlcyAyMDExMS4wLAYDVQQDEyVJbnZhbGlkIGNBIEZhbHNlIEVFIENl
+cnRpZmljYXRlIFRlc3QyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+5pPuSskaT7pQvNS0XtLWfsJa8Jtq4V2jt2MY0BMegVCjknFfUEajR7X40eKlCACB
+QD9awY8FrNrkR+k6IHrtNsn7YhwyO7gxC+8loRip9NEnrKweYDB1MiYGEhmep3wu
+IXUrFdNVIXbazuQDQzTNVRnJGGSKxP8SlxIrLg6C7gxmYpr61WlajauE87FtalMe
+lAMQp3pJUiwF8Ooy36Ja/38fgyVhEX/0Qw+OcMfAg4Oe8xVhLaffWF8ZBpji/z45
+NqiNJ/ZJ+IqwfcAp+8vhcM26GBX4l0c7CBXfjSCi2NvUdsHjv2XeloDRDdfZfoBx
+lGdkeODccKklxTJE72ylVwIDAQABo2swaTAfBgNVHSMEGDAWgBRw30QvA5kcF3MY
+8jY8FDTQCdHy7TAdBgNVHQ4EFgQUfLh7mOwGIojKj5FQ2sTCLnyBGFIwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsF
+AAOCAQEAYrhQ0Oit0VO721Zoeuz9vRSVb5pEyWOkXstseN4oBBCAwd+L63rzNYGT
+SIzFTMh7ePO160xVWOJnSjbCDhEDdLG48yYI1bIZ5B7mdOaGqfo+kh3+oWXbM8CE
++hQu0PbS2d931zpzKgikars+50o3g8veVaD59Wxft/JGeiIIK1Hld97vjNRnsi2o
+7wqeYVTQHeRT4kksFTPfY0O2DgeGDVvCwIPP11DtSxkgBkonxBqCSUIqngKdDPV9
+nD1PbNFiabVgIB1AWLThO0zAge4ZjiHSzaY6lZwCzqW7KWLgjscmvHDd2Y2DTIR3
+xE8o44JWsXaJAO5uYDD8w0iQQ2Zagw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E5 65 2B 75 8B E9 2A F9 2E C8 83 32 11 38 9E 62 D2 61 91 73 
+    friendlyName: Invalid cA False Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,55AFA660EF18FA45
+
+kf6xL6LLcWVhm2YeI9NLp7e/QJi8iblF79iSwggzH3uozQOYuAaeA3tVfIxRHu5o
+CvsnvytZmsF0uaxGhm1mtPerBOQZHtqOXU2J1jKIZguAWW8qNID3CitLVDmibx/J
+jOr8m2gtgGEbJ6Z/Oa35JgNQPU5rbypAQJIrxiW9Uh3CWWVXXNyab1/WtxE2CzF+
+8eegosPhUSyjP1qrGdij+tsmgygQbnp+sShHb+/viY2dpfuzkBX6HzK5YdDpssp7
+hf+5mijMck80JrJIIgdMCCkpv/C/Xjk7bF8apchmUEDCLGva4QKKZ/Qh3+LJD9+m
++BXGab0Hh2PdGkLLZR41Mgjt6CYz+UgoxSlkJNK6TzovmXPlJ29mVBo8+L/ECWW6
+5amVM6ZHax2PLRfskZYl2Dj06aCJcbz+Hgnh4dMoL76KEb4p1rGXkULO/zewM+pr
+4j2zVpOKgJi2iv6QI39MfpIWuxM5MDKqgYsYcdDhuuXn0R+VcGPeQoGPWJ2VCoFr
+8tTL+SFpilNrtLmrlw1x7RmrxKpifWAUUQNHd9D5o5cbpwPwq7GYaIE2AKtrps4r
+NFzq57NZPak1kN4tzFfgiW/etl6A1zCS80Keb7/uZ3W8/rsaT3PwJF4tRxkQgRHe
+9l8Avk6g7Suu+viySRXXyL+bPVt3OonxKdN059sKyqaWl0iTLBk9nK6HX55gG+FI
+lmSf2fHixg7b13ur65SE5ypg/TUmF0kRMGusscwv4EP9JJv8eFcOo5LfzmkMsHhB
+chTZz6EEw8NK1okSSyzYnQF00XrNpeo3bIb1dAg1XeGI97XuJn3c8cc3KdMBKLsG
+OG4Df08YFCVInVkeKyGvQYec5eGKlkByXTpriDiQ4hlMzu6enGzVkRggffSRnX1G
+VK49gPBqIDA3872xizE3CV+h5yGyjaI6c5wokkt0XbCQmpO1ZmocMrvlgrt2SirC
+IOPC9WYkwumsvaS/ne2uPnPkEAdWQWllvHW/u9GFD00wb4aYW54xiXepxYM+ZR8n
+jXUt6X6r3SA0VYPsM0vxVqyPyFGnbkKiG16EK7EqL2HwFCbujIABUSVn3i/tYRSL
+uV6wrkmPN/XtgWXANChCsZ62n6bTKj7Red/W9FZPPWw8RHJrdCBPX6+EjHnGW9To
+J/CpXlkJoqZHXnqbqIvk/HTwQCGFUDRvLwAJamxAnkQbxSoowsKgaaKy3NiMH/AX
+vsKXhL+hwpQuyHNaOt7TxFq3YmbLMjXldl5yhzPJ2HjZNhkm3U7Gr/REq4vZjmEj
+q2o5cQOLhsS39Ao2G4hRdKbIg9N2e+vNzWPlS626m8Zc2vCySdJ/GR6d049nve5o
+cavpyiXav2VF9tZQfGrI/y+SuRYIoQAz/1BmP4RY3zL6b7vCNgTGq93vlR2Db0VT
+H389riCMDpV8M3GDpZBhu7CO4C6KUM2JM93prRN9vHZNZzFcDQIZofRpNlnvzXS/
+Lw73X1WbxLHcI2BoyvOZRfO1bKBbWr73M8ZtEEFuQ/K4umfEnIXh2KjUVEVTb+I8
+KJZqJbulxVkfnRxx9ihb3+TmP/APxJu/0IedxU02CYKD95+13STPQrec097TUz26
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3.pem
deleted file mode 100644
index 8784c21050..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=basicConstraints Not Critical cA False CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBGDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEyMDAGA1UEAxMpYmFzaWNDb25z
-dHJhaW50cyBOb3QgQ3JpdGljYWwgY0EgRmFsc2UgQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBALebKuy5EJW95AkM4MZ0p12UxwWQqlclzW+C7Ntov96ejAjA
-ciH9FrTh8IzXl99nnQnHHO8O+pZ1jzh8hQx+kAGx6ENV87E9ByTgcNUwSgHgEHX+
-59fIr8RTbdUtF2T1U8iyFM88FkpI682I0GvNDuej65588/P/OAHTmZbqcWrfAgMB
-AAGjdjB0MB8GA1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQW
-BBTEleK6dmzd47tLaP1CRfgUVOxbzTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADgYEAhjgF
-Diuvic63KpOvuZxczWMf0K//uMCtUxtXXRTI3/Wm4ryKa+yI52FUGhUcNB5wRAES
-R1tJSuphGx6rdcSHZTE95gLo24lnyc+oTZQ3gcK2xouTy3F3CvhmPs9QMMjaqtfn
-NDJKzUyBvAasUQ9SZxk+bifeeSQ/RDzmQxNKHr8=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cA False EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=basicConstraints Not Critical cA False CA
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMjAwBgNVBAMTKWJhc2ljQ29uc3Ry
-YWludHMgTm90IENyaXRpY2FsIGNBIEZhbHNlIENBMB4XDTAxMDQxOTE0NTcyMFoX
-DTExMDQxOTE0NTcyMFowWTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy
-dGlmaWNhdGVzMS4wLAYDVQQDEyVJbnZhbGlkIGNBIEZhbHNlIEVFIENlcnRpZmlj
-YXRlIFRlc3QzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5JEpPUEhR94hD
-geH4nu6tuBiM/sUvTffvOfzdSftTXOQ/4pHuZPXKDz7SrM5gAimRZMXlC0ZngP7z
-9Q7StXqOqMvZI75GjHGYr3S3W56vvCxfDh639L/x3UlhfKqEzn3rMLMDC52lJzcH
-npMqMRIYWdedIvqg6OaxMDj30va12wIDAQABo2swaTAfBgNVHSMEGDAWgBTEleK6
-dmzd47tLaP1CRfgUVOxbzTAdBgNVHQ4EFgQUxBUts6LKOH9HITo2TnmeY1hdGNsw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
-9w0BAQUFAAOBgQAnnZ9Y8fdKeA3cdodXsQqz302mCLQLH1jhcE7UnfAYrTdecJ5s
-8xxE7AKdNEG7/KUAoSwKDsGw0HBIQDPD62kblZEWKViT4+e4isf4Dy3G31BRbkiu
-bcJsDKzOOdCeCdXJvGXAJ18su8P+4srOddrQuINqRy2YgDG5Rka2WArY2g==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=basicConstraints Not Critical cA False CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C4:95:E2:BA:76:6C:DD:E3:BB:4B:68:FD:42:45:F8:14:54:EC:5B:CD
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a4:53:e8:4c:ac:c5:d6:66:9f:c8:a6:4c:ad:d2:6f:2e:31:b6:
-        48:37:6b:9e:e8:76:8a:ff:23:80:3a:49:a2:91:d4:94:0a:bd:
-        9b:2c:0b:cd:c3:9f:e8:a4:7e:b1:ce:37:ea:23:5c:ff:c2:76:
-        6e:c4:84:d3:21:2a:ef:7d:2e:fd:71:54:2d:8a:ef:f5:96:73:
-        f1:7a:c9:1a:7c:77:86:b4:df:0c:47:a3:8b:9b:b1:f7:bc:21:
-        64:6d:19:97:ca:b2:1b:e8:4d:f7:66:c4:78:75:5d:76:b8:7c:
-        5d:88:f4:ae:b8:6c:27:11:c4:96:09:b2:35:fb:6a:da:f8:fe:
-        73:df
------BEGIN X509 CRL-----
-MIIBVjCBwAIBATANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMjAwBgNVBAMTKWJhc2ljQ29uc3RyYWludHMg
-Tm90IENyaXRpY2FsIGNBIEZhbHNlIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaoC8wLTAfBgNVHSMEGDAWgBTEleK6dmzd47tLaP1CRfgUVOxbzTAKBgNV
-HRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQCkU+hMrMXWZp/Ipkyt0m8uMbZIN2ue
-6HaK/yOAOkmikdSUCr2bLAvNw5/opH6xzjfqI1z/wnZuxITTISrvfS79cVQtiu/1
-lnPxeskafHeGtN8MR6OLm7H3vCFkbRmXyrIb6E33ZsR4dV12uHxdiPSuuGwnEcSW
-CbI1+2ra+P5z3w==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3EE.pem
new file mode 100644
index 0000000000..54a073fb11
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcAFalseTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: BE F6 72 6E EE 29 F1 27 15 4E CD 61 48 20 85 A7 AA 00 6E 1B 
+    friendlyName: Invalid cA False Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cA False EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=basicConstraints Not Critical cA False CA
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEyMDAGA1UEAxMpYmFzaWND
+b25zdHJhaW50cyBOb3QgQ3JpdGljYWwgY0EgRmFsc2UgQ0EwHhcNMTAwMTAxMDgz
+MDAwWhcNMzAxMjMxMDgzMDAwWjBeMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVz
+dCBDZXJ0aWZpY2F0ZXMgMjAxMTEuMCwGA1UEAxMlSW52YWxpZCBjQSBGYWxzZSBF
+RSBDZXJ0aWZpY2F0ZSBUZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAOMqfzk11boRFBbpNA1tq4GZJbk1M45bsflY/IBB0d8KUdhotWgSOm065GL3
+sB10F5JZI/sLVpXuH7R9TABBvnZu8XqX5RKKkNB7zMXlkpr4TFXGZnYgSmX09ta+
+fuZ4TQgj6BdztW1l/634f4exa7qZirzCISqddB99CN318WhQgMqxmounqUfkUD12
+e1UM3TjOPKqI7eYOJIfnfw2Ea6BhT55ncTXp5lcAhAajos+iWYhiqlPWc+cd1c8U
+3VrVi7kuKK6uuVBqA68QTiDnuaPEJsxadp9AuYY5WYGT4HT2HpsXzCd6R2fk94hZ
+iV/C0hSIAq0mVtq9FJF9qh/XwsECAwEAAaNrMGkwHwYDVR0jBBgwFoAUOdCbt08p
+N77TsIp26mqeze9GvlgwHQYDVR0OBBYEFI/4W2j9iCltyb9KCY6b8q11whJ3MA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
+AQELBQADggEBAG22QQs5JmmHtqLDRPAiJP+IjtpGyiOCH7IhyGLW6MKk88cjH9xe
+M066O9SE3asTYTrhQBirfy+nOxV1Qg+DdSmtA6ibr3USxTkH5xcz3OR+Sd3fkxEI
+qkjK5nYkXWs6B/xbX8A3iUrRmG2Yp/gLI4Fs3ZEobwh93E7wIamQ8PJ1SbnXTTcx
+xBy/IKY/usd7NdwtobmHP6fH2bWM0GyNxmOscLCxAhESLjmuq30srVG/jHs/Q0vL
+Jww3lWZSPbJXcRxKMzlu35IrP92RZWjtByv1Wndugh7q5rjT1ccw0eF95b/U5whx
+X2XPc74bSpqoh8dfNGTWjtq2JeHhGoJd+9k=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: BE F6 72 6E EE 29 F1 27 15 4E CD 61 48 20 85 A7 AA 00 6E 1B 
+    friendlyName: Invalid cA False Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CF0C33F0D543AF3F
+
+TqNxwYWalKi89i8CJ27L6UcVTOqnEwzxawfBToP2sP2gwAcuYy/XrECuWOyTyeX3
+yJcZdmSSbHdXEyxZPgcRLTB3rzn5fb3tJHy7pU257nJtm7NnyT/4iPUXYe5QRpeZ
+SrIPxY8IXG26zv8hgs4hxwKWUFOzBKJrHLB1Q7MXlTxGYltJahDUmS6nwEcKBRJK
+pxhFQb+804FuNyrhidWfh1ubibvPX9AGX4QgWEcaL42trTbVFjc6VNAN51vE8j4t
+L/bIGdhEUbbE+SHxIBityvyntiiMb1lJyQpsvNr5svsvzXdv9adMFdiBzRxkf9RI
+hJWsPTqQvBN5mtX+aw9Ag4xCYwkE2eb6Vy6pWyow1WsXDaYbH89T7rPZEAl6ZmK4
+FNnycmLQWlmcuKB7Qd3vUIrjiUZ569vuQobdkEq/HjYpgIQVLKFb60tLLrVwraly
+ZEZAHIRf3kxR4P9tlcI3MvTXPSR2FdLCHNvp+JfRcXulFfPLOSJiMQo/t/TJjRVi
+iLv1W+UAp6flSOArCTf/SkEBnF101kf+KMVQoJrhRlEDdWGOCWxchrcni3LRxl+r
+wyZqqZYsA2UKGSB7E9ZWgN1XKxIxIUAh4xBu1amwm8KOfIiNSwarOi4E/73wAiW4
+f4WBzD4nhh1x6JwY9b0Ot+tqgCRL/LYcdCfJwLd+aO3cIiYFyVER2TV387QANCy+
+QgO6CC91I75pdPt0yLuyFQeoEuvzBpsZnC4d7pN6xI/JeUfBhaHzgDWX8ay6iH0G
++mON7WpEXqZXEgJCZovBtPx98gqE6fuBvdN2DpljQnDsVSzxqZ5TpfNE2NNUNFlK
+pXgq3F5MyueCHm3GT/yl5EIxJo0mB47h9rIV8iPIqDOdb5BjlfRqNbQhl9DBWDvq
+dtWNp8PBpVRU51IswMoVRqSMqTlWnZyyX/vjPkbErpei37NGfLeJadqaM970XAid
+IjVzGNEWKVo0Oc6coK2si7GVF1Dq1gTwiAJDdqbjEBlM4YgDOHxuYWg2/0vONZM1
+AuxdJftyJonRctNoc9r+AmEihjPKsbJb5uMBXUKyz7h/m34rU8X0gmRC3LD0IIsO
+IXV7+MSWWPISg+rdmYk1QN+imQuUv9qgxXfwEnHt/ZX3Eki4bed4NYfHZFCk5yMn
+vIM/oCIJStlIIE0aEUG9AJhaYSLFsnKWEjZBT5tQhmewi/I1YJ2NtcBSbELjRa3Y
+QbgICdGWP/FvvtX50oPSApRkfA+6UmxajF7FotYcupF7jD+dYuL19JaDY1D/zBYu
+QzYE4SY14SVyMazzk7meRAGE82C3p5gTx8hIxXq7Em5H9Ls+V/+JgKDv843gsf0W
+qdbk57p39Ib0LP3JROfPibPPTBVOsQ03UjD1a2WUxvWLBgCRC3P3QVbZVkcqztzV
+cLGnxuqAKziFQPcjp2djCy/7SOZ/WSnLh4UPtyryjCtEo37ojtiPeWi9hiHnT3MD
+Q4pYnLafEapb5U5c+4VfnF+6c/gH20jg6so7RpRZj7LYt8rCIeaLrfZFBsiuhAsN
+1t1Auz4G9Q4IG2RMZzl8C8QvkMnXjIc8DSy8mIjEdPj9bmAur5nAXKfJgK9WJc53
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27.pem
deleted file mode 100644
index 357566f6e2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27.pem
+++ /dev/null
@@ -1,140 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDblDsGRxVahA98R7vE
-/DS4nbSbyoerDINPIyc8wkOtWcS+y+f9O5IIdDJOZm2I5px1PA840SXYHh15o3ZW
-Vn4gFU3AgKF/CWMJ1g79LAYAMnQN/T7kSfuz/0rqhLH9tjz3Qtjt+/zy45YIny80
-7JOBLH3eLX0H2aOmsJUenp5ExQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwa+CD9XTTxDwMWI8WIm5inS7nAEwDgYD
-VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEvc066az+E8sftMAgkECVeJVw0Mcr2y
-YlJ0SAbZUNaU7KbzXxm3j8Q5v8K8GDy7EB4H0Gyh0vgsbChTAdLip7xQf7V7SetA
-nE66H4ikF/UAhXlSz+E48Qe2+L3w2weGbU3zwmNMeYkI6dmGFMfEut7hL9ak0Ulc
-0meAGzOu5kHt
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test27
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA2
------BEGIN CERTIFICATE-----
-MIICzzCCAjigAwIBAgIBBDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp
-ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDI3MIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDBePXreW7TEQz9U98u5IjkoUpf/CRELuDW4EWLSx0ib7kJ
-njp5do8pREmTX9nvLo1/CiJnv0RRNY4hKwqjR3V+j/2+BT7JDu5T8YuM3MmgWlJt
-G46pHVekb8uXAofDTqMlvAtGTQauE9F3JU7oJ1FJebMo9SRHwIBQvvwnLIn2qQID
-AQABo4G6MIG3MB8GA1UdIwQYMBaAFMGvgg/V008Q8DFiPFiJuYp0u5wBMB0GA1Ud
-DgQWBBRA5ST4jwbcfGOGKDw9sAjuw+hKSzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMEwGA1UdHwRFMEMwQaI/pD0wOzELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRAwDgYDVQQDEwdHb29kIENB
-MA0GCSqGSIb3DQEBBQUAA4GBADHmdwVGWHDLCpX0n65DVgDpC2wWpGgu929rlB5w
-nhGi79lgn3z2a5+3UCaXHQY+vMhJgMFVYoOfmUCNd4cnTgHMtr5Ai9tOS934lj0Z
-xL/XOfx1v6ownw2VOZ5LWxMi2YnYTqC8323wPhcHjTecnE9JprakdJa6q54gsbZR
-j1fs
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27EE.pem
new file mode 100644
index 0000000000..ef47e0ac46
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest27EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 8C 29 EC 44 7C D6 41 58 5C 23 39 CD A4 39 0F B4 06 89 86 7B 
+    friendlyName: Invalid cRLIssuer Test27 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cRLIssuer EE Certificate Test27
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA2
+-----BEGIN CERTIFICATE-----
+MIID4zCCAsugAwIBAgIBBDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMDAuBgNV
+BAMTJ0ludmFsaWQgY1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QyNzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvJAVQl+mEVV76pxF99Fc9KxIhU
+DuSfs05Fqh87Pl42ZCLpoiPbhudnMaqp2y1ifi3dxPvDIAxH5Tc/N3SoftcSPxdn
+W3DE4tS1A4uymQeWnY1eGHnhz5Y6NsqYCbm/lxCZQLRO/krnm7xrTH57QG54M9E+
+MTMpEidf1718C5K8y/OvGbtv15Edefc+k69SplhiTJc394PYUxt0LI9HzHdOlsXt
+WAQwhjZnt0EXuqn+J6NFum9IM6MYaFsTjZaGHSRroKz+UfAzFGW5tA/6EXLBVGD6
+DPLZta+5Z1LUfveWbBoKkgnH8PUwBtrEDY5SBENtlO9NSVWiXJ3VsrfIPpMCAwEA
+AaOBvzCBvDAfBgNVHSMEGDAWgBSII+Gzs/Js/jGpvothqjuShwWkozAdBgNVHQ4E
+FgQUVSJwCEr2Q8gS6e/AwFKOUnZdz2swDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATBRBgNVHR8ESjBIMEaiRKRCMEAxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRAwDgYDVQQDEwdHb29k
+IENBMA0GCSqGSIb3DQEBCwUAA4IBAQBf33KnXHUpBAiIQXAWCZAEbyNYB6Fk/BIa
+zgm21r/1dqB9Wuovu+AiacxaeqOfusdB8HsQHKk8uTxK1LS1Zqmf0Ym37tPd3Qtp
+dK1D+Lnthbw89dBBjr9MTbwZKblrsqArmhulfo2LB+OYLaODU24zy8i+pwUkJuMF
+lApg5z1ksE2+Hhcavz7ZljjSrQTZU4gZ7rq5IleXw6i4a4RqROQdwGXSdAMKO2fr
+14aq/21J3VZ8hqIPy8KLokwwD/7979H0AvKCyWJh6UHGqWiq+2tLOzXTMSVEDztF
+V3lYqmXmnK4YmWwD+L4YO3JI1Har+eC1Xr2WRD/IVhELgJzybsUQ
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8C 29 EC 44 7C D6 41 58 5C 23 39 CD A4 39 0F B4 06 89 86 7B 
+    friendlyName: Invalid cRLIssuer Test27 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FE17934CAEAF3C91
+
+ssa3xZ1gRO+SH8hvfDW0uJsR43CM1VKsQCNm9IRuH+qhEgRA1ElYCCvH02lLGTJ5
+MR+sPJFrDM3Wf2Ho6g9E1UZ5OfyPmNIk5iHCUvdQbRB0TGRhnTMcG5EbI371DPyv
+tU0DwTqgItTsJyWmw9gLdE400rP5BgYZpmt47/DVKNheXfSeeg647Wt3baSxHxUb
+iy4iOdbYhVnEouT9zJC8Bbp05hhNtQaOBpF3MyUUi1OHtp31Ep+3YWKFz/3ghiB6
+r8Fgy8CZ9wfXQDnjPB0FRnBlz14lcbyxM2et8fdqFFnyIoQ1tU8wJbVB6QTursSZ
+FSVX8Nm3T9xqHiv5yzpoM4Jxrqmq+jzFeaNX1NekLhREybhBHZweW5tWrjcsshAx
+uWa8AaL2X4Fpq1XdnNHfTBIn1jDfAa2dwyB56gXXgm1GHGRaakvxkP3nLfeHtj8e
+DFEZN1gc+T0djaxaoO/b+J9cnML4mqY+faWHkJTCh+mbtTHwLcil63HIWSvohtWM
+xMhcJkLhNVo+8kjlu6+BzYG6Uf9tX/W4nBT77qrTBjUyYeVF6r0OlyQzA4kf1O9T
+eUQmrQ10mcMrc5rVrDXRlBeivio+uuc5LvdgG8rV5XzlEFf0OXPbDMh5/1UHXrkM
+lT8egxMrAtC0yx/3zTPBTLd8681OAZiqX6WUHWk0e9BxnQmYW1DayQWJnMODmyPn
+m2cMtLn47/MFOPIMQSzMfdT463wjPTRybhJR5eLKXXJWTxlPktqEoG5ZFz/9KtfH
+HH7maYTHiRv5TgvU4vH4x5y7IXjt7m1KB1EUympq5MYmQ5/9j5npPKfxeToZQxJk
+50fwcss7zQW2fbDrudy1Rl35dVgr91A04DHHhzuPnxbHgBsJtPOF5NuvQByTDvf8
+yhleM9HNchEPW3Ohu5aVL8oFRyFfFGntAVtSiGFUHM+JqXwpT0dp7AIx3pwfVnAy
+eDY6b44cuq51f+26fw593uxKNcwvPkQVl6xMDThGuF9j/lrAj0vySxof67uybDgK
+wP36pId5bfSLApDFj7Kk7hHhAA4hM2MOmw1nsf9vf+rpXuyyuMPZpqQXmRdaqz4d
+pw9S2neKBl2MtWNIL/YJqMkFdTj0DxE7hhOLGGbJ7pMUyVH7YC7ZYN3ztlJNLekH
+/3lfG/hFLsqTRI79Rl8wneNDfncdPkhT8LJxz7qF3VJsE1iwGdPuK9DJeT24brqx
+N6qubGkzIWIyGEDfrNR4fi+TRfzabnVixL9tREyTbGmL17RWDePhzNwSu7SZMVSP
+bqRctEsUpgJxKWNR4Tr3Sx0B8ZLogoMmQeOgf9zLh3l4UFLlituCc/1QTS8GcpPt
+6l1akizdOBEAyW66QReVPwj9HIaUiN8Fs33nEbA8dMRuWuhMxz4Ly20LJYUeDQLV
+wZpL0WCO9WMmee3P2a4gMPT4QkHFFJPzn6fnQ1M1cLA+BgFNAE3YrcWDLM/c+LC3
+1B9uQZS8cY8OhLTk8mZaAN2PYvSR3Zur9MlXMEA0YQ4e+nh9WI8WL46BMGpoq6BD
+mZ1mRLC64lIb9mxh96r7dTlexKoIh9rej80/eoXObqf1mpe0eSkGzUOP6dP8b8qf
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31.pem
deleted file mode 100644
index a370fa86a3..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31.pem
+++ /dev/null
@@ -1,226 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA5
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI
-iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok
-km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM
-6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn
-6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J
-7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H
-sN+wLRApTQTr
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA6
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0E2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5/raWoeX0Fp14qkKY
-Ypdts+gzpB6uEBcK8SpAa5FzydBYcIJajJ7MbWLlH1o1nzd27E2YQQPaVuRvB9vS
-4Tih5plnbOXvkaUVh/iohILhb0Q49JWe4JU2yQsphppmzXgUH7C0Zygn3N/fd8JF
-MUxK0kDYmuerHsZ7DDIJsAOTpQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwhs+qhpOwTOKGqpZSQOxZqIc8H0wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACMudfomzqT284TDQDAaT8SdUGpP0bH0
-ofTP/6WODMD3M2+AYgM5ES2McuNKWBx/iifIy42icqmtiP4EjbwjK5JKPJzSSyIF
-/BL1+/TdNfvGBuDBG7qoVzqALx4QeAdCh9tjM9eZQbwVuIIUiI94VPU3hT1OcJRE
-ZCkFIjgPYCPR
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test31
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA6
------BEGIN CERTIFICATE-----
-MIIDUzCCArygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBNjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp
-ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDMxMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDF62+bmWqsIJDuZD87vUAXArOAHy8ctB87FGlfVI/UMp3x
-SJEM7Bb7cFD9DtWIsr+NcvEGIJIHqxSS+uqbSTkhLRkkQ6V3vZBWw9iK4YCixNHV
-4ngJovgzMWKjjTHBN0+8wtZz2gccx4lD4l8gvC41scMQ7qyQqIX0ByUafTEMAQID
-AQABo4IBPTCCATkwHwYDVR0jBBgwFoAUwhs+qhpOwTOKGqpZSQOxZqIc8H0wHQYD
-VR0OBBYEFDRJXOe+nS5RsQPtEvFYSSZSIXVPMA4GA1UdDwEB/wQEAwIE8DAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwgc0GA1UdHwSBxTCBwjCBv6B0oHKkcDBuMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsT
-D2luZGlyZWN0Q1JMIENBNTEpMCcGA1UEAxMgaW5kaXJlY3QgQ1JMIGZvciBpbmRp
-cmVjdENSTCBDQTaiR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENl
-cnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RDUkwgQ0E1MA0GCSqGSIb3DQEB
-BQUAA4GBAIPT9aAYLcz53VCc4i5LC7bw2UhSE06ovDozPQVlLW7ykaoApryS0aRb
-jRDf/csLFBaDbcmymFBGlYDsnDMv1+R2Azj5eUy4ssEpCYDsKyJnNvY1AD1aldyn
-hwyrIcLgWdU0rmHIT9m+/yLKdk31P8B3WKl6nNEtJVe1hlyeR8Fs
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0..Y...R...N.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA7
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 07
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 08
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 09
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0A
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA5
-    Serial Number: 0B
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c:
-        d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c:
-        f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e:
-        44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce:
-        51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53:
-        79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab:
-        7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c:
-        c7:af
------BEGIN X509 CRL-----
-MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0
-NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V
-BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX
-DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB
-MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG
-A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV
-HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1
-NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE
-AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN
-MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU
-lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd
-MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy
-dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu
-ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS
-TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3
-pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw
-FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly
-ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb
-uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu
-TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq
-xL1FzpoJ1fesDYN8YjzHrw==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31EE.pem
new file mode 100644
index 0000000000..90560091ca
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest31EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 04 69 7A C0 F8 D1 7E 3D 6C D4 CC E2 AB EC D3 47 99 21 7F 3A 
+    friendlyName: Invalid cRLIssuer Test31 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cRLIssuer EE Certificate Test31
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA6
+-----BEGIN CERTIFICATE-----
+MIIEbDCCA1SgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0E2MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMDAuBgNV
+BAMTJ0ludmFsaWQgY1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOdZlYRiJUYOp5WYFV1jVCmoQisZ
+Wrsuz0ZIazNWxlXfUx6xCMZrSVa4uixQ8dwvvqUbQ6/H3DLXdhp9R6br11Fw9Hcb
+E7cCYSJ6/NuP1koE0eBHooh78n5thPOzOJks0DfVYPwoXM63B+z1MN+w0juSdNYH
+5ck2QeCO6FU0xlk2UnkmuWhoIvA2UFFx9LQgv4nX0WfmHg/k5e6dSU/O1hcjxT/r
+ivNnvBNLKjRhLrEOb57Fv47C0rs2nOruQSK95oxuBRgGaSSDdrT9TTFSgHQ3POUD
+pqm5vhrBzBPwBsoWZYMHaYz/HnQlBhIWgBDP47Vq7OrXx38n56Q0tcbaYqECAwEA
+AaOCAUcwggFDMB8GA1UdIwQYMBaAFB/JII0Lo2wtd08T3kL0C7beKnYxMB0GA1Ud
+DgQWBBSRqu0FdQ+STZMQVrOX23I4Bqkh5jAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMIHXBgNVHR8Egc8wgcwwgcmgeaB3pHUwczELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNV
+BAsTD2luZGlyZWN0Q1JMIENBNTEpMCcGA1UEAxMgaW5kaXJlY3QgQ1JMIGZvciBp
+bmRpcmVjdENSTCBDQTaiTKRKMEgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwDQYJ
+KoZIhvcNAQELBQADggEBALJdyQ0VWtdTlrYjwxr1svYyFO4orqmxszn+1Bjhbqy2
+9jTBWUv5Cf/+wnRjFsS74OuLxS+CXkR5LJ5K9Wzk0oVBIS32QqSVZf4RkP935p5r
+D4QpQVnKqdzoqGJ+qfWkayXjNW3kxaXc33v12Z3JeAnh5kpZv7CmBe1FDpoAVu72
+wGbbZ4joNc5QV0qTTw0jHL/mH2iaaPiJClmC0l5zB9w/t3OXCWOyr4fBmnUag2vu
+ROYeTpfBXPBLJqxtDoAnkr2fqeNiyxJ+ORGC0sbbI2cIbs7TWomS5l6VnJCv0R+X
+TpqqCqwccXjJmR/qhF3iJkn9bxrDgrixX6H3FcXcIiM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 04 69 7A C0 F8 D1 7E 3D 6C D4 CC E2 AB EC D3 47 99 21 7F 3A 
+    friendlyName: Invalid cRLIssuer Test31 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8DF42EF54A7ED06E
+
+4nKZD/ybq6VJE6lI6y1Xk4SDZ7OPMhDEsnLnYqu+/V03g8ItSWKWwZG/wQ02LlSt
+NXGLPbx2hURYayjCjGKMgHPTfImuKUcurL7qKaftZ1D8YoroyybQ6SMLmmdanBAX
+y1SDOyMud73jgrfDj80Dej2eX8CL3ip5myGmFr3HJ4riysWLOaS9lttcXgXXs2kl
+LTC5HUKLtr9wPjbgC9PD25Rx1gG00XnSUWthYn8ATVVrRhf41VbIDM9ZGISBa2j1
+ibfIZ3Bl/AerrTRknDJe/tHILGX6Q8Zy0Umep6K5ByM9O1rsjuTbcCNxXiO+bGYk
+tehb+1e+i/dkv92NZ7xC2NCAI+bSqwi0vvKL1E9Vlrp8ix1oBAIy2bY7qYETRFY/
+qNKqa7oyo9f4ThTDo94Cfk8wp36/PMyqQD4addS1yYTQFbTAPqtM7NApL23O9Q6q
+a9kSE+yereIu3ztAAqKwaEGBZPqrLS1ldXt9xBtxUr7F1KoytENESylVo8ULVSfc
+/ew5/2toQGVB0YkJfzPKL+ZCqGnaelwh/m+V3D7o+RJlZhfd8cTMAEP0MI8xO78R
+VeG7nowYvLSd+fbG+ehyALH3JRPdLrjnyjlta3ALa1bfNh08U9ZCswdh8+mAca5x
+p4VQwgAtDo1Iu8lYpmJa1oYMdJhRsE+x6KwI1/ZL8tE3h2q3YDEZrieHu5FniIod
++0gz6EGUNYiSel4gxNEvcDs14itsy9AM97fEDWR3U3M7u9y/hS5/htICWsyOXtGD
+SPqwWtD4nlsmWkd1TM9eUyKI1PmrRPQXkEb2i1G5gAFXn1JXV2ju2CCvqoLaLBHE
+UJgTujUAx6A851T3/K1WtJT4/eVvlC2P3KlkYAaKysEHzvHVzPmR/JeutgNdtlk0
+pwMO4ITTCdjWkjbAaIImlpbrDGTROcjaf/CllSfcTXPQwV5V4rotW2UYOwGEgidS
+x2+17lQkVnJRQlhVMY3iwNK+mg3VD6hrV9ACWZ4uf8o0Y33UcAea35qeXj+JktUz
+ZcQwO3N2ZRRK90vipd7SlL11oGgPeHS6YHCPDI4nzy6JX9WyK5WLxcbMw2m5rx25
+pDw7ZH8As6IDcQVX3w/SlMXjJsSL4mX+nqKTo9sGzOButih0ZzLbvK6Ty0ZllPSG
+IGbllNI/JZmNbu1ozkKYn/1X2H1/8+igfXYaMlJsR/QRcLseGbHWUOuCS/VvnnUa
+HnUtWpQN1nDzv/6zGhCEe0aLM3OeQG6KjmUpyFakF/GVPpuCmkcTsOkL2HOQv+r/
+fvYgpiNCC0/bR1D4m0U9byIIg8qVBEItex7q6eMBgHNYVuOVvzVhK2AWcvuM6n3U
+2hluJHJPRKoODvBqlzlTz7Hh1P6eROWlKRB8sokKWe+pEYQro1oSGpOCOpWbe2Y/
+oYADEZ+CgKeCglKAtXeDBOSrUo/lmvrLFsMI08pdddNHgdFwApNFfy6ZNo51LAA9
+GvjJ5NxEKbbIscGUhEQ/RVTObduQqUpcuYqkcnEqtJAEgZR6qy8bos9cLR5bG5Y0
+oN0RB8NRTPw4l7Bldp1+iDRmlYM2TvKqBwtbV04/TPcrxKAzjIgZmw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32.pem
deleted file mode 100644
index 5dab635a7e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32.pem
+++ /dev/null
@@ -1,226 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA5
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI
-iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok
-km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM
-6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn
-6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J
-7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H
-sN+wLRApTQTr
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA6
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0E2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5/raWoeX0Fp14qkKY
-Ypdts+gzpB6uEBcK8SpAa5FzydBYcIJajJ7MbWLlH1o1nzd27E2YQQPaVuRvB9vS
-4Tih5plnbOXvkaUVh/iohILhb0Q49JWe4JU2yQsphppmzXgUH7C0Zygn3N/fd8JF
-MUxK0kDYmuerHsZ7DDIJsAOTpQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwhs+qhpOwTOKGqpZSQOxZqIc8H0wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACMudfomzqT284TDQDAaT8SdUGpP0bH0
-ofTP/6WODMD3M2+AYgM5ES2McuNKWBx/iifIy42icqmtiP4EjbwjK5JKPJzSSyIF
-/BL1+/TdNfvGBuDBG7qoVzqALx4QeAdCh9tjM9eZQbwVuIIUiI94VPU3hT1OcJRE
-ZCkFIjgPYCPR
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test32
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA6
------BEGIN CERTIFICATE-----
-MIIDUzCCArygAwIBAgIBCTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBNjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp
-ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDMyMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDGNK1Y+eOYRm50GYuyrg+CaupAyx1885TUh0lz/2sHwXp2
-OmsLIqfukEyyIfBt/gEHZ4e3CvSb8unsTq/Jlt++srjlPkTPaJAJZmVhhLBS33c/
-L4t1J9CE+W5JEzzQjzhhtAgsOxH4gy6PqQ7MQ3LPRSUFqwtFlOjUaVDekanP/wID
-AQABo4IBPTCCATkwHwYDVR0jBBgwFoAUwhs+qhpOwTOKGqpZSQOxZqIc8H0wHQYD
-VR0OBBYEFCFEpTMSRVJmDIG3biuYZ63bFngaMA4GA1UdDwEB/wQEAwIE8DAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwgc0GA1UdHwSBxTCBwjCBv6B0oHKkcDBuMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsT
-D2luZGlyZWN0Q1JMIENBNTEpMCcGA1UEAxMgaW5kaXJlY3QgQ1JMIGZvciBpbmRp
-cmVjdENSTCBDQTaiR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENl
-cnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RDUkwgQ0E1MA0GCSqGSIb3DQEB
-BQUAA4GBAKZ16nizt2hCVkrf+WfJV1t/frRX9W7Oi4whQqH9BEA2nEZ9LVeGnCAZ
-he10WnY1rXA2JHICijj3YDBoAlOMWtp43Qhv32QJ4dFR08kuSWjvCygSokh9uyoX
-Q/zpF1amF1x/Br/uteHCBILXFFGLLsSauW15U4HWUiJQHob56396
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0..Y...R...N.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA7
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 07
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 08
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 09
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0A
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA5
-    Serial Number: 0B
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c:
-        d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c:
-        f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e:
-        44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce:
-        51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53:
-        79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab:
-        7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c:
-        c7:af
------BEGIN X509 CRL-----
-MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0
-NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V
-BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX
-DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB
-MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG
-A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV
-HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1
-NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE
-AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN
-MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU
-lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd
-MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy
-dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu
-ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS
-TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3
-pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw
-FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly
-ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb
-uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu
-TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq
-xL1FzpoJ1fesDYN8YjzHrw==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32EE.pem
new file mode 100644
index 0000000000..913d2a06e6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest32EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 83 AF 9B 57 E2 15 82 8D AD 37 03 DC BF 66 47 87 B1 78 53 6F 
+    friendlyName: Invalid cRLIssuer Test32 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cRLIssuer EE Certificate Test32
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA6
+-----BEGIN CERTIFICATE-----
+MIIEbDCCA1SgAwIBAgIBCTANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0E2MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMDAuBgNV
+BAMTJ0ludmFsaWQgY1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANR/hypQd5ZfgQVkP+On0t+Rs82X
+m+cbn8RfIKdGJ16TJx+umPn5RbrBegqLCsNMlnuSayqfI8dRDNud1lygtx3o8jVq
+7Hghl+UKnhzgq6kJoQLTcps12ELcEU78o8hkf7p//zpHTu4KgPu8uOlHHeh4poqG
+2HumXXJjVXgl3YTUeufUCIp83N0U+bzZ1hJp/1giElpUO7mzg3Fgqod8pklHsIab
+NwYPMA7nBGpOgd5U2OTJezmxd0s+qIpB8pE2TOHkg0j2K3o28YHHtCdRR+0eR8bv
+e/9c1JguAgwlOxYexaw8ILTF2AIRCdCqKQGzuayx1wkuyMrbTbZRhIQrSdkCAwEA
+AaOCAUcwggFDMB8GA1UdIwQYMBaAFB/JII0Lo2wtd08T3kL0C7beKnYxMB0GA1Ud
+DgQWBBTzLCUxrEFAGDyfXPzyKzqsnz+oMTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMIHXBgNVHR8Egc8wgcwwgcmgeaB3pHUwczELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNV
+BAsTD2luZGlyZWN0Q1JMIENBNTEpMCcGA1UEAxMgaW5kaXJlY3QgQ1JMIGZvciBp
+bmRpcmVjdENSTCBDQTaiTKRKMEgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwDQYJ
+KoZIhvcNAQELBQADggEBAH6YyaHCZXx+PWVzfSNQJClpQbMWgdnFe6430QrRzXXq
+djUbh94OnKIJsv8Q4IjN2dgcClEm/UMyPmE5BYNhrUwtTJ1qkaVJPXWDhUHACKiM
+fpyvFedpP744+uyE5hjGe/d6Yy67XIJ31Utj37u9dqA1u51nN+lsy4UN8a8OVeqO
+Coe7QZjlVLn3VVr981YvW/3zbk+RE1AZlOtZ6UhRfUaYSJpKjBf4PO1NzGVEWSgQ
+2I97mAcgjwgt/xY4ydOUqPvExGvsbG3fC0tBmzbqPuV4ISoZ64bWW2sEX8Wuz1aw
+yTzhyxQSkCTUNlGS7DRkguwFpjMGUr8D4i6QOdkAnCY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 83 AF 9B 57 E2 15 82 8D AD 37 03 DC BF 66 47 87 B1 78 53 6F 
+    friendlyName: Invalid cRLIssuer Test32 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B98AA6601A7ABDD2
+
+MrLMqzxICNQXMq2sBzGu6gIhOpr0VCPS50gHE8ZaiQo1Fo5cburZWUG3xwtivTxK
+spxUCoomPrP3vgyK/xZLuIVxsblHuRn3UnlgESB5fNoTbpkhA2ayz892tC9e5vw2
+wnQOW876vd4XT3vB6U9zH7QXGh5IJP5ynbtvHu0j9hQZbYuUBXBCXt9WWzAEpSEp
+udL3BLUJ8LsMkCExS7rRwKd6DauL1Wl3/PZx7wMiAX1xgoAatQJt2R8fC5cK50Pk
+rUpGXASy7tAYvkKgXDtoSePpZPeQG1JBH/Atr6MNuIBNvCR/FCWTb/RHcZONi1k2
+TaQ2lHwK69hV+irlsmnU0x0GXwlSW16PRcwp5I5OBqJDGUdKVBhcb8+oqu2ihNaj
+mPx9fY+BS89RdMwHWZPopgxzvsOfOO1yXK6Iv5jA5GZGoko5BswKjfC8AdZcNvay
+IjQ/tOhQIfxZUjYAuKvItR5lUEy189nMJBApQ5a9H6c6gdnBk6qvlKVJuzwW0B5X
+2WcQuf9aFL5H1vugKCQZYOQYVN3sm8/t0zTjs3eKQTU/opIVoz7QialxljJUa5Pg
+loNFztRsvkB2SjowGy4tkKWhiIWqGCl628RQHrZdDrye2S/+OgfiOsBZKm9K4wAX
+aMH7lIxlnsgZTW6VCN2FP53TRV2CA4eNqXec8Pu0WXyXkglN+VNZ5r2wL25mdwDq
+eRRM2nKzypS2tT3FpxbU+orZtfVQV4nEhMPCs4rYsq+R2+OITr+2DGcTLGnsMyBj
+K8+lQ4PVaWJuzank5TSjK9wZtlOtyp9ewZ/TZ8evyQ8SvKm908CiTtSBGUfUfeRt
+SS2Nh2UlsSIQ6FT59vjf6/N+mZevXoWLSaLyVZLVANLKSQ5VkAPtrVJaM9c5Bij/
+axO7+gPMuCI4Ee6OJsKEfc+VglKnyA4rdr3RRmXQjjuWItrsxrt++VRoOuoMGTrJ
+tnymW8vAykeXQYUEsfNbeXqsC4NdKG7EBuSkEKpV8x03PIyqpyQoNUT3W6QeiPHs
+FtRiRcTlfP9T9f+8vZnsCMn3m2tciAvZCBzodCZLWuAtxfFm45evG8NzwnVPSmQb
+aBrdW3l/QOwPmdQMv81sd1fkn4Cc39ZN1+49KSiJlX70BgnDCBRxRNPGCBiyg4Cn
+bLZhUZW+ctPMkj5wEXxcveairewFJqvpc6rRTg5MG4Yo5sfKj0F4xwWYY+I0BzKW
+4gCXSXiPnmPR8Vnw0mKOxUyBCFW7/kx0K6h+PyqUQO3yNAZqs3lr/qRCnVqs9PHf
+cXTqfqKjavbLKTejYgdSnzJlYRShFjE2E4YB+0c9OkJbV0epua/N9wrFxj3ineXv
+wYQclFFY9ZWXpdh+8Z9Mh0EJk8z3UC8wV6/+nh77cHGOY8NnTyxCMIHyVtoQe73h
+ang99VGp0KwC7AHReWWorS/m1jldGKtXnFgs+ImuLa8cVAr3g6hYpOI4+gyDgvbs
+jvkaw/sWFznat664Ztvi/08s6SfS4CpqqLrQiHh+NExso8mmt+N1mKNuSBfFlQiX
+Pjm7yMZEc/Oy6cOvjWt9qU9z3JyTwS341E/jojBMX4VO417KLib65A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34.pem
deleted file mode 100644
index 2e62d70320..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34.pem
+++ /dev/null
@@ -1,205 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA5
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI
-iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok
-km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM
-6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn
-6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J
-7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H
-sN+wLRApTQTr
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test34
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA5
------BEGIN CERTIFICATE-----
-MIIC/DCCAmWgAwIBAgIBCzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBNTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp
-ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDM0MIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCSaPRkABN56ESU2SA5P4mVXVChuwxsllnznUrRrpaH+L60
-m9Sa11iyGiUqTcGPQbEsPUN8zQQmsjnGSpIMtMRrnkaOTaUmzszVKp9xOuZ5vgSd
-8KeQJjqISqeeJL/oSynuMBOfir1TH2HToo+HetNsfXhumdPDKUojywjZcp1N7wID
-AQABo4HnMIHkMB8GA1UdIwQYMBaAFJStEtHhDn7DuzdLQT1tWYA/RFdtMB0GA1Ud
-DgQWBBQ4QCS2SjHLQtR3kH7i8O8sleHk8DAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMHkGA1UdHwRyMHAwbqBsoGqkaDBmMQswCQYDVQQG
-EwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGly
-ZWN0Q1JMIENBNTEhMB8GA1UEAxMYQ1JMMSBmb3IgaW5kaXJlY3RDUkwgQ0E1MA0G
-CSqGSIb3DQEBBQUAA4GBAAppj9RM8AKRmrj/d56ZzOcNlN79bi39iFp7ZuxrkdL7
-ZcnUm4A5y0u2ZoywD1LTUUYh+egAhtpccsYYjmMVQVbEtgwVKorXOwcm6iNmENQ6
-lsZPlEkEXBLlfZLuhPr4Ju+QjaMo7SLAiXOG9lwry8ZFcfAGLIfpLlQyGZ2cnahX
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0..Y...R...N.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA7
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 07
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 08
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 09
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0A
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA5
-    Serial Number: 0B
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c:
-        d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c:
-        f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e:
-        44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce:
-        51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53:
-        79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab:
-        7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c:
-        c7:af
------BEGIN X509 CRL-----
-MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0
-NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V
-BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX
-DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB
-MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG
-A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV
-HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1
-NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE
-AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN
-MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU
-lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd
-MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy
-dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu
-ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS
-TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3
-pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw
-FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly
-ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb
-uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu
-TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq
-xL1FzpoJ1fesDYN8YjzHrw==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34EE.pem
new file mode 100644
index 0000000000..c59c3f3943
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest34EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 89 5F 98 0C B1 66 E7 9E 21 5E 85 65 34 D3 11 DC D3 14 31 8E 
+    friendlyName: Invalid cRLIssuer Test34 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cRLIssuer EE Certificate Test34
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA5
+-----BEGIN CERTIFICATE-----
+MIIEEDCCAvigAwIBAgIBCzANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0E1MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMDAuBgNV
+BAMTJ0ludmFsaWQgY1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzNDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALZM/UiUPAWzidGDMrvQQbEw5ccN
+ZDki0OBiRr2Tu3rM4VqPd/QD7mFrjNMrncCBdxjE1Qsz3ZEJ89HXf+G6M8uYosh2
+spbvAtn79j73GDlVAhhZwFSx9zgd4pgpsFmufyFdHQrh7UldgyJ6pmEbtxbWcee7
+ZqkSPY5rtvNEDRcF16sUjkXGdfQK+5my17lltU8uZJtmZ/5xY61HpfvI0Owjy6Ay
+tHCf9/Kf2WXHFT4ezwIQW1eTA3cNtQFHOIBuQu0C1EtiZFJBHthJyG4u7plg9FOr
+V7b8rtv9hIerEX6FGJ+/Jw8H+gPInhaFxdzOtkCV3LBiwgM4XhStsTegLGUCAwEA
+AaOB7DCB6TAfBgNVHSMEGDAWgBSB96q9SHVZgLDP3yMYndiTRoIWszAdBgNVHQ4E
+FgQUiiMx2fHS3UBFAJNBSQUGJhyCgP4wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATB+BgNVHR8EdzB1MHOgcaBvpG0wazELMAkGA1UEBhMC
+VVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAsTD2lu
+ZGlyZWN0Q1JMIENBNTEhMB8GA1UEAxMYQ1JMMSBmb3IgaW5kaXJlY3RDUkwgQ0E1
+MA0GCSqGSIb3DQEBCwUAA4IBAQBtVJxXc5x2a9fH2xCyJz8Rb2A/vJhatQ5J13Tr
+yPCuFcFfadOtMHGAZJL4A0bHxyiML5zhaNeXn7vk22RQxzLa/lSsJB9dRoSR3R9/
+XCK+f0babRaz5MxjGg6Xak+L2ZAYqhyHDeE+P13Hq64QZFsz8wuhX3dK6fd8pEOg
+3BtLHFjgOnrYZ3q93i7f6ehf3skfkEANC1rIiVwuTQdMutnVQzdw8tKw9pQHWgLZ
+f7r8zNr5YZV2RcPlK8alAfcGANKikTi6l+9SpOIpUDx/ebOjEekNA2tA1SPQCvqU
+J2nP9ZZ3l8MFwJHA56doOY+wy0Ee6AJZvYMjjx9RMAGXPyVX
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 89 5F 98 0C B1 66 E7 9E 21 5E 85 65 34 D3 11 DC D3 14 31 8E 
+    friendlyName: Invalid cRLIssuer Test34 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,55A1A3201C7E23DA
+
+OAZ2ghpfbykGcuAG0gn6n5Jr84azhS9N/KWE1AsXazS1Za6WsDRP5c5fdKf/7Q2C
+7f/G60/zxazydN5IjhGnowKjkam9qQIoe5fpOYwBQ/cS2BOYiUUvnqgf7x2MMpKF
+lLdpSMR+/UgfQV61e26IqsYCv6Fxqsy2Mrido569V1UFR1HS5UoV3hU64d9DIx60
+hItCW+bk0SeHsj3V9DqyWW22jNJ5udGFEjEzUXyla9xr1NUt69uPvyFpyrajLNSD
+6VzDZOTGTQ55QAAYMDO3G4sSZI3SUAueOZdW4IFa8p4PdJaNaIIXmHu94WKGJwAp
+PMhHsY5V43VO9eHDwbDHpw3qQ7t/fpg3wy7M2GDSaCreilnojgss/Y02s6+lU8mH
+Hsn+2NcAwqrtdLkuCmLx4AtAWdsO+rqtMVHDwFaHrlaOezBlYTvycCQhpu3NAAkR
+zWVXLqageP2oBRCdjLshUE5XH5AqDjws+YANM3LUyEFojGeA14nJsCmGFKoUdSCh
+rorhOm5DxtA/0ETzBhkr64iE9RGMIg9lYl3WVZ+IewFoOhcO0jPnv/wRnQFpvNxV
+pXamOAnfdJzaBDhobizVK2XnSkI1gV4CVeBkf2PxjcsQwC/qfxPW+4L6wa/ISiTF
+9/7QnEF9ejY9JSbv0wKCZsCw64CPatVmgDN3HYc166VEQG9uKM4nhJzbrf3qFHu9
+3AWdObVlIBTBRanwW0/iRLlGZJTsyJ57bQgHU3dxWwafWtycgLfvDXe6+zV2FH9e
+inZwNUB+gQtNC07V0YmozwDO6XM9Mm7eul46suit8NFC7RTeEezzHDB8Wvprf9Bp
+lR7UVCyS2NrEWxpjEgSCv+kNKMqQLzZGnBt7+KPbWMR12EzHgvxuyaglK9CqjW+8
+r8GSwbWBpCfRr7QxR26zyF9eaS92E2io/WKHOD+bidzl8eesCohHxCqFqYvm97sy
+e2zqUPJHU8lUVjr9W7IdUDwTdQfV9+F+y+otPsahu9DhxGqTp7COjeluxb1Ef6AW
+3rBhLxyWk7tGtzaBkQlJoQbQc2/JxVz/M2CEGqJ1PEcodulYRTr6Pp2IB5triivQ
+1GCUjOL0mlSJqBcexvx8/P7u0czhfefZW4MT/iMV9J7Dt1L9N/nTqpm+yYghYr4+
+/l7YhXZ1Gv39FTlh+FTmhNyZRPSt3mY2fnHF3vzLukV76r1Zw+sN/xtTYyJw4tIQ
+NC12TofcaZ69cQGj3qDQv8EajEfAhUcX2vEb7x15sYg+LjKjcfe1dpMgWx9U++Ie
+MlACrfZKc/QtIhPgG+alrR/tbmuUBU9+RyEM46IyWf3i0FU+6BMDjJk0kNWGLnYq
+XGZrQriPoqNvH3cG4qeC/1lFblEuseoMCZyEurGYRR48actk0fV6wahKDGE1whq8
+JVreifyiAtPjelNsMdjd8KBqFIWQ2zL3exyW3JkmoyxTl/ykHTFtPhFDZ9X7fqv+
+lvtUwpsH6s1I5jh8q8Se04Zv9d1RlCuZpax8e9q3ImP8c06/097BEAS8N74cnW7E
+pW6Nft+fN2jY1Rcvi8/34OFpO9P7ZSXp9BhJgehMosDXPKEvTdTm0e0oK/g4ozRZ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35.pem
deleted file mode 100644
index 814ed525f6..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35.pem
+++ /dev/null
@@ -1,207 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA5
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI
-iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok
-km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM
-6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn
-6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J
-7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H
-sN+wLRApTQTr
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid cRLIssuer EE Certificate Test35
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA5
------BEGIN CERTIFICATE-----
-MIIDSzCCArSgAwIBAgIBDDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBNTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFsxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEwMC4GA1UEAxMnSW52YWxp
-ZCBjUkxJc3N1ZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDM1MIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDcad27MapNxZI8cHsmcsbc69H6JrfyxEdrb8jo4H7kREvw
-Ysye/I+06+hyhrY2ziYjoPjk5qwOT6MZoD6a8nysxt+wJwTtwWP7qrrHUrTTM4wZ
-825zHunib1GDGS6NDkRGi3ZZyHgwYGJIpNFvpZ2tYbnQ1YCd+82ApJ/pVK7luwID
-AQABo4IBNTCCATEwHwYDVR0jBBgwFoAUlK0S0eEOfsO7N0tBPW1ZgD9EV20wHQYD
-VR0OBBYEFHF/hceoUsXQv3cfdoCyVLgI9NqMMA4GA1UdDwEB/wQEAwIE8DAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwgcUGA1UdHwSBvTCBujCBt6BsoGqkaDBmMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsT
-D2luZGlyZWN0Q1JMIENBNTEhMB8GA1UEAxMYQ1JMMSBmb3IgaW5kaXJlY3RDUkwg
-Q0E1okekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNjANBgkqhkiG9w0BAQUFAAOBgQAH
-2pRXjertT5rd9nPU9I5ZthZL8EBhTAfMObbfi8/CYJ+Cftct++cBQATBDBr6ho3Z
-TNjd6Qkd1wPPR2EgMk1HWJ6QS4/eQooeTsqstbgz6n/KcMB/+gQeYZbEyFoVu5e6
-C13SPmHSsdy1dtEVVELLreIOhfgSjoMBBQYMCJwffw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0..Y...R...N.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA7
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 07
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 08
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 09
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0A
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA5
-    Serial Number: 0B
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c:
-        d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c:
-        f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e:
-        44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce:
-        51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53:
-        79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab:
-        7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c:
-        c7:af
------BEGIN X509 CRL-----
-MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0
-NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V
-BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX
-DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB
-MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG
-A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV
-HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1
-NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE
-AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN
-MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU
-lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd
-MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy
-dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu
-ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS
-TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3
-pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw
-FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly
-ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb
-uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu
-TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq
-xL1FzpoJ1fesDYN8YjzHrw==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35EE.pem
new file mode 100644
index 0000000000..4df5ca0eff
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidcRLIssuerTest35EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 27 B3 78 2D BE B8 62 40 21 6A 96 79 23 0F 12 D1 10 89 05 8F 
+    friendlyName: Invalid cRLIssuer Test35 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid cRLIssuer EE Certificate Test35
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA5
+-----BEGIN CERTIFICATE-----
+MIIEZDCCA0ygAwIBAgIBDDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0E1MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMDAuBgNV
+BAMTJ0ludmFsaWQgY1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzNTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEZ3vjFkn5G0Phb9GsSjLsBjr69
+XZacj4oUQYXZE6KTPrGTuLxdS2p9kfr63rMkSLoKY+XcbcHDuc3MC9a8JUxCLLts
+TCi1XmiuiEy+/cTS8k0rQf/A/9uKZvqdp6AoVQmtIxWFbKV3SiOz9nz7d5tva6zV
+oxcpy6tNNuCB9On/t6teb548WBpMM2S28uzLLvTYKfB0J7QHCRf/kUhnWJX+ZkIG
+hq8b1UMZPSFNmm9pw7tYPNcra2u9MkP7FxnoBM7W0rQAEMZaKwhKQv8aE23pJyVD
+df59MBeqMEk7Jmejf4FQ+EiyF9EFdFnGc3VARqPYxk7RQzG4aXJxodf361sCAwEA
+AaOCAT8wggE7MB8GA1UdIwQYMBaAFIH3qr1IdVmAsM/fIxid2JNGghazMB0GA1Ud
+DgQWBBQ0OaRqmcOBlY37EyGFHakWthy79zAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMIHPBgNVHR8EgccwgcQwgcGgcaBvpG0wazELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNV
+BAsTD2luZGlyZWN0Q1JMIENBNTEhMB8GA1UEAxMYQ1JMMSBmb3IgaW5kaXJlY3RD
+UkwgQ0E1okykSjBIMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZp
+Y2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MA0GCSqGSIb3DQEB
+CwUAA4IBAQBL5cTjpHCWMwkWTeogYVLdVYyuUsPNyTJrGmx3Z9j0zBz4iEJoNJ92
+85zcB2deTuHIlFT+U3UZEk6ifJ8zUOE9TBC8Oyjl84EDOguoPgK0oQ3Jj/6b55Hl
+OS8A9CrB57Tn4slKocrF00uFdCiqmEjU1v+sbu6ABVBvAVd50qO2Tvy7kYu7H/eO
+M3hQPS5fo76cYJTtsn3ASFjtHZ2Zy06LRuE8YA4/h8h7Lvf26MfHeSJilhdibbmK
+C6qzmPhSKJTX4aFwhy4p/y5vNeSWy11eEjuCK8Szqhg/wfo+b5gtSlbUQLhXJAqQ
+24n2R4wWJ4Qic9ILAGdWLSa0uKAh3Vam
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 27 B3 78 2D BE B8 62 40 21 6A 96 79 23 0F 12 D1 10 89 05 8F 
+    friendlyName: Invalid cRLIssuer Test35 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DDC5EBDD1E2194D9
+
+Eo+ohoIFCoEj7N81YA/LxKJRjP9pBtRPlbBr4NBi5s/aUb/xB9zcacJHmnKxhoda
+bJQsd18mTuoGW9LZaIEjt9bYyLXIK/4xfep8Cysn23AQJXzkLpY3x5g2aOVnX0B9
+Ou9LUtZvQWQdZlfceA9LeDZPYsAaf+UGw1H36KVIwPyChZ/G68MKnNUPkbNNM2y2
+ndft9/HmIYB5/KzXdx5BnHkvXG2eU/bVuzUSzfdtHra8IJEHcY0Ox6dymoVW+sSG
+6H5t2kUIp/z9z7gAv9JH4L0asVs2HYb5puWP7Lt/4iKuOTF839YeJ/7h2DkGv5Vv
+mGfJIyqUHZzpi+SIVj7X88Ab8DPs1j/7OHAWp7BYFdE1Owa7X5gtBW1sHJmPbTfq
+3moN3miZoti9hFj13N+S/+BR5GpRHott3QO/Y5SUq5CKfAZsFS8SPSBNDn7tZ7gF
+atS1dHQfWXG53L5qN0JUWMuNCae1IrWGF0ChbwWG3GkRnckhZWo+5Yi9MxX3NfjC
+EUWn0Csb9BjLap1JSXRzoQIhEYsephk1xlYm4z93Li+6+ixiPldxN4NSp4osdpFc
+JBsewhkYgyiYBhZ4hC/SorLeWNupjfSi7kI7VPgMWA3Xi9qTkLoxjh1kfTKAlf69
+x0HqjdByVof1/n29mke01yyq6Q0XZExDtj82ST7lNK43job76NNYqdH+eEWu31aD
+qUcGT1veiuE4oi5wpiO/RNyPZ9cknXNJUk8zgEEah3BLp137FYJ5LpRc886yXw9z
+TNbNhQMdEQLDmZgJwYYEoDTNB48Iu3cghH1PN9Pmf36RDZPkWvLt8+8UhabgwtIf
+Qlmgm9Ux7GML+E7Ijs3+2XiIXx8VaNHJF969pWOkzJV3v/Y/lpbYnb/cJ149k178
+kfCKZNDLXUm1Nm8I94/X4m75K1bLzUXDbCkMbLnAhsfy9kMHNKKAeVzJ7jcdw4av
+h0RsWUy6c39xtxlm8ZvnDW/3xZ0HXRT00jxmqSb36J1gtSrsK7rcFf5XyCoqjH1n
+uwgXN13VpMelQTg6FV6OsnJZHnHdIEcOQ5+H8VQwizJz/D0C1IgD/YsxMRlZYzPG
+3hwNy2XbCTWh0oK0ddEGeFotuLDKpthaLb0euW4UHv5hPoNoMb7r0lpbt57tzjV9
+qQJXf8unpPNLPtS2lbHKGiy6eAPQiy+LFK6tLT8bWDM9/mcGid+N5jM6WI8yXjNo
+391XgOpIFK385rEslj/yNbn2aRfBjtPJzAe8QSnv2+t6zDUBW1CTSEUvWa5aVkp3
+Gq/1hwGKRE0WUmAEWQYOn8wrhUKnBtWgFvpOWeNcT0wtDxD188W4rLCYJ6WSMAMv
+0Jta6Lirm4DlW3MAMW6ZJ3Tc6NtKGEoZKU91g/DIE2g7rFlESTeSNirLjIYjXnJb
+PlurzxN7Sj9Ssy46V0RLmFJrVQIwnwp3IjLr2NAKMs2pq4onpACGUagmDU3H4cr4
+2AOUT/aR+IEHREeO+6r33vzcvFq7zp78rcubRk2/ftw14IZmyO9HFwUQBHLaFS4C
+4JlJtknLnOlPoygMe3gCeQCWfi8r+Q3OimxRwuUiO3y9WOVYVjBTmQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1.pem
deleted file mode 100644
index 3cafe6afb8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRLIndicator No Base CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBWjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcZGVsdGFDUkxJ
-bmRpY2F0b3IgTm8gQmFzZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-oG4BhBi9qCt4Gbrc/LcngtoFA7DzmY22GBOLt1eBY0FyQGpf4K9UJ/LOfsnV+Q1z
-VMrQi85AV2IqI6mgtxHLyw698P62RlAXRHWMHyj7K/bgc9YjZXUrY7Dy/rAbHaww
-JVlnlNsli3eVdnIPzuxxJ4qRhRgxixJng9IvLPDQaSUCAwEAAaN8MHowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIvW/54p6SweUNEj
-eV1lB9tgcPTTMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQARpTTRRjgFmYIu
-Mnx53B9cpWlZhaDRm9P+XdLuN3Tc4rdqxW3PccPPBB02TbfuXKXNGOQZpKhhF2BR
-oulfvRUkwEfeB7DHQNuEGVct08IknDXryj2KFLPQgWdprgO0hOgZxF1SPuUOh1q7
-iSvok8TmmeNswbnOq7EszJMT6EmnUA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid deltaCRLIndicator No Base EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=deltaCRLIndicator No Base CA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGRlbHRhQ1JMSW5k
-aWNhdG9yIE5vIEJhc2UgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBqMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPzA9
-BgNVBAMTNkludmFsaWQgZGVsdGFDUkxJbmRpY2F0b3IgTm8gQmFzZSBFRSBDZXJ0
-aWZpY2F0ZSBUZXN0MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvGpcW2w
-QEDfvwR7XCYsQkH0qjyrTAjaWC37qTDFXdVea7SsRiN2tW0REkGLtoF/BGWwq3/K
-KNS47aRTkHkYyNJIlv+1vRXEYxlHI0k6HGfH+50i/40w6T3EzV7RUhcGUGQzP2bT
-K9Bpc6fHT2sjEgqChhY1By2i/j1sQcIt9TMCAwEAAaNrMGkwHwYDVR0jBBgwFoAU
-i9b/ninpLB5Q0SN5XWUH22Bw9NMwHQYDVR0OBBYEFGc/qnf9bJRTuHQc0l5B5FN/
-kKYbMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJ
-KoZIhvcNAQEFBQADgYEADuC/4FucvKYngf2DKlHL2CRM7Io+GiuRab4hlwCc+ma1
-VPQC6R+vlIABlQvMPmw4WG+SuFUDZNUssb8KPHQZdrvlnFHPjim3wRzYsdvAPIJt
-5zncVjkebsrXuA///nNffcUlemq0f871Une/4Vtxe1VBbGzCZ7s8DxQumEH4B6E=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRLIndicator No Base CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:D6:FF:9E:29:E9:2C:1E:50:D1:23:79:5D:65:07:DB:60:70:F4:D3
-
-            X509v3 CRL Number: 
-                1
-            X509v3 Delta CRL Indicator: critical
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        73:84:e0:d0:5d:12:bb:90:a4:b0:49:2d:9c:98:2f:c5:8f:39:
-        aa:08:09:8d:4a:14:7f:5b:59:00:a0:4d:f2:b6:47:88:33:fb:
-        a8:51:d9:b1:44:71:66:7d:48:c4:02:fe:ee:fd:2b:ab:80:0d:
-        07:ad:41:d6:51:cb:86:03:c8:8e:99:0a:6e:b3:65:72:65:58:
-        3b:f1:b9:af:cc:75:ab:ac:7c:59:18:32:59:8e:ca:d9:cd:50:
-        f2:f9:03:d6:4e:41:13:5e:62:2a:e2:3a:98:12:d8:ff:08:cb:
-        14:6e:1d:69:4d:d6:19:74:cf:b5:2d:c7:2d:3c:60:a6:30:95:
-        34:4c
------BEGIN X509 CRL-----
-MIIBWDCBwgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGRlbHRhQ1JMSW5kaWNhdG9y
-IE5vIEJhc2UgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgPjA8MB8G
-A1UdIwQYMBaAFIvW/54p6SweUNEjeV1lB9tgcPTTMAoGA1UdFAQDAgEBMA0GA1Ud
-GwEB/wQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAHOE4NBdEruQpLBJLZyYL8WPOaoI
-CY1KFH9bWQCgTfK2R4gz+6hR2bFEcWZ9SMQC/u79K6uADQetQdZRy4YDyI6ZCm6z
-ZXJlWDvxua/MdausfFkYMlmOytnNUPL5A9ZOQRNeYiriOpgS2P8IyxRuHWlN1hl0
-z7Utxy08YKYwlTRM
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1EE.pem
new file mode 100644
index 0000000000..cf4a0188f3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLIndicatorNoBaseTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 14 51 E3 D7 23 38 AF 15 1A E2 D6 76 9A 9B 1A EE 53 65 D3 16 
+    friendlyName: Invalid deltaCRLIndicator No Base Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid deltaCRLIndicator No Base EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRLIndicator No Base CA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcZGVsdGFD
+UkxJbmRpY2F0b3IgTm8gQmFzZSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMG8xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMT8wPQYDVQQDEzZJbnZhbGlkIGRlbHRhQ1JMSW5kaWNhdG9yIE5vIEJh
+c2UgRUUgQ2VydGlmaWNhdGUgVGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCbhw2QqOjic0nMo+o+00dV/CeqcpriB+Ybd37dJoPpNPan0fliKh7L
+gC5qlfRMl1/G4aiY9/rn4c6IZKHKvZvtqxWeWdk9rfkZrzd5jdchg3X9js3W+Pew
+os3xdg0s5C6LAxUpdZKXUfnp+rgXJP+5DBJbp0zT0E+E2+wFCEFmCwvBXsdC4wS5
+V37eh0xM3D+AmmRpmZU1sNwE6CHCXS/FxAT6M0l2uOrrsAasOAlYyKomNrwuI4JX
+F3o2iOP2FmcUdfbipILts/m/i9IXBbD7Y6CHpxaxwO5C5M2QGmbrzpWRwnH2X5si
+lC9xrwWMDkDICl4iWZM0EpD/fvylKDXnAgMBAAGjazBpMB8GA1UdIwQYMBaAFPQ4
+diWrpOMcwMh1jI0Ta2MjtoqBMB0GA1UdDgQWBBReXpncoHSAGA199holyuOyoazn
+5DAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqG
+SIb3DQEBCwUAA4IBAQBJ/eVvOyfvPW6TIbZC836c9ReK6HHWGskd3H5FmhJpOGRD
+yqKrWC44Zg9TaEcnMUZdvGT70DPTKaHVte9hOzQHWlXPDZlpIPQie2luL4i/6hsY
+r4kGcK3jbPw/rexK0R8K6s0ZE+CpP5VQnRbRzCxdQiWny1m/PACa9zhklI/wEovL
+ha+CdOwDNBNDQzA1dsz8IqRAyIRiHJ1W/n71rkK72xCphrl0EcIZRk+aIkDNrO6j
+EHYzDFuGiknsLCZ9nrxUbdx16eeTaqG8wEkiZP/f8hERqB4TqNw+J0d2m4IVdo/B
++ZbHSIBkCA4aE92Z+PM4gibKanjLggGYrkPMshkJ
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 14 51 E3 D7 23 38 AF 15 1A E2 D6 76 9A 9B 1A EE 53 65 D3 16 
+    friendlyName: Invalid deltaCRLIndicator No Base Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3AF61BEF1EAC1D72
+
+dWuz0jfIsicCkLiRuz0wUgfo5h7OVwLWI3sJEz8MJV5O9BEiF5t4ixGeIboEHbap
+4IBUKJ6MTWmtY9tmfXvKSWxM+BkyZXeAj0SzqTfNiPPOfG9wJqBgWKjVKQCnN1CV
+jM+A5IXthf/4Frbgbqccrzzd2fLOhJICaVOrcrTh//1ryATG2rUnMYMVbbLlxeHz
+8vWsJQZRNElgPl3BHeBRL6/K4qrP8UWQo/uivNmpVRY1OmzNtpFfOIt2jC5m7Hni
+6iVyta8GNn+633oxjn/Ji19JIX/yTjY7G4MoQY2MnQyML2mS9GUVllIiQqwN6tMn
+4Xk5CbxKKXx3Mqv6WN01o0oObRahhXx3GDHi8i0rWXFi+L6vz2fRPxInX4b0USIS
+oZvBS6JXJnYGctRp8akBajUEd9zb+cdP06J6YHlEV2ZzHVjulYPW10tgyLkJHesF
+n8bbfeUkaokt4yThN8cRiLqwj6r8/sLeo7DEguHkV/S7XKo5G5+AKT8TMg9qjEku
+pRmMnITqgtwQlNm/04g7woWLod7SdmOASsOhi1zko86MOLUKkCUSFa4ABOszpx3y
+oQEbnSHPI9Zaj93XLikF/RwS9pGdj3UHqbcuEvAowWlttt85JmD7VQR6JH7Q3dw5
+ISIdQJZVIVH3/IFCxe0tpw3Otqlee42m+OLq6DQOxrHJDyeHds0PTz9revgV2YTv
+4TGgxZSJMf+eRjNhxXwEB2+a3op/jWLv/kcV7ZN5tO8YbiaU/4v2DzLZu/rqRFz5
+HiMSVUc6wRVUm+EFasFBut/Hria/SDta4ayL+OUDXJ0G3NewngH7OG8H65v2jKbQ
+3hm3iaQgnm4YMwcRyOiF4qt6wPaR+uZXJcaflPfvR/nBnoN6L93dy4hpRuI0KIDW
+Wq7/KpVnBqEVJST2sOq1wGskbSvr2ozse02lObk0xAtlBLDFCkaRZDPZnG0tJ0F/
+j5dLAYe9e0j8SBkmY7AnxQyC82u4silVdMYk4tF9uuc2SuOswD0BFcy6+pwvJ9US
+gP5LRnVR0cCm9sdmitmulkMME6RzRXeXtLrfcv+XWOgT9anL/on/qOJ2JfWkTWhj
+z0wgwe3iIPvLYixOj25V2IPH4jz00ma9aLS8byebwWBLUZ8nN+oib7wQL/I6iOD5
+ARMcTb7SsJyiz5wWtJOkCRSnZrm6IsdRc2apuKIdjCivN+sIZiSIpqg4xfgB3bl5
+X/w9DtXHc/gWDOopWvDTC5BCjF00pZhvBclypVu9xsnjqcrW2IVBrz21Rb7RY2UW
+y78+DzkrE2FhrpgIgCltOe+J38gF7ywC+LEjL0BzDwFtF+wHthH9nPiaq3qrhrfe
+X2ynSuD8Y1D+2ygbO6gLZZvZBe8kY09h2F1qpcnezXwWYxnHThGsllzo8sh+yFTY
+xL0eU7ID/H7oVJaRrF3n6Y2r6OCu9lbjmrvJsvJ5T/RoY4IkxOFQ8gh0mxrHH5Fq
+kavoB/OjUGTgVTyjDslAKnbdUXI88SwyjOczbiX919PISbrnGsvsdU8O4eTbfK2K
+PfNniDgCGDc/aWRyfs/a+RjKG4lUmd7gGIjriXg+etZbbNG8/xbDzg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10.pem
deleted file mode 100644
index 4ca36378b2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10.pem
+++ /dev/null
@@ -1,150 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA3
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBXTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0EzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyjb9j3IekGOkHy1SMKbO2
-cxwOgq+Yl8JiAoQJk+wbolHouwKi3RFA75+gpgOiN0SeLz08puksttu+6NNeBmlI
-VBHm6vN402CMD2mE5JN9ze88PmgzLW/NusnlGNUoYksZn6JLwIyAMqCq9ftTWh/d
-Dy0s9MipYeAfErZCKqRoewIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQU4hgGT7/eQNb/M10iVoncEPfOcL0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJ3F2hdP5d9HdGajPqfdokQc5GBFeZOqwu0M
-3NB8RwFrC1PmrnRvCZETjCk9bMAlDIYde7XTym3nNwdl2xrMWn6xBBnBtVBU1uAo
-96PxqkGgbm/uFUgMLUlww+CwMtAWfpZylChZNNxZSK40iS4jOlN5JajF1iLB+CTG
-rC1IKMyc
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA3
------BEGIN CERTIFICATE-----
-MIIDKTCCApKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEvMC0GA1UEAxMmSW52YWxpZCBk
-ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTAwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAPg+ULgLYvxSkvSwcxwt2gPwS+Snwayze8EhWojhINAcpYlb8sPh
-4OaEgcnDvdOrOUGPIB2D/KOYrKEAqlRmM5zx12ZvpLevcV81RvNfe4FTRCqAqwhK
-Vs+5ktfrGpJxjBVWC0Lds9VitDFQpVoA8ksVekcaTe2bHsI0Ovr0DJiXAgMBAAGj
-ggEXMIIBEzAfBgNVHSMEGDAWgBTiGAZPv95A1v8zXSJWidwQ985wvTAdBgNVHQ4E
-FgQU10CyKhocLN3j/y/kw/ue6MjvEF8wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNS
-TCBDQTMwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQK
-ExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0EzMA0GCSqG
-SIb3DQEBBQUAA4GBAAUoNQS5AyzkN32ziPcC+VbKBJACILROlR93/RKUabl710wa
-BNk1iOD+MQ9iUwOLXI/bAo5bqQP43gvVFETGio6KpzbsDfofpXMbliYNRyX6NYqy
-38eEMeX/Tu2GvtAwIWPlW2rdCrAl0KS57hwRtpXvyikNxUHoYGmtREmOdFN+
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA3
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E2:18:06:4F:BF:DE:40:D6:FF:33:5D:22:56:89:DC:10:F7:CE:70:BD
-
-            X509v3 CRL Number: 
-                3
-            X509v3 Delta CRL Indicator: critical
-                2
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        14:8e:0d:04:69:d0:fb:fc:c1:e0:51:af:b2:9c:b1:0e:d6:8d:
-        da:4a:f1:94:a2:23:3e:6f:c9:9c:4d:d6:b0:03:6e:ae:c7:23:
-        fc:6c:69:3e:66:ee:12:fa:2d:b4:12:08:76:16:e7:45:7c:6b:
-        7c:b5:ca:dd:f3:67:81:c7:78:d0:0a:54:52:05:0e:a9:8e:36:
-        5c:3e:9b:b7:b5:f1:18:a9:04:61:5a:95:4c:3f:a9:d2:76:c3:
-        71:dd:2a:9a:78:27:4d:3e:e8:02:93:40:21:42:14:02:a8:0d:
-        86:f4:27:53:8c:3c:07:ab:d4:70:29:2e:42:6b:db:5a:2d:06:
-        54:e9
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENBMxcNMDMw
-MTAxMTIwMDAwWhcNMTEwNDE5MTQ1NzIwWqA+MDwwHwYDVR0jBBgwFoAU4hgGT7/e
-QNb/M10iVoncEPfOcL0wCgYDVR0UBAMCAQMwDQYDVR0bAQH/BAMCAQIwDQYJKoZI
-hvcNAQEFBQADgYEAFI4NBGnQ+/zB4FGvspyxDtaN2krxlKIjPm/JnE3WsANurscj
-/GxpPmbuEvottBIIdhbnRXxrfLXK3fNngcd40ApUUgUOqY42XD6bt7XxGKkEYVqV
-TD+p0nbDcd0qmngnTT7oApNAIUIUAqgNhvQnU4w8B6vUcCkuQmvbWi0GVOk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Jan  1 12:00:00 2003 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E2:18:06:4F:BF:DE:40:D6:FF:33:5D:22:56:89:DC:10:F7:CE:70:BD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA3
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        87:f9:64:9d:19:1d:03:e9:68:e0:a8:3b:2a:8a:f2:74:a3:26:
-        8a:2b:00:7e:6c:b3:4f:ae:70:d1:e3:ad:39:b5:ba:70:25:34:
-        31:9b:12:06:6e:b2:59:f0:a8:56:24:67:c9:fc:76:54:74:4f:
-        28:14:6c:7d:51:20:d7:8f:52:69:12:e1:67:2b:3a:d1:70:03:
-        d6:8a:e5:c5:92:1e:61:29:9d:e5:55:c6:54:bb:8a:a9:b4:b7:
-        f6:3b:ee:b1:63:90:a3:39:2c:29:b0:f3:2e:00:1c:f4:dd:76:
-        46:40:31:0c:7e:29:ab:fb:35:ae:a8:73:8e:ca:a1:23:1c:12:
-        8e:50
------BEGIN X509 CRL-----
-MIIBkDCB+gIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENBMxcNMDEw
-NDE5MTQ1NzIwWhcNMDMwMTAxMTIwMDAwWqCBhTCBgjAfBgNVHSMEGDAWgBTiGAZP
-v95A1v8zXSJWidwQ985wvTAKBgNVHRQEAwIBATBTBgNVHS4ETDBKMEigRqBEpEIw
-QDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYD
-VQQDEwxkZWx0YUNSTCBDQTMwDQYJKoZIhvcNAQEFBQADgYEAh/lknRkdA+lo4Kg7
-KorydKMmiisAfmyzT65w0eOtObW6cCU0MZsSBm6yWfCoViRnyfx2VHRPKBRsfVEg
-149SaRLhZys60XAD1orlxZIeYSmd5VXGVLuKqbS39jvusWOQozksKbDzLgAc9N12
-RkAxDH4pq/s1rqhzjsqhIxwSjlA=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10EE.pem
new file mode 100644
index 0000000000..1b705fb0e3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest10EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 68 FE 2C E6 EB F7 D1 DC 72 5F E6 EF 20 5A 31 AD 25 7D 30 FD 
+    friendlyName: Invalid deltaCRL Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid deltaCRL EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA3
+-----BEGIN CERTIFICATE-----
+MIIEQjCCAyqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0EzMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLzAtBgNVBAMT
+JkludmFsaWQgZGVsdGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDEwMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvANALh142nlDnxUbBVwMZf4H8TGU6+cn
+B3S/k65XoHWSCIQaHJm8ViPDebtC2Y1lxXJAuUQ5vrXhMNViCXvsXVv3Fyqh0v8Q
+xWCcW3Mx8f1uIBa4iWs+GyD2978gvyy4wOLeAYAESUYG0XStMq2JvmLqAugT21T0
+0CrRVBXBcG4tsbxJFoCMFN/UrS87ampiKLDfUrer1kKOpTIYVZJ/tLqy/MIyTzsl
+cll6n2Qs6BH77TijvQ+SzRja+f3jbrUHUZuHSoJ1VF9hsyKO6jnVwIqzIMXOox5G
+n4jqfRmMVf77zPZF87XJ2lqgDoqmiEzxth/B94GOqxavMadaVT+czwIDAQABo4IB
+ITCCAR0wHwYDVR0jBBgwFoAU72PTqE6x+d9h4g3DBaOYGNKTmecwHQYDVR0OBBYE
+FBLdWepYnXF0v83nAlTQiBuan5S7MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwWAYDVR0fBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0
+YUNSTCBDQTMwWAYDVR0uBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNSTCBD
+QTMwDQYJKoZIhvcNAQELBQADggEBAKpHl7P1CWrLLGUFP6PuAz4hr9Y0OyCV2JLt
+sravF+p4eArmXPaAVzZz6/lYajw2i+b4eVQxm3qds6WoxgIIKSGyHPEBU2kz/93B
+kHP87Lwwk5yPG7XdX18t0dJ7AQhbPhyACkUbpwsZrN0tNCUby0S6iHUgCDBPU5MW
+duSUqgptZCka9niVz6eVtTbY5796ayHh36+MWGzodBQByJQqNum3/Wxhftbj04Ng
+wlL2MfEcDnE3swKRRE4uxe/GEdaaUmSzbFsQX+fokCrHO6udaaoMLpKIa/HZpb4f
+xvCy+cimsD/LjJ8hIo1A0sgGbeM4oybqfLkQ3ELSljF9R8+svdY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 68 FE 2C E6 EB F7 D1 DC 72 5F E6 EF 20 5A 31 AD 25 7D 30 FD 
+    friendlyName: Invalid deltaCRL Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AC1EB1F42BAD4578
+
+Cs8dov7sh8fRdw/5WuIE9nxqQvg/rjIq5qYQnxcyNZXsr7ktj1Y+JPybHvcku8Md
+8Wrg8u/C0vINm5f0/dyzdF5KwidTg3EI0x++5HQmvK+3agest+PldX+8Kvpr6EyL
+TZKqvsMqAYoAsSbC4jeMoFUGRF/7kzIar7mkY0yw+v155q9Ot3wvUwvcEqug720m
+4zJ6kGAZNIzQvoZjdf9bvQgaFXJ5gWuHCmKdOyb2Jd2rSzVdE7vgtF7Gi6ID3NUy
+kDek+PLQQFbTlUWdG8KaSqI9qEp3j1Cbuqc6CKtTLPcNWDZ1rHP39ag1ZFnP89uY
+9DX5Xekraq54c1CYozZ2PKtLSXmWqW8io+c4/LurIvMKjJR0gAuIUZtD1m813h8L
+w07izH6QKZjAJ0ALNa/SBkOKeSNSN9o+2u3cCh9KmFMYcebNXoCPeacdNSpRrl3F
+cWXwaGUP8JGn2HMYJOYE1KdQKmeiIAigrrKYgNilQtKzo43TVHkG0758gaEz3P8L
+fogsqPHDWIf+t9c0PSnE/g1ZsXOVTDQmkk+inW4RzAOW0i0leIRklA0WQLrdpPBI
+O509+0WsPsdN0dFtQa4GhmsskjGt5JTDgfi/5Yge8TgGmHEoeSZuz5M8HRpfjMr2
+BRn5WBkOUgwEHsP08fE7YyjEE7lpiBRtSqryPpezN1JfBUllbgHMQ2x3MMmKUyvN
+Q8wqH0bG3+ORSU/swn0xemObXf0Y/dzlCxlF2t6yd6m2HrE2oCkT2AW1eF2mVBZR
+zzQugVYSudBRHH6AvtohGdoIBE7tDQ7DqL7BQi1rbCtZ1THEpVTiSENxRUumP08K
+ElP1G5lb96GdZJepltrKJ9iXEbxMjHbYejZ3X309zmCOKymJvanAAhs7BleED1Yz
+0EdD3mAHVaycjnXn8SxC6/libT3jsU8sO/Hy5u1qxqwFHUlIJhxu7foV9KMMyVML
+sXo+H0kiflUg3iHKNFBI/UM07ml2Z+VVSbxTl3D0zxpJFRUaUD8JSdwZos+dqNhP
+qpig4z04eMzGTSTzaoQ6VHx3TvAIbyLFjGzynk1upk/lDVOsNR8mxklV8XkvPV2p
+onSQ9xzX9o44SMlp+KsBmPOBiJI9Vgzhz0EwspTHs0r4w9B9kg6sfPpAo7BsJWzb
+PNJgxyXyIsqW765VR0btgSJjA4g46GzhzrKo7irwtgZtXe2SjeglyIileefBbj+b
+OHI/0IS05TFR7l0MqpPZFhpLBY5NLwV2cCsZ+Fgq9rHq/o//XfEgNI4hlr0TvenU
+g+wiO1K4Hh+zlgTGor654HFoUepehXjOEvhBAuj6+6weusjXGg1PEpNWZQ2qcrqV
+EfT4bYpf3AsLYt3AXRu4HUM7JyRX7VCgNZ8onBVosG36rdv2Dw53vqKDTnD5ISPB
+MeiKYjKJAFK8090u+T4H4qZKfwa/wa81rqQ4Ussfio3J6nkMqUDBr95wVmcvD6Or
+KSQQDqXdtwP8fNWvqKO/QOapGfzVVWRtvdciipuicjYWdXZudKAuBd8x5xrrg8yx
+ClR34LtK8hg87MIMfT0ppXUe2TanG34+86GGHeq81lKlpTiqN7jX/A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3.pem
deleted file mode 100644
index b76c876c1e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3.pem
+++ /dev/null
@@ -1,190 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF
-msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT
-zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg
-7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi
-xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys
-XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9
-247eEnnm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1
------BEGIN CERTIFICATE-----
-MIIDKDCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlSW52YWxpZCBk
-ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAzxx97S8BoEgN9xfoNoA/Llxt6uPlOWZ+ivv604fkNJjK8fwEFgGh
-IX2rOp0JvgxD9GNhW03cAb99VuVWaKCGZetc3qdUF2xWlxxXgYBV1Js2xsyjmGbR
-pqAvaRtcrtlqE6hmltSJmkP92c49XhgCOIkV/KNyODYzPpFNe5RyZ/MCAwEAAaOC
-ARcwggETMB8GA1UdIwQYMBaAFJOPTbzyHNcMriBIrLoyGg3X6A3NMB0GA1UdDgQW
-BBSxLLxeL6rboh2Wk+01TTFMKEr2LTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMFMGA1UdHwRMMEowSKBGoESkQjBAMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JM
-IENBMTBTBgNVHS4ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZI
-hvcNAQEFBQADgYEAjeR/ZFSYPKsGsR0G5k/dJwEp8GMQM/lG8s5DOWP1JbD8Ebl6
-aao3oD0FCF9jzK+rtRkL1GVRXX48sLANOStAEInSVm06g7LocOuGGb7NRggCbLRY
-rMCjHVqCHM8aJLARHyGGvUlhNfuzWxTNX4Ru6LnhGQmXqvWcGlY4dVv4vUg=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                2
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Signature Algorithm: sha1WithRSAEncryption
-        63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8:
-        b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85:
-        29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48:
-        9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71:
-        58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98:
-        d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c:
-        1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35:
-        90:7a
------BEGIN X509 CRL-----
-MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz
-MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw
-WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB
-CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g
-SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k
-ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7
-RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96:
-        b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4:
-        73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0:
-        db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e:
-        fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e:
-        06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92:
-        71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d:
-        eb:4e
------BEGIN X509 CRL-----
-MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG
-MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME
-GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK
-MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb
-2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR
-YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli
-fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3EE.pem
new file mode 100644
index 0000000000..3f2d5cfb17
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest3EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: DF 2B AC 36 40 9C 8E 17 CD FB D5 7A 6B 23 8D A1 F0 05 94 5A 
+    friendlyName: Invalid deltaCRL Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid deltaCRL EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIEQTCCAymgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JUludmFsaWQgZGVsdGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDMwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0thD2uHKXQil6QX9ihT20V55pfCU176xg
+xfE4bF/rUqIJr1QtBB3go+0Haquuzo9Nnm13khuoWMyaSmjdzvSCT3w0GW3ynnU3
+yYJ/p7fJZ3jlVWPkvMn3Meba6o2+txfsws25NSzmKdImawaPbWTeBPuzOGXNY0Lq
+ApdYfUd+Qq2jf+RWWMYQExBlgXwP2k5PgtmVqsKcbNKTC6rUP1L5McjM2ZFi5h9W
+HsHgOObOsGKYKIiVX+7pEQQkdNTSbPmiuS3f668FY9CCXwCGtyfrFt1OeL1ZTnDx
+/yjc0LppdCQv0EMuj0CORDhUjk8Uocu6GkieECZXF1s127oZ3+arAgMBAAGjggEh
+MIIBHTAfBgNVHSMEGDAWgBR3GCPldoTIFJQ/gtCB6nSx4KQvMzAdBgNVHQ4EFgQU
+psHlOGWlxb4PmdbGfVntoeCyBNgwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATBYBgNVHR8EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRh
+Q1JMIENBMTBYBgNVHS4EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRhQ1JMIENB
+MTANBgkqhkiG9w0BAQsFAAOCAQEAYHmgNuF1unFbwYcC0qsNM9gWmk3vbXFecTPL
+0EPYmRqi9MUgxFQGrNN89TJiCMiTqnUVHJy2jq16crGIQQPTknd+h1UehoyQ27qA
+yxHJK3dJK76vaWAU7+MJU2cWAxZ5eRD5kvpfjTvIWjEvCt3HJUAlkXnbn4GNkKAx
+XMkk3jQ/7xzHrSYEBLfuFrw6Kyphs4AACCY/b8AUONImu3BBAF3jKHr6CubpiuEF
+fOAUDfJdtxf71i7dUVPARF8Yo9IZdRW9OXXXjlWsXwKsCdiutyjaXXdyeHIFK59T
+IYDaSBblRRwTeVYrW2O04AQgyeSIj6L5M+OjsffPMNSc0+ib+g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DF 2B AC 36 40 9C 8E 17 CD FB D5 7A 6B 23 8D A1 F0 05 94 5A 
+    friendlyName: Invalid deltaCRL Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3432D17D5C1A80E7
+
+9MtYHI+46l3XbWivigwkEoOJorfDpDN0SfjSL6zaWqT7sC2Q6wV4IY+l709oc/o9
+Yj0NanvgWxEVpFFw4mwQ8UkQcuIeZS4uh8+5w0QeYZa4vbX/SdpOX0rD9oNocmTl
+kVpLc2TTDNk9ve9S9FZp8XtgUtutXk5xal7WIj2CNooJm2FnT3S9C343nPajCchU
+ElCaxJk/tOijvvnk/AkucWgjdxi8eU89zC18ffvzPSnx2X7wJu8BoHtLiewm3mNI
+AY+FK3R+Cd2xrfISlQVVznJ5Ydg3iZFTLKwPzWVKBYpGNvskKSHZDHmvkqYFiKZW
+xqFyLpDVCAjtGwIGYpQVg0EPuWnhHlm1X5cd7/XJFt3XaXuvrAqixgZAa9PpN/sj
+CwvOvsjlUsvPFJtpnSykQ66pa5Q3Dxt/OxYqkF7/PRWO1+0RU5/ilV6+aG8Mt7JI
+PDnG8pGVHs+ItOwjUcJl8W3gxGJy1MWX3mC+jNKcNYbp6pY6XFO2zOriGgHJCgLU
+hxX+GmVwmkxxC4grURsRBqbY+eE66qaMkTlcdXL3POsyi7CQ4pBBTM1RXHm8I6hx
+HP6SyWePXcR7ayd/zxIH8RT7hkFV9CCty0Adg2P4WKPgyBubZp4NzrqYoYM6WsT/
+ala1iUpwayas2S/5Mqwo9bwXBUVgLQA5zKz/epAX+d/SIg+7LJeeaZ3N5YOL8XNM
+HbxgjHvcA4MHhZTO4uPiT6nG2Q5G8/y1FYr9nneJc/mIP0M/90ecGVLcSoMfrgPD
+74oLyB05QPZA5jpT+kCqHhHfPNF6yiMinMCw0JiXNbC2If4GckIalUmVUysiIyNk
+7XQ8/zPWqIppefMBRCuxdlr5IPhyLXet/qSD2MSOZUB6dtG29BycOwI144xvcXDO
+erJQSBdoRVLzH8Lwwq7lM1M7Vt1e3TW3Dw68LOx7eNs+A9hx7kexFB3LnGjIwSGP
+wOAqWMLY4RMpg3hN/CHl9TViI1P6WxJIj/Zcc8IkCM8x47bb+eTyscj/fW/9YDiu
+1eyvNajjFXJ7BT4FB+VknysFB7GLIcs8uImTM8adtmQC8X5p1PtCg0yuICgeHnQV
+UrzjVPY74QnI8UcWgnfiyeJ2r8rl38ldwjSQSL8Sp3/72C15iB/NoZF1NmANQobg
+ZvwZVpgPhB8+z/iQgtBKCKsfaqZ3tat0P9PqwljoXI1o1tCRdd+rmed/qbEfwD5Q
+m3M59rRPgkMvgxWerdBzU9QpjC38+wInuIJBhLG5ESmTM5ILQWcGbthdHpteOIlv
+iyp3/aEB+5eAI3ZR41vmaVhCrhySLMCE1wHW3YJlR2gbbK78lluPVy0IbsJUW32C
+wDU8RMQnW7Vihc6p2uyjd+jMmllXzu18EyVJ0wFE04ukeGY3MhU54396LLZSgkra
+CR4xaFEq3RywIjZ40Xdxv3pYkuaG5JVcAf9fs0OLUvX4u5M8M8ArRC8GlflVPwCo
+6tiRJg5H/jE+s51iLeQp0r8Q9m+Vd1rKIoMYSUB+SGqd+68aT+wQFHIFcOqELKhg
+ZP3LRnJHvxutJNVykZhRi6wdjcBZ9PorVS70Wcs1ATd4o4wRqfvcUA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4.pem
deleted file mode 100644
index a23bf8d464..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4.pem
+++ /dev/null
@@ -1,190 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF
-msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT
-zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg
-7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi
-xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys
-XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9
-247eEnnm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1
------BEGIN CERTIFICATE-----
-MIIDKDCCApGgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlSW52YWxpZCBk
-ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEApl35weU2/WxOlBNEikRZQw51mRQgwiHdME99VsoaDgFPYglJARYk
-IQDYMoImgMANlcfHOiVaOAyXU4lXuGmpw8z64BNhazbSkSEl5lHedJaTrG3pwst8
-RIaAAvQbxOYAqrZyDz+9InoAj7ci9+TPhthUrmjkHxs7x/Bmkbmj9pcCAwEAAaOC
-ARcwggETMB8GA1UdIwQYMBaAFJOPTbzyHNcMriBIrLoyGg3X6A3NMB0GA1UdDgQW
-BBSZxHSKiyXXvxkmVXDhDuryYei0YTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMFMGA1UdHwRMMEowSKBGoESkQjBAMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JM
-IENBMTBTBgNVHS4ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZI
-hvcNAQEFBQADgYEAVQbnMvz/UBEqrjWC/M/CNgiN/9NfiIj2+eYySOYG+HoJrVWC
-qCDdYeXfKIHh8CtoS6s+S+xaYpEschIVX3kOjn/VMGOmvAtWlR3iy0nvVoRUoGDa
-4eBv1NPq2MlQn5L7WsYHJFnJrLx+z9lWgfFYNKPiDY60dVmNPSfFzQpevu8=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                2
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Signature Algorithm: sha1WithRSAEncryption
-        63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8:
-        b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85:
-        29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48:
-        9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71:
-        58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98:
-        d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c:
-        1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35:
-        90:7a
------BEGIN X509 CRL-----
-MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz
-MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw
-WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB
-CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g
-SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k
-ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7
-RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96:
-        b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4:
-        73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0:
-        db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e:
-        fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e:
-        06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92:
-        71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d:
-        eb:4e
------BEGIN X509 CRL-----
-MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG
-MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME
-GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK
-MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb
-2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR
-YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli
-fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4EE.pem
new file mode 100644
index 0000000000..0be4778f49
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest4EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: AE 85 DF 8C 89 D8 AB 19 F7 29 2B C4 7B 9B 8D FA C7 F9 9B 92 
+    friendlyName: Invalid deltaCRL Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid deltaCRL EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIEQTCCAymgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JUludmFsaWQgZGVsdGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZqiQixIeBTrVSToKowkdbwEHI0yH5H5QQ
+6K1sURO5gJwPnZhXO1S5cFaQo7WwKYfxbFMcEx/kPI3lmcUfm5tBVk11bAjgp5Ft
+Y0vW80Vz6ABCOjPtaF2lVItqBMFroDU7H2ZVjwuhunj5AzURHqMIR1N4N1a/L46/
+/nyR6uZRLe2FDH4XmymO/Yh/hqEgnyOwYIQWnm5oE8CLh90Z4sc1Xw/CanCvhaDc
+AM7VFiZH1r/0hx/ogQ7ZzhfZ7IY5OWK7c+ww+StDOiIOG/7kHChh09yoURji7a/Z
+c8Rx2BB05jTSzjI/RxoRNi22Iq3lCTX45PQub8KRTA8cRugPT/inAgMBAAGjggEh
+MIIBHTAfBgNVHSMEGDAWgBR3GCPldoTIFJQ/gtCB6nSx4KQvMzAdBgNVHQ4EFgQU
+yMWFM4r6w1i+BiUVek9gmjbgnAEwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATBYBgNVHR8EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRh
+Q1JMIENBMTBYBgNVHS4EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRhQ1JMIENB
+MTANBgkqhkiG9w0BAQsFAAOCAQEAWIZ2nB1hbPwnabw3PDZdYtB7oAg69uP4Bes1
+alM0Wr/mwFeWf8TVF/GuVt+5Ef1IK2hgbx6YpwDC6762CoHUCC0jsu2VtmSESITk
+tRTOMNLpzp5qbxg21Hs9q2dIJXBZyltzKqh95+kERpsanp8x2u++/0JZycKzvZZr
+0W557uKJSforuvrYXIk9+PtAdF/HqEhCI8UWufJsMNeGjn14SnnXy0id7leIBWfs
+5AuGkSR/AnlBQYcImdBJtlHbq6a7llTwZOuOrQvtIPkwdkKeFC3oxhKUU7Psn7Vw
+6bVE0zECH4cx86j3jEdXzQfA+93hFBL/9D7ngXheTNDftFKT/g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: AE 85 DF 8C 89 D8 AB 19 F7 29 2B C4 7B 9B 8D FA C7 F9 9B 92 
+    friendlyName: Invalid deltaCRL Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7BB7D5713526F3DD
+
+XgiCoLDnlzYySBOR7RpxZ6PYgYBgtkfG5/1UuarivwaJ5AhS3quH1pNZM5FCG96u
+icSAGBAy02/mT2tWK53NsEhpS1iKR1577PgeBYAFt+3UEfSok8eUtyYdy5ubb3+P
+NGtwNVvr5oc67XcMtxKVeOccDb8vYUyrGfhxQA7aAxjEd3+5YPec5x3n/FjJvFy3
+VJIzF9OzE4jrJsyC/Wj11q/R4aTC2qKBu04B7U4N9+7HWvmT26zB/yismeDFJTWC
+Lng6xTaVW8C/HcRsGUH/rmaByYotIbptz03nomZINWRKoJhOjDL/H29UbnMak35v
+CUuilzP//VLW1IFJ0KlorqbfVu0NIHcI2yF925SFgGW4S5r4QlnTYwqi9umjg0XQ
+YySKHqA+pVt5cHM6w/8AITb+o/e27yClm/UmMr9x26DYkNLXaGJht4n3CL6sD+bq
+tw6F+ZYNzrvZ14p0/iyNv11iR92dXLCPN8EJr8AtFUvX8ioNveEN6RanTfmUq3q9
+0CCXWThSIreab8qnaUkOa02IivgBHYW1OdRWAA8pH31JHYGMGdqGh5xhBpgx7vke
+nHv8btoQ/Ur9BqZN8hlwWSgMT6V45JOweSv2mR18EqryMUj+cWom2GEgwpuY/C9U
+TAMi8qSFBRtomvbag4wFVvs4mvN8hG0wSxbGCC0wRT/bn711FexwwM5rmeHVILRV
+HMrCpihBI9ZKelGiSSDGdeMWXqXsjVgrIzxzQUfro53XVzMfFAiFvNCgrnM5ViDS
+uxmUjdu580Ncz20MZt0pom4T5h1VjQ+f3grfnOfcW3mIkZS1gLCmTHRrcMEQqVDL
+nXh7CyFwAF2pKbInkmx9NAtVYjld0cU+e7WehJBwwzNAJmTh1DsuXSbjuOdgXPbm
+4xCZCqeJGPKa1KuwS9zFiwdgTN5rR9BuqG2ad+F/glkYV9v8SAhc7YVjRVBCRNsS
+xQP+WgZFWkGZlsdei6aib8/3C8ktR8vga2jr1tZ/TTcNz1i7RssgUjxN0BQLjz53
+tRmBNklFn0PeJ9LmlEULoRQR35nmHfSBPQ3QwRhDxQ32jbKLe073ZekBZc+M0Rdh
+Cvgd+A7Gcnrct+PnzUDccyMk4uhAdiRRnmawscYupGid3Vm4CsJJaNxWeSRQuH7X
+4u/EHvI89r9ixJd4s87bi6VhFa22sg8eGDEgBUNfH5UqVSI9RRVfW4Iz2GkRR2WN
+ZcjWjeunn5PbQRcKOzn7x81ZfF3IBuCbmWnzNl1B8DGrDsQytTzE4ar3pBGNHZ6+
+HBj42b8hBAY7OXyoob91mn8b9RvOxsI+jxd8frdoNXgGLWsmy3fcPNY/SOXDkgle
+mNIYOkTl/XxUlQMdnCsLv1u8Dyy5ZEdhRYFX93k5XIOvfASU6KuxuHMT6hY3hNzo
+6X/Jc58AYC2+pVoMW3Z7DJaXFc3byhwEudfgYrrUtJNfrzSyU1Ic1qktDzsiDBa6
+59zHO99ftdB6WC5RhCtcljBSPKnOhD/5oAnqLTiY3irgn/wdqBvMJn0dkSiWrT8a
+aGpWOAO0QfmAfvZYUk8LQrtTakNa7lW9Msd4+3aaVJruqcVrh+2OSQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6.pem
deleted file mode 100644
index e918530f97..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6.pem
+++ /dev/null
@@ -1,190 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF
-msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT
-zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg
-7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi
-xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys
-XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9
-247eEnnm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1
------BEGIN CERTIFICATE-----
-MIIDKDCCApGgAwIBAgIBBTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlSW52YWxpZCBk
-ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAscrNGz91htFkIREH4kXyOxo9/1St8nJA9dIDFUm8mrrSSju1W8oD
-Xp8EeOhyKguxnDGTfGnp5SIrvLUB3IEn2Jjme0QUKtz3lVdWYMNZcyESeKIhz2Hs
-GCFxmYHAzafSbJ4dh9VLWVEkARbN31prGZT9BIls24r6PWhRDanqOZ0CAwEAAaOC
-ARcwggETMB8GA1UdIwQYMBaAFJOPTbzyHNcMriBIrLoyGg3X6A3NMB0GA1UdDgQW
-BBRyJcnOHzbSUbchF1gWSl+d/EKipjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMFMGA1UdHwRMMEowSKBGoESkQjBAMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JM
-IENBMTBTBgNVHS4ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZI
-hvcNAQEFBQADgYEAUGZgoTW4dnlTr4u8+RArHmwDwiSDY0cXQimlo5QXcoeZczkt
-s6hrTXRDO2ZiijUqoKqP+F7hBWROoKc2U9kq0yLfZXxsRBx5atus0zwV9PE2pYS9
-5doAUve+eXvnEBzwjBzlPNoWo0yklkwaVIhBZFY8HS2G8P115VnipQebcZk=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                2
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Signature Algorithm: sha1WithRSAEncryption
-        63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8:
-        b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85:
-        29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48:
-        9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71:
-        58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98:
-        d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c:
-        1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35:
-        90:7a
------BEGIN X509 CRL-----
-MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz
-MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw
-WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB
-CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g
-SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k
-ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7
-RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96:
-        b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4:
-        73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0:
-        db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e:
-        fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e:
-        06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92:
-        71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d:
-        eb:4e
------BEGIN X509 CRL-----
-MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG
-MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME
-GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK
-MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb
-2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR
-YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli
-fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6EE.pem
new file mode 100644
index 0000000000..33323e9a29
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest6EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: EC 20 A3 FC BF 35 4B 38 27 1D DB B9 77 DE DA F1 7C 38 13 B2 
+    friendlyName: Invalid deltaCRL Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid deltaCRL EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIEQTCCAymgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JUludmFsaWQgZGVsdGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDYwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQChdlfiKhgkVBZls9SSGM+R/2fkQXuDV0hM
+wkswSv31By0st3Rxv/Rdk2M5HQYcG9BJwfWqHmmfIywnsfWXY8hXl9W81O5xCQT8
+6I2qVmxulBwFDGa21Ik6vyOaVkh3GjNoUYDFvngr1srEpd8Y9j6ooDr6uQBuvaeV
+p7loDWGnCQFldjlZfHoSvmiOyx9oV14ZIW+8o6IoUQTOrnTuXXtr7whOd63KMBjg
+tPTczxQ6pGIF4c5CjmEzasNs0bcovGhmRfL078elh8VrB5sv2XMAeCUNWQP/GSoy
+OdP8R+FDzke+teFQmBaAJkKPLlHlBFRMIFoZ6WG76hB8GzaoflGZAgMBAAGjggEh
+MIIBHTAfBgNVHSMEGDAWgBR3GCPldoTIFJQ/gtCB6nSx4KQvMzAdBgNVHQ4EFgQU
+spIp9bjrEucJCdPG4GtrsDiEOD8wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATBYBgNVHR8EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRh
+Q1JMIENBMTBYBgNVHS4EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRhQ1JMIENB
+MTANBgkqhkiG9w0BAQsFAAOCAQEAGTUyGnLvpOUE4M2D+spZazvR0m54B0BHclY1
+rNqvv0PZ2Qg4hi9l/bntIH0q5F8OpH0LSZ/4CgcJfmflRtOgxU0R7m76yYZpH+K3
+7qhwBzd9Ij7tZWD1C1eKwaLGSduMVm01PbjjqHG1wuoGM14524GKoq/6g049c6Nm
+dOqVSxFf10LhI1StU/ptj3RhSz1YXquDHuMimPeFxI/yPpdVUNO4kF4qZrj7Nwp1
+L5zFnmpXpSo2QeIEfWjgCfEKOyGo7jgNshhsoEwogFQp+VS8opaKnJn5J6uNkrPz
+4UgLpsTk4UYXqgYMLDx54HTzVELXocW+YdeRv+H70w2XyfBwSg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EC 20 A3 FC BF 35 4B 38 27 1D DB B9 77 DE DA F1 7C 38 13 B2 
+    friendlyName: Invalid deltaCRL Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6BF125E43F84522D
+
+yYCvvGQ/1feC0wRhswMyrwY/pF3JbXfstV3xlG00CXrVeZ8NlZdAg5Q6QJ9krJPD
+VRYziXTi+aMZbF4auvwRFe/CNuFxclKTHGDSQwIl9qRz/1EPKUhiJi4Xp/RSnAY8
+PBSYL/Pg/53apWqMOUHwAdoQ/9EkYC09gd8nXk/XfKuNRXDrAYd2x9dfmLZ743dl
+aXLr+6L+AzjzTNKLLjbhSPh2QRfUPwaiG44uAkl3mch7W8yNF41rBOLDuXbpzI82
+iAH3D34mtpiZmD7a8psm0R+2NgxYzfnAIe6ak8DmKTXGYk1OBhoKQTvABteai7dv
+utZD3JAQeCt4+Reom2bu+trjD4iAP4Rl/vCu7r4PnaVxRKsPsrAWapzIJmdBWdud
+4rTmSvnZzBmlTF/VrND52a09T4GgmXndWPhJdCyi9obOEpkNHFNBqQcntU3IW+Ow
+a3RBKIeKOuXhOLo86VblzRqP1xt4GJ5dp/8EK93hosocEos7T9e+0w0FF+IgjK3Y
+FfDgwdfepNS6FBs7gVxq8wuly9GNe2NrQezmNtQzLwM/IvuRLHh7oSWnjnwi/4Ux
+lbMYdQZduhHYvVbqTYgKaxn7Jye+8naQsJ6eWq9wLVSEx4dvHISWv5Fu3HeiskGv
+7GSqE174AaqCr4K/vQvxNVMy5PI1tdqTvPU6CeDwPM658hzuCS51qADbJkFY4pOj
+XaS1+phNt1a9t/sIrOLpX7I4bT6b094qVXqy6OuKWHLyky9QsL4Abp6MpnLShi8W
+QrUiCcw0I4BbtCGJRqfggRI5kR70zfTEDs7eBOWhuzTDTCm5sG2jaGLdH5mKFC7D
+aw7u774F3aIZA08ktj9tqeUDmJ0I3X7zWm3/CW3MdFkX0qehCqL7rk0IaO9cJtjT
+05/l9CTSEWQqQPryV+W8EyHJf9jEsDcY435hxD4x+q9PSeztcBMqOG4eh/l3XfLN
+JQXWdi0xIESrJUcOK/ca/psKcRIEIlw2LUdZupXFdJwuxrcjxfmwie5WMMXFv4tH
+pDKDOmDb9tJ/eJ0o3HLllPQ3VSzuKsSHcxKmx76MEqe0a5HcZ+7tzlSXIgFQ/7hM
+VUH7PBn+knEL+OSw1lfgfVmRiQm1B1FVAK4e/0IkqWZB09/7V/NO2zOvErR2bbWP
+ZpjLo8jJ9P9SjWiW7RCmvBS1SYdLtqAU+A8blpDpxMpXN3WKpRzhBt1MRj3ymSyO
+Ze7nm17FmfYQumU8DNqHR0gKSXVT7Swty9vmjUh/5X1MxPizVEnpxAWbvZ4E5wPm
+L4nMHIywYNWfaDXICBffWQm3Pv7wkCTTOqhQW1I27nYxz1CiVTWIExnEJdU1oXK1
+aM54hKv1v25xVctT4KFT0/gO2JpNcTAkWGhjvosPSI/FKXK3/KYdzo6jI0faGtR2
+BU+XYH9frKc68kwHbRu8DTem4IMl1WJ64MnJ3GsOr6S+V6r58UW9rFkcSOnAiocM
+bOrROd1qQhiv778dHseayZx2Si4T6jXviV/qV2ATQhJNbjTWwAltX40h7JZ4BN1i
+AxGR7TWCWtdkrauff5cXQujwWHAt1vRgPG/CtvdM9E+gOFBopayb8g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9.pem
deleted file mode 100644
index f96feae051..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9.pem
+++ /dev/null
@@ -1,162 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBXDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCr2MUpxzH8HIqzmAylEvng
-qJvVIxI4xzM8NSpC7P7T2R1dmFXK/19W+m5yqOagB9VxgxP9IYbI2VJ/FrbQSD/+
-afpuHA8++piSAs2e/1BoRagiln3PnQTLemPsmVy00eSLnsw6QRdC0MIZjme0/SHv
-Z6XuWPNvicDyA/Uml2pCqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUo5OrV2YmbXI6bLyDZaOa/I4MQwswDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAFnKbCQCHJI6HhnaoKJkHKk3dBK/E1DNHc3a
-u9yx3wYdmqwkoG5iKJjssQDLcbLfpjuF7jU9nKbk2gcmOIa5//lgCmUaok4WZSUA
-u8bzMnpiZyzIjjoW78RyuntCMXbZzcs7umsOKfOlDXj4wwsev4E7m5nvP2Qv7hEX
-ECR/9DaG
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid deltaCRL EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA2
------BEGIN CERTIFICATE-----
-MIIDKDCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlSW52YWxpZCBk
-ZWx0YUNSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAuJgOh28x++Wg1L68WeOKQN8XdV1qhrZmuHQgwEWL8HA4HNqPU18v
-laXijT2AqIMjNJs0Ja41CFGbeaiVSNrV7nMsuQAiXTiiS6R8yrRScEd1baqSvzRT
-PPgXoN1qSTYKXXeEYR3dKsHZ2DVAjdlvm/bwIm6lGKGchu4FxwoHCecCAwEAAaOC
-ARcwggETMB8GA1UdIwQYMBaAFKOTq1dmJm1yOmy8g2WjmvyODEMLMB0GA1UdDgQW
-BBRJKQemGd+zHC3BYsO7nLEzQ8rHazAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMFMGA1UdHwRMMEowSKBGoESkQjBAMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JM
-IENBMjBTBgNVHS4ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTIwDQYJKoZI
-hvcNAQEFBQADgYEAf2NJLZQsLgMF9j1YG0b0IP3nQETOE/M1kAExKmgex/QteM25
-DBV4d4vJzuh6DFQxNk91Y9K9bR7qIPlsK31NGGpq4lbct4XgbIlM0+4phq3sORcJ
-AU3cfsMvJwZNmfJ6W22nEhF9Dgd0JNo+9g9FQGlSH6z2O34vBB/jPtkDJEU=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA2
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A3:93:AB:57:66:26:6D:72:3A:6C:BC:83:65:A3:9A:FC:8E:0C:43:0B
-
-            X509v3 CRL Number: 
-                3
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        25:e0:e6:a0:65:11:f0:81:2b:f1:ed:47:8c:1c:a4:dd:79:26:
-        78:05:22:84:96:35:60:de:7b:13:ec:70:ee:50:3d:ac:d4:9a:
-        22:fe:e3:9a:77:a4:fb:bb:86:98:21:80:3e:d3:20:85:57:b2:
-        0f:2e:bd:53:d4:7a:ac:96:02:3e:17:00:67:67:6d:16:01:9d:
-        93:cb:fc:b6:f1:c2:23:0b:e2:de:c2:02:5a:70:05:34:35:8a:
-        72:8c:cb:78:ad:62:96:86:50:5d:6c:ba:1a:bb:e5:b8:e8:5f:
-        b6:7c:33:8f:8b:aa:c6:b1:78:a7:e4:56:12:76:09:7a:db:ae:
-        f5:ff
------BEGIN X509 CRL-----
-MIIBbDCB1gIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENBMhcNMDMw
-MTAxMTIwMDAwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaA+MDwwHwYDVR0jBBgwFoAUo5OrV2YmbXI6bLyDZaOa/I4M
-QwswCgYDVR0UBAMCAQMwDQYDVR0bAQH/BAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-JeDmoGUR8IEr8e1HjByk3XkmeAUihJY1YN57E+xw7lA9rNSaIv7jmnek+7uGmCGA
-PtMghVeyDy69U9R6rJYCPhcAZ2dtFgGdk8v8tvHCIwvi3sICWnAFNDWKcozLeK1i
-loZQXWy6GrvluOhftnwzj4uqxrF4p+RWEnYJetuu9f8=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A3:93:AB:57:66:26:6D:72:3A:6C:BC:83:65:A3:9A:FC:8E:0C:43:0B
-
-            X509v3 CRL Number: 
-                2
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA2
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6a:af:6c:a0:70:12:90:02:5b:70:fd:d4:b6:8d:28:9a:51:5c:
-        fd:04:ed:47:e1:a0:5a:60:e7:41:83:23:ff:a3:e0:c6:b1:fc:
-        71:db:cb:8e:a7:20:0e:f6:9a:ae:e3:fd:61:33:a6:21:69:4f:
-        7f:7f:23:cc:33:47:45:23:bc:fc:a1:79:02:31:3f:8d:77:e7:
-        c0:9c:8d:90:ef:6a:9d:38:fe:13:b7:03:dd:ac:36:72:b5:94:
-        e5:7b:43:a8:7a:96:ce:16:bc:55:00:bd:cc:1b:a7:81:93:40:
-        f7:f6:11:bf:c6:dd:7a:ab:32:e5:be:fb:88:32:e2:06:41:9f:
-        5f:d5
------BEGIN X509 CRL-----
-MIIBtTCCAR4CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTIXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQGggYUwgYIwHwYDVR0jBBgwFoAUo5OrV2YmbXI6bLyDZaOa
-/I4MQwswCgYDVR0UBAMCAQIwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFD
-UkwgQ0EyMA0GCSqGSIb3DQEBBQUAA4GBAGqvbKBwEpACW3D91LaNKJpRXP0E7Ufh
-oFpg50GDI/+j4Max/HHby46nIA72mq7j/WEzpiFpT39/I8wzR0UjvPyheQIxP413
-58CcjZDvap04/hO3A92sNnK1lOV7Q6h6ls4WvFUAvcwbp4GTQPf2Eb/G3XqrMuW+
-+4gy4gZBn1/V
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9EE.pem
new file mode 100644
index 0000000000..cbb9429d12
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddeltaCRLTest9EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 9E 19 61 2D 56 31 8E 7E 86 26 8B 26 46 08 30 44 ED 1B C6 A9 
+    friendlyName: Invalid deltaCRL Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid deltaCRL EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA2
+-----BEGIN CERTIFICATE-----
+MIIEQTCCAymgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JUludmFsaWQgZGVsdGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcE10fbivD8YbnEDA+sI0O+XaIUsukUp/a
+yfj/WxEn9t2eUiwN5UbG579KJ8eLcFDNQhZrRjzsy1yWNJllb8pBjjRRyQozZ7rd
+mHlzW492WmaspKUVT/enEDTGOXlmvxGFRz91isOCgEqGPZ+6MLcXx5halMlQfD80
+X6qsJjaSFGSMxPPFUij4eyghF2dnmAzdJrLW8UKjSDjFPCrTY+1AGkzIaifpKDN1
+qdxUR936ago3xfCKujbRhOkjbeaAHxwBVdAPZQhmsJejhRl6kY5k0rA0Hbz8I03K
+6Ev61b9y6j/WFIU/GSnTvvZ98gwpI24lIRS/7uE47Uyf2pgXU6tFAgMBAAGjggEh
+MIIBHTAfBgNVHSMEGDAWgBR82Pa+A0zOz7c/oRm7M6u11437xDAdBgNVHQ4EFgQU
+lHekQ7FVrwObog3Zam6ZJLkbICowDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATBYBgNVHR8EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRh
+Q1JMIENBMjBYBgNVHS4EUTBPME2gS6BJpEcwRTELMAkGA1UEBhMCVVMxHzAdBgNV
+BAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDGRlbHRhQ1JMIENB
+MjANBgkqhkiG9w0BAQsFAAOCAQEASXs9VkAAMDzy/RNxg/DiQJf6z53J8rBmrKZd
+LgHqb0nWVu42Ibgmcc9GvE3jRekXAkoZOESOKzwnzTKFoNkSh4iOf2TwDajamAwZ
+4NTsy33kgxLggaVOqx+YHJDVGxc8LBPVlQK/1fgNuq0zQdCbzp2qcK5cFJ9PY9Xv
+4ktwPMZb7mDMuO6Oav3JjAy9obJ413mF7RAo75wrHL/+fUfFGpVT0sN5dNR9kjeo
+undhANx2cP4tuCvTq3IUROFr8s6qNFHsYP+kCIAsQHLYK8vnaJ8APIZfm589SAeR
+ohx5pQ/4gghyE1vBqnuDf4tzZyari1c7EQ7CTe2PVJF/g2nsHA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9E 19 61 2D 56 31 8E 7E 86 26 8B 26 46 08 30 44 ED 1B C6 A9 
+    friendlyName: Invalid deltaCRL Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7FF86D7F3F2E87A3
+
+6vAuGMtew8Lpbmh+ROvHn4bEG1cDfkxZ5zJZigKNUagHN4nwEP9lD5y3Bv/K65gf
+d4/ac4RHMnaexNBR/8e5Dq7UqFWJpJSV1IgQBn0dlloLoqhXgHl2vsLEXGlJFZKa
+w8/V1yRW0+Gt/GxtpjdOzLE5dVH7JH/9GETETF83Bz0LTBCQZK0soRXPKRuQZqmF
+ukAuZKPz5bROEipUIe4DWm8O5jN7joP5irs+wdB7KnI2rOlZAQZT0GIONWOWfVQ0
+zhFzKVxB1ETU+8eUnY42NUXdArvILK/Adh+lCfv6wYabF8ezmZQpFNTf1wSDu1Ug
+Q1jd48shwbu1ZzR+86w2BjAA3kgHfSC3ljkVrVLOyGw2HMPHekAGm68vxchsv1vU
+DTrHWIU/hQCvsOmLXGhfF/sPVg+uivuI6fc8UVm/AFAOm5AcaSBnIcoUNjKHOq0A
+JzbJG1ATpNfQ1kn2aWAhl+VwT2wf6lhrNNyqnpAzUbpNe5Xt39x8YrQH7j3eXCjT
+JS5mDHiLq5iMmsATTF5u8+ZSZB+2+Xh31joNyf85qS90KccxyxwvXkSUUmvhaDYy
++chSCNwYnPHpy3/B0LrZt5ixs0a0kQAxhx10lpWFc/OSvwnOmITAtD0jD5iYftZs
+IMs9V0EDfwCU5rI2RLQcEZkG4DzlXbhnu91dSmssMrMp5GCgOHlrTOWKMMdEnVQ4
+/e1v3YHArSHWMUureOXIb23TQjZuqVFbWU/UlRO+xYgCbLrhlNQ6/67UUc5OaY6Q
+1pikMkJxpaeQmMqJ5p501QLVRfr0Tvt21GjGmKS6n6o+mrklGhBzWNS0qmuX2Kpk
+0ZrTNckSiWtjfvxMCWG8erQsTayws2gpJkXOSzqWEZhhwBZ5OacqQGi4N875mZ+f
+yjNWp2PYxcnxy8NwS6xgFBBtXrPlF2iJHNV+SgXrJiAVC4W3hG4p54e0C+xsVX/H
+w2iJkyMSVUTKdYxcqaJdCQbx2QrV4LVoFIubOIAz3a078RKPoWdLcvB29tWCn+g6
+M88Ciz0Bljq6SbsyBRwtH6rwPuM1WrupWTXyZhVKs/ni3kPBXUsWUQzfmAEllfT9
+gj7HuQRoKl5iZh2LAYNuFnrcgPHzdgWEwE8YcZCZCmDNSFqZusgouQ5Wwjgq1Tex
+KTFOnEbQ8e7oKxTm8k/cUQFcXBTp09NnmbwkEZklWEni8VyoM8wu1o+hVqwvBOto
+Jqm9qXUTqY/VTJPumnxrWBtBhQTO70L07c5WAk8rqLHA954XRvG1SAR0JC3LnS/I
+o9TtyGdSJEHHy9DdMvLfb0305eeeSo5vO7VTZwfSZIXRuzrx56UjVBRMzDZlB0YC
+FiKvWchbLnmC7uzDc9p2qBvrvawP1lql3pE91BOyi3Mk23Ew5ssJVXva9qFIzLfK
+1yCfPKDv5sDq4B1sriVsNvz1l8x/dbeyptE2QEqZiVsSOT0Yc3Ka25yMvG4ZRGxs
+wO/pX+5hnXCh2WwzvfTHXcZmak96HLJaPDl+QNydGqc4BSQ52Hb50w2Sd1v+QzPK
+acM2W5mjpgvxUwAOjkCx29dsrv1EYiBqkWmmgfVyaDBzZKcN0X9pOJcb5rFlpTl0
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2.pem
deleted file mode 100644
index e2b8ef58dc..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2.pem
+++ /dev/null
@@ -1,123 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVIDlX8Ue
-jptTAccp199par4Wi+6zdvpzdmUXj6UICGge/S5OJUY6nmBMligfESDLwjhbFB9V
-wm194odW9eAiWfUenAN7i4xIyorZwf5dPqHZVOcv9M3jRBce9j/ZuO8ard6c8Dp+
-UQ7gGH0Avyz4IM9x52TNBjYLthRcxwRPywIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnh8dUFdqhW8b+OZBXut6ujB+
-uvQwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMM6gfNW7Hs8z/E7U5NW/M1Y
-eT2VxqvZaq+HqK/GnxQeJUalPUbLk66F3XU5QmU/gQ/F6wP5yEV8UZALVj7OuJ56
-Vz21USzCSPGXPazeDdBQSx0otXHbKVtamBKYMn+jFqYPuPmNxUWzu4iczvEsBZFK
-0dm+b6846EQQbmI8jNru
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test2
-issuer=/C=US/O=Test Certificates/OU=distributionPoint1 CA
------BEGIN CERTIFICATE-----
-MIIDFTCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu
-SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA737UO+PFs1t9bQRYiD1XQvoj5CgT
-W0o3qMiBsk3AhuMx4ozSScw86kyooet/wxn2pJeFuHhNbdmWF5Mz4kyUuTWHl11Z
-T0aauPWb15KkPWKyYGcwMPrh1xNR17ddZWhDJsgvtraLthiXLTiumcoof7LrTWd8
-lR6y9AZzJkxw3aUCAwEAAaOB8zCB8DAfBgNVHSMEGDAWgBSeHx1QV2qFbxv45kFe
-63q6MH669DAdBgNVHQ4EFgQUDby2uXBoHkNmqlHt58+tVdKbG6UwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCBhAYDVR0fBH0wezB5oHeg
-daRzMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEe
-MBwGA1UECxMVZGlzdHJpYnV0aW9uUG9pbnQxIENBMSYwJAYDVQQDEx1DUkwxIG9m
-IGRpc3RyaWJ1dGlvblBvaW50MSBDQTANBgkqhkiG9w0BAQUFAAOBgQDcQ+nXCvsA
-WSXbtnoQr+PKV/BOIwQGVJgCtsiEj3Qt04kNFEDjXnXwsKB4LNclGBe5Hi/PsxLG
-nrxqkXIoArMFjjZe4eNbkZotgOz2xN1lH/e4+5O1Ji7CbuNXbtSABVh4ZJYzZJYu
-d418yGh18wIXgBC0R7QwhHtX5I5tRJPSOA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9E:1F:1D:50:57:6A:85:6F:1B:F8:E6:41:5E:EB:7A:BA:30:7E:BA:F4
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0y.w.u.s0q1.0...U....US1.0...U.
-..Test Certificates1.0...U....distributionPoint1 CA1&0$..U....CRL1 of distributionPoint1 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        bb:36:57:87:39:3f:49:50:07:42:5f:a4:2b:3e:b2:04:52:a9:
-        1b:dc:5e:8b:c1:6c:47:19:83:1d:5f:81:da:ae:bf:ba:1d:57:
-        8d:a7:f0:41:bf:d1:40:e3:f8:7f:bf:80:ac:8d:2d:97:15:88:
-        6c:91:39:87:3d:0d:45:79:a3:b8:41:a2:17:b6:a3:24:cd:a9:
-        7b:f2:f9:57:b5:98:a0:a7:07:2b:3e:5a:2a:d8:5b:84:7d:25:
-        75:25:51:9f:58:1e:6f:ea:f9:3a:62:59:e6:54:01:d7:76:91:
-        2d:0f:b9:f5:2a:ce:0c:46:e4:dd:b1:3c:23:92:a8:67:d2:39:
-        6a:49
------BEGIN X509 CRL-----
-MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGggbgwgbUwHwYDVR0jBBgwFoAUnh8dUFdq
-hW8b+OZBXut6ujB+uvQwCgYDVR0UBAMCAQEwgYUGA1UdHAEB/wR7MHmgd6B1pHMw
-cTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYD
-VQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNSTDEgb2YgZGlz
-dHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBBQUAA4GBALs2V4c5P0lQB0Jf
-pCs+sgRSqRvcXovBbEcZgx1fgdquv7odV42n8EG/0UDj+H+/gKyNLZcViGyROYc9
-DUV5o7hBohe2oyTNqXvy+Ve1mKCnBys+WirYW4R9JXUlUZ9YHm/q+TpiWeZUAdd2
-kS0PufUqzgxG5N2xPCOSqGfSOWpJ
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2EE.pem
new file mode 100644
index 0000000000..c734f6b3b7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest2EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 84 11 59 C5 D9 70 BC F6 E2 E3 AE 65 5B 85 ED 97 AD 51 92 82 
+    friendlyName: Invalid distributionPoint Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid distributionPoint EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint1 CA
+-----BEGIN CERTIFICATE-----
+MIIEKzCCAxOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NzA1BgNVBAMTLkludmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNh
+dGUgVGVzdDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTYO+uijkL
+kLhQ6RCPP/jdjZaflgwCZ/5vJf836R0+nLLKy1a5ixBZRJZpBCo38Yu0dhUSFNaB
+sb+GCrY1qVbRaAndL1k2vNJibkXPaixlOxi6ujXoOCZmRNL5bAhxosUxjp9YPFYP
+dLMaCPMfOy/cg3r/gbI2g7ZG5DYeJxyuRfZN73P2klfctSmIfAVQprTT++L0VvAY
+yFO6tZkpRVMeFN/MmhNh96414DyXFFrkItsuvG8GexZneUVQHT8QZJsX0ObzJn9t
+ctienvZ9AQGKWB715t78MU4UCRcqB++KFCZIl9lKM/VQZi/ZLn1xukwyDZ2Fgv69
+gO5EiDlezxU3AgMBAAGjgfowgfcwHwYDVR0jBBgwFoAUETBzvY1wKILSb8/SN+3N
+6yOR2+8wHQYDVR0OBBYEFEPX0sGOqiykogAik/m2vAhdQh/oMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwgYsGA1UdHwSBgzCBgDB+oHyg
+eqR4MHYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNS
+TDEgb2YgZGlzdHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBCwUAA4IBAQCI
+cEp1LqU+I90nVxwQnTlwlRtzX/Y7WOva6Ob7orHrFXCaT0ZFr6J2xs2wio7rML5F
+x5swu8SPOgCMtEh/LQdqyLYu3VP4IR1QMTjdELWliX68HJt8ySe1g3gpFchv4U5F
+JiOfSawNJqx0LPFdNNq5lJsY1BBgIvp6v9vucDcNOiASWeCDlHQzZ8AFOUMO7smK
+23qjZjUP5xAEOqeGEQ72ASfLJ8toA19FxT+JoP4A+y78d9P/kROrrPtLJOqJPCd0
+cAvuHv7beOJpeceSjxdJ9rbrcWQ3D7G/ln+Q8ljD+H74UWuo2Toy2m3Q9KaeMY2v
+r8GAm558Phcf5kn5wfyc
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 84 11 59 C5 D9 70 BC F6 E2 E3 AE 65 5B 85 ED 97 AD 51 92 82 
+    friendlyName: Invalid distributionPoint Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,788F49663AD6ABE8
+
+WghmPOUfBAREyv5bDVqkJvMinWhwqTqEdQXEEb6A12s8mWvKA5GFH59GmiF0VZlQ
+2t48KNtCbpfZQE2SjCULKif1y8ENnsSogv3mYPo0RwdaEd0on1pPBi8APrrJkX9q
+44Os0s95LRhWU/9xZalOVTJhelgJWUXt2hoCJLNy9Hy1AnzGxYWYUb3ybV5E4n1S
+69p4AF6F+nKc8R5Xq5oEbTN/Me8wn9+bmUe135SWZXlnkJgTVE1fXm63rTQ6Y6Xf
+9H04vWz3NSowE6oyoEk0+oK/e9yi1O7fwg83W/2d2Bxdfns81rBEnulLUAZ/prqY
+cg+EOcTd2UN6/MqhGfpf4ymg/uT52jpuzw0YQtyBKEre3JU6OZlhm9Q4kRQ6DfdV
+rSArKVC+rWoTR1j1NnWmP1J+Hckh42hob4OlyYCpMEVWPkA0HQLIjD3THUoQVoSu
+aIPSBPLchTi/SLAX7/hq1mhl7iu1oDeF/PoGtN7PP2DNjWYVI3lN2uPBH4eQDBbO
+4zvUEFP/6RP3/CPfCG6g14KsRTV4j3VfVAYDOQE9S2sZwLpbLrFQnJcYvgn7C97P
+kpjdF4irqSJFnxWrRjkAc6a26FZH9p72NF4JqCtQQPkvaDAhLSOP8Bf+SPhdbmym
+mf1gKde9jXG+Wh0YgjXdVKx2PvRNMaXP4ezhuQqdQM0Pg+TdnrDm0GOrCk00iHs7
+g6ZiOa1SCi1yl8OTpLiAG3Z/1Hy6Fa5u0KzZOw5C9JPO1HWC2IRuO+xNef5YkacC
+l6BqKvny/W6TzAvIiA8zLh5v/X/OH+QHMHRtn/sickxeCnAcPBxB39xwDVVxVQI1
+vZr3ya016Y5hL/NtxhxbcpT5BdzVHysHMS7QHKXKUdZ4W08oWZ/MQD8u7kWGFZ9c
+CJXfYAyp+vA/esa/grpNSVJJE7cl4bt+5JMrXlsnLEbav6mjZknt0j/zUj2LcJ70
+648FUu+GgEk7f0mWbNwnxch7wBNSOKYKYHYNPht+cia+BTX10ln2FbWrROxfkZIX
+XEDqxhypqIxAAVri3PljkDdAXwqmqV+HtBBoPc6YJvXb7ekIfd4BZIxPrJf6n/iG
+jW53P5lYJqrZ50sZva7VyihgE4q+VBgGNvkSd8V8qM5BM+UkJ3ZIk2DsegJDqiNI
+lBw9q/GGxjdMSbRFdg9lE5eAhUqqdvWlhI7Gvu37KiQ+BPVFX2Xcm05ONo0Y6DK8
+yRUynfvlDZP19+a8FEk0oEuw4xBn4/XUqtq/GbwmTx8waoVJFAc50FqDtpcG4Fev
+b1oB7G36MfBnagevljMRJW7q7GIN0ZoSlYhciH536dESqgekJBj1M4fg7+c98kZQ
+3sIHNhddclj75cYWnWxLr5CkwPYlwiwwbgczUJYu+GO0Rer6uURHr+Tb1iOi7QXg
+uUkZoSbdTxlIzfd2MeQblf9b8sTSEdDHexvnw3TJnKCZaOeeKHtK97HD1hHoZ2Kj
+NFjIRog88KW+2+JvCQws0x5wCB/1fxzTyZoYpYJMCHwlQ9mk2dinUMapefPkqirP
+moRBI9R7F7Kiysfp5MNszbAJqjkIIb5tOgH+ITQlZI76XEd26nN/q43AMccA05S1
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3.pem
deleted file mode 100644
index 2772115950..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3.pem
+++ /dev/null
@@ -1,123 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVIDlX8Ue
-jptTAccp199par4Wi+6zdvpzdmUXj6UICGge/S5OJUY6nmBMligfESDLwjhbFB9V
-wm194odW9eAiWfUenAN7i4xIyorZwf5dPqHZVOcv9M3jRBce9j/ZuO8ard6c8Dp+
-UQ7gGH0Avyz4IM9x52TNBjYLthRcxwRPywIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnh8dUFdqhW8b+OZBXut6ujB+
-uvQwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMM6gfNW7Hs8z/E7U5NW/M1Y
-eT2VxqvZaq+HqK/GnxQeJUalPUbLk66F3XU5QmU/gQ/F6wP5yEV8UZALVj7OuJ56
-Vz21USzCSPGXPazeDdBQSx0otXHbKVtamBKYMn+jFqYPuPmNxUWzu4iczvEsBZFK
-0dm+b6846EQQbmI8jNru
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test3
-issuer=/C=US/O=Test Certificates/OU=distributionPoint1 CA
------BEGIN CERTIFICATE-----
-MIIDFTCCAn6gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu
-SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuS5Lgb3o+ul4HsVLgHgzRL9MeLx1
-KnKHTzQ7EedCPCAL/7h2oNWVaOCqaRzy5E4ke3W53AP0lHEyygZjKFnLw2QjEtGj
-1qytIz79bI9YKeHX1pnOldsesBJtKAfb/RBhtwEsieibfV3nFTTckFhqtMWkRX+b
-xgbfcd5yKPMhQRECAwEAAaOB8zCB8DAfBgNVHSMEGDAWgBSeHx1QV2qFbxv45kFe
-63q6MH669DAdBgNVHQ4EFgQUxeG0ipAP1oMfhg4iMi/dmI5iNgcwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCBhAYDVR0fBH0wezB5oHeg
-daRzMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEe
-MBwGA1UECxMVZGlzdHJpYnV0aW9uUG9pbnQxIENBMSYwJAYDVQQDEx1DUkx4IG9m
-IGRpc3RyaWJ1dGlvblBvaW50MSBDQTANBgkqhkiG9w0BAQUFAAOBgQDnY+V8RkGw
-+kpIYbTDHFKNX/7Tkk4ZRLWJXXk21ah6V7OqKJblsAWGSOKJa65p4GKLrf+uNvW5
-BuOTRbdFpJrjslIZ87Z8XSdWXo/guQWTLacYkBPfKeimVeBInc2uoKkzt3L3gunO
-zcm1s3DmNsCcQFvuG+GsDDn3xIkTxnTkHQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9E:1F:1D:50:57:6A:85:6F:1B:F8:E6:41:5E:EB:7A:BA:30:7E:BA:F4
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0y.w.u.s0q1.0...U....US1.0...U.
-..Test Certificates1.0...U....distributionPoint1 CA1&0$..U....CRL1 of distributionPoint1 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        bb:36:57:87:39:3f:49:50:07:42:5f:a4:2b:3e:b2:04:52:a9:
-        1b:dc:5e:8b:c1:6c:47:19:83:1d:5f:81:da:ae:bf:ba:1d:57:
-        8d:a7:f0:41:bf:d1:40:e3:f8:7f:bf:80:ac:8d:2d:97:15:88:
-        6c:91:39:87:3d:0d:45:79:a3:b8:41:a2:17:b6:a3:24:cd:a9:
-        7b:f2:f9:57:b5:98:a0:a7:07:2b:3e:5a:2a:d8:5b:84:7d:25:
-        75:25:51:9f:58:1e:6f:ea:f9:3a:62:59:e6:54:01:d7:76:91:
-        2d:0f:b9:f5:2a:ce:0c:46:e4:dd:b1:3c:23:92:a8:67:d2:39:
-        6a:49
------BEGIN X509 CRL-----
-MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGggbgwgbUwHwYDVR0jBBgwFoAUnh8dUFdq
-hW8b+OZBXut6ujB+uvQwCgYDVR0UBAMCAQEwgYUGA1UdHAEB/wR7MHmgd6B1pHMw
-cTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYD
-VQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNSTDEgb2YgZGlz
-dHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBBQUAA4GBALs2V4c5P0lQB0Jf
-pCs+sgRSqRvcXovBbEcZgx1fgdquv7odV42n8EG/0UDj+H+/gKyNLZcViGyROYc9
-DUV5o7hBohe2oyTNqXvy+Ve1mKCnBys+WirYW4R9JXUlUZ9YHm/q+TpiWeZUAdd2
-kS0PufUqzgxG5N2xPCOSqGfSOWpJ
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3EE.pem
new file mode 100644
index 0000000000..fa5abf8e5d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest3EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 40 7F CC 7C 2C 8B 21 AC 98 C5 2D F7 70 0F B2 6A 0A BC 2F D0 
+    friendlyName: Invalid distributionPoint Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid distributionPoint EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint1 CA
+-----BEGIN CERTIFICATE-----
+MIIEKzCCAxOgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NzA1BgNVBAMTLkludmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNh
+dGUgVGVzdDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCD0xHj/74
+p3hpJkJHrM7PT5avhjPpoPT3z/V3qkE6pwe1wFF4WGpuCEN1CsOlyESi1LoT5vxb
+BeMk588wa+n/hr1T5bwn2EfyzbLLJDbuNE4NvQunN3byvnBUw1wcEMns4WAPzI5Q
+UQ9wt+w6yt9fzZECOODbpR4vLK3BKgVv0+LCwNeNfHXaalzGgChMo0xTDwknSLY8
+2Pvf3j5aP4X8ly/XksCgEZzzosn9a+4DHPC3jhR8D4vHj6k4IDZK3gz0nw2e14QV
+bhRov6qkHFNuRNFImxwdVcaII2D3O/s7ktHvuxQYuVpu9Xi2be8FZXn48qlnDrDC
+Gn3yo+rUdahXAgMBAAGjgfowgfcwHwYDVR0jBBgwFoAUETBzvY1wKILSb8/SN+3N
+6yOR2+8wHQYDVR0OBBYEFGakshok498dtHSxxOvB7FKt50npMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwgYsGA1UdHwSBgzCBgDB+oHyg
+eqR4MHYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNS
+THggb2YgZGlzdHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBCwUAA4IBAQAU
+agmCYpMQKrh7PpozaNQM9OFYe7O27WlMMCVh+nkAsoyABAeO7lVI/ey+D9E8ntAt
+aJZf6EnG2k/DQcpZUWwGtbx+uIDL3zpaKxGZ0x0Or6OF/UjjAURx/Hfs4iOLpwR5
+jtFG2Y55j3AQMsFtXBuocJh13pLKO8rTwK31HezwIq2le9CqZh0UzAEharNYEuxp
+x0cE04sEutiOECDVaoVPUoA3WXinaW69lc/nLKI1upWoSRslPAqn472nozcQQ29B
+CrSibOfrxuN5AwmX0VPfqyQCqAwRcQLZqhZMZu2NDTGxpAe0gJi1wHrQ49LfRRSp
+Xs5hGFBfB9kzE7VuoalE
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 40 7F CC 7C 2C 8B 21 AC 98 C5 2D F7 70 0F B2 6A 0A BC 2F D0 
+    friendlyName: Invalid distributionPoint Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DA935BF2297D8F72
+
+kIAs9fHkWQqKBc6mGkdMTENh0UIAeYw6k28cbsgRsVL3TDGlRSA7ukrQrj6OlUy6
+vES23ccL/K2p7x3YdM+4/D+s7vWZU4phiu93jG2RGYK8E/r62kllwRAM8AVF0eDe
+uJvZXM3XrcW+L8W0j3lFHwM1hWXYVZiY+xGMpQH5WyNfzN5UwOyiR48/sQdUWCrJ
+meVcOmTEgFBTgRj6SdNiw8cIqRBtYSJoNYPYctPGTt4Dm0BTki659/7Cms+mubVR
+CR2X5R8/GTbb4ymvQoiQ/Pf/46VVR6iuG7nJ6n0tZ3sLAGUTDmCeBqwNKThQoYjn
+h6AK6+GFM2B2/VZu6BzvdJamw15O3fuEQJeLQr7lGzK5LbVk7whzwSEwuFkWOt/t
+6XKRCrTWF6gDhBuQTd/JtVX+Hu0D4OnI7Da5SX+sRZRkrtFduN4NrO1BHHFU6pLB
+Hr3qJYTJSkJzTCBFiOOGmXQb/uPpPZinOC3xBTILlMJ8GmTXBRil7Wez4RDyvuKn
+4UC+832/X014xmANYgbYOZfS8PBglN9DrNB0OnWgLOxsQkdI03zNu/tjfqXSaYPt
+1hu/iJJ+Z1b9f2ffL7rE7aAc7VsuL3+auL9Q7SQxAlMqxWibauoltJBdm08WDxeX
+dYRvQWnjTd8txwnjN5emJkpCa9WrfuziFLHEZTnLuuIz05rQSDbIsAD3d4R87LmM
+8HWQrOeN7fryk/dYVCrSTQAH0UT+RlFuTsQmGSEc/3dl+LdK09CuG40V86g08d12
+Qku5FAe/b6yREqZhWNlQjWolfkQzUML98Ry0mekZuWqKwGkSebYpk05S/DxcSzPX
+6PNl4M04rEM8SlyEFwNbTTweKgJ3BdVFixhp/00MeMuBN+x25/MfqVCxCOEjmZo3
+ossHKoZjpU2eUgaV1JQ5bA9t4Vz3wBpA4sXsATFcH7NLfW1NYL5lNS6bg9dGsyQ7
+U0z1YrmEcAmaId6BJbALu+9B0CKKmpCy2GGdX5s3iQ9v/U3jTCKMOHDsAzJid9Se
+aneyFZacnAmAuKSGkovHIdFRRpQ0dDt4rIMvY0zmhGy0PN1F4Q8eB9I0XIUE0o+0
+Tyqu6BTgE5qXD2zAaSi6s5/3PC0dJz5r1Zg0J0h/uvXBsIEDXqFB9/B3YS1bebiW
+z/GSFpsx4/qYjsV7kRZNG4WbGiHu0B/TZ+swQkeYBawORdDWZa8YFDYvv/WzWiP2
+503mTd5dIYsI1f2rBexeapv/oZKG8pwOQnBo+BbfVXp1xgC7Zd92N9zv4RcrXG1z
+jz8Lsy6YQLRQxuI/A+u6EBWUu/qWslbY0PnVQ1njzR+pxQKJsBV4vJrX6SFTRZ/u
+IBUe0cEGZ14yaZOqypyP4SsqlpYeEqRQd7M2KiLJQD4MGnSqkPh1zr2bt9KbKEOB
+D8jcIv5zLynb/YnDCCtTU0XKIWWMhS4nj4SSYoH42tttBmFHWAHF0txr7oqCQxoe
+SFWeYw1W2KgxosKPa0RJmHvpHviapcRJrfE8pdDaYMSKQKzr9mcCCv/2jpgFpmJO
+F2DNjtfScbY1D9sLK2OmD+NTWMO96TMTrVUzbps3DASrEmRmknj1hQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6.pem
deleted file mode 100644
index 0d018c8e11..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z
-XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna
-SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK
-u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd
-uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i
-8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA
-p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF
-nhKgwK6jkVuYAf9HHtVh
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test6
-issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA
------BEGIN CERTIFICATE-----
-MIICxTCCAi6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu
-SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwbnDywy9lvaPs3ihfyfLPtBoMo+v
-C+fBtx91KNEmBz2ACO825iLx9Cyq+vbSLMDPiBbEbBpUtXDAXuaa6omJ1BnyVp+4
-dDmnpIB7IZm6z2mwQ1/xp1Nse1vb1zxkbDnMVVpkSJTqaTqMUnR5s9ht0XI62DgL
-ZEFlpTiBkCVCWFsCAwEAAaOBozCBoDAfBgNVHSMEGDAWgBQ6NIsF43ZYWMSHBJh9
-fh2MrF25TjAdBgNVHQ4EFgQUNTlA81m7xBu1FOhMV8hYWiP2hpIwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATA1BgNVHR8ELjAsMCqgKKEm
-MCQGA1UEAxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcN
-AQEFBQADgYEANn9ezG9vEUyKzHQDQt0yQTrF9KcG5PUqzKQiaIIzKvEBLX9d/nj5
-N0wEpklLq//fxWFFPlhZS7qsDal+jjkPnccIlgIDLNAYYOXEm05+6eeXXKMKwC9I
-TdJghmMFwSDvbp2s/dnQvjOrHIexlatSbbCEDS9XnSeMmHVJ0lx7aZ8=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0*.(.&0$..U....CRL1 of distributionPoint2 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f:
-        e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0:
-        1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e:
-        ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06:
-        bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3:
-        fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95:
-        a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad:
-        d9:03
------BEGIN X509 CRL-----
-MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY
-xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE
-AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD
-gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis
-MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6
-OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6EE.pem
new file mode 100644
index 0000000000..586acb4680
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest6EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 36 B9 D3 99 DD 92 AE 80 2E B9 68 DA 6E 73 9C AF 01 68 DF EA 
+    friendlyName: Invalid distributionPoint Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid distributionPoint EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint2 CA
+-----BEGIN CERTIFICATE-----
+MIID1DCCArygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NzA1BgNVBAMTLkludmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNh
+dGUgVGVzdDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV4IgjGn5Z
+rdXDjs4TsxeXIQB2TgPlOe/PcBeqCUIlP1YAWrevsPt/Py2Qr2EYRaMGjtGGtgok
+tZGSrRRCo2cf187WWyAs3iycMhRIwfh4ZAOC/kGhKY2nsZeScqid/3tlB4HC5xFt
+fpR9Yx3KU/KNKY8qw8ecHNayu3d5Zj6RflcvQuv2LmfUWorIYBcv+Bm/lc83Tb6P
+cGem7WLCqN2AGe2fbT+IDjffHNjJyuAILv4EBAeht44bkNNGHyjkhgMxkinJmcuV
+kdwTNw8Zo4M6cFrQzYhN4nAwJknflLWB4Pkoo0++ZoAyuf0HGVq+ZmzHQv/NQi1G
+XxICk4yWBq6XAgMBAAGjgaMwgaAwHwYDVR0jBBgwFoAURGzu229/605Jf3j+zeUY
+oOy7YGswHQYDVR0OBBYEFHsvpwhX2kU3OE6JlvWn2bNsPJJUMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwNQYDVR0fBC4wLDAqoCihJjAk
+BgNVBAMTHUNSTDEgb2YgZGlzdHJpYnV0aW9uUG9pbnQyIENBMA0GCSqGSIb3DQEB
+CwUAA4IBAQBN6kTmJtDkGt05YiGKwnHkV7cbwRVAMCzmco2ulLYMXKsYGOTTfTYc
+w5qlHizxUygLyqWRByTpFWA8NXTc8VGQOrBrhtczKGdE2tir9bH5N53PcNWTvS0g
+GQr4AkCpd/aBm9WIx6iK4rK/f+B5E9TxLkJiubbbV2aWz8LUPpjU+9NxUm53ihE7
+XNg69ZhEqU1f61S6k7Rm44sXrJ9jQvD4ioC2FivP8H3NmQxNQlkxE6eo9cZqaW+n
+jeulLanRbnGTCKr38w3sjNJrWHdhserC5owK+toTPkZMNo7qQRrIvEVFiY1x8uOZ
+qPv9L26IlojDBKab6fjPOSZ6EaYaWl5L
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 36 B9 D3 99 DD 92 AE 80 2E B9 68 DA 6E 73 9C AF 01 68 DF EA 
+    friendlyName: Invalid distributionPoint Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DD4CD9F490AFA91D
+
+pDLSI0fVUz5UXLvYn5W7dr7xx00QG0G1qW/NGiXRvwwhXzA1BPKzYPqf/xJe858X
+nuONm7bsOuYWrvTIRElM1M47eRITuqdYBbNGB96UK245A/T/67C8x+yVV3r26YoQ
+rnzbreb7Lk0xoVtDzG39BtEJQ2GnKEtKrQ+jhhAta4ZhAMTmaCD/JX0iCVHK6Ine
+tHbRK9S++B6RIX4LT5vBPo3CSBhXMT1hK8i4WQs+sfYtP/Kj2mgx1baZBMlcrGYT
+5F6hK80aUeJYpVxiz4IhKkg8ssTKatMGDULSR9WiuUbWCdI4A3IT8iuFzb2yaCys
+A1rKtUrbkufE0dsn/jceYLhpbHSLiIwDBy9K1+M4RzZk8cqe3urgFgWNN4usRX2D
+eW/gS4EWmcgvHkWv1Pi3YLuU0cYmUtKzryOTInMEyjbIKkRqhTsffPdiXxB4BpFn
+R8Tk1x3MZvHtt/j1NGiWX5f8+giSqfXuEDkjKFHuotsRuEMQ8tJk3KRJ9imVeQSQ
+NIopXNxypyDurLYE507f2rxJgvRDVSSk5a1mPdXw4H1YJWtFJ49Wa4mNWT26oEPX
+tpz+ifqIiAwtU7RAOJRSdbTaFmHh2gx7PocEE+26w6iQMXKqHTsooq4W0QKPk2e3
+2TON2XrEy6oLQxcYNwVucfVCkOddpcQyXe8D0UxSkiGFppLoGPC90SFI03xwj4Hl
+CiITSLznaMjXp/t2dT5DHNUSNYn3e0h/RGz190StT0Jrx31UvHeO1NBeKdKDAod1
+x54rH5ePECBMt9Wzd2zTNbpFJfSuNP2WCWD+PGji44ICpGYJlgRsNRzw1wED+cwW
+6txxmDBXH0kudLNE5aCoIvJPBJUkZxwu2Nib87Ekh4KMYPHs8k2DXfk2txPl6evo
+rRNjDxGT8+YAMmuLAvNRw8Lvco0GsQjrIzjUED9lb7qmks8JBaJN2gYztPBq8LXa
+NWU4mFGBEkRvJI+IBLZ5Cv504ztosfcuXVTQM3yW1fM2kWQYkkhaUfMNOEWrpGMy
+epGV2SU/ZImnpQE5azAeoyI8/g6Sq/TYSZ1rAsN0eiTTOb6iu9QwQ0G2ISPWpWbN
+DriYzoGWAfpG5qElsKF9+44q95TPfOg6VKoxGGWjdNfQpduS7hcsccchbJfvOcgQ
+wL9mubUhRIsmd+80TIGmsdlkkunPCTDjrr6A8S4VCSFVMnWb0pf9Pz4E2fgzNztq
+oZ4awGu2A4f9JzPPqYGNzAEJierpDiOIJeq+a4RWmoSXqVgVJwld1J03ZrcttPao
+OWlQilY+M0+nNpGJ84kW/ClsLFdTWEek4qpkbNeKAdGSkWsszuQh13wZ5SNpx2DO
+GXELXcqTCSX5ykAmmyTNZpjIU/wYgOPVVeli5WYtnOSM7na4iZNKx0q/vkLxKwv8
+v6PC/N0K8OxmImQ59Dy51UOxhSQaRGKCzZTH/KNPF4R2oIRogu/iv3VE02g/BHdi
+i9MaUbYL6H7wy+v2qNzu+XgFhvq2pOEq6raWFFwN+UXsY5N7FHgr4YuMYLTIzpDU
+w7LBJXMtUgCPkIiv0ccWHnsMu8YpMo/GyZ1nTxASrp+ADPRU96+geg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8.pem
deleted file mode 100644
index 2ccff7ecb8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z
-XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna
-SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK
-u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd
-uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i
-8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA
-p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF
-nhKgwK6jkVuYAf9HHtVh
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test8
-issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA
------BEGIN CERTIFICATE-----
-MIIC7DCCAlWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu
-SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0ODCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtqwbk/YTst4JgaZksbi+cItOdDg1
-ZDBk0znRRey4EXHLWBRaSV8RAAw9bNbbQEuq8IgHKD2Gny2ObJsV1WXdoGXwz/Kt
-zGLxkxN7VMH/euhCh/0aMr7sO4yRZgC72ub09FOxmDtEynuiurF5+jGJ8FoLHkke
-TMWpLls04hy4ITUCAwEAAaOByjCBxzAfBgNVHSMEGDAWgBQ6NIsF43ZYWMSHBJh9
-fh2MrF25TjAdBgNVHQ4EFgQUsMTcbBp2ScLfBL5qe3q9w9pjVuUwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATBcBgNVHR8EVTBTMFGgT6BN
-pEswSTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4w
-HAYDVQQLExVkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQADgYEA
-lvXRt3px1v5T+WzaqJpecpxWzan+l2WrMC4vCYTcyFyQvQKDZl2jGO2PubJTDLym
-xwenSbt7quBVMKJ9pbXkNe9gFQInbT/3+NMPsI9Kc3Ajn7cfWW8TslHPaxtG5pcM
-XQR5wls8vzdmE9pirEbf4HDsnKBfC5sP1GOAYhIt/Ms=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0*.(.&0$..U....CRL1 of distributionPoint2 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f:
-        e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0:
-        1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e:
-        ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06:
-        bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3:
-        fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95:
-        a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad:
-        d9:03
------BEGIN X509 CRL-----
-MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY
-xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE
-AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD
-gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis
-MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6
-OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8EE.pem
new file mode 100644
index 0000000000..791d9ca257
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest8EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 14 55 C6 99 6E A5 E7 3C 42 E9 30 3A E9 9B EE 2F 04 5D 2C 93 
+    friendlyName: Invalid distributionPoint Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid distributionPoint EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint2 CA
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIBBDANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NzA1BgNVBAMTLkludmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNh
+dGUgVGVzdDgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC203pOwsFZ
+g4ufpsQb/dtjKIoc8xzFlvmEwLV/KKdqUOwpmtCAVzP+KVT1S77NGtErNItytt9l
+lzeDn4Kdu/Vgy19LLbjU2RPYbi0WqXihFrh2Je9lHoc+Rb+pofpf3M8Ou9BtqKRg
+pSpqR7Q/d/uu0mmlpqKXRTM/ok1ExfFJoub3C0siQWRmHRDs9ob7qQK5erpvFNf+
+R5HTEg/LacOauYWGuD2czWeZ7iYhCc1G7dAdtq5ufauPA8LzSSROvzhp62Yaqhme
+vnBStTlE01ZtT/quS5shxpcn50EaI6Za51oW49fzQoNjeCm99cXZLYfv32i7Xga3
+6jhZdZLP3NNXAgMBAAGjgc8wgcwwHwYDVR0jBBgwFoAURGzu229/605Jf3j+zeUY
+oOy7YGswHQYDVR0OBBYEFIQjF/h4qPlUpp067Gu9q64IfsVZMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwYQYDVR0fBFowWDBWoFSgUqRQ
+ME4xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQELBQAD
+ggEBAFEGXuXGGGNMBSosWxFRbvB1/VkumjXFubrMkUb6n8RYdNlBiQ9aO9QsYXoO
+fRoSds0ZyFvClBV5ohPH0IQgQrBKDUmUdas9BtzACdjjeLTsPNFLYR1BiKv5iCWU
+gLuakMFiEKCJXry+DglaJPWQR63b/eQWvXuWixYxCX/urpluCvQrmTQcbhYlHzeJ
++s7Fbr+IEIsn0bpyd5fFXkuw70Yj4iYwkA3GdD5/KjHRaBWj0sfUz1RJdHzZTNce
+sTW6RZtz5eHPIIj//1G6rB3llO4eUijSTObnl8VXzkhTNyC/Ln/IkI71RCerrWpL
+T2WQ7NXT+oaKNdWkNV2goYgdFsI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 14 55 C6 99 6E A5 E7 3C 42 E9 30 3A E9 9B EE 2F 04 5D 2C 93 
+    friendlyName: Invalid distributionPoint Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D8EF51F4CFB3050E
+
+9lUj0kxhfaJBYQ1BPgfR8YhA9kjcjpsGE5na7KM4T2HOCqubF7Bpmbq73W0m1ngY
+SKXcBkURwCcnZG527YQ74pf+HZ5Ar3yrE4UVAnMqlRCzEoFEvereQ2/MUobb8lxE
+E4sPKBXCk5XJ2/xj66U22wQycB9PEJahIGSPNe1hBl6UPLdBQQ4vBzQMkitAarjx
+K2O61FdXBZdqPNf7uwoWyJhBOCI9Yf25b4+90RkQhYhWE9g+CYI7yEyujayN7+a3
+Q5Eb2By5HdituZO0DWQDmJPvVACDACFTOw4jE1uW2c4CTOldSLMoci5MlpuMCY+U
+v1ymketI9rm1wKPG+4Aagvcgyf2gsqx1Zh1f+YqkWcZ8VR/1ohplPpzS9/gVtlUu
+2xNu+KUojCseqzbwJxWOqEEqbAV1YhnT9h4dkBFGVCUNhZRieeqli7E13/+XHLZv
+z2xltvd1xBEfr5XNv5RGdpbD9L7/X8reQLHkLwOi3w3fBHAO2uw3aCt6fWIHT8qv
+r8o3mP/sJ3M9kXuLOkQaInswafzKGzvVhE7/FeGLAG3JiF365aiVpCedeYaWhTL4
+IUG1km3edyZXyAs1NntHB9WG3RPtR8jNOdbeySZp04Cz/nHYB7v+Hd+FlecDnl0W
+fUEXAAlPlRS3J66bKP40QlnW3BSh3+ESwXy74MQIoKXpMdTG6oU8efp5x6wVjMG2
+VeHJRC6WMWwSqSFlugyV7csoqcym0L5jeIw06LAl/OrqohEdZrp5kOK0S6ZIkyTA
+IiZgHK2R85m3WjGw0SGWj9qAlKm72syDDvkpkoet1CWbeQZZzF5r4MCNtskNTOTv
+EvKMsThqaI4Ao4yT4Hq98/DMfscYC+mlymvqOUYxFFxHecQ4QKVsUv5IpXmplYBS
+vi4jRarAxk8HCpwAGzZ43NSA9Fv3fLaxlTTbf36itIq1LP3h1AtapkzOoac6KXTg
+25IPi6VtLxUIFWKEwzhkNB/SLiNqAgCtriVEd/P51OorWDUFYvAZolVmks/ON6Il
+EqHWGsBIfUKHhX0dk2684PekGEAZr7g4U9/Wef1WMkCYppnhoH7tUEqIJkuuqyYL
+MEIl5OxGgeUnr140Gh7bx48vbZZPNLBpFRzWcDbi97Mw3VDxTUIg4CO3LHMOEMff
+Wyev77l9sy6cp/+wNJaRnlnlbEPKo39RZrow/awWFzJLTqee531PTaOxzPL4eO+i
+b+lMquN2KO7eGSndp14JLVL5HHZS9O9FiYoapjr7WOP9QLibL3MlbQhecRG5X4EB
+pxGIesurYKuDNirrwuG75HIqNo1lczQNpX0qBZ3WxBqQH0u9PE3/IQXLEPGm3Ka6
+2erK5KYHf9fGwGpDSe/armKLhTU9hTGXJWY2UtGg5U1jVjdQFqD7AkODMP+3Xhdr
+8pMMe/ZLj+I9Yop4A4g/BD9cEqc6gzM1GidFu0lP1DkVFTgtxaUUqU+dI0PCLD7X
+d38/olQaUKrmjlboL+GyAuhI/h9wFS5eJT9mpYcADjfZgRS3ULkcwC6vOVlC8KGO
+Gro/DBndgzyF1QCOL+uXC9L9MxPlbPDssYbqcJjyOPbISo1FfYp7hg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9.pem
deleted file mode 100644
index 3a3eeefc07..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9.pem
+++ /dev/null
@@ -1,117 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z
-XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna
-SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK
-u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd
-uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i
-8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA
-p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF
-nhKgwK6jkVuYAf9HHtVh
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid distributionPoint EE Certificate Test9
-issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMu
-SW52YWxpZCBkaXN0cmlidXRpb25Qb2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0/suVDtpZX4ZdGIHhrhtDHDiiy4k
-5awaeTNhUVeZhKlIDNnniPSVG5/0Q2JlWvIywo/Ch0y41j/ihleGbI69zoL1p5z8
-hh+yK51J32JdQ5gpc49P1NnVtoNSZApTJt1VUR4LwJv1/AhIksEEOg6YHN3/yq/C
-wVMoMv7wnisqqykCAwEAAaNrMGkwHwYDVR0jBBgwFoAUOjSLBeN2WFjEhwSYfX4d
-jKxduU4wHQYDVR0OBBYEFLYB9DyXTb7g1exMOFd6gOIt97g+MA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEA
-HdkglZQIYTBxilyAJvuFkSrvNo90F3wuIb0FmfVrjH6Hs147bgRF9nsp3sh/VvC4
-gf7pwYRING0tY/RV+n79U2FxHcE3MN6WNGA+GX77LcWth+s3Sa6Hr5QMaUcapGbq
-2B+bkzQUiWX8sXPvX0KWzBmbcY3Aup56MpwytlF7ywQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0*.(.&0$..U....CRL1 of distributionPoint2 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f:
-        e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0:
-        1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e:
-        ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06:
-        bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3:
-        fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95:
-        a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad:
-        d9:03
------BEGIN X509 CRL-----
-MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY
-xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE
-AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD
-gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis
-MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6
-OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9EE.pem
new file mode 100644
index 0000000000..aa001dbd71
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvaliddistributionPointTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: EB 5B B8 8B 0B 10 C2 79 81 7B 27 2E E7 9B 75 D9 E6 E0 DD 62 
+    friendlyName: Invalid distributionPoint Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid distributionPoint EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint2 CA
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NzA1BgNVBAMTLkludmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNh
+dGUgVGVzdDkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLKyk8HE6e
+PQjbQTZ9IkLDPjf+22btjiqAtAWS+6W2uVxyU6dliSHMswdSVOO+08YgmZtcRFVD
+rsw85o91RW5i4Pm20IIeCBNf+WVgmFUJ7t3uy5biH0s930zWyxkCqfyI9eKrxia9
+ej0hU1vdJ4K1L0XBSDpkHmn3vG74ARa7k2ZrlnD5NMn7UhEegwaLs8RKTCcH0kWW
+u7cfYgBD+AUjTbP6iR1ll4V7UNIGVcmyc4LdSnZE4+ihyWdwzPGp/E4ph1G6lGmX
+1knyIKhpIC9BW92e3DMCAPA7DjBVQNduGqaCIxrZ3nPk3GBVXqumNowmVb8+K+kN
+0CAe6eX1pO2BAgMBAAGjazBpMB8GA1UdIwQYMBaAFERs7ttvf+tOSX94/s3lGKDs
+u2BrMB0GA1UdDgQWBBQHhKpeEYEjvTDgLVQu6PXIjYv0CzAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAq
+yXgKDIVqTrgboHhLxi4heoZnxuohXK8Ag/1xFQ0DWLL0mgLemNqzrutLhWwQC2LD
+MHXbDT9B3ZgIOIgWBVDG2qV642Ln4xG5VCug+AWk+N2meTvDUaE7HtjQ9qvL4Zbn
+X+0pafFSuY1q6xcW7s2EDggf7hnnyb86LXSJwiP5St2er86QJ08Z47DKrrEkTaJY
+mx5lhCJYdtA0/pWeS4teEmDskJU8GDRlc4ZA+okCHVgU4zvLig5t5Q4tS7I8ICd8
+KtstuDiUyIdVy1MN4pVetIQO5cu4kQfCliHKH99+c/QYz3GIzz3U/9TiMv3wBlLg
+vZl51izphB8ha9hzCzJN
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EB 5B B8 8B 0B 10 C2 79 81 7B 27 2E E7 9B 75 D9 E6 E0 DD 62 
+    friendlyName: Invalid distributionPoint Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CF20677602086B07
+
+NYiiAl4fxd7wtuqSspb2fJi+hJaU2mxNuf1QQdw0Jhr9EmD+2OhqGEbaUBHXw62X
+6rONswcLoz6oawOaQtnYzbG36E6b5q1cgowCc6o4+hk/T2NFhVZ9GOaEbIq8qqXB
+iZLOD324II0VHMAU/OOkJ/l848dMiJEJTizxfiUAB5er1RgFpGF7eqqkjy4OSd7N
+q90RIhoSgWy8+wwOgZ5Wg2fdxki9Ja/UvXYuYMY5qAGFL4J1+vjggLPLD8D+gN9r
+Rgj4Zz/MWDY1brdY9xjHFWUAxvr5s5zpXQg4U3GFAd4PJZRthvw6ta6Pta5cKOFu
+yGkTr9UX6PYGjyxbnEcdKXMbnl0uAIkXIacGUdVxhNHVLxDsGN0k5mF9SYEkH0IA
+AC0B6CYLTo1ATTCqucvINxXuoV6AwbC+IbWq95RgVqxgkn94BTdGTsal0fv4QzGE
+4n/P05tqdKZYVntp9YTDGGaf0mbFmN3B68mqWghM8MEW31SB6uUqIdnZtF6FPjgg
+kKnfuIc0lTpc8YKh/UjKiyF2+jvN11v5srJ0UyUnUmI+5R6uTuYPKBbIkFydoFHU
+66iuXfLjilJMD9pw370qxTVfaLnVtDZbhyj1oX6zB5Knf70EfyClSbEHgXxwZwWP
+OhmlGxGD3ggeat+uhlETH1qiZfH9c3fUN+HDhnVC6tzBMzQmpk6Q2VGpvvcjc1Qu
+7S9wB/6EDWKyXliVBa9W5+woKPOWs5cOkuUyPKNgUhTu9dwBwnDZo9fePMEnznb6
+xJ1dIzwN7oZp31NofTiNxTKt1i2ih9Eiiqy2NlGUACuD+04CWTKvi89V/PufCW/W
+q44dEHCbm4PrLclSI/rqs7NUq5zsBMRkcgFeEe1gARXGt+qbLEV4spWBZv8DzuJ3
+xL7PQuAofN1dOHSSX8aP7NOBEWMt0Zlh8lpu0UJN8xIgLQciXrb/QXevYrXugqRe
+TdH/a3o9IqjabXbMM7qPTlrsh6D4xv6aQHmht/4gLgpPZxua2xBFDXsdyXw9i8Ic
+wPd65o00smrOeJjDsVdbCrPSCfJDUUoSIXk8G60OTSY0R0vRW7S1Wy387cF2vYH7
+LEX10/Nm81xeKzDi4cMOp/hPtGSEtCFj69eeDTVX8+oVRwRPSb/KZkYNq/JaHQFd
+uZ7jbqNkomrAK9PAnBdZAHwSlNOVZMPUWMCQOPcTP2rKC7IVrjtzmpvfvuNNfeOs
+d1x1Z3XwdhlKr8aNff2BjOlmuH+ZTaua8CJi93Qf//+klpWxCLVniHIea9ZPZ1VI
+tVeyD+MuQlEoHVuxuKnNvxDp1vzzY7IRT1uRpjV6bkfetq9LcTdiZtebTQ6sVeks
+/fzUyrkD0t2qC27lan4YlFze/0bILXeVCuGt15uyv/N9ug3Im4xQErp2vnZRpiR9
+uO0dkBnpw2b2YTex9j974Lb4CYqXouq1LwEKKlvov1e6i+9A1DI3HOA0TB7YvgNC
+p4Tq2SVf3bp2OfSTkvMfaXTyW60iIxoeuGFPfXf5u86uRBqjqdREJVLkH7Epfvsk
+KFc/qbi9cdzybWqfS6lpWZNaCkZu7wCFQX8X+ohIEQdQZjgb9gQI8R68U/KwbBSl
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1.pem
deleted file mode 100644
index c873549a35..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitAnyPolicy EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kwIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYTELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTYwNAYDVQQDEy1J
-bnZhbGlkIGluaGliaXRBbnlQb2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVzdDEwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALU75+fsqkoJ1rj9rLPys9PtX999U+V+
-71N40CaTnqxIlY4+U6A/BBm3iqNTQdcyEGo3Buy3OJEELx0+8jI3Sm9ja4iR/4tk
-gi9OYh29Ps0LcRyqUihECPaPFOvI2vEFJId74DFoUPgwNfPD0CzYkm1bYwNcMHwb
-0QMmUcxk8yTDAgMBAAGjZTBjMB8GA1UdIwQYMBaAFJ1AmGAI5sj9XNHYLwvqAOwa
-RQbPMB0GA1UdDgQWBBRgJfQvy84RFEADVPWlCcnfV9YiljAOBgNVHQ8BAf8EBAMC
-BPAwEQYDVR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBBQUAA4GBAI1bh7Hi4BQZ
-w7LpH+0QxTA+hUMNiV3kKdM9vhGFAwm+UbQvTYeIDaIpDxX42Sv2j7Vw9Z9nkMc1
-UyaIcxezk4LAN4vG3WIJiO/eAFuCz49QWhE53AbRVprrra8N/Mzv0yB/8ysQ9fUJ
-AVMgwRz+4Fd2AoK0CWNHeDRUD+IN+enU
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBOzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTAgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALXCzoaXAEbX
-pgMPDk3SCu2nzrt+I18MsI4lg/0oLjQAgPsD0np8LOGHMzo3UBtfJtpV0BXCc+E+
-+Ni+ehXFWfA4BXjFc3GdUdJmn7y3F9X7XSIauTE1GSYR2+bMW/IRbmjpMDzldmRs
-WNb40N+jWAxw1h+YN61Pv0MD7Ef2ds0NAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJ1AmGAI5sj9XNHYLwvqAOwa
-RQbPMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEAMA0GCSqG
-SIb3DQEBBQUAA4GBALhhUDb9VolIM2bKpbpat4dNjGrkOmVT/HvGBl+FGwSXa7Mj
-cLgZ3WygZ9gil3l7X+wL7lM9zKpXljV5WNpX+58RclQ2kK7Yk4qcY0tpPEUn8R4/
-9yg64Nferl/2gn9W79ODU3BiBFF/GiAJJ4SiwvLWl/JnPDoQuJv67IS24+Oa
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:40:98:60:08:E6:C8:FD:5C:D1:D8:2F:0B:EA:00:EC:1A:45:06:CF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        60:ab:a2:8a:e3:22:04:cb:95:4a:c5:ca:68:46:70:0a:d0:31:
-        b0:98:cc:ad:4b:23:8c:3e:fc:b4:c7:7a:93:0d:6a:31:68:c4:
-        ff:30:37:7b:5c:48:01:6d:e1:85:f7:d0:9b:73:53:ca:62:36:
-        00:5c:29:c8:af:a6:40:62:d5:f5:af:32:a9:4a:b6:a2:a7:0b:
-        cb:bb:72:2e:3e:0b:77:64:17:8d:2d:59:2f:fc:cf:2f:1f:a6:
-        77:83:9a:7c:68:b0:15:f6:5a:63:67:74:b2:3a:fa:74:b8:d3:
-        a9:70:e6:87:04:bc:4c:79:ef:c8:b4:31:70:17:ae:f3:ef:ae:
-        7a:3b
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kw
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBSdQJhgCObI/VzR2C8L6gDsGkUGzzAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQBgq6KK4yIEy5VKxcpoRnAK0DGwmMytSyOMPvy0x3qTDWoxaMT/MDd7XEgB
-beGF99Cbc1PKYjYAXCnIr6ZAYtX1rzKpSraipwvLu3IuPgt3ZBeNLVkv/M8vH6Z3
-g5p8aLAV9lpjZ3SyOvp0uNOpcOaHBLxMee/ItDFwF67z7656Ow==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1EE.pem
new file mode 100644
index 0000000000..ba817eea6c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B1 B5 95 BF 5E 4E 68 BC 59 6E D1 37 D5 5D 8A D0 31 AF D1 F7 
+    friendlyName: Invalid inhibitAnyPolicy Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitAnyPolicy EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy0 CA
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTAgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBm
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE2
+MDQGA1UEAxMtSW52YWxpZCBpbmhpYml0QW55UG9saWN5IEVFIENlcnRpZmljYXRl
+IFRlc3QxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNW1wTtifNXg
+S/7/6OTB9nSbSKSw2BLiidrM8x0nGdCwUY++tWaryTAV6tJVLmfDOSrlcqgNgubo
+U2ufM/4Kxrkt4I7I8V7GIuXMVSOSG9DjroelJDTfv/PKfxd/Eb+6mV0lrfempURc
+27X5CfAfKmM22sCPohtfBzKwjsi22RA5dZ6nlUygOhrJgvz3D7/3Gzrrnt+fEtye
+USyq+8nR/zXX+JbOi9gC2WsZMvyRb7pR5+9Lu/qQjXQldZaY+trrEfUmLRUmrxUZ
+CwFjs3eV+vObbmsXnORZWwuTPhw/GBMx227uefpgnZ6x1uJB+YEitiHX72MDkS4q
+6I4Y8p3y2wIDAQABo2UwYzAfBgNVHSMEGDAWgBQYoKB6av9qnYWCJM3DJoX4v4o3
+BjAdBgNVHQ4EFgQUBKSzfwBnruEoSD6YjRYo9lI4/ZcwDgYDVR0PAQH/BAQDAgTw
+MBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEARGD3khHtk07o
+014aVan3Tjr0c4mX7zn4cgm4Vgep+/DOtUEcV44m13/YZ4KjUXR9zaHc8OQhOZW2
+oWCAaEyL0Qw4im0m5LVWkKhlomLU4TJPT34u6m2xlURUwmcUkAaaKf4Jpy949zH6
+x5SFLFB0VCWUgsxSgIgTI0cdl1gnd8WE5nsc3yUKbC/1HRscx0RgjH3y0UFE85FC
+fkcICoA6prUdt2Q328dRd+mY82AI0/lD4Amr1gvbyUC1M0znxTsCZPNHRPQDVqbx
+rQLcUDlh4004RiOEkfPyvm4OsfTD8df7euRyegy/gPde/vipEYQP4bARJalAC+ae
+/U1rEo3zNA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B1 B5 95 BF 5E 4E 68 BC 59 6E D1 37 D5 5D 8A D0 31 AF D1 F7 
+    friendlyName: Invalid inhibitAnyPolicy Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,83990521C98D081C
+
+PVZi2XabBgzng1zcjU/P0sUAiwIEJmPAIQAnbG9kzRvv+a1qFXm6LvXFsW/lb+aO
+hZPOcBrO4ABhZl3ctCHpMDb2oHpQ2HxA3y2YgS+LCm/+VR4LbO3TCTmcuX0oKGWD
+4wqbJQKmKLzDiXNDvZYm/7FMmFtp4cXVqECiAEAx8peRlfEj4YvfS3vQMXWbLCK7
+v06Ge/HJJ5byyhIxRUhSMSZdPuhZLq6UYw0wAdpW99f1gEv7GPY2MVPxJQ5pDE3g
+4xeRGdWAYdUSPi/eSj3JDQucMV1ujm9DfAPxc/LaRo+nLcy8FCvrw+HmPBL778Ic
+cN6ryTqjzsQacPrhtvzB91BbMKgKRM2rgPafgmSmNBcWFE++X5OJUQe0/4liT4Sk
+tFUd4eahfXj+LsXoqlJa3l+jTTJN68OivyHNesJm75mRFnTkURs5gNBCwibs8wlq
+SSDkQlUEKXs7/6Un9hpZj3Xb5Uv0jhXpAz5iNfOe6+z/nLYB52B2cGege0NZPNot
+4738AyHrxPIxYanLiFZCMA+X5tdfc7sgMi6siY95c3VdWwdkVVk2oYxJ0QGYR9/b
+D6Si23/trJZOVbfIkqqOYTR75T05FJA1p5tP1xfKt4+/dcJ4ZO4q6dsEvAR5RGqG
+VPpRyhFYxGBqLwncfYqH9C+vZ75uWyJHAxC6G0DOre8h3KUOs6/DsPBe19c99oUR
+G8/65pMxrGrEcR/T79CKbcF8zEMC4xexP+JAvbILdEMO4b8IgfPlNGZRjcok0VZ9
+Y7WAOlOr/Wj5qkUKmHYbCHb0+Y2uawZW3kA+TzBXvAbddzL4gCELIo5IFig0qG91
+6TJyn5EmmAy3B8J8DFioZBdy4zYw9m6xmpElGpSzFHAQodqCNlREiwihhG8hI2Eo
+zgVtKMPoY1h/722M5kMZnQ33Y30pi7Dqo5Eeph07pI0G5wxJ+SzyKoAqj623Cdz0
+ofxRLoWb8g0BVfJ/S0kkFhgG2pq7Z9/huNCBySk1SHwT+wqWXT4l2AD19gvSe3QO
+SgVv2igWo3Kc8ORbYxW69szAescLoee/50Y9Di/uTNaBd7/KV1BVaPxocVFNReGf
+17nZdjRi9N09FISZ3kRLG37rl7A1yp8ihdqbsVRXo+TSsW3K3/mjdkJjhC7IveRu
+07nSM+xo8BT4Lpvd8cOY4nxTJ75r159Z6mRCeTDFsarjsRg9ZZk9+qvLFiAY1JvD
+5IDb1zpVeo6NKTIbD2u1YrArI1HR1A50XGS2R9ywSv545A8imQFH/lh8rJdW3KQU
+BY73YnJVg/TlueyKzIi2nG5+S076S3QIXbeKegtIoELxMNvMogZG3UoGN+MtRVtJ
+pCK5oBbOg3zgsBtyPYBu4RLx4TYUBudsZdwa9YFmf0OwtKYl1GVoUoNeAcoZRX7S
+DRkX8PLWdbVq6f3n3AthHZlGp2T36yc2gFU9JOupUb9iXutML3cHpBelfBhmggBo
+5MIoQKb9huNXTJV4WR4tV0vGKqi1gkcsJm6kN8SpxrgyWqKPl8GWxc7oWxSVQRjs
+d0c0xL+s6Ffz8kM8dHl2O2SL3yFHdH4IF1CJV7SfwRTqF/r/g9SIMg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4.pem
deleted file mode 100644
index a81968caaa..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4.pem
+++ /dev/null
@@ -1,159 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgDCCAemgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp
-bmhpYml0QW55UG9saWN5MSBzdWJDQTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAMvuM5rrG+hunxSZwR8TVsLND7teVaTAzIxbnJv0xpVvawDeQiN1A+CIdJH8
-TUXrgcfdU+E04StBCqDRBr1+DBMt/PuBDS/I2PcKqBuP6sfkSDr/lPYkbRBI8wZ9
-87H/ke7seqh7cSVORfqg4KupdEE3i2gxONHlTT/7XV0C5aOlAgMBAAGjdjB0MB8G
-A1UdIwQYMBaAFGbbtZTHBcSzPiuRud/IqNBNKzREMB0GA1UdDgQWBBQpIHiUjoSQ
-KUJLfKsOgyq+NVs8FTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAuKZUyh6gvU8Ab5pl
-P79yddRQcx4G1navwUD3YSS7q2rnmqY2ucmHX8H1JsOhQUqvLL81fIqAkWPANAmQ
-K4NU/ZSkkjtfTcJy5oYsVXjz0MyLKOwrt52j8MLZsUW/TIf5e57kPbORC7RQhEr+
-yMDT6AY3En8iF4h8mqMhwnQnO3U=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitAnyPolicy EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGEx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE2MDQGA1UE
-AxMtSW52YWxpZCBpbmhpYml0QW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRlc3Q0
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCulajzJmaByVbyDkLDGhU38CXN
-JW16bKIyjnbsg1tPLvigEcShDVU6jXZt8gRlscw+5nINvdOEYD9l/0QEzonMhVRP
-0GFT8aToKcCcPBlmhIA0PJqChMNZBGp4uitZKXKi8F8lGo09eB84V7bGs5YvP1LK
-J/G7vkncZXQbCUaX0wIDAQABo2UwYzAfBgNVHSMEGDAWgBQpIHiUjoSQKUJLfKsO
-gyq+NVs8FTAdBgNVHQ4EFgQUhUkKnqSDJde1NS49+ClAYeMS9kswDgYDVR0PAQH/
-BAQDAgTwMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQUFAAOBgQDK4Dok
-Sw1YWZrBgRIF5omNPAn9ZimPP/+5QRuYz42bdOl0F3v0uID3CnVfk+7UHbeylW/2
-n2KlU7OeOk5/B/FtFEm9RFaQIoeMkZadszaleUIvZxkrYkkwd///I0T9LzBBKUGV
-gDbif+oCGUYlgqLCQ/aXPDWA0mHKwmHD3FdRoQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:29:20:78:94:8E:84:90:29:42:4B:7C:AB:0E:83:2A:BE:35:5B:3C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        75:3b:42:7f:44:c5:fa:ab:b2:c4:63:ac:10:89:84:e0:50:32:
-        4b:96:80:48:15:1d:19:1c:b8:49:6d:42:c3:4c:b4:bd:a0:29:
-        e0:14:56:1a:1d:df:92:90:19:27:a0:b7:f3:1b:7a:32:32:2d:
-        cd:ee:29:38:d0:75:8e:8c:51:9d:02:7f:92:a6:af:08:ef:23:
-        8e:bc:b2:a6:47:36:d1:9c:e6:dd:4b:05:55:1c:56:47:1a:40:
-        67:4b:01:bd:b4:d0:74:12:5a:97:83:20:d5:4e:a7:d2:bb:ad:
-        52:a5:ac:13:44:fc:95:1f:d9:70:fa:a2:05:fb:73:e2:9d:15:
-        61:ac
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx
-IHN1YkNBMRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUKSB4lI6EkClCS3yrDoMqvjVbPBUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAdTtCf0TF+quyxGOsEImE4FAyS5aASBUdGRy4SW1Cw0y0vaAp4BRW
-Gh3fkpAZJ6C38xt6MjItze4pONB1joxRnQJ/kqavCO8jjryypkc20Zzm3UsFVRxW
-RxpAZ0sBvbTQdBJal4Mg1U6n0rutUqWsE0T8lR/ZcPqiBftz4p0VYaw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4EE.pem
new file mode 100644
index 0000000000..1c375e882b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 35 94 63 D5 71 32 01 BB 1C FB 48 70 19 F2 ED 4D 8D 71 71 2C 
+    friendlyName: Invalid inhibitAnyPolicy Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitAnyPolicy EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA1
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowZjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExNjA0BgNVBAMTLUludmFsaWQgaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0aWZp
+Y2F0ZSBUZXN0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKOzb2us
+Rap/gcyEbEwwK0iXF70rX0khyal5XsZa1RjAWbLF+wifYFR/Y1Pee1seu+5+Y9d5
+Y6OlpDWYZd81RunoYs10UNfSC+MdbLEJrqKsX9Ol/iDg3PaGnsHHqJPkPpnZgCxM
+9KgV3SxPXgg9UzDeFgNs142NbrFeCUjtU4s6Z3h4CRNUG08DTB06aq5c5PWnNJDo
+HGXkssX6+seFinJZC1S4og/wJOclr0g3+6rBw6aftcvQgsUMl1aeLe6adl9yLuYt
+HMopbU0wbgiGeNyjs/Z1/sZZ52xrsGCt6iUMZ6i+EAEoqCrwhNMG/zRUSDyXN3m4
+9lZCX4HJh9VGHxMCAwEAAaNlMGMwHwYDVR0jBBgwFoAUdKDVWNkrU9IrsM1dccah
+v0OnyBUwHQYDVR0OBBYEFBIkx7AI9TiDfo2NT4HTCl44Z0KyMA4GA1UdDwEB/wQE
+AwIE8DARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAHhbECZV
+VvZ3I4PTD5AZubZbJlT4CrJXvqc02fLFqiG5/n/XsEwIBAPBiHw+ni6N/10w9Sl1
+SZxkONAMLx688plmbZl1sq+uWVLo7Zn8oLte1ka5di5YteBL3Q9xgxTiT/n5gLip
+AamIJ2+Sconm6lw/ox2Bwk9GvQ1V9BhTCXZYpA636a2qwhgsgypHcvBtxxo5dpAH
+76B1+opjDl90vtMmOLYZ3DDmE05SdQOW3hu3FyOZWlo9hveSKp1jCpI9YTBh5xs7
+YtziLdcidNDuWF5qCrkAfJKn2bVIgWCV6QUGsa68tMzM2tX9PDEIulsjIrEy7TDE
+TWdj2tcah6t6zqQ=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 35 94 63 D5 71 32 01 BB 1C FB 48 70 19 F2 ED 4D 8D 71 71 2C 
+    friendlyName: Invalid inhibitAnyPolicy Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,42A99473A944A1DF
+
+5zr76H83m6KniZ1E38SpAkE9Ha9JPtTrSaRfDt6p7We0CbiD0BDdBaTjy5iDnp2s
+CRAnwCuzfdLZNaYtc29N55KPfdWDoxp2uk9AVYovCPtWI8gPS5q9WUVw//MniWOz
+EgR13VdqTOMeW74wYvcVt4TBtTPZ468EbPUDSnrHU3htehvudOojgXKw2oeTpbVJ
++Yh9yWJoRUIhxkk1IoDK7+06Fb7Uxh29HdX6ZWxp4LPbgjB4iXV1bIp/5Ee2p0W1
+dhKu1RE7F1IPRdRG2JGv4LBQAPu/Roq68XvUNjqcnnTLC9M0d9ukTajwM1fcLzj6
+AxW40V3xT357tY34Swh+WlXlogfymD+dVIgkfS+lPPYhJxF0QpuLWLegIyRrbiVH
+ssu2p2phv+MjkcwKiMBWS92cJ8ev6p1E9yD8U+43Ri9TyES4xtz0EerJWMj/8AQ5
+PBBq4kLflT95PxdUlltfl9vpQE3USlOSCOx0nTTU0lOoKxRcVWmeuDPDF6dAAqEH
+vIW6SYX919Ty5glcLTxD4kyBKEZowecjsxxQHVSWL8C0/sZJaNz4JYYaUILgRcXO
+Vchs05mbh3d3Z06jDPleBCGAelL9hDZMlt9nIVqS0TJL1VtsuWbothe9npeDMv57
+h/AxQr8RCWMzslIKRRKsVchBjHfVieu659Yz6c0Ot3AH3jGNCn9L1KRjHZU9oAN4
+xLkw+iGgrMVvefiU3WW3BnDGmw1bjjIVO+sQl7aihtq6HinhLixYd8AMlgivsjVb
+RWWHt4NBBkizbHv2lRzwZOA1KNtw7RABmmyz1vbSQ+I2VGsyApADcRZMuYb7CnSs
+q8GsLhNkI6cag+RqDu6Msqs04yktB2mJOdg5oxYHhubfVGKVp+J3yhfcmHHY5/2L
+kiZRA0PdBR2CxS1CrDIme5ML/mwLAw1nbQatGnJIihey9wgalJ1jPSMiyEMcA2xj
+0p4FHsWGE+cUtRurogz+FjpKBlagriTqesnEYOsMRXM+Z8wyKoGJXmoB8uZCippa
+wdsb0k3qSiyZitrs4ZAENKza6BQJGM8+27T5jP0HOjCM51imH2jPgHFFn6Q5XjSI
+mpZ1mp5IGF3qMAr1Gi3/aDZxSC3Q2QWC9Mpd9gsyjZdAhFd+Vh+3BUmd106/LI74
+qBsGGd2PcWW0S8e7wq3GxPqOOvz4UPfCyYyEgaAoteW77ysTDxBcRCDv322Yvz+U
+FDWH7her6L3SraX588aZ+sxqRH/NLoTKwf288bSFJTXzIgYbt5NYR+pBSip1gjpz
+HLISC/jUtDUL8WSd1YLGjwe8J3bay49F9vsODmrm6w7yKyNbYvzxqHHdoLPtLLSr
+UHRyCQsGez2cxJrR9YKdyD/wkY4TvK2S7aI+C2dt/Qk4Eh146UHAbjupe/ls6jW/
+POPOJm5z5huX8D5w4lGnAP3/8++8RTabbTNuQtbVVZP5bAN2raKJbR2e4QibZHrC
+U1u/A5xbd9Wj+8R9fSH2B60f7416QVzyZ547U5QgI6T0M6Sm3fkFUFpUO4f84W3j
+Ep0CV7eKYtUwFMLZDaim8rcahMN8RJc2LOwfElpKA5M8fLEww34pSzHa6vpPoi+f
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5.pem
deleted file mode 100644
index 20f42c20ac..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5.pem
+++ /dev/null
@@ -1,210 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitAnyPolicy EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subsubCA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGmluaGliaXRBbnlQ
-b2xpY3k1IHN1YnN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-YTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTYwNAYD
-VQQDEy1JbnZhbGlkIGluaGliaXRBbnlQb2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVz
-dDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALJx+sbJu7vInzoWetJ2rz0L
-6GPGRCd/xtyjMfyMSExsWdgxczZPdBMn9ON9XI/ASBPwvhcoq2pB9VqD+g2X9tfV
-y7usPePkKYweFOPmIlrWZb9tAEfTgwkoHYiWEWazYt+6y65407713raA+9DmYQgX
-m9RHrTFiSVJ3Z9RAtBEHAgMBAAGjZTBjMB8GA1UdIwQYMBaAFHMQBPkM9GScsvEb
-je+3VaqkohmvMB0GA1UdDgQWBBQTUueG5HoT3TWlqqICt/b/VK5ROjAOBgNVHQ8B
-Af8EBAMCBPAwEQYDVR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBBQUAA4GBAEp6
-lUPLqrzZI5cW9d33rfE+6PJIi7fI3T6aRuc2eG0GuaiGnwOJvwDXA1uHC2GzbiJZ
-U61janUuTgxWCdE7uDZFU7f4M6Ws0V/RP0BDzWca9mLZenhrmNFYwCp+9ve9QMMx
-6WjbrV0PBuEStbrdAH4wRquSNws7JKnHrpW2O88C
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subCA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF2luaGliaXRBbnlQ
-b2xpY3k1IHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSMwIQYDVQQD
-ExppbmhpYml0QW55UG9saWN5NSBzdWJzdWJDQTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEArf8a4YQqh0caACibKN+ne7IKGYWnwL8N2E4534sCUjlfic+5O3/s
-ELf3kOpyOfw7NMoMTXQcsi+9wtB24eilTbHwdStKU/Mt15FCe5go7GepA2TbdomL
-3mKUocf87YN4pZc8QBPA/hs5sYPbnCx4X2TK2oCNCwvfUgWWhnCN2mMCAwEAAaN8
-MHowHwYDVR0jBBgwFoAUSndiWCMHosO57sdu3+0AiYhNl28wHQYDVR0OBBYEFHMQ
-BPkM9GScsvEbje+3VaqkohmvMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCG
-LcmSqA61BeAN21ekDRt5DAa9UGDAU8Bp/txAT+4H81/dzp5710w8QBHUcViEoL7l
-Znf4/IR4isqKlRS6ctmN/K2BRJ/19TQiYN8JiaZQAluzpLlgMUV4iC+/JwZHnJZu
-2c4mhWPSSBfUqHME3sp4dQxsrZNou/yOwzhTjmsNVw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 CA
------BEGIN CERTIFICATE-----
-MIICljCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3k1IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSzELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSAwHgYDVQQDExdp
-bmhpYml0QW55UG9saWN5NSBzdWJDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAqzUjeD5TJL7TtPxRXU0nMcnBDmkPWyIAC1pNu3Tv0XwSE59I5Wr/Ytc+wMkJ
-dM4d1IFPKtN+MlzNv4dHwxOQrb9Fi3ItNVRIOLRIttgQFMvCWl0FTh9svTC8NIUZ
-lKD8zzDoBGD2ZEwHTYX1qLzneeTf3hMN4AyvxDVGekJWsdECAwEAAaOBjDCBiTAf
-BgNVHSMEGDAWgBTGAIxxpplipn/SVG/ybgTKMLU6vzAdBgNVHQ4EFgQUSndiWCMH
-osO57sdu3+0AiYhNl28wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI
-AWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GA1UdNgEB/wQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBABOzlfB8CEJvHMdfoVtuMRmwTdF+Ypyvb6ileMKr9P+8j4gRzVgr
-jZiHkH/a8ODtOat8ADR9USeVUAMIv2LZnw33x6xKWCZNJCwPysTVz72PLIPQ+2c0
-yeOayIZxdJb9hidU7BT4q6FdbFecUUgSZS5FySOod8WI1jYTyHNEZeLa
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy5 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJDz7OZ8u34K
-hjI6cDaSvyyjIWPPGVdObfPls5iLOT434gz5hx3uyX17mOJnw+/5rOgcqatRDJ1I
-mAI1pl0ZUVaaattiyBifI6LONlUpzVOmtr6yotsGY0DiCmtKBJh4geA9jQl/UCou
-of64Smt1vsIL3SqiWkqCg0XFrXpTCCz1AgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMYAjHGmmWKmf9JUb/JuBMow
-tTq/MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEFMA0GCSqG
-SIb3DQEBBQUAA4GBAGt+M+PIMRTWFAO2C58l6vCjg40P4NFF6B3LWjGcpPnRDYP4
-injOp/wD4IVvnXRpIFOq59qlJzmOJJDxCHGB11jkkxJK0v+pi7gvDrDw2av8wznR
-K735aiuC7KCpEy7tQ59Ive9M8PPOuQ+Vd3CgKhv0GuGNb/6M+3cojz0fCNx6
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy5 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C6:00:8C:71:A6:99:62:A6:7F:D2:54:6F:F2:6E:04:CA:30:B5:3A:BF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        4e:c7:09:29:78:ea:ef:43:a3:de:f8:6f:a5:b6:13:f2:ac:8e:
-        93:7b:ce:f9:4f:12:e3:48:f5:f5:1e:47:b1:39:20:b4:ce:33:
-        ea:bc:72:c1:11:a0:ab:75:59:68:03:68:dd:c8:96:02:1d:73:
-        7f:fa:39:9d:2a:88:ce:53:d0:3d:73:27:d3:61:6f:d3:75:01:
-        f2:2f:f8:02:cb:d4:00:63:71:eb:0c:84:19:10:d9:ac:48:6d:
-        77:8f:3a:23:36:9a:63:98:4d:9a:16:bd:bd:08:1d:77:4b:59:
-        98:21:d2:89:fd:1a:f5:f0:70:86:40:08:c5:be:59:5f:de:a8:
-        fb:f2
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3k1
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBTGAIxxpplipn/SVG/ybgTKMLU6vzAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQBOxwkpeOrvQ6Pe+G+lthPyrI6Te875TxLjSPX1HkexOSC0zjPqvHLBEaCr
-dVloA2jdyJYCHXN/+jmdKojOU9A9cyfTYW/TdQHyL/gCy9QAY3HrDIQZENmsSG13
-jzojNppjmE2aFr29CB13S1mYIdKJ/Rr18HCGQAjFvllf3qj78g==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4A:77:62:58:23:07:A2:C3:B9:EE:C7:6E:DF:ED:00:89:88:4D:97:6F
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        86:aa:0d:7c:0b:72:97:47:34:6d:6c:97:58:2d:d9:6a:0d:c5:
-        8c:df:04:31:39:f7:22:cf:a8:20:3f:06:71:91:7b:72:cc:08:
-        ae:bd:b5:c6:21:ec:95:a9:7c:95:8a:4d:b0:f5:ab:ff:0f:bf:
-        5c:24:8f:01:fd:f6:1b:d2:08:61:ef:d0:8a:6e:84:29:cf:6c:
-        32:bd:79:b6:bb:e1:cb:71:c9:ef:eb:17:14:fd:ca:87:4d:c9:
-        54:5b:47:ee:f9:39:c4:9c:c2:fd:64:0e:2b:66:8d:0a:a8:6c:
-        83:9b:07:e4:fa:5d:8a:34:91:99:e9:9a:0d:34:60:7c:0c:20:
-        ba:44
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF2luaGliaXRBbnlQb2xpY3k1
-IHN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBRKd2JYIweiw7nux27f7QCJiE2XbzAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQCGqg18C3KXRzRtbJdYLdlqDcWM3wQxOfciz6ggPwZxkXtyzAiuvbXG
-IeyVqXyVik2w9av/D79cJI8B/fYb0ghh79CKboQpz2wyvXm2u+HLccnv6xcU/cqH
-TclUW0fu+TnEnML9ZA4rZo0KqGyDmwfk+l2KNJGZ6ZoNNGB8DCC6RA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy5 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:73:10:04:F9:0C:F4:64:9C:B2:F1:1B:8D:EF:B7:55:AA:A4:A2:19:AF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1d:c7:8a:0a:91:d4:7e:b5:29:3b:00:db:72:e0:8f:61:ef:9a:
-        d1:b2:cc:11:bb:06:bb:aa:dd:6b:aa:76:8a:44:f5:57:b4:d2:
-        ae:b5:28:29:7b:eb:06:a6:1c:c9:de:0c:61:d5:f4:6d:df:76:
-        ee:9f:d4:00:6b:29:2d:15:18:e6:cb:02:52:4b:48:38:4c:b1:
-        ed:4e:50:1d:60:68:92:85:86:b5:fb:98:d5:b5:1a:52:ba:a1:
-        7e:d8:22:fe:b4:f1:04:b6:8b:6d:cc:5f:1f:dd:25:a2:a6:42:
-        f0:13:60:de:bf:2e:fb:d6:38:dd:ed:ec:ea:7c:dd:5d:f0:a7:
-        4a:c3
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGmluaGliaXRBbnlQb2xpY3k1
-IHN1YnN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBRzEAT5DPRknLLxG43vt1WqpKIZrzAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQAdx4oKkdR+tSk7ANty4I9h75rRsswRuwa7qt1rqnaKRPVXtNKu
-tSgpe+sGphzJ3gxh1fRt33bun9QAayktFRjmywJSS0g4TLHtTlAdYGiShYa1+5jV
-tRpSuqF+2CL+tPEEtottzF8f3SWipkLwE2Devy771jjd7ezqfN1d8KdKww==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5EE.pem
new file mode 100644
index 0000000000..a9363a60c3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 45 86 77 29 4F 2D 37 B5 A9 F8 51 C4 B6 73 CF 2F 85 37 6F 80 
+    friendlyName: Invalid inhibitAnyPolicy Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitAnyPolicy EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy5 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMaaW5oaWJp
+dEFueVBvbGljeTUgc3Vic3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBmMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE2MDQGA1UEAxMtSW52YWxpZCBpbmhpYml0QW55UG9saWN5IEVFIENlcnRp
+ZmljYXRlIFRlc3Q1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA195F
+jNz2GSpq6/NfJwsI1oWaPDb/TIRaMvsEhof4Du7/nnHZLHEKCHncySsw3S1wqAaf
+gJCqFiOuUUQNc7KORn2p3OQjnQ6Rx+bqFTRFhUopVriqtIohLh14uvN30gZCwz4b
+cw7uw2I5uEzPWVZjF6gnY3p+mVHCRR5+rp7glk0TIzOUDK8nvu9iUUPB88rRwlm4
+4CwQZPMCnd7+3TEcX2Z53do2w7OStN/J28/tuEO7CMwYeOFZZ+Umy3xX6fD1GHTa
+d3aeqdKGHpTs3UzKS55z++st87x9o/9SDMzDhzuiJv7eVtW5w/df8B6YCXZajDq0
+D7pcygmL2EZsRbvpuwIDAQABo2UwYzAfBgNVHSMEGDAWgBQx4T/8Ym6AZc2peRAA
+K26JWugFwzAdBgNVHQ4EFgQU7ezFAtleK5pOd1B3fpcAOhJ7b5QwDgYDVR0PAQH/
+BAQDAgTwMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEALvsV
+SM9/5C8mjAMEOnsUzL6HCXvgRuQ8nHmTEDTOThapesSndUMoJQMPlXlCbeRP1apB
+zUsPuavZxi4DAmSs+xdge9QLVDbVzf6uC698FeHXKMoVs77HNKFQOpWATB9J+1OL
+zgSzZYGdrFQyYl8rQFdrpXTguzMDKAbCcyQiSoSGr4zlHg2yJXUP/nxtgsDVqYfF
+SIpduRdnil3dV5h9GH/74QIqBZC/9sKO6jVnxD0RbIc64nL35LoVlMFSke4UBS6Z
+PmcQzvnfMtpK4Gi3v4H8btSpKstdIt+jgUpgz48xzejGlaRX5Ad0MNgNjFmN61ib
+XANJSNmGQZWK4w1woQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 45 86 77 29 4F 2D 37 B5 A9 F8 51 C4 B6 73 CF 2F 85 37 6F 80 
+    friendlyName: Invalid inhibitAnyPolicy Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,56DCA0D712C9A6A3
+
+k/kKgh/wqFfQslGzpJ0/Vqt5MnfjMpCCf9qmbLS856/K48AUhDnY2bkLrC8PP6cJ
+/aykfk4CNZODl+a8xh3G3CBdKsCH92VNhKqtAQdNHVRNJJA8CA95LsftMhUZ9ajM
+52KWmXbbB1H/wCbV5ZcNtvnDtTJGGMAOmYBvxpynP9+aVlFuIWiDYdoINv2NZR/K
+Qixw6k475ERS8nixxNAOiDtoZZ+vy4xSIIrMzkkQ2hlqklrzB47uBn2UORtUuot8
+TDhpNo864EEKb2lvRW+AQ0EM3zvpO4Px6vOVvS2dGv0eSDsmNWZh99ZABtu3WHPX
+3nAqQTSAI6zLmRLVq9rCeD6eX0YfvdtRty8eqJbVp6N9pz2ejudAfX3bx04kmXK9
+CXlqOyXo03iprSe8EACZDFvB9p/lCS1MCkNBmq829zC3VVyGjSMNP6JJ7+mxkhwd
+MnnjJ8MjR103FE7gxnsE/68wrJN7o740yuV5AE8axxJtaGpafjc/D2KlfXvxnjyV
+078BFgp3u3lFHPEKPEwzJePvnbC+yE7nxUbBKoLyk58+0ge7eQAbgwyLLsQws3PP
+nJukh68PubJEXveMAK5+o4pVqEG86EcCwRQ2M/VkpIPTcw4YIZaS6BlbLqcvCLL8
+QSg+N15RsegNJHq37Urdq7gXLwoD5EHnPWn3DjL8sqDr9p1EO8Z4im9fE8aCMaW2
+K3zOiIoAWlZEHTrjkg2gwcpbCMIuB6wlxm+4sF5coUdcRAfVzPO9c5730xA9NSHc
+gdkcMooKrte2HqrpRxI3qR+J4501ND1YIIdnJS//ebKVy1UMT/m9/+8Hz2i9h7Bh
+vk2xZE+F8XW8GVDftCKCi4Hhbo2DLGQSNYjfpqPW6M0chdtEFCECEJTohso0/2hy
+OYq9MChRUHpsYf8r046lnB/kiKHZBB/Q/9wLeEUC1+/P9WPBlPvUONJtwVl5hWdI
+lwxy0dg/gvo3SxVetYnbqQIz4RrHpQj8bD5OInUVkzXdy7ESTj4pNb6cJjZsW/ym
+7thBFsJza/XcWPuwvUB53YHy40SqqYUJ4LL/yEYB5SeDZv2ykPC6W/p5f1kGzGMr
+wIWKxzoyfRuEbHM6ckn/kZ+qVzGUJl/ErPwl5gAZXl67Y08QS8AdzvnJ/niUty4+
+ia3Q9KgssqS2dCQgXkGNcsapVk3CH/7srxrB7JtHnGok2vr83+JaZixQCN7iXaDD
+tHNh+ODJ2h+Pq0mWUr9aX4AA6W2ar0JMOdlEoHQPpAnDDVyVX99oVkqydASefToX
+i7rPun8430TLGXmfD1Y4Y+6EvhioHgCkTgGQur9yhqf8h9BGPVULAfzjiBj1blwS
+6sIMn0u3PwuoekTeW0E3Dz+EqoYsoTE1HigHnigt5iwG5+zJJerpzCPI00JiNgYc
+GJRAchiiHxKSognw4rjOQb9ov0XmN7YHYXk3jQyhQVuw2eHeAvKdnrTSZvGtzI0O
+8+l3bQ45GlNtsjpNohUBw9QKyAELUHGrPpZ9YXJxmN8PMYSywL4xIs8pCc/3nmIy
+ApVjOExkqMfFpVv1r98zVuAJvgx5b6ANgCWOKd5+gud4h5c0WRgD4S9kOppwwyMJ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6.pem
deleted file mode 100644
index ed99033596..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6.pem
+++ /dev/null
@@ -1,159 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitAnyPolicy EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCAIAP5
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBSUFQNTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MGExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE2MDQG
-A1UEAxMtSW52YWxpZCBpbmhpYml0QW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRl
-c3Q2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmovuW9G83CLO5Kfr9ogDW
-3M2PMCzM46Btwj9BIzBg6T+Z0toxnoHQHTRXf2tp8Nj5bLXb66AotgJeHWXGrGxI
-Kjx0w4OKRuhiBVjMsT7gJmbmJ9neH+D6gfc83LPzHtMNrH0OPlfAEiCXGfTeHBug
-bMfQlc3WJ747aWkIv54emwIDAQABo2UwYzAfBgNVHSMEGDAWgBQFKWMS3ubCghc9
-e190DHOosBJvaDAdBgNVHQ4EFgQUswzkrq5gD2HHDjnsZYw9qjeh7WEwDgYDVR0P
-AQH/BAQDAgTwMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQUFAAOBgQBl
-Ndj1mSjoh6od200M/46rSMjCcoQ92FMFygp/7mEK3MomCWTKikCKTp1xDYS20vE6
-R2hCQlhkV2nRYNoSLvYM88uba0diTZDbX+txbiJ1DX82U9f0/zpXhCVLxc962ftK
-ZneaZF9AzYxqTvGS1yOwGFV7jimzg4ZdSKWcUX44+g==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCAIAP5
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICmjCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTzELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSQwIgYDVQQDExtp
-bmhpYml0QW55UG9saWN5MSBzdWJDQUlBUDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBANW9X4Le7QZci9gVhxS6PY2u0Fxe2EtutUH8zZO66QHNyygwW510D4dQ
-tOvvKfuiS+Ciu2PV2zjc2AcL5U1x9j6hGKIl7NbVFo+mZbBV6GzWLP+oaTy8oz69
-BNSDXwFW6FPTOQbaiyRa8f4nXVFl3QQYM8jTdGGS9lalXnxusSE3AgMBAAGjgYww
-gYkwHwYDVR0jBBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFAUp
-YxLe5sKCFz17X3QMc6iwEm9oMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgNVHTYBAf8EAwIBBTANBgkq
-hkiG9w0BAQUFAAOBgQCzfOac7wbFryN6VSS2bfYlcBtdLypBJugZaDururS3VvRk
-Y9SVSAQSh/m+ydbzhZ8LyNw7e7Uj4mjGuyFzznlAHsWxyO0JTPbhUwutJ3QrQhJW
-kIbsGR97otFLnmhZwotzU9dr0LhhJEqeyrM64zPoOT2SyhbooCh7Oh27eUSSjg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCAIAP5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:05:29:63:12:DE:E6:C2:82:17:3D:7B:5F:74:0C:73:A8:B0:12:6F:68
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        cf:a9:d2:6e:1b:81:59:22:25:1b:6b:2a:df:26:ac:ee:64:cf:
-        2d:65:1b:ad:15:43:22:fd:7b:ec:84:c0:8d:4e:b1:17:dc:9d:
-        ae:d3:45:ba:91:2d:b6:7c:be:a5:80:5c:d6:e2:89:80:fe:54:
-        8e:15:90:f8:dd:e4:0d:c6:16:c2:24:6e:61:94:44:6a:fe:4d:
-        44:ac:be:fb:46:4c:c7:3b:24:36:10:c1:d5:9c:89:3e:a6:f8:
-        f3:7e:0c:79:08:65:68:a0:c5:18:30:4c:d3:e4:c1:c8:7e:2d:
-        9a:65:b6:e0:84:2c:b2:58:e2:fc:96:8f:95:13:cb:e1:e5:fa:
-        e8:9b
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRBbnlQb2xpY3kx
-IHN1YkNBSUFQNRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUBSljEt7mwoIXPXtfdAxzqLASb2gwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAz6nSbhuBWSIlG2sq3yas7mTPLWUbrRVDIv177ITAjU6xF9yd
-rtNFupEttny+pYBc1uKJgP5UjhWQ+N3kDcYWwiRuYZREav5NRKy++0ZMxzskNhDB
-1ZyJPqb4834MeQhlaKDFGDBM0+TByH4tmmW24IQsslji/JaPlRPL4eX66Js=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6EE.pem
new file mode 100644
index 0000000000..bc14434030
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitAnyPolicyTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 42 42 4D 29 08 2B 18 F3 76 C6 31 67 2C 5E 89 BD E2 5C 75 00 
+    friendlyName: Invalid inhibitAnyPolicy Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitAnyPolicy EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCAIAP5
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0FJQVA1MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowZjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExNjA0BgNVBAMTLUludmFsaWQgaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0
+aWZpY2F0ZSBUZXN0NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMQU
+JVlJJR67nbtRHW3D6vzK+HBOXh5S097ZMQEPce170libKgRiLesqEC9fNpzls8pN
+VPwxOcZOgaHes1XlzdDkbf4TVXuprfJwcvHT6KWfzIehUopULihB/oJuMa289M0q
+VFhS0XAhzLR8KPzNjyqEew5g20u4uvpDG2TQOO4QQgLJ8nQEtQuSTsAPK8E6d0sD
+jgsHLOGETorVSgjW7zSIp2RZ1dNx8AEGm3l7tCl+xhkzKl7Me2W2qXJg+Iy17Jl5
+0Ik0uj38yZaUt0LNuddEQaqZVGwh+19uZdbj8wD6QgHcF8sUBLeOHbKrsI8VaGvH
+SHgiBW8dGWLp7rETQqkCAwEAAaNlMGMwHwYDVR0jBBgwFoAUiQRUdAZgs/cAbqBh
+jhX7vlICBiYwHQYDVR0OBBYEFAOX8L+bVJZR0b0hAu1UhcFEzOxMMA4GA1UdDwEB
+/wQEAwIE8DARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAFFd
+fv8IwDnGrwxVdDqlMHz2fz7dZOnpMPRX5sleEzs0q11YJpVWu2VZJhDtqEFoLtZ8
+7HRCdkeN3kI0RWsXhj/j5F1UdPKu3exA5aQ/+BQeeboF8DqbawC2kTf71cY48sS8
+ECgGbXmd4dNI2ByZjMLVsq8ow9566ZpJZsfTEAw0dQ7TU9/4fasWSQ7LDFK/N9Z2
+hqUS5eIJdveMB2HDL9o8pNohsA8smIfX0ARKCkcEbMTjLjEABcZKtK+y9cwdln3p
+hQoA6GPCFY29vEqaq/T8XMNcWaTobelNsDMgKD9GZfa1CVnh1rwDve4f3PairHKm
+h+iOTwouhOvswtsridM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 42 42 4D 29 08 2B 18 F3 76 C6 31 67 2C 5E 89 BD E2 5C 75 00 
+    friendlyName: Invalid inhibitAnyPolicy Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F9AA48841E5D1B2E
+
+B6CcWA4SnOnxWmixvDlAO44VUbwuTRWzqz1Zwx66zlVkLDwnyxisRrBKzkx7TY9j
+IGZ3nT2WDSsmRifc2Up7iwO+e3cHJPgK1IMxEAzX+W/0G2b9oG7Y7FObIk9xF84/
+XHwy5yVzGVKfskLiXSSUS3y7v0KFDD1hs6XyZ7ZhioG0Dzkpka7BcgZmf/mwWIxB
+uXmFY1pMs1fIrSe7h+C8JSoYHk7mtD9GWin5SomqI8/MCEDUmVr2/5+QiKgg4Miz
+C9wAUM97wfo1pGhNRtHpfLcm7pliZ9bh5bYYhV4J1CnCSiwYmYJC2WMk9z8107kE
+wMYYmDORSuKkxLDD760jTeZ+T6ggnfocZQjZG7cBZG8lfji7S06mFK9y5pkd2a+z
+LQQPCmGGCZ7jT7MQgdqitw7x7iR3KNaPXECitVS8doMbL1g9ueo4rNJ/vblD8tDn
+H5gTbaLv9MzPghyvO/Pk9HHK1uT50nTpEKVjNGA5f+soB8/1dDZAMz/hCma+4qhL
+anN0QpcW3Cg7WtFjpoGV0UDqd+XAwYT8niWwaEz4YCvRFOqKk4UbnQHobxaPWuI3
+iXyNSTk6FKx8L08j58vqFHKnxLMVUbOLokq8Cm6oDEIKQO1Xm2h5/Lo7KTWCSXEU
+EnGbVMWy6S5+qjvUDp4A10GIxQ5G3owyhanv94arbiGSmj2CJIR5XnjUwxKXdRR/
+e4739AqJ32kbSWu8/aFnYrCsy5lrtuvikLQGPERAT6UgHXNC+hoWCEzu62K1//PK
+35GKaS1V437hJJfzdrxboJSapEe4u58lBOy2ZWiJMT8UWxrQzwPWXgIgrZppet0E
+9Ep/3cgvLbydq1Tipg6YXXUn3+RHWbdzH6tVjIe5yU0kQtb6UlevC27xau+1tb0K
+kyCh96ZlHrZuoaLsFS0QnTOg+f4w4M/EBLkgjd/ezU9TSlLZibMK3Y/OGf5uoxlj
+TCqGkoPgMI/lU7QbNBu/ZOPEBIxXAihVwl5AQeCBldj6kWYFw8DqUG0lKEYceEdg
+TeIKQQk5WMZ1rWLIf+x7Lm4HxCW3gf04yExwWW/o0EXieE8m2vwFrCYTV9iGVUCO
+rq1/IoCNNjnVjYJdFol633/xPwVYeCCzoOU0ulUwHjIzPE5FW/qRKKnlRvVg/V7T
+NZuGDuNhHAtRldXpMgDFH+3/iXjQ8jNFnbQmFhY2QxogPSt9O0f+oSk5dIjgsTXR
+qizviC+Qz9AuB1e2h+98kNog/e6c9bFaF2H/j4AdX4H1t+QnILEMW8tTwNRcN1aF
+khpI8fpx8PFrLCTx41meBYJYTwfSQErat8/OafS+qf21rMG0OeDbFRSBs32/7IzJ
+tpRpATwZphMks0ke0y5r3b7ey4Vs44AsuJclBryecfMzLbbP1BP1wgUnOAb1U+Cv
+h2JaN0VRjS6MCdTjNCRamr5n4HQJ5eeY48iD81skBuVVsV1GjrTqKAdZ2R1eRnA5
+1ApHYGMepNuw6VcONLoyQxOVKx2/vBEi4SK9g5/IhQ875TKsyZrEQ9wiZ9EylFAW
+OipkcTblhCJ7n1+lJHazw0hlshnIqAdD3HxwOA1EmFJX5XcummtU/ZT9LdLr3o8r
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1.pem
deleted file mode 100644
index 785448794a..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1.pem
+++ /dev/null
@@ -1,161 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClDCCAf2gAwIBAgIBNzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYaW5oaWJpdFBv
-bGljeU1hcHBpbmcwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQIzx8
-7J8x9DkeOhXlBG/eAUo6B99wk9uPjSwrZ7f+CXzaECXTCOk88n35mahe/lgpBbr8
-ujs9D6bCgS+AVciyqJAtZFW45FX6xjb6fcLzebF4HTOpBYVxkqlJ9nLLCkaBHMIq
-1U5jR8jDZhgTnMBvNm0yBdNFo6Lh6A5d+Gr5jwIDAQABo4GRMIGOMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBRs6ccKAUJAQfXzcI7u
-4dFSXtc3WjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBADANBgkqhkiG9w0B
-AQUFAAOBgQDR8om42wMsHX434zvF/Yl3Lm4GBdFmFWIiRNpqH5iS8X1lGbi1pEAg
-m37Pvvobd5tcsZd2tsz0/DOTvntZhUdX5rmvN4x0i3JUXb9bOPMDs2iJs5oFF6Iq
-TSk9wJXUwsPy3ltGGWpU817s4uj8HU3tffkyOyc7j1u3l8x2LJWPvA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitPolicyMapping EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping0 subCA
------BEGIN CERTIFICATE-----
-MIICozCCAgygAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMCBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MGUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE6MDgG
-A1UEAxMxSW52YWxpZCBpbmhpYml0UG9saWN5TWFwcGluZyBFRSBDZXJ0aWZpY2F0
-ZSBUZXN0MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsNiBmaKBCN2+twi8
-zZHkggWucFtI5ZszQOXjX8ivFQMOkIaUz2HqFIeurNmSEN2Ta8WHJJ/thRgpUF4l
-p8ovjgthh7/tScnTlJMN60ros1uQl6+qm/dzqn8kQ42EGLA9n6Ut5LuJ8AGCil+L
-9TFs7vbPktHo0h2YcwCvEjyyZRECAwEAAaN5MHcwHwYDVR0jBBgwFoAUMLGv3K7V
-MPIMOabjLBUhOK+ii9AwHQYDVR0OBBYEFDO/lIeGch/Q9DaWzigYcWwKxuVBMA4G
-A1UdDwEB/wQEAwIE8DAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUD
-AgEwAjANBgkqhkiG9w0BAQUFAAOBgQCKhd9JcXnw+W9w7fb+IhKEeepUh2J7y4w6
-11+U8Skm7KgNeSHdCzQjFMqGyeoJK+XV1j21mGK1YqXrbLjo+fHbHF68tf2rzWTC
-Y2igOFwDQFpFFbqrKbYogBOuqR8TCR3LFH9mypYIqbcfiohQF5XSwMnyNEzDc8WH
-hEapxbpusQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping0 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping0 CA
------BEGIN CERTIFICATE-----
-MIICtzCCAiCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRQb2xp
-Y3lNYXBwaW5nMCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8x
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UE
-AxMbaW5oaWJpdFBvbGljeU1hcHBpbmcwIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQDWkQsHOT5qYxFfYJsGV/LbLwMtr5DBFdB/k19gzvAjYpjlKgVD
-MgfJDc/d3WyMB8t5oICqdJDVFEq4JBU+T/J27G89SJusZSRJdmQXogfiXWHSOXtA
-f3Z4IcRxAwjoNJaF6n9LR2q5YTDIoiEK3+h1jhOiNoFwYmvTajzcJ15SKQIDAQAB
-o4GlMIGiMB8GA1UdIwQYMBaAFGzpxwoBQkBB9fNwju7h0VJe1zdaMB0GA1UdDgQW
-BBQwsa/crtUw8gw5puMsFSE4r6KL0DAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZI
-AWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKnjTqcv
-cg3JfloLHCOwWWPdk64BNIs0gLMI584sPNdiQR5bCz4KCoKMzvzIEZDL+kVo6RnR
-l39fdQ1rIbv5lE6nUVlTJNcj5Mq66NMsdVFsz5plRGUN4YpEDhz30hiwjkoo/B6N
-Bs76rDEC1VReVfNcwcglyKXIIEjHTMMsG0GH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6C:E9:C7:0A:01:42:40:41:F5:F3:70:8E:EE:E1:D1:52:5E:D7:37:5A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        cc:98:13:01:ea:eb:7a:16:12:f0:2e:66:3a:2e:6b:fd:c4:2a:
-        17:89:46:64:18:5a:ca:d2:00:55:3e:bd:00:bc:ce:f4:76:7e:
-        68:bf:f2:73:cb:d2:04:b4:e4:b4:21:6b:e0:4e:ea:c5:61:20:
-        3d:b8:db:61:e2:d5:27:19:48:65:cb:47:d1:66:3b:29:a9:c7:
-        66:f6:11:09:2c:48:9a:c3:37:a9:b0:74:16:91:b3:d4:ea:90:
-        2c:af:a8:4a:6a:1f:4e:fb:40:b0:e8:5e:13:58:f6:cb:82:53:
-        47:43:79:ef:05:89:6b:5e:e9:99:1c:1e:83:07:10:5d:40:ed:
-        f2:06
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRQb2xpY3lNYXBw
-aW5nMCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUbOnHCgFCQEH183CO7uHRUl7XN1owCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAzJgTAerrehYS8C5mOi5r/cQqF4lGZBhaytIAVT69ALzO9HZ+aL/y
-c8vSBLTktCFr4E7qxWEgPbjbYeLVJxlIZctH0WY7KanHZvYRCSxImsM3qbB0FpGz
-1OqQLK+oSmofTvtAsOheE1j2y4JTR0N57wWJa17pmRwegwcQXUDt8gY=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping0 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:30:B1:AF:DC:AE:D5:30:F2:0C:39:A6:E3:2C:15:21:38:AF:A2:8B:D0
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        ce:d5:06:91:52:5b:f0:21:b9:9e:d1:3b:5c:d3:17:a9:f1:b7:
-        70:51:ab:64:ac:d3:3d:4b:e6:bd:eb:68:fb:0b:45:7e:04:45:
-        4b:26:b5:fd:ca:66:7f:39:9b:42:2d:bc:1a:56:92:65:39:2a:
-        28:6b:d3:6a:7e:6a:8f:eb:c6:2c:3f:29:1e:73:75:9e:dd:01:
-        19:29:e5:d4:5c:fd:d8:ce:15:81:35:f7:8c:45:19:1a:64:35:
-        79:e2:00:cb:3c:38:56:63:11:38:05:07:c6:1c:c4:27:61:fb:
-        0e:a8:b1:1a:3c:6f:8c:e9:0f:3c:8e:ab:d7:3a:45:bb:15:4b:
-        41:60
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nMCBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUMLGv3K7VMPIMOabjLBUhOK+ii9AwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAztUGkVJb8CG5ntE7XNMXqfG3cFGrZKzTPUvmveto+wtFfgRF
-Sya1/cpmfzmbQi28GlaSZTkqKGvTan5qj+vGLD8pHnN1nt0BGSnl1Fz92M4VgTX3
-jEUZGmQ1eeIAyzw4VmMROAUHxhzEJ2H7DqixGjxvjOkPPI6r1zpFuxVLQWA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1EE.pem
new file mode 100644
index 0000000000..2689b692e8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 71 15 64 2C 19 9D 4E F7 74 B4 7F D7 B0 5B 4D 45 4B FF F6 D0 
+    friendlyName: Invalid inhibitPolicyMapping Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitPolicyMapping EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping0 subCA
+-----BEGIN CERTIFICATE-----
+MIIDsjCCApqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbaW5oaWJp
+dFBvbGljeU1hcHBpbmcwIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowajELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExOjA4BgNVBAMTMUludmFsaWQgaW5oaWJpdFBvbGljeU1hcHBpbmcgRUUg
+Q2VydGlmaWNhdGUgVGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDN0IaRs5W2GuI+RQoATLnfq2uut62sjrBHpXm+/0DkgNuM/dfoGsYDLwBKfGn3
+qgoAo6ji6khYrCtR/+SKIurS8zuH+I/cYeiRZ12Ibg/Ua8/xKRbh/7nd/80SBDiA
+9CxbInnuiP+oHXSLf40ITa8aFCfrlPah71XFk5J7LBWKrGgNmQoA23m0tP1R8QWS
+OvvlxEVeQGazDd/2gQlr5t/cmbvzGTS7beiHjq+guzeoaERJ1oYldpvk9hYf2IsG
++MaVIyNLj935jopLVkAG5Zt1zVfYeSgm8Rxba3+S2OcCmHlAOM3XBUxBUVJN9WsC
+PkLXw+Dk0SAGw8zDQXh9a6+NAgMBAAGjeTB3MB8GA1UdIwQYMBaAFP+0c2JSjVyW
+OlqQrhq8uDx5gWMeMB0GA1UdDgQWBBRGnoIVM9ZVKmQsZhmhhwsQpoe8VTAOBgNV
+HQ8BAf8EBAMCBPAwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIB
+MAIwDQYJKoZIhvcNAQELBQADggEBAIYTbq4NLd0+LIfk3ppsdEzOz5LONFBc54w0
+sh386ycVC5SBgXxibYDy0oN238lmZoAjvx6TWgAeVMP7TRwPyjMrOWivYWN2wBQy
+8wE4g+Bo/NoLBzAHm9yaWUeILEG7xDm9Qpkj81Am/2jDJv4RTHkPqhC90Tbh/j9I
+itkoVftRQlxsXx0NxJoSsfjDoG4+0LRM5elYHfBIldlHYLQiPcI4z4YW5FgtIs8m
+WTAzVduck7L/ttW00UBYyWjek8HE6eDkTJFvHFfwOQ832M6inyBLrFiB0lD6w/qH
+wekDTXqRelr/dtJvG0LpHq8/dEZeachaKBkm1oJoLKARAFkZWtE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 71 15 64 2C 19 9D 4E F7 74 B4 7F D7 B0 5B 4D 45 4B FF F6 D0 
+    friendlyName: Invalid inhibitPolicyMapping Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,588D74E5A29155F8
+
+QG7xbh7WoC9L/rNrseIj+nvQux4U7zOP9BdQSRKJaTb20ydKw/loQoSHLfDyR4OK
++qs2RFYTXuq9x0UwJVBZxVirlvkfikGaOaYX3PdsHyQJxgi5mvXkGzey9sHGPBOT
+qBkU/Bkn41Fle+UGoYesfQ3kZx2j0u8AN8C6r9EoQHRbOD8a/B0ls5q7n6YQ+MYc
+BfmELzhRCkRzBHkwbhBaurI1SfNIlO5ze/VTV0UzDZcRkpzBIiEYBKt3R/wV6rSV
+dEgrdFLgKk2y0a92Ai4GqevmtnJFboKUPb7gHj8hfInN+5M5po76ahHw9fpRlS0D
+/GYzw9Uh2R2cxMr7Gv10GW9MNHB9+zHoOa4v5RH+zPp2edttXAEUCFFFzi952ehb
+dwkJ8HVD1phftmSpmpy6RetpUoMlKjWyGWjE/A/WGrGvnIwrbPfFPo560PZDtNtC
+VUN4hZTiUYe+bf2tycKgSouPP9N5y5Y6t0eIFWh3U0A2YV+VFac7rWHYT8gDr23b
+YYvYdnR29W4M9g23rO65nb4+dMEOfLte1BgdI404/kVVNaBXJL7FndKnCYsUaz7T
+TaL2gh/oT2jA1BxTrJGy/koXjyydLMyPL9NpWETIfjssiDSc6AVp6MuT72Mz33Rb
+e53QYH0shuxRjJ9tQ+iRN85IoJzlzwhEwgo8QjMi1XCd3SIRArrbtzehgAb0HRxC
+QGLVF6mIaGeT7LkBp347v4qM8ezkYEhsF7Sh9Cpb9hxJMCBsv8U6rIyHQUV9xYfJ
+l6gVkis83Fqa1zLydbDIpFxyPO8t1qeCNXMU/PSgi3QQBeq2DvDREJel+eYCXNUc
+0GvZjQXs13e8DwrWufp2dIOW7FwgAR9BtkHSc2gbDoIotVBQPiqC0Yyy8vcSmpLf
+b+NXzqLm6MRTW6+i6qkEqeOVGNRQLyTFoBAiGpVsYhTqdeNMBAulkLc9Wwjbtemu
+lDmfjPoAq/funxct+7NMl+JI3UtmDfa8t6dQ1v5soYa8cby3vcN7pqb/Fe9GwSce
+pkUem8sffrM9Vr0EPNlKi27flJYtu9qbM4wn3JRfIkd5XIeyO0CSHCL5rVgvAHL8
+k6Q1HB0iIT3SJivlVT97ilvVhV5DsRlI52FYQj+a5WExHLgjdx7XtTqaUTnHMLnr
+NSbammoSyY4MKSrf3gNK5u76nMls4QmDumPb+DxDZGqQK/k041bb6oWblJeBQ0RA
+ZO0KHDfNNd+Ksi6dXCATAJ4jOfU9ohbq7kYGjhQZ/y+4/qhe9Z3g6mRRFg/ygc7B
+GEra8F2JiFFzYVqZbRcOeTVfeFsZJ5xP7RVtO4qFdjk+q1udkSQ+CfuEM61A8dXv
+2ByLevRVfAq9BxivadALLcXq6P/Q5/dcjQDB6U7ptgHdDHvjXcVQllGu7esgXLUH
+oK7H3GlRkwVRgdFbJehYEAnc+qee67J4V/QrOXQqaGi5V4i1KHg5RMpN6HDJnY2z
+d54v6DPMOE08xfVai8YSOXx6+mP0kPpQvd+66eD35WrgJf+Kct2uQGcW9SuIQW2q
++rCkdeAWv4PVJTMt5yT1J1j4vQYxKu4+G8QzngeSfCBYIU4rTIBqoRVq1H8Abtd2
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3.pem
deleted file mode 100644
index b1fe680fbd..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3.pem
+++ /dev/null
@@ -1,216 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitPolicyMapping EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA
------BEGIN CERTIFICATE-----
-MIICnDCCAgWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBlMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxOjA4BgNVBAMTMUludmFsaWQgaW5oaWJpdFBvbGljeU1hcHBpbmcgRUUgQ2Vy
-dGlmaWNhdGUgVGVzdDMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKb7DrW9
-Hb+KTJCO7IrKHRUs3FihVXeQr2+m4mUyxOo1SFMZQq+7bojuyImkv08GBbeMXPqV
-RHdNWwVUgMMfynWekNRrlwGFNAfSKd+vxmPUTTqzH6fxQqCRx1CGp4dVV1o9BTES
-DuwmZurFPYEu2/tf6gnxaHBNUUsYqRdztXIZAgMBAAGjazBpMB8GA1UdIwQYMBaA
-FFqTS++Wnq4+QxYmpBgeeYui5pshMB0GA1UdDgQWBBS7Wt9YatmqgSrox0Q7yWRL
-lJU+9zAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAFMA0G
-CSqGSIb3DQEBBQUAA4GBADOVfkwUiMO6wkkOxQ/lMXr+bjJlFLz4nFQx7/YBmUBH
-cn7z1B8KAhf9SlqwOmMSz0OD/1ALmdjyX0oymWVB9RWyQyvvmin7tTZKBW0KdcQZ
-GKmRog0HaZ8rHx37ewB3ANJfyarjBABp9einu4Aj8ak+aePYU1mth1YNGS1YVwfb
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpjCCAg+gAwIBAgIBODANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-s4T6CQeTrbqUSlSczfx8iMSRK4ip9F4liS7giqCrZeZYEuP+/XoRZKzqmT3G+io6
-zcenL7cegP9DJnTNuZ1nHEoeJTlhQZq00PD1n33OMK0zhMIirByYBpabztuw1dJ0
-MKKcRzJ1AswgccI8seh2W1FXdFo/vGkDOkcD21Se0XUCAwEAAaOBnzCBnDAfBgNV
-HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUj3Ywg1+jhUuQ
-FB4GBHs3AQUgJmYwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUD
-AgEwATAMBgpghkgBZQMCATACMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgw
-BoABAIEBATANBgkqhkiG9w0BAQUFAAOBgQCXSeQ5mEkpmqCHstAZJbAGVSNrj3ka
-eA0k2v+n7vDeZ+9F8bByDiBBz3RMTqmdZxQ6zroOPsw66HLxv5D7oJImbhyvFrnN
-uxPGh8hvvP67N7UT9cM0RAoIQHmoI+3+o9cqOnTIJWXXPyq5q08yTrUt1lzFyrcK
-wGB7PyQXRRDWjA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
------BEGIN CERTIFICATE-----
-MIIC0zCCAjygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-KzApBgNVBAMTImluaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0EwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJiRgbTlXD7Tr33rE8bkM1fLhA/0RcC0
-n6UIcVb6xSELqRqVIpXK2C038i/3Ta6+eoiCdjT6kvQwsM9uMBJnB7uePzDzpkSE
-G3Php6MSbnAO+6LPrGFBJ0LNo6yXvsV3HQ1Uwh8iND8Yt37obPJ05PzfU6hSnMgV
-47YDMrmE5h+5AgMBAAGjgbMwgbAwHwYDVR0jBBgwFoAUF3qKMAb26lw2QA2u2J+/
-ub2CzFIwHQYDVR0OBBYEFFqTS++Wnq4+QxYmpBgeeYui5pshMA4GA1UdDwEB/wQE
-AwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNV
-HSEBAf8EHDAaMBgGCmCGSAFlAwIBMAMGCmCGSAFlAwIBMAUwDwYDVR0TAQH/BAUw
-AwEB/zANBgkqhkiG9w0BAQUFAAOBgQCh/ZM7m2L0OxzF6RXxeVUhY5xlTjRO0HGd
-0xOnDkOesSYfCI4gUflMo6/T9Ot67Vnb9mgzwWSEXB6g2R22/3DVR1ord/UgZFKe
-w4llbMnwRS5e3zjqLGsLeWk2ZdyjoD2vmKiFBiX+rlHvaLk+5xYcGEfOupTVqWMO
-OHuz9iinWQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
------BEGIN CERTIFICATE-----
-MIIC5zCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm
-BgNVBAMTH2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3ViQ0EwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAMX6LszkJcSryGVxfI4egJDv3zFztB0M+jGHKEc8
-uPkbpVlPSjM2LWqUOks/C1q34lfaC6J5O+V3/DmN7GjLpJmdjBDn7k/aqGeE7XHR
-Wns707M/rcEWxPP/ErMQNIsqSkvy92GtwuaG7wsY4a+KyB0YCdqikJr6oK2Cvhwf
-LmC1AgMBAAGjgc0wgcowHwYDVR0jBBgwFoAUj3Ywg1+jhUuQFB4GBHs3AQUgJmYw
-HQYDVR0OBBYEFBd6ijAG9upcNkANrtifv7m9gsxSMA4GA1UdDwEB/wQEAwIBBjAl
-BgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBABgNVHSEBAf8E
-NjA0MBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAgYKYIZI
-AWUDAgEwBDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAE3ZflJR
-6b/Pwip7bO1ZIkiym+8uTzlT5nx3CF4P5Yyhje4VKVqoAOdljbZoaL5x1Zdd733W
-MxbQk/QP+wziLjZJlnqX+lSxg4wUiSU6mGtDJ1rPwMsbiiVBld7iP5JhFAWoTg0b
-XJ0ZSTHABPtNeMg2desSHwfh2I5WtX3hpXwE
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8F:76:30:83:5F:A3:85:4B:90:14:1E:06:04:7B:37:01:05:20:26:66
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1f:20:b6:9f:f6:68:a0:22:5f:24:73:c0:ac:bc:8b:05:86:58:
-        7b:97:ad:38:8e:70:61:7c:17:9d:38:21:06:0a:72:b5:41:3c:
-        b6:9a:93:77:6f:e3:15:e6:06:74:67:90:b1:95:56:f2:be:52:
-        21:6a:de:f7:bf:d9:2c:12:11:9d:dc:f9:ba:46:f9:92:24:75:
-        ef:83:af:a2:8b:3a:79:da:ca:c5:72:a4:7b:19:e1:a2:f7:02:
-        18:92:eb:a6:1b:74:bc:ba:62:51:d6:9f:69:af:20:34:3d:43:
-        08:e7:15:da:75:79:b7:81:6e:ae:95:08:cb:7d:e0:3a:50:7e:
-        c1:7e
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEFICZmMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAB8gtp/2aKAiXyRzwKy8iwWGWHuXrTiOcGF8F504IQYKcrVB
-PLaak3dv4xXmBnRnkLGVVvK+UiFq3ve/2SwSEZ3c+bpG+ZIkde+Dr6KLOnnaysVy
-pHsZ4aL3AhiS66YbdLy6YlHWn2mvIDQ9QwjnFdp1ebeBbq6VCMt94DpQfsF+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:17:7A:8A:30:06:F6:EA:5C:36:40:0D:AE:D8:9F:BF:B9:BD:82:CC:52
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        01:73:17:d4:24:e8:3a:79:6d:9c:a4:96:74:fd:60:fa:65:82:
-        c6:0a:26:9c:64:d6:f8:c5:01:8e:ce:70:b2:a4:1a:a0:1c:41:
-        df:1e:a2:36:1b:4f:2d:56:6f:ef:e2:fb:e7:84:d3:aa:0c:08:
-        04:44:67:57:88:8b:34:b1:74:8c:57:96:9b:e2:b7:dc:2e:d4:
-        a3:05:41:bb:24:fa:be:2c:a4:cf:be:0a:aa:8d:64:ff:6f:ee:
-        e1:24:c8:06:8e:15:fb:fd:19:fe:92:d6:55:84:ae:71:58:2c:
-        6a:65:53:34:39:20:43:1a:5b:20:41:81:00:6c:5c:10:25:b0:
-        3f:f3
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFBd6ijAG9upcNkANrtifv7m9gsxSMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBAAFzF9Qk6Dp5bZyklnT9YPplgsYKJpxk1vjFAY7OcLKk
-GqAcQd8eojYbTy1Wb+/i++eE06oMCAREZ1eIizSxdIxXlpvit9wu1KMFQbsk+r4s
-pM++CqqNZP9v7uEkyAaOFfv9Gf6S1lWErnFYLGplUzQ5IEMaWyBBgQBsXBAlsD/z
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5A:93:4B:EF:96:9E:AE:3E:43:16:26:A4:18:1E:79:8B:A2:E6:9B:21
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        64:90:80:33:7a:e3:e8:e4:66:09:4e:4d:1d:ae:cb:f4:f5:b2:
-        ea:4d:48:24:be:04:8f:39:9e:c1:da:6c:14:fa:0a:a5:be:47:
-        84:19:27:c0:3e:15:ab:18:78:71:0e:93:e7:6e:c8:05:ea:f2:
-        bd:c3:7b:fc:52:04:be:fc:b2:22:80:81:35:b3:ab:57:7b:23:
-        ca:39:66:ed:47:19:cd:1f:2c:ab:14:4a:28:5d:23:ab:24:7b:
-        e3:51:bb:78:79:05:20:25:ff:13:4f:c5:d1:2c:e1:67:b3:e4:
-        29:35:2b:1c:5e:aa:01:17:aa:49:bb:04:66:52:a3:1a:7c:0b:
-        f5:57
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFFqTS++Wnq4+QxYmpBgeeYui5pshMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAGSQgDN64+jkZglOTR2uy/T1supNSCS+BI85nsHa
-bBT6CqW+R4QZJ8A+FasYeHEOk+duyAXq8r3De/xSBL78siKAgTWzq1d7I8o5Zu1H
-Gc0fLKsUSihdI6ske+NRu3h5BSAl/xNPxdEs4Wez5Ck1KxxeqgEXqkm7BGZSoxp8
-C/VX
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3EE.pem
new file mode 100644
index 0000000000..5b1e4ed0c8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: EA 9D E0 FA 86 7E 3B 5C B8 87 06 8A FE 4B 65 C3 6F 21 7F D7 
+    friendlyName: Invalid inhibitPolicyMapping Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitPolicyMapping EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqzCCApOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMiaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGoxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTowOAYDVQQDEzFJbnZhbGlkIGluaGliaXRQb2xpY3lNYXBw
+aW5nIEVFIENlcnRpZmljYXRlIFRlc3QzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAv52QYQ1BWUErsri346fudEihcaQNINeU16WfsFvSYR/3ouv3u2Iu
+kK9BngF3VahW7oyBeXwxmj/iAV2jimT/Fi1g2h639V3eHn8mOa5f9xzRbnUDk7vz
+HqIx8UYup1zPcup4grk44BrkYyJoE3U4CRxDQB2Vw6lNV6osd+MuNyxkFZLnOie5
+Hcl3UoXWG4lc5nCN5iNxxkaooKKlnOh4UR0Zd1jUh+AVP2zkzjw3OtER8PILl3fv
+9hN/qcwW+0BSAemGQJDV5Nd7D5fCNJzbbXHToA3k/Bp3F3BqeE45IdFv4varhUjc
+9pXAmno8Y9TXt6QAM5iN5UaJvOLTHkqqUwIDAQABo2swaTAfBgNVHSMEGDAWgBTX
+gFwTi45BdroKtXNx6KNAgHQO0TAdBgNVHQ4EFgQUfdcKiPEJVz+3CWS6VMEBm+M5
+jCIwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwBTANBgkq
+hkiG9w0BAQsFAAOCAQEAVLVv3n3zSEYB7Pva607pG1mONfUdPsSkK+F+2SA3tSDW
+v39v9BuFVejJ/WcJi8S9Oj7dB4F8GkbH/Mgjlr/SGWNC2gG5z1eG/Xa5ZsVYxT8M
+o1XTK4S8TKdPPT2fvL3rHFwfsvhjama4zbB9/cG4HV0rRGOZIl2Dr4DwfdKxVllu
+pF8syWwTfzNOPiwbBVGRVDqVapQ0s/qjMkwKYmVj0E+xcVphBmjG5f4KLzB3fTiL
+YQHp6e/hD6fqDy34gnJKnvIdIpPS3mCJ32jUvs00gihBUXytvmF9mDmtx4D0gr/I
+HW06yZ8bXGZay35h+u/+32Qi8rs6E5p9xZjqhk7yzA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EA 9D E0 FA 86 7E 3B 5C B8 87 06 8A FE 4B 65 C3 6F 21 7F D7 
+    friendlyName: Invalid inhibitPolicyMapping Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2EFFAF2EC16FBA85
+
+mnA8D/OO9/bRdXRtgF1460ooWSCBxgdMIp/ykM51o530doJX7pWwntIUnJstg5aZ
+wHhC7vJUrpcojZl1jzjNlMPAQ2GD5Tf3vGgvn+RoNrslRY8b0ipPh1R+73tn6ChN
+6dRI/GFbX0DbyxECglvrNynf1jbQaK+ljECnvypbjkBic4daBEAZzREP0RqWXzb4
+54MUmDGBFiOuGYNrUmFBk/1T2neOTHI0ry0nYVQqtU80QsNVbsYTs63dY7YR4RZQ
+voC+jW8xsrRFnCZkkmAsXFPzJPK8aUI5oAuOuE/cq0ymOXz3PcjGtZ5J0pCK7ruC
+i/YdtSmHwoJH/TEV/hWErlSduHziitORjqk6KHnSRUbU+bd2CEcgo9JBwn9OV56o
+QdUpPFfdrGFA768qPqmQnXSCeCUGvtqIR/sxdUhQ0LLUbdbMDgLsaOqXkXwchTPC
+LvWexL2kbtQUaUaV0pgDlaBfRYx/Vdm7hhM+b8Fdd6zy1eET+60fdsLyZuh8eyXx
+jDIWCRh7htT1XPdxGsCTXBMzgjG2PmbMfXWuZ293YnRsWx0Ll5Ed48kvzQiLjPEq
+duVDh9PIw3lOnjZGBk33ubn+8b/ZmCkTCVbNT0c7a060TXgekJnoXxut/7bexlf+
+nq57Z9JBmhVpUrT8Nu0Qrss/OwNuE2ZPUPDxzYoPqXu+WEUqlgs0wmpcpCFxc79z
+ELYXJAK1pVkw9ddVouLXbB+u+C7YpmoxZg8biUb0Z09eTDcw5ngHu8MoUMBLQpho
+TSrC/pH0fEpe192cqWyUY1oaAfFFzzRLvTSfBvzHYEGI3pPL9+4JSKbBvRjyIIz9
+yiPnXm673/mchrkKM4kfACRvhIlbUtF3VcZAE10mI24teFnsS+pjBij+hDI8fh8z
+W4CE9KUj/AhXGfjFveFRVmJ1vi4WX9h8Sl76Ne1MEqzyha7jNc+8orwMOEoHXI+v
+Dkws7KLCtVfhsRY14vQXFuOw02H3hQI39VfMhb7gerfllO33ZjdR8ygNuGc0DI0l
+H4Zib5SgtuawMpxKLH9hTCCQqkssKS6UZUtCP8iOnz5xq3+x7aRLblZqpINVdBEv
+DkPcROdqssbzHT29kheDd0KfZJF8zAHzRBvdM1LFLyvlJuSyWnnGuRDJj9Ttno+g
+/QZVRbjs/LIz74FOQjx33rFJGYGewH41mz6+4BbFjYDo8Kee9sqxte4Dj3YnNgdV
+Wcb3UDFHNv0qy9Ec/U/6a2JNx0fT3sKl624j+GMDddJv7/2ToR2GWYb5vF9peoUE
+KaeyGlIdi6nfCtTJzbTlg6on+i3T8xnft0IdrfNyfm8h6q7TtBYgsBhJYHX1sccc
+YY9oOcfq8Ymm7M1ER6wdTKYZY8WFXRCOtUrK3N3TrVStpjhIxlYgCILeCYo2/ceC
+GzJLjSlaXUWGZi0JziP0jym1K5poLrhVQGaRQ/NZheSmJ4H+s3BDFwy2g92Slb8b
+pw58GvcOukDjrAPafNRn8C5unDLBkHjHI0OzS1VvksldFRHuLhqvYmzFgbGq68M5
+hzakqEVOTr+Ny3vqF6nXOpVn1ckkUbMa54uPtiTM/LxJPpODjvCYXA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5.pem
deleted file mode 100644
index a14824bcb7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5.pem
+++ /dev/null
@@ -1,264 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subCA
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nNSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG
-A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmc1IHN1YnN1YkNBMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQCzgPv0jUMseTafKoAOspqZCAtVctNqO5SipAee2vLt
-7PijWRyqmveQUmDdJ5SFkFnevzRHhOINFIhKjygmtJQe0px86XknNJhW6OPICI2M
-jxgzst9Cs5w3cYjsOxsD5+FXzritqz6jSQ8Fa52IhmBYcbRncSOcu2IOGGMOUfLf
-7wIDAQABo3wwejAfBgNVHSMEGDAWgBTvkHRdvSchXG13RCZt3L/7vmNrCzAdBgNV
-HQ4EFgQUBN9qa50ER9oRS3e69lS0UhaUJsowDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
-IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
-BQUAA4GBALo5V4PwqAf314Emx79p7ce/cKrLjdi63pS2BsN4dFQ7TbY4Uru6/0Gc
-lZvOzyBVyvb4KxYTgvmOUkaNIpEe6xyRjHN5oAOEuOOgnXjL6kQz1st793h3WaTA
-hTg1AyHkktBRVhr0g1rCHCsGdrq6HSU9jZqvOOPaWomS+woTciNh
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClDCCAf2gAwIBAgIBOTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYaW5oaWJpdFBv
-bGljeU1hcHBpbmc1IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmgb4z
-lKzduO0U0YgdsR69hYe1HUrPtFTUc7C3KMaX2LsYdutgdW5fQ5atnORTBTTRY11C
-G4hIuo7WabxJOcSK9lrleEw58bZjDsNc5/o8xo3cF1zkmc6/DH4P5CGxk0nOzeLY
-XJ9vyj/nZc5i0k6H7NU+cde/s5tknCDntmnf3QIDAQABo4GRMIGOMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBRAFr9wLgI4+Lavp1rZ
-sgNDWZj1TDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBBTANBgkqhkiG9w0B
-AQUFAAOBgQAfLQvmb/5mx+Mi05zSJQyITwTfrw+AMrYezSpljeUZcymBLkK64BCs
-eVXrxImcI3hi3oWPcJL2dt5mmQB/o96qOYkEBbxDD0WQ0rwKgXOODhD+Di5aZPqB
-g9ZeBDxQgveLqLpEh0JL0MwJDLXH8Lca6XVdmPmFuaob3aIOP/zdcQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitPolicyMapping EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubsubCA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xp
-Y3lNYXBwaW5nNSBzdWJzdWJzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMGUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czE6MDgGA1UEAxMxSW52YWxpZCBpbmhpYml0UG9saWN5TWFwcGluZyBFRSBDZXJ0
-aWZpY2F0ZSBUZXN0NTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqU2HY4J5
-i4TyagwhHyTz6DgQT7GKk0xSor3iKrPjBUTpEVWM041qODnfp8RL42lhZ24okQbQ
-8DoNH5dL/jtH5RsbZnfJnhHL8GDttKjLwHpRVRLbv4IlV4eQoPzTSRR7D0ishs06
-PdRXDoy0+UhNcABrm3ko1gZjAcPRL/ammFMCAwEAAaNrMGkwHwYDVR0jBBgwFoAU
-JLZxrVfA94Sar1a34h5IbPP9rjEwHQYDVR0OBBYEFEqYOSxfq1nokOSM2rwp2uDB
-0O6pMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDQYJ
-KoZIhvcNAQEFBQADgYEASMkNNbv9N1yfYt5C2j3Lmy5rhbrTjrEDjNCJsQ1Pun3c
-qrJCtX52pGRNef3Sabh2W4jOExljobE/P45PdPw5uJtQd7YgGN58cr6wOz08SA2c
-j4vAlaNjcbNW5d3sUX6LgXFOHsamawjTncegVpR7mCY8lqVjxmW9ha9NF7h6ACY=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 CA
------BEGIN CERTIFICATE-----
-MIICoDCCAgmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRQb2xp
-Y3lNYXBwaW5nNSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8x
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UE
-AxMbaW5oaWJpdFBvbGljeU1hcHBpbmc1IHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQDcDskVa22gKY6hi1NN0qxc3EGcrc7Ef9QD5LomWJ0NbPF2omux
-VOp4diM850F8rFaVpqHpOI6ElWc1K4PYVN+gp/sZ5V6unFR0ixzEvpsPTZa38btH
-kcqGMFfxw/f5HtdvgB1dt09da6xG2UFKxnubgQuxUPEx9FcEYSCrbLq3gQIDAQAB
-o4GOMIGLMB8GA1UdIwQYMBaAFEAWv3AuAjj4tq+nWtmyA0NZmPVMMB0GA1UdDgQW
-BBTvkHRdvSchXG13RCZt3L/7vmNrCzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0kAQH/BAUwA4EB
-ATANBgkqhkiG9w0BAQUFAAOBgQBNZ4dVlouj30O2fD0c418lyzVO85YIAuof3wDW
-LW4XjH/r40L/BUPDyFJceZXA7Yaym+UuYLZh9RQBEtkplLkcqgezH5GT5EkefBjQ
-CrQFgsqRttLQAuw03v+2I9a8vHY3u0L2puzJQ1l1GkV4gqSAgEv2YVdva0gkq7sQ
-52udtw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubCA
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nNSBzdWJzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMFUxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEq
-MCgGA1UEAxMhaW5oaWJpdFBvbGljeU1hcHBpbmc1IHN1YnN1YnN1YkNBMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDT9hQ7qYK6NHbsH0I4rzox6PZHPasVXKNr
-Er1k+U5DVQ4tuCaZk6QEdBpLSMc4V62MtVl6mu/Zox73h6yvllHZDBuH63fEVFLc
-WWCQ0TejhcMx4wp6A0TVqocawS4C1gMhOeXrYZ18ZWakU8DPVwOb23y4/zseqUt6
-1tXPvs2uwQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFATfamudBEfaEUt3uvZUtFIW
-lCbKMB0GA1UdDgQWBBQktnGtV8D3hJqvVrfiHkhs8/2uMTAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZI
-AWUDAgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
-BQUAA4GBAHwn3D10SDne03e21/XMdNEGPmNE+jCS3S12gtAPbeHa3KxqsmmuBcEv
-ahsKPoF8CtAAPiLUK4M9GqwK5Vf0bsBlduOnF6vSnZQGKp9OQKOhbTfIoLSWRGIF
-TtQX94lVnOBpO+qXCl+FBKm/eUGyAa6/K1s6vwVtNwW2uT1YPKe/
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping5 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:40:16:BF:70:2E:02:38:F8:B6:AF:A7:5A:D9:B2:03:43:59:98:F5:4C
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        6f:3b:6c:aa:51:1a:cf:0c:81:3f:8c:c1:f0:60:03:0a:7f:36:
-        01:0d:82:fe:71:4a:14:99:5d:f7:cd:33:30:2c:e5:11:0c:8b:
-        6e:7e:79:6f:56:9a:eb:cc:20:49:44:c0:1d:33:2a:3c:52:98:
-        3a:dc:32:37:d1:54:16:96:4c:b8:e5:32:39:ae:93:d5:8b:1d:
-        36:06:b8:bc:05:d5:d9:71:bf:79:4f:b9:45:6d:86:50:38:b1:
-        af:af:68:eb:32:c5:77:86:53:6f:d8:dc:f1:a8:bc:e2:fd:e0:
-        4b:81:5b:1f:33:7f:9d:2e:45:c9:66:1d:5d:8c:da:ad:79:aa:
-        8b:7f
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRQb2xpY3lNYXBw
-aW5nNSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUQBa/cC4COPi2r6da2bIDQ1mY9UwwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAbztsqlEazwyBP4zB8GADCn82AQ2C/nFKFJld980zMCzlEQyLbn55
-b1aa68wgSUTAHTMqPFKYOtwyN9FUFpZMuOUyOa6T1YsdNga4vAXV2XG/eU+5RW2G
-UDixr69o6zLFd4ZTb9jc8ai84v3gS4FbHzN/nS5FyWYdXYzarXmqi38=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:EF:90:74:5D:BD:27:21:5C:6D:77:44:26:6D:DC:BF:FB:BE:63:6B:0B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        33:e0:23:55:35:fa:8c:e8:35:21:f8:35:28:a6:2f:57:5b:6b:
-        df:3e:12:97:76:05:15:72:73:5c:da:7b:17:86:63:13:80:19:
-        33:5e:c8:f6:3b:13:a1:33:e0:06:ed:1a:8e:1f:ef:8a:02:cc:
-        9e:33:22:c2:b5:94:05:32:98:0e:65:71:02:c4:ae:e8:36:9d:
-        81:d3:9e:24:51:01:77:ea:d1:a9:a1:e6:04:c5:62:bb:82:2a:
-        7f:aa:3a:59:a6:72:48:95:07:91:ba:34:20:26:a9:d4:ef:6b:
-        11:09:57:8e:64:19:29:70:77:34:92:e3:eb:82:9a:c1:ee:a9:
-        83:32
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nNSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAU75B0Xb0nIVxtd0Qmbdy/+75jawswCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAM+AjVTX6jOg1Ifg1KKYvV1tr3z4Sl3YFFXJzXNp7F4ZjE4AZ
-M17I9jsToTPgBu0ajh/vigLMnjMiwrWUBTKYDmVxAsSu6DadgdOeJFEBd+rRqaHm
-BMViu4Iqf6o6WaZySJUHkbo0ICap1O9rEQlXjmQZKXB3NJLj64Kawe6pgzI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:04:DF:6A:6B:9D:04:47:DA:11:4B:77:BA:F6:54:B4:52:16:94:26:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1c:39:2f:17:f0:d4:ca:3a:70:97:52:46:b0:ed:08:8e:3a:3a:
-        92:e3:5e:f5:33:4c:73:0a:a8:14:49:ae:ca:d8:90:6f:e1:ec:
-        23:36:9f:95:e8:a9:d2:b1:6c:2d:99:94:21:f2:6b:7f:98:c8:
-        f4:e7:f0:a8:26:e4:58:e6:a1:f4:68:dc:10:33:a1:c6:c5:0f:
-        a7:a6:7d:1b:4e:cf:6e:b7:72:71:a2:6a:d2:e5:e5:e1:b8:d7:
-        88:3a:a8:d2:e7:bd:a4:ce:ff:1f:ca:f5:7e:7d:fd:2c:4c:03:
-        2f:96:87:d8:4b:ba:35:a3:63:e2:87:cd:95:2e:c9:34:97:9c:
-        fe:30
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw
-aW5nNSBzdWJzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUBN9qa50ER9oRS3e69lS0UhaUJsowCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAHDkvF/DUyjpwl1JGsO0Ijjo6kuNe9TNMcwqoFEmuytiQ
-b+HsIzafleip0rFsLZmUIfJrf5jI9OfwqCbkWOah9GjcEDOhxsUPp6Z9G07Pbrdy
-caJq0uXl4bjXiDqo0ue9pM7/H8r1fn39LEwDL5aH2Eu6NaNj4ofNlS7JNJec/jA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping5 subsubsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:24:B6:71:AD:57:C0:F7:84:9A:AF:56:B7:E2:1E:48:6C:F3:FD:AE:31
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        35:d5:ce:cc:ec:10:2e:1a:1a:f7:ff:19:1f:16:bd:7e:46:c2:
-        ea:f8:79:b1:36:48:74:28:e9:6a:68:59:f0:a0:32:c5:9f:64:
-        f4:02:5a:bc:5c:2a:bb:62:10:2f:73:66:a7:cf:de:b7:77:26:
-        1b:c8:7a:95:6a:2f:1d:e6:3e:db:1b:15:02:3b:fe:bf:e1:5f:
-        3f:08:29:6b:a7:84:0a:08:46:6f:66:f3:71:84:41:97:8f:96:
-        02:39:ab:ea:c3:c9:21:99:1f:6f:93:5d:19:4b:df:95:59:60:
-        0a:71:2b:a9:e6:a1:bc:e0:e4:fc:5e:b4:a6:2c:99:a0:2a:76:
-        cd:d4
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIWluaGliaXRQb2xpY3lNYXBw
-aW5nNSBzdWJzdWJzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUJLZxrVfA94Sar1a34h5IbPP9rjEwCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEANdXOzOwQLhoa9/8ZHxa9fkbC6vh5sTZIdCjpamhZ
-8KAyxZ9k9AJavFwqu2IQL3Nmp8/et3cmG8h6lWovHeY+2xsVAjv+v+FfPwgpa6eE
-CghGb2bzcYRBl4+WAjmr6sPJIZkfb5NdGUvflVlgCnErqeahvODk/F60piyZoCp2
-zdQ=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5EE.pem
new file mode 100644
index 0000000000..3c52fc5fc4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: DE 8C 5F DA 70 9A 8C 60 6F F9 AE BB A1 65 E3 82 D9 09 27 B9 
+    friendlyName: Invalid inhibitPolicyMapping Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitPolicyMapping EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 subsubsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhaW5oaWJp
+dFBvbGljeU1hcHBpbmc1IHN1YnN1YnN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowajELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExOjA4BgNVBAMTMUludmFsaWQgaW5oaWJpdFBvbGljeU1hcHBp
+bmcgRUUgQ2VydGlmaWNhdGUgVGVzdDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC0i3fp+XfZPUG9DSTq/8OqOa6mw5BfqUR2OVuxulyooJ4qHigWqHCk
+muBd/ACPkowfECXCUCBypLRZ9hfDv+jZ+Jm5VWVMQ9N5qEkKae0BIxa7yv+r2r7Y
+5zHMWK67D0qIh29nCdCJE9aH4q56ig/8oz5icRc5tA723KT7/nDHVBGIfr5EPkAI
+/W2x1uNEwq85Qvy1bQdCUQkH4tbe0qLpYs013UQNFNH/NLuRQpDYFTMTyGApf34r
+gNlFzcnwNtbDj8ewQITe4LWC0zw54McUtzmqdvSdSaawg91XyXg7bg6ecDoRCnPn
+Ig/bCtm5RYKwPOIG5TMBFpn/vUtdUcyhAgMBAAGjazBpMB8GA1UdIwQYMBaAFK5j
+y9fiw3Hj9M5u/DX0m9JNPtwXMB0GA1UdDgQWBBQMlU4t80WgAZvBvO7pkJDrW61R
+nzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMA0GCSqG
+SIb3DQEBCwUAA4IBAQAubNdSsC6g4XBAAeavQ+94LbgE5Doy/MprXYSH7gGUDEDJ
+aLUiqgOS4imF0gdBv2v4PQpsD3yALD4igMdIwO8M7wMSEwY2WyCNHa95KGmzvbSl
+CcYjpPqXsrZOrZjYWF3JSSjIBEFVzWgSM5pGbtAnRD+wRXygTBGkUzKq9Rj6pFUs
+FWs90SxaR0EBCc5vtNcpIQK5iXnYCO3rPHzcdcSN5Cr8VCrt5WvCrbxLFIoKr/Kz
+KKoj1CbFqedcGBnRwwskfTLvEZdDs9xTr8I+A9DAZEoIPrcVB0rz9MH4biZBPDBg
+GxCqwudDV9TUmuqh1Udp39odeV1CPWfTSzJz/gK2
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DE 8C 5F DA 70 9A 8C 60 6F F9 AE BB A1 65 E3 82 D9 09 27 B9 
+    friendlyName: Invalid inhibitPolicyMapping Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,00F5B427B5DC90D5
+
+HL3b7J8zUgENhTrSgUcPeQKTGJF3nUZi2FSeAC6x9TQW2jciLcI+ySs6oovnLbpv
+KRRcr9wgPwjw8fbzajYEVK6Q041QNE7XdOocq167PtSdKmQVMlLTabzsNNvHnatb
+A/vXXFk7OGWEKuit8HBTYiK38Ur1xI2YNT7kx6Fu7udBoimPZ1dj5y8dktbzWFCq
+pcf2xrhKbXhCZvTAcaDZgQHJWcnQIzTFdEa6L78r1eavrtD35ebEYyNRePSGSmNp
+1cDJ6CF5INsSvmdAjWIXHYmmoqdRe1buLSq8ar9pc9jfxYZjH+RnqWqiNdakti2a
+FUMn966dQCxaTOmWeruSg4ySXos/E1ZWwhY3qzuwc0PSc45dLr/FNY1YB5VtrHlZ
+OXd+s/CdElmXATjt1f05+AZAzRw32JENUHBNPLlG5v0Ze79y8aQyq4FWIZvfawoE
+su0W0hIM9EEb+Jgfl1Lew9FeKHETnzOQcOKvxQwnzbiwwG3v/ttFkquRAN9y3rn+
+uT1Ab1uBK/KptHBJlC1xcL4PLmM9vxsM13xsPdzbnRXvgvouAmZUirrwdQkau0K9
+mPP5GfhmV+yueaUleLa+KitNH2sSQ8hYUHZL8JfUFR1T+XAL+njZsVw0kdmbVsTs
+FCmRhPUYABxZInGRUXS49AFKbS+nz6+m5p825R2/kGmu6Kj9AX273fzWUvQT28J1
+IL/GEbIrp9uMm8rokUhCJNKW7us5A1M2cxXCVtGGxX0SuP0UdrOvaeepBFAqoqV1
+2X/jNPaEpu82pIXjYOZU2p/JSdQiwHrojcJUeiWl3gALhNkuwaesPOrIYow5Yv+u
+Nyro+J2aSYcunfuUgD/0A7lhpXae2PGFG6dP/GxJzsNYvaj/YCZb4MSGh/K9qpP7
+e+1YTxwRE4jcpwLb1RrpcuuPVmT6c836hbHPTJHnq8ELyDYooDum6BwquVifebZj
+nUaxpmL5hHgR6QR9GdmGiQBlWlGZo4lmOBMBIVqnW+OWKSgJFUSdsWTmZBGmYrG3
+cp9bj8hNFfGt/G/11atg/A8jJZlv17s1xYWcM6QUcAhCnCwvftL+N2odYYwhcD6e
+RIO11B5MN/jDDA42qvZic1wk2MKp0Vs1c/LcvDhyvYv2KxbTg4ytyy1g+LvVBZFY
+aJxgrSaZ+kuvccc2KWgDe4XSOnxqv5vh6mTY4d4RxJPAvDrjWMcTqJSDoKyApKZf
+k49dNtwzLQj1iZM5T6aDYOAMhCvphHlIFqBaF/XPtdoPbzOSSjnfBxORYRfQ4/ON
+v+LcBcDMBOJPzyD2IIvQCUrhS3e5+1KLBARrDH7Z4i7g6XP47mirM9tujdTmBeL+
+UCxgqpjEChegVP8aMWj6jVzjewDHLhv4S6PIte254vBHROT0WRPgRwP6qgeN2/pm
+auULnZwpXuYe3bwUtIYWMrO8Esi6AMvwWhVcLpZy6aV3hbqkUsUL+2t47VLToReZ
+p3ZKcwKs2lzCLyFc3eV6ZfuCrUfk3cZxISPs1ENS92KUGPKCsgWAybCJrKmjJTtB
+SyiNMKvAUySLMeyxe14tgIp+3cMOvksQmFXbWWWm7ZmcU/pRze1Be3jJaCO+MB5k
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6.pem
deleted file mode 100644
index 1e617839c9..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6.pem
+++ /dev/null
@@ -1,217 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Invalid inhibitPolicyMapping EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCAIPM5
------BEGIN CERTIFICATE-----
-MIICoDCCAgmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0FJUE01MB4XDTAxMDQxOTE0NTcyMFoXDTEx
-MDQxOTE0NTcyMFowZTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMTowOAYDVQQDEzFJbnZhbGlkIGluaGliaXRQb2xpY3lNYXBwaW5nIEVF
-IENlcnRpZmljYXRlIFRlc3Q2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA
-pIyvpHy1AEaR244X+WehPi6kJ4zfm/clYT73uCvd/wtRc1ecFT83WALtOg6iWRxn
-DxQ/Av2+6Sb5BGvOIyHVT/2cJIf325EZ/zxW6u9qb6+u2oWp8PX5ddUbH7yKAmXm
-l3p3cVsZB1GkL4KdBrCQGdF8Khnb5cF5YBSuYEPZXQIDAQABo2swaTAfBgNVHSME
-GDAWgBQkqwNVlYuV1wNEx93/fv32kbGgFjAdBgNVHQ4EFgQUYSBfuS0yhqXL/Jfv
-5l9yYaw12g8wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-AzANBgkqhkiG9w0BAQUFAAOBgQBa/IMv8cgYRBzo8cjsbIb+tzD4986MKnaHn5lL
-SEdCOU8nZTscVwdXEg0N1Bza86ara3HXHtgpLauXgmcA0L7BUkGJty9vIMzqc6LN
-VfDTX5iZoftoIKzFx8AsQio3Y9BlGRGU1NxKWyvrZj+PvT9lXym/Moe+b5pxez8b
-WLtRZw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpjCCAg+gAwIBAgIBODANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-s4T6CQeTrbqUSlSczfx8iMSRK4ip9F4liS7giqCrZeZYEuP+/XoRZKzqmT3G+io6
-zcenL7cegP9DJnTNuZ1nHEoeJTlhQZq00PD1n33OMK0zhMIirByYBpabztuw1dJ0
-MKKcRzJ1AswgccI8seh2W1FXdFo/vGkDOkcD21Se0XUCAwEAAaOBnzCBnDAfBgNV
-HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUj3Ywg1+jhUuQ
-FB4GBHs3AQUgJmYwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUD
-AgEwATAMBgpghkgBZQMCATACMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgw
-BoABAIEBATANBgkqhkiG9w0BAQUFAAOBgQCXSeQ5mEkpmqCHstAZJbAGVSNrj3ka
-eA0k2v+n7vDeZ+9F8bByDiBBz3RMTqmdZxQ6zroOPsw66HLxv5D7oJImbhyvFrnN
-uxPGh8hvvP67N7UT9cM0RAoIQHmoI+3+o9cqOnTIJWXXPyq5q08yTrUt1lzFyrcK
-wGB7PyQXRRDWjA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCAIPM5
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
------BEGIN CERTIFICATE-----
-MIICujCCAiOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBXMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAq
-BgNVBAMTI2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3ViQ0FJUE01MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg4hWz7PbBhsTO+fpr6qznJLoay+MQhSxm
-gq7gcER+qcx6hOwpIxvX2HUQ/q5RqJ6X539C1HyngpS383VGDqxzWTILMJ9p79He
-5GhleTga2r/BSvq51G4uSJz4iJUJDEhzhQncRKUY65v1L8dz+lh/IHLRBGues3zP
-dWc1cRQ1mQIDAQABo4GcMIGZMB8GA1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEF
-ICZmMB0GA1UdDgQWBBTm3o5WsPOWysSqTpK6CZqUqZRwPjAOBgNVHQ8BAf8EBAMC
-AQYwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwDwYDVR0T
-AQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgQEFMA0GCSqGSIb3DQEBBQUAA4GBAEge
-Ag2ZoOuHLLqscTmz4NbRwXvWWtesM8lVBhQtShOlAgBpxm6c7kd4e1LMeAPN7yPD
-63DL3mDZnK+qtyvqXaK3uVSMg9CMGsGCqXGDRbmml0nbxbkLNGKYEtkJVzmIR9nZ
-vf0ZHnAqC4006H8s1uFPNIJwjb6hfK6oecY1nqms
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCAIPM5
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCAIPM5
------BEGIN CERTIFICATE-----
-MIIC2zCCAkSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAqBgNVBAMTI2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3ViQ0FJUE01MB4XDTAxMDQxOTE0NTcyMFoXDTExMDQx
-OTE0NTcyMFowWjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMS8wLQYDVQQDEyZpbmhpYml0UG9saWN5TWFwcGluZzEgUDEyIHN1YnN1YkNB
-SVBNNTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoWsXQ0sXtSdVHZZ6NBai
-/YaSnuULPstaxcOXjt23ujwGnhffZLbzqoz6crjhOj3j7u5CAl76NNcQPuYi9/EW
-vxys93HyGAbgpl+YZ/zKL61BPTj5sBK4l5NEQoKUoPZsoeTDTXyD3HDWMDlJifXK
-gDYpaao45yFD8N0WCfd8pccCAwEAAaOBszCBsDAfBgNVHSMEGDAWgBTm3o5WsPOW
-ysSqTpK6CZqUqZRwPjAdBgNVHQ4EFgQUJKsDVZWLldcDRMfd/3799pGxoBYwDgYD
-VR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMC
-ATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAzAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAImakMw5q9O9ghGN6g4TQ/IG
-gI7NgrjqoAKQiqZuD+kmbzSf1sGONmiLK44kykgJ0zZY4xbkoXVOQiNrnqDclNdf
-Za0+Fmvfx9vVTlSoLQGwSHE3oWDKcamton847GkEmnP0RacqUkRkgpZam83tnDEX
-c6eHTCxBYDmTTPuFe4fi
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8F:76:30:83:5F:A3:85:4B:90:14:1E:06:04:7B:37:01:05:20:26:66
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1f:20:b6:9f:f6:68:a0:22:5f:24:73:c0:ac:bc:8b:05:86:58:
-        7b:97:ad:38:8e:70:61:7c:17:9d:38:21:06:0a:72:b5:41:3c:
-        b6:9a:93:77:6f:e3:15:e6:06:74:67:90:b1:95:56:f2:be:52:
-        21:6a:de:f7:bf:d9:2c:12:11:9d:dc:f9:ba:46:f9:92:24:75:
-        ef:83:af:a2:8b:3a:79:da:ca:c5:72:a4:7b:19:e1:a2:f7:02:
-        18:92:eb:a6:1b:74:bc:ba:62:51:d6:9f:69:af:20:34:3d:43:
-        08:e7:15:da:75:79:b7:81:6e:ae:95:08:cb:7d:e0:3a:50:7e:
-        c1:7e
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEFICZmMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAB8gtp/2aKAiXyRzwKy8iwWGWHuXrTiOcGF8F504IQYKcrVB
-PLaak3dv4xXmBnRnkLGVVvK+UiFq3ve/2SwSEZ3c+bpG+ZIkde+Dr6KLOnnaysVy
-pHsZ4aL3AhiS66YbdLy6YlHWn2mvIDQ9QwjnFdp1ebeBbq6VCMt94DpQfsF+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCAIPM5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E6:DE:8E:56:B0:F3:96:CA:C4:AA:4E:92:BA:09:9A:94:A9:94:70:3E
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        14:9f:a7:ad:6e:15:65:a1:9b:cc:49:11:63:ae:0e:76:54:26:
-        5f:8b:a3:f4:12:98:db:47:80:4f:38:bf:c0:0a:f6:d8:df:b4:
-        07:7e:06:6a:ae:f2:9c:6a:c2:9c:6a:75:99:df:19:36:ee:d3:
-        de:59:91:32:7f:08:93:c3:31:6c:b1:cd:42:cb:72:74:04:27:
-        1c:49:66:33:e0:10:8a:99:32:7b:66:6b:8b:8d:48:21:23:6d:
-        1f:c4:b4:40:d6:8f:76:00:00:9c:6e:a1:bf:90:95:5e:b8:8d:
-        e9:c7:a1:18:f1:bc:5c:28:05:7c:73:72:85:da:f1:a6:00:53:
-        5c:0e
------BEGIN X509 CRL-----
-MIIBUDCBugIBATANBgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAqBgNVBAMTI2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3ViQ0FJUE01Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-oC8wLTAfBgNVHSMEGDAWgBTm3o5WsPOWysSqTpK6CZqUqZRwPjAKBgNVHRQEAwIB
-ATANBgkqhkiG9w0BAQUFAAOBgQAUn6etbhVloZvMSRFjrg52VCZfi6P0EpjbR4BP
-OL/ACvbY37QHfgZqrvKcasKcanWZ3xk27tPeWZEyfwiTwzFssc1Cy3J0BCccSWYz
-4BCKmTJ7ZmuLjUghI20fxLRA1o92AACcbqG/kJVeuI3px6EY8bxcKAV8c3KF2vGm
-AFNcDg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCAIPM5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:24:AB:03:55:95:8B:95:D7:03:44:C7:DD:FF:7E:FD:F6:91:B1:A0:16
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:dc:20:33:f7:b1:e9:f8:9d:47:00:86:08:2e:56:bc:02:0a:
-        e4:46:90:48:a0:cd:37:63:71:fb:69:34:e1:0a:d0:aa:e4:f7:
-        61:67:46:a7:b8:ba:11:67:30:eb:1b:85:e1:1d:0c:9b:e6:fd:
-        fb:50:ea:c9:f3:e4:19:73:05:85:6b:cc:c3:f0:4a:2b:bc:75:
-        7e:0f:b4:d1:64:39:b6:38:39:dc:30:77:33:91:b8:77:52:b6:
-        70:ed:24:b3:34:7a:b8:ef:46:93:78:f7:7e:6d:6a:ae:2e:c8:
-        a0:d7:76:ac:46:47:ff:1e:9d:fa:51:9b:47:cb:06:c3:c6:85:
-        4c:9e
------BEGIN X509 CRL-----
-MIIBUzCBvQIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3Vic3ViQ0FJUE01Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaoC8wLTAfBgNVHSMEGDAWgBQkqwNVlYuV1wNEx93/fv32kbGgFjAKBgNVHRQE
-AwIBATANBgkqhkiG9w0BAQUFAAOBgQAD3CAz97Hp+J1HAIYILla8AgrkRpBIoM03
-Y3H7aTThCtCq5PdhZ0anuLoRZzDrG4XhHQyb5v37UOrJ8+QZcwWFa8zD8EorvHV+
-D7TRZDm2ODncMHczkbh3UrZw7SSzNHq470aTePd+bWquLsig13asRkf/Hp36UZtH
-ywbDxoVMng==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6EE.pem
new file mode 100644
index 0000000000..9ec0bff532
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidinhibitPolicyMappingTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 41 AF E0 5C 50 DC 4A F2 4A F9 36 A6 FA 5A 12 CD 25 20 65 6D 
+    friendlyName: Invalid inhibitPolicyMapping Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid inhibitPolicyMapping EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subsubCAIPM5
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIBATANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEvMC0GA1UEAxMmaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBzdWJzdWJDQUlQTTUwHhcNMTAwMTAxMDgzMDAw
+WhcNMzAxMjMxMDgzMDAwWjBqMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBD
+ZXJ0aWZpY2F0ZXMgMjAxMTE6MDgGA1UEAxMxSW52YWxpZCBpbmhpYml0UG9saWN5
+TWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANL0XE/6QZLLGmP45AS6Fok2FJ3qtjzy+nkJFlJ4QfdgvkLA
+F/wf/aCbiX/p41LtukSbRGLWwVPfwN6uWZRvZcj4SOxhIRAgvWK4WrwNtgqVwGNE
+3lt8AOJ83NFUArK+FANDH2rtzbY8igJOIEGQ0H1CPyYHM0g6O9gbACN6iABkxeoS
+UrAFL6u+cjDFg7Huwt3C0DgZzZZk3zmi82K4RyfQnQ5n4sFHhJHCDviY3xQvW8u/
+gC7o4LxeWrPJWSgn2jFUly771l+bg557D9CbR40HH37/JNf328clwHIFqwweU1gp
+2MNz6/IobTvdSL9b0AgSUjbwpjCn1CtuN4p46t0CAwEAAaNrMGkwHwYDVR0jBBgw
+FoAUEocbNWfwvKGgNroVqCkZ7RqbW3AwHQYDVR0OBBYEFJCTnO92Cq+5fy1mUiJ4
+S7FH+7GqMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAMw
+DQYJKoZIhvcNAQELBQADggEBAKWNC8GBMa/d2a5ls5LSN4BVRt0OK2AK41N0Ts/Q
+A6D5aE29h4nScxZ20I7LB+8fMcuNyfT2rZFuBgZQ62Oqad+XsDsBFRj4NITol6M3
+1OdW86Dezbc272tAukA2KqYAo/Z4j+/ag167leUKu5tf+5Cz/xrAx8/FbVZEXS3K
+kyprlh/fy27UadewavhCgc88KTLF3DMnTPg15Ov/0SEtDZ46wdy7V4D7ao57Xe6Q
+V2pPUHl6w5mvgCtscZkCqf0+AL3AUL81ks+wUghBnzCUBdn9Lsv/lfHYIUanRO7z
+0VEto1h+4ot/XjDSG1nqJ3bTAJ++VB7pBJMGuiHeiEyhKQM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 41 AF E0 5C 50 DC 4A F2 4A F9 36 A6 FA 5A 12 CD 25 20 65 6D 
+    friendlyName: Invalid inhibitPolicyMapping Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B9A03DDA465C74E3
+
+clCgBK0EV4rLPjpjo7s1sVyde1o38htaXjfAdmsQxZM4RoNr+XxkGRmPp2JU9/K4
+nzyYCl7E+ONJPogEVLv7P7PAfDrDNo6eCWPWksKP6tP+aIaTmA0jHjqAHDxuUOTp
+Oa7D8VhtDs7d2JIWQv5tgz8N45DC4XA+lfH7lTpgXbKzdbCaLNwWpJ4rHLtGpMJ5
+u3eADc+oVG1RY+5Ia8Towk6Va1t155vjiZZsOgMfogeCEYaG6jLPZX5RftB0Pr5n
+RHdVjDCeasLxLK0wSAQ+AX3j8mXEtP3DQNfhKM4MwQK6wPd2JwKAtZ3f9UimcaAJ
+t88ioUP7ODiRU2QPuBLNO7YnvFmBmPh+ogUPElVZPu6owqS4kTEVB2/f1SgwA1V2
+YaGPyhOoGlxi5BCFFN+mg0tWe/f6d05WFWIvA4p5phAfZcd6SySaaV/DG1EP0+DP
+xL9M0LZmPnqJQ/ZINakDvmn/dHA2AK2GAwgOyrXuwq1ODUfp24k7kqUAY8ZDC932
+rMkAp0HemgeZ6TXO6sIbAzTceboYxEEnYklfuM8wnpVwejkT5bwevfL46Pde8WKU
+uL/0L3BEMxSB0Yt1zNErTBvKJupRjRk8V+VC+O20O8PpIdey7Sj1Ai8fkxgIfRe3
+4aCRzIvCFe2a0FrFxKQiUjVLRXKUbuQfr6Wh0PC84rdY/DKjPAB0dG97FPQjDfTW
+CWb8MmpEHaj5Jh+LY/GJp1FkeB4xHPCJseyCQoRVvmt6WeAntoorHXk17+esGod6
+y3wWEC1kpZyT3kFbBI/QLku87SJe2cG3C3qLmLZgPOBNvD5tijryVziC0ydg8c8M
+D7IFXhs0/lwyZeQZkw+DbqMWRh6HyjR869/7M7SKiYtS6KeCDY0T/b7Dw61Vde8L
+5VeddnonZ6akZBxT62QqdqUZC9Xp0fsD2kQnHCOTOFkc1aV21/1ldzJ8z6NBe6NQ
+SqIFBNzfGzudSaXoznpIWeiAfayc3gFULYeP80ZjorVbb4LFI33M/X6K2jkKcQkY
++SNlPzE2u3jskw3eyh8CLsWp02Ax7wdlyHC25BPsbR95IJcVjOYym1JbDZeqU3C0
+afb2atFq1QM2PZQswl0W/DGDiri3BLi2Fo0VnX+99Kxjdw9F1lqlyKjW3T8EXYIB
+ohK90Vs0PaD9TcZuw36TrgvjnbwOmw+3dH5PG5WQ9qxDDxsjE5lDSfpKqn6trV3b
++EBiHiuYyiJin4Ib6aOGy/+fONkVG7eUHpXttzhtPOGbjtmas3bOjgIBs/JBzqjm
+VH4l5rEkgM9sVIPzgWHLj0z5VtZjKSIkcFwSG/WfcEHZ5dzkbybWFryEfnP5hrA3
+3QsfxBH3gzKsDdh6BqTmj2FqSf5uS+ImUOn6KEk4XaXCNsLgadh7UbKS3kP6eZq0
+rgtmIYNDkOHmiYkH0/K7NP89satMkNbIi4DD7o9WvHqGHhsAczDkEqnmP5GXdxpx
+GYsl03gV/F5OjqG19mVmuMV9sSJRqF2pH6str9WNCDHTTVcDXn3Aam/U79310/vB
+J8ko2grQRkTPox8P995o+ocp2yIRq+5XTmMmvHsb/R+v/w5NA9UDbQ2Ve6TeA81r
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4.pem
deleted file mode 100644
index 12418ff1a1..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=keyUsage Critical cRLSign False CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBIDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFYxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczErMCkGA1UEAxMia2V5VXNhZ2Ug
-Q3JpdGljYWwgY1JMU2lnbiBGYWxzZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEA4iwG9rt4eJXUwy+UTNrUEq7gFuAYWGYaf0DCMDkLcYPIAwlWow99RTeX
-jXir2B5PC/YcGARB1+bLQDTn7C8R2bilNXujkHWU4w10Vt56sONz+0ASNoIXCPn4
-EFXAneC3z7q9ZONoU4U3MBxMhuepSqGeBWNgh5KI/ICyYI/P61UCAwEAAaN8MHow
-HwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJSB6cRQ
-9gcgcCaUPO/fMC7eP3TNMA4GA1UdDwEB/wQEAwICBDAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBvUd6L
-OoQLwzSqlbFY2JYA5GGxYuAdrT0FxeuRK2wGwiPmNCKn0w8t/wwQTrbPdrENV2Rc
-gzeZ9A5RY/Qs6EogNvy0qfC6lw2aUZsjEFjpPvnXmjb23sL2A3twFUWuoZdy8Wtd
-PTGWD96vq7KEdsMb3IRwUMk0XxyPZ4MUOqtVyg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid keyUsage Critical cRLSign False EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=keyUsage Critical cRLSign False CA
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImtleVVzYWdlIENy
-aXRpY2FsIGNSTFNpZ24gRmFsc2UgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBwMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxRTBDBgNVBAMTPEludmFsaWQga2V5VXNhZ2UgQ3JpdGljYWwgY1JMU2lnbiBG
-YWxzZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAy7qxBfmtCspcqkqi9Slrzqm5Oaxst+HoLMAM77zVMEmIDI2IYsm1+PKV
-WNIdR8whYpz9OvVP16/Ujt4D4902/HLCQGcMfprQ4M7S2ba4Ujvig4fe6SFwVCRs
-YbCOmVA7rHiPEz2uguVgeAkJolSooUz/QEtakvGSEKGO8zhuQFsCAwEAAaNrMGkw
-HwYDVR0jBBgwFoAUlIHpxFD2ByBwJpQ8798wLt4/dM0wHQYDVR0OBBYEFOsTlV2h
-OTNSDv1rZhunjIMov0boMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAgST/vGwENhUdJayqletDgqTapBVi
-mXOpojLaV5Q71AWzCA6oY3D0ATMW3QbzK9OBaDtURLb6zyKPLtx/2jZU3hw1c1Ia
-bIIKe8MPc9VVlABo3GW8vYwKucYZValIq4YAV9AbtFYz+5L+7UAsZC3iU9t5UJ9G
-GftSrxstYAKAeRg=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=keyUsage Critical cRLSign False CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:81:E9:C4:50:F6:07:20:70:26:94:3C:EF:DF:30:2E:DE:3F:74:CD
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        df:6c:04:71:99:bd:11:54:35:2e:e7:bb:54:60:3c:46:38:0c:
-        cb:d3:e9:06:bd:55:2a:03:35:2b:cf:e5:a3:b6:f1:13:5c:8b:
-        43:5e:9b:8c:10:8e:c6:82:83:ee:af:1f:50:3a:14:2c:f3:a4:
-        43:00:90:21:f9:59:4b:15:c4:5c:30:1c:86:75:2a:cb:a1:86:
-        33:b1:f9:75:46:99:34:07:64:dc:4f:6e:d1:f2:cd:f5:0b:7f:
-        00:1d:ca:9e:60:0f:93:8a:c5:22:cd:59:46:e5:21:2d:26:ef:
-        98:ff:6d:50:2a:7d:5e:15:81:4c:b8:3c:ca:9a:1a:b5:1b:6f:
-        4c:9f
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImtleVVzYWdlIENyaXRpY2Fs
-IGNSTFNpZ24gRmFsc2UgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFJSB6cRQ9gcgcCaUPO/fMC7eP3TNMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAN9sBHGZvRFUNS7nu1RgPEY4DMvT6Qa9VSoDNSvP
-5aO28RNci0Nem4wQjsaCg+6vH1A6FCzzpEMAkCH5WUsVxFwwHIZ1KsuhhjOx+XVG
-mTQHZNxPbtHyzfULfwAdyp5gD5OKxSLNWUblIS0m75j/bVAqfV4VgUy4PMqaGrUb
-b0yf
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4EE.pem
new file mode 100644
index 0000000000..19ff6b3bf4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalcRLSignFalseTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D3 3B EB 31 DA B7 F3 2C 87 7D 9A 83 E1 31 FF 35 A2 20 88 61 
+    friendlyName: Invalid keyUsage Critical cRLSign False Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid keyUsage Critical cRLSign False EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=keyUsage Critical cRLSign False CA
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMia2V5VXNh
+Z2UgQ3JpdGljYWwgY1JMU2lnbiBGYWxzZSBDQTAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMHUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMUUwQwYDVQQDEzxJbnZhbGlkIGtleVVzYWdlIENyaXRpY2Fs
+IGNSTFNpZ24gRmFsc2UgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDEU52VUxkPNxFuLOEIPwROevCUVbZbolJu2uOK
+hMqmu3yXDYKR1FBC5xGsxfZeep3tn+PGr9z5+O2gaD39SGxlMhxvSdbVc/QT1u25
+0fTq1U0gte59c0JsrG9MhvZBwz0kC7jMkc/1De1UTKtz8kSLwTqZgKQKruSHBgM1
+QLeMl47cR27fiUnzXAa2ZEOGIByyxdEG37yXJ924NHffS3Ig9PrPYFyt74Ck9Fir
+pc+gS5ayFmJLrmerYNTDkA1lVehXWkxZeK/xwj1+PIhlOFylbKKPrB3gFN6fqppT
+TkP/PSLoJcAA40b91W8T1sJvqRvgx31t/72sTup5zEUIHnglAgMBAAGjazBpMB8G
+A1UdIwQYMBaAFMLKafW0rxMt9JzyEVXLKjCz0lpJMB0GA1UdDgQWBBQ+1JjhVKTI
+Ycfsx9NS9lCKWrDbIjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBiFYY8R0mw8pMTdH+nZzSKMKj3aONg
+mhYYsS5cKGpx8oQOv/iNdYZf+W2f20nLKt9iKoCwbV7qWFai5HasT2AeXypTgEMc
+nRcn5NkQCIkOFYjKwouSFUF9Lt5gcRfQhD2E6yEORH+6OuhRhkydk0NbmOu3EctI
+hR9RKSIY3cCS1got9Kxmj1N8/KFqKTOXleg6tdC27Fqo3tfPQOYccxagBPAzmZbR
+f17XUbqiY0fl0CVUBZImmUY1C18ov0xgnUF5m7vc+DQOhFemNemdi3wMbIN77Dva
+925L/R1Pek6PDaTRYrikU9zS+CkdEgfB7Pt/+PkV01xA11ew60ob+QEB
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D3 3B EB 31 DA B7 F3 2C 87 7D 9A 83 E1 31 FF 35 A2 20 88 61 
+    friendlyName: Invalid keyUsage Critical cRLSign False Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,336947DE40803472
+
+8ihZdQwa7EBBTKR6EeY4EW9YEwdyd4+xMA3jGB6d89YisIsJ+xBpMRDI8CzEWG2d
+rWJ7Tsoc1EfcAC5TP6ObS7BHhcDaebA23xMBdrInYaZFqLUKVBTL4tGP8auqQuAJ
++Y4fxnd2DTlXIjSAtuFA8PLmqMdtbAmI8pf0qmG/60R6yMExB7tYdEdkGJALaleB
+C4VJtcd6kRqfyuXcs15QDc5+dohTn39t7i+flu1srBxVkqLUNcS3P1Juo7FEtRAb
+xSE1hgQyz1b14PqnSOA8Z7G3aS3uZRwyq4lR/aip6qJmfbREKvxY3BXOE+1woqbO
+76glocZMWcUJ7rZawysJAZCA0ixGk2pIBhcvacCAsGczojkhADnTlie0KOyIuYsw
+0ExHSVeSGNlQqvT2SoDIgnZkb7Cbnc6yqK5mjVjRlG/PKrBbSztmbEbNxwFllsJQ
+oHBeyp/QGVhEkjNyf08OYfY2WZkYMkXnNGzoM8keW6Lya+sckfP+RWLfHC9c3Mmf
+U+tmKz9Cxizfuq2OVJyFSsRTLr3sOsz7NUWp3e7rzo8H28986nH+Omr7RXJBmUMz
+vHtKFNgZc1+06KYmfWRMtOYuRpUAODRF0Vw47JqUPbLg5J+BuAE26pbqbvPSY9rx
+RFNgnvxUM6L2sZim7UgfM8jAJip11NMtn5e19QmQw3jcO6KH9sFn6rGxRMOsDTvU
+qoPlYRhR+JvJPG24q2M6uWAGzkq3Cdp7IgRbfj+RD6bhuPlII2ODQVHYL3LWQvOF
+MsugpnZIqNcN69qQuRjvmq1+xOWC5EOzjgIXsSirT0Odw6At2pxxDros8lgVeq3D
+WTsuogGG1knw4kUB5cbvrnCdn5xHf3CXfSzuZAuBnMFI2BtFznDSSv6E52eQRMG1
+BUno9M9UsBSlqVNem3tmjaT0Lil1q3GPaJ5kguBPEddiYY1uUrym6hIUVxk14Bbv
+Hn9oVmIR86h94H18p4Qt+wrC+yl4uv5PAeXOnLjtgt9BvDYiAU6aikfyB+ij/jMv
+X/OotNasHmv6N8dlLI5r4XaaLIK9vKnQFRg7+Q2nkXTC3f3rbfrJS4chIcxKLzK5
+WRrwtZW5SueY/nDXF7wH4VVWD9aBKR7oJSUsIqPsF13Lf3O/WolzpwQyhyJGQV7h
+DMaeloxnp7fF08QKuowYYScAUJgHiNRUawLLldr+uHcBgt1JyZhsFNRpJL959jFU
+1JqTI43tWplzN56O5vzO5KO/P5ub7kqJWNFzI8wxUBq9/0MEuru9mDs8BiaNP6cP
+mCMp/KY7RpQ9Rr9EomplXLrroPp97kLzbWfKG59DHYLn6YynRaOjqcSsl1iLT7FX
+AQPhIKIMZGxJePHgFvzAbx+XlABrf4+AOErI7m3lBTOyKcq0+fQFgFxNxtXlRQko
+xlS0bFh2koJlbKtzY/ris68r0dz2ahIzdfI+v+HUAY3pBbr4Ptsz66fI9yzuwVDI
+DNX0vZ7rKLwlUwpZ6ZuDKdV8JJTYWb1p9EcPRYo1izO1S+jXbpDfH0ajkKuBVaw3
+fnSMTZGWZfu2iBTLXk3LuPvoNBLuIT+Kq6p0nN7XZWofgnAJ+HV+3TwF1JAhrEOD
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1.pem
deleted file mode 100644
index 70eca0a203..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=keyUsage Critical keyCertSign False CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBHTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEvMC0GA1UEAxMma2V5VXNhZ2Ug
-Q3JpdGljYWwga2V5Q2VydFNpZ24gRmFsc2UgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBALm+L1UcoJG+mviuHuN0sBN3JeuYb9p4T8GP3zMU2o4qU0bwjq9L
-PcOqj8RnfIrHIMUR9kgNmxJVXX+02rORMvzU9LsxdQxFNxN8sokG04ZZv5iqSr4W
-NnG/UD+RYlBLRrHuNx0fDoW1zAac8JO28LeCdhot2Un+J1W8knpYlAt9AgMBAAGj
-fDB6MB8GA1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSU
-Abz4nHw/6JK2TckGtNNyMU46NzAOBgNVHQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
-ifJcYkKWo1wikfXTF8s9sBKQjt+cMW2Kn2+25hF8KBXRmo3lJzJXyKtMQucC/+6W
-rWB4brLC4KiyxVC9OCbEIxlsc9Mx35cgX39iXI5b2BEn/pZt9ceios9WPQYU6t/Y
-D78koBp3ni6yy5WGa3mpU/xh18UaG/8VnfARvbTQcGs=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid keyUsage Critical keyCertSign False EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=keyUsage Critical keyCertSign False CA
------BEGIN CERTIFICATE-----
-MIICrzCCAhigAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmtleVVzYWdlIENy
-aXRpY2FsIGtleUNlcnRTaWduIEZhbHNlIENBMB4XDTAxMDQxOTE0NTcyMFoXDTEx
-MDQxOTE0NTcyMFowdDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMUkwRwYDVQQDE0BJbnZhbGlkIGtleVVzYWdlIENyaXRpY2FsIGtleUNl
-cnRTaWduIEZhbHNlIEVFIENlcnRpZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCgVfrVarIrsGAAz+ak13NJrkcspcEeCVsjrOtzHf619eeO
-TDalq7iyspJxTEhn7lG7q/UazRqEp6lBu1fVFkdFBPHi1uuNtyLB80MNy0ztjPAf
-Ct0/wV1jDvNbaCg/TFXflKtDTY+jcVWTOmWMwI6hZwokQ7Csbee02czrHw3gLQID
-AQABo2swaTAfBgNVHSMEGDAWgBSUAbz4nHw/6JK2TckGtNNyMU46NzAdBgNVHQ4E
-FgQU9ghpzs2MqUouYVwzB2XsoCyL6W8wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQADeKlzkdXLEofSM2r4
-SIPYc9g0A4EXIb1h+1YhhYyiuhSRb3zpAHlvgtfDaHu/ic2pHNDRKAjHGf6349p8
-OCAnqQvl9yZIvOa5/N7F13V1Ay+igdgGSPXmKRD76jX5ccQvoEQUQlA9G4P5/qaC
-IonfinaLZXjcklWJuhV/XMzYWA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=keyUsage Critical keyCertSign False CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:01:BC:F8:9C:7C:3F:E8:92:B6:4D:C9:06:B4:D3:72:31:4E:3A:37
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        37:7b:99:a3:64:09:89:d3:3b:eb:15:ec:5c:bf:4e:86:74:eb:
-        de:88:f2:7e:33:ee:e1:2a:ed:04:81:bd:f3:bb:33:69:16:ca:
-        f0:89:38:11:1f:5c:11:ba:83:2a:be:e4:8b:ff:12:68:c5:58:
-        d4:fd:cc:fd:58:8f:49:5c:6f:2d:86:7c:1c:86:b8:b9:3b:4d:
-        47:06:4d:e3:f5:d3:c4:f0:b0:e2:56:41:19:b9:a7:08:77:78:
-        80:49:55:f9:7d:d7:b0:84:92:28:bb:25:e2:83:75:e2:59:a9:
-        12:8c:cb:d0:7b:03:c7:30:13:c2:79:d6:c5:9c:f3:73:7d:63:
-        3a:e0
------BEGIN X509 CRL-----
-MIIBUzCBvQIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmtleVVzYWdlIENyaXRpY2Fs
-IGtleUNlcnRTaWduIEZhbHNlIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaoC8wLTAfBgNVHSMEGDAWgBSUAbz4nHw/6JK2TckGtNNyMU46NzAKBgNVHRQE
-AwIBATANBgkqhkiG9w0BAQUFAAOBgQA3e5mjZAmJ0zvrFexcv06GdOveiPJ+M+7h
-Ku0Egb3zuzNpFsrwiTgRH1wRuoMqvuSL/xJoxVjU/cz9WI9JXG8thnwchri5O01H
-Bk3j9dPE8LDiVkEZuacId3iASVX5fdewhJIouyXig3XiWakSjMvQewPHMBPCedbF
-nPNzfWM64A==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.pem
new file mode 100644
index 0000000000..b3509c2e69
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 26 27 30 F3 44 29 A8 E5 D9 F4 4B 83 92 0A AE C3 05 CA 79 96 
+    friendlyName: Invalid keyUsage Critical keyCertSign False Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid keyUsage Critical keyCertSign False EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=keyUsage Critical keyCertSign False CA
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBATANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEvMC0GA1UEAxMma2V5VXNh
+Z2UgQ3JpdGljYWwga2V5Q2VydFNpZ24gRmFsc2UgQ0EwHhcNMTAwMTAxMDgzMDAw
+WhcNMzAxMjMxMDgzMDAwWjB5MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBD
+ZXJ0aWZpY2F0ZXMgMjAxMTFJMEcGA1UEAxNASW52YWxpZCBrZXlVc2FnZSBDcml0
+aWNhbCBrZXlDZXJ0U2lnbiBGYWxzZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANf896E4DA1yEvLrX3/cGYNrRlVf
+A76pwTLL8ttdnT5H5CjhJ+iiSRGJex/SIqyw65lOAji765fxX7F4zxrYr3fdS+d2
+dPzMwT4K7a7EHoM+CbjS4cK6/8h6YinfliLa8vsma1/cNNTImaTCAwbJu12j7PzY
+9c/z6mkdrrtl2FFO2QNATVfkr+W0ySGvl6i3ptILE4cveSRZcUBXJZRF5PF35ntz
+DETThlUZ3gm3BpW+qVskj4EkaVvdsVh4dAU1knFbzC5QeamvtIsaVnOcGl4bq7dy
+PQcNI1BNUfcM8ohqq8DaHl+lxpIkL2Wctd+C/TivzyP7dAXFk6tkjWcJ/SkCAwEA
+AaNrMGkwHwYDVR0jBBgwFoAUNFULZ/wcsdzCcgoU8GPp1JvwY/kwHQYDVR0OBBYE
+FIQbJBPifwi611fyrtWctSgqZB4dMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAJmjrWO0GlQGCOakvQrm
+qhUsHPSqpZKgM1i2NSp+MnJp3zJoHa9kp8jwkykLSK2AuKKfoLOixQ4r6dLmwLkJ
+rlB5V5vmNVUCSqgIjD+vN2QAiNsE9R0ct40c0XUiTNv+87XTzZ0Y9XrsvHi5OAhy
+t0d3R6lFVDmLB0S0/BueNpW9JPW0R6Hj5p9aDJyYHllAWNzONsr6PVwIfKAw3I2T
+PTS2uEwVSCRi1bp1itJJOsefwogh+EXVwAaT4CcA98XllAGn4aw7l3niL3GRhDN0
+r4a80Zy4bCS42pAvqpq7BvzGlP3UaW5vRSPwV3MGyX2W7765rm05lT/QuGApTZ+K
+Igk=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 26 27 30 F3 44 29 A8 E5 D9 F4 4B 83 92 0A AE C3 05 CA 79 96 
+    friendlyName: Invalid keyUsage Critical keyCertSign False Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,813B1DE6E55637D1
+
+baDEG0KJJmA76GdmNBYhREkCTLfiBp9GtpJIOrbe4/Y/GFmSqQrGpk4Xd60VAaRb
+crmQOYbN0A0Xnack4U060+KskFg11RpR/pE6MBN4WxyOx1R3wUSiuaPh/taxFwMA
+loI+Bdyxc+jA63BtC+cwhzllusE2T2pNLW50YMnwV1XmmjO61VMJLLKs2P6FCi1Z
+nE8z6ycuQl9mP6VAB1p2mB9rzLY4BkQS6vpOhpxVGj+flMu9qJyVmn1y+TIdjJTP
+xrpyJrXfnJa9uvdAgzi/XAN4W0/mCyMqiTa+Q1oKfjAGCItG/Hfqozh+GY5OsEIc
+acKW+i+3KPNy+4oqo+IYqDRFD1YfUntV1DafkFBV0Cqjphv3iHUh+gmvPPRlhDI2
+TupL6/zUogp4jEqq9LSROWNOqvQMjmUPDaaPiHfNd5Oaf2yvMuLhWiZDeqvePjNw
+BOOftWofOWOa+a0WNq3l/O2ldjCafUOAzqDzrWjMtPy4GlZy1KVtopS53Jrrd92Y
+cyX55wc2cUG7QGzWhYqbTC36C/ePg6Gunqz1+28vkReKdsfF/Rn7GVuT++H0kLPk
+GdzjjOaTBB3PO+gpubpq9oXQTj8W1Imt09rfCZhmaatWstqGc3j89ypSDTd2unfm
+DHrGsDsbIAPfDsqX8RhlGouoB46GrsxcT30VztHabMQ2G/x2Kc4RmMbCxp6INaP2
+dq3g/2sFpiLycHmXFGu+rRYWUP+PlSuQnRiOaLGaLnzibWgmR7tGcHSUcU64dWHK
+TgwselBiKHQUnaMz4zY4Z+BATbZonL5bIWIEofRiGEeGyyaRguMAc7jQJRN4kb0h
+dynrxzD6mZLZ7gA5gh/Aay61CrDhA2/7NTwVhrZeYDukKTvJox7WT5DpS7Mg+RGu
+uH0HzEfWw9Y97l2N79t0PCvfXcfAO/RhbisLp4m0FpFACiENbBVatYrIKwTWmgh0
+KL32vu8HFGxR5Aw1CFIez7+J1QJ6wvcvGhDtMN6lU7N8AfgUhS53kMBumz7FKtyd
+J1jmDBY5iDfPPcv217VENjF/3mBPIAZtw7+gbIThuG+8fjcKKp4LqaaRdBpeMv2g
+eaN89jRL7/bO+/7jnQymSPm5DHHMHbKwA1ueY/eW+TaHgDnSp2PWvtRSi9CKSMSY
+3x+viL4wjDqlv+ruiDjIgrx8dNpZc+hv9nFYHH3jYT+VlzAK8CHxHXnySD9Y+47L
+kclbK7QZvOrl2XmP6QHjQE+BQBtNpxkbqkEuDQCuKCqew7+7bGBXkXFQ+3NS8zab
+YwBr0FVOiwFKOocJgW16CdAD3fQNIdrT74lBVQBLaAWTZVsvGV9jSSu1Tict7ku6
+GIcZjZWG1anwH8327XoXmjG7Vii+ZHZUAZ29TPucMmICWyQjcBXM9MD/Ip57qe//
+CxuNovlwwgcn/VTJ07c0zp04iTnG2CvYDEhmHBQ65HPl3nR0T77j/06V1/fwesMf
+lADnfRsHXYajjj7oawzhawGtv+74dUTMKVWgOK6tJyRR0XnU5gZCHLkX/d07vQcW
+c+C/3BxYLD8opbX34Z2UVxFQxxF4LrX+sd0Dob8oDuCfT0ixrxSdsrLRTg255Q2N
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5.pem
deleted file mode 100644
index 0efaff7138..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=keyUsage Not Critical cRLSign False CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBITANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEvMC0GA1UEAxMma2V5VXNhZ2Ug
-Tm90IENyaXRpY2FsIGNSTFNpZ24gRmFsc2UgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAMLOm8AZjGbhdJ7A5TMeS8YqKDv+sSvYbu/N0xYhBYw9btWqMvhg
-UQRchnPigIMNH270hJTB0xUODgi5kEfd3aMcqP4p7092jT7nGwWiWqMfcOiDob/B
-jwJbfa/pcDWtLtL9gGu3mD5phBMV422/vXk7DNPVTOsm0LK+kYcbkutzAgMBAAGj
-eTB3MB8GA1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSb
-FqRb5CIAWLVWFP8usoK/Iuj2+DALBgNVHQ8EBAMCAgQwFwYDVR0gBBAwDjAMBgpg
-hkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAXayz
-RGBvRtkZyRHdFZY+3aIHHo7AdgjRSbvWFShHnbrZnd2E8mbkkk5NH7sD6IQygi5b
-6s2ZEpMFRDc8NNSG1Qh5NagIp8Wguyqa8HgSA15CytfKd9nDdIY8NSFPiqXCXIOp
-AXIf+LI9d8QnF/zOuRdKQiX26iVbh/Ofiij5b8s=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid keyUsage Not Critical cRLSign False EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=keyUsage Not Critical cRLSign False CA
------BEGIN CERTIFICATE-----
-MIICrzCCAhigAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmtleVVzYWdlIE5v
-dCBDcml0aWNhbCBjUkxTaWduIEZhbHNlIENBMB4XDTAxMDQxOTE0NTcyMFoXDTEx
-MDQxOTE0NTcyMFowdDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMUkwRwYDVQQDE0BJbnZhbGlkIGtleVVzYWdlIE5vdCBDcml0aWNhbCBj
-UkxTaWduIEZhbHNlIEVFIENlcnRpZmljYXRlIFRlc3Q1MIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCniZx3i5eOoYfB4+DHDtBDWS3+uKOzezExgLASJeRuST/z
-FBDywPOCHD9BqbsVdo+fQMjOEBs5C2QePhrQmo36vBpuTGeS6o0ZwnPqZEiR7BDm
-BhaU5GfHWArITIQqqKeGMrcd6inS3EgiNfLoIgErgIYUE2Ay7N3jNAkZ+gHFsQID
-AQABo2swaTAfBgNVHSMEGDAWgBSbFqRb5CIAWLVWFP8usoK/Iuj2+DAdBgNVHQ4E
-FgQUO/h+SZvyJuF7i3RkSFnq+ekut+kwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQB63lqdcOrQ5elffexi
-Pm+erQomlHA4QBd/o7W9oGu3wh9o/OxaXUX+q1y/xsFQPWY8rnd9WX2K/GbDnAkg
-b9VumR4AI31DBsR9ON1LP252rSHzpH5VeLVX4yp+RU1J6VvXAFXD3RgVwYE16JFC
-NKsFf0HL8FRjpLQp9+/qcp6A7Q==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=keyUsage Not Critical cRLSign False CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9B:16:A4:5B:E4:22:00:58:B5:56:14:FF:2E:B2:82:BF:22:E8:F6:F8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        09:d0:9f:43:ea:14:8b:96:bc:51:a7:26:e2:ad:a1:d9:85:d4:
-        c4:54:67:72:3b:27:b9:51:74:ca:a5:72:a2:88:21:2d:f0:46:
-        21:ca:5e:36:02:5f:bb:9c:1f:a4:84:63:64:8a:52:5a:17:b8:
-        d5:5f:3f:d5:73:38:f0:f5:7e:e3:59:80:ef:1a:70:89:da:37:
-        d4:b1:31:4a:94:01:ea:c9:71:98:aa:c4:ae:e2:8c:18:ab:7d:
-        a9:7a:fc:23:1b:57:ee:90:81:0e:29:4b:c6:1f:78:2f:65:4d:
-        38:df:f9:6e:74:90:71:57:a1:aa:06:4a:8a:a9:15:ab:87:17:
-        1a:ee
------BEGIN X509 CRL-----
-MIIBUzCBvQIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLzAtBgNVBAMTJmtleVVzYWdlIE5vdCBDcml0
-aWNhbCBjUkxTaWduIEZhbHNlIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaoC8wLTAfBgNVHSMEGDAWgBSbFqRb5CIAWLVWFP8usoK/Iuj2+DAKBgNVHRQE
-AwIBATANBgkqhkiG9w0BAQUFAAOBgQAJ0J9D6hSLlrxRpybiraHZhdTEVGdyOye5
-UXTKpXKiiCEt8EYhyl42Al+7nB+khGNkilJaF7jVXz/Vczjw9X7jWYDvGnCJ2jfU
-sTFKlAHqyXGYqsSu4owYq32pevwjG1fukIEOKUvGH3gvZU043/ludJBxV6GqBkqK
-qRWrhxca7g==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.pem
new file mode 100644
index 0000000000..56a6656ed1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 3A 45 96 8B E1 9F 54 7B 94 F1 83 24 33 A5 5A F0 D8 3C 7F 09 
+    friendlyName: Invalid keyUsage Not Critical cRLSign False Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid keyUsage Not Critical cRLSign False EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=keyUsage Not Critical cRLSign False CA
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBATANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEvMC0GA1UEAxMma2V5VXNh
+Z2UgTm90IENyaXRpY2FsIGNSTFNpZ24gRmFsc2UgQ0EwHhcNMTAwMTAxMDgzMDAw
+WhcNMzAxMjMxMDgzMDAwWjB5MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBD
+ZXJ0aWZpY2F0ZXMgMjAxMTFJMEcGA1UEAxNASW52YWxpZCBrZXlVc2FnZSBOb3Qg
+Q3JpdGljYWwgY1JMU2lnbiBGYWxzZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6kAGMAGNnO8CvJ2PjAYd6v3pcL
+vPjKj7gXi4mOj0xJc1rp6f/8pxy/Ua1aPCyRiGonwfc8rZb/mdR+HKpTTJjZgygW
+26aX93qRrJIvvb/Vie0yu63PraLINIUKzg4FeTIAmCu3g58FhVdsaLALdA9wD6st
+Ru+BcE5BbZCssejYjMxiAxjrv7GWE08R/O+6u5GxqE+3ZWg4StDq1UyvDL/HhEjc
+DmuODxI/sruN7fMv3SN4o+GfkkennaAnYE4YWK37p8gbeUSglVsTHliyEPFcclH0
+sAElmBLEOfkZK6XRGQVln7g4+CjmbSuvuoZUKT4RHOPTwdoXB68uwIALDW8CAwEA
+AaNrMGkwHwYDVR0jBBgwFoAU+X5SoHlmBAhECGV5EA7dkOZD8dgwHQYDVR0OBBYE
+FP/OMrJ781bfdvIdIFOwNrNmArfaMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAIvo2bd8LXplAdh4RhqY
+XGsOB5E6oyj5lqaZ9SH+wi8ss5J+Oiv28rYRYVqYnS4ceffJz0q9waAuab8GIbfS
+NWXIfsXTncRqEq2kM3W+/77qIItkjcfEOCxV3rtWayCd/ugW+dwO+YChBRdiAMV6
+VkBLR4lo8pO+rT/pS4REBTZbdoZ2ToQB3RF2M4AJMrHGzeBi4vMNcxTVo9iMnvOb
+QvGLwU20mmMt5+WsR8HZviXmOnyhikb/pba5sLhFm+kY6VZoZ4eMaGIjbs9okOjs
+hOyxLkfZYsICWxDMrHeLnat1/hV7dQ2jZd4iZzvXaHfRK16y9c9kX6nXeQRDuays
+HpM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3A 45 96 8B E1 9F 54 7B 94 F1 83 24 33 A5 5A F0 D8 3C 7F 09 
+    friendlyName: Invalid keyUsage Not Critical cRLSign False Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,15F9F9CF3F6BEE9B
+
+EfR+sG4W6NxweenHODSkvOFk6tg9VJLdcV4Ui6KXy36UW24j1fztUlUu6RJE7XKc
+EVvhy9sXPngo3eFOS5ziK5aY+rVMuDHp00kRfG76P4iCUpiPo6BGXrt+gBf6CQ39
+Z9Z5U890M2Ljt4cpKj4lTdHSsAef83Y7GZM4xgH2V5ihTOgO71OuDnZdtDrfoVtJ
+r901xr35u+1spyA9EscEMZqgbffFGQK8rBEdCR3dH2EPawxdrkj0Ud6Aa7meY1BQ
+IGkzbGDasO7aLJMxqtJfwWe2xaESgDKo+g5Z4Yh2xcAGH6MlHLIt8iN3OhFh7qaC
+kTnGOySSL46dh4oHdk0QoiSjVuICYkXFZLXxiaP7+4IRRFo1+4YTL5Hw2nd9afO3
+1xb5vqewZULv7td7NT8NGBHHFDnhY2Vi5Ilg5NHNhc8VIqsi9DBT50ShaBgAdxLO
+2X1SkBXFeYPFVfVgJUhDLAzFU6lm0GNGkX9kz4r6f5bmrgEAaPC1Ct0rq5m92Orn
+VnfNsKg2F/AHa/VzLHA9HNHqPatin/cFC5rhLRLpssKdFuyJVnuBg6LeUeuiCh1g
+FmU2w1Ka0h0/0YEBOxY+QfeGWoF7gEhX22o8ttcUTsFs2BQpnVKmuW6S0JZcH/f2
+p6ykr9pN1Sl7C/sE2MLoF7zaCFxHBUG4pdabi1D3Gx0ch9bD28M23W4NiJYudACd
+mf3scQDlABKsvN2AV+StGcza+kbvRJOjz9EsyEffienzc2qfPcgm8G/NyX0TiQn9
+8Ci261Db7gpdDdJKDYjCfi3zMhLhyw+hVGI4f3rb66GYGwIOk9yf8vhwsMaNuvHm
+eCM0AEX+RTHaZixPhPSfCo/LLdK/YN0zGwERcdii7/8sS8WrhZk5u03il9gf57l4
+vHf03lAcZSZB/5aZJs0YJil0Whb3li9BIZRd0g5GF36qajHEGbS1aNgmyQ2H8Xuf
+9B7/sVDgkK4X2NOqxMqsrSJmDJ+vF1+UN3e/pKlwSNNffTzSMwTHzexHOrsDdHnm
+GqoLOhtnCtqTq2f/r9LWCzkg0nj/oboZfIxIZKfnRV252N+2/XWKkLyJZnLvfrdC
+NYiKukdLQpYVCvwknIq3aWrnOZLXogqhFcMHCQY5W7F5mWUefFtklYZ3SYB0i7Y1
+lSka1MHLVxkDiycVh4EW4MwEJ3S58I5lPqOclktKuz2p00C56D369lS85Uds0L2L
+jRi0Ojz8C0QctT/QTunJwX9ev7XJSR5UNLPjkGsEcGF1YEd0UReKFo/wZTM39bvq
+uGWfYEAS4MrkSqNHlXeoAY/luhb6PIbTOE1/Y0Sl8hXf91GeJNWDfLSo+HuhObtL
+GmXTdW8NTWmDnHPbQTh/qnFCWwZLDZD0cytnrUKpgEqW0n6/kTKURlvQRtDAVWWu
+U67Bc1Jypui6OLWaOX43ef8HFF0KTORX/luz11cBu0aiU1T5lwdAcYCEZSHWNhLw
+x1DiNKhQcnu6PSRnlRCp2KLcF8A+oLDyjBAaEVT7Mw51o+dt5dZM6qrDmv2UDWL1
+wFHJW7E/MRw9S07KCB3YgnLQUKC2hHK9pjIw4qDcn3RxpaVouXaZbg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2.pem
deleted file mode 100644
index 7fc272ea18..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=keyUsage Not Critical keyCertSign False CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICjTCCAfagAwIBAgIBHjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEzMDEGA1UEAxMqa2V5VXNhZ2Ug
-Tm90IENyaXRpY2FsIGtleUNlcnRTaWduIEZhbHNlIENBMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCo1QPZC5T5F1L7XkkAguXC8vf9C9YbYfj8VbP8CXU6/3EG
-wUPK43eDJfWBzzwk7bgumreNheNFRcFW+dcroOFvVflXXBjj/UR7qkXULMf9DqK4
-dqMYYafyTrI3QrgNfdN06ngaY0qNnXa4Z58ecPAQPnQprJHJ0fDTlwultqudJQID
-AQABo3kwdzAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4E
-FgQU3wy5NIl1eNIjkh7wgSHfwnYXZbQwCwYDVR0PBAQDAgECMBcGA1UdIAQQMA4w
-DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AFYPjvJm9+IVM7cHs7OMJLoeNCnhUL5nlx9HuDLzP6/+0o4V3aQgiP787/zfOBFj
-yWLTLfKqJTkm+8fs+TLFf675Vs2s3dPELXJLvFwgQFYDiSQpV46thD7NLw474dse
-tN1i9Scl7y0RsDHbi9qBIPsRX4UV8/8nawbo9yW8hpqt
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid keyUsage Not Critical keyCertSign False EE Cert Test2
-issuer=/C=US/O=Test Certificates/CN=keyUsage Not Critical keyCertSign False CA
------BEGIN CERTIFICATE-----
-MIICsDCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMzAxBgNVBAMTKmtleVVzYWdlIE5v
-dCBDcml0aWNhbCBrZXlDZXJ0U2lnbiBGYWxzZSBDQTAeFw0wMTA0MTkxNDU3MjBa
-Fw0xMTA0MTkxNDU3MjBaMHExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENl
-cnRpZmljYXRlczFGMEQGA1UEAxM9SW52YWxpZCBrZXlVc2FnZSBOb3QgQ3JpdGlj
-YWwga2V5Q2VydFNpZ24gRmFsc2UgRUUgQ2VydCBUZXN0MjCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAp67g5m0ja/YdBc6nUr+UTz3XzQoajL7y9/EF7M0He7yq
-nlQvh/d2kEpE3e0EUZviJtg9L9sxQRgCFWVR+f9rLpPNEBIAZ2HQ83SxFRr+UbfX
-LTOLNaLhasu4lG9LY8DtyYxjrnvmOHkvTk14kD9L+YPJbR9LmCjNHbmoFiNu0Z8C
-AwEAAaNrMGkwHwYDVR0jBBgwFoAU3wy5NIl1eNIjkh7wgSHfwnYXZbQwHQYDVR0O
-BBYEFLkvB65lcMDXjd55uk984ACgePDSMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAE
-EDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAf9WmZ9PcF2mY7Fst
-f0t6wDbfkMenvluK5yTnfZGZi1Xa5WFt+1ifSxYjkxTMTw4DJ5IXWRZNr40+NhCo
-2dvFQbeTEh90GuwSrFOY1LoT6stxoc/OXatyOCuO4rved9tzjRAArQndpnd6Zqsd
-p/cT+7yvFwM9fxMinMUy3p6rR9E=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=keyUsage Not Critical keyCertSign False CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DF:0C:B9:34:89:75:78:D2:23:92:1E:F0:81:21:DF:C2:76:17:65:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9e:b2:db:db:fb:42:09:bb:05:d6:af:1d:1e:b5:2a:e7:88:75:
-        f0:e6:a9:52:0d:ad:a3:4d:a6:64:06:e3:53:b4:39:db:4f:96:
-        08:5d:ea:da:bb:09:d1:d6:32:53:91:62:ed:33:e9:0d:87:6c:
-        f9:12:a0:4a:c5:e9:e9:6f:d5:d1:02:8f:22:9a:d7:7c:82:d2:
-        17:48:0c:c3:2a:c2:d9:e5:f7:0e:77:1b:52:e7:1a:9c:2c:7d:
-        5f:31:a3:aa:90:32:ca:9e:ad:42:ef:b3:9b:cd:11:da:13:36:
-        7c:cb:85:48:75:59:7e:6c:03:9a:a0:70:e3:19:d4:c1:dd:c5:
-        7a:3b
------BEGIN X509 CRL-----
-MIIBVzCBwQIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMzAxBgNVBAMTKmtleVVzYWdlIE5vdCBDcml0
-aWNhbCBrZXlDZXJ0U2lnbiBGYWxzZSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU3wy5NIl1eNIjkh7wgSHfwnYXZbQwCgYD
-VR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAnrLb2/tCCbsF1q8dHrUq54h18Oap
-Ug2to02mZAbjU7Q520+WCF3q2rsJ0dYyU5Fi7TPpDYds+RKgSsXp6W/V0QKPIprX
-fILSF0gMwyrC2eX3DncbUucanCx9XzGjqpAyyp6tQu+zm80R2hM2fMuFSHVZfmwD
-mqBw4xnUwd3Fejs=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.pem
new file mode 100644
index 0000000000..713655159d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 96 66 5F 5A DF 09 34 F8 08 18 23 5C 0E E1 91 99 9E CB 07 77 
+    friendlyName: Invalid keyUsage Not Critical keyCertSign False Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid keyUsage Not Critical keyCertSign False EE Cert Test2
+issuer=/C=US/O=Test Certificates 2011/CN=keyUsage Not Critical keyCertSign False CA
+-----BEGIN CERTIFICATE-----
+MIIDvzCCAqegAwIBAgIBATANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEzMDEGA1UEAxMqa2V5VXNh
+Z2UgTm90IENyaXRpY2FsIGtleUNlcnRTaWduIEZhbHNlIENBMB4XDTEwMDEwMTA4
+MzAwMFoXDTMwMTIzMTA4MzAwMFowdjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRl
+c3QgQ2VydGlmaWNhdGVzIDIwMTExRjBEBgNVBAMTPUludmFsaWQga2V5VXNhZ2Ug
+Tm90IENyaXRpY2FsIGtleUNlcnRTaWduIEZhbHNlIEVFIENlcnQgVGVzdDIwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc8DNtbU9YabxHAoWqRyRxHTrx
+VL8YwSE94cbcBbMA4tskut30Eqd/j1CYbCrD9KIyn68THeypVDFGL82wg3/N2lZM
+P44b8KvH2ouJNqljDVDhipAu8Tjiun0y+3L9diMlpsfrx2ZSdDO+WbeHoUjovd8Y
+DrPtG0U6THisgQj9sgWI8oIgPpQRjoMIb1ZAC/IsMPYVNJL/a14dlqit2PsGpLnW
+RYEG064MAde5SHUfgV66pwAxisEWH5xl/v4Bbrh2mqMsQ16izLKStQiuW/sVMEdH
+iEJefQh4y8anEbWkudAUDvV31mUyHivZmfz8eldAy9ICi2RdSEOf0QCfARalAgMB
+AAGjazBpMB8GA1UdIwQYMBaAFLIl0igw0FVobky1wkjzypsV8kBFMB0GA1UdDgQW
+BBTzsk4G1clcuVdkoLbl/++tircPZDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQB4eFm1jkEg53bNCSXO
+pa2ViAfw7FgAGt0+trq/MaMv0SVuIWZRgkhDWSuTffNi6zC0cIXO+H/IlOA9pPz9
+CHnH9FRigpZleyl8/WMx9EeEYzpS8Bde6LLZh8nzeLiBsXZ3A9+Bp8lqfgMoj3kW
+GUIcMGyN0MS4PtXuuwz0Ur3FXfyXEEJCqwQ3iyiIfDvYaA2Qq+ttHZcJlwkzeMEZ
+pwM/lZZEnapou8sdKtfbA9h0+0ep6tamOC6tRv7Gz4OGtPKWstl0jdf382Oq60hX
+0TqCs8uCX5l46vnYweDOFzj9118sceZ9XXCYxNmRXPNbEf2guCrirvPZCRXcmE0v
+7AOi
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 96 66 5F 5A DF 09 34 F8 08 18 23 5C 0E E1 91 99 9E CB 07 77 
+    friendlyName: Invalid keyUsage Not Critical keyCertSign False Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,76FDB2972170DCBE
+
+EaoMivLV7+N1+6wNegyZ2zfOaRVnjO+se3Y5Py1dOOrrUs6R7tv42WSmrU5nYbXe
+DkgVoQrH6xBqPbTLqewzqjvBycQM8qdVXUAI444cosm4tFV0V+UlU7F97jDYBrR/
+0c75ee+8dfUM0iS92TfO0+znPYFjstsvNczbL7O9XFS2IzdBVXDHWsevvzmTjOiV
+KA3iPFrpzUWhrTCYmZsnmjy5w2e+KTGQLhgN0RHDSj4kja7YZJWi7+nUtUjHKtIs
+T6AnvuthxCieYmaC2RCsqT0ptU6gyQQahMkr6ZTJqgvmhQTqDDdRE5xx07V2xol/
+JGzOCxvi/LlUR2HXyxt2Ip6k+nHixE6E3/PCmkHm2EfM766z6jS777etp+TOKsuT
+j/hyr3FT67qfp1/M0p4jTttJgSfQ+gmlIaNzYu31VklODJGzXJ6l1QxOx7TWgefn
+/K2Qi2WaQjEfKlcUZXVilt/DucRDsDPnMV70yMzl6VXiVkDDXSgUZg85AK0v/sKM
+EbqrDmZq+QbNZOh93/lQdd402ujrIcmk89O0Pq8V+9t2/Lkjiu0PWoEbAfUYe49r
+dMSh7biAlqfe6dXA+9h/Ggco00dm1diXtSZpdDrv1yyttLyCpaF1en8suqXc69FD
+30jjXsRSGZ5xRKnj1hfFiET8PD9TKuCvHDHCc4k1KttQaRtSzAEUvHIuN89SWVdr
+CiXTcw+FM8wrtRYM2I/GmrNU/klyHBycgog0hppUPUGnRJSevnw9CO2HiBLtSScj
++NlId3IjXi/zO6vmtxYtqAl18hK9aS8KU/lxsvZGhCHs1CDea8TQUW8womcYOKk/
+WFAs8KWcgeuVPPSExFXh9L0Gmcd45qBQLfSuFyc3IwBbptpOPTxnPqsam8fe7ohp
+F6DBClXexeZIOSCWFYI2x+heoO76W9caw31zkIAJpBGFB10FOoBy9uCApGdPj0zz
+zVHPD/EH7xkxeBGf0jMBTcf/j0w8otkNRSMc0TwZxuCN+1rMvG+5pcKNQA5xeAhG
++ViOO8Pbm+/iNY7Q23rSW6n8Og+6rZhgmD5LyIVW5lSJ5KH9yXJX2IhvHSYL1VZW
+5bAnPemCdIESLovzgj4D+ZQQVOPyoBO5jaltisqySTGVFKjWTvA2KHpB2khJQI3h
+sxUHAORjmSNOjHw9k/JFEIAr8o4U9XP1X9fsLyORVqNxAGuhatmllFRUv8QGEAVo
+IZfYZB1OL6qN3azk/hERP3DjHrnrNochgMmXgV6XDZC8D7fc20JcX3+LhpoVgIU0
+P+BBumdym8t1wH6XNLUUIS71V/BrWayt0luiJwiiju5AflV0rkdQ74wjanvcU5Av
+bQTyZYXTP/tw/qV9cLeNtyjBXHcoLXjWn6fyZmZRZfipGrGdIYmBtQIVUW+QDunW
+TSdG1pzZDOI5PHeIGpmeRiz7PXj1W0bTnuBaca/LH0DXu5DbuMcqS/plysObH0Za
+An9Mw9UFzlo445TXP9gwEllgeEeCiy33QCTmssgBRBiHNCSHW5C25igewYkChvvm
+7HtIjHWQF6hld+zE+YRPmR/DWbSvztovy7wPr9zlOzpOffC6f6r9SA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14.pem
deleted file mode 100644
index f1d3094eed..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14.pem
+++ /dev/null
@@ -1,112 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlyContainsAttributeCerts CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgzCCAeygAwIBAgIBTzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFExCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEmMCQGA1UEAxMdb25seUNvbnRh
-aW5zQXR0cmlidXRlQ2VydHMgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ALSCJ7MnQSSfqf3cAKyFUJRK6CV6MSLa2t9JmoGgpu6snUGfPogvAguvdYP27085
-2+7ZAe2MA5+VRBKl2gtUJeS0qdMlrQyLMw8SBfIuCc0cMrbGnRHqeBPHPVdq1n3b
-xx+pwvDV2egYWx53Vyq72HVv7E6QhdGjEwO41216OFXzAgMBAAGjfDB6MB8GA1Ud
-IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBTFKJWbEsMCo9m4
-+7Yd323jU625IjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAH50jqtmZxb9s
-51U/Olz2Z4OskoazeeNVJ0LXvUzF2vYzqBhXseLUd996wDmvQWsoczt8etO5zJdI
-/iXtC61WyqmSDgSSSEvoIAL/xWFYQh1QAjG+FD7qHxfJ5TUiVFUzkQe/nE2wSWYL
-oiZe8DkJHsi/T6sBMbZeNLcXa8CliLI=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlyContainsAttirubteCerts EE Certificate Test14
-issuer=/C=US/O=Test Certificates/CN=onlyContainsAttributeCerts CA
------BEGIN CERTIFICATE-----
-MIICnjCCAgegAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHW9ubHlDb250YWlu
-c0F0dHJpYnV0ZUNlcnRzIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowbDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMUEw
-PwYDVQQDEzhJbnZhbGlkIG9ubHlDb250YWluc0F0dGlydWJ0ZUNlcnRzIEVFIENl
-cnRpZmljYXRlIFRlc3QxNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnRFu
-rk1+JntR2FWOywl3/YsAK7L4yrNCEx5T7OIJOPeYo2gQ4HcNYzhCfrs8BnXBgRWm
-SmYiz83DHjDXf1v1EYvmLbuorfhe6oqbZjFFmFSFVYoBBQGoweqSBuEP+Dfz5JCQ
-3j/U5P9kHacuVt5EvNDFuxC2QpNlKDMKVp1kO1ECAwEAAaNrMGkwHwYDVR0jBBgw
-FoAUxSiVmxLDAqPZuPu2Hd9t41OtuSIwHQYDVR0OBBYEFH75KmUzZ/T1lVkx9E97
-tlW7zv91MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DQYJKoZIhvcNAQEFBQADgYEAcnsbImj6Bq19wrmv1lsHuwr0rR9v5AU5A5BvxBGX
-7L9250MNODFbkR2trDXDu8Aj4xDl14ksrH1CW5oqqvhSIN890dWabjEIWXzPJPXm
-Ogj5ekGTXsXnOsbO8CEfvjAvg8zfRVlWuR+mxGvk8qw4t0xB0GIqutURQegGF/zY
-tJ4=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlyContainsAttributeCerts CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C5:28:95:9B:12:C3:02:A3:D9:B8:FB:B6:1D:DF:6D:E3:53:AD:B9:22
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        4d:d0:f1:a7:37:36:13:e4:57:d2:e5:1b:bb:c0:68:35:91:0c:
-        84:53:55:01:9e:2f:bf:4b:d4:7e:55:4f:ea:6c:71:f4:54:a5:
-        b7:38:50:ac:43:c7:85:b9:13:88:4f:36:5c:35:5c:83:56:49:
-        1d:ea:d0:34:ce:bf:d6:21:40:f8:4a:62:ee:c4:88:74:f7:05:
-        13:cc:15:90:46:d3:8e:04:5f:00:2e:ef:1f:43:cf:da:84:d4:
-        27:b1:22:c6:b5:ad:83:cd:aa:8b:cf:0e:d7:1f:76:37:a6:29:
-        8e:3a:e7:3f:58:12:8d:2b:77:58:b1:eb:7f:35:6d:96:74:f6:
-        48:1d
------BEGIN X509 CRL-----
-MIIBWzCBxQIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHW9ubHlDb250YWluc0F0dHJp
-YnV0ZUNlcnRzIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoEAwPjAf
-BgNVHSMEGDAWgBTFKJWbEsMCo9m4+7Yd323jU625IjAKBgNVHRQEAwIBATAPBgNV
-HRwBAf8EBTADhQH/MA0GCSqGSIb3DQEBBQUAA4GBAE3Q8ac3NhPkV9LlG7vAaDWR
-DIRTVQGeL79L1H5VT+pscfRUpbc4UKxDx4W5E4hPNlw1XINWSR3q0DTOv9YhQPhK
-Yu7EiHT3BRPMFZBG044EXwAu7x9Dz9qE1CexIsa1rYPNqovPDtcfdjemKY465z9Y
-Eo0rd1ix6381bZZ09kgd
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14EE.pem
new file mode 100644
index 0000000000..efbb15d909
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsAttributeCertsTest14EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 70 8F 11 3C FD DF C2 D5 D0 76 89 58 15 1F DE C6 C9 D9 E4 D5 
+    friendlyName: Invalid onlyContainsAttributeCerts Test14 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlyContainsAttirubteCerts EE Certificate Test14
+issuer=/C=US/O=Test Certificates 2011/CN=onlyContainsAttributeCerts CA
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEmMCQGA1UEAxMdb25seUNv
+bnRhaW5zQXR0cmlidXRlQ2VydHMgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx
+MDgzMDAwWjBxMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTFBMD8GA1UEAxM4SW52YWxpZCBvbmx5Q29udGFpbnNBdHRpcnVidGVD
+ZXJ0cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCupG+ZQFa1+AF3vKIN0iZQf4EAprxupX4n8IgjFQWXI42ZN8sQ
+rgpjM7GU/jQbheNxHcuZSPIkp9MAYkaoESZsq81ai045iqZRKEsCnoL8rWN9OJVK
+wRSkHXLeKfaRhYo86JFfjx0KkefPGw4G4IIxbtlulVcc/q4OSa0cKNEhrDQWD2uM
+dTNhHDYQQxt6kHaYZRb8krtPWwlEl+s3oYAVfzYo/b55hKlWCBkGa17X2RfFreGQ
+WcV+EseidphAB5YytCiZMsZ6L6CW0DEICVYi0OhH/0UX0BgRdOIvfgd2PRmL6uGj
+Jwd4yqI5aGfLOTF7bxrjqHdPOhdNJXHlk4VPAgMBAAGjazBpMB8GA1UdIwQYMBaA
+FE0H/vYtvLUZGlBN35kEem0zcJBOMB0GA1UdDgQWBBT/0UE0DUG+pU7lJIfWua/D
+vs0c6zAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
+CSqGSIb3DQEBCwUAA4IBAQCOPkqYnbLIBrJBXY6Jdcs0/qHhYCKjUGuwSM0xV+ui
+/11R419qTZlDeVEkUnF6wzHa2LrvGOxQuRfGcW4GeOnEq4p20iJy3h/kkZjwhuTO
+4GfrWYkHIH3wFdQ8xwSOW0egU4h+zdki7Z5ABi0nUYWQMV0bcIj5t69r8YM2Y/DD
+dddGgtxOkM5wJ1zuaFEvDT7YXrPXv2ndPy1j2ZecQ1N/87XS5Vt1y9whcfUyT2E1
+vy42AkyG+ePgNG4Z/ldDXOXYpCmfsITWgipmmkBgHztWgfdCRq780P1zKRwfMWyl
+C1ajhmo05Zm2uO2rQ1QoyzseVqS9d5oW9jEPaRQ3Q/FU
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 70 8F 11 3C FD DF C2 D5 D0 76 89 58 15 1F DE C6 C9 D9 E4 D5 
+    friendlyName: Invalid onlyContainsAttributeCerts Test14 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,60AF22A385D8A200
+
+vOM/Va8LUV+WEEoQr2eSsCybH+PMQPzHDwFvGiy7JEPwODr0e6qeaEaWFYj44RDN
+/SWUbgktQFzykev9OCIiyUP9cbGOD8T3O62k5omFStgZpMIF7SysnBLK1Tb4wLrR
+U/xA+h04SsZpUXWbVtTV8kIzG7zjoEVFZQkTMYTM46ax+wVCsF6O199rofHjtUBV
+hOwqE6ae2ntBrAioWIPI2iiZMhdJUk5fX8Meq7rQLBmEXgrNZlRVJn6OIjAjTpin
+UDu6Wh85Y4oEA6F/+JzhA5fF0iglRL+8NQEAwGTx8uLs3BzUGNisSBtiURtLoNvK
+/LU/iUcUfoU7YZDW9SgfE5LCcEJEHHj/kiCFsu491sCFS+6fqNMM7E20bxZZ3Ufn
+3ZJ/eBXapNI/rhqTlFhyBWxrOFhMcbuK8smmTsG1EOrl+B+9JcGZbjJhNfX0MIhL
+w4nLxg2+GS2f3pxz43c8+RkxdENCPe2DSaeTn15kNgo3KD1gg0aORN0OqFee8X3r
+lWbSmj0jwjLtxoEwy36A1K+sCVzvNy7ai2iHwk2XzPEgMK7rvPjjL0XPEI36YvMX
+LeAm2MGjAUHlzBoqcCQI4juhRT+tyudaW3+zfQeoM4adlja4RYpSV+7CGJsjvZ7I
+GxO99Wojl7sD3B0LhFpMAqFob38dqyadETWys9L9OcqQJwi657b8VfmnfIN0V61Q
+H5Nuo0rHmHiz+QJOEBwXj9KwMpPEBp6wl1KJsMuf0YbVDERd6uFdlH+nz7JnxJqU
+TE7GBDI1CC1Sw0eRBwHLMgNnJGF8BDa9dtTDCGhfOU0OWaslmMMsno/I7ujztQ0Q
+HElkSzLasv9u7eDeBN7c5D6e3Wew0FNpzG9c98SWbGa7UZRU24hKlBy6eLKNmCAg
+e+YrtxfJ6LZ1BGiq/1wAK+wePdG4WPAcOEmj3LmDTvCwwvs9tp93wxVdNK2U3eKD
+MN9aAHZvYBRatOkuuF5xdTUXHSD/xOCPCvrGckGPhd3UP4TXmynqJxXDeJLZRRQ6
+Xtm9TB/AyWDnfBqNQY+oWEUzwxHPge/rexI14MCptsA6vJwHHVZISwHyTme9yeUX
+XnXudqEoFpDPp6CJufFXQJZsIadgc9gFlRfQ+daqzziKoTy4HplpZ9uTjsPS5soD
+hO1ZqHX7XU/7m0eSRKzp0I2/HdZr/JycnU1Pj19vzbrMsgccfOq8Ih8et+JJsid4
+50/x5sbNdj8UCDEbF08sn+TyOqnPSibburaug3K3mLFOhCb1ss6NV2nsnRV1xquU
+GzbYay1ig7I1un9XDnNzva4jcuQYUfQt2mogStozmkmBrvDIJr6VgJdoUWU7MNwK
+CT7wZsrP760mh5Lf5YrRJm8DSu/QjdZ/Kq7b45DTHeBjDsdj3KPecZ8qG1gBcmNN
+eODKpKqmXMQDDioJFXp8ljOIr4zgZHd7w2HiuxX0BqnQZUNyenymEmHEABzM3Qn5
+WpsvZT3uB5HY5R/sRcu/mPqm90V0Kyv+68WvKfZSWacOZpYP0QEaLMcpqoT3QnL4
+F9ccIQ4dx0Wg0V3+sVFnjaZGYYbV4mJHOYlyD++eHwERceloZPIZ7A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsCRLTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsCRLTest12.pem
deleted file mode 100644
index 14d5cba2f9..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsCRLTest12.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlyContainsCACerts CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfDCCAeWgAwIBAgIBTjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWb25seUNvbnRh
-aW5zQ0FDZXJ0cyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqP8z3Y0v
-UCVXIVXCpbr+dcdoZFi0UZQPvl77hqqVORSs9FefV5mTeuoDDfhtUYa+O6Wzh2v/
-Yzv1MzPQzePG3eho/6CLs4pzqVWZDzYTG6OXubjPvYT10WykqfaWuivcn5YxbHuA
-cRitNsBAvY1Nq/kPDtsPJz1t5+PDRVO64gsCAwEAAaN8MHowHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPOhB0Zne+mPWavrVYaTyKzk
-VbcYMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGkMUjQFfto4SQpRJ2fAeU
-qXp2dn4kt+s/ITPOIykUFaybQ6eaGRcWN4kTi7IufbSeI7lmaa4SC+bq14tfSf/w
-gJSpwu58pIbPHKN0IgB+9S8eRS8wmB4HcBflmNZz/NX6wJzwJt15ZC+gek+eZGUw
-Qck6L9wt5i1wMFyRwBmAHQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlyContainsCACerts EE Certificate Test12
-issuer=/C=US/O=Test Certificates/CN=onlyContainsCACerts CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm9ubHlDb250YWlu
-c0NBQ2VydHMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBlMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxOjA4BgNVBAMT
-MUludmFsaWQgb25seUNvbnRhaW5zQ0FDZXJ0cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0
-MTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANFmoy4sb7+FLLRfH0FTJkEA
-4DUgy6WKlx+o6gViRTKyicSNbY5GWZ31r5z+B8SyeL0HaAYwkDBBNIJ2tLhSgKCs
-YASvqHqBa8YgpnDs3fh7d7perSH4t7SLblf2Ul9ABuDvFt/lCizK2LXgfDhcdrUU
-D7ZeOZTr59cuMd+tAN+vAgMBAAGjazBpMB8GA1UdIwQYMBaAFPOhB0Zne+mPWavr
-VYaTyKzkVbcYMB0GA1UdDgQWBBSsVnmrX9OpfaLqvFvE4FydtKiYrDAOBgNVHQ8B
-Af8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUA
-A4GBAFqv88cSXJ667X0tM4dQ5AyFGYONJIioud7mI0SXcDeh0Me/J1wmqDmlS7oj
-3vVTE6unv0EjjtEcLJr6FkHqYIksi9Fsuudte8FvQQ7aJEz6nzBpTe+kBINtK59k
-picBSyDN77AoX8AMqoDj39NP9DCaiq7fO3XL2Ei0MF4uG/1Y
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlyContainsCACerts CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F3:A1:07:46:67:7B:E9:8F:59:AB:EB:55:86:93:C8:AC:E4:55:B7:18
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        54:27:ac:fc:b5:7a:93:93:e7:f2:e9:63:f7:52:ad:20:08:4c:
-        52:08:62:e6:f6:81:71:1d:72:f4:1d:bf:db:06:52:d6:4f:8b:
-        86:68:4a:ca:01:4a:fd:b9:7e:5d:7a:df:48:67:36:9b:31:12:
-        dd:13:29:b2:8e:b6:ba:c4:20:31:57:4f:7e:c6:d1:3c:0b:e5:
-        1c:a0:c2:15:c6:09:5b:77:ca:95:37:31:7d:a8:08:4d:ae:60:
-        4f:3c:b4:ef:92:9d:f1:11:5f:a1:1b:2d:ff:e6:2e:07:88:4e:
-        2c:88:54:b8:e1:be:4e:6c:22:90:0e:37:0d:b2:8d:61:21:46:
-        36:29
------BEGIN X509 CRL-----
-MIIBVDCBvgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm9ubHlDb250YWluc0NBQ2Vy
-dHMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgQDA+MB8GA1UdIwQY
-MBaAFPOhB0Zne+mPWavrVYaTyKzkVbcYMAoGA1UdFAQDAgEBMA8GA1UdHAEB/wQF
-MAOCAf8wDQYJKoZIhvcNAQEFBQADgYEAVCes/LV6k5Pn8ulj91KtIAhMUghi5vaB
-cR1y9B2/2wZS1k+LhmhKygFK/bl+XXrfSGc2mzES3RMpso62usQgMVdPfsbRPAvl
-HKDCFcYJW3fKlTcxfagITa5gTzy075Kd8RFfoRst/+YuB4hOLIhUuOG+TmwikA43
-DbKNYSFGNik=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsTest12EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsTest12EE.pem
new file mode 100644
index 0000000000..7ee148209f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsCACertsTest12EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 13 FC A4 6D 9C FF 3E B8 F2 54 76 76 5F 2D 50 2E 88 CB E7 9E 
+    friendlyName: Invalid onlyContainsCACerts Test12 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlyContainsCACerts EE Certificate Test12
+issuer=/C=US/O=Test Certificates 2011/CN=onlyContainsCACerts CA
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWb25seUNv
+bnRhaW5zQ0FDZXJ0cyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MGoxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MTowOAYDVQQDEzFJbnZhbGlkIG9ubHlDb250YWluc0NBQ2VydHMgRUUgQ2VydGlm
+aWNhdGUgVGVzdDEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/4K
+0zMGaBEBzUZZ6uDkrqE773KlasKE7Ymp+9lwJD/u21K+67usJGF5nAdf8TJo39zd
+gzRiXpjJDEi6vHev7JQF7ZAfBUzpawXXCWKE22qrXC5mPYuaVKpGVgVqcPc2wscl
+LgqbTx+M/Jv6tT3Fc7v6i0xTdr0dC/ibu6Z2RIYRzK9oqzBMlSNbRhtK+dAUJWd/
+8eLtuLcjZYnEpomjCvWrx5g+rG6fYynQVY8vatECuuqNl8xzKhjvR19OX5PTTU/i
+1Nk8UynsEEBfdY+E0p+wXbsTMbUT40F07tc6QdOOzl2h3vxAD/ndNElaGeaN6myk
+98oly7EBZvDdxiW/MQIDAQABo2swaTAfBgNVHSMEGDAWgBQlOMOuyi11eltN1MAD
+kogTIsdsVDAdBgNVHQ4EFgQUR+X98QRRekMAokMlz+LSmBXnQUcwDgYDVR0PAQH/
+BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOC
+AQEADDWIC5mPJ09cQA+cNKz5Q+ChL1bQA0/1BLW5pKJQnG32QprScoDhWue75BZf
+3xR3XvpQA1TQSDdZUSVyO3p2gr7EwZEfpmM6VqXV8V4CH5J5ftXdHXVZxjauLxXg
+xaS7ijTZYuz20GryP01mqFdd5xrtE2Vc8DeAs4sES5HkPYcmlMV+tlplmDO9S4Fn
+rGigBRCu/+AnyJqDXipXNn3cEY3FXPx/e8z4Ol0N+UeVq8QyRNDAvwO3h9mXlQQm
+tQ219UqTn8gUfIl0P89PC8FRXK+kzcHW+oqDeiMGqMov1SQaAnYUCJ7dS9j7LtKt
+I6J24jnmVifPHYRTxEoggCGWHg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 13 FC A4 6D 9C FF 3E B8 F2 54 76 76 5F 2D 50 2E 88 CB E7 9E 
+    friendlyName: Invalid onlyContainsCACerts Test12 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,024C1D296C254FC7
+
+u65GxQQYdsrHdpxx4wp7d0J4WnlUBfQXvJnCauLK21H6ucElJUF9ILhdTst5vKSs
+jkNtGorKh7b7M2r91Wvc3GkzxhNBNgKJHW9/XsIXWc7KaO0X3d1rnts5VMsD3hmk
+ad4oO5NOslsJ02TKy/56rPTiQ9uRH6Y+jalbY0DPcy+6ul/IsRn6EZ+eRLcy/Bp6
+fSNiR6IvUWV8yr0qXuE/koxxW4m6JgL7x3hwi52GFEMewJ4u0Tk6ytTvmhMkQyAj
+pE12zRd3szUjO7OkSzqp3r4Kgahx5dmJBei6S0rc/nqoHDoy746uTVG0h55Dnvul
+rhOg/3Ioe1Qs0kToQBy/WFjzkJKD3opz0Y1vUm/KG2S9Wwsw5s6irkwO5s5tBwp6
+RJnW2TvS6bKZ6AJsvLGAhIh6m2MOeJV5H3FEqttA0cahzNfhLjIJKR3imEYVm2mS
+BU2LztU7sxlFSpJg0uGW1x6N5LQ4vTM6dS/SD+J5FpT3JSkokrjoI35xt15vkPQV
+94uIQuP5A5j3xFhakoWKvnX11ivb7VTr5kO4rcLMSsoqeRVD1+9Q/j6UFky1Uitb
+nwjRBHj8Xe9yBIJQQGhSe0f6HlC3DHsEMWgKpTHtUCNUuwEU5tDYJ6iULkpXz4if
+4adDW5d8yOWAywfdvOMyizl+GCbeyaGhHPUoFePmkoqLUtpBDhPgEUqUiUI7GlTk
+H57XnCBBvkwLmIRyrpcItU78GB9qFoRKK2/oyVGbtlct28Jt02GXQ0i6OVWyFUIe
+5uTlUrYJX51rcCbksk0zrLBkzYrUV1Jv+MRso1u5Ik/Zl8It3LGZSvrFcVjbQgf3
+mab0A7p19mElW51KmbQGTcWqXUNTsLD/7VPKEve8CtnQJ/gqWdM7ZN+w66X52uJX
+xvGgEDZf529wBfTuqLX13EVMovtcYql60MO9haH2Nlr1xs96vE1Vk8iYhxRt+c6Z
+HSZHGSJWhvt66pKRHxhyFM/csjoh2MAJPfKT9Ybrm2pz6rlSXdZ8I1UiBeN4Y/Ps
+97mxctU5iZI678tt7toQLF6PCyqrQKqWydLccd1145jz+R7tzwsBBfxCSsAJxZ8q
+exLe/FVRlkUK2yzRD5eDq0Axla3QuK3yzZ3BWV5Y+StUh+6BitLwFAZSNE7QZSRC
+tDUwWeyWMLuQLg2aWG/Lc+OPH8ypRQNeMj0fouQyxx0KFxP9cbK0Ue+k6lMwK62q
+1lYI0Ovv7dQ9CV9weSrmay0pPnv1mXhmBvQYN7jpT5VJIxYOo4n0/q5PfhpZLlj+
+OJB69K+AwPiPi5hPvX4LXn8CBSFJxb8fdR4lpGnU+MkKWxAoy8JUoQ1DZNxJCXyj
+qJzenggc5hmdaZBbjwFbSeqdwFuq3kk4lZkb90L/lIVTjS88pgsdRct/Q/bs3MYx
+HzZDRo0xB8nJNi5mZZyKYBAfG6hpFrPmTqTSgeEz9UjVY4AI2sS7Yoc0LZ6Vb+eJ
+DJ2pWSMmdfU7ziRp7eaiCs7TPzsk0aT92dhCcbKGX/mudxmguqtHYdlRgIJmmUUh
+9SAsK/4/yQx+GR49kpUcPlmBekrAoX7HcEOAjRHpgYk4V/UlT0PRrw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsCRLTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsCRLTest11.pem
deleted file mode 100644
index 237f79a05e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsCRLTest11.pem
+++ /dev/null
@@ -1,112 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlyContainsUserCerts CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBTTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYb25seUNvbnRh
-aW5zVXNlckNlcnRzIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9uYsu
-53u2+DI6YJnVIbUEBXbifJtOvR4Id3dAWtLRtp1J1/cjbUdtunT8MP8UdMiOu5GH
-qkkjCow40bwn18zVUFC+tbTitFHZwkcY6vpoBiYh7kfUGyOWMuGhYDDmL6f1GyGq
-1cPMSG3TI65vxTRu69NqZ6A69+6oecCzEhZwDQIDAQABo3wwejAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUWss3HtJGmFwTlfjfuDr/
-EUCtFfIwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB4p94csINQawOHlCIzE
-BoDqe6fIaND41iV0Ho1HK5OQyoKdGUAUm3cuoyXOmA++mMrGdqZd+xqQswur3Ve1
-iKj1z3ZAfFHI07GT7nOS9yTHPwIwW1FaFsaMkJyHm5McmiVJ2RVPcuhZM8Hg/O1t
-lEtxFRbVcGf+7bi5eI/HHmmB
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlyContainsUserCerts EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=onlyContainsUserCerts CA
------BEGIN CERTIFICATE-----
-MIICpTCCAg6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGG9ubHlDb250YWlu
-c1VzZXJDZXJ0cyBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGcx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE8MDoGA1UE
-AxMzSW52YWxpZCBvbmx5Q29udGFpbnNVc2VyQ2VydHMgRUUgQ2VydGlmaWNhdGUg
-VGVzdDExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgvtvHKcfaEySW+gTB
-goP/idcErgtO4WHFdiTLJV2wwSRVKNwruXMNUfgnsksQ+Tqa24KJWAJpnh44cvcT
-C63piJcmXs35SuSRbS3kefpDW1HmvkZUJ+xEp+jouS6IXKBI+bX0iASJpBC8rDtw
-TdyTa1MWv7veksCshAZr3cxBgQIDAQABo3wwejAfBgNVHSMEGDAWgBRayzce0kaY
-XBOV+N+4Ov8RQK0V8jAdBgNVHQ4EFgQUb0/1XSOZ9YvHmG7rvM8eBcBgOI8wDgYD
-VR0PAQH/BAQDAgH2MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAJybyf0fbsSEKPlQbxKeyZBQXdWfQGeo
-1NVyDN87XSKQUe9fech7qiUC4Ua2z7mWrIIbDBylvl7ff0NFiPTK6+tl4Rt+zaX9
-qzA+dIuVr/7NPrlaTSmJglaX5n1/2h/dYhFbJUXe5L5FOpE3uq/Cp83MC5AQzDxR
-UrWoUQdNtOhm
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlyContainsUserCerts CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5A:CB:37:1E:D2:46:98:5C:13:95:F8:DF:B8:3A:FF:11:40:AD:15:F2
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        52:63:40:55:91:4a:88:23:0d:64:84:b4:3e:50:a2:0c:ba:30:
-        81:b2:86:2f:ce:0e:b5:b7:e0:c2:d5:10:63:82:0e:88:ab:90:
-        d6:a4:df:11:22:96:15:f3:7e:cd:ce:0b:87:54:0b:3f:60:c7:
-        6b:a6:04:9a:25:8d:51:af:b2:c4:da:f9:d5:63:57:f2:b8:f8:
-        07:d1:bf:0b:a3:77:a7:e6:e3:87:a0:97:5d:4a:41:07:b9:36:
-        98:bd:54:93:95:32:d9:7c:07:83:e5:d7:54:77:be:e4:eb:e1:
-        03:fa:e7:83:fd:78:45:4b:a0:42:87:52:c1:1c:18:06:4f:39:
-        f3:09
------BEGIN X509 CRL-----
-MIIBVjCBwAIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGG9ubHlDb250YWluc1VzZXJD
-ZXJ0cyBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqBAMD4wHwYDVR0j
-BBgwFoAUWss3HtJGmFwTlfjfuDr/EUCtFfIwCgYDVR0UBAMCAQEwDwYDVR0cAQH/
-BAUwA4EB/zANBgkqhkiG9w0BAQUFAAOBgQBSY0BVkUqIIw1khLQ+UKIMujCBsoYv
-zg61t+DC1RBjgg6Iq5DWpN8RIpYV837NzguHVAs/YMdrpgSaJY1Rr7LE2vnVY1fy
-uPgH0b8Lo3en5uOHoJddSkEHuTaYvVSTlTLZfAeD5ddUd77k6+ED+ueD/XhFS6BC
-h1LBHBgGTznzCQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsTest11EE.pem
new file mode 100644
index 0000000000..c12b5a1934
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlyContainsUserCertsTest11EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 88 56 67 0E 71 41 E6 F2 AA 69 74 97 F7 89 E4 5B B5 28 28 BB 
+    friendlyName: Invalid onlyContainsUserCerts Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlyContainsUserCerts EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=onlyContainsUserCerts CA
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApygAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYb25seUNv
+bnRhaW5zVXNlckNlcnRzIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowbDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExPDA6BgNVBAMTM0ludmFsaWQgb25seUNvbnRhaW5zVXNlckNlcnRzIEVFIENl
+cnRpZmljYXRlIFRlc3QxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AOaBsVf5mQNZERJjfa68546sUDPNfixGH/qzKOIBzlTFSfSuD7jIYTRkIr6qrbBo
+dPF2V2Rnsz+lJNYvNol8D1BfKkZgjpz5QPCqOQ1JBskqQfO6MXG8xl2DBb7FH6Ge
+jURHGJu7RS30qob03dvQTGEFc7aS7lAj/Ul2D2+IjMDJxIICb3/SwI1lOcWFmmJj
+wm2nBat41oGiUZ41C+lJZ8vbOs3e7BwsJIi7NdnDH2ke4AKTnavfO22CvSs1RVbB
+1kHMvi+Ux5/dQVZAqmv03oXkC4BgHjCra3vLv1O08jRg8f32fdxDCLAA2gQsOQIH
+1wcJaTWap7Ls5IxiaVEWt1cCAwEAAaN8MHowHwYDVR0jBBgwFoAUnbwAqdwBzf4d
+loh9tZ5Pmd4k0gUwHQYDVR0OBBYEFIeuKR8BSlP4kL3Yk3Y4khRKcv8MMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIB9jANBgkqhkiG9w0BAQsFAAOCAQEAdaRcEMmTAKhn8X7yDP1m5Rztq5pvbDbh
+C11BkkMph0iaaGqfv9+rLhoSUsSPMcI10R3mGb4lJnG0pRSWOg3ue8FaLTqSK7Eh
+QrdLjieU2w36bsp8yUg5XIXvhjYA0TLJ7SxqitUmoniOLHpERNd04nAP5bXJMNvo
+G45/n99z1jXUugbCs2DND84EMXSjKekhzN3cO73VFaT4b+BIlbnqVx89CvMNj+eJ
+O3xfgd4eBmMvPC6mrxGuXw3E83sUOOqlumIZsmf0zcWci8aJIPvgih3yEBa5Tihm
+BPnFS6XFB48CEs/iiPTVzSL8VbHudw0rxrT/ZAfi3C78mXEPzu/AZw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 88 56 67 0E 71 41 E6 F2 AA 69 74 97 F7 89 E4 5B B5 28 28 BB 
+    friendlyName: Invalid onlyContainsUserCerts Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AC64C592EFCB03CD
+
+nlYYtTW0DxFH9vpDyxm7PKRBLHiz8SrqsKUelN8D7C3uuynXtssBXf++0Y0zNHZj
+qcRd2yuIKhMnBrrIDOC3RzMcKRfAIxbW+AdUsV8sWuhvnTdXwEj7tmnDmtL5vuG+
+zqTe5/4l0oo7QQEUxNUWriPb1ZQyPFAsxdtzcihd30EgLOIUM8cfNl4FVikGPZ3X
+Qm8FDsEWnvPBaDV6pfd4Nh/YnrB1vfHsal2eJJ5Txkqc3gUjnoADwmith2/6ZTBd
+S6b5PiqiZSyqtDO7zxvueV1Qa5Dn7k4b6eG+lOnCo11FP2Tk4Ltz2/3QxIGCSv7F
+C1MpSkmNCZANcCHii8qZBQbB5Rm3tiR5mIY58EWBk2ZaX5086QCr9fzViQnLbCFd
+a0fjx1P/qb5ZbsSki6DI5es0+UrjkoTXyDSmvj+9NyClA99Wl2zCIyeFD4heie4J
+Cn512Js850qTCuE81tXg1HDOvbRz+jSBHrvj9KSMTZdS9e37Mqi4sZbNPBoQ+B7k
+Z8FBHnZKqJY2ojVbU01yeVUq3ztclRUbgsmUS3Cb65TACiOfwrUF5BL0M7THy/Tq
+0Ztdefmn1iwBF8qLySSt25d2yQGXTyRXu3sHtsiqVis7QCYwmMOVWeAzi/BwjaM0
+TLuMIm3lGJWs+Y0U/S4ZthjMR2CjpY+h07wlxjJiLOSczCYnhduo18D92OZ/r279
+OtaSOhlAbTYXPGufIeHAN3mANaq5jWezLQHGD6D5vdn6W25r80qbTOuFPxb87dsd
+tj8UBb6ybik3Ub2z0kUcuoL9kIzQp23HQeJn9D4jQor3vAT7A2JdpVcuAn21pWiq
+MO6rLla2eCJIUo5hn48jbjBbQxxt/PZApVZZiqKz3lCwhYRM1kilHrseGgv49p2i
+pULQoYZk2hfWn660H3T7Y/Y5hBX1HeCzJmvNsrqJSgsKRsYsgzoR2xRm89jdO1kh
+TUO4dbM7olL6ASECNAnLh37VHV4/KDp2wXUC9lZI4aXqH+GZrKvW1UUs4JD6Ste4
+lYTAklrnMVla79fI7PPfy1n+ihIlzdzelhI/CTyTzs8xxNh+2mPM9+CIHAmzyVOs
+gApir62xWFb2sid9qY4NyuKvkeDQ/cQIE9/ULfeL3GIkhtB7KoaRkBAtsZ5+lSQ/
+fjhczdDkPXg2ZqxsHYhNaw1PRMCRhE5l69D3nluxZpoCb+moJxtb+Pi2EAYzvC7S
+px6oGEZYYL4Hu8zJvVvoTeku0QK5nBXUXQg8A4mjUYoj9jCurOyQsqXrxnkz2MBZ
++mCjAq93lsfpy98+jEBByM8d173wzjmaMGnS0Ub6YoqJ/NVjKF58ZxGNDSmoJPk1
+LaR+/B/SdD3JbPO7QdUN2h3e+6QK+S21gz3KX7tRy2by2jKmJbtPKXkbdXEbX4O3
+ENm0xwJuh6qdllaVpBG3sPQYNy4M9R6WXoiYVW9KCCjIFry7JvGWc3LqZ6t21nNU
+G4tJzb51ysMda5NWZr5mRAcN+z1BE1drFxTS5Sdg55kVFnn5CrRcj0RHg5FppJCK
+/MrF3vDRuyu0Y5IjnBdrncP/vgjoJKeHVd3lq+y/lSprOQIPkHp5xw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15.pem
deleted file mode 100644
index 819cc4017f..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15.pem
+++ /dev/null
@@ -1,156 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlySomeReasons CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTb25seVNvbWVS
-ZWFzb25zIENBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqY5YemfCgwOg
-IB+hdOlRZFTinhkf1OaHBpkEgH6r2jJPiuhXh30ZT2TwX9aBiEGnnKuHuZmwGUK/
-DCnAfvpZ621Oo7LXsNQFtGDYrh8Rfu93TxunsJNZQ9ZXWEcIjot4YGkbOO8Nu0il
-Z/zLKJKQUSKKBW/5glVtiynAaixm6k0CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFOBimt8FUL0fD1sYSf6+cB3M3Dlu
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCbnkFzDActclPpCRyu9PWbUrnQ
-ZU76d5EXV40N6ma0OBngkU+7TJgmUNS2anUuxF51tkeYvMlqADT7KijrN/rGSipZ
-yVR/ds2UaXdbfIfuFOs5TuVeClJ21BkYQgrmZ90/ti2fgIKn+cA1MQcnthtmtGJx
-1JuSgthIOVfbeMWdCQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test15
-issuer=/C=US/O=Test Certificates/CN=onlySomeReasons CA1
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVh
-c29ucyBDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu
-dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QxNTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlsynYvXyvl+q7eNnQ1pHRTzYR3jQt0ko
-GQ/U1Q9AsMdHihxgohDFbqyRbq2ODI6t3HGT/h8JPCPLT+dLhvwixeYhgms3m/TJ
-+mnXebr5bHI3PjF61Cw/mJe45Ab+arDxdumnvJRtw4EIB5lDwOrD9bHBE/WS1mem
-ndOkBLQNG8UCAwEAAaNrMGkwHwYDVR0jBBgwFoAU4GKa3wVQvR8PWxhJ/r5wHczc
-OW4wHQYDVR0OBBYEFKqEMbmbidNhzPioeu9tHpG1I305MA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAIIqO
-DY8YnDAv4BQddow4PTv5P8bnPkA2Ogs3Du04Lps9gxrBVYHDIT7UQVZ5hzZeXnmW
-rLwQeI2wDJNhjMhemXksv4rrf1pL65em4hQCuwlCsY0Nlc3z5hJjLslTd85fgQXk
-mDYbw0db0b1fRGsA+RkiIRM7ynpuT6753gVv4ho=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E0:62:9A:DF:05:50:BD:1F:0F:5B:18:49:FE:BE:70:1D:CC:DC:39:6E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....`
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        99:f8:e1:09:a8:5d:d4:4d:a9:18:5c:91:9c:2c:a2:51:7c:dd:
-        61:bd:4a:38:0c:5c:88:46:56:55:06:29:70:0f:cc:1d:cf:44:
-        d9:9a:b9:11:94:82:53:48:b5:08:4d:19:89:42:c0:ff:7d:42:
-        e0:39:98:43:6f:40:f3:e9:5e:8e:fe:56:3f:f4:4c:60:0e:22:
-        29:c3:90:7d:2d:ea:d2:96:f1:3d:ce:35:d4:30:72:f2:9b:fc:
-        86:44:fb:05:b7:3a:08:d2:bc:95:e8:d3:2b:18:a1:64:c9:25:
-        19:3f:6e:8a:a5:9b:99:e4:f4:ac:1f:f9:ea:72:9c:88:b8:8f:
-        ac:e9
------BEGIN X509 CRL-----
-MIIBdjCB4AIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD
-QTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEBFw0wMTA0MTkx
-NDU3MjBaMAwwCgYDVR0VBAMKAQGgQTA/MB8GA1UdIwQYMBaAFOBimt8FUL0fD1sY
-Sf6+cB3M3DluMAoGA1UdFAQDAgEBMBAGA1UdHAEB/wQGMASDAgVgMA0GCSqGSIb3
-DQEBBQUAA4GBAJn44QmoXdRNqRhckZwsolF83WG9SjgMXIhGVlUGKXAPzB3PRNma
-uRGUglNItQhNGYlCwP99QuA5mENvQPPpXo7+Vj/0TGAOIinDkH0t6tKW8T3ONdQw
-cvKb/IZE+wW3OgjSvJXo0ysYoWTJJRk/boqlm5nk9Kwf+epynIi4j6zp
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E0:62:9A:DF:05:50:BD:1F:0F:5B:18:49:FE:BE:70:1D:CC:DC:39:6E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0......
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        5a:9a:70:59:4f:6b:42:27:d8:2a:70:9e:91:bf:f5:09:c0:2c:
-        8e:21:5d:6a:76:0f:70:61:ee:f8:20:c3:00:cf:7b:40:78:c5:
-        25:5d:17:cf:c7:74:61:29:40:93:91:c1:52:68:4c:02:e3:b7:
-        c2:0c:e3:26:ab:fa:2f:e2:0e:70:60:d9:ed:34:ec:72:4b:98:
-        57:8c:5a:dd:1c:50:d2:6c:44:ee:4b:89:d6:f9:d4:79:64:9f:
-        e7:f2:4f:e9:10:0c:8b:12:c4:ef:e4:2d:f8:8a:c6:94:9a:59:
-        24:1b:f9:d4:6e:4c:19:4d:ed:4f:3f:e8:b1:29:f6:6e:2e:0c:
-        d1:ef
------BEGIN X509 CRL-----
-MIIBdzCB4QIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD
-QTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0MTkx
-NDU3MjBaMAwwCgYDVR0VBAMKAQagQjBAMB8GA1UdIwQYMBaAFOBimt8FUL0fD1sY
-Sf6+cB3M3DluMAoGA1UdFAQDAgEBMBEGA1UdHAEB/wQHMAWDAwefgDANBgkqhkiG
-9w0BAQUFAAOBgQBamnBZT2tCJ9gqcJ6Rv/UJwCyOIV1qdg9wYe74IMMAz3tAeMUl
-XRfPx3RhKUCTkcFSaEwC47fCDOMmq/ov4g5wYNntNOxyS5hXjFrdHFDSbETuS4nW
-+dR5ZJ/n8k/pEAyLEsTv5C34isaUmlkkG/nUbkwZTe1PP+ixKfZuLgzR7w==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15EE.pem
new file mode 100644
index 0000000000..26e7942db8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest15EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 91 3A 6A 9B 0C 86 1F ED 56 FB E5 1A FD F7 57 70 9E 4C ED 88 
+    friendlyName: Invalid onlySomeReasons Test15 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlySomeReasons EE Certificate Test15
+issuer=/C=US/O=Test Certificates 2011/CN=onlySomeReasons CA1
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UEAxMTb25seVNv
+bWVSZWFzb25zIENBMTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGYx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTYw
+NAYDVQQDEy1JbnZhbGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MTUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMVrlEw9XZiZPi
+mepF7QiknCt+8ohKGyg8nAGV5rVbeT+oyOa3yqjcBBh8ON02JWnb8TD/TJMT3WwY
+UUc7AWPuKhK5tL8eaK9OvkN1R5adVRHW8P0XQ/DyObtxFP+bGHt+XvjBCGQWd0gP
+lrMo+24AgFgijyTRtbAVi5RDg2vG8PAVIPgO1kV5Ly7tIpp7ovQB4wpVbdjoD+Xy
+zmgm2kxbYy5j6TV1phFV0GNVr7Pb2+4FSOuvqCp54XSqO/qeXVSc0oUD/ZZznQzD
+23GQ3lIvdKhjfefhzlKExEGIbPEo1gYEZ4DI6M7+aERB1+1STbZRUE6o/wMOTJHQ
+75Fim7QPAgMBAAGjazBpMB8GA1UdIwQYMBaAFFBo0QlBJ4fnCk63eFb7F47uBAdx
+MB0GA1UdDgQWBBSmoXAX8YjFXLcBX1sI6Uhdu0kKQTAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAlWQIc
++Zh8/MirsIMTkslJm7tGZ/WLZlhRf0t0xqAc9gNvfh+tGkAe6jKWBrm3Le3wLsQl
+BfwAnI7gA58qqDvO7KQqaaQS2WJH9seZjG33Wtxwy92Ct+4koh5zNEXGVwmAtGQR
+hD7Fo7H0E/gRVXnpkv29ObPJBluGh/zYMCVAXfyCDUjHjDUyrLXAYHieNzBIUQgg
+GRuzrOy42lrO5PZl8Y+BANpKXzL0mmrWC0bjMdaQjWm6obqPOiSrK+/g2Q+k2Jjc
+I4GxzuuRKrDc4+q1w2R5OWe3yY2u4ecQWrGKL6t/TO7oB3F0JLYxqvwzE6Mr15et
++ygEE42T8tUSuz9G
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 91 3A 6A 9B 0C 86 1F ED 56 FB E5 1A FD F7 57 70 9E 4C ED 88 
+    friendlyName: Invalid onlySomeReasons Test15 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,90A5B5CF0638D715
+
+Y25oaoeE+pbdQJ3tN2fVM8ZLJvFDiLjeT5oThNrK/6yS08BfU88nIDsLrVebi2Aw
+IxHE+TbWDtmLdbg5Ql8/DO8VlRZKDAvsPKrGs3s3O8fv8BLEUnwPgXP1g0Ko7Exx
+NrnzD/+p4LlKOpHxiCyZwXckCitFY3uNwFiH7fHY2KyupFS7vM7AES0b8tl+vyma
+IfAdL+uiAMqKh7x7um9dywyJbuX2008qRIK6BF6HRLNQUyjPyV7qLjM6r4g6I6iN
+YD3QMqXimPdrdC5yrl/nBGuESczO5JEdIc21MKkyssz9kc17YbfAPv1OdP7+P2iL
+3hvqemLmfm2jRay5bu/OiofegXfoN6P4g7q9qQ3RoBTnamSSuI7UUWxrnnO5SlA5
+F9MmpLG40WAm34SYlkYxHsicntKrs+rRDKkntfxER8c3tOOMhyKHBDkDzHHvSHSe
+M6QUXsNimcU/vfcO1XeD8x7X+hYW8NGzwAO7nD8ViBm/d36Sud7gnfnmYv3ZkNiP
+JU2Xhf1ngZCbrFjniiOTltVJoGJfdlJkPjxAReEO9Uk8hshoVygfRM7syYVEbNaU
+SJmxh9AGg7Xma67yVVlPwQlFBcp+wKe6dCXq5aoFeYQxiOA3BPKkpKhir6IdjS/p
+Y22wBBUUrwhqhfxWLi4PwZwgX44oAXmjGyWbs5sVaRn8aXLbSs7+Y6I3B3eL+8Wg
+uBFfBEbugXtnt4Bb/SCzn6B1RqsFC/vNb1x1vqrA0l/y2+2hPVetEaiD1vlUIDC0
+kvxbWSH6EarH4k6eM1dI6ie+rZ87hM12LfFbKzjrJxoxdo8Rep4h7B0cStzz0Vc3
+I75ZnUmncB9gDrF+cbVi/5yQ6O5JKTpwFyFilV3kyWUJJpIdMg/UBlDXN3Xq8B9O
+T+k98F8cOzapFu7sBFj/euD27zubl2WQFvYjzsP/l9BB0GruMAFAxqNrvvpq6/Uo
+r2xVvBrmpXbqd8uXsaGg+cLCw5p8mlPaOcRVXeuveP6bvAy8u0PP9wlTOVj0f4vB
+Rz4VOg/0GderyudWgz5WqSTSmk/AuRVM7txtQwRoTKR0pNB62AM2/LBNymfoNcwn
+My/dfWqvUQXLqVwK/Rq8aln4W2GJhw9ABAzsfin4gOupIqFmOIsMx9DmKw++ETg6
+OE6a/Qrtp9I2gbxshEQkYDg5DMFXApSwC25dO9kpXmRQUWqMTyglRXeldmJLA/Yc
+m74FQrsaTznEm7ji1XPUEgkM6Es1fdXJiXj5WuUKZrcfsgMVeRHockanIAgO7svj
+hdNn7AAmcXhzWqF4m/992Sc3V4VIuZKsCskT5fxMHRUVNXh3nZYBNpMLKbU89p7k
+W9u3+tTdT9yXtaDHg6sXGK5Dz0HIMa1i929cAPggzinqY/fUAXoH5wIABCa6vHEz
+o74lnyMxcHvu62/KKvuv8ba7jdFmtW0pKPMUxjKLSAPNDOeZVt98+Yip0Hx2BeLM
+1mnNWFPVbQBOcswVFToqH6zPzrB+/p46JArv8PlIYbsnPLHDpmhFm16C6VDF0vvm
+/QKcsYWA6D+f2ghn1ggxz12b+kUDbP534MsxTSIpWvKUAR8D7BEDxQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16.pem
deleted file mode 100644
index 76ef3b7b53..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16.pem
+++ /dev/null
@@ -1,156 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlySomeReasons CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTb25seVNvbWVS
-ZWFzb25zIENBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqY5YemfCgwOg
-IB+hdOlRZFTinhkf1OaHBpkEgH6r2jJPiuhXh30ZT2TwX9aBiEGnnKuHuZmwGUK/
-DCnAfvpZ621Oo7LXsNQFtGDYrh8Rfu93TxunsJNZQ9ZXWEcIjot4YGkbOO8Nu0il
-Z/zLKJKQUSKKBW/5glVtiynAaixm6k0CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFOBimt8FUL0fD1sYSf6+cB3M3Dlu
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCbnkFzDActclPpCRyu9PWbUrnQ
-ZU76d5EXV40N6ma0OBngkU+7TJgmUNS2anUuxF51tkeYvMlqADT7KijrN/rGSipZ
-yVR/ds2UaXdbfIfuFOs5TuVeClJ21BkYQgrmZ90/ti2fgIKn+cA1MQcnthtmtGJx
-1JuSgthIOVfbeMWdCQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test16
-issuer=/C=US/O=Test Certificates/CN=onlySomeReasons CA1
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVh
-c29ucyBDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu
-dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QxNjCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlmAr5pfd8vA/RDJSfo8qPEDAbLwbxhVf
-lv1WYCncGfhiyC77BYzSvBHiEp+84tJW6lBUUEewGRBDKerNZAnqkirYwLYccwav
-76qQJnSFTKmjDS7BofPWH8/bVZXjwjGikKAChuVcBykwZt9zOhFCM4y5wUv1IEHe
-iiDpoHEIPqsCAwEAAaNrMGkwHwYDVR0jBBgwFoAU4GKa3wVQvR8PWxhJ/r5wHczc
-OW4wHQYDVR0OBBYEFJdQKB8LbKa2dsGgu3qroJY+rlmzMA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAG5qf
-f86xb10ogmC7H1f//9eykm6gAA0EWFwyXzjCkIlk9WPjGOTBU3WNURziN5LdblcZ
-Csf3gFtni07sN4ISdLTnJFzuW8Nk9vfmmhV74guH9wvMv4fCVInMBZEaak0bR2dY
-LxvWYJ8K2rgUN4E3A5nNFA81/1xxbwCq7c2koa8=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E0:62:9A:DF:05:50:BD:1F:0F:5B:18:49:FE:BE:70:1D:CC:DC:39:6E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....`
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        99:f8:e1:09:a8:5d:d4:4d:a9:18:5c:91:9c:2c:a2:51:7c:dd:
-        61:bd:4a:38:0c:5c:88:46:56:55:06:29:70:0f:cc:1d:cf:44:
-        d9:9a:b9:11:94:82:53:48:b5:08:4d:19:89:42:c0:ff:7d:42:
-        e0:39:98:43:6f:40:f3:e9:5e:8e:fe:56:3f:f4:4c:60:0e:22:
-        29:c3:90:7d:2d:ea:d2:96:f1:3d:ce:35:d4:30:72:f2:9b:fc:
-        86:44:fb:05:b7:3a:08:d2:bc:95:e8:d3:2b:18:a1:64:c9:25:
-        19:3f:6e:8a:a5:9b:99:e4:f4:ac:1f:f9:ea:72:9c:88:b8:8f:
-        ac:e9
------BEGIN X509 CRL-----
-MIIBdjCB4AIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD
-QTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEBFw0wMTA0MTkx
-NDU3MjBaMAwwCgYDVR0VBAMKAQGgQTA/MB8GA1UdIwQYMBaAFOBimt8FUL0fD1sY
-Sf6+cB3M3DluMAoGA1UdFAQDAgEBMBAGA1UdHAEB/wQGMASDAgVgMA0GCSqGSIb3
-DQEBBQUAA4GBAJn44QmoXdRNqRhckZwsolF83WG9SjgMXIhGVlUGKXAPzB3PRNma
-uRGUglNItQhNGYlCwP99QuA5mENvQPPpXo7+Vj/0TGAOIinDkH0t6tKW8T3ONdQw
-cvKb/IZE+wW3OgjSvJXo0ysYoWTJJRk/boqlm5nk9Kwf+epynIi4j6zp
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E0:62:9A:DF:05:50:BD:1F:0F:5B:18:49:FE:BE:70:1D:CC:DC:39:6E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0......
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        5a:9a:70:59:4f:6b:42:27:d8:2a:70:9e:91:bf:f5:09:c0:2c:
-        8e:21:5d:6a:76:0f:70:61:ee:f8:20:c3:00:cf:7b:40:78:c5:
-        25:5d:17:cf:c7:74:61:29:40:93:91:c1:52:68:4c:02:e3:b7:
-        c2:0c:e3:26:ab:fa:2f:e2:0e:70:60:d9:ed:34:ec:72:4b:98:
-        57:8c:5a:dd:1c:50:d2:6c:44:ee:4b:89:d6:f9:d4:79:64:9f:
-        e7:f2:4f:e9:10:0c:8b:12:c4:ef:e4:2d:f8:8a:c6:94:9a:59:
-        24:1b:f9:d4:6e:4c:19:4d:ed:4f:3f:e8:b1:29:f6:6e:2e:0c:
-        d1:ef
------BEGIN X509 CRL-----
-MIIBdzCB4QIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD
-QTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0MTkx
-NDU3MjBaMAwwCgYDVR0VBAMKAQagQjBAMB8GA1UdIwQYMBaAFOBimt8FUL0fD1sY
-Sf6+cB3M3DluMAoGA1UdFAQDAgEBMBEGA1UdHAEB/wQHMAWDAwefgDANBgkqhkiG
-9w0BAQUFAAOBgQBamnBZT2tCJ9gqcJ6Rv/UJwCyOIV1qdg9wYe74IMMAz3tAeMUl
-XRfPx3RhKUCTkcFSaEwC47fCDOMmq/ov4g5wYNntNOxyS5hXjFrdHFDSbETuS4nW
-+dR5ZJ/n8k/pEAyLEsTv5C34isaUmlkkG/nUbkwZTe1PP+ixKfZuLgzR7w==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16EE.pem
new file mode 100644
index 0000000000..f4692f06c6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest16EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: FC 19 32 E3 5B 7A 6F 8D 2A 12 5C 1F 0E 6C 58 47 CD 38 02 B3 
+    friendlyName: Invalid onlySomeReasons Test16 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlySomeReasons EE Certificate Test16
+issuer=/C=US/O=Test Certificates 2011/CN=onlySomeReasons CA1
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UEAxMTb25seVNv
+bWVSZWFzb25zIENBMTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGYx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTYw
+NAYDVQQDEy1JbnZhbGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MTYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq8KivhrS5GZix
+Tpa3ipGTij1/L7BsHNs4DNbMHldcc8b0clfqiS4/svyHh0VryHBWmHRdCgZbkQey
+6DjkzmCk4w3bCP1HtEiMGY5Wxr/XdDBuzCwb87pqKb1KFFqgzgxRfnIswCBPlmY/
+IE0+WL2hbMDCOcfswi0ErEjBAhLglYqzuCb8r4md8jbkn5G1slSeR81NEpBoB/RJ
+0pRFlAlToLm5rp3B19nOYg10J0xhUe+UvQ+4VA9waWVj+X0YrAPebjU68TGP09XO
+r4bmI8Wr+3evvbG5YoibP2xKxkaM3TIvkKKMwvAwXF9riZwIgH8jzr0gvPquRDWG
+d+/X9HdrAgMBAAGjazBpMB8GA1UdIwQYMBaAFFBo0QlBJ4fnCk63eFb7F47uBAdx
+MB0GA1UdDgQWBBSpmSNi0uf7AXBBlsBPTYcCUJ5jZDAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBxIJ/R
+TDz+JlEBsKmnazaVAZqhgitlJffJGlWgsWj/Upaw/3CcGtvfY0lOjD3+IFdloKNm
+gmoiDvovGFwx+a498KvDG+xiiAQ80sJfCWhSrobV+CfqH1zI5KIenbk0tziaUyX1
+BudL/+68UPc8gvuTy+nGZlF2TNx0ur9fQ0YTxHMQqInRzI1S8lRDGAWnXiE9j98a
+BUvTPgJIe9g4TUBJmzDg4A4WQjyLbyHgzk5nT5QAkwcejbw+eBlIR4fMAIcKFTp7
+7VMxuHNgLCeRq2kejdJ8sFoeInFVJg6+WDP/3KMiKZ1DnSVOsIKJpIiwBXR0hg2u
+7qYSQLZQDhrFf1CT
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: FC 19 32 E3 5B 7A 6F 8D 2A 12 5C 1F 0E 6C 58 47 CD 38 02 B3 
+    friendlyName: Invalid onlySomeReasons Test16 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,401E21BDD2BD841A
+
+0atul2/gZlaBAQfxewjEVGTp5EG00HVEpV4Ll+94rY+pUyCz3QTOb2/kY1++6HY3
+M5a3BWCVONvlEhNJHhq3DDCmroo8sdt3prhUAIu36JNeguySL78FY+KYb07mtygY
+74dHdI1InXkEQYApCkcDL7umrRXh5Wb+wbYoXBjlom+yL4THQLYDhhfEJVpJKVO1
+oCLdCzD9Lt1A10siesKHvqiIokuaGz+iZitY6lIiIgtFp4W1u+L+bbZd3JRddpuQ
+xZFtwW5SCf7tb1zUx9bcFxQDlm64+dLtklxdTbN5uLc2HcF22YPyip2qmmhxnkX2
+VE16SALv++CqVhHL4a7q2ZoWbteddRvvu0KTdVXkzTJPni1GikR0UexaL9mxodLY
+ctNrxvi1vnv0bH54VKRwDFJD6cG6poMjrbmZvr/8q/33o62qU4+lSyKkl5iqwqXr
+CwW98+USoQ3Zh7jYNtou+/8HShpqiDEO8sR0Z/8DUscxs8e88ZXIE5q2jfglP2qx
+gshFKUEEF1dwP/0rzVDZIKBOqTG5fDvBeKM+38ZELt/EiD+FbIIkV7ZX3MlHa8np
+zQXYZqD15Ns3Sl5lbO5KgCgGLvHq9QAcFb2GenJWX+18j9nrT5A7kaZpk6/nRQn/
+rPCORm/Xz5Sd3rNlI3MrqtP+hqEECUYm9KrnYUrjtfeRGoftQrMTHLiL3ryDrowv
+XyPjVKjSlVBKAbFCvqYqeBq6VMDWaPtu/kRlBZ5NqKGXu+PcEcbzlHfp3KwTsvJY
+qxh+atDb68RMAooTkXRs9zDEJOcSsGeozSYpKuypBrJiQ4K7l3qxeo3flAjUbGYI
+zSCVY2PqvAktHoqe/tUzPiUfDoVJ/ohxKw8oAPjy0+1czV0k4vGBs3gEj6lfqBGY
+6oaMtOaTwcYJJWAklH1S55JC09pNvsy04wtRSH//AvVrAwbPrVKXyIfg7pborWX5
+AZw6/ccYszPbASmLlSFQRBkoF4JrxIXMsG/M0WqMHETjdFVT0rYJ6WVZcTlb9Rk9
+AfoNifeMS6cBJXszAAV8wCdA0gI2s6AuGEInFbuuIezNg8KqJ/hsiLYSxGJfSLs2
+4Mu+48vY1JrvbyBZ5fbs4A35jZ4RmrqjkaiVgArgWxcarJcrOiqgxzJPv22l2Xqc
+UntQ9MmeZrSGx2Zp83CdcYt63H5UX1pxt9annguYaVFyZ8P1S7/QtWWauUTHyxpn
+sdwQWXHTNKcn1D+xqtdRDZkTnkcbHLZYJxN38UfAUL+yG8TsSE4YL3i3zlmI+T+q
+Z7rRddx7jrZAXYpWOVQF62kpV5Uolw7ycYUawjKD3zzy/hn5O0ZxTrwlRH7ikHP2
+7OSUW4TIgoCDr16brTvxMWq9W/JuwC6atjQhOE7DcVKtl59lszihZTabrMbFV30f
+eaHvamBqZaEK65vRuVeJeG4diEysTam2PJA4905Ji/6oRj1VtvrnwoW19x5WH61J
+23+CvEj/cJDrzUtX5sEDuvj0U2drmlDjauuoR6OZJfrB/gzrq+s3pvT98g8loCML
+yMDrZBPtFm4o5UkgJMXCjUKQNtHVbq+t2wOJZWpLPRDoQnM4VsZn/Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17.pem
deleted file mode 100644
index c20945cd91..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17.pem
+++ /dev/null
@@ -1,146 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlySomeReasons CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTb25seVNvbWVS
-ZWFzb25zIENBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxjus5muZnJK+
-vbTiSr7l+wNZkm4bBceUnfDkXaEsbIwJRhzBb2TVPT0Do+y3R/r9DGfLYXxCHohP
-OsEkgaaxsJcVNb560ICl7I/WjFftw3D82YeCiqtUageZZbHBGBpb/utZyPdGLoc+
-F6OmUprS/F3KhP6SSVq5/tN8vYA7dqsCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFKqh79hc2DiyM4fnkx5FQRjQinuN
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAn3+Yq1ETHIYeBdtTuzCeQHWWo
-VC03XoW3PZMLAKJZof8WbYui9I0Mz8eF7Ae1tgk4luOkc+1VEuf9Yj1R3/DnrFYR
-Ws6bImkBgnSYYiUSo1GuqCC6L3FuD7KLs7vaCp+9EfS0igqOXxJwEESXgJixsOkz
-/lp/IH1QU84Vh6fKlw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test17
-issuer=/C=US/O=Test Certificates/CN=onlySomeReasons CA2
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVh
-c29ucyBDQTIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu
-dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QxNzCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAr8VCnAdQKISRnLmjaXbkkMYcS02qC5Mj
-4f2jw/FDEJKBWKopXex3k9qR+Dvaz6yGEJoi2wj1sUo8xdChVd1XbjGEYxwkaqpe
-cOPYjHlvVF43YGWYhqWOtohBZfIT5uJi0rxZNApuHARfo6UGBaceSk/DUFbos1ag
-lCxoF4pf+5cCAwEAAaNrMGkwHwYDVR0jBBgwFoAUqqHv2FzYOLIzh+eTHkVBGNCK
-e40wHQYDVR0OBBYEFK5QFuk+bZ4HFuTJCRy2qPFS7YZ6MA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAOShO
-p8bEYTzkGWyiUXPs0fZAQzFbgCpN3Q+ky2VZblbIuJTOToG/UiyIQ2FNCq53oBYe
-ZYiuewxa/WWDunOwx7LwPtcksOo3M5BzFmZEqTKALQryiXj9X3ob3tZJFTpAs+X2
-joJ0q+U06GYvbXscfXdm8nvBNA+r5BczWTlAG/4=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:A1:EF:D8:5C:D8:38:B2:33:87:E7:93:1E:45:41:18:D0:8A:7B:8D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0.....
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        38:01:7c:3a:47:fa:d7:7a:f9:a0:3c:17:f8:db:94:e7:1d:a0:
-        fa:47:07:6b:ae:03:68:f4:f8:b4:4c:7b:70:a5:0b:5f:92:8c:
-        b8:c3:32:e9:55:34:38:53:61:ba:d9:3d:dc:8f:39:45:dc:51:
-        5c:ab:7b:67:80:47:b8:60:6c:88:4b:1a:8a:57:fd:73:69:0a:
-        ff:2d:c3:23:8a:62:ea:31:c3:4a:07:3b:8b:89:a6:dd:4e:e8:
-        8b:99:67:71:62:92:db:40:1e:af:e0:b4:e1:09:62:1d:42:69:
-        b6:45:64:d8:94:4f:30:40:43:e9:38:3a:59:29:6d:0f:8d:72:
-        0d:8c
------BEGIN X509 CRL-----
-MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD
-QTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgQTA/MB8GA1UdIwQYMBaA
-FKqh79hc2DiyM4fnkx5FQRjQinuNMAoGA1UdFAQDAgEBMBAGA1UdHAEB/wQGMASD
-AgEGMA0GCSqGSIb3DQEBBQUAA4GBADgBfDpH+td6+aA8F/jblOcdoPpHB2uuA2j0
-+LRMe3ClC1+SjLjDMulVNDhTYbrZPdyPOUXcUVyre2eAR7hgbIhLGopX/XNpCv8t
-wyOKYuoxw0oHO4uJpt1O6IuZZ3FikttAHq/gtOEJYh1CabZFZNiUTzBAQ+k4Olkp
-bQ+Ncg2M
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlySomeReasons CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:A1:EF:D8:5C:D8:38:B2:33:87:E7:93:1E:45:41:18:D0:8A:7B:8D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0.....
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0e:a8:95:98:a1:9d:34:e4:fd:7f:b4:bf:94:48:d5:42:03:a5:
-        cc:e1:85:55:65:15:c2:e7:cb:33:a1:fd:d8:cd:12:04:92:50:
-        cb:bf:ea:6c:e2:ae:bc:55:48:cf:4a:29:61:6b:42:00:4c:08:
-        35:f6:49:30:e7:37:94:a7:38:bc:bb:3c:8c:c3:11:ea:11:f3:
-        0e:bd:9f:8f:a0:32:a2:b9:8a:03:cf:6c:eb:75:d7:5d:5f:f1:
-        fe:97:f7:d8:33:e8:9d:9e:21:b6:8e:ba:2a:63:c1:0c:57:64:
-        dd:90:98:34:4f:db:a1:d1:11:0e:77:13:87:f4:b0:61:c1:36:
-        1f:c8
------BEGIN X509 CRL-----
-MIIBUjCBvAIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE29ubHlTb21lUmVhc29ucyBD
-QTIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgQTA/MB8GA1UdIwQYMBaA
-FKqh79hc2DiyM4fnkx5FQRjQinuNMAoGA1UdFAQDAgEBMBAGA1UdHAEB/wQGMASD
-AgMYMA0GCSqGSIb3DQEBBQUAA4GBAA6olZihnTTk/X+0v5RI1UIDpczhhVVlFcLn
-yzOh/djNEgSSUMu/6mzirrxVSM9KKWFrQgBMCDX2STDnN5SnOLy7PIzDEeoR8w69
-n4+gMqK5igPPbOt1111f8f6X99gz6J2eIbaOuipjwQxXZN2QmDRP26HREQ53E4f0
-sGHBNh/I
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17EE.pem
new file mode 100644
index 0000000000..c8452ff291
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest17EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 93 C2 7F 92 78 A5 D0 5C 78 50 72 A5 F6 62 FD 93 CA EF 6B D8 
+    friendlyName: Invalid onlySomeReasons Test17 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlySomeReasons EE Certificate Test17
+issuer=/C=US/O=Test Certificates 2011/CN=onlySomeReasons CA2
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UEAxMTb25seVNv
+bWVSZWFzb25zIENBMjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGYx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTYw
+NAYDVQQDEy1JbnZhbGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MTcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdyWxytNcj3eU+
+PWXaYyWOlUWPg260Q+7EygIhIMtLWwazFS1aJlH2AYPhjpz2u439OI1iijK/koDI
+oxH9CiCJPRWL+IwKA0YKgfxrcFy+g98ZcMiuIPvO8aYVIX61oaCWt2megEMv+iaT
+EiCd7FY7wtY2hFNYnsxaWzVnFw4uvWBJRtq01eyseDnbZwBkYprLZBruZ2NUuFmr
+Q3UGTZUyIDbJLGDcXI18oPcVRZCy/H0nZ74G2Tlp1lXedwmq+/bS/4dJ+mi/Pp1/
+oKJRmK68qws5/5CSrZdTTxij6Y4X71YjTAxT7nncv90Y74kp7r9kXBzE5AmRngCH
+JYeWOm+XAgMBAAGjazBpMB8GA1UdIwQYMBaAFGBj39IjpCnWQaSsyoZ5mKZlAUiu
+MB0GA1UdDgQWBBRzj0ftEusY+0fq1BL8qXXHBtuKYzAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAZ2lOz
+SmjaLWMxDGxzcQ4GFP3G6AmmmvZ1sVAnx4sOR+felUoU2Y5rSdP04zN5loCrY+gM
+vP4YIbgHGqvoapdvTLTwVCjxXKIt49fYBiT8u7KErvtgyFC4HMh98SlPjbVLPwFH
+NPfcx2CtdiVaMFpw4k0MFwhSWfLyEqHzYG9qVJUZ2FdlgJ7/fjM+Xw8+OyN6z5ey
+Z5HVIdS1aFHcR6Je08WL63GQGz4DmpASlMMtuQCgNz/kESJlXhD+4kwchA8v3xc7
+NtXeGL/qF/J7EQmH1JwGytg1n6WUWUmOakv3F7pL6Xj4Ivf9OOKFI4FpdeYBzuQw
+TTaBNhknlz9zwf1Q
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 93 C2 7F 92 78 A5 D0 5C 78 50 72 A5 F6 62 FD 93 CA EF 6B D8 
+    friendlyName: Invalid onlySomeReasons Test17 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,26B819BA3A805333
+
+e62CbjykF8e9NCDf3Zq9VJMGKdo6vwbHCy4HNfbIGUAzUbLkYw94cI1fEuD9BapB
+gaazv0Bss+FlieKLqqv4Euv+t8+dOjX5zorXZTIaHjz5ABLbPSpvPyBuThgQGLQH
+dzY45kBRU7S14lM27R5ZhSVVljb8c1afY24B8r9YAavWInPGMMCNs0/GRSzk/YLK
+Cx27HunJgnkssgvS8TMyQKjd4Hth+tjvb23JRCspAY/dP/cWDUUTBpRnc50aztQn
+4OXS8XE6inkpKhT/sg6B4jlOoW3xdLiis7lS/pRZKqT2Sqcum+FTeXtl4Li9/h9P
+93mg+7Fnv+YdFKjlZYgWkqRui920SRBWTZb7yynjCqRvA8GRRcz/MLMqc2xCyvXQ
+Y/pcCR/N+uFu5ZAon7f3qQ7ZZgKJ1zYRPg21WoWwWpPCbL5zI3+5m5+ERAGQIGHG
+wv4044esRpxbZRCzCWvWCwYObY42dXoDWuhHN/Pk47wc9dxu6118rrE9H1g4fqRy
+Hoi1mARNWWTcpSJWKaph9St5M7JLzkOA8Oen6oSMoXXBnN1CiFSofoI0ibymM1NI
+1MTVda9DabToMpV365yvR7Jb1CR74jhtHN8EzV66zdz2jQUJ+32OA+TKAxqZRPlR
+B/1NK0L4ZL/t18DpUf2l7aw7jaM25iviwJRkEZ0BWMNc70E43Qsza4I1YJrw9pk7
+njTYse901rURDB7++ptOntB7n85wi4wbgpEAXxnRlApzyRKwqdjkWamT5n7MSwAo
+eKO3XU8OJAZKlsQn7oraRY5yzsr188k0G6qoicXfOf8oGpQZZ+WE+3MNJk1QYxNX
+eTyu6xNiGfM9ZPBSM5tvstjd0vOl4USaPAYEpWOPT4oEHjVWrVX/RwmbHr8yFJZc
+9GgVjwAbE7eMo8+yd6mDmQND9QS7qkn7ciMt9FyW10U3eWj9zTGTl5xUx10ocFVn
+RcXvVEBvKZlWSVYXHZjN0F1X7e6HRzlaYt8LG0F0GFub++WBoDjYxATiTF+vH3wH
+9NWB8WPVgNwcoJHpg8vaUkf7LDB4HU2dqUwfzTGszd7PctTafbvAlR0OjW3tGUXr
+E3EdckoFmwsBepsWZ38oLId44n+jJEfYTL4/1AaQcvoIj1SAoqHkU98+vckhU9+1
+1vP3h7/UNGA5HJH/SvNlp0V2wrv8b5SYZmNYcjQZvScurMXLHNibSfTUWo4CZK2w
+cn9qLSCtgHWeLrI41Fb+GzgHZrhUYtkPDHUa3UkEKameaSuP8kq0Zw3Y/76OST4R
+fDqxsjEayJfJ18vEArTXj2+/lVKasMt9Sz3O7ZZzc/safPf2jimCp3D87x41v8YE
+X7LzfKrymF7sNayxG2QhXZITvE0Y1cVHcBBiVdLmWXtyJmOlQF+yxfwltKfETa2z
+6rbKTMHwl5N7oRDCVhASsfWHFHLXb25AZVzApqmSk+dsc4LSzPxnEudj0VrIR+pL
+OlIfv9UdUnTWYIU5f9pryJ9sP6jubJ4LhC9/0RlbYIv8JY8s/jLv3fS92VWIZMn0
+b8GNIIM/Z5IzP5dkfB06grHR2gqrmlH76/kuCkA9/a+VJRSwaTrGghTYJUDlwX0l
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20.pem
deleted file mode 100644
index 91c6b1fb56..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UECxMTb25seVNvbWVS
-ZWFzb25zIENBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApawx8YRMPlMQ
-024rS3sld90L6veeiaILQ6LHaLsGJq3VdzR86qrSqOOIC4riSla8gYRwgMxS4ex2
-wjXsRFQbvsG09PcFyRJKJ0NLsY8FiVdShUDwLEohR/cdfL4Z+iCgZdY4iMaILI8a
-MHiBRffd7isOjbgUd8JKQ6DM4ercJksCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFD++QPH3awL7sFnDAKRa4JdUCOkZ
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAzmsqTCqqsyknqgNHYbj4aH461
-hKTEkZRpMSUHjJwKJWFK4fzqdC8DDlCw9rfmNld7RwxcC3/o0J5v3T4KG3C4s9Rr
-eVSmm4Kwvgjmj0tsm0TQbG+B4uLqaFAAmlBTZPYl9ABodUKUP2eKcAL7f98INanN
-/veMciSwQ7N4Ku7Zjw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test20
-issuer=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
------BEGIN CERTIFICATE-----
-MIIDZDCCAs2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAsTE29ubHlTb21lUmVh
-c29ucyBDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu
-dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QyMDCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo/2deWn2P1temSytp9fRh3t+UZIp62k5
-iNe1RKLHz08HxSTMrPeCRNnJFp5opbLpQEsUk8xludZeIcWGyLtBTN5w46xk04gh
-1Px8Z2+/mnT/ngizwoMvKZf1dqA1/IYacDNHoZB8wlR7iMEa3scvBmFE/B/Ieudc
-hxnOxEhEprUCAwEAAaOCAUQwggFAMB8GA1UdIwQYMBaAFD++QPH3awL7sFnDAKRa
-4JdUCOkZMB0GA1UdDgQWBBT9Hi+HZ9Okq+jLk3TXM424X5IyqzAOBgNVHQ8BAf8E
-BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIHUBgNVHR8EgcwwgckwYqBc
-oFqkWDBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-HDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNVBAMTBENSTDGBAgVg
-MGOgXKBapFgwVjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwy
-gQMHn4AwDQYJKoZIhvcNAQEFBQADgYEAEyLMappHZG7NaHTIJRCcyylzQD0od1Bi
-cIsRgkSX4W6BWas7pnbYsIaBtY7SX6PU8lcrIBdjUlKUmzZP+0f08ptO5a4ZPaY3
-mJ7GjPUXPN8T/P8cfpU5A3AlaLam894aWe2vJuwmNlrEs6I0mP20WbXkYjmg2qzP
-joyjMV62Zb4=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0b.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL1...`
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:c9:cf:ae:6b:51:3a:d8:ee:4f:85:3b:a7:18:30:00:6c:cd:
-        0f:1a:59:06:50:fd:75:49:44:9a:af:71:a5:74:ca:25:02:e1:
-        fe:c2:0b:15:f4:db:0a:8c:7f:ca:9b:de:cd:bf:1a:2d:3e:10:
-        1a:a9:4a:9b:a9:64:75:01:1c:dc:26:b2:f6:ab:2f:d2:7b:3d:
-        01:f6:fb:64:a4:c8:53:65:b2:80:5a:1d:22:e7:3b:9c:12:92:
-        96:01:0d:74:83:d2:72:c3:a6:34:cb:54:bc:75:c4:34:12:c1:
-        4e:40:2e:e1:28:d7:ea:6d:c1:9a:4b:80:dc:2d:7c:7c:a5:a7:
-        28:75
------BEGIN X509 CRL-----
-MIIB1zCCAUACAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIGgMIGdMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG4GA1UdHAEB/wRkMGKgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgwIFYDANBgkqhkiG
-9w0BAQUFAAOBgQAMyc+ua1E62O5PhTunGDAAbM0PGlkGUP11SUSar3GldMolAuH+
-wgsV9NsKjH/Km97NvxotPhAaqUqbqWR1ARzcJrL2qy/Sez0B9vtkpMhTZbKAWh0i
-5zucEpKWAQ10g9Jyw6Y0y1S8dcQ0EsFOQC7hKNfqbcGaS4DcLXx8pacodQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0c.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL2.....
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Affiliation Changed
-    Signature Algorithm: sha1WithRSAEncryption
-        3d:11:d9:b5:4a:98:2e:f6:01:84:ec:e5:d7:d5:20:45:06:18:
-        19:5e:18:1b:89:27:c3:fc:7a:ea:a7:3e:3d:bc:ff:26:f1:69:
-        90:73:a1:2f:d6:0e:82:36:1b:f7:98:7d:26:2f:07:86:05:58:
-        b4:5f:ce:84:6d:ef:4a:51:e8:40:4a:51:b2:57:46:b6:76:e1:
-        8f:0e:b8:03:16:88:72:c3:88:74:74:76:38:1d:44:87:88:c2:
-        a5:ce:34:cb:a9:bf:a1:6f:e9:96:e3:a7:ab:3f:be:a5:60:b2:
-        4b:e2:bb:f8:1b:84:4e:eb:69:ae:01:f2:5a:e9:78:9d:ac:38:
-        45:4d
------BEGIN X509 CRL-----
-MIIB2DCCAUECAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAxcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEDoIGhMIGeMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG8GA1UdHAEB/wRlMGOgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwygwMHn4AwDQYJKoZI
-hvcNAQEFBQADgYEAPRHZtUqYLvYBhOzl19UgRQYYGV4YG4knw/x66qc+Pbz/JvFp
-kHOhL9YOgjYb95h9Ji8HhgVYtF/OhG3vSlHoQEpRsldGtnbhjw64AxaIcsOIdHR2
-OB1Eh4jCpc40y6m/oW/pluOnqz++pWCyS+K7+BuETutprgHyWul4naw4RU0=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20EE.pem
new file mode 100644
index 0000000000..b290e103b2
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest20EE.pem
@@ -0,0 +1,66 @@
+Bag Attributes
+    localKeyID: D3 C5 3E C8 EF 55 F3 CD 93 1A 83 A1 DA FA E6 40 04 A0 52 2B 
+    friendlyName: Invalid onlySomeReasons Test20 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlySomeReasons EE Certificate Test20
+issuer=/C=US/O=Test Certificates 2011/OU=onlySomeReasons CA4
+-----BEGIN CERTIFICATE-----
+MIIEfTCCA2WgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UECxMTb25seVNv
+bWVSZWFzb25zIENBNDAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGYx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTYw
+NAYDVQQDEy1JbnZhbGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MjAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiRMsPRNlOugMy
+cCBZrkN/m6EPMxUK2+PNt+QSx4QWPS3OlSLxzUhhD6yc+zMeMyluGW0rTvlaiFeG
+/6zZKonarHmHwwqc142IFGSZU9WFT08sZ/w/j80GROqxD/Jtn1IREh62S8KeWJMg
+1zxPgJYXS4CzI+MGs0B0J9aSAngRlca6nGN2a8VoQP0vdw68Ndty5R6+/eTHjY0K
+av6WdqC2C6sJVTXuL/5gTewVfVsGd/jKWsVdS4l0gIMSyfB0XxuCUzOhLgiKJ8BL
+eWjanMWO5QhmFbfe3HhMzJAS6K3FL2uLc5V7cFElCoJpnXVqld+zqcVCoBsUcDx/
+NJOG7aT9AgMBAAGjggFOMIIBSjAfBgNVHSMEGDAWgBS+ZtweDAY79tOINJFTJoEN
+aBduyTAdBgNVHQ4EFgQUGACS0xeS/VfcsU8QUHe/mKls0JEwDgYDVR0PAQH/BAQD
+AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCB3gYDVR0fBIHWMIHTMGegYaBf
+pF0wWzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExHDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNVBAMTBENSTDGB
+AgVgMGigYaBfpF0wWzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExHDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNV
+BAMTBENSTDKBAwefgDANBgkqhkiG9w0BAQsFAAOCAQEAlo+iWYN5GvvLUmNv/OOK
+T5LL4QSHSsEsRdsq5ZJsM53pqDVm0/DtGncdiknY450Gf0194CTntp19YXmOOWWe
+FTr90lahPlXb60lRMngOFTpusFymkxhfwqVukhu6wGrq7B56lozEziFc4TB+HLX2
+z4I+n88inNtPN6diUh8ga4PGtqAJoHUYPRwPFRTw+wi4NlHSQZggGKEpNHHkj7yD
+hJtgv3QYSTHvolbYx9Yp4u1RpFX0qEK0koIHVgHGEFxNMLcMScPrmfA1R0zrcRAT
+PSu6f8jlT9RA+Z3InPSQg4FBrUzt5BLORt54CCpHWu/I6DDfoBHrsLiyRFvQiENm
+qA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D3 C5 3E C8 EF 55 F3 CD 93 1A 83 A1 DA FA E6 40 04 A0 52 2B 
+    friendlyName: Invalid onlySomeReasons Test20 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,936BF71DC9DBD730
+
+5tsLFC8puE+be9YJclRpByPGMUuvjdyd3zuCN63T6QCm9KH+ZVw0oaT1RVKg+Q1R
+w4ejiaqjxXJtsTu5cig5LMJvRzA1/9EB6b0Oa91SibME3AK3l1i0GoA274KQZ/J0
+FcEgMNTcFN2yyfL0uVW+aAZLYnQ36tLp6Z0pHQay6bfgpahDpRA/BpHoyYhxnqoU
+GeArspTdLdhy4f7+HBSVkMnEET9pBtOYXywOfjsj3aWKLy3Y9Tz+LVH7Ezi631Em
+x1/fauHxQxNXIP2eaV6Y3g+YaAIVGe83014V2KSH22YT2rHeO1OOyt/Vfss5dsfH
+D2wFvpB6/c4jBGHL3wGW0dIl6LJSSVSOXx+P4s1hi2otksacO851HNctZicv6s3O
+1b4V7KuTlSO85milbMl/XCjMvQ/lj0ZN41/FPwFLokcV5VDFLmRYRpM8X/FHa8na
+1AikczhWU0LlhH65JLYA4erQLsnehf2zyZS7L77MpZPZHRAoVYTAggHRUE0h9D7m
+qNNYqtdHvjxNyv090Iv+qs3HRhc+YWpLQGlBRDeCeiDSweSlKv2MIVXv9jRAQvtV
+IQuBfpzjrBlwU0OGnTR/LfRCZqEqoJxnnuVwuVuxgaO+zFY4HeEHAm3P6jPX5BHC
+Wbnhly5yne3lZQNcklLXu7W7lqW0SjT3lOiJmZoWqQsPmOBaWu77Q1DRr/NwnA7n
+lD+jZ4MioZcOkI/WKOkeKnFMwRfceEo8HaHYxfWPtm0MpC5TDD6CjSc34w3xLZ31
+83HfUlLeZdbkJ680SecLm2A918lob8sZjSOZAjx1ZoJQeaTVhm5mLTAhAAWE9K8Q
+KBo/exosNh9b8mjtxe5QG3puXd+p2almF1w+Xa0URiAzWFo5rDfHE4pURbYWUs6d
+m9telasFGEikjJkJBnvKz5wPRIjWGNbOzg2oTU42wyZpCwpqiKNAZ4hi1j/nUGlF
+nX4Ku7fKLebD/vvoJN5z/kFz9zpxa8/ygq4OR3IooOBHP75fcVYQeIDa8zRUYu2g
+M8v6vydKgSKBS53zC9hGVxSmg0EeI86XzJVGFaxMArkkybs2Qcm4VpaTtRsRWc//
+tjHePHUzEjgeI6eN7sDlTNY0euzRrrTEUXBPIrLbhUDrAQO0Agnt0ibqND0T/BGp
+8YN8v2fjgI0mvAlh82hn/oFC4b1d+NqEbZyUL+bcLuf8kPYSq8UYYpdE8npW0TZS
+sIA0eTGWLT0apKBcRIBT+fuhvn3F6sqagL2d4SQBLWelt5bImOf48PWBDocngY4U
+MdenQAGxGPc14yPBx9NigcLj7kfXywcnZYNum9NbUgTITIlkXsTS+Y9AI2TNGPvy
+/KCZSoXDX/aoNWuhIa5FCGjJ3tAnHBSCFOxwLYTpsVV3xu7aCB622strxP0XzYNf
+C05Fr6LAsZckRyp6lcrPNeWksh1TPIVxZuQgbTaiGfqbMa5WqsMezWkRWhd55R53
+EBl/g52D2v8DAucROQcja72O6GYq1QNRLFhUUR/IRn1ZhrkdosgKWt/wWvNEoflB
+edxk1kI4xNxRI7Xiabc0DC/V8wc1ot/daAeO+lMfBAXpgxMjwGjTLCBlLDgrsz05
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21.pem
deleted file mode 100644
index 07b5c9b27a..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UECxMTb25seVNvbWVS
-ZWFzb25zIENBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApawx8YRMPlMQ
-024rS3sld90L6veeiaILQ6LHaLsGJq3VdzR86qrSqOOIC4riSla8gYRwgMxS4ex2
-wjXsRFQbvsG09PcFyRJKJ0NLsY8FiVdShUDwLEohR/cdfL4Z+iCgZdY4iMaILI8a
-MHiBRffd7isOjbgUd8JKQ6DM4ercJksCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFD++QPH3awL7sFnDAKRa4JdUCOkZ
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAzmsqTCqqsyknqgNHYbj4aH461
-hKTEkZRpMSUHjJwKJWFK4fzqdC8DDlCw9rfmNld7RwxcC3/o0J5v3T4KG3C4s9Rr
-eVSmm4Kwvgjmj0tsm0TQbG+B4uLqaFAAmlBTZPYl9ABodUKUP2eKcAL7f98INanN
-/veMciSwQ7N4Ku7Zjw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid onlySomeReasons EE Certificate Test21
-issuer=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
------BEGIN CERTIFICATE-----
-MIIDZDCCAs2gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAsTE29ubHlTb21lUmVh
-c29ucyBDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBhMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNjA0BgNVBAMTLUlu
-dmFsaWQgb25seVNvbWVSZWFzb25zIEVFIENlcnRpZmljYXRlIFRlc3QyMTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzgd55Gu4oIU3A4rk6mO8UVYckksUPNUx
-c+r5iyehCTZg5HpsL0JSKVXAlRwGm5Q7YtHJE+teXB2BM0iMSAIZGNX8fktIN8nK
-Lrw3CHA+5ZySf38wiaNzTgw3V7UTBQ01sd50PWuvL+jOm+AcaCMvdcqFJBP0yhCS
-nkdd2MUeY1MCAwEAAaOCAUQwggFAMB8GA1UdIwQYMBaAFD++QPH3awL7sFnDAKRa
-4JdUCOkZMB0GA1UdDgQWBBT41fIkHaXWHPGTFvG2DPuOcjtPXDAOBgNVHQ8BAf8E
-BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIHUBgNVHR8EgcwwgckwYqBc
-oFqkWDBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-HDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNVBAMTBENSTDGBAgVg
-MGOgXKBapFgwVjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwy
-gQMHn4AwDQYJKoZIhvcNAQEFBQADgYEANlJq9PF7a+NShO7uJTf788sIG++L3xeT
-OiO5bnuAe91jbQN8l4j+dHxDiT4CdVBdlUPwlENF5rtuKsjSn6baeKMwAo5A6ji0
-7YObkqeg6Be0P6fIKT29KyT17o0bXi7rRTK6PqODvOePJ/kf+x5pMpQrHEutym09
-VmHbVhUkHEA=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0b.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL1...`
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:c9:cf:ae:6b:51:3a:d8:ee:4f:85:3b:a7:18:30:00:6c:cd:
-        0f:1a:59:06:50:fd:75:49:44:9a:af:71:a5:74:ca:25:02:e1:
-        fe:c2:0b:15:f4:db:0a:8c:7f:ca:9b:de:cd:bf:1a:2d:3e:10:
-        1a:a9:4a:9b:a9:64:75:01:1c:dc:26:b2:f6:ab:2f:d2:7b:3d:
-        01:f6:fb:64:a4:c8:53:65:b2:80:5a:1d:22:e7:3b:9c:12:92:
-        96:01:0d:74:83:d2:72:c3:a6:34:cb:54:bc:75:c4:34:12:c1:
-        4e:40:2e:e1:28:d7:ea:6d:c1:9a:4b:80:dc:2d:7c:7c:a5:a7:
-        28:75
------BEGIN X509 CRL-----
-MIIB1zCCAUACAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIGgMIGdMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG4GA1UdHAEB/wRkMGKgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgwIFYDANBgkqhkiG
-9w0BAQUFAAOBgQAMyc+ua1E62O5PhTunGDAAbM0PGlkGUP11SUSar3GldMolAuH+
-wgsV9NsKjH/Km97NvxotPhAaqUqbqWR1ARzcJrL2qy/Sez0B9vtkpMhTZbKAWh0i
-5zucEpKWAQ10g9Jyw6Y0y1S8dcQ0EsFOQC7hKNfqbcGaS4DcLXx8pacodQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0c.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL2.....
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Affiliation Changed
-    Signature Algorithm: sha1WithRSAEncryption
-        3d:11:d9:b5:4a:98:2e:f6:01:84:ec:e5:d7:d5:20:45:06:18:
-        19:5e:18:1b:89:27:c3:fc:7a:ea:a7:3e:3d:bc:ff:26:f1:69:
-        90:73:a1:2f:d6:0e:82:36:1b:f7:98:7d:26:2f:07:86:05:58:
-        b4:5f:ce:84:6d:ef:4a:51:e8:40:4a:51:b2:57:46:b6:76:e1:
-        8f:0e:b8:03:16:88:72:c3:88:74:74:76:38:1d:44:87:88:c2:
-        a5:ce:34:cb:a9:bf:a1:6f:e9:96:e3:a7:ab:3f:be:a5:60:b2:
-        4b:e2:bb:f8:1b:84:4e:eb:69:ae:01:f2:5a:e9:78:9d:ac:38:
-        45:4d
------BEGIN X509 CRL-----
-MIIB2DCCAUECAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAxcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEDoIGhMIGeMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG8GA1UdHAEB/wRlMGOgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwygwMHn4AwDQYJKoZI
-hvcNAQEFBQADgYEAPRHZtUqYLvYBhOzl19UgRQYYGV4YG4knw/x66qc+Pbz/JvFp
-kHOhL9YOgjYb95h9Ji8HhgVYtF/OhG3vSlHoQEpRsldGtnbhjw64AxaIcsOIdHR2
-OB1Eh4jCpc40y6m/oW/pluOnqz++pWCyS+K7+BuETutprgHyWul4naw4RU0=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21EE.pem
new file mode 100644
index 0000000000..0e0fa5d206
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidonlySomeReasonsTest21EE.pem
@@ -0,0 +1,66 @@
+Bag Attributes
+    localKeyID: A4 66 39 01 86 64 7F DC CC F1 85 53 E8 29 9E 2A 83 BC 7E A9 
+    friendlyName: Invalid onlySomeReasons Test21 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid onlySomeReasons EE Certificate Test21
+issuer=/C=US/O=Test Certificates 2011/OU=onlySomeReasons CA4
+-----BEGIN CERTIFICATE-----
+MIIEfTCCA2WgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UECxMTb25seVNv
+bWVSZWFzb25zIENBNDAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGYx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTYw
+NAYDVQQDEy1JbnZhbGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDorS+B8w/Omx4m
+EBUTz7QShkAsc2IODZ7s92lMmuyrwsunqvs4+eECVas4ESRfTfQ02x9wV8GnX51y
+ftm+/CZfpw3Ly7KGWKKy8+Hhb3vgoXM6GJLpkeI4GpipGl8bWrk3vJio0GbvQ+hD
+TxCoVolLgg3oCS6B0Wc8sc+90BQuPWEGYJrF9hoAICWifdEcUgFoYMYo26T2f9UT
+Mh2uipdxxgoTl6AMb4GlFYAIuzo4nnHL2C7q4DEnGX9eHCl9EJvyxhXMf/FDYMxz
+NxkE00KphWnRYnCczcnRb5kNfGD0VeEa6Qf/gLKpQ88zlaIpdGl1HeVuW2qRLJE7
+s2SetEYpAgMBAAGjggFOMIIBSjAfBgNVHSMEGDAWgBS+ZtweDAY79tOINJFTJoEN
+aBduyTAdBgNVHQ4EFgQUJzdl7+nc9pHBPeuaqXr8BGm6JRowDgYDVR0PAQH/BAQD
+AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCB3gYDVR0fBIHWMIHTMGegYaBf
+pF0wWzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExHDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNVBAMTBENSTDGB
+AgVgMGigYaBfpF0wWzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExHDAaBgNVBAsTE29ubHlTb21lUmVhc29ucyBDQTQxDTALBgNV
+BAMTBENSTDKBAwefgDANBgkqhkiG9w0BAQsFAAOCAQEALZ6z/4QBq+fcjAsk42c4
+f/6/CitFWZY+db1jZuyjnhZcUyNqZXWczjEaIfwUeEcxPHIzthqyn+6Hw+QoY2Af
+bcvePuof71KqTwlyNvS95ggqzIDvB5JfUYYoqLX3uGsHIY8qRg91QIhwvHRv/Y7H
+EC10wckgUqUGPEvVfvX5h0FJVvedXM27SbhkfOhxufcLFnzO9a5+Hn+s/KDxPgBD
+QXxGz+uQk+h5dvanVXXVNjwQxwIKAz8SSnzob1XTiZShrhkKd0qBq3yYv/98/prM
+DH6Z4IWT5w3xpaHpmgtUNcteCXutoDAts1AMilmDV7cHLU3Pjp/zPdHAKAz0aeky
+4Q==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A4 66 39 01 86 64 7F DC CC F1 85 53 E8 29 9E 2A 83 BC 7E A9 
+    friendlyName: Invalid onlySomeReasons Test21 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0A28CE1427426524
+
+8v0WCIu3uMxm+zbaXC1cKoL4XunvJPSAed4XjMX9L1mHli9XxExo0xdaNuSAAfZq
+6B/twZt1FFO3uVfOBMjTupUFIXDRiJ4DMpWsliN1XXzotdsW9f/brWHbb6QZM34D
+LPYhxd7m2wzRyA7O8OWOAFKSnZMUeH69RdTFQD02EYxhhV+sHOr55K8Bf12rtySj
+09iwMCgOBOhCZ2/cyT2AyN4sPaVpgkPX9ndlcqzhAaH2ExIpeBzdRj63rWV8mZh/
+q2K4bWV1RXO79vuJRZuA6nsdynCP8j04wqEFXh5pKbbVnEOUBkeE9I9xih2YB6H2
+dZSnKqAPXRTyKu0QyiY9orM6bDtpGE8lp7f243zdIb9boYBy7yfOc7KI0J1Tt6jN
+zVM7SsltNUAS0MQ7NR4cyH+C+mDL0FGN8U9K6CUmb9fkDpFwfDTiFpJ4O4z3Q27M
+rNgE5393wU/DoWwNzi1Q43+46nrRBtD8x1az63xEvDzlRxd/JY1QXRKGVnpA6mPl
+JyjL6BdwOvySRNDwS+gvU8v50W8HDpTMPIWxrkL+hGFFBHKyK/EErVxpWb+a1pio
+hY28vhs2yk9TTI93gqNGDe+VBduLs0KnTxeWNI67/ML8ATftYN73A+TExGAs2Xis
+ahCV1vNv3kKWOq0tgeqGCmaL3umpsPAb8sPE51UULc0W5Kj9OJ+qTsOS6pRE0+KA
+RzhKfrLe3Fr/JBY2zONyroxcfzSW1qUamTgCh7EhbTHUq5INWTx3vaKOqeI9N49i
+wM24/ZGDULF6yckVHKbDVx8gOrame2DAOMivmglQ4ZiQ5Sr6cAfM1KZ5offji0td
+CyRS20Ou5dukqI3sbSMV+W5Vl5giAC0s6ICRjvZE8ECg3I02KZ2JvBBI14XEJbtH
+Dqb0cQsahHh0vxtkZA81J4b6hF5RjaWbwrJP7Jo9bEjhgS8335C3/kAqYkAgXEPO
+a3/esjyuzH6IM8OGjsieFbkto/WTl992ERDj885Gm1RTLAD+Jqnnv7y329cUfK0G
+BEiqDQd0nU/8qBwT0C/Tc4V2UoEuHp8mUULDawnjbIODFjbTuaO5g9Iv3+LCfbJ6
+i3GYrsQ3NF0B0/L87s96Cv2IcEhEcqc5PR4hwE6YQap4V/IWKgcZyw5WjZWY2maW
+YL2p7Pqc0VlR4SqRreg9HsvjUP5N7mNSG7YUHO7mjwTkXBnEHXddzuFPtFXg5G9Y
+Mv5M97Ix9rbNEeF+OmkZpxxZ0yE4HbxHzMwMdT08DfGL/b0A/666Q5ydsLggQ+4h
+kG8WJhEA+MaMFJft5t2po/Jqw3GLUT/NgPMpvrTY1wTjE/fQumz2xHGdPC7D0uGs
+TTzjKi8JZ9F0Il/gyxIf5YtiOnxH2uwvpx6yJW8+gIQy1deGmQrrO0txwju5vVIj
+2ogU7MEm4Rf54c/z6qruJJEd15qCt0L3oCqRxE3TQQV6iH5i2M0Rj91ov8nr+nT/
+OCtmKP56/WeqCMiGQZyaaa2V7MghQBX7U2OPZnHP3pYnLtTewsGbx0W2K4d0op0d
+PPLuQ+Uk3dyaWSzkZhq13QmMflfcTLM+Y1JRBdJXI8CySwdxxL2E7NuI9/huwNVu
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10.pem
deleted file mode 100644
index 1ef60f3971..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10.pem
+++ /dev/null
@@ -1,211 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd
-RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ
-AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS
-icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO
-hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs
-k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2
-9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp
-Cu6s2eBv0+DeibQTg73sQuTj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAt36UX+gq562CFiw9L16IZ/AjJhU0BB9ji/77uw3AfvBGggmikeDq79BD
-yzBFrHys/L5UeXepakX1v+XvlxFjwvc8c226jf6uKEop5KJZDI8aV4byQvc1C8Ol
-MdgZ4pd6ofTl28r1VDkdDt94c7+Gl0CqBo6LawwGmNfSHUWqf6UCAwEAAaN/MH0w
-HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFAJIeLnM
-AVExdH85KjfCRJN+mGmAMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOBgQCm
-Qa7i6335O64eyxJjXl3U2Bw5wN3JaK9t7f4dJAxfOlcblWbbes+Gk12UCYtxTZDj
-oZ70F4IoGU7JQt5CcdB2yQtctPK+X7A3/Vsxjknm11nCn4IhcU7LDkEiSovBGLR0
-KV3NAqQQhr1WQoY1Uf3Ncpl7b+SaZscZ3r35UJo4iw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJDQTAwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV
-BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTAwMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQC3rH58cOqP9U5iyQflKaVyYw+1LMhr3jDW9/Q3aedlH/TY
-iLmT71FUjHaJMWOCO6sAEYMphrRdIUy82rai3iJgrNtJ21uIFOlmjgwgl9amHX8B
-yT+qgiwLs8kzE6NgPYHgLgbKEIqgZ+AZplCt60tCbeGKLR/WtXrxAIgqU+ar1wID
-AQABo38wfTAfBgNVHSMEGDAWgBQCSHi5zAFRMXR/OSo3wkSTfphpgDAdBgNVHQ4E
-FgQUauYRxUFtrRo+gtywXa3yGfFQzgswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEB
-BQUAA4GBADnBidpEzasWbrLankXCoCaeizozu2dGAMMWpbs02cplC/vIlcr0myWK
-noFSuxUuQa7sMxp72p5r2ziJp5pk1gT2KX/kgOYlQqgbJ4UmARGP7er+zIPulXib
-suMShSCGO1xC+fXppdhPy+YQq8a7Mzi7XKqP5su+aTWw/B3a8ys9
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test10
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00
------BEGIN CERTIFICATE-----
-MIICpjCCAg+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJDQTAwMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowYzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgw
-NgYDVQQDEy9JbnZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVFIENlcnRpZmljYXRl
-IFRlc3QxMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAr0SfgP3iREpEpoxL
-34yNQOjycTI5wM/Y9YXQ6E26DxRndEt8gy0Nt+w7/WcO0aJ/EA76704ckmtzahRW
-gH7YAntSVCkBwyB8EDt0eBxom9vWRhPmqJgF6PJtcuAZnkISqXfw7zurQN/p1HzT
-iBta6ocTlilBTPujtQ/X4O12W5kCAwEAAaN8MHowHwYDVR0jBBgwFoAUauYRxUFt
-rRo+gtywXa3yGfFQzgswHQYDVR0OBBYEFLsMSzv8dfhgJ3MxRW07FltMDKkGMA4G
-A1UdDwEB/wQEAwIB9jAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/
-BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAfOH+DXogRwi00dAkv43qzCo23eOg7
-uaaD7fgNVn7RrEYkyc0RZWf1P56IXe9aTM41eVmi1PyblkZ0aXH9e7ShaOW11Jk4
-OpIpx+vR7HqBjW0yqIXES3pbA6Vm26gj1WDuq0oSps0+BxKTL5cHxVlCT9+YES4B
-T1SmCaLl/UdsEA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0:
-        af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0:
-        11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3:
-        5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58:
-        ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd:
-        08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16:
-        1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78:
-        fa:7a
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn
-gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d
-CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:02:48:78:B9:CC:01:51:31:74:7F:39:2A:37:C2:44:93:7E:98:69:80
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        44:34:f6:c5:c0:16:f7:24:42:33:a8:e4:ca:74:71:94:76:93:
-        e7:4b:7c:a3:8b:ac:ae:11:ab:46:94:f6:0d:88:b6:e0:96:1f:
-        ab:04:6a:92:b7:6d:4b:aa:6a:b0:13:58:58:a7:7e:06:de:c1:
-        26:d4:09:e0:7b:a9:e4:dd:73:da:b0:cc:a0:61:ab:c4:c7:cb:
-        c2:e1:66:f9:f2:2a:c2:c9:59:5f:05:c6:74:f8:bd:bb:92:24:
-        77:12:34:23:7d:95:99:bf:35:e0:6f:cf:2a:b6:19:29:9e:59:
-        d2:0b:2f:07:44:25:66:6a:e9:5a:ed:7f:99:33:b5:3e:65:69:
-        57:95
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJDQTAXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFAJIeLnMAVExdH85KjfCRJN+mGmAMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAEQ09sXAFvckQjOo5Mp0cZR2k+dLfKOLrK4Rq0aU9g2ItuCWH6sE
-apK3bUuqarATWFinfgbewSbUCeB7qeTdc9qwzKBhq8THy8LhZvnyKsLJWV8FxnT4
-vbuSJHcSNCN9lZm/NeBvzyq2GSmeWdILLwdEJWZq6Vrtf5kztT5laVeV
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6A:E6:11:C5:41:6D:AD:1A:3E:82:DC:B0:5D:AD:F2:19:F1:50:CE:0B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        42:5b:18:71:be:d6:f0:b4:80:f6:33:3c:cd:99:0d:26:f3:90:
-        70:42:44:f8:f9:61:72:1c:b3:91:02:0a:14:55:67:d0:1b:23:
-        06:f0:90:76:49:c6:82:23:70:da:3a:15:95:90:80:aa:8f:0e:
-        fb:4e:5b:9b:66:38:21:14:15:c1:65:71:1d:e5:b6:90:ae:b2:
-        7a:73:84:9a:1d:3c:f2:2f:65:0a:b4:7f:52:90:a1:1d:37:a6:
-        24:a8:7f:5e:72:e5:1a:8b:89:31:ac:dc:0a:3a:d2:15:7f:f5:
-        97:f3:1a:82:d6:fd:74:b5:92:0f:d5:d3:a5:74:1d:a3:7f:62:
-        1b:c4
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJDQTAwFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBRq5hHFQW2tGj6C3LBdrfIZ8VDOCzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQBCWxhxvtbwtID2MzzNmQ0m85BwQkT4+WFyHLORAgoUVWfQ
-GyMG8JB2ScaCI3DaOhWVkICqjw77TlubZjghFBXBZXEd5baQrrJ6c4SaHTzyL2UK
-tH9SkKEdN6YkqH9ecuUai4kxrNwKOtIVf/WX8xqC1v10tZIP1dOldB2jf2IbxA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10EE.pem
new file mode 100644
index 0000000000..2d7bbd0916
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest10EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E5 50 22 A8 C1 4E 7B 5C CB 90 98 45 C4 A7 F0 0A E0 ED 2E 33 
+    friendlyName: Invalid pathLenConstraint Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pathLenConstraint EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA00
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEmMCQGA1UEAxMdcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YkNBMDAwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx
+MDgzMDAwWjBoMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTE4MDYGA1UEAxMvSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0MTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCXqvJf0Sbty1YiHYZ7PHwNkMnllNAX+ilKxDm339jET5zegwNzwyTXh0nk05rc
+wLCqE0slxm6iWWfh3sK7DE+zWyj5RwiiwbT7K49hFLgnZ7/3x3wARVb0lLhN699d
+iRJm+Af3vNDVGkQ1FSpy4OBiUuc2XMiWktOV/smBAty8HvjZOBB4Zy0ijV1YZK+/
+ihX/Feqm0PjLsrASBqH5PAVYDzTXH406ayeUCK+daoxc9nO3jShm9bvTZwoc9tN5
+M/VzFHoG8S5lMWNBcnZd/8++FCEKb8H8FnLktCOYKGWahdYjiIMuGzwyM6XooCEJ
+rxfe03QfYtEknHXO5NZWF1oRAgMBAAGjfDB6MB8GA1UdIwQYMBaAFLq54oj31Fkl
+iuMp30+gBjjdcXSCMB0GA1UdDgQWBBTYF8STFBH7QOb0JnwVIxfQr6560zAXBgNV
+HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
+BAMCAfYwDQYJKoZIhvcNAQELBQADggEBAPWrCmLHcQdJfIVQpCQ6ZAWKOStZ3fqB
+G6hjLBxvA54p3+y2yq7p/0pRR3w22yHOBUNqVjiR6WWRaZBBzQTxt0hj3Dlbj+CH
+qyBc1bbBWk7m/tKziUfcxdPuo9CcG0u1nLTgIE32OHUgSzTmpWO8/JDICCQ4dd6q
+ugfxqWJnlJVGhQSyrSUk7ZcCFG3H2oHDMPYiv2spEv6g6lbno4YrYE/8vl/IbE4w
+BDAjtU3v+DUvI9vxWUa7pocGyb2dBE87ED/4HqmfUmj6cZnzIYRTKX1zoEueu3ei
+bf8l1natz4YwVbQItLU8STxkCRQiYH8d01JBMVlIRA4g8YhPc9Bwmao=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E5 50 22 A8 C1 4E 7B 5C CB 90 98 45 C4 A7 F0 0A E0 ED 2E 33 
+    friendlyName: Invalid pathLenConstraint Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,772EA7F9D57E3F11
+
+5Cj9j5qaOVLoai3GpY+FqYYvsjrAKoTHbLkjhIgjpRzrT1qGkdVe33DZ3mmw3td3
+gGVT8zN0sqvBW2nMAHkPMzpu93XZ0spQXuURePeletXPNTybPJRp5MFSFJynd/aq
+7ClQImECrXzKN4BR3bcSa5Dxld4K7ii4dOdlIQp2yhwOjpTk2o6EXj4eUy9EaKjI
+IOtwWNIXfOdMwc2+ABGSgZ4V1hinfuTm9h9UKMsg0U7AvUIIfk9jpl9AY0ZXT+Zl
+26fz9cM93p5afUFqHnKC1hUgzDY2RGGbipYXJhcFYyGMybXmR/9FpfdHBBbjTdDl
+KyVt7J0oKh8rknounW9or4M7MBdde74Gph2fCui+qh7ti75rgUuuxvjn7mW9+hbn
+RTyVudQ+Qde9NBi+FaQ1T3A7CdlnyfTcEVHtUoEaDUWz5QVuN4U7wwLfk3p8ifdy
+Ws2qoc4YINEXiv01LmQ1RXlYWBTqqQ+giMlS5pagttzppIvEZ/C7aalUEmJleIeV
+O8LHL8SXxfKbzayt0B4TA9B2A1JLQw9GNUzPSqRHTAdYF/oyQouHuij1N86gYub2
+tFIUCd8I2GGcKRgXM04NUslBc+aN0YWxKBqDCnJy9RlVF7SMcppnmyfvRmBPhcI4
+SCFNfKoZCywAVvjMc0rdAgWGG06bBg+8OUG5jfH07Rn0ydbp+StiURp4/xYUqc8U
+i3yDx+NljZdDt/JYM8z3sZKXNltfbypdK+1BCV4sxyfzWzjYqd6smmmtjR2A8AOD
+sMAAWMQPZSCJ6PtgNBEXNnDuQtdMNwrIpdHhUfTv9xB3ePdxpzfuKuZ7ncqfrTQ7
+De45pEt/eEWvlQuEABW7KKSPilRj7LKzFxk+qK/bwT5YB59q3veQ0ktpvo+KhUMB
+Ku7efDPV0TTbreNriUlM0ipUTdN8O30FHbxOX6ZzZ7YvpBQRZtKgG01OXpPsUOv9
+qi5JdkQuETK0YHKxy9Kg36VdPKS+pm58nxd7Vk1NL4Uw5Btb/6/96VdC/U4HTE4V
+dV/BsPV1SZQOONutjRIyMI2IPDlEfMcQgyojfHYRMG9VvHQvXfL9oRv+5eU6pxkE
+IILyicibk+tE2hNR1lZuCwHZ9qF3bcu7FvJVTiUeqrBMFtmyQYgQXrXNT7SwO0UC
+GECT4Jd2f+BnS4OgW4uKxJWqhwmTfxyevEGBQfAKGhL30J/foblBZDbc5yPIPiTv
+5PhyqHqlsYDEp/7phdyExgpMCnnqBO0NA2ET2yY576FpiWpaCVIlYODixK0xPNuE
+ziw6bZ2OOGUzj743b7CFVNUesd1S7CbPB1m4A3J+iimsuFUq1XGsesdM1ldOxZlA
+4MyBbkvweHtBP7YH86odh6nASA7n8I8RRVHOGa1dLAcwKHDs3qhjPd0EnZmrrrba
+t+SC2aunuXee2eyeM780obWfkSOmtJlXm2seq7bScNiAYzsCL+9Z3tOkCsH1LjNv
+mETaxgW+RRAklGMuVzRUzfprt+4pqeRdDrz5Uq/kJpYKx8d1Mi1YKuWN2JugPyOu
+qOEF0J+h+ydTBNL9d4DeME69PvD4JMq6Vny/lL4OVpS6ip+Tg75vpQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11.pem
deleted file mode 100644
index 259d24610f..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11.pem
+++ /dev/null
@@ -1,262 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd
-RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ
-AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS
-icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO
-hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs
-k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2
-9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp
-Cu6s2eBv0+DeibQTg73sQuTj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAmzChDurmjaO/gLW4mwfnkQwkFgDcZvpMdZEqpd4u4+RaoyI7I6LlTFQ+
-wkZ0cnLVA8C/F6+ZqpMXg4s9pb04PuHb0xsgBHFefpSASxTCIBWVOmLq462zY6o8
-Iun/AQo4JVGx175EcIUkcldAg19+3l1NV4fg7BN7waHWiVfIzS0CAwEAAaN/MH0w
-HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFEQ04VAm
-/zwjDK2/vU7Ge+AMSIqqMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQUFAAOBgQCK
-Fy4Zq2RJVwWE4qzs2QbzST7CRcwqzwlUwH2S53MA3J38uXAEjqjJLyLSG7k9xjYq
-Xwq0hQZIfdeOkSMfSEUl3XWgYfQFGfmHdsUPJ0NX79NXXoyxsfZPRH9LF+CPnv8d
-kwA/on1VypfAuAv4/M6L3p7jFDISJRRGcXRBRB13lA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV
-BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTExMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDSXWC7L0WLN2ZeSCkEhh0EhpdojjOAr8wqSRoVWRnyzGMM
-swGD3i80PXaZFl1qIeaER7LF0udID27SF6sC5g+kklfiK3UAn0YscNa2U6r27vwO
-2pj95+SfvnAuFgQoO82T4VQtUJnUOB+NAwWHGZ0Y9WiAxus6qNqEVTbr3CcT4wID
-AQABo38wfTAfBgNVHSMEGDAWgBRENOFQJv88Iwytv71OxnvgDEiKqjAdBgNVHQ4E
-FgQUs8D3URQQ9lyaTiyHUFHlkdNYWyswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB
-BQUAA4GBADYFuhgJI8Nyw7Mhpcq5n2NHNEXkP8g5ibaa86O1I//NQRsXnQ42VQrQ
-UemJMwtYlYjXHCL3MaiZOOXv+jaJDAbAE8zDq1c11WuKYBQ/ABNR+jCYnOlnR4lH
-1Ibtl3Y4v7sEq5V6MyO6DugCihflJSVSOV8UFaYxZQ3cb/AgI41q
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11
------BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJDQTExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowVTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSow
-KAYDVQQDEyFwYXRoTGVuQ29uc3RyYWludDYgc3Vic3Vic3ViQ0ExMVgwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBALXNtkOI9gcg1V1Ecg8VBS17NqL8yaeNOG8h
-VgH8Peay4GsCzxqYOSnPDeBKtlMJ+TAmMmz30FZ4XtEJScvx9yllHjEM85LdyvTM
-ZD6gy7yWApPgkhMipi9vww7JUtH6RrDQmKurTvtx5BhM/lYWlDVSnxX/CmWFm22r
-vwk/Rbz1AgMBAAGjfDB6MB8GA1UdIwQYMBaAFLPA91EUEPZcmk4sh1BR5ZHTWFsr
-MB0GA1UdDgQWBBRqNvBXdT9CFVC16QgdKDfFreIGvDAOBgNVHQ8BAf8EBAMCAQYw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQEFBQADgYEAXlaYIT0dDTF0GGAJ8H41hvUkovy3ge8i7YDWofVBhdt+rEeC
-v0tvUcc+7mPSj3i5flZgJnbXMwS7wNlLhttOpbBMqL5/vWyIcvrgXm3qmXowQF0H
-WuW/WllHgGzQ8tIbGUWcl2bvkFNA5nIeumCrK1vmIgNqYaRUdOH9xuPuvxw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJzdWJDQTExWDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMGMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czE4MDYGA1UEAxMvSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBDZXJ0aWZp
-Y2F0ZSBUZXN0MTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK/Kz6a5RrnL
-VxjtAz2f5jD2LFhGyAiWK8+D2zGdebUqwosPmO1bFaTy4UpTN1y2NDdhbZJ9u6q4
-UyBlEswNHWLbKw2eAhhlj4tL8W7qCcCTiIDusf+/it87dawc9FbLFDa6ZhPQn3zf
-fOKdROTtdR1GLihtxkPeVht0YCU0Y5jBAgMBAAGjazBpMB8GA1UdIwQYMBaAFGo2
-8Fd1P0IVULXpCB0oN8Wt4ga8MB0GA1UdDgQWBBSms0sRlWo2giuUP4b24hz3mOOT
-ZjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqG
-SIb3DQEBBQUAA4GBAGVBiyATRLrOnNHi80uCRg3a7ZWI4275SlflSYwZhFBkGkd2
-C4kyAGKsNrFGtuCpDNM7IgF4xbQweHBODNwwCOfsdc9OahGntqhxeKxUQpDkwc8a
-3Faqn6fs/BnZqkNzepiZdHCsTdiyiiB7LxL9LVo7575vfuB0yBsCk2lGgbkz
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0:
-        af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0:
-        11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3:
-        5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58:
-        ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd:
-        08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16:
-        1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78:
-        fa:7a
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn
-gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d
-CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:44:34:E1:50:26:FF:3C:23:0C:AD:BF:BD:4E:C6:7B:E0:0C:48:8A:AA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:23:83:69:3d:e9:a9:b9:0c:9f:fd:64:34:97:b1:1e:e3:c6:
-        25:62:c4:d5:cb:ee:87:98:04:d6:96:04:0e:7e:96:3b:22:7c:
-        3f:e7:f6:f8:a5:d4:14:a2:86:2c:10:d6:b6:08:a6:da:2a:3e:
-        7e:70:f1:d1:e6:a0:6e:55:1c:68:10:4f:65:d2:1f:51:d7:a0:
-        6b:d7:df:db:7e:2e:f6:8f:5e:64:5e:6a:ca:48:2b:8c:f0:85:
-        37:f3:70:67:c9:44:c4:8f:7f:ad:93:93:e6:d9:c0:7e:8d:0e:
-        01:16:01:82:e2:b9:a6:28:1f:3b:e9:0a:d0:ea:d6:23:a1:c4:
-        a5:1a
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJDQTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFEQ04VAm/zwjDK2/vU7Ge+AMSIqqMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAI0jg2k96am5DJ/9ZDSXsR7jxiVixNXL7oeYBNaWBA5+ljsifD/n
-9vil1BSihiwQ1rYIptoqPn5w8dHmoG5VHGgQT2XSH1HXoGvX39t+LvaPXmReaspI
-K4zwhTfzcGfJRMSPf62Tk+bZwH6NDgEWAYLiuaYoHzvpCtDq1iOhxKUa
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:C0:F7:51:14:10:F6:5C:9A:4E:2C:87:50:51:E5:91:D3:58:5B:2B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        5f:3d:a5:ee:09:93:d8:4f:cf:28:3b:05:87:8e:8b:08:7e:2d:
-        36:0e:c2:f0:cd:54:94:05:54:07:2f:9d:e6:8d:1b:9c:f5:fe:
-        92:7e:3f:bc:94:d5:fd:82:c0:87:dc:93:32:c8:ab:01:59:3b:
-        6a:df:8e:af:cb:14:f7:f7:39:50:da:8c:ac:02:7c:97:24:27:
-        ce:11:a9:9b:38:72:6e:32:c4:a1:0a:f3:34:5d:62:9d:f8:ea:
-        21:1a:bc:0e:22:98:6f:80:25:1f:5c:c4:fe:1e:7b:ff:9c:4a:
-        83:ec:02:29:db:a0:6e:cb:9e:98:89:33:be:25:8c:2d:48:9d:
-        70:3d
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJDQTExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBSzwPdRFBD2XJpOLIdQUeWR01hbKzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQBfPaXuCZPYT88oOwWHjosIfi02DsLwzVSUBVQHL53mjRuc
-9f6Sfj+8lNX9gsCH3JMyyKsBWTtq346vyxT39zlQ2oysAnyXJCfOEambOHJuMsSh
-CvM0XWKd+OohGrwOIphvgCUfXMT+Hnv/nEqD7AIp26Buy56YiTO+JYwtSJ1wPQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6A:36:F0:57:75:3F:42:15:50:B5:E9:08:1D:28:37:C5:AD:E2:06:BC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c1:d4:9f:53:f4:86:55:66:46:ba:2f:82:df:c3:81:ad:52:
-        95:0f:cb:f0:c0:25:ca:b2:fa:80:c7:b4:50:a3:95:70:ea:01:
-        b1:30:fe:c9:da:a0:b4:fb:a6:9f:55:ec:3f:df:12:37:bb:44:
-        cf:6a:5c:7d:fa:34:93:7c:9d:5f:f0:d6:fc:dc:07:9f:1f:2d:
-        bc:02:3f:80:59:de:31:ba:19:c8:e8:a9:3c:e7:1d:28:e8:cb:
-        f7:4d:e2:f6:26:cd:45:2f:d4:70:77:68:ae:1e:5d:0f:55:c6:
-        fb:f4:5d:64:3c:e0:30:a7:2d:3a:ed:4e:7b:a1:e2:13:70:da:
-        30:e4
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJzdWJDQTExWBcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUajbwV3U/QhVQtekIHSg3xa3iBrwwCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEAk8HUn1P0hlVmRrovgt/Dga1SlQ/L8MAlyrL6gMe0
-UKOVcOoBsTD+ydqgtPumn1XsP98SN7tEz2pcffo0k3ydX/DW/NwHnx8tvAI/gFne
-MboZyOipPOcdKOjL903i9ibNRS/UcHdorh5dD1XG+/RdZDzgMKctOu1Oe6HiE3Da
-MOQ=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11EE.pem
new file mode 100644
index 0000000000..6c456d7ec8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest11EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E6 98 9F F1 E4 B5 04 FF 24 2E EC AB 3E 07 30 38 21 C7 01 FF 
+    friendlyName: Invalid pathLenConstraint Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pathLenConstraint EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubsubCA11X
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YnN1YkNBMTFYMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowaDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExODA2BgNVBAMTL0ludmFsaWQgcGF0aExlbkNvbnN0cmFpbnQg
+RUUgQ2VydGlmaWNhdGUgVGVzdDExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA1cl8/9ip/J/At2SsSX+IJEEVyheRfuATAjbGXo7Cxrc0hDSRHTovhpBn
+9bvr2U3tLle6PnM+04bGz+Xt4+XAwq3bYepL0Y9TKx6S9sFwdVSWM3tpfS15OfeB
+G0dIugOZMSm+o8VQUoFRkEazcWCOUdu+9KEHXBecAeWxRof3IM0R6i3cTprfjCs5
+yXgsCln5HUPLDw5twRYOEE5mnEWtraWEFUeYE8xVFwwk69N9b95gpTsEvzPnyc7Y
+vcEeVGDsezBQmPxDSOXA1pDOqBswDj90rFy/ZxQWPSOdV7dSk08Aa2KayXgL30gz
+mO6ENzNWfIZ0g6TN9Oq8K+lhRx/E6wIDAQABo2swaTAfBgNVHSMEGDAWgBSD2ri1
+xp3Iiwh8iz/tGnIl4q8b6jAdBgNVHQ4EFgQUOVf5EG2PkPu3WYGjOi+xdDjbuacw
+DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
+9w0BAQsFAAOCAQEApEdV59RrhEgGjn1V6YgmOZrmFoy7Vr1Ss36w+MY7OqJ5zdYj
+BJPk/cDWct/Fk/X+i735WzzY11K4KrLc1DVkfrTyRPLHChRFma5g0p5OUUDvofyj
+5gky5i8S3+3l8GthFqJyVgjqagILlj6+az/liTiCLrlKk3+MOeI3xZfqu0fhfWTL
+CMmxAhrG5hjMR/YAcoSLsM3Vu7cwWVn8zB7PA22EnEBspIxwjrH1diVSSix0Mr2U
+VIjrBMmLHIuYv2s4ZS29iPsKcikiXK6+GynT6QuNf0hXEB9a/H1NEBu69+AnXnNN
+8KDP6+hPJxVKCLApWqbmGqJE8b6swlhRomACaA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E6 98 9F F1 E4 B5 04 FF 24 2E EC AB 3E 07 30 38 21 C7 01 FF 
+    friendlyName: Invalid pathLenConstraint Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,686D0DE45DA2B6C2
+
+VaAU12sWq1Yg+V760zkDSlnQXjjyrXCaIhGOwTxTgbrD7+7ZxAnKlXuV4oNnJQm3
+bIn7RQlR7UiOVdNhgMLz0Mq4J2zpqgCJMTm+mkLIukiICn7a7f/e0VlMyBfFQeWH
+gsCUz0pIwJ/dT+hPTFkcBmnpN/2gPkZTb2roGFksUZ6Vk2rV2Ut4tg2rqG3SoYws
+BSNx3ZAl0updwkLjjwa+/YtGOOAfqqUfJHsLmhkYgaZ0l4gumy6oxz8wcc9YLOCC
+qX+5MHfV0cpgjw39N64RYY/vbEvUp1lVFT+LZW2PQF1IJTlw7JvRk2RDxpKTkAai
+QcqYmFoTnPQrcPQ6YtJn6lFTd+iHts7bA/zn+FXkd/a2wm0zwhGLFmYIVfxICC+d
+1zHZBg5BEYBEq4IYx9vbHGXyLnWbe6/jqBQZs+iWmLoia00CwtLy03JFIU+K0xAW
+bCNd7KHo+gtV3H0WREVl07/a1zsjUEx0hbfENQJL6I674WQpYR5+ca6RK6JFhchc
+OiuAOz5X0tYcV/0dZwdN4iu3ezTbnz/wjeTbxvkFyX5GMgJ2QN0IB4ZKedEbmdhC
++a1S8Q4DHMC7XE89R8jC4nIV0TsSbAmGhK8PwelKamBRG+WZrd9r+j+JQ4Sikn2g
+djGA6/7I3BdRppMScqwhRxc72tWPLguwU4oA9eLcatZ53MFiYd6ntVuTeRVjRpeL
+IhapZxZDSvNubE8+ObyvmKGTxUgedotSWHJXyv8+2GKGCwl30LSTBVrizsXry+Tf
+0H6gHC8OY4v6S6UdsLVauXojkdVI7xH1GBco9XDGibmvi9HxggBC9QMRdRE3PU90
+Xl2ur/CWEkMMrmjz0ZfXapQZgGSaLUy+PJShX5SxKifoNT9tLZmHPSTgYlIT8ijc
+pu/DUL/bkF7J8Pv0660T7Gj3RWnfIe+2MX0AUObKRBgP7heVJB2a9xmX7VbHLP+9
+0zp7Omk15r3DrWVEqZJQhnM7/0B77NWRXWtdyTlO7jA6fW6i9q0ZIsgcxAf+VqN3
+tpeKI42jby51SopRNwdbVwi8WmVonzpYnwuDeXlRScBMZpDaqbn5+fQjsMzt3Pjc
+Ly6Nqq1tngz9f1QAb2a2RLSM1RKuWoGvDzSQCgdcgH9C3XOXi/6WNI+9/oaIcvKg
+PACApYS6OfoHzb9o6pntUAXTWHV4djx71TX1tcpDRoR8OKlMbF4ZzWOVX+iOmnkz
+LUVyILMB9HWuns7l/Dr7oogP3sTua1GyVuywCZBgVIxrrMtVJJJfKH3B+rte9jDy
+lvKFAxlPOT3lwTcd/1Dx7FX7RVQM0l1uB8qWH3h+2N/H+4y+ETBg6yadKKrfzjro
+I+JDpQU2oGBNdORnNSBHBYXYSlYE5heqfeNz02GsT5uhPkhV4yWP1FOnxi5A/kcV
+iDkKYk7jAjVx/2dlZPa4oPHiGf9PNGE72cn3nMdlPNNcM+bjJogLAc1czNeU9B6u
+mWraqdYS56WRNkOIZmw/2JrSNAQOSGx+WM5UL6qaPqdlylVzPsHQEpTQ0mepbwfH
+Ftecmyrb9VyAkW5qmOnpFPhNVvPAGi3paxm1gFBKYSsynO4tkw9VUJMPEOOcyff6
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12.pem
deleted file mode 100644
index 3325707a9b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12.pem
+++ /dev/null
@@ -1,263 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd
-RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ
-AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS
-icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO
-hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs
-k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2
-9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp
-Cu6s2eBv0+DeibQTg73sQuTj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAmzChDurmjaO/gLW4mwfnkQwkFgDcZvpMdZEqpd4u4+RaoyI7I6LlTFQ+
-wkZ0cnLVA8C/F6+ZqpMXg4s9pb04PuHb0xsgBHFefpSASxTCIBWVOmLq462zY6o8
-Iun/AQo4JVGx175EcIUkcldAg19+3l1NV4fg7BN7waHWiVfIzS0CAwEAAaN/MH0w
-HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFEQ04VAm
-/zwjDK2/vU7Ge+AMSIqqMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQUFAAOBgQCK
-Fy4Zq2RJVwWE4qzs2QbzST7CRcwqzwlUwH2S53MA3J38uXAEjqjJLyLSG7k9xjYq
-Xwq0hQZIfdeOkSMfSEUl3XWgYfQFGfmHdsUPJ0NX79NXXoyxsfZPRH9LF+CPnv8d
-kwA/on1VypfAuAv4/M6L3p7jFDISJRRGcXRBRB13lA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV
-BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTExMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDSXWC7L0WLN2ZeSCkEhh0EhpdojjOAr8wqSRoVWRnyzGMM
-swGD3i80PXaZFl1qIeaER7LF0udID27SF6sC5g+kklfiK3UAn0YscNa2U6r27vwO
-2pj95+SfvnAuFgQoO82T4VQtUJnUOB+NAwWHGZ0Y9WiAxus6qNqEVTbr3CcT4wID
-AQABo38wfTAfBgNVHSMEGDAWgBRENOFQJv88Iwytv71OxnvgDEiKqjAdBgNVHQ4E
-FgQUs8D3URQQ9lyaTiyHUFHlkdNYWyswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB
-BQUAA4GBADYFuhgJI8Nyw7Mhpcq5n2NHNEXkP8g5ibaa86O1I//NQRsXnQ42VQrQ
-UemJMwtYlYjXHCL3MaiZOOXv+jaJDAbAE8zDq1c11WuKYBQ/ABNR+jCYnOlnR4lH
-1Ibtl3Y4v7sEq5V6MyO6DugCihflJSVSOV8UFaYxZQ3cb/AgI41q
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11
------BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJDQTExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowVTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSow
-KAYDVQQDEyFwYXRoTGVuQ29uc3RyYWludDYgc3Vic3Vic3ViQ0ExMVgwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBALXNtkOI9gcg1V1Ecg8VBS17NqL8yaeNOG8h
-VgH8Peay4GsCzxqYOSnPDeBKtlMJ+TAmMmz30FZ4XtEJScvx9yllHjEM85LdyvTM
-ZD6gy7yWApPgkhMipi9vww7JUtH6RrDQmKurTvtx5BhM/lYWlDVSnxX/CmWFm22r
-vwk/Rbz1AgMBAAGjfDB6MB8GA1UdIwQYMBaAFLPA91EUEPZcmk4sh1BR5ZHTWFsr
-MB0GA1UdDgQWBBRqNvBXdT9CFVC16QgdKDfFreIGvDAOBgNVHQ8BAf8EBAMCAQYw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQEFBQADgYEAXlaYIT0dDTF0GGAJ8H41hvUkovy3ge8i7YDWofVBhdt+rEeC
-v0tvUcc+7mPSj3i5flZgJnbXMwS7wNlLhttOpbBMqL5/vWyIcvrgXm3qmXowQF0H
-WuW/WllHgGzQ8tIbGUWcl2bvkFNA5nIeumCrK1vmIgNqYaRUdOH9xuPuvxw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test12
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJzdWJDQTExWDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMGMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czE4MDYGA1UEAxMvSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBDZXJ0aWZp
-Y2F0ZSBUZXN0MTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKYWPPc7psjO
-loPqdJ0NVow1+jFLB3yaoLHoJ+72kbII2gHjDiiZqm3e1E8Bqo136BrJlUrf5ZBj
-5G7DoA0OWn12+0bHhTNOEucIAFe/M6DpdHEIRR3l9CA20h4VMN5dUnQlVRt5uzGb
-RWcxgL5F79IUTDI1M2JJz2z8Aj/WIsbRAgMBAAGjfDB6MB8GA1UdIwQYMBaAFGo2
-8Fd1P0IVULXpCB0oN8Wt4ga8MB0GA1UdDgQWBBQfCYLms5akqSyTnpkK+G20CC7J
-7zAOBgNVHQ8BAf8EBAMCAfYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
-EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEABeLBzaJ0fJ0vgFUpXxNodli4
-jWo3oP+YW75X3NsMhhl31MbHAyUVw7CCEspHiIIRtSfJCALAaH9Ug7kMFjFDrxTH
-2790IdTodWieyUn/sdU9WWVRXiR7d5M2SVIYwdc6NjmsSVg6m++W99Uv5pBzoTAA
-ClExK3cmR6k5T7cF58Y=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0:
-        af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0:
-        11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3:
-        5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58:
-        ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd:
-        08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16:
-        1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78:
-        fa:7a
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn
-gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d
-CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:44:34:E1:50:26:FF:3C:23:0C:AD:BF:BD:4E:C6:7B:E0:0C:48:8A:AA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:23:83:69:3d:e9:a9:b9:0c:9f:fd:64:34:97:b1:1e:e3:c6:
-        25:62:c4:d5:cb:ee:87:98:04:d6:96:04:0e:7e:96:3b:22:7c:
-        3f:e7:f6:f8:a5:d4:14:a2:86:2c:10:d6:b6:08:a6:da:2a:3e:
-        7e:70:f1:d1:e6:a0:6e:55:1c:68:10:4f:65:d2:1f:51:d7:a0:
-        6b:d7:df:db:7e:2e:f6:8f:5e:64:5e:6a:ca:48:2b:8c:f0:85:
-        37:f3:70:67:c9:44:c4:8f:7f:ad:93:93:e6:d9:c0:7e:8d:0e:
-        01:16:01:82:e2:b9:a6:28:1f:3b:e9:0a:d0:ea:d6:23:a1:c4:
-        a5:1a
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJDQTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFEQ04VAm/zwjDK2/vU7Ge+AMSIqqMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAI0jg2k96am5DJ/9ZDSXsR7jxiVixNXL7oeYBNaWBA5+ljsifD/n
-9vil1BSihiwQ1rYIptoqPn5w8dHmoG5VHGgQT2XSH1HXoGvX39t+LvaPXmReaspI
-K4zwhTfzcGfJRMSPf62Tk+bZwH6NDgEWAYLiuaYoHzvpCtDq1iOhxKUa
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA11
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B3:C0:F7:51:14:10:F6:5C:9A:4E:2C:87:50:51:E5:91:D3:58:5B:2B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        5f:3d:a5:ee:09:93:d8:4f:cf:28:3b:05:87:8e:8b:08:7e:2d:
-        36:0e:c2:f0:cd:54:94:05:54:07:2f:9d:e6:8d:1b:9c:f5:fe:
-        92:7e:3f:bc:94:d5:fd:82:c0:87:dc:93:32:c8:ab:01:59:3b:
-        6a:df:8e:af:cb:14:f7:f7:39:50:da:8c:ac:02:7c:97:24:27:
-        ce:11:a9:9b:38:72:6e:32:c4:a1:0a:f3:34:5d:62:9d:f8:ea:
-        21:1a:bc:0e:22:98:6f:80:25:1f:5c:c4:fe:1e:7b:ff:9c:4a:
-        83:ec:02:29:db:a0:6e:cb:9e:98:89:33:be:25:8c:2d:48:9d:
-        70:3d
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJDQTExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBSzwPdRFBD2XJpOLIdQUeWR01hbKzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQBfPaXuCZPYT88oOwWHjosIfi02DsLwzVSUBVQHL53mjRuc
-9f6Sfj+8lNX9gsCH3JMyyKsBWTtq346vyxT39zlQ2oysAnyXJCfOEambOHJuMsSh
-CvM0XWKd+OohGrwOIphvgCUfXMT+Hnv/nEqD7AIp26Buy56YiTO+JYwtSJ1wPQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA11X
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6A:36:F0:57:75:3F:42:15:50:B5:E9:08:1D:28:37:C5:AD:E2:06:BC
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c1:d4:9f:53:f4:86:55:66:46:ba:2f:82:df:c3:81:ad:52:
-        95:0f:cb:f0:c0:25:ca:b2:fa:80:c7:b4:50:a3:95:70:ea:01:
-        b1:30:fe:c9:da:a0:b4:fb:a6:9f:55:ec:3f:df:12:37:bb:44:
-        cf:6a:5c:7d:fa:34:93:7c:9d:5f:f0:d6:fc:dc:07:9f:1f:2d:
-        bc:02:3f:80:59:de:31:ba:19:c8:e8:a9:3c:e7:1d:28:e8:cb:
-        f7:4d:e2:f6:26:cd:45:2f:d4:70:77:68:ae:1e:5d:0f:55:c6:
-        fb:f4:5d:64:3c:e0:30:a7:2d:3a:ed:4e:7b:a1:e2:13:70:da:
-        30:e4
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJzdWJDQTExWBcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUajbwV3U/QhVQtekIHSg3xa3iBrwwCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEAk8HUn1P0hlVmRrovgt/Dga1SlQ/L8MAlyrL6gMe0
-UKOVcOoBsTD+ydqgtPumn1XsP98SN7tEz2pcffo0k3ydX/DW/NwHnx8tvAI/gFne
-MboZyOipPOcdKOjL903i9ibNRS/UcHdorh5dD1XG+/RdZDzgMKctOu1Oe6HiE3Da
-MOQ=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12EE.pem
new file mode 100644
index 0000000000..0f42c6ad35
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest12EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B9 41 D4 07 1D 24 78 06 BC 38 DC A0 11 D0 45 7A 76 7E 26 78 
+    friendlyName: Invalid pathLenConstraint Test12 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pathLenConstraint EE Certificate Test12
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubsubCA11X
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YnN1YkNBMTFYMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowaDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExODA2BgNVBAMTL0ludmFsaWQgcGF0aExlbkNvbnN0cmFpbnQg
+RUUgQ2VydGlmaWNhdGUgVGVzdDEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAmVlts3N4uHNv7lGOT4GLaF+tsPvd1uviRc+qIdHp7qZNONV0TCr2Kt9l
+K9MGtM0OSLUhrrKN/oooKo3oVgqfGBMEzbPERKF2oy96WHjhA7WoVcHpQyPKOuUP
+hUY8rhMXYoTFeRakKK5kFobrKE70mI8tsmfOBA4JJKMBLSlu8ivgMigK1CT+bhHl
+uazZCm58czJ5Lw+ol00v5xQUKg8eJnYu++BBftkFkDU9QHW/2WH6ceiAcwzL9IUV
+1wuCQYfKfUklUtzcqSCoOCWNE0Yp3GaOgmgR6ssn5p2lyqXxZiVtGx1KcDhy42AE
+fbd5Kp3/FSQRV6UEr/KoJ86sBpkBmwIDAQABo3wwejAfBgNVHSMEGDAWgBSD2ri1
+xp3Iiwh8iz/tGnIl4q8b6jAdBgNVHQ4EFgQUF5D2PD0NAiPAZIw+M6ZDoKxgu7Mw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgH2MA0GCSqGSIb3DQEBCwUAA4IBAQCSRSJrJvGXtMVNUy9eDgXRV2P3
+ujCOCX3LsZAqd1x99DQorAhKoq1Hjd47XDmZherCmEpkkz6uq71sAg8UilLHEcwB
+cJ+IXJSohUIme3G2iil7BIU7FhIw3gbr+jpDlroqKTsx/9BKzh1Ms0c+PwoQGfHs
+CsIsYBb1Op7JQuJrpgggdTWskDIfcWOKg0QIRaTn72e/jF6IBKSr1S6D2xtFAxGm
+Kda8HVzltawA/WKcSy0U5qvLrBv8FK8vjkWut4wjid+eAmmsMQwOuwZNcqaXR2ve
+tDg1aWhFKdhmcOAirsC4wsuS5V0hTObIZR3d1BriitU8VhUq3PvlgAzrTaiE
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B9 41 D4 07 1D 24 78 06 BC 38 DC A0 11 D0 45 7A 76 7E 26 78 
+    friendlyName: Invalid pathLenConstraint Test12 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,16A8528E11F2A947
+
+5QYPlv/Y0/58FuOcUlQgeS5owcOToBQQwmhiQNhFREiB4KdIEL2E3mEmgwvw6kjs
+RfjAALCN6akHebaTinBAodceQlWBkxCdC+LaQZ9nlZOenliuKtIgrCsu2DOQYRNS
+Q9kzTH0uRD1uJopiO18ov0R30Vs+nBr/L+JYS/saFalMylMW92eZmxz+4/bJfIwl
+S9SPhu2KIkpfEu1OTnE7KHEXei63/aMA5sIv4hO1fLwQQnfkWypDSyAJb7Yvh+tu
+bziY7yWe9hJq2GZSLk3rvf5mNmfz4Op7c0CROH1Eq4+uMfKB4ud3+s/nItxxgMmg
+TrXUzbYLYR2Zz+pIalwd9Kbt5fnNEGuGQRNfyd2WWMKqLyHwG4EztoCl9fkhek10
+jySn5Mi2gdeHSOykYMo60By6So+fdTOh7DFP+zXd0f9jp/ihGgm/Zbtby2g65cy5
+rt6WXD7px321jxxubUkdtv+UhBZgj0zasyoj36gpZjuptwfxMp1pc+Gbw3NsCFOu
+IjxiW6pbdip3Endvy8tUD6nljA0TKNyRL4ynpU2vqCsx70KE+UFBkg2oO2VB6FP9
+LmSmGT8IHqZD5n4slyLXpu63aX71ez7kWEMoP7oxASDT65dMDz3prkCJ1OTAbpOp
+nL3PO541KHo/e7OLfCo1SSYTSeiEOVcaM2GeuewmmaC18d4Jp5K9FT3ymyu5/PvQ
+XGmpQLnByoBVaf2/845r/AiVcmXL+AoP0/wmQD+6Unvlqe+bjcyfe6PcOP8iR7jK
+8U05B1qBzQkS+4l1UnsR+5ykSRVvx5U4QBqAf8xd4HwT9qPOtnIee9j/ubQWYy3B
+Rri8q2XvsaCPPkKgvnL8GtltODOC8aCGuROpEUR40Y0hm0q5Hpl8fUtr19wbVbhm
+3IMJrN/QKTLHz+qvme54GIwC2hiNbRX0xnR00eKHPNwyhXJ8hlwFst0RX4uN/4lo
+ZfmRnbHIHXEsDwsu5fRiZNlC5gT8omyDTgFNFdWtBRm8otaLzAzopHh9WGHw8/Qs
+S17hqB5qgbkmFSGpqHGfMQ6l4hAk2bmXC+lyABNa1K0cxx5oRVW+hnhjM4FFS7SM
+qu1Q4izlpEXZ55lq+hRTASwvdLCxli7V+dqsKtmsB8RVCLDSxv8gQOS5haMjZZTR
+Ojd6ODvdWXFw2PVPEIKBEYszi5XWZDaHcPNnFKaV5swqgqIGJNnEaxr0/5I+xOVV
+GtxHp62u01+fiZfqXCh5a1NtZ1IsMKLQd+SQESyDkqBsmF8gzUyYFkYaq+3HAPu9
+3DBclVJLkmDLXTc6fIirQ3pVerNEljrLL/sG83VLtegqCJCl96i1oSABjKtpCJ09
+MPlEbd1kQPNN7VYnArGbh9MYqhbt4GhXAb0jOCpFhvUIG+MZ7ne9keOxW8iuFtV0
+7hv8KvjtZQsIIOcO5767vXcTkIpSOK8rwUIclCZBWF80E6u46L/tbJPD+1AA0jNk
+OybgVukzWJj87kajWtgnA7lMmnu1zhsMZMl/MCpL9IdAQ4xfXT4wRtditk77s0Ng
+Gqrd5xJPrSIVs8n+lgbZ1vSAepao96RNiZxfbl/mY5Sxn36TaAk9VxBnGOGa4j/P
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5.pem
deleted file mode 100644
index 6f28f19db3..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5.pem
+++ /dev/null
@@ -1,159 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk
-MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w
-LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1
-RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah
-b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt
-BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr
-NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE
-6cbcSe7zaz5qdojy0B72dLHC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMY
-cGF0aExlbkNvbnN0cmFpbnQwIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQC9F8qrs0xS57Qn1kibsZC0kS6JQNJyITUgX+oGjw6Y9R6Jh9m5WVI7BwMI
-FsyIDhUK42ZsG9b6hMdQyp5NKHZbYOh53VhWzsEAk3veMZvsEyE6K2Ip6SZO1xDq
-ta7FYY4SF+2S3nw8tyJGqXqNEG4Aob2k+QW1L7UgcsPyrAE66QIDAQABo3wwejAf
-BgNVHSMEGDAWgBQhDLUBdnbTsyqsJvyqpk/y1qFvSzAdBgNVHQ4EFgQUjh+rRpwO
-S27n5VeIDCeT/ifW5xIwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI
-AWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADW1rIN2
-092d2UN+8PysNq18Cl0i7qsx9JbK7SUwreNTgbpyw9Uh7HFYzJwBW9ACs94rDhZo
-iqG0u0K4zLTijCS3ixy9sVKVha/+QTy6YxHFcjLmriX4bfiYUjXJPqmmZFExM3vO
-XMyum0wyXdEc+hbuAj1+6WBRec8clffFlRdv
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25z
-dHJhaW50MCBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UE
-AxMuSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0
-NTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsZWQnm88nqSXHt/QuMDuN373
-VZ5lU/JhChuvs6DBS9f9L9NFBKtTS7+iq0QmlWuc3qB1RDAUjwAF85QyXYlqujEL
-h22h7CWzEP26t43/megvHJFuT/wCuRBzbTm+fzKTlWI2v7u8YILgQcOxb9vbRKzc
-FpwTBBqlnT//Xqavj98CAwEAAaNrMGkwHwYDVR0jBBgwFoAUjh+rRpwOS27n5VeI
-DCeT/ifW5xIwHQYDVR0OBBYEFDsP7IkBHltfUoRf9AuD3aINP8pHMA4GA1UdDwEB
-/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQAD
-gYEAeuTAbPsAB5hEhGMN18ygmQ2hryyEu5o0OlbfiZbwgOSaNISSeYEUGr/+1uxV
-MHb6zNrauChrz4hTCgHMmhThDhfxHeIlh0bM/xKd1dOmlB9g/WMr59Uy8R6vvo/4
-HZC6bTc4Ukzj7n2maNkUNogPKghLEho3hlGx/dZoxOr59pI=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba:
-        cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3:
-        d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f:
-        53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec:
-        b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80:
-        3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91:
-        55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da:
-        cd:a2
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6
-rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA
-Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8E:1F:AB:46:9C:0E:4B:6E:E7:E5:57:88:0C:27:93:FE:27:D6:E7:12
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8b:2d:ce:68:13:85:60:64:90:ea:5e:1d:ad:93:65:9c:93:9e:
-        a7:20:49:c9:bc:37:41:b6:05:bb:6e:b9:8e:c6:20:5b:d8:6b:
-        a5:76:f7:d1:40:f0:73:d7:19:68:a4:b0:68:ad:63:f0:b1:b5:
-        a0:52:b8:f6:ec:55:74:22:37:a5:2f:01:c0:af:a9:69:b8:54:
-        e3:0a:3c:06:10:23:3c:0b:7b:0d:e8:6d:ad:9c:36:b3:d3:54:
-        9c:6f:4d:c2:e6:35:e0:6b:0b:3b:a8:10:3a:86:78:76:1d:17:
-        08:b6:ec:1e:da:17:a1:3c:1b:ed:a7:e3:41:cf:45:cd:d2:b3:
-        b5:83
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50
-MCBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUjh+rRpwOS27n5VeIDCeT/ifW5xIwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAiy3OaBOFYGSQ6l4drZNlnJOepyBJybw3QbYFu265jsYgW9hrpXb3
-0UDwc9cZaKSwaK1j8LG1oFK49uxVdCI3pS8BwK+pabhU4wo8BhAjPAt7DehtrZw2
-s9NUnG9NwuY14GsLO6gQOoZ4dh0XCLbsHtoXoTwb7afjQc9FzdKztYM=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5EE.pem
new file mode 100644
index 0000000000..739d9ca02e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 0D DE 1F 6D 7B 18 6E DB 7A 45 1F 51 B6 34 BC C0 AB 06 CF 1C 
+    friendlyName: Invalid pathLenConstraint Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pathLenConstraint EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 subCA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYcGF0aExl
+bkNvbnN0cmFpbnQwIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExNzA1BgNVBAMTLkludmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlm
+aWNhdGUgVGVzdDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPgxp+
+Hpglfzp9XX1K1glTgljSpG1M9dGpAlVk7K39GMVwkmnAtSBhQVBdG8GDNnr3kqCC
+J7LPOrNTDcRRkO4T7xdBL1RqmzOAuHHgJCiFt51qziQe//kZcmyIOwY8pgHN4Cy1
+q0BeWybbU4B9ybMiIVzFImOoOPUzkaADKic1iW1OBj5NpGCZ91qFyZx0Itk/iBC3
+v7CN2B8Qaho3hypDTCSRmVHiBB1kD/AKFU8UohIiHXsyGxbCg1bBLuKmWRTZ43y7
+L1m4qHBOg2i3do13YLss2oZoknsoOHOBa0YLrFXPPMQTNrOU6Im4IYiUU+Ge7+1g
+2a05ooIRBTS+QhSTAgMBAAGjazBpMB8GA1UdIwQYMBaAFBRiZxB90jfFcgbQ3n+1
+Fh3Ko3NeMB0GA1UdDgQWBBQPpyPBesQ9pYPwqgwp6+Jq4890gDAOBgNVHQ8BAf8E
+BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IB
+AQB/58kEOCkIVV2FaRCkyOKRYGVC3KnDEBQjc6w3ZEm+f3vFHJyB8V63J+zf9MBi
+i2LvwwRTaUusfrrVteAcCYcoXOSHmRo82sY4vWJ0KBn0CDHuQw/WakD12geNfcjn
+yTu2LTe+0as0RhQ91krC5qJuzoN4FBVj8eKhVoD9YQFCzoD+Rq7WqabgUVVjowvL
+UzSm4adqK9x0pGxgwFwuBgdjuY6gKyAnLUpbC0E2mkLuuhQh0tAcYu9LIPpM/l+M
+6c2DlhKdQ/I3KvPxjCpaUxTVQ6iX8OyocQlszKp+LWb4NRBnHYmBpiO5vSC3aBPg
+Ga3ewshaPQBSsN7f29AEHSgh
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0D DE 1F 6D 7B 18 6E DB 7A 45 1F 51 B6 34 BC C0 AB 06 CF 1C 
+    friendlyName: Invalid pathLenConstraint Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AD8B97178BCB0120
+
+CWmHiiIThJdI8Ot9R8wU/LfTFZL6YYbu37opP6dAaC+LUrUFtZfwCZ/eP4arKCh4
++FsAL5A61YhoVhqW/nAm2I5W8+q0NjU552LANcVkpgTej0cqU4e/Gpgd9iArrI//
+RI6JeUyb367JARXbJUqtLVXfyEg7ijZrC63S6orqk//+CcZkrmcV25/rWp7AL3vZ
+z0qhEYV0r9jFqMP+u2/I75MATEYWz6VOFIxr+oieM7ulqkUgvMiUCWydXaU86YAc
+TclzwvjQNDXlSw+fGRWJ/qTu4cBy98jI6SHqdCB59o+DieNjEpK3Ywvz6ARjhFmX
+IJXoXCkl7Q3gqTrqrHLLKR0ed3V7x0Cfd98OxumzA8Cfvl/KhfORI5Pn5bWcK3Hz
+NXrjoagTAsmyBrejvLK3HVKqN1GdOzR+veRo/EYxuN2uEABmjj74Lfisrkq6gEeW
+/ZvireBbwWOScSlu/AV4N5gYCocSXU4lhffzpOTC7p9tcSxC8FFDooORrC9ccpZd
+4ucW75OMXaYym2mu+ImSkNS/SgIq/ZVnDT1k5V1WEF58WSqOvpuH5QguB5p7CeFw
+UQn/Yz8i+0bZG6gFp8Er2pfhGENX8Ca7KLwt7f7dw/33kb6MpBCWSc1NG4gEQ4zS
+dO1Ketts1nY6hmwls1aMU3fPmUOBQGvFzA5Di9Hjbqfbb2Llz7x7hRAurh8ci/sv
+pw1wNIb0Cjlw/3v5vTpvCMnK4rrPh/isfUKA/4NAW8TL1wF6ZXfVGqylIGx/DsG0
+AJ1pfPBv6W+CDWlbh2XDjGbuqTWDffM2sa+5D0ohTIaB5ZduFTJArqA+bb4/sLzF
+HVqOydvAdzNdEK8XaZJCqdZ2tfv1weZzrv33wyzwx7wz09kX6/2o5LWQ9r9mCwNR
+s5Lp8J/6sjV6zsUOJbiGIKba2rdvo7SPLygM+T75TCOSAUlNOGjSEDTVrIWqCSe7
+mXDZ5YPBnN/0GKG2UMMpgNobkZRSVeuSb5biNKa7jYFTCh4+gK4gPa4LUGvWXkLN
+u28IndKHZ81ZILg8WNgsgAMhjRc2sXWPsghXJ22xXGMPx+ILKnoLtzIiBEKLLvRU
+4oIuEuNIQYwBJo+DLWW2zxT2vngU7lipH/zTCT7ZTw3uI6TqHtu/PD42NJyeQBNC
+2zsX4jsRKlaEunbKs7uRgwxV/r+KjZHf9r6FCFGhvfnYn5IL9AHcB1xE6VR6qHd7
+9jiUMA60ATCocS7mGGLobf+bnPy7OQf4k8amqskyfmC3hP3q7WPWPEZEhR4wbUIJ
+sQtWjvTJc6D6G2414olgk9hhRi38rrCbWOEHbOW1cKKeWKPxoOUfa/5mozGAgBBh
+02xSMGupni6D5LNpYS2cWe0OBpWxcHCfH6KQU0bkmtgpMi6Q+nOoIcmxjOwCSUAk
+wF0g52PlQC5nEgpBxKa9KGYU/657NFUDC1ao4TVKnYwRkuYUT0QGLNVlpPxf6MpK
+SkDGGm+QM4GJnC7Ot0uI1+tjfARdtgXwzsPLLIP2dR4GO+m5ni/Sj8qObph0yW5p
+TMmJs6V7j+O9SHpPKJt0l8HDSuS10nW3Iu1k6E7KRNgA5iUWvme/p5IMwtxiDmK7
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6.pem
deleted file mode 100644
index c4fdb25d66..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6.pem
+++ /dev/null
@@ -1,160 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk
-MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w
-LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1
-RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah
-b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt
-BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr
-NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE
-6cbcSe7zaz5qdojy0B72dLHC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMY
-cGF0aExlbkNvbnN0cmFpbnQwIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQC9F8qrs0xS57Qn1kibsZC0kS6JQNJyITUgX+oGjw6Y9R6Jh9m5WVI7BwMI
-FsyIDhUK42ZsG9b6hMdQyp5NKHZbYOh53VhWzsEAk3veMZvsEyE6K2Ip6SZO1xDq
-ta7FYY4SF+2S3nw8tyJGqXqNEG4Aob2k+QW1L7UgcsPyrAE66QIDAQABo3wwejAf
-BgNVHSMEGDAWgBQhDLUBdnbTsyqsJvyqpk/y1qFvSzAdBgNVHQ4EFgQUjh+rRpwO
-S27n5VeIDCeT/ifW5xIwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI
-AWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADW1rIN2
-092d2UN+8PysNq18Cl0i7qsx9JbK7SUwreNTgbpyw9Uh7HFYzJwBW9ACs94rDhZo
-iqG0u0K4zLTijCS3ixy9sVKVha/+QTy6YxHFcjLmriX4bfiYUjXJPqmmZFExM3vO
-XMyum0wyXdEc+hbuAj1+6WBRec8clffFlRdv
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 subCA
------BEGIN CERTIFICATE-----
-MIICoDCCAgmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25z
-dHJhaW50MCBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UE
-AxMuSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0
-NjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqRnKex0cxpUb1ZFo+pXGEX8V
-39ndPC9BNFgD6o0pAqBpYd6zlYIIkQo+rpciQ1vHnizx6WP3ulT6unn4w5UhXCP7
-S9h+TKQt6KFwZNXaCASi/VTEgHt5XLrwqjrhCtIDamjCgEcR1L/VS6N+c+SARpEG
-aWQzmao86RmaEKBaI10CAwEAAaN8MHowHwYDVR0jBBgwFoAUjh+rRpwOS27n5VeI
-DCeT/ifW5xIwHQYDVR0OBBYEFCw8vCsEA7QX0lC4KFyI8IP18fO9MA4GA1UdDwEB
-/wQEAwIB9jAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
-/zANBgkqhkiG9w0BAQUFAAOBgQAUW32gQakGpEtbmPGP8WBo5wdAtIRXbRp/VGK0
-zZZzXsoEoME9XCHEOVvWO09Qcu1VP7hwwnaEqgYGWl1ooUih33plStn8ETtzLcQ6
-BhOfvj216EgmZINuLcozCAusomtXZJ9yRHO0uRveEebjOJYPWqqv3zD9NgKck6cm
-kq1Hlw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba:
-        cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3:
-        d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f:
-        53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec:
-        b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80:
-        3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91:
-        55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da:
-        cd:a2
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6
-rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA
-Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8E:1F:AB:46:9C:0E:4B:6E:E7:E5:57:88:0C:27:93:FE:27:D6:E7:12
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8b:2d:ce:68:13:85:60:64:90:ea:5e:1d:ad:93:65:9c:93:9e:
-        a7:20:49:c9:bc:37:41:b6:05:bb:6e:b9:8e:c6:20:5b:d8:6b:
-        a5:76:f7:d1:40:f0:73:d7:19:68:a4:b0:68:ad:63:f0:b1:b5:
-        a0:52:b8:f6:ec:55:74:22:37:a5:2f:01:c0:af:a9:69:b8:54:
-        e3:0a:3c:06:10:23:3c:0b:7b:0d:e8:6d:ad:9c:36:b3:d3:54:
-        9c:6f:4d:c2:e6:35:e0:6b:0b:3b:a8:10:3a:86:78:76:1d:17:
-        08:b6:ec:1e:da:17:a1:3c:1b:ed:a7:e3:41:cf:45:cd:d2:b3:
-        b5:83
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50
-MCBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUjh+rRpwOS27n5VeIDCeT/ifW5xIwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAiy3OaBOFYGSQ6l4drZNlnJOepyBJybw3QbYFu265jsYgW9hrpXb3
-0UDwc9cZaKSwaK1j8LG1oFK49uxVdCI3pS8BwK+pabhU4wo8BhAjPAt7DehtrZw2
-s9NUnG9NwuY14GsLO6gQOoZ4dh0XCLbsHtoXoTwb7afjQc9FzdKztYM=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6EE.pem
new file mode 100644
index 0000000000..4d8dd52863
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: BC 5A 37 7B 3E BE BD 85 D6 14 A6 8F B1 6C 24 04 8A 7D E4 08 
+    friendlyName: Invalid pathLenConstraint Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pathLenConstraint EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 subCA
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIBAjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYcGF0aExl
+bkNvbnN0cmFpbnQwIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowZzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExNzA1BgNVBAMTLkludmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlm
+aWNhdGUgVGVzdDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGDA3e
+m7k1Do5rvpYClVMdIDcvCU2SHLNNPewpFXamFNP7kZlxryeHmk+0HSg4iwu1Xtnd
+t3FQwV3EtxGfZGTtrQse5dozWQbtLh3sPvI9nEFOj6TuktbSkT01Bnb+HXxA13od
+QKj+Y2jJK8CfbzIQHh2JFfHY+rIjFL7hTgLT/IR8juMmaQxLTOtgBv7E07Vth4jA
+ry3Cs99c4F/NSIkLS8jphIbLXsmDHNeW4eqMl1DSRXJjygW48rdnmRLv88mp2HMI
+MNKoyiAyRogziAWD5bVcpnR2aSUgn1yt/hBRxjcKXOMfEDQEJIcMdgvq1oPmr53g
+TfwzCsWgTm0LV/KjAgMBAAGjfDB6MB8GA1UdIwQYMBaAFBRiZxB90jfFcgbQ3n+1
+Fh3Ko3NeMB0GA1UdDgQWBBT9iekRTg+hv4S/pIHUQuasw7wnATAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAfYw
+DQYJKoZIhvcNAQELBQADggEBAIiEa74JBZwpz1Y1MWdNpLE6YVBLeBfNDYLBLXgt
+t7pbeclKlY/28YLMWpACQysthnYfGOdXHOpHusbVbQBh1f1BiKHA8BfwqCC3oQu6
+9bugMmGSab2/UeNylWiIO4C3q2LCuFjNfE04V1Xl3XVMfFbMEPOqFkOhh4U0PuAe
+cYfCq23PRNyRtcYAWkQ0uPujg//EAyq5CVJKn2SZ4274stQVDeVHniaS4vYe+PJN
+lkqAicrYITjOlFmU7UerAN2F7rRcFWbuEF1xz4/vZItbidCdFl3I302/a94nQmzF
+BtoYYNVZPypEd0G2a8s47+mgAqG5leVPp7+GZb9igx2x7ig=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: BC 5A 37 7B 3E BE BD 85 D6 14 A6 8F B1 6C 24 04 8A 7D E4 08 
+    friendlyName: Invalid pathLenConstraint Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,801664664B826479
+
+opViAlS7IYK44zekgL+iExW/Z6hZoZNylw89IwApslwn5EoKViqcLUu15ZaaWyk0
+pvhWm4yQVM7AL/GRpGADjTwZnIvmKvInsVTWXwnW2SVMpCUrtGjXonN3ijInwd3s
+v8vW6eeeg5jGTN/pS7OAVdQ2a63fIZD3eKPG21aWsPp7MhodpVbtW3tzlJsj/e0r
+VqiQ/O3J9wUij+nxolRhBRk39WvaotaYCOw0nNQuTf3/KEbunDPUgyJtorHiFZLN
+h8l7owjD/71KodEuYf37f2nosb1FphAlRsVKzNGbv4cUU0OuxjRhjNuZGxTeHk+r
+4kVO3PMhggubShSz53RSWtYuD9g+0ohBqHdvg2FMLyaRpjkPNN/vjmejuowGPc3F
+l+h4CdayR3MrHMK8Bjoizj3Xoz/FuyqxbyVnU/6td1m5GAFK3wfKju2ylZCwx+df
+pB4c1RJH79O4G6B3fUC+Z2uJ/7fWs0EbNoVgQFYf1FXqjW0IWyS15RqDDdvBKLFp
+a1yai9kCwd+zvHAwpIjtOfBF6w6QsneCKxP/AZzW44wQWh9b05cUNnU8b/07cO7b
+KM6KFOhUF6Zzw5O8BZtjzGSpvWB3w/aXCyrTqmaoc0zR+SqHsN+xuR3gKxVzgDpt
+AoP0/f6kLP6ig/roAWfKVDJEv/Hki6cxpWjEE6rYs2gaHdTWGdVamRaf0OvDF1UY
+U0AzN1AwEW7fSsOx4Ulu8PyiHIHg+EPkb61JgrUzvA8HKAvPyq4U+CettPUZLyzf
+W4ZSqRovjHSgGFnTkqhV5f8RLMveGeyP+4LM542WMSHkKmR7o/MiMOw/hsqpWiFI
+KeJYEiGkka5hh54K9vtkyTpQeNjv2IkXmreJUyZ54ylCCOdQVxhtINfZnhqDZNOu
+XQ9scCs0/Nh5dHDBC7lpFTda+0vCBdYljEE1tXCpHAr75jKONelW/EtijXuWw/Ji
+/57Je0zo+CJ5uxc97fEztbVj/Ie7gudXL2odo1I6FCDiHETdsWUdqxR3Q3qTgLKP
+vWE8hHR9xXRThAUh9wQpe8tHENs9rpuhocJUHxZu1zmXlFMPqpN2ht9w1Hlip0it
+PqwZN05TAa/fMSgkA6ENmAVU3vDLryTHtbyiwRaJ/Kx4u4Vy8qa20Ot/PI4P2feA
+9Y3nEKfrOMf0zwcd6rj6B+5SjHZMOP0F9fCvofmXsTYxF6b7y3PiesB7bPuJSixB
+k2Zbcgiyf9GJFpwG5o/TfQXWJ9f5gEJRBkSlYAgMywRTKWJtzSdddbNby+d6tgRt
+g2iHFMHzmjmcXzNOqIlXUl2QDKtXvVs+e5UNTXu+pXS62WW82gZoxG3Kc5ujlFvS
+yQnt3ArJA7KZIjHaO4jYKh4lfIvWxhvioHYb1x/DAfP+47PwXoAk0fn5NPVtVG+k
+hF4xakmkPBts6QT1GRWOg4gIXTB77i82c48zYLCozMbMsGfXpmidMprQhttkWobf
+A7EfK8NhOIl9mfnvo1ZzPWLLBBHQXPBsehpLaLwn2uiNKHSa4DotclkhRkfQQpbo
+JtXb+kk/KgBB5ZcHwLE5Tpn+KukxV7+tHesdu2MFiNlPZ9wzw+nFOA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9.pem
deleted file mode 100644
index 8b61201901..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9.pem
+++ /dev/null
@@ -1,210 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd
-RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ
-AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS
-icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO
-hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs
-k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2
-9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp
-Cu6s2eBv0+DeibQTg73sQuTj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAt36UX+gq562CFiw9L16IZ/AjJhU0BB9ji/77uw3AfvBGggmikeDq79BD
-yzBFrHys/L5UeXepakX1v+XvlxFjwvc8c226jf6uKEop5KJZDI8aV4byQvc1C8Ol
-MdgZ4pd6ofTl28r1VDkdDt94c7+Gl0CqBo6LawwGmNfSHUWqf6UCAwEAAaN/MH0w
-HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFAJIeLnM
-AVExdH85KjfCRJN+mGmAMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOBgQCm
-Qa7i6335O64eyxJjXl3U2Bw5wN3JaK9t7f4dJAxfOlcblWbbes+Gk12UCYtxTZDj
-oZ70F4IoGU7JQt5CcdB2yQtctPK+X7A3/Vsxjknm11nCn4IhcU7LDkEiSovBGLR0
-KV3NAqQQhr1WQoY1Uf3Ncpl7b+SaZscZ3r35UJo4iw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJDQTAwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV
-BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTAwMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQC3rH58cOqP9U5iyQflKaVyYw+1LMhr3jDW9/Q3aedlH/TY
-iLmT71FUjHaJMWOCO6sAEYMphrRdIUy82rai3iJgrNtJ21uIFOlmjgwgl9amHX8B
-yT+qgiwLs8kzE6NgPYHgLgbKEIqgZ+AZplCt60tCbeGKLR/WtXrxAIgqU+ar1wID
-AQABo38wfTAfBgNVHSMEGDAWgBQCSHi5zAFRMXR/OSo3wkSTfphpgDAdBgNVHQ4E
-FgQUauYRxUFtrRo+gtywXa3yGfFQzgswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEB
-BQUAA4GBADnBidpEzasWbrLankXCoCaeizozu2dGAMMWpbs02cplC/vIlcr0myWK
-noFSuxUuQa7sMxp72p5r2ziJp5pk1gT2KX/kgOYlQqgbJ4UmARGP7er+zIPulXib
-suMShSCGO1xC+fXppdhPy+YQq8a7Mzi7XKqP5su+aTWw/B3a8ys9
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pathLenConstraint EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00
------BEGIN CERTIFICATE-----
-MIIClDCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJDQTAwMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowYjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTcw
-NQYDVQQDEy5JbnZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVFIENlcnRpZmljYXRl
-IFRlc3Q5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxOmk5mQAdlYGqq0qW
-czN6fmOoFbl/XRAhBs0fzOYu7b06yC5QFIdW3963nkjYahDg/x0F2buDbOSNRvG9
-DPmercWLmz3Sar1KgPxqTCQ5XiTZ0t+20u/oYEM+0anic4RKiQNtuF9Ro4U83wdW
-w8ljyEFY255kWP0HVLh8REn+dQIDAQABo2swaTAfBgNVHSMEGDAWgBRq5hHFQW2t
-Gj6C3LBdrfIZ8VDOCzAdBgNVHQ4EFgQU1Bk+MIR/ztV37I8S8/91EZ2nlYUwDgYD
-VR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0B
-AQUFAAOBgQCWb/JZpNi+GTLgqlUUktJuhFQzGNKwQLHtea991BN5v6GnXYtgGZhJ
-T9plUX42APML+l+b1J6DzyJYlrIw6EXf/1ZtBf0YzmNbJ7robzIjx0+3/EHFeOZ2
-B7X0aaJ6+tt/sgGcLueuSG2C/6j8cnWbKJpAzzocI8hklIO+EWdRWw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0:
-        af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0:
-        11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3:
-        5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58:
-        ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd:
-        08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16:
-        1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78:
-        fa:7a
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn
-gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d
-CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA0
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:02:48:78:B9:CC:01:51:31:74:7F:39:2A:37:C2:44:93:7E:98:69:80
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        44:34:f6:c5:c0:16:f7:24:42:33:a8:e4:ca:74:71:94:76:93:
-        e7:4b:7c:a3:8b:ac:ae:11:ab:46:94:f6:0d:88:b6:e0:96:1f:
-        ab:04:6a:92:b7:6d:4b:aa:6a:b0:13:58:58:a7:7e:06:de:c1:
-        26:d4:09:e0:7b:a9:e4:dd:73:da:b0:cc:a0:61:ab:c4:c7:cb:
-        c2:e1:66:f9:f2:2a:c2:c9:59:5f:05:c6:74:f8:bd:bb:92:24:
-        77:12:34:23:7d:95:99:bf:35:e0:6f:cf:2a:b6:19:29:9e:59:
-        d2:0b:2f:07:44:25:66:6a:e9:5a:ed:7f:99:33:b5:3e:65:69:
-        57:95
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJDQTAXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFAJIeLnMAVExdH85KjfCRJN+mGmAMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAEQ09sXAFvckQjOo5Mp0cZR2k+dLfKOLrK4Rq0aU9g2ItuCWH6sE
-apK3bUuqarATWFinfgbewSbUCeB7qeTdc9qwzKBhq8THy8LhZvnyKsLJWV8FxnT4
-vbuSJHcSNCN9lZm/NeBvzyq2GSmeWdILLwdEJWZq6Vrtf5kztT5laVeV
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA00
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6A:E6:11:C5:41:6D:AD:1A:3E:82:DC:B0:5D:AD:F2:19:F1:50:CE:0B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        42:5b:18:71:be:d6:f0:b4:80:f6:33:3c:cd:99:0d:26:f3:90:
-        70:42:44:f8:f9:61:72:1c:b3:91:02:0a:14:55:67:d0:1b:23:
-        06:f0:90:76:49:c6:82:23:70:da:3a:15:95:90:80:aa:8f:0e:
-        fb:4e:5b:9b:66:38:21:14:15:c1:65:71:1d:e5:b6:90:ae:b2:
-        7a:73:84:9a:1d:3c:f2:2f:65:0a:b4:7f:52:90:a1:1d:37:a6:
-        24:a8:7f:5e:72:e5:1a:8b:89:31:ac:dc:0a:3a:d2:15:7f:f5:
-        97:f3:1a:82:d6:fd:74:b5:92:0f:d5:d3:a5:74:1d:a3:7f:62:
-        1b:c4
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJDQTAwFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBRq5hHFQW2tGj6C3LBdrfIZ8VDOCzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQBCWxhxvtbwtID2MzzNmQ0m85BwQkT4+WFyHLORAgoUVWfQ
-GyMG8JB2ScaCI3DaOhWVkICqjw77TlubZjghFBXBZXEd5baQrrJ6c4SaHTzyL2UK
-tH9SkKEdN6YkqH9ecuUai4kxrNwKOtIVf/WX8xqC1v10tZIP1dOldB2jf2IbxA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9EE.pem
new file mode 100644
index 0000000000..6588452f7b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidpathLenConstraintTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 55 2B 38 60 25 2F FD 5B 4C CC D5 AB 28 A9 1F 90 7D 80 0E 2B 
+    friendlyName: Invalid pathLenConstraint Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pathLenConstraint EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA00
+-----BEGIN CERTIFICATE-----
+MIIDozCCAougAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEmMCQGA1UEAxMdcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YkNBMDAwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx
+MDgzMDAwWjBnMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTE3MDUGA1UEAxMuSW52YWxpZCBwYXRoTGVuQ29uc3RyYWludCBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANLGB2+a1z3R1ROq3nfJr1wwDsswYFEnvsa/Wr3TmkHChPZaiqssCUawxeeCR1uu
+FS9X+Lt3CTROXKQ0G3GujkpNxTP+tLTjzSIRUOaxcyN8AipiKL3wwBGm36Mvy5Nh
+PGCOuQnvqpysvKtV4FOt+zlFZRpYnFR/Qom+v26vwECAPKmP86Uxs7o0umgUJtDd
+Sk5ihTMqD/aZ+ig+dCze8Ornxe3fS6NrnnvLWKSB9APN8CI3q2DWaiN5HtSU7la3
+m39Jzu/mPD2tEwrqJr9GZlj1Wgy3a0+zbHjiLYVQmXVcyfsH7LrQzXGuEMc1WKCo
+5KZMqejlnBPgeVTs1fNFa70CAwEAAaNrMGkwHwYDVR0jBBgwFoAUurniiPfUWSWK
+4ynfT6AGON1xdIIwHQYDVR0OBBYEFHkjxiIM9f+ESDif+mKJj9uEIvlSMA4GA1Ud
+DwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEL
+BQADggEBAFDUrcx9Aq6taCu2kipVTgU4GQ9gJ/lEwCW6LP7p+D5iRJZsmXpXHIw3
+YZDBgxGXJXHzUFzeBbySLu/lQfabnq0XcLViWhgi++Ikqr8MPxoqbUvQH412kdbe
+b2Rf90fk3Mu31VrIBLbEp6U/h0QWWWPKJGcY+Z1jgdA14m3b1LPK7/p1kfT1yb3/
+cTtmliG7wzcWsecmK5xz0irZrywun2yWQhcps5g+lhMcMghogHKEmN0XnFqgL7ta
+beXQ4GEHuyyRoRuXrh2QMyDkFgr+CyqCbEQO3UKbvTQD1Q+jPkYpApi58UXxaKfa
+JTfJg896LS1hDrZG1R2AOrhUFidhPXw=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 55 2B 38 60 25 2F FD 5B 4C CC D5 AB 28 A9 1F 90 7D 80 0E 2B 
+    friendlyName: Invalid pathLenConstraint Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6432CA2B85F30C35
+
+Mrp7JsvXVS28CIPmVV/xryGbHQaaYvpQD5Zir72ldbioSc05c1sI9lr9wADmtfUI
+clvXPryK4pDNdZnZD+3yhDotv1NYAYBOk5nVsDgzCPu10XSPKs1DmA5OHFOF6AP8
+r2rlSm/boRxnhVG1GupYpYRpPjDRU6ewL4ionfr1E6h5Dy3v+bBFmxynqmp8pbWI
+60YeRDYddcMurKQdfUul9uDnecFxemlJzSSWMX66gURg+T5iafEhG4mwM6mM381K
+TMnhKDqEaVggI61vHerdNc0L0P+tJ4fPsbu+2rIYYgHi8Qd0LKbRIOiGFuA51RrM
+MDSLi8ESPP380fhzm/YQ9BruKA+S8ZkWLnRH8Pgz/3pfIAbMWeetCBgoONJlwu/j
+8Rebetn+d44v/1Mw2Y2FMYjLyjjRrn5kJ669iswBqpo1yGW9TH99fIpHnK8UY/yj
+0amWiBEoLoRZ1/y3ipmnc8nXBHZS9Pz6Z1cfWVftZ5roSivqx5+BF1ijvyBoxGho
+wVZVyq2FkNEJ+27RdY4RyVUz+mhEIlHCelqd1MH61espsxKjX91QSjLPmqUIQTD9
+bemzzG/gK9yD5iXl8Pdo7tGddKSDCxTYMpo3Zb1/4aOw5NWrh4g22Pv4CAojuhx9
+7NIh09xB2XrNg1WrTU6t2uulh36rQCUysc5i8TrhmY0f/KcIKaUFI098fzM6WmjW
+x7K/qBuUmccvcCLPw+qc608Gh9IYLhuZXo1GV0tll506+mycqW4VWU9D7IHrUIz0
+nrp6Qx/zB1UzjFsSZkk10T5BshfsGbgWpsXNM01QsXPQV3VXyrrpvFfCrO10BDpL
+qxAxtLvvhIR7un50IhxlpYJuk2LS8W9yhdkk3WjIMWtKEHICOKl8suGMhQn/wtSo
+f+7S2BSkPc5hTBc/Ikijqxbz63RzF94D7mMHFiVQGYwXXS2pEiLmyeK7DRPoZYCA
+LzNOXt9j/fXU91ZVnrSIFrwk/QNklnIPN0MO8wAFZWEDr321GFghT1izNulkyLJT
+aaIwaFj+ZDXZJS8iu+SAcjggJPNYdobAhhj1pfq7MVoUuSSaTaSdZQtoXRgA3N58
+fjtV4g7evqF78GVfuNC/mI3bW+lzlkB8lunjpqLx/GzWIzugVWa4ypi9AAgl12BJ
+MYXMWyNGYY1xslYrxDwOs3Aqhk33JMS3lEKP3DpaytPAabPDjJlfEOpjb+WPZBgP
+OL3oDdxfrZqDf7vzDkVknAWuk1kvgEn5fgj0uYVbVLeYZ6KUtDbtejskB5KQ+UUG
+VTSvr8md2DZD/4aZfVLABCIuACgNuNjGOWiUSKH7nHrXAqGtMsffOw9JAUJty3V9
+djI3JnyIYeguktydV/VTyHDhDfG9eXv62ifx4QmRuDTVOW8WJmMN+zoFiHu5kdSR
+UaS8oknmc/7ltHdf2wjMaNdsLJKBC9MPBxxzDNWc+aXq/zaO/Ka5HqGXWsJlHDQi
+TJ0jelMY/4jCh03wUbt2/JHo9+SzDEGmaHwdlgon/vJ9SCzNZ+IL6limnAA5nPHr
+p3IP5Xu1iJXD70rJbIZdZCN/2iibX5mrTx9tcUT1ArqFGVPtaSBzvy59BI6oWHZH
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12.pem
deleted file mode 100644
index 2f78fa8423..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pre2000 CRL nextUpdate CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBDzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcHJlMjAwMCBD
-UkwgbmV4dFVwZGF0ZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlMZQ
-vRTxm+l3FRtimp7Exo1NygL3qQsF8cpvpQMmM4S+vWWIQcZPBAGfTi4eW4ubaKOh
-UqzxbVtY6R97mA0Ng6GHXIclN5ozja/xJdqdIOz9CsB38IvgyXTTQv3kF7nch9Ir
-xAN+7Bf5oWOdRbN6Y+i5iDHb3j7f3r8EFtXX+EcCAwEAAaN8MHowHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFL16NgTVXQmVv12uq+yk
-UWCNJq9WMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQB9/jemk5S7bYWeZC4Y
-bzwXzQEjfRTlrJ5xIj/cOAWG+BvCzeSkaoi3hw+Ltt/T571j6NoAQu84Mx/Jwbt/
-zNBwu4iMmeaeU5GM+9oTVU8JTOog2ZPGR2Yn1luPQv5LwbPE+mysPaEsM/mTl5cM
-OMB0yUOD5/jo/76IJhN/M48tvw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pre2000 CRL nextUpdate EE Certificate Test12
-issuer=/C=US/O=Test Certificates/CN=pre2000 CRL nextUpdate CA
------BEGIN CERTIFICATE-----
-MIICljCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXByZTIwMDAgQ1JM
-IG5leHRVcGRhdGUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBo
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPTA7BgNV
-BAMTNEludmFsaWQgcHJlMjAwMCBDUkwgbmV4dFVwZGF0ZSBFRSBDZXJ0aWZpY2F0
-ZSBUZXN0MTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANBocZCE1yNSbZiU
-rcH9R8bB0cZERzxNK6g7d9v0tUsmbo0Gk2JgSaKG9vBnOpxJhJ3hhSxNmpGpp61Q
-QlGo9louMi1AzibkrqOllW+FgXQImr89cxEicI9taSS9QRSIIKPW3kF4EhuZp4vR
-SksCSxXsghAsSWeDqx9CQG772BiRAgMBAAGjazBpMB8GA1UdIwQYMBaAFL16NgTV
-XQmVv12uq+ykUWCNJq9WMB0GA1UdDgQWBBRtKwIpcpf5JIosL9wN9VKKwAiAWzAO
-BgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3
-DQEBBQUAA4GBAIk3Dg2P1RArTBrVZ/kPeRAld8oPoTdmer7YAloo1Zavmcm5Fcvn
-WmJfONAye0p7jsYSkv6HMK3DL2b4/KEnEDB/Ok9CLOdvoTtptk04CiSXOcQcP9uK
-NY3uZgZoTo2O/lBe6KwA2apKitWtaHf/2Ig9AGhPvMBWtiDmgvpWE4T7
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pre2000 CRL nextUpdate CA
-        Last Update: Jan  1 12:01:00 1998 GMT
-        Next Update: Jan  1 12:01:00 1999 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:BD:7A:36:04:D5:5D:09:95:BF:5D:AE:AB:EC:A4:51:60:8D:26:AF:56
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        3f:41:4b:5b:b5:47:1a:77:7e:2a:87:63:65:06:9e:f7:18:96:
-        8c:41:41:e6:9a:4f:45:91:ed:dd:8c:b1:d6:1f:e3:41:71:70:
-        ed:98:51:35:e2:24:bb:cd:26:8a:c9:43:f1:4c:58:43:2a:31:
-        5e:94:a5:5e:09:93:dd:a0:f9:d0:1a:c7:fd:d6:8b:4d:4c:6f:
-        3c:d7:43:6b:b9:87:8d:c0:fd:f6:5a:a7:4b:f0:74:01:23:fc:
-        61:24:fb:3d:32:5e:f7:fd:86:de:52:3f:09:2e:b2:f9:b5:99:
-        a2:2d:96:83:2e:b9:a9:99:58:fa:c0:e5:5b:8b:15:fc:0e:d0:
-        53:32
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXByZTIwMDAgQ1JMIG5leHRV
-cGRhdGUgQ0EXDTk4MDEwMTEyMDEwMFoXDTk5MDEwMTEyMDEwMFqgLzAtMB8GA1Ud
-IwQYMBaAFL16NgTVXQmVv12uq+ykUWCNJq9WMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAD9BS1u1Rxp3fiqHY2UGnvcYloxBQeaaT0WR7d2MsdYf40FxcO2Y
-UTXiJLvNJorJQ/FMWEMqMV6UpV4Jk92g+dAax/3Wi01MbzzXQ2u5h43A/fZap0vw
-dAEj/GEk+z0yXvf9ht5SPwkusvm1maItloMuuamZWPrA5VuLFfwO0FMy
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12EE.pem
new file mode 100644
index 0000000000..29dac9a077
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000CRLnextUpdateTest12EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 8E 8B B7 54 59 56 74 8C 94 BD BC EF 08 63 B2 EB C3 32 D1 25 
+    friendlyName: Invalid pre2000 CRL nextUpdate Test12 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pre2000 CRL nextUpdate EE Certificate Test12
+issuer=/C=US/O=Test Certificates 2011/CN=pre2000 CRL nextUpdate CA
+-----BEGIN CERTIFICATE-----
+MIIDpTCCAo2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcHJlMjAw
+MCBDUkwgbmV4dFVwZGF0ZSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMG0xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMT0wOwYDVQQDEzRJbnZhbGlkIHByZTIwMDAgQ1JMIG5leHRVcGRhdGUgRUUg
+Q2VydGlmaWNhdGUgVGVzdDEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAyYIKZ04nGTfv/cQgZYw9cORsRCow8lt4l2dL1MVPp50YW8e2yqrhPsjPSJUu
+7cYDAPjXJuBo4qSs1tIpRPU2nafDBsCNUFLRX7lpYXCMwj9yh+70SMmqlNION6Rd
+wLpfGWAH1I/TJ1P+dFctMBp4LOOMZ6nBTpfUfFN3heMmRYGj0XWn4uCBMzMMb0Vo
+HYCinO85FZ4lDAOhrz9hTgsR8GlzipckTmp8/xaTDCtRy4BJXz7gq1hTbGWJbgQZ
+eM5BKetvQsQLMnD5BUtv19lnuLpwt9OPggLQOG/oaMBpTjeri1pjh+jwQwJ7TW2z
+xgIw+ACnsLtZLNG2zNIbkX2u1QIDAQABo2swaTAfBgNVHSMEGDAWgBQeqEecYYBo
+KLFCmimM5igDKZIDzDAdBgNVHQ4EFgQUKCyOURD8t5yIKmvuLGs/+HtieYQwDgYD
+VR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0B
+AQsFAAOCAQEApdQg4JH6mV/wuIWWYaW5mPskzRye1Y4o2fpaX04xvMMnOjhEEOkY
+WmuwByb2dnjP1jYmqUxJJGEzDGuX3GEZuPmM9V2jicHv/SCn30vpQjA5dSo59Y3k
+7VOqInWTvmVX4YA8KO621BUZ0/5bZpjtXdqVLRDO/WEUIeS5YzMufnJTbhjb9Nov
+kmNOAkhOfyN0bTaInfm0p0RLfMOB0Remb+t3HUcQUNQh6dGDo1Q2EK8HnFvGMD7K
+3jXEyeiXeP1h7S+FX0MNmDdjlE9IQV7fbOJEdS/00fTxn2Z8aEGjklWusNfmd5Bu
+IuhmPZjMRN1yOspse7lJDPtVGCRpYlTruw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8E 8B B7 54 59 56 74 8C 94 BD BC EF 08 63 B2 EB C3 32 D1 25 
+    friendlyName: Invalid pre2000 CRL nextUpdate Test12 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CAD3CE9838B0CA00
+
+pehCDyTDvbCXH3cQ1BMx4e7zOorF53pZeabAY9jzVzj++tnGRldIwbxecWmz/aLD
+XxLdRr68T0MUho+dcWIiA5OgXbYawu0HUt306xopcFooaXLcudFHBnpWHy7hHBGW
+Ayq63RkY7WpSVNY7vANMZCOy+CjcL8ruQQlvrn70gRlbsIsC3aDTFtk/9ClUFDF8
+HcUC49ie+oJblqL/PcgdUjid3nxLPfX2QWTdmCxCMdDX5SUNoqbnyrWsEdGh2qr2
+mqtJTOTTFou+qIffCiKFWqVIQIU8AcS06cPFXB7hDKynHNrEiAVruh3w8fsb3ks4
+RtWyHiT9aqZW7siubZO3MAviRobczeVEP5V1li6BTWXQI/QK2H25Fh8A6IwsMWkP
+TceuS8MAcwy1y8oSzEkpL7RtnFyDCctY4AygCUYcJsShIx3yoCxMqwEHJUcw02YM
+QqhZsAoIxQEuGHAhFEbFzpbfBeQLE4rL5qx22WQtbvldJwtwsAGZggrLJD2SJg6+
+iAOf4RYoFnNMyeh3j7ajvRr3CUIpTRwNhdkKcTlwNtZSm6V0H7CGtbkJsFcaKF1/
+TEnx2hIT0YUylK4z1zmgtWJOH0iJOXgEbEHdENOckak2MnXSK+x1KNBcyg2sRi0x
+aAMSZKWFNNXkjd4MUoCaqNUgaEeAvgzGGWSvcKaPWAypRxrxwVuWI5AgDbPiKLdm
+jGg+YNaWZiPMuJztgFOHTdI45pSxJghS1NioQpIZPbYtIxPstd7wMgPdPVMo5wLI
+GfMAxDHYBui+6CjYPl7/OCFfGFIdL/50zoM70LL1i07eOXMMuzWmexy0suUBzkrr
+qnLP9eG+EJzgsQdb3/1MtpNHUcRnHIkV7AcQiY1kXd2VKdjFMhqPvlc9vsT8dI+Y
+M8++Pzl7teyjAO+RMmtK/rt+rlmaFJxLc/qYIz/1aFI/OJ1neZfq2rQ7+srfB0Fa
+bcFRgHKcH2nRDOOwZn7Ov6phu0IdZxBDOtMLiETD1mUL8242vfGkwRdrvg8RfwSh
+0MtRGojyejeGKYzzojNxejex7tY+VC7OOZLmGj5GKCUQpsgsE60WaV14AHZ5K9Bv
+pRRul87VRoOIk+GUnK3u+taFu+6DyGiGemU4OUN2LO7KMgxdg1+Ib6Xjl+wKjCog
+5FzVs65TnPStwks7xR4vwr/ZfZ8xIRqoUGkpuXeGORwZu5OVtN2V9TejoXRO43Ip
+8BWteG8K5XHBmV8p7dkFrlM/p4kvYn3VEAibQpMJC6M7CkBhHGFf2qDuVY0xHxwL
+RBB56OkMb7vAnTzjuPgWPGOkBt9i5tS1DZdE8tcG/mtDi9rLuoER7PNbgOGZ9Mcl
+fST1OapCef5m/WVEirMbKwVq81XdbA/FJM5XBHPyU3WnEjZjwYwfmUDF5ifcRAnH
++MJGhr/ge68yJ5TwueyCMrtshNPAKsdW7QEBw3a4VuWNCqtETBTA0jcyaSIxH3ab
+BfhoMOaawdOz6XzCyr7UVRTtSplyPcVsl2ES5vuGXm3L4/zisiEbwJW3T9enE/oQ
+aVSxGpJPzqAmm4i8Rj+QFTgC1m6j9w5W+vx5cfwHGPWzUJAI2socqQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7.pem
deleted file mode 100644
index b36583cba8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid pre2000 UTC EE notAfter Date EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBBzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwIBgP
-MTk5NzAxMDExMjAxMDBaFw05OTAxMDExMjAxMDBaMG0xCzAJBgNVBAYTAlVTMRow
-GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAGA1UEAxM5SW52YWxpZCBwcmUy
-MDAwIFVUQyBFRSBub3RBZnRlciBEYXRlIEVFIENlcnRpZmljYXRlIFRlc3Q3MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7fxx2WFOac683w9E/iwLeqyFtr0OO
-RdS+onLEY/+HO6DR2uuIPEkhZ8MwxAnnLs+6tichSMDs3WUijbbI0KTEulpVVGVz
-D1Y8zI7z7TEWD1B/oB1pSot67IosuyjfSIOMRr3UlQHRonE2nY04nyFUfb4yYE3F
-GlcCUdTLgIEgSwIDAQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPf
-mhWUxzAdBgNVHQ4EFgQU5KvHTN9wvcrF55wNiarbUUzd0tswDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAW
-bdxkjCg9Ra6xo4ngUHF/RWRpe2353pvN0p32EjVjMyKTe1p3xZuFzCM9oi/PvMT+
-DlqUJpiiJJa3pDXT3Kh330VeTOYLPaAgRqxqm85gUTM3K+/1aHYOKNzbZCy6180y
-8ARB/lNpi1PO1KeJN1DmmeBdDVuRGte4wUXH+NSjpw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7EE.pem
new file mode 100644
index 0000000000..3f996e944d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Invalidpre2000UTCEEnotAfterDateTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 58 24 DA 1E 4A 09 C5 56 FF CA 11 8B 62 00 BB 7A 00 91 93 90 
+    friendlyName: Invalid pre2000 UTC EE notAfter Date Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid pre2000 UTC EE notAfter Date EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAgGA8xOTk3MDEwMTEyMDEwMFoXDTk5MDEwMTEyMDEwMFowcjELMAkGA1UEBhMC
+VVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExQjBABgNVBAMTOUlu
+dmFsaWQgcHJlMjAwMCBVVEMgRUUgbm90QWZ0ZXIgRGF0ZSBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ8k5yDE7wMf
+wlOhyZcxb9+PlGIC417Lq+G5CDDQQGbytGuZKYQR3+0AhiEUO7YwxfIeOtE4YOBl
+QsZsPUSOgSCb2l4s2rbH7V5QFfRcf8f3RQVDjMqhFXvIIWW5uys1poKMqXVDLw3x
+g3ysL2kVl/zORmqI3obmehIa2m1EUHR3jY++I43rJnFUsTvTNGKsE7HLTpkLDABH
+wptY+Ztt7J+sMc5w/pXweCkYLSdulazQ0EKwjDdmWS4BE/3CLIeQkTCB/CTkkseg
+dHPaD18xeV+4LLjAB2dsAmIwAnRiI+LouvCaF52pVBedX5cg6xMPTz1XfLzX3SkL
+3hj4LgUtuJMCAwEAAaNrMGkwHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2lEHIUUfWv
+OskwHQYDVR0OBBYEFNUChZ5TMCZHiJZ+TyOTFmSU8xivMA4GA1UdDwEB/wQEAwIE
+8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBABiL
+KJrH+iYNkDzEmwMr9Iebl4gc2uzCObyDkbaQ/UeuxbCvfUm3x1vYbty3HNEKp+tY
+JBXAEDh2GbHU1cLzhP+tNTYQuqgWzE86ZOKWLYI7wUkezHwL00wtOYI8RQfAScGV
+OySp2qwKgeKjXUAd/BVa6FVOzXkHavXNy903ssmko4d9sD+yb9FFY9UrlmIhXewl
+lR2rcUDtHT0dH5PJf7arPoGTRoePSFWeY6D7IBNuXfuhB3WEj+UQzzoANelmavIL
+VwM88Eszmwmofr2sbWi16b6z7XAKbwQm7n4hrwOd3vYTO/zRM0KBB9Y27p/trFLL
+6CmNjRghrN1erPNL1Z0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 58 24 DA 1E 4A 09 C5 56 FF CA 11 8B 62 00 BB 7A 00 91 93 90 
+    friendlyName: Invalid pre2000 UTC EE notAfter Date Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,58E9AEEF18E0642F
+
+lAF8yCrsPn67Fka1CA1NSaky16Uh+B4zjRfG3n3kKiqTvKJvLsr5AiQ5jOUlqQMk
+udlOGVTmt+XcHhAn7FLBWhS36aKrx3KV+YuHDSYzfTBjXupj3Cuhc2mQ9EMLmPj0
+MkcV08eg+Pp6IjMDouzq3+pNQljkBQjA3zNxt4ZXJ8xBiCugYPcIojRBHq6xWX9E
+Lhi6JnkjZzpC9VW7FCbFM7xIcwWCfl2mbOZ/s8E9gkU+nZLqFC8dCf/ZZGuLJRaL
+a6hHfVUvUSiMDJSPvEkx0TnUGQ/BHnwUuol/ICnFYesRSJsJhjAyy/AtjiC8nH+0
+9wcas1x+R2mk9os+EgewtoY1RZ4gO8Ug7JODD6NkVAaRAlUXABdWV8tUEnpNfhVR
+87XydAEmHUaK6zHyjIGZOTAg4uFd3Fd7vRbPbBtMI95d80eUYIBq0ETBQ4P37Gxy
+BVU47cWMWNsVKbA0g9LkGLOrfuQZ0Pv9m0eDV8pG8sumOE2HuxPoPFNRnTmhElCw
++sWX/i9/vDuyE+ZaCYvsyGrjwRouenzqh0J+eqwfVFOy1KGIdTVR6/VP5+IwPrqY
+me6gmDsgqIn3JxJ2tTKXYgK7yeviRJII12qLNfxute0tpHnDuOq+LUeZJfZh9QGW
+hsKhprgmq1R7X2dkG+xshnoJIHN6fxB30ENOON4fk58KlQdzaZLwtL03vq9jixBA
+LmFbf2yJSUsbQDqFDcnty+yLFbHk5fyla/LV2SY0n03TA1HjcFHcdkhZRPo3ZVnL
+TO0nRM+IWHuCUNG47tR1GKuykxOxMZbRWOI6EOGUWxx27iIDzRWeqv+Aw8Q+zsf9
+gIO2oZwOM+6yPrMQCuZViVtDb77b2fMmxMd0CFTNdYVFJUjNrTuArbO7zBPydJQG
+3LfSLmHFNiuLpE/mR0KrHMiRTpeQCdYTj2cemXo/mG7sATWQyBD7Gb3P5UoG07nU
+S9yy9y5/p2Dw87wuHFBY7oMQMX/cx0SPq4U+8nPoVYaqF2qhk2IetAKosyZm8/94
+IoSAo5KTM4OOZmkzICCIRn5FJW36VtwIYJYQ7iMyJXTHYzj3aBe8Zt3lBfHs2sVq
+ULr3jh7gsybyJ6ZLDA5CZBA/nZbsEp9a+fLxpaxGNLskuMy5Q5qdQg+p73VxNT0Y
+56OzvezZkvxpJuLPtHjfiQ9HpHmRVHIFPQq9ivnpTdecqR2jusxs24irbJzK34Ku
+tuo5u7AgamCx5HuCnSiKl3Z7HiXmSaL9d150TlR1S1M1yzI5f2sdmgH+2HJEIY3b
+qvCN5bft1eBrpgA4bfsp7uG6M/B+9cWtPa20HSJhNgg7G5A68ZlkE4vuo+0XdxEn
+KVoOrTi/juPJgS4wgp+l9uoWUkVhZ0bbDo6fo8GFcySnFOP+Sb7S/28KRa6ycBCd
+H9i89IjSkbtkBuuHRZwsy0wNOkngjyNKR1PVgiqRTdJQlCS7VZlEwKqMJUVKU73z
+ndkJ3ONBcy6xAEQDacZsZ+TWTXaz8jsmwWXlmwsDUyFHNHmQmIBuyBCQNF1kcr3u
+qHnLtCYjzFrDWTmZfQiR3IiThQavp6Ke5sP1NkNAS2D/VaV5zVzeGw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidrequireExplicitPolicyTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidrequireExplicitPolicyTest3EE.pem
new file mode 100644
index 0000000000..c562f99fcb
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidrequireExplicitPolicyTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CE 60 90 80 75 16 2C F2 2F CE 0B 9F A6 C2 D5 98 11 63 61 44 
+    friendlyName: Invalid requireExplicitPolicy Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid requireExplicitPolicy EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 subsubsubCA
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMicmVxdWly
+ZUV4cGxpY2l0UG9saWN5NCBzdWJzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTswOQYDVQQDEzJJbnZhbGlkIHJlcXVpcmVFeHBsaWNpdFBv
+bGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANHpR/YhLPt/LkhU/hxCFZA3Ug2vdqoc9/PCCQcOHh3ZIZUPP03T
+k023na21kRQ/hNBFJYm89nteKHb/f3RBBYsQtA1tHa0BfTWqesFZavNZF4PVwLpM
+xTkJcxr8sXS6xX+SVIsEGkXgZF7zEo/SJ8Nk3nnP29uQyckOLlqF9c16D95JjlVw
+7WAu+1B+mVJTIsztDkj5sPYzxYvvLLkRmE3noJgpoZ7HqMYB/mfocfqH70PsrXYh
+ldQtkCjistQbF3uem8OEW2l1V+cWat954VUO/YzT1c3yqBD2tsJ28bMOadbkUYQs
+RDEQYfXTpCmxAJa5GFtK0mn/N3k5CCjZ2/UCAwEAAaNSMFAwHwYDVR0jBBgwFoAU
+FLvRJvSegTyLDhLP2XsVsizcoyEwHQYDVR0OBBYEFLIISgVhaKmQrx9w+bAv/uKa
+AXJ+MA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQsFAAOCAQEAVz36vPv/Ucy2
+1a6sbkX49qaUfqge0g1K3YYOMRQy3WGfZlnXkbc82SkvgTOdzMBEIGmxGLrC7vkb
+123Rv+nc6u2G0bninYms1u7qcLaGffjbtwEQxnT160WUvfRFkQnIx12mgkGmRS/J
+GKcCKzQzLiiOwRwxjEJ1hJe8ZyrLlNa0BdqG1i9UrBzGzIlF8w1S/ObHBhH28wVz
+b6gbo1HMT+I09piqPOjDsZF8Zrzsa3fn+uGfGZarNHeK7oJlKoJDYWOG579cxNXF
+YDKFJ3UghQcXcZWidGIgFfwaW2/yFt6y5a76nb0/1l3CF0G/xkuRI2IROptfdsh8
+o5ZpO/ZJkg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CE 60 90 80 75 16 2C F2 2F CE 0B 9F A6 C2 D5 98 11 63 61 44 
+    friendlyName: Invalid requireExplicitPolicy Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0A7DDDBDFB3C29E8
+
+RXGJsD02CpUery7PuNN0bVaL9DHlNl12r1u/82Rr6sRHIFIVlgsK2Y4kWV+vsUgM
+HR8dDB5B0IB6Zh9PnVnc207OIRin6jaIule+TGaoSRzYtzXZ7F8IDHgQ9sTHJtRJ
+fKDNOhnZQg4w2LCjd+c5rN/z5CxGlvpZvTSBQCx6GoDz2EBufXzb5su+Jk93hF/9
+wP79J/blG39rwpGEiSs1pXhimDG7xp0HRcLtCLaUxBYpp2ap6WFCnWxgjg9fkbf4
+kYOW5h2fHOf+zbhMO+gd9KPsjimfLt2WJHYBfRKzCr7rr2mIf9NWbo3qFF/HfDdJ
+8SedRm38gpJhEMDiZfbXEV+SPkoX8988aI/3nSmfA8aF5MgemZFV3hzLtIAAPCOP
+/1l1ft0l137kbRZTT8AZVDu9VD4M0SUdGTLLB6mHu/XR/xsKoE6SEEAFPEZLMBmH
+ws7OXerisFualPwLjQ13W7Uer89fjfRX8/oPpLvHRLLFcvgVuAQDRNmQ+L1Hgpuq
+0QcGyMVHxFfsML6he9yyxB+pX1hUBGMwSv+BwJsdaNnklcWuUR53GfD+gBOZ/77e
+Fpq39ZozWTP7BFL0EwR2V0D3RaUuBJrW6cGdHjloHHGVMfuqsoycxw88vW5oVxDY
+bWjJPJipt0hi+ZuWwIvHq9CfbzKuCDoOoNZllrKMbAt3lkbpbwRXzmifod+ueVY3
+OODQL7waiyRuyfWfxD0vL8m4SMBoOYWQjFbsDRLedW8TI+CsINZ7kqzG5Nm3Rho7
+O6UDK2vdFHIvepnmlOMBhVD+/6KpJWzOzonp5DTBhxlsOgwebzRrbI2oxtasIzYP
+DNiZS6uuLm9uJ0ZcD/XFWfxygYVAgsH+AZtGIdGVhdEsncOQIEnO9dfSbcK+42o/
+nhmuoYEbNC/DzhtqPv0Jo8yH3tXtoLUCGQvqbVC7yheMYBfsBNHsL+v5Bi88H4kU
+Uwkb18o0NNvUhw0AYE3Myp1+Sfd0n8L2a4Z+jb5Doi8KTNtKa1nwJztJiUryjc0I
+zt+MX9+whCZPQtUM7OtGXZ1dlwOTjpYfQ754JdVxTYDb5AjzeA/Uf36qeRSJyTBw
+a6w23vS4br6rgqGoR1GNqpTe8QjcpA43tSlfx7Tg2MvHg54iSOMYo3lvqmmWiJOk
+qCcPZ5uj2B24BaRjDQxC9mIJrm2VnIB1/7Vj7rnXuNiKCc6L9dr3SxHAEFb0Qa1l
+8fUV4KmFBf4J/gDmviEbJz646xq1aN6RTzeqVEV4MpXdpndNu3vYfEnw7+houjGI
+alWNvIKidiz9/yovyN77F6i2DeIJ+EFnsc1xv+v96CASKXgFxPc4f8gGpdO5LIpX
+S72QE4Tw+jFi/o6VnPvVV/mhKllXksiqoiZr1X9ifl5hDbl+bMfqTko3S+pbk1Qy
+spEkr0ro+DpVsoKo12shFG5DV12Ic3dP3/mewj50TU/2VvmdIX3mMxNQgSd4P31+
+0T7ZoKq1RSBGeyMCiQLpSKWZNY8XipikKGkpO1vum5uOG+loO5KwDPSl/xRi8s6v
+Lqek+d/A5sixLs4R1EP/MvdEkQ8O95p9/noM3sgsIh/ulbvrrsWR5l7g9XU6moaB
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidrequireExplicitPolicyTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidrequireExplicitPolicyTest5EE.pem
new file mode 100644
index 0000000000..86b197c22b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/InvalidrequireExplicitPolicyTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 10 D8 85 4A 0E B2 DE 50 07 79 D8 6E 26 09 C2 F3 C8 A8 D0 CE 
+    friendlyName: Invalid requireExplicitPolicy Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Invalid requireExplicitPolicy EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 subsubsubCARE2RE4
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTExMC8GA1UEAxMocmVxdWly
+ZUV4cGxpY2l0UG9saWN5NyBzdWJzdWJzdWJDQVJFMlJFNDAeFw0xMDAxMDEwODMw
+MDBaFw0zMDEyMzEwODMwMDBaMGsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMTswOQYDVQQDEzJJbnZhbGlkIHJlcXVpcmVFeHBs
+aWNpdFBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAOKog33tBMcvKLdCEtAS4Mehc0LTwRfbt/eJ49owA2W/
+KSzT9XiKoZ7t1s7MPh0NfAkOu2YOlqjt5BOSlzQbQ57h+/3lBdMXkNBT3YEAsrgo
+ADlhGA6CVOIxPuZs7z2x+ux8m8wB54ZXO8h7JFfj+YrIKkMoTvePMltatxlox76r
+TUK2LsXOZKbYZBkKZEqtIUudUcd50N/WTkxg5qE2Up9V4oXhdY369sF//7mMadZ5
+KDBqDmHC3q996y9CERPghc/sZQVaX6widPtlsI+SO74IBMwOX29eIroug7mbeE7L
+JFQc1KYaGyB+Po29y9l+l6C9mfWOHeMLKOCzBlexG58CAwEAAaNSMFAwHwYDVR0j
+BBgwFoAUeyxRYTEVrawsa6m+OzsYGpKqf0QwHQYDVR0OBBYEFLy7jwxuDW3P6K0Z
+wZCQ6vgkqxIEMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQsFAAOCAQEAjMJa
+DaSfZMbvgS2voQaA27koy3de4DX/dlI6a/QG0O2HHilgp3g1/G42thy90ewLvNse
+nkYf0tFM0Fhx3n6KwNTf1nItuwn2HwTIiw9jQ/ERwLqRzmnCor1fKf+maNGWqYg0
+vFmmrxVo897hX/0b9CFTpS+SP1RgMonaVnjkR4/sA79aJ49wUpdPkVZrmXOAaM8r
+MR8ryNohpRY8U2O5+S8MJZRKQEDyMFW0kXeC9Otngb2h4ORErh09DHI/xuGN15So
+90UadDApAMpCi3PijRNIKVcBpge8sAvXwR/iYX9ws8XNuJVkEGYQYJwLKU3t1NAA
+Ynvjy3YgibsBuUcfng==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 10 D8 85 4A 0E B2 DE 50 07 79 D8 6E 26 09 C2 F3 C8 A8 D0 CE 
+    friendlyName: Invalid requireExplicitPolicy Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9E632AC14FDE0912
+
+MZ7JO76n4gkNhZ/mbGaQ65kpwMvIaETRiu0Hv+ET579MVjVlGFccGFNNSYKVrISD
+c5xHwIYGp79eivhh6wFNdrTqgjVJMk0QGa35aNL5E528O9q4dT2awVoVgQm6huC8
+ajoQASr+lJttTVw+EFKiqlt5cVapnA/8bnx8I2vAZ3Jf7ZhmvlSD7rQgyRuDEid0
+otLv7u7TuBrBFOmjVSg6froikW9DwZxEMY1mjOyu1pSvOPZueAUN1KEsXMlCv9Uv
+k/U7mD04OqNJvbEZ5AF8viuqzfrDSwym9/XsjWIYhdH8fbFiDhYYaQhDfNwpxyCN
+JmWFUncY8qX2pG1ITr6hImn7xE91ZMK6WyUjQOgI4IvBMSD7OWQ9Ub5UqcO+8nx5
+tjij2bGB9crZ+CGrgpXeiYErVFsRSFayuC5sWGvyBHIbWsm24p7/DN8G9/VCuUbv
+0PQYbdmc0/HnpZHtlwtWGIn0RQXCSCefxl8y3OGFaL6QMPAq5rt3ZdidSFMvJ1QK
+iaZJsamlQdJjxHctGYr8ApLN0ZF3dyHB07aGXqektytsGx+1P5D6IfBPXhSD1u4U
+4rfyK8CBPXc9+hysiqcHVXRss/W/I+jC1mq1FvBSWCIXkZOrtzHMEfC9CiEO/pcg
+hG41fHZXdvBncGvnIcpJfG1NrlzbnVpGk3C63TeZH4U16956wgYoEFxc5GYVCIO3
+zcr/eL8STK9zNc4QuwZBuVKu66UjA5Jr/GKrGWB+2I5c06rfDc7qJO3Asgdm2BAX
+7J74WP+duNDMShd+l1IGeodhXsXZ1O4Ru05sUOVj/SmHG4Fxg8Alk/TuZI/OVqN8
+Rx4Zin/fbB+SAPNT6U0+LeLoHQizTPbzKpfp/0YnhExy7/tfTEMVvvG4CPNATjr6
+oeLjrrCPVSY0mABDO8sDFbcZhQUXvX8DTP61bJbSPgZ+oWtXSeihB0vUNn6aW3pr
+xl3+Nvo1Cs2PwbayJql2BEkarr2Fm4h+CM8s4FoaTErEVQlLVLTn8R9jRtQ9JQkR
+dR/S345k/GKtQajHzXz0YmzUveGsCp8TiEdIgkqf4uBS8ewCopsWtR7BJpyl70nF
+8m5ZfHljKTTpceRMD6kltQ4SM/TqqoTH5N3Nzm5GBdOR/R+wUS5XQiqoY4HqL3wa
+z62dZRfxed2GR/v5w1aX1rqHjpjXtMBdvrKbzeXtuajGd0L9FPEEBZ5Tj+ZdGjMg
+m3JvCz9bmHJEKzi72wUe+k3U+InbeaY3iHzOXDVrP7l7diQ78u4pHEge73QzsDVa
+nK5oXHe2bagyOlcbo8pBBb5WxtCmfHzSnwRthD1DeefP2MQ0pPuKiv5WACNQjTMc
+ATC8ll8X0rs7hICA6qU/4chWyE/qUUKvOf24p5geDLLH/ctO1gtawCWhq3pd56Hl
+gqw58zqhxtLktyMmhQ8VbCCeTCIoAcK/xpDbT8wpOpnHUg1KkoQacG0eAshzOliV
+TxmjLsVLdGIXEfrwrSzbyfOkIErWqfmknstkCtgRGCFhmd2/FwsOd89XyOEJwnbk
+E2vEyHbWiGT6I9rZpubfUUhEjiqLF+wpSVbHq+AUXS0Js6RM+yBljlkd8DEGXOoq
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/LongSerialNumberCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/LongSerialNumberCACert.pem
new file mode 100644
index 0000000000..ef687ce91e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/LongSerialNumberCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 10 2E BD 75 C4 D3 AF A1 57 B4 A1 7B 62 22 2C 50 8B 04 27 53 
+    friendlyName: Long Serial Number CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Long Serial Number CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBEjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FUxvbmcgU2VyaWFsIE51bWJlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMMaU0IdGR+wVMsv9u/acjIcUN1g1dlYOWamWDZgkiAuzZ2tQKzya2A4
+o5aK+otUElXuqmdqaid3NRyKkybkMdYEeFvK3Wi+CRgyeePBl8/SZNN3ZjPSsDXB
+bhHeCFu86s57lAbtlp/F5T//rHp1ZJeQBFm3YOQ9ffT35hX2qGST01hXhf0YCI8J
+fuCEQUj3SdUErJ9r5nntNi8r3pJfD2JBq1+fE8IO8jWImrxqNrF/3JEaQ3McJGLF
+aM+qIGz5MPUNBhdVxFBljfQrm/9A8N21SKeo6AnT0tRwuAysHgiXeItxd4Em5IW2
+4XJ+TzcC2CA3wy6zh+RrQCLPxeasDPECAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFAtjt0euwgcyG39v4zq46gv/12Sk
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAf1t2PGg+vHksl8WzT5PxQla3
+2E0dBOmg5QWahk7xffR2Uybkj1ZpIV4ljcMviVDXV2AUNpxbsp1gTYDKN9tuBcmX
+3YuHVbJDKlyp0ldFApGAfc85Yau02hoxTHQbuc2n2IC4BK7BHaklDivYUSML0kbj
+0+SF/RXCrCQnGJBiNl6uRtLTDWQLTu++9+RbDIloumrSZKG2IRdNSCMmKN/51Ogq
+BDr656aQEMq+770BJ7SOWKdErMniwoz2jF+8CPkftjvZDZh50ihhF3YciXpUMH1H
+dZ4uwQ2AZzoHtPElpilzQc1XeXUZJ8bEi3+xgRTdUHniOP6KeRjf/cFNN1FdfQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 10 2E BD 75 C4 D3 AF A1 57 B4 A1 7B 62 22 2C 50 8B 04 27 53 
+    friendlyName: Long Serial Number CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8B970C0D9EF0C68C
+
+NtlaPOCh6XgFj7iu0GphVsrjvOjyv44kO5ocxgpmnbUOgWBoPmIKdMqgydK5lgF+
+HRN/f9ZZZfSRE202wTZKfnxeIBNyUStlq0BzoMjhpDFnGGuwLVhhGDPjw9w5Yv14
+f6B3eAmloY7gwfItkDWIKY/PwTpYW+g7PJiLKfgfBE3kzx8/R1/Ifc4o5nYV8Bu+
+oGA0h0/ncUZrgnLuUuseCf1xvhwkIUTn1rO/uzJjE35FLKqrHCruPG1BroCQdn8b
+ZXidhDWfrVLGXih5V2zInWz33ejpZPxhtXcog4gX5k0MU60lStzhpIm/mY6z38Q2
+xywJMD3Mxq8vRWKW3nYvsfK8JZ/wLdE49s984tqE0RhP+mys/H6xAYLMTEmxjWt7
+3LvlO6QniNMytr/XZQm8yBUkRGhT2YwJf8wIESdZVfFKHA6YsmU5w+lt17UiS7X1
+hE6zA9543BrCrYYeI6sE0//+KbAPy5EUCAms8xaQhBequwUNteyvuEHofKgKJ4d0
+fzwsxRHJlPJrab504zOj2zLnJDX69pdMynQxhODQFsqBkUEDJae1E5ZzZhSLHdms
+Ul1uSew0/Z821vq9QiZ85oKss+3Up2adpk35DQmCrnlqTxGfDFubCQsAIta/T56h
+4tRfT6ySWz4HNprGeyhBLYGtabhKwxC2HmwolfgFzFvWMaKG7NfYT7f/5Qg6q1za
+zIWKUvNZyZw/Kz6BtFHRn2bR2uzgbC+nJg9YKl1FLETLJHOAUH67whNIU3Uy3Y4O
+idkGvIXH9HgLYnCoDx8SaLPUbmctyza6WABZAuHQMejRTKOe0so9xhBYLJMoDPKg
+TFiG+wGnLKtuqQYO3OePk+c2WDVTrV5toiNDIJXU+JqKZ/tF3JFthTPIE0Iz/leA
+8CC8zORjvKqbmHJwvS75yTuoQTZ0lSyx+o8Xd08b0QC6GkXE6tII/vco8TVgkmnk
+aBPDbDzFwl4vGQ5y7f/Ekmo1aW8NdLouiAGJsZL3aG4BVCuYre5KY04hGguzoqfD
+cHj4OfVrmCbEwxGjvTvUbWEK9OfZOzcvPC6eS6OfjRLXUZNsbFd/8DFLCim1Enyy
+rRuhdTDQjKdYxzXbpZxNXxp7Aua2RclUAPgbuZDo5B5QU1qjjyPXONeOBfltNJyC
+8LQFj0SSYCB2zMuv2lMfQdWC1Jm2MUgIzAoheke9nqO+AlT0aX5MABgpGwmrALAs
+evtEXaS3D48OvSoWZ7mCmEzgRBcIVqx+mCppHnVonYi/6wpIXI8YIsOLKjEJoghW
+P0dkHJk3ZGVRdb49c4nS8zT8hcQY5crFN4luTUcPyNlAXw0sLYrPqaJjE+JnYvCt
+EVTOAWvf1KNZGyU9/y6zquYcOCbs5gjjuG155t2xaLeoqYm5QgFV8GuC07vpj9yC
+DVNSST1PK1SZLhK9qENREHGf692wvq84rleBdxc9FQbV3uCOyo51Esat8yk2zsUF
+CdsjVmbdwNuVQk28cSSbztYfYjHigeyjRZcA9FPyXHXe9nG4SSurQt2Jbkz9nZ7t
+kDeg7Usr09wlYeoBeC2EaRuCgkiDTHWdcQeEl44S+gTX7ATO9bm2kg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Mapping1to2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Mapping1to2CACert.pem
new file mode 100644
index 0000000000..abf2cd6285
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Mapping1to2CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5A A1 7F 4B A2 41 76 28 19 72 F2 B7 8F 5D ED E9 67 77 8F 25 
+    friendlyName: Mapping 1to2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Mapping 1to2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIBMDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAMT
+D01hcHBpbmcgMXRvMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AOBrczl/53SePwB1Ub5qyWVoVLy1LCGwRkezm19LowdwFJkzJV0YgrlXpEd0TeBF
+Wn3ObRNqZmcPBkvF9rUrRCmuMIuT+164rh+U80zAXVVJgPoCIWwAHKFyskha0L5q
+3DjC+ZsIqZKajL/hQj4OmbKlvJuP0Ptd8Bjiy9bG7NgLohzt7BvI91rjKjFu98vC
+nFvXrpFbPMyeatLKJ/x0kgHfPRQLCOot4ojSkQmbD5MZNNplW4G/4iWFCAwwsk5y
+jA34AkwYIe6mcML4Te1wBGueM71iGaga0pPdLnzodPV5rr5+sjcKsW8yZ2C3jca1
+ui0v1oDcQ5BR0dlvomx/VHMCAwEAAaOBszCBsDAfBgNVHSMEGDAWgBTkfV/RXJWG
+CCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUmcV4acs9M3bCmaxE5bAO/rn028cwDgYD
+VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
+BTADAQH/MAwGA1UdJAQFMAOAAQAwJgYDVR0hAQH/BBwwGjAYBgpghkgBZQMCATAB
+BgpghkgBZQMCATACMA0GCSqGSIb3DQEBCwUAA4IBAQCjpL09JCig5v+7S82FBPiu
+JTT1xgO/XBQqRIvDkfggs3F4HZCJR+XuQiloEGY/H86/laXVMy/dTj5t/Ojq+8cB
++T6jWzmNLTvjQkuIrLkzIQ15bce0+1EYnKEVVw+0BGMfsAObXsJGLDxmE1DYRUZi
+Bx+Ar5ZHwhTRXLNszYWSTXPR0oXfPly5YqFwnFWBAj4r0q6rUsIipcmIe1XuFMhY
+SFNJJNWzpTMS5ay817vhfMb0koA+fdM91hmONDOo8wbT8CDr5hWhss1FEbAqFheI
+RhYXLG7Mll5FWcfc7HbSU9+edq08W6aLsgXyupHF3SYrA0w0duk2l251GqwUgxx7
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5A A1 7F 4B A2 41 76 28 19 72 F2 B7 8F 5D ED E9 67 77 8F 25 
+    friendlyName: Mapping 1to2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A1DE75F64A796C44
+
+io90ydFJNbW1sRPZ/CFOPMxQpvArQVmRj71uG6GysSZD892WtIDO8O5+m8oekh31
+3cZJENDZiCGt9HwbN3+qTxTseghUcmYT/le0u5XJRVtKorFwX6HYHwJNutgZ0eL+
+B0U5mSXWK6DVrbuh/tne7K8ER0gr6sGiiArgPlXPWeHqnxa4J77jZWq6q61kBKOV
+jVbpu6uHHKSCLj/3NUNQcKNwSCf49JW2j+dXw0BrWh3WSoaNn8uUoZHCyEoDx62V
+qtRgJenl55dzu3MsrO2fRaThvYX9u6U/n4w+Q11KyboRfhlZ1c0hzq6egcsYJahn
+TSekKbyZtBdvcUbP0RkaP2z5mYxzOWlxgyxPHMaD1+DHzt3qXvdlVNelR5sXwXZy
+lIl4uz7/3LtVUe8Q1ksnyV+VZULxwzTKtJDocn+4Ha323HwWeQk4MwFkeW4V24Ts
+OtBsW0N+HHJMv5ceortjOafIBhMDeM+mWF/tKV/nOnjhzozweuoyOJDRca2LYJwe
+WGKbvp2pubirZl/u0dKR4MfzPJ2rAnQrJkeqG6H28z4JvUMgGzPPoyeL/9pvlk0u
+Juurr6DWX1WDp4ba1DyaqLV6xEU2txOV4ZjbGyTCrgoKOirRHKaLtF0DIA8AYB03
+xSPHEBgTrFodVOzAkfsTX9BMSQrYMWL1gy9V2u+lTpgszSKGaUnYnzv0ocwem7ew
+5A4B7ZziQmEEem4Gmo8Qed3hcPcdZYieAdw7ZddGgjBNqUSPlvR+4bgVT4oDc+Vi
+8o5zJG+itLP/c5ULLNeXM34hPYn/i//7jGBz4vrYd6T65vDo0wO6pUV8m/eFcM1j
+KAf/e8gM6J7TTp8UIvesX5PResiQ5vRr7CE0rPFPyjIRDV/lh+pgn6Z+hUseBvzV
+7n5HB2W4uRPjCnVPHQUDcFerElAZZUPqb7EEOWCbLDDsK7bfxKC0YGymhRSTPxPd
+5te10pFtV0N4JT4GTkebnOYHiHLeVOuhGszEL6FgT7XlM16E0ltMAzmfggEXpH01
+qcrxGUW1OJTIUiwfe3SWBw7Xf2+nrdfq4xH0id9NtNvEFJl/m6J5hgKyc1J02BVK
+KpvoJhg2jgO1FTrvKcAaERNHOxu1AEPWUdOS1zLvzAp9plSKY8wSFoviqiE0iQ8g
+DvcUr6uuhXPvFAYyvUI1YtCczZC4peg9fgqepFJhEYASD1Og3sLwKocq7wh2rb/6
+Gcgy4rX+gu7PUAlpTkEFN9GcNs/ZHW3/SCLeAFMTo4YzEDreBRi2TABCkY6ODy5B
+XD4PCNtnNPinvejnFzveG9I0k9djB3PpERBLAJ3NyIcmDspe0wG5qfrnU9F0DOwT
+uWDh8nzRETDkfBNmKbAPiP/DXI7ROnISoM5uvMH1bcNigmCk4/kbiXIfpQ/oXW6g
+OUnJfKwSjqTMcjH5QPpem8zowWfOYNAPWZZPI2i2UPPUx1D4u5eIybmKx9AkSfv0
+b4T+Awd5bj8G6AnayfrgCTsHJEomEkX/K77W5AZv6V/dIYYSJp2CDJx9LYuU5J38
+qX7PYlIKvvWrtLE6neylW9lPxXxWr2gOkUPUBwuRZqBbhN/5Ecvpnc57SDX57UKh
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MappingFromanyPolicyCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MappingFromanyPolicyCACert.pem
new file mode 100644
index 0000000000..ccfbc36f75
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MappingFromanyPolicyCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 4F EF 0C 1F E1 01 8C D4 7E 71 BB CE 89 E1 6F C9 3D ED A9 F2 
+    friendlyName: Mapping From anyPolicy CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Mapping From anyPolicy CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDvTCCAqWgAwIBAgIBMzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GU1hcHBpbmcgRnJvbSBhbnlQb2xpY3kgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCrp6IDBPUKqlzfwBrwMM0/8mXKVyogMBl5xjRYIAzPCs0Mwv7R
+kEQbM1BIsYtbSJgsFJtldgS1u2yhYklqgcTsHZK7NrBL/QleugZcze2gunSlvAYW
+2qO6t9japmswZ5/8l2hTia0T7P7Nk9lcBbDi+HjNDRqZglalb/gXvfWnsWxOxAiS
+QY35dAnqxXl5KlkscU7uvsQubTBmNaQHsDrxoqSAXnMZG8dys1G3ET5Emp6FvYBZ
+LSYQqK2nWkL8xFIbbdureHpD1Af+HWFDTntlZzw1Vb2MXvmz0pYFdRGA75KD7SSp
+LEl5BiXwPLMF/UHmMZWhqVug0MlJ7mWl1UkzAgMBAAGjgaowgacwHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFGhzFOALNM9yQNqUltYV
+q3qkby6MMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MBEGA1UdIAQK
+MAgwBgYEVR0gADAgBgNVHSEBAf8EFjAUMBIGBFUdIAAGCmCGSAFlAwIBMAEwDwYD
+VR0kAQH/BAUwA4ABADANBgkqhkiG9w0BAQsFAAOCAQEACkuUlU5OLnBP9XTQLJdC
+4cZ2L1LbaCvAnUSD5ZU1UyDAPHcs+YsbjerZT1Alt/KqnVyD9pvkUuScevjjvLCy
+fSGq4slrV8mHUVBbMuumv5q+0Z4J2PFgNXIvdxHiIRFUq9A189ZiQkfUxSeRPUK4
+M3YmPO0iaeuS0SlAKIQ8a1dxNgm9ax8GOj+SQsx84FxED2wCR024sOajIHIPVvyh
+bWPQMQbdJVSuVULjsfuGDyMZyN6a0gR5uBQ1MXmsIVrnwAia0LTH7kjudgabGYa9
+MJkUVscZiu01jZBYfDqpaCN4MWkXCNvf9gksys7HoBvFlGyHm32/XiFrVKYufBkf
+iA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4F EF 0C 1F E1 01 8C D4 7E 71 BB CE 89 E1 6F C9 3D ED A9 F2 
+    friendlyName: Mapping From anyPolicy CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5C462AE8E9116220
+
+y+qcQ5rPSa/dw+OO+v0T3NcA/P8P29G7HJ0cOxdMp5gG8WsyH1eRcy7cxeQ+/qXG
+b0vOgpAOkrI5uVkZTHg4PkB4pP5bqOp5J4gvnDbQRpWFBTWzB/ojqzmBt+OQqSGy
+TeFD4ZyRTL0CLWFRX1EtLJKps+nb4qUaBGuIp1B1iBdo2S9r+saefCbDBM3MW3uG
+3Ji+Bb+ec7GfoW+C7OkU4+lD1AtT2lzFJer0kYH8idY3cYs7acgA9Ir2TVpBdAcV
+7RMk40w+kC8U7qJPauV3WwyoiTjy+ul95JSQWWaOEa4ZUbe3AO8y7tb7on6YQ0tO
+f73uAisqIV63+JsANtt3dWsRQI7WYKpKxZQwABz1jB1oLtpn3XrYsmeiyjW6YcOe
+pJBGRcwW5w/tMIrqtHqMDvN4y6gW29l/LLL7x6yDxDpqCSD8+7ojDwne3dA9lc6t
+wx7XoN5p2oEaGvhwtR2xXyC1rxownGC4LjVWmq/cgPbepZ1WGg1NgDHQTxoSdwmP
+jLQsXNRkNYYOkXZACG+q0aWeeqmqqYMacP1aUZnwF0E2R/isOGMprg5BNEpMM1AY
+rUhjiNPTaVkDkv4uSoGBVRuRYwKOv5pZB39ZsxywrDOuQgqAUzpfx+4FgZKTbQjG
+IqQoMCblsiDoywaqZjPMwFvV8gLYGgOg4MkF6Ba5uVkgWuyO2jSo9ZUmb/MoMeMN
+d/y7PszDQaQO3t4YtUprCD6eRuI5ni6U/jEWHzOirkQ6XZUekM0PEZuyEQNzQK3r
+qOl5hAfboXcQfrxmVL/tmri4R+022kkS5jylHuxg7vs6ADZalaAF238iybqlzAoL
+b24zqZXeKcM/w1F9FYHuVXThJn8ijJvKnWH59zT35sNjPqmnbc6rKxv0QKLoHkqd
+kP6Bzdwufq66PbEXXTZeVnc2gbWDmPywbEQY+WrnKuakdVNtdkczAm0C3tzS486U
+IQFQDG0ffs1AmyntosXmkePvjN4K5KHieMqFvy+tdYwboJBnsD/HnhcM01KaFv/0
+WULj2zQ3l9K4Wgt5p7nbo84CXL700mpadYbKNf0qVU0TBYaU6dnNDOCLs802B/R1
+9icOlaEBz/oGfqH5FLi3di+MAJOss/oXzfVlQ9zhrru864Mci8gKNN6WMuA9oAIy
+losEt512laXp+eAFtco/A51nH1RedJmj5EJV0RSgqhg29RiTDIE8UY1mWny/XM0T
+q3k4eSUHQFtIHUR3e9YvqbRIjqj0uM5J349uG4CirGStm3eCGUnTUL8ib/xi1PNJ
+sXDMOmdpZqbthOJQ2dWfaaMXhidUY4lAX+65wmFan+Jjd61nO5219mSqUZf5pF/I
+duLyTW/H6yC2AKYsnNWvlIfr/1vI4U0F4B3pVq0+xZDWoPxzQTZ6imU2KYgQDrOk
+cYw47YIe5iaos+Dnwk9L+zWVCG3nA3HKABakASOD6F9XfFKzlnmKhCB815aBNMq1
+54hlSzUQpYW4KJkFN2N0ujEkZpcfeR1CmaGwMmqMjm6MbEcU1hAKRf+H9FlxXFHb
+n5SophPEWRRVhjuYHePYIzBHkvBVGJvYT/0V3snUt5uUB7NSEoPpCwhsfzLUO27T
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MappingToanyPolicyCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MappingToanyPolicyCACert.pem
new file mode 100644
index 0000000000..04b48d919e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MappingToanyPolicyCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 38 6C D7 9D 70 F8 85 14 A2 EB 28 F0 B1 C8 BC 6A 6A 7A 18 CF 
+    friendlyName: Mapping To anyPolicy CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Mapping To anyPolicy CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIBNDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIDAeBgNVBAMT
+F01hcHBpbmcgVG8gYW55UG9saWN5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEA7l+P4Iahif8g4OYCYpPVwbmJqrG0fnDR/oNBlVnC10F/uJiYK6a1
+7tCVcPXTHeD3N1XtvviZzr4hPny+F8DoVAyYsBQPn5pQ9YchgrsnMfuTmp6NGGt+
+4kTW2K97AwgH+cRwm4/5xZgsKZS4dUVSySds2Vl1tLxK7DH1nrjSvieDO1k6h6Pi
+fHZ/nfVI0CrPP+jwrPdUllp9lNv6IyrwO4gAEWUzVhwuqnEErKDA7FDLCMS/MG5I
+3rWJ+1UMN32/IZlRj7b97Obe5vmXUtcnVOPTtmKPF7Crctq9EnAxOz7aZObY6qAY
+6OJvaNCLA1YhHxNvSACVm6UdXaMeyodR3QIDAQABo4GwMIGtMB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQULO2T8R4acBWUiy2TtJjS
+twUIrDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wIAYDVR0hAQH/BBYwFDASBgpghkgBZQMCATABBgRVHSAA
+MA8GA1UdJAEB/wQFMAOAAQAwDQYJKoZIhvcNAQELBQADggEBADHu2GnJgEBdzRt+
+PSfkyzvActmVetZktEWh3fysA8LTQI0lPBN4us1QKw61o9KtO+ssVs83d3OF5l3X
+vkO4ilHyvT6Hz8bH5pXskMmXqYubrJI3lQjn58GohHNyCUDS8bYRDLe1Twz/t8VG
+hLyiQwNQknc/8h6q/oQuilB794AHTDP84np7rsT24X93LOTxQoEdZXhB0gvBK8FE
+j37F12ObeB/3fKRCW0kYo4leBgcPw5G7jm6z6nljCgvn62LBosINe6f4Gy++CLHc
+TVW3OsNOIrgSBqrZr0JfAwykOWfqJGCfOQGcOIP+MyFkGHL6jrS8WnLoM/b4I5a6
+NOBfmzU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 38 6C D7 9D 70 F8 85 14 A2 EB 28 F0 B1 C8 BC 6A 6A 7A 18 CF 
+    friendlyName: Mapping To anyPolicy CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3BFE1C8E0764811D
+
+FbLyNuu6zBe/eE8YLhTU2LyHAk12hF/DcPR++oUr1y+YQkRES6ciZ+M2VROJ3oZ1
+9AaUZqvlXcFX1G+/p1YBmDXQzsepmxS4Ofuw44ZuxWzJZCFWFz8zHQRiWqgRMYAc
+k/WNEKvVjRBZHzsCf2mkyry8bdyVJqWjeh2j731ERus28W1LdZC01H6uHYIcdO6N
+/Fe/tTzi1uqCwsNqGjqKcBzVJdXiOgKKygn/4eZDZ+OhvaTLbqsE3WbrrZij1LKJ
+s7brfzBlHIBxR8FiB8h27QQrKjyU7uB08V0dijq3u4sckOd9TzCcGx3GQ+IFLj0R
+Cxu77Hgh6btFAZYUFvxx/eFLF5Z8KQUqDDADfHnreJvu+cVcqdvG9HtBTA1kb1In
+gSbjuGa10I3JxyTGRbjj7MCCKRIy7DVow8qO+0Rbq8bfjBOdUk+dz8hgMvW4wCS4
+toJI8+kAAuQlEjnwGR5YOITvIBjrN+gauOv0yNx9bQM+pdoSfjMb/1f1Y3b6WPbN
+yoWILudv8zFay7hPWk/8MOpEgHUWRyELwLSgTzSSITFDoBziJqcrI+fHgX2jK3+8
+MdTlpvc0G6xkxTdocvmH3+bhba1bJqDFqMiwrG66dqUcYRrVZN2ee6rjj98nNHMs
+tUyfYSpusV82gTjH9p7daoUYPRHwjCm2NUrbAxd3w3uZYEIinanY8GHJjD6PqEBs
+Lwf/Ciq3y5bpn11pg5OzaCUq60nugEjGqU+nN3D/1rntyME0/o7e7GBc3BzQvuLi
+9sW4rh07vq0acZWVi6msm82WYUfgNj37859rlBYGaIV8GnUkl4wC+MvAEO/Bctkd
+ztKiS1g45xLOx+BYTLfs7u+vrVRR9P8hENtq369c7FNayjeSb+FXrQCWNYuqox1m
+hyIhg2o85x35bV+i0DTFru0WoAi2Zj7Ors8gmD1jCx/kiLGHcxb3egNZlJFSDExV
+2N4DsqHrneydplgiVtSat+COB3vUoIvSkBacnDi56YxNWsS/YTryFY0gy6P2daAj
+2jiToALSwfCkcUnwzEsbxV7+NbKi5wt/H/zK5yK2IbJszepwLLqSycZTLPfm1yK3
+aZv+57kL8urATlsCxMKSEDgCuGGQymDA70nKomK+YgW9RQo0+ugNHL1HllA+mnEf
+u9XyYhFDK44caO1TiiWEN30SUJuAOBfsL5sos3Qnagf80Oq9ermxmGUIgzA4FljO
+oQShwiSMMHS0lvqXWG1Aj0WnyF1qTCXgzEV8TK1J6RUuhVp07KY9PsPQ9pK8Zgt6
+ixgxpIF6KVqsRagHe4NN98YBdvXMGdDaOHQ5Y74zJJ2vB6JJmk8KM19pAvcdSBBf
+DnVBq2AxYeT6L9Upzfn2inHT9DBpX2VrtmesJHu8AAvMwpdEqF4s0JFWUtINADML
+hP2YGzy7qWUGn7g8ljV+nBLPvn901TibOkurmAZEnafMl5WcirhEjgqdsyyOX6HZ
+F/eLPKgiDE10D8I1KiCvBblZxo9Fr30fRYBU8W9dqHKhOjxWiUeYYpSMASH8PMHk
++A9JmoZe3p2K8i5OiBmUG8Wp1qNqquwU3uJQerRHQWiF9F6um9gc4Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingCRLTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingCRLTest1.pem
deleted file mode 100644
index fcad66a5a3..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingCRLTest1.pem
+++ /dev/null
@@ -1,76 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=No CRL CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbzCCAdigAwIBAgIBBzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMD0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczESMBAGA1UEAxMJTm8gQ1JMIENB
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvjr78zG/GobZnKabi/siuJQm7
-6k5APCdB3g3SJzzlYR3ivCQg+7i1pEFgHqLLPTEHOCHunC5EedZUGzUGQX0sXAxr
-KYeCqLS/s0+saOR0HBk/YsOaCwW7v6yBHA3s2XrtK8N4qJg6LdZaGEjUefMfUM7p
-iVQQPpw3uAQmZuYf7wIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA8
-6pq8h/9J6jAdBgNVHQ4EFgQUB6jzF5xOAmiWRcwRmAF9yHg/9SQwDgYDVR0PAQH/
-BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/
-MA0GCSqGSIb3DQEBBQUAA4GBAAWDjIUq/V6y1p4vxO+A1xdmmM8c6yRveH2Lq2CM
-OwmpClTYfhLpqkWwm3WSXd2VvjiPUTgTC5y7EquFuZCCZkgLDVvUW9VplIm3a6I6
-dgZiOZDqnXZ5rC+CHGSszfdDo8gwjJ+vA8AV/CNSGNkkbo/ZQ1n7Ppm8dW/bS+8k
-anSO
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Invalid Missing CRL EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=No CRL CA
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEjAQBgNVBAMTCU5vIENSTCBDQTAe
-Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFwxCzAJBgNVBAYTAlVTMRow
-GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczExMC8GA1UEAxMoSW52YWxpZCBNaXNz
-aW5nIENSTCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAz8OlGINaG0uEl2RAD7DtTn54qLrlCtUbCKs3O1dr9nEDDohfVU5x
-nLweQfR/m7b9F17BzhHcxFYjfRh26aj4eOQcxHrpBfNMj6U87coAeJ4ERn7okfqM
-lcGlHWS/Wh48iiZvnCvg4jeHhSktwMppTGKIBKmJ2S0L4yKNYCjZ32MCAwEAAaNr
-MGkwHwYDVR0jBBgwFoAUB6jzF5xOAmiWRcwRmAF9yHg/9SQwHQYDVR0OBBYEFJYM
-oy9aXt4kJDgRNj4KDS29NtDXMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAlNJLCSyrRZNUza9eL2Jc6eFS
-bjriRrz8ryND+rn0dnsceIVrXVApplWnVwUjfm8fjOZlNOLM4snxmzRJ+FyTR6z5
-u9nK9TAEkMrGo/NinCET2Y5v4mtxj0E6hJOIaFxfkZoj1mz8BvOYgiEIYxAK65lA
-BNDlWIYdh16AIUEZNAY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingbasicConstraintsCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingbasicConstraintsCACert.pem
new file mode 100644
index 0000000000..1988c209ec
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/MissingbasicConstraintsCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 55 C5 ED 9E FA 09 D0 48 D5 76 97 A4 74 1F B7 33 BF ED AB F1 
+    friendlyName: Missing basicConstraints CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Missing basicConstraints CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDfzCCAmegAwIBAgIBFjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJDAiBgNVBAMT
+G01pc3NpbmcgYmFzaWNDb25zdHJhaW50cyBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALRWdlqDlLWqsR0om+sJgmRxE4QNnMkpzFQdkA65CXM2PzK9
++8cj6UqaHsEvMktB77yHztk2GhmEkrd/i6EAJNjxwBjAq1X0OhcFG4e0llZk1JaH
+50eCwZJ0OG92PZYAQ2l0d99/SvUTSEpZ6v/PmXDIiSS3vtGN+Kfbpw4S+3DMTduC
+vBjx6ibgsBYd68b4Oo0T+gYkKx2v+UZ8n8cV5WjVP0/Uy4tiQIU4MXUeNjZ4UKat
+zRadXVq5mGEK4tmP7RGn+5J+vukGq5TB/hg1+PvzY0QQ6TOLruuLhtGEwbTDZkz1
+uwiUqE7C4NALqABdICfwJonm3gjliEENTC8L9zMCAwEAAaNrMGkwHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFDBWvBURjU/GJsa1nKFw
+ktL5Tw15MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAOBgNVHQ8BAf8EBAMCAQYw
+DQYJKoZIhvcNAQELBQADggEBAFgnHD7Mz1Gz+3SEuPsr7PgtjvAo5hnRZHgvlAAE
+X+usbcykRvVsgwp+d2SZPgybcYQ6g1CwGtNS9/dEHvoLXe37lkBr3kmE2/kEdjZi
+IHEU1Oh9thXs0X+Eg9m3JJ8ZI0iLuWpQd7xHA+riTlJ46SLE1d1xGHPSwAxRi3fk
+US7X8DAxejxjGixWGF988Ib3NqMMwx2Jcs5pf3u8kUiulP/kyK/+jtiDfCIxIJLw
+IaoFs5osPraKaE5IvvDrSvM0k5yBs+9ZU2WMNoMSzzY3+jy5+OETQPszItgXQ40W
+Jt2Cxs8ZzBFnuym9UsD9m6IXe38eiJOoP2ruwmFn6uaNPak=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 55 C5 ED 9E FA 09 D0 48 D5 76 97 A4 74 1F B7 33 BF ED AB F1 
+    friendlyName: Missing basicConstraints CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CAD484F46827A5BA
+
+viFe9mUnjZ5hxyfbi5pxNHOaVC+aiCJ7Yn2fjmxZ+NcjLb2Ccv/cVdMpSO0Soe/o
+vVl2botOROQMXAwibrL30AUf1rsN29C2e3SD9DOB/FLQpq9jJ9ZS4cktDK3phCeh
+MPsxjxUdlE8Zmhos36bypL5mhIaG0wmF6Fuz66y8rhpAj8zl8yNGL6DqNw6JgpvS
+E2i+FZ+E3CB05W6WSjOQOFexPNnWBbkjyeXrFTB30DJ7BjcVhjfek1+tItF7hYIA
+qhUFXT2kur8WV/R5J0bzXlRaK1s4kj4m1VFcmINHYiSbUsExpPWccRmFv3Qbc1tu
+/NhVdjbsnc/BI4FyTdW/sio31VviXjewVWIXxhCeqr7QRqCCluM0HeAEqZFPS6jf
+3F7p1VIxqgz9ibeJ0JyyYtRgroK6iYkVfqCSiCoWh6aJ7/pBPLGmCIIEppbEQKGp
+NBQIRzpOoKTLrzuOlGypLyoTTqAASnNNofgStH5gy+tFTAWl/sKGc1KLFht6hn4z
+XvkMdDYi60zV43nxLlneq5JudABiuC1of7SJCdAbDqN9+oUr0H+3vjDpwgufLvfA
+QVdhT9WhJZg+KLY4drqbuBHEbYQGA+CNwQvXW4CddP85kC0gEBF2pl1FsXrKTA34
+GrRn7K4vJDsb8tRP0wuOAFj0wuKwbuY4y8lBBbaNhJtiosR9ZBacIwG9yh++6dVn
+6lLzJczCF9zQOaSTtNZAPrfQo0u7ldmhBPoR67QOkg0zI1YwRJF8Y5BOI/0dSdet
+CyNhM5bGaQgq/wdi0i4l1UM66I2SIO/agRYVFZdohE/3VzKFZZNvFtDXSTNqaGqo
+GHhp7Ke/rJKoAWx2TcdgKjPDAMBtmgINrWCaGrjt9LDDVsrhE8hIki8vEzKGgUCF
+nmlzPqUIcT6OkOhmBZhW2UqzZAyYmltMq23MpB+xn8UPoYVV3hKohT7batN/mvqg
+4CaLA2vfYomCXE1To+OjqeuqpbSxVljjywPT0N4Mii2yWq4B/f29qWL8cxMl2mWM
+/h5H2SoO8FOr3Hdc/IrSH1fsJ9CUNL8YUKHgBts5B+K653uUy0qubV33OeqXC2Cu
+NlYxiGqkDhO5mi9Tuw1YXLNgXipxqiANOLPZOoaeCP5spOQgnpQR3pxlrxTOw7qR
+wbH+VSRBhtABMDcJsadDLnGTWUnPR1q86ehqpo6XfipZMg1gGnbmN6PNthRWVmtk
+ZPUhekPCWFZnBS4obeFDw4ZRjnbFN8qPE7uHZ0VL+qO1rOoGX6p/2a97l9nJTACh
+anm3AOPE/vWURJsQ8Zc54LLhPJvTQtSoxt+49Xv0oitiz4AB5d23XlQ4IZ+avY7j
+Y5ZXuQpQKdnZeG9eS86aiHcBJ3Fvwt/gVVIu3i/jRrNU8Fk2WyyaJ3epwII8wgC+
+A58NcMf6HxHb8NXufZOGWwUePr/VQxcS5EXBXbFnp9tQynzKS4qUAV4QIhb2Pv4V
+OwL0p3VD5tGlLYj7IWAe7tJcf3u0q+hpzuc5DalbQ08NMZv2vuXjfvQ0ASaQ7nVq
+Sjm8fxoY1CIImWqq3Atuo3Mv8yyx2OvQgp9YWSm7fn0HcSg5Iy+eZg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NameOrderingCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NameOrderingCACert.pem
new file mode 100644
index 0000000000..224d33f30a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NameOrderingCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: D4 8E 43 5F 00 56 32 DA 2A 07 B9 D2 67 E4 66 E7 F2 5E 16 8B 
+    friendlyName: Name Ordering CA Cert
+subject=/C=US/O=Test Certificates 2011/OU=Organizational Unit Name 1/OU=Organizational Unit Name 2/CN=Name Ordering CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID0DCCArigAwIBAgIBBjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgZMxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSMwIQYDVQQL
+ExpPcmdhbml6YXRpb25hbCBVbml0IE5hbWUgMTEjMCEGA1UECxMaT3JnYW5pemF0
+aW9uYWwgVW5pdCBOYW1lIDIxGTAXBgNVBAMTEE5hbWUgT3JkZXJpbmcgQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4Izk2uos/TlxMQIzTb0CugRjW
+JZgTFHdIYxEN2K6eCpfTkU3yFaIIsqC84Jwc6sCT/uroouCtnBsDvoMw9ExsfX/0
+wBKiXYZ0WmpD+cqNCmXJObrxsw3qs7fb55J9b+4sKMyBPea4hwOwpSpdnk/d9oY/
+QqBac09/+bqQZi4gSM2MdNweomR8fzh8B1IgNwuObNH30EuuNpjjQfwdfPt53HDH
+DlHAVDQgT3/2wrj/kWCXYeairC/r4IZFmCGPfWpwdFBy3SXV14yqG3rzAnOYoTvQ
+qHIhOyj450InVnCJc3f2tP157JEejY3KxxtFT7JCb232thWZz0FduNKKx1IrAgMB
+AAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQW
+BBS/SouBm02MFDGMW+nM3S/oeRJRUDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBAB1RfNIX2NAP+HC88I5JhXw8wDo9r7T051XcB+KVhbUfK7sKE9WXOq8hxsyQ
+b6XaSwDMIlbxWNAeSl/8O7UGQ36IWepI047Y6wCLMGsOINtB5FGzPsg27mgS8txc
+80Y8yyxNrGrztJJOPEjyw0fyfW56Vyjee2z96/5ETtJJMFkr1JnbITqdrXL1+cxJ
+TH9KgJVXFNjr2vAzB4aV0lHcd1JRpfTCB7nRt+ALRqjfyUJze5NI8TN7DseNgGbx
+UBD42AlUMC6aHyTWNytAsUabonJefRatkLzY6BpJ0Ewe8d2ztqIhkYGezCb+IXJL
+m6bBRwtJ5KXTL3kz3toqdTJedcg=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D4 8E 43 5F 00 56 32 DA 2A 07 B9 D2 67 E4 66 E7 F2 5E 16 8B 
+    friendlyName: Name Ordering CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,AB3687F56B28B052
+
+2iZ4LeDKI88jUnITK4gw5o/dan2J/GfMGlCirQz8rITqLgUMBGwGqPJhnnwIFfQU
+7r+0RkFP4a4ty5B40YPAIRPBkNQ1boeabw+JaQORugzpBBowS9Gfm/PiZz/7PeQ7
+gcKcoaUKRySd5dosqBh6+u7a4b8YhI5xNKthXU1tmteUr6lwvxmBnMDu6rZf4f2S
+cB17apju088XOPi1blqwXIjnD4Jm167TkAhF47pMjJLyHx/oseURjKglQBHCkMfE
+lV+hySV+0lAA2QK8v1eRSmr+OaQI0lYDKBhsUqKHcNq3qqzgxF4om/RMvCpS/CXJ
+U7VPhnqgSn4HEhv7o5xJ5I+Hlhdq01WahzRoa7793oK+SPPoJaGcrK3659nhBURO
+AKBw/3royll2lldWZM6Q9hiJnYCgaeSxgI2R90zjn9m2vpP0+Lx2QLcKHf1fZLZs
+Z4sH6L61DW/hGpRJxdtG4ZHaec/0+Wwm9RQ+yOXPiyPpBa5wjCogkdis1Uv9tbak
+PJkwsAEAagdBU8W9NbH++yxyW8EB/2FA9WaY+qNWuax4hIMs22E9G1WUJwBQs4S1
+SZRDmTEPjGG/oBfTVwu3huxO81zMB1E4Be4gIwYb0hfLyDsDVPEbceKh5BHpGeJZ
+2zQeQy9bKogl29NHz/eov3QomKYvztGGK+jQW0nz4tzcQa8xEPkhmLetuM8iDsHT
+RGN2aD4Qgch8dPhpjyvINDa+MkwlxhkYvqp2HN7yOqvrdGA0YVFcW4m5oxYqOoEH
+Z9Og6qRoqMU1Jet8t9ko8Q9PnlJoO/vi5+BF0vzgBw76W7r0uE5Bk3QZlasS8BRV
+AxQjp4TZKTGdLWkxs9ZUD+JfPxPve+yKerO8px2XsNpBVzGw3iaCS2AMglvjp0qw
+l/cKD6LjyGuvYGK8dtN0Iz430f4vno5V+kLoFJfpF0fo3Dn+l3yvcsmco6Xt9+wU
+fYzVJllK4YSLC7C/LnX8Kr8pg+TC/oTw44MBdau9WKBwzjr40LaKA2HDWznaBTlg
++6UCybDdKkeD7PvBaWBPgqd/VR/6xc7v0Ecl51vs/TyE483aN/9YToq5dqBahf4O
++eRDzAmIY6JJ/GN1thT04/6WTjV9NS5rXPvO1VoYD2uumeLRxK6GYXI86G5ji8sN
+wbXl5kEUydTKJ9xsjTaLGvuhdPaXI9PXaC0+Ki6SGua75fxZIMrlUWBeywpE01As
+XfFCfjg4CXIeUR04aZ4nByU5cEhNRmm/X002c+NjiuPjNnk1XCag/6n7YKwUHvmW
+eeRZPu8jss2gR0tlgkR5IRYwO8yXJ6eXyFO5kbkeDKz6NngLj2z/Vo9CVxMOZc2O
+vLkHFyNG65i4kYm8f21X1SIimE9T+gGcpCdaePgfcVWxbejm7gIXY9zJBhpDsh+2
+GNXtBP0AtPGhG8avfUNgZb6plFGLfwIJ9+4bNgJ6tZ1dY5jLhrPKVflDmMo7JYmU
+uXpasIL6VKuNESYUxWACkVkGoaJB5NQUWgYHpb2N+KMbGCk487WMljNDaWDinPOH
+m4MGCthMhcQBcuuS21TWknSZ39RRuhDdPCJjWuDgNf/a9Kog8EbmXUFNv2kdpQmw
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NegativeSerialNumberCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NegativeSerialNumberCACert.pem
new file mode 100644
index 0000000000..bd925b26ee
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NegativeSerialNumberCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F8 03 7F 04 4F E2 C0 0C F3 2B AD 63 AC 0F F8 69 BD BA A9 57 
+    friendlyName: Negative Serial Number CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Negative Serial Number CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIBETANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GU5lZ2F0aXZlIFNlcmlhbCBOdW1iZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCWz7ZliC4aPKhAsBsy0znZfbesj2UveREHH7BiOb9L3Q0rUODt
+VnQSmWVBb3GPz4kXejT51ad01LDy75YHWFSlSWSAEQC79MaawyiUj4gEPxDLx+fY
+INJNmJb7hQpze4e6sQwgYOMm0Z2c16wCsAzu2P23KMEFWn6hVQWj9NzNjdYSqkBK
+L+nOnnEERNWfsTjNJHiU8TPY4tDxyw6N89LDr4ulAYq8NcZp97PCt7KyqXFQrjBZ
+7saXv1faM8FMvCZOuQg2+SIYghpsqceDQLxO/2iNlmMASaQFBftLI4dVpimRp859
+cdHNPA2o5q26AhV5ib7qjlt4qHx5H2xQ9wq3AgMBAAGjfDB6MB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRi5C41xg/F6JHQC8GN3rav
+2ojZPzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAJgEmVAdEqm2wNErb2/
+Xj9gaOMaWrHhj/4vxtssSnwO1B/T3eq6nDngatSbtjItO1M9UNPX/tgSrXzHmURo
+Zoiq2tURPwiwWsYaGuvNLcZNAY7aTxLWNP+x6B33CJF3TRZVPskQcb/Zm+M6kM43
+fCpOe7i0Lf0C6nz4Zdg+Ej6G2/95STC+vkMzH+LeHtPeMKL0tCzTQMljsYVd3hzg
+c6TNjzsuY1IiD2SQYBAJ/IITEFELXqhojiNjFEX4XaDuD43gVe8DjX5PbXXVHme6
+QkDj8QytkxKpnhaibzxmTjhpDIDlBtnAIbJ8mcet3LAFgeCa7/qbzB2iAaRfYoMm
+ejY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F8 03 7F 04 4F E2 C0 0C F3 2B AD 63 AC 0F F8 69 BD BA A9 57 
+    friendlyName: Negative Serial Number CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,96779EBEB0E22806
+
+EbKe+X6uUHMQYjFUN313rKUnO7IK8mf9gKaxIWDUK2qszyI4cbYMTFE+xsH76/3R
+GYf6czYV9ZQPKY6nUeP0jyPfHR6I/cB4P3e6hxIm5tuiUedsIwjiJbaCm37HgeLV
+VNV8gHgrSFoiX6hOfC/l7pzm3M48ht2gEqvdjaVljZG7B/NIP35t2kr/SOxTZtTD
+bVrL0UjnMOaLlslK+oakoCbvmo3J58IRq+IoTnjzWCYRr2bOZ4yrdbC2eYGEIWfi
+0Hm8vTIuRXuf+BCydgdP3Zpp1Zk0shY4kAQc9ublN7ZeDExHVX49klWrBGn12B+G
+e/DraPK6GY4u9s/GdY5WygSe60k75c83U3xidMrj7QCT2PA8B1Lh6mCc1Omb7ErS
+OhMWtAbAIyWIwTDK9AOieLm4e/QdD2PsE54QvZ8rYQC3S5fsYbAH8yGThJ6Ma64m
+sEYHxxAfD2koJYkt814ygDuGdtDiPtZ3WXU2Maa+8KvCx83q2G2gTahz8q9+yr+T
+YqY1SAt6W3isic+vrjVz4vjai+RdPVkHybhvHlTx0Xc9+fnBdBcNFq0lRKM4Onq5
+Ls1Xi+LXkYp8cX5iBt9LbENA4e1GxdfiGIjpHVa2Ogv8BLsHYv8nWteVjCzimJz5
+w1cWC/W8P162E+2wIdefq/+hJlsdzjFLvsOqG2x2koVvs4TxgiaGLnJ4HQ7FhhJx
+cpcpalc2pZUosyibuEI6EwazNV4WvyJiXdE5LLml2mAzOLntHDpx+I/eqH2DbTnS
+vNjzWUaUz83dhDKo5aoViXJIqxrAZO+0fkHL8o6MR/EamJfypHbioxTqWZaI/Avi
+eFeQXZOXvfNqMFAAW0Bjsn5KgOfPJfM2m7f7960mPlpWRrYfOso81UyJsXlbaChy
+fDyYLWyKnOEuQpSp1JU6Odu4Lk0pC/IrLyzVWpm4MvIF2XGr1LrY1GFCrqPUwy4S
+VF6fX6Uf1VX5jTiakQHRJdRiQTgjUSq7o8AIGFLVKEpVFhGc9EQ3gLXsmqxIleks
+vw694zpx1j2MVkUfOUMg7SYGrv2syQmZ6xvxi5pJ37j0JZsuws1WJKeb1CS0M4ut
+mW/g0/6lGjOIFuZ+JzaR1YyJ69rO398sFIcdfp0GqGFNaVkhsIfdw2tZFvaxRvoz
+7TQaQgZS41Ln49sll+29qqcE1rlLeW4XmPGCK/4tUsNuyo8XCcMTTbUS4xzeu15p
+p4WXfjt6vvZ7OXQJzUqtC9jIq00LxCvNph94XyXEROKbkxgAVs2YlL36DKtq3UI/
+Vat5D7ELfGB1FopELgcgsFbhjsAjPYQ+qb/ODK1iMfR7M2dRtHf2AiShMhAgAmCf
+YZ0vbs7m9f5ZYlAaYuzZQF4GpCEGS9iwWrZd6zHMHBPWfS8n44wTo+A/jWPfJ87l
+FA6NYFgd24XJ8hYZVptrRK1yuAZ43sQ7vuFvhH/TK7xmM8pCXpUn4Ec+0RbI4E0K
+p1sXCOZhTwYzP2oG7NrpHyCpDILgO0HzrP1pQA9Yh2GePVaUbq7DP4XVq87qvD2G
+UbUGx1W8S+1EIi3ODMssb3KVouRAYIXFddyeQuy256kBnzVZlEjLnQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoCRLCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoCRLCACert.pem
new file mode 100644
index 0000000000..fea0a3ece4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoCRLCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 6B 47 2A 56 0C E5 3E 2C E4 6E 52 8E 30 60 15 42 EC E3 73 67 
+    friendlyName: No CRL CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=No CRL CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDfjCCAmagAwIBAgIBBzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowQjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExEjAQBgNVBAMT
+CU5vIENSTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPK+0hcf
+DWQf4Y/xcch0tBEFy8majp1UWEluOQmlE8rVt2weoWdZfaBF1cN0+brVFt0Z4U/q
+XqdQBA/PvV1yBYBlsgbgCPcJ0+Q8eeWESeKlt/TXoUl35JeNhz1qc1YpQsce78O6
+Qm0F73tvYD6hD/EFwgYqu3uAl2S6pCRNTDkhCBrRXcsjKZ071/pN+Raoll8StUli
+SiIgn/YHeIs/C/fQKVdAH7ZEq6fLfj+HPQLlRSzWGOXAqyca3Nq3nf74dbxWH15X
+RuESMGcIwaduE+26VSZcmWYpEKdR92GOE/X+WSGiU0DmR98pXoiw1MSip8A/QQC5
+WjIwZDIqN5k2h3sCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+dbZl
+p9ldqGYwHQYDVR0OBBYEFG6uRdP5/cyueml//bgG0kwH7AIWMA4GA1UdDwEB/wQE
+AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
+BgkqhkiG9w0BAQsFAAOCAQEAZ9m1wxVMGI0gYbsb28QvULx/Djy/zn5HsopaKobl
+UPHmmEe0LNUvqb4+3kqrKv8uWF9u5os56WdochV6SXaz17Yr6tmB7JeM/IL6VyqV
+Mqd5UNliAPjnIbO5i/wFXMd7jZwmAuZU7l4Uj2IEKyNJcBbgfD4TJZxtFVVtTCo+
+dSVYAO1ZjWpS772MXKmWqVeUpF23OPzAOEa8e7IR8l9zfHMlmohBxKyGTUvuwprn
++TS4ZVXrjjAHNz41aRzX+RYAUuNDHpWtFkuCpcU6FzcuzL76F9l0gRGd7onaT8SX
+ny3QlPHZQLJkgOVbsvn+eIixTzbZAI61iRjySWWbUguOCw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6B 47 2A 56 0C E5 3E 2C E4 6E 52 8E 30 60 15 42 EC E3 73 67 
+    friendlyName: No CRL CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DC8376C0C95A435A
+
+n5BynILbtVbjzjbIfMjuMhFd06AsiRtmpmyp6bZSbu7vvGiIhiuUkxiYNZz14jJT
+QdfuD9hP2f85Td0mS5WVN4lXQpcrjQVpc3CiPF6slTQc7bv6EXfv8v0vV/5OV5Z6
+2YfmDkN273p4ytcRLJSYhMzntFKcIQ2F4wdPRsarcy1KqcJsSgneG0B920HXKi4p
+PoDdbSuJsCKVhNxJV/Lhf/53oVP0IEW/H0Q8NTXBBL9x/xLUVzuFM8gLMacoKISO
+MvOmWNv9J/TPp5kLWP6wtaZV4TKhYWB6gfn5x72L4QjHAOOPLtr/4oRUwXZq8enJ
+ixlZa7NczJrsopDvGUOWOSiYcqeRjgoUSOYC2hCGmzV7dBwxuAhETHXN2biXyBSb
+54Ruyswrzx9jTYbosVCng5I2tk+USx7dOiCaOD7PQ37uFycOFXpc9/i/X1brB26W
++176CGKu2JFxI8V/1ZQvAYUShF6YTD0pTnn8CYpuoHwiXVM2ofVES9BVGnt/JiRa
+jUEqr0d2tRICjU5w51I2H7cwEbOR7XEUONRthu3x1EJDxEF1ME3ziu3J0sF6gnzu
+kdzgUPv7WrjKe0mwtjPvEb+MN736hodRGrt6dROvq2GMDng0JHI+PBu4xpl0YSdS
+BjMDg2AFcpo4vKC+5qcHlvyhvNlTjjjackf4bw87KB4RV1XZaWBw5MyUhqdvKH58
+3yFXybTGN75fZKuAjkRYMXnFJvwm/DK0PmUcV4Fgt44lVGeYfbJJj4q9vjRWFZdJ
+WmBzAtLa02qEaRZfMIfIn+7/G/dPjb4lVb/YAfM0hWn+oXI1YnVLw+YIO9TLL8o4
+R65IgFBYsrr7YJ0JKjmnONsXrukoU2YvDEuZSffjIE373Go1kTKmPr8O/mJSqWq6
+q61jmjMt72lk785b4daESIICYeCR6fe5vm1uSDrC6AZCjNMirO0EZyd+Rk6+KEw3
+OD2eCvsMoqXfjgaEwPGeMt6gR5ipnDD8HuYJ0+Ntjas2clxWqjl1U58P/y86TwpA
+QsGo3ohWF7rPVj/hMUwiKphiNsNbiyvf2Ubh2xXS/Gnw+0i362M1Nh4JOeeVfOCC
+i3dNuDwonT2kbb7QS/OFN79jdsIwzjK+AUD7CNBy+mT1FKyH1UWqHydLVMhI6+Mu
+0Y14W5pHpWUnqqt+5gX7A/bNZ4Flfk+JS0lsaq2WZ47936goEpIjrt4bn8t0Mfie
+jdz1lZEV7LElUJ2akV4Mv9HMrakS1U7LySD/NGzyRW3ha+2nstu/JS7hFk+Jf9zk
+lr8SWV8L67SXxRdMekbXYVEJZ/1R9TWUnBSZEg4SKUGWygPMBgm802gKOjgzyOVK
+Hxa95RtEGdccKNGCcjoyHvpvYSLbZ5873zHYngNmWc3jV0k9mF6q8lwYaixgnaFa
+Bt79/zo7I92MtJMMSFsvAVJYlh/km1xPg2ZgzN6o2V7SvDcu2TAnLrxtDnBEeYB9
+8uUJxgdXxhg/hzV7lz8vz/agpQ238F9GjjafJpbyd+ZXyl/mUaXHVtd8uRsCsOHD
+BIVww4sQa1SX+/idOYzaeqMX/oyOokrOTwCHp75jrFU4ysqWF6Qv9mvLlHp8EfUY
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoPoliciesCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoPoliciesCACert.pem
new file mode 100644
index 0000000000..aa1bf01f04
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoPoliciesCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: E0 4C C3 A3 D3 2E B7 AA 3E 7D EF B8 5D 28 C0 A1 4C 10 B5 C3 
+    friendlyName: No Policies CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=No Policies CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDajCCAlKgAwIBAgIBIjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFzAVBgNVBAMT
+Dk5vIFBvbGljaWVzIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+1rGRRtklAdQBZAIICc8jB889UiuPhuz42qkRhIXsu7pLBvoK6CJRcKDODBkxmoUc
+qkmyf2+6WIPK706gZ6ICLlaZJtU9XTG4+VdVe1hA09jjKmYQ5/RUoFto2Qn/jfqt
+jAnEgoiJuTpGbhMNcIqmUB8e9U6xF0n8wKRuoO352ZNmKkslQMg9IDTD2CTeg8UB
+Q5FIlTX+6ePUKgw49//7q6hdsOOsun19/Hc7zGfjI+ntqFpHXEL50sckzKVMO05F
+9qwVg5+4a3bL13QHFDUf71SqIaXyh3S2UkvSphEbyVz/XU5oF5mMnoZWsXn+QbR0
+gNqQlHGoqA7q5s78WqUDDwIDAQABo2MwYTAfBgNVHSMEGDAWgBTkfV/RXJWGCCwF
+rr51tmWn2V2oZjAdBgNVHQ4EFgQUQiQD7aVLdpyXmFx06gU6G/w15JwwDgYDVR0P
+AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAB5U
+gIV++5zaqU8TC9lSIq4uTTo+6Q81DBD7Fa7PWhFLqF9cKoZ+VFDnIPQVVhz4laar
+9Gtiz3Ix8vqGP6gPo5p+wpspJ13VF2YQqe61ZsOg0Mh15FETqEjvl6WZeVjdIvfR
+p6xsD+h3T++Am1eYNaAwieBZVi8OGRJGaMSS4Q2RNXs0vzT5I4RnPcYwzLQsE1jT
+7xkAkoNMHPaSMPAiQtfYHX2TqMn42Bp2CFuIIiDoZeKntLuo/vqKe28UW/d/uoUl
+1wE635wC9nhd+YzvbO6vVVjT77sz0H7KWbMA8kn3nx4HNNhVGC5CAtqtZKpQ71MU
+MnIgZeKsGC348hVKpRI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E0 4C C3 A3 D3 2E B7 AA 3E 7D EF B8 5D 28 C0 A1 4C 10 B5 C3 
+    friendlyName: No Policies CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4D0B9931D6FCDB0B
+
+xwCEkfEtoqtmk8ThayVcASqeRPvbex5x7XdY71H8DaA2yx3xu9CPwRelu7X+wm9q
+vPl50Ym7nuva9Obnvk6ZYx3ox0YO4NZApg5YZDmQnlrg593vZf6BoiQft8DaqxMv
+KJ/0Ar8mDd97VRZNfd7Alqr33AGlLVdsq6FkXZu/GhcGMIibUgnzdU2bNT20MD53
+rlitHQIj4wp4nd4sv02tDeKWYii6xkxGaWNJWlGHwFBi3+pYJW9lY/6lHgx1LCrt
++pQV8t/0ORoCAokxAZ1O1UHFOlvryvDgfWYayUPJ4riZqLvCRJET44Pd1H0OnY2F
+9w123cxjeDF1IXXbpb4myQUeN+u2XBrQK4mjJbUKytdBhKLrx3ONkGDcAuPgcHHL
+PRcHxJSs0ESwKZ1YxJhMX4CqeaWIachLUIXZu1JZV1OkeU4tTv+JHbxnSqbjPj12
+E0v7oQtyAKVXILXPS19wvVejZWbJviQB37N7xTNe63di8bOg30UhD6/gn0/iSOfC
+3lUEuaXNptx8cmQhPrbVSTHcFlp8GghkLES5NIz8Dbjgq8HG0jQrNDnrlhwou0H4
+Lgvu3uqs70tlsa+ZNI7kTiRjQ8s3b0fKXN3h6UFMejW8bHvaMWakVlayyusF/lyS
+km3HGcu/rZx0IngvyrUvOVKdUy1qMuG+LO2eZCjB5a5Gjiz7FvxK00DQrGNArW7s
+Kw5HyHxL+Qz8auWbsCjsWC9l2lG+wvZwFHdjw2C5gEJuwSdrtnToQoDvqEVLq3xu
+kS+uT1MeF1NPRjyMORMKIWtPjhyJLyCBpjALAIFvrI8ENuGTqeaKjy6YE7WS03iM
+VF3pJbm9/iBquBZU2ZGKRCle4eJNtLVQIt4us5qT3qkz16n3WMATvXBMpxRutPHy
+1J38c7g0f6tbngQz2jEEq6d/wHMVQbOTu8m4JAMkBDChXWFeoh6DK6KNn0j1JOBU
+xxZhKDSMcLjQ5qTO8WHfC0YtnWwDyJH3pdGEq9u+Vur4Lo96/tKMoxSMWTa7HxT1
+qi+DxxYY+zcj+aBDhfRiQQrMXA5v7aYJz7rquQ1h5oJfsBz5pBAhPh531hM2N7Nu
+/dn81tYsX084W6z7dAdHYppM1Ovg96Gl+IkNA1MXKy8ZLMrMJtc4H63z+1MJHfxR
+AY0VOXlsm7iAB8IoZLYM2aeuY+Yu+Xm2yKs98a98SKzXsV8qQO8SLwk8sfJuHv30
+SIql4vepd6otd0iJZEFonDMAV/fnrUfxQS3gET4lkAg1bCEK6j1NZ0HwpRYgvHm8
+iXF4t2wmcnPncfn4HkMM6X60+v+VUZlhl0y+9nqDaWM0n52DjWseHvJu6m5qF0o6
+w7ABt8YzEO/fVNVVWPRMGjxCvJXXgxkGbd/5cYKP8BRx/N47WLTzaah3AqtUpZr/
+ZtazCnraXDAsGbvG3bSBYHOPLBrunjzKuemSSR/wvVPpWbdlcsGhLHp8T/qBsGwL
+EoqbmZY/bPQg4VGD7D8DH5OqibEn9yUdxzXtJ5kinteG0+r0onUVXS7onth441dE
+pwNbzPjBhR1syNQ2bKzZ/93hOvkxTLDjTyv60YISMSyQ9peWfpBW83M3aaSN/DKa
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoissuingDistributionPointCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoissuingDistributionPointCACert.pem
new file mode 100644
index 0000000000..9222c1873b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/NoissuingDistributionPointCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 7D 10 60 ED 0E E9 49 A2 C7 F7 2B 5F F1 3B 4E 43 13 36 C0 03 
+    friendlyName: No issuingDistributionPoint CA Cert
+subject=/C=US/O=Test Certificates 2011/OU=No issuingDistributionPoint CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBTDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJzAlBgNVBAsT
+Hk5vIGlzc3VpbmdEaXN0cmlidXRpb25Qb2ludCBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMCr+3UdavfOBl7iCrYG59vDPxixxgNXuhT4Qd2MRQty
+I9ncZ/36pjy08CrKmPWAfmVZqSeNOSSUdf+BFUfRhVlN7wNHa8UqQei+5WfVtBUb
+B+opVvaoswfaRZC5jRf6sPfP8j1WfaMgDTmaHenWZs2DolsuO2C6eGjvm2nYzQi9
+7km64+oqlTXI73rCKT6WWTqHXLn0oK2gBPf3sTSas2olu/WBu6Zp9M3CjbVV+VmM
+7lp8m2EJLNFrI0CMMLCdeeYyElJ2hFqmRObNqnhcWh4eUrp5IVm72Pmsi8/2EbGe
+BGFa/l8dwzgR6EvOLFgoVnGufXcsoR3oPiZey+JQ3iUCAwEAAaN8MHowHwYDVR0j
+BBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFLPLVL9qnfyfxzEO
+kgynR2uZAJ8xMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
+MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAINy+PfPJaZ5e
+hJYhM4p6aSvFXi02p8Jml91EVwGkZu3hwgreINpM+gL1N6sAGRPnIxx+vZyqMOoI
+X7q5TyjO4LjmEGb4yqWANzqUlsEd8nPE7n0jJyEk/fT3EJVnNgMP5tvnW+E/+IQk
+V8e1y345UWk0C7xw4eYUFqjE4jWRqxWLEzLIYOb5nLakI6k/aIfij5BXXQyYv8c1
+H67xMGr5dfy6zsy1+dJB5d8t0voJeYxhWRKE/YHxx81+1Y/Oum/5HrCsGIf07xFu
+AlXdSF2FDH+i/YMlZas1laFLoGxClpfIBKvCR490pQX+0tEihAsZuISUSo/SIp0R
+elkDzLq7nA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7D 10 60 ED 0E E9 49 A2 C7 F7 2B 5F F1 3B 4E 43 13 36 C0 03 
+    friendlyName: No issuingDistributionPoint CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8A63FBF19DC0800D
+
+QhG/rbdcof4QsGqihybqEK3EGzxyQu+zRHl3/3d2Jm0y1ByDUu5h//BzYvktwwfD
+YR+05f6rIAQf9l5Ghkl+nT8SuR+P6H+kr7ZXU4H6dYxo5EETL67gBDdqE6pT+DWE
+9H0ez/ZwOMYCYPPrU/c6AQ1N1YSVG3cBoEM7qqkUibOIVWsd8DT1nDSTg7ZW+sS+
+PEUiwLeYmu+qWVCoskKTpNSFUGRe1Xy6uO7qDK7bWaL6WuMMph7KZsudkXJ30d3+
+77VufR+nJ23OS+xrOHBqWHdBBPUBK+zT0u+ocD/imExNBxUKfXvN0+N8Elq7zZzj
+DtjA9LH4CpmEr1zVO+RZgB4DU+7SB14EnaAUZiNFdVfGCQEk//wMkmZw5FUdDBQz
+oOLRVDSuis6VvLFgQgDQCGeQdFVh69je625W9vQnry896v++HX1jSpzHpnrepqyL
+RsRgWsCpxyTC2dO5BxZi5V3OH2tpdgCiPvxAU7yG7gHSwq/ZFBoMYHmJdLH7EJqF
+MeuZ9QAX8BrGY6qOremH0dyXri3pj0jUUDqMBk5AIBSaPBonMBKGxVSWilN11dGb
+222RJCnupmLo6f9zqtEyZqKpCTzOzGXenHrG4Ncwbek30EkQ38NWzwBYucDg6w8w
+Nk51h+8pseLO2ZN72ZIv9WhL7sf0EXal/rcBJxLnVZBGo4X96cmSnIY/UW58Bj4m
+Xtcl/5tMYNgJMdlQhNip9bd+1XIpcVAiYXZ6UneBbIBsE/UGMSvMjqUV/DQEsVMe
+QsCOz0TfezvzJARpF+TQogD65mVRDpzSwoTLk3GJudRHxURxKb0vPBVc28v5G06P
+0yAFn8LWebnG6vXsOIPXnrchMFSDkYU/mnptIqXVBPnA+2EEnqvNrrwm7JkwznOK
+dgBqubSvvbue/Syzj0gA6eN8Zf3ez/yj+t3WyDG+FNkDjtIfiJStkSAwS5iyU5He
+pGmG+LtjVZrlwHhlv9gVQDU1RbLensJ3+cauasDdbs2UZhB99Fhka7kaaMfNonpW
+7Ft5/FvFFlomCosg1MuqJ4Av4H4DMvPKJXVToaMn5Zhl8++c+a78Vnjres0kdov6
+n9F8716q2L/xiBX90G7PdlUfTwTNbokzIowIaKkyz2LVEEYHQ3qIJG/YA2YCzVX3
+vkLKGWWA5y+z2sVr2JucAOKP+qwU8kGCB0BzsEvxjL8ADwZ0wmmWhxhJXIVzHVfM
+4cMKnW0Q2mcAEr9FxrccFSj/JNfo1EBqbKUEOyqeU+MkX+80yyorXsNiQsA6sK8X
+njrck2cwZOshKCe37n399spt8ZBByu4zmTw8Xvy/BiGvRlAoZEgld1KEilLWQtVB
+0rr/rKxCCJoWbaF/Oqr1SSl8yw5TGdoit3u/Bm0YA3ijruOtNjtYXeJRhj4pN9Df
+aFtCtLHpWvNkEYw4WpZD7CFy6dImbqkW7b0+Khg9xEPT8Rog1P97ltN+MqVRqJZ4
+8Dnomm/C5Ahsn6WAh2/WPyfxGXTULPia+jpDlpMZP+NpZNDDNPOHBIU7/I9F+n7U
+JqcDwyTBqGooGtm6z9Kz1ccUxj0cLl6B61AfKaY9OlR5sdqIUyPIJQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OldCRLnextUpdateCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OldCRLnextUpdateCACert.pem
new file mode 100644
index 0000000000..0ec4b21b6a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OldCRLnextUpdateCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 06 21 29 E2 38 20 83 13 82 97 68 45 39 02 F6 E1 06 EA B4 9F 
+    friendlyName: Old CRL nextUpdate CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Old CRL nextUpdate CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBDjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FU9sZCBDUkwgbmV4dFVwZGF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAL9dKBLjox+erXrb2q/rdAlXUWqvi4uRcldjKQjs+z/Egt/Vz3XSzOqE
+JVFUojykLto2tYO0C4ZM+FGnn6b438qsXkeIPU+WGv1eNqi7Mm0miU/+JKXnCDMG
++Aq+GQSK/1JoQbusbFR1rfhU+a2rH1eMbnclG0CuknK9jhXc+rhR3GcfW1ZC+0rl
+LAjH1CPM/uwyNB9th87sU4FJ1PpzKa46pgB0tCIZqDw5vAMWn3vllBvMRtvVQBOR
+GwmkewDGifBJlvI3IHsEwxvws+uBoGjni/0cM1Zf/LZkjZYdbEalLf+a0uAqzdyv
+VhPCKYwrJP1H85ubTpFRGajNw35h6NkCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFM7aH9pazI6X+iAVKU+slo0qzXgT
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAuSS2lcdw8wEVWsN7SEqN/PFY
+fYY1/sJLPGnE33ItquQhD4Ab9+4b7o0hq6VWkomiQCos0lgrBhQyJgjiBSB3zjAp
+PIYXQp7kzXx0wo3iVhxVITv0MfEOfNbPNP2etUs6ivcOXcO/uxhB1rJvgs/xSzwv
+C1waXG33zCQcABSSHu6Ylkw6xkI16W2nbqbySz1zoilVthP/ulrVB1IffCyrB5Lk
+LpY3pV7O1ibyHjmpOliTfyktarUbJBXt9X6m8oWIRk3p/7dl/08oXD7bAFk+19L9
+BaNzLinwKdp3GvvI3SzmNOtUiweQ83tNJig0eI7YDTeHlfPRZE+hccTfw5DdSg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 06 21 29 E2 38 20 83 13 82 97 68 45 39 02 F6 E1 06 EA B4 9F 
+    friendlyName: Old CRL nextUpdate CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C60F4F875B4AE07C
+
+r1mixPIe6yhRKt7pKXN2rL0IbT3xqH1GydMztUKrUSYezhqkuQsw114en6v/1WD9
+RlfiHQvWp1eProra/8t6nVDpRdnrKGwCm1ov6Bxm6mkBQ2e70Wusl0N6Gi8ACjEm
++uMv8WU7ofPAd3Zf7LSdhLwuOpL2/Z6St+NfLU8MMch9PmegwBZ57JcVCPuHT7d+
+1W/k7GSqTfbof7E/A20CajhrzWjkDB0/0+zCxnfZRgy/kF9JJ+J5O0/90/VZQelv
+FzqG5M9ReSxGi+6KHVShuNRke4vPRAFkH3/Uu9sRXHFNcb5GbdxAkxNfJ+3UVegO
+rCdf6bp676QKTCGd+7V/e7gFMc/w1TScYAzU1JDT0qt2hbQuO3Ecr+UY8u4WZGiy
+x/ICs9hI+1Q+bSDRz7t/ozCLmmiRDExw5zUi+xbjbaBSiX6AdcYP4ZpwQLp0Yy1C
+A3lvY9yJGwAB5A5SIrJGnfsqlqg2Tv0aobIANvLzDMcduHuv546mDaiBXPnm4d8v
+gwsDZAaGJmCVDoo1O7Vv8wVf1YYFBTyuSznhj1RQiZBLKG+kfcBzADnThWmxXCQb
+GoiionyRwtLueUuBQLdfa3dywn2SFnd37QFJ3/ditUvWwSs5NLPFSNYsAnw42B3P
+GVCaDXWB8RZ3qnAIrsByMWLox7bes5zndblMKHsveZBWpjQSclqXsvm9vTYH7FcO
+gqN6mhv13G2kP962VUDEu+I083DFBN1BwqWU8qEWCv/qUjRKRg7v4ySC1vz4QeMc
+IfoNqY/CmtgNVx6hWQL+1x9iYPbG6yTxwuu3ke+qmnHkCrAEtVtZNE8Es6iFdckr
+lYMSSl0CmKmU35Es8OoLVVBnY0F4G6+wM6nRCnkFP/9wQk07+bRszz0G3vdv2eX+
+khoD4fs5o6wn7qDuus8peD4z7F7TKiTUATZgF0xa6zKDkAIiokrlaXxOArU/D4ky
+g+IP3fbR6m+3VWt3IMZ6IEWU2ZlzsUBkpCsFvGKLTF/Jos2PeCoPQbVu4eaH5vEd
+RhHL2tyQEFDYA1mLz8H0NFqFw5n0la+3dzIBQBwGU8zTkF7Agaq4FHo+o6JykI1K
+FDLW5Kv0aqO21SyJ4fiTSl4nsD3i9FeL8d8LIQim89L7GzhuVfY9tdk5GUV7D8Vg
+1I4mkISYYTkOeNwo1Bq3yxpslnMaoU/+TrvfvIrtfoozutLNCZmhFCGUzlriHPQ5
+JAP7rBKdhQdG8iBYFyq6hCjnDuAE8BoeuQEhHLxb0nefwZxv1CdS8pr6hVDRiWLy
+C855LiwRZzMhWPQINUnqpfdzVUNOeN4dBsbyuEHgegjXlmg+5K2g29pLofnvQP21
+5uy2qS/e4nAKmMIEMf5BpHjl9cuZcgGlz2f8QeHBC2rsYesptL3SaOukGKNHxUyg
+hWUEY/kMz87FMSZUlIIeGKfH/PLnSqmY2Voevkf7Jq6yxOOZT9uHMYBRXsDa27Lw
+kzn90KqeSvvfbciV47a1X+UVklepdl8KzMM9yFJsapyP9Nc36c9b3Jv1X0i/kb/s
+eRcv1pYK2LrkID+G+WUJJKgEts2qiVwmNucWFh+0xwWmxsSsCr5DyQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6.pem
deleted file mode 100644
index 85f0b79c2c..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6.pem
+++ /dev/null
@@ -1,214 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P1234 subsubCAP123P12
-issuer=/C=US/O=Test Certificates/CN=Policies P1234 subCAP123
------BEGIN CERTIFICATE-----
-MIICoDCCAgmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFBvbGljaWVzIFAx
-MjM0IHN1YkNBUDEyMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFIx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUGA1UE
-AxMeUG9saWNpZXMgUDEyMzQgc3Vic3ViQ0FQMTIzUDEyMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDSpQwaDoPydLNMC8zANHGCiwSSV/p+yyB92D3cy4OofA3o
-E/MneZrL0kkAoaM3sxpkniK7a37+ghg7ydyUw5n9CRxAyNMONSetp9uBB9X1+fZy
-9JVVK2W+5ycWBDxh2YOfyFE/wQBbJK7rIIrqtgUgNi7O+6ppcpbnguodB17MZQID
-AQABo4GLMIGIMB8GA1UdIwQYMBaAFLZ7gxmIHEmBIEPO8oJM80aGKITZMB0GA1Ud
-DgQWBBTMtOdc+dU31FBVf7Ixli7kkaTEaDAOBgNVHQ8BAf8EBAMCAQYwJQYDVR0g
-BB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwDwYDVR0TAQH/BAUwAwEB
-/zANBgkqhkiG9w0BAQUFAAOBgQB4KomH+VcsPxXsULBeuMVL7QtJMD6RoGaCHnL5
-NCdwpt7QE3TVRnWgL88gSXtmMudJ5QIb3ko7PYOsuUhA/6YZvoBvQIdJAnprjYbr
-kxDMfK3PoouD3cQncVSz4xqJ9VcIaH6/oAKGpDt36xSUY2uqOHb1DLO2qmKiStvW
-Cprikw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P1234 subCAP123
-issuer=/C=US/O=Test Certificates/CN=Policies P1234 CA
------BEGIN CERTIFICATE-----
-MIICoTCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAx
-MjM0IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkGA1UE
-BhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhQb2xp
-Y2llcyBQMTIzNCBzdWJDQVAxMjMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ALs/TklxdGqU1GnW9LkoRaacXCpRHoy8tYpTUbUhznd5fkjOW5Dyc9HK7DWs8q1q
-aAvU0KeqAEtguNCACjKFeXPyWtQuYKRB5o5G1WXcqy4pYK2CCHsyaa6hf8+kU1Y/
-3VcEuHoDX0WFJ5JFlaRERNagLbzDTjG6KtM4yhcEnTHfAgMBAAGjgZkwgZYwHwYD
-VR0jBBgwFoAUMLt5B08Db7IYg3poQ6v3TKFAcQowHQYDVR0OBBYEFLZ7gxmIHEmB
-IEPO8oJM80aGKITZMA4GA1UdDwEB/wQEAwIBBjAzBgNVHSAELDAqMAwGCmCGSAFl
-AwIBMAEwDAYKYIZIAWUDAgEwAjAMBgpghkgBZQMCATADMA8GA1UdEwEB/wQFMAMB
-Af8wDQYJKoZIhvcNAQEFBQADgYEAM38BPBwz3qjIhPI9byaqLmDkw3tA5mxae/P9
-N6WYYwW+Dm0KyjXs9SQZ3BlHDl/+D9dJYNScOXjKpc3hnrAUT31rGyhC2CwV52mt
-xGukdJIxKOQgucIylxyxF7N5x66TyC5sxJGUh3sjItg6NAOQGMwBwKOz/5zNTdK6
-qDuaEoI=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Overlapping Policies EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=Policies P1234 subsubCAP123P12
------BEGIN CERTIFICATE-----
-MIICoTCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHlBvbGljaWVzIFAx
-MjM0IHN1YnN1YkNBUDEyM1AxMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMF0xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEy
-MDAGA1UEAxMpT3ZlcmxhcHBpbmcgUG9saWNpZXMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALT4JJTriZO8+53ZvgYrbg9m
-azzLgmYzgvBJ8/IvzLaXsCv7sw/M2DU/CyOdIPy8g9XchC9QBJrAI65Muvlpf8a0
-CGqWH5AQElXjIkicPMgfC14xd1govVHxaRIrM/g6zNgGPnSivMXOrTm6fMNphEvC
-CnG+SqRQ6oKAkO1k7jWxAgMBAAGjfDB6MB8GA1UdIwQYMBaAFMy051z51TfUUFV/
-sjGWLuSRpMRoMB0GA1UdDgQWBBQLhzG1VDzXbIBJ1rnYkrn+iSfrCTAOBgNVHQ8B
-Af8EBAMCAfYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMB
-Af8wDQYJKoZIhvcNAQEFBQADgYEACuuacGsxw8Rq6HznT/dvzsw93OA250kOCJei
-8VJbyNw5x61+F9LxLZSBUtYgIfCOid3gUBe8MU0W1r8Qpg1PD4Vgq76l5IWyvH+K
-ACy4A7XpJB8a5zF7OUGexEkFC9RQ45PJ6i4JILtMeMLTR7c0pCkRthg2CW/vIc6a
-Cs1zrEk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Policies P1234 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICsTCCAhqgAwIBAgIBIzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEUxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEaMBgGA1UEAxMRUG9saWNpZXMg
-UDEyMzQgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMUyBhDbDKsFVn2a
-KCxh5Y64ZiH8OTq134EGg3NL8l0mqcA01qEhLCasHMR98sd5xKPtNEQB0kN9jf3d
-Zmv4gop4bAAqPlhvkcJ/KUMPLpLdMBT+1xLAdu1yKh7eKpoIo9vfus0fjH0aOWhT
-Wa7rCSuf+9I6DoDk1gC1Q9k57jDFAgMBAAGjgbUwgbIwHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFDC7eQdPA2+yGIN6aEOr90yhQHEK
-MA4GA1UdDwEB/wQEAwIBBjBBBgNVHSAEOjA4MAwGCmCGSAFlAwIBMAEwDAYKYIZI
-AWUDAgEwAjAMBgpghkgBZQMCATADMAwGCmCGSAFlAwIBMAQwDwYDVR0TAQH/BAUw
-AwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEBBQUAA4GBAMoj83UxGqz/rAVr
-SXl/vP2tx92XqrJj7UYRHcHHcTodTHoJ3j+m3MUHwwsoZrqvnhS1HtIqPQsoD9DD
-8Qg+uHFd5EH+Js40QK7zU7mHBOI64Kl8T8xrpgcnlLgXpg2H88at02UvMTDj4Lix
-ANfajLNnQx1htjJhMY3zzIgPApd+
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P1234 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:30:BB:79:07:4F:03:6F:B2:18:83:7A:68:43:AB:F7:4C:A1:40:71:0A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        bb:b2:2e:86:63:50:7a:60:75:e3:ef:14:96:e2:19:21:90:ce:
-        61:fe:2a:1a:d1:37:59:b0:8f:3d:fe:c3:eb:b9:87:61:3a:7a:
-        f4:ef:3d:46:ce:ef:e4:a7:de:a6:7f:ff:25:1e:78:bd:df:4d:
-        8b:96:70:ac:47:8c:e4:77:1c:f2:94:3f:bb:36:18:21:35:0d:
-        10:d9:69:b9:80:42:d0:7e:81:15:55:df:6f:fc:50:b2:9c:b2:
-        53:0d:b5:0d:6c:69:55:b7:0b:65:84:7a:13:9f:74:8f:52:49:
-        58:2e:6c:bd:b7:19:b6:34:eb:d3:1d:cc:08:a9:3f:07:04:69:
-        75:e6
------BEGIN X509 CRL-----
-MIIBPjCBqAIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAMTEVBvbGljaWVzIFAxMjM0IENB
-Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBQw
-u3kHTwNvshiDemhDq/dMoUBxCjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOB
-gQC7si6GY1B6YHXj7xSW4hkhkM5h/ioa0TdZsI89/sPruYdhOnr07z1Gzu/kp96m
-f/8lHni9302LlnCsR4zkdxzylD+7NhghNQ0Q2Wm5gELQfoEVVd9v/FCynLJTDbUN
-bGlVtwtlhHoTn3SPUklYLmy9txm2NOvTHcwIqT8HBGl15g==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P1234 subCAP123
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B6:7B:83:19:88:1C:49:81:20:43:CE:F2:82:4C:F3:46:86:28:84:D9
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        45:d4:de:34:51:48:6a:d1:4b:e0:d7:2d:55:52:e2:e5:8d:a5:
-        ee:bc:a1:c6:44:0c:9d:b7:61:cb:a2:1c:58:1d:03:a1:cd:8e:
-        e5:9c:28:00:4c:07:c4:0d:ae:a3:b1:c8:aa:8e:8a:59:12:41:
-        57:b6:fc:db:34:10:a8:e6:c9:cb:0e:5c:28:6f:b5:3a:00:70:
-        9a:a9:ac:35:83:47:7a:02:24:69:46:26:63:29:0c:c5:51:c3:
-        92:c6:c2:6d:cf:5e:b8:25:eb:d5:b6:d1:62:87:3b:9b:24:6a:
-        b1:9e:33:a2:96:bb:14:74:21:ad:b7:7f:98:ab:b2:6a:25:2b:
-        0b:ed
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGFBvbGljaWVzIFAxMjM0IHN1
-YkNBUDEyMxcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUtnuDGYgcSYEgQ87ygkzzRoYohNkwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEARdTeNFFIatFL4NctVVLi5Y2l7ryhxkQMnbdhy6IcWB0Doc2O5Zwo
-AEwHxA2uo7HIqo6KWRJBV7b82zQQqObJyw5cKG+1OgBwmqmsNYNHegIkaUYmYykM
-xVHDksbCbc9euCXr1bbRYoc7myRqsZ4zopa7FHQhrbd/mKuyaiUrC+0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P1234 subsubCAP123P12
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:CC:B4:E7:5C:F9:D5:37:D4:50:55:7F:B2:31:96:2E:E4:91:A4:C4:68
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        5e:89:62:c5:3b:e0:10:f8:22:cd:fd:e2:44:73:c0:23:98:67:
-        89:29:67:ae:39:3b:53:4c:02:24:85:6a:37:16:1b:a0:c8:fa:
-        ae:0d:02:27:ed:3c:06:8d:e2:ed:35:53:a3:06:f4:a3:ce:6d:
-        63:d9:86:33:2c:95:ce:47:95:2d:7f:5a:f0:a0:68:79:5a:a8:
-        aa:12:5d:79:b9:4a:bb:a2:5a:85:af:39:1d:aa:b6:a0:18:da:
-        39:f6:0a:00:f1:0e:2e:fb:62:1f:6f:2d:d9:0e:b7:da:0e:a5:
-        92:1f:fd:1c:60:73:7d:48:f3:9a:73:2a:14:65:78:2a:9d:7c:
-        88:5a
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHlBvbGljaWVzIFAxMjM0IHN1
-YnN1YkNBUDEyM1AxMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUzLTnXPnVN9RQVX+yMZYu5JGkxGgwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAXolixTvgEPgizf3iRHPAI5hniSlnrjk7U0wCJIVqNxYb
-oMj6rg0CJ+08Bo3i7TVTowb0o85tY9mGMyyVzkeVLX9a8KBoeVqoqhJdeblKu6Ja
-ha85Haq2oBjaOfYKAPEOLvtiH28t2Q632g6lkh/9HGBzfUjzmnMqFGV4Kp18iFo=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6EE.pem
new file mode 100644
index 0000000000..3d5325d7fc
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/OverlappingPoliciesTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: ED 92 6F B3 30 66 FE 5D D6 12 7E 34 D2 4F C0 DD A7 7F C6 71 
+    friendlyName: Overlapping Policies Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Overlapping Policies EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P1234 subsubCAP123P12
+-----BEGIN CERTIFICATE-----
+MIIDsDCCApigAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeUG9saWNp
+ZXMgUDEyMzQgc3Vic3ViQ0FQMTIzUDEyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowYjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExMjAwBgNVBAMTKU92ZXJsYXBwaW5nIFBvbGljaWVzIEVFIENlcnRp
+ZmljYXRlIFRlc3Q2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9FQ
+t2aGcDvI7U42QCqMgObhOhdJlQWJSgI6EpQj0hEAvhPULpSpC3pqiRnBzmK86R7j
+zEk9TxnGNYFqDS7xM6Mdkj+0rOKmnzVIycEFrcQLHxglYGj8PwSgtvEq/fIuebJZ
+KEoS/jCrryVGnEUY4JWUNg4bqOGDSFTu0JBj9lSKOOH3gh+p9rJg5Hwc+Wbjb0Sy
+8pGRGuSXsumSugGqHKoxSWfErrnTQRcls7VqJ4y8MJwlw99q3+Xa0aVOwoi3ocPM
+mgArtDN0rHbP7+4tNcHsIjl/2WXUokGUn2/9GSW5gBIOJw3Nd6hvtOS2nlGf/qUO
+KM8j/wjWImLGF8MjkQIDAQABo3wwejAfBgNVHSMEGDAWgBRO9F6h+Qgwe2WsksAR
+CyzTtJYHHjAdBgNVHQ4EFgQUkrgz3HUFQnDN7aMnoK34budYbUEwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgH2
+MA0GCSqGSIb3DQEBCwUAA4IBAQBikCXaSOKIYSsx3TQPKgbpM0QMvbf2ios9BSNw
+uJv8LFXz+bxFq+7x5GyTxGZ3KLgB0hypILu6M6RfRpAuH6eRJJwuXfXM6w/y2uqC
+wqNIR5PwyWosBjqtBAUZZf6/VVU5Xd6BnpZ73jBNxxcgJ79svcw+6AFPXlcygLjY
+dhugLPhA7BNyKmA9kxRrnp6kCLh3dI1q7Qpl55Ytz6YuyCAHe3NMdC1Ee6c27RwJ
+GfCjDKhkCB/LSn3jbU+y/9lOSaMRSkAPKn+dkp73UpJnJzX57KJb/XE+q6R44m6h
+FNknITUZyD5S8UuF1g929cjBj+buejxo3P1jxH9Rb1+9/REV
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: ED 92 6F B3 30 66 FE 5D D6 12 7E 34 D2 4F C0 DD A7 7F C6 71 
+    friendlyName: Overlapping Policies Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DCC5536BE51EEBFA
+
+sTrmnRG3b+rHlW6MI5TX+ZyhauWPiSVXox1qksQP5vC2MH3pZm7DTmSxRLw01bWX
+ilEGhAyYxi5oX10rWVlEvuTOuR1zbHcke/omUGsyWodDaDI+sF27FvCwLIP9pEar
+OT5rKsYsSzXZePBW69uSyBacplqW53rw7StQ7fykOHufIxbUKmyl91RqlXCMEKjg
+HzOEKYpQu/5w/MJQ01KFdAjCgIewz5gCreBhnPlT+BIIb+sAxbqELXTsYY6dQy1a
+4XZr/lB4O3WshqEgrBmUN648iOgabEr8a6umGcQzn8nRNXUQ76pGD8SrYs5KXDMw
+zFZznVe5NM3pEQOuJB5f3XuKgDzsMmxmkGW7cSlETSLK9q/k0oP1FzPjYd3KxvVv
+wgqkXJeFW3lzqqqb1ppVQtH1GCcp1/HzKWyayulTxNF5xX7oA0hUdLirgUWzs3cp
+VAMn/vAtRFmdD4WZ1fSse48YbmpQr0D9PSwnHUYyMn2X7TPid1OcnQZ0wb46T/pP
+taZ0aNctyDFY1y7H533osK7YhUVHIPkIOOBAtvevPE8LB3VrZGGOf1TQlez+6P2Q
++l2EsguETB3lprKxy1jy0TUZp9R/GXqeGgf7p86o0C52VemiGWO/O19/nwd7lMzO
+Xcxz80nTENB/EdRwPVKtTWcER6EranArYgntW7t0WQOb6XOtmczwMS63K5Bfcf55
+Vm2bLLrjuuKAAMt+AIUM7xbkAKlpVqS6RcfldP8iD0mFxDHSjjT3KIcCF0PLtauf
+pc1q5c/za39VRiuNSQ8yJJtMEMINb+dgXSMY5UQTdVwWxvykRtOssVd2Spq6GSJP
+MnjugwasKNcgt+lzs7zRHbOIcox6rX3Ly4vgpqMYCrSpqQXoAC1WTBlRr12cWnsT
+IwbKvB2STGA/PKgIY1KkSQtfKhGIQr/qULm8NpAwwGcgHoaoRkNgXR2yZwtv0WDK
+E9x0LEQBtvhp5wIVPTwHlG8iCx5e35kGJNTNivzeITgw2wBhJr+xR2N2dL4B4dqi
+6Ee5nxlBLRk/oBM5xGOcLItj1CTsckNOiaBOWuI0CP/le7myMCiQqQtViASci2MN
+/aknFttZlf1yaDNfuSnVS3TZf7FzxD249ZCX0ZpKktRNkDnUsmw6MHzzIJdQEgUr
+QxaYyAIU12rR2E2LbzUASEIzSFdGx7SeC4oO++3qcrIOA6vsuzqHMoEyIqOhmpZ0
+WWjFOffW6ffVw4YMjavn4SIT95GeNNfftLoduWJZzBcfs1U3ziWlRIwcPWT7jlEK
+AvT2uQkKFhgcEtXbrDyWn6U1Hh4/a7eoSVpZtadB+KsbvoeS62OgNymUDdjQapIx
+dtZwo0dTzqlXKrYD3yIUcik50+sJsC6aInguWDs6xqZgE+aQd2p5FEoS8u+c+Ftq
+TAkuS/BK791eqcLduhmdAciut4pVc+xmc6WvD9piL8W00RrzayrwCvWzdVLAzdZ/
+bOiFUG9fzlacfT8tKYs7TD+BWLw8xT/yLAjiaQSjm7jz0qc3ExpkP1S3bBv1rxHK
+LiBN3mwDQ9SC+jRSRR/4v/0THHc058VaoRDecl9u5Q3ItPrVl76VvXuIu5m8jnx3
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3CACert.pem
new file mode 100644
index 0000000000..b368687f44
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3CACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 9D 3F ED 42 23 33 E9 57 BA F9 4B BC 08 49 B9 4E 65 3B 44 79 
+    friendlyName: P12 Mapping 1to3 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDzjCCAragAwIBAgIBMTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHDAaBgNVBAMT
+E1AxMiBNYXBwaW5nIDF0bzMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCybxVTY2ahevfz61NSr7Rud7Bmrim/64S25e221g2bswm3M+BTZ71urQ4s
+JsDgpAew9ULwmJPjMBLbSqkkhld/X7p0q9ffmO10Vbgv5BzOHw71pnxP7qQlb6Tf
+F1pDlYFDhxBYqpwxmvtgOuP5XgqlkYpCzcG0fziyhL/EmgOLR4FxaeiTejMvJEpo
+XnN9El0THTG01qtbT6ZwLgz93yo3bxonxLRtQZtvkR6pjSJ6XF84IsUPY1CDoFdA
+8v1Syir5cEHxYeSSkH5yJSf/KwZ+dt3NFPZDk1VAIyFqPk1UpgsG0P41UavWPetR
+jrCB+1aydTyuHovXCrPof65cAbs9AgMBAAGjgcEwgb4wHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFPz0jWEzMoB8fTWH3l9S+2nxHcES
+MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAw
+JQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwJgYDVR0hAQH/
+BBwwGjAYBgpghkgBZQMCATABBgpghkgBZQMCATADMA0GCSqGSIb3DQEBCwUAA4IB
+AQCQi4Yo6SjeCW1k/l7Txpz5pQjamJUDfBmgcr6v8n6RfCN+1NoMXbXX1hgti03O
+QsU+HAnZpB1B+2GNeNdtN7a8SSutKt0+ouswvZOK3w/3rC1AxJ/MIDMk5IvjBonu
+TBnSQIIvLIWsXcub6aEEG61GpG7cK9GnMeY4NxUH3YIIPDJs9nrrcHEaO78s+6+/
+rlt8+XuH4h2m+xv7xB+7GN8KKKSH3gZ03X1QpayGiw91rDX52O4EhfAQcxtNfX07
+9VvpjEcfn5Lpbe6p8BfkziM+TVf8zZmbfwR3mwinTdcLBB8AxENAbN3Oau965reL
+23HfMPn6+Rf8SYguskWt8K0W
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9D 3F ED 42 23 33 E9 57 BA F9 4B BC 08 49 B9 4E 65 3B 44 79 
+    friendlyName: P12 Mapping 1to3 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0E0CA028EA0BAC29
+
+Y2V44KvZbm7BLf1cweYyKkbNiQGtg4aDqH1TkMM0zzzCoc2Kc92wcFaEDywvs1GM
+wu7LI23hK9lUYkMHKT9lmTtclY3bwYT7//1M5Je3RgSF8h3vYXCl3u87imkIkuGx
+HwfdHUgFXmaLuppKFFZ7XYVsSDpYOkXDTzNKEymmSIfh2nldK+Ud0JIU4vrPAwjo
+Y1/R8q8XtrGInYLLeLxs/igDklJfD+QA+477w8lYJhbutuDcQnHG/1R3+GkbSekC
+K0sG4E/cIXy/IYJJRhTOgmRSEdbqbujBZHpyhqlNrsWCDZKiMuMUBrdZHS76y2/C
+8UfsYqDl1uZ6YhODiUh9agvRGW+w+ObqYG0JAhcg8TzwBoqXlZKKBnY7NuWUMtyo
+1bX80YvzjTR/wXLe1Wm1Vlqv1Zx+pF+fgiN5UcskzeK8YnqGwl1A0gl20+diykc7
+VlZBBcw3QRAFll4LPUavgNdZYpZbRzZz7dfq3rc3FdrOTMkdptOJoxCxwErYjCu4
+Mgh1yCzsAYgVnHUzPkv5p9iZtUaOknssq9kx1b52xa32wBoTskG7MNMVWGzYPoA/
+YMwrKsUXS+0kxPKjZITaU6KKNZ/WWzpmGlThXrFzrQotBoAXtrAz/WYLrnQhwA4d
+vvXZX9c5lGrvlMceXF7S8idEj/dhSh3F5f5H1jpPj8gLm8axxSpVzIzipe5rckwQ
+Uci/Dc6Wm/OZks8CTZJaj/GrT0ado0OWn6G3ZYt1YCZepcHhASAxTIJhzdjRqhC2
+GHyhj3C+eivoz2yojemiAV3FazATcWyTOvjA9LYPbtjCFzSTXAVf69NGZmpsKgpM
+xdRG9D987rZk9Gwju92v23zyPzTKFIE1DOkhkccOI4pht7zh1wlrBqn53Pbo3mA2
+yN7hT10+3sI95GDrq54ucPCyGBjersqFGrSvfgmZkcn6SQh86dw2Mpu3i9shyJpW
+F7/lMycuIW7PPueH340ca3SKkgLKMPAlaqimMke0S+JTEtGm9/1UWd+23eMBThsq
+EqwxapZoABAWcfg+n01urzcVXTDNVG8qNacQ4//eWjpTA1bTEcaHXzC73YdBSqSn
+TQkUVAaoQhUUVzelg2HvoTYwkRGpvSkrVOwNN+WbsWLa02k/k0r9GKW0ObSGPCCM
+1cZgU6xP3PRhlXlTiXcNC4cl8pj8AnZ+PEvLPi6wL+Exxq6bpKN41NAF7ZBbAj/W
+pRPOUQvj4adv3tdZumT7UBZThhFaz2LA8sKo1p1jtC4p8miq6B7UB5+o0w3sdX33
+Vk8zm7hDPHmpgzI351MrQkNpdqct0EoOG85r/LlFcPQLnQtCocVOmiPhXZ0x35ao
+YO3c7RyESU6RZ8O38aMbR7mpG2sL4lOwY3K1xlDGc+sLpailzjwO6KwP/zO8tWvE
+FqJ3f/+ADXw8XUc/FHKHPDg80TcyDL9gABIDjNl9PFoEOkrt+ZOWZsKk2DhxtN+A
+SfJd+Mz+GoOV6e4f1GX+ZFmaYBnCTFaH1KBgTiXGJtpQZG21fHNuroOsjUTPaeQ/
+PgU+XkSwTxsKTLo3VHHf/AAFTbDXojVO1BmpYkawDUqNBw3IlMahqg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3subCACert.pem
new file mode 100644
index 0000000000..1197d44256
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3subCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 85 77 F3 95 01 38 A4 A2 F4 47 6F C9 40 01 4B 69 92 E4 63 7B 
+    friendlyName: P12 Mapping 1to3 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 CA
+-----BEGIN CERTIFICATE-----
+MIID5DCCAsygAwIBAgIBATANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UEAxMTUDEyIE1h
+cHBpbmcgMXRvMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaME8x
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMR8w
+HQYDVQQDExZQMTIgTWFwcGluZyAxdG8zIHN1YkNBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAxEQSYM/pUi02SbG3+5QFT/rPnGdsz7WTlK84lI0muKNE
+ZF3ZhSs25xj5+M6Kak1HkGxP0heWALuor0rEPzNX4W4zXbFfeZRzLtYef5vFix3J
+5hVTVeKJncghN+/Ik2RDIubrcm8+rQKHW9f01ufxS0P7bc1cAueQSX+fQx4WaGiP
+fwa3hI1PoWfDZGfZe6Yb/POwHIpwEI8gtmZ5++z42TxBeXktFk88+qmjDzFm3EL9
+aARqFtOvCVnu4kZHNbHatq6mBsYV5WeJMENmihJj0bbOsmwxqmcgyrN+jTCkhyRa
+lIywhZddOIyw5CqnB6ELwU4bEhgcQ3Srogm8sDJYAQIDAQABo4HNMIHKMB8GA1Ud
+IwQYMBaAFPz0jWEzMoB8fTWH3l9S+2nxHcESMB0GA1UdDgQWBBS+exOToeSbxSc8
+MFPXpcnmWpZ6NDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAlBgNV
+HSAEHjAcMAwGCmCGSAFlAwIBMAIwDAYKYIZIAWUDAgEwBTBABgNVHSEBAf8ENjA0
+MBgGCmCGSAFlAwIBMAIGCmCGSAFlAwIBMAQwGAYKYIZIAWUDAgEwBQYKYIZIAWUD
+AgEwBzANBgkqhkiG9w0BAQsFAAOCAQEAbH0Zzzdz7zKpAJHd0euOWLiP0Zs08+9+
+d+JG/wsVrUwaJIFl5D/lBW6tMMqqkMERQNLoXW1PMf0joAeooxapJAcyc80G+CEv
+Qjont75l9RswXOeOJDr6cjKgDfJ0Su488bJ22YAK4/ywiiZMXZ/kFbjFzN6VaUtS
+jLHyB1L/tmahUMD1fWr1R06VFlwtaB4MEyBHRdYd0kr8pPEKTtIpvMYvgbHfpRqe
+yCGfKTgRRCuAnP8T16Xajq9LPkJv2/QjHWpTgeRKA7ddWrmEH0VQcmpHYgoPMIkR
+3uEv8/k8zdsI14AHOj5zUn9muQgFK4znUjvNspmqx4+x4S/3FjEoAQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 85 77 F3 95 01 38 A4 A2 F4 47 6F C9 40 01 4B 69 92 E4 63 7B 
+    friendlyName: P12 Mapping 1to3 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,18BF239A1E00FC54
+
+4X2m+xhm6XNIGfVHSKHcXnzZhk7p0USieVlaWMH2TgX6oPy6oL5MTiufkYwoVder
+6MTHiGYW4QgWad3CcK+SFz63GBQjHjA8T95LpIWK19IcmGTiDshjPk41lu/lqNa9
+e4COgKXTFC6/p8u9kpz6+lNXhffgcAJdj29I8fAym431Y4cGC8JKoc3PMTH7cZCW
+/EV0sSdy51eaGUPAGkBr1wgX27L83BwCrb6tYq4pxmyuTgZ8qmOOwg1Zlc1duB8y
+hq8iF2xdvb//Ilep2MC+tuKKgC1V6YW7hpCLOpgUVPzeO2l0PL0y3e9rnnm+Z454
+0ezKIZebCffmTwOtlBSFBOANOsYuSA+zo5v1W9wQjoVOxiSwzLiwa110SZInoygL
+3+Qw28ct6ASDcol7AslYnmW5VNU7ZrqAMkE6YcKu6JoZL+u2ny0I1ET2o8ETXVai
+LyLrbOzGdZhXopIgYT6lb5zvq0SVAbOo+QKFwoGJT56K/k60mteqWPc1AdjKZDde
+e/Ff0TXISMxAa8u6yPJ18tGaOVEyMN1/KkEuxdIWTGvp/Y7ctD5xXaEHmhP8n4a5
++Mg8dlJcheYpOS1zr8mGkFwSZPmf/U5zBmsUH0lBwr4fvNvmRLMVHDE3XzaN2NXg
+Ztnf/DQk2ntmdVF2MJ/pJxorp8aIJZw0g/V8C03A+Skz7oHc72fPhP796usg/H2W
+mqVC40KOO5dCWXtaAcVy8GXfQS84TWPTpGMCpyHaK5y3YW2wPGDeNKBDicDqr/0j
+10xD2KOALKZ0N9osOlYD+5UfZ7J5D27FShuMBXXcUYphugtAKUP4nrCBZxEPoP6o
+7jdilf4ZPtHp4HdptZKkI0NqpQqGh0UMX2mNH9MmBHUibcrXaPaPnh5XwIGN9+iA
+9q+eFqP+/frPQDz9OMdiNHRV9bFvzy4E6X63jEl6CIwdPTR2aARyyVU4uiPZ5T9N
+LFrUzAz0AYbrAkxJ5mC2u3NUjFXpKXu53c/Z4ZYZr2qa52ULsM9heI2uI3NlnPsd
+08FHWVKUAcbXSJ7/5GW1683dgZl0JW9PI31bU+ifyRYSGDJRMZxGu4zAyIVvI0Rd
+hmc8cBzoQuGek4LjttsoQgy4OfBJUxTZwYsmkpvBx5f5ab3gRC74Eznr7GcfxK7R
+ikz4lZDIsv96TVnY2Zrb/UrlOfVcKvblpfmDvanw3hlaBf6OGQRCi5LFTesls6UG
+sejXtgpZpTbPX1roHP3QN2EW1ANRnCdOKOAyqprtDxkbc7UEu0yJ6s559gpZx7J0
+GtysuywbYZ3zT5DNzHJV2drN5bITtw9SjnolzbPmpY5Ousq35uVGmZwDX6uFcN89
+3/zox7p3O3Q1cEbR8lESNZenDcv1dS9hkI+X2HwE5Dksqyfx+zH8mceA8zIHDqE7
+2rz3sVE1r9ZyhrhbkjXQr3YvMcbG9iulFcUzzMABKxLvU0+AIijh+7oXZ77Cy209
+a2xlNATcVUIZ4Iixe/bx26o3kpd55ARlwO+MRPDSJwNbGFt1w+/oauU1Hbl4Zth6
+D83crY1gFDvMuQTTl0TgseUSRHNxDoKwIuFtJVD+GUwMErTKXnu1ZA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3subsubCACert.pem
new file mode 100644
index 0000000000..dd468f794b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P12Mapping1to3subsubCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 1B 6C 32 06 4A DF 9F F5 21 F8 5D 2D 85 DD 38 9B 88 D8 37 F2 
+    friendlyName: P12 Mapping 1to3 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 subCA
+-----BEGIN CERTIFICATE-----
+MIID0DCCArigAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWUDEyIE1h
+cHBpbmcgMXRvMyBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MFIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MSIwIAYDVQQDExlQMTIgTWFwcGluZyAxdG8zIHN1YnN1YkNBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSGFUwgaiWWF5fUjELwFR+ISQbeAbroekuEg
+LzcnZa41l5oBmVXW/YdwIa0lbI8TEYdbSJKMPmj/VBZi1qEWkZMG7AkeS6ZXV5IX
+NZr3z5+xyUgLWNlWVvF5FMOi9oysAe8G3Lykzb7aEULDmSEJF08ZO2BAKmwqwHb5
+YeM/Qpig2XRbR5sPebFXbCPHgtDC21KBFg1RB9mYvkvbyeqqKNivtfaPbDcs7l6L
+Q5V4jxemwubG0n/b147PjTv5atcFsMozbY8AwRXhUZSv80Q3TpclTwbWoaCqc9Jz
+dAlVN4YywNosJr1TuIOWuo5NFHvQZMrDE2UTd6wCsVX9e1hSKwIDAQABo4GzMIGw
+MB8GA1UdIwQYMBaAFL57E5Oh5JvFJzwwU9elyeZalno0MB0GA1UdDgQWBBQAXTk+
+D+WqKl4t9q5oKq0zmz2bczAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
+/zAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNVHSEB
+Af8EHDAaMBgGCmCGSAFlAwIBMAQGCmCGSAFlAwIBMAgwDQYJKoZIhvcNAQELBQAD
+ggEBACej7rCcrK7NKu8FFh2Rf3IUevcGIbr70Ussmb+ybpHCSgniO5b2qOHtRy4L
+UGgSu4DW8oJpwQNiDfS4uFICS2Xfw1LImpY6WzsooMaBQOLUmpDfSNcW3vp930db
+qWcqShq49BijeENbYGuJ5nJu6XctxdJq4CkfdLULItz057rcMPZ/v0r6WolizKb3
+aOowWWR5iWPCfgKsK/pjA4CRZFdWkQeRcFZtpY9s7T3XWsYgzQ+RVSLKP8tuy+bX
++bXzpj2/FQ51kahd1XSilZ0YIhWrR7odQ1LIdlABuNmIcBAcTONhlpjrzx9Ukkem
+CqvWf4hQHK7beuDqtx3JSiLMakk=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1B 6C 32 06 4A DF 9F F5 21 F8 5D 2D 85 DD 38 9B 88 D8 37 F2 
+    friendlyName: P12 Mapping 1to3 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C99FD623F1970FE0
+
+V8J2Tv5dI90kWWonlmglwquiB2aaI4VrjgwcQCkf2UT90Ik8WXNeVNCV4NUBXpYs
+aRizGDFFsyKp7u4p82gqh9K4xmgvLlQ8W2yldahj+jijjMXeTPzSDiQxVoI1DXSs
+TqbLG2mRcNlm9AHqnnSfUZu1MVBp/+BNMl0lmYNCHMSd48x2LSlMTVWdtDmhVPDu
+FjIfUivpcKKD7ja+wIeGF9rnXcQLlvRmcGLmNkIoMVi48Qmqx6mVA0L80D4cdG10
+IvEPV9azLnflZNkHbcMcybcgrATXYtsHqhQxPQmZlPsMsuPoY3+jrRDxlNm2EymZ
+4W8FOV++/bRXtEO0BMuBbluOPkgTjEfP2EcdeHPf8x79fIbO/nn8yzhMmYhnsq9j
+5SJXLmnxzRU57NuAv1kLaQVo5J2sE8F+D9ZU/ovBUKtPALwGyfqnzuJukLhuFeUx
+FSL1suo1HVv6SVf19xwpyQf+eTFco28XrrmCqlJV4I0M0geJDdWhSHSlKyaQdV1f
+gfqqNmeLAensQ6VSDdnCXtpyOyoy1JSegapbLb1GyUrZLYyfmgHMlSpmR2+BCoDx
+SGvhDeygDIRS1iA7czFTcBrrejNNINTJucbkPJszer1ZE3EeaKrCjsnCSV4gEOlu
+u2gMLTJL8sRXr9PZUfC3BqHP5PiaC4sfBmZDDUXMpfm4lvR55cB/MdQ3h0R940y8
+vvX5Kkm6T0WUi2reATjHLH9Lp6HC63rlI6845kgdWL5xCS5Lc3ULG3Mp7CzgAXUB
+hsWRWjKpgRrBpEFZmOIAdth2W28/eV/dcognxd97iDf+pfWmxwDiEj/q0T0rpFjz
+TEKR/z0mEMxBrZufH3j92gw+YXaDUQdzuVazKUoTPUwRqI81G/PrAskUG3DlLBvk
+iipb0ARCu8mNu6imv2g2IwwcrzWVYl/4+mMQKzXnbp9/tUXFAhbyhk1NclXSuIEg
+QQHaVgXYMqk4xvzyp3pc+xmCjEQRTIdzOiIQBuN9soQD4h1kLogheJuFRhzdL5Jr
+KpKpS8xmadt33c0zA+Sm+Pc9AxuLD0JH5zfTaWf7s0uDgOb1jFHozW5JIAjxFkxz
+bcRaACZ8oUtzLNnaA5n0QcDmskVIJmDIWqKS3067xwsu+wOxYY2RsG1+OY78D/ry
+Uj8XGDwKY0KP4zejsrAUZYlAsogQDBXb8gIKyiMVg3klhe5L+KF36iN/CyCUk8o2
+FRf4ER6wNrpDKy24G6TNp8jVyxvmB+vnHBLZH92Xe6Qqc2zpVIN/5jbNf9xTeCeV
+otJGIV/yj6kN+MP5aEYtZkXbQKt3ZyFjzzdbRVI4lppFIx5AS87WppnKTtJqnZUg
+U0+VsvSS7unrBk6qeCI/JufyWzBAO4IhGjuZPVsLOF6gXld89Z6XHh/6XB1wCFG4
+TxCjlj7caePMhPn3GZJ+BPXnhX8hVNmgHVS4UBbcbzpElWbauS5SUVmD12/Fd4ZO
+VCuXMcb8w3eMelsnzJq+zC1+snRicoyixxZdk9PgcdeVBIotarAYs4JWvZBglWw7
+V7W3oKSKREomYFGT0izQPY9BeNbYLoAOsn+FwXNawV1n3T6t+X/BpxNdL/9AvNvZ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1Mapping1to234CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1Mapping1to234CACert.pem
new file mode 100644
index 0000000000..ae724b8103
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1Mapping1to234CACert.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: C1 0B 96 F1 D4 06 3C DC 5C 20 BC 4F 9C 97 BE A9 3E 8C 12 F1 
+    friendlyName: P1 Mapping 1to234 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=P1 Mapping 1to234 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID9TCCAt2gAwIBAgIBMjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNVBAMT
+FFAxIE1hcHBpbmcgMXRvMjM0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA6EPLe37qOTEdD6xUQELy7WcT/725FAHRtk/O46EgnyRbLY1VTw/549tQ
+HEAeBnvBkfjD1c65JHMPFER6/LXHu1BT7EXfbaRPNvFFBrxO590dLZ7zkXggq+ZX
+/RDwCs8HMEsOrGa8g61yaYFICkTlMCwC+gWKK9SPQj3TS+YFfkmPFkF22ASIttqG
++QPyy5BHx4WV1k21sjw0dijh9V1Z+tZ6cGLGVp490Bov1syfcz8FTmiscacXTOwd
+hnlv/XFa+URTqDd7qvaiieYe3V7W7j1x0okIRENxZh1giKU0AcbAehfYgmXVT8Pg
+/FG4oxhZ4fflmfgIa+k6tGf1KmDelQIDAQABo4HnMIHkMB8GA1UdIwQYMBaAFOR9
+X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBSVCwGpSXiqdtp/CQ2siBT59fdH
+kjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADBaBgNVHSEBAf8EUDBOMBgGCmCGSAFl
+AwIBMAEGCmCGSAFlAwIBMAIwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAzAYBgpg
+hkgBZQMCATABBgpghkgBZQMCATAEMA0GCSqGSIb3DQEBCwUAA4IBAQBFCspJbnGl
+9QA0VGqikE3JqvEe534hgJSjqUj3YXOdbHF3BzthYJxmCC8c8ZAQAj78LDctPO2E
+doS23rw94Hx23MOOMy92xoCYepjNWffZMdSgxUMBeGCVSw+I7TPG82c34h/nRung
+HcZ5OgG4p7j7DSiI6fbhdOxjvNPw1MTjYZd26QMcgqnsK4Ts0oCv2tiHsMWIX32I
+ZZZqMruUNHrapJZoayDbBSbx0ecusf9xxky2I3of8j/EDDWujCSTS+2+ld89U1Hm
+wLiGs4cGEHVkWT3bMpXC4vh6Ioh7MWcTGKGoH034mpOgMtG+Uixh8uWOmqvxlx22
+GWtLzZ8NDh2L
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C1 0B 96 F1 D4 06 3C DC 5C 20 BC 4F 9C 97 BE A9 3E 8C 12 F1 
+    friendlyName: P1 Mapping 1to234 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2F36EA26EC93C8FF
+
+d74PxY5ydPqm5kdwAnRDQLghqMnVsPYLnzMPEYQN6nmM7Nq6NPH/rNA5VKaHcMSj
+PGQaiWQq1R+oYzOmeeKyUE8accmmQ1ekGLgl5RM8B+3In9wJNP27G0NnVfYr+KkA
+5P9DlujsNFpUAXY1Iu1B7YC47B95PbaHl7oNYxfrG3h3uZqSHUdRKAYRoEUMtVXE
+jquLnRasDdf32Ykra2/pAZJy68aLrAIfUbp0rBmmfA+q57LjK7/OmprqMUiINXXJ
+/2CH901p0KYAit5YVO0IOPBPXse0TFrFU/w7NmT/jc5K7oIVUAJdIadI2Qv+govY
+oqvBdBtZfvMimbDRlgPBCyJhfx829D8OnIfDA2cMkOJQ72zaXwDkbjeeuCRLcnaF
+Ld6RUEf1BswsORBpnbD3SJyzUnPfxn1uceoul1y3wtjzvxYL8dRf1IsxzyviOjed
+jXOhTlN87LOIPmFs8JZJN0SR7ULvYPy561SH/HTKF+PILbIbD3XmvP0YHHLz2EeQ
+Y9XYp5SdcvoUzq8937eggRdzPD2+tIXNWJD38nWygLP7SBx+POr79UYsZPw+m7Gr
+rDgIg1Kfdi/YvIUqTZxjWdS/HlsCEZ/GrJd1jL2uXKmGIeDu8a0/hca3O83Kmh1v
+UiCrqPJkMT0BB2E0PTLkzl0k3yOBRs9GFpfM0ui30ajEwfnN7em5myL7BTAfqzek
+5Bldy54W0Y1gBPLj9VeokBCPnl3xRiB/Az8uSa7lZDe7GoZspdUmfsNfGfaS8cF5
+vVUzhNubzGTQB/W9mQOjUFEPFg80nSJ3nHf/gIWfR7FKFn3BeMROrY5EUw1vGy9x
+LQRfraio1SYdIYKeMzyHYzF+ILr1xUQDqSlOx2rLVOWuNvzALCnK+oUmOyAcpNrB
+701arwcyp2SAhgPoMD6EfvA48hVFwjvXfNJR+dCOSGkFDYnlOvnoB+3aDayiVG/a
+ACObQyB1yfpuDy5JRL+gd7eGdHHXhd3h2dpQxml8nRCrYuBePDkCM6Z5sKBvi9US
+e2lTIzTkd8aK/svLV4dO+r4VYEtOc1hLYFhNDd8OLLzbjJM2HiX25mY2y7XgTlFq
+lDhJjMeMOE5Qs+gpZKw+BntjUZVEaSIKfDWP8Mp5/bzsRD4dRjxMXs1K5KWwQIr2
+qRWUIt7ILwRSiUzL1XAjkM/vr4CLuM3f1K1nJmw7Fuc9LBzfH9HlOWc3FMW3pnxn
+2zFTeTQ/bKpBp0e0PhtrynriYvTqmVAFfnpkbKyAgE//A+uAaPqluzRZdVMe03BY
+h9a7MdnkRNrl8LetBg4mKGWqM9l2FPpE3JCRLj7i5YzKGhC+nbd+gMsZBPfCP6jf
+Xb794wmEb0y645XTp4F4TWJNiuXJ7TOJlmHUecqZE+BjEYRkDstyc8PjK8u/QwB4
+97Zx0R66NfdEcCa3v05g1aAN8kNAuWA4VjtHcOitcJo6Qu+TmziEadamkT/mEy//
+9HowWzLnSoHvnV1uwZozLfJorYIuzOS2+GYefp1x14HHQzp/3icnG5WkvhHOwvbm
+hFjbHxCeLNzTFyyFw42YyK+4x82aQPx7+5jGdNYoNFIVmfMAe7r3SA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1Mapping1to234subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1Mapping1to234subCACert.pem
new file mode 100644
index 0000000000..846712d23e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1Mapping1to234subCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: AA EF 0D 39 7E 1C B7 98 0C 76 3A 6D 21 0A B3 C6 87 31 77 96 
+    friendlyName: P1 Mapping 1to234 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=P1 Mapping 1to234 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=P1 Mapping 1to234 CA
+-----BEGIN CERTIFICATE-----
+MIID5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUUDEgTWFw
+cGluZyAxdG8yMzQgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBQ
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEg
+MB4GA1UEAxMXUDEgTWFwcGluZyAxdG8yMzQgc3ViQ0EwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDCqo/fkI2CorkBLrk8+SW5B2Vf/V3rrujIfoLvDe7m
+xMzVUsj3fQgZUgeD7yG056J8OLaaV2X6AnYGSOR/IjkmxnmChoDBNZHgfxmjoIBB
+SrWaoYzucLOpPhxbRToBM68OV1YS7JuJyNZNOkpWCVDOnDUUGqZZJAOO9KKU2bW6
+/mWamcohebtrQQsSUAJqatKBd3DFgyJl9toV8bWgINwNHPJOG/zGmfXrM0XpTC6c
+cYqN3FnBO1BhuHvAmT7x9nKEP2d9+njVvSJijL5UefG2i3k73WD6FsK1NsD1TUiM
+W8R1uObBWDJSp7tMnpsRzpWYxN2UrB9DfejvhYwCW60lAgMBAAGjgc0wgcowHwYD
+VR0jBBgwFoAUlQsBqUl4qnbafwkNrIgU+fX3R5IwHQYDVR0OBBYEFAMX5ZUA/So5
+eK/LRvZAmGUKAu27MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MCUG
+A1UdIAQeMBwwDAYKYIZIAWUDAgEwAjAMBgpghkgBZQMCATAEMEAGA1UdIQEB/wQ2
+MDQwGAYKYIZIAWUDAgEwAgYKYIZIAWUDAgEwBTAYBgpghkgBZQMCATAEBgpghkgB
+ZQMCATAGMA0GCSqGSIb3DQEBCwUAA4IBAQABbF8fZ+aayNEPK6IYowHdDmpCNyiX
+ShlGuMbWbiSBilugkXB8z11tg/C+5D1wdeDk57vpcrmr63pjA/NVcJsp6nOFGsBT
+A0l2TQ6GA6Yqk8ptm8nzP3tD60KfDzu1+Ld0eGCkx4BWjwGrOBt7S5K/G/tTAXQa
++fZ0nNP+WGn30vRze055JcSScogmNcTJ0sYLBjnYbxyFjpbyOsdhiudG+FufGcIH
+P++VV//LWKA8t2DgMb4ejFdpihhWV8T8fLuvykmVJhD4QcV4Z+TTTW93QjCAa5oN
+XWhzyqOe4s4GLlO7jZw1LMEHhh8M7Q3SIrEGDA/1exOutvigUAQ8x0eE
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: AA EF 0D 39 7E 1C B7 98 0C 76 3A 6D 21 0A B3 C6 87 31 77 96 
+    friendlyName: P1 Mapping 1to234 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E280D00090F07056
+
+Zs/1E8+cofljE9h57m3zNjcZ0Nbw3iFy2vWQb5DayLt5k37yV7SnZVNp1KAGieyI
+8Rzj9NTlc3nuSTW6VxjBDgVqsZ4RXMTivT9PXzcOZZrm17TckytFLUL4ai7g+pUE
+JcihIk/vfzeOeU8xx0UVqkpt+wXLqASx60hDz4d4E7mWcz8tC86xGH6ysk3WINfd
+fTnvq6Ztl2osMUvHhcsFlMNyMFOxrOcrKYisTO6f81V8Z22TdlqDdcddrYEBP+no
+pozv5aNzucptbNDAG2ty/Sn0MWU1UzlDdZtLcrvEQK9/21QZPKRKIfqzCWt7xCxo
+CZ8cD5tzNhP7IiLqDdDfwBzQ/V/uDVgfoJh54SvmYemCYLLkwMax2eviKuj+5WNT
+STvLPt0OryCXz5x2rLsoESb34zmgPELRY1YFDszNggwR75OnhFM1wTEwqrEoJcMB
+Nu3hd4eORZAk616ut04BpQqqIIp7esQbe8Ni3c51NIUXC2TVr6QfbM/V8Oy86guF
+ebhR6aRlrX6n5owVekaunAVrxve0JM61VX1cTBDmztj2dri3SFVRBEZ/kKcVSzxz
+A5p3vN3k5GmO6Nd19R+3NnjGaWEqUCTm1CjZBL1VMYmm3UXSaMlAzSEzfSIgx5VE
+WQqkltma0FI48nwyBzIcF819+dRg6PPi5fvCJj6WJkNJukM4vQUe/BVuR78J1Ii1
+JpIsziBcsPIzd3HRfbrHhz/cwKGY8JJzATdNbB5klI4lfF/SSDvC2/YCKngctFjr
+bL8EQ4gfhpMeOvjhO/52HjZBDk6Xu066NBf/dh5p+BWvGX+r0z3dtPtkhpFuPkrz
+06vL9RCtDKUKUo2TkIbEfjhgIu4/nW4YJdyRxBepz9Rn61RkTPhfeieW25MkKCe2
+vqAtIzEgeNm1YBHh9a3v5sPFgGXyRf5yhOplBJ6Zjemu3p6TF6FYbI+jDvyLRzJq
+rWYW2/c1sDVJykEZ7tvCHOycliB+BZQLxDQr3sM/mybxzWmYCkhbuRNwRPxmW30e
+/kzbc9nbhaI6eGdacoCmCK/T+KmQSCGepnf8Xhn94imESWUDmnbGav/2DvYjK4Ad
+aoOXFmsXhbD+svWQ+uGFx0ifxugnTrtbCbeAywEQPU1vZ6vt/HhhitBtBpBNglbZ
+dADKHRMDNILX1+F//M9H6tw0U0y0gpdsPAxJROJGW+MO0IlYz8EnUOY0dQC2lYbz
+fDbz4PdLWOUYXKUZBceTo1dAq2DXJbaJi7zumLcZY4yLus8rljz7FrPrx41Rf923
+teQP2NrX5PdfX8T9n9NV4KqNZF+/h+qwtKoJxqN7a1ICcxS92kJM//L0pg229nXk
+WJ/bNtzZxAGN6qsvX/vGvhSqDA0025N15mxsfTjTrq/zaU+Ko2cP/FBvMZUS1fST
+2Kb0bm+pipPGKslc3siG0GxsrbG5+UQrkI9tqEaq0C96gVIyZwSzsoH0y2KJ9NUY
+/f+b3sRY3MeMCkh0bSHg5rOi87bGjQk7m0KFNMj4lLqw+ViYzAXONocQ4sm8skm3
+/LZMCOnR7pISZL7miEsMQt8Hrw7hZx1n7SB6W7h9ioJKfgBwDDgkWg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1anyPolicyMapping1to2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1anyPolicyMapping1to2CACert.pem
new file mode 100644
index 0000000000..34c797976f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/P1anyPolicyMapping1to2CACert.pem
@@ -0,0 +1,69 @@
+Bag Attributes
+    localKeyID: 43 43 08 F9 CE 07 63 62 37 45 16 66 E9 B3 C1 63 15 23 19 7B 
+    friendlyName: P1anyPolicy Mapping 1to2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=P1anyPolicy Mapping 1to2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIFLTCCBBWgAwIBAgIBNjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJDAiBgNVBAMT
+G1AxYW55UG9saWN5IE1hcHBpbmcgMXRvMiBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANzb/x7g9fYUZJHLawFd5dXdaTd5QI6b394FF+evA8+llsAl
+r9BqwYe139iY9+RgTrroi8KRFeZaXndYBYANU+fvhLqFWAz3TK0nW+otpf5bJiCZ
+27slpFJEINgrpLQpENt12YVkQ60alGIrvYIxjZkOrhbgwHqTxxMc98Nqdf9PXmaY
+5qai+dWQ7RMewnkoX6bx1TmgQXOT17qlbOfyuAnYM1oabX1+86XEw7W69i6Cb8/z
+/VkC6qeRbV1Pmu3lVRsoidYwGs2cwAyMOzz4MpTflSk3b56w0MbmHhyflr+/d5yp
+mNAkE5dTqu0f4GZEACFbA0AP1qSbtgmG6vc1g5ECAwEAAaOCAhcwggITMB8GA1Ud
+IwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQfAigoMo5KhPi4
+i0HxXXvoJVJrhjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBgNV
+HSQEBTADgAEAMIIBeAYDVR0gBIIBbzCCAWswgbkGCmCGSAFlAwIBMAEwgaowgacG
+CCsGAQUFBwICMIGaGoGXcTk6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9t
+IHF1YWxpZmllciA5IGFzc29jaWF0ZWQgd2l0aCBOSVNULXRlc3QtcG9saWN5LTEu
+ICBUaGlzIHVzZXIgbm90aWNlIHNob3VsZCBiZSBkaXNwbGF5ZWQgZm9yIFZhbGlk
+IFBvbGljeSBNYXBwaW5nIFRlc3QxMzCBrAYEVR0gADCBozCBoAYIKwYBBQUHAgIw
+gZMagZBxMTA6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9tIHF1YWxpZmll
+ciAxMCBhc3NvY2lhdGVkIHdpdGggYW55UG9saWN5LiAgVGhpcyB1c2VyIG5vdGlj
+ZSBzaG91bGQgYmUgZGlzcGxheWVkIGZvciBWYWxpZCBQb2xpY3kgTWFwcGluZyBU
+ZXN0MTQwJgYDVR0hAQH/BBwwGjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMA0G
+CSqGSIb3DQEBCwUAA4IBAQAJ4zsy9qL10OJy/VRk1NA5w+0ncD1kOXO0I2cHSqA6
+wtQ6I23JPRgTutDfvR6ktvdBRfkeCwYHPVHHx9zrvfnk2MIAfdDeo93IVAqJEumo
+LIoi+XEUWpRH1MiJbl74CndIpdc7G8H4OOagqMz1p2XsZ4K8RpF/H0WUYGvWsX7g
+78EjEraD0D9PxWr1Na7kfnHoYxrqd/fmRYtnCwt26jO8A1DHXgrWerE/fnUlTxM5
+tHHN1OMOlggOimhGvJ2pn05BdXIhVtmWCdFo6+pTcyWYMm2IvOrzEaQtnGf3Zefp
+lObeComhN1QW5zDtLnzOhHUHc1t4deRAIN1zhE8vpYsG
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 43 43 08 F9 CE 07 63 62 37 45 16 66 E9 B3 C1 63 15 23 19 7B 
+    friendlyName: P1anyPolicy Mapping 1to2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,190493828C849E72
+
+3ADKpf4RaFWJNff1Jg2iB1PXZ4JLDWjTsZz4ksV5g9hAXGT7dAIkgGh15NY+A+ng
+pHr65nQ2XENo0MUh/7Zs2bgGGU58Xx9K+DWWTWZfJvSedJU7SKLSmQBHUt6NC/bQ
+NtGzYnL2zymdNwtAbBqeSH6wdvqQWciBMuhG4UGKT3fLeBKEjBHH7mty5Pz2PQ/6
+MjNtLA5aqwxh+R1RveDI0oMsbQ7BV987kLNOs6soy2F1Zkn+6KPRiewIwdBCcB3O
+xkp5Su76YdUZMMfm6Zm0z8/MNSTwe+LSDQmEh28m0bByDKiR8CvmsU5MW3MuPh4N
++4faLrcwFTPk0JizNnlFcdB8wsRCUOKDnWzih7kPXUjGEZXiJTbmNNalEEgQOahE
+ZgHoCNbpSMHF46DRIzp+MTJnLiJDe+YCLqmlIWSAEnivjmkN6Ouj/X3eivPICgkE
+SQ7DAkuGAZoza46qVs1+Dx49HyDM8l/AifK6Y87eQf4fMdPtHC1woAMg+/6hgLdt
+Bz4k2xGPZWLINtUKTrEBieMntL+p5ppOMSKP0dGqArlNYHNLw7e1zone7FTNV15i
+oGZpblu9Iq/7Z6S/1JEo5lo9npHUm69Yo0dzTarVYx8KvqnSn3FPWCNwiEhR38jV
+gELMghyG6vT8kM6bzGVk8PdF5EJRyr6m+JQ9ZVEwjisQFOMHvQp2ecNtpIWvgSu4
+SRK4oMJmxVXdiz4YXFsDKpkLaE+IkpHW0kDKBIUnBckRPWva5zPnOrRjibMvZmRf
+d6w/tjCUR9kMuOhBbXSHJLm2GZpJizNWqLySJE9WgJ/ufnSYlx07gKHi+XnEdI/V
+Bo+LjykYlvubud5RsIG8XUJFLxtinJJ0mks3dNQchFHzmsVldKWJQoLN4mBH20O+
+BgmKCjv2Dg6Irrh2ZcqC+tZYnPh7/hg6q6LXp3HZcZcEsM7uKEZIR3ETrGRuuuoW
+H7z0FzMs7kn4/R81XSM/wEdcqHQk/142VyA1l2bGM7rbDwnHRk5KiDgMipQ5azJe
+gWkR4iso6Zj7RKyrzJ5srfmnlPknx+UPA9H7WrjeyvO6pQ0Crh/0CeitYLKNz/+R
+tInp5BYAv87MY1yByEno9SB2jWa5OkG31gk/8P7AMLtTqTqHBlR5iWIiuQp6pGr2
+nxCtPkaJ71o+d3gxy9V2CIc3Mr91KbOnytiFc6RYc/WZiFNBxVJl/aZBtcXZpal/
+gcYzQJFidHa6zezoFojHJgKvl8NwWIkJPNttdD9bT1DrAh/S4GidhGG3gG6HaKKv
+B+KYRO5nPFH0NRP+dXVd39IHX8SkGzr5ZlOrVBTwMbACM2mB07bcIzUpZceuEMX1
+ZI2bGj2EWLMq1v6+x20tQmxYRHLqMDDiZ2ZEypwfSwSSqH1hqwfyCeAzUvfYrNBR
+KVkJ8V2IVUOBfo/CSbfAfvP5dktG/xxK9CIOsd+PyKbS7kgfkVudODLkx+TU+//I
+PqeSFd5sECKQuSYEHG2O0Q22doufmtJNoygaBkyTG1ckiPitxO4lKIDxiUlId/Yi
+IietXGgeZxNzSs0AjrU3TEpH8f7kc+RzbMj+cl8bSZZUKmGOM44bT6rdEuRRYDNv
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PanyPolicyMapping1to2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PanyPolicyMapping1to2CACert.pem
new file mode 100644
index 0000000000..f0bb491133
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PanyPolicyMapping1to2CACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: EA AF 99 DE EB 5D E6 D0 27 6D B6 3F 8E 59 92 32 1D 51 AC 76 
+    friendlyName: PanyPolicy Mapping 1to2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=PanyPolicy Mapping 1to2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIBNTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIzAhBgNVBAMT
+GlBhbnlQb2xpY3kgTWFwcGluZyAxdG8yIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA7it5KgqlOm7kgx373idsdbNuWSP2si6O6lKKZSjz/B/ER+zK
+sbo30/ZnpGepghDagsI2z1pvXZPjFcaX5jThOtKnKiB00ColGZQL9OMl52BYfHV8
+ygtI6FLosSe6J8A5grqnNiFUqupOAMS1MjsLDJssMivMyz1Mmb0FBqXzJOB3pMCS
+nvgsLsM+rXXZYTJ69SJZfv4W31iGyRQer57qoIiKYTypLuBqO2S0baY7J//g040q
+Sav7szmAh+K+Alseyheko9BY6tDW4kFSe2DshTvovJD6dZukmjh1IVLoU8LBMYy3
+/23tKavxkEyXBYbrF5MjJdyfHDulSIw24P5kzQIDAQABo4GtMIGqMB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRHAycvQz3FL9mSrMfS
+dtAzxvl3uzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQE
+BTADgAEAMBEGA1UdIAQKMAgwBgYEVR0gADAmBgNVHSEBAf8EHDAaMBgGCmCGSAFl
+AwIBMAEGCmCGSAFlAwIBMAIwDQYJKoZIhvcNAQELBQADggEBAEzmc6/HFDjAm/BX
+XujVfL34xHXsQ6Hvo5BiQHACompgIWEya5NwZQODcH4pig04UBkUg14d9VayDUic
+gAnwUdsAvL3tHqwnTafckHMmsYJSig0xkxpOyWbqcq/RVHGnMy3pLXGTrX2jpI/0
+1fYdE8EB5pcoL8MmktyTf51FvGJGQhQk0pIaCHhO5cHUADHIBdowWt8G31z4Kv/P
+GqaZygDC2R1YG5btN8EJ4CSGp2bGX0oMJOt2F7knvVVrIFNGH4vYfuXSxuQ7yuma
+kfS42S44/ES8W+FnhTW97iIq13l7Wh4XTvgfhHiT44dxbX9uUHH7TJqJq/rijbF/
+0zDEus4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EA AF 99 DE EB 5D E6 D0 27 6D B6 3F 8E 59 92 32 1D 51 AC 76 
+    friendlyName: PanyPolicy Mapping 1to2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9EA299E542CF1FA9
+
+YezJFv2D7hxBVosplQvpAZsgejIrkEKxQUmTVVssLLPNZRmceZopLIsVKc1aXNrq
+6GILnOnDqxdudU97ZetUg4RH1uvbt5sdR2y2dcGHpJfgCXjqAJ8Tsm7fXKDsbnHl
+IRvnzVvzdnML2XkH1Ns77dSCz4eKV9XmFvqanOVNmTYsmYJW3bkTqfz+t39tz32/
+1YKZOblfAHuGl4T2+g9cmnD+nURTm5fKvvosx5H3FwrkGjmvJD9T2FrrmGRTzkoc
+Npc+Q9Oarr4L8/mWnNGHX6VmM6pASR5oeHHZk1gDfmj+8RX0SfVCtP4gNbh8GFhr
+deW7HhxEqb15ya9cbJoxC7C1plUTcYN1OB2dqC8TJIpd0Wk21DlKMyxBMpx5/CS7
+xFnWcG+QzTdXDBm6qXqS5ksbvgWNtMN9jJUbrglFN23Zt9U5XmpT0Sl/5+TWd+J3
+nRfS3JJO04o+vtCzcQK1Cf06omH7r8XEs2VpQXzBwtaQdYSdcDIynfTWQ3YGFKZx
+/ZiVkNVFIa7+6kskKziGl2DB7uhpaIX69sBZ+iBt5xq7Os85RlVJu0mGWw7hsUM5
+GuXmb13glbRxaGHRaYjXIT6Jh3MAn4GuS3jDWH6StgQgYCFEmlyaNk8X6OEF2XrO
+Uov8EOi09gpmo/LdJKZNw40E/FYSm2q9QJs53oovEGEC2THhWr4166oJVFgr72lB
+4qb7HcvQxyDm2n+d8whkGtk77aZ1/nVpUDSQ0QRglRy5WFf/rCDqk/X/I0bU3gH8
+KPwrCHmMggvibYVXnxhFcVOJ+5MU7hrkk1eJjxHLo0e5E8DDVcE9oi37fbELaR7m
+qf6TqAyHSURbRg7a9ynUtQR6Vw+ikREVMulJpnoLZwTS6VBGkH1A93TKnpaaSvm9
+eXYsIgVQQCvLrKj1PJfbb7HnyzZ8vt7uH/u7ZeMld3UWyfGkzM+yVoe4SahjAU5C
+oQhAyjY2VXF8tN+WygxAjLujGfql4uBbDvcrQRecoHEvkfugabFExEw5+9lwM053
+h2Fwbyd0V0QmVxfTmXbhfjUP0A+JG5uGsikknajbdkRHtE/TyDZ/sUyArpmDxuS6
+DOGUdz/S6hz5HAZrHRc6zKbk4cn82sjsAadpl7N53cnDrKA0LaEH+rZogBUt1B36
+PF193qqhLhZEKxo0tb8pN7h9Ib48vhcNvv/W7R3TRgGJMw5wGKDfhXuqfqkVfYtY
+o/YtZuepmOAFQuiRhzwy1zOyORJvoY62xmxXf9zNaRHU5aFMlmYVfaCxQqf5x9zU
+VY4Ma523VgdHuzhT61OOH+jaLd4TYE678oweL3xO6KoPUk2ZontyFXBJFIMiAYTH
+LS3BzagSBLAb44MrUMF6+DIYlsrPIYuF6gFUtJ8lhmSKQTaHOyHiNNVi++XaXn8J
+4djY6qN+n5j+XQ2kq7ckIFKQTxZPUV4uLBWE9MdqvoGGY/DO5KLajNKtc3k3oCPX
+j1olnFJ/91zEoQVE5E3NHEqsNiLqZ86bkKDiWSpxDjQJTN0BVMeZivh0YBGLj8vK
+Z189yusJ0VgByq55uXQhxs1N4+Nv7/INz4EfEuTZQAV9+8utqCuQ5rNh1PV3Wnxm
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234CACert.pem
new file mode 100644
index 0000000000..2d198c343a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234CACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: B1 12 1B 20 2E 0C AD 94 92 A7 5C 4C 84 AF 13 0E EC E3 AF 6A 
+    friendlyName: Policies P1234 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P1234 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDwDCCAqigAwIBAgIBIzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGjAYBgNVBAMT
+EVBvbGljaWVzIFAxMjM0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA5Zswifhj2dT7WU826z9T4VZWyc4sgtEpEVLsV7AbMOMFR2ind4R/fSTyrw7e
+szphTfev/5eBa95JdOVqxfPC5M+Cri2NIZEtTSll0ybxk/uy1UJ4s1ZTwCI0QqJw
+m5jR4JnFsoIhfaU2xP5yGOEbh/JpKK8L4Dlm2W5AXs4BCYiqdSJsoDlG/Ay9xBzo
+dP+u8Zv+MlNZWMKExqOQxxxvcsSuVxziTjYZggMchaLTOgUua2PifFWPm7DSVswl
+cOKbtaIsd6ya9VLmiutIGoWEeLOcjpiM8lkx4lk0DGx8SDTzDsT1yfrj/ul76ujP
+Lwf/GABHoLjC0Gv9yLG5699VxQIDAQABo4G1MIGyMB8GA1UdIwQYMBaAFOR9X9Fc
+lYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBT2/amMJiy0z9bT69QerZJqHbskUDAO
+BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMEEG
+A1UdIAQ6MDgwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMAwGCmCGSAFlAwIB
+MAMwDAYKYIZIAWUDAgEwBDANBgkqhkiG9w0BAQsFAAOCAQEAPCzijaW/6TG6zZls
+SWF2RKrsRSG7qMXa1K7EWMqkCfHw/9QGe7xCtlhQRHC4ujJqwwHblOZx1t/07jLS
+pP2R7VjOfSoCER6a4e1ylKPsP3CrxxjxdngZ6c7JGN12MqO22d38yTuGfgYSiscJ
+ydBXzqygLGCO9ocBscvA1l49aDo7nkbStAc010/2nFiv6xdasBNxu+DLTRyHnDUq
+DaxJ06wsiWxRs+LpSov2m4cYPCG3/hy5LfQD9cRPPUBCSGVH77rk907LBpp5ZnAM
+NRxyldQ9z2EbjE6Kg5ZGIx1UbpvUw36YFX6yAWUj7wUcPT1mArZq7EWZByaVWa2J
+dNwGOg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B1 12 1B 20 2E 0C AD 94 92 A7 5C 4C 84 AF 13 0E EC E3 AF 6A 
+    friendlyName: Policies P1234 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,401B0181451A86B9
+
+Dtw0yEa+7EIZXS+q81Gmb1Osr7tYFnQQiRyFaMjkRGB8EGQiAvvt0ha2wZ9Im36E
+t9LcOiLHJbQWiG3g40rGSyJViEVYfaXpid5SzvoTCPYcTLnuun/S0pnZpoGO5ET8
+HfZ5+W4Zc79j1PSN6kzLCNee4rP5ieAcLOHdkimv4Obq19itZZ6r/Ca41cAYgjPP
+i4jsmlMAg20bjnfFJnDB+I6IZY9UkjSLysWE3eWWhCZMULNwYwTxZ8dJBU5zQ5vg
+ktFE1NO9NnYFwxyPp+xY3ALfrclwctskp7TxMzVuxdgcqaZ8jBgkj9EUaC8NmFuU
+Rw0UC06542RIDQC2xy5gmowbAETlG98jLMdIvAVcgLBDFGZDYmdWfaPPwFUBAkQ0
+pz163zON02lf8z1m0zuHy9DFeIMO2B/lmADC0HgY4g4ilk2dmnfdgBuBe/Fe4ba2
+VHxW1lVNelZcZ06PA1L9qSdjBn+8FwAqvd2I5xQjCzS1ELyYJjgS9NZ+QqielEKv
+HylSjAABdhhZ2JrViNWHYBdMbJk5cLn1npAR7rpo14b6YJg4hCh0J5FjvyUVPd9e
+SNf+T2zoZ4sK/WaewnDvIkU1s5Ap+AgsrSg5qfKXv+Tbb/Borhk1D/6NZiANme23
+oewu3r1Ycn3Y/fEs/pV9dHlkpsg/F+Oy65apQVZWfnzW7gmTx6ercFMnef51+wfN
+G5HZfWaJMYnzUDACF9HLmhMK3dGicv9n+8kJp/lK01tV4IXMeRPqVfkkqQGKxbU9
+IJhL0YLMa+Osp9SsPxmtR4XqsXCn/4bdP+uAe7fDOmT9f6F+LxG+rBmT3KlYNdS2
+0zj9lf//N9H7els/EC31Z8Jy7E7sMVQM5CypoTybvBweus6xFTbogiuI6/VhzDwQ
+oHMs0bkoYmJLIqAihmD4BqldfQeIRhjiqdl6jyYgZcrQSXj61t0DrKPhUFYmLdf8
+zbg3A60Dvs9fP+OmCyTCbMacd194UwAZHlgDecNgadyc1RQv9zspYUt5onFhD3vv
+Vqlx2b9A+WebWC+kegZHLrBlBb+g10OHfkSaBWU6wQ5LJmt74m2YKkPRux6dMseL
+lNJsmhL/Q/Vk1VPx1ASbQmc5ByhTIG409QHtmLTCiLVeH3vpToZXwR1l/fHtBRzP
+SFoOY0TKdWc8h1pjiDoDuvWsTa+i9WnH+/n2TtmBZTmPM17RijNRzIZV2WHvOZ1x
+6oNL+dLvBsQWQkQDKGrI+xYzLcRrM9XJeiO1XlLCngrAQ8F1tsjhhqojdZasDCmp
+4sdkv7wJ0d89zjHPlKxEsdT6zny2Q2NTGsba9FMsWBXMRSYvKhSLh4qt15cNpuul
+96hXl4oRaXtgtnR6bgmX3g9fQ6l71yxCTFzWmSR54T29Vo8E6hjKTTv+0E4Maa9h
++TmzCgCnEJOdVJzJ2NRfpH+BHl7524DBZtHCK+i67ACPmhe3g7sn4hbiGk1lU5uO
+9dyMnLryai9YCmL03NgJ7oZsua7/qSqotmlsZtNNbatjg3nl7r9vojk/B5znd56n
+9JB5SYIxZMuLl1zZuksuKCiHKvIFXdqhw4eC2gimsnyXVvlbGBT7RA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234subCAP123Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234subCAP123Cert.pem
new file mode 100644
index 0000000000..4ab0bd9ccf
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234subCAP123Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 7A A7 95 0E 2D 5A 6A D1 66 6F 09 32 3C 35 A4 77 27 89 88 99 
+    friendlyName: Policies P1234 subCAP123 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P1234 subCAP123
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P1234 CA
+-----BEGIN CERTIFICATE-----
+MIIDsDCCApigAwIBAgIBATANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UEAxMRUG9saWNp
+ZXMgUDEyMzQgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBRMQsw
+CQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8G
+A1UEAxMYUG9saWNpZXMgUDEyMzQgc3ViQ0FQMTIzMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAxonRcataWmsQBYe9Vlc/Fw8CXsaN+DAnB1XBH2YXYyPI
+DAfebRTxQp21q6sz2LcepGnSvbnzkzsg0nfB84I+vWmI6q3L6ydRXjRtyppa5qjs
+Zfyknor/AdboEykbvx/b5zEBUBc7Ot2nIHb/8mxhw5WnO7EVxtgxTlx5lE0SZdVt
+uc7G6WVe7/+SXuVqYnIZkq460YcUA3GtoDCx2oYUDfb3rKK3gjOLI3nK/JslrmeN
+A5kujM57Tl5JwAXeni4XXCDLR0aYymGlaJqyeT/3/SvddqEJkByyL92IAvsbun00
+bjPiY5ZRBwsBSdqwtc8wNtPPsouo/HD9gsYuiec/IwIDAQABo4GZMIGWMB8GA1Ud
+IwQYMBaAFPb9qYwmLLTP1tPr1B6tkmoduyRQMB0GA1UdDgQWBBS5qlCBpjRmUWid
+Qu4piGrsHMh89zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAzBgNV
+HSAELDAqMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjAMBgpghkgBZQMCATAD
+MA0GCSqGSIb3DQEBCwUAA4IBAQAPH4fu2YUh72cgr2bFYSRtzSeoosntPN56/dcS
+GPRl8SXABmCu/sIYFZyfRnKyTUwKPObPm0kcokAnEkkMkCd40n0m9jjIJIaSuSvi
+NocDswcOdofQx4fK/w//iW8VevGjjhrDbNUattppOWcaHkOAA+UnycLCRPYZmNco
+eR31JgQ3GbFQD3A9GU5TvQjZkRUbiAyc3ETO/rCuF+zqZ6FMoBMJgJj/Q6pqVyIA
+HLCmwq9MTKuLDhSyUB8X7OBd3vHiuCR+opFSGvIYuFpsyA20Mdmni0cJSu+08BgZ
+xGsDyQtQ14ns++kCw7xSJR+DHvOKk8LojNH6an+IbJM5Wz67
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7A A7 95 0E 2D 5A 6A D1 66 6F 09 32 3C 35 A4 77 27 89 88 99 
+    friendlyName: Policies P1234 subCAP123 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E8BAB8F32EEEBDA1
+
+8iT5O9SjBr68ie7Ok+XKZX83jA0rNiVSCY+XzWW2Lkd1pNd0d05qvcBT6VmidQyU
+Sqq3MRX4DUsW2wpYeO5q00u0/hrbGJavdGc2R6VEkK7SLr08Fe/ajDEditrSf55/
+jAFj9VG8WS2TIygXZo9g29PQ6PcEiHbqyTlw7mru6UV024qoYIQBk0tBMfRKYs+T
+dD8/yVuZYLlb7Go2Hd+21w82l3prpm+EezT9+JTyPmzyHoy0898vMp+abY/M3Wt7
+XeVhB+AvxsyIiHXu9ao6V3W/icSFQV4XMWViTAPAw1YKVwie4M7Mods6Jt8qIgcX
+76TXWLEcdEwkOGyoIU60jJx0x0WCpFfS9oKY4WAG7Uy8ZRMco6n8l6flzF2+/MkM
+Fe9ldPjwtJIp9bOFT6DPaoD301sHQOlajFiKeK0Qa9yrp4VG+7hzac5EtvcL6r3o
+NLx1LxGnDno5tVhi5iPzpVw64v2dHgWNEhSzqvywvdhTLBpP3vbmJwRonYRiEvnY
+FSFbJ0kOSh3/wr1Ngu8nkui7OCh8wK6ABr1bXvasuumR6ehz7a98OTHUBM4ZCY6I
+HQHRubFwS+RyinuXseisvXfDctp+e28HP6NF8g1hmSs2gQYLXgqZW6Iv3Fz8FGhz
+hnB1yELUIOX92e2MI4hhrxPlXWHQ7EhuwYhCNraSosRzRUXdEx2LoXF/OalHDDCm
+/YZA3Mq2yukes3b55BeT97stTqFOp1fIo/HkmEtqsjlfqXuDvnqqsjFjVR/OD58S
+hEyL3TIm9XgfgGZ2k+RwBrbCr8GGbgNWTWTk7S9IJBo7LJpkmtExZwolB9AWbQ61
+oHJHvB/REdNVJpeUXD7X6h6z52TlOCoO04BLp/dmFt5s3Xfcoz1uZCNn2izmhOpL
+Ei1WnbrzHzpcVLuqdt8jlYzieM6fsg11SQjbz52DH/nC3rRNON0x2kPdieGkU3Km
+0pEH4Huh3CTky15ilJ48V4o/QDgawLHbuqfIYHNWaLDEMB4XUNFMhdUu/A1OP5Yc
+N6SYqkgT4aZDsKkQOGMmdr0RBR9A9xRIiFWZlF3ZRme1U7bESkcpRbkiTXIxn7uQ
+yC9mecUBWrXSjsFS584IqSgdUvMysHMif6zp8noDQGj+9vVj6eUnxwwFXzcr8XoC
+sDUFS8Ujf0/6F/B/W1yMmNck0dKesUnoCWX/SW8aQvnU0ikXhWb+BE31XM5yJoJ/
+FC9owo0sHhzOuOkaI0Jo0lhdubU992iBYAa/bnTnkA+UVqQO3hsilcKfrCQriGOA
+/s6UIjdq3t2EqqQtt0ckb/s8n9ljMXlWwx5mCtU+oUnNo4kKCiq88zHDcQ8oXYmf
+gsojfiUMGyM7AYHP6xm5gC2u/Me6QJlFQ/nvosaJ+w88pYZ7uJ9QIXa0mCYbr/jI
+MbJ0J50RVZ+8hT4Y2i3HY3IudQPWaWdRn2XgfYAwjtPTNwIN0CDiOBRvqU403u+i
+AkrT+cN6k/PYZnpFdKp/IBdX529ghMcHFrChq2mCgdF0SAEiLtZQZcHC0sKBNKrE
+jfZgBRH80Hr00SDzF+PzMTnDc4HY0d0s6yJ8H3eivRasK9T5DzgnyA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234subsubCAP123P12Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234subsubCAP123P12Cert.pem
new file mode 100644
index 0000000000..cf519d927c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP1234subsubCAP123P12Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 53 79 7E DB F0 15 0B AF ED 22 CF B8 D8 1B A0 D2 9A 15 02 EA 
+    friendlyName: Policies P1234 subsubCAP123P12 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P1234 subsubCAP123P12
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P1234 subCAP123
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYUG9saWNp
+ZXMgUDEyMzQgc3ViQ0FQMTIzMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowVzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExJzAlBgNVBAMTHlBvbGljaWVzIFAxMjM0IHN1YnN1YkNBUDEyM1AxMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKLo3Ua2Xvxtv8WZdDdpkpPFPN/U
+Z2u0Tv18NRxpPcmDI2pHWeA1cHyYL477uK8uKTG4O2RjaJYV0qFuH1dHCPFVUCVC
+i6D77CObOpIBW5HiWykfHK4mpvjavEJ9t0rOOXjBTvloIpT/WaX6J6Qc+M0I3DZj
+D8NZzTztV8zE1VDHwcB24WASkAEIZ7+pI6yRrvJF/RJ+xFG1Bt+XmbT4N8t8Pm8n
+pdYEhOp0tHlMBwI30pe0jBB87UAuytxircSktrSPVl6KWb46zj4kTwIazBTlEQvF
+yXNm0eDWzqnACQo6mETSLB8GSAftaDLmKLnDvkgn3yj3lxBl/wTQ17Q8zdMCAwEA
+AaOBizCBiDAfBgNVHSMEGDAWgBS5qlCBpjRmUWidQu4piGrsHMh89zAdBgNVHQ4E
+FgQUTvReofkIMHtlrJLAEQss07SWBx4wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
+/wQFMAMBAf8wJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIw
+DQYJKoZIhvcNAQELBQADggEBALy8qNbHDuf2apnfU6p0pR2HZtWwv9CjY8NlmhEZ
+ezLvgB5yODJvjYkKNgvU6F8pCTLTDhzpnciZ95rbSmPuT6SgcVM3LA4wNhwesgnH
+70TMBv5ArkIaYoTgizJNujAcE/yRJ0nypglb0p7Fscuj6HUSjkOJFtt9hY6JhnYm
+sGlmy7/yB4K30tfCfwqUx+NprBFoh97jCvzFLXfC0BPVAtfl2Yzv+CjTAEL8RK+P
+wqa4jaQKtaotLSTRtc8+Dm4Y6FYnHLLRsPHf6sONiL1RZn7w3m4srmjf0yjCfoPK
+6WuwbFboowgs2XJXX4vtEvwuME49LwdlGo8fxbw1zt85bTI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 53 79 7E DB F0 15 0B AF ED 22 CF B8 D8 1B A0 D2 9A 15 02 EA 
+    friendlyName: Policies P1234 subsubCAP123P12 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FDCD4B8C852BEC2A
+
+CyNbcokXAIxoPuGCOOBU/hPlz52XIJnO4l1FugvWwelVVyPM2CzjI+uu6Azdb3SF
+UHem3ki6T4tBk0uPUjl8fWpRLK7OsuqReYcH3E66scc/e082a9m9A2fM7z7H8ay3
+cg2cFMtcZMvw1z11UEp41aFzF6PR+DuoEUN+inTIxWzXyVkLxDilJbwbbuj80+Qc
+fRA71TQZTEuXF135jtuSztpYH6BT2dcIfP/XcQ9QOIfSUK2ahyeyxOF9FMeywNA+
+NFF9kzGFaL2u3SKOgfHX2//vl4O1nFq0MhDimA4vNzMhM23h0dylHnf8vIgf0MEj
+FLnPC8i8ih01AEeQrRCCnH+e7RNmAdfV9aMvsINkHpRtHv2kHusBO61og3d2XzIY
+bVLLwIyAeIUvmkv/sZZnsE4kH9gW/CsJdvKta/IK0luwpdTNc1Ac//QkFpNu/D9J
+UpjMjWU/z6CkC372BJzmHXyuoyuhk8zLV58gdLvv57YfuytIYQpLRMmAgrYjDXte
+aMX4k8RTicU5ji0deAxCy++KJWN1AxpahZuwa2ngJhwRhR3sOFq7LKNowmYgWuwp
+/0fRgg+Z7AEY3Uc7/Ls6+Bao6cJdolKBXiOLAGnJHchSoJtA9dO7EAliCEA1yOtm
++smPGSAGRDPWUmCxFhUXK3YfAgVtxl6sw9h4BnrVFRLo/MrlelQ2QZ/9Qp1irXp9
+L1eyLIF0JICiQgBgXYYQorOVT6j4kvZ8y3l2wbAjXqz/6dykUQwbCMezbsV8rYt9
+KYugm8CvUml/pBjW9eVj5KxPJdPCQGfyWI2cpT8PQnfqzYTKWX4mpRp/3zW1+9HD
+ks6RNvc4D8Jc8kYCBmXFc4RMdeubCBgYwqvBqFvp8YGkRo2+uttyv5vNBQpDBtvj
+6tCq7iwG43tfnfPEwxcAjc2cz9z/2u1ZnSlhzY44l7p+08x3vP6npvMQZF60AgfE
+klEnXg3d3lIr3c+vG5qtFFyq/ryTBlOOygNFM4MDcdMMRR3Md9vxkiV4YR7LFSoC
+u2J1ynXOrJFQd7M669XMXsXYRE15uH/iCAvOpAaYjPnla6jC4wYwD6eACiOyDaZa
+Dtk4bP4AJn+oIdBbua2z5i79UYRbrYxG9rBnKoP86EuqKZHA9PMr9sfeh9Cc/Wqs
+RluoNVXCS77qM99c1S+BTpJg6anyCb5vU0kFqXPMST9YUwlPFjPy4aqmFbf3gj6r
+WO8Ba7XULOYb2KiP0b/lXC61ANbXTj/ot8YE1dyVAW9T8vP42PS8GOW+fB7eZvf9
+LZlFXyNaiJ9JukLZxxvUcjiHJJlGLhS4WoZYXr/OF3Bwzp2H1rWT8RoxJFpLHFaE
+KWZsPKGQxnOWWs4mmC1/5HEOuUZoavNikyVe2QTSphQKyhV8n1+ey9cpC8HUH2Xh
+qYdSTOO+3njCqWugAerkTHpe1Q4FIOH5nqkEbH0FTYxSqHW0NHOfeLNdpI0vHC/7
+z5dtSMaNR7W8TxvnLgilhGrtPbQbZywEwHQy891/uyI5DtcAkaMg7RjOvXOwla1S
++yGgFO0q4BqQHUE2nbwojnTnczk2sJnU8Adsr21mpxlDXMGR1dyy2g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123CACert.pem
new file mode 100644
index 0000000000..597fd7e53d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C8 3E D7 01 6D 13 E8 D2 98 73 69 3F C1 B5 20 DE 12 ED 21 75 
+    friendlyName: Policies P123 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P123 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDsTCCApmgAwIBAgIBJDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGTAXBgNVBAMT
+EFBvbGljaWVzIFAxMjMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCffODGihp4HxePe48+r7DuaPS/JNmLYWY1/38FcOJvrd8p1tZIEpi/bgjs6JdW
+n2T5FPfFbQaRiM5Do/3VH5oWxQIZuJi1Wwk1aENpSUZxyXhTDERdgWiMMxWi/4+j
+IX4xb2PX39awlmgArgJpBSHI3H0uqBYTOG9+zt4RUhd5aXXmq6boQA91euaSmXaG
+Y18WP4ehf55cJU7R138Ngbtne1QTE2DX0Z0ylBfS+dWSDnE22BMpcI2I3kFE12Wr
+1q2yyAtWIsN9ZH/DONL1nqUvqRw+boil1ELtr7QSlBFlYX/+mPwnDOJL8kfjRLlj
+RVZYzVZpPQBxkf1P5s/VWMuHAgMBAAGjgacwgaQwHwYDVR0jBBgwFoAU5H1f0VyV
+hggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFIwoCtoNCRRi7j09lrhxkxKJ6uhjMA4G
+A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAwMwYD
+VR0gBCwwKjAMBgpghkgBZQMCATABMAwGCmCGSAFlAwIBMAIwDAYKYIZIAWUDAgEw
+AzANBgkqhkiG9w0BAQsFAAOCAQEAK0X1I254izkWRa0Za2Ur/XYzrvZO+EF6AECL
+1EX1WCaVHxWawOIgZzfJpUHER7b52m9Tn6iTwRj+jJ40O1fjpW77TX+ooe62OgDr
+nxni6ZRq+aq6epkwe2YtdcIa+Qgb8PGKwW/WR0ucI6FnG38fuKa3YF6dzQUQKptH
+CWLoaAdo7Bb4R8nqdQeHFX1XHp8Pqw5mGBCuFAIr65gE0cqlefFs4fS7aAISF2rc
+ORHW9/7kUT2subzmmUmuzbiZHmO9cT4ozph7hrjVNjtN7STrU0PBEAHPw8E77usR
+KXb0M/xu8T5bHkVo347HGIsj5iyt/B564Swpv+BJ5ZlQwIuJDA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C8 3E D7 01 6D 13 E8 D2 98 73 69 3F C1 B5 20 DE 12 ED 21 75 
+    friendlyName: Policies P123 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A8B3D2D8BA3D1809
+
+zX4miwYVKvslNFPRqn9b62pmO+46k9RDeD0S4Wf3a7AF7oWdDJ6Wjpp9PYthCefF
+jiUCOFzR97YM/hRq/PXk4Avae1e6DETFo71Cdqa9DQA2j/HYIPizYIst4E/sIHoI
++xj+VmfFPT7ACK7oRYtS9OYwUoxm1epckuQD7xpUi3sLq3t7U62qj+Rz0MfPY+1D
+7m5PWLFB7XfsqMAhx+eEPttvFGCQBennS8LBdoso2sGvt1BVvDGmzC9IGWEbb0Da
+2GlO1b0hfoLgywPtMLdfguWKtaQrGktUafS45VOB7bqynq9a2SdBnKMh4cRBVXBb
+TSG1hMYPo2nRm9COkDx8FNt9zTWi8SwnG/mKHMtUc8z5Rtt7jR/hBDPTLKi9X2+x
+UEpApfnPLVLGlXlxzEDlj/QsU64c2YHZr/Ph3gCh0IIJ57BfcnQowY72gqRhM14A
+BRbiPYtMXu4AxZD4E29OJeD6lnqQikgcrU+yLKvkowoMmvBM77LnqweS/Sq92rP4
+PetuKkC/poHDIVdE3ZVuRozdEWz6pkV/skV/cjWVDyMPb6DrB+EkrBFjcWGsHFns
+6VEMSGA4GNc6DVILbkmDLvxbZbJ3db4uOiK7dT624ZAdZP5FICpcSM9j9dorijUN
+h4YJDhMEaJfAzDVKQyl2rStvTAOKVQBOAuFpr7tOyumc7o9Y5PrwcslAAXLVQhh3
+mnKYGjyK0lL/ubZcgukTDy3Xl34HCQmKqO1yBK0cs9d++mGEkhlDN+bFUO8+uO5x
+JMMwDeOI0s+zm2N8vposIvteVZ+Il/CbvDbqNXLRrsPMEdwIeRdvL2tbMzjSCWAH
+5JxTsUROQH+i8/+39/rJziJdZB2J3+uDzMEaVwO+vYoW3Cro//m/Ri26DaHaIfXb
+SIXK+oAUKaGoffr+NKLnIYewDkg87eiIgatr1X4qrlFjMF+8tvSyJtJ6JLlJWbwt
+9kv4iJohyL8YZ+iieLL9xr2iJ0Bi1WQtBcpfjXhqVPaQiNkY8sg2kWq5MdB1BWp2
+yzJm7KFfYWsOtGbgqtEMCPp6VqXZaM52cNqgb+bkkBsZNRO5WLA0GFhVow1vPUtA
+sJS0NnVr7LYqrsKdORAP6ZQ3jF8OVA3eO3RiNFwSZLPS5wNcFV+G+oT1DfqYwLnc
+S2gSzC7XX4LO5O4THH9Av/3i9eKIm3xIwLRwhjV1i3DRuStlB3wo/vpfP1IR1Qd0
+DVaOd8kLy6asWD4lWeZ9QZ+cFnJxVPZnSF6VoLIXApCr7QU2PfnKw5yQVjK7UfqY
+nUWhQrS8SnOyF2MDWSfR4TDP4Nuy3ijsvft2Lz9YmbJNWnph5eTyypNQ5Wqz7vsU
+tUXEPplGoTFyTujfNa419DJZcJ0CjXjAtTJDZG3RwBCTgtN+i4A8vxrt7z1JID9d
+JOq0Bylps0Dj/MYe87V9tXDyLAczt6l7YTlvwZEBDSUWvzFieAQwF90RsSb/Gojm
+SLy5cAUDxBJgDBGifcYFe6a8tMbo8cskL3CDGhVYIMyJx1zlJexYYybW6M227DaH
+0zfU3J5n2OiVhhqwJ+7HapaLS3hiY72s4NwJT5KZqdi0k+g7ZxW5OQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subCAP12Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subCAP12Cert.pem
new file mode 100644
index 0000000000..d055119eb0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subCAP12Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5C E9 47 35 0B 67 9B 93 0D F6 10 12 23 1B 71 FF 26 6E 32 22 
+    friendlyName: Policies P123 subCAP12 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P123 subCAP12
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 CA
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBATANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEZMBcGA1UEAxMQUG9saWNp
+ZXMgUDEyMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaME8xCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMR8wHQYD
+VQQDExZQb2xpY2llcyBQMTIzIHN1YkNBUDEyMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEArUStqR4b0h47BHbAWPMcIloYkfa4ASeY9bqzOejwnoJWbjR3
+80zGBLHB9BpGM658Nzr0hFJ8lgPAOnAoe3CzHSm7Inkgh+G0LfIFiRh8QpJagzmD
+Drz++lB+0iW9NwnfbxgQz6BlnddAWAY8Za+mvx1y09LE1r5mkfl4+cZh7pCSLekv
+eR2rw9nn9IbovnEg9Hn2f0JX586nNjL/3N/VB94OcnfZRe3Gn4UHlZBxwa6RplSs
+uDweO+g8oPN9QN9j20CP10Q22JYsZuvHPE03hjWylbbxcqrpUIDKOyehygI1K6K1
+7r9CWuSrRzPcQe4ccs6ef+1PN5WZbm91NAXWPwIDAQABo4GLMIGIMB8GA1UdIwQY
+MBaAFIwoCtoNCRRi7j09lrhxkxKJ6uhjMB0GA1UdDgQWBBTOANr9qpNA+MCgea3B
+eM4d1yf2njAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAlBgNVHSAE
+HjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOC
+AQEAV1edqpMmp2JfG73MOcPw3zffoQYGSf3UlbJf6rbmtcBwiKzjYvH2BqvdD0Pz
+wx+Ph6rRvTyuqF6XkAodMYU343ZnS7b62wtlx0XhoJTGSeinwsIFQsVuKdTfdQgS
+bSDGI4QHrSzjyjeFdk4sxyP9kGcKSqqwxTGJ2XWDPV24WWm6oeNkBOuQV0WmUigF
+vOBAohaCXhEyIhJrp3vYT/hmL9hE0BLgRO/mgYaZQq14GK8E/LfzRSA5eBQCCQTc
+iTPJ2rMVXMV3B79Hwa9dBuXpfVCNfafquNa87x//iBZ8kTREbBUc6mRQzpGNAnOE
+59OCcPtzlrEhGwmwAe14N3rCwQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5C E9 47 35 0B 67 9B 93 0D F6 10 12 23 1B 71 FF 26 6E 32 22 
+    friendlyName: Policies P123 subCAP12 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,395FD27DFED18F38
+
+3AYCS2UD9WpZLkte/nMex4XRtt8hjokNHYT7DBRmj8nKR883SWC2u3cWQS7smc4E
+lpxM2FAvOdmkKn89bYVM1WmD4Xw5/YyMIs+49k7jqXU0gT752wAPthGzaW2QSCHf
+p9QotZvXPAz4OTvCo6EU/roSoYw6745yLvMR35b6jkVJs5YIS6woRM/sTWUYsLj7
+gGjAFarbqXFM0a9sUAll8K5N0j9e5e7mtPLM+9QvaVdSKyjSvPQbNjuq/53KM8fj
+K73sELQvnKunoC0Asw7j2DKv0U5e/CKODfiY6mnYuYrPCZGkgCtNG/cco4/CKpwh
+If2fCUYAQggBol0CKMndFUr68NTm1lhxY4G3LdGsFM46xZuEvWOdubPQTbNer3C/
+yvhSPxkg46Ow5CHQIGxlJ87DTSkUjAKtsX9H86xjwswO+ddCis6yMEHDYg+4ur93
+XsfoHsly0V8EyEi2G0nvHMmQxtd5XvtI8rw4yMaFxz6EqGEDugUDodVUibtMGqDa
+9lnBqT8SdHqUSNyN2SrpxpPoAouGmZfCcpN6IzSAKolA/mojTAitmm2dveDdX3f+
+k259cz6X8b7ZFKSsDR+3gryUuE8WZd7GMJcU9fiw6+uBVAZscNh1MtO6ve26Jkdm
+lvHe4rtnk94K0Kl1D1AmXgZEB/n20kV6TT5w3YZf+vcf8nXjX1UB413bmH08sU5W
+oZIVsJSS+EB7xVteojpwauD5cO2OezeT2OTdY3byC22d6GO2OnJeKPoawxhES/hz
+kJJb7wS4BDVwSElUaLW2eWWua20wyHGjbXktzFAMkL64ANGg3UBKel3A/wXWBCnZ
+8anX7F3kplo6GNntTuE3ccWbvyVVBgLOKFwjEkFDaFzrttviCT6ClfVwLnIMBCR/
+D7V8Jj0QYcqgkWQG+N//xNXIUYER/HewIut6MAUjDT0iIVBbjtnrMbntSx/LyvSP
+1BVN3HxcUdalpSqLsONVQA4bfYcjXSzT1hqKbPISt0DfiAjNhDpggTo59JSSof9a
+nOE5mzarUlwNjlg2ajpjBmp9EfS/n+qeM4zS92o5JP6EdbpGwBR5pLpc6EDHn7SY
+YyZntBkdeFbaJz1t2ZtUUwO6/HbI7J33Aj0I2qSK/eu3aQJedKUql2/ke/YqyKxv
+GWmr8kfOr3upBvEwIe5Qv6sYPex/1ftWFyzj3+1BSf/QNr/NW5E5gxmy9UpAxfcL
+grJ5qHD1YOcoKmFC+oTFrTpdGGfhnXOTpvVS5gOyGrKkxWg8he+G3pGsy+paJv0t
+5dRo5SbA2T6Td8QL658aOPPeD292YNFiNbjckyiJV6t/vVDsqhp97rAsRh6sFiVz
+x9SoaHxAmAAy1itF7CLZsURN8RPyWREg7Egx8aHU3Oe/7VHmAc1pfMZFygfyw2TA
+ZUfc9UjQtBe3o3IkWzKxBWkNZWPwHm674iW0/NnyyVJDVtFWzxUgTS/ADwUEVHG/
++Y/0e+GhjxIMfiXrwXY3oJS8e26AfYhqJjwF+0t1FRydqg2FCAxswyIijixOYXgG
+s1UBAM6VfRq1+/OCVLRTJjVMwYp8Y/yzHD2haRkW8V+k3wcoOdPMYcSAMIuPZ+BJ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubCAP12P1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubCAP12P1Cert.pem
new file mode 100644
index 0000000000..2fc07c16a0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubCAP12P1Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 73 DB 79 6C 63 27 D1 8F E1 BF 95 2A E1 09 E2 9B C8 07 C6 68 
+    friendlyName: Policies P123 subsubCAP12P1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P123 subsubCAP12P1
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 subCAP12
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWUG9saWNp
+ZXMgUDEyMyBzdWJDQVAxMjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MFQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MSQwIgYDVQQDExtQb2xpY2llcyBQMTIzIHN1YnN1YkNBUDEyUDEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZCOQ4P6kmZd3Oyodn6YD0UBbvotH9OTHX
+5zHKc1eekUGMMH3CRQgj0ze8g+N44aG3T3gVc7QNXpWnywIKQ7kaBBdYUwbE2vYX
+v3vDPK0kkR3A1r5yPAxO3fdrGSiutntn6H3HtGesSVfwTzvVijwG3RT6SfozXeLp
+Od0+arrnmh9QJQS1xxECCul54P/LhJCJlrzqA44b1Aox41nNtQLN+ySjQxX71Wi2
+5cxfgX7M8ZJ1AmQrQbMG+oUD8XPihZ373hbnQIHJoo/evgHpoX31Bj1wgw/ERVT6
+dg9GWwCaV9NML0DFGPmFwvoRdMQtiGO+MLw5yRlSrspde+HLbAYJAgMBAAGjfDB6
+MB8GA1UdIwQYMBaAFM4A2v2qk0D4wKB5rcF4zh3XJ/aeMB0GA1UdDgQWBBTkGz5G
+t+bIqdjt0TN/BeHxXRIkwjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIly
+f4oOX9PIzpaazE/Fp6PRRFXhCQaiSpPoUU/ndYBiLKY+6q3lCeT1NUaeO1RApaHb
+vrV0ZSSoKMoGChHAQG5Ewdo7ypLnknAqzxcDVIkF/DtSFjtM6x7Dd1qqF+svR0ql
+PiMct4NtcOHqtBLgmxPl6hoN050aoZovYWwQ/ZBt28khebKejAfT3lmAcW33VyKw
+tN+J7roGNPDXfJjSSHJ8eYDkoJUGemFhDaC0dwcqE1VjW/1HC632Spx2G347p9/e
+k0VYMAzGxTYk2nsa9zaKrLb5u5a9kFn+0tuFOdUQkoAzoptWuP1YlsWNuy4I4F3f
+P1+O4qZj/ChYIwALJ2A=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 73 DB 79 6C 63 27 D1 8F E1 BF 95 2A E1 09 E2 9B C8 07 C6 68 
+    friendlyName: Policies P123 subsubCAP12P1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B17D0ABDD5AA93F6
+
+vooo/LY/GZ+/kkXY3ZFp8gXZwEIsDFmcLdEVy4bLO7hMatwv2vp0dtHjjg0Ls2Qg
++1zIjL8Z9xJ0hOGhkILrK8mSLAZiPg6CFDmm0DcK/OtMfB5W/Wu7ipDcKFoHSdlZ
+bIanNeODhiK8/nidSiBC7xhWzMpG7bzhccJ7hrpdKhc2z5D9ZSymLqTGQy7Nh61/
+TwDtVwugt5QDXV+naJcKIyGmeksmbvTPDHAjumBbk419s/1lJXj37M26cwAR2gDE
+ht5HNF/2ZiYobDKxKskhMfaqe0aricC4dsqzkO8BMnV8ZFFkjecQ1X5SQPtSn0Up
+mLoI7q5LN+3Y4u3CVTF/f7ZI1mlx5OCaJieQFegFKM9faVAPN8PONGPb3cf7qp7F
+sFVR7uw+nn1Eo96BwXXXbMA8/lFLNUwgS3gHCOxSsNvnuIvF79hiN2HIAtEm3BEB
+ynvJVRhForcEKWIk71Qi+4LEJR45TpJmX58ugfo5c9ZVAyWstE33qdSOq86inIqp
+OAxwvOApCwifualLWzwmL7NFis9TPFS8rNxQ4jhRi7W/OKcfNLLgJCL31tSsJb7W
+RxZu5E5ddzm+mdQI+TUN8kDYb4kxBvBE+NT+AusBi2yQYf4xKRLOdXlNSS1fSnj9
+fQAGXa9L7xccnBrcvMy2EXPhKq7EhH4dKp8r2SKB+2Dd9sO9cqEOPUc+ZqhArOPf
+x8VzV16Blx7P4PQ2PflpcT/QW66frdHo0tT2jmkdmH5N0kjdrEO9OV5ln11pWTsn
+Z6YlGYey2HQoRflKimMWM54Iw/3QTkhngCpb2RoIerclMMzLTddtbVQIN3Zv/KOi
+fIBofBUqIcuS/HXWA1KSlyOSd4giQX00KF5mtCK0h0aBTTDohjHjvXiCFVlTKz1u
+z/6qSTntwZEDrUn1iGNOlSbIq3o7QdGjIx8k6nNWIjPlmEvd5jfkFWm7XuTXYJ9V
++Of1e1Bj1fPNSzakrYcrKNd9Cwxd6Jm/uRxm0aVVZof0pN3S368pfXGm8sCUOXJ6
+ZQ/ohRnnB8rex/1wd8cASyJeVRissm848/IFKiL1C/56sPcYGiL860Gds6CpTbAo
+3RGPqEW0yVeaciKnuMZX9bpE/POrDF1BaLISWbfwHb4Hj9/8jEc4ni1gthgNmRYE
+bEhXsx+Cm8bFmcJ93wR9IYctdPIU75vb/Zzh47aeK4h6jJuV7fLRtJJSH0wmeoJz
+VxtdovojcZdtBCod/RjAI32JU/LKy0tyb+RZAtig9gv4OXWASSOGv5SJ7Z7cWoEg
+2XiDT5tgMqQ43YRB9ju2LC1X6daQ8UPV4iSNueJVMLv2OYE2JwQqNx+gPlhQ7HNS
+843ENYJ35MsMHsOzAtF5kh0HayPstuxXy69J72wsS7puljZM7KdlqG1EAZIvpI0g
+eEkAFocdakBQW/p3OaamqF8fyiTBKujRH13FeehzliQ+IlG1iiDEeb8nP3bvoxge
+U+4NGaxG3ePgpGMuc8Dv4ataxomuMCnbfHZOlsR45xq3s9tSUwnHB73Up8+KPORm
+IJvN0P6/m7rHRlIlwpL/jTfhU+bqMunkOhkaocXUwcZgBvY158MrWocIxQkV6ln0
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubCAP12P2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubCAP12P2Cert.pem
new file mode 100644
index 0000000000..bb90437ad0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubCAP12P2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1C 49 34 7C 8B 44 C5 12 A9 C7 8F 64 2A AA 52 59 B9 69 B8 B9 
+    friendlyName: Policies P123 subsubCAP12P2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P123 subsubCAP12P2
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 subCAP12
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWUG9saWNp
+ZXMgUDEyMyBzdWJDQVAxMjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MFQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MSQwIgYDVQQDExtQb2xpY2llcyBQMTIzIHN1YnN1YkNBUDEyUDIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu2XI0p6/0X+8rTP8FMrqJKjFC2fDJHzer
+MYV5HGjBMbMVJS1+V+mjNrjefbErnD4OlZ6de+ckdTZBMwn7YYcNw0W2YAX8gnXZ
+GRZLEjGbqvVJFXpHsjrwNdftP3k4MnmnvgeMJ3T1bmUFiwStmf9BA/qWpmxblo1Q
+C73IKSRfvOQrKm2x1t9niuBiDFBsEGuGbW+oGMyV6dBgrAfEv5r4RIqbcybqBWWI
+1V2BVFPRQGpIw9IVo3nKY9JU0fPR+m3gB1RozpHVvuHBEyAFG+6QLztmWVcrPXZj
+PC0X+q3JMhE3O3N2CqeeqBRCzJCd2hsN86rJztJjJzhZiM4aXChFAgMBAAGjfDB6
+MB8GA1UdIwQYMBaAFM4A2v2qk0D4wKB5rcF4zh3XJ/aeMB0GA1UdDgQWBBTp/LZe
+VhROBh3RMv2IYGsQ+AUbaTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
+/zAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDQYJKoZIhvcNAQELBQADggEBAE2c
+iEnVpboWIBLYhAY+KzMng7Bo142+HWiVSgn+7nLEXXODv80Y0OgvVplxliiO1D/s
+vCBHuFb84tWG5aIo0tZwir7dGsmiXxUvDBVySLbfftJZWK+NpcpBif1s0E5NOaR0
+Tj0wutAl05tSoZIH8AjZrBVsLiUt0HfYKs4ntAvcJC7CbTPMG3/8NWmWvOcfWLle
+sJUomwPMw6990m4lPLAGiKnYEbb8sy8FTmLdzLuI/Pxgj4n04J9/KRJW57dz42ea
+MfJI9M2gG77kMk0UqmPp2U/6nJkhPfiw3OXDQ+pOvHHG6UFYw99dxgT7o0RDAJHQ
+vAf808JCcAlN+EN/7kU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1C 49 34 7C 8B 44 C5 12 A9 C7 8F 64 2A AA 52 59 B9 69 B8 B9 
+    friendlyName: Policies P123 subsubCAP12P2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E57103BBD873AD10
+
+7BEFF8bzxG9RxKtNqMuMrJx1c+9MZyXyWivnDXuMVUeCimHFdFYc28G/jNDJnLPj
+Cgv+0Sq0+pUJ1X8QX19a1onk4dMGdwbn/UsyDTFiZZ3CGKCx86LNEf+krJ4KWvSH
+CkrtPaHJGgFO3yEF4abyYJ8ebv9LIh5zIT1f8jqQv8lNX4ZCjCGD3mNHUucKl2Zl
+xLGPZciqDnVNjmtMn2N9AnwPO6BQsD+WZgjMYV/YRHEE3+Qk5R+QLqQMbFJfRHCf
+eft0u1eBiO7S3qkXRmtm0ny+WrFITZ07RWlbTyekU5gTG6oTIU4AxkBQeuZ4vk6j
+Bi+6JZRlDbC69ND8pFl874yPWM8RWwYqU7B20erIeHr/qI2qUkDtxyeDtNBLCYEh
++hSNh36fZSS3c+wpPv/k/Wy00J0KwvVf2iDGCwvD7bzZJ3E0sDsRcC0FUf/mZTCq
+HHXxj3SZeuPSyhvyNUhmZZaDvsS0LBYxKj7sB3KNQyZUlbOg2TFrUjZyR8U8Moh5
+AFYKwyjIsMbBusZUUwLonXtSuN6oMZPjGXtzHsSYP+Rgc0EKxx4pqpcz6+2hvYJT
+q5YMeuUeQwNG94A+EG0euhxUDjJpFQMmz+6m2YPFmIKD9a2ff5DhOgFFc5Vdn7Da
+J0IygiB1BYi4HCiQxW0+PVOx6Fgqm7JIX9FGvSdY1szLtOk8fpBb3AaBqrAUcwYS
+oseQ6GSJ3eFvuzK0Xrjfp3jcnz4wDNKYsndNR9MsKvdmIOlluZ3apYMg220FcTmg
+QVJgMXHuuBVyIYeDClyERfYph19APnkg7FSoS203UkwSQDVka+b2kpsB75huiL+U
+auAtHG5hbByH5v4B5VQm4UI10vy6zSCjAkomWk1Ld5NJNWqNmXGvEwzEzmz8KsU2
+Hp42y80X7SIeCzO7fdDQQrduDg4/GWtNtzCXCIoZQT1JQkHiKUr1lQASdI6krFhb
+vJQoE4/HaCuwZXAYurClp2cMpcpzNleGgw3C7MkdiYkiVTmg3OxEJLQPxibVVjI2
+GTbHdCib3Ya02lYkUPkbfdSdbRuc7x8bJWXBPuFWhFQTQNMJX1fmavqcNBJk7YoG
+ROz6c2cmt5J7Bss476p/dw/cfR04/PNUAgFH/lnFXzYAYhvYWNKlGqIJuZbcgyly
+rZMZkROnoYP+3vMA59u7TLbggLcco/iHa5dA6wUNA+Vru+vwNdwP5OLaAB5cSfES
+Yoorx/8mKekZYa0SFP8LL25heYB33iz+UxlIamH0VsjjDes/MFg7xzldYLaIKF42
+JpZGQDLi/MVWVQ3JW8j+fIaBJY9vpkIu73Fc1knv8JOQYY6AkbtcXQ+JCLrERK/O
+D9W9UajfhsuiR/m8RGySzKY87vCJ9/c0vrs5crJDO7AmMS5dbfwQqn9nqZekCU0C
+PZGwLY2NlxNB/OI3D8PVW68qVKLVhwc8xK8mNu3Jhu5zJA7Mig8b2xyYJv0aq2nx
+aONGptIRkAMsKeggPDKCE4y7MBgSnCFMdSQUmXcnztdSTKiLUWME5JDQyHQ2Z5CI
+SDTZZY6SBt1bb2DMI1EpP0xrVn9VJd0magit6V6gV83E3YuRr7bJTh60uCJ7h6nw
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubsubCAP12P2P1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubsubCAP12P2P1Cert.pem
new file mode 100644
index 0000000000..12bd21cad4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP123subsubsubCAP12P2P1Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B7 EB CA 1B FC C3 8A 4A FC 54 77 73 A9 9E 4C A4 C4 56 E9 9D 
+    friendlyName: Policies P123 subsubsubCAP12P2P1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P123 subsubsubCAP12P2P1
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P123 subsubCAP12P2
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbUG9saWNp
+ZXMgUDEyMyBzdWJzdWJDQVAxMlAyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowWTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExKTAnBgNVBAMTIFBvbGljaWVzIFAxMjMgc3Vic3Vic3ViQ0FQMTJQMlAx
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9X8Ddrh9jmdsYRFm28y
+92U7sqI995aXi5l+dZtIFpZebhYISF1OlBVv830ZcKZgW/npnqbTX4irRR/Si26j
+w3Z9DECHDLWGnAee+O/5wRNuSlbJzfnJfe+rNCPuy0vcAJhAfz6RmueuwyEdy5Ss
+isw92sb0e/UfqKq1ReyTpHh3Q8VDXse5kph0A753UY/1ZBZbPD7/Q/LYrRRnDhLr
+SVUOg6Mlfu93+jsuwFgcB8VIkd9rdbFIkuxS196/VqtycM+KYRlfYz9N3dSUJhzQ
+pL+xYfC7FRySc63BVFRwWYXd8/vmyrwpoGd8657RRp2/e4gp1avZZ5A4mYoPQ3Pl
+kQIDAQABo3wwejAfBgNVHSMEGDAWgBTp/LZeVhROBh3RMv2IYGsQ+AUbaTAdBgNV
+HQ4EFgQUiSAXhPusuwnX3l5enmj2OVAfQIgwDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQBzP6juBoRYCOz8FzuCovzw5TK/XNmUtWAVYOH3mqjqpP0BECuSVbuZ
+BaSFm8IoFE26babq9OQ+W6YzZd2hcJOAQQA6yLHs20Es3sYk+sWpduSgLNDpf6CE
+7PFzgvQ1vwnuTANNlNLQcoNQrA5OYD1bNLnmZlvenAidbNbWDORDTiyL86Bc1JF7
+gKJFTet6SFKnVugZKWz0qcexhJtdTW6dPS7yZ1/HJlc66/KGPvD3Lxanz/qY5ZP1
+lg/32kPI1xOtoh+sL23f7iE/g/UHY6+yC4Ot4ufgH9j2wdAVhkclavvn4y9yd3b+
+nHGboqWnBZgQOPY33l7TvzvZC7bKpT5O
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B7 EB CA 1B FC C3 8A 4A FC 54 77 73 A9 9E 4C A4 C4 56 E9 9D 
+    friendlyName: Policies P123 subsubsubCAP12P2P1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,74ED1B9167B80CF9
+
+Vfojb2l8T+nyB0oBZ1ZOmouMar6/f/5RaKVL4YbrODk7vnZWW8aI3p/ROvlVj+nV
+vASmxrVVQAPe/NkY741eBEjDza7hL+WMUiXUVsMh+M3iYUrW1HOWqyPBWpuB893U
+OQShF2kFJr6uquJr0lCv9VfO7mj/PsvvCU0R7B7L8xICPX/4upR9oYqvXYTCEvml
+wwfEkYgcGUtgUkMZL0q5oRevrkcZZ7a7IUAiuHfLB9/6MFqfLp7tlaT71YIJuceC
+XOpIFfs5q3MLGwD0thK23+Nd8XbGZVk+da5eOQe2PNbQUo+Vqy+AQPirTMhY+sug
+N5VbFFeFJGp4kH1j5L8aiQTZDj5AnHVX4Ucxo6taP0GypjPrxkUHS44vhYWG1OkU
+O9zJEY/pBSgjqBcLo7yzz/Rb8Pwa3rxMKpr3lffx8MTiNSE+zDsjVHtSWR/8oBLV
+7zL+NugUKQ5wZfnoNeyR3I3WmOqqyTWdVtxxYUOm9+bvt3rITYYWnfjtsoEfGtUT
+q5ZCf6CpHvZqx/AlnlpPGO/gwSWAWBd68Kn3JZ8gGwRCFS5VyMqg5M1H5LhZhq0l
+4wh6D2EiVyDiNa5Nf7vIzV+CJQOLtVCLwXsqzOiEVCTEpf/5Q8JbZgrawnquUfFG
+yG9eMXgBOaIDdjkUhrPv5vkGk9wQXHdGb5dQ56LTBe7RXVkQnrbZGyFF/UXfmWnN
+YpVIR0S7/ben66DxcTWRIG7URRw0zHXQ2WEqs7g5ha73UJc8/iM3U4kN8NCHzH2K
+AnKEew037xju3MZCNvqkf8eJNKY4z10C2PsVouZV9LC0mmw1diJ5PVXrQ1c4bD4m
+K1U0XMr5qU/Z2sm3WmIZA8Z/IBDkB+lkhGalexT1HB4Y7uTG5NO4QJuCa2EV+uZ2
+trY9T0rOOJuqi2SH/e0q4emLjEZDinJNnkzE9H3vOX0xRDPz2JrEdwzfZZiEvjct
+ODQx37tiBPBSWYurkuGSAv466gjtqW3Ob4Q8XJ5R/f+e+nJN8T06RYMYkJfpCEGH
+bkO05LWKQHMf/Gm61aMBpVKtxXn5ESHLc4Y8DbMUYrmOvUEJmcwNslk+Yo7iQNEd
+ZfwAawTElj44YMhmPAdEWVmpKW1952oprbb1AvDqdnABKTIuzWk1pi+G0tTY4hMe
+o0a/IuocCE54Qb9Oy7zusnQFqDtSsF6gzaTwDl7KUb2ax7BSJmvJJ0tjfWLJYPov
+FSm2yyn58sK0V0p4yxtURGAGk7+otqlHbKLo/bCtSB+aWRqw3QPpqIY0Eo2UqQUe
+vtQ7zyNbX3ExBQqNv6ZxTWYfSZloVy+3Ydbtus0xIdai13YhnZi7egeifdYoXNAQ
+8dsqW0n93FayR24R8PPFzBGwHJOQ2evlYZq+bo4A/RThQ3wsuI/1RTHSTfYnuzjg
+ekj4Xd7Ly0EmfOLOd35WB8s4qSwJWGQxO0gKQHZZywJpk+VDZ/olOcwTHvNmiDJP
+/PSs4OUFNm8btfpOmlfqfbDxwpFrJt0RJHZCcrh8pgg3soKKqhw0goOAU+I2Di/n
+FurVfJv+rzmO92/dhdazwAAZr2a5S/FcwG7OaEmjBKt7NVuS4sDiJg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12CACert.pem
new file mode 100644
index 0000000000..90120378cd
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 99 E2 CC 89 93 4E 48 80 0D 84 E9 EC EC B0 1E 67 0D 58 9F 68 
+    friendlyName: Policies P12 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P12 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBJTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAMT
+D1BvbGljaWVzIFAxMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANRtyEq+rl+FhO+NHVJOJN2OiDDWN2do70bXRgbSRM+hytvZmhVtCwdDvrc66wSo
+nq+/5yMnEMw2SXzpsk4beZflV5IWBVo2TF9jdoRa73FMzVcDIQigT6JZUIGJAmTc
+VpfXbAhGXLpGdzCYV9GrkdWneOLn2C0vtKA9pyBO/60o1J5o3TMGfD79qU/UhZm+
+Up0jlotpuFo/wi1dInTyTWLLwQTOLHl92GCON+jQ7myetjCy5OPSi/YetgO1ivmF
+H6pPE7GClTgS9wKHlsdAKD/NvhJHRXKvUBV/IRo0wmYSbpPmDICaIEAT3jr9HV73
+XN4PkOkI8byCf4uD5zjHA3UCAwEAAaOBmTCBljAfBgNVHSMEGDAWgBTkfV/RXJWG
+CCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQU2F814prBNyomzoPMcw5wFSo64jEwDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADAlBgNV
+HSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsF
+AAOCAQEAkmpY6Gpz8ttXcYTVjZJxtH5HBhZZ4MQjPYWb7Yoz1Fg64BUeuPum8KIH
++KoyJFYJPmQ46Gop3uqosBj2S3kZ9zmzOd8PIBYiCn5iNZ5GzNhKvyOICWWD4nzH
+mIh0MLjON9H5aOKRPYqQj2R2vqyzqr5/YPPsbCAIj31a3XrEVN71161aPOn6wVMk
+l8/NkC+xtLzqpFxNdRlaAdmf7eT5MRy6J4GC/lf+YKp6RaPcLQTjlzTjF4ABxDbj
+57GFiSn5lzz2/eWvN9i0Eg6+LhCa42wJj2Iviruh+gVOqRe4eLjIyVcN3BwcwFCY
+BlFoAnTVg0CnLeR4swMjKUmHU3n86g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 99 E2 CC 89 93 4E 48 80 0D 84 E9 EC EC B0 1E 67 0D 58 9F 68 
+    friendlyName: Policies P12 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,477909ADC8726F67
+
+estbwupPlOnz8dKiSRcBipIkO9RbXHOdsiocDzIIoSd9mSxcV7Q4LkWq5hBNkbe0
+bCZwOR8QFGfH/uNTGkohgl21Z/m5MR3lirxC29ucHS6F55Z8oqMxs92RIsaNF8bt
+9vwRRRtEVofwuJaUovh817XZZY0RqWcSmmaEA4kmRTdAIzmxzCRme1JndgBiLra+
+uhS7Z7cj78INoCGX4Hef1ctFw2WPhMU4tDcTugQqaWARAPFtMjI13vdGreQHkj/j
+oLrx/MtPGOiDb1UXXHJtLX95mX+6AX3gCI+x8A8lgtvzPgHi1H7bnutlSXNlbFLS
+KKUwJTFVH1DYooBfiho3+7GLqjHBvT2LgsLbiuzNdzle/4ZBnL36ey0eIcfk3hWj
+vdwD18Arqp9SfR4OYBx6RQcevCkDZbeXI1iUyCbGPJ3ii1AfYtve5fCU2jORSWEt
+oZ35/cBwyK7qAYHaobEoIQP/qiapCBACHZ04BdZCbOKmK9cxZDWQM2lQOA47rrYs
+zPxhwOA2syyJsOOETEB9ZK6NwGHQ7A4pw5lybKZWYxXV76sZp5k4DK5ohbaOPz55
+61JkPY76bJYFYdHt0hp1OJZQm9uN//gd5MTHRwhVgR8p50Vv/1F/JoHSfKkqF6Nk
+YQRJ6q2WY+0dDwPFcq6dcb0vQtheShnpuFO5qUluxTzR9BIzUHRdYNiXCbL8rUhj
+uxmTHe5XmCYExo0ZB3xr7RWd+f70qeWQegUdsPUeHJ/BGdGQM2wOM5+JhhhIEHXJ
+HlwbCbp5AjfNxhxv0S1xU5xSNbXWZkFL3YcCn5ecRnSnxYvgx7WPDxTiIx7WX7AK
+UxpwAp720V52rg2tPYfiru1Ew/agJdcFRKd8APSf8+9hZ7PvpAw7YPyBX+UbggBG
+br0SyzR6ERfcJTYQoq5jRT9Wh+dJMiQ9RZaBvz+PUBRwNhzEM88zyuKYI9TM2T9L
+3kadHiAl9KNNGngJj0FamFNBhhHGa1d3x6/5dLo+oND2zYmaOjEiN42vBR73cBlM
+cl1IwBV7zpj5RvLRrIXQeEGirzPYQqI4Sx+v9s9s7k+Y01qEKNlzY6hVJS8cDHaB
+wy8zM3BVocNGw2kQ+HEviO2QnfULqUsd4fS34FcYXkLX1socBhmf2tOqSkztn+Hp
++YpJs9lQb2ZvAXSSstUghAJ/yarsFDmTFFY29kwr/sloVc1T7YmUlWfgLGlPqByM
+sV7IJG9SExfCDTLAH9Xd0XzcNhSsXhDzRJL6OtL6dZsPNS7vxoMVNPPzitMDtfau
+Oo5ZC6EmQNc1JcxAhXghQCrKjKU28eAbX6a5cjeqzvatmVvnfGWZNENhPVlPu658
+wYO5pVGT8wISe0QZqyLLMN8DMSBYZd5LT8epY13MpfWFf3BcTdCMbqSxijZo9ll6
+eWrdc/6IDKPx9wpyadrmf36/I/QNzS2VakhQ71z9H1QntqUuSoWewi29HWpgStNL
+2SRnRGRKygqy7kyrsZTx0Gjz0lXnQEUhakHxcFjReN5pkwbTpkmnqurhuXbJQhDx
+8xaoP68lOAlS+IWBWsBiMu3OoSC20hwnCPcrmrEeUrywoE8oLGtfqPwuLT8xVY/4
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12subCAP1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12subCAP1Cert.pem
new file mode 100644
index 0000000000..17d257c76f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12subCAP1Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 2A A7 81 DB 5B 2E C0 0B 4F 80 69 F3 74 65 99 7C 24 03 0C C2 
+    friendlyName: Policies P12 subCAP1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P12 subCAP1
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P12 CA
+-----BEGIN CERTIFICATE-----
+MIIDjDCCAnSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPUG9saWNp
+ZXMgUDEyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNV
+BAMTFFBvbGljaWVzIFAxMiBzdWJDQVAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAw442fdRTg6Jv+ElCoFqKteS7oejZSQ2gkdvxjcCLHsujyZxb1Uoy
+vAnay9r6w6qOTgsJ4I1YO0XSRJo69S84jF2Y1/M8CdYS/cCIFVLaB8dOFz+c54LM
+gVkNJQGCDJJYmGWWVIvs/yEPX8wIticxl6EVBq/UYhHHq1bvcHi8N2g/uzn1LHWY
+rW2kPkXNbPkA0yUR07+sN4yL+xdi4Lp7IWAYqFgtW9gsQDigqeiAS33gTs0njsdZ
+6omNaJpuKil5y7ml94/8QJ5iJ4V1MFynga6h7fObSMvW8xe+CQY3TPdUe27z4Jf1
+O+ndMFxWgv3rskq5nTsX7lTKjKmGOHB8lQIDAQABo3wwejAfBgNVHSMEGDAWgBTY
+XzXimsE3KibOg8xzDnAVKjriMTAdBgNVHQ4EFgQUIp7XDrhIzgkOOl2+1k1YI1aN
+y9YwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
+HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBQYlzL2nonRz75w9lngMPR
+kh+gIpr+MuOWEaWVYdYv61En2N4HIYxum4dXM/lobJlD3LtNfAwY5MLSld/7xpRG
+/KGJ5VEOg4f5J8cnBoBSCHKJfm+udg1wYz4nsIpsoCoUueLLnaIsJNSIVH/OrcGx
+wcWdKax5udzVGm7v+IKMyn3+S1By3VUACGY8XyGtzeQB4cR2QrhRhoxyUJ/Wthfr
+F5Ust1dUVtCNIZ8BJMEcSTvAsnjzNbmHudj0/DiAuXMF4C3uvUncoZsFoKw+VT3o
+FBsLX1QVPwaeXRvzkJu7vJyZBaWxvm5igkpqCni36UY+oa7OlKzLny7JNGg0ZJ5d
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2A A7 81 DB 5B 2E C0 0B 4F 80 69 F3 74 65 99 7C 24 03 0C C2 
+    friendlyName: Policies P12 subCAP1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3B926AC0E223F935
+
+RwLOUodurgoPZ10EUaUobg5vPB5zDoqYjDuRdrDuB6cxiChkZ8vxBPm9mcKpRSPH
+0pahHhjJn++OK1hQgCag0RB98U8KEXuix1lrt16yW/PuXaACx9XXOAgM45SYtXJu
+FlMrkdj16kJIFcM8Za3SMFPiBaxDT3q27+lNuPRmS9kwbZugfqil22GBQaeLhwn+
+Gbx1J0waeXLNFR3maPWcu7mzYajNkJPD93YaHp1/AQQgXEbHmZ05JG8UWpbHBsYO
+5E25H5W1lNi7BDd9OpIVQaOCAwBgyrqtbf8Tlt4F+HbSb+KOf00yS9zkkE9HBo/T
+a34S67e8IoTQwHsC8qabuq3sSK8iViHTFCVt0NCZjnGkXBAzN1pTbtsQE41fiklt
+bY5G09GkO1oiqnIgujGyMEw3Yzzv3uWSDnAQxvl6e+cdWuQku9z4UTcmYkkjRR2G
+CGGtF0+bY3UpknUMHu2AW53bFXgc999JXCCrJteMxA5DYkBXuMbo6AT9o2A2d+D6
+ZXaoRqrwzNr9WjYSIVBn4PW/7cuV/tt22A0EiV5HjDoqZoMPwZQ3V6TgsWojkZMb
+JB9il7iaGBvmkNfHRcTOOYYE61fEzv9rDAiKm5Az8wuYpAecYBPhUCAprrGqXOBk
+bpDVJ+X1bq9EMYpKl27Pexc0rIXCFLh266QVppDzuGBwITsjihP0V0ljishfX2H3
+Z5WSRhSG5chILWnMc9xj4fMsMvNR9+kbRjRFSMupO5pLyTSIJ8XSzUmBYZLNXnaF
+oX2dtDbyCVw8pftJaWDBjZfGntm4Di1U/ic0mmCIT5AGK9sAmSSG5Pb4u55VuUw3
+EyyZlduX7OMArSAHxMmTwA5i+7Fm5CHhXe5Og3Awl3jU8UVvocm3tAMIbiucI0oh
+jik3U/3ZcNJoogzTehTBHYsvLa6ZYkw9duRHvCWalWJO93cfDmlssdu0PceiCRl2
+p1QXkqe1XercJkaQWAEbW5i5Q1UXQNSRA4Ab6SRxRWa06agT++cVuQqeZJdKKzmL
+FxASyjYCi1BTVLcesIKtgyK3YKS1as/BXw4R8Y/XZa/o/KYx33Fg5IcWo64DoLrJ
+XZy9UgqIIfNBZlyqj1Lhf3nDY2jnQlCbz6jRnc3HTtOSWzB7Sf92JT6hThHFbksC
+IQFvMWvcOh+rr1M+kMmmpAv4pn0TbKZ+6XqyvRKpUc/6D3pb1XQ8jCoKSoYvnv1K
+0WkTA+BmP9uhqeQM/DPXxyNLnSxDXVM/prV/Zk6muO9J5/J3vqVwOSlX/d/qnaWZ
+aXPCz8S5u5g1T+l5mAhu6RlA/zQcC99cvocObFrTLcPcmGLvOJKrrpIJqUDxZvD8
+JTUNo5ztAnI64gCQmzbIkeEue9qMlM2iyS+ihgiaYbAS6adtfdpC78nqwcGg2cN/
+pSPbrJx95ydM7MdMiQbxcJXEpWc1iKZ8jBhzZtaKmkwnNNJu2mNDgWhlMILV+MLZ
+ZfWOyJvJegtBUJY0seTv92SR0on84hmpCvNf/ornBIEyeD9US/Px7lzgojV/ST0F
+vtcP1DBx0Rr6D0bu+uq/VxgU7Z5ZLrTM0uDpGh09s0jMqI8lYJouKQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12subsubCAP1P2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12subsubCAP1P2Cert.pem
new file mode 100644
index 0000000000..e7879f759e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP12subsubCAP1P2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 6B D9 E1 F2 73 99 FA C0 63 3E F1 B7 35 05 BD 8A C6 CA 41 B2 
+    friendlyName: Policies P12 subsubCAP1P2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P12 subsubCAP1P2
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P12 subCAP1
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUUG9saWNp
+ZXMgUDEyIHN1YkNBUDEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBS
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEi
+MCAGA1UEAxMZUG9saWNpZXMgUDEyIHN1YnN1YkNBUDFQMjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALcO073fv8c5JQbdcjDww0pNGK2g+usBAvTQmcWh
+Z3JhRdupod8gbYrEkMWebubmwz0qpdnMT9DN98KvBxnvzT1qUqAGv3XcUjLGg1mp
+AaTvkmSxHmABma74QKv9v/D8VfvHG5kzJU0HPlnJZy9yVTZs5pqdpKdE/8SkmtNj
+0fM96XXKpmprpuCzlhvujpi+3SQSbrXFK2cFgcXHsRp+chRmb3bLhg2W+cyU+Fl+
+YUMr24pljeGGZfPkTEmjXBxGsC8hYjwVWAp6Mpf0UavA9esKTJcsFHn3rMnbBZvx
+vgmV1YNRBo+CmUmH8QWceZ3AthN43SXUPsFDmTa5ThAXwskCAwEAAaN8MHowHwYD
+VR0jBBgwFoAUIp7XDrhIzgkOOl2+1k1YI1aNy9YwHQYDVR0OBBYEFMelN6fQ+iTl
+fN/b8l1p2+7K9pnuMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MBcG
+A1UdIAQQMA4wDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOCAQEAS79LmgcD
+s1pCo0RLnthY6dTlCGa1z1TVOERBuf5VWC4mO6UdMZp1ahIegjocC5KJzypNyT6k
+IGSP6NeBN9rDF1smYx1M24mdV0xzQlEG1lcY6fetIvaC/U9i9nAIqRZStNMA59gW
+4LH1ctSlRIoErJFR/DsKkDO0LumnvCE79qs2PikXuJFPj/tD+KnSFNhZkCL4UJKm
+X7g0gXh0y0XQQUqzqwP/VoitGZJZ8ZeNvnQTfeMaS8z4+2bIMzdQN8AyVtSpWtnZ
+05VTmnYBCfFjx5z3f1srHvG84jzAedaN1Kpnebds3wvLW2ud8J/3t/mlLNmgHWFD
+jXYibav3P+Q6Dw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6B D9 E1 F2 73 99 FA C0 63 3E F1 B7 35 05 BD 8A C6 CA 41 B2 
+    friendlyName: Policies P12 subsubCAP1P2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5911C827AAE9BB36
+
+tNsN0h+pBaoaYxjnxOvt75qBDO7vz+EawZ91cOaiBqDFSkXBLNpX+6vlzNFRe2Js
+nooSRFh8snOZxZPRa8bPmVg327TsL4sxVq+fpxEKGdevoOnFlMjTbX7WLYQcz/Mq
+60mDQUyvO+Gp0jDjRxOduCUHvzdB9ZoNmkNFuQ41pxKgJ/HjQ6djXiCb4REhhjbL
+lPEJshawWWrzKs3WVkE4xsFM9qoK1lbQ298XGKtWRdx2aeKjkTNbY3ivDfbMbpry
+deP2eEbeSVoUk2JQyqQMbhgffguc0gklEs2x4ioiHFmzzY12zo+UEaJ/8lHKFMBB
+Lb9Y1Ty2FVlnF0nt3bOTRdOjOLS5iePU0/mxQ6VC8OxGo/E5xDjN1JNvD1l8Z/kn
+Wu6Y9dmU71RYCzX6mO+LkJ0C5F1IuZmQjm8yzVj+ySoTNftryb8H0j87q0Yv+K0k
+Jc8YU3ivqIhwKf6Y+UtlyIuGy4bWv6IdleHeEHLUntMPW8wT9mQVY+PvGioZNeQz
+Khm+d5xTV/F2/2OVFJRg8RFTHwvkt/yYeq/8DvkOVGgowptngoLWJsnFiQS/muL6
+99CTkY1Gbv76JovHtILsWnXETar7m6N0UjvDcDpoWWWsOKK/OjGcUU52UPveL5C2
+tHIu9uT2ZjjPXG/XZUj0kIWVnZCgj3ipBRAIVaMBwx26oQlJVSC4HBSblk69K1Ts
+TghKKVR3tZi0ivkULcvKJLQq/RBXpRqnZUUjgmrHG9STK4jtuHUdkkibJqiEd578
+7UYDtXdRll8U4HfeqVz0X/GEAlsRhHNRCHtJVm6zsp1TnkPGmRe0RCZH8KoLePNe
+2Zi9lHwtG58VX3/yk2z7yOejwanHyMdUqu+bcRv/J60PDIWrvB2uxAzhg9DYFEU2
+Al31tZ70OQRXdDxF6Ap/4KD8s+otpwbGPT6qVYY3FDHTr6wRAeLyxI1pvSzRIVKY
+Qm59iuDxA22q/i2YV2Fn9V2pxXKa0pgfl8yJjpq8bObVSgS+Rcb7VBqLJ2/nP5vc
+BkbVOUc5RL+NZRaSJoyf745XRK+GmEHGGjnT3b/0s47kpZcYWaJKX5EOk5JOgTK7
+acYyT2+HpwKom34EjtH+rhaSUycePW1/GWcBlD0nUZAld1+SEHpb/CZwyD8b635k
+g2rWen1zrJSXRxxyxDEGMfQeCKX9bW8PovbzyHjNc8CRTQiI9ekxgguTikmhFeM9
+y5pM1qRP8faCqsXoZohinGuN1SMAA+boWZf9KSMrDuO9EZWpDzLx3XBgf/CqahEe
+aWuIfUQ0GbBIarYaWzeH0YDXKsjTPChRKEEY5E0m8egB3E71CVMIsHf8Yg+pqpBi
+TpCnMF82ejSvFSueaaiASQRl/+FyOdOOPsxm7FdHjiKy8/WLDCzDymXOp/oy49lP
+FZYKEuJl5K3q4VI8o90KGvbl8RLt9MeLKYI68cT4RhcD1JdB+pzPbVDyf8BYsNFX
+K5cfXVbu1oLBpR0RYv9u8QR5OMFTYeMpoTtGaeqiwl+2812UgYw6dCtGThDHUysD
+ypUueOn7uiA6LqIne3BB3r7uI88ieC6N0pm3cDhBsnRy1rMx6NUWEg2dqzr7J1ti
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP2subCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP2subCA2Cert.pem
new file mode 100644
index 0000000000..e370d68fda
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP2subCA2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 31 29 A9 E0 C8 DF 5A 0A FC 52 44 4C EB C9 1F EF 87 BF 5F C6 
+    friendlyName: Policies P2 subCA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P2 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIBEjANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMEsxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRswGQYDVQQDExJQb2xp
+Y2llcyBQMiBzdWJDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA
+1Xz0YVwI3XzROYh8YMIlBawvv7A2+T/y3AJJ4+yHFGsIYWOnM7LtEfERfkeGQlSA
+g9ad8IFH7vr1ZRl5SdgULBfmHAvEz20vdqFePL8ArM0mOuZU/pNNc7W+MgMV9SxL
+5dpwF84+dLuqHVXtm4HNgl6Ov2KxUcAac88mC5dH2cacGFGSgeCdTlmBioRNWCNe
+L9pTjpJ1VgopLB5ZytlScV5p+NgihrnCkRKZaxwKX292SXyTbKLCr6F6OTzbjzX+
+qOuFUPfrJjMISRlK2K1oa7d6FN8bI0mzc1RKiyLRVc28IS8QzXcyNKoS7wAE9mBQ
+8zTn3YfQE9ml7snMbH5PAgMBAAGjgYswgYgwHwYDVR0jBBgwFoAUWAGEJBu8K1KU
+Sj2lEHIUUfWvOskwHQYDVR0OBBYEFBcs6gO4B3eBPWWlvzMfzHrSmPy+MA4GA1Ud
+DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MBcGA1UdIAQQMA4wDAYKYIZIAWUD
+AgEwAjAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEBCwUAA4IBAQBCi5qkuqZz+Vu+
+Up9cFMNPiH4wEsAkwBs/rDcvCv0yHjpooTNz1Ra91TjgKPnqfkFjO4j9bKQebLAo
+lc0V4O4BP33UgG+jl1zZZVV+vRtC8c3sXDLyQXB4OmR1D9DDol8zgb+NbXn0SHPe
+3a+qmtBultEnrDqIdKl4cgZPKDioiEyBNmORsg/qI3bmmgS4U5LG9QI1HMUmlEsU
+Ccb7UrMih68eQ7lvITV3FRn4x+J5Eq55+gkuWTa4rgbPrjuAoTCHuzt1QH+u6kTm
+F00F+dF0jKW90XMIXq8P7OcUvQwuNERJ0Kn1NXCpyRhNMwW3BzWLT6eRJrr9nU3v
+Prz6Og6z
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 31 29 A9 E0 C8 DF 5A 0A FC 52 44 4C EB C9 1F EF 87 BF 5F C6 
+    friendlyName: Policies P2 subCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,697AD95373C83CCD
+
+sX+rlJImW26DSahjR8/AXFABLT4Sa9M+S8quVK+yGb/1ZlS6iw1BWE1OGOk8k+wz
+TyPZNHjTdbljCInaN+TNqxwkj7QdEdXvPlBdpp7zwnasKVXHfRubnIc2E2EYQf9W
+ydBpfH7r+vUbYNfoSJymA9XusFvIw6Gn7HizzyM4f6oZKxn6lTXRKo0rWYKCZJYl
+OSTTRDrTQlJyrGvBTUN7yoa4PPIY7UqTgqS17FRACIf6rRKlFGHAjVhtb1vpYEQH
+xMM6W+9ZXrn4U5iHfxYkhOXttCs7XQ2+4fAO8A4PihuiajYdITI8vyuKPUps2g7m
+SLSz6al5uVncaJcDeUpJ8Sic07ZXwvLjr3gar9bTMCd6DZtFcRbUq5BhAHTErWOK
+dV9qSlN2kH4AScN0c7T5Ex8dtR75I6geW293cdh54TRGcc9H+MCBIoc1cQa/ixzR
+eKbu1mQ7BDRyInMyLYQR/PU/LYieM4VhaJV8+MC0WWrWAARcEtUeaCbEQnL5vN5+
+vyz571ZbIkET9STEo1WF/+W8U3umO2Aaoi0hd/eE1F4UTpUUrJsWFUASMlHcDfa1
+ikcH1LOR4m2I1ljCXlxMT9oRJBlocyVYjLN+wO32rU8WGeoAgrQa4sRLS/emNYX3
+t96yeCkIZ8H1nAfQtyhioqoCg2fEBLhpewiUexu2o2IknJjyYRj38mV4SrtJSWYo
+whV3SndcmaSWrf4fNY1HuEdzWPq/YdKW4TWm2ptD2v3Eq8xLPCO59lQK9y7rvzk+
+B1qoSFYME5DIWYn+yId/dhEXqqprc3ax3ki5HM7TzNZxZbaYlnFZbZDHBpvGQKHH
+6TQFCJBIzPQ7UfLxFHasc0RkQgcCWKfMM0Twya7GRYqAIcPIhn2a6zQWy358orya
+8GYjKZkif8thbVfnrXw8KKlMrIpjgEhbawD7djNp89cfoEU9ZNTVMS+z73pGiiGt
+SOd+2TvsPI8l199GaxHHEh1tKcxvV4aL+s/D4cjoCZamWOVDQmZLwKWhA1yUbL/M
+h8Oqwn5+FDXXSU42ywOT3geipg3dMLefxHD53D8yYURwDOZq+f0svO65nFuNvxaa
+dTt734J/oySW3hloc6cx26mk2b1V7/Ne1q2WXnBit2698M0A9hBRq+cE8eAdBSO/
+l4JpGP8CNXt5Pr1WuYdSN50ZJBI1XppURb7O0h6CDQ/LA0zCFPBYOHC3wmg9cVIG
+en150Z4D10v7Zd3yM+Kj/chVuYTff19iiR+k567/XlZkUsK00bITAwF8gaFY3LJH
+k3mpmpyuqxDSLFuZDY4n6O9yPuJJIzPMwdbVHCxem7Cx4fknG4Xhaealcbu5c9zS
+sxwOkBKyy8aLxGHMba783VNOgBkIf8tVaffsXK0aUmWJiIr4ZPVBzTtP0v935t32
+XTj9B24T+N25HSdTwRL3HzWzNAjx5Ee0nRyoPltAmdQ5/82JrSniOf7MnawJfCXh
+mR1woS7qLblTx4FYtOOO5qMIhcOf2aF0Rf5N2TYgl0Uf3cSpV0JKFfM5yHNgJfXb
+3PThx6JrE0byyiyRxHiF7Bi58tWkxVIk9m7eyhgS+1xhOmlE4Rxta0AmXTkmW1J1
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP2subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP2subCACert.pem
new file mode 100644
index 0000000000..4e4382abbb
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP2subCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 37 36 52 33 7A E8 77 97 E7 C4 84 96 23 ED 18 38 6E A3 FC 01 
+    friendlyName: Policies P2 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P2 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMEoxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQDExFQb2xp
+Y2llcyBQMiBzdWJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAONY
+pdHnfkkbKL2heQlsPDaTK3GP8UpxbIYB1XqtUGkKluuwcYbuk5IP8Epdq/PjxCzq
+jS+3tTzOFpNKRk1722cL9fszIEVupG0F69OvZ3LLiz7UxvtTQcPHYdBrOmuJGr/j
+R9Qie+7F9teXcKCdITo+5Zx65qrcR2GWoG0kqorbgEg5ckFeKoe+GnMJeR/HyzhX
+LQhi6BnJEwjFCmhcTNkdxUiIEOgNqV5A5mxYq8Q48bTaQTBkU+1UanUriLd0qcqN
+3uT+ZlvFU29GHZ503xNV0YMisbl4VERoBPZgJb5nIZoPyejMkpiVMTMYiIjCpzwe
+4BRFEJJNI+5NhUrReDkCAwEAAaN8MHowHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2l
+EHIUUfWvOskwHQYDVR0OBBYEFF48hHOeMHBycZiugTYZ2yIOfK8DMA4GA1UdDwEB
+/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
+AjANBgkqhkiG9w0BAQsFAAOCAQEAdGtNBQ2x5Q2dsg3CvXxLjMO5Ij7kWTJ//BY9
+2QuZ/zZrVlYdCn4zquXXdGo96fSqJy4vK+ERQCVk9uHNs3jTSoQRN0vYGnKoKt85
+rEeMDvmahO44MQaOZlG13PwlleVy598Cu7Ylis1mnq5s3oDozMau6QZZIljdt6VE
+OernrHHcr4EmEmw1HuCIZZf8xcai4hqcrXw5GJPGr34uU6fedvmaKp1/1WWHPoEk
+O5CAiMmo8t/yeYWL1HmVkwvEwHJ79IXZFi8sIyO/8HCufS6DD1FthFlQfBuYHdjo
+fReXC5SMPIxbpHXMAUPJgTwm6HoO9/XW0WzLxCXvu9pMDDD1IA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 37 36 52 33 7A E8 77 97 E7 C4 84 96 23 ED 18 38 6E A3 FC 01 
+    friendlyName: Policies P2 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,203ADBD94D3004F7
+
+s28VgMsa5ofnjYv1TT+og1HmS7mZp/DahDg+fL1UdNhM638ec1lX/ArpfBiDXhW/
+KvdQk0I1bsRdpdDYeYnUAARhH3Lj45Hnn935CgpqKVrUiurhLdPUel7zVyW7UcyZ
+7CAAtFJKmCXKutlh73IdNP2g265gtzyupMsm1+rHKx8xxt2J3s49IltaDbpFgjPK
+tpQD2SlxlJbp6QY/hMktqd3jojCz8wh3WZLEC1Wj1zGPNgl5CNtebyb/8S2itoy8
+FbV0xti4shjNR2MQGAw7YYT0B+cyt2E9duv0zfRNLzp8rS6G9wHe9wPtnga+Qxnb
+ZPe7kvQrbxKBZEqKeZKmtI5pHqb1HXNnr07FvWDWIKt0H8iHTzd2hv5fA7lQLJEN
+iGdbl8GzJpANq086bNvnZW4maGaa62nMiCm2Ei/wLSRZ6Hv3HZ3ZluDDnOaW7OW3
+dHH9V5AwG3uDLvTgZDGmixcv77BKAdD2Arcafrw6Ii/XFcLHVn3FvV6xrVP6iY7y
+7XtIt0U22jXBZdcLMiw+f62EZo33K0HihkHEN3jfSMC76e/hgBhwh+XwxB06KvG/
+pqgHrwtQE4hY5s9Pv4kBucpl3CTYieD9VT3kQD6q9Od37q0HHWl3xqX7hvM7K/pe
+mkwpd/ellCR9nrAMuAs72xlAyJ9zVd/OMXA0NxzNxMplOiYG2WXOUAOqkTLt0tq+
+8ILg9pttE30zVHhjpVTZnGyTYrLKGnxU9Gu2QwGlKzBt6mTsT6PY2Rp0hR3RzMSG
+cj97CRBZP7l6TWBYahoZEXkL3AXGfGJd5EkTOnX0PVOe0JRPVd2Hn4AWc7uYtGr6
++1vXFtYngq76dSkErvXwKLbdBuvllFnj5xQbmcVv8/nvCzAmdhcIKDUDhBvZSYno
+kpcBE+1+Gkg74drj3ShYQ43z0y+uyKOb5g3IG5BsEhlEK7L7TZ7l8sFilRhY+oMJ
+g/Wo0aiLk6INFR7CgH8w/r8R+4uwwXIKoS7BvyrREfYJWaBicEld+AxiWNWS9Zbq
+jQoUPHup/cRrX4IpO6eMmWOT5t/anONjWuQ60ZzLVLi5pSFSKFYO2mMcZyH+zsNV
+G7xYMFkqeMr48xEjQTMuk+peXYAndmvy2l2Z4myFvjttNjqmMqffo2+iD0UX/jmh
+fzzHzxvptCdGd2uNGw4800M5oF14yI7GGAF6IqueoyNdnmRUujonThFvzKUe92W6
+GPNYtA9V+QN/ZJ4BoH40tb4L4MFdHWtS7ZQiIFdglbsHK+o1v8ULfz1amjI7XCXv
+H78Geg4CXX209lwW5ZXa9aDYWsuy1BnMhs0xqa3dHvUf5N3QvSuheljopo9nS7Il
+FU6XbKnpxUHOkJlJRggFK35z2FFe0lpJIbDBl8Zt1CoXXcSXL7VyCPxtQdVgrygI
+a+OPnMQ10ibIksGEbW67j5iADURrkN/STXToV9d90ffgsAZFH0isr4Dh7FBq/vn7
+djqLZk8s8uIjZD7iYreETwhdaS6zy9UWXkgblam195/AnA+qdUZUFyTXtRzII0j5
+UGIA0wo3HKiU/B2oZMvaErkV3sVgsz4bLN4Zs6JPIfYh8MEOBoSwIy5AN/ozB2b8
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP3CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP3CACert.pem
new file mode 100644
index 0000000000..9155c3f497
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/PoliciesP3CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C4 72 AB 1A AC 9D 3A DA 8C D7 3D F4 EA 8D 94 4A 8F 6E 61 CB 
+    friendlyName: Policies P3 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Policies P3 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBJzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFzAVBgNVBAMT
+DlBvbGljaWVzIFAzIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+4HTZ2qzQpYWTz2Y6/AOG/uDqyc7uIc/bltDD0h+0g3c2Y1cK2couvrTwShS8gxcj
+2va9m9EdMuex5Qk0kiekGoKNmWokKAKxTmVeU8fAgcPz7NJxLjsF4YX7CVVeB4+J
+YeOwT9i+4D7qQ0JjZfmZCqxJIqWKpW/U1C43QwMh2TvJ3EIAFwLpHqQpZanugNJZ
+Ljf5Jpntjn1dLFAvk086cx37dNn1nsFzy4pOpzSfMYK20rHK0VGtyTHc3AMR4mjm
+q2SOv5Xrnx2uI41HNxk5BHvX745TwS3sUBMWRTw2G8DMXTy1HonZxVc84GWDW+04
+RSpgPoh99Inz8xPTTNOTgwIDAQABo4GLMIGIMB8GA1UdIwQYMBaAFOR9X9FclYYI
+LAWuvnW2ZafZXahmMB0GA1UdDgQWBBTYBassoIvDktzGrWo/v/PGmOXc/TAOBgNV
+HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwAzANBgkqhkiG9w0BAQsFAAOCAQEAXXC8Q5AzwLws
+Cynt11pa7Nl4I15DzEd661tWYavZj5o0OH+dKdu8kGRaH5fJi4th1oWdJ5V+y7OF
+XivnxP6fZMZy0CJhLZhoCm1O7y6BsM4PMOFRgZ7kPNgoKTaT9tMmGXTJDsG+x9ph
+/Ro4xL/ZAdREO+fN0r2LmyTZ8zud1D8mV4yrWA0+HLj6MoPe74w5JRnjI1bLp/pX
+6Rw5EwoYNKrKjMp1VutAEY2ZSdKgdzP1tVnMn0WsluxuzQbLMZ/Zzu8U+HEGsBPv
+nYWynisQlZsxqlz4dLqD1FuXv12GExxQSr1AbBJDGcZZg2D/QbDXT39lYKnjRl+U
+J9DHk++AHg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C4 72 AB 1A AC 9D 3A DA 8C D7 3D F4 EA 8D 94 4A 8F 6E 61 CB 
+    friendlyName: Policies P3 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1EED1D6BBF5F074C
+
+mL1q7sb93AsGkMS7OHU3oQ45uCR8jlqS4UQ1Vsrk7FIpmFdMrH64USyIOidqT+m9
+ZSJQbNcv01afMqam9oOfqeEcnWk6oniiNDUpl5RO4cfYXtzcvnqJvOwRqYpT/2i1
+KgpfERAM2CxDlvj57L1qa6znG8+cs1+Dht4gpZ15uOzeKg/NNhq+JLMQDOJQ6MIi
+BcO2OAEw5wWCZd+K1/8kvdFPZK3sSC8Cizy5ktHR/OONbH8BzL3RvGnFxZMfQ5Dr
+E8Z+KysFZaX9ZbNYowkT/IcYxb7mwLBtk8owDcBfSFb1bwJD77rEbydxETIjCLyF
+VcSMshOBu31D+3/VuxWFKhrwXW3o6VDnkmoK973ckcfpbJBq/xtFzT7CaNbxEkPN
+wGZzbsfqZhgOeXjBdxEmGwY9RVUt7JUQXj1R/5z3kFzwehWwfX5V/W8gkE07MFQW
+7IQGvkBhj67xpwh2eK1oLhaJRmU/Bdhvw3Sg2qskcdzX6u19FEryGd+WGkuHnV+u
+d3TKTXbUrcZqeHt/+Y2s/6czgDA+3NOUd1WN5CRSerUcCLdemC9KWB/zLruLoFb9
+6neH5V9rmROoMu3eJWdEQTUgYrBx5z38e77Ya/u4gJY3h+kqmsaDQxNLPLdJ0DoT
+qa/JGIXdXlscz6xH9DIw1fvpvq/oNASGk0ln8LFZ9CAE0bA1GxMbfdKgPj2h3IdV
+IrPwwByTurTZP1LLL2z9xI1sqB5l5eHqvkv/QbrG1NS1X+nbHRavQBLQD59ibwsU
+wJIyla5X28e1wI6Jd0zyQamu0UxAumIBz1Rlkp1WN6bE3QR1xwvNu+zEFKfn/x4r
+pzXo0nn8yxEP72/LwBxp31ohl3Km7p13nLwx8IRQMt7ifFZsSFHp5dLNourpOcmh
+ACYjKDwTtkaVx8Sq2UnCp/SWq8ueA8984zZuZ4NxTYkrVx4LWelGjArey+FCdODi
+f6iPz16azcS2/dl7SzwjBescepeUo7w76O2xW8fOjksJ0gVzzNtzH1wKgIb698N+
+WzNZBsxSmg1Oo/fW9zDIhTbCH+HmojlNgYc4wUDK79Vll0H/nizy7Dt3xkT+GWIL
+e3aZLJ12L+0db/xwlIf2s4uKNhuPLPsxWp/ecOt+NEeM6jIuS4Hn9eSQqv2C/M5D
+6VQ/ZKjZpB0vrh0bmDOJG5Ly9hzITDOW5Ryh0q4ahDfoQwP36rhfG6BAIHTV/olG
+KzQUaCvUk/154Nh+kIUtj6MlHKLa4kVYgHGR0AdwZ77QFtxr0Wk8vyhydOhxVbj3
+TjaZKpcgtW9RSIsIHTwR9Yl0Wx2o+/s117cXasubjkwmkofBXzIYpqvrws0feObT
+w+KXNvitg4LLsoRjRNHCKR/5iVVPe2bdST03SPhNr3SBc8RgWT2qEBHvgQrYASTc
+v+lP5Xz3vkcTVF3G9Dudc09eGU1OBeccXd8rdITTwUQLBg4s1z2B22TZm+ZcBdpo
+GeWR5oAKoAKBrY+XJyagywfQsw6PXWfWMkvL09aGOgK52jqGyU4tuI55IisKxfXj
+vRA3dYxyHN2rQXv052S3JRWHv1UVbHWmJSXkpGKQm36iJLWDI/p1GSHHxaBofcZr
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RFC3280MandatoryAttributeTypesCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RFC3280MandatoryAttributeTypesCACert.pem
new file mode 100644
index 0000000000..af9bb596d1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RFC3280MandatoryAttributeTypesCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 4D 87 16 00 23 A9 D1 66 F2 F8 4E C8 0A 4F 9F 45 FD 37 EB F1 
+    friendlyName: RFC3280 Mandatory Attribute Types CA Cert
+subject=/C=US/O=Test Certificates 2011/DC=gov/DC=testcertificates/ST=Maryland/serialNumber=345/dnQualifier=CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID0DCCArigAwIBAgIBYDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgZMxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRMwEQYKCZIm
+iZPyLGQBGRYDZ292MSAwHgYKCZImiZPyLGQBGRYQdGVzdGNlcnRpZmljYXRlczER
+MA8GA1UECBMITWFyeWxhbmQxDDAKBgNVBAUTAzM0NTELMAkGA1UELhMCQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUNDElMAVhx/zv4YAsDhenHhRX
+LtmaEBOCTKqCQF+rRfQuf9huc18yfKyylxeh/InZ2lRIsWDl7CSEHmE+mlHNt0xw
+/oei9oPMSrR20+ZN+HqaJ5s4Ds3FNnIjmpgRlOPWokzqqCJ9Gtyu8yKL/cFhbiXS
+YaADGz/ed1FqeiWuvfDKyaxPtG3bYa0Jq5iMuadfBQ3rdwFyPLaM3q6rNkDMrFtE
+Whp34TooxaatF72fQKphvamcnf0QNhCpTQGTjxrdKtGOwI/zsuvSHmm2IsfP5uqT
+DimedyldMhnqVomyNDuxfIUzR8y2Da6/UyCEEU7MN7LEAXaRD2zhLzF+SQINAgMB
+AAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQW
+BBTwURhi785Bx7ewZ3RrArwyCjOZ6zAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBACdlWQg/dlqwHgvP2lBoyEnv/xsOOACG7wzdNrK/CZzYL7vQ3tWrdVaPIEh7
+B4nDconwjPuI61JiZv6kS3BsI50jVq0uIEYcYBPVTZIv334xnqZDyFa/Y65dUdhU
+1Q0wKBxFNNlVo2dJDhlEjHAtUlvTDGVkCTk8sz4qsrAmu4KXC2ypEi6n33EuxF5+
+D9+leUviMx88AEP7/8KwHTUtsHLqvzxCk3l2gt4oY+EuY7+hKGdvvkVev7LtX2My
+5UuWkQ6jroQjHZIplTyOUdM5ZfbjMhaUQjdmJC1A2zNzSzhtslNWWNjKEtcceYt1
+5lfxS/cBIzJv8qLSVwsd136Wa3g=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4D 87 16 00 23 A9 D1 66 F2 F8 4E C8 0A 4F 9F 45 FD 37 EB F1 
+    friendlyName: RFC3280 Mandatory Attribute Types CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7C59D422931F29FB
+
+pAfgaxWooTDOmfaFUIm/eDzARkqyXWZcw7AeuE/ZC0l9FYt2qfRsIhZq7FujM4Od
+b6WS16nVPIJsQUDRZ0zV2DePlpW4JJgbOpNMmXRHEXfEVTkaZ70oDJdMSDCovp5K
+JG0ajomEcA88vtSWp2hjbK4ShSXcuHcm1nEdVmmvOZOG+43GW8ornfUcvPH6kbc/
+gWOHNTnZDndTTE0qBPI88fafOputHhpSLZUjTRQEPBk1TsnKcynHo+XR7pxCV7qa
+LvHw8gEZ50hIaAa7Gj1cEl9ito5nLSEIECKyB4b1KN4kS/kDIOi2b/XiNwJeS5U9
+WCJIEakbrodLaY2YZW8aDDEsPKxYoS9YhnPlMyY0UzHy0175GVH6WVohKpHCQLC5
+qIXQBO0+too14txu5CbSWIDT9W1TN0yrXmTYIHhh60CREdjuVFq5pq3kZg0FDgza
+VTqPMlflzmChhTfQ1bxtGfPdKQd2fydzdR36l2C1qOfj32rzBVcN8NrO7/xc1O9w
+R0ZkYXqXIY/68zcGrIFIf/mEJ1Roi2FEa3AVV3MFmwpL8SAC9kHmj7qKJAGcXl23
+4XetVCMIc9YleV/CCWJ+0RCQLnFrXcljEOEHDSGyoGChGl0Uul9Fb2pfq5lOy+bT
+8uI9R5IXI1eTuDVO7t+muMSU+YHCtsOBLx9JJJGAphvgH3N4q+CWd4O9bHLrissu
+3BRTfGo98ndrj16q8vN/qy2eJEpwKGPLsFwGVDNBxbFZQ6kTJy9UjkXLCSH5pv0g
+fPdaFlMMiPyWU9Jf5YT47MyLG1Aiv7uwxtZ/t3Hp40h27EJXrkcbWLQcW4qtvjjS
+PzmvZSO7HHh9xKhqr/D9YJupoRJLjNM8VZ62R+lkmD1lcNdDH343M6XcY8or3Oru
+Q/JFISSt7IqUJUEVT4oj0W5cAsOj3EplZ892XxRWDjd+yeDogo4jiTrbjPQgG4bF
+LQIbWRZwlLK8K801Y7GGFUtJ8o/gwoYigxm9rfMVigL+vncR2vHf7osjXPXVKX5b
+mkc5/v4rgDR6Qv4TpHdmuiBFtzoITxwl24nKwh+HgMLzd1dqYA/TCv9NCvK8nco3
+9xIz8F22960phiE7dB60QoJSq16IeJT4A89fEIDbdpJUyJloZ0R1TzxBzhEzyxRa
+KO6126UDvdA6cJUDb8AnpZiEW+DnBp9EmNGZ8Aa5XuiKqyIISJ5Sj3BrsnFgdyvx
+hh3dhZxmZpJ//z9MYq7e+e93KYg9c6RPZqqPF66wcMiatk402ItJAgmGQYWiQPt0
+EriT44dQg6e2WMKcvVtoQtoG3AJL+qjr7bhjxIU0gH3ct2PdlTLVEE/8BrFVlFK2
+wVvawOfsrYeF7dV1qBUnSDUGuu8tore1MkOrgsxSkSW/VeNstY6bZ8pbY/HuxoGe
+ZU0BlHMVw6s7jXLjsXsXSyWvb/FREyIw3tgDfb8OpFYgntVF/jVq1wuCHzqu4OdK
+Eyk7GA6F4GJDeCjfANsf2IFG51hEknaDDrjcRq6mnf3Fx96BM/icoCVdxMOOAQtl
+BEUwcAfgljViXl5EDjEKVzlGD+KNTxRymTqNvB8+Est8xfXFx6VxKA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RFC3280OptionalAttributeTypesCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RFC3280OptionalAttributeTypesCACert.pem
new file mode 100644
index 0000000000..2f513ebe28
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RFC3280OptionalAttributeTypesCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: DA 68 43 8D 10 7C 82 D5 84 12 6F 02 DE 4B 7F 0A 58 CC 97 86 
+    friendlyName: RFC3280 Optional Attribute Types CA Cert
+subject=/C=US/O=Test Certificates 2011/L=Gaithersburg/GN=John/initials=Q/pseudonym=Fictitious/SN=CA/generationQualifier=III/title=M.D.
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID3DCCAsSgAwIBAgIBYTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgZ8xCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQH
+EwxHYWl0aGVyc2J1cmcxDTALBgNVBCoTBEpvaG4xCjAIBgNVBCsTAVExEzARBgNV
+BEETCkZpY3RpdGlvdXMxCzAJBgNVBAQTAkNBMQwwCgYDVQQsEwNJSUkxDTALBgNV
+BAwTBE0uRC4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/fMlDz5JD
+/7MBJmlwT5o5VSaKNzR9atn91c7krfu5XtXr/o5sYmEj9KjxxFi6lj8aK2Cg/euN
++pnkVq+hDpPfGCpH61mSiEqTUl0IoNGe4OvOVzb4TSJdH/yK1MzWp/j+dsad/xk8
+nvkjKopwAnEDBysTXO6aBQOYFvnQjmCSGBI10Ol8y82eBRIbs6YJOUWNwcM1lbPv
+Xrv0xQjFHKTmUQI+FdL+GMS0bA9KyKUrNaJV+wjkUHLl4VJ6KqfXJHDdlljnyIuv
+I+aiCPLKSRlvyno5Y6TqiNEfSt/TZ5NgULmuRVN0Co3vGQ1SamZktsVMMOwezYfh
+HiI/iqJlgxPDAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZ
+XahmMB0GA1UdDgQWBBSbbm8/iqf057WMMVvOmUuRHHx8vTAOBgNVHQ8BAf8EBAMC
+AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBAAj6iDDC+RKlBUsSdZe8/5Equ2UzaVj2P8vP/zYIsxWS
+rJwFkWh4tzgjH73ebe2IgZ5J+C2TvQ1jyfAOR7QulIc6Sm3izVdPLviV4OYA8goi
+1dWKfxz4Aj6FATriooSFmH04ovaFUojUwdqlUkVJnWZTyLrIZJLMrIeP6BDHBjHH
+R3EivHM+Wrz3Jv8s3+wA63dVTfDRn/zC1ngjUvbaQc1XFZKl6nuRFB9EyCz2oAV5
+EyJqI8K12JJqeAwdOSg//FhTS8tQPrYe1XHT8a4yjKj8HXX2PXl9l1N9gXJ1+T6f
+Bmlx99K0UFrm5Ty7bfhLgjKoaBiFKjiLUDLzGkHaV6M=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DA 68 43 8D 10 7C 82 D5 84 12 6F 02 DE 4B 7F 0A 58 CC 97 86 
+    friendlyName: RFC3280 Optional Attribute Types CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,31CD9641338E51D2
+
+4LFuZYJt5eix2uTc9RfL2KQ52YS0Z0Vwo9I1BD+KECk2HxHNsaS4YaBmZGc0ddGZ
+bqVfCQx1Ri356spgyqhvmEBG4MvAsFO560/AXErLmABprYqokxxsRcJSTppfttW7
+ivjDcgAFItOkzDHnqigvKaKmJMcSHkzuJcxbvplMP5MoxuPaaq6sC6u525ZoJM2f
+B9hEqjpHcCb/WmPL0dHXt0N4Ev7kJb17/c255z9NlUiMuC1YQ6sd74QTofc5otsa
+su/NqmoRRGvE0bErU5ELiUOa7c+uqKSMr/Cff4BghTW8ZQRJ+2xOAejeqyUgmqdZ
+heyM6znc6kF93NJgJxxDIIUMTla7fjWWI25s7Y6F6NHO3BT1lGN3yresTY2BPKoh
+1+ahTdEqwEb/PWdYoJO6bZ9cfUCAA1UD1whQNwmGhaXMmts4FxTwVRVyjBCU+0JU
+TOabA6vfUURqzy/WFSxKSJ6CL84HAwzebkF0yZ9nXXMqGbi3GO9pAWxEap+ekEQ7
+gfYzhepUjAvIVS6eWQtv5cyNrvOtBkRgFAna9SvEktrp/t5njusiu1x2afVq6g0e
+ZfVvtEMpP9O2rpUhXyDyLmgxPss9fpaM+b44o7SeVF4RnzC95YK/QbX3KporPKp+
+e6FuVkGa3/H1+R1XoXTa/xdrnuPNxqxDpdAs3W001IIRp7ieZ3TI3MOIKVvHaQEE
+mVR2r5pFo5ZasWCZ14RiZGEbBSo201g31FZQJIyFtd7f8s/ThQolFz93gTnxIGxA
+wo4EsuVYEdjjUf8Wrbv2ARX+eMfZ3P+y425VXx3XGVwatKtiL/QJS9BQTGH3Qezg
+GU8g3t7YI4LKJ0RfYAG7s9yT0kxOQX12GFbYTnjF/X02pMYyMofEofwENJIIdWYb
+cuvMk2KFnFixjXGneu+sdfdsmwwoMu+D0Y6+eydHhdjFc1XnP3NKYjRVB6gHJZit
+BePcPvzmWDDvrehGkdY4erEjhaE4rl5w8wcMIkufb+g1b8szK6aqo+auiq4glDc6
+jlt0eXI+IiYEm5hC+BOpqPsrcnc7iP2tknNo/yATP2M7VvyKAffCyKMzEldCC+zM
+hu24bJ1Nc7420u/dbuL0s3RVTN3cR7vDiKc+kmoJjLSn+4t7OxX+bl+XYa4GZrZo
+8fn5l/dV3JIcQsV8RFgVJRHbQj06wfEgX7PdxYZwhCK9gdmqKqdZSMR3CXk/3ifn
+3guiGuwKgk3lVh4uk33r4XTl0vlTKS8vEBGOAA+poKoBJrlX35Eujm2L/E8u4BKM
+UObcSpXsMF1Tkj53dWy7SSUAUXWlaBwcfv/h1iE9xnbfdUwZy46TpTbqD5WhfHix
+1X/set9NxVjlWJhPGM1nvwsAtJt7Hhr7M5fDb+yc8nVGL6DKqMLBNErjVwMcLb4I
+nGX7IeOLX8aCxd/OMgsKeNyKipVSEOEibrCN0jOeg3xm+QbPCwqBeVJ7lLxlO6Kw
+riCD7+NFnOR/P650PIP4Q61/CqilpHZDSLY/SC48+iXeMLTE/ImAlETkvVyhk2Xb
+HWLHptJS6GgkVDoKllPcoPziHOctIuUG1oRxey+Bx33OWBJ9NU749By0b5EH8GDT
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RevokedsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RevokedsubCACert.pem
new file mode 100644
index 0000000000..32578b0876
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RevokedsubCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: E1 41 83 40 CC FB 1C 3A 07 07 8B C5 19 5D 89 0D F6 2D E0 65 
+    friendlyName: Revoked subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Revoked subCA
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDfTCCAmWgAwIBAgIBDjANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMEYxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRYwFAYDVQQDEw1SZXZv
+a2VkIHN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRilogkM
+H6zEvQ1U9XzZKWJeWbmtND2B6Lz5wY6wxo8EriHm7A3tZSrctmPwDwy5WBVvhG9e
+ySTRcoa3ufPTDvYzigh8x2pSUM3Vgp1GuW436kiTkWdM7kyxXSmgMJ7O6utUj2Lz
+nb3/X3XTA0j7AY3Fd9hLa9Jb6QrQYuzR6pAQkB4aiP8OUW6w/FBwcvR2wtDk57Li
+0Sx4eF6oebCkd3Ao5EIPlWhqqWeWRfx+Rl5nSuNSIUq7ac0czQBk+UzLCc7Wo/qd
+E8jc0v5IrxBEcXPtuSAPX5KvMYTpxoChlxOfBwLwAkmJXwvDV/KhREPhlFvegZ6Z
+kneDbUE1zigd+QIDAQABo3wwejAfBgNVHSMEGDAWgBRYAYQkG7wrUpRKPaUQchRR
+9a86yTAdBgNVHQ4EFgQUlm+SmaDpdnS7X9T4+xnZzx0FoO8wDgYDVR0PAQH/BAQD
+AgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQCHdQQiC/69bsibnkOyswShah4+Y1vm6sf70vQCnKcA
+Rdj6I3NEqVBO4/nFkDZIr8ItbU4QfbKGk52NgcQIvql9dWO9CpwTCCC2tgHFOz/U
+P5bjg2Y0iJaIBA/QX0xcwQs0cG5PXgcF9ywRbodQcKLnqdcInBA+fslFQVHuk3rp
+ZS6juDwJUs/AkB9RBjh3APvCelvjMOb1W54y/vUWP8DUJraHrZeoH6s51USu9cXm
+R5jRBIhrXD0Zgu2TDfmsYVY2gOGADox9Myx4LLjrfKkKcKTHGlNOkfwiEL0IH6To
+ASg23Vl7PA00Roz/tqC2LuVrnu1QVmnNGQgDiFqktcl8
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E1 41 83 40 CC FB 1C 3A 07 07 8B C5 19 5D 89 0D F6 2D E0 65 
+    friendlyName: Revoked subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7CC2FB6699EEC94E
+
+SSAqsCQcBeuyF0pejm4wQwIeMMgi0KxnE0XMlHu/9qfv/0ezDDdrswP//EvrFMh3
+ZtkaA0E+MFnUuhRa2Rhr2+ufK7xsgYPsKVwrWEu8XFE5QfCQ6VHa5VtwSjYp0/tM
+2VtFCsXkPT4JHr1IRfOwLzXR17/OVGOjwMZfrfFzUhkMUCUpVrAbWj1WNBgp8v4D
+4ngWedE/dsRmuQl2TDx/PY9ZOq0mFSikOTzOT4rRsztFzKFsAoF9smjz9+IOwvgr
+Da8HTxjWuk7WyJJrfB+qRWSks66+/QWEL51OqIsqpXLGFW/N5tL0sdhMqRTf1VhM
+G0zVZswQRenz7h7aAIex4TuDKviXEJhMUOycpjsYz3BzNtgc242+LMz0NDoO6hrU
+jzfWtvmrACv3aRWKLAvXBBRV9JB7FMEAc1J67X8rthpXI6Qdc/qU1skDBgLL6KFP
+IzW6zYKcW9+nfIU58a9fZXKgHL86zBRhXmQAVmMyRh5Tn2il8pefimgDupr7HA9K
+lgY5e68XxVeDEjbVtH7400DPlBL0uJUTfy50x3asSJJIA462egRJfP0rsxrQn7k3
+NyuzKYJr4Ga7ltXzPivw5fM+lRNYl4uMiFVmpaVptepS5NmdUhXTtXEO2pUkKFVQ
+P1UUc+pEmfywBLYn78h4LuOKsOein1Zg+QsfHqhoNMLErHs9X7eOI8cMCpvFYHaW
+0uri2IU1q2crBf4Q0NRooH6c7yjMAYq6Cgn82s4k5vAQ+qEae9X6Sebl+Fie/hk8
+eVhG1ki2DHtNTSBD0nodjh9OYApGnERh8SYSNpkmwtaR2n1Ht+N3Oq76iqkYGZda
+6meFubYq+qLzITdpqPppd9pbDQ2Qhvn07u/wStPAnrrTfTlpYf/AvsekRUXeWymE
++7gWv5X0QyVDHBIPR47Buj5bpoTzAgTMZdTypo05jCMgzGo7YcrYlrjEwXbTRi1H
+gfDChou+xksAPe3IOnwECIPeVF5cAtAuLaE9K1YpwZFjDJRr+1+Zi0zRqBhiFmau
+U3V5AKvqaWKhJgsfbqn3mbi1BWr5WN6SLjpDJiH50x9t0bQOxbs+I7SxyJ9GnNUW
+DMhLo4zw8kLPbMe+pcfgHvatGtpA0TJ/+aLAyDLKsKqvuXD/rQ575s5iVC0+BAVy
+MS8zbPf4PJbX/m+6MtaQTlyII+LGIK4UN8Hp/CRKPJJLDLUES+PifAm+56D1Mgpw
+V2a22kE9usvhQPQW4yO7AE0eSa1jdyP2PAdjcK1AjgboStHJLrvlIOOf14dKV1uD
+LzifkvZaei602VSxXNPeHzb2XP2QY9vaNkxqSmD9lzxURj64g+mCSPlO+aJ8m52a
+COLQTfZ5CEiBGgjlTdZKy8fFKgXSr9Zujd1oen+N/+mJANbPZIePHNhFYgJ3kMEt
+JiPw407COXeFlX8idmuuNqf7KceA9XghcC9wd2Ezrri5pwAtQjxpGU5RuzQrRMN1
+2khmYv5rdVjcnZQPwpbf+G1Sq3VWCmitJzgqKfJVlFBtwGL1dMDZbvlGb7jtSh8A
+rMDq1/wvncdzBW78t5oPUceCaKV1dAdfGImb4fLsoBYvEcsXS+h6atPKkDZC1bdf
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RolloverfromPrintableStringtoUTF8StringCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RolloverfromPrintableStringtoUTF8StringCACert.pem
new file mode 100644
index 0000000000..17e4e8259c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/RolloverfromPrintableStringtoUTF8StringCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E0 D4 12 A0 DC 4B 51 3E 01 68 B3 B7 0B E0 32 00 08 50 CE D5 
+    friendlyName: Rollover from PrintableString to UTF8String CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Rollover from PrintableString to UTF8String CA
+issuer=/C=US/O=Test Certificates 2011/CN=Rollover from PrintableString to UTF8String CA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBADANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJVUzEf
+MB0GA1UECgwWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE3MDUGA1UEAwwuUm9sbG92
+ZXIgZnJvbSBQcmludGFibGVTdHJpbmcgdG8gVVRGOFN0cmluZyBDQTAeFw0xMDAx
+MDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGcxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+DBZUZXN0IENlcnRpZmljYXRlcyAyMDExMTcwNQYDVQQDDC5Sb2xsb3ZlciBmcm9t
+IFByaW50YWJsZVN0cmluZyB0byBVVEY4U3RyaW5nIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuEETE+kVGfvnJPPJHUxpy7khkrkcBdQPlj2HTZ9i
+LbYRvpIAC+Qa2lAVwzAwshljKfoGD6ZuL0sHATtKDC0/+iyDTOG7UJCGesmbO90Y
+bgLR/j7fT9RNMND0BEycIOhBukZ4FkjKWU3+KFjQjMa9nUGECoNXyjYnKTAYj07X
+sR+rsMgmzRm2TzALDArS6D+toFAs8DbNbtT882ZsE1h8O9VmN5GkWzrEVBzDGiKo
+GUAt9P/ZmNVjx4gW5pB0MxacAvK+HxohxcF/y1gRZ3zp2dccZiirFK9GoCst0pDM
+qqEgDRyTTK2a7hZkLtmVRNp2VIh7x5+hk41UnOELKoRErwIDAQABo1UwUzAJBgNV
+HSMEAjAAMB0GA1UdDgQWBBS1bU8oP8e7sZikqaXQqFteSnSz5zAOBgNVHQ8BAf8E
+BAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IB
+AQA4KPELZ6+9+ZDvahZzIrH+QTAWJg50Y4xbi9Zhs739Q4F0TGrzwvXIpCcTY5iC
+IrIBWHSqiE9cEEShxnY+sdGdAgtW7oJdRnVl3JfuNW9moIueVdvk5CbVGGdMzPIu
+FfhNwLUHfpSrUKek+nWpWPIoMpQCmMVbIXVMRbjL7yFJZB4kNxo1650+Er4Kdjzq
+TnedRp+n2+Lm1M4AxLUgJ/StrD6b1WkSjI3LgiqFLxdwOeH/Im99UEUyTulhSUCI
+ZeoOali6JrtcsuMwtE0su8xLuEuHgCuHV3rh54ekfiEFmgUOuviiUSoYU8WoFk0O
+ds/hkFuM1qLbRxFJU4h1AfKz
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E0 D4 12 A0 DC 4B 51 3E 01 68 B3 B7 0B E0 32 00 08 50 CE D5 
+    friendlyName: Rollover from PrintableString to UTF8String CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9DDA760B90D3F5F4
+
+odK0zz4yql9kRhptAZajKhjn8Z40phPXVyFw7Oa1H2W07aI8ebO7TFWG/woxEZC+
+AIx53YZA/Wqu4w+rSGokIXv7CMMmx0n1h3YGYE9nbS/Cvtqr02NF447J60Q8GGl1
+GRrOhSacfge3pKkdFZRZWgQwgcJgtZqLbPZI5rGkrqTc6h4AwRIhgNp9NdeSqKSn
+T7abY80UwouSMjaefqARTomvPihqKnVA3SZlKXkxB2Gz8elW5UP5MfWuZZV0yBqq
+NtegLaWeLKFKQOr99t21MUHFTD6vH5ELQr8XDHfYdDPTaMirhfySo+oUSa5ueE5M
+x454cqPbxPJznKoQrAXtfLjRdoFPSN5G6s4paVP327cvHmtIOD1YYgwEtG77H35j
+52lsSz4SOyBVWL0UfdnrlWmY3BaAg+HtfwkaacN+yFiPA/Eirgp8ImWn03GIbSwV
+3Lx6ztmIuDs+ma0n+miGAtJrC5rmAW9tJdwE38q4K/tG5UBASK7D63zm5/z28Jkj
+Wp8D6pmM4SnpTKJ4icARvIN2/BciEiuAUtlmqJel3YJhCDwcMbtdv1r2hyJSjwNx
+d8YwX0HHvQrWU0/yxUcC/aZ/yonRZq3cCujcQlZTILFFHm2uqkJGwHPi+C3TTctw
+Ct93ALYTDlq3YkIQwRY6jqluoDs4YgYlluE+cRv9a6+BnifwDeDnBikRFDhjEbqr
+SpOYNG80P0e4ifuKgngQUuR71GkezCJ633lyerqeG2RsXDRwVpbK9279uEL8IooN
+H8Ud4iQ4kXYUFDD7wRcUQy8Rz/4+DI6cixxhSmMR0/2ljEqDdtWpElnJQXoHgISP
+kY5vj3BT4WyH6xhWbImRI4BKLHriPT8s3zzE4a0UhRsy1YTvoKBp3//JQxx9drb0
+U10OFHOQsU9+dpdGOWmdUhBDdPpOA/iE0CBjwgar6Z+kVmRgiA3YkFI7ezbc4G77
+2Ep4ZD5PLEqK/Lh8MjXY8ysok5Ki6hcclq7R2XyHld2K4RxHIxidQybjH+Rn0NEB
+8RKF5ID5jTKaqe82ivCGpQ4NkbyqS5Vs9iml2yESOzQt8zKDbpoKO7WixBBWm0UJ
+FdRKek9xZj8gBTDLnDgDaXXLy2ZAmuYHo+NNbjbkSaYx21LJ37pGqL00OqMNhKVQ
+vLXaDHVrDVBqHKfnHlULNvR8tV1BH+BplyOebwawojgqSSwlIUCgkg54TC0TFBI+
+MpT71vFv9WzHQwGID5Lzxd0lC/I4osSCxERF2iZtyTdfWeSO8hbSKRea/jdt+DEc
+BPMe/DZuV/QcvrLJhcJKD4Twp6LYyLp7OxcJBaHoBajIznIN97d1VTn6PFYdSIHg
+exqDN/bULO6J/9gLrGlv3HgJzxmG9Zuk3xy81B3ua5Ke7/wkNIpmoInQxZuCH5ES
+x/BdQv4XlakRy3Jw+26sZQKAkAV26YAgj1IUTUUa8WeHfTgXMYKLzcekPimWyu5E
+JkeSjwaFBEf5978Tb3Fw9pM/OTB2dwt7XrZHbPVqdy9rZ3H38wUET42jTFX8QYpR
+/ni1glyQZ2EVGAfyLMNp9w8YB2AKPiZ5y36ePJS6cawoSFZ+yIE1ZQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCA2CRLSigningCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCA2CRLSigningCert.pem
new file mode 100644
index 0000000000..885034098f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCA2CRLSigningCert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 15 14 A0 80 15 E2 88 6F 58 26 40 63 59 58 94 CD D7 81 E0 46 
+    friendlyName: Separate Certificate and CRL Keys CA2 CRL Signing Cert
+subject=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBaDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JVNlcGFyYXRlIENlcnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWmH0sVxVN7JSbzHWG1otmjl6HCXaQjmM+
+q3A7UZr2F/Cem94aL4tzAERsgT0VqpooRlGItI59uT3Ae9aYUHIRLCzs6tL28ZoA
+zqmYVtv9z+sDPfv9wddp/BcFzBh0ChfykqyH36+m+NjRePniF6AUJ7lJqgVKkHu9
+tRaW8BZTwk/BGbhr5d7GkpEiHsflSKlrPWf6GZa/FV/yA0P003s7sUwVOSLQR7l9
+GlE9/BQ1kH2ZmqB1U8Y3au1lvUY7AWSOSLO7RwDTPXjhgzY6DNLtMVFYThcbryrI
+StRZdpFjYoq4COILuJniUdmubgOPhrwD+aYSHsthHaiiFEf9PBsbAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQThD2E
+jx6qfIF3XzHdzWDzl5fZsTAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDgYDVR0P
+AQH/BAQDAgECMA0GCSqGSIb3DQEBCwUAA4IBAQCEm2lpy7GZwfeWqqR1AxiCsBBS
+iQQ7kQwgsqMx1RvP0YpT/Nb5t/Yk5TP0ofSyM42MNwhw/sMiZ9KEShiFy6ZPCG8M
+o2ZHdPLVV+SNcW/MI71ndc0crqhG772BNTkMN15DH0v7aGLcAKzPrE+t6Lb59cnG
+ec3M1+VQ1xNZZqSQuAX1d0OdlfIYkCcZooVcb6vqx/Ddmv/iV1fw6jgjxpY/dwze
+guYIEwugf/FRkIdymxfAiZ9B3AceD84BbOVoasJN1Vu0zj5AUd4murA+Evy9b/Is
+0uFesDDiT/HcOsySEOGlrfJo4TCQAmV/olVxK113cGVIgVP2RMaD1gXt1qnI
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 15 14 A0 80 15 E2 88 6F 58 26 40 63 59 58 94 CD D7 81 E0 46 
+    friendlyName: Separate Certificate and CRL Keys CA2 CRL Signing Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E1AD060693CB28B5
+
+XAFfOAUgjK17Ij6zmBZsVKwxp2vXtrlvHYiLHvfpEdWVXAYXrVuhfL/kdCkkhZ4J
+P3F6dkFzavQ0dZ3Qf8370FwxP7WJpJnj+6EgYs3Jg3omO8UL7hhm2kZLPo86/5UH
+atjmbe4imgCln0qPpeZNokbfa7EUEHC4UtGGPeJpeiODVtOkTKlrUDjkZ59Ywez0
+H/s1SclteJ62XFaQMKMLOImbi/PIyGCj/jm5xMJxZdj6eY6HjIpzA84yVofgDxMi
+sSc0sXKbPGqFNnUV9WnDDbI1rapWTuU3IMsGo3zjoIs2HhPW77YEUX4N57ntHn3I
+M39rXG6zFv3XJjCAM7qADfI6I2Pt5sbrVQBm3hszpZCdtxcxs1hC2xggX78vV6dd
+KIUa0zThsx/9hhaydNyysUx8z/Yy2Z2An5uEyIwWtgwO/lMfON2eQOeoP5ZX2zXe
+MjPyMgzog52yQcpJ1uvtuT2+FBrBs3kAczAU9uctauVMWOF0BLl3BTbg5b9pQlsk
++wZoMyn+RhHjWa8mdaOJB5SyOm4XSQsZNpgmcMjWYPSLgHErqcCQZgriaBV7kZVg
+ZFF65APt2a8bpa3bwFHl+EAgncn9MKi71AkJXJpwf/LWcp9WcH3mH32CuwYNaGYb
+vd/Z81XRSBLXU+XMMdAhywW4vTGzFG2RYiImb+GJIN6CSsodJhNyi44rgPt8ofKX
+a+SPps2Xj97DzVvJy8AzDX1C3HZESo3nQV5DBYtVaxAfkbBoSiyuXCx1kXOoaIHt
+FbXz7/O2p2Rw6I152/IqMw/3J4gzvqr3WSfUgpUepb44sT0yT11CQeZIu/ahsvy+
+V9ZW93P7AxYH4Xup8I5/YlxuNxFBRP3XRgI3nJzw0uUdNtY5QqQYJUJ/lL/INv3M
+8GzZh2U1PuZ70bb+nLa2L/XdNMcDGNonYE9H3Pd7/5rtk97sDS0Homnv1toYcqbD
+2oburjwDMTOWV1xDQcbLHnnMXLxYEwPzRYdH4ykSDxYo8QIrAjuX2O3gsQwzdDYF
+coNuNfAFXssWX420htjmNAZPm8vnHoEzWoye3v0mQTQ940pkn6Kr+FrBr18UZBgW
+DRE8WHqkA64xOUXaJJf6CbBQ18ZWyA9TCXbUD3YO7Lnr/K/LSXx4vfunQJRQa63q
+ZTGxQ1YPSMvgpnm4EIb+MIOZD0YLIXz4vUPP62gWhtk0g7yiw3ba9JO/54Vl2vJY
+XqUYTbxQOc3tqBXuFfq9M0675eNmFjplnqzzkLkLgGE43tK+ex6+uxjNmIuZHp3h
+Jxu/DSMJeeOe93eUEx52gBbMntGF+my6u6YDejyiI1rSiFf6+pbBvkC75VQ09vuj
+Jir6RTcWnr/TxJ+3bARFi92zw2pW37NyaQr9D730C1ipqPtxzMNHROGRi8czWpvI
+DbPLOes+e2tSttLSyBSqgX1EQwwwRV37zYH6GFdOCzCtJ2VQAo8/1xfE1SBKLnbb
+yz6Y1NcJBCm4Wgrxex8I2Mm5nBFhmZtpqCGBKYewvyDKAx92X+TIaIYyX2Yy79RL
+xrNKZCxGbPjuXTT8ntsYTldpYMHq/rpH2wfljtNuwzgXA2jH9d3EfskBRyNGus02
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.pem
new file mode 100644
index 0000000000..eadb947174
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: A7 B6 16 A4 3B 15 81 93 4F B7 BA 41 DD 6F BD 0C 92 5D 23 4B 
+    friendlyName: Separate Certificate and CRL Keys CA2 Certificate Signing CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBZzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JVNlcGFyYXRlIENlcnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFYsYa9Wvs1smcULUHZqU/AJq1CmwzH168
+AzGaZnuLzIyYqct5aSydjaYh6pw8Qdo9YGpsGZdrdVIrorR2QXImqG2IdmMP+nyg
+/hEZKk1r2TqExjwextNIOJR40DCrpvtSjGj/zaP8QDGZKdi3cfY9BHIYUJVFHxiq
+dWkNEc0myPYSu+y+uV864I7WT+7w9aIlfwy70DF6o63YS+WYYXMwGKdUspcLg0GY
+7F+rqw8c72xOhAQZfSTUfOn9L8cB76kgvarYGT4zltGh38NrRoftXyMOGk0oRVsy
+1Qgae3u2PXm2H/BP4/JwN72xvv81clmAfhU3O6QD85CHGFrRCRlpAgMBAAGjfDB6
+MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQ4oxaB
+OI4YTkV/B/YRouJAZ5t04DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADggEBAEBL
+58jRnzAPzJLFoI8KtE5sGyo7fTkftuUZlSUeQURg4VKGLGpKClldAzIXUJReOsMq
++79P8b4HnOTztmIw0ax/wM/mCcjQBDPcgNL6xi274neuVQl2d1ekmTE3j0IVsXyd
++ck4EdViI4YLs/m4lllj+o1nhoZBWoPheVJm6meQfIb6bhGJwVZOMGZfzVF5UfIX
+mvW5xJ/ItI9CI+gcxt+Xn+rBD0AQvUimSkxF7ToxcpjaziwL3gMAKK6UrtP+RzcI
+v9egONl1LBx7JcBfbbQEoxyzRad6t6ui9MajKFhHT8wQ5XnLahoXFcAJbII5TPkm
+C1H/b4W7FXQUbnxMCxE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A7 B6 16 A4 3B 15 81 93 4F B7 BA 41 DD 6F BD 0C 92 5D 23 4B 
+    friendlyName: Separate Certificate and CRL Keys CA2 Certificate Signing CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,849855E743148C79
+
+JSyzpxxzuTpP4rMHFriEzmS5Nj56E50L7dq3NkZ6mhlKdYSGHhNGU45rYVMY2D77
+1QagCtHIkuDPo0FlwHAuueq2W6lOMuaoUkVRtRXX15lAzkKjgSew/YPFZTljUeET
+5lIvxCLg/bOMXfmCjpN8deScogHIHb9HK7FHqVmoqzuXfoDmFQkrohBo7RaRnu3p
+Mgj67Zw/DqBhSLSN4Ug/AkqpelLYCuGU+hdTai4fMQNXtvDqzi2cp5glUbgNRoXM
+CCvkWGzcCls8bx/UVIlslPqUa9lzFoK8ija5tljhIKl9TSVJi6O+pLmgxI8GNpF8
+Rb7+aMOcxR/2k4O8/eYtRgmJv+TNYCeHxuuyWI5FauxGLfsRJoD4Q4Vat6xIvs/T
+C7itOaWKTnH54h7eUktkNzJwAvbrfNlhUgtlfeH9AHMm54/B8bE0Drv+rv3MJqt5
+GDYIjZcb6my7gZlrJ6RnXC85s2e9sa8tvN7JCDgSGFCK4vd62aPue6TMk29+k1QT
+Mzbfy1XDDQJgk9q9qc97XeKbNeZVYuMW/8PwDR8L/V0TLSWxlPmZt0p5S+Lb7KFt
+sNYBq4UuLRDrMpX4hZ1R3lY6rhlgxEOs44P0Zl+rzYjjoJr5II6QonrRv5BMVjqB
+2sR9cKvfOvFm9AVMvFylzCvEizLvtifDuEcRvYMjd7VBQleUWgOpnxCzydabhWVF
+nZ+BPVlmZZ3UpIENtP+7AGEt/uEZXU3aDiC/ryHY5X/eOHOU4GczVGBK793v4LmH
+qb25dLLhW6SLs5KobUlnRos6Pe2LrOCWo5/e+NSeI2WLQ3FqgGKlHAOENrw9sFSM
+ACcZ0ZuDNoXGj99c/f7uOE9Xryi0ITL1sRvm7qRruQ/goHDLYzJqJWW+uxugYMGR
+RmhLrkjRU8OSFOl1YprxY8JwzpHao/B2263PxUf0gQSbeIEuiH6kxWxABOX9ZkyE
+aBVKXwjtyAe3CJhfCNRZeTZTbeCaWmkY3vHPAcBCsdo1NU7YqgECWn21lXDNTslM
+kIPPvE1MF9GAXWV0EBC+1ihdk15Ml/QYP3R+a7KleRMvbBBdZhuh33z13qBt1WeI
+mThCtLNoTcx4nSdASeuwCa2Mz0hHcBTAaPMkEmZ5G083ehNVPYaxw37A2Ix49d+a
+y1B2qToCvj6N5t/BkQci+Jzfrtj6jOpianS24BLdO+VNIXtq3gX8QmftPNRyT9jI
+UMXAAuInIWlYP1HskPvHmghgemqEh5TuE2cClVM2YfNQKnysrLdaN9Yf30o/Keud
+bY2Eca8OLFQCMM05oC/TshkBaGy6CRvUuZJ4xVf39NeFPtJZimctHH0ChgXNCa/r
+MUMV6QSEYigI8qm7hgpsAyAWm+eeITqIhpdYYY5Wz9x1RfX1InqbHF+3UFKr0d8N
+pSde5byTb7AYRv1HC0IbKWcg1N0te5C+WKI5crvdTKgr4P7FsBbzkdQbUDoAtjOc
+3vq4BU78rqePm5Q36DKG2Ht/s2H6X3GR9PJuviKCRUf5nJyk6RWfzzD1nBWiNd3/
+z5ONNiFWnGLXh4AanZGUrm3J/FY3vxo6qMjxljpk2xZerCfgzrkhNvrTolAk/WH2
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCRLSigningCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCRLSigningCert.pem
new file mode 100644
index 0000000000..d82e527597
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCRLSigningCert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 7D 9A F8 FA A4 D2 DC D2 E8 CD C4 15 46 C3 04 51 78 C6 80 14 
+    friendlyName: Separate Certificate and CRL Keys CRL Signing Cert
+subject=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIBZjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JVNlcGFyYXRlIENlcnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt3Ehzo3kwZuJWuTbmmbCrbv+6wWb0P+BH
+VCe7s6xJ3E9OxRqvxlshp4j5LDydNpnIIuBlUXcVdNMi9dIrm5ibgYly3H8/AWlk
+oVT3cDJQlv74oJ1F2vM++dx7xpfE7efybfEVbX6/5l7ouqZkGvtHUA1dylN2iwWb
+EgmGkF0XIC1pYChFv8If3Kd9I3eMqoDXJv6eDB5sSWjjXAZAdcuxwWm3ImjaQHDU
+q33ICEEbdCY6Qst4ocbkhi9TcGyYP0UqO500onu3yFXPdPx0YXftEw8biRTAYjnY
+Sk3DR5i2VZc7kOcvO4xuvon2xirQVv4OBY8l1w+m5BFlxavLti9hAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRyikML
+BFs9PcRV4YPGn9+Qyur3XjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDgYDVR0P
+AQH/BAQDAgECMA0GCSqGSIb3DQEBCwUAA4IBAQAh9MHideOQLdw0RnoaSAbA9i5d
+u2K3FdUw7X8o1Wk9VsJmTPHQ/lA3mmohF7sWChwC+YpSwxj/TYYUaT1MQC+t/sYn
+fiA9s4jlz4Xl36Si5ks7m3G2d35ApS/iaeWHWF8NHo6x04jEWaMNNtAwl4cSDzu7
+xljzpSiBpwr1KdEbW5STqnLogu1aSlN74NWVMo+fL5HJds007nO26v9wy2uzJVts
+6tx7C2LYkgu2ZaeenXmKxrSdj3dbpU11/lb5DsEt5xZj6h0qve3f03/Z+jTFcFZb
+hKp8MDt92jt476/yKQZUObKpWtvhekGbhaxeaArUqUXJEXyz63JqWf8+4zds
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7D 9A F8 FA A4 D2 DC D2 E8 CD C4 15 46 C3 04 51 78 C6 80 14 
+    friendlyName: Separate Certificate and CRL Keys CRL Signing Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2C08B269BEE274A6
+
+2nCMqz4Z9jAqZu3aJkQLe1ialqresIxKIiqamZwqTUAuRv6SLso0jkCcvDmRvtBb
+bc91dzoHIBdXRFDM/L0aMhTERo9qVIFXRB1hu2JqtNF/6IuATHxltsV11oJmW8F8
+UD6n9SCueAB3L1qVdopurS5/J/+wSwN7JVmJ4mF/yKpFXcmMIiAZ1uheyCflcqel
+3trlDc+/xKftrMIAGpIqLrJVAFRp+LLQQceoGVUSlBRLVtq8CebMz14LWtzof010
+PDJCVAl+hKwqF8KUaLwLqd14ev3NYSZFV0EAardOVmtErq/KpOclCSHOrxji1xXl
+lxdXL518Esj/2VJS36rZd4ex9GISmMcqY6Gj9ERy5dKDvMP0Wmb1tMBj0Zx+cFh+
+ErBAxfZLmD/xcMOZG3Id2Wk+62Z0RHd6cOQuF/hXdsDiMJ1wOqvovnjgu4JjSVur
+XVNzae91ppfMnIQDCjhvw0I4dSs+kV+x2h96oolMgADPg/tEGxqSvyNAtZFD/Bn9
+ISF3SVYEequMPeq/u4wRlm7gOPdzOzRm1Xc05T3bE/+Dpf2djRv6kc2BuDYALUbH
+u/6L9PETZxg7QIV9CrlOn7gA+8CPJ8kzLlOB93Tjr5vORUtCa0f5isVWjHarkSs/
+rySC98EIMwbBE5Gt2cBYkZE/6heTnkbJC6cY+D0136G5L+Z9S3R8MQSIm7fsb26F
+EeOfQj3ov2BZXrJdz/0TLKD9+u5ztSm6pI3Gz9ljztLZsq43JOjhlEdRU2KC7D91
+pFRelbFPyInpknG6OVpOiYLC4s3DthYXa3Iu+eNPCPAoAMRJyWV6L6DfY76PE+JX
+ZoYkHZxSGJ9ldsxY3HGOwPHSmO1H747wjvGvV5w1vyoVqDfsBrvOIYomydD5e8pI
+BLelkb7Cm5pFuO97RzBLfzfRt8m5HmVYx28vzZtQPYG2ES5YutvZIIahw77dhuX1
+Z36hs1EP16jPR83pMVIwRJMPq12lmb+jaHDgpDo8VksYXMItfmNyjSpTYjZrfQEx
+Kmccy4KFi28OJCIM6352kIIRNqbHDBB4b4KDQBQImszT7DkNYuKM+3wNab6xk/eF
+UaoT+4IdxIoB8ClRQdW6hvLkdKfHcITLSIAIhdf/XTKVGPoxUuEcSw0BCNAUHvSj
+nL+PGYUpUH4PmGn9SlQ0f5WrA+rw4qge1xOxaoUdDWpaaiq0Ouwy1QhBvIW/nXs/
+LiET+dRU6CG0LpH8Ia+lUAANfZQ3bX7zvNDpeiAoqxfaGjQw8lNJYgX8DUyPwKuU
+HSKKbi0JeaP31mRzESdvr6Lrcri763kFn/YZelID/NpfxPiDlQJEulw1MtvZBFSK
+tQlUb+5PCG80vC5m7usTfI3JCQDr9ayNEIMhntTWYUImK89VSNs9oNtEcRCY6kS/
+bK0Q+J3tNVqgAxiQEVnwpy1U+zuikNpRRhcx7jmqZ9sfMfPkfLAjgn7q1pL+SxyV
+KcQhi0/r/agn6Ub9AN22ybSBO5b4FMtnn7Emt5HwD58kP/vnXi+BSdqX40Sscycr
+51MWa7zYEv3u9I/+A+TiLxBpPji5i3MUwVydNEbb5LiljNar0ZS051+UGzHof+bU
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCertificateSigningCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCertificateSigningCACert.pem
new file mode 100644
index 0000000000..96b2e52495
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/SeparateCertificateandCRLKeysCertificateSigningCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 80 CA E3 C2 D0 55 9C 8D 74 57 6C 6E 6D 01 26 77 78 EF 0B B4 
+    friendlyName: Separate Certificate and CRL Keys Certificate Signing CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBZTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JVNlcGFyYXRlIENlcnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQDDtL08wy2lDqK70D2Rat++J9XUvMChIl
+EzlBcCgkephduAGsuC1OlEoXSwhy1ajQMJWoZgrWr+w4VecOHs1KS/3kt38LOCA9
+Bh7y/eRCfmn7uBcerIL7kgjP3C9qYVKzEVCNIV5SAt55VxraPdv3x+HcvvJWvYuy
+dwjcc16Ik/EET8h24TVmM+TLM9GQFsw6MxJVaPKRr7EPQwCrdZQ2dFQD82Mt5fMJ
+bi1Bt+0wYPtvP9n0h60mEbuYc8FmFPWdpRam9CNaEoh2JGtWoTKviVPzPiDNUCJ8
+y4I00mkos+oUerQSRD2ACwcKy4BZyzqmPis8zV+QQsv1DAXjQNjtAgMBAAGjfDB6
+MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBTwZdo/
+Ghda3tW2SJk7FxQQ10wUpDAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADggEBAEZK
+kUJKVqTUsc/16mk7xqEm9lSFPZ82+KI4Wc6R6Cii4kOv4V4dANxAzwKOGcuKIVkl
+Y+bTze7DmO8BCBQ6YW0mgswkiKn20hl8DrNbjQ8iijTGYFvoOp5CUBP+LPRKN1gn
+/4E5ZxArB2KhCSlAm5GY1eIs9gdfq1al4PDEBRLEK/m6+J0rbsIiJlwkqRgLy+8M
+rPUJYXSGBSsHYg6tuokTqgJ+YUFWahKufCgOduYjfKj+fx6hnMzB63IrGdeVE8xz
+IinTWR5N3cFMngryTH17o7Q0tfTI+Nwlbbk+fXP23HbUYHXK4HKDHMZUHw0qxMeP
+UZXUvPJPMlQvcQqSnQU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 80 CA E3 C2 D0 55 9C 8D 74 57 6C 6E 6D 01 26 77 78 EF 0B B4 
+    friendlyName: Separate Certificate and CRL Keys Certificate Signing CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C90A57E276098AC5
+
+OA/Py+SF4VJCx0ke2ZNdVdlQ+M45GGHp6v+XeLSFwQsr7d3UdrePCBuoGUkvYhBn
+CbZAF9WPugpIEzQN7G5ynpSZBbCcLc/SOgEm/A/vbsdbM6O9apaGk6IfYQWrIXig
+gIlezg5KIspbQkI4dcnc8D7KGdgftpTfd9FEU2xIZ5SPr7asUQ+nOT/E3EaLkYCH
+dYZ7ZRSVmhJfafkiYe/wdIp6tHWF2LL/z93iGfp/nm1fRdfa8bBA5N0RVKhBd97C
+GdTbYZj8rGt8ZWQK40xn3emhzLmmEG3NoN8sc1/l7zfX6Wa+4vPvQ/mUW7lWkgj3
+r4MX2pq+TbDSyVfzq5i8JdEVl+79aOMe7kU5r/FGCAf0KGrhUZl8LI3sD7I498tS
++QNmjyqnFucx/8Vgq6RAqPOB1VHFOTBc4e8xJnVIiZTkjhc7Z7g/4MFH77o2Gffj
+wHTHV3vsoTQr0BuwQ5hkbabWLD873rGvXn59meSnc1bHNrRswwBUsamFMpmsdtjC
+Z8wHjdMW7mFrQQqipsyt9xmzYRjo317Wi7LFwCVxGz7pv3F37LxpoHRW6A+pKdSK
+v4paTcBvqQIH0qhOa60reGBuQiqMz4NVoCxZIARd3NfVzOGis5XU7ps8bi3rPe3R
+W2PG/K7MMeyvOeyXxGyM+nDX4E0rlNTDLS03GINdmNLnRbT7geV12KDs8FS6Gy0e
+KSevEnGrO0d6xITwPhYWOhLOtPTxvdJkHx/2pxbh2RU9jTzByKkoNFTS2PGJ7GsY
+jx+zy4y1knrSfBvtPDW11xem5Urb4Jgebp3gHchijLixvjDbZNRZ4wC76LuU5jwD
+6TZbDkdmKYyXOT0vnIesh7qVUAPebP6NNRDwCBU4+dnct681sDU6CiWcBamsjnzL
+rXPSFnx6NDlkd7vW1t6eGGTDMJsqMfdI2EKD4Qm1xzvdIO3zHdJLJTy77uhS3mrm
+ZRn+Qdd4FEZm6OZDDDDwylrWHKifv4ioyiRMGol054/0AC/UZqPoDdTC/V99I0pi
+XjEnfBs/f5mmX2Vz0sgYpDVot10dmM080wzAO05u8WqhMSFCU9HXPuuvihtNtAEQ
+iIP6CncqNvOpI4PCFC3sr9r5iyRpdSNRXevCjYRPtT/jd6yo+wo1Edr2CgnK8nd9
+4A4T3x8LmZPJOIRDIBYWwkdXf9IUPNPWnXlEbhMlam6cexW01/CIXzf7joTEgcnp
+9P5diGkRECfLirQZs0jrAawDRzFNrfTMyCsYNLfAV5CJJAZI+XIyKkYU5Fm0nbK5
+Ij9t0dOTw4n0ChXWpLf6smJbk0yAKu4MJok9dpy/hSnQUMS7xJMU/EYB7oEW+S8J
+1ZbyHi7zn9Udnmozx2G5O8o9Tb0Cp6wbLXSFRZmOPTMBqJ0+1HwYYGpvaqQ4XO3y
+ItnAciO9PzeOrrwF/KttJPMCjYCxDl1LuDIAhGK0C2KrrgBFzdVi3Q7dJKiXyDS5
+xM3gNAxCN69HYYh71mMNYmUViaECAeByjmeyyMSqBqsbS2krdBX2q1sOLV/VP0tW
+dKyIEt/GDLOOP5n4rvmX3ELdxBbIfmCNoKsLAbYpWZJCcTwHUlgv6w==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/TrustAnchorRootCertificate.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/TrustAnchorRootCertificate.pem
new file mode 100644
index 0000000000..5dae6269c6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/TrustAnchorRootCertificate.pem
@@ -0,0 +1,59 @@
+Bag Attributes
+    localKeyID: 9D 70 F8 16 6A 1A CC 2B 9F 0F 39 E9 89 C4 18 34 F2 C4 5C 06 
+    friendlyName: Trust Anchor Root Certificate
+subject=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDRzCCAi+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT
+DFRydXN0IEFuY2hvcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALmZ
+UYkRR+DNRbmEJ4ITAhbNRDmqrNsJw97iLE7bpFeflDUoNcJrZPZbC208bG+g5M0A
+TzV0vOqg88Ds1/FjFDK1oPItqsiDImJIq0xb/et5w72WNPxHVrcsr7Ap6DHfdwLp
+NMncqtzX92hU/iGVHLE/w/OCWwAIIbTHaxdrGMUG7DkJJ6iI7mzqpcyPvyAAo9O3
+SHjJr+uw5vSrHRretnV2un0bohvGslN64MY/UIiRnPFwd2gD76byDzoM1ioyLRCl
+lfBJ5sRDz9xrUHNigTAUdlblb6yrnNtNJmkrROYvkh6sLETUh9EYh0Ar+94fZVXf
+GVi57Sw7x1jyANTlA40CAwEAAaNCMEAwHQYDVR0OBBYEFOR9X9FclYYILAWuvnW2
+ZafZXahmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQCYoa9uR55KJTkpwyPihIgXHq7/Z8dx3qZlCJQwE5qQBZXIsf5e
+C8Va/QjnTHOC4Gt4MwpnqqmoDqyqSW8pBVQgAUFAXqO91nLCQb4+/yfjiiNjzprp
+xQlcqIZYjJSVtckH1IDWFLFeuGW+OgPPEFgN4hjU5YFIsE2r1i4+ixkeuorxxsK1
+D/jYbVwQMXLqn1pjJttOPJwuA8+ho1f2c8FrKlqjHgOwxuHhsiGN6MKgs1baalpR
+/lnNFCIpq+/+3cnhufDjvxMy5lg+cwgMCiGzCxn4n4dBMw41C+4KhNF7ZtKuKSZ1
+eczztXD9NUkGUGw3LzpLDJazz3JhlZ/9pXzF
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9D 70 F8 16 6A 1A CC 2B 9F 0F 39 E9 89 C4 18 34 F2 C4 5C 06 
+    friendlyName: Trust Anchor Root Certificate
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,589B438A6C375D73
+
+1Sqkes587j3AgZI7YAdtWcfZKBt6weCesfcJpZLA9jWYXune85Qs6QGZrjDHIQT2
+bDokTc2Icf8E40ayuBEvZ8IVhbxCBGmLv4aKOko0KZCr2/irqrRGc84nYrFQIlZm
+FI7GI+u5mStnM+KR1XaQasFt6wlYDf4sWwqxu5f8oF5D74TsdhuQ6DIjqhaxKdVc
+ju2wVsrrrZ8Aq5z2uy8lmMdsy7E+e1LRuqT1ZyB87Q9eC7LvKaAftFQDzbIu4Os+
+Xx+YxBVF6Rf8/Zzmj30s0GauRWwo8O8W9Iv3Idb0iRiIHlzrWYYLdUmx8TtYe8nE
+jwxovfs8V0BmmzyMSJIFnoYTuq9Mx+8eUUc2bdZvNyYCoNZtyzvdBDriqrMiI1J8
+anV7gXDno7YgpLPRnGB2XG7IU43bqWJPZO2etT0RQPemRA40wJRKcpwSJKn5EpO1
+mmaVnT+CLycq7Fdze/3WZTAPJ2F+i9aLqSCtst2Li6io5fMmhe5zKX8AB0sXNLAG
+28k+s6p6CmOszOs4ADznJQ+ckw7F3eU5671hH8NchQqp9/7OFF7ZTSO0vmgNHrV6
+ZoQGphvD6u29Qam8OfXVxrDU/fr+lJypygcz61WCPkFoOlWBnKOzIper6MJnBwtZ
+Q5Xnq5XaTybjw+9m42H8kKqx9RjbOriJ8O+NEgriGEn+2vKfkCRTMbwRVZAzszEp
+8/dOkueyR4Uvm87383Uxi0k38tQIfI+kHG565Wg65OW+d0i9paB11wUZZZrle+PJ
+/Dm7dskDNEtKh60GxUJV1oUr1dAqSqsicA0q2K1yQApIjH4jyMWr6jFo2lKHSd+4
+V/weG0j8jK+W02ohJ10Ei7cgtn85L+SAHcyiZhRH9eaHlzacZvKrbvEG+BaSTdh9
+Y1derGlf75ITaKmO98LtDVkBVPllxNcQXeYVLSJagcH8OGKDS8TZITAHW9m9BuKO
+T4UOgHAqEDSSWJTVzBLBPRSjLnwup1E48P17bUlg+mUx3B87zKdGrfXmywm0wPpx
+bsTQg8VfRy1B4uwsn4mmPfW1kuP8r1pKlkqDq7u/gQ9jf0R9RF5+ThKOAE7MZHfC
+r+LurSXn0XHZW/1b82vwA50e++xVH9saNv8lrcSmnnU15oWtqTEdQ7huEqbJFIoE
+7EtXQrat2UJixsEgH/xNtMow+k2E6a5cyZlq3Zp1EqoXH4Yz3Om6hSocSigSn9ua
++L+QsnE6RJx7e4ZMT2o4hQ4j/vVrUmWsQi8PV1LjZ7W1PIR7Hk7eTul7XgWidO+U
+3bPd3EG9byKcq86Lr6kUAlLuhIB010d+8RuynZ76RNnEwbSFEIR8fRLQKbhvXx26
+9vrCvjNoYnxr8I/LZcCdg6kVxq8JsHFwyFqzV2D/khu5DjiBAASjPtMt9bK2GY/0
+yrTmTeYr00Q1DNOhZB0xjCG1ncLsrlUbqNlED56lnwx1//UAQxlF221MUOOTGY+o
+n4UXC9mU4nniX7AGTUnRYy92uCOUjhJdmxYsREH8popLPU/GaaEI6SLcRLLYrmTt
+bUUV4KK7y3a85WIkqcdWzKTSxoCYxKKEfKZTIB+m6D+E/okaWWDLBw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/TwoCRLsCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/TwoCRLsCACert.pem
new file mode 100644
index 0000000000..ead53efabd
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/TwoCRLsCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 3E 8B 13 E3 DA A9 B1 FF F5 8E F8 E9 A1 D7 0D 9F 6C 7F CE 49 
+    friendlyName: Two CRLs CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Two CRLs CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgIBCzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFDASBgNVBAMT
+C1R3byBDUkxzIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVVw
+3mINvG9IC82MaVpCjNLN6vTS0MX35ka4XR9DiLjJnct3BjTPol5cSRkUGt4aD7/i
+yY4xH3KZaA1QIqHPrmha3xJq3KDwMOKgX85QpwEJQ79gRoxvh0PLInwOOOLEbgQK
+2m7cfRj8X38DEcLoetizt8bpefYqXg0cK5QQ930x1zdGobj2ZQY1dyfOgEOGbR6v
+b2H2tf4ADjjr5zCuGWgR4WIjeYg1nSKfGyFt1Te8kXYze3ps6JBsZwWbzZL0VzNc
+SyOs/0aSdqas2jeB15GbFx0mBYO7W7/Ruv5tKfQ1Bhndnhy1qOdqCHbjQm7JCW1U
++OQihBTPJua+WcoBEQIDAQABo3wwejAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51
+tmWn2V2oZjAdBgNVHQ4EFgQUEKEB1pmdgONt/efud0tf8UnZPFMwDgYDVR0PAQH/
+BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/
+MA0GCSqGSIb3DQEBCwUAA4IBAQCCV6uwBSTvSBXTOo/xsmUKJB7luilrOqM9S53y
+ZbAZDMR3CkQTgiofSi1AFmma6OKPSZb621YSc5eNkVIaV59TtMTW6birxp5fimet
+J0Gpccz4huD3mCHl19CyfiTRyHYrnv4KTLJNLISwATQ0kGV+H3UnOWwP/R6edMQx
+AdSlpO5Y7WeDLaO9RdcMSII22qn9Iy8dT2V2eOA3yHjnLozB56H9BV9TFFJaV66c
+rxhupQudk87bl5MvOWx5FSKevJKgIV359N2oVm9G04IRI6uxk7HTFOjXq9sSoNoh
+bWH7xSENkdiWaAwBXlZiL0O4M6AEfhCVrlt/vnklD4vLn0Fm
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3E 8B 13 E3 DA A9 B1 FF F5 8E F8 E9 A1 D7 0D 9F 6C 7F CE 49 
+    friendlyName: Two CRLs CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2D4935EC571A0129
+
+R1jy0YiS4UdfbW7dq07IosLgsvObjCKFkQP6taBMFazcJRFQEbpW9mYfGiu3WBWe
++CRslantZU4BLBCeRf2XDmMTmSlQcYQDEFKxrpQvChhpaSF1o2F+9nocQ2B9YEQP
+EXfsCaLKgIg9U3NVujHoG2YlRwJi5SWoe/CUwts1czHAHTxpO6l9ArGm6uKD+SBk
+osetLW0RIuhNust8i7sArQULRS0BmW/HkKMxWhreQGQjqkOF8EyW4sWbI6j4WJan
+OBQ0dK2cxDDDoydEj+JQ3EOC9Twe4D8FXEg2zHWonlRfRX0qf7L1EUZEvVFBu8ak
+ltJsAmkEMl1mrJ0HGlmTm6mQ8DObc+kdOepbFXAGP4/7h3sD+cDEu0+vVky5Cw6u
+0Qi1icscf3BVKFPpv6m1SHNsoygVAGdMSTQV0L6i97LmZOnY+XaQ2n34ePfz99nP
+F3sM5lydLRZl5nSB0kZW/VAdC9dUBL0j3qvY0SEjBa0BQH2qExtx2q/Yyd+T6GZ2
+xRS0dWAq3UXbJNG6UJvWYId3hicZMDEpWpgsPYVQ30LaTYjK+e3z+zaR/etZ/de+
+aY0rH71OGXxF76vAZNOHpMGQ+nvVqhDqjTXaaFlHQ9MFUdZmY7f6+K4BZklv8p+4
+xtZzLanvEDudGxMdNCnAWCTM4T8A56Sbfgss/5S/9/XjnHl8wGSw03WUkMzOrplA
+q4fRgu3nTOFrDILfXUuil5iqfVnKj/77j78P3wEda5Y/IX67aCBqlexXrRuHuz8D
+HZR5LyXbxaB6eJHmsL89/VM5q2PtajK8yqIpjT8npX1/PeWNKWAuuXRCR3yNHQzA
+U5zNE+gOZwb05cj3wfV0ni/R72Oy9SXZSAWjKWxF75X3AWBMekJ+ht1AhFK8ydDZ
+DY99wEMNvUHQbOIMdY+0gOULL+azKlV9Z0fhyvrCB3k5Ek4JuBL2F/f4T6dPaenB
+kp7Nc2xL8e5GS9lWEo15EJalkOn5hn9n/0Pk3OKYVWVZ8n/hWZkcp7NhcYMJr7wm
+LwbcZn0yC8dgH624xi4CKF3ouryHFp3ZunJjyzCXwLSUz+Yg7lSjvz5q7XOm+bjo
+Prf6fHD8L3+4/1gDlhX3K1S1m2U+IyZa9uEkaAdsNW0tmEzVxOw5ROaBLZ2+62vB
+H4W378z5Bwjfu3G/Tee9J/gWJfLE3MeO8ZfC8TuSHnkd512ibg2gp17+lk8Tde5I
+zIf2A9Ljo7TSnFcw6OF6aoZDqvuF8tdTlANeusNhlrQpQWTxeDJm0PJnVwJkZSes
+B8Bc2DuECaCRlSihU4Ex0QcOmaTmioSpz2JP/GVmpwkRpPQj7deXYgQF9SDJrWVu
+WJAoR9kg/m7oVsP6SYYXSxHYSIwj6Ul1nJ1985H8jWljElZACnTVYpCNw6LOe3bF
+YBBJGKDAKjLpAeYzt/v5LP5InO1ReSyiVMPrItNoJeQaCzmx6eXxa6qngNquvZiW
+PiN+HWQpO0DrHyahL4Mjkj/XMNQ9El/LEuCpysYe7cmUmlu1a7bDCYcRr0Cd91U9
+0H/TX8smHEiLc8pE6yQcBM/aGYWJj5YXWZp/lKJp90eqo+7HvbtN+yswMG/V6Ebp
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UIDCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UIDCACert.pem
new file mode 100644
index 0000000000..1100bc4d8b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UIDCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 55 ED E1 DB 35 27 4A 71 07 5F CC 53 2D 99 33 77 A9 D7 27 43 
+    friendlyName: UID CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=UID CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgICA+kwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMTDFRydXN0
+IEFuY2hvcjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMD8xCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMQ8wDQYDVQQD
+EwZVSUQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeFABwDBUn
+ApJRGeo/+64E11KZ3rpoF+VJIX9apBq3DmF5GxhYb5PiFTkOPLN34PwLf3qLez93
+SSgZv/lXeQhWnudJlYLTwyHleDYo6uzFzG97ud10DKLEL4qz6tsNmgOFN7DUsARW
+cniQeA+PlB7FOAq+Np3AU3thtysN9pj/7kfthiHSpnaolauqdQFug2QC/Tsuqlpb
+wdZmC+0jcjz6F7FPOSo/dkTb1gy04sjoA6QRuCAskjlkQvSuviU48CYZwlXJg87m
+R6t5yDk1kv1NSUcL0g7PNC/yIMZiNKzkP+hVOYc/EK8dJv2u8rmp74xCW7Zq6lhe
+jgZF27pmsTuLAgMBAAGCAgUgo3wwejAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51
+tmWn2V2oZjAdBgNVHQ4EFgQUED/FBDDx2EM2hXlcjI2Lne4vHKkwDgYDVR0PAQH/
+BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/
+MA0GCSqGSIb3DQEBCwUAA4IBAQALOuCe7LwozytIfL3W2cNZdLVrhfOXpE/spkte
+1wi3VLrPYFYX/WMaoL++FBP2Ct3vMRaAmBHeAScN+FYPXP5Nc4DUiDlDXIC7oHJa
+BFlZq50K9sUIfDUiH2acsdrNqwh6QRO5+tdah+kNRmSnq1x+b/gSVkruCyo/hgLe
+XuvjLlB9CHf7FcD2TjT6kVHwTztZVOyC3PD0itzmla8BiY+Bx27Mmhk9ivQLeM/l
+ZXScBDdjrKanYIqmcvdrHGVRjBzpMQE/Vq7wwb9pDsm0nUiaHcfJQxrzNOlIsov6
+jtBJCP2luvGQia/7gwP8r6Ft2SsgMqH59wBxSipXP3qpz6sS
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 55 ED E1 DB 35 27 4A 71 07 5F CC 53 2D 99 33 77 A9 D7 27 43 
+    friendlyName: UID CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,390F5B5463C07EF6
+
++b561AnTMFle7QTjksjB8FPxB8vnBF+TY5ruzWhIexa39ZBXY64FodVv5tiFbpHy
+r+zHzOkowBnFCgwn7TLyWrKg8cq9hR//07xDlGloK966SIRd+ZJ+pvVWUMZyyN4p
+D40ANS1sBBEhcT7P2ae9+Mz6Mv+cDRE0//qJ7/BEc3Hj/QxeGBIThSMKRReJ66jD
+HScThK8MyEUpfuz7PLd2dTFqxWjk2CuAz1LsseT7RD70zr9wiBmS0q3Fo6JVai3U
+DvTY7xViSPbPtZjkZ0NkiQRkXp2dh4r5yj5gCEbq+8wDDmC3qGhI8tVwF7rRSpUt
+IrWo+MSTgazPd67NsKVai2uFN4c5ZD/FrBOHaS63Boa8zX05VT5gYhfEohnlz/hG
+CptR5Oq1m7D/nSuKmo4YXz6BfkXYE4IWupylKkOs71tlNCyYTBfGUMHtDjqcaLU+
+3rEEFSeUwxlsA069OKubZ30a/A4AJGqhujFM/IQcgDXZnlBe9aSNxYSRFiGedOgD
+RM44jgKJviBx+wzdQ2FPUGPQLLbWd/9QeNyEZZqGVaSDXfaFvmkkKjhqKVKq9qrF
+1EEKFiABCuP8P8eIw6fS1SlPauYE/PRqF1vKZDvtUElsCpWR8uE9837rPmaY3dg1
+9plIDyxZQ8/JELqRu5suIAgZsfO9lCaTCvAtIjDcDVCxp6PcGRU2QX8BAQ5EMVmj
+3ZinX/AKCbiySnLXUOTt7Amo88rXqNRxtNPrcRZaRQGv1Lc+O492tYOZLwawLYAt
+OQPcZnHSfu6yfBK0p9xRroJklX086Q5FLdISb4AbuQlP0plzunXcB5aV45lyJmya
+VAcNh1edLl+WK6WG0/MDoYX7IAtpXuV6OQ6gmuAogPFvhD6Tku7gc6WVA5ADrxew
+H3t9ssfQ0vsWiQdDd7LjC+2ft1kfc0FxGOyA+A9Dbq19fXOjWrYi/oxuAe+RRauC
+zFfzUNvsZJkJFPOHFuMjLrZ5K8SYxkgiromqtgq8lZ8yULme/Ano0sm44wO0No1v
+fClibDyBAedvroSYqaQwHoPd9j1+3hIBBGQGF+t+qZRKkw8CfrSQYzfDYUUcLn3i
+v/GhxTgIOpGw+kxdOYjUQsS760/7Iw1ZuBy6kyz8J3RHntlTUC7bIvnlYTG4kQa1
+/tilt3cOmyZ0ONyIHfX/ErlSf7KBxyN0FHenD3cO888tbRav0fMmRT5EWe2LGg/a
+3a0anl6W70s5ypDPb9dhgfOwuuoTUzTjndF2IyQaPz51IoSoUWagIIjmOumB1lwv
+W/2b3Tw9EAXq+1TyLalAM7rRKLTGvjSEpDJwfvp2VIj8UnM2RZV9oxi60SY+Rc4s
+rqdSXMjnrc/SYZMVNp7J4pm/megIUAIh1k65vA+DdtyzELfXw8CY6reIHhCt5yG6
+/YKajR8Wad+9fV6Yu3fSKQLRtaWGtOJ7sP/Blxs36eGgWglvBx5sXWGvnx70HV6D
+8x07lawJaUv3LTzE8FiY7jmLgCXmaGrV7Liz7mQV9cQQ4qf133JtBZlAXH/9Jnan
+B8tfwvFPCPMUI+5t9fPq0APnfFHIowss70IehYQYqPWMiX7TyzY7mw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UTF8StringCaseInsensitiveMatchCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UTF8StringCaseInsensitiveMatchCACert.pem
new file mode 100644
index 0000000000..1fff9f5e40
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UTF8StringCaseInsensitiveMatchCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 4C E2 7D 0D F8 76 93 B4 5B 55 34 7B 13 B4 B5 CD 6D 3E EB 9C 
+    friendlyName: UTF8String Case Insensitive Match CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=UTF8String Case Insensitive Match CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBZDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoMFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLTArBgNVBAMM
+JFVURjhTdHJpbmcgQ2FzZSBJbnNlbnNpdGl2ZSBNYXRjaCBDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMG57Err72Y6WVucCLR9vA602ukJ6SGG/fkb
+m3MdFHFnIlwT4bTqW1vVDbWM6JGk6Ats6QdrCKHNepQUivKcTaOf+Z/AM0PF8Dm+
+/46w0H8slEycnjp9R9kVq3RxnfaCVUuoT1GUilrIl6lzYDbLmk586gIDHiKIB6G1
+EB1SbyGrTqUb4PbX6BqTP3DyMagsCXbB9mQtdub0TMopxgLPhx8c9J4dT4GT2zN0
+YhDhy1j2u/fe2IaKQ/cBYdli4UpwlJzvBQj9DChrTUeMU0bE8LUUot/+SgUnJzgM
+00LL1siFE9AwjpdtBp5TZWaGrGJGNWEzV/jiRtmiAKoU5qMr07ECAwEAAaN8MHow
+HwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFGDfGNHK
+qVCSERchRNJ39Wqtpr54MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAXDmk
+vYzphSsHCShEza+0eHMVa+8vfRkgzCtHfL9ch77919MmuIbJSuXxvmkV8bwBdIzV
+A9prai62c2AAPgDGlFpQZwUY+ead5JWxnqhdhSbQQ82GguuLbjmwV6nWeGuNwX7S
+bLSt7V2e3aiijWB6grarbdReY0c4r2gceiNA5QpPmFpnL1r10GnE+hCf69dLJGpp
+sAzcGVaokxKA8DZhgag+Jv54NOMZKH6o0L7p4peM0l/acVHkLNvHmZTgjrz9If44
+wHSFmxIjghuYD5gEKtvxUm7blklS1anKqrHHaqQfYWyJfBAwdgNjiASvlfypETzz
+801tbjXPclw1G82spQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4C E2 7D 0D F8 76 93 B4 5B 55 34 7B 13 B4 B5 CD 6D 3E EB 9C 
+    friendlyName: UTF8String Case Insensitive Match CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D5A849F04F091743
+
++Se5p0hI32zfLidURyAPBD/QOrv3xuIPNygZ5Pu1RlSfya+tMtQ6Cl1w9FfkjQ3N
+qxunN8Z9QvRgy9ygSzSb43/zdPPG35tQsiihMqW3em90ILyJ+ZnkT9x/FmmQ6xHW
+ixAQPtwkGmC++FqPxdn4CzS2JaKihRkY57fbphw2JbMcccpi3qltSmgnL82mYedP
+2qYmQcwIryLrjU7obwfseTCW/jikAfTRSqHUS7vmXgSObuIi1RLT+botTQj/aV8B
+Gxgkjycbs0iOC5/O8fpw/Izbw+HpdSD5Rm/pEkT466hkrjFZodx1Wv0rUt/Dy47o
+jK6RVf620veoSotzmb+Em9wlkBoow5Mi8dGGT8FxsuKFE/qnG74QmmISNPHqInP+
+gLLfimbJ8IlJr1xVZKBTy6VgzjIwIWC6StaP1W78VC6n4qicSos15G26wrjwW0aW
+U+BRDmM1jEUhn4X77WDwTmk83+ku8PeaKJHCW4smruFWtEetFG1toZC8zCa50/JO
+FZVxVnn3zVFUGpd4m8kNiVXt50yF9zJ0jm2FabOHDGHuFdyyxjXRL3/NRX5inAgM
+/b8oCkLMnrDGbX0DRGTzGYLSLkGijSknvXsCnGoHVTJ0aHfxyK1adHOZT4zcFXWY
+NVg1TrYXfAVI9eZehuTAzfiM0a8tygdF7FqzpI6vFmSjnbyEz65VeT8IlxvSQEfS
+ZxWYH0Il5Zndh77mX2BUlxNThFpE0BHISV3zJpdfKozmaUl74VCn+epaB9P3midf
+7Ku8cCCTr9MFxerQH98BLFrMgKUO8CJ0n8exggk1ozKNQ2KNkKKwDoIvqfFn/TEO
+oJVAQUliB93ioiOHyb0bhrm49tmo1FmMyV4hX4/lPJ4E5O5kQShTDdrDUhQAgQUa
+cma+8oN8apz57CWaBdmXKWGEGNx/tP4LnUnbftN8gXTGIVTt+Vc3ihrwVwhbmzEZ
+Kdsezyi9aPP7OIt+L2156WkC+Da1VnZUnGxvs5n/4NG0sALVmJYqMVsytpzkXuFI
+BgBTp4KJlAjjuqsWe4D8yRgLNQN3Tv8qp6eaFNhkpBZxrPB85B+QoLSog3EgE3tr
+zPx/1+yaM6LNcqyuGB7W7B/kxz0AQ9wekJ+qrtC3aN++l/fc8/wGLkbjro3vEDJX
+0TwlcLt40p7udXIHTukEHztSgD6LaAgEwtWDyfZUPPdZdw4mKofpVhuu4Yc+mXqa
+Ead5sDa/xGHC3H7d5T3Utmyospzs5dStsjUaocmLnC0Fpik1hlU2+I/2Qt31AEWt
+wMvylO8qNzbqtKyxLyBpPN+0LE5NWxUnBpr7pSfI+q4+VvY6BJgJNlgDAoE3Edv6
+9e3gdQ16jVBBfkUDbit8s6Ey0wam1kQwUq9561A1ezpa3HnzeKf4BdJctBa4CFip
+Mq+LjtHR2H76kFNpKjKbjuwsUcpjAug3hbNX/2H8NQdfrA3pjyZS4fQlqnhfVB13
+ZsWgaBOnjHOYm9gvmKijLAsSk5xPLjY3W/xrQDQCbN0LiUZRQrukMYxqE+Qe3w6B
+9f0uzZ4nCiLIOws2RUZgWYTq24R8VHAnEfLfUBVcCvLQeGNwPL2GgQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UTF8StringEncodedNamesCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UTF8StringEncodedNamesCACert.pem
new file mode 100644
index 0000000000..3f07a3a22a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UTF8StringEncodedNamesCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 60 31 94 D1 83 3E 52 FF FC EE 93 39 04 04 7B 80 DF 3A D5 74 
+    friendlyName: UTF8String Encoded Names CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=UTF8String CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgjCCAmqgAwIBAgIBYjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoMFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFjAUBgNVBAMM
+DVVURjhTdHJpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp
+FMdocNgWHWbH/yYbXj7cmkTMmrDj9bXTRwJQZM2I/fcTefta90CFELGbDX2RdtAn
+jlSJqkydCKjhhkKXfMQFXJDlM6MQLf4rcQoxEP8UI2KmnbkfEjfsyGBxnSEFWe0w
+ZZ8z5eWrLyIFZYk4x2Zyc5da7szsOnu63qN15kAJRf5qLTQyBVbvG6pJrOQaDF9I
+SrgA1Sj7UW2puqZ40fbX20zywWxMEIeX3QO1Ho4onJXwi81/LMjZ3CvWqtEuGXo+
+D5YJHhMBx2Ok777u34ahScf3f6h5YBixNf69RCCIR41Hki/aJ8Uwir0Ylx9mdT0X
+fE42LskS6v/MsFLGUpCtAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWu
+vnW2ZafZXahmMB0GA1UdDgQWBBQ7Z1tE8g2nSH1zKYyTn9Uk4xJgJjAOBgNVHQ8B
+Af8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMB
+Af8wDQYJKoZIhvcNAQELBQADggEBAAP+S9Kl9ocPuIY66PoFSDnkqzKGoqlaqslJ
+7f7oUQTUwVKGx6hxk18tUGCR4rof/JpLBj6fjYLcfAutev7e/ZZPf+X6X9QlJW3R
+pqLCIcGfa4k0LdLLDIYUGKu3YzeByWf+7AHjrFarwSxlZSHwooknYMokxMrgroLo
+Mkawy5gZSMyykCgLxWtJdCHq/lSxLnseGN7Xfpa4Yr4ST9GgF3oyvMVIgp7jJUAw
+15Yjtfpu0NJ0EkWbLp3k27UG12xDzC4XZUfco5ecXy0Iflj1USDPXUMJ+9etyJQo
+6ctOAf1vXD90OpTS9YynXwm4VCqRRISItnWSbLIvEK0zg+YrB1U=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 60 31 94 D1 83 3E 52 FF FC EE 93 39 04 04 7B 80 DF 3A D5 74 
+    friendlyName: UTF8String Encoded Names CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F85DDC9DE7660E27
+
+yaEWNpSej94SaNM/VCAqe163L0r9ncBBhhHlsfECuxJ9sq8eJ/UKfg+CVACGk8fT
+lzS4PDjrQ4Hb5fruvgM3FGMDFDmX/7FURmwKq4Y7yxqwoSzDiz9Fkj/mfHIPBvnV
+WR/LHseGpQsbk9l4fJnT/h9HDFH3edhMIgGZGn226QdvJb0GOOO+VcmnD1wVCu9i
+ljMGJ+x1RsihD2cpXPLsibtTpy37FgGBGsE2Q0yxILF6HpjUXf2GpJ3IKesJXCGv
+IqNj9+JlUs2gWb0sio7BBq5u2pM0xug0HfR96s0R3oKSr6rOUCeqggd2d4200mv7
+o80vbwA6/A76W6oeUV6hpZcGOyGrn1PY3Re0bMzPDOmXzesANaV4iLC9Blcs72b2
+Ip9Mlf9270wyAx87X2itSCrWV8Q2YKHIrKGwpfW+Ew9L8d7nVOn1XSvjZfKuERVf
+ssOcd53yapyM/jRCihvL2TeBUjq0hF0iLvzjfHhfptkbaxVQAGS2h2yVu/HRCfsL
+tYKwa3IoZkxZpv3MA2HAOWs6GQaAsIH9pCtq+PjPSEgSn0dlNv5Xq1F7tXI0/FB/
+16rQyrDh+GxkhKJhMSE7KEGdIWmkFqGAxibVMhGEF7+OvNRsbYKy0w9H4vRdU5p9
+TBRF57fsj2IbWk3f9BNfV5TJn61Wy+g63I1Au9zKBt44UH1MqfDdG8iV/0BcX3M0
+YFuZSE60oqKueZYgEIR0xJM66uQHXCuP8f6FiJ8Y8EnE5fTxrBDDpsnVTZGe4cu6
+7RVAVuPb50jsEerREKNuyzZcIphS+DSIXeMZKxdijP5gHRdCjzVcVcNyMuqJXyi+
+CgfsfcFLcLFhx8UCugp/2ymVVmXp4eZ/hRO/7uPpV5I0vzJtbwocaaavH+6uSZb1
+oznWLPu/EpfjCS9nGWwXiNfuiJxuyQNxmkGSbAOwxHHnk+kBj9XJdVtFRSEgolSU
+5FKkWJeJ90FEN/6XnnLFy62fwH+VdYOp/U7EBPza9jplrwj01EaH672Hx1ijUDyz
++FN+X6Ny/EX4w6+sSqnTBFA43R/iFfZnM0cW2vYCWPCyt3lbVqFxpwb87o1Aa153
+YLENm6i5oCNaCqkdmov95efxVpJCGmz7zRMt0+f6g/VvUHRFCy1aFS5al5l4gduf
+uNpC560+bKO48TZPZkUhrqZGWHZL0qmEN6VkKDTzFc7Fcp+twptI1+Xcr04L1gNq
+o//Rr9D4R8+bfpsQ0b3chB6AnsMrKp1A63JmCGxUfkDyiPPzAC7P6FCmfXUQeNOM
+yaP6RCrqIGKpfApJDiDBjouSZZX4FXXewdehG/yYZBT8Bb70M0MOdme1s/IYWcv2
+qPcQ0hkWBOTOhsV+q8bZiyVZ2Ab7WgqkXnDcZC6Mm8JT0CfydGaQarvpuA3ulYCZ
+3dqCbrXdaC/eyTISfWnmrWWf2yXSqyZxZoQ90CE//ll/+W6MMfQ0v/nQ+9in4xVO
+joJpnzDKCLzH0BDD1xFI6v+IX7OtBoYw1PqEdt9gQyoPL3bS5TwgJKWmU77u8FoT
+hYo19g3+GGFYfuTYb+SNsl5rSLiiWBMpdwAyfU7wiOpy/qOnkQJymbX6CakiX6sR
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UnknownCRLEntryExtensionCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UnknownCRLEntryExtensionCACert.pem
new file mode 100644
index 0000000000..56a0860eea
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UnknownCRLEntryExtensionCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 45 65 43 CC 9B 34 B2 75 2A 14 F8 83 05 A4 1F 89 B3 73 7F 82 
+    friendlyName: Unknown CRL Entry Extension CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Unknown CRL Entry Extension CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBDDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJzAlBgNVBAMT
+HlVua25vd24gQ1JMIEVudHJ5IEV4dGVuc2lvbiBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAJq2TVjGIQMG94IR0AGNlX+dXBLDqMZwDIJxAQ1UbqD0
+HQs4NhG/NDXeV02qg40uMBG0p4b3s7inEy/NLdw+ttgTkQ7XZhf1Fh1BrDY2md9z
+kgigRRvTPKJjzbW/nxY32ySomL0ABlPyQQQg7Fy27cWeqLbGFGF7K6avwI1sdnGw
+/QzdLvkTGSEWYGRQrfTJgSf74f4YuOXsiHniQ7Ln7pTKcGlhgLDMxGJOSb9bnaJ+
+inxuz8eDlNiCTu71qN4iKwJgT3Ch4waqG7w8JdoIkxDmkKXpd7ETKdyfYk2kUt1c
+26hvv10iWxUPZ+FGjSx6vJzC/S5FGRl2DbBabA4BcKcCAwEAAaN8MHowHwYDVR0j
+BBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFACmGcuhLU0oLyLz
+0kw3z/9MMM3qMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
+MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAn+VVEQ6vEy68
+7EiskrOXl33w1rBT2/JUlSZnws4hRhBd0363UhXIGd0N/fBVGas0ufPXS4LtYQjs
+lFpO5UPj3aJGk8Bq9t+3DvPz5rOnTZCiiSZu+V17QmiDsKnNgS0YWr07ESK46nzM
+5mjXhARQPUkbFR7UEXsFVKU1GTvr/YwGHQ8wTvIryrIjgVI34tB37i1JOEK3j3FP
+lDUAGnaDIz8uAl+qFNX/W66/haHjDtwVa77j97HOA7rrhpfEkNaaOpjDxKPQLSOG
+nKitdrq2S6Q4TA4mHay0XpbaoDstAOHMDKOnZrD9XDo3szNWu3DVXhS/AwiI76Jt
+P15GKWEzOA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 45 65 43 CC 9B 34 B2 75 2A 14 F8 83 05 A4 1F 89 B3 73 7F 82 
+    friendlyName: Unknown CRL Entry Extension CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1F9F099D8BC977F9
+
+Pht6nyk49343UgIQNTZHJsR6hqAKFrHqQXCCcMqSU+cUfp9eBZlfY3kIDy1dLYrc
+3XRGZaD9hMqdy4Zb5JwTUiefw/KSs6GE18bz+eIvKz2iq34OZksNYrgF2V0c7IPN
+e94dTUvCL3fnSOh/UnSuJ7G3ySCU5AI0pi6k2J5x99HMIp+I9Hn67rXhOhlMTc47
+dt5HfArr2EaYYdD7NTttRwpr+37mx5EYbByYhN/3q3paC0AxRDMpktSPSniPfp0O
+n2Aj7kaRsOaagh5yi7V3cVJpbBTBKoqyQO+xUoFSZ99JcvOi3IXv9uMsUAcLtBG6
+6qNGVUHadISQ2m6XtVtzdE32az/Uj+AXYPZ7/OKfrU9rmw/LVtvxtvsX6cfxjZ/R
+6TMhwHzVpG6N35G+Pkq8FRpjMMkcdyOurTpUZINxgyeodUgPyKmOhrQwFMae1KMK
+aZgTf6RinXSlS4QOI03wl8+IvqdlWDZnN0AG2ZhsoI5dEKyB3oAG0wz8zlLH2T84
+Latr7ekgncqtXO9rJC/D2Po4rG4jTYrucUmKrRvXdN7hV8stLUSnhQHNjqrcR7+d
+HKKtglQWLiAPq8ytY372zGd1EIpC9qMFZNv/IQAMZqrCt6e+uMN+nXDJDPB0w7ws
+nbvl4t8pAOskfOY05ode2VH5R7QVr+S4FB0iH0ARUmyyVNe43QGPjxCEkocB5gLC
+/cnEs4u+1sKG4g2Jfm98xsDaD4mSJqXBsfz9A59jYMjcNZeuN3ZZ09OyyHmGAAHF
+O4xYOEMzU3RjQ4CAKqD0iaAhw0vxMRPBL6rR0ngTtrxRs3890revN0RwN+zomtTM
+wuyPL7b9KYJq0cFe+262AHIGi73DdgScEsyBLiXs/uwW3YM1WmR2gAy/F17CQLoS
+aRETP4pEcMHzX3vagkS1p8h/BO0cfUyob9ABybJiXaq8HzgUygOFjbRk/wRT558D
+bxzGVSNnTCvsGSoeIkmQuCjzZ7WqWmc4AVCq2yrYGqxhyzQlTjH0LZgfrz0YmliA
+PQINURKMvqPhsqsav0oKJ1LWwUkCYqNhFTAXsx7o3hdxf7mahQVvI+jhWUHhXIG7
+Qh80bLfTQsBy71R02FfBhh4jGJD0OOBxQJV09tkQf1XmeRTtTrt0AhOViZa3/KjS
+d9sGWWjJGeV1tBLJmEan/qNXOozM4josXaz8ot2c/2ERbIapp3lkNiHMh6tyPkRF
+ayaa6E6t2XBLaGl3nlawrXOozAdQbRbzMG8hZ7XjX9XAGQxHR7pOzEQXfJp+6BYN
+KnV3Sl5REI7L3/AuA/cABFA28WqPVOjzgBVAU5MfZNn5wgxqqkHbbpO6oIEw8awZ
+2e3/vpqkU5HNcD3S5fqcMVTx63Lu93Ry6RXzTmRBGoAHtZ3i447sTNTrO2DgckUf
+e6MWcysrUi2TkX6t2wKILhLUx4QboW7HH4WZjXUNVd+Jj/cojX9gXPDoTN5tF1l5
+oALvgZareTUYCW9F5sfqcIIZiGQYvhfFJeAXYbM8WI7ym+tIjzdEfUeP4RdtsE4C
+/xjA1sgGbZFF9FalzCuUmLLSHwsMo0tZZgU13N1/Qon2TdvT/u7BEnnaPPeSm7pB
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UnknownCRLExtensionCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UnknownCRLExtensionCACert.pem
new file mode 100644
index 0000000000..978a8f1192
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UnknownCRLExtensionCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E8 29 F0 F6 2E C4 7A 8D 77 56 2E 28 64 D1 A6 96 7F 3E 14 3B 
+    friendlyName: Unknown CRL Extension CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Unknown CRL Extension CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBDTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExITAfBgNVBAMT
+GFVua25vd24gQ1JMIEV4dGVuc2lvbiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAN3+bmlTsYBVkvHVXNA+SAx982qdi4yGQL2u0PlcbbsFaWN5Sl0U
+1ZF83NTAmeqJKesUvJKicpijbLSt4rh2VVlrwDEe2JL+D0R2mSomny8ViNAe2z1Q
+OSolQnAr0IlPE071WQ77b9kSWe0HOunRrORTQNEDmOS9YVBMW9hv2YtSSJP7RMht
+sV14x3JLmoZY25YlNo+nWxakLuabNERqfvK7+aZmlbtjGpkR9QsGouSHMJtH6nno
+tSyjg9R/RJZi5hUqzNz/0iRww7VUcIkr85rVAHLkHJNdOy4AiYOEMXpiq1gSapHO
+iqzo5WwU07AM6eG2pqUNurj/E4j9Q4K24lUCAwEAAaN8MHowHwYDVR0jBBgwFoAU
+5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFP3//hlN2wydxaLYglbrsNkQ
+YeMxMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
+VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAOMZEqelK1bLZqjY3Ap/i
+vt/zf0txQmVZooyCElcIZMGvUNrpBOUnAo1Pl9f/I0SZImszjOxY6gS7UJ4TYymN
+n6z968x42BiptCW560/djERAq1+15AGcTd6E6o+bAG1n35uVECkEj0VCovcBRJRf
+l8tDb4FMl9lTU0g4dQb5s2rjy8RWJrZ/DRGBTvniDUE/TYKO4LYKEWmu4uTTNnba
+1RCG8bGe8vheiIp4Pk58HklrLewClA2NiqSXmOgpl44FlGeWuzh7xlkf6cVVUuaH
+553QGvjiDd43pJKBx+ihsFfHzelGfrj1BrQWaRWFoR7lX1GdgUDsYvhOK4ybEKpb
+/A==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E8 29 F0 F6 2E C4 7A 8D 77 56 2E 28 64 D1 A6 96 7F 3E 14 3B 
+    friendlyName: Unknown CRL Extension CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BF8997AE3F28C957
+
+Yb3OfRlikZzGcSRuE9Q/nGEx5tpHFL9zZbku9ta9WZLz1NhJYUBIb/rUud7UA+EA
+GN6RcKMDRfXwa7LTQjU8miQFwyfE9QXGsVBKFeRQ/SSPhvyyg+XErYmszsRYIJ06
+6MND+TKTKgbOSi7aTsfLPjLBfsiI9w9dW3Xn+Sp6+ViFZJCN/yqAalVvHsaRR/Ex
+D5DoipwaYcIr9wUW/Is5+xWdJOU46c4ILxao7kGtBvpf8roRfbY/pHND6oBK1YUB
+yZrnI32gz3eUXWyFibAJSvkOqKqXLFw81sN7+WyHLJJmNR403GBBBD5OxPmN74Ng
+n3lRQJt1rG4W1ZlPRylaiOeRwxIATqKyZ89ByJSc8Q8787o070eMGWR6fsYaAiHl
+HmjI63HXyqvF5MZOMBFBrHXjSBPOLqvDLqrccw/sI7su/mA/gRg76ce9Qx/Zg1Pb
+oF7zSo59fmFG7AsROBvVHK8GhPjYLe7t/cTNMh9mpX6Wv1KpH7o11Zw7ldMLGoZX
+t1X89dcj6MX5rN0qOHM6h3nVT1PQMIVPZRGKnbGU+sAzsd1W8wgktWWdHL4H1ubI
+yPCl2NGOLObTBVcmrk1OzGhdiDaexBjpwl/G9oLp+VWCLZ1pIMhn9LLYmT/ii85C
+cI8C1oYRncjgl9nRvdnpFWnsXd/1bewuIa7GS8is/4Yd8+aPwoA7X1ngZVfbvVU7
+nMogbZMp13CKme5NfSLxANLRd0v9sSbsFybg9seXx3nUXBh/GmIOPdYv8ZzcWf9y
+gA7bXH8VQGVdaHEPWrwPUfN4XMFPP7YBZlH8WOjxBm4hQIW48odVOUn/DrxumLPi
+6TvhUuTFnQw8G6xdLRb7HSOq+AEa6Vk/jdjj3K0axopByIUzGkz+a44vl3VnJGO2
+0uMpxbtlWqogEMESI8TzKJiugZpHc1DS/g/vcCx7lXwOVBXVIuXTBMkHAPQosfbt
+4NtB5D080yuOr7XBjzTvxWsMdWAFbbsLq6pElLVUf1ZwCa/xkqPU1FMHqUAJ6cUk
+VMMgy11esel+7Fdjg63f4wCq77me4Cg7pQU20Et66WYpDvKANB8dq9kilUKpSUAk
+ocBoFW9H7ERN/5i+XSzNIDDR/yeB42nqcWyN3Y21Hi0DQtEPwiXC+ye5SQZ0lDqJ
+CwAOGh2ytkiMua8bnDi5j1x1V+AZJYDSYHWagCypCK5ZgpRcOxd/9wAQCLvUoM5z
+F+y8KPvDbjw0Ru74wZoZgNB5ZQQHYcfbHjvglmu94vmL+MfsydFbgLDUXPIQj3/5
+BGiFm04bNP7AdJ0UC6J9yZWt3vL/CKdwQrXVp63Ix/v39NQjOT7MlvN5dZOvwMg9
+ED+7iCvCm+DL2h4wSOaf0xxC/74d2gh/5DzP9iX1YcbIpi5KlapYBEAifHV89HiK
+X6U3PvNVepaeeQmPVKfBVxYDOCQvCyUDZRlqEXVnw5rQhJfPfNj+apuEFL6LwtHx
+lKiuBGHoZMRFXnHgeGw30Ih3clGPvOMJm/Vup2DKEGdpuoAUcpjxOWK9aB961wmR
+p3czkqBheX2IrzIXlITEOM1dL8iud4qYGzTAJudeBaNLaLmcTrHp3A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15.pem
deleted file mode 100644
index d22dbe7f91..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15.pem
+++ /dev/null
@@ -1,59 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test15
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC7zCCAligAwIBAgIBKDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE0MDIGA1UEAxMrVXNlciBOb3Rp
-Y2UgUXVhbGlmaWVyIEVFIENlcnRpZmljYXRlIFRlc3QxNTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEA0qDoX3O5t52G/m1yV6MSg0EJQQn8QFWgZUnEutHYAAdA
-GuRrFRXtkbdQkbyePIu4nzj2LCmMAfVM+QlOWLFCnc6/s38tfZDAir7WFHBFyUzB
-gkw+q1a9DIXfaq32yn22txxzus3dqRZJui+5J1DMNLbHPYS1WS7Hu/3dL5ZoR30C
-AwEAAaOB2TCB1jAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNV
-HQ4EFgQUHYqwkDHyipKBoBuH/YaAiORSh0owDgYDVR0PAQH/BAQDAgTwMIGDBgNV
-HSAEfDB6MHgGCmCGSAFlAwIBMAEwajBoBggrBgEFBQcCAjBcGlpxMTogIFRoaXMg
-aXMgdGhlIHVzZXIgbm90aWNlIGZyb20gcXVhbGlmaWVyIDEuICBUaGlzIGNlcnRp
-ZmljYXRlIGlzIGZvciB0ZXN0IHB1cnBvc2VzIG9ubHkwDQYJKoZIhvcNAQEFBQAD
-gYEASWwltYc1aGeHLYySbO4SCTVSgVrZAXfAoa/0RHmL0et8olJXCLdXTMq2/6rI
-gibDeTUDQ2N+5z23QN3hDG+Syz9rDBbj+m3MtvcsvyyXFK62g1NhZxyw1+dFrxwK
-Ci+jbMqXaXsdBG6a9cTYKw2geUpx9ig46FLMyn7idA7OrrY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15EE.pem
new file mode 100644
index 0000000000..27b2cb33d6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest15EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: D6 18 A4 68 95 87 7F 71 A3 B4 18 B7 4F EE 96 67 22 A1 C6 3A 
+    friendlyName: User Notice Qualifier Test15 EE
+subject=/C=US/O=Test Certificates 2011/CN=User Notice Qualifier EE Certificate Test15
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID/jCCAuagAwIBAgIBKDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowZDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExNDAyBgNVBAMT
+K1VzZXIgTm90aWNlIFF1YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkS8nR/CBLM63BPIASc/HIZLUW
+rQrETZeD+GSRfJD3dhns+yVXSruNS2NJIb9GJ9LWU759uH95jMGlAmFltbdAyd3a
+AZPqvAYmi8ZpCbS5z/Sg527s6XPHGFVjLWKuK9CN9GUyH0f9dJ2nuQTZESbELZRT
+2G9GOnaPKaNet9jlmu3ykU/av1UNoLOoJ//8hXRh3NaeI6c/3i+N2eTD26t4IpkF
++ez7xx9ULTjw3xAVBJDJK+iz0KdfZcVj65ahMEmhWZRBzn1qLhboVnK7cRzCNqWz
+XF+bIVRt04TaZ42laGLqPKv3cJK7KdRYxt9gRVNXnthIP0U8RODhAKlBeAALAgMB
+AAGjgdkwgdYwHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0O
+BBYEFI+sjau3vxyGncC/k0TJSTOkGg/HMA4GA1UdDwEB/wQEAwIE8DCBgwYDVR0g
+BHwwejB4BgpghkgBZQMCATABMGowaAYIKwYBBQUHAgIwXBpacTE6ICBUaGlzIGlz
+IHRoZSB1c2VyIG5vdGljZSBmcm9tIHF1YWxpZmllciAxLiAgVGhpcyBjZXJ0aWZp
+Y2F0ZSBpcyBmb3IgdGVzdCBwdXJwb3NlcyBvbmx5MA0GCSqGSIb3DQEBCwUAA4IB
+AQChryB49S/BVXmv59TlPzJpVgyW7PstcWfaKX7Qbf+Fg3ef50OA33+0qT3dQz+L
+jU0f8PMJWfrez15/izohc/YZPY2sSiJ5zxzvPGliVqDeHqnJTUc+nWT0yeghmBHZ
+NEoNVSVJvSZEesXLCmNQh9g3BVZ02jx3dRDfRFesaxtTIZt8pazRdmV70aXJlT5y
+f0AiFsHzrk818uk2bTipjZcMGExgV8umbnjbk0P3UQPnhRGmGGH/GNytL1xO0br9
+dtwq0BNDWMELT/Ba/LhebotG1YUCYdd430Z+BxKk7gkwhFADdkbil6yFDmgRsYSY
+wnOpVqmDrMivVvLaqUozgsX6
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D6 18 A4 68 95 87 7F 71 A3 B4 18 B7 4F EE 96 67 22 A1 C6 3A 
+    friendlyName: User Notice Qualifier Test15 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4B3BE0AF537F0D9C
+
+qJCpcjplG00+wJZIKUgQSCY4a4afYIbUB51eBwSfEPAOqD1DwB4Blhs8GI0YDPe3
+vgcUUqgMzOjzLNNzMp79X4dHJ2HAWMZ6n8e2nTkjMuRDyoky0OLtnJYQ+qIB66Pd
+UUUNQWz3SU174cjRBiiGy04/l6MDhiSsMAbEcf1qAJAF3/cyJmAefuUrBposYd5o
+1Os2ue3eU5K8bXjPGuo0ygwCM7M9tnK8tlk0ppH7hEuxdSq63yRhQ9zc/LZXtmpz
+zT+BV7QAce8et444v6HDAY5rxCL/guPNm6vqJwRwrQ2+9EbOzjciVEuiSWAIVZg5
+aLrFKjYU0863foC7ohaNDHKu2sBbDo7V7cFIsn/emr7bKs42eE5eS3ihWTjgcuCK
+Ew3jkbgWTFwW69+cb9VLzx5I1eaKBDU4sVwiCydOrF5pvTqC32CUwou5uF72WELv
+krm2b6dldjPn6TB3VfbXjwnKr0kdlnb1KxkK8n3DKuiHgkwSBBi/Tap0Stte5pHB
+c8ezNy4/WWT/lwzQQojWfVLi83m3DDz99uMG2JztxyJtN+PG4Dj+sqctCUf+dcDY
+EXicdcWIF2jvgb3+P4CIjJ8fQ3PammaSNhVTOOpmRb8Mz930E9ylrMxTL72RaY35
+/gkmVeEkTCb9T4+itQ2YJBs0TFlIAVmUkuJTkwunLF6h0N8N5CWVJV5yulmSghSB
+5NBsZKbxWBmx7qaH4ZT0tFBjelvV9isgbi0nuJjKNq6DDNV9ZemAKJC6K7J4m11x
+qUombB+njrrbfBmiXjOV/jnm3CRVcvd1gNFG706ywHm1SXvTUssmOB7t62ETKmNa
+i/4ti1O42ixjXsw8v/dydhFy2PeF3+STAD1+pkgb+2RBcHdSCOWmTMpEudScig70
+NVR6SMl52Knj5fuIvE/mJyCv+YMCJYOSMernEh5YW0YyUAUNz66u8n/I47GDR6gf
+pPu9ohQO16lbW+PIV96NUfChwgoAX5jf77AKAPYR0CQ5kWke4Z/tA/lLk3JLqYHy
+cx6LyMLGzeBgiB3Fh/PHdN582SrbwXxynBT9iBZvwyV2hN0Id6SlcRFEp7b133gA
+bz1J6Zd3zwaefUaI/8mNgFuzVNYy0zkpW1DzOs9ZxjFdijMQn8vpISzj10Z56uI7
+niBJDoWKXhg9aQIYtoyPy+qgSwYF5d1xwAHRnMV0wplGOqnIz55+uZH5FnNk5T9x
+DY5sN/GC9yPeAdTiFbZQ0xm2GGA9J/utE+H3iudyQjTDApTbvOr5eGJcDYAzbaFM
+7GzD0C5RAxXvBghi51i9zUCs/VflTGXt1aBa0Mm+8Z7/CH+WZyaW/fh0O09fPDOv
+x5VA8VX1Y9jCiCC/gBzxD1eJryuyQe2wXhIw+AMtH+Rrty4ttC/UG874PnS2PmkS
+rUhoSUDKloE83LQNCK5Oxp74l3eancMz2hMoWvaqU7K6fd6cs0EVUG8M8EGRc4LU
+VW9PGHRoY1xvvZodfrIU/UK1iJKx6/Ofb/bpaqn7gL4MMDpRdkmZ/I/+TPQJWhj6
+/OJHCka2VaeiiOnVclTFOJd0P94O0AjVb2nmIMYn0K8mjszI+mBPo4MKJX86fDxu
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16.pem
deleted file mode 100644
index df2bc3c515..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16.pem
+++ /dev/null
@@ -1,124 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test16
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIIDZjCCAs+gAwIBAgIBEzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK1VzZXIgTm90aWNlIFF1
-YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTYwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAKCz6DLhyX/EGx3xwNiwBuBXrfpuLfLcaPz4q3aq3BiiJS+f2vwk
-WI3BqpDluVEq7FW5zE6ATQc/K7hIiuRCHCD5ErXMnYb70mtz8xeVjU97316FzK/z
-eQYQMIIpb2JJ4JEU/ZyVNX5NW3W8tjAhuvEp+4brMLxyCM+xmA+S751zAgMBAAGj
-ggFUMIIBUDAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4E
-FgQUQFe42RtzGbaxdkQ6QallbyGIuDAwDgYDVR0PAQH/BAQDAgTwMIH9BgNVHSAE
-gfUwgfIweAYKYIZIAWUDAgEwATBqMGgGCCsGAQUFBwICMFwaWnExOiAgVGhpcyBp
-cyB0aGUgdXNlciBub3RpY2UgZnJvbSBxdWFsaWZpZXIgMS4gIFRoaXMgY2VydGlm
-aWNhdGUgaXMgZm9yIHRlc3QgcHVycG9zZXMgb25seTB2BgpghkgBZQMCATACMGgw
-ZgYIKwYBBQUHAgIwWhpYcTI6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9t
-IHF1YWxpZmllciAyLiAgVGhpcyB1c2VyIG5vdGljZSBzaG91bGQgbm90IGJlIGRp
-c3BsYXllZDANBgkqhkiG9w0BAQUFAAOBgQCrY2KIowGX/5zlQBKmdhF8WiCRnHfd
-VuzeXhc6C3G4YPpYBWQrnhxO88VH8QbvJefBpvRKIYsxu/tyihlkw2Vy5eztflUq
-Jkj5YbDicL/7U3VKfjfp3sW6ZBgqKKLQY2eDHtYup9wBzB/qzny9xfuVIlQQ+ihR
-vMKO1iVYGVLxPg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16EE.pem
new file mode 100644
index 0000000000..73a6a65652
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest16EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 56 DB 55 2B B8 5D 42 93 15 32 4E D9 4C 09 91 F5 56 A1 05 EE 
+    friendlyName: User Notice Qualifier Test16 EE
+subject=/C=US/O=Test Certificates 2011/CN=User Notice Qualifier EE Certificate Test16
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIEdTCCA12gAwIBAgIBEzANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGQxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTQwMgYDVQQDEytVc2Vy
+IE5vdGljZSBRdWFsaWZpZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDE2MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulbeEb7O7vcRacycC6/ainA+gXxpoasZ
+XBUoU+G+eo5d5yCnsyZ9FSguMM3v3bqc2THkHxZq3/9c9/MCwBEai70AQwS6Etvz
+GGIGk7MAw5c8gWi8smIHMMPY1Zqc6nQjFr1qxk/Bj/nWUKeqMhCWs6S69Q1IsmKN
+uwLYO7/DjcKwc9jgiUXVTcNCnkbzUIdjBM47jsyXrpMwP47D3dMYTA9bzBjKj/fN
+IFS3gLv4JqTu755LxVBjjjpg7Kt8EMXDSrNci5ZyViGdfitwd+F3MU0Q1Q/fnadi
+QpoASYBVHDx0scpwHSt/imQQz02Rfoo5cQ6SS2RVvXhZ6B4YfMm99wIDAQABo4IB
+VDCCAVAwHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2lEHIUUfWvOskwHQYDVR0OBBYE
+FAIO7iA6v+sW5S3aaqon7HTHzsOAMA4GA1UdDwEB/wQEAwIE8DCB/QYDVR0gBIH1
+MIHyMHgGCmCGSAFlAwIBMAEwajBoBggrBgEFBQcCAjBcGlpxMTogIFRoaXMgaXMg
+dGhlIHVzZXIgbm90aWNlIGZyb20gcXVhbGlmaWVyIDEuICBUaGlzIGNlcnRpZmlj
+YXRlIGlzIGZvciB0ZXN0IHB1cnBvc2VzIG9ubHkwdgYKYIZIAWUDAgEwAjBoMGYG
+CCsGAQUFBwICMFoaWHEyOiAgVGhpcyBpcyB0aGUgdXNlciBub3RpY2UgZnJvbSBx
+dWFsaWZpZXIgMi4gIFRoaXMgdXNlciBub3RpY2Ugc2hvdWxkIG5vdCBiZSBkaXNw
+bGF5ZWQwDQYJKoZIhvcNAQELBQADggEBAEgyglT7PF+xqOPfkWfZD+B87fSODdlO
+5HPCqZySlix3IrkJHL4/acMADY4mY4zP+W8dUawWs/6ud2ECVn2UJLQcpzo9n9yk
+XS96jwdihJG4cgOib7T2PUk0CiGU1kkPBHmUx8oCXqMKF3xSvK80fXZdByxg3o1Z
+2MG0xxqok7SNJ9YhFjMNl5KogfNEiY9tsTzM6zPTVqU0iSUSXCW7PQEPAuBhI+Le
+pWFaEPdjZBN7rRGzK8w8YDCBG5d/O/e91PTMO5NtjmliHkFu8XkGu/WBPHOx9qH+
+IyTErE6J6vUrWZ2ycgmrf8Apd62mBopcR48xY9X3acE7QcdtgEe5/Uk=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 56 DB 55 2B B8 5D 42 93 15 32 4E D9 4C 09 91 F5 56 A1 05 EE 
+    friendlyName: User Notice Qualifier Test16 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,52CC6EB1780167AC
+
+DfTgiDoKidNkLpLKZqI1RZv5ox0RsMlMzsbz6x9/7z4wFa11nTLHiUfgSSqT+t1d
+ZUOPtacc1tmR26Ix3BNxguSn/EOGldSaCzUcGRenWm0Negf7i5zPb74q7O4SsQgw
+8PzPAH9uB1wQgGNXXN1MoaZVs/8WU7a12D4NicAcXU5Bw+XR1AqDLz3/fzfGLzM8
+Csm8BXpq1A5JqM7HAfMUHb31+t4Sy026OzHvFVyn+r/sEbJ8pJ1bCbrvVvGorjUg
+Nm9+BcgmB9ani+EepglAS7HOSSZGzi5LSadxfBILVb4dEGkL2skzF6WEm7knZukQ
+Ti4zA8SkwYn/M+ltf06O5ZhL7PMdUA7hAr5YorBu+fbWlGXWyhJxNZcJq/jrkATV
+7pvKw6SfUa9IbIJQyZcbFcuzqPANONGBorpbZyW0u67stUkyTUXct+CEMxSxCRsH
+HAAVFGlK+RILNZ222gdblHappv30BVJstEEey9S+rL9He6tsWUKJ6So6iYeyYONR
+wbQkoBfOwxRm2Ga/7GpUo97dDix6ooFpxVuYatOn0PwJo/N5v/g1Q+dmaFY/BizB
+Couc1V6Dq8GiUwldUhcGEcuzVsTOlYmXqxY5WWFxexsydzyz53WIExsUz7wk+nY/
+jdBhNX3pbZxxxYjJ5HBLK/3lfEWRaK6MXpok+dagIBZJt6y9GnyfIhgzHA75VRi2
+TMI6O5nVyOHLOj32T4nJwe8wdBSW2RmpsZZR8BaUIbHFH75X092XpeQSnnr0QtsJ
+k++uGSSi2LteDB8qwBbAmjgbvWB9DaYD3jRrIEVMt7cDLlk34LEc1q9LX7Uvh8ip
+dNsmzZ7DtrVfToUAFn5HcIj6C2JLGbQ1NFMx0p/ElSfHYX1fXw/KCNzDGhPbBKr2
+/HM5EUeCR0mB9quHbUXiazZpaNys6rIDgNGI/ZY/XWCX0K3g3rvuzAMYbLBSaOIh
+kR0xqzUPOkoYWAeKI7flSJykq8CDh8ULSX4DhiKTZrHpOqFYNVoss5FbgyksmFxz
+1TpgQwzP0lvtu3Iz3xRNvcDAMJeczrRG47a7DcuPq3tMqV1x0XhS6KTyjNtoLCri
+w0m8delonjCInjKees3cIjOb/uiBxjuIzl+R+eFfeion1c0wtyyzu3+/JVV35JTv
+u7abnsrdQr474QcdDau1ghFdJGQK+dMC73a/CBC2Hxj/odTbMZ7pNkx8Td+bSe54
+VBCW2vGug5lDZG1r0y6gG+1kVj9hMgbGBgRUaNPVUjvh7VDJ51JAM3U3HBTtd0Y3
+wtgYcbV6pjleZ/Ym4YNHGWEPZp9aEjUMcsq6rKXrESI3bffvx51v0XBLua2c7lqA
+ApUNpRR2tm80XJQfoT2YVunD3Ccn/AveY6wConBcZyqv1N1YxtP7122/3CcduQic
+LPdEJHbkuRE3Kb8UQAgDahK82juPno5L5ZqhmJXIXC83Jtq+5AE/2d2ZsRS12JWN
+Cv8GUsAJbvwi9eYzD2PGEsgzL4Kx5uc+fOEX/hb+7c4hqK36RzPeMsPnJy6qg8iR
+jykMhKeQTeybGkNvKzrDfaHTAJdb0L7CmWasLY0OxtQd+HP/yYjVaw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17.pem
deleted file mode 100644
index de751b01b9..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17.pem
+++ /dev/null
@@ -1,121 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test17
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIIC4zCCAkygAwIBAgIBFDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK1VzZXIgTm90aWNlIFF1
-YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTcwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBALG5QbkrUYEf/BsUOmiq+gmSjIMtxbiVJ8G4i1XsVOAFNuJhfPyL
-nhsnhig2d+tp2aJHFnDfMbvmjdmCtwPwqrcuxVO5PhjkLyfFo9Pt7zNCF5xtCkLK
-P7LCEtvtBt5jXh7REsOPlQzQkxng4SxG6VdndW1ZiNAJIDAsONONmetRAgMBAAGj
-gdIwgc8wHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYE
-FM7tf43yWQflUjDL35BzbeLwWXDAMA4GA1UdDwEB/wQEAwIE8DB9BgNVHSAEdjB0
-MHIGBFUdIAAwajBoBggrBgEFBQcCAjBcGlpxMzogIFRoaXMgaXMgdGhlIHVzZXIg
-bm90aWNlIGZyb20gcXVhbGlmaWVyIDMuICBUaGlzIGNlcnRpZmljYXRlIGlzIGZv
-ciB0ZXN0IHB1cnBvc2VzIG9ubHkwDQYJKoZIhvcNAQEFBQADgYEAPium8qIa/cDO
-l7vNWoULaBGP7Z9XxxEyexzl2Y83xGab/xw+KGtbV+6+GiGhCw4qpn7XLidQQ6Xn
-t7D2vKo+KoLg3BAdbt/azb3wf5tYakf//0bv4xQZ7ANzWxxH0gP5VdHaRIcfKXXR
-3kHnu/lecCM8V+F9V8pEU8K3zREtp/8=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17EE.pem
new file mode 100644
index 0000000000..922eb98ee6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest17EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 61 F7 C9 40 D2 DD ED DC 92 F4 8B CE 0C 2E D8 41 4E D3 D8 12 
+    friendlyName: User Notice Qualifier Test17 EE
+subject=/C=US/O=Test Certificates 2011/CN=User Notice Qualifier EE Certificate Test17
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIID8jCCAtqgAwIBAgIBFDANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGQxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTQwMgYDVQQDEytVc2Vy
+IE5vdGljZSBRdWFsaWZpZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDE3MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgx/GESPgx+f2iTkGzayiIzcQFdPHoke
+X5w5e985q9OYBAGQR8L3z1N5pzoNK7KdyuLfTH/5ymU9F/TAfMjzVejFuojT0kkM
+YKn0WhTpc7lL43DesIDLfpmVxNseL/AfP52wP5KWfzLPeS12xOwVkkYYk+rXBCsy
+4Wajt7CR/OgYVVZqr+l4eoMZXC8QkbRzpqYMRsPDLDDjWM8TrdJWOcm3fS33pgTA
+IYaihsgfIPRAMV6xbTi970Z5nqjWQuQ1KzdvUe9FUfGNeUDybmOJSIVzQjbNpTQs
+rWQYzW9BcSlCjiGCDi01O8tur062uk7V6vtxQU+LDl2vW+etQZx07QIDAQABo4HS
+MIHPMB8GA1UdIwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1rzrJMB0GA1UdDgQWBBT+
+LIExXNIznYNgktX0s3YpDGcmLTAOBgNVHQ8BAf8EBAMCBPAwfQYDVR0gBHYwdDBy
+BgRVHSAAMGowaAYIKwYBBQUHAgIwXBpacTM6ICBUaGlzIGlzIHRoZSB1c2VyIG5v
+dGljZSBmcm9tIHF1YWxpZmllciAzLiAgVGhpcyBjZXJ0aWZpY2F0ZSBpcyBmb3Ig
+dGVzdCBwdXJwb3NlcyBvbmx5MA0GCSqGSIb3DQEBCwUAA4IBAQBfBRO7j1sk6/+/
+03HPnqa/E694vMdtGy/K/d8K3mdRuPTcxNcT2gW9VnVyQ8rKwrtZn0oWjehifnvz
+5DJCIrE8Qf03kY1rbCkcDsQ981Lbg4t11pzBqGARFVrAfzzeiKY1Q9EA7QPbpYvB
+RANQsSXkCSjE3BPvHdz/1ZZeP+kvzNSb+vrXOs0MXA5eAmz6Or9bOak+XOUDZS8l
+CrmEI6GRG8Coe8zy4YAbPy7uO7Zdvd+uQSEGDlwCDCtqQP0H2uWmNCstdAZHoJbi
+RevpMviFe7MFOtYgpJhEwgmK3wNLDcaPgznv5qCuH378n6gXL5Kv0ehBd9LcWPv4
+jZua3QQF
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 61 F7 C9 40 D2 DD ED DC 92 F4 8B CE 0C 2E D8 41 4E D3 D8 12 
+    friendlyName: User Notice Qualifier Test17 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0A67EF457602F9DB
+
+YagNBodo9QwnNc4gfwb3EiAHA7kg0zFRJCM2wV4Xy4HGMW4BknPDqBaFCui/iSm0
+4W7Y+LXHRLIzwUWy7xZdu1LfEIG3AHnz1Ben7VBNDLSJtbslPR6N0XC1T2Jh/InA
+WAvmGCmFny4DUGWcILjYJ5lUEistzxoBOF3v1+/5FEN9WpgBRmdvwLLl3cjkxZIk
+fTUYFZdE9vvxdAKs+ErnlRC9xM5xoNw9IN+swqsaGLq+05iUuQFIWSGptmzKbIy9
+RdhShNpCkgfB1hoBsv7mm0ivnjmLP3hx3QoVkP6KaYHtk0R5O9HnV6sgtUmm2evV
+qzPUvTFHu1+Awaf2m/ZAtOxQnlG0jm+SARSywwllRpeZaCHTWlYMMytIgN1qAcrH
+N9XesNJLohjjcF8jJT9Y1TSMR/yBB5CaM24nGdZdod00+Jhmb3M1KRJ52+bopMqx
+CzMu8+yiIk9Jc0gIekOdVhZUaD1mgEovibqlcWIahBfGC2LCU8AC1oczEEB0+dD1
+G3IYIiQtyShDvwhbqSdArmSQ6W4XJLxTVuHut1e0bzbtkRy6IF9eHBv0bfOYoX4r
+OMQH1l5B+Q8XYbDUi1ZXUYqKHEdrowsB3GpyKpideq2LtYx3hJ2+U2DAfaY2BGGg
+2bInIS39NdPqI4d1rCgC85iRg6N2bAqgW0Ack4yjc8orDj0KXZ5ZAjaomWPTRvdp
+Qt34gumzSeoE9shupaYfY2Y9Qwgh2os56ucjkhqanjSAGtkym8jftNsCjouAXVSx
+5kM7xAADzLtti1IMXuh/QZKtkzMjGRg6QxD+kqDQNArEZAr3Lpx4owOqWFjcfuBG
+p49iKbe5kTWITCAjytUOLXjkCsUjEYg+qfBJBAF6kqNZddL5trp3Rp5PF2IGU58n
+YIjE6JUOlWbsM/n0NML8q0s6x2HFn70bq+XHkSZq9UxQxW1Jy/VX2hqoEBXenZgm
+HDXM/gu928PSw3enWdRfpP/V0vIYnrSsO82rFhQd+sob62+ZXUSsQ1IPYThQCKXP
+200mOAw3vgIRYElLB8QxdQX9zZTaUvck+onF/vsUhUjnpfwNHEZsBFTnFRXaxT1g
+pGw4aItY18x7z+m2uRrFdnWZx4JIcYVhO+bWa7GT5eFEwycgmHX6e0UNIB/UG1zq
+biKcKw5g79ONR3iouXvQBRR+GIdGuYQ932TX1leYu335rER+lZuuwKJM/ZFI2kjY
+bpCIWbS6cIPiowH+yp/VqYX2q5lG7vIRVYa4P3t0kE+ylxEjKbzI1EJLJuwdiMuy
+2GEv1RsubsD0uEmJ4nyOw70AGTrLSIyyZyp6if3ivIntUy0V+rSozgWsfe3P2hit
+l3ZR/qzemIiQLLRs8Hm688CC9C4n+MAv6C68/cy5GZjNAVVTJpjh6BoP/GjC227s
+RcPwKbH4qc4xgCZG5gfIC9hRNj+ZInYjzKOUZNjBqWqlAdGpNrb8DlJ+FVJv1P4A
+Crvp5JaVOelF5Vm5zhKae2/CQSgojrS7HAIAf+ERbfZu4v8EnGxNjQJTJ3G9nnbG
+Z6R5twYPiCFR8ec8qbVO4X4xRObYcX9nL7ORNWaS/dguJLShLlaHvw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18.pem
deleted file mode 100644
index 177e92ffad..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18.pem
+++ /dev/null
@@ -1,115 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Policies P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBJTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPUG9saWNpZXMg
-UDEyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5unCMuN8PuVFWbqxO
-/wnIQsciPiEo1GoKWjM6+kb9l3h6wWyWYwmst2c158qcJLY9PxaUMhqQd/SY0Tt9
-WlHXVcE8rMoWSGmFxfK33UpeCtqwz9ugPSWwZkqx2lI/0ozQXgjYb0J9/EoKw1O0
-CxxrdQdPQkyLD4Uxe87/MlpzsQIDAQABo4GZMIGWMB8GA1UdIwQYMBaAFPts1C2B
-nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQA42XpgdSGuccd5/MzOQZeTBGl+TAO
-BgNVHQ8BAf8EBAMCAQYwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFl
-AwIBMAIwDwYDVR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GCSqGSIb3DQEB
-BQUAA4GBABX9GMyAC90FH8BvpnNh6SDn2MIT7iINc4/9u64d1dxEhqogqcR58khK
-btHyx8YrgbCcqUNS4Xs7ckW5k2VNAd9dG0Chc0uk6rwkv+sD1/zJi8LIGd/3cFjk
-biIVYqPxb7WpKqo97V+43tMFsTqJNBSh+6W14vlP55+Ep5IlxcOm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test18
-issuer=/C=US/O=Test Certificates/CN=Policies P12 CA
------BEGIN CERTIFICATE-----
-MIIDxTCCAy6gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAx
-MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF8xCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE0MDIGA1UEAxMrVXNlciBO
-b3RpY2UgUXVhbGlmaWVyIEVFIENlcnRpZmljYXRlIFRlc3QxODCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAxkN3itGxxUqfb6j8AgRX2jxaI/oIBzr2RuZsAfon
-x/XVoUmmiSxWDooZhr/PlfubyixNG5VJX2K/ukJ6gfIGMXCAqunKm8/9bXgzZB3T
-i2oIgAy6WnRwKE0cgbedH6fY003jwsQNDt/HilRB+atbEJ/engTxLOIpwBcsN1qj
-rg0CAwEAAaOCAaswggGnMB8GA1UdIwQYMBaAFADjZemB1Ia5xx3n8zM5Bl5MEaX5
-MB0GA1UdDgQWBBT8A5L4pL/8ywpme6U8lushm7qgwzAOBgNVHQ8BAf8EBAMCBPAw
-ggFTBgNVHSAEggFKMIIBRjCBnQYKYIZIAWUDAgEwATCBjjCBiwYIKwYBBQUHAgIw
-fxp9cTQ6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9tIHF1YWxpZmllciA0
-IGFzc29jaWF0ZWQgd2l0aCBOSVNULXRlc3QtcG9saWN5LTEuICBUaGlzIGNlcnRp
-ZmljYXRlIGlzIGZvciB0ZXN0IHB1cnBvc2VzIG9ubHkwgaMGBFUdIAAwgZowgZcG
-CCsGAQUFBwICMIGKGoGHcTU6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9t
-IHF1YWxpZmllciA1IGFzc29jaWF0ZWQgd2l0aCBhbnlQb2xpY3kuICBUaGlzIHVz
-ZXIgbm90aWNlIHNob3VsZCBiZSBhc3NvY2lhdGVkIHdpdGggTklTVC10ZXN0LXBv
-bGljeS0yMA0GCSqGSIb3DQEBBQUAA4GBAGFe+mIs7y5351adHxETDUI8/Oki9cBU
-9ShrYKlpGJn8K0ST8XCe3FhVI/EMMxPJ7a7cYnl/7VQjyrFH9ulMmB3zoFiwbijM
-hfv2DyMPMTMB1pN57MpoBl7NEV0ze1I/u0CKcemqthj2jynTljGeLyJOCAd2Oat/
-J0ohqgkjwhfW
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Policies P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:00:E3:65:E9:81:D4:86:B9:C7:1D:E7:F3:33:39:06:5E:4C:11:A5:F9
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a2:21:e6:6b:0b:99:66:79:2d:86:a7:9b:cd:37:9b:4d:73:1f:
-        df:91:63:c4:de:55:15:53:b0:32:ac:c8:3c:bd:96:aa:ae:c9:
-        4f:b2:7c:9d:40:d7:f4:5d:99:8e:fa:2b:44:2d:75:ef:01:38:
-        86:c8:59:ae:e4:62:e4:83:b4:73:03:34:d1:7f:52:bc:3d:bb:
-        77:7e:7c:c9:41:09:4c:08:4f:a9:7f:d9:d9:0f:bc:46:9d:05:
-        70:2f:66:0b:d4:0d:80:ec:11:83:4e:1b:90:95:ad:86:02:77:
-        e8:19:aa:a6:48:29:a3:9f:36:c3:ec:9a:f5:a4:9a:0b:f5:11:
-        1d:72
------BEGIN X509 CRL-----
-MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD1BvbGljaWVzIFAxMiBDQRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUAONl
-6YHUhrnHHefzMzkGXkwRpfkwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-oiHmawuZZnkthqebzTebTXMf35FjxN5VFVOwMqzIPL2Wqq7JT7J8nUDX9F2Zjvor
-RC117wE4hshZruRi5IO0cwM00X9SvD27d358yUEJTAhPqX/Z2Q+8Rp0FcC9mC9QN
-gOwRg04bkJWthgJ36Bmqpkgpo582w+ya9aSaC/URHXI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18EE.pem
new file mode 100644
index 0000000000..830f8256e8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest18EE.pem
@@ -0,0 +1,67 @@
+Bag Attributes
+    localKeyID: 0A 9B 11 2B C6 B2 2D D5 47 CD 92 4C F1 22 3B 00 9F 2B 67 E2 
+    friendlyName: User Notice Qualifier Test18 EE
+subject=/C=US/O=Test Certificates 2011/CN=User Notice Qualifier EE Certificate Test18
+issuer=/C=US/O=Test Certificates 2011/CN=Policies P12 CA
+-----BEGIN CERTIFICATE-----
+MIIE1DCCA7ygAwIBAgIBAzANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPUG9saWNp
+ZXMgUDEyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowZDELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExNDAyBgNV
+BAMTK1VzZXIgTm90aWNlIFF1YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTgw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC88AhCshO70EgmfJ0LoJAP
+aEyUfJHUOk0+uSHgQxC+TXR4NZUZYKNeGwc97Cn80E3uoygIUKpOIoZLOmA4Xw5E
+ZA9fZNmmT7cIzAjDXUJv6Oy03LcQ+2KNFRUIQ5d5y2e/InkkZjJNVqVxcpt8DdJg
+VknMuYUk5kqD/uf+L8t4C57iEj0KlBQMgsXGa4vNVpc4dI9irDlTQVCPZofSchFk
+5Ek41YVy+wDxDHW59/Opqr7VfXJOmFN0BxZ6NTW3VmXS4wWMV7ZTdi/YMVJVb/b5
+0uCCk/JXtFGHlVz454T++Decj9xf6bFyCzNGJXzf0WMtSyuXVqT1jWsCo/hGzo8L
+AgMBAAGjggGrMIIBpzAfBgNVHSMEGDAWgBTYXzXimsE3KibOg8xzDnAVKjriMTAd
+BgNVHQ4EFgQU4DsI8hwak6jmjAEqCXZrCm8FaHEwDgYDVR0PAQH/BAQDAgTwMIIB
+UwYDVR0gBIIBSjCCAUYwgZ0GCmCGSAFlAwIBMAEwgY4wgYsGCCsGAQUFBwICMH8a
+fXE0OiAgVGhpcyBpcyB0aGUgdXNlciBub3RpY2UgZnJvbSBxdWFsaWZpZXIgNCBh
+c3NvY2lhdGVkIHdpdGggTklTVC10ZXN0LXBvbGljeS0xLiAgVGhpcyBjZXJ0aWZp
+Y2F0ZSBpcyBmb3IgdGVzdCBwdXJwb3NlcyBvbmx5MIGjBgRVHSAAMIGaMIGXBggr
+BgEFBQcCAjCBihqBh3E1OiAgVGhpcyBpcyB0aGUgdXNlciBub3RpY2UgZnJvbSBx
+dWFsaWZpZXIgNSBhc3NvY2lhdGVkIHdpdGggYW55UG9saWN5LiAgVGhpcyB1c2Vy
+IG5vdGljZSBzaG91bGQgYmUgYXNzb2NpYXRlZCB3aXRoIE5JU1QtdGVzdC1wb2xp
+Y3ktMjANBgkqhkiG9w0BAQsFAAOCAQEAfxyDNghdSbzgxj/mObFvvEknTx5cjRIo
+L+CbP8ccGGrcfwJcbNEcZwlkzOSomEjsoROw4XPq6deZDC+x9McnYKYHwt78coSv
+urgue6YqvDga1785BozPcJqN9iTK8babcOeWno7ZPRbUEqNFfpesSfUtRjBoFh4G
++YrgneWORnvSZFS3Cz4X0h3yei0ZMNdPK/Zkt35QymLrPxr9rAIzOewaXOH32+x7
+bPgue6FhSz4na9iJQozynEsP1HSKRQdvm2E12ZYrE59hG7p2bqV/pUQSR8hZNnJZ
+IUC2I3sFck92TKZsdnYQHv3NuCl758S7O3cXnF436gqP31KGAzgcVA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0A 9B 11 2B C6 B2 2D D5 47 CD 92 4C F1 22 3B 00 9F 2B 67 E2 
+    friendlyName: User Notice Qualifier Test18 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B169BC8A27090A09
+
+znObGOy88Wfiu93UwhsYd3AH+KGrQzgcBvYNPNOzfdEN9SppYTeU6xuQCAJBe1Y+
+7428CPV/WM0Uf9X/ryEypZ20LA9dabDi19DZzGX4CHqIJBO4EHLepdA/yLkIHXo1
+1n80VaCTiFjSUxorJiMWBLVN+vNhZkuj2bZTpigTHlsrxrvbsGpHJwPuXNJwFXGg
+YKUZ8zgSAUwduMTv9RP2q85zGz0G7jbINmxBP+tImdi1m/I6+du3N3D8OD9gm2ZM
+Wc7GuRYpIweH+grva5lTHqJ6ndwxWvr6L5PoqdyU2MPBMKmtdiEVZKx/jysglBmO
+hSXm4ZQPzQ9gzxzxJImAYAv69wR17Lyd+wvBUdiuq0JB1GNJVo11HxKDzrq5shmE
+BAAFf+cgTU4pK1jlyKPWQ5uphKDjHXZPGarIXoN+zpZl2UAHWH6EUis+Zex/boAA
+8/orX9GYbMzvL7rGv1qWDeh95iBEY9JmoHmBiIbr3f+pmA/Wmk1x647/ylSMAjGM
+GCy4ynca0+o6TKvKrhXe3iZXB19ngSTJLW4+1m7J2kliyl3D9Emqv66vlOyBgBya
+ZXtfM0qQeROjdqrvjLMcnQqScgEQc32D1yWgEAown8z1xstqrR8mvLAK0VNowKZB
++9VhTXfzdamNC+F82YuinJzV2rDM47gZYHdWMEo3v5wahuQMQe7gRCkiDhYA0Y6e
+NH2S0ZdArCCeSav2pBaECBg06ML6JJ9U1z6gZmFYsX1tCirzxelPHefHhMegYRpe
+36JbnYsICtfc0a3fDdfJfI8V1jNHpxM70Je2mIlpT04i+b7pEJZWM8CsbQ1Iqkro
+k05o4WqehI6hGako97XdlZwXLnGDHNqY8fD+LPtK2EznHzPwaV9gIxdFhzSrp3cH
+wdXfGb7wyZTfcg9hr57zN08GrkEpj7b4sOife/bq9y4Vpqpow9TOKaEOv33p54xx
+xfZDK84k+F0cInPwpoGGGUc3JYqnqCXsIsi4UWgG+cyGwFlyv0TOhFQJzFu+haSh
+d/xhhAn9uDbL2Y1QoX+ep43BUi6nGbPYytMxPpFvK/zeZnMVuDYFH+uaGa2yhlj+
+LsWLYFi8FLBElHaNxFKBV9KespbFj0c/rHlYb4W1Ai3yya9NdaEZC3dpNunVNBrD
+e1weVMs5rb8Evff50PjFIpIK4Uv1h9EtzA//APUtT99AKexVF+bDrIIUKjZd3ubF
+8mnOrxI4m9Sl+o6HQI94igfG1f2Y/TBhSrnIWNQ/IgLHm9dCT/QRNv2rkAQSrDbN
+JkJx7Rz22VYZMHqnwhoq7U6MdofOHUlPsaLm3yc7Kmq0Xpd7ntyjDJheo67QLeh9
+YkPwoFar/LQ8934StLWj5/ZseauC9xdNdjfALJiNm5CTZ5n9x65oB4SsT+UkQczR
+pQEiVTJITBCUBrcoBQEwyrx80LdmjO0lyYtm/kLo3+82FHNkjWKGGBK60npBcjmT
+70qB7qmiWITmxZqSUwdp27hF5g+izXOGZwB90dopk588owoz13T4FjxRbSeWKAvE
+JA9rATNY32V9uY8wsAxxzKF7AfKKN3B4akAgSvYlnFsOlW0kU3j2rw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19.pem
deleted file mode 100644
index cdfe8367ae..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19.pem
+++ /dev/null
@@ -1,64 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=User Notice Qualifier EE Certificate Test19
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIID3DCCA0WgAwIBAgIBKTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE0MDIGA1UEAxMrVXNlciBOb3Rp
-Y2UgUXVhbGlmaWVyIEVFIENlcnRpZmljYXRlIFRlc3QxOTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAmkrJdJV6KkYpFv+9djQ5ybyWHKyjUB8Km9OL5bgATpab
-SN8gXK6Jd/EmkSQLM58dolce8oaizez9cBhO/myxYLK4WQGi/eR1zCWhOYz75f/o
-+MUwF1WFbuHvk7JcW6/0e7tI3sxdgtz2k8JDvyDZ6CH3Hb678ZfrlMMuCODEw1sC
-AwEAAaOCAcUwggHBMB8GA1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0G
-A1UdDgQWBBR2o4bo1PW8nDTv5jAQJQYPDPfgtTAOBgNVHQ8BAf8EBAMCBPAwggFt
-BgNVHSAEggFkMIIBYDCCAVwGCmCGSAFlAwIBMAEwggFMMIIBSAYIKwYBBQUHAgIw
-ggE6GoIBNnE2OiAgU2VjdGlvbiA0LjIuMS41IG9mIFJGQyAzMjgwIHN0YXRlcyB0
-aGUgbWF4aW11bSBzaXplIG9mIGV4cGxpY2l0VGV4dCBpcyAyMDAgY2hhcmFjdGVy
-cywgYnV0IHdhcm5zIHRoYXQgc29tZSBub24tY29uZm9ybWluZyBDQXMgZXhjZWVk
-IHRoaXMgbGltaXQuICBUaHVzIFJGQyAzMjgwIHN0YXRlcyB0aGF0IGNlcnRpZmlj
-YXRlIHVzZXJzIFNIT1VMRCBncmFjZWZ1bGx5IGhhbmRsZSBleHBsaWNpdFRleHQg
-d2l0aCBtb3JlIHRoYW4gMjAwIGNoYXJhY3RlcnMuICBUaGlzIGV4cGxpY2l0VGV4
-dCBpcyBvdmVyIDIwMCBjaGFyYWN0ZXJzIGxvbmcwDQYJKoZIhvcNAQEFBQADgYEA
-J8J9A+SBJzSCvCFxcnWEMXbjUkKjp4BAEhkrRH5llfYFIwM5+QAqZTFKTvP5mhTj
-eeMD/sF7Ej90V/1wRzadHnmhXe3WRwe09BUVM4Aa4b+/th9PihRNvI7x10+mAuMD
-39/vWkwe5e0DTYQwe0t+8fHohmDgmJ6JkOiccJl0auE=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19EE.pem
new file mode 100644
index 0000000000..b501dcb4b8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/UserNoticeQualifierTest19EE.pem
@@ -0,0 +1,68 @@
+Bag Attributes
+    localKeyID: 39 AE 3C 3A 63 6D BC 12 05 93 3D 33 81 F4 02 28 5A 6E CE A9 
+    friendlyName: User Notice Qualifier Test19 EE
+subject=/C=US/O=Test Certificates 2011/CN=User Notice Qualifier EE Certificate Test19
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIE6zCCA9OgAwIBAgIBKTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowZDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExNDAyBgNVBAMT
+K1VzZXIgTm90aWNlIFF1YWxpZmllciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTkwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3E/MPmQrWuB1FwiUdy39Yth3/
+GCiDQBK1HGlJRkREfH5qLLXoXoXkdTfKoKMz7jetlTwfqh61oQcAGrUxJ+1uXFFo
+Z7rx39ZJy5WHoqh+/0KVFwVHzZlDjx6hRdDAV2wSH3CQA66JeGm6C/Q6seIPhXcs
+5NiM/7x1f+gaA6OKQbFyPhErhvwt6T3MiJgdnATXneT285aE9ERxGxq6pMqLTwCH
+7vnlDNq+86cr7qXwRxqgnrSyKZnd02g2aVRbQQbDe8GYJvn7FeJUruq33nGjYoUu
+cq8taqkWaVEvlAc6rNHjXP9bFUC37Dt/q05ODc7g0vHQvkgVKkcLvIor8GFJAgMB
+AAGjggHFMIIBwTAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNV
+HQ4EFgQUDU0KkzuR4M/gJ9ceN1sBfgKd6ZswDgYDVR0PAQH/BAQDAgTwMIIBbQYD
+VR0gBIIBZDCCAWAwggFcBgpghkgBZQMCATABMIIBTDCCAUgGCCsGAQUFBwICMIIB
+OhqCATZxNjogIFNlY3Rpb24gNC4yLjEuNSBvZiBSRkMgMzI4MCBzdGF0ZXMgdGhl
+IG1heGltdW0gc2l6ZSBvZiBleHBsaWNpdFRleHQgaXMgMjAwIGNoYXJhY3RlcnMs
+IGJ1dCB3YXJucyB0aGF0IHNvbWUgbm9uLWNvbmZvcm1pbmcgQ0FzIGV4Y2VlZCB0
+aGlzIGxpbWl0LiAgVGh1cyBSRkMgMzI4MCBzdGF0ZXMgdGhhdCBjZXJ0aWZpY2F0
+ZSB1c2VycyBTSE9VTEQgZ3JhY2VmdWxseSBoYW5kbGUgZXhwbGljaXRUZXh0IHdp
+dGggbW9yZSB0aGFuIDIwMCBjaGFyYWN0ZXJzLiAgVGhpcyBleHBsaWNpdFRleHQg
+aXMgb3ZlciAyMDAgY2hhcmFjdGVycyBsb25nMA0GCSqGSIb3DQEBCwUAA4IBAQBr
+LA2+uQdk+39kZyVEG4nvYUgMB+UvSTIYiXq7j451qekOwMNV735tLSqtWCzrSGVY
+rZ1tGVgnTBTf5LqcDa+lPVLEGeV1hUx2DnchGWPz8WZLtJXK6jVkG4wZlTx/xRR5
+miliPtgwpdkYsUf9H9MVUmMpawPvf5s3ZNubE4dQxjwN5vN5xemuDrbcOyGYUkDs
++xLxGrkGvdikgVOUIRXP4u0Erh9uTXXwu/ZQK6ygsAYTSO6XmKIzTJUEjeBxzpaP
+C/nEmljPBlHb680hA2nneeW/2HN+hmPpm0S9uDvwcIMNQc0c3q18lDNrhALaJQ1Q
+8NBTUeL4fQnsCosYSygC
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 39 AE 3C 3A 63 6D BC 12 05 93 3D 33 81 F4 02 28 5A 6E CE A9 
+    friendlyName: User Notice Qualifier Test19 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,16DBFEB38621F5C9
+
+bVgYG5xc+ER90RYRsDzgsa6txA1tgWk9xDWRusQk+tXyX+N/YyM74LR8Ixi7QaOa
+6JDH0JT8Zk1/ce3DBF0nVyKO30DcZ4pR1xbMPDCGDzS8DRD6JvaT2Eqf/CcpWIU7
+auO5iDT9UG31l9BgzXY81dZIxoUok+keIa3iYaNIwQu6TlZHbig4tlrAg9mfOUSK
+ETWopUIl+uJ0XLc2IVU+AlwJstr8csTkJWsvCKbTo0wEDgogTujYBTo6jwb9giNv
+VziqTQVrzqKajetKvC6wgGsw8tlhYsC5m+O5mik6/dh5R9B/gyNYJhE4DUswY1Xz
+153YejisupKdLkXGGRXIgBlRQs3EhKWmjw+kZqZWcWEFmSl6tpO2IFXO0cCZO+Z6
+y82Vy9HKFewUvhPN47JW3Q4Bskk9AWKaY+A08lJgxSpp2DD6Uw1x734ln8MJHSeC
+0KoOpPjWXxPCtixmqujaYyjfC9IkG0WByXdLONkonnsnp7/L9kyNEOJKqQFms2h0
+St5CLRQfgJ3vQGFQbLbg6JhX6pTSWu5wTMMdyB27lW/n8vZrb8NZTDSQjSWGOWnL
+91dTxzF02aGy5qh03FfX0FMgR692Ne09COm2uE3kcDeC61qeSxgGvGtNWfAMmnt8
+MA+ysbtJr36RfWay0IVYRQ2y/obuFU3dDxEW2GgGztqaN4U1BKfB5E8cbfQXtZy9
+fhTKbP4swQwiy3tTZnUoy8mN5R1KXEvZGB85o4IBBn5oR9HLbLSs8XEeCUES0ea1
+Akb8mfyH3puOVKNY1Hq2CNFdLtdLQvtLuT22q//fbcc/h11TJ3FRBywchUf6eh/A
+hYaHbALcxDCCjiWD6wjfaS/7iwQckIplhOYI29yZoDAPuz5V/4Y2bgjAk2T5d7KL
+ldl4SDSuD/7Mbrt7ZnDECQtyy540fGQnTUZIz2xkvXzKOcs/xj3Gadfl7zaCmrp2
+hv6S2/Mh0rUFmJD3wWM9Karbe3otQvUFwaLQ0NU7IoSa2pOxiGb60lNO1TQo5IBB
+ArUfLXiNmNEhn3I0hO3gJ497KjlcERC1HYfRhCDT+x7GMu9QoH982c3Nt64beGZ2
+53tiiQGZ4Df7/RNKvVvEmzLXTjhajoOLuEcqUD5sH1bWdHBz6pCruA+B8p9+izc0
+fzn1wJNNWCm0hEQl+XCloQVLk9UEvIJFB1hGIjffrAln2BNWVYK/TjKaogns66OV
+QeRf4Hff/ir6cEVukN3Eey1fzQ3Zob+pfUuabnuCMeT+v7bjGpiPJSjGpWpbVwOL
+NOozlqKsIM2285BJ9CBnva63lOEpTmaiE1QU8gFbjbGfXIZyh1tZ18jVep1RD0zE
+aJT0l3Vj6bj/0a3zpeEXV78tlcykbFm8DoyBvXWbF+rpFIwxEAiDpYeflGYlxYl4
+iRNrhz/fEnUe1/B2P0+knQzNi6rBPbo2OOMA6+zj2hN0wB+c3zFpyAbc5xVRiD7k
+PZEOQ3WDHzowaS62Dsgj3hC/wvQbmZwFRL6VXIvKl1yEgdjFu/Q7Fh4w2ojgsZrF
+sZuTwYIUNh6aLCn4yIOQmet6tINdQk97DpmifjLHIz1Ji18aoTa3SckbgvZl4UUP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6.pem
deleted file mode 100644
index a97ce07ad0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6.pem
+++ /dev/null
@@ -1,175 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBFTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEtMCsGA1UEAxMkQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCfjlwgIWm+Taynv+38GP1Yf2hDPMT5pcsPYlRaeFeg7Tsr/GhTZQKB
-qfO7h8J6JjoKD1m1BTcrdiHbRBnn183kxyhljulJLu87gOUt6LlTGTBFeaUhNNxv
-wpzF5uQ7xQcChTE7GF4kxt/oyehJFi9TGtnjdjlSi3LXG/xfQn81GwIDAQABo3ww
-ejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUScn8
-twM8Z20KAJOp5NalHpIftREwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABV8
-zJCN9czUhadFLy10H1usL1xGEcB8SRR3Row0a+Zmj8T9Se71hTgW7LfXQj3bCDJV
-3AyAd+WA4N0y0+eSRWRGNAcMrOeqNp1/Ki6iGNYceZ41Goudsc34StO7symFfatg
-hTr8/7eU6NXu2o9cDREBOJujBK/Uy52E4rx/Faxk
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Basic Self-Issued CRL Signing Key EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
------BEGIN CERTIFICATE-----
-MIICqTCCAhKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt
-SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0
-MTkxNDU3MjBaMHAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj
-YXRlczFFMEMGA1UEAxM8VmFsaWQgQmFzaWMgU2VsZi1Jc3N1ZWQgQ1JMIFNpZ25p
-bmcgS2V5IEVFIENlcnRpZmljYXRlIFRlc3Q2MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQC99k/Db5BB/DrP9cxgHHm842L/I4al7GOXLq3eb2h8ego1QdJ9IsNb
-ExIULQIAAGVlTriZ118rlLqlVxj05ehWT5HaDh0ygcNDziiUc4NoLYqE7Vh+wK6V
-z29q5vKajywEjZ0mAsvkfQvi1aBL9DB28K87sCS7xIEAf3zu7znQGwIDAQABo2sw
-aTAfBgNVHSMEGDAWgBRJyfy3AzxnbQoAk6nk1qUekh+1ETAdBgNVHQ4EFgQUNe4s
-lmPDT3wyx9zkVIWEuwRUL10wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAtn7y8N9W/74qmny6jUyLJcq4P
-ni0IjpLLS1hl4RYbKPyeekw3t2Lbuk7jdg9LP2GTY68plnzvHyqcKa0IL+gWvk7j
-6g1SHNMi2utPONRFStefcOubKxjT4c/HZHcPjYVBrmnssH4wzOi8bd8MQ8ZfdQLO
-l3ADkB1F2GjjIofr1A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
------BEGIN CERTIFICATE-----
-MIIDGTCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYt
-SXNzdWVkIENSTCBTaWduaW5nIEtleSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0
-MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmlj
-YXRlczEtMCsGA1UEAxMkQmFzaWMgU2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5
-IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXGyrLR0BviK/81C9C/igI
-9zh+808dGICz2wS1Oh2CWCeYia4J/65Y7XBDRBW1TJbQLdrxt2289Lc/gc9+PW9j
-gwVpGRuYkFf+AwbMgLa1Ro5zqoIbD7WjTu7vgGdDvJmrSVLfSXavpeUBzp37Dsw6
-KzSHcBjPwGes7q3pjfhOMwIDAQABo4HyMIHvMB8GA1UdIwQYMBaAFEnJ/LcDPGdt
-CgCTqeTWpR6SH7URMB0GA1UdDgQWBBQPcsozQ6nEEVGrY9pEhw9hpPS+RzAOBgNV
-HQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGDBgNVHR8EfDB6
-MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm
-LUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJKoZIhvcNAQEFBQADgYEAjoyS
-h7zhrGkL40stundacKPqIEZ3HyWW0NQhD0wBhWslGAOvlCaf44kuTKggRY6r96sy
-4kWEjvfGu/r/dBgrFaCCGNv0ui5FfXu8WeZ4jvHg7wZbx5ATx5Jpumqbm0PcEYCr
-YnA6WBCstG0lohNV2ohM/wqRFmBB0WL1K+9IdfQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:0F:72:CA:33:43:A9:C4:11:51:AB:63:DA:44:87:0F:61:A4:F4:BE:47
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        5c:cd:8f:a3:3d:9e:64:f7:64:73:9c:2c:39:e2:e7:d7:0e:b8:
-        1c:3e:9b:1d:14:dc:98:c2:8e:5a:1f:e5:47:31:fd:7e:a7:d5:
-        9f:52:31:c8:10:f7:d0:a2:84:3f:77:c7:f1:ba:7e:24:62:ad:
-        05:ae:1c:7b:ff:f0:e2:ce:55:f5:27:d3:cc:24:7f:c8:1d:a6:
-        b8:ce:42:05:e1:06:ec:1f:87:4c:d5:69:8d:78:59:d2:33:94:
-        1c:3b:27:68:80:3d:6f:3d:a6:c7:9f:2b:39:9f:d7:c3:83:eb:
-        77:bd:cc:7f:96:b3:ad:24:68:99:d1:1a:bf:05:1c:8c:3e:2a:
-        02:f8
------BEGIN X509 CRL-----
-MIIBdTCB3wIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMTJEJhc2ljIFNlbGYtSXNzdWVk
-IENSTCBTaWduaW5nIEtleSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjAiMCACAQMXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0j
-BBgwFoAUD3LKM0OpxBFRq2PaRIcPYaT0vkcwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAXM2Poz2eZPdkc5wsOeLn1w64HD6bHRTcmMKOWh/lRzH9fqfVn1Ix
-yBD30KKEP3fH8bp+JGKtBa4ce//w4s5V9SfTzCR/yB2muM5CBeEG7B+HTNVpjXhZ
-0jOUHDsnaIA9bz2mx58rOZ/Xw4Prd73Mf5azrSRomdEavwUcjD4qAvg=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued CRL Signing Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:49:C9:FC:B7:03:3C:67:6D:0A:00:93:A9:E4:D6:A5:1E:92:1F:B5:11
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0x.v.t.r0p1.0...U....US1.0...U.
-..Test Certificates1E0C..U...<Self-Issued Cert DP for Basic Self-Issued CRL Signing Key CA
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2e:12:1f:54:36:68:73:b2:5c:f6:11:48:f1:d6:7a:bf:ce:1d:
-        d9:21:7a:96:29:44:bc:83:26:d8:8c:f5:11:36:9a:f1:23:78:
-        57:00:8b:13:c6:74:57:4d:3d:ba:ee:d4:ac:d4:40:b1:d0:80:
-        91:f1:06:81:91:ba:a4:f8:1e:c7:6b:d6:20:3c:92:26:23:94:
-        80:33:df:c7:3b:ac:fc:94:ea:e8:3d:d0:37:c1:d5:e9:ba:53:
-        83:9e:26:ed:da:fb:10:0a:6e:d8:cd:d7:20:42:2c:d6:7d:18:
-        32:6b:75:2a:3c:51:03:dd:4d:a1:80:e6:d8:95:6a:2c:b0:b6:
-        72:31
------BEGIN X509 CRL-----
-MIIB2zCCAUQCAQEwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMS0wKwYDVQQDEyRCYXNpYyBTZWxmLUlzc3Vl
-ZCBDUkwgU2lnbmluZyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFqggbcwgbQwHwYDVR0jBBgwFoAUScn8twM8Z20KAJOp5NalHpIftREwCgYDVR0U
-BAMCAQEwgYQGA1UdHAEB/wR6MHigdqB0pHIwcDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMUUwQwYDVQQDEzxTZWxmLUlzc3VlZCBDZXJ0
-IERQIGZvciBCYXNpYyBTZWxmLUlzc3VlZCBDUkwgU2lnbmluZyBLZXkgQ0EwDQYJ
-KoZIhvcNAQEFBQADgYEALhIfVDZoc7Jc9hFI8dZ6v84d2SF6lilEvIMm2Iz1ETaa
-8SN4VwCLE8Z0V009uu7UrNRAsdCAkfEGgZG6pPgex2vWIDySJiOUgDPfxzus/JTq
-6D3QN8HV6bpTg54m7dr7EApu2M3XIEIs1n0YMmt1KjxRA91NoYDm2JVqLLC2cjE=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6EE.pem
new file mode 100644
index 0000000000..7fe42dcdd0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedCRLSigningKeyTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 34 20 4D 89 51 7B 54 0C 6B 1A 52 FD 0D 72 D3 21 9F 58 87 FF 
+    friendlyName: Valid Basic Self-Issued CRL Signing Key Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Basic Self-Issued CRL Signing Key EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued CRL Signing Key CA
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEtMCsGA1UEAxMkQmFzaWMg
+U2VsZi1Jc3N1ZWQgQ1JMIFNpZ25pbmcgS2V5IENBMB4XDTEwMDEwMTA4MzAwMFoX
+DTMwMTIzMTA4MzAwMFowdTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2Vy
+dGlmaWNhdGVzIDIwMTExRTBDBgNVBAMTPFZhbGlkIEJhc2ljIFNlbGYtSXNzdWVk
+IENSTCBTaWduaW5nIEtleSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAND3qOzfoU+xaDx00z/q4nNVyzqNAr1QNbHd
+2Vr3Ny+UIQiQMN6wUgDa5fYlxpAYH3HyHYFGqsJZYqAEi+QOnW55ed5U6fgkuMIT
+n/cmHWrhrWxpkGeg9taQHF7JLv7rOQ7hJFwCpAGMIO8AcI4RT6uLFw4oJWlSFUNT
+U/Nuz3tll9cnN+Yka58LJz7MH8JpKiyKnu5k8rKb1BD31rds5RQtUfj/GGGz771W
+JFuJjDKN1UcL/EOAllJIfw4vmtjG3KwiR0xszG6xoQygEVKwr3eUE4GF7f2KKear
+EXZl2NutzBQqdY8sKD9K4P204/U165InI066R+fyI5qUg/JGQvECAwEAAaNrMGkw
+HwYDVR0jBBgwFoAUKZpFLjaVnezyXlScE9XZ9kSRLBMwHQYDVR0OBBYEFDK9sG1g
+aWR2H3k1G4/tOHKlv+89MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBACfVwWYG76TXRNenzqpOIJ2KRon5
+yMuzHhx7VEYiqjshbtUhBPf5P0WaidDatxO7aRV5F+UW36ZN40ToCkhigxFOaXR6
+lIATMJfqZ0yAP7FDwYzFJGmUO9m+FrZD/rge5aowjbWOuwnKTsjlu6IEz6j/v+cU
+4yO9xT8GgIs4HMagJ/e9qTAI9BhGpQqrkQUmuk8lEdzifR+f7jXLT7uPN1+GWL8n
+sY4eYTT1Saw4mhUFj21AOPwYtr4Bzb6IEEgJ3rU8y0vu0oTU4+e0i9+u0RbQAPWr
+zCY76nRguTsIVvPx/NhrJc8HvBij15cNTdYnWsQLSLGRkZkWV0fE4LtZpVU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 34 20 4D 89 51 7B 54 0C 6B 1A 52 FD 0D 72 D3 21 9F 58 87 FF 
+    friendlyName: Valid Basic Self-Issued CRL Signing Key Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0494381DE63BBE79
+
+IudZ0o8BDzB7EEI1+uMk1VOVrcBmrKfMlt3ce2aPGA0l02hF/YsuV3PEs/+8yWqL
+ZBPy+WHS7wc35VWrC1RssivAei/Ie7W4UM0SAKrZRrKUDkCURB90+jT2iZfa2XzP
+nMNeBMcg/27buoq3BJu/zyVU1wRmy8/+vpzu2tbOdND0d3qPGZ399gAGpF8Q8dbG
+3jUCINKvdDIpYeWkN4eKvCSRrcH+POqEpY80pWIBucRPUXk6X8UPgvrGrv6DGrQ7
+V8a2/mz2NTYmUSNJVAn3vVwg78v6YMHvD1tbMx2tb1kKcb4CSCQEvPY+jpBkg1Ab
+YQ3xt300Kg/JMRFRqOFBem7wH0p6E5veL2u4JuR/L3fJAQEwlXYC6VmKQ1HR7foz
+qpmBxmE8/BTzhE0kBjy3nh6VDMW5Q0I0RBu9tRPV5jpPvbTBpF7hle1CT1oiUf3N
+dylp1Oy0oq75nijtLbstgJRoGp8tw+lTR0P9T5zQPU/nR2aFT8nv4H9KgmJdehEc
+sCDvDWWXg5R2pK2hsjGGa6RNomM0KjH4CTnrZXA2qK8v0LO8eVhcY8wsmEhJBzPm
+H/ZtOGzh6uYuTD4yWa3Dl9ZjpQEIPbXhOP4V9aBrtEtpJ4IAdHTz8xawZF0pucy8
+C49a5XJ8bvTC4Sa5PqOqGOSHm+ylrxtqPnHgStDvr3eRo1dxNMUJ4vuCx6x2s7wc
+Bsrj9fwpdiqWKbwcLphJU+9WfkMBrZdSRvo+d697ilJqwvvvjgihlXucinB4gj13
+mvS90wUhIr19cUrJHE2aErLJbFvcnGNITrtDbml5dPZj3FZ4khxTf/d3wQK1l+BI
+h+pci12QVsOiDYncM85H+dz/wSWfpcW2zOka5n6QwKA1BGIF6b4uf6MtwHQp0UOC
+Ih2gCYh7hnCYA0QnF0F1gz4Ty17bRTBvhiHIcZpNKqWUAwbqs7HI1w4WsFMLlpA1
+4Zi4FC/vzUO/AbWq460FqPXAZnzcvxpnQsuCx+kjt7oD351xPbn7XjyjibS1qeDb
+Df0XpuDliV2omg1B1wZN0bf/BvgXpM212oAm65hEEGMIACf5AsJ6v9HSHBKa4zZx
+OGxsgkp2J6l1zdcnuPGdmZrNrR8Go4xAuoa06Z9PlwUak+hh+hWjx3RSBcXde7Tn
+IkiXmT5TnwgJo5GzvZzNnCS9RLmByjISTHvo0G+mcJ2wq5JvMhxrfKBnIFvNebRg
+zGSFtzswIO8NPNhpJd1tFm0fZH71cppWMmaEnAIGK2Vj75/niZqldbCqGkwHMumc
+nS2+eOCDMvNzm63Cata2X5RLozuNJCcuRtPyrbPQ+tBzcruV3AfEoradNGg0Nk3q
+kMbH8lQUpNUehpVBUTi2JgYeczmK7tGzrpar2IuektktzVONkqdy5EsoumaoaP0F
+uAysrVQcX68a+E5IwN0TLz1T/UNLewz6AH95iC09yvpiHiME47ZzVLaOFX+p+V3b
+grd2fvx038AnJXp0McsvRqAp3Ee+oXMIexxiuopm16Jx0N0lg+9tFL84XqESpaRH
+DG+RhhG0qIySIhRc524DIXO//ep4lubujus86NCcb5JaSrp6WCpdNAhCyHDcjohF
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3.pem
deleted file mode 100644
index 1e0db3236e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3.pem
+++ /dev/null
@@ -1,175 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBFDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgT2xkIEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-q8Gbt04t1VYDzow3lv3G+lNNQ/gCP0fz7/PBxNPzAwluA2Qzeix8gg74cXMpRe8u
-PosT3EZZ9iK1PyFmcNq+CjzCuvi8d+1gaGS36wkcQBB6g7HiKRQ8ERQ4cEE6CH21
-ntbFzVbn3d+NofzVo6e1AIdHDNPm7G0+F6f034Lo508CAwEAAaN8MHowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPqiarnu+k/Fcp11
-00t6bYzkXDkkMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBzQl++7X/MYd9h
-3E0XroNDuD8TflER0UTgWOwN5UO8BXz8j402hmhEPyw66u6R27V7U1/wf8wtCAli
-W7LnTcJKWFy9HKnpibiz50ike8zgsVmv1godVgDn/xvQPRAnWq+OX9Abc+6OTqiw
-aDNRQp2WD1ph+daLu1XQgeAoD4Gajw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Basic Self-Issued New With Old EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
------BEGIN CERTIFICATE-----
-MIICnjCCAgegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBtMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxQjBA
-BgNVBAMTOVZhbGlkIEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBXaXRoIE9sZCBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAln5v
-UhL9o7sN5MyQTZEB3Fhj6lKfzTNHMBCsngHpQqTP8zlmPvaEGpR53N+RNthxaW8K
-XmN4WVFvyXl8eaVl8+U5cewY1K/m/6OqDIZ6kvjXugMkKLbjL7ptsAGx5VoyHs/F
-xy4n0cEOmAXTZ7dbzFqM4xfqJRLqi2CgQUHnb1kCAwEAAaNrMGkwHwYDVR0jBBgw
-FoAUG7qMIYdzBwWY+uu52W9BpEXVhuowHQYDVR0OBBYEFKVAiq/jp5QN4XgK0S+E
-OKaV0NBCMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DQYJKoZIhvcNAQEFBQADgYEAIgeBhcCa3jeEq1F6/+iNWMXRVgzyV3vsDielCRFy
-wKdpYGocHPJG59OSZEHCUsdDRF2n3hhGkEILL4huEgX+oiiOhyGM/Xrr+ACuEIaS
-qfs4gBQ/HrYydCxNN4OHOuLoFDmotodh/lvY9igeeaRZ1AFI7AicI0D4CAqXyLcU
-9WI=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
------BEGIN CERTIFICATE-----
-MIIDETCCAnqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj
-BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBLZXkgQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBALQ4a61C9wpu5W0cACccONm+QLNESmbHtLwy498fByU6
-h5UnHkutUfy7DbIv3rELFXUd2yM5xQI/QuQZ20EjXOZiCSJEcvzfoAyFLrAPf1pN
-xQybX5HhLnJK+oGlwmD4ZatL7oDqV5IhlIS0So7g+SBOCh5lkKdzbH3l6D7nQXSD
-AgMBAAGjgfowgfcwHwYDVR0jBBgwFoAU+qJque76T8VynXXTS3ptjORcOSQwHQYD
-VR0OBBYEFBu6jCGHcwcFmPrrudlvQaRF1YbqMA4GA1UdDwEB/wQEAwIBBjAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDBy
-MHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm
-LUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAHDVnYLXKN//Mu1w
-BZS8DbfQ8p/DlXZ0n9EmdXRzoHXReDWeOaoiHU1H1HNJcLMe4YgEjsttTEBGfsZo
-OvyNNUZ7C/oQymaDykP9W/m1TX3ZVLmx96zj36gCkVPczoG78kQ5zVjoLl5G5BJQ
-4YX3NumsNd2WpHY34K21Cd/KJ5KJ
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:1B:BA:8C:21:87:73:07:05:98:FA:EB:B9:D9:6F:41:A4:45:D5:86:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        62:de:93:8c:36:dd:b2:71:56:bb:4e:e4:32:37:51:de:6e:19:
-        01:dd:3e:25:8c:d4:81:7e:fc:66:54:74:0d:32:30:d2:11:49:
-        dc:ad:6a:b4:fc:8f:ec:e6:56:fe:e6:ec:53:9e:41:66:31:2c:
-        ee:3a:be:bd:74:34:9b:71:c1:67:1d:3b:28:04:b9:85:e5:72:
-        cd:f0:2b:a7:d9:d5:e3:43:25:4a:52:2e:79:24:52:cf:75:e1:
-        3c:35:82:d1:5d:1e:f6:05:8b:45:24:67:ed:84:9f:c7:8d:c0:
-        19:55:5e:52:76:3e:2f:f4:af:13:ae:d8:24:a3:17:68:5d:b5:
-        45:74
------BEGIN X509 CRL-----
-MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk
-IE9sZCBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEE
-Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFBu6
-jCGHcwcFmPrrudlvQaRF1YbqMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AGLek4w23bJxVrtO5DI3Ud5uGQHdPiWM1IF+/GZUdA0yMNIRSdytarT8j+zmVv7m
-7FOeQWYxLO46vr10NJtxwWcdOygEuYXlcs3wK6fZ1eNDJUpSLnkkUs914Tw1gtFd
-HvYFi0UkZ+2En8eNwBlVXlJ2Pi/0rxOu2CSjF2hdtUV0
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FA:A2:6A:B9:EE:FA:4F:C5:72:9D:75:D3:4B:7A:6D:8C:E4:5C:39:24
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0p.n.l.j0h1.0...U....US1.0...U.
-..Test Certificates1=0;..U...4Self-Issued Cert DP for Basic Self-Issued Old Key CA
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:6b:ec:1f:5b:3d:31:1c:fe:c6:40:ca:e3:c5:52:30:a0:9a:
-        55:ee:f8:c3:bd:cd:b1:45:d0:7f:44:f6:42:1c:0f:b9:df:8f:
-        4d:25:0b:ba:5b:bd:0c:68:c2:ce:b0:c4:17:e7:be:81:de:73:
-        55:5c:6b:d6:3d:e5:e2:18:31:d7:5f:6e:1d:4b:0b:31:cd:44:
-        fe:29:d5:27:77:f5:83:bc:ee:3f:46:31:d5:66:5a:a1:9b:1f:
-        16:d0:8c:ef:ae:bb:36:75:a4:b3:62:be:16:cd:de:b8:90:bd:
-        5f:26:1f:a7:d8:1e:59:ce:27:af:ee:ab:de:9d:1d:66:ef:9e:
-        49:cb
------BEGIN X509 CRL-----
-MIIByjCCATMCAQEwDQYJKoZIhvcNAQEFBQAwUDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSUwIwYDVQQDExxCYXNpYyBTZWxmLUlzc3Vl
-ZCBPbGQgS2V5IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIGuMIGr
-MB8GA1UdIwQYMBaAFPqiarnu+k/Fcp1100t6bYzkXDkkMAoGA1UdFAQDAgEBMHwG
-A1UdHAEB/wRyMHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg
-Q2VydGlmaWNhdGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBC
-YXNpYyBTZWxmLUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAIxr
-7B9bPTEc/sZAyuPFUjCgmlXu+MO9zbFF0H9E9kIcD7nfj00lC7pbvQxows6wxBfn
-voHec1Vca9Y95eIYMddfbh1LCzHNRP4p1Sd39YO87j9GMdVmWqGbHxbQjO+uuzZ1
-pLNivhbN3riQvV8mH6fYHlnOJ6/uq96dHWbvnknL
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3EE.pem
new file mode 100644
index 0000000000..f07496000c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 0B 3F DC 89 46 44 62 27 7E D5 64 8E B1 B6 E3 B6 FF A3 1B EE 
+    friendlyName: Valid Basic Self-Issued New With Old Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Basic Self-Issued New With Old EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued Old Key CA
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgT2xkIEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUIwQAYDVQQDEzlWYWxpZCBCYXNpYyBTZWxmLUlzc3VlZCBOZXcgV2l0
+aCBPbGQgRUUgQ2VydGlmaWNhdGUgVGVzdDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCvB9Hx5fpvsmfyxZyAuxLiVbm5ZGySZNIbcBqQlZ4UZ35CG+zq
+H5ViyZ+id9ZDWkQB+RFQB1r93dvpCFiz0wYjRQ1cfxpudCCBQDiVgkTzt4/kD9pc
+iHk9w2ltb3fCqtjXTrLYl25PXXPq4boF10kWnxDvvEaoCl1jZBtEyta9VT3O20wt
+HeTLywU9Byql1qkkUp7fIBj/rgXDuMchFRfcN9C8xD3vSGp0Mn7w3dLkixVtk6fN
+mRgudZ1X4WtAzNJcWUZwzX1oBGMEoZ/p8l64lPuyX1SXtwHIbUkAtKDuUeqDpQa6
+CrtfqP/WfN6I3HCITRvw/K69sGjvXh3Ce9AfAgMBAAGjazBpMB8GA1UdIwQYMBaA
+FIhfvj81OWaa603CJhsmsSontQgqMB0GA1UdDgQWBBQm6qJntGK/v9TM/WTbiNJv
+J4vrFTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
+CSqGSIb3DQEBCwUAA4IBAQAz4udcgcZWr+2UzCvM8M9LWlJZIcpZTTDMgbIDKhAg
+WPcz7zI9T2gGVKy76yGTGisXSRuVPW/qUz6qSfP4OsKhkinToF2wDU8bYKB01AWe
+8JnTI13ZsOjlfunus1A6KXISn/OefW96YMTB9sloWS6YL2xYhs2tVbzAp7BDThNI
+x588Obo5IhjFuaq+v0J+iYl3guCHzfNMN08mbYomYCwZBYzoB6i/YSjrIhdVp+14
+Bfqb39ZLzdpxubzH2Oie/7PXibacCQo3h6IwxdWh/29vkt9p142MtnszMBUqrTOc
++yRvjXJbpv5rr9EmVaNhhIanrgVHHm7ehOcQZh+XDBFV
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0B 3F DC 89 46 44 62 27 7E D5 64 8E B1 B6 E3 B6 FF A3 1B EE 
+    friendlyName: Valid Basic Self-Issued New With Old Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A9052792081A4191
+
+QhIGxJGXZ5WORB7p/Sv0ohTZAtTuhVVcLmlwz3p81zuk2usweBDNN22OZiFVOUnW
+hJBfYLthgUz5rwmlb1h5rvyOjOqVVUtwE4CdiD4ZFBUWEX0gnMZhG82nDFHRohcT
+BIw7nE4rnXBdn+RuFrKn+fw4+9TcWPCWlKJsyc+M33DP8qzWWL1PRNl/EyhyGiuI
+/sRCpCFPfUI1wBDeWhXpiDIKB1N6OdZHj+gW5kwUMJsDJS1wPT5BpAPdgMi9yebs
+Jn2zW1osO+dYGeT6dHhyVrfd0ryFpSvVmdM4XwrAVysC9nP81woe1OldNtM9vPuM
+XevTzETwZ88U2IUYT514Zch+XGd5QpIfchDxdVlfxkrkrQ2M73UhAXnIDSQInjbg
+iQBmNQTqAbOTK2KlJdRji1iRfofMzWzHuDQcppDVn+5PgvI/bgqA14pZH2E76BGj
+6ev1vBrKS0U5dU3tUJm8lkDJqZF8JUsMnbiLkGv+7R0/iua+9kdwHEECKabTIaqQ
+jnNN1jb74wEjnKdCs2NPrn+I9mWGjwgPKDQdbYgmkliF9381uIDNs6hAi65pMmMQ
+/ubo609SY4JwMBwDdD0GXPbpoHPLKoPQcSqbP3exbU282ZU1RTrhN/xkaqMW26ew
+hb9A9RWskmJhi6QwLW+Yaw3ERyLWKTcv8yQpzynBy8qbPFKAv/0rJ/iQjbliQ9GT
+FxgvqVZ1TNvbKTLK/XB6+7rjtBbrr3FQU5y7tkfqSKi8FRLrTcTjWhn54tPDFHsG
+Hx+XAiE3+wrwx9pD4O9ZL1zMM3NY9paXsePvThxKt0TWCQJZT/dtQJxp574WxrK9
+NKMg3PmzVSja5TIyy0fiCrqHJ5hyusw9DtJuxQryi1G+S+J3jIzK5horevNMuu0Y
+zQmFyUiBpyiziLTVSJC++OkOqosP/6ikxkV6rXBRM5pSjFVsXVHnF5KfSya9XtTt
+kfiERcC3G2xk08ZMnKSPzYl+XDGcjcKzEBJlbjdeW8qMNhEDd1aL/mjlaJzdXYWN
+F24lh8zx8s9P4zPxxIJoq/+6+dP0SRypECTP79sR7ACv10c1FOS3FALaG2qu4gDU
+75ITWrAiHY5JS4IlTIeUoWuMNeV3EEpbAJdiXbY2lG5wvFcWT6DQ1mTD8nk64Uam
+Z01quDB0vKsbia0HwpuoqJT8q6urX2M/y9zwK1snzsXDJ7kP3EyYcJvI0UoKJD4i
+1kzo+dc9brliCNdVJKMEu2YaTB+gh+Bx9Bni/IleE5FkZ7C2gEMykvv7zlKTksSS
+e8d27GEJL6827JjZk4qqoxxzNU0wgxn8gWbQXcMn+X01PsHLUZTVKMPBDRXMNIZZ
+FshWPNbT+kS0t0O9IHWMZbBJP6H9YAKdo/7MyMHXDpoOdQnhGKeI2H5I5nyerqms
+zS7aXIqxNFuGx4Jg2f3+08XNW2bdHtbud7423k0zaPOMf2HDkaGIxtWzkdDBZjTP
+EyD6dXmO0IR/8Bov52Or/0bOuCz8SL0Kdi4mff+0mrb9oe0xbBOQtOx5dTTcZgOu
+Hq//gPWA5Bi8AZV7AHqZPiyht9P+wJWrwKEfr2+jL6PiOIY0DDuGDdKGAIVXtAjm
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4.pem
deleted file mode 100644
index dc7432e631..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4.pem
+++ /dev/null
@@ -1,175 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBFDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgT2xkIEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-q8Gbt04t1VYDzow3lv3G+lNNQ/gCP0fz7/PBxNPzAwluA2Qzeix8gg74cXMpRe8u
-PosT3EZZ9iK1PyFmcNq+CjzCuvi8d+1gaGS36wkcQBB6g7HiKRQ8ERQ4cEE6CH21
-ntbFzVbn3d+NofzVo6e1AIdHDNPm7G0+F6f034Lo508CAwEAAaN8MHowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPqiarnu+k/Fcp11
-00t6bYzkXDkkMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBzQl++7X/MYd9h
-3E0XroNDuD8TflER0UTgWOwN5UO8BXz8j402hmhEPyw66u6R27V7U1/wf8wtCAli
-W7LnTcJKWFy9HKnpibiz50ike8zgsVmv1godVgDn/xvQPRAnWq+OX9Abc+6OTqiw
-aDNRQp2WD1ph+daLu1XQgeAoD4Gajw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Basic Self-Issued New With Old EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
------BEGIN CERTIFICATE-----
-MIICnjCCAgegAwIBAgIBAzANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBtMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxQjBA
-BgNVBAMTOVZhbGlkIEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBXaXRoIE9sZCBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAogdB
-BnysUr/KTFA61NvJ5idc2kOLUlr2Nyx1WK3KTTQwISpC6JWv5b2oERCJDCL7/3g1
-C3k8J0WWk7CG0T6ydQI7A90xJDYMPGdknO2Sc+8vm/JBnwo5Qgfz2X5Oeo0Bedbz
-IDJHs35fj6KCHCxExaw5BHTbxC2cIu9YU35+KTECAwEAAaNrMGkwHwYDVR0jBBgw
-FoAU+qJque76T8VynXXTS3ptjORcOSQwHQYDVR0OBBYEFHx6BhJiF7QEIUB6yCAl
-MoN5MbxqMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DQYJKoZIhvcNAQEFBQADgYEAkmGbvODeNeoPt8PMnRvdgOCxlnqA/pzPuD+JbKui
-VPa3xQM64kKjbdTsq8JU+BtYbgy1Ocx4Lmvv/wdJ5AuIosaWiAfwW/+VVni4f6pq
-lb08+5rRTA6k0Z5lhV2RSx+AomDcQnrwsxgi+LPj2aWfwxPL3RkpQ+gnBnoRdOwI
-Fak=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
------BEGIN CERTIFICATE-----
-MIIDETCCAnqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE9sZCBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj
-BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBLZXkgQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBALQ4a61C9wpu5W0cACccONm+QLNESmbHtLwy498fByU6
-h5UnHkutUfy7DbIv3rELFXUd2yM5xQI/QuQZ20EjXOZiCSJEcvzfoAyFLrAPf1pN
-xQybX5HhLnJK+oGlwmD4ZatL7oDqV5IhlIS0So7g+SBOCh5lkKdzbH3l6D7nQXSD
-AgMBAAGjgfowgfcwHwYDVR0jBBgwFoAU+qJque76T8VynXXTS3ptjORcOSQwHQYD
-VR0OBBYEFBu6jCGHcwcFmPrrudlvQaRF1YbqMA4GA1UdDwEB/wQEAwIBBjAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zB7BgNVHR8EdDBy
-MHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBCYXNpYyBTZWxm
-LUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAHDVnYLXKN//Mu1w
-BZS8DbfQ8p/DlXZ0n9EmdXRzoHXReDWeOaoiHU1H1HNJcLMe4YgEjsttTEBGfsZo
-OvyNNUZ7C/oQymaDykP9W/m1TX3ZVLmx96zj36gCkVPczoG78kQ5zVjoLl5G5BJQ
-4YX3NumsNd2WpHY34K21Cd/KJ5KJ
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:1B:BA:8C:21:87:73:07:05:98:FA:EB:B9:D9:6F:41:A4:45:D5:86:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        62:de:93:8c:36:dd:b2:71:56:bb:4e:e4:32:37:51:de:6e:19:
-        01:dd:3e:25:8c:d4:81:7e:fc:66:54:74:0d:32:30:d2:11:49:
-        dc:ad:6a:b4:fc:8f:ec:e6:56:fe:e6:ec:53:9e:41:66:31:2c:
-        ee:3a:be:bd:74:34:9b:71:c1:67:1d:3b:28:04:b9:85:e5:72:
-        cd:f0:2b:a7:d9:d5:e3:43:25:4a:52:2e:79:24:52:cf:75:e1:
-        3c:35:82:d1:5d:1e:f6:05:8b:45:24:67:ed:84:9f:c7:8d:c0:
-        19:55:5e:52:76:3e:2f:f4:af:13:ae:d8:24:a3:17:68:5d:b5:
-        45:74
------BEGIN X509 CRL-----
-MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk
-IE9sZCBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgEE
-Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFBu6
-jCGHcwcFmPrrudlvQaRF1YbqMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AGLek4w23bJxVrtO5DI3Ud5uGQHdPiWM1IF+/GZUdA0yMNIRSdytarT8j+zmVv7m
-7FOeQWYxLO46vr10NJtxwWcdOygEuYXlcs3wK6fZ1eNDJUpSLnkkUs914Tw1gtFd
-HvYFi0UkZ+2En8eNwBlVXlJ2Pi/0rxOu2CSjF2hdtUV0
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued Old Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FA:A2:6A:B9:EE:FA:4F:C5:72:9D:75:D3:4B:7A:6D:8C:E4:5C:39:24
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0p.n.l.j0h1.0...U....US1.0...U.
-..Test Certificates1=0;..U...4Self-Issued Cert DP for Basic Self-Issued Old Key CA
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:6b:ec:1f:5b:3d:31:1c:fe:c6:40:ca:e3:c5:52:30:a0:9a:
-        55:ee:f8:c3:bd:cd:b1:45:d0:7f:44:f6:42:1c:0f:b9:df:8f:
-        4d:25:0b:ba:5b:bd:0c:68:c2:ce:b0:c4:17:e7:be:81:de:73:
-        55:5c:6b:d6:3d:e5:e2:18:31:d7:5f:6e:1d:4b:0b:31:cd:44:
-        fe:29:d5:27:77:f5:83:bc:ee:3f:46:31:d5:66:5a:a1:9b:1f:
-        16:d0:8c:ef:ae:bb:36:75:a4:b3:62:be:16:cd:de:b8:90:bd:
-        5f:26:1f:a7:d8:1e:59:ce:27:af:ee:ab:de:9d:1d:66:ef:9e:
-        49:cb
------BEGIN X509 CRL-----
-MIIByjCCATMCAQEwDQYJKoZIhvcNAQEFBQAwUDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSUwIwYDVQQDExxCYXNpYyBTZWxmLUlzc3Vl
-ZCBPbGQgS2V5IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIGuMIGr
-MB8GA1UdIwQYMBaAFPqiarnu+k/Fcp1100t6bYzkXDkkMAoGA1UdFAQDAgEBMHwG
-A1UdHAEB/wRyMHCgbqBspGowaDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg
-Q2VydGlmaWNhdGVzMT0wOwYDVQQDEzRTZWxmLUlzc3VlZCBDZXJ0IERQIGZvciBC
-YXNpYyBTZWxmLUlzc3VlZCBPbGQgS2V5IENBMA0GCSqGSIb3DQEBBQUAA4GBAIxr
-7B9bPTEc/sZAyuPFUjCgmlXu+MO9zbFF0H9E9kIcD7nfj00lC7pbvQxows6wxBfn
-voHec1Vca9Y95eIYMddfbh1LCzHNRP4p1Sd39YO87j9GMdVmWqGbHxbQjO+uuzZ1
-pLNivhbN3riQvV8mH6fYHlnOJ6/uq96dHWbvnknL
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4EE.pem
new file mode 100644
index 0000000000..3fb27269be
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedNewWithOldTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 2A F7 87 BE FB A5 B6 5A 03 1F 34 01 8A FC 21 34 0B C1 ED 93 
+    friendlyName: Valid Basic Self-Issued New With Old Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Basic Self-Issued New With Old EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued Old Key CA
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgT2xkIEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUIwQAYDVQQDEzlWYWxpZCBCYXNpYyBTZWxmLUlzc3VlZCBOZXcgV2l0
+aCBPbGQgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC1hupFJIR+fBLxx23/Kru9609/2Of2reiVqs0uGOuzXEzcBfwg
+9WdOmpHE1tgrgnPeg8KPjQEdi3E0FMZ17szaxuBzWaBD82++ZUGuOsyjG+1U5pp7
+nnbay91jYHRKTscjnRRaey8vSorDe4H7lhnTUjeShTXnz1YOZCMf8MLNXbD7Yt5j
+bnwSo9EdvJvh2Te7ZY1jTvS7jWGmFZOTyaeVRXXkwN9jtm4uc+oc5B5D948nRAML
+o8qspGTdP8jokf788nWZrbqc8eFYK9mQxZkmkULPb+wgt/M1aNcTixwXuorxmUGM
++5ZmBxemRqqNIk9OlSScZ3oOKNaFEZ90QQZpAgMBAAGjazBpMB8GA1UdIwQYMBaA
+FN0NdY1TaBLEyxVAwBSGFBYwob6vMB0GA1UdDgQWBBR0xH9Fw7Me7BU1MG+ThFGX
+FlOJSDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
+CSqGSIb3DQEBCwUAA4IBAQCJSpwZJZwrb6ql2kHDQmAuRxn30WNsAenJokeRhyL0
+GMvOWgt+IYyeL2DxoZL477cH5+zUG7JyefyZvXz2oAzfApgPK8MCeQC/opoU1gQY
+oCWuo5kQjFtqI68wosKxrQvGh+VJMhREKBfShcR0z+MQhRut52Snvb2vMpdj0+yX
+iLttI1yQExAATJR2LUBCG4lMIqwW29IgXLUkxDSH8yyMA4NsRKhkawlY6+rGV+8Y
+pqZr1e0rmZXNrkxe7X28c4a23f75cq/+oTAql+9IZVE1FqWE/z7Ae4iKudnZTxnw
+Vh989tNkrWJeVLTOxczANY8ULemtvO3b5192gj3WA0R8
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2A F7 87 BE FB A5 B6 5A 03 1F 34 01 8A FC 21 34 0B C1 ED 93 
+    friendlyName: Valid Basic Self-Issued New With Old Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DF2886BBB4A02584
+
+oUu71FFuDSTWIirwHAtUtRXTNC7IU1ZW+ORNKmQqHO356vmTvgT9DcWVWfWn9zgY
+z428amzxjkS2MnVMsM+EEKUY/PcMWBY3GF325nRgHdUylKirNFDXX0jpfA8ic0s6
+gMio4ELZJQzSgQE1Quizz23JkmkaEOWFR9d2lzi8N4N3i/XTogkmyLtX96ELm+C0
+yWBkRc0y73YljPgr5kh8R4iNSBhpdzC2LBDMa2kEUvM8Q4TDzxyY0evyP2V4QSaW
+v+1ovCiII+gwML11+0LiS8sdvpGguGGpop7aFceAmfDZ3BLCsXpfAweS1GQJU3aD
+ZTe8290oS198pmbvVGStlmrb9w75brS0eYFlTEZH8SsM6lA2a5Gf8PoaMxHxoxm+
+3BODRdpRLrpqzWaej+6JgZGv+uot6oOHDpNrRIT/381Vjt8tKQtepUG7ENvOg5y+
+AmquMjJ+3ynD+0GWgM263bcb6+QRX8O4fRY+drkfDR1sd3/tzwuHb1q9FSC0mZR0
+lSVAe4mRW6IiCdbSiqhrrP1KPygd6JGfheVlLN/7drJZaHpjFG/tHqEYVzLPIV4M
+FibSiwzOcuPbTbFTIRIfLFEHYkJqIMnCBeVytqQuIaDBoy6MixggSOLMCcwxkQXH
+BfLOecE2LSI07mMZbPMKbPCGrmsXidUAgqk5us+mSdeYcgUPhUlvJQj7GIfYr22Q
+eKRiyRpZw0C81LY/l35a2bw1Nzpt/Iv0TiY0UJPrnWf6OEZwQRnYJeM20mgrcois
+saP2yW1Vz+PHY3rcZE0zv1n8ZQEe6Cax2QbarUbm7Rwkn0pcAX6TraWfYltTNg+3
+9yMezsmWJuReJr8fr+aLXxFYtETcb7CuSSsEJF93MZW5XuH9rsB+prBACIyhXxSG
+RcVeuqIeFNM6jEzfCu1n9AOtiPuwk7s+gF0qrVnMGvf91eJ+hishC2aSEWfkFKCT
+EYBgAhZGJpVOYC+iI8QNFrbRVzQk9+8/TsQShMU5wWjA50uNbxB4pS9OSg5J1NqJ
+4Nu5y2nyyladU36EiFVuYW18iFLrJAvBf9lpaEL52JgW1UOWwWOorOOhIfSd0AE0
+FXKLyuuklU190vwe50OQaay5gHL14Y/MHlkgcJAwHgvogjtsi6I9NoVVgqeqLVlr
+rWVXLbOQ79J5RIw4A1DXyDJBFPBFsptCqHun0rlx2tj0glbJGU0Y975nGfo2GFSA
+mojl02Y0x07E8Hx2TmPZmirxepIlqUN+f2SRLb97rjZFP3NBVk2URY6iZ5bVW+iW
+JtKctGjyYD/tdtXoG11uPjiJd6Hlb3YEeoRvoUBKVr1ZSH96wVOtljiFKWVWPq8e
+XEeV6mhrvx1tqN08RKz/qZY0TzNmf/cRhztpUNPM6swpgW2pqkTFwGjJ+RF+Admc
+UBz/RqRH9fYQn9R753weJOyHJw2Md2TIW+wiD+PMOg5KoGZVSNKu0qsLhWDNfKCh
+X/CSWxyHQNHSKzip7RgzjEMrVR/dpoLAb4chz7JV8JCikgr8Ei7N0itZzfVJnpJ4
+IjEW4Th2ygeLmuzK9ofeuCtwogx4BCVZOv8QxJpcixZkpXUYLVdWVg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1.pem
deleted file mode 100644
index 8a896652d7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1.pem
+++ /dev/null
@@ -1,134 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBEzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcQmFzaWMgU2Vs
-Zi1Jc3N1ZWQgTmV3IEtleSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-tCkygqcMEOy3i8p6ZV3685us1lOugSU4pUMRJNRH/lV2ykesk+JRcQy1s7WS12j9
-GCnSJ919/TgeKLmV3ps1fC1B8HziC0mzBAr+7f5LkJqSf0kS0kfpyLOoO8VSJCip
-/8uENkSkpvX+Lak96OKzhtyvi4KpUdQKfwpg6xUqakECAwEAAaN8MHowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFK+5+R3CRRjMuCHi
-p0e8Sb0ZtXgoMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCuRBfDy2gSPp2k
-ZR7OAvt+xDx4toJ9ImImUvJ94AOLd6Uxsi2dvQT5HLrIBrTYsSfQj1pA50XY2F7k
-3eM/+JhYCcyZD9XtAslpOkjwACPJnODFAY8PWC00CcOxGb6q+S/VkrCwvlBeMjev
-IH4bHvAymWsZndBZhcG8gBmDrZMwhQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE5ldyBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBQMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAj
-BgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVkIE5ldyBLZXkgQ0EwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBANa7RRhusOV0Ub10qBKMsUMG7QViaonYz0IcJLX0FKEI
-EpTq0SV6NeVjjzmcrSrzjHQfJpkywOHRiMw7XvYunmzlwGSoD6TW1ZUYVDaQbKUT
-oWooVoCzVstf6AsZiJiHQtBt4x4OHap7QRcJdlh7aPhp6TR+zq8gB1HsG8yUlG0x
-AgMBAAGjfDB6MB8GA1UdIwQYMBaAFK+5+R3CRRjMuCHip0e8Sb0ZtXgoMB0GA1Ud
-DgQWBBTJW9PRvwbxAcF5XLtzDY1MRsst2TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF
-BQADgYEAhIZ09WrNK3jX+b8HugQygNCBEVVfX7TOCCFkmRaxp4R/QBHWvcts0YQT
-6M5ZC6b877id6zRYegHadKekVVqwFbLKEO0MnpD2yGhGgDpbil2HlEaQ9yKQXpGF
-CBx05/e7jkNhk/zGDsBqmNzkozrJOYBohkwUOjVFkAuLyovPhTY=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Basic Self-Issued Old With New EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
------BEGIN CERTIFICATE-----
-MIICnjCCAgegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYt
-SXNzdWVkIE5ldyBLZXkgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBtMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxQjBA
-BgNVBAMTOVZhbGlkIEJhc2ljIFNlbGYtSXNzdWVkIE9sZCBXaXRoIE5ldyBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArImc
-Yf7s6ea0+dqzWPAcGg4gZE8CjbYlhP964Da56tk10sqLVKHCKxnRYgymvojftLHO
-4WYGhfOfDGxlEex3i/AvnxEqVlwzH0M1fCU7mvycYjZtMSObA4U1mr/MRoO7U2so
-ege9jkx/dSbZIRGY1huIipH8TjGnOmfa56IBLpECAwEAAaNrMGkwHwYDVR0jBBgw
-FoAUyVvT0b8G8QHBeVy7cw2NTEbLLdkwHQYDVR0OBBYEFLKHIZkLlnQV1U2SSzrY
-JQOcna7uMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DQYJKoZIhvcNAQEFBQADgYEAZu2t7x1PqFyZIdjnp2j/D37jnc5xmuhC2UOUuyt2
-WFggO+apFns8iYM3azA0uj819lQexXHqKAZi5tQnMzPcYJgDjb1ix0kUCwiW3v20
-LlHf39XU7HJjfXn5USPwqNvrHcWADkRfL10y0ve+F7tmkESFvb/yF3ZU+t/OBKb4
-Dgs=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Basic Self-Issued New Key CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AF:B9:F9:1D:C2:45:18:CC:B8:21:E2:A7:47:BC:49:BD:19:B5:78:28
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        73:fe:c5:db:86:ee:6b:0e:f8:68:85:d2:0d:c1:44:01:d1:33:
-        5d:9a:42:14:a7:a9:20:bd:38:30:c1:f1:3e:c1:b8:d9:4c:ba:
-        fd:3d:7c:a9:66:5f:94:fa:46:e8:23:94:4e:8d:09:1c:45:6b:
-        21:ce:b5:cf:3f:e6:18:33:d0:ac:a6:ea:c5:f9:32:6e:75:31:
-        79:6b:1a:8e:50:05:86:89:f9:f3:e9:8f:67:e7:93:b7:d3:05:
-        b0:9f:2c:97:9c:b7:7e:01:7e:c6:5e:f8:72:4d:11:6b:9d:30:
-        f2:69:df:68:5d:aa:a0:84:f1:07:68:15:fd:93:f6:14:a1:f9:
-        90:ce
------BEGIN X509 CRL-----
-MIIBbTCB1wIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHEJhc2ljIFNlbGYtSXNzdWVk
-IE5ldyBLZXkgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgED
-Fw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFK+5
-+R3CRRjMuCHip0e8Sb0ZtXgoMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GB
-AHP+xduG7msO+GiF0g3BRAHRM12aQhSnqSC9ODDB8T7BuNlMuv09fKlmX5T6Rugj
-lE6NCRxFayHOtc8/5hgz0Kym6sX5Mm51MXlrGo5QBYaJ+fPpj2fnk7fTBbCfLJec
-t34BfsZe+HJNEWudMPJp32hdqqCE8QdoFf2T9hSh+ZDO
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1EE.pem
new file mode 100644
index 0000000000..b9dbf00b73
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidBasicSelfIssuedOldWithNewTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 05 3F A6 27 06 55 4B 0C 69 50 D5 0F 5E FD BF 47 A1 9C 82 49 
+    friendlyName: Valid Basic Self-Issued Old With New Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Basic Self-Issued Old With New EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Basic Self-Issued New Key CA
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcQmFzaWMg
+U2VsZi1Jc3N1ZWQgTmV3IEtleSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMHIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMUIwQAYDVQQDEzlWYWxpZCBCYXNpYyBTZWxmLUlzc3VlZCBPbGQgV2l0
+aCBOZXcgRUUgQ2VydGlmaWNhdGUgVGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDev0QtgDJfvPcfzwqGf7Xo6oBJMIEKObeQqeEor34N6RpT4gdw
+mhmz/6dR+r0xpAVnpH9peH3F07hanqFzlYmv3oabgCYMmDBAxEFy1cptkE4hDdsf
+UZqruxtd7v84c+hUd55DSPmRjzCZtvbm445wpUJyTcIxTIckpS4Z46TIuM5CCgcX
+CJBLa/UA7nAFJD634GMYzjcIjwqQftmgmyvQxlEkGxc3Y8el2jBt160yHTlbcPUF
+2cB5heUWRvSLHWoYt2nBhL8W75NzJZaKAtL+4zSYQ/uSlutIuV1cAnubaR9kfQJE
+A3tKagf2BP8yokA4aOkXEESnnWV4gh+ZtvoPAgMBAAGjazBpMB8GA1UdIwQYMBaA
+FHZ82GQENAlP33EhdA8MFps2qILXMB0GA1UdDgQWBBQD3ajkIvc9gpRLEUN3LsTP
+J+b/QzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
+CSqGSIb3DQEBCwUAA4IBAQAgcf52e984C7/uhGUkZ6oTOyFsCZy84Vy46uuiCRkv
+Zv4di4AA1XURzEKGEwR+F7ewE3mNbrfsfvwv11ZC//bZn/9nJUN8z/VvxHwnlNm+
+Z0iYclryFKrs5lvWjwzlNG3tZeNl77X8rpGlwpwU1SbFJH2N93JvUWfMBXd0QUcn
+Wor68nK8FUBd/1tAq4njU5OT+nBfII3Cv+Fdg902zrUTqrJXZmdD+jSBifd3S5/m
++nitrP1YAODnCqZGjAmgzDZTq4C33B8b88nhfIZssqK0rEsQoN1qyRZb5nTBHZ9L
+P3LirbQTLxJHYSAZl3GmRQ8sUEODnIN9hkYRSWoJZOtl
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 05 3F A6 27 06 55 4B 0C 69 50 D5 0F 5E FD BF 47 A1 9C 82 49 
+    friendlyName: Valid Basic Self-Issued Old With New Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,10B08039DFA4A58D
+
+g68Sb53Ixkr6ma6Vo+HWtS30kwevnOgRyE4CEBC8a5mc3dLcXo+N8igPZh794SLs
+8aVAS+JVZezz6uLoiXXE3kjDeP6ggZMmWaNq87vWkk7dcvSX+JI8fJ04ziZpfOBL
+TGQsgePImkW1sBejluwySCmYywt8Zb8pLDTjrT6aWF5UCO/CoDadNJVL+LQG8NwK
+zsVYicJc0hWmlMuoNzi/yJx4cy74QrHRiX7G6ZA/JdMC+jV+6zgHcRxb7dqAv//C
++8AM7zuhOJUtQxEzeLYVBqBT12BYWEY0FLV1Lz0Kyt5s4Wt4AZLyOnQpFiYhbChT
+7MLuswQIJyi067yarkAcPIqdDbewjDUKEhMjs2IT5BvshlF6dKDvYhlUr0zhgUbw
+O5AsJu8H97vp/jaSisVRu7ZtDcpGn4lXy4ph5Q2o9++diK5v9HbywocigjRdwDqI
+C/704gRJMBUoFPpujM7uI9XkcGGdcDT+ZQ2i8zXtwNYprF3MxhX4vxF9Gp//VKtu
+po7tLpQcucUrMyDywiIJeoTJtWj/hRzmuJsXoNst1caGwoCpqP7TYhL4eGqFEg90
+ubR9B6qbabMCfATgKAEUpQ5NKjvbaJ5QgSm1AAncu/MgPBmH1WxnqH7dA7Qa34oV
+3GSIsKcYFV7EYwjVSTFZpHZACOe9xkL2G+rzY7JVINGzv8mCdau6sr6kQCQAVcY5
+cHMOOQvne9GsxEt7iN8OBr1mBGwFhJFRnoAp7ECHe2vxrJmN1W5rkq9TZHFrwCJq
+F2zWEj3C1It4+1cvdo5kMdvcFvdiK+svhgJu00Vi+clN81MRmre8Xm3HaueJ9Xn5
+BsPYP7M2vLGfd2QOC3wMtgCOjmlCiRQ/r2nLOU3ydYQiaEFltV8CK5SXGiI5i9/b
+UxY5tcdLHACcwlpaFvUADs73yfw7OJfd3RnPOTdLksdI9q0hx65oS4CgIF/haP2X
+K9z8G4C/1OFCx7TYC05QQo5C/K7sALErFzrpMtbVwUFddCzoktKFsG5PB9jsoWw8
+lhmXrJqKCok/f2W8o3hZHVfUEaVddIcPgcXGgKtsedXlBkjfIgqUDdLdcwF5lV8/
+mKw5jL9ozlEkMZmCU8rUOuSGWo161n44W9zGHkgTSxLiVOaOiqxmzACWHfHy7G2V
+9fx0ncJCgTffmcGnTYRJi9S1AizgaQ0OC89CrVxR809DQxykWeSeNpK43u95Lexr
+tKJvVK8lOl0gihDW6rKvwS1bdF7LzvSE1q6544FDx390+SkXYAq47BVQ8dNybif9
+hR4EroJ+C1Q+LjVb0A9w/nqNRFhRo7hTkgWE7BoW43JhRK+mIoV9joY5sa0hCRvZ
+6+B/4hNVQLgYp/tnNRm3k9shpk6jGzQB6a0BLnatDySPS2+MRovYgQsZCrZqcpO1
+kQ4hHfLaJ3jTndN5yytEJ2ZWcCUbCyY5Q48EyNpDpGHZe88iDuniD+H8xbGixn01
+b3xmcvgJ63ZsXiN4I9kjLUql3YxraWqbcaq2Kvh2MD2I8Z+O5dhyJcwaFZcfDF0Z
+3mj2YiTCZJb1xGX5fRQhrjwoEQCb7QjbGVvV8L3DJiSCCnjr6v7QC/c2Du+VCIUw
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidCertificatePathTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidCertificatePathTest1EE.pem
new file mode 100644
index 0000000000..c07567a658
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidCertificatePathTest1EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: E1 28 46 4B E7 34 D0 F8 4B D9 28 51 6C 50 F1 5A 18 B5 2B 96 
+    friendlyName: Valid Certificate Path Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDeTCCAmGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMFMxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSMwIQYDVQQDExpWYWxp
+ZCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBANncdxgQEBhgQfvneBAP+IR3cO8tblU7EaaZUj9t9L2hl/o2Hm5EQhHI
+U/51hpteNxKIon3ZcQjUSTVxzkbPW9BZjmUf60I9yg7cTJDYVGnPXjiyIGDdg1Eu
+39vVWziRWi3PmjO0b5aQ5XYUYkNphBDPVEH5Neqe1FqXnV4QWb3g5MNZidfe8nmw
+h2sCwFmhKgCCFW9rEREAUzR0PfThzFZiouRl6COxgx1YUwiyMy2WvuV9M54QWidz
+U91dmOJLEVNYkY/qchHsu5TyDQ9QrfIWtRoAJDHlFb0XBpCqJLGs3QxSHvCLaqu4
+9+3fY7TOlGi/XpbQRJbx+PR6Ogp5FVMCAwEAAaNrMGkwHwYDVR0jBBgwFoAUWAGE
+JBu8K1KUSj2lEHIUUfWvOskwHQYDVR0OBBYEFKg8CZ1n9thHuqLQ/BhyVohAbZWV
+MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZI
+hvcNAQELBQADggEBAB5a2Q+vYqW5Ury87AxhiBMBqgoPDUejnqmyFxv4o9ks0o04
+vjuyz9QxiM/OafSOx7lwBVHABofGlbT2avoxni3EF7Pt5XoZYRhujNHkDtqbbWyN
+BpDuLNF5WNiEzZtB0xji/pHGXwAnFGV7Evovvai/NI4tzxdMWFswDy5pZkUmJiGY
+0/OQrimHWk7Gvegofg+glOb/XLVcT92KYVkOBdL/xWnA04lK0cLlyPTICMP9KiNP
+hABcLEQtg4rCPSLHPGDyinjjG0Zl2pmP+GPB1HqgcKZ6pxCbnax/vhTwRCOHWKwQ
+FejzoL8eJcs2qwJpWq7/wG6wQ54Inhk8pzBujcI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E1 28 46 4B E7 34 D0 F8 4B D9 28 51 6C 50 F1 5A 18 B5 2B 96 
+    friendlyName: Valid Certificate Path Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1FE7617D7FAC4636
+
+p0Mn+JrDNgEXb1a+jzTU9Y0tXlkry6sa7zqyl7Sl9Krk1/dIYgWppKRE19A91EeR
+Ksiwo92hb+nfSJETfAr4OTL7egtQJoOf/jWhfb9WpFM8+X04L7EgtZUvL9cJHBpM
+UNrEGnwKC6Z+bJOnaSydWH2D8E6OweMZKpt5am4qjGXRLOv/hW5+N6uL5sbbrgQO
+BEHkEVw6uHBd3IvB5n5vvMfoFbpVPERXwrDRNPgY/2qtMOvGg40PWzTRVsoGm1YQ
+2FiOKkoeKfvc46/2K396npTBY2oQqZBMUb0GWBnpV5cdKHC0HnWzROPk2WZPgz30
+ppJvCzWsNqolQgKKuYYFnjAXY+JrmCuqJqdFsv96b/GdepyOdWj8jQiJa/T9Wp8P
+to85l5HJ5MfeT7LzK3lyWvlMHrUUs/ZT9hfXAJe2ZQRIMtYpwJkIMmRktHJ8kmVd
+u2zGzQxjIA/Yf3iKeVQu3yLS1ODC7jvjIqLEEmBegx5sFWKtVChyFrPn3J0fk53n
+07xZ5D0m5bX2bctLUR1lFADNO3Zvl2mJlz46wpmToIrlQFsKq1gO1JFwo7P7MzQX
+KWQjXOYWEs939TdiDvIk86ZnaWnNwxcuRK3SqzathM7qubKMWGPlQmMd+Irmm1Le
+Y4Lv3stgUJpnil/vhqT+MfqrCxtugyVX3PONdsh5mKIzl7dMsqtwDyRWNrZS+eID
+qXgs71PxU8TT0F+FvXbCnZ7uLUrOgdfXbyP4CF5lQEwZ8HxMTmJ4IOz/QK89uDSO
+VdZHoc6qpnhCnmVPyI8+yxwAGH1C3Qt3ubU7+EUBto1jITqFNyV6q+o/kL8vsUVF
+fwIFJSyHpEahx+9ytQKHxXCy0vPHirle03uGqLZuO3PvxadxE8CniNK1dUzMwsEN
+a7qmDmMjJWeG3ICzHbdirJeUQePApdLBMNOeUrUKGGrAqhH2qHPGcWOW0GxZJgtE
+02eGX9WsxhewEXNP/ccQDl+MyIA/ao9ypfEs2OgU+Y/TOAi1xKwQp8zi4Q3J+gSD
+saZC3mm/HLsAeTk5TYdca5FLDtbiQ5OvT3P+fh5glmSdEgZkq3x84lYnS/nMIjD9
+t8UEmmIQgLUkLqvfSVxzIavZdiszpVaf1cUNVp/0iQrUeocc5wFRV6KbKMKW2mYJ
+taUJeSQSXuZ393mj7dpQxW4puRTZWOztANImpmUm0kgQ3FLnLMCwA3d9W13IXwjl
+J39BmFbyBAsl8rJvD2v/qziflv8HT2SjC2/GbfSZ6C11MmoKTMRW+7NEC/crDk0V
+hBcHjuz/szivPSLHQiTAjYS/Xl+/15AYPhKL7k5d2RmcInNCmN2So1ketSQfeBQI
+9t08lQu759EoZDRJ8dnR+mWBKSAI8zUYThGc7lTtW+cQMOsgDYV9eQO3QkkvzvnK
+7gmmfqCHReWY7xm6Q6SM6iBpPHnQ55000RKEaglCzABv77RgLlS+D1OGRwGGdMr2
+yJOQnygTmlVpJt3bh4Tuh77wh1J9BwWBf2k1wQMkndbelL+5i8Mkvm+33MVEKJYD
+I109GqlY9x8RdI87SlBth3Bv50up/by/seRVcqFpa/7HhCiXhcJqsw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30.pem
deleted file mode 100644
index cdaee8592d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBRjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIEROUzEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKF4cGWB
-eAaOHCGkAPlmkE9/9XtvEpanIGNf1g0ab0PBnZR8ffY+IK2+rwOeMVtfXmJbaxi/
-Z70teNn94XkPXH6Pmz/pL170Q96CasAsPU2uQC4AtNjkUSeFbSoY7Ul2NaBYqLrW
-yQ7O3jEXdX76KQWqYcihAq1Jw+AEruMq98WrAgMBAAGjgaUwgaIwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFHXnZ0cYCavxiIjbno3V
-F1KO/HN4MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoIUdGVzdGNlcnRpZmlj
-YXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAzUV5anoiOD8wQQnetIFcg5wLnNlr
-dPixWje4q2JQcPnqZk3TW9O0GDtWHmZwVoS3PixQlJPHZGvkliTKM9vO7a8J2FDl
-/ZFRNrm2rHFjZxygk+UTwj+SI4CO8kmtSesvV0ViWwNNyfOV/nmvBjqy6pEbTnCD
-pax2/2P2ruVALCk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid DNS nameConstraints EE Certificate Test30
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBETlMxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgwNgYDVQQD
-Ey9WYWxpZCBETlMgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Qz
-MDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA08C22ZtMqDmJQjt6hWE9rPJX
-rWB8T165lEh/iTleDZqyVWl5PRT8V1PTxkkp5aURAXm8BsNc1b7YFZfdsiMx1bjU
-iBSvqDWP8HtarPF6+J0wsXO8Zxp8OV8kCjU1gA4hLHUvVghURkKoVXwzB2cwhlqm
-iJcKkvv65JpzZPinbCsCAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBR152dHGAmr8YiI
-256N1RdSjvxzeDAdBgNVHQ4EFgQUYmleNHVLgQPdh5BhovyETaAgDeAwDgYDVR0P
-AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAqBgNVHREEIzAhgh90
-ZXN0c2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GB
-AJCvVAtnYWZDsmocwYuC7e6N0annLwnm6MvbUgS7+KHuXfm1ty9YuZRe3t1SFQxX
-yhuTKj9iERpNsz7ldpdAKftS6PasptiZLlqhi3Z6csOnVtmFErdgN56iJoZgkDlv
-YTSVuG8xVfNBvOTHve/LWxGMlTGPDLMLf0hamDdBTfCK
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:75:E7:67:47:18:09:AB:F1:88:88:DB:9E:8D:D5:17:52:8E:FC:73:78
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        90:61:77:a1:94:8e:c3:62:6b:dd:eb:ec:3f:0d:e0:dc:1f:b9:
-        04:fa:e1:74:e4:5d:d2:0a:cb:42:4f:41:9a:a5:91:d4:2d:57:
-        d2:6f:1d:5f:cd:9a:2c:24:5f:3d:21:9f:87:78:17:33:96:09:
-        1b:d1:bd:f9:50:b7:17:c1:e0:af:50:95:7a:9d:03:9e:2c:95:
-        ef:f2:c2:a2:74:93:d3:9c:c2:73:74:96:90:b0:78:15:69:e5:
-        eb:b4:5d:dd:19:4d:ea:9a:78:af:ae:a4:b5:69:78:58:aa:7d:
-        5d:9e:05:ee:a8:8d:2d:16:03:86:18:62:6b:cd:67:8c:5e:13:
-        1d:46
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE
-TlMxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBR152dHGAmr8YiI256N1RdSjvxzeDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQCQYXehlI7DYmvd6+w/DeDcH7kE+uF05F3SCstCT0GapZHULVfSbx1f
-zZosJF89IZ+HeBczlgkb0b35ULcXweCvUJV6nQOeLJXv8sKidJPTnMJzdJaQsHgV
-aeXrtF3dGU3qmnivrqS1aXhYqn1dngXuqI0tFgOGGGJrzWeMXhMdRg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30EE.pem
new file mode 100644
index 0000000000..cd8f0db851
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest30EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 02 C8 BA 4D 34 CD 09 12 AB D7 FF 9D 06 11 75 8B 9D A3 D2 54 
+    friendlyName: Valid DNS nameConstraints Test30 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid DNS nameConstraints EE Certificate Test30
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS1 CA
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIEROUzEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBoMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE4MDYGA1UEAxMvVmFsaWQgRE5TIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZp
+Y2F0ZSBUZXN0MzAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE3efE
+Ew9OTIYxe07PiuyT1xASI18+bk+gPhFo46a4GTv1BYJLzxKlWNQkeb2yHNhHamis
+09o2kHi8KxtgvEQpSItGO3orpoTNx/ag7GZ+uT7pPQX9NI8HDYaaHbU86E5Gf6l5
+xbFV+g5uVIJY1MKV6N/cJ2qAg3o1/aJOg87sXW0q7Xv3QKXbmzlRwVR38QrSRgdN
+r+BIcZ6r9plX8P3ghHH+/xHRfilCh7FWmrruGf0K3w7gudE0RjMTYm7zHOny4fs2
+W802lvgWW0Kls51YiqdjmT1V+AOoyR53SIzwfZR5jY+FsLqr2o0mPk6GbzwS5Pk5
+XBrbegxQ/UrfP4YNAgMBAAGjgZgwgZUwHwYDVR0jBBgwFoAUsaoX8OPPzNKniaaD
+B93/btoH40kwHQYDVR0OBBYEFEWSz28Tk7VuNoLpo6HEQTpxsHIgMA4GA1UdDwEB
+/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwKgYDVR0RBCMwIYIfdGVz
+dHNlcnZlci50ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQsFAAOCAQEA
+pgUgjEi8b3mM4voUe2Wt14cuFOS0YImUvk/Pr53xJiZPLyJkBOVK821wqBKjmmD3
+29NaX9nshLc54lZfqvQBHTEWWBPeO1um94vimYyRNMVxoIuEA8c+a3RGGQndisFP
+2098JFQjdz55pW4NgG26CJNutjMmCW17GmVTEJCiQEpVrRYS0QEaYUZya1yp2Thr
+mQJGt3FyMi+LuoKqlhJsq1892cb10GO0E0Yhy/X33ihpbCXFMs7e5kqYa4oHRJIi
+cScs+CqFDO98FpiQaccUpWlgIbHIq/R2t6GcXgSsK9+JLrJqn2TMMpS5O2Qmy/bl
+AHzuGjGn+nomfAVFRuEZgw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 02 C8 BA 4D 34 CD 09 12 AB D7 FF 9D 06 11 75 8B 9D A3 D2 54 
+    friendlyName: Valid DNS nameConstraints Test30 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,577DCADE8158937E
+
+6IGI3x5K/D7d2IXqI/oa2gxu29K3UVhOrBxkBGoZMIxH+IPsN9xUautRc3j8qkxD
+Z84DO2EQd0f/JEYpJuJmwDP9T3UH9HkT5Gaypcwu/h0ZNpHN/9CyOU4wprh1X+AS
+pyFnr+dou8K6QZYnskttevV2rHEZVc8oHjI4fxYCqLOSD3dQYn0QVyvjMfygg9VS
+Gi4jJW6BAyNuEnoA+Fddo+Wu/BeqHMZyX+rKFwKxEVJnfeUcRE6uOiMw8Gv7ojDV
++n1oBdJ2Eo4JG2Jw1IcDBCSHQkCrMQ18HBw7menMEQQgwpIhOsa+vyK3cCI+wDhk
+MGrEOJPEiQOW8SR+JVEM8YTO0qZamveDGKSoPqWrVpMd+cHtvS2xf4cSOCZceDkd
+j8vPMA9CR93IecrKWDGqDuBSAwtFOW0qfX41JhDb3V6TxO2LNwNDsHpWjp+bKNk5
+VUWp4o6jGvu/YjrmUn3LskvNpZVxC54Z+3KShS0ev8BWHpOdFl6DIZ+3xR4coIcj
+AeyeP1wFqAXcw2VfPtZmQDH9f196jhfBGJqf/RYTzXd3uAMT9WRa69Xs/R2CrI00
+5YR6lu7kRVX56s/1WV04J3rY//wnzO+TWRurBgHqfp79eT0AVfdhWjp/VT10lbiR
+Q6UOcQ1IlSdpZGvx14ds7KAo5jTVh4uZhGomlR27sxxPHinS9mRoP8ka6deRI7ZA
+vDlUwkIjLF2JFK/yLVX9fWH0rL4WhoxiN0eMEu5XUnhlFe9oqWQC+hd9bIKwxfSj
+zMgXGg0N42FYbEygq1rNv+lAfqdZX9Y5VSkFyDeVB5+qYOmxCnk2MpFqQm6c6LX9
+9XWzZnLH20kWqBMxMXcEtEiwYZbrJwQs6DGVwWh80DykLuMU4Dm5L2N3gA3faEH6
+lUlBg8g4Z1pBRw8a9kE+6JQ9YOHEZveBQWgt2QxzoGOdo807kwBPkCzZRsMIr7Gz
+AdqbaeU+5XJJtf7MoCNuXzxWHdkbfDK55IRM57j/Smw9E7QE6BD1QEsZyFExWcm/
+z21b83nxae4QL8cCVGoIxCIWRconx0X6uHV/hmONVsuLqvdkJo6kQ1aRXpn9uTg3
+vaVpepV4stT3iKSZAXIbKQ4m3nzURH2Nca7gEJDwZa7T654ySnj9qLM0mLShUxxS
+m2lc0di6MWBEG9/6CdGCfIzoedyknL20cBXFXmNU1ioYyeyaym58dtvTtTqX6zDm
+547uFHvAOTzpuSNI6p4WfN/IC9K0UkxgOwynOtDmBisNR8q96ieVr4ICB64mFHqT
+Omi/qvy7vo9OaQUdEMRapkdOe/9Cu1X5VhjEgkOQA6Uss7yEJ0CBucLlicKGg8ji
+1pMRn+C0UsY3XWRLp0pzNkzdjiyZjr9Tn9+1gi6LMripWuBeMRd58nYriRXqrkpP
+86qNn3iA9VvvzT0QdOkjXeg6NvBghU7JjKYmbSenSNfMwCO94N2zbTieLUPJ7Vrp
+w0vg+lfk8ut/7yDv/BB7+6I/CXUaO9ane9qfs6vw3YNO1dAl5FtQubBPAV2q4Emv
+J9+OtZHp9pvAL+zMK6OHPX6aMiskglybah444IQs2nXbj4IVyyOvO2LsP8vY/pLR
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32.pem
deleted file mode 100644
index 62413ef929..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DNS2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBRzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIEROUzIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANmefIFU
-RUgrahNMyIfzibuPD5LXv1aF765kc/ROx4BQYuBUZehjaB0G3eHv0wGu5rSJbnoy
-Lpdv0XVvBKEai/K+9iIereljhcwZzKTbHHvAdhCtgImX/Zz/KZ7OU4GZJGkdcj9r
-e/szQBEqTWkWB7hT25WM4ghi5xAz1Tn3foOxAgMBAAGjgagwgaUwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFH6Q3Dvq3pzSm0JE73sa
-zW6PkuC0MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zApBgNVHR4BAf8EHzAdoRswGYIXaW52YWxpZGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAekwpteebcTHJ3RTTqNmNlRsw
-aSa2MtBlaOVNyWi/Qsgy/LO5We9Ahkq56VlKB4WTWCFBdrbbnZ4k1Dpgj+NA8YBD
-Ysuq9KofKqycs+alN4JOOMtKHzbm05wPqkhY1qbBFAUbrEm5felp5drbJys97mCX
-bm7XHTxTuImtWM4ESC4=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid DNS nameConstraints EE Certificate Test32
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DNS2 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBETlMyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgwNgYDVQQD
-Ey9WYWxpZCBETlMgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Qz
-MjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA374o7AtX/s5zVHxqAws7oJ0X
-W9efE9ztupuhz0gxjrTuRbVoFj3Z98ikVL8RLG00VdWjgbKd9gWB+UI4GD01A7Wn
-M5bSXi2t5fcyVYPxPjzhrl2gW/DfUYO4U6LHtTqID+ARhddd3Xlz/6WXt+gOLARC
-4zuqAsvNuNpnFbI5yA8CAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBR+kNw76t6c0ptC
-RO97Gs1uj5LgtDAdBgNVHQ4EFgQUpTkqy96R+925D9dnz/clmePZZx0wDgYDVR0P
-AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAqBgNVHREEIzAhgh90
-ZXN0c2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GB
-ABBLDmNvZzxO6JM+lTiTscA+ikguaFV+BdfdORenOIJYUHV/j5MhzLCcOqh32U/B
-KZqQ9ataMvRSnqfnTHtRCWo19S5qT0QjVjVfYsDfX8QQy2jJ6bI9S5vn4bLO2HUK
-jLOabPS5lyHm10fdN+g59VKHjcBKmkBkngTkhVqVLOxL
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DNS2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:7E:90:DC:3B:EA:DE:9C:D2:9B:42:44:EF:7B:1A:CD:6E:8F:92:E0:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        02:f1:3c:9c:25:d8:e5:f3:99:97:72:47:d1:94:a1:f0:11:0a:
-        8d:ef:9f:4c:c6:3e:93:23:1c:76:92:f7:68:f7:8f:9d:d0:ab:
-        7d:73:20:ba:f8:ea:1c:90:10:59:01:07:c3:11:36:15:70:b3:
-        e1:80:3f:38:65:42:77:78:95:79:6d:a9:88:c7:54:59:b2:52:
-        9d:da:5a:58:a1:73:1e:07:78:00:01:67:02:41:9e:82:b4:ab:
-        f3:d1:74:00:8f:ce:fa:78:8b:c5:ff:ca:40:ca:88:90:ac:74:
-        78:41:4b:60:85:3f:43:31:7e:1c:60:bb:3d:91:09:df:9d:f3:
-        6a:40
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBE
-TlMyIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBR+kNw76t6c0ptCRO97Gs1uj5LgtDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQAC8TycJdjl85mXckfRlKHwEQqN759Mxj6TIxx2kvdo94+d0Kt9cyC6
-+OockBBZAQfDETYVcLPhgD84ZUJ3eJV5bamIx1RZslKd2lpYoXMeB3gAAWcCQZ6C
-tKvz0XQAj876eIvF/8pAyoiQrHR4QUtghT9DMX4cYLs9kQnfnfNqQA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32EE.pem
new file mode 100644
index 0000000000..b3becaf563
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNSnameConstraintsTest32EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 81 FE 9A 03 53 0D D4 4C C1 A6 2F 85 29 05 F6 9B 6E 1A AF 1F 
+    friendlyName: Valid DNS nameConstraints Test32 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid DNS nameConstraints EE Certificate Test32
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS2 CA
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIEROUzIgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBoMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE4MDYGA1UEAxMvVmFsaWQgRE5TIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZp
+Y2F0ZSBUZXN0MzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjO31Q
+u1gnI8gYuBTTqe7O7qzK1fRNCHmFrxovthEckh/m2yz+SwSMCRV3tYWgOu4g/f68
+Gr0+3+0fhwI8ZNlkjvjZG6ZaaDLQejsfSwRDdB8OcB1V6p2EMSxRBGj6ZyTGObq2
+1XCUJhWE7aT4UDw0gZ9Gw5MsdzP9Mm0ZujF+nknrMx5IcktNwz4GrZ+PXDEd/7BU
+ZoosEtzX33b0toggo9LPTKRlu0c5GJqLbb7dCj9nuErxTaR2x9xGFdYdSuJxhlPK
+NwGCPV/RdbA+b5LmhxfBoCNRYsDHc9SGaxJxuzxJaRke7uqNc8E8xiEBb36uwN6B
++P7SaqaFMB02px9XAgMBAAGjgZgwgZUwHwYDVR0jBBgwFoAURkicQgmOXVNw2BYe
+4MHJGBU1CgYwHQYDVR0OBBYEFC+f+0RS6fd7DHdf1A7xDiGx5OcdMA4GA1UdDwEB
+/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwKgYDVR0RBCMwIYIfdGVz
+dHNlcnZlci50ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQsFAAOCAQEA
+Afn8pFtzg5Eyk7U4Qz9iaw0+eaMiO4wX5iy8CP32AzJf7EJrykGk2G+/ZCJirXdB
+KJHPHqVa1SuIg/I5OOyku3VAl2nsVvR3FbouEDwrRQMMF9AaRAPHW0Gz6sb3DZWO
+gtoAdJgPQukkQ2t1Usl6DdsObESMNM+lE/O3qZBPvAS5FNuk8/GNt/l+7XUYub5M
+q9myI8bAITKwYNH45K/6uahjVM2Hzzw0cx1DINxfg9PxP4wmA6AbZkgLazgwGaZa
+Tv0xkbdy7RaP0nDXXRTlKpPYvplmmsfiYQiB1J9RedeHXsoShC2RPPcEWe9kAjcd
+ZVx3nY9LshmNiUS5XqpLhg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 81 FE 9A 03 53 0D D4 4C C1 A6 2F 85 29 05 F6 9B 6E 1A AF 1F 
+    friendlyName: Valid DNS nameConstraints Test32 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6F7A00D5B9CC3F0B
+
+VQl9PFCblPbDF+VKlw/ar0II/RjNtJlFeOvxArEr9OP58NYpTxVdLPzGV5iESA+k
+ZJUWpH09G7OylczvwVJYkuVCscsd26XrgRAsO7uc35hmwo4kuM6fzcitWdX5AWoP
+6k2Wnl0uT3ZrcUHYUU4TmVjqwG040ZO85zwU7NyG0Sr3rBInCYaOHoWPxYI+w0JM
+elxsMi+Vd/SIMrMdRz9bZe6OW7NnVEEF2dyM8v07zgVNEj2qdeky770urJ0ftIkl
+zFMjRa1O9E1uZfFZ+pMAh2MnB9ZLwHYn7k1jaekOzD3pxaM6L6ywCYULDQ6n4Kd/
+tnBHllU1pcJRgCyiuNSDcBRe1LvDSwY8R38afZVywSk7W3PFFOOb9E6OeWHE+cjG
+Gvz9I/Sm5Od5Ub27LHuqeRp58qExi5gTZvg8QrmSLOisCrWti3kEk4sNixSoTSoL
+DS/IiKie0SecB9rba8N3pyyIi/ExgZX2+z06/7Fxk1sY9WWK2WaQzG7oLyBPWM5R
+0AG9eWYRq9PiF3nVTyHfRR5p/XfrpOKl9i26Y0Ve3pjrr6BD9hA898/zuqqp3Z/F
+lQATWWmzdda8rCym3xH/PTlUfWFyX+eCR4sLlgHxga4TU8maMMImGocBMNvFa5vh
+amSpo+vzlBVtKXIQMUHtIEq9+vsiJgMMh8xbikz9/KCnB6QrR+gOFRaLsC1bVUsK
+DL11crzhbVDVLPwQSpbhut4gEuR85VDemQWKmn2jvQ7czdanVv5VlsfURF+A5IAa
+jspxKQs80+zZ5njoTrZog2peuMJZoh0vz7Rn9C9y0IE9KJu6Sd1eF1qgNT+jAFcs
+MBlTvQX+YZpiJp7kzXQAYdSFmDX3ohmttAGtKMrFDPErqUda47s3j6WBiDZpsRLD
+HB2yET1Tey+fyNq2kMWR63v18gAuW5CI6/8CDw/17kH72ro4Z6HpHEhPWF3lax/v
+AknUlI2vIw9YGCDwFgZnC6/FlhI7cURI5FvzPeeDBn6rZVAV5QDyAGGkI35yWOT0
+MOPmn2kwcAcfb2SFEy7hooSTo/PY2ExpS3gYKX53Zd2NyVDq66ccN99C41s29C8k
+1o31W47g55OLO7CRE8QZWZlgEuCcZqFIycqO/kyyCaY1SvZPG+gjhfzNe+smrm3J
+8asBn/If8czuqy81irL+oUYwW6+4q25zJNzgSHPdphFFuB5betA67+gsMOeTrKj5
+QrgRKyINQ1VDtHakoCxvAbdGDNYUseoZN3TR9935MMzjwZl9b+1C1PL8IvtRBwfU
+rN7sqB+EPP3RBMiXSUP9aDexx1ik0KYPLIZCxoj9EJUr87kI5UCfqgO+TAoSdo+e
+vfo5u8+vSr7yKVY0ldR/rJQ9Gp3csPJDM5vy9nsMg09SPTXZyXziMzsVlc57yqde
+qcl/p67YWULRGesh00UbiZCb0hnIIPBI1AmHwWSx8gVRZuI9IFVDJdXsIKT+b5Y4
+P99FharjpKMxkwXms3Jvrc1zd4F0WscmHJ8SHMkHn25PU1L4XuFdESBIoJ1CJlGt
+lDJ7W0CiP/ZuE3VpRzGJml82zHTIyLhKu5iwUVC6CXP0PUG6vv42ipGmOc9jhyWE
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27.pem
deleted file mode 100644
index 1da7bd70d8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIC0DCCAjmgAwIBAgIBCjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x
-IHN1YkNBMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA37aIkV7sYy0JnIQ6
-oLcZr4T5fsXvU6SzOxBfPrtNDpq884ix+hP3zDxAwCSO5mU0znQe9s5im5Mf9yKK
-0FIXOAHFwMb5M5mAZNwn7Tx0XYxDfBx94lsMvJdBDCddmTB5akZgQF5Iir+Y52y7
-yiWRJM+ZmowFfoi5rp/PgkSOJxsCAwEAAaOBpTCBojAfBgNVHSMEGDAWgBROLqPn
-2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQUV6v4nCfI0vTmz2+qIAs1ZwSDJGsw
-DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MCYGA1UdHgEB/wQcMBqgGDAWgRR0ZXN0Y2VydGlmaWNhdGVzLmdv
-djANBgkqhkiG9w0BAQUFAAOBgQBlTO2ECGQPZsbXzVHd/rGejurHrD9MHfTQYJCn
-pFjAPq3wSo4qFVopG5gl9s4rdpNU+XvoY5zO8MVxTnfFi5G+y2CWZTG0iIWQmC8b
-ReqDdpVeAV3ictgaDyoU1ApdemyOS2pHV0mgm7vPYCx+17EXzFBphUICViSFv45n
-cu1nCg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN and RFC822 nameConstraints EE Certificate Test27
-issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
------BEGIN CERTIFICATE-----
-MIIDATCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1
-YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMzAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGJMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy
-ZWUxMUIwQAYDVQQDEzlWYWxpZCBETiBhbmQgUkZDODIyIG5hbWVDb25zdHJhaW50
-cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAL23wxEGImwm+05H4yzrxRQXdJBQp/RrfHB1tjFbPIUzr6hR7T+xNjC+3M8r
-Y//0sOjggeDwLkrbhDl5TK9qQUui3Oys3QORkLfvuBIKjHtzUYfyizTV86KvAybY
-dMOrY8sc5zivU0N9+FESFwg/Kv+meXt0vgL9DSe7PsFnaC8fAgMBAAGjgZYwgZMw
-HwYDVR0jBBgwFoAUV6v4nCfI0vTmz2+qIAs1ZwSDJGswHQYDVR0OBBYEFN3zmdIg
-RlRJJv9aNE/zRRJu9+n7MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwKAYDVR0RBCEwH4EdVGVzdDI3RUVAdGVzdGNlcnRpZmljYXRlcy5n
-b3YwDQYJKoZIhvcNAQEFBQADgYEAEiXPBPlFwaHGZ5TqIDXXTXn8ViKz9zfr1imR
-nhJlqZJTu2TlScmSN4vEg6++1wS0vVxiPiwNQkrH78lRNTH56MQOH92DxRyxF40M
-5YJc2GuFb6+ZkSKVWDG6UbkbMxjaZvqd+jnODcW1K2lBl1jHiv61hoNxe6VrNb4i
-m1dYiFQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:57:AB:F8:9C:27:C8:D2:F4:E6:CF:6F:AA:20:0B:35:67:04:83:24:6B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9a:01:ff:a2:5a:8d:4a:16:d9:8f:d1:7d:40:a2:bc:eb:6f:fc:
-        4d:58:3b:b2:03:77:79:60:99:5e:f7:f5:b0:39:62:10:15:8f:
-        67:ad:12:b7:a6:2c:ef:de:76:3b:90:26:79:b7:1b:7c:3c:25:
-        b7:bd:11:82:78:21:93:5b:11:66:15:e2:e3:d9:77:e6:a1:18:
-        6d:dc:46:88:f9:13:7f:28:5e:17:95:7b:a6:da:4a:00:c3:44:
-        8e:f4:00:50:a6:a0:52:86:90:cd:40:54:66:92:30:0a:64:0d:
-        09:19:17:64:41:33:08:5d:c3:11:b5:ab:d8:61:5e:a2:60:56:
-        a7:d5
------BEGIN X509 CRL-----
-MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx
-MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMxcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUV6v4nCfI0vTmz2+q
-IAs1ZwSDJGswCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAmgH/olqNShbZ
-j9F9QKK862/8TVg7sgN3eWCZXvf1sDliEBWPZ60St6Ys7952O5AmebcbfDwlt70R
-gnghk1sRZhXi49l35qEYbdxGiPkTfyheF5V7ptpKAMNEjvQAUKagUoaQzUBUZpIw
-CmQNCRkXZEEzCF3DEbWr2GFeomBWp9U=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27EE.pem
new file mode 100644
index 0000000000..4420519b07
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNandRFC822nameConstraintsTest27EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: E4 9F 6B 9C EC 2A 8E 46 DD 98 0B 0D 37 F5 6B 26 15 4C 2D 48 
+    friendlyName: Valid DN and RFC822 nameConstraints Test27 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Valid DN and RFC822 nameConstraints EE Certificate Test27
+issuer=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
+-----BEGIN CERTIFICATE-----
+MIIEEDCCAvigAwIBAgIBATANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UECxMRcGVybWl0
+dGVkU3VidHJlZTExIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBETjEgc3ViQ0Ez
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowgY4xCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJt
+aXR0ZWRTdWJ0cmVlMTFCMEAGA1UEAxM5VmFsaWQgRE4gYW5kIFJGQzgyMiBuYW1l
+Q29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDI3MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA4YwJBaWuiNbOXsrZHR50iYNo/KP34QUkqySEdyVQ
+XRYjgcVtLO5sRCeH16qBeglO26DxAouS1ofdzD48hjMWLKzNwAumWmrQhkhtUQhP
+EA2ABxV4rFW2fKm+jjWmPNxhLWceJED3XEnY04pHfy83gC8YDgPQeqRn7gEdQbaf
+tgUT5/yzBii6idSbJwWwNtMho6/6a6DabRtdXlz4h0hg4OCPU6aPUuIEa+wupnnZ
+ac1Rl+XSZI9gt0jEMh99WDpi15o6QpItW/aPxiZ6uokdAds0DEEik5JsbGRSzLNZ
+JbiLV5kOQgtzyj/GQ4HcigW0k54UQWx1kjj4YwsgYvpOTwIDAQABo4GWMIGTMB8G
+A1UdIwQYMBaAFCdJ5ATZRfpsmJRs/O0NwyRSbVVEMB0GA1UdDgQWBBTRTIBGyj3H
+PjdjTstrMzXkvcN4pDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMCgGA1UdEQQhMB+BHVRlc3QyN0VFQHRlc3RjZXJ0aWZpY2F0ZXMuZ292
+MA0GCSqGSIb3DQEBCwUAA4IBAQB5K5dCXwefGo7l2SB8szQesEoMosZISkK5QRIm
+xxHkPMc2snn61jVFDOVvL8muOL9hSNPBiOHBNnXC9mypo14FEfQRI5FjLm8MViWp
+doY5fn605DBnB5Cpn0gcwB/MlPe/TDbCVVON8/NNqWqyVZ0y24wF6LLjYaHR9QmV
+zdlMfljjO/gJVNxbhad0GL5IqMTjkUgAIC0z+ubj8M1BJb2qdIOk1v20syn8r9at
+iN/+SBwawEpSfVR7K+GIFL4xSjPCqHytmSMMCX4HkGlCw5rlJulusIvt2tc97Npc
+v2KJSeZ81jehHBt7sUVqV/DgO2XIrysN5qKcD3nZs59qx5YK
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E4 9F 6B 9C EC 2A 8E 46 DD 98 0B 0D 37 F5 6B 26 15 4C 2D 48 
+    friendlyName: Valid DN and RFC822 nameConstraints Test27 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,72CEB87CF5E919A0
+
+1kIqFRDkRsg9vR2Y140zuDWapk182kj2r9IZoE9dBx9TEOA19bs0GUqsZRE/DpVZ
+44bOzHVB913aL7wNEK4vEZD3tf6YDu5aduHPM5c3jmzNu4FjnGqby9kZP5DIiGRl
+7H13Esg+8a24sP8Uax1ypHUhhzzvwn07tpVrgpyf5xYyDcgJU/u5REaPq0xdpDH6
+A509+sAyqFm+Yq73NO7OE0czQlm2wyil8c+ngHvrNdD3AaJYhNz+tCy2tq5RXlrZ
+5OYSdPKz7P7y+av0JYki8L5HWp9QhD/qTjeUDn/v5JTD/QV0QtWKVrd9rJqdbAMR
+tGSAlB3PY11hhNq43M1/fgRYwzjqTsBPAjBjmtiWCu2kfqm7v59nOfljbsinbjiZ
+tziKJn7Ep2yWPOv5f5KqLywNU21IshuyuM2JWPWsnDkG+jldkS+PITCVZ1dkJooq
+po6xC4Yf2iY9JUy5zdXdUe/eTaLlpbM6e/R+rhHlfZo7MeyFxdiB5fJEA87T3txX
+hzuDjOIN4HUqND22mCcTwttRki8JJARcZdxPcZXWX65hPpoZh1qXCP7IC6YQ7Ck2
+gZycbr30JLPAMgXCNJvAwduDaU6R5wkI4KYWGTuGodfu+ELAbG1uYKHmf98++HFv
+o1ewQgshmK7fc/Jg1WgFISEu0aNMxy7u/llxzhsK1nWllVMULQ2RkjNkEfXcZB4H
+9m6KJrK8l7T8OSfhJCWr+d1JIso9Nypv98GpKKyq/rbbNizGqoXe7xPtvTjZF8gc
+zAy2ksJ38Kd8W2bxW+pzfsn2oHjyQAgEnyas87zzF1aYW0oVNwQ9LtCy9vgkJdY/
+KM5UPQIo4HT7kioz6RY+3ILug83cxblnM2Iy9ivwwMzvl49N/DIKSXtgntsbzNj5
+EaNMiQndpWTueD00hI3rSpzWDa43K30et9xVkqD5Ypg+pkwVg+OUeZl7jAfCtBFP
+6MOw8VADxerbKTFUSfJDafYA437Zs/34fst3FFCrp8WmNjKeFvjUrnQptv5epsq+
+BFp6dkz0w1VcHNJdVlp2WLtrXb0SRFHMlVsYduN4iwY7bXTewx0BDJXnIVADymsI
+OHykdXEnSxfxm4SephKBKEq3Ro71EOt+P/qLrnLxh6p+8RPbt7fr505QaKqSLO5s
+Znz0daEKhG4G2Fc9oo1YjSdqbTAZabI9o/TGIPF197A87fvjjwHbc+PLkldE++Gb
+x+nG2ufQAGmqepJkbzPNdkhDGtrr35lLqUXkPeX6MZNf+fdK6zCmAyXflyboSggN
+WX+5s4V9KhvMtsCEiiGDfR3ULzxRIdJgtK+In6YwfoXAdOdN6A4MIvnxSQnXy3Zn
+ttKsvEsCuFVnFA3axJuXYj9O+f6O9/I0GgQGyBNj28p8c+YZtNfW23Ct+In617z2
+d556AQI727H9vO9N2EwEeg7IuqVP3IuyrVXSj+jqss0LEkXOaaN4ZhqSkLybqCev
+xfpVV7z7u4dIrmX2GarKGJmwPalwpKLH3Ado1x77ZjxZ10y9RuvZrgVL65rP5qqf
+3E/ADVTPIdfw7CZIBfb2sSlgEKYZs5/iFHujqwEIl1rNiRPP7fJzvlcXpC/kixgH
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1.pem
deleted file mode 100644
index 45a7bb6036..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIICqDCCAhGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB9MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3Ry
-YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBALJBCTy1/LSNTMnBOuzrGV4EuZM/iXN4/m+w9j5uwlLzfyPGdceIOSA+
-vOAPdr/9ralb/4Wvr2H7ive/ruSrj338JwY50O9BMowjNWiBs+G30rUMo+lFNoHV
-eUfBE9TZF5MiZMRPH2UiH1QqCHSn8Myeb19XahMyIfCVqISqwIEPAgMBAAGjazBp
-MB8GA1UdIwQYMBaAFE4uo+fZ3YungjtBSsOefFkjV05TMB0GA1UdDgQWBBSa/kUI
-iD544eivJJmZZwWNNFasSDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
-hkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAGlp4H06BUnD5PHzz/2nv9PBE7Vc
-UFLCQzhBdC13Ml9hLy/5ZLFWjlxnMKCuL51OVW25ocoUaUubwgvi3crDc4O9p72W
-xYXIEa7PYpuPadAEOKbdZJNB0X1aKWORBpaj6yiK48WMG0UydqIZps0wcfAP3HwK
-yZa23hxUZyeu9lkv
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11.pem
deleted file mode 100644
index 921ee94669..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11.pem
+++ /dev/null
@@ -1,113 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/OU=permittedSubtree2/CN=Valid DN nameConstraints EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN5 CA
------BEGIN CERTIFICATE-----
-MIICxjCCAi+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjCBmjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQL
-ExFwZXJtaXR0ZWRTdWJ0cmVlMTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTIx
-NzA1BgNVBAMTLlZhbGlkIEROIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0
-ZSBUZXN0MTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJlfx3jHiQnBHgwQ
-XhHjF5QJIB+q+2Mc2w6gHDzym/PiEa5utF2eNcy1cskZiVaLmODreo/HtQpn8Iv+
-YBfTuMT3GDXVTpPFfhVvtm4c7xz+e8QcJhK5TapF4kA4ejKPY8/JzpEtMvIS1tbt
-w4ZQteFe2G55WqBlnMnwK3yQtphFAgMBAAGjazBpMB8GA1UdIwQYMBaAFBI1n6zB
-uaHjOv7xL7p3sghOTVntMB0GA1UdDgQWBBRiLDLb16WReucmARwbU+K2PP+CPjAO
-BgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3
-DQEBBQUAA4GBAD8UOLijF/GmDv8mf/f0lhyLAbW8kylUTYgCUJpSlOL5pbtDoy/d
-9OGqYA3uzDmQJxeaW2dzPwxOjV1IVBVFjA1yBiOpxQrLhc4vDGnVBpYfcvVzy1Dh
-0jntUoxeVGCVSTd5DX1DWqzfQcOvEP3kiPGhodlCrY1udMFkLCuleB7B
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN5 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDRjCCAq+gAwIBAgIBQjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIERONSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxmMyGO18
-wxt7plFRZcGPd5GxKiCL+NJ+O/UB82qQ1+GhwlsBTSo86QNLh9KPIjs3rrARYIo0
-FqA86FPnpIiE/yWOfuQOeI3t6yvWf0XsXvcffhjW6n6sErOqhXX7voiJODZMseiM
-wQ2Md8CcE3j78i6crfbdO6xGp2xNX63VmkMCAwEAAaOCAUQwggFAMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQSNZ+swbmh4zr+8S+6
-d7IITk1Z7TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wgcMGA1UdHgEB/wSBuDCBtaBLMEmkRzBFMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBl
-cm1pdHRlZFN1YnRyZWUxoWYwZKRiMGAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExGTAX
-BgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTEwDQYJKoZIhvcNAQEFBQADgYEAp32j43pb
-BqBj+2V14kyvmo+pgQ9H/ag1zf7WG4ei+McEkF7yvHSC6nfXJA19r+q2fAnvIU4M
-TriscCGq9oE6qzd3VIQ5wx8eJp8v9SG62gxZe3n1A8gzG37TvTwBOeEgxOKBa/BS
-8MNUbMO2SJwuE2pi9fnMhCgx9JxUQvQLou0=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN5 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:12:35:9F:AC:C1:B9:A1:E3:3A:FE:F1:2F:BA:77:B2:08:4E:4D:59:ED
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        74:3d:76:85:10:61:c5:e4:1e:19:16:23:27:99:ac:bf:2e:c9:
-        07:40:7b:fb:45:44:5d:c1:6e:d5:5a:e5:6d:35:d1:4e:9c:e1:
-        b7:21:0c:2a:7b:7f:27:ed:9f:f4:59:15:1c:67:1d:4b:8e:ca:
-        19:7c:a2:78:22:bf:28:67:31:5f:bf:f3:73:73:ed:c3:9c:fe:
-        2f:16:56:80:ea:ec:27:dd:7a:85:15:2c:e8:fd:c5:80:2d:ad:
-        36:ac:8f:39:5b:d9:79:ff:54:82:c6:61:37:e2:b6:07:46:8b:
-        df:2c:86:2b:69:ca:d1:c3:71:4f:3f:c7:e9:4c:c9:23:85:85:
-        19:9d
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjUgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFBI1n6zBuaHjOv7xL7p3sghOTVntMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAHQ9doUQYcXkHhkWIyeZrL8uyQdAe/tFRF3BbtVa5W010U6c4bchDCp7
-fyftn/RZFRxnHUuOyhl8ongivyhnMV+/83Nz7cOc/i8WVoDq7CfdeoUVLOj9xYAt
-rTasjzlb2Xn/VILGYTfitgdGi98shitpytHDcU8/x+lMySOFhRmd
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11EE.pem
new file mode 100644
index 0000000000..fce83db62e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest11EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 42 21 9B 4F 53 30 54 1E E6 BC 4C 2E 7E A6 DC 7E A7 74 74 3D 
+    friendlyName: Valid DN nameConstraints Test11 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/OU=permittedSubtree2/CN=Valid DN nameConstraints EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN5 CA
+-----BEGIN CERTIFICATE-----
+MIID1TCCAr2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIERONSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGfMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExGjAYBgNVBAsTEXBlcm1pdHRl
+ZFN1YnRyZWUyMTcwNQYDVQQDEy5WYWxpZCBETiBuYW1lQ29uc3RyYWludHMgRUUg
+Q2VydGlmaWNhdGUgVGVzdDExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA01aMPpsarfXTbYAgFvrguR7kpQFB2n1BkbdNNhOcH46ur17thybR4gMhgKVy
+ILcpweStTS146Ezc4LjdRqKH51Lr/6QMfRF78siZfrAjbG7PDHmyX1XS1nYpdwnD
+nkK4Ajzj/CSYEzsASZ0vUt9fjEWGSBjJy2G7GAD4CENSnK9pLStCJiRrOQBNljEp
+i4USasjteKMMsmObpi2UN6i3PaypjubH0quqEaTd1T1okLsLhgZSSFQG67toDyln
+YggwV9KYiQKlBgNkGESKaQ+5scY0yGmpL41HRdehDEyRDfyhGTld8TiOkDBWI0M4
+D0UgdKsEtl266bBheQ72ggr79wIDAQABo2swaTAfBgNVHSMEGDAWgBS6nwnKkDmc
+Tnda6/sQlazTp0pdJzAdBgNVHQ4EFgQUEctmOQ3qs8HYJEuov8tpKBE0oKQwDgYD
+VR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0B
+AQsFAAOCAQEAymcKvWtG7XwsLtRjAAyciN0MvZNaF7nyKiPuY6YjdB+N6DDUwGEt
+N6yPWHIsTGtQ2QbAGoYivFz0uS6bGAmepNcjay+oGsL5pEGV9hPcCqL51FvFt3eg
+w6m0VoEOS6tvmQ9Xd9eKSRtyBgBwVwTdvhbw8qhnh47+F40MThIUa69/Zec1Ihem
+LcGAbdvzLOw7vAdu76gNHoECHEtAx0DntWVJqhHHD68NOtFeWCz5/582KYaAhcK3
+XVPMI8dkSN9vFkUCYW4A+GfXflQFj3IT+qfhfLhu8Xvw8yfr535h0ollM6dN3OaS
+DTwwkN/wHr0evldYdBGOiU44oD0CBxYGUw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 42 21 9B 4F 53 30 54 1E E6 BC 4C 2E 7E A6 DC 7E A7 74 74 3D 
+    friendlyName: Valid DN nameConstraints Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B3836AB766A567F9
+
+CSm02WNdI3uzaWtp0BoPy7mdRqQSQwfKgfkYMUO/x8sO6UL82kbm1rHujYf4exqN
+ix8b9bsX7pm6jwL65t6rev7RYnobUlN7UevjKt6qgxTqSvRh2UEmngYcdChxxi5E
+7GBYiJsClbB+FIwIuTMkxjTqH2IiawKSjKaG8uMDYa93/qh/LrkvjlVVDvocdKwQ
+sTIsqlh0151Qib8LcWbNm2yxuGXyMIb29rDn5Kxua8CWrXyJJWOvT/DA6yCBpmK9
+l1uKGUnz0QFy1ut3exLjdvfreAffGAppb/Jax7SHQevMOGPZognQViZudRkq9ryV
+Q7pW4HkuzbHOrRaBSs/gE9mdA1skcFwxTcBQAt6lfcr8r+XFhv/1QYzu6pW3jJ46
+B00O6DWLlW2eKK/Zu4RUvXBCU1rO1feYMe6yp9JXsIresIgSnBfdsGVqBh1OPINQ
+vHgP3ZHjhgH7qGir3fFEuRyA3xo7oOhp5VjdFfKJcBpanzyYycYY9NiUAH6GZsWg
+mvXjCxI69yytzlJ3ueU9Bup6oxE50vFwqnIJ7oXnBgDsKz0irOUolixEPkwmCCeI
+vYM1YD9+6chtYXeWpoNIQvXlwpjYkJWd44FfTB7BJ9TzNIAKkm5GFooRfOcMxInb
+mGL0QVX+bfSv2RA9FzKREBoNhmQ3OFp00ZKy52EENq1YlQPuIxD0ZllmFZTd1aw/
+uMqT23JNznL3W1FWoZdUSSr0BnaHrLZqvxFk4OAha4UMtsjbhEsOEQNV3XyORYnd
+jjhTi9vMVIix+VttltI792klVHfrDVbCD0ZTxf5nW1ymCax2FxHLhe7lreKuFCUE
++lve+uUHxpU7JG1XI4hjeGOTGw6YhOA5z24PMnND/N7UqWPa2LQdIxaiXYW1vVkW
+iqxFAzdE7r5xCHIYzagD6kVY1MI0sDC3wSpXIfF57L18wlak3ELeYDcWhzyFtsJs
+yMn8ExnimlyYs/HBsXQgMm7EjB8qkYhMK5HhQiiM/xJTVcmYpLQcJqt6kCs+vlII
+l50YedYvD73x+CdQ5efYfnPce9L0vgWywLB2T6qSfp8NfdRHiOk6KUop8cSgcwio
+NFH5AwG9sbgjKK40D3cdlfO2rSLoCY99z0GNiNeIYw1U+VUp6vazdQe2kKGyuYHE
+1h61rHfyFqcPEgYRyWeK6figj947UVSEypnBFiSDrvMKLD4CFMShbcwvvyVlb4P8
+RU7+JrFNbGyQrF7RnLKLaty/JYTz5z2r9bb9g1lOK2PUmXctu39iCfBAycFHGrek
+kqyIXLEt2a/XMCealugdsD90SNgzP+BWIGzRRNW+7OR486BBfdgNHv0xL6+LEU0F
+qzLCUKVUulNJ+UIQf8mjhsBB8z9U+EpM48ETP+Rp1yO6JdGTPuzQl/b/7yDeoTRN
+o6asqYCx9+7/bDwJgyU10J3KXpi/tVtOs777pKxUIR6FC0UrqQtf6bEkbEdFw+yL
+R8y8rjca283yMsn6Lyefwx1dnFc83UGMKWuYm0Y3ptDHUu6y5n+C6zKhoPctPwBu
+wK5t+8ZOw6XpYgBadRAKKCx7slNxhS82eLRE0CPJaSz8B9dIAUSXjkVGGU8dMTRq
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14.pem
deleted file mode 100644
index 320f1d446b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14.pem
+++ /dev/null
@@ -1,165 +0,0 @@
-subject=
-issuer=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1
-YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMjAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMAAwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAK5n11EFLCX399YnLoDu+WMSsdD5RH6rHhn9p0cp2PAWiwDuXGka
-pOpn/ZgxpgF/Ydw7ASh9/R0rJD0EfAG7rADF6j3ECZntAJmdiO7euB16HhemfpVN
-ZRiCcehJVtTK+G3vptIsyPFsdWYusjaRHdEniqEv0+rI8ZdP2RBn/pn5AgMBAAGj
-ga8wgawwHwYDVR0jBBgwFoAU1a9rKA2drUhsDIIq/9JoCS8UbVcwHQYDVR0OBBYE
-FDv0z/QxqCSlpmLnB0ps7mSrkwUoMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
-MAwGCmCGSAFlAwIBMAEwQQYDVR0RAQH/BDcwNYEzVmFsaWRETm5hbWVDb25zdHJh
-aW50c1Rlc3QxNEVFQHRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUA
-A4GBAEfjsvrVypBwFe1Fa4RRq10LsqrrCLc1NPiFR0B2yliqIBq81FAJcdEDNmZq
-D8C5gctYTrk9OgXYKgTzUkO8UGNtOYhDPrz1LyBnpND5D1ggYJe+xur2EX0ilhDO
-iq9+08Vo59/dYFQlttOeyY+LJMNzWqQAxxtf3p89oTOgQfxW
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIDAzCCAmygAwIBAgIBBjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBqMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4x
-IHN1YkNBMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAteRgCqKcIeCHmYMc
-xyzmM+fCjW6MAEl+OFQ9Q7UJ1n9YE0TuaGiSxjTkrTXwDF2JoDwMtC6FoqnvEyEk
-kAxNlM0oiLhRxM9FcNCow3VK458jtPozrIgd/7PAP+FXsqPanD2DRYj4c1gNKSl4
-U/l6HyTj+yV6ax5EkPgQDLQlJksCAwEAAaOB2DCB1TAfBgNVHSMEGDAWgBROLqPn
-2d2Lp4I7QUrDnnxZI1dOUzAdBgNVHQ4EFgQU1a9rKA2drUhsDIIq/9JoCS8UbVcw
-DgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMCVVMxGjAY
-BgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0
-cmVlMjANBgkqhkiG9w0BAQUFAAOBgQANN5YtrqXFWfdpK19qY+rn50d/fYdLaOU5
-dSIAqmnB5woTCXdWF0LUADF4DkPfcWBxbE36lwBuGXBfiInH/5yLRy0Y9cZbtHSg
-QwTIf2a+38pR6QyBniftVBmBTuhO/PV+/kA8gKAZ6X4+vGMv69YjU9avYeS1o+XW
-liQdX8l7vg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D5:AF:6B:28:0D:9D:AD:48:6C:0C:82:2A:FF:D2:68:09:2F:14:6D:57
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        af:f5:73:47:0b:2b:ce:c1:5c:82:7a:07:ed:cd:ce:55:02:85:
-        34:07:7e:46:10:13:e0:94:7e:8c:27:9c:f5:52:89:55:5b:fc:
-        e9:08:32:b3:54:75:03:c0:ad:8a:b7:e3:fa:5e:73:10:90:5f:
-        26:ca:6e:1c:e2:68:e4:99:4c:06:38:3b:56:25:ce:82:a5:7a:
-        3f:0e:c5:a4:78:8b:19:d2:fc:a6:4f:f2:6d:d6:12:5f:69:03:
-        98:b8:00:c2:0d:4f:9e:47:fd:66:3e:ac:e4:fb:55:f3:4b:bf:
-        42:54:ce:46:a2:5c:fd:c4:5f:d8:61:5a:61:9b:a1:2c:af:0a:
-        a2:2e
------BEGIN X509 CRL-----
-MIIBYzCBzQIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRyZWUx
-MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4xIHN1YkNBMhcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU1a9rKA2drUhsDIIq
-/9JoCS8UbVcwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAr/VzRwsrzsFc
-gnoH7c3OVQKFNAd+RhAT4JR+jCec9VKJVVv86Qgys1R1A8Ctirfj+l5zEJBfJspu
-HOJo5JlMBjg7ViXOgqV6Pw7FpHiLGdL8pk/ybdYSX2kDmLgAwg1Pnkf9Zj6s5PtV
-80u/QlTORqJc/cRf2GFaYZuhLK8Koi4=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14EE.pem
new file mode 100644
index 0000000000..a5b3563154
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest14EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 4A 58 B8 8B 2C 1E F0 A3 50 1D 80 57 5A B4 9D CE 6B 94 76 59 
+    friendlyName: Valid DN nameConstraints Test14 EE
+subject=
+issuer=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEaMBgGA1UECxMRcGVybWl0
+dGVkU3VidHJlZTExIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBETjEgc3ViQ0Ey
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowADCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBANL44jTyFq7QAleicaquWUZlfqoETqCeRuZqGndG
+rpYU1yDVOmaEtITWmCQ22VaIIu7+IaIeFKNyoU0ELLvkWybmC4eI/uI4pFqQgrvS
+J+lJbD5jtlLcMNAUf78gd0j3bie97KHei9ipYaZtTUD9RD2CKSdSifI472U5ytsQ
+TytctM9miZpgin2XhaqgLIdV3KnrYzXCtYLoegjE8pOTrsYKOURylSDgtJsFwa1P
+HRwFQvPhhguTUGB6kkPGCgrqoyV5PfXWGSCvkaN+LrfNIqzL2x6xKoXeY9RaTXtq
+t8J5bkv2aI/SxH6x37wA1MiU3zuF+MIlMT2LAs2e+PixXx0CAwEAAaOBrzCBrDAf
+BgNVHSMEGDAWgBSiL1iDW0yVl7fu9oe0lw7gf+CXFTAdBgNVHQ4EFgQUXy6VFzDx
+TC6AfvMa6q1deaLwOLcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZI
+AWUDAgEwATBBBgNVHREBAf8ENzA1gTNWYWxpZERObmFtZUNvbnN0cmFpbnRzVGVz
+dDE0RUVAdGVzdGNlcnRpZmljYXRlcy5nb3YwDQYJKoZIhvcNAQELBQADggEBAM30
+T0niDNwc9oxJTmAHuLnIH4LSgOfNAqPC+KqoyjyGmZbsL4bOjpv3D/nvv3cOkuQk
+49bygt+lJsDonEKKYBz4L0jnGOZjC3d8UPu80v7nUkB1yzMaZO+A05rNtxA/iA6o
+t7N0RsDosn2Fu4q+77Dddx1JYp90XfglW1pXj1gdgrwAMwrweF/fDlAMPs5h2qGH
+K7EXhJ5sSToTsEIPVAoLiwDK6yFcCGyui+7koxE0ycDHsDJk0bqRhQVJDKrg7peh
+PBbUQT2g5kNNKu8gCB3UQcyn9K9twWAizjW9DNub8L0wsyttyaXJ9k4QMyO4x+OL
+E5sd13zm4Tfjnw24VUU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4A 58 B8 8B 2C 1E F0 A3 50 1D 80 57 5A B4 9D CE 6B 94 76 59 
+    friendlyName: Valid DN nameConstraints Test14 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8EA248F19DC1F227
+
+7Wv/sIjaQUUCWAHs+it1XCJvgYdX0EpK1qXj66wXzUhTbmrHkax3xGe/VaYsmdd9
+o4lUAJUhIUrtTwayn/uZl5f6H4BY4q8baU0XonoFnPmSZ4q3QpzVMq8FV50+3hWq
+mmKD4yhcRchNRKB5tvjC2IZXW8gyQJtaeZgLKQuQSfjXMq5370lLjC1Ri9HAQzqR
+vTxJrI7ShudRoRhF7flg1tV4StDYRMxcK+38k/QoOCtkmwLJ9ASUPwCakg70dRCF
++upuRKLtVe0M/wujFU/tYAQI0+kNdCXc/1YeRUdUD4IrOk4TKi1f6pDoL9hL7Dnw
+Q6J5hh8CFKqzsIvPPNCm4Jo9D9oDktT3ERlKETWRIdvy37UE8lLXiA73JoQ1srkp
+NdLrOb3U7/IoIQSvcRbkg/KNJfgtQSCw2l4oj04ShXMRrCbmlUOEIOAVaCx74Box
+4ycUakWciuEJSIsQ1Mh/H2mh40dWZh4iZju3tk33N0YKzw9azhLUdpCPF+Y0H0sk
+rROyKWKpqxNsft/rCuZcl1I39CFzUXqxRNSbs7WlKOOuh/6qQv1Fpg1AvIT3v2Rh
+SO26RVc47oEQPEK1C2ktnNJRqhCCslm0qqoofnQolMKSfC+3eI27NuvESGkgafcW
+WFXbK5Mp6xGcjE63w5KmBZw/0DnUkmuJoj0hxawAbfxU7dackLn0z54VrnzyuDbu
+2CRzVQkVq6ptz+qQKSvOIYHIzmZaFlSr0MGXR8CJSBNhFG4By8azOmtlIKF7HGG9
+JrZSgBw0ep6I7h7MyxOUEsji4MUPn/+3S5h3UL9Wex/gqXYwboeN4Pm1Pbk03aUR
+1urrLNcmdBWMa6Sllbe+oJaneFM3Ci908cgUOQ218BgyZJYi/Dw5VJPicrcdmmbn
+LkbAW265R9VkDmemyqRSyFHdTwMnH4NBx1fkhzaTX5rli00pK4vd2AG6EUkBKKKe
+eJmoUCtWlXINj66Yl417QpuM4yPGF51Q31Bn30pZ97RZGEeJWNn7vcuIQxESM/4/
+BKsBA0CKqM1wdKz1Vi/Cjb87zTLGgeS90rHBOa+Opr06J6qzH1d7xeWTMBCMkUCs
+PpI10QWEdE/pR8/gXhtPb3Au5s2iWFmPeeAz0QlPtGNogeAMZGxOIJDCSqaXgtW2
+rTApmIF1fmLxrnSIA53YlCO0ZBq/y5LBWn635UjJ4gZtE1Ct2vzx1cCVAVreanoy
+Q/+u63XRe+cPDsNdpUpVhr1giRn9PzU92xRf/Qjh3dp80qvnYCyZrgy3Dxf2cxLh
+aSANrTIiZI416dHI/c4sszZAoqsO2uAavY0ll1q98PTIFx+gXo4Bz0pOW3xs6YA5
+eaWRFQbL/aiYzz8RepZJOv4g4LmFgX71OjSOA6zOW88yiIUfoPKLfJt7K7dGvNFR
+zl3DUieK0MoAnyfKtPLRPqtCfWjxSP0cyFYdiQp1W7Ao3QiP4sAs+bqncz/jXNcV
+iTxvp9WH8NJ6Kpf1h3AzZgXeDd9B4M/g1EHRJH/2uvbf8BzYKAMGOXYThsrdTbXp
+/cm5998qRWj0F7C9B9FFlJbK/bA5DIR8gLVusSbdLIG5kKI9oH2Aiw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18.pem
deleted file mode 100644
index a9762440d7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18.pem
+++ /dev/null
@@ -1,162 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid DN nameConstraints EE Certificate Test18
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2
------BEGIN CERTIFICATE-----
-MIICkTCCAfqgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBETjMgc3ViQ0EyMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-YjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTcwNQYD
-VQQDEy5WYWxpZCBETiBuYW1lQ29uc3RyYWludHMgRUUgQ2VydGlmaWNhdGUgVGVz
-dDE4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDB4Ppc8a/vNVYqFPhznRZF
-lo/ecz5fZXYIuGCaozBBsqZu+6JFjbrAbeA6FbCKH/w1WFNPPTTSvJqSqN4Lw1yG
-yeTCfJoFyUA1wbNUKONsJQgYoOLM+KIuBUpfhZKtHzLrk+NKoCz7pWo52Wy5aQ0A
-B8St+URVVzDNk8Z5+mtaYwIDAQABo2swaTAfBgNVHSMEGDAWgBQLSL4ocWpIJAo8
-4krUBSri1x417zAdBgNVHQ4EFgQUzsfJblSrNLQ6e4Gq3J4kw3O7LYQwDgYDVR0P
-AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUF
-AAOBgQC3FQqH6qw98Em37v12rhcPtdOIRWZPs2z9dGJpRJHDBzNoWr2t5pxwnBhZ
-L7Wy8uNRTy6iTNLgDPIPP4sXYlphcnG2SLe8APJUcTE80aikRwFcht0SO+lpiUhn
-FTrjSWJELeehius13WbzhA4NKTjleW5zkvh3mTYww5msepvgrA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
------BEGIN CERTIFICATE-----
-MIICyzCCAjSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMT
-Gm5hbWVDb25zdHJhaW50cyBETjMgc3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDCH3OWCAvPFZXpNTKMN3DoOML+FK32+icT19l0MQXIXBqoJyw8qF2z
-xcl4ahdLxfSFpf8OF3ttKbzN5fk2/Dxue6beAMs0L1r4VUilJaUhOmTMrlYXB6UI
-QX2nzlu6lZbNrI0VFt8qM2C9CdbG+2ZQuJQQO0BtHXWJC9el4t68/QIDAQABo4G8
-MIG5MB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBQL
-SL4ocWpIJAo84krUBSri1x417zAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wPQYDVR0eAQH/BDMwMaAvMC2k
-KzApMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMwDQYJ
-KoZIhvcNAQEFBQADgYEAV7W8Yarxgw2gPgl0gz1Vz7IdH6ZbzLBpsB0W+gyPTd+R
-toE/N42Efda3DIG5BoxqTj00uc9j2GF5LqBgKaEieenzkv5E6qbTrZ0F/FdX1c17
-DBpRvkchpd4FACNL+FhSq824LEKdBDOx669LmsH664nk6NSPtv04LjUxa+822aw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3
-pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl
-4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi
-LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH
-NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl
-ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn
-4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ
-Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA
-Wofw3VBcFpqgolnA
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22:
-        dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d:
-        c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25:
-        85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a:
-        db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17:
-        6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1:
-        7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b:
-        16:a2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC
-bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd
-F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:0B:48:BE:28:71:6A:48:24:0A:3C:E2:4A:D4:05:2A:E2:D7:1E:35:EF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c0:0c:a7:28:80:0d:2c:71:66:4d:67:82:ec:c7:30:4f:48:29:
-        fe:d4:20:82:f2:5c:e6:ef:24:8b:9f:f2:b8:c5:3b:e0:86:53:
-        f4:b5:fc:67:db:b2:1d:45:77:8a:78:47:eb:63:bb:43:b8:14:
-        c0:05:ff:ca:7b:d5:1f:fa:df:e7:7a:a5:39:e7:00:ed:4a:d9:
-        6d:fd:d1:78:a1:44:f0:71:f4:89:4c:52:d5:ef:99:5c:59:eb:
-        80:c4:5d:ed:48:2b:5a:55:0b:d1:df:4a:a5:49:69:f1:67:a2:
-        aa:ce:9d:99:9b:74:0f:ec:da:60:d9:3e:14:45:a3:6c:5b:47:
-        fa:d0
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBE
-TjMgc3ViQ0EyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBQLSL4ocWpIJAo84krUBSri1x417zAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQDADKcogA0scWZNZ4LsxzBPSCn+1CCC8lzm7ySLn/K4xTvghlP0
-tfxn27IdRXeKeEfrY7tDuBTABf/Ke9Uf+t/neqU55wDtStlt/dF4oUTwcfSJTFLV
-75lcWeuAxF3tSCtaVQvR30qlSWnxZ6Kqzp2Zm3QP7Npg2T4URaNsW0f60A==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18EE.pem
new file mode 100644
index 0000000000..86209f552f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest18EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: A8 70 FA C4 0E 3C B5 0E 6F 88 EC 8B 32 73 C0 03 35 7A 32 65 
+    friendlyName: Valid DN nameConstraints Test18 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid DN nameConstraints EE Certificate Test18
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDoDCCAoigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIEROMyBzdWJDQTIwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBnMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE3MDUGA1UEAxMuVmFsaWQgRE4gbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRp
+ZmljYXRlIFRlc3QxODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCc
+FAieQeWV3r7La3dUczH3NGDXPJiaAR+Tqn6f8k320kCvHGdaBRcTKZXH4tX3ZmE6
+vFn8l8xfrX4ApA7+GPrM0MVIUJsMbw3CGjoz872d/Kgz+vS6idpGClTvihDBL3/5
+Nt3TSxejRtxyHVfrIv+zN7f4OH2dZVzdi7ygCv2Kd42XegPi0DKGCdC+ygKWxsta
+0Nti3GppDzGF8UElao99zalmEtdeLgD00v4w0kVGwmmFMn10JhKdwmT2Svu9DteY
+7jum4YaB+yK9IzA/j4Pr0I4FyOC6ZdJNdyrFAU7y5G/eTziM22YEujjzbe5P7X1G
+AUenUiC1R9eaFoHYH78CAwEAAaNrMGkwHwYDVR0jBBgwFoAUzATtaigdft5k6gCI
+Kux1Eb+lLmcwHQYDVR0OBBYEFLQCkqHPGqp0V/N8OEcO5zUqhdd4MA4GA1UdDwEB
+/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQAD
+ggEBAFImhmXh6wbcMuY4ksQzwV9ci+PiOlD+x7nQddqIsuj2CtmLdphO0z+jhw/c
+AcLQiIUJEE2UT0Eow1wYT3IsGV52jV9Xv+4Po9KVIA1S8W87IFJlBhkXPvmzmSeY
+KwHVKq/4fUXpy30yvfxGEWxG3HUKHg7m895xfM2kiKb3RnmC0+FmZQayAi76WaLF
+8u17d9hZo/cLoNd66TyPuxisLiqbXe3Uzvorkbd1RYlwBZUtl+T076+XCluS5ZL4
+Fu5vN9C8+fQWjsJnB1/ifh/oiZqkSkR9K4s+0qAKGOTcrMsf7OfiybRIfkX5Mhc0
+KyfioCAyiP1/9+WcRhdt/NLYheg=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A8 70 FA C4 0E 3C B5 0E 6F 88 EC 8B 32 73 C0 03 35 7A 32 65 
+    friendlyName: Valid DN nameConstraints Test18 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1E542095939441FA
+
+cdJyyhnYzLpEmG9qF6WT2BN7QvChbUTEQE1WGGnu62oYRuA2j+dMwoPlqr5tpx8g
+KN7VMXggs9kv6s3QYfIdHlI04eAa8uBN0qXafrVThnJoBmQgfEVX39HmRv7FGf4M
+JVr2aO1y3BE8xTX32w6p1u08jsOt3WCDtw7QGhjHxhtCWYfFgXMTwn+me0y2g8yE
+wnd6Xp6M8SD5Im8bilrPn5saizdiee/JI/99u2u1pVYSz00/2UmIt//x9Q2DHTSu
+wWIv4nja1ZKwGErF/KdAohIGDolhfAYxUqvaA6d74JUB/k6Q9lgVCrkvjqqBGPJo
+W9s1hyNhqi23SbpNcRBDbMcgJENJYObVFzGXNqeFTMhqIvfS1DLJi+5qdBD/d6oD
+aFfWlQxy3lHysoyVEdAp040kbTLwpxgDOY05d23MBGVy6ZxGmfKXvdWMwRM/JedL
+kYtWLz9BzLcIlG2/5uIXc4g7Q6MWlzFtN4I0Y637scar+2tKKM7UEFiZArsGlMp/
+hqTcvNrHMNr/7MgdZe4JyaqKEcwqrNR7TCPTi0B7I/LNBd19dkhucu1oWH5uvToq
+eY+Or54f8pmxzMV6DUuDVWGrJplL1uUOP0CjbjG8yPp9u/a/AFJQb5pwnEJTsHsU
+f3HWV2ZcgAuX82O/HwRYC90E6XNBomUlvcFBFKQ63tc4eYeqoNmvXmFZkjY5xn1e
+A4DsFsk/acCs9islaUvhahm2x0CO4vNJwHoMs+JtJxmjXKFnfZCXYlAzGhqeDk+i
+rcr2cMRo4HCvEu4jQOj5RWsXgWiOTidztcFB0XnSnY51hzH+jOm7ocyQoyIwpXEh
+9Bl84THm/0qBGyjYzxU9W4rOismfuaPzxEHq8hpboxzHmD2VAuiG/KBV4jZYxpL2
+j9be2uU7TFUR/MskI2une5hSm+EJxhzmdkoZy32g5XV+jNhnP7VUhgJEuGXUJ5tC
+yR1TbdY2mCdYSW7EfHDlrbjUCxFQPldaeLn6yGzijQK0A8nHONLUH/EhObfvDHzc
+EQCA4V+ha0mzL8QTQ9jVy7+Y4JSsXl1JkxR0ZLkoCENHClLqSPadklxoyfUxVfSN
+Dlga05jr18QjRr8LqsROy6lcWwJUT5eFc9EBVUkPpvSz3il3cdQTME0Ea4QmMErB
+lDw/K6htlcLRvDOZVy/9Q/uIT4KrIcitxtQK14jhm39lFzd9bOfi5q6tqPOWDg5S
+cqa8HVj+P3oVKHk11F+eW2nsgfoEl/spelBMFb8QfaSuNcMPNwjruxcqcTut1FgL
+AMyQc+EU++OBELkdlXvSotQGbY3OIT6No8vrDhm61Vs18CT05qqu08oNq3B32+XD
+b6HfupCJFlEkaLw3c9u8kZxWtUo5DCrSuWfi1ta1gZNzqtawpP3clJEyt/hvz72k
+QyEpoaifA/y6HfFL8kleKvKTJLTFdjm9b37ttFt8lh1x2GSX6G5SCHYlW6joafu1
+T0dbeXJOWSHg+xmG6xPZ9Vcia7JCvNghyv4dHyth3bjWrOLPzJOpWP9WePcbk2Tx
+/0ScABKYNKvw3+MfhoVC5CpejEhU4BODzD3F+0gmv/5TNYtzfxWjiQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest19EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest19EE.pem
new file mode 100644
index 0000000000..7ad405fca5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest19EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 86 B9 A7 60 ED C4 32 C4 5E A0 3C 59 AC E8 D7 DA DD 2E 00 0E 
+    friendlyName: Valid DN nameConstraints Test19 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test19
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGDMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExNzA1BgNVBAMTLlZhbGlkIERO
+IG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZDEN42s2ft+DCcNTzYyJbruK++J4wlPXY
+3JUK4AuI7b55n28caZPvcvtanXRwoQBbvAp/ub04TWtx8o/8etTSciTIBQ6YN0qt
+sh2WW+zsppqt0C+c3Fc2wJJcHh9VQzdMo74pn/mqULaS2K2FQ6msHaplTXcBILHA
+g78xjSQG054NSxqV6z+AsNy1Syw57a92XbmPjeOIsA0oRaHDZfAG8QvQxvWdsh0U
+oyCAM+8IpsSuNOGBpCDViAM0pUuxzeG1WHrYxvyGnQsjjj4HqUqrCXUNWL2yHyD8
+gUv+sYtecxNG56/UowvUeK8eseqmn6BTLur8FC7JC7zeM9ROiEkFAgMBAAGjazBp
+MB8GA1UdIwQYMBaAFEWdG+7F/+PExzA4TFvHXVSZcsC4MB0GA1UdDgQWBBRZQxHX
+4rWSiri1Ka3mWvM/NDr6GTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQCDwHY5/eYX9EpSxTjNmRXVJjje
+8HJ+wB+U9OsMSk7tQb3vsR/ZrgWJXdHuSdaFYUxWDFh6Ufr0kI+AG0nn6V8Kiwka
+73XcU5u9OURprhay2gw331HAcdM4v5Hlv2TQuhFs89MrdzXJ7DJlv//cVg+RTN/9
+OqonUDT/30LUPs90p3PhCBpR5rBqVPX8lzpv849lGQ+eSsdlYd/TG8MM536ImHIj
+xnVMqB+1VlLj77W9XgrxrcdQIBFvAME/oUs2tix9cAbe0+szHinaI46VWCRdkJ/q
+ONNx6C0yX7KwAv5ksINxW7Sy9ajkliArvuq8AfaaO+aupYabnhiqlhF72KF9
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 86 B9 A7 60 ED C4 32 C4 5E A0 3C 59 AC E8 D7 DA DD 2E 00 0E 
+    friendlyName: Valid DN nameConstraints Test19 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6EB929EC02FF13B7
+
+e+GE9EM2uqDn5QYh8nfYPqM8KhgU/2MalgZFOVQqpK6sLGBmacKGfS4YilvwSh4O
+UqSxgvLP0ew0/MDhsI+GQwBOK91GBMGIRCae75lewRxsokbAaoiGGCqJ15kWf+fj
+Xg7W66JdrmKDCJ0nm5qcZ4YB0KU8GjjF/H5BDXqrYxDc/yw4qQ8gPlh3vKQjjHdF
+4vbhH0kxFiencJ4OhQI7BN5Gz+/RsnlCULyxA8RjssMD1kY3GtxBf4ZVEiRSMujR
+0m80K/rTRaJla5s9pBnCzCNI06X5Usj+X4QAW/48O8g3qmz/uqTcQtEDGOenFwVg
+qMke6F6nTh4Ctqe4YZRyB+QB0ugKcbc2DBgRnZrTR6NNP7HkEYgdJQkFoCsc3DxZ
+pa+n8IfrSDAssDG5+ALG9YpRCrhosBmhJ0nLKPRb2Af8igyCsnFkZd8IC1Y0/zJ1
+xvx00J9CW/I9Ua93VPOgqiXZ4uJryZBAiorTpJuumYyFvrPYyz9YZkyYL8LOcFkq
+UK3OVcKLCgbTHKAEsTl/jIQgfWaPSGjwtSTwJQr+A5zJxpU5tTc1ZQ52k2qq1tOu
+eKBzTiJQh2YxQNVJruimchRCMYo1TMmo1Mvvdg04BLbyzPKpB6UCgDiaJFhwPqLb
+u/Ah+nGl0BtZ6YPRMcHvigRR4zfH6xFcZaz+DZHAh9A5FIj6T13p2o/TKzwsrgC5
+LQ+/7YU7qRtkjM4Z1gjlC6mWxWFcCCje7w9qlaSCOy7PZWGmIJ4JcGPNC5OocAos
+cK1o0cOdTop+NW3WVpJIDwvrPqgV4a0Ww4tXiKbKyrSvyarj/lK2qo+eRpi1ewDj
+vjTJWlR8j4Zjouw06qxd776TQV4ThPQKj8JgybNxTPmv4xe8SXLnG9sufwzdo+DK
+pSCJALvvrxJYgEW6nAAVkeWCMcZCoYZXSRgkPqcvOgDa1iAGgV4CsqWMmCN2PcYe
+JANcFx2fCwr8c9XLVqjjHRNHfkAir/7Q8tiInxWPF8JuREGhB5FW4oLPRN/ItRO6
+CamTiUfcsXLoMgO1EPHV06T4/R2RzDUQcloQpno7OEzJVgddvnZiqDTWGBeZ9Z7j
+H9Qx4o2LkymfPM16fZzAa4VNJsaE6jsQZol5BBuwzcrS1W+Kp9SMjG4LGCL1n5u5
+PdJuwcA3BxWl+o8q//OHYmqOtCfKSyV6UpBexs1e9+eb+dDt4Q/cx0IKqYfwoDTu
+rQIMVbZnKrNhSQ5u2kk+JWx6JZcQLGAW/5iCZJbeTGN1hKg1P+9moPsFBN8bp8Bm
+M1jY/o9qViP3RE8GsiQYfOyOFynVSw/KKG8vQf20bPvOb802MzdWbY9sNsk+f2xw
+neflXprMsA41TmnDoveszmjBhmFMj25MpeRF7bgpV3YTqxiNGW5GRywIPwFT/EKS
+5RYilsnainDh1tbBSsGA6OXqrxscqGhBIc55QXJB3NqfTkpCcmsDUsJIzVsx7rMy
+Qto2lr8JgStWolDp2Ft5CQSpT2npww3CD9JeusE4W4rq2dtQZrOQcTHrSTduaGig
+UqJv5XA1dFLfRsQILo6ofiIgQUYJFnbMbOYSC6SCCeL5LaAbFAx/4A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1EE.pem
new file mode 100644
index 0000000000..73090f5bdd
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: AD 0C EF DF A8 08 5E 31 FB B7 63 F8 2D 53 14 21 B6 68 20 85 
+    friendlyName: Valid DN nameConstraints Test1 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGCMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExNjA0BgNVBAMTLVZhbGlkIERO
+IG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMRVH83Hm46JPU28u6W/BR3a95naRI7hTLko
+SOFjXkkjx8tjModC1M4QxWpoMZj2AF0Fd4Aykw75HS8W37wb8UjFS3SrXQ66qVwY
+h0CDz8mNOvtGSanquco3tZeMqoDe8/EXhotzwnf5F83cyp7XB7OiEQPzbplkD4jQ
+GZ5d/SF0lBUdhxilqRlXSemd1kfGop73BOGmgqkQhP+I+4ZZVwxUO5pXGzRpfGK+
+h8ZiOM/JAxpmhdaU1HC6Zf4YDqA2XpKZKQ232myfX4SObpXZ0DUOLNNDzYisj14W
+3ygeNgyIUFVp8hLPI6/BXTJqziW0TqoqCb5Joq+32zjYPwJNxcECAwEAAaNrMGkw
+HwYDVR0jBBgwFoAUQXhCRs1OqILn4Tnf96kWwAr874YwHQYDVR0OBBYEFF3+CfUG
+qPKNIJRROjk0yUUKmZ2SMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAEzeTUMhQZChACqQef2LLNvj+BfT
+VkDB0FVyPo3Yti8bRH8ZnItB8CWkS1iBvv4Bwgp7S8MpAGrgmyBCAO93VjySw5a2
+kEU/55B39tPKMQqWOAvi7DU31mWdWemMwD3u/SuK/8pnPOANjduViBKze8rUj4u0
+tbaYLor/qh4Lxgux9Xw1K+rwKlV9xDvoRLqNMsSReCLfMjMwXkUV7CL/6XjOGACM
+XMPQkJx1SnWLerNLLi2dzO1Ly9Ikr4jTEflJ/lxdw8Fa88eLXNte+JH0OcwwwLQM
+PiSkYK4B8y0A3Psl9309+kocX+YG1ppMoXg64Nt3YQ6kZqw/07gDFODEz3M=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: AD 0C EF DF A8 08 5E 31 FB B7 63 F8 2D 53 14 21 B6 68 20 85 
+    friendlyName: Valid DN nameConstraints Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,06836DC2794B1725
+
+7jb9KmEbTz6f9Rml5H8XH3LtwowJdNaQ5jJmtmCsOPGA5F17QXqRbmkcmNGYVTuT
+KhM9CJLw+dT6Y9cpJj3Z9+Ze9OG7m3Ti82TOmzHeLKLzlz4KBUV0u896VhxiImvw
+JMXP+7MOqD/j4oz4U32HBeK7R1AoG/PlREzdZOzYcKEmZ/m/PvIInCHHzxm97rYn
+2q78PQLZVXqaFdp+Xkeli4MzjnyZ9fYN2o2EdoxwGdNgOJ0ZXdScAPLH5x3dcLF4
+MDLL4I/1FvKj4+k3mY+GekZzvdAzpet7no5FVaEjoBX/GkxzWhVN+2vUhhvHZfPu
+OT6upmrrMO/m4s/6IvbEtNbUFtyPfNHdyiethdjbCz8ROa1Yxc94DzsQ4naKynoz
+AY6J7vof5Y19uGdreA7PqeVnX0iQ17Vqc3a8EM1HkiST4g8Lgki9IGFEp3hhQ9dd
+JIi+xj7Nu1Oe8Sei33yJiqubRTLerc+2Xk/IM0+ZHF1YZk1oFODQrvZAx0C/+PvH
+9MvJwpa2KxCb+utf7UsY+5fNbhpMrG1Gudzo3UNxsFw3Wyx0fn8gWeiQH/EJuRnW
+Ek/rMG6U/m1lDodZKnoO9biW/hi6I6nxwd7i8k9jBSjPFgFFGzDY2CpLGBEohv9S
+JyjQbrdjLv3RjMGnkPiRWXs42i4j9IpLrZ1yOdQ7r+kaz3ZLxzzDONjQbqFFrOL0
+nUcpBJQo8caufzdtIg9olKp4O7krveT1REuVwvAsm522GHZ25cdyEHcPQIpcvJ2T
+WKzfQjP/mz2FMBgb6EUTAlZ/lqftiewp16JQWCW5ciGNr0amWR8rcGnVtGgH8G8Z
+GqBsfeqywD5VsoNa3aNqavcFfg+CntHYEPoI2hK8KKQoXtXiTvd41KPWMFAuk6Bh
+quZMLulhPSspe1RS/h5wtrLdm432cYJIUBxPQTerBnRfESEVLu81qJiRPz6K9ZCx
+FHLWSQqxHlKbutDHp3Xa+L76XSbxRUt7Behp+IbVgXZ0aLHfJF4DXsJPJXxvrSRx
+AGQwHxeiCx+y/HgdksnALWJe/j0apT2xfPJvS0zS7oCOSLAX5UigSSPn93kGrl0q
+H/qVU118v1n0oD/jcyuCAOu7ZMIekpQgPocJB854pRVbHl0UQWkGXhv5UdfWb09i
+JJ3gwrIhaS2h4heRbXZWyla9qydsHJdktvDO+dmC78OUJi5e8zxtYuzdVVmp5cfg
+/QUdK65GYAEem1rKPVD+4kQ8SOqzT4RvYtCRhV5iG4fzfNzWG7+9khulFdhoWJ8C
+Yr+uyL6ZvWIXyrvTCFx2MXBe8kWLm35ZZoECDnm54SwPA9nZiXqhqovUK1UmVH2B
+n/yAaWnz3Vj4URFxznv0d3RxXRullVlYJrglI7n4+zS8Lthi/P5tUZYlMjwnuwy8
+/JOOxbX5UR5LQQUqO3FU4veAhhaeiHxUxF/SGX8oL6uFqa7nsBebKb4Hb41voX8N
+y2vsVWUlfB88vZsqZaZQk/59SHvWgooHtJZl1yxO5VtVuSg7ZkVlwNKNBYeUXQLJ
+gZrl0e5fpKn4EsetpubQ+ewty+h7SOnL0ygZ5xTupGXEaUlJaWucoA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4.pem
deleted file mode 100644
index 4ac860600b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4.pem
+++ /dev/null
@@ -1,112 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIC5DCCAk2gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB9MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3Ry
-YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDQwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBALhZkHcTNlH9LLnLK2xDvZYiDsOUcL9iZsUfTjpcENuDJ8rsXGriZDos
-g2p5cYPr4BQ4895UOQPYJo6M7/4aUnQoc/FwnGfeBNagpCJg+nD8GQNpETK9QR06
-nSxOR4/hBD6YqE8UwAIaHejrmpeTrXankCrcei9nFiquQ0Q+rwWbAgMBAAGjgaYw
-gaMwHwYDVR0jBBgwFoAUTi6j59ndi6eCO0FKw558WSNXTlMwHQYDVR0OBBYEFPG4
-BNfdQjQcDcDbjwsrIcrQPg3UMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwOAYDVR0RBDEwL4EtRE5uYW1lQ29uc3RyYWludHNUZXN0NEVF
-QHRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAF3XzP3FukeS
-uWBMveZeEBA64M3CPXE4MchDQhtqKcYGa6SlA/t5zpGyFINeThQQrLSuijVGBGr9
-39Hwl9/maACLW3hz5xtL0881tscL2+obZhmF/lGB/e0RrLyGN3Wqql0a+BhEcj/+
-sG0iaxWcpIKdJXNFCi8/rexF7NWS+onw
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4EE.pem
new file mode 100644
index 0000000000..d5ae41d666
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest4EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 62 F8 08 39 E8 97 3F B0 8D 36 4A 19 DE 99 43 64 EB 04 B5 9E 
+    friendlyName: Valid DN nameConstraints Test4 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIID9DCCAtygAwIBAgIBBDANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGCMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExNjA0BgNVBAMTLVZhbGlkIERO
+IG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMwAaxtQyCLrv/YYGDvG+VDVKwvJGevkTOK/
+nOJK5GsXCbEgAwofTRjPkMXBdn7oSucjXzlMKnmPvaKh+e/fQKaNVlicqKoSOomS
+4KpSguNxEIzWUxDuMqfDpOCSZYIVc9PdCcLwbEq8lnYttJrajQrZUTlDCoQoHENv
+W21JsXe0+fbC0zVw2MAHBVniFhssPtRso199CD/J7t0iCBI7phy2tjvWC5cfUUNv
+DObrRNF7si3GPXHPUpMe/GmcEIdvEcAE4H+rCqEWUxKkWlyVPxIoPPsiRzqG6+7l
+AiMFsssbSNQ44qe93TAr7vsm1/ZhZpL0r/LMsZmNGSidHhYSt4cCAwEAAaOBpjCB
+ozAfBgNVHSMEGDAWgBRBeEJGzU6ogufhOd/3qRbACvzvhjAdBgNVHQ4EFgQUCNad
+qrso0AGdiySHpj2VH7iF03AwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATA4BgNVHREEMTAvgS1ETm5hbWVDb25zdHJhaW50c1Rlc3Q0RUVA
+dGVzdGNlcnRpZmljYXRlcy5nb3YwDQYJKoZIhvcNAQELBQADggEBAMLtM5cSPVV5
+t6LSDRihYq2CRqQTpOYhfm6UB87/JqjdIdK1ANoDgNdHWw/CdzwcgbDkt8BhUNwU
+EWovi3i8MbcLbagA3/5OooQ9rvlItrRvrIYVSJ/VPWSIdV/tCeljFGeh0Azfq4O+
+qLQbvjLBJtjCrMUVjVR+sj3eb6TuobLmIXdk7rGziSNKw49nvBQfqtkCkehuesaI
+cr8NCCESNhPopoRBHWRMTilfo1WOeT9U7RAEdolH4fycsnXuq3cXTHpeu9xL0Eqf
+YCgGXJ2Y9KUktGRTzi6WJZrMkzvxsdSkVeuQ0nvJ4czWwNn12VbN//OWgek6lkhg
+QUvZYUxTdrM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 62 F8 08 39 E8 97 3F B0 8D 36 4A 19 DE 99 43 64 EB 04 B5 9E 
+    friendlyName: Valid DN nameConstraints Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,92831EC9AD2839F8
+
+9v5IipANmjPzZwsN78OanfxHiuVhNS+BKezMNg1QevK72A7GZ9qRobCRJdUvIMFw
+SxrSYyPAILjf6DnzjXzqIwuogGtshZtzr60oTJmvIge/yUzrl4SyHq7lxuuYcgsV
+9N99XJnwCU7RLH5gI+3OuziNZrMWBh3yDTonutz1qReu6qQvuHqqBzFVTe8XiM5y
+aKucgj5sfPfNESUFW9vZetT18/6ZPrHK2gZlT6IUmAGsj0URIjLaoje5ExYDQ9xi
+WmlEZMR7cPvDS/EBHcvPQzC89XQWpCGHdVj0B6OioVb0YvR/0Z3WGP9jRdZ6mWo1
+A5p+BJkqZVymexXa+TsGrvGkT+deMsJD3CA8Am6a33Xn5AU4tXasl0i1Dg0EdZQP
+VV5trbDEmkfYsoLqQqnHcM00eSWEyY6yzqs8blJAkc8jgKKd9xCbm+mM30JnhCB/
+q38vZ6w1yYsQhR0ykePFupy3jJuKKOiiZAB5mKzeMMPtZF5O8X3DNellirfxWz6b
+nhAxY/U/1W25IdZ66pTa5YGzD5LcRrZQgNWBHM3Pi97ppl/hRSuUOD9szP5oZpIA
+c/OgkZqnfX3EPrgCcbwCn93O1b8I2AWEZThHx0pJYlHTaoRCsfhChNnsSDwLPR0Y
+pq/Dm/G3AD2kHhBUuSWrEm5lNZl/2x09UfFErgBA0KiJRFvSVBfDEbIJ6FycQkWi
+qUyM1IRQe+0pZzYpbRpERH92eA674k3bIESPRyl0X707vcV8JD+xq/tAKIV8w8sQ
+IKuAY0PdJunQwwnOKpUrAYN/xQXLDBGg4Rn/YdI3o/W3eQ0Az1smF/HYIYMbSzl8
+e1IlDuhNPuUezrsFxEkwx4BmOTsyPe8sHFDBflEMI0NgyCzQrsicTy50oO6uLNUd
+n+r1XgzH/7NE1B2vpa5bJAP/qRD1ajxGjmqOtCOiLCZuCgk2igvM8TM88CB0hQ6k
+JQ8eFNoITjF5iOeESWXRVJLTc7DuforJ2DVlQS9hWhs2brg+8ha/vR0lqdAKi3+c
+fcVR62PFm0V4Vc86bJt8xiRHhWqt6Q0C2TFN6TrFGam8XOXg2hDHFShloQUV1765
+ik0x4XEzL9iAFMCaCXEckgAiL2MVkSbzGR3IjMyneVj0Ulw2f7PngodhCkXqh0qD
+zdLmlAtfLVr+G4cK6lHrP4ghoJVrqINUs9zq2SsAeTOwu6JZXKWMTLMJciduXkmx
+N8px7dTdmepHJx9DY9BTsz8l3/YDTGFmGfknXmHfPg+doF8srMGnp/0WodtCZqhi
+3svfenkv9skrrwppA86AEugJkjy24VY2T362o+pSQtMVJPO2Ezrtgs35w/ANnkW4
+0U/8H5S+FtlszRWEuAOzSfQmzWMZJrAWDgxWFiI1OMdfhjpL5Jsl71LaP913EaZQ
+NqEK8UY6WdPR0bwvkT8zS9VRNqxmfhtgEv6Jme5ukkOOqsSTPwfyooRYPZls18Ty
+u0xmL64kqPLeYn2Ij2ITzFkulfZqgzfua7MYhUNGjoI3De7v8kQqTBcYmUQfMpD8
+OXb629RFrcUZW3QYD8brGgCB+o/T0Jyh4PKm1WX/XTyc/RmC8KXWa3W7GNJxeqPh
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5.pem
deleted file mode 100644
index 7f9a94cce7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5.pem
+++ /dev/null
@@ -1,115 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDKjCCApOgAwIBAgIBPzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtF5CubXL
-7jLiEaC4u7BvRC1Z977doXE+03Y8hW6dFiuPJTcVnlMN2mSck2x6VylflhI7XVIB
-PNiZZeRcEzbCJk3AmJL2NDh/20nxHhEr3jxWLmVeyLg1SXhD6WfJKwuvd61cnQkt
-xvFXQEmlzIxBohRZv/YwermH858cZ4wH/9ECAwEAAaOCASgwggEkMB8GA1UdIwQY
-MBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBShfMTSexMLJgKOUfag
-rNt28dFirTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA8GA1UdEwEB/wQFMAMBAf8wgacGA1UdHgEB/wSBnDCBmaCBljBJpEcwRTELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFw
-ZXJtaXR0ZWRTdWJ0cmVlMTBJpEcwRTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0cmVlMjANBgkq
-hkiG9w0BAQUFAAOBgQAw7If++YRGfq6fz1Wm8RpFEbKLi3110GORteylvI+G75Hu
-d6luoo/n/arIfKwWChanGI39YZQ4zYhx00qVeQRbUUuLMjkx14XQVntKAG8sI+KE
-mWmt2cip5+XbIJonQDFQAnQWrhAGpw+ilvfv7v2f+9Q87cYLEoIOPHWstobcug==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN2 CA
------BEGIN CERTIFICATE-----
-MIIDOTCCAqKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB9MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3Ry
-YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAMMSbKt/wrsfhfsOqi60ijsWABK1LY20O0SAKCNKW2LuoK3iYZRMPRMT
-2Oym1z29akHaZ5ftLz/WGQ5JuabuVkg4Gx1xRloNkS0RQlIuRMJfLM2mzlXWH5ud
-oXHeHmwbUiYvWFbmwrx4xZbeSaePIYctisexGIa20LJ67Pd8t6OvAgMBAAGjgfsw
-gfgwHwYDVR0jBBgwFoAUoXzE0nsTCyYCjlH2oKzbdvHRYq0wHQYDVR0OBBYEFMRD
-3dYx5+B/4AavhJ+9quSyY66XMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwgYwGA1UdEQSBhDCBgaR/MH0xCzAJBgNVBAYTAlVTMRowGAYD
-VQQKExFUZXN0IENlcnRpZmljYXRlczEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJl
-ZTIxNjA0BgNVBAMTLVZhbGlkIEROIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZp
-Y2F0ZSBUZXN0NTANBgkqhkiG9w0BAQUFAAOBgQCfVuaBKnayPluCi5d9KyF783Oi
-JpQn0SY2yAfXdRAH3cugsfzlo0rsjHyRPj+g5QW5yabg7uJbj11/tnQ/En7u56cj
-mnDBuLqUFrqkJY3Md+k/bCXomEjddbEGKjV8d54oD8ngld0Oy4+fBPQbNo1apc7K
-LqdooapvnR5Nm8qsWQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A1:7C:C4:D2:7B:13:0B:26:02:8E:51:F6:A0:AC:DB:76:F1:D1:62:AD
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        61:8f:48:c3:1c:a7:3f:ae:b4:6b:c3:99:b1:72:4c:ea:6a:b7:
-        e7:93:fc:d6:ef:4b:64:a2:cd:a8:45:04:4c:b5:14:5b:60:24:
-        83:f1:36:22:75:b9:96:22:2f:48:86:bd:a9:8d:f5:9b:f0:bb:
-        c8:f4:70:13:6d:71:a3:8b:0c:a5:ea:5f:8f:42:45:b7:e0:4d:
-        ee:47:1a:39:53:3a:5a:61:3a:6b:8b:39:26:ca:38:f8:b5:c7:
-        8d:44:d3:47:7d:68:29:b9:4d:86:af:fc:26:11:da:02:07:63:
-        ff:9a:19:51:33:84:bc:a6:ee:f2:12:61:24:92:86:ae:73:41:
-        1f:b6
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFKF8xNJ7EwsmAo5R9qCs23bx0WKtMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAGGPSMMcpz+utGvDmbFyTOpqt+eT/NbvS2SizahFBEy1FFtgJIPxNiJ1
-uZYiL0iGvamN9Zvwu8j0cBNtcaOLDKXqX49CRbfgTe5HGjlTOlphOmuLOSbKOPi1
-x41E00d9aCm5TYav/CYR2gIHY/+aGVEzhLym7vISYSSShq5zQR+2
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5EE.pem
new file mode 100644
index 0000000000..e3faeae182
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest5EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: D8 C4 14 98 00 CA 37 5A 1D CB 67 24 B3 56 08 D3 F2 30 00 A3 
+    friendlyName: Valid DN nameConstraints Test5 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN2 CA
+-----BEGIN CERTIFICATE-----
+MIIEUTCCAzmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMiBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGCMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExNjA0BgNVBAMTLVZhbGlkIERO
+IG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAOd9JgS6UfldtaDuyQBCIZeoLkR28/31qIXr
+Idzjq7FP/alv4nz8AofmEYROX26zxgu2e69X0RSGWNKW2bOTuA6V4jgNBKKg3Znz
+DjAViJ/V6NgEr6xl/uCW+71awSuiI11C6WJJ9ggxYevrUPHyt4OTM927cvjfnQhV
+raL+iKpz2t9/UUyV7xtK8T2rEThTqEeqDeKafwD3gnprACqJpndUR/OgNoUMjdzL
+dD+I2AImKlb510UTH9le4E4budK5qjDX5bX1d9txnXKsOClrQ6h5N6MNMUuMEQBQ
+soetsXWs+xg2EyRSQbsvfiGqdEdrsrKbvQcNSg2R5QUklQp69C0CAwEAAaOCAQIw
+gf8wHwYDVR0jBBgwFoAUo1fZW10Rs2D2AGuJUSuCwwlzqHswHQYDVR0OBBYEFMnZ
+gJavUispfiyQDQtHWo0RKMMEMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
+CmCGSAFlAwIBMAEwgZMGA1UdEQSBizCBiKSBhTCBgjELMAkGA1UEBhMCVVMxHzAd
+BgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGjAYBgNVBAsTEXBlcm1pdHRl
+ZFN1YnRyZWUyMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3RyYWludHMgRUUg
+Q2VydGlmaWNhdGUgVGVzdDUwDQYJKoZIhvcNAQELBQADggEBAH6QvBXFcVa5nqff
+tPENGZ85VSShfRVZrlseVsXlJEgRR7NEQIiXOQrjj729QVKuvp6ClImPTblzIr3B
+uNEylzfqp90bUCDReuVmQo8MXIviG8IuZFRkMYkrSH5XbUgk+MGyMjdp3Wi4WCdL
+79plNgv6YErDmbDxy2MBf0iHgFRMzcYy/irtmzOhfa4wCim0Ju9sQaPjk8a995QF
+sBhnijwIFrjkJDPiI+JV5EyTPRoE62rshD382LcPmAUvRp4QEbNBHEIh9XmREHeL
+AzWS1mu1Ge37FaR1VKmB6aB2RCpN4cmrDf3DF/Kdd5HZuDv5WdowZwqO9Q5r7juv
+MFes7mw=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D8 C4 14 98 00 CA 37 5A 1D CB 67 24 B3 56 08 D3 F2 30 00 A3 
+    friendlyName: Valid DN nameConstraints Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9E196184353CA008
+
+BfNhaU6gpGjaXTdAJonv19FcMgf7QkwfyoVo1y2TGA27U4lYBvRPJMH2XYQq0J7H
+gKlWTNUnQbB9lApHFJ3fucTxgNAVG1+J11vCTiexibvJ/f4HZ3UQUU1lUrAb0SHO
+3vTcxw3UqBih7amYCuvbuDmClmhvP/ogZGv5ecvNDuSb0IwbTtcTDOagpnvgzuIW
+JUM3FXohCBVCY7t/ap1QY4MGhINeRVy1BffMLCuRtPBQb4lYn5jsTMlI1DLzXOdC
+7jWBU4RsoeeOfPhrnVQCcb1nlJl13aN0to2pCw4FKXotQqpR/Ci0etZRnOoIOuth
+vCcIDCyOE0RHFhV4YKr99Xr+TLp870XI+YKk9WLTaImlYBvKPcGVAgZPA6Le0ODX
+oMsbgYCbStQHqc3lJieQvEw7tqo2UYaCgPNArnRroIKSF7+9BuTaNQVqE01DZewN
+QBBEQBaH56QK9gDNOfsSIXP5/imnsTbh4eosxCsvb1OIOh9O+lMxBVJQRplOXSPc
+pfP2ox8COH/ZTeRs6w0cnHFgwXfYtH0F6ZaCA50bqaE7SF4QX2PtnIGOj9MLV2dc
+Qk5WSnt3sjghSN3xFOMZKRnhs/mNc9Vyq7c1/nct0ij5mCLSIUxGf5bS3TDl3hPU
++75QawQ0ynBqdvgvk6wM7v4CnliO9GwQip1mHYLH2yWfIgcc6A0nyhlOCECrANzn
+DW7VlDz7iWucPtXslsV7QEOT4SYg+DJQJ7KDIfw7pRc7ZwfmgJ45Nrpq7t6TEpLJ
+jRa9QqxUmpskm9KOjflxL8s720G31KH4bpjgO6b55yMLvqtb8DWeGgRG/EjFf9xW
+Ir7huGANFgHcscEa/EWhvsFFmuBnNxK0rfMBI6AGix2YPN2T8CDi4oks2ctflmYQ
+KIlf0e3mj7axcFNGBEymzSa6bDMr/sUWK1eUsKvnB8ig7FFlo8WYhYaAGEwWXwvc
+ZTsyAz62czfv53rblY9tdXhRksanrK2d5UVcOCjnsQyWvLO0Y5dnXSlXWsECD6/W
+ORRlHVqgGL0uViQDyQ8aAfRBTW96s9WMKG1QgR+w7NGL/JjBCRpOeQgI3EC4KVaP
+Zh66pYBDGq5MUCF5Mnr377/7QIah7FmcjAvBF7WXw9fvAcaxJJcw6gLQbYcEes2z
+bshbwPHcjTE8GRpCUxDh64ukAr+r2wrRT+32QLKMKJelpO0hi+yOHXA4FAJ9okEq
+Y4LNa0XjV9rY1zrk3mnugKi9PP6HdX09UdeJmV6jNp3yB8OOQg8izL0/myqEVofI
+rwk7FySMefSjbg+VdoaHCSg5lLoIhvkgquitmk4UIUoEDRLq/HVtMB3Cg130kxzw
+SwuBqCyFm7cPhVv8i5W6SH112mBMRRx7pz5GlAEvzwWUaSut4MH+xYLprx1X50j0
+IGbY+LG3Al972tv6UbAQBpsEXKOtr+lo+sAKf58ELZYjxVp3d6pze69oTj2O1iYo
+Kj5h9fNVloyLC0MVErstkDFTt62dqFhtEx9MJIbf5CqIDkOg5ofGfIt6AqJkFI1j
+wAj4dpWgCzUPHxwyWV6+yjX3sXDXaPFIT/IAsRNctj3th2TVoPUbxQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6.pem
deleted file mode 100644
index 35f40caf4b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
------BEGIN CERTIFICATE-----
-MIICqDCCAhGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB9MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMTYwNAYDVQQDEy1WYWxpZCBETiBuYW1lQ29uc3Ry
-YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDYwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAOdvJDDcPZf9hCISpQZ3vrpBXxzoFe0eBH7NUTsfOWAh2OGCfOak1DHU
-NApws4o7QUiHWATX1FGzJj9d32W9sROF6qqFJl94jJDinNYS2QeEMZ/T1W7u3+eP
-HZjrIYArjSRN19lgg2VuU5WpIKOXas+cOOQlh/I61dFQjHqyf1W1AgMBAAGjazBp
-MB8GA1UdIwQYMBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMB0GA1UdDgQWBBTohZvb
-MzEoZLMs7htkuG2eUNmvlzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpg
-hkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBABmQhcYL+rwYvVrnWH1LIbYHFhUX
-X0kvvS6SmK7Y+Ea7uDLmhDe5F1QKYmcURJt/Gwhz0xOFOsBCo3Ab4MSIScm00WvI
-3TIXXjLYF4LufXUGle7mdbWcT7SXfd0QVGWbTHDgbVc8SPHmQh3E4r2KVTacFry7
-nbzganMh05d7MTny
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBQDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAti5Odfo3
-pSf6p8iGjNMBwSlKozpyyMbXSxEjpiDvuZpllmjLqoXe6tiWiee19xCly8MnbxXl
-4Pc6BglZNZd+adRIlPrFUPIVmBM51RJLvzQKjiTRPwrPwsJnizD9KLcr0Kf+e9Gi
-LHBlqZM41/0oBCVuAX/5Y5zNNiFhFeOnkNECAwEAAaOB1zCB1DAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUi+O4WFafA2rfPdgHO7MH
-NuHLtsowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFgGA1UdHgEB/wROMEyhSjBIpEYwRDELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRkwFwYDVQQLExBleGNsdWRl
-ZFN1YnRyZWUxMA0GCSqGSIb3DQEBBQUAA4GBALkukW5Jb4GxdEYN7MeIVxnZX8fn
-4Ulh/l6uDFKi+R8UZyMWYp0oi5F0sYQrrsjBwpg/ivfpJtxLh1uMEAWp98vMQPFZ
-Hoo+ma1Ulfh6qAGv8C6EgA5sxWuNO0VrZsMbNsQeqVLXKvkBsYxrUAHXBd5ufqEA
-Wofw3VBcFpqgolnA
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8B:E3:B8:58:56:9F:03:6A:DF:3D:D8:07:3B:B3:07:36:E1:CB:B6:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:3e:f9:c3:5c:b0:eb:85:59:db:c9:72:3e:b4:2b:30:6d:22:
-        dc:9c:9f:fc:8a:ad:9b:1d:48:b0:19:9f:47:3e:d2:44:6c:3d:
-        c4:6c:03:bb:82:6c:26:85:eb:7f:1d:9c:48:93:a0:9c:66:25:
-        85:b1:5e:fe:71:a3:d6:2d:4d:c0:cb:3f:1a:46:fe:ea:31:8a:
-        db:d2:1d:f5:0f:b3:48:ad:0b:48:0a:b4:19:cd:e9:c5:5d:17:
-        6a:3f:f8:bc:99:39:5b:29:88:2d:7d:0f:b4:be:94:e6:8e:a1:
-        7e:12:31:2a:46:f9:3c:1f:d1:c2:69:c3:be:62:f4:bb:b0:6b:
-        16:a2
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFIvjuFhWnwNq3z3YBzuzBzbhy7bKMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAKk++cNcsOuFWdvJcj60KzBtItycn/yKrZsdSLAZn0c+0kRsPcRsA7uC
-bCaF638dnEiToJxmJYWxXv5xo9YtTcDLPxpG/uoxitvSHfUPs0itC0gKtBnN6cVd
-F2o/+LyZOVspiC19D7S+lOaOoX4SMSpG+Twf0cJpw75i9Luwaxai
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6EE.pem
new file mode 100644
index 0000000000..e9952d353e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDNnameConstraintsTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1D 74 75 94 8E 7A 83 E9 8A F7 73 F7 6F 4D 5A 87 33 DD 9F 04 
+    friendlyName: Valid DN nameConstraints Test6 EE
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 CA
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MIGCMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTExNjA0BgNVBAMTLVZhbGlkIERO
+IG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAM/4iyH3zhj0pIS2GVWhozQpxO7h0Rc0VYwm
+qBRe3BCR0+gLN6FyWhGksoCInhWVgjCp83tO/AV0egq6mtvYVy4/YnzNvPFuU4Ij
+E913+ZktncyEfaJYkjJ8fms83OH/Pah7DpSNVRlxQkvuq8losTpL9l5V7YqLFF+d
+JwHKyXmPFJpujAHtnoqCe3f/WwjyAXeI0M0/2b53eAzqJUmiJ6i+qyygNpPp/OAi
+vunB8NnmVAcshvzRrCWiXF+XChx80fHQclCf0QblOEW7l4pelieJd6BByYfz7Dnq
+Ji3Ep4ULtF5CSVcXyJhtB8tf4XiFAxVh/ifDW3L0SkfuGEwA6VkCAwEAAaNrMGkw
+HwYDVR0jBBgwFoAUBtxbvscSN1mkikB0fAmdRTxKodswHQYDVR0OBBYEFJWht0b2
+Dg93oRjljC30sI++d9gXMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBADApYud9pWALlHw0vcQGRTQvhNRM
+nonPTNJZa2dzI76tcsjPw0BwP08OIKv60ciSIsEQIU/lxUruRSixe7xrxktGygPk
+aaOdXnF/WQHhucPx6HKl7cs/c8zInJQKWSG3DYa3rRCtsNSo9A9J3cwY1mAhsh+S
+JbZHXu9hbFdFoLPaCHNQRod9aqpiAd0ra7SpzrQGSZMTRaWbQi1mHJ93ay/bBQI/
+1PqHZ71szX/EIM9TsHLCV1Q9oJN12xAbDI5VdhuCFdiIDRytGZYu0en48+CDZIGZ
+Bi2sSMaG3zmUU7w9fh0NuuL2YlV7C5p96QljGRtmOZh4qoBgOSbrsa3k9zc=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1D 74 75 94 8E 7A 83 E9 8A F7 73 F7 6F 4D 5A 87 33 DD 9F 04 
+    friendlyName: Valid DN nameConstraints Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,997AF21B8BE5B4BA
+
+8yfzhn+GIwBC4tJMwDYhhX3ZaBFBzNQHBs1brCMjJzSQ+4yycS+AH048DHIlsx/A
+uAIme7AS2SBrfkOzAPcHTaVqj4thcbzFKWi2n5/W+XbivtYYQUJfSBFLtp2yGybU
+eizSJrPJV1afxJePlgxOdjh4JukKWTbK8GyOkC1JLEPh/sG141Y30jlExF3T8b0A
+E75yfwwRSHbK5nDwew1HtgzZMoJaP/JM2GUwxSoDDgNVBTYb/MwGmPDeZVgW8FHo
+8f2+AJk4IaoFeO6wp3/PsdPfm1kzHOrsJzK2GP+xaA94E8jwH7J3rlU2LzihJ48L
+mT3BUFxBIBhul91NKpzPhGzqlna604+Syg422PFWk80s3KruXel1ErZ8B5a8ToY0
+A6xOpEcGycWeCi7kvB+iaxtwwyE3ZbAp1HLBM6eU1RhP3lO0/bxeDRnSimOq8+vd
+bzuPznTh9SsBNsYNFxiyXW9Qhw0hHxiu+GVu/fCbg3CNzTcaPiGmMuuIXjqiQ5C+
++RsRrtEqVJBHjiSC+5uTXksB6JpstWxPWiTfStbYb35A1px0VOoMLoEZQoPorbSN
+Z0Q5KqpNmPXIgufE0HYxEvjk51hGMM2bKOuxZiNqnPuG/sbgpkRQvzSQnz2Kem+T
+g0so6vMU4BN0PBsGol+Ktomsj2ZcdOxemF/JtRyQ/wWgnNFQ2ZBAQSCBYOUvXjn7
+rHfzV+csRPs1vXgTy97cveaHDzLm93PEq4exzPXLiXK4JCRDfMyq/uJ3l5ZgJjO3
+8lcqzjWsYaKlYLr7uo/XWwst+zV+EWbPbO+XwEMXS+fkSnBbLxNXnVyJhXDf1ri0
+3RsAVBFlgBdeutl3K/VzqgHHz3JG845m8Dql9hu+zLGrhVLpZgY0CPwE5RzmNubV
+VMiIUPQpCwJ3JdhvocTrzf3PGhlh+dawE8SWqVQqGb6PKGJKCzjO7oMcTujbmDgo
+RG1i7YzRoVBJZ+p/pqtwiIeOX7K5qSgvhmvmhv9DPh+7PATAhfuQgCylt+nBhZjz
+e3TpI5MA6L1OcNQBayn6cgLzRDBcfrzGJ8ya6NaScZIUBazhGW62eCfmPcoUFN7W
+LqY2pIuqSXkdRY5HshGqiE/T1IVskwSLvdc80t190odSERZ+tg3DzhGGgYFysNp0
+URKBHKKeKOWJ7U/JPEYdfjmXwAsVPii1qpYOoQuwM8T6F4IhWfBvt7n77bc/sMEB
+m4Ax65kfJd5e3EIGRlOaPW3J764i78x25jqTHihXgSb/UoUOAoKYEifyB6aMeEb2
+0rYIC+NQ4oGzYXI/EuasyyPIrzGtcorlVFf66fDr6hc4bNlZZ7ZeKCXGVgXHXhOp
+S8snWNMeqiTXFvlE62sH3viS1DQvV4khKKeUlhjBms4/hQt4rlk/uCo2e4p6TWFP
+FFUg8ziw7kUlPf4p4n+evZuMEIROKudtvXQVsRsCWXsAo7zj40Gg47XkvDhsvINs
+T7adLxpEeKbZ5xjcvvjENWTei3vYHgEACfJ/1dayvdEaCJp+6273iipuiXDeCVNU
+yIutyGiKOGk+Qg+8hAfpcQFU7uaEI5cAesvPzOd3sbx9lxlyPu6dOw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5.pem
deleted file mode 100644
index 7b1c148861..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5.pem
+++ /dev/null
@@ -1,141 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid DSA Parameter Inheritance EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=DSA Parameters Inherited CA
------BEGIN CERTIFICATE-----
-MIICMjCCAfGgAwIBAgIBATAJBgcqhkjOOAQDME8xCzAJBgNVBAYTAlVTMRowGAYD
-VQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbRFNBIFBhcmFtZXRlcnMg
-SW5oZXJpdGVkIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowaDEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMT0wOwYDVQQD
-EzRWYWxpZCBEU0EgUGFyYW1ldGVyIEluaGVyaXRhbmNlIEVFIENlcnRpZmljYXRl
-IFRlc3Q1MIGTMAkGByqGSM44BAEDgYUAAoGBAM6LNthcREHH6pqw2JQ5RbNJtGxm
-vdadsOuJvn5b0NszIYMbSpJq13bSo8hLx5uVfEvkGdc0BpoYHdax/d+0xQcq1G2b
-yKxnK+bYJbJhXuvvfEtQJXVoNRneAuD+UX5sAKja0T80w8kTA1/2K0vJMVwExuZb
-OPhYbliV11/6bvxPo2swaTAdBgNVHQ4EFgQUAHhCMlJkgBTrJroWKe1llb8qHx8w
-HwYDVR0jBBgwFoAUXSTuilUa8sbJssK/ivCySU86sxswFwYDVR0gBBAwDjAMBgpg
-hkgBZQMCATABMA4GA1UdDwEB/wQEAwIGwDAJBgcqhkjOOAQDAzAAMC0CFA18iKub
-KQypNt8MvheJ9svsobpgAhUAzoneZ6mJuBahNft2JyeO/YD0xes=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=DSA CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDhjCCAu+gAwIBAgICB9EwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxUcnVzdCBBbmNo
-b3IwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA6MQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBkRTQSBDQTCC
-AbcwggEsBgcqhkjOOAQBMIIBHwKBgQDf5RE+2um2bhDW6p3inTqwR71EAMdWyMxu
-0DOEVkc1PfZUyOPCrbu6dfMvMwym+THsZ+PlmW38KW6qV4hyNOKOAJDgo6xkjsD2
-PB2PtMhKSDBef6qcdiYL2xNzM4OXwMWz5jf1Pv8VDdShLrox+KuH2AvMd5hCbqyT
-mMK9Lns0CwIVAM8GBNj/i+sA6fZcB5Zz/ZZlOi8HAoGBAMzhfLDOkl9j7Di7RLrd
-kjS2Xr5le9hxdwSd7GZ8OwTOtvNS/g+SVQLvThKrXZouL25W83Dsau2bIrioE8sM
-nBbqwQqOISZEpQz5oOxi4HAxzGj1C4WkShtuefTB+TZaOG9O74RT32f9zPdZYo+c
-nM0Qj1ykD5y3B+xg876vfjmYA4GEAAKBgBHyudi+QivFhL6RAhz8jDJyi6hsIdeI
-ihS6MGV1wBw9gmllp6yQehQdhXvlU8Jg/LHPZ6/B8i4IMmo4x5FOO7w8CdD5cW0I
-3ydJjQV02L1G0NtRpVO6h/P6XSWDT38KdeWp44mnQXdjQF8rLITSwXF4CttrVxnh
-5xQMnsT2MjkOo3wwejAdBgNVHQ4EFgQUdBXVJBy9XmWIH+GLCX5/6hlITmEwHwYD
-VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
-DQEBBQUAA4GBADo7ch93LLrc7PUdW0XOP3+kP+Sywfqf2ApcmOLufmM60siw4rzA
-1ssoITB2Rs3TPQKBiJzMdFKrq8tQ+8TcpXJ9M4SVfbAFB0P0vB4UC2Eg6iSnVJbB
-tsZFj12gpqv5Gawo3yUTw34h3opDGSX1pz6eZUIZBFKpAX5gyIpiEBI2
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=DSA Parameters Inherited CA
-issuer=/C=US/O=Test Certificates/CN=DSA CA
------BEGIN CERTIFICATE-----
-MIICFDCCAdOgAwIBAgIBAjAJBgcqhkjOOAQDMDoxCzAJBgNVBAYTAlVTMRowGAYD
-VQQKExFUZXN0IENlcnRpZmljYXRlczEPMA0GA1UEAxMGRFNBIENBMB4XDTAxMDQx
-OTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTzELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMSQwIgYDVQQDExtEU0EgUGFyYW1ldGVycyBJbmhl
-cml0ZWQgQ0EwgZIwCQYHKoZIzjgEAQOBhAACgYBnjEfaDDaBZDn4GjcL8LvUE/1n
-PUDInJLhOolUsPKXpXDQZBekp3yp6ScJZd+gpRz8BNo+3WJr8AztgVdPXSnICFkZ
-DF+NiPD/jLbodQG+EApk31d7i2xW8FPOQ4i5CZkIPJCvAejZMl3tVgLPYNIBOuMK
-K56RQfbHfN5smWMADqN8MHowHQYDVR0OBBYEFF0k7opVGvLGybLCv4rwsklPOrMb
-MB8GA1UdIwQYMBaAFHQV1SQcvV5liB/hiwl+f+oZSE5hMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAJBgcq
-hkjOOAQDAzAAMC0CFQCoWW8xd7Yg7Dab60thCq9E7XK6KQIUbSLhvU0n9i47H9ed
-1lleyyWGItg=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c7:32:ea:21:ff:7d:01:d4:f3:d9:c5:a9:ea:04:35:21:81:d2:
-        13:f2:35:d3:e4:53:c5:03:93:de:a1:2d:25:56:64:bc:52:20:
-        81:53:69:6a:a6:90:26:38:bd:ed:31:7f:a9:7b:c1:e8:a9:e5:
-        07:97:82:bb:3e:8a:f9:79:ec:2e:bd:16:4c:31:6b:b6:80:ca:
-        ba:ba:0c:35:0a:d6:08:3c:31:78:fe:d3:3d:06:69:6c:3a:e4:
-        07:4d:6e:84:21:d3:c3:90:60:8f:99:90:62:a9:16:38:25:2f:
-        7e:08:5f:2f:cc:59:d7:7d:9b:2f:d8:0b:e7:70:d9:64:f7:01:
-        38:8d
------BEGIN X509 CRL-----
-MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU+2zULYGe
-yid6ng2wPOqavIf/SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAxzLq
-If99AdTz2cWp6gQ1IYHSE/I10+RTxQOT3qEtJVZkvFIggVNpaqaQJji97TF/qXvB
-6KnlB5eCuz6K+XnsLr0WTDFrtoDKuroMNQrWCDwxeP7TPQZpbDrkB01uhCHTw5Bg
-j5mQYqkWOCUvfghfL8xZ132bL9gL53DZZPcBOI0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: dsaWithSHA1
-        Issuer: /C=US/O=Test Certificates/CN=DSA CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:74:15:D5:24:1C:BD:5E:65:88:1F:E1:8B:09:7E:7F:EA:19:48:4E:61
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: dsaWithSHA1
-        30:2c:02:14:46:20:d2:4b:f9:cd:91:09:e9:71:6a:bf:d2:3e:
-        88:5d:d0:47:ee:aa:02:14:25:ae:d3:6a:ca:3f:a4:54:41:d9:
-        a3:57:74:b3:48:ab:c5:9f:01:f9
------BEGIN X509 CRL-----
-MIHYMIGZAgEBMAkGByqGSM44BAMwOjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMQ8wDQYDVQQDEwZEU0EgQ0EXDTAxMDQxOTE0NTcyMFoX
-DTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHQV1SQcvV5liB/hiwl+f+oZ
-SE5hMAoGA1UdFAQDAgEBMAkGByqGSM44BAMDLwAwLAIURiDSS/nNkQnpcWq/0j6I
-XdBH7qoCFCWu02rKP6RUQdmjV3SzSKvFnwH5
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: dsaWithSHA1
-        Issuer: /C=US/O=Test Certificates/CN=DSA Parameters Inherited CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5D:24:EE:8A:55:1A:F2:C6:C9:B2:C2:BF:8A:F0:B2:49:4F:3A:B3:1B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: dsaWithSHA1
-        30:2d:02:15:00:89:33:c4:9a:67:b6:d1:05:d2:fa:c6:db:09:
-        a9:f0:01:9c:cb:db:00:02:14:5a:f9:93:bc:2c:9d:fb:be:01:
-        4b:f1:a2:fb:1d:93:dc:98:05:f4:ab
------BEGIN X509 CRL-----
-MIHuMIGuAgEBMAkGByqGSM44BAMwTzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMSQwIgYDVQQDExtEU0EgUGFyYW1ldGVycyBJbmhlcml0
-ZWQgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFF0k7opVGvLGybLCv4rwsklPOrMbMAoGA1UdFAQDAgEBMAkGByqGSM44BAMD
-MAAwLQIVAIkzxJpnttEF0vrG2wmp8AGcy9sAAhRa+ZO8LJ37vgFL8aL7HZPcmAX0
-qw==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5EE.pem
new file mode 100644
index 0000000000..7e17e1dc6b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSAParameterInheritanceTest5EE.pem
@@ -0,0 +1,38 @@
+Bag Attributes
+    localKeyID: 59 F0 D4 26 E2 38 A1 F6 C1 D0 71 F1 06 FD 5C C9 1E 16 E9 6D 
+    friendlyName: Valid DSA Parameter Inheritance Test 5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid DSA Parameter Inheritance EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=DSA Parameters Inherited CA
+-----BEGIN CERTIFICATE-----
+MIICOjCCAfqgAwIBAgIBATAJBgcqhkjOOAQDMFQxCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSQwIgYDVQQDExtEU0EgUGFyYW1l
+dGVycyBJbmhlcml0ZWQgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBtMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE9MDsGA1UEAxM0VmFsaWQgRFNBIFBhcmFtZXRlciBJbmhlcml0YW5jZSBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0NTCBkjAJBgcqhkjOOAQBA4GEAAKBgGePd1BDyXeRQ1yb
+OLiczxes0cd6mp1vxtg8Pjtuw/VNgx6/q6dq15cXOXf+I1KDj5KpTr8RU5EqJzzs
+24Rkhd0YIpKnlS+r9YlUbGUqiYgFGxcZIFPWeXtd/HDUo6EtwM/4CKMJIoCj+RIP
+85dMZNOqY3m3VXmUrihAfGMSJ1zYo2swaTAfBgNVHSMEGDAWgBRlgZ9wOoyt9kMd
+yOePVY7oS9uH4jAdBgNVHQ4EFgQUBm+vcNPtCiTeORO8G9ZsstjM7x8wFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMA4GA1UdDwEB/wQEAwIGwDAJBgcqhkjOOAQDAy8A
+MCwCFF8V1SAET1xFJmUxuSyCcxKWdg1nAhRLvW4OnD/rkm/0u8mAPbkq84+rpg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 59 F0 D4 26 E2 38 A1 F6 C1 D0 71 F1 06 FD 5C C9 1E 16 E9 6D 
+    friendlyName: Valid DSA Parameter Inheritance Test 5 EE
+Key Attributes: <No Attributes>
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A1A1A940AE90B3FA
+
+X9H/rdRkmXxSAG8Jna6Ip4pqa2PUCyiEbMJU7exzzJ6tx/zP4zU7se6HLZE10YbF
+D+R/mIapOCVSaf1NkZ0xc3Oki2W2E/zQ6S2uX7scHQkBanuBqkjwjY+vDZAvdOmd
+FVsbb55ezxMendKK8Udrd3K5EibzReRbwSl4lLwwGZQzwRLv3LJBWC0m55s2D3QZ
+2wzpJI8WgCMXd9sJY6+453HT/NSUmoWYACIqhJhXxkNxWFmSuoh9IlqoKUkDtw52
+bf1gF2itR8YJ5Fbjg4u7PjVRbkLjCU0BXjAB2G0WasnJr9To6bwSCsGSfGLRTaBd
+XH1uS31MgymzgO5ftqLNiCPy3bxFa5H7LK/ETAlqfnDVC/w0Za3pI9ZGGeR4AIx4
+PXbvrVBrcadyfU/MuHSJzA8b9dWN2bOn9nogf+cMewQWBXnF7Znh3re1o+ElpF7L
+E8h+YgVzMlJVLrFR0HL+1Vs/ch0FrsYW0Y9v0/2VSUnOLL8omoZZrvEOZ7Q/MZj6
+b1cQoEuoEu3rQss8fHsKgSdNG5JeqRngTFnV5zCTqIn0Dyl/bkje4s3ryQ/sMyDI
+6wMdTVMTocYvdldlnRdGNw==
+-----END DSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4.pem
deleted file mode 100644
index 6482e31df3..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4.pem
+++ /dev/null
@@ -1,104 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid DSA Signatures EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=DSA CA
------BEGIN CERTIFICATE-----
-MIIDNjCCAvWgAwIBAgIBATAJBgcqhkjOOAQDMDoxCzAJBgNVBAYTAlVTMRowGAYD
-VQQKExFUZXN0IENlcnRpZmljYXRlczEPMA0GA1UEAxMGRFNBIENBMB4XDTAxMDQx
-OTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXTELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMTIwMAYDVQQDEylWYWxpZCBEU0EgU2lnbmF0dXJl
-cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQDk
-i69AjBXXPXzuA5YSaMEgBegXyp50ZUuaVJcqeDPapcVy6jSzlGhC1Rv9d/CoQp5k
-k5C2wgIxRhN6A2nMmC1WnV4jXyi/rX8P0GmVYlwaBypejHNJfv0SIo5V5VbprnIp
-locIJ9d3Q/CGuAkKGxSl5gPmRXlN6fpTX8EJvX7FwwIVAIA/5PzzTOU+yw8XCipU
-bNBnbA07AoGAZtQWiiCt/tEyn6V/p7PQ6nc/62yi5CnY2Lwh3Zr3zOW0d03f7Nqi
-jJx1Elof/mbTEcLvhEPsqYhuTLpMPzWWx2f8mb0PmSkTkU7YAq7+a69QVqovHrUq
-yO4iRyV4ayHdFD/O8BCB95YdnEG7XkSSXS7GHrjNaciPPzs+0E+iztkDgYQAAoGA
-D1MorDgvPfMRYUHDPafWevf2ATLTIXEQFNXDPk3rGaKMr54IPUEK/8yiR4J6VqGj
-/eyyi7c5tcqgGYWCm5ZoqLtrupCk4a1ltkQx0h4iL1NBT/qc+C/oLEMkFn4r2GT3
-ZPrweUgduQJtkDbM6zYP8jmrfSfs90dv3TPEfk3uJFejazBpMB0GA1UdDgQWBBSz
-M9dRogQNRPudQPESYnGwU/ZpDTAfBgNVHSMEGDAWgBR0FdUkHL1eZYgf4YsJfn/q
-GUhOYTAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDgYDVR0PAQH/BAQDAgbAMAkG
-ByqGSM44BAMDMAAwLQIVAIynyNKZ1ECb+SGSaPMnJglzolkYAhRM/h+AuzCA19hw
-xk52oNmdtPZA6g==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=DSA CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIDhjCCAu+gAwIBAgICB9EwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxUcnVzdCBBbmNo
-b3IwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA6MQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBkRTQSBDQTCC
-AbcwggEsBgcqhkjOOAQBMIIBHwKBgQDf5RE+2um2bhDW6p3inTqwR71EAMdWyMxu
-0DOEVkc1PfZUyOPCrbu6dfMvMwym+THsZ+PlmW38KW6qV4hyNOKOAJDgo6xkjsD2
-PB2PtMhKSDBef6qcdiYL2xNzM4OXwMWz5jf1Pv8VDdShLrox+KuH2AvMd5hCbqyT
-mMK9Lns0CwIVAM8GBNj/i+sA6fZcB5Zz/ZZlOi8HAoGBAMzhfLDOkl9j7Di7RLrd
-kjS2Xr5le9hxdwSd7GZ8OwTOtvNS/g+SVQLvThKrXZouL25W83Dsau2bIrioE8sM
-nBbqwQqOISZEpQz5oOxi4HAxzGj1C4WkShtuefTB+TZaOG9O74RT32f9zPdZYo+c
-nM0Qj1ykD5y3B+xg876vfjmYA4GEAAKBgBHyudi+QivFhL6RAhz8jDJyi6hsIdeI
-ihS6MGV1wBw9gmllp6yQehQdhXvlU8Jg/LHPZ6/B8i4IMmo4x5FOO7w8CdD5cW0I
-3ydJjQV02L1G0NtRpVO6h/P6XSWDT38KdeWp44mnQXdjQF8rLITSwXF4CttrVxnh
-5xQMnsT2MjkOo3wwejAdBgNVHQ4EFgQUdBXVJBy9XmWIH+GLCX5/6hlITmEwHwYD
-VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
-DQEBBQUAA4GBADo7ch93LLrc7PUdW0XOP3+kP+Sywfqf2ApcmOLufmM60siw4rzA
-1ssoITB2Rs3TPQKBiJzMdFKrq8tQ+8TcpXJ9M4SVfbAFB0P0vB4UC2Eg6iSnVJbB
-tsZFj12gpqv5Gawo3yUTw34h3opDGSX1pz6eZUIZBFKpAX5gyIpiEBI2
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        c7:32:ea:21:ff:7d:01:d4:f3:d9:c5:a9:ea:04:35:21:81:d2:
-        13:f2:35:d3:e4:53:c5:03:93:de:a1:2d:25:56:64:bc:52:20:
-        81:53:69:6a:a6:90:26:38:bd:ed:31:7f:a9:7b:c1:e8:a9:e5:
-        07:97:82:bb:3e:8a:f9:79:ec:2e:bd:16:4c:31:6b:b6:80:ca:
-        ba:ba:0c:35:0a:d6:08:3c:31:78:fe:d3:3d:06:69:6c:3a:e4:
-        07:4d:6e:84:21:d3:c3:90:60:8f:99:90:62:a9:16:38:25:2f:
-        7e:08:5f:2f:cc:59:d7:7d:9b:2f:d8:0b:e7:70:d9:64:f7:01:
-        38:8d
------BEGIN X509 CRL-----
-MIIBOTCBowIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU+2zULYGe
-yid6ng2wPOqavIf/SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAxzLq
-If99AdTz2cWp6gQ1IYHSE/I10+RTxQOT3qEtJVZkvFIggVNpaqaQJji97TF/qXvB
-6KnlB5eCuz6K+XnsLr0WTDFrtoDKuroMNQrWCDwxeP7TPQZpbDrkB01uhCHTw5Bg
-j5mQYqkWOCUvfghfL8xZ132bL9gL53DZZPcBOI0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: dsaWithSHA1
-        Issuer: /C=US/O=Test Certificates/CN=DSA CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:74:15:D5:24:1C:BD:5E:65:88:1F:E1:8B:09:7E:7F:EA:19:48:4E:61
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: dsaWithSHA1
-        30:2c:02:14:46:20:d2:4b:f9:cd:91:09:e9:71:6a:bf:d2:3e:
-        88:5d:d0:47:ee:aa:02:14:25:ae:d3:6a:ca:3f:a4:54:41:d9:
-        a3:57:74:b3:48:ab:c5:9f:01:f9
------BEGIN X509 CRL-----
-MIHYMIGZAgEBMAkGByqGSM44BAMwOjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMQ8wDQYDVQQDEwZEU0EgQ0EXDTAxMDQxOTE0NTcyMFoX
-DTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFHQV1SQcvV5liB/hiwl+f+oZ
-SE5hMAoGA1UdFAQDAgEBMAkGByqGSM44BAMDLwAwLAIURiDSS/nNkQnpcWq/0j6I
-XdBH7qoCFCWu02rKP6RUQdmjV3SzSKvFnwH5
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4EE.pem
new file mode 100644
index 0000000000..2041c76807
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidDSASignaturesTest4EE.pem
@@ -0,0 +1,44 @@
+Bag Attributes
+    localKeyID: 65 80 CC 44 81 EE 42 CA 16 B2 6D 68 60 CE 80 83 F0 2D 6B DC 
+    friendlyName: Valid DSA Signatures Test 4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid DSA Signatures EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=DSA CA
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAv+gAwIBAgIBATAJBgcqhkjOOAQDMD8xCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMQ8wDQYDVQQDEwZEU0EgQ0EwHhcN
+MTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBiMQswCQYDVQQGEwJVUzEfMB0G
+A1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEyMDAGA1UEAxMpVmFsaWQgRFNB
+IFNpZ25hdHVyZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggG2MIIBKwYHKoZIzjgE
+ATCCAR4CgYEA5IuvQIwV1z187gOWEmjBIAXoF8qedGVLmlSXKngz2qXFcuo0s5Ro
+QtUb/XfwqEKeZJOQtsICMUYTegNpzJgtVp1eI18ov61/D9BplWJcGgcqXoxzSX79
+EiKOVeVW6a5yKZaHCCfXd0PwhrgJChsUpeYD5kV5Ten6U1/BCb1+xcMCFQCAP+T8
+80zlPssPFwoqVGzQZ2wNOwKBgGbUFoogrf7RMp+lf6ez0Op3P+tsouQp2Ni8Id2a
+98zltHdN3+zaooycdRJaH/5m0xHC74RD7KmIbky6TD81lsdn/Jm9D5kpE5FO2AKu
+/muvUFaqLx61KsjuIkcleGsh3RQ/zvAQgfeWHZxBu15Ekl0uxh64zWnIjz87PtBP
+os7ZA4GEAAKBgCwUuJ3sGoI0YbdjbhY97S8mJRwXyMJzPtX4GILw0J0vhFlgB1IQ
+RlMdNahTZDjWGvBNMV6VscdMD+PlfG1ZVyGwwc9qvny5X8RfYRb0AsmvSN6o3brj
+n5gFsnsHcRxE0fhzbHdbZFPImAVMjTaAIkKXfjIaUaiICOr3qqyhH2yBo2swaTAf
+BgNVHSMEGDAWgBSPkMaMdOh7DMhZx308W1RZYCULsTAdBgNVHQ4EFgQUnHvCTw9Y
+g/WGXCrgdm2oTR/cEDYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA4GA1UdDwEB
+/wQEAwIGwDAJBgcqhkjOOAQDAy8AMCwCFHm10vtlAd/b1cB5Yi/UsmQ8BtYEAhRL
+hwx1Txi7lIfyun0bpsh8km3ohA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 65 80 CC 44 81 EE 42 CA 16 B2 6D 68 60 CE 80 83 F0 2D 6B DC 
+    friendlyName: Valid DSA Signatures Test 4 EE
+Key Attributes: <No Attributes>
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,08DE82DDFA93E00B
+
+0fvn08EoMjSFM7RzWoIpU3wJRuMFftIvR7XSeytjH7LVbK5GJviWr1+V8LkgD28s
+tdSNeKVXUN+RwVNv48Ul/60hzarASPQNXvtVz7GFDUwBlm4LkywmJhvKlu0mnmxh
+d17JQ49ypkQrshQPp5k/bDLijhLQ5mY2i/a200g1qtsq7H6qcl5dcCAtQw2/Ei+v
+cYoZFCnF3MHExaq3l0BTEHJ33Z+rjSHjUXq3u4Ivx1qESK48nUMhQt/z6vxgyvvf
+y34qU2b8iytemifLlVP7N9ZUFCZMlQwKRdDKHAPlSAptG8KEsuxG+NFtM0GyugqR
+SoAEpq24sHT+xSk5nKT7UskJ6FYKwliWOf4U30eKKz+Yq0mswstJd3A4VE1a3acK
+kwPHztRlKlhhjcGlmUgB4oGERCOegc/ZklF2NgLAc1jJQCpPQg3N7m3kMJ3VsGS9
+8/In9c2VKT+9+BEKcrR3pQCb/2TTAg6rKvCCCo4MpcTa/Xek8IPCbH6K8tsWkVnz
+t19y7EDrqOjNFqksum5r/W1zn+zOfGpSN6Fb6lK4jY5E9RzkkpHz0foCj54VWDfg
+yUH7H70BtvKPW5KZ1mrtNw==
+-----END DSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13.pem
deleted file mode 100644
index f15bd0771a..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=GenerizedTime CRL nextUpdate CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIChTCCAe6gAwIBAgIBEDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEoMCYGA1UEAxMfR2VuZXJpemVk
-VGltZSBDUkwgbmV4dFVwZGF0ZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEA0XVL58x4St3rim3S8J3rxCFsMxohlbSezZsM8cVML4M8JqBA2RCpciqMXQ39
-ySW9Va2Mca/dkW/VCXATp9lG6hGPI9uvz5t42IPrYc/CdCMWnMZYPxolMOUJd8rD
-fRjX+PnPtbMonefHo0LclKZkSs5hLEty2zpam33MNLS4L+0CAwEAAaN8MHowHwYD
-VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFBSGFC5gYrSk
-iBLjiqt4F6Lu0TAaMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFl
-AwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAPS84jJFDI
-dH5hR/XPr96LgBMhK72+PiP/6pgrKYilpao6qSJAf9vIsaWuebDcHUWFO3HcaIwl
-Ku+ejli9fwEZmMcK1l4pj5vf5y4/wYBkWTvnpT65JUGdmuFic0n4c1jEPTkRZPl0
-FVsLl9iYRwWLJH9pq9gaOLZboV3w/HplDg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid GeneralizedTime CRL nextUpdate EE Certificate Test13
-issuer=/C=US/O=Test Certificates/CN=GenerizedTime CRL nextUpdate CA
------BEGIN CERTIFICATE-----
-MIICojCCAgugAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH0dlbmVyaXplZFRp
-bWUgQ1JMIG5leHRVcGRhdGUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBuMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-QzBBBgNVBAMTOlZhbGlkIEdlbmVyYWxpemVkVGltZSBDUkwgbmV4dFVwZGF0ZSBF
-RSBDZXJ0aWZpY2F0ZSBUZXN0MTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AJ/BW+Rh38aEJHLhyF2rFsHXLa//8UzBuAOpoiJSzFc4gk4FZMbUeMNc7JEG8d3C
-1iCI6ksf+VPWuZsGVLU8GB1Y01lFSaXPp5jmmDeILhOIhmh7/xGJOC0bftMHU2Ub
-STCDgX+yxmVEzoPNpyWc+NIOUxF4dGZcIVeFKPB6cYQlAgMBAAGjazBpMB8GA1Ud
-IwQYMBaAFBSGFC5gYrSkiBLjiqt4F6Lu0TAaMB0GA1UdDgQWBBRAXKg9gLMI1s2l
-71T3v0X4NAK8LzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA0GCSqGSIb3DQEBBQUAA4GBAJODcolMrKSSYYUM8i0NqwfexPIPQ6X+U/WU
-fh7Q4VMoPii7s2hU2MHjdWM/80GnDbNLmNqWBWqymgR+lkYvyvcMSsXr7SC7ZN7T
-PKpw3Hi2bnOFDJDKA/MGWsX+cehwuRKlxmwep3r23H0ctmF6bYpcVusN6NYXVHzt
-jU0bM66N
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=GenerizedTime CRL nextUpdate CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Jan  1 12:01:00 2050 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:14:86:14:2E:60:62:B4:A4:88:12:E3:8A:AB:78:17:A2:EE:D1:30:1A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        ca:4b:74:4e:30:1a:c3:6c:07:22:c9:4e:5b:2a:a1:2b:9c:7a:
-        82:20:53:df:a4:45:75:15:ab:eb:5a:c2:e8:f2:bf:57:f7:d0:
-        2e:b1:cc:10:56:0c:be:b2:15:72:e3:b4:c8:0f:90:fd:ce:57:
-        9c:1d:b6:cb:dc:4d:80:64:ae:49:4f:05:d8:96:1b:a7:ab:aa:
-        22:61:65:57:63:1b:7f:9c:81:f1:e5:cf:06:b1:6c:00:a1:36:
-        28:26:97:2f:ef:74:37:e1:89:7e:0f:c8:ec:df:ac:91:f2:e3:
-        f5:01:a5:27:87:dd:29:b9:35:d5:e1:99:91:a5:07:31:24:80:
-        0c:7d
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH0dlbmVyaXplZFRpbWUgQ1JM
-IG5leHRVcGRhdGUgQ0EXDTAxMDQxOTE0NTcyMFoYDzIwNTAwMTAxMTIwMTAwWqAv
-MC0wHwYDVR0jBBgwFoAUFIYULmBitKSIEuOKq3gXou7RMBowCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEAykt0TjAaw2wHIslOWyqhK5x6giBT36RFdRWr61rC
-6PK/V/fQLrHMEFYMvrIVcuO0yA+Q/c5XnB22y9xNgGSuSU8F2JYbp6uqImFlV2Mb
-f5yB8eXPBrFsAKE2KCaXL+90N+GJfg/I7N+skfLj9QGlJ4fdKbk11eGZkaUHMSSA
-DH0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13EE.pem
new file mode 100644
index 0000000000..921fc43d58
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimeCRLnextUpdateTest13EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F1 27 41 23 90 1D CF C0 11 84 D1 9D 51 63 3E FC FB 96 12 01 
+    friendlyName: Valid GeneralizedTime CRL nextUpdate Test13 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid GeneralizedTime CRL nextUpdate EE Certificate Test13
+issuer=/C=US/O=Test Certificates 2011/CN=GenerizedTime CRL nextUpdate CA
+-----BEGIN CERTIFICATE-----
+MIIDsTCCApmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfR2VuZXJp
+emVkVGltZSBDUkwgbmV4dFVwZGF0ZSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMHMxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMUMwQQYDVQQDEzpWYWxpZCBHZW5lcmFsaXplZFRpbWUgQ1JMIG5l
+eHRVcGRhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDEzMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAud22oPPBDzylInEUq9CguXvnLa25adaw9FxosWhpznk+
+e4A8PL4ObpbKZ3BD4Rgw7l0ptJ9+EXx5JuJNkjjrqjhq92E0APwXSFl+ZBLLPfsC
++yPJoxRQ4NjiCNHrFl7ljDSPPKllzSJxIE0dUXpan546511kuDp5VYiLb3aJUFiZ
+qLh/1uTYqWCZ287zkgcG6rXllTbbBrhOoUhoIt7BCudz8kKr361aJ6CRpgHN/Vq8
+T5xW39XAAifUCiql6gcR/iGLekoP6Ea5xWlCejwA+a6k88boXm22LAx7QWiFUe1e
+zLHZ5Yh4rXtBamDYxOdAk1GYwYAnjBybuGWBxADWXwIDAQABo2swaTAfBgNVHSME
+GDAWgBR+KnXvDDbHS+cg2X9hSEeOEoMaLDAdBgNVHQ4EFgQU4997s71PDhzkuPqx
+jV3e2akJIdAwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
+ATANBgkqhkiG9w0BAQsFAAOCAQEAOaHsLRHQVH5gJ+hxdHvna+IUoWjEE2F5MQbT
+bM998cWDHqN/OAggEpYV+Lihrz3l2zZ3efue0woBgBfcjr6LkPpLLR4jqn3cPtQV
+t9BgXO6fLFntkCvvnTDDFRbXRboCpivS+nS7J74tabTtbcxVjTnnRky9HQrgopz3
+hz+oGR7rFnB6fB1D/ic9BWKtwx+BODB0eK7WmUK7pLtQJaz/wimIhs8kD0X6AB9g
+XWVlBsXFMemvFglNQvtfH1uPPzQk6cZ/JDp+LvLWAMP6HK3ZVdvaAVU95DRm6gK8
+PoyWsA4vasObByzNgCtKQSxULkxjjRnbZRN5j0uRN3mjJ1fKEQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F1 27 41 23 90 1D CF C0 11 84 D1 9D 51 63 3E FC FB 96 12 01 
+    friendlyName: Valid GeneralizedTime CRL nextUpdate Test13 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E6118688A1731D88
+
+Dd1EFLgiRKRMZTUclex4I2UHdo3uVBIINpHRPA9+uia/saAEb5j3PpvBxOKlbI9A
+akzemvAU2AQWIrMVw5+kIiSHtj/JLwEmXU3Hxn352sxA8hBHSfbO1RDV3+iXpHBy
+DXePvEo5DloF0z81dxB579mGhhlZm1jh1ILrOxJa4rLRCXbQDBbautETrp0kkVZ7
+uAzEG9PQGH/5y1mdgkcJ7g5s7Hjtj1aFbSJIY4wdBmXzps9RHHgG7is+AKPHDNA2
+hr0P1RYC4XPyRpd3Q6hXaxgS9T/UfZ11epoa81XeRwlc7JHshZw+BMeQA8sJkVZK
+tduaOOa3OpeSxfKeBEbFBRylPgP5SkmteWMmvbDsVBhgLqhDRi9M7L9e4Ty8en1L
+q6T+ffPOsESh7wEO1cHUIDT7alY/zWuqy4uKmSUOEGWjtEOUSRtDuIdZz1uy7xjz
+/iuLLZfoZg/iJCZo8Gvlw4MZwDRn7up4yi4crc5DTxlA6rF0t3GMrxdw5ofVcYhk
+tviu6dbBTAOMyMEKpUKxt6BVUzX24vqO9XuFNFD47sNz1zV4n9eleeC5xSdPpgBE
+jEDZdo17vUHg9kDzNn5mxEFWSBXk20dJCCFIgQbCubZFWj+CqYbaTCDNzBeCr0/4
+DuQqipAn0qat1PqZ9JkgaicK+i4tF9KxmOpWEOL1eWGKbSO/mmOWjjP5+8/OOQta
+jfEVNLmaeY8rdrftcTnOBBA09aP7dMX0habd73Pvhw9SGim5j5waSkLVR2G8pz51
+I0X0zHwGY/rq25EmDgqhwMTIbkrFGlruuweCXrsHAC8ZvFmD5ESplZ1fZri26ICj
+ZEkHuN1HSU/uhZ7Ln9u0cJs1htegtu3QFszdoyFKH9HRIDfZc+ia25drom+uDFgA
+f6ejKK7egCMVyME4qRKRlNOngO1OLBGgreP+VkQv985JhRcp/UgT3EV5I2qUabeS
+r+LFQg502lKogv/2cSfv8oXs5vKmSFQ1c0pGE4/m+O0FmyvlNWlJyWk4B1zu77fL
+/hp2Ovo2L5NCOsUWa2KayDJyDfUa9A777AvKEDSeqA/CLT2zuMnaGI6WiiuE8l1s
+ZoJxiPdErPFLG1axiaM5gMppwG2KG7sx68uPxImxNf3vmoQI0A6x38TJ/UM9uVKN
+Z/Ul2UCRvmX8WLMyGR2+3OJ4IcI1zHCXa3kRybqTLy9/MQc1ytclZtq7W25YomNS
+wJ7rFJB6XJmqsTgFGpvBxb/C5S0EU578m2ScQ2eYb/8rQh9cFPR09TQwzTgcKldc
+WUV/Ii3PGPqfU+YQbB1CW3oH2yd3KqO1ArE8Agwiy9Lcj1MZf1fib3NDcEW9CysV
+CU6mO5j477pEdhhh3YVex2oTy2J6sc854OpeRHjmtRmY5P1Lx8Um7zgru3aYlBiL
+9xIIvEOGYL3jJhzRk6FFEyvwd8jdzx759qFiwqpeEZig5hiki5nytjXoWc6YsRRW
+ktn+41fRoljfyoud/oudnz/R+htweMstFEakD332taJrLh54UiphVSccvZxLUKzW
+M1tSCjeKBdpcWAfZnofwMJ4EVb1HV/VNhp5Wb1ODJKJCOuMjKX+fFQKrQ7br0Q3f
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8.pem
deleted file mode 100644
index df9cce1587..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid GeneralizedTime notAfter Date EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBCDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwIBcN
-MDEwNDE5MTQ1NzIwWhgPMjA1MDAxMDExMjAxMDBaMGwxCzAJBgNVBAYTAlVTMRow
-GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFBMD8GA1UEAxM4VmFsaWQgR2VuZXJh
-bGl6ZWRUaW1lIG5vdEFmdGVyIERhdGUgRUUgQ2VydGlmaWNhdGUgVGVzdDgwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALuN3xhLcTamwSrg/7HDqFvodu01X/59
-oI6coV90K3bmWeFUWcw5ZNfns6jjgQE1kexWBJIFACT3kFzmEdQ0Diht+5/uEeSO
-PkOZPDfVFZRsZlKiP4F5JRag4K4+Wfrt8M1vzLcj/TRtui1jpwyXKD/Zjtsye3j8
-MayBGrcgQWbXAgMBAAGjazBpMB8GA1UdIwQYMBaAFLcupoLLwsi8qHsnRNc1M9+a
-FZTHMB0GA1UdDgQWBBSikE0CsoDg9dGVN7xsWnkXPID8kzAOBgNVHQ8BAf8EBAMC
-BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBABG3
-77d7XM2ib5Bv0aVQKTDlDZr1fzLxv0CeJt/o6io7LL8Z9gC0ZdoeiB1nK+unnlu0
-GFMygOHAwKUkKMkkChIGFyYSEPrqQV5811YETya4JBE+Ou3GQ2oKNNL49+HP2yTm
-aWT5eiTEg86gF52K2nPXRNaNGYHgT1+Ez2HeI4pO
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8EE.pem
new file mode 100644
index 0000000000..82c7ff7d50
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotAfterDateTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C8 C7 13 ED DD 20 A4 BB 2E 92 00 DB 2B 34 A3 A1 63 97 26 0F 
+    friendlyName: Valid GeneralizedTime notAfter Date Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid GeneralizedTime notAfter Date EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBCDANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAgFw0xMDAxMDEwODMwMDBaGA8yMDUwMDEwMTEyMDEwMFowcTELMAkGA1UEBhMC
+VVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExQTA/BgNVBAMTOFZh
+bGlkIEdlbmVyYWxpemVkVGltZSBub3RBZnRlciBEYXRlIEVFIENlcnRpZmljYXRl
+IFRlc3Q4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3JsqVzyLOC5n
+QkAT5iNLE/lsxf/3jU8ojrjoBbTYdgaUaun44lvZwesI/WEd7WbmIk4bnuLDk2pc
+VQY+UnqPJS3j4exQshmfKSwtJnfnqiCNDsujHAkHP0ETMQGbQCfz2sibFf9TFXrp
+mcIHRX8cXIFcQvcvGyKUzO6pkZXRQ5CH37tVWJCj1q8oACXaBqdC4VRKYFO0lhWs
+epDrq2xWlvF7pOEJr7MvyM2tqaYFEKVgCXomhY1qxY3tWUr9n2OIEOt71o5+671O
+Mqd4cZJREF8vpkelQxEGMMu7DR1+pGbkrxXqyYAmjDE5czfXQOLHrWKJlXsnv37L
+gSb0h6cWyQIDAQABo2swaTAfBgNVHSMEGDAWgBRYAYQkG7wrUpRKPaUQchRR9a86
+yTAdBgNVHQ4EFgQUMT3myQxH68BT3YDCOy2mohpE7iAwDgYDVR0PAQH/BAQDAgTw
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAcDEv
+K/j/gsTTaDIPxcb0iblmMtDBoM6sVI1hp/cpXz47WqedfVQxKpMAj+nyCepRHFw7
+tnjoWzlpDJTbzDX2RaQTyzzZ1hoef9po4LSjt+ukybp0D3bf4m47s6cat+f5XKME
+BqLI+2C9V17tBV6ZM2LbCncc/RnHXwaPCJQUdQV4QOP0+aw6/pmCfUJH0Bn/fM80
+gPxHN3yEds/Xes+JRf3dzFMcGso1IA4fx/S3DqkT+uJG75jl2cI/SUZCdw6G5Aze
+h/wfRrNGyqQYOsgKkNION7NjDmeZ5doj4Nk1MaaYZmm/Znn83fMtXuGchn26BmIO
+UNDDn9zsAsqcF4TkGQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C8 C7 13 ED DD 20 A4 BB 2E 92 00 DB 2B 34 A3 A1 63 97 26 0F 
+    friendlyName: Valid GeneralizedTime notAfter Date Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B452F5FA65D5D9EA
+
+pKSxE2vluN/rwAKlIlcx1ujNGmCSZcAUM2RCSJKtU5dfviE+5CrOI2QD5ggla6mb
+lVYfxKHwNl7g5gJ1TA4hDQZKrxW0y0g1wX/88b2sRtkHhNQVPuh3OLo7/bl2dzto
+ndLby7Cdys6NuLQNgVZsa1Ysl7yNr2cmhT5q8D+No4cHHGm51GBwj9FWOBQrFb2v
+EsmSoxOyCcunZ3Sl39M51CH/gaKtGMFfTvHs2N8dj5zdD8ncjylV0SMcO/64wH1o
+bRwfkC+zDfx6KFXd7ROuR4kEbW4tb1Je7zMEc8fz55p8rKP9dfzlEVkqGEeKLWG3
+Gqp5JkUghtvpeHr+PDS1w5RrIfNNIWjY4/AJvOh2EJCh32il0X7+eOrEGYeP8dL+
+f8JxuUBXUEAfkAxGkeqRNFTT0mpXSXcRfnNwiuHvT9fX5h5E//YKgTvRQxBQicPI
+enE3FXA+E6iv63cOGhYjbTvrLvt+GdfZVfUPX9ieUGLbg+cVhiGENub9PHrDD5n9
+v4w21qEuNDWw0EWWzuWybNY6DU0qeu6lbh8xEBxHSy3FsiDIwStqXGhs/nl+w7qx
+IaCo8aP1/zMRXGEAFH8oGYtE+EHDBvJZfuMRVlM3FqQLyomWUtX/9BHapen2/ZzY
+MlAtIlvYu6psP4WLzGaagfRPWMlrI9QIvbaDfdnvzZn4yu6wJ8Lqsc7iu+8bWB6u
+lbvvxTa/YlFuyQEizlf0UJvV9fh1Nb/Hl6GheN0BMqGYHPaAzi8bac1S48+RZya9
+8NPvbxHkrKYV0+RORm1iMaETMz5cgU4BOxBATQB6OC+zDKhf1BMaawp3C9eCm/+d
+9r+tTyfkGMpusuLzevhK5utcqRXjHbfpoazJgnNqUVQrurxG3svrZFY8WdrgRl+m
++nEpoy1Wf8kpX5iTsAdSzZTKdFSKSSLqkPEywmGGA5T/XRAWMQ5+bhkZuPegwFh+
+cc1xhNa83bSlAXhWKOj834WH/CZFa9VGc7q8FuvFXHYzwLwhgAP5h16T3ylV6l6a
+E0/GvNXkBMOK0U0vwXEgXgO7n51peg9KkQM+fMITGznk2QVFu5nB40hkmaN+QAJs
+eBt6hsTwSvL1BtYvS9EC5SqDp/8ot+yDL/HIx+aDon1KicQ1n2D8ZpKtHuRmtgD5
+gdGS5tREqiNTGnklBXsrBJPZodafcDMnwOYSa6ZCUQMo2PDMwfvyseCCI3QJHiyM
+6IuLT1ErXLc/qldNUyO41VwP5GPG6UtrxwS6XGOuK0keTF9oyVcekFjbm9qENqyL
+Yv8XV4hj92+880ZOhP9WkG2QF6X5GehzNuRP+OjDjKU3e28H+rnCkptZcsBIGX3x
+bTRA/g/8InsdGizRBzUFIoQEOKQgFwjsaqLhF0PewSBsfPZqJwyr8DlsrRKVy7Pz
+N7Q49srE3D+zxZsaF0gAKgFPTgqnqi89DPpIs+REidaEaeOTVaiRyJpwadrdLwas
+Fox66s4HpgSVH6ygWl//sK98O4ijqHX2Xbptqioc/8sWJRFqSkMGT8zpJIzREtAs
+TgEYD45Dm5L8wlZYt4oneFY50FOlJ8VEaa0n/5N/vowj0Y6Yw5tgOg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4.pem
deleted file mode 100644
index 8e57181bd2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid GeneralizedTime notBefore Date EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBBTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwIBgP
-MjAwMjAxMDExMjAxMDBaFw0xMTA0MTkxNDU3MjBaMG0xCzAJBgNVBAYTAlVTMRow
-GAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAGA1UEAxM5VmFsaWQgR2VuZXJh
-bGl6ZWRUaW1lIG5vdEJlZm9yZSBEYXRlIEVFIENlcnRpZmljYXRlIFRlc3Q0MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC95eHxRXrYP2LBGJtgztiha9W1jRBa
-tkZEgkmukmElQlc+Nz/uh5pRNpJbg7b+3Mv6XKMr0qncHxRIaap0sD3MY8CQOeWi
-IHCEtT5XGFy6B6eGpqfdejjnvN4MHVdd9uBaxf0Rbo7JlxXLCT5ZrYMNbK128Toq
-qhp0MV1GpfZ1DwIDAQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPf
-mhWUxzAdBgNVHQ4EFgQUeJSUUvGhyTgLeYzfK/SqlRZsvacwDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAi
-TR2cFTtIDfG39B3eWiPgzxJebkwj3E1ZcxAxzGcYHoSScb79ueJ4ERjgskZWO7ag
-oNPHokDXVScVCIjeYTG540+aQNawBa6L+HhIMNIuzHw190nKXMOSqPmNk4vbYPwk
-32dtRrn1hIUDujUwTkW5daFxJ25HjyUfVZCMQuwXqA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4EE.pem
new file mode 100644
index 0000000000..c3329e12a3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidGeneralizedTimenotBeforeDateTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D0 8D 9B 81 92 7E FD 77 C9 D1 4D CC 59 10 C2 41 BA C9 F2 F1 
+    friendlyName: Valid GeneralizedTime notBefore Date Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid GeneralizedTime notBefore Date EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAgGA8yMDAyMDEwMTEyMDEwMFoXDTMwMTIzMTA4MzAwMFowcjELMAkGA1UEBhMC
+VVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExQjBABgNVBAMTOVZh
+bGlkIEdlbmVyYWxpemVkVGltZSBub3RCZWZvcmUgRGF0ZSBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0TXsIKGzxY
+iX5lX1bWQb/MZ9pouA3EQT8bxiWbQe3iWrZE5xIU4jFopRL8RXASP+lQIROJWqjT
+GtZhEaNQyB9CmNSz5w3Q/dME6LPrdiUF63klD3lY/J1cJheLov0Ql9Rshvrcjluq
+xR0aMebihrCVAbGB9fjapEf4D8xtm/l5SMvO7olLyDZKkibHgmzgZ66/ebGPrc3o
+OmxjoqvkyyH+vlRQgfv4oAVFetdVyYB8i2eJp47d2aFGTsWmn6zIoM7fy4iuu0kK
+07KGV+RGIif3sHoWXv2Uahz56Y7MGr135s/S8e80jA4KrfQpzqpN07ncyEtFGEs5
+3WeTcZi5zLsCAwEAAaNrMGkwHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2lEHIUUfWv
+OskwHQYDVR0OBBYEFM3r3nHYztXgRqo9a88ywemUwz7vMA4GA1UdDwEB/wQEAwIE
+8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAHWf
+JSZe+DwVSi+fwy98C4I5bZrrkWUX5P3ffOQkO1NrPjVURAvXqyTXbzYcf+PM5W+k
+J6XD2jJvNCRNQ2R8AIdVbG1fIfAzBR3PhEZPL9qKhi2H1q2IloF1Kw26ghxS5cAF
+cfwkOyQgNUpyFp9kKT2OE+3GM6/zf8SVy0/bFL6Rf/5yrJ273Of0+ymy2CY/irTM
+/4X7WLSkSGyPz9RHiT+LoRSel59eclRDxQKXgyToiTgGTKXbEFcilTBT6+0WCgcJ
+3Lw5qc+s12lQDFF8T903ef6C77dPOYMcxnCD2WlBInOSoqsGhn8NDf6YQYsDFCbl
+Oj2T6kRdn8YUigjmrhM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D0 8D 9B 81 92 7E FD 77 C9 D1 4D CC 59 10 C2 41 BA C9 F2 F1 
+    friendlyName: Valid GeneralizedTime notBefore Date Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B9767531CE04E789
+
+YmTFYhbZiq2EbSicLy8vgHiI4r1QOxqwYVNXc6Uy/8Dakry0nY70j27xKuqmZVqX
+tY+e9L3mdvzlLLaLZ2B01uhBWtfxy16fqu87gjWfKCcQ3oJDMnjQHN/LmLOvpCfE
+bpC+xfvVZSuK+/gqfyVywcLqFYwyYG4LSnnSzIm95y6rCGGBxBvdFpsO5+QOASMF
+0e68jsWuj9CO1bUoweg4AWi/XA8mr7OCLAQimCBw6feqiU/lmTOrcVLa2ckSS4Lo
+Lp7K+6pck6prAbxwjJMT40QbniZYZ3a6zVCFY2dHo+BNv6Yr/0ud1zBBjK4gViIJ
+VhPjY1fQ686pYQTSgQAWQ5vwI4M5mN5zyyp2XISuN2vIAxJiaGaEorNArB+sEdft
+RgNNW3A51M06POwAKzfw/S7HYWj03BO7chfrCkdlJt37fFNrb84jO0HzHv3w9DpL
+evrFydUnObVKRLIKv8tJ/v5P1yeaJ5wKAT1tX69bp8fOjFKgh80JNNdPnK1t7IDu
+2dUssf5qzRoi8KGISUkLDnveg4l0+cVZFobTt4y8D01N+ks1lPqKj4PyCBuxIBKb
+XNXQXVnCPbQT+kKy5MBab9/CMpR5tHw8GNGCbFLnwB/ovbaEoov6fr/Jg0f0t4+F
+zVcpNjWlCNQxVm+Qo3Ov9yhkpI/2B1lzodFYHcUYFk+PZlPKUYZmEnyuiiL0i1YN
+R2Zj4RUvnn0m0OCP2NbWOXIzC87Euv4+3Nn91KpcRd0y9tzDtf37TW/gIEZcotLW
++7sHoqm4i39XRrsszRGIZ6qL8WrZZJhoTw4hMQ8qNJ84UfnEk9tq1LUpBQQ0uJzN
+U48Xvjyk3F+WLVcXDLyac1YOrURbD8LCixbhxXXgHHTjUEGjbuoTqLT5SjL/f3jR
+WynPTmMUxINx/Aat7EPRtjWMAKU041mciY9V4QhADEWHSzMB6B4o1VHpAA5I5x61
+y2AL/grN711ZW0OxqmO1iHVWlyZm6/g15gJP6wImCJ3EowXrTprKTrq5RBITilyp
+xOjBBdFRCdCx1foT7Br7SI3MubG9dBmxZOLbWgTfCDVcXHIu4B5dIVJ+jKkKBW9T
+LNsjzXWUkWvG568Kf/HmN1/1NmgC4/z6Kr27IvShfeygg8a+46aj2Ve0QYZOMN2o
+cGl6nVuNEWBsanFu7ysn3i+KSYvvzYgiMvtIA1Ct0yFE/p40kC/0sDdQPVTL2KNG
+skKRlEEyIBLgeS2B15NAkGyiMMOeKGPLOlEvNTcV15ylTH7ml3vCI0kVN7d0PMrF
+6W/I7MabfxcsghEWht7tHXKFKXNeqc0oukqLgRIOtVOjjdutyCQlMvsKfQ1HA4si
+1LqPOnNSLfVDWcgSxSaYPiCV51SVLQEM5jIEE8B0X716QIoIkurp/841cvu3fM6I
+wTAgwyghnaomWchW8mSxg0Du/Kk6f4De9vZevM5I8ssciB7+h7cAZGeOzIksrjkf
+oVSw5V6ZEpoZmJbqHuYvho9SD6wHud+rE3PKcsR6GMYFP71K/6hc4anDh3qmxM5J
+PBCdHMD7ZmdikNGZVGoqr59u6E+ZQIq7lqP9crLcnnt9SEKRK+2bFw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22.pem
deleted file mode 100644
index ca7dc27428..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22.pem
+++ /dev/null
@@ -1,116 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV
-EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t
-vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD
-ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki
-QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA
-tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc
-XHLxTJCox/SL
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid IDP with indirectCRL EE Certificate Test22
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA1
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMwVmFsaWQg
-SURQIHdpdGggaW5kaXJlY3RDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDIyMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2H58UKDg/MSuu2itx5AvPDHHk0lMX7Bu3
-X3Vok97lKf6HAIseNFrZecQGe7RtIm3ICK1WFaq9tKE3MutSXNCcZ+CrPj0H/pzt
-jlFAlRN1jpTCSj3rVVAUpL9BCHMWrZ9qf8FVWgWI3YMWw7cgqC45VZxRYN0zyyGm
-pz4tN6pyTwIDAQABo2swaTAfBgNVHSMEGDAWgBRswRRf2Kct4IaTGVwL8Em5JVvo
-HDAdBgNVHQ4EFgQU7rkQZsqGMoKvXfmcukPIoHnHBC0wDgYDVR0PAQH/BAQDAgTw
-MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQBqHSrq
-s+MMY0Cfl9rlm+QyuARye7sTvTM5fQkOs/K3US5mAMfA+ei6Prb+u7FqxUya+Y9s
-6Q0AeDutkLkdJWPbJd7B+HsQCT/fWFvYE74YOOu5DTmtII5zVS5bildOaE/xTw2z
-stQtRX9MHe2JVh7WK/CA+TghpnYDlW+IG/iXjw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5:
-        c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28:
-        a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2:
-        6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13:
-        25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e:
-        9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89:
-        a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e:
-        87:e8
------BEGIN X509 CRL-----
-MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy
-MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ
-uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF
-AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF
-lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b
-IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22EE.pem
new file mode 100644
index 0000000000..0b0792fda8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest22EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 54 4A C0 C4 81 72 39 D4 8A 4E 24 F4 0F 40 3E 74 F0 2E 17 1C 
+    friendlyName: Valid IDP with indirectCRL Test22 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid IDP with indirectCRL EE Certificate Test22
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowaTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExOTA3BgNV
+BAMTMFZhbGlkIElEUCB3aXRoIGluZGlyZWN0Q1JMIEVFIENlcnRpZmljYXRlIFRl
+c3QyMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqJ2kFX3rhdZpTg
+Px6TrqsUoVkZnTV1VPB30WHjhSo8PxTV7IIrMS7+Yhe9EvjERdMFUG3bGYx0zDTf
+aUxhAq4zPlgrRpAd/sqGRjWFjuB++XEUhVHdxhUe/ZaPPqtfPlWDT1Qk+HqgMvvd
+o3F8Ajl08Rr1q6rTApSkSrpCsR6Wgqthi89kexDQblsnANxIdul2qW6rrb4Y+QRr
+pxOgBQx7qHUe/Xp/6uqCNUQKQK6Yio3bQGGD5bUnLUuUBNCxi8Y/7Phc32uSyz8C
+nz1wWjRtgUybln9BPvUbC4G5FwQN4t8J22o5dl3Z3HqCDfFuUnWqmvj6UYe7hYQH
+XaY0xm0CAwEAAaNrMGkwHwYDVR0jBBgwFoAUJfiv/K+2qRobeUvby2Qsi0uxFc0w
+HQYDVR0OBBYEFBoLIK5VtXkG9/HqwgoAXXFLiMNTMA4GA1UdDwEB/wQEAwIE8DAX
+BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAFLJoesb
+KHha5M62n9PMG3uVTq7B5c297IXuHyQ8YrB9AdMlAGnFutnGalFB/F7hZxEGc9bf
+wV8d5h5nQeHQm7UVFwe77JzW8OmG/s1w2sNVsQIA1KLww/p9QUxyOt5sJtNRpkD6
+PBTCEzB9AGyuBCOyFEJYwai4VzVemb6kKQwxhOve6zRpqDInhxLMAbfpZUh+ZqLz
+QteK/QT/55XEbVS1EX8G1cwK6hSY+PzRkapFMJhkqPuwEprDM8V+AtcZqTnh/jaa
+N7XkfPUZSx8Txf5qUcVilaaQJXzua2E8JsGofSpjzAgYYle+U4YkAdNN0AeeO3O2
+87DalX4w2xAbULc=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 54 4A C0 C4 81 72 39 D4 8A 4E 24 F4 0F 40 3E 74 F0 2E 17 1C 
+    friendlyName: Valid IDP with indirectCRL Test22 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FCFDAF609DC1BA80
+
+6F1Q05vjm3RZJ2xrIsWtkTUSHybgIdMkOmrSVn/WBbyluMoeCOgMoQRjkAHtvGB5
+HD4+MCchwd5HcxLscomcD7QCP05YNkf6aq2ItdFk6LlqeWKQ3EqF66Q8QK95N/CU
+iWhGmcZD2pS/3527McaHe1g8HRePpXEQWt2UR2DQpMgMc4TiHMPEVqrIP297EEkr
+uPrQuqCqsJh6d1h+MErI7ZRr1brMqtazPzGcD5y+XREgR53nUBE2Tgm9X/gIHHaD
+qVXLo3RiNL4fFfGmApgOrm79zRbbXd4XKemKGA+kbKicYKUMgfMSF3YMJn24qXSl
+AjoUZ8KK4MCgPLcvMgMD6eQ3n2BYeHf9b398cAy8DPIH/bLNhEds6B4Z6qFU/oPt
+VaCParF9FR0AaevuYnieNdKjmsQGGCe2+QdFCRsD5rqpJzsCAg1ZfUSdU5zq+636
+T7aizM/k3NoDf4OqkFfkjc9nOAioYjD8XWY3PwnxslXk9wS9AIMp0yloPjDZtnL8
+ewspHiOpgDHagQ4yE5ZZEivU/7K1CPxAsmtMZXs4QZx5ABiF1R8AQKdAPoL3m566
+7zDBOxUGQlUU7b6rZXeOFxr0iUMfLaR+FJ3/chS6dv2QwGrxQWSGNvcvN3J5coNX
+fCVlheskFBeBxynRAyWz8Akb5miTJks5yHR/e7WL59gLRCBaHUV3DRod2999x0Ym
+BVZ7o4mAN2a/hukaeApxlZKaAvSXyNoBGAmyRd70kKRB0ndvQQJmBAvMPYyCqYef
+rTt3l/I5Dttv4uIXtb+3lAlohVrEDHF26KrrPDmLRET80E452o3HVGLYCwUgb/Ea
+9avL/mXBiyg+4JdKsoMZ9sJ2heRja/zxyZ6Fe0eBEKt0HLQVJ2u3urfkETqPLVqQ
+ZRX/dgY96Y6OmV/3nLojs0DeZYiNoo9TbpSkcccfggkigRV+ZQRub1boGTBC9if+
+56V8EkNHfmgtL2L+S6jYP3keQBYyFeYrNzpukekB1J4Fvji+hpeJO7mn9VQMbPQB
+ow/bJLDfSmVovsii80seOztMK/By4h5N5BPkRkJxPqF/Tulq0IqhZ8Wj3XBDnGfo
+0PbBDHo1ZKwQ+DgLs8/HDMfikv+OxLtBaNUer8hXhJQAvNVGS2i7GyW8e+BulnIj
+QsiboBoFmIgy3GoCZb909VLGxQszl/g/KPskT90XuPLPlMg1FZA7I4SiN2MRp0AK
+fvao6q1ih9X1jcKinTMDzsuuzNIlN4hongKiZPc1c5gVQtoGDn56D72DS/LJ62ql
+AEXwxTl2CO0xQrIHBft5woA7uGKUOO5RCxXLcU9XK5AdgYMchrR3YROhFxR6HYid
+k6zmlUNrxRnJ2jCNnQTfMG3ghqEJaqkhmAtCkVeDzOJmI0M1RnTjs8Vk+sTT6+v1
+dIF5Qs4Ok0RoYti707GGcWFzVQCb+WkyTM/iPtnAL54fKJaegH5FQ6Bt4fq68ToG
+lqZOyp53JbCaekOIGOivpLs2KgqHQyjnJGsjhoULqIXtdryjChtaILDlCeGFdqAA
+H3NocCuJc9avDujeUgzmQ6UkuNPSJ+vQe+Dz7qmNaOOFA4CG221euA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24.pem
deleted file mode 100644
index d069a80b26..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24.pem
+++ /dev/null
@@ -1,137 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV
-EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t
-vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD
-ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki
-QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA
-tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc
-XHLxTJCox/SL
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDblDsGRxVahA98R7vE
-/DS4nbSbyoerDINPIyc8wkOtWcS+y+f9O5IIdDJOZm2I5px1PA840SXYHh15o3ZW
-Vn4gFU3AgKF/CWMJ1g79LAYAMnQN/T7kSfuz/0rqhLH9tjz3Qtjt+/zy45YIny80
-7JOBLH3eLX0H2aOmsJUenp5ExQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwa+CD9XTTxDwMWI8WIm5inS7nAEwDgYD
-VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEvc066az+E8sftMAgkECVeJVw0Mcr2y
-YlJ0SAbZUNaU7KbzXxm3j8Q5v8K8GDy7EB4H0Gyh0vgsbChTAdLip7xQf7V7SetA
-nE66H4ikF/UAhXlSz+E48Qe2+L3w2weGbU3zwmNMeYkI6dmGFMfEut7hL9ak0Ulc
-0meAGzOu5kHt
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid IDP with indirectCRL EE Certificate Test24
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA2
------BEGIN CERTIFICATE-----
-MIIC4DCCAkmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMwVmFsaWQg
-SURQIHdpdGggaW5kaXJlY3RDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDI0MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfPjamOqOBJ5I2GqRFerJm5J5EGXpY0CGA
-2i3yoxIxrL4B6vuDMX7x2Zh7+JRcggTd6xwFetZeJWWLahi51RWjfa3RKfwa3/wJ
-yxCvJJfDAdr0zZE2NjXSKDWBdtYxpqvOo/8TCYIvrzKF6kQG44bZ6biAIC30T9vj
-Kezab2UgwwIDAQABo4HCMIG/MB8GA1UdIwQYMBaAFMGvgg/V008Q8DFiPFiJuYp0
-u5wBMB0GA1UdDgQWBBTmjKLn116swFbGYjGlN4lIL3ZOzTAOBgNVHQ8BAf8EBAMC
-BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMFQGA1UdHwRNMEswSaJHpEUwQzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQD
-Ew9pbmRpcmVjdENSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEAe+QvzalpHWA4qr6K
-kSqLzdboAOHGA4+9IYaqUm3rczXhCZrk9cJmWTX7l3grLw4NMMGYkpvy+K/ZRTo5
-7qatlnIg1IxOuR/FQjQUZa+qvhv261Dlk3dH+QlApPxEZyjwCmu9qlXuQaLRWPVM
-Q5FPPtw73O3MCtrfR0D6/mS5zoY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5:
-        c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28:
-        a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2:
-        6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13:
-        25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e:
-        9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89:
-        a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e:
-        87:e8
------BEGIN X509 CRL-----
-MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy
-MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ
-uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF
-AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF
-lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b
-IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24EE.pem
new file mode 100644
index 0000000000..158615fc6a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest24EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: FB 70 4B DE 3E 97 FF EE 22 28 24 7D A2 8E 92 7E 7F F7 4A 3A 
+    friendlyName: Valid IDP with indirectCRL Test24 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid IDP with indirectCRL EE Certificate Test24
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA2
+-----BEGIN CERTIFICATE-----
+MIID9DCCAtygAwIBAgIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowaTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExOTA3BgNV
+BAMTMFZhbGlkIElEUCB3aXRoIGluZGlyZWN0Q1JMIEVFIENlcnRpZmljYXRlIFRl
+c3QyNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANaATLttW/ZFV2eW
+ylu7TX/3e1eXb0QwgbbI+sApv69RhLxQT0hwCVU4Dm2dAEgYo5i8oOi+rTOlnYXU
+4J+v+Jfpr0IzfX7MnyYh4xnkHb7+zZtPlbOJKR+F1+gNRAyWi9vMXNr5Yce5v7OW
+hvlJdJMbGTC+24xywS8PZ0EjTIlLnsgzqEY4y760mvmdzQpw22RHXZkqD8XYjw3W
+PmjJKJ+/YhMh3I+VVr4UKW7B2f3RglOyznk0XJUFM5Pw+6XuFbA26DG/Awm4AHmw
+fTVmV5j0Wr0T4zpqcZWC7mMRs4ggY1mNDfRdH6vOj4ShyZVPhHT1FGXykS3BGp+1
+6mgMC/0CAwEAAaOBxzCBxDAfBgNVHSMEGDAWgBSII+Gzs/Js/jGpvothqjuShwWk
+ozAdBgNVHQ4EFgQUY7Pl5pwRT2IfHI3sZo8MqlHb/kkwDgYDVR0PAQH/BAQDAgTw
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATBZBgNVHR8EUjBQME6iTKRKMEgxCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRgwFgYD
+VQQDEw9pbmRpcmVjdENSTCBDQTEwDQYJKoZIhvcNAQELBQADggEBACWXiBBJIk0S
+WXcaAbszXf9HPFRQ9ntKHreNu9ZjWlLv1gc3WVwZDyRa296+uDyAfetZrg2ViU6I
+VCpfmTRmvBfqJ6TO9qSLN9wtfkoAqUxgX4iWczOAnM7S9o3nQOHGRehAw87ub7o0
+4KbwoOENZxqTF4xNHGzw5ZtQIe6CWTMBUN4bnrQm2zt4kzXenxe68lcr3q7JrjhV
+RGh3e+jSJZsy4HuaB79OTFjHQWblxXGXzIPZfRZ/YUJbRhTPpD1ToQIdu/c8ag4h
+6ZFKeeB9pUPruCLakD0WSdCbWW/Fb1kVSLWHM9R7dAVCw7ccm6K3QfAzJK/FhwjY
+s4fPLXGaPrU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: FB 70 4B DE 3E 97 FF EE 22 28 24 7D A2 8E 92 7E 7F F7 4A 3A 
+    friendlyName: Valid IDP with indirectCRL Test24 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,45333D253C999BCC
+
+enI4SCgHHLCMKR4XZhjcbC40sQHu2+JEmMmcAfXLxy9mxt8zGpzWDbTJw2j5LaA8
+3TV97t5HWKpfSdOG4Gfswp02EpdZeah5AdSE640TF5eoSv40OJUXxEpg2KhxdFGG
+iFwK9LBBiG0ppx02blIaRcBEnQI8Gweq2lGJy2xsT1IpqnpSqSltwd9GEKicG3mP
+rmdE+MClY1sOadzZeoaptABfftFtJtkKCR7M9ZDwgh0etnJr4sH2C+itxGxhmzkz
+GwT4hRlmCXMlL1n5YgKx4uHGTrwA9DOJAZ3egMmrvMvF0Ohe13D38kD7pjdbASrk
+RzsqnfvCAmZsyq97HsoL4iHO4l/s0u+xioM33ShyZawN7p+sBiZFmuKknl9NyzHx
+ZQ3ZjMiFTLm6dJ7cg7vwU0riwlY/yU0M+Rbbc0aIXkPog4YdZkeFrrrE0OnKe8qo
+eWJYd7VRsGzqQ4T3OSYaq/yJCbjtAJBZH8uaGRI+c79tg1yuIIG1kwd/8rg69+6v
+QPpcckMGcSbjliAydo6nPYABMoBuyTbF40MXS/hYTlOq39enxSqaEqO64YvDMA6w
+mDcicf3Ymasef4PFy0htwGPE5iLhLWoPpPpnuXCHZI0T4nnlwS31rTlV2CRyqwzw
+R5OWgJjYozYzJbg6IJTFohDvQzVdXvXYbt+P1Das/lJuOZ8uZE1JhL7Yurzil8BQ
+RfEXFrZWtwc9b9qfsk9THyYmPPrRt1tl+UGh65TCM09ar58T4DPbAkNsyflupYiy
+r7FILbd9GbF3dZOrvlnvr328iFaywCHG3ZtArYAz3PhypQGtZdMU15n8kL5X7Ndp
+RO7xWVG1iBywHHz3yg5EyG5WW8Ajtn6xVxP0Zj2rGBwJIbpntvHy4LOfdGpRY17P
+ScENZWiGg5qizI6SS1YYvuOenBL0VV7ciAxoWP+mJLY33XlTz5nuEbWUVw1jzka6
+GQlRJkgArBwtsaaZg98s9t9qiDIzvKvCbUbi5WLF5g9AoTlNmKC9hYRPDJhcQkNF
+CIM9YtLtjc7M7qxE1iVfn1S1S/WXxhc8KjCuAVknsRbZmrCeHVE5juyXhcUTBwNA
+hdeeQ/ofp/HoZBQontU8cljhHOp9gn/XmjuuaRCY8KPW0NrwQD12NdOzAt0cTQKY
+76+yYWup+4AOad4NaRUbc0yL68EQ6eBkof3yRWtpMTF7297C67yR2mPNTIu2Tqpn
+xRHFTt7VlOa1DzioBVqxBTY/QrPfDWqLn09llFo9UQgv8jyJiICUd0KuqBkfgzh4
+6em0H1l/Zrjj7wrzEA0ah1Gt+qo6HXTeF3Ji0P0XsRB76KWXxdvEHh3ERo8XeeL1
+RVeSQIwi3dp2Za27XPBjEqAdw36rjTnqw3S+MUiw2T8RZcXKLl70r5vOWgpxm3rS
+Br1pEJauMVQHAppg1nfkTHhFdOhHozMoiGjmqJTLa0WQDH/Es24Ai2QT/usVqiMS
+KDbFq4RrCdNPSghgl1+vK9+epdZKOh5rmHGr+XO/ir3ivPA91rMFb7PoPkrkSTpM
+XSzrD0g8Mu0EgJUKHHHa6HM09hSQYdJitUTOgKIGBGSYaRx400n8TQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25.pem
deleted file mode 100644
index 9861f0f70b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25.pem
+++ /dev/null
@@ -1,137 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKnNvKCUbOkr4mNPrV
-EBeh0vWaSj7DMTMuBhMM4N5zT6XkBdghaAMQis36dJASxXYtGiiAY0Wv3oicc66t
-vag7yMp7Iy71oHzCSrw+YF6oBOV+krjeaNIg/5/CGLkMr5KXC3egPap4fv/EQbAD
-ZbMw+Qndc+mnj7AAnfb8i2AJPQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUbMEUX9inLeCGkxlcC/BJuSVb6BwwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABA2o025rmbJVizdycoV/q2zarMz87Ki
-QJimcOjKcZTSmDiAxKCTYzBFWeUZWZqVDm0QbhOThmX5nkaYjiz3vLAgdDDUr6zA
-tYmNsP2oA7ajpSmcze5/VwkBgMKt7Al5w6xT91R0tCltLcppOPJhE85jMd724jTc
-XHLxTJCox/SL
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDblDsGRxVahA98R7vE
-/DS4nbSbyoerDINPIyc8wkOtWcS+y+f9O5IIdDJOZm2I5px1PA840SXYHh15o3ZW
-Vn4gFU3AgKF/CWMJ1g79LAYAMnQN/T7kSfuz/0rqhLH9tjz3Qtjt+/zy45YIny80
-7JOBLH3eLX0H2aOmsJUenp5ExQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwa+CD9XTTxDwMWI8WIm5inS7nAEwDgYD
-VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEvc066az+E8sftMAgkECVeJVw0Mcr2y
-YlJ0SAbZUNaU7KbzXxm3j8Q5v8K8GDy7EB4H0Gyh0vgsbChTAdLip7xQf7V7SetA
-nE66H4ikF/UAhXlSz+E48Qe2+L3w2weGbU3zwmNMeYkI6dmGFMfEut7hL9ak0Ulc
-0meAGzOu5kHt
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid IDP with indirectCRL EE Certificate Test25
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA2
------BEGIN CERTIFICATE-----
-MIIC4DCCAkmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UEAxMwVmFsaWQg
-SURQIHdpdGggaW5kaXJlY3RDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDI1MIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDf0B2LJSDNBUNNk9cwJtpviFO4J0nIRbuc
-O6UsC4jXoQrcgUkZOOcYIT82Yz33dg4bv6K2EXqzJwIfBGq6JGvHrAl3djShH1wO
-qasa6FN6vCnmb2Wo1+7KpwCSlDAWAYhNTcb8tGMYGiOGd4FMhEdA/y4sRqmuJEOZ
-Uw7DglXVewIDAQABo4HCMIG/MB8GA1UdIwQYMBaAFMGvgg/V008Q8DFiPFiJuYp0
-u5wBMB0GA1UdDgQWBBSQlj00h5t1ic1A+gEB0E3NRYLbqjAOBgNVHQ8BAf8EBAMC
-BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMFQGA1UdHwRNMEswSaJHpEUwQzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQD
-Ew9pbmRpcmVjdENSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEAHIf/ZJSSoUe0ahpi
-VXce88mnP2i2KJBuOPFVGyJHSY2wGKtm02kgghm1bSdwVzXOLwTLa223rjc+cZcD
-7lYleZJEOeEnibK+8EgTf0Z/D6VnmIsQD/HHhpkmvB69NWVETkG1VtkmEHkaNDdQ
-2WsP41gX0VujQE2K3UK1KDPPNsI=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=indirectCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6C:C1:14:5F:D8:A7:2D:E0:86:93:19:5C:0B:F0:49:B9:25:5B:E8:1C
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6c:ab:91:4b:38:62:8e:f2:48:86:10:a6:b8:b9:c3:c2:28:e5:
-        c1:d8:3b:c5:8c:6f:62:44:37:f6:1e:2f:d4:04:be:ff:bb:28:
-        a4:3c:71:1f:69:58:85:95:60:3c:cc:f7:65:22:4e:9e:44:e2:
-        6b:45:16:9d:67:ae:da:ff:57:e7:d4:ef:34:cf:1e:86:52:13:
-        25:77:a7:7d:fc:ec:94:62:bd:b1:76:a9:66:c1:ef:82:bb:3e:
-        9b:21:c4:ef:49:9b:2a:e8:5a:ef:39:82:ee:da:97:5f:77:89:
-        a6:3e:42:26:77:b2:15:97:c4:db:ee:ca:8c:ad:d2:cf:18:3e:
-        87:e8
------BEGIN X509 CRL-----
-MIIBcTCB2wIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBMRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcy
-MFowDDAKBgNVHRUEAwoBAaBAMD4wHwYDVR0jBBgwFoAUbMEUX9inLeCGkxlcC/BJ
-uSVb6BwwCgYDVR0UBAMCAQEwDwYDVR0cAQH/BAUwA4QB/zANBgkqhkiG9w0BAQUF
-AAOBgQBsq5FLOGKO8kiGEKa4ucPCKOXB2DvFjG9iRDf2Hi/UBL7/uyikPHEfaViF
-lWA8zPdlIk6eROJrRRadZ67a/1fn1O80zx6GUhMld6d9/OyUYr2xdqlmwe+Cuz6b
-IcTvSZsq6FrvOYLu2pdfd4mmPkImd7IVl8Tb7sqMrdLPGD6H6A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25EE.pem
new file mode 100644
index 0000000000..a716c1a069
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidIDPwithindirectCRLTest25EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: C7 60 3C 49 21 82 1C 54 08 8E 4E 04 25 0B 12 11 F2 FF 15 09 
+    friendlyName: Valid IDP with indirectCRL Test25 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid IDP with indirectCRL EE Certificate Test25
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA2
+-----BEGIN CERTIFICATE-----
+MIID9DCCAtygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowaTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExOTA3BgNV
+BAMTMFZhbGlkIElEUCB3aXRoIGluZGlyZWN0Q1JMIEVFIENlcnRpZmljYXRlIFRl
+c3QyNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMp7IIM5L8j+PX0j
+W3jaOmFU0IZb/uqR7MK/+CPZSm3YN7HvAYvxTVC++HGP8PNZQIn6148vH+shf79U
+h9DYMPtvMpDBsDirZZYe79/9CCdO49n/1nLvt+6Q2RwtoysAT1pfXd359RPZvu78
+oGQvxnJwxH7SI8ZWhueOArm7aUTqUXbWq77bXsE47/zYBohwVNAL4lm1rNIw+nun
+Vj7og5FupDZhd6YTHlm2hMzLh1VXpX7RNGtVLouLEVLcdqQsuzbZWyTmMm7V0jk/
+ELBx2jdcrl3qpyJ8yaPw5mXbVef7YfvlCGRwOEPLY0FPU7ROfICoC9J2CFqq8Opm
+TYdehs0CAwEAAaOBxzCBxDAfBgNVHSMEGDAWgBSII+Gzs/Js/jGpvothqjuShwWk
+ozAdBgNVHQ4EFgQUtY5A4mYCw2O8gaOCAOp+ELpcBt0wDgYDVR0PAQH/BAQDAgTw
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATBZBgNVHR8EUjBQME6iTKRKMEgxCzAJ
+BgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRgwFgYD
+VQQDEw9pbmRpcmVjdENSTCBDQTEwDQYJKoZIhvcNAQELBQADggEBAE6t44yeRc39
+gkxrj/OJMlMhO5PM+NOQeDO9MB4TzbO2lNo08dlbz5bEmfnbFA77mthpoXcSTvkr
+HgVFncAs9qZ6V8zV8lccn5eXiuO/dFpmS42eKE0rhk4VkBSD7wSWPX3vuLXalYsU
+mtFOyExDNRqtKcGAEQMyQcvw0SuwDHWHuRXZ5uALB6WU8X/uNx/jmWjScyQFnooj
+oGhOakKKkLMciGBPF0+2VZUKbaknZmoGVI603yGRXxqlF+LdSaGsEcjfUwpqSiry
+53e6GfDspF2xH/2IQX6y2d7Jx6zH4oT46jDR/uPwVXWAdhQi4Z4S9xj4G9DpHC/F
+NeK7pE3pYSI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C7 60 3C 49 21 82 1C 54 08 8E 4E 04 25 0B 12 11 F2 FF 15 09 
+    friendlyName: Valid IDP with indirectCRL Test25 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1B559E6CBE8CBDB7
+
+lzuIKJjyltjw37fK8/bSCA8hm3s588px3Hqnf15Dr5982IuT0gOzDWy0NNodvkwh
+Z8TlM/LBopj8cd24FV9gqKQllGSnpMonIw+jqO8pAu2XI+WAvRUmVdLILD37ccE9
+3r5NRO0PTLoXTStn3K8BNqdNEMriTj7+8qSZ5d+RsUvnt9rD0r8mDY5RvsUcuDER
+63x6AkWEZYXdj7Dh+gLxEWZrBdZx9NDhJ4hGc0Oghh6valpbF0x8MFXFmRXfAwsJ
+0So5Nu6WpW64tfbeI1s7IQKDrT3mg+gPNTYY9P783ULstUEcLGtklFMNG7mnoTMH
+xDMSTICCFuM5I8waJdwj/pa2g9paFjG5H6gye0xRlzFSverVw7vro+IV3EPo6+1q
+33Gj5yPNM2lwSPnioOwsUeC56rQhI/gyKj8HB3yxB8TbF7NGctMfpeJIreXlehp9
+qPXPiCbBxrGRRjcerF9uvPlJAMNXxwwxBloRjVgKqDypbrGZJtpT5g/dG6HzYbUQ
+VruyoD/+Kb0MzQFajfCOLlyzVvYJleOqix9JOH5KKcgHjVH6FtHl+X24m66tCqKO
+7e+fd4NNFW4zOqN7TA5gPG4C7kGjRKs/pdRF/O45h3thhxsNpaEl5ekcLEcWaF5i
+lkUIKC2pNjU+VHHUmotWMYxbt64VGBlvaZxPZgj4HIabe3V5PBUw7UuozVh4IuIp
+4fcvqi5gxlBcuWGwii06IbcskSLPz0zKWx30IUyc2B9gSANpPxO4hv+qTace7kEj
+tImEMHpLsPwRc5wvPxodquJZInH7YcUfga832eyIG17HZsfUOkHSZpd53UIeiLgH
+U/4JziCBuT9r/Q173bXbzFSthooy/jsq9KIppNmA8w9Cn9xVPhCxdREErclMtAO1
+MCXRz2gj66tsihm0I0R4cQpuwHKDio+34pLYnis2nPlCn0gIJ6Paxddg1YBLIAmP
+TuaXfFZKFoB0qjR2by+SKcIevFdbAmYalxAknJupGMm4EMkb/Ho2r6horqKopqWK
+/DN++Om4ugAM+WELeSWZ6sP63Pvy/Twlnh1P9EZHtg/180ZgLqwbr/vGsHdRdGZW
+u0cvbOSSVMFhY5V7DC5K3Gnp6TLoteD+W7M8JHzerww79eOe17HsnIjUKsBwH/Pc
+xIpiXbzaXQsD8MEwB40E9ZwF8/35wn8ARSSiun316yhG+GNEtI8ddt0z8FbVTybF
+Sw4hbv4UC6qS4VkkarBmmUuDzLIbgm9VCisK360q3y1+M2Y9rv9ZVhHBU2/CGsuY
+0wmfXIMekp8iiiCLf/6VG1nrb7E19hxZAtBp98UHSB0Oa8gjwS1JQl+qdWSQXxQe
+uMBMCXehHiIjawp4Xg3+8c9GCt22d5op0w+CbqmR/t1/h4rYR+qf7uqCOmTyfIc6
+2MHY6ArzSRYVdg4xO8+AJFfmw0mn8uu+elsLPxtMYWuW7BFEiVTLw4HvbjOJsDWZ
+I18zW8lGQPIOzsxq2up6k14I4nhyxfWWAEAAol3HvfhDM6YYjt5zSVpspSFefYsO
+N/atLtmzNIeYfbbLaXKKwKALgcAX405wO75wDa7gw2roHXJMnATQcw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16.pem
deleted file mode 100644
index 58a9b915a7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16.pem
+++ /dev/null
@@ -1,115 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Long Serial Number CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVTG9uZyBTZXJp
-YWwgTnVtYmVyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1mCudsqPk
-irIFe3XQBPzhyyRQyreJH26B3Yg6kYq1Obd6I1j7Ber4BDVyCCAvnS6rNkzsbaJf
-+sWVf27Vug0uhasZx/3XGc0DbhZNr5iYknU1LEh8Ccq1Oymq0LPolAHqaJNOaYpb
-K5Fq0P0RDcBK/ENgmtdY0CJrR7MWUTttqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU3z1I++My57kmUova7PgJT7PH
-36YwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHJqd5P8eBN05uB3+fPCfVjO
-qX7csbAx6X1LNibOoWDlB9Y6fElHQS+i8HDPmIIdC7N/9xoCW/fhzZqb6VKDQXNM
-9pwf6jOJKnNQOaQISdoIvj2Jn1FoE4Bo1SGGQo6ZgCWfXPA1TE93BXTua9Oa+FZ5
-fhG3y3gMYLC6ciKePSDf
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Long Serial Number EE Certificate Test16
-issuer=/C=US/O=Test Certificates/CN=Long Serial Number CA
------BEGIN CERTIFICATE-----
-MIICnzCCAgigAwIBAgIUfwECAwQFBgcICQoLDA0ODxAREhIwDQYJKoZIhvcNAQEF
-BQAwSTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4w
-HAYDVQQDExVMb25nIFNlcmlhbCBOdW1iZXIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcN
-MTEwNDE5MTQ1NzIwWjBiMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0
-aWZpY2F0ZXMxNzA1BgNVBAMTLlZhbGlkIExvbmcgU2VyaWFsIE51bWJlciBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0MTYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKtO
-3auJrAWhozm7l0Z1T0lT1bIb6AWcsrX5hHI03QNjnAsiR6TwhLzknLevcqY1FMOd
-3CQ0YGisyl+jQn6u0vn8gQbPvlN+HaEM3KhBED8jqLLcnspGAS6f8oi1dpWNK0fL
-NrOz4DYCp7kQVDXIBmifayg87zrHaz6X4lMhxgxJAgMBAAGjazBpMB8GA1UdIwQY
-MBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMB0GA1UdDgQWBBTJunkp/mY4QxI0f3ob
-s65e11IvhjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA0GCSqGSIb3DQEBBQUAA4GBAENEAZeCPJoLGi9JOR7np7MvjQtU9NWutm2iMthF
-MYTKIG9CmYoDbDGl689tIyEHOSJO576cpCvOoORWfvPNFqUGaDKjTeZ5r43Uq4kM
-G2GcseomSZC95SvZhsH5ZrLkdJLSrOe1B4RiNQV6Dx/EgDr0t/CL0bTNhh5l72LJ
-8cNi
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Long Serial Number CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DF:3D:48:FB:E3:32:E7:B9:26:52:8B:DA:EC:F8:09:4F:B3:C7:DF:A6
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 7F0102030405060708090A0B0C0D0E0F10111213
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        7a:20:63:9e:55:8d:d1:c3:ab:3f:37:97:45:61:6c:a3:21:9f:
-        83:bd:ce:63:48:7c:a8:ca:36:15:02:3b:1b:51:66:e0:23:df:
-        de:ea:86:72:e6:92:9a:63:c7:0e:31:30:ee:62:83:1c:3e:23:
-        20:29:23:ec:aa:2e:f6:18:ba:94:45:e7:af:5e:44:0d:3c:2b:
-        13:6b:8c:7c:7a:6d:a2:f7:b5:9e:ea:d6:f9:9d:4d:31:91:8f:
-        ea:4d:b7:ef:5f:5a:2e:63:fc:37:02:5a:db:a6:3e:de:6b:a7:
-        84:83:d2:a7:5b:e2:07:85:9f:0a:03:f0:33:53:eb:a3:d1:d4:
-        16:02
------BEGIN X509 CRL-----
-MIIBeTCB4wIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJl
-ciBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA1MDMCFH8BAgMEBQYH
-CAkKCwwNDg8QERITFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8G
-A1UdIwQYMBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAHogY55VjdHDqz83l0VhbKMhn4O9zmNIfKjKNhUCOxtRZuAj
-397qhnLmkppjxw4xMO5igxw+IyApI+yqLvYYupRF569eRA08KxNrjHx6baL3tZ7q
-1vmdTTGRj+pNt+9fWi5j/DcCWtumPt5rp4SD0qdb4geFnwoD8DNT66PR1BYC
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16EE.pem
new file mode 100644
index 0000000000..6b5c09b394
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest16EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: BE 0A D0 4C 5E 46 41 6E A9 35 8C 37 3C 87 7E 82 78 E3 80 C1 
+    friendlyName: Valid Long Serial Number Test16 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Long Serial Number EE Certificate Test16
+issuer=/C=US/O=Test Certificates 2011/CN=Long Serial Number CA
+-----BEGIN CERTIFICATE-----
+MIIDrjCCApagAwIBAgIUfwECAwQFBgcICQoLDA0ODxAREhIwDQYJKoZIhvcNAQEL
+BQAwTjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJlciBDQTAeFw0xMDAxMDEwODMw
+MDBaFw0zMDEyMzEwODMwMDBaMGcxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMTcwNQYDVQQDEy5WYWxpZCBMb25nIFNlcmlhbCBO
+dW1iZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDE2MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA60l+Uxo/EscQHc6uSZTNiff5wN6+vHrzNTO71TXex/ZZkPw6
+h60CNBdw5TPhvdRkYALq7mdMqTMzHntTBnHCc9BVlEOHvyo0FtrcpAplNKxSgMVB
+dlT9/9LfuToh8XtO9EoQXz0zY4857N8rol3bZb3DyG2BpIxbFwRyYYJ35DpKlach
+uJeEGxr/qyV0kb4O4WQtFUz5udNYiMc4HN8jIpFV8JkBkcJVLxbohL32Sz+k0uWD
+K+Nu5R+kPqCUxdI1q/xlexYtbeYqlfCb41mP06tpR8TF6IEFpFVEtAc4Xgf4dwXY
+EMit6jx0/vhWc2uHse2wETOElP/BPHkcQyxFVwIDAQABo2swaTAfBgNVHSMEGDAW
+gBQLY7dHrsIHMht/b+M6uOoL/9dkpDAdBgNVHQ4EFgQUfoW1hg1ZwEl3TiTkftke
+9bK/LLowDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAN
+BgkqhkiG9w0BAQsFAAOCAQEANAtNHPUyv/1huJvEABDV7HL7a4m5e9dwt05KChqm
+I2bNZ2euvr2tmQD4+jCYpD62IYboWhNGc7mOiMe5SqbDvfI+nddwjLg7vbr61LYy
+kmTD+koMayzBsvAMvsD3GnEFZV8mujcQAfvFu7+lT/KjhJTreNwmSsF8Q8jCeC4f
+oHaoT6hnYNgpdzjMrVtDLIwDjB8L/a3XHY1LnCk7Btle3ge7huFnkRkOdPDT9u8x
+HN0tMFXZWi0MbyIyj2RZjgxpxI2vvFNRviGQfd7gcpLzoinD6USFK9f7hUXZr44H
+bCQUme32AqlJ+megWOauS3WUaE/8YA0KDLRDeskZYiAspQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: BE 0A D0 4C 5E 46 41 6E A9 35 8C 37 3C 87 7E 82 78 E3 80 C1 
+    friendlyName: Valid Long Serial Number Test16 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E6C9E4D61288FE11
+
+e+AmA7gdL7PjQ0RHgLFFf1j5Ol7nkQwTFTqP9BKrkhNN9YThLPv7AmCmhfNPqUWQ
+M78x+MUoYMr/Cj1OH2iyzER/gwXcX0smv0HQaQo8bydLXAZEpCPEo6HRvd//UPx9
+EdrRjvTwNqJwXaSsZKxj5E69gIbUANCKL/6itKRuxgJpCl9tVwC5rw4aC01rdojV
+QdF1NbNsZ+8e8dq/UHWbw/UGl4i/o+GnZ6257Q1E+enNF67EW0B01Zm4FUGI2lMa
+/LhZa3CxwWs3lTXA9pQumncClV7HjHMjOtPCOc9Pb2dhdhjBngc1wgk0ZRjnRgoS
+Us6pjQ8eMyP1U4tAR51S+cStfeL2SWiE/c33mBGwTjbrXh4HSdXGjxyfOtgVbTWt
+L0eLsDZb5kxfZ9M4UGspk/MLq9lnCbH2dYd+9PppVknhRahOpuPPuabYv+h7AjHG
+QsTdDkKbU0aXGvIVcA84rKn0rlWZbd1q4OwDPLoDSEkwuRmGqisOmOkv/BkjfLNy
+GYKBNJw+AmBX4Mv6Xx3hiX23ht+fBOqUJh1Ye5+l3DWlnpgF1tVaOKCraSeOurJV
+PxQwCbQ0JyTbyxduZ2CQznr8x3n/Gs2rbrFyEco/8YAZqFxdhs9RqMLacavfXI50
+UAY9tqHLT8M5w851ZLxpCHFKM+PMoDMZNVG3LhaH5n7NkRKQe5HdfQmmeqzbGWJS
+0Wx5KPNMbDykIjMFxYdHh6C0ftEERB0qinxQPSwPUDa16/eKqYT0EPdxCUi5QWEG
+77YoKFMLIKOSPEErLQQRlTjpVxtS+EuhGZhzxvIaaVyZf1BVEuSAdwLpixl3Avbb
+jN8p6Ww/aLfLvGkeRvHVaPPihHV5TAokkCbpdUn9ZWVRRgfwaEPrpMzZ9QXxRWsS
++yCkwrQ3sWO4UobJc0F7utfx7OdsLVG3t5LI8sLMACRvDkfkj7sIle3aSq99WYi4
+0H93dFlhlRYK5jK5bqLEeGIPFxFqAFAAxZiTLaQWrEWXPLF/J0PLDJLJd++OyNts
+r1tLJk8TM0KhV4ifFVDXiG6T2y7+hMtAYIn3vPvVzDLp5zsDYg/1OyElY2iEPbHp
+FvkfBRHJwHzBT7hE2P6kPi4tFy3MW7xCzl0jQL0aPR17qobVfre1nHPVFDmjg8RL
++kBbBtaCUTHIWUDM9Qmz3uEQwNdhsJ4T7IDYLvppAGdhblHJZjx2j9QMiQALf+Q1
+F/vSPV8ejSwHpQxXbP8qXIxYl3X8REpZJpBRSBy0HOxOVmpJvT0B8vLo1TWJ9MrK
+PA+72UtMfWlf0SzCfrF3PVR7zNhOkoZG8tkQCHazbgW+wGyPH2yLq7F4Ra+fk/OG
+T/Iyjj7GcW12Y0KJbaWTcl0UHzWnVmEiyp/2iOBdpXNRAzIWSWm4UbD+VX/SFtP4
+xbtv2PDKXi2DXQXU6QFgC1BSk1gGElN8f+JNrdwQkz4YPm4i2eS20jL5XdTGuxYw
+poqGuekkEHQvDfIX4vmQ8tZtdOx84BH/wipf/9VodeLatnrYTkt26rdUDIBqPeWE
+dkVTwIkIRPKjE8JcwInj1/uX73rPsRYMVAWbGoIsVhpbNlGzbQLCmKgBXnJa9iF2
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17.pem
deleted file mode 100644
index 16037a0097..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17.pem
+++ /dev/null
@@ -1,115 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Long Serial Number CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVTG9uZyBTZXJp
-YWwgTnVtYmVyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1mCudsqPk
-irIFe3XQBPzhyyRQyreJH26B3Yg6kYq1Obd6I1j7Ber4BDVyCCAvnS6rNkzsbaJf
-+sWVf27Vug0uhasZx/3XGc0DbhZNr5iYknU1LEh8Ccq1Oymq0LPolAHqaJNOaYpb
-K5Fq0P0RDcBK/ENgmtdY0CJrR7MWUTttqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU3z1I++My57kmUova7PgJT7PH
-36YwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHJqd5P8eBN05uB3+fPCfVjO
-qX7csbAx6X1LNibOoWDlB9Y6fElHQS+i8HDPmIIdC7N/9xoCW/fhzZqb6VKDQXNM
-9pwf6jOJKnNQOaQISdoIvj2Jn1FoE4Bo1SGGQo6ZgCWfXPA1TE93BXTua9Oa+FZ5
-fhG3y3gMYLC6ciKePSDf
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Long Serial Number EE Certificate Test17
-issuer=/C=US/O=Test Certificates/CN=Long Serial Number CA
------BEGIN CERTIFICATE-----
-MIICnzCCAgigAwIBAgIUfgECAwQFBgcICQoLDA0ODxAREhMwDQYJKoZIhvcNAQEF
-BQAwSTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4w
-HAYDVQQDExVMb25nIFNlcmlhbCBOdW1iZXIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcN
-MTEwNDE5MTQ1NzIwWjBiMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0
-aWZpY2F0ZXMxNzA1BgNVBAMTLlZhbGlkIExvbmcgU2VyaWFsIE51bWJlciBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0MTcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMmE
-I5A7RJ2dsFgrNGpTKPbTNkMlTeSA0APdg25ehg2jBXRX32Y18+LwdacaCcVFxWIK
-z16aAT/8U/rmoP3+dPkVosnTcbJamr5D5rE2D+QWqHI+4Q0saPg91CxVTkLhxU9R
-Ck1bLkVggnQngeaqCNLIAHuP8N44+V3Pytm+HddRAgMBAAGjazBpMB8GA1UdIwQY
-MBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMB0GA1UdDgQWBBR7xbA1RfoohD3hr0Lj
-5WUT+PO6hDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
-MA0GCSqGSIb3DQEBBQUAA4GBAGGq1mqUIqGhHvuMEEdcLDESbvJ2tSMigxNjqvGi
-zWc/CpxqrWchwxA3zF1/M54g1Shi2IAxIp7lfBJbh6X8o/8Dzhc7Mff3HrrqTrC9
-NUuJEFGx13X8FRoEPgCKkn/kl8fDLfTvJt/Piww6fE8s+5iiXwqaFwGJjSgz0UqW
-re5l
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Long Serial Number CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DF:3D:48:FB:E3:32:E7:B9:26:52:8B:DA:EC:F8:09:4F:B3:C7:DF:A6
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 7F0102030405060708090A0B0C0D0E0F10111213
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        7a:20:63:9e:55:8d:d1:c3:ab:3f:37:97:45:61:6c:a3:21:9f:
-        83:bd:ce:63:48:7c:a8:ca:36:15:02:3b:1b:51:66:e0:23:df:
-        de:ea:86:72:e6:92:9a:63:c7:0e:31:30:ee:62:83:1c:3e:23:
-        20:29:23:ec:aa:2e:f6:18:ba:94:45:e7:af:5e:44:0d:3c:2b:
-        13:6b:8c:7c:7a:6d:a2:f7:b5:9e:ea:d6:f9:9d:4d:31:91:8f:
-        ea:4d:b7:ef:5f:5a:2e:63:fc:37:02:5a:db:a6:3e:de:6b:a7:
-        84:83:d2:a7:5b:e2:07:85:9f:0a:03:f0:33:53:eb:a3:d1:d4:
-        16:02
------BEGIN X509 CRL-----
-MIIBeTCB4wIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJl
-ciBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA1MDMCFH8BAgMEBQYH
-CAkKCwwNDg8QERITFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8G
-A1UdIwQYMBaAFN89SPvjMue5JlKL2uz4CU+zx9+mMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAHogY55VjdHDqz83l0VhbKMhn4O9zmNIfKjKNhUCOxtRZuAj
-397qhnLmkppjxw4xMO5igxw+IyApI+yqLvYYupRF569eRA08KxNrjHx6baL3tZ7q
-1vmdTTGRj+pNt+9fWi5j/DcCWtumPt5rp4SD0qdb4geFnwoD8DNT66PR1BYC
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17EE.pem
new file mode 100644
index 0000000000..53afd0945e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidLongSerialNumberTest17EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B9 81 3E 90 D8 72 4A 1A 45 29 50 D0 DC 19 E1 1C 2E 29 C1 44 
+    friendlyName: Valid Long Serial Number Test17 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Long Serial Number EE Certificate Test17
+issuer=/C=US/O=Test Certificates 2011/CN=Long Serial Number CA
+-----BEGIN CERTIFICATE-----
+MIIDrjCCApagAwIBAgIUfgECAwQFBgcICQoLDA0ODxAREhMwDQYJKoZIhvcNAQEL
+BQAwTjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExHjAcBgNVBAMTFUxvbmcgU2VyaWFsIE51bWJlciBDQTAeFw0xMDAxMDEwODMw
+MDBaFw0zMDEyMzEwODMwMDBaMGcxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMTcwNQYDVQQDEy5WYWxpZCBMb25nIFNlcmlhbCBO
+dW1iZXIgRUUgQ2VydGlmaWNhdGUgVGVzdDE3MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAvNWBkGHs4ey3i7wnEUSxL3bZ/wcxijWbLd45CdHlfcrVluMb
+reijfhtxX8DrcfzSzWjMuq+FbReq/XE9Lig3FABFCscvbqMRsbVJBuRxykVx9Xml
+xyMtUScxxhkVFsJdGS6YRyesOX/IQSdDLYt++jRQMZ9WwjCyf3rl0w+vAmwzX9kg
+bHAVJoE71zVHHz6GxlLLuJVrYawr/j6Ao9sjniUNWsR0r/JskIpfwAyOPktOopuZ
+AlsUhw/TagkfTn7PTxTGQsCYabh9NJejgMH67nFWAikqGSsObbkGYKpqf8qOtsk5
+hW8PMGBe4Ry4OBL2ITdSfuU1DZWbAsOBuSs7HwIDAQABo2swaTAfBgNVHSMEGDAW
+gBQLY7dHrsIHMht/b+M6uOoL/9dkpDAdBgNVHQ4EFgQUCkxTRT2mlM7HMRp0Z7qK
+tbsHoHcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAN
+BgkqhkiG9w0BAQsFAAOCAQEAqesLoIqzgv5k02gA0rW61rhlEnQcwQ3v7qcl0816
++Gn8Ozxefx/tN49JM7VlVIDDATsLynepfZzhyb/5Ag+Yq0FMaMp13QN4ZusGsNJ/
+LlbG/L7nQejig+BAYzD6MIdpPKozcaTRYGVZjZ30YYg8SVEN4nr1KTf4ExOvqAH+
+dHlw5JXln9w0GTQfHyhx0Y1rCMAyqlrffbktFJMqDuUnoWM+9YPtRfswATAAY2QO
++OfKOvuYUOvPECybeD2QDFKOHYe7gpXsjQsEuAmUpDAoxvpay6VIEeytVEh6VpYD
+3pYPFGmK/SHDFzLVMMIFyHOpwQaoCiAAgguMsVVS5Md97Q==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B9 81 3E 90 D8 72 4A 1A 45 29 50 D0 DC 19 E1 1C 2E 29 C1 44 
+    friendlyName: Valid Long Serial Number Test17 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,44A9DE28D5DB80A0
+
+qqGl9iO5jTbHmXHqEWGf7N4ADTdGCCTfYzjwsTpgw5lWTyoH5cAKkoX0zU95+Sy6
+jBmrxuRnexwbcKG/yAETafgBs8uT/cNfmviYuvrOXjMK/WphkXj4iUDpsKLNoT7W
+shW3WbwQYtPeK2vaF7nLig//b9UD80Iv9hoYO8joBgNqv12rUOiCqGJ6EQqr+gNU
+IxjPTKx6cfEqzbKu5pQEXkT2paD0G8Us6uWQOj9UyESUuYLCciivtGuEAPBsaIxN
+zI+7DDxXD/eFWAjI7Yc0ovGa+gV/AxeiHFNJi0q/bjm0+1PM44hgadbqiphZlcbd
+wyYNccsO8HIE4pepI8xD4/SYCL9BXo2ukdB1B7sBXoLM+a/Gu9p3ZVy94c0RfAST
+nsBe30h/tvomue8HoIXBWsTGZYDca7VOQAwLkObli0atxQOY3rAQW+eKc/WIyX2t
+UGf6qwWf/oHplLanqQchMV2aG905nFCNHhd2T+8fElhbgBYc4YpMQCnLtZVGvs7R
+JRAgSPekBVdj3JyN71xaMcwcuqtAcIiAzHNyFsv13CsxKPcVgBUnE6KUnkANG817
+SwidJ5tL/Lkb3iS8qaR5strMrLqZJdGHfhvZ0kuTvW6jFIPqT9qPpn3MbSW44WIi
+hOFVgSQdbsBxyEIIhlOpAW72qprgGAFHNWD77RqDmtbh1+OQadD3xDws74cObWBj
+Nb8n+9gKFeC1gErZ6EG9y5eHDQiAzB/lSHw//K+el7XDAh6UyR3o1Ob/pVmQaLqS
+VPIGMkmf+HtJUos5wETaqxJIlh9GypA09rVW5ZZSARxYdGh/evNVKRBPukGcQktq
+EUf0MCZcZGw2MH/+tdjtugnd5edGhmzesYRlDchnmSBGwiis0XYB4FuTzDSdKuD9
+S+vsb7e6x6rZFlEsA0KnAwlYNUkm7M2JzGjPs3tG4CLAKMY717wY/C3gsdo2ybR3
+bBESEa+0QHdN5ubeolPY2q4IVPes+Xg1HjPW79c2WoZ6CDGKOlC77aQ4AN4fnFNk
+AOmFFAdTNVVFsnQz5ewrd1fIr/r+rR1XbJBE8MkE8KaUAVxPpOJuwsIYa7IrBKAr
+sVaPC/LwBk+iFtUoN7dUmuu4Y6GCPTSYuxhd6B+75sv2ToK6nfIK9XDhzd5ua1s9
++7U9SjRXuSc81KfSwpy4Ct3zKcTmH2ggqjv5DbzLbI1G9Eodq2a012CDue4bie4H
+znuOAUUqM+7+un/pidIVpxCxxhCFxNShnotaP73LO6xgxkuBOCKVVphHcr4zV5k6
+z5D20cDGwk2vYdXVmI+fQ4CtwdMDm5mnc+P1GwDS5oiA8fCSq46GQDBtAyq++Lz+
+u7m+kLh7O9JNOre3iNeAGpZZrLacpd4sCaIZWi5QOmxcsbl3ojYte/c/r/J1/AT5
+ZAn6qi71xHjuuOdpMPCYOdBapbw12A9PU7VpjlY4f34B1Cdf3u1kz8D2ZVsaFlDj
+d99kDQOKFntH0XOTYMytoK1lsekRiLOsrUUMWkJO1ULtICPdjJtRk8Wl6lr5o7JG
+rA5/hsVnStNN8QDbRGPZgmFcKryroXGEAz/Kt7fPhYc7DKiK+OMmPdRIOEcM8zUP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5.pem
deleted file mode 100644
index 84006ae155..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Name Chaining Capitalization EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=GOOD CA
------BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dPT0QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBrMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxQDA+BgNVBAMTN1ZhbGlkIE5hbWUgQ2hh
-aW5pbmcgQ2FwaXRhbGl6YXRpb24gRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAKKjNiRlU/b/0kN4KqqM8GCc/XOogauyq9LV
-K5+grKdIS9Hyb8R/YDK9ilsjzU/nYKRdOvMfUs5NYR7H1UhBJ9GMfo5ZJE7zbV6X
-COFLvi5STvmS1FIA1COnOuW0gCI37YuvoILvExZV0MlgOP+maCzYWDsffOoGujMJ
-/tdFTmufAgMBAAGjazBpMB8GA1UdIwQYMBaAFLcupoLLwsi8qHsnRNc1M9+aFZTH
-MB0GA1UdDgQWBBRM7vD5b8j3gITFAx7LZDp4/fhR8DAOBgNVHQ8BAf8EBAMCBPAw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAFXVuDJL
-2xAKqFtse2QAF5GxQIa8VuJCdOuNF/KCTNQ65dWDvBRYuc1O2O0NaeN71B7vbBaR
-fLAM9acjYghtDQd22u/dErDTmKIS2IEY4Z3P1eGlLcNhpV1DsIAe6cQLgm+fY8jS
-1m63U2bt0Fs4nefPvxpkWCeLXOCr7ewDM2Uc
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5EE.pem
new file mode 100644
index 0000000000..c011252ed5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingCapitalizationTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 66 4A 0D DB 28 1C AA 3E BB D7 DB CE 21 C6 B6 B9 5A 8F 35 EF 
+    friendlyName: Valid Name Chaining Capitalization Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Name Chaining Capitalization EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=GOOD CA
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIBDTANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR09PRCBD
+QTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMHAxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMUAwPgYDVQQDEzdWYWxp
+ZCBOYW1lIENoYWluaW5nIENhcGl0YWxpemF0aW9uIEVFIENlcnRpZmljYXRlIFRl
+c3Q1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7uBBbS4stI16Jp4v
+WGJ51twPti1iJLp+mNzQjyNaE/xC+J3w438fQvsKPEJBwl9iuTtIO8ijAGRJiCUA
+nnc7+PeJ7UvYBxE1tcggXXrE7pTJsw893bE6JHy6SxH+/yt/yRfwo+YqbZvtD+6U
+4bCsj/83FQvhWoLdh0ePfU3GiK0wkM13aD+pBNy/aMZHIOm7JjOuv4a2hbQtYWHo
+oYRYkhXfykCr37V3zwCbPsmGyVJ0MLtwLs/Q3Cqxzlp2uIoeFQR4e2H+ISfQg+Lp
+1eIqJCd2E3VJ8oKcIu2oW4soNL9mPNjKZdlwC3VLtRITcvfPH/otHuS2wcAdU+88
+DRMo5wIDAQABo2swaTAfBgNVHSMEGDAWgBRYAYQkG7wrUpRKPaUQchRR9a86yTAd
+BgNVHQ4EFgQUeN6aGkOrZ3hSrA3gtRojk+AnY8IwDgYDVR0PAQH/BAQDAgTwMBcG
+A1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAbqlb8g8M
+w5TaH8PXafNxxswC41xFgxZWx4vdQEytNeeAdFABrQf79V/CxoT+KuXr17wTstpT
+XqEF5zjsahruaSONLcUy1JetjUNW/Z7b6/p4s3NffYhf0TMqqLLatI63CCImH8Ap
+8ceCFU3m+fyIyTdIEHgsnQX67zZ1mpoFjlrTutSYXUHtfhsK9h7LCprkBOwjbjfd
+t2nf6nPx1H05oFKrFGpu2gAHHserXavCToQVsprK8jQ6r/8xHInJS76KK3fMT4Is
+iA6EiRrqGTWkPjh2hd6WaFz/zRhuLm9ODRuz3bgN9rcdxq8jYkDg8Fq6eqhnVLJe
+nwhTghrNhZqV4w==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 66 4A 0D DB 28 1C AA 3E BB D7 DB CE 21 C6 B6 B9 5A 8F 35 EF 
+    friendlyName: Valid Name Chaining Capitalization Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8474ABEBEF2EE976
+
+5J1l4vly6GY042QtaorkypQYpT1DxoNh6VGLDt5ceK6iqKZKJc5AoXViAlB69xYd
+qusEHBs/WGdfXysIyThM/d4BVC91K+ZYeJZiknD/RhWLkxFfGeF36pC85Pm4ahxa
+e0Kq0VLCc6FNlPMnJV2clugdNaH3ZSr9A8luQJeU7NUHHAasfq/6DU56LUnBDPQB
+hsnnNlJZDeDF2vzZLYSKL7X0s2C8EHdB1PHWaDAnaDNLk4/3MQbopxoF8Eok50Gd
+jBUsHqo9/qEUP2Rf/W+oejs8ruW/WUBVEIeZ5Vfi+Df9obJB+r8KshRc/JH/8QRg
+9F9uAsUkNlzcCsbNTE+lUK2yY1JSYY3LAU1dUkI5W6rlJr7kASjlWsDb+ShVoBsZ
+HwXyHE0ACFSqgFVlAFCqXmoUXaGAxUsQ4bACE7sWlPtnCcCLp41JV3XobwGz6ZHm
+maY6CBPZXzc8Lcqs2uowAUxa2/jtZJdzpqAXTDks+ZHBgDOv61mvyByYWn+TT+zm
+qY8JGuTxDCUNGO5aGa2aoaZCExYo9HR8x0Pn1P7uJDtyDH1Gk4p0mHIYm4JADw3g
+x0ML+R6jROa1S+TaaYl0tpkmfX3BrZpa2RnARAxQhMuGQIS+KB7jfArgR+MofN3v
+Nq/hiRCZ6tOCuvNInKplDOzAAI9DJbVyMk5GL6KDkuqBEVWr3qhzwt6HnyRw0cVy
+AruMn7xRl3o5XXob/kAPK+WZDavj48LLMTIigObBbluOJMkVLkxqx71Hq3S+9NLA
+nIX0VSWKWjxh+wVczdYQDipX5uHppeaVP+fJSXIqEVVvcDSogPJ747F+Sxiw+KJF
+7DxL21lN4Oa2VFVPVWdYPrqnqSjw3qoVmONYB4Vb4TksHcj9wxo7DQrL4euPHtnJ
+bMWyaC2GMNJJUeW7yZN+Fr6LmhrUZiQKtjdSPNETJpZQEu9iFd9VLfZ/ukjG3MOb
+hHULOkls/rqwLgLG9gdChBf70d88xD2waZnQsTK1RSjQoyBkqvm1fJh7dgB6Lluv
+0On5y1hiRhleV7croW4T5UJxHhB210E/CrJIryaz8MbjVUrgdzlfh2aHH5c5kVJq
+E4HLoFjNIkURQnN0XcMbYJCT6HXhRtQa8vcODxrwtRLu4J/sylUv/3e5dfVeGuDd
+EBGyJ6j6qPdU8h4j8GhHtmjcT5900Mr2Fb+TOCnzQszo+SksndPQVFEmDmIBLUv7
+U62wBHpzl9NmfSGYwvYeVytHO5Ufa34U3pbxWi5IJOyopFMjIA974Hx4En5OAHgh
+qZxeB/A7yZ9PPWc2AkjNowpvCAnAYKtrJBQZMNF1WLajLWwk1CYJcbxUF4j4amGX
+NzNg3KaiBOd+usBFKLWbmaaMXPQVOijbkYkukanPxdk+hxtTykJSp7uMGhGgzQHP
+FQ2/5bfvpt3eSY1AT+NLZyaNAe30I31VSFOVBbYcGy89KTZUgay4oXGFZvpSa75l
+ro/9RNIe7cYOapB/yzgR9BtJB1r3rBpEOrs+FYV0QcaIgBwbBmJnU4Ew4kgT9kcz
+1CZ0mZTB2ysg9jXquvhFTY2n1clRUrD+IAd9Lkx7x2LGAd3ZGOPxS0l+gG1BoMSH
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingUIDsTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingUIDsTest6.pem
deleted file mode 100644
index 224a2cebb5..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingUIDsTest6.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=UID CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcTCCAdqgAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxUcnVzdCBBbmNo
-b3IwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjA6MQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBlVJRCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyt5HBgA3udSw3/TzrG90sAN/8wyl
-eDWkGAUc1kYzyzCyNNRMYjTspi391pcr4incsgjvOY3Xc6YT8ajMzFw0R+ur6hbl
-oTYcbzdNNZGzr2w66IMDMntKTpZ2PpUH4XoCvJmNc4xIohL60RqPrGofttwpyfS+
-gxXCpVjsfywnR40CAwEAAYICBSCjfDB6MB8GA1UdIwQYMBaAFPts1C2Bnsonep4N
-sDzqmryH/0nqMB0GA1UdDgQWBBTSZXzCH9kXQYjs1VhEmgfiHMx4FTAOBgNVHQ8B
-Af8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMB
-Af8wDQYJKoZIhvcNAQEFBQADgYEAJZCA4IQ1YgY/8DcUafiLUKwirRsP5C7cCdMr
-0POcMDPmF5wyw0VuUGqHnAFEvc3VXjHv7KPJjlq0BPN6Zv/mWpumTOEMZNM8ik5u
-2NwuDmexmwkXHhK63MVV+iVsef6nWxx2Xf3ahbbLQgFnMIbLeNzXpIPzyFlQK0V/
-ABcwlzg=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid UIDs EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=UID CA
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBATANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBlVJRCBDQTAeFw0w
-MTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFMxCzAJBgNVBAYTAlVTMRowGAYD
-VQQKExFUZXN0IENlcnRpZmljYXRlczEoMCYGA1UEAxMfVmFsaWQgVUlEcyBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0NjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA61z4
-7chYRZr2FRLh+/4cPggLdSkDgQkdFCuflGzLsN21pmtZue3b7qADRSFwnmP5wQ9L
-dOEPzufTiCt3wcPEHCaBCCN0Rr+8iWwww76h7HE0jjU9o7IHje6qAOhc7THvZS3s
-kiVb9Nt1J1/KSPM3oltTENEyjuLaXbI9XIYY/p0CAwEAAYECBSCjazBpMB8GA1Ud
-IwQYMBaAFNJlfMIf2RdBiOzVWESaB+IczHgVMB0GA1UdDgQWBBRMlbVlFGZ1ahlQ
-H8QnvM3PBG+n+DAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA0GCSqGSIb3DQEBBQUAA4GBALXKf4ViSQp8LaI9MVvNFJ5b/YG4jXBpGXXp
-htEyinitf4scZy55fdtqANeG0Ph5y7633SFANNBWS+enHNQu3Nti8boG52chWIzf
-/8vANjunWkn/PVQrI6jXORTFNG+Ia/baFDbpKyjIta1g79QVXdqi7xQ9Neo6r81u
-uhx3rn/V
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=UID CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D2:65:7C:C2:1F:D9:17:41:88:EC:D5:58:44:9A:07:E2:1C:CC:78:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        69:bb:bb:27:78:93:70:70:bc:06:5b:eb:d0:3a:9e:78:3a:e3:
-        dc:8a:0f:8d:77:93:e1:6a:c9:83:f5:64:f8:0c:5f:27:0b:1f:
-        a9:83:a3:c4:f3:87:ea:24:f8:79:41:a4:44:56:1b:93:78:bd:
-        e5:83:d9:60:2f:2e:d0:92:1b:41:2a:90:0c:9f:5f:90:1c:07:
-        88:98:b4:6b:cb:78:98:da:30:d2:37:d2:44:19:c7:d3:fc:9e:
-        65:89:2e:f4:77:7d:f5:9f:4b:f7:72:3f:32:d9:90:d8:52:0a:
-        dc:ce:51:81:21:f5:25:59:02:11:34:8f:52:24:ad:0c:0d:69:
-        2f:2d
------BEGIN X509 CRL-----
-MIIBMzCBnQIBATANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxDzANBgNVBAMTBlVJRCBDQRcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAU0mV8wh/ZF0GI7NVY
-RJoH4hzMeBUwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAabu7J3iTcHC8
-Blvr0DqeeDrj3IoPjXeT4WrJg/Vk+AxfJwsfqYOjxPOH6iT4eUGkRFYbk3i95YPZ
-YC8u0JIbQSqQDJ9fkBwHiJi0a8t4mNow0jfSRBnH0/yeZYku9Hd99Z9L93I/MtmQ
-2FIK3M5RgSH1JVkCETSPUiStDA1pLy0=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3.pem
deleted file mode 100644
index a2b8d417c1..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Name Chaining Whitespace EE Certificate Test3
-issuer=/C=US/O=Test  Certificates/CN=Good     CA
------BEGIN CERTIFICATE-----
-MIICiDCCAfGgAwIBAgIBCzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEb
-MBkGA1UEChMSVGVzdCAgQ2VydGlmaWNhdGVzMRQwEgYDVQQDEwtHb29kICAgICBD
-QTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE8MDoGA1UEAxMzVmFsaWQgTmFt
-ZSBDaGFpbmluZyBXaGl0ZXNwYWNlIEVFIENlcnRpZmljYXRlIFRlc3QzMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnqTq65lI16x9K+4TSv4Kj5oTA79gcaQ1V
-o1Pov5lyumlF8AxDNIBczzkCmRw0G5yTUG0GK47M9jfAWj3nlYjtQY324wjwcRYX
-TqFCcPr4Aw4VdxQ58+hE/Dve+Q9KgH8XJ7KELJoiN9dCmYcTXnkW+ZNnPYGpAtf8
-2QXDyCwO5QIDAQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWU
-xzAdBgNVHQ4EFgQU7dgiWtJswE2iwyEUO2QMiVBSZGEwDgYDVR0PAQH/BAQDAgTw
-MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQBYEf4J
-9G7Vag3A4nNIKYSRK1FULS5V4XEpbh7h12s4NjEulFrxn9ZKwSbElwar9CYZIOJl
-sW77M3xjTub/6l2DwT+pBp8smD4WdcN8D9453M0nY3+0de6hU09COr7/AWVzbxzd
-UEHnXWDZu5PRgbj14UJKrqBzQiZAbMRx5b8sAw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3EE.pem
new file mode 100644
index 0000000000..dffeeb76b8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C5 EA CC 72 B7 CA 5D 4B 8A 21 2F E1 75 89 75 BD FF 49 9B D0 
+    friendlyName: Valid Name Chaining Whitespace Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Name Chaining Whitespace EE Certificate Test3
+issuer=/C=US/O=Test  Certificates 2011/CN=Good     CA
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBCzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEg
+MB4GA1UEChMXVGVzdCAgQ2VydGlmaWNhdGVzIDIwMTExFDASBgNVBAMTC0dvb2Qg
+ICAgIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowbDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExPDA6BgNVBAMT
+M1ZhbGlkIE5hbWUgQ2hhaW5pbmcgV2hpdGVzcGFjZSBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALHDyEmorSlP274u
+/18BUHzKkc9SIwgCP7PBHTOfjf6Zy5H5WVZ0iPjotyQpm8nhiZLodmJ7I14LyQaV
+gCQaZJR3gw5dKMYHotPXQcI4jptWTiiG+aNT7bZREbg5BA7jTswTLokWbcQHBSx6
+iN6QfHS1LJP0ah4ccVVpi3sqDvfzhzWsU9s/S2pFUOHM6/iHc6H9Zy/CxceTHrt9
+jw5A3KHRZ9ihMGuwZXZfZn7HHtDuVMUb23QRhBVoPo+QzCCGXb3Kxr1/qM1EiFgW
+mkieRIPGygUkFoGyH+ELQNclyI1bb9jsW4g+vr6PTYgEJofktbQB3WwCRH7ADIW6
+6fpSr/UCAwEAAaNrMGkwHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2lEHIUUfWvOskw
+HQYDVR0OBBYEFM+4igHs3RwMuk/hDgGZXsfaFTxTMA4GA1UdDwEB/wQEAwIE8DAX
+BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAD5C0FF8
+5YCkCu/hOuIAlLhMSkjdlBKlpnFriNjiKtNNPm+lEXUCnN9Iug/QrqevX1wTN7zx
+glDipUTax7bo3/z4eT/eURz5shg4swHdnDofLxRDJybSEG0hEDUgu+lvww13FHFQ
+6ZgGvgC4O5wPE1UVCQmM2EcVkcdn6sMLozzH+sg40gj/VALvh2H6VhobkV7dzI82
+cGPZhPDNjO/w4MjGTfhQjPvMGVuLjazBZxNCyfZeYDjygmIDSDLmFAdum34Vk8OL
+/lGLKLp31rM7EBYhkpu48PhPy8iUXAvR+qPlcKfbQ+k/D8rbzDE3tX/Iw/6LdhU5
+3xt3vd6uvytI5dY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C5 EA CC 72 B7 CA 5D 4B 8A 21 2F E1 75 89 75 BD FF 49 9B D0 
+    friendlyName: Valid Name Chaining Whitespace Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D3BDEACC98B28A3E
+
+Nr7q4KiLPfumYbQawi1p1XmHeWRLufp83i14WwnfoIDJ/D592JH9a6e2g78ostDW
+F/S0VMtut7GMOd+e3rzS9vKEN1/KJHuatbgpvt6aMsCxeqsQjWq90cx3XxN9GDSj
+zQ/z7yNE8DbOu3Ohs8uZnAWId94sX6pbFndkjSys3pbdhgwQ86cxNIZvXBL2PHyL
+kP4VgOOolg2gE+1jYbZhzIZxpLv2bVoTtHWqr6NlhmPzWSTrlvLOUlsh31btmGD/
+9bHp/L7WCV++S8J6bDVlkcwVgo3k9m6hoKt7m2AbV7ljztvgpJM0isZ5CDNIQD4u
+sLpPGssVIrJ+90EsrhyEAqOzSmbaL6OEvbXkAilhaaPG8fGjPjJmlSiO/rV3acxc
+wuqt6dipGUBDGzVBTopOE97zLyHgmoRH1Zh2m9JM6IZrSZpx3oYaiwBEhwXpOSD+
+edbC2Jl8h2xJls0KJbP2SfhRvkXBoKHkwDLgEUuCGhD6vXqP0zeGn3oaCe7Bk75q
+l+qIlbNh8ytLTe/ZNaj0xZ9KzuryeiYM8bFoRANsI6iYrPeI6oBo6kv1EYEKPRef
+xhuoTYrtwoRJzou7+SiHPJCDtArWJ2EJAWLIsN3ymX1gaW+Lk1mESSXntT5pKDBL
+63FxoG9hTl4G2/HGMwGmbbxNO2o/IhE4bQRSlsedadQxMnXHKq4NAjB4Jz7Dhk8N
+PhuWB9T6RnZGajwXMPYGVCzJ2ms8pnN6DE9NreZmgCoDHDE203Zh5WQqLJ0fTxy4
+ZvF/Yx0OXe0ZAgoiNpmu8lpKXTuz4nReKrXIdeWDmzeWKdyCMV3z5/+Vh62/UbUE
+hsvCczwL5W+Cial+tIc0r3zX3hpohEqT+oTUAznTRqy5dqpL6vfubZephO/XU3gI
+BLcnyGMbjmXJiAGxotXYjZsYhf8f56yOfzY0EZmjehDxNJbLh/IWh3eWhWyciNRg
++aWL+95YIJnkR5dgNj2mnveS1BdqjZ34WIziYUTrGyIZXWvx4883Ilc15acB9Ul8
+89wGIhVEY0CNFl7mrGnRSuWL5EXNCBk0lhA0LtDivO1wSwqjQ7lji1lKG6MmWJob
+cQ2YBy01ERGt1G8rOzL3V0/Pbr2Bp0zwKkWeD4Y0ebtawmVCcqny+XtrEfz3I38K
+WMqbLwEsnj3YM8KI3rM6FjfPbp3vrlRj1hclaaE89aXy9SYtdfBypJi7am7xpkou
++8Q9LRuXucorLQEVpFT3ZevXvl+hSXEfjEZG8fQ3bsrnXsoP8hB0DII5jgVkvqh0
+rwKQYFmL9yfVHnimGUneNjpnEIaiFDK5cq8KEkR6g29wEof431kVXek9nSG/UkyG
+ylh9YlxwHmbJQKRiJeFYSILWEEz0KsTD1GhXu9qsucRUAlPp6cVdpl4kA7Z/3ERj
+/Zs1f6aEQZokhdOhSZz2QnUb4xMWY6TduM9FqPrFBbjII5/4o5mOJVAPTgpDzI71
+4Bz+C2riSODikKivmeIq5OE1fYpuN/WyL380wx6HkNqpjlNTy/Y1fM302GX+4JCS
+7iBZDndYgQawpPDXz+S4eoehksUP0y7IWaLkoD6SRqh7P3GtvqtHf6V4/aawhu9D
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4.pem
deleted file mode 100644
index 771472db84..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Name Chaining Whitespace EE Certificate Test4
-issuer=/C=US/O=Test Certificates   /CN=   Good CA
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBDDANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEd
-MBsGA1UEChMUVGVzdCBDZXJ0aWZpY2F0ZXMgICAxEzARBgNVBAMTCiAgIEdvb2Qg
-Q0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBnMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPDA6BgNVBAMTM1ZhbGlkIE5h
-bWUgQ2hhaW5pbmcgV2hpdGVzcGFjZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtFVzL02aRX103n0ddypzMXb4EZ6au9/l
-Cf7wLoF0u6IHixT05tw1feYoDt23vnfJKOjwqqcqnshCi0k949dyrQeTAnFQXsqp
-aPj1xjdYq3ohEKTObPeGRiyinhMAEZHxTLUyIW3hmjooktV827Bg1l9wIozE3pvw
-XyRbd3rAkFECAwEAAaNrMGkwHwYDVR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oV
-lMcwHQYDVR0OBBYEFHeQkes2kV9nbiKaIemSfMP1WNMPMA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAW5OD
-GSTMa2KPAQpLgH0nrncEH6jRAkyk6il7E2N0bz1KJP1itGDbzdrNTtMTs0rD9waM
-K3JrQGfALXvoj0+PD+Z/AbrpO3WKKuDkKOjIPt4Yyf59K36K0ZLKk6zID6ilR6Em
-0BaM9OimGTwDaij8MOU8FMuwXFgOu/wPciMU18s=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4EE.pem
new file mode 100644
index 0000000000..abc0b5bde9
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameChainingWhitespaceTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 3D 5A 26 7E 13 F6 36 79 3C 23 EA CD 54 62 D3 0B 6A 73 28 67 
+    friendlyName: Valid Name Chaining Whitespace Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Name Chaining Whitespace EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011   /CN=   Good CA
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBDDANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEi
+MCAGA1UEChMZVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMSAgIDETMBEGA1UEAxMKICAg
+R29vZCBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGwxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTwwOgYDVQQD
+EzNWYWxpZCBOYW1lIENoYWluaW5nIFdoaXRlc3BhY2UgRUUgQ2VydGlmaWNhdGUg
+VGVzdDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4La/z52GYvBOP
+DFvAnfCjhivYpHlbMWtU7svc8tBER62tEOta4nC30i3dcKjgB4jKDM0F/u+OYl5Z
+4yFB30IiJm1OTj7IPf3ByvpExvPpHnVzsDHejQxAYSFIzrncOZbFmVbMy9cX7D4W
+hNQV4NAokTP6yocnUTxjyStNrQdvFvddslImXHlFUhLDSms8iW0DUbxkKoSajmBc
+tUMNb+fF8UXzCKZbrLX0Oe3Yb9DsjooJcbDWPosIx5f4JuoqBPZlAYzbfLY6n2mi
+zuITEX8Y92Frb8IHPV5BiGB6BH6zacuSPpL2wraRdgZ+RDp7LhWLEgeoEgVpKPJa
+9NkL8frjAgMBAAGjazBpMB8GA1UdIwQYMBaAFFgBhCQbvCtSlEo9pRByFFH1rzrJ
+MB0GA1UdDgQWBBSbK6wW/RUIeRut/gCL5ZdIwM6pZjAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQCMYzO9
++8BMUK03i/AJRqCMqbqswHkkb9HeVjXHy+NzN7WK766jlSW/uTQ0GQSVdnU7Fsz6
+UH5gLW3U0xngEYRP29iXNVKvcowLt9QDnHFOSyIQDPby499+YulERS5kAOhjm7pt
+Yq75dLt/tNpEueSYzI9oUQzwIGpkyaVVlfmO/FJZdhpJ9MCZjzWoUhuLxXIQm+mD
+UAme2M514vtqwa8RG9xUQdO/CnXZKhAKNp+VK2zn5qt9FynWL5k1kMmxUkuqLapu
+duPbakDGRpP8vsj9QNWSmE2h0ZIZQ620VZ9121qhv9hvngL+RJcryL3aAbgQOmk3
+3eJOprz8zBsDGy4q
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3D 5A 26 7E 13 F6 36 79 3C 23 EA CD 54 62 D3 0B 6A 73 28 67 
+    friendlyName: Valid Name Chaining Whitespace Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4424FB8B710FB0B1
+
+s9Ot42C5xYET6pUlfi69SDT8WEn0dPhZlU8nYvNUpjhU4Oe70ZZ/oQXKrBfT+Lnl
+vV9z4M+4R5OaRNx6vZQ6fv37HodsZoAv6cCEtw+zN8l4FxCH55FbtDYgvCCqM7ek
+MOGzEK5cpKgeAk7ayU3PXC2zNKDGVNmUzZ2o4eFcxlG6ZlsqEOqddAQKA6pVlzep
+6hvycuHBaKYutrCgC2H8N5Go0Mxdg0cVi9QUUQQjtGgvpD6k99eicwk3BczNHPFa
+i+pv5exRDf1brZRlAGKiYMc6SjscRAyZmZQW09+IwFC/8+Nz9aA/Z4/hMt7hd0n4
+s4fWl/EnYVd25FH3cG0l1g0SYvi+tkHclftGMVHrkuy01oCi04Ak4qh0XTaDm2Qn
+TVLLrrBhAlRFnKWHxVqSTjT+8myfJII2W09tO/eVYS8n6lBYkT5FyN2SVy8SqV/s
+L6+cwi9ihmIXUjK0DQlDdo41g9fGTkx5SrhNje1Ztpoxymg4B3Y/OHtvnAZ6SskE
+ZqivMN3ugiszipW0akTdGx42auWkH+CZZU38UtwAz3FLUa7TaEGnA96OSBiVSn4F
+mfDg8xj3QtUTexqaQxT5ut3Eyd8s7dn/WbsItwJNRgHku9GyMmgEDNpTR0sAIXEm
+F7PDc6Qd5/7h0KGmQdA6hVMIqGBeND+2zgcyThcjF/JMdzehIC0Ga8lLdc5kYvUY
+cx/dFx4NVWvxQCmJzDvIueZl1YduE6fxugRXElTlSoVjpMNHnVOBW/ZEjVWThBkj
+asvAEBgv88lmPKC1s+scM3MNCWT8CWQyqXjtm3XLIJe3huFg2g7/NcrTicT9FvLs
+bKSOiJMsmTA4wwTyDXduaUv2PIs15fRPgjEOytm+LFb02c/5677cTfHeU2dQJctI
+Z6eSbJYk/B+2QApmyUs+yGh4El3xkEBEF04o6bkipnbceIm3LJxrPnjlSkWJURT+
+6yMB2TeJVG+DFparwjInS43EHTMstpGbf5DaW2se1ZQJPLH0w/ePtSzRI3ysPC71
+ycxIRCK3buGZG7oj+SZMcalA1IsMxxrEgM0bT+gmb1yVitrUbwCqn/o0NlK2uB2K
+TUQkElJnLyTULroBr6DjkmtbRmlogKsfOlU0IxdtEotOD7dFjw4tqXtQXmMOi7fK
+5QbCXl/ddP8PwibQUYxXtAyh9jaGfGKAo8dw0pLz9hg7XmHOfxjYtXkMEnTPKNk2
+LBBxRqLAKGeEQxErVjor7c7K3fYE2b3oRRwEyb6WDXFHdTH60gL5HpNr0YCjxb2Z
+oOeXmCjAZRm8Gyxvk5cCetjdDH94aHfk5t5HMp4roQOqnC1s1LfGloHUFiMgOX6R
+iQhbH1oYdIrhrOIUI6dwBsglmct92oiQySB5SyvLME+AZHZkVl51ckkSDfpJP30a
+iS2NxinNhmbSCuKDpwd/rqRHF0C1sZY+Xj0YC5yxa1gxOMmuJe7HYtbr8Ymlh3/L
+UkcMecNVV2VJyRBJ/2LC1gMbXRmHO6xt2hphjyf0LBO53ddh26VUWK5uSF2SNVzb
+oI5kZI0Rzhp+dmCk8mgyNqWDXkhb42kd0dfqe1AqQur92CrS9fpEzchXUL2ZwKTv
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameUIDsTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameUIDsTest6EE.pem
new file mode 100644
index 0000000000..fc4d93467f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNameUIDsTest6EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 48 C5 C3 96 59 8B 77 F9 C6 6C 80 92 B1 82 72 D7 DA B8 9D C0 
+    friendlyName: Valid Name UIDs Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid UIDs EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=UID CA
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBATANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEPMA0GA1UEAxMGVUlEIENB
+MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowWDELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExKDAmBgNVBAMTH1ZhbGlk
+IFVJRHMgRUUgQ2VydGlmaWNhdGUgVGVzdDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC+CDXTTtVJkN0JuysaGMhtKLPv9bAL5wjPaio74JOJd/yT6Ht6
+Wakzti6sGWJ+ZXZV/b06A0pjX42Ni28NhdQWVYdoePNde5WTbowdR2TOnxEAGJg0
+ztClAEBDgAI6xSk47UJ0Dw0Rfs0hJcbLNQnqAHU1UllAX9XanFDrAVMzucVxYIiA
+DF2dYc8k9qeWYp0iASwG8uNhOjV4yZK2qnP+Zbgvi7rfs9hRGFq41TcWmfgiEaPg
+olDsycWP9+3xN0VeUQWSI+a+m/WqXfn1YlID2fDdBfTAluGZo0XgLDCaFEBTykbz
+txF492qwzSjSDTRTFDOXeFtFrG7D7iw01GmFAgMBAAGBAgUgo2swaTAfBgNVHSME
+GDAWgBQQP8UEMPHYQzaFeVyMjYud7i8cqTAdBgNVHQ4EFgQUtSL+I/d8UPhnT9HV
+xez6eEtAmW0wDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
+ATANBgkqhkiG9w0BAQsFAAOCAQEAVZmul1o1onioRq7Mh7wUzGcIsXfNPryARrfO
+1+dn/QwbrfraBtW5LlUHgaqn0etd/7oy0YslTJ0eR0NvxyrJzTS+qENkN2DVlrUo
+qcwE/P+9iA0eL3oaZROmf5zqOJ6dw0DHYHiEZH6u3rAd6fG1X0gQysvaDIlxMcCt
+d6BaWAaWxn9GR/9Jwi/imjiVwgzZ5xlll2KuDBt5pv7Gl3o39KIGB/kJ4amgBA6l
+ucxz6BnG7Wp5NgTRQpGnSptptIDinQy+0deTYoi7+iCttzXf9mrETOcTJNOZA0PN
+86Y3oRXxtGlORZg9ikd6FpYqtYVw91S+v/r/yfYm10GHltaHbw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 48 C5 C3 96 59 8B 77 F9 C6 6C 80 92 B1 82 72 D7 DA B8 9D C0 
+    friendlyName: Valid Name UIDs Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,424E1AF928678900
+
+YwTAyp6DSje4XkbA6+7pLIXYEGioKDM/iFTS+W4bDgiGY9tGEI6Js4DC/lrmTYhQ
+By//w7eBBFF0ELFJBcCgJppFVhSEGslvCf+Uwf6IMPJ12MBCGmGrDoIQB7rlfOrQ
+yRB0QHq4tLBQBFHe6cMPxJck9hFZU1r18rwDpbZDIP/c6Gi+NBBp4jj1lWHhZ+Jr
+NogkD5lv1MLJuZKog8r84W76VdELoR9L6uWkxPC3R9EaafWW7DrMo84FqUgEAQ/l
+XcUng/IRTzXpfr60m4WcvJkbXcaE1R9SDSnt1kn2Y8MJku/s7wjT+iu2RMwEww9c
+XoLHECtPhmUBoDgTSHU98sL6tBlAaonsmrMkYsZTy8bmdmsQlCF3AdHH9sA17FOg
+mUqwyRyZzMk6A/Pnb4Y8/uLO5EaALNpxN0pEd7s6Aycuzzrj7lNgvC6lem+JHZyO
+fDcwCdgCLiIQol4xrYWyALc74fssBh1ZHxQrbAbZVC9jKk6E6akS6xxZpXcV/F9B
+R3aMxOz5oU+cZyhufHjuQelBTe+S6aPKzVfQwO9jJ7ClSD1zoRnwOkIqCMLLmK1q
+0XMSX8vX0AX7zIQfQCOpyelJ8W3lJBm2RHB6XEoDxziRJY13UaT+Vh1ToSvJgbWp
+P/gGP+0M67ZFhO5w6dvaBGEBwpJpB7TrQbpUN/X66bb9qdjPl5/V2NRe7M599LFW
+WaO+Hxyof4Y+fElpDENdxLPT06xRWYEpwsOHdgdCdFBFyy0Tpes3tm8BizQfTDbI
+13CCoCHEwoo53x8jE1IJb8LuvxzVa5Z+CldEqXzXkZY8/I784t8efJ7yeC+9kjgz
+hT/GB65rOT0+2yLJfZnaU0I6XYHvaHfuyBHy+Ah5Y+rzF8DG/aMIMo7GpEH5uCF+
+WyDouWECjzllp4+vOCEua/5+RsBjzS9R2ep63AoDlNBzieHc2FouSaBobUNXHZrz
+SuSziiuiFVLfV1iD68TRgZGclf3BUx5QaoEbyR2poH1BnY1Kf5SQVgctBjA0oROb
+a0ngVuAXnUDIAl9dVNb8CQZlXf563znQVE8QVeuPiCgboyQsN0hwDiYgxUPUAdH7
+0CUKlE44ZfTQtQLPUsvwBiPEmSkDaSg4LwstxMv0kQYjygfaAlCFxUANi1Bg15Zx
+06ns8ACHPhD+QSOCtLqrhK0CAFJqek54Oma+GmdhvBSN7L5SmZ1f3wwhge/zumE1
+OhwJD30Fcq2aoqYJG1Pa8B/dV7i8qpTthCfva/dd0LldmRfnUZRU61rr9eSJ1a63
+NNEnZBGGgMRSeIKGUX4qTi0IltuazgKZ+6JLGR74xTi5RIpQIVz8xpSO4qbE2/df
+B2woTgXGvEjiThx7lC0/elQf/Wsd6xAqF0JPFV4NfnsAYSVnUKKiuy8+Yxn34NIF
+OMd/CJw+CR/HoA7NmpWacdo2TFEnXHbiLDX7YTlU53G/KNvcao5yHhJJUJLabdhl
+9fwca4WDXb3B3rOVATjT4NI1SK2JALP3xaBfo4zmM+EZLqkaZMCZLqL9sA0C7msv
+Q6Z+PSFoHctZsyrpwnqE/uHhDb5iZSB75uLFDNVN+VUhvfCTIlG4hZNPYu0pJ5hY
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14.pem
deleted file mode 100644
index 9a22bdd53d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14.pem
+++ /dev/null
@@ -1,114 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Negative Serial Number CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfzCCAeigAwIBAgIBETANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZTmVnYXRpdmUg
-U2VyaWFsIE51bWJlciBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw5yD
-rVmP3dVETqSrKKVXvXWAnpc5K5Xh6mhHBvy/YpoERigE1MP8A/6eE3mY6OnMJVAh
-QJRWniYBrIDg5zR873cTAbn1O7MwSfs3LLxEO81iAf2k4nFFxAGtQp5AUwx0cQVK
-8oMVty8BEcAkazVA87HQgpycQySqDLmklHNqkncCAwEAAaN8MHowHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJCMpyNNS/fqobISh7nA
-0w4zWMuCMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBYz9xXPhMcniA6W0RG
-0A59JbhJJpAZmnLBusWQjWYIZsVit1M1OXc/zDGAP/ik3blednL+t+wbdJc1qg9m
-4bgoXS14lg+6IGMF2VWcoKkDJDIHpkVrdQc9WGNm0qqPyHGW0ggbi5VrBv1potkF
-xBtl1WkY3ZTLuI71pJ15ebGZ/A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Negative Serial Number EE Certificate Test14
-issuer=/C=US/O=Test Certificates/CN=Negative Serial Number CA
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgICAP8wDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQDExlOZWdhdGl2ZSBT
-ZXJpYWwgTnVtYmVyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-ZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTswOQYD
-VQQDEzJWYWxpZCBOZWdhdGl2ZSBTZXJpYWwgTnVtYmVyIEVFIENlcnRpZmljYXRl
-IFRlc3QxNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyaurbJH9ZU3CCKl1
-jedpYcQntOZVxoXqpoC11EXMnSgUPLtVfWuoClVqZaOYnkz2hX1aomA+hGT62UOh
-f1CSywco7QnAAlWwu42zT5iJabaCruBWz/PqdvWkSWzcrMfuyybPEsil8hgaN0yl
-VNXZvUwPUtfwUndR4UltFdPmJPUCAwEAAaNrMGkwHwYDVR0jBBgwFoAUkIynI01L
-9+qhshKHucDTDjNYy4IwHQYDVR0OBBYEFB28YeqZDPts27Viz5LcntslD4A4MA4G
-A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
-AQEFBQADgYEAJeShrxatt7S4H209vnaUvVpExfX57AGRT2t2QVz6ztEWMt+BGBQN
-FUeSeU03d2ot+fwxxvrmUcG9ofkKIP69tTUgObSRfwC39UjKModur68cBjYqscl8
-d5fI2pAS/xXHK/+OoBBAmHgAiuMMbWhQn7ZCI0qJT/t4eHAjQlh5/SI=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Negative Serial Number CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:90:8C:A7:23:4D:4B:F7:EA:A1:B2:12:87:B9:C0:D3:0E:33:58:CB:82
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: -01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        7d:55:77:de:74:f8:ae:25:02:35:ad:53:74:92:6f:89:f9:ed:
-        b3:4c:bf:a7:70:b1:0e:20:4a:c3:03:7f:a9:99:01:5b:5a:a0:
-        67:df:cd:74:08:d6:80:2d:ca:f7:c0:be:9e:68:35:d3:79:89:
-        45:a7:6e:f2:75:86:e5:28:d0:00:2c:96:14:03:96:eb:75:d0:
-        fa:a7:78:f8:50:e7:70:6b:cc:1a:9d:8a:30:1e:c5:5d:22:a9:
-        ef:dd:07:48:85:87:d6:2f:15:02:d0:07:81:2c:bf:fa:c6:ce:
-        49:03:44:08:37:f3:f3:79:b1:61:ab:c7:f9:21:29:3f:4f:cb:
-        36:c0
------BEGIN X509 CRL-----
-MIIBajCB1AIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGU5lZ2F0aXZlIFNlcmlhbCBO
-dW1iZXIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgH/Fw0w
-MTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1UdIwQYMBaAFJCMpyNN
-S/fqobISh7nA0w4zWMuCMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAH1V
-d950+K4lAjWtU3SSb4n57bNMv6dwsQ4gSsMDf6mZAVtaoGffzXQI1oAtyvfAvp5o
-NdN5iUWnbvJ1huUo0AAslhQDlut10PqnePhQ53BrzBqdijAexV0iqe/dB0iFh9Yv
-FQLQB4Esv/rGzkkDRAg38/N5sWGrx/khKT9PyzbA
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14EE.pem
new file mode 100644
index 0000000000..d400051189
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNegativeSerialNumberTest14EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D9 A6 ED 2D 15 8B 48 7E 54 27 B6 DD 2A C5 95 98 23 AE 96 57 
+    friendlyName: Valid Negative Serial Number Test14 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Negative Serial Number EE Certificate Test14
+issuer=/C=US/O=Test Certificates 2011/CN=Negative Serial Number CA
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgICAP8wDQYJKoZIhvcNAQELBQAwUjELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMTGU5lZ2F0
+aXZlIFNlcmlhbCBOdW1iZXIgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBrMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE7MDkGA1UEAxMyVmFsaWQgTmVnYXRpdmUgU2VyaWFsIE51bWJlciBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0MTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDlITWnwc4a51AQx39bPSv3yXmoWwt893rOAT2TyUaW0JoL4V429nq2KK4eS73Y
+O9ANnW4wkiIFpwMs7qGErId3x9TpP4K3Fs+QP1lCQtwjYFWGJekb2QI2jYhWPd7w
+YvZbYMM+Op7pQqnH3xuL69qH8hplbGOmwO9DoU/cSmIhFNAz9s9drx4lisU8MZts
+twarz+68DGUJTDIJgbB8Tqkimc6QaZBUQvY68wa0DA6eccxqXYLT1tWTtaru9kY/
+cRvrGFxHIw8E3Tmle9/Nhd8swZOHtKa1OqE7NPPsJtF5ETYZst5vSmk5SaC3qb8b
+IONR+qfNnAi1ZuSxakz20UoFAgMBAAGjazBpMB8GA1UdIwQYMBaAFGLkLjXGD8Xo
+kdALwY3etq/aiNk/MB0GA1UdDgQWBBQAZI4d4yK6xlDmm5mNqCZUF3QxoTAOBgNV
+HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEB
+CwUAA4IBAQA6I7Nx7MJAujumcj5Bl3gfBGd4ALdiiuHCwiO1KoP9FTYYeDVaRHg8
+TjO6YFwmgBBQg+aSvmi2N2m+vbEvpEyWLqlLyWg9WUZCk7cyUIti2+fbrbsATEtr
+iZ4dmVu7xDOF29Imoc8hig99oHBY9UdefJtzjlBQP3Mg/jyih8XvuYPNGxVVT3dg
+WtckNTq2O6v4SG64mbkTJxhbUDdqIBnoYIZvUkOzflWkr77YV7+q5iQzNCLMnNBx
+XRrFF3wV8V8dmuCVzHblVoyoKGmQHHWHpPaDrWy25aSxTSwCLdaUMGK6KCXlHhJf
+FHcc/suYcVKUB6D78BDupzMxpauERnB5
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D9 A6 ED 2D 15 8B 48 7E 54 27 B6 DD 2A C5 95 98 23 AE 96 57 
+    friendlyName: Valid Negative Serial Number Test14 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4B42B554B0E77C15
+
+SFJEBFQakKS7qSxbf/aksRqZ0y/tDavD0tnzn9yP6+/FswJs+d/ZXS8fHwW4Vg/M
+cCrouK4zNjbLwC0F/K6fGswfEWxjiXFP4xVOYKfx8+c10gmvaXENpBVXhWsaY3yu
+HIA6Q668DY9K3XCnjDQTuWQPi4725UHxL6/PQ04CFkndsQwJGqShGXTjSNpbAJ+U
+B+R59NW7PANP3S+CevBvHMgkKNCl5SXEJRb/HCzjzsDH/y2ScVkCpC/ImtE375US
+FerM146VBtWc76CBCNdQ19zzEvZnIz6EIdVM8oKVpzGlUd2UfCXh9R5Qu9fexpFC
+5jIpvUk3vTNQmvfyAvDlJ07vnedEgNgnrQn/cVgbcGYvNQncAFFG8N78CAivaSCy
+T1G+LSH+4zbnfWd68XXaC8NGNAMa+woMeta1ZOM+ThFFFM3Rb+8Sx7S8Mj/mNPSO
+wvDb+PIP6K67yQ3GXByHsMSfqeuIbSc2cLwBJ6lAZyqcSJhNoIJwKN0blPIkufBp
+RdJGUHjs1J/8hfp6fO9PsXdp/PzV6YJNHmHMHGlAI933kOYIPeaxPjeiu4RGsY4g
+5qR8wDK6sHr3iJ8Xb5U/vIxldDNWKp9TyGm36wagJ+qz7Q2Ro4/NYS0cmlPKUnod
+nDw7cLP7sxLDZ9/ZjaXOcXttqDiwQhV2sK30GF07Xps8lHvJ2jftwPyBVwp27jwG
+pPddZiO77Ft9numEnxSnVc0KsU4qdttIjxOkJjvgkwjiDFfu68WdHtT1UDj2arhX
+0JBAfo6l5cp7NoUVakDwhlY+/zSPU8iVFwHLl79t6Vdmrr7/6UDk2/gh6oez7ejR
+UAlnXRxQDN1jxT0jad55uZfzmk9u5WxTFRmaDDSH5zRH3PtQEl8AW5rTTmDhp3bh
+xgcqk9+FZ0fwUai85jssXX7iQiBkADe54VLoEukX6aKLZm+DVxayIduMKKDHj1Fa
+Trsz5rRarqcAc76jtC/YbSwFHzwYgAUmiJ36hpA9Lwfqv2au9TZroJzV21OY5hHl
+oki8OpywcIh5FO4rPPPgmcFMrnhEsvQTwMLAsDtqYYHLTpTM2Wv7yWz473Zsy00e
+fcHPhjdr6w1oLnbbHZJ4CBuakayrxA6snlvQ0Rke3ZjL+bystuxJHKBlGDn0ZHEb
+aqcg0razy+W6zudBiUic+PDOQCrDGZKb/adD1X14y5Xdew9hpE86zAaWzHTTN+2B
+H63PAib61sag+nFEgStFhele1iTV6sB5+jOMju/nQmRCmXbZ00Mzq5pho8f92r/l
+08YyD2mJJ7NJSnRmcURz7u9igAArY711McnpnHh8vDDmWDYvamYI65PYm9ZUm4TF
+Pmx/ym7gIn19Sxzxw37N4lF6UgMl/SHpMpSyTmH6EvwHwACRz30l3kbaAz0R11fJ
++tCNwPt7KqziDQmtDuaTB0fxo+XMZuIsuRT0uQYuXzL8rZLzqq5pwa+97Pmek4a5
+/UhW8NMSzWjeHMLUJSbScOwBegzAPsa7WC4HwxmKPX5dNBMD9ck8xdZIjm5NNWvJ
+SPyBScFhhsjcAX4BJ6D1rTpsp29TcC3AF8RPMk8sPs/ayLi+i7AU3xe7v0fcdcQx
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10.pem
deleted file mode 100644
index 88bd982c69..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=No issuingDistributionPoint CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBTDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFIxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUGA1UECxMeTm8gaXNzdWlu
-Z0Rpc3RyaWJ1dGlvblBvaW50IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQC+7yNDGaK8AFxVWkjA1JkTRG1Ze29lXbN/99oD+Gw2q2C9yJHbDB2tcVCeM2wJ
-8pbpFvzPv6TEGbmHVkvO32/pu/fhM5cGgzsZxXvEaQi6+Kb0nasof2lHEnO5T8BO
-HGaef+bGmAPcnJWU3QPU6Ni7kv0b9HLPi9BNFdaUGU+65wIDAQABo3wwejAfBgNV
-HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQULBOPxQ4nI9HR
-Qd/fYYS5T/Ey7DEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAItv1utyf+4Z
-3pR/ExgGC7oEyQ8VZYYdil+JMtcrqExHY/zVEbgu4Cq1JTu3uC2MGAYO7BD2aVGI
-0g9Ij/ikkEZ2G2mW3Lqar9JL/57BgPyEwIlp9czHYCx4M0tewGXoBeQdmeHK6O+9
-YJS+QJZz/98L8lfp6mHuGoZid1McgVLT
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid No issuingDistributionPoint EE Certificate Test10
-issuer=/C=US/O=Test Certificates/OU=No issuingDistributionPoint CA
------BEGIN CERTIFICATE-----
-MIIDFTCCAn6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAsTHk5vIGlzc3VpbmdE
-aXN0cmlidXRpb25Qb2ludCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMGsxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFA
-MD4GA1UEAxM3VmFsaWQgTm8gaXNzdWluZ0Rpc3RyaWJ1dGlvblBvaW50IEVFIENl
-cnRpZmljYXRlIFRlc3QxMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuYMU
-46Qzp+krE4xNOAL0bJYv9lOdlPMvMyU1ObejWulK7jGlVjYtf+KtVV+/BCajxoDZ
-LTSqx7R2RSJMaVQ41OzI3aHD5rR0M/ktYNhTotwcy0tFJQ6nwub0fTsjBLPSZZ6M
-UjGg5tiHZ0c/lBKBJj7BTY61F7kTWO5M7Dgz6XkCAwEAAaOB4TCB3jAfBgNVHSME
-GDAWgBQsE4/FDicj0dFB399hhLlP8TLsMTAdBgNVHQ4EFgQUpv9aWeCQYlWo0eBZ
-Sr+FnrT5hmgwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATBzBgNVHR8EbDBqMGigZqBkpGIwYDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMScwJQYDVQQLEx5ObyBpc3N1aW5nRGlzdHJpYnV0aW9u
-UG9pbnQgQ0ExDDAKBgNVBAMTA0NSTDANBgkqhkiG9w0BAQUFAAOBgQAnygifO5CB
-a6drkb7+IIxC6kXu8iPf648/puVdI4z8+u6p7gNdiaLEFmOPTQ8UDz2ih5aIHHl0
-hC5DWNF5udEHFCzGgMarH2kgkM08thSsxhe0rfAAjGVbGEQWpFWDS0+CXTEYLu2S
-A0fgLzVvlU+60EmmSDdOwNMTeKmElbD6fw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=No issuingDistributionPoint CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:2C:13:8F:C5:0E:27:23:D1:D1:41:DF:DF:61:84:B9:4F:F1:32:EC:31
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:8e:a7:dd:16:a9:a6:c2:0d:1a:ba:ee:cc:e6:7a:59:dd:b1:
-        9b:f2:70:22:7e:c4:3a:eb:9c:95:0b:63:0c:39:df:67:b8:5e:
-        14:7c:b8:83:75:d8:de:35:fd:9d:bc:1f:2b:87:89:ae:82:85:
-        de:35:26:ab:f9:40:16:ae:6c:9e:9a:b0:b5:97:5f:c8:19:7e:
-        7e:de:96:79:0b:7d:df:5c:8d:05:a5:99:fa:b5:bc:ad:f8:af:
-        9d:7c:75:de:70:73:0e:ae:1e:08:e1:7b:36:8b:23:21:99:bc:
-        8b:6c:2d:de:90:f3:c5:df:7f:15:c1:69:89:15:a5:b5:09:21:
-        80:c4
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAsTHk5vIGlzc3VpbmdEaXN0cmli
-dXRpb25Qb2ludCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAULBOPxQ4nI9HRQd/fYYS5T/Ey7DEwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEADI6n3RappsINGrruzOZ6Wd2xm/JwIn7EOuuclQtjDDnf
-Z7heFHy4g3XY3jX9nbwfK4eJroKF3jUmq/lAFq5snpqwtZdfyBl+ft6WeQt931yN
-BaWZ+rW8rfivnXx13nBzDq4eCOF7NosjIZm8i2wt3pDzxd9/FcFpiRWltQkhgMQ=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10EE.pem
new file mode 100644
index 0000000000..bad89bfbb6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidNoissuingDistributionPointTest10EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 15 05 6F 6C 5F D9 9A 75 E4 34 10 14 6D 59 81 D2 57 30 BD A4 
+    friendlyName: Valid No issuingDistributionPoint Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid No issuingDistributionPoint EE Certificate Test10
+issuer=/C=US/O=Test Certificates 2011/OU=No issuingDistributionPoint CA
+-----BEGIN CERTIFICATE-----
+MIIEKTCCAxGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UECxMeTm8gaXNz
+dWluZ0Rpc3RyaWJ1dGlvblBvaW50IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowcDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExQDA+BgNVBAMTN1ZhbGlkIE5vIGlzc3VpbmdEaXN0cmlidXRpb25Q
+b2ludCBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDYnGAHOLgjYWYIB7Bwhy8gdYVPI3JzxjmJzIWNO4uPVoymvcGg
+8CbIcpBtwiMtUpGWzF6atiNmJZRBJNFbzdUnIrxPDNiNaye0dIkK84WQ6uZwM/DJ
+Uisv3AJfMbZn9F9Pla9oHg2M8jiihfcaynBmq217R02tl4fESdxKQ1Nik4PhP2ZC
+UmEFmQBOZ/uc96vO6GubmzgfliuC8sGr7Po+vPFbIMue7PWUO0RKhzy/s0ax1fsT
+wJ6MlTx5ooxGNH1oOzqK/GIILIDt5hLhaDOSNsMh04DYNn7zl8tVwoiytL6l7UCn
+frOaoHG7DiTMe+BQsxrlM6VahvL96yaNcYqVAgMBAAGjgeYwgeMwHwYDVR0jBBgw
+FoAUs8tUv2qd/J/HMQ6SDKdHa5kAnzEwHQYDVR0OBBYEFNyZy4jEXZpmtXy5hf9u
++nIIofF1MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+eAYDVR0fBHEwbzBtoGugaaRnMGUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0
+IENlcnRpZmljYXRlcyAyMDExMScwJQYDVQQLEx5ObyBpc3N1aW5nRGlzdHJpYnV0
+aW9uUG9pbnQgQ0ExDDAKBgNVBAMTA0NSTDANBgkqhkiG9w0BAQsFAAOCAQEAKeZa
+DkaStqGWn5oALrJNBu6TN3iP1I4SQzEzchWs8DgM4EcHqvbP7erNZIRN7YUWKSWy
+Aqo4AFPWQWpWiW8oLdN0lngVBmSDD5BcEZnyAW7sjWp2m9qbaFowRg7VS0IVJ4FY
+2OOsAPefbsOuQQDiF6TRSbpNbu4VmUMjh+dYB3GXpqu1NMjv/L6u22x0AbRhwX6K
+8+DVBNDVN5/8HtW2uCtBNJepBfD67nvnpTJe8a/z43DKhsAhO1gh+ZDgzJ+7ZV48
+Z9BgV9NLRj1klaAFYKvPNWfErmFv4CH0hmr9OvD76MXebJMEfnsAXdK+92syGZUm
+R5IhOaKuIKb8Nj5Haw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 15 05 6F 6C 5F D9 9A 75 E4 34 10 14 6D 59 81 D2 57 30 BD A4 
+    friendlyName: Valid No issuingDistributionPoint Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BA6BE07396142839
+
+jnrtJ2XYc6ifyh6GqoXQYNgizHjemzQf905NGFRl9vRyGLKaUtcVBrjxwniUM4PI
+LWt+clqZ6XJNUZk816nmXp4CYZlNiCOZ8m9RH3w2uGS+BpNbPNZMiAXswxOAmlw3
+8527XorK0Bic2r9AystjMF7iOLr2EWlJHMGgFrhdGJRsxKmmcRXLM9SRvUmzBCOe
+XURrQRRDOS1K6ahWunM06UsoNIaqFNsj8kNGetBkGBIaX0nZklMGRPorxUf7EIlk
+QK1mlCZ3IZya+sZnJJe2tp5F0QJMrJeJDJzBkfnLrHl3cgG6QL96HtetMlIXCRGS
+INieUZ+wcHmaoc7odMCcnhFimi3fWMmWdx5DadkmIOyHpDwf61a9ZSTYtMV7DDpn
+RPiKr2JUfkORyApKJkt7Hl8NdjJ6a+xO/wPSAvFcS4e8+vlEQka3Sdg1jqLL9Ujm
+byYgug8eJLz5kag5tWyDa8mDwjQfqLxt6vqGToXK+fqetC8gYF69Ap5fj06453Bd
+/nWb7IRYbctBwECaRie4EU33sl/A+z+0XeOHZEt6EEEa1NkEyKbl9fEx0dM7Hxjx
+mTdR7cVhDcKa2IFNft0JQL5Tz7WfxzNKK5w0DQKX2hemURH7pqXQuWWxzmMjjBuW
+xLw2LHqXe+9d6xNzfJCWRLOiFQ3vgQGsQIkInWg7LwjlFEhmgip4PPokj9oPJyoY
+jRuy70kFDfJm91OY+EFMByHpcTSClRbn0eGiVRJbXfoFCtJBjz3ylgO4eWnIqTe1
+gAVlVXyyED6kTRk2TNQaWrEfyKcW+EnxtfEv4nsMAxSqalr8ysvnp3aIrVYd+t92
+Z9fi2XE+Liuj6D+5jZJkmiIEOVI/ZwYq9TSti6vxh8BSeV6f8T5pzzQZZiJwK3HF
+I7p6est+U+YygiFHL2mKk8pvJGylCV06YaPCeZQYuTatHXCIRlHSKXLhVnk5OIKQ
+GsK6yX3YgFnKyprz6HwYhaP/U9vzcKieVFduUsEKZjTLTJLPHeOdOOEGguPqoqyC
+Ky7JAYFdP1LAQHzEB9EL5OwM6Bd6KRqcvh638AO+//E4pNh6E6ffzmNH9sbb2Kyc
+rcTHKe0VQgxCBpwtpVUmUEYEm9p35DzbgIeTxcGtD9F8FK3I3YNobpPD+LPTLowp
+DvAJCUN0f9ABDM975WQNLlg3rlDOd6zYPrKoF09SgwF9t51auW5VokFpb3tJ/HZy
+JeR9vmzaaxTEdniUNh5NIViATsOiU6GEB+res0jUp9LY1k3AGWQyXvOVfH0hNu+6
+8xdWMnrI5HL5aJPrdW1KbJc/CA2UJZlKBgvkvNlmaE2mMb+TDpf1yjGdnfa4PbgE
+pGVO7q3UMo0YwRQ7nrnnSKKYR/o+qFD3NaqH09aOIC4DBYWLGkpyQBrAIqqpqxWR
+f63qrqCKEr5x4eSlvi8BlTeE1wEmBNYdb31w3mb6abR25HOtBRgL3jwcY0kgbT7r
+KKlMSazk8EauLfjiN78KQQEOmFtAlaTzXDTyQdlc/x7YtBoRaUxW2pUy5gA3EMG6
+TB0eX5ypHp2bT1Z6oTudUskfdas7lSGjeoOtqHN1D+8faN20Yd/GoQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1.pem
deleted file mode 100644
index d149d03e72..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Mapping 1to2 CA
------BEGIN CERTIFICATE-----
-MIICgTCCAeqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD01hcHBpbmcgMXRv
-MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMF0xCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEyMDAGA1UEAxMpVmFsaWQg
-UG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDEwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBALgTGZf83aaKeqRSCQeN8oi48i9I5mqVX9efN9WkjfAK
-0nLfV0GeAH/Y/LTtj99jOSIb2O1g4ayQ2SHb1v1UzTznfAyhVci9Oo7WBv5b5MMj
-+YezniLhIS7ChaLLIXfseVOQx53crjUb+/hfbyPMF4tkeKwNTVkExpxhq3Yp1MLR
-AgMBAAGjazBpMB8GA1UdIwQYMBaAFDc7iqG6jad0m8Dr1jnLIQyNo1Z9MB0GA1Ud
-DgQWBBR4R7AhWkyFIZrXxZjG6W4kxTE3YjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATACMA0GCSqGSIb3DQEBBQUAA4GBAAqwYJLUYNcvDniG
-4QbRntW//ZZ/jickxsLRWl6odrI5ecwfekAm8+zhuhtPTNJE4DvDEpZQDtzyRxQF
-ajMjlWFIZ0TehZVSSLGCX+DXAMgp2YxiDjIH8KsbiFT723q1y02U1RPVFiU4Oik0
-+3Cc7V4svmKHw4Dw+GWM/WuMHwJK
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Mapping 1to2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICrTCCAhagAwIBAgIBMDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPTWFwcGluZyAx
-dG8yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXwTHRx8gVHWtSe1VX
-oLPFQmGX4Y0U4v535jowfMd9254hmwW4VbZzK7rrXGOAimFxGHKwa7mkPEo80MIW
-8YQC5HZs3jaXLh/xsmV1qlzwceCXooef+wu8W0pgoJ63MmY+ZJWiNK2ygRV/EVFF
-x2ii8ZGDW+SKEX2WIYI7JhmcTQIDAQABo4GzMIGwMB8GA1UdIwQYMBaAFPts1C2B
-nsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBQ3O4qhuo2ndJvA69Y5yyEMjaNWfTAO
-BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB
-/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/
-MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEAphAVDZECciXjDiCta9HU
-ZubezLaRjcl0IaUmTlvuhUqkfGG2x1KhB6QTq7JGCmBrlxL93qhU+8sGW1k26/3p
-c3hc60bKZ5oBG96iN05oLWWF3udbqBESMO7gn1zX14s97qLtuqQAyuERy2L2uOkk
-n/emInqTFTixe284WjHR3XY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Mapping 1to2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:37:3B:8A:A1:BA:8D:A7:74:9B:C0:EB:D6:39:CB:21:0C:8D:A3:56:7D
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        29:63:8c:57:a4:35:bb:2c:2e:a0:1e:7e:c1:e2:0e:39:2c:83:
-        d6:5f:29:3a:03:70:63:aa:1f:42:e8:fd:3f:64:f6:8b:ad:86:
-        27:c3:a6:5d:48:9d:ef:6d:bc:be:7a:24:a9:6d:b0:4e:4d:58:
-        4f:52:c8:bf:dc:70:7c:ea:8d:5e:54:12:db:5d:62:c5:63:06:
-        2e:00:b4:d2:fa:51:6c:da:3f:41:04:36:14:ce:63:b5:46:e6:
-        7d:10:01:db:50:07:69:82:6a:34:45:0b:38:5e:f2:d5:8b:77:
-        e4:ea:6a:7f:9a:18:fa:74:ed:b4:5a:ba:68:f2:68:c4:d2:55:
-        17:9e
------BEGIN X509 CRL-----
-MIIBPDCBpgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD01hcHBpbmcgMXRvMiBDQRcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgwFoAUNzuK
-obqNp3SbwOvWOcshDI2jVn0wCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-KWOMV6Q1uywuoB5+weIOOSyD1l8pOgNwY6ofQuj9P2T2i62GJ8OmXUid7228vnok
-qW2wTk1YT1LIv9xwfOqNXlQS211ixWMGLgC00vpRbNo/QQQ2FM5jtUbmfRAB21AH
-aYJqNEULOF7y1Yt35Opqf5oY+nTttFq6aPJoxNJVF54=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11.pem
deleted file mode 100644
index fb6f7653a8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11.pem
+++ /dev/null
@@ -1,172 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test11
-issuer=/C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0Eg
-UGFueVBvbGljeSBNYXBwaW5nIDF0bzIwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBeMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxMzAxBgNVBAMTKlZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmljYXRl
-IFRlc3QxMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqoi/6nU3Hb2K96/H
-+9K+tll1HEWk3nCTUyNxX51p/j2CU0KannQFFBA/eohAi2m9L5Yo8awWKb1S3Bya
-vEGNPsdIVYLlSJG9P1epb+In0KNB8zN+UZv9Zrahi/B/3SFS1qUgTV4yLI0/V2n1
-r3YmjyOxr4h+Zqs6X90lEEh4mmsCAwEAAaNrMGkwHwYDVR0jBBgwFoAUkdfhtaSW
-CJHxonEvZtkne0qCk5owHQYDVR0OBBYEFD+Y+xstb3NLUv3ikgoUQ21QbUC7MA4G
-A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDQYJKoZIhvcN
-AQEFBQADgYEAI17tZ0uZ0tu3HpgcRcjJR6m4HmsRao6CJ+ew7HfvWfVRE3x86Deq
-VFDnp9mCv8VKw0ChV4tPFdkw+ceSsgThjSHvxZbghFC6YnG5Ymj9X/zjl4NCujCQ
-Cw37Mi1UZYryKZ7+qODmExTxKry4nIvSUvYei8wDynu54uzjbKv7Jc8=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICtTCCAh6gAwIBAgIBFjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0EgUGFu
-eVBvbGljeSBNYXBwaW5nIDF0bzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ANGY6UqVJ9oB3KneANaPiYS3vFaEAo7CVhPn358boVTv2/wQv8iwT9MvDcASa4Fi
-5kaob+B5k7T8qjNOtxaZJb69UDUDsAYww6r/NK5pkS1KNf7CJZW6/RQC06GsivKO
-kQoudXfGEjAMhmHNuEXS4biTlRuVUXJqLPq2yLwAJPZ1AgMBAAGjga0wgaowHwYD
-VR0jBBgwFoAUty6mgsvCyLyoeydE1zUz35oVlMcwHQYDVR0OBBYEFJHX4bWklgiR
-8aJxL2bZJ3tKgpOaMA4GA1UdDwEB/wQEAwIBBjARBgNVHSAECjAIMAYGBFUdIAAw
-JgYDVR0hAQH/BBwwGjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMA8GA1UdEwEB
-/wQFMAMBAf8wDAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQBNuXYJvgOn
-wez9J/K4ZZhWpMPo/7Qso2S6BAoJh7QdTymJKxD6nDnPwetIpbQkbEtq+V30ZA+o
-6v+0cntT/I7cm9JKOXMOKn35BODzS8u5UJTDwWc/l5SA0scCSRfTT9LJambCyz+m
-C0/k+v5zw5VpFozVY4FoV4/KnwIhJPuDwg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good subCA PanyPolicy Mapping 1to2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:91:D7:E1:B5:A4:96:08:91:F1:A2:71:2F:66:D9:27:7B:4A:82:93:9A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        97:e7:b7:e3:46:cf:59:49:72:d2:0e:de:0e:f6:c3:1a:ca:34:
-        59:50:f1:2d:fb:11:31:f7:bb:b2:f7:dd:0e:fb:bd:6b:7a:7f:
-        e7:dd:02:be:6c:7b:36:1c:49:50:38:d9:85:67:97:a5:0f:84:
-        49:de:8a:d5:0b:d0:36:fc:6c:4a:82:cb:83:73:ed:1e:af:31:
-        dc:0f:6f:eb:69:18:67:b7:fb:1e:a8:1d:a5:36:84:dd:05:72:
-        52:f1:51:e1:93:6a:ff:2f:92:6b:7a:c1:67:90:0b:7f:66:0e:
-        f1:83:22:d9:52:5e:f7:58:5d:5c:7a:1b:69:84:91:da:b1:18:
-        11:c2
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTIkdvb2Qgc3ViQ0EgUGFueVBv
-bGljeSBNYXBwaW5nIDF0bzIXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFJHX4bWklgiR8aJxL2bZJ3tKgpOaMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAJfnt+NGz1lJctIO3g72wxrKNFlQ8S37ETH3u7L3
-3Q77vWt6f+fdAr5sezYcSVA42YVnl6UPhEneitUL0Db8bEqCy4Nz7R6vMdwPb+tp
-GGe3+x6oHaU2hN0FclLxUeGTav8vkmt6wWeQC39mDvGDItlSXvdYXVx6G2mEkdqx
-GBHC
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11EE.pem
new file mode 100644
index 0000000000..1dfa4e8164
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest11EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: BF 28 4B 8C CE 26 A8 81 42 DA 3B E4 E0 16 5B 68 08 A3 F0 9F 
+    friendlyName: Valid Policy Mapping Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test11
+issuer=/C=US/O=Test Certificates 2011/CN=Good subCA PanyPolicy Mapping 1to2
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMiR29vZCBz
+dWJDQSBQYW55UG9saWN5IE1hcHBpbmcgMXRvMjAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGMxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTMwMQYDVQQDEypWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0MTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC+1d+dhBTDr0hkQGmjN35m1EjSSp6klcio007bUt1XEDFrmlcLqUaXwh7h2Llm
+uQls+Tg+dLpiJNkS+rFqhiMY/8juZ0cJ8kTzzD3tF2Nn6Cjt9643MAFgpJhS2m01
+/6jf4BSbLIy4bZCpes+3X63YPn7HkypNh/praDdnsBl6FVdMVFgSVF/IugL4OQHd
+sDGFTlxLbslcKPdGGKnMWRV1M7Socp1saxeNISc7O0PxN3HZcxthxcmQIw6yYCRQ
+sGM2nbm3kqvjVDKP4A0wxirsP44bIuO+XplnSIjflFDDYmwHdwHRQj3wY9bBBmp4
+cjCNkcCanyNupu7ervRfxQT3AgMBAAGjazBpMB8GA1UdIwQYMBaAFFtzeZnjrgbT
+iqYzThR45KAdseTJMB0GA1UdDgQWBBQ3/goQT3nXcdLj9bsgs0wszyJ9qjAOBgNV
+HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMA0GCSqGSIb3DQEB
+CwUAA4IBAQCqSXXia8C9CKK76G4gSKmXrWLRVJ/uE6oXYEKiGRWKny3sKj1sadSF
+M4k2OfXuYCYUUvs+kZAulOeUZ02oh6WOEY9o4YH508JI5jyFeCzObQYqL4G84NyQ
+Cz96Tedck64RUvcuPw6BqyrpMqVQslCrJGY/O+2jZ5kWi3pRd72r+z/6e7OvS/N8
+F5VRU797A3vTwbbM1tjBlz0nVyezE9rdo81xP68jeKRnveQXsn1RGUSMLnT6vJbT
+KGU80YD/l6dJgBS5qhgGYYk4ZxJuHBkoBfeHuM0NcwZHfqYowccNub7q8x1fiNoj
+lo2TLCGcjka1s6RCQnucPVgfxwq1D8lC
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: BF 28 4B 8C CE 26 A8 81 42 DA 3B E4 E0 16 5B 68 08 A3 F0 9F 
+    friendlyName: Valid Policy Mapping Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F840D6C78D9E33DF
+
+lqRQHkeQ/Mysa/UqRSP6CZzr6zT4MUnBJFqXXcnadQaqJhTIN8Uf8pouaLIpskdW
+ddbPI6Tif+OjWPyaMuZSjKIz58XDqPXkIlAokYlZrl/KgdVMUns0H7tZt/ywCql/
+UnNEB5N4K3bDBTKE55qEubh6iwA2EGWpo8VzwZea5kfBBsKFJVtZgAhFuYqnJyO6
+lUnNGhdFLGgmpNed11cvQoA0UKGfQvBlFwsRZyDRTq8iBcZ5fMhp3uuFybK9IluG
+RaZsMai7Sm4hif1PvsTGor3JKFmawWckiOb4sGluvWVRDkEn/2C2LY1uETJZd2Cw
+nGiuhsDf5Feu0nYw+E3p5UIs1QfFYql/jE+1+xbGzDaj2V805l4e7iQmVgjbVYBy
+tzweGtTswnMGoPkppqdRBUH2p2nbtMPcnQyRlmvD61OUWPH7WAtZwg44H+KZ3zQ2
+WlB4ewMXGcvlVN6xhoRq+bQlRmHHlWR1Kx7Uyn6Fkuzx7RnTb9waEgoVXNwd1fWc
+uh/Z9NKb7blyKDsZyf0zMkrJzXSYLTWYD9JnMpi8Z7Z5nd2fd8oRTHSpeudauUE0
+r28vrjTMEFZg8kDHX0pnA7HenZXSBhL93VOR88d6y6e52uG7fb05bhk+xD0HZcg6
++5kEtq7kfAaP6OO10EGwOQJXIY4p1xantw9yDTR6hL5JkP/byG25a7i22onEW5Si
+51Kv6dJuIHG5x1dVxpA/DsDpD1raQknyI0ZS/R1K5GAtjJ9zukagARKBrlaQ4oTp
+zpg7EKQhN8NAE0O8JDlx0WpQ58UQznPrOTl+RLjA4QeI1xRektZygH0sf44mMu1T
+M87ZNfydc3/mjvopj8Ki+AO1Z/8XaxXFCdGwSC7UKHK4+3tAUrolsuYq1mE3TVHv
+GIEuSnojFg9cy5BX5bjdNH5QawWBot/5tbYzrD+OO09uhVPWRaHTW8N4ZW7G4OVp
+eROdhI4SlE2Zgg0vBRKZBL6LTAa46ozF8IM/2kXdXkFtQ4DCd8QAA3HwfCGW3G36
+TxvaWknmvqryn9SwXqv3tAYK///bhNh+5ZqXNkethdWIcGkHRC+DEjxe4XDN1zoy
+YIzkJHq2p1+vD4Iga2Age3IVCKrHBHCLLLk9UbMv+pUas5tK4yIyAG/ND00lUgoD
+ZMDHm3Z+9swm589tg0u+JpwCiCLSg1NIAE0Uj5AnGNil4fyzC8DhjeXJtsZfEMTu
+F6TH5qnPV005k2xTACe3uSavohAY40RwCKsG+RklAfh32muUWJy8tFRHKGkop4Np
+n1ezz15Eq0DsxQo5bLUNvx+1t/dCHxffPtb9xcXM42wEwNP/EOLwmBr8VUSOBNn+
+716CO3jvXQHc56RV+NSEz26kH9k0c9B6vrzeT5RDsrP+TtLPH1hxpyiRz/DtO7X5
+XwDIXZ3Kh3vti7/pwJVGkDJ5VwvF46HsbnClND/UDgnG514++33sBWP95xXEKpQH
+KnvFxgm/10u1AywBl1yq3hE7bulSrcaAcO0Po9EkQXxT7riCAn4eUPEO/x55Jrpn
+rLWP59Ex4GTo56fMXhEctw8DkYg7NDwrTkM42wmD1CqWEbG29x4wTq17mTvyGepy
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12.pem
deleted file mode 100644
index 2f35a62def..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICvzCCAiigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTUDEyIE1hcHBp
-bmcgMXRvMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmTEwLH6u6mb6
-kvz4ulbBVFC2Ea6WdEv2uH/vNi23mER2Nl+xAbeopiy3OLEiXavvD3uvVjX0bSOH
-BGk2j/ern/Urw6djfKt5V4O3NMYi6Grvfm346kdutjJuBcNlhLOE8mLXUguspocr
-AoAEjrQtuS4Bkb9A5wj3OYy4jr2JhtMCAwEAAaOBwTCBvjAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUreIKE61SbSWszamYogoEaK1y
-rrIwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpg
-hkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEw
-AzAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQAD
-gYEAEelnHhW6SAs3Zj4a5YMVTKDe7vCThen9bA1Awt3yFincViRt5/s2ZyzTN5fr
-Xi+2m42Gm+Anb3D7rpV9IJ/PahHq4yrKSrcAzhT3IcHbuHFNwiw8Z3T+31hhjJUx
-3atYpYOZZPYwuT0inFHJWRfBNA8NGBtqYlxI1C+/ucdy7ik=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test12
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
------BEGIN CERTIFICATE-----
-MIIEKDCCA5GgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5n
-IDF0bzMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBeMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMzAxBgNVBAMTKlZh
-bGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmljYXRlIFRlc3QxMjCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAiDGZx3j4WZj3UIYQBpID5IJr0ES7lhC5FAa2
-ErfScZEz3LrPW5r859dobtF5TBB1IGznyZmZBhwl2vmDMTOAJV827Mwn19ELd+Vx
-wAtFUtNszWAw1CQdx+kH+WJka6JxXPNQGWzgn/Q+Cbrq5BStqcZTHtF1NhVX4c+/
-9RdkUesCAwEAAaOCAgswggIHMB8GA1UdIwQYMBaAFK3iChOtUm0lrM2pmKIKBGit
-cq6yMB0GA1UdDgQWBBTkwpjC2Np+iZ8a8Y6b6DTyrLrvrzAOBgNVHQ8BAf8EBAMC
-BPAwggGzBgNVHSAEggGqMIIBpjCB2AYKYIZIAWUDAgEwAzCByTCBxgYIKwYBBQUH
-AgIwgbkagbZxNzogIFRoaXMgaXMgdGhlIHVzZXIgbm90aWNlIGZyb20gcXVhbGlm
-aWVyIDcgYXNzb2NpYXRlZCB3aXRoIE5JU1QtdGVzdC1wb2xpY3ktMy4gIFRoaXMg
-dXNlciBub3RpY2Ugc2hvdWxkIGJlIGRpc3BsYXllZCB3aGVuICBOSVNULXRlc3Qt
-cG9saWN5LTEgaXMgaW4gdGhlIHVzZXItY29uc3RyYWluZWQtcG9saWN5LXNldDCB
-yAYEVR0gADCBvzCBvAYIKwYBBQUHAgIwga8agaxxODogIFRoaXMgaXMgdGhlIHVz
-ZXIgbm90aWNlIGZyb20gcXVhbGlmaWVyIDggYXNzb2NpYXRlZCB3aXRoIGFueVBv
-bGljeS4gIFRoaXMgdXNlciBub3RpY2Ugc2hvdWxkIGJlIGRpc3BsYXllZCB3aGVu
-IE5JU1QtdGVzdC1wb2xpY3ktMiBpcyBpbiB0aGUgdXNlci1jb25zdHJhaW5lZC1w
-b2xpY3ktc2V0MA0GCSqGSIb3DQEBBQUAA4GBACzi00c5I7zzf41Ca5Ln8KYqgDts
-W6Jh0j2NzYtm2W1us5l1tx6UsE5uygoREiVScCXanYaKtiwW5QDqMZb/Uu+izmIW
-QRefqnHnyJqXxKQx8UwS+yNaIjT+ph7SJNF/DQrNwYWtNBD1vKhcNe8MDKWjAr9J
-P7k+rI8qg8ug3og+
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:E2:0A:13:AD:52:6D:25:AC:CD:A9:98:A2:0A:04:68:AD:72:AE:B2
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        94:34:62:ba:34:51:b4:ad:dd:01:40:fe:3d:eb:bc:6c:7c:89:
-        cb:f0:7e:e5:38:03:50:93:5b:68:ba:d1:ca:14:39:ec:a8:9c:
-        37:24:c3:0f:01:eb:14:67:8c:07:fc:37:1f:bb:45:b9:4f:5f:
-        56:ad:f3:85:03:23:a8:bd:93:1c:ca:01:e8:b5:1c:c8:60:18:
-        13:95:bf:5a:11:11:b2:3c:3c:27:69:bf:97:08:c0:b7:4a:7a:
-        39:5e:03:2c:67:5a:11:a0:4f:6f:8d:70:4e:e2:b5:31:73:2a:
-        bf:5b:15:af:5b:4e:14:e0:73:5b:f1:2d:cd:bc:75:44:42:d4:
-        da:3b
------BEGIN X509 CRL-----
-MIIBQDCBqgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5nIDF0bzMg
-Q0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaA
-FK3iChOtUm0lrM2pmKIKBGitcq6yMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUA
-A4GBAJQ0Yro0UbSt3QFA/j3rvGx8icvwfuU4A1CTW2i60coUOeyonDckww8B6xRn
-jAf8Nx+7RblPX1at84UDI6i9kxzKAei1HMhgGBOVv1oREbI8PCdpv5cIwLdKejle
-AyxnWhGgT2+NcE7itTFzKr9bFa9bThTgc1vxLc28dURC1No7
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12EE.pem
new file mode 100644
index 0000000000..495ab4e8e8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest12EE.pem
@@ -0,0 +1,69 @@
+Bag Attributes
+    localKeyID: 49 2F EB 88 FF FF A3 77 C3 69 8C 7E 41 1E 11 B1 62 70 EB 33 
+    friendlyName: Valid Policy Mapping Test12 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test12
+issuer=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 CA
+-----BEGIN CERTIFICATE-----
+MIIFNzCCBB+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UEAxMTUDEyIE1h
+cHBpbmcgMXRvMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGMx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTMw
+MQYDVQQDEypWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0
+MTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsR+um2sZ2YQ1PJDMx
+PRcsr0/O2t34DJXXvPuOJwddAxPoy89/ARwwYTkA9PXt9KgKpui/y4zFKMEbA+8H
+bZLQDzwxIxLtL8sxEarXLfvaCnmRDlw/gW0onAhdfcfxfrmlX2c2IaPulEzU14xE
+DgnBF+c2XgmRDRZcBTVrrdcHf7/pvnYU+De32CTzBJLox3TAALRveoFaHEBI79/9
+BELaRR+ar6oiKByFa3WMM8vszIr60pC1S22V6kq9Mz1EEpZo6RyfqzzbInXQYG0f
+6PS0sz5lDPHxBkNJh1LmIubJ5T4/Wz+eDaHkUYVtj4o8b5Jvab2kbOiy89E5slOf
+xsGxAgMBAAGjggILMIICBzAfBgNVHSMEGDAWgBT89I1hMzKAfH01h95fUvtp8R3B
+EjAdBgNVHQ4EFgQUH9UDtvGnSGlr19U5qGCO40QW4Q8wDgYDVR0PAQH/BAQDAgTw
+MIIBswYDVR0gBIIBqjCCAaYwgdgGCmCGSAFlAwIBMAMwgckwgcYGCCsGAQUFBwIC
+MIG5GoG2cTc6ICBUaGlzIGlzIHRoZSB1c2VyIG5vdGljZSBmcm9tIHF1YWxpZmll
+ciA3IGFzc29jaWF0ZWQgd2l0aCBOSVNULXRlc3QtcG9saWN5LTMuICBUaGlzIHVz
+ZXIgbm90aWNlIHNob3VsZCBiZSBkaXNwbGF5ZWQgd2hlbiAgTklTVC10ZXN0LXBv
+bGljeS0xIGlzIGluIHRoZSB1c2VyLWNvbnN0cmFpbmVkLXBvbGljeS1zZXQwgcgG
+BFUdIAAwgb8wgbwGCCsGAQUFBwICMIGvGoGscTg6ICBUaGlzIGlzIHRoZSB1c2Vy
+IG5vdGljZSBmcm9tIHF1YWxpZmllciA4IGFzc29jaWF0ZWQgd2l0aCBhbnlQb2xp
+Y3kuICBUaGlzIHVzZXIgbm90aWNlIHNob3VsZCBiZSBkaXNwbGF5ZWQgd2hlbiBO
+SVNULXRlc3QtcG9saWN5LTIgaXMgaW4gdGhlIHVzZXItY29uc3RyYWluZWQtcG9s
+aWN5LXNldDANBgkqhkiG9w0BAQsFAAOCAQEAfgUmAvc8LV3+9l0DE8PptL9L43/o
+bdmYSWhMK8uW7yPnOAyuntZKIT/ssu9oSHFL9dBP5HAnJWslHJqimNZAGanekms0
+uXkiqBOIEP6aMcnRKd734CgiZwnpcFzjPcVFySmBmu9/MtPOGXd4t6n8RrOewe9m
+0HEi0c5/FzdmXz4KtIrTxRSeB1MGtle5kz9ks4Jv7YVyqg62vagxSxYIYIQahYTG
+e3ilDUmdh9ws0RmJgp7PTQ/gV5qUwfWfv/tMWhNUyA/9bdCql87yhNTxokTdkmiZ
+N4ZkwYg0No52Fiue+ymxwvF5R6P36fDEP0phyjh6qv6NYxsdXwd97AfS9g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 49 2F EB 88 FF FF A3 77 C3 69 8C 7E 41 1E 11 B1 62 70 EB 33 
+    friendlyName: Valid Policy Mapping Test12 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B9E7A9E29418DE97
+
+pngogO5dyMFXmvYywn7YrUkWww8K5kDBvb5Qwg1Nzbqiw9uwhvLFzCnN5g4OzOtG
+0T1A4TvSLdcEiVfnF5ZMxbzG68dVZ+xFu5Gy77CenCwYP8WXsqkLvj0YSqlHvg0L
+Rwv32AfltHb+P/ZpiYktGDECxwW1EeGkmm4ZaJL59VHHxTY+aoSNbc8X0lGTsQ0n
+qVFJ4+T/al8f/gVy0wKek/YxykCW3BAigFjzTvFm4LIEZKpPZTJ2sfMJmS217gr/
+9voeF1CgxM/ZD7ZLqYLvADNgDfE9qY89y5lGd4QNUxi/AwIuat0smoS4O3+XXVk6
+XmBQAir/TMh2QnZh5njazYlmKJgQYVw+ePtLs32Sith0lGWBK2zltVR2JcfHaUmM
+j8sXdlSM3M80ttIIQLImJS46Pi9ncrqoRFMx44EIvR/Acd+931LvaCzXpxDO/NTc
+aO7M4t6o5Ru69rLOigRkzMMQNFRr4zk8cmkoFiQYBtYshB3SOMGkK8jUpuAIRrUc
+8q1hpc8jWFCFim90Q2cLA7O0jROIZcZ1tubXc+uEP38pynbveWgxU0rf/lm2p7j9
+ZL3xp7zrjuGddS13ayR6vTmC67dBqF4ErJYK/3sUGTUwMt4WTGqXrlbSbnoZtee2
+OfqMUtc7GKnQjDFCikP6V9b6lGLsbjB+cuGxNdMliE3pxDQ7k4pLMiQONkBCHOVp
+z2BMZNuiH0Ow7gbQKOvmzmnFtKLCvJ3PSL1EszbG9pIcL7mmGshae0Jk55xdfZrU
+yBuMrAKipKmsKJUEh9yRAD3ikx4XP6X7RSw0o/61EOQs9VLZgmd0DKAdWEvQNlWU
+AYiehEodiNOxxcoGHzdBj20U/J7EP5cxa0KkNGKwQsDhbAY5kBPpTAjtqAfs5yg0
+p/l39O3c7ueXczy9LgoQ0nzNY/pXtF8jvPhQ0wlzkGOecbZSTVAbmUAj0VT62Ntx
+oaUHZ0o4ybpiCV4ezi9zPv3jkKBWYeKYpCAWJmN4uA59BNLnoxaIYonoX7mmg2rO
+GFizGXIfGQfPnm7ZVCLbXnjcgRsrUKhStYWR1+/C+8Ailo9QKz2BPXYk33GgPVXj
+lxqvUGdWRiBGDRIVbBRhbOxFTHltU9JWhQ/i/OquOYs76s7oj8PWFH9UNtUymVyy
+OyBqUse9+HsveOc03EHbWJYOTpgTb4eggQJ7nY7nGl4m/Lr3e+hZWtC2J1AgV2Jp
+VVgNiq+OLek7V3J/xzmqbUDwLgNZLVUD0bD23AbinegemBn+UxyKd51EoXziqh3z
+a6/n9V1NS34O1WW4t9kxRwKhgToWD2D8wFmbnLjFQhBfRm8jSX0VxW/x5Nb1Zmqi
+9Ekjobs2AdF4EpSuz7OrJS8kj8vuSAicAPVfjGjIfUoUvN+qrS+b+S5WFggHoh3o
+8PeqZkVbRFlPqpJhTDjxf3eeuFAWbuWzv5YTa6f4JWbq6zbQBkSCfvxZq7cwGETX
+OOG1InOo7RhTIT43Ir2i4uLyUzx0Ah7C5SMDtzCpnDHEtxJRbxXMDijHJ2/m7M0w
+oC81X+tLMxpvh4UQ9fJubiqR3ON9UiAB88c5CEhr8iDKr7KYWqCP5qQ+OPOh9c3w
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13.pem
deleted file mode 100644
index 2399b4163c..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13.pem
+++ /dev/null
@@ -1,117 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test13
-issuer=/C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA
------BEGIN CERTIFICATE-----
-MIICjjCCAfegAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1AxYW55UG9saWN5
-IE1hcHBpbmcgMXRvMiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MF4xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEzMDEG
-A1UEAxMqVmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDEz
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCr5cG4yqBgXjIPkt7dHP/MFNci
-pUHmbTfWoxKfaC+QY/7vElma6sMegYccM49fDN8CJSa7iF0vwS05cS1euHk2PfLF
-nJJamoTpf2iKxjqy6wemAmTH1cnEAtuhyArNadJXjvFmwV8bxyyaFW4GGnMj+yFe
-IJoTD65IuQMOLLg+xwIDAQABo2swaTAfBgNVHSMEGDAWgBQtN9I/nlnZ5r5Xovdr
-DxCCpq0D7jAdBgNVHQ4EFgQU3ZrqolFiawE0EWsHD7qUUa6V4pkwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQUFAAOB
-gQDgNwimYbq6g5crdMRHe8S69POQl1I4Qg6ZD511fwO2OUU/rmIbvqW5faGKHPMq
-Ubun6DrzamYGfx8HCa/vn46jaRVC2tTqXgiy6aWGMHv4MJl1bxS/yR8hqdTEWjG5
-GFkA7UWgU8A3MmmIUaBCs2QK5ZqTmsYuqX2inlGtBcvTrQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIEHjCCA4egAwIBAgIBNjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbUDFhbnlQb2xp
-Y3kgTWFwcGluZyAxdG8yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDs
-qiRQp8ZU1kWOS/tvtPAlHT9dGf17useanNh/sRHafDBRsOVVlS+kMA8Ti/8uecSP
-PEMznqfzcf7wvC64FNOt2P3rD/W3oZ7MShTLQF6C5mqsh8A4T+DDgdhNG5xtOAfg
-buRxp+A4KybQ7YMzRHnb5Z6UEKCAOv1NmaQpQU6lFQIDAQABo4ICFzCCAhMwHwYD
-VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFC030j+eWdnm
-vlei92sPEIKmrQPuMA4GA1UdDwEB/wQEAwIBBjCCAXgGA1UdIASCAW8wggFrMIG5
-BgpghkgBZQMCATABMIGqMIGnBggrBgEFBQcCAjCBmhqBl3E5OiAgVGhpcyBpcyB0
-aGUgdXNlciBub3RpY2UgZnJvbSBxdWFsaWZpZXIgOSBhc3NvY2lhdGVkIHdpdGgg
-TklTVC10ZXN0LXBvbGljeS0xLiAgVGhpcyB1c2VyIG5vdGljZSBzaG91bGQgYmUg
-ZGlzcGxheWVkIGZvciBWYWxpZCBQb2xpY3kgTWFwcGluZyBUZXN0MTMwgawGBFUd
-IAAwgaMwgaAGCCsGAQUFBwICMIGTGoGQcTEwOiAgVGhpcyBpcyB0aGUgdXNlciBu
-b3RpY2UgZnJvbSBxdWFsaWZpZXIgMTAgYXNzb2NpYXRlZCB3aXRoIGFueVBvbGlj
-eS4gIFRoaXMgdXNlciBub3RpY2Ugc2hvdWxkIGJlIGRpc3BsYXllZCBmb3IgVmFs
-aWQgUG9saWN5IE1hcHBpbmcgVGVzdDE0MCYGA1UdIQEB/wQcMBowGAYKYIZIAWUD
-AgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAw
-DQYJKoZIhvcNAQEFBQADgYEAqZ6Cif011+oMzp6bcMsfzt9sTBgpT4l35AbTC5sm
-zp3ur8X5X2G604yKkSXe1cf0F+fZSE6zjwizb1YG0owt1eGWSxCdAlkIFRang7OG
-Z93bEKBx3ysDYCKvemx0f3shGqJVVzMBo6JP6JX7Jnn385UdwdKO2dWzVhHXsP+P
-9sY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:2D:37:D2:3F:9E:59:D9:E6:BE:57:A2:F7:6B:0F:10:82:A6:AD:03:EE
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:52:84:5c:c6:67:e1:f5:70:94:c5:af:b8:de:1f:38:dc:b0:
-        65:8a:69:80:b5:9a:f9:2f:6c:13:8e:83:5a:5b:33:01:1c:d2:
-        a9:c6:c7:09:92:cd:17:9f:bc:f4:30:d8:bf:8e:05:c0:98:d4:
-        dc:be:b5:31:80:76:30:f8:35:48:45:a5:25:2a:92:df:1d:ae:
-        4c:88:5e:34:d5:ea:39:8c:f2:e4:c7:e4:c1:35:45:3b:6f:6f:
-        f3:81:e3:2f:43:ad:ae:e3:98:3a:7e:0e:48:51:cc:a8:15:38:
-        ce:38:31:9c:36:5e:a0:eb:f5:16:e9:43:a9:5f:77:a4:bc:44:
-        c4:0b
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1AxYW55UG9saWN5IE1hcHBp
-bmcgMXRvMiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAULTfSP55Z2ea+V6L3aw8QgqatA+4wCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAVlKEXMZn4fVwlMWvuN4fONywZYppgLWa+S9sE46DWlszARzS
-qcbHCZLNF5+89DDYv44FwJjU3L61MYB2MPg1SEWlJSqS3x2uTIheNNXqOYzy5Mfk
-wTVFO29v84HjL0OtruOYOn4OSFHMqBU4zjgxnDZeoOv1FulDqV93pLxExAs=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13EE.pem
new file mode 100644
index 0000000000..facfad2ce6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest13EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 01 42 F6 11 D7 E6 2A 0E C5 9E 1E 64 E1 9A 3A A8 E9 5E 83 8E 
+    friendlyName: Valid Policy Mapping Test13 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test13
+issuer=/C=US/O=Test Certificates 2011/CN=P1anyPolicy Mapping 1to2 CA
+-----BEGIN CERTIFICATE-----
+MIIDnTCCAoWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbUDFhbnlQ
+b2xpY3kgTWFwcGluZyAxdG8yIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowYzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExMzAxBgNVBAMTKlZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmlj
+YXRlIFRlc3QxMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALnps/1m
+3VaOuWJUszOp+AmWnTRIwJe3yRXQ/ysvNkLsbmpqhnmrpxIMjmcttViCxNj6BQ8y
+AjVAtnVSADQBiPP0ETES+3NEW8/VghqYzGJJ9H1Oxanks1Ef8mI58uQm9EWkqTJ/
+B+UjxgqCKkHhmkikpVT/SupdPALhgRw4cta4oouQ51jqoW4rDJrRhMdlPJ5Vaiu9
+m1N9vPK3FIKHMQGV3t1x8u/8T4xsed6ZynU+05zTwnzNl9mu3mX60lfRkLeSUeMa
+p31xBaivLBPyEB04dzzGQaXdhBN5PaJfw98+xLjtK18L26+jqSf2BPfUVDitbCQx
+HyLvSWWN6qntVaUCAwEAAaNrMGkwHwYDVR0jBBgwFoAUHwIoKDKOSoT4uItB8V17
+6CVSa4YwHQYDVR0OBBYEFDxAEkPP6QrslaJxGaIDcd2mbH1QMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAIwDQYJKoZIhvcNAQELBQADggEB
+AErtqbfufFlEyw6M9vWlfiVDCONgimPxftB15iPZe0zL/kVsUk6URd1rcQItVKBa
+ORFqxKp+VRg3kYdzgMUeRJB242zed+QryQlZIoaLmp9JGN/rz4P1gBzIYNmTy/pw
+kKqzkUQbzIWlf/0A1wCpI9LAxgT1TRJ5gLF8r1DrAUzB8GwH/vTzNkvPi2VFng+4
+hXds41goc3F49m7lnsKD9bMVEKDwDugcHx3VfeTT4lICGLvILNLkp5noMxSHtnV6
+N/mZvnAHHf3uE/PkXDibuJkm3LscaG85A0fQtiB1UYzm/IFVFW4K0NTHeS0UzyzZ
+UHjkzxIW2sNziGzljpb8+As=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 01 42 F6 11 D7 E6 2A 0E C5 9E 1E 64 E1 9A 3A A8 E9 5E 83 8E 
+    friendlyName: Valid Policy Mapping Test13 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,20959387204DF4AD
+
+DLyCmJEN31AHHkhdysWiXGs0yEAb6X9GIaKERbejhYuwjtVDQ4VxL2fE1h3CQ5Sf
+bZ4aGC2MQvCCqoWqyd4R+mVAnKHtNet7f4CSHMqKP+uSZ7xNYsd22KS51I1+n9mS
+2mPVFO3f6e9X/SW2IQkBrmklSYgSeiB+rT5Xcd+vKHOdegPkU/tXw6pz9ljDBeXn
+NauHimvP6431M45vP9AVePUnahDdirlJ0algSEEa1PbyrZRh12GjaHNwLkNBAYM1
+UUBHsJOX1v5fK3dQsZK3ajVKq+YiYdOnNsUOclO8B3cgecrNcRwOJw8sWrmsDmgI
+VmdxWsScQLlN7jXivJaBgp9ZLoPq7EYXjcm3kU2djT74UN+8yv06XaYkUj13tZXZ
+POj0DmlDjPpzQmZfuPbiGxzVPEynAKQiqsDeKLdRfWXLuVZaH8DBjkCPXsGbZVK0
+lvd3iVDrjAIHjWTgudbRjOoKuGiE99TaislJfPGBcKr6VlT+JsepYFst0FqhSA89
+gbbRB95BLRyLKdWuL7NdunipUPKvR6jj8LSOKcmQx5NwSwIkITBlhdnmwq+luLuN
+ySTfTp8u24Wb+mh6tU/x2tzRM3fFCYszN2yuUA65bWrj6KDr565419cKrfb6pmWt
+sCqHNNZbhOxD2X92tfNfrlq6i638Zbb3iLGP2MZ0qxvw6pAIh6SpC2GkqKdl6yM3
+z2V9yy1grmQbGdg7EpXDbQgaAMvHcwdCwVq4U4LYAG9tuUfDY826xK5RDuUqmPAp
+GMGriZSclEFOSSBgIZFX8n6NBzn1FiHGazyjXNG8X02VxPoAsiwS6lNpcGwciiwY
+2V/8Prc/1Zd7Pg2fz66DdIfPRbVLbMt8tpgsEKgx4isgpiF1oD2MHSLXRRt9ILFw
+gBTwI980UWxVMzmuwtsP6p+sVYSywX7RwDOiHr9HlArFM/SkDlv59fRgmHb/uuPp
+tFeB7RKDsIkJPKP22hAxccLAJiyhb9EjgztV1t3fKtbRol0YCe+zYH7drqbeI5vD
+xkp5M36b2FcZV0fxSFNmLJBo5Xgmoviqozs3sXbox86qg1EHcGtTs6J6J6SFu2sw
+PKAkGNLRC+ZdlZ/AWnZA+cGNgc/H3AZ9u11uXhqLx6/d6GSX6t7VIbq+MRnqYb7j
+6dy+iljT3HI2M6yi6DUU9IovVISVPLq3KGJvwMtv5VyO9EuB3fjmf6HpR5oiIl0G
+6T8R/SB5NKYRZ/bOu7ZUcGkgeMRdLlRk4o/V6xXL6ODFezl7rsgY9F/P7mItXSz2
+b0zTOLSQ62fQJIdmfTxFweh+xBX14o23buUGrp/gRVEEqXpmWMGmjx9tZ3Hpf9yu
+v+l0qA1pGCyq+8MM4Kkpn/sa+gQ2yo9IrDZEseejMTSQ9AGDY9cxWMjaeM6N89n8
+a/FNJIpiNAnqeIABdDfiyzbi9w6pp+8GNxYElF0almR3CfCbg6G3KzkjfkpRy3KD
+E2O5r6r6c7tzVwzCG1T9Q9smO6I+3EwacCAGda5hBPqYK7hv3ng5C+h1PvqNjfha
+8nbEkyRxVI8MqCubPc//0ck/8jRC69flpVaraxrc+72imo9eYIM05AhQEZDTTvj1
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14.pem
deleted file mode 100644
index 10b7912099..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14.pem
+++ /dev/null
@@ -1,117 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test14
-issuer=/C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA
------BEGIN CERTIFICATE-----
-MIICjjCCAfegAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1AxYW55UG9saWN5
-IE1hcHBpbmcgMXRvMiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MF4xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEzMDEG
-A1UEAxMqVmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUgVGVzdDE0
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw0i1MxqkhMcbORFEu5k6Y4Q0R
-5QY60nT/GZQrbH5OZMueDjhFLTTPfxvN9VWue6NgkPLQ/NgPlm0+DDz0+4dyMi0F
-h93v/27ZAOtBk0eTVvvsCvAyD5EBqW1PWcZHX3oWyaY9AWM2JHrZv8M/toQ4CA2V
-yJOzEOf1bJBfj+SUcQIDAQABo2swaTAfBgNVHSMEGDAWgBQtN9I/nlnZ5r5Xovdr
-DxCCpq0D7jAdBgNVHQ4EFgQUBBCEgvxOOcAPi/H2IhqSJnWk9mgwDgYDVR0PAQH/
-BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOB
-gQAg9tR9jL/eux79Ixd+MLGGfc6YC+FUqLyNErhpSQ7FiCc1jPwAFfyuPLiyBmJS
-k601bFn5fO2LKSSocHH9ezXT+x0XHajvaNlNd2w8YXKtrW5ogwty9q21c4VCuLrE
-ej5cBZPdSyp4RBkdBnjfPc2vRW6x0g3EMA03aYr0Sc712w==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIEHjCCA4egAwIBAgIBNjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbUDFhbnlQb2xp
-Y3kgTWFwcGluZyAxdG8yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDs
-qiRQp8ZU1kWOS/tvtPAlHT9dGf17useanNh/sRHafDBRsOVVlS+kMA8Ti/8uecSP
-PEMznqfzcf7wvC64FNOt2P3rD/W3oZ7MShTLQF6C5mqsh8A4T+DDgdhNG5xtOAfg
-buRxp+A4KybQ7YMzRHnb5Z6UEKCAOv1NmaQpQU6lFQIDAQABo4ICFzCCAhMwHwYD
-VR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFC030j+eWdnm
-vlei92sPEIKmrQPuMA4GA1UdDwEB/wQEAwIBBjCCAXgGA1UdIASCAW8wggFrMIG5
-BgpghkgBZQMCATABMIGqMIGnBggrBgEFBQcCAjCBmhqBl3E5OiAgVGhpcyBpcyB0
-aGUgdXNlciBub3RpY2UgZnJvbSBxdWFsaWZpZXIgOSBhc3NvY2lhdGVkIHdpdGgg
-TklTVC10ZXN0LXBvbGljeS0xLiAgVGhpcyB1c2VyIG5vdGljZSBzaG91bGQgYmUg
-ZGlzcGxheWVkIGZvciBWYWxpZCBQb2xpY3kgTWFwcGluZyBUZXN0MTMwgawGBFUd
-IAAwgaMwgaAGCCsGAQUFBwICMIGTGoGQcTEwOiAgVGhpcyBpcyB0aGUgdXNlciBu
-b3RpY2UgZnJvbSBxdWFsaWZpZXIgMTAgYXNzb2NpYXRlZCB3aXRoIGFueVBvbGlj
-eS4gIFRoaXMgdXNlciBub3RpY2Ugc2hvdWxkIGJlIGRpc3BsYXllZCBmb3IgVmFs
-aWQgUG9saWN5IE1hcHBpbmcgVGVzdDE0MCYGA1UdIQEB/wQcMBowGAYKYIZIAWUD
-AgEwAQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAw
-DQYJKoZIhvcNAQEFBQADgYEAqZ6Cif011+oMzp6bcMsfzt9sTBgpT4l35AbTC5sm
-zp3ur8X5X2G604yKkSXe1cf0F+fZSE6zjwizb1YG0owt1eGWSxCdAlkIFRang7OG
-Z93bEKBx3ysDYCKvemx0f3shGqJVVzMBo6JP6JX7Jnn385UdwdKO2dWzVhHXsP+P
-9sY=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P1anyPolicy Mapping 1to2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:2D:37:D2:3F:9E:59:D9:E6:BE:57:A2:F7:6B:0F:10:82:A6:AD:03:EE
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:52:84:5c:c6:67:e1:f5:70:94:c5:af:b8:de:1f:38:dc:b0:
-        65:8a:69:80:b5:9a:f9:2f:6c:13:8e:83:5a:5b:33:01:1c:d2:
-        a9:c6:c7:09:92:cd:17:9f:bc:f4:30:d8:bf:8e:05:c0:98:d4:
-        dc:be:b5:31:80:76:30:f8:35:48:45:a5:25:2a:92:df:1d:ae:
-        4c:88:5e:34:d5:ea:39:8c:f2:e4:c7:e4:c1:35:45:3b:6f:6f:
-        f3:81:e3:2f:43:ad:ae:e3:98:3a:7e:0e:48:51:cc:a8:15:38:
-        ce:38:31:9c:36:5e:a0:eb:f5:16:e9:43:a9:5f:77:a4:bc:44:
-        c4:0b
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG1AxYW55UG9saWN5IE1hcHBp
-bmcgMXRvMiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAULTfSP55Z2ea+V6L3aw8QgqatA+4wCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAVlKEXMZn4fVwlMWvuN4fONywZYppgLWa+S9sE46DWlszARzS
-qcbHCZLNF5+89DDYv44FwJjU3L61MYB2MPg1SEWlJSqS3x2uTIheNNXqOYzy5Mfk
-wTVFO29v84HjL0OtruOYOn4OSFHMqBU4zjgxnDZeoOv1FulDqV93pLxExAs=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14EE.pem
new file mode 100644
index 0000000000..779f279635
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest14EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 94 4A 53 1F 7E 3A 7F 66 49 42 EB B2 E3 62 53 3C B1 5E 96 C6 
+    friendlyName: Valid Policy Mapping Test14 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test14
+issuer=/C=US/O=Test Certificates 2011/CN=P1anyPolicy Mapping 1to2 CA
+-----BEGIN CERTIFICATE-----
+MIIDnTCCAoWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbUDFhbnlQ
+b2xpY3kgTWFwcGluZyAxdG8yIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowYzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExMzAxBgNVBAMTKlZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmlj
+YXRlIFRlc3QxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJpXBTA
+3EjsCM9UAoN4IpqwMwiEiVinUgeyznx8NNMjAkrsfSYyMGuchz7Ty/nobcdnUdnZ
+50UodPrVCuy/Cyp/8vrseLEElc2iCsXifGYGSNqxw7906l2rVOvXPQocc0Oa6eTM
+PeHQ//CnC3V209gER16XJ2u/cQshC5Hc6y8lnGf5JsMfcSuPn9QuWnsJt68YElOG
+y9UKmK6fbYHUKH2lwKRGHvCU6UyXgTGnaf50Yu+X2RPe7F7tBWYangT+W6JsgBzu
+SINOiTKjoAD4KysSn+jgFMcKQ6wLhFlb6myIFOX5c93qJ2z0pNCdBiKswpBwkxQ1
+BM4Gu6OY0EE2hGkCAwEAAaNrMGkwHwYDVR0jBBgwFoAUHwIoKDKOSoT4uItB8V17
+6CVSa4YwHQYDVR0OBBYEFP7baMrCM949EDtAPOIY3Qz4oLGuMA4GA1UdDwEB/wQE
+AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEB
+AK347siub9i/zLVRrZkhB/xSOaOpN/ReyvDZsgfdj9oyMHsB1J6ToViVwrx8Af2+
+V4a+ajppbH3FK8jq38FQiUqVwNT2N9MBUuBEBIdq74bvtj7saVjpuBWyPuxV0MMq
+X1zLln5p7KA1M1PNT4uB+g5D1a0MP6I8oPCSiFY6s5cDyzR+vPOXvf7/RXwi8rnT
+7hXgSU1KS5gnDt4qRS+j/eQYDQFZnkH3WIdbyupTmpFLkqAIL4FuNfBOwEJWijY4
+lvwET2SIsHPLLgtlg6lzyY+LmlJ0ABeFLxgCjPINOKj7yafvQa2G6kaAp34XU1Ms
+C0bZ/GDrvAwewPgQM54j7lM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 94 4A 53 1F 7E 3A 7F 66 49 42 EB B2 E3 62 53 3C B1 5E 96 C6 
+    friendlyName: Valid Policy Mapping Test14 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,704650279CABB0CB
+
+ej/Ec7hBM36U5YZxPRg8gj+A0lhQSeV7ETYlsSNseojvKfFNaRvTIalKKaS3Rkaa
+tiyNNcuufNvy6ddQzN/zX5UFlHAdlNoRyLY+QM4aiuGe/8RZBBRQYwb9jdRd6qDm
+lQI0sd+dB6Bu5Du74mHQe92IvGAXyW0g08HQs1afl1KWGdULH+ONSL3ay+vSzLHW
+7N0Q27c3vR0EFY76cjoA8N/8/AfJukQtlDxAIrysqGEVFP1EqOZrU26dcKFuRY24
+k6oT2VafpewKYaLwx2lHIQPCfMFBQX5qqQ2gvwrYDi5xmFNAgGJ2vpE6NUm9H+mr
+4JVFv/coQivFVIs4yqn5AJ2iZJ2PvG8oW/HMbv2tyrlf3zj+MtH2AjAyKN5Uy0Lk
+6wLEe+AV/Yh3jRzqzwwnYZia0z/hkvV2FC77F8NK8lwANJELoPC2lkHZwOK6da3m
+lWJ1VQoQPY5J2AouOThTCV3IFm4w+7aACx7R0apX26vndOTUSuup/U6PromxLg8J
+tM+xIQZBVKP7uY8Xbh6iBN0XCTTyINrQYByoMKoO7KjzP2lN75mofejFd1mopKZJ
+1UjdHXyGonF2BWupPv5OXuNRo5d8+6pRyqubGEijv8ttWqoW+uFU7679glE9W4or
+JFnvDF9ADclR2geMDc28H1C5rlcA983Qs2jUCo7jH9QqVvcxQcV4chIWTtOiHeyl
+4tk/BSiWJAY4Fa1FhitAXLHIiarj/MkmIA3sYCnOOU7hNvzUpmSu0vz5LRqCjrF8
+quqLhFqOVags5tEYAxH+CGuBNc+oSdL/c1u8mry4lfArs2jV8XQvuJrNEtUPcZau
+u63YuHU3G42O8DQJSboszH7/AB4U5Gp8tbvqmjCaWFarDn1q8fEqXEx9TlVtqNxP
+HtWhfcDuSccRP4JpGQXT5xFI5mF6LnlD+k/cbipn6BMrtRxd86fBU2QzZHUwyikI
+TSoab5MDiS9dpyIqzkO3jfr1PYhzpWyNBSaYJkbc4QFGIyx9FNoSQV+gBw8axO/7
+airaWgrToFsgPSwDAadGWr6rC+Jt8PVvFru7LjIGqcsHdPpWuBWJqn9Q8kqlb8Rg
+AUq3P8Jifg+YbMpukK98Le5pizyxsq0S4HFgB+0ddUvx68doHYl+5OaLSt23UrtQ
+DyF+QT0YbrF0NgkIa/PZd+I4NrxotPDN4G9Pa82jJ2hRJfBkennX3PaTJ6jHIP2K
+2SKD817l2k3Ds86qRCrqEIUm28y5ghNv3orSjY6BELzt5QLE3tuavUGaqXpu7OB4
+8OfxvBAeR4qoT+DvQetzOlIFiALlfjWWNBLXGcwRxIXVGUDOTfStBha8gtPIFZXW
+Pd4Ad6MYfiAn81R5NBrdEdsMF1Zb9yCLaaz8atv6+sWMSAjp5Xaa6arVP/LRg3d1
+ZYj1orrCK3BDlRTKAAycBcQBjwUe8n/0JHO8fS1IZridmbsC7x2HTaHdzXjouvA0
+p+xouoWQz7IVUFcFz0asqvpc9+bIlYN5en2O6gomSTKdOVT4fDOT9JQPWdnPogsd
+cmuLx0noBprZ9h6wHY3oTB7dMXKzBZnkwSm31BMXCpVQlAXAFZelAnElqtfGiqJi
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1EE.pem
new file mode 100644
index 0000000000..5ad8e63db7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1A 3E 81 47 B1 3B 3A 90 4D 6D 14 9C 50 FA B2 C5 E2 97 7A 9A 
+    friendlyName: Valid Policy Mapping Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Mapping 1to2 CA
+-----BEGIN CERTIFICATE-----
+MIIDkDCCAnigAwIBAgIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPTWFwcGlu
+ZyAxdG8yIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMjAwBgNV
+BAMTKVZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmljYXRlIFRlc3QxMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qw4n+hgG57EB2akKG9HJw0U
+1wJcwQKfWv52eTaKNomMg19NaikNJj/iPcP1wdIjZAATRynTDN07kpReiNXkE6Re
+5QdXFp8DzsOreH70CDBHDlPpvx10awKgAU24NiT2vEyGm3vee2V+gayPV4Afl+nt
+Oh9kWODmCIJyDRG6l9j0R0fYLR3/DQT+w0AGb1He2RS2N1i6dO8hTEDImxqMPLE1
+ezZmq+nq5MvWlTAlwbREnLXgB0i1GwZaL0RY1OogQbsxThAaGPqNJRW+qioH3A+U
+qgWEheSueXoz2AZsnhDsw0hL72MvzG28BOFhqtdeRpOW3gddnnJ+peluBdgM/QID
+AQABo2swaTAfBgNVHSMEGDAWgBSZxXhpyz0zdsKZrETlsA7+ufTbxzAdBgNVHQ4E
+FgQUlaI8n8HPjmgNunyqQD8HV1jeilUwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOCAQEAq72hK/CqUQUKPp93
+JCSZAQGtUruzmdRkery177NaQm/EDlhkXR0uEp2HToxIF0MJY20IMwBGR818tVEq
+b/XfO8up2yg1T2gkKCAqU+JMEctVeTD1qzk1eDXKTi0pcfDJ6LPuTHNZ9AInFCmU
+mczg+kqEGSk9Fwn/71Trzlm5oVkIsOv0CgTnoaSyp+qdSiBWYprSmwlwgrBnFMNW
+tOA/ukHDQ7IdVq5iE8lfu0j2do9FV/a1W6uHuxb+ZiEWD9HJ1kJ8a/7c6g/e3Z96
+/PuBVVJUnn8wD5Aun8yexdPAQC3ngJxEmb3a2lLlEI+FA4jRsaCBQHjKlQlZpM99
+Dy3BwA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1A 3E 81 47 B1 3B 3A 90 4D 6D 14 9C 50 FA B2 C5 E2 97 7A 9A 
+    friendlyName: Valid Policy Mapping Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C82746A5DC292BD1
+
+ez+wdH0Dut8Ngh7c1y1x2EJhVvIFHRbmZcVpQ9MNZHQSMIxO3qScxJc9/P8/4A1o
+iMLBBq8CLQGONQZa2W+eqf57/YqWGTIb2yNPK1yiF1K806KjHyi8oMGfB2pYX8KT
+x8p3IOH4lzFxarmiTNJze6HZzGUZp15hRcaVb4MAAlSC3Xmw2CEFWpYU4FDL8fg7
+NpdvPNOaGKgHKXQfsVqqD8MsB8jvRHINhpQ+0lUTuNbtDqlcPfvzVa+KKhoXcYGH
+lTajisATNn+Y66JpCcdkobOZ2qhAep39CigHDwltW6uUX6dKlU95Jokz91IsnnBz
+lHGfimrlMDGcN4OOLhSf0yBJrXmLLuWS3KPafF99ZXFlvklL6ophf/lhVi00T9fA
+jlCde7S/AwSlWvrXbFqAAah0EaoNs8/cX7s75Mp9iJ2J2r709F+ywxQXG/YYClf6
+Coiz7JyXm+mXWZtxfnL3JPoY1zLZp0Xq77dFfpyKfBrJUiMKUtJ0uTySYSvdLdau
+pqJWZY3TZO6718WAZOSzET5xe4mgfHrk4lGQDyCNRq3UBKYgRCcY6LqzcQLFODLr
+wHmGg/BZQ78kRow07jqL+fmKhTlWcKc/3uTuR5ZIBc9Y8P7Apnqalj7nvWrkydvQ
+JmtojF9guktjs2NLtzeCUtJkFNCLD8am8uawg79QpRFhyBzFFWVYjf65Dk6IowRf
+25qMaeUor6M9pX6i42lEsi0UgqvYMrGKSmrJ94nBbivvorHbSyXaC8RpAxEUVOhQ
+P1YlLvDx2sVsQ8UiTrKS/+KMfD/Hdj+pncTJvSpsYXHp023Tbw1JbFDZzI/aFj3a
+Z0VWQOyHe9L41NZsN8WsVtRFavlggSQSbXg2XMUKp1+x4y5LttwTx9n4uuCvVFJj
+/u2XO7zRGUezyoYxrobjoDmRNSk/tTPGG9I+TN6V0sW3m80oUQm200cmxrWSD0n2
+m8DUZmH7SRxMkqGFp5+UZA9H04efsZqSQeBu/MXweJaqrGHe+S6svdj+EusLJEj9
+6aYzzgCxw7K0gxvwKNdpR+r+IPLyuZo/rfqz6R/fiIsFFbmcn9QnLa1SiPAMJ03g
+Iuqqxj73alQxdcrSJL/V+etE8RHgK4TVO7bVrYSyGs3RvHlCLCOFuF5F+vI/IhCf
+1lefEU93G6dLnBBDCs7178CyNIkxj5OU7OdZQ2D49rUKpu5g/uEvGIPUFnO3x2HJ
+7GeoaSnv0dDXgc3HEapK8pHjPoLG4t636jkYiLwMuc5Msdg+W+wUdaLKqgbQW3CV
+HzU+E7mVA22nY3ar4iSlcjVtOxXq1A5tow7kOJzl+YErkz/6GpBtTYy5vOv5ohU0
+MbvMV0n7meFlKZlvZckkPyNmhq4PDwHi0IIxI5L+ZvZmfNLlscF1IYrF/nj0PEY9
+5KXCUNxuDbKJLcMORPZ7GYI7umwJ6YY741cqlVhBnPCVILr2YT/NsDMz2Xk8XGAQ
+gFggomds2hPgcLI2GolWaBaXXkgd9Hxfdz/t1EvrR62HK79dlqktNIIOLIx9ZO7K
+XcQbomjX3+yFeOA5Ix60GTNMRFy3U495lc6PMKTTey93/xnoOnY79T/rmKtGzH1p
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3.pem
deleted file mode 100644
index d5af222303..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3.pem
+++ /dev/null
@@ -1,214 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVAxMiBNYXBwaW5n
-IDF0bzMgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBd
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxMjAwBgNV
-BAMTKVZhbGlkIFBvbGljeSBNYXBwaW5nIEVFIENlcnRpZmljYXRlIFRlc3QzMIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLjaVgcxBArg5ZjazYxWoHTBcfcT/5
-qsS4WoFj+0UELOPixTqQjmJofe3JKjHSI1h9yiTTiyrDVRkKB3DPYLo8zkv7HQeJ
-sleZKw3rgNtSOKuMY/9E5Pex3Q77pOCXZES31n/xZ1BRfCHAkhA6QxSoePkp7Au0
-6R9jYczfn3FZwwIDAQABo2swaTAfBgNVHSMEGDAWgBT2LLG3KbWulX+w+DlBUy0u
-DwTjxzAdBgNVHQ4EFgQUx21mI2aVCGSW1qLGljar1+6L7JUwDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwCDANBgkqhkiG9w0BAQUFAAOBgQAI
-oGNjmv/QvuGxJUK+dcyZqM4egLTHcIlgtNw5QURIbyQz+p0EkQqlEly1G1f6jZg7
-yi0vbf2ng8f39I50HeqyGHay1/H9Koq5m0K+a9GV2mi0huLFL96U7b64ELF0z371
-W/OSduqoyZhrzBnTSuNoiqmlAlV8Z+TXjVSp1HX3Ew==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICvzCCAiigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UEAxMTUDEyIE1hcHBp
-bmcgMXRvMyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmTEwLH6u6mb6
-kvz4ulbBVFC2Ea6WdEv2uH/vNi23mER2Nl+xAbeopiy3OLEiXavvD3uvVjX0bSOH
-BGk2j/ern/Urw6djfKt5V4O3NMYi6Grvfm346kdutjJuBcNlhLOE8mLXUguspocr
-AoAEjrQtuS4Bkb9A5wj3OYy4jr2JhtMCAwEAAaOBwTCBvjAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUreIKE61SbSWszamYogoEaK1y
-rrIwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpg
-hkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEw
-AzAPBgNVHRMBAf8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQAD
-gYEAEelnHhW6SAs3Zj4a5YMVTKDe7vCThen9bA1Awt3yFincViRt5/s2ZyzTN5fr
-Xi+2m42Gm+Anb3D7rpV9IJ/PahHq4yrKSrcAzhT3IcHbuHFNwiw8Z3T+31hhjJUx
-3atYpYOZZPYwuT0inFHJWRfBNA8NGBtqYlxI1C+/ucdy7ik=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA
------BEGIN CERTIFICATE-----
-MIICwTCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAxMiBNYXBwaW5n
-IDF0bzMgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBNMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMT
-GVAxMiBNYXBwaW5nIDF0bzMgc3Vic3ViQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAJjo4/4TekqllLI7gPzmE2OceB30SRuraEVWVdR/lmFpFTks5fKkqf96
-WjYpnJZwaqE1ZdUQxgeNsswPm4pUAhVmU9IHvqBaM+bNXFsrwBOYYhfZY3xnwcxp
-IZsvkLPuEq1vLwxpn+0zTDOpDGf9zhiTrswEUoGYBwOVqRDaToYdAgMBAAGjgbMw
-gbAwHwYDVR0jBBgwFoAUXcS6eHk0JsNyV9FZ9KPiVKcocdEwHQYDVR0OBBYEFPYs
-sbcpta6Vf7D4OUFTLS4PBOPHMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwG
-CmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNVHSEBAf8EHDAaMBgGCmCGSAFl
-AwIBMAQGCmCGSAFlAwIBMAgwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOBgQCass0kmtqSdWX5lffBs/tSTSvnGK38REo2IwTFLHduO4cvzAyS7ProbF/J
-al8FtT9mdnl+NpwrH4KlFNu+uti47wFj9xov/kbcmp21DvZ/m8ihmStk4FG2r6Ad
-0gdmVfBYem0mOu/1r/F8deNFP/Dpd8w3KFnv3Dd9wZd/Eb5hrg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA
-issuer=/C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
------BEGIN CERTIFICATE-----
-MIIC1TCCAj6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5n
-IDF0bzMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAx
-MiBNYXBwaW5nIDF0bzMgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-AMsNrOgngQPHY/5QvmR5y8mHOJJ2T8Vjf+3/DPv5eMF+q11urxfCat4faDdtchBa
-QXOWQ2TEy6tqpR7u8UJ2wnI7phld51gAcT2I8V7swo/EM1Ga1i5bWa5G10vPmZw5
-l7QwqT/D6JkHdthcaJdQrBP9zesYPEp13RFQU9mP5451AgMBAAGjgc0wgcowHwYD
-VR0jBBgwFoAUreIKE61SbSWszamYogoEaK1yrrIwHQYDVR0OBBYEFF3Eunh5NCbD
-clfRWfSj4lSnKHHRMA4GA1UdDwEB/wQEAwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFl
-AwIBMAIwDAYKYIZIAWUDAgEwBTBABgNVHSEBAf8ENjA0MBgGCmCGSAFlAwIBMAIG
-CmCGSAFlAwIBMAQwGAYKYIZIAWUDAgEwBQYKYIZIAWUDAgEwBzAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHwK+aOYJpXAoXSRQ1o82pqD++jA/uvr
-2eJoXbcch64CAdRNuCA7rQoRAx1nSUgjoLmHcTDrowQzodrVXVmCmYqXxB5XswG6
-z5Oj09NorxHxpAs7E/izElYwEXl5n0NMInD6S2r1SWOnRpGnCL8PYM3gW+xne8rJ
-CZMIMADOWvrc
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:E2:0A:13:AD:52:6D:25:AC:CD:A9:98:A2:0A:04:68:AD:72:AE:B2
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        94:34:62:ba:34:51:b4:ad:dd:01:40:fe:3d:eb:bc:6c:7c:89:
-        cb:f0:7e:e5:38:03:50:93:5b:68:ba:d1:ca:14:39:ec:a8:9c:
-        37:24:c3:0f:01:eb:14:67:8c:07:fc:37:1f:bb:45:b9:4f:5f:
-        56:ad:f3:85:03:23:a8:bd:93:1c:ca:01:e8:b5:1c:c8:60:18:
-        13:95:bf:5a:11:11:b2:3c:3c:27:69:bf:97:08:c0:b7:4a:7a:
-        39:5e:03:2c:67:5a:11:a0:4f:6f:8d:70:4e:e2:b5:31:73:2a:
-        bf:5b:15:af:5b:4e:14:e0:73:5b:f1:2d:cd:bc:75:44:42:d4:
-        da:3b
------BEGIN X509 CRL-----
-MIIBQDCBqgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAMTE1AxMiBNYXBwaW5nIDF0bzMg
-Q0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaA
-FK3iChOtUm0lrM2pmKIKBGitcq6yMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUA
-A4GBAJQ0Yro0UbSt3QFA/j3rvGx8icvwfuU4A1CTW2i60coUOeyonDckww8B6xRn
-jAf8Nx+7RblPX1at84UDI6i9kxzKAei1HMhgGBOVv1oREbI8PCdpv5cIwLdKejle
-AyxnWhGgT2+NcE7itTFzKr9bFa9bThTgc1vxLc28dURC1No7
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5D:C4:BA:78:79:34:26:C3:72:57:D1:59:F4:A3:E2:54:A7:28:71:D1
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        15:bb:13:8f:22:9e:5f:ae:7d:26:76:5b:6f:8d:8b:a4:37:1d:
-        fa:87:83:61:23:70:ca:f2:bd:ba:ae:72:04:3e:0a:21:70:4e:
-        01:97:4c:e3:16:d0:ef:d9:31:50:6f:5b:ff:51:10:40:73:82:
-        0f:f2:00:90:1a:bb:f8:93:68:b9:0c:15:9d:b2:c3:5b:56:73:
-        52:d3:1c:0f:75:2f:51:5b:40:3f:8b:71:42:54:33:af:55:20:
-        c8:ff:bf:ff:68:43:78:93:55:01:fb:7e:4d:db:a8:57:36:34:
-        df:a2:90:75:bb:fa:23:f3:9f:de:e4:4d:92:30:65:8c:f2:64:
-        e0:01
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFlAxMiBNYXBwaW5nIDF0bzMg
-c3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFF3Eunh5NCbDclfRWfSj4lSnKHHRMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBABW7E48inl+ufSZ2W2+Ni6Q3HfqHg2EjcMryvbqucgQ+CiFwTgGXTOMW
-0O/ZMVBvW/9REEBzgg/yAJAau/iTaLkMFZ2yw1tWc1LTHA91L1FbQD+LcUJUM69V
-IMj/v/9oQ3iTVQH7fk3bqFc2NN+ikHW7+iPzn97kTZIwZYzyZOAB
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P12 Mapping 1to3 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F6:2C:B1:B7:29:B5:AE:95:7F:B0:F8:39:41:53:2D:2E:0F:04:E3:C7
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        6f:b3:1a:29:36:35:76:c7:62:11:6e:e9:29:e6:83:8b:5e:bf:
-        25:ea:4d:71:56:16:50:25:92:68:a8:a2:e9:4d:09:a3:74:36:
-        e2:9b:c1:52:dd:87:0a:64:98:58:da:6a:96:e6:c4:02:90:d8:
-        cd:4c:10:71:4c:98:1d:bb:d4:8d:7d:74:f9:34:3f:98:f7:8a:
-        5e:eb:bf:7c:8f:90:2a:7b:c4:f3:29:cc:3c:62:a3:f8:08:c2:
-        0a:ae:35:92:8d:ed:c0:30:a3:f2:a1:c7:7c:a1:68:1d:b0:48:
-        4d:c1:4f:50:7f:1f:af:c6:f3:a1:d0:ad:8a:1a:78:05:84:6d:
-        d9:7e
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGVAxMiBNYXBwaW5nIDF0bzMg
-c3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFPYssbcpta6Vf7D4OUFTLS4PBOPHMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAG+zGik2NXbHYhFu6Snmg4tevyXqTXFWFlAlkmiooulNCaN0NuKb
-wVLdhwpkmFjaapbmxAKQ2M1MEHFMmB271I19dPk0P5j3il7rv3yPkCp7xPMpzDxi
-o/gIwgquNZKN7cAwo/Khx3yhaB2wSE3BT1B/H6/G86HQrYoaeAWEbdl+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3EE.pem
new file mode 100644
index 0000000000..7793d24eb0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1A E6 3A EC 27 20 C7 C6 CC 83 BC A0 DE F1 89 9B C9 66 97 41 
+    friendlyName: Valid Policy Mapping Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=P12 Mapping 1to3 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZUDEyIE1h
+cHBpbmcgMXRvMyBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMGIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMTIwMAYDVQQDEylWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBofqJQybQy
+hloY6wTFGeWWDQq79xScjYNcGS3cgblO19DDYa+gw/1/6p2iVy7NxRnZRUCGSLXi
+f5dXWOaCE1oiyUWBbd0ToHI1MAlsDmXv4LsGceJzr659aeSRNn3aq2uQ4HgezAfn
+vPKL+OqnFTyaXD8VcPwoptkSoCVjG3qO/6O8X5xSI3UJZl+Pr0KeaQZpLJVznUcc
+dGROiHNUYzt/NgkxqPxusg1yfLlv1zKTl8ggf1j5uXbp305FLVAKWFENS0InNiZl
+gbSenXwg110BwtBQjE1cSRmD5xPqrmrCDuNBz1M11vB3TCFTlJLYBcjT/kn56e+P
+P0fixAdywAECAwEAAaNrMGkwHwYDVR0jBBgwFoAUAF05Pg/lqipeLfauaCqtM5s9
+m3MwHQYDVR0OBBYEFFdyv16sxo14G5DAn5RGpP4eU7xaMA4GA1UdDwEB/wQEAwIE
+8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAgwDQYJKoZIhvcNAQELBQADggEBAE0+
+Wkm1qVJobS6Lj4Au2vE32CuEL8H3Oi3jvfREIRH8wyFkYrEIDNnV1yKqMaYtvnxx
+62U1tMJKwXDHYENtgregZDVl9xtFYvNj3VXXBfeWyR/hZA9bsqf5KBmTopPCrADx
+BgZuGWnUhfcFFvUYVCgyCtrwCZXDgdoOab0oFq9gR6RyUJ/MbjSSsBzqILe7sPGy
+7bbKX7zeBN71c0lwfyUqXdqw2Ar/yyqtqY5xR0Y63hBhENwc0FOqlQRqzRdxieX0
+OdrRgGDiWUdPueXm6dE1ID6raiFgkbNjDS8P9w6JITApVYU2lf+FykcXUPJVbXeG
+4fQjsbxrjEFK9aUJduM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1A E6 3A EC 27 20 C7 C6 CC 83 BC A0 DE F1 89 9B C9 66 97 41 
+    friendlyName: Valid Policy Mapping Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E8F9024A549F3FA1
+
+7ChMT1T/ZW+0zg91e36RwxSOGvgXXmWJLJBbzK1gFJrdwUJOl5InaNrMZLe2Jh3K
+FYtggzWl3/9XNSELQgQNhHwNI7nc15bugP8Plh6PimoSifls5VO3ZjnEJCa9CyKq
+yh3s/lM9iGy+MgzariSUZSx5nReAyHkNaqWFhVDLbaMcdBIOY9+PZSltz5q3jF7A
+awbb638S/9I2tbHuXeE2DsJJppayYjDsbI9W3wMNmgcYzfXd6m+TCqXep5WijkDk
++L85APUy+p4erB9rgLE7USMAIbvtw81cmpFY6J6rN4EmcniUfZj7tKB/C6JLiwHp
+Qe0S0f0s96LuPqE/ITEk/LynxarFq9wpgMJ/fpIivW7yru/iAuMMW6JHs7OkDSOK
+4jAPtA+7X+EC7jnjFuGSDl8k0KEaVKi5yt/FcAO8I/NPpHJqebFEbSKa+caWkJQT
+aDOICSgx9kRtshUJzyySS93wsHCACL+fx/9A5XfUtsBvKWeJ8Aez5ijEqsmrJ5wh
+qgii2nZQX19u+lur75MAMznUswcJ5Q3MhZoLwhBw9BOSKq0FIeTNxXC05Tm+/hPv
+7yJyVPJaDAdmNBmAX3D6wpkxCrEpNBqtW8dHzLBMuBnW2+7RXvypUpF36sYyRTaD
+jglx3b6nRgnmfeLI4U0UnD/f0vfmb7+NyGognyQVUbeZzToGNR2unnBs9bJVKDyx
+FODIylSi/Pt8FrYTpZ26w2ZgLNshqh2FncCBjsVPwhEKbhL2IYiuTuhuMB8BhzA5
+1yvmgzGN2c7xVeprp8OVYEeWUWmeIHbWKywsRWWD2P2wmV9S5u8qF3Ju3rX6ylWe
+A9S3we2wiu6EEvP9uCWrHbJ4NIIB4YcforIWX6MtLaThSbYpuZrNHd1DPSBLGRu6
+qZtG6JLZ4dk4PzN4htJvEDqZw4lHiBpgovTtvF0N0YDNWWB4FnY4ZuQDucZitvyB
+y0hvM6VWBsaKLXDLeH3DwFX1hiiRv2p+PBRghxGXbfw3dwSSgXwVKtxJhj/N4xty
+lJnx521+8A0vFazzTazZLyDl0Zgfhx920cDL0WjMiSbFqB4dg4enZplUEMaXdMcg
+LMvPGsYzWUEkSyAfZTVjexhWb3L/HLxL4hWSy+nCOFGsbfNr1E1aEZVlHaDgE8GG
+0FF8eC8BcaKVkPG8u4h6NVkXJPbkAL+r58LPLQH1s3O5XqevShJ562NQ7bd33zRx
+gktQavo4Gcf4bGgm5FvugGTVCLN24h//rWBP7s9T80CnU0bxaq+5npVmzNBzSq4+
+CxHX6IUeK3wyr5PSSotljctQENzh1t6C5I1XfAGIubpK1pQnOmxIxzKG6Q3f8o+V
+OlyScauwiGXF3TVbvEJNcdopPfpZOXTiFzjv9gR3H40fNINe8SYqTfpDNao1g57J
+N3E56PuSICjuOf5fvgHFe7ksrRtKNagMGw5y3iUxZTvUGuScce+NkrwFjb/Y+wTa
+61oo/gNXMlnUSRU87iKrA8acXNWrb08KEIbiDCcIl2jmckp+IONiSGBpxmUjDsvz
+BJz/odpDNTQ5FlUZ60yIQAl3pqs/oavurzmcvet39hCxCieM5OMrqsXgt1F/1TYw
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5.pem
deleted file mode 100644
index d916bbbbbd..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5.pem
+++ /dev/null
@@ -1,163 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF1AxIE1hcHBpbmcg
-MXRvMjM0IHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTIwMAYDVQQD
-EylWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu7tA0m9E4vxbGx8d41Nw9YFiUAKWV/rI
-5MXmpuTVeWZr5ELloOLZG/UdWxsbxKWX+FmF+RLDfJ4aAfomI+J/gPjv01gXT0PD
-qXqflxdcvCR8kWU08UNs5Dbks3BtWaR+rF3Zrw/gz9cg6d/fGFn48gjtn8LeQz1w
-vqAP8w3woaECAwEAAaNrMGkwHwYDVR0jBBgwFoAUrQ/vHBeBV326g+8R/4doc9Km
-G5cwHQYDVR0OBBYEFJ/3EWzpeGSBUdimPN2Zptp/EZwFMA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAYwDQYJKoZIhvcNAQEFBQADgYEAmh2B
-OoSik/wvehYBZuSGtFC/NOP3yi9x6PCY/pzav9YZKgJZXeEJF78A5SVPFjP5BJcI
-c6ke+EApOv2lHbViBi7ll5xc+xSh1Ko77NOO4yrlFe8+ZiKz+kXizBsfbcKUYtKN
-KHby2pgphWXv93Xe0fIFKYeSWqoKvL3EHjc8Gtk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA
-issuer=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA
------BEGIN CERTIFICATE-----
-MIIC1zCCAkCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFAxIE1hcHBpbmcg
-MXRvMjM0IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSzELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSAwHgYDVQQDExdQ
-MSBNYXBwaW5nIDF0bzIzNCBzdWJDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAuxzFRezTkAVZWZReelvBKELugXp5Eq7O4Ye839Rxl3p/kBRLWiFz+bsyeeMl
-YKC2+df3mBhUm5dDtrttv+oGaGL4bquZgb6X5TNxSHDe/D+3BAyxbFn8Qfq642fP
-QvmHsQYWtT+dP5NUxFpss8ElrWi0X2UEzb5ChUalSf2Vde8CAwEAAaOBzTCByjAf
-BgNVHSMEGDAWgBTMp9HShu8hYwWY780byv/gRLPUkDAdBgNVHQ4EFgQUrQ/vHBeB
-V326g+8R/4doc9KmG5cwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZI
-AWUDAgEwAjAMBgpghkgBZQMCATAEMEAGA1UdIQEB/wQ2MDQwGAYKYIZIAWUDAgEw
-AgYKYIZIAWUDAgEwBTAYBgpghkgBZQMCATAEBgpghkgBZQMCATAGMA8GA1UdEwEB
-/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACas+sr4fsuwRW8lWjQQH9NDBg4OC
-4/j/2+haNy4neNyKBSFPg7g/HTOvalwVvR2OoEiVIdh2cLH4ELt3GVucJkB9Nimr
-nV4trKBPR9Cy/UTVzDvDS9NW7FEyTWtlVbTEU4um4rvU+7HkmY4JjaEUbqrdFcRf
-ho4KQe/QkE0wYcU=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC5jCCAk+gAwIBAgIBMjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUUDEgTWFwcGlu
-ZyAxdG8yMzQgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALkWaQEgKSf0
-Z8Rv+4X37UP7SJyBJFbt6QzzxNxVnCwFX+0X5rL44rsZBya1cg8TN0BvQjpF7hKW
-Ch5A0nARNvvI6cOBqQ5T2UryrVgzPb/dXebSy5e8afDUs8QqRB9dHb/m0AVC+hTd
-mwlok2dgnsm+DdpTaKbgKWi/jjlr8H5BAgMBAAGjgecwgeQwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMyn0dKG7yFjBZjvzRvK/+BE
-s9SQMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwWgYD
-VR0hAQH/BFAwTjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMBgGCmCGSAFlAwIB
-MAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwBDAPBgNVHRMB
-Af8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEAXs0UPa8a
-gMe7mdH0Zuxlka5P2WW5U6NGJTaF88e0d2LNd0rKAIY54kVS6qWRSb4m3fD17BhB
-HYeJt1wRTxJo/oSdKxOYY/2k1BQLH6HyqsgQsOq5V1KTBJSPsCVZxvw7i0dDtw4A
-VH9jyKpEN4XcL3k1hYHJvBU1sH8g1sE6vLQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:CC:A7:D1:D2:86:EF:21:63:05:98:EF:CD:1B:CA:FF:E0:44:B3:D4:90
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        45:0b:74:18:70:b6:d8:66:8a:81:70:d0:a9:21:e0:0b:b5:9d:
-        71:45:a7:fd:df:50:ee:d6:38:4e:90:ea:eb:a8:84:6b:79:0c:
-        64:6d:0a:4d:e0:36:20:6b:ec:c6:46:8f:13:13:99:18:21:e7:
-        44:60:19:de:b4:f5:ea:7e:70:4b:b7:12:b8:4a:1f:5d:9b:b3:
-        1d:cf:e4:54:5a:a1:8c:6b:ad:fd:51:f3:0c:96:c8:a6:7a:83:
-        f2:a1:dc:3a:a9:84:f6:7f:8f:8e:3f:91:ee:ae:e3:85:9c:7f:
-        44:b7:92:89:15:77:f3:b3:dc:13:fc:7e:87:0f:e0:d6:55:96:
-        ee:83
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFAxIE1hcHBpbmcgMXRvMjM0
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBTMp9HShu8hYwWY780byv/gRLPUkDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQBFC3QYcLbYZoqBcNCpIeALtZ1xRaf931Du1jhOkOrrqIRreQxkbQpN4DYg
-a+zGRo8TE5kYIedEYBnetPXqfnBLtxK4Sh9dm7Mdz+RUWqGMa639UfMMlsimeoPy
-odw6qYT2f4+OP5HuruOFnH9Et5KJFXfzs9wT/H6HD+DWVZbugw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:0F:EF:1C:17:81:57:7D:BA:83:EF:11:FF:87:68:73:D2:A6:1B:97
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        33:53:2c:ad:0e:6e:e9:49:14:44:7d:de:5c:dc:4b:0e:57:35:
-        35:18:f2:d9:4b:94:c6:38:1e:4e:33:a7:7e:6c:b4:b7:d2:72:
-        46:03:28:4b:d5:ef:a3:9a:ca:16:33:03:ec:bf:cf:e9:8f:a4:
-        4a:01:c5:e1:a6:0a:b7:4d:86:ee:08:93:ee:1b:da:ad:da:d7:
-        cd:6a:da:95:eb:62:1f:13:19:30:8f:f5:33:22:fa:7b:2a:c3:
-        7f:b8:ca:67:24:4e:f6:4e:0f:be:aa:31:23:42:eb:0d:76:9b:
-        f0:64:24:95:f4:b8:62:7b:5e:14:24:fd:6f:6c:8e:82:b3:60:
-        a9:c0
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF1AxIE1hcHBpbmcgMXRvMjM0
-IHN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBStD+8cF4FXfbqD7xH/h2hz0qYblzAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQAzUyytDm7pSRREfd5c3EsOVzU1GPLZS5TGOB5OM6d+bLS30nJGAyhL
-1e+jmsoWMwPsv8/pj6RKAcXhpgq3TYbuCJPuG9qt2tfNatqV62IfExkwj/UzIvp7
-KsN/uMpnJE72Tg++qjEjQusNdpvwZCSV9Lhie14UJP1vbI6Cs2CpwA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5EE.pem
new file mode 100644
index 0000000000..e559732c39
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest5EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 25 AA 50 77 49 C5 A1 C4 F0 D9 00 06 E9 3E 2A 34 06 06 02 BD 
+    friendlyName: Valid Policy Mapping Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=P1 Mapping 1to234 subCA
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXUDEgTWFw
+cGluZyAxdG8yMzQgc3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBiMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEyMDAGA1UEAxMpVmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUg
+VGVzdDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmiGMLjXA2ijC5
+itMpJVXTbHXhguDwZQ2mcSY5FmZ2nPuO2JBp2lA6yUG7fCuxTKeC1mGSOej41Pz8
+zTkOGiXC/UtDy73yQhJJPHFn/ka7HzC3UlIOzRbY3nXg89sqIrO4wFLKUvrM1VkW
+FqXJw5XbDwrL/0vIhqHh7jyK64snUiP0AAm6kgR1r3aufS1/QwjozIkRGmP4Cxm/
+8Gzz5is4kfB2NuaR8xE/i8BubAM8TnAyIXX6hy99TlyyXSD2tc8dlxTskD8lt6IY
+w0NwwNTi9Rqq41ZKkLtixase00o+s345noAcI5SfLdnTKXM6zUwooJzBW/av+8C7
+YyqmOjS1AgMBAAGjazBpMB8GA1UdIwQYMBaAFAMX5ZUA/So5eK/LRvZAmGUKAu27
+MB0GA1UdDgQWBBRLgjD1Mqn9+vaGwm3k1zO/qu1RFTAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATAGMA0GCSqGSIb3DQEBCwUAA4IBAQBSG/qP
+hRrenfviZJK/kxNaJzIM2ppVq3YbCxbjSApzL/tqPFEKtJuw2r7UlAY05rqzaZyE
+1sxWuvyenub6f/K9BCQRBXHO5cPOnWS142x9komCqDUP7I7F4pnptXAp8nyc8eoL
+zmsOJ8dlZv2aD//mISoFMZ69fvfIku/MAOZCTnSks1CPyT9omAfT6zdnMiDfk/kY
+lZAWFas9/pm16Z88QP8y0z/IMrri12dOLMnFyKNBy/9TXNZof/VPkkD2keJ6eQGn
+MUamXI/OIlBJXqu3AYiUDP9FQbxKxj4uTOtS1MhrZbAtTAI+3eqPKU92T8YFamCr
+A1Z483lYO5ntY6/Z
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 25 AA 50 77 49 C5 A1 C4 F0 D9 00 06 E9 3E 2A 34 06 06 02 BD 
+    friendlyName: Valid Policy Mapping Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0CE59FD1BDD6BE3F
+
+ZSsWK88M8cUm0Ar98cUKth20vjDFRCIKPWzlUnrVs+Lk7Kq5T+uRcX8BL1LEKwDj
+k81WTxyck/3tn40bzS2dIqRxDur4DWSWUzRvi7Fs6NdN+AtGL9BOvPO2vV0o4p1a
+LG9aHL4cClxgyVsBHho5tqv5CRlhFqj6Z/TBz9SqKoBMvw5qF5B4/NMDrzoZ7rxb
+NGJfJdKti3VPYE1/qfW40+j4rlqmAbtJVL+yeXQ+jdvOdZNO7vNjKMExkjkDQBFG
+tv46/TqcPToHfT8or6N6hk8Xpfz7a0Qxal7db4HwrqXyRMzzkrczucNieZTcep0c
+4hEhKj3WRxRXWhC2pdqn2xjXD9GZBGPmcDxVF1p2vQrhkTVOYRF6yAqvSPkLAlzB
+K4nK5NTQBErvy9r2Sr8KIElZjQIwpTmjOJEsCKCBXO+8GDcwViCl4px+oNGjUc3p
+oSje1Pe9BYbuIcwMuT7pE3N8ovEpra+b6wlc/WIpOLEiJwROAedubKjcg4FAM1uE
+POYIXLyCLo0a7a7cXxS2rv9dQwKfFxXIUvXFnY8K0jJqhr8WD3L9uOU0BNCsee8N
+DExbBCbPybSbo6E+BkWXPF9fhhhbmlRNY3zpF+HjN+YXUqfGoD+TjLjc5tZT8aZ3
+J/7f3j1aFKlu0mGZWqoHV6aQ2yKsShAWWt5g7Xiv0tdqCTSBxY+141wSD8K/0Lqi
+UPGOKJjbmU5rusT5S/VAxP2tsWxpaITMT/wuANu8d6Hfk9VvIggiGR4MXJMsVM6Q
+4me+GqfbNnXgqgYCiprwZRnAdhlAvyNMTJ5HkbXsLUlNKgunaLdf2fxRVevVlKOg
+4fnK0J/uLyaFfkHI7XjXhHWg8sJAkGKkeC2I8lnkyC4UcIqpI9hsJGl/1+WWPez7
+uojkeFYuURQ/jaeFb9p/SO5Zq7mqxGltPC1oE5Fvn5GlnbgYs9RqOF24yb7/30vs
+fjN0vFBiGtLM/uP1eVbdFOC6/iLgZNRUOxZTJSg3OIBoAmMY1fEUJt/h9ZcRFX+q
+ZK1HDjhhybk4SRafZZV3DuyycZf154w349NdzlrtIdUoXTIcJ0uLilYL8kJDE75s
+EZRRjnHEtJH3vrUkDEIUxWG96FXWo5Lf2r+18CW3ktGAAzGWu5JFiQ3Mny5uC++f
+rNqHPzPrD78c2huhG+TZAO3XyLf5SY3thldAneAtceknOinK6FCxifF5/ZPn2Vra
+YQyFzTbQgHctSSkccC4qHMhi8rGqxXEnCBbN+GpCSlbLWjnYLPBuW/wSVKNYpqii
+T58Ff4WK0PKIBXEu/nINzvNqaIzedpENweo+F0pkd07M8QVW2EoMKI6sfUBQcuBs
+aoHIdIR+9IEOpgLk5Q1TAAIFsuno+vkWAIFAfF8F+CSVXf5tFAdYVP15zhLL5JPm
+k3mNECnrcErMM4m5f1zNAaAwFEIPfuqcTmOGoPj+sl/YzI6ZJ/2QJ0KsAVVKugH6
+1NVWK1yzxSlOzWHZvDUV4Be0d5jmipIgWJYRW/qf6bIdYFBfE1pGohsAj5XXGheR
+wWzkUima13yr3onooRE01ArKNue68/kGZgkyVRrsm4+cflLusEPFCA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6.pem
deleted file mode 100644
index 665a6357fa..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6.pem
+++ /dev/null
@@ -1,163 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF1AxIE1hcHBpbmcg
-MXRvMjM0IHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXTEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTIwMAYDVQQD
-EylWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NjCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAg/jjf7HVRt6r4IitgA9kVxN6rVQy1OLQ
-Kelr3lLXIJbXs7XYoUx53Br5c1SDdSaaRfvhKyMl7m53baO33b+MEeB8VfWHt/on
-35CKtGtyDa/IbfzrrwwJqs0rF4H/t7Ngz1b5rrKaEjy4itjNylcyAzJC1Zjer8aJ
-iXyszL9uGc8CAwEAAaNrMGkwHwYDVR0jBBgwFoAUrQ/vHBeBV326g+8R/4doc9Km
-G5cwHQYDVR0OBBYEFOH+LaLyiRCW05OelA2Y/97NYu1gMA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAUwDQYJKoZIhvcNAQEFBQADgYEAZStF
-y/RNVE9ElY/wKLp8pdE/c4L9rucyOPSv/5zhGO4+GiiN39twvGjjMH3ziIauJpuM
-rCb8q+3s22lzkD6/BSLyRNCXM7Mx5CGWDCdHqnkdFf1Ck9ddAG3hF8FkeKjlZ2MA
-j1g2DpZezCE4srw5r+5mXw95piUHxvBxIXnBUJ0=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA
-issuer=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA
------BEGIN CERTIFICATE-----
-MIIC1zCCAkCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFAxIE1hcHBpbmcg
-MXRvMjM0IENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSzELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSAwHgYDVQQDExdQ
-MSBNYXBwaW5nIDF0bzIzNCBzdWJDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAuxzFRezTkAVZWZReelvBKELugXp5Eq7O4Ye839Rxl3p/kBRLWiFz+bsyeeMl
-YKC2+df3mBhUm5dDtrttv+oGaGL4bquZgb6X5TNxSHDe/D+3BAyxbFn8Qfq642fP
-QvmHsQYWtT+dP5NUxFpss8ElrWi0X2UEzb5ChUalSf2Vde8CAwEAAaOBzTCByjAf
-BgNVHSMEGDAWgBTMp9HShu8hYwWY780byv/gRLPUkDAdBgNVHQ4EFgQUrQ/vHBeB
-V326g+8R/4doc9KmG5cwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZI
-AWUDAgEwAjAMBgpghkgBZQMCATAEMEAGA1UdIQEB/wQ2MDQwGAYKYIZIAWUDAgEw
-AgYKYIZIAWUDAgEwBTAYBgpghkgBZQMCATAEBgpghkgBZQMCATAGMA8GA1UdEwEB
-/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACas+sr4fsuwRW8lWjQQH9NDBg4OC
-4/j/2+haNy4neNyKBSFPg7g/HTOvalwVvR2OoEiVIdh2cLH4ELt3GVucJkB9Nimr
-nV4trKBPR9Cy/UTVzDvDS9NW7FEyTWtlVbTEU4um4rvU+7HkmY4JjaEUbqrdFcRf
-ho4KQe/QkE0wYcU=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC5jCCAk+gAwIBAgIBMjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUUDEgTWFwcGlu
-ZyAxdG8yMzQgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALkWaQEgKSf0
-Z8Rv+4X37UP7SJyBJFbt6QzzxNxVnCwFX+0X5rL44rsZBya1cg8TN0BvQjpF7hKW
-Ch5A0nARNvvI6cOBqQ5T2UryrVgzPb/dXebSy5e8afDUs8QqRB9dHb/m0AVC+hTd
-mwlok2dgnsm+DdpTaKbgKWi/jjlr8H5BAgMBAAGjgecwgeQwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFMyn0dKG7yFjBZjvzRvK/+BE
-s9SQMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwWgYD
-VR0hAQH/BFAwTjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMBgGCmCGSAFlAwIB
-MAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwBDAPBgNVHRMB
-Af8EBTADAQH/MAwGA1UdJAQFMAOAAQAwDQYJKoZIhvcNAQEFBQADgYEAXs0UPa8a
-gMe7mdH0Zuxlka5P2WW5U6NGJTaF88e0d2LNd0rKAIY54kVS6qWRSb4m3fD17BhB
-HYeJt1wRTxJo/oSdKxOYY/2k1BQLH6HyqsgQsOq5V1KTBJSPsCVZxvw7i0dDtw4A
-VH9jyKpEN4XcL3k1hYHJvBU1sH8g1sE6vLQ=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P1 Mapping 1to234 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:CC:A7:D1:D2:86:EF:21:63:05:98:EF:CD:1B:CA:FF:E0:44:B3:D4:90
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        45:0b:74:18:70:b6:d8:66:8a:81:70:d0:a9:21:e0:0b:b5:9d:
-        71:45:a7:fd:df:50:ee:d6:38:4e:90:ea:eb:a8:84:6b:79:0c:
-        64:6d:0a:4d:e0:36:20:6b:ec:c6:46:8f:13:13:99:18:21:e7:
-        44:60:19:de:b4:f5:ea:7e:70:4b:b7:12:b8:4a:1f:5d:9b:b3:
-        1d:cf:e4:54:5a:a1:8c:6b:ad:fd:51:f3:0c:96:c8:a6:7a:83:
-        f2:a1:dc:3a:a9:84:f6:7f:8f:8e:3f:91:ee:ae:e3:85:9c:7f:
-        44:b7:92:89:15:77:f3:b3:dc:13:fc:7e:87:0f:e0:d6:55:96:
-        ee:83
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFFAxIE1hcHBpbmcgMXRvMjM0
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBTMp9HShu8hYwWY780byv/gRLPUkDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQBFC3QYcLbYZoqBcNCpIeALtZ1xRaf931Du1jhOkOrrqIRreQxkbQpN4DYg
-a+zGRo8TE5kYIedEYBnetPXqfnBLtxK4Sh9dm7Mdz+RUWqGMa639UfMMlsimeoPy
-odw6qYT2f4+OP5HuruOFnH9Et5KJFXfzs9wT/H6HD+DWVZbugw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=P1 Mapping 1to234 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AD:0F:EF:1C:17:81:57:7D:BA:83:EF:11:FF:87:68:73:D2:A6:1B:97
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        33:53:2c:ad:0e:6e:e9:49:14:44:7d:de:5c:dc:4b:0e:57:35:
-        35:18:f2:d9:4b:94:c6:38:1e:4e:33:a7:7e:6c:b4:b7:d2:72:
-        46:03:28:4b:d5:ef:a3:9a:ca:16:33:03:ec:bf:cf:e9:8f:a4:
-        4a:01:c5:e1:a6:0a:b7:4d:86:ee:08:93:ee:1b:da:ad:da:d7:
-        cd:6a:da:95:eb:62:1f:13:19:30:8f:f5:33:22:fa:7b:2a:c3:
-        7f:b8:ca:67:24:4e:f6:4e:0f:be:aa:31:23:42:eb:0d:76:9b:
-        f0:64:24:95:f4:b8:62:7b:5e:14:24:fd:6f:6c:8e:82:b3:60:
-        a9:c0
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF1AxIE1hcHBpbmcgMXRvMjM0
-IHN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBStD+8cF4FXfbqD7xH/h2hz0qYblzAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQAzUyytDm7pSRREfd5c3EsOVzU1GPLZS5TGOB5OM6d+bLS30nJGAyhL
-1e+jmsoWMwPsv8/pj6RKAcXhpgq3TYbuCJPuG9qt2tfNatqV62IfExkwj/UzIvp7
-KsN/uMpnJE72Tg++qjEjQusNdpvwZCSV9Lhie14UJP1vbI6Cs2CpwA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6EE.pem
new file mode 100644
index 0000000000..56e8e3d911
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: DD 2E 16 E1 97 7A C6 59 34 9C 5B 00 D2 4B B6 E1 22 2A 85 97 
+    friendlyName: Valid Policy Mapping Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=P1 Mapping 1to234 subCA
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXUDEgTWFw
+cGluZyAxdG8yMzQgc3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBiMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEyMDAGA1UEAxMpVmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNhdGUg
+VGVzdDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvhuKxV6OvBRjA
+hr758hKWi26IfFd2aGOgdDGd0/1i4wrW//nS3R8mVimchkGruRx1lB0KyEBYmAE0
+hmep3SPwapk2xbej0UL9WgLubmfHv5iesAqn+/gFGyNrHx9/uzp+Ua+25BUGYxBC
+bcMIIN06qMTU1dZF/nqNCPTO4uzdgH9VVnQHkI/TWLmrT8rrq44slyOebfCeXZeV
+G2LtDcubaYdJlo4NJPPE15zrXPBxL4m0pFWPHeTUcEyDwJulUjFmX/NIjUF7yyvn
+LlpLDHFFSzA4bVLOh0rI2VSy2ac1izMJx0gDnil7CykRofgkxJ9nmjclJ8pHtDVc
+TKRmps+dAgMBAAGjazBpMB8GA1UdIwQYMBaAFAMX5ZUA/So5eK/LRvZAmGUKAu27
+MB0GA1UdDgQWBBSzX9tBAp4J21F61Yw77Wz/CmsSAjAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATAFMA0GCSqGSIb3DQEBCwUAA4IBAQBpUnko
+RHAEZlhGumDpYCRzwa47JJqYthnJicarIhlRPpk6p+JkxZh1ISOfOtvfi9ApLNgf
+O+Vr2M1Pd7nWfczbWcmKaa2QqcMU7c/r+KZ/1u4kN12BMlW8TY1o0kk7bBsqjpNt
+6qAdQ+drFBIk7CxmaJuruJxSWZq6+EKy6MzeZiXUPOeujDaxqO3qixQK1iphIZMJ
+MpF8Ls+p9Y/KZ3M4HrUteKvYCY37QzApC32yZmuOojxJOm1+kEV3rzb79dA5epJL
+2nm2oLv8/C8gg7c1v4SpXUoR/d6hgLqu1jZCDFPMAN1Fv2eiWwU5sV2DcSY4bs7j
+yxy3p3hdJLiP6KQv
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DD 2E 16 E1 97 7A C6 59 34 9C 5B 00 D2 4B B6 E1 22 2A 85 97 
+    friendlyName: Valid Policy Mapping Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6089FA172B6A8809
+
+QKaY7/O5JCscfC7Cp3i5pjL+h+jdtqZZ6yX5zZAA6jAwtlVb3IQba+xfyB+nGq51
+yQaN4otb//j64mydf5RuAn7MUJ/2VGwKBSOYGwe1Fmsmd2Gdzv8lkwFrG8AU5Tq2
+K43+wgYZuz9bklxLf85aLZMvtTRcKM4FRIhhJSig0i3FshbhPzZ+EqjyPlHg2+Ji
+fkDR984Iww+WRYAkifZZPFmTpBNXn4WPRJZ/GwNoLA6MkriAhQUUS4AOQ54j6i4J
+jsgylIEa5Ld1j1WYxULXsnI3x9suxMbdUKHUrjLMavJlPHcYS7tZq47DwebO9yB4
+L5XKU8wUv6kl3hVKZtsOTTSQkj0fM9F6cqOOm1Sg0aqSCc3luAAPQuy/t3h9LwAg
+vnQNnfk8AWwqLErmIhzu0FJd4bYK6XDY7IbePHu2T9rEGZZ+XGMN2Eo33XdwdDtT
+uvBM8eQVt4rAkqNO6m0uPNzBmsX0K01fMYV7dpPrFolKl2gVe+bdZjUNQTsa7Onq
+3rsLlEpdO4RP3G5aDDPHfRYPygfJYQtTj1URj0CFLw3K00oGP/hN3BsGi8Ct5io9
+FlwwCugf9dzwhxEVC7iZb1lPREa45FIHih1eHAb5WmJf6SVqRcLh8KBbnvl5Jl64
+AWayZfb31p98TO5eNPfDsgud8dLZkt0Tcbylm1QqDZAL4Z4FbOmAwzlo3BFtQlG6
+jJN3MMFEegNNzkHxScPT5CYaDHFPvc+ndfL6SCFlDOOzWDTZCbYWuLIFZF6MCxLE
+pmEnh4pVmYXOEiIJ5uNFOX9Utg5s28LGr1KQvGHbSKbT+ohctKBq59lZE/sD5LYt
+j8qceGNc/H9omoYli3b/bqJ0FZobsPi1tjz9efPNPF8zz0brQgDxVP2icJH3gKd4
+3G5Ir71YZCVnTMaI4vwzh9FzXKSmIVUry2T2s3NyzKOwOf56a7FqO8s8S4LCZNVB
+9TerDx5FLW8m1W5d29zDfDHjIYtDOliBknP+4LT8CntcC9zGJ01hZt2z+gDMgOyW
+3g5juBfEuSljwcVqs0h5v3Rm+acci3Jkn/TuVeRtngBhIZ4XApF+Cwv/8GjsI8ad
+HjGJ1EnufggTyQONstqNQeMzujDYil0OVgbNyfnBRfeSJ5oB/1mzCGwgrVVh2NsW
+N1U5WpPFOg72jhb8SD2wCvEBcgC5DiPBVpUjhHISpLBbw9+0w/GBkSg3eBcAWAh4
+ukMvgsMpZAwRah21+q3owMILGZz5Yk9ipH8c/OwKznFVky1dJvKEtet8+S+8R+kO
+exTd1ar/mU1u+I9heI9CRz1kWMUHlwKM3cAcZ2k9BTj0UICweQ8+Vf9KUEteUtWQ
+LU8z9Ssn6WCNh08/FoMZNCt3+P1NVpz9c0o/9W92GGG/0AVPkSXXLvsutQqj+YPI
+nUmTM8aXl4eQdA+8NX+DrK+LCfOyDUTnDuoZyzbrKvYzm5TxAb7jzFbXebfYMa21
+hzs0Zwl1rVTtK3TKwYTn7i57sfJ2u6F0j2k8PSc+ovk9u6S8E/WvKquCOcabHPFE
+PAXKisbusrHRrObCNBIwSZhA6b3OxoiIIq0H3JlvMknwkXb9VOffAKMbe5DNHwUm
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9.pem
deleted file mode 100644
index 252e920ac8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9.pem
+++ /dev/null
@@ -1,109 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Policy Mapping EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=PanyPolicy Mapping 1to2 CA
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlBhbnlQb2xpY3kg
-TWFwcGluZyAxdG8yIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-XTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTIwMAYD
-VQQDEylWYWxpZCBQb2xpY3kgTWFwcGluZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2FRrJurp4yzaLVdHeMS3IAQQvUjp
-lPkcXvLpEyQnWVTBYLsXJF9YdVxJJFES2XUxVFTumNnOjc2XcgCuUDwqoUYHPv8P
-UWZuoQ8B2sg8HPNU6G5BHBbtXkzC7lKCDLRshPSgnKngxdmoIDSVDPkz2KBUhbFm
-QZIqhVHE6UPCViUCAwEAAaNrMGkwHwYDVR0jBBgwFoAU0rpPGz5oOOaQ+MHqJa7a
-kq9DNm4wHQYDVR0OBBYEFEhKmk02sJFH9yFXTXKxqodRjaFoMA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEA
-PrcU9aDr57y1wekJ7k+ZJuhDlemNjGY7ggrZcarGL+LsRqkufpgkLpei7Cz13buA
-L/MqHFdc7H7d+GrbF4PAe2NXfcnlJJMLjS9Jw77qSb3aw9eSqYscBFhOxYWNL/Qh
-5GI9hJYugYGFzLxh1Cnl0/Pc8PoBgtaZg7H2hXmlUyQ=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=PanyPolicy Mapping 1to2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICsjCCAhugAwIBAgIBNTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMaUGFueVBvbGlj
-eSBNYXBwaW5nIDF0bzIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPOw
-G+hWDRzfFMkg2CwlHhCBrp/3hveD/ESGWRnpEp1ATKX47bZDyerSn5/9+d2sCsja
-seeR04tpsBmS+o6bUTTy9W5G6gxE/McnS7oH1WJLYNW9e57ckYArd3i85wr+Ecoq
-IaTiDQmy4Ze+TBNA/7CaYTp8agquwDTl40VGqfs1AgMBAAGjga0wgaowHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFNK6Txs+aDjmkPjB
-6iWu2pKvQzZuMA4GA1UdDwEB/wQEAwIBBjARBgNVHSAECjAIMAYGBFUdIAAwJgYD
-VR0hAQH/BBwwGjAYBgpghkgBZQMCATABBgpghkgBZQMCATACMA8GA1UdEwEB/wQF
-MAMBAf8wDAYDVR0kBAUwA4ABADANBgkqhkiG9w0BAQUFAAOBgQBL624FELsxdPKY
-tcreLc/Fz0uWZ7bc3BEIeVTarTWFu536wAOO2Pf4mJdJZ5WVVSYcOJb03Zso6U0G
-h0iYeHFGkXBCrqeOGe1h3zL4ED/C0HYJmPtLcTrtlAwvYq8dq4ABvsqMAUgFrsf4
-JGqkgLsMrbXRCAsLpFver5xKAuQ67A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=PanyPolicy Mapping 1to2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D2:BA:4F:1B:3E:68:38:E6:90:F8:C1:EA:25:AE:DA:92:AF:43:36:6E
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9d:f5:f9:0e:d5:1b:b9:cc:83:35:eb:00:3d:98:52:11:89:63:
-        79:17:97:0b:9a:f5:0c:35:72:44:ab:2b:97:85:0d:c1:3f:26:
-        10:15:81:e4:78:88:59:2d:4d:2b:4a:8b:5a:58:e4:2c:82:76:
-        0f:b0:c3:45:c6:46:34:cc:38:33:da:6b:a0:79:e2:65:2a:3a:
-        54:8d:69:54:6e:77:32:c1:45:8e:63:de:09:f4:3e:9f:a5:19:
-        37:25:92:40:f1:aa:57:f2:61:69:e3:3d:e4:05:85:94:ec:29:
-        51:dd:85:6c:65:c3:83:7a:c4:f9:37:7e:c0:a0:0d:6c:86:2b:
-        47:7b
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlBhbnlQb2xpY3kgTWFwcGlu
-ZyAxdG8yIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBTSuk8bPmg45pD4weolrtqSr0M2bjAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQCd9fkO1Ru5zIM16wA9mFIRiWN5F5cLmvUMNXJEqyuXhQ3BPyYQ
-FYHkeIhZLU0rSotaWOQsgnYPsMNFxkY0zDgz2mugeeJlKjpUjWlUbncywUWOY94J
-9D6fpRk3JZJA8apX8mFp4z3kBYWU7ClR3YVsZcODesT5N37AoA1shitHew==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9EE.pem
new file mode 100644
index 0000000000..368e85a23f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidPolicyMappingTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 64 C9 0F D4 50 79 97 AF 08 D3 0E 95 4D C2 BD 47 50 08 57 1E 
+    friendlyName: Valid Policy Mapping Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Policy Mapping EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=PanyPolicy Mapping 1to2 CA
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMaUGFueVBv
+bGljeSBNYXBwaW5nIDF0bzIgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBiMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTEyMDAGA1UEAxMpVmFsaWQgUG9saWN5IE1hcHBpbmcgRUUgQ2VydGlmaWNh
+dGUgVGVzdDkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+P2NyLxKH
+FxAPjW+SjKAbIRefIhK1wrsTiAqxwAXyFdd7DGr1yZgRDI01vPYyYCRCx+N4L1S9
+rDC+mmh+zyDlsM9cQOaApF6Q8yoLW203kJIb2RWaxIL3kWhpQZsVVZ/feMaFM/3/
+TlpjJlCTXyG5rBEz9jorFf4gaLzqfqROlojVWNN7ozp0aSe0hb6PrTymHOxA76u8
+ahz41lNzczNv3UgfzijurhYx93GxKvM+uzSkcz6in1HaNVI9EYb/DgeqhnOW+eNX
+lRBVxIt8Bib7ATofuBQCnPRzvC7txybCPX1KN32Ey3enhlRnFNXeGcEdEcevSVLw
+CZ6KkeB+ft+BAgMBAAGjazBpMB8GA1UdIwQYMBaAFEcDJy9DPcUv2ZKsx9J20DPG
++Xe7MB0GA1UdDgQWBBQIZAJOoXdyajkMnsi9d3w/HMoLfDAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQBM
+SaSdAKgMib7Hlpoooy+Du7GZe9IkYyp9XEhiugaOHtQzdD07PS4kUUjjtj/+RjAd
+JB72SZBy6TX0MZoWhz6E4Zn9XwGmxWPAs2RwIcV7ICLq9ZvnThoCk1rUNRJN2GUJ
+rKAaHnnJ8eplpFy7pe+XuSX3+BmuEsB8cY+UJML3DR3pfSP45I8hM4YP6a5C3HTd
+Lif+xigdnT5hBD7UIDXTMxfBFFufc4Ckr5ON3bRRgQKzkV3+FL57dWqBweZV8wIm
+WfW/8BXJVho3Tm7hj2m5Kl7GxuaicnVC9zjC02xSX2zWatlAC9qQ8PebqWHdNCt8
+a+IKJC+4NrcghSNUs/eR
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 64 C9 0F D4 50 79 97 AF 08 D3 0E 95 4D C2 BD 47 50 08 57 1E 
+    friendlyName: Valid Policy Mapping Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,875194FAA839BD5E
+
+TWaDWBhDnwciPVhYcNPoNJhJb/3AJQRnKtKsCwIcT456D+Ibf+ASOyC2h/TkC+tb
+ixNCg0qUSng9CUHqtBumy4hOQtxZqVjYni5+EtxBM+pAuc8j7gq1EAVQMNLh/JbT
+0gak/VmVhlKb3CxPWyszP5HTDezqlNZfkgUwxzryWkT/xv7abmv0kwSL5kx9WCaA
+7CvriwCr4/a+Fjey1J0QolUsf85SjwtgW2bjVC2bGdP+rG3GmM9upvLongxoDXbS
+uBjyvg3jMiM80pjXsAx7wrnd5mJxO0VGROkXjOCH0UWU9pEjSPeK8DyEr3xTfcRD
+CBJ4VHuCAR9xB37ibfx6SHSP6lqeFiT+mObiQDHhsFgx51gG2PjsUexOiRDHTYzS
+GqR81IfPVaNLKVyAxyO7Bdq/BlLJw3LKhLS6amGZJP8KLgMDC2EAnQduRcc7kxyQ
+uTGuAaxJRub2S9XXNpGmGT6JOOfdsILv+sKR/xCDetUstIX5HKcqyMG5QusWdtL0
+XD+ujNT25PRgbQ9YnvS1nKDcP/g60/xzWjR0NsPStHJTDO7TBjH6yvj69jH4XtEa
+4pKiYVeLPeOEtgq43tLM3kB3bXNZoXHXaiQBwIlokAa4JfijiltkH3jy4C9lccz2
+xV6HZQT8y8/4aCXEbxJouZ9EtoD36J+QUIrikQYFTZNZ8RAHPlzFFgrzDSb3vUlm
+DSMhWkk6AmlVCuOnKZHFXEFXHLsVov9phq4lvaBTPL3mARyaA7z2ELtTcI1Rq6rI
+/WKQVfq/q/vC1OYsRCubBFmGv7ou7yIeWtAFpFSl7mutJDiL18UIT6wBRuVyd//M
+75XeC7EVZfsl7R8cflFrYiX4FDK872wTnhPa7bFJRMq0pNBqWAnXcIJJN8ySgZ/c
+721NsMHtkFdSC2SLenMZTZw1AjClVLFoZ4Ke0LOvynxUerLP1HySYeEFpd0z1F4i
+jWOfEl52lq77Dlthn2Ax1i5Tgz35XYVjUImjCvbnafRuSzEIUfuoxITGciRSlatr
+r34layA/Ese7oHqfnDpmht0Snx3FKDNr2AOfLpEdTAqkWC2aceu9m9H5erbpu1hy
+gwbwZ4okeUc7rAzBJ3JZwVX5gou6erOsMvq3rrpM9MQut64LDe5UmiTbqk1nScNm
+25n4XJ98Za+ZJXD9S4AkaCjPiLJOVoBa3lwviBZMG8TCCJFqpf5TvRi65wQe186r
+mxP0EDsjDjvZga5tHEBXTVco4LlsQJifdvQzUlpDgH0KVfj7jt88fH4Rq8DthZ9X
+MBBwRRDQDM5xXq9mkV2s20o0OPUEVrCfxPNhavmA6IL/veIGyH/oLrNg3DrRlRpr
+LQr6vUwBdXr3IXFceKygFNHI5m6m70GwCgKEH7zVGLIhaCUwr44JVopCNWLs5LVJ
+8J2GWsRjr7VWXUF/bPhemVvml/DGysKpuDyJerCm1rQd5/Ba0mZcFi/q+uqmGbH/
+QpRje1m4JWP+UA2Mr7cLiGezv53s3iRp3ZXKDLWrKUIXEWMP6iuW30m6bHOD3n2U
+xhZh8opURdbI4cWF+7sSmRvcTUl/deNCMHBq+iolwppR9pz+wX3pLg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7.pem
deleted file mode 100644
index 6a94017c06..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7.pem
+++ /dev/null
@@ -1,113 +0,0 @@
-subject=/C=US/O=Test Certificates/DC=gov/DC=testcertificates/ST=Maryland/serialNumber=345/dnQualifier=CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICwTCCAiqgAwIBAgIBYDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGOMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEzARBgoJkiaJk/IsZAEZFgNn
-b3YxIDAeBgoJkiaJk/IsZAEZFhB0ZXN0Y2VydGlmaWNhdGVzMREwDwYDVQQIEwhN
-YXJ5bGFuZDEMMAoGA1UEBRMDMzQ1MQswCQYDVQQuEwJDQTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAmPmvvNuLBaXi3cYQQzuNFOtq2aeNq1YZodT/+7SSfjl2
-uz1wsLHI7XjOGOuWrE9N0oNBrARmSYh6WrYCJj1cd8vcj+FTymvx5DWEeqPCDmxU
-EO4e+/R+utHsFmCRzrOOUEqKkiHNGoR3iyrYr5zszJRgRDwf1QiYInu0cLMsHr8C
-AwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0O
-BBYEFKAtjaBcqIIIYio2ok1SyOUsUH0rMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAE
-EDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOBgQCXoXCIH5TuCf84dVOweSMfOdb5MzKTudOw55mU7VgDzMk7vzQIEx3jCeP0
-7h8byDM0i/okjN0Ugm4DzOwxx5lAjs/uGGhGRGBVCJIPQ4QemsX3L24YpqSQKoJj
-K+YL+sz8pdoaqX69dDAyIcZNG2i9L/WEvmacw0AnJZ+Rd06jqw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid RFC3280 Mandatory Attribute Types EE Certificate Test7
-issuer=/C=US/O=Test Certificates/DC=gov/DC=testcertificates/ST=Maryland/serialNumber=345/dnQualifier=CA
------BEGIN CERTIFICATE-----
-MIIC4DCCAkmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRMwEQYKCZImiZPyLGQBGRYDZ292
-MSAwHgYKCZImiZPyLGQBGRYQdGVzdGNlcnRpZmljYXRlczERMA8GA1UECBMITWFy
-eWxhbmQxDDAKBgNVBAUTAzM0NTELMAkGA1UELhMCQ0EwHhcNMDEwNDE5MTQ1NzIw
-WhcNMTEwNDE5MTQ1NzIwWjBwMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxRTBDBgNVBAMTPFZhbGlkIFJGQzMyODAgTWFuZGF0b3J5IEF0
-dHJpYnV0ZSBUeXBlcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NzCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAn3sUmVtQ1OLPODq7WXtzygEZ0tKb60KjAITF+WQQwfYO
-katDsSHQU19m7Uxi3JX3wKeIZOJLDR14VB8aGUsN6pNaKKFCB1B2pgQsjDZsCLDz
-ckA7lYdIC40Smu+8Nb2IGgncTW1Dye6r36lxhEpAU0cqXdOKkhteDDOW42tuZlMC
-AwEAAaNrMGkwHwYDVR0jBBgwFoAUoC2NoFyogghiKjaiTVLI5SxQfSswHQYDVR0O
-BBYEFHv2CemcO4grJLwWGJqNhA9NXdicMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAE
-EDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAQAimtwbz7YQ8Pm8M
-Cg/LHjRpGXaJL82W85ioX8T7hsFsGlQbHp6uAq/Zkk44mG2ziuI5pJF/HnuAXPiF
-xHcnCfDDpHpNh7deC53/nPf9Co375lZRWlBT233KSL14GTyiBZPipzbsUvJ+7FOp
-alTeRK4fPr3lNDo9SEVo4e97i5w=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/DC=gov/DC=testcertificates/ST=Maryland/serialNumber=345/dnQualifier=CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A0:2D:8D:A0:5C:A8:82:08:62:2A:36:A2:4D:52:C8:E5:2C:50:7D:2B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        52:d1:8a:cb:32:66:cf:87:3e:a9:ea:a2:35:90:42:18:74:4f:
-        9e:43:5d:6c:73:09:4e:ec:45:68:bf:3d:c3:1a:97:e5:83:66:
-        e0:2a:1c:84:97:8e:d2:29:2a:c6:f2:41:e8:fc:63:3c:8a:5a:
-        1a:8c:40:eb:c3:12:1d:ef:5e:70:a9:af:d9:dc:89:28:03:76:
-        ff:b6:cb:5e:e0:82:f7:ad:32:3c:60:58:3c:fe:24:3d:9f:68:
-        79:98:14:e4:0c:80:1a:f7:63:eb:5b:cd:ca:1c:69:80:93:8a:
-        26:55:e3:ac:b9:05:7e:83:64:d4:3b:11:26:bf:fd:df:5f:3f:
-        40:30
------BEGIN X509 CRL-----
-MIIBiDCB8gIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRMwEQYKCZImiZPyLGQBGRYDZ292MSAwHgYK
-CZImiZPyLGQBGRYQdGVzdGNlcnRpZmljYXRlczERMA8GA1UECBMITWFyeWxhbmQx
-DDAKBgNVBAUTAzM0NTELMAkGA1UELhMCQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQx
-OTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFKAtjaBcqIIIYio2ok1SyOUsUH0rMAoG
-A1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAFLRissyZs+HPqnqojWQQhh0T55D
-XWxzCU7sRWi/PcMal+WDZuAqHISXjtIpKsbyQej8YzyKWhqMQOvDEh3vXnCpr9nc
-iSgDdv+2y17ggvetMjxgWDz+JD2faHmYFOQMgBr3Y+tbzcocaYCTiiZV46y5BX6D
-ZNQ7ESa//d9fP0Aw
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7EE.pem
new file mode 100644
index 0000000000..7961ca1f03
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280MandatoryAttributeTypesTest7EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: E6 8E 14 0F 4F 28 27 45 1E 67 B7 AA A8 34 C2 84 FD DF E8 28 
+    friendlyName: Valid RFC3280 Mandatory Attribute Types Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid RFC3280 Mandatory Attribute Types EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/DC=gov/DC=testcertificates/ST=Maryland/serialNumber=345/dnQualifier=CA
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBATANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExEzARBgoJkiaJk/IsZAEZ
+FgNnb3YxIDAeBgoJkiaJk/IsZAEZFhB0ZXN0Y2VydGlmaWNhdGVzMREwDwYDVQQI
+EwhNYXJ5bGFuZDEMMAoGA1UEBRMDMzQ1MQswCQYDVQQuEwJDQTAeFw0xMDAxMDEw
+ODMwMDBaFw0zMDEyMzEwODMwMDBaMHUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZU
+ZXN0IENlcnRpZmljYXRlcyAyMDExMUUwQwYDVQQDEzxWYWxpZCBSRkMzMjgwIE1h
+bmRhdG9yeSBBdHRyaWJ1dGUgVHlwZXMgRUUgQ2VydGlmaWNhdGUgVGVzdDcwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdZjCEq8H9mVwzW0tJkvsOuE4j
++D3LoEUE2bh5sopUAfj/IOB3xwajLwL3VX4joJQkD/D4efvZKh4pzkHnbC9s82PW
+4HbKW95X1n2s85JFrMYuPGxzD4pDQcHWeptp6NM4iP2nxj/cc3kkxcov30hnk2lq
+mmr3FNXYIJ6/D4e1AgGgZjikNwKFHqiC5b70bZW6QbUTfQ7PtsqsCb2tsLvDreXS
+lBd8pLnB4b+czEFdcgXx9vVPEJf0tWik+k2dO5EbXhEFp9TB4/oOAPz/6J5sniSO
+IkrRfwidMyUAn4/iUj9nzJ1ITJ3ffHhhOpAmEBI9S5yg8ntzwh6zKuxwp/HNAgMB
+AAGjazBpMB8GA1UdIwQYMBaAFPBRGGLvzkHHt7BndGsCvDIKM5nrMB0GA1UdDgQW
+BBQiXTJuQyIRmwrQGxx/oAX3WiwjvTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAU+rnqd3Fx/GnRGW1S
+TkL+CqF8rRHHfVoi+TbwLpbcLltQPiJSm2OzYcPaxR4Q+qbVevA0aLTHFUrKb+dJ
+yX5HIC0Mw1NgEoyMmgqBtxk6qsxawpxtSuiIrqVwC8ZSJA4x5r5OsVwm3BTu4yIG
+BecgzQPToPTzkLpy+miylicd6zUotkx1/fk9H22Noi6CqTea0leemThYEf4UdiDN
+txAI2gGY0++Pg4xS166It6G4VnNsIPF/HV684iwAO3FPGgtxPpu6chf1Z/9D9EZ/
+bVHah6PIQS41hrUKp2dr9rTX4Jbaay8hg9FT4b0Uk4hSJxaDvEO/CcqLjK3HR2lc
+CE8y
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E6 8E 14 0F 4F 28 27 45 1E 67 B7 AA A8 34 C2 84 FD DF E8 28 
+    friendlyName: Valid RFC3280 Mandatory Attribute Types Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BFE9C73E2F4F2252
+
+WDp/+1YSU6aYrsDVTkgfP/7jdUE4vXcwtYb8J2Y+4ToItijuV2PLyC3+LDxgdKYV
+N20avLAeuruvWUYkMXpg2KkLfH14wQ716S77yzf5zXSMItZuQhOLAIbziAct68c0
+dCrZrJs8eZ6l7cttPAgui2/8QPF68//fEs7O8SWDVm7vgKfIhacQcpcmJEq/SqFv
+Y9DSlxrXl848ATroZPI6630f2VeBbM4U3+wyS3l8Y77+vhARPJlerQExJgPauzHG
+vur2jVe6CtLHo4bmQu3uVWiVFLVeaycAVkBJVO+PayhC1WZBecuOwuhk4EBMk0Dw
+Wm23QxVUMTveXAbBvoxl+8XCq5WvKK1MywODr0twPMsEs7QzudC4kyvhir0ZTfMQ
+mt5bRtkCyzdBJyOWPmoZ8cGIT3e8yXcVoqwiWwy/i+dQ4EWAUtTeP4F7Fu1n2CGN
+i7Iu9TvYZoeU/RvBH+p1kjdiQx1YsTSxxCMstLoH0+k7WuH6vyNcnPGs1/4/3M62
+3qCPUK+C6O01Pj+wa+hxs1P24SIEN+IbwmDPEFClWk5T9Hg5MYBH2ae1a4DG3DEs
+c4JcAScAjnSInZkBEtAAjpZ0f8D/hDxW8UZ6i+vfgITMIXYqZzWaO0t8RASkTj4x
+F8NC/eC6uWTnfFvEcABDdMQ7TkRzz8QVCHLVWsMBoPpb5XmGnm2maWyD600o+hSi
+03OIEYVsQh09qFTtbnxHpUOwrdjGCQZ/a+VFee3nW8BgUSrax+/7Nv1jX7eFchoY
+5Ma6pYrvPFlD7MQITj9zEhFNy7+DmQ2kWyw0fOaozRVqLpp59jGzYx3ERzmUSxXO
+h3EPTWOxgJ4ggQlKepeRfv9jzI36XMzVcA4kk+hlngNOWkWfFyBO6ZgzlmB8vwLg
+TvHXabA7CE12DzPc0Ydput4abongqJee6I33uZ4vAJSFAY63L8lqm/j34wRSjkzH
+uo7Pw4C/essovBEIAYjgiTS3ZkVps/fO+DTvCiRJAIx9BnebASHFxBmHUyo1nu5t
+DEg9xbK06d6+/m/0S9a/dpAl/nIgXroFUgS+wQAAZ8znJ+OMCzZfyvhFmtNqOwJ/
+OdzSJ9GYXp/qJ4mbFNAzmtMxPRli/kFScaAcKfcDGEmCJOkfglgr6RT+nvYHdwYK
+briRG4GVuSdnRf2BgwCjvpDEFIc8SkWstRydiUj3F0YtcMn/qqz3ee8EUYyaDFMh
+5tfxP7nuV7NlayDIa8eAj4uOMdXHhOpF7yROZbc5fgD9r5rjs18KEu1DJUKGyKaI
+HAbm5Jpwcidw2WLG9I106RcF0tKR+1Y3ZGkK0SwAIKEu77Fadoz6O3FGy7bvx0a7
+547ZOqZXuz8GmkbxXXXdqcI2BJtgxIyXwybfdyefLwRwsWbnQhlTrDQq5xuevWzi
+1NbAToJhf7iVoyqaklPV3wQ/VJTDly27Q7KJjaFdTuGlf8pj7IEDJG6LfX5YppcJ
+Cq4u5Lu+Zsvusn+7N1BBZbNSiNCj0tR83C/muSziuTWtOY23JZvvmHQpJEMKaTyN
+aU0obz9ocoPvipKvPwbWIP67kMHHbaomLxhNmSOwvZYAnppzXXINzwrtImlcu32L
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8.pem
deleted file mode 100644
index fe5bdf3e6d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8.pem
+++ /dev/null
@@ -1,114 +0,0 @@
-subject=/C=US/O=Test Certificates/L=Gaithersburg/GN=John/initials=Q/pseudonym=Fictitious/SN=CA/generationQualifier=III/title=M.D.
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICzTCCAjagAwIBAgIBYTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMIGaMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAcTDEdhaXRoZXJz
-YnVyZzENMAsGA1UEKhMESm9objEKMAgGA1UEKxMBUTETMBEGA1UEQRMKRmljdGl0
-aW91czELMAkGA1UEBBMCQ0ExDDAKBgNVBCwTA0lJSTENMAsGA1UEDBMETS5ELjCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1rYVbBlFi+aAvBEyC1OHaw1KoNLA
-SbwWJQU2M2R18MJ60p/Et24lC5hPnI9+Iaqa0JSHYJ0hY4qWcweJOtNcTNjAgPe/
-jxsQPIOJeI5j0ZDI79wgvj0F7KLW5QKyDbc220ew+FMR2KptqAPxv4exgICooaiL
-M8sOLdN9u/AqLosCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFK+Bn8wZLBKkY0JXV9dXGmMHX3PRMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQBT6cZaPPoR2jyTsaiykedCd4fttTGC/7nzI5s6/riF
-5nxSRhoLM+h8ha+zN2df1xMZao1Ovp6RQGOPrbuPhz8qwnmYrjZ2fdvj47sj+BQY
-xIO6oUyd/DYYwI/nmq3o5bLBOxZDz3qC3AiNFfcfLPiZ2m0eotP0I78nTtDGGUDc
-Ew==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid RFC3280 Optional Attribute Types EE Certificate Test8
-issuer=/C=US/O=Test Certificates/L=Gaithersburg/GN=John/initials=Q/pseudonym=Fictitious/SN=CA/generationQualifier=III/title=M.D.
------BEGIN CERTIFICATE-----
-MIIC6zCCAlSgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQHEwxHYWl0aGVyc2J1
-cmcxDTALBgNVBCoTBEpvaG4xCjAIBgNVBCsTAVExEzARBgNVBEETCkZpY3RpdGlv
-dXMxCzAJBgNVBAQTAkNBMQwwCgYDVQQsEwNJSUkxDTALBgNVBAwTBE0uRC4wHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBvMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRDBCBgNVBAMTO1ZhbGlkIFJGQzMyODAg
-T3B0aW9uYWwgQXR0cmlidXRlIFR5cGVzIEVFIENlcnRpZmljYXRlIFRlc3Q4MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBi40mcnzIqaCI8xmKk/hWOkKWbQLD
-++tbFk6jZC91dhYO3PZy1cPsNYJPSz+xSdp/EQz+8TEGRabX2QloXsHxgRZGersi
-xzDg2uh1LS0/k04o+YxsAwJljkd74tub9b0PRX6MzqsUQgy7SWnPvQ6qKJ1uZ8B3
-UJYb/Jr+Jb0BDQIDAQABo2swaTAfBgNVHSMEGDAWgBSvgZ/MGSwSpGNCV1fXVxpj
-B19z0TAdBgNVHQ4EFgQU1AdzbqWGvXGozwcQ3FLKcM0NhdQwDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCm
-53CaFal2YrwuX9JDOKgfEISGgoAdQjs+hoh0T9fTKMeyzfuEaajj4gKD7YViPd5Z
-SbbTywQKjzTDTP1PiLf7ti3TbOzHmPCT9sOcSMxn7ws9Q/KV4SvNjpYK8W6YPn6r
-WSMe+VuZypOlb/vWxOgHPP5IIY/4vqVjulA0tcqP5Q==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/L=Gaithersburg/GN=John/initials=Q/pseudonym=Fictitious/SN=CA/generationQualifier=III/title=M.D.
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AF:81:9F:CC:19:2C:12:A4:63:42:57:57:D7:57:1A:63:07:5F:73:D1
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        92:2d:88:30:eb:90:92:74:63:32:0b:b7:99:52:78:83:ef:a8:
-        8f:33:89:b8:57:ff:06:f8:f0:41:20:77:9d:be:a9:98:10:12:
-        e3:80:bb:b0:48:d2:57:93:be:3b:b8:64:f6:9a:91:05:05:df:
-        d4:97:6a:a1:c7:29:04:d3:e6:ab:63:83:99:c1:58:87:8e:ee:
-        d7:85:1b:f7:d1:8d:2f:34:c4:a8:77:c3:5d:ff:15:2b:c5:14:
-        47:f8:04:f4:c0:a1:3a:84:07:0c:a4:97:0f:02:f8:ca:07:52:
-        fe:42:29:ff:e2:9a:01:e0:ac:1f:4f:e1:15:47:6c:71:d9:da:
-        dc:02
------BEGIN X509 CRL-----
-MIIBlDCB/gIBATANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQHEwxHYWl0aGVyc2J1cmcxDTAL
-BgNVBCoTBEpvaG4xCjAIBgNVBCsTAVExEzARBgNVBEETCkZpY3RpdGlvdXMxCzAJ
-BgNVBAQTAkNBMQwwCgYDVQQsEwNJSUkxDTALBgNVBAwTBE0uRC4XDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFK+Bn8wZLBKkY0JX
-V9dXGmMHX3PRMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAJItiDDrkJJ0
-YzILt5lSeIPvqI8zibhX/wb48EEgd52+qZgQEuOAu7BI0leTvju4ZPaakQUF39SX
-aqHHKQTT5qtjg5nBWIeO7teFG/fRjS80xKh3w13/FSvFFEf4BPTAoTqEBwyklw8C
-+MoHUv5CKf/imgHgrB9P4RVHbHHZ2twC
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8EE.pem
new file mode 100644
index 0000000000..fd69deb001
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC3280OptionalAttributeTypesTest8EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 70 05 A8 EA DC D1 2B 2B 4F 88 9B CF 8A BF A5 7A B3 2F 23 06 
+    friendlyName: Valid RFC3280 Optional Attribute Types Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid RFC3280 Optional Attribute Types EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/L=Gaithersburg/GN=John/initials=Q/pseudonym=Fictitious/SN=CA/generationQualifier=III/title=M.D.
+-----BEGIN CERTIFICATE-----
+MIID+jCCAuKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnzELMAkGA1UEBhMCVVMx
+HzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAcTDEdhaXRo
+ZXJzYnVyZzENMAsGA1UEKhMESm9objEKMAgGA1UEKxMBUTETMBEGA1UEQRMKRmlj
+dGl0aW91czELMAkGA1UEBBMCQ0ExDDAKBgNVBCwTA0lJSTENMAsGA1UEDBMETS5E
+LjAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMHQxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMUQwQgYDVQQDEztWYWxp
+ZCBSRkMzMjgwIE9wdGlvbmFsIEF0dHJpYnV0ZSBUeXBlcyBFRSBDZXJ0aWZpY2F0
+ZSBUZXN0ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALnWd2qWpNr5
+EB4D/X04sWYwHk2O/sNfaCRnyPOdRa04rEwDbcqICC6y40U0nyDFc0EzBcCHVqts
+Cn36EI4hpnibj2BRybDIo2Ntb2PH6z0BbQUfPY/X34yJ+k9uFEBRRL9gNyQQH+DB
+mgN/HoQ2UOiGvmdNJY9Sc5f3srgi+0TLs4W0kaeW3l1/aFImKPBXIE6Dwhqr8x0I
+i2MY1piu/TN6llFXukOkz8cZihj8hetOPNTJPcSjQ/LB+WQpfyQ2RsVlpIhy0tf1
+PpBpWrc9Jljx11MT0uHCJ6Agq/cqO9NxBWR6NN2rCRq+8JwOgBNS+5qH2hex7taN
+QpedWsWMxk0CAwEAAaNrMGkwHwYDVR0jBBgwFoAUm25vP4qn9Oe1jDFbzplLkRx8
+fL0wHQYDVR0OBBYEFFo1tItlb/GOrVNgqo0jnqVlFChDMA4GA1UdDwEB/wQEAwIE
+8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBACLn
+LA2yu+fl/z6CAe91RJeh1g/9ffXA81W2NjqtgRF9p3ryT0M7ZVhVd8qmN4ZbTB+O
+lTTIgspdcgCFbX3SzH6MFOHmTmIug7hsuBkR6xhs4fGbGb9MqbAbcsUhqNSC+EQ7
+35+ti62crD1Ew83xhOn8rPqCfKj8cRlac15f5w05TItgB0v4/laFMQwGGvJcvGkQ
+j8iWgV2SRug22qujOb7ZH5rTJJLWvZ6oLNasiyB+Fe6ExidWRU1YKmFNWrP1OEe4
+Hll70oWjXGLo/Ilkw8dJDe2wxLgktazED5eBsqfS8wPCTHkaaM/YAcbDmlbXvDED
+Rk8uUmjfR/dHOtIdEb0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 70 05 A8 EA DC D1 2B 2B 4F 88 9B CF 8A BF A5 7A B3 2F 23 06 
+    friendlyName: Valid RFC3280 Optional Attribute Types Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FC39EB1A890FB19C
+
+mRBIoUlt0n541CPYW0DGxjQbisdR/qik0jn4WUzTQjFUhDqZCS3jox+lVj3+2L0O
+EogtwLej0FCZbv5Wl1+cGTSRnRWsTMcrZF1vUPxbh5AyGyAkHhvkL5VeN3KvQD8n
+GyRE92RwD+UiRcmSNTnN1tzcfUF5WP+ggGsyhqoMh+8A/a7q6fKtKTqA3a0PgMtC
+G+OxoAsZnQbmV2djG8aayd8C84mZtj29qSyzevg5ubYbU4zDFHEJ75tZivxTNWe4
+rgJtTDioizLuuiLZW4lgC8qIZIto49NZxW3NGI4uNf4S9YlH6pwg/WgfP8uDt5BU
+Ya9b7isJkgpkaaB3UaAignwvmxbcK/etmEI90NNYJAo+dNX9vSJgr3tPWD4ihnW5
+t2spd3+9kLHz002tGh8nNOUVSPp/7sBgJZAdCTDBaD3Hn53zcNxjzhHyI2KRi6pd
+X5iU8Ull5ymv7xX2a7hS2nhSvluknO3FrgQboEmZi68RQ2q6TLF3zurUPpWR85iP
+J3ISxm4Np3m1SpPXWyJDc0WldWvo2Y+dqPXhg37nkXw7bkwrCmBc98qzVLGh/iRf
+W92SADj6fLeQjSDF97ts4/Qt9VOCrRBOY8hrOWuFJ34kNbMRqxpruBfRFmizdGYZ
+CzSSSwr5aZCYAe4vMFU1fRO3If2oAzF52IGSpRKmXVvDTU6djW7JMieKAqWWGaQm
+rlIZ/061su9MzGXVH5VF5Fbeooavm7ir0FaMVYhTmtdggo4F61zBY6ubtCQg/9lX
+oQjKc9XADM58zIWk+M3WMTGquaEs4ACcrx34l3RolC+B6WicQAAqq7KcSULahufG
+J8xteOpQ185qRdOVfSBQ/DfRE7cD4CXJvt68uPXn1ts4i3KjU5k//KAr6uVfWOa1
+TNXO1G9zTDiVATXU4NK194ECyVTLUVJVxAGTc4RaVkJOtq9fTn9b+5e3a5kqx25w
+Vwf+bidlEM8U8QWEWrE+ro78v+NSjTAZADR+LfsAqbRLRhlBVyCRFn7VcYDXx9M2
+N32euCqAKZCP/lrKyvk7Ag271IMy6CkTKOVCnd07oR/1LJQFQzUzOrK0oePuUEdZ
+0fm6ErCioCEzPRpq22dEwsZ24axn1AQDeZ7UA0ZId4Ll8e8XALne0LJKr+ydyrjL
+vmNPFXp49+igvesj1K+uBIkp7RsROuh5A5Fj0gq1oAtKGq6ypu36KwJOSFPl8zNn
+8twsR1yRCbgGZreA6fO8lo3lv+q3FvRWWLX10p+6OaOSi8Wh59+R1q1b/BgC2Xxy
+cwdvLjOhf5lPn9kWHyZHaTnhBRn5AgwiMZIJS0u61b0nLBefglIKYDEdIXWVTSLa
+QoG6N6SkcCcmgwEsE+PA2c3ZVFXfjhCaxdBp455cPtPiJSbdBruoNoZrxM5LFyGi
+wG29/Dz1CegDwQkPXLdliDc70ycIOJLWCeArXAcnUJY/JsowtGxk30r6Wufg3n5X
+DSlWR3fPgiTuKXOU/AhTTzxc1QX+fPpU0dyXD0veDDJBD0LVWGxYj6RO3YB28YWv
+9DgQ8hYM8awbiDz2GKg5bp63PFtPHVx94OuQ/yLVDhs00emTM0fsMA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21.pem
deleted file mode 100644
index 0a271fcdc0..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqzCCAhSgAwIBAgIBQzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0
-cmFpbnRzIFJGQzgyMiBDQTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOYG
-d2HszTJIsVTazKriCUJ/ExxUo4U4HEZN9+/XVXsQVkZYIzWtyCTC3IFmSAyb9ZED
-Gu3jmF/evXpfNXmxiURUu6W0bLEpIkZiVpPpTKqoJx2EHj+wXOfe31AD0OmKidXP
-66+LVgIJLWGMr3Msbzb4T3gpKb2ynQc2/XnE3RkbAgMBAAGjgaYwgaMwHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFON/hXqOojue7rgS
-HXkTqsS9LlmtMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAnBgNVHR4BAf8EHTAboBkwF4EVLnRlc3RjZXJ0
-aWZpY2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAJjXEGmrQ1/Muud+NZwajR9x
-it/32SNVvHI+/O7bopout/RnhJudrmsdqGlcSk0KXfcXI22cJOkAYe1M39znxgba
-VitYYLxfsS+3O2pLpMgQMFCZuOJATfAQUlui+dVtPTaIam7jimms5Qam2K2SuZ/t
-eJ2J/rIDHCOrIGktQS8H
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid RFC822 nameConstraints EE Certificate Test21
-issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1
------BEGIN CERTIFICATE-----
-MIICzDCCAjWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBSRkM4MjIgQ0ExMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-ZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTswOQYD
-VQQDEzJWYWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRl
-IFRlc3QyMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmgblTsP6gle2uacP
-DDJPff0VnqgTN1VtCh/uqZINqMtzbfcADz7KNpqETX64spwhD8/3m9yEVpJStgPq
-o/mbcf/G2L3+zkx2t7mQLTy115q304S7KBauhK/aen56yKrHOuUv+qmOSYpqZKwi
-ZbobiLq/CMbUfYx6zaM8Bd59VBsCAwEAAaOBoTCBnjAfBgNVHSMEGDAWgBTjf4V6
-jqI7nu64Eh15E6rEvS5ZrTAdBgNVHQ4EFgQUtCANQs2V6ofUY9VPDtbRD+W3O/sw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAzBgNVHREE
-LDAqgShUZXN0MjFFRUBtYWlsc2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0G
-CSqGSIb3DQEBBQUAA4GBAB1qFEM9zKmqItkLPuorp06yLsoL0xL3X+c4ym7JP034
-2kYhJ7SoZFmFbIRB6z472KWbJc17oM9LK6GOt08QBEIHhQk1pZrueBJDrCv8WmR3
-7FHwbkNcRn8DFYiV3//yjYP+bgN142Lj3O9SpuUy/a32bsupo0ykWADqwwY1ntmi
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:E3:7F:85:7A:8E:A2:3B:9E:EE:B8:12:1D:79:13:AA:C4:BD:2E:59:AD
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        b4:77:73:f7:12:e7:d7:20:9a:bd:e1:00:a8:b1:6a:7a:65:1e:
-        8e:56:c9:ca:38:33:7e:d5:37:41:c1:e7:95:a4:81:ab:9b:40:
-        31:1d:aa:6c:14:f9:19:e4:3f:85:6b:24:ff:d6:bf:cb:fd:27:
-        a9:65:35:5c:b7:6b:82:87:b7:e1:c2:4d:34:ca:42:5c:46:66:
-        45:11:d2:c0:48:0f:08:8c:b0:a7:58:66:63:9d:ae:0a:68:0a:
-        5b:5b:ee:fe:12:93:77:03:90:6e:a4:8d:32:2e:56:56:cf:1f:
-        85:b8:95:52:f7:73:78:5e:d0:04:66:2c:8c:ca:78:36:da:43:
-        10:07
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS
-RkM4MjIgQ0ExFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBTjf4V6jqI7nu64Eh15E6rEvS5ZrTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQC0d3P3EufXIJq94QCosWp6ZR6OVsnKODN+1TdBweeVpIGrm0Ax
-HapsFPkZ5D+FayT/1r/L/SepZTVct2uCh7fhwk00ykJcRmZFEdLASA8IjLCnWGZj
-na4KaApbW+7+EpN3A5BupI0yLlZWzx+FuJVS93N4XtAEZiyMyng22kMQBw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21EE.pem
new file mode 100644
index 0000000000..00a5e61442
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest21EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 23 43 2D D2 5E 36 CC 16 FD 86 12 BB D5 0E C8 08 99 18 ED 9A 
+    friendlyName: Valid RFC822 nameConstraints Test21 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid RFC822 nameConstraints EE Certificate Test21
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA1
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIFJGQzgyMiBDQTEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBrMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE7MDkGA1UEAxMyVmFsaWQgUkZDODIyIG5hbWVDb25zdHJhaW50cyBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0MjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC5yv2YRIEhQf1yjI/+8BH9zoj+WkwrpoJikq3h9IAR3QF1b73DUngYZizZoxi4
+zFK3hJIaln6yaq4VLKImcJzGwf2H80nYKD+cKEo5vFiG9qnm7m6so2sUDT5YYW1w
+rGHDO3qJNlzF3R9cM4Fm/hi7UpABHwWqJ4wApX/HkPg0DQ0JXsgnCS4vr+uIgCbY
+m762QCDH8YvxEDWjj/xy/BhCVb6Rzb4wzJE9DD0+8+Zr3UVKhoPQWsNT68JFLUd4
+t8lMndnhGqQj01atU4lrq1T4bXO4USw4WUYM1Eh/9KvTfRxBlIvrWkEe5UamC1nT
+HxlrUqXfSg+69bXgh89wKqCTAgMBAAGjgaEwgZ4wHwYDVR0jBBgwFoAUyGqOsQ9L
+qqWIuKePkdvqM0ro1eIwHQYDVR0OBBYEFGYJoy8FC+jXyi0Q7O4CokLJZ2PUMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwMwYDVR0RBCww
+KoEoVGVzdDIxRUVAbWFpbHNlcnZlci50ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkq
+hkiG9w0BAQsFAAOCAQEAPS+Re8+Y16TsC07sv0TLKtOFqh3WUaKg0drF7pmruJc3
+xmc9ACF5aBvAOGA/4cVaVQ6qEtA42TcqxRj4RJynb2p6Ay4DAVRYnWYeYH6rjFOH
+a3xE8zXCrUUGpnYYP27plJMDhaM/uR3NUo7Tp9MagVqv/Iv+RUUQi7Hj8vWg5J0q
+ggpJApU8GeqyPsU81Hh4ZXG9go1iQN/QH7p1uYpf4OImMTfsE6RvV1UXNX2fiANt
+1XrEyeYyCl0LEdoo/+vZmEj7XuBpVTHTdFtGDfnzzWyLg4K0J+1ZIsHXtivhnrSY
+aM5R0nE7+ziQV9S6U/zR62TrkQ66aMoxzN4SHgYD2Q==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 23 43 2D D2 5E 36 CC 16 FD 86 12 BB D5 0E C8 08 99 18 ED 9A 
+    friendlyName: Valid RFC822 nameConstraints Test21 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EB8AB9A7AEE01546
+
+UZAlaUbmYe/AhCF0Q2dNOjEozcyEB8Ehh/EZCOmsO8vgEbaUT06tbiqpnOJBHdVM
+O9ke33cg54p4g88LVCQWivkEopFW39r40Zya3R6GBP5ewbr/qIIxA7IbDpUhugMe
+FARBWk/521qovA3qcp4hB5PtRIR0+aVaQNe+iEISRMrBlr/87u2rw+shuQnP/K/V
+optX+6PVMQxTiJRMCaJ6EgAF7bgU0ti/3/1r8MBUqpkMEHUCbu/v9i2YdfGWKzpD
+DgL0dw1b43R9hPOR4vP+ytBp3hltSXvqeg4o8dNkbqqqG/Gb5+X5W8de09AsuBya
+rS3xhidIq/L+EclCKCM89zVcZlbuf+wCPGw9Ob8FPIDASw3hk9RCHg/rlXoBcHZw
+uzU2mrsMV4IAwK9ydSAit42DT3FH/s6WlePt64FRc7kMJCqA83h6pNa2f+kKKUGV
+SsIfc64I+6sJWp4qN+HGTQm4dIp0U6upBkMKogwrMtB4rPmGRCxyEK6TGrVj3NJw
+P2wwyKhm9CxsCF56lkDuBcOqUGu473Pqm9ylZ6HaNF3nMShYL0f2N//5w9OPbBUH
+lFWWXj/RVTBnHjeiFKAjJFGyB4kTihC2tzwbufT+o0TV+bq/MTYjsN+9+bm/vC4M
+kVrvvXlRMVOUoVKBqTSWeSD3pTnd4FQyYivNQdss8w/8LHXCv/VTA1IjQwiBEx6q
+KKAXXCXXrN3rjaEMrpov1tEztDHn9lBX/clH4whJ+AJ3Sdcgolcuw/9dhxRFfG67
+XK8QPDnUL3YGarueoOaQloneUHTJSEEsVFaMk97S1oAfOzW0cjizWGHYQU4RRBJk
+4c2J7opvGlpci2LeGb+4ZWvJ8/qLGmLPwtmqNgNWXvRRvs8L0I9KZqbgQ2bGTSWJ
+RSx+ErLDj7qw88xF54DJuivLaREKctKzkmWTSAJq4oWh3bbeSKO4B3HnrE3YRkEK
+SfkspCCJmEhrXT9qQ2wz5v4lqO6VO5PZ1NDGIKcxRhNatjFHQ5smCaN/ek2mWIFy
+0o8sLsVojXVAYqHiBaDwjJs30MEQIliS9sUQOqQb9DPg3Tjcjl0/yLYF/WA41KyA
+SWdNIZ9uRTJeBjoANDseUNoAnWXus3aYb+ZIhgugwqwVFX5FSp6vjxXBGQaiYuz7
+tg5u5oO6BZpVfb0ITuRWaZWbbkoN+nPKoHOgY4Zd0P5RnLfJMHCrbGotmSleOcj1
+zWgZEsi0yFU/GobJUYHDQshKIG9JIchLCHK8/gtXN/rat7JIFdGDcQlYHZn9UpQS
+iC+vFmfwCkhMmNBs2PRIt6aCAeYSBSuM/IXIVhCxyGt61NkppuKcx98/7s5DglBM
+AKSxyGwiyf8Z3pQTIczcDhsjJobD37ygmdGLuOlrVBbRRbttZiPTwq2t+lJby7Zt
+3+STA22gzy3LxCWenKg0laVanUfdsAZGF0Z02JiZFInA5FlkFee9rrjaaAdWtw5j
+A3Sc9/0r/rzrpkZqJKc9KHW3DeiJhh6cNfPyRAgv0GJw3N9S6Y0Zc/jO1n3rIk+5
+wGsXZEim6V/2ejC+As58ERaKI6y71v3Kj54yUKIpvaCJkT9TmLnnpw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23.pem
deleted file mode 100644
index a73a4af25d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBRDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0
-cmFpbnRzIFJGQzgyMiBDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMPZ
-S8+5+/2AgG2N8tsByPeKGxCC5bOrNXho0b3fSjvK452P3luNUPIf46KvIBU6UYAP
-4rGMqcUdmgFD+PdXq6TMW8bWNuYRICw6c6ni5uyre5bovptoJCsmBw/IqinDoqbO
-Qyoq0YDltds+lSROlTUCA/7qOBHOdwpcjhVfYJSJAgMBAAGjgaUwgaIwHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFBQbKzZmdEuTqzFV
-h6QxqzZjbzXJMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoEUdGVzdGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAsOYxl05xGFDRHUO8Myp9EM/X
-ahfChzUabmgo1Tqpk+TLbxcZw+GfesxOp+jCd7jtTBJKhB0HeX1vaCVUpURbWEAt
-fuE35slQQr/c9dgwCw/JwBNdkFFT2z/73nDEN96rUK3GYs2OO8OJVMqdKb4iBUxH
-M/bZyCy4CB3+hthr4to=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid RFC822 nameConstraints EE Certificate Test23
-issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2
------BEGIN CERTIFICATE-----
-MIICwTCCAiqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBSRkM4MjIgQ0EyMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-ZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTswOQYD
-VQQDEzJWYWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRl
-IFRlc3QyMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo+cdyq6LQoFUo5dS
-h+bsp1TvEaw5776yXg8bXkMcTO+fJGshnWYoTUk7mQwcFnYm5+dQzSLHZTh9dgR5
-5m9ZSKGfmbnSINvGuU7oo9cqEwKrCRzqj/X6MUoyaxQyDW/ft2mTXpPCGrzDaF/S
-52lsNu/rubHKKmmb4EaoVJaWHUMCAwEAAaOBljCBkzAfBgNVHSMEGDAWgBQUGys2
-ZnRLk6sxVYekMas2Y281yTAdBgNVHQ4EFgQUDEZstH+dSCRcJPrmvd6knN2jPfIw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAoBgNVHREE
-ITAfgR1UZXN0MjNFRUB0ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkqhkiG9w0BAQUF
-AAOBgQB4NROaQv0DDKJDl5t44LQ0cosk4/w98WmDCkXF7RVxhFFMApnHJBOQlEPQ
-CnC/fGcChW/KnYKsDnCSAPJiq4D15SYa9EVMa1rw7wCotCVbvjfJezZrheKmMj0Z
-nxIJIutwJ6pOY3gjJRxCRNx18S1u0vhD93uN36wKM1cuWaA+8A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:14:1B:2B:36:66:74:4B:93:AB:31:55:87:A4:31:AB:36:63:6F:35:C9
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        47:93:cd:d6:9b:31:b0:dd:6a:d8:c4:e2:5e:3a:73:cd:2b:69:
-        5c:47:1a:75:56:6b:56:1c:a4:2f:c2:66:4c:6b:a4:9a:86:53:
-        fb:26:39:3e:61:d2:14:1b:85:1e:9c:f0:1e:ac:c8:c1:73:a5:
-        c3:29:1c:c6:12:21:08:4c:4a:5a:d6:1d:21:4e:eb:7d:16:14:
-        a4:a8:18:07:2e:e9:31:ef:39:ce:f8:6e:2b:d7:09:c1:ad:be:
-        6a:c3:d8:46:24:95:12:ea:cf:2c:c6:84:50:bf:78:31:91:79:
-        35:8c:02:47:d1:11:0d:aa:55:34:22:d6:d4:a2:ac:be:b8:07:
-        60:3c
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS
-RkM4MjIgQ0EyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBQUGys2ZnRLk6sxVYekMas2Y281yTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQBHk83WmzGw3WrYxOJeOnPNK2lcRxp1VmtWHKQvwmZMa6SahlP7
-Jjk+YdIUG4UenPAerMjBc6XDKRzGEiEITEpa1h0hTut9FhSkqBgHLukx7znO+G4r
-1wnBrb5qw9hGJJUS6s8sxoRQv3gxkXk1jAJH0RENqlU0ItbUoqy+uAdgPA==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23EE.pem
new file mode 100644
index 0000000000..c15eda6bca
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest23EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 87 06 91 82 82 EA C8 C2 CF 2C 97 9F 19 BA D4 A5 3B 4A 4F 57 
+    friendlyName: Valid RFC822 nameConstraints Test23 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid RFC822 nameConstraints EE Certificate Test23
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA2
+-----BEGIN CERTIFICATE-----
+MIID0DCCArigAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIFJGQzgyMiBDQTIwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBrMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE7MDkGA1UEAxMyVmFsaWQgUkZDODIyIG5hbWVDb25zdHJhaW50cyBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0MjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDH97Obgu2TXLwsB+kAldNq3ukQyHc30y36W7dtTniOxGsEMu0pAGqDCLjHvAcM
+NnebR8UQCYbwW5ooli8mhSBwbic2vrs4ox/Zm1wSePT4QlcIme4mru3mL4cDx9jK
+gaRBsa3pOtanpaT2pcK+9PK1RPJiivhLwdBdg5u8TQ50te+QJpbveTyNEP6fd2d4
+0B3ebPIGwxnAZ1OJw8V3nbH4yrGsxHebvPkTooDkTVOW3OkWG870k2m4UgQTs0bK
+Cr6nfMZLh9UHHHSqkhKPATYBUEC78qGG+dJCYmv2ufkdD5Y53WmcI7I0ox5MDBOi
+PProYl1M1eoY3Djq1G522kJpAgMBAAGjgZYwgZMwHwYDVR0jBBgwFoAUUYDN+kly
+SDztDk4Lzs4fQGUScKAwHQYDVR0OBBYEFBekOG7BL12uA/XHxR7u1gLCDUlLMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwKAYDVR0RBCEw
+H4EdVGVzdDIzRUVAdGVzdGNlcnRpZmljYXRlcy5nb3YwDQYJKoZIhvcNAQELBQAD
+ggEBANk0lkglDUSef6Hd7yu/Gqplwo8xx3HVg9x/+T2pIKeK+hd+K97gt0ZEzjjw
+5ul4LabIQFLS2hpT0F1jc4tjfh4pITMW6LAUzAae2LFbHguO3nb3X7/gSP5Bm+7x
+Ppk9eZHoIDFqKKnXbzezK/GOIjnK4zr1u9xVOqFpjwjVgXdvQ1EvjydJwrwcygEX
+u9OY5AUCZ2I+cT3K10Ms+bnupLizv7HCcQuQRLBd0B55z5MtiBhwiju8qJzxoX9V
+hUmOVgSzYdLKZRPlRHzNmZoE3wi5cg+8nIZXyk/+CrZGrbN51P54RvbdDGohocln
+egEMHQLtjaba5v5XxfpHPn+wqyE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 87 06 91 82 82 EA C8 C2 CF 2C 97 9F 19 BA D4 A5 3B 4A 4F 57 
+    friendlyName: Valid RFC822 nameConstraints Test23 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,82F1A219404E53A7
+
+R3BFruUHg/5j2+w+XN0/4SVJdWqtKM6U9AiTd8nmxoz99xNvQCxhyhGlcLU4Fhjn
+ED37DGduwuDNnD0xXk2KJuy5lCj0NMIbIiTTTg211ECGNet8/fYMjJ1xlnbAcdJV
+w11InQRl/hYPLkXrjQ7VJD8EiN/KdLkMRLTBVCzlHqIrwrkLWUJVXQzpMYfl9Idu
+StD0y/+dzqeGNnI2c37+bTzWwgpks3E0kor/3SxmYkl4p8bJb5TEro+24Rr/SrdW
+H08/WEtJObqdAcm6QKQXF5EQtmUk1j+2dAT6Cc5bhGpfzjE8nUbUmLzo20qv9VKs
+ff3c4f9mWBXPIF5Qvp1YYzXElHn/qiy1H0o19xSg1tiOIfqsSqnwYltyQBbrAFjZ
+WhZor+SWdUT61uwyuwOySEOS0VHKARCptex5lyPWsiyRs+pyCMd9uH64fLGg+w8U
+6qZ97C6XlfDHT19w04CrQkTSdYav8xqu2PJxKeFBmREszayXUQP33owh9bKVb3nd
+CZVPykBAZJgA5R6ajjvqHhUe3ilw2DZ+XB0QOgSf2XjK3gnpyVaygAh5nExUeCG8
+IDojFKEO7ZK6RodfWA09jeASttvwgFLhrWcNl+y5SGj+Bj3h9Ae7NrPxbDvXfID4
+JeAQ9bsAX2NdoUIJT4tt3ZLV16qoEDubDUbTeKBK/WFk7DeSBUM3TMsMpqZVhDIZ
+neKPt3W+wLQ/YywwaF/+nd2Y/g6iKFQUvK225WJBLqnww41O9EFgrJBGTJ8r2G43
+rMyjY9nHZG8Mt8gasR+0Gr60SG5ZSTv7WATFIjWacptwQYqNPG/aSivz+q+kypUV
+wq3jIJ1nD2Q6Z+JXmkJBdxrFs0OOfjpWxl6+YhPYBed4pUy2J+PtNQ5gfHcBfnZm
+1mutaMCAJeRLZ20YP7zjqUMbmPoHXqWrYOGH5fna5jjRj/ra2E+CULnlU1c6WES6
+qspypZeomFoDHA8LthhKPWQfyKZ+d3a4AbV/RWG85pEkN/Nq9dmk0We4orRi6sm9
+p87zabdO7+FacDYS8L2jLBpu7zZYUqLBIa4wkUEHKK9iuCzs4Ce6q0pX7JcQuEbX
+RkggqEXh9GpR1efuvZkr5c1CXZ9ib1mKO5fc4OctMNw0nea467biReXYXgZZ+2jZ
+Gx8zOGZS/r/DtCWu8BNdcM6flNMi/ZOcSODRGkuvQEwp/xVO8R6xAaGbR6LIzGRw
+nR7SZm/o4ua9by+Avs3A2gmfsgThOR51BOdV24y45h7JiEG8227ujkQs8RHORWu3
+gIoKZ+Q9HDfwH7v+3NaD/r9U3DzUKmcJVj/JLIIXpyMcQHUgW7o3ZzfUDqOd5igm
+dOipz8FDrjmIOz4ZvOKznC/TiPuFc4YMyjp4s3FNrhXegkHavA2OG/kIZ7IhSx0j
+ZJl9fJ+NiJwTK+OX9wQsdA3qlfV2MgvB3Sr4UFVQVeIPHcXhHSuRivzV+8cQYCNV
+PyTNVADRci2QJ7+IYZEv7gEwT2BCZTnriEEEkzxKNARlpQ/4UJY4mdP2aY+1MGaU
+YUaGIN3f80Yh2WVKR/H43lWTR2w5j5P5HU130JQ2npXCSDsSHoGz0rbGNyftAhuQ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25.pem
deleted file mode 100644
index 10308cf5ee..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBRTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMabmFtZUNvbnN0
-cmFpbnRzIFJGQzgyMiBDQTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMii
-1odFMCSlNLo+1reNBLAhQ3rkRllmPUUfznMkHE+tVOXNCuGNSPuCJPQNO5495PH/
-vsBZUVltMrhOpo00ibzoFrcLwaxj5Gmb8rNV/aPwDiRX8frLslhpw+QEjxMZKP8O
-bdOlItBR3dFauvxrwLz1DUUlG7aX/QoEtws/fE59AgMBAAGjgaUwgaIwHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFOq3bporCYA2Z2m1
-jdo1pYY9KXgcMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAmBgNVHR4BAf8EHDAaoRgwFoEUdGVzdGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAcyB2R0h4mQZ671JhQ0r6cmPF
-iaEHtdJL+REJT8yGWiERgT/2wh65vHtCierHK8+0aJ8Wy/nJzUAWcKeGESTPVTey
-IxQg08VdFJIohXm1lvJ3hfzgHIcFPk2tXZvYSk3qYllYHt8tGCoyh4p3q4vpyTou
-HcOOTD0ogzE9KbjD3Dk=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid RFC822 nameConstraints EE Certificate Test25
-issuer=/C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3
------BEGIN CERTIFICATE-----
-MIICzDCCAjWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJh
-aW50cyBSRkM4MjIgQ0EzMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-ZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTswOQYD
-VQQDEzJWYWxpZCBSRkM4MjIgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRl
-IFRlc3QyNTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjlu9aIQ7cGou9j2L
-/SEtM4QWvsfK7siztqNkNsuSWFgr/pOI6y6+WOa6B1E+I7zZryvHOSmqtpBzPOeU
-RX19iAHjT3Rf8LeCHS75XCCtVUJJJ2+pJn8hON1vHSQGgHzD+kOPIOwj0ihYD1f9
-xUMHM6MiPsEODMVFGitWAPl6P88CAwEAAaOBoTCBnjAfBgNVHSMEGDAWgBTqt26a
-KwmANmdptY3aNaWGPSl4HDAdBgNVHQ4EFgQU/PF5qIYkniJoxi4J3d64bj3SNwUw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAzBgNVHREE
-LDAqgShUZXN0MjVFRUBtYWlsc2VydmVyLnRlc3RjZXJ0aWZpY2F0ZXMuZ292MA0G
-CSqGSIb3DQEBBQUAA4GBAEwywYR5b8qm30lTjdBl+YvBheITfKcGdkhFRgdAZ/qg
-IfBhWHt3xf8SXXLMoEk9jhuyJ9JGSLY6psPYhDhkqswRkPhJgx5yOc2D05JI0CEU
-RSr9LZE439pCWHI/qFp5e0mvQEJthMvapGETXniDUlnihFlzS0Wv7pzlG9JbHmz+
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints RFC822 CA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:EA:B7:6E:9A:2B:09:80:36:67:69:B5:8D:DA:35:A5:86:3D:29:78:1C
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:6d:0a:0a:c4:67:91:af:de:5d:89:9f:fc:df:e2:7a:7a:52:
-        3e:4d:ec:50:b9:46:83:3a:7d:2d:9b:5d:84:8b:6d:ba:bf:4b:
-        41:74:e3:3b:c1:90:73:a2:83:02:4f:e4:04:b8:b9:7a:70:7b:
-        0c:bc:59:f7:db:83:93:00:87:98:53:43:a2:71:d5:2f:d0:fe:
-        2f:c2:46:55:d5:64:54:01:90:72:4f:a2:37:dd:88:b8:3b:63:
-        24:df:d3:ed:7e:6d:da:2f:57:9b:cc:d7:96:67:48:7e:a5:b0:
-        6d:cb:c9:5e:e9:78:58:c6:be:f0:cc:b1:16:e3:4a:57:45:86:
-        90:12
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGm5hbWVDb25zdHJhaW50cyBS
-RkM4MjIgQ0EzFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBTqt26aKwmANmdptY3aNaWGPSl4HDAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQCMbQoKxGeRr95diZ/83+J6elI+TexQuUaDOn0tm12Ei226v0tB
-dOM7wZBzooMCT+QEuLl6cHsMvFn324OTAIeYU0OicdUv0P4vwkZV1WRUAZByT6I3
-3Yi4O2Mk39Ptfm3aL1ebzNeWZ0h+pbBty8le6XhYxr7wzLEW40pXRYaQEg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25EE.pem
new file mode 100644
index 0000000000..cbd0c58a71
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRFC822nameConstraintsTest25EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 88 BB CB FD 18 80 A8 9D 52 3A 36 D5 FD A2 DF 9A 0C AF 02 29 
+    friendlyName: Valid RFC822 nameConstraints Test25 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid RFC822 nameConstraints EE Certificate Test25
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA3
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMabmFtZUNv
+bnN0cmFpbnRzIFJGQzgyMiBDQTMwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBrMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTE7MDkGA1UEAxMyVmFsaWQgUkZDODIyIG5hbWVDb25zdHJhaW50cyBFRSBD
+ZXJ0aWZpY2F0ZSBUZXN0MjUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQD14E0HjPDPTkFDMDJGgWqJtdxDgR9z+/bmgopcNwzghAjljVUrFEJ/WIiwcqty
+QonLqNdWtdXrI/0ZuAEhEohgCTIv6xqlhVmryx8w+J1N3Bg+fTlhymbihunTV7BG
+8iGjnecbPaMJ0H5Evgi1XBruq9ALU5UHsujvPcRnlJPToOe5K1RSdDK2trDPfxMV
+zapzN/pIPSnuZvjPiF1TaRI5fEd8yNYhyIoDYU+W4ZCbqOhTmBUGnKde1dNWtMhH
+fFLGWgbbTt94ZK1oHAHAojeWL/bC4WZn7xKYvf4loyiUUPvL9Z5LL7cFJfH/ww1/
+N7ZzlE2Uln8y2vJyg336IE5lAgMBAAGjgaEwgZ4wHwYDVR0jBBgwFoAUmro5Tdoh
+da/qQcM8bFHYqEWpf6MwHQYDVR0OBBYEFCSLs+Nanik16QFtO2bqOxm18KTbMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwMwYDVR0RBCww
+KoEoVGVzdDI1RUVAbWFpbHNlcnZlci50ZXN0Y2VydGlmaWNhdGVzLmdvdjANBgkq
+hkiG9w0BAQsFAAOCAQEAXCL3x2CoR+4+uBv3/rjM7X1cWiSc89+ydAsWHOVgHpI2
+nnxYPijuJTyiINCNQCZ2xReOMbd4IkhnaKt81hThsHlulDhBc7j9d29RfkA3KUDj
+QpIWZaBJHhe1668ETpOw/CHBPGfmPb7GhCfL9wZxeqqTytfgBhXHVd+W+ZOlGUPk
+8Ag1yGqnl0gmKXycSTR5uAAQvzwEz9QM2ZOMWF4N7WVEZMzm1mtZyWlI0MOzEEed
+A0j4FLWEkNh+6wf/wQNpDKNSipLnRXqE78IhKqBG9cR8+PDIjexXNCSZ/FvgU0k4
+PrbtJlt1IBitxYNFyXkq5W4p9jeG9li0wTktImmm3A==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 88 BB CB FD 18 80 A8 9D 52 3A 36 D5 FD A2 DF 9A 0C AF 02 29 
+    friendlyName: Valid RFC822 nameConstraints Test25 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E966F48CB3EA6A19
+
+qsOLayseOi+mrut/xPkTJnpBQxljMYMFBYwJyELQ9UcApYfUXk356Qurl75iUtf0
+zAX+fUA5o4E/Br7kuve26KiSdE/GfGHsaQM2PYgGMyp4paJ/Wzr5LX/9CFgRb19O
+/9+52zUGto9/QPxGXWsmVqveMLIEQaNkXzLOGtb9QANlzf+lM+IAC9UjYJFVVQQ+
+8ces3QEZ/WwjRWV6ViX+keFnhEQiYZ21rtkkP0Ofo5ddNzrySU/oF9DfvFeiuKv8
+dKLbsYmj2pP8Cw+R47k88dskVxmdv8QkfBqothHAuN7KmV1VUeVDO1FxzgWJVyYI
+WCdBzJcgNJCmNgcSMsDCZ9KG8lsjJ0Iw1CMih7WjqsxPk7UwnKiXjN/r8ac4xApi
+PckwSl6/HiBuwrQkYU56JHJTtjQ7qudIdsxrzquRmNS90Zu19H5WH1YlNLdUgxCE
+Y8lMACZTBm1NCcYlkKDXTflcskDj/+BssECjCQx8fSiH1Uao7jarbqWLRujw0yQX
+d7/qTp2B6q+ptgvNjPr3nThZiZ67Mm5SXrpMcnZmstIw/ZjKuvIA1Vap65u3YGR1
+c/wo3tY2Br3ZN+bSo/CZpwbo9r+PVdWXG1xnjMqbVhfX9ASzGMpL/vDhz7YH12az
+ER1MMAr2fj2O41mnfeFw2V50aUtj4v5CZCvdXv4+jNjkLV3VQPaNmVqT18Lvr4vg
+fC/oXKsa5FNm+5IN9Hdd+GDZgGDHuvavfVhF1BwUhlH96A/7ZUFFzIV/ztftLY4P
+tigYL2XhxIkdCLhgz+lEkK4lm6E95JXDSwsQkHw7USqm9C3ARktNLW+HdL/ccoV2
+wzoWr9WQ91TKvAToE8W0TlW2OCneQUyXxMLI06dp9OyB9e021B32prB3D2gNlc6m
+BBf6ZWGtUSts8ZfXStgwj9ZVUhHRA6Aax07EY7fiUNHsPEm1iTOsiNm9zaunL2N4
+yBiN85xoFxYqyuRJP87jXRghCr2z66gxY1ShqCWPKRm9rZxlQpjgCS0lfLl9u42W
+5Lie5fgQmIHDiXZsrV39QHisendf0MmazW7SCU0Qwb/ZMLipviDvkdzG3R4qmieY
+fEAkzhJQlG67ULT/NYWf4h06un+BywOipUYDTUBZE5M9HPhfMvso3eW40D9NhaSI
+2BG8shP1/LKn1tvUqTHsrIXCa+D0Ir5yKDxoYt8MTrowNCcF1JpOa9Not7PsSebM
+1VtvBj1rWmuSKlRxWxS26eEbhg8N9i5Wnt9i8GiysGgpxlYD3UsTFuZKpCJyt5P2
+h7y9MfXR7ePZssUwL6ioqT+m3G74ZxUD/aLx93pRweze0gkHd91qcsz5TkB4K5Hz
+l/yyGp61nDPsvBLa+1BH/a4jERlzDx6LA3BbPeciZXBPurhVx5AyRpNmwDFOx5+H
+D4sfInJEZvRKRQiz3JlonipdNic9+JTzxufcD4g3CdAOAB8R2hf4/uvTqYa0agqW
+GrNftdaPnzYt7WM5JdOUkNNwHFfE/PiziacuMz5PWdi2VNjj7VH3g3/2HVqWwRzp
+MQTGF3gePbYZdekHCSGWNe0fgaH+DYsOzR98qbK7Cr/BMurlXyQcKE59NGu2UIZA
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest1.pem
deleted file mode 100644
index 4ac8a81b17..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest1.pem
+++ /dev/null
@@ -1,264 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid requireExplicitPolicy EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubsubCA
------BEGIN CERTIFICATE-----
-MIICgzCCAeygAwIBAgIBATANBgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAqBgNVBAMTI3JlcXVpcmVFeHBs
-aWNpdFBvbGljeTEwIHN1YnN1YnN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQx
-OTE0NTcyMFowZDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMTkwNwYDVQQDEzBWYWxpZCByZXF1aXJlRXhwbGljaXRQb2xpY3kgRUUgQ2Vy
-dGlmaWNhdGUgVGVzdDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMtxfTwK
-0K+ya1KGbTjYgKKhZIQ/LGTa7Dspd7Z5tOgMptNRXcZxWTMotzRgl1ndDpQ6VREk
-JM/VBmbP67g0jwIe2n0QcTFkThPANsyPkdUBXahvmC0VEeIMHnflvqjN4vfK9guc
-6nG0XfBZ4/Jlx6SFvgoO6wm6XNtrMl32qwUjAgMBAAGjUjBQMB8GA1UdIwQYMBaA
-FJTXd8VxKtTTGW/0USC22qwIMuOvMB0GA1UdDgQWBBRUf4tLtvX7PjlUltzRvRgg
-phdo6DAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAnReGZHvu3NJz
-B3B+qMmyfqUmW5eMxNjHymhuRDw3NXTmT7SNUL8O/NC76haxw/5HDE7rVuvGSPl1
-qhciDJOmTF1o09zDDjDM3tlXUvqC2Natm/Xew1+Hy4hfzY90CmlUuUGpKpzQ7SYt
-mHl+zz1o+9Y1jZSK4yDs5xcPnisoUjQ=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 CA
------BEGIN CERTIFICATE-----
-MIICkTCCAfqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGnJlcXVpcmVFeHBs
-aWNpdFBvbGljeTEwIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFow
-UTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSYwJAYD
-VQQDEx1yZXF1aXJlRXhwbGljaXRQb2xpY3kxMCBzdWJDQTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAvWfbIMg2LdPn/geH8Jo29/G6XSDCQm/MPINuucCdUSjA
-PBSponYKGMQNY//7KhwbVj2hQlgl8U6gw0rvIml4YaZmR3SPUXl2O0BXiiFQX0Qi
-bJ7NRaPcgrg04Fl+W19wk2Q2qGBrc1rMCDSG7ZBzwqtJssJpgkb4GSnoGr9FEKEC
-AwEAAaN8MHowHwYDVR0jBBgwFoAU8+kmmZYGhsTVonvsubClbjYNFUUwHQYDVR0O
-BBYEFKNDYb56GPOuZdF0vMDzMPzWBjqUMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAE
-EDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOBgQCX5vf2fqbgsOCFDqP5acUsKiSiuP31Oj/Fy1e0Y1LBph3ZtxRTkqZGIUI1
-imjbT64NLWvt2MMmfeHOlEU/fSRxevhRT+yRUmfaJuw9NBepK1oxpRtJ5tu5cr7E
-WyJMT/zv3wRloA23Feldchzxg6rqsM1LybyAtXXo67sc/EUxdQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBKjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME4xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEjMCEGA1UEAxMacmVxdWlyZUV4
-cGxpY2l0UG9saWN5MTAgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMyF
-/T/s9w6HU3LcURfJCjhjrP4PxbYbTP/c4wcq8vtx+8gb8P6jkdDvpJms19NcshfK
-DnR2b+cp6PfbAWx31AqcF2ynuU/C06PG/GQvNUhC69RziLxcHSMkThbnbN86ccr6
-d1WWb3Mxlkmtc7AhKHmORoz/Kd0b2Poi7L91o7+VAgMBAAGjgY4wgYswHwYDVR0j
-BBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPPpJpmWBobE1aJ7
-7LmwpW42DRVFMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAEKMA0GCSqGSIb3DQEB
-BQUAA4GBAC0Pv/aS8/3mmgB+R0A7UTvUGedE/M+DOOM5G8+dwZHjApQbuHYZjwQo
-Yrf6759MH9wKAYOcaJTgFJWFJuwjBJuWQuiglk8tcKmufVqHgRlCsrKtz312inHV
-NfxuGrViA3gp1Tr1fiXjG0gcgyT4QEnripDTLKvpHbOtMWZB6hSS
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subCA
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTEwIHN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowVDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSkw
-JwYDVQQDEyByZXF1aXJlRXhwbGljaXRQb2xpY3kxMCBzdWJzdWJDQTCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEAqwkZLQpMq2d0v1R/PA5wl+lyQlnehOszQk2U
-0zfHPGI4vJ1TIZZXYpOjVyfodG1wdwO3RCHLzguwsbk12RVNTls+kF2Wu3LtLtMi
-GSKx/imJiKw+ARw6sqBHmrNE9L/1C/e9rb+Su1kZ6WrtOfSAG8EpySytu9zTbGJF
-1YbZT3cCAwEAAaN8MHowHwYDVR0jBBgwFoAUo0NhvnoY865l0XS8wPMw/NYGOpQw
-HQYDVR0OBBYEFG1oMf35X1L5+y7aRMLPezaZ2P8pMA4GA1UdDwEB/wQEAwIBBjAX
-BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
-9w0BAQUFAAOBgQAbOLTRc1DEC+iOWixska5o4gEOfAPSHWymjRYit+VYE3JdjrP9
-2hbIGQSrLlK8QQ0+9VkNsfncjCydV7J6Q3c1rPNCvd6dlfAzy9DfnXADu/vZuxBs
-pJ3B4EuSv23hMHzjoNnv/iGUnzkrLGfMPPYlB9t8jrbySU1lYX8FcD6YCw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubCA
------BEGIN CERTIFICATE-----
-MIICnTCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTEwIHN1YnN1YkNBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0
-NTcyMFowVzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVz
-MSwwKgYDVQQDEyNyZXF1aXJlRXhwbGljaXRQb2xpY3kxMCBzdWJzdWJzdWJDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuj3CUHlGX/JYo4Qsdmbzns192OxE
-IC1a8Yc7HhN9/IeStb9BATFCI4MyFiHofxoFG+oPzs4nRkOqmOju0VXYhfu+01j4
-LTKp2iwNleLbIe5CZ/PWasj9ixJfWeMe19fszNKvtnBmn+rCIqimOKmKPh7FIMgk
-IImKUwZ2gV41wHkCAwEAAaN8MHowHwYDVR0jBBgwFoAUbWgx/flfUvn7LtpEws97
-NpnY/ykwHQYDVR0OBBYEFJTXd8VxKtTTGW/0USC22qwIMuOvMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCQJ4CoH8d7JguvuXoxhetUWQz+kj/kW1kbW/vjxhHE
-Ux4rnRd8TUhpocdkzp9xRLF8BvZFw4HwwFbys4rENFq/VpPzIFqIW59j1bvSQzjN
-GWZp1MtaQuhSGtzwc4dfCl/1ozQVVkcjpT7n9iZ2JMYNGKLSmmuFMMLGoViVq0vo
-mw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy10 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F3:E9:26:99:96:06:86:C4:D5:A2:7B:EC:B9:B0:A5:6E:36:0D:15:45
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:82:73:e1:99:5d:9f:9c:27:57:43:f6:74:10:b4:76:e1:d6:
-        bf:9a:de:84:8f:9b:0e:a6:ba:9a:98:06:fa:ff:c2:a5:a4:cd:
-        5f:b9:8d:4b:e1:67:e6:b3:e3:2e:5b:ea:e4:d9:9c:06:42:c0:
-        96:81:40:e2:99:32:24:c2:7b:d1:47:2d:32:42:c9:7c:cd:09:
-        aa:c8:1b:bc:a4:d8:fe:6d:8c:52:79:d5:81:70:89:78:b1:1e:
-        11:2e:13:69:45:28:55:66:43:1d:61:40:fc:1a:78:ea:23:98:
-        44:66:df:15:8e:d1:d5:f9:82:7a:d2:2e:ad:36:8a:03:ff:04:
-        8e:09
------BEGIN X509 CRL-----
-MIIBRzCBsQIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGnJlcXVpcmVFeHBsaWNpdFBv
-bGljeTEwIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNV
-HSMEGDAWgBTz6SaZlgaGxNWie+y5sKVuNg0VRTAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQUFAAOBgQAMgnPhmV2fnCdXQ/Z0ELR24da/mt6Ej5sOprqamAb6/8KlpM1f
-uY1L4Wfms+MuW+rk2ZwGQsCWgUDimTIkwnvRRy0yQsl8zQmqyBu8pNj+bYxSedWB
-cIl4sR4RLhNpRShVZkMdYUD8GnjqI5hEZt8VjtHV+YJ60i6tNooD/wSOCQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy10 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A3:43:61:BE:7A:18:F3:AE:65:D1:74:BC:C0:F3:30:FC:D6:06:3A:94
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1e:e5:78:df:47:b6:e0:42:9d:78:6f:f5:38:37:a6:fb:e9:8b:
-        00:16:34:fe:da:ae:70:4c:b6:b2:3d:53:7c:ef:58:24:b8:87:
-        a5:c0:ca:7c:fd:aa:8d:ba:2e:76:fd:c0:9a:f3:b9:70:a8:43:
-        13:41:22:1b:51:ff:00:20:32:ae:ab:6d:44:ec:b8:7d:4e:4b:
-        d5:86:83:ea:98:64:cf:0f:dc:f5:2d:52:ee:20:98:a9:49:ad:
-        06:b6:39:4c:d5:1a:94:a5:22:4e:ad:b5:ad:14:64:49:e5:6e:
-        aa:63:9b:36:28:9f:5f:dc:c1:03:7e:7e:c2:ee:48:63:19:7a:
-        04:f4
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTEwIHN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBSjQ2G+ehjzrmXRdLzA8zD81gY6lDAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQAe5XjfR7bgQp14b/U4N6b76YsAFjT+2q5wTLayPVN871gk
-uIelwMp8/aqNui52/cCa87lwqEMTQSIbUf8AIDKuq21E7Lh9TkvVhoPqmGTPD9z1
-LVLuIJipSa0GtjlM1RqUpSJOrbWtFGRJ5W6qY5s2KJ9f3MEDfn7C7khjGXoE9A==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:6D:68:31:FD:F9:5F:52:F9:FB:2E:DA:44:C2:CF:7B:36:99:D8:FF:29
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        58:cb:cd:7e:81:ea:55:5b:85:7d:b1:7b:ae:0c:70:90:82:81:
-        aa:5f:e4:5b:99:72:8c:22:bc:2a:ae:3f:d7:0f:94:cc:02:b6:
-        0f:c3:e9:ab:c2:8b:c1:68:0f:12:ca:f0:7c:1e:31:21:7d:38:
-        5e:2c:0e:9f:af:89:48:e1:2a:1f:12:e6:2a:b6:59:98:dd:d0:
-        ba:1e:06:b1:c9:85:b8:75:f8:a9:da:e9:25:6c:e4:9c:6a:92:
-        29:d7:59:fb:f1:80:c4:4c:43:f6:79:5b:60:a7:36:cc:64:22:
-        5f:f7:d8:8e:ba:1c:a3:59:d2:fe:1d:8d:5c:40:8f:0d:2d:ee:
-        11:4d
------BEGIN X509 CRL-----
-MIIBTTCBtwIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTEwIHN1YnN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8w
-LTAfBgNVHSMEGDAWgBRtaDH9+V9S+fsu2kTCz3s2mdj/KTAKBgNVHRQEAwIBATAN
-BgkqhkiG9w0BAQUFAAOBgQBYy81+gepVW4V9sXuuDHCQgoGqX+RbmXKMIrwqrj/X
-D5TMArYPw+mrwovBaA8SyvB8HjEhfTheLA6fr4lI4SofEuYqtlmY3dC6HgaxyYW4
-dfip2uklbOScapIp11n78YDETEP2eVtgpzbMZCJf99iOuhyjWdL+HY1cQI8NLe4R
-TQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy10 subsubsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:D7:77:C5:71:2A:D4:D3:19:6F:F4:51:20:B6:DA:AC:08:32:E3:AF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8e:42:22:a8:c7:94:5a:d3:72:4c:98:eb:58:30:58:63:41:cf:
-        da:f9:9e:f5:6f:3b:4e:30:17:92:8b:a8:30:bc:cb:ac:2d:94:
-        b1:62:ef:b9:69:3e:30:15:01:d4:32:ff:f4:86:c5:5d:8d:41:
-        46:39:52:a0:df:74:e5:35:c4:e6:08:06:58:94:ba:d1:7e:08:
-        e4:66:e1:65:8d:15:23:3c:e6:de:61:4e:71:5e:5d:24:03:bd:
-        52:ff:85:a9:ea:7a:63:37:e5:c0:e6:78:4a:71:45:32:18:c7:
-        7d:2b:90:16:bb:f9:35:cd:a2:ab:c3:8e:c9:db:6e:7e:62:94:
-        6b:ad
------BEGIN X509 CRL-----
-MIIBUDCBugIBATANBgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLDAqBgNVBAMTI3JlcXVpcmVFeHBsaWNpdFBv
-bGljeTEwIHN1YnN1YnN1YkNBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-oC8wLTAfBgNVHSMEGDAWgBSU13fFcSrU0xlv9FEgttqsCDLjrzAKBgNVHRQEAwIB
-ATANBgkqhkiG9w0BAQUFAAOBgQCOQiKox5Ra03JMmOtYMFhjQc/a+Z71bztOMBeS
-i6gwvMusLZSxYu+5aT4wFQHUMv/0hsVdjUFGOVKg33TlNcTmCAZYlLrRfgjkZuFl
-jRUjPObeYU5xXl0kA71S/4Wp6npjN+XA5nhKcUUyGMd9K5AWu/k1zaKrw47J225+
-YpRrrQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest2.pem
deleted file mode 100644
index 40479f9470..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest2.pem
+++ /dev/null
@@ -1,262 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid requireExplicitPolicy EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubsubCA
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBs
-aWNpdFBvbGljeTUgc3Vic3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBkMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxOTA3BgNVBAMTMFZhbGlkIHJlcXVpcmVFeHBsaWNpdFBvbGljeSBFRSBDZXJ0
-aWZpY2F0ZSBUZXN0MjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo5atW4GH
-rxxchJEUckmfckvxY4c4sEEgPZIouuIcHeQAIjEjMhCqHNWrA7WiQLldqLSridIm
-FWVRxn9/wlv3oMMbBlf6xFLjr24zYTePsIFWBk5ZPbMBKcl7XqfeuF4jJ/vh0lj/
-Bi9W9Imt5ZvJu0EHSkQzm+NNis/Tgd4aWRUCAwEAAaNSMFAwHwYDVR0jBBgwFoAU
-PqkwZi+ntCWIhGfJrZiTFfiWzsUwHQYDVR0OBBYEFDLXXehvdjv0hNKAOrzbFme1
-lGWtMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQUFAAOBgQBmbv/fgwsL3SAO
-6F4RmXOfTQTewhDfMQDEbwUJOfg7D09LIcIupI+cYY7iqjUq+gUeiAlMlL91ITlp
-oiKGUliex+bhygei8kSfmwT+l09yz3EPxCfdjY1k88ni+TedHBkoK0p7Q/uFG4DP
-Qk7DgGZ57nrx9maK4io59a/VTPM65A==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 CA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTUgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV
-BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTUgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAKzDYQYB3gcpzJVllE1FhnwJXEpyKjubhg5P3MDpRW9YRYSs
-W1O2TYeX633IhRRS8rsJW22Yzp4tN9M6cXqBTHB2+nwHtREHSxeSei31AnAu+2n1
-Q+XNJ9W5DLbdahLtURESEnEQSyViFMMYQjm7rxvORc/D9OIa4u+tx1ESGOGDAgMB
-AAGjfDB6MB8GA1UdIwQYMBaAFNXihi3xK2gXnA9evyu4ZpmeQxu6MB0GA1UdDgQW
-BBSVhouRNrt6b+KEFZDvRY4BJxZruDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-gYEAB/OvefFEki9VuKt6EwjvNLjvjT1581w8qKpdHgDrYthrMm3JIULpn5zaRqyQ
-KIT8uu40HzKHagNpfdHQ1HNuEQ9qwIAQvtqmtJxqIR+kdeKXw78cN+TJzqaHuZu5
-VTidhmlVHaY/50quu7qqGiIQR4bcYrb4vY+adBBgrpcvUCM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBKzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5NSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlU17
-mwFm/6Yf08lbJU8q1FquMr1IaWlav4Qh1/UUFR3cRicBZZvQNTpxTcn1jmaSj8xK
-Gm9pUmbmbJBqiDYX5p1IwR1nmsyXxnaYD3SYadHlmb2emlzu1Dg3l6eKvaNh6h3a
-F0XDS/S+GtadjpVmuWdMIiWWrEVIFfGAL2VFaeUCAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU1eKGLfEraBecD16/
-K7hmmZ5DG7owDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQUwDQYJKoZIhvcNAQEF
-BQADgYEAjjGl1NeCLiMI9MFNgftmCe1ehHkE+Qr4TSJQfw9qZ5p0SRd2aOxq7km6
-ZwhF/E+wsS1CEwLRWaK7LqCmFx+XacoXjJi2XP5UjctH1tKyJx2YBhYrfzNkECJl
-u3KBUohmTd/aICG6oVE5ErcFFE/evv7LioMT94kub91V18EDgCw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subCA
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTUgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm
-BgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBvbGljeTUgc3Vic3ViQ0EwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBANALzpI6Vb5grPqiSrzcOrNfPZ5pbbC4jjs89zo1
-RRGcMLQQt5wPHu1OKE6g2WXvikA0ompVqxKG7qeu/bTIcpm3CHowhRigOk/VJkCV
-Zyv9tdLzlWoiW2elI0uJ4BXsW8oU4sTxlx1/QlJbERwv1BwL5BQD3l02LP4vueE/
-U8HpAgMBAAGjfDB6MB8GA1UdIwQYMBaAFJWGi5E2u3pv4oQVkO9FjgEnFmu4MB0G
-A1UdDgQWBBQK52IWqA5PL7e4PyfIo6lfe0ZrpzAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
-AQEFBQADgYEAmbgnzwSut1UU/jNuzF9ZK+x79DmpTDAv12ASnAPUvZJ8RTQBxYlL
-C/B0gYZsqUnyaEoZAsrSYktMdA2qDedWGFB94d+LVbpHNoNvxQl+0qMTTLh+gO4V
-JIrQ5hj2npLdDHKNi6a91lO83NqsyuITezJ0Nuhbvf9KuApxz069EO8=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubCA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBs
-aWNpdFBvbGljeTUgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-KzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBvbGljeTUgc3Vic3Vic3ViQ0EwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALw7Jg17lRmWU52pn7qaLPiV7eLBCvpx
-S7uekBx+WtzvAVxUF+iI8whshUqsC4XzNHTs6BvS4QRwpixRMMMWwH/67kGAEADq
-lVYewPK7aMHMdDfCggIukUpy1DVR3KOc7rnVZ2tGKBbCFhAxPMXBgkketIAVJ1V4
-+3nRS/QGSxF9AgMBAAGjfDB6MB8GA1UdIwQYMBaAFArnYhaoDk8vt7g/J8ijqV97
-RmunMB0GA1UdDgQWBBQ+qTBmL6e0JYiEZ8mtmJMV+JbOxTAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQEFBQADgYEArpriBQ3ArOVFh+HujQ+8cIihYFG5ri+SairjawVwbUb4
-HatEUky9Nh9YAxGn1YGdBpintIpQU/0WljldKXxvH2yn6hMCNV5ql4hhorP2YfWL
-8+S80IboVToDPKsEdzeAxs5Xeh3BY9DgJPY9RmDgJcXqb6I+1P2+3GIxGDpF/jM=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy5 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D5:E2:86:2D:F1:2B:68:17:9C:0F:5E:BF:2B:B8:66:99:9E:43:1B:BA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        32:06:95:6e:49:2d:7e:9f:9f:7d:d6:0e:3c:b0:73:4d:2a:d8:
-        1d:86:f7:2f:61:f5:39:80:c7:b4:e6:3b:8c:90:1c:11:6c:0f:
-        fd:9b:c3:52:b9:aa:2e:bb:8e:25:b9:f6:75:b7:1a:2c:fc:45:
-        81:54:f6:49:69:e2:78:ef:25:d2:cb:1b:7e:f8:7b:96:d9:37:
-        ba:f4:66:8f:e1:e7:56:96:ef:76:bd:4c:94:0e:fd:a8:35:16:
-        d1:2a:69:28:29:96:18:8b:a5:af:04:00:bc:d9:42:ff:ea:32:
-        35:9b:3d:57:da:9e:a1:d5:e4:3e:e4:4f:4b:8f:5a:48:47:73:
-        38:5d
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTUgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFNXihi3xK2gXnA9evyu4ZpmeQxu6MAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBADIGlW5JLX6fn33WDjywc00q2B2G9y9h9TmAx7TmO4yQHBFsD/2b
-w1K5qi67jiW59nW3Giz8RYFU9klp4njvJdLLG374e5bZN7r0Zo/h51aW73a9TJQO
-/ag1FtEqaSgplhiLpa8EALzZQv/qMjWbPVfanqHV5D7kT0uPWkhHczhd
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy5 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:95:86:8B:91:36:BB:7A:6F:E2:84:15:90:EF:45:8E:01:27:16:6B:B8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        73:84:54:e4:77:a5:7d:03:3d:7c:d0:a6:ea:6b:70:82:11:10:
-        1b:9a:85:8c:ae:3d:8a:06:a3:2b:cc:a7:77:0c:be:7a:02:bc:
-        2f:13:07:ff:83:e6:f6:7a:99:1e:a1:af:12:06:c5:ce:1b:f3:
-        76:77:bc:ef:ef:a2:cb:96:36:3b:fd:b0:ce:5c:ae:30:af:9f:
-        ba:e7:16:e8:f2:66:74:82:6e:75:91:90:b1:59:a9:9e:8b:41:
-        37:42:0f:1b:a8:4e:73:31:e1:b1:53:fb:8a:3d:ee:d3:e4:77:
-        a8:f8:ea:ea:21:f5:c5:be:1d:b5:e3:79:27:de:c3:d5:45:b0:
-        87:24
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTUgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFJWGi5E2u3pv4oQVkO9FjgEnFmu4MAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAHOEVOR3pX0DPXzQpuprcIIREBuahYyuPYoGoyvMp3cMvnoC
-vC8TB/+D5vZ6mR6hrxIGxc4b83Z3vO/vosuWNjv9sM5crjCvn7rnFujyZnSCbnWR
-kLFZqZ6LQTdCDxuoTnMx4bFT+4o97tPkd6j46uoh9cW+HbXjeSfew9VFsIck
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:0A:E7:62:16:A8:0E:4F:2F:B7:B8:3F:27:C8:A3:A9:5F:7B:46:6B:A7
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        16:15:3e:47:cd:ae:b2:4b:8b:30:d4:ee:c4:1e:2a:d5:84:bc:
-        ca:b1:2b:a9:d3:37:be:f6:11:d1:1f:60:04:41:72:df:ca:d5:
-        0b:74:5a:e8:a7:bd:32:25:cb:e8:e4:6d:c7:be:25:c3:63:9c:
-        43:66:14:4a:0e:f7:ea:e1:83:a4:bf:5e:70:7b:a3:b7:12:c9:
-        36:fc:99:85:58:0e:66:d2:a0:41:6e:a8:07:2e:f7:45:36:fe:
-        71:3e:c4:7a:88:e2:0b:c2:c9:dd:30:81:b9:44:48:2a:1d:07:
-        5a:cc:e1:49:9a:04:a6:5b:c4:6c:2a:f0:3f:8f:3b:04:ea:5d:
-        ab:70
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBv
-bGljeTUgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFArnYhaoDk8vt7g/J8ijqV97RmunMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBABYVPkfNrrJLizDU7sQeKtWEvMqxK6nTN772EdEfYARB
-ct/K1Qt0WuinvTIly+jkbce+JcNjnENmFEoO9+rhg6S/XnB7o7cSyTb8mYVYDmbS
-oEFuqAcu90U2/nE+xHqI4gvCyd0wgblESCodB1rM4UmaBKZbxGwq8D+POwTqXatw
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy5 subsubsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3E:A9:30:66:2F:A7:B4:25:88:84:67:C9:AD:98:93:15:F8:96:CE:C5
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0a:d7:14:66:2d:1d:2e:49:9d:35:99:54:76:ee:50:80:e2:37:
-        c3:d5:6a:64:02:f2:b2:12:d6:97:8c:a5:75:e0:a9:9e:3b:46:
-        ca:ce:31:b9:53:fe:fb:99:15:9b:7b:35:68:5c:9a:60:a0:da:
-        a9:2d:d8:1e:b8:89:61:89:01:1b:e4:40:76:fa:b9:62:cf:fe:
-        87:6c:95:9e:da:19:db:4c:bd:3e:f1:25:57:3b:d3:ab:94:7b:
-        de:5a:ff:55:63:fe:49:ad:3b:45:92:c3:ba:49:79:45:89:3d:
-        70:75:a9:53:1f:95:d6:c2:11:46:43:76:41:c0:02:49:23:d0:
-        ef:bc
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBv
-bGljeTUgc3Vic3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFD6pMGYvp7QliIRnya2YkxX4ls7FMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAArXFGYtHS5JnTWZVHbuUIDiN8PVamQC8rIS1peM
-pXXgqZ47RsrOMblT/vuZFZt7NWhcmmCg2qkt2B64iWGJARvkQHb6uWLP/odslZ7a
-GdtMvT7xJVc706uUe95a/1Vj/kmtO0WSw7pJeUWJPXB1qVMfldbCEUZDdkHAAkkj
-0O+8
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest4.pem
deleted file mode 100644
index 96f230af53..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRequireExplicitPolicyTest4.pem
+++ /dev/null
@@ -1,262 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 CA
------BEGIN CERTIFICATE-----
-MIICjzCCAfigAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTAgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBQ
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNV
-BAMTHHJlcXVpcmVFeHBsaWNpdFBvbGljeTAgc3ViQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBALoSt6pV4IRQVJ5TV99GOGi3yhBt0wvylEs6VYZL0D677yoV
-AIY3CQWXG27SKUYB8SQ1XC+a1sO4M5Q25mdWLXIN+TUmlNJW4BzLGh6B63bGDSnK
-FG+aVvh8ZvHloIu61d5gw3FokPmBeS0NF6XVBsbJMiLn7TdWeSFqYYTw+awhAgMB
-AAGjfDB6MB8GA1UdIwQYMBaAFHdqs2T1sexRei1lhv8CGH4LSo4nMB0GA1UdDgQW
-BBQHH/BwA0diipbRgYmqAFSJ+JxtKTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
-DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-gYEADvf91AyVaeC72JRsi71sKWf3f71NGoRSjxBnKh8VS/G0fIQElDmHHe01TZ3W
-t2zRBZROqLoG10YCxSheQdd0gE0yoqTdcc9l3kr0ZMhgfM4mRPYNL6kma3azT78F
-OqMJAUrnjjMYruGcLm7MLp3Lq2/7NjAN5q3ffuSrtwUwLHY=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBLTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5MCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvEVs
-LML3To+EEs99KIoLdE98+LzQkf1wQzrLhuqlF6UH8BJvupeClmchb4TFyXh3mkhT
-/DsdlWlScKGl1KiqKyXIrb5x0AebEDEHylhNhUgn7O/zU7WyuGDE4SU0QNR2T/C0
-mOEbjV9WR06GcmbMCp1GUY7zmfThFrZP2Cfj2PMCAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUd2qzZPWx7FF6LWWG
-/wIYfgtKjicwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQAwDQYJKoZIhvcNAQEF
-BQADgYEAWoBbngBiHa90n2Kdb0iXazi7wmnvtPZxJ2xLA/Ubv9qPzFUwoUM/Ikm8
-6o8sI8TYNuCwwni3ZrQwCfagtNsOeUXp0O86mLIVH7jr9YS2nBtuZdXAnL3lZW5r
-VHXxf0Fnmk+Nx3Frxf7tJfZVGGLCJCabwObF9o6Bgya4GP0FL20=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subCA
------BEGIN CERTIFICATE-----
-MIIClTCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBs
-aWNpdFBvbGljeTAgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm
-BgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBvbGljeTAgc3Vic3ViQ0EwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAMJOPDBu3Iqmav4DjiTzIKi6FmFd6HGBsW+dDPbs
-l6jZbrkDavBUtuqC5RMVJKvOyWY7GYIsUdgoSOJ2YHl38HO6nXhq3OFO8v0r0kU3
-SRPPM7vpiPYf3eMZm5Z77GT5XuGNUPSkepAfxaN1IEAqFoePT7wsGa9Zg77WcLUd
-nEw3AgMBAAGjfDB6MB8GA1UdIwQYMBaAFAcf8HADR2KKltGBiaoAVIn4nG0pMB0G
-A1UdDgQWBBSwQkkzaPMCKs1UIV3mYuFwzqUjQDAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
-AQEFBQADgYEADXoLz5MBvHFKs5z47OgavmZKJQp+vIcDSOu4QUlIZgmIWcbcI7g9
-GKG0SIg5gXZhwoH3OXx3g5miGPzOi9iFtdkZXAZPX9JHsISpHfB9VcZYTfmW1T49
-ZrnCugvmdUnDLBitS9MKHkyU7zL/ACtlXB82SFbiCS1R8bEfU4Oozf4=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubsubCA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubCA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBs
-aWNpdFBvbGljeTAgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-KzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBvbGljeTAgc3Vic3Vic3ViQ0EwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANk012Iq+sazBXGTgqICIE0GnFvathib
-YlOHsK/Iop6+DNGleJoAH6bqvS2ZWtkkIKE7WU3nfDUjMVp3IJyr8WDesDKvSJyg
-zy3y0e+XuMv3QtyFXxESXxHmY62UaILPgE9XMgcyAhOnVU4mQe7ScJDAcUeLgjcZ
-fQdBnGGCT/LVAgMBAAGjfDB6MB8GA1UdIwQYMBaAFLBCSTNo8wIqzVQhXeZi4XDO
-pSNAMB0GA1UdDgQWBBRZ1+jibtd5cIJhiBzPFFLktwdJKjAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQEFBQADgYEArZnuuewqU0IgdJEU6osnzsuX6E6A4igNSK1ZYUKmhRvn
-eyfrU5kHavTwnM+h7SkVB73S2w+OqHUGin2xIu92RcWzN7NV+oLWldhnYtalSyh1
-KiuKC41mAZweQv1Mrz/+5lIQDOUOtV2JXOjaA+T/JR/qFLo0MoqC+mBxk/w5eDg=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid requireExplicitPolicy EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubsubCA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBs
-aWNpdFBvbGljeTAgc3Vic3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBkMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxOTA3BgNVBAMTMFZhbGlkIHJlcXVpcmVFeHBsaWNpdFBvbGljeSBFRSBDZXJ0
-aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvs6xd2Lv
-4717eCUDGaJKN9HVbjqiBoJd9K18OP5hoJ/iyWNR7u1l+p4xbQNdi8iU8UV1hBrD
-RI2jahY2p/rgx+REkxcyhWXFc0qP5hMqbjUD9IuMyhUrwtSut0la+L/lbKuag7Ry
-pWlMe0FQUjnGev5zpdXCY4U9y2a+7jYuOOsCAwEAAaNrMGkwHwYDVR0jBBgwFoAU
-Wdfo4m7XeXCCYYgczxRS5LcHSSowHQYDVR0OBBYEFEEjHrhpuHHNWtHozi2HzhxK
-KgmLMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJ
-KoZIhvcNAQEFBQADgYEAVpfKjsWKyLdcOfar1+Ejc9eyGUzMXt7F1xXSqdnls/Z7
-RuG7jkY1lvUm1vHhVb2yP/OdC+rwwmx4cjxUAm0dNrE82qZNiRqgaaVO3llJD9zt
-AD5gAi0nJqUdJ7H1b3X6Jt9VGTNlc+0ZAEHnaSID1Ym2pa1433XgPPi1/YflkwE=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:77:6A:B3:64:F5:B1:EC:51:7A:2D:65:86:FF:02:18:7E:0B:4A:8E:27
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9d:78:0f:04:94:97:f9:ad:b6:17:8e:65:dd:6d:ec:65:bb:73:
-        37:9a:1d:66:51:d7:97:b6:31:fb:62:a4:4a:21:3b:20:97:7a:
-        4d:aa:ce:d2:95:f7:36:65:77:51:e8:d5:81:0a:b7:62:af:76:
-        38:b7:77:72:2c:90:0b:8a:7c:31:58:cf:c6:1d:da:24:65:ef:
-        06:7e:d7:21:96:a1:f2:62:dc:5d:fa:10:37:01:99:7b:14:34:
-        a8:cd:47:a4:cb:5e:ff:0e:b4:58:69:1f:70:f7:3b:2e:7c:77:
-        b4:33:82:7d:18:54:da:f3:5d:dc:5f:a1:1a:96:f6:d9:0b:ca:
-        9b:a0
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTAgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFHdqs2T1sexRei1lhv8CGH4LSo4nMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAJ14DwSUl/mttheOZd1t7GW7czeaHWZR15e2MftipEohOyCXek2q
-ztKV9zZld1Ho1YEKt2Kvdji3d3IskAuKfDFYz8Yd2iRl7wZ+1yGWofJi3F36EDcB
-mXsUNKjNR6TLXv8OtFhpH3D3Oy58d7Qzgn0YVNrzXdxfoRqW9tkLypug
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy0 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:07:1F:F0:70:03:47:62:8A:96:D1:81:89:AA:00:54:89:F8:9C:6D:29
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        7d:a5:df:f8:70:c7:9c:d9:f2:4e:c9:42:63:48:cc:17:87:29:
-        fb:99:c0:2a:11:8b:ce:ce:45:31:58:41:32:1c:39:ff:53:bc:
-        dc:24:df:9a:b5:10:83:8b:a3:aa:cd:3a:23:92:a7:8d:c3:56:
-        83:19:c1:ed:d8:ad:c0:56:79:fd:c0:6b:bd:e9:bb:56:e6:18:
-        1d:02:28:91:77:90:15:f2:44:51:61:81:ea:1f:92:a6:89:84:
-        cf:36:c9:e4:f2:6e:a8:01:11:82:96:fa:94:1b:fc:d7:e6:8b:
-        c0:8f:bd:87:30:8c:84:eb:84:3a:e5:21:42:d1:60:82:08:82:
-        45:2b
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHHJlcXVpcmVFeHBsaWNpdFBv
-bGljeTAgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFAcf8HADR2KKltGBiaoAVIn4nG0pMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAH2l3/hwx5zZ8k7JQmNIzBeHKfuZwCoRi87ORTFYQTIcOf9T
-vNwk35q1EIOLo6rNOiOSp43DVoMZwe3YrcBWef3Aa73pu1bmGB0CKJF3kBXyRFFh
-geofkqaJhM82yeTybqgBEYKW+pQb/Nfmi8CPvYcwjITrhDrlIULRYIIIgkUr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B0:42:49:33:68:F3:02:2A:CD:54:21:5D:E6:62:E1:70:CE:A5:23:40
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        95:8d:6b:ad:bc:a7:38:7a:12:70:e4:e6:bf:06:91:0f:ac:72:
-        f0:da:aa:50:e1:51:a1:8c:d2:d2:00:73:2a:6f:54:04:77:ee:
-        83:aa:c1:d4:32:cd:70:ca:5c:98:62:3f:a1:6c:4a:af:53:8b:
-        f9:0d:7c:50:17:90:f3:e3:93:4d:c1:3f:2b:59:f0:12:3a:d9:
-        25:5b:15:3b:71:14:bc:29:b0:2f:b7:93:c6:93:b0:c1:fa:88:
-        c8:2d:ca:fd:03:c1:ec:dd:0b:95:af:8c:d5:7a:0f:41:48:ea:
-        03:07:6f:57:2e:b3:b8:c6:3e:54:a7:9c:57:4f:27:f4:c3:9c:
-        25:5d
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH3JlcXVpcmVFeHBsaWNpdFBv
-bGljeTAgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFLBCSTNo8wIqzVQhXeZi4XDOpSNAMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBAJWNa628pzh6EnDk5r8GkQ+scvDaqlDhUaGM0tIAcypv
-VAR37oOqwdQyzXDKXJhiP6FsSq9Ti/kNfFAXkPPjk03BPytZ8BI62SVbFTtxFLwp
-sC+3k8aTsMH6iMgtyv0DwezdC5WvjNV6D0FI6gMHb1cus7jGPlSnnFdPJ/TDnCVd
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy0 subsubsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:59:D7:E8:E2:6E:D7:79:70:82:61:88:1C:CF:14:52:E4:B7:07:49:2A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        b0:23:c2:ec:e2:e9:c0:87:e9:75:d3:ee:a4:c5:3b:9c:27:c4:
-        ab:b2:67:74:79:f8:5b:cd:4b:20:0b:ee:19:32:8e:8b:d2:e7:
-        67:5f:da:83:a7:31:09:08:0f:b8:64:2a:08:96:1c:78:db:13:
-        af:77:26:0f:01:3a:e1:98:d7:41:b9:e5:86:9c:b1:36:a8:92:
-        bf:6f:cf:62:13:33:3e:1e:79:02:e5:a6:8f:11:69:fb:1e:86:
-        b9:12:18:67:cf:6e:c6:1e:d8:bb:2f:a0:86:dd:66:c8:0b:71:
-        a5:68:fb:91:9e:f5:ca:58:80:7e:27:18:e0:4e:3a:34:45:23:
-        cc:c1
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTInJlcXVpcmVFeHBsaWNpdFBv
-bGljeTAgc3Vic3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFFnX6OJu13lwgmGIHM8UUuS3B0kqMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBALAjwuzi6cCH6XXT7qTFO5wnxKuyZ3R5+FvNSyAL
-7hkyjovS52df2oOnMQkID7hkKgiWHHjbE693Jg8BOuGY10G55YacsTaokr9vz2IT
-Mz4eeQLlpo8RafsehrkSGGfPbsYe2LsvoIbdZsgLcaVo+5Ge9cpYgH4nGOBOOjRF
-I8zB
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10.pem
deleted file mode 100644
index 0f10912926..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Rollover from PrintableString to UTF8String CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClDCCAf2gAwIBAgIBYzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGIxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE3MDUGA1UEAxMuUm9sbG92ZXIg
-ZnJvbSBQcmludGFibGVTdHJpbmcgdG8gVVRGOFN0cmluZyBDQTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAoNL+uym7FlmTUpQwimiPNXt8IR0+KjdAFbDkTqLk
-zxHkpKBqAjTWzEPRqnhsBmjPfLrS8omVrcKIOBgIbOCoRU098SYWt4/2WRbHhAKF
-kauf7d7NsN4WEDXJmlqiZrJLHDihW686RcpL7luSLrlXVXT1h2dWI08VpDUNrz6P
-L/cCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYD
-VR0OBBYEFDeXpBvbNFU1D8m0TcZ+SxfopIk8MA4GA1UdDwEB/wQEAwIBBjAXBgNV
-HSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
-AQUFAAOBgQDFX488L1PqURnQTZU0RgicEAHXUj3SLP3buSF/vMC1KHZd9JPnmf2e
-y1OGQ0S+B4lNX9VJEnS5f8w5bU0kcpGYQTPuFrTZvNZtN/4ZIZTLauFkEjM8sa13
-0CNwd0zMj/Dl1nQ2z8/wHLnfClEFmJHTZZ39W0jD/Lfg2hQvn43Tcg==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Rollover PrintableString to UTF8String EE Cert Test10
-issuer=/C=US/O=Test Certificates/CN=Rollover from PrintableString to UTF8String CA
------BEGIN CERTIFICATE-----
-MIICsjCCAhugAwIBAgIBATANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzEa
-MBgGA1UECgwRVGVzdCBDZXJ0aWZpY2F0ZXMxNzA1BgNVBAMMLlJvbGxvdmVyIGZy
-b20gUHJpbnRhYmxlU3RyaW5nIHRvIFVURjhTdHJpbmcgQ0EwHhcNMDEwNDE5MTQ1
-NzIwWhcNMTEwNDE5MTQ1NzIwWjBvMQswCQYDVQQGEwJVUzEaMBgGA1UECgwRVGVz
-dCBDZXJ0aWZpY2F0ZXMxRDBCBgNVBAMMO1ZhbGlkIFJvbGxvdmVyIFByaW50YWJs
-ZVN0cmluZyB0byBVVEY4U3RyaW5nIEVFIENlcnQgVGVzdDEwMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDDncK1nAho7wt1siRGXkw0eRAeI3uztOfqSwGhT1ih
-XbW47ek9MiPqCRlX1RKOXve8quD7MM0ibzWjiroSxsaeM7gW91nwOZn8V+UfqmJF
-CikNAA17A/y9Nk+IVx8b2VB+Kjixg9HW2ZbqJiSq4Ci9Dkz2mH9sgjI0On0OSLDq
-2wIDAQABo2swaTAfBgNVHSMEGDAWgBQ3l6Qb2zRVNQ/JtE3GfksX6KSJPDAdBgNV
-HQ4EFgQUdLZDDyDir0HSFv0sejwUl8S6IxwwDgYDVR0PAQH/BAQDAgTwMBcGA1Ud
-IAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQAcxCi0hkgCRB1w
-uurTKVDyZTQ5ttLsggNpE6uqL+mGyAk/uYcGTxNM1Wx38DDqb+yJnF6CkLRwBk2c
-mEtKFVYwX3s/h+RPe+MO4WBurdVGfxpE3df2wvyYS7WOnd7iRhRirmm8LMoGPLoY
-w40WU1JjVs4Mg8vHt4OpmiFXlrv7nQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Rollover from PrintableString to UTF8String CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:37:97:A4:1B:DB:34:55:35:0F:C9:B4:4D:C6:7E:4B:17:E8:A4:89:3C
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        2a:72:92:90:cd:32:d0:c4:99:63:47:0a:9b:95:28:27:8e:04:
-        1e:49:38:bc:54:a7:da:f7:2b:58:34:d8:bc:ad:3e:a4:fa:0f:
-        85:84:fb:49:95:3f:7f:a0:c3:fb:94:07:2a:a9:66:44:e1:10:
-        04:55:4f:dd:ba:6c:bd:f8:f9:be:0c:de:28:54:fd:cd:f4:50:
-        ac:4c:9e:01:e6:92:bf:11:cd:b6:69:5d:10:f3:3d:25:f9:1e:
-        7f:2d:d4:04:5e:4e:9e:b4:f2:10:94:1f:30:0d:27:4d:2f:6d:
-        41:4e:31:ae:20:2a:d8:90:34:32:92:d6:1c:b1:21:99:57:2e:
-        63:04
------BEGIN X509 CRL-----
-MIIBWzCBxQIBATANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzEaMBgGA1UE
-CgwRVGVzdCBDZXJ0aWZpY2F0ZXMxNzA1BgNVBAMMLlJvbGxvdmVyIGZyb20gUHJp
-bnRhYmxlU3RyaW5nIHRvIFVURjhTdHJpbmcgQ0EXDTAxMDQxOTE0NTcyMFoXDTEx
-MDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFDeXpBvbNFU1D8m0TcZ+SxfopIk8
-MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBACpykpDNMtDEmWNHCpuVKCeO
-BB5JOLxUp9r3K1g02LytPqT6D4WE+0mVP3+gw/uUByqpZkThEARVT926bL34+b4M
-3ihU/c30UKxMngHmkr8RzbZpXRDzPSX5Hn8t1AReTp608hCUHzANJ00vbUFOMa4g
-KtiQNDKS1hyxIZlXLmME
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.pem
new file mode 100644
index 0000000000..6baf543712
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 22 94 87 7E BF F6 18 F9 43 13 D1 CF 41 52 7B 3A 8F E5 AF 8E 
+    friendlyName: Valid Rollover from PrintableString to UTF8String Test10 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Rollover PrintableString to UTF8String EE Cert Test10
+issuer=/C=US/O=Test Certificates 2011/CN=Rollover from PrintableString to UTF8String CA
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJVUzEf
+MB0GA1UECgwWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE3MDUGA1UEAwwuUm9sbG92
+ZXIgZnJvbSBQcmludGFibGVTdHJpbmcgdG8gVVRGOFN0cmluZyBDQTAeFw0xMDAx
+MDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMHQxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+DBZUZXN0IENlcnRpZmljYXRlcyAyMDExMUQwQgYDVQQDDDtWYWxpZCBSb2xsb3Zl
+ciBQcmludGFibGVTdHJpbmcgdG8gVVRGOFN0cmluZyBFRSBDZXJ0IFRlc3QxMDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANP+zCkHFztNGKS2jaNu7j8g
+O86LJI1CRdWLEfDjiqoCvEr7LrXRQsQGW79/GqtxZN1fu9yt6eaUBvusLU25JLX2
+johJWagbI4YJdao06kQWtzxk0JRIo8uOjEhAB5cnykYAlGAaRPm5BvMSGlLuMcYw
+80TpK0MtBIoHIa0yqU2+/CWwwFsGf3OKQQGjxpYx3rqL6cC69ybFfREYm6eaC2Rj
+H3bpKBEN1P544WU1ZKsaO3bZXXXa5+ehX+eSalHdOh3KMJxRej+D4xgsi+E9oO8w
+4Rixi9Hb90oZwiO3i2zdgFCd/iwVxk9pUjVAKebqBI4Dv8wsIpF4Rq+/qd7LJxEC
+AwEAAaNrMGkwHwYDVR0jBBgwFoAUtW1PKD/Hu7GYpKml0KhbXkp0s+cwHQYDVR0O
+BBYEFCTnhF1EvGRoOoQ2I1s2vDsOw+E/MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAE
+EDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBADB62jvyJnKCkLza
+PWHwcjg5rGeRYTcD/XvxR3C9e7taMrg8JDied+IzbkItPOq80bqB+mScXHlWSk9B
+mz7fg/Af1Ip6ryhw/fISLxnvHXNWaM7hJcyGJjH1uCAmgm91EDfn7KKJXqi4CkH8
+cBJATJuohy+iUUlOru0ZoeiQGLWO0nkmw+GeIZiztXaKXKmoV+RGfLIAFEwuS33s
+GmrHob2DjHBIgAa9CcP03DOTtW0k/JH62NupGQDciY/dBj75I7eX6tjMGQn0h1vf
+up27UzRHUjBMh8NYpmnvK24LRYQMQC3TaUbaz6gsD9cNYMFiFBXa35AcDjr/Zanf
+H8YRcS0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 22 94 87 7E BF F6 18 F9 43 13 D1 CF 41 52 7B 3A 8F E5 AF 8E 
+    friendlyName: Valid Rollover from PrintableString to UTF8String Test10 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,42F368462FD41A6E
+
+J6jl0z2Xi+k0qZhkOOe3pRwWRHtAwleFoK62+A33cMjUCoUdkMgp93wUJhbUHQ6r
+zJQnl45FJIM9liljaTOeFKbcQgZx6w9ROFeqsBbEjZfOmEV30PNA0ozdK4ojfepP
+PJb9TUCCGOTOaLIovgGf7+tjqK3HR9ofvPtqMfLHnFsGMyNnWhD3+DwK0OT02gnJ
+U7tkc0xxMVJEJpLImZIHf96lI9152SxNBZjDXZeA9439DKDCifE4aSy/hiNdB1qP
+2mXAZFAl5fkLVvm0VQqpPJRzhHRmMnFjp7ACzg+rl90yZEVhW0PXpc6sRC1lKNJz
+YKWJoWmhpNJmdp6ZEhf0FkrMIo/FhGB7ZBmi/45DRV+LxsuemqtW8iKRZL9uKKAb
+9OGdLp9lzLLP5YUwklerFvtCDRDG5VpwzlDKBl+3cn7f4zXGCsVinddDuJDcx7Zk
+KOdKJ84eguNBe0Kyv3cjQEJOLVe0L1XCD+468AlR46Skb1C//gzyHFOYQMUHWB6X
+8S7dHKc9eFvgiN2EAhWwts+7g58qH+FAqgJ+mUs/ewjfIODD0fLhlNDPMyLRlKcI
+8Jl+vVezS5li/83cdNN9irnlX9Bg6CQ2SCK1ajQSfZSWRukp0y2vgFKIDlh5Ipam
+b70eqlO3qEmUbvjV9n50O4h2rex5c3194ci07A87P1jq9KiUztKaa+zorohlkJN7
+0S4YTKmb7bmiO0JeaR5XpAMPu13l1VokOXNeUNVb+5kFD+gEsGkTrwlQP3e0+hpg
+KTTzkgahhRJ4JVq5KuF7MrsEr444nFneO+TqJSY8+h/nDFU+etIuBv5B09msKxbv
+UvnvLR5gKNbMMpICsOk53Z/Bx/q/n+C/qglKQgEYKDfbYaGrg5jC3rmIzWopi7un
+LFwmppV8rgM6tWBjwTL1AmEE6LeLDVGd+pdQutq0wSjw5LMeK2YQXRZYpDFBBvhP
+DpOoSX9YFDLP+DzuIhQir3kBFFMixTpTTp4r14slmwejLk8aRoSohX3F8PxbctEJ
+qaBa8fNBGJVcYRSKzkskimbWA7Y26H0Qdfj8DXYfKRnyXsV1HBIhUqDb1Lp+q5Xn
+TaJ5ZVhTh4CME3tdgAev9LkguC+ddsP4ZEe8FXWtBIa9EbUhzqJVvbL9yXC584XQ
+BRx0SwB5SaGogL/6XJJhdBpinoT1zjwZPd0dqRQc7fC22zpJ4vkQL2KvqNkpBrWG
+rMAOKwkCPphOYItWHNx4nyr0JCrxMzrbEkWSE8aMOpkW2w+xq7iVRcwSPcltYxPs
+pfmJE16qlRjzFCsnrgdP1pJ7gqfjtgaOeV1Bwo7iD1gLKqutHx8oxzAo0NZ7ZAxt
+FmAKN4e3sk85jmOmRrfslsgX2hs4goL3VmviqVHBgPWGsiWqHu/a6Wi1x/owtmS7
+sFkb05Z7ZYtd6G6IsSENo3fTsT+m/uM2Cozj+4SBHVmTW2XUfJMrEVmQ3Ttjq09L
++a5W869ClGXL7Q+OuHmILFfhy6SIlLq1zJo5897bviyp3WvIdGdHcGBgTxFDwNnn
+aQu3o5RtAnJ9OCQp51E4RRwy6vp/HYj+ye9G33zF2efEvn5bpa/u7w==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedDNnameConstraintsTest19.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedDNnameConstraintsTest19.pem
deleted file mode 100644
index 32e7d402c4..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedDNnameConstraintsTest19.pem
+++ /dev/null
@@ -1,130 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIIChjCCAe+gAwIBAgIBBzANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBKMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMT
-Fm5hbWVDb25zdHJhaW50cyBETjEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAMqEGhcWtsw26V0XQSph1+hgHUlNVe4yFus4l56oS+MKdra/qys502m3Is9s
-KPNUyWAzPUBCaj37+cC/lnojJTpZw0lyfOSeqDAfbcDMzp39U2ujHbqQ41fGTeIJ
-haOs4hUUIapsmLZ/1iETEyHFfB9ib5oSCPAMvRtDEvNwITDvAgMBAAGjfDB6MB8G
-A1UdIwQYMBaAFE4uo+fZ3YungjtBSsOefFkjV05TMB0GA1UdDgQWBBS3rAnyZ9I5
-cWLbrRE1M5H8lPPz2jAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEALE7Y6U98
-nXWJYm65/DslSMoEgBrKSB8w4Z2y+sE41dhd99EFWOwUV3UFoVk+IPgmvwpdpXcf
-n1CZdWh9MvR7lZ4cBiSRoWLz8D5okZPX1HyarXNSQwJjZv91zs3/xi78DUrOfW5f
-nE5txAvRjHP7PrMcb/gatjC2p9oKDpW6+ro=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=permittedSubtree1/CN=Valid DN nameConstraints EE Certificate Test19
-issuer=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
------BEGIN CERTIFICATE-----
-MIICqTCCAhKgAwIBAgIBCDANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJh
-aW50cyBETjEgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjB+MQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGjAYBgNVBAsT
-EXBlcm1pdHRlZFN1YnRyZWUxMTcwNQYDVQQDEy5WYWxpZCBETiBuYW1lQ29uc3Ry
-YWludHMgRUUgQ2VydGlmaWNhdGUgVGVzdDE5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCtryyDuHNmy8nLnEcuJZ6bwOq0A+ka/Kj0Um0Xgd1sop3boX4Rjv1q
-EpvwNZoizR25z5Cw2J3wfdrtm/CtazuoF+2O9M5/g7STTtPUDAhwiR2uRWnRKpUc
-SEQaxHFmfdaPAJI14E5BhrlRRHxHu6kNuENcF5lwuGUcxuL68jhsbQIDAQABo2sw
-aTAfBgNVHSMEGDAWgBS3rAnyZ9I5cWLbrRE1M5H8lPPz2jAdBgNVHQ4EFgQU0BJ9
-iRt74wy57LStnAe8vRiy+8wwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQBX2LLxEBd+in5MEzdLeQNWFBzY
-B9CJ1quGFFe2AfYozACv7MzAiHJj1rU0ik2bjYw3r8mUIOEBuYyi+5syyK97cV8z
-e2FFWRCkUkcOWt2b7AizbFVt0M9IEFnhTsM2nVCeSD+f3wO1IYBzINkqwMqmnejZ
-zThT0HTy6hrX/maRAQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIC2TCCAkKgAwIBAgIBPjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWbmFtZUNvbnN0
-cmFpbnRzIEROMSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnL2vzTK+
-WcGR2rmlezdUTUQkfIvzcTWRIVW2x+BxQPrPfoLqmpYZar4sY8ND0l3pQWcIFsGY
-AYmm2vHULqUxZMW9R/dM3wqstOXd2JJVxvw/v4ajYB5lPNcrv8LyxxjVU2daqlYX
-BCfL9/O6417oYys1UKNtEp6n6HV/ZbEJG70CAwEAAaOB2DCB1TAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUTi6j59ndi6eCO0FKw558
-WSNXTlMwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
-BgNVHRMBAf8EBTADAQH/MFkGA1UdHgEB/wRPME2gSzBJpEcwRTELMAkGA1UEBhMC
-VVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRowGAYDVQQLExFwZXJtaXR0
-ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQUFAAOBgQC9ypqhZWCmrISRla+Nxp/vshOs
-UQcyF9Se7PBrkAfl37dg70aSgX0/6Xef8i5v3MRCar6lM8x+coBMHK41VUG9g6VW
-2DAoCG3ajBCj48vN0Gd4dUwvsGAmmVuIwH0R/+2IBMp00341fpjIjUrMpxcxDFwe
-Ve3YFugTb2fMnETR7A==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints DN1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:4E:2E:A3:E7:D9:DD:8B:A7:82:3B:41:4A:C3:9E:7C:59:23:57:4E:53
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        99:8a:59:ed:d0:76:00:b5:5b:70:91:75:a0:4d:60:16:df:72:
-        71:89:61:43:5b:d4:65:f6:8d:0b:25:39:17:86:6d:1d:c4:cc:
-        19:3c:20:21:71:5f:a3:5f:d4:52:e6:d1:c4:cb:39:92:65:80:
-        74:46:a9:5c:7c:7c:c2:4c:1f:8d:fb:aa:bd:4a:de:6a:3b:0a:
-        29:ba:9c:70:13:84:fd:c7:aa:d3:03:99:f0:93:3a:cf:cb:e2:
-        39:e9:e3:1b:ff:10:07:a3:51:5c:ff:dd:da:a9:29:05:12:3a:
-        f0:10:a1:d8:9c:5e:ec:0f:c3:02:cd:f9:ab:b2:d0:36:32:0e:
-        e8:eb
------BEGIN X509 CRL-----
-MIIBQzCBrQIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm5hbWVDb25zdHJhaW50cyBE
-TjEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQY
-MBaAFE4uo+fZ3YungjtBSsOefFkjV05TMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAJmKWe3QdgC1W3CRdaBNYBbfcnGJYUNb1GX2jQslOReGbR3EzBk8ICFx
-X6Nf1FLm0cTLOZJlgHRGqVx8fMJMH437qr1K3mo7Cim6nHAThP3HqtMDmfCTOs/L
-4jnp4xv/EAejUVz/3dqpKQUSOvAQodicXuwPwwLN+auy0DYyDujr
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7.pem
deleted file mode 100644
index 4b8f08b93b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7.pem
+++ /dev/null
@@ -1,178 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgDCCAemgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp
-bmhpYml0QW55UG9saWN5MSBzdWJDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAOJaxR70a7a1EjJOHlf9fG9BEsSto4MGr1bnQLMud29/o1aka1mDrcT4ehXL
-RT2j2lOFHI+7Cv5UrjI2iI/CWsH+z+PM+sB19pJmrqshzC5FwfeHDzFTUsn8D+5R
-WJAx3NZbB++nDKkIIPql/K61Z8VyKD+3k7nNSHvXV+dKCWd3AgMBAAGjdjB0MB8G
-A1UdIwQYMBaAFKeFECzgAW7nVCNqd6KPFwSv++MSMB0GA1UdDgQWBBSryEEAJtDV
-TOYrVmfs74LEwt3yVTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAcBSBfFavoevmu4Jr
-Fzz3LyHSA3rWhajms8ZL6AtVPDfyQaJsZizVZqKYejWLXv3jNCri/c5BBB2XTXdD
-zAQfwr2W2FfXMkNDUWt95C0NOF7NK5Z2XbmFMGaqn8y/rsYv+Zj7zl98yp0efRKw
-JEDyqFgkV/+0sLFjQvvcCdY9ucM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR0wGwYDVQQDExRp
-bmhpYml0QW55UG9saWN5MSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vcxz0dHrlH/i+DaS78z2Y0O98xlH0yo64kCvWxGo//3ZvMZl+wyQwcAOqDnIH20X
-Fi+G9BhwuyzlaqMenvEQFImtvvDspxYtq/xqmTHET1+9rkF0f8Ex8uV9VgGGMJFB
-Kjax2S+jexoGNro4EeLopi6cOXBgeqwkzcpdi0C3ugECAwEAAaN8MHowHwYDVR0j
-BBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFKeFECzgAW7nVCNq
-d6KPFwSv++MSMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGuWkVLrBfOy6K
-Y46FaTMnWYkjBWyjC9mgPrq97h90tejc8Z+5Q7u+WD+f//iSoC19Uy65lnk10g56
-UqaqA7zZQ25N28un3YqnKwS1pWrtUGNiAi3vYPUkmwq+6PJvWAcVl56td6OmQOIO
-hDwXMBUcDUYTCVAMRY5fiMx7ARRmeQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Self-Issued inhibitAnyPolicy EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
------BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGsx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFAMD4GA1UE
-AxM3VmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0aWZp
-Y2F0ZSBUZXN0NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6DBDhDh8Fq9l
-WtOenCnLV5XS52CTXaNqy6/fxR6xw6bm0s2p2D0Br1TeO6qn9oxXMMohGo1XU/wk
-hUbde93GnnMNVlPZqTvaGvcq5OjaE9Y7r/QE+P/dSV/mXJsmIbwbba/n4KqgF6yj
-XfJ5QXz2jEVWKIAESIUdsz8i73joVw8CAwEAAaNrMGkwHwYDVR0jBBgwFoAUq8hB
-ACbQ1UzmK1Zn7O+CxMLd8lUwHQYDVR0OBBYEFOlqW20Og/KffGodN27T80jZjAQu
-MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZI
-hvcNAQEFBQADgYEAaRukvyRgU3wxzMNx2864sByNAhV3ujEGeCMnBn3DLfeM5ioo
-PXYjuq2PEs6I+o55xSX1cGwCtcZHay0MGiz292T5DUrhDJoN8nhJ+yNjzsjB2kpv
-zJrDwMEv5liNVCtbsVNMDCBsje+ukkmbmVVVzpRlnmVmwrWsX58V/pX4crU=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AB:C8:41:00:26:D0:D5:4C:E6:2B:56:67:EC:EF:82:C4:C2:DD:F2:55
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        85:eb:03:68:bb:91:5d:9a:09:2a:f7:5c:73:90:8d:e8:4b:23:
-        92:c3:d6:b3:8b:81:ba:d2:b9:dc:a1:e4:48:29:a8:98:cf:59:
-        db:2b:1e:de:1a:ce:db:cd:5a:dd:de:f5:f3:91:13:9c:1e:a6:
-        c8:4c:d1:ee:24:10:7c:95:df:a0:ed:4d:f9:a5:16:43:89:af:
-        18:f6:1c:24:b0:70:9c:62:86:07:f8:0c:e1:61:d6:99:ed:7b:
-        88:58:9f:79:d6:3a:1e:ba:aa:52:97:13:5e:00:7d:00:ce:9a:
-        d2:34:9f:0d:bc:18:09:f8:10:2d:c5:d2:8f:d7:eb:a9:59:25:
-        45:1c
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx
-IHN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUq8hBACbQ1UzmK1Zn7O+CxMLd8lUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAhesDaLuRXZoJKvdcc5CN6EsjksPWs4uButK53KHkSCmomM9Z2yse
-3hrO281a3d7185ETnB6myEzR7iQQfJXfoO1N+aUWQ4mvGPYcJLBwnGKGB/gM4WHW
-me17iFifedY6HrqqUpcTXgB9AM6a0jSfDbwYCfgQLcXSj9frqVklRRw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7EE.pem
new file mode 100644
index 0000000000..1a0b274eb0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D1 24 53 94 24 5B D0 43 A2 2E 0B AD E0 FA 9C C4 A9 60 7E 0E 
+    friendlyName: Valid Self-Issued inhibitAnyPolicy Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Self-Issued inhibitAnyPolicy EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowcDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExQDA+BgNVBAMTN1ZhbGlkIFNlbGYtSXNzdWVkIGluaGliaXRBbnlQb2xpY3kg
+RUUgQ2VydGlmaWNhdGUgVGVzdDcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDZ9LivETDywp+a/tfvaf8DhVHn9pKQKbNwVl8fS/Dnb9gyV5pPIalWgCr8
+GoG0PFzmXvqA5eqdyEKzVNIJJyfF1ndYOaS+xs7DHBe4bszm56a+VXus9FdMOTSN
+4h4L+D6C0hG6+ock4Y+TmXhPl+RKa2/S/NSLrXjk1pGOjLgoUVey7USRLSr0IP6R
++6E0Bto5TBPayBPUMRBUnhmmjg45nxAyHYxSsz/K9fhgpYFRfKeRafgV6Ndz83oZ
+KJx/OywOV4e77PD1l9Cgzuc1s5OyWmb1tb440r+o9+FzF0eedHGD66qHmXpyCHJy
+77ojQsHrMacGyDGXF8+QeEox1iqFAgMBAAGjazBpMB8GA1UdIwQYMBaAFIwF3N9+
+ZNtivttLUWSMambYXKOjMB0GA1UdDgQWBBTZpaDF6bfRzvZDEtdOEJNc81hQATAO
+BgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3
+DQEBCwUAA4IBAQAjl8+QP5Vo71I9RQDbigx5XlS6Anj0GJ/bVK/WQmZrfHs9JdHu
+FKt7x5LL9AZQ/h7mVmSd8nM2z9KUpK3INlaKV7kJSOvskw3D48KNkD673fJfMkWK
+rcznmtUVKMnkGqDKHBPfGSbXN2XEi2DsLY06Labo1mBEVigtLMxFGJ8OBIMuEtdK
+MlhTISGom3Vs6WjeOcuFwz25vv0AWAJFdv31sFXDcxVvK/vvKkVyAlLJuh0fxw58
+6avoUbtAFZW4gstzibCz+2aYvGoQSp4YatviYArYHYU0qQgYBXk4gF2UZCCJLrmz
+WHhLJIfV/K5UFty8b1PuX2PONdktVBWymOhG
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D1 24 53 94 24 5B D0 43 A2 2E 0B AD E0 FA 9C C4 A9 60 7E 0E 
+    friendlyName: Valid Self-Issued inhibitAnyPolicy Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EE86A044B76E661E
+
+PpQ0NzmkhhL7/s+PhSeiuTrZ00n1/Iqx/QU7W/mtKPiRvjq4MIWkemvB0eQWJt1O
+i/stTCta6axqIvM2Zidg7yLIC9ciT9hGf/adFuH9/o0NoartUQCBxfaHNIRo9GXa
+xjRE6W7RTqWCZbuTyqgZFiIehk7Gjm0lzvr0MBk9CN3lPKnfg5GId8W5b6yLWwcl
+10GsXFezVCVF1yQJN9n18/HwcUZYwqyMISGc8o9LIRGMJn5EU6Kii3YsuUwJnvOu
+1Bpp9L78/tmq8cXTwjT0p6dj6CshTacsjqeMgz6sYZgeAzC/Euf+O3mTv45Ah5Ti
+rD1MgvNfuRFazOKbEWyXqzGcEBnmLWI9hQa7yu3BFcYQFDYNgasiizIvMRQTfwjP
+eeG0r735DZzXf+otb80JIvTyZE77qjua6dGbrtaWON1BhV55O23flLXDTf2ov209
+j5X3G9ukMg1UopzLlxoGkevR8EBXwsNa0AT2BiC5oGdtFYDDL7EfbTkDcQIEx/Sh
+veI9CmC24OLPCsUQUJCmqiUiUx4OOubjFIYqXa0NmcwUnO16i1ry3aTa4aA0lS8F
+6zFbuXqFeSHgV4EeLzqu1eZdenl4/TlNzWl6ZGRfQUzyKVoMUUTfhmskTstLBDlK
+UJ7E/BhZ0Up1tbWfjzWjToVXluOg7Aiy5QVR1k6kl5HKkGxq1zB314loPVMjJspz
+cYYbazKOmhNLuSd2Fzg2Q1jRQGFwYtnym1Sjqr0qJ2reQrmEwsdw3kICt4uHrizX
+FKkUTrTT9+65AlVr4YvIGIf6YMC1zW7hrl8Yao0Os4np46hWZLAaCU/RxyZXtsG4
+/YGVUxT2hODR5zTDELQrWCZegx1d3BJveRWldDlU9QWJWbq+X3AzrK+ggjeoiXEp
+/ZY2hLCechvQVCSByt+8TPvge/2A7YHE0MpB9I0M72QAIGy9vAC6BrdzYkKGkR+q
+ypza4n/gS04YnMcLaa8nOo1mdXpEbPT0mCezhQek/eP6Jqzh4WX1ps8uMEk7b1tK
+NDocSlfMOLqarQaKtiwzwoDCdRSlI9/xgu2vMo58DdfV0mzZrIOmY0F0ysZ03SXB
+qRru66RpHXBB0pPkSwfHyVqBdMw7vN8+yXw4ZBXlUIHMAzmLkNMtwdNurdASPmRp
+SwDk9aVT14IryGSevPfZtnrrVMy702CwtxsBJaDfC6KPEsKpJA3qp87WEkQ12Q2s
+xhDNAr9G+v7Q1TIx0EWb8JQfplHdRIlpr54dpLYDNSm1kjCeGEP71CvqLUY69cFA
+aN2QU7+/bEbJOxMB/wG11UvPhRBw4tfH6eV4axLxO2zcVdPct7wlaTQCiUSwKFU9
+rWj4yTugF8zNfs4MVprNHtjF0dA7TEAkcq+6xMKB7elKvxyFt4FN8Ma71+HcPWjb
+pXuwQkbDbiaPuTprbA3UWs7QySRH4D9pjbVHdcSK+GTpVE4mP1lXY06dOvP6c9P+
+qitoYGCUZLVXXuqTzo7v697aV20+lz37na4bI5DcpJ5FsOWQQwIOruHVY/QJSN/Y
+YAF2a0Og5si5SWvjNQnbxr5gqEfNaiLPGnwbM05s6HPdT5crB655cA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9.pem
deleted file mode 100644
index 2ac5275855..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9.pem
+++ /dev/null
@@ -1,197 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgDCCAemgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp
-bmhpYml0QW55UG9saWN5MSBzdWJDQTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAOJaxR70a7a1EjJOHlf9fG9BEsSto4MGr1bnQLMud29/o1aka1mDrcT4ehXL
-RT2j2lOFHI+7Cv5UrjI2iI/CWsH+z+PM+sB19pJmrqshzC5FwfeHDzFTUsn8D+5R
-WJAx3NZbB++nDKkIIPql/K61Z8VyKD+3k7nNSHvXV+dKCWd3AgMBAAGjdjB0MB8G
-A1UdIwQYMBaAFKeFECzgAW7nVCNqd6KPFwSv++MSMB0GA1UdDgQWBBSryEEAJtDV
-TOYrVmfs74LEwt3yVTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAcBSBfFavoevmu4Jr
-Fzz3LyHSA3rWhajms8ZL6AtVPDfyQaJsZizVZqKYejWLXv3jNCri/c5BBB2XTXdD
-zAQfwr2W2FfXMkNDUWt95C0NOF7NK5Z2XbmFMGaqn8y/rsYv+Zj7zl98yp0efRKw
-JEDyqFgkV/+0sLFjQvvcCdY9ucM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowSDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR0wGwYDVQQDExRp
-bmhpYml0QW55UG9saWN5MSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vcxz0dHrlH/i+DaS78z2Y0O98xlH0yo64kCvWxGo//3ZvMZl+wyQwcAOqDnIH20X
-Fi+G9BhwuyzlaqMenvEQFImtvvDspxYtq/xqmTHET1+9rkF0f8Ex8uV9VgGGMJFB
-Kjax2S+jexoGNro4EeLopi6cOXBgeqwkzcpdi0C3ugECAwEAAaN8MHowHwYDVR0j
-BBgwFoAUZtu1lMcFxLM+K5G538io0E0rNEQwHQYDVR0OBBYEFKeFECzgAW7nVCNq
-d6KPFwSv++MSMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGuWkVLrBfOy6K
-Y46FaTMnWYkjBWyjC9mgPrq97h90tejc8Z+5Q7u+WD+f//iSoC19Uy65lnk10g56
-UqaqA7zZQ25N28un3YqnKwS1pWrtUGNiAi3vYPUkmwq+6PJvWAcVl56td6OmQOIO
-hDwXMBUcDUYTCVAMRY5fiMx7ARRmeQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UE
-AxMYaW5oaWJpdEFueVBvbGljeTEgc3ViQ0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCc2RpX4l2ip6DQkyPrZQ5fiP3xdhXT2e4QAznpwy2Z5q9TlYhF0sFw
-yiFNITCwI50K+JrcR/FtOMFTiGkDJdNSD6JJ9KXmV2Ub4/oFXhmdPkkW3+LyckWV
-cpDuhOBoI8E+ni0ZFTuduAa9E8yQX5PKazSSbeERNXFHIdMij7WuxwIDAQABo3Yw
-dDAfBgNVHSMEGDAWgBSryEEAJtDVTOYrVmfs74LEwt3yVTAdBgNVHQ4EFgQU3Ymd
-Zrnid46ozhWkgrKgpMameo8wDgYDVR0PAQH/BAQDAgEGMBEGA1UdIAQKMAgwBgYE
-VR0gADAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAM/wnG9l6jp+
-ViHhfrgGuXyp29iH1trRzZVkRtta2Htz5cEy+DfQ1bKtALeOj+3XycvDjFBK3XFX
-Fj5Kq26Wr29hb46xdtNHFdkYvsyfD9Nmh1OvcqEkW0rmMqtr/+z3bTX+qegUtJ4Z
-vjllBLFSy/60sopz/da7BfJiG3vBvoij
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Self-Issued inhibitAnyPolicy EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
------BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGsx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFAMD4GA1UE
-AxM3VmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0aWZp
-Y2F0ZSBUZXN0OTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqkkaVxrrWKva
-xC65OTtGWaNoO/KVt03UN4EW/fxbAwU79QI6lYLlcnTOpmNlAU9HVGEvunAZ/RBl
-AtZOKSiAGjuEZPkn37sS6SnhR1ANPyNA0KTI9uXIXDKde2sGXwNSbsiQbDko3vdV
-EIfKC00+2GBB7MxARHUpZZ7kGAP4XIkCAwEAAaNrMGkwHwYDVR0jBBgwFoAU3Ymd
-Zrnid46ozhWkgrKgpMameo8wHQYDVR0OBBYEFJf4i3/rlw5BfP8DOFHqMlOM+3vU
-MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZI
-hvcNAQEFBQADgYEAg9u+FJzES1LZQVxwLZwZZ+9Q7q68jcUqdvzV1I0kFxESgspa
-7a+fTUyYDbMr4qZ9zrMbJDDLkwS8a9vSwZJmfLSZYGECYAuTZFTe5p6CeQyToEfF
-l+MA+CUr5ogWe2dpQQ/OmurKn/idqncuvoIpaWH7fvnpOyKcqo27Q2hUhrA=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AB:C8:41:00:26:D0:D5:4C:E6:2B:56:67:EC:EF:82:C4:C2:DD:F2:55
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        85:eb:03:68:bb:91:5d:9a:09:2a:f7:5c:73:90:8d:e8:4b:23:
-        92:c3:d6:b3:8b:81:ba:d2:b9:dc:a1:e4:48:29:a8:98:cf:59:
-        db:2b:1e:de:1a:ce:db:cd:5a:dd:de:f5:f3:91:13:9c:1e:a6:
-        c8:4c:d1:ee:24:10:7c:95:df:a0:ed:4d:f9:a5:16:43:89:af:
-        18:f6:1c:24:b0:70:9c:62:86:07:f8:0c:e1:61:d6:99:ed:7b:
-        88:58:9f:79:d6:3a:1e:ba:aa:52:97:13:5e:00:7d:00:ce:9a:
-        d2:34:9f:0d:bc:18:09:f8:10:2d:c5:d2:8f:d7:eb:a9:59:25:
-        45:1c
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx
-IHN1YkNBMhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUq8hBACbQ1UzmK1Zn7O+CxMLd8lUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAhesDaLuRXZoJKvdcc5CN6EsjksPWs4uButK53KHkSCmomM9Z2yse
-3hrO281a3d7185ETnB6myEzR7iQQfJXfoO1N+aUWQ4mvGPYcJLBwnGKGB/gM4WHW
-me17iFifedY6HrqqUpcTXgB9AM6a0jSfDbwYCfgQLcXSj9frqVklRRw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9EE.pem
new file mode 100644
index 0000000000..afba6a5197
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitAnyPolicyTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B5 28 7F A8 5E C4 9B 0C 60 B8 88 80 70 72 A6 FF 8A 00 75 AB 
+    friendlyName: Valid Self-Issued inhibitAnyPolicy Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Self-Issued inhibitAnyPolicy EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo+gAwIBAgIBBDANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowcDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExQDA+BgNVBAMTN1ZhbGlkIFNlbGYtSXNzdWVkIGluaGliaXRBbnlQb2xpY3kg
+RUUgQ2VydGlmaWNhdGUgVGVzdDkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDSWk+BxVIg223wvs2weR2LSJ3WElVnaJjergY5PUJWIpvi3rhr36NcMtCi
+KTKwteK0gjEvuC1ViP8SDvC3F1jPx1mJUeCvLO+ykSWCHnoxo4jdtgUUFFazMkQo
+Emf8o2s8xuGab+Me1byMnlNceqPD3q7ncenZumYeleV50CBz4zrz68rdT1/iRd3C
+tSkQzXE15FBx6VVFimfY4b8Gsx/zrCOQtr7uuxwlKljVZIneyV3Oxtk8+9EuYXMk
+Yig9pZSMVMU1nscG/qoPj35p/fduse+KRpGM2N3EebJjMC4WKI731mkenI5rRSOP
+BIwiLPEi4lYgdX/DfqVBiYO2z3WXAgMBAAGjazBpMB8GA1UdIwQYMBaAFMnMP/pb
+8KHa1TcMm86YxnqJK9XrMB0GA1UdDgQWBBTlOtW6qZkT1fSqlvvdOHn/0HslbTAO
+BgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3
+DQEBCwUAA4IBAQAw2XcoqDcFwz7cBnYxG7mEvhoTqnGLOrxF94XpTlAN49BUYfmN
+iQF/mmWo/fA12Y5BwOBcAws7dDB0H428uhtqYBGCxuhzDkIXy3X4zvNO5P5XdrOw
+oel1+zfi4hH3FEKLQmgEjJy2PN2s+JkqZNpxP670/tpp5wwB1DLN2bEc6AARlN5t
+y/pvSd7sVBSXo6FaYO6USn4Fk/m2toWZrCjGZAZCJITWwjwLjQKo19FARC/iUNMQ
+35sIs4EiP8bL/k5HcAZVXECK49Ogr6g9lU9wY9swx5Uudw8/2OstRe4vTQFw99Da
+q6T+4P1VCKTMkXqfc7kR3vey8S1z88l6GO5M
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B5 28 7F A8 5E C4 9B 0C 60 B8 88 80 70 72 A6 FF 8A 00 75 AB 
+    friendlyName: Valid Self-Issued inhibitAnyPolicy Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6585A527E4EBD184
+
+dlpKqskl1Pm3ZL7yW6TyxKoq7GkkWTdiIJrvpIVv/49VHbwbkyYuIKOcysl6Ap9x
+0PbPEWvo30f+03azLNfeh3iqGe802aVEiZLo32zVB8I/3ZBOiNEly4w7mWVlQ5ZT
+80QOz2ZvFG73xCh2Ul2/7LDwwaiaUHWo4oj8wsTCHCKMKIU3RK83Rw0P7LmJ7n+l
+qY9TOAiuX7KoWbsRr/wd1Jf4vKtZttp7ymIq72Az8k4K4HQo8JMAgAq8hkkp0/9p
+u41a5oTK1VyvLwKip8+3pdW/BK7I9iYeIKssoLQDduIDBrw9CuGHSJj2OEeA2wvZ
+M7qa/BOJkbVhxjYEpMh29Cga3heJPImY8vvwOwFPGvykTOB+EHujN/aYVv5yt02U
+2vBidukWnB5w2zbJcq6LsBzvYx93b2N+vrXre4YQU6vcxijHOsDdNGW7pZe/osyG
+UMhLGBofkENW0YOq0Q48haOyHLIMeGToKPD5GdOQZx/UXEdIDye7VHbOPJS1ccc+
+Rf931GDa22kzmue5G/Ee+1jh9z3RilMlfbtyVod+Yd1DrIKLFoxr69vtlTWzo1uw
+HkmjqdDeXzq/VEk2CXP6QtP4S3PQJ+FltnT3F0TBe5zX0FF+wKEbEOInYUZr6kH9
+CeZfpyUEp1JYh/4vgpoRxlruVpEBIJiRMXiRVnWwlWZjfmFSoA94SXx4PuknuwcL
+qb1EuvTYwfEMhZ7qyoiJwVPbHsmG8csGh0DtL6/jkq0xCCQ2oYdrTjsUJFPzmmgl
+fLstcU4dNDuwuJoEgfNXg+PqYrPWYZ1VLFlCN4ECH8CRzXhwbd76CDVJv4PAPbNE
+FprSz5G719+1eXcaNUSG+71KAHH14liTxNdW8LAIX9AwhZ1Z014P1Hd2oYWfBUnM
+mnSE33U9QjNdItDP39HZKpp28P4XS9NSwQgJetV/rVlyausQpjE0Puc18o7NzJ94
++bJUg+2oLpMh9399VBymYD/35kRcF1mhcZlcTvu8h9741bA1RQL0D/bdgQLju7Zw
+pb9dfbNiFgFhcjP3WrYy6L/xZ5ifrmnoKE9iu6hrs4omCebowkmlY20MohRa6Dur
+ZBxIsz/Ol2VTlXwHmr+bWTSLfMcrvy0+Fxs+tyhNfhL5Upo02ODEyei+tTE4dXTn
+if7khx2N4ymjWeUEI3W4PsWoTfZGEDXJWxfezD3CQqb8m/Av5pY7v/S1+1Ad2HzK
+2wJ71D3wQpkc4Gp8l6HOvDID52HV0TI2U4028LwhR818qMDOGgEVPtvFTeTLmtvd
+0r2a/WUXJzhB1WycQREadHF1YPYA/Ds/0RSUsBv1KxS8RSk9iTvegY+HcXMsWLCu
+aKKnd9nqhLkL4jnTB16LRJ2zDCKnchdRz4ZZd2R78/nezC4J4m8JmC7FbWZYKJO4
+yCw0wxrvUzbT0iQfOpbC3gbSxAvbQwQU/a9tyMmFE0WLZgOc0879OFIm0UabZoys
+FyR9iPscWcAN2bSCdXBqVeHyVYBfBiOTDmYnybJ8wZOy5u4FiLGDpah1dUbLXkHC
+ZBlI2wJU2PRe5q4kG1unJq9p6Hhl1SEP7fq5WJtAPz87iA9dKhh+8ouGPZ+szY0f
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7.pem
deleted file mode 100644
index 0a0596b259..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7.pem
+++ /dev/null
@@ -1,180 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-ME8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIG
-A1UEAxMbaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCX3X8GrbxUXCENLok/vrVUA4snN0DJ+ja+Vct+doODtUFE
-99ZdYrT+qEPGAkioxAKElsWQDHoAjlv/TjoSxbV6BURJiMk+pIdN/N3oOtLz9N5y
-emO4Nq8Wv3A6dmTeqV/BvhEmKyKd9h/0Vy3gTP/eIqA8vhyxOpPLAB/gKIIWUwID
-AQABo3wwejAfBgNVHSMEGDAWgBSqaWS1UuWiYwoKoPNqFz8gsgPUtDAdBgNVHQ4E
-FgQUbFzipWxbYKUZ3ncFU1rjNTWvrRswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAImoE0/jphqmO48yRD2BCE5RlbnLVfXqKMbZ61lxs7X2Z2oC7QmmXJ8xH0vu
-YmnqpQTJjLwJc6janX9zk3DIdokB0PPu6HAtSb3GeETMG2tQFA3aeDyg8xjqGNBD
-OHfNDd64bvLnKZWb3bLEPfnZf6WTaRV/x56wf+7+NPg+zJop
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBOjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEkMCIGA1UEAxMbaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA
-643DGHdT8CXwVc2GtZQbRQTdptkiSzy79NPJD2XLU9LpWnrgyGzl4j7xUeYVspxY
-Ws/mpZCQOb2hs8eDfHKisjtcKj8Y8r0S8Csb3dsG19Rmjbg/2SiF5ZMaHzPi0QAk
-m008o0bwHaSBlFHigtvqu563VpgMs52ksx3BV1BKZQIDAQABo4GRMIGOMB8GA1Ud
-IwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBSqaWS1UuWiYwoK
-oPNqFz8gsgPUtDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATABMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgwBoABAIEBATANBgkqhkiG
-9w0BAQUFAAOBgQA3+2MqCUqi2aRGC2CQMzptfla5lfBz0GLy7p1VBIoKLOe6/rAb
-IhVjO2X7pWEJosnjfmKUOggaCctxUuGgA/okQKTXTXQwXJwJNv2qS5lf1AHD4B99
-pZ5ebQ5FJ+RZBB6HiUWabWVfJ41WPI7ceJ8fh/Riau+XJg2KLE8myngRMA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Self-Issued inhibitPolicyMapping EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
------BEGIN CERTIFICATE-----
-MIICojCCAgugAwIBAgIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3
-MjBaMG8xCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFE
-MEIGA1UEAxM7VmFsaWQgU2VsZi1Jc3N1ZWQgaW5oaWJpdFBvbGljeU1hcHBpbmcg
-RUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ALAZ39MGl31J7AeGVi+NMkr2Za9Sm9LwaUKnv+U+4kjo1pvbj8KegARFAYToj7LF
-KujtuYlkH9HC9PW9p0X0zlfGyLo+jYBaT28HaJodaa2AmpEz0ZxmLsEBnjVNlC/R
-+vUNa51CNV85Wv2V/FVkznQSlqdRP/89SCfIL/Rd/rLRAgMBAAGjazBpMB8GA1Ud
-IwQYMBaAFLamwerAUlPfhv1mSeS0Rr5jMwwVMB0GA1UdDgQWBBRFegfFmXt1cyLu
-vHj7WA8p2BokYTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
-ATACMA0GCSqGSIb3DQEBBQUAA4GBAE1aoLRAB7FVyZHDy+jfyHRnvk2c/hNkhsYQ
-VuxpPqQnt8pCBUl9lUAwlb9W1JoR274/B4pIYmqM869ptHJJjbbNkOBdudX6462F
-v4rtoK+1egfyqLiEcmQNcGSqq7w6tBw1k9DV6t8D1BYvzh6JfN7z+BY4b8dOq5O4
-2eSGt5qS
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
------BEGIN CERTIFICATE-----
-MIICvTCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBa
-MFIxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEnMCUG
-A1UEAxMeaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDlD9RQqLmz1R8mmDv95sxGdTT50F3U2U2PHAx0M0R/
-EmmreJx8mubNNUzKpH+jIQCsgKqAH+CJH/LDeCzow3F/cS0bcKYF/x1hJhJHO+pP
-uBgIa0yNq+hkNY9F+V/b+auEovg9yqIThiE9atAWfL1IRnRW5qpSi7si8qQdGWGt
-iQIDAQABo4GlMIGiMB8GA1UdIwQYMBaAFGxc4qVsW2ClGd53BVNa4zU1r60bMB0G
-A1UdDgQWBBS2psHqwFJT34b9ZknktEa+YzMMFTAOBgNVHQ8BAf8EBAMCAQYwFwYD
-VR0gBBAwDjAMBgpghkgBZQMCATABMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEw
-AQYKYIZIAWUDAgEwAjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AAjqz5quHRrfjyt+VRbtAM5KfKQS9G5SMsxGGdD/A8Nu5JYAN5FGi9X+RjLqeBzD
-6hmnFNNPFZx9LtO1s4wBoM06zoAddrIISUWehidWkxh7YEJSt4OSQ3fHNO0lgHaC
-WnvV8cZ3JLFezL+4ZDzXUJYoxmGCjerFTfIszoyvBuu6
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AA:69:64:B5:52:E5:A2:63:0A:0A:A0:F3:6A:17:3F:20:B2:03:D4:B4
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8d:01:00:85:8d:99:b7:5b:7f:63:14:5b:20:de:25:35:78:25:
-        50:56:9d:78:eb:ac:15:34:90:c7:18:cd:03:ad:4b:80:9f:b2:
-        09:73:d0:8d:c9:dd:a2:5b:e5:c2:9e:30:ad:09:06:ad:8c:56:
-        7b:39:76:aa:1e:13:a6:21:2b:68:c4:93:f3:39:fb:7c:7a:f7:
-        2d:e4:d3:ac:5c:a6:38:07:9e:f5:b7:c2:54:6c:e7:76:9b:2e:
-        74:5e:cd:83:1f:25:c0:d6:4d:af:ab:29:47:dd:b0:87:79:86:
-        f3:4d:89:80:2c:21:14:68:ec:4d:cd:67:d0:88:94:63:d1:db:
-        f7:a4
------BEGIN X509 CRL-----
-MIIBSDCBsgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYD
-VR0jBBgwFoAUqmlktVLlomMKCqDzahc/ILID1LQwCgYDVR0UBAMCAQEwDQYJKoZI
-hvcNAQEFBQADgYEAjQEAhY2Zt1t/YxRbIN4lNXglUFadeOusFTSQxxjNA61LgJ+y
-CXPQjcndolvlwp4wrQkGrYxWezl2qh4TpiEraMST8zn7fHr3LeTTrFymOAee9bfC
-VGzndpsudF7Ngx8lwNZNr6spR92wh3mG802JgCwhFGjsTc1n0IiUY9Hb96Q=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P1 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B6:A6:C1:EA:C0:52:53:DF:86:FD:66:49:E4:B4:46:BE:63:33:0C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        aa:fc:6a:e9:aa:6d:46:16:9f:65:05:ec:bb:4a:e3:de:fc:ee:
-        4b:6a:61:7b:4f:ca:b0:86:90:90:f9:3e:ee:42:70:bf:70:51:
-        0b:ab:f0:b5:51:4f:78:f2:03:59:1e:5b:01:1d:6f:79:b6:d9:
-        c2:38:83:22:b4:ae:64:06:63:5a:af:04:58:6c:a1:e2:3f:64:
-        ce:f2:24:20:0c:a4:77:52:e1:cc:23:3f:5f:a7:89:20:85:fb:
-        cd:f8:c1:09:98:bb:62:c3:62:0b:75:38:01:b0:93:d6:bf:22:
-        d0:18:ff:04:52:25:72:bc:c9:d4:e5:77:fa:b6:84:9d:bb:d9:
-        45:a0
------BEGIN X509 CRL-----
-MIIBSzCBtQIBATANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0w
-HwYDVR0jBBgwFoAUtqbB6sBSU9+G/WZJ5LRGvmMzDBUwCgYDVR0UBAMCAQEwDQYJ
-KoZIhvcNAQEFBQADgYEAqvxq6aptRhafZQXsu0rj3vzuS2phe0/KsIaQkPk+7kJw
-v3BRC6vwtVFPePIDWR5bAR1vebbZwjiDIrSuZAZjWq8EWGyh4j9kzvIkIAykd1Lh
-zCM/X6eJIIX7zfjBCZi7YsNiC3U4AbCT1r8i0Bj/BFIlcrzJ1OV3+raEnbvZRaA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7EE.pem
new file mode 100644
index 0000000000..bf2a529743
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedinhibitPolicyMappingTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 61 B9 99 CD F8 EA F6 53 12 3A FD 97 C1 1C 23 66 63 10 97 6D 
+    friendlyName: Valid Self-Issued inhibitPolicyMapping Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Self-Issued inhibitPolicyMapping EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+-----BEGIN CERTIFICATE-----
+MIIDsTCCApmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowdDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExRDBCBgNVBAMTO1ZhbGlkIFNlbGYtSXNzdWVkIGluaGliaXRQb2xp
+Y3lNYXBwaW5nIEVFIENlcnRpZmljYXRlIFRlc3Q3MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAzlSgxeR9mZZ2DfvlsNsMlfrKR1y6GJY4fciG6sC9DoRB
+7sqa+3lG6pzDngc/9d/M9u85ukn4AMAsPZAgi5X6Q5dz9byxtr/ACLKumzRwWJ78
+7vVSNc1Fl02DimJqpaVgKtpvh74Z0Li2EUONNxVmM86vcI6+K1qVnLMWtdrSpQx5
+RcP0ak4XtVcxSFKBrTpZw7kplIenOiXBIVlO5f2yADWcpaJw299I0n++7v4vQrJt
+3HWs5aDA4if8w5UsQvfWPL6IbYhS5spCRAu2Ta8TAB+mY2k/sLyYo/1HV0khIG1Q
+5J1pFdw091TkMnOf0c+yG48BeXG230snsTTVpV8DKwIDAQABo2swaTAfBgNVHSME
+GDAWgBTzzQc/gzDTxwJi2ubKbAGlsbaAyzAdBgNVHQ4EFgQULYSE/2xcGw+CRD5T
+hkfTUDLk/bQwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
+AjANBgkqhkiG9w0BAQsFAAOCAQEARKXDv0JsjAw+svbFFVLJWn3Fan9X4ilv2XPj
+c25T2Z8dd5ydw+a/fSuZ30rowmL2YFnWeX9D3i+y542eBEQbzHkj+1oc/JFJ/34M
+trqzj39TgmrQbM1D1SOb7Y2uLRXpZu2jPUuAld2jPJvFZxCHTf3LRb1dW8F6uAs2
+SrfZdeFCA7fXoGJRO4z4cCWyROOQY2PHSrMKNAh2yWFq56qlj4iNmdv86/My8MNf
+zlciq5ApLsPhTIZiRwuAiAnDkeVUjo0u1PciJ9oQUZc2TuEqcUudjtl16zTEw59Q
+Qk9v21HXboMBS4QUaQ8WhtwL0sGOMNKSw13LgqFeW5IPswaGsA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 61 B9 99 CD F8 EA F6 53 12 3A FD 97 C1 1C 23 66 63 10 97 6D 
+    friendlyName: Valid Self-Issued inhibitPolicyMapping Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5122396833385692
+
+rjnACDyh31Laaa/Y+Bhg7d73sCGPBKAmBkHDMgeWMZHftHStCvjZwQIs/0BKTZoG
+jm7dq2L/Dj6IwEMr0jAVF1eIVuxkJfwMfxGWPVjA8yyaFOdATPiTjkshRLBiTQVG
+7ev3SI9icZl+D5q1vFBuIz10ngHpuPFW+HnBW6VchmT+pJC62F/RfxzoUGqwHGns
+1Zse0tyLFt88yLfFBgm+w2lFBuZ3tzOK3NxacdB9/wOk2ktzgGKw6hjyRSZdDukk
+hZEc/mTMslZ3IApu5exn6x4RbLLBQfJdjGdG8vjOHzE9f5F1QS+feDwv0v8RiKZE
+zcPMF5gS5GjGGCaq8jBsbJBC7L3h9mQib2Q/QUpXp15wznTEpWHQ/QQRd8cRZVDw
+qBllDSLaacMvZZ/1B8vGWwpxdLqj0ABDZe48QD8df+TcXMD2VOXvguPEq5n279pX
+X+cdGcNeITQq4C8dZsVE8xUHrOfEB06mN5JjUcwPnxb08vnYhmEDKWt98qBvKoxJ
+znfAgmdD3/QH2YSgW+VsK1Cs1Xj548zE6wPa7GTbUsmfeEMuVAgLIZJBlaZe6wH6
+0af8RapkwRaPfSYvc4iJKTcs6OOVPIvrILYU2NmFIFEbrfIhc5ezCoHKUVmtkVg/
+PtLOnhdTnj9v0quMCXFJ3TKxe0C4S5QbhkWOTfmZWAntVAbpk1eJ4JPp8F/859O5
+98oA/5g5c2xR1c1jADqSw2KbFrpbyHTPEETAHSL/xqzInCofh7ErknB60Tf7I2gq
+sOLlcFKEqBU9kp1zuma4VKx5MMvJmLYyO7jnUezt05TeTACgeSy49pJ3/or5SHHf
+7kQAIh+oDbmE4jz+MmIBddW3Cfw+3hCCdCM5u3Rb81wvSq/Gs3eHBxqfpDi++fjK
+9H7XhhEcapvpVmKotP0D9iBeqG4PXUWiGgt5+861A1TZe3SFnFgIc8KBsPcgOKqT
+pls/JEd78JWxSCzeHceMwWb2Te9Ej0yVoPePX4b3QDsbdgcaGTtC6RdzBYBhiOZD
+33oFxB86IkTOLVwHechMTY0RRig/BqvZNSgzsTdyvnEa/m1OnkYOwqnvq4vAYfCM
+Uvfl/j74lViRii7fPeixt0Cd9R7PJe1g3hBPw7Q4eytOKRE7Lb/rv5dkCQo0to/Q
+E3B352q4sANo8XQD5v7EnRhv2JSGqL8qzY1t+ECQhT6llVDa8T3Jb2qjwtL4VKOl
+2wEuiT0rGVcGfDppFUgE58ms7ZjdviFKzbT4yL9nsiGQPfFaZ0VmmNem92NLEHuX
+FvOP6oYcrJu9a5dNmLwWPMH28F3cJMvw6JrRmI4/KPxy1QqEUYleTtW5wvp7lfhX
+KwN5vs8NfN3vidFIluh8ILE1/BuTeJl2i9PQt5wn6v5vIuYIlut0VTsMyNI4DUG0
+oYxnPR4L1s0AXn+ONSwQ8+AnUc7hHcS8rhX4yZyioXajLqXhFzhXiK9MfeAxPhge
+gVhylvKZYlO/BMlDejXxeE9JmWuCVBHwcGSLw92D0i0vPq2HpaZal9W5+3IQfACO
+YaRu5tDk13GiqKk7cY8LVjC9rK+BNhUjVvRvz5QI63mPpglQ/gVwkg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15.pem
deleted file mode 100644
index 8a81ff92ee..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15.pem
+++ /dev/null
@@ -1,127 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk
-MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w
-LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1
-RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah
-b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt
-BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr
-NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE
-6cbcSe7zaz5qdojy0B72dLHC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMV
-cGF0aExlbkNvbnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDDqMCqoLUxLw5wCcxhD3+5J80k2C5ESu+Co4n3V3Nu2SyzcfKET0wx5QvxYm5V
-bzsntf6IudJpfXgzxHIwJ4i5v+Ycc8NYiqmCNhsW5sFRzhjQDyTWu0fEYm+tmyBv
-FavwXAcp8ptUMElDMAv/bKSD+7MDC9uHZQOmVsY0ndcNUQIDAQABo3wwejAfBgNV
-HSMEGDAWgBQhDLUBdnbTsyqsJvyqpk/y1qFvSzAdBgNVHQ4EFgQUOK0lyEJa1w3p
-SvQY5iylU6RQ9EwwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAA9NjcDXXcF4
-FXkwZWIDYtowLXCpbshsU80nGx0/7QVNApSTnUq9pe0t8qAClcYZuaXgB/uYINl5
-qozAW6KR4wFaNUv6mnm+0ppWeiTnIn5O37IycPbAKVZRhauf3p/cTkZ6RZ3MJ5Q+
-fMTJscvSXtMhU+Q3Pp5PGRXlXhs1zFNp
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Self-Issued pathLenConstraint EE Certificate Test15
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBBTANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMG0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAGA1UEAxM5
-VmFsaWQgU2VsZi1Jc3N1ZWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNh
-dGUgVGVzdDE1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCb61LTuxE1l5yJ
-QVfNdf8EYvZcAa0KaD4FMFo6vn3YTkLfUAgn2P0/LUtJQmmXciZPTEU9iKaYsV+/
-ZtyT/p8r/UHfo81aRT9dIzwK4sGKK+9KWFi/rPiRQwG5IB3XiQYW/JGTIPgcXg5Y
-dUXWrtqZVN+7ddhQD1d1ttatbEqajQIDAQABo2swaTAfBgNVHSMEGDAWgBQ4rSXI
-QlrXDelK9BjmLKVTpFD0TDAdBgNVHQ4EFgQUS4ujjGGj4+FAN/SRPltJJo/KxqAw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
-9w0BAQUFAAOBgQBh3iDLcsaywxCRTsUrSXJ+COkZOvwrPiAugkf2KeDXYcrIckKX
-n/+Q3FZeBn0qHNyvGUTLp7yei9kUto1sS0nrShwSV+dn/2zUsL6dr4F9Lfazzvsp
-rIIGkJCHbcJSnMc2b3dBhKr1Oe6MWWnV7OdTVCfjQXeDciB3MTcY1TqedA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba:
-        cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3:
-        d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f:
-        53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec:
-        b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80:
-        3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91:
-        55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da:
-        cd:a2
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6
-rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA
-Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15EE.pem
new file mode 100644
index 0000000000..edbb2acba9
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest15EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 0A 55 CA B7 29 D8 79 D7 91 E4 AA 93 F9 D3 AF 71 37 0A 67 D4 
+    friendlyName: Valid Self-Issued pathLenConstraint Test15 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Self-Issued pathLenConstraint EE Certificate Test15
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBBTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+cjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+QjBABgNVBAMTOVZhbGlkIFNlbGYtSXNzdWVkIHBhdGhMZW5Db25zdHJhaW50IEVF
+IENlcnRpZmljYXRlIFRlc3QxNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALTPBtTph0kvovSb31pRYt9egyO+d7Eq9BtlSFiZ5UyYGh5UC2FGcDP4tzkO
+5si6Vn4yZ/rwqIMNyU5bkbfludraX1b/Uc1kObROQfOgEApaE3JuZSVjXEwJsojM
+yBYCf0FErkdYAgzDE5czPhH+NE5ENiI0+cox341aVJ17bK9wK48JP5ajt378Y7Uo
+sLUG8hY6d5fOJvE9Jg2IvqCXLuSfWzJtCunT5Qlf6qASV0rrUJWdmKaqstNbqq9H
+Cj+IpQJTrwkF/8rPkAnuJcjqRbCimdpVqYLqF6EPAv29rTBZyKd1qktm5n3wjcQ4
+hWu4kEHG/KPfSC+pvk3OLa3FD5kCAwEAAaNrMGkwHwYDVR0jBBgwFoAUgOtzvk2Z
+npS9F0ta989Xd3TDX3cwHQYDVR0OBBYEFMjr2VjA7usIwlcHbZp92KG3YZu4MA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
+AQELBQADggEBAIKqRjt2Z9NVFsBaFffuOhB65G9/ZP0VnAz3x+5EKuUn2MhbZEnK
+pMS6dDI51ot5gK7PtxyXH7DwI9Tq8BlkpU5UMspeKKwHuBe97IPsSeAFeQX2zkws
+yz7KW5QIezi7ijyNtWHilzKeK0uMh5pMAkNVoLH++8d1PYgG04EYxZlHZTedGSj2
+QjiBc2bJQ/hTQSoXjXlFK0auVmMOohKxYi6ZgWstGGDdoY+/1qe8vWBqn3e5NSLu
+oqd3L3jD6g1rjc15SEadJfdQO7xMTdgnJWqij0N4rcxo6EzqFVvt8FGUNwCdHJFT
+B1Qi4p0aWzKTaG/KcfnyuEyrAJB42RZI+LA=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0A 55 CA B7 29 D8 79 D7 91 E4 AA 93 F9 D3 AF 71 37 0A 67 D4 
+    friendlyName: Valid Self-Issued pathLenConstraint Test15 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4A1C2B404665D30D
+
+uWUUPeXKS8K8I/MHrcV2NhxxM6t454hkTYt5XcYl153J87tuHDi++fxw34rb7+f+
+Pb4o5pJh2COqxjAu8pl49JdZS/UNz2+C/F80K3JvdX1Vo0X1IplqcRSGb2gAa0bC
+1pCbtuyy4Nq9SAmGN6B34lROUOEC8/vIcee4SNCMnxLW1H+RDETzT2MAjMDI2lAy
+vibpRIAbtILZguDzrvIr7I+FGzm5Vc/0vHX4B3E2qGj1EnRotNLNNY5N6kg4vSZR
+E08+L8FBgC6iLAfEDk3jpYkInzSATLn7jgS4eWIbIbEFjuT3mhBPDN21Zqh7U1tX
+qOba61l5fgdxhvreWfRjwxSiuSOnArFxJU3KaaF5hoK/4QkZsLZ7jHUQLIsIzfMd
+ro1LggW03w/X0y/Ip1ArqFbND4YjlN+cDaSy2hKNLb9SqePSwLkdy9QQBv5UMhtl
+RC8l+RtKifQCw4hGHG1+EyznGd+1kh6E6zwmv74QrFOnJmvLI+4kiCLpXTi/4x+O
+RXGvtObalCEjaht7nkwpFZfFzVxmRWae5mHMHYN01fXGwFWwHUfC+Cjocm/8EvGi
+2nmJRfYzQFnrU76dluvAU4d8xYhSfDIkHTOJHF5AAg21UR1neuqj5UgHUm2LM/R/
+T8BZJjuevVj7Fg6uH8AxkHN7vkf7rcxEY5IXUZKvG/IN956QpBDm7VcobT4TFqwL
+UtwYrM/hGza597qIT1oJqy7ah8VIYbKZTE5gmA+fI2eZkjqm4ex/HOsZKW7BzkyW
+3GEiKmU6d7dFN5XewDqjMQzBNlzD9Y5gRhrHv85WeRA82rBm2qv7+20d5SdO2lIU
+VXfggBI+KYclR6JbE+z4qPPdJ1KYH7BQmMgtE4TOGSFhX52/nCfuR4jxT78unGyX
+FByYPuiJJCG5bCXIukwoh88Yyib+o9YbUjaqQ6sfRSgwiv9QocOtwRlxXOA+kZv2
+s0fUr06cK4BSDTZ5VlHFNQJp1Ub5nWxqlseVWXFcJ0JWddlzvGewKg4Unvtl2Q/x
+MbvFF/27VY0Uw/XTHbTazNeeCn5OFFeOigyMvpxE8hpu9Hbl7pWKs+LoE1NsJjaK
+RpGRIIQcX6O3VQbgWeY8NfYRtackF1FwtgkxE/PodNhUC8YV122htf2mzKsXjQ/P
+2z9xGZi5NW/95bTAX5FKPtP6KsdOQXRwpoJjxzVdPkCncbgn3B8PEK8Wzoc7Is5O
+xhjaf0QIkkC6UD2MeFFv5yaUAi45Ivwl2TOXqNaRp2Mjb/rLhSLNCDJ8Vh6P667n
+PrQ5oMcqq914DBqYM20Cg93Pt5ZZk8GZQLywCFTulzuf92oyoxMX3CWepNxXmUYh
+uELcCywkTnwT2kCClFj+cbhFTNuFILN3CnwPs8QpIJjOPcwdnvL7Si19EqGOhUFj
+ifavYAGGKwkUfIlXwf8IuRNkads9jOqZCpALgDH0owHai3afBgKlyx8AEvxYbEV7
+bF6il6oyy8bfo2sz1ikFwF4qFBBgDw4WtiA/Wdmo1j/NfVNvIiRjs/vtu+KzicEn
+/LKj7N4Y1rlJXxEffLYBnKNO7bPbw18o1Hp6IdcPAFFjK/Qy13JzP0p6yV/ivRen
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17.pem
deleted file mode 100644
index 86dae42c9b..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17.pem
+++ /dev/null
@@ -1,197 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBHDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZDGq53SMD
-2pj9pTu5VRCJI+Vm8LxSBkYdxD0jc4IKrbJH1NRh5XCcfeAbJaQ46UJFGEPMa92B
-GOSF60SQg5oIXBDTA/ygWIPFFbfStUt//heg1BfHUHRf14z8JL0HzXDG6xnd+2yK
-FzLzKFu1zexVpeT6nFQr0rjeslXftjJO5wIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQU2nOT4PBlmX3Dv7AfJg72Fi0x
-NVkwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBBQUAA4GBAFm1ZyLmtGk/Ml/36K/q
-S3bdDJ4PWyY0OsgJBm4jiiYU7QvQ5G7cyfPW4h8EBaPOg4HSUGJJdqQQdP89e9WS
-JTFOlLoPT910pCDXbuEjILFrPh54Gv0ydO31Yc8Un/Do/qEraDgWzjNU9s/BAJKx
-zeFg0ajkR1p+VLGzDM+n2aQI
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint1 CA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint1 CA
------BEGIN CERTIFICATE-----
-MIIChDCCAe2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMV
-cGF0aExlbkNvbnN0cmFpbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDEsgspeWC5HV95asByD3T2Xp92XyIayyvxljyNsuyivQG/zdHVuW0QqDbM9+ua
-rkOgDpqwN93uEtbRdQqq4u0MZ2GXR4k6ZduPsubfFKXBKdgvLBoSm1qhOdO1m7BC
-GYe/0e+uiTYZGfLbJCqUuDraLY/o58qeKUHln2Ex8G4wAQIDAQABo3wwejAfBgNV
-HSMEGDAWgBTac5Pg8GWZfcO/sB8mDvYWLTE1WTAdBgNVHQ4EFgQUC9dNxXZ6/vA1
-xTWKZjIu1jdIF2owDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADwD62Ebsv+1
-RcA3YIonWoTkrnKU9YGmmJf5S9ytmc6cT3phWRpY/sOl+Y0pNRvDsKJeew9ggQWD
-f77Pp+ACX2HvWwSHzclox2iCkxNyX0aNAxa9xun2zKGm2j1Ncb/D2mE9CQemmn0n
-1GxEkjg7psCUxl2FwuTTmRR9UquMxjg8
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint1 subCA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint1 CA
------BEGIN CERTIFICATE-----
-MIIChzCCAfCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMY
-cGF0aExlbkNvbnN0cmFpbnQxIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQCp1Y+dMUczZ1H6dsRs9hr8yLDsu+xA1vSG+vHgAEPkfkhzItj+7N02gtua
-ye1hSXd/x5xNHOTWUK0CDY2YnHBpqmVO3nMIYmX40BbsRl8eQiEYQS7ES+URwrbW
-LHC23HLYn/R42TA1lkwp3HUa4Nu4eUEXKRMbCVfpxAE0h6brIQIDAQABo3wwejAf
-BgNVHSMEGDAWgBQL103Fdnr+8DXFNYpmMi7WN0gXajAdBgNVHQ4EFgQUYXPbCWI1
-alu4YhJII+f4K948S9swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZI
-AWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB0eGyRF
-KEbsyDnKd8pB+6YhJjQBcdZl9AGLASF4jPmFj2iXuF7gr5rT3UTvquUeEJamAZc1
-L3pHiaPZnxbVJ8hTSD4eUF0YMDd+PzboODwLeBS/5AmWQ0O5qiohjgFTMUq3uvkf
-RWemBcsCiI1KenbGIFTJaNEWKdPrsOrocVJw
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint1 subCA
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint1 subCA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25z
-dHJhaW50MSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UE
-AxMYcGF0aExlbkNvbnN0cmFpbnQxIHN1YkNBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCvkVm0hGNZvdPCElTss6nzgzq7tC28/UHHYKozUaenLdgSaARQnZyi
-w3O5hCVSCtOMmUog52Av5lbkjZxVhCTaWKfrBuPDE2FJSsz2RczG+89ho8676aQ9
-Y5tTt3/mECuV21fCVjRh3IU6O6gTGgPSOxmOyE/lMDXTYFYgsfF7kwIDAQABo3ww
-ejAfBgNVHSMEGDAWgBRhc9sJYjVqW7hiEkgj5/gr3jxL2zAdBgNVHQ4EFgQUVVEA
-f8ZkXgn1BiXGzZK3mreZsTgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAJNK
-lQDUQElDsFY24HDYmUDNg4Vg/CkEB2M9JfI5yZYlOKJrjzECJCY219NFeL9TcyD3
-bJY36GS1ZMz/MI9ocVTU0K5ssZqV4IkBI9hXCFlb+kw5jSgO30RoxXm+Nb0nvzUC
-s5kRJVI8Rdm4ONIstsOmX7w7LBMWrgCPBOZN6zkl
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Self-Issued pathLenConstraint EE Certificate Test17
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint1 subCA
------BEGIN CERTIFICATE-----
-MIICmjCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25z
-dHJhaW50MSBzdWJDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMG0x
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFCMEAGA1UE
-AxM5VmFsaWQgU2VsZi1Jc3N1ZWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlm
-aWNhdGUgVGVzdDE3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNwtcQ87sc
-VaUKAcu3QxtBteOc29FtwvZtv86nDNlJ91gIoFTUq1jKdkWcExlR8lh+Ye0QfIRB
-NIDkDs7+2WB/BwJLNMpaEXDh0qETy/SW3uDN0sOX2H3ik97y0xD5ayXquEXTqgIs
-fNtXesmjTnBt3iitX1DkPwrjuJmQf+co7QIDAQABo2swaTAfBgNVHSMEGDAWgBRV
-UQB/xmReCfUGJcbNkreat5mxODAdBgNVHQ4EFgQUOloj8eT4jSRn3dhhzDfEX13r
-FrswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
-hkiG9w0BAQUFAAOBgQA8hwBcf4CCZAko0xnD1MoTNUBfjdvDcXZB+bTB3jnbDXE5
-zSid6bUVBNo+awlLpnQw3drsAgI1G9TcgFOEslX2n4nMP4FZAxsjpyDPSA7Wdj+t
-xb8/kI5UhKZTjNYIL/LXpfWMvzhiMhTzha8PFxoGFM5hGYMXqh0kK/0zhThOEQ==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:DA:73:93:E0:F0:65:99:7D:C3:BF:B0:1F:26:0E:F6:16:2D:31:35:59
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        b4:8c:0a:8a:f7:34:0c:91:f2:7f:29:9a:e6:6f:dc:e6:a2:3d:
-        90:31:96:5b:53:0d:2b:cd:51:e4:d9:dc:b8:f2:4a:1d:b2:e8:
-        5e:93:60:85:16:53:48:ef:99:f5:13:20:34:84:95:88:1d:df:
-        30:94:e4:e7:71:fa:f2:eb:f8:e4:50:6c:fb:7c:e3:b7:29:e6:
-        91:b7:5e:70:f5:c0:29:ed:50:6c:4d:20:b7:79:e4:a5:63:8f:
-        ec:d7:1b:ac:9f:4a:4c:d9:44:3e:f3:17:fa:5a:f6:2f:b5:f2:
-        51:f3:b2:82:90:c7:4a:93:8b:27:7a:a8:a1:00:a8:26:3a:eb:
-        ef:4d
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MSBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAU2nOT4PBlmX3Dv7AfJg72Fi0xNVkwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAtIwKivc0DJHyfyma5m/c5qI9kDGWW1MNK81R5NncuPJKHbLoXpNghRZT
-SO+Z9RMgNISViB3fMJTk53H68uv45FBs+3zjtynmkbdecPXAKe1QbE0gt3nkpWOP
-7NcbrJ9KTNlEPvMX+lr2L7XyUfOygpDHSpOLJ3qooQCoJjrr700=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint1 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:61:73:DB:09:62:35:6A:5B:B8:62:12:48:23:E7:F8:2B:DE:3C:4B:DB
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        a7:22:08:25:d7:e6:5b:3e:63:fa:c3:8f:f2:bd:64:39:45:75:
-        ec:4c:5f:19:85:38:ca:9c:99:03:95:9b:4a:d1:93:62:04:28:
-        bd:18:a9:79:27:31:d8:41:38:7a:c8:ae:81:5a:42:25:e8:46:
-        84:31:cf:e8:38:ad:f3:a4:3e:a8:4d:71:cc:37:18:89:14:5a:
-        5b:7f:3e:a0:ad:6f:95:7d:34:1f:3b:6f:ff:a4:a3:58:14:d7:
-        c7:58:e2:d3:bf:33:3d:bd:59:f3:7b:63:fc:57:ab:62:f3:06:
-        27:72:a7:9c:6d:0f:b4:37:12:0b:8a:02:3b:e0:47:3b:23:a0:
-        6e:3a
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50
-MSBzdWJDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUYXPbCWI1alu4YhJII+f4K948S9swCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEApyIIJdfmWz5j+sOP8r1kOUV17ExfGYU4ypyZA5WbStGTYgQovRip
-eScx2EE4esiugVpCJehGhDHP6Dit86Q+qE1xzDcYiRRaW38+oK1vlX00Hztv/6Sj
-WBTXx1ji078zPb1Z83tj/FerYvMGJ3KnnG0PtDcSC4oCO+BHOyOgbjo=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17EE.pem
new file mode 100644
index 0000000000..0ea39a26fe
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedpathLenConstraintTest17EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E9 27 B9 05 48 33 63 E4 D4 5A C9 F7 BF E0 31 5F FC 3A 47 6F 
+    friendlyName: Valid Self-Issued pathLenConstraint Test17 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Self-Issued pathLenConstraint EE Certificate Test17
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 subCA
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYcGF0aExl
+bkNvbnN0cmFpbnQxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowcjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExQjBABgNVBAMTOVZhbGlkIFNlbGYtSXNzdWVkIHBhdGhMZW5Db25zdHJhaW50
+IEVFIENlcnRpZmljYXRlIFRlc3QxNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKZ/110TQ4OpgLh88109wvt/7WJQ1YHMugQV99n4Pu3kdI1VQO4ckrNq
+m+LBgYBgZ4Z6EswBTKiEmP46zxnhjiM2j3NXU/qmWvrH/mr1z5gME2iJZgO9r9Lf
+96Bi18e+hA3D8TvaCvZWSJJRyRcGb6eMFPW2YVb4lTUetmaSlI/RW+4nUghXyww2
+SyWnugMA3lS2zg34mchaDWI1OGpDV7HlYI59pPPfdhuGmaZ++dWbtB7EcB8FtQX2
+y30Rajgn8P5J2I7/bl4Y7GLbQMZQoLlG7zjC/OCfew/EmJbzowST3P/SauI0j8xZ
+8ZLW7B6/EhdaiUBSyv1zv6WG+zl8/RcCAwEAAaNrMGkwHwYDVR0jBBgwFoAUeQOH
+Uyk6Hr7o1BjlBDSDK50Rx9YwHQYDVR0OBBYEFB7n3xAM8NB1qQnavi3TtjaSwfmT
+MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZI
+hvcNAQELBQADggEBABZWiiHlZ/a+B0lgBpqprSf/4g2EZOQDPmGOnIm+UhdD3ahy
+z4eVaeNlr+ksEkxeFW+VHOTsoQWEJm01WMgr3m4DJe/VJnyZP3/yKlEZ+IVj5IKD
+hfxsatOwWgETAH7vVlpjLjoH5z1PJsXWKP+Jxa1P1J0DQFA77osQHcWb6m9FUTkq
+EMSv6FYZgTULTfF0EILCP/ldsQvu6YMXeJr0R7QEQ8w1Oe7jujOq2E+kH+LA7t7b
+AxlFz9YFxyxw9ZFTvhCw7qjRijgaHSiT/V6L4uc1p3G5d6tFt6Az+rhsC/3lyYuY
+QDF9LwIhI979SrewoXdbX7LPMQJXRAxBr3eGLn8=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E9 27 B9 05 48 33 63 E4 D4 5A C9 F7 BF E0 31 5F FC 3A 47 6F 
+    friendlyName: Valid Self-Issued pathLenConstraint Test17 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4F9E55521636738A
+
+rHxtRgfl+mxRQFp2Shnwex6F1zvPQrZys8bdezcYipvnhPFKp95cQmsC4C0FV1l8
+XAHoENSowrqw+14f1WPVIEAD8kj7uGzu1K398uFUT5YAPZXRMBHVUfdQ5NJLSz4x
+NH5amRGk9ZxfQfvCxs2QxRsWRUPq2BulHbvnaI9JB5ExvyCz+XI5tK3OXNmijt8D
+qp4/byO7UP2wjKwOa/mxmb2xyKJqopq0LrL4oCPqwSJw9NMlByb6xSESBmVwX7gK
+ggVoNGoFbWVKEWKRffGzqvIVhOsOX8kGnuoJxKxyiRtblram4xz5tTK6n3+ZqfnW
+iwVpcEt4s0qwVvjUnSN3Mx4qtdc6tio0nIReBYSQVwmmF3bNYIcsrm7vf13qxN65
+zWXhGr+QHdNLXWqxrluYIGTbITUVgecOwYdt1rS1o7GWJbkqCkxvp+WrUEBNgHPa
+NG1C/ke3RPBNhxQbiZw20rxSuf6+/Gb+hZ6P7I49pRlmjudWTbowcQiGrKwIz3XJ
+j+c3e1vBKtvMJ/7h80g/Li1Rr4sVkxB4/GP/JsvlR2VsaHP3H+taXxR/L0KRuE1G
+RfWXmYig9q9wZS3MKwD+70ARWvyYYewErh/qs1hbsyUhg4ZZlJZzr1vmnwd3LTcT
+VkSd0c25Q4KZSRjb4SOtTORXBuOq26Vqk7n6aQTeckht8qyA1tT/m+iH0zhmOhCE
+7NVH69VWrU+FzJu6qBTMsKwG2st6qXOwWMKTUclybS6qZBpt8Nj6lkQMDcX1o5Lu
+wigm+ZbKmywiSIQfB6Fvy1cGB9ZWTo0z2HGY0mhZdLpdlM/NZ+5HzhQW/ISKTVdh
+mr7mnWoFmUSjjeEoUv8UVrJvpwjupnnY4VPBtgQfIDjxLii+u0K2fKwqiBzQhx8m
+5rJyFvrFtnZn7i5xqoO3rzcLlPWeSY7LPd6LuK7ucpUH1Qg2tJl+GkM64EJSQgaA
+dvIaSG3Miy8uUwKp8hHSpYZQ7fTU4afki76pkzXALVfqV6IGBtwiNF7VcHc1xl1z
+eZ4L39UrNO6DJWiHW0b/cZeL72/UxvA279pW22hV8Js+9LiGBNnIUwf+dseKhVHc
+taIM4UKQryBDM51T7d4bv+zCj7tGh7EmHjL9QciKshKoHGSmS2vxtgTNEKDfn1Yh
+cXSc5D3/ulLjn/0KylSCUPPiphZ1UfzRH7WOWKJWrBoim+zej9KApBd5RHI7mv2D
+XrbWSiaz1gb9fmjgbZf98UDn38JfG00n++QXOCvqcuAK1DW4DXX4nejXxCm4TEto
+OsekMGfIyF1nHh2Wk05JHHeO0KZyEKqJtd16BbjtLdKGg1lkK+oNVnyAW0n/sfEk
+t/B6Ibk64jQlPmij6rc9DkehMsUatXyYr7FI4ZIZ6Y6aAQlVciTXpAcLB/Anmvom
+WGKJQKMDyifu4VqjcINlv/uaQbaUWZqsZTgE/yTWzNDwodL1VnQnVeUm9Z6CT19H
+b+FgAfE9fPTCObTzigMpEqpdZK9R/0zpI5XTYUua8IrloCIcVeD7s1Jb6f6WQBol
+UmifyirkYx/hnGLkwr12fwKeCRYkp2k3oEPwKTu8l6X8zT6i8QDnYw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6.pem
deleted file mode 100644
index 6a4851e249..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6.pem
+++ /dev/null
@@ -1,127 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Self-Issued requireExplicitPolicy EE Certificate Test6
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
------BEGIN CERTIFICATE-----
-MIIChTCCAe6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBw
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxRTBDBgNV
-BAMTPFZhbGlkIFNlbGYtSXNzdWVkIHJlcXVpcmVFeHBsaWNpdFBvbGljeSBFRSBD
-ZXJ0aWZpY2F0ZSBUZXN0NjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoQSf
-MbaUeJHJyhveLx+voUuSWxwNEG56mZ5evCeaSjObXqfeHXkjtfpbQd04wlsSw3CO
-OP2TR4ompdtrgHYGZeSsXW6VhkWz68SG78tn8laoXw3lTMhgrYqAdk+giv71qeBZ
-DYVr+mZTxBnmhrgRiiAQi8fhl9p+Bf89nbW03icCAwEAAaNSMFAwHwYDVR0jBBgw
-FoAUE+aMwSsPZ0tMeh0OtsAhWiSZUIQwHQYDVR0OBBYEFIGUYNMP2TtFxnkarnPH
-B1oeM5PXMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQUFAAOBgQAXMz/QAcFC
-0oNUODgnlOJdP3lcECIPpmtJbhAmc3UABEXUG9ak3/kkMNENOktNt62qe1/K1c+l
-uYkAMsmUn3oOGYV9Zu77IiiChOYDH6touQtxBGtVTG9Ki/gdaPWfqZdfBs0xkGRg
-7mzJCvRrEXDgQZW0kR3C2LJ9B4f2yt2GlA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-issuer=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
------BEGIN CERTIFICATE-----
-MIICjDCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBs
-aWNpdFBvbGljeTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBN
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNV
-BAMTGXJlcXVpcmVFeHBsaWNpdFBvbGljeTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBALnxr9bA0oGlaihhiPR0d8F/y9ai99F6w8+DtAfGlFtJ4WU3GPih
-ftUTRqZelcu+u6hZgekMwVhjUHyo6sFt5SfbCzJEmjWxI1anTrGAAcH6pG7zF2Z0
-iae8kVE7C8GOgwm+F1Y1RHkw8Wz/UbZ4QGIhzA++KPDi2du40LEGD4BZAgMBAAGj
-fDB6MB8GA1UdIwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMB0GA1UdDgQWBBQT
-5ozBKw9nS0x6HQ62wCFaJJlQhDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
-B6X+ALEMO8yG/lXfGuoX4XPyaZrb1A8oWFk2ZNCx9QIzI6CQ0vRfO47TF20iK5wr
-HN8y7yXpJGZcNTa5+697/kRziJ/zrNiL4b4BP6QRxYv+3Edq7FOb842JguqWw6nP
-SfsshPhMilo3C4X3PESiI67m18AlqgJcYcmemF1R6Ng=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICkjCCAfugAwIBAgIBLzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZcmVxdWlyZUV4
-cGxpY2l0UG9saWN5MiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnrdC
-9sroeA9MJlV1ukIu8XNT9cUF70XCDwxMm5vKZZc2+XVNwgxe4aGse4bPdZ9okZ7y
-2ZMuLyDLEBZaA7GsBzG6snQRgHkmMFS6v+pC3ep9ieqtpnrP3b1f743Y1jFp9zvX
-ZDoddeI/xvYF/73KgiYdTFPLa9ARaKiwpQPMXyECAwEAAaOBjjCBizAfBgNVHSME
-GDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUccI8Tjs1Yvclh5+9
-owEeOOAldMgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
-ATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOAAQIwDQYJKoZIhvcNAQEF
-BQADgYEADGhYvyIjl02LK5PZdbH9TrAFF66SGgdk+7nl93vr3XB9UnpvJqUfyG55
-ljoX+kKaRd7Z2O+GLTMmH+tqjMQ6bW+7RawMpFVzfhE3EdAr9/K31K6Q6lft8NuP
-wgqhDrrVqYMPa3YM7n+ebATJ0DJ26evfQu5HfIL7Cs/w+CpXi2E=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=requireExplicitPolicy2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:71:C2:3C:4E:3B:35:62:F7:25:87:9F:BD:A3:01:1E:38:E0:25:74:C8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        95:0a:96:af:24:83:ca:92:a2:7b:e7:d9:50:bb:49:ec:22:19:
-        7b:a3:b9:3d:5f:b4:8c:5b:76:25:27:88:6a:26:24:c1:e1:cd:
-        3e:b6:ef:b4:0f:ef:85:7c:0e:95:9b:13:fa:dd:c0:bf:7c:fe:
-        e1:d9:fc:2a:7a:2f:fd:48:0d:11:58:69:6d:5a:e8:37:26:30:
-        67:83:83:90:4c:b1:9e:6b:1b:04:d0:8d:60:42:88:13:25:91:
-        ae:42:24:ea:61:ba:5d:34:6a:7c:22:6b:be:cf:2c:e0:67:36:
-        db:28:0e:5c:be:bd:7a:75:3d:ac:cf:3c:9a:44:8e:ca:30:7a:
-        e9:97
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXJlcXVpcmVFeHBsaWNpdFBv
-bGljeTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFHHCPE47NWL3JYefvaMBHjjgJXTIMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAJUKlq8kg8qSonvn2VC7SewiGXujuT1ftIxbdiUniGomJMHhzT62
-77QP74V8DpWbE/rdwL98/uHZ/Cp6L/1IDRFYaW1a6DcmMGeDg5BMsZ5rGwTQjWBC
-iBMlka5CJOphul00anwia77PLOBnNtsoDly+vXp1PazPPJpEjsoweumX
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6EE.pem
new file mode 100644
index 0000000000..f7b088202e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSelfIssuedrequireExplicitPolicyTest6EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E8 14 25 DF F7 E9 44 A4 76 C8 32 2F 31 E0 FF 93 D7 82 55 4E 
+    friendlyName: Valid Self-Issued requireExplicitPolicy Test6 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Self-Issued requireExplicitPolicy EE Certificate Test6
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 CA
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MiBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMHUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMUUwQwYDVQQDEzxWYWxpZCBTZWxmLUlzc3VlZCByZXF1aXJlRXhwbGljaXRQ
+b2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVzdDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDbNiXBm0YtSk/Ghd0P94U5XcIcxuUottE08ezytyJXoHrNGEdQ
+qr8VdETgymFh8mzVUeMJkcid8m4WNoWCRgLJ+79DRInPxLrJr0iN/A+KFE4JmtKr
+cshTYXlFRZ2gNdgDtkQ/zS5ZbkssumE/R4Y8RQRUeSTu2VdnRMaAb/Hey6UWvv8j
+cm79m4y7ZJ1m7Q5nykQkzrerHkdSM+9a2d7gQzWxMqPYZr54VEoKHfsWCBpH6vPt
+DfahIBmc0wkScZm3Vty6ILpYqx1dCbRSC1jz0gU7wgCq0PLVwWksfs7uO4XSSIji
+U8tD6x7fkn/KiecfEJ9a8T08CvnBB8ZPPY/XAgMBAAGjazBpMB8GA1UdIwQYMBaA
+FO+r2tjhgDGnQxbuxHYNr+xt8mChMB0GA1UdDgQWBBS9gn/7u3AKjxkoylIClC3A
+ACjrnDAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0G
+CSqGSIb3DQEBCwUAA4IBAQCgEHowL+jSGlcYfdQLxsHaH/Q5gbvXHZXE7VlyZfCZ
+bMB9SL6X1zZYr99nM440HkNQ8kvENLrjG9YzbDCj2ykFpfAmyHGXOa0U+LEXvXnK
+NCPXbm056EYJwHy8rE+LpFaSYD5Qcc7puf0ToqCfeAZbVaVnl18urIP5tTeTqbdg
+w84ha1R7A7vtDaJG0B+ZzhafN0ru0BBWU0POm5boPr5+s/Hm0ywIHhpAELDoQM/h
+gLyUbObTDv9w9m1d4GIREfaUMKt6vANCpxTMUSJI48JC+JyN1EqbyPncXRKWhl+l
+76t2DNnwcWV6R+firtZXTFvdWOPgCJO9JkC9uHBlXxM8
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E8 14 25 DF F7 E9 44 A4 76 C8 32 2F 31 E0 FF 93 D7 82 55 4E 
+    friendlyName: Valid Self-Issued requireExplicitPolicy Test6 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,91C67D9C3260E50E
+
+4TaEdXpD/8t5Fppfj+ePTCD/BH+Gle6MObc8lIkh1J8lQK+DGhu4KLfFjDJEA8by
+QrsEk0IYk5wMMHwsBRx1yYY2KYekHNBEDD4SwAtcgx4GtoFWoCUdbQzrTBMNW0C/
+f1q4vV2znxSOYwYDKXNH1DWR6aRaSxW4kHUNejjq2jqs1j8Z1NFrhTrZ6HlKiKcL
+SiSvFC5OL8YqzQlVGL1ZfB/yUU8Y9LSJa0tpAfhnf+GjvXE++QeXO+l6s/xhHpZq
+bgbScTQqwgrAhuTxO2Te/AGTMqCK10LRj0XjqzBRr6rPWz2hXOJTuytXuPOVS+1M
+NwKMoPaElvgOIWZ/xPGyY1hI0lK/+hhK3hmSoPoEQLNxLLo1Re6mTrTfNX+ZQAdc
+RHFX4p67WrI35CUDBUfhOkmuBbGHlKzf9iEQ+Cxk0UDDHhMOtrwxwhT4c96kRSCy
+c8KLigv8w30dPTtdDWZxeRUuJpVly7iaGp5kc0O78HsSCnnduUIzHicXZcZXqHOC
+hydl3pOFjIDfpd8Unn5ATne1asUYDMFo/EdwcbEfssmxMgFfk1x9HrPX1GqmyDx1
+yAWeKzZcLv241yGIoV52Ox7YpGX+HR5gNX/Eyi38dMBNFHWSdHWrKBjluIw2KBUH
+kFW0NKjFJ3ukOel29T6U/6j3a5jNd2Lh3Inpn60PLPzvMn8e2feBKTKNBxSfaOAk
+av5hH0wUpBeuu+l8bpVTGE9/5ypt7Gqa4ncOiIyKeLO4fwFTYSmpyaydWxq7T2Ei
+qmGdIdzp8Mx0Yb8ahmbsImrjOK7JRS+lCvQHGif4Wrl30apkWCsoZMfmQx+qCbua
+Y5sJF+qrJsX27oRj/ud6M13xYl+um8RRTc1JfKO4Ja5bDJ1aCyG9i/aWaoCNydn1
+Nx4lylUCdKRoJLoGOC4WO0xNDMUuecoSEBOUQMYpJvlwgq22sj6dnAb11+y72LAh
+Sg44oavW5AzUhbPDmPdGdaCX5GxtpqNJQ4l4AaJEUfRlRvRDPOmV15FpjtM8VM+W
+Q82b64SV0EF9nOw8n6tfLqcEH2MGHtjbVoHRtqGToSAY135MbqVl+DknwW91en71
+MdBFtQo9Zxpekl89OTHQ0UerE1hkd1NgGgB9G7wp/I8CW6Na/S6/s3t2bc9tDUtk
+lAGVgQjgrq24EUq7Gp4XqmrDdhWstJaO803f/10b9TXHfVFF55nRufwFUZygv5z1
+csm6L9XEEkMDroeJRVghyzLmiVcb4/LCr2n5MkBDLwbbW52ZDsJoYxBID8mgGK8U
+McfcegF+AvJBlSEGYJ2EXOTfEs8r+DIc1IcOYRk9pISm+QFGJtHAHNLeA7HCo56X
+gvoVMAvYvpFwJ84EGgpl8Xa8PgY3xhXPf9YSc29DyR67v1y8x/EYvH2U25u9hUWf
+9aDGWPcKfW2TCRLK3OG3YEISBDLSH6p5FVWBAhUogDyiq7StzjIQn0J7qdHVnFyq
+hec7EOKh8Hvtm77TG4dzfWqAaxhHDbxNu+bFh9JTcweJftu/kvWVhsajYLwGqJud
+bptwGHUYoVtIY+Af2PCRyIxYIvRRxZCpgGBjUUEIRNlwwLh7SjQGhQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19.pem
deleted file mode 100644
index 1af71df043..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19.pem
+++ /dev/null
@@ -1,134 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICejCCAeOgAwIBAgIBZjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg
-Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAzpVbQYnufknoy1tKbCSY840pKcfP2S+jFm6OFC9hzkLFn9uiYzCV
-rCjczQI8lFfM/4p9rUApMIgp4IUAxCOEcgJuKPKmiuoTwPD9XxbmZ/uv+iaLXqF+
-QVcbDGouj0z6RMNz3KGtf0pbgg+/+/wIK4c0XOIM9wTSK0aJVqweAnECAwEAAaNr
-MGkwHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIr9
-Qil7WXhSSvdIHHG3xHGKplfbMA4GA1UdDwEB/wQEAwIBAjAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAo0h6slmGQJsCsth+yeyOMK3j
-2CqJ9gEajx3fWs7x2JJ8LM4zfbFFYctGPKpXdGRBTO8Dj9lQJCr7i1IMMHTitTa/
-xpjn8E0SQgzvkB/0BnSt7DiwV0LXCdtBlLxOS2Fw9NdvbE7jsuBK2W4KDOPElhHJ
-TKQ0T3TjKv8gwxTq8mw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBZTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlU2VwYXJhdGUg
-Q2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAtI4Yuumg8WznOojgeWHVZxG23imfdB9ntiQccDxAnvywEfQv6Vlq
-HNVQ5vsVQfvfUZCad2Nbf42DHRtpmVhlxIhKBjoNu/m6xdvz/A6/kvDvrEg+7M7N
-A2ZRVI0T3Z/mMaPuLHuCzKwU20TF6NonxgZXIbATrppAqRUfSY+UQCsCAwEAAaN8
-MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJtc
-UbwiJzEiQJQJJf/Pg3mto4EZMA4GA1UdDwEB/wQEAwICBDAXBgNVHSAEEDAOMAwG
-CmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBs
-BZsxRaZk1qx3balE6qmVZd7jG6C9Gg/n+I5QfXR75ZIus+0Y6GAviBzywvJ8CDZ3
-kIOOrYolpnycedLS17Jnv4D/IDP6OwvmT6/0XvforKDQlmAk6ioJBRAwHRDYHBZg
-lj8FXyMNUS313Un0l2FXJBhfJNBqb1ZqYwWcmJ2t+w==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Separate Certificate and CRL Keys EE Certificate Test19
-issuer=/C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
------BEGIN CERTIFICATE-----
-MIICqzCCAhSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENl
-cnRpZmljYXRlIGFuZCBDUkwgS2V5cyBDQTEwHhcNMDEwNDE5MTQ1NzIwWhcNMTEw
-NDE5MTQ1NzIwWjBxMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZp
-Y2F0ZXMxRjBEBgNVBAMTPVZhbGlkIFNlcGFyYXRlIENlcnRpZmljYXRlIGFuZCBD
-UkwgS2V5cyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTkwgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBAKj1Dg4L1T9e6MNcWCCvYvg+vk54WuF5s2Dxaa0lfcclqzahyLfN
-KqLCp0jCJyvA23IGF2C7I+P4dvjwW9kq0XD7H0Vt7LIjyQIpVyHObshN6gciyIXz
-iZjgaBqf8O+P6XhjAqsNyYSipygh3bX0Gqs/Kjb8qHbw8kdUG3Oq6xTFAgMBAAGj
-azBpMB8GA1UdIwQYMBaAFJtcUbwiJzEiQJQJJf/Pg3mto4EZMB0GA1UdDgQWBBSu
-h3HiE1+nBL/O/8Ce2FdoNLsWhzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAM
-BgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBAFL8c81C5Av+LkiNwZqrbjHV
-HFmRSvBpcRFa0WoFd8bNntXow2oh3ygbWRWt3FucJqTq6t4tys+3aNQClu/fcUSS
-IljPUyYAlgSxOTER4P9OYePEC/QtzjAGRH/5Kms56LVZa7lrOl2UpO8dkluoOADI
-hXabE5IQYEEjA26WpmmH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Separate Certificate and CRL Keys CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8A:FD:42:29:7B:59:78:52:4A:F7:48:1C:71:B7:C4:71:8A:A6:57:DB
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:7f:8e:79:fc:1e:57:0e:34:9e:bc:05:3c:28:df:90:bb:1f:
-        c7:f4:6a:a1:95:51:f1:d2:b4:1f:3a:64:41:35:b6:42:62:b7:
-        e7:14:1c:bf:0b:ed:6b:ca:f6:4c:c9:a7:48:ab:42:9e:04:9e:
-        0a:b5:f1:86:99:0f:b1:7e:6e:dd:d6:a6:b3:b1:3f:fc:79:6a:
-        bf:f0:39:3f:03:ac:69:15:b5:2f:5a:17:12:64:8b:e9:46:9f:
-        82:09:f2:09:91:90:b4:fd:56:a1:ab:04:79:a0:17:33:26:c6:
-        49:6a:96:d9:42:8b:44:a5:ed:ad:69:82:63:78:8e:e7:96:1d:
-        17:2d
------BEGIN X509 CRL-----
-MIIBdjCB4AIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxLjAsBgNVBAMTJVNlcGFyYXRlIENlcnRpZmlj
-YXRlIGFuZCBDUkwgS2V5cyBDQTEXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowIjAgAgECFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgLzAtMB8GA1Ud
-IwQYMBaAFIr9Qil7WXhSSvdIHHG3xHGKplfbMAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAAV/jnn8HlcONJ68BTwo35C7H8f0aqGVUfHStB86ZEE1tkJit+cU
-HL8L7WvK9kzJp0irQp4Engq18YaZD7F+bt3WprOxP/x5ar/wOT8DrGkVtS9aFxJk
-i+lGn4IJ8gmRkLT9VqGrBHmgFzMmxklqltlCi0Sl7a1pgmN4jueWHRct
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19EE.pem
new file mode 100644
index 0000000000..fa610b23e4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSeparateCertificateandCRLKeysTest19EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: DB CD 6B E8 FD 50 E3 22 68 C0 32 BE CA F5 E8 11 AF 45 79 10 
+    friendlyName: Valid Separate Certificate and CRL Keys Test19 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Separate Certificate and CRL Keys EE Certificate Test19
+issuer=/C=US/O=Test Certificates 2011/CN=Separate Certificate and CRL Keys CA1
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEuMCwGA1UEAxMlU2VwYXJh
+dGUgQ2VydGlmaWNhdGUgYW5kIENSTCBLZXlzIENBMTAeFw0xMDAxMDEwODMwMDBa
+Fw0zMDEyMzEwODMwMDBaMHYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENl
+cnRpZmljYXRlcyAyMDExMUYwRAYDVQQDEz1WYWxpZCBTZXBhcmF0ZSBDZXJ0aWZp
+Y2F0ZSBhbmQgQ1JMIEtleXMgRUUgQ2VydGlmaWNhdGUgVGVzdDE5MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6A/taBe34m/ksKOwmzFEXaF1fuBIoQM3
+AGF9NWtZ5qH16J4v/zCqL2LJz1lSeWeHcff8ScbPAgsqrdU9miaWhmdPBRATsnMc
+Y+rg45i4a4yt+phGqrG3DeGlbRW10evsqvYp+wnRKQQVh/qwa8LQqJ9ravqDdda4
+EQIuCN611MApwKbXQEPU50zGoqpTznRlmb18QV7amVwZnU3mJ0mZRjigZo9ptB4n
++msdHllGFVfaql8rqyoJ7cRONEwVdzysDWmn+Ql0dioZqMCBWK294jfeErYsU1qw
+QdXrnff0cek4mQlledqYACJtbzgapOmpy8LRlpMA4DpgcGhv2JtomQIDAQABo2sw
+aTAfBgNVHSMEGDAWgBTwZdo/Ghda3tW2SJk7FxQQ10wUpDAdBgNVHQ4EFgQU603H
+KTKwnexXe6+XcA3kjeBBjeMwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEACphhULftasvd9sThocYbTMs1
+BzSI0B1HQZLU0FGd2kYg7IEfrwYBc896RhLrSdbWl80bbeqomdED1KmG9eUl56ql
+6+qPKT4RB0eBEa06mBI8mYuLMGJ4N9mMV4w/P14cTnDVnXyIymUD1de+6kuQQ9n+
+KVtoMO8wyuu9OMETMd7QMH7KbOJZTBiBkhgJmZw8VaF5kYmVVmtryhTJnBszo1z5
+WcEbbSjX00Z4dQpzkIV5jlow5bmYuMrfb1NU8/uD8B27c3Ga/NGb4q2FrmFtsQiq
+Pb8XoXSJG2bL85SPhKP4j7GwPrTM4/xRmzbWOcookD+7SZzPmxzQBQ5wa+KQKg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DB CD 6B E8 FD 50 E3 22 68 C0 32 BE CA F5 E8 11 AF 45 79 10 
+    friendlyName: Valid Separate Certificate and CRL Keys Test19 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3959557A2AA91B03
+
+yyDCYFHN71ZDE/VtMk1lScldcqAXuESWPTDIV9jVCdmcgoKjLXh9RNx17NoAih1x
+RskbCvbUbceXQhc15g5owlAPI+O8nCsBKLOSYMZNLgHM+5hzKJOCP/as4uizSBwm
+JDVjrqZeKwKa2yzCipq3VYK4CyedDjwXytaM8k9YjFUnsroKmOyPevFlDPynm4Su
++gpnn2kHN/mmCwOslptpcCbZZHutGtqfN4I/wlsjY7vfDazsZ3VwY+QDQDqNHMoC
+myrH8ntUg1HzTAK3A/3io/xNpNDoX5OPqLJ+rofBJUMUU2iRxp97aYiU/yDEx5re
+aj+bdmmteLfWePCY8dDafo45KPCNcseiO+joYFKaqhOQMql6k1RJlTCosvF3OdSI
+5h+1ysCwgPvQ2V5NSyZwaxMjq+b7mbgE9zNsJ79eTwcfMEQA2ZbtSIr0ZOFkHMIT
+mwsdN3tz1g2YR3Nnc0Dt5n/sy7IQAVzEMZgGeRfkbuP6K/dAWnTZh/DddPSk+OOE
+03Z+8v2VtSGgnD6oP6z4Ue2+ED81jTBzK82s2qkyQjvIW8q2mMohDK8o0+IR80Ac
+WRUUL6ua5Z5NEPiY2bNfua9r8siD/x4tGvpMMHcsmPKdPvfpmpzgBxlmp5Ie1PKD
+m3ntBAVuRIs5FtxyrK/qygM9LmCspnFpttPE3VebP6QGQZmB6qIw9FyZjGDPzz8M
+dhtphJwU0/sz1DQqiK74qw8Vyfp8obLfC0Dhax1Lj9SokQCZM32Ms4C78jLB8b3n
+uT3I/bZE5UOuEowggYTAUqcj3QaL0OsNauxxYJsj0vVDpgRD+GgGG54iQDMgdKKo
+6Clav4m31pKV1D1XEOYP7pZBsJkEQPfgV8Yfj+LTR7SxrdgHoJBlly75dT+eQqQ9
+PHut2xfCjyES1dtWDS8SejXlDphuueVoyJxGXGiMeqH0QlAnSQST8cTGeGV42W15
+imlgnN88x+teNooZ8jMPnk5jHr6UO2i17UbIaIY/rIeQExSJ2KZ7MNmU/bZkrMyf
+a+Lh1Sw5GXNyRLp41hgdzI38tFaaLnQ9HvHWpJzNIUG0xuz49nJcBGJIzNR80HRh
+lBOypWLsA09M1xCqzPLT7YLv7wUGuxMl4XwQkw+buzJIZWBQwYYjUgka7PdfNtfV
+STsBaS1zx0BU0KmjacVvWoOYIgzYJJQ+WTnDcXk/dJ9VCaApxdRJKlUqBKsI8jjg
+5VvCkp1kOwYkT1gfz8dl+LwuJZJDHPLdYFM75oevECkOMJmD2gcviEdt7jXykIF5
+BNE2ZxyBJRY/mgulAEFJ9r3C8D4UArni3RRyNOwXp84Qqi4vbxta3TMAAAzoewQy
+L6Pa3JtblN+vr9zUz4DIsr4B1WXU0t7q//Vmxgu5+5Cuy0jVc5wYDMswPAHZWvbt
+Ae6txUoySmdxFfhyzpB9tatlYL8g1mzo6k86GhA+yfOJI8csRimFplk9abBoyZb/
+kh302I/4+qmrDdYJhD0+4Xyhy9BbUZA168UeW03FCx+O5PiBz+Fk4gBSJyJvjCi7
+QlHNwblChH+2rYSZp6GAV6JNwx+3RuS9kKz3EWF6eaCORRmpRTOK2yS/oCHDJ1kv
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSignaturesTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSignaturesTest1.pem
deleted file mode 100644
index de409f5895..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidSignaturesTest1.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICajCCAdOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlZhbGlkIEVFIENlcnRp
-ZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtpKu/a6Co
-7KcKOymboEA+MmgoryXHT1dxExmQ1lO7yah2L8j8RG6ox5Tr37TV8Y21ti3MopcF
-H+iXDSX31fixsYCZkcpjMI4kbjXmjGOeFKu1vnbBmcb5JBISiUeg22tIRFoJ4zTh
-i3GLVecGijyOVReA5LiPymEKG7fAB3241wIDAQABo2swaTAfBgNVHSMEGDAWgBS3
-LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUOsyUZQyFqTzB4K9RMyoUSI+e
-kVswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
-hkiG9w0BAQUFAAOBgQCkaGfCqYi0681n9Dit36lg3U/9gTZoNqPMaAaLUQV3Crzx
-x2MGInhTyKchYydbV8HD89N2jzzYq7J2KM/ZEAfjskCdsj1SiMNkbYZe3rZZOldr
-PCGFgzUGTNakQxkpxU5j7plivQic/OZ7+mMTi0fnjGRi9M+aa744VmH6FgCt1w==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7.pem
deleted file mode 100644
index c2940bb425..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7.pem
+++ /dev/null
@@ -1,146 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Two CRLs CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcTCCAdqgAwIBAgIBCzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMD8xCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEUMBIGA1UEAxMLVHdvIENSTHMg
-Q0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANF1dMq4ulaNZm1L3KlBM9wi
-a4eu7sCry3O20zzWCttHHqG1W9UYLqqivx3HTyKvc/acTndqBtaz9HcdrETCRreu
-UjKFAa19JAnjF88BluoZ7A7TjdhsGfsa8gcLUZCN6ZkJJok2wENNh0xdsVhVlmnV
-p9rqIgYFPbZd0tvUp44xAgMBAAGjfDB6MB8GA1UdIwQYMBaAFPts1C2Bnsonep4N
-sDzqmryH/0nqMB0GA1UdDgQWBBQwyOlKAd5DJkEjjFNTjLNHFheOyjAOBgNVHQ8B
-Af8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMB
-Af8wDQYJKoZIhvcNAQEFBQADgYEAW8JONjczN4V2xpuIs064NZkR/ZEqwuPDedoS
-bQMZtQfK7+587JhXzGM3Hv2INUge/GRWUS6Y0Ra74Z4EU0UjKIM0PfCkokiU9cMg
-APFxIwTaaIfmrFY5FOAr0tvJXX1fwvLB2EEzFoD3m3FT5dKH3fV0l07W+rAzXGXd
-Mhqyx5o=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid Two CRLs EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=Two CRLs CA
------BEGIN CERTIFICATE-----
-MIICdzCCAeCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFDASBgNVBAMTC1R3byBDUkxzIENB
-MB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowVzELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSwwKgYDVQQDEyNWYWxpZCBUd28g
-Q1JMcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAiWTa6oG+nNhsn3jFI0IU5eab51kPtxwKr8QO22md2ezjZi0Si3bkH+nL
-d969Tfp3AtKQbsaNJVgYIP+GLylF1YmawBW39kLy8yuACUb9k0OlG02sW8u9SsTJ
-ifK2hvRv/2dGMe6eOR0Rpknk/8CHUgPJHyU3wSewsookv22AcdsCAwEAAaNrMGkw
-HwYDVR0jBBgwFoAUMMjpSgHeQyZBI4xTU4yzRxYXjsowHQYDVR0OBBYEFBVyE7Sc
-ZE9qRg0qsIBnbUWvDEhPMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAb3ltD/JZHS9eilXbrUwx4XAfOxMl
-l62TnSCbUwvD3VvSBp6CSL9/GAcOIQvGvsbyaFCCtCfPwSDw+Ub4vONlBK5+8uGE
-ceErncuILRQcNTwK8U3olehAt6Smh7aEcGBpdeMkSSZhoBSMe0GaIzCeDKELtG5d
-3yyDUN+RlEGX0tE=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Two CRLs CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:30:C8:E9:4A:01:DE:43:26:41:23:8C:53:53:8C:B3:47:16:17:8E:CA
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        af:97:f6:38:91:3b:72:79:fe:fe:8c:3e:65:dc:61:a8:72:ef:
-        9f:73:2e:dc:16:db:92:3e:2a:dc:ba:32:f9:97:0c:6b:52:32:
-        0c:7c:8b:89:a2:82:f2:81:6f:30:10:dd:5f:e9:ec:26:c6:35:
-        c1:fa:94:79:ec:4c:9a:9a:82:ab:3f:be:9d:2a:3e:af:d8:e4:
-        8e:c3:c1:c5:08:81:25:c7:11:83:98:6e:42:89:5e:6f:d6:c7:
-        f8:d2:39:63:34:22:95:56:7f:f2:24:a1:62:18:b6:9e:ff:d4:
-        0e:30:e1:b7:2c:03:90:70:81:51:bf:74:13:3c:dc:a9:28:55:
-        98:d5
------BEGIN X509 CRL-----
-MIIBODCBogIBATANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFDASBgNVBAMTC1R3byBDUkxzIENBFw0wMTA0
-MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAWgBQwyOlKAd5D
-JkEjjFNTjLNHFheOyjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQCvl/Y4
-kTtyef7+jD5l3GGocu+fcy7cFtuSPircujL5lwxrUjIMfIuJooLygW8wEN1f6ewm
-xjXB+pR57EyamoKrP76dKj6v2OSOw8HFCIElxxGDmG5CiV5v1sf40jljNCKVVn/y
-JKFiGLae/9QOMOG3LAOQcIFRv3QTPNypKFWY1Q==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Bad CRL for Two CRLs CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:30:C8:E9:4A:01:DE:43:26:41:23:8C:53:53:8C:B3:47:16:17:8E:CA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        02:fb:a8:69:0a:aa:8c:4d:f2:07:f4:6a:6b:38:ae:da:15:1a:
-        b8:c0:8b:d2:23:96:1d:3a:fd:d4:82:0f:c5:de:56:ba:c2:59:
-        8f:9e:97:67:06:1a:d1:4b:d6:24:40:98:4b:b1:c2:85:3c:be:
-        e3:be:28:9a:3e:56:1f:98:4c:9d:68:36:a8:eb:e6:1c:d5:52:
-        de:30:49:e0:76:0b:bf:be:3e:9a:b2:18:f8:de:51:f0:f4:da:
-        59:48:c5:00:9f:47:21:32:29:d9:f0:1b:75:18:a6:6f:d1:3c:
-        56:b1:5a:e8:6f:06:ce:ce:5a:4e:97:c2:91:cf:6d:40:63:8f:
-        d5:71
------BEGIN X509 CRL-----
-MIIBaDCB0gIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF0JhZCBDUkwgZm9yIFR3byBD
-UkxzIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBARcNMDEw
-NDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAfBgNVHSMEGDAWgBQwyOlKAd5D
-JkEjjFNTjLNHFheOyjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOBgQAC+6hp
-CqqMTfIH9GprOK7aFRq4wIvSI5YdOv3Ugg/F3la6wlmPnpdnBhrRS9YkQJhLscKF
-PL7jviiaPlYfmEydaDao6+Yc1VLeMEngdgu/vj6ashj43lHw9NpZSMUAn0chMinZ
-8Bt1GKZv0TxWsVrobwbOzlpOl8KRz21AY4/VcQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7EE.pem
new file mode 100644
index 0000000000..78ea3689e4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidTwoCRLsTest7EE.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: EF A7 9B F6 FC B6 01 A8 09 0E E1 C9 45 3F B5 81 87 4D AD E2 
+    friendlyName: Valid Two CRLs Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Two CRLs EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=Two CRLs CA
+-----BEGIN CERTIFICATE-----
+MIIDhjCCAm6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEUMBIGA1UEAxMLVHdvIENS
+THMgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBcMQswCQYDVQQG
+EwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEsMCoGA1UEAxMj
+VmFsaWQgVHdvIENSTHMgRUUgQ2VydGlmaWNhdGUgVGVzdDcwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC5JuoqCjmcfSVCDJ8pt6rU7wGuVd2jgjVKPpZR
+P7KiYOnVr1ZicDHgZKNP9eXgEG2Dlf0ajdV1AI+elrtWRMwMwVJ40UoWrgMSJUQ6
+15hdMLfJn/3Faxn8pRsxA2JaVL3l5HVJhhvIfS9sIDFKrGuVZdHkiAoCyVfyzpTz
+3k1YzPzCkhvObpROsrsiWvMiiUCPwgdO7KYNHooSJIPffcndBuJ9m6eAsO0WOHV8
+Sim9InCMhos0/P2hQODI93sMhQ0j1I9lpzyX0niZwLMITNHGpsyhpziXUw7Z9ivj
+tccFv2AdqdU9IP1u/VRenLXWcOYf2cF+ptqPPNZdbEp9AzwJAgMBAAGjazBpMB8G
+A1UdIwQYMBaAFBChAdaZnYDjbf3n7ndLX/FJ2TxTMB0GA1UdDgQWBBRNPB25WV8Y
+wN3ySuDwAKYpN5htvzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQCZZ/gPznl6z2bhDPfAXbW3c8gv0H/B
+xe1FmlkVfbdnBecT5Sapg1d+MBZG7vvChdROJPf/5wpLlBb4VWiTEFD88LGppkXM
++ba1w6oWyNdW3GjLAb1mso5JJi/rdSmJHXYOURmFACXhsMfp4HQo4xkorqetqV4E
+Ei4suAY62RiEjFRFPx85JmfGWRkN28hYcgY9BH8MNXkTolNDVhs3YWiD1L3WgNfx
+mQcIleaVRmBpxGcpNsggwO3igVmwLUMAFauMZZMrygJxixpvlRS04jJWCO++XQTN
+zy0jT7le65xMrIY4JXS+yV2wdoQlfFmrxTY1cvOaZp/C8owx1paNfpKa
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EF A7 9B F6 FC B6 01 A8 09 0E E1 C9 45 3F B5 81 87 4D AD E2 
+    friendlyName: Valid Two CRLs Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,859B11CA69F6FEC0
+
+sQDMkeFGX2SxHHzSZ+Gztmmzn9hP+4zMq805hqIDnMtAiqU3r6ZBHZBH8wp8YXdc
+iIs9+Zdx06ympfTpoPfXHy6zsgizfKXMp/GBwYa7FC6xEBCy/Q89sfW7XDAdFcCJ
+WhhNP3DOdVbWZ2tN/9IfDD8Q1XRmO4l5j/ZflcoC5TY+dnnezYnQoVvahMBAUZre
+vUZ6afp/fOOAQhkhEFRZXrLMRv8Gjc/Vkh4eG7ecBHM1UKUrTXqxGewrXQ8qH3uX
+gs+LKU1Z4e0BfH58mHxBFF4JzPCFkj5ILV8iNMpFU/ukrt3+KuhgULPF1gxft27R
+oll5gQKf8AvTttwuPMqgByKZxDZCAWSb1xKo50XA1BH+ktauk2n8cUp7cKy1Cxt1
+oWqp0TCganu7238KWuo9YSm1Jc5CDbc0m0JTxGUI1GepHQzdQYjgEq/oSn86LgOE
+fg9hMTnFyT7fTk1SqtUvcRumjMxvZftrmp12tUET4wMMH1NT7hdpZlpWnEyScrsR
+LOfuN73X309TIk17gKkCPYg2yJoB5yfRAkYVftcKJEb2a8rzmLabldO82bHhMzUc
+HPriigU/IaBfwl0H+SxHkr0ynAjqsfH73A/W1573BVkTm3EEi6pkKiL58n9vr/GL
+Jx8RvFZdUGhKHGC70jgQ5xmL3R4VZgjgKC48eacdNdRLzuappJSphGhf5nDdgzOV
+v5hChh49uAGzn+9zJdF0EeA3gWXrhwTbW8q43YjQeKXvZWq4+F0swAcu3BQtEmtg
+CWsl03GTkEIMFOcby+V6oLETMhNZovQR8Ri79pZdDJb7isLiphBmnZyzdEMtTsP4
+upJnBBJ6BTkGrpmXjXkAc3W0LlAyOGs3AvZmKwLzRlJ3lh6nW27CsZj2Km8282bq
+xVZsVo93gCXsONQcFhEnkxPxH663tYoMg1w14ZAGGvU/WCdih+toCACKRw0IjBY2
+4heKVA7DXTFU1iB1Z+q6fBpnfcJ2BwNNky4GafAT1sEP6w8wBPdRpZlrLy33DpmU
+2t/PsHalLTCIFqAj7LOGmqWW9CIaCghLXhMaCAYAOfyU5b+xdlmZ2wmNFWQigzG0
+6GkBw7ZmxEQ0+B+8NP0ZcUVm6nx4+ZUA4BMMpmTrXThyxO8bOqa92FgjNpxvMq/x
++VdLt9tsMxoeiWHmSvyZycxsP4cwwuA5c/V6Jo1ASHYlq4jDs+SVgujLHNCxbsXc
+hmCb6Sh1vEoXXaqluBgBV4BQO7hF+pqXs2L2d6MXl4ZrJrbiLH3No2MniDwYtGJv
+GL4e7sLXkry5B536EU2zorNM7EzbRNWbGE23WbuKah7Z7yPYue2eERs/mtKJJumI
+Z0CwpkAPRUAIjkNgRuUqAJOCB2z5XWtGCwn1M0pq67As1iIySNZGr02ccmaRZJJN
+xMBWm0WWGV+HewjPOA/yAYrGQWbLj7rsjVk7zJgYnhlwwEZtLgO9TwkwOQIBM9eM
+lP+GMyaGIM3hh1jL2JFwG6NyFv0e2sLWnK/I006/vPMejk+C9XgL+8c5zicppUSC
+FqVHPGbdK/Uaoflih5bsDlpes5BXYilbniZmz8Hyk4F8/zrbW7cvtA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34.pem
deleted file mode 100644
index b7c8ae1749..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints URI1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqDCCAhGgAwIBAgIBSDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIFVSSTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKxL9gyE
-2WbKCoEEU+RviucDsSOeDHQfoVxci7AD0RhpGDZkMaDQhM+DUHywwIo9zUpLVeGi
-xQNu1+1bQ4SzVBT6k7vcf8ZxPOUI+8WQzMNO5H2/PGz3XGpfIw/RJrRH79ICwZlC
-6QzvSbLJhOtJTQS9kFTECA4AeBzHEN3f0igTAgMBAAGjgaYwgaMwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFKwdFrpLHgtf4rxhruHZ
-ZFp5vkXWMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zAnBgNVHR4BAf8EHTAboBkwF4YVLnRlc3RjZXJ0aWZp
-Y2F0ZXMuZ292MA0GCSqGSIb3DQEBBQUAA4GBAHbVqbpvjgN0GV8abRGms01xVNHT
-PtqMarG3/zQImm9xDzqUqv81kX/8DOy9I/lo3Mvp83M9B74mEEiTTnxkYEpaSouE
-fE3/VAW8dTJb35NeZcOCNWDQv3eA7bufOVO+4KjEHERlxBfEYlPEkJGSLD98SF62
-OYmmR3Cda8cKBk6p
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid URI nameConstraints EE Certificate Test34
-issuer=/C=US/O=Test Certificates/CN=nameConstraints URI1 CA
------BEGIN CERTIFICATE-----
-MIICzzCCAjigAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBVUkkxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgwNgYDVQQD
-Ey9WYWxpZCBVUkkgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Qz
-NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6FGlp6Xjgc5M7qIkjpaJW/ie
-OIVcl5Qn+CIdaNq7obRCyoLrqT/lyrQKTifbp29aWeS20Q9OnvNHYe0AoQulxnhx
-tId1+3BJ657gMf8FIwZ6y7C1vKus4TE6lYhBXJZtTF5lE1znoTDmaO9u+Ix2/RY4
-lH5oTdCUCHiEdcoOBvsCAwEAAaOBqjCBpzAfBgNVHSMEGDAWgBSsHRa6Sx4LX+K8
-Ya7h2WRaeb5F1jAdBgNVHQ4EFgQUnBltKBL7MT2/JrE+lLcnIG0SKgEwDgYDVR0P
-AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATA8BgNVHREENTAzhjFo
-dHRwOi8vdGVzdHNlcnZlci50ZXN0Y2VydGlmaWNhdGVzLmdvdi9pbmRleC5odG1s
-MA0GCSqGSIb3DQEBBQUAA4GBABEni3LRvD7bB0FXjsIor6I+OaDVBV6uWcVuwtmS
-gtVMwBhrnKGi/nw+7E+wJs0Sa7INnkylGFlUzOLEFV1Sa6RYjmo61i4AE32uqzlc
-lNvE/bXQh6ah0Hj/sw2u9bXRn6zgPcf+9yQRsJ+wNYuB3rP2dsxckGRMylL5bDZq
-CfQz
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints URI1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:AC:1D:16:BA:4B:1E:0B:5F:E2:BC:61:AE:E1:D9:64:5A:79:BE:45:D6
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        48:8d:62:fe:d7:4c:f3:06:9a:78:4d:e0:96:d6:4b:12:b3:93:
-        23:96:6d:00:b6:6b:7f:35:25:e3:94:20:1b:fe:c8:cb:3d:5c:
-        7b:e8:f3:cf:c3:db:96:d3:62:4e:b7:5b:93:05:11:c3:7f:41:
-        94:e8:75:d2:8a:67:bf:f3:b0:81:25:22:99:a3:4c:02:9f:1c:
-        87:1d:b1:20:a6:0f:b7:c8:f2:2b:e5:b2:4d:b4:e1:bc:c3:85:
-        b7:54:29:13:e8:7e:53:ed:d2:cc:a7:95:3f:71:32:5d:3a:09:
-        a1:fe:af:ba:45:14:41:1a:67:fb:8f:46:03:6a:fb:78:26:71:
-        02:1b
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBV
-UkkxIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBSsHRa6Sx4LX+K8Ya7h2WRaeb5F1jAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBIjWL+10zzBpp4TeCW1ksSs5Mjlm0Atmt/NSXjlCAb/sjLPVx76PPP
-w9uW02JOt1uTBRHDf0GU6HXSime/87CBJSKZo0wCnxyHHbEgpg+3yPIr5bJNtOG8
-w4W3VCkT6H5T7dLMp5U/cTJdOgmh/q+6RRRBGmf7j0YDavt4JnECGw==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34EE.pem
new file mode 100644
index 0000000000..83475b7d41
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest34EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 64 28 A1 C6 BB 67 6E 3E AE 4E 08 E2 AA 3E 62 53 85 52 03 F7 
+    friendlyName: Valid URI nameConstraints Test34 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid URI nameConstraints EE Certificate Test34
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints URI1 CA
+-----BEGIN CERTIFICATE-----
+MIID3jCCAsagAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIFVSSTEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBoMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE4MDYGA1UEAxMvVmFsaWQgVVJJIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZp
+Y2F0ZSBUZXN0MzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO5F/3
+wWBzxesA5Y/T/BL4plearIiSXCj2/J6WAYteqn0mrUwJ1r2apfS0ZjNREqqiKj1c
+nPIi2mIfqanPTTIYJTfvnR4fAYYpgU+b8jGCmF1qU/G7gRuvhfAV67/NqzkvmiRl
+Nq2qWN0xS+r24fotIAtBhh/kkzmRlgK9rJceRDX0gatRtUkZwNCDA8f132Ghsznb
+REzEzxlWWp1sTi6g9PgL/rvGH2h1RrhUby291O0fUQ0uplSXPgodYZxkS52o66pZ
+3pBTdqvCc7evLZfRaxz1uuFl2IYrYXUos0iOMoTqPzo5jX29Z6A4N78G6tB0Uksq
+nzGTPg6iPwrHxVNvAgMBAAGjgaowgacwHwYDVR0jBBgwFoAU+iitQRbeKmgXyA8c
+Iz8mA94CFAIwHQYDVR0OBBYEFNZ67DHSA5qsuP96390yL1+UdqlGMA4GA1UdDwEB
+/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwPAYDVR0RBDUwM4YxaHR0
+cDovL3Rlc3RzZXJ2ZXIudGVzdGNlcnRpZmljYXRlcy5nb3YvaW5kZXguaHRtbDAN
+BgkqhkiG9w0BAQsFAAOCAQEAUAfALBN64JUbbsGzkZBy5SAIDD8HJCpcxlMgJ6UU
+4RkR59QygGzwquDniZQvhDJ+ZqzgkBFY/k/UFXdpPJD6baREO1H+wTz/TPhtxMv0
+5n5Ycbno9qhlIr4JFj5gTU0DcDcYke7AztSOxyT3D7/Y0cpUOipTay0BmZA9ndB9
+yGnIIALUzQ5pDttKZso5TX4Tf8c3Y8V5VqhiN/dOQnXnsanyBSsRhn6jaPTowi9s
+SjNXIw3GgiWod26Ld9eRLMljkNgA1h2nIwkqIfStvJMzWVEd/tPUj5+lF3L2EqL8
+8E9ziMi7XGb1hpCr9oBN+9TaDQF58lRFiwZO4c92bCqmJg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 64 28 A1 C6 BB 67 6E 3E AE 4E 08 E2 AA 3E 62 53 85 52 03 F7 
+    friendlyName: Valid URI nameConstraints Test34 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,50160F6A2AB4C12B
+
+kohSQm0k1WKhPHAE0UjYK6HN/4aIK2XHNrgcB/0imbi2nIsENeR2BAu3c3VTXTm8
+rNPxawXFu6SrqM4Q0QUvY5Iwntas8y8jPvXibLKWIR8PdtQBn0LV/xUTG3DWOUW/
+YoTHB8TrDYYLqNmIlzazOjlCU3GGanFuywep0UDSRSqPja7mFrLxmQfNySan1ucl
+5oKHvZISFQoiq35ujPdtSR9oXAkrApsI3g3EzLCXhf1o3OEToUleXdLsnIP3oO+j
+Sa2VrkhWhTrrJaud5RJYIBfrtZURg26OQhJuTjOI3FfThliHkfBqx8zP4PlDDmyK
+S+hE7IqDD2ANWqazKaAReG910vX2FdlFo82YsFF8ultSbt+WNwZHY1/76YNCSL/5
+OwVbbOdG+iaD+k9uWbln4HalwB3eS9HlSVgUQLieXluVbRUtsjevJQSWT4mvYI2z
+ut4SLttuxPL0+QvKoSfZ1I7cfCQgLo1Wxw3gHu7hhyIdSqey4HPr6YYTyvjngLmp
+j2AxQLCyfMRJFod7louYs20qnvOAxL+0UAgRSMtkRSj9s/sXw+At5Dy3W0LDjx/P
+qq08eXYImXTbG7D1SvWln0xwJlM7bItEIgdRbnXmnAThxLshAi9bKVC2OTLRj7HM
+b4rx8EvgQViQ6HQEZQAPLKHDEfLUhgk0US7Tg78AfPuY/IMY9MquXmvBMi3+ngkR
+RUeuUes0puPy4q3xSrc/Uf6nLpPYdfqN7hFOXWH8yfVs2vsM0/iVHqCM/XWm0zMc
+4Vf5qhZFaoR1XLSH5/D1jr4lDhB4r1Mh2N0y5Sps8SbH2hiSAKPrI9jTlrmH2nUt
+zlzu9kUp5KORPjV5/cf59rU4KeJb1S6deG1uBAB7vwtJhQdzr1HNURM2L66XybAZ
++orb4HCPxKPsHCUFMbOWPyhc/mOSHJAcjylAFosu/C0xqNl/gmoKzbbp7VxV9hZf
+SIJUgNu6NZLhrjFBcekEfiZDIyDLFYpJ1vTcAebJn5b+/9n9xkRjF0IbPfbDUX3t
+gvcrKcr2puANr8ZrgqjFGJJ0B7AEMZa1x3NCiMXioQXMVupvTtL4b8zmsWqD3ZYZ
+yeFYnRHlXC2M9cZNm9yTqIDtEOc6zB+dqYK0VThKP7YfDoACuFsei6EBGsY3A3n3
+V0csq9RMm8Svo3qrhR3ygDiWWyxWIwxrmoRIZgv/bUhScwfsccf1oahlvueRxfDA
+8ytIQw3SwXhLflmmqdd3AA1Ks0QZAU32JiUhKfpzzHxjad+xVLElrBMjWMoUvy/U
+rEjvQCasrTCOvf9cxt1pla1X23USVcr4q4mq+amFYXdpn67mDemqeI4bnJmOcSC9
+yic2OuWgBhU0zRytkn2oBAyg0r4RTx2Pr64BjPuuHCQ500EMFOiuTfJJiPvgb0F3
+IgLmJoHr3lwD4/bF1UPLldHkmLdVPYBgYU+Fc721zIUJJQvEi4AedOPcRzyJ+tlD
+v7FhWudV+Lt+sQl5kZ6oz7u8BzOVfcTApJUu+7dSfiTujbSnmip3gB07mvUE6kQa
+sntlWQbLfnOM+uxH+cpT7f1vmpXkv/CcJCIfd+fX+yoYk5B/0q8KKA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36.pem
deleted file mode 100644
index c13af8a307..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36.pem
+++ /dev/null
@@ -1,111 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=nameConstraints URI2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICqjCCAhOgAwIBAgIBSTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXbmFtZUNvbnN0
-cmFpbnRzIFVSSTIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANCu/tVS
-XB6TUXM4bU2lQ7EKvQrGMy49TSnHlIwEVZ9UNvbSA/ChnCxPIKWiVWlqdqr0evlL
-xdLPxQe6xHuVjkvgFleY6RjA9LqD7YFFvf8AnDD6BV0kIr3itChNI2abON8Dh6IG
-+o48bCPAt9bqxCepQbrSn4mYSlcKjyn66Ev7AgMBAAGjgagwgaUwHwYDVR0jBBgw
-FoAU+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFIakVWPxjKAjp6e8y2yq
-bdBaxg9aMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
-DwYDVR0TAQH/BAUwAwEB/zApBgNVHR4BAf8EHzAdoRswGYYXaW52YWxpZGNlcnRp
-ZmljYXRlcy5nb3YwDQYJKoZIhvcNAQEFBQADgYEAXeaQUlCHmmhg1rKHYxVfKaCq
-S574GPbDh1QtQoNmVqFF+yGHse9s4hcYcv7VZB74kYKCFUShbBWl1VcmgPbJLDnc
-MDjP1B35WdH4IGAxCBLHOiuv/1AWL9EfHUdhX2ZoFpJqNty9lFkahCZ6MARJwtS2
-fBh60OItInetzMDECnE=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid URI nameConstraints EE Certificate Test36
-issuer=/C=US/O=Test Certificates/CN=nameConstraints URI2 CA
------BEGIN CERTIFICATE-----
-MIIC0jCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJh
-aW50cyBVUkkyIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowYzEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTgwNgYDVQQD
-Ey9WYWxpZCBVUkkgbmFtZUNvbnN0cmFpbnRzIEVFIENlcnRpZmljYXRlIFRlc3Qz
-NjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvE7GKi9cq2LoR4nDK2rqmEIH
-MsJ3m6EeWMUWwoRidb2gH7E45Oumq5skRGihWVu15Lokjua+3arteyn8MbuDj+lF
-KcEEP4VLE84+SFaA5KNgDJspoT7+UiBZRELwTxiTK9vPR5VQyTQnc/M9PkfC5rvV
-WbctYK/HJ/r68nmGAQ8CAwEAAaOBrTCBqjAfBgNVHSMEGDAWgBSGpFVj8YygI6en
-vMtsqm3QWsYPWjAdBgNVHQ4EFgQU2X6Y6CoZbpdRkA80xPGNWG1aeZ0wDgYDVR0P
-AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATA/BgNVHREEODA2hjRo
-dHRwOi8vdGVzdHNlcnZlci5pbnZhbGlkY2VydGlmaWNhdGVzLmdvdi9pbmRleC5o
-dG1sMA0GCSqGSIb3DQEBBQUAA4GBAG2N3tYbTsRh2FgGR/eAxNmVerY5ooWKrZE/
-MkikG9U+XWgHChNL4eR92wDJVi1h5uVvSyUIF1vEFXVfVxyqG1kz1dqWcFrZHp1I
-w3WD/3qKE0ilWL+AnW7LOOTbTUDevmIwcUAvl9/QiYpexJyeQhzWJ13gh5vwkfiG
-coWXP3GU
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=nameConstraints URI2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:86:A4:55:63:F1:8C:A0:23:A7:A7:BC:CB:6C:AA:6D:D0:5A:C6:0F:5A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        73:1d:ee:ad:1d:21:24:88:c7:70:27:82:cf:68:1d:fa:61:18:
-        da:2c:a9:9e:05:0d:b4:7e:e3:ac:49:fc:82:76:d0:6c:80:1c:
-        b3:b0:36:4c:44:da:e9:0e:aa:9a:df:66:1e:0a:80:f4:f0:0c:
-        84:02:2f:57:47:96:e1:f7:ae:e6:be:85:9e:53:e0:97:1e:9a:
-        68:7e:f2:32:8c:d7:89:1e:63:dd:3f:47:06:30:44:e3:42:ee:
-        30:c2:d6:ce:3a:46:4f:6c:8c:e2:43:c3:7e:5a:51:ce:5e:73:
-        7a:ed:f7:5a:04:a8:0d:f2:f0:67:af:e1:0e:b8:eb:9f:cd:2b:
-        24:62
------BEGIN X509 CRL-----
-MIIBRDCBrgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIDAeBgNVBAMTF25hbWVDb25zdHJhaW50cyBV
-UkkyIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSME
-GDAWgBSGpFVj8YygI6envMtsqm3QWsYPWjAKBgNVHRQEAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBzHe6tHSEkiMdwJ4LPaB36YRjaLKmeBQ20fuOsSfyCdtBsgByzsDZM
-RNrpDqqa32YeCoD08AyEAi9XR5bh967mvoWeU+CXHppofvIyjNeJHmPdP0cGMETj
-Qu4wwtbOOkZPbIziQ8N+WlHOXnN67fdaBKgN8vBnr+EOuOufzSskYg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36EE.pem
new file mode 100644
index 0000000000..c54a940b53
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidURInameConstraintsTest36EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 90 C8 1E B2 98 13 4E 66 81 CC A0 66 8C DC 14 EA 92 3A 08 CB 
+    friendlyName: Valid URI nameConstraints Test36 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid URI nameConstraints EE Certificate Test36
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints URI2 CA
+-----BEGIN CERTIFICATE-----
+MIID4TCCAsmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXbmFtZUNv
+bnN0cmFpbnRzIFVSSTIgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBoMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTE4MDYGA1UEAxMvVmFsaWQgVVJJIG5hbWVDb25zdHJhaW50cyBFRSBDZXJ0aWZp
+Y2F0ZSBUZXN0MzYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMbB0+
+65ySk6fi6dtExfV1zX4fF6wQUg0um9bpkU7sssBLoEI3fNMzQTM1iwjpbQqILiRP
+0zqi/pEy8LTZZN0H3/Bvign4sGWhf45iMB5gIVR788WqOKz+vnTHjzjve8a3y2BG
+0obtbCGD03k3a1zu3EH6X6ZXQHN5AXFgwQgOkwWf0azdHUb7JO4fSFMH2hNEgOJx
+2ip+HuWZfzUzIa+as9ysh7OCjJYySAp6jxzvrQAsRcUQPd0XLuJKUM/tWXAzfqgy
+Rk5RsfcnLiBw/Z4fB1UzhN5RSGyBxqwiibLl5zeEQxDETmW7kVDN0V0khIpX7mD3
+frmvHfx1nzaSU4IdAgMBAAGjga0wgaowHwYDVR0jBBgwFoAUTeuJcd/wBAGy+nY6
+WLG6YN2M08MwHQYDVR0OBBYEFF3cy5MzmrQiP79DwPPCIj7VxjfFMA4GA1UdDwEB
+/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwPwYDVR0RBDgwNoY0aHR0
+cDovL3Rlc3RzZXJ2ZXIuaW52YWxpZGNlcnRpZmljYXRlcy5nb3YvaW5kZXguaHRt
+bDANBgkqhkiG9w0BAQsFAAOCAQEAXHV9C9XnmJqFiGQvsQv+Mtb3wU/lbRlv7P4+
+dVItASgqIPJwjrGAEkFjykCDUd/ozD4lIo+UxKwXAEmH53wyXLnnupluCnPYarTM
+KgWfQlBj/eO6GNEQLujg05EK7VxfFnr1jPXEaVBIacwwXNlEGVFK/j5GaOKh9kbT
+SwdMgzGI8R+k8mYoLbVcE3Q3v3zsZPjsME8OBW3d+AytEb2gWScJv/iDfCSgk3rQ
+F7NENzPMDreitDNAhxvmQL0/KGewkCStOjFHaBLQKR+ELq8TruIEuypNl8BNFQf/
+HSf5MCFAlkXUNaff+m/vEvm6j6l4WlcuY3cYA0BLG+OTnSnTCA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 90 C8 1E B2 98 13 4E 66 81 CC A0 66 8C DC 14 EA 92 3A 08 CB 
+    friendlyName: Valid URI nameConstraints Test36 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,099C68B6A471A08E
+
+nyQYist/gy/S0F8Dbw3KXCcHMxzhAM2TlY8lecSS2d+Q3hrFWrqQ7tIrwZYGzznv
+ypq6Wp8Jxkq357ceY7F9yz8UA/TDK4xQdFITeM4toUknwscbkSNHgYbMAFwpaSAC
+1dd/VyVIEUC6q7gbBYoUxCXS3tEcoIzmwSO1unB/c75ks78uY1ygyrjPu6VrnOMz
+wQDrOAdRJQhwAvw8DBqHUejxThr60UMi7OMbNlzlzud9crBdlUzAluxkgTagpihe
+9KBvPUGMAtnGmchmCQEZcNoQ4mqCLAQqcylaQl9h9bUnMrAllVteiBpePHCBTO5e
+EmfSa82yQJI32NyJMI1a3soP7fZMQzitHgGKo9Kcw2g0qAMjtV4vgB+PeavW5zpV
+uNCQ/cYbkie9NbccrkHR/iiLtOggws/Sm8ZQv3WaAtamDM0TK5uLilWWthvcD/3X
+h0RPOaBkzH+APUbTk2b4sLFqMJDmKEO0C1o0yGDsvo/0AarZCUXaw7LE0VmAV4aw
+ux68ttmqIshamV7rj4UZ/V94M1KLnxRcvGui4XdNx0sKA+so01+4XgIZEXWRR0mM
+RKGwO+zlTuSRtCgo5rDwx6rATxjq65PawAMZ48QGKXZWhfvEtGwsmCweQvH/G241
+LZKBXrl0wO5jEeGHvd5LGRjZQqP5AEnlUV7fKWb19j4HidOtDixZyhWxXDt6x5k9
+BEEKrDp3K8Uhu/+cYLtziCa/ItzGMPiBUd/m5C1zYcUqrh1eMaPh9YBbRdXR/GYh
+1g6dEXcCwjyLrYsaAjIydKwES0Q8lnbwVtC9VyQwVId/X+dp9ayU+IWPBweOFZ+Z
+bHp0oAbn5fPRzx/BwjhpHUYbmqgs3knenQDYofRiPCaV9oTvEt33iU6tm+tsOOt1
+d4Jqa8kgbX05+jxDIjwjY/v2pVqaKllJzpKWFPGlXXj74aKRrVr0kEXb2pklYp/G
+3HzPbEG0OegIFAj3qBYZujbJ9P0Fys6/Qz7p0gELWRRvAsXsKntRDBE9n2QrzGzI
+iT/r9u23pjmNv1mIT8bIArzTmlckJO7QeF776Ti27hQeZcYa4wS9m8vqAljI0LWX
+g4HvChsaS1Q4SBS1Fi1WaREDOfeuJyDBaLqa+Xc+n9StuN3bJlsx7PX5Y3fIQBD+
+ixmyMZQHaopuue/LH9BICaDHvU9h0qD1jTAs4oDr7OLzaH7bILDPsooVKMmb+EOT
+NIT85QC4sbrpVTK1UR0Mnw1D5QOCRyuQyetdG6T/bpKb2V4AjWFX5BSexhp5YAdx
+qfRkib3DKF0s//evkn92phwVoZP4lTv+phVRIU4DSSxxZST7XNsr0QzlE2lUkYTT
+AOCOeB519BHdugmAT3WwCqbOEcmnqef+WHnWWH8IplTU355MWN6odfsFDhCr/Sf/
+/7XajGPw0dq7w1M7gUpEJcQC2r29s814L3UGstU55+rfnf3tevs9ar6HcuTM2Nhm
+IjP0hHeFYaD9AN9AvyPyhYwn1sEibpz9y4UUOyK2yCe9BGVzFXl0MJn5VSX+qWSX
+7cS2hhm+v0zRqGA7u+fMaqWMnMWMl3+3Pxh/8CIhC6J/ioGHtOjz/AkWR1e0Qaii
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11.pem
deleted file mode 100644
index f91b6dfd97..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=UTF8String Case Insensitive Match CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBZDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKDBFUZXN0IENlcnRpZmljYXRlczEtMCsGA1UEAwwkVVRGOFN0cmlu
-ZyBDYXNlIEluc2Vuc2l0aXZlIE1hdGNoIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQCaogvEpeDhTyOkM06wjnLD1JeNedm9VZ+FpIvkkhrhGKskIHcfsNfJ
-EsrLnoSQIj5ocFyxY/76uaSgJcEhTpIj695mSBtyZThgQr07wSGTByiAmO3fR3if
-tMzWdzP9j19QXSUZjQCBNySjtuabFoqgR9OHEmVjly+67Al3yaZDEwIDAQABo3ww
-ejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUNmIV
-KXylwtCEEMdeoxYn36lEE2IwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
-YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKnn
-dr5r22s30krLGaZ6Ava5zeA3jRRsq/ewoyaGn39VO/MYpqRxPdqlVqLO41PCjwTY
-VjndPhVSfFsQHxANRG4TUD7MBKeNsr3eclIvzCtIb8U9dwHngXeYNlih1ufYUDZ5
-z5oTq4R9mHUGu1Jz/uW9sisBRMbS+2wj+E/3yezC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid UTF8String Case Insensitive Match EE Certificate Test11
-issuer=/C=US/O=  test certificates  /CN=utf8string case  insensitive match CA
------BEGIN CERTIFICATE-----
-MIICrzCCAhigAwIBAgIBATANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJVUzEe
-MBwGA1UECgwVICB0ZXN0IGNlcnRpZmljYXRlcyAgMS4wLAYDVQQDDCV1dGY4c3Ry
-aW5nIGNhc2UgIGluc2Vuc2l0aXZlIG1hdGNoIENBMB4XDTAxMDQxOTE0NTcyMFoX
-DTExMDQxOTE0NTcyMFowcTELMAkGA1UEBhMCVVMxGjAYBgNVBAoMEVRlc3QgQ2Vy
-dGlmaWNhdGVzMUYwRAYDVQQDDD1WYWxpZCBVVEY4U3RyaW5nIENhc2UgSW5zZW5z
-aXRpdmUgTWF0Y2ggRUUgQ2VydGlmaWNhdGUgVGVzdDExMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDsol6bNoNnlNAy2lkPsdVM02fDVB5vmtUbTN2DiXfYxICd
-NtMW9orODpZLBLuhHD9L/N+amY5njVAJUpvbdU2cjFMwgn/YfQ/eDXrCDPG2FLaJ
-WA0nRqHFrhBVz6MgJFtpJUz3e1Owsy3U03aq9SthFb/BBFFOtAH6mXnuBjYVTQID
-AQABo2swaTAfBgNVHSMEGDAWgBQ2YhUpfKXC0IQQx16jFiffqUQTYjAdBgNVHQ4E
-FgQUxMF/9KLvn9+5ABPGIN0ZEfq0S6cwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCLnWS00RFXZcbBCM15
-7+vQE5xrZp4AH8MhcC5CCS7C5F6JkHPcXT5OnCCN+d0cmCCTgolBi+AndeXwen9O
-y/2uq63SVqP/H67rcyoxaGeqSxxZqbowZqboUMBLinSyMq/coqnGbiNjK+K7xXqR
-borsQCmKGqvst1rn2LPNKfKRCA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=UTF8String Case Insensitive Match CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:36:62:15:29:7C:A5:C2:D0:84:10:C7:5E:A3:16:27:DF:A9:44:13:62
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        32:f5:46:0f:c0:5a:10:87:86:95:df:18:69:d7:c8:99:4c:84:
-        5f:f7:1a:e8:c7:66:27:41:73:a4:72:f6:09:66:a9:f7:cd:62:
-        22:87:dd:24:94:77:c1:38:e3:9c:cc:70:64:29:b7:d9:76:94:
-        59:d7:26:43:86:35:63:6b:0b:81:a4:1d:d4:4f:7d:87:6a:b6:
-        bc:68:34:9b:ad:d0:1c:34:3b:72:7c:7f:25:b2:19:03:a1:24:
-        ee:ef:d3:3c:a6:21:cd:79:11:70:d4:6d:5d:c6:67:14:39:17:
-        e2:23:30:76:5b:f7:b5:4e:ce:ed:3e:57:2e:58:1d:cc:ec:ed:
-        b5:52
------BEGIN X509 CRL-----
-MIIBUTCBuwIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJVUzEaMBgGA1UE
-CgwRVGVzdCBDZXJ0aWZpY2F0ZXMxLTArBgNVBAMMJFVURjhTdHJpbmcgQ2FzZSBJ
-bnNlbnNpdGl2ZSBNYXRjaCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WqAvMC0wHwYDVR0jBBgwFoAUNmIVKXylwtCEEMdeoxYn36lEE2IwCgYDVR0UBAMC
-AQEwDQYJKoZIhvcNAQEFBQADgYEAMvVGD8BaEIeGld8YadfImUyEX/ca6MdmJ0Fz
-pHL2CWap981iIofdJJR3wTjjnMxwZCm32XaUWdcmQ4Y1Y2sLgaQd1E99h2q2vGg0
-m63QHDQ7cnx/JbIZA6Ek7u/TPKYhzXkRcNRtXcZnFDkX4iMwdlv3tU7O7T5XLlgd
-zOzttVI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11EE.pem
new file mode 100644
index 0000000000..55689d442b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringCaseInsensitiveMatchTest11EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: D7 D0 63 11 F3 B5 B2 43 11 C6 86 8F D5 31 5F 7E 92 4D 7B 10 
+    friendlyName: Valid UTF8String Case Insensitive Match Test11 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid UTF8String Case Insensitive Match EE Certificate Test11
+issuer=/C=US/O=  test certificates 2011  /CN=utf8string case  insensitive match CA
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBATANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEj
+MCEGA1UECgwaICB0ZXN0IGNlcnRpZmljYXRlcyAyMDExICAxLjAsBgNVBAMMJXV0
+ZjhzdHJpbmcgY2FzZSAgaW5zZW5zaXRpdmUgbWF0Y2ggQ0EwHhcNMTAwMTAxMDgz
+MDAwWhcNMzAxMjMxMDgzMDAwWjB2MQswCQYDVQQGEwJVUzEfMB0GA1UECgwWVGVz
+dCBDZXJ0aWZpY2F0ZXMgMjAxMTFGMEQGA1UEAww9VmFsaWQgVVRGOFN0cmluZyBD
+YXNlIEluc2Vuc2l0aXZlIE1hdGNoIEVFIENlcnRpZmljYXRlIFRlc3QxMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN29zJK6hFJG5nAuyoIXSLM7XSRW
+O5FCiwm1id6V5ELZnaiQN5PtY7ZzOdQ5Rymo60UCnsnp2Ylg1OYh82GfvKG7gZS0
+xRwA/3Z5veLZsYhuqm/yixO3lfbmQRb1axDgfudVwUnwdQlvXjXPf4EsIB5WIAIv
+JYryutqJNIn3VX5BeI8luQX2ynlkc1StTCeUMnXYT26X2GW71m0hn5RsSlwHayo2
+HXVULIt5ojyGoatCESTbN0kmPXKJQTwV/KmER9Ual9Zb4BKvdy0Kbs/SImNzmA3a
+VITJ/YMs6BA0OshD39ZkqvDF86aCConG69VXWF9ASOmClC/asa9AyHvDAKUCAwEA
+AaNrMGkwHwYDVR0jBBgwFoAUYN8Y0cqpUJIRFyFE0nf1aq2mvngwHQYDVR0OBBYE
+FKzudXSiTCM93NKYuEBr9McOizZqMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBAEv6NJ3Kqb+fORfTmqBp
+z/UIu+rdVqUmqVOc6VEG8hrOWOUjNHxb+DQHwWSM52s4ednWj4iOrERBtqI6I9+L
+Ja1yCa1i84KLowhew/iH8fgFqLnuoqiQ6SXvY/z6hBIHgOSZ5LI0yF7Zsw7R7JKc
+S4rpOI9lrXRPHPFv51Up7Z9BUNv1QOU7dlLAIwXXKvEETuYD4rM25w2Jz6ogfdXD
+Rs/B2OAm5lKTf/ZNeLtF30oyNPHPol0DvAQO25oRtrguOShdluY++kWqDXlVMetI
+y5xJ4/n3p2W3V+S56jwwok+627UoDYUqS4ulQtix30lcWi2O+UqYgFnNWJxwa+Gj
+zp0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D7 D0 63 11 F3 B5 B2 43 11 C6 86 8F D5 31 5F 7E 92 4D 7B 10 
+    friendlyName: Valid UTF8String Case Insensitive Match Test11 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,58848D19CF96577A
+
+mvFg38AyE/2G/aVUlNhvdTka5AvgOAknAWqk4lP9m4oGx4V/QH39TjFGG9HHF25k
+UXLMXj/e4qbN7uwU5T+z+A/FiPBBuhjCjcK2Bm0zH9O88yh/Qklop2XQQEM9oIXI
+AJrYXoKfin8Q+AgSvZ92CfAYqIm7j5jEdQaf3o9yih2aRQTcYiM429fGM5gSY+mv
+vS/4MNJFWyME0D5aRJrwBK2lMmiQI/zSQfmZRiNOYE7z2htmkEECeGarO074gO2z
+He5RKtGc15x09AP7GzzDZOYMX7tC9PyxE0dQ0sif28Dw7bp/mZeG31geznW7kpQt
+p3scKoZ8TKOVmxnxbrHUMhXQ1nd0hVRTAr1VGtp994Na85sYe1SKpcF3WMxCJ7pq
+ttZ0g50S0zLlgjJjOPcnybDRMoNwnzZsEW6RiQdlNZY3TRoeLkNfJgtTV93jxJ+c
+8l6TO8Us5E7GjChUnN8/Oo9U89XXVKJW7MOnbxCkqlAyHxl1prOvpBecHhuuN6or
+0e/RwMxrkObCN4MPpa4+axzhTBPLDnqGJSCkF78VoQEF55QF3ZFDWztwhusM+bWL
+U7wfFjLbIZZw3vlJOu9/7Owva9Od0es1+X8+V/RVjbMFS0VxnOTjjeLEG2q3Cqll
+byesMZ2csF2BAHoCtP9mlQ2NXalDi4hSwf1RpT47KqAnaX4y1lI0lHB8Bv12UHDy
+foKLxTrZcDpHKvpxgkQRBClR2ZIUQzwpNiOtIo5c8BCyNn6FLCmXnasdZSG2ow6M
+gXlzpLoDL8g+aTI6U3Ruo0NiRmWFTljRcJOKoCf/H24F1eOCRLQOTwJs97YUD3/h
+dK2XGkGKgS9dEOon6CnCGVti8NNKBMDpiOt/PwtLB/IZf6PCUunVKlzqnyaT4twL
+dUImUev+ybVpBGQADYxQ0qWjtpGee1kUjBPOMI+UbzYogCVbAJlutQJmqYX8gvQn
+vLmo4kh2NkoS7nHyCAQb1d7qryoMYq8ODSIW78yj9il4YblajBT0N+x7KuU+K3f4
+hWIosco1WnejXmMDBYXyhzI+mEE0B5nxzio8zSFYXOe06FNiWeY6G7j2UybfA6zk
+7OLT8tEK7xk/Q23ih4wHTndaMYzPMDepEM/hdSXgGHc7O7oXEVfprHLVxVZPy+Ju
+KcLIu1t6BEEpXbrE+Ar4gcJmYQePkMs7UtOxBdTNijcN/egmGY++6V+Pg+vDjqzn
+Evr+rjq9MxtSqMntrtZJ8fLd8Dufs7O/PCAfDAj2lISrYcjx6Zbf/wOaU/+VzCu0
+tGO+ZuxTMWLxnGj4VhFdy2Mm8maayva+qMDP4SBlYsChDMjgMdXBkq+nyXdFNQyf
+a+8owuaXhRd+wpMmPy+4WKkJ35B7rlgOw2uYcKei1IkqMS0Nvl/yH5RMPjeLWxgA
++ubuZm6zXpM75sbQ9dEgwDCHadjRYktEDfVhT1Fm1FRjVGU+12FSMa9wGv/OVWN0
+xW1g3dqvXQyHQ/MuWGRfU0OHa92bu1cJ5vUPVtPOdNXwKxx8AdFlqZyJWsCd2OCb
+ST/BEi1+SBIPeV73M6movs6zFP2/e2VKvDArHThf8dVQROqPGO9Nyg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9.pem
deleted file mode 100644
index 2857bd3c74..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=UTF8String CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICczCCAdygAwIBAgIBYjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEExCzAJBgNVBAYTAlVT
-MRowGAYDVQQKDBFUZXN0IENlcnRpZmljYXRlczEWMBQGA1UEAwwNVVRGOFN0cmlu
-ZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwNymUjXTPLYfQm1sbyf8
-QSDxshobqw4r+yna0i1Rj3o7Lu/5vt/vqIPKH2r52EYvuFWBMNKCglyCcqidFgVx
-Z+hsUqJi79uj1DhGgqeSG1/gmyduba9sGud4J6rNhVuz1E/dX5gu81Gi8AgFQj/D
-tC+HMSrP6GKAXVbXsnWBPGkCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6
-ng2wPOqavIf/SeowHQYDVR0OBBYEFNMoQWQMXH4Okw1WMKge9ihlAMr7MA4GA1Ud
-DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw
-AwEB/zANBgkqhkiG9w0BAQUFAAOBgQAYI8NaUKFwf+db04baEtgElpS8AhzYiCP9
-H+4pn+6Bp7ZK+3WMdR5HVmHkn0wx3+eRrAO+4sViEZYS7+yJfJvQVqgeVgRWZeuE
-dzIXVT0OLIloElDfgpdZgkkM2Ucdg5Nn52Of3AnZagaFiaNqFRZmC+QYnKif09vj
-8jaUJTJbuw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid UTF8String Encoded Names EE Certificate Test9
-issuer=/C=US/O=Test Certificates/CN=UTF8String CA
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEa
-MBgGA1UECgwRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMMDVVURjhTdHJpbmcg
-Q0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBnMQswCQYDVQQGEwJV
-UzEaMBgGA1UECgwRVGVzdCBDZXJ0aWZpY2F0ZXMxPDA6BgNVBAMMM1ZhbGlkIFVU
-RjhTdHJpbmcgRW5jb2RlZCBOYW1lcyBFRSBDZXJ0aWZpY2F0ZSBUZXN0OTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoxNfkgSuZUKuoTrCTE46w8pIE47j18Ul
-+ZyQJGplDws8AeUtIXBGxaYs6He2jxJXV6geeAi/DlFhUnNSK1Gavbey2DUkn8Av
-3U5y2+p6S4HtU1FMypUCKcboGqHME6y3rqDQSl7YY03v3wd4PPaKPqvhZtDSG7b/
-QnejyG55zHkCAwEAAaNrMGkwHwYDVR0jBBgwFoAU0yhBZAxcfg6TDVYwqB72KGUA
-yvswHQYDVR0OBBYEFFNv7Je2o4j/89zS0tw/sI8eM4dZMA4GA1UdDwEB/wQEAwIE
-8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEAT2NW
-DkK184Mva0VGnLCXsyNVUYV9/6cBxVncmML7X/XlT3c4M7ZjSoL/J+hVyavU+1pN
-SAKfgfyZE6mVa6BOYzL5sBRcvpgJPjZMAEGZ+dwfJUsh2KQvFmEXu8xSBIss4Rgh
-o7OsvrTpSFiidbLgLQW6FeMEivGfw8AZZ2W9+s0=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=UTF8String CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D3:28:41:64:0C:5C:7E:0E:93:0D:56:30:A8:1E:F6:28:65:00:CA:FB
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        97:9a:cb:dd:e8:9a:f3:02:96:35:53:29:74:69:84:1f:c9:47:
-        f5:14:71:8a:f0:32:42:64:ae:06:9a:ec:f1:2a:e1:4a:70:d7:
-        1e:11:fc:b8:f2:9b:6b:38:d6:18:37:5b:74:d7:bc:78:c7:9c:
-        b1:34:c1:76:87:4f:31:43:25:ce:95:52:23:cd:d0:38:c5:f0:
-        26:b1:13:d1:ca:2b:f1:e1:df:e1:e7:3e:6a:3e:d9:51:60:5f:
-        6a:78:b2:50:03:45:39:95:40:3d:2d:39:7b:af:97:e3:32:5f:
-        14:f8:aa:70:ac:49:6d:44:1d:ac:2c:d2:fb:a4:5c:d5:f1:d7:
-        23:5f
------BEGIN X509 CRL-----
-MIIBOjCBpAIBATANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJVUzEaMBgGA1UE
-CgwRVGVzdCBDZXJ0aWZpY2F0ZXMxFjAUBgNVBAMMDVVURjhTdHJpbmcgQ0EXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1UdIwQYMBaAFNMoQWQM
-XH4Okw1WMKge9ihlAMr7MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4GBAJea
-y93omvMCljVTKXRphB/JR/UUcYrwMkJkrgaa7PEq4Upw1x4R/Ljym2s41hg3W3TX
-vHjHnLE0wXaHTzFDJc6VUiPN0DjF8CaxE9HKK/Hh3+HnPmo+2VFgX2p4slADRTmV
-QD0tOXuvl+MyXxT4qnCsSW1EHaws0vukXNXx1yNf
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9EE.pem
new file mode 100644
index 0000000000..eeb1e3371a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUTF8StringEncodedNamesTest9EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 3E CC 69 23 02 AA 68 46 BE EA 0B 63 31 0C 9F 56 C6 FC 3F 84 
+    friendlyName: Valid UTF8String Encoded Names Test9 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid UTF8String Encoded Names EE Certificate Test9
+issuer=/C=US/O=Test Certificates 2011/CN=UTF8String CA
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEf
+MB0GA1UECgwWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEWMBQGA1UEAwwNVVRGOFN0
+cmluZyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGwxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKDBZUZXN0IENlcnRpZmljYXRlcyAyMDExMTwwOgYDVQQD
+DDNWYWxpZCBVVEY4U3RyaW5nIEVuY29kZWQgTmFtZXMgRUUgQ2VydGlmaWNhdGUg
+VGVzdDkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiQyHe+Qlww7JG
+F56OLnXVa6/PwDW5nMyghTVjB/9SVbOF2cOOtFS/pGw9Qbc42wajSZuKP0tEBph0
+SkZlyhpyHwcGn2UMrWolAnAGDugxr83ijb/AElL+Orzm5lxPcuVG8+D1w9EW7JOq
+I4iwhHe70XKdM5RaGRzQpQmfvGMuj6VsMUJaIv+9/5RLycevwNEZl3yiLTV6APui
+hoI8LQQc9C+YQfAzRqz+e9adZIBayMhshpAJtgZ9pdNRPiUXt/NDw4jSbHp+fABs
+3x0i5GMDGBQMI44rUVY4odIM7GcIFZ14HyLY0stkp2PsHCvmd2DBS9QbCA7rWhHu
+8gcdQ021AgMBAAGjazBpMB8GA1UdIwQYMBaAFDtnW0TyDadIfXMpjJOf1STjEmAm
+MB0GA1UdDgQWBBS4qOG97iGSGhivTSqPnNsjcsGavzAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQAeayIn
+ZVW7XoaTBtQWUmvNBO3bMOq/FsCioTns6lSZp3JeTMG0yj6HmxJGNLuDNMzcfN88
+piQ7sfvNf+lcWb0gwdB2HXWTU4TcpAHUkn83Fid9og3gZv4YDh+fIQtcaL4/Yja0
+cSDiy/OYHvV3ehEuTAnMPh8Utd5UI72eFwznL+7lFdJMp6IMTa0GD5iVjkYDSOE8
+CBFv1vyFZOpiM3US56Kuo93VQdDUSXZdbHphgddospcnlW1fQ4wvMUTZpXeqcbu0
+kDqNIM10ooUbnkpa8Zsf1aOdna1p3GcFyJTdpKiellXrtc52azNxwHgPwvchG4k9
+RqHAGNJlDwsEHMB2
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3E CC 69 23 02 AA 68 46 BE EA 0B 63 31 0C 9F 56 C6 FC 3F 84 
+    friendlyName: Valid UTF8String Encoded Names Test9 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0348A1ADC6843B58
+
+CIUrRDnJzviIO4bKwrC4z7P78xkD3j0qb4EcLeCJnuPgRioje5DcQ6mc0EpsbDrB
+r9HT1B2TtIK8VjOn0Ij35TKPMCKXNWajJALwcrN/h7TwR31X9m0DGvnhxBi5oZSc
+JWdBsePDApcIxfxJ70pI69gY/yOW1I8iKUXxGtmdOJBOupTQtmEbiDw4jlPIlImc
+AJErDVFhtnLEQgczv/+/J8QeW20NyrxGxkcZjBBAQkwn9A00MuxeQ31KYYEBe+xN
+MXOmVz1JFJhQTdIooH8bEPRBOgW2PF0ZXYbL70Mj5X/QRnFnw5IL59vn7G/RylMz
+uORlOPzuldVxwnNk3eff2LK/S5KdG2f0G41T09Y3j9BmtuVCfqX50bUvneYVfVsL
+a3a5/zZc1JYGlYrSy0wqilV/5dPBR8JcEz/jXqV/BkqBOZgoySm3iBbeo8jy7Zb4
+N6uamLwmyu/ED/EFNyIqJ77ITs/AK4aOVepAcITyreRpkuxmlzJhdrKzkukfZokq
+Qy+MAXyva+gXbP7gwLeWAl1BN3GgekvhWd+DTMrAbK/9E4y3A6poNe9xS/JNUqfu
+E7bMSvzawrxk4vh1t5evsrms7SYR3JnI0nFoZfVynwifAG1ci5xafQe96Wd7XII+
+M1z+Ifm24UodrIBOB9pMzlx2hENo3f7f9DSzbLKJUHkc8voBQm+Pn+MGwNH42Aux
+TGmsNjekaboeY3kQK84KmsPzoTQ/LIKAEs51T6bss4cJxUlMK1ZqW4+lUt2hDAmz
+WXqmdaq6gRFwQxZbEH69yEul6HIYIluTVQKFR9qYZ3cipIMcjPdOq+6MZfMcNOD5
+knsGLmGa9IbLFF99ORvT/8Ul+eyCrGdJ3G0Q+4HL2Tbf9eacL56vQC2JZiN1uUR6
+R9LDOrGfy5OlCSgk+gLTm0p8BQOAiUuzRSO0uuhufa/VnP+se0Fqi+5Z/b+J+CVA
+brdbRQnadvUilAj091EjBP3meXY6OrKNmUOW3ZUfUSOLyfY6WffxxEDL3+g6zY6F
+XqprdfcL8iP18DXm+bQSCq9SCu2PWnqH1heknCvZ/rmleqty0rdtheJjzLMTaZZZ
+FEOTkaYO/enFVPJBghO0aoK1nSfIU72XKqYdI0Fs79wXGpyteZ5eedbMf5XzcJWp
+7dF3jSgfDyKAgZ9kULGBNUGRlbyQPwfZEwXxqG7BtnO0fDuu1OmAJcGvmhYaUitq
+R2bYN60a2+hWa7CLX5jLlwI6yhAKHI9B3Kav5tAma8Paj/WoOem2uCMSxMx6ZCzA
+IZ2WJSDsY9pkRLf1nCOBl0+Ym1XWIcr6k1cGFeAw8YEiUUn+N+Veek1dWrMh5bu9
+RBndLWrvlu+lWnCdaVUHHgoNt2nz+SlaHux8ODTL/TFUeLl0b/d780hVms43T+jf
+k0M78bCKpK0MYOukRkjedQfgH/WIegpFq7KK9MY+oT8iGzTjDXMLyzPqt8ha9EMK
+sm5QkYWPjrYguS70tSDxjO2rWYAvtiz0f1uTujaRSNmFxNrl8FdY0uoKh6Xtbzvb
+fnwB9bjxpPySbDK2mV8cK+8kUL4ZW+4b5dSOl+PWh7e4NCFBm4JpwQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1.pem
deleted file mode 100644
index 7d19088eda..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1.pem
+++ /dev/null
@@ -1,58 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid Unknown Not Critical Certificate Extension EE Cert Test1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpTCCAg6gAwIBAgIBXjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMHIxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczFHMEUGA1UEAxM+VmFsaWQgVW5r
-bm93biBOb3QgQ3JpdGljYWwgQ2VydGlmaWNhdGUgRXh0ZW5zaW9uIEVFIENlcnQg
-VGVzdDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKhu9MiazK4MZfZxFp8b
-EqQNtc72SyzLI8gVU6uacEHKLpo7auSD72gD77oJKNLO0wW/lJmBZrr8N6Vb10xG
-UDpyNayjEHhIQ9YGjQ0iFAzwBZdxSba417KwGoZEtWDwXDgHFcJkpdeO0cmvN/WY
-T3hTDuDubTGzkT/z3o7HLBXVAgMBAAGjfTB7MB8GA1UdIwQYMBaAFPts1C2Bnson
-ep4NsDzqmryH/0nqMB0GA1UdDgQWBBT2UVRewjWmpJzpb1mXbOTeaXT6qjAOBgNV
-HQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBAGCWCGSAFlAgEM
-AgQDAgEAMA0GCSqGSIb3DQEBBQUAA4GBABs3aiPSbahf2RsQXVpA2945ngkKbfef
-RWOSqb+RmLmR3zburW1DXXzu3XSEOB8Ud75OdMvg9MIeKss1EqhEp3Bp4ltMa4+V
-xORBZ1hlK47mQAPiGsshFriTYp1nVfzHfByAFuwYZFLhjJnk2w/nyq5kyQ3AjfpQ
-XaezK4Qnje4K
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1EE.pem
new file mode 100644
index 0000000000..7799da859f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidUnknownNotCriticalCertificateExtensionTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: EC AE 20 8D 62 05 B1 DA 8B A5 41 80 4D EE CF 8E 2B 7D 30 BF 
+    friendlyName: Valid Unknown Not Critical Certificate Extension Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid Unknown Not Critical Certificate Extension EE Cert Test1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApygAwIBAgIBXjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowdzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExRzBFBgNVBAMT
+PlZhbGlkIFVua25vd24gTm90IENyaXRpY2FsIENlcnRpZmljYXRlIEV4dGVuc2lv
+biBFRSBDZXJ0IFRlc3QxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+xR67LyBnthZAMPhZkzpYoGxHaIbC/er8Fj5AlXd619zdvMCaWmXE+d6pHByEo6+R
+VZRovpOEhiapfjZX3ZYtR0zzFXFqGZXNTlP0caKIjOGgqrSP5ZVLbPOk1j38hOHW
+BVRBUigp/ADaBQ43c+EKf761jIrgHHG2MtE9zmj1HgIa4Hbq+K5ejoangiGNPZXC
+VFeTSReh9DxC3gilregD6KPR/AQzeV2/BPBse3afXlR/i+2R256tZy0HhzMLSntU
+JyEsA2I9jqw7kfRQw749ZT6uhNi/KqFWYqtj/iIqaPF82JidKkQmevqZT0WdtIfB
++MtYDIWABmwx/bBohbsfYQIDAQABo30wezAfBgNVHSMEGDAWgBTkfV/RXJWGCCwF
+rr51tmWn2V2oZjAdBgNVHQ4EFgQUTqAIoK4LHZBaMv/WHFi0k/KurlQwDgYDVR0P
+AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAQBglghkgBZQIBDAIE
+AwIBADANBgkqhkiG9w0BAQsFAAOCAQEAEjAmvYQDnZ9h9tK0SPGVI57LiptQxKz0
+caPfRivaSLTlNQ3umZJkDSVe1+QKt9x7QchbZSK0v563XUmnGLj+9w6OWJUXsatf
+DMXgoasef6Y9HNKx8JiqUwbtJrDEXjvpqsdXE6ZMyQ4ij4C/VTAf7QD6bLpMLRmd
+lBl1NQzcr6F7fz9exV2PyWJL7E28ujxwcTauXmANKkQ9hKgrCuWuVx6o7qpqKpf/
+X1ldl9VwVLg9sO39+2J4Q+vxssFjlkggUfbz6bE78DLwMIruCIvgxbuCrMqy4cbp
+tqHqzvth5CjRBEhGBwGPqjvampYA2+ZofTyq13bMqp5Q6aCzCvjR6g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EC AE 20 8D 62 05 B1 DA 8B A5 41 80 4D EE CF 8E 2B 7D 30 BF 
+    friendlyName: Valid Unknown Not Critical Certificate Extension Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4DF79075B2123655
+
+dul293n8fUdEHnuzI/oNHAfx+1qGPCJ3SDu+sZkktfOJ0FZXYtXPhc3QcA5/P8Qg
+FyitRbAWpS8+AYZxnOYyzPNyi6eT2a35VYmamkPwQMi/6ClqXpbfDsSL2ee3cihD
+h46A2/NbYYsh/SWqVR4kIBP9Nxl0ziiRiNFMdNJg859WFvi5W6GkeMxcexfFH/Dv
+ot32/PVbbA34X/al2GY7Uk79r7Gjr3o6eDVnM2u2Vst0ZcluYqWL63C6pXeA+LDP
+XpGdI9q5vTWAIaS5Z+ANeappx9yIhJ7t8MSP1gFwZ+sw3yZITVs7ojzypvn577UW
+CfqjIV7kPJ8j+85CVi2SZAoY2yf7/kjCDZJg9HV+tclMQOxY1A/eDnh6QQ4dCV/A
+c6vxAFzLGHOvSOUJHk6V+64CI/9tkCKZdXjWA4N3KK9msremwpMOl8Ruvdgm1Rwc
+gvbltkodoeztAYhGK6wXqDACbX0IaFELNbnC4H/WOr9CRrYvMCUOy6sdZtQj6dwE
+ea0x9FK7SJ/yYxWZ8TdQJhXcCKe/s0e15Pb9rUhD+xkLXfY1D7F41Csuauqvtns0
+0iQuXmJB3/v0/aYqCZvCIy8HXxga4XssLvPeZo1VQAAXOI7tB3zurunebpY1iyJN
+v11JEZbeWSIFL1kD8Faimz5k+WxoyFdVoe3Glp0yRNbINPYsy6l62qKqokRN9OEd
+kniqBTUnKbqvipyIjTiUn8Blk3M3o/0xOyIO7FmDmhnQeeRxOXX1R5cm2UFKHF5b
+WA/NTfnv61712IJDUZWLPEPqMkP+rMA9XXAcFB6LZldaIdFTi5pTB2UTWLYpdI3S
+H+N94C2FtVC4xcCZ6ZhIrw1GV0kMyrjr5V+h3bG1Kehmd4icyqQxgs5XcXuQ2JZl
+uTL3/9pEwHzW+2+Nl5LBxqNmUfwdC1ax/HXeG1iz7mT9rJEWPStzNNjHMa/+Ci1H
+K47T1Tz3xzsxPtDcpTwqep+jl00k6SL6rbxywWeyORfTUHypkqZ0iEo1CeiO3A8e
+Jjol9lW77O7S29X0P9raHNtV6lxPN5kFAOFDXf58foJ3uGBUGccD2NdCEluRSE7x
+kNM4AywtSNNKQliwuWPnGd3BoEoS/jHM97d9CwC8l5lMeMoTDIRBKeIPwiGPvxVv
+JqqgSMV9kvXhRkGhU3i+YryoaF2BdnBftZQAA5sYRdP4EorL0rO6YcmOTtgcuQ93
+VcPlK4qdv4pdl3q1Kqjwwi92kN9VNYcfY2rQTA09YScjika9sff8LM41jH60aCXR
+VoJrxcOh7mO6zBzdE55glYpvRLFChBAivY5hh5Dl9w0tyY1p0A+HpOxZUSSKPXAh
+kGpvDmjXSU/o3BzttOwoNtUPptxy5h7I/MTvvpYA4JO0hSItuxHpP5pmVYW4r+zc
+vuYZkBt3Vm9fAJzlwSZnRRLhEASGPQxepfWqlEXopcq2NX6vaRDUUrpAq9QFISDC
+eatXdD6DJ/6QhD1yf0u6cxYQU1K4yXBfgl+mq8rNCIMBvuZdJMOD52OmB5MPjK3n
+uoksn/TKZiIkZ4TNsq2IUtpkbzvpHGTrxWVpBfPNG26JLv9jAjW7OFp4qaoTtTgs
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4.pem
deleted file mode 100644
index 8a9c75ecf4..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4.pem
+++ /dev/null
@@ -1,110 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=basicConstraints Not Critical CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICgzCCAeygAwIBAgIBGTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFQxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEpMCcGA1UEAxMgYmFzaWNDb25z
-dHJhaW50cyBOb3QgQ3JpdGljYWwgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBANLhA0OA9wRfp95Q7/HTBd7PlWljTlLaWClrNNQ1jWPhuQJN3ww9dy42U/na
-HvOcy9yz2ANw44VJKqLn68rVvypadYoWUNUGPHgHSrhj37Dj/mNkFmw18BcEgpED
-4OIp2vJW00ZLeMt7ItsFh1pxpaHZl4WDHIWKh0BAuw7VBWhpAgMBAAGjeTB3MB8G
-A1UdIwQYMBaAFPts1C2Bnsonep4NsDzqmryH/0nqMB0GA1UdDgQWBBTYuN8r/BQM
-rtcTVstcPg56jM+RCDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACqRpg4KhHWSs
-qfP23ZQX2hAOVVT/0AqaTcnNCQVLGE4sE16rMPQMZQ4qpb1WAPZIq6gs+P43deDu
-5M4evZgQVheRR7RqQm7/7ZXAiJ4uzAvJjWP5eYg23OyHqPvaK76reyPgde/gegWq
-Lj/0XhyySYlWDr4i138LYLsfUDy2rWw=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid basicConstraints Not Critical EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=basicConstraints Not Critical CA
------BEGIN CERTIFICATE-----
-MIICoTCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIGJhc2ljQ29uc3Ry
-YWludHMgTm90IENyaXRpY2FsIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0
-NTcyMFowbDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVz
-MUEwPwYDVQQDEzhWYWxpZCBiYXNpY0NvbnN0cmFpbnRzIE5vdCBDcml0aWNhbCBF
-RSBDZXJ0aWZpY2F0ZSBUZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-ztwCM4KjCZAusrt0pqJODe24QkEVIKHLb4UAlOxeSbZZ4Ye5BtR5NylouUsMu8Ja
-XKoU+BxIWXmUrP7HSt2+D8HI33xczpxfXCUyYmY/ht58WkhRSur9n3XUBErcVOe1
-xoV/2CNceuS97TvupEAYDKkcK+Uv+gBZpuLyY2jF4ccCAwEAAaNrMGkwHwYDVR0j
-BBgwFoAU2LjfK/wUDK7XE1bLXD4OeozPkQgwHQYDVR0OBBYEFAL9NE678Dg8eh16
-3hZvX02XaVPoMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
-MAEwDQYJKoZIhvcNAQEFBQADgYEAxH3RpgHseEdMz+tdowijXMxxOgAvJ+bDmb4W
-VmA6BBlPljNwDeOJ5mu/qq2HaTbeYYkqxfGw/V0Nv5GoG4Ak0xnSFaVz8+dVEzDN
-Avks85QOwYREyw/sxlpU7uOjlWBOwfkglUJM8UU2ZpBMlJf6sn7bEf5W9w35ZUo8
-Vlf2alk=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=basicConstraints Not Critical CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:D8:B8:DF:2B:FC:14:0C:AE:D7:13:56:CB:5C:3E:0E:7A:8C:CF:91:08
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        9d:dc:8e:45:7e:1c:6d:56:eb:08:bd:04:5c:c7:9d:21:a0:ae:
-        69:b7:35:a2:b5:31:34:85:f0:0a:92:7d:20:36:2e:32:dc:b9:
-        8c:cb:ad:39:97:35:3a:9c:d1:68:37:f0:9a:06:ad:da:42:67:
-        92:30:82:b8:52:db:c5:d5:39:d4:2f:cd:7b:ec:18:43:56:6d:
-        d7:2f:31:9c:59:48:fa:07:af:f9:fd:3a:b7:e0:b2:4b:0a:7c:
-        e9:7b:04:81:75:1f:58:a2:70:bb:30:bb:e2:14:21:0e:34:74:
-        ea:e3:41:e5:d0:c0:b4:7d:51:52:f6:7f:51:13:be:78:96:25:
-        a5:8a
------BEGIN X509 CRL-----
-MIIBTTCBtwIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKTAnBgNVBAMTIGJhc2ljQ29uc3RyYWludHMg
-Tm90IENyaXRpY2FsIENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8w
-LTAfBgNVHSMEGDAWgBTYuN8r/BQMrtcTVstcPg56jM+RCDAKBgNVHRQEAwIBATAN
-BgkqhkiG9w0BAQUFAAOBgQCd3I5FfhxtVusIvQRcx50hoK5ptzWitTE0hfAKkn0g
-Ni4y3LmMy605lzU6nNFoN/CaBq3aQmeSMIK4UtvF1TnUL8177BhDVm3XLzGcWUj6
-B6/5/Tq34LJLCnzpewSBdR9YonC7MLviFCEONHTq40Hl0MC0fVFS9n9RE754liWl
-ig==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4EE.pem
new file mode 100644
index 0000000000..ff5bcaa6d9
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidbasicConstraintsNotCriticalTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: A1 9B 91 68 9D 3A 8F B4 87 03 A5 A4 FA C9 28 88 91 62 36 E3 
+    friendlyName: Valid basicConstraints Not Critical Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid basicConstraints Not Critical EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=basicConstraints Not Critical CA
+-----BEGIN CERTIFICATE-----
+MIIDsDCCApigAwIBAgIBATANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEpMCcGA1UEAxMgYmFzaWND
+b25zdHJhaW50cyBOb3QgQ3JpdGljYWwgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAx
+MjMxMDgzMDAwWjBxMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZp
+Y2F0ZXMgMjAxMTFBMD8GA1UEAxM4VmFsaWQgYmFzaWNDb25zdHJhaW50cyBOb3Qg
+Q3JpdGljYWwgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC+lPXP5KQEuLh1WekcPzNwCFWuM7cmi/FG3qRPojFw+46s
+DOSAtp94IFLaSYBGyblsOrYA97PExGbctAmt1W38kUO2MIsk272mfINEJPrdGaAL
+JjgGYcpmdOK0TgMCmVGKbUpNkPxGqeAUyWvfZbg6Cdd3QDBy9Q5ad1UxNd+EDkTc
+2vwH2C2VyqssOWfn93Rr2+klQo0F3KGClsQjwSmqvOR0gOv2f9snj0ldwPsovrZ8
+U9GxQOSYTowkGrV9o2H2+1jQYATvjAxqaanPAjXgVW3vR2gcq1VoVvN1fGYJETQa
+ZMa+JgX3AVLS97p2Ff9W4DTv7DNmH/bURXjo58gNAgMBAAGjazBpMB8GA1UdIwQY
+MBaAFAqkuTBDrEPINAITz+9V6L9wn0avMB0GA1UdDgQWBBQlrmGYIdS4j+kjLBG0
+7x6UOiFEMTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA0GCSqGSIb3DQEBCwUAA4IBAQASHVtzeHQAZSeSrZIJOSNHbe2hiGUeR3vWeod1
+aXrs8PRmqYyNdQ77ZYSfh0wVLEH9AtDPZXLBWEFcHQhJzO/hmtNsn/NYK4jGyzr6
+c/bF4sDJ1zPwkYZDJws3p9lmU55jhZrRYDd/fCYqpwo8IgWg7xR/glMMaAfMUKze
+eKttcTD50JUTlXehKX8hbMk2M+HgfQRRh9YuXFJEAJLscldY61riMQJ51/CLPZIG
+62jXV1vi2zixDY4Q4vuq2fN0alQVbx5g/yAisKi2TUWPe9+H9N04m8Xyq4FE+OsT
+YZsUiT/MiWoI8zXMqRnC5TErkFSxGq8cNqx+HBj+Lad8266A
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A1 9B 91 68 9D 3A 8F B4 87 03 A5 A4 FA C9 28 88 91 62 36 E3 
+    friendlyName: Valid basicConstraints Not Critical Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6D557D0EF72B7F65
+
+jRjR5uPELeAf9XrkOa1X1bMqKH8P9oZXbRrF4apOXvCzv6vd/mGaR5divIbAbY6c
+qh4ByJt6Kd7JTWTQpVm+518WqKCi0R2lHXLFRkvEnaCxkAiPZllnhyoNQ0mkq2ms
+ci03g97UpyZajB1uCbULbZv/kIHE4K4ma9jVLaR7mReJ72/kQ5A13YNTy9XCE+gh
+3O+21SoWzT+KRjzZX7otnuj8uLo5Vp/Wc4EJF5VxmG3XMb3p9e/LOiP/bUzrh1iS
+t9V73qZDXSm4r+KQbNYbxR/yIEgfkrjjyBENsXxgvXfdQKTTakEe6jRv474g8jHN
+JIlzjVvh7yD9aHZrbG5yMo9CSt7W5yyfzzHKpM11lgYvpJlPy03hp/DoBjXo1Hg6
+WuhlAwbk8FB9XhVWrCkqn21P7DXB5pqrFS66OCshWYP1ngNPKcEHr5wkn1xDs4mG
+EaVCio089f7MxOhXYG34TrPZWxDbWr+oWdt446IPkMmU16Sz5DxYxRW5gdJkwHRO
+T5be8cnaE+KmNVfOw3dH9aoxZL8kbIn3Vjz/73JS8nemtHA8ykLbB644U7cWqK4c
+xHxy8u5RIbrIp3DS6EaJkyTPxrPGPrHsYq5RqKoElkyjMswNUmq5VZKkGHGsYg2U
+7LY5LrZnDft3/9PCoAO6W1AOoqQT4/kOaRTJoH9PVs40yy3KOj2mlIVdPXmLIQB4
+pME71G/Uo01CWb6dlLIMRugwy5NBrnlIJaTIicK8jhh2rKd94t4TeMc4F+R2tbea
+rGflh/mlqQ+UYy/3oqBgQjZmAlJIOJMjEO43xBaSr9J0IqFKSkN7kzNpZH/CbcP/
+AVRwGGsoS50y//2XoQY1xO13nzBrN2wXjpenb9HijVSg+yqk4S3C+pN+rMD3UT3Z
+gFzbhuXxk+AaNVrURgwqwzi0UCXxTaNmMCCJsiRupZj8FvrBVQJaAOGi5HrPxoV7
+Uj7G48C5ykkFr9bBKhFyD6aP8xQp02wTXDx/l1wY8xmJnE5QZnNqGKgqfdoMoa05
+ufa4Ze5D5HvM7WZcediooYtc7a2CA1+R0bRuZ0BXtvU5gkHXvK2oSq5hcKQgDLkC
+6Xvq4TxhezhdCmbuKy8G+eHnpy7k/Y1j5ZAwN/F1jiKbqVoxJP/Q+3xskJBluwK1
+gjQ+SPMAKnDtLbhb9AlRPkl5stZeAo//OdooHepMFcrWmua+mUIrNIOzPy5KKcXs
+uQjdn7sw1a+QV6IDfVA1+Z/3KbQ7O2ULV+UrGqh7R3SYGjCXsDFoUQcMLLNYbfnm
+k3SnGM9KTGFthBeEpr7Q5QZWigKycZ+Q2VpQ4dcMcaHjQi+i934SKMw8ZsReZuRk
+IEMzQbHod7//jVM/aTkb/lFqRJ/V+IRhuLLFgPCAP8tZ6mJocsvxaMHX4kQv+f7t
+gBU6H0A0yPnhQGNkhl07pYiL/YDq8X8+wz6S5K3W6cqgURmkMrnuwd62n8lXEyZr
+5MFLLJKNj0cZPis/3zLJNXzTlKzZDPUWKoLOp9zsFoEESh5yA5Jv+21JKidULudn
+zs/fPzObcSFWjHoH49vk+qIca71IJ6cMOu2kzDYWgFLL3qBbW24t2u/AkbTo3AVe
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28.pem
deleted file mode 100644
index e788cc4242..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28.pem
+++ /dev/null
@@ -1,178 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA3
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0EzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCb2axnNI56WnvGeocp
-atKwDsPjuFVSHeTtyX3KVU/1U+ST/Jtv0u5WPp4iitAz/ddFiiBj4cwgr9hZYd0Y
-tUyBvGAP8UjJVp55qo1hjMDYyxFRqotx6gH4F7wyfu7s08ERFrtOoT91EwbaTFwG
-go0sbSeXio43GfBdAxDi3INGdwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlii8KaatWJ9nLsfCwZc63+6I6ygwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAM8E4GsQT3eKZHuyNOUIn/7ZFw/9gFX3
-QfyYv5/Qozv19LTpdKCuIJuZAO900NFkfI4m4kjaYB8CGf9Z2P2B3ctXzgdI9uJM
-KmRUnMfzzXGKx+jh+/xkwYi5kduJ2RECX0mqAcOS38OFX3ej7LQWTQ9y3oeqevcS
-aUfi6VDmnLr8
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA3 cRLIssuer
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA3
------BEGIN CERTIFICATE-----
-MIIC2jCCAkOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UECxMZaW5kaXJl
-Y3RDUkwgQ0EzIGNSTElzc3VlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-mHdETkTcRztCRHzlSZJg4afLgOPz/cqZQIIoA4riJ/kHT00t3kf5mRx0Gz8/GWBH
-wYjUk5NlqDoDlmTby3SFHnZac7Ba/+rkiu4Jzdivp+BKAkiTKzIk9eM5KNv+rpUc
-cy3XKWPbz/ox5+OEvn2NhUfVWTe/RbJx1Nq0Mvybh2cCAwEAAaOB0zCB0DAfBgNV
-HSMEGDAWgBSWKLwppq1Yn2cux8LBlzrf7ojrKDAdBgNVHQ4EFgQUsQ4hS7IckqgK
-M04rBolnT6FPHZ8wDgYDVR0PAQH/BAQDAgECMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATBlBgNVHR8EXjBcMFqgWKBWpFQwUjELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMxDTAL
-BgNVBAMTBENSTDEwDQYJKoZIhvcNAQEFBQADgYEAbIFuFqULVZjrhsyragErXnS8
-R/sgqnP5GJcPHn7p87dEkExtxEYL5N4XnDQXhWdnpc9UtAzh7qR3xnE9EvjeaU1r
-lnsdkbJNO7DxTaM5EqLxiy/Rpf+b2rBprv10A0HvPloU9JvnVNHxT/2XA6hMnCsI
-6gImM5yk9Sc/rTitZ6s=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid cRLIssuer EE Certificate Test28
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA3
------BEGIN CERTIFICATE-----
-MIIDZTCCAs6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlVmFsaWQg
-Y1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QyODCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAuwCMHRZqCorqgWJ/3RJzqiuHtyGbyYxGxHWcVZTbw4GSmQtI
-F07KmEPqaz7I/wyMS0+u70yDrhQkfH1Esjmx7/srC+p4oBzZMa3/LiyDo0D63NjA
-3JjOdLwf3YRWGE+4XcPbjHsd486hkCCXw4EF7ZfnscRWgNCe6FEzHy131MkCAwEA
-AaOCAVEwggFNMB8GA1UdIwQYMBaAFJYovCmmrVifZy7HwsGXOt/uiOsoMB0GA1Ud
-DgQWBBT6Yyl3V/7WremGwNkDahqsIxegJjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMIHhBgNVHR8EgdkwgdYwgdOgfqB8pHoweDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlp
-bmRpcmVjdENSTCBDQTMgY1JMSXNzdWVyMSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwg
-Zm9yIGluZGlyZWN0Q1JMIENBM6JRpE8wTTELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMgY1JM
-SXNzdWVyMA0GCSqGSIb3DQEBBQUAA4GBAIk5myvkEmHvyOOh3ygeeWzpz2aV6o8D
-ojAK/KS84CYsP7f64D8FU/H3JFrTXBNOoRiXpqrV5bzrHcmXgodQWTwOSL2KLzi9
-inTs+pRDbTw1oevK3GAjN5BedRZlgIyJr8d05Knp0YGYoItGYQTQXd22Dlzuoz2P
-L5I8AvoFHSAL
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:96:28:BC:29:A6:AD:58:9F:67:2E:C7:C2:C1:97:3A:DF:EE:88:EB:28
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0Z.X.V.T0R1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA31
0...U....CRL1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        15:65:bb:88:f2:fd:8c:76:6d:92:ae:f5:06:d5:bf:c8:ba:bb:
-        d4:98:de:83:a5:e1:7a:e9:92:96:f7:c2:ce:0c:de:7b:81:7f:
-        a0:32:c8:a4:15:a6:16:e6:51:b1:b2:e5:92:62:ef:46:d3:7c:
-        5f:37:56:47:5d:3c:12:94:a6:3e:18:59:6b:2c:9e:ac:f0:90:
-        03:23:84:b1:cd:0f:49:ff:1a:8e:67:62:35:32:68:ed:24:a2:
-        76:93:5c:b2:80:5d:bc:81:26:ab:02:c0:f4:a1:de:3a:6d:0d:
-        ae:02:66:fb:6e:72:49:59:fe:f1:2f:87:d2:bc:98:10:3e:33:
-        3d:d5
------BEGIN X509 CRL-----
-MIIBpzCCARACAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqggZgwgZUwHwYDVR0jBBgwFoAU
-lii8KaatWJ9nLsfCwZc63+6I6ygwCgYDVR0UBAMCAQEwZgYDVR0cAQH/BFwwWqBY
-oFakVDBSMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-GDAWBgNVBAsTD2luZGlyZWN0Q1JMIENBMzENMAsGA1UEAxMEQ1JMMTANBgkqhkiG
-9w0BAQUFAAOBgQAVZbuI8v2Mdm2SrvUG1b/IurvUmN6DpeF66ZKW98LODN57gX+g
-MsikFaYW5lGxsuWSYu9G03xfN1ZHXTwSlKY+GFlrLJ6s8JADI4SxzQ9J/xqOZ2I1
-MmjtJKJ2k1yygF28gSarAsD0od46bQ2uAmb7bnJJWf7xL4fSvJgQPjM91Q==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA3 cRLIssuer
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B1:0E:21:4B:B2:1C:92:A8:0A:33:4E:2B:06:89:67:4F:A1:4F:1D:9F
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0...~.|.z0x1.0...U....US1.0...U.
-..Test Certificates1"0 ..U....indirectCRL CA3 cRLIssuer1)0'..U... indirect CRL for indirectCRL CA3...
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        68:34:87:64:55:65:a9:87:47:54:c2:2d:14:48:91:1e:ee:59:
-        f5:ed:d9:06:6d:78:b9:ff:81:8c:5c:02:f5:08:b5:22:90:75:
-        02:f2:63:62:78:25:4d:6c:2f:1f:a3:58:e2:1f:57:2b:3f:49:
-        0d:0b:bd:85:02:c5:ac:ad:9d:38:0b:13:46:2c:34:f2:9b:e5:
-        22:f5:55:cc:63:fb:c2:69:94:14:d7:e5:78:4f:17:4e:16:98:
-        65:81:cf:9d:72:20:32:78:15:0e:22:af:22:2c:21:c5:7c:db:
-        8c:31:be:ad:59:c4:81:24:e4:ec:e0:0c:40:4c:2b:95:98:dd:
-        8f:f4
------BEGIN X509 CRL-----
-MIIB3TCCAUYCAQEwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMg
-Y1JMSXNzdWVyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIHEMIHBMB8G
-A1UdIwQYMBaAFLEOIUuyHJKoCjNOKwaJZ0+hTx2fMAoGA1UdFAQDAgEBMIGRBgNV
-HRwBAf8EgYYwgYOgfqB8pHoweDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg
-Q2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMgY1JMSXNzdWVy
-MSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwgZm9yIGluZGlyZWN0Q1JMIENBM4QB/zAN
-BgkqhkiG9w0BAQUFAAOBgQBoNIdkVWWph0dUwi0USJEe7ln17dkGbXi5/4GMXAL1
-CLUikHUC8mNieCVNbC8fo1jiH1crP0kNC72FAsWsrZ04CxNGLDTym+Ui9VXMY/vC
-aZQU1+V4TxdOFphlgc+dciAyeBUOIq8iLCHFfNuMMb6tWcSBJOTs4AxATCuVmN2P
-9A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28EE.pem
new file mode 100644
index 0000000000..2d774c09bb
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest28EE.pem
@@ -0,0 +1,66 @@
+Bag Attributes
+    localKeyID: 95 E2 B6 92 51 B8 EE 8C BC FC 22 3A E1 9A 20 48 77 9B 53 76 
+    friendlyName: Valid cRLIssuer Test28 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid cRLIssuer EE Certificate Test28
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA3
+-----BEGIN CERTIFICATE-----
+MIIEgDCCA2igAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0EzMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNV
+BAMTJVZhbGlkIGNSTElzc3VlciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjgwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAcgXZlxz1vsqbr5dbfy/fgYWOCvNO
+Zm22LtUSHyeXR1vIpqI+W9/GpT/YipI/yDJuxCklM3GwmgJrQlm7LK57UuiWY27e
+oHKVNGEabtFfyjjOKwRD+yq+0bxdXCR8eFKLr++w5vgHaoeFrTOdV87YGPpzEW/Q
+9L9/xL1fkAo+6h+lIKkWF6oXA/SQMrbE5Svlcc4jE8I5QJiZytL7Or7KH4Szs3FQ
+ZQktcin7oYKrovcKkxBzvAAfr8uxFwPrngHGFd5Ti+hDKVUZyUwRxt1MAbebWIb1
+LpWiQI5w3wx5SEBSQRhDCuW/CqS587vBOQSGuRBcwKA2lAaRJ8wi7q6XAgMBAAGj
+ggFdMIIBWTAfBgNVHSMEGDAWgBRIk1R9xG0w/y1XRXEk30wFn0oALTAdBgNVHQ4E
+FgQUg3uZU2ZksblpyuyaAZ3YIDhwGcswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATCB7QYDVR0fBIHlMIHiMIHfoIGEoIGBpH8wfTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNV
+BAsTGWluZGlyZWN0Q1JMIENBMyBjUkxJc3N1ZXIxKTAnBgNVBAMTIGluZGlyZWN0
+IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0EzolakVDBSMQswCQYDVQQGEwJVUzEfMB0G
+A1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UECxMZaW5kaXJlY3RD
+UkwgQ0EzIGNSTElzc3VlcjANBgkqhkiG9w0BAQsFAAOCAQEAbai0gBNwrPSxSlGN
+My40YqFlMpSuj0pV0mcRc42WWUX4L4JvXkjLQQoN8kZyguCCcOBkDl/vclb86G/y
+Ar+2wWbtwa2lZQ3VHi4X9ss/g5cXUXX7eDhsNiQmD6KMIIBn+j9GDvHqdaooDSpc
+94b/EsfCCTIoT98Ayng4ScGsezzbiDBFt+kVOZrNwwZIthISbj5H8rTrhJkFcinR
+l1i2qiKugubIptFAnGeUu4mDCvxzWSEJwK3diKK0Dq0DB5siNpUhi3KQsaYkJRKa
+qkxvm1q3H+n50eYDtDTtuEWoIUEciYOS73p1Oums5dLUZL8FiRea9ODY4T+5g6XC
+3yQwXg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 95 E2 B6 92 51 B8 EE 8C BC FC 22 3A E1 9A 20 48 77 9B 53 76 
+    friendlyName: Valid cRLIssuer Test28 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0AD86CD7DA0ECF30
+
+kK8ErkJFMMQTRPKQD3zzPgVZSIYadshEsxCXpYU26SadxrnWoCwG72vqjbZEv7ux
+9jgkhlzH5yLd++Qu9RuB7Dj8/leuBRhvh12KwxR+Ct63BVDk5+JdeUgdRXhXzNMo
+YBL7ym3HTrw+eD3Jv075tw8MoCEm2wL/Wle+mn9YZX1h40KoumKL5ESrUZAiAx8f
+orYmGySVqUfM8X7OOS+xk046YMso4tQLWGp10f1MDZcHt3X6RebgV3fdfhuMTPbe
+d0ywYfvjGV8N7M+vRHR2hwJxBkRfWawfqT9se6czEUzOt86htvviu4HMbCD0g9qy
+lLsq2lKe2s8Z9GXW+AjU1Je9yz5fNTmzJ93OB8fIod+iUD0FhriLW+ZalbKNWGQq
+n5yQBlXdxlhd06L6YlHyQLqZvav0dpm5zS94a4gGX/76DLfrL04VLgdhDrfeV8VB
+DWFdoFlGONubIuQCxolKMVTcldU2h7GI7+69u6uBe0kxHdGx20q91x7G1yA0STSi
+YFEeHR3rMR5bUtys0dR7ANeH82DHVIOBo7JV9fg3yRCZlmko99+Yw9zbFvxVn1GJ
+rk5rMZ1tl5fukWDKGHgxKD+BSHll3MpZ49u9laQ+owsBPEqoOQYzHccUrRfKcm9u
+YwT6fQBRteXCiBbvPt+MT5V2C6R+SI2CMtd6V3AQ/E1rjgq6gI8+kI5Ro0WaVsGt
+8ZWd+uAzhVLdDafVsPGmUT9SQGvC2bmPhaUHy1Hur8zm9RMKpsXkrELFHydjJoaZ
+IReLor1mpLE7WkGrUGF1hW+JmdpnYSI+OK24i52Fj5BqGUn596DyTxZLbfruMluX
+sX6AEQ85l2wQzMeyLYMigvJTokI+XX6MxbUP9iCWZjm8/Jjbghyizn7JsaLJP1y7
+oQBndyfq9BkPAdY7wSNCwj4vd5GscCtqBLR+NuJKdlCbcdRwQYTD0FgA9+4JQ+Dh
+6lBxf8ynffsiUKK1viuspfiZR38kTFUYvGKHjVnUV9+zes61qvZll/zV/NEz1zoj
+z0F405gUNExUGBsOAQMQ8oCE2KsK25QMmPJezHa5qHob4EnSRf53AQEQh67YZnFD
+NG7jAAuK3NPeQ2AMzZsWTiHiu9SBTeSsEBnYn0L5VfuAhMKHfsiTLmUODmuKxFOt
+oNSWrTegQQnkVMHeAfiq7xbCRiTAsmQAR5tUH8rBGGDtQVdUxe2RYxKdL+FXL6aX
+tY73dYWsSIltuQkHDAKgi8wrLVqyBkkSvCWYGAfjiNC3aoB2iCVazwwz9sjYi4oT
+vKE5W/+rwkE+CB8NgkJHfE8O5cJb1mbhCwG+AqAdoAlYdgBJUzdU+uzr8wzr9f/5
+DAZ3WzfFqvGTcXBaIjlPkJPgT9Gno1P3twfAh9/RCnwbl9AmySS3FJMZLp+JnQ+3
+DRcpiLVpxR+zyw7QVEPUbQKv82fV6wIv3XCUMqFDY6U2mD5JtoHFeE3bcaxXAVCk
+vSedEEHJPKPIOFTvLy964pLPvNfiWJSnupYO5bjI7SIj+9KZ9jF1cwbMIJKjtCZ2
+3n8JxVSn9pWaYVZZG+EjcXRKh7X6Ax2CfBRw9guMwm6FF6qu5p9kUUan7KumMCVh
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29.pem
deleted file mode 100644
index 4eba759d4e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29.pem
+++ /dev/null
@@ -1,176 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA3
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0EzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCb2axnNI56WnvGeocp
-atKwDsPjuFVSHeTtyX3KVU/1U+ST/Jtv0u5WPp4iitAz/ddFiiBj4cwgr9hZYd0Y
-tUyBvGAP8UjJVp55qo1hjMDYyxFRqotx6gH4F7wyfu7s08ERFrtOoT91EwbaTFwG
-go0sbSeXio43GfBdAxDi3INGdwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlii8KaatWJ9nLsfCwZc63+6I6ygwDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAM8E4GsQT3eKZHuyNOUIn/7ZFw/9gFX3
-QfyYv5/Qozv19LTpdKCuIJuZAO900NFkfI4m4kjaYB8CGf9Z2P2B3ctXzgdI9uJM
-KmRUnMfzzXGKx+jh+/xkwYi5kduJ2RECX0mqAcOS38OFX3ej7LQWTQ9y3oeqevcS
-aUfi6VDmnLr8
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA3 cRLIssuer
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA3
------BEGIN CERTIFICATE-----
-MIIC2jCCAkOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UECxMZaW5kaXJl
-Y3RDUkwgQ0EzIGNSTElzc3VlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-mHdETkTcRztCRHzlSZJg4afLgOPz/cqZQIIoA4riJ/kHT00t3kf5mRx0Gz8/GWBH
-wYjUk5NlqDoDlmTby3SFHnZac7Ba/+rkiu4Jzdivp+BKAkiTKzIk9eM5KNv+rpUc
-cy3XKWPbz/ox5+OEvn2NhUfVWTe/RbJx1Nq0Mvybh2cCAwEAAaOB0zCB0DAfBgNV
-HSMEGDAWgBSWKLwppq1Yn2cux8LBlzrf7ojrKDAdBgNVHQ4EFgQUsQ4hS7IckqgK
-M04rBolnT6FPHZ8wDgYDVR0PAQH/BAQDAgECMBcGA1UdIAQQMA4wDAYKYIZIAWUD
-AgEwATBlBgNVHR8EXjBcMFqgWKBWpFQwUjELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMxDTAL
-BgNVBAMTBENSTDEwDQYJKoZIhvcNAQEFBQADgYEAbIFuFqULVZjrhsyragErXnS8
-R/sgqnP5GJcPHn7p87dEkExtxEYL5N4XnDQXhWdnpc9UtAzh7qR3xnE9EvjeaU1r
-lnsdkbJNO7DxTaM5EqLxiy/Rpf+b2rBprv10A0HvPloU9JvnVNHxT/2XA6hMnCsI
-6gImM5yk9Sc/rTitZ6s=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid cRLIssuer EE Certificate Test29
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA3
------BEGIN CERTIFICATE-----
-MIIDEDCCAnmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBMzAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlVmFsaWQg
-Y1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QyOTCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEA3icTqNDmsima/TbMUuvjBhV59GC8zfX3Z3bbHAEH/kipg5Gu
-rREsznRezB5sZVZG9SH3vfWMkugzVFLlYsAsp5Zjon3+ZM7t/JtZJ0pg6XzqsEfZ
-/FCux1F10rMBIsaPzcLtc1At1aWoaqU4ydyam/kDzOEt7f/7WGqGY/ljZVUCAwEA
-AaOB/TCB+jAfBgNVHSMEGDAWgBSWKLwppq1Yn2cux8LBlzrf7ojrKDAdBgNVHQ4E
-FgQU3ZhtNWI1qdWfBti5WKsMkC0xclMwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATCBjgYDVR0fBIGGMIGDMIGAoCuhKTAnBgNVBAMTIGlu
-ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0EzolGkTzBNMQswCQYDVQQGEwJV
-UzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAsTGWluZGlyZWN0
-Q1JMIENBMyBjUkxJc3N1ZXIwDQYJKoZIhvcNAQEFBQADgYEAAJ+7QrDsVr4IL5DF
-k4CE+XFTE1pd3zqHZCCUSiXp4rY5FEPlsErMT9xcEUB3CiHNFLdKRdaxMxeJ0Of4
-oJV5cnM/0QdVM0HkieFFasr9Ad5CdV7ltfgzgV3fgjDr/hsBAIfcD516l2s3oN7L
-PvlIa7CLUa5f5TGAyvyKF9d1sRo=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA3
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:96:28:BC:29:A6:AD:58:9F:67:2E:C7:C2:C1:97:3A:DF:EE:88:EB:28
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0Z.X.V.T0R1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA31
0...U....CRL1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        15:65:bb:88:f2:fd:8c:76:6d:92:ae:f5:06:d5:bf:c8:ba:bb:
-        d4:98:de:83:a5:e1:7a:e9:92:96:f7:c2:ce:0c:de:7b:81:7f:
-        a0:32:c8:a4:15:a6:16:e6:51:b1:b2:e5:92:62:ef:46:d3:7c:
-        5f:37:56:47:5d:3c:12:94:a6:3e:18:59:6b:2c:9e:ac:f0:90:
-        03:23:84:b1:cd:0f:49:ff:1a:8e:67:62:35:32:68:ed:24:a2:
-        76:93:5c:b2:80:5d:bc:81:26:ab:02:c0:f4:a1:de:3a:6d:0d:
-        ae:02:66:fb:6e:72:49:59:fe:f1:2f:87:d2:bc:98:10:3e:33:
-        3d:d5
------BEGIN X509 CRL-----
-MIIBpzCCARACAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqggZgwgZUwHwYDVR0jBBgwFoAU
-lii8KaatWJ9nLsfCwZc63+6I6ygwCgYDVR0UBAMCAQEwZgYDVR0cAQH/BFwwWqBY
-oFakVDBSMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-GDAWBgNVBAsTD2luZGlyZWN0Q1JMIENBMzENMAsGA1UEAxMEQ1JMMTANBgkqhkiG
-9w0BAQUFAAOBgQAVZbuI8v2Mdm2SrvUG1b/IurvUmN6DpeF66ZKW98LODN57gX+g
-MsikFaYW5lGxsuWSYu9G03xfN1ZHXTwSlKY+GFlrLJ6s8JADI4SxzQ9J/xqOZ2I1
-MmjtJKJ2k1yygF28gSarAsD0od46bQ2uAmb7bnJJWf7xL4fSvJgQPjM91Q==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA3 cRLIssuer
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B1:0E:21:4B:B2:1C:92:A8:0A:33:4E:2B:06:89:67:4F:A1:4F:1D:9F
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0...~.|.z0x1.0...U....US1.0...U.
-..Test Certificates1"0 ..U....indirectCRL CA3 cRLIssuer1)0'..U... indirect CRL for indirectCRL CA3...
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        68:34:87:64:55:65:a9:87:47:54:c2:2d:14:48:91:1e:ee:59:
-        f5:ed:d9:06:6d:78:b9:ff:81:8c:5c:02:f5:08:b5:22:90:75:
-        02:f2:63:62:78:25:4d:6c:2f:1f:a3:58:e2:1f:57:2b:3f:49:
-        0d:0b:bd:85:02:c5:ac:ad:9d:38:0b:13:46:2c:34:f2:9b:e5:
-        22:f5:55:cc:63:fb:c2:69:94:14:d7:e5:78:4f:17:4e:16:98:
-        65:81:cf:9d:72:20:32:78:15:0e:22:af:22:2c:21:c5:7c:db:
-        8c:31:be:ad:59:c4:81:24:e4:ec:e0:0c:40:4c:2b:95:98:dd:
-        8f:f4
------BEGIN X509 CRL-----
-MIIB3TCCAUYCAQEwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMg
-Y1JMSXNzdWVyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIHEMIHBMB8G
-A1UdIwQYMBaAFLEOIUuyHJKoCjNOKwaJZ0+hTx2fMAoGA1UdFAQDAgEBMIGRBgNV
-HRwBAf8EgYYwgYOgfqB8pHoweDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg
-Q2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTMgY1JMSXNzdWVy
-MSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwgZm9yIGluZGlyZWN0Q1JMIENBM4QB/zAN
-BgkqhkiG9w0BAQUFAAOBgQBoNIdkVWWph0dUwi0USJEe7ln17dkGbXi5/4GMXAL1
-CLUikHUC8mNieCVNbC8fo1jiH1crP0kNC72FAsWsrZ04CxNGLDTym+Ui9VXMY/vC
-aZQU1+V4TxdOFphlgc+dciAyeBUOIq8iLCHFfNuMMb6tWcSBJOTs4AxATCuVmN2P
-9A==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29EE.pem
new file mode 100644
index 0000000000..a361c3ee96
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest29EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 66 79 78 DF B6 14 66 FC FA 2B B1 94 E2 E6 9E 44 45 B3 13 89 
+    friendlyName: Valid cRLIssuer Test29 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid cRLIssuer EE Certificate Test29
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA3
+-----BEGIN CERTIFICATE-----
+MIIEJTCCAw2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0EzMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNV
+BAMTJVZhbGlkIGNSTElzc3VlciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MjkwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr3eGR+sBYL85UTAHpOdf45y4rELYl
+wkiGSqJB0cDybDToAMVL08FJKdEfFC7fyOiTCRd18R/tV9iAopb0sLGPvcHDkeDP
+Nr6IBJq3rpnYOhA/iKb9+zwTNJqxAmAac43HTADC9FCaY6A5HxVO/OwfXux92WDg
+obFuNFj/axWUnERbzU6u4r4rl02Cn+nWtXqYRUn8WHRNIggdZjxNbl0ns1Ynygkv
+X7Uld32VzdSiS4h6xF0mf+IhgVBsP1yiiQLuY5xMqw70i2fSpj93Bm2w/xilKiL+
+odvCDINZiInokTGNzf67hxM01LkLlIZDNDZadNY9/TN50RpprPckGIajAgMBAAGj
+ggECMIH/MB8GA1UdIwQYMBaAFEiTVH3EbTD/LVdFcSTfTAWfSgAtMB0GA1UdDgQW
+BBT/vJxlImx2fXxtPpgGHfvzrNORyjAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMIGTBgNVHR8EgYswgYgwgYWgK6EpMCcGA1UEAxMgaW5k
+aXJlY3QgQ1JMIGZvciBpbmRpcmVjdENSTCBDQTOiVqRUMFIxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSIwIAYDVQQLExlpbmRp
+cmVjdENSTCBDQTMgY1JMSXNzdWVyMA0GCSqGSIb3DQEBCwUAA4IBAQAbMog7F0ck
+BMnOTiITw0tI6o2ZuPQHvTqPIN37xQRzo2nkDAKsP3Z0bYp9l5LMhwvXB/ngYF//
+mgbfuZvM7VGhmvOAXKxRJSP/pgcMIXYmD6wxNnbd8+RSXGMV3sY3qxkgvpk4OWek
+kXrZOjJvsvEFihZpaaK+tE09+A0yjDSIws/8a9KQ8tlLRlfhOnthoUfKYuxgZVpw
+78j1wbj3hFl2q0Zbk1iIBi8gHFHiVhbpEE7a7ui1c8cNCUZmMPvm/ojEkefFRMIv
+3KX8NENvjgRlqowMz2oMQQrEtMswy7ofQ2qso0oH417rhglOY9YQPjnCKEWdYQuw
+7j1p8nTrvKa+
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 66 79 78 DF B6 14 66 FC FA 2B B1 94 E2 E6 9E 44 45 B3 13 89 
+    friendlyName: Valid cRLIssuer Test29 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8EE0D1DD985FBC8A
+
+Et6YIfjyHfadq7IW2VA8RHjauA0LFzaerIAdya8gGkq2NHxRSXUaAdaQzxK2kHJE
+P1fZvyVUlrdsm/ANhWMp8aSnRhVh0+M4EjcjBvEiui/adNzTorJROOBxcuiwdoo+
+7UerJl1jqnwU5wBRzew829uxbySILsDkhymURrCMqveq4G9AT8Izekg754zVBowq
+oblsyHLin/PIMKWOiwGBJWsdGKLlpcIp1Oi3CeCq0TrIDWaId3/iL8H1g3Rytib8
+AzmRlmUATwACWrvRo945GYD+x3taUB0Bl35l6+3K3SMHddqtRlOR/iF1JRsTHDq6
+8sYZBaiI0RtuAVTleh0gLI+zLxf/kNVNX/3eWd9RcxydMlV+w/+c2og+jiS3VNpd
+3YdgghJ+QLRQ65nq4yCwLLe9pbKgxHsKYA+0fZX8nDzj2TREcsimNyOPW8ZNt7kL
+wMJPnA6AMMcDQfDDsijxZo4vQaWRoAknd+KXZP+EeYXWJP3c6UDLXfmXMC81oG7c
+QMLvXz90OzPegb+2YbBQYE0RoyVBwq3KjmUHg/SGOOnhngEIQSXqdDsf0+khGkzw
+VlRr4cstFXmlcUoa/DIoMQKyVZh51tY919k+dhbyYok01cqIzgD9WzNKpD+Me1HN
+CE1EG9Cd8iZ7if0+LXcHui2YzYrjZOTG4WsEA0ZPzTIVSiXw2jQ4X12Trwbb95EO
+1ye0eSbh7+RGs33IkK4D5nHymEghqTh9P0c0fNq6jqv4+R5A9SLpoQ2f3RfTyg8h
+1/UpfFPdJqviOYabqenbFGbSGy/md4wHvqh2m7lqRUe0gUJrJ5FrR+oSuYFOJrZk
+wVA5Ce5bAI7ZOdtgt2s4+/p93d61JJVrk+dmBqjLsDEPbA4AZqNJf/2EUpaAVV0v
++ycWwFnsnfmbZE4NakWCP19MY/ZYzTMJgQgyKOHO8iy5GRXkU0e5Y7n19f2c136H
+hxRdP6b4Vzx+lemLcKPdFjeV2dRAebhdMr8wB4FZ1go+aYxMmlWYuhH7tKE8qbDY
+D0aoRU8r6d3DyHzai9I+gXW/yKgbs0RiVWZ1fXq1pPhYMXrqecTnxcu3mONrkDGI
+Hckutom+EshGpbRPDCN7lTJoaUZQoY8uXeCyaPiXdHLSsdXZjIWAF+9LoJsQ5/9v
+L0rhVkt+P6EMjshpvnVLpM9iqOzTJdfmJMCFZscoPcAodjDdMHvD1ZvUPkWWEmRH
+TOtSRFqhbPALKYg4f/ujqKmb9oMFrOlWQtLsGr9di4KH0WiqMMZTj3Lh+S0eb4kE
+mXB9Esu28FFBUnM1kWnAJXoyALp9Ah1HTdbEGBNgTzHS4k3+MX8fSNUm0awRrbA7
+z6equPhnEnrDpljoGlcmwTfmnHqTd+BSV74yND9dUoKZldd1LBBuOzzPvrwD7UtN
+7l1m6s5cI5DyIjI1uzDYmb8kEVwL3gd2ts/upTEZ1dBH2zEsrleSYXSoWcLYM6+d
+0Wa60QHYkRQ3/Q6a2qIEBeizYpm/APEWmN0OFVVvHIi2qvj5Mp0f4YlnZFeY8Nv0
+YrkixNgPEarGTXwAzTdYqhNQlOR1VSxWDKlxU+T9L5jHkbU1oTswPt0WuJF1A/y0
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30.pem
deleted file mode 100644
index 5fa8620800..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30.pem
+++ /dev/null
@@ -1,143 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA4
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBVzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0E0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOomKt58EC5ZhZuQ5l
-1sHzwQGlV0aO6IxFJcWNzxERgALimki0sMEmrMvIg7vymvt/sQE/n4ivjA4Zmi7J
-AvHlOsvgWiM6Kv2pvPkoBbRuOLQz1jrvOXIQlapQc6bsv3Cp8tIpxtNdjHEagqpc
-+yL8WWtTTB89P2WOaDjUevZPSQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUrbJDVL6XeFCXxQvyNJPFyECwuScwDgYD
-VR0PAQH/BAQDAgIEMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFWfQvCC6bO3TFmioOAPr4LLUDYbz8Za
-z26H0RgIrFnUEmrPZF7i4/iQpq6cJmWcOb3M3wI/3IlaUmydTEOBpGGazIlk7NF6
-28v19V7KsugitbLcZJXOtaqbseyfwWgFT3LLvxV8qJqKBhNR3NUJvjdBYU6KlbeE
-rZoFX9Ru0Z0G
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA4 cRLIssuer
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA4
------BEGIN CERTIFICATE-----
-MIIDWTCCAsKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBNDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UECxMZaW5kaXJl
-Y3RDUkwgQ0E0IGNSTElzc3VlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vVQzOttxelJEVuWmMiwdG3GTEejfYhWdQmYtsSPFQ64V3B1F/SYYykFOPCVAbkZh
-PvFOhkUY0iQCBXi95lpCsWt31O2l5oIhKuzqBU6q86Ymk32qDQBvwtaHAlHRSdfn
-nPsCxWlDQdl5El4WL4/bT60xL1SdwWePNDldrtN7hf8CAwEAAaOCAVEwggFNMB8G
-A1UdIwQYMBaAFK2yQ1S+l3hQl8UL8jSTxchAsLknMB0GA1UdDgQWBBQF35wWai5Z
-gbV2xnj1OQvb/oVaYzAOBgNVHQ8BAf8EBAMCAQIwFwYDVR0gBBAwDjAMBgpghkgB
-ZQMCATABMIHhBgNVHR8EgdkwgdYwgdOgfqB8pHoweDELMAkGA1UEBhMCVVMxGjAY
-BgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBD
-QTQgY1JMSXNzdWVyMSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwgZm9yIGluZGlyZWN0
-Q1JMIENBNKJRpE8wTTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTQgY1JMSXNzdWVyMA0GCSqG
-SIb3DQEBBQUAA4GBAFKBu5yoQtqwA+MA/6AboLUyFrryUbT8gm6n5zVA7H5ezmO3
-apxKCgdHPEshKAN+SgO2kto0eE/4s2MF++66pMA+r8TDDmCrOfYVwMHyPVOrBKGM
-n7C+rt0ozZ32wA3d7k57IIsPT/H56TdX07oV5URZKAJ0k5iaPCBBLmF9w6BE
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid cRLIssuer EE Certificate Test30
-issuer=/C=US/O=Test Certificates/OU=indirectCRL CA4
------BEGIN CERTIFICATE-----
-MIIDZTCCAs6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JM
-IENBNDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlVmFsaWQg
-Y1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzMDCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEArCi7o+0oIpxvpPUN8G1Ys04I2kgIPVMldcU0tM/QiAGdPEXG
-j/Hcn9YQZVOGFuuPKge/kZ7wheOIpI91lKkeGqegSWssN1BzgiAJupENTtDlex3I
-FqatuDIln6nXgUp984F42mLPqLcXqSiAzCkJiPz24slUDhJiLWkEE0fWFrkCAwEA
-AaOCAVEwggFNMB8GA1UdIwQYMBaAFK2yQ1S+l3hQl8UL8jSTxchAsLknMB0GA1Ud
-DgQWBBQ4JkHeuoJrm1VjW/qWHf72m1Xm5TAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMIHhBgNVHR8EgdkwgdYwgdOgfqB8pHoweDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlp
-bmRpcmVjdENSTCBDQTQgY1JMSXNzdWVyMSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwg
-Zm9yIGluZGlyZWN0Q1JMIENBNKJRpE8wTTELMAkGA1UEBhMCVVMxGjAYBgNVBAoT
-EVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTQgY1JM
-SXNzdWVyMA0GCSqGSIb3DQEBBQUAA4GBAEGbnAJ6dpMVdHCjEMoVtyK7az1Sxcea
-28kAl/5TcdMNyP/DUgoweDRVQcm7sbJ3se3M0ac/+I9ce78YpS2e+83drRFYDRTg
-4DRD5RJUr6SS0F4tAwyncyaCsTn577sLWSmnkF3SKBiz6QNr83tetioIeXhAUcoI
-0tg5RoGSJkFD
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA4 cRLIssuer
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:05:DF:9C:16:6A:2E:59:81:B5:76:C6:78:F5:39:0B:DB:FE:85:5A:63
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0...~.|.z0x1.0...U....US1.0...U.
-..Test Certificates1"0 ..U....indirectCRL CA4 cRLIssuer1)0'..U... indirect CRL for indirectCRL CA4...
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        8f:7e:a7:21:7b:8e:70:00:d3:23:a8:d7:d5:ce:87:34:44:e0:
-        ad:e2:89:f6:7e:9d:5b:2a:b7:af:57:bf:95:bf:5e:6b:f9:1c:
-        40:77:87:ea:eb:b1:ad:0c:e1:55:82:93:f0:bb:f6:e5:4c:33:
-        69:e5:41:c1:c9:6e:ae:b4:98:38:a0:1e:38:e1:20:84:d9:2d:
-        9f:2f:07:90:7e:30:7c:a1:c5:0d:c3:04:39:aa:97:b5:30:6f:
-        d9:e9:dd:78:d4:f9:49:01:69:93:da:e9:30:2e:ce:5b:89:cd:
-        5b:c7:48:31:69:bc:06:9a:6a:cc:02:2f:bd:5b:78:b4:c4:ad:
-        8b:ef
------BEGIN X509 CRL-----
-MIIB3TCCAUYCAQEwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTQg
-Y1JMSXNzdWVyFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoIHEMIHBMB8G
-A1UdIwQYMBaAFAXfnBZqLlmBtXbGePU5C9v+hVpjMAoGA1UdFAQDAgEBMIGRBgNV
-HRwBAf8EgYYwgYOgfqB8pHoweDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3Qg
-Q2VydGlmaWNhdGVzMSIwIAYDVQQLExlpbmRpcmVjdENSTCBDQTQgY1JMSXNzdWVy
-MSkwJwYDVQQDEyBpbmRpcmVjdCBDUkwgZm9yIGluZGlyZWN0Q1JMIENBNIQB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCPfqche45wANMjqNfVzoc0ROCt4on2fp1bKrevV7+V
-v15r+RxAd4fq67GtDOFVgpPwu/blTDNp5UHByW6utJg4oB444SCE2S2fLweQfjB8
-ocUNwwQ5qpe1MG/Z6d141PlJAWmT2ukwLs5bic1bx0gxabwGmmrMAi+9W3i0xK2L
-7w==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30EE.pem
new file mode 100644
index 0000000000..8a24f94274
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest30EE.pem
@@ -0,0 +1,66 @@
+Bag Attributes
+    localKeyID: 26 4C 20 BC 2B EA 8F A8 43 6D AD 2E BB 94 60 45 BD C7 20 AA 
+    friendlyName: Valid cRLIssuer Test30 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid cRLIssuer EE Certificate Test30
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA4
+-----BEGIN CERTIFICATE-----
+MIIEgDCCA2igAwIBAgIBAjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0E0MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNV
+BAMTJVZhbGlkIGNSTElzc3VlciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzAwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSzooJ7m4luutdu9QJQDkbY0Il8noU
+TgbKk5RKvCLiBOKpw2OWhUQC6REPPxCUPPlt6Nesrr7HJrAMI6V7ri6BadHXO/3J
+lReya5BgAqkPlHPIUzRgf+GLV4noXkhZu7n1HuC3WIrKLlQ7DxDfOaMtCmM2uXhs
+Htou/zroTG7ed7I6git8dmcYlJb7GwerHzJWXkCN+tdamuzpP/lQjFNAkSpBUkNY
+B3NDRSppsaf3xnwKDw8IHGoprM8Jc1X4bi6Gj1RJ/kPcJZ+Wzfv7xsPvZ06Y/TE+
+vFrs3KAXFYM+F+4Mcxl0cZe97w7kU0YUXJyrG4p1dyx7y1XoMyQkc1hxAgMBAAGj
+ggFdMIIBWTAfBgNVHSMEGDAWgBQMWjLqlAEgC6iqL8kS4y5BAoLotzAdBgNVHQ4E
+FgQUpLFFtgmq4YtGXlXl0x18qEhkLMswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATCB7QYDVR0fBIHlMIHiMIHfoIGEoIGBpH8wfTELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNV
+BAsTGWluZGlyZWN0Q1JMIENBNCBjUkxJc3N1ZXIxKTAnBgNVBAMTIGluZGlyZWN0
+IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E0olakVDBSMQswCQYDVQQGEwJVUzEfMB0G
+A1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UECxMZaW5kaXJlY3RD
+UkwgQ0E0IGNSTElzc3VlcjANBgkqhkiG9w0BAQsFAAOCAQEAPkueBBT1p9JCkPfO
+5YxsM3b6bqPQ6dK4hBSqdX6+lgAkey0kGUH5kp0wyK+g7GO8GHrk+2N0S9mjSFEK
+bxdMuxho41sZp0+A12ZAw68Pwqgg0XtqY2MOSMsPOpwJSq6Fv/DC/uJVFRaD2moa
+avWgugALr2dbJ7jIsZhPmA68101nXSegz4qBeT+AZi5m4jiT75GR/qnbJV0aFDYU
+062FzWBAvrB3a7WT/0/vw8+eYmFeXi8cPouGvUttL/GHGDcVazALLK9GpRAx/2+g
+dtkvLdq5Je3HxRdIJVH8TiTZM8EHdlJ/3cDlN0qNMog9PN5q184xi2nrFzunFdhB
+4nPQoQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 26 4C 20 BC 2B EA 8F A8 43 6D AD 2E BB 94 60 45 BD C7 20 AA 
+    friendlyName: Valid cRLIssuer Test30 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FE5270AE65D3B000
+
+kgUcvK3apSU+Wzb/ZnTaqVfuh2oBFN/lKVGl1LJkNNMvZXvACYqYVyriddieT00M
+WGRjmKvN1pFRM4w4WjCwr1aVZSst7AcXTjfobjVPXqoQ84e0kT3hGuqyXXkoNDei
+IgOEwRMQ9gGQpz7OrOaSm3vnRJlkkwLzN6iN3PwkDt7Bd0uVQkIcd7GhZj2nclZw
+JT0rkEn65xPhIik9djCRzWOjfQM956g7PiVUabQOWjts/HeYwkS4l9amBu3WoohD
+tEovDOM3UOg3IuX/bYoTzpOK6WHviDlDP4Qb8yqUcyxO5NUgFgCs3waU4jGn3ykD
++1pf1mmxsY+QhIAdRnnYp/UhZlxk1LDYCgy0YBvJ3U17jhGLQ8iYn6t5TigvjE+c
+I78xd8jf3RxUtzvCGy/ZJz7jeqPmHOUU0sop5VoVZrSBkVQygISMz242PLaptqja
+3Q1UqlmwPCt7xI0+PEoQXs5sjQ1eKJIlM+hWL9RXH4uu3WXECcMJKyesWBQAYW1v
+qbES8bSPAi86Po970FdbAFwgUBJGkE/U1k0bYEuZ4VIef/pxwHAzfde7zAzlUJrb
+Cm/beSNh3lFVRCj2NTpb7YToXQr90zLB9kyJGTleUzd6sX7CBlkGVrw+nje0jKxw
+IeDSEtR18FEOfzY3bKbv2aj3h9amAB9/hYEeE9I9Q5LxKFyw8b+pB75kUi0kuwx4
+u+tW/PjELoshJujhOZtXFveqenV5PYxPyE6KP88Zst/5QHWOuG1+FlTLEQy9a7Oi
+D4vq/65n9sgaH/L9miy+CpubfXXrAawvFNQJ/QDymjAp0FDsU/PxlaE0dzsAQmcH
+HV/gJEVK0EWJ85Myt/L6mdJszeOCoM0vttA8wxejia6joIs0kMX/AccEzgC1tSDu
+F6WJ6sTV0FNi6p/b7I01phRRDUY44TFa5qeiB18ZmWf5JYT3QpFcZ6Dd60OIA/+m
+Z80QDdMHZbBlMux/ZLQygD9q58QRc0uv2vP+6HXZLyEUbv9NNkz1v46hIoixT75H
+iuqOscTdsyfR9xbe7szTrDLSnjq6iN3lHL5bEtdCsBDg6GDcqt6V9iG1uE5zdzNG
+bJo+8Lvm8TBn47No6gdFyn3+DHAdrrb2HgcmxRUxGsOBScdZr6bXNkZe4iz+OvHw
+hCzAD0XCp38a2xiR2dWj8ZnyT8/TEwgOvuKLSXuY0BHZyGSJo9OCwzV+F6jgzjnE
+I9CG7O6E9vGJ54N3LPUmAEB9uHixGwuLjRTlzjyapIcHlKeW/srr/ICVnUi8c5yB
+qbU6uo+fkBEicaJC7foK3vGLye9T6qAc9S8vmOE2CTi9SeLCoSBLTaeYFURuKzSx
+EJ+c8PXcjLKkAYBgHDNKvdJf/tx/hfU2ZZIRPktvwSr/blqgyreIvdExdmCFyEwZ
+jHrrDc73mg/V+kVWbDOJmG7VG/XigY1XmyWFJG2E9eGzyhTsh0AINEGJRg84O8fM
+lGEDLJZSXAkT+LhAMF9RqK0znrnCbTH07mlf8BTDJgPlWCZVqTVqe6mRyEsAfXgX
+DEIejVs3Z9uE3uoLBSQbmBFc7G8g8BluxzeHtLgRtpXRz3FY6Z6Sl7bixHLVk+2Q
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33.pem
deleted file mode 100644
index a1d4ca6ebd..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33.pem
+++ /dev/null
@@ -1,226 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=indirectCRL CA5
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UECxMPaW5kaXJlY3RD
-UkwgQ0E1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCx678FWV/yNhQZJRyI
-iaMmsrcrL1oSrYNu6oCM7kFCgk9PSYQRh+4SVNGyvyuQQ74+C4MLKd+GgMPRtHok
-km0S1dv/hLd6qZcVzhL+XHQ+ufLEbZqs1ZXSUfqTJFJpAgu4qLqMS8iZxijRGaDM
-6cQdbVcLMhxTC6sYFzuYtl78gwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUlK0S0eEOfsO7N0tBPW1ZgD9EV20wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALAhR+3HUAbz9RiSD7M2UTI/CO2tE7dn
-6zSaQvkfm/UVsDvNLmSaeXS/29C8sHeoEVpmDdGbgCPcMwB3lTNt2pKI5jhr9f7J
-7BE1W43gZMR2YFRrkMX8AhQKVRN5LVpQIKjGMm8CkTPH9ecvH8kGwYcB3qLZwD3H
-sN+wLRApTQTr
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=indirectCRL CA6
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICdTCCAd6gAwIBAgIBWTANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEMxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RD
-UkwgQ0E2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5/raWoeX0Fp14qkKY
-Ypdts+gzpB6uEBcK8SpAa5FzydBYcIJajJ7MbWLlH1o1nzd27E2YQQPaVuRvB9vS
-4Tih5plnbOXvkaUVh/iohILhb0Q49JWe4JU2yQsphppmzXgUH7C0Zygn3N/fd8JF
-MUxK0kDYmuerHsZ7DDIJsAOTpQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7K
-J3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUwhs+qhpOwTOKGqpZSQOxZqIc8H0wDgYD
-VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACMudfomzqT284TDQDAaT8SdUGpP0bH0
-ofTP/6WODMD3M2+AYgM5ES2McuNKWBx/iifIy42icqmtiP4EjbwjK5JKPJzSSyIF
-/BL1+/TdNfvGBuDBG7qoVzqALx4QeAdCh9tjM9eZQbwVuIIUiI94VPU3hT1OcJRE
-ZCkFIjgPYCPR
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid cRLIssuer EE Certificate Test33
-issuer=/C=US/O=Test Certificates/CN=indirectCRL CA6
------BEGIN CERTIFICATE-----
-MIIDUTCCArqgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JM
-IENBNjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UEAxMlVmFsaWQg
-Y1JMSXNzdWVyIEVFIENlcnRpZmljYXRlIFRlc3QzMzCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEA01gBYBQnJrrihQ7wxqFilR6zjimXk5ZbQs9BCX1n/zpBfmwn
-ezaal6qZo9BPsXH+zjp8eicI+kPZSXMUd5JgwwuHYH9+gL7EvKobEJc9WBuhBU5i
-GRSeBq9M0UltbXo5c6hbxl22rmTpqTaehigZ94dujqsPPl5g334rdtPU2IcCAwEA
-AaOCAT0wggE5MB8GA1UdIwQYMBaAFMIbPqoaTsEzihqqWUkDsWaiHPB9MB0GA1Ud
-DgQWBBR8QXrBPNUgzCMGCs9z7zs4nferRzAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0g
-BBAwDjAMBgpghkgBZQMCATABMIHNBgNVHR8EgcUwgcIwgb+gdKBypHAwbjELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9p
-bmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJl
-Y3RDUkwgQ0E2okekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0
-aWZpY2F0ZXMxGDAWBgNVBAsTD2luZGlyZWN0Q1JMIENBNTANBgkqhkiG9w0BAQUF
-AAOBgQCTqqePZ3xWbeWlGEO5gbYfjxlqTrTOYOFZoSMlApx3fDkAo2o89IvoGN9N
-hXQDCVtd7MS5g1v2bCGF9TjVKgPMGIJSFGp0QIRRsNdsxRi631JxUFvVz7yE3RgI
-Qjll0EqM4nEceTJaNz6SnQhSjdcOJspkqKXUA1ga7Za2rC8SSA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=indirectCRL CA5
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:94:AD:12:D1:E1:0E:7E:C3:BB:37:4B:41:3D:6D:59:80:3F:44:57:6D
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0..Y...R...N.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA6.p0n1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51)0'..U... indirect CRL for indirectCRL CA7.h0f1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA51!0...U....CRL1 for indirectCRL CA5...
-Revoked Certificates:
-    Serial Number: 01
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA7
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 07
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 08
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA6
-    Serial Number: 09
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0A
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-            2.5.29.29: critical
-                0G.E0C1.0...U....US1.0...U.
-..Test Certificates1.0...U....indirectCRL CA5
-    Serial Number: 0B
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        05:49:47:a1:74:fb:1b:35:e7:63:c3:18:3f:ff:34:5b:ba:1c:
-        d3:05:5c:a5:3f:2e:d1:1b:fe:d9:91:8b:25:a9:b1:e2:42:9c:
-        f0:f9:98:c2:ae:94:da:1e:da:b8:38:51:6b:42:c1:6e:c5:9e:
-        44:bc:3a:b4:36:57:f8:56:a1:ae:4c:04:ca:b6:67:2e:da:ce:
-        51:b3:17:b7:9e:1d:12:af:54:9d:37:88:d2:58:9f:c1:a6:53:
-        79:c8:aa:90:45:b2:ff:61:63:e9:5e:2c:7b:4c:6e:a8:71:ab:
-        7b:10:11:aa:c4:bd:45:ce:9a:09:d5:f7:ac:0d:83:7c:62:3c:
-        c7:af
------BEGIN X509 CRL-----
-MIIFfDCCBOUCAQEwDQYJKoZIhvcNAQEFBQAwQzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUX
-DTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowggLKMCACAQEXDTAxMDQxOTE0
-NTcyMFowDDAKBgNVHRUEAwoBATB1AgECFw0wMTA0MTkxNDU3MjBaMGEwCgYDVR0V
-BAMKAQEwUwYDVR0dAQH/BEkwR6RFMEMxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEYMBYGA1UEAxMPaW5kaXJlY3RDUkwgQ0E2MCACAQMX
-DTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBATAgAgEEFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwdQIBBRcNMDEwNDE5MTQ1NzIwWjBhMAoGA1UdFQQDCgEB
-MFMGA1UdHQEB/wRJMEekRTBDMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBD
-ZXJ0aWZpY2F0ZXMxGDAWBgNVBAMTD2luZGlyZWN0Q1JMIENBNzAgAgEGFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBxcNMDEwNDE5MTQ1NzIwWjAMMAoG
-A1UdFQQDCgEBMHUCAQgXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUEAwoBATBTBgNV
-HR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlm
-aWNhdGVzMRgwFgYDVQQDEw9pbmRpcmVjdENSTCBDQTYwIAIBCRcNMDEwNDE5MTQ1
-NzIwWjAMMAoGA1UdFQQDCgEBMHUCAQoXDTAxMDQxOTE0NTcyMFowYTAKBgNVHRUE
-AwoBATBTBgNVHR0BAf8ESTBHpEUwQzELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRl
-c3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUwIAIBCxcN
-MDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIIBnjCCAZowHwYDVR0jBBgwFoAU
-lK0S0eEOfsO7N0tBPW1ZgD9EV20wCgYDVR0UBAMCAQEwggFpBgNVHRwBAf8EggFd
-MIIBWaCCAVKgggFOpHAwbjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2Vy
-dGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGlu
-ZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E2pHAwbjELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgwFgYDVQQLEw9pbmRpcmVjdENS
-TCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5kaXJlY3RDUkwgQ0E3
-pGgwZjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRgw
-FgYDVQQLEw9pbmRpcmVjdENSTCBDQTUxITAfBgNVBAMTGENSTDEgZm9yIGluZGly
-ZWN0Q1JMIENBNYQB/zANBgkqhkiG9w0BAQUFAAOBgQAFSUehdPsbNedjwxg//zRb
-uhzTBVylPy7RG/7ZkYslqbHiQpzw+ZjCrpTaHtq4OFFrQsFuxZ5EvDq0Nlf4VqGu
-TATKtmcu2s5Rsxe3nh0Sr1SdN4jSWJ/BplN5yKqQRbL/YWPpXix7TG6ocat7EBGq
-xL1FzpoJ1fesDYN8YjzHrw==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33EE.pem
new file mode 100644
index 0000000000..830d206e9e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidcRLIssuerTest33EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 0F 7D A1 ED F6 2D E3 B1 55 23 86 96 A5 E3 C4 CF 05 60 F9 7C 
+    friendlyName: Valid cRLIssuer Test33 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid cRLIssuer EE Certificate Test33
+issuer=/C=US/O=Test Certificates 2011/CN=indirectCRL CA6
+-----BEGIN CERTIFICATE-----
+MIIEajCCA1KgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UEAxMPaW5kaXJl
+Y3RDUkwgQ0E2MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNV
+BAMTJVZhbGlkIGNSTElzc3VlciBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzMwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9GPPNteHIdTdRRszbD/h/b+eGaWAD
+NrTjWgzTuZeXV6/D6sW9I+f6S0jcJGSvRB6kcM50+BnXqVV9fnuMgULlmpRAaGqw
+B6NqjlySxkrbuMQPOoHqp426I42grxN4OPf+qzujMMjMGAVImdnDt9MYfM2j1Sr8
+opCYbZFI5R9HXN4pmTCPkp5fox3Vp/ATCoXNtE6tux4iLzlEi+oyK0LjWYWvUHJ9
+cAAqbtzZEN5d0y41a+DFQSkckfCdR/M4lmLG2vzomt5Sft1KyYYL8OA7zxBJVcqx
+H0DcEW0kUPgcaxrBCHNyDuHMvGqe4sl4lOaXamQN5rzzgkFxmGTxeeUrAgMBAAGj
+ggFHMIIBQzAfBgNVHSMEGDAWgBQfySCNC6NsLXdPE95C9Au23ip2MTAdBgNVHQ4E
+FgQUluhzy9F5Af6JjyGhLMUYmAjLgycwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATCB1wYDVR0fBIHPMIHMMIHJoHmgd6R1MHMxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRgwFgYDVQQL
+Ew9pbmRpcmVjdENSTCBDQTUxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5k
+aXJlY3RDUkwgQ0E2okykSjBIMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBD
+ZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJlY3RDUkwgQ0E1MA0GCSqG
+SIb3DQEBCwUAA4IBAQB+9q8Ik0Z2KfZHsQDFdbZDL+EZUxMrzEj59fHD0X2KsHml
+8ZEj2YOEvnsGi5Y29B4NzVSqEnIJ7JHh9oWrCguHtLhw/x6VEy9ghE4Uhw8F36it
+KqCn9a8Djhxrj0riagy9ww/QRFV50rXuV0TuhiVBR1/A9869dx3onqOZiaVljzgr
+dk+Cxtze9rcyMrmaGvgboLlpPF9/s9JLFNc6FH3tH5PY6xGcEGfWtQeEedhJCWz8
+WPRL+kUf0aT5qX0PD7PHT9UDMzP0338QgAjI5rsjhPScQs7oSRSbKV1jkgdRMLoM
+TsUpUhQRYx5XVz36f7j9x94IWsz5PfkBqD2vH+AX
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0F 7D A1 ED F6 2D E3 B1 55 23 86 96 A5 E3 C4 CF 05 60 F9 7C 
+    friendlyName: Valid cRLIssuer Test33 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1CB3D75D493E7769
+
+WBhqGT+RJWLGu+ESdchE6u4yA2jPGhK2rK94zXxv2OK3ZgzRdjKJszQmWS6WHXUW
+T2BnHRp2oD2JUl6uNuUeIl+NteuHCaBVjCHJiY/zd03YbiS13x9q0TwnGJzD3YjR
+C5+zw+NJiTLikVY5etDNibaf56NykaHownrqQu+LlIfLu3yL5bY1x8nkEeWnL/cY
+zBAYa64S+Vh7Wd6Q5dXEMtbpUYmAfHFG1XkjiaBL3FDtMnJOLRRBtq7z9Td3CGxe
+Za2lTFhHFRHw6KbgDmvYz6lDnP/mdP4cNIw8jMaaB3tRUPaoAoHxYr8lY9RdxQt9
+wT4AxDkCC7KAiea+im2BhX5LhdrOCoWjcTrBNJRTp7mypXwezE3Uw4/uzD/bi5CN
+UcSJ+RwWIYfLNvJid6QkmKDg81cvEP2MlxHnL9nVycO0Wx/E7eDlnpgSq6CDdTx5
+3hvUSbTvapTXN2CM6KQlbu7hbvvfkEI+hXUpQ2lpkigJQCyR4uMRsqwuoDsKgKZJ
+92s2/0KATnCrmeUIOBR7JF3H9cvJf5Rxtr6QYi9IagyYl2HhWMzYgD93RViqJ2yw
+vkDG5I1SDvusQEO6dca6FaCb24UzJKFgu+zk7+ma8cmZaYMmZs/9FZzHAQ+PgrtU
+iXDqJqen+5mWyozancFuc6wJBxksI2vmHx/1BI3Uh6i+J7iQPXvPQ/p4Ti1IS4nW
+bm3uxohjMf7KdptHVjjr7KZxDyV+i4hmyke2Sl/oCnFfSdUo44VafBJRJmEHB9W0
+ECLt8s1D96d7uDU8ib917rM4YscmH1uB+i0K+cEVpAL6/HyABQmzSVGjFRjeyTxC
+KZ/5a/dlw9Tpgh1Hp0vDWOFFS/r2zpbPqmADOxSBle7QShRGvSFz83a1/vEs1Y40
+GNl34T/0cVGyupqpFxwTkxJCamUF2A/yqDfCNJJUeLHTMljJrMPo+YaJQhBzGMuA
+EA+jxzenFkyAjo3H5DJ/6gvYch0xHv4xp/OMEeJh2T0dv4kQN0Ia9uKgZXySgMID
++Kp//xLgxUSNt62LYJSmmoQ1i8w//1y7wX/0RfgQVKZhE0lSmZukqvndOWh/Z+tj
+HorxR6YWCLvBIaME5VDMjO+GnRULTjkzC5AHqe4oR8bBhwmD1/JqfNaGp9WEd6YM
+PSzwftuf3/WF5wwhDusTPr76sItEAOuA1fBcu3zSVYCLrFyS1XBrBdnl9Vj2rNIM
+vyXF7BvX4mALaLL64L2W4YXqmw/GG8RqKyQudQXET3hDDFqIEqIA7Yx2I3mA3LDu
+EtcSEoL4II9rx91Z9+30gnexGhNbJR6sajtOEYdMGSIpNaPifhsVk5b3OP9+E6xg
+RAKU9nyb5Ta79rg4FEyk4Mj1bYNFHWacbD9NRlhHRbKkEatoLahUjSufSwrVoioK
+d00ywK6abby9YLHyBzr4wEkJhDk5Gs4VTcrD5jK8MX+WVGqfVvgKjwlbPd2D0Mgs
+Zo9maIWsYEpnm1H9kblXfdvDBbw6TfUs32vwX+7assnr0ytiUlayZWmVGxL2QOlp
+vSTqZtfArBsdQuPSOYBQO9TV20G8f1qQ9CvpR21MbSIAs2Uir4aIlg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2.pem
deleted file mode 100644
index abd16aaee7..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2.pem
+++ /dev/null
@@ -1,190 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF
-msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT
-zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg
-7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi
-xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys
-XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9
-247eEnnm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid deltaCRL EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1
------BEGIN CERTIFICATE-----
-MIIDJjCCAo+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEsMCoGA1UEAxMjVmFsaWQgZGVs
-dGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBANRKVxWvFldCkmzvNTs41NjJct7Jt2VltlefYPwBuwPuHZveA3TbXj88
-nvKICCqBLZwlhGlAyfZTqFd4gElplVEKvfn/GSNyGGnsAHfZJOqwzyvpIPx/yg61
-ALFj1gsGSesibsgaXOhUVO0N6EVpse2azO8I7qSpXf6f6b+qpSkLAgMBAAGjggEX
-MIIBEzAfBgNVHSMEGDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAdBgNVHQ4EFgQU
-zo7j3tkIY9+L33KkkCzx7XzdaOcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
-DAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBD
-QTEwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0ExMA0GCSqGSIb3
-DQEBBQUAA4GBABBiIdpyc6pIhhnujMn4FXCBcoJtkC5Am8NB/cgPKyhVlUTnp62b
-dbt1zoUI9KJPSlwBuJduPL/Q9hJr1vKHdcFC98iANtf3s7fzzhGF22Nel/qKtlWr
-fldw2WVkIjTSeQV9gmBf3cHAV31JP5/q1rMljeZD448J9Cd46UR05jM2
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                2
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Signature Algorithm: sha1WithRSAEncryption
-        63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8:
-        b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85:
-        29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48:
-        9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71:
-        58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98:
-        d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c:
-        1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35:
-        90:7a
------BEGIN X509 CRL-----
-MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz
-MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw
-WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB
-CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g
-SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k
-ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7
-RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96:
-        b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4:
-        73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0:
-        db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e:
-        fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e:
-        06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92:
-        71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d:
-        eb:4e
------BEGIN X509 CRL-----
-MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG
-MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME
-GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK
-MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb
-2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR
-YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli
-fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2EE.pem
new file mode 100644
index 0000000000..6d14a5b19d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest2EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: F6 29 DB 96 07 D3 3A 5E E1 03 C0 AC 2B 81 C4 CD 0D E2 6B E8 
+    friendlyName: Valid deltaCRL Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid deltaCRL EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLDAqBgNVBAMT
+I1ZhbGlkIGRlbHRhQ1JMIEVFIENlcnRpZmljYXRlIFRlc3QyMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwd1BQ7/wKjBDcP9D5j5bCNy9FutJREznSiHS
+P1ZWdbmMUNZgzwgmA9oXqX9wqbQmq/KdQj1UNao69Ih3TDu6pIhWs9tZFDXQJ5Aw
+QBTS8rxdxcTzvcWYh61gG35ZS+obi85nDBtcMH6uJ3CVzLOe1S/cneeaIlvME1dR
+qEYUizVvc827K/POXYD89i+Cv56PTvkngHaX4s9acF2Nfu+wI8mgt0VCuCt+/FUq
+9WkUEzWFwWZ9l9wtYPijG+8mD5RK8UKhVYAnLLXHh1vY6a2g7fNg0nVE2yFMGMQi
+VWK+Goj0oPwfQbbWhdyLwEdoqbilnNVdVvorTqUYNDYVL2feQQIDAQABo4IBITCC
+AR0wHwYDVR0jBBgwFoAUdxgj5XaEyBSUP4LQgep0seCkLzMwHQYDVR0OBBYEFPof
+pRoOE0DZ7urfHC/l3cmHSCQLMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
+CmCGSAFlAwIBMAEwWAYDVR0fBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8w
+HQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNS
+TCBDQTEwWAYDVR0uBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+ExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEw
+DQYJKoZIhvcNAQELBQADggEBAKPvo7tsUNQ5bI0XnuZU+EZuqi0EXzLAT1ybFYVQ
+dR8uDdi9l+HdRsKioPOoQF2wzjQ5WvvfVMQ0032aXqQ2mKZP5n3NaMYon5l4ZMZD
+tmFSBsNpKmVL5TfQNhujuuiAg3/iTviwTK3tApgdUhEioZomFv8GT1P/W4DnDpjU
+Khns6ZZS1SwE+UP5ckJBFN75J3ptYyUrialBjCitoou5dH7hUmpKL6/jwr/zTmXm
+QT+jNsNg2OaKe9BZUuE3T3vMS/ecQPkgUvosTeqVbg3Q3g53Kq9noiPrDOF0RKrp
+JHoYsWHK1AkMy0o3uYUifeVdRcYxXQvaScLwwzsp/bv6FxM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F6 29 DB 96 07 D3 3A 5E E1 03 C0 AC 2B 81 C4 CD 0D E2 6B E8 
+    friendlyName: Valid deltaCRL Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EE2887BC9A995025
+
+1HjPKjN/H2UbwdN8notTrNk82KvHmYTDztz6me+cZo1iMW2K/W8go5Y8xgtQ38Nh
+Jwj+xw/+lgAjUQ8kuk5PoW+KUnbCwBS9rbQyBXZPwSlApxalnCd2cLxWYBdzHT1g
+4x45pkNw86CYpxwGijOEX+Ml6M1FY2y/X3KG27GCAOH9YW7BPvAt8zTg29cq1+Qc
+O42FSJK+06qeGrV5ElvQKK4iCi/UiGFsAHpREfiDLdD+Z/YZMa9ERPYp0eTLr/A4
+AXCSv1tABz9hJg6QT/q0FtOK0ub0498V5L/ZIYSbHxZ1Y/3ACqHQNeV5kua/80DO
+YnYyhouoiXEHAFJW0BSClK1WgNQM9Uoccvag38iM+KrymnlhQH8eJnG5rM3QI2yg
+Cm6IKuyP2fFx1Kd0qCMiaoEwkh+zWysq1yITFJhvS4NMiW3QVC17jzS5zq9Cht3D
+lQChON5wDh5fxAyb/nnfrV3T4ZbI1uz9hmJwEhoCMUp1qAUZYhQfDrBsRLA5OPdq
+8xnNx/1ol2MUlhp3bN1FpsgA9WjY/5rCD9RyXGctm/k0uz3or/C7SGZHy12e3EPa
+/2pBth17y1S2dxyoTQjN37ulolA1PIixkKgEhHqqflt1d6H+7w6g3897XzApsvi5
+QfOxS9dd2mEfoycfCIkvk/A/ovkWbV8USHFvZT3tkzVyxG58RdBsbPspWXnS52Up
+EJci07kVoihq/wQAY8j8Cd2xJ8NYuH4fL5RUGJPHBMBIQwQ/W1h6HrXvhnFbDNnk
+/6OAJfnVnHKVEyHw+wG0McybPM1KWk00BSFkRbwxMQdwunACjUEmC3Mzdktrffpc
+o3moOY6aTNF3que/YZD9B7yWhu1bhmO3t3cRw04To9dMUSdO+RLqp5vS907B0fpa
+d5J/qNafSjdWTnkzBAQzMX9yHXMuAUIgPKqM+DFyZ98JBIyDjrmhccc2Lnvy00XH
+baC6d6FoGtwaGwzEeKIEJVV0UBEBxXA+V5JML7cqFsm2Fr+6sTmpTzoOb/1SnORL
+1t0tdMSEAkOGT8DTD3LvF3jaIuxdQttwWx3h7bJpH0UD4Lkc8CUUmO8MwskOvy1y
+sgU2FEFTh9WEeQhu6AftdL7PBCHIdlbDU+p2GLOidIq/UcODVLi6+uIXyJheAnNZ
+63xyQXRYF/t9JgbkNv8pMBU5VZ36jjzweHp9cXcZEi5Kr7Wrjh5luKQJhiRHyh7P
+b8nBzJmZt+Rvkn0JJmgnO+03RFgWla6tySMQwgciHpewjVOjv8UnbNs4cvhdZE0Q
+5e/swhuc7mMHOeAiui77eyzFclBeRVKzJ01gr8c+lpHNSGb9oDDL+1hVZ6ITfE6U
+wTE+PijTDNOSaAvYfS5LFc42zIxhssj4pbSaETN0G7ANSSbBLnxb5NDmNMzoj0zL
+s2Q/mRSOcnlkagZz2C9LEr6Rf68ZhGJk6PLESfUlJJXazsm2Er7JntlIi2orEpVq
+IBZB322iKfErIg1w9M/N+Iq5OUAe/xF30U+I/WXT8NBjajYD1Pasf2gr27Q1uk8p
+Zgp2+3EGgb/AS4g5tqzVY3vMmYcKjTMv+kMq5I8ssjibMZS6d4Bp2huXpx1VJ8SM
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5.pem
deleted file mode 100644
index 57390f882d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5.pem
+++ /dev/null
@@ -1,190 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF
-msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT
-zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg
-7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi
-xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys
-XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9
-247eEnnm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid deltaCRL EE Certificate Test5
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1
------BEGIN CERTIFICATE-----
-MIIDJjCCAo+gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEsMCoGA1UEAxMjVmFsaWQgZGVs
-dGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBALJoiZyA4CHBqHesCHEPO2Me3gceR6LJTUtoEOGP877OjigufADkFCsN
-m6lEz1zn0JfUOvERm70QxsfYSjpbc3OiPi8v/hbsB0whYBVGe017Qluvyf6ZV2v/
-ItpeUd3v3rw3g3Z+pXGAgLTeDBl6RhbybuoORo2hbpq1hPkhrep7AgMBAAGjggEX
-MIIBEzAfBgNVHSMEGDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAdBgNVHQ4EFgQU
-FouAPbKkYNJGEKJU0p5tKX2BhpEwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
-DAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBD
-QTEwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0ExMA0GCSqGSIb3
-DQEBBQUAA4GBAGu61lJXt+1uZ8FoGyPdKeHvT8YKDijsbNtC8azjbqKRIz7ETsfQ
-9nax423fRWHnphLHzSUdbuIdBvWL8aDN0T9ZvNt4A+73SndqlIw7y3ULlw+r+CRs
-UBmBJJSEvo8Bh+4OJCjGoZXDzdGbQ+7TYzZn+asNvDVZE5MN8o8Tcq8r
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                2
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Signature Algorithm: sha1WithRSAEncryption
-        63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8:
-        b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85:
-        29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48:
-        9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71:
-        58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98:
-        d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c:
-        1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35:
-        90:7a
------BEGIN X509 CRL-----
-MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz
-MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw
-WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB
-CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g
-SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k
-ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7
-RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96:
-        b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4:
-        73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0:
-        db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e:
-        fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e:
-        06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92:
-        71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d:
-        eb:4e
------BEGIN X509 CRL-----
-MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG
-MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME
-GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK
-MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb
-2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR
-YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli
-fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5EE.pem
new file mode 100644
index 0000000000..b20e3975c4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest5EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 93 22 59 7C 8F 4E E0 09 A4 B6 5F 3A 9A 85 15 F6 8A B5 FD 2B 
+    friendlyName: Valid deltaCRL Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid deltaCRL EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIEPzCCAyegAwIBAgIBBDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLDAqBgNVBAMT
+I1ZhbGlkIGRlbHRhQ1JMIEVFIENlcnRpZmljYXRlIFRlc3Q1MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJFECVVjrL4M7nLTi4W1pAi2nrpcoUfvyqYD
+PRN8qfpzIE2sdD8F+TFkPACLkiLO/ZxHg/SMlLxViLS14Psx2wsNVz8FKD3B2M4l
+7BqdRL9kb5n7AWYajmT1iBJhbiFqr6j+4wPljpRifp6mEF+Y66kqvcVOJZYo9mxK
+wtFfQ8Bfq80QXqADKzs14Zcr2WMwI6e+qxvvIEBoG9AiAXwcEaQQZaNuxBMAEWYj
+J4QKZb1ThRQvwHR+OF2WDQnFJU/igyo6r7JlC6Oole3TDeXAL+HLLc7PrAFYuKAC
+Q5V9uIAuBVsk9ZqTv3hxWlwM8UcIniTbCdaJzMk9PUnSLiIWDwIDAQABo4IBITCC
+AR0wHwYDVR0jBBgwFoAUdxgj5XaEyBSUP4LQgep0seCkLzMwHQYDVR0OBBYEFEll
++YhvWUeTjLvr+5XokIkUWsJaMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
+CmCGSAFlAwIBMAEwWAYDVR0fBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8w
+HQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNS
+TCBDQTEwWAYDVR0uBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+ExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEw
+DQYJKoZIhvcNAQELBQADggEBAHzp3LR2KfAWREjO8RVbzdP43ggy2Qi7oYZ3NsTp
+99KuQ4Z5agn0v97GgFfCq1Aym/dcoilxYT9BWD7QofsVUdHF5uUhVZ6oW63CR+rM
+6YC8WYneCzZc8MZl09I00mJCeMqWhRpQcaLGKhTLeJ5B580BSd+w+VkjiqHZr7SW
+Nft16xyOsw/jzMZQZ/bsjDcb+M/O2Gy4xUqpxp+sJNHeeY7N+/FX3OG8Z53IML3J
+SfD2Y+NUZ6UOMsTq4c7TxMFFUSmBrpg7xkiAWJl5HIwsX5dtFK33AxAbxOkXbmfC
+ESxVMsWyt1eXn/ndaiwAqyq5GXfcVyXCJJHcvdYjl8jGFrM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 93 22 59 7C 8F 4E E0 09 A4 B6 5F 3A 9A 85 15 F6 8A B5 FD 2B 
+    friendlyName: Valid deltaCRL Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,517C8F7B45662A8C
+
+QdbF4c6aeSXFoCFctsIsul7/4O7/znzpz6XNcnLnqZqbKPsdiWjNhtriapJyUPs6
+1VYXFHi3y1G9ySFZ1FWIbWoFkp62As8EaE7D/o3xQMBRGC3OQpAntZWdUfLmIQBI
+ImhKFY3dhJ9pmKKQ6lbfyXb2LhURTLhEeyqyhpNllppMS5Mv/iF3s/CP0BsUENwe
+5mBc1GQVhH0UC72fbIhsP741UidXoPLQKDNWQ3G5sX9X37YlmwkvzAFqFupUsZrq
+JKRYNxx1izYCzmlhWGf+3jlxtfhR0N+ULl/1RxE+cpLelPlUn82G+ct7i0mXyW8L
+nBLqEHq3IhbKa+baEJMbWM/vrQCwnJYux4NWtdTCdjqyHFcpnOSkosM3VJSi1N5A
+LePDEUhKHMfZigarxyuKLTYyVj/V4EmD3IOWbqxNOX1KUw4sb60aPEjxiPMG11q3
+x4VgIyC1v9l+oGeJflAiY/7hVoOtuyfDXO7Af6an688S/O6m7gkQ+eOs2PQSVTCl
+Nw5+eAAbaUjt53Fpy0WSS7sWQjnAHIaL0tGYwxI5wkmvorsilGWE8SJ7UXT0uUkx
+s9Oh+QVcj5oLeVexyui7ican+0Ok/mXmtMh6svET671aAmzef9VTW2yvGEsG2A0A
+c4//cd8jnfYBVkl/kdzPyGZLkbzWgMs+Ynjbco7eoO9lSX3wj2YIlPe3FRMbPRLg
+Ue69MiIKWZdiqcdYmQGO7/mqZUg5EUcFM+c93COl4tqyjaCNO7jqAsdhr8oa35H/
+Giml77rH86J/dUFL6Aw+5u7RCJQM0nKPHN6AgIedZZbw7Qgjph01S8h22Ot9DeR+
+ZSVDSi/xPfneJu7SbcUvhifdRYi1ytbMsl0saBKCesHRt0OtimqZHbazD5bKjJR+
+ceNVT6vR1E24LMvtiFLARt2c94XpzJ9iWsmHoXZ4bimPAFlAvVSKccYa9mTXjYvK
+ognt/cXnIpekOHbLt8XPRcxl/lUDT6UUtPAph0tn4/G3CkcJvGq1iAZ5TUbyzvTZ
+pE5GwCsLrFpDd5phc8yMzbQVcuFbeTyRUA3tupMJHXE5UjNtm26Fob2R3tvbZBju
+N41tv1AHl3QZSctjWM9kivZbYliZyNTuBwEQEJiL37XIsxCuDHUUGEKsAOQRPOio
+uLui6tML/ydeKYHJfj4bV/3RWbeuIEHxS24qNV3a2Qcfax+rGQZzdk5v2ijLcGzB
+U1biH5fP6A/JnYpyP0/eeqRnJE3HqP1ntRAcHWgWAiqoRD45zYm/efDr1w46N8ZO
+XN7b3R+zmpDv66spLC417jmT4E5//azPcAs5dknlxALTpSSTY5DqtEXM42nyRn0+
+LzehGCrj7NUeZkSo+FUB1bbD4UjW5jFCsLGcC2y7vo79r5uH/AV1vgGG8ugF6Iip
+dN0r4hM2EtOVMDaN1RuP3+iyslbE46T//gICRLFm2plG3nGko8BgYpGnUsNCB3b2
+pgMnkkWjpYpxpCs0SAos08KXr/LbaZcR4RwuhMK3hWHboHPPZGd1+tapzSrxNIOe
+SA25jedrzE6hDdLfJJUDH/+CmgS3X/Sc7B1hq0bngdxuNqw2XZnbRPNnYBlQ9OLl
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7.pem
deleted file mode 100644
index 9b046d77ae..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7.pem
+++ /dev/null
@@ -1,190 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA1
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBWzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0ExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWAdMOZhkDHEp9KBGE+XuF
-msopQ2J+rJDtUrJ4pDANd3KgvUwmAZnDOopO+3hIw/w6tsB48EJwMCiofofFALAT
-zbGJidQOgpLF2if/SwmyWzUKqB8XirB9z5z0NLfE/0nnUhVQnAJ54W1jOz/+wMfg
-7oWdQC0ZAd1ndBLf+mtqHwIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUk49NvPIc1wyuIEisujIaDdfoDc0wDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAJhiiwAX8BQouosN8thaL0+ZHNhiuQ2gr8Mi
-xgaJCB4DVxE5teLk0eeWz+KVJBQwDdrlK4l0BO595r8cldkYkKJkJl+ZGPbNSDys
-XuVwXGbgfcUNPCeD1UIErQASVfomr3io69Nc62HwaBpTgARQO0wvfnIOFNAQSZH9
-247eEnnm
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid deltaCRL EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA1
------BEGIN CERTIFICATE-----
-MIIDJjCCAo+gAwIBAgIBBjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEsMCoGA1UEAxMjVmFsaWQgZGVs
-dGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBALU8oom56GYl7ggs8WAyhZeZmMxxsN6Ikht0t6Iydxic3xNbotaUS0iz
-H0tYBYwzuCTMpM8RMBSrU4UlqIE/9V5PuY2dWiHDXVGRawMdE3i4UNzrMS0BlYDz
-zvAw77ifKwmObOm8R1CWg2VCY9xzFWqER3YRDKQTcK5LzjtxP6PZAgMBAAGjggEX
-MIIBEzAfBgNVHSMEGDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAdBgNVHQ4EFgQU
-unt4uPVRHtIAndMWGuDH66dedOcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
-DAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBD
-QTEwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0ExMA0GCSqGSIb3
-DQEBBQUAA4GBAFwV555uqsNA+ZtS8QnVH+RRp5jhYTymacP8yc7G87Hyue8xaNzA
-yj4g3Rxfthlo52FFH0ZiuOKJP4YSvX4jr/BqZyrO5eMNs+ln4gMHn+RVxBdeh4xT
-LgXbQGX8wnks92CCGWUW1vbXUSbpBW43SaT767qDIo7yTASQVQ4jtWHJ
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                2
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 06
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Remove From CRL
-    Signature Algorithm: sha1WithRSAEncryption
-        63:e6:6b:e9:cf:44:29:c8:8b:e5:8c:ba:ab:26:57:a5:4f:a8:
-        b6:e3:81:35:ff:73:8b:40:e0:79:7a:d7:69:8a:c5:a3:d9:85:
-        29:ff:ef:e4:7a:4b:f5:36:51:34:79:9a:85:01:cb:ac:03:48:
-        9e:2d:b7:b6:9e:82:57:b1:0a:b7:49:06:a8:cb:c3:71:2c:71:
-        58:7d:e1:68:22:6a:11:3d:e6:ac:2a:58:d8:1d:97:3b:46:98:
-        d0:f5:f2:85:85:7f:b5:c7:57:a4:0e:e4:fc:c8:cd:7e:b0:2c:
-        1d:2d:86:30:1b:06:70:36:33:e0:69:47:60:98:5b:f5:93:35:
-        90:7a
------BEGIN X509 CRL-----
-MIIB1DCCAT0CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAz
-MDEwMTEyMDAwMFoXDTExMDQxOTE0NTcyMFowgYgwIAIBAxcNMDEwNDE5MTQ1NzIw
-WjAMMAoGA1UdFQQDCgEBMCACAQQXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoB
-CDAgAgEFFw0wMTA0MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQEwIAIBBhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEIoD4wPDAfBgNVHSMEGDAWgBSTj0288hzXDK4g
-SKy6MhoN1+gNzTAKBgNVHRQEAwIBAjANBgNVHRsBAf8EAwIBATANBgkqhkiG9w0B
-AQUFAAOBgQBj5mvpz0QpyIvljLqrJlelT6i244E1/3OLQOB5etdpisWj2YUp/+/k
-ekv1NlE0eZqFAcusA0ieLbe2noJXsQq3SQaoy8NxLHFYfeFoImoRPeasKljYHZc7
-RpjQ9fKFhX+1x1ekDuT8yM1+sCwdLYYwGwZwNjPgaUdgmFv1kzWQeg==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:93:8F:4D:BC:F2:1C:D7:0C:AE:20:48:AC:BA:32:1A:0D:D7:E8:0D:CD
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 04
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Serial Number: 05
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Certificate Hold
-    Signature Algorithm: sha1WithRSAEncryption
-        48:32:1b:da:3a:c2:71:37:ea:24:5a:90:2f:19:b8:9e:00:96:
-        b3:e1:2a:6d:ed:b5:7b:eb:90:30:ac:87:c0:8a:6d:ca:24:f4:
-        73:dd:bd:b7:f8:cc:55:31:f3:d9:e2:a2:5c:7c:51:60:6d:a0:
-        db:43:12:52:9c:94:fa:10:86:32:e6:a6:7e:ce:e6:c1:00:2e:
-        fe:33:22:b3:5f:66:e9:d3:03:de:05:c4:94:bd:09:2b:1d:2e:
-        06:86:e8:26:f5:f4:38:39:62:7e:e8:0e:bb:cd:c8:bb:82:92:
-        71:96:8a:01:73:d7:ef:fa:a5:c2:94:53:e9:2c:34:a7:50:7d:
-        eb:4e
------BEGIN X509 CRL-----
-MIIB+TCCAWICAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowZjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQEwIAIBBBcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEG
-MCACAQUXDTAxMDQxOTE0NTcyMFowDDAKBgNVHRUEAwoBBqCBhTCBgjAfBgNVHSME
-GDAWgBSTj0288hzXDK4gSKy6MhoN1+gNzTAKBgNVHRQEAwIBATBTBgNVHS4ETDBK
-MEigRqBEpEIwQDELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNh
-dGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEwDQYJKoZIhvcNAQEFBQADgYEASDIb
-2jrCcTfqJFqQLxm4ngCWs+Eqbe21e+uQMKyHwIptyiT0c929t/jMVTHz2eKiXHxR
-YG2g20MSUpyU+hCGMuamfs7mwQAu/jMis19m6dMD3gXElL0JKx0uBoboJvX0ODli
-fugOu83Iu4KScZaKAXPX7/qlwpRT6Sw0p1B9604=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7EE.pem
new file mode 100644
index 0000000000..3d0d5a7c95
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest7EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: E1 24 61 D4 80 26 C6 06 DB E3 20 10 B4 4E 3D C1 4C A6 CC 7F 
+    friendlyName: Valid deltaCRL Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid deltaCRL EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+-----BEGIN CERTIFICATE-----
+MIIEPzCCAyegAwIBAgIBBjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLDAqBgNVBAMT
+I1ZhbGlkIGRlbHRhQ1JMIEVFIENlcnRpZmljYXRlIFRlc3Q3MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzciKUI1wBFK9EwAbsgpdXjusVk7/1h6YVvqN
++ZUJbsgq/3yxRU4jeSZDcZjMXJPXsrR1hLXn1yRpVo6S9ZobQuaefENp/RiASNOf
+YBYATNAGQmWFZEX9QCogEJpWeb2dFF32sCRzYwNy3DQaBFeDcTEXVzsdvXyfS3YA
+hXdQi5gefeuZjX/7OKl9pRBdaVntD+uE/wAo2Ez8aHIFpPtaqQWocHVZBX9zvFFI
+9V6hrZWECE6ncTeZnE5zEhRsgvEQH9yP/aS/B2VsQ9lp/vLgmUJNlGM+GJGVHt2c
+3GuwDOnGf2X37P3MhtVikr3n5Kdesz6/uifl/hEUTUYuVWJNQQIDAQABo4IBITCC
+AR0wHwYDVR0jBBgwFoAUdxgj5XaEyBSUP4LQgep0seCkLzMwHQYDVR0OBBYEFOW2
+9kwsl3yikB+EDuhYr3oLXkCRMA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
+CmCGSAFlAwIBMAEwWAYDVR0fBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8w
+HQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNS
+TCBDQTEwWAYDVR0uBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+ExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTEw
+DQYJKoZIhvcNAQELBQADggEBAAs0oXbA8TuPF+tMxNXgkOguLJikBkt/frKilUTA
+9DmJ+F/9vjHr72Q9bpjsqKp/KHwJKctL7wYuPsAkXBEMBAXVyKksD85/1Eka6YU3
+puJJeA+Bq0bsDESrJJL8XEXD3VuOLMbOq4Ot7DA6PH7P2F6VkfYrKXJEtabhBkVV
+0KWRI5aCR94pPJKoz2up29fJawUKLXdceIVKN9rWj2+mMv2aEV8f2WX2gbNyqZUE
+35RVGyExTLdt3AIeJ0W9RvxccyIkAk3T5rdeofjhjgyI7Y9/WMBT94BhBQv3SAXN
+3hmax5SnAGqm4/Fh6jl1LZcG5Ldln7tj2DMzewoSysPbTiA=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E1 24 61 D4 80 26 C6 06 DB E3 20 10 B4 4E 3D C1 4C A6 CC 7F 
+    friendlyName: Valid deltaCRL Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DEA4934DBEE6AE93
+
+fdN9TkpMM8GT1odOJXa8TnsKePIaitXGooKLqmvKooIQ84BcTzK1jnOKea5XoqGT
+MlnNHtbl8fO3/S6n0vwUQp3+4EfKw7eWvNVpv+i/L+I3ibWlOvq5YF6ke9b2JQHK
+tVpKguGDiyqVZN8nzN5TUQgz/35tSkuMnkZa9AKqIfHjq91r2ZNtk/GX3st+k1GQ
+IJLsQpjDIToC1QVdZDFzbvRxZLVezs0+jyXgedXagiCyUoKfRAVSmcP8PPibIFrH
+3QPE1D2KmLKcJbcSAR/qJ27ajGEyNjDpUJo6xDUFiKRDYgyxD5Ect26UNI5BIxa/
+/wIcxSDMB2GS5Q6rMkWQXbhjE11/s0C6kE9FDbonrA414PdQkrHCHBj1WtyrOhFt
+1taJPjc3BU0aurMQXFpFaN5NOJciQMu8JK7zR/AeCTkXAFLNyZjZac+qfk8OY+5t
+XoSH5uuhhwZBqPPjOtWh4KqHtjitAUbZ+FLJIENFQhINQiECpSIzABc+4R7tZDDv
+m+mKj6VMo4ZxSGs0ViUNm716dqJqP2bpPi4gF7Y/Ivb6c0tuPtbY2e889WlgxHbK
+2fEXPPW/DX+cFH+gHTCSLFLR06fTENm4pDJ4K6ClEhnQP4qV//udB2PQ1PKyUZ2B
+aC8T9HgvqOszDQbDQ1DQ7HgBlwKd0Y8qqjSQWrr16dsEzbTilH9odqjsOQCpdE4o
+jk9g8O2F+85LsmrBmPn+tuBmIwnbs+M/F19wYoZpLrT9Nh0ux8c8RQvvyIOZ1cPt
+HhfTBeMEmmz/ItkWtGlcAoaMh0Bmq6X+c9n/ZF49LKEztGEhcKpdQu8R0YoFX6yb
+PNqJFXBpWOj5vJrRA2/PVcobtJE55KyOExwDKbS1b188tKJNSJwZbqRG/2ZkX5NK
+z6j+OdQkdoLkq0z0FxATy3tEjlRsqNWHC3352yg6aG8ejvtvucnnf7eSrflPSt2C
+ADYY2uw1NLJjlv8T3xqJk15erT/lRu6ycCBHi8/Pi0Uo2KAoMuh1LIQYD01ZP+nS
+3Sgl15GSwb32Ldmb2ZOkq87/zgIT9/K+Dlb3LGN4v0yzJCb6dZCqPeK0zv0QBPsa
+6VrAVOB+mSszbuDXcT9Fjt7OCT+Pq4Pk4OjVs4tCaY42dfZTBHhBw6dUHmJ/aZ1i
+axmzijm+c32uxxVdt2p7kqt64qdZ58AqgCAGzglyMcIGIQzWo6uAoir8kG2/6clh
+YYPT+5J6VSPC5UdXcSvH15SLaWDfLX7/KMetUbof1KW+/CrPM+L8CNNqdpCinVJs
+iVEY8isQPIIM6WuCANSIyvV7XkjHVqxgohmcmjuDJMdPFm8ftEcZTjCfvy1kF/yQ
+JNz+XsLDjmyRGBQ1bcIQWZR7eLXeNPERe5pPAOpLbWM1IZefGZS1PiuBAOIxK9yP
+AfsbvvVf4kKYy+Ea1XUZfMwLdOeqmAgW1WyP7oB9zlQPT5thQKyMm3Tut+ad8OqK
+cXtMRhi+U827gs/lSbwluA+2pv9dacA5vebmiaku8b5fnOpzo0AH6CcQZGvWMW9x
+kv/jqMId9ppUYu5gzs31/prBo6R9dZ7pdHQrk1XT7tyklkjklXIYHg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8.pem
deleted file mode 100644
index 2db6c9c39f..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8.pem
+++ /dev/null
@@ -1,162 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=deltaCRL CA2
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICcjCCAdugAwIBAgIBXDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwg
-Q0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCr2MUpxzH8HIqzmAylEvng
-qJvVIxI4xzM8NSpC7P7T2R1dmFXK/19W+m5yqOagB9VxgxP9IYbI2VJ/FrbQSD/+
-afpuHA8++piSAs2e/1BoRagiln3PnQTLemPsmVy00eSLnsw6QRdC0MIZjme0/SHv
-Z6XuWPNvicDyA/Uml2pCqQIDAQABo3wwejAfBgNVHSMEGDAWgBT7bNQtgZ7KJ3qe
-DbA86pq8h/9J6jAdBgNVHQ4EFgQUo5OrV2YmbXI6bLyDZaOa/I4MQwswDgYDVR0P
-AQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBBQUAA4GBAFnKbCQCHJI6HhnaoKJkHKk3dBK/E1DNHc3a
-u9yx3wYdmqwkoG5iKJjssQDLcbLfpjuF7jU9nKbk2gcmOIa5//lgCmUaok4WZSUA
-u8bzMnpiZyzIjjoW78RyuntCMXbZzcs7umsOKfOlDXj4wwsev4E7m5nvP2Qv7hEX
-ECR/9DaG
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid deltaCRL EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=deltaCRL CA2
------BEGIN CERTIFICATE-----
-MIIDJjCCAo+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENB
-MjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEsMCoGA1UEAxMjVmFsaWQgZGVs
-dGFDUkwgRUUgQ2VydGlmaWNhdGUgVGVzdDgwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBANNXQWv/s3VtlajbHeAAaJZ+taow3YYnDMLz9tXUqMSOOKnoHR59ec/A
-1XsEc02zK6rj6cC8db6LqebYOUJ1kpBl3t2oEH25mVFiBhgdYiLGeezrLNiAm2vF
-dBdoOCER9Y5PshspgHG45kPR88sRxRuN+NtvOBQ+rS3ZagNzOydDAgMBAAGjggEX
-MIIBEzAfBgNVHSMEGDAWgBSjk6tXZiZtcjpsvINlo5r8jgxDCzAdBgNVHQ4EFgQU
-rDZIHgyRpXqIY0zNvpsz15jbVrcwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4w
-DAYKYIZIAWUDAgEwATBTBgNVHR8ETDBKMEigRqBEpEIwQDELMAkGA1UEBhMCVVMx
-GjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBD
-QTIwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFU
-ZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFDUkwgQ0EyMA0GCSqGSIb3
-DQEBBQUAA4GBACi9fCMcVs6WjeEeE35GgRLIbCVWQ1PbtOFwwJiaM7f/c4i1F3Kt
-A2BcHex6T21Ea9eSra37uvPdAUSc0Dc3klZS96pU6v0oZtXl07daAhbR8mKRmoPq
-tVcto5YqOd/STL2egFKzNVhfR5UZo1wycobU3FZtmFyr9DFIEKb/mFt0
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA2
-        Last Update: Jan  1 12:00:00 2003 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A3:93:AB:57:66:26:6D:72:3A:6C:BC:83:65:A3:9A:FC:8E:0C:43:0B
-
-            X509v3 CRL Number: 
-                3
-            X509v3 Delta CRL Indicator: critical
-                1
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        25:e0:e6:a0:65:11:f0:81:2b:f1:ed:47:8c:1c:a4:dd:79:26:
-        78:05:22:84:96:35:60:de:7b:13:ec:70:ee:50:3d:ac:d4:9a:
-        22:fe:e3:9a:77:a4:fb:bb:86:98:21:80:3e:d3:20:85:57:b2:
-        0f:2e:bd:53:d4:7a:ac:96:02:3e:17:00:67:67:6d:16:01:9d:
-        93:cb:fc:b6:f1:c2:23:0b:e2:de:c2:02:5a:70:05:34:35:8a:
-        72:8c:cb:78:ad:62:96:86:50:5d:6c:ba:1a:bb:e5:b8:e8:5f:
-        b6:7c:33:8f:8b:aa:c6:b1:78:a7:e4:56:12:76:09:7a:db:ae:
-        f5:ff
------BEGIN X509 CRL-----
-MIIBbDCB1gIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDGRlbHRhQ1JMIENBMhcNMDMw
-MTAxMTIwMDAwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAQIXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaA+MDwwHwYDVR0jBBgwFoAUo5OrV2YmbXI6bLyDZaOa/I4M
-QwswCgYDVR0UBAMCAQMwDQYDVR0bAQH/BAMCAQEwDQYJKoZIhvcNAQEFBQADgYEA
-JeDmoGUR8IEr8e1HjByk3XkmeAUihJY1YN57E+xw7lA9rNSaIv7jmnek+7uGmCGA
-PtMghVeyDy69U9R6rJYCPhcAZ2dtFgGdk8v8tvHCIwvi3sICWnAFNDWKcozLeK1i
-loZQXWy6GrvluOhftnwzj4uqxrF4p+RWEnYJetuu9f8=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=deltaCRL CA2
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:A3:93:AB:57:66:26:6D:72:3A:6C:BC:83:65:A3:9A:FC:8E:0C:43:0B
-
-            X509v3 CRL Number: 
-                2
-            2.5.29.46: 
-                [email protected].
-..Test Certificates1.0...U....deltaCRL CA2
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        6a:af:6c:a0:70:12:90:02:5b:70:fd:d4:b6:8d:28:9a:51:5c:
-        fd:04:ed:47:e1:a0:5a:60:e7:41:83:23:ff:a3:e0:c6:b1:fc:
-        71:db:cb:8e:a7:20:0e:f6:9a:ae:e3:fd:61:33:a6:21:69:4f:
-        7f:7f:23:cc:33:47:45:23:bc:fc:a1:79:02:31:3f:8d:77:e7:
-        c0:9c:8d:90:ef:6a:9d:38:fe:13:b7:03:dd:ac:36:72:b5:94:
-        e5:7b:43:a8:7a:96:ce:16:bc:55:00:bd:cc:1b:a7:81:93:40:
-        f7:f6:11:bf:c6:dd:7a:ab:32:e5:be:fb:88:32:e2:06:41:9f:
-        5f:d5
------BEGIN X509 CRL-----
-MIIBtTCCAR4CAQEwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTIXDTAx
-MDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0MTkxNDU3MjBa
-MAwwCgYDVR0VBAMKAQGggYUwgYIwHwYDVR0jBBgwFoAUo5OrV2YmbXI6bLyDZaOa
-/I4MQwswCgYDVR0UBAMCAQIwUwYDVR0uBEwwSjBIoEagRKRCMEAxCzAJBgNVBAYT
-AlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEVMBMGA1UEAxMMZGVsdGFD
-UkwgQ0EyMA0GCSqGSIb3DQEBBQUAA4GBAGqvbKBwEpACW3D91LaNKJpRXP0E7Ufh
-oFpg50GDI/+j4Max/HHby46nIA72mq7j/WEzpiFpT39/I8wzR0UjvPyheQIxP413
-58CcjZDvap04/hO3A92sNnK1lOV7Q6h6ls4WvFUAvcwbp4GTQPf2Eb/G3XqrMuW+
-+4gy4gZBn1/V
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8EE.pem
new file mode 100644
index 0000000000..a16e256c7f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddeltaCRLTest8EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 04 A5 97 42 73 3F 37 86 6D 23 09 D9 09 F6 C8 C8 E6 14 A2 57 
+    friendlyName: Valid deltaCRL Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid deltaCRL EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=deltaCRL CA2
+-----BEGIN CERTIFICATE-----
+MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFD
+UkwgQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLDAqBgNVBAMT
+I1ZhbGlkIGRlbHRhQ1JMIEVFIENlcnRpZmljYXRlIFRlc3Q4MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8cN2sWESGC6fNXCLygPwdhQv9FHYDd+cFpxm
+kheAY2g4ijWFyF6OUiiGE3pgKsWnK6ggR/TGGJywRZGNHHSXxQXFE2yb9K0H9SqV
+UTMAcnj+Bfn/EwTh/TH6MZ1qK521o2sHnLclVwMmsPcXOlvStj146Qy4bJeYxfrx
+4+ElWzjxrFdYq2Bl8Dg3ttC3VN2qHBt/cgJSOYSFV0NRq9AWahuBvaZLabpwThpd
+GdgYYJoS8xbTc1CbQ2Ae3SnzPzRoDgDIa3qq/dvsvid14x19l5iikXutlOc+vP83
+h030hWFY22BcV0KpJ6JPl1G66jE8bqr1OJpiCsMaIUqS6vk2MwIDAQABo4IBITCC
+AR0wHwYDVR0jBBgwFoAUfNj2vgNMzs+3P6EZuzOrtdeN+8QwHQYDVR0OBBYEFDVt
+isYS30aB8pp8CZs3el96Hk63MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwG
+CmCGSAFlAwIBMAEwWAYDVR0fBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8w
+HQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNS
+TCBDQTIwWAYDVR0uBFEwTzBNoEugSaRHMEUxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+ExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRUwEwYDVQQDEwxkZWx0YUNSTCBDQTIw
+DQYJKoZIhvcNAQELBQADggEBAHWaKCfflZoi95Z/yp1yP6w4LEJL3H529WDI2UvD
+1Fm2gkj/+VcJhv3e8jAIppl99nAv96wQSyZ+fK3MyC0z0imcgBGWDuG2R9y8CBD0
+/eEoDNuR/ohHoZep5g6tFTdyCEOiOTfw2KlQUHC5QDrGueQYSe+paIUB3U2mi0Zx
+3wKur48JUckLnnqZM5ZsuGbGJq0jndUEPsbRIEkUTD8wPSrlmGa3FZw3/Tv/o6QJ
+Dn3TRvjVTCGiCqDhvlaB3hdhOl9cxqOgC9Q8JHitr17FUcFUnZdZ8BoiyQE5/ASK
+Pu7QbuDtqRlByongR9EinSmc8KZpZOXA2WZmweq6H2sM8JE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 04 A5 97 42 73 3F 37 86 6D 23 09 D9 09 F6 C8 C8 E6 14 A2 57 
+    friendlyName: Valid deltaCRL Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C9E871E8056A9637
+
+TQBadg+aGhsk4Qn8qCDGGGWmW3z/Xfon1sWhWu/6mKFUmZt7ohtSIM0MIEOZ/Y8b
+8+y4xLYoMR4sj36VErleauBNy3dheara0dmqNeNLY7JdpTQKUBe2Sy/sR5r7bAEX
+qPVng+1RDHDyGHDgdY9wX42pwspeS3Cm5QL2mejc4lVGf59YK/zM8bD99PN4sbK6
+IugUVz14UvkTEghrW8c3jryUlcBRx6lbMyzUCHSQEQ2EJ1e9XdDSNvLiNAv0Fgao
+rvnlL0/9S8JHUie+W9hS33lhABf3/bjCQqBbH6PmH8lGoyRtA6J3/bA39I7pIlfA
+XeGgxbMIzrNRQDFMTcSCRJKbFoVLPLgn0uD/ugMAaWgAfuAJs6gPjc6tHe5fu1WK
+sw8xH3yO1p+I4jPeMmBLB1hUHJMo593iQSTRNKcovBHumP6G4aLHd7rNSiucUj7M
+C/RuTFMNP1xkU1o7eqbLFFAf5EjLPKH0LOiORMYKQfRALz+zhzKI72x1Wv6sFofQ
+RYea7MAsMua/4YIjzGOZ1DeYFkKEopb5kLS0/s5tFLRx9joOzl5MGm0MlIn3cNCu
+5iEc/bPGgA9Sx7Ch1T4x8EabbrNWTbpI3Ru58homQKAUJ/BZWtItEqDq1TuMPgQy
+gAQ7pEcKRHRE2sHGtLkJGmcH67ZIk8ArowMPhQHxslCsnqPEqXu45SwleJi0NIzC
+ceIr4jIhooCVXPtIUSdkdVKtM7/SJ2L1za3/sOB02FCqHRwj+hlTZ6cEg3hWd1Gr
+uJnyhriNrNyMhQY52kTJaPtLNW+3jT26yXIrUWAcsDNVCEHDBMqPzpKNQPVfazMw
+4w+o7e1M2znPICq5r8nbQMT4YLLG2K1JaZmdq7zqLRK2BWo5WQot9Vm0kOlPXTbD
+JTO2V3t3cCqErF2A5gcKj+DuOi/YJN7E2vqZrrw5xFJLZZuiqrVp/gZUWvL9qYMg
+xrGRNta1J/mpiksaosJ71vqnwC4OCpr/dFUkA3WVV+UxaoA0Zt2YIri8wRQPBCoy
+35HZg8rCynP7sckhFLHAqQI96x9djGmFFPzWWol62BVnLAWZ+904Soxs5UTPbQmh
+egm03rYTfU5Zp6ktLb3NdPeixu30i/sBzDG5CvNuchEfHI600kUV7lfzPacBtWZJ
+25C5TpbB1SxBX5tYR/H5kv8M+1dWV+GXOQ68yF20rYNydzzfrd0vYnRzZ+EhDPCK
+2YhzajyVjYeAUdJAJIhaIHAUabHCedlVkWEkDSdm1OzUSvMr9OqyLcEWwHnjYt26
+JXI+GWG0Q/mVJIeyBzbniEzFWVyYqDRYqTiYkKj10BpPF8CBwD7H5jzFlVUu8HpG
+lgLkXUY5iGfhPl3ufNBHhp6NUj4AugJ8X+lBZWFFqdCQ18QL6wPeNfGAhr48oWvz
+97EgBFZaihhesw2eSIUdzXcqZPMfRPt52kBt3J+/TLEE0z/CUpxSpyEDJs9olhSY
+7hoss5HAWV8jbmSwjHMxdEOX6hY5hGk3MnUH5vYKRAfrj8Sh+UAf1B4O5RY2h/tw
+wzoDhzpaggqOExQx3mTzQZKfP5oh4fBpsa9tzoFJ5oa6769qRrV3070BXl4izs57
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1.pem
deleted file mode 100644
index 4d1155f29e..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1.pem
+++ /dev/null
@@ -1,123 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVIDlX8Ue
-jptTAccp199par4Wi+6zdvpzdmUXj6UICGge/S5OJUY6nmBMligfESDLwjhbFB9V
-wm194odW9eAiWfUenAN7i4xIyorZwf5dPqHZVOcv9M3jRBce9j/ZuO8ard6c8Dp+
-UQ7gGH0Avyz4IM9x52TNBjYLthRcxwRPywIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnh8dUFdqhW8b+OZBXut6ujB+
-uvQwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMM6gfNW7Hs8z/E7U5NW/M1Y
-eT2VxqvZaq+HqK/GnxQeJUalPUbLk66F3XU5QmU/gQ/F6wP5yEV8UZALVj7OuJ56
-Vz21USzCSPGXPazeDdBQSx0otXHbKVtamBKYMn+jFqYPuPmNxUWzu4iczvEsBZFK
-0dm+b6846EQQbmI8jNru
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid distributionPoint EE Certificate Test1
-issuer=/C=US/O=Test Certificates/OU=distributionPoint1 CA
------BEGIN CERTIFICATE-----
-MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs
-VmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDEwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN6guztNoD71JstXwHeM6i0zxnyPdZOx
-ZTcQsR+TD2lCqIvhOECxI8GdbfxgHJlvh/2nKd7LKSelitE+3fWW/qKMZ/0YuVru
-PaJZ++CaJDZQma26yjruW5AcBQ0L+V9VYKLoFnGDjtlJrHGbvrv4XZByL19ikrKd
-nt241DXaNxsnAgMBAAGjgfMwgfAwHwYDVR0jBBgwFoAUnh8dUFdqhW8b+OZBXut6
-ujB+uvQwHQYDVR0OBBYEFGrgSYUMuxW8YuQDkUuM8pXH+fGIMA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwgYQGA1UdHwR9MHsweaB3oHWk
-czBxMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAc
-BgNVBAsTFWRpc3RyaWJ1dGlvblBvaW50MSBDQTEmMCQGA1UEAxMdQ1JMMSBvZiBk
-aXN0cmlidXRpb25Qb2ludDEgQ0EwDQYJKoZIhvcNAQEFBQADgYEAaNonr89NlCOf
-B4CPoPAy+I/+jv8FamQoB55nhirAu/W5oZunV0iWLyajzQxSVgMpmrKaIC0cgCwx
-i6XUWy7aAkam0kQMmWzHNSrGEAvMjtYU9+jQj3ZO94LFUlSKsN6Ut1dxXNheb7ML
-YFgoWyPNz0rcb+iy6fjoyxr8fpA5H9Q=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9E:1F:1D:50:57:6A:85:6F:1B:F8:E6:41:5E:EB:7A:BA:30:7E:BA:F4
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0y.w.u.s0q1.0...U....US1.0...U.
-..Test Certificates1.0...U....distributionPoint1 CA1&0$..U....CRL1 of distributionPoint1 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        bb:36:57:87:39:3f:49:50:07:42:5f:a4:2b:3e:b2:04:52:a9:
-        1b:dc:5e:8b:c1:6c:47:19:83:1d:5f:81:da:ae:bf:ba:1d:57:
-        8d:a7:f0:41:bf:d1:40:e3:f8:7f:bf:80:ac:8d:2d:97:15:88:
-        6c:91:39:87:3d:0d:45:79:a3:b8:41:a2:17:b6:a3:24:cd:a9:
-        7b:f2:f9:57:b5:98:a0:a7:07:2b:3e:5a:2a:d8:5b:84:7d:25:
-        75:25:51:9f:58:1e:6f:ea:f9:3a:62:59:e6:54:01:d7:76:91:
-        2d:0f:b9:f5:2a:ce:0c:46:e4:dd:b1:3c:23:92:a8:67:d2:39:
-        6a:49
------BEGIN X509 CRL-----
-MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGggbgwgbUwHwYDVR0jBBgwFoAUnh8dUFdq
-hW8b+OZBXut6ujB+uvQwCgYDVR0UBAMCAQEwgYUGA1UdHAEB/wR7MHmgd6B1pHMw
-cTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYD
-VQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNSTDEgb2YgZGlz
-dHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBBQUAA4GBALs2V4c5P0lQB0Jf
-pCs+sgRSqRvcXovBbEcZgx1fgdquv7odV42n8EG/0UDj+H+/gKyNLZcViGyROYc9
-DUV5o7hBohe2oyTNqXvy+Ve1mKCnBys+WirYW4R9JXUlUZ9YHm/q+TpiWeZUAdd2
-kS0PufUqzgxG5N2xPCOSqGfSOWpJ
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1EE.pem
new file mode 100644
index 0000000000..68449061eb
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest1EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: D3 79 25 D9 3C 99 E3 68 09 68 E2 8A 42 EF 15 F4 9F DF FA 09 
+    friendlyName: Valid distributionPoint Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid distributionPoint EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint1 CA
+-----BEGIN CERTIFICATE-----
+MIIEKTCCAxGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NTAzBgNVBAMTLFZhbGlkIGRpc3RyaWJ1dGlvblBvaW50IEVFIENlcnRpZmljYXRl
+IFRlc3QxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0sPTk1SoTy03
+5AcGZcmP71y5DQKUR59LVALZKFRoNPExjKDu/1iA4xbhQF7sQPExUpOp1hmCn0Ln
+FXCS+Cal+tKFOZ2+jLs2QCWk96czfVQ2fKipq7C5CwZXMYfhiUL+RZ+cXt7KEYdH
+TTfaWbHKIBW+7DCJ/AwEqbRa7b7ozLnrprQXvjbgJTsEbWZCD3oQVHg9r+5sWgwB
+/JhcTyr3+t63ZRMT8TjXqElnu2n9cGesJgy3/KEyBJ7nV50pQQVdbVPHf/QximZd
+wCSnlnMubmC0dqCZFJQcJQhKToarEkdyNNZwaci58pJ0heZ3XDwAGhLLXrUc6MCy
+h59WPhNpkQIDAQABo4H6MIH3MB8GA1UdIwQYMBaAFBEwc72NcCiC0m/P0jftzesj
+kdvvMB0GA1UdDgQWBBSy6JFibzXDGWwqeeIz3gyphnF+vDAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGLBgNVHR8EgYMwgYAwfqB8oHqk
+eDB2MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEeMBwGA1UECxMVZGlzdHJpYnV0aW9uUG9pbnQxIENBMSYwJAYDVQQDEx1DUkwx
+IG9mIGRpc3RyaWJ1dGlvblBvaW50MSBDQTANBgkqhkiG9w0BAQsFAAOCAQEAN4Nk
+5AglIPqk6oGm0F3kRKsgBJfkUR8Cm97MqjqzUzNHN9nWnQd4yihkGd00gKMVqHqw
+Cs/hm61VlHa+Y6l+cXprG+aKOQlTzircOjv8kzJRTglu72dnSeUtHZEw2Lb06B/0
+4dO/WUQcvyMzB7bQCeUFYA+JGZJbGhq6irtI9aXgfJK6vOQkOp0M8UNohCYJWVnD
+rJ1ve3lDEYm+TP+oOvGJPI6+eLgugaSQs7x+nCu1GGa7Ur1lmzLBkDpBU7/bb4zD
+58x+mEJzcnWFp62PxUnBIOVjxvHOC5hfvhL1pMwb2hJTCUz5Cll+9Ql0cimey6N5
+qyh2uI5l4i8HykXVSQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D3 79 25 D9 3C 99 E3 68 09 68 E2 8A 42 EF 15 F4 9F DF FA 09 
+    friendlyName: Valid distributionPoint Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B1814F2B9424DBDE
+
+C7PqZvJSPgKj6ZgWexy/L4+LvKtgmY08HSfMfhnJASIcNGuzYlHeNFx0m33jLU4a
+94hkgZkGwrRyvW8yxEnIxgnEpJAH7bmMY53k5mYRp3yWae84FL1EOjFaWPYQF9T8
+8wqfLCT1Mc4CNSo8/mINq7PRXkRckBL31fMk5vbDDOD0N5/VFySu+r2D6+qIVmBV
+rIl8Pxeox6ZTc423JuBJNOlplcFNNxOVxYkez0kpiAIWQaHHnD/ib0TNRFwCqdqm
+LM2ep6qFhQLxJXdGv+b/uKxYRQneHmUfCICsZsESAI68yuV7gINUSoG5gvuemyVN
+fi2nkG5MhQ5bAu5L8T0VhhRi3E/g1ND7QLkBt8pNIOqfUrYdT7QHZODYe+7MBBQr
+HAZ3whqebuzXsK4r5ZNphZOFOql2pebB/F6EyGExbSZ6bkmjmGqVCSZIfpOgJ0n7
+1xEXo5qOZz6PPyBAszL1vi97t82TQO1aqOcq/rXzA80sjFQopaDhAXeWd/on6O/s
+DDQYz+d+QjgTmFWeUQ+UvvpNXsq1E5WxWqsyiDzNF0ebhCzdyDDxDaYFFy2kUcAO
+Y7StHphBn5KB3ja2xf84R9eV6NN6B3jaoUnZyNTpaSdqSLjxU3Yl363NJ/O+hOgn
+c4iCsEATcq7A2881DSyRr7r8hVxv9rQu9z/D7mz7y8VuRGtABesKVsBU65Zj83aH
+JBKnBthU0FGCC9XTx+IOVATk0gDiFImub6N33KEtzEGBWNKh7Nc1DypjnOI08kBp
+PNw9bWtjRlJ4caBqfB99LLju5KGQa6wJSIzkmhBqrykoJ85RB8UEb49TZxWm8Mim
+Qm/3kZ0aiTTBkWtlZM6zy8/5oHAO8oeqC8SvKrOJ+CE0lWjBAQ0Zyp0uy6TJDeAf
+ea+yjoqvsnXH/DxfUkbTkILZVJP2pKwj38/mYfpatiHyUGDg4v7V6Rxnl1NP4gw0
+Ew6yRe0HeonLkTcEmjqlBsDCqlhU98h/nplTwCcTMWfYnFUVYqGsLDXrJajXL3Nt
+Zi/TbNAWQibB6bCedurPgauHNoRaqvsRnVJZ1DTqFuc+hBL3sWPVweHBjxBbwxs3
+K2GZmE7uL8jHUUoDcvjNrieh0ESfHxDGWwEVKckokQsUKuwdPqgNuCbGeZapce2P
+BSh8dlZkWHvoITUgTwpUU2736xR5iCEcfwTpkLN4eJtFWaTaMBiPNd6/8RKXFAt9
+cs+CK+6O2i4JV3J+hZCT3hqeNAt86lumKlm4sgn2HyecH5Xkg4EuO1Sw6LYUS7El
+XfpT2Jo+vM2hfMp/ebvTsFAOOfoD7V1o4vYfzHcD/rvqnPMyLSnM3sceKZXt70E8
+s2iQ/VxZY8GXrFlXTJa5CRof+CvkWDDjfqlZo48i2amH4qn03Eylapp2ma3MIiuD
+5KhielEG5PBYkOxonpfj8erbLU7unCtNVKFiXT1hDS/o5YDWHJSuCR8A1/7bOzuh
+OYR/DcBGhe6Es7NLWBgIwSYMLTGCv1/sukMqVERVWATgvn3SbuZ2mSxesJjN2/kk
+uvceA1UtkI59duulDW5mIv+zY+0DuYlXTnZCdNR6o4VoVZDQb7vNxzBcDDn02Wzp
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4.pem
deleted file mode 100644
index b910bfa5b8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4.pem
+++ /dev/null
@@ -1,121 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVIDlX8Ue
-jptTAccp199par4Wi+6zdvpzdmUXj6UICGge/S5OJUY6nmBMligfESDLwjhbFB9V
-wm194odW9eAiWfUenAN7i4xIyorZwf5dPqHZVOcv9M3jRBce9j/ZuO8ard6c8Dp+
-UQ7gGH0Avyz4IM9x52TNBjYLthRcxwRPywIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnh8dUFdqhW8b+OZBXut6ujB+
-uvQwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMM6gfNW7Hs8z/E7U5NW/M1Y
-eT2VxqvZaq+HqK/GnxQeJUalPUbLk66F3XU5QmU/gQ/F6wP5yEV8UZALVj7OuJ56
-Vz21USzCSPGXPazeDdBQSx0otXHbKVtamBKYMn+jFqYPuPmNxUWzu4iczvEsBZFK
-0dm+b6846EQQbmI8jNru
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid distributionPoint EE Certificate Test4
-issuer=/C=US/O=Test Certificates/OU=distributionPoint1 CA
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBBDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MSBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs
-VmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDQwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANJIkOdZRwN8UTl55iM8yHPn50dQHIq8
-HfyujAk6Jv6J99xOf9TR0MdxFPy0pQ+sqafVe30jTmqUVekQqyzewTZvJ3Q2tRoc
-POnbHancXe29FlXNO2PXHA+L7RPpFglcXQjTQTzccRCzmpv2bRO4oGEICTWg7twt
-MiPAc4q4jZbfAgMBAAGjgaMwgaAwHwYDVR0jBBgwFoAUnh8dUFdqhW8b+OZBXut6
-ujB+uvQwHQYDVR0OBBYEFNbqujjf+uaNLMffRr8p+XZZJNN/MA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwNQYDVR0fBC4wLDAqoCihJjAk
-BgNVBAMTHUNSTDEgb2YgZGlzdHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEB
-BQUAA4GBAKzWCbFK6I9YapazUsu+6hrCf5Eafd14GQqQOhxwUQNvHdD8IxcTeQoX
-7u5YapjezA6GSz14DxHIZQRtE/cAzSIjRJjDvn3rQdrlwdNXRgjFia9Jknth311/
-GXxAPrAwlxOAuTBFplNC9mG9japtT3qz2BkM/q+MdedGRWtS++30
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9E:1F:1D:50:57:6A:85:6F:1B:F8:E6:41:5E:EB:7A:BA:30:7E:BA:F4
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0y.w.u.s0q1.0...U....US1.0...U.
-..Test Certificates1.0...U....distributionPoint1 CA1&0$..U....CRL1 of distributionPoint1 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        bb:36:57:87:39:3f:49:50:07:42:5f:a4:2b:3e:b2:04:52:a9:
-        1b:dc:5e:8b:c1:6c:47:19:83:1d:5f:81:da:ae:bf:ba:1d:57:
-        8d:a7:f0:41:bf:d1:40:e3:f8:7f:bf:80:ac:8d:2d:97:15:88:
-        6c:91:39:87:3d:0d:45:79:a3:b8:41:a2:17:b6:a3:24:cd:a9:
-        7b:f2:f9:57:b5:98:a0:a7:07:2b:3e:5a:2a:d8:5b:84:7d:25:
-        75:25:51:9f:58:1e:6f:ea:f9:3a:62:59:e6:54:01:d7:76:91:
-        2d:0f:b9:f5:2a:ce:0c:46:e4:dd:b1:3c:23:92:a8:67:d2:39:
-        6a:49
------BEGIN X509 CRL-----
-MIIB8TCCAVoCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDEgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGggbgwgbUwHwYDVR0jBBgwFoAUnh8dUFdq
-hW8b+OZBXut6ujB+uvQwCgYDVR0UBAMCAQEwgYUGA1UdHAEB/wR7MHmgd6B1pHMw
-cTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYD
-VQQLExVkaXN0cmlidXRpb25Qb2ludDEgQ0ExJjAkBgNVBAMTHUNSTDEgb2YgZGlz
-dHJpYnV0aW9uUG9pbnQxIENBMA0GCSqGSIb3DQEBBQUAA4GBALs2V4c5P0lQB0Jf
-pCs+sgRSqRvcXovBbEcZgx1fgdquv7odV42n8EG/0UDj+H+/gKyNLZcViGyROYc9
-DUV5o7hBohe2oyTNqXvy+Ve1mKCnBys+WirYW4R9JXUlUZ9YHm/q+TpiWeZUAdd2
-kS0PufUqzgxG5N2xPCOSqGfSOWpJ
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4EE.pem
new file mode 100644
index 0000000000..9c24c93c57
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest4EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 0F 9E 09 91 9F 0F 27 AB AD C8 5D 0D 95 BF 42 64 0F 13 D1 F4 
+    friendlyName: Valid distributionPoint Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid distributionPoint EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint1 CA
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NTAzBgNVBAMTLFZhbGlkIGRpc3RyaWJ1dGlvblBvaW50IEVFIENlcnRpZmljYXRl
+IFRlc3Q0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyr8rZVD36q04
+FE0+YBnLiq3ad6FjrlscY2OK0okCydYweqD0c4RT+Pzsx4zOFl+89xzFMN4JRgzz
+W7+vnHR/rjnZMytEjN2k2ogy69ngXOgM3HzQGKCdqki9avl/Nn2vyE8+9pi8GCVj
+TRfEG2HMArmx3PP3QiRjrRmelJxSY/FLlZvTVHj2gAWYAzmBiCeYCl+qR9HxSnss
+JXA/TQb5aNgMb5L339Lk7Y7YT5mxVQ8xKMutTTpVtz3GfxEHQgo6agYxgiIa8bMV
+IkE8p0fG2ZRfYwLhwYy87F9JEIj2ym+Z/0Ooepew2niiFMqxVtQIVslUVLtL/xod
+uiktM6x3vQIDAQABo4GjMIGgMB8GA1UdIwQYMBaAFBEwc72NcCiC0m/P0jftzesj
+kdvvMB0GA1UdDgQWBBStvK477w0iNyKZRRE+EwqQgnHVjjAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMDUGA1UdHwQuMCwwKqAooSYwJAYD
+VQQDEx1DUkwxIG9mIGRpc3RyaWJ1dGlvblBvaW50MSBDQTANBgkqhkiG9w0BAQsF
+AAOCAQEAlivKj2rplK0uUXRMFJD9MHMBLpL35+UHCR37N0oX9VFLiTff3cCoMfkE
+0Dt/8uJk/N6dQI8n3vIYRH9CKiOIvfHudpFNSAM6LD9rGbIsmYADib3mXE2vVhcB
++edYLI7Qcd0IWXiQYsXAmwJuZfWn/KZTwFlkUVfMDUDOwFBSDIDTmISGZwoh0EUN
+t0ZTUYFUSCliBzQcS54tJOY1gnV4P0eAr946u3Wx2sMTKbZ8wGeKNzkuMYeGYp8l
+3JNoV6p2Oa6zVi+tHf3tckTToZhykiR6LtRcpGGiOGbTIIcdcmPZaf/LUfKgIqyP
+dsaeo0Fk2JlJ6/biR2C0pYMtN/hIfg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 0F 9E 09 91 9F 0F 27 AB AD C8 5D 0D 95 BF 42 64 0F 13 D1 F4 
+    friendlyName: Valid distributionPoint Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,02924E6CEF2362C8
+
+iZyvq7fQJC1gqwi+TzhvSaaAp7cahIAGNyaN3BK2qsuorwMELmLp5vci1FocVpqC
+nJcNKQYvDWGooz4PMDU6GihwexEWMlAoVDGTO+obq4aAjahK68CzqGzROPobnMxs
+SNL2E5geSuF1dU1pE89hadMY35n1sOQtvWqrgaUqmPDcwaCPWGEV1xMH09lJ9/WM
+mV6L6KZPX9be+pXDkhrsZ1E6VwIV/cHkdmDpnhzXuErGHMQlPJqg5j0nI7wXliuU
+XSPiDsladyNIaJAkNHKzjDON9+rsRcAYvQytZ1ANiBAGmY6QXyxlOiro3rHeS6vl
+JVYK8pM5+EhOLJci1BAAc0se2Tvl7OXZIJuBwecvEiTnwCZsgNkJxNvbms3jdbf6
+58GETQCcJO1QJGUdnylELNjZIf1+PP5xCkP/2dAGdYZoN44P5tPstSAAv4uk7a8Z
+NfRgQubt0vovK+EDAh7szn5sMysNgsYYw137qFctYzDy7Go7jDizdZzGV+2/3F/Z
+Pwh0FsLaMjsApxJo5JtuHDOvADf0D66hpzb2HlOOmZ1t6HIxAjbsb4TwV7ATLHc7
+kyo+YLvSXOMN5Ma+4FwBPcMIf8PFtUQDT0KO16JlDtA1GXrbMkRmhvHd2oqU/bYZ
+9Yd21RFaoDOHtaWTXdriMYNcuzdU4E4x7vryqNU7lgxsqLZzShjpHLscTv1mPDMw
+SEe7qQAXfZO8h/qDaPw3PqLInaSeC7QbrBBwtHKsS8kzwgCassuVtLHHGVlRz1ee
+WGuY2MIGMmuHi0bN3IAWffYaAcf9/SEe7y4e+huHepU9HWg8bMZVy/mJS6LuRSEk
+kP/FNlJlMXujsed6NFToB3nNrWF/OZhq+9BrAl6KTMQ3isfGvDmYqw1MfGs+NAwX
+TYsV7F485MHc6dHc1ekJKp1K9n9SrWeT6yL1FNt3radujiWysy4giIsCs33kIqyt
+gyX7oYeprTvqVI0ajwJbVAWI8s7vR/LzR1kwK5El94e8tmpFiuQafBkap3EPs0qE
+/NyMIyneB4Znkn8mAexcMwxQZJrwFd0nmySjUqOl1t0bwX688eW0+EnRuohS83fT
+w48gKgZNEgDdwsOgq3TG8Co03OZbQVwf/lKBFaeFYQ5ml2ZwwuZ+shocufSMQDEW
+DsbD97FodlJeEAdXRDTg7BoCDtrntMnzfXnDButUT94+gTCr30ymyyaGajVE4LNh
+6h/rgdE8qVrsl8JX+8WNsOnCFrOBBV7IoqoUn2+g8eFJrxrjzB//R5Bmk8Wp9NiC
+Er3eBcInY9ySEKaWfaDzUjSoTKm+PRz+q0Zlh5+7RSWZWqpJMX5pKRmXM26f1YCK
+KmGDhg8sCSrqBa4MMteFun3E2Q4PwRODHuprrHg7EzcAm14C4W9R096HDGr2vEV7
+X9LqEKkF42FHLVumGLmOOtHnfx091XDD7v+1zCSbJH7HfNcKfzZNgNXztwRRdT4W
+6i7b6+omPIDSUMaC+UDFI/DEGL9yzql2JKcaYPO/tKkD6Pl1+QOxjOi032W93CYn
+v+Rs1ewQxvnAXEhPTdLploM6w0GgelUvbJiYCYgc5LrLuAygaRUQSS6KhEg9rC5E
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5.pem
deleted file mode 100644
index ef20fec499..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z
-XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna
-SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK
-u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd
-uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i
-8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA
-p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF
-nhKgwK6jkVuYAf9HHtVh
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid distributionPoint EE Certificate Test5
-issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA
------BEGIN CERTIFICATE-----
-MIICwzCCAiygAwIBAgIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs
-VmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALIdJpgRzxOKTnCCaASeNoi7icWn2JXA
-bBhMylWHT4WIl7sKHk5BkXh5iSMq81bPtotaxeZ+Ws8HGeZfJkZi3Ea/lo6bRPIp
-XLWXT9bEppiXcWEsQjM1OYGfiqAsPqHLQYmx3QlNndM4/lkMpXScaPwVUH5y1dbF
-oPNUrRztB7TpAgMBAAGjgaMwgaAwHwYDVR0jBBgwFoAUOjSLBeN2WFjEhwSYfX4d
-jKxduU4wHQYDVR0OBBYEFPcg5CWLrv8FdA/4HseZ3PWB0ri3MA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwNQYDVR0fBC4wLDAqoCihJjAk
-BgNVBAMTHUNSTDEgb2YgZGlzdHJpYnV0aW9uUG9pbnQyIENBMA0GCSqGSIb3DQEB
-BQUAA4GBABOac3w495YGcjA+gy3vEom/LJkN4/GNBM/n4qqPQSBLDfO9llCa+Ocg
-MeRH/D/CyKU7r767Zx5WsPTRtu8hysZQF/B2QMg7wrt4iJxD2VLl1gDrWSgIFEYL
-gmkFWj4cnUEWa3yxc+WoAYbFMCp10pGsfIpttb0KqIUYHGBSBNdX
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0*.(.&0$..U....CRL1 of distributionPoint2 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f:
-        e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0:
-        1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e:
-        ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06:
-        bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3:
-        fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95:
-        a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad:
-        d9:03
------BEGIN X509 CRL-----
-MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY
-xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE
-AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD
-gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis
-MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6
-OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5EE.pem
new file mode 100644
index 0000000000..2ce99c5cbf
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest5EE.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: E9 C5 29 E5 92 23 E7 76 AD F6 A8 06 0B 02 C1 A1 7D B3 D0 6E 
+    friendlyName: Valid distributionPoint Test5 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid distributionPoint EE Certificate Test5
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint2 CA
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NTAzBgNVBAMTLFZhbGlkIGRpc3RyaWJ1dGlvblBvaW50IEVFIENlcnRpZmljYXRl
+IFRlc3Q1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocgvAWF32zRU
+CqGI+DvQpWf+IU/MzpIJw0N2yTC9n5RQqepLfHbOu+s9ZEbxs+42KxsbXktapPgO
+yd6z/2M2gxyK4lKH3a1+iAf5hoPMyiYM3/Fp+GttKrlbWyXnFMx+0l2v5U5NIFl9
+sSoS9SxpVMtCHp8n67+fwKLHmZuvqIwezeqDGs/NWsWyq169Q3IIZ+W8mXIsQr94
+1Gs7NgbQ1wItpyHsfGQlcqT93WCloAQvdLikIISCCJhH1/SGZ2sYxWw9cjxP7Qh1
+VNobUSTq45voboe/Q1ccqnpfnFCnnEdepHPSM1an91U3w5PJXSarMloiyXUFsxhq
+HZfbIcK19QIDAQABo4GjMIGgMB8GA1UdIwQYMBaAFERs7ttvf+tOSX94/s3lGKDs
+u2BrMB0GA1UdDgQWBBRKg0dQhxSRE2yTyIuHCUD6gvgVITAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMDUGA1UdHwQuMCwwKqAooSYwJAYD
+VQQDEx1DUkwxIG9mIGRpc3RyaWJ1dGlvblBvaW50MiBDQTANBgkqhkiG9w0BAQsF
+AAOCAQEAfBLVqAitbExsjyJN00xcHbpcOUeLsGlcqODdse3hqUWBCGYVSbldGMsb
+X92XvNJuxg9eIXGRFywfr7WaWMhmUE9suOOF4amhS6PySHI+3nRTjiSuSpr6Flsm
+QBy6V8E0GhicUd7gQKjnmX/bngtuLrxDmT0J3KR90K35EDUBHMWj6xtgofMVUKGK
+DtPWB0pLklYStJgEJnbKaaOjO25yE58hxHxMwLRzs+yLJORA9m4eZa4PiGQ876oc
+hWlb5rgAhkEpCva3aQL4bU7LfHWteWHlOcL8YJxPQWReBizEk9G9A1jjRoMzHNGc
++RPY8p7JErINu/F/bY8WhuulVYdYrQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E9 C5 29 E5 92 23 E7 76 AD F6 A8 06 0B 02 C1 A1 7D B3 D0 6E 
+    friendlyName: Valid distributionPoint Test5 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EC0796A18C4A9208
+
+cRBX4eAQ1ocSls58fvv7ns7yXjuLx027m2P5E4VUodsjirJnMrz08Rl7NvpqP3bF
+uRNmrLEHh51rzxof2/Xz70n+gsjvH18AJEprTI2jWwdGU5CRKuFndaWreR6Utnt/
+O0yGfYeYU6n8OUllg+iatMqXignwUtssC8kwmHkr0JL9u2UVWlJtTXAN3ZQcAn1n
+c/iEd/q8CsT1D66zKiNsXa6HtAtLb9KzA3w746cJCv0867BTym65VdIU7Z0dfzyE
+V6TLeKpU9u+p3D34ukjtn2APVeOMI+L8zSgs3/nbL1/jXWG7Wig30HvnEiwf+bHk
+uvu3YFZ57+U+yV2QwUx0H0PgIR0AIgqo5jyWyHsw1Y9kVWS9JdTf9CDJcdYM3Smo
+7lCZy+hemLXYODpmDGdtmeafKiCcBnkj8MMwUyE0fQdK+HhK9S1rIWv4SpVLgRjl
+62+e24ruvNm/GWtwTitLiFkuCaInIY0PmAEXKy0COGmuK12doGfvFEnCqjhSAkF2
+xdD5u1y3iIZPoD1ffUBzO9wzrC+0HnXH7lIkefKg5tQ6a6mkJYwsbPkb3v3q1jga
+uTIG1oSCng/IHJsMIvZqB0/ZXLwqiLRaNxyr6Nvoi0pQfRaEsgK39D0MyGupTPqF
+ouRJBovbzUp/Iz7duxM3gsQ/sr/qXy7pxZbDOfP6R6k0LE1pPqN5X7CJ0PJlIVam
+w7wcFN5TVBqLsdKie4JaR6w9VFK5129ZTSH52FZIRWhCTdwFBXBPahpa30NYVlXm
+vMe4912HPlK7+/yLSrrmofYaBo0esF4VD7dXtKRotGb4pBnw/aDkbtDo/NVI6Yp0
+/LMrYIdm9JQCmC0YrzobxABVYE3rjJKScjFL7uZDpoa1eiI+AMAUmapQphWnR5Bj
+GAVeURKYBqexzeXYhULGkmbMT0uqEiRPq5ciW3NjLCoNdGZD+1hXvQfACUbCpTd2
+anXjNZCOVVsQE5LC2Tq1VntW1AQ2FcHRUrXQtR9tf59AkoR/wWkK67AbjbHfrPxI
+KxTfhjYK6ENq/UuNc2PpFT6RJbM/ByVdeQZMmpsgkJRwYR4btVrmb1yHcU2dEf1g
+xdM7fGo09GALgferFuadvfq9iyNs40yjIbPD9qpq4tfNSpcaRH9gKphwtjpWUm1L
+PCRslk/LdejYd45dW8tBu0MY4NkthyNQCe+4b3cjQyBR/9WRwanoz0hzrMX321uF
+ya0bj+8wjK0aCcavT+gJIBwN/mP1FT0+UsWy0fN1u+sA4BkPtzOHfqLya6YA/gzP
+SXYZM4PhZb+643ujmkJP1SYqw10rDUq1pADP9xdpT8pkmBkCzfi35PQENzcvUngg
+sEeIY54VMr8pFfTyTUjuMNyR3lw0tVMdxMg3eIv4DvVhJ1/R2XS4O8d4xllt5X8N
+6gQGU3f7NZDlZTyIHwCxRFjRlEnTcUCaspu6N2LRqRYAS1VquoUXWQBKZQxGLsIV
+weL/ZdGTZ8Marrw/+QW0QhJaU4wO0WtQxylftd+vkyan0VAYJ/wRDZ2RS6WIVKYP
+ojVhkaeqxbJ2S9vmbMn4SrYDvAMUxbuRUP7XjXcMqpQ7Fg3R+a9vU8xIiCPWs53r
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7.pem
deleted file mode 100644
index 47a6d35e13..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7.pem
+++ /dev/null
@@ -1,120 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=distributionPoint2 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBSzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UECxMVZGlzdHJpYnV0
-aW9uUG9pbnQyIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs1jD9UP9Z
-XFXO9pXlwQaq3g11cXEADTlDc+W2RuUiBJXRjOhbt9pBqMwI7EhS41KMALd8ISna
-SAp5DDvmtp2z4X95eoizwZ9O5vtIw6XA7d5EwFr2c89INmIXFw2OA0K2Xj9K7eKK
-u95rUFjJM7qfZueTDyR8/qrUEUUhq+7gtQIDAQABo3wwejAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUOjSLBeN2WFjEhwSYfX4djKxd
-uU4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAMagar2d/lP05a6g8iDgAc4i
-8GOkbbNIOguMdW9fwv9DvIJyDO/ruRnKgZJdY9osVBqR8pVP1qErhwboe+dIBgLA
-p1yRVbcPKEd/1xXrFhjoH9Wlp6CK6Al0LIJ7iQMoufcUzay6Bux5caNEH06+BnJF
-nhKgwK6jkVuYAf9HHtVh
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid distributionPoint EE Certificate Test7
-issuer=/C=US/O=Test Certificates/OU=distributionPoint2 CA
------BEGIN CERTIFICATE-----
-MIIDEzCCAnygAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAsTFWRpc3RyaWJ1dGlv
-blBvaW50MiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs
-VmFsaWQgZGlzdHJpYnV0aW9uUG9pbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALJkqBgeil9P1aDGKnKT8h4pjVxykFCh
-VM/tAU8+60Q16CRQ9Bt/7EPt0Qt/mRgxeP51SDX2Sw37dE2Y6aTbGufnxaQbYQIr
-Xt4tEbUHKCx5cTIkR+rQh14970HAccLfsu8j21u+852qqsnXm1liCdwTw20NwfO/
-avIK1efcgtyvAgMBAAGjgfMwgfAwHwYDVR0jBBgwFoAUOjSLBeN2WFjEhwSYfX4d
-jKxduU4wHQYDVR0OBBYEFJFcO0xfyRIlKoio1BzAWLtkBu01MA4GA1UdDwEB/wQE
-AwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwgYQGA1UdHwR9MHsweaB3oHWk
-czBxMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAc
-BgNVBAsTFWRpc3RyaWJ1dGlvblBvaW50MiBDQTEmMCQGA1UEAxMdQ1JMMSBvZiBk
-aXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQADgYEAOPu/fA1dLP+t
-SF2JNufkHRN+2SvhsqtuOTvh/uFByRS+H2bLFMaB2IJQwkCidQ53kf8LNb6iNRtj
-hjVosG5KpEvqx70cRcUSp15fcdMDrjz2tAgiq58Eq/8DgYa+ml+CVRBx1Y6KHsyn
-eeXXuCv+DmdYkhXefbSyXe2lUsCiuR0=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=distributionPoint2 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3A:34:8B:05:E3:76:58:58:C4:87:04:98:7D:7E:1D:8C:AC:5D:B9:4E
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0*.(.&0$..U....CRL1 of distributionPoint2 CA
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        8c:94:d4:ed:c7:a8:0e:9d:16:d2:aa:4d:3e:d5:a4:72:af:7f:
-        e7:9e:83:e9:93:a6:92:a3:0e:48:39:60:27:0c:6e:75:4f:e0:
-        1d:84:89:17:3e:09:85:f8:ac:32:b5:76:76:ab:09:64:95:4e:
-        ef:01:2f:34:69:4e:3d:53:96:7b:05:5e:c9:b4:84:62:a2:06:
-        bd:5f:6e:6f:c8:08:be:8e:d1:4f:33:72:5e:8c:0e:e1:2e:f3:
-        fb:23:7a:3a:34:3e:69:3f:6a:44:e1:a5:fe:cc:5d:60:23:95:
-        a3:48:97:bf:72:dd:2f:ab:fd:59:5c:d2:11:c1:4c:e1:f7:ad:
-        d9:03
------BEGIN X509 CRL-----
-MIIBnzCCAQgCAQEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMR4wHAYDVQQLExVkaXN0cmlidXRpb25Qb2lu
-dDIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowIjAgAgECFw0wMTA0
-MTkxNDU3MjBaMAwwCgYDVR0VBAMKAQGgZzBlMB8GA1UdIwQYMBaAFDo0iwXjdlhY
-xIcEmH1+HYysXblOMAoGA1UdFAQDAgEBMDYGA1UdHAEB/wQsMCqgKKEmMCQGA1UE
-AxMdQ1JMMSBvZiBkaXN0cmlidXRpb25Qb2ludDIgQ0EwDQYJKoZIhvcNAQEFBQAD
-gYEAjJTU7ceoDp0W0qpNPtWkcq9/556D6ZOmkqMOSDlgJwxudU/gHYSJFz4Jhfis
-MrV2dqsJZJVO7wEvNGlOPVOWewVeybSEYqIGvV9ub8gIvo7RTzNyXowO4S7z+yN6
-OjQ+aT9qROGl/sxdYCOVo0iXv3LdL6v9WVzSEcFM4fet2QM=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7EE.pem
new file mode 100644
index 0000000000..ba308d9054
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValiddistributionPointTest7EE.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 25 9F FC 85 A2 6D 0E 82 9F 26 F7 21 2E 2A 5E CC 14 A9 F8 58 
+    friendlyName: Valid distributionPoint Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid distributionPoint EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/OU=distributionPoint2 CA
+-----BEGIN CERTIFICATE-----
+MIIEKTCCAxGgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UECxMVZGlzdHJp
+YnV0aW9uUG9pbnQyIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NTAzBgNVBAMTLFZhbGlkIGRpc3RyaWJ1dGlvblBvaW50IEVFIENlcnRpZmljYXRl
+IFRlc3Q3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhy1vplMFbpz
+ccU9FYtMZkobOoPsE4uf0s8UoML/tgHDsnzk0hsZPzrgkDwd5a5U5rXrt83S0ZZB
+hfcr4a2vgc5n8xtUB3hBI4++M4t6W6pu4YuHdxNZxLJNxzD6JXXzs42t5dTH+Ryo
+wgcfIsTkrMgaIw7gYV9cEoIVxVnqd5AY7qBmM2vN/DsgTaV4uju+XRhXiPcdpf0B
+j6+nDFoP2jrwHvrC5t4BcPfMMUfz316kt1DWnxcRlYp1mec6D2FHnGvVmpBXKU4O
+JzsjSXirlBrpS945LYxHLPwdRDvblL2JahjUKgKHWEZYOGp/UCdK09s+ikIb6P+R
+iJpz0t9/EQIDAQABo4H6MIH3MB8GA1UdIwQYMBaAFERs7ttvf+tOSX94/s3lGKDs
+u2BrMB0GA1UdDgQWBBQgeJBnu2Gwake3G5H9oG+TMcj37DAOBgNVHQ8BAf8EBAMC
+BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMIGLBgNVHR8EgYMwgYAwfqB8oHqk
+eDB2MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEeMBwGA1UECxMVZGlzdHJpYnV0aW9uUG9pbnQyIENBMSYwJAYDVQQDEx1DUkwx
+IG9mIGRpc3RyaWJ1dGlvblBvaW50MiBDQTANBgkqhkiG9w0BAQsFAAOCAQEAWi8g
+5HeE4pN40JTyl1xf2WD2d0Rp+EGRPBRT6JsA0Z2ajrVWJg/Dpqj12PgQqbCY6fd6
+e3DSzJgezXAOFIdaXNRWtt6bOYVEoZT80/Uszv5inEmYBWJYoJHaHClDR+I8Jxy7
+lVsuR5qsD6QPiqJYXSQMOdQapZdAZvXA8ZH67mhY6AFP+1E79WBcEwWuqY0CxH4l
+QAPiIGH0hHYiwkU2AIAQt9X6DzpgvpFQwbgrtM1LSlQAYPftilG3KV0RMV9PEBiV
+z+ojLzhK21j7upjcgJn5HKGUUTOSQ+e1FjxLYAURF1Q8+BvOPOjpYbzQlA0b0FON
+3hjOfuXfei/6htb8bg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 25 9F FC 85 A2 6D 0E 82 9F 26 F7 21 2E 2A 5E CC 14 A9 F8 58 
+    friendlyName: Valid distributionPoint Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,12D6324C6E746FA4
+
+rj3/7o3RRUBDRfJnS4bVr3DSNqpBvjuWo00w0UAAAwrs51AkZSjy31TsZ3NOclBq
+ztXMvKZfLBQ39EZFOYL0riCx+QR1/UPbS52QfypDgq2RggTPAiKIxVMgw73S3pnT
+EH6RfYv3AegwIFXpu7VCPSxe/w1t5gJZgWQD/VVZy2SYhfDniZ4d6B5IOQUd4UVi
+1Ltd9YbJfOPfBMbEmv4q8TZtTTNOgSY/K3WfAGq6M2IeyNqKTQCANUs+wuJz6+Tq
+sw/7cVt2/sm+gUrpdP+dbCdM+T21MJBHFKhIG+P0V6OPHwtq14up1k98Ls+Ax7dA
+I1o5KOXbLwDUx5PooKlI4AYYVWIoFc8CQRsMUxmOQ0b8pplIxcgDg1Fgx6s85pug
+QQ206UbqzzwewMrvD6rqEI8RaHju82b7FzyQ9xdLsXyTdxoYMwyTMNino8JLwqOI
+wrwibtbNIP7q+WPaBIFoZuPAnqrCOYBn7yf5qnmWnLM9dpVabofFvE8ZcbDfFJ+s
+gGJ1A01+rOginQSRK7qW8x/23E6DKOk/4hUASzmKK49XhLnJtt+lCt3KZ8W0NhQF
+AIuwTY/BPvAdJ3J8EB7RVC2E/8a8FuqzvDUBmDknl6iSW2clSN4QnuyRyO6hLZ+W
+zlrf8IUV04RbPPUH/QLeasnMNAjvzEgk617ShEzUZLkXTXWJD2vDLV9EYQ9IENSk
+PKjhgZ4pvlFIjVc0aR4jDG388sgMDDkw2aAEss48u3E4fatNtQHEHG0yBS6VpIPr
+GyVjuzpSkHONpGcDEjmIpcycP58kn1AFKxoPjA0PvRTPlGc/0Vfx0Kz0g39+XDTY
+bI+kbFEpwdzKKXnZ8svBmbX+y7IxYjt+iWFoiGLQBK3PsE8jXn2DfD/KNnNJECLb
+mYNnrvm/DptGtqqgMIPW1npFj3pYBlULuMPR+nXTAKkmpKMjM38X0zOuZHgGDeaU
+tWly7gfT1y1vJQRScVT0yFXGIUS+kCfI7eGN080CIbNIT/fUVZkUeVj+M8W6kdbC
+6aL3FWaxHjSQ76Il39szxq1s3EjCYltzXpEUdNTF5QHj3C4VqxM1fH+p9BmETUE0
+38NVtBPLpJ9/mKIVU5PRdsclPKTX9nVd9aijA373hWGxYY8+ZlCoLt0ICShqTGU5
+1OKfuMIenONKAl1yyMNSLWNtd5cjnUtrWUUv/MO8kN7lcvhAtF+UOGPI4Ou3+gVN
+j6hGjB0crzDtfkZvhYfnw7V31M6DAcEaJ2uIOFYCekaDQSpY9UTemAgWZroU7Ljr
+472d9hnILmAHMk5a7WQH7d7nBIoRdwaM6xV/Kek8xMR84aB8SxSe/viURAsRuAwm
+fqA4NY2ZWCzDsr8uyf3HnoGsEzU3hein3VyfCJ4JkE3XxrxQbAH08aBAuhPYezVb
+Uj0yD+X6WjxMO5HXF/MrES8Bw5ziC+Mc+SN3KyThQ7KOiBYWJsqd9UIJa/vZQAyG
+tS9jGifuG1XpbdTlrr/ZBwxrPLgEVXjm3jQaWxSm4qI+hoRGhia+pjinc4ctvyFT
+rt93DRX7l9BLKjl1XsKF1gkwR+kFRGg46gc2cA5JGVlGrrfEMjJt0wIvSzFQyWyI
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2.pem
deleted file mode 100644
index eff7ceaf28..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid inhibitAnyPolicy EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kwIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowXzELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMTQwMgYDVQQDEytW
-YWxpZCBpbmhpYml0QW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRlc3QyMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8K1Na64KAEx4DG90CIYdXjn9QXftZ/JmM
-hJ7HZotijcxTLAJ3Sz0718AcEoSXtaXQlkw/PDRF6WOd0BjcLM6qzWEkQTWBWyW2
-EOBRbJ8UY8XRijBsOG7ay1rZEV4bomd/6xnNG6TznXujwmBXQZDp2Voyil8OgJiv
-uf+gY0BrnQIDAQABo3MwcTAfBgNVHSMEGDAWgBSdQJhgCObI/VzR2C8L6gDsGkUG
-zzAdBgNVHQ4EFgQUutY+X7TkU+FzLalrhov3rioWEiYwDgYDVR0PAQH/BAQDAgTw
-MB8GA1UdIAQYMBYwBgYEVR0gADAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUA
-A4GBAK2mBSjdik46DSR2Cn9O53Wk3uL54jZEHmH1jLi8eD7zxOU8eE23HWch+P9w
-swVaUJ4SqZfrgpV4+IJ72AMPGXKnAEn633uoNXbe8KFErSzMe3p+fFI4iKt2tMdG
-yPprehhYqGlG4KK5IHzgqcsfYZc989GcPE+Z679GnioPK8Mk
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBOzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTAgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALXCzoaXAEbX
-pgMPDk3SCu2nzrt+I18MsI4lg/0oLjQAgPsD0np8LOGHMzo3UBtfJtpV0BXCc+E+
-+Ni+ehXFWfA4BXjFc3GdUdJmn7y3F9X7XSIauTE1GSYR2+bMW/IRbmjpMDzldmRs
-WNb40N+jWAxw1h+YN61Pv0MD7Ef2ds0NAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFJ1AmGAI5sj9XNHYLwvqAOwa
-RQbPMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEAMA0GCSqG
-SIb3DQEBBQUAA4GBALhhUDb9VolIM2bKpbpat4dNjGrkOmVT/HvGBl+FGwSXa7Mj
-cLgZ3WygZ9gil3l7X+wL7lM9zKpXljV5WNpX+58RclQ2kK7Yk4qcY0tpPEUn8R4/
-9yg64Nferl/2gn9W79ODU3BiBFF/GiAJJ4SiwvLWl/JnPDoQuJv67IS24+Oa
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:40:98:60:08:E6:C8:FD:5C:D1:D8:2F:0B:EA:00:EC:1A:45:06:CF
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        60:ab:a2:8a:e3:22:04:cb:95:4a:c5:ca:68:46:70:0a:d0:31:
-        b0:98:cc:ad:4b:23:8c:3e:fc:b4:c7:7a:93:0d:6a:31:68:c4:
-        ff:30:37:7b:5c:48:01:6d:e1:85:f7:d0:9b:73:53:ca:62:36:
-        00:5c:29:c8:af:a6:40:62:d5:f5:af:32:a9:4a:b6:a2:a7:0b:
-        cb:bb:72:2e:3e:0b:77:64:17:8d:2d:59:2f:fc:cf:2f:1f:a6:
-        77:83:9a:7c:68:b0:15:f6:5a:63:67:74:b2:3a:fa:74:b8:d3:
-        a9:70:e6:87:04:bc:4c:79:ef:c8:b4:31:70:17:ae:f3:ef:ae:
-        7a:3b
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kw
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBSdQJhgCObI/VzR2C8L6gDsGkUGzzAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQBgq6KK4yIEy5VKxcpoRnAK0DGwmMytSyOMPvy0x3qTDWoxaMT/MDd7XEgB
-beGF99Cbc1PKYjYAXCnIr6ZAYtX1rzKpSraipwvLu3IuPgt3ZBeNLVkv/M8vH6Z3
-g5p8aLAV9lpjZ3SyOvp0uNOpcOaHBLxMee/ItDFwF67z7656Ow==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2EE.pem
new file mode 100644
index 0000000000..9f14a19756
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitAnyPolicyTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: FF 5C 76 C5 E6 D7 F8 0E C8 19 F0 BA BB F8 A1 69 CC EA 4F 11 
+    friendlyName: Valid inhibitAnyPolicy Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid inhibitAnyPolicy EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy0 CA
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTAgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBk
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTE0
+MDIGA1UEAxMrVmFsaWQgaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBU
+ZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvWJ2NltVcIqG8R
+Gd6aAaTkV74OHh22qqq5VisygSWOraY+e/kZzgnHexceST9oUvWxJ210DYysc8E8
+NQsMEQRhJiy0vK2Pweb2q2Uv/DPpelT9Gzx3CuEuxvUvOY7EMYqsTkWkcvCbxJ0i
+/fYxmUJgsb+tdWuggcp1DV6UR1YVZFwFuzwFR6U3NxhkSKh1Aqpeg3rvO9igxaIe
+1KWuNKXb8GsQREEKOxXdRK21wrm7TSq4uhpyTbHb2GjhtAAKb/fiOtfWjibEhANg
+Xd9kxjSYI4npbisd+yYo45gXEDoqFTtxz6YPtR7+dzgVKxOE/Xc+PtXIl/0AT60Q
+Rdqsz/MCAwEAAaNzMHEwHwYDVR0jBBgwFoAUGKCgemr/ap2FgiTNwyaF+L+KNwYw
+HQYDVR0OBBYEFM7BJgyfyIp3q6sZiSd0E+VdkSzKMA4GA1UdDwEB/wQEAwIE8DAf
+BgNVHSAEGDAWMAYGBFUdIAAwDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOC
+AQEAn87EWhrmPNMFRrFS2VTSXUb/3OPnx1eLB918Vo+KY5fwcDGO8WuhxFsszju0
+BShfZnrwj7/Hrc/UdmPbk6RrPq5BMsmpLMwiqpxjqqN7J5C81cXvK2f7V4UX8sVc
+OriHWK8Vt6dEk0CN6Rt2AkkUE+7LrOS92hhLU5Opzyue3ZW6JPLfuk0uER2hKt3r
+POm96ZMVxNH0QAmZUQK03IqzGr+UigLgQA78Kc7qOYqTVc9JGuwu0F+e25h0L83W
+xRYW+BjGWRUfL7Y0uwylS772ZWLNBRac2mrniZJZNIzzr92Bwt5R4w0ZR6cB+C/S
+qN7XKYDdE6V9nwrJt5Wum031lw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: FF 5C 76 C5 E6 D7 F8 0E C8 19 F0 BA BB F8 A1 69 CC EA 4F 11 
+    friendlyName: Valid inhibitAnyPolicy Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1A41BC0974CE034B
+
+gj9OGMPqVjkXcx6+XB9wKtnrs6R0hPYfYyncPTCzWCD4Y8e6yw2TKIEg7nXNQZOB
+hJZyH/I1Dat1LY/lVcF4kauf7546QEwL9m0IW6chsfRJZVt/AQN85zeM6bjidDBX
+H9fK1a0zs+x9btpbqdTRpIsOakUOnB9W0FCAdc6uYxrQ+yyoUXuqvuIMa4H08h19
+qGc3q+3mIpVwvJNO55k9lv2mUxaqSTIyTxm51TtXesKBmTVRUQB+zwsLA4IQPybO
+lGmxFkUzDJo/Sj/1taeDD+Fi0lr5Tz/VssgLJpEQ+CQzENbqpinS7DHFM7GwTwQy
+BhW3Fc2Uof3SU5FSuluJxAdUZuCN2nHZws+sQ7yfqG1M3UndJI67SOE949hP+tg2
+RA5jCQwMYbmkZKiBm9c+fwpHPVglN3KUjkE9wquqJg//VDPkDLVLnTooleNQ5Trb
+5dfM1ZJQA8Yar+yXNUOygiqi6wXwYuxceiFNMlLdi7I8UF/qFo2KiLvUC2lAQ5uU
+YuhI6X2iuuIhZiJqdX4B9Yc6Ha+MojIyfrYHF1haeZogk1GFmVqZdcoIqw/k6cqy
+lkOsRNdTYCaBJYdd0BuJp5wkhsRaAY+TccKa5HFyr+iPG7uif3LlhUWyxEF29/2I
+OdcK9orPTeQIS8mydbdlyo3x3dLs8bF2Ve6O2sXjovXhYAa/Ls5zH2SyjffWhr8w
+OuvzTaeK4ZLVuB/mK67V1giyfRgsj6tJymdxydqMGbunepzK664KDXp04lgnnkfQ
+THZpcVC+/bQeH+tPSEYk5/sQZS5SzABF4ILWiropxdxf5hNnDuiKMu/PaHYO026n
+yIuasY6H5Cl7JG8494ZG43H1D9WEu7ZQkLgLALduCoHVmx/746e+Y93XDvpnzjcm
+BlWslVdKL6SoqRlgz4QuzvZIeH1z8E01wJAGMjzb3nN9UgJ6pJtcR5FZZJ2rDUX/
+/CwE0bPiJHYwClggxHlPMUCCL2fzIOS/UBO1GVa00KEE5e5mJQlAV08uEDIeIsVX
+y4yXsae/fwsQ+lwxf2jKWdePI6pJ60BLm3ees+wb/UidegKfa7Eb1MFDHQDw6Kl0
+zSui/xU1RKpI7fsmpoqDSP7rAyIyMdJCgi8vK+Hx7vYHZPMh4vBKyHX3d2rsMvvX
+vskZsm033TXG3Jm/9umq6nG83YwBKWojxO1d/PFWJgwjVh+zV3KnJuDI5yojsBfY
+hC7VCGBfH0dE+ICRU9lo+xmgtKGnphYp+DyOAgdld4/d5OJxxdY+dfIkUDgdSA8O
+yAfn0Y8UQ1gWIvyaDPA69FkmFDSnhefejj4IsMVNa8daYlMS2wzKqvMNBkD5eaxY
+yHphFOhHLU1nYN0d1msrPqc6nfXkvMZiPxs5G2Y46px4ZZQ3HUEg9RY+YfHtOyZC
+jYWxwNYr30YfzqSZjn3LWAEox9f2FEu6tjv/Wv2xkukNQTy2FwUPa1dxU3uk82tZ
+AdqQhR7JZ7o9AeHn6YimUMMf2XxAfJNZm9p6bASUzmddodqE40D5+tvcqb0ySg5o
+qIAg1/BbFcXPhdGaGrH2WfkH4WcToCo5D4diL4c6jDmbZnYDesWDB00omwMhwfl3
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2.pem
deleted file mode 100644
index c9e23ce0b8..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2.pem
+++ /dev/null
@@ -1,162 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid inhibitPolicyMapping EE Certificate Test2
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBjMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-ODA2BgNVBAMTL1ZhbGlkIGluaGliaXRQb2xpY3lNYXBwaW5nIEVFIENlcnRpZmlj
-YXRlIFRlc3QyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZweShwVjs1qka
-nqPGQOLGlctQ3TXgy/mxMNF5iCtHOwRF1KCW1OU9KloQ3r6+OfgzcZN+flBVpI3e
-jyjOMjfcTTb30YkOQneX5WBmDbG0hNh6eMeguoRuUhkdFGqXR/vCRpMZm54bw85o
-6PrFmUwLluXwBGGzX7qaD0h2mpzycQIDAQABo2swaTAfBgNVHSMEGDAWgBQXeoow
-BvbqXDZADa7Yn7+5vYLMUjAdBgNVHQ4EFgQUGa+XGGh0cFuvb54Rblg0NuJV0T4w
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwAzANBgkqhkiG
-9w0BAQUFAAOBgQCtpBN+M2QdihGfroUS+K93c6X4n5STm0IwsSvGEpOHX2tjLKqr
-WGurbAH8XvIJEsO4wlA6NOHbFEYmSYX1otlMNDKu3vQVTDEB7RJWA04YsUuS4BNA
-B+scXAJEWbvQdkoGh5U+aOmX8yST+HWIbW6XgKQmA3qiO4LsJgdmEDB8xw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpjCCAg+gAwIBAgIBODANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-s4T6CQeTrbqUSlSczfx8iMSRK4ip9F4liS7giqCrZeZYEuP+/XoRZKzqmT3G+io6
-zcenL7cegP9DJnTNuZ1nHEoeJTlhQZq00PD1n33OMK0zhMIirByYBpabztuw1dJ0
-MKKcRzJ1AswgccI8seh2W1FXdFo/vGkDOkcD21Se0XUCAwEAAaOBnzCBnDAfBgNV
-HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUj3Ywg1+jhUuQ
-FB4GBHs3AQUgJmYwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUD
-AgEwATAMBgpghkgBZQMCATACMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgw
-BoABAIEBATANBgkqhkiG9w0BAQUFAAOBgQCXSeQ5mEkpmqCHstAZJbAGVSNrj3ka
-eA0k2v+n7vDeZ+9F8bByDiBBz3RMTqmdZxQ6zroOPsw66HLxv5D7oJImbhyvFrnN
-uxPGh8hvvP67N7UT9cM0RAoIQHmoI+3+o9cqOnTIJWXXPyq5q08yTrUt1lzFyrcK
-wGB7PyQXRRDWjA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
------BEGIN CERTIFICATE-----
-MIIC5zCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm
-BgNVBAMTH2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3ViQ0EwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAMX6LszkJcSryGVxfI4egJDv3zFztB0M+jGHKEc8
-uPkbpVlPSjM2LWqUOks/C1q34lfaC6J5O+V3/DmN7GjLpJmdjBDn7k/aqGeE7XHR
-Wns707M/rcEWxPP/ErMQNIsqSkvy92GtwuaG7wsY4a+KyB0YCdqikJr6oK2Cvhwf
-LmC1AgMBAAGjgc0wgcowHwYDVR0jBBgwFoAUj3Ywg1+jhUuQFB4GBHs3AQUgJmYw
-HQYDVR0OBBYEFBd6ijAG9upcNkANrtifv7m9gsxSMA4GA1UdDwEB/wQEAwIBBjAl
-BgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBABgNVHSEBAf8E
-NjA0MBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAgYKYIZI
-AWUDAgEwBDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAE3ZflJR
-6b/Pwip7bO1ZIkiym+8uTzlT5nx3CF4P5Yyhje4VKVqoAOdljbZoaL5x1Zdd733W
-MxbQk/QP+wziLjZJlnqX+lSxg4wUiSU6mGtDJ1rPwMsbiiVBld7iP5JhFAWoTg0b
-XJ0ZSTHABPtNeMg2desSHwfh2I5WtX3hpXwE
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8F:76:30:83:5F:A3:85:4B:90:14:1E:06:04:7B:37:01:05:20:26:66
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1f:20:b6:9f:f6:68:a0:22:5f:24:73:c0:ac:bc:8b:05:86:58:
-        7b:97:ad:38:8e:70:61:7c:17:9d:38:21:06:0a:72:b5:41:3c:
-        b6:9a:93:77:6f:e3:15:e6:06:74:67:90:b1:95:56:f2:be:52:
-        21:6a:de:f7:bf:d9:2c:12:11:9d:dc:f9:ba:46:f9:92:24:75:
-        ef:83:af:a2:8b:3a:79:da:ca:c5:72:a4:7b:19:e1:a2:f7:02:
-        18:92:eb:a6:1b:74:bc:ba:62:51:d6:9f:69:af:20:34:3d:43:
-        08:e7:15:da:75:79:b7:81:6e:ae:95:08:cb:7d:e0:3a:50:7e:
-        c1:7e
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEFICZmMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAB8gtp/2aKAiXyRzwKy8iwWGWHuXrTiOcGF8F504IQYKcrVB
-PLaak3dv4xXmBnRnkLGVVvK+UiFq3ve/2SwSEZ3c+bpG+ZIkde+Dr6KLOnnaysVy
-pHsZ4aL3AhiS66YbdLy6YlHWn2mvIDQ9QwjnFdp1ebeBbq6VCMt94DpQfsF+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:17:7A:8A:30:06:F6:EA:5C:36:40:0D:AE:D8:9F:BF:B9:BD:82:CC:52
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        01:73:17:d4:24:e8:3a:79:6d:9c:a4:96:74:fd:60:fa:65:82:
-        c6:0a:26:9c:64:d6:f8:c5:01:8e:ce:70:b2:a4:1a:a0:1c:41:
-        df:1e:a2:36:1b:4f:2d:56:6f:ef:e2:fb:e7:84:d3:aa:0c:08:
-        04:44:67:57:88:8b:34:b1:74:8c:57:96:9b:e2:b7:dc:2e:d4:
-        a3:05:41:bb:24:fa:be:2c:a4:cf:be:0a:aa:8d:64:ff:6f:ee:
-        e1:24:c8:06:8e:15:fb:fd:19:fe:92:d6:55:84:ae:71:58:2c:
-        6a:65:53:34:39:20:43:1a:5b:20:41:81:00:6c:5c:10:25:b0:
-        3f:f3
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFBd6ijAG9upcNkANrtifv7m9gsxSMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBAAFzF9Qk6Dp5bZyklnT9YPplgsYKJpxk1vjFAY7OcLKk
-GqAcQd8eojYbTy1Wb+/i++eE06oMCAREZ1eIizSxdIxXlpvit9wu1KMFQbsk+r4s
-pM++CqqNZP9v7uEkyAaOFfv9Gf6S1lWErnFYLGplUzQ5IEMaWyBBgQBsXBAlsD/z
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2EE.pem
new file mode 100644
index 0000000000..e6fcd20b60
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1A 71 70 3E F1 A6 1A 85 BD 72 DC 16 16 EE 1A 80 92 61 64 36 
+    friendlyName: Valid inhibitPolicyMapping Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid inhibitPolicyMapping EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subCA
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMGgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMTgwNgYDVQQDEy9WYWxpZCBpbmhpYml0UG9saWN5TWFwcGluZyBF
+RSBDZXJ0aWZpY2F0ZSBUZXN0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAPDRNocjMpqJS8XXEn2KeY/S7iXL8tNa1sS8X1umBKBSotfKudBZlQFXSesE
+FC0og1Zs0syETNkUA1Wi+0cs+q2B0dNQS3oEzuMhMHRWjj56QtBiTFGwUs6qRliH
+JJ+AAmcwOoMjsD64MFxOPtwAo71i1LAPbDXj9fZSPmQirI9ntOafT0RrZDVQwh0g
+Sh6aCSAh/Bht8BgTaZW4MN/bi/cqv5v8bnFuV0BOgCE3O0frFuwinSG1d69ZOHHK
+qVZ/fRfKNlxflSU0XcbtybYVgsyAoRL9Wq4m3RKsbtDeyqLa5SFTKRCMRw4ZCEIx
+F1OMaeFh7etefe+7zDRW27l+2jkCAwEAAaNrMGkwHwYDVR0jBBgwFoAUqiaUHWQP
+fgW8XWCNB1f8cJVmbOcwHQYDVR0OBBYEFP9zakNg0xu0uUYWu6rUrwVyxJTZMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAMwDQYJKoZIhvcN
+AQELBQADggEBADaelkwjWQrtrmyosROq1o2cNB2pldWpI3chT/c3cn8IpAQMMNHJ
+Ch94idy6x/bzO7R2ZXlL5VCHPJlzDpClEOv8ZGebupN3+AE73Czaxqxrxj1xiOVl
+g5imlIUt7oIjJibpLDVSH7Z2PcY9YK+/A6uaX1kll4oMtCLmoF8obFVp7alj0Hzp
+uVpVfEq3I0dRLGLJCuOg0wCoyLtjV+YGp+uXXxYWBZc3CbxE1sVJ0g8D1JYLj5eq
+uyj3Nmplo6T1c6i02z4LDtl81umgQyeH1JPijLH094G12i5L50QevtqQ6ifmFHjP
+24mHZ/b0BatgDap0gy+JOYrPj0op5HrnU7A=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1A 71 70 3E F1 A6 1A 85 BD 72 DC 16 16 EE 1A 80 92 61 64 36 
+    friendlyName: Valid inhibitPolicyMapping Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,345A2F34C9598F64
+
+XfvNEKO6RJq11Po3l3MB8Iv0E0gzRwfLPEJOIiKq0Dl2emB4Myp4dlFMdX6HgmSB
+Nec+QWQHsV+t2koSF2SlwNFMzMhHX8lUDjYN1pGDqodXhaqUb2lbvtmAud/O9Nth
+40jd4kXq+OGgjKmmXIOlLdjVf4DoM6k3u1TVdtL+6lEEKojO+EWxl2TWd4/0+4GU
+LS/qK802foNZk1FS+FSxMrEkoZshUWmK8qWFID5WUdM8Afi5l9LX4s1edNIzFEq4
+8f/btdMrEpYI7q/MmuMNotiH5DVDGXKd3Lj+mHeDuzjtmjC+KbDBX/SPyqJN5nav
+P+3TtTDhKvKnSdMF4+Zn1t3DzAE4gDZcHwqTOraDTAS4Pvqrc+U9AMG4STrcQ4Hs
+BCWPwX5AakSNhChcpILJOMKu/Y6MNHUXMboE/lJPCF39sM0aqUUvg/9oCjqcOHVa
+OdLhIiSJesXCjXvYszQocaSLexiIbEqszqQ/2zyjCPNFEILycRTOhQo1059+8BcH
+F2toqctHo8AdfbLFmns7xrTiV03r1tbUV1RYd5qIvqoR4IWlNobmu/xzBRyrz5A/
+otiGuTzM27FzO2Igc1IdMgN5WFM2znywlWFf2IY7vKZ+UlNCeNqHnkQ3YiokdrmH
+thKTiOTsC7CkBD67jFBFkHYBatPE0Po43K8ZFjMzLkmKcay7Pq74+N20TivWpgqW
+dxQgBWkibe/bO6UNf1va81Z2z4MtlNOkagajWaLNBTYTdRrpAUKTqgV2WejMaMti
+KULXKiEKhJ/M+74q7Med+OHkIQpQEpCuuSc7VfWsrcSIXqNj/aCxgSByci9k06c0
+K8aGxAYSFP+mr9EzoHeTo1kb79grgilaSSuwopwNoE9jfg/yMtU7oIvrnH7biqwb
+4aaLSaSqrN1HT/6ACBOIHlnmvwzQh7rSxiuWO5A+6COUDvOmyaiadifUlXMo9fcv
+M7mn6yOFzjSZ1uKXGgyh9+uATmu8Wf/zeEoJtJIrE3Fv2Ibd9FiqmRwdVyilHrYk
+8Mmdsrf1AZ5qNXYEYRSZYSX7+HRLniO9kXbbGtIrNB7bRkTdX33vQy5EQ3xKatb5
+X/6diAv0Rn56LoyNWmmj/khZnrTUbWrykzaTLvV5Hsq+ZMD+huxLCfLN/Hu8RDDk
+K2YUUGiJocv8mv2AtH5U7KNPE+tzEAB2dHTT978k+eS2Sv6wXZj+alsPOWXvKF+4
+BdWatrC8wi14KhZafV4AoRa6VMbe/e60gZ5b2DvDtJ3znYHv/UMoOOToV1OkiSDy
+n86YnswIwCNL7SEaMXlr1R9RX8Lk3GJY4Dt9btKfsFCu8esjh1FVfMQaWLaTe3fq
+9Pzmf9/Jp1/5bPby5rw2hcEmRj360Pc5J+CeloLyb5PUhjjtiEUM0/EsLBSROnVx
+AkdZRCqVvxK9vVQanxvvWeQ6ROWffSLzcPdIfyV4tP/7+Awwj8OZBgUlqPeCrTlW
+qu/3kjSo1slpe9TXGGqQKT2j4+0CvNqWtAmSUg0s807KTSq1Hn8HxPo/ETgYaMUi
+dF46SXGfZ6b/wIcroki51SDDyTKRcZujP0kwmkv2prL+TUMe/kVYHTn8h/xB5gpR
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4.pem
deleted file mode 100644
index 21d384e81c..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4.pem
+++ /dev/null
@@ -1,216 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid inhibitPolicyMapping EE Certificate Test4
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA
------BEGIN CERTIFICATE-----
-MIICmjCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5
-MTQ1NzIwWjBjMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0
-ZXMxODA2BgNVBAMTL1ZhbGlkIGluaGliaXRQb2xpY3lNYXBwaW5nIEVFIENlcnRp
-ZmljYXRlIFRlc3Q0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMMwNGdAJ0
-vncWniYOninmdOvqbWTU+G3jPbZ4uJULmhWBvap0Hpq8RSJZ8wprenFgK2/epICj
-uFtJZyEtG/3A8PZ3IHYNkWv7srclGdUlotObulycoDHBn9LXI+i/CvUNGvFJldlm
-kQOxqy1Qhto5Gj7cVWa4HiEYfx+7HJPR2QIDAQABo2swaTAfBgNVHSMEGDAWgBRa
-k0vvlp6uPkMWJqQYHnmLouabITAdBgNVHQ4EFgQUFgpn09iEBzTYWYmTqi0RWeEt
-CfYwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwBDANBgkq
-hkiG9w0BAQUFAAOBgQCCP6oScMpFs5Ak3jAfJkXhwpzciLdF1Mtq/SO8auu0mZ6a
-CfrKh6JL5kshzKbZFbRYqkIidQNW42Iv4et3yLhWZvSVoYkP+EAg0dMs9/Arw2C1
-pqRc5a2mgi1G182TWgEh9rMZDvYPdD+FrzZU55bLtSlt9L8o9y9vz6+dE2MrLQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICpjCCAg+gAwIBAgIBODANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFAxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczElMCMGA1UEAxMcaW5oaWJpdFBv
-bGljeU1hcHBpbmcxIFAxMiBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-s4T6CQeTrbqUSlSczfx8iMSRK4ip9F4liS7giqCrZeZYEuP+/XoRZKzqmT3G+io6
-zcenL7cegP9DJnTNuZ1nHEoeJTlhQZq00PD1n33OMK0zhMIirByYBpabztuw1dJ0
-MKKcRzJ1AswgccI8seh2W1FXdFo/vGkDOkcD21Se0XUCAwEAAaOBnzCBnDAfBgNV
-HSMEGDAWgBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUj3Ywg1+jhUuQ
-FB4GBHs3AQUgJmYwDgYDVR0PAQH/BAQDAgEGMCUGA1UdIAQeMBwwDAYKYIZIAWUD
-AgEwATAMBgpghkgBZQMCATACMA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0kAQH/BAgw
-BoABAIEBATANBgkqhkiG9w0BAQUFAAOBgQCXSeQ5mEkpmqCHstAZJbAGVSNrj3ka
-eA0k2v+n7vDeZ+9F8bByDiBBz3RMTqmdZxQ6zroOPsw66HLxv5D7oJImbhyvFrnN
-uxPGh8hvvP67N7UT9cM0RAoIQHmoI+3+o9cqOnTIJWXXPyq5q08yTrUt1lzFyrcK
-wGB7PyQXRRDWjA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
------BEGIN CERTIFICATE-----
-MIIC0zCCAjygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgc3ViQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1
-NzIwWjBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMx
-KzApBgNVBAMTImluaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3Vic3ViQ0EwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJiRgbTlXD7Tr33rE8bkM1fLhA/0RcC0
-n6UIcVb6xSELqRqVIpXK2C038i/3Ta6+eoiCdjT6kvQwsM9uMBJnB7uePzDzpkSE
-G3Php6MSbnAO+6LPrGFBJ0LNo6yXvsV3HQ1Uwh8iND8Yt37obPJ05PzfU6hSnMgV
-47YDMrmE5h+5AgMBAAGjgbMwgbAwHwYDVR0jBBgwFoAUF3qKMAb26lw2QA2u2J+/
-ub2CzFIwHQYDVR0OBBYEFFqTS++Wnq4+QxYmpBgeeYui5pshMA4GA1UdDwEB/wQE
-AwIBBjAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAMwDAYKYIZIAWUDAgEwBDAmBgNV
-HSEBAf8EHDAaMBgGCmCGSAFlAwIBMAMGCmCGSAFlAwIBMAUwDwYDVR0TAQH/BAUw
-AwEB/zANBgkqhkiG9w0BAQUFAAOBgQCh/ZM7m2L0OxzF6RXxeVUhY5xlTjRO0HGd
-0xOnDkOesSYfCI4gUflMo6/T9Ot67Vnb9mgzwWSEXB6g2R22/3DVR1ord/UgZFKe
-w4llbMnwRS5e3zjqLGsLeWk2ZdyjoD2vmKiFBiX+rlHvaLk+5xYcGEfOupTVqWMO
-OHuz9iinWQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
-issuer=/C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
------BEGIN CERTIFICATE-----
-MIIC5zCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xp
-Y3lNYXBwaW5nMSBQMTIgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIw
-WjBTMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAm
-BgNVBAMTH2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgc3ViQ0EwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBAMX6LszkJcSryGVxfI4egJDv3zFztB0M+jGHKEc8
-uPkbpVlPSjM2LWqUOks/C1q34lfaC6J5O+V3/DmN7GjLpJmdjBDn7k/aqGeE7XHR
-Wns707M/rcEWxPP/ErMQNIsqSkvy92GtwuaG7wsY4a+KyB0YCdqikJr6oK2Cvhwf
-LmC1AgMBAAGjgc0wgcowHwYDVR0jBBgwFoAUj3Ywg1+jhUuQFB4GBHs3AQUgJmYw
-HQYDVR0OBBYEFBd6ijAG9upcNkANrtifv7m9gsxSMA4GA1UdDwEB/wQEAwIBBjAl
-BgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBABgNVHSEBAf8E
-NjA0MBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAMwGAYKYIZIAWUDAgEwAgYKYIZI
-AWUDAgEwBDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAE3ZflJR
-6b/Pwip7bO1ZIkiym+8uTzlT5nx3CF4P5Yyhje4VKVqoAOdljbZoaL5x1Zdd733W
-MxbQk/QP+wziLjZJlnqX+lSxg4wUiSU6mGtDJ1rPwMsbiiVBld7iP5JhFAWoTg0b
-XJ0ZSTHABPtNeMg2desSHwfh2I5WtX3hpXwE
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:8F:76:30:83:5F:A3:85:4B:90:14:1E:06:04:7B:37:01:05:20:26:66
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        1f:20:b6:9f:f6:68:a0:22:5f:24:73:c0:ac:bc:8b:05:86:58:
-        7b:97:ad:38:8e:70:61:7c:17:9d:38:21:06:0a:72:b5:41:3c:
-        b6:9a:93:77:6f:e3:15:e6:06:74:67:90:b1:95:56:f2:be:52:
-        21:6a:de:f7:bf:d9:2c:12:11:9d:dc:f9:ba:46:f9:92:24:75:
-        ef:83:af:a2:8b:3a:79:da:ca:c5:72:a4:7b:19:e1:a2:f7:02:
-        18:92:eb:a6:1b:74:bc:ba:62:51:d6:9f:69:af:20:34:3d:43:
-        08:e7:15:da:75:79:b7:81:6e:ae:95:08:cb:7d:e0:3a:50:7e:
-        c1:7e
------BEGIN X509 CRL-----
-MIIBSTCBswIBATANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJTAjBgNVBAMTHGluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8G
-A1UdIwQYMBaAFI92MINfo4VLkBQeBgR7NwEFICZmMAoGA1UdFAQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAB8gtp/2aKAiXyRzwKy8iwWGWHuXrTiOcGF8F504IQYKcrVB
-PLaak3dv4xXmBnRnkLGVVvK+UiFq3ve/2SwSEZ3c+bpG+ZIkde+Dr6KLOnnaysVy
-pHsZ4aL3AhiS66YbdLy6YlHWn2mvIDQ9QwjnFdp1ebeBbq6VCMt94DpQfsF+
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:17:7A:8A:30:06:F6:EA:5C:36:40:0D:AE:D8:9F:BF:B9:BD:82:CC:52
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        01:73:17:d4:24:e8:3a:79:6d:9c:a4:96:74:fd:60:fa:65:82:
-        c6:0a:26:9c:64:d6:f8:c5:01:8e:ce:70:b2:a4:1a:a0:1c:41:
-        df:1e:a2:36:1b:4f:2d:56:6f:ef:e2:fb:e7:84:d3:aa:0c:08:
-        04:44:67:57:88:8b:34:b1:74:8c:57:96:9b:e2:b7:dc:2e:d4:
-        a3:05:41:bb:24:fa:be:2c:a4:cf:be:0a:aa:8d:64:ff:6f:ee:
-        e1:24:c8:06:8e:15:fb:fd:19:fe:92:d6:55:84:ae:71:58:2c:
-        6a:65:53:34:39:20:43:1a:5b:20:41:81:00:6c:5c:10:25:b0:
-        3f:f3
------BEGIN X509 CRL-----
-MIIBTDCBtgIBATANBgkqhkiG9w0BAQUFADBTMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKDAmBgNVBAMTH2luaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAt
-MB8GA1UdIwQYMBaAFBd6ijAG9upcNkANrtifv7m9gsxSMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4GBAAFzF9Qk6Dp5bZyklnT9YPplgsYKJpxk1vjFAY7OcLKk
-GqAcQd8eojYbTy1Wb+/i++eE06oMCAREZ1eIizSxdIxXlpvit9wu1KMFQbsk+r4s
-pM++CqqNZP9v7uEkyAaOFfv9Gf6S1lWErnFYLGplUzQ5IEMaWyBBgQBsXBAlsD/z
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitPolicyMapping1 P12 subsubCA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:5A:93:4B:EF:96:9E:AE:3E:43:16:26:A4:18:1E:79:8B:A2:E6:9B:21
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        64:90:80:33:7a:e3:e8:e4:66:09:4e:4d:1d:ae:cb:f4:f5:b2:
-        ea:4d:48:24:be:04:8f:39:9e:c1:da:6c:14:fa:0a:a5:be:47:
-        84:19:27:c0:3e:15:ab:18:78:71:0e:93:e7:6e:c8:05:ea:f2:
-        bd:c3:7b:fc:52:04:be:fc:b2:22:80:81:35:b3:ab:57:7b:23:
-        ca:39:66:ed:47:19:cd:1f:2c:ab:14:4a:28:5d:23:ab:24:7b:
-        e3:51:bb:78:79:05:20:25:ff:13:4f:c5:d1:2c:e1:67:b3:e4:
-        29:35:2b:1c:5e:aa:01:17:aa:49:bb:04:66:52:a3:1a:7c:0b:
-        f5:57
------BEGIN X509 CRL-----
-MIIBTzCBuQIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKzApBgNVBAMTImluaGliaXRQb2xpY3lNYXBw
-aW5nMSBQMTIgc3Vic3ViQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqg
-LzAtMB8GA1UdIwQYMBaAFFqTS++Wnq4+QxYmpBgeeYui5pshMAoGA1UdFAQDAgEB
-MA0GCSqGSIb3DQEBBQUAA4GBAGSQgDN64+jkZglOTR2uy/T1supNSCS+BI85nsHa
-bBT6CqW+R4QZJ8A+FasYeHEOk+duyAXq8r3De/xSBL78siKAgTWzq1d7I8o5Zu1H
-Gc0fLKsUSihdI6ske+NRu3h5BSAl/xNPxdEs4Wez5Ck1KxxeqgEXqkm7BGZSoxp8
-C/VX
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4EE.pem
new file mode 100644
index 0000000000..6e38b01882
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidinhibitPolicyMappingTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 6D AB DC E6 32 A2 D1 1C CF 1D D4 69 DD AE 5C 0B 5D 14 96 94 
+    friendlyName: Valid inhibitPolicyMapping Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid inhibitPolicyMapping EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMiaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTgwNgYDVQQDEy9WYWxpZCBpbmhpYml0UG9saWN5TWFwcGlu
+ZyBFRSBDZXJ0aWZpY2F0ZSBUZXN0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKYL62yu7+fSYzmj0n3w6uGjjzv62IQV/CL9BECVjokjFNxU+tfm3Mk7
+Db7JxnHMEKR8jY4KvRmsaNSUe/3lK1VG4AFNzciYw4eDhOOLr5Kkx6EE3nbiWLiH
+eE7CDRe68kwiRf71K4sUuRtHFKzYq78O1LY2fbYQoudnVbMs7JGj02nVqBA7M9iR
+JKu6V6R/9EdSQEI7SFQEOJcnlIOkdL3Y5zYQLmXvoQ21RACpbPTrt4VFLQ9kUgdV
+IwrIdD1qunbkbNTiaIjLcy8duhKBVx1m20MFY3h1uQc7SsOedEtCX/XA6a4GUZnA
+TwBBiNePmhJUcN3P+35i8GBfin0K47kCAwEAAaNrMGkwHwYDVR0jBBgwFoAU14Bc
+E4uOQXa6CrVzceijQIB0DtEwHQYDVR0OBBYEFHcvegxzhgIyUXHqaXOrOMLRpwmi
+MA4GA1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAQwDQYJKoZI
+hvcNAQELBQADggEBALkd6aOI5LOFb4xsYP6dSJe1DNfieEU6gmjHjphXiz1VXbau
+0j1lqcxNj7GiOEThH6C9rgQ1DQmEt1DQrj4byYgnoMOa5fUwK5r3Mw+r+2SIGbyy
+wvu6Sy1zdJ3OGymchuIfVXeaXgku/Uhf/68xSn8yw0HW9SEKe8ZDVZKTCXPPqnLW
+FbD4xjBHXywSXlRlohLRuk9Rparq2Q18Qat4TOf/M1FjdxrToK+HRSfNw3e7cHQp
+gxIvCK6mshrc9ojJ0aJRxvZEiM1W4/Twn8R+1sdWxKxeSfdz0Sl0jBHBVY/CqWKc
+5Xh4d7lLxwItJ60kyVbsrsGeRJHtY1jyMQ9T+1U=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6D AB DC E6 32 A2 D1 1C CF 1D D4 69 DD AE 5C 0B 5D 14 96 94 
+    friendlyName: Valid inhibitPolicyMapping Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F3E31AEC3D5768E3
+
+9UUHfnUhE5QAbpko68+WMXCmLsSpLQ9yYiXhguUwoxnoHWxtKo55PaVJnaHlod9e
+2iy8dSot3h+LNM+GZ8I/OmpzGrEa/GMCO4QhXhwRnRcyifFy3MKFPpO4MJUf6sJ/
+1+Qj2j79kQ738etkvc7qFmJlp81/cvIOybSMoAvFwGfkABqVRXBGSM12UkL5vBg5
+n//GvEP8vJj0P/luK2OS8TSVH/pNeRN2k7u7eA4cYssb7zWyD+xUKFXlNSKoiStt
+506bbXuPDv7EjBDi0VU2Xdh8oPU0guLOh3G06Y60WbfA+rrM/fbw3J+hVply8vCx
+lI5J8YHhsReSsl76dpnocfjaXMj+K9vZX3fgDDEu+1Xwo11X1ztHXPPNPVRFgb5Q
+iY+ERzFwJykapOmOSuHAK7trCnNhGwvOgmLuBe2iNl/c3nom4hQrwIP5fxavOdjC
+6fuXN0od1V6agr22OZOM2dp0YcCVlptNIicSNHxB2YyngEmaAICtB4IdwfeTmcGD
+FS3sdRQi/BdqgiSaZtrexYDu0d7//Mujk4W8MCK9m4Z2BZDyYBEYLGcr3c7lWRyV
+cvWOz++X3Kwe3ENpZEHA6dYFgXWnBEyqAajjGamfVTi1eool6WoAYQ4ngPAX54LU
+Fm9FiQueCnWgrBIWt8BJBKThikOk9fy5gvKWSx7Lz3BipsBYf2k2jvG7tCFopIdj
+HNSfq9nEiWQ/d6W7vEdImu9geJxFBbNhmL/NQS943OL/GEESKzz/UCcJ79XhSqL9
+YO5xJe1KYwnrDstkuwTsxJfXyOCQaOCTkELTwzxz3B8gP0I7gaF/I4g98NND3Ldu
+prGNzXUkbxr/OS3jbk30wn7ro7KlEWwsN5E1Eac8Xeqxrp+2g6S+8ysSCVcmnTg/
+JZoNNCJI4my6wN39Vo4070m1hyj4JTVz/V6SFGFn6ssSgkrfNPLz+6+2lGsP/k2S
+2FByK20cjGTVktsXSm54lujU5Sb4Matlomam/hWRwgMC2emrLnkApE0XpKobBHg1
+5D0S4qBccKGaz0/zcCFvt9wCyVn2bx7GhGSNZtggw8lJmjYV6bXVF/G4hm3RLl1Y
+6XD9RvjEZxLgfPHcxYbm7hTvlw1j6kE76rAqFJMXQpQvuw+Ze37PQK/ABBo418I4
+zNDQeMw7iDlxdiLg0ylWI+6vua45cRUW1Hu2JbLfWs6/7pOLMSswrYz5I5N6gZJk
+c//BtzkJwe78Bft1bYDv4M8WpbUg3x5KvzU2K4qXPmlpcVw4L/L0VS5ADQeU1Ubh
+joUHTk4sedh0ge+lYaTI8Pj3gjsL0Ynxl9WIlDvr7ggL2kxuCZbDpyHojaPDu0cH
+4Qxp1AJos6vGAYDBH5l7Pe04as+BswfEPOeCW8YykTCT6pM16UUY9mR+ZIdZMiMU
+dMt8UbeF0qB3jyjER6ALP3K5v2Jx8GPWV52GbD9oBoFkguK2scM88EWcIEWa1sAC
+2khDcVRBsA27sVWGu+QgdEYQQFEH6oPMG0/NBE42T5FSrnFXtRH5061uEt5w3ROg
+bgT42rD4G4bP6Wsa6JCNDwTNXhIWujiTVkchvSuOGXV70y8cI+E6Hw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3.pem
deleted file mode 100644
index 3183499812..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=keyUsage Not Critical CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICezCCAeSgAwIBAgIBHzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEwxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEhMB8GA1UEAxMYa2V5VXNhZ2Ug
-Tm90IENyaXRpY2FsIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYlAJy
-nnvLn2glPjCkqnWzCC/bxT/ypoeW3spfvzi+AQuwM+d/bNL1ZouAnps7JPpf4VHp
-ZvSGjeCgLpCvDjnUP6tG/hkQBm8CS9vaqg/65FoI/MpSMHXmVJ9CgUjOkjHp1g47
-2AYniw5lRztaH2tCN25WqZFzar+vdhQG2ZkJNQIDAQABo3kwdzAfBgNVHSMEGDAW
-gBT7bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUzyqhpf1C4jO8MypNmHOz
-2PtVvNgwCwYDVR0PBAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKS4oBKhFhU5vxr4Z547N5er
-YrYR5JU75QnGUZjv7JYCXydlJVuvIhZptrzG/wevhz2VgNSbk/wp8Uw+ra3eqqlq
-QjVFQukh0F4GKMBaiFZ1HUEGILLIpeEq0Pn70Q8EE0H1RsweW1P30qaXZE9050m4
-7h+is62/EaaT31RpTb+G
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid keyUsage Not Critical EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=keyUsage Not Critical CA
------BEGIN CERTIFICATE-----
-MIICkTCCAfqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGtleVVzYWdlIE5v
-dCBDcml0aWNhbCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGQx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE5MDcGA1UE
-AxMwVmFsaWQga2V5VXNhZ2UgTm90IENyaXRpY2FsIEVFIENlcnRpZmljYXRlIFRl
-c3QzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQifnsA6fOmILXLNZeSJEf
-D8ON1YDI4FjDmGqG8Ob1ITgAWPfxJcWgQXqRwzn/1NXj0faYKeVA5j6VZxSCP7Dz
-D6ZCeGxjgcF1lNF2dqZh268sSsW3ZiesNQ+wG9zaF8YNWvL8iqICgMrjVqdiFbiD
-X8N15gROcCA0lPuKiqlJlwIDAQABo2swaTAfBgNVHSMEGDAWgBTPKqGl/ULiM7wz
-Kk2Yc7PY+1W82DAdBgNVHQ4EFgQUHw6xfNRi0j5jpx9vVSQlS+45UuUwDgYDVR0P
-AQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUF
-AAOBgQADtx2GVXZR3dxm4aGGrvmtdkDkj/20o+75/jzMHss7prirQQdShNtqL02F
-TL2y/PWCf6QbDQgcakwPDez60a7reZ02JKUtwKCa4VJf86gy3BDKKhm+msihYgCj
-ZzkYwS9CoF3dRup5ySq6dvAU6gVzPRJZKOf3MIM/3Vo9hUtmVg==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=keyUsage Not Critical CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:CF:2A:A1:A5:FD:42:E2:33:BC:33:2A:4D:98:73:B3:D8:FB:55:BC:D8
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        3a:4d:11:cb:3c:14:7e:17:ec:4f:14:72:47:1e:98:fe:ba:02:
-        2c:79:4d:2f:5d:e8:71:fa:35:d3:7f:26:b5:27:1b:23:c0:12:
-        8d:c5:9c:f7:e1:96:71:d5:7c:6a:e4:40:ed:7d:46:28:a1:91:
-        99:ab:75:2b:61:a5:c5:4b:d1:63:10:bb:95:bb:4c:ee:a0:8a:
-        8e:d6:65:14:3c:86:f2:11:8b:0c:4d:6a:3d:e1:a9:e6:12:28:
-        69:87:1b:eb:e4:9e:d1:45:5c:dd:2b:2f:6e:55:72:e2:69:cd:
-        88:84:b1:c5:5e:86:44:10:4f:ce:ab:a4:b3:ed:c7:03:58:84:
-        84:cc
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGtleVVzYWdlIE5vdCBDcml0
-aWNhbCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUzyqhpf1C4jO8MypNmHOz2PtVvNgwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAOk0RyzwUfhfsTxRyRx6Y/roCLHlNL13ocfo1038mtScbI8ASjcWc
-9+GWcdV8auRA7X1GKKGRmat1K2GlxUvRYxC7lbtM7qCKjtZlFDyG8hGLDE1qPeGp
-5hIoaYcb6+Se0UVc3SsvblVy4mnNiISxxV6GRBBPzquks+3HA1iEhMw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3EE.pem
new file mode 100644
index 0000000000..6a4f159be3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidkeyUsageNotCriticalTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 19 E9 F8 16 84 3B B1 8B 16 F5 45 FC D0 35 AA A6 0C 8E E4 E9 
+    friendlyName: Valid keyUsage Not Critical Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid keyUsage Not Critical EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=keyUsage Not Critical CA
+-----BEGIN CERTIFICATE-----
+MIIDoDCCAoigAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYa2V5VXNh
+Z2UgTm90IENyaXRpY2FsIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowaTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExOTA3BgNVBAMTMFZhbGlkIGtleVVzYWdlIE5vdCBDcml0aWNhbCBFRSBDZXJ0
+aWZpY2F0ZSBUZXN0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALez
+B7zAQcz+cwTNzcRbXADc2II98d2UkCim1OerlAh4XSPePFqkPmCcuijOF1vTFsxc
+eUBcnBHO3iH6Dw6LBoJF8f4slPhGVzTtmXjD/0N1/x70ypCbNHeCv1Lxfn/M6Ufi
+bYEYqZnL4D9i6pRWU6UcjRRWfoX8zEyTdShPLhxIUovvEwStmd3ISQvgJKLEbAJc
++EEPA1k/bcXJEf3VVhmx0kjNTqWXJP+X+JfG4i1AmyhwRDbXdwND2lzPOizThff+
+4gBaxJB0cdW7wHwqrnSTQmFOB4vSkgQYFHxgBplJ2Eh1t/AyokjI9imz06VmfhFk
+kyuRvGqaxBD1W6zY+bsCAwEAAaNrMGkwHwYDVR0jBBgwFoAUwZARStm0K8Vwfs6M
+O2JY5buXK3MwHQYDVR0OBBYEFJ46eWPPLst3JdrmpRlWguBUS9GrMA4GA1UdDwEB
+/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQAD
+ggEBADfZpIsEnc5hM5JwyXKi3HdQMCwHRQvGadMNqh/3A6SSIWJwU5+8WeorwD1Z
+SikyE+AXC/cOfSEksVjrCWY3ezWVF99+jaQFqgE8lcws1LlytaN6sRY7AdEoQUhQ
+r+YawAvNZgbkRRB8LvhWUWK/66N8rkVFJVahJCcfEGzQdNBryag9SQrcqYigfV+D
+Ysob5iuSOJAoGlnAtHVtOwogjfZ1ZQy//P4yJ+IbzE3u0kHMTTqUrIeB1RWqy1YQ
+QTpnFVcmuI0utFmhEDYz7w5ktTQor7cwojxc+NpA8qzvRn6hiIeqemqrYIFAzhc6
+EI38iiO0ZAhjvDBgsERMLmKUTR0=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 19 E9 F8 16 84 3B B1 8B 16 F5 45 FC D0 35 AA A6 0C 8E E4 E9 
+    friendlyName: Valid keyUsage Not Critical Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5BF897CB9FF0385B
+
+P7aeEOOsC7LxvND9OuJqHbesUzf/CpLspAdxh+2XwRPZxLxbATA5FIQX7o75EyBT
+JoLMh1eBm4n7nMW9o8O0YX6u/1LpK7+T/yEl4S65xJNw/gcdXTvzYY1VSN9gCY9d
+MI2XZuLpXGNcSTnAIqE1RRGJ0aPoejR8/fIR1++qcSYUtPwKn5dzMo3JkT4NFU9J
+Ux+YuBrHLo+hk9ymZ/MBSb13Vz8sxpNJo2W/zidhrvDJRa1qmfAtSXsdu60n7O6y
+7gspxrOsFeORgJUrW9ITM5QdKBZNEgBED5IoB+fdRI0FwF5HGziEJwYujPYcldeo
+8T/1yNzo5fZ8HdINL3KJYMpFzo2EnE7ZCxhGEjtUC4UUSfPsdTi2mlNRVK2hQ+UN
+Qc30hicM57tne1Zth5ArQCYHV9wM6bOIzdERJnBD8bDlyXW2iDhTbW5BMn6wvjGi
+7zdot+zxlsed1hHdyHLkiZHxTlKHI7hoMjuwROaTNRcnARl3aiStMLYoBvk9Y9Bw
+ZFivyK/b73C+jXAs8TmBLfJYqGkgGwB/CKbSYNYpm/F1j6nP20zvwetwr5TqlNze
+v5pV2jN+ZdDlqicjmHcLspqJJrtstD/PiOOWyxT/5jUmFZsK0tgnDUysDhwdoRjO
+tdMBqf73SZ7HVFVYmY2dajBhsuieOg5aNts5vWlp9ENxkCnC+lSxPamXBQ12EDtd
+Z8QTEwPndaXoS/NZ4O+LFyuCRaB9D0V643jAaVmEb+MHii5oihPk83a/ZcH8aoLh
+GMkyn1UwVoKwERGcGvYBXZt8Tb4FtOkOwM61hVs3S0lokQ/kaLl83rygJvdsiiRu
+mah/PKWVsKujJ4P2YyXwDmDTNO7KNYZU/O5E2fRsLxFP+qAwB4GpuDDcbKuIUQyz
+gu4vFCxrWLRZC4VW8B5oYhs6JiErVhg9bwbKsToUvyC+FeoyJvxnKiE/jJ1KeH1X
+hEPhPTu54YNaE+ccHTXDp5fDJboSdz0nZ2Ktjecg3UEBVayaaw/zJzUE0oOF1fxG
+Iu01RTEH+0Qx+QPrKHfkwSiD9ZXWOY3bebstjNrWF5sm5rtHILiTU4q830dyKFxl
+KltqXgKzRHBkMFbJNVQHQ6FdZ5e56KFUw96YymDWspTklrP90xbesOPPpTKPxFeV
+XPwN44tVN5j8CZIIhf0lNVRJDGBMNuT0ffr6q7poqb48nGfkoge1g26h8Bj1L/1x
+yc0ceL2yWXiEeFoUz8XU3NEyLSJlBwTFW1lHz687CiqkwGaliNon+N7Il0wSgbRc
+iVKom2OBQAih5aJId98xVg7/jpHq2Z1I3mrwq3cTtlXy4j9eViXKSwgsDSK+G0mJ
+HPRDF4Omw3fIf65M7BcuiAs352AQnlu5wG/+10YL31l1OW3NN8TOKhor2RX8+JXP
+sMiEsJhwyBy0X3LKIlKwaQuQQwcwvvMzBY54hMocqUJtSkr0+pX5TniAIbf6/pcS
+jDdbz9dakfMNVB+TFnWd0jh6bAYLLf6jhH9034PDc2vJCThAZor6Kw04uccpktya
+3O3dOVeQpjhKfQ9nOiqVoF9XXPAHIUEuDXRFpuSAPVwbSKPr2AnOng==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsCRLTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsCRLTest13.pem
deleted file mode 100644
index fc640e8409..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsCRLTest13.pem
+++ /dev/null
@@ -1,112 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=onlyContainsCACerts CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfDCCAeWgAwIBAgIBTjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEoxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEfMB0GA1UEAxMWb25seUNvbnRh
-aW5zQ0FDZXJ0cyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqP8z3Y0v
-UCVXIVXCpbr+dcdoZFi0UZQPvl77hqqVORSs9FefV5mTeuoDDfhtUYa+O6Wzh2v/
-Yzv1MzPQzePG3eho/6CLs4pzqVWZDzYTG6OXubjPvYT10WykqfaWuivcn5YxbHuA
-cRitNsBAvY1Nq/kPDtsPJz1t5+PDRVO64gsCAwEAAaN8MHowHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFPOhB0Zne+mPWavrVYaTyKzk
-VbcYMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQDGkMUjQFfto4SQpRJ2fAeU
-qXp2dn4kt+s/ITPOIykUFaybQ6eaGRcWN4kTi7IufbSeI7lmaa4SC+bq14tfSf/w
-gJSpwu58pIbPHKN0IgB+9S8eRS8wmB4HcBflmNZz/NX6wJzwJt15ZC+gek+eZGUw
-Qck6L9wt5i1wMFyRwBmAHQ==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid onlyContainsCACerts EE Certificate Test13
-issuer=/C=US/O=Test Certificates/CN=onlyContainsCACerts CA
------BEGIN CERTIFICATE-----
-MIICnzCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm9ubHlDb250YWlu
-c0NBQ2VydHMgQ0EwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBjMQsw
-CQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxODA2BgNVBAMT
-L1ZhbGlkIG9ubHlDb250YWluc0NBQ2VydHMgRUUgQ2VydGlmaWNhdGUgVGVzdDEz
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCleZwZx1DWjtQUI6sccnzSSv3J
-scTabLlHXVLbXj57OzT/9XuVVLkRe6ZB95/CCO8YM/bYdtmJEwtT3S7J7jaSI1XM
-NBi9E5Uc2y6RXOEZ4dL8LFJjZYIQNbRUgg2o5rtJ55N7Hp/uA5zJYKH9wtNBXAlj
-i0eULWMWi42zHc/w1wIDAQABo3wwejAfBgNVHSMEGDAWgBTzoQdGZ3vpj1mr61WG
-k8is5FW3GDAdBgNVHQ4EFgQUQrE9JN7MpRBHp0VYS792Fg2IxOMwDgYDVR0PAQH/
-BAQDAgH2MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/
-MA0GCSqGSIb3DQEBBQUAA4GBAI7d4izaGul72X3r0YD8tjwHlxMMBg7/4nO6PrJd
-+blNKJwn/eqMJdekiTWjl2E+PKS4nBCBSeFeoboUHLnQ/AHevzxnJiEUK7otOXim
-UFRLlktEMASIbfUjiJrkwmL6JxvDXlbmhJNVlXZI6bRfAxi2XXt6o+ZO0VAFlebG
-iga9
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=onlyContainsCACerts CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:F3:A1:07:46:67:7B:E9:8F:59:AB:EB:55:86:93:C8:AC:E4:55:B7:18
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0....
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        54:27:ac:fc:b5:7a:93:93:e7:f2:e9:63:f7:52:ad:20:08:4c:
-        52:08:62:e6:f6:81:71:1d:72:f4:1d:bf:db:06:52:d6:4f:8b:
-        86:68:4a:ca:01:4a:fd:b9:7e:5d:7a:df:48:67:36:9b:31:12:
-        dd:13:29:b2:8e:b6:ba:c4:20:31:57:4f:7e:c6:d1:3c:0b:e5:
-        1c:a0:c2:15:c6:09:5b:77:ca:95:37:31:7d:a8:08:4d:ae:60:
-        4f:3c:b4:ef:92:9d:f1:11:5f:a1:1b:2d:ff:e6:2e:07:88:4e:
-        2c:88:54:b8:e1:be:4e:6c:22:90:0e:37:0d:b2:8d:61:21:46:
-        36:29
------BEGIN X509 CRL-----
-MIIBVDCBvgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHzAdBgNVBAMTFm9ubHlDb250YWluc0NBQ2Vy
-dHMgQ0EXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgQDA+MB8GA1UdIwQY
-MBaAFPOhB0Zne+mPWavrVYaTyKzkVbcYMAoGA1UdFAQDAgEBMA8GA1UdHAEB/wQF
-MAOCAf8wDQYJKoZIhvcNAQEFBQADgYEAVCes/LV6k5Pn8ulj91KtIAhMUghi5vaB
-cR1y9B2/2wZS1k+LhmhKygFK/bl+XXrfSGc2mzES3RMpso62usQgMVdPfsbRPAvl
-HKDCFcYJW3fKlTcxfagITa5gTzy075Kd8RFfoRst/+YuB4hOLIhUuOG+TmwikA43
-DbKNYSFGNik=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsTest13EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsTest13EE.pem
new file mode 100644
index 0000000000..30fec0a7c4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlyContainsCACertsTest13EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 9C 29 A1 97 81 CF FA AA C3 77 FB C8 F9 3F 64 D4 2C DC C1 7D 
+    friendlyName: Valid onlyContainsCACerts Test13 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid onlyContainsCACerts EE Certificate Test13
+issuer=/C=US/O=Test Certificates 2011/CN=onlyContainsCACerts CA
+-----BEGIN CERTIFICATE-----
+MIIDrjCCApagAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWb25seUNv
+bnRhaW5zQ0FDZXJ0cyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MGgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MTgwNgYDVQQDEy9WYWxpZCBvbmx5Q29udGFpbnNDQUNlcnRzIEVFIENlcnRpZmlj
+YXRlIFRlc3QxMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANX15GuX
+OGqR1Az5/3Eya+5k/mszVGRtEA4BxsovHQrt4IIP1MjoRrB6sL2Gxjps4vzA4Aw9
+S6LxUJRaw1L59qRWJcdrTMnI9Jzqc0t9WanMqb7CTvlTQN86FO9KEbmc3HO8YKnw
+OySx6uXgAA/X9+AsuJhlwXH05K0sTlqzP39PiXupl3S3pqVAPHVKpjY1hizfABQQ
+ugfMk0szqm5ZqUbtRoRsTI5pWxe12UDVN8eclHUJVPng220tUQY9vaHesjIpcrEg
+p7KBxmLsbAdnoVs3JNYGPTI4wgvAOAlFxIpTc83l8T214BD5w65oQdDYVcRo37+3
+bqRyWAuLy3qYeX8CAwEAAaN8MHowHwYDVR0jBBgwFoAUJTjDrsotdXpbTdTAA5KI
+EyLHbFQwHQYDVR0OBBYEFDtDT7cTpkfkonYlzo4kLdOETiNvMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB9jAN
+BgkqhkiG9w0BAQsFAAOCAQEAfmMUoBvJy5nZ5eICleksT7UiUJ9gyi/uxAYn1NN4
+o61FMj0lyattfHD6gyFFVHW6BrEF2vbDXKug9BWuJI+3xLOIxUsDQ+IP/0juxu9O
+iggb6f9zg1IqmX0YEC05+4MPEidRKLsZh+OYlpCtjCMj94XOFWeM8gHJIhhR17oz
+7VG68tKWMvoo8Tfo4nuYkjQ4nFwAcMKIctL641sxVzMEmDgv9x6oJs/irSqKSLSZ
+pFJrYBYiOU8/GTOL4rlOBEYL4gXW4PJs1HXft761W7Bpwd9SVJA6fogM28XuWr8c
+Gslx+k60FDk0HfYsxw3pTlSubTKp+oYiV7xQgcgtHWLkZA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9C 29 A1 97 81 CF FA AA C3 77 FB C8 F9 3F 64 D4 2C DC C1 7D 
+    friendlyName: Valid onlyContainsCACerts Test13 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EEC5957D68BA54BA
+
+qrY9d5ZVIowhv+2U9J1l+oI/xmuDX1I/6K8ba3cDGtFuYRHp5CHen3LwiqNecqz5
+Q+b03EEk/cKfIFIRBv/iuH27N1yUEQO/zWc2ShxRpcjO6vynx0vBFp+e+2f3PAs4
+1Bqb9mfP3lct0ZznaU/nIXqfTSpFp1cYAQvHVYOr4syFVMFr0hGlXWeliQqaEdlr
+GamfWs9NkieMQCmS6OXJxTQBgu9CKE50K9J1OeVGy+qR9heSWfx0q10vR+Ic29K9
+LHYVWGtLAbgIS8NL9ugwQNnJrRVd7WNnnwTlR1R2+vhAvPiTo16FKIK5pjCVxdFi
+xuBplIVwUPksqoL4uzuQupGHwBpY/6L9SfulBfBmpc+JEARvhj18sSSuYOxBE/5k
+0u1AFc5ltaO3LggseB3yQJAlBGPzqn1t8AQjoXnvo/T0hocYApwlWwXfDI5NE0T+
+T7oyDMed+EyPfegs5Ld1HDS7B5MMsKsTeooxdomAvPjnJHK1tQsVIYRdJ53XsFo+
+0aX7ClDc3G8oK0m97gogQghYdCHAFD4ts1gewHozUUjpxig8SmJ7FPqHvcwXA74f
+iXkXUiPPENhVE4fuydzrfB7SQ+5Esbk6bPb88GHWFod9HnRVA0n5yVg47/pTB8DL
+9wz5DkN/sMYyyE0+3rmsvT5/z0+4GOinV0vWpnMAz6t9huMg2943kLQhEIRXszIp
+PQhA9ljwCFqjv7xl3nbQUP2l6nQeHN6YMzk/0tWAsLR8sbp4NLKvGWYBG4EVrxzQ
+/Oee5ubzznx0loO5QOvfheElAuyRZrWZPxeFajgT1h4UZNwORfTSWWZ4RYk+6GPB
++p8BV3GTpM80CF3O5syUik3zw1TxRgMvr/5mzGmw95Jlr941cGWTyf7OuJjCpL65
+jt7rv8uacSCbu7UQrh4gqBlP/dCUAs2QZaO4dW55eJBDOzDsxgnTqon8loaJlRQc
+mZj+BZ/H+s8N9hazexRF5RLhbcB+p4ef4+5YznMXRphTnhbNLmQh0HXxdliKHmTO
+D72PkEIFJMkkAKY3iONyRCUaYJCajlBo2TiRLMspRsmTszzqDYM5t1MixbHeXLBv
+tPNSdrjgR/jwqMKaFNAjI2EiSkkZpSX6yHwHpSj9WjSRcLPhVJwFpR+wmLDG2tHU
+aC++rFQCDU/blZCkasHZNwB23HEZuF5oVTj59V/L2z/JqptrzxpWzTMfx8xOOLJd
+cQud70en29/mfzXYAe0M2YpIoSokkMOliE0W3DblFcivo6U6oZEbC9nI3otIazZL
+brbcANPIgSPzCtvoQj0ibtqcyZ7QzabzGG2Uemraqmt5HjVbAcPncDm78TB3xdfb
+W0O0MQ8I1lj/o31pvO5Lzd4c4ae57V+gkIy285CTEKwk/BYzujQYbzRuPWjWQxqS
+tZKnRtEfQzqQmqgLeZWwg1yLns+Cl8Zikv5vixQ5V/R9jASohRFyU5DFyj0fR1rI
+EvBO5bRHUU/35ExppmVuY8eUsSwBNR/XG2dFQwLvy+Q29e1TTXsaw4wTmRCJOViL
++eAyUGnv4XKUTr7nKIF4G8tCulMLV9DWChagc1ZJVdFKhQTwN1sicQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18.pem
deleted file mode 100644
index 580d919aa2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UECxMTb25seVNvbWVS
-ZWFzb25zIENBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApawx8YRMPlMQ
-024rS3sld90L6veeiaILQ6LHaLsGJq3VdzR86qrSqOOIC4riSla8gYRwgMxS4ex2
-wjXsRFQbvsG09PcFyRJKJ0NLsY8FiVdShUDwLEohR/cdfL4Z+iCgZdY4iMaILI8a
-MHiBRffd7isOjbgUd8JKQ6DM4ercJksCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFD++QPH3awL7sFnDAKRa4JdUCOkZ
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAzmsqTCqqsyknqgNHYbj4aH461
-hKTEkZRpMSUHjJwKJWFK4fzqdC8DDlCw9rfmNld7RwxcC3/o0J5v3T4KG3C4s9Rr
-eVSmm4Kwvgjmj0tsm0TQbG+B4uLqaFAAmlBTZPYl9ABodUKUP2eKcAL7f98INanN
-/veMciSwQ7N4Ku7Zjw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid onlySomeReasons EE Certificate Test19
-issuer=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
------BEGIN CERTIFICATE-----
-MIIDYjCCAsugAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAsTE29ubHlTb21lUmVh
-c29ucyBDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK1Zh
-bGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTkwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBANbeMMLH+IhNKpE0W5mNqU1YnGXZjAhFNF7V
-hMVHkKyGO+6oluHVdrzxL4CoonF40mpNZdCyVA39nKEW2HV1KB2OQ2cjjOpS+n6l
-1eds3MeBCa3z1kzPbsqkkTH+hdmkHnn7gsQNElk+mALZXM/UC+kIRlHIWSmR+FvK
-+gqFZw3ZAgMBAAGjggFEMIIBQDAfBgNVHSMEGDAWgBQ/vkDx92sC+7BZwwCkWuCX
-VAjpGTAdBgNVHQ4EFgQU31n0/apTtgdLpf3g030Om2i0nuswDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCB1AYDVR0fBIHMMIHJMGKgXKBa
-pFgwVjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRww
-GgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgQIFYDBj
-oFygWqRYMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czEcMBoGA1UECxMTb25seVNvbWVSZWFzb25zIENBNDENMAsGA1UEAxMEQ1JMMoED
-B5+AMA0GCSqGSIb3DQEBBQUAA4GBACKZfydulpOlfYkHfr+kYAFm8mWYkFty5+82
-g7UQ34pUUcNlmXy2LAvyOnFBy9LJGLpfyqbaZYLyspSseZrYTfdEYRdba4FWLwEp
-iCqeyzac+D1Hr7uRFVocXyd1ZUKWhdA0gfkORdmeNO4HjY3D1+y75qjNutoqK9et
-6C9d+9jH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0b.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL1...`
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:c9:cf:ae:6b:51:3a:d8:ee:4f:85:3b:a7:18:30:00:6c:cd:
-        0f:1a:59:06:50:fd:75:49:44:9a:af:71:a5:74:ca:25:02:e1:
-        fe:c2:0b:15:f4:db:0a:8c:7f:ca:9b:de:cd:bf:1a:2d:3e:10:
-        1a:a9:4a:9b:a9:64:75:01:1c:dc:26:b2:f6:ab:2f:d2:7b:3d:
-        01:f6:fb:64:a4:c8:53:65:b2:80:5a:1d:22:e7:3b:9c:12:92:
-        96:01:0d:74:83:d2:72:c3:a6:34:cb:54:bc:75:c4:34:12:c1:
-        4e:40:2e:e1:28:d7:ea:6d:c1:9a:4b:80:dc:2d:7c:7c:a5:a7:
-        28:75
------BEGIN X509 CRL-----
-MIIB1zCCAUACAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIGgMIGdMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG4GA1UdHAEB/wRkMGKgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgwIFYDANBgkqhkiG
-9w0BAQUFAAOBgQAMyc+ua1E62O5PhTunGDAAbM0PGlkGUP11SUSar3GldMolAuH+
-wgsV9NsKjH/Km97NvxotPhAaqUqbqWR1ARzcJrL2qy/Sez0B9vtkpMhTZbKAWh0i
-5zucEpKWAQ10g9Jyw6Y0y1S8dcQ0EsFOQC7hKNfqbcGaS4DcLXx8pacodQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0c.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL2.....
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Affiliation Changed
-    Signature Algorithm: sha1WithRSAEncryption
-        3d:11:d9:b5:4a:98:2e:f6:01:84:ec:e5:d7:d5:20:45:06:18:
-        19:5e:18:1b:89:27:c3:fc:7a:ea:a7:3e:3d:bc:ff:26:f1:69:
-        90:73:a1:2f:d6:0e:82:36:1b:f7:98:7d:26:2f:07:86:05:58:
-        b4:5f:ce:84:6d:ef:4a:51:e8:40:4a:51:b2:57:46:b6:76:e1:
-        8f:0e:b8:03:16:88:72:c3:88:74:74:76:38:1d:44:87:88:c2:
-        a5:ce:34:cb:a9:bf:a1:6f:e9:96:e3:a7:ab:3f:be:a5:60:b2:
-        4b:e2:bb:f8:1b:84:4e:eb:69:ae:01:f2:5a:e9:78:9d:ac:38:
-        45:4d
------BEGIN X509 CRL-----
-MIIB2DCCAUECAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAxcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEDoIGhMIGeMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG8GA1UdHAEB/wRlMGOgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwygwMHn4AwDQYJKoZI
-hvcNAQEFBQADgYEAPRHZtUqYLvYBhOzl19UgRQYYGV4YG4knw/x66qc+Pbz/JvFp
-kHOhL9YOgjYb95h9Ji8HhgVYtF/OhG3vSlHoQEpRsldGtnbhjw64AxaIcsOIdHR2
-OB1Eh4jCpc40y6m/oW/pluOnqz++pWCyS+K7+BuETutprgHyWul4naw4RU0=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18EE.pem
new file mode 100644
index 0000000000..c0ee2e1cda
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest18EE.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 42 A7 D1 D9 39 66 A1 A3 50 5D 99 15 05 9A 61 3D 4C 09 43 CC 
+    friendlyName: Valid onlySomeReasons Test18 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid onlySomeReasons EE Certificate Test18
+issuer=/C=US/O=Test Certificates 2011/OU=onlySomeReasons CA3
+-----BEGIN CERTIFICATE-----
+MIIEBzCCAu+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UECxMTb25seVNv
+bWVSZWFzb25zIENBMzAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGQx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTQw
+MgYDVQQDEytWYWxpZCBvbmx5U29tZVJlYXNvbnMgRUUgQ2VydGlmaWNhdGUgVGVz
+dDE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4x8zxpPGgnBqlIWH
+sva5Yg5I7d0lcKVlJv4pTMjnEXaGboFcTOBu+ZI/ECdX1hLTA+9JLEivrZU996SW
+gWD7JCjq5ULOzD3a+fgDColZY81TP+EfcwWOP84qQHZzBj1LrNczk/nyla4s4aoA
+z3//CHmz6DEEKNlIDk80MLSagvUZo/LJ6QyKx1BecsP8pf6mDxIXpHgf9LrJ4aWz
+xRPFy+Zmoizo3BRQghRGnCTo+fWNwPOJ8nSRTEu926xMiyu2qExL75Ng2dsaMSd9
+dFlJgU86pp8oYfMsFKJal70ofB1QeqpszkAgW+FOEp6R2iabHTWxrYW5aJ7DTyjc
+0SkD4wIDAQABo4HbMIHYMB8GA1UdIwQYMBaAFC0kt5eHLO7aHL7el4Qbr6AVFr5r
+MB0GA1UdDgQWBBSCHuiLoRbi7SpBZu52PliT2MdEUTAOBgNVHQ8BAf8EBAMCBPAw
+FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMG0GA1UdHwRmMGQwYqBgoF6kXDBaMQsw
+CQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoG
+A1UECxMTb25seVNvbWVSZWFzb25zIENBMzEMMAoGA1UEAxMDQ1JMMA0GCSqGSIb3
+DQEBCwUAA4IBAQBMDyLf+YjZxO+aN7TIp70Wm8qKs5gEfZQEzKBODxprp9iImKb4
+4PYrLPt3hjUFa9dIZeH/ewoeXdqjIfLwqFZfHBWsNMWXiKOa+N7k/XcTclX1LSPT
+h5HkvbhomN2rvwpUgbnUQKD4PddOfTABJtVzJJwLvY92cgu5/qxwkreeI0FwlFx4
+bnMB6AoCV8jNGlEAVMTrL4YKGVGFYSdWthfbMRvtR6OGfQ1/SLQZeD+7Tzq6dtdV
+qAuRUb9BXemkK85LIcBhvVSHJEmcGocOjKAs+VqxBJlNVcoVUoFDX17/PwInbQmO
+C35YSeFdBh6FNwbalsWkzKl5PmjH2XJCP4Zi
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 42 A7 D1 D9 39 66 A1 A3 50 5D 99 15 05 9A 61 3D 4C 09 43 CC 
+    friendlyName: Valid onlySomeReasons Test18 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DC1A964E9CB7CB53
+
+XWgNPVxoNKAvoa9qvAqymT5p8IVNC09tbQVnV3TTf4ZBX/3qa/apfmQ8u/T0Vibr
+vgYMBwt9L+j4Oujyw9+o83ziUlom9Reor7KmFSO0vYJOIgxPIkHTG5+IXiRSO8N9
+W0jhMRWuHFlpQFXF8AR4+dPAa0KVCzfBGuEwksmmHTYhVboYwN1FrQwxL5Mua89N
+PCUucOWRXrARA0LqA5tTeFGHU3Ou1SIdvaGDxRYoRQjAV2uTQuiILxIPUUOCZR0j
+qE3vZNRW781EgnHF2lVrXaTIgKJXmu0owHS0e/HNTpno4r1JLEBKOdjwgbnilZOI
+c4CWnXi+6CLmLP4rw1QaV/gV+c0uVrPjCCy/1kD2dEF/D7rOfSc/Il6aR5wD6Vsk
+sl3pMpKuhX3YxDShDg6rHp3n2YPRh7x6/bPNbGB1WuXOGFC0SptulTzY1gKW45Nn
+wFHYkjmPDadLhU+5HwpzXeXhJdMHCW+z8TsTGjNIQVRFlbX4PRxWwK8n1FPl5+k6
+1pCZZjdcFXUXNzNXqMXSxd8/7ilnVqXXi1unaoqFW8Zfp8e7FR8ltAUuJL3jOjV0
+Tw7K63B5KmtcpRn/O0J/me+d15343F0QaglJpn3iakNyutyu5zzAzZS4KvBRIXJg
+QyYfm16D9p1AkNOHq7g99N7wnA15JLxqOuE+YB26LSpcRZIker5cGsAfQDWliqOB
+vX86jMET4qPcOmApPaSuRolXlBm7kWjxv9iltr/nPJi1RJOZkfBuGHJ5V+vuNpWJ
+y87y5sgCkGakoG7NASAQQYKHhdKie+//3AWaaxWqr5H3jzUEtaZ2yyqvMmMOle/K
+ePna6WyHQ8a/CQBypPGp9adWO6oUNyDIYbNbq86bw5Eor0JvSQIBWany1Xlzt3Qg
+J6cPxBe4nEktHzv9+bM0fRb6R6mHbu21MQ7JEPoF316E++PM8gC0Mt0R37dRSEvv
+Q+Yy3FNArDeqRdP3BcVsbl93zPz1Su2uyJo8h+o+YCEao48NcttOcMkU/wkSyT0y
+OXvi2YotIsAkryR0ZvXcfWkKl1kt2qBR7qOvVedWiwgeIjyytgHi9PAPqAYw+Aia
+ZlGRPaiqCIEmwu2HiJ1A5+lrW5vK6UWtwrWM3XJKjcPSW493auFURyAKdA3jvhCu
++7PEV4m7AksM+N+rjObGFbonEIqTov1cIj+S4DqnOpOvc0LEvNumIY5iZtIZrkDT
+93JQODsyGgs4mnlV7BFhWiGaEIhOV2nSANz2VQc7mN2RyUdajg4nTgCsTK0j7OVb
++aFYXlJ9KB4484n4BRJ8LOjjGpsUegvVqt2QP56YyI02Du13YPCkzIjOUA4lMWRk
+q52k69X55d8kI+EE7Sn18Veo80Idq6vA9wlYzk16hg3cyI0uEpwtbTNF5j/PG1yf
+IsMpj+KJPDx+P9PNZC7fnb5J9ok6yxy/G/GOTvLuqHUZtoYhSW4UL3aRwzs8hgTP
+n/1Yg4GETmNRQu06tgrwOIa6iyXV6ulsFnn1J3jgZlbbAXqyP2lZR5M9lQn4oPuy
+8AdX/QtJJzqjgWD0GUYWCg7l+rJa+Hqqwr2U0kz8t6mS2HTPVtutUQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19.pem
deleted file mode 100644
index 580d919aa2..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19.pem
+++ /dev/null
@@ -1,167 +0,0 @@
-subject=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICeTCCAeKgAwIBAgIBUzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEcxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEcMBoGA1UECxMTb25seVNvbWVS
-ZWFzb25zIENBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApawx8YRMPlMQ
-024rS3sld90L6veeiaILQ6LHaLsGJq3VdzR86qrSqOOIC4riSla8gYRwgMxS4ex2
-wjXsRFQbvsG09PcFyRJKJ0NLsY8FiVdShUDwLEohR/cdfL4Z+iCgZdY4iMaILI8a
-MHiBRffd7isOjbgUd8JKQ6DM4ercJksCAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zU
-LYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFD++QPH3awL7sFnDAKRa4JdUCOkZ
-MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAzmsqTCqqsyknqgNHYbj4aH461
-hKTEkZRpMSUHjJwKJWFK4fzqdC8DDlCw9rfmNld7RwxcC3/o0J5v3T4KG3C4s9Rr
-eVSmm4Kwvgjmj0tsm0TQbG+B4uLqaFAAmlBTZPYl9ABodUKUP2eKcAL7f98INanN
-/veMciSwQ7N4Ku7Zjw==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid onlySomeReasons EE Certificate Test19
-issuer=/C=US/O=Test Certificates/OU=onlySomeReasons CA4
------BEGIN CERTIFICATE-----
-MIIDYjCCAsugAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHDAaBgNVBAsTE29ubHlTb21lUmVh
-c29ucyBDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBfMQswCQYD
-VQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxNDAyBgNVBAMTK1Zh
-bGlkIG9ubHlTb21lUmVhc29ucyBFRSBDZXJ0aWZpY2F0ZSBUZXN0MTkwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBANbeMMLH+IhNKpE0W5mNqU1YnGXZjAhFNF7V
-hMVHkKyGO+6oluHVdrzxL4CoonF40mpNZdCyVA39nKEW2HV1KB2OQ2cjjOpS+n6l
-1eds3MeBCa3z1kzPbsqkkTH+hdmkHnn7gsQNElk+mALZXM/UC+kIRlHIWSmR+FvK
-+gqFZw3ZAgMBAAGjggFEMIIBQDAfBgNVHSMEGDAWgBQ/vkDx92sC+7BZwwCkWuCX
-VAjpGTAdBgNVHQ4EFgQU31n0/apTtgdLpf3g030Om2i0nuswDgYDVR0PAQH/BAQD
-AgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATCB1AYDVR0fBIHMMIHJMGKgXKBa
-pFgwVjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRww
-GgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgQIFYDBj
-oFygWqRYMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czEcMBoGA1UECxMTb25seVNvbWVSZWFzb25zIENBNDENMAsGA1UEAxMEQ1JMMoED
-B5+AMA0GCSqGSIb3DQEBBQUAA4GBACKZfydulpOlfYkHfr+kYAFm8mWYkFty5+82
-g7UQ34pUUcNlmXy2LAvyOnFBy9LJGLpfyqbaZYLyspSseZrYTfdEYRdba4FWLwEp
-iCqeyzac+D1Hr7uRFVocXyd1ZUKWhdA0gfkORdmeNO4HjY3D1+y75qjNutoqK9et
-6C9d+9jH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0b.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL1...`
-Revoked Certificates:
-    Serial Number: 02
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:c9:cf:ae:6b:51:3a:d8:ee:4f:85:3b:a7:18:30:00:6c:cd:
-        0f:1a:59:06:50:fd:75:49:44:9a:af:71:a5:74:ca:25:02:e1:
-        fe:c2:0b:15:f4:db:0a:8c:7f:ca:9b:de:cd:bf:1a:2d:3e:10:
-        1a:a9:4a:9b:a9:64:75:01:1c:dc:26:b2:f6:ab:2f:d2:7b:3d:
-        01:f6:fb:64:a4:c8:53:65:b2:80:5a:1d:22:e7:3b:9c:12:92:
-        96:01:0d:74:83:d2:72:c3:a6:34:cb:54:bc:75:c4:34:12:c1:
-        4e:40:2e:e1:28:d7:ea:6d:c1:9a:4b:80:dc:2d:7c:7c:a5:a7:
-        28:75
------BEGIN X509 CRL-----
-MIIB1zCCAUACAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAhcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoIGgMIGdMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG4GA1UdHAEB/wRkMGKgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgwIFYDANBgkqhkiG
-9w0BAQUFAAOBgQAMyc+ua1E62O5PhTunGDAAbM0PGlkGUP11SUSar3GldMolAuH+
-wgsV9NsKjH/Km97NvxotPhAaqUqbqWR1ARzcJrL2qy/Sez0B9vtkpMhTZbKAWh0i
-5zucEpKWAQ10g9Jyw6Y0y1S8dcQ0EsFOQC7hKNfqbcGaS4DcLXx8pacodQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/OU=onlySomeReasons CA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:3F:BE:40:F1:F7:6B:02:FB:B0:59:C3:00:A4:5A:E0:97:54:08:E9:19
-
-            X509v3 CRL Number: 
-                1
-            2.5.29.28: critical
-                0c.\.Z.X0V1.0...U....US1.0...U.
-..Test Certificates1.0...U....onlySomeReasons CA41
0...U....CRL2.....
-Revoked Certificates:
-    Serial Number: 03
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Affiliation Changed
-    Signature Algorithm: sha1WithRSAEncryption
-        3d:11:d9:b5:4a:98:2e:f6:01:84:ec:e5:d7:d5:20:45:06:18:
-        19:5e:18:1b:89:27:c3:fc:7a:ea:a7:3e:3d:bc:ff:26:f1:69:
-        90:73:a1:2f:d6:0e:82:36:1b:f7:98:7d:26:2f:07:86:05:58:
-        b4:5f:ce:84:6d:ef:4a:51:e8:40:4a:51:b2:57:46:b6:76:e1:
-        8f:0e:b8:03:16:88:72:c3:88:74:74:76:38:1d:44:87:88:c2:
-        a5:ce:34:cb:a9:bf:a1:6f:e9:96:e3:a7:ab:3f:be:a5:60:b2:
-        4b:e2:bb:f8:1b:84:4e:eb:69:ae:01:f2:5a:e9:78:9d:ac:38:
-        45:4d
------BEGIN X509 CRL-----
-MIIB2DCCAUECAQEwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCVVMxGjAYBgNV
-BAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMg
-Q0E0Fw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMCIwIAIBAxcNMDEwNDE5
-MTQ1NzIwWjAMMAoGA1UdFQQDCgEDoIGhMIGeMB8GA1UdIwQYMBaAFD++QPH3awL7
-sFnDAKRa4JdUCOkZMAoGA1UdFAQDAgEBMG8GA1UdHAEB/wRlMGOgXKBapFgwVjEL
-MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMRwwGgYDVQQL
-ExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwygwMHn4AwDQYJKoZI
-hvcNAQEFBQADgYEAPRHZtUqYLvYBhOzl19UgRQYYGV4YG4knw/x66qc+Pbz/JvFp
-kHOhL9YOgjYb95h9Ji8HhgVYtF/OhG3vSlHoQEpRsldGtnbhjw64AxaIcsOIdHR2
-OB1Eh4jCpc40y6m/oW/pluOnqz++pWCyS+K7+BuETutprgHyWul4naw4RU0=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19EE.pem
new file mode 100644
index 0000000000..ce783f6d22
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidonlySomeReasonsTest19EE.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 23 3F AC 65 5C BD B4 11 55 FA 12 15 B8 BD F4 B7 AA 63 89 68 
+    friendlyName: Valid onlySomeReasons Test19 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid onlySomeReasons EE Certificate Test19
+issuer=/C=US/O=Test Certificates 2011/OU=onlySomeReasons CA4
+-----BEGIN CERTIFICATE-----
+MIIEezCCA2OgAwIBAgIBATANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEcMBoGA1UECxMTb25seVNv
+bWVSZWFzb25zIENBNDAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMGQx
+CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMTQw
+MgYDVQQDEytWYWxpZCBvbmx5U29tZVJlYXNvbnMgRUUgQ2VydGlmaWNhdGUgVGVz
+dDE5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYaYmevtVXzOSYqg
+VGMWu24TJ5L1gx1O3gTuPBCkQE5QZVa23vo3dDpL2m3SpMJ3kWJuPkIAA4eobyIk
+IYqZCsSO9y6zKfhCFOG/ynddUbglmcigcjzA4uZ8wNTXgV2shFYtxCcU/3Tbr8IT
+Q/bbX9/eMw+8vNtIZdM6MieX9/fwa5WkQJqhOYyPJJ9NfeJmwSnjd6WC5mkA9hBa
+0RqL34l8mhiARM9sO8p7uv2cTm7hKTQ133RhnWX5wwbiRB3H18pG/Ikw+2Fel0u2
+PuI4qXbevmzjL/83sf/unZt8++MeiyUVYSJf/V4yRuRW/kFAOPExJJyCoaZeNp1i
+SGa9pQIDAQABo4IBTjCCAUowHwYDVR0jBBgwFoAUvmbcHgwGO/bTiDSRUyaBDWgX
+bskwHQYDVR0OBBYEFORDdLxa0SqQZuQsnjKT0Gwdhm7KMA4GA1UdDwEB/wQEAwIE
+8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwgd4GA1UdHwSB1jCB0zBnoGGgX6Rd
+MFsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQDEwRDUkwxgQIF
+YDBooGGgX6RdMFsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMRwwGgYDVQQLExNvbmx5U29tZVJlYXNvbnMgQ0E0MQ0wCwYDVQQD
+EwRDUkwygQMHn4AwDQYJKoZIhvcNAQELBQADggEBAEp1pHXjSGjq1N6Oe2KCTqvs
+TW/SpD8ezjGgyAUwU15I2sTCRhIUeRMZPFVkNqSmDfSp+xNWa8WwXgTaUpcbN3/+
+SC7WefRmx82NMFGZ7lshpwd/LdcagG8oK8jyC8Lec73qpDeObhwo2VTWUs2KfcgE
+Q9QP0QL8xO5v2VbQovLHIu1H4vqqYYCgZ/dZ7ctiatxFEHo36PP57+gRbBGPkubg
+c7TC0UWF2z+m+LeBtSQBXyifUIhqcbWkXz0fqpf12/6BVrKsRnpICJhKjYBhpS9z
+mORlC3jZn479qEASq+HfY/T5aaWJvIhZbsRd50GZerNg6DhQfNj8bJvnBx77CSI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 23 3F AC 65 5C BD B4 11 55 FA 12 15 B8 BD F4 B7 AA 63 89 68 
+    friendlyName: Valid onlySomeReasons Test19 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F770B6331EB6E985
+
+00hiEinPPF507CjG5k30QFMeFtpvVoaSvIV3gwKZs1fxsHhMU58Aw8ir9muU7mOI
+KoFHC2JYytoX+BQWmkvSFtqiQEuWmQNcdQmuWXz0HqbmtTSqxC7kI+rDhseetO1f
+Varfou/gU07P29NHTVArxr4cG9GxeArnsV1xT6/hChXuKFHk3Rlb1mkVDR5hojtc
+70z+t6Fpr2csBiu+s8JbI0GdUspsLTCNSJAZDhXaPbrVA2mb/F5m1+soUb8filGJ
+a7YfR6EOAL5BlO4AKJsmW9DuDz+ZUp/NbaCQMIOUUcFqhTQlez3vWp9RH6yvzbUR
+NZe7wEoj5U2JPPj8MKPJRkFVIYv/VL5BsJgjMKz1CAx/ev4SNchBjctph/WlJ/Yh
+DEhdqQv3cS6n3cwY5UVkKjBIMLT0rFDcCrPUC1PttwMv+/qj67jaLjqSkHH37m6b
+RzLgUP7iZCWT/4kzRTQ/PZ3loErNYXqgINLmk3uAQYMMGWXK2I0/O6Ib0YiAg91n
+8NbD7ii8Xi2tvBUgqmUNA4HPBxDaadeuMF9cyZgNRghgM1pFXHCMx+jY9NTFfkQz
+hEQwGmw5FlDIlJzuckUVrwKp2D+ewkThuCPl4xIEq0UG6L7ZDVhZ3dNlZzaXuhk7
+zJpcNLIbTkZEw+xaO4vYkKa7XwmGZ6L6Q0rf1DPyYscLp7P6Ym4AIlzFepb8sdjT
+NrkjDy/OpU/W9HzIT08WQv31uPtaxqthMrRyAQiqcSRqrye80/hXu3YFGjRh1QfV
+AT4gMdC/SZUrWb2YSBieE8uHW5/5PtJC8WKQFWg7Rth8noeRb/f5jU8UiqLN1YSO
+pXXPo1MA1UBNc5aXYHtsg+4uDz1osvOrKgrU3D1JRi6NNcVg6VNYwy/E4etYvDJX
+sTYvnoU1XNPMFpEFzjPNhllYZ43V7C45LgZadsdG6JMY/6/QBysiv3uvP6ckxOUq
+WHM4Q0ifWtAgAPKLLgZiol6r0R4WUihsZHawn/Dwwcj97/zxPFTroN81l393sGQJ
+oESU/RMR/ZzGBJFaV/Hn15MdNGSp2SRGCi0xaOrEfx+kOHDWJbMe9Kl9KMQMngPL
+2qLKLl0Me4fBq5xhxq4t6F21/c3a5dwpAU/mK1UKKQtQSQ0AXcZSSXlvrk0x02jf
+sOoR5+mKYCky4dxBq1DkLmpOSk/G5GxDQ6MU+UVi+6/9KQ/CEgCu/TafYtgjwGfL
+He7d7NnduXYcdLXuxFZBDRJoLNIXGzTbJWF2wIXdxLx30OV9X7HvRV4DfBSX0Yq0
+o5ohzToT3QSY60JHDnhqsvpp95FlZgfuIqdC75Nz9gK6hD5OakQ/dyGEDFrWGyuh
+5Lf3t/YC7yd8E9c6SicH/ijOnuXwdm+Xqefs5VFPNfC+PBwTjVUHFdG9peFFyjq2
+mW5T+BBCwumWvlyudUDGRWisNP/xa/ooKieP4sQgGFQADwRD+bb7V0eHP92dC4i/
+jHnRq1u8wE+ce+usn2CzZIuzOzpPdKAbG9LMJeCdGQU7L3VJ4YkEB6IqOrrfHRdD
+aO9DnZLtH6kVi0vM4UJAYt9rCw+GjQOlO//fb/rFOe/JpFBD2kPQf5VPxsNl/xIY
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13.pem
deleted file mode 100644
index b183ea4aec..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13.pem
+++ /dev/null
@@ -1,262 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd
-RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ
-AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS
-icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO
-hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs
-k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2
-9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp
-Cu6s2eBv0+DeibQTg73sQuTj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAvfifKseM6a2SLDsRFhGp/REqaFlx95O6qTUy4GtxendIFOtyadcv+Krt
-MtbMq5gpTipTi88pg9PZJgu5WNbNCBTw9a4LVmuK7vW7+qc4vKAiHMx1C36i+M/u
-xAyxABnaB/+3GuTXBVh2UaFyc0y742BlOGiJQec4j12Ympn+/D8CAwEAAaN/MH0w
-HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFEg0CFSm
-7E/ZmBQh7NRjsSNv7Xk+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBBDANBgkqhkiG9w0BAQUFAAOBgQBH
-GNn47Kmou/bb4DJqEWK0rYy18Luf89VyfaGcLrRx55hJopWTol/7VNHK/PcEcYZR
-FvrRx3+j/FmPw7KdZhr7vswlOw+Al6Izo2NpTdI71n9v0mWk0aMnagaU1/HhVCo0
-MFmjWB6hXagaUlj7PMUGxJhJDLGVxim5OsTKsDyQsA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV
-BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTQxMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDEkec8+m6bpWo+4WFbIZq5Ex3/ooPS1Ag0V67MSbWUopjA
-ZSFFn1jMVuyJwvVJcWhm60beqAFCWAgdUw39yw1AH1ZjF80S0i7gOs1ecJOgcJlH
-l12ROKtYyawcnvh97Riu5uNhddo7GNP8imgxuTm+KCMgA2Yje/3+s+kkJGrmmQID
-AQABo38wfTAfBgNVHSMEGDAWgBRINAhUpuxP2ZgUIezUY7Ejb+15PjAdBgNVHQ4E
-FgQUxsXdPdf7dENAydCq5aEK1oE0ihEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAHXkSFfYx3eChLIW3r9jR5s+WkJP7zC2MDwTim6sqK9EEdF8u7jpSM7A
-injU005gD9O+daXiOhdTWtO6tHG5lU4F0pz1/gf6NabgsIZcCY5ihmO0sg9yFw2x
-m9ZtI0lrFDJVVMb2TTzSg2BCk/4WrjCu8lyZKeHb3/MPXrhVI6QI
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid pathLenConstraint EE Certificate Test13
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X
------BEGIN CERTIFICATE-----
-MIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJzdWJDQTQxWDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMGExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czE2MDQGA1UEAxMtVmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNh
-dGUgVGVzdDEzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt+goZGlfBA+Us
-3gYzg2H1q9xTS0jsUbdAWR+UyFhwlPTu9s29bJOQlgYCeMoZsW60iIbUbQjcq5Uz
-cVH3GuHEdnVZi+2PuExwKCPfJd5AlZLlHF2/rXEitua/1jfZeCG2APIo6Fo6MyRm
-DjXSMXVDa+34SxTNsxmRL5mRkAU14wIDAQABo2swaTAfBgNVHSMEGDAWgBQQleeK
-lnT5PPSbBqlJ88GaP85wHzAdBgNVHQ4EFgQUKiHe+m/ll4aKUr4X5q6GcSIkJkEw
-DgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG
-9w0BAQUFAAOBgQBg1xu2EY6shLYeKkVPx8VQMKHQwihQdDRH5Ehqsrgw5t3hALFO
-PjKZ7qdAOOWJA0Y8HmswJswQ9hYMEPkUdGLcE6ssQLySaRecEK5uW5/fWrs451uq
-5hyC55DEHEaJBbvzzBy4eftZcJrQv+QQTxhBH82+/LT02FkYqfjuUPIYSA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41
------BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJDQTQxMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowVTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSow
-KAYDVQQDEyFwYXRoTGVuQ29uc3RyYWludDYgc3Vic3Vic3ViQ0E0MVgwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBALlp+FnExwi/Gj0ZI91kqo4pmnqqOhGFj1B7
-BwwpwPKi9bTS4V7SoF/789+rQvetsKPMvlFqlJxAJDAucVf9IcHun+JONgiIUcLB
-o1x/hhXffJx5AKaTGK3lCSkXqT2ivI8QJNTTjDgv3gvwGg97WVPlbOeZEPbwMzlx
-i4oq4uHXAgMBAAGjfDB6MB8GA1UdIwQYMBaAFMbF3T3X+3RDQMnQquWhCtaBNIoR
-MB0GA1UdDgQWBBQQleeKlnT5PPSbBqlJ88GaP85wHzAOBgNVHQ8BAf8EBAMCAQYw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQEFBQADgYEAuzFHa2SgbDIRvfbqmMe+p2l0M4gJMEc3r2caaovmKgfuVyBl
-n0JdZN2rzlYFV4jZbJ0wa89PzLIDtmptUctcO0DO/P+ofx8uAATdFhL4yMmHkK9L
-XVBrdANbZSBZ+8WXKrnvsJArX0vtQax8znEaTUskMtDe6gjzZsb957dYCCU=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0:
-        af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0:
-        11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3:
-        5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58:
-        ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd:
-        08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16:
-        1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78:
-        fa:7a
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn
-gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d
-CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:48:34:08:54:A6:EC:4F:D9:98:14:21:EC:D4:63:B1:23:6F:ED:79:3E
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        7a:5e:e4:e2:af:00:5c:48:3a:c2:36:d1:97:10:66:06:b0:04:
-        8c:37:8b:96:01:b2:c1:bc:b5:3a:8f:b5:44:05:db:84:2a:85:
-        c1:7c:96:fd:b3:6c:1d:47:69:63:e6:a2:d5:6b:29:76:e2:72:
-        e1:4b:6a:d4:06:22:80:cb:58:0a:39:aa:47:45:a0:84:d0:9d:
-        d4:e5:00:13:71:ef:bb:3b:27:b0:e5:93:cf:b2:05:87:43:8d:
-        bc:a5:7a:50:8f:22:43:48:df:9a:e7:cc:8c:3e:54:fd:16:85:
-        3e:e9:a2:47:4f:f8:ae:94:85:32:4a:88:94:b7:c4:13:62:11:
-        6c:b8
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJDQTQXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFEg0CFSm7E/ZmBQh7NRjsSNv7Xk+MAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAHpe5OKvAFxIOsI20ZcQZgawBIw3i5YBssG8tTqPtUQF24QqhcF8
-lv2zbB1HaWPmotVrKXbicuFLatQGIoDLWAo5qkdFoITQndTlABNx77s7J7Dlk8+y
-BYdDjbylelCPIkNI35rnzIw+VP0WhT7pokdP+K6UhTJKiJS3xBNiEWy4
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C6:C5:DD:3D:D7:FB:74:43:40:C9:D0:AA:E5:A1:0A:D6:81:34:8A:11
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0e:71:9b:f6:ad:39:6e:d8:be:f8:b2:87:85:75:4b:35:16:3c:
-        e7:52:48:af:e3:b1:7b:6d:1f:2e:59:59:81:af:cc:88:37:3b:
-        78:f8:4d:7a:81:e6:6e:23:50:4c:80:f2:e9:d5:cf:79:ce:e8:
-        9e:f8:c4:82:2b:6f:4a:ab:29:bd:5b:34:57:5f:31:5d:3b:a6:
-        b5:da:8f:57:4b:07:e2:5f:e3:f1:b0:8f:25:92:f2:c6:57:26:
-        9a:4e:36:d9:c9:6b:37:f3:0f:7d:81:b6:2d:6c:f7:c7:76:d7:
-        3e:29:67:8b:2e:01:9a:f8:90:2c:53:da:a6:c7:6c:b6:56:09:
-        fb:df
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJDQTQxFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBTGxd091/t0Q0DJ0KrloQrWgTSKETAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQAOcZv2rTlu2L74soeFdUs1FjznUkiv47F7bR8uWVmBr8yI
-Nzt4+E16geZuI1BMgPLp1c95zuie+MSCK29Kqym9WzRXXzFdO6a12o9XSwfiX+Px
-sI8lkvLGVyaaTjbZyWs38w99gbYtbPfHdtc+KWeLLgGa+JAsU9qmx2y2Vgn73w==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:10:95:E7:8A:96:74:F9:3C:F4:9B:06:A9:49:F3:C1:9A:3F:CE:70:1F
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        06:af:3f:80:68:02:24:ee:c0:3f:33:5b:62:49:01:cf:ee:87:
-        f7:92:49:33:a2:b1:b0:6c:e7:23:7f:4a:8d:2a:1b:e9:31:fc:
-        04:49:76:f2:f6:92:d2:b3:32:70:50:71:9f:12:ab:03:6c:2d:
-        a7:0f:81:ef:fb:01:3e:3f:09:b8:df:e8:4e:28:c9:5d:fa:a3:
-        ef:64:db:b9:cb:8f:66:a2:b5:ba:17:f3:05:62:5c:8c:5b:75:
-        f6:7e:54:aa:30:59:0d:50:c1:23:90:c9:91:06:49:1e:bf:23:
-        de:88:c6:7a:39:0e:6e:11:cc:44:44:40:2e:08:82:65:e8:74:
-        9d:60
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJzdWJDQTQxWBcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUEJXnipZ0+Tz0mwapSfPBmj/OcB8wCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEABq8/gGgCJO7APzNbYkkBz+6H95JJM6KxsGznI39K
-jSob6TH8BEl28vaS0rMycFBxnxKrA2wtpw+B7/sBPj8JuN/oTijJXfqj72TbucuP
-ZqK1uhfzBWJcjFt19n5UqjBZDVDBI5DJkQZJHr8j3ojGejkObhHMRERALgiCZeh0
-nWA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13EE.pem
new file mode 100644
index 0000000000..79507de0d1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest13EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 2D FA 1C 30 3E E6 37 A1 12 BE 07 77 3B 17 6E F8 9F 00 3A 06 
+    friendlyName: Valid pathLenConstraint Test13 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid pathLenConstraint EE Certificate Test13
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubsubCA41X
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YnN1YkNBNDFYMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowZjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExNjA0BgNVBAMTLVZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVF
+IENlcnRpZmljYXRlIFRlc3QxMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBANGvSnWvqPuuQwnBzwyPeG9cwJSQU/bvAAFK1V8D6Yb5dGmKu++FJuY3+qmG
+uzN3K1HFo1C/84fQ0UFNp/6H9r+9yUZ3RRSvr8A4JA0CUUv+mXfbd7+HzCqqyj0i
+RSreaFuiXaM4QAH56nrfg31qQGb1QC14tpEXlBp8YnGh2PRbbdJQf8JbxMOlhWB9
+A8+Dk0gwSVqUZ0nPDFy2OLQ3cEQTgjnihXBJqHztLtj4rQkwWbQCNIThrZ+XszkW
+6rcGygZ7ZACnuuHOG5UK6qxakReo8ZuW079tnFJCPSyPk54dHLlTrsz6LyyBQBKv
+2PzZAQcnzZWHJLoACwhOWUQ9dz8CAwEAAaNrMGkwHwYDVR0jBBgwFoAUoe2i8zVU
+pZ+8Y+ZHalMkbEoMciwwHQYDVR0OBBYEFLdJcbHtcyweaP/yNyrJR7L7kfqpMA4G
+A1UdDwEB/wQEAwIE8DAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcN
+AQELBQADggEBAJTElUFCT4pcCXUHleZsjeg3hPXNJIWYLr3/MACyrDpD7M4kb1J/
+v03VUo6r9wFgd2LE8Q9kghkRsQ1BvdGX9FijaPDMZ31kPpU1EelGutxkjU21mz6x
+lXLb4ql8QBCLDZ+N2mEQ8y/KCYpSkKJK2X5XHQ8LRn0b/QKK64UmF4uZFxKA5Ez8
+q1bescEhdWiAZBrFv5t+OhSHbRkRtLNB2fHkzkovVrhSgrG/qcsGInWTvF1RnV40
+iP7VcosKbEynP8p5LQMIjt7d4f+PocFcSIVwgcVfZdwx9MS+nAj29Ynu9vQENFHI
+xwRm/XT3hYzGswzrl5RhHyyjgAvjxwSaxfU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2D FA 1C 30 3E E6 37 A1 12 BE 07 77 3B 17 6E F8 9F 00 3A 06 
+    friendlyName: Valid pathLenConstraint Test13 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C045A0179BFD32F2
+
+0PhVbeIHszH6dY1ZI4AbD2whyIF4mwSnK0v+/EzbQixapqiVpM5mjsogGfNjH0xA
+/LUFFI75lMUJDQSstlUiDAVLBhLadSx2K7EQe7Yh+biVi/xlqObKauYzF8IUGl76
+CNU1DNvrf3HDU4GE/7nxrYWYjBZt6upNHjaek4UoyfiJT8T3hmOhhAFYxb0lxs8Z
+SnrGzb5eFWNSvlr4gTvvbb48PLrWzKk8DeuirhV23c4n6sj7pEcY1+rNVPxNm9oU
+43sOY4IEfr+CFXxQBFUTseVkLWpLLDdkPFiIgcmVSV8vaSwnsIQ3ciBxge/wZJMU
+78OyHkkUquZV+cCKrgpgChMin1u2wn08QyPwETdpMobc+g7Ydb+eyU39kMSIPP3t
+UrFsmTTPygF11iwkSbPzToQ163O0TOmqD0BcJsWxTVjbHSTnNJ4hVie8xIAShjAa
+9U04QPBp7gb7npf4dIEIh6Yyf9AQyLqwDgSZv2VO+M9G1EMxpNflsYLU6s3V1efM
+kXk9EPA0j0piq5xMdSf+AqRLieSkIm53fFENvfz0CcauOwSQ0Trm2S6vLzIp/IYA
+ZaCqwba9QqusemG/CfKKc4oCKeF+hFk5D21d+s5XGhmWjrkaWn7PQLxNnIiuZ+5s
+CIabBUjQHWreoBPw9QOQwbJMfTJYmfldZll9KnlLlo296Qb+uWLZTbtk3/ZEQ5go
+1iJp35jEs82nI9NVazSS98CXHBUCUOlHM0caxq3irssQlLz9nbnUODlrZ3CSaW8V
+wOsYkAnN6lFImq+1LqrSVtVqtESY6aPBt8GWS9UHx2n9MfRlPBKQLUJGnOG9+ktW
+tuayerk2V86x1R8c1YEbhqU+g//l1UoAOAEOfndkb4JNAgVXAxIhU2WpJUs9EGZR
+43nYgJ+IwiHWpWmB1TMgTMU+qFo+QjVYyZkGVyO2FUY2CaD5oq1MUGS0uDkfXq34
+8yBjCCskYG+eTnktrbJ86844oAObQiour2zVcQz3oI+uivn7XJBuLP/np2RLwQow
+yyXMzJIY+WO/WkZDPmXRLNToHaK6NG9/JVP6Z5WaZSHf1qrIHzH1optKT4YVJmmQ
+ZKbkVg1vsDmvaDMEaETzw6W8UUlrEc81HIlC03qKbmWVQKj/B6vvWefhXl8HCeWA
+OIeLhLVqJL5ZSQdnMdF33uhGOvhAWkUUmCEplixC+bRWdEhFoorZLHmuoML1WQ1X
+O8P9EkAuHxNzTv/FuPl+GHC3dkQrxFi0BNBKfUXhpK3E+/UAztcDlX4FNytLv7Q7
+FLP1yJ7Em2S87yeX4dRtG2OvNR8/gRWfNoZBxd3CU4mMg1IwXCZnpk5Odz1i/obJ
+yLUdymiAjHMZ3EyAhTxofDSwmakWjP8tzcXppcMJC6ghMHDd22KtYJztt/qG691G
+k77Ygq693ub+2usd/6aBmzOQMDAzj1aqAPUzd0yM36Cm7OmgJV3ZJ5C26XBOLP00
+oAa4UklbL5erfU6qMimMMdqbmKUd4whyvx9fKSdhGhFZ0VoOrT80CyGzVnnxC3fY
+Uw7NB+13ZruVC6SYCD1R7rRUUZgu9GbYdUx0Te12rrQozXMajPFy6psTUqEFusv5
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14.pem
deleted file mode 100644
index fb615f5434..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14.pem
+++ /dev/null
@@ -1,263 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGzANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQ2IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbfycd4Ehd
-RlHiRJp0MMk0H94GHYCYxpVEzfiC5V9w2M0NWJotHuHxdTvH02XZquFdQptZI0qZ
-AGeBgE3+FBJAGOK0ZxYJgSyscFWBTLGzFZu2Y09siuEwlr5W4z6iByJpFYsEK0JS
-icx7LPYOYyHmFpmDSdcUXwV59VWlaQn5HQIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUnY+0pLeirrl2tR7LH2QWpXoO
-hUowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEGMA0GCSqGSIb3DQEBBQUAA4GBAKJlZqSQSA4tpA42dNOs
-k5r0RU2BrRu2bPXhSEZHD0o46NJlNTNTfCAus4HtZ6GE1AvTIy3smHPGb1O4jth2
-9hYXVqNHIEIlejhxgSE0trBBT5L5vodq5Pu5qoTWPZ2Uu8pdqRvdmypKr7gI5inp
-Cu6s2eBv0+DeibQTg73sQuTj
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 CA
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50NiBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaME0xCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEiMCAGA1UEAxMZ
-cGF0aExlbkNvbnN0cmFpbnQ2IHN1YkNBNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAvfifKseM6a2SLDsRFhGp/REqaFlx95O6qTUy4GtxendIFOtyadcv+Krt
-MtbMq5gpTipTi88pg9PZJgu5WNbNCBTw9a4LVmuK7vW7+qc4vKAiHMx1C36i+M/u
-xAyxABnaB/+3GuTXBVh2UaFyc0y742BlOGiJQec4j12Ympn+/D8CAwEAAaN/MH0w
-HwYDVR0jBBgwFoAUnY+0pLeirrl2tR7LH2QWpXoOhUowHQYDVR0OBBYEFEg0CFSm
-7E/ZmBQh7NRjsSNv7Xk+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
-SAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBBDANBgkqhkiG9w0BAQUFAAOBgQBH
-GNn47Kmou/bb4DJqEWK0rYy18Luf89VyfaGcLrRx55hJopWTol/7VNHK/PcEcYZR
-FvrRx3+j/FmPw7KdZhr7vswlOw+Al6Izo2NpTdI71n9v0mWk0aMnagaU1/HhVCo0
-MFmjWB6hXagaUlj7PMUGxJhJDLGVxim5OsTKsDyQsA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4
------BEGIN CERTIFICATE-----
-MIICkzCCAfygAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJDQTQwHhcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBR
-MQswCQYDVQQGEwJVUzEaMBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNV
-BAMTHXBhdGhMZW5Db25zdHJhaW50NiBzdWJzdWJDQTQxMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDEkec8+m6bpWo+4WFbIZq5Ex3/ooPS1Ag0V67MSbWUopjA
-ZSFFn1jMVuyJwvVJcWhm60beqAFCWAgdUw39yw1AH1ZjF80S0i7gOs1ecJOgcJlH
-l12ROKtYyawcnvh97Riu5uNhddo7GNP8imgxuTm+KCMgA2Yje/3+s+kkJGrmmQID
-AQABo38wfTAfBgNVHSMEGDAWgBRINAhUpuxP2ZgUIezUY7Ejb+15PjAdBgNVHQ4E
-FgQUxsXdPdf7dENAydCq5aEK1oE0ihEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
-MA4wDAYKYIZIAWUDAgEwATASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB
-BQUAA4GBAHXkSFfYx3eChLIW3r9jR5s+WkJP7zC2MDwTim6sqK9EEdF8u7jpSM7A
-injU005gD9O+daXiOhdTWtO6tHG5lU4F0pz1/gf6NabgsIZcCY5ihmO0sg9yFw2x
-m9ZtI0lrFDJVVMb2TTzSg2BCk/4WrjCu8lyZKeHb3/MPXrhVI6QI
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41
------BEGIN CERTIFICATE-----
-MIICmDCCAgGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJDQTQxMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcy
-MFowVTELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSow
-KAYDVQQDEyFwYXRoTGVuQ29uc3RyYWludDYgc3Vic3Vic3ViQ0E0MVgwgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBALlp+FnExwi/Gj0ZI91kqo4pmnqqOhGFj1B7
-BwwpwPKi9bTS4V7SoF/789+rQvetsKPMvlFqlJxAJDAucVf9IcHun+JONgiIUcLB
-o1x/hhXffJx5AKaTGK3lCSkXqT2ivI8QJNTTjDgv3gvwGg97WVPlbOeZEPbwMzlx
-i4oq4uHXAgMBAAGjfDB6MB8GA1UdIwQYMBaAFMbF3T3X+3RDQMnQquWhCtaBNIoR
-MB0GA1UdDgQWBBQQleeKlnT5PPSbBqlJ88GaP85wHzAOBgNVHQ8BAf8EBAMCAQYw
-FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQEFBQADgYEAuzFHa2SgbDIRvfbqmMe+p2l0M4gJMEc3r2caaovmKgfuVyBl
-n0JdZN2rzlYFV4jZbJ0wa89PzLIDtmptUctcO0DO/P+ofx8uAATdFhL4yMmHkK9L
-XVBrdANbZSBZ+8WXKrnvsJArX0vtQax8znEaTUskMtDe6gjzZsb957dYCCU=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid pathLenConstraint EE Certificate Test14
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X
------BEGIN CERTIFICATE-----
-MIICqDCCAhGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25z
-dHJhaW50NiBzdWJzdWJzdWJDQTQxWDAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkx
-NDU3MjBaMGExCzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRl
-czE2MDQGA1UEAxMtVmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNh
-dGUgVGVzdDE0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTcyx/sZXkB7EZ
-X9U9aJCVucbvSK3QXJ38Ej+ZM7agOIkJnMypA0BzQ43FvxbDlx67ynhH3au4nFw9
-niBIPF0hg9LKJBYQDlFhdCPd441gpnEOtT5abklFPScEoi115OUSsoA94VZwjdmz
-rxb5Scji7OZYKtBZumvQ+YxbZGKi9QIDAQABo3wwejAfBgNVHSMEGDAWgBQQleeK
-lnT5PPSbBqlJ88GaP85wHzAdBgNVHQ4EFgQUSa5vCfYgmh0xBcsnTTGEttOhtX0w
-DgYDVR0PAQH/BAQDAgH2MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMB
-Af8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABdfALk3+cW2GpEztpvr/6wgOkaJ
-ev+/WwDgW5YTiVGbLZRr+5qrxz8Log4b4Y/OYyrwh+J/gmQFP34wHEm4ReZHcfyD
-4k6Ji2dWxqLaocQVROOZ9n+vqSFC63nNE/ZDNnsUErkEQJdX7f7HMDZoDI0wryrp
-3fLY+NJlyePm6r1M
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:9D:8F:B4:A4:B7:A2:AE:B9:76:B5:1E:CB:1F:64:16:A5:7A:0E:85:4A
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0d:f1:3d:54:c8:22:83:d4:1c:69:d2:12:e3:82:09:7e:b6:c0:
-        af:f4:41:9b:51:c5:04:d4:c5:ca:51:73:5c:c5:14:c5:d6:d0:
-        11:6c:40:ce:49:e7:80:49:a9:35:94:84:b5:bb:52:37:62:c3:
-        5e:0e:18:48:57:44:b1:cd:97:a2:44:ef:9f:75:44:16:9e:58:
-        ff:db:7f:18:8e:d5:07:fc:01:64:17:c3:00:79:4d:02:af:dd:
-        08:88:37:03:be:cc:80:7a:cb:fd:e7:5c:53:03:b1:f2:17:16:
-        1a:14:25:f4:ea:50:8c:14:ff:58:e9:2f:fe:e4:75:d9:67:78:
-        fa:7a
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-NiBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUnY+0pLeirrl2tR7LH2QWpXoOhUowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEADfE9VMgig9QcadIS44IJfrbAr/RBm1HFBNTFylFzXMUUxdbQEWxAzknn
-gEmpNZSEtbtSN2LDXg4YSFdEsc2XokTvn3VEFp5Y/9t/GI7VB/wBZBfDAHlNAq/d
-CIg3A77MgHrL/edcUwOx8hcWGhQl9OpQjBT/WOkv/uR12Wd4+no=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subCA4
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:48:34:08:54:A6:EC:4F:D9:98:14:21:EC:D4:63:B1:23:6F:ED:79:3E
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        7a:5e:e4:e2:af:00:5c:48:3a:c2:36:d1:97:10:66:06:b0:04:
-        8c:37:8b:96:01:b2:c1:bc:b5:3a:8f:b5:44:05:db:84:2a:85:
-        c1:7c:96:fd:b3:6c:1d:47:69:63:e6:a2:d5:6b:29:76:e2:72:
-        e1:4b:6a:d4:06:22:80:cb:58:0a:39:aa:47:45:a0:84:d0:9d:
-        d4:e5:00:13:71:ef:bb:3b:27:b0:e5:93:cf:b2:05:87:43:8d:
-        bc:a5:7a:50:8f:22:43:48:df:9a:e7:cc:8c:3e:54:fd:16:85:
-        3e:e9:a2:47:4f:f8:ae:94:85:32:4a:88:94:b7:c4:13:62:11:
-        6c:b8
------BEGIN X509 CRL-----
-MIIBRjCBsAIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJDQTQXDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFqgLzAtMB8GA1Ud
-IwQYMBaAFEg0CFSm7E/ZmBQh7NRjsSNv7Xk+MAoGA1UdFAQDAgEBMA0GCSqGSIb3
-DQEBBQUAA4GBAHpe5OKvAFxIOsI20ZcQZgawBIw3i5YBssG8tTqPtUQF24QqhcF8
-lv2zbB1HaWPmotVrKXbicuFLatQGIoDLWAo5qkdFoITQndTlABNx77s7J7Dlk8+y
-BYdDjbylelCPIkNI35rnzIw+VP0WhT7pokdP+K6UhTJKiJS3xBNiEWy4
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubCA41
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C6:C5:DD:3D:D7:FB:74:43:40:C9:D0:AA:E5:A1:0A:D6:81:34:8A:11
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        0e:71:9b:f6:ad:39:6e:d8:be:f8:b2:87:85:75:4b:35:16:3c:
-        e7:52:48:af:e3:b1:7b:6d:1f:2e:59:59:81:af:cc:88:37:3b:
-        78:f8:4d:7a:81:e6:6e:23:50:4c:80:f2:e9:d5:cf:79:ce:e8:
-        9e:f8:c4:82:2b:6f:4a:ab:29:bd:5b:34:57:5f:31:5d:3b:a6:
-        b5:da:8f:57:4b:07:e2:5f:e3:f1:b0:8f:25:92:f2:c6:57:26:
-        9a:4e:36:d9:c9:6b:37:f3:0f:7d:81:b6:2d:6c:f7:c7:76:d7:
-        3e:29:67:8b:2e:01:9a:f8:90:2c:53:da:a6:c7:6c:b6:56:09:
-        fb:df
------BEGIN X509 CRL-----
-MIIBSjCBtAIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxJjAkBgNVBAMTHXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJDQTQxFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAf
-BgNVHSMEGDAWgBTGxd091/t0Q0DJ0KrloQrWgTSKETAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQAOcZv2rTlu2L74soeFdUs1FjznUkiv47F7bR8uWVmBr8yI
-Nzt4+E16geZuI1BMgPLp1c95zuie+MSCK29Kqym9WzRXXzFdO6a12o9XSwfiX+Px
-sI8lkvLGVyaaTjbZyWs38w99gbYtbPfHdtc+KWeLLgGa+JAsU9qmx2y2Vgn73w==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint6 subsubsubCA41X
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:10:95:E7:8A:96:74:F9:3C:F4:9B:06:A9:49:F3:C1:9A:3F:CE:70:1F
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        06:af:3f:80:68:02:24:ee:c0:3f:33:5b:62:49:01:cf:ee:87:
-        f7:92:49:33:a2:b1:b0:6c:e7:23:7f:4a:8d:2a:1b:e9:31:fc:
-        04:49:76:f2:f6:92:d2:b3:32:70:50:71:9f:12:ab:03:6c:2d:
-        a7:0f:81:ef:fb:01:3e:3f:09:b8:df:e8:4e:28:c9:5d:fa:a3:
-        ef:64:db:b9:cb:8f:66:a2:b5:ba:17:f3:05:62:5c:8c:5b:75:
-        f6:7e:54:aa:30:59:0d:50:c1:23:90:c9:91:06:49:1e:bf:23:
-        de:88:c6:7a:39:0e:6e:11:cc:44:44:40:2e:08:82:65:e8:74:
-        9d:60
------BEGIN X509 CRL-----
-MIIBTjCBuAIBATANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxKjAoBgNVBAMTIXBhdGhMZW5Db25zdHJhaW50
-NiBzdWJzdWJzdWJDQTQxWBcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAv
-MC0wHwYDVR0jBBgwFoAUEJXnipZ0+Tz0mwapSfPBmj/OcB8wCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADgYEABq8/gGgCJO7APzNbYkkBz+6H95JJM6KxsGznI39K
-jSob6TH8BEl28vaS0rMycFBxnxKrA2wtpw+B7/sBPj8JuN/oTijJXfqj72TbucuP
-ZqK1uhfzBWJcjFt19n5UqjBZDVDBI5DJkQZJHr8j3ojGejkObhHMRERALgiCZeh0
-nWA=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14EE.pem
new file mode 100644
index 0000000000..7271932e27
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest14EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 04 A0 3D CB C0 33 CA B4 2C C2 0F CC CD 23 1F 52 D0 88 A6 34 
+    friendlyName: Valid pathLenConstraint Test14 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid pathLenConstraint EE Certificate Test14
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubsubCA41X
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEqMCgGA1UEAxMhcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YnN1YkNBNDFYMB4XDTEwMDEwMTA4MzAwMFoXDTMw
+MTIzMTA4MzAwMFowZjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlm
+aWNhdGVzIDIwMTExNjA0BgNVBAMTLVZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVF
+IENlcnRpZmljYXRlIFRlc3QxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALwvb5kYb8ZGePgV8mVn9WJWyg0Wbw6tmwPBtLDhu1M+yVu5u+mZ30leAT07
+idW26yPnA75uFMjgKbbzoccKeI9e68lm5fwUFbflcVywdvcXIRszUoqwZvZJnnqp
+FO+wjw1YDVmfbqHJ68eKUUwebgNNnMz7LS1Qf6I811JYPJLGq8dLRruoN46Uxfnr
+dtWwu09ovP1N6lkvtPRE8DZFweTE4CYr6OAzcX9EnjDxCy/E0BVhXSbUCYq1zQht
+nfHihV/+K3JLyCiOU6UmYxI9sP/A8H0L1ymMKBnV5a7dj1wKWPsonUYwEMLZqUXw
+/p2VSrJyseyovwtD5sDXlor2xT8CAwEAAaN8MHowHwYDVR0jBBgwFoAUoe2i8zVU
+pZ+8Y+ZHalMkbEoMciwwHQYDVR0OBBYEFBIalgWSiLc2La4mJ6CGCUvwDtB8MBcG
+A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIB9jANBgkqhkiG9w0BAQsFAAOCAQEAVhkHa+bENPN+3xIaFGBp9icw3gtg
+wx34h2kqls0SzTxl48bBGFoDR9YGzUH0Z/ZEfrnMPKF7Q/RMU0AnUftz3aAifsms
+P6mI7pYpDnSby4nk7nlaEohfL8qozpbr8ZGX3pPmR+7/6YmdP/hcLZusaWznnxuk
+pGpMGnVdZNaoNgzlkGzUP2+02IaDYVJ+Fb1GxuyofrZZU37b8FXgm0aaEPMJzGHD
+QCpc62yTxVU/NoWHPtx0zJnDzaeooVTlJxM+bIyjksW2fdaFfpoxGkJVkSNBxiXY
+Kntn/0GBOWHqKM349yIt+KU2fkJuG19jmKdP1tgDAPTtTlpTDaqNoXqfQg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 04 A0 3D CB C0 33 CA B4 2C C2 0F CC CD 23 1F 52 D0 88 A6 34 
+    friendlyName: Valid pathLenConstraint Test14 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,606028537BDECB08
+
+PiwJB9Kp7heayAFM3DNRNa7HEyB2ZzhqLkb220AWZzf74xcebBuIeDpFvd7DM/Ch
+gq7P8pnfmlfxslJj1bG9kPz2ruZ/p0ltCYIShztmVBZ4v6v6ADZy0nmaT1vdjOar
+ElxeJ3YPn+I2oFDTWNmrDHJcwR053a86XwxFYHQWXWDEfGaianVMvm6n7YOs+BmG
+oSr2qS28ddeWnmtsifbCI1jZNjcUDr4w+6cMq/SFsOXh/m063dB23JoekdSVwDt6
+k0MdmU/5ir414ek2ZWRmP2ILe/vbCReyukabxyMweUbrROQJEHF5QDQunhJ3mbQT
+XSo0IDt8nRQJP8Fq8za2xUIXo+VZZlykSvsJOeuNLgtyY/5MYBsSgIsO0IG3TxMo
+E+8bRHGy0XJhvvIJaezSiN/F+xp3ugm9133vvM51WfY6+yHw5g91JzaiIbYHx/hP
+u1TE7MlfsbXYvB2duN3Jqx0Jja306XQv2ZX8TRWvcazreYcqfQsUuTaVQt6I9enb
+6R6weCdSdpSnNdwpemZN0y7+xT48zgpm928gsoU5ioNoxdAwzV6xiecTWtZM4dAe
+u3520Mk7hdzhTx601y2GRfMH4jAU04ENhk0u1/485u7D3oT9T/QGpncSIeKJKqG0
+iQziHiaSifEHcbopsrcBUhh5bGjtvXtdjZbPYpFqNLc49sAGsWEGDK7CikYgr6dQ
+EhFkZjIFcEpqdKLC+hBzVl3xczlQ1E/Dnjst8EIvBkX0d9Du66PYp1F85LYwP3XI
+QBqJqn0TpcWVQIHeJtbbSY5yuWgYLbVHW2DL+OyA2Rxx8jlnbtDZc1RDi0BN8LGO
+E8xTI9wwFkPp3Z6fr/gFCatAdjVEj2YNM1WyLfDQO8sKHbdGpZnwqPRYNn8uvlJ0
+lNOJW3n4FkFfMP+GJBRtF4Foy0htW/88oxG5MVl10a/6JgZa/cAwQl72wpWhJY/o
+VRCoPyPiAEK/psTmcSwxpRLUE0XRNlWsSOm2KoGvnVvUiHYJZSezN9Cs/wuyPxhr
+XJeBsqwntDIpV0dhplLoAsGDpr/F4qfYp3ba4vXxFbL+WIiMWSMVeuv6pbHs0Y30
+M8288+VnuWLLRmjuEe4jVuw+RUu76CtePvXXYUd1YGLRqx0ckMIptpu9wUvLtZbr
+7THSoKuA8ImLcbA7z6zjztuPbpaj9p89NAVU0H8CV0u1coZ0pncadTNQD5tgKmeV
+TgeDKuGyyP+tz4ML73chkdCwabJMVlFxf3n6XI3ZlKtd1apJGMllcJo6SprdSgnv
+5NnPsCoaRa8No1IZVxVGfdHxOSXydogCrRVx/D3PYWrodEXdnnU+AC2Rqk80veVS
+zEkuXPISsFP445tU0SSDnligmMwEmIGeokyYZuxSsbfdbE3e2tOv5WPtRtg2DqSl
+PVn3UwBbC9otf3jO2zQCZCrp49n8c0ZJzxFmLZ1ytZa3GEKS1RlB8mdLpy4adlB5
+uHzYy9cwfwSV6R/fS0I4M9BwhimezGLEvWSIQXrXP77pvjeHC1b2RlCKm/dj+1pL
+Dx+T8CcmVM8ox4iSBCpbzTCNw6mrUysDdIJPIWLhnvtBox9Gh1PDeg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7.pem
deleted file mode 100644
index d2ac20b505..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk
-MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w
-LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1
-RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah
-b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt
-BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr
-NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE
-6cbcSe7zaz5qdojy0B72dLHC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid pathLenConstraint EE Certificate Test7
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIICijCCAfOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs
-VmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDcwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDow4Z8Uorsifrji6RyscEE5DKo3WRY
-S01OJEDMgd8P75udI5umL9+vwJBIoObEUAx5I5UMDxkto9pDvHrRH72cNywar2n2
-4oat6X0JzKOaEzlx0N5E8Tp7LRkF7dcVCIZUGN0qVAJvfMtVQpcbRbLhK96jqOV1
-5uh5OetDHHufAgMBAAGjazBpMB8GA1UdIwQYMBaAFCEMtQF2dtOzKqwm/KqmT/LW
-oW9LMB0GA1UdDgQWBBRscpI4Rhz3vkPw7mtg+y+hic1p2DAOBgNVHQ8BAf8EBAMC
-BPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBBQUAA4GBACeo
-UDJXue1qGUe8Qxos7w6eQsbzHSXsmNI+t2Hyq+CARypTIgbueoWHfe1HyPsbOrEr
-3U2waZZ8AQzwklkyFUiL4D5Jo/+0coA9hPwmyhF6J/Wa5nOmLex1ZGg3c7J+MVAL
-1qx70Ft4WEm/EWBWCqse0wlEZXsvg5WocxF/xXKC
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba:
-        cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3:
-        d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f:
-        53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec:
-        b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80:
-        3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91:
-        55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da:
-        cd:a2
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6
-rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA
-Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7EE.pem
new file mode 100644
index 0000000000..1a2c275658
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest7EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 35 20 C7 01 33 EA 16 11 B0 87 DE 1A 48 93 90 F1 6C 92 0D E6 
+    friendlyName: Valid pathLenConstraint Test7 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid pathLenConstraint EE Certificate Test7
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NTAzBgNVBAMTLFZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVFIENlcnRpZmljYXRl
+IFRlc3Q3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Fz+73nLTNQk
+5wB39QOcOINSEMhrucw1kGkaAWyS8zQp4+EuqHs7Atb0XqZdnKldzOa4UYYbHIdv
+72IZdyL2VVo3SKrPHZNm8CTcOvYUfLDJkieF8Jq3zlubKGfAxoVg6Nxs6XUs1TXC
+zWZddqgaNi4s+NApxUFCEenTlv+LcoA4sEj4G3E1ElrqiP/iTGsMCfslVhWwXhGl
+PN7BHLICNYVW9HyKdNnDKb2kbTg3sGs0lD7BvjVBq+sXXBsjRBgNq7YlpLaVu5JE
+vnuTSUFRIUZsY/gKQr+xdS3oQegHLuej606PNbpXdngBHTQV7MYuOqf5uUGLa9/m
+VdDJsXw4nwIDAQABo2swaTAfBgNVHSMEGDAWgBSbK7JKPJDFblABySK9Y84J8Yw9
++jAdBgNVHQ4EFgQUeVtfJzYHp65HDuqh3SrnkjIrRTUwDgYDVR0PAQH/BAQDAgTw
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQsFAAOCAQEAbrtr
+dAQUuu4yakUr42oGarOU8nJ2rEwFUelHSVXUmMN+rswPb4OrmBojrunFZs++xAkn
+L5VVoGDgyuefaquBFvXYB911Dz+1O+7McLXgRCj22fJHgEDMnUFKah3I5bFuZHnP
+RX+n12Up/9oxAHsafaTIQNhylkNbTO1N9dvnB9lqFGqNoyww45G5aFOVE55IeBhi
+KZJ8U13zQ6lcxpbUcW/SSGrfDrQfJeJmWHf1nBSeQZgSKWMBlfbWTeuyscqSBBSN
+3eZSFmyW/Ks0zj3qHGRtYi0/nFc1XpUWuzReS8DXKc6+YaAshT2jhzZctY5Ctmrv
+sCRlwOfchMmn1w7FyQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 35 20 C7 01 33 EA 16 11 B0 87 DE 1A 48 93 90 F1 6C 92 0D E6 
+    friendlyName: Valid pathLenConstraint Test7 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,774AD27661212217
+
+H5pQ9/Z+mDBytoFA+PeB+lBy0p5bGjQhRvzT8LOME8QpFrMm01XF8u6wHy+KNQpv
+HB9F9ggWTnNayrIj2y4ei0/hRf/Q2lqbLn7D6D9JJZToQE/j2E7F1c7MZHgR9kJv
+1Aefeohu09PYYacXVAb22ksmV4TJy24+5pHtFWSZlv+W0g2MG85dCiuYqquq3dFJ
+pOiXESa/C9JjkYN/UCmeWrNdCsXBPWFrvi1XWSyluAE+TAVxvRBMEqUbEt31aWQt
+UWyyE6Onk8tciIm+Uzrb7zg75NTo/S7SfBlHm0gE6/TroPo+igiex4S7vXe1ig0n
+0w6vO0tXZCGIfd5yglkSNeYZD9VUhpLvZuIrIunlvOi1bJECnmqa/JPlVJbFht7i
+0nIAZEMDyngToFiOo3gdMgvZC4/B4J+IIsZ7k6OlrXhl27p6pdQ4oXkK0ivvx6E+
+kW7iATMALxcygaZJkAOjv4c3vvrz5YGyAXnDIwbeY+KyxOHVZGHvIlgRt+hoahxn
+MlzdCLAXB6Nw2Z91pF6jaw0D4EbU8NSRrORvhyItKzLdZ60CkHSyNw/MFhvTvdEZ
+cGCky3pdEdZhkZHxPFIUQkR2GsiuIy3kFJHxQAO/Z/npXUYZ6u1eD3Fat3hiqFS4
+AlrNmI0/8BKkaW1s+EFt+cucQMntL0xsTsZLaGl+TUFKbSGbJJmFkt6kRbQWKv77
+97jBlChSscWwr2UNIt5guLrT337/4/afq4Fh2LvL7pvn16Q5mRz21ajawd1wzvb+
+Zu7PtH08ZgRw/RtKGVK4hIOPXyRRegWPWIJoPfwGDUY4ApuThe7JY6yNhvn/JNVe
+w+wh49nfKgJ284DmbpLqXMn53z2dhg+tLiEwkufCcItqsy0Z10r+y3IuOnHnQawq
+yaW6rF6ZALVsZVshjzRx4b3mWs3gWcbNtn/IkR6ne0vDnXbfklpmsdNvoLy7hlgs
+f+hDQ+5gAk7FwWlH86UFAQF0KPYLRnNsaTNDCkAu7fod5PpifKS3q496kgb/L07V
+8/ZWhrKOz0DCSxo4pcuOLho4Ji8DFjOvrAB/k66caNPA9C/axnPgMU9GpIlve7G1
+68+nbbmlJn08D1qq5nzIOEnfwvB4hB6hAEochf24Hpw5Fcs1b89HnX8zf21++V0M
+yNRE7sE6VTHTaOnmDUmzuN8NtmMM79fHd5lkLkW6MAo78fj/lagnu233DZydDYGS
+KoGZXxsfZNHcDeLYiYJdQ+aV1H+vFq3nMQ2t6oAbmRYljNQd8PpNbcR2AQpeYbzp
+37D74ffjVbHlWQSI3JvxNUR2PXisT9aNG7rPooUUZMENhBf8VVDQniblEE2nW7ZU
+OYF5vAsFXhWNA9YSmcOK86V+pFwj+bcqaBnlCzNZBS4tVbN1KhCQj5y6jthkSMMP
+Aje1i/Ww61wvebKmB/XqxcvR7OfLUohYxMgIuE1goXiOltGbpJWv6YorrqWDN+mG
+PgfdGj+Kj43o2ktFNY4BTtW7KbiupromJ+7b3F/rTgo63TXMCOSoQLZv/Q53AWlF
+RSDNvA0nMB9kMv80yb8vhQevQJCdtWfLv8kFPM88AX7sQ0zspHqHD6u8y8vmCO6W
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8.pem
deleted file mode 100644
index 4dc31c0a1d..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8.pem
+++ /dev/null
@@ -1,108 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICfjCCAeegAwIBAgIBGjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEkxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEeMBwGA1UEAxMVcGF0aExlbkNv
-bnN0cmFpbnQwIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCXXXPbNnk
-MU3wxjjwCdA/Pj+lwkDk8WSxKGdOrcPMnFnrCdUnSqEES3K6/T7JRQyv6Y13Rt6w
-LAhrQI94UBcsAAQND4SOPyJUE3PonzcolJQ+EzkSB9qq6cxJokxTvxVTx2VN7bN1
-RJ7FrWovHu/vmKnwsOy3zv41U6KBfuf04QIDAQABo38wfTAfBgNVHSMEGDAWgBT7
-bNQtgZ7KJ3qeDbA86pq8h/9J6jAdBgNVHQ4EFgQUIQy1AXZ207MqrCb8qqZP8tah
-b0swDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATASBgNV
-HRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJUd83zrSjxfaGwFdTCt
-BSI1mTeztSKFxIzrWeTxD3C0JHAxt1oM1AN8DQ/Ej8ja3rxhzsFQaWzdi3ixvnGr
-NbjLZH7EPWBPSSC2rTAcvLzVs2AuPsBkv7IKxg7HTJZtLbXDOIatWT+24OuKwTzE
-6cbcSe7zaz5qdojy0B72dLHC
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid pathLenConstraint EE Certificate Test8
-issuer=/C=US/O=Test Certificates/CN=pathLenConstraint0 CA
------BEGIN CERTIFICATE-----
-MIICmzCCAgSgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25z
-dHJhaW50MCBDQTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMGAxCzAJ
-BgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczE1MDMGA1UEAxMs
-VmFsaWQgcGF0aExlbkNvbnN0cmFpbnQgRUUgQ2VydGlmaWNhdGUgVGVzdDgwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ+d2dQ2by4x3S9c+qiAbIuZy8fID08F
-m7aovaa12yHhqJ3IzwCS1+98Gu23ZZS65gN/dW1buemmT4JpkyJ5eUPiw5HuxN2n
-2pvbRTUJWmEKu1CL4ZdhDaWZJrzu1Nh33imr4KOz+JmYCK+GoYPtgBbWVfCA92B7
-DSHq36MTczl/AgMBAAGjfDB6MB8GA1UdIwQYMBaAFCEMtQF2dtOzKqwm/KqmT/LW
-oW9LMB0GA1UdDgQWBBQOVClwok24sW5DcWf/ad9B25zw3TAOBgNVHQ8BAf8EBAMC
-AfYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQEFBQADgYEAIy48NtD42z00ZliJ+YZXUEU/rjppUQ19EdKy5ECwUPNl
-/2VPgN43d5eaOB3e4YxFHG8E0PHYy8dNTZo8dlIRRUZzSswCzuJuDYpVi16vVkeO
-N6+gI9xXcd4AMBcbjpyCDuJsSlV5xyIVfgocdocT6kasvJThBiOYDfH7QOWuSfw=
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=pathLenConstraint0 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:21:0C:B5:01:76:76:D3:B3:2A:AC:26:FC:AA:A6:4F:F2:D6:A1:6F:4B
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        56:7b:a5:e5:64:8b:31:64:fa:9f:8f:a3:25:ab:8b:c9:c2:ba:
-        cb:b9:e3:5f:3d:e9:b9:f4:f4:f4:d8:00:4c:cc:9e:5a:36:b3:
-        d3:53:12:aa:d5:ba:ad:94:a5:21:16:c4:9c:ac:3d:3c:e3:2f:
-        53:69:97:6c:2e:e5:82:98:31:e8:47:f9:8d:dc:ab:e2:8d:ec:
-        b9:3f:b2:61:20:ad:22:24:f6:ff:90:4a:14:92:38:0e:9b:80:
-        3f:1e:11:f2:d8:7b:fd:d4:0c:90:06:82:2c:48:f8:9e:7e:91:
-        55:0c:21:e8:dd:95:ac:90:c7:d7:02:af:84:f4:23:08:bb:da:
-        cd:a2
------BEGIN X509 CRL-----
-MIIBQjCBrAIBATANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50
-MCBDQRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0jBBgw
-FoAUIQy1AXZ207MqrCb8qqZP8tahb0swCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEF
-BQADgYEAVnul5WSLMWT6n4+jJauLycK6y7njXz3pufT09NgATMyeWjaz01MSqtW6
-rZSlIRbEnKw9POMvU2mXbC7lgpgx6Ef5jdyr4o3suT+yYSCtIiT2/5BKFJI4DpuA
-Px4R8th7/dQMkAaCLEj4nn6RVQwh6N2VrJDH1wKvhPQjCLvazaI=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8EE.pem
new file mode 100644
index 0000000000..def574ea90
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidpathLenConstraintTest8EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 9D B5 8D C4 AB C7 8A 47 ED 0B 8E 26 75 6B 5B 87 3E 5A C1 38 
+    friendlyName: Valid pathLenConstraint Test8 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid pathLenConstraint EE Certificate Test8
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+ZTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+NTAzBgNVBAMTLFZhbGlkIHBhdGhMZW5Db25zdHJhaW50IEVFIENlcnRpZmljYXRl
+IFRlc3Q4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveE/VqvYMxSY
+iJYipDWVtsy+LSoYmzW01w7agtChJFU8nyyGfXETdXJXUhqOSQ3KHMNvheRWUChQ
+LUApGvj+ZDYL+ABokDzyYxMpFmPs4GtaTWrVpSKNo+3e/hgYdm6/YpV4cr3whrrS
+XAXSKoohKwcnJaXZEWFp8bCsyfo6Llp68moO4pXxey396KyGyiTHdU2AnHjx8Uvw
+EsHFM2JRG4cQPGiDyEkteKtmliJcMI/q+o79TwXCEYzXNppTAiQ6imIDSySH3iZf
+RtRMLrTtF3SbEl5tfTAji9nQd3H2kHbxbnT+4r85UGhRdkeJgvfbTcbNhbpGjnA9
+WUbG+CWdPwIDAQABo3wwejAfBgNVHSMEGDAWgBSbK7JKPJDFblABySK9Y84J8Yw9
++jAdBgNVHQ4EFgQU+6vUASuM8lSGUTbsCFGmxWglc0wwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgH2MA0GCSqG
+SIb3DQEBCwUAA4IBAQDDBgsAr0bbdHP9DpawET8C9+cNstGtLgnhqosVaNxheg4m
+8xLOfbXJG9Y6l7Kuphw8TTCOgV4bto8eQM8tyZSr6lLZ7C3ER6Jwjw8GlrNNliFP
+yPyyIGPTT/NG888eO9ALyGkCFNych1QKrIgCaTTkjCnDZ4AfUmOLBB5DPA/Ryhu7
+VLxbwE/zIKLrRb+qRozC6mgZM/om459sQcvgQUQpjCrjZYD33ZLoGVhcs8Rb0TU9
+/BA/pbqF9/0qsW5iwCq7tEm6Kz7vtVkJnLqOt7zlh14HY9QP4ddfQFbZxg0okyns
+VADqsOn9RFxkZZdFSXKvYVRnndOtJplE/WBSg46l
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9D B5 8D C4 AB C7 8A 47 ED 0B 8E 26 75 6B 5B 87 3E 5A C1 38 
+    friendlyName: Valid pathLenConstraint Test8 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DED4F5AFDB5C4F37
+
+hyQrmK1RuvLrLmXo6ZpzrGzbkHKLFmXnpt6NBBdQ/Sc38erd7XPw81AeUdnHMkPB
+ZcvtdKDLEaI1ppBTcbE9lA41PaT2eKS8wZ3V0KA1KkeJ209nxM/YGNoqSxxSuAMU
+rucC6iFp63VvMlGIGNBV+U+oBPpwB/0uz4yJ5pRhbG4JC70k4crOcGscUoVjBU6X
+v+iowvyV8LqkqOdVBpBgII/Z1QKXyukA0z4sq8sJOKbPlMzOKfLSs1IMGd1FHaxH
+FM+V0zV3IU+KBpspDgJH7wNAdIy4OLu8eGaAGlWYwvzZskzWvmY1EP6p3yZawv4b
+k56ctK2daF1p3NuVAyltAOGccDTjJv6L84O/szpgU0AlddwirDP0FsIKScSeZ2jo
+0sqcCgd245YchiAaDxb99W5XTB3ekld4Nz8q3iA6Wab0piyuyVg5+sn3E4JdVj0J
+/i/8WRIuXeuxx5m8oc4mFT5bnOkzVqCG0hL444R3gmrJbgkpk5O9YTtbPztdugPG
+wDBKaysIRa7gHLdhqO7Gg5u4w22Mn/DGDfPgmJUVIT/ibCWBK87IMv3MkORKVOjs
+0p33cv5pjQGw1ZIYjSZv2FegUqtApfglZXzjrSZ4hpPpaadb4xS0I67C3zhki2m3
+R8xQWgYlTGnLtQWOE7ZDZ5XwBd+VATpYDewNqaRTc3CMRb3NsE8biBaG/CXv3mBy
+HYmXOeR3zUeIxIK59VcPwKk9igZpda2Vev9+NX6w6EDTXWnqRsrEUWUtDb3U2oCW
+W4j5aqJMeB/fhNZmVHArtT14lRN18GwzyZT0gtNzGqPACiwMBwb0NGwONCvJkmdI
+SZXevRKYJT5ZEB0k1sq+Z/mr2wsZF0tUyqgSd6qJP9jhWqPsJdPQAUkgwPnn5QlN
+4dGc5WL/qsuUKpzogBrzb0eij5i9Sgv2APMah4+t7lDKEDphY2KTmBeHAvpvWtoa
+HkUoeWjoGKZ39ajPkiKZnYoV92KjZt0c6uNU+mvecBaM+vWqdzbr4vRoTJNEvrOH
+Y3HJejQ/0JWVMa7t39iuI97oLp2V+y7mvMIYYs+brarpHwSwxBjdzO1R5Hv7R6PJ
+VOR+g7hn+RaiLXcfmRqJ8A4M5sq5NAEHCf3Ceoir9SWIlMH61oh/vJynVqsLc4zV
+l1oZNrDdVp8+12yJluOCXXCDru59ItB1cPVLxPr2EB0oQbdzdmxiM0+B3TpnJIDk
+bLh1TETbKqAt7oVbbZK/Fn+FaATYsGyIbflCGFZ73Oi978eU2XsjrQ+GeH+nBTT1
+hOh475CVmQtdBGnHIggEgRGTUQnRuXLRJk5G3F1a7OgCdUT5+e8gsWbICDHKlDP7
+RAJvo5YA4nBP3ajxZeb/XZWgGyMC6WnspuzWqro9HZJ7YeIGsiitpa3xYNdMO8L2
++oMqcV02jsIthO8yviN8gdBhMRAXBlNEdx9kp5uN2hV5NlWHJG8WdT65lQMWl31q
+c969D7oFXo2I90zJix9UfpAxSZDeGzRy4FkNf+W7MSqY/MnOTUmvFyZCXhlk0QTX
+Kc9AEHwGAfwqgh8vz0rAfNm+Hy5lfkWHCqHs66G6EoeUYYSzt13B/A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3.pem
deleted file mode 100644
index 3f2ffa9bf5..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Valid pre2000 UTC notBefore Date EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIIChTCCAe6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-NTAwMTAxMTIwMTAwWhcNMTEwNDE5MTQ1NzIwWjBpMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxPjA8BgNVBAMTNVZhbGlkIHByZTIwMDAg
-VVRDIG5vdEJlZm9yZSBEYXRlIEVFIENlcnRpZmljYXRlIFRlc3QzMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQC1uwQ7EgYKGk7IBOZd3vdARgrWUKCEqjpfYUEG
-ZGlsC48omvxCrzR+eJj1q8TeHAsH3dAcpkbNNWCWRHblq9LbqkhpBaMquzvg541B
-TNerg9dj4vjwV0/QYdbvyLVcKBv9iLE0MCJeSLcaseO2vYmNXObSXMTf74BXNR4D
-k7uI9wIDAQABo2swaTAfBgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAd
-BgNVHQ4EFgQU9EsyhAynLAz6iwskm+iASoGKdMowDgYDVR0PAQH/BAQDAgTwMBcG
-A1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkqhkiG9w0BAQUFAAOBgQCTLQM+0YBT
-3vure42KCvGYSQpheOtLtv1bLa9TT4kbo18aNRVQwTOnZLtKqKa6etoxJ70rhfO5
-x2uCELzyIkUrAbjyqMYg/0nckc4HTEys4xmbHjiyWPie/lS757sA1trwNRntBn9J
-pdkDmwEqALaRBRH6YH3ybrNMZh5h2CVqFw==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3EE.pem
new file mode 100644
index 0000000000..6e9f5c98f7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/Validpre2000UTCnotBeforeDateTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: B7 DD F1 4D EF 58 4D BE 7E 18 5D 84 77 1A 83 8D 78 3C E6 26 
+    friendlyName: Valid pre2000 UTC notBefore Date Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid pre2000 UTC notBefore Date EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=Good CA
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAnygAwIBAgIBBDANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEQMA4GA1UEAxMHR29vZCBD
+QTAeFw01MDAxMDExMjAxMDBaFw0zMDEyMzEwODMwMDBaMG4xCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMT4wPAYDVQQDEzVWYWxp
+ZCBwcmUyMDAwIFVUQyBub3RCZWZvcmUgRGF0ZSBFRSBDZXJ0aWZpY2F0ZSBUZXN0
+MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALOY1i2dfQm7MR3F7FEB
+eUvqhyz0RVOJ5W9ffzQpg8puuROsdevN68qfhN/GTIHMLmeQeEv56Zsl1hRIKMqB
+hDpOvSNoaAeZUGJpAaMBzEdEE0KyVlh70u2IaKk3JYDzsWhmbN4ESXFGpmDccsfZ
+8kFZo+XTapSeFEc5ETbyVIV7HHPE54zPX9Ce67kJI0e41R5hsXUKFBA7ORycbcFh
+8c8sN3mDYhFFX8m7a2qTN6oHQ6I1fReKKOCfYDs671bbiyFCQWNl+7Ok19qUVOgQ
+L/g2HyA1YNvueh8ivNNRRwfv6RTPwhuOWF5FyOXRCTzDaS309Lb3TN9d3a3kAoEf
+HdMCAwEAAaNrMGkwHwYDVR0jBBgwFoAUWAGEJBu8K1KUSj2lEHIUUfWvOskwHQYD
+VR0OBBYEFEBvkKgDjazQ6vxQ2V37VnUlYMSbMA4GA1UdDwEB/wQEAwIE8DAXBgNV
+HSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQELBQADggEBABDntMraC1zS
+kjUQmdbhI+l1j8Is7ApNjb03/Hgq8pjDxP2VNPEy9XgXYDOHaAmt7p7jDYMwBxzV
+7TSnFIvR3kYjb5k7YhCMIQXkJJgM2QvZ8m0B5c9YJI6qktAp2sxPfzLuBg7fm4Oe
+BqQ6f2NlmLorDqhXG3QSJmXWRXMxti4rWz4mJfuWuzPdZERE9bJ118ijfksQjGfu
+pjoWizxTCt8kRMP9+RSD8Hzipuxfc2JPn16fNrXMkyBtek82L7tNo1raLueyPcEg
+Z5RpwEX/C4nlsQV3JS2viDxhcdtgcmn/A/ho7Ta4QazDqWjQywXExpEpgrp7ExFn
+hiss7AFKddQ=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B7 DD F1 4D EF 58 4D BE 7E 18 5D 84 77 1A 83 8D 78 3C E6 26 
+    friendlyName: Valid pre2000 UTC notBefore Date Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F9DDFF4CF96218FB
+
+sVadNk/UvBQDZbxN2NFbq9WxOo9kYW2VX4+k84wYn46Nrt7as5qaRylbQT+Bm6SY
+q0iqyirdbIHjwlAn7AxHY5fJ1aofnZntGDWZBgMWiZTIjeQ1syx1UhPu48R9kLrL
+i1fqiwMD7h+qa45uG5Z5orx2+m+fBjwIP7kAQ5z/KMqq/1e64C2yrnYIohoww9xF
+BFBPS1t+0diJ5ZqVD5p9wKMAyPI2X6fxa1J4Ra2sF7v6MVyfRWAobwOxNuyjLj+s
+miewEizU15fQRCaavhBTh1fAmo5LZjkoW+LPyOyCNp2GGLG+NmK4CVNKoiQ9NFSh
+oPKOKeDvbo6U9rLTFdSEK/NkHT0J5g62BkVLyu3JfozAViJS4vGA4hzCOtRdkvB2
+ZQpEkQTWlC8fAA3z7CeHjLi+Tedu7dzyGAU+E3WBrRC38pFkTKHATer9nuXwggxl
+myZXt6U2YoOEeH34Di0+TOaBezIyBaHDe16hg71A8zv8cqohkrHK0RUyUgz5vDqZ
+YBBKJWXNWfIPLEHwwgwjrT86VQgdywgcl4/CyxhpLntj5D04/Igwr3ITGU3mANrm
+wxU9Zo+/DaqjgcSsE2lggewkYL2/44LNpK3IT3GXpOIyljY2mIVEzFKLYFqmtXEJ
+UzKvxFptkuewmICKyguKkPbZZI85ZMpli8i/jekktjR+mHwZeuJ9XYzQ5UZF/zwD
+yMUKdUs4UVDmeLOIywmSZCK7hWnBVv2+uz9xSi8o7M//tht303QXKoIbNjDgarpv
+xp33Vnw1+cDE4mWQs6plfNtZjrSKqWGq5WqnbNgqkaVtEK+FHcxySYE2MhCyBEQL
+Hyewk31/awnzaxGWIsJnGB88S/n/K0MGsqsOJx6bokXRAVGAI0cqGOQR3Ka/ejhm
+DL0lsD2XTbGX4Yb/BU2bXdRail/CHl5+bHNdWLiiZdKWqZSgtsYk9O+sjcsAHky2
+VOuHY7qfra4koiGZraMkSJ842O+ci9Ng1kUhfFhfrnqdTgFWlss/vgNoZ2lcKAUz
+8uJO2+yQbVEENv88HcCihF8DgSv8s04MYmlzHWOQ0WKiniPd9BwjNeNiQfFaEUyv
+oWWEP84f7jh6yldRCT2UocSEpwvL+A0vnWmG0pJOWjQj+CPYym06KBSyjgI9ECez
+lYPl0oZ2yI8g9+gd9aS2yKJl6kR+Ms3sYCufXQmgJU4NV5lENA4Q6IL5Tx5KuHwm
+T2mUkLMC4qI24WqIrjzzcno/Y6jGF2PZg5W5l6bR0ZpyTzpTVntJrL02+5wCQo5V
+4pVnu3Z4ObshGRAkvVMyBBTLYo6tyFs0PwC7MiP/Y0FB4uBRxDKmTWMMhilKiH1l
+IGood9SKQnqDGf5ZmzIKzvpa9cqNXu2JzPpThjikbJFQwccakHEfV19gxwvK1Df4
+jdzRLhMd5/EUpo9Wn0iW5SMIM3PYx9fb+CSfBgM4e8S1xE7Q3tfzw6MkNFIYRTGy
+nvTcqRdsLmpmbEAq2V2foqwmAcKeMZErF9YL24LTJoXeyjkU0GtOdOA5jZQYyffw
+ZkMvxcl0LJaoensvn3IgNDaf8cqYYyBU2ABnFY43iXMtveEaazsycg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest1EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest1EE.pem
new file mode 100644
index 0000000000..f7981cae35
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest1EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 8F 26 DA BF 2E 12 89 D5 EC 6B BD EE 9F 35 1F 66 78 EA DD 3E 
+    friendlyName: Valid requireExplicitPolicy Test1 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid requireExplicitPolicy EE Certificate Test1
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 subsubsubCA
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEsMCoGA1UEAxMjcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MTAgc3Vic3Vic3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcN
+MzAxMjMxMDgzMDAwWjBpMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0
+aWZpY2F0ZXMgMjAxMTE5MDcGA1UEAxMwVmFsaWQgcmVxdWlyZUV4cGxpY2l0UG9s
+aWN5IEVFIENlcnRpZmljYXRlIFRlc3QxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAsIqrLD1lrY+10wadJZYPQPQ2cChNLXuM+Aa4S1hCl3t3UlSsh5DF
+8w5S0pJXjCYhsbzJu9jWxg6twBoHfan8aSE8/syGc0jyA3ySWxNszCvYzL00PGkb
++r76G/q7F9M9owZYrfu9tgjJWM2RG/9YvDH5ymvz2fcTgeP2mLr8fdqkZ2FyGLvT
+GQFz2yu6P0+ZJ0PrL/jp6KPXAqMbAQUE8buAPVDliHyPN2gVQW74ox0IRLNnJZY6
+o4YamrGp+RmadFyJoPGeTXrHHBo7VBl78m6bEeadNBBP8J6l3hYpEvREuu6/cbLA
+hqKfCDwdhDzA/QzEhRNAGqiGBlRcvoM4oQIDAQABo1IwUDAfBgNVHSMEGDAWgBSW
+jHH8Fag7ztnE+MPQX2lxfOgASzAdBgNVHQ4EFgQUjAmT8zwTrGYzjB1+ZnT6CY6n
+OF0wDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBCwUAA4IBAQBHABhR2hGz0n3X
+3P5bDWSNmMpf4R9/4Rn38thteSd+mOukGv0Mw/cXccH1squBXYbBDqlHPobbhRWn
+cfxVicf16NvVWj0vxEAfhDXpZ5Tfw+ufUCRs+ECjpZA1Gocc/uxz503iTzFFXSFM
+CE7a7Qq8vDA+MnVJgdalnVegdmu6u4dQXtmNcX7sGi/FqrbGGVmolmuo6K7LCjF4
+Fgk8IgR7G+Ks7Dd5hZg1ISu+whMonRCV4zhoSX+A4tc5UQqVlRbeJN80Xtzznl9G
+XtuZuBvpeM/VSMucSwd2RRr4r803wVsYIGBTv9KoyyPy8oF6vqlxiJOe4Iwbxf9i
+la8pgfuH
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8F 26 DA BF 2E 12 89 D5 EC 6B BD EE 9F 35 1F 66 78 EA DD 3E 
+    friendlyName: Valid requireExplicitPolicy Test1 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8FF5F62B80CAAC69
+
+YF4ufMIHioRNMyadtg4RaIYhMfzpnA8erLIlaL0v8PWq/t0Eow0ZT66Kn9v2TWnZ
+pVmbhn+noiiT+smgpzzhUkzzxnwrPpZgS6bax3/TwZIy1i2HwUJ2a6pE9W5Z6QIC
+kDZanGGfgF2y54apDc7odbeWEeYgXDThaAKozd9dJgIaFgeisNB0kLTViZMgZVkz
+4MXCMocaYShe1TBqfwgBvDEWyeiKRgV39e1JTtgGN5iPH+biExQqw1qG7+vQKY4t
+tfPgAfgtPPog82uwD9W0KGbGhBmX5mBmfsLhZ22bkcMCfAi2kbzy2HIvt8mPx/gN
+KWgZ/JmanFzvb9ajZ/DDsH39odBIAwqF6jOmU71ujfmWgyNTjYA3Xy2eduBKLVxR
+nWIGSA+fJLqmNcKRudq9rcwZ1V7gid1c2P2W2F/NCU1Vnt2d0cOcoTh2Dgb1Il6M
+IlT/f9Wm/xEoAHKQpoC7kIgHDpTY7H879BtKKPoXn79U1ZREH3LkbkLbmo4ALLu1
+++YnvafMIogNE6ODKkPu7T6fMfmLfIRoOuPIPKbDLec+RkJaXIl0XJU6ioWm+vQ/
+QWxmyGdEpSCCp78+iBMWSuAFi4rQFvfJirYgekwFlsiLKHxZfqaOtiV7x8bI5ztt
+E2sTeOh3NtMoIbYFBjalvaElmoG2/9MHTppJc1A8cSpPqX1Bng8Nwv605PX3oNxR
+/R0N6tx7H9/8r/gdHUhuc8iV246pTwKATpGbZFfWc7fNXoLELWUtlGf8faYlA4xP
+XgVSyFCspolQNiBtR1iQ1OlIS6z5zx3fGTd3akkSB2IV8mOLtTh+8cZ+VdC/oeB8
+XDqDAg8biM/1GYfpt0YsKNZcKeYkmpTQfes4bPrPnhUCyvYJjSNc6S6+dA/MgkYB
+y7JHZ4meQA9aje0a/iWi3lh4oGvLZio4BGpiZwCF7ll06Rttmu7jD+zvDMrlA6as
+C2NeHjMPo1/l1bj6X79SM8wIHVaUCFkur/7iiVBNQn1BMDsqNtvIkUSyCI2no20W
+hdnY98NaCg9R3Enex7POxBGPFh/vzmXUYsX47nwCO/+StaG0r/1iKGA7/XwX3ptO
+i7GR1opOcBSPYK72TSzmqE3GDMxlP2ZInewvTvBAow4foSoe82yUvGu5MX7q2qnm
+/PvklKq8OJ44zVg3pXYlzBFPkWkDZG8VeiIJn9nybVKS4+7XWlCb0U3dlDP34OhA
+y0HTdwISE7oiX8XA/ku84lJebc/sSYCtLS3Z9HHOXoGSsb0wvUkFgjhBZS1Z9eZK
+7DyRAGNVS8Sm0rdvzipQAEJ8ox16zPo+jaYaeY8wZAlUWyCec4fGl0Z+EnIqd6uD
+1Df61nlUhHlovyb71hmQ+2scGrmsaQ97yWMB8hyhycRqgcVUqVNbayZaLmsPlqlp
+uero065thgat1yOkPy9jTjH0+5kkhWZqCcWhsmvi6jlzGedtYXi45iE+RQEYFFjy
++WHcxBeHaw7LdIys8gAJ1QhcQ07dHelpn+E7QXhajMSGl9FzrkwiFaQdZoEzX4xm
+19JeNXvTzqarBBZrsixr46aYtyxgqMi9MDuUWjTH4hLNW4jbvZbAxA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest2EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest2EE.pem
new file mode 100644
index 0000000000..bd5a6f0a6b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest2EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 2B FD 3D 65 0C 9A A4 81 DA BE 36 FC 7E E3 86 9A BD E8 ED B6 
+    friendlyName: Valid requireExplicitPolicy Test2 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid requireExplicitPolicy EE Certificate Test2
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 subsubsubCA
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMicmVxdWly
+ZUV4cGxpY2l0UG9saWN5NSBzdWJzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGkxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTkwNwYDVQQDEzBWYWxpZCByZXF1aXJlRXhwbGljaXRQb2xp
+Y3kgRUUgQ2VydGlmaWNhdGUgVGVzdDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDOcG4aw+WhAULnqHANEFgfOkbpQKUodW9QaY4fNaZozY/QB3qGOa1+
+W6Mv3KoV3rEmzL7n/biP6RpjhY6MMoqD7S3sz0sbAxqeQeeY7/m0ScKlhtoiTcxy
+ArrGpsOa4clVs8F7/8y+j+H3HiawKQ6nwYzh34INcUytlLd+G6kIT2y9J7B83a0p
+HvxGVXAlVFUeUIZ1Nf75n/L0IEz91jBGHsrvvN89pGzLUPWCxh94EUeQ4uIawO4A
+JMiGozWpVrF5YU3jztG77okNVxnxAPRRs8KLOhUROkmptAAF10oBR4Jw3kQNNF2q
+eXwtCKv4naFajjV9yFoPN/wZTKDA/dhvAgMBAAGjUjBQMB8GA1UdIwQYMBaAFPpi
+ur1+Xl/fH7oHvh95N4Lc/BMoMB0GA1UdDgQWBBTT/G30XBRLcdlm6LXjOmIn6MQu
+ezAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQELBQADggEBACnxWF0ZZslNWBFt
+vPGw7c4Ui3YQRuxEk85yOkTLO9HvymgskvkQezYTGQkYThzE+8T+VoW+XcGKtqzB
+aWHeVu/S6Kq7zc7MbeHqC0vtyc3ViMFXk7Wk3gve6NBxwh92rITdtJFJ3+IAlmJe
+RHgRan6mMujqLEZFns7fs/kIOiHdhB0W+Q/33X1AKieulxOlhilH8yM6dDBn5JaC
+xVckbqTMMbeWzJU00zIz4oSNx3WvYQqyqrPVzCpVjqVFYJfFMs1FxBPNuPDovb+y
+2Y8awekxYALnFyXfToV2owUFmK2BFQ62BiG9fghvsXWYjCSdcSdkaIBNTxbCITTZ
+KFfbXh4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2B FD 3D 65 0C 9A A4 81 DA BE 36 FC 7E E3 86 9A BD E8 ED B6 
+    friendlyName: Valid requireExplicitPolicy Test2 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,54FD30C4F1C4B89B
+
+4K/32g+JPsQ6CsA/MdKiJTgbVFKOuI4nbS5Vtvn4wwWZmAzXmExwJVINJ726d9qU
+kiMkBuIThNg95Ze/Yb5zD6qxjDjWL3PMRpOp+wHIhs1xiJgeSJ9p+vxwHZfU7uFB
+lP8hHvxrD5KmaKVk4TSGPhpIm2FuKj6XazuHjKlJH8RO5VLkYfX665Rou8tIyZKx
++yn6zKNDCIwPnwodkZFXqF330Qj1d5nvBqUmSTu0qhcuyIiMcMrgcWa3UQkBnbdK
+2hoeZDevhfU6vqJSuVE/zVsHBcLDFCOXDsx02fk0D4ivookTptEqwTaIdfxdkpj5
+Ptx0+dmQz4SpS1PABzk9I3+bgpcH4O164v6IGLtoreDDWjDCZy0PGJjHGjpiVjYK
+qH/51GHnqXFCG2b/Ra1RXTVY2MfL/QGcg12+p+ck2tjqZwOJVR1bK3B7pU2U206/
+g3KUcZH51w8HqnDJQln+/zNMr3X5kqKYoBckPgjswW5BjCOKGHj8wCFJjTGssNPE
+++iYx97uY7dQGU3tzP+hD8ERXaUovZalz01xEbXzIGfhbvYwbeqbMdqYfvzipTpe
+862Cvulp1lilH1EHCYFPTgGT712d/WEe3CLcVAlapBODPLOhtSLBu2ogLfebjHsG
+CWl7oQF4huoWU1ux0cba+gndivUIOsvILQbJrK0vXlSWH0hOME2UBWfWtQUusy3Z
+uoq0grWfrxZw6XM9wRjVtiyG+gK9fPdm75lqp1PX6TdV1bJ95OQFu7rUbT/TdU7u
+mcmas3hEsPkxgykJRJizi1cQqGPrV7FoqGbfp7uYcrIODQZvZD+24eerB9IpZkpS
+43VNK2XZxcSzs/V5GEsI36wO2dYxuo+AvqR+hfsPuRwMn06PCpdYk5n3sc0wHuXH
+39zGbNf0CuZZzzqrU5/bD3/bLQVNCqkUpBCMoarLGJASZNPUSxV+Ii/E8NLMXP/p
+LHUMx2SKXABcUNGvTsWqJsx1snwv9s0jPTI3YG9cWaYlJtJGtFT5fF+webRmkkOE
+SUx+8nK+KL8Ee4ni0Ty2wuve0o1nIjMqADXfuMjlLZs1F5L42qONMu7buBFm2EKa
+ryMYGDbuq7NrZ2fiYUnmRtuZYOXHJf66ixwqDBLGiUPvpmPd+rj6cS8rUqQpM/oT
+FPePDPV1t1jHY3YZK+36ExG/o2U8hoL+3FVqJSC9XaFSFHpEj/B1uvV7W9XBHbSI
+CWZ8vp27oGOFaXdd/6B+5aNENLuFNcA3OtWECGXmZuY6wpXKtlPKU3jpB8ByHcH0
+DFHNYoiukWdilRAfxr+1R8M8akguJc2JwYWKJm+YzTSh96GkLANnfhvFBYXf25av
+LH78qgYOSSD54CK+HBNjrD22iNcQKeX/WjZohiJvES8ok5mgslLdHguiSUpHJQwv
+N6LCWvDutfbYfM9ctlaLBvnyz0LqZaKEMFcWUKK1ZcHlF9d8bkaRLUZS2QC3Kcda
+B+pbo14k7RTqVS0e0CaWOQYtw7LuI8/81rg/Du7NubqlMOuhybiVx1hPiz74uUyY
+g0vMrGT0qlmlhfkQhj4tIyzaLmTu1giZ0QPG4QlfkL6EyWf0vbbPr1acyf6HRSyx
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest4EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest4EE.pem
new file mode 100644
index 0000000000..e2b855de2f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/ValidrequireExplicitPolicyTest4EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 06 40 C2 10 8F 7F 28 EA F7 59 3E 00 0E 09 7E CE D3 1D 41 BC 
+    friendlyName: Valid requireExplicitPolicy Test4 EE
+subject=/C=US/O=Test Certificates 2011/CN=Valid requireExplicitPolicy EE Certificate Test4
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 subsubsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTErMCkGA1UEAxMicmVxdWly
+ZUV4cGxpY2l0UG9saWN5MCBzdWJzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0z
+MDEyMzEwODMwMDBaMGkxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRp
+ZmljYXRlcyAyMDExMTkwNwYDVQQDEzBWYWxpZCByZXF1aXJlRXhwbGljaXRQb2xp
+Y3kgRUUgQ2VydGlmaWNhdGUgVGVzdDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDeDxXcQyw8uZzj9sUOQ/0sZRELT3exJGteTsgMGmazqaA7z6mdqc+Z
+IN/6xj0Ub61biiNXdOfGAGwd+l3mdx94E33ik+1zylEWJqyr2Ovc+JcjR/z6IbcN
+Wv6FPdMPsDTaJgERvuPm2dPYViKpRDiV4BTQ5DsrGhstJGsT/K04UiIB6ahZKN6/
+ToL9OTp+Sj+Y4DAyxl8MdmQWgJpzmo4yeDroGyA4Ui6nTMgVcK2vPDti7o3yjZVe
+rkAqf59Qf6PUtsUXl+eprAQ6gfV87Z8/3K0d/n7QnYg6KcAIUxAnwocuJOp+TqFV
+W2+G9ArW8qdpsLmZqUtj/h+STuUj30mxAgMBAAGjazBpMB8GA1UdIwQYMBaAFLXb
+BNbIIAgvWkHHeKNEidrOLmu6MB0GA1UdDgQWBBTSKJ6JK4Bv9B3Im8QAxcOiq9ML
+DTAOBgNVHQ8BAf8EBAMCBPAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqG
+SIb3DQEBCwUAA4IBAQCTBUOuvyS5e9eevtUKsjCPLpfP/Daf+43KMxHIvLUboO4B
+8KWd/245AIioGgK0vr1AoL0cvOyyYvKuSbi/j/M9WOzCCmgrzrA3mWi9IHq3gv8X
+zWag7VWx4fVbQVQrqseyAKouMZDqWp/rl++IbittXlhcHi54qZ2LgO9gydA7pXN1
+9LOpUOi0mP0wFDfDoOpiNOGJHg5SLuwQWFtEzcXrqJsjtoNigtpXeY1S0nt9u5Dt
+FQVk5FOD7S7SKIuy9QVuCDelDxFYU7zOGNq229S2yTa9dJVym24aGsrJU++XVKle
+FM2quSZqdJ90IpQS3FMQu5XIa3iLaiMNkHUZStnL
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 06 40 C2 10 8F 7F 28 EA F7 59 3E 00 0E 09 7E CE D3 1D 41 BC 
+    friendlyName: Valid requireExplicitPolicy Test4 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F3FA35040C7C371D
+
+dQsQbeCFwSq7SCUPBso/WtMmHv6wYyZZb/qav/OXAfwMY0QGT4PYagzG1wtNottx
+U7+5VJr8eXxiOWXOxQ2biq0zmOKYZ2OaTw9NbQn+ug256qLvFFvA3oMHLw8TmrNJ
+L7IvX8R/qrq4C9vAMx28gwrfSykAhpr2Aam2Q3FtwtZi1X7OaaMj41rX1aqWAtJF
+ju22hiYtY9NteCBmw+S4hlXfmX6MbRT6AWS4jV4hQ0x8O7EMOEGoltCqpmnpn+fD
+Bt9Igui0To54xBinjOM0M4Y3L02V967AUP6rxm5sgZQk3rDvYOlmSTVESfFGjCjn
+nYrK2VwH6wasc4vLuNqhjKg1A3m+QyWjdbPX5xG6YGizYQFBhn/0t7uikMSoEJpO
+GSD9r0C7pbRtOLB/GkMKYADpjeUe14Ri/HXiXmcuoinT3pFuml+eT33RtiiWpw61
+YpAbmr9TxHOewyWwdbkIZXE45RH+MxXNXDyKOzWrDd9GobaLJfuoHYo3cllVvYyz
+YetuCr7/DhQ8aLhhQ0HpF6/3ojS57XZUW0Nk/2uJXCg/6cXeq9NbsCnfpGGrwTUd
+TptQjQfkKx6I3046c+zNHgy5oJSC3av0jQ8wLfioPTdgK3ZIy+AOsPTdSDTZNGXt
+Fbg5pgSBDyemqb+JWq8BWRo1MXliYDFmNvS/LTV74MpC7VRtuadM1kLW9y3RDynb
+2TMmCqi3e9+w6D/kIrRrFWz3jUD8iXt/sV2WZdVClZ/qF8BCaLO6NiIGTFRDshaZ
+Ti/7ZIZvcWLRtLIWah/ZNrApuR5hvbiGV64dTUYs5ql7Zp3qq+Ohv5zf57c+dLM8
+X1AVRJdX+H8Hwvpv5aJsvqF5bCsqCF2mz66WDRyOiKyn95YJ6dh+NdnR/0S7cx7U
+ciPzpxRrLAnwheEDy5qItTHg88Cf/GYbtTBYJjbbl+xPIMtGeoyb2iEC5FrSHCEb
+D9wei6HYZaGferXGISiUyDDsSSr+71i5JDfL4td5DxQiDvoE848tY3ab6LTBKWdz
+HBTDGLvYoeTQhBVsGOfy0AFclLxNzlFF6kwyC8HuAhEQ90Yesd5cXJ6PWsFI/SHG
+WEbmKosAf4CBvzhLcoaiMrTpN1owztxlk3KE4QcYtvbWb5MFHuRBYFrc80Elti2y
+xsJIZjzwa9dRBIHP/RbM6V/qkYX2kSb4yUd6aUhEw0D8apK3fJxq1lZ/2K4KMtTD
+mmmRu/MFiAiZGgTpLcTcH0wi/FykdLDY/9rtAh3dpRP0IxRZrwJvXj85UzvoL2b4
+//aoEXaPz+Rq2Ts2/c9pZY0jOtTi1v6uk+nSedzb6qfwjPMVnDq32xh+Q500Ep/N
+hCtnoVTWt4tz+MfIcN9ieOkd0jjAHvWfFhiEEpuQTicjqhbUGdPrUJ8dgY83FVfH
+oLA2s9aA0caxBGZj3DhOzqi2X7SHsHnXL+FNW1JDfeTSWYNaPMgxPLJslH9mu205
+Owe1O57zF9FCJ7DKrMeEAF60IIVEpdQWmCPJDdsGoq70Ivbzuuix6XbFpLyA82uD
+uaFCcy9B9pb4NKvJDCKGcCofScSQmzpa09KC6FR5y5QlpfdyIEcnWllSBWNO0tXo
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/WrongCRLCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/WrongCRLCACert.pem
new file mode 100644
index 0000000000..3c2359e85a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/WrongCRLCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: D8 B9 FB D0 30 49 8A 19 FD C0 74 0F 90 8A 3A 60 3D 35 AD D4 
+    friendlyName: Wrong CRL CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=Wrong CRL CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBCjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT
+DFdyb25nIENSTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALfS
+dqU+ffbeIUKH8y141HuCwtV0pFXbQWA8l4ulBKNt/V+03/OOkoFXFId5tyu9TvZr
+ouQruhiOrWW18bWOipWJnlr/S4n0JbIdIYduhMCD/i7JIoOgtW/3bN4T+PfvL12C
+B7tvyGTi4Rl7y6LoDMMXse1VaTzS6M9MJZrpmGa/yVR3WVKzLWScqK5gqMDXzcAH
+mEo0cRnGdLmp7hHzkAiWZEZ9X0bV5K/awcjUercRC1xJpnfJXzUgOaQJp740k2rQ
+D9QPGSM4eQIUC0JvqLjINz3OmuQtkyQTqLkU+79WskiRlM7yMNbKdlvpZ5E+iqRY
+BJaqLQH5jVTW7fvWwAMCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+
+dbZlp9ldqGYwHQYDVR0OBBYEFAwlRuCJelEHSq81r82QxHIOt6gGMA4GA1UdDwEB
+/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAN0iMkt88kC3W/eLpsMRtDNYwmtMUZI6TtFND
+oLdXlwhOjRjNOX0q8g6veHRiZTtdXI83P4KQYb3YYrc+L4/BpiGNV8LM3KDG4fpO
+Uqfj8zq8jxZNae+rblwXMgs1cI0DpxEdJXtFv4q74ILvWt+Wp5H2St7nJPobeOn1
+STGZoe4HGIQ62XdHfPCacLYIqejpZJD3QYBPHQlTKJKF2ifMAF0QaoWtjvOENBRQ
+r8sfmDqWlixChZpMDZMRhLHULiAS22Aoqql+yueh/G+HgVOaA/rB8iD8Csxot23M
+QM3koijndOFgzDGMhTJfwEQ96NXL+JptuocPwzKWOzLieMYYww==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D8 B9 FB D0 30 49 8A 19 FD C0 74 0F 90 8A 3A 60 3D 35 AD D4 
+    friendlyName: Wrong CRL CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2EDBF1518A102CDD
+
+w2sVwSRe6zlBOSZmEUVzHezqJTV6IJt9cr6psogywNect7wLX8eae53NkOFA0aji
+iECUqiuL+ae9HCCDtegAKW6zq6dGjBbvFJdMhix353Q1vDF/UD2TAOvAaXp5phOF
+Yf12f2Za+aiohtobOAvnG55ddHe4+ClxxKThiCfrZeUlX0QaAsljXIqh92IR44B1
+5OCrFq+qvMoy+/lw3MTODERXWkPJN/PIO7xU4kWc3SBSgxmmT8vw3FnDLOFfISHZ
+O1hZDna9/fI6PeLfglNq9GxtehKiRxM9V6HhqPQztDLdqCrrv5aVCb3MKEev5BZ0
+kVrDtXP1GzhpL40opYeZNq03crBBOUpRSaHRDzVv8MC7L7dI15HmPiRErsAXkxIC
+u/SmB/PX2g5MD3oxTBVm0i9ezMXB4Zlan1bko+22XHmc2RyGd9+Afef7umWvd9Gj
+k2f1i43HU7c66BqN/XJUOgqCd+ngP6OdOE2LLeUc1mkgBmpqk0FWCe5mYmPnlm50
+8E7gE/z8Gjj9hJ3pJwhgcxRhdzgl14u3kjCqjHdYWsiK1kER0mTtYk3BPAOLVJ2M
+2uYqWnJqmblA6aels7mFAI3kxw93rEFlg3nNYtbIVyfY1Z7FGensqdanF04zxQlf
+rPkmWGUJKWlZex1m67N848ywLbbL+soxbnN7UpEszA5jpdBxswjGqwwBXxcHDjYE
+g38s0MlDaIpOGyqc6XxkcKgcoTedSh+pudR4FCdWEEhnAbZhp39ctzrMe99sohq9
+qs+l6P57qm5M3sTCOpPv6erbNQzi/TkGgNM7h5ti7Vq+k3VUBBS6kY1SM6szuoJB
+ZAgzuDanR7U7L5QmallaHCQurGLOhP1R8Hf0gb00xZSUwBrpa3palPCcMysKQe9B
+nCgnfWUE7V9AKwik7IpxUzCXN4Tcsl1f/M0uRU6/b4HL6aHicbhAueZdpmOcw+9u
+fbFhE2QWlPTqwgv9W+G9nLOhAxuIe6Xu3MEe163lwYe6M35F5h9ddyDWAi+CM0kB
+yVf+CE4KVI2HY1nIpxISsKAGebSSqoOhbFr30q+RMH3lCo8Uu660fZWbswgagzh0
+NgX8fyndBgGv7sF+8fi3LXt3/71zbGX96pzdCofGsXOGG5waDeW6ZTtybjPdMciP
+qEJ72iTsVF9ToQs9ycPAg9QDv/bTpeBlRlM1dcmaJE+RtM/7ajOCeGotJ3o/Kk05
+fNAFQ/dUwUDFCncFqQC3HC6zL+iGTG/ytdJ+c1kQSR716jjsaUQ9472k7EJLL8RD
+Y4C7le3vTsqvzpNHlMVuIjSt2tZNvIMBYGV8XipwNO/OGWiDXVCq8MUy8ZiXvAMu
+nlY2lKAEz/D0OVDjdQFyUQoNmffyHMQCaGjZM0yxnKzuIXJHfJGNbW98xjW4+w4S
+3YawDimZXFGpICsqSpk2pL3G0ipEg9bzatYHCy4ynlNE51A2TMmwOAkSsgDinQf2
+Dmsf4vRCAkhpzUC5vBtvA/FvJ1B+lNS0boW5Lq0E+9xBk1x9xQqXkhBwWKWzR8Ke
+b77ZC2KfAiDb8uyp2kkjtGLg9sRlBFPUCn59ZoI04tCEOTAwdq6H8pDIOhQbcZ/L
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/anyPolicyCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/anyPolicyCACert.pem
new file mode 100644
index 0000000000..9795ea31e3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/anyPolicyCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: E2 88 AA BB AF BC F2 89 B6 55 3A 08 28 EC 18 CA C4 6F 22 46 
+    friendlyName: anyPolicy CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=anyPolicy CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDizCCAnOgAwIBAgIBJjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT
+DGFueVBvbGljeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL7o
+J91PNM3AvPFePimzLAnnv+BRwQSrqafBm/nheXXLVtOtfNSoTqBWoo5uF4rGyYHF
+MRHPORNZjZRBoxHho/SWM2J7r7hOOL+JJjMYwZhCPkxXjATXNIXIolacHxARaT9a
+XjfnPAtmAotI+91ZMaHiRup87ygHHtuD3Atpe0NNbnqbQzmpA2+bwqv8Ojou+40i
+1NHVTgVDk2mH3HQbPzh2C3p2CIrhPv8IDpxZcdkEkAaMUK+czXt3OEMnqzerKSOZ
+8UVxdjYtJoOeDg2Pq0qNqbwW3lXL6+PNH/zU63fr3Nqz5befHyTS421OlEIK8FtU
+lEQ3V2/JBQENdlugwXsCAwEAAaOBhTCBgjAfBgNVHSMEGDAWgBTkfV/RXJWGCCwF
+rr51tmWn2V2oZjAdBgNVHQ4EFgQUu8neyByV50LikKKOrgNcqyRgfoUwDgYDVR0P
+AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADARBgNVHSAE
+CjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAD11IPBOgXaljMw5AvmAXBLG
+LPx4zhX/UmT57NlW3Y/jbDb6MxglZr/YsXyUo8Nu3PkdqbO9mwfzfcmLrnuHrdSj
+ud2jlR1VEZz+7uzPDPzP89u+wjA0UYlKahHvgFTRedUZ5FhN6Y7iyP5b6Iq4Gb6A
+bhJLq59d0RXRsVOhgAWBo0xTO5s4e7vhzKHCQLHkTbD1g/HLW0ae7aFfCT30PpFP
+UhBHfwkD5tdW/8qcejbs0fpegaiVtOzwE6/Rwkuh4wDoszXQJo7yOsFyGtn7+ord
+M3PS80suV01q67BmW2M6F6oAU3agb4guzMCw/3d7F+Ow9d7Qq5CjabaW38Gb/OA=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E2 88 AA BB AF BC F2 89 B6 55 3A 08 28 EC 18 CA C4 6F 22 46 
+    friendlyName: anyPolicy CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B1AD402C798B02CA
+
+q6/m5cQWmyel+SPbSfJcjN9tmEv9wASz4zF3aJ8nxVlNKWkeJK7AjsG9TgvMLS+j
+ZoeaQBKsTz2m1ieSfW4kyBLIc/moBFr1Et5iVwjX6Nz2kx+TPobRbzsKwj/bOorj
+QSZruWVnbSVO4FOpcl4IbiSfVHqI20zpCoLN8IIngZDUv0AmAK+KBgH8U5fDP7vQ
+oU3THgkh96ab7gt6LGvZ5HM/zZNCYgeEQsz84Ku+r/eWpWoTdqpKlZDIEcXHjO9M
+JyOMq/DylB120OVabGzKnau1S5p0EiuDlvBzWsr5ybpMJc8AbW+p7/Xu/9/dWNv5
+ZLGw7pS98h0b16MxVU/NpgF4BqRyPWo1p3o7jeApjqSBMJePzjrWseLLnZdQxVkA
+Y56NiEZjCFVVFHhmuLny2RDwFh/buFps68UahrlbBP/H0nDIQi9x6P5QYcrxP3Iz
+z6/MKNeX7IT6GiQIvhWd0LZkFG8qdtiH+S02e3+0XNCEKGprdph/dq9QU2l8dWfu
+Gf880UC03QzRVabHDe+AuTSqXRf0lOG8APGvqUqHwaaH53hcjnVD5Hb5soHmh7X6
+JAQ2u4a5IfP9EX90UJ7UJKTypIpVsK2G7HZDQap0vm0FmXQc7dMChb5qLaGpBILu
+8m6Hq0lU0fHSl3Mu/UHD+2RDvpo44B0q9tDorIKN7/FKbF9MwzkRjBLXPvg5HzAN
+A+G3K3ccnpOf5puT/wqPiDQt+oQelKZlNsENfB4lQB1Io5lE8imGSo6Keka0qxzK
+D4fLSVnKKSnpotpNV7A3QEzmB/f+glBFzvIUP7+l9dW01X/Oq9YXcOAGJpbTrJ+b
+OeBWmWeXgf1HyAAb6uHUFoaDCCQMHd3RXWqkfm3Taj0/SqC1Iz60FeVAtBITVjbj
+SzS9KGvOuZ+0PjIDQj3ufa7v1f2MjzNAml4JSihtqy2rlQo6pljD56+iXS3k9Yx/
+lC9VfHlAxOiSVGU6vKWZJMEtD/nWLOVGak+36SBcM0w5OUFfOV6dY2Z3YHwB4pBh
+HjN11pB9BjsP0vGKEkV2x7x9k685n1crRferq6BSjsbNQ46ZqPQNABAnPAYZ6eJ1
+Uo1LuyWU/tjtrdJMV9TudVHRgjljuxiADDPytPka8H3/oAG5IYPEHiaXmHnkM5ZR
+LJRPcvh93KAV/zfwcNX5V4pTYdDR5C6GnDQocsw7crawd/egicbJ7y48HjoKBwJe
+CeuTljhc4GTmuFFzN7Qpk/NryBuAcKBIxdKtkrPzq/bi+ekPGhn8AobLa025W5Me
+sJKSEgW5AGbYHTYOOEde0QhnuFK/nOTdL1LK+lhbxxFVXpdgjON36W0uMH50k0sj
+zHxTPYe3zbVmGDTKl70CabELn2X0bU1VGoO3J42b17GQMAEeeAwtBkdsnh+y8JLH
+bfbbAqq+K2Jq9h3PqSwFzBagcnS7fwyAvVu3qSwK4j6WRjwBUySpYHOxZOWdcJL9
+HQk/QAH+Dkt2Sia1A0nfX9Uu+JNE5m2wUCNEfg/Ikfr31AlyjCimwfIsMCTxXuqs
+9SVMX7yWaYZRJchF2mi0GXar6R85PYXmcMYSotQvCkkwzJDJkiV6RNvXC/yYbCwp
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsCriticalcAFalseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsCriticalcAFalseCACert.pem
new file mode 100644
index 0000000000..2964eb58f0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsCriticalcAFalseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 46 67 82 1C F9 18 B7 EE 5F 55 A4 59 54 20 0F EF 45 5B 86 F9 
+    friendlyName: basicConstraints Critical cA False CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=basicConstraints Critical cA False CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLjAsBgNVBAMT
+JWJhc2ljQ29uc3RyYWludHMgQ3JpdGljYWwgY0EgRmFsc2UgQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK0TuX7lUycbAgxfZnKcg+Rx2r61nSTPYw
+1lgfYLDJALaWLUioE7qIrkbpO713AYSExS2mbm+lahJiFznGgpZreL+cY6se844t
+2TG9ZU7Z/gap/UCKGu/Zllq30Mx5nuX2yQJbH9oLp8aaxIFJrE1l2bzw5oJNITf3
+h5D0ZE1s4j/cvDQ1AeIn56HSsU+FFJ+WZ9tlpOG5C8WbaRUJBDg68FEStgq63Dtd
+7zje4jykLw9FE6ecksEZ87TeoOVbxsM68jr03/wByZKDkiwM4LGgHHFyfQRgHWbd
+kMpTDhyrk0CNv7F3kQ2LOfbZP3Xt2KTXYoORYMC/kSf+rfKaAORnAgMBAAGjeTB3
+MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRw30Qv
+A5kcF3MY8jY8FDTQCdHy7TAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAEvnbglu
+cVBQ9vbuv8jUUzxvxBLqBbvwfsY6QmZGVgNKQOIkARLkguDt6PpVuB/w2uRFBRFv
+zcV1ooleAKis9t42aNamzgdDLxSQ060Z98yGeU33La7uqRX6PVzvYncwVKOPl1mu
+Hr9CEPc9EHYJF9mWYGGYXhNkrvlFpow1Jgg6zWtmWtoYfl27XoGBnuLGPqmd9Qn8
+aDWfNe4k8XgVwemq+n+r/tYGXW8P91DXk/YZCFS4x8hbx+0VvCcOXWZ2ApWGkX8j
+KHGzhl3jFqhQOSy66QljjW1qVxPjkL33l2TaGrOQXv/Ykf6r2K2bCxKGvahSAH1A
+tA53saU+pZ94JrU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 46 67 82 1C F9 18 B7 EE 5F 55 A4 59 54 20 0F EF 45 5B 86 F9 
+    friendlyName: basicConstraints Critical cA False CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A907CD5776049645
+
+BlcYGd6sAmCbJz23X7IvcehLqjkzE4Z8eMNK6q0ll+nw4vD68iu7id8ErvfxwsF/
+daVJQkPCKQSQqJCq1Z98SqxxNPtxrWKhvnOd8wfHyvMX4d/8wZphEm72mZfyMylz
+uHkHMj7FpBWTgzR4S8bsEOP8asM/9gdWsAYoABXn5QnracH0aR3hbcNfyRFnFcpB
+MMpZdWL8Mk5KUVTiQWWb3ZefuZIsi2uWzJMNw77jqx+ri4MWMVCpY9GI0pFZgWRr
+Nkd3gyS/8QvKrcIszbNOliT8V8/1qbLhV9oeCdj34kuRub9JspCWhNcTe4ny9nxW
+0/0nHEzT2BAjnZbGAyzCTGkSZkJTAxpZi/mwWq+gaj4eD2aa+2UNtiazAltF7SVH
+LcZE8JjePDGMpob51RKqzxtntyP98BAgsnAS/Wsn+WRqnV2afAvFwY1bsP2tCNUB
+WP1FXwR9Ryzp8diG7VBET8kfi7npbXv9FICUYo+NMnXjApI+yXY7YXIQq6YawOhd
+tO/2bytPjHnvdnYZURPQ3dsINZWjrd5xXXI/boTXH76QUp8lgg1jx6nPBO1pjPZ8
+CELjvL3YDFLChS6DiOanOPPVTsKzDHrmlNwBkEQBG/tsCbRhQl0ZmLMd2EPdNbbQ
+EoWIqo7P4E3FlVzdwN42pug+nSD/GhPl5bzBH6F9MLMkqT3ff64RaonFu2Gi3TJv
+XMOY//4EDNrFLHnB//lALAQISmUFHgMbyU1uc48QtZ5rHPcHw9T+z71pP3I2Iy+V
+KrQwYq3BaknVpxL1YX2xUuojXSGot7vGFCbj6WS4ooeQjwDPyiFUJq6SrfFw4YmY
+HCS1pfhu5YMFtNxLmzMyn4h4CQweVkStrKtexTZHbmEKexhLZlD28YatZTZw5YdK
+qxoA+qNAx3mGISIlbl0Y1P7Vh43KkOaka36OCQFZd6tPsOK7/PCD0sk6IqScyYqz
+ZvmfDl4NrBnuYfPFtuZBdmN/fKvSlIOro30/mok8mWjhZbnsJKp6i+xqNdsSZKwX
+Q1gGXAtja33T6ZwLuZTcFkX5mb3XMfMEIiAm8xhMqYSgL+sJxDt8g/BHyryDScOm
+7Sgh62ZjlxXm6ge5YW1imS5Xroqp3pnZOQrmHZC7XJesXM1it/fSAkL3RLmShvUf
+u2jZC6ULAg6eo7PvONaidtSlHx/O8RiBMvJrOXFUcShn2CKsbc7M/u4tnRLZVVHZ
+pblGs0ID7wCUxCL3j4N3ipFaNvo3XMlfifQ8YBlInlEXp8YYlGjQX11rtC3Minf/
+vMU0qfR0ObvjgjhJ8E+jJ/kJhC1sTIVpPIdgIiVsLhoDyAauwxawz3ONlHrB491X
+5wH74clArihNz3Pj2pL6FvqRZzXtym5YbCHRcFtNs/K2HAGAyj26MiQRQ5+yPqhO
+olWZHohZTQhA7fKWh3AmhMdCiwaqmx7xRmRTwfICHKIUka6qu91Y3jQ+cMr4n7IZ
+8yrOCZjlkHww51I89agqBfCB+56v2lWwed6Sbs447Xtu4G3k7MR1PjCYt7FxccRK
+ajpKhQDxoMpig41GQ9dy6yuNTYmPCwlZSVrhpv92jMfbAE4sfh95wDGdgKu4061c
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsNotCriticalCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsNotCriticalCACert.pem
new file mode 100644
index 0000000000..36d5718399
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsNotCriticalCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 48 03 2A 70 2D 08 91 22 69 59 D8 1F DA F3 ED 06 D2 09 FF 7F 
+    friendlyName: basicConstraints Not Critical CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=basicConstraints Not Critical CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIBGTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowWTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExKTAnBgNVBAMT
+IGJhc2ljQ29uc3RyYWludHMgTm90IENyaXRpY2FsIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEArsQn8oF6pcm/kFywrnN3jMacD0/pU5QPugEQTz1z
+SH4R8VN/SBlsC4kBk2ue+IDyhJDXUhhq4d3Rs4hUNVv70U9GbwUw92OEie1/JFyt
+h3E6W2AJd+akHJ269MIFZ00e7MTXdRdtX1QpESnqpBL7YuvTkZhXYLRnvgy+gZtm
+lelEmXgMT2Ww8leKWmGJr0VkhYH+sGZLZKgxmFX4FeMXVcWA0k3uHIXeQT0h8gJU
+VsrdzBC1A8pvbThtIj2ZfQ4CClmDZZW4vplTC9oJJldenl5jI1s2DYzcXrn2eIH7
+edFuiwGqeUpWv/KONSHVvzHytw/CjS+3L9Wn302y/IijGwIDAQABo3kwdzAfBgNV
+HSMEGDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUCqS5MEOsQ8g0
+AhPP71Xov3CfRq8wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
+AgEwATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBSpmk+5lnnJCmJ
+CQ074FYF+IHNPqc/ZztWuOGGsY0O4ST3vIHfbpJwjCvvY7QC0glG3klEDvhOVRVB
+MYzkTscePuEI9xUSht4MoEsN9AIL0ONZ5Hi4OfKwdjm6AatSmvTyj9EWpmUzmxqP
+Uo5GkfcIty+84ExeTE1azxTi/XbJ5vzpvnhTQQCp2yp9T/+BSCovr73OlmahQWur
+tS332QG5XAPYV54uJpYPYxSfoouf2YoVfw8HJRA3qfQYoomKWQSfNVQtk2pklxIe
+zNVFpjHbIef/AZOGRYVAePoQAx3SqtA5faHlYHcy8fCr0uklwvQkitS4a8ghc6Xq
+o4g/ilaN
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 48 03 2A 70 2D 08 91 22 69 59 D8 1F DA F3 ED 06 D2 09 FF 7F 
+    friendlyName: basicConstraints Not Critical CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2B8F6C672C9D1209
+
+UciDWxzXIHzVsJcr9SCpIsfAYutmhoJaU6oykTzH+9YgNLuvkMo3xzvFTbD/0lG7
+rRsIV9BZchKs9PjkD5AkXaR/8BfW6rNQR166Nvyhd2Yn88xy4ng/b3vWmwmIp580
+VNKfg4uwepjQaot97RYkS7dgGp/6HAoy/LvLPz8+Vv2NZr0Ocj+2kUt6KT5LlSEC
+8HZs6SR/O4lnJfAZf9B5FwFOrDqx31wUtKADMmtn9AeJwM0LpLRhyDOkUzmBP08L
+kJAiKJ0qfKvf/eJFvJKbyeckqGhmqqGSFvHO1xHHw7xUDvTB0lskAdy+MVZd8XA+
+QA3duCYZaTcpRDqm+fcNqGZB604zlbKxscY7MvZ5RVsA7Vw5ATHhLmvOMS4H4wDt
+hq3s9hBQIAM9VOeuoGIk+BP+pKss6X57R/5XvnIaVTLsSbn6VpxbJ6migsOAq9fa
+cSqT/13w6Nlf9rzo6AfskOfBzmSgxOHCrwEkR67xuSWsVepRSCu43Ctm41UsWWLZ
+peY8WGMZdsqv88cnwgGQObPfAjKW94aaVfizhoj78gppfghvC95nw8IaViDAWTE6
+QGptRf0M2zsGtKp536IRT9tUCaGIbewc1diNovY+tNB0YINGeiQcu7Lgyu5MbzHm
+evglA4U9hmHnMyt7fWaxyauw0HHz830Bhh5qocj5CsrRMNPSXma9+g2wxV9Sjz29
+P2y0Msk+ppYkNEzVeNHfz6oXW45KXXGT6IOcgpwMKNncKaMW6ZtECE84AYeFzNcP
+YYhFylF5z1qBhYXHPJcmwjIsf4GSVzU8YuM8hlrKix1YEBqqtTDYifRIM74lmdaD
+7IyJZ/wK8yqYsze8hHt0E0poCJ9WC2vkkZvmu4zZHr80L0ARpqQ8b2UX4UIMwar0
+L/q3625fUXi+OijtpGqjM+iAAZgsg0Dv5744lZwAdn1fdMUsDnkPPtyOaP8C4id+
+JUozCXlQ5QWWAVGpwltyTUI2cSw1z3GBL/ofQVbqXznsTIie3xBAiHZKBB/QpgP2
+PNLuYhV93JVYxBUO3BgZXlwy8jbgGk5NU+EZ6yTWPF+q0o7hF7wQAIb1yfz/zGQl
+6sohXVRhZAJWzbnDQIWfZMVXsPpHDXoIXMdeufmKy6MGAbO634upVxZfpbErUg3R
+zw7kzSQ0nLkW7viUYpCPz6waXtxCMP3DZynlXmVbYrr+be53PFpg9PhgCI88VQ+g
+At9CHTMdocCZELJkEem4/VV0bjYCYv22DeALTSM6SlrSmOFWU5QLXV7Z8zs6nOwd
+f5W0kom93FolMmz6iFn09FEiRnGWGVE3n4m/9IQz2jTbHgAFsust3uKuWMeTmzy8
+iAYVv02CRt8odMFCBi/ld6vzD3mxiLucxC7RfYr+b5fhkYxqJkPW6WnfHtwlUV2w
+SSEfJlhThZG7t/ZSbMNPo/kemV8Y9jByZvbl57kpSji7ft5BbJ5J0jFblnX6aJcd
+UoXJm6t1BitRzhS/bYT0gBWp7V1UISlwflZKwZwF/P0LYAdOdJM5IgYyLFl2G/Nw
+E8ElkZwApmHGyYpDCABQsudLK9hEuItlEqNKdfsE1TB+rgCZF6xoy8ci2GR5+BNm
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsNotCriticalcAFalseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsNotCriticalcAFalseCACert.pem
new file mode 100644
index 0000000000..668159e530
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/basicConstraintsNotCriticalcAFalseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 67 88 25 B9 3A 83 74 48 FC C0 EA AF 2C 59 06 A2 D8 7C B5 4D 
+    friendlyName: basicConstraints Not Critical cA False CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=basicConstraints Not Critical cA False CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBGDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMjAwBgNVBAMT
+KWJhc2ljQ29uc3RyYWludHMgTm90IENyaXRpY2FsIGNBIEZhbHNlIENBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0EwqHs6AKdSF6fQyFQ9KzZMLoAg
+o3Vjz4MudMtI8xe5SGdgQiGK1w7acKOWzVg/xRG+7Lv8osjGB9+m6MsYgXACOVt+
+2VSmsuHQ5F9UZIoaXfsCFV8J4KJYuqWYJt84PIzUoIEKHHloghRQvI4qv8SPJUSI
+LbaeRckJAzsLhRVOTGIOCPTtj/rosKpdBdHofuzdtVkSJvMu3NcN1oL6haAaDtS+
+MYAizyLnTbNYBS/NW+6hImyNLYvmXYCh4rVq0PTTEJvm9b7SQHyHyFroN3a9vxof
+2+bQq6Lpim0QBKi4rBRDeJn+zc5EZnBkEDtZXEQ808JddIboTOi4JDkKbwIDAQAB
+o3YwdDAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQU
+OdCbt08pN77TsIp26mqeze9GvlgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQB1uT+Y
+KoMDcmuoxjk4KoBNTWPmR8eXegKa3WfyOJxYRTqlDhmDd/N+3Ifk/QzDqXitKUEI
+BWL13NTh6ngG9AIBrRGpk5XmixKTxCP5FxGjsd5dM/So079U0+K9s90xzwOwolJi
+4Fkih0eeRu2ntqwCvLsIEOSJMH7uSOISuRjYqMAnzlP4FFXYeLOGQLtUFln/lseC
+KfD0roxZZ7W8KVWLICwGAFrw5rBnZuyoNIcCJUtH9uJ4ugid0BmYrICWLFwEU3af
+W7GJZmRfegol/5TJy14XSb6vxyp2kAPmgdDZTmLiB36xaixjsS/7AIhejzDJ3gHU
+SIxm4tAlyWAjCBXh
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 67 88 25 B9 3A 83 74 48 FC C0 EA AF 2C 59 06 A2 D8 7C B5 4D 
+    friendlyName: basicConstraints Not Critical cA False CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1E7A841BD9890B31
+
+7pXy++DsDBBVp7eFGwKvmWMCzl73VTqnwp2Zt+OlEshNqcbjC/t8TCWS4+zbot8J
+q4bVOdu7VieNl+MWdDK08PbZPi1rNeOY4hB0R7JftfRc7iNZJa/DPGjReFloTsxx
+Dkhdo4VBEpqQdQRq+BkCIe4IXc449f95jBIFp7blvTYixjqpUcuTDCkq90JQl/a1
+SvG73oZVLjkneF3e2km0nCQiLIrvEEwCva804ZvohyyN64C3WwRd6CXtFqKed4MO
+ju1TExPVg3sCnEF48rhHPQbqac6kSmWq100XrDyzJpvXc0idh8uq16N9zB8ESCtu
+H933fK9695cJL436LpaXBN1grXuZNL0if5wXqfUEXcTfQmrAkuD8O3abtyCxyc92
++6k3kMkzY/W5BvE4hWCboBYc5VkKd+FwxTD6hdGZ5iTN7kol1obzccxFRRRkL5tV
+0gDdWjAz84vbQYbJNrePXPSnN/xLKD+vnOl5HA1Eu11Z75XfiouiW2J4WK12HZUG
+UYI1jPKibCcoXaYZZPBI8pVyfwc2T+/CRGxp9v8gqYInh5TTbur4QB9wnhCFrNZp
+lSkUOW6I40UC/20MpNqIIipw7Jf6nKMWvN7zFojVz31bni0OySZ7np2deZfStAuM
+xXfC1plLgEXyquhXfCcnV4Od/xCbLb7e/l0NqWGGWGu3EKZnfBDrBoPmwxJ4toOB
+3ExqVP1M/gxY4TMc+YVIICYdWIhntF+hiGkmAsdGXslfLQuxXxq0E2j6xQCFfBdY
+iMehq9IyO8debl523hcP/3nAx1PMrdMXk+tRAhpbtPJmaN75YyEQlSHAJEZDA8YK
+id5jAx7pmneAzRPs2mU7XSSTysyjx5hV0g/AXIGlIHrZcjpwsvuFlwJJQZ+GEUxG
+OTLZEqFOIA+tg63Jze0rxOnegT7AZx1Nzz8YX7/WrDiGuYdM/sfHbyz8AF0cAsI6
+Uuqzydz4W2U4shwwop5/Rwh01PSiEWI6x0K9L7htFKerVvEoLzUjFldmAqmqlGIH
+GBUl2WYDLxkhMRdT7/9YZu82X1TcFoU6LsP0Iup1tRrUv6vbeqtaZDGoZ5ebHZZ7
+vSDSMInRSzbdv6nd6Yoilkd57pbEVbtqblAY2tBQ/R0Kc/FMddm6gheEh9Sd7qqv
+fbWgp0Z8gRE1R3sD8cl79DIcUBxI2XiHGideO1flAAlPogv9IGeqqH4e1DsjPewj
+s/4/9ofVx//4/TjQP/aWzFTemGzlozPWM28FfrGBtReNUQ7zUSJKzzJJ0HC0GQLN
+zhXJOklxg/wyhmD15H1xy0bqxXM38/LR7PfaJCvlIlJ5lbUaCDJqxa3LM2+2qhOm
+JKq5Bmdk8zlbQi314JuBfOy0PEyLHxpZrEn3orYqtK2MjgoOwE4IDfCWkLL2bF2+
+sYfCFZ+ApD0Ki3uL/9AhTzsPkYLAp+vH9+3FQ9NOe/hCwF99Ak4+Qo2sShSwGJQl
+IdEiKtVmN+3q+gZweTyHQeoWgSVcJY2A8BquR+Q39yYbhilgQxRt/Ivws9oeSUx8
+ga72sXk08SEIdmlkpwpvev+FIixCbk3EdmUSVOQtX3AiK06TNUTYlg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/certs.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/certs.pem
deleted file mode 100644
index de409f5895..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/certs.pem
+++ /dev/null
@@ -1,118 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=Valid EE Certificate Test1
-issuer=/C=US/O=Test Certificates/CN=Good CA
------BEGIN CERTIFICATE-----
-MIICajCCAdOgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EwHhcN
-MDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjBOMQswCQYDVQQGEwJVUzEaMBgG
-A1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxIzAhBgNVBAMTGlZhbGlkIEVFIENlcnRp
-ZmljYXRlIFRlc3QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtpKu/a6Co
-7KcKOymboEA+MmgoryXHT1dxExmQ1lO7yah2L8j8RG6ox5Tr37TV8Y21ti3MopcF
-H+iXDSX31fixsYCZkcpjMI4kbjXmjGOeFKu1vnbBmcb5JBISiUeg22tIRFoJ4zTh
-i3GLVecGijyOVReA5LiPymEKG7fAB3241wIDAQABo2swaTAfBgNVHSMEGDAWgBS3
-LqaCy8LIvKh7J0TXNTPfmhWUxzAdBgNVHQ4EFgQUOsyUZQyFqTzB4K9RMyoUSI+e
-kVswDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATANBgkq
-hkiG9w0BAQUFAAOBgQCkaGfCqYi0681n9Dit36lg3U/9gTZoNqPMaAaLUQV3Crzx
-x2MGInhTyKchYydbV8HD89N2jzzYq7J2KM/ZEAfjskCdsj1SiMNkbYZe3rZZOldr
-PCGFgzUGTNakQxkpxU5j7plivQic/OZ7+mMTi0fnjGRi9M+aa744VmH6FgCt1w==
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=Good CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICbTCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMDsxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEQMA4GA1UEAxMHR29vZCBDQTCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArsI1lQuXKwOxSkOVRaPwlhMQtgp0
-p7HT4rKLGqojfY0twvMDc4rC9uj97wlh98kkraMx3r0wlllYSQ+Cp9mCCNu/C/Y2
-IbZCyG+io4A3Um3q/QGvbHlclmrJb0j0MQi3o88GhE8Q6Vy6SGwFXGpKDJMpLSFp
-Pxz8lh7M6J56Ex8CAwEAAaN8MHowHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqa
-vIf/SeowHQYDVR0OBBYEFLcupoLLwsi8qHsnRNc1M9+aFZTHMA4GA1UdDwEB/wQE
-AwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCOls9+0kEUS71w+KoQhfkVLdAKANXUmGCVZHL1zsya
-cPP/Q8IsCNvwjefZpgc0cuhtnHt2uDd0/zYLRmgcvJwfx5vwOfmDN13mMB8Za+cg
-3sZ/NI8MqQseKvS3fWqXaK6FJoKLzxId0iUGntbF4c5+rPFArzqM6IE7f9cMD5Fq
-rA==
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Good CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:B7:2E:A6:82:CB:C2:C8:BC:A8:7B:27:44:D7:35:33:DF:9A:15:94:C7
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 0E
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Serial Number: 0F
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        93:c2:ec:0b:71:07:2d:9d:d7:a2:b3:f0:ed:08:4d:6e:06:90:
-        66:72:06:a9:c2:30:73:f1:18:72:bf:a7:51:13:95:c4:31:3f:
-        1d:79:41:ed:ed:ab:d0:96:11:1e:32:47:4c:c4:f7:e2:08:65:
-        6f:73:55:c1:59:09:56:f2:60:79:27:18:2e:94:40:dd:7e:b1:
-        92:bf:b8:57:e5:4c:c5:38:97:75:2a:a1:17:a2:25:0d:ec:0e:
-        b7:95:40:8d:2c:df:b9:fa:10:ff:be:9e:4a:f2:37:4f:25:cb:
-        1b:c8:6d:ef:e4:09:b9:03:36:1b:c1:d9:f9:4f:00:5e:80:85:
-        92:cd
------BEGIN X509 CRL-----
-MIIBejCB5AIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNVBAMTB0dvb2QgQ0EXDTAxMDQxOTE0
-NTcyMFoXDTExMDQxOTE0NTcyMFowRDAgAgEOFw0wMTA0MTkxNDU3MjBaMAwwCgYD
-VR0VBAMKAQEwIAIBDxcNMDEwNDE5MTQ1NzIwWjAMMAoGA1UdFQQDCgEBoC8wLTAf
-BgNVHSMEGDAWgBS3LqaCy8LIvKh7J0TXNTPfmhWUxzAKBgNVHRQEAwIBATANBgkq
-hkiG9w0BAQUFAAOBgQCTwuwLcQctndeis/DtCE1uBpBmcgapwjBz8Rhyv6dRE5XE
-MT8deUHt7avQlhEeMkdMxPfiCGVvc1XBWQlW8mB5JxgulEDdfrGSv7hX5UzFOJd1
-KqEXoiUN7A63lUCNLN+5+hD/vp5K8jdPJcsbyG3v5Am5AzYbwdn5TwBegIWSzQ==
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA1Cert.pem
new file mode 100644
index 0000000000..7afdeee299
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA1Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: F0 C9 87 CA 32 71 3A 6C 01 BB 33 39 C8 4F 65 31 40 08 8E D9 
+    friendlyName: deltaCRL CA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=deltaCRL CA1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBWzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT
+DGRlbHRhQ1JMIENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM1D
+K0cQkUNtDBARI1ttcSMWbaqm4Rx+gncCY62Ilp1eHN9tBFyJXN/kxEe8mxh/nl2j
+WEundquIwtjnMKXV4hU7ynC+Vg7taRu6Mu558dvGbBzkJ9LYCEFs3DgOphyY38zh
+PYa/0o7DoRoIAYopaEmCpa/fyqfUDGWps4S6FATb8rlEAK6zQHO2zirGsp5gq9F8
+mJon67WM0iJpIPSuCIkbaTRfY4glRFyokHWXQwXV63XkgNUAxQjLGwAqH1iZIOBy
+fl3t716yIcCnnimcaVrJu69GBxYrkeYTGD8w74rzGKJIHSCEZy7hOtS10G+N1zx+
+RqCKnCh3OHyc5qTyhYkCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+
+dbZlp9ldqGYwHQYDVR0OBBYEFHcYI+V2hMgUlD+C0IHqdLHgpC8zMA4GA1UdDwEB
+/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAjgJJapgvD6p5DPB8zpQ/ol3xmi4YS0g2ephG
+7IX/vh0H1AF7wYJz7zeYBbRUVeObLVzUgBq1iN4Gk+UxTFDFZxzIg6kfPyP+MBDB
+VIcSfQoWWWl7bKEm7R/eIlxRm1ZyvnCDc+7QYMwdH50m8KNSF9UOuJOQHGIgqJpA
+gRm1t7INMr4OP0hxeVkzw77P4hShwi9Wj3O4eDD+0xVPvxweDQdoo4oo3rx1ubWB
+CvJAFv/Iz0qZaV+2RJNFD5Seg/z/G9wtBPXaOsbaushHEejw9rsQCvj7GMuzzKVH
+qWhXC94zdUfGOz7+euMLgnJUmfEYyvQY9NgZ57+7SmTit98wEg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F0 C9 87 CA 32 71 3A 6C 01 BB 33 39 C8 4F 65 31 40 08 8E D9 
+    friendlyName: deltaCRL CA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,722A4E713C2A9002
+
+BguAZJfr1dO6b5dtwQQG7QdiD2cK+57DcU8qycGo/4y0ZB3iy97keTWLx9O92LhM
+lzUeL5AM34sT+m1w2ciaKdR1GiKXA2OTC3M/3kOm75eirSAMEkUptbwuPW/0iJZA
+Oc+EsaKC4FipWi0EB1aTaeTwApM7X8WNgywUYSCMz1kL+QCRedgjSTyqRcf1xUs5
+zvKcaC5q4ofVNDppkLZMAnufFWep41hQ4pHobkh6zbcVXeF8ozy3iGcyJWVgbYOv
+f2LumH8uoPoBwk2Pi8z3PKHGx0ZwKV6+huHCMATuLLlSO2N7CwCatz7c2DUPbU+e
+26IOpykXmqxvBzyo9vlrr2yvuP4zmNod1D+JnRVtHpfBdju+0K3qHZ0ihbnHnS8D
+zdOkO6TjLVHw9OvNbZEx3oTabOiHYFIFMKyAhjUIDQHEVVZ12fhdnBNvKduCnSJz
+7ckwYBPerFkfXjYKMaXKEGPfeuI85yT60FT7LInPqcjWC+LqkfTpyrgh+qciV7X1
+IfumvbfIFAUTlHPxUu7evdGVqbl1nhXCpKA8DTyjA1QO8nl4zkaRKtoijLANXZ1I
+SXj+UL4EwTmT7nzTm5/XmcioZlJpVPC4uz6ZUaACuNXHi6172FdS3WLmlp9ZtaBs
+eYjHqzQHfFWo4l1CF6JI/Z54nr8BsUZ1m9gb7PYRiM8ylrEQiJTGLf4a0ypUyG4R
+SoC72kAzihd6iEuJRKWTymHnz5IBK8PrgnkAk7TLWoKNb/PS5ifs2wtUGvBXa0os
+FzrahyPCGF5afZ0pGhw+01aJeHHaEhfVHI9ix33OUz5vy4oM5xYNDKCLtDXzhZ6Z
+Dc7c/9GiHUgW1u7eQbV5i6igRvEqwItitPah/zbfrsNwd34swv8YyyPovihYY3GL
+w6tk+8CYb4qRkyhXRg37vBUUuPa7GjElwE5cZsqUaVpB47wSjIZVFOC9g+/C4/Ps
+SI6y+A6QatTqgZ4OmQ7JKUtYHFkESnKPl7IzRFrw054oUWVQKvdvQgY8R0yhd/2E
+qbLSyk2Db0wLmcPt59NV8nyHa7twNPMVApQigXAszEhbSxJWGIFjSN1X41654WG4
+/2FO8TYl5+mn32BdbCgYGn3kFyAeCd+aHNfa1uM93coSoupCVRA/ROTxAx8gohzO
+TM3GctWfQh3uxOakDqv8I8GG5BMvJZmAoNTrMr+kUNt3hrCr9YRKGRD922J91vL3
+yBWrgkudn09y27zjxXZBmYDF0rtXmmtJqw2GebKFdw55OLj5cETy3X5HjarVrVmG
+SBF0toq03Mpc5i8AlduIaQp8ZLFmHLpHfX2mgbuyb3EMDC2RgdfzhxdKUzirVFqc
+DaVfZ+KNVQu8gyMdvljeRJN5vnf8jUEPzNZhyJtBV/CqzJxtUa+Cl3t6JRlWToOB
+U5oNF3d0BfWAlJCWzsjqcRk2C8zP9ZXBii+AErDkUtq/ifPpea7PYUKGqszLXtE3
+vEi6QoArjHCaDwpVdXi8IHpJUl363LTqOrfg7u4BrXMi+haoQPEyK5UPqilECzwC
+lShfMH9t9sHbqIN9CW/7RfO4+frEbHEYc6fm293IClTfSE9zS638Jg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA2Cert.pem
new file mode 100644
index 0000000000..8099fd391d
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA2Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 76 86 80 FC 15 9B A5 CC CD 2F A4 CB 1A FD 4D C4 3D 88 A4 6F 
+    friendlyName: deltaCRL CA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=deltaCRL CA2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBXDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT
+DGRlbHRhQ1JMIENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPmG
+eyqKnZwJFXM5DgR2BT3pqqs+DhJwQrNm13bDDmo5YRZtwkP04BF+AovdaABYrzG8
+SPiAnj7XrldFqIt/UJh8j87qqMvLcUU3bHIfB08mVHs+IRA1tXR6hle1gKNTvr6s
+tBeVyre3yGYJzu95wM0dENMlUfol/gB0hswUrbzfCWL4bLf86I/k6dhHcRpAanLf
+Ns/zOgR4ZjlgWfV6LV0VEYCNzPQ3d1jzgAUtHNtME6KoHeP0cn4EooDlFpwwjRCJ
+ijNmnZfyML2BZXmjKeye+vNXZ2kSRGaAOZPG1tDmdjVy6OwcxsCkv2oOXwZ7WwRA
+HOiLygA4cXym8HDOgL8CAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+
+dbZlp9ldqGYwHQYDVR0OBBYEFHzY9r4DTM7Ptz+hGbszq7XXjfvEMA4GA1UdDwEB
+/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAnot97/Kk3staK5cRrXT3IdCNVOvFTJgMt9oM
+Ngm/cId+NkEFpjPzpJU5H0RXabe5mqpM25W4ybfTTWgYqWvuCxTzwjhDmtDfhUwg
++U7prkEz9LgaJBa2ZZioNsrBEjSj+f/mO1e4ByruCBsY+uEpwU5eGKzySoaXX2wP
+7fWC81H6fX4/QNRnOsajadNSLbyVjOmiwz/c8rSt0ocaNTxkpe3xBh9MLSQbqJEi
+gQTB08URkciHRGBsrBk6HolAjMcghra2Z/Knry1wCcEzQkknOxzgS+IME7ehF9gP
+XmkFC8jp05ZGOfZeyKInxsivefg9QvdGOAu5IXHZvCUrFV//Sw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 76 86 80 FC 15 9B A5 CC CD 2F A4 CB 1A FD 4D C4 3D 88 A4 6F 
+    friendlyName: deltaCRL CA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DD8F6C30E6C01617
+
+7F8RxBk5h9wR1Ib1nxlGHOH6jj5UnG02dtUGJimXtFvAzNz+E5+LbHsol7G4hRXS
+xEa/p3LbqApBKKwskJNwh8vPD/ue7hbo6Hr57jMIE+9LQRanZwg6CMIcaw4eRD8Z
+/nKpIWZgLS5ohLAlLp868ZiSohFgLGPOvgW5IvuoS4LlDyVIn30wViwJZZDxibht
+VWmxQP5BQUaUBSDsZFjwgMJC5Nl+nNBhGcrIlerkaAPXihf1MJ5bMwudjsJfzFsa
+qQILIBy0iQzlwifR/gc5TmePwEOa36GSiLdCaQAihjbhTH2Mht0EEApEYWrr1C99
+fGzIyAcLUBKOQ9Moi2pC0VlGMcB7pT1EhQAcgYfinxBbQlZcieVB8u1dVfbRdeAQ
+ipIZvD2i8fOjDSXp117eoBjH3oiOWzTXCuy5iEyE+IDBxr+FPNCJgc48CX+MfbAM
+sgxsSfVAcClo167mYYbA8O6ORr9QvZ72KWvPJZEO/pDfVTMyZZJPhNyuJR3KxYYl
+iShZfWo/rUow4I4UCRPoobBqEitIPAL/+Uwsd/AEihN76dMXjY87zqm8rRdRsrHH
+YL3Q7g0Owrs2idJahta+2sjsgx4y+4DKX6U5ttDsnOSO/pXJhKCUzFufARoMO/Xj
+mZ7SoEPP+NxGmyHPSb0OK087TyJf/E1JZOUG2GOVXj6QN4yIn951WIfYRyntj33Q
+KUR1rVljlATKkVqwWETnsTGaoSZPmZ1c0VIwA1z/MrXEYtl7Q/cTlUrr7TxCpmw7
+7Dwes0uiiLbYfWXyJ+coGq9V0r5lkkWky9SOE5c4KL185G4DYKvjldPmmDy71hPy
+Tsdj3u7XIOLb/hbrRLFV/6ufs+bY+D6hkZWz1HI5ukuwxSTTjHSkEFGNVEUFtHLO
+E0M60YjRXR7VTE0z5hzNS0Q/9bcIH7jn1z8PRmwBAR7VcgC9oq7PFc+eTWkns6FV
+48m9a3BkAimJ2rsdaBYBXn6+qizeoDeTKhSs1sN1Z02Xu6jPcYX5aTrIsLESF2ya
+SpAVaE4QZpAP+k2jl98N3oZQIZd8L/tOEPRfxuzuVNpxfu/U05W6zQnHHE7Whce4
+miTwc1VvDCwKVlnzGyYm0x/so0Nvzl3FvKVRnDm6NueOS3+BVwnZGB5gGOKMpXt9
+2Rgr/mg77Df0SltFHJf32v0iLH91ozk85pyGIgI+LHqIcYXM6IdCRqqpRHJ7cMIc
+OoAff5sxzolmfrVt/14ba4wtLiiyKAcnS8k1YvjA06tp1201Y1hv0B8v+rSsnzBn
+LsTYErElmwCSu8H7dVLiXvskOXJrlC0mMKKaT9/F0Hw6O8aQwGer8IVGnb2jB52v
+czZoYoWjze3JGEGheKOLh70dMPM8geEDeFIBtR/Z+BFsKPxOwR7O9el7GLwp5wxg
+YpBNumQoGDEGc3v3MjJ6NuDrIDJd9E0pSMfF5wAK135tDEw/briw9qa1eR6opnqX
+8PD+8Dwa0vNfbiEHu9NZWASVBHo0XkZRkQuk9h63odb2Ce8jMvdSb04Sj5hqdxtU
+vwai+mWjeOZeNlMBRsi7QIR3/EcXZqIWr2mnx+sp6+AUeSxbZqqC7g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA3Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA3Cert.pem
new file mode 100644
index 0000000000..2b5a8de8f5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLCA3Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: D8 F3 A4 B6 51 CC 05 39 FC 58 CE 6B 1B BF 4F 01 A8 DF F9 7A 
+    friendlyName: deltaCRL CA3 Cert
+subject=/C=US/O=Test Certificates 2011/CN=deltaCRL CA3
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIBXTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT
+DGRlbHRhQ1JMIENBMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANWk
+V4v0ntSi9RGfISHPgdqTaJJOhlOC/mr9w4/zI03WxMARD6dFCOiJDP+D1O43FEnG
+UoeoxVIwnTYlN1rvJEyjXXZCdrLJQGqV4FVNQ/EpllubGkfc2mvemabpkmYIEW6L
+FlF20TrhiHowPffKj+7y/aXAMMiEfX+kplSkI8nN2wDGfOmZzhHptIKClExnDdJ3
+09sYRAqU8sdK17gthqOUa7Q6YIcTKJD5KP4nN1HHfhZT0Yl5tXnoppjPDMtVun90
+pF7wst8Nr7nO7tiDenpKvlYRNdP57Sg7SKzFhJt5wDEzZVLEh0BQ7iqw/IJRDTXH
+tmz8QVU2hBF/6vQGu7UCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+
+dbZlp9ldqGYwHQYDVR0OBBYEFO9j06hOsfnfYeINwwWjmBjSk5nnMA4GA1UdDwEB
+/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAZ3Ll6ZNSuII0b61IuWxMGImVPqF9M5u7q1W7
+dZqmMMzQCull5LmgeprRJA3jSvCBC3/kmdHsA+KNh5qtln7pOkdewhvz2kyDq/GH
+8boxSNEIi7yqPGVIRLHyp6jDrwkMrbhZOnwr06K/NwUuPMTsN7eITW/wVZSm8yUH
+TR0pDDTwCjrzYiszzbGNsJ/qTtmtroYJ2LJliKXYOhN2dP+47I0AKx5clhhofDz1
+vve9wuHgkZ17fvl1r19VXVw5r2XPSL7qNQxHECGzHNXKzJnSAaYN44py9VQ0JLgA
+gxZJZBZfmW1XzWMfusb8BxGbfy6WFx+698V9G/yas36Uv9bAJQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D8 F3 A4 B6 51 CC 05 39 FC 58 CE 6B 1B BF 4F 01 A8 DF F9 7A 
+    friendlyName: deltaCRL CA3 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6732CAD4054FA1E3
+
+/iiFt7tBHNGhLMtdgr1HYBP5tXrMDI4RoC++7n3PYuKnHf5+qomyoAZwZXWashAr
+AzeB7iXoMIrMLfjKK7Ka4+syXElaZTg4gcy8A4EZjzdw9uZY/8/5fxsP6CwhVRPk
+hAAK3RWdeqnjHpDpsPNQqUxRevHHwtLLPTEOnlSjn+mmLqPW230/q0MCWpGoSk3U
+6V2EX9AY2DR1pARVCUE20F99PQs6WBov71vnLRbjg/NxtN02jw3cvRHog/lX4gJ6
+LtVU8i13I201TCJftrlz8srHOW30UGdJSI+ngcK720wzqhhsB64dtKMaYn32GQGL
+EcG4esC8J1yZ3JAp4Mw5QCgcQzLrPcLQ1S5Nn5zAhyT5KRxVqbVHQW1Mq3GZJEcW
+aISGgZYIcP3g2o4Pj+hPgLCYsrzaTur9uUCgilCHWpGD03PJ/GAqh157CxKNH7aJ
+PkjbnTwXiFm9D1tBcsL1ebkXwvto0tONG58+VII7mT+8TISIw4AyAEZkdk2MBTes
+rYinh6hiyRX39Y1sqjW+j6j/oiZdSEnT903bZ3O3WjH7ocVkUKc9wXCCt8M3j+b+
+rVSEsa0KRTc5h6sosQSx11iiH6DfzhAoHG1DqPxhlwX4HkQzYWolW9NMF1wSO/b6
+3MOTBmbkdXFDLXMcJkikUvSf4DMxAV2WUEINbPq0opKjJtoHiwWiiCBrS+luSbk8
+0iwGkynIq9+d5Ntvqo2XrQbRgrXgE/RX7q3rIloNwHWhQu/F/SoFy8VTd5u4NMes
+hRoVfW8vhDMm7K/BUy8lunNHnBUaan1XOaUZmTFD8IWWR239evo7Arolhq9nbfXi
+PZO4xIRNMJXDyEntnw3eyVZvAm5OiIqzc/wU2aoM907Kes+6N6+XSqRhdCPSAgC3
+GnL43NQIu6Drl0tHFFEv3igQF7QtzVqkemzPCufFqreuYUoLh4pitHpNHTgBY5QJ
+/pnEzzna4hVFKGFqAGw+XINqOaFgnEMQ2KD34LHXUVNJ8cy8srWUYnrl91mZm12m
+9e29Q8qucA9+edRgdBcmkA4iiNamrykzPYi8qG3/SED9GyBKBgBVWcuzEyFcYeCm
+1zCqmj64l1asn4/mxV/f8jL1Jlr8Lfbzaz+rr2ECxK82WnEgrGP3HvmoMHf2GmPv
+k+6zRYbMBqaO6EF2swDqlSVkjAykezpQ8Jiela04K85m5gP7Y8rq1ps1fU6o7bJP
+rDhjI4uUnuC084mufCLxjxyR8gcyWkloc0wcD5yQK07QFg+Lao7SqLgOwFoOTNU4
+uKbH1yj4IO+2OiBiOW1rUN05ydQ7htdmVDras3NWUQsKFZRielWxKEZ8TCKgl+Vk
+t7uybtKrShyCqLNGxniDkhQHqwD4qgJ9bPxjK+I1TdLqZggR27fPx7lGSNFNPXzQ
+lAWS4rO35hldQ3Z3ieRBwvUfGHdvZKOqgft63BslryH+ugSgpU8Be8YVK3P5QH1J
+T1uv43qkwOY+dmFi+/Sn1FXcuhUgcA6XlQLbIPIgWqiSaTH20rnYA5D71oiw1CFR
+Uq7Ls+Kgw72matjq6VTgz05KlJR3uWl+n62sogheiBfB/nSUU/LKUB7oj3qgaeBI
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLIndicatorNoBaseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLIndicatorNoBaseCACert.pem
new file mode 100644
index 0000000000..2913748c22
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/deltaCRLIndicatorNoBaseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E1 81 B3 0B 3C 20 FC 64 51 F0 57 E7 B4 DE 8B 34 2D 4C 78 9F 
+    friendlyName: deltaCRLIndicator No Base CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=deltaCRLIndicator No Base CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBWjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJTAjBgNVBAMT
+HGRlbHRhQ1JMSW5kaWNhdG9yIE5vIEJhc2UgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDD2MDEBGlnaP19Dx4CgvQTIRIJi6rw8OvaAZgntS/WWFZt
+0BYKwbZnyXxJCbGO0HBbul9rFVv2dFZdRWMHd17HEIyv+Xma7/0w7L1CemeJQQ2j
+mpTjEkHef/G+p+Y1iBEn2vomiQV3WtyRoe1FVuOI0TNyg2JFR7SJoZU4P138Devf
+UW8po0fBAl7M/4gjXz61Q72QsM4V8vgeanQMvFaB0Qu43RYADtLMBTLuxkH0jA2m
+xodtfbpQzEnslEbkemYMw3fmuKkhbLPfqV22XaoRAohF4I5lKKpLj6alWTJjeTSb
+KvuQi3whU3rZYru06g8xCot4hK6daBJ4ibOPFZYFAgMBAAGjfDB6MB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBT0OHYlq6TjHMDIdYyN
+E2tjI7aKgTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACnnfaS3g5fltnq9
+bGIa6RsE9OlAFAXNxPVEdvXV4Tyj77hKexYBMwpf0NZ/pAHfsOtNJwU/5HY+vR7E
+VxPnIQsHnImP+LF/rr4I2RZCv4Y98DC/a6nSfZEqLNonxDQRlBls+jKsMbRRDxum
+YPIO7V1O6d2j6sDKW4rHal4llx/cezldhiK/6S9qEJ/+cjozQNICSA4voR0h1L5u
+ZvbGp5d+gaGQ+v6E88CcMTKDupavpvsZ6rQW6Yq6so2p5WgKU3+KdBs3MPKoDyk3
+RCCFHS4LxXLF5I4HYt3LU2SXarj26Xpo/6FhhLuzGaJ1r6jNuTGV6RUEZHSaMl4d
+anTwgW8=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E1 81 B3 0B 3C 20 FC 64 51 F0 57 E7 B4 DE 8B 34 2D 4C 78 9F 
+    friendlyName: deltaCRLIndicator No Base CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8272274058A2EDF0
+
+S3vB0SvIHneL0yWIiPOHWfK97IA/z5l2nkIo42y8IMeG5QL18o2b842vEmSq7DC1
+D3mSg65aa9ShAwtQcftH3+Fnp4my8oEy1dJ7LkGsPQKRrgyfWN6b/AvsB3TUEAGJ
+wC8wuVy/ASLKk3zfQKJtrCNTG6aEVfcx0yD83mE2LvsBl8HmTO2OxldvcKd/hze8
+xlVk3nNPDcwwy6r6FyJzQmqd2NEIOHTeUOHiKJD7PHhjpvJhlDHuzfivuGoxVcOF
+FReOaT+psFm6V5lNNqvvQxLfxv+O6h2+nb3D0gZ6bxTvpCaS0k8plAsdySs3b3LC
+avPddOf2F2qEY/vZRwVrdjVafSXFRydTWufuEDRrhRgf5JhxiJFN8ALPb4DWmYLi
+fmYsgcFVR+GC7tafQYppZJbxcYbItVgPmCXOqq0ndoOrVZObPZlz0rrNk4VExMIG
+ewViu8cv3hreBQFWT0JvCwVXbVTdxDlzBXHluHFjdhD4ZK6Ya+j8k9X4dkhgo+CV
+QU3wUox95YQbGqcg6SWKVEffJ1p5mqsJl2KR2NHohpDA0idGUPsj/FZ0s4yFetmW
+qQfvlhxLCMLIt+AFoJp8WgXtrv6AICDAjMBUulidFjuZy1fhdsBmLyXI+gcOAM6U
+ouoqvOVd8aCnJNhXtaxi2lKeXybLPrq0mNj+jAr10/ZKxaYpHi0x+sRkA0EJ2lmI
+5GagmktdipkOA2CQk6kWeKpxO0DLCdW8VA9TPixxtvZ82WfGsNlgrNlbMdjx5yWj
+w+1xmtHM/rkU1ueTq7Xt3BW8Xc+pHOOKEvjbeEE5GpJCLik/oqUpQ9LfDl5a2AZN
+OnCY591HEFQ8Bqgom7YpOiWtz/kaCOu3KlbOhiZ+zLrFoblwBRMFUgqraMfLT4dr
+yFsLEF8G80fQ3BCtOO5oORbeUYpPijhpO3RyjNiFk7yDjetXZewbwRwE7Qce7Cwg
+nM5bwPCc+UD4ha6B8UOxG86bdY+rk1D8mhAZN7mMQpEVJStIKC/91XZjyWJT7ZLZ
+jWAATAMPKQkColoCJILlFO1Hah0Zh1JhVcn09BDyudQXIm2m4+SceD+Jtlak4+Iv
+6xsvTsiLBgCPKMcy5s+B8cIyeLOUwVLqSd3b+uv3TJF54ANxIjTfpY7isiT1IyLW
+YbFuV14X0NuVs19MoYq+yzpFpz3z4ERtDMlDPQUXqZTr27TeNeF4ALb6fr++o2ja
+/+EoPsr9D1QRWBIy3FxRCGjCX5Bd2iS+mMDyplCJ5d5RhxIFDZSbeYVPC9VuyHUt
+IHHq030V9N5SjIXOR+rKLbxbi9xyDOQJwq7Q0encqn688SOr9PqsevSFnM5Zr3BP
+vWBl1U0ChwQD40pEc8Thteg7BDoeomeD670iG/ik8xW4XMbBT2sMmzLt3JYeZAjR
+Ef9bvZHjXShnWCqgPMcYpmT5ayi6V645PncNj0z+7Dl1il7JYuSo5lz+xo6QRNSq
++kESksnEcvRgnxL3bFUHHLKCs2Q+BAeJbm2tRDU1UtGXny7k952ULVIF7D4voNIc
+i5dNyyQUXfIE31Kdw2GewjUjkXtFSUF/RrK/j9OBPR+VcdYKtt/siA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/distributionPoint1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/distributionPoint1CACert.pem
new file mode 100644
index 0000000000..0317457845
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/distributionPoint1CACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: FE 53 4D 03 9D A4 5F 00 E8 DF CB 39 B4 6E 8A 0B 9F D1 D5 1F 
+    friendlyName: distributionPoint1 CA Cert
+subject=/C=US/O=Test Certificates 2011/OU=distributionPoint1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBSjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAsT
+FWRpc3RyaWJ1dGlvblBvaW50MSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMENYynQ66E+JgY1xOwEnmlpX+QdSNkLIStriNPb9+e04Yj6oIIIDPIO
+/nrtm7JkX/INHfmkYCwATYLWuSPRljutttRqCaja62DccwRV2ihZkBNV5Ptut6Ow
+Ec4Xeokk9704E2oFyZz77RFGZj2B9IY4zgJhDsFBUoNLW5f35PFFZnw7OBYug4u/
+yUAFhJD+T+nX5ULtCEKcDNelpEMqb13w79Vq6x5ppkwu/JVTeBdMqNnIFxNvt1/9
+tiyd6P7ZCRuFDKoW+qpV3jq+NhJSnfSxLeaa9AVqsZN56Ipl6JzYl2mKCUN2yGf7
+PTSiOP7a+T5vuk1fprwWvgqE2up63q0CAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFBEwc72NcCiC0m/P0jftzesjkdvv
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAqvE2hwsQx+hGq3knMpgC7a7u
+k3Efu3rqhzjT2cWDfNagFGwSp29BEKVlOayp+CZdUVZsqs2Ciiv9/+3aNaYMvVoa
+kSX65EJ4+f5ypA3kjEVQQjRp/2caWfoAsuyO1uI9T5bqhregHFplqvPYhLU46ZXk
+Bl+WrrqkfJX8lnGK3bLN8aPd1WvD9P/We/Rq790RGm44zZ2QtKZKL+wegrSVSOdS
+0vUV9quRfvEVIu/JzzRnxkTj7f03/Gn77RKeJux1jHlm69FKz6gWtuZ+gK6gO56t
+Fi2DvQhVBGXVU7pDDBbT+tIWZptLYGLhtDU32CDB/WmuyjPxVehmtWCdIP4/NQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: FE 53 4D 03 9D A4 5F 00 E8 DF CB 39 B4 6E 8A 0B 9F D1 D5 1F 
+    friendlyName: distributionPoint1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4256DD02A40FB24D
+
+551dFf1TMYbIL2bCT/LHxhp//bPnIKHjBt8FQjSq4uhPrjfEFeAxLdPFqd1WMuPc
+0kBvaKVexP0KtLd+owsMwb3bgw5BLKDt8xOm7c5auzjJ0EDRFxBl1WyoXJTnu9wK
+uSVS2NLv4XNgRAThfOvVYXKnkNCxiL8/7RCAGrGsvsPpoGTFotdv0NZ6yWkHO6GA
+FoNb5uM+xj3hcLd9rt9sljSFrXiqWc1a6ciE6eK23Ncol4zCMW/CuWTtBrppBNy1
++toc5GRfbxi3T5uKP4UyWV6n104cvGBQzk7Gn8FSa5/dvU3bXtJLiUXQujLyeVTH
+xF+Wc+NMXNe7vF225rxiI1DTHlECiH+AvzC02jCGzFKjw46I4r7vsyRzPY/SYHmg
+4XbVIdws+0Hd4wrkHAhIc08gKJ8pAZt9ZmmUAlQAP65924Vk5TkmatHtn72LDlGW
+d4PHXKq/o2cK3KW+yFFzVkUepnEU0/hsqSQMq0504ip5dAlnn5TDft1kbNA8LojO
+W0kWVXdgrzgPvXhe8zdRXD2wRzhGc1LKOUknmAkJV7EDJSJEm4dLYIX/D4iH8NEF
+1An6Mj/FM/i42c7SNsd55IT2dJS7kxT/GgKSj4RaAZVtXItKEWbpxv9YyNOpNM33
+9uGqmW7yBfH/d+xmeN8dAWifWKjJFobwK6uJW3U4FxomcN6Y7gfbXyj4qBNt5Ja2
++fcT5A/OsiVIXFCb1qpMdoUKGnYJvbDSqFnB5OE0WvD/0DcQNKnV/maid29MkJSk
+vZJUcjw6SYT9h5tIuAXFP9DFMjaI91RLW75JWVkSOApTptdzpmsRkJHOGRBaAIKb
+6ph2VPEr6wDNy+c4nA6/b8Di7JT3bbsPUHOlNnPxpV+4bGBpzZQ1hZjAl0WqNCS9
+eZJ3Wyu4py84hTbgM8Ayewi89bUFGSBS/tM5JzVRSeZYa6PbUtm4y/+YC4PC1Lfm
+pzykFji8j7w37vv8okwnAm9mXUAkHe4Yq3wzv/vx92ad9O9+OQCwmL5VpRtPUCQ4
+IkZrveFk38Jbl7Yqg9I0zd2QRCRSZcV0tKymMknBRb7zWOFIx5asd5B4/YgSG1OU
+c+zWt0gj7aLNwcY+Li5lbkLQf+juJRl9YKR8rdIEVsLZG8HzSzxd6g1nRGWjmfS7
+oLEkb1fjb5EOEMygnJ+YR8/zWoFxJrv7fhEKgkov2GSynFAK1n136/bjVOwDHJZ7
+40FL0YjWcyXngeK6CeC2yGz+FFDt5gaYhEKKqg8w7QwIOqEE2L8GEi15LYCd5wHd
+ZDjeBlR/AxF7OIZKuR36TfyWj0uY9TiqLFhLBREe40mIE782FXO98p4NizOQOM/W
+wkTHg3Vt70bTr83vzjapsyxsbPJc1lDQ9VjJ9h9Wx4OWwG/HauhfglnFXSZJ7qjO
+KhZW+LrULpX1KtsIg4oKO2NG624VzvlAEtCpklRNpmU1DV+82BHiA8vCXsKR2Yhx
+92shJ+5fOGtic1snUYvRfvTudGaixymnXA9QYYPDTogb2CiCK43cuxVdm2MhEI2P
+hDPQGNkBc+VZpHmDXQf4Z/k7SG0WMAwEGnrmWori3iRcKxq1SyssUdNi5Z2dPZ+M
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/distributionPoint2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/distributionPoint2CACert.pem
new file mode 100644
index 0000000000..ee5c443897
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/distributionPoint2CACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 63 F7 CE 8C 7E 44 8F 60 34 BE 14 C9 CB 2C 2D 6B B1 08 30 6E 
+    friendlyName: distributionPoint2 CA Cert
+subject=/C=US/O=Test Certificates 2011/OU=distributionPoint2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBSzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAsT
+FWRpc3RyaWJ1dGlvblBvaW50MiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALQ2LB7oID8p5wb57NwdfJ315YHnRlQWCCGgLmKHKDbxN15m/f0LKYgN
+kNuV3rddlwHkRwY0fsKw8o+scrykcTtFQ2bu8RKVJnkDNayoPASbNnlvFXqQKTJs
+atfy7VLN0nriHjM4GNuQ1kGsOmGi0raZK7P9VZhLEEBcKnoFamInZPX9XxyvLE6Z
+FPVKGZbUiwEdytR6TBhKkw3teOWC7NOF48pyPYT7kqmbqSiiIOziuidtwvPEiA8Z
+OtIYtrf1BC/ERRJ4Q3ar0R1Q5vamzNCCe7MKo8/vYUXD5KlJiGHWRs+ntjoQMelm
+gPjSY0piwTnvfggPhvzK4tfhmUgD0XsCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFERs7ttvf+tOSX94/s3lGKDsu2Br
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAUjZ9l+vtdY4SEDuKVEXz8N5B
+p2vDWBOSoKmPSIAiz/38OoQsX5I3NWb5VTIe9MUg9+Bov6G/7Pxi79qZkSHEnCwi
+Yk5dQDzKR7B/60ImIDydTuBjv9a9H3JUH+sxjViZeGkNBoqMEBbfeKerz5MilHRl
+fWJ2ZX/Tsg36YrCHmrFcU2BoSoTJ94q1+DXlGH/UhmtrD/OzCpS/ltCSIlp5kpUL
+KDx1MnA895+Q93XWU53JBDw7ZrPWEGWvLhHPXhr7FUX0gORQO7+gbJnmelHZdpb+
+69l2hOq3mGx/55qLnyJsyblw9w3UQ3uaBBcY/kZ9KaJsgMpNBzwNmHzD9I5gSg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 63 F7 CE 8C 7E 44 8F 60 34 BE 14 C9 CB 2C 2D 6B B1 08 30 6E 
+    friendlyName: distributionPoint2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,37721919A22903DA
+
+ExdsXEgw7tph+8XnTmAsVxrgBuWl/9P80m6gO9/x4wd3DNgcLxHOHim28B3ISLOA
++oZmjuUnJyglLwFxLCndy6UB7A3+0i+lmmY1nc189NJD1khO9XLcj620RRc0hyZ8
+ozdEuqGhtpvcYUiTrBqWSDdfM0WQIPu7AjlJPXJUn16z4gsRewN6Xg3T1Wz/nHwr
+KSSBowCpz8PsBUl2nCIFhgeWezDJLeCQVpK8Pn8Sgx8JY/kQliQRnVcEi+KTQhcl
+ssxjYokbgbKWkuhYaJx5eTeRl0XfhNL9Co9fKObfPsOFmsCydZ2zgkfiPEtMVpPQ
+NyjdtAlpKQFV/JnuXIfrPGed9S4DUGh0f6zqzdLXgXzQiisF9N9e62bV/dJYRlKR
+DEeQ/swqYHLgbOff11xe46jllQwS5D2QzUX5730uLrWKd4wMC0rep2ZOc8o8R1uL
+CqgyjXuSfhDtlXnMQ++vVky05V6uqiMwugYFhy+hUI2J6snvc6Bo905mjxUNQ6Ns
+lKRDWg2s+UZDWZ9vZORnlCCuw63BQaQ2ynjAyWZHD1NpWoAk9EU3qxCrfHynBnRp
+eM17njVtmW6ostxcKwmQfGlCNWOOoNSL7BZ1z3O6/UQOr/Nc+FehcYRxobJ3+u1e
+TaiBy1Sn4u1fOWPFApz/qMDAwfytdUY2sd39alxOnPcd/Q5/yc/H8HENJ7yhLfkP
+m3iy+xX3yeJ4JA7x+3STgV5pMXutUpt/YYfAow4FfNYbSAzG7bgZLk1ZYJ3cJvH7
+4UY7cipdtkc2fCI8xv4aroLuC1Cniyrt2lwtKjLgmpUS55liZ8PW5f1QhF1G7n7z
+H1wEu1JAN62gCP4Is4d7gMrG3oHIO76iFan0SvbodV1e/PQwAH26EHG/cm0jW2xw
+bSauJiOhd9mC3sHp3fs70jarXXxS6TvbRrsJDu8AUlrNiuKj7rH8CVRZCLZKJ8xw
+gxiexhvZWFXIOVI8tAdj6KXcn1fNzMXXaBiuXvX4YJr5DqBVLAuiGhOhe9HUsxoh
+TUbKaiD3MzYALA5Kd0vSTPRJfEMQNBCCXfpDmrRCWXC/M7XyZBXPC70vLO6+wm6k
+LjoapyFSManlyoQcZxYU89TNhoTq533l4Emx25IO8CU31wjU+RrZx8waYuaL+U6r
+TBY3MFV5UTPOxRNyn8QrPoFgk76Mx3wq7urGqLbr/QZVsoSf/EsmiW6k0xEGtCO3
+HInok44uBDlxomNrQ97QXRxFxz0XRySPkfFlOtF7ANciuNw/bl2Z2VhdxcpCdyTq
+P7X9zpTZJdlC1CNmmpty0z/x9IBd5bxarhuDPAd6/Lx9q07pzRU87FrxsiapiQRi
+j4GbCRgQZXTf3hsG0LCTko/DHuICWXoPGtMHX+cL0ivJfPKFEBH532uRQDetS6ca
+dZokky+lG2abugJQuUEuNh3w4fDX2Lw1KvxYaJWAFLcohqwzdqehVxhRbWolLvaO
+KAMKGkIBFZCfi+2kLLdl/HIQPeBQK7qnhYE0ZsCJLJsjUgsO9Iglwltkk44M9lM9
+iQzzyUexzGOjjUXg4BAtNOlhRk2lCW2U9jtu3qC9kgVb6AUMCSfrfA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA1Cert.pem
new file mode 100644
index 0000000000..aab1211b54
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA1Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: B5 F5 8F 3D 5B 86 16 0C DC 95 C5 E9 12 C7 07 36 ED B5 17 39 
+    friendlyName: indirectCRL CA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=indirectCRL CA1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBVDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAMT
+D2luZGlyZWN0Q1JMIENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALuf5et3e5r6UGUkLBSZ8GWvlLJMbqav8v5qvzCH8/BkfrIBQkxZJzlFmXUmlBaj
+MssFOzcuaBsXQRi1rB+/A/0eBc7n9q/eZJAujc7us0ZxFSR3wM31dMop2Sj3GUcY
+X9D+CtastUIePibzwSvnyWpmhwATVakSmFQGw1dWY9+mJ61JMHvtI/0TAcCNxMF+
+pL2DffQB3t3s/jzu2wLK37/QGRVReH9CoOJ+EQc3VFPPuZDSj9lVEdIyUnSAZb5R
+1pYzyJgq81rFZyGjQRKyThZVM4dvWkFAMjhxBtTon5EwidSMVFSyCJEe9udmXHzp
+8BEUr/ZTitxRviBr1vOUE90CAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggs
+Ba6+dbZlp9ldqGYwHQYDVR0OBBYEFCX4r/yvtqkaG3lL28tkLItLsRXNMA4GA1Ud
+DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw
+AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHLWWL8D7Drl5QC41ZedYyXBDctYlWUsr
+F9S64SNyF4DQQF+H7zBFsfpmjqGEQcQ0RRQ5MX109HqA0Xj24zp5uyPTCR/0ZU7G
+DFfYtkNbLMRf0zuMY6LnYuTa89JcHYDsX62Km52Gke2j5Uv5dhuyU4HMbgnvCYrm
+iCBtdXR8+EPyTKRIpryRwBx7fveMECFNkPYOxeOO8VOpN7s9SBJW9XlMlHJgCgWC
+t0AyKSlOXfGxZOVc+CQ8Db20+66prvugWPxNh/YhDVlCq0MiqN5VeVF9dX46TthJ
+r0/md2iiQ27rUueExcJOdfBVlH0+1h+eMh5PDKpQbhxJOL9F7ozQcg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B5 F5 8F 3D 5B 86 16 0C DC 95 C5 E9 12 C7 07 36 ED B5 17 39 
+    friendlyName: indirectCRL CA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7CE6392CC967C94E
+
+mXH2KbKPjlzKd67R2q/xXneWCfc6awdN0vIHgJaeGUPx1HR3pbx1sfnCIgK9dYF8
+nf5W0MMtI0+5vB4airkiy21oE4yRiPr6ijm6/UbAc7Zbepk0Gjfhf62Cqc6mgWq4
+53U1VvNSl1fbaG5Lt/syyJ3XOo1Oi1cc8/4LSUl9o3MLPVx8rRmS26x/LqlXrArO
+COpk6++5uM7oG7g31ctPdpHrNU3CVly5xYbFyUZViexu55ret+rX8MMEWgfD+Ncx
+BobCdFAkpa+DMUbvf6xHm/a6DvmkrcBM0vZDwtfTK379qMoCZp+UrJtmaXIfBszt
+nWybwYpLIreNY1aWt3oSn1DQZkx5el/jrOMeOfScVMxbKfiyHZFvgNMDum/fy7mH
+NOIqLWQsl1CwC19qcmzqntvc7RpVVCmVfTybnrtlgbdjA2CMExDmAVD0WaES3qzw
+MhgjOsCe5KPGtnTeV9YvMJf9dVW6dR7Vb6F5STrD4pCPl25upESgDdfMB9hsKhAg
+q8uc6tlsZRuwIHreG7KdVMkhYMJPUFDTIrks2cpgLZUq8S/Zq7QrrMDUwhZ+ARAz
+hPeoQLmm6OZ2AZBfOab0/V9l5B7k1yqDw8lm2Oh9BPl0RXpcpPlrQvsZRCMQd28I
+8EH22LCNF6eB6OCRHz5Ob5y0drG5IDmG4iWWFiqcxF8BtDfN1wHgs75G9D45GUJ4
+ZCEJxl/UWOxmJtqU4NzwoZ7WTZs47TpVLKecd/a0gF0h2Jc8NFQbXuKoj8la0IGT
+DfplxWd5JVZp598/yMWP2JV7Fvx4HyqGPG3oK4hZyDCm4+BAWXcWw+jcYilwmxva
+RSScp0xtPriLecBSQaZsO+Pz0XzOrncMyPfNIZXqhOXjOY67c7fChPwDF9UV279x
+PpZififIK3R4xZHKKuOIqnxRBqKP0MxF2EI68yjdfmqDJFMZCPjgfUtEoJAC5gSI
+f9nIia/A0AWaDqtYx8XvBRS7W0OlMR2OcR/U92SLobKna8roviNhDpm4SciYRvLl
+kj5XXWFpszcrUsJ3a5sF3cvFjklJkeuyLGZIQxoMa2RQSSd3xNDKc0kn0v3w7fuP
+Cp2io3ipIEeAIQFnRg2Hszyb9cWgfXL7excsfjfIay5Mm1jRFDcopxF7xn1F5VCl
+CUnAB5wiVQtyFwtRzGfQcLkvxUmKkmrEgAVO4Co+4WE4zWhukNnVZbOxDbMAftCU
+7srkC9va6qQ7AvaRO4Q8zCi8K0k+UhSGp1qj5kutxqnZycEQ3RKGwxm0xDC35Km8
+WUX7Dx5NSEsrbaoyWxEp5RLkXnnM3oO36vIQFUpFdfzzqAV8UZYR4eHQIZmyiyXV
+nImH7N3JKJ30bcWjvqURTUEHTk//0gzjKPrCGUqVPdUPf8Sy+eXmmvWOei4gWvVH
+hlyvr1XAjHKU2LAxvCIMj41T7q/EjFVOQkBKVWAU2eciaWF2/f9M+XET1r6ijQvw
+ISORmGph2rbnydxPDolytXYn9Hjn+hqoPS2N7EvUPOPYGVn5lL5RvK668AeQRd0v
+C3zqDX64o1SQlv+5x7z+bLAkod97c9XIgBpjeZhEV25ud1gqkdkH7qT5oS9Rx1Kb
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA2Cert.pem
new file mode 100644
index 0000000000..0e958cc03a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA2Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: AC 34 1A 99 52 64 41 C6 43 25 78 27 60 BC AE E3 D4 45 34 7C 
+    friendlyName: indirectCRL CA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=indirectCRL CA2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBVTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAMT
+D2luZGlyZWN0Q1JMIENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALbG+vkISj7NavKshMiFDWeY8m/KGblFRI+iNIivcrXR7KoyDka+l1GySD/v8g/m
+SPVWLySa30YPq7lQzK7Z1ZiIFTK4oX//86C9A739Ix1EpE5wy6N17TcN9/84VvzQ
+4F8XgfWArHxkx6iGwaKAewjqbWXrIlJAN/AEKIVdGRDKYJ8WjBsbjqOKW3gdqeXC
+NQArz2RoVW/HPAQ9UBuHm/HA6pucChQg0Etr5rgWXwVOwBz3i6SutniOau5f3LCt
+R572MrldRdQ1PyNlWu+DvYmeHkn7x8TfRdSzfqJcdZHxiaaD0rDAHL4P/VnPqoQL
+wNAkaumLXxYAobs3/eacM0ECAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggs
+Ba6+dbZlp9ldqGYwHQYDVR0OBBYEFIgj4bOz8mz+Mam+i2GqO5KHBaSjMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwICBDANBgkqhkiG9w0BAQsFAAOCAQEAOXdtPXpoRCu4kV9TYCqJbWIdroe9/iJE
+frHjG4IB7WvGNZG7X8frDJ6jpPPa99WsVTsARpcgIwR0dgsPzbfKi60/M0UIlIVc
+qAsqFCkxomILSXzSHgcjry5Uj4K5fKWPJYxjiFtBkL+aBu4K6/xuzFOXNokj3EA9
+dehWOrXS7rqxcs+bTEQnmg29kHrChbekChIOlD1v2dCwP65VM7G1RiqVUCeUu1uF
+JgSePo2t89Q6JupwgNmsR7rmnctEX+RmA0j2wLmEcyMEyuk5NaBDViSzmA6uKwxf
+1lrs9TRq9bHA/K7Nb0sUIxE0O+dMsXwjLDZjCLCcyJvE5ykw3okgLg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: AC 34 1A 99 52 64 41 C6 43 25 78 27 60 BC AE E3 D4 45 34 7C 
+    friendlyName: indirectCRL CA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D14DB604D7D17BF7
+
+hKKgFggsf49lZ9+bD89dr9Rdr59yV5eF0lBS7X1pqBL89UFMwl9FSVaQnyqcWREw
+sab3toOiYRvEHUCGM4Tu9ly121y7/KSkkEyDaDQSrW8RPrVJZ21pz+Gmr5Ryrtzp
+OfiYdCIqgxBb1mSkC9RperIEE0/42uN340sO4qDIGFZlgs8wFFq/7Ohm5XktJ7au
+iBpxEMmjG7JbAYTOdVQDnOIo/IqUzTd3DymI6YiEk/oxE9Lk3m0daHBlYWdHc8e1
+2e4rm6WUTpyuAs+XlJSi8n2x8bC432WIcH/D9w81nxqNNEsKd8glMzGUKnTb0UGD
+0+9+E9nV3i8cx+mqjgF9if+ZDGjN2Yj+u9O6mQ5BIP8BxpcpfusCGb6asv5zzK7O
+G3QvpHAK1NLF7Z73YhTjl1LHViPwrndHRtGbzK79s/d/tHFrc3i+8QaGklkwCJo1
+IijRyCqtrkTDIOzI+7iqmbZvUnecT4pL1l8JATRCOyDhV8StaimA3KU8NTEpYcJ2
+TCAOJgC5S2Q1bygCa64Rd+9+E/B+VbSMtHkaRmY9haXBbCpf1UA2Ylkxk/Wsp1zi
+k0z/W+4WeBdbEltpTBig7ofs1QpfbFAP/eItGlr8/dovLj4VRFIVFkAza+vZYbAz
+O9tikQ4ha7uxbHqFRIPo4MIy8ocwbzaNSTF8VJgo3ertjaWCM7SNkm44ERD7Ftly
+CObzXqvhltcvf1Pdeq1uISRvaekhBWe3vmEMx7mFrqucctLLkiF68YjvtzeQIszT
+Z923kYRuTE4ds/9YU7zyWAk6bTNQ0ThPZGcmnooxcCx0guNtXdXdZz+j9lmazyww
+INmSqoxtWUgnq8Yic5mgcu19pYC1aHLCgouT781T9p38Y8oBCSPBZEfV9n31xPz+
+dkv+YR9U6lR+kQAi3J2HWOaqYM/hs6SPXlGqCLCesANhlsiJoqeGvxYD9uSEqTzn
+/CvHcc/7IP2WIHZGTx7v5OPIdYB0XC41gqqBCSVadPjjwaY5ydmgPbuMgt6lVt57
+BjiGciVHJVfThITQ0rBsXZUoIWOtujqNB9rQ/Vtf9oPLjL84Tf3wPPtVlPtaLJAi
+s95rt+QkHsDil1sKky+eiq6n+dS4qI8HYvFrxDb66Dl59pWmrXxM7AMyBlKdBYB8
+Srk/LkCyRrHQYOItem/YWXAmKsvP/y3XNVAVJ4tsmrRgWomJegWizJyxlSFK7zZT
+7F76D3bPv9ss8/qZOd+z0brwWG2DIqZfofrIqPUACLIyaawDDoCoBZNHKvOTd08h
+8ANDHZbpSRG5P4U7pAGcb3fTiNYwRUq5Uui9B+VyU9Hkc3UPS0NbcDxRO7jyAeo8
+GUfuPswQDTZdCpvGfv2QfzxvEqhBMZhi6uSrxVk9cgAeW0ZIxb8Lyu4Y/wWB54iY
++nILagoiTll/ReaoMGA7ZcZriGlQi7eiUnjFtnSyKSojMuej86BNmBFjBNcbFo+N
+FFsF1MVyUN3W4AeZJvpyOpwgGylGh50F+yMDPufTfV/zeM2GcP+SncPcTN+MK1we
+lHMEzW0Qz0rgn3Aur36ZeA3O0YUl2HYG8OHXmLahNNF3FjgDdVcH2Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA3Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA3Cert.pem
new file mode 100644
index 0000000000..a9fa78436f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA3Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 4B D8 D0 37 3B 66 F3 24 85 06 9B 66 77 2F 4E F4 EB 09 75 75 
+    friendlyName: indirectCRL CA3 Cert
+subject=/C=US/O=Test Certificates 2011/OU=indirectCRL CA3
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBVjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAsT
+D2luZGlyZWN0Q1JMIENBMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANiNK3lOKMs7e3En7Due5lbLp0+mhgqNt/CrFwdoc29BZ3O8NyXPeTN9giRZL+xI
+0af/FZVSa9cX7aYkDIfW1xBCENAqWharbOU6ChJEVVlbyRJnrRrsUfEKOkvg5rDA
+8/7x9Ow9/oLPBmCsBimTY3FnITv9WElB0qO2vws0rlpZve1LeNlO0Iby+w/oWwPb
+yz/v65+Ih0482EHo9Dk7Hyy7SFK03cC2shMGq7YYerpZ+HQDrmQ98J0UllLgbLoW
+0J2X7fX29IKbt3HHfITzrG5qBVmGAhvPLuRvOhTgNWX2v+cu24VlS1I054vojpzY
+l2emDjSX6dAXHJECDomk6dUCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggs
+Ba6+dbZlp9ldqGYwHQYDVR0OBBYEFEiTVH3EbTD/LVdFcSTfTAWfSgAtMA4GA1Ud
+DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw
+AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEABQ//a1C5EPLrPnVaIBZbc9JORtSqVNdd
+NhR2GhwFFPihKof9CvOu7F5bhBjFggPPfKzlKvHa0/V3RVMm5wpkMgNDP+sJJJbU
+CNGotpJGzxz0Qcy7oamq12rQZLLfF6+9Bhfl6v4/G+WdctDR9LBztruHFomj6WXh
+9ExtH6IVxv+byA8SDazPaVGegDHB7RB5mfScblzLYMiCE53zzA/vcaad9MsxndR+
+zPVLlvMHeCM+6+nv9u66dUqDChYO7hf6eKjbfXMLYqZkD/ODuwt1eGmNaw+JNgK7
+uR2OBjnbTpFsxlRWvr9a8LLdRv3WouHeLXPnZZNXonemz8UJxY8/bA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4B D8 D0 37 3B 66 F3 24 85 06 9B 66 77 2F 4E F4 EB 09 75 75 
+    friendlyName: indirectCRL CA3 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,70DC1F7E38F226A1
+
+wcAcDokOxThmTTO/Lkg7H+uovoXaR9vgWtSdwk0HADNerrcXuXUJ2l1uP6avTDSb
+4Ecw/lWOb0WDZQj6CxaXZ1ZqxO74z2F7Ta3ho/oca7qJYoix6qxuzDdk04hlL6hl
+YiUMCPCP90O1FMoqR0iN/4j9sWaUv5cAtq3nYEqqI1UwcULeyPeASqCSA2Yuw7El
+44p2YEya+6GWfBz2jemDDNl5ofqZB6/McABgDxAQ39awXg+d3ClTb0tt+5Rvw1qh
+9jq4VOTEWOw3QtMq11/VmpxO1jur2ltlAU3L1Kww4lUwoR1TKndTGmrQW50cx0vW
+gEAgX6bLjbxTNJjNqORl62W70V9Wxc4tV43mKUq6IeYMQmJM5AdaDfZlSN8GyMIc
+VtpRcGCvUwfAjgby9VP6UCEOaTQhuRyGb8jsOitiImW9C7x/KgsTj9aOSvVjqd5M
+KMPfvcNPiO7uGPKtYFMt+iFdG3sm4FQ2oNUWd2nsnG/IEHrZZGmzXBJS8M1u0kEt
+6sHbs9b2j8yoCzv1tJfHMHWL71vxJ7zMgY84cxUyllFA2RZH2QEnwdUrR2r/aLP8
+hIstF6Aqd2dlEWfJ6/+EWPyiZngtneVDMY9GgqARb0+bOIe7CwusxtXrNGFV8Nu/
+Wjq3G1Xm85kXovPlb/2w+Jo1qgetPSIIV6nu5Jy3B+Qr0Iq04kwthBkusYqezdF5
+qE5D4ez1o5Kojy6NS9Gv98XXM41+qA3mK58v0PAkSMe+hmCwQPVjdLrejWcLKUte
++wFINCQGavl1KvVqHwrDyKr2OeH46FZYHy4kxK7gpUYaITwRuAhfxqoaJRegDW8X
+JILdphexoF5UtXuNba78j/EP4fBOCW4qLirh27mUBqPN/mjvwWcBxCnkkNl+nqy6
++bPk2uZV1vjC/g5lDTJHpXSsK2hjGhX14q92PmcTCSPJS8CU3vhYB+RfZdWiHaGm
+ro8+iESwTKleXQtQb23003kez7k/x/kaqDz2zRTM6QejbH/BCEw3lX/dCZqHXsO9
+B7PtuQ/vlXZKr+1OPmuAMDxC3uz3FK70WndWAc/Iz4u6MC5JUBLBRUbCKWt9qpiN
+1IqUCPK+duGy4t5zm3eR40F4gzNhQik4Fswtif3SLhH/+k2tZvdBlD+pW7wsHf1P
+UG9aVeF8nrRSOGxxm1QvUG29QE/CPmlr2dFIl7cJXUQlAGOkxyRqav57YKTgvTWq
+Bzsb+Rn2g9guN6h1eikF+LbvH3jDjOWCv5UQmQ2oWmeJMzCZ1BA9Zh29qbpgQhBm
+fcn5ymsh6LhLoOie+4YbAH1NgL4BN8GSty058VWpG4TuZ+HLaTi0N968zYWCE4nQ
+EYW1lOR8mHb7Nt/m7vLGoUsyJ4UcUeGRj0Ni/B1Do0EBkMkrL0aWZd/SkKS67TEU
+RNDUte2UXVTdUNG9O8cp3hosxeFxe+JkrH0jIMCokklGywPmRA6M3j7EmXB0bBx5
+1s5/ST2zSclDPWsogQ+WKhMsM1dyKuRPFHaKZZQd/4mvP/UZvgx89yORfTv/6HPO
+h/O5UkPJBEV9PQGWiTITDbZA7qwJXLoMm9T9iY/1xA9IFgPxyc00fYaa4/NQnKzw
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA3cRLIssuerCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA3cRLIssuerCert.pem
new file mode 100644
index 0000000000..e860a06fd5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA3cRLIssuerCert.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: D7 67 E3 9B 4F BC FC D2 0B 68 1D B3 C0 0E 0C 8E 33 B9 11 5F 
+    friendlyName: indirectCRL CA3 cRLIssuer Cert
+subject=/C=US/O=Test Certificates 2011/OU=indirectCRL CA3 cRLIssuer
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA3
+-----BEGIN CERTIFICATE-----
+MIID7jCCAtagAwIBAgIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0EzMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNV
+BAsTGWluZGlyZWN0Q1JMIENBMyBjUkxJc3N1ZXIwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDEEg/m18OkpbFmgcDm2jrpdH5AIAb02lmRStIbYZZu7kJ7
+WPJGEMbGezYr9zg40ALP2a8GIygEDNuw17xm6vAr0ivCYd0mPcZxZ342EsQHLvG7
+u2zsDqw5cfb7BTyn0r7yEiIV02EnKfQYWDqpdV6BoSKnDzVGBafwos3dBk+ogr1c
+2s7iDW5oHM8cypqsOD8Aa/LbMvu5S/qaGYJUF0HvDavQTKKgSq3hg7bwcGL1iI0X
+znMWbMz75XM0ZB7G1Hj+0F4yAMB5NsFw3nfSNYTks9XU2l0O+qS5uhsn8//5odLp
+84nTd6FxGMYXLIhxOE3OTlbszkGNKE7CyXpbVVDzAgMBAAGjgdgwgdUwHwYDVR0j
+BBgwFoAUSJNUfcRtMP8tV0VxJN9MBZ9KAC0wHQYDVR0OBBYEFJHROZjJ709UZYoY
+Ui18EhIKbHeNMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAOBgNVHQ8BAf8EBAMC
+AQIwagYDVR0fBGMwYTBfoF2gW6RZMFcxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZU
+ZXN0IENlcnRpZmljYXRlcyAyMDExMRgwFgYDVQQLEw9pbmRpcmVjdENSTCBDQTMx
+DTALBgNVBAMTBENSTDEwDQYJKoZIhvcNAQELBQADggEBAD7jPyov+IMOSYaort2s
+i2Hn/Y+wxXnqcLw9sTsxCMQYSQTgvXLN9aG7wT0gCNGR8Xdg9GhsMDAqUjwiBto/
+RUcsA4a/8H94SmGpO5v/s9Ow1MNicSAZxn57nKIDhj2Mb4sHIxzEgEp8iclBKpYm
+Hi/J8IOQoSR5e2nZSDoEGZxadq+qZx9BQYlNCMIZ/w0YPU+Xj8Yhoz+RB6my11m5
+cCTmcrMThRIsq8m9NKeRokZnhjjrPFSAaopbVaIlI3d7vTfZ6xbqozxG3qs4fk0Y
+g/vMAD1kSMt+C/wj9SyzJfzqumVilpRozTvMunD/k8mb1kWbyij6/V9fm6gdL6eK
+nko=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D7 67 E3 9B 4F BC FC D2 0B 68 1D B3 C0 0E 0C 8E 33 B9 11 5F 
+    friendlyName: indirectCRL CA3 cRLIssuer Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,91F8DAFD91445923
+
+y0GoU9Up1IcqCWyZ+ELfoH4ov1/IoOK0XRRgjI2kOX0+KtCS/kEZa6mFZ0hS60sv
+ArAnokuFRr9lbbyvm/R7Fik8kQBz6BmMCuSNOL/UMPqhhjErvU+lgUqDQMVbEWTQ
+l7AYQNBtXWEm17HT1No9vCy5VpBipphr7x9OCc2Nan9ZHWV6Hzx3kTxBInnyfwYd
+uBwkoLkYXDqvrwkJiPokikc/DQBl2ksKNeWjBUbskwZ55g91qAVg8oWSUAT/picV
+aP9ZXnwYEFcWheooLRLVDyaUIRGlwiRV7KfBrIDE3ClySGdMTMmjzfRWdxk7tH/5
+qCL+pzWz5RGM+Uhvnt2sf5hWYE3aCfIQT2sLhkoiqG/j2FB3MVRl23JSnH5nqwPE
+093Suiaf3qUwCZZpgP/7+ZBftOBnvi8zRZy5RdhFotSXRQ16MNGPxRvI4eKdXcDs
+9rtn0b6NMPlDym7JjscfVgQa5bCFJeaV8gh4cEWYtFIjgN6o7n7RZIJ7ZZBi2v1W
+eMVLB50Nai+EsQr4h3plJnFu2Lh48MgAxIiy3k+xLTGTQyYxJOJa+Ms+jWSnjb47
+XzQLfrZ6NTCKpTVNaUNmbPeKPZ1cDV4RPzkZbd2Hq2gohr34NfBOBp3d0oQFCd6/
+BvD1ZTWCPe088jw+tL5QClXouBPrLTuCUKwDjCfXQLj3HWJixJR37Al2meicz4jx
+seKoygO6orVJubJPzAPF0zIDGS1m2Q5f8eT07Gmgv7XlxWlcxOtzP7epjjhlbumv
+tgRu+I4qBvLVuzVihKduISI9M9Epzxy/OxQMYkNxKt2xBgZucz5htOlH7r+HTHwT
+Xs9jBO3Vc0qsjSRuOBfIP6z4oe8OMfZmIZidYDqXqtcoHai4YYMNyUaeVqSLcfku
+QnlpGGitPFpu+7/Hp32krTd+3B1NljedRB2KWRb9fB8u7uQRoP+oxt8cO87G1XS/
+c5B4j33pvB90FSk4ljvXXWkqwKojn6d4w8URgHDsWsMJRuwrBRnguItgNL657JKx
+qjcTdOPZvFBhCPeR7zYAC1Sph+ik7qqdk9CAOMbFX8BbyFfE2GGdqNxHAiTzV8PA
+4A1Tv6dP5pAzTTf9ID/QugzKglCm3Dvib1fGr5C3aCc/CSdE0X1ba6/4X58IFI9r
+0rWwyMlPShStT9cFks3JeOPIQL/a2ShdeQCjGhdj4muSSdziUEGMikKnSEaKvk+7
+qLvoyIQVmGMx/zG00xbw3lB89sJq7o4KJUXEom2hTtf/wwhO4FYaFLwmBXup37Ob
+P8tsmWERiy2X6aWAtquFawRimb11xCWxWvBmjPVf7g+aXdxwUoevj4UZNEPuKhTL
+hIePovajLDFj2jvtbo2WBU/GHyC2jBs6C7hMCZBhpb0C12I7c28jqHwTdPtB+/ld
+fxudITxmsNQXW+/g90RQp2TuqllKjltjFmtgXT8XQR7SSsivaYhSvyUq+/qGB3Xm
+5MM75YDJjV5WNuFJtTNp2IyKb4gZ5/XDLxBJnuNJT9IFatLe9WkvdldSwJRhEyUn
+PTH5mD0oCCRr5E1Q7FpMsMSavbfN1c5zNZcMXT1Zy7OtEtyH5jAPHw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA4Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA4Cert.pem
new file mode 100644
index 0000000000..df33028904
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA4Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 43 DB 38 3F 81 52 93 48 5F 32 F8 14 3F C8 B5 4E A4 5F C6 33 
+    friendlyName: indirectCRL CA4 Cert
+subject=/C=US/O=Test Certificates 2011/OU=indirectCRL CA4
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBVzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAsT
+D2luZGlyZWN0Q1JMIENBNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AMIccFW/U1iXfJpLneZ/qS8p7kcRZMEOAl4wEwPcQNFqcceBINzwzkHMnKOsdbXI
+h/9p2I8+uzRA1zNLL7Z5jJdCskLR6KcyeK/PatB606UOKASrJssK498OHhI2GAY0
+/htTk+Gh9mKEXzh0TwpT5RMeAQmz+0rAG+InatLWzSo0js87MhMcgiBPCm8nVMw1
+31Ju6DOhGJ17zsjWCQgq4cjvniJe0oBmiZJI70c3BjfSyETOLENCkp2iV7v1VjiG
+Aqo4K4iWBlhE2tTeK4gcRdom0I+RMsUefz2TawxslTKBT75jbT0zLc6KcKuawqQi
+UTSeJ1pId5NkBsd3I4iV76kCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggs
+Ba6+dbZlp9ldqGYwHQYDVR0OBBYEFAxaMuqUASALqKovyRLjLkECgui3MBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwICBDANBgkqhkiG9w0BAQsFAAOCAQEApuBvFvvvzaEhVXrF4iklYuwhN3XOAIYl
+iXtVgh7+eB3hLj0yI3vlIRe7FaiYQJyd4WXQgfFtXNnjqCbQsmHu+Z2La2INu1Z+
+GmKryMZPSlceyYlovW2LBATRf4XxzusrkKZ1ovW45wpad3w9x2Wmnyd/+xzcPCAv
+0E1GS/pstkszz46E7S2dtEab9mSHADwesx+rese6zbdqT1wLNgxVu7BIYylgCmfb
+TV2CyQCeatdtAziyLaHtqK1NFWBLDp6KnlRXyjOYg1kVUNX/qQVYcb2S+OaEFQQk
+M7c+30FSksP/pWcQ+MqpLoTpVT9dlwYX6fWxGGc2hqNW42A+7HkJXw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 43 DB 38 3F 81 52 93 48 5F 32 F8 14 3F C8 B5 4E A4 5F C6 33 
+    friendlyName: indirectCRL CA4 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1F861942A743C6CF
+
+wK0oBQc+fOeGBEjxMYsOZfrZgHK6lfs84YIlAm62Dm68RErR/Vb8EBc/0nxjv/hv
+VAgCQGTOqLootoFYunij2AYWZj+rUWlbl4CzmupOIpF4RU58iRZ/StQM3qBGiB4B
+xywYmjCt6A4/9x2fRRpc8mAZ1eAAkPuR/GPlxvZBjwueHkbeOw+U3ff66vLN9mpR
+ut7JmvTP13clfQsTrvyo2Ru0xJEOKhEVRm7lfV8EKviFK63jyZAIuHj3b244kgvp
+9XiI7wvn9mTkl50fAV2q+lnKbxBcSqRMM/YhDQ7uRI3vP+5SRZjyOtZEJ/lcWsOk
++15ZvXHLy5N0n8NgsmL/rNpxsyEAUZnzW3jJe22UAG/VxXldm1U5+Ks060KkWw2I
+57ZbPAUQFt9Q2IvmNmYzU6jIsOsfHILJF2PfEiu03P6OQOW7c4H6BiRtj4/nTZ02
+HLg2GYKXIRFlyoSSmla7xA6c05QKgbXkARPLNrQeF7gRs6Sbm1MBznXXieGxlR2s
+Jq5+9OlaJ0TuhUqYbZxcytx7PfSVMHt0D9n1oAc65J1ik8KcBpdmSi1B7brxUH4w
+r4yQvGDuui/uCSLzfW1RNkug1jSUI/2mBRqvJOTzqFblLXi29NEb7TzDXJ6q3qe9
+sFD7ZbbrphLCl4iawJ7tmB6+Uz3+K3w+mkLa3muZPDt5UZ6Y93qLyeQNUk2NL+x0
+7FopkCh7Tp79g4oKWZ7MFcslyWb3rrd7GuPwFC5c4+W1k1PsEtLnpaAxbNLg82Z4
+tXeDnp8HqNk8G3M++193LD4syc9GUBYFc9ToP4oaDVjyHc7RYy+SjfKyh8Ij6U34
+1Ff2uctSh5x93xEhYwh0URdwnX7OrOR8Lo8OPqmTe8qnTJ4Z5uRoMVXxhZN90bp5
+IyHmaJvw/gpNFvTT/PTXzjQYawqQQvDAVXTzOyUPgijHivH107JjT20eVGKdIuLG
+Ty59T+MPf9wamIarR2/RiMLdk266QJaKlR24p1/LSZmgu5jmP5O9S5W3k5Z4VBJU
+ZSv7Z+fw9YuN7vwNWxFf3djLV2zzp/AGc+CdTWf7hUVTs56aSqO/AYmPpq77LEMl
+HjyqNK8dh0VLJHBBlECNx15LCabpmBO2WwpH93BIogC/NE39U//MmiP989+EVZK9
+tplu+EEYVPQKJiKgaeSyAOcf+PUJJGBKggAQrqjxmoWjnN6+++p5koZGwwYQyhUj
+eT8VfphlFlE44d84ZymVsqrJirNrriDOfc8C9MDi+jKrcI4utHThXFNdDMZrNmE4
+dNjibaSn1Wi+YA6fNjvTfGRUl8taHUj75F6Nj7C/ugCKp6AWnYMEAvDBlmsgUN2J
+Eyw0eIkqM7nAqQhnxf5bgikKA3IZ6EjYoDeH6MgigtPEUg/pOEbRrfF2Lnc7F5mD
+7BqdMu/aLY/z5fELT2jADaQNaexoboslnhBUHKcVx1NwYB0nAECGKUf8b7cd4I4q
+2Cvz+j5p2GW5g8hbu+rdMvdueanM8j6j42LV2eBp5tTLyTB6a0wnlLxawqKYbcc4
+Lpbe9ngqZHoz/x+cNyCx/3YX6QeHWQobACVe6fRYtW2sumwi/Wt7Pw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA4cRLIssuerCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA4cRLIssuerCert.pem
new file mode 100644
index 0000000000..68c5c76a27
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA4cRLIssuerCert.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: 8C CF 5B 50 6A 15 7B 2A 06 9A E0 FB 03 9D C2 ED 71 5A 7D FE 
+    friendlyName: indirectCRL CA4 cRLIssuer Cert
+subject=/C=US/O=Test Certificates 2011/OU=indirectCRL CA4 cRLIssuer
+issuer=/C=US/O=Test Certificates 2011/OU=indirectCRL CA4
+-----BEGIN CERTIFICATE-----
+MIIEdDCCA1ygAwIBAgIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEYMBYGA1UECxMPaW5kaXJl
+Y3RDUkwgQ0E0MB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkG
+A1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNV
+BAsTGWluZGlyZWN0Q1JMIENBNCBjUkxJc3N1ZXIwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC9xeOutJme+85JOGzcNASVfrEKrSri/RMChEdBr6Fh8V03
+G3j8wKFbvoubSRpFn14/pqk8VyWURjeqj2knSeYd/WJI4f5k7GTo9oD9ysOIDw3u
+giAY2IqQAUhwTyP6UhpQhXNPnmHpS52lUGIe7Naq5s1UXaTc9ofg/qKRSHTOFZ6O
+xO/QwPC5upcZ26ooEV46qz4Qe0tFO9vGD0XTsSgBKwguXPlxd4Jkyd1IYh7QfBqw
+5sKmJTbn7zvbPJ5cnpkJvTyQmiriu/GnmgBmYE5WgHd9LE4iSTfFuLv3ssaT41rM
+yq5OJzi1J2/xS0g++9Za2Tzxqp/0gWVYUYfM/MUbAgMBAAGjggFdMIIBWTAfBgNV
+HSMEGDAWgBQMWjLqlAEgC6iqL8kS4y5BAoLotzAdBgNVHQ4EFgQU8wjrbbnFoBCk
+2gRF/696R68RwLkwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA4GA1UdDwEB/wQE
+AwIBAjCB7QYDVR0fBIHlMIHiMIHfoIGEoIGBpH8wfTELMAkGA1UEBhMCVVMxHzAd
+BgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAsTGWluZGlyZWN0
+Q1JMIENBNCBjUkxJc3N1ZXIxKTAnBgNVBAMTIGluZGlyZWN0IENSTCBmb3IgaW5k
+aXJlY3RDUkwgQ0E0olakVDBSMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBD
+ZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UECxMZaW5kaXJlY3RDUkwgQ0E0IGNSTElz
+c3VlcjANBgkqhkiG9w0BAQsFAAOCAQEAnk525PYwE6GN0KVKCE4B9NFybrWSSmt8
+Eh7bG1bLDfd7aBW2yjHSR0fr2KpYMW1OCB0aS7H9kOOrMYoJIW+fDWmw94oUhML/
+nvrOGmkaIuoPFKY1rI+s2NdG7taUndMw2KFGprToowQtWTs42f33NCi8PVmppXKQ
+HbAaPFl3TBJ0fk1d0dmnpqYGHJqgRSbt/qg0pUisYPhMqD4kT/4iJihkfovfeccy
+rptvHA6XoTVKREP97eCKGpK3SZ5eDoVSlT84nwlqDlRzvBgCnyRyR1eWo3lmWjox
+EmqYwJAXHfPRumgNMuC6ccAEzUMvPacD8z6fCWjR9uKUE5opGo5ffA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8C CF 5B 50 6A 15 7B 2A 06 9A E0 FB 03 9D C2 ED 71 5A 7D FE 
+    friendlyName: indirectCRL CA4 cRLIssuer Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,95D33CFA36DD53E6
+
+ygCly9uXoWW4ISD+WxAepT9rBjaL7KcFLxrxD5s+xmWh5seZeVlmXsVOdebdkbdV
+AZWNWTkw8Jz+hXmRfHEkvJLZZwCUL7s05hyWgxJ9UjT0iaUQIlwJErcm6JyaFkD9
+W6g61L57oLq0rrcv1KMBjD52lwjtGN67RvesHxLeAVIndqlhl00MhbCe7cOi5oVc
+hsRjqoHQ1xVdNQkIdFzK+4nqF+Bz7Nr4oFWBk+CbjWHGL6MTf0mNtOZnrxh+O5d1
+aEomxqHtW+JyLoYLWlLtfJj9kWMJomaO/c0xX6FZ/teUk3zXRxtHcDocrCgvFiFh
+TPHkCvivcH6bTqr/WTN566pZfodJKsqZmV8/Y8BYx2ZfxWN6JxuxysELP7hPX2Jj
+1Uub5gXEw3GGpXd1OfKm42vvONd6usVbfe6gtUuH8WcBArZkNkIjGrtNA/HVUenx
+jv3HQyfOHufcBrEAUqwANXjVY11sW6ANPSBeEjnjSzFZ3BlPTdDJs0DTibbwLjAv
+IR4Jto9xra00Wo2vRNpr0yPXV168xL7pHa3opU7jlQCg0qUV+JTS/YeBfRJRzM9Z
+Le9uGl2xYZBg4IgoMLl/4czn6NmLxp1//vvC9r23e7/mqCZ2mHLtyBCcUgLkBlFl
+hkI9gR2QEI0cn7ESY9Q3cMOxb71kpXYRzbW7qKUagOkFzgQTftbxPfPQmUfLMxqP
+m9cqn5PyL5QQlDfBkm5NGsHz1Nx01bH7buBSh8HLEr912UCZ9wWfK7VMjxu2hObv
+UE/B5EMudav1PT0pj84HZBWnmEHFkbZZMGTCiC3+H5rQQIQwC5Jbk8dAGIur+yn6
+j0iNybXdtYFyzV179h+FcIYRFMVIbGhVGd5/5kBeAqDjuk3WKhwC/0rGRyTNNbki
++HdjRF51rZ5E7ZnkDCW1asgUeu/mWyyqbg/Sf/CI2SHFM2BTO4QnmBhuqUOZemgW
+1CS5Os9rKpMXh7g7xRr+H21tN6MqCUoVQi2cQfpV22VGF3OTFbayw0bMQjQO7cmO
+4ij3Q0MTG1BeAUDiFxs5ler43HmhxxMW3psyHzG4mos/IGkL2Uie54JwVjsXw9Bt
+jBIeIkeqSDCANC8s/Vs2oq8yZnFFNrHokUdO1FvJ/3ADrwpizhvzbqe1T0U84qH8
+7eJKgQbzcoZzPmlgBQmeHkb1CGsKxxTZ+Z8VoOnvOh8AgoWcan3DaShv8OJMIEaK
+++QiCN9AMVefZvWniru4ehw+hq8aFM5uCVTDIrfjsEPJ7DGmVtl64+0i+30ab06R
+LEN2O8T1dkWWmzb6Wow7srTk+seyliAvfKXWoKwpYXivK1ULls6fEXaA/stfcZ87
+ZmlokqTlqDRBYxuujuPlOMIp755FmX7AUIAVFp/HKQCS8hb72wy+ETlLhhfrO1f8
+qFi5q+DmE7WwBKm9LnSGutSrnEXYad711Dd+aFa2elXUKXBy4GSHMDDAZTMMK4vB
+f32ql1j1D/CicVB5ubg8Z+gAu3QbOe7lvTzS/9TYltb1m78zwljjQcT5W8chCuV+
+uex0J9KInh9PwHfDylm5vpNp5gdiTPpktlcGan5t7fRXaJ2qmmUSfQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA5Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA5Cert.pem
new file mode 100644
index 0000000000..b2f82c1a97
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA5Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 27 4F 1B 00 78 11 92 48 98 B9 DD 80 D3 52 B9 CE 73 4D 3A 67 
+    friendlyName: indirectCRL CA5 Cert
+subject=/C=US/O=Test Certificates 2011/OU=indirectCRL CA5
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBWDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAsT
+D2luZGlyZWN0Q1JMIENBNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANCnFJyRRuG+54pazi6+E/5j7N/GM+HyV8HeSNEtF4lXdOxwaU3SnKYCmJNMM7MT
+lg+dkilaufu3TV0Xqb8jgXXP+GbTVHLk6bzTozhDhh842cF5nFfLZvpp63yEDFFa
+bAmlV7pJxK5mv+/SQHIchckJOOZCgrcxRulUDF4SZVhXiyowX2p55Ipuyb/Hxbea
+i03e+SKptH+WltSwtuRuI06SLx9sjJXDQ6xdkrZMogDNTicjz8A+dbHMLBoxqHDv
+rsCzTWTPVOR0y+AXu/5Skfc/qsBzsgSSR0s8TOBflnKFVQhXncKQnlUtzxWAE5Bu
+rjKEgo9Ubvuv3oHQhHDkh6UCAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggs
+Ba6+dbZlp9ldqGYwHQYDVR0OBBYEFIH3qr1IdVmAsM/fIxid2JNGghazMA4GA1Ud
+DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw
+AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAic63G/b+yfTHBtYeNKkZwT9RWSs30IP6
+oSNm8yx7R8kbpKGtfUxhvct0V/0Mn88yPf2vh+Q1ILHYltgyflOO4TiskFy+82Ug
++IBibEqBafQqGEF0jfzw8ziNjFxLIZbO4KKdgbCu8lpK1hE4DJZSO1Qmb2VWu1cM
+obQxILQpT70UtUThwzILRMDeOn4suF/cMLzhyry69UXwv5E7y4pe4/jJRkwFYPpW
+MOqCTs6jI9y/0fao95iwi0FQVVoAzu9T4qvAageeUcaEIM9MhI7d/lJxJhdI8UxU
+HaxFfVvarYxJ6Y566RKfhMS60QX5Y0HT1IbDPTiLNkvBJNlOMuz1rw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 27 4F 1B 00 78 11 92 48 98 B9 DD 80 D3 52 B9 CE 73 4D 3A 67 
+    friendlyName: indirectCRL CA5 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DEFF90C14C4E25A8
+
+/Uq3XhQHgdnCIUFfwm0F4VHwNuiLV46nWrchtUiDA9gtGOZWuDZWBw0Qma0b/AFK
+uzQOeXDiDL44WwntmcR/tqHT7A0Np1wk1HA+XZg1MkLPap2W10fn+R8PAguzboMX
+yjGUhhpbJ5lzdGNZ8qQd70t+K1oHdY0e7CEWkqG6/6jCzRTMn4WGez4Y0tz/TAjZ
+aV13WHuhlokWL72tGkkVvWFIW3u7ecO3Lq++zc1M67e1v3zMTy+LuKjejmQDttXn
+hvel5/F919/Kd7Pxf9e0cjNJSBeymokEiHvnckgDB/CAe+sALVMM+9neDu41kskc
+8JoZ6xN3oP55/JCcOl/oUnr4zMuZ5h812BQLl7QnBpjbwiurtrNQwnD7iYmb7RB9
+lrBjYfs+OgLIQfqVYbVAKL9DxqGil0HzYDKolNX6PSewl6KNsIvvDZDI8ylpb6iD
+nche61yNB66CR2dGDUZtn3xelGo8AqKkH8itBXssYvhC/38FYV3uLtE0NucAz+IB
+WheyC6p/6EQYg1z0Oxcn3LxS2revY8W8HC2SrhClTxrSIs5B3yTTUgzKEc/fAOtI
+GYEy0YPpBjEOxBhnicBYFfSqVk1Ky4JyOOBIGfhEm67n2UVKM9lvuGmB5o9Q5/bb
+kQv8DEWCtf3L1RZN/iR1Avm5c8gVy4aggYiuJncI7ZACmhuFbZdEgVUMg/aDzKqt
+phcL8Jjms7x9ZYZr4xSQcsJOtqt4WYySPFqk0xukytvWJEH7pa0xp35ycSo4g/U/
+1EAq9jBRzSVAe/+ufsE01Yu+S/xjPwmwS9C50ArYx5sFzk6YKYnYZ93j4DST05pA
+7nCoLDFLSKqRscLMsjEppPcudv/TJhJQmceTtLfzgat0zTkfUCALNuAhfCdai7yl
+l/HN4pUQj2JXPiXHIOneybH3Z4P/MyxNCDmncI1ha6ZYuNLqcSmIZUJz7cfovr19
+Z0lWl0OHSVPkav7m+UIYvppI5f+PFHsuz7+R/im19VEZMQ4sseswvFUYAZ98YLMO
+bgtsvo2iqUPSka7ejFo/pmwQQlFyQEd1zNXCUF1wEVqDH4kejz2TjgKCtDGvNu5V
+hQ4eeh5m2XkX3IlUMJiFle8Y5W422ekk6OzPLmVl5/iPrCVjshlekcLO/sPPvSeG
+4FT2DPk/twcEmCJ/Wg0OcGk215mspNwF6Chk/5i9BPcmdsLjT6NFygeTQYtVAOrA
+3dqoNekvGdH8FmgA6pCCbBUOBboKbNzyhE2pOsAbkbKPzrrmKbMO0516cNI4nfq1
+92S0owEUqH6++ua6Rp85ngnjm4ZFMa/CCw3lnHJN3EpeQTQ2EIDwnrJ1WAroLZ0G
+u5fBXJrl4Jj7QdKZpayd8vzrxFkOnT+PzHJYTQVWhk3bHFaPWBDheRVILa3uzFEj
+DCkGKOJwTzc40QclIeexMu1UVOjPtZZu6hdrIQqI5HEMLLXPbfZqlqQ/5YCr68FI
+XEweTp5HiZGWSd6d5o6u4lmRsRVoMCuZ41AAhMCLyCUnXUBhu/cXIi1SaySdpss6
+YdQ7GkuvZ+ZceWyVh6RaCba3eIrxo8lh1ZlJIRsX4stvwH9MkSNPSw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA6Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA6Cert.pem
new file mode 100644
index 0000000000..6779e6d5cf
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/indirectCRLCA6Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: DF 60 70 22 FD D8 66 5A D6 48 71 B5 FC 7D 66 DA 67 7E 5E 0F 
+    friendlyName: indirectCRL CA6 Cert
+subject=/C=US/O=Test Certificates 2011/CN=indirectCRL CA6
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIBWTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowSDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGDAWBgNVBAMT
+D2luZGlyZWN0Q1JMIENBNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANr4SdBfmvVoe7FX9vAiUwmvImwVjK+B8t83+7CNGq63EWeLcQztgu2PU0p8z3Y4
+txQrhxgEbAc8WvNnLVbPRwqsf4EXvugsVh8O7jVzLy9BTrmlGPRwk+dI5LFlCZzJ
+VzdkAUcK+Q7kjK4OfkYEBo6TVYDxgjm14NbXNVVKahJQwTllUTITtQ68dwd/IUTt
+Y1Tpnb2DorIwyTDtesMzGD4118RxyKmBwXICic5Da8Gh+laHXxiz66voVvzmed2w
+umTngY27j/VgoHkc4ZMV5S5wFfFnpZeqMCi72Przwjyq7KCkB1LYjJHcfkVBQLDd
+2LjbqvzP6CB9P0cyzZXtfHECAwEAAaN8MHowHwYDVR0jBBgwFoAU5H1f0VyVhggs
+Ba6+dbZlp9ldqGYwHQYDVR0OBBYEFB/JII0Lo2wtd08T3kL0C7beKnYxMA4GA1Ud
+DwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUw
+AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWH/AphxOKQid6uERppifz0XnqpaHMW45
+GKgeywO560Uxfw3qZQesXDRUigcMh4XKXtysK/ILWLiRzIGhzJ3qR+uo1g5Paymv
+76azYg5TQbKRBnqTq9w0JcrS3s82kKfVqQcR5PbmADorGFMlxaGdVMFv2ImkPKO6
+8nm+S0X/xmjdLkVu8Kvbw8za8+FQ7IoCsBNlel4NVf3Pzg2wpexF/j4ZFEhbv8D+
+1VtoLohdbsQAb42KrT87x/xTTWqN8+zbj0+b8As6LGDmjZbuIeKK9NCbh90edTQC
+o89lhuALG0+Zk5sFhoYZ9aHjLyOEUjkm2kq+SD0ipCpb+/sCRyy/MQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DF 60 70 22 FD D8 66 5A D6 48 71 B5 FC 7D 66 DA 67 7E 5E 0F 
+    friendlyName: indirectCRL CA6 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DADDB1A0700F3513
+
+zQhH+108kzz6dq73i5aD1o/KmXUZmMAn+7JDTpSPl2q2uOWD1PoOAqaAJFsB1BxQ
+QpqG5Cnl+9ogcC+rsMx1RctN4sIFd4nVi7pUzb+GIzOkLeiwfBEKkIfOCjKc3dBs
+slVvww7VECcTP64hMpumIP4805QfAm+YBVra4dvLTqXretUT/38tiEF1pax1lZPu
+SQBzE9nIRtCkmbHJS4cd/x3GecOMlUIVJeGwqkLhtwk9KasjbSDUEoj+TNJbtQh2
+amnAfXEu22q36bGyZy8sBr7inA2QIJHtzcXbkpbVjn6tIoyrvDQ6kYhtvFmWkqde
+NVWg/ef8c43bskiWxQ6+vmQvGNo9k6XUmjiv7fo+sVWxvmmS3aq2EhD4CUPozXMC
+7OqT4ZW8dZys4YGe4vYqIoaZXj2CupZlOAKxr7XC4eaN8P1ZBhgXeKBUvddAvCyy
+CeUxAfJ9paCLYyNw/MBlMbvzbz475wDSAj/qWr3YDgJCBWXYCZv11oTE6H9Au9om
+WBwjgjUzcZTXdFTOfxDNwo4qs8zbpCpASqgs2/ofsSIcIsshkZsmndg+oJsdJp/+
+G+rDaHGa4gfbGNyd4onmTMmIAUMi+BifyHTM1nfOj31ogJUKF79Wk1Wm3JWZ8P7W
+vN0a9FTC0RGdOhE/yv+uwzKwulYoAjUQdqoQQ/pYzRiNB8wwp1yqlVakBO9IGOWo
+xb+PHF9HPxbEgbhb3k6GQIQDCV4PkHOu8EW2L0CKO3arCvLpT3gVn7hcVp6fVq0o
+bRUcrtkZsZaVamF4+1LIJjHki8/X1XHsi5LRmuFMQn/NX12KHi1eYyvPHg6hnnR3
+HwIoYzXJolUmnMDxo9ql8B2J5Vtp0sgI2sz4b9cI11ozg+PUdwGL9/4V4s1Kv404
+L8vP98YE3tlrvTtUYP7YV7kZxlmXJ5PonSd2gvzOogLMMxnRNlhTUq/zX4lTmx60
+y9YnA034/L2MWAgk6rCg9lvC0NEtXQgHzIZV1TyrKMpdX2BsOU/li9P5JoFOkD3d
+jdaI9af/8+XMkePh+AVHTs7NVhvb7Dyoy5BPgCL0XwDt6RkmcKSLAoXNutXb6jLp
+K3ROyKtu/C4nkCDedNerxdrQvrKiS7FUO2+xwdhsU6vhaWw+87P9GFoI3Dr0jKvO
+ADmV4H0JKbk687DB7NVAqq8BibxdD1d4rUZvio5KOal06Tu2f/1CewA2a4mMVj9E
+GxqHDOrymDaNg5YLu/H3XDCWwC+qszsD1/2fzwGLGgZl3mJX9AJx8c/T6axbqyyP
+GIaLkxwrN9JtKO8+e97cCKUylt6riLa/0tiAPUG5RJizBi4ey677xr1L2ICExFqU
+lDY22m+ezGwrfZhi4yVIHS45KG9+pF+om1XYo4cqmAHg2QqEZeiEOsHgvNAbyQh7
+1uhPhSCUVsAlFqWZr4sJLt32Kih7KN2UqAZBGCxox+l/h8Vyy4DZwAvygMU+yYwp
+miEUhtB47LBHTFegYLdbGnPm5WYHppECneaIsqjgXC3TXqAXpEQEi5rCBIRtpqUz
+7rwjlNmY/k4TQhyY9ielim/ouA7FISvCPC1voCZYHtZf29EVvFFzf+C9uLzA/31n
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy0CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy0CACert.pem
new file mode 100644
index 0000000000..bc04fb9c3c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy0CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 9B CA 08 2F 8D 70 30 97 45 EC 2D 50 73 B4 8B A2 ED B2 53 11 
+    friendlyName: inhibitAnyPolicy0 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy0 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIBOzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNVBAMT
+FGluaGliaXRBbnlQb2xpY3kwIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAwm7RmKNqzNVB1upuD/XDkNQZe330VuJCvAN9qtUbmOwBCQ2Imy3G22tO
+o0g0sd0FlDusckPU2bfVW59Ya5SQXlfQq3Qu7dmr4SznXyLwjEFkJex3YFi/0RiL
+dkzC/2ZK8ikQtU3HHznh8qImo5sb+STz5esh+nqtJy8+eWf+PzIRzVtGxxThnqCX
+fwCOYcgALxcvZEyfGmZpKGjyVGNTmmLXYUHPOaMN84+sTueys3R4WaidErJQihOJ
+I0D8k2zNiP44crr8QaBPDYujleFp99ZoL0p0t9rb/i91Oha1YR4AriZOkSdZ+12f
+l4oYmUVSpiSr64wKFCFYOTybXDHr+wIDAQABo4GaMIGXMB8GA1UdIwQYMBaAFOR9
+X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQYoKB6av9qnYWCJM3DJoX4v4o3
+BjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADANBgNVHTYBAf8EAwIBADANBgkqhkiG
+9w0BAQsFAAOCAQEAYACyQ2xi2/hapopt7cI+wPFzJtn2eSzNP+lkyRkp8VbtFW6k
+35IPAUnuS+bcB92Cn0LwwSXIzMJ6Cs2su9UmKox/psMXH8UMeebjL4WtpuzqtGLX
+eFVo3Cmfdih0JICYo952u0Ugzw5LQzMMNDgtcSjlo+OP7ksOyvP9o1hKfk580cLV
+X+PiJDmqGbnP+0ERDbN4pRQvYNGNFyzBgqGpiIENgWIJwc42HTHpaG63Y/tVc30M
+3Gh3//ZomjVlWg12PLoYefV3xv2TT/uK4zb3ppeznSGso8sCYh+/p6/T6brIyqUh
+a2yA6ge9SUPKy8EVgqo96s7ofQwobF5DOJ9UBA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 9B CA 08 2F 8D 70 30 97 45 EC 2D 50 73 B4 8B A2 ED B2 53 11 
+    friendlyName: inhibitAnyPolicy0 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9EFEE878D3C13B53
+
+COl6N0BIwOOAKEUyflxLC9tGHBUEeuxCMytbs6J1DBteOSWocL81iJlPHCcDsgo6
+cHS0sTXbvbxC2le816uo1q0gE1OTKZtfL6HOCOYzK0lMFKAFP1aS05rccR8r+CdF
+F5vcIJ1yyAhdiqsr6LN3m2Px4COz9SoepzKxevjGoQBkU1LsAlql1cg+xUCwVapv
+nRoq++fAzF16YOLER16QSMMJm6gRRDstuu8ugrV3h4bTy46hsHmywkDxhAdaYHft
+Ao+I39Bq6+F7VoYTKq8rogA51ML3mmva0sQd+4aLFH6nm/k2QkKwxawAimy7zoKk
+6jdu0r+kCN+jXGqFtg5lRTdM2WpuHL2Hustq1t4mGQSEOWgOqW98VIKV8O5Yb6be
+xz1HaAPEYaCOOydkCQW7Gzk8nyzRmPI4zh1453kF62p3O69IKh9TkEp/Q1Op9hdn
+iA8W3BSPm8Bm+yEjFu4PDQCS7N/FjWhH4nfb0/VCZAX6KS+lAxtYTLDf5klgS8pJ
+zhYGqAH32sycSzjuvxWHxpHRs4vL2izRQzKWMYpoLaldElFAY19eKiVWND2Xma0O
+KDjdLRF4XYXoqiWAAPR4amdPiI+5uRmHcmvE/kPm3lYwBEzTt9Hg9NCsL/oJBKld
+Tann2JtXa5vzvKXlRNRoFNlcu3CRXfxsVbwh51tiN9S1DlQOMH3VO8/odhk9Ei3b
+4t+/xhKTEpz8O4i6n61Rww23+gkevgXpMOZq6pugngJQB0gDSzaGHQ4j/P84B+m2
+WrqLaqmDOgS3d1K4jzhMmPLnYCUXtXRKKVQ3sbgMsWSp5aXsHgXd9NDLXntZ1Lpa
+359MJCWMirfV+NTOPtHzfIsxsFxmahqQjB3PrkFHnlVS0zWsYR7ATSYfaSatzY3h
+B7GiJDA2B7YAmO3TTCIECCOTpOUAugA+WhxGKIH5L8y6+/ae4fgpkk+vhWcVOPyv
+ZiWfqZL9+Z6dTYTsz9uCjeA+XizCFI91XwRpBUcdW3ldxnoXIX8QJDJ2SNApkK9h
+KPeAIztz6v81ylSkSY1fYfmy7QwWqmCw6tndo2/GuGD/jz0lYfGYSYSbJ8FAXL/+
+Sxshv5E2Oqdth84tmCb275Fut8y4KrH4t2WzW8J27WzvcWHDv8jx/OaWJr8eSdQr
+Qw1o6Bd/CgcOKtY0sSk4cRM4u7llKDZ9UDS3KrVyST9Z1cHIG2kXbeKoLLOpLm5I
+x5P6TU9/t9QDaChtwKjxTs22oWiRu2ZPSggvwHfAU8zxOyDI+PTZdIdpzESWV/7S
+pi6S8y3C0ey/8l9HC6qd7khq/4jt4dtCkIcsZpN/xcNfoe2OItCb0fwGd3xQh0cg
+d7HOEEg4ZIbM4Rw+t4qy4hXj54P/++SN0h1s7PPx8oUBJsOOTDJdmRCE+vxpeAMY
+NkFlpIQd+btxiSpIpa/21qoqHbAL+LiuBph4grHHbuTXqpFyrJl9SMkQSccufHI+
+GZl1Sax8ggS7JVRbP6DlyPAJf0T89mKMnONCtn8FcEJu67SaSd6gO0AKmER4LVmf
+Ydeb6zEwdxIbgbbFfFo8vsTF9Fp1AQnKKhbqW94kKhIPB1Zbe+f9/keNS0E8OaNv
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1CACert.pem
new file mode 100644
index 0000000000..703bf6857a
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 21 4B E9 2E 8E 14 78 20 89 D8 37 06 15 99 28 E7 62 26 69 C5 
+    friendlyName: inhibitAnyPolicy1 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIBPDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNVBAMT
+FGluaGliaXRBbnlQb2xpY3kxIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA6zBvGZdcVEAf/5tkGFfFnBVSmugm+C88xlCv9nv6QizfRFE9unEgMgC0
+XzUOeYBfsVDD+s8vjLW6l1oYd/8dB8nj7yPL+Zp8tjANb0Pm5Q5IH7tN+a/o81Jh
+sb2bJky9jSiKxaFNhGHZ0uKsGYZn1im5XTmqAshVWF129drcizb7//FSTeAnkjpP
+Qtb0UqQljSTeuXIdDUnWSuUvJHOzlK+wJBBBlxQQU9AFXyPSejLDLHEyVEgweQ2g
+/PrEkxBpCl84BSeXw7hOyeqy8W8DCRlNH4vbi4UESM5nydgHbpi1WJg7XayRsv4L
+YtSa424ueI3H2OG/lfY+6NlBJl1PewIDAQABo4GaMIGXMB8GA1UdIwQYMBaAFOR9
+X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBTYpp4nlxHDjtQZIdcgvJztoXvy
+0zAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADANBgNVHTYBAf8EAwIBATANBgkqhkiG
+9w0BAQsFAAOCAQEANF4unXV7d2qUpPtdqy72XTM8e4g9dJGOS9XA1xRPjh4flZE/
+7DPh86LuhfQALvGqlwUcjTY0ZTRq47YKUqj840+y2qyii4QYq/USs3TRqlBZVWYL
+2gKOFDCGWl3MLtlFR4kgRmMpcHRxuE5fDHNdSBR/o9Ri7/9EIOjUA5UWjCYk7ccI
+oHQ3vVkKspFSObgq23zJTsahW7s+mmxbwxDFQVyQ6K4jXOnemBodAIin7KQXSaPq
+SPUOcOFTf0430xU+HZFahy8Oqe9PdAf1yrBiMMG4W59Bly0cJsFdvEgQVDu+h1S4
+gfrQDgV76wl1nblJHH8uFYRFdYG99/Z45bjIVg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 21 4B E9 2E 8E 14 78 20 89 D8 37 06 15 99 28 E7 62 26 69 C5 
+    friendlyName: inhibitAnyPolicy1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DB75938147E4A4F2
+
+Z3WFBDKFyqbgqjWLohTujouVk1bgiFIZ7hzfwstNzrrsWOsP3ECfKkvGCwEDZjHD
+EJRKtsxjq1PSsfnF0N4z3xZtVSySPlVBh0sdfps2M4okn5Pbn3KRNk1WXJIbPmLo
+DAzBce+CT3GuMoWcaL+9NONZg1Y2T1vXrss3qOQLh9xrG+r3MGIv6MswlA6YHgdC
+gzSeWKE1KfH3YWSj4N5tPc0DoTiwyr99SuPzQLUm5jSe8a+vQavYWlKjubk7r8Hc
+fQ10jqTZBO5HeSTXgvJtzwSTPuuca4sDuIk1oHtIH4FDuj9IfcPnXiQXeko9PJ97
+NVZYpOVdM/t9GY2ueZcu3sa0UNcLuL5gHMvfufgE7g57kWHmmHBaHbHTB19ah1B+
+drjpT8k4pUnAKhzqnWh9RsfKBlTxhG+cWkJ2orK7dan9U5ksG7pWOv+u907+nsQs
+bzCCkz7a4QDJQMK4LXxMfXWA2cILlQW3ZgEz3i5PZOhfk49Q4SMeZAUIgWKhqRDt
+36Dr6H99S5kQ7ruDtlewCUTJIAwrxefBbs5+3S2IWQJs9U3/AP63+Cf0dkHDWO0P
+yvCE2eN9eOb9rDU/OxaZtBz2vpFmBLNsyArMdQJE/NDQVKiFgmCj7YSY5eGLgmNs
+vKfZ45bcex8XxOPhwvanfymzUqItCx/FJqwgsmllXSQGqAoQ0xl4dVZiBy7vpWCf
+6GbVAUgAqNE07utLyBhzHlB18/FcaK4Q7ruzNl6OdwwEbGaQbanA/eYD9SF9Ih8c
+zD2dFT7i3fWfcr7+7r/49neG4YN2A4b1pAv4m7owKGUSQQstETrVkXCdWL+ll2Fi
+IfSVgm2ymdIYn2bB2C7qYbisF90Jh21lIITufdZCn5iSV5W64rbU9OVZpflpBHUO
+aS7jalgKC+qx0pUskBs/2+PL97kYlYqof/VGOAS/6t8Ub7ux9/ZiAxSJIvwlv7Hs
+GXNtr5XKb7QeEPlWoAxlASXXtZC7X8Ftg/FWO0mnrMEXbiMLbEZNnjBDLIM/4+XC
+BW0d9JuXi1C8wgR5q2gv9Jqj3Gayp289UJq4/AgkoqD6Lg/jA59SomOcqDIMbw2t
+8v4ccuHLG4bswm0QewhLhWujNtHggOfAXI48T/eeL+S63lS1cu21tvt1QTWu6W8f
+T1HX0c1YCjEUTjYMYFWOanbJv8QijdlvavtTpryfj2ZTScggt3ec/R1J9XqcaWwT
+q0Ha7wvb/b1D0UThOfvTbGL7Cp3PUxEQNqx6g/4OjhDJ9Rv2WafBXYtGfns8bf92
+46J64XbcBO9dfraOa089cdTG0S0IUk5QlcJpAOH83bfcCv9ANFUOeCKxG5r2ra7W
+hAJW5f8zCooh/U6n3AC+TV+b09F97O9PZhyyXabHFWKlrHVU9/kXAPOvF75ASi0R
+nD8SZ6m9S4UIGl3TRPl3v/qY6Qp/0r5y3Nr9Q5puk45HwZNO7AWDutGEjWT8+QCx
+N/UbMSuP8jnAyuu1YMRBl7LFcGf6381RN1vN7VpyBJQrcrpg9o7iC0GKQKJ/Qn5H
+Vw7pjZC5h5OnCI2cCPYs+rME8OK1o2yqiHv9i+25IagJ0/Mq1dMz/4ASIeyTH1br
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1SelfIssuedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1SelfIssuedCACert.pem
new file mode 100644
index 0000000000..c62b540462
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1SelfIssuedCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 37 FF 72 28 A4 A4 54 C6 7C C4 ED 25 4E E0 46 75 40 3A 4C 2D 
+    friendlyName: inhibitAnyPolicy1 Self-Issued CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 CA
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBN
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEd
+MBsGA1UEAxMUaW5oaWJpdEFueVBvbGljeTEgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDCFu0fJxTpvoal9t+mW/X3OsIz61KWZdMukGwyZ2qGnOVp
+JtzZowwep2J/vOZyyAS3eCLJ+DE5rtrCUFnlkYbD0aRM5Ov3LQv6/wVeASJ2peE1
+ktUPdTn+O2smk0gkTqrE0wQCB3VqkpoeU6MGkfVRi5cmuuX9yH9DrfNDqBt0v0qN
+k6RV1Qatllw9vMcmzPSFw5QtF+siYKvh0Y9ZxR4LpleoNgNu0WDEiGSObwOcWaqn
+kdtki0sDY2Rrh7l7P7AmNILg2SPd/U/999Eq4U9s0qDbWRm6JieFQk56kSTqzSFs
+VqNknWKkDddew/YGC3HgkMGDlZqGXjqCOdYNjylZAgMBAAGjfDB6MB8GA1UdIwQY
+MBaAFNimnieXEcOO1Bkh1yC8nO2he/LTMB0GA1UdDgQWBBRAqcjvsmE0lURsYYYC
+qQ/mQa5fxjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHYPM2xLE6+X6y4j
+OiVLbySiZbkfMcMa+/9NQGIq0PAn88BGxaX13t5xfcGnUSkRJ5cBJN8HIEOnSXi0
+8SzRDMOIlMsBfsOLWPrrw3WAmRI6kAbqAjgwYyfvVJaAXD3UotQHsBSbuE9wOo5D
+HCZmSB7GAscnCMZwjz0ZVfu9Efpldi4PmoTC0Z6URop6n4N7w4IviZlSfadQP0O+
+CTZQHt/D0HRiGgF+DiQ/4mSWgP5wBlhhUJE0pwVLCd92PfMIqsK5cSgN+ILMjlX/
+rKeu95Jro38CL9eXpEPnkECq30jAMZcBqAigQ4GN5sAw0nT9Oly+GjV1P8Bu06zg
+hTJyzDE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 37 FF 72 28 A4 A4 54 C6 7C C4 ED 25 4E E0 46 75 40 3A 4C 2D 
+    friendlyName: inhibitAnyPolicy1 Self-Issued CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,918EEB1F8B4EFAC7
+
+oGaJS8rWm37/xZ17HHrKZ5LitHkYuoxGmrHu0a+rruw02od9ZJcHZgC1BS0jV/Gl
+ne4SVHOa2rCyPiM1G4PKwXzK7rxRbXMuNoIv7cCS9lRUy4Nr8AiH0YkUL7+n5m1C
+ExgEe6DhLmtGoJx/M8ZHf/pDRmRuhPBu9HLrgyX251U8dCj44o9l0OJpsVQVGqvb
+Vz1yQrLyLbtB1NH86N1Y6+SVc7e1AeuOndKJ+Gt6R+G70IcYW2klwnnK6JECsaZU
+iy/SR3bT5oC78E748znrgYsFvO3BzJwr5W8qtpM0zkhOemdzUh9Dt2NfyLvOBft6
+n/IkGSvapYFz5eVU5nCSRfGBVO4+tHwUCYbt6wUD/JsJ2njfKaQyZaHhy7xxQTM8
+N0f79GCqKkBLhUNDrNc3VQYiyeYou5PXGiDOm7vkxVXR8mbroK2hBhbV1IxFUJ08
++g4pmfVhPjxFSakz5t4hkukjR+3ihaTRSqveSbRJlDIDBiBreHWphrJN5DVccN2S
+TU+TrHsFFCvuUSgKwhNWuTv0WDoIs6S0XmhL03bB76Dhvqi/9QOQAB+7Ybhw5D0J
+nxzul5/K3nM73TuEz8aRZ74u9+RWVyb66MF0Ou0iFcKvs8UDyz6TDAlRw+1UJ5n9
+o0kBi9e3OUtInP74xxSyhG3hN3lspXwaMvnY3rbEMh0RSHyY0GskA4IBY7+oeyBD
+Yvu0LLkiTE3KOySs/6t62rDIHxXLD+5VB3MiMIWvhwpqtEJNdgn/+Z7p5yEmkqFg
+ijdVdBXm+oiBIEowp7XEiQENQlt+iUhoumeLtDwFwENryAe4tKUG60ILtXpmrftW
+JFtpShfsm/PHaTLIBSgjNn/u+ZYZ16phL80NLOuhl9hO5qJi+dKVqsfInZ1qjtiz
+MmaimZHZMCNvhzTugAofPV/kO2LAA5vQBsqfi+uz9WVaQgYPCGPKnYpwewtc6yRH
+0L0s+0JHCaXxWG7w4wWEky4r080D3dyCwymkXDdfSOBoBL2vC2JvjAnpuZ5GAjw1
+66/vNVzWoRs/AsuPsi70iSMCTuvB4u4fsVBQjjNNQq5sAiN0XrrCOCDr45AW7MQB
+O1UiAnuJEDSYl0HophsHa99f5aTRQrAlfOUXMl6GpNK24IRY5JOW6fGsfe00DCLx
+lIeQIjG2ittUvZWxOBZtDg5x3fDZd6z6EV0sMqpzXnupikNUIRtu+COjeGqFJXTj
+4UDLE6+iYM4iZjL47Q0JbDrdE3FB640U14iznX1l01Z6W6pZP3XA4cYQTNniUZnn
+9/brVg7ACOrjmy1lCpUPiwR3/zdkEi4eF5VogIPrr1YL490WTamUajo+pOgOgBPo
+pXlMt2EJiABERHi4/RP73TNsCHqxnJ+ojTzzEL8Ykjc9tEdL5AXF88fE5NcWQAOH
+Rk4W7bAb22jXmSlRGzz36jaHGumCw8/0oUUp2qLm33Y3j9sJuSakPS/OdjYk+xcZ
++3GtDmW4QrskO97aS0rUFPUp2wxrnRVQQ2PzZK9EusTF+f6nq8u++JHYuoRd9ehG
+Ivpa7IOCQ6ZHSbN4lb3B6L033j1JAeaWHYeleS5jlfyJikt6f9R8Cg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1SelfIssuedsubCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1SelfIssuedsubCA2Cert.pem
new file mode 100644
index 0000000000..6eaff0ca8e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1SelfIssuedsubCA2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 4A EE B1 77 48 F2 22 52 86 52 94 58 C1 A5 3C 27 74 F7 A4 38 
+    friendlyName: inhibitAnyPolicy1 Self-Issued subCA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBAzANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowUTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kxIHN1YkNBMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJJAVofrVfHs45uXKz4PgJkRHsgL1Z4e2sxf
+Y2DoqXS9SaYI6WIGl8UaUaWu2GdEw8ogTo3JUrJI3fbDBRJs+aGFvBTaTjH9QuL8
+EKXDHoMMTUpRy183wS6wbZKKHS42CxjBHR4zMmLhnCkFo7IEC2CsgxCTzUO9F8Dn
+aWQ2LuoTTjD6O8POnTLawoqcioqQzvpGY/kYItrYGq43lSA4zaxToHFWrRSqmMhT
+kjqGhAPpjemoUtPKhBfcMw5HSTP1ZWJUUZfXlH3OCuKzi7+dk//7JVzmPGSIP0RZ
+KYY1bj3XjSS0/0VlbJBG8tOhAZT2DKvzMIPpvCMDJeEW45bBNYsCAwEAAaN2MHQw
+HwYDVR0jBBgwFoAUjAXc335k22K+20tRZIxqZthco6MwHQYDVR0OBBYEFMnMP/pb
+8KHa1TcMm86YxnqJK9XrMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
+MBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEA1S7dJczr1Qzl
+zL9tXuePIeWIEW+U0V7V3IAMJEy4eo1B7v5uHSdxCf+4syTypdB6rbNUmoK1cRp1
+ChDyuQ4Yeiqj15HVD/anZ1Jo3zKnfr8KklVPEgiotUTSAV78aYJ1liCaZOBPK2n8
+voSX0antIGJLILX/FxJWijpjOERnYpD+wQSWBcSifo2XYXplE/gD/HqyaVjGl1ec
+Kh2j4bf4WS6P/QsW1h95SfOK9j7atKevgqWKY0lGePS89NoIyQHfhrXY25v4nwRM
+iGB8d1zjzlpOVskFlrvlJu9TW+qQPsA3ZLiRBQZj1CEhU1n5x0e94K7LzEKL0759
+xhV1ZzxcqA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4A EE B1 77 48 F2 22 52 86 52 94 58 C1 A5 3C 27 74 F7 A4 38 
+    friendlyName: inhibitAnyPolicy1 Self-Issued subCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8122364D328014CA
+
+LQtuX+3U/P3IUUgPuyr2SuBmTlllXHGcMt1y714GJXUyeyeOpyiRP9le4UcLZ5SB
+5BS4X2exCL7dFEFQ+3eE11lJe4wkXq9NVErAV0zkhBwrDt4Azs+8iyqB6b/g5HHI
+keZRFyUsCs1Iyd0hRLnlgL5klY/MznhVQTwIHA1808xOMVn4vAdM00Iz5eKXSkf0
+d9iq1l1VUHhQo0dwe125ATBRJnCrGlFJGl+gsMMYcvi2SIaH4WFtYC/CKxhNi4Fm
+gKUrie6ar7pEZm8SUbHrP8HJTWIbGxY2F3T9gkzbQGqnS0I8derDtSIHxN7hzB/u
+vZmYU6p0Z8Q/mMKby8m/yDp3i9uej19PtyGc+Ao9fpe5QnAW5CaSNluSYNxU9Ob2
+3hIIvrXtKH/Su0UyX5iwuLymKEwHAaVRUU4dTdXLp7qQ9MZJ/uazYzQb3XMxX43o
+1oWrsaksAufYgvAzIIqNyGwyYfpwQCt4ejoTL5WNcp+2m0HTXGaKmvrUmKl3gARK
+gVsOFtx9aR0LIHTaDlFZ9GFseznNahcTR5abbaMO2VaXt29Z0ZuhdVUUstw7M7PC
+OLCClRYVNYjORkML3Xot7xFcmkhYoeoodZNXU9mX7P4YcHS0HDzBFRvahDzNqc/C
+XPTS7IBgMB6qeks9+p97IzsULZcLfa2947CYnlLSRDl+MDxak16Z0b+abYoLLv9p
+qcmTZvkYZs5PjOXL1cKc8cCRcZtn6s0prCCB5vtgvFBKzr6165jjlZDF7uwUXI6W
+zmLFGepTLtUU1ew1GLjr8kdlUmGgqGMwhJzphwRVk90CXKV+yiIGe20Jq3GLhG7P
+5ABuL0GMcKD8/Wa8kcZaUAeI8KXLMHFc5QBHmlRI1lLJr+/qOgTgItijAuvuNO3G
+dBavsTIKDQxfiMuTNeLq4UUbBdSGr27DhnXl6HycBNyVuPcFNsq66ez1aX3fFKOg
+AFMGd5GTE7+eqLfRwFbM0hp2feFV49BLX3ZH4bEnRsMCF2bbZd5DQcnMvjZJjNor
+sMx9M139lg15V2SKUcXPPQu5bLP0dH8b9OyFL/UZlLtRFkftsmAlvyIxdNTnbCdH
+xwWYyY4bVyvp6pMB5jXvFeAigBdMPTSAdRp3k/yfTvsSSoucV66eJYbNI9OGrEdS
+Zff/6pvh1aC0BxOzfNn2/aR5wo85aNqgHyQ/mY0KzNikfCMXtuCCYs8+Epz/D+PS
+Jc9kUwAP5e7B9UcfL6pcE35TJrE1v3wObSEx6gVwwDhuUNg+5hHCBjHYc1T8qNaV
+B98EaeBJy0qPcLMQCidJ9E9QOq4KRj+wt2jwP2APs6befH7JIEh2udsBK9tpbE4+
+HnkdqKCvzJSgxQ2UuitYWLFJRwA+md8hvgQLDLzHShAf7k2CRAxJDkp+ZFhIhO7L
+pz7epbwqsKcU98I7DTOwBEdnnjkDByLlDnW43HruJjLmFDjnJoklSFcDXTsj6P8l
+/ydsm4wjnVXLESpWWWRwQycBoU+Y+NINIpyYvGXgPZXQd1qYdTk+9+Z4NlWrMPNV
+VnfCkJ3JMLzxH3VIN3sKYti3CxLa0ef+8l2OpoG4HPVOJcd421ggJA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCA1Cert.pem
new file mode 100644
index 0000000000..fe94f13218
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCA1Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E0 F0 D8 A3 FD CF D9 7E 99 72 58 2B B2 4F 3A 52 1D 75 05 AE 
+    friendlyName: inhibitAnyPolicy1 subCA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA1
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 CA
+-----BEGIN CERTIFICATE-----
+MIIDjzCCAnegAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBR
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEh
+MB8GA1UEAxMYaW5oaWJpdEFueVBvbGljeTEgc3ViQ0ExMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAyVwAGmULZXHVZpOzaNmYz6rXZSAplQb+QtuN41pU
+qvxd3RpiryOIZXMfSyamdM0tvo5Vfngen/IjnrYpWfPGBh8oZtUI26TXLYpaGTGv
+9bXynCNNRcLzlmufhCFvgipDcQlCB9KFBgBFX0MXSOgf4MviSOncnVm3vIvrUR9/
+xUGRmxLMb3FJyiY7MBoGAUxbsyEVA/sjn2RquDHLBu83hCnkCX0WuSwyz1rQ1KT0
+kOauGVz0Zxj+wFwpSz4jTdazBXgDEjFwqptRoivzyXz4jwldMEB75XyjIMV5yObu
+Lvore59mbwDtqsSaOsTqjXXlqW0F17DORMSaYT/CHRugGQIDAQABo3YwdDAfBgNV
+HSMEGDAWgBTYpp4nlxHDjtQZIdcgvJztoXvy0zAdBgNVHQ4EFgQUdKDVWNkrU9Ir
+sM1dccahv0OnyBUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wEQYD
+VR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBCwUAA4IBAQBnzM+7R73vitIVn6v1
+RdMLwiGv+PRyshDNyrzeAIGRmQxSto06y93imt4X1l0WuwymoO3pkRJP34x7hqwB
+PZfufX56zLc/TndMmLNRrjUgmQZV5MdADqMQwMWM8TjxLlqhKD9CAb7Su6PlsJFx
+eosv8QTJti2dBLAGrmMoqnf8om/yqBE1Ix31rwhB8WhSvYd7LkMdlJWW5Eu3IqOj
+OGbIa4lm24r/g7mSktFTrZMa9uCjaFhdMl91qmHjuMVm/8Ze0STx18SyUse0qBre
+Hizk6JC/+JHciyBn/+ioqYagRGyfCcIlqw0hSH4ebejtEt+tZHvUWN5lmjkzSVnR
+6kIb
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E0 F0 D8 A3 FD CF D9 7E 99 72 58 2B B2 4F 3A 52 1D 75 05 AE 
+    friendlyName: inhibitAnyPolicy1 subCA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E4FB2A364F203A2F
+
+95C99Fi2QIM2E8JetfoTzl+R7ZX1JIjfkd3pWbBXPzXOEySE+iocCjhW1zlHeoxP
+51diy38WCmY6n0LAOwTNMVZ+819Icx3+FsTS7hbutnDrK7KyqWWG7eYNHJwQJWi8
+/iJPPU7O4gnhNjaejdFfeMvAy27WnSjXH5289l8TsCwcOMbT2sVxo9ldkMKQQr0x
+CYjaz02SFIBUPMFkBelw5kcS6GJPBPpNaK8pbeENM7dZ9R4UCtdvlkENuFwybDjW
+XMm61NmMO5yclB4hYCOBVkXmB6rzmzUTPbGiaKJER73Pkq8RqaEr8+h7erdVF9PI
+NtHgbRldyGPmS3bqDkHydEjshMw6RQo9xTrRZNDjC1eO0lUtpHB+HzBW2NBWaHpD
+E9g/4SSjiuPpnWSdJ3ChGrurHbeYcfyy9GRLSyrdaZLTj+wIMnzadCSRrfgMvPE6
++yncM3ykAsx9i5rmyU/P9qkCOCFXg0HIHDXMqJH8aKRcW7+niFcPgy2ZK+yf0nG+
+szboU3RlNjY/SIT3RhXchH9C3lq5GlDbxB6RozdmA3ddWZ6Lqhanr69MgFS75rzP
+YrjaDGOCs5rlebCOXN9TNjRYLqQNuXidEGjkrcsSPhCdRCacybSCnYM1j9hrh5EX
+m2f+6cq3OLPMeX/NzMwd3OGWyI69EIJTVuW0cP8vQ2iSTaX+0PQKb5XIegUprxQm
+ruvlHxYC3bhy4QEHXaUGrBLFCaK7xlzbQlu8tObPeLRhNi2i8F2F8n3naAAZbHVZ
+e+ryrERooWyfpciISPHWLycZI5ClJkVmyVlX6d8SR5yYqProCQeJuTAWWKZz4nm3
+aAwPkx6QjqnXQVUUESqgdDfP3PuMfJIHwvAXS4TaGL6h3C3KWdKE7HlAg7CysmLW
+joxgx5Sc/7uvH9MO1W7Si8UilCtXuFn0mMuENtIGcqVPnjiW8lpsaNQZTcM7KDHi
+f+t/WqGQvdr+PIFxofZhG2UzWgA5G9mS7oTw9HfUbz5x7kyl0GiBJYBPBkrRxNQ+
+i8glrtJMm0yzIFiOxuib9FdQukSLQfoE64uor+y93enIUTt7mHnIE6kDxYM/aZCI
+QldpT3XkvSc+gGYvkTKANjnKryLYphAIsbo5pN1dBPktXWV5qZobJZQU4W2z1nwi
+adOcL5bFE70LQMiIbnqUrIgWtTNq/8cfRD72uNXMv2f6zeiIlZxqF4VBVax228Kn
+vPxBseT3/a/K3vJid6vTFeKEiQg72TzAG/JAWDjb2THNeHk7WttfVtr+8KI/cedr
+0hchRq862PkeHwkAD0ULP7fc5SmFvn6qWpREVaaaETl/g1UlKbNA17YGm9q8o3N9
+ZW9kRGXRFMa0cJKuflwUEKJxQO7LtHVurzpfE4Zca3dG9zBpbNBek8moTWeW7SEK
+ZeDd1JmPMjGGB+X4lhtMyIgyf3g2uKpotpkwqEJ+hR8Uvk5MbX8vRFhomoQLCa2f
+H2IahW8nWJTMKcaiLwruAXfMmLx649+P592cjN6LscUcCCLeAz8CEkkWh/3mxILG
+hE8EFhQuT02s8zXAzOfxrphDKV8z5NCzdKDUJooxx8PB4DXyKz9QjSYQxtlQ4lai
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCA2Cert.pem
new file mode 100644
index 0000000000..74a91c3f79
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCA2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5B 48 A7 D1 4B 42 C2 55 95 98 67 40 A0 09 D7 6F 04 57 C4 2B 
+    friendlyName: inhibitAnyPolicy1 subCA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 CA
+-----BEGIN CERTIFICATE-----
+MIIDjzCCAnegAwIBAgIBBDANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBR
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEh
+MB8GA1UEAxMYaW5oaWJpdEFueVBvbGljeTEgc3ViQ0EyMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA1wKZbiE/ysToa9HAVzFhiFhUj8zx2fLR4Sx+Yk5p
+0N2lfDWP91hTtP6CamBOzUIRH8s14bRvcAJfwdepbzDw/SzH2gi9D3qlGA5H6Sba
+29u5CHN1fvHcHkBh2uaA0r1tGUgI5B9OG3/kGvzWN4kU5AY3zsZrsxASmbyzUtbb
+GPQGf+UFrzFVnTzSTo5bfhJI+J3KQOe6TpusxlnUsKbEMEAItF1IqIKl/9LskeD4
+Nb5Rr9BjPe73Q5mGqtd9wV0gZNMa2wpnN2mJtdpJc9E4c459Svdr0ud/Lx9CMm2t
+4TvBjaDnhemVQ5PnjTUtIWsX+bvLmLMyUpPSPmJJNfx0EQIDAQABo3YwdDAfBgNV
+HSMEGDAWgBRAqcjvsmE0lURsYYYCqQ/mQa5fxjAdBgNVHQ4EFgQUjAXc335k22K+
+20tRZIxqZthco6MwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wEQYD
+VR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBCwUAA4IBAQBVZuMq6323Ai0EJicg
+9wk4pPvFWNdG8kkAEr6jA6lrr/h/iKt1WbQnRRMHNMjfQa11Du0EiQpdrb+lHmb5
+PwXAcBBXJf5L6Kb59tR/bvnEbXWi4GwQeVlPMmyytl2Ry5h0GahTtCPdFL0VBD8L
+4w7GUL3KTjJp4/rOm42Dnk8/RlpYwia6Ynoup7xOKOYJR0f4ooIYmQs4eA9eMSdj
+VVVViwHZqTzshR2D9peuGRj18go3tVJj0j2rrsC4WJ1fVhlpO4UGmZZvh2MO8UJI
+U8NSOizyKZu+RvVHr0vXJJCkmShqYKTpbg4mrRGY5VjvEwSZU4wN00zZ7gNd5O/v
+vKwW
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5B 48 A7 D1 4B 42 C2 55 95 98 67 40 A0 09 D7 6F 04 57 C4 2B 
+    friendlyName: inhibitAnyPolicy1 subCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2FAD26B357CA72C5
+
+cDt9ugky/xNhuX7W8o9Fila+e7LFBGDp+9fwWvyK9vQClwEXPBYh/uA54gML9jXl
+jF7pyn7UKQTts4nt3ziHRAdaihLTfYgdvYGc4++a2fiA8oKEuOpNGnzr0YRRat4Q
+eKiwR3fGdcRnf3+YF/CasA2n7wUGXWJK3r7GvQTQP5WhcehUqOd7eI/k9cTJuzN3
+WlVCoPh9aBwfa7Njtja8RuR4iBYf5mSPjHaJqWkvPEedAvi//W33npr2HJQ3n2nS
+HfWnahsyjhiBgIInAEpaIE8C8z2icXKsz6zR8HxuxEwMeg4ewKpQRYFosOSkYosD
+cLiMtoYXzZl6c6/az2fmjzeSBOBPAcYuOXaaXu7ySiirf2tbVKmADQEZFhqjx9Ag
+ZimsIp1FYYKWSJBAhn4doteyVsabVJocDBuR0feHHg6woUZ8cKlU4NzQjrc7ywQh
+nPrNCg9R+eC96ckJCAVHXYpnmcPzcdZE8ETobw1eC4yIvD8qNaUWRK164MiA3i0B
+u+vEz47ryQ0AkYdhKQ/9Kfcc5IWXsnBvK06XKsIEqXPgShrU7nGdM9FhySsofv7c
+e4yyqem6pT3h2Qq6KyAWmZeFPVTQibo0XzFkIS9zLtD2Qa+zpZNGPtoswLX8300H
+wfYGD3NnejCDMmTpV9iZgJYpVSYeXPTF+Xc0tsYTLN1HZDu1jen7L3+L4yIqEAce
+c/PILr8e4jTRRZzreFFb3tf9bPOY7+7a6iQ+MH0LLYzjHGNyegPeYEtup7y4fVDS
+VOlVRDGRR17a+m2whys0Z7m0OAFcl8/t/anxOgzSD5Cxr2a+DDcdNsh8tGzZGXao
+WXAyqHhulk2VdhN9JZKY585xAW1aEhGksDt0Y7whn1s9XUItFgjcfahYkbV1eflm
+r+tSoZhVfJTibUm3wdDLRS1UhjInD8fuhCXtU8+1x/0l4Z5yI/4d5f3y5DQwtt4B
+JjXYVjkHLFHJqUojPlwKYFHIJCom5U/LvAtsIVZTbmcRhSKtqwQ4sfRy6jrJuNsA
+U9ww9OYxuc68t1CY6d7isazh34zLFb9r3Sgn7NLE5xAykPJAXhoJHtb7QxG2Xr9I
+AmL9hPKDsiXVy7h3drX5f6ItYzgg7xeGjrPeZbaGJeiTzfII1E0z9TIHzgjg67QW
+fjnkEnaB9+/H7OE15ddmzexcA5CEEIdNfaQhqac6TsMsZjZySyW78/3t+UabqTpJ
+0r2mps+zySOE8Zt3NZHepP8hTKfnKyikW/NX1oG5Sec+vvVbxSACzyhts2b+AjHE
+bNGbC9qa4XMIFMqU3u0qNTR/8Qp+BMMs7DTy2aSCvln0nVdH/VCu2B5FSliHX2rg
+OsYIfkKoJlzcRx6SktcWOZWzLW3EmbxyYbC7XY2O++9u9BrrXQc7Ny3m8ThCR2Al
+eli3faY6lHbApqbO8luxAAyvaG1rqRFlxL6HyreAGQaEM7SJUAEldARzKBvpzfFu
++pdVy2NMzZLhGaB3Ij2zVezNAzuXw6rlp4tN9wSINwjkMAqaYpZYQaDBicVi/h7b
+7IYKM/cBJmP2j6miyioIFtwrVaKASeiXJ8k3kSkXpJaEbGY657dHaQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCAIAP5Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCAIAP5Cert.pem
new file mode 100644
index 0000000000..74681c18c7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subCAIAP5Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5D B6 24 15 CA F1 97 28 65 ED 33 7F 27 F8 44 EF FB 75 51 86 
+    friendlyName: inhibitAnyPolicy1 subCAIAP5 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCAIAP5
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 CA
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTEgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBU
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEk
+MCIGA1UEAxMbaW5oaWJpdEFueVBvbGljeTEgc3ViQ0FJQVA1MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu10Q/7dllIbdDlDoQXjb6LbdUZq9K1NJUZUZ
+KxTwF+JnWroxFkmUtCYP/6sxI/yLWrD4uDuVWDx2bYZ1lGqdrBucimlvpUWAqJmu
+jrChxpNXfzSBs/9uSsp9S5Y9ZCU7+lSVoQ0FPM1i1qaVC23crOxcKyVDwnotJHPi
+eL4fU9zLnw2LZr3gcF5wn9cH1qXGYc4HKXm6MaL2P+RdtZORjBX4/zzbidsar91N
+z18nDm8ittPS5oMPDGA7Et3pSp+6IrDn/r6kuGaLYrJ89BZ2rV/jQ4krDZiSPtE+
+sjcZacvGu2P9WXv3ZY6tqo+125T1NzHPDNLiBcdnT/bLW24C9QIDAQABo4GMMIGJ
+MB8GA1UdIwQYMBaAFNimnieXEcOO1Bkh1yC8nO2he/LTMB0GA1UdDgQWBBSJBFR0
+BmCz9wBuoGGOFfu+UgIGJjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYDVR02AQH/BAMCAQUwDQYJKoZI
+hvcNAQELBQADggEBACLLLvFs4MAJ9pQg70MPbjrrz/lZnHWNu6ew1q6O7/Nug+wP
+UdwFdbKnSAkX4rXjLyu4tvqH4akkwsn4QKSIpOQlaghbHLK+WL8ITUHzQv+m2Iv4
+F02wWIIxaGYdD3bEIm3qMHRHoO4cfQz6GY2an4vjvik1a0sKM56es9XM8M+U6y3v
+qKVudZb7p9xbGMjNwnPaBIpXwXS2XJaT2X3YZBpTBlhXrpAFc886TwvS5LqEzdLX
+6WTi5NhJN0Y2yjoffRgrkQr5C+2Nd9pkcVHR+T5yQ9NTzJa3lgKfDY1ZJXTAQZjP
+vXG5L02klQs1z5rrMPmQwXhZqgi2HelFaleZXrI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5D B6 24 15 CA F1 97 28 65 ED 33 7F 27 F8 44 EF FB 75 51 86 
+    friendlyName: inhibitAnyPolicy1 subCAIAP5 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2C62EF1BEE692234
+
+1pKDUi+tgaTyTBuYMwYHv4ZPmXS0i0HADwI3gEnNNkFu4Xi33MZ0fmWp0fZgoAMd
+7OjUMbFaDw30qxjxMR9iBwyieXWslpJ575lw0SgH1LBvOYhHXbfa5YmHyjMdKZsh
+SZLp4iEf6Wc0oaHmD7ZQjeSD7H3JWSdAntOrYcm183f8FIrjBWUPkgCEtntrZcFV
+Li053M6GgGFSndfl2a745iKlX65ioscCL8MhWB71yWlvqBm0p+56Im4TM8DI6pC1
+WpkqAc7rbWVQSy6NjCsk6u3m2E2Lc25vobTe3gMi4I3XSTA6MCVhLhZG6MnpaxFh
+yNW31iztQM6My1eJqiTmFjXrGSFHGG2T5E590eEmEzjfNfcYmc9Qvy9g4+awMPqU
+hOnZiocMOFfz4Wly66xqBqL7UwruOjSjSwU5VhTKjbxNsZ2umaiYFzGj8Zl1oLDu
+sKz9VJDI2oeOGBRF2aAc+8WTimis69EvQDdXyapoa2tg4x0QIzQm2e/Wa/egCwsX
+jQmnnKAbs+vEzRd68JtmzWQpwl9vXomAwQShIaWdEwfbJrXXGWRtwNvhM1N75cu8
+wM5EFkYa2787zNPWopK6eRn+FfddY9a+yrNGpke+yyn5lKTTLTT9LeGxRruexuuo
+Xg7izOryaFTAozdZF7PsghC8DnqJ8nqc85Qg6ynQD9noF5o9uiD6XIYGCGYTHAp5
+MpakmnEBMI4XnOTAOrOBUeBG4neAW5ZIDbh6wSdmQVomv4STunSBajlCX2RkaeaB
+1coGMdqLnjijz5o/1FRr2TdXemmmczEZkNLlj5SSBOADPENPJ2c01+nRf+HHCx8N
+avej9VfhulWHSCTIN3ZWMjnw+OwBPyAvpUybxfnDk453+ztV6+8JasGwqSGMc6gZ
+OwqNlpkA5gSY9Anf/DVhftG2AZ0PBTzXySyP/6qp2aWXQF7m/GHsY1/eApAS92cr
+FY5W84Yhb9QRNxfd6fMYJuoJz47Hyo4PyC50YoccjNd59M1i2myp7FVMrHW5cVVI
+7RY8kdKkKMvuLm/gv70O2yDn95PS4KzRR3Y0ldDW4SUuQm8b+AlnV8ypm3rCQWvK
+wRT/h1DrBL3pg796rcMrkgcf+ETYL6RNKPYnV/lzAxmSUlmjtltV510KUnsjxiG8
+4T/eSBx44DI/sr/ZfVUD/L7NZzJ5KFwr9UwfVW77ECh4j6sNjX3WzVdclGI/3GTz
+qE9qDUO2Y6RCo6LqXS0MNRDNzOBxEqCR1vZoxkYPdLZK4oggljvmhGDmzzXxewQ3
+CAd/BkRNzrjOZw/b/UQIy9cPSjvE53lHjHLfxn1z/EW3J2pFVcx0Zmp6kNQe5ppz
+3fZRtGnfSvb2boge2bhthzk83W3A9V3qoxdP7N43fKgwC9H6lG0f2OLVKcrHt3Bk
+dyCriKSVz5e05mp17hapYL8VMyhgirzvFNknnL2+1b+VbZnjNLHGyeUgCqpl+cuA
+jAHv0JnYa9vSGR/CQvl/V+fhMAtzp5Fnd6ja0i9uteMN2RYcIbczio08vVW6Jyf7
+J1xEDjHVywFltxb1zd4lz6rKJuKFaWtFbeThzgWHsFDKVkB5CBD7zlmfDgfGuSGJ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subsubCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subsubCA2Cert.pem
new file mode 100644
index 0000000000..cda31665aa
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy1subsubCA2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 49 FA 41 24 8C 26 A8 F6 EC 22 DB 2C FB 19 9E FA 0A C7 E1 01 
+    friendlyName: inhibitAnyPolicy1 subsubCA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subsubCA2
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA2
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0EyMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowVDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExJDAiBgNVBAMTG2luaGliaXRBbnlQb2xpY3kxIHN1YnN1YkNBMjCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALAa5di9sE6N1APDJcqBi166iOEyhdim
+UOR8WmLQQF+zANUCiwfgGLuTDU5DASaua8OodRLbdULKgYFqfOfFFaf1PXckA2OG
+sCJx2W9LiMihDPFke5F36LTsoQ3FQ0D+ivyr6MhzyeaKnMIQ5+lZnzd5KLTYm8UM
+FTMc3KeKwqj99doaZ2bkCF4YtdjacJwV88+7Qx2BHFYX/KKmM0V5ATMv2TAT7Hqh
+2zA316mUcmMBXau3bYheXZMxvZsgUYic+FB1RUgWIu+lRUqFw5l0RnpbUvJR5dBq
+78wtY39pQnROCm0q+/sOOWDGsaDxye4inrH6i5FX/kjJcgKDvX1GsHMCAwEAAaN2
+MHQwHwYDVR0jBBgwFoAUjAXc335k22K+20tRZIxqZthco6MwHQYDVR0OBBYEFBF9
+wJyKdvlJM/ekgUuOMHWVO+iIMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD
+AQH/MBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEAs63PsCAJ
+QfGsdCQ8SSViQpUxIIHmogbN4xTMfYk880Kjepk6FEXM2q3L89XKpi2oZiNxjfvN
+YAZDSuLSVtfli9auc7RTtF+RXz5Pjs5U4htAHFz2JAf8nrAQ4sRBc7q8wwINGjRB
+FSRHQUD275u4CYLsXf7dMy/m5Pe5FjQ8EdzuStshwoCTe2cSKv4r/YGqkBiatt4i
+lsjfcs+sQDyZcQd2G9U2hGe+/uF4VXXOYq87ARie8osBUiVfDnRSdeTfTdLq8MB3
+WYR7gQlA/OiTjvgyeKPYnM7RmKKCcYy3ZdXmsMnT9s1Zaqvw2Zh6xan4sWGbQRs0
+mBDueMYtypQa3g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 49 FA 41 24 8C 26 A8 F6 EC 22 DB 2C FB 19 9E FA 0A C7 E1 01 
+    friendlyName: inhibitAnyPolicy1 subsubCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2D7D9604BF088637
+
+L5POqQ6HbRXYgvSKp7SaVLs/tX7tzoXcZjON4dq2tMZFtExF4gNdEduC7k5bRQPz
+sJKQ1iQivuSgDR9uyXODE8xpTRE0HBp2P1QahiO5XTdL/UNEsTfgsbrU0fI9yK4s
+wf79PNe/nu52sy7oiDTZGdycmqZdVfOs5i+KS/xfFHA4wkdpsQazzEK9fhINypou
+lZnhZp1hMO6bzlKhvY/XyW0YM4kj3Sr3cByeIka5NgvzLPw1u5AGpt/XxG/ApoZ5
+YLH17xVzk5tf5OhjyeFzh2fKaYeeHd4hBI8z+NvtSj6HhzMY/PUxxN60jLpgPxCi
+jxEwG+sGlWdr6oTCguXIyEbl5IFqGnRnazyLxpmZ3Y3T3jODLUqy9+qBh3THQKp3
+hUoH+XZikz/cvFTcJi4jKEj8roqUB2q2A1o/nz0Yw/nkwK1JmNedVPaRPvw6QJst
+Gg6+nNCwift+LFVTYFW97n8KOq7IfA7pPWkghW0uIhLHZNu5RoS7KLS3W2zWd+E8
+1oSfXaFwalJn+958OPxjcgdREMPVx629UhN5OqCWE2b5jIslOp0+AXV17tb0gBnW
+fjz3oDC32f9aY2Ljef0cJzEGazujrLsGlQM4ZAXmyQHflnVbJXqhld4XacCiCo7G
+lqtXirsLFLq72bK/3qXOX+6OpPmBcQOwDJbv0lLB37cbChzXVIjwixrb1w0XfqAh
+tLwxIEPAgWLi6dU/+A3QPtgVukHD1Jl22dgbFtrVEoCdK+IwyZIX14dOQUF7u2mQ
+90V7HtDrg9xx4Tk980yeWPfFCFEFt98B0HuPEDlY8hyhC4f61oZ8qnXS52Dnomjp
+2068Y06NDpoyAgSqZKt2O6+rX4+G3USWA2vjVDKZM4P45s0r7oMcKEGneFXT6rLs
+PENq2u5ATjWi7cQO9zdoEBw3gCeMHKACraX/8F2h/lXJhWrA3PmvBqgREYHqhpZ5
+7ozLfA83DRlNb1cEZEPdIKWCZ0Bmq/GSkcCYzWF3h+zs6Jc5J3t/KNTBZGeHGnSw
+WoiONiqKvDDFw2sK0djBfgYuHEmuabnB15jjjTGGH/LKZHA1XNrXuEYA+C6wZEiO
+5Ugu1/gmUD6LvjOwkPjp0OhOG0+KFZ859RDDKtw9grHWq02oxn19/INQqq/FnX2S
+gZpjkvCkmVzeqPhV7DBhaW9qTNDh12L6Wo0/rDzhPvERcnHcneesrudrUkpkguMr
+XJ/ILHvBEHbKEIliy+ZCrqtIunMGWmrVO/dkT8luyfag55oUMF4dlXbtGszhlU7T
+yZdN/t4fx1F9rJKw0lN47iwmLPqnFlqByb71sp19Yf3UILhFfQnW+INPv9TC5Of3
+QEof3kRTcGeVo5OMn9BjRbGtzCbQ3bgCJfpqIBQvx3+cYAbTqAdVxjtk/OCYFttt
+OKhQfB1ZZ2WTtmZ5LwFBvc20L6U7jyTVJGXOUq1RTgUcNzG/Tyd2jfOq0pYFPeyX
+9d0nuy80P8d2f9iDef+LabP5VKNTfLc270f5T1XoyFDVzeAe5EAwiTMufgvUg1XU
+l5NS6byh5faGxD0JdCEGG+s0AfUhZdGHOK6w/4aOqBpkOSUchCmEEw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5CACert.pem
new file mode 100644
index 0000000000..1c39167ebf
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 96 DD 41 7F 4E 2D C5 8B BF 51 25 F9 03 64 06 31 E4 15 AC 7A 
+    friendlyName: inhibitAnyPolicy5 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy5 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIBPTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHTAbBgNVBAMT
+FGluaGliaXRBbnlQb2xpY3k1IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA3UgNJ6YbK+6YWKAVLudNC4/A9551Bu01IOogUe+0F9LIv7bQPx7ovDiZ
+HA5j7bO3vR1i/VHFgMxrurBmyWXZIK5fYUIqZd5m5ZCZCXPeExOgIL9XrZw0rt6x
+4eZHWN2ygIALlicLJvLXNIymuypS01Pca90e0yumWg3yV4HXrK484mV4xAXvkKNb
+gD6wdSQ76tsMG+XnE7doGfAIXPZS8jwkwPhxNCcgmmUoHVl1aeWlJJmtTkPx6Dpq
+iysJMyA/pfWGb4f6PRMI8Mv6cN+2rfwV2Ec0v7W7KV/moSLJ7u1zqtHEceTE5F0V
+wbIsnv3b3kLV8Ey3yMQihZcLx795ZQIDAQABo4GaMIGXMB8GA1UdIwQYMBaAFOR9
+X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBTAJoHnadadfPC91Z2qUw5l+ZzL
+CjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDAYDVR0kBAUwA4ABADANBgNVHTYBAf8EAwIBBTANBgkqhkiG
+9w0BAQsFAAOCAQEAhs7mMDiz1F1wTXNxIBHbOCsg3foXn4M6jK6pOzfDLo/VQG0G
+fvIexIWEJllgQ4WDg9egg+MKKbHRNjDnSZG/nDfxJzWf+uvZ/AtaU/d7CuFb6ykB
+2kYoowmyRZY8cOLFHIMgIyXlOtaelVyvrgmz5deKSBO/Tp5/ss+84UUtbwHv6RL0
+jhgau96YAShZiwvDMCDDnjszHCH0Rl+qY9SHGcuQgrAzj8wYyCcJ4PZDahDxZoxc
+gB/0yUMXG1XgLFK49LH9e18ya3aZ3St9SHa9kkm7l6zqymyR8q4EBgK5jZEXy2m/
+thrfDzQan/S/tIrqzJHovMR3/AXkI21iCTSQKQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 96 DD 41 7F 4E 2D C5 8B BF 51 25 F9 03 64 06 31 E4 15 AC 7A 
+    friendlyName: inhibitAnyPolicy5 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,ECF26E92DF31CA59
+
+adpAekT6JeKZGiJqT7MeaI9XW8E1QAFJZ+vo7muRnCHc1lkZSOQeMc0hiywp7UPg
+Itof3x4CeN3ArulZk4Q2Bv2LQ2h9NMWmEF8T2F54CUPlrI6mXDukCj+o7fT3v87m
+ABnS2T7KnAtY+t/K7qYUwW3k7Q/iLsFrIgPWIKpH/dLYeqxGAk2oJn/iB3Nb0Y+W
+1+Q2LkTsVILQt/wNp/bLfLUPmGi27ec8DedAHv5cJUmWGmreIO0nd23dQmZg6kxe
+1VwHH+Y496CUbnNSo2M0vdf0q7DDOGAkzJnnG18VJ90bfsjE9q5jtYGWG75+IODe
+UEoGxW3MrCEo2ZVYY6Sr292WF9+kv8HjRSGwHxvWl2cxM8qmtlbAKQklDRctHfsS
+4CjGUrZh3dHbnRAVu9uJozMoFF0ojlUB/jsLeOsN0A+i9wjJ7PF+BsABm+ccLtuK
+8omjcxMhmRfYHKgTy125ZpXcbrXSt83ocGoj6rLK+ship/R743UIsuecLMrfY6Ml
+xpZmXP/sLdRH/j0Tswi0LPrvWrI+KKJuvgrSkDTUI8Rx9Um7pDaSulsQp9dXRXqH
++WmZjmlT7pjHzC5kronaW06nHMngNl9+zF9YDr1OqL7QmgLqDK3mKmtR5QOdSRfj
+Jjf2ITz863NU8zwm2h8eh1T6r30VD48UOzuiTHUcBrXc0SLH+UAvi0NzAydYmrYa
+jJlrm1QQC3XopPfhIoSx33dEIpI6Tfw69Z3Rjo6L0H/8sseZ/t36mE5905YMHCot
+fe8krSwaT3EbYrahnFk3zWgNb1ENS+7E0PnVrrPhLCz0bPiv6vI6KGDHHhXPIr8g
+G0Ouya09rmX9s4HmDyXuvvbL20kbAKOSTFaYTp08YQCdwdWLabARAGCSAjQiCMYp
+wcUXK9CpvyFcTvXv/ZJ6E9Mlsu430mO3bJFLA2Ot9TOw1BcrKSSsUBeV6joIorGU
+qn8D9nLTxarWNc6fztlzFAA/6KdWNC/yGRbNyjHBUYd0IvIpkLcsqZN4wN8W1g44
+yMgWDJwZgMsI5yXkuYCw7/nvAA1TTsNx1Vq0K/RX6sEve63YTOx4dcKmfC9MFwXm
+vZYfn+RZ0nmrdvf4IjYa64WlpCpZSUaIgCTNUOa64AqXDCYO1s7xTbxBQpogL2T/
+mdCErGgTIbP4Tt2xRPIJ9ayQynPE2+ntUoJ8iYfipBlRKW8plYSY3hrQh4Lsczrs
+/r8V5cjim1/Rb6ZVoTlUF+7uUTvNc0WGbkXgMyLQD3KP6u/AE3zNdYnmYN/Ia46D
+Ls+26jYEIY9+M/LnKUqPR7kxE7tIq2XZtxMbHQHhJQ12EOwfkPTn95X7dO3qdgzQ
+DXNkZgGfc/uMehlUkvCHKBJuiXvyTqZueaGIXjNwODdhcIbv/kRiSzI/UxswUPAm
+w4Xfu3X2HzE1/4g0UhdZFzPYexejSVvlf/NRQNcV2PBwZw7DVuIxSWgqcz9yuF5t
+QAndD1o31X6xhB6IYKBdAl0UCScvx9TcIFYYlbKuHCRbGLYkQiHRRUbtiVjkrWCS
+4edrTa8jNhG/N/nJsuS1wuzBTHahsEFc1gNEzz1Q1gsYVGbIsYuK6Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5subCACert.pem
new file mode 100644
index 0000000000..8289750405
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 06 FA BF 4F 88 83 CF C9 20 30 63 1A 83 9D B8 58 77 2C 1F 8A 
+    friendlyName: inhibitAnyPolicy5 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy5 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy5 CA
+-----BEGIN CERTIFICATE-----
+MIIDpTCCAo2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEdMBsGA1UEAxMUaW5oaWJp
+dEFueVBvbGljeTUgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAwWjBQ
+MQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEg
+MB4GA1UEAxMXaW5oaWJpdEFueVBvbGljeTUgc3ViQ0EwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC5561W3C1C2WjmuY6Gs3Vb32L4i2f87Awffxn7zLAm
+8k85fRXHKT2gR2DKwSM/mNt4q/22qcjAKAuEhv7GZ2glmOt6m4xeYUq+6Y96Qi7Q
+Vq7jwBxT+yIuo0GdCsnSVJ9ZwS4pFlLMeL0zMZQniHRYg28fcEp/DJZpjxMu55DN
+rNm7+nEwphnSxLcuNvq5WO40rKBDLKVEOOopp3Ok+bsamuVWDkucqrkTRmEis3Wq
+XXv0Jgsh64h9SCI+0bjewjlQppunKfj0upZCNTZGodWKf5qNuEcJcVQPJdT2/vfk
+m/GaTflkY7yGkc2Vr0tAJXkiS6wk1lrGKMLIzQzSbVzbAgMBAAGjgYwwgYkwHwYD
+VR0jBBgwFoAUwCaB52nWnXzwvdWdqlMOZfmcywowHQYDVR0OBBYEFGyZqbYF675w
+STZMWJoi6BSIhS/bMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFl
+AwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgNVHTYBAf8EAwIBATANBgkqhkiG9w0B
+AQsFAAOCAQEAd5CGkdrpbMYK6NXgbS03kQFxAhmgnpY6aU2j7d4RatvkkSVHp5Nf
+DzooyQ9oyz3cmfX5c73vN+Ugxqst+lc4/wjnNmiCm/bLj1pQ89wdORHKgiLU2HnL
+aTkQQOwSczl8xqhK7ATk0ZgICmMwxMxhcen90u4SJwRPp0dIGfIiBUEvnnst5Lpu
+9EaPAHYvrsXn1kYKylWEFRoGEI20TJ360COTYF6TwFR+hsfkcIYL2CewtkhqW0vc
+k83ZgqIlbI7mTScbLLjVjFbldjJ3OGspaXlWcVPAEP9T41Xj+vOKagDwBxM1gaOJ
+h8Y4uEIFS2eAY5+qzzXEnbTG4gVCEJzyTA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 06 FA BF 4F 88 83 CF C9 20 30 63 1A 83 9D B8 58 77 2C 1F 8A 
+    friendlyName: inhibitAnyPolicy5 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8A5B334DBC670404
+
+rGsieRSVG2XvI7e4FiZ1Uglu4V6ZBCQnZQ6d69jIgX8yqtE9z0H5/DRcoAIQ3mQs
+ZhX3Qd3sElxByCnpqrKifmDpPu9u/rsau6Wxi/wmYuiq/BlLpiILCOfEQTxULbFt
+jsd6wtk+LIZCYKWLv5w6pDD61Hsv0K490eyS3sQF4wiLNkhtgj8QZE2YSF1zizwm
+747fqsHlwoTkQES7fFhJEtGDbZcUq9ntyw3HSupMYyiBnp+Mq7itCmXt9V5LCrOv
+CJqHam4kZwS8kkGIK/J4L5xKqKGJlMRQ6oDgpVa4XCWd7rgXknMYQzKgdKwR4cy5
+IkDU39b8kYmpJIfXooZxSAJSkjF03mIpVHQBbWlnjip/CrUhmxuSPFAP6c4TRDMz
+O+vzyjId6G/mdlLXVlSa8QiyCrDW4YyC8aT6Blxy18p47/1F2L0yDit1o+sGHxMg
+4PwOM976wSb7xZGBdooPlq4lpt44GQSyG/AZWoUjo2+5p9+VXZ6FMCeN46Btv5dS
+TMbBIkdJmRGosW0q2wVPX8TrIHFnGWNXNOA5uwkqIE2tNqCqgH02iDNaNG5hFOtP
+lNhJv5vJ/kDLc72qETEQMqviK7zAyos9VQCouioXH71vVxX79v8525DN+2hCQy5P
+hXol41S4YG2/gM8/R5pymndqo2Aig7XncRMqZUWtVam0uuUoQa0WnIYxcyfLEKGY
+nqixJwFqgFu0Iv2FdEwIaGo6zjNneQiRr56a1TTKd9MYvm/ZWXtQL1zuuTtD+QOD
+he+CHCZXnEJoTXSvNOc5Ieo/qoIbbXbaf33znX1ljph79N2MVd2O/auv3sU+o3CC
+GWcc1Sj/pZe23x6G5XZTOX072MMZZdIBO4W6V+qupnIIhK9MecYERA7soL1pGO9X
+8QM3iiH3qd5s3gfcS6MSq7IuOKDkHneJW3yQzFZnsopa+MPxe3O9/pEiksWH7bw7
+x6Qw0+DOXYeSrrVXbjYHJ4Qb/nTBE225zAZVdqqgnRiijE5+BLU8re7d+J9SR440
+t0c0/vp2UjkiNzq+W/uzrdaF+U2xwRbzH6SQqNCoSmWqdvtX8qLBf00SskYpILbV
+qgmdqiWROBWoefkYRHAdpysw/4hJUNsvfVkVwv5bMvirE18NpM75bzZqzQKlHNBK
+d2Cr+fsG6QyBGoIijoixMXOSDw9lO4jNwSHCNkqheLOUcEWkWIII7lNoUwCXib7M
+W40OtSkTUggMZTXDddYZ9fgBNsc9g0n0XtF5QBPEhoW/BJBisuRcL4gj+qLC/U0I
+DgzFM2cwGE18OcI7q2u/OwqvKzGXIIVGY6guy6S1tubL8QivHnfEBHEGZu20EQlr
+PGOqd5jClUngTjT6dVlRSgriTVXQXeEfMUbs9jtFHSCe9nFQONhdIeRD2Iu5SwZm
+jguWaeTkkLtKwMfeW+fE8uI/xqNN6YWQI6UHxmhPmkQIIHdkbWGu0d6s03BnSIux
+CwKXpBULLMSkd1dEkVgDERGq61TnMNvwjxkEJGY1YyxjM3YuAgl8CYHr4wrwDDUP
+oYjlx+6WRauSfFANwGAey7KhxJKNUqvIQyxm9ZWiJRmKuJ0x3oIwb1LTrh9A4Jq3
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5subsubCACert.pem
new file mode 100644
index 0000000000..e2da15a120
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicy5subsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 80 1E 9D 41 62 69 96 11 26 7F 72 85 64 AF F5 28 1F D2 26 27 
+    friendlyName: inhibitAnyPolicy5 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy5 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy5 subCA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEgMB4GA1UEAxMXaW5oaWJp
+dEFueVBvbGljeTUgc3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgzMDAw
+WjBTMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAx
+MTEjMCEGA1UEAxMaaW5oaWJpdEFueVBvbGljeTUgc3Vic3ViQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCRGX+IdLeXlu6WOO1XhgOgGqd9vt8vGh9
+kaeJkJvY+1hpPPj5UzXz125tovx5oIsnxll0/M76mJUpNz67W/qeg+FkBHa7q+ct
+oZefLzysWBF6v1SkRZckKujdjCLHw6qoxSbuOKRC3+Y/o33dkB9wCcAjxWC1SZAh
+AK7E2PkfSh5pPE9waAUQTO3CjJuUPPwffh3WFV52ahhR18RfEMJPsIFQc9b40hEl
+kz4vuZLkT4BP/HIuFIMF5uzehcUGs4DUXQ0wxQesr+0AVCcDM5R1CR9S3WaGJURM
+uCkiQ7WWefgvk2dYkAoE0f0mwMo7nXHpj0D0LFXCFSXlNS8uV0XlAgMBAAGjfDB6
+MB8GA1UdIwQYMBaAFGyZqbYF675wSTZMWJoi6BSIhS/bMB0GA1UdDgQWBBQx4T/8
+Ym6AZc2peRAAK26JWugFwzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpg
+hkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFxP
+sWa61v5gPCuZjV4CP5aoR9c3RwnXgwb1gigoeakbWE0hKy6HdZhrcpht+pSoeHOt
+saYnIEm2lM7MOC4vzvtVMTe3vj/PTwx44yGK3IxSRYs3tWesciRAJdfJrIBxUpgO
+vabTNdI2/7gi8KckWRLCpo0aiRriU8W0TDwMD9lEEMRJ2UGgbIsmExsy8h6ylWxN
+7BAyMWoOx8EQe7Fh9b+j5t3A8XZ0Oe7LdT7NDS+UfFKFqoP21v6h7iXzusoHA3Uv
+YQjEIwuZ7dYzDIXETb7jzQvdsY2mIFIwHtqP6csVtMQVu2WugApFjwGoNV5d1DMn
+XpjK0TofQMZYNOxBEZY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 80 1E 9D 41 62 69 96 11 26 7F 72 85 64 AF F5 28 1F D2 26 27 
+    friendlyName: inhibitAnyPolicy5 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,18D6086D08530D26
+
+0piNmvVEM3en9DlJy6As62VsIKsH6IaGNrjEkd256Ql5UWClirgZdydhz2bs4ctI
+49fCVejnqWU6hZXZN01zKiP/h9bJNTF8336sQQHLw3RpvLJJgO5PY2ukj3ZvpN94
+t6csUEqRdy+QuR1BTMZrvDocCCSCWqBSRZmyShV2fL2eos/2hIeY0u4BtqF4fzWe
+mY6FXjI4P36Nla6G5KFIyNMzxFxp+XVZYdelglrgB9p6VLzvSSdk+K6LZHcXtopH
+JpuHf7H91npaix4L2K0GQzze0HgSg/3Ue/8ozipnNv82rhwFEViExa/88E3ddSEh
+FkaM/LNKF2mqT9m0/jm6O+682LqhJd7uh8y3u9n9t5UuCR5UhhumRvAZidpBF71q
+uPseB/ikypJQ/oJRt4jP/lJI3aPT89Oy80CxMCKAKvaV4+e5nob4bcyc51q27Fku
+WszWcOJWMvM6os9JgaCN5BYpqt7zpa148qZx0rq+ZcqC4l/n/DTEvQxVyNQNWkpp
+cualkUiz74A7hX098eQRI2Sseo6KWrV2fEcuQLIkzo/BxnsTRziiehEJYa2khhUW
+qwapQ5ulM8vU+e6vyrfJW0z/kuEoLWFkq9o6wA34eRta7hxihoUcjSmvCbJ238/i
+mg75biBtsoB/KNJsX9eLLmxbaccPH64ETuNLH8Yj9faWeOGxotv1HCPOqTL4wrQG
+Czpd67DGSspl9PVG3TXFEW8Xf0fl0NqVqx0MM8X7Suq+3svX11VXFiqUiXiMvvhi
+g+WjtmjBQ5HWbu/LuG58PIBkSzah58vmFB+XrvWRb2HyrBT8hvZRCIgUqLzr8Ufx
+vOkHtlVn091XtWqhLZBrCjoCI/U3K+TmbbePxzAB/ju47vjF9YPQRD6IKW+Z38rb
+j05timFYKLPDyOu3gaWNI865LkOxx5JgWR2rIoSALv7pln0GfGtpAHvRPdrUGoze
+Vu2jqqPCPlddQ8Pm58BSYj+GRRKANfJi5LdPnRwTnbFceHAmk71mph/DnEgHfF5O
+mBfKXdPAUr5/Fj9sMCkpH9ihl4qylXAd19NzW1oM4puD/L22d9VhXD1wTdAWu9ew
+9kdrRiPl+Ohm/ktOkjLYkDoCol4sfxuetF8pXswRi4laqPvz+kw6KMgyp61gcGBC
+M5cbpAZhH6zfDLSnYPaC+GTQdSjBWp51LZYe2ChPocOs2HPVWZ49NLVd8VCJo48e
+xFCG32GW87sGMAV6INPAQ0CQBTAE2iWWZZRk5xrqehBmcjkl1WJBBF5DJN2UeZ1+
+6buBu5Fdtc3TM9PyIoDsBjKA1ma925bARz4OGhU39YbdgJDfSEuy6ahKxwr+JgEC
+C4xINh5BjQLpXewzA6F0O3sh4V9d5/FdMIc5jCeIGVfRkRRkQQwfZbg+gKhEg1PL
+CEy7SOPuahAHFjWSK26ZF86heHB608IO/GcljN+p1fe+I8z671fp15XxlKDOW0YS
+/hkbgwvzp5XYDz6/vkjRxUACuWd9s1emp5dv5wUBg9Ly+A1ObjFK6k9Q1judD4XS
+5BC9jrNUNdlXBGvy5iTTcoio0Kq6hHp7VrSi5ujgUVCiBTKWsWk+LYaIFLxh8OMk
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3.pem
deleted file mode 100644
index 05c743e5b5..0000000000
--- a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3.pem
+++ /dev/null
@@ -1,159 +0,0 @@
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
------BEGIN CERTIFICATE-----
-MIICgDCCAemgAwIBAgIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQ
-b2xpY3kxIENBMB4XDTAxMDQxOTE0NTcyMFoXDTExMDQxOTE0NTcyMFowTDELMAkG
-A1UEBhMCVVMxGjAYBgNVBAoTEVRlc3QgQ2VydGlmaWNhdGVzMSEwHwYDVQQDExhp
-bmhpYml0QW55UG9saWN5MSBzdWJDQTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAMvuM5rrG+hunxSZwR8TVsLND7teVaTAzIxbnJv0xpVvawDeQiN1A+CIdJH8
-TUXrgcfdU+E04StBCqDRBr1+DBMt/PuBDS/I2PcKqBuP6sfkSDr/lPYkbRBI8wZ9
-87H/ke7seqh7cSVORfqg4KupdEE3i2gxONHlTT/7XV0C5aOlAgMBAAGjdjB0MB8G
-A1UdIwQYMBaAFGbbtZTHBcSzPiuRud/IqNBNKzREMB0GA1UdDgQWBBQpIHiUjoSQ
-KUJLfKsOgyq+NVs8FTAOBgNVHQ8BAf8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAuKZUyh6gvU8Ab5pl
-P79yddRQcx4G1navwUD3YSS7q2rnmqY2ucmHX8H1JsOhQUqvLL81fIqAkWPANAmQ
-K4NU/ZSkkjtfTcJy5oYsVXjz0MyLKOwrt52j8MLZsUW/TIf5e57kPbORC7RQhEr+
-yMDT6AY3En8iF4h8mqMhwnQnO3U=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy EE Certificate Test3
-issuer=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1
------BEGIN CERTIFICATE-----
-MIIChjCCAe+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQ
-b2xpY3kxIHN1YkNBMTAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMFkx
-CzAJBgNVBAYTAlVTMRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEuMCwGA1UE
-AxMlaW5oaWJpdEFueVBvbGljeSBFRSBDZXJ0aWZpY2F0ZSBUZXN0MzCBnzANBgkq
-hkiG9w0BAQEFAAOBjQAwgYkCgYEA5paTjQbj3puhDjZ2oS+VWmYpkB1j3pR42xS6
-DZJFysWv18MFWj06Gcb3VAc4DowyPEHzYQuzdaTQASCQLSX9JskU/ohcioVwGiK5
-S80dAfcGLSVJsvMROXvlapFvgkhM/qqtvyL0ft/bTTMPPkQMqayQPNiS1j1NIOaj
-nLReO+sCAwEAAaNrMGkwHwYDVR0jBBgwFoAUKSB4lI6EkClCS3yrDoMqvjVbPBUw
-HQYDVR0OBBYEFFXoqY9k25OSv29Bm8cxsKCX5ASxMA4GA1UdDwEB/wQEAwIE8DAX
-BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDQYJKoZIhvcNAQEFBQADgYEARqFA8zrZ
-Fv0+U+IKZbMlVa9p1ILSXSsNk+KlwRjgJRk1l3UQtw6G6NfVhKkgNvqgrj7zcfg6
-zZuuMCad33y5ysIFZ4ohuBtD19Rq5TEp+UqAqMwaewF7AajpU0h+XnLg8v1uPY0j
-a6MimyCJtGwBH9LcptLn/+La3+6ap7ji+nM=
------END CERTIFICATE-----
-
-subject=/C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-issuer=/C=US/O=Test Certificates/CN=Trust Anchor
------BEGIN CERTIFICATE-----
-MIICmTCCAgKgAwIBAgIBPDANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEa
-MBgGA1UEChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hv
-cjAeFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaMEgxCzAJBgNVBAYTAlVT
-MRowGAYDVQQKExFUZXN0IENlcnRpZmljYXRlczEdMBsGA1UEAxMUaW5oaWJpdEFu
-eVBvbGljeTEgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM97WBxcmLvJ
-SCQLpyIPIhnb86f8mT4hWgvgIiFRNZDdlqrMl5D754iGLwoSRYWm6NZzneNuxpXa
-sX+q9JyoOc6/7ZQy37w/cp6Elcq77KWgALd2zRbEAbFOtdy216GpPB+3c9I7msQT
-W6bbzzGuqbTxaEEvWptSCBqXuFY6FR+XAgMBAAGjgZowgZcwHwYDVR0jBBgwFoAU
-+2zULYGeyid6ng2wPOqavIf/SeowHQYDVR0OBBYEFGbbtZTHBcSzPiuRud/IqNBN
-KzREMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
-VR0TAQH/BAUwAwEB/zAMBgNVHSQEBTADgAEAMA0GA1UdNgEB/wQDAgEBMA0GCSqG
-SIb3DQEBBQUAA4GBAJTqlrUt2/8sAjVasjqUiKDtFgaFp8ueEU93bKb/90sW+uxF
-HCyYOqmVYnjKLDGYR0rR9R9hErIFwlqIz3ff2K6cq7ND2uLm8BctGWmvP3s56y7V
-CooCKzBgRilaPqsJw12BrGGjZ4CaYx8ov4puyRW11UjrAcWn/8AIWCmIPuzH
------END CERTIFICATE-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 CA
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:66:DB:B5:94:C7:05:C4:B3:3E:2B:91:B9:DF:C8:A8:D0:4D:2B:34:44
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        03:a6:22:4b:c0:43:a0:ed:e5:8e:d1:8b:0b:d2:cc:b6:8b:9b:
-        21:e8:fc:2f:84:a1:cd:3c:a0:bf:73:be:9a:00:f2:b4:90:e5:
-        15:a0:31:87:2b:61:f0:cd:3e:ad:db:d8:2d:91:db:ba:8f:5c:
-        fd:95:59:36:0c:ba:0b:f1:79:a9:68:96:a1:2e:14:cc:0b:6a:
-        43:93:0a:80:71:b7:3e:8e:3a:da:74:31:5c:1c:ec:82:b9:3c:
-        88:ff:6f:51:05:f5:f8:d8:47:c2:9f:3d:3c:5c:98:be:f0:de:
-        9d:d8:a6:56:e9:53:62:cd:09:56:91:c7:ea:c8:bb:2e:05:a6:
-        38:b5
------BEGIN X509 CRL-----
-MIIBQTCBqwIBATANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxHTAbBgNVBAMTFGluaGliaXRBbnlQb2xpY3kx
-IENBFw0wMTA0MTkxNDU3MjBaFw0xMTA0MTkxNDU3MjBaoC8wLTAfBgNVHSMEGDAW
-gBRm27WUxwXEsz4rkbnfyKjQTSs0RDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUF
-AAOBgQADpiJLwEOg7eWO0YsL0sy2i5sh6PwvhKHNPKC/c76aAPK0kOUVoDGHK2Hw
-zT6t29gtkdu6j1z9lVk2DLoL8XmpaJahLhTMC2pDkwqAcbc+jjradDFcHOyCuTyI
-/29RBfX42EfCnz08XJi+8N6d2KZW6VNizQlWkcfqyLsuBaY4tQ==
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=inhibitAnyPolicy1 subCA1
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:29:20:78:94:8E:84:90:29:42:4B:7C:AB:0E:83:2A:BE:35:5B:3C:15
-
-            X509v3 CRL Number: 
-                1
-No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-        75:3b:42:7f:44:c5:fa:ab:b2:c4:63:ac:10:89:84:e0:50:32:
-        4b:96:80:48:15:1d:19:1c:b8:49:6d:42:c3:4c:b4:bd:a0:29:
-        e0:14:56:1a:1d:df:92:90:19:27:a0:b7:f3:1b:7a:32:32:2d:
-        cd:ee:29:38:d0:75:8e:8c:51:9d:02:7f:92:a6:af:08:ef:23:
-        8e:bc:b2:a6:47:36:d1:9c:e6:dd:4b:05:55:1c:56:47:1a:40:
-        67:4b:01:bd:b4:d0:74:12:5a:97:83:20:d5:4e:a7:d2:bb:ad:
-        52:a5:ac:13:44:fc:95:1f:d9:70:fa:a2:05:fb:73:e2:9d:15:
-        61:ac
------BEGIN X509 CRL-----
-MIIBRTCBrwIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxITAfBgNVBAMTGGluaGliaXRBbnlQb2xpY3kx
-IHN1YkNBMRcNMDEwNDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWqAvMC0wHwYDVR0j
-BBgwFoAUKSB4lI6EkClCS3yrDoMqvjVbPBUwCgYDVR0UBAMCAQEwDQYJKoZIhvcN
-AQEFBQADgYEAdTtCf0TF+quyxGOsEImE4FAyS5aASBUdGRy4SW1Cw0y0vaAp4BRW
-Gh3fkpAZJ6C38xt6MjItze4pONB1joxRnQJ/kqavCO8jjryypkc20Zzm3UsFVRxW
-RxpAZ0sBvbTQdBJal4Mg1U6n0rutUqWsE0T8lR/ZcPqiBftz4p0VYaw=
------END X509 CRL-----
-
-Certificate Revocation List (CRL):
-        Version 2 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/O=Test Certificates/CN=Trust Anchor
-        Last Update: Apr 19 14:57:20 2001 GMT
-        Next Update: Apr 19 14:57:20 2011 GMT
-        CRL extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:FB:6C:D4:2D:81:9E:CA:27:7A:9E:0D:B0:3C:EA:9A:BC:87:FF:49:EA
-
-            X509v3 CRL Number: 
-                1
-Revoked Certificates:
-    Serial Number: 68
-        Revocation Date: Apr 19 14:57:20 2001 GMT
-        CRL entry extensions:
-            X509v3 CRL Reason Code: 
-                Key Compromise
-    Signature Algorithm: sha1WithRSAEncryption
-        92:12:c4:34:b4:92:ab:ba:71:6b:74:31:16:ce:ed:25:d6:4b:
-        1e:fa:f8:20:1e:9d:d7:7f:30:ed:15:f7:8b:5d:64:9b:dd:31:
-        40:e4:55:0f:0c:5f:82:69:63:00:76:a5:cf:9e:c4:5f:f2:53:
-        9b:9b:7d:f5:69:1d:74:57:38:70:e5:fb:5b:76:58:c9:ec:31:
-        dc:94:1b:02:ee:9d:33:9c:38:4b:29:1d:e1:0c:29:8b:6e:c7:
-        bf:a0:e8:40:34:83:cf:ff:9f:cd:b5:f7:d9:4d:a7:9f:2e:bf:
-        44:98:6b:f2:d3:fe:a8:20:31:c1:33:76:b7:1c:19:65:4d:b9:
-        14:39
------BEGIN X509 CRL-----
-MIIBXTCBxwIBATANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEaMBgGA1UE
-ChMRVGVzdCBDZXJ0aWZpY2F0ZXMxFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMDEw
-NDE5MTQ1NzIwWhcNMTEwNDE5MTQ1NzIwWjAiMCACAWgXDTAxMDQxOTE0NTcyMFow
-DDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU+2zULYGeyid6ng2wPOqavIf/
-SeowCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADgYEAkhLENLSSq7pxa3QxFs7t
-JdZLHvr4IB6d138w7RX3i11km90xQORVDwxfgmljAHalz57EX/JTm5t99WkddFc4
-cOX7W3ZYyewx3JQbAu6dM5w4Sykd4Qwpi27Hv6DoQDSDz/+fzbX32U2nny6/RJhr
-8tP+qCAxwTN2txwZZU25FDk=
------END X509 CRL-----
-
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3EE.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3EE.pem
new file mode 100644
index 0000000000..9f5f766248
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitAnyPolicyTest3EE.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F8 C8 CC 60 FF 6A F8 EA DA 16 34 3D 23 A3 8E FE 01 4F CA B5 
+    friendlyName: inhibitAnyPolicy Test3 EE
+subject=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy EE Certificate Test3
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitAnyPolicy1 subCA1
+-----BEGIN CERTIFICATE-----
+MIIDlTCCAn2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dEFueVBvbGljeTEgc3ViQ0ExMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowXjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExLjAsBgNVBAMTJWluaGliaXRBbnlQb2xpY3kgRUUgQ2VydGlmaWNhdGUgVGVz
+dDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXXPnjv8RRkKcKkZOV
+yGORDonJuI1SMrxuX02bYLRAC/XwvLOJpDsf/xA8JLffgaFLY6qfYmBeyVrpPvTk
+wyLD5LwI3MK6sc/lTCIBidoDBodfodpzBTQIa4MJLElXJRCkwyuEVMAFNng8N4Uj
+6ZGlBUw5t0wX2dudQQaILmmKKq01ChpP0DCujvs2vcadAm/sM3mpOoVrmc5onF94
+szwB1QrNrLrPN+WlaX67dl/m/uuK4Bbvj1cWOdyAtpskVKl4uZoyTE4gyuOSRbFX
+H2jC1XMd2yhtePKFYkHjEQEITpSKy/FPeQMyw9rzFI7t2+nAqP090pB4YsLNPYgN
+cG2HAgMBAAGjazBpMB8GA1UdIwQYMBaAFHSg1VjZK1PSK7DNXXHGob9Dp8gVMB0G
+A1UdDgQWBBSgPl5tKwvtC+NPQQGd8WO1AN3BkjAOBgNVHQ8BAf8EBAMCBPAwFwYD
+VR0gBBAwDjAMBgpghkgBZQMCATABMA0GCSqGSIb3DQEBCwUAA4IBAQDFsWjMxFvi
+8SyiT+A6KlMhtL6UINksICnrb2ozC7mouE1uge+XdzRhk6ub/x3Yrc83OxZbtZzA
+f36G5OSyKn42LPAtsqW+X98xJJR4ADEsAxUTiodITJ0O7rolRFurlCrITR/AEswp
+bGyspXbSZVpCMqr87BCRlJxklpk8Vx4JevroJBrbvqtm0s7W1RsaazNzZyA30WIA
+SYISAcXhLlJhA+XTVZVMp7U/8RQ7K8lftW17ZJ1AQGc1KTSHhzOeZeoAJCYaqBLz
+BTRFRv04CGjhGq3UCBDazX2XfBQRg4TIoTo2GE2/cpv5oOMFZuxJLESCZbbev2Df
+8JFIDAsJaKox
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F8 C8 CC 60 FF 6A F8 EA DA 16 34 3D 23 A3 8E FE 01 4F CA B5 
+    friendlyName: inhibitAnyPolicy Test3 EE
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BD2FB17770635FCC
+
+Q8wUO/8aCWrsdP73HdUypS9Qbr1TBRDIeN4SrhnumHAP+uWgvZsb6ijnu9i1rG5i
+N9VguWwUkR+b0evo7AzS94hJt89CRtWICxF9AfX/ruMUrLjPuI0OY4N96WdBSAEN
+612yy65jJfTATSXoZ7xX7he5ZZ69yX/qehTKjBJUZyybhHEcsGSjnlbOOtGL+cTy
+7Rp2NWsGK+EjdqB1JGeoZkTeA+P06f9KNdofSzqtq4Ku8+6SQMJ5mxKYK3Q3pZl6
+OKfTYBu13cS/JcvMZ3CiCIqgAfztt9mMufpfRI8CSw/vBdsp485n/g4Qcq1kWouj
+m4XWIE1zJ2D8D21KamP0zIHJrNkvaqvK/kxld8H5nKmPRd6i7yiqNJ0vDe/+zQN0
+Xts8qoszNXjGvKbt5ee63TkSVCHPLQW9FlSUK/n/jIDb9FLy36jT/JgYlT6Gq/kG
+AdPJM4855S6J1sfiIzSd+IMydFY7nHea6wbNvNDJu+8g9BYA9xP8YAWVTJU91d/P
+gtTfR2APC8oAFafVK9zumI81hR+6weED9MsYdNDSSpyx4/vfDMfjuTxqlEF1Jp0F
+57LMGViy97uQrnjn00zyBZ4RWIyFDrkmD2MAkhSkxKT6RDdMazF/nflbzEeleblb
+kNA/cSUsGt7yNaaWKxKPuOKAP0fVcvDaFnkIpajVIOIw/FTs9RtlHGt+9u0ClAki
+2r7YUDGef4qWC0N0OT0/vY4FGxOm5Z8iFfrEjsOeqR9ffXS91aZVjX6JLanLBz8y
+grY8p8QJNx0rG47XRscXPjqprslzUzkL1UPE1UfrbHz6SvCtNxXIDs9qNbmT1LqN
+ICLxp9B8Gz+PXNWquVFBSiJ/wCdy1EINS9Uga5SflTikoWbxCiUuivNgQbAq3f32
+qSwr/3DfyF4srZ9L+pt9XLhC3rF2pcYsg+msA/kY6GteB0b8tmF1SqBctjzG4bL7
+OIaT+H4WYTD3R9Pl80y8ZBd885x9xNa6hWPvoiMsjEDzJnl0PhS9XwkFKTUe+b3x
+F3Sw60idyYXqHcVDmBd7Q/U4epMIjrmhJJDd9tiYGM2cUNNSw1O7qDNwap3cD/tn
+Gy62+bCO1hXsDPq7M0Ae+8BaXO8L7FBEbuaItFDKcrwdGonqO1ypWnkN+518hyXh
+FA35sFzrSVQJuttG2Yn8qdaEmoo6E+c1WAOTzaX8ISKZ74kSa+4orhscAqlxB4wh
+o179/V5iK1lDKY8xr6i9NMD9nb1hfFfgUGmYKgP4jtihXOogplUdif9wOe6DAD1j
+h2hyWSiokPDOZK2oGyjzpJjXmG4SWI1MGCwu0FpH/Uqs+RSCu01bAvjrjyCpiK6T
+ykw4josSQ/E64cNJuhB6A/FTChR46nFHGv2PHLeI8FVj32N22pqiwC297bod57jE
++savZ4nVt5BjYdQM3iy1UMuZq5XPmFYpiIyvUWwAvPLa/N5ukxcRR5vWwB+q4oUZ
+PMW2qeM6Eg9GLsMwSvDwdaz5E3shK9FL6xzkdzkwiSdnnIQkrRLNVvLxm+UvE53U
+bOZ7n2G/I4mIspwxc2qES5SDzkegQdqVYHr6/d+lkUsX6eEZjScr7WHla5a51Eim
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping0CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping0CACert.pem
new file mode 100644
index 0000000000..3c95cac707
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping0CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1F 48 9F 19 D8 64 D7 71 C2 59 81 7B 56 6E 72 AB 7B B2 05 E6 
+    friendlyName: inhibitPolicyMapping0 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping0 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDozCCAougAwIBAgIBNzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExITAfBgNVBAMT
+GGluaGliaXRQb2xpY3lNYXBwaW5nMCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANt7nMME0N3fefF9kFthzAI8C4Y0Ul3e4aGamPxfGzSoKVgKIEXl
+yKbwGaBplcjaOjQxl6MO74pTzEcOUDHshkf1uLJh8K52pJDew36C3KrZ3cMACKrz
+LgvwigxcHTWFv7Rey0n76TupvA8HGAl663ah2QIt8I1rCqmp/7raxqQxbBJFC2Ti
+pJ8XZrHzIPnzkP/RjVgHH+2vgxypQh+/Izw9E9MOLnkXKUUE5x6rCHvbz2CHJ3L2
+QXlqaZJz7hqKIFASnaY3FPKwP+cU/bmIIImXCTjzYx5hiT0rixD/bUb+pXkcZkF5
+WTZZ0MU4VyLYTAEnBeiiX288aaDV4vUli/MCAwEAAaOBkTCBjjAfBgNVHSMEGDAW
+gBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUWDcmB5GEYKzu9kA+pSv8
+/5cdndswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
+BgNVHRMBAf8EBTADAQH/MBIGA1UdJAEB/wQIMAaAAQCBAQAwDQYJKoZIhvcNAQEL
+BQADggEBAFzEkzKG6Ig8FbZ5qGL/3Ua5qibD6Ky88jtku7s2ZG6vQ/GC/5QAcWsW
+Qtz7ajxzTqZ8ffXSFsmynLiUjmtPbpvuKmgZpklXi/8dWmy2DMxxBqObnOkASL0U
+wbpv0hMTRNQZkYaNRKd3G0mSJdLCR1ZumDQfxYtSSB5I700rLZNqxLgF+XemTNqK
+NQxcVvAFOjJ3fu6a1lRPr1ahvyPgPfUGugETMoMQ95cqM0Aj5Zo0ZRUQsXS0XCtV
+D5ZD4THlPWdUcUKaF1H2vVvidJX8dGV5eA1GkJ3VFb2yAmbEHxgzfr6YgD4jjgAc
+ksRGDC7jO4eEsZYanmTqnXdR7xBFN6w=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1F 48 9F 19 D8 64 D7 71 C2 59 81 7B 56 6E 72 AB 7B B2 05 E6 
+    friendlyName: inhibitPolicyMapping0 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CBB29B0088B46234
+
+V0UB4zlADJOccBOu4p4x8UvJgQxqW0WabhdIPT0Gpi5k3ou6TTVXT4pj5mb33Ov8
+n5VrB0kDC0q+oopZtZDWI+ZxgYPxQex2Skijcc60zGxNljF0UHYV3X8xAQ4os30R
+0xEE30tYCVqTJ/EA/QMZ4jl8xQFCBoUzpIeUcUXGmcf2uK2I69di0s80fX5uzvUm
+yxTsgnWuOucKm6J9bjs5Bb3LbfFq3uUGf2lVWizQj7ZKLTAVvRCO1pnc/OOo8zdG
+5h7jYDVvfHJZOv9Q3RAS4K5h56Oe7ebmR0ucNwNN0iWw6QZvuabUppCNJooZfA9d
+4y8eZ+Ocd8PNgy2VJpmy/NMsj74a7oXO1cZrmqJuajn1HBO/xYksH0334xLemaxD
+OnZNL9aNyTmyboTnmn712skBUgIWC76kdb/M/MSwFFUjElVO+i2xI0c91T+VYP5n
+3YsfMWSS1n1386lTUCYlb3YqW6SE6dLUTjB4j9UF/kLHNKjVcYFfYK2I99aXX5yg
+Kg1Ye+hgaeMB4BUKp5f2YGhpqnfTzfG/wQjCrn3ev2sJlvEYFQvRakrHVyAaELzu
+BadiEQLVfb7yV+DcFwdK9zSZf6JnBEL8HpMSTLCvgiXgB+m+j57Cly1Xcl1qbUkn
++yvyJOar9zANlqmBOD+cn8HqmJXOb51whNi9GZJCa5E0992nR5PiTYgW4/aP3ArD
+MGz+4gF1MfWLJCNaL8RoyVTCdD4ZaexAYt8MkKqirviv2mQFLYm2i5mzDCd1ZUR1
+rGVzSBwnG5v0/zFiIWF23hi4HxzhTu3H67EU9yUNhikVCNb+7JRyD78QqwGYlqIC
+oPXCEOyU2iGr5zIe+N80C88vGkq/5C+16VAq1Pp/FBuEFrcl4HM2O0FcsWvhofWK
+aKlmAY0V2Q71MRN3Pc9OrBAvKoc6U0F7ggw60GupImNORhxGbOgnoGJpNA5BO3RB
+lerEWyuOmrRhQvmpMAMKIRGmzBTos/T9h4FvM153AmJThNRdMOsgFCvREd7WN41/
+QiAXJ4F4kP3ibx3t8NeQcYgMw6Kh6PthO1mP6GVaxQLh0EBAHtubTXPOXcKfESHJ
+HxcP/UMGmwiFgQm3RNxtl7wRqfdVDwXIWdMRFjbSDJtRx1EQaMgqRSYIu7xG+5QT
+HNcH87GUBwDiGEggK4aZ7bHS/VAbnIeTJRbe59uIfdEx/Wmc/04CQ/kOranx5ER+
+7VfSn1njQ0x4JyBwwxy4zt83eaMZYHk+XJZMnkvNaxv3bdb727Lt+SQdPX3iYtO+
+4oMMsHjVR1yJ7ty85zzE6KkxavFGj5Oxy4O76bnuvx2aU6wGE0k50um3iFOkPidy
+a+PmhwFuOcvNPP/y2OM32J5nv5K9QqY+IQ/V8fZXMK2rLLYnxF0emDrlqmBwqBeB
+VM23mKyd+fFCfl0V8u6PkyrKX3emXD3GXIX12vC3gk3LGDehJl55KJTz9CG/JDGh
+pDMxymRAWaI+hyyZ7caCQ+wY5ut1h1g0a7H5gB9uoqLTTx7N6jm0jkXcoV43r3VU
+M9GxJPDmUgPzvxFi8R+ue67sTb1PshxvzJJlBKazn0kxspaR7a4TAr1gXPYspsrT
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping0subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping0subCACert.pem
new file mode 100644
index 0000000000..93ca7870f9
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping0subCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: F5 46 C6 A0 F5 9C 18 B7 19 19 29 45 97 68 C3 F9 C2 98 5A E7 
+    friendlyName: inhibitPolicyMapping0 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping0 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping0 CA
+-----BEGIN CERTIFICATE-----
+MIIDxjCCAq6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dFBvbGljeU1hcHBpbmcwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowVDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBwaW5nMCBzdWJDQTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOxx/fK0GiaWvaebSvC+tR/65oOxtOB0
+i2rlCHg++AGW0iPfXroJpby/vqElvVGZ9/L4ZC4ESfkKlcP99E5jqxNFqxNmjXbp
+ySBDusJ7cGIK+Qqd2tkfXPkE0Ov/XqQYa2hXqvZGbwPyXTjkjtaL7k/xJ42vJ4vY
+VyB3TKHWnm7VK307P6R74SvlLeTqcbNY8UtjZ7y88mfufWAKczbDq+0BCMpjFaUz
+h2gJbp7XZXrsDq3NdQ6KSsiU4YKDk2JKtPZuLxlHXl3DELKzcdTuipGtbxvTheOB
+VUfJKo24hBDWSry7ejCKwNbxMwXGovRY9FH8iHNKjEefc7W5d443rQUCAwEAAaOB
+pTCBojAfBgNVHSMEGDAWgBRYNyYHkYRgrO72QD6lK/z/lx2d2zAdBgNVHQ4EFgQU
+/7RzYlKNXJY6WpCuGry4PHmBYx4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MCYGA1UdIQEB/wQcMBowGAYK
+YIZIAWUDAgEwAQYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOCAQEAvmTHRMpF
+Xgn5rrscWjGbzojCzy8p6s2fH1D02ULqEJtJXFbs/UIVByZaMU+s9g1yRz6NsrBY
+YJeUKc0l4OZeOmM6rHeXVD3KUBTb1dvZbc22Y4LzzRacv8p6XF+jtiTI7hnkv+7I
+AmK1y9IOIMWB0mKT/uRwzFn5GG8kYyIQuLGt/xB446nHL5M0k6kstz/aApkA5A62
+LUZs83AcF/p+NK2bY2rGFrbfoRtxFyOKrf8bwc1GmHdj/KeQT3iwJo9ilYOECY+0
+DmL8SbReR2oE6KM3Y2FTcVu2aBh2kqiFRU/DUu3Qso9hQ69920KdysFj2I4mTRWB
+Sn0cA3GqJO54Wg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F5 46 C6 A0 F5 9C 18 B7 19 19 29 45 97 68 C3 F9 C2 98 5A E7 
+    friendlyName: inhibitPolicyMapping0 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,82D2B7D8553AE8DD
+
+CT72MgD6SJk7vHWHJ2AwPkvAuujP2V/jX/2061eholo92cfOwARYretMFnqxKqBV
+1veZdKKekq5okX03iMOdOg+MJo1dKARzFeQ7e4nqUvFLRKrfjbJpd0rrga7MoRC7
+qScAxuZ5fBFkk7RpzxL/ejeaFDEII95tmS3PpoYBMRUS2NGHmDWF94onX7yzj/Qx
+ztz1v8FkGdus72gDv7ezpnED+3ENNFhLm9QXnaN56xIIxc7l2ads4QQu4M9s1nwI
+RNqn1hR0BxABF92pRoXgkrXnYMv7bLW+/5mowCb87VUddWHqM91AygUxkXtVto6Z
+jX9TXCbcTS3fv0bHdxQqNr7bna0zY6ym9z8yWRAJ/Hkf1CqNYFVFLvm05pGOtRb9
+Hk5LR+o7ZzYzK+V4e5+VfvYj5cKAARmvW51+we+p7XOO4x8iOuYGAzFHEkjrFOrI
+o8idKIfmoe2oy1JI8WCh/IddhPUM725YaGc+iOW+FtX3laAoOml1TZC0LJJZWWzT
+uP9CftRStoUxx6I+IgHUe80rTasjj4KQ23UsW42IGs5M9DlP/mHYoSlUf1nxjpGb
+rl6emEXB1SK7Dc/5DYYqn1zqWpVtZBqp3jlHTy+XpSM8HXhY9YhvCKy1BSNx0dhG
+nBzBECLJ11gvzU1r5279S+V+myOE619C83dn2CA+4bmVfddWsw+i0Y9cRIyGyyBf
+P3vzm++UOcWjiaORD65TQWGPjvUFKrE1TkZBZ0uThILEfnpUyYaH9X1l3R2Ky3yp
+p6nHQAMBGt2F7fPZDdtlB+SP2VXd/WJdvU25L8xUWmIQ/uFN7RHVemFznwJGzAYr
+ixghJ3QEG7Wj0ie6y8SVXMILUKfBYjKnMsluLi4f62jg7cePEh+u2xpdyVHBgbZT
+p8PN7Y1D1uJUb98ZekFoLq28fIKptCOSHmwyn4uM/g2DfutmONMJEWGP1HqBTcR7
+bGwlyqZYpQw2C4CJ9F/ubDHMYNhQSEZWqh6FRF2DJxveTl6fYOre3PYDAc7XCXyQ
+QZ2QIdZ2138C1PewlmP6duM7Oz2+NhxRB44B7PNc7B+F2e1oekur6mgZD25U/5pS
+y4WPdRxO55kJjFzS9LCrRWbnwMpUPE+ISqBGJ4dhjpSGAHVHEBM0JZIenpJEFVFF
+DbbWqboDKo0fvnREPbSJqKz9HQ/4SoxOPdlRxQtYGkb0wdZoygYttkVnaqaKsCIG
+Rgqh7sWlPCzIh8/HkTI2YlX9yXETINvx2QVBeMZspTwSRy22SbbuIdPgWspVMCZu
+J8z32IxMgxZvpx1prS0jcJGh69GLbnGMXg0u4jo/ruhuY0MNflWbCHX/YOVbylSW
+a9cWCplrb/SwmDDJ1HOgx/UylRGQ9HDvxnNRIW5ic+Wdehd2dSoya2SZLSGw6BXf
+5RRIBk2Cxac/ooi6rYU65S+ZC3iMBEa2L+KIPEEgjxOdBfZwJ+N6pSWZ/nZ+jzO9
+Qv6DvFZhs7sD2cI/M69TmaUBM++l0cofj3WUdMWLevgVc0AAnQL/83bZ62fpBnGt
+MDOEMDBQrCRxlCuV3yxHu7zivWx2DuUBqfQMy4dyG0ieMlKLLjx1W/K9fVcfFCJd
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12CACert.pem
new file mode 100644
index 0000000000..77eeeee458
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CE D9 A8 C3 E5 4D 04 D4 32 B4 01 5B 7B 14 D1 B1 01 05 C0 8B 
+    friendlyName: inhibitPolicyMapping1 P12 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIBODANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJTAjBgNVBAMT
+HGluaGliaXRQb2xpY3lNYXBwaW5nMSBQMTIgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQD1I5zxceMZorGyjg1wIoa8bfGeT1qfHYrEVfYDrHwug5k4
+S1cwzlE+S2+1a4izALDGq9AwRgmnu3e+sD0D+D0jN2dKQN9xChH+u/IAI5Mtbw7h
+ds2yHU90cqNFbkEk5JyvBdGLvJZ4BVc/VuJaxdDIh3xUADnpk2wXjPGJSol4Sjdc
+pb7m4/YaDl0dAc+r3r5U1Wz5BNqI0A3JvezPJxTYnBQN0JvEkuSOg0TfmAUFqEqB
+o/mCz1/h9Lycz0qwqOWgyVQvvfIpD5YtZF1Bek9JISleu2pEaiRkulVCK9TP26Wh
+ZSE/vJAhnbX52Unpz/Kp3jlUwU/DDbM7KW9bRCgNAgMBAAGjgZ8wgZwwHwYDVR0j
+BBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFE1nfo3dORmv6Cbe
+DgE0eLF1ENqkMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MBIGA1Ud
+JAEB/wQIMAaAAQCBAQEwJQYDVR0gBB4wHDAMBgpghkgBZQMCATABMAwGCmCGSAFl
+AwIBMAIwDQYJKoZIhvcNAQELBQADggEBACsyNZjgHZskZHR1CLfKK/Ny/xYRo8ln
+NaSzPGFEcmltgkUFAEKmjnzITOIg1kyPeOh9BVLbtjzuXVJ83+2Y1MBzqDTmrGFg
+F62PRAXKkH54QyT00xP0TbmMQ7DEIRAf4Dam+mT8tezBbJgr9zjSTQdh2R0JxeI9
+J4GgBMuASTMF7NDDtl72adRo9xzJu9FFucSKUsTkYjm2muUStfZH0ULJoDEm0MlJ
+CEZWukj49JOznvVgWtUaHv50/oRB2Cgl94NIcs9lAsctA/cw4i2pQhede94SUjFK
+pa5ZeQWQ8rV9MpXFEZ9qRhekJ+ckfqSvPWUcZIW4wve16E/hR83Fre4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CE D9 A8 C3 E5 4D 04 D4 32 B4 01 5B 7B 14 D1 B1 01 05 C0 8B 
+    friendlyName: inhibitPolicyMapping1 P12 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0F886ED54A0FC007
+
+ytyfPeZDySSt3olbkPdTmNLg+X1d7aEmZGh3LYg3lVGnYCZOc9sx8F7ArZWZM8wZ
+2CEV/As9Dfkzr9+hzdc5he1sW/9X1tEQu2E66kdNLlrMwOwaOqNRBXB6NMszOuHM
+HSzmqps45w3YUZZivfQEO6QN7wNuYOSLFEs/Yl9KujHIu8V3UHwb+ZK4Sfcj/uu/
+uOyy9Nkbinue+VDnKK8u8apU5njiPFreIBz1FPII/GiQuF4SmOiSuMiuWRPacGUE
+LCvXs1AdRWUjayEeiLDRg2l8gIbtazT7Fd0zWS9rat/x/UlrwGNzAyDNmHklGguP
+oz8chgm+CVgIRbf+XXPLbvBuKDVflJFJnoTtwBu1AaqeviAej0ETGe0tqMKZJjZF
+oMM0HVZkuhbf8y4uxQIX1J+yF7DyYZWkWYADVWi1uyve1G5yXRlDaEw0hdUjUeAe
+H1UBHjrKIfIHlWdpbrwa7o848zi8Fx+eR0QKnyPLFrsawIUjXJu8K2fWmQ4RCXyG
+6+NDPOH5m8ywH7CtQoFTAK4C6tctT7FxNiqbWIP6MUM2g3GwmZy/EoVA2AHKxySf
+b5NIqZE7SoGJHRdoBZCZG7WGQtXXWK53IyQ5BuNiPy7vsylzevM8grWNmrBcDzi8
+u53mEvgPthWtkdxD5Ap4e8SFMhI9k6ypcSc3TmBj7WMj60nP86xBGQq4hApnBHZE
+kQAbNlNgzPFfw5Ap1tx1BifqJmb0r5hMnziPVkEEBpmOuuwXsDnxG7bmAomOz89K
+3DHe2WdIselXkNzJZJHV1z7z4eIGrlT915t9C4Yf7RE6xS9xi5flJ5BtBKIk8DcS
+GfHgO950E0nwQIX97cAbcNOQsi0dHUwr7Hm2958q+uBpVc1hDFAeO1mBrZdXLBpO
+uLh9/k5i+IpqHq04DSBGQUDyaXIsWbTzio+Xi1QnJ3CP612pp3XD7XcOML12WQEg
+zGm2VJbs3jQ8DQT0J2hQBKD6qFA30ERtoLE+yEGV6PzuXqaEk33sirBNPGk2qK5O
+LqfxpwBQ5+75dZxe9oGY3porG31yNiFMcTOWYbXw9Xa7+HcjEPJULSetXH3aqIcM
+P4kat+UriWyV60UuvUO+dRa/g0Nu50wISgxC46qbNn1c3M3FTLNwj8CkK+abs2YQ
+0cDmqJ07Lewrt4GtQCA3xij6dpzZOZmiASdFKP0bJqiL7cbtd+GDgg2ssLt9I7wl
+DcsIZH8AfY7M2eUc/ukF1UnJa1g00N/WbPAvlgl4kXHmtnuFUeOk8g4FHSmfphZc
+/8OI9iGk/djAhqrp210DAstsYK5K+d7Ua1sthh4kOX9vNfVsuLI7KmFvQYcabmL1
+oWPTIP1zr64UpVD3LD2lzzYoH55zRSmF9rlY99JZTkDGWxT2d4fD+yWUwQK05hXj
+XnNZW+gPyKXvR44lMYIwoAVJdOzZfDqSiIpJKfw9VbAmB9e1vNxAgigTJlvoxH+u
+UXIR2DCBN2JwDfwJyBsNkfz0OIKuqW4xUszOiT/zH0Z34Vbxecym3HR08VqdFyU0
+IXYJ7XazX37vkh0AKeD+AyhCyek2HBFKBzDfWwknofj/UtyWyUM+NVBUuf5Qp0mS
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subCACert.pem
new file mode 100644
index 0000000000..ac4e8e3abb
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subCACert.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: C1 5C 04 71 D0 64 37 F9 10 8C 2B D4 F4 F0 91 B5 51 B9 B4 54 
+    friendlyName: inhibitPolicyMapping1 P12 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 CA
+-----BEGIN CERTIFICATE-----
+MIID9jCCAt6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSgwJgYDVQQDEx9pbmhpYml0UG9saWN5TWFwcGluZzEgUDEyIHN1YkNB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7/QrlXBwBH0gps8hquY5
+TPS3Pl3nIpIi+sth4IelwQSoZHaegDK1qWdnTQjv/lJ596J3TXGnzqNuvGddznYj
+/GR71RLDV78euoXdw2VKFfE6UwC8R7qPvA+1VmkGwY4t93AvlWMvZNoevz9bnWvC
+coByRgFDino7JTHz9rqxeAumf1hU4XnwMXqbr/am/INJrbGSLqWFawaF2YZwnvCb
+4/ykemKyYf7CSaQ85WsuAMwUU2UdSVqsW2n4ATqYQWs1KUOOYFMVVHBZu4v44Q4L
+BYk8fBa15ly4LoiJeqjKpttt8oyNktCEhxN/j+5zHKgIVYKYzd0lz6u0isRrifee
+bQIDAQABo4HNMIHKMB8GA1UdIwQYMBaAFE1nfo3dORmv6CbeDgE0eLF1ENqkMB0G
+A1UdDgQWBBSqJpQdZA9+BbxdYI0HV/xwlWZs5zAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUD
+AgEwAjBABgNVHSEBAf8ENjA0MBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAMwGAYK
+YIZIAWUDAgEwAgYKYIZIAWUDAgEwBDANBgkqhkiG9w0BAQsFAAOCAQEAaYLtBvHj
+nfmFJ0JXZk9449d+fjF+N+jz0xgBn+8jeIDUJwYd1KBIjhMd3/ILnnRWwt8pNwXF
+HeBs7GEoFuqFmycVd+aP+1KO6noitwU2os8h1yFzvTgJYN/MUaTYUqQRiwYIy3Ol
+ZXQhYHCf1+7qjfNkQ3yqY9YCh3rRDMliVtfACkV844ijTOyUXP/RXvpYkIzMW0jb
+rFtIo5pJ68EfpJV4DA6yA9raBAyuxTXxStnkfzwte4pTwXivLzp/5mDe+myBXAzv
+7WThsPpxuc4yL+KItZPS7HebwOSqDRuOMyGi5Cqn7zquvphTfi/poJQimamBCrfS
+DJ62v3/CviEAZA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C1 5C 04 71 D0 64 37 F9 10 8C 2B D4 F4 F0 91 B5 51 B9 B4 54 
+    friendlyName: inhibitPolicyMapping1 P12 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1DB575107DC6C9D8
+
+yEB2NyCU+noUIZfPaBM7XYczCsK9oAh3RcSRXRX0Krt0Mc4MvQFKDNA+RsnAKDkf
+Nl7FdltTfIfNp3OtOLwqakOagMJBBUqIeDm1+MZtQRcP4OYHV1UKF6Z7bdl9RjfL
+21eeM+hJIJ7avSfUbuhzAFDLoGGAfBJT+n0rsDXIV72EFdeyGmPSXsispSQcHjcF
+GCn9T324r6rnbaTlP2a7tPAsbMSyeq485DTAsKA0TVn/JLXMiNOY2ihEpOFc80TF
+g5LGJhm4klLc+QQykYb5jxBXSmw6T4Z6fqqt5ry+v+JClWg3ohRJGrXpsH8mnGtt
+x5Fqmp0NI2dxHbfYMzq7L5TERirgGcMfH4/DtYUKv/ntBWECckHp+HrJWGCf6T6L
+f6dU8qv/HPRDND1X20SIRPt9kUksfGnr3tA4AtCHtRaJh18bOqYI7BFzMJBMU3Hf
+gQQkRk1xzrF6EgTsN6q6utyNJ+dkP6jLzYKDhajSYnvViJvi/UED6vx7kfPyMo/A
+AZSG7G1ptJ5sTeY/c6gBD5BQ8XhW9BII7aVIPHMJJUFt72/G/NtClpR06AhIs9pt
+z7yL9UzPf8px3KBkqCQGrvJmbTn+KFxQlguLUyUxzhz6QyVF/QRysBsL5SdkbEnm
+G6eVHRdRjIUD8hGujH4YWu6B2U8yYfbmLAmJoRY2qNyrVaSDEUJ9alo5Nx9t/lXU
+PyVXHTmHh+Fbh7+ASGUd28j29xvnFAq4GNxcJghIqI3DwJLvvDCNt9NATYQDidzR
+8uPSuVEwM1C8OHX9pry/wcmlgf8Y/LOBEkESKKlRDzhmMtQOeuhaviLL49WkC/9O
+g5LmnMim6kRd+Pzk5JmypbbYKOmwIBPEqV8IMSYvO4KhgY2Y7dYDUJEgSbToOvGl
++TLJmS+hK+PsnEVmVlWMu+2d8biw3LZBzOudw1jHj/2Xp9SASBC4vLkap5VM/2qr
+z2p8EnlziMEdLFqwfCjtRM+xd3sCwXXr3HiztyblPJqs/HlVHK3amkKkSfSSDMP/
+7KO+kNewL7TkVO7nl0UeYIMGGtxPwcjFchn6FZq34IyzT+hOB5opACFaajZRY426
+vAgP4Dkahwr3u60n0nCcazVROD5FS0ccooopyiUEZwnB4V++nRsKgToe6WyndoVv
+oWkeaJtr6wGvLb/P+mwShdDvAm52jBQ4Sp5gEH7/b/sGRXaH7uJd/BChD8dY0JAY
+2E+lVni8d+PteKCSbjItFC4vD2eOsCIaYEO1SuxOjfIRAfVAiLa7or4FMRgv084b
+FOQyF5jrh4OL0al9osB90wAdJHWYZgNImJJLw9GiWqGWNf1RKrTgnL5mEcpLJY0l
+JXpIPJh52/H1FJpC9AQ9IDsW3ewjkGQR1k/uXdNmNePRHC2bCJFIJuA6e/J5hypu
+qanrlcQe5kUyFl7C9Tb3yT3g5yJWEloKGjkaTH5zBECi4/jqT3pWWxm9Fj2g4iTS
+5iz80saAAcF8Nj1TnFjiCoW7ZegIvM1pRaB+ISpXaUp3+zxYm+1RTJ+Novqz8UqJ
+ff4QNdQ5/vtY6WEs8e5LDhbPG5zbQo2hEONTeq8tn3pvh0xlDSoBSy91m0Jd3Q6F
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subCAIPM5Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subCAIPM5Cert.pem
new file mode 100644
index 0000000000..012f19d8c8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subCAIPM5Cert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: F9 BE CB 0D B5 0B 0D 95 48 69 CB B0 2C 42 85 20 A1 0B 67 09 
+    friendlyName: inhibitPolicyMapping1 P12 subCAIPM5 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subCAIPM5
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 CA
+-----BEGIN CERTIFICATE-----
+MIIDyTCCArGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMcaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFwxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSwwKgYDVQQDEyNpbmhpYml0UG9saWN5TWFwcGluZzEgUDEyIHN1YkNB
+SVBNNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL0cg66AzOSJwdQr
+Hj5jFNh8E1lyBSK6cIPyB102DVKLKmj4C4QpzcXk8/15iEOEVks/j397JUsyqlEp
+ayfdGo1BNHq1oi/o0BfHcsybXcHmhRYieL3xUGcl4+9dNs2086nT5ZuOVR4grVlp
+S429Rmdtny6k/mpAc/alvPmsgahUsSFFh8LoOgqPriVgFV/ifGBk9ig8CQwxccWB
+JIvv8tFImPOxtaTE9a1bPV6hZbDzTIRxIz8c2FHtjPnI5eWsmhBpQ5/TFC+I7RJ+
+2nJbgS9jo1J39J6Ll04WQVWREQ5nH/XwdmorkPJbURNL7XosTV9WaDhodZOkcPbk
+Czvf0X8CAwEAAaOBnDCBmTAfBgNVHSMEGDAWgBRNZ36N3TkZr+gm3g4BNHixdRDa
+pDAdBgNVHQ4EFgQUHQTPdicHjyI7wvSCLu7m3ROAe1MwDgYDVR0PAQH/BAQDAgEG
+MA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0kAQH/BAUwA4EBBTAlBgNVHSAEHjAcMAwG
+CmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOCAQEAPh/d
+V6FSzVZTO6s0ttZjFxM+5Yyi8gU+O74rUPUwoCo1zHQHS/ElM7nzk2SMUyW6/aoG
+W3xNGijWrYMEBb/LosEjPbB9Hqct4pt6ahT0oE62FUI1J1LBkxa0CfCouLzoN/dr
+SBLlsMtrYuDriGmr4GIF4MZAp0DgSFP9QcHuIWhfQRMJxNBmNT/nFbhJ6uxJiLoY
+qaklau2l2aeEIa63d1PSwlVeyPYOdDFivB7i705e3mPL+har6GNQxpKVoeoljJv3
+SJjAzw3TfDezPKALmsHtk7qD6O23r4+j8q/8cQqfB83/aL262oSN4Ov8vNvlHV1B
+0BXgLEcrIP1K4LpS+w==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F9 BE CB 0D B5 0B 0D 95 48 69 CB B0 2C 42 85 20 A1 0B 67 09 
+    friendlyName: inhibitPolicyMapping1 P12 subCAIPM5 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7C82229E00AE2D0F
+
+3DC2eXeyxL9Jevjc7678BxcxtMRxaQS28VRbbDZm22mudJsNIiavCQ6X1qkw1S7J
+OH5t5lTKqq6mJIsiHipkHcjwJYZZzQ+ZtYCwQuXx5UB6DZ61OLCDDNXHx4y5Id4a
+Nnb5O2CtoxKAzKKft37xIBwDMmQT6ZL2X+WTjvznJVxOSAH2uMF/SnOUcDBiIpDK
+eUnlie6mfs5CY14o1J0bETX+/XTq/05P27VkGFOFp4E0Kp/fnHhRWtGmLollEmut
+JcPh8ckEwKmljdydbklYDSv47gpW3Sd9dgwYZkqqprlPizlAXJT34Fp9X9+xOr4e
+1QM1/ZLQl4vMNWEXwtMaBtXTqMk2Na61pt5AAyDwRibGCnPrCIS2bd28L8R5689O
+SlIdzdW0SqIFul6MEfNgi7Rxv3ZXyeQ8rgN2fII32N5agRws87rl0IDDqUFD6KDS
+Pz/5AG2h/ypBcdcy6AowwqzyHxVOLvMt0A0kQPMjYkF3P3DZ2SVhrThqmD4o/MZr
+XPbRF+L9syVaggRkED98il18mZCPzIoVE3ZMW9B5pAnzkju7X5qcuKDfka8p+i4a
+vOOyNnMt02Ci+bTmqWGIQ4nICHuf6YzNZmn1EtKxyyrY2xlIA9hZWL3Gn0qbqNMf
+okGXR0Xk6PyOXjyOt92do1ikS/N+MvTCghLzhz2QD+jSteQwrAoHarAcDZlC+nqu
+Owode5ybICY+n80FoSLw7TjtBsyso25K+hMgyzUiLrU+hEniDrhitPDpKK9tEQJJ
+HyISS5kWqZR7Ec/qKzhTqj2gb6upSQyx23kQWslI46/YJB3gF0Z+1GUjjgLLxwVo
+HPjbyyV71B7dMTyB93JXggaltwm3SOr0KqUg4+FFmgJfOFIANDX7oZEhcA4kyvaL
+q3Edqsq1G46Wi6U9i49iNCliAeM7N9LI3sQsDPQafTO1pjJ49UmvNdgUQxORZPD+
+ZYJt3I1w4ZDlWNl7F6xADOKtIjbz47bkJhuFNFnbyqXMQcq2JvC9qO+RaB3Hoe9U
+d8A5gtvHcFxTVqC51KzMRdhH/XV8iNh2snWrAEqHeiDrRfGQdth7wXO0FXEmaFk9
+LVXiaUYkQcWfaMV7/vI1WiTmAcbCXLqolIykhQaZXECUWzj/kqyf1nhMo2jY4plr
+G7YN8r4RFeHiyV4V490bxf95kyY72Xs70x8YDc0NPPgaO+ayPab6DJ7G32PaDsks
+A4XR/Rm/f+IwsgJk0EwsaJ48Q8nlSad/aFGmLGDGa8blbA/1bzHUAetglBtRlsN7
+5B+Cpc/J8BPU991a3OOafJ/Izknw23OSlX4yPuruH/S4h07vI52GWNXXkRYj3+x2
+qNjg6sXLbTopHeEVGhTrEzfrQnmm+E/fFLyeqCicqAHV72IKlpjwFqjiW6Rpv/Yi
+8NCN5cho7dQPAQKbUzSTj75cK++IL+4gre3U+7sXMOFQhUxNQElzZNR1g8R33Rz2
+XYnmYQk8d9sFJyQCcURZEn1lI+nfOtDXSb69z++VzYd9VpCdq8nnCmjQIRwoEtH0
+USRzbDmU5OuAnM/cL+2kCl4+NDRcHraXZeKNQG6jnXettVattRyOag==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subsubCACert.pem
new file mode 100644
index 0000000000..cad13d9146
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subsubCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: EF 94 73 18 7D A3 06 B3 51 5D F9 7E 0F 97 5A 1F 10 20 44 7A 
+    friendlyName: inhibitPolicyMapping1 P12 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subCA
+-----BEGIN CERTIFICATE-----
+MIID4jCCAsqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMFsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMSswKQYDVQQDEyJpbmhpYml0UG9saWN5TWFwcGluZzEgUDEyIHN1
+YnN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41RBZsVSZtw5
+b13HlMhvwmwd6KG/vDnbeZnxFMOvUE8T75Dz/1P0SCSkix1T+G1FdanOupx+Nv2X
++qo0xHV/tdme0V1AEbx3Rbt4fFJM8OZed/YpoRiHrl/yojesRZv0hk0GO4lOBgxH
+ouKj0vXbTIOFj/3oD1q89GVUpkShTUMRQzL64NKhqiPP2hkQIP0O3heR89nqggM1
+/1oyC9Eu3ShvcUtdNLD1MVdPxIQJ3ytC9x6i5wFJVyFF/H7YuREKDzeXt4Tb0ESr
+Lq79pDFTOiU64au28ClxKNgOZMTn+vKKuKdxOdqkbQn8jQyws1YjPPoilWxoC0aB
+Ev32rnqHXQIDAQABo4GzMIGwMB8GA1UdIwQYMBaAFKomlB1kD34FvF1gjQdX/HCV
+ZmznMB0GA1UdDgQWBBTXgFwTi45BdroKtXNx6KNAgHQO0TAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAMwDAYK
+YIZIAWUDAgEwBDAmBgNVHSEBAf8EHDAaMBgGCmCGSAFlAwIBMAMGCmCGSAFlAwIB
+MAUwDQYJKoZIhvcNAQELBQADggEBAFMmz8KB5cr40DimQ006k+qjMH3kjROwVMfG
+CFQ6dBQawNlZDTw+1QTFc8AYH7kBFGY0UpjFZOVBcraW+FmVFEekGN7a4EQ9Gqxf
+/+xgUSbQF4PpH6G7jqCPPJhmZX7i1ByEx0/FD++2QAd6aOETOGshp5o7dy5SHSvC
+BWwmb6XTcP1+gJggvVdQFpRSdt6l+7+3YveSOhhfw+z+LvLWwjqAhuBdvvON9qqc
+uWTkj7U1wszl5QqbPJcbvDRLEkIccnDnVDBRm8rY5lN5S8G2nODVQXG+58/0nytL
+6yiE26xchmmFEWVzIwWfCUbBtOM4bYtGgj2Os3O8RRBzNprZEtE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EF 94 73 18 7D A3 06 B3 51 5D F9 7E 0F 97 5A 1F 10 20 44 7A 
+    friendlyName: inhibitPolicyMapping1 P12 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,17F51FE552D7C4D2
+
+0ZrGdJuzBt1+mvHSivLi3QA7Hc0rDIbrLOlqI7LmAfw/zSDEl/dB8Xa4ebaGmhqn
+t2MJoOz4sbqO5nKRJxKDgcipk6aSvWgIIjfc2yWlWCyFcSoGSdWm/uovfQiyWQg1
+uk4jOJrhM6DaaOq/x0HXxaHa1Y9Yw6DHdAZUXG/5Dh+SGIoz/yzKW3J1kRgM49Qy
+4zamlPa62lXvkyXGLCzxGV+9gPOq0TbDh9y98a3v9rGpu6GaNQv/GXvvqT3dIQJm
+VJ6KFt8IS02GR1jbOm1zdt0PITJTBqlutnXCySN6dPYrPVPAR7PR4Nh0CjTQLuam
+kwBk59Nkujau/srfVYLZW4sMM3PGAinHKysSvEKCdqp1qovpoEqTsE57Dh1bg/F0
+A8lDXHErmoPbDTKJdQTLhI6NQ3MQ3hpzUw85Qi2qz2QLtBfYk1PvYK31/SmbqW6Q
+bs6aW6eyxEJFEj/z5Drd+ctLkMeifpKXuoS2eci3BLBJkBMHCSNDTwJXBLCt6uK0
+yAcsDhzIV54iKeTI6fCSo5sGKr56x2GsQa/q9M2+2O8Vj8aUcsivezWdWo3Y7xqc
+cfUZqrqql9Wa9RqpEk6ZK+zG2M7y+sob8S6DYxqfWGsCl26gedxphYbO5gbDUko/
+fuigh+G4z2rryKAHznTYo57vcNgUeDVxMxHMbD4ZG4aumg6810ZmPNz3YQuzJ943
+CZflKcb4GTgGZMTGuv6eDPgeorGyrd1Vs8Z76m6bRzOk/ZOPISFpwG/MIC0XgGcG
+GYRoEwBVyZBnHMxvPbgfKJ2ua9u1ap6+RMOq9S4G/bjzlPkBH96PTR6oUk39RpMr
+Gk11HPtzxT9Pi1M48sb/tf/pQzNAMG5bTszzcxJPadX9tJXHKHToWJUN4nv4apea
+vNLzT+cGRIKs68ebhHGQJR06QG2KS4l73BSy+VvsaLGcBGqcFMu5ikajJ40hDCQv
+pGDrcaPUyuc2TR8jcIqTIIGpoi6/mny4r3zh2a4WeEWvzXL8WQkpe8N1TmzK/CLc
+iKGJs/Y3gfmpSsEHcthAnXsSoHRQZ1lYfFpjKsaS7aoqTDCS2zPKfiwQSFY6K4fS
++EXk6vDFxuhUzFYSw7os7PPQ5rXIjLakiE6uW1R9duQQl4amjzQy40YUzCoLD2RF
+K2UztPhZriiCmwEGW+e9V6o7x0mhnCGrlZILjb/An8XrGVBkBsgR5ZGab5vTdDuP
+40qIyUMwQZqiET28TnD4+3sv6zmbwp4+J7RSCvBuFsCfiVOmjzBqQeff/GUj4fYn
+vQVej3QET2g/xgmdU8tuRiV7dxBrNMkql4Si6ZKMhrVzphQyvzqNajj24L8IuBSr
+SiIA/U8H1V4kEzgQT0cbIFuRCIlpOWJbLTunKF22U2gHyHGTqtNdmRk9Bv+f87Bw
+0rvUQmBTkgQhbAHFc6Tlujd9Xfc+c9Lgo6iWeC35CIAPw1oL7aRiiyMt5TQk98rN
+qluKybCi6vD9GXWhiNXgRNux/k/3b2zAdS5Hdw6J0ZokLbEMwoEKo1lv30VTXI2M
+UXm91dkANflEU+NPIf6IJWVdgmjmFmYjG3RAUpfva/kAiQoi/jqGTO2Csr9WUsia
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subsubCAIPM5Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subsubCAIPM5Cert.pem
new file mode 100644
index 0000000000..c7f4852e9c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P12subsubCAIPM5Cert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 29 F8 58 E9 54 9C 19 A2 91 CA 1A 99 99 62 A8 45 12 30 F0 BF 
+    friendlyName: inhibitPolicyMapping1 P12 subsubCAIPM5 Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subsubCAIPM5
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P12 subCAIPM5
+-----BEGIN CERTIFICATE-----
+MIID6jCCAtKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEsMCoGA1UEAxMjaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxMiBzdWJDQUlQTTUwHhcNMTAwMTAxMDgzMDAwWhcN
+MzAxMjMxMDgzMDAwWjBfMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0
+aWZpY2F0ZXMgMjAxMTEvMC0GA1UEAxMmaW5oaWJpdFBvbGljeU1hcHBpbmcxIFAx
+MiBzdWJzdWJDQUlQTTUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM
+GmJ2x7yrfem6iySdHRgqYcT8hBb6YP7cMPaItRkU4vE1//h9uAPociee8y44Jb48
+/sLrI+JP6fMT1HkxaKMix9R7PfZyh0wGB2QAfEHcpm9nMLuMamcHLi0O7Mk7vsml
+Hxuc5mO9lt2XQ8f87NgZ8hpke8uCdGUvhydGR6q0GBfJd301D50GxUjbgxtuKAO4
+KNF24bW/sXBGEFG/ryOVZjrdkKSMl20HCID7pj8Sc1rHPjX5o9ykRW1XlhsMvQIA
+a4RzOh0BXm+zYKZbtJCtZrgCOEW6pdqEdoSU+ZybrE6jtn4Hl4FBLb68J+FjfiZa
+pRXmT/r6vGKQGx7zVMFJAgMBAAGjgbMwgbAwHwYDVR0jBBgwFoAUHQTPdicHjyI7
+wvSCLu7m3ROAe1MwHQYDVR0OBBYEFBKHGzVn8LyhoDa6FagpGe0am1twMA4GA1Ud
+DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MCUGA1UdIAQeMBwwDAYKYIZIAWUD
+AgEwATAMBgpghkgBZQMCATACMCYGA1UdIQEB/wQcMBowGAYKYIZIAWUDAgEwAQYK
+YIZIAWUDAgEwAzANBgkqhkiG9w0BAQsFAAOCAQEAJEtvIEyehDWiKJvojD656dbF
+3VkkvFiovYk9B0du4rrq1+fHr5KW5uhKO5G+0gnQAmb2s2DQMWDooC/w9UOzuagw
+kD6Y2GswGG749QOEEOoYBcuU4AgmBQjp8jZ8b5WznQHKDlk0ZtBtO61Urmd5GJ3u
+Nv690xew+zeYqXRWtR7Mjr+vOUU911TgfTF2zkUoY6UGw43qCz9krpJmoQ8Ky9Bt
+cOYXgSHBOm3EtA+KMIo/mmmiu0zxhvBJTKWhAsRpejosqargDUpmbOzj8pw2tcJC
+4K8mBvz6OFo0TEqoDx5LOZkBD4u8EGjSU3gc2Ou6RUL453iKyMN5ID0bRYFn/w==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 29 F8 58 E9 54 9C 19 A2 91 CA 1A 99 99 62 A8 45 12 30 F0 BF 
+    friendlyName: inhibitPolicyMapping1 P12 subsubCAIPM5 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1E8743AD5173FBF7
+
+uGt4kG3TLNuXx7oW+Ytfnfn3K2K4Hl4GjgtqiUbrjv2v4S5/j0p3keJi7OC5O+06
+J2QGG1vrdvvPZVOEtejv2fmEIClvxmTLJWWbQMIx6VxzhI69Qp0gNDvFbMS0T4W5
+C0aPO+tDSFT6HYl0kZA5hNRcCm1+ls5peps8yScgYQVUx5IUoFEYXaPMqD/0nNBD
+4sid+aKL2AsTStQ+9Yht3BNtN38JSFe6oabPNrUU6dJ4JzU7Zu0U11FB3HmdwiO6
+GP3G+vx9YT2bXtbBZAKx2aCnHtv6JWyWQCr7XtpsId9BEmjQdurqQmUoylgzQoFY
+VA/WR4efK9SaTt44FXjLwHdnyMwGX68uf/kQNKUxh/iQhjTNY1uB57VImpCkseu3
+CIJ3+/eL3gQ3UnwvXgLe4+z7oCnvuS7fttmgn3ryCyvXx8oe9jNckUnuVOf/6+T/
+yyxyVA6N6feLux7wBcyrzkFCbEUuLAVI+6XsQ33ctHyBXjhyUZJYW8N/4kOdzX78
+PDEIHQNUtKAUFX1EPRcXeyleCvS+mO6yPQOdVaxqb66wLr2iBoIgZ2WGt+KAmA/K
+wzNZTjIWexl7A+yO/GcCIz1ZK67kwghgCUwFSwCXLzhcy05rj5NTcW5qhXiKkTac
+Q7hIaJuHm/4cQG0XeyaqAkfRjjhsJFVBR0Eto32s9qOMTf0SFRrzGR5UNQgXM4df
+T5w9qEPp/emthhgyrc7gll9asT8sY4jW2nO2kNXIXRZhkwbe3mqdfmeBOauFtH4D
+cmsw3lx88thcfLe8gpYvwHUjfnZ6dVeZTPQfuiSfdffEJkBILVR4VZGanJYpwH4z
+yBM2tsmESHBC9VcDi6SNYQXDJctSFJ6m1XokUTH7DQgFLLqDZ1+XyJZEPvSWCdkO
+QNQttez0xH72eohaq7E+q2oFtAIGEmrF29q+mzcTQwna8sTN6I5M6J7q9yE6AHgd
+y9sVbllmj+pwDZHJfqsjf8xZsKIgxB17DAwfVk7t+1emJHL1V1QWXw12hgjx752+
+4R92j2euAHCX3gt/Ua9Xzr+la5agV6axb1PnzWrMbqluYygtQ17yg8qo1g2x8ByS
+f0Rhmq7dX3ekT1jkbE7+JMYeUHejlQufss9im/SKHYJpDAJSXdH60qD5YNPIof9+
+HSEdS9qUAUmDTz/v9RrjvOjBYOrqMfyBrmDJkJ/Cj7A0jxo6thJ1Ojqequtdc+Eb
+Xui8wl6pPbPLnYRUbduzLPOh1G1drzJLkzLpHPsK6RQ7SQ1zrZ/H1GqN29q6H8bW
+Hig2GWmBxAsq1DkHS7EHmshdYPEQzV0875VBG26dtIuob1lNLrYC/UkCieDS29GS
+cpQmcSiCZpI0YsJge4dZsuHQrdSMd7n4GRxHxycpbeVeJOCvlbdmZv/A+nesjFHz
+7/5tUxFa4fAC2lXc1JFPlPHTYcnj/otz3XxfMfBb8YJfrypVGjbkolHTTRQ47kSW
+gATt+rys1HckOsgUOe1+PrvlkhHFpvTlyTppZNPo+Jt5/ofMKgttoFN87xqwf4Eq
+D+KCBH1oHeZf8/bJqIzqLpUomgyJ0jM6le1Qsgpe3TOR11ekjf6m5Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1CACert.pem
new file mode 100644
index 0000000000..01c7e6c429
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F5 3E 9F AA 0C 16 6F 7B FF 9B 61 7C EA 2E ED 6E E8 2F 01 AA 
+    friendlyName: inhibitPolicyMapping1 P1 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBOjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJDAiBgNVBAMT
+G2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANNzchiVXFu3PN6VHXl37Lfl6CWd/nzabFywiheAyXJQhKpR
+ijrhHUNfWUFZpy0s9LcXQCibTwAXHTvNm7bEsIxP7bZzBIxyJXkrNMO/OAm1xGo9
+JeMfADrtJWXuLzLyLs4OZsmcjMConJwClu5OoHRu5PzFM5UPg+dLdl8P832Ug9ol
+Cmp+R1Dh2euZgbuiLkdLNdy8COfNFYDHAm8GoqueauaPUMWMH4G4GVTkKsvB6zoB
+yV5HN37kek/vaLbtm3RjCu4Wp5/kmjbHMZZqq3/8m8FGZykna9s3vVEcTPDS1A5h
+hkzKi7qaqirbvBFzU8LLtf8kgSGo+aABvGTU3OECAwEAAaOBkTCBjjAfBgNVHSME
+GDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUvradvSl/GqHZi+Gk
+gGiDKK1K8AEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
+ATAPBgNVHRMBAf8EBTADAQH/MBIGA1UdJAEB/wQIMAaAAQCBAQEwDQYJKoZIhvcN
+AQELBQADggEBABSJW2Z9XMCKoB6BKyAvE0tkrFt8XNnIHpUZDJPUKA75KgTSXXk0
+Z+/4YjCsbY3N4V2vYWIBRbQDzVt+ux0E/flUUiD7cXdutJ9/EJgzZurplxbtwX6A
+dauSywWwlpMrk/l60ICN3yTfQSauljnrsTcKe9TqYptyGgSxxrEPXXvQ/gx8mKhI
+Y3PERCuZb2WYzbYQ8cyJe7Q3HYLFuEWgTN6g2ZfCRcu4XMBsmu8sT6rNL0U4OOU6
+ZFXZC0EejThj5NvNPYzmn1ROfgZvPYrNAHJjQXcCaMBN6odbLkAKYmGaKRMkCUPQ
+BS+EhzDfuGxj2JFbH5mkVGfpoLeXvS34kfM=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F5 3E 9F AA 0C 16 6F 7B FF 9B 61 7C EA 2E ED 6E E8 2F 01 AA 
+    friendlyName: inhibitPolicyMapping1 P1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,02F3C17E34F9B24E
+
+SG8hQk9fVXTK4pfHRIV1+txw6uiHgpCzu21ObNqKL+mJlQh6qDsZKRcAGMlCBZH2
+k7lZkvPLBQNU9k0DZWPVy395+vmg72Iz5J2YuPa8S6DoC41CLgcIsAtZmFEOz/4d
+/VkaE+kUWVEFCgEu1gd6+dziqEp8nVdiRxAzjDSzvxn+gS8p8XT11vQDw1izKbvg
+Q6r/qre3c0FERgJHoHz6+T6Up3+YQ+ZuDIeYXGuhSsnM2EbF7twB6zzWxZM9OOWs
+EbE7V9IgWTrpImtJfrWqZXZjVSAH/pxQ/zI/23y9cpRr9qiNhmv02yqKSUJHYIys
+oPfmG557/fas7N8/2kqrm9BSd83IeQQVgL1GEYhU8Ji1RYm9aftDed6O+HTVzree
+SDWrggUjQrFisgBasXlLanakJm4ALN4hQJiFGbixZ8eN71ZKh4+J5QzMn5QSUgkY
+8e6rW/Udjq7+vgPVcX0++UziJgQV4YZMd1Z5WCUy5SXdcqM0flK/0l2nF0VGFywz
+ShT2PJltiX/b6iZlu5HKd2hti5R2VVgl5RneL1QxENmdploSk5aPCgvd1iX/ZUOv
+l2LmFEiwFStXI8oRk95wCOmmTvvWl91PzYw6SwurMQZF2SRr4CMeIwxaZRJRPImi
+TPbYPicxkJ1p3wKWMs/Ph+rxAupWiYBkCR1qlpMt6dndc9ZT5+yj1G2KWIrkw3nq
+/LS+YpO0ZRKfZSSQlY9cwlc580Vm/aVPmhL1gc/I5puQHIcvQ6Z/1JY8SQTN+t2I
+7IjhwohoismKcp2kddPxDo/mbFakSnIJ+XC/fkPeE19Z+R1zM00i6YyjOLIHbybg
+l9qlDjRRrKSKjiMJacFo+X49HHmX6A+OX5Kr032GQDDSawpkPHGZk+Qx7Jvm5rMN
+Jjr7EgbKO8ejJOXVHNkCMEsX1QAKC2ltYjMK5pkSoAL9otXGwnuvHi/9UvzWhd6l
+yj3b4REJ+fXpNW96QbfLZAFUY2bi30Ov+yDWPLXkcR2LZaEkJrTPuliBDAMCOGk1
+w+SvnJozmiEfOf9FSD3vnjN6y2goQ9FRhA+6NyaUpp2QrOzbaWvGH2MIH4ESHkvZ
+t+5IedePPbMynKdS4CXVVBX6aT/SRwDPuF0RIxOmcEl9ZB1zLT1D86Od/24UPlRI
+HkWslMjNZEQoNfGJBczu9AZqZ+rS3zStlewxl1drwcDg4FuInySgMsdyM9CQInDI
+j2ehA/i8O//LsJPRfVBT2GwGtl2m288If04hTUg3oLHse9p6C2ZWejN+U4/8xz/r
+Sb6ckHVZ8Tl7gelC1/CRYxbvyO9ac3+LJ+IZSHvPDHfImvIa9AEcACFDWGyPxmgE
+90xK7NkZRyKRKGzfB53n0jcYL5oReezNggtHVwrhDmTUHJurR8R6cB9jAmQiTQG1
+uBxR2HoLpRGovkEy7/kNAzo+3YCUVeRx+qfeVV14SYU+957KF1PZ9hLkPN+G9MY3
+6EnaGyU+w5Z5tUc6u/eT9eGlUXz6nlvSXXZJeT8FmAsiIpwI0GR9DvbU9LCBm9+Q
+QSiKrsRG3exdQwj5NLEpdkv0tasTH5hI5euev5inA1+umbfcd2kW0A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1SelfIssuedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1SelfIssuedCACert.pem
new file mode 100644
index 0000000000..4c966d02aa
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1SelfIssuedCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 08 C8 4E C2 6E DA D1 4E 27 3A 4F 14 21 DD 04 D6 FC A4 4E EF 
+    friendlyName: inhibitPolicyMapping1 P1 Self-Issued CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 CA
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowVDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBwaW5nMSBQMSBDQTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL4hFAK6xYrGnE8mqLy4jasyD6TX
+qUwILdx9MxRmFng2VFoARl8eHjGWt48XdOqiGyALQ68aW6WIk+AZV4YAFWXlSdBy
+QWTCTE0tM0b2kJmxNIqbzNMBdzRcP4yPHaLXSPt3AYZgeHuG/zGBDSiCsOwXZiFB
+sl0o8u5wTeqzpSMEPa5Zs0cN4f77npYpcOsAo3r5WezL6r/nx+oj6BaA/qI/M90Q
+xGzA0RkG9p7uJUjemkx1g7aQaUMvsnXDyXOdpzAslQBy191evT+sQ4D5pabR8yFq
+vtIfkeQItwj49zXso9CZppXohWRC/HlNw98aq1bcVWhMwLkm28lR9Fn+KesCAwEA
+AaN8MHowHwYDVR0jBBgwFoAUvradvSl/GqHZi+GkgGiDKK1K8AEwHQYDVR0OBBYE
+FJfMQl7X+BVEi7OXUZLdbAE7IRjYMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
+AQEAKPe/EX44EHfBWAevfNDVzkd1uf4IuCyftrKHY18e+ikOZOw8KXzz4SzcHus9
+d/TB0z9iPL04fREfVICqExRqoH0rcMxxJ8td4eohoEKVeUc/1WrnH8KvdeOTj1vW
+npG3Fm3M0FHoLZFWQpbFKEUowu5FY5GgGPnnudUzxCP2A+6oXxDAhFVkzZVAailF
+tDrPT0BSk9O1/v5DCmfVsAlFYwzXRzddRmjiiLh5Tb6Acd2uJgi1bjQCYiNbZx5E
+gcgDjHuYzL2JBihShFLtFzdz9OtyRwOrsgMvuKR1erW7G9OvXjDpLfXXnFsXeH5r
+5D3Y/TMQa7VJlW08+WlEYc0wcg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 08 C8 4E C2 6E DA D1 4E 27 3A 4F 14 21 DD 04 D6 FC A4 4E EF 
+    friendlyName: inhibitPolicyMapping1 P1 Self-Issued CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BC6242706B8E877B
+
+ln7ielJePx49yvzKHZOgOTsJd6dUPCs8qtjyKZCyuHD5sjdJOwkekNrKj1+K2Kcu
+dv1MdFeUyu9VjApXC9P3BXcnloAvMcHWauwyRxi84fD5MmxNeWUWN/JfD2EG8gw5
+Cnm3NdY0eXVOHtXfrCb+eUEoWdaJ7rulGwIxsBejZwUFabHEyqfbygk6laslXZqa
+95dWydtTC3cv1YKYG1xFP7O4B7lv9QMD0/+Xmxye2Gzok1yZFDkc64PxVZZybvvZ
+G3e7ExI3/Zwe1wqkEk8S5C/B87pijHUio1C6dQ8vGQjrXBTyO2n18g+L9lBJQKZf
+gmCt+ojycntWhSa5e8o3sAD2q6EN4brEBOLvK2SIhLmGOYzGTR4vOnBkrGqtux6w
+u/am+SPBvemRwsAcCIj3cAZeOwZUYtXhOKs/ArGsnnCAIaRgL8T79g++Ur5BwC1z
+547BEij0VSDY3RJChpuG1U2NoTqMNTOLZqa1/n6ti1qpZL2VLZgW/By4MHNPv7TZ
+6WsLQREyOkM2PNaxtBQ8sXTbPKcRg4hUJ+rO+65DeNPGtugfQh68MPHMj+uBp93+
+4MqtVbBS3XLS+XH+f+O3YIFAXkYybYUjxHxWAahARtWGBAHHE54ImgiCw+c8NOc/
+uXDGFGxXGA/LUf+2/QKUv/qtEzc4x0JzNpKbUCq1pFCcWMSm/LeK1QOs4QB8WKcS
+7ELBeywrQtM8TT/lfgN61KKCAwknjUPutrJGZxH0snTHOUCopc1lVOQeJr+w4NdU
+ahM6Md3pJCu8G904oiNN+2Xm3EHKFnfv+gR9J2FWnB20hVL8dZ3sgqexQ6WAVnc2
+1Zx8IFVEw0XO2AW6AZC/Msjyqw7JISIC8v9j73qoN9bSy4aE22gpcg/IA/WPaPOp
+XA14+xjxBL6A5UcrDFukCp1QeKYrJ4AXeNq/UvDhdQW7BlHOBrg5tWxFArqWA4DN
+DV0nnXDArggg0aZbChbLW/YGD4R+6vjqGoI14TA3rnND+r9gZmSbYB+GiNpYO8j4
+dXWNwI/SJAv4SNsir7AXlXwpjVtTjUN4o+sh2X2IhV+3K7jhwHoM+A3ygLYCaAA7
+sM8EiLkvkKzFzDftnAcnW5Mj3PPRbZ3Acsh8e1/yiqwkO9Ovz37kOFN4RHRJzs5l
+opYMn8zSk/qkJs2vzYcAgDbWKrX4LwBpAlNGjWE8MbAmxUAAgbXts3lclIVGVa3h
+1UKR0ty6x/qKZt2u7vlBU4Hf3civBxDR9+H3qU46yD546UGLg9XNNtr/IpwBaJzL
+1WxD60Hx74KUnfeyLDGSLADyF7lPsFGVrDFKJfDMolVHxn3is048VH61hrAmPLBr
+IASbeiv29ULIEEHLg3hmpctcNlWvMy/BwKFy98NUZ6Zz7w4qvh7amjnpC/A1jXi6
+KGKXIygZLt4UbVnVgrc2nfxJ6r9U8g0CsK/Ddb6v3LBfkmjbSEnBCbJlZxmLNmXF
+f23oNRN8LXmNwUnB/OlXsujC1KVsWxigE5kMAGIrHK9Y0lpGaIZpML9hyCb/2P43
+iDRxEpPct/0im+mueQCfWb5gGSmO3hlORawuAM5RKcZquHWQuptzNiR3JgJUkyRw
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1SelfIssuedsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1SelfIssuedsubCACert.pem
new file mode 100644
index 0000000000..184d03f9ec
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1SelfIssuedsubCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 09 CA 0D FF 17 A8 97 A3 CE 61 0D 28 9A F7 B2 3A DC DE B0 CD 
+    friendlyName: inhibitPolicyMapping1 P1 Self-Issued subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAregAwIBAgIBAzANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowVzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBwaW5nMSBQMSBzdWJD
+QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKu1zv/j9hUO9KsCMtIO
+6fmdTyGxvmTo1iBnDYkOMkunYTqq5hxL6QRQbAdpgTYLDF6TpPEl8WwYd4icjMH2
+jv/Ddrf1U4ep7S3cHeXJv0i40BR8f+UOGHv9XCQCZPWV9Czw3tlLsDBPq6epG1Mx
+U+/LOdd74z79dTHmNqCKLjO6fGogYqSin2H34OVAABxTSjdoWYFe+myN0RDgsO4v
+y8UZb+ciM1aPw4Q0pkPI1tBkJVQlFdVbVawrOkzSLUisQtfbJObFMTwKaFS2JYr0
+GWbBBhH1IS4dVh4vktIQLNMCpjkTLvoFVO9KH9VKnZzW4UrBcvqbW7zrkKfr2eD4
+pB0CAwEAAaOBpTCBojAfBgNVHSMEGDAWgBTzzQc/gzDTxwJi2ubKbAGlsbaAyzAd
+BgNVHQ4EFgQUWblsZOrzrpbqtlFcJY87z+31kw4wDgYDVR0PAQH/BAQDAgEGMA8G
+A1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1UdIQEB
+/wQcMBowGAYKYIZIAWUDAgEwAgYKYIZIAWUDAgEwAzANBgkqhkiG9w0BAQsFAAOC
+AQEATJR8hHpUS/Em9JJ75jdfOIOlmBAgjtQjqMjH0rZm/h/X0whS/3ElXS9qS/3s
+OuhFKeYAaSa+2nvKvqHVmeHRSAOAKZHz5AZ7vCSikh+KR2FxMp5WM2cqrwj7q+cq
+d6fHaRrSbZfPQDMu/rBm6j2wYLb3RvzuuMFpEkSgbbqSNFVAmZrLfBsP20yy8NLz
+HXwInqwU4lI/02ekuywzm+ZRdvDPQWt7RxomC8KWHR94tCsFtltZsM6r+20WKD94
+7+XJP6fp8KeLFQkDlSI3EEaBGjVJwGFrrJ3GH0AkB2u9iw0+G1IwGdTwn4P7tu8L
+UYwi7y/iSXXcEQaIQAdXEPHVnw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 09 CA 0D FF 17 A8 97 A3 CE 61 0D 28 9A F7 B2 3A DC DE B0 CD 
+    friendlyName: inhibitPolicyMapping1 P1 Self-Issued subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4FB634241EBDE81A
+
+KKVyMfvbouesNkPhg2EiIhzc3jKkvZ+wiW8qoggxoO2k4Ec6ojnWI6KU8oIrFSqH
+tFN9d1EwQ9xe/U4JSDJNEKcABDZVITx9a0RvB8KGBy+c9Ffnk6gjbNWu8f/msB+e
+2GDqjNt4cE+Yn7Md80AJ6HVO/iHbrSJAaQvggZJMKbjuPqQSUbcX6kbWA0DylCED
+14Eoju8yYkgza0LM/TZqlW/1i2qXRfQeGWIJ2hns/9OD2diNjxRoXtzTd8P/VV+h
+2RAIdqj+ePWcZxrzSARa0aH/owkc/z3Tucw8IoUOHB9+ONrbHKGGz/8gggAP1uMS
+Mbdb+xCsESEUn5fIsSKglrzLmZTlLtn36MdIrrg4DVQOzqFgr7PeJLvsFk8LMA2k
+xWo6c5RyUlaKI/+iyVX+OIUVW5gONFQzmitQ90tKbcqiMhaXP25vjWnLZH+Y997D
+kc1myhBVNb9mQVL4E0D9MvDYMb3AqzwY6262gDDomV7QkHcVZk3cwjmCAy/zbKVF
+mWQ/VGlhX4bGTWVjBwIEmUqCh6mNfsG7rnel8VciQPM/aS6vR59X53x7feYCgXh/
+AJ2Sp7OMXEYVn073G5S+nYuyeipYka+HxjE3l+4H5G9XGs2VSVU7kW0AegzpwB6o
+XE8aZilMv5d66BGL6tLaHT00qPd97FqmmAwCaEBWIHS5RtnD9OSaOWmPxhS9DZw+
+uoDqxpmfLa8uoubZ0InqaRVS2sdYwnxyXc3dHaZgb6wvCpb/leqYKLYSUXn1unfO
+Duut4K2US/LTdaQo4Ezw9PFv7BwnllBcYJ77NsM4t7PAfyl0Swa+xwyLD4fzVr4c
+M/CVi8r4+DjIS46kbTWt0cbVB568FKaoekvixo3bhwNDx0i6RKZLy2SqNWaFM713
+xS6JgHV9BNPaSvtDszQViKglfqBDZgX5gyv18bnLgFmGbP2r9YxbiakcxZYiGrv1
+qqJx27671hc2QR5Alaysk8LImwXSYKe8NFqP4Dz39ZcvnAMrHtpeJQaby0VZpAJ4
+u0dNtO5hXv6D0aIl7cETYtDi02hp2oeIA9yfXDv64Cdw0hgS0YmPKleu1BlT+6+F
+lsTdq8Z+xCXji+45Dioz9wApozpJBrSEQ/qcrVykbNxxEml3dfVyptOsVZ7A+3xi
+kZ4zer3GR+ZZLxD1tW7UCzqrkQg40+F93Nj0kKRGT8DcixHgv64IWXtUB7U6O50W
+x5DnmkR96YMC3Vn9MQrICferdTrvpMTo+umjxDwxgXKh8+2G/2/eXbER8wTb8PZZ
+CECT9ahjVrUz4uCrl1fnZeYB4WVGlprgCkHWADw5KwQeyMbBma15jj8lV81vRnlZ
+Qk7DT/2kIURXa1R9JswyWD1UII2GlHkiE4qjLAz/koBNRpZwdwiHBbJixlwIm4t8
+C9UTC7VwFASKmmqIfLf0dm8MMg0AgswCLIf6WayS5PexHdQWlRfHYlSUnGsxkj2K
+3UfsycwJmgDHjt/8xCOBbsFoPAER4LR8A00UdTkJhvM393ziMjT0YBEkDa/7e15X
+JiEvN0KKCLya53NGtTfBQrwPRSId0dzsBu93lX1GwKvFd6VPQuiNxQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1subCACert.pem
new file mode 100644
index 0000000000..13b4d54815
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1subCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 32 E2 73 0D 8C B7 F4 8B 84 42 B1 A2 EE AA F6 00 7B 9B 98 56 
+    friendlyName: inhibitPolicyMapping1 P1 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 CA
+-----BEGIN CERTIFICATE-----
+MIIDzDCCArSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowVzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBwaW5nMSBQMSBzdWJDQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO2x9/hMwh7GCDcxZx8y0j/4
+Ls1Qow36ywaMPWliQ8ql4neUmZciT5WfoY2u27nmkFA5HiBDGt8NMEd1dJAaEHFn
+luDroslPlbh+1dEhl744TWroaGCXETaFHFNY3jPzo3XVU/Q+Yiy2ftK0ZzSVaHz3
+Oqv52scuXm5hgFHSrt39qoJXGErlZ9S+x7t2fFnfAeO6q7evYgJQsF7yJdbNQCfs
+YnBfz2vFvnPwIXGEmf8aNrO7qgcPg1J7AlKZ6+3pYEL4bLuwUmtxcZyfT5kKKxbD
+Gwg/iHov9K/5X28xnuBHpTmuRWVoDgB3kgBxLF/ZxXXO9Y1Iv6k+e3uAsZpVLfEC
+AwEAAaOBpTCBojAfBgNVHSMEGDAWgBSXzEJe1/gVRIuzl1GS3WwBOyEY2DAdBgNV
+HQ4EFgQU880HP4Mw08cCYtrmymwBpbG2gMswDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MCYGA1UdIQEB/wQc
+MBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsFAAOCAQEA
+WYy0yUE7kUeVqhHdNJdc55+y5LP9BKcz/sa8l3aqo7RjKOmj2cygt9B7E4DRJT2S
+uot9Gp/rHVPv0cknQ/3SDBwYtHCSKV3bB4eQp5nCiMpWaAWXamUTNqpY9qEOJImA
+Ctg7bNL/t46eGOWhixz1wUMDMGGkS+rIzf+UJqHOBAUdkEjP8ouUWBTlNsQrwFxc
+x1u1GiuxWPzIAIjOV1xtUPSLig7Sv5uQccmf0vHh2KkMtO+1dCoTbV30QLWvbVwz
+wzi1DzPMvAWqTVXwFQrYev5mUh4XJ7wMXHp5WW49qmdamQeIKImxzIsgHaVlKl2K
+eFX6REWaJ3Sv+U7KJ1eaqw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 32 E2 73 0D 8C B7 F4 8B 84 42 B1 A2 EE AA F6 00 7B 9B 98 56 
+    friendlyName: inhibitPolicyMapping1 P1 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A94BA885B97FE142
+
+S1SX/VDCk4XNa9nge/MhmELKwJVJVtvawCipA0EfJ1mAgTlP8uyazqM8M2h/5WsX
+Elc/V1NoepmdEHr7xbj6SpeEZXEyVlNWeC/OZEohSDK5us4U0BxrYFWe2d6jlXTl
+8vLtT+N4PAZ7OazRk2QRZASxaLMWbVU8vLSKGSjKYbKVTuuVv6mz+6GkIj5/4Ys0
+7Vmhvx4ujwY0dwRdps9SgAPTp3E+VIn8Eu3D27A92pBCvD17wFjSTg1YosF4KVDH
+SEiqWfCfoXtcxbCXHl/6PIcK8/GTFQoeOD3uJiU0f9+2KcDT8zAV43IpodANHF5k
+FAewzywN3svc5TYfaXipQ0L8eAerQ6qRH+naWkVqNrZN5xFCWfhnpQOboKz52EWq
+lCIbQlpIiOqi6os/TotmCYbhyOrpt69VMKu0LzlWcq8Ohv8ZJdulfiTB5yCT3q+d
+1pT3wS0vZRbb8lw3Mf+hpa/L64KWX2heRX/m2mX8b6y194/oCXUX9FT9VZBFsFip
+w3sO1AyuwNmAPkivzAq7C4BhJ2lJT/cGbXi4L6DV8+JFIp/+DBUoZg+GzYk+Rdeq
+2p3x0M325ZkY4XGSuj2t9irpZ5wyh5gQKC0xqyr57QuzvEGoG+/hYVUInJGBu0BC
+YUdN0wX7HViHp2YkiF8btWLGx/6OXdVK78ZqQ+w1bGlB3ikP+bSAkDLMCBDY3GQ2
+x+rLoKmkr0ULnfYPRZ/CrvqO3bg/9Rn8rEfaeMgUpCWCX2mNfs7I2sFoKiqrw58B
+eMn3SceY9uB7ZOeH2s4nL4NoD1Od9e/oPylbceZZQUbcVRCOh6vmGbU6jCxT965a
+DEBsaIr0SnszSIEyUWU5+1W3jqeoNHwoNtiVvV7roiylebdfzoZjXUcpwpbcuiug
+/RnyAF5AVYnQrZnHEmuEoZrJWxjArUCGMxBqvVU6uk/O2DarYCheEohOB/J8FnV4
+bZoBo5+ftiP727oohqWyZQVH4rOCTy+EEeoZJ/FqeiOFAyj27/EBFvSdauG8p9+t
+mubRCfZmZ3qb0JQgKwGZNE+siGwqAP3a2vwwuSNGxoV9arF+rdlPd83zhf5fI000
+yWwtibohYrfPNzl/Zjlt3NoFJO07i0Lk/n4zp555eKHLw23NLz7WrPrA2L9Te0P2
+YQl5K5afFPek689IawcqEEpYCxhPwSukjAeUB+mdgCadkons5Ks4/bErEH6UVwGd
+S60zF4w6C3hzS2xYg3s7eJ+ek3QK5c+8AORW1T2xXi9xGzLnYbwdEZEorbElRcxr
+EbtTtf7Kf/r57Is3sr8Rgyatw2LBOjSOJKKhaYE1jMpJjqYz4xhGkwv/EG6+Xiac
+eSC+ZvfDEGgdr3hFBJfgGnWfEAUtuc2viglGMEQqkQYenV2Dk40hCrJoT5FIFcIm
+lw4LXHTj/T/eZ6c9Ki6YDLvChNTQ8hbIDe730u9tBcPk956sz1wElXFmAlpX/0tU
+ZKrsugFmJxQLSkU2aZk6kTXTI/55Yi5bmKiW64ew1h6E158AlweWSXeOaByOxYGc
+VcEmetuUsth/gAA8n3xk9mKEEGUex6tz/WFp0Ykuaiy/KZwFFcuPzg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1subsubCACert.pem
new file mode 100644
index 0000000000..8f89619aad
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping1P1subsubCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: D6 93 BB E0 99 D1 0C 29 79 23 51 46 9B C8 BB DB CD 5E B0 88 
+    friendlyName: inhibitPolicyMapping1 P1 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping1 P1 subCA
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeaW5oaWJp
+dFBvbGljeU1hcHBpbmcxIFAxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowWjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExKjAoBgNVBAMTIWluaGliaXRQb2xpY3lNYXBwaW5nMSBQMSBzdWJz
+dWJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJJrQ5z0bfU+HR+h
+7+Rok9J7y4aPRd50OEgl+SGnwBLodQ1xgyZUhJgSbIeaLCw5uYUWJedxh1TQM4Fg
+RZD5VIMFpFjIu4xg0mRXm+YomjBkF2eGCtpgjRjbO9rbjVxj01oQmtE+595P4OFb
+zXKXkb9ilbFvz2zVKJ+1aTENKJd9jB9STsNz5NTKVRUSr6WF+gn8HJofrpsQdZVO
+qQOk6GAB4FK1/0TyNmywGXWkEbM1WJeejSnHuNX1gBRjlCorwOKP5M/T5mT1KZUP
+x4Fhk826XPKMxGvC4xKNfpjlmgHGH7LpsSbLv+4UE0aGVPcKbkwx9b7W5Ot5x2c9
+urn9WnsCAwEAAaOBpTCBojAfBgNVHSMEGDAWgBTzzQc/gzDTxwJi2ubKbAGlsbaA
+yzAdBgNVHQ4EFgQUPkV0oovS8VaMRgFmeHAkxiLBA54wDgYDVR0PAQH/BAQDAgEG
+MA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAwDjAMBgpghkgBZQMCATACMCYGA1Ud
+IQEB/wQcMBowGAYKYIZIAWUDAgEwAgYKYIZIAWUDAgEwAzANBgkqhkiG9w0BAQsF
+AAOCAQEAdfivFridTE3XIZBYeomP2Heqj4tX3TiDbCSCOiIs/608QnZS7a0e1/yl
+yPWexV2WMAOv9HvdaQ3HtejZpBPvc0Gmu1M45vCdjQC/4/MWbtKVl3buBecRcWZi
+z9sfajKhlZzXISyOp9GjWfH6OYtPypj1xMvqIj4NSEu+RWyavJzcVIZtVWiUBGQc
+zR3jxgTs6CzWMbXFe/dHrDzdBbtLk6Z647Co19Cg07I4OP21gQB7nombxlv/EHbb
+BajVkd+APg6NNDCV+JgSU3XXQpTGiSx0J6P+39FrRPfTJcdUIIfSUoxuTDVy4Uzj
++66fxMiAaaII4phA6fBlCj2mWvBr/g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D6 93 BB E0 99 D1 0C 29 79 23 51 46 9B C8 BB DB CD 5E B0 88 
+    friendlyName: inhibitPolicyMapping1 P1 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E84DEAA45F984BE5
+
+GSWxcCybzSiHHOwi5aT1pJBsDZd0IebePQLoR+4gFHov2csP2F0zMjhrDx24Clcp
+8s/byesoyeSWgn7yr6liCI3iNzs9r6fq3soV9tQNJgomToj8wj+oUX9DHHaE5db0
+Q9hLUCTZR9PxdSCu6vgk9U1+VnsGTpv4uWSOUFWI24ldTyTn7zoGSki7LvUvZViQ
+hc1vtILHMTFjSQKri+G2ivUn9TA6igrCn314jSLJwhoO2N/7JCDEng0rqZ8ny8pp
+JqwAphYo8HMR9St6sYsL+78Yk9fb6d38XaVtxUYLTyzdeHIRAuK40ww3DqckjVB8
+5JZ9yq2d0F52QUZNO0Xdt3MCjFi4V7ihl+g324gQeopgyQVd11h6AO7TvCpadb7g
+E9/zn87b4JOwaTzLN6JGMVguuuN6k7u1MWqKzfbZXV7NKDUjK7yZFPghHuWBPieM
+n6zEVOIFHW9LyuU44Q/RTpJNoLyAjs5DNB+DG6O4zq8TZvIi4M1tikgGUDsSowXm
+5Dsm3n5+KkMFj7Y7rG2ldncLOUkr4XdNzXB3S95NC2Hp4vAfcwFnz158fO28gPHm
+jPdupJw0BqpRILLXbVmt1smeZT3Btb1QhCqVt+gZqhrNgpxf8RZZ1DCAKs8/l6MH
+jpoX8LKIrOrZowH9ToHN/8nt6ZVrGVsDG4QNP6Z6fUNV0NKz5X4w6swB5ma2Hw7v
+PADh8ZaPRDi68dmvDbvlvj1xJWanE3BD9UM2GhY4fZXGiyRgLsK32jgjWcY/nm67
+z9IYK8pkN/hQYXz6WkFD3UfxYDnVL6JJ2K3RJW1Mt1pJFfaoBGi8pnWA0cnz4Dgk
+lUypqvrp1TaXtu5F6nz5DPA9sP9OfBLr8y6A3mAJTWxyeknSmFkWeIH5BIwzMo3P
+F/Zycxtj7bGUxOyC5jn1z0BFYYxOFs7WxQusQj84slRPu+3GYhIR8EQ2nf2lGIMR
+NnkzwbsxeFTkyfGzA8cmASIsn9EqDeK9h4DbtB3l1zCQzXsTQPi7mqlsOxu3doxl
+UKbMHAM0B4TodOSIKZCyQ0UXau/jr4ruZ9Usz6fknYg0ELSOxACK0Gnhk0UmJH0N
+uUOWCz97o6e3NFdbOwMIChD++T7uGlIK5zKKi0Ti8/Tyc7KIzI9zlYmilypyuDHE
+geTgP1A4mulJBRYRjHV03Fge5RQr7wjuK9u+tUWSadiR5D+qSmHh35+slaiHEsnn
+kDKisnWI60GSHhxx18bUoRFMIUfPqLwQZOL5uD3ruMSCf33ynQYws7icAlI17IFN
+53aevB9sSuLPp48+3YOlR5kd2BD/bARvOudGKCaDVwLKhe1n7opjysG7S6xduIBe
++6DQwte1SaKp+rAjRDErEl3sg0mLXAvpf1WYqyTO6BQbrRiTUaUzepSiIgYJ0SEE
+U3de2hcTzqPM75Iw+7mhWB2TY1M/zYzIHkh0WwvcDTj+x5oT5NEtCtEUxDe6Yuz1
+1qRVcw35whQsHW22Gs0mdQ4/L+1obmfTVgRM2U+VsqHfpccklrwgHl70aTbG1ozO
+v9SXcBVZqPvBdrWmtRXq4SnFH4a2gyq1LArJw0hbUADFAa56pze1QN/fN67mtjyQ
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5CACert.pem
new file mode 100644
index 0000000000..92576c4e23
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 3B 9F D2 7B CA D1 78 89 5D A9 07 5B 66 0E 1D AC 61 F9 27 A7 
+    friendlyName: inhibitPolicyMapping5 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDozCCAougAwIBAgIBOTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExITAfBgNVBAMT
+GGluaGliaXRQb2xpY3lNYXBwaW5nNSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANZnJDHPYGmDlhnjbX2Wd8iDOcwP3hJI6nYposXyUdQsXnA2DQ/c
+hTL5jI1smsPgXdS1H+s53Ii5n5PoaaaXR3uRpgyf+T82oDL2NcWlUhvPwPee/Oba
+mum7VeXYik1Itp3qDV5GJQlRLgpu8JN1Zx8v8CjvPUbgQxgcXpHh3tfSR+YEywzd
+N+CbKRqflBhroXmwZQS0YMU+lF+qbfcVna0PoNjisg+LVT/uOvrskOVibfa746r4
+HouY3g/mCBVJVb8+4YobezK7ixryFmUpiO1p9F8onRuB7a00ZBhtIHnT68+QU50v
+iPWAzoBcsLPflYLR4BTClJ69xaFlNbGh+EcCAwEAAaOBkTCBjjAfBgNVHSMEGDAW
+gBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQU24AHuWIsxcP980PiZlEl
+u9v0HM0wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
+BgNVHRMBAf8EBTADAQH/MBIGA1UdJAEB/wQIMAaAAQCBAQUwDQYJKoZIhvcNAQEL
+BQADggEBACAu1zkxR7sFDb4Yd7WMY2PuHviiAZVkYql/+rS9nTHFxSstRbaCaiUO
+NhjeAVbZVGNqlbvW58W6OU+qXtv8+5U5rzJjAAMbLMklsrJnjyyntaxXZerbdh0P
+RpIv4DP2mAmSCDH9qR6sJ43iHpvFO14CQNUofbfS1TYIw8u+NQGz3UwCfmMrQAqY
+/teK8hMdEd7D1QUwRKBSi8icsPQiAdlVB7JCzSASaqIn/sB1nCwe/sYCAUdydfmO
+AMQGyFymSavQq8WH9QnLn49/0yKnrJxgVexq2a56XDDiQnxPsVuXYr8uuNGPH5j+
+XlwnsW2fsDoZawTjXr5DCStBmx0tnQI=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3B 9F D2 7B CA D1 78 89 5D A9 07 5B 66 0E 1D AC 61 F9 27 A7 
+    friendlyName: inhibitPolicyMapping5 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,681F6DA8CA9F5D21
+
+5kiDnMKFXJy+I106E5Qn3QOH9eFCaaYnlqNwRt1ijG26AfhzhTlvt8xaJhH3f+AL
+mQCKwrndrXbfFMAYkyX5sinWOtMrVEgOi4WrUu1ScKWhChe5V/GvdOA3zNmImG88
+jPat/pQ5lTHcSkX/NhQFwdt6IVBm9kL2gg9hR0aP7hC0t+XQP7s5IgZXvvTCk2q+
+CAE63hV/FwVexXoCmGxS3DBMEjAl1aUOXw3nmMvF+I4FPQShXUXTiRbtmPzdFSu8
+d8MojxGYBs1Yv3yDTTdtdA9G7YwNCwvqHCivMK0+Iuv7nHfB10ObKKQRw7IGSL04
+7A6mv9fBhWa4jarUpottoXwBe3NYjyEgqAshC3TPrbVJClnBGt1GRQ/m4B7oGh7v
+2DzLz6grkvcMjnEfTs9E4qawhwgMQBoP/NJ8YwXgqsGcBeDd4PDIWxSaNqkhtQdV
+j1NNZm2d0QoBc6mvFdDCYFWX7ch4r5NEZ6mryntZ5+pR+/Aw0YxXqiVtjIM4n6YA
+KZ5H50iikxwViZn4wnKOgoil7Xc3EwWvcJt+LBAhUGWgJB141UY/TKx14QFDh9co
+MPXrxkcpogVNCgYLXnmubicm0HPPR0ORYU3zG+dDaEPad23cWAwh6NNegModbEHS
+GFlDLHjLxQHAWY7XpLsLti90wBauyhE4zNUQzXTZc+0JrSYm5HE+pOBb9EWjjBJ5
+a0Wk2hHpRvz25Mk41g12qWg4RnmnW86u/6LjhXKy8kCbil2A3JXTRJE/JmjPWTzk
+2t5FpUq/Bcbl0WT076ROvMpk/n3SI7s1kW6tlw8olCzKBiDaN07PXcN5YtYzmZ8y
+W5ySTvj2W8O1VseYYDPt9B7V5xM3YtsqF59VZMmBQgDpoiniVb6rCxanEE5uJdMW
+aAextRiZE4wqzTbqh0Gjip94RADi7om1enxtu+X0mxfAC3JdVSYdI49+f2n57RvA
+sxzFMDEe4jSkFctAy8pjY/6fZN7m0Bpkpzy8g417rm2zFexND1bZONb/y6avXluL
+r426EEbORglcCaGjiakh9XHMQcjwlPhDPFjvI4JRLEheEu32KbNT6d8DGbYDK5K2
+934PMAkGr7Lw4C7ofdTbWGZRy6IWe8S2RjD90C/nPgNcLTPIkLAT6qVL6NvMHck5
+v3hivjsRaJp1lXUJn05+Goj9CVRwarg2JGU6jGAhkeyFrLLIMh9MWqI8rpuuP58d
+YIUCp99iSszr2gEIs+RPUavpbSJQknMI+ZtDv9vWv8cgk7ldJxNHvEFUldx8OKNO
+9e+lwy3ub0gLx7FNtcb33Do7ZN+NYLP3UwKXNmUADCuBeBmf0XBQEypzu9vPxPEx
+2CBm0Knii5ZdPS+hZ75uxkfktoQvC+z+pSuQqopYCd4Tk9ryrn7h2FdUm3nB7HYx
+bEdZpfhZiBXPkFZLAmLXuvQQbkS4eJ0Pq+y19hU6nSNOM+6plu6pcm9C6nb1HP6J
+m6KrTbH+mP5DUtsUvvdXOHu1IZ/8MRc5kvh/2VQdTPXyfJ9X5HtJHxna4YtKqBRW
+rrLEawQXeBcsuO7W1D4uYTtxGmsLWFf8OWLmMgCv0j/cLxm4tEpj8tJ20E6cyXLs
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subCACert.pem
new file mode 100644
index 0000000000..c989d48344
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 11 16 78 91 AC BD FD 5D AC 0D 8E BD 30 FE F9 C8 AB BF CA 4E 
+    friendlyName: inhibitPolicyMapping5 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 CA
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYaW5oaWJp
+dFBvbGljeU1hcHBpbmc1IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowVDELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExJDAiBgNVBAMTG2luaGliaXRQb2xpY3lNYXBwaW5nNSBzdWJDQTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALWNoV9OB/sGpzCATKUhLi110SMZVvGR
+btEnF/hkxaUlmi0foAiK1RMgUSmdHLYhKLogfjVJZhvSLut+OECEtKZTYV2RkNVm
+4igcfjs8aVhuo2z9lHZgqIkRpb/TPWkL6IgHVfLle352+zTscC6SVksC9J/o347y
+WE46efxyYYSGqUg8eXqodBd9ReFqYUKMZG/6Zrk1YbSYWOkdhTLEbvtmgN1ZsRvZ
+ImIZEAHaA2fKQKhwWeZax75qOeKRnzi0ZJCK4BFUkY5tviNclyNxbDCdOEyyrY74
+5wTjSkImxYEArgn41i++i05U/Fo6c5BAtiEQJZwoOfFPUXZ6ri5kZ+sCAwEAAaOB
+jjCBizAfBgNVHSMEGDAWgBTbgAe5YizFw/3zQ+JmUSW72/QczTAdBgNVHQ4EFgQU
+2OxtvrdvyhNjyifMnFuiaTa28mgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA8GA1UdJAEB/wQFMAOBAQEw
+DQYJKoZIhvcNAQELBQADggEBAEGWmRimtoryrWPMHFnL2kvI/vwMcVxQno5UzWGQ
+FnqgqRgKpgNeeNJmzTugZVPWfK36cPehUYPAZJjtcUB2zBaEEoFghvtZgQPWR/M5
+/amPSIHzt+mW3sXdJZ/lgkeA6nNanW/9AV3bWlYCfWgOdHiHym7hpKsk7UwHQYob
+ynVgkL4oxSV+KglhXYGab20YiWNW6KPC0C9PCyu3PEG21WYsrFGNi5aOOlnTTW8z
+A39i8vqZ023pgOkShxYBOvUdisg15xmSq+SzJZf5s1QyWd3kX5FRAsAOHWJzglvQ
+yqeQX3fItsth1c7iJojcVhz8A0yuXICe1knhgg72TEqj/3Q=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 11 16 78 91 AC BD FD 5D AC 0D 8E BD 30 FE F9 C8 AB BF CA 4E 
+    friendlyName: inhibitPolicyMapping5 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5C3B5407440E3D9A
+
+g9QcHW7o0MyolWOLsAc2kQawYPcI/YOzbWz77ax4i2OTc7F0bA8iCDy8WLMakxzl
+b2lxhhXcKJxAcqKO8bEcZjYhUIWO5F/651/BSHtCfuq3ojyRvc1vq5f2mMDE9bhz
+odKNUFbcF14i8gpjLP8RloC4BkQDKEubAsyaZD43gu3t/2V3KCOP0ARAWcuDKhUZ
+6HXkcevegjsxpzoKg6w0Bj1+f2clJ8iE4gRdJ9Szkbg0YsgJYrR0DCk1xMMHZRPU
+RbLcehx1Gt4WjwqCl40NF/cylMlda/6OpS152ht9N44NAWRIP34MdXFJXNmQFcNr
+pIPRi+uyEbYBJ2YWXPMmv8oJyl7wnIpa9sCILNbi8aJwgCvck1ALNmo9GiDqZNC8
+L6+gedGdxB2qIwPiPTgX2KO9dgBLNDQftfa+TR4nJi2T2NUdatSnufU+HzMAvyEI
+DZFt07zfxaEHoF5pNvKsHC3P9Y1hdme5GJlKzORvy0ssH2cCuiCrKHrYlGYgvXQC
+UpSvho46u60+qsvP9Q4af0Ys3bIM1BD9/soCMGFZSkIHENXr8y8nzLUmQmwrJypB
+GEXtbJiGtpG95SATza5/rE98UaUSJdG9EbngQlxAagP7HZySNrnoMgTobGplxFAo
+fMHv1oKlBGvnk2J3vHItI3GSODuvEEJPNVDYVyw8fS9tqFk2H+fhV8KoN57W0Job
+cGqxJ3m8IKp8yF3i341gRhJSbynNK8qz5YBwVBreVw2kWz/mZuUIRDyWRxZOwZlG
+OaJ7F6xFkt/fZK0+6RUQDWW8/Vk7HiKC7Okcvq5qkBqIne9+JIXhJr+MXMF2K/wb
+aEypoO2E0Vu+F7ivu9j/iGOTj4K/U+5YaZI8rPSql84UInPdCnK2QfgsWHOEbsGj
+D0bNfejcUfcqT+LcUPiwm+jBlPwcT34dv+58+vd+/I8pOlNOsq4TEW9UVHcHPgHX
+BSW7Ntu4B2/s8nNYwxcfmpx7me0EhZhHBoaazi5+J/3dRSdC33tf604tuwjjzVOG
+FSy4SFNGEvh/lp94KA3rfsr/hBzBBNJ5FvpYSH4/Q+fCyN/MVeSo7m145yXBnwS+
+P1C85coy4cT0M2/kw8svJgeW9Z930No/RDmUbBN7UmgzLJt4bsXRv+f/WQvNp3Wo
+PVo0i8fLrKP79bv7Nf8L6GUAIf9DeQ4mPHnKPr2Qq0Uvyjxbnj+DFT6w62+o2q0t
+QUNH2ScJwxNUKWyvqvdOkEk0IxzZSjPZefPmdtfmfezZ8avOCaF1GbrZBLYrIqZq
+Tovw48Lit4f5dSrvDH1HXKyBiq3Wgmn1drUpgHYWJOlQB+yBy1E5RFa5aU1OLyeo
+3xvnZjgS+A/o5HV4O5OVDQ6HCGiAekKwiNlVkQLIJLjFWO4kXWM4nyIONPKiY6B8
+YHGdfOL05k63aHYOqomikXv+uldYKI5eqJzjqHfbn1Z7dugsFZRNV2jAtd9L+w9S
+kGc+mtS9Utt9vh/rL49gviDkXXl+mjQ+RCrFZVgGRsNY/O78bBei3sfGdnMc7sUj
+hEsxMy8tQZIeJAnHn3tFd+QXbqdhIoaJ8aH0rvZajVKXLRS6u4JTfD6gQgHccyTp
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subsubCACert.pem
new file mode 100644
index 0000000000..2e129523c4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5E 5D 55 A4 B6 8E A0 01 78 DF EA 47 3A 67 B4 15 B6 6D 37 76 
+    friendlyName: inhibitPolicyMapping5 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 subCA
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEkMCIGA1UEAxMbaW5oaWJp
+dFBvbGljeU1hcHBpbmc1IHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4
+MzAwMFowVzELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVz
+IDIwMTExJzAlBgNVBAMTHmluaGliaXRQb2xpY3lNYXBwaW5nNSBzdWJzdWJDQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAORACl2TAi2vRGNZ0z25HHDq
+63G0jwwUOBpMU1tGZM3EA6E6CZ1Od8tAsWfeW9sUj8K2m+t5ncmshD0xjUeLl9JV
+CkJ7XsYI384YKQPdN96Wh+eNlbWRGi/DfmSiKwebVWOKVio7zMfv4rLdFEDYSUO2
+62AJ9tOBc8lUEfqZiN+VD/AAfKXWfoyW2J8pJ0AhX77P9DAuzMiZKvE63yI0lodh
+u9RKMVUPzLXq7FBY9xHexBFYGvGAtmuVfCfqNMR9Fu+loYqwb6KAAXnXh/DRq2TA
+VveMGaMxuoCk4TPlkrraHiFitJgXnFuIsD19YQ1iyX28c6W3pfFjca1/MQUOAGsC
+AwEAAaN8MHowHwYDVR0jBBgwFoAU2OxtvrdvyhNjyifMnFuiaTa28mgwHQYDVR0O
+BBYEFDWn1OFLdE5VqHG0Qn8y/gQayQG4MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAE
+EDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsF
+AAOCAQEArfD53rmonDxsB7VLzP6pscDyvmqoQGKb8BgjxfuNC5AJflfBbbtlCeMP
+cBIfFtyc0nECkfaO/tS6ZbzHyU7Oe69+jVOufQ0gdPJBITLCD3uhGXUgmTQdckXd
+a2YU7ua8NZI040Vr7inevt8DjgBwfXEtUlObMCGO4OYtUBOXhQ9yW5KRkOBoYMks
+PSwthYFiw92gkagk/jHwfB16VNIs9u/n0/848m4BzF7wNp7S5iG7yq/+fFT0WfoJ
+rI/TZJTmIyWTJfhGwaV59ira0PrzzJuji4w62TpBAC/iKbeUqtLdRHBFgur8ccBK
+VzdvksHDozhB+yWvQZNwqjIGoKb6Ow==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5E 5D 55 A4 B6 8E A0 01 78 DF EA 47 3A 67 B4 15 B6 6D 37 76 
+    friendlyName: inhibitPolicyMapping5 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4FF971D4AA6603EF
+
+he4gc1l86KKIErt8Ps3L1JurH41LCz1bBIPjK+eCvpCAD0ClyHveZ6Xt2kWFaBX3
+dMLH7sFDO/MMLqpn70L6BopBF5fD3edX/Uc3/L4BR79x9LGT0QE1WS9V4djt8Bqk
+INPEZaESnQTdckGsg9riICTuF9vujUTmrGieaUzxJLIdrAhmtU/VjjcduSzb7vMq
+DVl2aPtY+/iWDhO5HtGIAPMvB8zZnEsU8UbMvW+ST4CafjudAw28fYT+bMUzr+Y0
+3evVK+Lya3dc3Pd82LNDo+Vp3KSEGwsX9H077nBBR1LWz4HvYblTojYyd0U9Hz1w
+ReIbjJ6GzRH1Ro+FmWnMQPbRfUqmfbNwLY5keRzDHijiUmBTIyFepY8LfCfviaHz
+W0morw8u3s0HmsH8apVXsye8l4to30O0pwscGXT6G1pzdbB6EplYSZHP3VRuRVHq
+0rfAnmnbG1pNKc3ooLPoEFqfHVxzIazbe0D8a4q6iGvQGRUjFz9rlWefbazNeyPr
+caA27WSVy3bzqNB1MfIQo4BQcAEo1mOyBZW7vZCQ/GTPzEaDi56F4PatLskaX8vq
+nfCF+JUJj78+mTddZnV6Dc6AnW78ISJvS37i9FEkCg+PqTyUMlCwjkSh0fmi1vWm
+MYV0TOz31juOhowNZo67IDpVJJhsX08zFUdSbz/xDC8WUMmOANPYJGP2kAbQU7XV
+lC26rtO9XBPEc2TR6qpiU6HdUNmnT4tBdN5rvYy5QhQvwzcYhVGeAy8gsKhpbzJ8
+OdMz5e5c+V+dvkVlEWOniXmTZKKqXF2MBnTw/lI+uGijgwfTkHX+YlGpgU8cKNIC
+KOnilFBINIfa2+AmwntSBgUqmYsPQCJGvt/AS8tBezDewkzOneDtP9qfh1nbNNJM
+Mj5UGgVnWSqff7kf78lQZJbltM89KZI4Xi5ffHwMTqi//NKUFTyNx0GjMp0P0iIC
+XJGT8TX/QtL0lsRubvghNfYF/HJRxl8QchpK37bVqUs8v6fB3i7gzwkUdDRiK6Ai
+1nUXpH0I2KAhRkfw25uh+r7AQF2JTxnihbSkkxUqM1DkPBvVUa4QpciurGGp76ZX
+9Cg81hYcUPyv0PnIKfJaLIULMStvcFZ2qCgPn0LL+Nfbi+hxI2qFTLmZCCXXTM3g
+ZC1m/jkhocea3U/EHVtCBM3FtsmaoZ1jwbG8lg7sMYelGDo1hLHVxSg27v32yGim
+ULM4bVqYf3LTIrJ/iC3E19F+5aGuzyhqL95Yl0nA9s6oeG/SY7dB/Obb/ImvYE8H
+GiQ89sYM2Ykp6UzUH9cKjNnJZnfbYlhwBMwEFKNLSYNmob0iPBax5yFTiNukjRpu
+nZxb+840bYvogExlP4eUM1j3O2gvGlPUpH5lAf1015gY4SbJexkXGBW4hEDLxt/8
+DK/usv88NUYbuJMDn6QPslJWk6cv1knMRyLpM8m8bBqs3nUAkUtdiINU+eMqQknl
+GEMkCY57d9DY0OQuOQjH9ATvu4+e2Dbnr9EsBWxqgJK7EVWD6MRck28H9YybOZCx
+7Rh9EsJU72T7x+bWSMcXBqu+EMTlqlkIv0lP3jNxSYiX8OnoF6lLJhsRC8QxPaWj
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subsubsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subsubsubCACert.pem
new file mode 100644
index 0000000000..68ca7de65b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/inhibitPolicyMapping5subsubsubCACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: B5 80 27 32 7A 83 85 E2 00 12 C2 75 75 1E 49 05 85 C4 A6 F1 
+    friendlyName: inhibitPolicyMapping5 subsubsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 subsubsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=inhibitPolicyMapping5 subsubCA
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEnMCUGA1UEAxMeaW5oaWJp
+dFBvbGljeU1hcHBpbmc1IHN1YnN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIz
+MTA4MzAwMFowWjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNh
+dGVzIDIwMTExKjAoBgNVBAMTIWluaGliaXRQb2xpY3lNYXBwaW5nNSBzdWJzdWJz
+dWJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMOUe51QDDF4LIT8
+dNI7U7D9/Co97Ayr2DWC3r1XLTRuFPRFy87WgdMLZKMwQFFyUlExeXtmH3k3hiBf
+xQxkMe/RpmMzJsg2tR5ATvPvatP2yPAp9mdMCqn4KyWkMM7t7hKubm8n3V2FV+eZ
+VCM6Q+wCrxjzLpx/BnALMkk/+tNg0mCF5xQoTi20AKZZVapwN/jUM8bEn4LDP9bg
+jfvpZcP/J/IWRvQSRDBN7+62JT5DsnjJaXOD2a3ZgI/7shdoCOJJSBI1qJrSPkca
+IwozCjheu1icHr+34/uLXkYFuIAs0my0IJx7y43RrWNA0JTJ/WNYB+humZHP30eR
+bguXAbECAwEAAaOBpTCBojAfBgNVHSMEGDAWgBQ1p9ThS3ROVahxtEJ/Mv4EGskB
+uDAdBgNVHQ4EFgQUrmPL1+LDceP0zm78NfSb0k0+3BcwDgYDVR0PAQH/BAQDAgEG
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MCYGA1Ud
+IQEB/wQcMBowGAYKYIZIAWUDAgEwAQYKYIZIAWUDAgEwAjANBgkqhkiG9w0BAQsF
+AAOCAQEAhxkEhZca1jstqu4SQv4NukDbw8Z3DdN15kwxZzgNfij8622UR4YqHu6/
+dv+c0ANrgLR99MpRbvjimg4SnYj1Dlok4QJZN04jvvv0q6N3Tyvwf+S4LmaOyrXr
+N542+uqYrOAS5UNAPF4ZxkT5L9OdxKQ5qqRNN5GxyxbPszvVA89/rFy3fHC+2OHz
+eLgaSl/i0MIUhx+iCop1C+Svvt11DE3pBqRQly6A+MEtL9NjHVuJ/I6RxySHpbj2
+46+yJv6k/OuWjVrAlhiDuUjwFHPVVnvHk1plcXLv77EnhxL8Yb2tNF7tM/0aG7s8
+w5Idxl3AuA/XWMrmoLvQFlcYLm42Zg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: B5 80 27 32 7A 83 85 E2 00 12 C2 75 75 1E 49 05 85 C4 A6 F1 
+    friendlyName: inhibitPolicyMapping5 subsubsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,218DC09D15ADE49B
+
+WuH8KvV+CZLuBDAte4hOz4eQwjEmyt40Lb0OrP3fCY9E8TC/BzMl/nkg9VgqHnH4
+n1Xa+DGyGHZVLoW41u/Z9WB0AEC3+4pcvKnBt13uKMBRgBS/X3PGLTA3alTxxxqm
+6fZ0EQrEiz1idvhNfsYzRDXbtMYGK7Lmqltpm9i4tl3elakClIPPNEQqFyB8sfdj
+rx3ahk3nf9cUhXS4Ch3mnPfJyj20WCUboXqToX7OmsozE+hlhmIwSrpCj57MaDGc
+bcKUgMG0xzPnCiouFuqD8G2I0PxE1/5xx5DKcfqDJ3QFmBYBCXpv4AfFLDWtTOmh
+ZdNNU7irbB2e2/NL439unk2DfrTjcQtEXKOgs8JhOQtaKWBU8HsI4HcCWr69l0NP
+3O/7muG0o/Kr/4YAUaPkHce7BFMYnPQEqTTWxOpjQxGbVHYdjaYxEBfRC9iebU7/
+XLNUoKZMWDk69i1qPnT0GEDgZD1y4wGoKebJ77jRQQ7INtB3h/jQW8Ps9mLzHm3x
+u396hVNxrJ0C2chftRQ7HgmiEJqdI0hz5o0WAm9ojSDMeTLRiRk4a1Zmx6NsmoSF
+gfbcrMnOLr3oIeehD4Zq+HKy3sRsF45u9qvMtyh8tT6bNiml76ocKP3bvDgBwCMy
+PG1m4j1XesyuxkGsCC50zJDEdxRq6uFikuH/yJBRK1EX+qtkuavKQKnP1bWebhaU
+wsPvhfsa9h+rwNhOZ1ec8P6TfEXCqufoMIYWGhmFbzsHOpTyMZ+BQRorJkFkQ8Y0
+gJU3Lv8fCow/nJVlcV6oZKXoFhbPcETa5fVYmEFkX3sMcK9i+a0TpSorE7MnMAd1
+f/bGlcDy2tgOg7yqPK8OL3G4oNyzZWyPgRo6OsKU3Fnq8s0GI/JMMovcYt+mU6Qc
+bkIKNo4NbDQKGhujSTSjl6JpcTkC3mzCW0l5yLp/ke0Qoc55co+i2cPDBCOCQx2p
+0CcwsOAgfy9sgRA111zSiH2aTjH/S4hYiK5jshs3DAg60fTjg6l4zkB4fK0kS4F5
+dqr0xrXbGnL+ILSBuCwU3IABFc6gkD6qPzKB9nrFv0dEzXtcXYLOs2sNREGwgxre
+BfQhVA7msHQ+2YaiaQnE9HlvqWRntkJzBi0cND6slN5gnVEqX0vV5lQz6orTwtdM
+vv/CQCIXhbKj6P3RQmIP0s3/foTLXOQBmJoQE4Yo2Nynzb5gXMJCpInAA7lOMOqT
+ZGmMVKqB3n17VaBcrRyb48UobibzXUCWhharDCLznN6cYQuryh05Go5ugMMadxbS
+5I8TKpaivEbhNjUkbU/4HF0RgGdquxVEJSHMGSpyPnNTXqnG4U/tceRGkemsm+Dd
+oFmk2HHH2esUFuMWFXAcevGZznOtgzCz9utLr6Xb6RWZMEHf0aHItCZfkTtVEfVm
+YlyZG+xBL57cKbXZDXIlBNxldTEoKjUdQ8ICCusW64bLe4fHRKoJfOm9NSv2fZDh
+YpUKEkhaYuU3nhOJBil8wMPS8PgyoG7nDXxR7YHwNdePzUMXD5TJX9rRISuww/KT
+kGRVn8hewI/ihNvvtxVfFDGuKFfRz491jWbM78ZjT4r7hXlfVBC9u16zIbp+8+Sq
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageCriticalcRLSignFalseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageCriticalcRLSignFalseCACert.pem
new file mode 100644
index 0000000000..dc15ee8ff0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageCriticalcRLSignFalseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C0 3D 50 4D 1A 36 70 FC C3 00 C9 60 6E DF 9E CA ED 35 E4 08 
+    friendlyName: keyUsage Critical cRLSign False CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=keyUsage Critical cRLSign False CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowWzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExKzApBgNVBAMT
+ImtleVVzYWdlIENyaXRpY2FsIGNSTFNpZ24gRmFsc2UgQ0EwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDVXFpJZrrfE3RhnognaEW5+Af+QIHZD5UHsNHJ
+5+52dskADZ27OVATF0lxfJFCsvqg+xF0CwUnPGAAvicTqbn5s6VfivsitBKgJtYv
+7mQHmnA/atFcsstwIM4a0ElZktPr3uBoVxfxJPve11Pkzn54JOO7iWMMqvbCnUM2
+rL+CDR+0mVStkYCxLbUDYIBHvjBua2K2h6zffk+UDf1cBiOJjBKLdQN3gJDKvgBz
+P4icVr3SOKy7CeZssY9qDvfs1VIXbFdHDNqAQJqIDrmdYFaWQ9Frg9SYdJ4nCNyN
+7eQs78izC8jF9EjR7NAIHD9l+PeznskhJ8hfHOQ/gIiccfPrAgMBAAGjfDB6MB8G
+A1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBTCymn1tK8T
+LfSc8hFVyyows9JaSTAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/
+BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADggEBADmfRFtG
+DU7X1eSxvzMRLpmjMY7rtbEUvSMJXB4kTt9/QsKPucJhG90897xCca8i8R2nBjl6
+Wt9YorVQIXg1usooaLj0d1/MWgRl51Tf6rWRlpbaG3sYuU9lfu/b1TPHLdh+iihD
+OrJRrv2VhNyurI61IbwgOUfnc/185PdIhWMyFMiIg+S7k+U6MM0b0m8tfAwQMS7W
+qVKV/DZdutJFDNPqWUNW9KsVPQreAs0BHfeH1U3Sj5y3678pOOW/oWeQECv3hptF
+xIeE8gCSz8ckM75AJnqa3bI4Qfc8Z7h2KYbqg4uh5Lvy5sjT6EmzOFhZfxPkkYuZ
+v7kVKEHrXEIv20Q=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C0 3D 50 4D 1A 36 70 FC C3 00 C9 60 6E DF 9E CA ED 35 E4 08 
+    friendlyName: keyUsage Critical cRLSign False CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,68D6DA85EB17E2DD
+
+jED0gB+zQ9Xhyoqoj23i4u/lRZGmWxP1UhmzX2uP0dW4TknSr1V4SlNrAR+WSiTl
+7sHP5JUNIt/l8GM+xXQ7fbOdoOLsbkpOauHh0ftQKbVmEJvRojwTlBrlvfVESYIP
+iWhfAbI1Dsz35dzX6czqFq8K8OReA8BGpd95Ix/FGBWKcoAnjKISQy2N1hMea6RF
+zGXFUWtccI2jfB5QIuIwrHIsWCqPKT1iwEw1TzMt4zhppRGv4svN+176Lx81g40o
+M6Dg8qNpLx+OfKzY962zMB7kCXAxHbnZITKlx8U1cF+60QujGwBg6arROgEwOKSU
+PU2m112MuHckdEhI+7VbcQKjwskggYgP9UsqOrBt4WJxGNWm9uMFM1XkEyxmU3ut
+NiyCX4mjPUpqfY4Z2JkOlVu0TgrP+f041a1V5MxCD8UtdN62hV9V2fYjKRNaGt8E
+wZpc6/GRv9ZK6pVPDML8B3OrrCCMLjg84L7OCfuduxV1oK1YXok/Z3nralfIVdNu
+O6ORaXhXPCwNx3mj+MbNCCzMQmmLPBX/g/p6z5kVC+67HVzAp/tMiQ9p8RiLqPoS
+W1fEBnpDMgtqzwlSnGtCMKCIkto8jHi7zdk3eCjwX+dt/eaq6oYzQYHjEv5LatZM
+UD/UUtKG8MYyuVt3niiV7C4LFO861gPgydr9R7ZffnLKKre2mTzFOcpD95b2jbvz
+GrjrU5MNvZIBnet6kYVFyElB34eEO33emV/2z8L5pp3QpFtx7WldhhAH03cUUZsJ
+B8t3Jhz9KabKDl9mcFH0x98VgNN8ZPNsIMYtz1tQ+J3J1JAbh5X3R88bXJRonYiW
++itRoTtrJ8xDWgV79LzhJTo5AqE8h2C/AvIsFynUhiJk9eMioX4BHaqj+RroS8x7
+VrqyQHQf0fOg33f3xy+xWPDablqGohj/e/YMwHXZmovp1Wbwrg0J0sfsyDPwGeVS
+5Jy38ohdFLawlXm4WT5a9VVKEJkRVrAfDbFpYOMwLnJJHNp9b1WyWHDlfP751yYa
++wFC6idLnYy2r4STVOiawg+HaDH0syWvatcfRj7LRi1rG+eUBY1jALjRoSCKIDxX
+yQhjCBRIXk7Cuq72a07fwRj3WJ24E+nzp8L3E+YkuraMUmTsgI5+NIpYItNv9gNd
+Bcgu7L13BR/jyG/WdZwg2JIgkOnyHAVNPXC7oYmsSpuCOGFrYpG7jI/NtZB4NL/o
+IEmbHrw62lbE6vPxcwf3KPkzOLJurxyZ5IuFhzKX3A2HjoOrlYuKXUs6qhioSzly
+B4QSdUNuUbhOBGRNqaneWLjQBGSoijLpGNdzWjz0EOjDqSrTSvCc6Q4OoFByiK9O
+YSLjgOOhJ2lHj3TIEYkvVlN28Dna9L25VVsE0i+Yq8xvZG8wzlqg6QqWnLZnE6OY
+zrYX1CCGUnMSSpkqPVvWhqtMJQWcNBxeHIfQ7ixjMwmJn5f/mJ/mQ3Pjm6sjHNig
+nwmD4dWSGVbZxmturc3Q81oLt/f3M6os2/9Ds9oAHGrLslubcfbVnicLGwdRAAj0
+hH3oG5sFsR1E5z/F6YQUun0czkaQb5caUYiVIskia5ibA0WRkg72dmj827xrVtLy
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageCriticalkeyCertSignFalseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageCriticalkeyCertSignFalseCACert.pem
new file mode 100644
index 0000000000..e98f314654
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageCriticalkeyCertSignFalseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 54 DD F3 A2 70 30 02 61 F3 F7 32 AA 21 08 32 1D A2 C4 14 F5 
+    friendlyName: keyUsage Critical keyCertSign False CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=keyUsage Critical keyCertSign False CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLzAtBgNVBAMT
+JmtleVVzYWdlIENyaXRpY2FsIGtleUNlcnRTaWduIEZhbHNlIENBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshkDAkc1NgsehY25cyVzSEjWwYU6t95G
+/bdkWf9DwvSkBxz42UAB0DfeBaHlbsgyVPjecL2N2bBpu4Jn9T03xEaMfcZXsyI+
+Be6psiAHVoVI9yTqESpjDgwWC6qE+g6PcQq1pYxsGzWlcBm+nxxpb0biMg0pTgcD
+KUtkK3UeoUJ15K3nDEekwLkLFwuBBFGzfOFCp9PImJh432RT/zzy47GGF9GNNDPa
+7iAZDmKadTAQ2RFy91qvUWsMxTdQ5wR7mzYRQwjzJG/3QBUKaSl5jEX+U7wzI20b
+OAHMdiEfsDNKXlvbIWloxcmVHLrVnzyFXgoB4ZYUydsAZoqW4RUaIQIDAQABo3ww
+ejAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUNFUL
+Z/wcsdzCcgoU8GPp1JvwY/kwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgECMA0GCSqGSIb3DQEBCwUAA4IBAQBe
+d4ZoblyGZ2/KmDlPWpOb1UDgc8l4fTwKDuDOch2en3qqX22Lbfpc3XWB+cOvcneu
+TvU3GCC2udrSk867vxd6LsiUPdfieO58b0au8+myabu+ICeOeWtug/++HvHiZYPg
+dJI39eSmMC5iaiSUkcdyNdH6IwkB3WTlfFwQo62T+zC044ajD/1nH1F8yNx6bJPb
+nCcphNbufW7lN/3B7bpiz4EKajIkvBk5ZP8b6amkDO4fGQvEgbZGhNo2TwDPJh+i
+97WnDFkCgOETr6GTgfXj+BfABCKduqpl4H/cUG0zt4QI4SMsuUvqTVoHTUc+XNMW
+kaLapuUYQMDC/P0XLwPk
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 54 DD F3 A2 70 30 02 61 F3 F7 32 AA 21 08 32 1D A2 C4 14 F5 
+    friendlyName: keyUsage Critical keyCertSign False CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D4AC773554F54CB8
+
+wx/O0W+iaLKhCpmZrFqQGu1feMI1jBRW6etpY9miXcSUorYfyiSYplNgTKNmcBF4
+MQTC7zLeAx+0HUWrPKETjYxPz8m0W0wBHBr64+CPo+DU/xxalgxpb4v0faz+Imuj
+Mm4gIHKikWHIHdonnFWpAAYAibIKg2suXJ8xDrMzHERzRKX5BdyJIHcpt6c7CLaQ
+6VgPQ/07N+ooNHis5ZrXtOink7DAAFS4EvY2fb7Fqm09eBRVe/vVtQQYSINpruWq
+W7SO6GJihr+hVtKo0PoHYvlsrlxZgYegxtiI+UjmJssLWj0p0fGvmgnQlf8UtuLL
+lV5kMSxGBqcJREWNWfYnrz6rACYoxmnG0DkUpGFTVeNfgF12WRZr1AQxSXo+xPeQ
+99zwXTYQ4hr6mB3ur6o+wAQXIRhuahfMNdVUvCL6Lnuaon70opw/8u0CffAwxCsC
+dFRXIe1Kmp2Ms637fLimoQCuOJ9OHM/wNf5MUyPBA9V9K7tidvqH4kCrgdm7P1vy
++ZLtvJ96V0uWqniKBRdqekzCN46v07Ss6GFL6fBDnbGCCCHPZo/nMtHWnXc0TM0h
+3AzYtsFtpaaEUBXmY/fuVOLEm8JELkByV0+08U4lktu+PcAg0rWDn+x/dNrSYcNz
+HWHpet/Jbsxk3JV6p9Be45wug4IEiouGHVUVE+q0wv/jbEebQlYk8qNATCvl8oo1
+xgpluvYW8+mrDTVskuuewb5Mj1AiwINUdLS4ZCDO1zwi6qyCGPvGSovUylBLI1m+
+wlD1yCBBfgwJUi7DpKh1K3ut0/bmU0CWRq76U/eWdLP76hsLIyuSZoMpeezaplwA
+AjoLme7da8yYjwzvXN5D5p4JigIhau+yOydpB+1EZyQAf//ROiHQ4mn3sofFPryp
+WPOY9B1j7vEQQcCowH7t33BbVMnacoYApYs3fJJrKBdfdcjFK2nkVbEUDg1BuWtw
+qfFpvS1ElW7C75lEOxx/r5ZJVI9v/r5sDB8zgszyhj9DEcpSbq5EApDW9AWJiH9y
+JKNBgh7KhotLPi3ADnp3Gzd4vA+h+ylCyGxZMEaY4gt5QrXViw3ndXe7BIzffT+g
+wOLyYY0hFIl4XPdD2iuho8iUov2MwX95SoWo+WZMH5NcPvbG9Z5Qf4/DMvcpQILZ
+hW1H5rDikiZ9kBLpIfXrWktDyvgP1p4Ng8LbZshK4Jw6rtLF6Bo1bB27gF98+lCo
+cORPVMi5eSL6IF8ZkkxS7Qos4CC9SpFS+8DIHbM1PibOwD1C6A2KoIS55c/kYUye
+XZwjqmHO1g7DBP6/qVRaSw4Dkcr0NqDbt1cp8+w+yKQnmqzgf2zKx09fbufdjnDL
+/hU+FAm10YKGozDbWA5oTZ57sy9K8rA38p9ECrz4OeEVnaG/MeCnqfpsWUyvpHUo
+XA9/mzjaUAfktQP+wGgRdv6Ir2stOIEgkkYo57T54sCDnELyzECo+6FadHUxqNL0
+pQ8zSuIH+Wb8PdVlkFtKXE0cL0laahBzMFSZQVj27UQCnVNBdFFy/Kv4aoCyWL+K
+FVRMY3kJ40sTh8SWeFwO0aLd8ycV28AapkWqyKJau3zbNQNWQkR43A8KeTsNf28Z
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalCACert.pem
new file mode 100644
index 0000000000..b2b35d95ba
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: FD 63 0E 7B 2B E9 83 FA A2 27 54 7A B1 AB 67 0F C4 76 56 D6 
+    friendlyName: keyUsage Not Critical CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=keyUsage Not Critical CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIBHzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExITAfBgNVBAMT
+GGtleVVzYWdlIE5vdCBDcml0aWNhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAK/akbKDSU+jyQyKaVyIOSz1eF/8IBeTVffB6t4DDAzrnRLvfKPO
+QaKZb2v5iqF1M2bBoKaIdSfcI5At/JXFHJD7H4EGHkT9sWMV3Qyhw9peIr7We90R
+S30KHCOsXU4UYx0Cqgg9A1coxkMo+lopBwaQMXdxSRSLshfGuNKrjCcttOxF/GXm
+hpz8kMPBLUKj9OFFudTylI2DD46FxcwgJ0JnBPOll+fpLPYVhBAM9Y5uHjcanl6x
+5U3Vu2ENZ+v8wAXqFFkl/ySMO8oXidy+2ifYjxPJsvAC/A7BID2NG7y6F90+tHOS
+7I4pUA2dwp3ju6p5yj3o4zSX/cQDvuHj99ECAwEAAaN5MHcwHwYDVR0jBBgwFoAU
+5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFMGQEUrZtCvFcH7OjDtiWOW7
+lytzMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MAsG
+A1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAHJthW7o9tlSkPicbKxW3xOHN
+vcod5xj4RNcMFpz3AZe1KDPm8vSO0P20uzUo94BcwKGOhf1Ecp+8r9Y7O/dpyIz0
+FZRa5JKW4NA0LlAuhsD5f4gLpRbY4Nr0SS0w3k8ycSU3uxpPCiD92tvih3GAPne+
+d79uPxmFSOVwgiPa6uLz0nnlAwgbMl9NiLpdzsLnbIi1saapuoEwMNWF4VXd4DDO
+MfOh1tHOwbyfmJuQF7rl7dGkhQN0e6AHJUsNigI3i4wHf1GvfnpXrzUoz8QzmUWf
+QQCza3OcdC2UUN905ztpH/+1bgtUJE/alfclVJZEHaWIhIPg+5//Op74d3oK4Q==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: FD 63 0E 7B 2B E9 83 FA A2 27 54 7A B1 AB 67 0F C4 76 56 D6 
+    friendlyName: keyUsage Not Critical CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D9768CAB2007E4A2
+
+1izcemhgrYgp7NpmBfYrToOfortvPJIK3wSduRy+LeP1g3o4vgRXKzX4i4k9LBbL
+2OFdtFGAvON/btC4oSlTeNVIdDHv8/Oakf66HHUlw9tu1LhFwWcFXDQ9Jyf/Pb9K
+H9vk53fBoDl7PZUNPDsGigMAI2cfo7GClbAEMzIFhaCbvjApDW4YhtoMDPy4P7gI
+hOsymmIvP7TttV5vfO6raFHPLzem3M6+XubToouHRUlc1m1nX3DMiotXRMEO4ioW
+uX1QqNb9xEngnKA4ADTrYvM7R6QoQ9claXHqieLzgc8iNzpMj5vSkVbOCOCVMxoj
+Sk5oJMGI/jE4jsX1VHKFbBfEMntF6aeuoCrGsuZWPidopuxZ9nBGgLQVCzs9QOaq
+z6f06Udjg0C/nM5/iE9DfL3RAylTrRrXV+tL/N6AZde/7KxJByUo8SndvcqIgrIh
++1NZsVdFhp/xybqfalUXz2WxzDkrj9B4+GRZn7/Ci+cVRRXBuifnZwm6FlLBMsKq
+rz1EgMSkX/0JmE9C2qe7ls/Gpx3W/ahNLbDLiiqhUXFIvTUqpnww9Ozrwwq0OcIx
+5qjT2LyZvxZ6BP8hm2ux/CQtteyyAvLlMF6b4GqEyjJWXav46oDcmmvobe97Wa3V
+JHVw+TCpLWypYZlUPHyW661s33ewWs167lIlCWlFkKCUtzW4Bp/E1xZ1Et+/xzdm
+PhVqWWyoWVIQXwi3K/OWojc9ZGyIFHybROl+sqeWIpUXnsN0pa3vCigWMTxqeA7V
+EHyQ28rC5EF+IreW3RE6vI0ZGtmSeKxf7UonX2HBiOYPHxfgHFRpcIqJmE/p2Mi+
+IIx3q/q3+N1mGtLrk2QBzJNUyGWD118Y3XrWv8gsj9GF+9J9NBTBfNgyxaxrdPcH
+6tmSrOF6Buz34jlQdxsn7wN/kjTtNVwBxHtaVc6KzrP1e6IY+5m9FfpLY6z0kLtY
+ZczKMr/fjubH3RoC/dR9H0v7vFyd8syzfIXLW92SMqdwh+LLRBfHUZa6tfe8cVf9
+E9dybAbTVS+Gctq5mS5pYHSWyZDq5t7JrvBVBjh2Dt6D/0BnQhIqnQRwNpbSoeNc
+dgcKs+HhptRG8Mtr8VA4JgZTTYf7h2rVJHp5ilYvvIj9K29ftgRHj+iAKlKCpdzJ
+K82kWNI++/nT/xX9lbtSEp9Z2slB7j5FPseHNvaDoFh/dIDGbuYsteVu/pBnPX/O
+jtcOd6Tu9lzjrHSx9AANpxDui+VQRfdGJBg/nCof6RQ6JJI0KD73gOJFYEPcrU+i
+zoZR/3m8Rb6maz8xL8qwJerOefYaMGvBidqcBPxl4TVs17JzEfyCyLwUM9gOXuBb
+VNiI1tFxs/Sai4U3dhv5y/DrMSJ52/viPzz5UHh/38Og1b3pQWc4xCJgAesSvbCi
+McxKCksGErozuzopNPJXv59s3wxkHcGY7SQ8S7HqUz+nR715Ho92mWuvDitPm09g
+DEUFgD1ZHB1CYjJ6jOiq4hEGFKBUyP56Zwz1060/JHsEjnYMhUJ9FQkhZJOaPEa6
+7DNbXkish0R+ClDkI1CIWfe/t/m+Po4c3WJASPs5F1ivDGvCXDN5/g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalcRLSignFalseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalcRLSignFalseCACert.pem
new file mode 100644
index 0000000000..59924e049e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalcRLSignFalseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: FA 8E E9 9B FF 45 C8 61 CF 71 C0 90 04 96 CE 07 1A 60 C0 ED 
+    friendlyName: keyUsage Not Critical cRLSign False CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=keyUsage Not Critical cRLSign False CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowXzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExLzAtBgNVBAMT
+JmtleVVzYWdlIE5vdCBDcml0aWNhbCBjUkxTaWduIEZhbHNlIENBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ajkrGWOSxFEG9vuWGeWpRVcosWQyfZP
+JV13VfTNb+3Q6Ke5L218dww1FtrmP99ZBbbX8VTaLT9Hl36zdCNhXfNDjpj92N4F
+rM93HPFrMLewZnfq1d3zWvtPN6UYNKyRozFsys72YmIswHZb83uAltVNKZNaoIhx
+9oDLf6BudU9MYynVUnOskvWbJbbi2SqjNW7dHP7boiDi5Uy+IdyiKvkyTHnaH3OC
+gjmQ3lWXpg+2unulTZabYaR4twj1hFh2XgZF946GAg2sy8ux4g9lKR7+HL1BNC5Z
+PBzKHqMPZu8+RCUA+gHUeh5xwRFBg7wq1Gs5FXY0BB86bDdjJrDrLQIDAQABo3kw
+dzAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQU+X5S
+oHlmBAhECGV5EA7dkOZD8dgwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IBAQBXNr7R
+CtJ7NH6ne9HBNzkCWsG3bwfaR3tD9hQNR5w5fyX0LKwBhnX8oH6dAHe+YHZ5oRlF
+yOeAZ5tjD3XR1WGFJCEHWQ3VmHOVtHLoc5YNgUZcn9xO7KLWiLsRPm6Nyd7AETZd
+/2EQUcHecRR6tnTKZJLeZzddzGnb9ThWvdYO8VaY7ipNp/fL+odZx98P8yiwni9f
+gspeW+GDi8xD6U16qXGYLJ76y1gkSYs4IZCx1Pqn/MJTsx42cHfrRLaomVzOGraa
+tjeiql/jUOb6IWX84tabge5xp3nMD1xfCFaGTaLMPiWtEhgFqZEzONP8R7d+15gr
+tWm1TYtrpHu3POhY
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: FA 8E E9 9B FF 45 C8 61 CF 71 C0 90 04 96 CE 07 1A 60 C0 ED 
+    friendlyName: keyUsage Not Critical cRLSign False CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,275F2E3AD2EEA049
+
+7YvBHx8+E+Vhw/nPOVU0cqQG86t08FlQJoYzqbih+EMvmOnuARkLo85UqgsMhPLR
+KFIgv3WiVIUc+DYSaP0PbC85Zkq3Lctl0hNDyUbtozMh8bCXVqNnVLIdPlmN4FDx
+JofVamca1/TAAhZrVymSk9XRCQg3tt+7LwgRS2fCtTmFIPkyVMrgo1vV64x2Y+1y
+hBJyXfSvXI/v0aAZbqz+Fho4TlaxPtuBpT8HiBhcIEIk6Abx1Jsgl5/PD2fsnrK1
+zzTKw7vMLKsvfUpt7aapVmjv3CpZEEgJtYlGxYyTGD1HbBSR0XXdU9YTSQAGXDL1
+sc2pXRuMKS/mMAP8CtLYyBQTmCk6w6ySceiIDx01QYrOWANwX2upsnyR65NBDSj2
+EQH2Z9Os+Uslbd/MMLZT67VgCLXkrNBKWSklrt63YdRivCUNtMM8N92+7boSxExx
+vo/ngvhO1vULPN6y231dS7X/wqMgJyyBBVCjtlaVSqD1pDiF9u1KUJze+olqvEdQ
+9alOna/FisedtjE8HuntfIiH0TGujtcC6bbVLYs6Lhuk/tiq3ud4j47UuArGovD0
+qV5JqIcxMxyh9cI7CGx3TWUTMrllCfKT8DuxFlWV6eOER1gtk8AFOhwNgCX12iUt
+ZXleKaBgi6ckVip/lvkBQjg8UZuy2aYK7MFCn0jKo1anaSOZ/VcT9nnv62z6jzZn
+heG8IUUKvLotuTEO8+2fgb/Gw2v/ZYCviqAmI+GLuVCHd3b+g8j4wylNV0jFq1Gq
+sLswif5RHUgAW+UaYm+UJkWA4uKGEWf2LEsMk1qJ+Gbiv3nWB0r8e+qYqWZtdJvd
+5U3wOjgH76BQgQewqRPRQ44WXXY+Mz+RntPmq2i3oBfoFCRAP3mSjQJK1z6e+xl2
+h91yAn0vhp9QdwUb5f01kYH7Wz12IuhCxVApMRal1PKq7afNxHUMaG67XyfTsvCr
+GhBFmO5uFV6s2S+cAve8vdG9f11Iq4X2zX8GwPY2rtjjg013gsnyhcQcfDbGIf3D
+21l9Wln1aqQa6ryUM5Q7cjrOJTB0S2xb9ItP/Ma7bufNmeiqo36U5pe2m55XHTG0
+KvQVjW3y9LiEFlISWsKjLIwYOHFcWRhBJlzFHhf4iuHolufqZMmg696MqauCEF6q
+RtKDFAbkT6pDE8OuuvYh6vPjwDsse5nYBGezjXGWHHI9cSXQE8RGI8QAAwHidpUK
+mIp7xCpmMcCOKEp89eErF+5DW41fqg1QVnZ0Y6AJcQcpkO6iAgb/ci8dfD+t0s6N
+GycmWKe/SiWPlfBwFNuzw7A6HxsUS48Mxq7CEYfYv990SAQrLWwIgUxELcEd8ftT
+YOtdwnji3VgbGEvMmtNVr0Ve3+ilK4h/AjidZ+YzAuFEdwYjtAHuVr0fREoX4q2T
+gj79ZlaEnNXWaDcVX8LiqTAlWBCd9nFDv/EEgheptEkfY2/M7jvlMSokRXWibZZ1
+48xPg4duUcChEGssmnzebdzNrTvLPgjNeRfQfc5XcgSzJecCrBBpLobMGyjrMeH7
+oV7vV96ll3wpvAqvP/GGkcgBX0TNRTntH1L0u0AQMiCvXL7jMxNr35c3la8elJfc
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalkeyCertSignFalseCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalkeyCertSignFalseCACert.pem
new file mode 100644
index 0000000000..7ebcb97e2b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/keyUsageNotCriticalkeyCertSignFalseCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 27 CC 92 74 D5 0F 97 23 CA 48 E6 84 97 53 DF 65 EF 38 B1 CF 
+    friendlyName: keyUsage Not Critical keyCertSign False CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=keyUsage Not Critical keyCertSign False CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDnDCCAoSgAwIBAgIBHjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowYzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExMzAxBgNVBAMT
+KmtleVVzYWdlIE5vdCBDcml0aWNhbCBrZXlDZXJ0U2lnbiBGYWxzZSBDQTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALuW25Rdl1a11hIRQCfJWGwgZNpJ
+8Bxjnvmd+5HmQB2uTgWTPpIs9xfWCuOqqCD/jVSS97nyBQQtp6I3dQvU7Ssmkz80
+7y25FvrdcklcYjFKeKra/Di2suavIb3nlf5H1hRIzIejKqFxIDjT4QOi+kNdArr/
+cJM1nrZEhnNErXJ8qDpcb8k4fzbmodDbV/g1zvqY/vmh4iYv5qiw3PFRR94e613H
+gatzeOgFdu7EpTGAbNp0cGnsjvSuFb/XjY9EAtQoQiRmiiXbBnmoDIqOM7lktYJ4
+6Aly5kGXqXS3ZkkWERHRepN4B9rA8C2bppjGxQ13TKHFqeQfOgkvpGi7rVECAwEA
+AaN5MHcwHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYE
+FLIl0igw0FVobky1wkjzypsV8kBFMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBAjANBgkqhkiG9w0BAQsFAAOCAQEA
+LFhwyCZWomHkwIVAZ8k+3AqH8bVC/JcN/8St1fY/0BCt6pLeFOWLLXpflPlvvNA5
+SZbJLDfE3VOOYrYqwJEnmy979I1527wPGcj5O+jcDg2AWBpMt1qPPafftSGQxx7t
+UEWw8ZQvsEAab3Cof4p1/DXCJKOpx4zsXrz/OFBkSx+Gq6v7n+Pb+4g+IojVaxnx
+UO8xUAaQzjxv4yVfQQw3fzfrY6a99UBUOwuIPcQ+AKv80uU3aqgtvkoOWqs7R96h
+rnEWe9qZj2hCg9Fpwz1hyg2cXpkBfL5Kki5zUTaNhad+6iv6p+tXxx7W8qs7Fti7
+ziEwUI8u1HYLbCGCGFsuhw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 27 CC 92 74 D5 0F 97 23 CA 48 E6 84 97 53 DF 65 EF 38 B1 CF 
+    friendlyName: keyUsage Not Critical keyCertSign False CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E1F05EEEC619010F
+
+74pwj8kKEJA3mS8C+eIEtuVZs2lGNc9hKvK/LXlUSnQuYgtfmOIch2rXgNZMtQE8
+LhPfxUrNGG+30b0kkrhdwTBiM2+I/OsoPG9qXZMEHtDhqpGAZhnj+FKRB7VQnt5m
+jP81Y/dgWTHct4TsJPdSIRVOm5rbParIijUmnQ5nAH8HUEExbbd3fzLEEnZVZDus
+rulTbJaSiUhKHBU+oQtZ9AGl1uCzr+uU4o5ihltA31vMjRfqxdnpET7+31WI/1M+
+8hUjXCb3kE/zxexffXiIlujiQBrPomd61L48rZiEvN+kKHbp0DJvaxyNvupzbFii
+wNCkOxfQzRUTvGDKuvFsLjAnwoKkBDX3Mn2qbUELK0l6q0598srvnO03NEZoLm5a
+Saz/qvF0M3jAChxzjd8qqmJ8JffWmO9DLCPpYDVT2NG68QSu5hbREle/VZtwVMqD
+IYw4iqyfTwwP6HN/20VsQPxId0Dy+Pjo46bmF9NUHDtSIYIQngkE3EHyzfLI5Fm1
+YHQy5uZNclrhu5mQaYgqfQLmeTpx6BqcIq+pmw92hHzxFslHIv/wFSeEd0zkTPPv
+DL8LIp7kairNy4TBO0/LjLZJOutBZ3afiKWD3HjU0MwDhvgiFUtmdA3Ok5t0c+Og
+vF3y1pM3oMEF3QJg28eiyX6ZtoMYh+fKjSNN2PjKfQ2H3z67FcsgaAg5Suxa8SCi
+Px0d8O130D5uBlwsRkq8kBY/bohC2d/2rjVRedGyGsNAJqER8Kyez+3OmnOnOBV0
+l67hw1rbzOO2MEz8dh6yfrqo7rHSuJFD5yl8G/u91ljkH3STgJaZSx0XzS9mdIpw
+z03lIgymSCRJEOiTeAVgHpBqJtCT6/efKbU0jkeJHozXgCD0QY7xK1MRgTr69ojW
+Tpb0OibL6NyDm5gMq6Hwq/ISjsi0FsGHBg2q0yBY+tepErZH+XMxav7Hb9hcuYU9
+YzhzCTK9HHwk6xGZWvXcpTpxyeSkDjw3+IPV9Zc6bfOHNJg/znebpoEosbrnHQAt
+k1xHvqTfnA4MJZWqhaM9okrP3LK+9V3fJKPQ161aFjBbM9suO25unR+cuBfWV/R4
+FV/fyrA2zpXZcG5gC3HP/Y8Nt2DbIkZ7aTcSKTky3p2puMlxDiBkD6fgHgjj808t
+SYepDYGqaVmJKX8dxGKHyjKfYsdwYuspSKLNl9oFSYmgdUfygeeDGXmqOuGmSovD
+q6iONPyKOH6p+oSazEJ2ZuP6nIAcSoaz6ueGlTATdDYm075K/fmNhEvqNds3CE7A
+XOn2wDlrxv4VMdDFpTazNpTGEo8O9rYUtgVTy5LPWmENFtCvI8CL63qcjAQon2jM
+yFcTgT9YqJpcabBFb87HunyG16Zbb/30PWh2c5UECDLzEkKSZVTg1D2cEcuD7IDV
+8Fu0GZPotOFDM84x/4dQPD4+wjHxqfPXmUNXIpt5sWSj/55uyS1uhEik6pznotoc
+ge+Yps3psIFb6AVr+vTBFx5FvRvILIb4iCyL/kgAs5bfSnlMdmSFN39wLUBZOaR+
+JLprx8Bo9qH25Wc6mmNPQjReGTgQOVIdsIkBaTpqqXEfZj6O+KJXIQ0gTGmAs/sv
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1CACert.pem
new file mode 100644
index 0000000000..433445f937
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1CACert.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 2D 55 C2 E9 01 A6 15 D3 50 78 02 A6 EE F4 DC C3 F6 64 CE 86 
+    friendlyName: nameConstraints DN1 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID7TCCAtWgAwIBAgIBPjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+Fm5hbWVDb25zdHJhaW50cyBETjEgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDIFZChS4W10eHwp3smMrXyTluiMJTrq0f8LEx4D63qlvrjNngGxCHt
+BOlFbIH3uKwK24yKHywpFK38bHLyDf+2LoaEYox32sfyeqneYurTGJ4sZ1T/fsZk
+lG/n5fkMlvIU0iu4eOkshyEEtvUGpvdSEg4a7TiadjmsAZkJkgBHV0h9VYaRYvgY
+BnDsTd8MrzKo0bNnpMgiUGtGJB9lB0DmhO51IelaxiyaJUVIsKUZfpA1NPjSboLi
+NLgKhP8El/AlBY3BG190xJ3a5xDIhDq5SRTJ16554PIIwzfE7nvY+9TpwfkYvVKL
+zCOTyrA6VnFwTLKc8sLYKFfmKNEboLafAgMBAAGjgd0wgdowHwYDVR0jBBgwFoAU
+5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFEF4QkbNTqiC5+E53/epFsAK
+/O+GMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
+VR0TAQH/BAUwAwEB/zBeBgNVHR4BAf8EVDBSoFAwTqRMMEoxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJt
+aXR0ZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQsFAAOCAQEAaRFMK70B7a7bqMhucX7K
+3AnChP1D8T/CFQUnOWeC/yKAcHbplQf3uWzL52ZJIoKLJaT7dnCuLxx9St/m5aCI
+MKZuIda+85I2WisV4brJJWyZlgLauA0WLZuEswqB0viCZG0vgtWTm9uN6O8Lqua3
+fnM/0WQtcmMMNs3NWN+FTX6SHIu5Z/DuUZWSF0H76jjheSJG2wXn0TJk8RRJ7mn5
+dnDEoDFUpePO0qaOjl1KGov28zz2QGIr7Nq+S0Z3Gk1Z2O3DlgYMeYtqkiMPKZ4Y
+sPDZIABuaSYI1o0ZoFnpLgiWVWbBJDO3w5x6eIS/CueS8hKfX0h7+dIcgQhABleo
+2w==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2D 55 C2 E9 01 A6 15 D3 50 78 02 A6 EE F4 DC C3 F6 64 CE 86 
+    friendlyName: nameConstraints DN1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,898DAD8985686C96
+
+QaviycojHWt2k7YjmdYJV70orCk2E8JuW1arD99JAJ5AsLFVi4NjaOuB6HVp9NmV
+ye44weLxzeeU5ngFz6cyJKSeEP5nGdAbcA0ROYPHBcj9oEfXOiVV7cf7LeGyDtaT
+hrl9+fOgepJm0CyQy0cuV8UqYwrd1ebjSNtq+Em2HWs6e0mYxhNJw04xR0zlPNAU
+XYHLzKQuad8bdQsylfk1/+bYVHHtPh3gdXhz9g+lvpJ7zl5Zo9i0kS9X1ov2EriH
+BwrF7owBLgf5J3LJ0xxoIiYFmartTg3JncO6V72hBtDWLQv1sDdsOmBW6kM+x2Xh
+TgRHjvFk5LgHEpRoz8ureAGMOCELGMmYYF4qdnvgq9YM69LEooX1YMmSpLBpa91+
+ZaZJbHrJqLFUU6kBV6aKyEmhSnP19zQCJln3b6R/+PZFRVuagoO0Ybk1byBPegF7
+mxZXhnD+mO9d/H4+YEnuOZC5npuHo5UnLcm6h8eyKvs8c/dceF1fsVZQfm8n7Drj
+/Oid1cjLVPvkN+absGqPkFzWQybVuNOpA1BjBVUUx/jc7EBmEPs8FDqGNJi7hMqT
+Gj1rDU8m+JvkBskfVmEFJeIa38jzooKkcGONl/HeTldgpN0Hn598kvwAqgT5tOaJ
+L/sm1L67ETCtw3SXWO3XJdT7EnQZ4E3Te/Khq9Hu25eTX1pgKt4hRnTZGmuNY3PM
+oS7hwJY7YuLJtDX6R4f5+6E9v9pYGXPZpcMA0UKpXwcMtCHm7UYE92UyOlzkNxUs
+bLzmUbqkoX+/hYvoIZlmXeCZSaL9rO75anyjFZ5AZqj7lUCZGD04NHcJUlmmRzfV
+PozdDQLb/8xwrnCamRFAgJ4G4l4RqlAr7oBxuJOAqOn/aTz+5pzQG8BlSf5NYL9s
+8wRIFNY/YDw533+ZJMb+62j+BXzRM4uSiwZiAM5Wgea6E/wJhDu7vjmrZZOw5QXg
+pdab6gfFiZ6T5DKGDHVkJRsjqwIo3aINelzPT4PROAWft+UNH2jMiyMc4vk69JC4
+Gx0fX6DcXeSLZUEo+h3Df8GgJM8sUMu5uQllRhagjEgbjj9kZefhbf8HCM9msfd0
+ytju6wODE2laIjDYPaYnSqOoqJVDKhdxBrHTfQTUJ3yWUoxEByr1X3UrfAJqxd2U
+CZhe1vnA6QzNN1TfxgpU8zqsPZtblyCbhw4QOHjVhbfzljwHV2usgEdqyw9gH8Y6
+z0v0cg8SqVBJo9uE2uPsZzdAS2OrHyf6EPAjSCi5cjzihb5zzSeD56nhaTzFbs5f
+qXD5LEVAJzkjntNLBarTa5pEaOw75jrGn0YOBnYhlTEGNXzFxayidG70axn259lx
+Fz9KGBStShdoybnnW2++OOmX/SbafNQJYKrLtndQK6uaR7r2EWsORkP+HHJOPTE6
+m+h2BIuk8ow4BfjgtQ9/nrgOB73kdE0ajMwu6W+eaq99AkZLb5ms3B8HU/mjZiuS
+3RMdcqrG7GDUy91iYAFjKgh9yNxkx/imLFm329cQbRPaf2wV90784fKkAOYD27UA
+DZzx+qKCCiN6qB5h4ZVzqg7YxJyfOyVkDeKCeDkncZpqyaG59I4PopolUAaNABGi
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1SelfIssuedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1SelfIssuedCACert.pem
new file mode 100644
index 0000000000..a7940386f2
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1SelfIssuedCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CB 29 94 11 6F 10 9A A5 D1 7E 8D 1A EB 0A C6 82 D6 C3 B9 DE 
+    friendlyName: nameConstraints DN1 Self-Issued CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIDlTCCAn2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+ME8xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MR8wHQYDVQQDExZuYW1lQ29uc3RyYWludHMgRE4xIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAyiKAFzYtdvEdciQ58kyp4foxdHez0Ho0jlCiy8aV
+7EdOkOe6I+BAIve44XQywvh4JqZ2xEkYhAFuVhZTpe419Fojtut1pS5p1MiP87y2
+eJ8jRJFMJ/O+UwCRwgt4G0whBAO10BT8ETwD7wkl5XbF5Q9cj3oB3ESyQC4klN5y
+L5lcnyMUqZ8e/fmiJD/M4siYIAUqJzfYpPgExDfxCc8Y5GolybvhVlngHn3mqa/l
+qjfkIjqVbB9qSEbS+vyrZp4+HFKeTxCNMri1UeRYIhm30XIEFVD/c8Z/e8FqykQH
+ZyBeEpwb5caoS8+sPcQ9DN2afMEHfVCZfXyL4P3Gj3MANQIDAQABo3wwejAfBgNV
+HSMEGDAWgBRBeEJGzU6ogufhOd/3qRbACvzvhjAdBgNVHQ4EFgQURZ0b7sX/48TH
+MDhMW8ddVJlywLgwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUD
+AgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC0BCN3q3RD
+IGoq2eKsryXDduFqAJca6+jKE4re+Kmy7PK4f0C57r6za/KQTw3fDgAKPi6DctN7
+BoXiEL4nDtNE29OuuMPMQmpyZZ5MF7H8ZgRrzYW3OMbu48lzwcBIZ3eCPY4rL6uM
+OaBRw7TXMmFVnxsusN+SB0o/FXIslyKijV5ZACP1Bf0OotzZnsiWEkGKP2H/iDxs
++rxLVYTyowtKi4EmA7M2a+2LmGvndpB7u0KghWDL+sKjVa4PK2r/9AiulLL+FJbY
+x0Tal47siI1yC2P4XXj/8z5o8jrYqJFY8QNAl7PO2vNzo6CqXF1QypNAVeDYYCcG
+ysMMqgXsj7XQ
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CB 29 94 11 6F 10 9A A5 D1 7E 8D 1A EB 0A C6 82 D6 C3 B9 DE 
+    friendlyName: nameConstraints DN1 Self-Issued CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7CD8C7B701770883
+
+8mw1OmIgu9bYNpdKlNOkfCqyRaTWDwE8zFYM2nzVrvKLVDEnmbQCCQdPWHa0Ny4d
+6DLcYN6Pu4TGFYUN8Xfql/BfagEfKlMD9zen3AAMhRO+hfP/CP1GoadjI0pG0Qnc
+whn6th06VS6PR1mlKhsR915J07m6+IjJUdA2KsmK6yxC3iY/liZiIZaeosOsYR8h
+ROrJ8kGOBPUVhhPbMC2t4QHO5xM6bon3T1Ng+b7UUCH/N7tkvI89wXyrR9nJmkU9
+T5Xb53cf1XC+WU5OmnjuZXGBmnlPTHu55zUNBsFVuiD2F1QLBLUNelGox/MS5BQt
+Nh9ca7140ntp4cU7NFl7CI2hjqRPyMCmwCgpcoCZmqo6G3hXk/3uF7H+/nYEK+bV
+0+lhRuitBdktjwhY82GXnSu4SUUtjsQv+6gXaT5qu2jaJ+i6MNbJie9myqh1Yqid
+bZ4pbO5VEyIcd2eVpAvTohbXYT4iBO656nOhQwzNxvEPAkILFGSwQlETReJlI1eL
+QEBb7xld6v0e/EMH7U7eLQaf3YXK7c3dtAwlEanE6whS7CQVajZD1BeecQ+rQI5n
+UNcm8TZnNm8koJiplSVC7GvTUEJHPV2L9AkIvnG8zEtvuLlUWlCRZnaxGfkwsreP
+U8BS5y9CBSlBtAdYMaLV3kWtDXIx+pXdY3m38T29F0A0+kSCc2vEakZ/XTPWVkQt
+hPz0EU6OAdvEppwsgmQGzAOiz/tLeNg38MBvhZI+gOIKa7tMV42egmm+nlK2xeWU
+j0OmcIBaws1u+x5DT/8NhuoycWJFxH6zjCBupa29HBc34+irHXzs4rYYK8eUZbrJ
+vdUiPMOvmXEfsEyOU6tDeJvpWRjmUAcqmdlx1ccZu/7i9vRxbq0v+X00T/W8iujJ
+yGNbhbPeGoB4cKUSdXpnQznjnajyUSI4GUNkT4He9Fzt2PpgJQn4jLj5r9crlp2i
+f/U+ldZ3vWuqVhZf9XDTPyG+0/xuWq3LcoPxvOkn5kx9N4KXoiGciJiDuaJSdKLu
+sv2Z+qGOyMydYlOr4O47jX9/rKdO2MyayMLg1WbPi1/d8dFDDfmEJEu2b9AeAm+N
+ONudAw8ZJdgfTVGvTiu/O629V95UgJ3iMZu0hNetai/Ned6og/ixxoh/AILDyVSk
+EMEGHcanWMbQ4YlYbsabhnBZaKJMkoTp2DomzN4n/DiP3QMiAnKfUtcytSQngW04
+IT5S9mupP5UVsv7Kg/AWVUXnBdCWJLl48GUnCCPUH4IlMyoz34AOne8K1TvEZ4SM
+qB6FdY+ixm4jfevDEzj6ldu9tpWlxBL49w8l5Tbnzh0IjakdZG9K24nDYf+2uhWc
+6h/3XS+xs+Hf/8bXO0cb2jVldf7178j/cx6MwA86/cBU6N4YTjc9WnPPixceiDG1
+SXbqEavWw9LUo99hb8FeLg1yYOQ0ElVJMCQO73Z2Jfx9QOwjQoepNvQ3CGHpUmym
+NpRPfQ/uFhvfuGWktgAtz9f++LKqCadSGKYw9QDGYyysXfFcSw6GLF+GLoVOQGpU
+F9H+/6jMZrKik1zd6Lq3YVTXpM1to0tUzV2mZj+aAg2A6trIGkiNFEWbkrAAQ6Qi
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA1Cert.pem
new file mode 100644
index 0000000000..fe77c2244b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA1Cert.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: C6 87 C7 50 18 D4 BB 30 CF 04 B7 F6 50 45 7B 61 30 41 E4 B3 
+    friendlyName: nameConstraints DN1 subCA1 Cert
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA1
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIEMzCCAxugAwIBAgIBBTANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MG8xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0cmVlMTEjMCEGA1UEAxMabmFtZUNvbnN0
+cmFpbnRzIEROMSBzdWJDQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCnk6DcIUFQfwdRiYfWRy4EZs8bttqWQv2K4Jtx+hcVARrTeyf3hXCnRZBclltV
+x7k2TZQcO6kekgMsxEZJikWB22yP4V+DPt/84pZJa9w+KIcunpXz1ssAfAGav2V8
+XgJHzxhd7UPLi3TAhlRR7n6WfeALE3al9cITYH8FPUDYOREbhLGMKpedvZN6sZPd
+gPVHztiKu9uOODKJAC/uuaz6/arV+3i/tBTEIDCSUWT55Hru7lbuWURShmLgzwCn
+rhnnH/j/5JzPX2/TQtIJFAPVJW6zf2AAPLBf2KgwfHRb6f6FqVDjH2KZUa1Vxt6b
+TUq2xWzJ+sZIqqNU67w5RirpAgMBAAGjgfkwgfYwHwYDVR0jBBgwFoAUQXhCRs1O
+qILn4Tnf96kWwAr874YwHQYDVR0OBBYEFOE4DhQYFENczudLYscawZL2ZoLqMA4G
+A1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/
+BAUwAwEB/zB6BgNVHR4BAf8EcDBuoGwwaqRoMGYxCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJtaXR0ZWRT
+dWJ0cmVlMTEaMBgGA1UECxMRcGVybWl0dGVkU3VidHJlZTIwDQYJKoZIhvcNAQEL
+BQADggEBABBmPe0Z8HrHPHka4JG5rGDs26rfKj2lIb74k3MJsuytdIUeqbFdCrH7
+dEjwAs+UvRgDDRFVWpWpHG32lk4hacMLHTV1zcl6gcdsOubVXfgodDLaZnTMtV93
+NV+cGJohowpkmbERLZDtM0/LXJWFbl+BAALPuJ91QwKdEKkImTBY63U1A4BKbmTd
+WtHnLgJjYC0Z53N761u7cwfpvxL2IQDKmFNHQI6dMkdTxSv5TOzPrN8A0jr63hg4
+D/QBm1Am0fddg+SNx34qbGpGgBorp5pPzowDCQWTJU3qbaJ7wTYmcWIE9uoDmaJq
+TaS/SCkPfhwzOPyKNt7KnKIn/acNHOw=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C6 87 C7 50 18 D4 BB 30 CF 04 B7 F6 50 45 7B 61 30 41 E4 B3 
+    friendlyName: nameConstraints DN1 subCA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,878F62637E80B8C2
+
+SV/ST1+kWuzYixZC8kPSiVyzK1EkiPKBCf2L4QZfVVwIKTyP28lr9axgdCAwe6Kj
+R3HvZNoXePm8ksVi+Y/PyiU7cqwROMw7AW5RBdw+ujh4m/5OD1ZS1OyR3JpbnR8j
+ggYzIvwuTXr3tiVS/4ZroMYCMoBqrm1ODkm+qdXap22HZLpK3MBsCHTJ034iRdlU
+ZJK/p3aDS7ZrMJfn8u/PEYd9UiH2JuOx3hlrsJ+8yWayQ14X7FrC8bbPQ22OK5k1
+lYh4WHqyBe4aYu+cicgLax3Q+yLgWe6k3L1i2gfjQE0YVy2rU7YfXDIQNd6E32pE
+zVqeTIiQc1wmGrcCx8kTJTWKw5nIOyDDTq8BxDd6tLZwVEgczhtxF6l2y1Rck8QF
+KLlysLKd3DD9sIf8b25wxQ23QJlf5xKlP5qpkQYFqr6ygh95TFvs5MAVegA/Vh3m
+siRB1KwzaZnwnQKAmh9Nyti/Aa1xzFEqAge2JH4F/XukFiUfsGPsOBaH2DjsU1I2
+Ovc0brxyYfTxMrNjC2D2r7ukkvpryGAxRMgt0Jk9Hc1VFoqhpxvHc7Tf3KK5h7K1
+pG4u4T6lrAIpJKqLW+NgVXTeDNrWUs6ut2yoYang6wPSunudN/nAKwFJTNBnE1Oa
+pfzmmqsuYUowLY3NPfLBW1mltbE8WrL3M7SbugD3/Z6z9dwuICljwRcZlRKlzf8G
+swX6ZlVB2DJ6JSf+Uyr33tofCewgAGF8g/nFK/tDG2r1PdPavDGf7lA9BWUUD0MA
+WujLOa9+xn5IF+xu/9SNz1mAyptLRWmeimPzYvx0v7Yq14VcfFxNV2roH1hLH89l
+y0AFkZdKZzIzQ8Hgz3xzRAJKJCyeUVH0PRm76Uijxcw/7ZwjRTuEkuISmz+BlNEc
+sIgHnuAi4zZFp5blGglMpxCzx7dSngvXV4bcoA+iP3sCADo/no4/wG5ZNbBpRqd8
+BmQwpaQgpcFceV0EIvkG7p1zUZg/AD42Acu8lCSY16V06yiaGUMLNIYfdicCr1/K
+7jm9yhpsIvMQEmUmKA980rR0PjoQ35KKf2BUYDU5cBTNwWiZe/1CG3IRXkzDNwN0
+nPyj2/LW0bGhnzTvUGmcy5VfXIbDMKLr9FeKaEJ6696hkq7meEzbVHcN/SqdbaZ/
+dpXc5f6pP+Zu96c7hMt2w1P1J0tEqI1qa5nhFXJm04h6RlNSOesQEbSGIklnRSfx
+/z1jeUjVD9QKqaHQ8qKJcnj5i2GSOmmgZenxd4cjfG3sNwUU/W+6XUhmZBZKSg9e
+G0u9jeAeHGcuno3z+dayE5A1p0w7RpEloDp+401lTtDmbmqTqCQYuc4fhMjrfsqJ
+anro3XJC3G5R9mAcTxqVE4E6po0/JSYmoielNfmygL3pRa1BUtvjIkFubDnt/XAh
+9qExwWUiRZMaTYhoaSksrvIV+C87ZMwDr2XQwb8LU/CrwNsfOrAKdpQxVb+IxFRd
+7NGKnaGcW6UkbKzW75UeeK2AvDyF4eDWWbVsQxfll4AgzWKXVWeVY7O4GXaBgo4s
+Xby/2ufPFX9DBac+g9uSLHlKlba67C3ZVtfblRy99wcYOXjcR/lUcjlZ5ON24S4a
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA2Cert.pem
new file mode 100644
index 0000000000..64ebdc93dd
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA2Cert.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 1A 1A 6D 42 92 3A B9 8C 84 27 B9 AD F9 B3 53 39 28 3C 4E 3A 
+    friendlyName: nameConstraints DN1 subCA2 Cert
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIIEFzCCAv+gAwIBAgIBBjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MG8xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0cmVlMTEjMCEGA1UEAxMabmFtZUNvbnN0
+cmFpbnRzIEROMSBzdWJDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDYfm94+1UckIWrnwOecmHcjFD/KNLTJI62cn3LBu7L+B1RsbKRqB/a8NDKnSjd
+8LaqxYztPgbS9ll+67sq/Y9DTSGTep0wFJwJS2n+wBTu88BhOMwMX6JjyCFSM9a6
+1nzfk7X+mRGpcSyeqVABl173PxPFfyV2HSagyqLtwc/8uouKrdhcTFgTzsyqOBzp
+f4+OTB7XuXt8hYdgCfNlPbX2g8kH2Db4Lx7OcrJgP9Ybb2pQZQ7TiBRiK0EJa/WH
+hA96xmvR9Sq7lXnsk09f3lnP3KPeoPfd1wN2rRJ3aMl63dAbfBEdzX7T7Z3RJz6N
+bdndTYyo4SKwmO8kknp28pfFAgMBAAGjgd0wgdowHwYDVR0jBBgwFoAUQXhCRs1O
+qILn4Tnf96kWwAr874YwHQYDVR0OBBYEFKIvWINbTJWXt+72h7SXDuB/4JcVMA4G
+A1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/
+BAUwAwEB/zBeBgNVHR4BAf8EVDBSoFAwTqRMMEoxCzAJBgNVBAYTAlVTMR8wHQYD
+VQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJtaXR0ZWRT
+dWJ0cmVlMjANBgkqhkiG9w0BAQsFAAOCAQEAwEwa9JZVYlDzDjZFQxuAlxD/pw1x
+by1ylmOBJnq4eUoS2fwEm75O7lQKQmgvLnWtvy3vnrocTKFTv4jSYldVGqT/Un5N
+aopCuIiH44Lr7z/daBQuSPsWPvtRK04DrNXG7BRj6bubn+DdjTsNT+V7HaFwBm9O
+8QFm7V2T7NmeElnxcasfNrk96eHgqMyOt/nEuvklmA5pJbcmqOootaIkaPfLlvlC
+eE4BlzmDApxSsQzHGHX7W3l8Ulow9BjylZtRRPZ2uM91kGattzhMF6t2dZr+ey2C
+BHze/rS2PoFqCFYyRyTWchqXnifv5dqV775zO8AadT36bE3vsRzKogXLfQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1A 1A 6D 42 92 3A B9 8C 84 27 B9 AD F9 B3 53 39 28 3C 4E 3A 
+    friendlyName: nameConstraints DN1 subCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4269A2ECDCE2090C
+
++Qhp38Vagkg2P/lTyPzuTW/h59JEkrNByCVkqduIDtNYw4buUpCfJFM5HE51KH5J
+VeznQs/fFq8CHfCwNCNWuNzxORfdChC3B/yzAZ8/orcc64FCFu3+b2FTmnylZmL9
+aDSITryOjY65OC2g50LsZDmFIGEIDgh+z8s66/1wa1MtIJNHHPZK2ZQeXLsHbG4D
+n5ppN895s7tpvnSTiAB9UacY1lVw0Lni1COPWJo0I+83r+T48bCZ0S0Fl1nGyiiW
+/RveZURedIGL9j0bmsFeS/Ytj8begiSOCCvch2ASkWiH8FCPWoU8mWSYG8AzhVJs
+wqApVKZlLywEXrBzdMKY+8VCYXluvLV574I+sQXe9+C2Lz/MsL3i+4mNzKld/NFq
+SZCKFBiLAGcc10sN1j488eIWubUokR1FyYnRRnh2R6XYzrfHNOiO+EVvPHIVISJi
+MmytIIR0H6gQwgm9BcWTORI7P1ZFUawghBcyuD+/YnwZw+zt8iaoITvJH668d8o7
+r1v9VmJMB9UqKkiG/CmtMtV3mn68QzuTR/DEEBmDM/OI99Cc+2o3h36fvJe+szsX
+LPknnU1vaE/5KA+skvdHL36gFZ7b8nM//UZGtcMSkPxa6utv1azrLBgYjuc6wOtu
+nDr2tzovOIDVNj0zdl8+OvSy6yNXnRiq4cQMZQwMT2X8nmeBAUPmapZYW+4nhyc/
+SZr8G4dV8YBySbM8a4KIpLC8ziyDL7LGdOdCteUudB2RmFRSy9FL0ZJZgqWfDYxR
+CbZ3DMk3QI7vl09iAiOJKhwCvk+iycBI5Oa59UNs/YlQWI1I0U58Mgp3NQa6Ug++
+9+GgTM34nFn/VBBdH3VkHh4UL3QFhjGvMgTFmgt5f5tDsXV0oFbOEjBUS7hozXvZ
+sTMKJgcrxxKT8vRvBkjlaF2ypP5jiZwkx/7mrbe2trlJb1et0Azg55/B9wxcsYXD
+RKgADxISTvWykWIr28PMdWaDCGLfqx+RXNc+vEPXZiIKMWL5VGJ7m4gWXtoNOXFO
+nGGos3gbk0wNWhEENsSia9Gs6MQVngjz+6O8wirpVGBWm2oWazDf9M/nTZ10cfIB
+SVgMJpt9IUWVZHHyXwrp/vV5cyv9xoScWifMrAuVhhUYjEpuJhUgJeZwlfk/BULs
+iPCxdonnsT0GndyE/BvPNrIxzKOoLH0SIyjnw1shomGVtaf6yNMwSXJ9vCoSos8F
+X1zkIFPCCTW09lJZaa649XE5oDyWyhNh5qb3PQXkFGLy041lWhdMI7yHPcIL4qfv
+GuKbUsfv6u+PQ/PN94dHh4zO/V4WJCsEul1BpGlWPWQCcFE+e1k4j2pLhH38N+QH
+o9nUmSR6oM+Xy9erc/VXzwdwa595q4EgrUhBdcAsUzIS9NeyT6r+VrJgs+ZHFpT1
+QxTZXtizI12BJ+rsMgvVTEnp52/ve2R89NEFQ5arJWd8oOlG2LY9WO12QrmMqB+U
+odRqoXsHqBMJzd9rONGNgqYKnDWAKH6yjMWgYBlR6o4/8g2LaECt8F+tptPjTogu
+smXuFPCz9LAawfCVdJQojHp0ZkFwYZ8g9MgInrwQ1DPXKe6yeXS0ztYepn4Slgf4
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA3Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA3Cert.pem
new file mode 100644
index 0000000000..7e7e3070f1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN1subCA3Cert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: EA 66 BC 04 84 6C 50 5E 6E 12 E6 29 D7 74 24 BD CB AB F9 41 
+    friendlyName: nameConstraints DN1 subCA3 Cert
+subject=/C=US/O=Test Certificates 2011/OU=permittedSubtree1/CN=nameConstraints DN1 subCA3
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN1 CA
+-----BEGIN CERTIFICATE-----
+MIID3zCCAsegAwIBAgIBCjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MG8xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0cmVlMTEjMCEGA1UEAxMabmFtZUNvbnN0
+cmFpbnRzIEROMSBzdWJDQTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDELVS/5i1Vg6yF6gHTSfiiT9ULjd1sFFXz2fXI53H0P6d4KAs6CS1swI52BA/X
+H2sg3RRnFq6bkwYtkGdUBBLEoIjduP2ntNzeUH5Z+Wma9XiGXSmpG4W9rkpxYB80
+6B0H6sJ0wkSqWjcCLxsAO0E3xDlkSZIxLkSTeXv0KuHwKC/iqQk1yrjIrw05qhWQ
+JcCQRWHyovQsIomY3TXKrCzZGdlVzX0wBiu/p4uzgo41Fg5OCElt0ic6D7Ds8dsN
+DHANWBy8Soo6OMdgtH37U35HS7r/YQRKuxqRrmrv5yRuVnEYHz2oBA2Qdzemb8or
+KeV89jjvkZOqhw4RYQBDlKyXAgMBAAGjgaUwgaIwHwYDVR0jBBgwFoAUQXhCRs1O
+qILn4Tnf96kWwAr874YwHQYDVR0OBBYEFCdJ5ATZRfpsmJRs/O0NwyRSbVVEMA4G
+A1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYDVR0TAQH/
+BAUwAwEB/zAmBgNVHR4BAf8EHDAaoBgwFoEUdGVzdGNlcnRpZmljYXRlcy5nb3Yw
+DQYJKoZIhvcNAQELBQADggEBABeREf5wmcEhE5n7e3p8axLkSf8m+dzgp4ibNJz3
+L/AHhHQOSWVpz6w/4qerFs+ZpQPkt6SdPYmsyGSQaw3hEYZ4mKP1wYIRoBNN9iy2
+TaZsjZKMPdqoDUoQnBBXdYOOaLgOFfYaCD2AJRGbZlOqTwPZHHFrATZJrOfaXfqf
+Op+6XMfwflnRs9wt+2E6URRam/o9/i95MCysxE8FIUcFAzxr81UzOyWXysKCN2aw
+QxbWkWOlrjnA4+oTghMtR3ajzL8F9ryk5PYwDxpXinoGuTNbAfA/y2At09Y8v773
+CwAw83sKoZfejzc0m/+7+fNhJuaG4J4C02v2XlafWYAvY3k=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EA 66 BC 04 84 6C 50 5E 6E 12 E6 29 D7 74 24 BD CB AB F9 41 
+    friendlyName: nameConstraints DN1 subCA3 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F8DB07284B0B15D9
+
+cX38pViubeCOwGjRlyZQuL7cMJNmDlNuxonZF0Em1JtKZI8u6wHOBd1fU9Auo4vt
+vfdQ2H0Nzn9zOt5bQ9ZNlAGyYKbyZStriCo/Zf7gxL1mvXQyOZoGHKYSG86HxAuC
+qtQPYyeAvwzOlXgAtHF3x4drhFJto0Zk5jwvYmT/Oe6wOQ/UCFhxBomFnHNz75tR
+yOky54EhM9dX0JFcnECnkJhzJDUmVfAA5fHKtYFgbBXMeTIXe2KScTofsWuPGn5m
+MfAOaOpb0L+mUlFnRQEKFtawADyAjEAu7hvS/8twCF7vofBwfrl3+l2BB1f1NNde
+XTWEFLSpMCGMUaHat9tVQumyjEzh6THPq+Th1NJ0ZfsH2JY511aRcXrJH9GMD9QS
+iHlc54H9Zp7gqYSbC56Zj1kV5Fq4DeSMNbDlYAOFjQriRq6j6gv63jlim/taMA4f
+pamugPEn13SW3TtN8UkFO41jZ4G8LUKDnsA1PJOVe3uzTd/4HVNBurXuqU6667C+
+E/+4OqonJGggY1W8FC1Y/P5qw4KcrlVFKZ+tnhoAJ7zMXFUvZkru+Es6/zsIIuHZ
+BTW/Ki5sBLG0BjgxBGfFiYvXOHyA12GFSEKnZJ79dLsianlQW6PXLdaMRMoAQtUl
+ojO/WUXzTfwfcT9X+HmBByKVXVbgFDQOLmI0kCO8jQ5p9KRDnKAQwaYGFnza0/Kl
+J7SGMMXruPzjkuAFt6GJY3Bght8Oft/sAM1mRxu6hpNVlonoKMxR6h3/vLqlQ98I
+HsglCKhJsUUwoKNSFfeYmUBDoHKD+n73V/WZAwIBC4uOdKy5RqRKmmddK2boEu4a
+7l0z5DEgpsKQiM9d78h1juE/obZAc/VKetGmE9aYTuWXLVwHbsmarkC7osY0Kft5
+Kk4BZoJWzf35yd+vlMKOaRrI1+XyHMXKpPDlOTwXwkLQ/mLPKbLfJZ/UjSiQv+aK
+dfMgcb+Gf06RjZxG8WM9mLApTF8xgna/G7UlZ2o/oggl2FFmDgtiwvK6pcNfbR5C
+hOKnDLFsFM36RhIow7jWE2OaJ6BF086O/o8iuhY5t7+Bdle35TrviqE3P726r3+C
+Q83JWKpNT2rP/BlPqyi8mBF7BuLttCgJ/xU4s5EW6a8hfB0M2kQMhFkSqw0oOeZa
+fJgdWL2jGS4O0+sK2Mb1/s26AC7ZFYKEpjzkeRl71/iNXB+vNlPoZoLvcYs7g4EP
+0ruDraCADs1+3rgmXeTzUPj3KAIUQwMk64YEosnj+oAF8ub7BNV0wtg0lUj1LIIf
+wc134En4br1fZkB6OsOWUgHwiwTajkUs1oA4ZnnJo1xqpnx20145L5val9CMluus
+stJlbZPZEAWVZezN6nKYeCD2EelGPMd9TYTy7DA/yH9qtEUb4z+FrMZVH8kPBSzV
+b5wyq1UDxDugGwUASVtueVUwnRB32gWoNAYLtO5sSdD0IPh/769yDKLQh3dw4wt/
+vufSZ6+dfaCsBGwir06luI0wA9DJRqSML4Sd5p0RKtxsZWzFo9uFPmLjQ0/w0AFk
+wIBOx9lcG+9MYWrz4T1Pizk5oMkr4xeD9W1iqL54NGJcohEEOPHvr2ng4UF81t9Z
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN2CACert.pem
new file mode 100644
index 0000000000..4cfd25d98e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN2CACert.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: 19 EF D6 CB D3 A7 5E 0C 9F 01 8D 1F 2F 91 09 CF 97 82 BC A0 
+    friendlyName: nameConstraints DN2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIEQzCCAyugAwIBAgIBPzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+Fm5hbWVDb25zdHJhaW50cyBETjIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC+uNFCmZxvCnJAo+o7l2d8518z7l5vjF/XBRG+Tdve0kCfVGy5A60A
+SlhV9UvADeYGeYaUdz3Rz9XFRYWClMFY320x0AFalq4154wBCqF4TkQnYBjyNqa0
+vLgVgSDidP2GaO8m/sNLn1fGgEjXJ4Dia+MzTgYPJJrD9nuAbEJdrfaQhGutvPAi
+MY8kOGUxQuVipV2OoY0N1mcdrJSHDD6nLeDF+U7Sac+dGFv5ip6Di8n5cLliSXjF
+cBlLx9LepOF0qYI7iUsHyjql/Zk1SQ6tQziobs/So3sXQOAI4tOfQFfNCoo3XVjh
+GU8ya1aLaJ2m1nWIw2bLXcMigGGF4EUxAgMBAAGjggEyMIIBLjAfBgNVHSMEGDAW
+gBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUo1fZW10Rs2D2AGuJUSuC
+wwlzqHswDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
+BgNVHRMBAf8EBTADAQH/MIGxBgNVHR4BAf8EgaYwgaOggaAwTqRMMEoxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQL
+ExFwZXJtaXR0ZWRTdWJ0cmVlMTBOpEwwSjELMAkGA1UEBhMCVVMxHzAdBgNVBAoT
+FlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGjAYBgNVBAsTEXBlcm1pdHRlZFN1YnRy
+ZWUyMA0GCSqGSIb3DQEBCwUAA4IBAQCXLrE60g7rdRWgaKYMWCgs6s0i25R+9SIl
+U4UNeepOEONu8pSbj6uUrtGdqPNTZ7HIXzYQ1mPAvz2gGM/KIfumIcZn+A6ZEwEi
+9UdHPF29GwEv4hU3BZ/QTxORGe5JxgJY5be7PCVyIr5vMf7RQFKX0W72Se+SK2MI
+vPosq6Iufv9L0rdURTq5QKfPXwq8WbnDlDzwar0puc4yYrqsmxvBfDN+9Z/z7gM2
+5uoL6hd0D1U/Vo07NNky2i7giYKrUkOBEW/kVXWIgM86ydsQAOsyiIepJTW3b1Hm
+gxUGkn20eEftf/QXo6gFD/o0l5dRXSu72Kh8UdkcJO4alD93qB04
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 19 EF D6 CB D3 A7 5E 0C 9F 01 8D 1F 2F 91 09 CF 97 82 BC A0 
+    friendlyName: nameConstraints DN2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,16772D615E954514
+
+JOX8UzOOHGy8yxYErM12TGYDaSXLNt5LzZ6s2avjGWygxrEFG0ffQIwpLFpUy0iN
+ytHlkT9b95kizmN8egDUFKPfnkNJgbZ+8x9bfSWMp2MWnIypcxRdeijPj4Sfhcdt
++oHEQ4XPxlRgvh97yu8mNg48BMvPC5nSsd8oasjIxKra5y/U5B65H6knfKqqkCjn
+ylOoagitE2XZE4ScZ6EoXHsGTgPwHjQT/k76WDibP72i+0I2lcBUHZkyBU71iqRR
+q3KLydGQKKl72J7ATCY/jPVCojhRjaW6Mlg/UGJZCJWQC8NI5CRUWt+8y4d7i+rp
+98yJVogfVlVqIC7DIdst3w9MjNVMGIcEn4T2grg19NrHZs2LaespWP0IsB4Z/BZ6
+4GHFg6wRkEBY1b79wZX9ykO34CbPr0jIfHC21p8/Iyy1NuGHIhS0EhkBffDl8qgj
+HJch+e+XolU62jZmo1cwUSkZjGEH3v+Ev6dxw+sVug16x1H7bccE0bREqEIrB3nR
+r5UDUu9GQNI4Yr1C7yJ1WLYetUOga4n4Vbky1pk+31xgjzOgT2xztgfNMN+WMMMG
+rbsFXxLLGblgd4YEaqpSyCJnkjdWjFLL5tOVa8BxWMyKCl/ulum+SZjHWH1zZtSP
+q8A9l9nuJ9xhDfrvbQiX8MJOkvMhaAFCqeULZszpIk9pe6ym5ULGKBCVycFcsByX
++wWrsOt49fOrs2SrwMCh4R+5tNJmBwrOZCqQKCtv2BL0T+14dJ7BIwCgFlx5y5n7
+gC7IyHS6olm+MSsFFtv9q70CmeUC6FEnoNxjD/HW19XPsYUAMJ57a+DMrZDQfo/w
+0zC6DgzNk9saC8rauIxA9o7pII+ap44tkwrrT1nJ3GCYBsjmB8kvWCwwBmWpVc1J
+kjbu4xP2JBFv8Eb1OFL0tz3unduddqDHVUC3QFEBZGxAjGDdspnSUA5/FUo0or9v
+f4QeDyuQ6npppqmkA0N6d/cKkR0EmACo7siD7JSxOJ/XwIqrKurDf32MOxlOZUlj
+EuXx3PJGH9CrUQGaAAIeRBxNePsUr+lu5Hdg4eFWLU1JFy59OGLplzZo/mwd+2Tp
+gJ7LYFAyTUQd2XDGtVt+1eKWHVNTs5RUx9bysVu7A9d7lrKlk5AnklryQoLrsrKW
+RN8ne3JL/ZAE+CZE63QuRr7bigx58msb9qcoqnJHlEl6tdygHn5k9iOBLelO0Pur
+uNwYl+oUeyGaXOPck8ijIJ+arTZDVcVJ18/ArcmE8EMyh3wzZswxDem+XY744we8
+8MquD8vzL8c9HUidDlCD2rhefmkorLf9S0hH7xOu2ESfUNFJ6ubEeSeQ14L8/YfA
+omNkTlALanYMird55b5/RnEPRYsTFSqh1+rJBdEFUCSDKnlq2GoIR+UcoKzy1X87
+CLc9rKYCXHAQ1WiHKa2/56fq2ltge9VA6PRAqCtJ0tI2tRtfu8FLzNos+OK+plAf
+ZxPkqYd2FzZNqeff2nkNm8FHPRVDqKeRmsMpitFUV80L/yv4n749uiSjgJylDliL
+v7ANl0pAvWzifi5f9qwm6GiQi4m9CM2Mwiy9d8NKiIkvqStHm/nJYCfiYLY40tqV
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3CACert.pem
new file mode 100644
index 0000000000..c6f95236a1
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3CACert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 18 16 77 27 41 21 D7 CA 9D 33 9F BF A6 19 A4 01 81 35 09 B4 
+    friendlyName: nameConstraints DN3 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIID7DCCAtSgAwIBAgIBQDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+Fm5hbWVDb25zdHJhaW50cyBETjMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDGcxuyIPM2Ih2s0FbK8O1gDt0zWIuExMS6mU7Sy+BgUCD9qstR/BNv
+8YYUtepUZyztqonXiNY1STW4FjumzN3+izaIH+9Ji6sLrc3F7U+G/N0mzungENbI
+HzE8xMOzNiChVZOXQuU8S6OhYn9gQBRm/xCJlwPSaymBQz2b6j/hwQJjzQG/pwWb
+hYhDU64Lf4kDJ0MENkc8wlcyUj2dHEfc9jq49W/5FcG7Gyhb8XUGQAasV8mnc+Aj
+hKwliqg8HA6Um8yXpRuKBv1pSvq5ZwnE0oWSntnHKjcQHvRkn8JCIE0JYaLwwx7Y
+ZSCWux3o/bGAEE7uZdS354a4MUzK6PqbAgMBAAGjgdwwgdkwHwYDVR0jBBgwFoAU
+5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFAbcW77HEjdZpIpAdHwJnUU8
+SqHbMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
+VR0TAQH/BAUwAwEB/zBdBgNVHR4BAf8EUzBRoU8wTaRLMEkxCzAJBgNVBAYTAlVT
+MR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRkwFwYDVQQLExBleGNs
+dWRlZFN1YnRyZWUxMA0GCSqGSIb3DQEBCwUAA4IBAQCATlxJGDbeYJueWqOhiixA
+PfOIc2ZXmtoWkeJv2l8Eyoy3LubjUgrpZA62jOvj+0irrrC+Vd32gO8pQ7NYBwpm
+gBqRgbCKhPH7U1Igblj2twEZozkMC0BO8YLfzXngKOIb7BJuuhG8KCMVPVtu9/Xd
+Abov5aS8tJh0cKfi3d/eu8XpYsPtPQkwodpKSHHXFZTJlYocJkVGdDIO7cb/WfPj
+pVDkpZdRiX37Rlk7CBH+YddypFZhEnGm9e1bgKmF2xgB0MXMfWndev7XSO7m+KkP
+h4yxFJk8XE+erQQQGxWc1RMEsXTppijRrrpqirF5vDFseW9U8C+VE0VtFxFkxlqn
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 18 16 77 27 41 21 D7 CA 9D 33 9F BF A6 19 A4 01 81 35 09 B4 
+    friendlyName: nameConstraints DN3 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6542BAA527CA1F84
+
+VnqjOjWVB6/8sl4/GjdA4vPe5EjTlxeppx2VkllUZHklNGNqpKbgrKSKKceNOngj
+GotRlpezuNh7kC2LlJgxf7pHimRGAMBEvbk5v/BkYjINVzHN82CUYfxswJclu8uY
+Sqw+5qBWEkfpHYfXLM9SK5DIgIcWzXGWs1ZHeriBF7LzqDUbcNC+V2OmN+tTGTt1
+1W1rPHhVsPqKn9iAHMhzqPAOtZafOKNZKcT6wNXjMhstmNARsv/z8o1kFTTjJdVI
+hnM2ve0XYcZVGW0oaoKGcv0IFsYTtay/2KMA4pr2deC8L5d8pPgXbihw6DWzSnD4
++VT2ehJ2vGAdZp0wfZyjFhoIeaeM1QMuoFdcHqzNJZHm34PSzHsuV4D7xiPZ789M
+ArnY1lVuNrwSRvSb4vnbc32Me/MqzCoYCcvt88uZC3Pymr9TbhcvbJRCGUsrA/EC
+nJjTJaVOhtnurdA6peIPN4yyXVBlG4sq8r/tdDPOMODmTT5UWo8lI0fuI1RtSnT6
+OfFGGgMlwMgn0jMhxN7M2rjX+14ieVlNI+fI7wqoPMpP9x1clj8fZxL0RZZSToZ+
+0RKIFGPh6LqC0P6rUwImPAas3GAKiSH1WibfQELcht41qapYQrlcWtwVbe6c72A2
+9L6vINSHTkeRjSLa2M4u2rm6CJOzCCtz6t6v3AQpkdFa5MlmpFTyDN7hn5VmAXMX
+HTiq4Wp9uhQ3Y6w3XEX9ubVriEzBQEch/gx1gYcOkHGF2KB/uyu1rwk62KaxUNcZ
+fx9/uD2scPQq3qseo7XM3+9LMXsUxxnEeoWnLKHWO+fBbloVYduhHNZEi/r9QZ+U
+1HX6cd3LeiCrS5gVZ/GJZ7g7qJzKoEk9C7qt5Yon6+AXsE1l1GETlfg45Jg70lyN
+lJXGuAjFmRTdW4ijf/CPmqZQe9WWUe+3VowhwmBL1Yv5xiph8kfvy3KxpIdN6qOM
+05bQ+hSOSVQad9SWXr9fYi3o0JXMfAyptrydnG6W5KHitvHNx3rnY5PW+G+3qPdF
+fCiaPOioPwfVSKTs+pcrUqq98C/7wL7m8PJ5I+MmNegajlo43j7n9CKLlbl1NdnH
+RlNUI18+J4bVH0xX839jo9hil6ZIJjvs8BEElLzy3yxLN3+vBNdX9zuvu4TL5+7h
+zU9HNceug4VDq+25AoqTWFHbD4Mi56EAD4JIt+ShGvVoJAo25vZo14pasRmbINzt
+Pm0HvxYQcoDNdtif0sSxNZTQbUdCaojyve207XgRVGFkOyJeOsJbwxCWehOxN77f
+aPJgTDeB4sqEX8//12AGRlAUTHG1VsXzvHgmLJjQsZFAZD3mlqB3BnYzwRmH1x0/
+K48OtW2N6W+Nh3UhIy/FMXngLBbZk65wBFmXqoSwjC/Jk/Jyok9EVRkoaqTb/zgR
+ev2llY82U9J+hcmUoMN2Adylt7Ts4b3m1XJiO+vW432L8s1jjPaHLWnw+OolqAel
+iGRQ5rBJaD9Y4W02P1erYIRgOeIBvKaii212yGKMMTTwU35c0o/cKaXrr93tHgph
+YL1BEknREHg3KkmRSd8U8YKe8eAOzHHidQ9G4pmUSbo1hgds+t+yMgVMWzcXKvVP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3subCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3subCA1Cert.pem
new file mode 100644
index 0000000000..ecb84d4733
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3subCA1Cert.pem
@@ -0,0 +1,63 @@
+Bag Attributes
+    localKeyID: 75 A5 AD 55 D0 4F DA A7 4F BE 76 2D EC 06 C0 2B 78 4C 04 91 
+    friendlyName: nameConstraints DN3 subCA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 subCA1
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 CA
+-----BEGIN CERTIFICATE-----
+MIID+jCCAuKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MFMxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4zIHN1YkNBMTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAPnsQIGHFaqj7j4q4DsZNAUSd/1bjxVoJE+G
+wqa4MeAzBStBHuQAiUJ5PzxiTWtiUklQWrTqssx5qEAjUh3xE/muB4b3N/+v/A++
+oeolkUcbaCGqRUr8pQA6aYQNZJr3XON/6VOrLVwkKiOMAO6Ur8BZ2S08I2r+38aG
+b23AUyGQB3sFkn4TmC5eMSsY6SXBvr9bqsXJiT2DuORbB9sk8Cy07nOI37rO13el
+/51naQOf6/3S7HYYBemL6pIVynu8fdhmzZ9l6CHy787KDMOs+QJINoa1qW754QwB
+wLIINtubz1wMrgs/DWpx4BwSidD+L1bGOmTaFrT63lHb25NswAsCAwEAAaOB3DCB
+2TAfBgNVHSMEGDAWgBQG3Fu+xxI3WaSKQHR8CZ1FPEqh2zAdBgNVHQ4EFgQUgLzH
+LveOGn/xOHv0Nevd6VjGPFAwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MF0GA1UdHgEB/wRTMFGhTzBNpEsw
+STELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+GTAXBgNVBAsTEGV4Y2x1ZGVkU3VidHJlZTIwDQYJKoZIhvcNAQELBQADggEBAHCI
+IAnj/BU0M/5JGSoDrSkxi44+RGnAKP/18kgU9hGMgm7GBqJ8rb1azbS8l6u6GW3d
+qPyisyXvr2ZBL3L08mgkHEJgRh81KQ4pGID6RGghB/DYWfpyxetMuGjQnkD4eHJQ
+RriILKNU1JIUEdF/uQSucYCnR9tF2SKvRhSMvQipNKTpHfQ+utig7wIYvFkmc9Rn
+4kyoAxjoj6IwdqiFBtMoePG5R9xk3nQZsjTP5WFS+OyNc/xYLMXh/eQ15C+BC4og
+1FGFlcLSCI7tvgKYXk/kpWwv4F2pxsvjBLgZq6IsNbCTBNxxNp+QOID61Xkb1U73
+cjSJjvAqxW/yqlz97bY=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 75 A5 AD 55 D0 4F DA A7 4F BE 76 2D EC 06 C0 2B 78 4C 04 91 
+    friendlyName: nameConstraints DN3 subCA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E34ADD6471D8898A
+
+7sPFSxXBOmlBeDtJ1BQOCt+i8p/KMgAfLm2Tc5EFeRYNfZgZ2xZ64v2rb43aa/BG
+4HQgzPhHcnfrTb3nS+HAzq4Kl6Mczsp6HKlH5i3MFncAjBIbQbaRBaSOhSX+lw3L
+AV0t0CV9vsUlolls4ahGQbwx6JrsQI16+2O6WZnjnerWx3oOdVoNVudc79LJvj9U
+n6t3+1LO2VBwg0sO7tTzO22h9ugLtDccdtF1XGog80mrUXxGQH+ccMwE61h4By8q
+5+XBnZ7h8trq1hmgp2c/QHuGGzbk0m6txz9B1gtO+X/hCI67uYB/P7meg3OTyeRQ
+ppCrbRiU9xUb0r/umlCFGOwKP7YN/V8LAMNDuOYb06z2SSypkoD9op4twtQhXkur
+1BIbSdmfmSJmBQljEVZop9XMMfwIeZMwRL4C3qUH8iO71rFTotbhdapqTc+4htPZ
+0M2ebzFCF67H/PXtTkk2g6tb4o5qmnc7oaYGtuKgds75kJlxvgxJtzvMiy5xu5iE
+zKzM5qmLb3kScb7gdte6mOuyrFW5Hm5KHmCsD1mpkoEJckxM+TEmPspcfn4n26es
+uIj6FAVL7qxNTgunjbl6amWv0V4fFyL+d7Fc9uQTJ6nms2pKxzSIym1R2aZnCZ0x
+EfkMDlmp3ebv8gnWG5svqtt1BT5laTuQEFK3CXtizWwJLHGbTAdZqngR/EmamnP2
+d6XXEbNp1ZmgHDFv+2aWhv2djy0dqZkLAQnwseYR8SD/LF9A5NfhRePExqwDBWPL
+De/Lm8U5PjgjfAWlYnIA9Wnt4p6Sc85/q+agl6UKYvMdcgvfPr8R5fVJNStleMd+
+2IOwbc4nqpgATB5jziwhryxqiZ58DjlnLVc+0sZeJq4ptGTVIEzF65UHF7zU84yZ
+NSMyaa5NJkAW4Uzwv5a6VrQvigBIlBg1BYfSxqhFdLrbaHADFmcqMJQ7mvIME+qh
+sWHLrreFAZCs/IbuWl6WtdBfVl9AAu0z4mtZQAvg2v0XesPKuqN9KWFTnK02qa/8
+gs7j1ojjrSvPTyzYXPJmZk8HP+wbYBrTmDFJtPqLEJVv7GUg39rgiP2mnvwptmBy
+Wk85arNyHpqR4H/Q7X7kC5KB2APuUwQOGXr2TR4vgHzYf6O8pQt9bEMlwshEYm2S
+LXYKPodDQQtMvK0oarZS/FgnFGr4p87u/+ojhd7oB1WsEjVR33hQnC4W3QWSbDSC
+d+ftoHr18A16f0VFdPWfIZbT8cA/CM9u0a03FGL96tNKFPs3irhuLDxmld73Ai45
+5Xvs5xQxF17471ipPc0fW3esbEatNECqAZr8RkoGzmsWNR4w25LNR3D7KhGRYJ7h
+DA18eKlK8jtxhKc1+kb59DgbaN2LpRS+lpNS2BqrAWKCkQT1RMGlPl0ODJZYHut5
+fiDXY5LCEHBE31I5LbqlrRsyRJ31cW2r/O6GlX1XPnaiOZCRi/WtOyRfzkOnjdm9
+Zf3IZV8t5IMSp9x7cYHSzh62pveR0XF8RV31VylB7QXhcwtGRHlgYncryXZs/2yi
+oXxYDTCQcN4OIhX03OpzINOW3VKkT5XXhwxYCfgALCNid3+Q0qPjVmlMUQFNvxyB
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3subCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3subCA2Cert.pem
new file mode 100644
index 0000000000..89021b4c0b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN3subCA2Cert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: 39 9B 1B 2E 69 1E D8 FD 4E 2F 56 36 CC 48 46 B9 A9 28 E2 45 
+    friendlyName: nameConstraints DN3 subCA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=nameConstraints DN3 CA
+-----BEGIN CERTIFICATE-----
+MIID3zCCAsegAwIBAgIBBDANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEfMB0GA1UEAxMWbmFtZUNv
+bnN0cmFpbnRzIEROMyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBa
+MFMxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDEx
+MSMwIQYDVQQDExpuYW1lQ29uc3RyYWludHMgRE4zIHN1YkNBMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMTpZN/9lfu5qnSxBzxNYREzs0oW+EkQC6dV
+6lTASGBtvdK2rJyFeuhlKeGsmRrF/f/oLbGHodn8POv/vhGA5MFUty6gyOQ86oEh
+p/J5XbjMtVd/MGk+oc+d0gvrvN/SdqLpSE1u0hTkavMfEd44PlnNVmnT5ksN1Lcz
+yA8QLBuG6hsxEQygs5m8lFLgftMdFRUI0/OKOVp0MVwCB+LqWqUKRsv3jgH5DAcP
+ZyQ5Auf6gkH74uxQKDsSTIuz0PRmeNDTaNExT7DXysaafv3Xat8/dvARlcqlICdb
+UrCgJ8ccpEqlcdelfwEqts7i1oWDOj2F2qct28YSpmi+4eWmacMCAwEAAaOBwTCB
+vjAfBgNVHSMEGDAWgBQG3Fu+xxI3WaSKQHR8CZ1FPEqh2zAdBgNVHQ4EFgQUzATt
+aigdft5k6gCIKux1Eb+lLmcwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MEIGA1UdHgEB/wQ4MDagNDAypDAw
+LjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEw
+DQYJKoZIhvcNAQELBQADggEBAJLF4j1s6nKBt1jK6gDyUmQurPyPtSxoGKv4Ji2G
+ChM5qgFvkqj14oEhcGA0I3mjl0uCmGbUkMtrzDbTwmTAzs1CE0NmpMkAbsde/6Vk
+L5biHGP0HlnZwJ+79ol5ljpCLKnRETUnrh/t6Wwmkxar4K5bfDFG55jF8WFEG05y
+k1B69jPLilyHaepHYd1rw+eqE9x1me2ESMJ40bv2mX5Yx0QgSaeKsr1RbuqiNwhs
+LQ0HrQkQ9TsUfVL4g4KmAd+HaSV3lupWX8v9lhUJkajtVwf/cjRmQCOCb8vUHhoH
+6KvWIoq7MiyydVHykCp4rL8NRhwCFoHGdGIMdRQhvXlMtR4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 39 9B 1B 2E 69 1E D8 FD 4E 2F 56 36 CC 48 46 B9 A9 28 E2 45 
+    friendlyName: nameConstraints DN3 subCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C709F657F16DDFAE
+
+18YCCI5fJ4xN2TQNJMyjsBslG2Dsx7ImeNdQ0STmo4wuz0KwnLuVUrmUNayFm18H
+GJHdq3CP32bfubTBz6rYYNd3bFOQCzrOZAOI10GkgXnJ6nBw/VtL3yt2bDew0nV+
+FBxnkcUIH+ur2IAGhvqNO6P/QOyKkmkBksGGWIHNM304AimG1Xf03zoQNUVjX09F
+syvCqPNGncJ9rWHkk1ayOF8MzW/hNbAyJq6Ny5yssx7coJHluVsqm7763++d8UwN
+AmdmUJKSQvr23vUMd6yG/Es7T88VmE6DP7a2cL1yPpT8tHWmWAot+cxKMYXWMkof
+cZCirDHo4z6r5DLBrnPjxJ46JT+wc5i4fFMyV4eFJEOZVJRxgvrIrb6wjV3BvQVw
+lXml2H7j1p+NG5GeVw2IW9VNkQOY4yjuwaC0wNuujWBZ5LHqZqyOm4Cg6i3tROfE
+1j58h7Xau4X0FIkWaVpsVhmrrs8wL9ukLbib81QbQDqggNGh2p9/oNdm++8egH2W
+odPLm7BPVX4Ch3ZqZycrE0DfLbOrSj6w+xywziRfEspk62fsWW6TtobGP6Kgp4zK
+uZvCOqwOcWe7qN6tgPcTIb3lroFyD4TqliSHWYdSE7y6S54T4qQ9YYs674Mxxgwt
+sY0FATKPv/gCeTnc+UoYjLNFVGlXrRVGNvTGRl/G8j9TKc/YaA0IQnuynxPB23b+
+Nq+exmYLJcQefdSgZufN7BXPRT5J1TDzeGIyFGx3MpflrXaisMMGwpR1gtq8lz8U
+ve+LQzcZgYjjUIv4gHnttzBkujWb8YVIs+fz7+nyTZee7dWgfizng8atdyRK1MvC
+aRf2cWczBsljeFuJ9MXqjFMxr3tVsSXhvC1K71gAu61VY3IcUSje5nqIyiOV/Ltk
+so/+fEjuz0AW0Ooz9+a01LtfYJ1cZXmZg/c/MPYB/iAatOpBzwXLMw219hsKDWRn
+FOzC52TixrBwAI4OIL8PIFUm4LgaT2yTyaUWmiVLqRckRP9CCjdvldzLb+4MpOdN
+Id80/uRUqti6+BsYUO3YM1rqDU6mJqB57iOCD7wLOwm7nhIufEIxxsbpTIVt2cn2
+8gqEol3HdbEDV+F8aAH20LmMwLVDAabG2CfwuP11zr34QrfrmgvIGNGC1nA5gVt6
+0NGJ27WNFRdalQIsNomS9tcSZMaibxGavpIL+IGzprB0b9sTbKnQv5vF86OzZcZ/
+yN196/A+8lC5/BY5Tg4L0VPj1skcUDKCWEBBvmeCtJHRaI0dsvYHsQTSz1upS6qG
+aE13waI3Zy4fWXYSw3bTSKSDFYBsn+g6l4d6lwipP1/fIzzj5sRM1sGF3/g4kVld
+AvR8eUB6cgB1a31Kg8wSfXoYEtw17+vO3rM8ilfcUWwjkJ2gs52Fzt0Dpv5/rwpx
+IlsjRiDYDfiMTwq+svo07GHTrkkehM5YkXplbfNeCPDdLQAAH8SWnki3TsjXkgGq
+Zz/lVyOUwOGQDJ65LTuGrq29LiRBlvSjbTGRGruM+Mzp04Z3lIeJ26CJHW4YSopM
+oGye70jk6SeM1SrMAR5CIjwq/6Eh0lYAiowu+/couAvE4tscUvhEpp/lm9ODzYEj
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN4CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN4CACert.pem
new file mode 100644
index 0000000000..ff079ae27c
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN4CACert.pem
@@ -0,0 +1,64 @@
+Bag Attributes
+    localKeyID: DC C8 39 E9 6C 68 80 7D B3 B1 0E 2F DC 53 7F 33 42 1F 94 2A 
+    friendlyName: nameConstraints DN4 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN4 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIEQTCCAymgAwIBAgIBQTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+Fm5hbWVDb25zdHJhaW50cyBETjQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDErlH+siiNuSte+3eQGs7cT2LBjfndbDv/SSKvazHDGHl3jg/m8OF5
+650gFQ/vi4HVN8IXfICMNpWL7XKTvpwyFydsPi5DiabbrdL5lQqugKDxVt4o0AJ0
+IcEzji7w0syAaJoCXmX8inM4NVwDKuwk+3PYFBygOPn3C690tVHVq6Y8eesqsPam
+d33HZNpq26KLEkIFvGQPHO7q2jPGgvXH6X2njhewKzy1iorJgH8fYA3b6XtdqLZF
+OstCkz8l/iNTBab+jQSB4bdwuaA03QaCaUp6VB8nvZT1Bleh+4I1j86wGw74W132
+A5iGpedSFqOV1vFhVKg3bCz9ZkJZVtorAgMBAAGjggEwMIIBLDAfBgNVHSMEGDAW
+gBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUbEk2rS5YiRI2UUE7VFIm
+JADTynUwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
+BgNVHRMBAf8EBTADAQH/MIGvBgNVHR4BAf8EgaQwgaGhgZ4wTaRLMEkxCzAJBgNV
+BAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRkwFwYDVQQL
+ExBleGNsdWRlZFN1YnRyZWUxME2kSzBJMQswCQYDVQQGEwJVUzEfMB0GA1UEChMW
+VGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVl
+MjANBgkqhkiG9w0BAQsFAAOCAQEAbbKErwqLymnsshF9fWoJ7Q34GSpXkfvnqLsM
+pak8iy/VCfntv9pPMFhpvAT6F4wuoGN4wXhyQed2ZuSNZlu18fSIiU9aymr0eyJR
+XuNHHGjVe+5NDfNkHWVX6sQoH+fLUTQy7SmXK5zFrXynE4GJRTzq3oFTTdnI8HGS
+f3YE3wpv0miYrKV/YUz/Sn3v/FV9jqhUU+uMqeOE6o03FX+6wXuZ4FWD6vhbLBpg
+2GG3bjZ+ZQAShn10yvZmkWFyvwGinzcqKwI2aotX4eKGTfE1Mx8eFoRVO/1Iiu53
+HvrXVQtKgyQkEqYm8py+fJbg7PZ2z+2bn4b+5F0TPI2sJJ2ihw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: DC C8 39 E9 6C 68 80 7D B3 B1 0E 2F DC 53 7F 33 42 1F 94 2A 
+    friendlyName: nameConstraints DN4 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3A4F6CA0E0C61E15
+
+cAWOiLGDU9eGOBuNBTTGZfIHH0FPppsWGrGXqNdf3z8RmbG0+Rl+gBsravN5abeI
+q/zaRtr0juFIexQinQKNtTQepVgwOiphhpwq/J7qFnssszz2ozZCZlDmz6nT5msz
+upbgor44Kby6RgUlIul7ZTAX5vlxT+yCtkA0ojB9UCpAct6Vx5afTTdRdfeoeuEX
+d2//Pv+UvM2GVRU/Ov8O6yofSkVCM2cE9VR+LKj24aA7D9l9qD1BeA0t//S/Kt+k
+u2VxH5db4e+Ayld8tC/LapNmS/Aucw1SrJ715Z8HHlA0hgFqZnRSJEk/e6x03EJn
+Qud1lnVJcp3S1EOZ164zftcairA6224YseKhXZ2Hk/iuczFgMMIxbTJ5gqLSaLmv
+yx7JbX6HjLZ0NtfG0//KKdFnKpBPhs3HrdYPROBp73gkXnNn5Cl0YQEILeSVUpLf
+xc9GNY9OikSITV9ELWPgAmlbS+6/HI/9ep/CmlL9b96wcCjLHM2UUwYzqSnUnn1J
+wNpNWIKBWZepHpIJTLLKVmv0B5SMgdkVyvpG3YL7OetDG0GiAlbZae134jfvRq7p
+yj0i8nboCeKVLVxwvSKku47zQWi25cO1gaAyfnCJ3ODPuVXndrnfT9rb6g94qPF5
+7jCfffTOAEL9qPKUrqXI0B7WU39SwYsYaH9GJpuMVsl98JVxbxyX3AlDmoECHYrI
+TbbmePE7iojxNj9JpJhuJSJwdK3HhGlA9mVQt8alx6M+G474f+cmdcxtu6AmV3en
+cKlYFke4/be5BgTq1zga0o4N/pom1b8nBhX1tvMqhaEA4hAf+GzYJ6gFJ3SbMbgQ
+mCEvjtzx8zmjBtiaJX2xXfMYJ2lyWUrdv04EUQmU/hEoAFLE9tUt/YrDD4DLAOE5
+1L9QlWi5Su/2HwHbA5sSstDsbn/WSvuGYTpFU1pa3ugoWiG47+lzc4DZTsUC3yBY
++A+v1yxRKmtb8B4+vE4Du1umzPmLdEVtVFs1csjT4dHTLt2ky/bRmRCD/YReJKSf
+s656ZBMF9cqViVeCNIiMICorENMMw0nSb78m6kOt+pVhaHJ2Eq5VIY4emRIsIgpM
+FbBDEl1NXY32de3rki1tbLTwcsZK/ffLcyWB5pHFRSahQYVbcVYG1jeLX+Ecyo3/
+lNgFOY3xp9as81NfGztiCG0bs90LxJNIF6r4MxWmjLZb1SQvtv8YIuC9Yt08EjO0
+S7EwT5EzHqnmSnWeYZS8jKUbEmC3qHSDTqVWG6++2FA0M9ZQ4GKvKglwZde9MhEN
+6W8B8Y7PZeNKaY51l8zAAvqQJuQVVnAOx4NTsPMS55oRd20tNOgOy0DrEpC4eqVH
+gwKU4WWftri/ys9C9gLZNxA7GFNTmJn7X1R8EANO79PLi9wteal+surNbHpeofQ9
+4tr+04p019LjZLeuEwRq9BvVoIOZ30X0lkURts3azLpyOQx83DJqFb3chS8OV0d7
+SsahxX1+dngcrtaS1kyP5X9AQ8qYLRAKP4ObMeBV7+5X0IVxnUjpQIvuEPiXibFT
+pm4AVXB5qxnuXiJ4fUXAOW1tmJTYwwthygNQvE4nVEDVfafT8fyauQLWhK+tQvNu
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN5CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN5CACert.pem
new file mode 100644
index 0000000000..7e1053a5dd
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDN5CACert.pem
@@ -0,0 +1,65 @@
+Bag Attributes
+    localKeyID: C1 C8 31 03 AE BC F1 B4 A9 00 C7 99 75 9F 42 89 9F 96 C9 2A 
+    friendlyName: nameConstraints DN5 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DN5 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIEXzCCA0egAwIBAgIBQjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+Fm5hbWVDb25zdHJhaW50cyBETjUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDuAvtcHk5Gye8SvdckoKSvZLwTjNb95iDOOSpUaijVx5NcCubuosIX
+n6Hcxc4FI+z3vjoMQr0SdSiATv2QUFvYDkvAXKuZGrWE80oB693w6ljI1iVsT9BK
+O8VBdSRFtUaH5fZWUds8Ed6G8TEcybyp/Fi301rGBtcS3Ci4s2eooruWt1EbZUjx
+XhxebXGD6xeGgifVtVvZTUySNJNMLxlBAKw4zYX4ZbB0SO0sSMB1fq/OaDvRvBZu
+mxJOBCzC7TUl4rhfi8PWaC9gdrsAgIl3pMt0A9nLVE76HL1L5kJnoZDfwFav+/ix
+3Rc/PIQ7hqTe+LK4MJ/QW0lZRYesXHrdAgMBAAGjggFOMIIBSjAfBgNVHSMEGDAW
+gBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUup8JypA5nE53Wuv7EJWs
+06dKXScwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAP
+BgNVHRMBAf8EBTADAQH/MIHNBgNVHR4BAf8EgcIwgb+gUDBOpEwwSjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExGjAYBgNVBAsT
+EXBlcm1pdHRlZFN1YnRyZWUxoWswaaRnMGUxCzAJBgNVBAYTAlVTMR8wHQYDVQQK
+ExZUZXN0IENlcnRpZmljYXRlcyAyMDExMRowGAYDVQQLExFwZXJtaXR0ZWRTdWJ0
+cmVlMTEZMBcGA1UECxMQZXhjbHVkZWRTdWJ0cmVlMTANBgkqhkiG9w0BAQsFAAOC
+AQEAAPGe7Q+EIK4mWtMfDbJlcdLNvAPB8lvaDyM5Tb8cnsDALQfDywVfxhFgNcP9
+yPE/NPEo6icOToJKE5wv6/jA3eEs1CPK1HdadnKLMzp2xwcUo6ztMHiPeyGe0amO
+HbqUj5dfo8CeNkFsbOcSaCgN9FQl8cQ8/nld3pvX+/tacajBrKWBvLocVTnVSGWx
+1TGsB9JkuQtm2Tvr45+7FwzViuu8roIBtFpNMoWLSDU+SG5BB+BaKPT1bA+N79sk
+EPGld961zpkq4+53ZsUaaC+WVoXSRaafXitou4cFojEglrhqW5MkmaPDpmBVZ+ke
+w786OZvGQ3aNK/RAKRQ7fl4y6w==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C1 C8 31 03 AE BC F1 B4 A9 00 C7 99 75 9F 42 89 9F 96 C9 2A 
+    friendlyName: nameConstraints DN5 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5ED7185F5A78AF01
+
+CmjYjyReYVctbc3Ag8DVeaTnHIWk/GAWikjYoyNjtSwt/4mya32qr7nsjoQbXORG
+ETInKRBRp8XI/i6laLA9pjBHrRCdnLQK074TNqaaOahvIe5NtjutwMpwO15W1FJn
+2oUqyoIqAOcljLz69S1VijEVIOB6e0Jh8ocY8DKBWwYgscmLlGXaHS4VeAGpRpZs
+XRjv14N5OpzctaUoJKNyCvbbXrQYf4hBfxxDfYmIoiau4jigS9oPKfvtge82TmpS
+kphZMEGJ6NtRvQS50ug69y1thWhwHGZZw4gBqyspvgwiYIpg/ABWFqUBzoybBqm4
+EoV/3vJf9Ivig8yarlUCIc0Wf5PYq/T/NdYIk2LRdsL3Cw9coMi23rqwDp1AYjUB
+POzs2+LJXduckqb4yRwICMSrGkIc0R0DhjlLKRru8ca7DdA+qOw0vMCw1F+zYJBb
+6Nggy00egJWwnkvBEvPZfQSsD7kyElrDchsAkgzLsVI0Lbr72z0b+zuNmpyTTynB
+II3oV2u5Wlo4MiCGzqeEZLTWv/HYtuD5603r+EgAgBm+sjkKKVahkBYlmX4BiPoD
+VWet31kqCpgfrriN4I64OD6fqFoxooc7JbYVwNeZY6+OQZBuL3o3jC4bOFXpjEJe
+VaOGQNd2yHq3K6MaiJemmcuQtUt59RNCxWEav0yhHYvltXkyjtSdWhCy2g73MJ6H
+y20lbiRlykliQbxFqtXDUBauHVddNblIByjdNziHCVbQskaX6nUv5nMHCBzc0REo
+/Y1F3gPernpRUYPI1SbUa8oTwU1qpAq86TZtAL8/ceQfyZfytUya1uUtDoSlbo9T
+BnjgA5H+aG3/BaPw/eacTFr7KPmxM81wDhkTzbxnRWLxKPDWuR/ofoeJIt2pCME3
+oACdANURd5uJy3sxUrEe14n7uJ5DN1O93m47vaVSCXaYfhpW/H6GvBaUbu5ghHqp
+zfbmTm7kNbWuL/lag9PjU56MazmJAx9XozsCZKDQgHvYAkYZmc7sU9xDcokfRtNp
+EAKfwMIQt36DYXzkgho75DpIggKYIKCqPgCYwWsEBVO3ci8iwW8/3OkFM5k493FA
+KRtEX2go9oZW0uBWLmVjhVOPJ2ZxGzoy0rzPFt4znyPKa4aSIrGhCf+xequgXeV0
+1G5TGcEV/MurHCItd2WNXIo5NvRq0vDqH9Ufgxjj6lzhLY77Ld7L2HSTudjgC2jA
+iKauatpfcdwKz9wAZFLDsL1TY6nFPh36fR5wgEfvpeM3q+Y682gtLCYKsmhSSMo2
+s3j61X0Q4rOBE6u+0k5dXmNyHI/BbuDf46Li3tahW/tcyZFx9y4JCgzB4+1uN6DJ
+qndgMC/wtakkDHv35mYtNnoWSOKxryvOA7ElJMtXX1ucUDHetBEvqN5I3cH9q2HA
+SbB3Bqw+40qcTbj3p7nfhYZs1kJQohcd0IPanyhuNVobaUFAePk1JjyFtZ7OLVL2
+7e9pH5jNrZypp/BIMJcGE+edSu2yQxdLAn3iZ0qWXz5y2zXwcm6V2rw3W57427oS
+LsyEiN2L3H8iuQWJMVBcSpYv3050ezySpPoqqkmpGE/EmqI7vjm0wA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDNS1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDNS1CACert.pem
new file mode 100644
index 0000000000..7497d63215
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDNS1CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 8C 78 65 B4 6C 7F 97 CF B2 14 61 5B BC D6 BD 30 33 90 B5 0E 
+    friendlyName: nameConstraints DNS1 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIBRjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIDAeBgNVBAMT
+F25hbWVDb25zdHJhaW50cyBETlMxIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAxyZIOtzAZ9n+6Fp6UAqnUpZYqyvCKSvTt0W1Ww2idbDJFczQcqX9
+lQDy/v+NoGkpQbjqZdrATmomnujiL4AQVpl01V1XJPLySeVOqToqhbzifoy+RBYq
+sXewuEDBpy2FGMaFz3JIK8mbK/qQOBFOG8fzzv9gNIH02AQpdC+J6Df3TB0utyiK
+PjHHGFWifSswFqCHGG7geXeE+Ep+iqIm4MKKtRIG5DeHiqugcHii+HpaXFASVkIr
+Eo1FmWLDE6Ww8m62Si8WQSkPfkcEMGn8s9MXI8L0DT5OlkIVvSs6Fdd24gJJlPC4
+lrF5g4P6/UPHFvyphDptCkqpbkBKQEBXUQIDAQABo4GlMIGiMB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBSxqhfw48/M0qeJpoMH3f9u
+2gfjSTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wJgYDVR0eAQH/BBwwGqAYMBaCFHRlc3RjZXJ0aWZpY2F0
+ZXMuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQA2cwKSvsy7ORVz5Al8eYcC1Y81FdYA
+ioDGnr+x+6/I+pskqBFox+5QHN/ccd/xOeFjK1tQCq7WTaEiFWme4DmatuFAMtcD
+LG3Xng+yfEeXswsT2L+e79o/Cg1G1D86V+YArRRTGBvIpzNu0owpW8AhJ3us9P31
+e6ZRcL3kwuyx/nKODVoTupVE+YJwzLqtMKtF7EOfp9zQK+jSfTUbrmq0y2gqfv5V
+5wVjI3Wj/7N1T5cKfPTnRyAoSZRSmZTVVRZgz7wEZSalMLlrCKv9UrTP00WX2n/J
+33mL/1KX/Tf0EwaOMfjWj2otCksNZTU5QoMmtVxBhYd01nTV/bKejbUE
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8C 78 65 B4 6C 7F 97 CF B2 14 61 5B BC D6 BD 30 33 90 B5 0E 
+    friendlyName: nameConstraints DNS1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DEAB6091DBB1685F
+
+tFtb22ury3hDBFcRIRlEJcVLvemmfIIoQqRMmVNJnlYUFMFi+Nl+PEPpr01S8BGc
+1qLYMgpFBp83bTkr1qsGbBG2O1G0vHAdqMWdxXJDsXGRIq5pi438eEknryrOQRjC
+D+81ZHY6H0seg9JzrBFoQZtGZfjZ3icTQRR7sXC88DNPr9YLiDdRUQB/NICr+UP/
+e2xlabFAEi2NmdoosbV2qKrd2DBlz+Ko1DCnEl/H0/lwZhP5AkYDcCYpnAM4PPu7
+XbT8rNwx/ioD/WaM4zdFTs7eFaSOY6nvWGNvE3B05ChQ1GGUd/poZUwty44kVvKA
+puUpNpuxLDH5TvhTQyHuwo8cLix41g2EDWMkMJCZGXP4yufk0SFpRwmZb0HZasyB
+hwAq9lF0bphdE51InIbxFjhFhsBLfR5x1eOjr0hFXbZ6mSywHcriyDs2FhYVi9Kj
+taTM9Z/z6JbgX3lAQ3JKvx19URBQatcwrHxCRYt2M5jxHgLx2FCF1NmVjIuNSYMJ
+c8aZX4j3yL+/ccNT26+7W02XFTrgCSp9I6tOlMmVlwEhdmlYh7zhxiqB0p4SMQNY
+yrGBjEm/24m+rxw0usJwuvRGSBNXEIPAB2Zj2ndiIdUuht1u4+vEJ+juaFigxISb
+wKPbPEdZ8dG65FFSBbRLVilFpnfk8uhCZ4LsV7HZBWQHryuLqj+XuEbZVc8skv5a
+yvHzN1anzLC6ucHBCtW449Hh8N8wL34VY0BJrtoTr5Zf09MToYZsdoDT8l66Y0/a
+ahoW0pWYNiksntlh2pyme4FNMtr06bmaVjRavphtkWygi3y+yCpJS3D0yrqcDymn
+mljhP/9oxAqNhOzgPV905XSqVCkJ9jIbQy9Cix5smdhGs4h9xajUC81XtfOZcXF/
+WFFe0Wf1Hh+HgHTQzcILui27NeN+PBzHmcOyYpvTzQQgLtAuhXLQDGp07sTzKzvm
+u2Rl9wNBw14V96hkuCUGtiZxrYzQra7Jxyvry0yJ7iCe4awCbnw6G83EPmvEJzg+
+HjjTJYhxnvJLNnYEte3bXLiDlU+8I6Q5MsDEenfueAj5bpHCbGGA686r0n8ds0in
+9IQ58pwKnjTjZGh2M2QtUcH/Azz7rQL/drYAazISbnRhTB54/MDomxwmnTiLg9p7
+de+VU6bu8m9GXgQV2pfkdpIOO0j5dmHcRHL6G0v7vAkiSa0lD8jMc21MmloVhTrH
+w9KdTLCq2Bf3xehjxQAJaVzwZf1B4/TOnMa6cakBSMxoEyFekgfIld3wbrNRxbo3
+1jfzMkFKMM+SGpjjLZJUDtXzCzTcOurMl1R9APZXT20Udegm4obiBs7+TIDc0PyB
+e3MqdfqAEtinY6dzPodB9t3mFzjY4rV5Grks+twpWBA0GSe8P6qe+TEwW/Sbh3rx
+QD/mTnLWpol/CxLYxs/ibHudO5W0WTY3yRZj53OMM/5ZRlODbRBjUEIbgy4Nz6sY
+7sjTDRNexYfr2OhsvEDQi8/9AbSpttbQM4ATrd7ZvRNQiBpkSUtGpQPYVE2HAw6d
+tgZ6oV/HYpkkw5Re0wRc6pdJWWa1p9TpxHoGkW546C0eUIEGy+ZvLQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDNS2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDNS2CACert.pem
new file mode 100644
index 0000000000..fd19a35879
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsDNS2CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 6B D4 F0 64 35 65 71 B0 A8 FE 96 51 2C 71 66 B1 4A A0 60 4B 
+    friendlyName: nameConstraints DNS2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints DNS2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBRzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIDAeBgNVBAMT
+F25hbWVDb25zdHJhaW50cyBETlMyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAvfi8NX1OP0jd2b3bSoIyMixV6E+/kY/Uax1VRBts6UW2lx2CYk5e
+aF9/9jR3lx24bit3RHNHk7LcaX5Wkr1YE5ROpyxEwhEOGWnK7GcM1MlFvpO9Bj6n
+39wr3aB9MOHSOS1ihfY99mY7UINyWNoXzkUD//ivf3Guwuf7lVfvjXwotgcs1ig5
+2wSTK0sFONYdCtZMcrslFgBOhm9qZ8fGlOSVAoxKq5Fhpx0omn3DYInXNjHPHwJc
+wj7D+8FBY71FHDG7oaeyhaU/kYiQTMAxoUd7XDibLf7KUQ38EiVpLshCNNFTZb9A
+56l+03RieJzxNd3OmIULd6AFLNZ1aMOjVQIDAQABo4GoMIGlMB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRGSJxCCY5dU3DYFh7gwckY
+FTUKBjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wKQYDVR0eAQH/BB8wHaEbMBmCF2ludmFsaWRjZXJ0aWZp
+Y2F0ZXMuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQCGjj236wEfbWpLjM5irGBHsc0w
+RdmtOLh4Wht2TlaaJOErYwY4HWankOeTjQdJh2fxlOwWewcjplngI24XuY1i52GC
+HL3H3CbiXJJKiyNZQyTfUtWaaP9Avp9psb4J9WcqfKBMMl+j3M3Fw2vLFXSRvC7u
+bXnaLNAnsMdJoLYdqcuqfG36aGOlouxf5+ATj8nS/EoOjIDS1LjPCCLVMSSURNYP
+2royVDt7AH2TzxOT5c0+5nvrx5bs2GOO/77oiLXqu0FJfXsJSOSOrFZ0EvwTOPg6
+5jH4zO0aOlP/p1bkpYpVyHh3syyeKTxqdn+TTZl/SoiSLpk5CxK+eFBlQ7ad
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6B D4 F0 64 35 65 71 B0 A8 FE 96 51 2C 71 66 B1 4A A0 60 4B 
+    friendlyName: nameConstraints DNS2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A15577E096374231
+
+jIAioNMYij8iqXwg0fQl2sfAXBkwiLnCOc8mh2szeTBwkaF0EQku5ZKkBUu3dTAH
+yZ0LyB3/t1ZwZ4qUsOfatq5neI86FXw10Khf9JfFl3XI9Cynp6PdJjYIgZaP2S9G
+n0kVB8q7nXhBIsRWvH/0mvKWUSAaQYAkiPYNtlvo4LXjb9Y2m5QdaIY4Vo6WtD4d
+nwn6HNhR4TGhEMkI2MpeHq+tqhKx7PTjvFqKmon5x9i9lDI2XxvaHvQ6j9WNq4Yf
+Kjtn0UVxmkNEadQ0mfXChYY7cxK8mWNk1yj4OvxZNX8vHhtWxJlXKOL2E+xaVXfm
+N3lrSAH2n8u1biTjVqlpaMEgc1yBLc7wYYlmZv3n0y1lnb/HBTAoudJn4q2kVZtG
+5h9/aEuY1F/b0eJGu4E2zqAY2UMUX5Trjn6pKHbKfSrwxrIGGEbgy0COeJ2R6zfa
+WH5hQLk70p+8Xb8fkVc0oiAu3Vk0M9INVPF1ICirsPJGpRoz3XmNRhbqKxaSwAxd
+4lM8yiHcM3m4Mkymek5D+xPiOuq6JjJ3+WZS/TidXfDkoa7AILgj3N8Ns0KOba1L
+D2woUPRJVDXvYcXsT+KWQdr02JJilJajEB+8RzPZFVAzUDqbwmyDDu0oNrhBqeou
+ej/Q1O5q8AkIF9cqFJLDdI/7DqFVehb+4mAsTOg24CF78K6g6QUUHZDnDYUBx6fy
+GMJX2eXXp3MzvDH1cYpXqOPwbL+dOTzCyRrNMjWbuMozdG0fErjyk78abozUYe2v
+SUMnoUKyPCwYia7dFl0/mJggrbbe/pnhLt3wOSYPcQMD7yt2TKSjIgMlP4zAfZZd
+iJZymqxvBJm3Ce55EuKapWKxtFZbk/uehT8NelmpJZrnIQOSfXLjG+bcRM0BZ1s5
+spb8HK9ZdyjR/3C8lSYbho/uufPntlpcVAYGyn1onvV2+NH9fHMgakynyJJpCFwl
+KQhkkAkpJil0TBPdfUHuFIUBdfjbD53CWoUxiHIfcKR+GcWF4sArJmviHfhyxGxI
+sM5Lu7e5xzfJkrpgHj5raRsi/b1y9PAOXwRv7HM7lP50VA1ZuCaP8NU8gyarvF2V
+DDGkiO4CnUBFY6xFs2VdFRj1dm+chKQW96iRCwuC/WiUTVX0FTtkmldvSOJ1k4/i
+kvjpqNSwFDs1jDkn/jyk11gAEr8Mg1VQS960NJmDB6P/viJBuAFcGJVgF9F/AESz
+xGLisvRZ/OJsng8j7qrTecYcwTRj5/7/QMoBy2Cj31GvzxsUC/dHUXFzjfWeqdAz
+Xw7teLHqzrPYU7VD76rGWTD5HJPuaiCaioSslewcrfx3wC+aEBfywvr4zQkPHPIh
+tplHJPdJoxme7FwUTXu3LgpkPp7EiggpqS31vecKy7YmnLq3smpNtBpHGjQC0XeQ
+x55nuXEz5RWmLql7nfYq/D7zWNk7OFa1iZ33cWNTB72HoLKR6FSPZvKOfX03GbwL
+QwOQQRIJqDwgTH8pC8gqJdfxrvSd1E6UsvUeXU0bhP6zbtFDBdOA+ZEDqg0VXtWX
+9eDgZ6zFwQz7l0PZtUABd2FmPFtEXonDvg/QVOBXs6vdXefi/vAnLAKL5TjuyyPI
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA1Cert.pem
new file mode 100644
index 0000000000..ae4b69b5da
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA1Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1B F5 F5 63 8A A0 64 77 D3 A3 99 D9 D7 4B 03 39 AA 14 80 E1 
+    friendlyName: nameConstraints RFC822 CA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIBQzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIzAhBgNVBAMT
+Gm5hbWVDb25zdHJhaW50cyBSRkM4MjIgQ0ExMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAq9vbr9mMpG3/bg2XQGmxlZSEqeJpOnQUuEoS4cicFxpCaKMK
+OrGLlpwTrGhR/NGHOEzUO7qLWyTaA2wthe0ohZIsxjvGKK3yMvmnFNriMBt+md8i
+PAR0ysFhBmMyIpwdJs1N2jBnOANPW0KFOtrFgncHnEOajo8l0jpGBaLA3ryhdwB6
+h/L/A8bNbqJL4E3foEk2AsOzdt1LoRUaA9gcXCo9EqQ29a+598f7NvRME09teL9n
+iJEzHy9Dwxy//II6FnlmjnvGdUmm/2Z71UbzkpiqjD0w0/jBXcDAlwTF9EfL71rF
+wDCRfZppGRUKLqMNTohHKYI4ilkD/oP75a1EKwIDAQABo4GmMIGjMB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBTIao6xD0uqpYi4p4+R
+2+ozSujV4jAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wJwYDVR0eAQH/BB0wG6AZMBeBFS50ZXN0Y2VydGlm
+aWNhdGVzLmdvdjANBgkqhkiG9w0BAQsFAAOCAQEAcAR6YeKZpZPVB0ICn2GTD2Q1
+FlSS7paAINYzC59z6h8ynJFGp40/67SrFz7IBzBp5E2InzQ35dBXINNsxcG+xzgE
+2PmPZXzInzI5MCJS4XpX6bY94yUTslpoAiVJxwISZ4Gbfd9M73evvcxymSVNAPEO
+AX/6eO2ilazokSR9D3zQVOe5lxPshorlX/WlF9LvCOrS0UcEhHoDrfAM6KhojUN9
+K5l6Fv1NXwb/8cAbFyC2BMmwmec6OL2oBDJCxoLrAWVaPh7+YZadnLw/w930IIdT
+U4C90QPUgdFJWZv13TePZ2WEMtxsev82AU4PjeUS+l7c2FLW0zavMoaPhjPnaQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1B F5 F5 63 8A A0 64 77 D3 A3 99 D9 D7 4B 03 39 AA 14 80 E1 
+    friendlyName: nameConstraints RFC822 CA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4562102D253EBFD9
+
+j6TVJONwSX4g9azgAS6muR8BK+257UC91asDs9mFLvVUlCLTQH1ZTwDuyPXTdIHz
+/3tPysrfI/1Bq/IwNkFHEEbDEVSmK32PfrXN4E9dEjaI+jgmSap4ZPTXnVyzpO1x
+LyKAglqacYYv5HX0S38mnCHAKKeTvJ00POvwTqrPb+lxQAFf3LcBpopL8BtD5Wma
+qmJO1EcqCVFU9ceo1FoOhWNsPDrpf2qZPpfQ6v6fkpqZWedQUC6mfDdIhThjQTD/
+tOIKuo1s6zHz2ZLKmpYKDAYJ6zeeIsrn+j1/3KyMfW/DTuPmdDDeCmGwOuQdja5e
+sSL2Ij+Qk5IlgLX0OkkXJizuYdIqs13Isk8rK9oZqPhqWeoIvBcXYt9GpYo5CnJ7
+1Vov39567Ycc2xKtdv9d+VayHUWhwtvRT6Cmm0HQj+ktcQJsAM4H978ptMhlxV4c
+FoyAn5q01CMg1uRMZRPiXGHSLwy7bOYUamwIpomzhmRzeUl1GTRI98atsIMvhGPc
+SEt5mmTvYfaTQXcFBF0MWc3h5MUOGRYs8O1jjeLd6rg/pZUFWDZUqzmElq9Kc9TG
+m/0r0DqFI4FxvyTI+1830DUt0H7BzbjOO/lJS8lu4XUoVcz9sSoAc3U1n8yyXzMV
+vHNHcHSGNsabfE7ouRwWn0ttjOseicZDsu5RVAcw/1XehRScdfZxNNyVhU7BGrgS
+UqEnPxqQYPb0fqpiiRVn+RqD6wDdaaroirU54HPPq0OAxhosGlE5PVc9ZIYcBrFI
+fO0anVuQYwK4HnWVDbp0+0jfv6GHKiskFRmQ31MWZ7CrIEfyAoG7+JusdttDTf6o
+BBDR1EVfBGGRX2J30hMqbRXwvuJ4TpWDsGiH3dnkdjA3txhnYTV1C0p6dIbiBRdN
+3ncwNaLRbjjnv03+taiZuFrY/JYetsrpht4woE/W/s0fQ0uBUq+xeCNqqNlrcvNg
+j22o6JKyitDWbCAeu4SnULN5RHAZPALYITeAhU4o7SLWNzFlzIen+JpbzKzOnRBw
+cXa1DuJxkj9BXMapjGoFkFrIkfgLPjO8I37wFgk4REWpBMlMfZ2PYPJZkl3v/uLZ
+nLOWoEWqclPMjuA6Dtb4rti09+pMGN11j7oKRC5W15LcIjrSdj1NKl8mJIivlEHg
+646IoS4yPsNI2kthdx3YaMfRUYXqGOxom0KYXcj8hlVVofN7/3kGN/xhC0+QA58/
+CQ3XahUOpemqcMTEUbDA/8S56MruzlhD0Nq/oxYR3Pm9J8NnJ6jH0b6RZ2zmDp9s
+YZuOIoiTRBfkdljrsK5Nw7ixnsTVuNi94wBnxWjHsSjzpx9sIZhhi7NUheVN4WaJ
+CyK0j3qqOIZgbp0y4cLyZCKBZ2fTvDuqQznnyiPIT7Nf4zeD91i0b0J0gcq/y8Ff
+Vo/HkyQOIkwGdkE80G/eu8dYJ8IOnO8ty2DwLzihfQHYHZHLFcbJkUBcNsE1jcTj
+vYw496/wQjpsW635mUKmKkXMQakO7oJ1L5AaoyCLbs7Qn1NqELqsehbhtrv6vPhd
+AGNWK+KPBuC75HyAczdAiEkiUlofaNSHzzENaeaix9L74/oLJseU3A==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA2Cert.pem
new file mode 100644
index 0000000000..23e4ec0233
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 79 01 06 78 95 60 C3 39 42 82 32 7F 03 4F 38 6E 44 48 BE 0E 
+    friendlyName: nameConstraints RFC822 CA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBRDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIzAhBgNVBAMT
+Gm5hbWVDb25zdHJhaW50cyBSRkM4MjIgQ0EyMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA5WbcU+FNFY3n/eJc1k45UKjs2clgZI0HMujImijlExY8DG9c
+FZQuOX7g1eCaHXFeS7HSVMrfKLO9tOSUfYUCido4TA7xhl7Y5l5BrKkn1ZgEgGFf
+Z6lZqqb5C6+qd3cUzNPbOXd1HzZJNcV47uZ1NusoqMyXKEpRQUW3t+V6dp3E8JFz
+VCLmRPXtqY5JpZemmJD5VWe5tj89OnPk6S/HLKUeNcYiA7rcpZR83TJHmO6tjF47
+Bb/hgxLNRYToTn+Z69e9VJ3WZM/t9fJxRUWwEgyBGW48kQjYmGvBNzrlMdCq1ncy
+Z6JoBk7UY6qky21uhaO5sknZajTFPTj+M4YNeQIDAQABo4GlMIGiMB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRRgM36SXJIPO0OTgvO
+zh9AZRJwoDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wJgYDVR0eAQH/BBwwGqAYMBaBFHRlc3RjZXJ0aWZp
+Y2F0ZXMuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQAk9GOd+egKHy41DnTObsmqsc3w
+KSvj1SVn17Hda1gq3tLXUcNqp0g7kP/YNXRx8XXxU9heUCOTR7JLVO5AMVS32Qid
+J5u3q2D7dBgHN5Nyv7YsUOI+AcVysLMTlUu6iGnwCSsdtL5aJtSq8gAKZE+HJZwl
+iR73kSPGr4J1MKBiZvcVa6L5LKg88FQiSdOPJwyPurvn4t/K27u9jW0/SYg1qeM2
+/iKSyzsf9bM97aYqqE3P7DPHRZeXTZKLCaMNKAmZ2iWtsyc3aNTn2RyXg6RBUoY3
+d8um+8xE71cKdDjNwdJrsPwFhbripzJ+eE7bWV8v5e5E1dN3AzJU31wG1+vn
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 79 01 06 78 95 60 C3 39 42 82 32 7F 03 4F 38 6E 44 48 BE 0E 
+    friendlyName: nameConstraints RFC822 CA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1EE3FCFC2932F1DA
+
+Nwl6UqvLB41/40EviSaPBJ8mdUgi923wEyqY3hmfKVBnM7M8gt7ULVKOj59+TAe7
+dTZh0Wx9JUIWJ3fEVInkvMWWFMteB/B+KkwjmVWL81Gfe8CqqyssYk61GJI7M7kR
+gCD3DLKia6VlbuB5UM040fpuNMsgqe4oLnonRFY0i5ruqOjrDkctRpweZGT99RSn
+PIeu4/qnAwkcxsBwGh/GjahmUfAA6neemCeb0hxVTrpYQSGkyAwxuI9/D49ok7DB
+5QoW0ZzJhS3EUv4sbILLNOZsY5b+7RRVzMUeXXWRbgyNo4BeYK9by53hbZhtVUZi
+i3+NHdMBJLlP/nujcycu1ETsgwU6BUoZncguhUdymtdErQgw/8AUKQ+K6TsrbBco
+47nHuDRF6mEwHbI/r/BPW+CxvtjG39TG8jMgO2BQYChP4jYklchfd0zU1fTIEzvh
+YmUxIyEB9uY1xYgtrn+lgTQY6+5fs5L+Rp7HBu/bITW/QQ0XFdn+z7Q4BTm9hXUy
+23yPH9XofEcsj3UlFI+PCeSTqu4lRf28iip9xf+AsOq6U8fzrj1LNI6x+VpRmYpc
+WxKoIEvNUwNFRgsVxxW/d7La+URmF7cwLcgoUDH8Xc/Ytc0TsL0fcWJFKW/NJYTI
+YZqnDLY/pe3q6tw1ZM+x+y+L3dHuF8Fs14VxEklzhJabP+M9/p28F+N7Nh2dl9h6
+X6mES3LU9g3T72Fr9MEuD3+SVMz85kFAgiVsmulZ0NPrL0MG6QMxGoy2BOCAqzb1
+WpRmLeC4A5jWKPZT2Eu7spKMgQTQytItn4EwByZcUx3RkGIkUf659Mz6ABALWLN+
+Fppu9S9yZtaBY3C02eVO6idMvYoGVYo/spKFMYErRllXSlyoMPMPNbwginUcrAyX
+tSiWSRCFopdzfFsyO7C2rKb7PU+KauCERlEVGY9tq24w+zckElTWJuZhN57dlaRd
+6zPu6wC+OgHdYvYqeWOsh0gipFV4lpPQz96IfQuVIGfOoBlYfxQTCkwh/W8GFvoi
+L6kwGEj9zgHTMy6JQstvdFHjEKppFfaE9gkSrB+Q0oQsUX9UQJ40CVKvDKV0Di0/
+CHiZ6G5C3Y3Kq6I2na9GdYxVWXSIDY9CWtq7Sh8i3x9wllG2dzQYHx+C87+WkL1S
+Xyrsq8dF0UO8dJbdocZ9udbEYdUatoz8Zz07xLKY/DInK12YRIKW1r6/5xjlIndI
+FMvHhG+pRTAtc3Pt777aSF5JVGvci0nlZU1EzEF/LEl+Osvr8zMk+SXXJXnr0DHW
+cc58wbVttJQm6sXbTiqDeDif9JUdNKMpGosSt+8NB8Hw0YUoaQo35jNgcdG4/0IH
+kbS1wQCRhrxa0388ksok9HwwSIKKWikE/p7Rfu4abWM1pmVNh5OP7y6pW7hxKmxE
+rQcrlJYWssNkYX43xOvjM4vfPmY8cEftUukIgj/kltDSh5n8gh//dETcaAEPmOG9
+o/uO0cOnOxcOm8f3mciYra6EhI+3Rd4a4tvnw60ahf60a0QAxKGIjzuU3XNCZDfO
+GwmAxEYS0jGyWgHGUusS24mpOnF+Czzk5vJohVV2ask4E3gjwnhLeA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA3Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA3Cert.pem
new file mode 100644
index 0000000000..9f11d4a80f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsRFC822CA3Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 1E 15 21 B2 0B A6 60 0A EC AA 86 B2 28 08 08 72 A3 5E 03 C7 
+    friendlyName: nameConstraints RFC822 CA3 Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints RFC822 CA3
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBRTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIzAhBgNVBAMT
+Gm5hbWVDb25zdHJhaW50cyBSRkM4MjIgQ0EzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEArHS+/nwL4IEPwwXe4efteEWKpq1uL3iDHm61D3Jb/GQKFWoJ
+lNz1VElMoVCqYG++hdGHbQB7teD/59MXxojFdcisSIAA3pTBBDj8c0GFzucAzagw
+1IPN3NDjoHJcY1eRg+bKpwrROXxWHsIPnkULSJ++BkMarinmfuN1TjdtKT+Bv6yH
+vaCgPxck63Uz+lVHuVyA5feLp6NEn9ocaATeo9JanbiZEPLm3NVYMqt2yzSMy2UR
+MJ4dyD14P2L8dTgjaDD22BwpjiLc7gSCrLgTOut25JtYIqreqMn0HWQTbkg3MAg0
+S6UTRnFVUR1vfHRleGrqMU1BU4VQRFan8T7HHQIDAQABo4GlMIGiMB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBSaujlN2iF1r+pBwzxs
+UdioRal/ozAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wJgYDVR0eAQH/BBwwGqEYMBaBFHRlc3RjZXJ0aWZp
+Y2F0ZXMuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQBhd8WP6gnAMqbdGdka9QLQ9t2x
+Xx9zp6vdHGl4oJVmDw2opfpAXwhRc3mQ2MsY7KDfmCNvw3ry6EFEndGdinzfWNE3
+4arjKO+uVFiZCD5O4smVklvpI4xFUZOOxClcJFa/tqicdLNF6tA+reP46djPfuUB
+W9c2XDBNipVjX4w3f1i4LKTH+imhmF0L3hoHfvwyM26RW/j503HvUHPmX6MeSBjP
+HqPfDUgwxtaKbcG/FC7IgCnaKQmcawjIgkWVVz77aue9UW01mJum1dW+7vuZ1gE7
+S3waoAlURTU97IgWymX6FtYnHrX/MiQhexsapFHxXxs06l/up/7k/2m89vKX
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 1E 15 21 B2 0B A6 60 0A EC AA 86 B2 28 08 08 72 A3 5E 03 C7 
+    friendlyName: nameConstraints RFC822 CA3 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DF5454DFFEE3D139
+
+fgaLOif4JvdvfGzmaGKV+JlZcgSGCD3R3Mbif9uhcUdACJmocBGRAviF8aafiPIZ
+D9eLMdv7OQ5VgoYLrEmVYakElfHySpthi3bvC+W8rKRSJO3rxA6pGDfrotjm/Uor
+0Rghx/0jlsl/MmELEQd8Oj2RFPezRqLN60Tu9Dp/WfMCcdZOjZ0QEb7TUUmpsInr
+vtrVoD5hZjL6ViG70pz5r7sRcuTVJiRMgF2d5E3xD1tl3tfJEYXrX7btJ1pbVolY
+/YxCOm0nCLPe2eoqIhI+n3Rw+6hz6n6Onhfql99C4vHGh+uVeim4xh46GjQAEDIw
+/GLHXOz6r6qmOOnH+ekNteSi63e+VB8w6KqcwW1Zm58OC5jMGbr7tVxQ6CmaUxkH
+Oh2RVfE02+1PbCGYFFv5fZK6WfTuAofsCmLd4ii4iLsBWw8V/ZOV/UFj1e43v8hY
+VJq1RXOolElBKhsBW98D0pfLhdOJgNeVY5NcpA7Rx9+KkEZbXzcxQk1pCOSKp84L
+g+T71aH3IPgLWy8ZiZPwObns6YuA+hj/JXFAQFF1c3KGp1rZYh/vqml/EI+M9BLp
+BT4nuVzVPSRsBakAo2fYy74W6doXTvGYRpBYliwPTkQaL/0Ldowi9oV6R/+jGNc3
+fZEdmn53dEvtieeDstrhH3TJFJdNTAgN54gJB/vpsHX+rKqqS+iY7YH+C5S376PR
+NvqI+nkSrFsKpNkY71zYPKEkOOgUHCuKOzRAIo3kabJQ72lJm+v4e9kQLoK8J3zb
+D70snDXeDJpep4pxD56DylV1lZrk9lI3KXaERTFfrbkUfpwo1+Ksicgw14kYRTwu
+WrEUzDNAJ/O8laWnyhIremZEyCbRsyx3MsMmsI3hxat4/CT09lZGTshGGjrw7wXc
+PW0Nnb1XyS/lHyEm9ajL/wpe+wjdWky4FDG4qCJRFZebdX+l3aqRvVF9t0Wo0eL0
+cFk4fmhh19hxVnrmwma5sXFjmP/vIMziESzh1ZIjTPYBj6DxRdYcsWBTzUf+d0iQ
+eLy7n8UDTHHdHJxzz3mKMDYz+ZlA5ypnxFauCPVJUqYepg8iZFRNq+TzFXs05DTf
+zx3rJpoK2xlZVjG3LTb29kltjur+eBUSfaj9UTKV176VPxBTkczV3X/37y2Tbomh
+JLcsNhKGQaBRm7SnRC4yj65TLenqUM9/CbQi4VM1zGBrFl87tVzEkutklqFdSthM
+RyttFYevmLni624DUPemwad/r1K3O4QiJt130SC1gyb9egQZvrnlpqD4cdPjUU6G
+ExMkZ/SfU0m0k9U6ry62OFwbysdXAQE+BtQAgkd1ud34jtFg4faWTD0N34zs9H2H
+88pVFq+xt/fTy7eOGd2PgtwsJMdAMoipLvXTj4823bxu+TXVpFQGmhC9WxTNzk6L
+K+9M5GlEgVU7D9A9k7etFm+DDb5+1KXl/bzoZ+Rofm9q3JpH8L0oljhC8iFupWcw
+y0vT9Pj3D3HtaQbTj8B+mYygbXtpWyIdmN5M6JOuau6QzY8KrPq4qwP850Uvr8rL
+DN1srseTKVJp/5OveRKvJB90KS9kO9A4pXibLwzZvz2Uo5LFbCa1ZQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsURI1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsURI1CACert.pem
new file mode 100644
index 0000000000..7e45b075d6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsURI1CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 8C 4C 2D 13 2B 41 D1 D9 6B 6B 8F 83 97 64 93 DA 30 BC 1F 39 
+    friendlyName: nameConstraints URI1 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints URI1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIBSDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIDAeBgNVBAMT
+F25hbWVDb25zdHJhaW50cyBVUkkxIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAp+cs3as6ObnbAg5IEkmXsD/XLGICGl6qVcEKB6eMA0ILAsGdMHRq
+ybgY25GUQ+o6RfvTHdD40N6Cqjk5vu9+7aAVjrJ0pdUyqHmK6u6TVcRt+xjonlEp
+o8bpkqqgV4i7m51qfLP6+KEh2SKUDBwOZ8/jlYIZeKzVXqk2GZx8+VmWWncDz/D7
+v262km2IiYoZM+1VAUixGhoi6ImPeDBE1u7qoxvvBEDKJJ4sj/5+i4yAgr+JNIUL
+vr8DaT17SkwRZquWT18yu2qP2KycneKysWm30A6AmAALhFBNX1ljDeLT5U1wBCST
+DRP5U4zH+XvAUUEeMyDYMc92a0hjYwE4swIDAQABo4GmMIGjMB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBT6KK1BFt4qaBfIDxwjPyYD
+3gIUAjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wJwYDVR0eAQH/BB0wG6AZMBeGFS50ZXN0Y2VydGlmaWNh
+dGVzLmdvdjANBgkqhkiG9w0BAQsFAAOCAQEAW+m6tH95z9aBJUxdo/dsjRTdVgxP
+LGVODxeqpW8IvEEjoYBWgHT5M+g4WYnzeSjiPvrq1NerYU0DOI2/hb7aoBBq+7MJ
+2q6BK06ddUTawRhLh4Rfnc36epefkZLKtQuFBKA7xaqWLlRQa/jMoZ27hKI5b1qr
+aKR+iP1rKPd1epIL4nwqQgAd6z1bJrV8c2V8py7TWE7/b6wuZVR4aKtFMp2fIN0e
+o8U1K35YVtmuVw3TJsTlFn/DuZ4R4Tl6GqkdUUvlKXNuY/nMobgfruTG6nvmaLyy
+FHtDoamjegjbIx/N1dibXZLf5n32iBXyHHDk7L3ubrarUrutmaHgEEiFZg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 8C 4C 2D 13 2B 41 D1 D9 6B 6B 8F 83 97 64 93 DA 30 BC 1F 39 
+    friendlyName: nameConstraints URI1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EAA221B768070C24
+
+AcR2xSZpFUEn4OVUqagNlFl1w3gYszI5vzBwRIlRqUGD3fXehH3TJMOky0qQvTiG
+g4Yh2hWxJsTSRs59w8UIXbZo2Qv7bYpbqudtuSmF+L2c4uip4M2Rliquol9ydIp1
+ulueKTatotnG25t8Tc1Nu9+udbR8znKvCwzBhrPx6hQ7CO/QXrvYML31UZvBNVkh
+Sj24mTYe2f+glY+1YZAM5LANA14qu0CLXGm00ImKKGs8FspriRENtfQRglxdZ5kk
+7cigX3lNPJOKVnjiAxwGC6FUTDkvTAYxkKaMVbF6bKpnPG5jiTpys41shKi5+oXl
+3VXpSYVRwAiKHikmkEPC9dCKkHAh3PBw/SQeAtY7TZgkH2+yoIiqDkXIA8k4fsBe
+fRZGJyty4RgtfQ0E880klW6H2j/E9g/Gv/aS1PVluassyZwP3UoWXBsAe1DsRP/O
+6XrTvWvpGkrinsYFZVGzw/778gkF4stMUcefHqt0HF9FDbHrtZI8fnAqTHiCxfHq
+9cpfj2WXTxYqIIB+il6r69fJX2RWzJsJ3Nny5mK1h5rx7qib7ReicWV4VZh8Sn+r
+FErwsp9yoPoPj3PUaP00kh+BcP2k0er52cwrTTRV6jiyMdXqGl9uT+HV1feE7o6O
+utZxwYaMo4a1nGDpVtszihym0p3aBEqlYoucUDpzpbV6x1dYrE2irmizIn9z1iEx
+JZbB5Sxl2s8BGic6GkvjsmC4EJbI1pxO2kPqL61zdFAsmPtdwt0fcM9ZJCStpWBP
+cb2j5JCDjgIJbwHd9dafXq/iavGJ2bE/rXr8ivY6Zp9OdbZUoXh28/2CX+dIBHaO
++F68q+PjhEdqBEC6488+xBv2c99cUjIslAfq1iZVJw8wBMo3OcxVZSRcSjCASjIA
+YlmMl1PAOgYCHQxv43oQqwp8ibN8UrvV/2QPS5PEUOG+sBaNrMnV34zGqH0DvCvS
+V/ILflsKx1e3sRgI94Sj79OMtYPJeyhZjKI09zoNNU4qV94LFrpixo58KXpUESl+
+rsmiIY8Xp2tL95t05mXxG7AZWkvlkwkiPrDnxp0N0cBSGItb0YeZT1LuYzjhVh7f
+en8XoBJYbDmCuRfQzQIsXJ39Z2VYdRBO+mVdooPJIsFMCAaIEHKmRlsTjvIEMHDE
+mmT+KY4CKilnbiyrMxPuL/ayV0xDAzpQgR+uGboo0baN3ly5RF9VgckVCX3k8r3B
+/F7/zPCOSF8t+MsL/loq5n+g6BQp3csU6kySXcOlg2JQMkR91lsBXlm5npurd4Hx
+e9cfwlqYFYdTxZvh8Mnft+o1djE+76hAeGzos3H7qtalbxYgEK/Xm2i/U4hjg0uM
+Gx2VfPlEjqs+Pk5oicOy+GoB4sWz+f/bjQaSsscWPGfolIL9ZFKw5/nU50rJeUYp
+8APSX7qc/1JfIz/sZMOGCBwv6R3MgAG4JU7E7Wrbgyt1ha/8BTsGDZvYcKA87Ap/
+w7Z6S8KgVGtYbGkr2o0okRmv0XTmjbG6+hs5ki8GAtv4BMLIBNZWgeNWG34f5cov
+ZCJuJD5DzRWbijW+2k88nCqNd4hLaadtBxdMmha4PxNx7uREdyaG9Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsURI2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsURI2CACert.pem
new file mode 100644
index 0000000000..9551a095cc
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/nameConstraintsURI2CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 34 6A 77 38 F8 A9 89 7D 1E 91 15 51 CE F5 FD 08 26 79 5F 2C 
+    friendlyName: nameConstraints URI2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=nameConstraints URI2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqGgAwIBAgIBSTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIDAeBgNVBAMT
+F25hbWVDb25zdHJhaW50cyBVUkkyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAvl+AJxWs1WMO+mjRtv79nQQIKiD4ZerSA3/ELaH8hFiF7zjMQ5iE
+LbNmILHWH5vqaHVmiDRbxuoe5fcWO5B0YB1A/dFY88kGTjB/TSgt+CBGdF7Lmy+O
++JwL5EGiIerDfte2+OpsUDXmwvSa5pP69kS88il7WuZcbJZgcAJ2dH7s4c0oQ4RZ
+pKZitazyeruYlq8ISw0tMyWUhQyIBtnpaRn4FGRpZhwdn3MzpBsMXEBfETqDaIT/
+Js/NHI9p0BldLlXxjTci5DO3JD+5eEwzjmXepIER/xKNuTEgK2ZpULY8JyJxG8Ep
+lenySFLq129D/VbDVJjp5PAj1wJKLL6OLwIDAQABo4GoMIGlMB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRN64lx3/AEAbL6djpYsbpg
+3YzTwzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wKQYDVR0eAQH/BB8wHaEbMBmGF2ludmFsaWRjZXJ0aWZp
+Y2F0ZXMuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQBmrQhlvkrzTPT4BYr4agHBUoLL
+n444+NPFOwy4rQOIOY0k++Fpvn+jjpIzrHMor9afu2rMHJDhlcNia+a03Ov1cLwe
+9fmf3gR1V5AuSjTJiLEN7IWADuIVcAPbAgg34e9Qb27pfVOnZ2JmPHkxiVMlGtA4
+1AZXwDD70gZU3iaIQKVPmMbLyBZHv8c3XtMkZ0JstPgr1WJ/Vl/Xu2fmQgJOc5tC
+z5fPPQteE5Uas/6COzeAL/VRAqfysO9jh7T7xfs62bbqxGcQise6bLxqKnpd5KWW
+BX1dDMZrBsEziR4j6wczx0fhfEPH0VPileMDN1o/V9YO9RFo1Y4+0YUi8C6P
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 34 6A 77 38 F8 A9 89 7D 1E 91 15 51 CE F5 FD 08 26 79 5F 2C 
+    friendlyName: nameConstraints URI2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,25879DBF4FEEFEB1
+
+eHanMm5BAI/xfO6HNob2KxFkcHyofBJ6fc7p8IsUbs8SEG9DYxT08dnwASuTWdlf
+gwukEKujaIY5O6nyx1zQOLsg/0XT4HMCvkpGJ80DfJWg69q2mYnwOaC9IiQgsA/q
+nxwuoN8rrfFpaOlUEFStuUAnc/FynEPZ92IHYuBxMebGhQgrkTtygMiRuqln3QhV
+a3HrpSsUkNxSi3olwAZqGBX176AhCkPt8ufE2PwV2uwgDUrfgouAq6HOeXqjNLBg
+Nz5TJ5EC+tAD0wRf4xVW0D34BOZaH3YkIcTXhmkMTl8uNnug8fkw7SqIM1FyI3hf
+NAXSluu7uOCnmMEeKOop0DFE0j/Bx7yBOYIdYVE6b2ZHEs44NIknMlkadhUogZfi
+7m/K2gqDXhfSYI93PTvJnRsz2C2v/F60V+KFRjo0eGEPEQ3n1al2q8Uk2k+vNOb1
+MVNb9NhIhTnkDnOBLtdvJso0qPCqAiWqhTlDYaVdyfI/j0wTArlLwKth/UPCTY9J
+PbOrErNib4k9q8fCj108AvfBIMrjdzGKsY8xR2CMLZTcqIwa4ISliEIH40RXix/K
+UFuA4O7RIVlCdRpVEBsTRebvTIzFfCQEj15VETu0eEI6A6g4i9AIm7chM1FXuf4n
+VBQWM5ftK5DOWBORtib2mFnLEfma7nYwsWRJXvkVdr7p5WXUZ9fYyleCu4Zxt003
+rTLWKA2o3Lud1WDsy3VabIjrLgyU/RxqlRkAG/QHfIud1D4Y9Ed14GWe12gr5+oU
+/2PwwDMgNp3NG4+9SgJeD0RBu6fcjui2GBc/AdTw7Ax6wnNzG2kmlFPwU/cPrQb3
+f6zWJeYIXM2ST1kq2VGnBglNZ/cAxMRfLGwTzECW/16FLCI7ej2R1+CDYzd+jTNb
+9NJcSJ3om0ojHnbQgeqOl4UQI3uJsOs+Vy/aL5kqISCibg5RrWGXZ8bAoijDVFk9
+jskfgzIQpM6RnH5KnUUlh6mXC/Yn2ju9lTKpfFqp0yIWM24U5dpCXJVmIrN8PMaH
+bZ4z1boHN/rB9GU0A7qdF6D/oj4XttRYpytDiGPPi+6lLXgu2MYy9kFrvxUp3xZY
+QfQ8d4ScJA6PXGOC3mA1PWoeF9SWedJgIsEwXYakbVaEOjahcoosTKFYoy0SFErG
+E7N4iJ20PvwTzKP3otMT3KtTem3hQlBxJxoZ4+w1dL7u4wgtSiGC//7C8QYipxK2
+Ch+HT6yvjkBdrH6L4xY/wOTsxRHUO0NuEsWruLHv/UjJHyaYbBRnBHiUC2jtDzlg
+hRWHI2NQNb/l508z8OO8bTqrKoGJnl/rUUAzCVCdv4tP4yRaIRUwmmYRJnDETaBW
+03XP1os4JfMuGr4nHzHePKSbd+FFa/QntVyYcRO26x97k+QCaQrzTB6ae7LHtfvU
+Kbtlme3iCkp3yccsKWwKTcYoZr6QvfCotfGeu4pjZ5vMGUq+bFR4xBCBb9twv2UI
+FN9qAKHEllpeo8OVyn7fFamswkHbVhPOSkUyDe6QKfFeP1u5omjiO+tUmQTVsM0x
+eMXJnxNAy5cUQNYBHOlmmSgVq79/itkUXdgaTDgnDkVt5f7OCw2a4w==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsAttributeCertsCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsAttributeCertsCACert.pem
new file mode 100644
index 0000000000..e388968e95
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsAttributeCertsCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C7 C7 6E 53 32 81 C8 66 3A 1B 7C F5 61 20 4D 39 22 A0 57 6C 
+    friendlyName: onlyContainsAttributeCerts CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=onlyContainsAttributeCerts CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIBTzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowVjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExJjAkBgNVBAMT
+HW9ubHlDb250YWluc0F0dHJpYnV0ZUNlcnRzIENBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA2E6R2OJ/GnvIKN2P902pDmSDe39PiEWDdyTU0wZaUg7f
+3B+NWwz6zfuPP1VS+w3ZIpzMQN+KfsTQUUKvK98jvHRRUAZbwoM8RToVFkjoAsG8
+vpdnzPS9rSTKOkeaJRg2XqR5Yvh21aqfxi0EPszcBn2B80UugX32bLv3znE9Asoh
+jbP6HSonsmWBlAAz7XNlb1C/Q2Zp54fCeXyAbCy436TudkQ6z5gcUOlvqYvt3QUW
+xX1SKU08YDM4dkQD1w59iGiI9T4PUyiDxAVoJrGlv81nUYchOdClRuCjV8a8/aSr
+dnrEnxUxX0jZ3trXidjsPhzo9rYIPe/lZ9HUQzJwcQIDAQABo3wwejAfBgNVHSME
+GDAWgBTkfV/RXJWGCCwFrr51tmWn2V2oZjAdBgNVHQ4EFgQUTQf+9i28tRkaUE3f
+mQR6bTNwkE4wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
+ATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAXvMeOuZFCENp0
+hdymDJLOWK5FAjdilDU8h8K8Eu6kDQ/rKGEZKd39i8hDmz0/utfFge7VHSwh4LVt
+VAM1tJrdAQDu1aApKTkIZyb+ShFX427DjFcDMBZjZ0Rvz9/qiGdFd59moGIqao/c
+P7wKwLp9DCZBAa3ydLzYe71cX+7u11vbzvKNFfjy4PQ7VkjE9Hu9w4O2d18mD4Av
+KwEotwc7loNCrE6JEjTURcmrvJhuOgEIsLzVzMEuwaWeqiIPeIYHl/q1TMixRfkc
+UWDab7wLgb2TPZMtnVGFCp+cClK7R76iEXIMoofiuQb/uR/Qpm2ODQTlbQQFH+xf
+y7cXNz+M
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C7 C7 6E 53 32 81 C8 66 3A 1B 7C F5 61 20 4D 39 22 A0 57 6C 
+    friendlyName: onlyContainsAttributeCerts CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,18B964FED0F9EE04
+
+r/nlBrK0lqS6TYiBdSIkthWXfj14ZE+eh/2ojzM5aopppXI0SjeuiKX47dyNNCR4
+cVGE+4wYkptAhQb855I5JIin0I+VTSYAcFev5b5HH/3P9HxMxyAWBemVzpTQ9ZUU
+0icFn/0baLg168yZXLMlEBzC7RmqHzlsY23VyrTdr6LsQBlyx4G+gf3tql4i9nn7
+rgnc/5O03VkwCzWLkBAKlb6vsWD4tdQ4umAGSvW1bWXixjWH/6rh4kA27bMBc3bZ
+Sd6nDnDUgfBkNsU35GcjUu+7XB/YkD94mIkWvfjOyY0IYduoiA++dW1PcJwvk9pA
+JgGf13uQGpsMEl96T2LajrN2HraghZBJ1kUmpJrSUjYrpRBhAqbBq73FQD+zLqy/
+sT4sHeiRldz1ciCAb2i6znTNIlcNXPmYHVD/bQCi6HbQgY7Cus/kEjim/UCoTwZe
+wmU1ZwfAL0d4AHTIwsa2cysBQ8bh2VUOestRkO+O6Nd7bArJC0VRJTm+D7gQ3M9w
+9WqRgDYnxxN+ADYTmuMjf9Va9J3G1Fw0NF7RDh2VoF9rIy3evex9noqVCJ3JDRf6
+fYNryHfxlunIPTyiwA15tMU8Aoe7JNwEw+kwIDLQWJIz/7rHK1FvrgYBQZpwY/9n
+ytzEa56G0jwmYu2away2R/mulTbg35jlbY+NEj6FhmtJEGvm9doItm1XM3ON8wAI
+FGParpoLWYEye0GrSDP+odREDQs4QhOyexzeV8A2H97gnA4iqWaFSPBty5wrxGBc
+f3W9xT4Q7ljpSMjSZDS6mW+XLwqJEaBx+T51ktY9d9sRG44aaWNsV33L4yNBty84
+H8XpJ8NAizP0nh/lBroXT1TgYCSnB1v5glZI3cN+jcj6mBG5n8wF+pjmQRx1ionJ
+lkI2Qojo/VOJc2tBmxzKKK9URB/h3xX6t89t8NXP+NEJg45iD9i/ydp3Ir7UIuIN
+HEt88tlPEDTUSTDI/eKGmPzx1OYTOea0Bd1CbhB8buoPk4bRB6hnpyQgCNNOSoDP
+NEWQoOpb5qS83RGH6iYjxIK5IMrNL+Bny5gH3D6cAaxNv4vR3kB3UAgInMYO9CHs
+acSwr09cpj3nezQeOE3eGBpNyfjD/mQ9Qnhc9Z8uL4gm1QewWEe4C3TqkH3wQvTr
+A/OjOMNSjLYuf10fXFoLM030T5K9kZMv5gAz8lw6GDrt06plRwmWGzrSKbEj+tg0
+o/B+H/83wtqJeMCqozcHzfuW6lbhkq9DsSgIYIhRf2bI4Ez5j3zQyyF4RWkyKkwn
+BcXbu0aEE09Eh2fU+cGqJ9GhhEMa1gSyiu+g12SF2ptQQE3pw67UCoe9ebQcjcfC
+jggwIwqHJHOBpnnkBoekFxgOtOhfcHf/hxHCk478t6mEEgMa4BIFTgy1MgwKhxYC
+Ohi4SDbnQze4jGwj57DYRklS137TgpE5yQUg0IfW2aQWzvGsPA90bD6QtcDE7MoX
+QLUf9fwQ1ldHLG2VPdvxQpGvwH7fAb+I69WrW+j7pWhGwe7yQM1zsS9ybK3URE6a
+yNjOhaKokZlqKdTpavZL/0G4Ot/plQXQORse/9eFBHRjdz0UwswvWj0dtMi+HuWV
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsCACertsCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsCACertsCACert.pem
new file mode 100644
index 0000000000..db908bd78b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsCACertsCACert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 4D 54 91 D4 15 C9 D3 01 C0 7E BF A5 79 11 88 F6 DD AE AC 35 
+    friendlyName: onlyContainsCACerts CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=onlyContainsCACerts CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDizCCAnOgAwIBAgIBTjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHzAdBgNVBAMT
+Fm9ubHlDb250YWluc0NBQ2VydHMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDIrJf/IZIHMiENvbg/xopK+2CNAY1l42W2B4uRzfJzk31C8sQYmVG5
+RFSJ70xt6k7QeuJ63lAO5vVdtAZkZ5W0WfXQHUPtS+TjWYphpRKbuiFUGg2sDgrm
+Ij8ZbID4BS0vogcN6pGMnbgm8wScYcPbp4MPs5cDWGVjAFfLt3Vn30WfjEofHkjF
+1duATD/nlruAO9OpFJngrA11/YmrAnKd92qj4cDkKBeyUGBkOXVEgNTcJEMz179v
+MzNjyZv/piWMwImQ0BscPG91lEx5tCPaUiXx0zO1EEaCiHNK1MQVx2rhUKiA+pQ3
+XS+M5GNRe8S+P0CnQT1SxQHRRidk7B7fAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9
+X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQlOMOuyi11eltN1MADkogTIsds
+VDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEIiy9eAyhl49VpASQAeX4i4
++gNwgDWHolSxkb6bovr2YBxB/PTLWE4c3zMadsxC4REO3ojaE3bP7dfwvnXXFPUG
+UBZef9rieo3ie0z6SqZxEUieJb2PgKAF6vya3aAnx2WLx2TmMb7iACmLZOFXdDp5
+V+WC+vaNDPtRSu+MX2ttvELFXgLBNoeTmRhWc1kcbR5biO7UB8e+IddvBTiUVy/4
+v6N8QxK9AmqV1apq6Gsx7qeyp5I3biO44ikMMvA+xjz4iFwikphlYEupmauD8mjF
+Pc5rK2DtI+n/lI891EoeW7eyq1pO1vmHTZxkOxwy+E226Yz4FB884EQpsb6cf9k=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4D 54 91 D4 15 C9 D3 01 C0 7E BF A5 79 11 88 F6 DD AE AC 35 
+    friendlyName: onlyContainsCACerts CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CD4982F558369A72
+
+yZvCqPFld3fSUveakYCsMgQXmpcS/+wqjWD5GQTtpyjSPLIQHFbd4Pig6eo+5JwK
+l4M01evK1t4ho4OlmtnnKfdcv7GCZFW/89DbrGBa4t5EiFKiPC1RGUt+Jp5R9HOT
+a2JjT4tB/10OFDm3zHbVRCzmrPJDWmuz/QkWrHOSSUx15tAPFiADpcIudYd+Hp9z
+T+o/Ee0LeyjF5f7tEkkcOcuwPV2IZoTCPbOHbf1K9YChDg5ZymFK3Ow/KOeraUCZ
+Jgiw9a58DsGqH+Bf/HTwBXkI56iQOD7Ttsld0dle3BhKNhpP5UxP7bS5LTlpDuwN
+0Jt7G2CtxG9rJaegKWtjh/0LWLrfQ0wiFk8Xcj4WX8nBk4ROeBAhUguTxGJhGR6R
+U6ILFw6ugCGuVqNY4hrLZ78qi75M0v30B3f3k0V+Zz8VtnxrbjCsHL8DAIrl5myM
+AnnfazkHAG90QGgMjVtb2A7g7GM/ZfTHjlXrFJlV/dx8JD5++3qzY7Tm9Xs/vnOC
+RUYy9OalBv8j6fUe5Q20w/HThw0TmoWVBHZ8TQE8uOA6lKbR7R9i/VNjLdZg018R
+7mejo4izqlvYDDH9o8h4Td1mBz+2eqS0aZ/RXAl1KpWPy8vkuDyxOJYYqbbJFhWl
++sCa5Z+v2A+tTGilDZx8qvEEq7ydcn7spOiKe7PNxMtH8YgWGIn5Y4Vi5sLQCQwy
+7h40dDz1GFxLXB4fRJ1GNSMl4TqdJs40esGBqR7xtXLjUFqni3JqFPLCzST532F3
+MkcshUQDPh7ZrfGkwj7MFCTrzXVzAVU5e/Rc4lHdw1xkIiNQkmTOv6aqzAqKMiOa
+sevdM1s594nF9kFp9Pkj7yWTFMosjWtQ2LlUL1X5d4NEeazn1d3sTz9fX5y5R6Ro
+07igIvPu3HnB4M/4KV6hNb630meufYFCD/pL1BZsFF3GkJakMMgtTYVH8ORkUZIj
+fk70vIt+T5u56QVcvMacamdjgFOyQ/UslEMa/1mjTZtDbxNQLMnLBGkIvCYUyPaM
+c/SSpGQ5+aGqpNzoj73whUW5TW6s2SmBuanVOHTuF0UJYb6A+h5zUuqT1U2OH80U
+8Q5a3Iwquz0f68zCFAedD+rymuTk6TKaew4SY3HFHcynifJlv0HJEtbIWgMF6ziR
+1DcQE1KMGywLvUfl6NAKmtXas/JBB1LyGVmZTfRVvBQ56Yvx5+EesUtBGN2sz6y+
+NsWXoJ76jTi+2xdapEevLG40OE/vW5P1kJuWhMJOftA8qCcpYVa68RkmLXIyONJK
+IKbaIKMJUmkx2GJt22UFvMz95Xi9GTq98p2Q2jcW+vRpWx9LiuA0CSQFauJ5J9CA
+P9Mg5b+PpZXm5v0cPlVhKH4b6oHgbwxPW7Z6wPsMwk73gkGupNSXcYrZvUOuKFHA
+yeWGSeh/oHv6X4XdFhn0GGNzwAWVfg1efRx1l3NNFucOTLz1Oyxnz81UQXs/O+I7
+FFfXpuj6vUXfC1KV/fm7KeIERLzOl2T8J3+iG+KIFzOUBajk0N2Hnor9pKBSNCPh
+fO8CjSwvQfARkk8DyuP2pTKIXS+p9+1cvtwvEPxb4WoO5G725mjbTg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsUserCertsCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsUserCertsCACert.pem
new file mode 100644
index 0000000000..d85ce17b3b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlyContainsUserCertsCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 5B EC 82 0D F3 65 F7 4C 10 0A B7 E2 2D 35 79 98 E0 75 52 C4 
+    friendlyName: onlyContainsUserCerts CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=onlyContainsUserCerts CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBTTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUTELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExITAfBgNVBAMT
+GG9ubHlDb250YWluc1VzZXJDZXJ0cyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKlNvTBCtZzuTltV3uYU3mQnxuNHBt+V6caK4kDpfW55LCuWYynT
+DuRhO3QyFs07Kwmp9x7wPJKscsFPWMdskNhF35bGpe+rofIo2vmNEGzC+uFXKEnf
+D/1Uz2c02Q7TKua9YwP56F7b9kOAYHB74K9RfWZZ41HdFRNLrY+uS3imHnkKHqNN
+Ad7V7eAUB06hNgpDpt1AMyAfJ/T8u9r1Rnq0NY4myhHOWFJ/Igl6aSzHDQPE8zeM
+5piM3am2Je4sO96a3SsDL7kgMICtt6DOjXCnewKgzt/k8YUMS6//SsDg3px/8XqX
+SN/qA0dFmrRI4iwn20sg3bKAQbNKQroHguUCAwEAAaN8MHowHwYDVR0jBBgwFoAU
+5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFJ28AKncAc3+HZaIfbWeT5ne
+JNIFMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwDwYD
+VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkPJByrONlwIFohW4Gmj2
+QZqLaHtT7vUb6sW4pd04EXBy4/8OmAz6giT3NEyMlnSaTlqSRHRLEXZb7RyuNBRy
+ixm1bvDI4nnHpVFhC2CU+5yORzXkXlfDiDl6KAK31CLxxuBeguHbelZJ8u8ERtpA
+9qn/FKm343FlUHVIje/7a2uo8KV3EZT+4V1oPVi3CpkyDIpMypnY6UmQPyuqstxn
+BVgfijZAx68HFb09yMAlL/cOONQfWHFp1igINJEiqE6j8fIlJBiqo1tZpmh6UHEx
+Zky3pmHgczfIlBlaQetjITOxignJAEbU1Wd3mBFgiJIAbNeJtqZNNNKM88zokJoj
+Gw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 5B EC 82 0D F3 65 F7 4C 10 0A B7 E2 2D 35 79 98 E0 75 52 C4 
+    friendlyName: onlyContainsUserCerts CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,05240ECEEDFAB262
+
+CIcl1VuzngTwNxm/PxWb+EnUj6m6zKj4SDkKR31SKSRPg8GY+uG82CKI9TqyZoNg
+pcAkXBt/hTOs1WyoqXrH8F+DsL4HVayMtT4qvXOz9x/8Dl2/phiNcBo9a1eMHHiL
+d3XV/pD0lDhp4OKrfovaQyINBZnjSTBIka4zMaEaiBIuiZJwrDK8m7K1Wy9qy/xM
+lHRWyTzuoMqoF8NERwDYSlK9P4/Kn4FmwjV+mcsGcXvivhOkCMmKxyOo8ryt+bSv
+gy/4USC3InOKCj7REA1MTAudUkPaG746f8irStL2BTLqJx7mjy3uNQ1l5QNcIHQo
+49jkxBr8E38Pwe982OcziEUAjuiRA2dzp+qz7P935G/pkvaf2htqCPj9ZoZj5Cce
+tL75XITV63gsklIJABxEzednnaa3qMTd4hZWrx+LW+c2+h8vj/w+ScxYsGLDFEvU
+Yw3lZixspWZfnqCltUX+p4/ZcK1RgD8jvQWLhGUGAuzxg3c3mGa5vyh4ZM6YP2Nt
+cuaClNBSuqU2utEFwf875GlEJnOIFbUZDg3dchZAsF9DjhC7x5jp7XfRjRsLZjPu
+tYqtJD5GCsmevLCL6VNO4fGYc/AH724QU8LeYsvFcqupAIs34cLa6JRRDn+tU+j2
+SBICRzfF36+jLPUTPEckXnfXrkTNheEfOscB3UisoR9h9LH5AjpAkMZofGPt+rO4
+0OhfeVUNTQVu8qLbInIehWbi68uOGvEDSFqqDwvpYG8a93o3ovXLFwzpbb9fFnaN
+2M1R6TN1h1ApFPNqcNApm0Mo3QTXhpkMoIM6Ik4FU9/4qQZ2rEMjB1yom3VImp13
+UPpxDo1OKcI/oyRwV1+MYUhpV5tXnVw/REUY9aQ/9+Xgm2wQ9xA9iqUh3nLt59HQ
+2Iu6TYzs8EFC5pmMPXhZ+K9vRNq9aeXVnhZp1Y0t3BkWE25Axu3vNiyLKkLIIwwr
+882S6qHcEsqYhvzR6FFmu0f7Hn1B/IkZ2ytIWNilRhtHgyHRIoucr5Lj1l2u/NO1
+jdlb1Xqyq6V4APCtL8h84DmMUv20aLTnYVjGWRsnNwpKs2GAiDyEr3DeiNg2fPyk
+XDDZcLOEKmXLLoAJoPPyH3eK52IrDeqV1NT/SR384+ri2r7NM+wMmI9QZbVBO4cS
+iQjU0IUrjlnxmmPRQB1eccbtZnnzzujmc0JHEfmWK7VUmd4VSjsN5EJyGxN3G8rc
+ccOYYasV9XeDxOf4yAHsSIXWeIIgz0gqj+CrPcOwj0er8pSl6ya+V/ajBRPZ5XKb
+Q7gBTwoktm4fKo8MRT+BNnAcOf0llh2Wtyu3Etji32hU3DsoNN0i7TaQo+nwhAY5
+UGUp6V/bAGmiyC6ZL2d6jfJJtQIXEN0RPfKXxm6Wog+/IepJh8NSZY+6DHTrXJOC
+aGM8WYdnWskbw1xWCf+jRRqpwPzitlcqB7yG9Ut6Pu45WUAUsRsgKnX/QzAzRXa+
+8VhCsYppYDmGjD4o9T37IiNOKyKQ1Nazy80yBmhqMPCCvxSGd9/grNnTzUkcMYHH
+X6QdSRCa2SOTyUl7Vwg3eCJPqugZWgoLG+k05bNWKZfljjbit95ZFQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA1Cert.pem
new file mode 100644
index 0000000000..acc2db9ec7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA1Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 21 E8 8C AC 8D F8 F3 96 78 B3 9B 03 AD 1A B9 BC C4 27 68 AB 
+    friendlyName: onlySomeReasons CA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=onlySomeReasons CA1
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiDCCAnCgAwIBAgIBUDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHDAaBgNVBAMT
+E29ubHlTb21lUmVhc29ucyBDQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDNCh+UU1u7RaINmvHQNlENRQ4u0my6Kk5jTprQKZym5xXcNnnlCdv/1h+J
+1ZRhcgkRl70/RucD7c7q+WLV1N7sDTOk7a6d6ICoXLak9piG4OBC5y+IR+L5vO/k
+qCewR3ORPup7RrjsrEPuqlJa9yi1H55BhzLRRqPvcsumsIzHdXN6BwT7a0eCHqCM
+5a2mh0NT6CKEbQrMMEtDiKdItUYDPsIPcquxIrP5uoF2uuERI3U1p5UXE3owxecC
+kvQz+dMGz7QQACKT2cNYhZiuZVtYfUrAvdQ/E6LOhlV3eRqdPYsFZHU5ijz75blc
+VYMUBFPpqp5o9tddcGPFs5YS2oyXAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9Fc
+lYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRQaNEJQSeH5wpOt3hW+xeO7gQHcTAO
+BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAqealoCILXGegRsrAUZ+zTqnaVC
+6DXA11OnQhUkpMvCWG3HLfNjEUxMUohu73U4akR8ByHKgZlY79YaZEpViC4ipDFu
+w/Xs+NW3L6g5p6sCCaqAa3YODnZLET6SOWjxxgBhmoydDr9V1J/DfQyBV3NNypS0
+UN0njf9GXMrkJ05eA7F1JXpAbnhHxWL9iqmj32jaXj/WEbiRriOq/puGvLDnLYw5
+1/DwmKYrIfXI1erTIjVvMz8XOrqvsfbTdaHtbQjGRoL8dT56/2OX7cfp6lP+Yeup
+Nwt/eHp3sUXspAWHgJWy7faNJPYyNJriNuYDqJ7Hwa3mT29ymBK5nPOBmNQ=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 21 E8 8C AC 8D F8 F3 96 78 B3 9B 03 AD 1A B9 BC C4 27 68 AB 
+    friendlyName: onlySomeReasons CA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3304EF028C8F37CF
+
+NHfxWzbgnnGAfj7B+tA4sHmQz1GYEAMeQGti7fyiIKAfQnihapXoQGld0qD6J7YI
+ASbY2A8j4z15TEtlYgNoqdPOOfsTqIJofXuYTnmWkKHhALUbMR3tnN6jNXNwEgen
+t12yv4tVjG7Qv2LVH0FZgAAMpa72HsvnK1keiO1e4th/QUIeLAnm2zyABfgRTSnt
+HumfEfeuMquGvSG8zQjAnLLqhrTngeMxm2so0eVn+WcohUb45HTGa/dhPsUJmFWS
+fyGyXiQ2faOb0AMkC3IYZGHymBiJU7ZVkvim2uft92ZDwl5NylpOGVbbbgSZ4rmy
+g+ABrIvOpr27QyxXMx9bBCGff1VyHTZt0B32pNuUjpnxpbq5SYJrUqPgvCYk+OYu
+YQlnzlrQyDTrYsvdWukZvEGNFrxsqlwJecdj5OOYkmNvOnu24xfFLjh26PYdUrJc
+/LM0S/qFLaffF2koWN2vv7Bt1Mhl8xnCMd+vjMR7NYO6VYcBH5Fr52P+KViiQXuj
+iz7ej0OyR6MsKEDqFokSS9r3k9VI2fHNFvAGie3paEaMFcZrZc5gIraOcZHcAsei
+pjf4IDFAs3cfzo3QJ4AxPYKdp3CwlizAgvAferGd1JmihtgJenJwsw6ODd2wat7X
+a5ae+Ax8mS5M7r5GZYFMtq1gc5sLG2zOkuSBMCxrmUdr+Bn8vDR2o8YaGE7TsBg3
+K/CpiTV6JThEWLaZOwUoE2njT68IgcS3FhkHWL0hMBhTROuAB+xwzg7paBtMbpya
+4UjP71tiAGnpKI+ICr+h1ZDCd/nxnlCVlYR8Iw3wIHzpUB64v+8vN7WifK21sJXV
+sh78kbAPYHatOAOhApEY83Zg9jWfwLmOIF87uLA6CLZ13DC5F5i01pELEqNaIDkk
+kgXOOCaDXzakDiedJa4PXc35cRLD7svTCY2S7F2e6sd9zdM2cvqNp2t9coS/v3LR
+nxcC4YFkinvH6kxhy+gClucw5DIKp/YZAiz6nxqqzyww8tFITAYew2BQMxLkfThS
+1qcONAvcNffr5v9vpz8eSDNEfsBnBnUZmTJgcFEOimeixkclEQsJmSSpHYN1242K
++8fLfTY4WwkmwAMVAW/rY0AdIZvUgjimQlX81qOxn5lqc7UdaxkcBwkT7SxuZzMg
+X0ee+Je3+Jewh0zlrmz9fkQPfEzzb6AEiw6VSQHRDwDz5HTH/YaaEdor9WkCE6eA
+uwjeu3KVMOY/AiLLoBrCacpYUVpi6ZeQwFENHY5JBs2GQ+aTT/Xp8CoChx6K3eyS
+QbVJA1dL2CzAZyO65hU3KRqYQli+XScj7RSNoI2OrmP7v7Eaxvp+6dK6g2e7C8XS
+HR9Z/hyWPBTKs58rHKU/jxOM+hn2XQGgbvzg4msuh8IaI3K30WDcKyg6FIS6pDw7
+HjWeh2AcnaoMosYTdrNA+czzk/LrMbRZl1Mc5PMPKgAGhy9jvH/7iM4nisQEQ9pP
+BTklbVQAycz5xJb5fPowoHgi2uba1PwxT3ITdoAOxebqHyqa4RFjSZ3q/71oCv/e
+sn819PGt3yVT5etC0lcoXDhQ0cUCpoZypLuHBm1aY4ePwMUKWKDh1w==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA2Cert.pem
new file mode 100644
index 0000000000..75bdd78cde
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA2Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 62 D0 F0 21 17 A2 D8 EA 5D 5C 7C 5A FC 05 E1 98 F1 2C E2 4E 
+    friendlyName: onlySomeReasons CA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=onlySomeReasons CA2
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiDCCAnCgAwIBAgIBUTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHDAaBgNVBAMT
+E29ubHlTb21lUmVhc29ucyBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDGAUE6VKx4EWe/9m53te/ZpcBa1Ipmkzzo7oqB0EQo+XV2rtBbKo+aCclV
+3Wz9fZ174ydCxbIuOWkIOHfy09Xn9mBOy8u5xehgFRv58p28VIaHjsLqW1rKimdj
+4VYIlXggNjWaRv+RU8fthz2N08yC/0qEYKGl/n4JGax7/T/EGBIUXGWMLhJsNuBA
+77fpt6kzo/CIbm3Ad4y1P7CvKIQpDRERlgz46qtBi0vI7X2pu2L0URYArkUYXwkH
+pmszmcovcpgZYEkszrk1qwoF3Mr2ETJoTQpyeYVDV5hj/5KcN1D5z5tN0pCabJS2
+NH0W+WDo9j7eVthnD6mTeWY3fQEFAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9Fc
+lYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBRgY9/SI6Qp1kGkrMqGeZimZQFIrjAO
+BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHGDsZYn3ZAIZ2H7xe+cnSisch5E
+jFuol+JqPT9CW/cTbC/HKcUBN5KEq7gIvTm/r7+Rc7kK+9I1dxxf9ZLxSBgfuNfw
+xUj1sn1h2/HLiQj/4kFB8wtFCTWhur28AELLqiNuMKyGKtJUXqKy6LGcfKaiUVEZ
+g1MH+DfVpST2FBGyoI/vdPyTt9wUABwUkPH20j7ff+u17V3BR3TwCs1tAkY89PNO
+YAcc51fMDEDl/9smo38DoiCl/SKWxYaDXuDvTdDcDsitsOKrolL+9dIToBes5l7B
+vl+soT0Xw+IQ+xptAUfchKxsuGL1DkWOsluGdSDdGhTOA7Hfm+szyR6HlS4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 62 D0 F0 21 17 A2 D8 EA 5D 5C 7C 5A FC 05 E1 98 F1 2C E2 4E 
+    friendlyName: onlySomeReasons CA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FDA79368BE51B572
+
+oKekLSBkqx6Uyjl8yElaf4zGCrOxoudKNxYh06k0k/lA1UWK9sAxF7/3oZidtS3h
+yS7UK8LOo4YPKkX1v4huKryx18H/TynyMP9fzVxtekkVrunzT2L922LhLvvxdXPg
+QgNUHyjZp/SYijbJCOgBRRwnuBonMfFQOgrOKTyVvW6h1Grd6kvgEVAYl6F6AQxG
+lEbDT0i0GwPO50qUciJJYTz+rGq0KsRW1b3PmOz7t38jOlRGXWZynSJ/SeHWKDDz
+oAAn3Xb+ct7aUXgA5saSTiCrfhbx9L96t6d6oARtHu7ewfq4vWbPlArir1iqwCkG
+p5xmPrduODLyYLEyN4+uHs++xGXkigRObRsVRPgH2H94h4Fhqg87qqOMD6+Q+yN6
+caU0fWywK9Ac5A5wuxJ7IdtGx05L6RmVGSIE5o5PMRLz4380+5cyJcAmKnTmjZbo
+7iRIz2Lkp+Axq0WyOt5sDraXEvgbs2BH3sA72JClj6YVC0IPJVFaTgwT7WLwSrSS
+KeXREsTm3mLOM++egUA8GNBGDDWvtsuHTYcmNH8m4kodWWocycvRm6mGU/Y7rq+S
+23n4hvMcxqpLk/yratJe76ij86rua1a05bxNJ92ITBpLAPVS4WBMEmv0UmllURDZ
+zShSIbQBbcEcWJ6AFkJ3E+oIIns1Ml17X4u+TzM/nCF56zGgVLz2zKRCtyTfMQ65
+Fv8xzHZ5h1Nu829er53WGSR27FIB+nFFghiZ7eQvm7tb7ggUrw8JxZoUXi2oRSWk
+btc6jC7iOA+8AMi/yR8p0HN8KliCL7PrKbyJOuspotxC7jIhzwcGRlKqfZ+RtaPs
+HXH1kM8vI0kCByL++HCNw5DQZZcwscQN0RsDxmN4AY7tnOTBwhTEGRjtG0eYw2Nm
+6Q6qveTg2pQeIlRcpqj5Gsp6T+OJ0OXO0qPM9YmOI3/934OizU0ZZfLQ6/2JM8Pg
+nEDuOyxI6vrIVjP1nxm22mC6dHU0Dc50bpw72omR/oMmLV/GzhSl/0quLqEvwG1u
+BgHLstIv820Cu2PCD3UGxiiczZeIYB9ERKDtRAywlBnqnqze1+6ZMPhGcYFyaW2w
+VI3e6XshIfztVX8vIyqxDKlahMFuBvplwPQuhnE+ELZi6maO3s6/wgoLdSQ+IiAP
+6xk6Iuk3K6SMG2kW/hs3RBumT2VrYBssiVwQIO0zcF5cExlt43iAu+duels7sgek
+AilygrSHgIb+ieEvsbwJrRkG5insPtcLF9R84KX0AZwLx3T8j/yeSupJ+3LaDHrZ
+bMCKr2sa02MWcpS6aa8YZOkQkGNn1Cm98/5ImFLSZ/DxYH20Ul/k1FqC/wMfGe/Q
+lNXpIS56L1owxpSsEPFrHJ3N4ihdGMkxO/kZeJvwyNehKa1pLvAtlChveYz6uqiH
+pZ5iy2frX2bAOT2U2fNEn0Wn1Lioa7My+OMawFlxWk2SQRmLxOs+I3jaXeMymzV7
+/ihD1ara71iekkG+NI/zpcQYmrDT+3DZcqG5m+r4gQ0wjf2blVuzBIx2JIO8abYu
++drPop9nCT9WkSjoGSMIrUYxxDQrMCp35T3EidPy4agVNBgP5xRb1g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA3Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA3Cert.pem
new file mode 100644
index 0000000000..a5308f022e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA3Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 05 95 13 A5 8C 32 3F 73 16 26 CF B6 25 46 FA 14 26 76 29 AE 
+    friendlyName: onlySomeReasons CA3 Cert
+subject=/C=US/O=Test Certificates 2011/OU=onlySomeReasons CA3
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiDCCAnCgAwIBAgIBUjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHDAaBgNVBAsT
+E29ubHlTb21lUmVhc29ucyBDQTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDW7KN86+AxdC+M9zUVhx3zrIzYb14p5bROLn0oVLrX2CrAzM0BJwy9Eyfs
+Kjz+C+hNSom6zZauHScCcW7Dq2pwYodhJYGccs+iFTppwtqOodXhiDEs7XiLM2tz
+Y4HTqJMH1XRgDZQemCedZaeQvqjj5kwycktkiVKfyHVsGIKYbt8Fz9QGNebCGhvx
+iwQ6pvMfOynEhCObgwyCU6FQxEn2ZHo3uZooJbxYnMiThFjdKzUyvBfsXaeawmDc
+vXwCBHYy7VFs8NikWYcek78Jt+6uoQ726NA0QgXz2PXL8Tsh3TJ6JqLXU27rxJOR
+Ih4lDtnYuZAuiWGi6T8hB3f8+DFNAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9Fc
+lYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQtJLeXhyzu2hy+3peEG6+gFRa+azAO
+BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFZ01abRiJllD1coQl+tPkFpIrX2
+/6vIvljOU6K15UFRovO3Hct4Z3hGszZxUtyI4ipGq/aLVHbjvW6Jd/CgCnZ76kSD
+px55iLVFepfaxksJjWWbE1Oe72foLiHztJ6tOzXT9E0NxXPxrZFlhP9gCN8tUak8
+wS7URFOorHCxznZMxZ+ADM6g77D3zBf5BxH5iNdxD6Caaz7ez6yPaA6APMY9tsiA
+jF7pW6F9ETMZVug9be6PpzNHxsWBjE6wkpl7qSCF13o2zvcsXzs5TkCjPQWk16sq
+f9Uvt+oEl/4OoyIQ3kS47aedWc3mL855YqCz5S7fwRWyhKSTIC0mFCaWyeA=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 05 95 13 A5 8C 32 3F 73 16 26 CF B6 25 46 FA 14 26 76 29 AE 
+    friendlyName: onlySomeReasons CA3 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B40F3C8577730807
+
+eISBvf614CKAGf9IwjMT68YoFuH4XXc2DV6P0M8yFhaKfZMZpIE0aEt15buADWk3
+PSTOMOiJ/V8Zi1EKHDl4XOnua4WfDwVX+Tia75uSwOjka5UxE0bqLOqekCw0hUXt
+HTV7YRuOd+uln1wnSxuGeRxyhOjPJ5rcdBrULgtPNqAJU/LGrGXIc7S9Cb+i4/tk
+oVPRjNl3NWr3RKMSRebw0P4Fw6q/kVUqLAfPg1aC0kAvLCkV6NjpiSD7xuaHuWOm
+qIvfezo4PtAZciNs6Fco0OEv0PTrfKrLV2l+tP6tDYitbxneaqWRKEzxFaX02jIQ
+q5sTF4if2ybg3cOAus89G9ihAZUIpQLWe5GLIMmw6TeaDUlUSRejhOmuetww9IGM
+vkgbtogQ4FylYt7RJyj5WeGH/7Q0GqTDxBzAlOLJTkq8jknN/HU2gW0PZS+CMzyd
+e7vgOhF2jNRw20JzLyuDAIWh0crmCKohhmeHbJ5MxvURiTLFEZaHCVCgdSYfaOvs
+lSmehPn2YVsHi03o1ERkcCkkNVI9R1WueGJnbbRCgcNdViWfxcqw+kle9Hq8AcHF
+gkuG2DzK7nPCFFUyQfJkjXSdkjnWTt/dG1U644/aslAubENl+zS3QabYmYpfQPc8
+9IIRW/+n2Mo43HNk0erF56Jsg/Av42gCaYeMIJhf4j6HEimjI4jaZvzSObkK+FAH
+kkt4XAvUaS76qNXpHFvtW3NiiVQDrfOIhyYcMFHjVtlMPDp8ttKozAMrc9tdVUZj
+gB4Pj+cO1T4QYGNIwyRwwOGm4XWsBD0qFVcxtgx+JyCsSPRXTYlw8GisaXqK8J9u
+TWDKYm1RBydNp4weVnJAPjLF4c2D2VXxnqXkwkhL37iehj3ZHFKKhiCL+w3ennjD
+sqr333ak/So853kAk+VV8EazMzxIB3bdr8Ok3lDy3mXBOkPhOR2nc7oDPPV2K4m4
+ECebBMUN/4FZu1zLU2nWizLVcIP7sfV85zCqWh5EzmB03w+4+zg2e0zXk7wKo+wr
+/Fwm1cO152aRe++B2VQaPdRL8bAFy+zqguwwJFJqDkK99xdL6NQAe71F+3r3MM6C
+RdV6b8GS1axdHgQz8FrnaUDhBeMjq2fTqaM+xHwaprmdGN9nYbnCYNFi0zdxoGSE
+7OtVGwT/ZczfUKiiWxBL8dXbdL9erFpEJanlIA/4oYXurB99wsjvrXArTfgYJc9v
+lF9DI/z/JYjM60MCLhaFYH/3WxQFD84/wQam1QHgOpZN5IZj1jOH8AXunJejYWnM
+6DCmfsWr4yODxjSg47+TAr3DnWHPjl29bQ52/DAM4qoVQKzLr8OWIlKo2djTMXr4
+IZOqFPb63gHo5zGKav5cRrSwT42k7OZf/UuBJNiqN/eJPrIC0wqWrH26TAr/8sw/
+leI1tGWFUH44CBhtOeRz8fcnXqAWJdPjtYsCXf713HirRs4W2WpNgraV+WL3aIg9
+zx20bPGaqd8zPE4rJ0vWqXyio9lVJrNcVB+93RD6Znyi+0VGZZKA25lmY+VdvW+/
+JpB2t/8kBzWFnyIR1XJ6A72PSZh4YrUm4QLYvHYenVbNH4aHCstJMnKHWJ7MzwLh
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA4Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA4Cert.pem
new file mode 100644
index 0000000000..c9936c65e3
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/onlySomeReasonsCA4Cert.pem
@@ -0,0 +1,60 @@
+Bag Attributes
+    localKeyID: 64 DB F5 91 85 C6 DB AC 2F DA D8 B6 1C 80 69 1B E3 95 A0 9E 
+    friendlyName: onlySomeReasons CA4 Cert
+subject=/C=US/O=Test Certificates 2011/OU=onlySomeReasons CA4
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDiDCCAnCgAwIBAgIBUzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTDELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHDAaBgNVBAsT
+E29ubHlTb21lUmVhc29ucyBDQTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCcUg1THz/u9oqguGuyVJRqpN2fztvDrzvEDldGjzRN+M27cnJSU+AkGwYI
+/orIzQOrI585VB/WEuofYlKna3bw2ARokg+swgs/hK9w030zgx2idKC3mNghUgJG
+EjBfzLDS4j46eFJX2pTginCtrriiga0tvuLDrJG0+deeAT6eBEbxEYNEsc2cPE39
+1yUhT6Q3kX/kF480jStykRMxKlms4y3SlyBKkbQ/DVYyY9/TLyDc4l1QpUQ+f22L
+R+dYJ9SRQoO/xFG9Vukpo2Yl6D13di9JgdKdNj1LPc6yG0zwneOgVwliS515MUQ/
+BKOwnnh4/0oboM6wXw/TtxoVy3uNAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9Fc
+lYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBS+ZtweDAY79tOINJFTJoENaBduyTAO
+BgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAuptMQ+7SNcCu0O5GBSXdrWUsKH
+lRusRE/IVoNjuhfjJthO4WLtAs9HEzz1OOqcksxTEm1XNG4CqTAoubmFQJ3eNm1n
+jAZTPqO1GZtrkd7CTtdJqDcM9OYF9Qp1HYTXxcz4Sm/ySPiJV9tj19ZKG/phx1Ib
+bLxtrN7i+Sn2Ym3yI+G4JeJoaVCcuhLawEaxj8oCoqNPpt0/gNvizwEmt/5yssmX
+qguxcvQvSW73Cs3nrTG7/vqRQz1gKMwBwGfZh8gR8ce+2gZguwAvykE2E4b/AL3G
+5nrfM4sMmlnxIVTbuyvO4MdefvBM/Q5wARuwkSXg64eWfefbvhQgx0TBQ+4=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 64 DB F5 91 85 C6 DB AC 2F DA D8 B6 1C 80 69 1B E3 95 A0 9E 
+    friendlyName: onlySomeReasons CA4 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3877C7AFF63F6D80
+
+y2SpiSz0QuZ0CzWgn9UD/m2tAiQ4UYh29P/VdmsLrL7zy8bbG6CaTDbbzV7e51ny
+xVPqSNKD9hrRv2Lsv6FFTHuU7IWxzSuz2alDWDUnXP1KFrgS85+PvBkLaJKTb39p
+KavK3TaQWCIYqYXU1APK7nLhpeem9nIeEv5GoToyD7v0FZR6JuLAPXtk9aJfTy0m
+cChwCRw2CzjHu2h4IqACpO8Kkhk+zH2pOd23OhERiTXOqMYhVmbmU4B2cpOjHIf4
+3HjGhIQjz3UWTBX3Jq++5VOkZJT2RrFaTwVGwd5nl8LlgkDEeKQyfGWzRykfvTn/
+oOAjANYNDur3ONBmy9o6sMsfOt/76n8gLbkXshhf/obSoD6hw4thSs5++fPANaf9
+/q+FDfx8eOsP0nVvV6mEDOFL6DYf40BnSkegdnfnbs5VRZGm0wb8y+JPWCy9Zs/4
+eEhJbRQZ1BncIIfSDcUchxdGaJMxh9zETjhLHvIQKdFgm8s/UNZv8wExng0DOV3W
+m+Ptv4ZvBqtjj4l56wAf669HQHpZEUNhgC4mQjfvWsYU66NRYPYlZNFs4Ys7QAwq
+/a5rCbpv0Gcjxum4wo2CFmuroFEXYecWndmoeV8EK5q28xS6pfFW3XSbAJXRsu3n
+IKdnmvywoyKZ/RQGpDffSLGXvTbwdiogHQ3PWtQQfkruJJKuBKw3U5Oh+6hkEdU8
+kJpXDAZRYU3gYEpCkIDPfR8VTZfiaHaw0yToba28gZhhM2h3BQqE7Nhh3c5kH5Xl
+ZzKmL3JfGMjrYwQ+iUpNdgBCrSIdQUAta38g38payjra8YbGX3DqPDi5CSkHXG3H
+zFvWS/MN3oGJoNKXQmUrAcWg3Nu2xzZN29gCPkx/+2eK+KZIZ6CzGuOul151k3hs
+2Fps7jDPfZejwpKKKLV3mhRp6lnSAqL7rTS1Z5y0mnzJpkqwLeGtytm24cgd37Y2
+6vtxFOKsqA3YHc6rNgk+sZlupT0f5/oyxE3Hy1qbnK4THXsCEEmOQFNY5lD5A6vc
+Jyl6g8Tlf22NAGL5QU9/aIrWIIV55FBVDBnk162gS2XFExLurgolcG0R9dEa82sF
+urX86Nio4m/QGELxIEqDReJ6QeCidE+yFQnm/gGDAjnT73aaN0oxTX+zA75MECqE
+iOYBdC87jBIJE/33LwxuOLDIOk7IPL/JJsQg6ZWJ6rTAlPYiqGldn97/+zFXOqC/
+H7HS/aWMnU4kWDbClKTWB4THUfNdrfuBhf64sAEvQpqW2d0AgeZyHFS1Esc3m276
+n3wDmJdQLSoiUEtlQ008n7uREl1aJhS1Yp3DxzqFrcqFytINvaXPgt8RU16HPyqB
+huYY9K4t83QQJ41GaEYLCOYfgdMTjWEavTWozlak3GF+APWK3e+hWf7+5NmIO5rr
+E2hic8Mjc8rODbhCddsbPdWZXPnE0h+LpSgG1Km4flT3Z8bNPbd2TWaGKCrYtGwo
+8PiC/86+aVLVaviT1lDegnNmUMVAhXI6tDAfJiUnqYToelS3KnNYRt/itRBp2EQl
+iaACuUMPxYH7u/VLVDp9kenwPJNWQCvl13a9vUKjEp959xGBTB7PeA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0CACert.pem
new file mode 100644
index 0000000000..9ad542d1a6
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 03 50 A1 43 9B A2 1C D2 AC 84 CC 7B BF D3 C5 45 18 93 E7 68 
+    friendlyName: pathLenConstraint0 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBGjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FXBhdGhMZW5Db25zdHJhaW50MCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMi803q1skF3rlRLLe9UJy2uHFEYjwqmpOnvDT+3GAFrYFYjS4u7307M
+pOxI7vPwlpRMURsQY4k8IGlNmXgHJLTphFdARhmPWskpfAfC/7mnNrYqvOCixnG4
+1EYhnCrKN7Uhni/l6AHT0cLp3HmnNXFq0YSWVpWOZ5yx7KpUld75+MqUQixEieXc
+PunjGC6MjHJQFrko5igrcGu/PcETu9ao2CQZdqnYb17ftxSiSPRUtwilTLEikINo
+tzklWM6HEO+aQyXi+Ib5UVfmYuUYZCEA5xZk5c1Q8oYd3EAvbP2EHQL1cPo+etR8
+K5IZ3zpu7rt1sD8Lw4JSFVNejDoZrl0CAwEAAaN/MH0wHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFJsrsko8kMVuUAHJIr1jzgnxjD36
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwEgYDVR0T
+AQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEAQMor5mePNE4lGLLT0vop
+fvEOCEJSav9+ufqqnH7BrMWQ7QzXH1pHdA/IgPAXXTRVWv2U83srUxERw6aAyuSW
+DJ2g9iW1ti3fqLM0X+jDLrCkjIpyeG+9R+uvEG48FTVEYrWr0yeI73K235XmZh+0
+vht6STnnrNNX+ZUS12wEPOes/TskflyZXcOcodC97gr+veazS8ghL5RPXKyIkBLn
+jRsarcwDyN8KQbSlsUtvv9nowqVzptishiTXHZRnKMWMr91gqVnRkhjoXPsRGsq1
+ytueK4tqUCRnBwrBp+nfg3UyWHfh+Nj6XG+VYkjAXUVytqZdX2rMFTh7qwGMH/zz
+jA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 03 50 A1 43 9B A2 1C D2 AC 84 CC 7B BF D3 C5 45 18 93 E7 68 
+    friendlyName: pathLenConstraint0 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7CD6E26377E7D236
+
+aqLPrf3wLKBxZiScg0dbhdX3K6sZ0ydp8rKlEonxU1efiG7eVWAmvgUTbXGt7yuU
+eqd2XvnN/voC3vAxlZbo/RrYRvpWG00MYaYBn7Saus+huZpmozXzjnMuVFwSYARf
+ZmYRsHuNANm6fzulndJZuPwu80p0H/bjKd5jKOrluHd2cap1LuiqYqpnjvcjxZaC
+Vpqnc4jrvprb46ygz0w+9Tpgc3XodIYjpG+DFNN7IDuh/cMZ5d0tz7NaYqWDIDzr
+b08A6+vR6Z23LNV6LNUhjQCefR7VVMjMDt6MxW57KZ8BWMIXikJ0ThmM2eL2nDd6
+a9ARzkATU7/nOiJoux2cRSjJ1H/faTVrMvhwhbVYCwTVSpRt41UO7Xxh0njzgxH/
+BMpCzSlsGFRivgCS/ok4udMWOPJwO71RW6ORCtdt7ZePw7hQS4dq0OYER9EHD1++
+wR1VVdHXu4FIyB96tPp0WLlSIA1uFkffGpOWp17b6NFR9X8KxPyf8G/mdAy3dp5s
+7dFEsbPFPw11eJliOSmasASxI1HpFN9Aw++lVaG+fl+hzBMRYhsYPpheysQz6IY6
+nMy3B8C25dw76ax2wcWM76BvhAw+ty1WbnjPKly2ScS8j8WFwWVNC1jEDDAJCV8x
+XDK4ci/1ijJ3QmxHQaqbi1vWhB8q+6lrM2OOr4eVgei1CKfSmoo2BAYeh6aw7MdN
+JiMTaI8xrp43urbKWwIwXxf+YkL2x8LElutZ9lPONmmtGPjYLUvpM8AIkLnCdQEc
+4hbhtuApw9K5idWxkD4Sn+wYlJubRrPluFLFkXhhnqPYn5ieHGbca+LrZeyjoaad
+HJ7KNjzqJnD2fqiLnIziu9oOYTUULZxHhoiXRvGo0r0S+46qLoKjxDuNzy0XL/tB
+uVr0yPQk5AGBSHa4HdOov881kzgyyTdYDd4JTHXnfOCwmdhqxkd2hx5F67yPEZb4
+nCOrUrU09MVwnlYpuPzgSSCefv0eGZP2ZXLA5j+OnRAODBxxRQe0rneowRInAIQ2
+a809IvmOX/4+vGSQ9jaOhogvRi6Mlpm2acrPlsZqizDlnGH2DAtk/OED36Hpo1xW
+gBE8gynqzEVXkc+23R/wF1ks0vgVkye2qtA7yBPCLDdYMKvjpWE8XEOtTLss5YX4
+mBQPdpJ38lCTRTojk63MtX3sQCaD2M5Kvr6bCgauEErIcxif40e5Qr7Re02eoWtb
+DnfsxNObcshEOzDoJQFcdYwQFiwPOZAZyeVUtxTauKWcR/vJ3kDr/GImixfqpaMG
+oCJEGN3dWY5L2tCb4D5QI7OdPQEDd+TfTcMGa1k+jYMv4c60TY15EQSk9m/0WXlz
+/s5TG2ZfVRUbUaBFEMQFJxgGRiYVEdoxVmUWSjNfLNFQd9x2rJ/gmxuTgaXed5U1
+tQcF+YygxikpPcoz9Ou5Ghkq2YxIkNVGW6nsySdEC2BXk/iZTlss59xrCJ72UkoV
+fMkex7R6Tv7vLJhwNdqIy+N6p8MU3TOQcsHAQRFR8/hdNznIGPlJWKtAjpWfbNso
+HiMygoAYBZ08af/78SJWzw/9Kv70oAWj+uXR5G32Uv+59g1jeorU+cYZzXNaXVDa
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0SelfIssuedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0SelfIssuedCACert.pem
new file mode 100644
index 0000000000..0f11d26320
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0SelfIssuedCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E8 FA A1 FD BB D0 38 25 D5 CE 7E 25 2F 1A 24 FA EA 0E 44 1C 
+    friendlyName: pathLenConstraint0 Self-Issued CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBBDANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+TjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+HjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50MCBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAK6/MMP+APou9dhuFL2cxOt7900Egk7KHnsv5qHiDiRd
+yxJk39iF3O2SK7dy1ChKhZtlI7sMznTFD6NrnR9/wAdj8sabFleXM7RMXGCNbKD9
+q0fDqn2pTxJ7oCk7BLjcdvR/coWmAWZo+oC6F/cdZuHAvNI5HILlOF/EbAw1UeNo
+XXfeay8Mjf54mnKGbZLeAMqwpy1Dq0KwnLhMpd54eAPaWeipqPhlAQ/Uc43sVlLK
+xAR+DD1dGh64vr84GTqtF5vWJ2vW3dC8bMiXqVsOyXHJQyFRNBO1f4QedlYiBby+
+MpxTjvjnRZle19hecvhW3ZxBKspQoOc2NveKAdKEPNkCAwEAAaN8MHowHwYDVR0j
+BBgwFoAUmyuySjyQxW5QAckivWPOCfGMPfowHQYDVR0OBBYEFIDrc75NmZ6UvRdL
+WvfPV3d0w193MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
+MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAFT0uTP1wQtXV
+2vfQ7uNjYgTZOtIy6yAKUZKbDssGtwZodj4sAMOqIK4Cc0unzCifaPFPfPS1qDUW
+d7PGUrKDp81rISzOr2XqNZGaMXrdskfDzghTXdwPfpFtxmEPg+ewamuI8zcRTfOj
+sxUB/afnqSBUqkRu5BB7iBE6Vd8Ig97SScxXpudBB/jsm2zf9Hhr4U+cUUQGJpUM
+tVi+MpRRhF5F5Ak9gf/FG6u9D5tawpY7y8nekPGbJqpFV0xJnCp/C0qaJbbTwU/L
+lL5QLVBpLCfdEevwI/CTEUXmLJC46mLDhN3mcCBK0fL1Vjj3k9NRpS67i3/m9ZzT
+ggRxSu4nuA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E8 FA A1 FD BB D0 38 25 D5 CE 7E 25 2F 1A 24 FA EA 0E 44 1C 
+    friendlyName: pathLenConstraint0 Self-Issued CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1421CCDA5CA29971
+
+VWBNKnl2soYLiPxDTW4GmlkAyLjZvpqYCq7grCWlVY0xPUiwuZVuQ2xArH1S01pA
+a1IY4ehUoUPrDxWxHo5MkdwyJqzmzpepR4/PebL1+/ZjwKZiyTATToIxylMxkl8/
+SWqdVOdfu7H7BriS6M2+nkpgJzndq9/LqHFj6DATy6jjg3Q+D4uaShLYTP6vXSA2
+j8eHHdLeT9E22ELwyVG3uXvS9T1Foyh6Kzgd2QIYhoQ/XCzcyuKH5kRrWNGWgWcA
+EgDFnZJu1ZrnNmC6vziAUqteNbo7FbUQi65G/X3JcHVBcCdGP3co1rD1uTOAKfBk
+R2bu78wlfOe1W0JripVuT8DdcPuyYZs/qrLep3NzpQUI//4Cdroc7pAlDRp9e9Ib
+D5+Y5BeJQ4TA9ViElixpfn6UIgsx8Lo/0P1sWEysEKQLHIQk3NuhZbhfcZ9ZmVq+
+/fQzbZUp18n7IhbmLRMet6LMb6ogBC4fh61xETxJtk7yIz0incApyD9yixB8KIAY
+dCcCdtqMdbnJRQ7IX4SsGBXkEuCLcpSg6zvrXQ4SQTlWgFETh6d1gziPo9YvYjDd
+Cp6lxtsmDCUV5PzgZTPZ+9O+FmJVhhgRENwFKr+Yh/ieS7YG6yuq0KmZbODthK/e
+guFNm+0UGOdPHhpe/V512JozwZcWBP3hQaXXlWW0QBms8rYUsxyNLUrAM03PlcOA
+KuF0S/6HpIpMvljeEdbPXcGRXY/d9yxZnUtJrc8IBdUVX9BnDOpLGpc8Qpx0stQa
+hvdOH1zOjQdmexDdDcWt7rpyW5Z89cRzHX4gMeeMKPuw+EjaMwUHFH+9m9CSytDD
+oG9xpo3Z8K+TGOIdYpGelGvceP/sUVVKOlfDCoNbBbdFXWLl87ZXP0a4iUmrUqz2
+4UOpFcN0Th2awG09f4Wwbzh0vNs0JK7SBWuTfBcphb2j0FZQ5S9WdUK6qzu76GIP
+XzLCymwCN9a1XyqGrESgiPpRHHLGaMBmMmSVaY2TKoQnsziiuxgh3dlWl53teXFC
+2fY3VI9CyK8zxfUs+0+INdwl52SXzoEyv5CmCDEH0EDoJKxiGVI/qp3sdRknpkxf
+MEsQazANA9sO1rfQbFQnHZuTGyiQunpXlZc+t4hjExdsgWF/RX6122je9BjGoy4Z
+O9s6gx8iJWvqoFaah+04s8b1cYjlCrHHInoXBJzH2wNDZ8HQpqz5XVHTJ9TAkHrm
+6Ocrl5QqKQf7KCuDmQWUMvkt3EioY03Rbbls8hLrF4N23YZqEWpBbPKeAM/TqdeM
+PhUraFZ2aBFxqrA62rEwWFEDBk9f4TuGMRFHPMP4JbL864ZsbyFDhXKJ5I+AIjva
+PWOwohY1PTs2POcNHrmY60MyhqSf1dpU5WCw6YSdiv//MNo57Tzbb7NBQsE6pwAQ
+HjOsNVDz2mz+xtZ1XFv92JjJwJ/f2BwuVQUs3tp8h2LoXxBlr4h6o13/e2rQ8P/j
+yF058yj/1hZp/KrgCEXtdGozT9yTP6Nnn2yXiyZHq5hq5pB8lNbLe2tBIj38bu72
+5Fi3nOks0UiE5o62V5lsZfwa3rMZT8ycm4Cvsd3qnk6iL/bXefNkQC0pAgHwSV/G
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0subCA2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0subCA2Cert.pem
new file mode 100644
index 0000000000..72edd2a808
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0subCA2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 44 1A 7D C3 32 FD A5 01 4A DA 78 67 8F 3F CA 59 F1 0A 63 4C 
+    friendlyName: pathLenConstraint0 subCA2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 subCA2
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBBjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+UjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+IjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50MCBzdWJDQTIwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDDwju2MX5clm28dBSlbJqozQEyqSyU2XEBKhVc
+YhHCnnW4Mhqtx3HEFzG72XX5tAuLhjtpQjwYhoz1Q/vHdZrzG5/rtbthbeWrVbFa
+pr+NS1CJqJWMFYfCITCOkWn4BoAzga7reEAsMGZzOsczR3RhtckeYQTfFj21H+pe
+zCcJ0DESZpBW8QAPvRm9fryCl81O3aYAV+bhz5ssnL3hhNtn5Ll1ZDVALkOXtOqC
+sJEkDQNJTaXROuRqUCs4dr/uLHVlOVbhlv+oND5n2ASTcgeyOra4PO24ZqKnmGUJ
+8QSDeMVZ+pauI6mF3MRWouEGQfQVdvXE4jJFueTa/EvvOsG5AgMBAAGjfDB6MB8G
+A1UdIwQYMBaAFIDrc75NmZ6UvRdLWvfPV3d0w193MB0GA1UdDgQWBBTGCSob+7jp
+PmhgeseXzrNYUXt23jAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJZghcKY
+Ek73C7WdWGwfUEVjvhM0L/R5LGNzvHur2Oo3Z3Yw3/J68QNKqtge2W9gMl3xQ3iv
+T2wu8Llxq3rDtMAuVKM29n9UK+rxL6GTb9/n5tgdE9UVQhzKaNvvR1pzTGmqne3V
+xHMi7bf3aC/1GVs051DMqPi99tFUCe761r+gvwQShcDVXRHKtK0bidx7BSKdiG3n
+1b+EbF6w0/xmPpIpP5L1XFJBfnpclNr57zopBNjsr5yuZ8FM17L7jynSlvbJozlS
+EXMUORtLZr9e49iI0vRU8+FqwMEpMsFdHY8fTnBkO1x/01O3x5RRBeYf3Jekmoq7
+q0KsUdvxjpd/KeE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 44 1A 7D C3 32 FD A5 01 4A DA 78 67 8F 3F CA 59 F1 0A 63 4C 
+    friendlyName: pathLenConstraint0 subCA2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,87AF19A419801435
+
+sHg4lcYFIK6ljU4K8tQmlG33G88gpy57yfEjbmWdg5SuiM/1LzjaQHHxHsFxBRP/
+8U6tYoAIGKaMLFRbu09YozlQDaqBNilJe3cqcdgM6Hk64vNQqoqnHqC+fEmSxTMh
+SYKPOXHbLOrNg21kBtZQih49UN4NbwJUtrEEvhI7nT1VCyFER5d+eYuDuEzg/n83
+3FTeasFmgSDQ5bBq/oajGi6RY8UCRKs1M3Dtz1mcy+vrM0drj3KCAvHcuAU3iHEp
+eqSC0ZREJc2U7Cx/jChkjLaqggLCXjlYTkB3Ejpgb1wa1syEfraQNwbp8Ru2RnL1
+rR9MTzme0mZouDfs2AVRvqjWTMIcled98P3CZ6m0+r8n4YHfYWY4BZxKmKqVERua
+4eO6bP8cQKX008B5AKl6REnODiWSeXFmZNpenvjriZoAncCozwjXbDWg4x7GFO5H
+UFT6aGLat/pX+BhdjzRFFWikAMRjL+cuYCfhkWCCKRW3hbgeT0K/W6+e3h9IRONi
+bJ5gp2hyW3T+OgzBsldZgnVSMfDoc7dOVzH7Sdo5S/MMb5RCe6EX/oVcUwO4E5eA
+b2s24kOech8QpvDSgVVqt889RqyYeALlzjHKKshSMs+ydSx0ukv1rG3Oisjgfqj+
+liDZCfwaDZy1V1FZvBdqZsQEs1cWxb39JwzoShC+W1DQwLOoQyesXz4xFbgSMK9J
+vYue3oj1wMxiGyUhf8KYIu3UYCKuOqnFBoLCxOmhI8GABloGfa5/aLMjd5JWBIn7
+JB4l+NbD+Umj0ZGISH4/et4P1x/j6wpljzAzIb6QaDHjqMOe09owdH5m1hZ4/ybQ
+T84P1qsUKKw2GDR/+e5CVcoYioSkJsmQDYNT9Q2s+gGBQg55G4JgK7CCEYsBCrNr
+sFYg3dJJIOqqRucwB9Ghf2UijPbj0O1SH0z7tpCuw2QQmjk3UMkWxslJQE7oi1Nf
+ApEhiNhGxNbr6TRYXBd8Ao8O4ZZcbgWnHVRWW9IXNYBX4VWsJMDjRnC9rWnyLakd
+xSoH2Au0/F14hrTm9uELPOwm4sshm/tpoGj1UfK/eG9WPFN6aHOJMqNmmOyH9Oj+
+YziswpuHRa6s3fAsawCjBfAZ8K51QLIXWmjMMWLpoYjaiP2kSwJmvvidRb50DKUN
+gMH9ssDZTLSNf2gKFgt7AClZv/u509VX7DBrC9aXecLzfOekLJraFpxw4tUioszG
+Xp5+ePIvD0PCw/poO9e0IJmzncvvBYmFIJM2m0GsD3QitwPF4aqWnViLiMfFE4Sw
+UP7vY9gOD/mv0qnpfUx5aBl5ZXlMsOJjOq0MKpp22OtpEAO+2UtKPHdhHAm6e1mm
+jy9fvzyFUtOwHL2T6m1bcAMKJ8cpow+y3S8/tyl3rFSE0H2NTdb4NIVqbqsVoHxS
+J7VS/6QY6Pw/8sEcuAXa6U23LFeJKNgVlzXU+46gs1DEOJBhtxmOjTSoAugmhWk1
+q58AUccS401V5a+LkjE/+ZguKw+v4YkfuNPh5upXVC1CEwTlEWRY7COIClftb3mU
+qci5/P5LSl9lI5hY8SZzUD+Oiur8QfYKTGdhqnwHVVz2ZWOSNh1YyQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0subCACert.pem
new file mode 100644
index 0000000000..af09d14be4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint0subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 6D 4C B5 58 FC DB 0B 9C 62 4A B0 DE 51 50 5B AF B5 3D 69 46 
+    friendlyName: pathLenConstraint0 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint0 CA
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQwIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+UTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+ITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50MCBzdWJDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAK30/E10HSTUTxTe/EMYjXq+P+oyGA3ZxAEz6OhM
+uPKZnp0OGu7/kIPVhWkfbEa9J4wKrbbMmk3gqx/fvbo6/ZhWDkFq/fjLvjkCC8F7
+CFwXrLxGAoGd4EvdGIUyZ5zUeIRZYWYjlC8J32dDAQvbGx9/8j9lOG/3Vm0cHXz7
+kF6B9mHp7OHEm4URyAKM1Bn2QCbsRCqkOFxWLh6XbREdKFYWFRExN9dL9rwOZ3u1
+psGCpvAjXq9dw7vvmrSqJAPku2N+qx9NUysonIUNKLf3q3ynLLK91S5C8KeXoGWS
+ujGRF1gnvTNlPcEf8ESRg53XokYZ7FIrxPCmhtNwnAAV0a0CAwEAAaN8MHowHwYD
+VR0jBBgwFoAUmyuySjyQxW5QAckivWPOCfGMPfowHQYDVR0OBBYEFBRiZxB90jfF
+cgbQ3n+1Fh3Ko3NeMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFl
+AwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEALpjmzN+R
+TIzv5jQAMokgflELINf1b8eTeG3Fz9CvOZ68dGJIMr0Qigr2epEQ4/KW9mHXUgGn
+8GwXvnraoLiq6/LyFEW6PE9yl4lpotlxLmMnoEDDno5rfLWgKC2uygKXJrwCMAxE
+6pNO66V6Qi4nWwXpHBwnbeAVp137LuKp+Fw+SwmcqSFFIScifwSCS5kFokqPUM9l
+sYJZg2bUDj8cMGKYx/erl/LEZOT56lIcZBg0v5ablxB8XrDA1nx3QDONqd6qBjzU
+FFUqgJpu2CwiZLZ77VRfjuF889mp8SHnwi5tPglVZFBJ4t+72LfjXgM32a7rCwrE
+O1uFD6QiGDQAQw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6D 4C B5 58 FC DB 0B 9C 62 4A B0 DE 51 50 5B AF B5 3D 69 46 
+    friendlyName: pathLenConstraint0 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,15EE4B43B0C84AC2
+
+nTud/GUep/vRr505cfJlU526WLJu6J37DfIdlQF8X6jpVWfjSxLh9GHtQtgSRFHQ
+hKqyI9CLiDVCZnJc26doAWBtbH3ZD43gp9vXb1cUzapt+fUQqUD1FyLweerMZlvJ
+1bMNQRMMPIw3YExnGgVFPMiFMzjZVs1frihsma9VrdOtx6F5VV+77RQjVM3Aqrjm
+TBAPpnPV+P9DsSkgb35dlqAePDnyRnQqHXnldoNdHFkTUVdlCp/uDtz4pKGgxlLu
+6H96vTu5yVgKGZBB7/kpqWNo7r9D1xVIo/V1RUzmf2KlIlSu8NYAb3r0Yw+A+CvI
+svrCYbs042YrN43tjx6/MnCarsERrExDlyeHTi2+0KAT8mrFlMIzsQ4IUGiWm9aa
+tbhgc3QUEMbfgxwQk4t7pGd5fi8+ylAsklnw9d3o7hlsCMEfhTEThB+6o6ICO0OI
+yOEQyvB+hDgs5eOekGx4xB21qzbGUc6JmjauWeQ4KOMO/YUceE57jNakoqCRkNZ3
++KCghHuNeUAkM8Z4DKpO5Xkh3PtJ8sg6Cy5qRUq6iMuhcjrqpRAsuI8QuNmSmgW/
+lSQZTqfR80iA6HJTtEYsQnTe1HVSAKvv6WYBAzU96ubCuD2MqZYP7kN+ObeoCbbD
+Peoz7yM3TKoM1KRUW13QslczXjIkecVgZlzWBRdTZMBdttMzvTsIp8TTRHEjc3zu
+qqwyMcWkkmHXko86NpStuSbiZV85/urDaAAOL/chWf9XLCo9CSo6XHsVtLC8W8js
+dFxURzelKqFg3pXYvhTE+6oHd1oTVPDy5DJyfkhf4thMrF+egAq+efdPTTRB17dQ
+eQiO7gxWeKLuKwg8jUQH1hTTKxHnjraAW8hhi9Qg3wM/5EbzFoVKjTvOoI2rlhyt
+FbJaZPD+gnr8uDjYouVxb+3lBnh3wiBlFmWtElG33kWup0MLJc/j1bgGsjOQkZY2
+smfzEJh0m9i5zrZXe6xX3copT6ZfeTB0Q3rHt8MEwMqTWO45i9HQVpmm/t2u7tcN
++hsyncQgWKN6N8r8De0wZD6PK3BDmau8nhoRnJS5MKsVZasFWK8+uRxYZiLtr+jS
+H8NNnahUEzovQtJzRh7B7XzvRrsbnH8UxmJmilHosg6L8hIouu3/Sb8X2zKmdsVQ
+hVq9+Hu8KsNQtJde5GccM07oJhRlkT1a/fJLgh+pV6eFLHCqt1Gww7VFoIVShpoF
+rGVIohlWG/CDlAWZZ8MNmjjr0K/T9P2Ya91PdL8Xvj5rctW0/qMsNJa4jlazn0cm
+Cg2DMccqrpJiQ9wirQBAiCouA7KugS7zNoXVKkKnCNEuJoRQqNjU9yOcaczk35sd
+lsh8IqeJ5BHVyyrpK/th0KQJMeNGMBLz4N5H/dXlsIe8nRcKWPUPmKL5Cf0saomI
+CKn8V3Q1nl12y0dV9RvHSnmu8BEWPEJYNZ0oGXeJgi4sA8iCRuxv/wpbFUiRQPuO
+kWrpmmN9HpoX2kl2eNaf6kotG0AWxefGf7y9xLSyC1UTBJa43D3zeC6fghmj+sAm
+//PCJ5yIJUgDHRoElFOXwq1B6gDuuzNODQCqBmiMSDycW42xyUsWWQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1CACert.pem
new file mode 100644
index 0000000000..a64bf26029
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C7 30 CB A8 FA DC B7 67 60 53 20 1F 28 36 2B E7 04 95 C3 6D 
+    friendlyName: pathLenConstraint1 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBHDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FXBhdGhMZW5Db25zdHJhaW50MSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMPMeBPiR7BFGHpvlxWNf9ogcUB61rzOlXR3ZzeDZsb+hslxASASvWVB
+nCbMGwoQyYVuCOLiWkTaZRxg+Xf7ZrdZUqu1MBNISS6xpjNsgk8SoDwRJtN/TZFo
+E2LpE90VAJRv0KBFrwT0CTAD24xCLF3y2zBLPX+lcjySi5HPshDckNHnARdxZ1B9
+m05bm4mDIqicBxFLqz33UZv9zNQ9E7UPike4HEdJ4vcio5eUtx0WPdeLXVw/zXfG
+qgDdRpSsEZPrSC7WkWigblGL+/5v3XpjuUL52ecX4egBKY18lL/Mi/7IGOrWE1/q
+4ucPM5lj2DVmGJ2PC8vWXyMdqjy27lMCAwEAAaN/MH0wHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFPPkcWD/FxTejSaFM34c/MFHZ/rB
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwEgYDVR0T
+AQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQsFAAOCAQEANk4qiCIoQEqCO3v/6FaO
+StfIEVgimKiuVHCxSdRdvU/53ullYEWRonqoGRGh4LLj+oJO+JgWYmstphMNPgQ6
+edML21rMH8HYOsj/VuT1akNeyuXT9vwIusPP1UMSkmYu2YehIFzJijxZ0jitX8Xh
+qfkip9xpgQi/R9e8Ad1prvQyhZvFvxkNTXwU/V2oZvvAcBZhsH3dZteTLc5dl18K
+4wRO2kcU6NBww3W6JtvHIFHKvwihyUpZckc5CrmvAkNopP6DCF3nUW8V3OBrN0gr
+7g8Vrt7Tx0OkWNUyJ/uInPrpCYh4IrXAyd94UT5L3H1lj+tNYY+NdWeOhkYafjSr
+2A==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C7 30 CB A8 FA DC B7 67 60 53 20 1F 28 36 2B E7 04 95 C3 6D 
+    friendlyName: pathLenConstraint1 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D09272A74C47A74F
+
+DU7n1+ZEMoTsX/iwSlvxElwPwswXLovRkKzF4XsqmkL7bIsFrDARDmCHOUhV6dJ4
+xl1hG0q4szx5kMnuJclVJNvwkBQxUwGMknNZM7oQxWkEj5xCeet8zhgdU0xuWQ6S
+rIfJ1H6QeNoLNSkEucwT+GCrhXrDtghzb5SZ5t7u6ozjJlUP+h+bKGGCA2J9Qr1S
+AfOqreZRFKxacvxoX4WFtLl4TGYdEi4Gb1Ou1BhT/OCEf8spfABJGZ+fmJq75TA6
+Gb97t204J5zdNOIxCVX+61K2l5YLyTLsj3yqehVoIkGd4CAAYy6Ua7wKARFdSIrR
+r/J0/32wQMG01/u/bz65CSiXWXWGLW0o8EPxZs18dYT7jk3KuLKkD5qDLYFnfL+e
+cnMDLt769aLZY8W/3sZkmuLLpE28ZN43+mtXKNl7APFkeIjsAmUt26zXKPTPGc1Y
+bAU85TKL5okI5opfNWAB4B36RkBBvB5RXv95KfkhTNj56w+su25l65vUwMouzOud
+Rw1csly0gLtOhovlo8r6Wd+qumhPFPDjTycttLKPsn5fJLtepKBOKe0XjS21AKjH
+8R2RMnSXyLSqlNr2UZaz3yPrtAmpW5L6o45Z2fRb/UKvez520EiH1+WEn/coLtdv
+70/+2npE4FDQBrYzSfjAYMTxfOJNV0BVLIl3TIKq4jeoyQC/ie9iFw8WKsvj325X
+cbl+4/W/K4KkqAYwt1BYcWL8UQiAZH33Ku0vxRNFKHodnx6ftby3p70IHB82fR9w
+wWvtaqYC5um+yrZsgFoGn+bqEGWuPuZAKkpITjKz270iPRLf4/HK1josL7fvuj3L
+3sP+SUrrLWcW+ZIFiISEz9i0SzAoRGefpom9XOEdssRNktq7nJj2fD1iTlOFGjF5
+AgaODEOFGFVD7DeIcdwqWo1axy3OMdjFl1gqzh6tZQIf4/0XyvHyrVHRSRJ3yTFP
+C1VyuunQOHaoYD60/ywFs65hTE1J46+/0RptUhyja8d4z8noquN0RCMX0gruFy0j
+tvB+FhWRAOiNLc0R3pwP3cDdc+mF3qIaJuRBIHIOirMrUGms44pDs7qAbeJ3QTiI
+o5v+vHbJbUFj0XoJIyuz9EhCs62j3NLz596XRQGUuX+lwM1duYxyz5ZA1/rrbHqs
+PF7OonEbFXeLwv3rr21iIEtA+jBYFoArDHtLolVamKDiHjJAP0HyzZ4ic+yqOLLy
+Yp2YfGRA619qm24MV5dwqxw17aVufAI144prkxo4Mxzr9Xluv+OLwQqfJ11weOh5
+Jm+IzH631NcSfiLNbrNTs8hr03p3fY6idAAM7fFha3zrfu6Pwx2OKOjn++G4uEM2
+zDjHsqx4pLoY1qYnPLyu2S0cTmXijsx8ce7T543EuPv3dify0aiN10Wm0FRB3wiV
+/m78qUydrkm6HQ4pp9OwxiAE0Z6xS7I9dxHhrkfpofyyqQWzvfjW96CMHXWHCJb2
+ME9TrGw4iYdvs6V9bfeA73nZfrGT1mY677wfBx7oKDjXD/pDu6zxfVpz87+UJQDm
+Y3I5KEi+6dnvq6CqbJ1F2S8w9JrWlmnSghv+T2oIIquvc9vBEuQBemYA8Wqwe2+M
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1SelfIssuedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1SelfIssuedCACert.pem
new file mode 100644
index 0000000000..fbda7aaa06
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1SelfIssuedCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 82 3B 7A 08 18 4D A2 78 C9 62 2B A1 FC D8 D9 6E 6D D1 F5 2C 
+    friendlyName: pathLenConstraint1 Self-Issued CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 CA
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 CA
+-----BEGIN CERTIFICATE-----
+MIIDkzCCAnugAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+TjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+HjAcBgNVBAMTFXBhdGhMZW5Db25zdHJhaW50MSBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALt/+8RsBtPmiqfzvoksZfA2tnzXWqaI9We0vP+zCNAn
+g3iq7xtccZB1wczjSs90P07TGNAo0kgzvRW4Cr1H66e8lpd7pj4TJtkW1lnaKQAF
+DGvF3fhGFgfDUPhTeHfEpaeJ2IPB8WfuDfaCvUkmSXkLo18Q0CTzW6GHr6Cc35iH
+3njaGcppyCgxRI4Dxn8I3civKNhjV0I/x5A/KXBh+Zz6eDRZaQABZqHaPwo8Y6hm
+KaXyAp8HhiEphaGS709jloFQAbS82FZEtUVD9Arrd3a2+cSXfhCgBV79sOX0tTYK
+Wzmk9kRWiRD9TZFSepIKlwsployk2rD+V48YyQ2wg1ECAwEAAaN8MHowHwYDVR0j
+BBgwFoAU8+RxYP8XFN6NJoUzfhz8wUdn+sEwHQYDVR0OBBYEFDS9ZOOfjm6YJQDb
+ZTauNAiV650HMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
+MAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEATw49Gv/qJNHn
+DrsMkLN8NPb3Yk99ATawO+03jybiYqsrr2w+r2aJdRHC2dRoAZEpkQRceaSI1LpX
+gESU9z5kNpVYCC/kRtqmWPPGd7/zYfzRG5shGVtPkqDjyhc7J0PJdTqWKafDosVq
+rOhNJmpRr/u7wrD/oQHxHcjqXpcKW1BoZdJyCd74jQG/89gG7PoUcz1WYFSwnOh5
+uU2zMFbp5w1b7eXBRBZ5604dFrbCATLbdqSXDTYvCuoRGknWHbM2eSFcwlddEvKu
+Q26ZnAEbSmtoGCZhC1tQ9ymT0IxgFr/kEA+TbE8PwPbeVExckBmYVYSZ0YbOaDbv
+KzHycDsvVQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 82 3B 7A 08 18 4D A2 78 C9 62 2B A1 FC D8 D9 6E 6D D1 F5 2C 
+    friendlyName: pathLenConstraint1 Self-Issued CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CDF89CDD9EF4A5FC
+
+OVoq/PNs0UiHCs9KO5YOv3dquxzP6vCfMGDWmwAjvSIIOqmFipriTd4TNwPzr0m5
+GpxIOAGwWCrehvOfURdf+54joX8MnEeBWT4RgR4qvX/whNU4Z1NRm8+lNd/YIy81
+IqKDgdIW3r3x0HqIY+edk/90zvGo8a11T525oefzpcKnvm3D0KJYfXhAms7PAfPt
+zPQ1tZoNTMVX7oee+k+MSmISCKY/ohumJafQ0TjFzH0bq8nZx1YdncyS5mpY7TOp
+By1zh7VaVpAXXGRLK5Sl0YLcOTgobr/dR1G9Mqqma5e7rauZxq928ZDWJ7rsoDr/
+Q63vB3YQBio8sODpBXo18Kehk7lmhUlCeLIOQAefar9gxY+sV/ZD9HeLzdb45RVJ
+qxu5F83LGbdn0Vq/vrxMbEB7C13qT3GShUrxUz7VsVfVeNevMlb11Q93+5mnfv70
+gHH9Q8OfmvRBqLuiWdxtDKJoOIZ2sM7sCoFRf6kisNybNChZDP/vNGdM+L+ErJHD
+ftMCiQTy87xDdP11C8lQN27Bu6rRAZG9qUFbmhyUhiE7CUftjmsXGquCGnSHD38p
+yPrazytt43xF4sq8JMZBYspY0rkbzagaM52p1eOWFDHK1vOpC8ZuQJKHQG0ev/PQ
+f5fYa5BqRLPm9KbZfYKFUYEmHtMUTe7Pki8SKxjX8YVw5atl5aoudYmd03Egkr0a
+7BflAySllNviGoR5qn6lKNRdvNwL+TlKAh7UjQBmHMOBsllsSJETdqLQ03v1T619
++Fv5qMjqiNTEktG3jNYwgXKg4asuu6xHYSQJQHmIHb1qJhhgnelFFg9+cAEA6JxC
+7cv8Odybhol0gOV8oQjGY2yLeuYLHPYkPDXXyj9MUC/iAHxJk8cvUwZDQ1dK416+
+sN1kwnX5Hcxge+EWyTgCt3Da0+VIJo9bI2t2UB0T/Q5Z46ZR5y4dMnMYErZkTdGo
+MXUPL6BOY3SdhF/ppkZkteExWytpSOnHSugi1GspgaJMX+23v/hqMJLT3IBlITRT
+1atH1NEqFFvctTqKsOgK8gG7VDVlDnmoE3GElL/qeoGFYB5SOltprQpoH08P/jw/
+1dUxoEEzr5jzRONL5uGf1bVnckCdouTyf+auaZ+ugZOXG75xHfHn15PspuTG4DuU
+Qz9jRVoZt0BIfpdlcANVNZr+eiTToAsfkfrfc/hF7JSnMAtU7kwRVIGPaS7p0Yb+
+PPTroeukMU0jvY6Xxcwhb3QKIlOq4HCIb+awL7A32fCxT9D4t6+fpM3dUbPKV/PI
+o9PoKPMX/UC/xCNQ+1AeSEXVQBGdMMJReDW+bpmZX4Lcpd3DZ6ejtOTND1KH7AYn
+lGx265A6sPN+nTAtfcJVhNiTv+6VyO/j3vePvANhY4wImCHVxeLS44UYvO63lpsw
+l54B/OlU6ip/gz25ZtYI22IEyDWKPBMIhytC+cnKQ2VSGi4QAR1+0D/G58WTU9qt
+SD/GkJQY2LzntMTdDyfKpx3FzlInI2yb6fjV/pvDOetza+lrD1CaDMOh3DBBMrZv
+Hvm3dC1znnwalxZsjArQrvFEcFVMif/NLtwVcJ2xOCRSay2U3gv6Y3qUgogVMXZx
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1SelfIssuedsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1SelfIssuedsubCACert.pem
new file mode 100644
index 0000000000..1e7b38fc27
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1SelfIssuedsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: A3 3E 09 15 BB 01 BE 01 A8 8C 89 EC 20 3F E6 4A 66 E1 D4 82 
+    friendlyName: pathLenConstraint1 Self-Issued subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 subCA
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEhMB8GA1UEAxMYcGF0aExl
+bkNvbnN0cmFpbnQxIHN1YkNBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw
+MFowUTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw
+MTExITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50MSBzdWJDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKZG3pTPn+SJPMjCLTMtG2fYzkP+dDAXVAVI
+l3fw5wsUeCwNjyYOa0sWOGp2q6QrBgGhVUMi/IAw0y7YzE1BWOyf0zAxVKSjTNvi
+zm2sYeC7eH5J+Yf7c179F0SLa3GwuDf9z18z8gSa/mtqszclsDK7SqRQ+wC3cer/
+XHZ0KfiAhON7XLkhuFoInS1SlvYmy+KCSJ6898kqWLhx4KG5kty77HvnB4uUeCCK
+zhaIaTTK91r/R1LCGpeU6L6TB7O4wi+SI+tkmyIqy6MUOG7wEEgza8ACGOT6cEVF
+GcJyX7dzo0BJ9J+WcSdsK/Ugh9WIqyCSNA20sHFVOYq+qOWuanECAwEAAaN8MHow
+HwYDVR0jBBgwFoAU5ZmWtcd9VUKtgY7HJfYYzaydkHkwHQYDVR0OBBYEFHkDh1Mp
+Oh6+6NQY5QQ0gyudEcfWMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCG
+SAFlAwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEACZ+k
+jPBCnY1vtT62m30fHrzOBlIhF7BxGFRLElq+cz1caazoP1UwvI2U/NKzjtdjYIQU
+5KI1G99HmxQE1P3Lao0GK7SMi7PrfZke+ULWCa1/NviZgj1wZIecK+o930xlXemo
+xLYT5kyDEQTaKXLEmwWVZA4YZZybcrDrGYzjcYmhVVRId10zAHqos+Md2E8OHa1Y
+q1i0lpS/3DjkHhWmOOv99c4Bs5TwmW6IRNjYYdnPpL69XyeIaVheU2KXIxVxrdhp
+hLn4CRDQ6SeZl4zb3WzrBKLWcLJm4JM/OTGRb0LsV6Qba0StWp0995lGi+tqySuU
+slTcCndmiCcZady6vw==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A3 3E 09 15 BB 01 BE 01 A8 8C 89 EC 20 3F E6 4A 66 E1 D4 82 
+    friendlyName: pathLenConstraint1 Self-Issued subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,50330B0885B8FD2D
+
+8Np7zgICHrdZR90w/givtroizFxRrkLepi5D6HGrPNhkl4sqTmwLLhgl0pQO7Y8P
+3XboKQhlKzmKT43bjxoVtY9IxDRgJvMvAc0Tt4Uw/16iYK2mv5M//8VxiKbwRbqy
+NeVYYPG7O8pGWO6FRAmjZ/J1pLxfRHzFbNZipFyl/Kt2/MhNL9JTrPETodC30/Nx
+Lxx7Hz1gBGXfOBXEUVq1ON7kBoIHeAEgG8jVrfgF1sH7APB9SLwNDEO7TMtGM33B
+0D3s3umJN4fWoSE73bQp+9o2L3wkPYGRjxInWEYrrkClWINvRwIiLsueIuzbdn8Y
+TqSsllbJyZ+VbjoVOiwrG4Ax0p00HLfYhibuXJqWAlV3WvCBTe3zTiuLiMqnf62u
+QeJhrRQ+3enJA0lTeFMX6fUm8T5nkvFcSulBhFAm3Q7JjYbg0fDmA7uXpDKQIIZv
+XDBxzX3QMH5KGHm2uAHx+1eLEpOJ5Tj5vCB3h91s0mMFpOyCAkBatiaKYgDo3AVr
+F2e78b2N9NQoDxMZUSN2310Pd2tIiCQJFdWwBZRS/LBv5sbgtsU45YYITRKH5Wxk
+sY5WqiCmijHHtVZq9rmbJJNbst9TV452bMsUKk9gbDvPOX/OeycXrlrDzEz/wlTi
+Y1t2X5ZbZTbfofMm+bw660Hrl/f3QvH2QLcL7FAu9bLcw8ToeSRcuNK/1HTKbmuP
+BW+gWRdiAlVUFUH3DnjMw2KvUVMDSqx5Z2i2YuoG7uLxY9E1PLMhA1eM8bzvFKCz
+elwyJg6/EsGioURgxdRg34PGTADUEIUxgtEbr0P8LjCQzYOxNtFV/8VbhbIJAqqy
+I5eKqkfIeRisoP7D/zCpcr5zUtzaMBr3XwrgNVzwgiedX4ytMidAJau2DGtDcqFK
+8khO235lVEf/1E0g35it+o/cVo1JCpAFQXvTjaGfN+9OCkSh9CIlF4X3Kq9njydv
+5Gt5uHkIOxnJ5v4n0HILLVmriO5hP7IG3LuhL+T3CRc7FhIfi24aZSj//kIUQxcO
+DDE0fyaGsaemmH85kkIkhVZx+TDBT3cROKG7CPc+tyzqhrZdga/O0+9hSKczs+K8
+KqAcbSTsp5PNCvxHEqWyBqUOnGdsZHb2qbnfOULa0908SKyBT7Kus76qATNY7DcA
+M5G5/dOQkD2oMkl0kHOl5LO+ByTZbOGikkyKvn4/B8GEOmj+5NIr4fs8T8e/8VH8
+Tker6YzzpLNoNvaok3WTkeQR8CnO1mzhqh3kgejOttaa1Tfv9+Ho28veIIXxJOYM
+WPdRbYVWUuZCuncl1wcn0ZZN2N+a1T9a+0d+OTZ/Fw+g5pED0YgZk/9NP6Lek3WZ
+y+HWHrrLBOPPUI6jddMQfUgk4j0OmIhgf0edgRkiTze/ZlRsi7a9JzYug/Q3BD8S
+jlyb1SzItMP1JVnqFFuBxChbUGgWFvEB0Bljq3o0n62ADNkk3VEYzmV57O1h6iFO
+SS5veeD/e5/IUq5v7VeLRa70MJ3HxygAQAvzWtimWlBiyR0navwXrdJsDNP8+To6
+CnYiJxqPh20m2lO18bES+b555yUPzgO2xvyZ9ZIjynvYelFg0CxXmjyHoidVV96v
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1subCACert.pem
new file mode 100644
index 0000000000..8c4fee3e5e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint1subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 45 C2 92 B2 42 06 35 4F A2 74 24 F4 E2 ED ED 1C 35 42 2B AD 
+    friendlyName: pathLenConstraint1 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint1 CA
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQxIENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+UTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+ITAfBgNVBAMTGHBhdGhMZW5Db25zdHJhaW50MSBzdWJDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAL4T7DpvoO/ymsui7e6SJaKtxNET+dImelMFK7Ao
+PzGGaXiDHKbPPV82MQVEICaeDZ+CWe8+tCRGEttlf3xFplzOg7glM0itFpGWhe88
+OtUwj4hLG6TBqu1W2dJU3B+JghpHO67brDoO+AQxt2juJIknR2AwYwgr0MoylA8h
+TjSVd6aLsQfaRLdjGLEzbev7Ktj1LkRbykGx0FeoGiEbj/fW1Nl3RJGS9aeiQnPL
+FoxjNAQ9vDOMB+xEzLEVYZAHvXVvtYGxAHywrPYZbAvrmm2fty3sLN0g//uJvbOZ
+2EbL601Qu1MAp7yFhDFl7YcsQxQORkfx3gO/noeud5np1KsCAwEAAaN8MHowHwYD
+VR0jBBgwFoAUNL1k45+ObpglANtlNq40CJXrnQcwHQYDVR0OBBYEFOWZlrXHfVVC
+rYGOxyX2GM2snZB5MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFl
+AwIBMAEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAS0A82n0i
+4CFz8P1KHyyPaO4QK8v834S0An0Nx2G/zEcQM2SVYDjVKbls7mNN3KxtaMmv1fS0
+kfdPzYAvu7asEHTRaM2854OI+zBIOZw0l90/4cCxdf2eUCphmgKehy9CZ3BHEqVE
+iPJM3+/XAxlU2WuGWblNiHOFHKl5rXlkGSBscu4OV5NHay75q5nC/LVaMdugWSAe
+xOOHiLnV+H3Z+rx95aa5/uMn1TL+N+QY++cC/ug/vxlfOEeFhCWc8VhuqzGNtFlW
+Z1FR01Q6Rxs8xRnyOzZs57dTdSA1bDu1TnZYelrn7N5x+RlYixJA6M9fM/kweeDa
+WlQQJJGrznvK8g==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 45 C2 92 B2 42 06 35 4F A2 74 24 F4 E2 ED ED 1C 35 42 2B AD 
+    friendlyName: pathLenConstraint1 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,720A13E00C693308
+
+iDD+bcmeaPqbuEEMzH04sORtTsOUqI+Khjd33vJEZxmP9yClJfYf9nmM1dOuUNCm
+Xtb854TzIsssbKbWdGfE6OrRjS+ivHRH6c+5SOYL1lVwbT9Nr30NNf1fUJYF6Ogq
+c+yeE5utte7a2xB3mhy0/VqsNogsiLqDte7auh0MIGFg0dACe7227UEDqLqKUPGW
+oLfc02cCdMDxuo7m5AxyDQIokcNRE7wiaX9cR1ReeyyY9oy7F5qWUYqA6jkhQNJZ
+sW3mscZWkWWtCuhiVY+r/tKqIGf0T/+s1PdBUlcK7cTVgECJygoC+LrYYSQuJ+Lp
+A4vtaXegDxgzNtXX2wCMESRIipTdXHhUJboKT/Z5O3y7WsLCb4YL8RZ/61y1qNAa
+a/177gG+iz/Cb3jOxYHZt16O4qvhQu1RVs1N7oexIcF9TIkZs5Z5IotwLRQb5aLH
+23lZ6TUkHBgyOLNvkGwmJBJQfFWL/dfST92ak02jnKTtkXm5ypEpg/Gn+ZpNSauP
+IIzBPoUgyWn3RCq4F9zYl7yU9tkOh8+JVq2pJSJ75RMd3hhoH2ivSS1zDsc5cPBg
+IFbq1Dg2T1BlzWQ1VhVePsEf8Al49lVcRTMa5TzrTH9wzpWZypxrmjr9PM9vKWvL
+9ukZrz/KgBGo9uLvo/sDMD9GdRjAJ4t8ACUHGdtC0ZGvnZjKAGNxyxNkEt5BqgQr
+3MkltlVZyQDIvr8XFMwlmbFzQI7H7XW8QQljkdRhYOHrcsbxlvo1o+PrSkb4XeUJ
+Mbu9NnS7ale2a2+YYDQfhoGuaaw1IrtQnsiW7Y1i2Pm8vDEtyRWFg9QvUD8mzLkR
+STL3thk5P2+q1/NlBI524aJ0A6vqpSCYFy677gbSkDaD+golnd8PZJe6s4bY8NnI
+wggSN71/7hWoAIvb+IW+zHQQ/i7KEg7NZ6y2DZfVTqCK81QJn5a2CNesGqEsxyD/
+6KkQ2mbZFoN92eAqwaqL40oNbrkp4BRqFKYhE0mEJHgjhlDQbglSrm8r4+HC2Cla
+oSQqlzGWSEvNHdY1lmhCd5qwcFB0T0dAbw0c3kr7tGwrnG53rdbvV9KrkpHfn+VO
+T+GpllfqWqlgsVSxv912c80rmGtTi4kTbQmF31hEgmIjVhtT+0Af1Ajf8vi5zrA1
+rWUAEfxmCPEgCkzBZKM5hZdOybAT1vMiLR7jft3MUxVPNmjnVOxBhFX0vo4t4bq0
+hXLRPdOVh84NfjXMu+hRf3XX81ltQHPBPNxoOtDWcPJwvGpyxucQYIYVbEpNW7AI
+MMR5AeMZkRzk9U0JYt9H8GMJhXSK3N3+Ijwul0cqS6b8nuWKpUjMWOiJkC7MiOdf
+UTJVN32LRfIz/LvYC7iI4lzSdBzSRWa3Tlxf2IGGEYWTPEnyAcH7/2E2nM0c80UT
+ElvBbX/KFyPow8yVG2JP6uS7P+hSWE6NRBlbet7x7+uG34mI/jIdNK7gYhKOAt7o
+XMNh7YizvwwKTYNs6cYZnUSYEvGySAm1NUZCTD6tc6N9UGIvF5QhsGYEmzacNqdw
+NMMf/Kbeko+TJUG0K+a8UJRGDOo7XhOq/fQTOqbYqKB9roxDBfp1GA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6CACert.pem
new file mode 100644
index 0000000000..e5e01a2385
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C3 6D BC BC AA 5F C1 9C E6 3E 47 A9 CD E7 BF 45 52 1E 95 35 
+    friendlyName: pathLenConstraint6 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnWgAwIBAgIBGzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowTjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExHjAcBgNVBAMT
+FXBhdGhMZW5Db25zdHJhaW50NiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMhrG5ilLNK2JnW0V+GiT392lCKM4vUjPjAOxrg0mdIfK2AI1D9pgYUN
+h5jXFarP18NT65fkskd/NPPSbEePcEzi0ZjOBqnaUFS+tA425QiWkqdld/q+r4H/
+1ZF/f6Cz6CrguSUDNPT1a0cmv1t7dlLnae1UTP9HiVBLNCTfabBaTN95vzM3dyVR
+mcGYkT+ahiEgXDLYXuoWjqHjkz5Y8yd3+3TQ2IsyrmSN0NJCj4P/fC5sdpzFRDoB
+FYCXsCL0gXVUsvfzn/ds1BUqxcHw6O4UUadhBj+Khuleq0forX+77bxFhUnZkGo5
+iO+EZhvr6t32d7IG/MKfXt5nb25jypMCAwEAAaN/MH0wHwYDVR0jBBgwFoAU5H1f
+0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFK+8ha7+TK7hjZcjiMilsWALuk7Y
+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwEgYDVR0T
+AQH/BAgwBgEB/wIBBjANBgkqhkiG9w0BAQsFAAOCAQEAMJCr70MBeik9uEqE4f27
+dR2O/kNaoqIOtzn+Y4PIzJGRspeGRjhkl4E+wafiPgHeyYCWIlO/R2E4BmI/ZNeD
+xQCHbIVzPDHeSI7DD6F9N/atZ/b3L3J4VnfU8gFdNq1wsGqf1hxHcvdpLXLTU0LX
+2j+th4jY/ogHv4kz3SHT7un1ktxQk2Rhb1u4PSBbQ6lI9oP4Jnda0jtakb1ZqhdZ
+8N/sJvsfEQuqxss/jp+j70dmIGH/bDJfxU1oG0xdyi1xP2qjqdrWHI/mEVlygfXi
+oxJ8JTfEcEHVsTffYR9fDUn0NylqCLdqFaDwLKqWl+C2inODNMpNusqleDAViw6B
+CA==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C3 6D BC BC AA 5F C1 9C E6 3E 47 A9 CD E7 BF 45 52 1E 95 35 
+    friendlyName: pathLenConstraint6 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EB5F15F1B77A7EC6
+
+7I6S5ZvKPebxjsls94StH/51kmz2SIlFmdbnTSupmGJW+PpIWv6zZ7+TOXNp10+h
+YJsKVf8w33aezcZpoK48S96gL79Ws9rrk/dvbOIYOJedyVOrXNoAtKUO9SUH3wvo
+OVxNVVCMNoEtQRbv3IGGR+gM4zD6RCiIrYmjOAdI/yGh21iF8Ztd7TC0kG7vGdU/
+86H0rySvmouByxGiOY2ri5D6DZh+oU0KPVgc//efbA6ntDSQuhCTeTSYB9frRz6q
+H97ZEUNCcQdXMETx7KTpbrd6+OaQo1CpMOkfm7ve5ILSyAjIqmq3QBBTyyCKIlQy
+OAb7DCLF3X8zg3tv8wlmtogAEswE90KsSTXJTNSnkjH0X6/5jG0IJnqh9SMSWubo
+AKzuJq/xuW1hBupwdsPZG7sGTIYLWSDST7IGkDwV3mKFr0LzwB3ytTfl3M1fmu+n
+VxWv9WqojPhC2qHcV4R1Wbr/ZymlG/rtocfQWOsLEmp3kJizyWsFtNClym4lpi1k
+t7PKSWTrOFnhCjM1KLIkmH5uUl9mompsBL0ex7ztfgFSad6M0rQDNuaM7MEcDLd0
+eCM5qPoTcLwVJ0Mz65v4bntjv+NjTJIkCjxJiGJ5qjDikcEdqe/Ii9dy7EvCS1na
+juXXU/WmVr9+XFWKaUrV6yq1ZvuQSbNhttyXB4Y4ywZNUTaXVoeNseg2RHc2M/h7
+tmHxyrAZNCd7hP1OFZ8wGVUfCa6r6206Ifa281NMaaGKcjma3x1GYBubuhujrXFC
+Gn9PRDRlYDfkGQ47j2SxDQMoFHuq34vs46HpvITyg1v7WO9N0rRj1iWlk7fUr6jQ
+VCxO1x7HkfrEBcea8eRiwkxHnb0uPawemuDjei6axlkQkbefNgzSBeJR69XmiY6h
+vDeMHzsfCwL8wUVPowXOHCTsZ1l2GrJxClBWDMperBclmFS6GSnumamG6cSCV68f
+Fq6PR3jIRjeaZ6DsSTrMNawnWSFYgfiPbPaEmLJWjwiI+w3m9xUAlCquswVGcmbp
+L0vxByLO7onm8ZgzlsYtGI6zttmbOo1okiMrCQbNrcf6gJ+ujrh9phpOHezrhs7t
+Qut5bWCWlwMXvXhtGfZAZP0r53CVEtjVvRocOc5vQFbQlQgtyd89zpvKFmYfSsgC
+XPb0KTIBJuR/Y5ZcK1I7AVXmtomg5Zls36V+eUylWG0DPGqysYABKxfl6XP8qG+B
+jZ28rpEt2NF26wcN/fBpSK0fPQaPZwU95C531jsXxPbrF+eqt742aaXQFG/Vk7O+
+iHdm/wo1uK4tm6JlOMU7qv0UtuqBzTKnr9TBVcaBwSQiPI9xIOlKmmarfbdZ7uFE
+4E4r0qhVH5Q8tNBmUN2O+0zUlfj0jyz4AWYOF5JjLPecBMWJOq4dAAnm8xBBx8ED
+6b9vIgl7t0T1zQplTUO0r9VyUZQuIT0bP4mPu6cnbkaVUP+LgaaemK/3cj0fFf+W
+i8G5CgcRLzGk4B6VF92veMYk3Fhci+ASUjQaT4yAOSx+heSUQeiYBfG0vCa/f/E8
+IUfkTdYNY/todp9wNRzaDh4Wn1F3CiJR9CMzLiccNSe9uZ5TPszMcg+pFMQXVyIt
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA0Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA0Cert.pem
new file mode 100644
index 0000000000..5c2b861a06
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA0Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: C0 70 34 C0 9A 8D 1D 2E 2D D7 48 F4 47 47 6E 89 FC 22 A0 28 
+    friendlyName: pathLenConstraint6 subCA0 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subCA0
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQ2IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+UjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+IjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50NiBzdWJDQTAwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDpgGQKv6ZtxqisbQnblDFKz1kj4LQRZTaRi6ly
+jkFMlb1h8OE3Q2m2uQd/HnayH57gKKvjvo5mdYe9AxjZtQKlnfvLvnEckt/2jx8f
+PnD1owh9WnFxPfKk5KXFe07v2S6PnDJB9KeD5gGrGGDBPFtnN81rJ6CgFuDmO1TY
+WPJVlZm+xK1OCPP5iPUT5DiyE6ouVLlHO6IONz4XgeMfjEa9J4Y3n5V2J0w4pUzV
+P/YZ+afXQY8r/Gh3Vyx0oKqdlYjDd60Ui8iw0SMd8DDyTaa9wW4LGDolYOjB7yna
+gW//Sxd/MZVwmcKmq03ZAlEIs4ew/+fBPYqMox4SFI7AWwzXAgMBAAGjfzB9MB8G
+A1UdIwQYMBaAFK+8ha7+TK7hjZcjiMilsWALuk7YMB0GA1UdDgQWBBTPdnaDc5Ak
+x42jbWd861LA1NTtSDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMBIGA1UdEwEB/wQIMAYBAf8CAQAwDQYJKoZIhvcNAQELBQADggEBAEB/
+WsEKvQHARpddOd3k4ozzpgZ882UmNgb+9ILrMLhXnJUn6JWfSj2jSSmhDmiNqu3b
+lmzVVDBvVQqufpSIUK7/GB35AELTgoeOtepDANoRA1LJDJWc0gUbtKvgtfvAPPVu
+19CzmZrYLalyS+DMF6MWB8WfSrhtqdCKH7ndwNqBhW47mwO8OHAmpnGfCcvAbvMi
+UzrW7IoONO8dyPmUyLiscuiYzceI5S/ht3LbS/xHQeqFPslESirnsMrLKIFewqVv
+TG7ODfcxBGAT40Sa02WABO3qPzcVnDPqBuzWHXM7Z02JXOkzZqcjH9bYpmRhz1vU
+ZmqzIuGDS7/JLvKJekw=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: C0 70 34 C0 9A 8D 1D 2E 2D D7 48 F4 47 47 6E 89 FC 22 A0 28 
+    friendlyName: pathLenConstraint6 subCA0 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FCFFF93C60567CEF
+
+jrP4Qz7OJDNU/aoROu+niRWYXpZyOPiye9vSxV8i4mTdagBX+O5ZG8Q+R24W3zkJ
+yKL1JVawZfxBbc0XgUhgan4TkI8664PxUIknFLvN86GT3O29USdOBHzCcrHVY8p+
+rzmc7gcZP5+jiSbQVHUhFfU9iqR2V/yN3xOX/mbTEsKT7/6lxgpdSiVaPxy3uWpU
+Sbj8FBGNPrgIotykbO0/itKLiJXiJchX6pFwzBXteqaouSqJ889u684/eW7rT2fC
+Z7r0ELGAVrc8TjbxPBzrH0eE8uXB3tNwYUz5ClLjJNJikyuZ6ZOKHaSSGCcGoVsA
+aghgsi9xiOMHjd/+jsOF+ZUvqLMfRc628e8ZGN8d6xuI6DwtKrXwTM2URZG4dFPJ
+Iy/2es+y3GaLFZZq006h1U7Ch7qmXdadNZXyrM/UzWDk0ZjfkfeBSswbpdjQkTnO
+pUFaWTRo29/BBZdyPk51OsGorv2P1AJxSwieMHUDbV7lV9gfwQtZWWQL2Axx+1TX
+CSYa8/fCdiODwt1lZZO7SW6nOvz/izTfTNixBhdiePNZcUPh0YwedBZ4A8Pt1LML
+WdPplOFc+IIzEhywJ2E3qJDfPEpX6URdzho4fultjyF/pDCIOO3KMSNVwQ8JOSsj
+AHRenjepoKMoHtCiIt5y4Uy01FbAHOMc8y7SGjhb76rEhv0Tnkm7NamnV7n7jG77
+Pl+2DDMpVLBIvMEddUTtZOihP1HJ1m3cWiy4fbM7M/t1sUO4sM58bz2iHVXnPRCc
+V93UP8A6XnTgB06SMeih+nYBkXZ5xoOYwH5u5dznr5+nOiAPXE6y6Cd4kOFKVSW/
+74jQTurdT1locsjLHbiEEDziy+0ECZXHeOv776bnffDVSREa2xtywhV/fXDQFdxr
+QxXMlx9OSz0MqDeXEwXXRbaWTWnYbhygPWHoAx/dTHJVOWEpj1SkjBAZXcZRC42i
+/AMLDjTw2/o1BssojTvEiedCdNx/Nw8lCQlog+NM4cu76ROgkZMN5od5KzIZMIr0
+TJQFvcNuLmW+Io2b3t0pzhtarMtfR76ThPILyec98ngWy4ckqydDVaKq1eeidh9Y
+UjYw9ZMJGghKQ0Y8xxOKR74pVOcmiiYM8lrsfLE3S2xCIpy49tL4W2S0JxaE6YUa
+Bt1OZLwZleQtA0Ppj2Zw2P2NR7LAyhGE0wAUxI6mGxhllpHaRfG8zX35g4a4TotO
+PeFoD1pAwjkIMSl/3365Uj7+imYRAmkliWtDfpQr6kd2RIjyA+rGire3AswsS0Z9
+a5fDpAPUtRwnrGa25b6cl/FejkBzD6/61bxoKzaiKWjKJmcgIGw8pqaW/AqHSxNI
+cHQk3pyTrmRJFnaIgX7oYIOd3N6fehNtX63uGNGK+n8Dnftht6ap+SbEzx3pWAz4
+c4tHllQiE1AH9IWKgq1VHn4/vtzjZldBqHq3MPb4XOQotK1ukhnX1aacPQaOYVHH
+x+Xle3A3Pa+TgSjav/jxJ/EqWt08AGU6/R/gKoUS51gwVY5KM3/1xMCHJBU6tGqn
+gwfrIMYybRxJQCTZpsRbMQLS2SXYS4eHF+g37wOBao5lBqQxfBs9pYK3bzhP40PT
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA1Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA1Cert.pem
new file mode 100644
index 0000000000..07cb933bfa
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA1Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 46 BC E8 E1 06 A9 4F FD C8 F5 F2 A0 EC E7 60 57 02 F9 A1 07 
+    friendlyName: pathLenConstraint6 subCA1 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subCA1
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQ2IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+UjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+IjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50NiBzdWJDQTEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDbl//xWkNw59SbDnUPP4oLjGtR0lPZ9ro0Y6WB
++VU5bQttT1STRTs4rE0dsO7uxCe4rgElYiE3RWkOX3NpjDoCjhAsZQw+qTR+RYBq
+rXSoNY80g6yKD+hw8Og99RL00sf0/vYlP0VYG38+cMILpZerHyIjyn04miEb3KA/
+VDh3iacw0W38bDi4vWkKM+vyzTu1bmwTK3e74GaeDQKoZFEP5dGFleHaEjf3TobK
+mXvEVAl2OmJcm64caInLsn5ZorVxYYizcsnwtIaAVP03UFq00tHIRzthDUe/Q+qP
+FXYesalAOV+65HnlVk3xVuhxc1/MtoUtMuaK13E0nl2h0CeBAgMBAAGjfzB9MB8G
+A1UdIwQYMBaAFK+8ha7+TK7hjZcjiMilsWALuk7YMB0GA1UdDgQWBBQ8mpWek15W
+YulbOJBsmjpuktv3CzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMBIGA1UdEwEB/wQIMAYBAf8CAQEwDQYJKoZIhvcNAQELBQADggEBAAEB
+tPnuRM2E44XP0QrA5YQhDrvV7pzhdEmo+7ZeaAlb4I6r5jAHpCcBjuI39tihVxqF
+ERPPrK1ZLjIt3q9ZIeih02rmWde/qqDgIGQJATl9pY2VpWX6kTu6vuZKw8eA9in2
+PB6y5lHGnMcb8oSyvAA2gH81HxQtS0SmILOPDr8LFJ+cmw3Wv6E8T8lDYCQyb/oN
+KCHGIY+Je3W9e+BPVyRLk9B7SbQC8dFC0zC/tkL6EImHXCP4vH5B0B2WysD7Yjav
+6KKJgWLa7l15/ZxcxuX17E5GZG3Vl9fIZf0qfaR6nZAMXPNLOQTSR2tS8ponmk3K
+7xxdRXaFL4msvMY7iP8=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 46 BC E8 E1 06 A9 4F FD C8 F5 F2 A0 EC E7 60 57 02 F9 A1 07 
+    friendlyName: pathLenConstraint6 subCA1 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E3277D8DC8428604
+
+1KOZwzQYMSXVc4ZjSJQMkMqAYHNDlWmkrbChYpOwoiTKHo656wCmfUmj21fJVylW
+ntsQic7srUpTZ8JJEmZBwEnBsZs/bSITXjlzXCFR+nkxwlXi5FXiF+ujDLzRZqhk
+udKZZZskmo7v47u6Su1qDyYHM6SK5+jbxr92fUL+PngbUSpmQn5wYzn/Hwoc4CKF
+2DBXUBNUDN/xxsV/PhvArgEXNGpEnjIs0hC02OiElTHdvG+Fix59RM2Z8qQhTCYg
+HgaVBNhlASh2PFMMiwTzuREoXJgq6GA/kUtU+1cf4jUyENoXRzObx++3ON+BQQ+w
+iNMOcFnVQ+LjwDZKzPDGaq7bGzVFPZT8c1hiqFQ0MutWUqkcxeQp+L4wUF4ysVZA
+4Yx/f2M3fr+4K33qW6w3Y/PKMxPU+32m9bJLKaV/d1a2gixNys7pCKj7kx+STFO7
+J7E/Qptcmth90p1tTZtJ+DId7Hl+SMJDsKRR073Cv4qsu/gQsBeHicOpb13k/1Sa
+pPZLcswriUEG2apABluHBWiOQiU4eWcyqshSTd8XkZs2GyBDXHJrjpFG9KuGQo9/
+n3lmp93p7wWuJjW3JZhvL9bTDsMXFvdV+80OeL+5cKvX8BHmSmeJC4nwV3P5mJeM
+tO8jxYb/6dnq5SKikWK05UzvYvgoYWex/IWfucY5qTEjBkDYWKjbQjJC1mc6iyXO
+L/UUQ+v4A+ukxSjpcZ9oX5j+z3YPm1E/7Fy3gvljRM+QRNuYkfZeqZpxBkx1GDKZ
+lSBkRBG2seXugWyyX0mpuqA1piN4dNik5IoXk2I7RzwrE/b8RBlSWsREtQbNON3Z
+Ab2X/qc+TRpHYLcTHaeQxlCoIXx+3JFcuhug/XViWTN+EG9qfFwy3Fn2wtuhYdqT
+GJO+1Ffuv5FxBFJovHSCHw6nB0qDAYYNEEgm+12IY6zptZ0QA6WhKsLIkbvwAwJV
+wJ0MJ2AWxh+AOg/E8Vqktowo+s/mAmuZHW+CR1OWT/HTJqPXhm5UI07lOmlErjaD
+sr79iX4aPdF5rNAO54FWXt5MHXKzI5shefZc2Av2qJUsVBs/yLES7LS9zwtiEeBn
+7d8pr1GaU8zEWOUJpr5IobmkXU/gNOutBpAhgxrfdyn67WMsaNvXazBMQB1QPkzx
+hME5TOzSNHoqaJXH1PdbrR4a+1Cu47SBn9/orFjhV1YK+R3A7psN0McyaSFO6AgP
+1TOsJ8m0p9VxO0Ld5Io0e6FaG5pZKf2mnJqiC3n6F3fIyX7vjSab4D7eV4q6SGZx
+6AvhXzmhk9y38QqI+EwVXvF9L7qWOKmiCFaUnLa4PrXb4gvTml+I3mljB8y1frUI
+82D0hHwXxmcgV/PWkKUv4HnP5vXE1wpCjkSruHgBius9/ukXARUW1UgPsjMEMpHB
+0Hr6mcJ8KYtNvvnGEIwkNRepTEINuS9ZkUdE9d7Y9C5lgPSQ+hrnZ0WzpUmKKSuc
+QDRpPpGGSTOnvsuaDrJJVlSkvuo0gIkqLABF828UBwiWkQyRR7QuhvHgaK0qNTeZ
+Z8t6jxxaL1cX+Y2mDOC/3yioad+tHhCKczHNCMox2QB4/fgtzFaqZ9YqP1Dc7uju
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA4Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA4Cert.pem
new file mode 100644
index 0000000000..eca3bf0452
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subCA4Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 20 3F 1E 27 F5 D5 D8 B2 21 57 38 DA 36 07 E2 57 F8 6F 10 1F 
+    friendlyName: pathLenConstraint6 subCA4 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subCA4
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 CA
+-----BEGIN CERTIFICATE-----
+MIIDmjCCAoKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEeMBwGA1UEAxMVcGF0aExl
+bkNvbnN0cmFpbnQ2IENBMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFow
+UjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTEx
+IjAgBgNVBAMTGXBhdGhMZW5Db25zdHJhaW50NiBzdWJDQTQwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDRaciiXPE9CRnZszi4MJScusSJJBpnJRox4Dpn
+VJKE86q6HuEUtOzhllVlfQtaSGxhyWD8q8HpeGW7F2lqcblT0VbPyTPDF2DiPt6B
+yGYw2J9IMmkmdJ3RiXxouq336e1FTJoPCsgwHiK1bne2i4d6L5TFen8p6IFL2XR/
+lQyug93gOPysThsY14A2JJTNAISkJFtfEiHABPlsMtzST5OkazCJiIkGZw7+pId+
+jkWMoOc1C4nVTUEJJbyUVYTLEetaJVxU+3tVDr1vmTHXdYu4v6rWpX3IcmEMTM9m
+4HOqO1c92SWna0WvJLsPRm1y2/H+hhaGgvp83VrdXh/fdHrDAgMBAAGjfzB9MB8G
+A1UdIwQYMBaAFK+8ha7+TK7hjZcjiMilsWALuk7YMB0GA1UdDgQWBBRJhdtL+xFj
+2ZkCKLQLep4TF1oVdzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgB
+ZQMCATABMBIGA1UdEwEB/wQIMAYBAf8CAQQwDQYJKoZIhvcNAQELBQADggEBAJBm
+SQWFZgiXsoHVxU/Di8Vz/JG2sTHLr58iyp38gcp+7oM/SrRqdtFe3KoaRb1LBHhK
+Kwssx+5ukA/ZYIrKRTwv7IFUgdeQgsQDbNtAyxMkKwv2QFrtx1zaS0397wqZRGL2
+c4ph2EI7F0IzOmzuXuj3leZTiAA1z7m+WopfmN7RxPmFT/8ZouNCUnMxryjqEzm0
+k2vUuGzd7MLEGHlW2UVR4R/hfSOUTUBcUgC/F/aB07nCJ3Gon8ztvzRIAo7IQ1Vt
+okYWRHbFapAq5NsEn/Z/AxDGh9kJuSIx8/mz4hcdiKvfbQTztUPBVrq1RmF++rHR
+fwzHkZ48GGyTH5QbV8Y=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 20 3F 1E 27 F5 D5 D8 B2 21 57 38 DA 36 07 E2 57 F8 6F 10 1F 
+    friendlyName: pathLenConstraint6 subCA4 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C5B1DBE38CC5F027
+
+xmAK7t4VqSNBgcZrMibK2lTme0BW6e65ASOjylAXAH4yMvgJGjEHRxj62gMZHHCp
+Cn/w4/PE2MfyZg4Ac9d0W+t3+8o0fJsa5rjfdSHWjZvK0hjx/0PgUplV9hqMYQ1K
+pOEZzAFPDiLb8t383RTUCKhsE0EyIxjcKdqFackk0s3RulEN5O9ehj/70IYbO9XA
+726FgHA3S1dZsxekTkrpTmC1T6Nxw4tWYWR+2x5Vx2BesQIsBvQF41nB55y+l0MG
+tYA4lFJ/qSlMqT0nYBEOghRHt7hyT4Rz4DOC5AZXwlZ5JUsjgzAHEr3FE0cT/4kT
+rISxP7L7pL8L9Vusnm39bxrCiKNLFcqGrBhEi/lLzHQ9WMXc/i1GQicaqDLKlLkA
+gDZ4rBUMFuJThvfAteSLLPsYVWcGN4NMq/CRXj6+EgaGGuUy22rt9H4/n7O/xPsU
+kTleCyIGrgJozT01/OqSCisOXb362Ho+BcC4cxXI5mL9y2qzhlsO6KBjl76v6QK1
+Q2KH9qzvNwWXAWlQ93MLwAZ92W+z9vXr27qc/EPzrFObPrIjHVLJFs94FsgVXCSv
++Gf/vXQRWURnH95hmhIibseKJ5l/yyhIeUB9zyB+cg0ZZdkKJnNavNeSGWHm6TP3
+jnT4761Pg1DjyJN2Ce5Gh86P1KyaGhmxP3+RwZqGo1vRMqk9qEebAfmC5WqDBMVn
+pbQ2XT6dQUXmr7vsW8XCBi8ojlf4pS41Oq2ZMY/l+6FYYFw5KSz3IW7Rcjyj+FmE
+P0lOCIskE6UrcXrX/AtvJKWjgfDu9NUVENDV0ZXJ9xKqrWRD9PRIDEUeXc5YiZjJ
+v/i3iWcHeFK5Y35daW9T7QkTOivTmEsuE/ncR8ZrM76nYhcvb/Euo+CZ1kW42sUT
+c6Q+cVBm0BY2I8VTvxEAWTbytTvIV39xPg9eOqqNWomvDkocvZ5D9pe16YRMYhy/
+XIl+jdJ9qnmzGmLmVP1xWzN6CJx9i61JSBTdm6HZqr1EaTcVY0xz/6R1PsBJ/veP
+3vDMimT2Z0UkcmwrlWFsIzc/2JNNrmAgzLqUz8aED8EI5DsH2ixoWBxIyu8OY5I6
+o5Xk+AtaGFH79ktdVmCk9Bx8JlH3ngi3QvkV3pnLsFt7xm5NL8f983eMIEcW3xTG
+3MFpLXRMfIrX9IZJFeEEBiJQufxgkbeIblulY6Il8YFKvUyBK2rTjF/RV2NWL89X
+zx0pBV7IMk+eav0T4dIKHyCEn719lRawJujBdqfHIFR9XqQeriLNmvl1fwIAq9aV
+E4xKR9BlvkXd4MyFQWWGomI8aIHyHfb0DDQtlD8DTL3EZx11P1ihAiXWgtHjJv2t
+WQqxSsJrT7K4ZsuzZxvC3RBzCx1+w7rzoBjr+shgoKQa+DgQCIvYqx9yHenTfLJU
+b0mLn/NCc6V+NRvA8ismPZbXOFGi5edxmBRm9/AlLJwPrYv3nL+F5k74qWkhLDrG
+863JD1YNIvue1voJGK+RRXetZHPTK2BQW+N5dTn1ZQIGPM/pGMCXYiLjwABv4riQ
+Q+ayr702yMuJiDGDywb4PsNkpeiEvZWdEefGwbRj56EHzIhwqd/GB4goGWo+v0ve
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA00Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA00Cert.pem
new file mode 100644
index 0000000000..062578b2b8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA00Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 2F BE 8A 79 66 E8 F2 34 7F 81 93 45 80 67 28 47 99 3C 8D 41 
+    friendlyName: pathLenConstraint6 subsubCA00 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA00
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subCA0
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YkNBMDAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSYwJAYDVQQDEx1wYXRoTGVuQ29uc3RyYWludDYgc3Vic3ViQ0EwMDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPzK+3Yt88gKSZVYm3rqWATIKudK
+erzo6+8OfKXCeLhqdyl7YQSXA49uFUCP3j41d6D51ntK6ngrxNY0HzGIO76aGbqB
+u1XCDdNUQGdL6j2IKBL1b3wWfbkFP7jQ4t57SKbtRVrJQUclQnPngCglKy9VSVME
+xpO9FfmPMJi9UV+zZ2VXD/6wfe6WG+bwkGDh935dJXi/pRJEYcT9ldL38He+fTmu
+pFatw7Z/qroGStY03BhsbNs5hGPk84ttMgf+HUcNWEKPrLmRzY0nmfAL3oRtfjNY
++V8N5BhcBHIXoiReaSUi68mkt7K//FzIOMa5F4tsyuiiElFMYebEV5M1pGcCAwEA
+AaN/MH0wHwYDVR0jBBgwFoAUz3Z2g3OQJMeNo21nfOtSwNTU7UgwHQYDVR0OBBYE
+FLq54oj31FkliuMp30+gBjjdcXSCMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsF
+AAOCAQEAQoo7imYucTJXFumY1aMqG9EQSloP/zLPTdL6XFi1tUFCebI/pNhDIHOO
+svVDSnenCEL2pf5V7obvFKBCb+IyaOQLC1JqV66Cti25xcyyVDKm0Bewd+ZydXYS
+YxhGkPEzqPCPJ0z3Z46vI2ObJU/+s37+u6EUSfX+V7uKcrQhR+9DwfL+x/5b+TKg
+l1kKIxaAw8hZGwOaAUdUTayCHPaxpGUFXqgfR52D2+fqIDFd59CwksvCUXx76qqW
+5JOBQu7UMyTMZsv+ZWg++JcSjKd9/FMBGtmPRnu+HB4+XQ+I5f6lSi62FUQQQ3JX
+MWTHU+R74FntihrR4lAAl5Qwh3N9pg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2F BE 8A 79 66 E8 F2 34 7F 81 93 45 80 67 28 47 99 3C 8D 41 
+    friendlyName: pathLenConstraint6 subsubCA00 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4CF27B968169FE88
+
+1iw0oCkMr96HSqViN8KaY6SHsCNqFr/nlf7hWf9vRZ8pZPvxPaNyadQ9WPvJPFXa
+06rCaV9RV2cMMpejdkMYL+E8odYSBjYHE3u310YQWJdJLt72AO16TxTyjV/ZsFxD
+aCxGh5vW/kWIa1BD6mgWAUXPJQWihGmxqWitxXvNYb4RlltH5nCoSHHWR6lqD347
+aRANohrFqFp4488o7NbvzupGF6bPTK0CrRSFTpShq/Jmd3exwXOcJ9u9hL3/CPvt
+ybShcNvvSLO0m5uoP6j6ijP8AeQKivIdxt119AksjByDr9mclOdJM+B9Gia35iDN
+H7GcCbOeNYCacDDRJuSdJn22M+TXXVbpeexKV8hFUqLEpXmd+7kX7c/6zXqzIPLV
+T8Ko5nvxQ90POPWoIcNWGHq8CJEtA5ty8jiUorFze4hghtomdEPyG5HaLWEchLnV
+/FS8n8z8EABqpnXbDEp4Q2hMY+Nco9L6L+5cxI/pcylsMG5c5wpquf81Ff6IKEo8
+syTkdj07zsvih3gwxvDzlGff3s3cUi1L1BlBvl6n9mdhjbVH9P/TVJNhgXxTmjAH
+8eTi9rzVzzzGUOttMhjwsSinwd+qHIklT66tamIFlWqFPJLUUjw42uz5MxnpJkOS
+1AuJKVQo7XTljpVK4BnA4h/xIaoWH0gM0f+qhHLaqSe9rbU2dNNCciyDDi20AUBQ
+Y4Otk4mq45R77A2zYwZdsljahxeaRp6xZHboQ5W+sosHecAZ2+UDe19slmddn9rC
+eQLJt9Jf7uGLhimWep+X1Bn4vCdvdZeRZW8dKhu9NvlWOj79OzQjbxNLOQ3CiRZz
+fMtDnnKreXe2bYe42zop8FR9Kfri4dQVsTkkVtK+vtz3PVWHctJHQP59otqhDCK0
+pDp5XGKMcyDQ5pTXGJ6H6DAO5RqO6v/ZK0YD56cr6W1XGZHfibF5UI1AgXO6dfIj
+c9Al6gWaoLXdxDXjT36e/EJQydMyNBKRlFJ8uC87F8binvPwYkOzu8PxQ3DSMZ/V
+e45x7II+wmxyAvthLXPWBwbTZUUK1pnPxR8VKWdjuzvxqvZSfchsXTjyxhBwANtr
+gRIMiQofwbQFPosUu+3MGYJ3tjdH923RXY51/OJClnirerCk8LVX8aECWFbMtc82
+E7I4KrqZmex1ja3xzwfTn5bHoy5RssAQDCzvk0M7ia+C3IObK1j8WbXlJBwj0BL0
+lpWZOnYcvLQWXkvxg2D3DuQYUQKDGon79rrsOyXgWuaDSIXDzjE2BiM0VRXskHst
+vpGm9JwEpVpe/0kRvxiLpeG4cHwSWtA4U8cHkuucWuxrxZ85OMu5fnIJ+v29KcmK
+AGn1hEas0hBDIevBLEPtT+Z7NsCwUQn4sgE7foPwrcPHSWu6NlsSarAxAJReJZhi
+ktVGbV7QtSCm9QQeql0BpoCaWHaP5yeljfcIqQNX5ndzVOf4f2eMtl2G3lZXR5Wb
+v+OoxHZZxYwiSkBlmCffXgYTEeuzM2sDdEIuz4YtDyAN8SVc2ZpF7jwGFzY3uKQW
+Eobo7WjIsJ8RUKHp2nUNbi4pWgPmawaPIZW+KXsEKl5b2yATVZ1vWhRaOdqXyvOa
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA11Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA11Cert.pem
new file mode 100644
index 0000000000..c0453fc232
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA11Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D8 2E E7 D9 03 4B 28 64 6A 5F 09 89 7D E4 9B 4D F6 2C E9 4C 
+    friendlyName: pathLenConstraint6 subsubCA11 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA11
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subCA1
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YkNBMTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSYwJAYDVQQDEx1wYXRoTGVuQ29uc3RyYWludDYgc3Vic3ViQ0ExMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALuN/uaJp/PshJKQyBN2TWolI/yk
+GtUvS8cQoBUZUR7ahtG31S8sD48vf3s5ggkb3JfkLOQuwxwzfiYRZxVLxHyNbQEY
+TUrZIoPj0+SqdDb9JCXkuCU94akI1d0xqf7M7MO0CHVZ3fcOp9qNTwm/gBdnep+x
+pMh+g6nn73ufozCGzrnLaQp3wzWK/D4V6WjuDQMgnEjlAhxs2euUsg13HbElCSqf
+r8Mx8bbhHdvzV5yMPVTH8mXYt/xv8YCN/ek78q+i1VI4yUw2AdB1IMwvXDnYNQJb
+fi5ucRIthUmBwPlf7zaEHjAsNieSQL8+SdI6vOA4WUH2tNHIIvTHn5GqItECAwEA
+AaN/MH0wHwYDVR0jBBgwFoAUPJqVnpNeVmLpWziQbJo6bpLb9wswHQYDVR0OBBYE
+FNOmRV4CnWcWfZSAD3O5hMZbtTG+MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQsF
+AAOCAQEAT4bn1Lcr9UM45OpPECn9R4qREuYB4mAdo/NHNvnXQWoe/g3ao5y1R0OZ
+t5aAw5Ri3ghemIraBIadgiWEpbYR1MVoR6Vx+yTLH1nq5yGKoLJ+fsEPmNwTc94O
+Lhdu94B/gB/sy1vfq+/lnmScXMqWjE5+0kEE6BhNEJm5ep4r31/nv0oijTwLEWXn
+VnAF/NmOWgm7+hOMVkzXTqJVY/Ep1r7QJHa65hB2+UhkzuNryOK/57CBZQbO8+qM
+GVEymCQ858dkmH8JSpScryYdXQZb74Owx0z+zB/yiy2arubmocOwtBJIVpAv9DeV
+HyK/COG7N0jwe98VneVl/KstdYTrDQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D8 2E E7 D9 03 4B 28 64 6A 5F 09 89 7D E4 9B 4D F6 2C E9 4C 
+    friendlyName: pathLenConstraint6 subsubCA11 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5DA38B49F7680467
+
+vCNi7mFrSPZxDYmL8Qfjvy7bxyx0TkWqZO0nWdNAxKnSDjsXS5+D8awQ/ZNmj74N
++SLBFJE2pB7fp6uT4Z2WXHIbG61bARd3qmkXkXBtMhFU1nOy7rJ4iALsvJAqbKJg
+VBosdvZDMlHT64eOqfucVJVpPtJoKKGim3d496c8iUgWsYQVLpu5h+ifTfuRO+/l
+ARIbpprGsjjhKkUiAe44AuG3z7WZqe4jy7iVTqew2GBULUUkkYOAtYGRnDf5/SjY
+dfxTHAh/uvNSg82aacIqD8JO6eKX3c0uFSyAA4Oty/4Hr39R4F5cfXQMgnPmhAQg
+UdMBIlsa79eWU/2D6AxlkgmfmnF0VgGJRSkfiBvQ7nJX+AlQ8amZ+oCt7mGRyOEk
+BjwzwLufkj6xof6V/o/ZM1McqOTGhLNL9zz9+Qq6WNJhIznniNEUKNOxCJZnHk9D
++k3eoIACfXXCjMVSxndpjZ3l+xM+nY3ei8jXdLp7vYoaWs1UtXT7U+L6qyE+LVhx
+mh7DyCkkX9IfKQqcZWgTN4Bm6KHN8OLu8l8hv4McTfylwK2JB7S3YZrrx9Kc0R0y
+itw+l1zwAUvck9aZ4AOO2vqA+HErBQBKtpNBoB7DMjrwc/22tJd5HmKDPAqqtuqb
+NZhkYD2dnFvb07fV3t7DfpIs4cdewtoebvikGX8oHJTx0tv40BkAPRPtf3VcnShh
+gRRatGDcRrs+TFVHdY7r0JFh+TWkHStVrv4UyzlGAwQ7lVnt0r6zaGRZSB2CZ3jA
+u30RVtvnu2aEMg824rdHpEtfW+dKgE8l0L0jjRMEb8UYsUjYxKT+10C52RN2FpwW
+PjSI8VZeJHK2LlFNbtDO7cUNK4hrRY1Ic3qU3jkm+bBVutrbe+SQjswH0F2435j/
+slO8LTxRqY8VZ4ueEa8Ofp3TdWLG7CTq0NF2UlEqBldB+Hg5GP5JzAX3IjSoTgyn
+aUO+rcygsfWKh4cBaHo8Le7aJjFlLLcvXMIsOqGvnIzG3tMlmvK58qDIlo/2ilLR
+3DwC/nXBKTfelDyO4wgNiQvc4gCsLQ6a1CizT2ulTmBmQUbFk5m6mYJF0tkyZAX9
+mMMxKrCYjU6PvY+OEiAN1W4UpVJE8Pr6MFBD11Z/H7NCGATJS71xWqYR8LVuaF1g
+YZvf9vZL3YleBNmrlLxr68v2Z/Inco0lrMpyFws4JDYOHjuD1TJQKpjAmxxQXj/W
+MtjeDffrEKHudhA5jRrOP8ZB8hdWlox/iuu087mnJW8yWtIRvyNEusE2wvNtiMYk
+QBUuqaHSIagr3QtkQ+o3EesfzkDFl5oz8Z7ZWZ9n2vF510HwJKmqb40lgsEyywjT
+qbaVyHhySxHikPcO8cxHlpQKiBCHHdAZprq32qnk46q/n9rb3p+nMjZSWIF9/YwS
+QD38G1NyFgm0q269P9oQ2BGbILhCpblwYAflavrDqDdE4KvZGKaR00RJpC6diDeM
+h1xCBBz5Fwp6NOZ/e0jGHns71pZ/NboGSHkieQle30nw2o06brwrDTTXW5shIKaR
+jcmzH0wgsMNVORkM4p3Taq42UVugMjkTuXCMI3AygOYNn8a9Ib8sXLpivkLW8UCF
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA41Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA41Cert.pem
new file mode 100644
index 0000000000..dee3db33b0
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubCA41Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 2A 6A 29 59 4D 9D 4D C2 33 FD DB 17 CD 49 47 F8 72 2C 92 CC 
+    friendlyName: pathLenConstraint6 subsubCA41 Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA41
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subCA4
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YkNBNDAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSYwJAYDVQQDEx1wYXRoTGVuQ29uc3RyYWludDYgc3Vic3ViQ0E0MTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANhwD2w1qEqflNfYtpGLRSNwCAoE
+N7//EbgaFJKP4OGaerEZ41IHT4G8x0QOsx2RMRd6gXL9zNMmKhjoCL4Nv2mXksGt
+crt9dSJE2MaUIQFj/cdJv+WNwoQW8amBjeMSNL7BgB8y71fnO8srWabp6vkIgDr9
+tY0qmHZ1CLxB848d8C14NbaNGMeWJzI8ri2rXD/0sC/0LtWgg624DjmZWgxb7B8J
+w1ERSKznjFQ4vv9imV7vJ1GZ2r5V6nBPFnmtK2r2yqAeNReHE3U2syb9lpFyOsjh
+qTjVQdKUk5N+NAZpCipVuymCdvWcJY3C8FVmjxefqv/cJBu3Kxi7Bf6f1iMCAwEA
+AaN/MH0wHwYDVR0jBBgwFoAUSYXbS/sRY9mZAii0C3qeExdaFXcwHQYDVR0OBBYE
+FERapgfP9vPIx0bvZKH1W8E/grxXMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAO
+MAwGCmCGSAFlAwIBMAEwEgYDVR0TAQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQsF
+AAOCAQEAtz+rkTNDpvnMjCDzmvVltiLfHURT3X/GipGokbedY89ANtS1dRmNFyDS
+I1Dh17v8HsW2GR40FCIP4ImbxvPrUAQIASOVUR7iLKwSj99RwK8+Tfd9cUBx5cdA
+nXm+KGqJ04sBKilEM6kGhA+vxZU8OJ7hck3rFVxNiIvGTZmYPlSLLQqv0X3LcWG9
+XArnZEKfNH6Ph0LCOzlPsLI3iQ5rHluq3liWMD21LBEftUdpJ0DqzEiWEFHL8PuD
+AtiGA+cOA0DTakpwjLnd2q1wM0S7HLVaYGSv6HErM594IUZQfWAyyyTpl3CERtH+
+mlou5h4IgFeitqocNlVfoAX5CzZsvQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 2A 6A 29 59 4D 9D 4D C2 33 FD DB 17 CD 49 47 F8 72 2C 92 CC 
+    friendlyName: pathLenConstraint6 subsubCA41 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3E4218EFB3A645FB
+
+SlNl29wyvuhel9ar2aDtOEG+incCnQscatPX8whutk0o0/uhViDsxZqw1VrZPGYU
+VuYuplolpGLts9Ac42qpFO9C6TAMzBuuqvfkVVESrHrULSDooUaMmahSu2aptfEC
+7d1QFSh57X8UsnHmhpcyGHdVeu3ZU3gbRwg0ThIpMPTeA0Z/yjmXrBbe15o3d5hP
+y16cbMPfMQJ25lfmmLoe/belsqWBEVRcfcW1ZlUxEYcvocNgrN4sEI6XfWZw5CYc
+5005r3onPF01xPYDqhmGvDShwIpI1b2Xxd5RbAkTCS0e/QrDUDUt+jlYfWZN/osd
+QdMj6lFRGGoJkEhMjAOGza+ixuGjf4WlqjtWPItCrqtz8f0rixqQWFsU/xuqaqRR
++q0Bgw6H2sSGennKeyPuv6ONnKWbPZgOEdqNMmLp3rWY23g3RhHonHeB267YVCOX
+8FoPOJlBq2EpTefwUe9pwm94awWRMPhGeDDhpKubVkVPe0E9ghFkf264X1pkxAsy
+0LTatlTsXh4Hv8MexaaNZ87EQDat8Ehw6Z/LMNQVkrmQNyYa/LE9mEBMs7PEIvBp
+mGjlCo3aLzS7JSUB7QJwYS4KlkxyTIA36AS+YYEsTEvclYvdEVY8r/4NNHOV0Y+q
+eZLfm+KdseMBdfphUOjUj4dOM7vnqsgprwbLOD4lLQn104GCHt3FebphJ6Sd0PqV
+czd6ZPETM6U1/TFkxqqe1dhsHUA03hKCGFyKg8/mUjJyPajUtJmAOG0BYgJB58ZS
+QMNiQu+3qIJyimlGoUAKStS8zlfV4u1ZXx9Qd7eds1SGNX7ekgeL9XqN57lV9g93
+YKYx+s1izCMltq/IgLiBCow1PTcEcQhgqHADKaL44603I5cDKFp7DEeQ9Csq/4K8
+Vd57EAV8a/UEKLGpKnYTTBtG4StCbtpfZM1Z9YFrsXwLNslkPDIpeizkE/Es8IR3
+komhXk1qp0rH+0sZyohArLmdNrONyDAGOT1N3EVzeMKylKDsLZ3MSIneWx2CUQm1
+nB3yU0JFuiCrszmvP3ToBQLn6b8w0Hz7OIvgmRVUj/KiRoiS3QdgR696ijHjrVxA
+03HJER2tkGfxPG09va/cAzEGnotBOf7njyagxtMLho9UcNKRphHB8IXZE4KjO1Ci
+a1WKU0DVO0BxB0xyvaxBTa7DZe4nUNcABUB1NiHBda7V+44gpQ6QNjciCtEAaVPR
+YL4txJHYkQW3QoV5HY5B1O6XDODW9TNg+D5NLio326JU9rpOZuHQSgvHnrHKSN+q
+iAuE3Kv4TZL5uq35Z0HnhZSNaps12iGmtNJggCPe6cXvak5G+Gbww74L6/Pbx/RF
+Tzyo+q5Q6C4lrAZPwxc0uFFR40HdAvG8FI3eSP2AvDMjb9BjNKFGV6POnErNZjwP
+2IO8hmiEPZqD5X2W39KZmf9p9BT/mby4VtMTNHXCa2lDLVbQStaTTAS7JvTZK9sj
+h60ij3HmDnrn/oNb+Tj27RPP6WwfRwEG9Q6ckQUR4IxcTQtZJueY2NhAYzZECVsP
+fkqROcAMAgsglc+qIhmK+GRcXT8SH1RVC1MMOiIzYiamZI+I82Fonw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubsubCA11XCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubsubCA11XCert.pem
new file mode 100644
index 0000000000..d03f8732ea
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubsubCA11XCert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 88 94 18 7E AC 6F 72 8F FA 6B 91 D7 BB 94 C4 27 3B 68 12 30 
+    friendlyName: pathLenConstraint6 subsubsubCA11X Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubsubCA11X
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA11
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEmMCQGA1UEAxMdcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YkNBMTEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx
+MDgzMDAwWjBaMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTEqMCgGA1UEAxMhcGF0aExlbkNvbnN0cmFpbnQ2IHN1YnN1YnN1YkNB
+MTFYMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzo0UoNFGT352ywLD
+aKdwbykOrdmbb2i9KA1jFcqybAsbFggHUWmqEbSwqgepPtbWwmQBcMXHr5jGwgpl
+WL+3XK+e37NR3CwhhHu+ab/wQ+YQhzx2X9OmDiUqEd8trpLst7xhB2MbBDmh6F8P
+uKqc5bYgweh2rG9btTF3pNZCpAoB++xBfmWFgZ4smWnNh56Q8StmJRUbNyxSb48V
+NT+HD0WolgMTJiGy95UzAJreX7+vD93LtqgV7qQfB5IEo7QUe0L6bKBDnl0mKubv
+wFWMBjMBvkj8Vn+MBPpPbmt5K2xQcNNBoCCwziXkutnpt1bpOiBX3vfxaNQj5M0S
+rkdlwQIDAQABo3wwejAfBgNVHSMEGDAWgBTTpkVeAp1nFn2UgA9zuYTGW7UxvjAd
+BgNVHQ4EFgQUg9q4tcadyIsIfIs/7RpyJeKvG+owDgYDVR0PAQH/BAQDAgEGMBcG
+A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQBNi63ktdmqOjJ86RiHJKt46kPz3m6rDrPF3cVUh+gYeW6bYTKa
+2PbBbdPF90ENIZosUsg3dD1J7C+HR9oKqnG1YnghfKwhMej9z/PH+/GfepK+RADi
+b6Op6J1+zC1JCP2oLLMPcD/KKqptle5URd4u0tWM+tKodVijSkeKq6CfHtHErBcX
+uh0L8Q8PR3SWWmvYqfqDr0LGzl1D8hQp6EPUaQdxYFyNgiwcOz8p5pF70+ExnPMO
+Zw7nlBHN7QqtIegieCdwl/DJQCtfvxXYVGs2CW4af9p0ttM5lIDNXuoMRUd1rWTR
+vE63/I9pL52qh/9aX8GhBGuj4kP4E8OxgFo6
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 88 94 18 7E AC 6F 72 8F FA 6B 91 D7 BB 94 C4 27 3B 68 12 30 
+    friendlyName: pathLenConstraint6 subsubsubCA11X Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,29E796E9158D0510
+
+rDtlnUNJqhCzyBZzrrQewQV/EZsv1x+tz86nXJDeXXBd3S2RqS2q9geIgsYerXZZ
+tWoMBgt5AKVOpkfFmfbTmVxYz6IlFDsi/hnjgwgucKwFCmc7V5M6endSuPO856/Y
+xA09QeKqcEAzgopW7mnavPoScfIpk4NYOpeiRDTvHTX2nMQbA69WMBka+FGqYV2l
+nW2bhEGSggl5A35R+iAj2AXXsDBy6x52ySYZ5VehnRq6T4lNxd4Wzk7TeHyYCpsr
+EpA6Ao451LawmLhbQS//H0D4L7b3Pn7XsA/d15UlMfqkvhuMLTcd7k3xH0MOxGZm
+0d9toet8DwrQ/v2WzIwsX++/e6jfKlZGa2RPZXvr5icF5JI/LSl3lNtI/GPQQNpy
+ZMOw5G21n9+2jUoOxDH+jA215JUDIwdRWf3KxsGMsMz1ROWG3QZWFYO/F7xb5FH1
+w4V7oqoJP0N6K84mShIzi3mm8e39BUGjLPGMoRGTeD37RRuQCmHv7avZ8SEKJh2R
+btaJhe0wD++34DTHFbz3Ea4qu2jgdf0VQF5TV/cIAVIlEbzBVvTWBBxdo7luypBe
+yTt0BG9+tE7A/UAy/Q7IXnobwZ4PfR52RVWLOTy/EpRSfbxC2TmXWFfrEs91Evb1
+b1rHIxWKRfK0wvdte0C6Wsy9WcFlqxDhwsYXMfAs0/Wa6/P3yLloRxUL/eus8N8W
+2pvF4hHTjq2VlytC6JW3heKY4SFtu87HgWw/5tnP28jRQPmpuvYsukoFFOjsq30I
+z9lmP5iRKHhMSnXOzBxW+XkW4J0gUeJ67zWJQK4QK4w4fgRm4DmO/GNGvltg9870
+HzkHrHx7j1EqUG3mxKB0A7cH55YfE/MO+4mTANnFjajTKoOBT8soI/9UZ9zy2C2C
+66c5a/L8nY1/D7rqSGLmAFaXiY5V6JrhqNG7Dslmj1gtS3TKian9JJ9OS5dvNrxF
+9Of1YAbea5dagQAfbAfG/FbStcdJiy0H1UEdQGynQLbLWOVFIoTztvehgLrOqssY
+vr4lds/EQK1rW5yaj7hIgDiFAAs0vmXC0kXmf4KtFHrESsEcKHh1dQOwpA70FsaC
+fa4eAKt+Uk6SP+WrbAuZNF101tmI++kbp9oYKR3xRjnMaSQEoAUv5xgtZmyIRHoK
+UtbBeoMhQRyuwmr52lv8f0Ztp6OKJBnk+lc+BZ+w/ydYm/s2UyAUMHdjQiAa4l6D
+ga0E1I634UvkrV3MpLvGt6Q2N8wffbAunMtlzZ8Mlp0mOlR1r0Nywplostseph/l
+QXp2GvZ3yvvPJ3wXbseXr9IGQiZEVi2j6qLECT1IJKMB/IUBAApLdbYA/wTRkVL1
+uV2PATkHIp7rVllX8mUtl5SO3tvqe9hzLZpI8Q8fUzOPRXGpNzYqW/HBPMLuEyhw
+fgZb1/wkchOd0d20CL9iQVkEyuJvNhjO6gbsm7dB0marreyQHP7Ho0TXMedBtByf
+oJRe7Did6d17H8d0/RYfm++nCeqlNMvS2nt+4T3trCC5T3m8jTrNGSamp3MgH7qc
+5L0OFqoDnBOYvZMnUFkPkjPy0XPRH9qXTxwEHSzaVMXmychMr5odvq1dQDBnKMub
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubsubCA41XCert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubsubCA41XCert.pem
new file mode 100644
index 0000000000..2e2402c8bc
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pathLenConstraint6subsubsubCA41XCert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 84 F0 F2 97 13 11 CE 64 6E 27 A4 E0 AD A4 7C 01 48 5C CC 1C 
+    friendlyName: pathLenConstraint6 subsubsubCA41X Cert
+subject=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubsubCA41X
+issuer=/C=US/O=Test Certificates 2011/CN=pathLenConstraint6 subsubCA41
+-----BEGIN CERTIFICATE-----
+MIIDpzCCAo+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEmMCQGA1UEAxMdcGF0aExl
+bkNvbnN0cmFpbnQ2IHN1YnN1YkNBNDEwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx
+MDgzMDAwWjBaMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTEqMCgGA1UEAxMhcGF0aExlbkNvbnN0cmFpbnQ2IHN1YnN1YnN1YkNB
+NDFYMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6hM3qC08TT0qiiB1
+AXVRGB8La1zcPFASpIZ0T1pRmbvQVay8/l8gAcVytv6KVDgpjXjXXMjjJMuAZQm6
+ilT+eC3WrLSzBWUQDzAXTARzERVE3u4woJnBdpcyo4ZlTRGijwzYfbVlrdTNRnX1
+ET0R9BLIK4qxRYdJvlDXoCQQFb1/58RMs9jK7lxHetuVt1ieeWF/fLRPZ2Qbf/qm
+MpepaATXRf4Nue57jA3FyUAbvgVg2XnhRRdAEnsM90YRZHOD+XbB4Lhz2Pk6hNDM
+xfl70rGpDXIOh9UmIYZZ2yegRx/rKDI+3wFAtcGYek4trQGg/1HoTbaKszhIgb1s
+uJ0EUQIDAQABo3wwejAfBgNVHSMEGDAWgBREWqYHz/bzyMdG72Sh9VvBP4K8VzAd
+BgNVHQ4EFgQUoe2i8zVUpZ+8Y+ZHalMkbEoMciwwDgYDVR0PAQH/BAQDAgEGMBcG
+A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQBM/xztTxc6ooWAmhUfwjeTeHYxZFBCB81yMwM/agD4C3gTf+vl
+P1CnTaXFV2aoOYDiXCkA3oL4DViFQKHcuIh6ag5pKlxB38KCH5l87W+xb4NuuyhC
+/sYzP6PsQr43jiWtzbGRgQ8SFwN/+jX4MQnJE660ab09hgm3LmIkWCa3202nbwvR
+rL0ILpgkzQs+IgbJY9EAE2cGiapoZ8mjKBq4EwZG6xqjqp8LO2Al8Koa1ofFwnoz
+sYCgl+oyiP2lTkdMpg9p3gmmqWRnv0qWvfjwxnpH470rFWxL1u5nG1MM/Y2GLi5o
++poL/laW4KNTZOgEnijxlvBJiLfhb/mymaMZ
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 84 F0 F2 97 13 11 CE 64 6E 27 A4 E0 AD A4 7C 01 48 5C CC 1C 
+    friendlyName: pathLenConstraint6 subsubsubCA41X Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2FE4FAA573336C14
+
+GLa99+FOa9l+sPDWoFbyBrbX/TtHNYIleUwj/cWNxb7jQU07+yk7mBUld0Bz5Rsf
+VuANrtMFAKMVIP6G4U7lDO33F89oDESmpm/NBcXorVklfaRoYAEpGmpFmPpYinUH
+L4zhMODI04VO6RbDLAUIKDrnjObW3Kz+u4It+0qE6cPWF6a2C0w2Qtnl+TX9yd4g
+vHrQUcXbNJ7FJIxPCVM6oVtEFA/YCaTxp2YIjls+6mM8raJAAeXr7mgTSRcMf0xl
+GHhq94Srx2LEN4U7x4vAzeGVcgt4Fc6Wl7S3GejQCJVCSlaqh1n5LObFL24hHW+W
+MNo4BF4Ie5+GvT8bNryXTfz6WS1/I5WpRBjncoJglKXLhKFkOyS+l+4hmh+RRN4H
+4GEgBQ0UjlNxRmycU9kS63A4rs2EJCpeaQkZbubrOyWQ21NmBmeGPAno+J8TfSUb
+UsHvS0DIbsQVc629/ROE+Mp+qkzNIITzgogT/GXbJMLj/ECJM6gZ46SXbUpoH/Zn
+F8QoqMm/nzY8jiF8HS/CmVi0fwd2zyqH5I8Igz5JN1i2Toq1AKJ1dhpJTij5vm2C
+m3EpwATFkjPD2WDrDlcCfvVwlGY2GJG3VHTvlF6E3+bkpZoqQ/LY4+xBj2DvxuQ6
+bQiSL0rcw7xvibsjdxTj0VRg1RBkGnZoUqEpA1uAbehFTLI1EkttvIDPWjtflfwY
+5d6c9HsAo4Ikcwwb897sPQ7SMK9OaXjg7v3D4QFMIMQVCN81xA149l8++SS2Az9T
+nxMswJ+pZp/+Gvs0D9bfAbN9dICVCkAlE4PUAPbvwt3Tb49hG7prCgs7pwedBa3b
+20f7PMEJ99WaOvZ+Dc0aFttyuS7hc2vuYdlG2Ah0QK8INk6cJI385ghp8mthdl7N
+nwGmMKux5y1rmB0JTRiKjYbVILiL0LwvU+leK2kiJSwjdBgmg1ucDDL69D+4/P76
+T+pmxcyyNqfqy2no1p5aELuOU1XMbeC5AnISqsBa9Gjuw6ApaapHZ0Q/KEXxPeRY
+lgJ307CUK9EGQOviLnFB5htGLMVYBbqPT8kp5m4gmTTD20baM4bjnHoR0vdTfzv4
+IgkMPGgsdEtyEcvAcEKK5uH6gWHcAe9DeOtBe6w2FMRNdsTytqa3oABb9wVK8/ZG
+wpP4EHh3NDm3NPHt5K2DSD8aUrXYnt0Yvt4KTSrytZ4ayFLz14WNXnKIGD1WqSJC
+8/3Gs5vs1m86sKo6qLyybI5Jxm04DZ4KiNxj4t9XN102D6wnJVEzDWXPLUqc3bio
+Ln2pncIaCX+5ACS/ETYiTHoxNzGXM1QdyCkBBeDKk31x1A2HF1KehYzAXltxvkzt
+1BzTEYx/lXSu+UJpoNw0l9c1dO+qQrEdCqVEEGc1MCmgY/aQgtX6Z0EguFvz8VwR
+UyWkXxwvndy/iFMhSSDc9ZbsBKGpXE5wdn6VcnSfhziOOB7/vtSgzaXSoWM7UZED
+xfbAp0/k0Sqwwk65cN4E2PUXKNuKtaMfh94QXnrhn/eYRjFmzZhfkiDkuBLN7f56
+MdevaFdEL6rFfOlFGI5LIISK1Nv+rWC/x1rZwVvRjcftRiKjD0tAdQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pre2000CRLnextUpdateCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pre2000CRLnextUpdateCACert.pem
new file mode 100644
index 0000000000..71c924fa42
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/pre2000CRLnextUpdateCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 6C D5 39 2E C2 D9 A8 61 5A 18 1A 13 BD D1 E2 C2 E7 60 8F 88 
+    friendlyName: pre2000 CRL nextUpdate CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=pre2000 CRL nextUpdate CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIBDzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GXByZTIwMDAgQ1JMIG5leHRVcGRhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDJaKW914d9ICbgb9i5WTu9xNEgITtuLfHFOh1uuDHXbo48416O
+1x7Bcws68LzNGyZiWIvs9kokWB0vVNdKt76kJvMTOMZcPFH0o4dfYo5JUaBeSU8Y
++Nfjxlql6PKOYiTruu4reYLgxf1BaGCtH+GjYqYOYC3He8gqiD0xuAEFb2a2Fdo8
+m5eryPTYEHC81LjmDZPDRksJmsUXsCa63AKQaqEvnrXxT9MLGflkFilXCL66yFhJ
+19k0lucJo8oZQt4PIMS7TF3fPFYdk58c5eQc3TUwjm93ZYgvSNEOeISC6EE7avb7
+0DASh70CX1iy+uNX+gcGp6aoZ799UaqAFv0hAgMBAAGjfDB6MB8GA1UdIwQYMBaA
+FOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQeqEecYYBoKLFCmimM5igD
+KZIDzDAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJCSqna4iaOkoMr5x0YW
+TxgORJXV2/YMYG+loli/0m7bCp2A5WLp6YGifWXvdcxjcNwVnXZsT6RYJ3eGp7RJ
+oKiRncTMjrAhAVsVjgdy5U7uP7lEfAQfZ2nzMOzT8TVk7sjGmWXmm8OaiWxLoQll
+4eOdKsBLIJLweWdV7AZ0cpGCPwnXRq8mh4mabsAEl0cB85ZGydb3D+q9zv92HIHi
+LJm/mVEbn6EQV6f+XW7JKYjTJJ0nFeZb5j/0JFPy5+4lo+KXHXV+DkEIdMMPG66U
+99Co7Xtye7IkjOzXFLbRYbQJ+lALkq0BqAPCC2RCbZz8ZLaVoIjJU0XyuQ3O0YMY
+5Qo=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 6C D5 39 2E C2 D9 A8 61 5A 18 1A 13 BD D1 E2 C2 E7 60 8F 88 
+    friendlyName: pre2000 CRL nextUpdate CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,48E785EC915176B0
+
+DvAWSul3RAjkEh00T/mI2uZoXGmFZ8KMSIpciqidBfizZNHtVCWpelmHH2bdq5c3
+LAyWePUZzeWglaag/cWzykPwgH0sPgeXPLwr/BtoAOPRgITVr1k1vHhShI7gjWuk
+Ya+3bMVvOF67fyeYNz19YjoSQ+fGMMCo/KyxYNPfth/w6F/kVoqqXrSt1k3na6AP
+HM7sELceaQzGl6JYZs4Q+1IRsA4sXpMO1FvxSem08vfjsrpHBhQvjcXPBP2GQpy4
+TANNZVVeed7uimomklEdJrsjqRtmvjGB4maaARVBBvLywouZqWPQXqjUr71kDTM0
+z6OfunsRH11DabCjwFaOkb1n5WYaVGETz+8BygIdHbhzzlkdtxIkKc9fUUlvcK+p
+YBxPbfn6u4tuOkhzauUTMMCzJXe3FWn0Q+3Ff7WAfnK44xD1eImGr39zjfDA1KVA
+YVpg6geqCZCX3pHRiygMWRVRiTu14fnlbvw2Tx25Irx6cJd/XvFVMOtAJzhKCEr4
+mPKENqhW734k45qISYegeeuL12sJGLyemHHPSrRLZxD1sbrFwJ6jO6rP2ph4At9b
+DmDaVPRZpHJUxW/XHN0UOIsbycDVdsxWz+QGYDaBbwNGyWBGj3Fe5CkeeQdIn4VK
+IJ5pixAvnBz8paPcN17u0jLf8gw4VkVxV9dQxKREFg+1A51M1ywWoPoj+FcLnx5X
+5LlCpw7r4j00dsEP/86VjhAffMP7j+DiIofRsrHiJKoHjY/tw+5JAzeD/mkiFEcy
+klr0N5nMdqq1EeoczljpNcS67eUx1s0VlVca4PSdkFI4Y/6AH0sHY3q8Alsnm7II
+zNqur3/XuwZgKcI6pYJrKrr076bU5GjSrjFDjkRcZODpTwfHMoWScOsof+15eLz2
+WbecSJE2l3pbB12x2UY/p9w73TAs+DO8DbHe9ARZ3P8TijFqm7M1olrbXwjmTMRY
+m2QLJ39muPsRNP3GpiXCuuCmb+tiq1zuhdUwVmckRf5uJCxqKIriKnqtPxL6qCS7
+1XGxSC98NthFXkQFxIiZHEs/TzrCqzhxE3kPR0k2A6AfgvHAcSOGGxGN87dtQbW9
+BnIJTwpmiT9CNJMeNGMFTKdEP3paZL21EFiwtu45TFWrlsOf1WVd4KoWmBmiIstp
+sb6KhWUx2konms1RoC0wtWv/JxXSptymCmqDyB7NhHe9YHz3YpCrfsqKw4JrOatO
+nkFVr2oyK0nC/2mbsugRJ2TjEv2ctXEKmPJ0tCVH3ZlK/qxsd8wu+AKdpThZtb7/
+deHf+LSgfimjzBk9/MnUYU61Y4InMv/cChfQwQdooJPT/sxPLcQYl5SEolNzaK4z
+rDa/HpTk0bbaK13RiZ1OR0tP2KfgKrIxKWdsH3WGSarxF7HTKsDQzdgZusIVuJDi
+NtQPhrOLIr1N181jF8Wj/dLr5FY8fGWwomQCgkIF0OAfnN/bzWHufifdb6nc0F+u
+UH/ah86lrkgoUxFiQjbyK1QKyW2gNJFmV0Uuk5aQWvnlK8Yn0Gg8cJ/EFTzl89pS
+LrofVKQT1YJJaH45PapT1E+DP9z42TZscvIivLwxjIJLZXdZJxMqat1mMYzXaIqU
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0CACert.pem
new file mode 100644
index 0000000000..4aaf206169
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 27 CD 61 20 C9 48 37 C4 8E 4B 48 31 C5 51 74 67 43 00 1E D3 
+    friendlyName: requireExplicitPolicy0 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBLTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GXJlcXVpcmVFeHBsaWNpdFBvbGljeTAgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC9H7tvssdc/wduqx16T+W82qMWJRF190U8Ojp8YtO11D+dXuos
+YwW1s2g6HC9GuoMCVkS7H3VOx4D0T+oY/Gdt2vVKWFALPXlPkXYvcetrZeBucc+8
+oQHdgUeMKpFwagazoOeBZRbEKuz32amMQajto6RsdOKn8G/tCfvPWSiu+e9Wpr1A
+F8/F49mxKRrHo/8sLnHZEBYA4NIVy/KuXThzkYmfU1nfVejYjNPDC8rV67MtDvJX
+Q4KkbASnlX9zzaQuJbT8AeUeDMnYKbss9VcWTuukIk45PMAJvF9tnK3vlzPZcoI1
+wL8Xznd7XpwGDCjt9sjcfFG+P9gnnpe+oH3RAgMBAAGjgY4wgYswHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFLns37pSIri4vmr3ohLV
+JyDWZwQ1MA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAEAMA0GCSqGSIb3DQEBCwUA
+A4IBAQBW5W0it/x9piqf4Ontkmv47v7kAheDZ3zVTavuaSyTR3X8zZjq2MRZ/GP1
+ukAIbYmtVA8ButPfrz98zK+JvgWhijro0lulYoB1weRwEVCCskRw1puGCwLcO5HH
+esqtSf25opakP+8orfdJ5oz3MNgIbV2eLrV8UBoIwqUlh9nJur1dLYY0EVWaLtl0
+vG3ZCzoJUdoQfidcBukQ1vs94fSeo86PUSmc3ly9R7e9bqmlYx3W8+UWWnNzj45c
+7kho7OxSoyZhcIP30Brq567uvhWftpHTThNdgsXLEMZ0sAtYz3RRTwJR926fij54
+sXrppFJp8OTTFV9u++k/u3qmGQJq
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 27 CD 61 20 C9 48 37 C4 8E 4B 48 31 C5 51 74 67 43 00 1E D3 
+    friendlyName: requireExplicitPolicy0 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B129C23003C7DEB1
+
+DLhdq7VdbAjB0rZaaal3iA/ic6EcNiB3hXhnWinigTmeRLec8mtYZqiOkTDs3kSP
+g81WHfr+06hC8T3112FjVg4XhMjQIL6TnyP8WExWOZlbfNgaQtn1O/6/uPVPywi9
+gx0hipVnTLhfiTjD2HdvKs7nNxvwcGvHSMp1DQIZj4JVPA39RNVW5KncOCybA5tu
+1Up7+3lPfpO6it0+i/eib1QOU5hIIN+O0zPy7eiyxMWKFv0brqGKWeExB5gIc2BH
+Zlad8DWnYscxGOMUqM0OELBIDqH5Mgpsml689VzUae5AqfGLTHW60H0HY6owpiKF
+Kq2e8SfKWuGf+4hwnaMlHH31JQwO1vIJrF3tLdpcgZSicCC4sTKl45oc1lZXgYHA
+WdH8LhsHIZdcA68eEDJxHFxtD3Jvh2mtOyWwxTCv1PK6X69q+orzf6qjhbX1k1sl
+gNYudB3rJZLgQOkOX8jlyrFf88VFUgrE4Ti6Lr5JBG/nbrs3mpEkvgx4/cq6RVJP
+pi7gFY8+E+HXa0vn9qMSTgMq1uIWixHxRhTs4PPH2cn8D6qCnz5a1WFmlCWlznw9
+2wsGyhgjsUcUjjJEhXNBvdPDaqu3pon5wyT5wPng5UdX9eDhwi5ZMSjIeSbybdWh
+MXPPla0lsYS5/edG+rU8A/LS0dRuAM55b4qZ2uKMXA5H4pzMuIp9i70BPHiTtlTo
+QMzaK3xpfHWZOfbONyWN70tdyhDJI4YrtO1mpknBOJuHjxMhe67NYaxpS3FMwXuK
+sXfPmbCy5N5NxKuJG0rwFaHmqUDu/u1UQlr+6OQggZQ4mwKUENGGR72c1onFa6j9
+X90NTKsx1XnH9ho7wXLPp8q5I+wyfRkcGTREw6t0X7ZNE6wtUv983lZ+KK7I+8XF
+ggQkh/wZphlm01qx4XTnOSvjexgxDHHfFDO0APaonZsZ99pnfLadMhO5GN9YKMcY
+4jTQ8B9pty58CvJuSXxNRwnOwDpJSxQA6Z+SS5rn5GZELvXFea1h6dzVy6LNcYnn
+DqQayNbw94GF2YLTchYKCM50/BiT90wcR2qRJYgwKshWK2YrVyxgn4PDme5CST5p
+CfUiKfGlL77pojauzjeAttytFYhwocN9Ubc/X9FVVycrqUQjsviC4pZigGt5eeQq
+us7QaBsdcUStGa+rJnhAZ3uu3cWflYi5X/i3Rct/BlJBcTWTYLzKznZphStEn4OI
+Z5kObIqCLZEq52TZ7Bho90dX7c6efB+J81GyVY56D8LKJqI1IDcXAnrdHLrgv+eH
+BmyOBx9iS7XdNqUUfW//zvDd7OkbPclOntmU162JEBWXVPhODjg2uI9tAAnd+Fd6
+zIPqXFA4iD4yfawNGvucY5R9xuGiwV263GfDZg6ZYomSjfRXhyix/n9y5tDSIyeY
+IcyhHqK3ceu6LK0c1p/ChE+O3tyV/l9zLKjKC8/rD9ISbsGoMYm5dmHwsxRFi8aG
+ZxhXrMVzJuB5yqHLyLoVZ+JV0vXmQwh0amT//fpY13ymo9QUNl3aWVdV921QsI3J
+0dO1LjL4NVhysOaGu+IwJqk6EbDGMg9OAHlM1ZbNAunJfNKOEQCnbTd34p0ot8fp
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subCACert.pem
new file mode 100644
index 0000000000..5758443d07
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 98 9F E7 16 BC 53 67 43 9F 00 66 8E 0C 12 67 DC D8 B6 BC 91 
+    friendlyName: requireExplicitPolicy0 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 CA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MCBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSUwIwYDVQQDExxyZXF1aXJlRXhwbGljaXRQb2xpY3kwIHN1YkNBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1kJr6U09z+r8aR+1RvhIAo+D0AF2
+do7gCMyAhzT3z+LRHAdHqeOwpsUaTBcREVV2MsCoWAk2gsG6mkXzrpKWWboFM+0x
+V2HmWjDSb44HNYEwcnSQ8uW2eIZ/B2ZUEdnkODBvIToPEbvfubccCBz+zerRuShN
+yB/m6m/Hgx65/ZmLLlja62OdP8/Txk+q+NudnkgkWIFaoqF6PxPyZDf5rS6wFybi
+B2E3xETVhRSAVuKqJXiTIl+xQnc68/HaF00Oj6Ul2v3Xmy8pLdA+z+BMBLEgso88
+4CQCCw9DKWExeWOGTOGcsXGF2Ccxo+HjIpDtuy+NiyKBrCySjJWTMebUAwIDAQAB
+o3wwejAfBgNVHSMEGDAWgBS57N+6UiK4uL5q96IS1Scg1mcENTAdBgNVHQ4EFgQU
+vmJ4/Tu9bpwLM/I7MqpBCPPliVowDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
+AQC1SY78Ivlxwfun6e4Ru6ZfZbq41Jdn9WDMSO2BpepubxaXSDmGv0lGuvTDKAJK
+qNLUZ5GfGJP6inTx6iOxSPsn94vVT3YnlQNB3m2BW80MAL4G1Y+2IGid+DziABjl
+uuihKKe9gSbu5alh39RolvCP/PuUmXX53SJvn6rcM2ImnP80F73lccJno+on/zX8
+SvLqoGBA7jUO6XUJRN9ZweY7jpjQmJkRbArIHf8XUaEHDzFnn9job0siFYBfSbyE
+zDGOqpesAx/2enD3AHGdCQAfN6j68bojseeY+o2R/qKAyW6Q3tgloj33bo9xq4ku
+qNvqfPmXIIdT6aO4zpTrjJgy
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 98 9F E7 16 BC 53 67 43 9F 00 66 8E 0C 12 67 DC D8 B6 BC 91 
+    friendlyName: requireExplicitPolicy0 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E7F5CD2A1E296188
+
+KCkDHzpCNib6KzyDil7+gKgxF4KnWDa3lOxEe+4gG5IFZ/Fl/agCSqAKg0efdIM8
+kCJrR5968l03QXhdk/WHMymOgpwVTope+eYpx9093fXQRfy4p15q5YDxH2Sufwbg
+kIbE5HR0RlWnOjHHG413ihmEMSxPM9uQK3UhrTHAss4Z3mDDgRMYjip04o9fCmiG
+ib9bJmp9uqCHraygD//Hnk2juKOI+/mjWLaEmOu8L6CCCjNdrk3bfwBxtgfgZOa2
+MBumLB7uSSA1tirzo5yulo/l6n2sCtdrL5AqYAhxIgPITGKTNwp31fcUScWYP6uO
+cbDYKzIbU0Z2GhVhCeQ4bP72uUYxPHDEVzwLKCUTL7QhddT4tmf1ZWqz9PGvjX48
+1C+9Hr7tdeqevewhbwn2nj/i7WhCBFFQCAcQJhMufro3PbM8SOxilCnl7ggp0WPH
+W3KJ+u55+mO8m0GsfaYmwpJW5bPliTlWhY+4XLDdYtK7bF5NfOng0sPmi/IjFo+0
+QauvRVgK7mZWGXjSVzsy0x6AYQqC7PfST6auoA3llSx6iteqwHnJBAgaJ6m4GyGW
+p1KMiyo41WCPS8EftRdD5sOQLNY3j7hGXZQV6XQRRBUeonpjwYdm8dtRlE9GNT8A
+B/Hjlm+qOdPRahMKT/vgRggFEXKwxRPYVrE5fJZvNxZ0pDTDJqIAN1yizduYrVbA
+PUUvAQzuYeAkZuYpTs4iZkfOy/fO4ZQLIWIs/OS9AW9EZU3y5qR0sK8hEimwgTPu
+karhYKs7PGy9Ni4n9Q2yFio/+RGgPGauH7FZZQiveuWG3tXLSMczNjEdOqgs+LPR
+ATwbbLuqA+btrqLt3Zru9ZPMsDEEUz88x6kvJ26IoArVelPOGBKeJoIIZZrDVdJv
+UUhJeXyRWhdD9duRY4z1JPKVYte2zsU8OQZZ7U60L3zVNXJict3BKtljSnzotqRc
+27ICOQWdrs0KVox3seJJte98xuzJ3KqBYFS9d9wO5oA2mcJYG4iG7v23XQvtnBnz
+EFNa8RdjsIzKqimqECedUfOAnU2EfYFx0YgGUTC9XnPkv++tAPuOgEql6cgleg4S
+qzaQYzEuaXp6PBjHkFfd/b9xMrXD/JeLBLlPY/qaxtJIZsIC1BFpeT0qz1uy8wBQ
+XwrerC/xM8pMJ0J+EOmf0B8XXeWZdM+3LMzlxRG79LXFjlCQEQak75ViWx6wXftK
+ZpCaG9q9oQq0Qnd7f7k40wT4Qou8B2QSVqwYKdxra/PVAUdR4xBnZ9jD0LYNpcAM
+9EN1Uo8G4tQl2nn0u/s2Sk4QpeCKgtz7R9q3pxRFNsQYgQTtVim+Eq0AhIjRz7Pe
+g2R30Kb0Yl3PhDS4Gpn8dlQZ0CP6nq4YDYb9APLbAK6vU7McsQbXDIr3MfuPReMc
+Ayfov+WSeGWy+XnMrLmWRpyuoJB7+89U79crqfMdC6T4alanOyB6Rqxprg9tuGUF
+cyHh+FOgRlRbXfdiAhPeBOVAdHAb22hC28PNMQKh6RBZhW3ygijuUQA0d7iEpwuQ
+woZOLc9S3/8B3kkc+wOxkWYNGVwSLzTu3VgbUm1LBG2LQSu5w5c70SBQee5Rbpd9
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subsubCACert.pem
new file mode 100644
index 0000000000..29620a143b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 86 5E 78 BF 57 E4 3C A7 B5 99 E0 8E 3F E6 8C 6F AC B8 55 E9 
+    friendlyName: requireExplicitPolicy0 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 subCA
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMccmVxdWly
+ZUV4cGxpY2l0UG9saWN5MCBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSgwJgYDVQQDEx9yZXF1aXJlRXhwbGljaXRQb2xpY3kwIHN1YnN1YkNB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2JoTDyKgPYRFw7WI1x0
+qDLxFwPdMWrqDNPO3IXgWvoxaJs9TTJ0Du0yU4WBqNRR6waqPeRLtXi95RVg60CG
+EEbY4j8nTVNGj0VUnDfF/ey1ZrIPpLh2HWE0UGAfYPX26sZ2Z+gN4A9KE7kRBgf0
+GfwwebdVRJq4yCncvmMqAevllCUonA45cn3W+wC9n5Ono4ooD4PJFJ8KRALImUXc
+xHFtvL4GEsCEHHXFrEGle18aQiApb1aFVl1USk59ILLs/IuFdf1J/pztbA9HGEsa
+w0yrlN2fXK/ZPZhyD/Bs5Wy8uH85iduCRgmRa/XENqccN7AxVp1NeE8OxW3rjEQ6
+VQIDAQABo3wwejAfBgNVHSMEGDAWgBS+Ynj9O71unAsz8jsyqkEI8+WJWjAdBgNV
+HQ4EFgQU69iXen96IzUZ5M+XJCcizGenVkkwDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQCVCnP34O7DI0X1maCMTT7+hJ1cLO2LvC5MlQK8q/V/BjKFc6G8VcCy
+SMRFEwgoMIctfF9lWLqFFGlAJPB1U6T1w80eFb3GCB9vLILx5rAZ0Zib963MzFZB
+/hxhpnmwAQLc08zmjtHQQKNiTOWKCriBfPvAMGbdWNej/rwnDSj9YpBBEYE9Z4AV
+EFUS6DTBCj4QHP4Sej0y3V/MJot1F18U7Q3UCGicrrTnQrtP9g+r2dfRruaNeoxc
+T6YmhEvBrdCwoAlBFpBZr0HAI4+iTMB4Qt007Tc9WG/zH3cdkKH5YsqRGIr37Ruq
+DG/m3mjqG+3WkRuj1ExY0LYkxxiMdCVR
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 86 5E 78 BF 57 E4 3C A7 B5 99 E0 8E 3F E6 8C 6F AC B8 55 E9 
+    friendlyName: requireExplicitPolicy0 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,88080B693CA4CBCB
+
+eWTD85vvMoWI33pUfTY+58uSpi+fs7jkDxVrKD7mOW3rzPCep8h/lVv0neP0RNoh
+5lvzFkT/2V4HTzDneJfmE1ZUqThAQaqtZxWqkpPgzrVbD+bZvcCzzOb81ib3ERo2
+Zb79MoEPcvzNhSnX4K3A49/4qivghfBbp9NB8OGHJ/FKbjsWYPkQiqYU4JmxYL0d
+OrpfwAdWX1S5r/monH0E1Uv6ip5NHpr0kHzwfQxsD+pgubqnH200+wY3bRyrnDhv
+J4R5IjqzEup5xXGTBhN9rYoVF95cLn94YRkHxfE8kSmLew84IkG9REL8fiqbwr/S
+LD9+SK1DJpp5CBYVevA6lVQrW7bvFclbvOPQhJjxTTNBnOoUbaX96JMDNTH4mB3c
+C8blqAIqo5En//ZRD/PsjhTqQ4eUj437h9z5ePO7Itvqh+7HY80zHb4ShlhQxc0l
+PSxGk1aGtD8WscSfV+8EaEHiDF0DHyYVC5ZW8iBgmXHVuuVk40//ha7VSbH9SlJM
+lb4ZrhwHjAOvbiuNxp2O1iX7n1IVP2NycgUcO0YM33tQ4/ejsZd1QEjxeliTIUhC
+V+7bdXggH0KzJdvpDPyleKSELSwZMpd0fz1bNq4abDmwDlKlpoaBrO7+03VsVv+a
+HZYe96W7MNK/AnQm5ylm1wAP4NHkJjWARWENDS/24lGvUbVzYcdxttnxf0SLUiAO
+nvMCv8cnibQ4wXeY+CLivELdvtsusIKZ++d2MgWp4aNJgIdJygpNZQW69/xqQLre
+ldlkxQio8hYtTCY1MUifMag4uBUzxW9iiJuV2PD7Gu1TVV4xd/bGChZVMa9P+nHo
+u2eiY4pVtNhe9wr5I7nM+SwF6ivtBEH5KwC8H4tDT3nX5fH0+AuvlsfbWeRg7W1k
+cxs6ZMOR9bd9B2J7zUHptQNGP1suly0tMb/KbhM6igjSgnovVGBcdzpK6i6JrLzc
+TlQKg61SQMinRXZgkNYazV+vnkUIYv/rLUoQDlFMAlaijIyN6w5ksaE7KfonjAmx
+OHh2vonCSy2W4gErFY7zNeBVH/fE+JddAWJeoAr1+EzS580V4PhZ9R4LydRfv9o5
+eihAWj1aLUCeCdBNB1MazghBFNt38PbOy+hpzvFC6bG+PGPQAnxisHplO6q+P6co
+xknLYNqA6iFw7mUeCii9hHtj+FAF/cNmNClrK7SAmgA0W8TehLeoOKGoo0dA6/Xu
+DXZV0TDlbt2A8avuYP65daX+b9ghys8m2ETU6x+avlmuPZ5YSq269+y3/ePSwpQ7
+jBfVBRN5+aEM3cR7W4Mn/20PVVpt4gAIYrEAIPiz7sISsWZSLSu8IzCK8jcY8DlY
+L5O/QPZ2LFBJ1EliR32EXl7ubtwqa4VnEf9uoWnyooznyO7qydjPHJU1vTh1wz4T
+gUd4RNCGd7FW/pxS/F8RlItZvvQk5uVKvX6LjrxuHese3dW9JGSe9EUqxozhKRz1
+yudyxVG1rynKxPndL8bSkDikAfPrB/7tg5bzOrF2sAwxS61mkKc3Zd8TBoeOt34F
+L7GgwbWU9mWs/bw8l53HDVuAn2Fsf85xrPdyBRLXzNpMRfAmqs/zgutKLupZJtUP
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subsubsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subsubsubCACert.pem
new file mode 100644
index 0000000000..9360d1dc11
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy0subsubsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: D2 01 8C 12 28 A9 C4 AC A2 4B A9 B5 EF DE C4 07 DC AB 48 2F 
+    friendlyName: requireExplicitPolicy0 subsubsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 subsubsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy0 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MCBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMFsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMSswKQYDVQQDEyJyZXF1aXJlRXhwbGljaXRQb2xpY3kwIHN1YnN1
+YnN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4d8UvN3QmBtB
+KQJSFClF134Wrv+NsPbS8dsXxeWIPKizD+8yDP53Rwdwr8k7q+Q2f3jZdXWovp/Z
+RILL+woH9SRbSNRpyDPtbrukl3hPaUO9UCtpeCqPETb5/zfJuw8JIqSG9Ab+atqa
+97bG7XzBTThsSNkfckHoDAc8i0U1HngPuLx9elndglmKtlfgKGqTagXLaWJbo0WM
+phT8BOBrmBohhIr7K+t08MyC72vCLZXD4dTkV/+fFuhHdKOP7XHNejLOdy8QVbC7
+kuSTPuCjI7a5EjtpSVwpXvpaooHdFIeOCiPjJg4xBP1NNJuqKG9Bkc+P+dMjdz+i
+JH4ybXFsIwIDAQABo3wwejAfBgNVHSMEGDAWgBTr2Jd6f3ojNRnkz5ckJyLMZ6dW
+STAdBgNVHQ4EFgQUtdsE1sggCC9aQcd4o0SJ2s4ua7owDgYDVR0PAQH/BAQDAgEG
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQA7RXTh5JOGumpqPXnJxJTJ0T99+mGke4EtCkyzmb1KvyKD
+gId0UwrUjENlGX20Jqt7/PhBcYS4xgx1kpQcRf/WJ8pzQbSH7SD7EFxySJ4d4zaj
+Zu9ITjJCEWw8qlWRP9lbQ5Hucs+X+W1kFSlWM3GgV3qcysDnNlcBoJfpNC6wehFy
+aSIBDY+SgT51bDZp/ANdKUSIjX1HUV6uRzCPQZYKkNAD4hS3X6as37Ap5WerP8Lf
+rZKkEtbFFB5TSJif31LTsxb5sYc2AtBjOBKvemBGzdmtjOs6MNRXvRdi/wwK3wJ5
+Y/y6tuaxlJtlUngvx7HLQxlZOvySQrq84uKZ3F7C
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: D2 01 8C 12 28 A9 C4 AC A2 4B A9 B5 EF DE C4 07 DC AB 48 2F 
+    friendlyName: requireExplicitPolicy0 subsubsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F15CFEF31278A507
+
+aSZOe2dyS84zymKL3agADP47XYRnv5CrbiUhwyzE3k/blUEkzTp0VTOwulg8G6pK
+m6Ol1rgp8BpvnIcfvo9u+YhKYd2ziHhNjnOSzaGTAPRq+6s1cdRiH4dhrtzZpOR2
+AKcbk7XiH/uWSR4GLZUjWqGPU6nAd5OvrfVrBF9OiBpz1j/qx1Fy9O6J77DIy6/x
+jeJiH57KLV/RMJzyFELfLF/y1PfjPfxq2ojSAimn1XZKR44McELtn+KBdFEJo/5Q
+K5bPJy2lPdFfLyArqGmvOMyKUpirb04hTEEt20yoTJpIZhBcstyWNszwkiF9vso6
+Zxz6eTchgsiqaIHfKe0ezRDMX8cW1pdB5+2pW9QxUsUn3izIbIq5+KEl5oj+qZcV
+wNN2aX1NKs8eoT1lr4bOTAUaikJyoU4Z0wnUH7AjvW8ynA8jXvi2BC7921JM+6d/
+yzh3nblCQSKsuz6iJv6oWI0CHycc/69bjhsKt1aBdC2t5WFLwWdvhaPlUEBmJm22
+b1Ftez4eQ4w8531g/JA4oWK+Jgyb+Ys8ZJKJHe3NpjjOmCj95oWr7L7ZyUjrIh/I
+Q0Mq9NNrHb5XQSB/by82gNjaE4pBiOOxWBy+CaHgvh8THkZ1UGrPMTUKyY/BPNCT
+tlxj8E88z3kkQzfxqf95JE7JocUEmVou2x3RGKmooOg6KydAxqQFquGeFeb0eigY
+q7Asce2+XB+ilUTOaa8gQXXHDWyzhcDdfWlgmaAC9kZ/uzhEqonuoG0nyfE8V3ZL
+Zzn3j0cc2/LUA0CO4y+01zXxoakIAWBfsI514BH0Atg9l7CDFCPgy5moZmpopDD0
+6EKlAUF15KZiW4x4kLyVm7U8Yjkg+Q86HBqCb2rgas6YJiRbDMv2aQQl/33j/4cS
+TWPaDMmdmHMc4jZjGqmEVlkXQUgBdRoeC0SUVX+fIWrnKpZURJZfb9V7i8Q6VeFF
+TJfaAYz2ML5vQ782ZIKA3HfckgAxX7KaesfH05Q6VlahDv1mpJFNN4ZOmiZ7+0vw
+g+8AYmENCKS7MVuX+YFpIbZXDvYFpX7gYIpNa4ADE8VZLtngQyfOtIzBdgPOXUoJ
+M3JXJDkxWVHEfOLjnOklQK8HrfHOQFxU9Hd+KvYDRbIzsph/LPhYf9LcQ7cj8Mq0
+05nyb0DyNG+ZHe8wHBjiuevUxlG+LMJgqF37XucZmtocixcsl18aHq7Gifqto1iY
+dLPnmDezdlmVvz+Hoasj6qodEmN/A39fa2uDeG+9jTDddpbc+Cjz5ZNLLFQKEKAU
+LW08Ya0ZNV8njHdlB+3MmDzfDwBG4lBEj3Jm3Q9OMV9zoH2HNaUqnTOEXGz1EMGP
+4lGIVt+CKaX0SydSN2jVONPeLOq4R1F4DB8W7mcydJC2EvgUxdtd5m8yst+f8D1/
+46031OVwuLWP0KgIPX0Kmz2Jmm/V69grXG9J4OkZQYv/KfsWjdczalw1IzWU2nae
+Yqdl2fgz1jb7mJaeE7PtG8Oc50ewlzMbCQS0dCXqKv00mntEcc3pjIiYmIl+oVBq
+t+uzCkILkO35WQIEX9oebIQYS4CYyPZrx2IVr+VDVGUBFAF+fyT5tA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10CACert.pem
new file mode 100644
index 0000000000..20f0472cb5
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: CD 39 F6 C7 73 B2 91 15 EA 44 84 98 D5 1B 56 9F 77 1F 34 73 
+    friendlyName: requireExplicitPolicy10 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIBKjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUzELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIzAhBgNVBAMT
+GnJlcXVpcmVFeHBsaWNpdFBvbGljeTEwIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA89pNhXn+jUxGpeJ1/h+iAlDoB5GdV8Do9wWsj8xwV6wx8QAi
+7MLPxjS9/zzCmmdvv9sa/tPZFYObbUaY8VDtQoksQKtW57OZgyAJTbUj1vV6VPDB
+U55xFOWaI/pesiO1+q1Xzxs5mZKVqChXQMIxzEYbN1opf+48tvsK4cOPLx/QQuEL
+E0q8nnoL8ePohm+8rTEtsWevzHz+PEywncSG+xu3SXC62gBm0Ij6v4178/CyTOho
+m2wXU7KAowokvvRx8ZqI2WS9Arir278fHzCsdjYeBCnybJyES+ldKZ5tvANLh8am
+C8loUhtoBW/HvAWFzOyEgucWqMmH0dUSiDLe1QIDAQABo4GOMIGLMB8GA1UdIwQY
+MBaAFOR9X9FclYYILAWuvnW2ZafZXahmMB0GA1UdDgQWBBQZ80wE0V/VgEfz+DQs
+EYHkmM9rnzAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
+MA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0kAQH/BAUwA4ABCjANBgkqhkiG9w0BAQsF
+AAOCAQEAi0krrdtrtcdh6y64lMi0WeCP4QILh7uXhceEtxyafJAKi0D/t2vQ55oN
+rAP+ZnIT0jOBBOE0cE6kyIcSa82rvNvjLR6fPqEhyXtE2i5dZbJBw847jP91UyBZ
+4QaA4jzJh/cz41U0GRv1dPf0SF/9WcsWKZnqumbZZ/NG7Zu1QJrF1+GU17rOWFUy
+CndBlxka3QVJSTzLxhXwbw52YiXvLJQm7mwF9OTuDU2ffZ5WKuOSA7rXumKNUAqD
+d/U6lvBwChFlr8sAqbXHcxh4ZqboOaTDxvBQ9rLrjKtcuA9N7udGFjZr/nEwqH+t
+vJgmuFX0Tkh9gH9AZax/zOWZivL0nQ==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: CD 39 F6 C7 73 B2 91 15 EA 44 84 98 D5 1B 56 9F 77 1F 34 73 
+    friendlyName: requireExplicitPolicy10 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,64795C6B19211323
+
+27uUJ0FOOfIALApWq8b2aNDRoTK8tCfjZSpwRDwoeHpZZNFUw7ckVRtatn09aXu+
+oGWnIkC+WmCIlJH8CxN4VID99OVp95xVk8o2sutEfMO5chpNlaIZ+G0RBltQWWzQ
+sB3up5YEQMBMNYyqD5IdtakFjfa6MSB1LW0tGDmIPu15TBP9ZhxFxDLSfUzvCBco
+Mx4WKP6Cp+sTS5Vw914guOWQTl3nFVAmkv0QbGPjuhw0sR3mXAQw2H9iqf7nlW/l
+D0UTo/vRyIyqy6ri9gkLPGEFIVuOtT3gzZNv1n1mUX3JKtgBan3bvpiCuATbDke3
++p6ZSkkX219fNW6AtezPSBn+YNs796XGLOR7Z4ZwgqigekjBiNZ0T46NOqUr8XsE
++dHW9I67PnaJasb33muOfS7wNIB/RfPTkoCHgUaXqkp3BvQFivadNcOz2oNRGddo
+voRlDfrKrkbcsZTtvStn1nXz7211X31DiQr/Cct2RDeziy6m1DGMH0m6vF9TYmCV
+vH1Fvb3xbViLR1khQeJPiWUrAQG5nHPcm66RKwL1IdKdtTq8WzJyhu+FFGLncn/z
+yIm29dDg6XsLhyEAQMLj6GyVBsR6obMsSovYHP06uNGIpmIeBr/qlO7RZXZTJpn4
+kHJc2/aESWLzqJPQtV1RSgRlp1XJl8+8s9n8VuvcNBpVIoAGXf39mL3ysYQZGjuu
+Tk4I+WhI3XgcHm9mFf1D6ySjjT3TdDtRZucKAUv7RjpyINaJ2y8Qu6rOEuczx+ql
+hdW2cC06zlM/OmFgQaLxcrTyOLetZMLqPVbuf/ZXAKMRsjaIm9NUUA5+QQIYIu+Q
+MgRQ4l78Z9xWSdDiU1+FNsgzwCxSsZYe3mbLXQSxdGUG4WcElpMXL2w9m1DZNSp2
++3cl83yhI34OxzHgKLzP4vh2NliN7TBKGa7rCEgZbR6pjayZ4GCibDReqn/48Upg
+WR0amOzV7ZO4YemHgkL2LDLcNKW031F7DsOHubXql7j/G4gUcbRYrA+k6oX/rLa/
+YOv50xHKzFE9l7nqsbZXCt9jOmTudlTtDda64XSUN1J8dudgOcuQMa0QbVAoQVIY
+9P1wChyUXmcZNpyioRN0/Rk6JsCaCkFapokbG1b1ICy+y817rRlXOqJ3veNlwOmC
+axVUv0smGvxmTlLirfju3/sFFzdqNE44FNwU2pTFcZdekLLeuIXGvtg1gm8kXwIo
+UElpPiUSNDpGYLWW/P7qPYLIejh/sOtPbczL90+lf2YIZcD2QiYdCNWNc5xdFczi
+4ymcYtDrGT9kNjE+Um3vB8Km0aiEAQ6YTRli30dBSNJY/6TUh/EoZyA2rKFkRfuL
+XoKGpkG4PXs1byNppR7QkbTJ8VDCI63pfNBclvmjLQGqcdMkXXTJPJxWxGovMqDI
+fBncN2+x1q2HdmyqdP10PjOdA/C6Eps8c7nNzTxFON8gBNOKIDaFVFyQlfPIim0/
+dI9Xic5lC39LhCtobtUZsmx52O7guVGTLKwUL/NBE09lF0Sn3DEfiok9xFbuDpU7
+sFGe9FVHjxb4Bn/nv7S3HruEVVormpsDvAU12Z42Co0ubvVlWaDxyEl7G5+0WzCA
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subCACert.pem
new file mode 100644
index 0000000000..e8ff4b5f51
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 7F 03 2F 98 50 19 5C A8 C7 F2 F2 19 50 D2 16 FE DF E0 33 E2 
+    friendlyName: requireExplicitPolicy10 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 CA
+-----BEGIN CERTIFICATE-----
+MIIDoDCCAoigAwIBAgIBATANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEjMCEGA1UEAxMacmVxdWly
+ZUV4cGxpY2l0UG9saWN5MTAgQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMxMDgz
+MDAwWjBWMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMg
+MjAxMTEmMCQGA1UEAxMdcmVxdWlyZUV4cGxpY2l0UG9saWN5MTAgc3ViQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVX0CKln4yztxPjF30FSL1KXKy
+G+0mCyGvYaITtuY6wIxSEY5/gx5llypjWstkFJK6Y5K+2aeHzPzcrsxd2jg3mG54
+WOEpdDgnOyx9CPA8BjWVmZxcnzLzikSF66IoniwImkpBSpK+vzouO/aiC2kEDvLH
+5ywmwtHhW5fYUT8maw7pzJEbE1ZcQivDNxrXL0feO6neRGhNds53tC8WDFSgtZNK
+kNsPT+S6FLMzs0dfLFbg21WHjJ9MaG2kjH1yuKI0KmXJ+RbM3/vngJPmIzILx8pL
++o4mRCSmIYDW24WREsYahWvismJ+Yn+xYxUSjYrAqw8XTTWFy+pBDJooCFYpAgMB
+AAGjfDB6MB8GA1UdIwQYMBaAFBnzTATRX9WAR/P4NCwRgeSYz2ufMB0GA1UdDgQW
+BBRuGKZhJA9o2y4GEZYmN6/JeClWBjAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAw
+DjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBAOkcAeSy758gjhUGHr83+uAMg7509xvYFSmyTvic9b4TEjUTddYplwZ4zHK+
+jRSLsOzh83ZD76uVcGn12a3FbFj7GmYC3o3409ciWWefaSZ0zxFsNmvHB4Y3kt8e
+Emjzkck/LLNri5SGKVlPdYEBWQiCvxdK/jN6YAWpbIASPSbNNiSDUYLXNFWhaRVs
+8+RgaEHwyYW71IHOZ+qWhnjmtYQUL6uglCLcIGmMzkxXIgUo70utC5DbTtUYVDZ6
+glLca7VUQnES1G0oA85/nokRVd1TxbKOeBJoyxRf5IjRbW6OIgLxUYjFmxF5MB0p
+7LHjIkT/5vZy/lERobzh44QI0/s=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 7F 03 2F 98 50 19 5C A8 C7 F2 F2 19 50 D2 16 FE DF E0 33 E2 
+    friendlyName: requireExplicitPolicy10 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FF976BA627CFB6F9
+
+0UQf1na5hpAkAVpjFPiBq2fUfi5cEFRrrVtGslQSCfbP6S71v5rxbS3cuwXqIdM9
++au606Cs3NweNOeHIBe3npnk5kXrkP8NBDb9AaC3k5H+aHZ9GKYPFY1EaNya9LnO
+VHko7h7pgn4QaGrHC3BmqjyJIKFaTesLWzNhb9G9MUlIIZs++PufrnHNPB9mWhI6
+Fvs1l5vrZhVdi0sWSplqoE34Hth5Vng3ArDAaQKOa94WNI5F95eEokq7SUQIF+s+
+udHW/VsS4WEnPAVyPhsUdpb9+ofSh6FND7Lr0+vbd7tFzxHuksWZazbK57n1x9oA
+BrC1CN/1XfN+pliNCLF2jEE+gBktUaEBVjCNHpCv6K9fRySCKVrPTKhMr4/fMYEJ
+Pm2HuLtq9umiqJ/Y/ix/OeEllCDrmRlg6l+nniWnC1RlUb433hnpP1l/wBf6zPPj
+qbMYZBzK3mRDhZlcAtOhm23OyUN4WiSslBGIn/auSe+Z1K5J+zYfVyZ9/yMzS2US
+unCOxCMHCQ92vAakzpZmNTNn/8S/orXuHottrHhSHMv9zMoP0hieJZHy9AkoFEeJ
+WGH/CioyY3NImdO3RxiOhIkM0zQpVUXYpgrzl32cJOGkINIs9GxRApqDo3pGH4R7
+gW+5/kfxX9EPDKfZYHOoeV7+tqiatzjPrMJ8ZsGk9OL3xtU+cQ2EbQtIJCoMXc/g
+m4pRPmjiD64FOfcE1UHnSh/Sfvq9Wb13mn1Y/niC1q9SSnwWw9glJVLpJNPlC8SE
+OOAkhnoOzlHqbChpWtiFzls6ExJFmFdZuZdrICJp1812lgwcxlvLO/9MLrV5edE0
+vB3SRDfh8W9DR4yZ98ZFd/QpRI/Yb2QzORKzpoSXQ+U/n/uFuL+OhRBiyW9TZ2vg
+dnJ+9wy6JnITNdFTuL7m5iv7tXRV650bJ/sMXsIzyhz7WAoNL5BxpJO5g1Vdwoft
+A4vBPRlvkFurspLWwEcyLrIM7Foj3hXV1eQbp4W7fKGDSFlvESVF5tLtURoVWN05
+HHXX1tbwJel7zNmCrjNIxw0QIZsG8SyFGtOHgTzK+oeR8KJ3B5hTBgnOd10RVJZE
+M8Uj1IU43RwaTnpQttw4DP/rMeQe/yXTTw6SdvrQW50YDMO6MGGK1C92OqiTBPRV
+qtvlsROpUEITUCbNP22QeYQw145t5pYu96JE7S7EHvFpr+m+KmAO17lpbUIBX40u
+Pkh9sOdKBWkm5skIQi36qx5lPDLkcYvBosadJs0z83qNlfnEJtEm6g0MYmU1rcwy
+X8UJMBmQZAOIAaX7y0EX3eBFAqs77FE7dnIiJDKXAxVbErzC+4JEHTYvdw4VIMor
+yMJDtVDJuVk9MG5lWkIX+942TVWJc297USYQpr9fxvgEPlgrOzeOyCOIfx1hJ7JV
+HJmlHSqxat+2WQPBQPh4sMX8OcndsJjkejKgY2Igdix5K48TFlD683lZPVeIOgAD
+ILaJbcO0/9j+q0EjjT8MItt4tQiN3pHvfqAy8nGXaXeolZyo4TANVfAUXswLSO0Q
+9YY1BO1wAI5LT5mWtF8+4u/oyYlqSnIo09hgVjBfdN0JedACD3l16Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subsubCACert.pem
new file mode 100644
index 0000000000..33f695db43
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 90 84 34 25 35 EA 8F 80 07 75 7D 36 0E 18 D0 93 C2 5B 9C 12 
+    friendlyName: requireExplicitPolicy10 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 subCA
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAo6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEmMCQGA1UEAxMdcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MTAgc3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx
+MDgzMDAwWjBZMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0
+ZXMgMjAxMTEpMCcGA1UEAxMgcmVxdWlyZUV4cGxpY2l0UG9saWN5MTAgc3Vic3Vi
+Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3Q6OlKYYO7GHk++9w
+xG8Uaa1vROnO94XkBCXxGvbcoEk9vLTPMrU5LDNeb2b5jsqFUnyr2VspNrqVjsft
+SWn35sbByY9KvOvxtVe9CKKbQsnr/xdn8eAbWz160y1yzfTgKgug36awApr+Br3v
+LKAr4+pRyFoFA/rOODTgCvAAw7kWqSo1u41x3tr2trxhX5LysQQu4ZAmuUgK0FW/
+GVElVC3XqkJEj7f87CAJ1UJvJbkmX3fwg2ZLbH2v4UihwVj1rwOmRUz5mrxVM6Qv
+CkcBmP+gxXStOpWpb+xJbrB8ja6XEZ9E1mZvn7z0tVd/MMp2j/FvPAvIX5eK0jE/
+rVixAgMBAAGjfDB6MB8GA1UdIwQYMBaAFG4YpmEkD2jbLgYRliY3r8l4KVYGMB0G
+A1UdDgQWBBRYUE8O8v5yJKTQdz+glix3tSToITAOBgNVHQ8BAf8EBAMCAQYwFwYD
+VR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
+AQELBQADggEBAM5UH8wRhIjUneCRQvs9o+G2dyjZ2vTOe2Fh7KyY48tnVB0WBn+l
+Z+oSat2PcoEqGLeHb0xeiOdTStG+CIMBsKtEURm+6wm/O9McFDyu/zWAENdgqZfY
+wQa91xLPw/mZ+p73SGqrRpFiOcmStaIax7ip6yB9smU9eIWvqJnRvWN69UvhIhjy
+xarGYM3vUNC4uuhoZuzerUoZ+X4S1l84a0erkbGmH3bLLG/6xtS9jyIrfTN0kkPu
+631e1/HICHgVyGzFxhzKU2wDlkLtWqGk71ZqxJB/hZ0GS9BaFk2k5LS/Jc/r1vjo
+UBK1VkO0Un06qiXfa0JDsXFrWiMtycqBFzE=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 90 84 34 25 35 EA 8F 80 07 75 7D 36 0E 18 D0 93 C2 5B 9C 12 
+    friendlyName: requireExplicitPolicy10 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6C56B0A995D09FC8
+
+kNCwDBBX24zs8XyFyKqns0+HqPKcmOUOwb5Eckka6gqCUpI5q1bp+STZaPYBahb+
+q+H9DChmRG9O4eV+T3pmCfY8lSFqv/5X0tBm1KG/7UQHCeK93PJ/+OudrI+9xqsJ
+L46yjdnNHPxRJUflnUmxSf6RAVoxcZ5B8aCW0arXcJpbKPG7vg8noBAGLL9L+Dz3
+RoxF7h/6Uie28oH5sk5KAueItE6lF1kHfBo6gE5G3Y2UDapYbSmXU2Af2lFnZ7zN
+GIlTyapnH0arnWUzMB1QgVWof5sbi4cmt+std8kSpR1olfFEV9+BopVNvspHwDhI
+GdUhN78Oxd3FjHI+RK0oo3rVwfvfN5Zz5/wsL8P6QmCzSS4BWTbL5nMRqUT1ZxhW
+kGRmSn7K43ybGuViWrzZRHxdkx4Uf3/u235dOz9cZqL7UbE6Uz30TWBtDlJNUhkY
+t9iZnlmoz+uQPJVcXoFGQycV49MRddF3dFCQ15Mr4C8xSbU66HBSF8CcO5p8ne30
+k78BPgCTeLeUkO9P0j2W6rYxrAwt4Dcse5bfPlaYZsPsdj2TdludOMJedbLm9ppb
+27UgLmu/IGety7KVbn9zFQKjzoN0acsA0ENdP9wdfpyplhfZ3F0J22RJV/pmrYug
+mmUqPqkmKmN6KWl4N+ZBdOsfwMmMdou+YJ9+kZBOk1uC/3cL9LwL/X33ILanM5pn
+nvJr8cy/lMhcadLM3wiHqtiroKf+Ui+nHrZQ6v7ZAtqQEvTOvLC8G7tYPTdUz1yE
+jKsqs6JrwKHq/cQruumxXj8+xipJ+IncB0AxrAtI1zMcbXosT+tuyXmK76SLX42j
+MDsLysr3N1mkfVm/kiaRVmcRijyaUf9lHM/tLHVhbO0GIuPyYsAKjTJmUIXnx20H
+Zqe/T22MV51ptzZZcr5CRjihJITQpVUjAw8pQKijktT7OEIPSvbvq/fnZX/foruL
+9rXVrACb4LSf8sdJTn7eP3xZVElfbCBosJpm1etjLwKdiIzmcPfuVXsnsfKiuyS1
+PchTcVE7duodcQnUAOhWkpZtlrX+4ZuPFUCWrsebNWgBavEuhKhfdjKsfjXS6Pr6
+u+qTgPa3xVPAhKW1cxiW+smBBnJNPApZ1bqmN5u5dfrUOhoL/sjuuc3bUVA0BkTg
+H6uatshkBRXXaRtx6AvnJ8aECOBvbK90Wl1EbszszVpAEsU2MNhbX3eQiRz1TBtE
+shKnGphVNCbtbS7Ll6xwL74gwxDSOIIGs7ggdpPNmMKfo9SmQPWw137Q4EjpNyAV
+NZXTMmF8P4PJ3K8OCNZ7v9PqnEQ3rJjp7TADD4j2KX63Mnv8fIlE/okm1Wt5Tdvo
+zX6uCkLCb79M3atbpVRZocR1SddJmpLQ8hKKPrPK3lq8MLzTpp6xjnWVK17Hsgub
+UGvsfca+VlDbYmqKvdj1lyIroSaBxN7WLh5QzMILt+IeAF4ihl4Q1xEeRE1NVdN+
+CGB4pC6J+aWpZC20c6lG7O7OcOQGAM6HK/aiAgaaSmxLhu/NjGle4uKhTfGuodgH
+8ytggkks3SzupnDRSWCmaQ0rSFWPSL2rPJbBwoWjRIMTurgQRmFkNg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subsubsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subsubsubCACert.pem
new file mode 100644
index 0000000000..21160f2bac
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy10subsubsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 3D B0 50 D7 39 16 46 7D 10 06 9A 1A A0 D1 28 D0 03 48 F2 CD 
+    friendlyName: requireExplicitPolicy10 subsubsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 subsubsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy10 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEpMCcGA1UEAxMgcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MTAgc3Vic3ViQ0EwHhcNMTAwMTAxMDgzMDAwWhcNMzAx
+MjMxMDgzMDAwWjBcMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZp
+Y2F0ZXMgMjAxMTEsMCoGA1UEAxMjcmVxdWlyZUV4cGxpY2l0UG9saWN5MTAgc3Vi
+c3Vic3ViQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2DO8cedU6
+MF/8P1YnCcHKe47mA/BD/ZjRJFTpgEelXmhIk/9qcx5i+jYsQFPOIWPo/V1WacZA
+4Z3WIdP57sw21CZTPX1JfaoygAlcaueoi2UPH2LlvnHGpOGfZpqtI/6y1Kfs77Rc
+bsIMkW8zRPXY2DOhRaYEOzf7ueXiNFx9SDLolxyZPEJiGeFX3+WrDXjZVH5wnCgV
+6t3l+88ZsLQ0WRgbi1gocOBxOtrR50JkNHoOFwUNlqPibJvBkLYrlIOvJiPlqXXj
+y5lgxMCyeSH79AJ9Q/UdMbJdC8HNmXgWxXuK+vInnaOJkjmQFY9MVMq35jIdSaZD
+69D5hOWuBO0RAgMBAAGjfDB6MB8GA1UdIwQYMBaAFFhQTw7y/nIkpNB3P6CWLHe1
+JOghMB0GA1UdDgQWBBSWjHH8Fag7ztnE+MPQX2lxfOgASzAOBgNVHQ8BAf8EBAMC
+AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBACl0/KFW/P2mCzjLyGB/zUARmsAFdR0zvWjnKfdDAjg9
+5Tf6At3kqcgTWt7qiKf58NK1S4BqcOQvYnYP3YeSmBEirMgtgJQ0FGR7R0FgoYhy
+DY3tWak94nuM+tuucWqtQuyB6zGOh8Stc7uYkspb2tCCyQQ+pc/V2S6ggC0QuAE0
++yfuJEGlCyoR83ASr3aImoGcZdZ61aqK7bz0+DTDGJdbteBbSJ6WJsH6z8AFQ+yA
+vmEXwQisnsufWYDtwuskwxoAGL+iTVYj1gtveU9O4zzh03hqOT6owGdjryX6VH9L
+dJFtQ7bn8rR5fuuT9Oui1EgnwoKAtDEIpVQGvCEtLuU=
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 3D B0 50 D7 39 16 46 7D 10 06 9A 1A A0 D1 28 D0 03 48 F2 CD 
+    friendlyName: requireExplicitPolicy10 subsubsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2693B4FF0C23B6DC
+
+oT4nC1SPE3hkJ36qls3FUIwwT4t8CIQm+If2oVjwqUWPk0nOCtoDdsI/0D4bwA5p
+oqeE8cm2qpBSeM+1LLxMvSKgDPavwnaIQ0slnQTIWlFZQcviUAby/wbvZf56UkeM
+AqoFsa3rk2KEhxlmlJ9yp/hi2OFz0yIWEeaH5AAKkoTxDAu68+xVI1ofZb81umY5
+7RMogXmKSN1/Ztl1lCtfhP1HYyJo07SluO4EiK0H7zfJR6Tj40npOzAhFWMI7ZN1
+7QlshDkoMBha6nLUuLlgapwIfzW1aaBohAVPrbT8e5+5KbZYa7jyU95YXbWjEDkS
+j5KSUsOCUw0Pfr5c8hCTzYTrpiQQdQsp5+kIUYIAfGM4M7h7gmYL5qbmS45ND/mr
+zivlJs64hRZpuiHrdoW7IC7SVSh13DOM8QW/j9Mod321fV8TMZLTRDUfDmFJcPA0
+bXc6Y+i3izPA6DtDfHuKhv/uVIUjNOkY3OtenVi382qY6svpiDk8zFZfffdFao0F
+edB16GPNI1UpxD9UgE723g9KNA5239HUJhf+vAXEZcUHog7FYkjGPVgAVObinrjP
+iVuk4lBN44K2bhK+adDjn7SkmxpmlzmY3E+4ZBLQl1w4yZqjsKGQeBE4FfIu5g3H
+Doo57oUAX8l/5UGETFpSXdrXdxfwRb6B802ApcDqs/mbgTXfdK2B+kM61mUbquBf
+wO5gbf4YR1MTpRJg2mnwSPRDUlnZzl5BmzjzlZEy+37NOXI8VnD0SROLbOGh8XoK
+9Aq3QTaLJVAzR93Mav08oFVH/FszP+hoec44YAOHZnyq0sbUzeOwi8+T2A75BHYV
+QZRYxb2PNU0J52IjTygI0RRFiY4/0qZF2t3OMJJt8+Vhk0oVQ357YpqrNZBam+iW
+AXjis54A65AsZYwP8oqi0yYhrmqIYUcJYm4fFbW2gB/QAzUu0tifgqQCE+xruBc0
+cYj7BJUJy2i4Sv6paN0/vvj5U5GnyGEBCsIOBsThOsVKRdeyOZZX988AtjUWR+Xr
+4qty4xwpd/AcJFadTILLMLujigIoeW72qvlkl8DxgJi7mJc9C+0yLvMsRQNFAlAK
+NBYyDUm6wE+BrjA1nTmTYYQJxVuGdo7ESUQx836jMnptXIPpuuPQCyHi+T691msU
+IjrEq1Dn6VT3oMnNLuT/Lfq2QRatrSDWAPPjfp9hDH5FvbqyJD+GoVc5r8M2/MF4
+WV/vhSiaQpwZD1ZgG/XNRhutHb1LSGIGPYbQFbDqZ+1tpa3UXzU1zPJDAirumFZs
+/CsyXmpnXJgdgd5E1CxqCq3yfYpz8a/YgRlGNMDtf9cMQI6qLhiKDarVpdlhhVjI
+lbHINMEakBsgO3+L2CyJRhpDYvoq+BuFYtTL01hcHeoBDGTLQF4eM571FE5Eoxc2
+KJwBtzUIU/tIfEBVO5qxBbK2vad+s7fz0/lLWX8mkkg9SNHuaNYImt2uoBBQVJ31
++agpG+th4eB9t5uL6h54Ivbgishld/zc7mKrzwX4cYYYWkBZZtFTBKCPF4AKzvY8
+in+tAV3EKlz5mXB1ztJ/ezbR6ALAOdyDSO9EhTdaOmpTuT6NjCtFTzF3QYwnRDMz
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2CACert.pem
new file mode 100644
index 0000000000..c49f2da69f
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 35 D9 76 B0 0C BF 65 C0 63 6B 78 35 10 9A 4F 3E DF E4 75 7A 
+    friendlyName: requireExplicitPolicy2 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBLzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GXJlcXVpcmVFeHBsaWNpdFBvbGljeTIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCzxfi584eF82tOhWkMbV/3OVpGrWH1czuMyaq0z0aPeRgBRrIB
+EIvQpq+7Bn9NttfyrXjsyJOt47rtyV0yBGkEyBt/UmCehaLuEROLemMB4uzcKLLS
+fo/dcHd8MZV4MUn6ESPWny0PJADb4akSbhWS6H5LA9j6qeMc211nfgy5LBjJiqNL
+6pEdyFfiW59UjL3E180/pm5ktxiUbQAjqs39vr5TEUrcnXIGEwD1wNyia7HovdoL
+2dvSb7CbOw26Gv5EKLPKfBTBGM79JUnMFG7kWXLUAhGbosCI0bLsZO4ox7q0hy3M
+NMOkxv/4yOqu4g4lg4ldmfxj5xSV4QooFSrzAgMBAAGjgY4wgYswHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFDap2fuqOC+g90w72YWd
+mhWjLanHMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAECMA0GCSqGSIb3DQEBCwUA
+A4IBAQAe0P0wi2luJkXyOChUK4ruG45cD6IIep+GwGXYtnsq2fAXIWe1c8XCQTyi
+1TrQBK+AiM/AREdH2ZVSA+V44zgmPIXIiVa1teBPXbuvM7GQzOaUU5Dv8SMCjRzH
+ThsV5bkvTw5V29Pk8vbIFNMzSFeWfoatv4RB0a5ahW153q4CgDOUyJoMOcRGRi9L
+xDToUwTICmz4eNcMA04n0U94wnqZiNhcLEdfyX95ZspOAs3E2YGBr/Wi0slN9+6Y
+CpdaYY6UzK9azt1q4t9p4PTfbYDxi6hPksgMEoFfUtskikrdD5dPYcG42IzCTOks
+Jx1qxicm25mJ7TuNhtQKBeQ3FeXT
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 35 D9 76 B0 0C BF 65 C0 63 6B 78 35 10 9A 4F 3E DF E4 75 7A 
+    friendlyName: requireExplicitPolicy2 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,E86F4CFC334DAFA5
+
+V9wxv4XRXhnFgR/nCrVP+HQGB2ZpnxDLDRCCi1wCGQT4HevR1zx1lhmckqN1q5SK
+en/+8HITNNLpC60zczhO2l3aAnR4WzIGn+VSPAP1kAx03DvconRyX/ZTenSs5Vti
+1CApBPJZb8+bQdbX7GEtLxVeZ7OCKPdHBYfXFVB/0jcQgUJSxhO60/YJk/q+/WO0
+gjq5geu7h+gUi1XcVN1YaHkwhDndtlDfRSoYp7ZhnfUfODqnfzapw7zEmmcXLZt7
+xii7UpeERZ5BE73mEn0yEEyLsnDVOvfokVAwu0zkTsKrJMqLZ5k2spHYSU8LJi3s
+Jw/Jfrw9GiCQm8GSqD46SsBdl9DqBjucBqhKDZv9sUUANc8a+y/e2kNINAtezwrV
+dCVaXptVYiaAfl9oJKtAiBDQRJ1Mp/4aFpguEttX847RyXjusUpQXrjtnph6byvp
+33QDP2Dgvg2juft4/qxYm2dDN9jXUxAMy0Ym0ZjG/Uv0Z9EUx0BAzF3j9u9ztAcJ
+TA4bNSvI6xA3hgoQsd9rGZQUFgP5nNAXLQUCSPaFUY1OdZUNsnzFMvQvKG22uOyd
+DhMSAlXfpaxQ8KmqX9ekgzYSBWwlCLCMHUTCAKQFybg5bFvsQQNjTkqAAgRt9lLF
+zlb5Z0+bsSjlNyHNQ2QumI4gnL29b2Ep60/tPH2hWBuiFXOnnJUfvCDrrZl+2JLi
+mVtz7qucLGiEtLdX8wXoJDKh+AgidbyhQ9H+G98sDx6GN2z6bUKZbeIIXOSoiWbY
+iOMusN8/rTjpW1p7tNMZd/NZ7iJWcVlz8HAEkxGmqZVePkZe4diWsGy4mx7WDDZG
+5XPuDHVu+4jwFBU8OFqc9qhQzox7OdCEFfNxzo8TCjJ6zLePS98esVwbKjJy8F6y
+Znm2bilT7PVNN53N6gHeV4jZ213/KxuD6r2IamqOo0itst16DSvGxZ+nf0kJzJuL
+I7c9rME0OvBr8KgFP00ad4ZIO65ss0SEJH3+qSGgMsAdWemZ592uF09GeE2/WqcK
+n/tza3e5Yckeudopu5U9Icl+wvFwC6Wy2cgrXLdb/PB/txLGqlLShGocSTtNPRJ5
+Bi/MmYET9kJoKyyKuD/vW6C71KyXRj6KpD3f8wiVQUGRU5TPkLn+8m4AwcRldM8v
+4pKw4Lr44jJum/jg1ELHzaK8vCYr2E6JSgPOWxar7+KOPqi8VnfaoTdsEhpbpcJn
+yhWQ3z3vanG0dmJ5ROVde6X93bJVPMmvFIyW05fxpUSA/7/de19UZ/HoAEkq4wik
+VRwaJ8JOgTpp2Z8W9Ma1lbPEXtaHvbA/MH/83blD7Y87BLJhxgTcMPdU2edRX/HG
+W27yIRsJ3F8YFeb8iKTmO8BKgx9vfT8MlY7aPJr2pE1FrVdT6tnj6c+BU9hogXlD
+Gg8V5wNq7baQuVsHbIlv8QRTlDf+mxajj/BJO0P/HmM6VHezcYfpXtC1ozvOZ82b
+bsbpA+5t/BWgxOXgV66GX4Nf40K2u+kIUQapdDJgG1VdB5KfLKzu3GAlJBbdXK2o
+YQR+srJaV3OSpcEeam5JJ3ydZcZt21IqO3J8tPF9EnOcrA4pHfIn8Q==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2SelfIssuedCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2SelfIssuedCACert.pem
new file mode 100644
index 0000000000..e0a2b37a9e
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2SelfIssuedCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 50 09 24 5A 39 5F AF 37 8A E1 C8 59 95 20 B7 99 FA 59 1A 2F 
+    friendlyName: requireExplicitPolicy2 Self-Issued CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 CA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 CA
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MiBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSIwIAYDVQQDExlyZXF1aXJlRXhwbGljaXRQb2xpY3kyIENBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ByQjiOjxE+oZnilZmG+qagOo289Fp+X
+R9raC3r0WvOV/DiAIO2m+PMkq71mXXR3jc/gIL8QqIzS75W0XToccyVOnY6uQSlN
+avFElfBmhxMnYNC/kcP/cpne4iABELM3csuIRUz06nFXTsSkQSHa9sfc3jin75dB
+5JFHF+WzVBbZLa0mUMweVJ0g6ukWYoyEqrRSME19jw3X+VKkQxqOBR4BEiKLLVHZ
+0DWzomRmvC/YOa6QxlHGlXO6myPBCVt6xqpzBNsBLhjKb9aTsxgRir8Wyo46FGpi
+OBGfB8ebefFEQuwx/Y3TLZEUyaAvd7MO85ftuvp8weAVUIw0Ks+d2wIDAQABo3ww
+ejAfBgNVHSMEGDAWgBQ2qdn7qjgvoPdMO9mFnZoVoy2pxzAdBgNVHQ4EFgQU76va
+2OGAMadDFu7Edg2v7G3yYKEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYK
+YIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAM
+H2gKVmtNkx9bL0dvtkEPs+89dAzNW36hrK3NTIIDfe1JjA/u5W2mMHORYJIDgvWS
+viva+NsPYDNsLiF/okUX/B+d+zUYBweRDG2t1QQzQGuwArb/y07eKTm2VZfHuvR8
+UJhP/BeqW8ftZ4NU2P1nGwvTRaENGvih7aPxJWZAyqlcQrE0Je0iFM8V3tJfC9DH
+9xRDUTADrgsaWMajbEea+cFAhcY7E4YuZM94DKEvXIVjIMM5ifOGm9ySnf5LAsVd
+3ER6jg90zfW1wjqC68nPWpHOfglWoJ7QzCxp6IqGkVE3tFoVIJKz8d34bKBoyh9R
+xPdQHkHs3XLydaxFC8kf
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 50 09 24 5A 39 5F AF 37 8A E1 C8 59 95 20 B7 99 FA 59 1A 2F 
+    friendlyName: requireExplicitPolicy2 Self-Issued CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5F6F0A015308F197
+
+R+0cQyPBxUuYCKNFCmE/mdgtm8g2QoIr2dFN5WwmwjVkmrL5IG9BLMzedJ21/O5/
+KiMwKshJ3o39CmU0KSC7rMgmrCB1jV0CYz04i9/j4Zn9o3cvZxgILOLEvRY25JUB
+Ak/lcb1hWTuBP0Jlpq33KYjupkR6Ss13kgOc893SFFWJPRvMjyjulwzY+wC+fsHW
+OrK1SeMioG9SpxQayF8Y3o3KitoBfomozW1PTGZn+xtoFvIUSpToiPu7/3rKdAMc
+OmNjbAaPOmEyhJmPvwTb1SIP5UHrNwkzeN/WknZWUjPbGonvsu49dlvLwWhvsRM+
+rEadTY8XTxMQ123QJMmd8CkYzyvAbkTTySDrlH+7px0rxZ359e5FqBqMG1KtfWXo
+HshiEf3ok1DxDdTdbTyfKxc/7DpFjmC83+3aL7Yba1PwgNvpeJCEmGkSaNN/mBlV
+0K+zBva/l25ftLpdm4FJbU5heB3l8Js11sxhiik9XKQUrLEdVQznG8a8t+yaZpHI
+XHqia2c3GsFcilESXgcKhRunyuutzRh6VASgLO82u3oaMhdPXqAuUHO9ZjNTlS5i
+IQJJBU4QmhB8rtu4lsSgB9Y1OhK7Ijza+fvJJ6/KMcBP19IMuK7uhMtdk+1q0qRW
+HAhCx5iiVB3JKikPOzQHeJFbdIa+0YOBVWh+ttxpQZD34KZxIdqJe5NOQPuVRZyn
+HBN8U2ibEsbKgI62a1nI6hOC/OFOsxiXqc2BO+p4ySw1KO4hoGNupvYMe3lmVSki
+ki1pDo5esrf+XzXYQeAQ047Ml6wnzddmeG24FMoOhZsVKhpKezds3Jclf1LbemS8
+hR8b92HL6UncI7NmSIOFV/HlVTxjxAP9ZdEGImUoDTuF5eT0V6Wf0uMqVGPdiFLH
+NJ8929bAaFL2m4rbkkjjEPZPotvjsSYj6T41m4VwFqhwIHbKCVWf2Zxd4/pTjVAD
+xSsrfQnNVvfn+Prixkn8qZmLNeK6CS0fkBVSYikHm+m4eqOeWXsMw5KTHsUW3XVq
+R9pbFpQXKqxFjCsToQFMKdYjRAFxsQ2JHs99dyeB4GstmAsDgOY+QCViRgT3IQEJ
+jgbRTr7DuDPbBa6nkGuEsSV5D0MSG1DehbT0GrCL4UrrE3B6BJKB3uLTEpg4i+1M
+g2et4bSkuzCgT31IRpm9iNGhjqWospJJ7o7DYsRD/b49vax3J3Mv7CsdWWnrSt4m
+AQbWmZg6TJkG0yJ2dt3AFdY4stAiL4MKRBMsVETTI2cyIuNMZlo9zX4T/yv6xFeR
+rzqddvh7NY6AQQcqn1aRSA3OJqs6cD+CV07QJEjoi9g3XQ9f1gkGMivdTz5I470U
+LW8R9LR9dbeCYuTHHGweKvecz5+Tj9EOXXOw2uRedZrbxgh6jA68PGzzP3E3ZgZT
+XiLtOSwa9xSWCDE39OUX1DJ9RqBjW6Q0SxZ53fYhvAiWGin2U3WZZyqh8kH+Ef+0
+KU9/YcQ2EpexC0wXe41CUVSugVf1vwlz6RJtWjL9+f/V2TH/v5K9NtgVn3BPiEB0
+z+xeDbM+yGS0Z9X1AuTdDgFw2R2L2iq2S+DgImr+eruI+stbSIJONQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2SelfIssuedsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2SelfIssuedsubCACert.pem
new file mode 100644
index 0000000000..fec9b57fa7
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2SelfIssuedsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 30 5D 56 DB 11 7A D6 A5 0F F5 EB 7B 4E DA 45 A6 4C C7 57 B9 
+    friendlyName: requireExplicitPolicy2 Self-Issued subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 subCA
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMccmVxdWly
+ZUV4cGxpY2l0UG9saWN5MiBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSUwIwYDVQQDExxyZXF1aXJlRXhwbGljaXRQb2xpY3kyIHN1YkNBMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnzSUphT/R8NNpeCrM75XZbe
+zrzFry7FcZWWHSFkNKZPyzKJiHyA4uWR2tIz4HaoNR31abyitlqnK8raWcRobhY/
+v1YcatsWBl84DXeUijt7Lo8FsgFYgJtXdQMTTZM09lrY3YA1daUUxjEVWxogoFVK
+mfAz1lLiAlMEeyzWCGpKS/RGY3f0AKZNLFFqcaK7bvWOcg8MJezmWGd++937utjZ
+tQDLzQ6m4I9pkrOQgwyIL0BTetwyLG3wMZRP7nhU4p4BRoSDfMiVQ8Q+wWKWIl1+
+EvRdNnM9L8TJYtBYvFDxPNIHlqi2OKi8burXeGaHD8MkuQ3/XvaCCoFLz465LQID
+AQABo3wwejAfBgNVHSMEGDAWgBQgd/5MMI3is1Edj7D3HH8dg5gORzAdBgNVHQ4E
+FgQUSQpnYVZHjdJZl68iZjBRd1Cq3KIwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQ
+MA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBAQB0287v2B91j3aqGz6VvjWX9dV1aXfrJ/agTXML2eCFfDpdZHSJBfF1eEWp
+EyRV5B4drAJJUOFQk2A576yH2wY26c2CatdTtepyvfiNa9j5KlxF0eJDuU7RjIpS
+X9aV0yLZVWj+zDxNZcWnTZiw5UmEURQWm1UvNe4n/DZqP+Pl90VhHmQujpDNRzsb
+zKmGbTwGtJ1T9oEIsP++cRW+cp3MXY+31gYghwsEgIL974tnuHSSL/NTM1lEu6VF
+A/45TkZKj1ZlQPYZmG1AoT1JeAoXoWDEoqYpXNZoQAD5fveEtunwPb3Ndy9GRvuV
+r2lfVmqh7AmOZMnyQvkxHohQ3cY3
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 30 5D 56 DB 11 7A D6 A5 0F F5 EB 7B 4E DA 45 A6 4C C7 57 B9 
+    friendlyName: requireExplicitPolicy2 Self-Issued subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9583C403C5D25EFD
+
+EREj7CrK6SseZexovZgTkHUnzLQSOpZDOFjRjEpWDDHiyVUM/qimEuynGfTKWJHA
+EfcKL8nYgOeaIbGijpyf/B4DDPxiKSiizgqLLLpxxNN+uFfLixDmRkAw8wI480MM
+kZWYLgFdBAl1DOzrUVu2IfGpNnt/mX+je+Ku7iYpK5rNwuZnISr0rAHW/PNu+YOS
+wPrRb5l/eZ4E18cx+UhLBjnMq4qbFAEFXz3PEchTswPCeC/tyojmFo84Y9/zCRxa
+NRfgTmIsehRy25/L3bmlaES6z4ijIbXDfiv4dLIFN1tMGY/0b9HLS6RCyZcKHCA0
+DHqY3RySA5JJCXdrD+jKBYv5sfiqUg/26VtpbXUlluZltBeDKGx2/vmf5oHow1cg
+QgazwqAINUKVLeuLEslShbJCHWnnNnbBpSwG2sOaZYx4v6GiJR8WhMW4CM/oiEye
+Z7DF92bAEvNtOIGsn8TzoSBRZecsPverv72i8eVq0HWYJ0kLR9VNqCuqOuHQL87Z
+e6SlNBf7LqiN2dQeszSWKOb5szPwk3U4nzo5X1vAt+v3ebQV9uFyQ4uTNSGe5hno
+0vn8LXbaFOLakBDUmMNdCqhyWFq7vioApSI6TDCToNgByaf4v/biljb/l+L6af7u
+MU3CVc8De43gpM9G/g1czfNDG1glXLYhXjfNmuXnPsBDWvjq1XEBIAsjbq8hyHk9
+AQNej5fRipr0hRbojxc2AO0dGNdZ9jtzsYI6MeIAaSsE6I6jP/7tNYTpjCAtfnGL
+BH1AZseIpID0D97ZCbZK+p14a8LyhW8ncoYgB6zWrVP30mJ2Vbn+ACUCRRgAKQ3w
+t0u9suM0CuJeYnUKhyIGZVXzuxgafDdXn4j6gscyz+JVlxjbuRD49xX2Ser3DKex
+D2xcH9UG2gLxZKWPsuSuXTbIh54dWEYpNBauamKKXhE6vKCwzn6Kr11lQwbmnpmB
+1ZV4McCg9NVg+5kQEL0iVdYX42KivG6PZxlyVm6dAmcPG/QgZzBA+ujQpJ6QnSR2
+oP6URm6GE4NKqf9tbV69tY4mrmnemwCS2sugNe4ZFM3O7FwiMnWG0XcKYwIHKdjx
+iLLCboJo6gObaDLEqU73PSalhzcjzxRjG8p0vDwLNfX7nUy6rqzqxzMxhkksv7tH
+d+4O3R70DxBpHGJnHnRyRfOKoKr2Rvm3gCNizRr5TP+zbnJ13nZrVcTg4V6K0jhC
+BSnlwcpKgHwnvnKBnPYOsBNBSWKrID2yPMercwtnwGvpWQutCpg+TXlmeXZY9iON
+W05GHDuSekNpiI033MYdXVP6WvH56mdQ35B2FemcDiBevmsQkfwT3r1BF3fWx3/h
+0sddZe/mDm7Z/HZF5QLe5iqg49hRH2Z2MypjDMdjb//o7VqbcvFuwS0VL+s3m4Vd
+lV/iUWiBXheIMLkavxBRk5I80C/DZzKc6prYPXE0GW0bNLnAbTxAd8zPd1k9xF9q
+iLn9LZ/o7b0U7+HjzB/vs2SwAstYWsD48S53XixyJXUwfwOtb5ozct8sFt1L/G2W
+jAiQjrCDiwmxGHiiEU97A/tFn1x/u/bpE7Z+5ThE35r9qN0js5HNKw==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2subCACert.pem
new file mode 100644
index 0000000000..a1e3a855d4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy2subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: EC 05 DA CE C4 05 55 DA 18 AF ED 65 5B AD 27 AD F3 70 32 48 
+    friendlyName: requireExplicitPolicy2 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy2 CA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBAzANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5MiBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSUwIwYDVQQDExxyZXF1aXJlRXhwbGljaXRQb2xpY3kyIHN1YkNBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsi+sFt/pVAsHLB0tfOfQJAKTDdVo
+krxRAE9Ykhw2mJympAhm/yEB/Yokq/oDim+KjRlJ9LQpem0qOjCTM+ApZ4ClsvcC
+apqvHDKpU2kBXlLyAFPRz0WaKGUlvNUheBkiQOJEUMulXF4VtsNFZloCc5fTKLOK
+62UIdnPMWPEsU0/T6Wp03yT4mKF4mV7cxcBRDwYOhb73wCwP9sE/5DshU4uaX0vr
+Zv7MKr5DLkq+TxCDrOGi4nRdplw1TOog46OIc7XuE2nd/Oez4tgbE44tACRfvdZz
+oQToxX6mw09d50dlIy7Sg+5U8U1M3T74tQ91LPH9WUQ3qfR/0BGVXMOAXQIDAQAB
+o3wwejAfBgNVHSMEGDAWgBTvq9rY4YAxp0MW7sR2Da/sbfJgoTAdBgNVHQ4EFgQU
+IHf+TDCN4rNRHY+w9xx/HYOYDkcwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
+AQCqda8jpBRM00PZxYoWbSe1nLb62jNqZ1D2b/wMEKgBqueQhV/AsqCsqSKoGpKy
+9J1ZYcUfRH941kdMAf9zRq/jtuECva0ZkblFq33mx3a+5/7PNesOU9YglAtEL0lJ
+mXtpzaO3tPO4gyODSU2eWdjBgbmndDugp/m/t51SdcR8fhiRkaLIERnybXt4S/FH
+7CdzrJjoLGmVZzigQa1de/6MIyumAXxJfxPmlqxomS+uDzGys+CGMVJf/hJnZJ4m
+QH1THJUNfJFyx2VvNqQqj6bllO79tcWwAIwizPr46qO7ZmwRAVs2HhQgEQn9uIti
+fR/NRcbd6E2c2L+TYxNYfZ9r
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: EC 05 DA CE C4 05 55 DA 18 AF ED 65 5B AD 27 AD F3 70 32 48 
+    friendlyName: requireExplicitPolicy2 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1130C927FC646156
+
+XqOtLmXfDRiiFtiBAzARvlaAekMHrJTlP+xc/AhfhYcnvfF4SC3fhVH0L7XKWojM
+NOxsPM02iSFHL6mB9uP4QuWjuSvlMnfXyN3REcvo4XyFEhsqwaiAfR3dGQP7f+cK
+vBKC7ZG2MxIB8oekMmW0j5nuthru1W1PeqMSiGY5OMx/FT8JA8GOZop0+PZM3IgH
+aUpScMbAocXHRRjXFyhGPWLQ9eQlOucaF+QRXS6ULRej38Jxfo97dxQiQPQ2ZjYQ
+NL1XMwA50fQOo6UTHFSNNcnP3tr70hyIUtzXCHiIyLPhUxp93v3dYYgUgZCgZgfk
+NcM8xdI3NPsACYstUa9Mezp6cfpsr6yYS/7Pwvo8F9Rf1yHiTRiMjQDfEQgNatl5
+xm2lSiiLaVdGRAv7Gwt4Ie2R5X50cUJfnNL4ILWgPCVEMQGMLp8FTiBEIgngMY32
++VOfCV0f+ObQTOQDyvVr7R4zk9PMg+N1I9d7JqGWjEJpghpelXstPWkDzwqADI/9
+V4UUQf5e6oBuVTxlANgHU5lRJzgNyr9lAc0FQrGFm+3bGMQKHUWXHUcx/BpYpLYB
+99YhlZz2nUyuHxOOikHJN/1FpPx7Gz1REAAtDItjjKqrrDKE7Q03srN3w14BuIFf
+uTv6uO7sGzNpUPNrTUt7OBaRFColXu1d4HPNG0Js14uB3zttiUumt1ENC8OHC8JL
+O6+shmmKQkzRTiIq0r3gf9GL+MyHAb+fMiphiZKBai/OyT14ACy6wUD2fsKciP5a
+mscAYUVBp8w1ZR4dSDfEkAhlQmHWGzD/KtN3ZrqqzOGmThkg/Spoou7PtaWhROI9
+mxk7R5JJ18LvDoTsttzmPQf62t3BPR05ZBb0YtSG50vvDVqPyg9vM+Z77CvjO2ux
+pC2QhAxWLrjuX3I5V52Pp83ZDi18XU7FDlmRYzNTyADrk2fXlD//IT3xhTyXnxKg
+UgP7JqJemHR1rc+aB27bmDq/NmpOX+J/C1WfSaxTS8OgN5RXSFGqoNyFLZLEFooJ
+Er99nQma8rAbVNfFQdoJ1XVJNlyZNczGpYeB8OqShNvu3xkSKW6LgaB335fSKeq1
+W83us0s43j37HrcwDgCgZgTvEoJb2l/Y8fp7lLFxDMbUIPSKTRCeshhzGq0abN59
+iPRtzZk3MmIC3gJoEhPwlstA3hsWCrkZ+lAgNCMONW5eWOpiRV9pWU813u+B10b7
+7XSwIdAwCa3jVcSm67KlaRvYT9DMfEMvA865+piw7S96yrcibfuBg9LhSAThvNkX
+TBpBwqLmNiPW1oxYDTGBpAcX7Vf6ddbF6MXAkQaxdls4LaU9C315MYCfg3eBG3P4
+poU4hO1ID1821jm5Br4f/rD8n7bhMDak87cicVj5aEaSpSQJl1Tgn1EUcxuyxLRA
+XArZCO/StfNYWfkfoFx5p8sJatVYJd7DepYfnxfscjzgvLPe+3+d4o6dHDgGjCoC
+aGGea+4EG5WTpFCTf1MyAtCIp0uJXuM82M2ngKoTzKI/GfpEHlvhIRRNGSZ2aD1q
+hrEb68K4WIUNAwirrSi4lD9VV58HRzWkRTiumlCOl/nObKnHKKxkGg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4CACert.pem
new file mode 100644
index 0000000000..205fccc01b
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 76 13 15 FE 85 60 E8 F3 40 70 45 EE 9F 1B D3 30 EE AE D0 B6 
+    friendlyName: requireExplicitPolicy4 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBLDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GXJlcXVpcmVFeHBsaWNpdFBvbGljeTQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDa+CVdJxQ/ByNBR6ZlsIM3/EsZlaS2iCQA2SxIP6w0Tc+v/+Ug
+BcDBblSufESFEfbhmqzWITxUx4mourvl8nTWSvcUBXZITg/+9RKUNUAVvzCEEY6L
+Yk1bCGInOwFe1QRA6q9bGfufN6mwbvwAYML1I6Cp9El/zpNWO5F3XTaIpJ6hWyXo
+/FZ09MLMHhrAZKi5diInbH6pm8PYPtbAxA1GqjFmFQkp/idJ11sz0yL3Owbt3NRC
+UwvYXdwGnpBkuXuDUEx6ImGT66AI9gSgVqXm1+hc78sElrlFR7JTNaaeulEAcIrO
+XaijURKvc95snwvOI6Fcm3rMPq++hBB/P8uvAgMBAAGjgY4wgYswHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFM3R3MzUMWMHLF02sQ+N
+nnW+S15jMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAEEMA0GCSqGSIb3DQEBCwUA
+A4IBAQAZdX7f0d/4NVR4jF1aslqeBmT4OLiV8GNLZjho/mBmhHqP97LU2aRMaAgs
+xwbdMyffJY5yEGe/x+LEOD/+j1Zf5FOqwKXO3AesQqcrOVf94oAxc9qkMnbU5T3Y
+S8DFSbvUqcPncCQ09UmdL+kcFg4t42WYige5MybEf6rI8bYaQuCn3R/Bj9QyKtvI
+UOKYgJZS3aIEnwnU46I6Fi6c48r0KsFswpq1XLs2g9qnGYAQ0QTy3bZRoJHGUEWm
+q3IlUK4FjgTfMWhicKyfm9HHc5mlM1TCLLAndyzhI7NSOS4SfRGUiSgrGydwkC9s
+4MNoiNImgrIYopZynkesWA5z8HPy
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 76 13 15 FE 85 60 E8 F3 40 70 45 EE 9F 1B D3 30 EE AE D0 B6 
+    friendlyName: requireExplicitPolicy4 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0C15598C80817A5F
+
+NpAhMhqmAOIWvRGz2mYGfKhdfOFuVqXgkySM4ZqcgB2OqmWm6JrWtZck4xAeATHj
+h2zxjtFKP4cMtNN/nVR3vFhZmNjUl0rvG3FJHgj7tl2RIKM8SlzLzu8zqO6/pViy
+n/qPBR4aLI0zJGfGy3JEvBhlFFFCE1tFnGBMJ88gEH2L/YxTwM2UVoYmhMpvDLb9
+c1NluB64jzipvAAQqiN+kIcMf8wizkHeomOCqRXnlcxnjvkg1121ShQrNaSYMLDv
+BRiXEJGu0PjuUO7F1zse3YDQQV4D72tcse3PCIyno/WEzbbtWzKvkfUSqSiv+Iu7
+ixeCjkP4zVa88k0dK8NwtqykyP19HYmX+e5hZpRT/reAv+1F49NcA8fhpCpfBje/
+7f+VyRdDKJBjy+OirubY0qUtrrelDLm+AAAsv8d1GUcmxKXOwb7Jua4UoS/L4Ke9
+LUTQpLm2NVrTSwmu3FGsJn8vI2fDtNXcecjXrPLzJzb1kZjkpCbOeYt9JkVCKDpS
+VKLexAd26B3PHVZZEOnxO+uSiUW+WbTx/RNSXB0AmUnMlMfCZeE+S6utLawi5eZ1
+uxMQ3T0cTuVajpX0d4bGbp68XaAJEd4Nf5vFyR1H8lLQX+Yu4KUKHG9EVxLFdOK9
+ivJQocoUDN2M2y9HkYe8hhEwHHYkNTw9/SfvCCaTQdhTt8gA3IhvtSsOQkdS4eYw
+dW3gqeIPIPlto+J61ytQCXRXc8AdUibQttBRLuHZ96T3sy8/6H+gCtAMvsRgnOgz
+Zs5XeryV/Ytvicpg8L4KwV4tQh6nqGdr+NlvgICU76I89Hb3O9T/cuSdxrclUEM2
+G1ZOIBENj/N1CKxy4VorUJk7VKz8NPimX+/8q+BIz+I7c+GQQGh5tXRXpSBp9TeZ
+erWCMMyiT7vEkhhD55UHqyM1ixHbGTgWJ4lW2X8Do7hhAkl6/HRF9/VnjGp4V4yP
+N/qHw5V6FvQuiXnfD6nj+QbdjcE2WiShELa97qlgcEC3X8d6OAkOhDxI3hKrg8EW
+s943TTEZ0nig82W0BQQZHyN8vm6JXT3wr3aiyyRAHHxsBftsVl3rnHK1lGPHr8du
+r95hDIKZVBSpCoYLXmESKhZLtSRo4c8LwHIPOS5rpqylCU2K1tODTAeZiu2bORr9
+430oyeaXepYO2KyMxopc4PUnGbJPFVagwzAIFw9myCKspEWqajgK5kzAwSwZnRGZ
+P4S+vTRuPdnDLFfjDI0hgcFrmRvY6eziE0gZSCTpVzxejkhTskxbJ5mj//v7zU5f
+pLPId7bF1MzG8PiKJD+24SWB3+fNxKXiydrFwg/tE9cGnz1zfnPl8vtuZrzs3icW
+q79e35TAMjCaO+ESabG6jO+ij3flbAL/8Sfe4WnwOSEGA1qaMWvxg/BZy/beq9tv
+XhMEPZ41Mf7YEQ05znBzmQbfAweahZvVDOgX2g2Fdaeh3XN67rUdbTY3my8IM9u5
+klEpRpIlezBI4hr+Dz9pbCAjdhge/2TlGwEFgDW6GhYsVuxIAxqW9Pa6tMyrDSMP
+Squ9KjE5fwCB3SWAZ3fT/aHBS5bRqSvmBxVRQ9R0jbwtze3arZQlXsti4uEI6QdC
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subCACert.pem
new file mode 100644
index 0000000000..c2b269e675
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 4E 1F 7B 4B BA AE 8B 49 80 2C 39 93 E1 8F 5B AF 2D 62 FF 72 
+    friendlyName: requireExplicitPolicy4 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 CA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NCBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSUwIwYDVQQDExxyZXF1aXJlRXhwbGljaXRQb2xpY3k0IHN1YkNBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjxAmVGJK/Tf1KXchcBFfOGvTNaC
+PIrRtPoMudTQVaWVULbVkDlQlNs7U0HIhB5ojybvUweKYpmqMExSMVei4/KJwiYO
+kvtLLlKL35LF0+lgv33qbmlhhE7GDg6XGc1edcu+Lfnn53F2/bpldSSwv040roH7
+82NN5xqk8hP2iyChsb9eKFJolXo1opl/J7123xcUEgOQ1DEDTe1EKRGpcwguMk9w
+OWz5X3fkZ7fd0WccqjaxX/e6mkNhTnnjHil7N/33FSOpO8gWeLBdy3hbidPWuBVj
+Z6zQ3R4M308V8my5PpPjhkLuPoU6hRgqPXEQZa5CZTXWCnEvAGYmJsV4ewIDAQAB
+o3wwejAfBgNVHSMEGDAWgBTN0dzM1DFjByxdNrEPjZ51vkteYzAdBgNVHQ4EFgQU
+fe8OlBe79qeX5tgiSENIrLPuuo0wDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
+AQBo1F5VotF+zBRk3lISLB+TwDbHkOnTeZP1CANWsThk/l5sx48F8cdhp4oqyzKc
+aP/SjDt8a46clnd+jHN+WpaQComRwFNZFjytb4HRciU2QgC9ic4+L/xMG95pOQk2
+ZAdzpa7SF5Nf8aR07Th3Z6gfSrMsN3KRurRTMWozjLaGXiOrrKEKARVf/AbytnKG
+SVjB06e95i4k4/ge9lGKGPH1VajbpyZ96ujzVk3AB/hAY6q93nlOiSNATWa1HV6m
+j29A6upj7f5E+SVd86Ms9TRT63Br/a6595avK+At2T57FaiuSHoPC+hMfq8hkLfQ
+a3itQvRuWRzIOtSe6ei7vY7Q
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 4E 1F 7B 4B BA AE 8B 49 80 2C 39 93 E1 8F 5B AF 2D 62 FF 72 
+    friendlyName: requireExplicitPolicy4 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,441A86E99DA66C24
+
+3DOENkQtTbWRVz0EvGti2L5itNsvLfjAHh0FVmh7w24U+QHFre1aIagAGa3ciN1+
+yUgTyvtYRZ9haynn+o2vPLLD2I67PNDHpdODhOEP6+PN6PhN8oCy64ENyr8wEukf
+vBKOFLWKoe/3Dg1aR0po1dtbCFTZ2QajMfac8D+VJdkpXNS/5SOlkDFHVe9HKXXt
+t51zqKrIUHEsaUtq9dPjlddSQ7KWoPQhhhiMeRmP4u3mxPOs/287nQawKtFRdOcd
+mH+CuPTEnaCMcEQU/xBXEt4jpVk8mpuA9o8xs3aq2K47EqRiQ1ZYNfqVkIkxcFDz
+1rhtSuHobTo3vjn+poduD/e0kKBv+SBvUxS8s3Kr12+5P1Ye+Z5FtODxERxQDml5
+e9/IbtX/YRWZLqBpWwx6VNrvumXOC0YMf8lnCPSOegh2R2mhLXlMMVcYIbZplB+Q
+581eClEcNEurPEXgsK8NVtgfRsIBOxvZsE7xBpvnFP3MkuLpuUaHIHAoKrrlXxJE
+Th5AbnI4Ql7+ElRmtk0UTWp7aeH2y+4c50g7Pd4E7eKMxjg68bW+02WWxo1I9kEc
+6ZXgZPmZqKe/2pTmiFTSbCLIa1xiOXvpo4/abNi3o5QegdJadQ1v+GBIZ/cn+cIV
+gDiLpvKn8WzMQ5qircV7ZxPs76fZ8ABP55iNLkKolczemKG9ZuTJ4/uPiNfis82J
+geMdvEUPSd9atxb3pLb3UgU3ugCr46v/7lS4qpHpDwe9NVQbiHSG7sEttvnsjbb6
+r6J54tb7IbbErin8nqwjBTGq0YH02iFBUGViobE7m/F2aFhaQe6DsNXC661lkuda
+G1EG4zOEbFICnyAIXC7fkRakWIO5pzEjI+ycEciCGb2WDWYX4amjJBuoM+0lEVRt
+hcc0zIigiUiKpqQvn98WtiolKqhsLzny3qx/+jMF20Hf9cDXwSDA6y+MNzq961C9
+ivBuLHTIYM7c+qZQRbH6FZfG4qmqu4/ezl1eEFmyJ2rRZYFKJaC/zWYOb0o7K4Mn
+EfzmUsgLgrZ1NRLDyvdEkVdUtoR2Gbc/tUN44M25c0EzkHwWZ7DelSYlgvOcG2vP
+p2mvmp4F9Pdj4q4pdylGrf0cMIKPSVzaenk5dOeAQvADN2zfs9lPW7ilGTe/Cj8g
+b6g/88A2KDl/M2N3Zyre/IYkd3n4KHNMto9vJa1DHMKd8Mm6QaQohuWrCGPe/tMr
+nNivL6F48dZeVspGfUS07005Gl9T6OEmcysYpOGvRPSNNWjz7t2jr1xmfmvaP5xo
+zX8Hu0n6QmJswj8Z9B4Ziu1k4CEhK9rzHT5b4pdYs2vatB9dwM6WeF9uLQkdrrHt
++sJ1YY4nZVLGrxgWkyayNrqRwX5m1WHSQnFIoEy0vcFHOU6O+awtgVGNGAy3G1dK
+7jJTAEGZL4wnTDD/TujFbBxQlR7wP/wG6fGzNLpioXlvuYtgNvYFJjZnk4Ra+zUT
+it5GeAEZFPq75wILOf4kPw5ZUyYDfpqGZwc02OIDm5l/Y6dY/XNmc3MW8fjvZBEk
+ydvxuIPdLSifOFrp2wptM2ylb+qAiWXTT/SJErwlQoH/ioEloZdG5erkes9gjWxf
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subsubCACert.pem
new file mode 100644
index 0000000000..2c73cf5845
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 12 49 30 42 4B 01 FF B3 CB E8 D7 13 77 9B 35 75 9B DD E4 63 
+    friendlyName: requireExplicitPolicy4 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 subCA
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMccmVxdWly
+ZUV4cGxpY2l0UG9saWN5NCBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSgwJgYDVQQDEx9yZXF1aXJlRXhwbGljaXRQb2xpY3k0IHN1YnN1YkNB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAym9lfJRPXHcjzvJ5Yn3L
+WJQBzdL3kReoVmfz0fUk92PgyUtnYRyQZhOA4M3yd2/gui4ZSN/OdmhrCCmIzxE7
+lqjxZk9wSZhdrNCC1dJRuZ8b/nu4Mu/zKUyj4OtbvsB2kxHLgDDVvD610+rqgpRX
+INlRP03qpClgCRku72wF/cuxMYqtW8Ev5KJB5SV6PTCMe3IWkHb0H9Lc3Ux/fVgG
+HW91o6bUrLbrqLkECrlz0l2pZ7DOuZgVQA2YRovfkajqmHJRzJpDa2dqgtXmIugL
+lMdyeLG+Tv2mefGxnCotgiJoFJRg0rcooSt8sWYDOvyaFTZY/EIh4QbT+5i3bg78
+JwIDAQABo3wwejAfBgNVHSMEGDAWgBR97w6UF7v2p5fm2CJIQ0iss+66jTAdBgNV
+HQ4EFgQUqerm056wCZev5/4eLhAyoRBnTIYwDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQCqlr/tZaeY+Dfdr/JgHFg18fXEloYEoGqI8wbh5Uft00CMiLHIzQGl
+sfDKHup2ZXSTC9IIbEHIw7ZVdztkvHEuuPBSny9GQv4KaB0adliyVaa3q8oYmqBJ
+lgBoNi9Jz236otqmfuIuB/hjogNOnJJMzn+HYYgGdIWKiJj4pJ8CSesb/yx17Vf7
+XgnyPxMeD9IZeoPfdGn/7tBM4Mp8TgnEFlaOujydYEj04+EjO9wQ5jompT+Z4xlJ
+X5/mFZ1qhkxNzG2i4+aaRW13RW52bOzn29mYVBQ0YA8KIsWPZKqbTFDG9jEmdHZN
+as/9IXJP7bOcwuGUljRq8n9O/M11poPx
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 12 49 30 42 4B 01 FF B3 CB E8 D7 13 77 9B 35 75 9B DD E4 63 
+    friendlyName: requireExplicitPolicy4 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,97027569E6B790BD
+
+Bq+FJaPlWoIvgpF9FW8QuzakNqq7a6RN4MNuGrH18o0kF4ZCx4kDaWnb9ipdwGYc
+R/nq6JpfJoOApizstVbizEax4XO0tAXiVtcLF5t0oCpXM0d36Z7RYuaCsl1am+MM
+eH/wvc052q6w3hembPUrjRXjSsXg2WLlObiand85Ej4VMro1es1Som5ZYpKNfmqB
+oBHcaLu/OsKu0bbQUdB1xCt8D3PyaMvkrYsHhyUvZwZY0xveQ2iu/QD43clI6xWI
+wXR1PnNswoEEyeyg8b0IewcWOwlwicTijJDvg4HWXaVrNQbkipu/H6BDiBvVYD/+
+9E7+vX4O8NDlw8KensBBPkcquIJSgKntiZW7BUaChCPi9EarHqXx0xV+6FTdzEVI
+35OGJLGPpQuXRqoldgBIG4aq9VckX9FX9qIJ31UibLxqqiNUrw5CPY5MrXalVF4n
+Yn2jpoi+OfIZhyuq23yAXF0br3d9nRsmEyo+8RdyravS8O13JIC+LlHSsRWfTYCi
+JKVWRJdpFtyiz79IpjYihZydMp10YWKH1HzqFsBXH6GZnK8LDtl/tdaHehrEZ73T
+1xiF3xgiMiobcHneavULTMqcCN3PJnVPyikVUO1esr7QSgM5DzwboX1ZlXTkEto/
+wE2XyeoUH2ASAouc/13v1q+7VzMYCvEGs5I/tZo6zH1YXh8nhpQzEBNpik0tnbub
+SGRmg4OVs/JyRXpXCW0ssklgGzn8iZOxxH8L/MO49q8i0ldtGN80i0UM1H5zgSTh
+nJmHCOf81gbZ+W9imu3fiDeNlIjp4XNRg87og/tR2ayOQv0C+j9GIcettK+oIjQC
+4BTRwLZ90+eqnpNUwMVilVqfmlXziqzeu5R0JUMG5bxg9SEjWA4nKa/7c5L9vXL/
+oSIWjc1xYR3TYT7hOg66RUYXsY1kM5jci0qoJc4doavOZlsxO9M25a1GcNuydqXd
+D7I3fxd6mqXvjhCrNFayMTjueTY0MP5ofqHEhqjBfjbE/jAyLj4u7zZGcK4o5BD0
+ML5VuEhnEQZeQBGH3HupNNj3RxXscVgPbqxpQ4o/c4NBRSpsZGFcKEwVREdvSeQM
+2MaEzuIkXOwv411Z1XlMoPetcvVxJS/JM2qqo85TVi4ysT9zKp/oj2mapZI+Ub/C
+B6l10Pjfg/eJExdqQiJoGK3imaim7hmQ0fLP7D9EM9e2pA1pltKTUBygltrOR4ju
+u5jHhwE3AINBfqeeKXCzyFWIH6j84a+51FhTVbHOe4KDoWZ0NdrcqNwHAQ5J1JvI
+ngDjBP16mVC5DsRBTJakywmAscfmWDvtiIXEzRv+ECB5MbX2fIaOhT9Is5HMkdM5
+NcurxeEmrENZaqfOGJRvsKu8UkAyATTA6TPUadlWgr/k37LffqBaUCfmAzlme+aE
+I4E5e50aWRzDdLY2de59aDTKVEGPh0IExSC8yIPVkkS39AwIzh4wrF7PNsBPvIh9
+W2RjUT0vjeKz3ZTMK6/zN7mVYbJbRUkE44qcxcxzqywnDfxybSxL93YFa25BXpPf
+/3IiBBCJOaRhK8IPodjWFqYvgDc+zGnIKdHN2ghJsXJa4iDpJt7vUA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subsubsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subsubsubCACert.pem
new file mode 100644
index 0000000000..c550e7b521
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy4subsubsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 60 B7 89 A6 42 4A 53 8A 9A 48 EB 64 61 75 5A E3 F8 A9 C3 C6 
+    friendlyName: requireExplicitPolicy4 subsubsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 subsubsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy4 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NCBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMFsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMSswKQYDVQQDEyJyZXF1aXJlRXhwbGljaXRQb2xpY3k0IHN1YnN1
+YnN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2QXTxL+owEKq
+PE3XYLeNLP6gbjf+741GuoCI9gb39kj0UpkLpXi1lrJ7gupEhUX7E9eo7HCCJ8ox
+xuxAa/SgsU3DMLy4pEo1H4PuuhItPyqBzJxmj2urreCjMmU1WI3HiAjIIW1wrj19
+Po50djXz6fMFhOZhohpg5EPK6XP8KqjEkKQS+bcXM49z/LtTQabfZTOYiwtZn7fc
+dUjyGtLSCM+jnYqRgFRLjlDJw5SnVDc6X32DdskN53VPZDwEZEZZ+48gFr7kbj2A
+TZ9Z32MGBt2iLEWCsxuZ5cntdFlECaCtgUiyibp5FpjJv+WyXsudJrDMP5ef0duP
+tLn2sVw0awIDAQABo3wwejAfBgNVHSMEGDAWgBSp6ubTnrAJl6/n/h4uEDKhEGdM
+hjAdBgNVHQ4EFgQUFLvRJvSegTyLDhLP2XsVsizcoyEwDgYDVR0PAQH/BAQDAgEG
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQB4TRzPo/4HW8xacmWqsKY1hsa0yI99p9BoMHCdomXGM1Cf
+6lU+wBWpRbwS2Vldrk6CqHpSUQ0iw1q/+WB4dc3qpTL46HzxhpahZ6t34fWUFB6g
+04fL2oaRc8MNj0+dYG9FXo3X9ViBPJAP1A9o2XbuvBGAFjIIIL6TUxp66wfKv3c3
+DxF6IThaOB0Xi/eHNGwKnyYAvdoJvx382YwOJP+0vADzr1a2kcCJdqh5fmYbyKUW
+a57SRGJU2eAmHcoZbF4d6ypMuT6J/wzDyJ+0bB6AAugoffI/bsTcBbQwLaYMXbPz
+Dhd0Xl7qLcwA8aVcrK2oBmacpLhjThEizNRm7y0s
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 60 B7 89 A6 42 4A 53 8A 9A 48 EB 64 61 75 5A E3 F8 A9 C3 C6 
+    friendlyName: requireExplicitPolicy4 subsubsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,315A515BD08456D9
+
+vRPKQr7EMWKvcFnl6KxRsQ3CX70buoRNpRxqnMmKucStq/cB0XJV3ECd81C5bIuR
+d80Pt0aL7b2vFzfRI9F2chU28l7Vazb0DGvdObiIII6RZ88oachBgu/bvoaxnp7a
+SBDf2uQyC/dTb31hDBwWDHTKcMVzUeBmfAwUvbV+pgrspcF5mCl3Lxo8QjkD7pcL
+h9GrQIizDmdfjzVlBG80lpBy4Km1K6F2CfrwnsLJRnthn2Eu0BlBrfnvgcp8FayU
+ThiLrGwh/dYiA1KQ+Z+YeuQdSx/Y6VbEFVENSBINfFKHkfshGvAMhHPo/9LqNOKX
+n8GNm4kexNoLW5H2g1zdUrJiROBWsja5Cn04Huxs4qlS5w+f1XD+GlyC5yxIEz7A
+H6WGhr2lh/dSXWFdf20FMzsPPCis7WXzf9H9gFnCmBuUC+WNOAQBNQgyuvJvqT5H
+ets4FchES3/L//5rXTJIdfZVKYukDzQ1HJmRfwXAML3gbiLZ1iWlFrbJ9BbTWen2
+ePhcsA/SAJd9V23lELjNNvGF+EFGX4ZOXutpCSnL1kQHu22qvuk3v4/gCMxsFhhU
+7rY1UnYMNarRIy+xFMGZFy1MLZVa0Hp4oTh52QWX1SJFeqO/nPafDxVgWRy03FNp
+3G4eu+zlNCR/TvasfjvN/OS/+Tj/d0DszkXU+Ts4Y4bG23s2tB16zFheuGc4NZFq
+u9V7h5xJjnsV6QG5Q6yFKIEFuQPTejtuA5S4R34Qb9AnWNwOnSW70+edcBtuu+um
+FT0Sd756TzcjNu9MducD9wH/85K66JvVtAlk1K4+lwgrLefh58W0P6wBxRCqZYgk
+y91a25Qbm0CNK75HD9Mzyobh/qKtI6G1ndalDkV/Ywt97NOpM11w1glTaDndxKzI
+2ztnDilVNuU3XNqvyQy5LR8i9MY9LXMvykrX/OBaBUMDcZgvl2IUoLInp72Q0UXj
+sEN7mYJUHo1oHtn23PTHyxkxvBeM6YXK2/MS+XwFtYMy/q9Aa1G7tnI+rzg0l2V9
+kSo0uYcY10ouVtJ/K4aXieXHBZAsIMvaWAJcUyPuiu4HOLlOGV5ts2T1TfLJtae6
+A6TRr88tz2NSNxY56gmGRFsA03Ohsur4c4oIULGAqlXVxdJOQ9bK5j1AsptBIgma
+QTEcEa8bU/92PFLrvJJR395QJUNWHPftJv5qRUNZKfAxFztnOeES2CIIg3XKaGFB
+6Xl5fblxAG1rxyempFXsMG2hqPLGLDDYdhQl9+VeMw/60rktW0xAq3Npj9RGLyF9
+PxWs+8u0KleoPwOJ2RHW1DH5L4pdctxJjWbgZbmKGs90IFVJgo3Uq21BG3wJrDG2
+174ao+cRB49X14E1EOvn8hP0g40issb5RtSGXQc72EMEGBHSoXEIv2Yr+F2kPNoa
+KY2aPjx+7IexAVrzzFxQf+kJdEact2M5WvAUJS+MOqFy7AMrh370R/nbXLvQPhi+
+qRpkrDrPsbumucq2KL3KgHJiCkN/aidtxXsHIzPA94R6PZtZBYYkJn6/tLPYJCT7
+WSy1Gi3yucjVQ6bU9VdomKOdpUsSkqmEwruZCXLxJnGgXDug9SYOktrKjsgh6xCX
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5CACert.pem
new file mode 100644
index 0000000000..d88c3d3458
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 72 C1 9A 00 CA 10 4A 11 5E BB 32 35 93 46 DC FD 06 0D 91 2D 
+    friendlyName: requireExplicitPolicy5 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBKzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GXJlcXVpcmVFeHBsaWNpdFBvbGljeTUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDX64Yh0H261J0Gvd60y3m9dHEszgHONN7g8YYFETXH88aiScj9
+G2p07n7WfwfAh0Mziuz0j0fibq4vSjAgGbxS9G3WY0+oxJAAIo4wfIAkP8BTG94A
+qU1vFvGtl+Njol97tA3gxaaryyxwzzGIucLSCpH1pJwrVSuvh9FxxfCi8FMJ2P1E
+cQHZoXTXuZQCzmY/uKODbDN2uDzokbG1eIitBuAx0936wxKzz6Yjd6IaVnR94AJR
+gyL+QDk5Qly1I5blX99HL9svBtNRmUgeNZxMjnLfuXBkIKnSqrj9yJnKisQR0ci7
+ZxDtbJ3FEXfuDo9vehdmevDyAmG/qWJ63MkFAgMBAAGjgY4wgYswHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFLuRg6uurt5c2ODykDxc
++p8u4TloMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAEFMA0GCSqGSIb3DQEBCwUA
+A4IBAQB4lgz3iN00AQ0XVL/Erti7xs7ENs/mzyiw3GLJgLVXpmVIgJe1hVSFNuEU
+QV5WpTfTn+pxLW2ydjkj/mkbgyoVGpAMZlGYGgN2WzE2vcDBJVOlayZK95245k9p
+ZZhdRhraZtaOS12+T3k+JVCxqGrKgLbVwl7Njs/WkXv01ApW0zzNi31sgnxHBNH4
+i/uB0OYmf47PwuUAv3DJQbVZhetCgbZ5xZ0cSCqh6IKjvAJw//A3/r01kurrYVdP
+aXRe6FAlZdZ+gWeWofmS1kL770TveBE34vKyFI6CIz2nC8gbEmisNmelNJz77/Tm
+v33K8gJxQbwn+0htOdqICEIfMz7p
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 72 C1 9A 00 CA 10 4A 11 5E BB 32 35 93 46 DC FD 06 0D 91 2D 
+    friendlyName: requireExplicitPolicy5 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0A16FBB865455B80
+
+3tq2f75lU9TDEotyu0EMMvOmSPwb3vh70ZmqjMsfbXTfVovU3Bdz6IvTy1prmfKj
+moQ1akOTCg/hhxXf6XN+4Ik7rG9KJrH+40AfbGBCE01MHHaDplbepCp/iWq8Lo/j
+PlsJgoEmS5x/WUfae20Rh89WCCk2MFK4q4rEkimwo3sywuqsVuW/OEsAr5S/XVFO
+bJs8sUoOR89jl69wp0ZS7gI7G0kzYGpgi7UDPG5yziAfZLM8+vya2QTXFBK0QXDB
+SmPSRI2xlPE6L612YfXAADFQ/FQQfyB5FySzyCTVv3tFv+YMPrH7pEB5ZJdVQSIk
+fZSf13f9kXA0Nr4iESTW6BzdSeF7QzjPHOGtE7tye5YfPgV429BlU2iJgGzjmD+O
+E7j3987Ds0IuIcMbyMxbKZuSIa9E85G6NRZvBmUzhG9JxXz417/bBA4ULSyHzXUh
+j+hIvpIM9hX5MT00kaUcYpy+3W9ENw38ydK+Qy1AxQFHwoPDnBOaGkt44F1PXEPE
+RVFZAqRxtP6NNP961lDy5CHSh5WzO/PtMIxVYqHL+/OqpqBbz84Y5gPET6XMRhPc
+h8tCiMv6aoWiO2sWxzHMLx7sLx6nnNTBHSSKfJGkIyfiCUZKAayz8q/OAgYKZnI9
+dnQjC/PkXsqspamFkjsXClSjGuntQbQ4UpnKS8bxBIJG2b0qwu2rTVlqvXNLbyZg
+5tcJDJHazc1IycFZPYNr0IttDfKxFgyHZhdEQS+l6svlOTrj44NXrJWl0RuavoaC
++Gs3uffcsbflwd9w9cxeHSuYBNhO2LLIk9cBf0DAlM5pUNqJysFy8tCGSjqSHwIo
+oPRjltHsOUy8sGPQl84SU/Rd26ANbpWHox/y+3ZuUpm620BVmuGbS4c+PT2F15K2
+xZr3POVB4Trt3zPYeY6NQRiXnqcYzzOj0Br1XWwb34P/O9toyAh8CM46pjE3Blaj
+UvGxINMRy2YjJ6X+1i2DOeKUZZWILk1MPVYli7u8WNzQV8CJYHxH1s+Zg/L10sAf
+y7fMQ4a9V1FRY1xLM7H3JwchrZivzI9IZIhcybG948BLSN45nBFH4SskK38KKW1j
+qj2r1feNLcI04OyhAU2OxGIPkooszQfKZyu20u+OJY7YaqMKwQ33BjkIjBMq7YL5
+1wA+pRjGqr3jEzVhWbCQdhnhk5YQkL2FAG0SGfMh2XzVHj0Nt9OKEI/a4Ufrq85D
+ssR4Q3VyRAvw/0bhnEsBLqeEieXB17EkuNB43g2kanjwRWDYA2dBu1YDeQ5svvJQ
+fpId9pzXY5Zg+5upmRW+uRwtLRIdHkjdHGJUYzyceligAiXPHk/lWykiV+/yf93c
+PecHKjBVdDuPJROaZmazkag5amv1PP6/0MYpmVdwfMfSuHieToY2/csEpkkN1qX9
+xVFtL+2VZw36GLugmCY2uah8SYS94E5BbeBOqRbMsrgyT1sA3fGLgH8kF9b/B3E+
+G8caclyITJV/1Bu7y7ZpM6Se0RpJjl2EMBvriUhz9XjrxVnUcYSVFz9w6GIeE+z6
+fil5fwP716grZagpEa6Aby2AniEoezd40crCPkcaaD3T+6XrgaOxahsZJ/BQoCM/
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subCACert.pem
new file mode 100644
index 0000000000..eadabaf0e4
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: A0 0E 9B 7F 7D 52 91 00 EA B2 0F CB 6A 42 50 0B 6B 0E 30 A0 
+    friendlyName: requireExplicitPolicy5 subCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 subCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 CA
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NSBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFUxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSUwIwYDVQQDExxyZXF1aXJlRXhwbGljaXRQb2xpY3k1IHN1YkNBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yRFiPxcDa4VcjEIMjPxx2RaYWn2
+HDOXqGxX6L5+pD8PLaXGLExhaTdwWNy+/yDaUUHij4pdFl/SQsmwtpEvfBD1vXis
+2MZIsIGy4DWYqni8J6H2M7ofoafKyS4J5xkBh/Z9eBH85BmlPfJBSVVrR4zjlDQ1
+B74tQTVWvznfpaZQomyr4Z4pzITkLANvEGvunIXckuIerkxjsjx0XzXt4W7h5aIt
+b9Ow3W5wDh3qRwWgPgA9JkUQR+F5ZAZaqeZESGe72rTPir748IOqRKaoZPPh3IpH
+IZLbh3hdAknoGNUg39s1EzAG6CR6S4rOFYqJIBmpnreR0AIm7XmziOwu7QIDAQAB
+o3wwejAfBgNVHSMEGDAWgBS7kYOrrq7eXNjg8pA8XPqfLuE5aDAdBgNVHQ4EFgQU
+N9O/3txQx6/IiuiSsMRIYfA6BAEwDgYDVR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4w
+DAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
+AQDGFqeMi0qNekHCj90wnNUgVkw3kwGyufgAbqV4VvFswdL8UwRZ+FAD32d4Hvqc
+UYvrjN5TeoL3zW8p7czvq2bB8gDVgxxGT41v+OXd0uT+T34kArsJbi1nxA8GiZ9n
+xU+XLWNp3up5wZB92F2I9J1W6psSxdPH4aBNrW/mgpckhimz5gWAOHIXiU2pB9R7
+JsnRJ0VxcAtCXRWqeHqgcpeDl5cA0ImOVupvLOiF4o7JJ/+KfAlMD11Wvp8dcebi
+S+1+mH9eod7daIN/fB39tMi+aTELILUvN8rmOz1COjN+lyVpZCbmSCo8wncNcT0B
+NEdgddMknERZ9SRajlmnbyTv
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: A0 0E 9B 7F 7D 52 91 00 EA B2 0F CB 6A 42 50 0B 6B 0E 30 A0 
+    friendlyName: requireExplicitPolicy5 subCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4386478E7A1A6DF0
+
+w8wdVsuYUFkdjd3NS19wckCjlmHS4FtkNbzN8g54ryAPmjtE65HMDb7bIWV97L2A
+iYlIUIAjKQBb1Bya6cqzOkNUNWtxzvWEjlzM0m4ErAW1rCLTZmqguuqk4Hf0N1yl
+veR8mqfHk9EN/LN+j+68N2oXz5E7kcdiylkwGKImbNaZCGLJPiK+SWK/akBkl7HA
+QblxnSpuxSJ2iAr8Y/nYfplPOJBGM7APYjh3aCD0YcNyO6t1F5BDHP1DXsKmdkRJ
+y7PpMMy+qYIk+4XosI/TSl1ikTuQvU1cnAfyQgrYiKAyFXO6M3e5dzBVuq/dz9MQ
+CDQCvHM70D8QB7GrUdj7XsHQwPGWUGN1kFpUyHmwlqAxArX/sOode1DJnX/qOFTt
+rltOQ7bAJIly2EvMGmiSie2Xhm0sBeatu+jyPZ+HfFRi6CwO4mkL5cjzXX2esfFU
+/LXmXNcCNxby4jpqlJRdhwN2dpLueqj4md1y7UM/pPTH7sXz3cKM5lDkVRpRuqm3
+zPN3ttgJ2R3hzjbASdzk2HECSmhTCbwjw4qUFEM2O6XOmVLvwtsHB7u3IFYQE6S7
+5F9K9tBiyU/J6FMncJERJOtfkT7fZa1LUUSJWUqAYGY8KONsWs7tE6LZ6CX6dxjq
+oXr/B64pMHnEPGhk/44bK5qDv1zi4r2vP3YOyV/owN3hEZNCUU9PRK21MIBXs1hb
++XynsWhRWUU8W1CF60fyWl4ZNvmJTocdKsPNOIM/KDUfzfFRFF9FgyPi9BsuxB1L
+2VRLcwhPVm9+SfDOarPgu4Uhfb7MdqH1cIitrUve4EHZHBZbQzwfuOhiMa8ADStU
+uaijfAVczRjp9ZOJIK295Rc191SzNifbaFsIrDIKG+z3B8JVmgM3jVZR4ypZXYe+
+znvMNSOTCDKvnHUztUXX6/ZSY3fBYQZrBhblQ8Y8wT15vFs/M7+Bqv1v5YNT+rit
+nd9wZvyx+6fIdAPd/ejpBNzdDLSuLRBs79CIpLxOtxUn2WBtN/FsQPIqLUNdYWJZ
+vNgJvpFJx1aMlEzV8OIjt8acWDSdcy/nAVGuLX9Pw3BP9wuyIfo6c0RcYMWKBI4h
+ANIrEFEg7FVhxzNJOuJWrJEM772gpPp+SOdvDMd5czWpyx9ENozb1KpRiL+9oqKf
+IoSOHEfGzcrpFSY/RhkqGgaNVVcurDtHjAJmxiYxOCqW9jj//54HlQKNkJBN1y/w
+1ZCBPPGF0jDagJduq/4QnCRPAfQwowPd5DrKLnNphyQAd76115WLQxjRyk0IA58+
+i+6Cg676+kuwAJNmafijoho0cx2Q8jq6H0jFKJHX8aijQp8htE84YwnJKPWGz9kz
+go2LOkRzQ4YtVBAGJPFbAm59PKMBAMoqPXcUVFX7fcYiuikUOzksMLSfA1OMQuad
+385aOMHWLRZYu0GhBoxffzJo5nXWiYJuK+FO47ArP25bC8bx2Qp6nhgCtc9hXHlB
+WOvJO4RdFzOivlHCs4jcsNpK9l10D3INCGTFVLFokV53S3QtEGqCrwBoEJwiE9zd
+8kvwplXC1h1zgGlqZ2bzu0/ttMaZjJrfI+AyWi50viVJIaTbHKkn1F7m4WF9fC2T
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subsubCACert.pem
new file mode 100644
index 0000000000..6446c7c306
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: F8 F5 E6 7A C7 14 1F EC 35 0F 9E 6D 11 C4 79 E0 67 E7 CB 2C 
+    friendlyName: requireExplicitPolicy5 subsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 subsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 subCA
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTElMCMGA1UEAxMccmVxdWly
+ZUV4cGxpY2l0UG9saWN5NSBzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEw
+ODMwMDBaMFgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRl
+cyAyMDExMSgwJgYDVQQDEx9yZXF1aXJlRXhwbGljaXRQb2xpY3k1IHN1YnN1YkNB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5osj0pPsQd7VtPH2r3xk
+y+cCCrZpVCpWv79iVHsYL+FvNRoJcoAp4YRn5TVxL0tcaQ9GVUEG+mh8JPyr222D
+PGnPiPKTNYyurrIouh70B1C6uCdQ5tYQiE9HS7WEvu9mPti4qVWcIurhfKHsvYAu
+qzY+4UNrno9Qz9kjr4tYr+RXxHcby2TLXlvEKzgG79XmtvDW70tfiQhkQBEHSw04
+j+dnUlhPRBtyYrXoAkDETKYK+CIso8/0PyDlZNqu8fJib6P1UVlCnsQ556r7cY4L
+bjU4T49L36Y24wb6/5gKFBQxhvt9gsGUtNM6IUPtSh8MbiRXgHXmZFf/1niMiVXW
+VQIDAQABo3wwejAfBgNVHSMEGDAWgBQ307/e3FDHr8iK6JKwxEhh8DoEATAdBgNV
+HQ4EFgQU+IIvef+0fggC21uvMp3kNWG1bBswDgYDVR0PAQH/BAQDAgEGMBcGA1Ud
+IAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQA3toFMuFLrY/uxv2tTf2qtmCp5JJPfPdZYDmGVMEYlRJqX4IUSq4Ua
+/YxDTGvdP74edOEmxgi4cDDY6Y1l0lgPT5qZ4J/uXhuVAull3UPnZYe+TIFf+VEA
+ZKoC3JOf8A8+gFE+/0Fso7eLvI7C3YlL8BIQjWkfVylfXcf6wTk136XlMv9tKt23
+lrVqqs3WHBu7jBHYw6+hUF8iv+1DRbLD3zVmrr3MJb2+Cm32DFvxujt6vAVuo0wP
+bYUV3vF0QIGBgGbUmB4inAgmHYSiUmYzvkg7g8MF2pAthk20eK9lvLPo7PS468l2
+kguCoyCmqySucoSul6rNQ/qiDhOu9ucf
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: F8 F5 E6 7A C7 14 1F EC 35 0F 9E 6D 11 C4 79 E0 67 E7 CB 2C 
+    friendlyName: requireExplicitPolicy5 subsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C03C65F9F917F617
+
+BhZR+T0kYvoZX7Vc6PetT5t9L+RQuJhBBIBR8DNT1nLfR9kO8QewffwyLukoUaPP
+PQzf2BS+V9k0NHHDq8j68uLg7S89+hgwULvRsmAFIgjWAHDwheF7chbbjY/BQzjW
+S1SH9zcJ9TnvlCrfROFxGuRCuiVsr6WIVQ27r6U0egm9FcIh1pR2NEtVG0vFahch
+UIAgNW/0hS2Jp0XfTtGrmduQCPGlVtp13XcR6mM1MVl3j2nczRtjnR7xZFwnEO4J
+J1QvXcyL15Y+MmUuUSLTylWMH8oijZvf0iN6mlhYcG2LiKt1c3PMHziaRlwQuyhM
+lj+iT7ujeGfDgsslklCKRjlWtC5a+5Wb5FM0NAeg7gCzC8eUUwULv9N75IzNJ5CU
+fc9tQ0aZh0BI0BeqPiCm6llxAgtPzEPSunx5atvPm3zG+2V71ic3MdGSKExutPqn
+jLzTdchCXff5lVcq/GeV8P8z3d0YUHQwZk4bpPkJlalHf+85TV0Ta/pdBNPng4b6
+MmLVdhVz2I3nurmt3Ogq7r36fqDoZxA9F3eacCePu52xtcQEizK322HJ9H/gP9zM
+qr25/idjWnrMJ+UP+BI44/AsXa9ohQ6Uv2+nenfsn2Eqyneb3nEHe67AED8dj/Lr
+lKdjV2Tz26Goe6aGuJueybGzSy6v1nt03vpHQmnQituCcZOQHiKYXDu5xfTQA29S
++G5BFjRCtlK/YWUredYe2rJRA3xPMAoFYZHB2VF+8rkDA9VyFCJ5yJVPaqtD/5gl
+Dk0OQ9dUEkuNQcs0PlmMc9ioB5jGjedgmfKxOt82RVhrui2qR888hrilpG+hTqBF
+YwcUqXBAmuJF8uOHTSYq5OUOGJwXpjjnpKDAHNFzC+MROTqqMb2azY4Nbgts3b1p
+xaXEIhBkZGlxwJBPrgQA0LBTDUL15s4bVBchwzvLxCQzoGlRrrR1AoV1VjLV95XO
+L8ADI9pShQuMbLj8LlK8X9edhgqzz41GgICXFodOlhbRs7kO6uHgPRwfIE8jEtgW
+B0sxXp0jUwgou8X3OOUcRw1T1oIbYemPLPRYR2lEE5OF0k8Auep3HUVOKcXBj1Sg
+AC9kUhoAtToU8l+MyrLGTVvC3sZzLUGJXl34PJ4SeKdddZGu3TmoOwZxk3u4jAT4
+dmz/bR/airM8W/zt2pkfBvRuA9Gfmi6+FzvatKSF8TlpxfuH3lcq9fLMZnJwvhMv
+kYFP25oWIZYQ9zcCUtjXKVdNRmc99cG4y6htXthVZayLfqDEg7I2MeS9s+JLIYtt
+uzzQRerb2O8sGcYPJxpprNLlU/WGH6ia0qhycB7vop62OyL/DhGiX4nA58bTyS5V
+GSzMAN1AUapVZVG0Ew2nhUlV45kN8iINKJl3o0PE7bcdBw3uyiOei0E6PLesu9ps
+G/bzx+5by8J+RppS2ZmEGFhBQNi2Ck41Rgf4W0dOdQMCy3m5euiq5v54XLaE4r0M
++vR3WSrMEgqo+8kTa8Jp8V+cru5s6meMc5v0M7OXG5iFy7aGgsomUlgUqeic3M8s
+0OLyeR7Q/NKfDrR8fOfd9t40SjPGbZIYjikT22gVa7WRXJsXqzICB2gX8b5qvx/+
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subsubsubCACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subsubsubCACert.pem
new file mode 100644
index 0000000000..fb8f1310a8
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy5subsubsubCACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 61 DC 13 73 F6 5F 7B DB 78 16 A5 9C 55 36 83 A9 75 58 01 C9 
+    friendlyName: requireExplicitPolicy5 subsubsubCA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 subsubsubCA
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy5 subsubCA
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NSBzdWJzdWJDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMFsxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMSswKQYDVQQDEyJyZXF1aXJlRXhwbGljaXRQb2xpY3k1IHN1YnN1
+YnN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTf1ewQJZhIh
+4PmJ+VD3TwcCt2e4mPpSH4n3WMFIhLPk4cLQr67l4TjzZChg5ok1rhb8RrOXjf6L
+bL21MMx9nppk2WFfysWeYCz0qvuYH0UAUi2xze716rwNDotvndDSV9bykKjGOws4
+PTDvwBNKdIcPwqFxPdbqtGOSVNxOMwvQ0HIjIekLxizD549oZnT0SX7YX7aeagCb
+DJQ2U8MPbUltLSdyu/efhftZcE9PwhG9ubvu1Vo8J9kJkzN1BxXW7Ea9OLvYl9Ce
+157zMYPTgetX3HBUUyrKmhoymSOoSeq9rRBZaORbO2Xhaf8txOk6yQuBatNMfdNv
+R9umR8B+MwIDAQABo3wwejAfBgNVHSMEGDAWgBT4gi95/7R+CALbW68yneQ1YbVs
+GzAdBgNVHQ4EFgQU+mK6vX5eX98fuge+H3k3gtz8EygwDgYDVR0PAQH/BAQDAgEG
+MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQCPwnR8ERgKeZGYVBAdVSA3u8LTaxB1TTGBFNoTM2IzFMI5
+xxmGkXSBnQUPLiGNAOSYuiz4TqzSZYkQvOYQVCowClplOKfi7jZfIBsU+EJOaX6u
+ofcsrBmdY3hkA3MohlkWTwJY6J9O4OloQqBKwdFDTGnbeCk+ec8NVpBR2He9Nn97
+XT3XrmDvRJUYH4Fi5mM27HIIo434Ncjm27KkEy8t4Ks+SXSMHBOtS4BgKivdgSBM
+TWJbYv8vHbWBnQhFGbz6WD9yenm5ho4ejZFcIYGq9fJugU7j1NNo1CB7KIfCZW/E
+Xog1n/lLdDgziJj3sYx6l2zR95MtzcdRRKlnyE3j
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 61 DC 13 73 F6 5F 7B DB 78 16 A5 9C 55 36 83 A9 75 58 01 C9 
+    friendlyName: requireExplicitPolicy5 subsubsubCA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DA968D2A17EE20BF
+
+D0KUSvUxhPDCKA4G4wCv6FeOhZkwjMrxzYFpszxFEAlst7NmouwjIN3OPfHmt0IV
+G9e8/urZwBffHkHTVT/VYDur2dGoq5UF0/qbAcBq62p0RsSkyIOcGBf9TZfO6aRR
+VtVYdt1wyBTxLOLoqZxH2oP6KilW2dI8+Ca1DCQRJ1taeISCyvwIOG3eKf+DvNmp
+c5/jc+gq/lVQxGBLoeJrttJ6mydwmjOeMzG2f6OOpTwWladjkZaIdoFFnOGPk4Ms
+jyWtDa5GFhIOAqBqtg38Uy719NEZKDDuJXC1IXFwPBRg7+gXY27GLgAdqgw5yunG
+Jsl/zPYkxUFECVaQ/ZbHbw1DzVTMUqRuwPrFMeSu4/ejHefLNbNdH56e4coovolw
+vE/92QRYa3VDILfNpLYMFeLW2LwmM5AtUNAfnc0MJetpbtWaqDR8gkZ6RXQMLUlg
+t9js5ByTtYnjVK4jEdYWDTKlZEfK3wzhet5jSxJ0vpN4N4xoQtedeEyUvLTf9WX3
+O7p55GM4hlt+9istCVR8b1MGrEYD/89y8cG0Vw7+RYet3THk4yukiffkmL0ymsWp
+EAnXiDtJf4dCVUe9j0DL7Vr3blk4oefrkgaEb0V3TiptJQDKtZqOGwOtEozcxMkX
+x8ep5Sx7xBVCOSqX0bo+5J8MbSib1UmMC9d4ifi/BN4PuJSQ548nSPzlXQDaxKl/
+QoJakS0ZrVyzz9YNQ+LCorAx7V9JqqjhDDYIAZF66lGB1AYy5gMTGmpw/hM2Bzsy
+DUt61k30JTnWS4KeWCES+w/BawXVlk/1EK0D7iWVjnqd9NZBtdjKrHLxm8o84QFK
+Z2xkJ6o8hunJ5JaF8wuSmacCb4757W92vt0Qoo9ShTYAIAq3Oj1LCF4zNl0lQOzl
+yCX+3uv7B/VU66S7HAd9JgyiGXBgNCyFVCP3TerpOZjX1ErhkYlE46NAWzhTyYed
+E99Oka4lN5yJuq7uTiZR2dh18HkseQMmj1mnXYEIQSrDmKDmJI3Yfim3XFmj6sZC
+3i754W+LJLkBEqUSxLtRix/FWR+N5/MkQtTl7VP/Q6tPOj1MYhpV6I/v7glwKQjh
+hbkVPA+BdkVbiDWO856JPXmOAyXns2ZYbhZD3JPGrXP0+dLB59Qz4fYr7aO6cHm/
+jJOFOMkccee18HVyvJp2JUy9ji/VneV3Co40mjAfQcrFfb/4nBgKhaX8igZCpFtj
+q61bpizO560T8++zdAwUY6jdvdF6XT+t7dLHF4NB37RsfwfBxTSNQucJDrcysYxD
+svZn54Bhm0ictsuKMvXNj3hzfUWDlhI7kN/bInbeml3Q+wEwvcUvLjA8bWsS8W7G
+rmBnqj37zelEDUPf3ir3U321nOfNxNoyGTvuRbIlstno7kARlq42hnOaSVHOpynX
+/u1cxQhj8aChKf67nF2dVORVjNduTq+wy+dpT3nEp+CFtOrHpRKm6s41g6Fgkg0d
+9Ssanah1cxfEB3u1eUGQ1/fOiv7EJYTHNP84ukKlbHGMC9MU5hjD14zfrl2cs1Lz
+4E6CUePJvHXC2AF6aqfereUuzPyNFZG7crpMZqvv8QEL+817TPHCCg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7CACert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7CACert.pem
new file mode 100644
index 0000000000..fbc3e78c67
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7CACert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: E3 D0 9E DA 0A 42 63 D5 D0 EE D9 43 E9 1B 60 4B F0 4C B4 C4 
+    friendlyName: requireExplicitPolicy7 CA Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 CA
+issuer=/C=US/O=Test Certificates 2011/CN=Trust Anchor
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgIBLjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
+QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowUjELMAkGA1UE
+BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAgBgNVBAMT
+GXJlcXVpcmVFeHBsaWNpdFBvbGljeTcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCpVKpHFxYwg5kq0aETF4qFIYC1k132i1tnGPJFaE8s4vgtocrS
+wVS8gZ+IUAcAobfNjTFJqLkg+Dir5O+DrUmbd6+DIrw0EJL/O57bC94jTI01Cl6w
+O1sVnY9ni5yFDZGQiE9iMBaJQ3UBrGMSu3pT4lgV0FzEet70qnE2T8irAWid+7+W
+9cK/RatZKF7F/QjgfYO1giZs0S0bFt+j4jK7ZQPbYbnLR93hZziy0di4qnr9U2vs
+ekYlvwNcsjL7H1SqtCo6bwxL7jXn0GTpZz2O5Pv7J5xe69nW+9uULcCmYgASUJ2u
+exqWd2b15Eb/6qnnoPYPojIwmyuCjG6hVhj3AgMBAAGjgY4wgYswHwYDVR0jBBgw
+FoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFGwxlwE1IN7bNeUKaVhZ
+iGTMIc5KMA4GA1UdDwEB/wQEAwIBBjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
+DwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQBAf8EBTADgAEHMA0GCSqGSIb3DQEBCwUA
+A4IBAQB0FCmLk1xVqT7ECIhn+PfIXXQ312OWKRKqZurBCs8fMa8zq67GVBFi2HEo
++TwXaN0u3G5q3esDk+20ontt7cxaTx416Lnd1i+6+daK3ieIbvsX2yE/f6zxmRwg
+J4B5UTFm9yrhJHHn8JSyNKNFe33fFHWcUM0MuRfRNK5O7tawg6HlILr/hbPvO0Ls
+FbbJZyAzCHBqL0x9GS7pyFNJub3Y6BjYMLIvUNKbSaciw/rYLWEuV1uVyD3mC++4
+a2MeiCdQfFDki/xaHElme7qkiQeEDaUXCjCQ5m2Bhl3SMo5g/8SVDs1l/012UfsH
+uT4wf2kqJcmh8a5OSvuczLgsCqFm
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E3 D0 9E DA 0A 42 63 D5 D0 EE D9 43 E9 1B 60 4B F0 4C B4 C4 
+    friendlyName: requireExplicitPolicy7 CA Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8DCB8DA039F9C4A8
+
+5gssmzUJAH5iKUaEWRw5pmlzaGZcN8Y3QLoTNDmiylmnRI5djN+PTc7R4vULMK0u
+9apffAlkJYqJPaAHeBcn6KkhJs/GYzT8GKn6tvMIKdLoC44Rs5YLz97wy6QGwnqK
+ws9rg6m9qvOHi2VQjVD9c+fox/9loZBaNBXF81XyvPeQ/rghSNrQTM7OXEeL1bto
+7EKBeX9CR7Q5X/DGq3+JGLpX4sFXdZBuIko7jli8eXGfl3nms1P9O62Wm/1bW28y
+f8Ku4MHm4a5yQg+foK3lKiuYQOCleyGu/0KC8f7h00jv7vGKRQKD2/vtBMbCCDmR
+tXKU6dE29q9gZxCsw/EUOJWDk4wsn3UOV9OMBwTa0zd7JtDDiLUyMyo05u8rSzHL
+FdVQr2URgCHZpoWdLx6Fiyw9OY5LKyuGunlC5PJBuzHKzCTgBTArfvpckoJRx5Ly
+fXhpL5I3wiURk6han4kiezf0oih9quxwK1hxy3jESuH8dpOXzzrH0uMbnn/BL7Rp
+hqgbuyFYluRHcLcaz0q3pzrkp/FFzDUXhqx8om7pny85U/U7JFU+kYAWWKb0LA+z
+or60GZ7YRl/P5cxkC4x18w9ltpbmweggKZmtc9oqTz9DvtTPjDhHvNYubdqJ8uZt
+NBqxLPciXzBZDfaw0zFCzZgShbqPQfTtUHSZ7ab6v/V5eFCzajGqQ9YE1MsMGZQX
+fIOt2XtllXuBkbMhwtYDNIo2quKpD63rhlXcmH+XBuMJdCa965lYaB4BxCFmpTmu
+tfF4RK/PCuuJYZIuZ0/gxH3PMQAF6agDdsT7r6eXb4IXgTJlVzb93Lt2/hR65ivg
+aliJOsyMkMZb2lbgGuGp/kZFMSdE1dpzeIDG3LiJjZ3GdFfCZA1rQ4HmppCQg/UK
+Z5j00OjagCElQnmVf3h4NDO5ipacVGBr1F0V4qegVbd76fi2i7vtCrMbK+bvrE9a
+FvzJMN7Gts+pWpHv395nk4lZYu0Uok09B6P0xe7ep777T9ckJCzg8KCkDPNCkgBZ
+1+WEVg9eKaPsM4tzWJ6h3cZOpuIMOqznyp/TzthKI3RqLmacEQiEr3PeAWRHemck
+0S6TvoT046ePKDdcmb5EEc4FrDsGG99+LquEzKZtumhxhB2mUHANl9YIf6iuqWpC
+eb5JJKJIz29cz1pPc3hpZ0XjQJsraqewbli0z7M4WOnDBktvGDz3x74qs+n5nOpq
+CQ1I/T6OQ6wj1h+31C4bUQfIuWH3oYQELGGNjLT4nZ5RXL4Ym2LSsSoKclYYatl8
+9wGTJFRxcotR9RK4yDfYfEwLECYgapPIrvX6NfZb0D2e78lV4/kyBi9xn93Qvr8v
+gOpEDiZOiA3legMirlfGVaVCtDu1jZ/bwPXjV89r4akjjV01IL2ysqDpHW1WvKph
+beOg2R+2OlsNas9+9b1nKWrcsvwHFsmuvD93C6BAjIc8Tn/St4DVLd4O1fRZ5b4x
+NiE96G2cJUm1lRwIQjNENV1U9BoxZji1sPDlyKKykuhkoL/c73M8bhl66foyNkWB
+TLrtUA+9pCsRt+8hpx5DtNCKWege6jzV10Iimbi53UmptUBuauqJWg==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subCARE2Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subCARE2Cert.pem
new file mode 100644
index 0000000000..5e563a8c22
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subCARE2Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 88 72 F0 52 A1 91 20 D4 08 52 B6 2D 98 EF F0 34 51 2B 4C 33 
+    friendlyName: requireExplicitPolicy7 subCARE2 Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 subCARE2
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 CA
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApygAwIBAgIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEiMCAGA1UEAxMZcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NyBDQTAeFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMw
+MDBaMFgxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAy
+MDExMSgwJgYDVQQDEx9yZXF1aXJlRXhwbGljaXRQb2xpY3k3IHN1YkNBUkUyMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNCCh87bZLO+YSdMLvfXHSR9
+pno7RfOAsEKaiPo2ievBaYHZUI1eXBOi10V3Klm+WZ7kGRKXr3ZjCxBJ0eAbUav9
+htXPdQprkjHS6+PfehpUiZvoe8JM1SaEIk6ZJ6hZbWQ9fL7xsCy7M2t1mPnFuN2i
+23TbHRIOmkxCD9NJgDqejNCN9O3lqjr+na978Irf3ZrSK9GZ9LnopXBcg70DcTMg
+TcuCHfPuvRyciClvMAFUaUvMH8POVFa6yDriD/ArHXfc4FLTFaLMN57lah8ft0uN
++Ec1tvqnSg7mDcHN8jdyj8Tu3sjh23QHCyvlKJUjk2FwLzmaDvhn8KIS9pPVBwID
+AQABo4GOMIGLMB8GA1UdIwQYMBaAFGwxlwE1IN7bNeUKaVhZiGTMIc5KMB0GA1Ud
+DgQWBBTnXCWOfqpMd4N7w+pp1seiNOE0WTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0g
+BBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0kAQH/BAUw
+A4ABAjANBgkqhkiG9w0BAQsFAAOCAQEAohBJ68sra6KMs8u+uyx1e8HRXv4rsIM9
+vc4H+OfqE3OxVBT/xX9QFx3QtBAKr6x0BKRZAxQwYi4bCZilSUDbuE/WF/fv21k4
+fVF4R2W9uvo8pKwizRr5/cPEq/N7tWtv1YhilcD1ET/k2RoEIUtgsOres7iQ1DLo
+O1t3u69jgi0UCEymRrzr/JPW9nLSkNYvr+M3noFfsYxeNb81l2Ma89tOdZ4dixNc
+tsYCgQ7DP6IEDdCpUxY9iEjnZHYGW84jIvGNQ+ASlx9R3WNuQm8QThxbdkAJhDLG
+PhoYnJE7zsZXFhvQGh8KWxPCN5F04yl6mEAGE09OU9fv3qOqzLlgQg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 88 72 F0 52 A1 91 20 D4 08 52 B6 2D 98 EF F0 34 51 2B 4C 33 
+    friendlyName: requireExplicitPolicy7 subCARE2 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F19325DAABEC41E8
+
+92uaRXF4JM9Xmi4dnmlD1QuJMcjLvnIm8xAtEko1OhxzgQ6VL0gwSSr/iMPXBlai
+4+TQdxxeFdIuuqpQMLbgn5VRUDwdN6SzkOHUniprKg+y6w5y0bRewWt/X3uUGIOa
++snj54weqp4mBHG1xAA+2+gtMUvflPwdeY65oDDk1meMYQosY1hM5P9CdgAI59RC
+Hgnc7DuC9PLmaYRQiRTx9BczFmNGXgXfMS5p0rRHD6S/U1S+T1IgRZ6nTo7rt1b4
+JqJefEGntINg4nAClAkf1HtBRVU0diZeJr7DbPfqesLtjSDJRBujd8E07W7DQkZ3
+ZcYOqcchArUpvW6zZsu4hdQbe/jdn8GqIZsdhVL2/Gx0q7VJvtkE6yzlq0/LqBj3
+bJ/0zqG4Kplbkt2p6Sc+QrzjtLU+qOtC0fvSPJF4L2Vjoxw0MNPR9Xa+BgC9T7oY
+2VH8NYnAKpUe5Jqnr1tGi+9IxXs5kBKIi2IdOzfAgiG9BwdMi/PMkk2ciyvGqxaZ
+w1lrGyKWI1hHUWPz6dnEUIoJdTyykqAgVtiMzy6bn0lUID0Y/bOySjz1D5sTBUd4
+sW/MHiu6rX108EDv2Aeu+vOGWWzIehu6t0CWLu35C2AsXnCF+Eswyz18hL7PGo55
+NmO60l8GcWW/ToKyPqaD9O5sOt8KO6yPnOWC3JMFzac44xfAHOD5YXJaW57y0QsT
+59wGEsSnYUEROmRgTGPHfjVpqiQTS6BWcaI8a0SRZedGl4sSLv9np9iTP7KeC6hc
+hhNnnZj2RHK2miYbn0RX6ent/F1k32F5Fqk4vVIBeECaiesh5O+K965H5ai0eGzg
+E5kj3j7J7vi+42eJeib8eKMtvrwl/FUeH6H6g9rTWfeuCHoj1s8khxDGHKBeek53
+cTS+uKdeE1MagCJMYWINu3DKGDHBqqjKZUW9SdqmpXag+xUlG5Jr/Ka1mQJZw6Zq
+Al6tczN3uKzEtEd+yKCAvdxco+kwzcM6mlfIgmidlb0Yzm9kYPhNGCYjr7+daeUm
+fzkBmTsVOsRUqBiZf6NCI944cFsXw04r6i3zXVmv8qtYLaWN3kc3FvjxPne3AGeO
+E2fHK8HFHBvtaChebJ1SoW2gIlxY7goRJdLz9Cq2LoYt/eMNZhlCv7ma/vG1/Ri6
+WdLo/rO8Sw45b2yblskNzVJM9Qkk1IYhPLa4rT+l/DYDpxteAiU9SaruXRdNT6An
+/xipbwF75qscet72Z3c0QA0wGZC7kEz8zCVqtVHSlj9LTyZPWcEIjbQ2ExYYffIo
+jrkBXk3w8ip4aX6iPti5RTIk0CdTQLxbizL/UWtqv58LzChwh5Ee5jPh4CUkkRGm
+feWL6E1dOTpSAbG/tcPczfDg/TQWpsvPi58IwXHIYhTeEDOmuhJBTwtZTfxcRYDg
+AfYH0lAdtF+pYITwueyZyGKFYUQs6qocX9tLcLl+LL4XvJcXibYjytCE1lqJewCT
+f2IfCzfv3h6QxwDKLs/vgjT1tceU6S1Awu6gS7agHekhU44yfF4+LUT8uVE9nFp4
+VUnVMnoe2x/Ps0skruwXaBusvPkZCUQDmzIJFV3NlnxVZ8vHbFkWeQ==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subsubCARE2RE4Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subsubCARE2RE4Cert.pem
new file mode 100644
index 0000000000..107aa9cf80
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subsubCARE2RE4Cert.pem
@@ -0,0 +1,62 @@
+Bag Attributes
+    localKeyID: E2 B0 02 FB 6C B9 1C 13 89 78 2F 51 A9 ED 16 BE A4 B3 6A 0E 
+    friendlyName: requireExplicitPolicy7 subsubCARE2RE4 Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 subsubCARE2RE4
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 subCARE2
+-----BEGIN CERTIFICATE-----
+MIIDwDCCAqigAwIBAgIBATANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEoMCYGA1UEAxMfcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NyBzdWJDQVJFMjAeFw0xMDAxMDEwODMwMDBaFw0zMDEy
+MzEwODMwMDBaMF4xCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmlj
+YXRlcyAyMDExMS4wLAYDVQQDEyVyZXF1aXJlRXhwbGljaXRQb2xpY3k3IHN1YnN1
+YkNBUkUyUkU0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKLzquG1
+Wxpg7dOJrrPXsuwroWJcJ9q4XcofFyo8PWBu3Yt4H4H8rEtQATDnOcorYd93IcJx
+ycuxyZwa+PQEGZOBZYAtxyicombbYGR70wJ1Njxsa1oHKe7wFGd6YdMB1xbFjNqx
+w1umyI4zvGR8WpfA0sEUilIF/sZCcErVTk7fDNi/KT3BLyyDmQ8sHFhQqxL9i9FA
+tHLHaZ4zyH0HgXGgUEqblgw+wsWWRQVP5AW12UaALGLn4ZijThUihW5H4Khx7pcv
+Xq8oZsLjbWa8wR1NNfeZxyd5qAyEYKf69/53vKjDlcDCaZSuM+Av3r1x56+VpuTo
+37CuXylUcS/vewIDAQABo4GOMIGLMB8GA1UdIwQYMBaAFOdcJY5+qkx3g3vD6mnW
+x6I04TRZMB0GA1UdDgQWBBRu/40Ii2b+m6V7+2QzZeoDlUiUmDAOBgNVHQ8BAf8E
+BAMCAQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8w
+DwYDVR0kAQH/BAUwA4ABBDANBgkqhkiG9w0BAQsFAAOCAQEABhL0Q/1K3/hsd6Od
+6TGkaumY47BYBh86RHtxAoGKXecsotYO1kdJXLQsQOkEpLp/g5Tj0WL2YqX5tgS1
+r8fkcfAL1+Mm7vq6UEBd0S/wLZndMJ/Xjvzpal/o6iujqIEkWZZa70hYRcN+Q/OQ
+azhPsDKAm4I48xaRKOorCVq0PAjBwRia8MucOcoymmiQW8/wQWS3fMRj1gh3DERE
+Y/6TLeib5pyH1KYXE7W7dA76K9SzX7TlDOFd3xybch1UxTrz2I9cqbjQdDjJMEYU
+W8tFdCcIk1/dr2faOuWvKkOw+AQRKciVrPTRcb/GKKlnNhc+YRx3KBBs6D2kjM/O
+hsObrg==
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: E2 B0 02 FB 6C B9 1C 13 89 78 2F 51 A9 ED 16 BE A4 B3 6A 0E 
+    friendlyName: requireExplicitPolicy7 subsubCARE2RE4 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7F1D317ACFCCFD84
+
+ys8urfxzgQMfQRVnSzGp7480kJ6DI5PMZTdtIKUnX7l6KG2KUmRfvoAfSI1sMA49
+bPqMSxaS9OrC2BTRsVGsi8oQxbnFm32v9IeaTNQCYQ4ntMoMV/xbGYhIEH4H3Hg4
+9Krnc0upc0ktHWMyaRct6RGzvn3hwXdkb+yaw6mB7hHy5/6uMNgs65ZWhiXY+gHR
+UAQjYv6tgvjwHXR0TlzOWM30Veh5Zz2BY4xBT+wFxFBCSfy+6tZLOa0dnxkPhbMS
+QYFfUq7JemrCQiDpMsNRrTBJFsUb4YN7JVPtvPhi/mHFHiA1g6kEnsvaTRoHkuoQ
+9TQeVyUVuK1JU0aHO2Wur2KatczZOqcSfDQQz57/i4OHNGEfZGqGEZ6YXZlrQSEd
+iMGP+vKPBOgJiYZQH6CItZ2ziFtJYNjAZJszaa+1asNWZCQJrBWdZ5ZQ9Gm9gnV6
+22tSZfqkRKFXCsknjWl6NOywldf4cRwq+zqr4EeVlj4eNm3NoIJvjpCKHGYYJ8mi
+HJl49utHBBrZtSWAFYjV4Xfl6/kCH1Nkl87ijBwHFiqNdJYxj9y2Q5edJBJ5U6dZ
+K2zBdZY0vF5OJeWo451ztXVi4JmX9/LlDiekY/28XlQd1gIANweYYrDciIeODFdJ
+yASNxZD6yOSIegmQ3c8xJxzHKivG9VPJCYSsKGhAxZcwHR2fw/UnDZA5lkRfLyDA
+iMurrYmZhvcpBpZS8fHVqGFzSV7RTnf/bU6M2Z+9Nv65tSwwyTJ/P2QP3hrYKqje
+w6qSLeqoZvExnHvaLIvGLii/Sq46euX8bcVFi4d8KDv8iKzKGIl/uPp0ktgjWLuR
+zdGpEn6PcNeoUOqTpiepyYd3sIZSn4GKDSccJ/xNUlpEjim9+5Lg8dHdCadDAzGJ
+QrCzXFlWg+rNWe4kdM3P4SA1OjF3+kISDcSRRZjTBaNQm6p/pcxKnueMiGegpfAH
+8JGGkT8MVodWO6I/fh18QgtJO+aVfPFFWLz8i6PHsqO+9sZUhSur8wrWtN2xbyC4
+cUWn6RUkhtg0U8Ys5fyxnOUpSFuBxkOU3F5HWzE1kaId8E/6ry4V6oaOMdQLmduM
+Ms5XIZ8r4/jQH+vN+4BTIkSQqR01tPTQm7pWv6t1c4hMWLP68GOVywFqtuSFXJKj
+i7AFnk91X72fSa5qxp7ZsgvuDIXeOxnw+QviC8/5Ha3r2GQhAjew3+6VEa4yZqmM
+yHu+qleFKw/6pARSNBl9+QZusN9R+cTZgYr9Bg5F4dEhlsfAoyVlzq3Ev/euGNOW
+XdI1vwv6Bi4ocH5+3i//kOUXjxke2WpA3Z/svjvWfIJwkEFoF8cxK3iKmuqXawyG
+MgM86gwVX1YohPVda2vAzAe54W4hpypDhDCkjdjLjXSJvhX/ysEiW1hjSK6ZJ6+o
+HAKkCTrF1R336WbmUvwYw7bglaYP7qyw3F8m9l2kQJYmr8TFYZOmN8NyKbofu+AN
+Xl4tVZbN5uLSDaFWQzTpzWv+QCxGAscGMCRH1TpcS+BI8OLX1pj425CFVD80tX3D
+zMSkgX+FyT/weVFd0KGvPYflZJBzayq9RvCrOj5cMYkNoKUNnlP5TA==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subsubsubCARE2RE4Cert.pem b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subsubsubCARE2RE4Cert.pem
new file mode 100644
index 0000000000..3066bd2314
--- /dev/null
+++ b/lib/public_key/test/pkits_SUITE_data/pkits/smime-pem/requireExplicitPolicy7subsubsubCARE2RE4Cert.pem
@@ -0,0 +1,61 @@
+Bag Attributes
+    localKeyID: 76 13 A6 B2 AF 61 63 68 21 A1 77 C6 7D D8 5F 8A ED C7 E4 2E 
+    friendlyName: requireExplicitPolicy7 subsubsubCARE2RE4 Cert
+subject=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 subsubsubCARE2RE4
+issuer=/C=US/O=Test Certificates 2011/CN=requireExplicitPolicy7 subsubCARE2RE4
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJVUzEf
+MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEuMCwGA1UEAxMlcmVxdWly
+ZUV4cGxpY2l0UG9saWN5NyBzdWJzdWJDQVJFMlJFNDAeFw0xMDAxMDEwODMwMDBa
+Fw0zMDEyMzEwODMwMDBaMGExCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENl
+cnRpZmljYXRlcyAyMDExMTEwLwYDVQQDEyhyZXF1aXJlRXhwbGljaXRQb2xpY3k3
+IHN1YnN1YnN1YkNBUkUyUkU0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAu6hakMgtlNCA+rCJWAL8vGJ9le47WEg+7fAOpHBMAZvLGYiufTGL9z082H6l
+XMYJZl9vt/04HghPEbFeWfF/S8ahz6A7kpuSB/i4trfzkyCYqi+5YDozDw3+JzVS
+C9h77p59euEO4LVxlJwxLeDIXh2idbYmMs6hBqyktdRv4qZbqgtAyascshbclgs7
+5YJWYtkDp59/MWooX/Af8VNTnCUGrgCtk7dagQd1eGilyo0NpM6XDQ6eYdkqQJhI
+zyvGo5SWSAmkIrX0fRoyocwD3ibn+OUN5pVDZplzYA/PPL4kq0BBFt8C8RddSZIs
+1YM+hnhSdB8mRfs/Yl/xWpIwhwIDAQABo3wwejAfBgNVHSMEGDAWgBRu/40Ii2b+
+m6V7+2QzZeoDlUiUmDAdBgNVHQ4EFgQUeyxRYTEVrawsa6m+OzsYGpKqf0QwDgYD
+VR0PAQH/BAQDAgEGMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAPBgNVHRMBAf8E
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCcmQxvc23zsZ5WsaG6itcxVmsRDeKF
+WjkeTATCwuac7OTFciIJ2ts2sMDnT5yupQFxNn03VhBejR+caA2RlIKkV31tQDu+
+34kvGxD6fLcjAf9tfUbzjfEyZEPAfrlSiXVDLVPa0BFw/mO3gjCNNlLs8/RoFhsZ
+alMVnfklprdGkaGldVuqDDHPbiX2xy2WE4XoWKSqD/PXBifml/K8Ktfz6FezN8fH
+DIz0zc7JXnu8mI3TeWFSvcK+lIBVfmm3sarVDGVR83/RY+ev2kPP2PzKL2vJpBqD
+cRKPCxQiGmMw7IaDw8o/mGzapGd+W+zIgL0G/cvtbIKayoe7fwk9iHOm
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 76 13 A6 B2 AF 61 63 68 21 A1 77 C6 7D D8 5F 8A ED C7 E4 2E 
+    friendlyName: requireExplicitPolicy7 subsubsubCARE2RE4 Cert
+Key Attributes: <No Attributes>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1735F91368816CAC
+
+0mzm+tlczyDGO8QkYpl3YWMMMLYz4/Om3I+rNNgb4u4g/M67gew0RaNd6+jIXQ+d
+MFRV3Vd2pRjH8IsHXIO0Y9pS2A2cBqOEPOlNX/vAk4HO+bHIHbx757gznY1S8op1
+hmMx9RE+5yAOra1naPr2vrH+/b25qRFYvgClGbD2xSct9+N3nltNLvMxkS/mh0Mj
+nxb23GRGXuD2tldzeJ2ufqPj0OqJzjpqzx+LJikLwsjHDTzZ9TTX5x071eIWr9TO
+HNC4Rj72OaLoYSsODONoTzX++lB+RFiqccyzl4sFlh2a6v4LDV1FCpGLoYzm+OxH
+zUu0z3B6nOSXoVWSIpHKrTE7f/ffeVPfjQRy6SNb9KRh6OXqjundOJAY9RQ850LN
+u2LcJQzyxvAkkhTPQUcRHqib+xwoxZSc2PZGpdBG6+UmXCjHcTpYS1FzHM5WnN2W
+JrMsOworZjAAvyopPIdv9ByM2AS9oMSTglv6jcujXkUpeDFnfs9Knt0ATMXaHhpi
+EXKP4b6I7JeSdTGk9suH60FUY2y13DjZFFT16tcQ7SIHilh8pQMxLrSToOGCfsAa
+R/dlyj3gQYMgf8qyvGSdpchiGdAuNtg6akhoFKnXmzEupoq5kY0ZKLZwulofDLfx
+IwQVwDz5RXBhDJUmr/TLZrhyLUIkC7E1ZoCocQDlmojrw2Q0mfOCJkenxja8YA3I
+IVvnakET52T8oXwDl94bhLN85/1Dtvj9CJkIrUKF37Eyidy3/SoCsL+ufI6e7Fnk
+jeaupw4oTsYlr1CtHUVAHRnfncc9BIducVqG1QomACmschc1Ivkd+8Ok61lIxXRt
+/7xiPV3+HeUKSZs7R4kDrRWa6LiLfXfXC9Vf/FxBzPVMnPOd9e1L634SZ8OcHIbS
+Q7JAaX+jXBs1+Rf1n0LKTYKVFKsWgAtkB0dug7mpEz7lqqKQi4LYEr9KMXZIbSif
+NEtdDs3eXUtZjLLnMQgioEqWCZLE5YHkZD1KJj9XQ6g6XRHWYVMpZWy3/480YTsH
+Vaw7UPJ3s0yCF7OUVxgjOdBQr4J90G+WOncTEPXknQDjS9/5FYYE5kOpeIpOsm05
+D73aLiHei+MWDO2WWOU9w1jzwusPEDU+wL3E9nmz1zS3io0esp3daVW8G1sBQiCm
+F7aodgrb6EWIzmWOEPP42pWsJoZtogNbjo2u41H2mCfoeVpRj6YOvc1OiG/gVS9B
+1GmJmZGkGh/y7Hos0bSab+ZZNx16NDEHE5j3JI8ziFzo1zBELHPMYEZK8tRTFS3z
+gHWm8s5ib94xykonXG6jDU1fRLi8ZZHPpLg7yfiFHs9yBLlecfCnh9f9mmEKRpgj
+PHFnWdbZZZfRZC+TSQDIDhCvjbBj+jB3We3nLluSjEUmWrAJN/sGRcJ6+rK55ErA
+jMq4ApfYmx6z6Gw8vONatiwDqZE7BKxlR5k69BazG+aB54vugMusggdAeBO2het1
+orUaD36pfIf3jCXgzn9ycVuQaTq4KECZStGqhfOhj1DB33/1Tnmf9ZX3m0mwx3VW
+79QavvERR/m4iHiudSeJgP7IDZCO2VLtPQH6aKDfyaIfmWYkE9bp6g==
+-----END RSA PRIVATE KEY-----
diff --git a/lib/reltool/doc/src/notes.xml b/lib/reltool/doc/src/notes.xml
index 5304b996a4..cf2cf7f7bc 100644
--- a/lib/reltool/doc/src/notes.xml
+++ b/lib/reltool/doc/src/notes.xml
@@ -37,7 +37,23 @@
     thus constitutes one section in this document. The title of each
     section is the version number of Reltool.</p>
 
-  <section><title>Reltool 0.5.7</title>
+  <section><title>Reltool 0.5.7.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Added recommendation about <c>RootDir</c> parameter to
+	    <c>reltool:eval_target_spec/3</c>.</p>
+          <p>
+	    Own Id: OTP-9742</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>Reltool 0.5.7</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/reltool/doc/src/reltool.xml b/lib/reltool/doc/src/reltool.xml
index 31e15e34e7..60e886e8f5 100644
--- a/lib/reltool/doc/src/reltool.xml
+++ b/lib/reltool/doc/src/reltool.xml
@@ -558,7 +558,17 @@ target_spec()       = [target_spec()]
       <c>true</c> there is no need to install the target system with
       <c>reltool:install/2</c> before it can be started. In that case
       the file tree containing the target system can be moved without
-      re-installation.</p></desc>
+      re-installation.</p>
+
+      <p>In most cases, the <c>RootDir</c> parameter should be set to
+      the same as the <c>root_dir</c> configuration parameter used in
+      the call to <c>reltool:get_target_spec/1</c>
+      (or <c>code:root_dir()</c> if the configuration parameter is not
+      set). In some cases it might be useful to evaluate the same
+      target specification towards different root directories. This
+      should, however, be used with great care as it requires
+      equivalent file structures under all roots.</p>
+      </desc>
     </func>
 
     <func>
@@ -640,7 +650,7 @@ target_spec()       = [target_spec()]
     </func>
 
     <func>
-      <name>get_target_spec(Server) -> {ok, targetSpec} | {error, Reason}</name>
+      <name>get_target_spec(Server) -> {ok, TargetSpec} | {error, Reason}</name>
       <fsummary>Return a specification of the target system</fsummary>
       <type>
         <v>Server     = server()</v>
diff --git a/lib/reltool/vsn.mk b/lib/reltool/vsn.mk
index 751f9bb6db..3869284ee7 100644
--- a/lib/reltool/vsn.mk
+++ b/lib/reltool/vsn.mk
@@ -1 +1 @@
-RELTOOL_VSN = 0.5.7
+RELTOOL_VSN = 0.5.7.1
diff --git a/lib/runtime_tools/c_src/Makefile.in b/lib/runtime_tools/c_src/Makefile.in
index 73ab6cdc11..3d9a7ed69d 100644
--- a/lib/runtime_tools/c_src/Makefile.in
+++ b/lib/runtime_tools/c_src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1999-2010. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/runtime_tools/c_src/trace_file_drv.c b/lib/runtime_tools/c_src/trace_file_drv.c
index 668f6f4af3..08bace80ef 100644
--- a/lib/runtime_tools/c_src/trace_file_drv.c
+++ b/lib/runtime_tools/c_src/trace_file_drv.c
@@ -21,6 +21,9 @@
  * Purpose: Send trace messages to a file.
  */
 
+#ifdef __WIN32__
+#include <windows.h>
+#endif
 #ifdef HAVE_CONFIG_H
 #  include "config.h"
 #endif
@@ -31,7 +34,6 @@
 #ifdef __WIN32__
 #  include <io.h>
 #  define write _write
-#  define open _open
 #  define close _close
 #  define unlink _unlink
 #else
@@ -40,11 +42,6 @@
 #include <errno.h>
 #include <sys/types.h>
 #include <fcntl.h>
-#ifdef VXWORKS
-#  include "reclaim.h"
-#endif
-
-
 
 /*
  * Deduce MAXPATHLEN, which is the one to use in this file, 
@@ -176,11 +173,13 @@ static TraceFileData *first_data;
 */
 static ErlDrvData trace_file_start(ErlDrvPort port, char *buff);
 static void trace_file_stop(ErlDrvData handle);
-static void trace_file_output(ErlDrvData handle, char *buff, int bufflen);
+static void trace_file_output(ErlDrvData handle, char *buff,
+			      ErlDrvSizeT bufflen);
 static void trace_file_finish(void);
-static int trace_file_control(ErlDrvData handle, unsigned int command, 
-			      char* buff, int count, 
-			      char** res, int res_size);
+static ErlDrvSSizeT trace_file_control(ErlDrvData handle,
+				      unsigned int command, 
+				      char* buff, ErlDrvSizeT count, 
+				      char** res, ErlDrvSizeT res_size);
 static void trace_file_timeout(ErlDrvData handle);
 
 /*
@@ -194,6 +193,12 @@ static int my_flush(TraceFileData *data);
 static void put_be(unsigned n, unsigned char *s);
 static void close_unlink_port(TraceFileData *data); 
 static int wrap_file(TraceFileData *data);
+#ifdef __WIN32__
+static int win_open(char *path, int flags, int mask);
+#define open win_open
+#else
+ErlDrvEntry *driver_init(void);
+#endif
 
 /*
 ** The driver struct
@@ -212,7 +217,18 @@ ErlDrvEntry trace_file_driver_entry = {
     NULL,                  /* void * that is not used (BC) */
     trace_file_control,    /* F_PTR control, port_control callback */
     trace_file_timeout,    /* F_PTR timeout, driver_set_timer callback */
-    NULL                   /* F_PTR outputv, reserved */
+    NULL,                  /* F_PTR outputv, reserved */
+    NULL, /* ready_async */
+    NULL, /* flush */
+    NULL, /* call */
+    NULL, /* event */
+    ERL_DRV_EXTENDED_MARKER,
+    ERL_DRV_EXTENDED_MAJOR_VERSION,
+    ERL_DRV_EXTENDED_MINOR_VERSION,
+    0,
+    NULL,
+    NULL,
+    NULL,
 };
 
 /*
@@ -241,6 +257,7 @@ static ErlDrvData trace_file_start(ErlDrvPort port, char *buff)
     int n, w;
     static const char name[] = "trace_file_drv";
 
+
 #ifdef HARDDEBUG
     fprintf(stderr,"hello (%s)\r\n", buff);
 #endif
@@ -347,17 +364,18 @@ static void trace_file_stop(ErlDrvData handle)
 /*
 ** Data sent from erlang to port.
 */
-static void trace_file_output(ErlDrvData handle, char *buff, int bufflen)
+static void trace_file_output(ErlDrvData handle, char *buff,
+			      ErlDrvSizeT bufflen)
 {
     int heavy = 0;
     TraceFileData *data = (TraceFileData *) handle;
     unsigned char b[5] = "";
     put_be((unsigned) bufflen, b + 1);
-    switch (my_write(data, b, sizeof(b))) {
+    switch (my_write(data, (unsigned char *) b, sizeof(b))) {
     case 1:
 	heavy = !0;
     case 0:
-	switch (my_write(data, buff, bufflen)) {
+	switch (my_write(data, (unsigned char *) buff, bufflen)) {
 	case 1:
 	    heavy = !0;
 	case 0:
@@ -391,9 +409,10 @@ static void trace_file_output(ErlDrvData handle, char *buff, int bufflen)
 /*
 ** Control message from erlang, we handle $f, which is flush.
 */
-static int trace_file_control(ErlDrvData handle, unsigned int command, 
-			      char* buff, int count, 
-			      char** res, int res_size)
+static ErlDrvSSizeT trace_file_control(ErlDrvData handle,
+				       unsigned int command, 
+				       char* buff, ErlDrvSizeT count, 
+				       char** res, ErlDrvSizeT res_size)
 {
     if (command == 'f') {
 	TraceFileData *data = (TraceFileData *) handle;
@@ -636,3 +655,40 @@ static int wrap_file(TraceFileData *data) {
     return 0;
 }
 
+#ifdef __WIN32__
+static int win_open(char *path, int flags, int mask)
+{
+  DWORD access = 0;
+  DWORD creation = 0;
+  HANDLE fd;
+  int ret;
+  if (flags & O_WRONLY) {
+    access =  GENERIC_WRITE;
+  } else if (flags & O_RDONLY) {
+    access = GENERIC_READ;
+  } else {
+    access = (GENERIC_READ | GENERIC_WRITE);
+  } 
+  
+  if (flags & O_CREAT) {
+    creation |= CREATE_ALWAYS;
+  }  else {
+     creation |= OPEN_ALWAYS;
+  }
+
+  fd = CreateFileA(path, access,  
+		   FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 
+		   NULL, creation, FILE_ATTRIBUTE_NORMAL, NULL);
+  if (fd == INVALID_HANDLE_VALUE) {
+    
+    return -1;
+  }
+  
+  if ((ret = _open_osfhandle((intptr_t)fd, (flags & O_RDONLY) ? O_RDONLY : 0))
+      < 0) {
+    CloseHandle(fd);
+  }
+
+  return ret;
+}
+#endif
diff --git a/lib/runtime_tools/c_src/trace_ip_drv.c b/lib/runtime_tools/c_src/trace_ip_drv.c
index d2ed1a294b..7ae6c1b329 100644
--- a/lib/runtime_tools/c_src/trace_ip_drv.c
+++ b/lib/runtime_tools/c_src/trace_ip_drv.c
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  * 
- * Copyright Ericsson AB 1999-2009. All Rights Reserved.
+ * Copyright Ericsson AB 1999-2011. All Rights Reserved.
  * 
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -185,7 +185,8 @@ static TraceIpData *first_data;
 */
 static ErlDrvData trace_ip_start(ErlDrvPort port, char *buff);
 static void trace_ip_stop(ErlDrvData handle);
-static void trace_ip_output(ErlDrvData handle, char *buff, int bufflen);
+static void trace_ip_output(ErlDrvData handle, char *buff,
+			    ErlDrvSizeT bufflen);
 #ifdef __WIN32__
 static void trace_ip_event(ErlDrvData handle, ErlDrvEvent event);
 #endif
@@ -193,9 +194,10 @@ static void trace_ip_ready_input(ErlDrvData handle, ErlDrvEvent fd);
 static void trace_ip_ready_output(ErlDrvData handle, ErlDrvEvent fd);
 static void trace_ip_finish(void); /* No arguments, despite what might be stated
 				     in any documentation */
-static int trace_ip_control(ErlDrvData handle, unsigned int command, 
-			    char* buff, int count, 
-			    char** res, int res_size);
+static ErlDrvSSizeT trace_ip_control(ErlDrvData handle,
+				     unsigned int command, 
+				     char* buff, ErlDrvSizeT count, 
+				     char** res, ErlDrvSizeT res_size);
 
 /*
 ** Internal routines
@@ -210,11 +212,11 @@ static TraceIpData *lookup_data_by_port(int portno);
 static int set_nonblocking(SOCKET sock);
 static TraceIpMessage *make_buffer(int datasiz, unsigned char op, 
 				   unsigned number);
-static void enque_message(TraceIpData *data, unsigned char *buff, int bufflen,
+static void enque_message(TraceIpData *data, char *buff, int bufflen,
 			  int byteswritten);
 static void clean_que(TraceIpData *data);
 static void close_client(TraceIpData *data);
-static int trywrite(TraceIpData *data, unsigned char *buff, int bufflen);
+static int trywrite(TraceIpData *data, char *buff, int bufflen);
 static SOCKET my_accept(SOCKET sock);
 static void close_unlink_port(TraceIpData *data);
 enum MySelectOp { SELECT_ON, SELECT_OFF, SELECT_CLOSE };
@@ -382,7 +384,7 @@ static void trace_ip_stop(ErlDrvData handle)
 /*
 ** Data sent from erlang to port.
 */
-static void trace_ip_output(ErlDrvData handle, char *buff, int bufflen)
+static void trace_ip_output(ErlDrvData handle, char *buff, ErlDrvSizeT bufflen)
 {
     TraceIpData *data = (TraceIpData *) handle;
     if (data->flags & FLAG_LISTEN_PORT) {
@@ -516,7 +518,7 @@ static void trace_ip_ready_output(ErlDrvData handle, ErlDrvEvent fd)
     tim = data->que[data->questart];
     towrite = tim->siz - tim->written;
     while((res = write_until_done(data->fd, 
-				  tim->bin + tim->written, towrite)) 
+				  (char *)tim->bin + tim->written, towrite))
 	  == towrite) {
 	driver_free(tim);
 	data->que[data->questart] = NULL;
@@ -548,9 +550,10 @@ static void trace_ip_ready_output(ErlDrvData handle, ErlDrvEvent fd)
 /*
 ** Control message from erlang, we handle $p, which is get_listen_port.
 */
-static int trace_ip_control(ErlDrvData handle, unsigned int command, 
-			      char* buff, int count, 
-			      char** res, int res_size)
+static ErlDrvSSizeT trace_ip_control(ErlDrvData handle,
+				     unsigned int command, 
+				     char* buff, ErlDrvSizeT count, 
+				     char** res, ErlDrvSizeT res_size)
 {
     register void *void_ptr; /* Soft type cast */
 
@@ -558,7 +561,7 @@ static int trace_ip_control(ErlDrvData handle, unsigned int command,
 	TraceIpData *data = (TraceIpData *) handle;
 	ErlDrvBinary *b = my_alloc_binary(3);
 	b->orig_bytes[0] = '\0'; /* OK */
-	put_be16(data->listen_portno, &(b->orig_bytes[1]));
+	put_be16(data->listen_portno, (unsigned char *)&(b->orig_bytes[1]));
 	*res = void_ptr = b;
 	return 0;
     } 
@@ -693,7 +696,7 @@ static TraceIpMessage *make_buffer(int datasiz, unsigned char op,
 ** Add message to que, discarding in a politically correct way...
 ** The FLAG_DROP_OLDEST is currently ingored...
 */
-static void enque_message(TraceIpData *data, unsigned char *buff, int bufflen,
+static void enque_message(TraceIpData *data, char *buff, int bufflen,
 			  int byteswritten)
 {
     int diff = data->questop - data->questart;
@@ -760,13 +763,13 @@ static void close_client(TraceIpData *data)
 ** Try to write a message from erlang directly (only called when que is empty 
 ** and client is connected)
 */
-static int trywrite(TraceIpData *data, unsigned char *buff, int bufflen)
+static int trywrite(TraceIpData *data, char *buff, int bufflen)
 {
-    unsigned char op[5];
+    char op[5];
     int res;
 
     op[0] = OP_BINARY;
-    put_be32(bufflen, op + 1);
+    put_be32(bufflen, (unsigned char *)op + 1);
 
     if ((res = write_until_done(data->fd, op, 5)) < 0) {
 	close_client(data);
@@ -790,7 +793,11 @@ static int trywrite(TraceIpData *data, unsigned char *buff, int bufflen)
 static SOCKET my_accept(SOCKET sock)
 {
     struct sockaddr_in sin;
-    int sin_size = sizeof(sin);
+#ifdef HAVE_SOCKLEN_T
+    socklen_t sin_size = sizeof(sin);
+#else
+    int sin_size = (int) sizeof(sin);
+#endif
 
     return accept(sock, (struct sockaddr *) &sin, &sin_size);
 }
diff --git a/lib/runtime_tools/doc/src/notes.xml b/lib/runtime_tools/doc/src/notes.xml
index 0bb76e1ea4..ccf11bf0fe 100644
--- a/lib/runtime_tools/doc/src/notes.xml
+++ b/lib/runtime_tools/doc/src/notes.xml
@@ -31,6 +31,56 @@
   <p>This document describes the changes made to the Runtime_Tools
     application.</p>
 
+<section><title>Runtime_Tools 1.8.7</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Earlier dbg:stop only did erlang:trace_delivered and did
+	    not flush the trace file driver. Therefore there could
+	    still be trace messages that were delivered to the driver
+	    (guaranteed by erlang:trace_delivered) but not yet
+	    written to the file when dbg:stop returned. Flushing is
+	    now added on each node before the dbg process terminates.</p>
+          <p>
+	    Own Id: OTP-9651</p>
+        </item>
+        <item>
+          <p>
+	    File handles created by the trace_file_drv driver was
+	    inherited to child processes. This is now corrected.</p>
+          <p>
+	    Own Id: OTP-9658</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+          <p>
+	    Two new built-in trace pattern aliases have been added:
+	    caller_trace (c) and caller_exception_trace (cx). See the
+	    dbg:ltp/0 documentation for more info.</p>
+          <p>
+	    Own Id: OTP-9458</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Runtime_Tools 1.8.6</title>
 
     <section><title>Improvements and New Features</title>
diff --git a/lib/runtime_tools/src/Makefile b/lib/runtime_tools/src/Makefile
index 46b570210a..946409b262 100644
--- a/lib/runtime_tools/src/Makefile
+++ b/lib/runtime_tools/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1999-2009. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/runtime_tools/src/erts_alloc_config.erl b/lib/runtime_tools/src/erts_alloc_config.erl
index 1a57c94443..284e88d4a7 100644
--- a/lib/runtime_tools/src/erts_alloc_config.erl
+++ b/lib/runtime_tools/src/erts_alloc_config.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -472,7 +472,7 @@ au_conf_alloc(#conf{format_to = FTO} = Conf,
 	_ ->
 	    fc(FTO, "~p instances used.",
 	       [Insts]),
-	    format(FTO, " +M~ct ~p~n", [alloc_char(A), Insts])
+	    format(FTO, " +M~ct true~n", [alloc_char(A)])
     end,	    
     mmbcs(Conf, Alc),
     smbcs_lmbcs_mmmbc(Conf, Alc),
diff --git a/lib/runtime_tools/src/inviso_rt_lib.erl b/lib/runtime_tools/src/inviso_rt_lib.erl
index ee6a72ae0c..5dfe14068a 100644
--- a/lib/runtime_tools/src/inviso_rt_lib.erl
+++ b/lib/runtime_tools/src/inviso_rt_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2005-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/runtime_tools/src/observer_backend.erl b/lib/runtime_tools/src/observer_backend.erl
index 9c1f9da5b1..2f8ffbcdb6 100644
--- a/lib/runtime_tools/src/observer_backend.erl
+++ b/lib/runtime_tools/src/observer_backend.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,6 +21,9 @@
 %% General
 -export([vsn/0]).
 
+%% observer stuff
+-export([sys_info/0, get_table/3, get_table_list/2]).
+
 %% etop stuff
 -export([etop_collect/1]).
 -include("observer_backend.hrl").
@@ -42,7 +45,158 @@ vsn() ->
 	Error -> Error
     end.
 
+%%
+%% observer backend
+%%
+sys_info() ->
+    {{_,Input},{_,Output}} = erlang:statistics(io),
+    [{process_count, erlang:system_info(process_count)},
+     {process_limit, erlang:system_info(process_limit)},
+     {uptime, element(1, erlang:statistics(wall_clock))},
+     {run_queue, erlang:statistics(run_queue)},
+     {io_input, Input},
+     {io_output,  Output},
+     {logical_processors, erlang:system_info(logical_processors)},
+     {logical_processors_available, erlang:system_info(logical_processors_available)},
+     {logical_processors_online, erlang:system_info(logical_processors_online)},
+
+     {otp_release, erlang:system_info(otp_release)},
+     {version, erlang:system_info(version)},
+     {system_architecture, erlang:system_info(system_architecture)},
+     {kernel_poll, erlang:system_info(kernel_poll)},
+     {smp_support, erlang:system_info(smp_support)},
+     {threads, erlang:system_info(threads)},
+     {thread_pool_size, erlang:system_info(thread_pool_size)},
+     {wordsize_internal, erlang:system_info({wordsize, internal})},
+     {wordsize_external, erlang:system_info({wordsize, external})} |
+     erlang:memory()
+    ].
+
+get_table(Parent, Table, Module) ->
+    spawn(fun() ->
+		  link(Parent),
+		  get_table2(Parent, Table, Module)
+	  end).
+
+get_table2(Parent, Table, Type) ->
+    Size = case Type of
+	       ets -> ets:info(Table, size);
+	       mnesia -> mnesia:table_info(Table, size)
+	   end,
+    case Size > 0 of
+	false ->
+	    Parent ! {self(), '$end_of_table'},
+	    normal;
+	true when Type =:= ets ->
+	    Mem = ets:info(Table, memory),
+	    Average = Mem div Size,
+	    NoElements = max(10, 20000 div Average),
+	    get_ets_loop(Parent, ets:match(Table, '$1', NoElements));
+	true ->
+	    Mem = mnesia:table_info(Table, memory),
+	    Average = Mem div Size,
+	    NoElements = max(10, 20000 div Average),
+	    Ms = [{'$1', [], ['$1']}],
+	    Get = fun() ->
+			  get_mnesia_loop(Parent, mnesia:select(Table, Ms, NoElements, read))
+		  end,
+	    %% Not a transaction, we don't want to grab locks when inspecting the table
+	    mnesia:async_dirty(Get)
+    end.
 
+get_ets_loop(Parent, '$end_of_table') ->
+    Parent ! {self(), '$end_of_table'};
+get_ets_loop(Parent, {Match, Cont}) ->
+    Parent ! {self(), Match},
+    get_ets_loop(Parent, ets:match(Cont)).
+
+get_mnesia_loop(Parent, '$end_of_table') ->
+    Parent ! {self(), '$end_of_table'};
+get_mnesia_loop(Parent, {Match, Cont}) ->
+    Parent ! {self(), Match},
+    get_mnesia_loop(Parent, mnesia:select(Cont)).
+
+get_table_list(ets, Opts) ->
+    HideUnread = proplists:get_value(unread_hidden, Opts, true),
+    HideSys = proplists:get_value(sys_hidden, Opts, true),
+    Info = fun(Id, Acc) ->
+		   try
+		       TabId = case ets:info(Id, named_table) of
+				   true -> ignore;
+				   false -> Id
+			       end,
+		       Name = ets:info(Id, name),
+		       Protection = ets:info(Id, protection),
+		       ignore(HideUnread andalso Protection == private, unreadable),
+		       Owner = ets:info(Id, owner),
+		       RegName = case catch process_info(Owner, registered_name) of
+				     [] -> ignore;
+				     {registered_name, ProcName} -> ProcName
+				 end,
+		       ignore(HideSys andalso ordsets:is_element(RegName, sys_processes()), system_tab),
+		       ignore(HideSys andalso ordsets:is_element(Name, sys_tables()), system_tab),
+		       ignore((RegName == mnesia_monitor)
+			      andalso Name /= schema
+			      andalso is_atom((catch mnesia:table_info(Name, where_to_read))), mnesia_tab),
+		       Memory = ets:info(Id, memory) * erlang:system_info(wordsize),
+		       Tab = [{name,Name},
+			      {id,TabId},
+			      {protection,Protection},
+			      {owner,Owner},
+			      {size,ets:info(Id, size)},
+			      {reg_name,RegName},
+			      {type,ets:info(Id, type)},
+			      {keypos,ets:info(Id, keypos)},
+			      {heir,ets:info(Id, heir)},
+			      {memory,Memory},
+			      {compressed,ets:info(Id, compressed)},
+			      {fixed,ets:info(Id, fixed)}
+			     ],
+		       [Tab|Acc]
+		   catch _:_What ->
+			   %% io:format("Skipped ~p: ~p ~n",[Id, _What]),
+			   Acc
+		   end
+	   end,
+    lists:foldl(Info, [], ets:all());
+
+get_table_list(mnesia, Opts) ->
+    HideSys = proplists:get_value(sys_hidden, Opts, true),
+    Owner = ets:info(schema, owner),
+    Owner /= undefined orelse
+	throw({error, "Mnesia is not running on: " ++ atom_to_list(node())}),
+    {registered_name, RegName} = process_info(Owner, registered_name),
+    Info = fun(Id, Acc) ->
+		   try
+		       Name = Id,
+		       ignore(HideSys andalso ordsets:is_element(Name, mnesia_tables()), system_tab),
+		       ignore(Name =:= schema, mnesia_tab),
+		       Storage = mnesia:table_info(Id, storage_type),
+		       Tab0 = [{name,Name},
+			       {owner,Owner},
+			       {size,mnesia:table_info(Id, size)},
+			       {reg_name,RegName},
+			       {type,mnesia:table_info(Id, type)},
+			       {keypos,2},
+			       {memory,mnesia:table_info(Id, memory) * erlang:system_info(wordsize)},
+			       {storage,Storage},
+			       {index,mnesia:table_info(Id, index)}
+			      ],
+		       Tab = if Storage == disc_only_copies ->
+				     [{fixed, dets:info(Id, safe_fixed)}|Tab0];
+				(Storage == ram_copies) orelse
+				(Storage == disc_copies) ->
+				     [{fixed, ets:info(Id, fixed)},
+				      {compressed, ets:info(Id, compressed)}|Tab0];
+				true -> Tab0
+			     end,
+		       [Tab|Acc]
+		   catch _:_What ->
+			   %% io:format("Skipped ~p: ~p ~p ~n",[Id, _What, erlang:get_stacktrace()]),
+			   Acc
+		   end
+	   end,
+    lists:foldl(Info, [], mnesia:system_info(tables)).
 
 %%
 %% etop backend
@@ -395,3 +549,62 @@ match_filenames(Dir,MetaFile,[H|T],Files) ->
     end;
 match_filenames(_Dir,_MetaFile,[],Files) ->
     Files.
+
+
+%%%%%%%%%%%%%%%%%
+
+sys_tables() ->
+    [ac_tab,  asn1,
+     cdv_dump_index_table,  cdv_menu_table,  cdv_decode_heap_table,
+     cell_id,  cell_pos,  clist,
+     cover_internal_data_table,   cover_collected_remote_data_table, cover_binary_code_table,
+     code, code_names,  cookies,
+     corba_policy,  corba_policy_associations,
+     dets, dets_owners, dets_registry,
+     disk_log_names, disk_log_pids,
+     eprof,  erl_atom_cache, erl_epmd_nodes,
+     etop_accum_tab,  etop_tr,
+     ets_coverage_data,
+     file_io_servers,
+     gs_mapping, gs_names,  gstk_db,
+     gstk_grid_cellid, gstk_grid_cellpos, gstk_grid_id,
+     httpd,
+     id,
+     ign_req_index, ign_requests,
+     index,
+     inet_cache, inet_db, inet_hosts,
+     'InitialReferences',
+     int_db,
+     interpreter_includedirs_macros,
+     ir_WstringDef,
+     lmcounter,  locks,
+						%     mnesia_decision,
+     mnesia_gvar, mnesia_stats,
+						%     mnesia_transient_decision,
+     pg2_table,
+     queue,
+     schema,
+     shell_records,
+     snmp_agent_table, snmp_local_db2, snmp_mib_data, snmp_note_store, snmp_symbolic_ets,
+     tkFun, tkLink, tkPriv,
+     ttb, ttb_history_table,
+     udp_fds, udp_pids
+    ].
+
+sys_processes() ->
+    [auth, code_server, global_name_server, inet_db,
+     mnesia_recover, net_kernel, timer_server, wxe_master].
+
+mnesia_tables() ->
+    [ir_AliasDef, ir_ArrayDef, ir_AttributeDef, ir_ConstantDef,
+     ir_Contained, ir_Container, ir_EnumDef, ir_ExceptionDef,
+     ir_IDLType, ir_IRObject, ir_InterfaceDef, ir_ModuleDef,
+     ir_ORB, ir_OperationDef, ir_PrimitiveDef, ir_Repository,
+     ir_SequenceDef, ir_StringDef, ir_StructDef, ir_TypedefDef,
+     ir_UnionDef, logTable, logTransferTable, mesh_meas,
+     mesh_type, mnesia_clist, orber_CosNaming,
+     orber_objkeys, user
+    ].
+
+ignore(true, Reason) -> throw(Reason);
+ignore(_,_ ) -> ok.
diff --git a/lib/runtime_tools/src/runtime_tools.app.src b/lib/runtime_tools/src/runtime_tools.app.src
index 095567b165..76fd998530 100644
--- a/lib/runtime_tools/src/runtime_tools.app.src
+++ b/lib/runtime_tools/src/runtime_tools.app.src
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/runtime_tools/src/runtime_tools_sup.erl b/lib/runtime_tools/src/runtime_tools_sup.erl
index 4fcb2292d0..913719c449 100644
--- a/lib/runtime_tools/src/runtime_tools_sup.erl
+++ b/lib/runtime_tools/src/runtime_tools_sup.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2006-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2006-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/runtime_tools/test/inviso_SUITE.erl b/lib/runtime_tools/test/inviso_SUITE.erl
index 758867cf45..33626ffd9e 100644
--- a/lib/runtime_tools/test/inviso_SUITE.erl
+++ b/lib/runtime_tools/test/inviso_SUITE.erl
@@ -66,13 +66,18 @@ end_per_group(_GroupName, Config) ->
 
 
 init_per_suite(Config) ->
-    %% No never know who skrewed up this node before this suite! :-)
-    erlang:trace_pattern({'_','_','_'},[],[local]),
-    erlang:trace_pattern({'_','_','_'},[],[global]),
-    erlang:trace(all,false,[all]),
+    case test_server:is_native(lists) of
+	true ->
+	    {skip,"Native libs -- tracing doesn't work"};
+	false ->
+	    %% We never know who messed up this node before this suite! :-)
+	    erlang:trace_pattern({'_','_','_'},[],[local]),
+	    erlang:trace_pattern({'_','_','_'},[],[global]),
+	    erlang:trace(all,false,[all]),
 
-    ?l ok=application:start(runtime_tools),
-    Config.
+	    ok=application:start(runtime_tools),
+	    Config
+    end.
 
 end_per_suite(_Config) ->
     ?l ok=application:stop(runtime_tools).
diff --git a/lib/runtime_tools/vsn.mk b/lib/runtime_tools/vsn.mk
index 0bcd261861..3fbc1b3379 100644
--- a/lib/runtime_tools/vsn.mk
+++ b/lib/runtime_tools/vsn.mk
@@ -1 +1 @@
-RUNTIME_TOOLS_VSN = 1.8.6
+RUNTIME_TOOLS_VSN = 1.8.7
diff --git a/lib/sasl/doc/src/appup.xml b/lib/sasl/doc/src/appup.xml
index 195f9fe1d3..770b7c2492 100644
--- a/lib/sasl/doc/src/appup.xml
+++ b/lib/sasl/doc/src/appup.xml
@@ -332,7 +332,7 @@ restart_new_emulator
     <p>An info report will be written when the upgrade is
       completed. To programatically find out if the upgrade is
       complete,
-      call <seealso marker="release_handler#which_release/0">
+      call <seealso marker="release_handler#which_releases/0">
       release_handler:which_releases</seealso> and check if the
       expected release has status <c>current</c>.</p>
     <p>The new release must still be made permanent after the upgrade
diff --git a/lib/sasl/doc/src/notes.xml b/lib/sasl/doc/src/notes.xml
index 01cdc4b29e..2f22a8ec43 100644
--- a/lib/sasl/doc/src/notes.xml
+++ b/lib/sasl/doc/src/notes.xml
@@ -30,6 +30,71 @@
   </header>
   <p>This document describes the changes made to the SASL application.</p>
 
+<section><title>SASL 2.2</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fix the mechanism for upgrading emulator.</p>
+          <p>
+	    The appup files for kernel, stdlib and sasl do now
+	    recognize two major releases back and include a
+	    'restart_new_emulator' instruction. </p>
+          <p>
+	    Appup files can include regular expressions for matching
+	    earlier releases.</p>
+          <p>
+	    The mechanism for upgrading the emulator is changed so
+	    'restart_new_emulator' will be the first instruction
+	    executed. The rest of the upgrade instruction will be
+	    executed after the emulator restart.</p>
+          <p>
+	    A new upgrade instruction 'restart_emulator' is added for
+	    the case where the emulator shall be restarted after all
+	    other upgrade instructions.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9438</p>
+        </item>
+        <item>
+          <p>
+	    Add release_handler:which_releases/1</p>
+          <p>
+	    This is an extension to which_releases that allows a user
+	    to specify the status of the releases they wish to be
+	    returned. For instance it allows for quickly determining
+	    which release is 'permanent' without the need of parsing
+	    the entire release list. (Thanks to Joe Williams)</p>
+          <p>
+	    Own Id: OTP-9717</p>
+        </item>
+        <item>
+          <p>
+	    Add copy of rel file in releases/Vsn in release tar file</p>
+          <p>
+	    systool:make_tar stores the rel file in the releases
+	    directory. When unpacking with
+	    release_handler:unpack_release, the file is automatically
+	    moved to releases/Vsn/. If, however, the tar file is
+	    unpacked manually, the rel file might not be moved, and
+	    the next release unpacked might overwrite the rel file.
+	    To overcome this, systools:make_tar now stores a copy of
+	    the rel file in releases/Vsn/ directly and it is not
+	    longer necessary to move the file after unpacking.</p>
+          <p>
+	    The reason for keeping the file in the releases directory
+	    also is that is needs to be extracted separately before
+	    the release version (Vsn) is known.</p>
+          <p>
+	    Own Id: OTP-9746</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>SASL 2.1.10</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/sasl/doc/src/rb.xml b/lib/sasl/doc/src/rb.xml
index f35ceb5777..3da825878e 100644
--- a/lib/sasl/doc/src/rb.xml
+++ b/lib/sasl/doc/src/rb.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1996</year><year>2010</year>
+      <year>1996</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -123,7 +123,9 @@
       <fsummary>List all reports</fsummary>
       <type>
         <v>Type = type()</v>
-        <v>type() = crash_report | supervisor_report | error | progress</v>
+        <v>type() = error | error_report | info_msg | info_report |
+        warning_msg | warning_report | crash_report |
+        supervisor_report | progress</v>
       </type>
       <desc>
         <p>This function lists all reports loaded in the
diff --git a/lib/sasl/doc/src/release_handler.xml b/lib/sasl/doc/src/release_handler.xml
index 7f32100d4b..e3438ede41 100644
--- a/lib/sasl/doc/src/release_handler.xml
+++ b/lib/sasl/doc/src/release_handler.xml
@@ -64,10 +64,10 @@
       downgraded to the specified version by evaluating the instructions
       in <c>relup</c>. An installed release can be made
       <em>permanent</em>. There can only be one permanent release in
-      the system, and this is the release that is used if the system is
-      restarted. An installed release, except the permanent one, can be
-      <em>removed</em>. When a release is removed, all files that
-      belong to that release only are deleted.</p>
+      the system, and this is the release that is used if the system
+      is restarted. An installed release, except the permanent one,
+      can be <em>removed</em>. When a release is removed, all files
+      that belong to that release only are deleted.</p>
     <p>Each version of the release has a status. The status can be
       <c>unpacked</c>, <c>current</c>, <c>permanent</c>, or <c>old</c>.
       There is always one latest release which either has status
@@ -107,16 +107,17 @@ old        reboot_old            permanent
       restarted. This is taken care of automatically if Erlang is
       started as an embedded system. Read about this in <em>Embedded System</em>. In this case, the system configuration file
       <c>sys.config</c> is mandatory.</p>
-    <p>A new release may restart the system. Which program to use is
-      specified by the SASL configuration parameter <c>start_prg</c>
-      which defaults to <c>$ROOT/bin/start</c>.</p>
+    <p>The installation of a new release may restart the system. Which
+      program to use is specified by the SASL configuration
+      parameter <c>start_prg</c> which defaults
+      to <c>$ROOT/bin/start</c>.</p>
     <p>The emulator restart on Windows NT expects that the system is
       started using the <c>erlsrv</c> program (as a service).
       Furthermore the release handler expects that the service is named 
       <em>NodeName</em>_<em>Release</em>, where <em>NodeName</em> is
       the first part of the Erlang nodename (up to, but not including
-      the "@") and <em>Release</em> is the current release of
-      the application. The release handler furthermore expects that a
+      the "@") and <em>Release</em> is the current version of
+      the release. The release handler furthermore expects that a
       program like <c>start_erl.exe</c> is specified as "machine" to
       <c>erlsrv</c>. During upgrading with restart, a new service will
       be registered and started. The new service will be set to
@@ -484,7 +485,7 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
         <c>release_handler</c> to end up in an inconsistent state.</p>
       <p>No persistent information is updated, why these functions can
         be used on any Erlang node, embedded or not. Also, using these
-        functions does not effect which code will be loaded in case of
+        functions does not affect which code will be loaded in case of
         a reboot.</p>
       <p>If the upgrade or downgrade fails, the application may end up
         in an inconsistent state.</p>
@@ -492,7 +493,7 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
   </section>
   <funcs>
     <func>
-      <name>upgrade_app(App, Dir) -> {ok, Unpurged} | restart_new_emulator | {error, Reason}</name>
+      <name>upgrade_app(App, Dir) -> {ok, Unpurged} | restart_emulator | {error, Reason}</name>
       <fsummary>Upgrade to a new application version</fsummary>
       <type>
         <v>App = atom()</v>
@@ -521,14 +522,21 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
           does.</p>
         <p>Returns <c>{ok, Unpurged}</c> if evaluating the script is
           successful, where <c>Unpurged</c> is a list of unpurged
-          modules, or <c>restart_new_emulator</c> if this instruction is
+          modules, or <c>restart_emulator</c> if this instruction is
           encountered in the script, or <c>{error, Reason}</c> if
           an error occurred when finding or evaluating the script.</p>
+	<p>If the <c>restart_new_emulator</c> instruction is found in
+	  the script, <c>upgrade_app/2</c> will return
+	  <c>{error,restart_new_emulator}</c>. The reason for this is
+	  that this instruction requires that a new version of the
+	  emulator is started before the rest of the upgrade
+	  instructions can be executed, and this can only be done by
+          <c>install_release/1,2</c>.</p>
       </desc>
     </func>
     <func>
       <name>downgrade_app(App, Dir) -></name>
-      <name>downgrade_app(App, OldVsn, Dir) -> {ok, Unpurged} | restart_new_emulator | {error, Reason}</name>
+      <name>downgrade_app(App, OldVsn, Dir) -> {ok, Unpurged} | restart_emulator | {error, Reason}</name>
       <fsummary>Downgrade to a previous application version</fsummary>
       <type>
         <v>App = atom()</v>
@@ -562,7 +570,7 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
           does.</p>
         <p>Returns <c>{ok, Unpurged}</c> if evaluating the script is
           successful, where <c>Unpurged</c> is a list of unpurged
-          modules, or <c>restart_new_emulator</c> if this instruction is
+          modules, or <c>restart_emulator</c> if this instruction is
           encountered in the script, or <c>{error, Reason}</c> if
           an error occurred when finding or evaluating the script.</p>
       </desc>
@@ -638,7 +646,7 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
       </desc>
     </func>
     <func>
-      <name>eval_appup_script(App, ToVsn, ToDir, Script) -> {ok, Unpurged} | restart_new_emulator | {error, Reason}</name>
+      <name>eval_appup_script(App, ToVsn, ToDir, Script) -> {ok, Unpurged} | restart_emulator | {error, Reason}</name>
       <fsummary>Evaluate an application upgrade or downgrade script</fsummary>
       <type>
         <v>App = atom()</v>
@@ -651,8 +659,8 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
       <desc>
         <p>Evaluates an application upgrade or downgrade script
           <c>Script</c>, the result from calling
-          <seealso marker="#upgrade_app/2">upgrade_app/2</seealso> or
-          <seealso marker="#downgrade_app/3">downgrade_app/2,3</seealso>,
+          <seealso marker="#upgrade_app/2">upgrade_script/2</seealso> or
+          <seealso marker="#downgrade_app/3">downgrade_script/3</seealso>,
           exactly in the same way as
           <seealso marker="#install_release/1">install_release/1,2</seealso>
           does.</p>
@@ -663,9 +671,16 @@ release_handler:set_unpacked(RelFile, [{myapp,"1.0","/home/user"},...]).
           <c>.appup</c> files should be located under <c>Dir/ebin</c>.</p>
         <p>Returns <c>{ok, Unpurged}</c> if evaluating the script is
           successful, where <c>Unpurged</c> is a list of unpurged
-          modules, or <c>restart_new_emulator</c> if this instruction is
+          modules, or <c>restart_emulator</c> if this instruction is
           encountered in the script, or <c>{error, Reason}</c> if
           an error occurred when evaluating the script.</p>
+	<p>If the <c>restart_new_emulator</c> instruction is found in
+	  the script, <c>eval_appup_script/4</c> will return
+	  <c>{error,restart_new_emulator}</c>. The reason for this is
+	  that this instruction requires that a new version of the
+	  emulator is started before the rest of the upgrade
+	  instructions can be executed, and this can only be done by
+          <c>install_release/1,2</c>.</p>
       </desc>
     </func>
   </funcs>
diff --git a/lib/sasl/doc/src/systools.xml b/lib/sasl/doc/src/systools.xml
index fa2fcbf534..84fed0a25f 100644
--- a/lib/sasl/doc/src/systools.xml
+++ b/lib/sasl/doc/src/systools.xml
@@ -138,8 +138,9 @@
       <fsummary>Generate a boot script <c>.script/.boot</c>.</fsummary>
       <type>
         <v>Name = string()</v>
-        <v>Opt = src_tests | {path,[Dir]} | local | {variables,[Var]} | exref | {exref,[App]}]
-	| silent | {outdir,Dir} | warnings_as_errors</v>
+        <v>Opt = src_tests | {path,[Dir]} | local | {variables,[Var]} | exref |
+	  {exref,[App]}] | silent | {outdir,Dir} | no_warn_sasl |
+	  warnings_as_errors</v>
         <v>&nbsp;Dir = string()</v>
         <v>&nbsp;Var = {VarName,Prefix}</v>
         <v>&nbsp;&nbsp;VarName = Prefix = string()</v>
@@ -195,6 +196,14 @@
         <p>The applications are sorted according to the dependencies
           between the applications. Where there are no dependencies,
           the order in the <c>.rel</c> file is kept.</p>
+	<p>The function will fail if the mandatory
+	  applications <c>kernel</c> and <c>stdlib</c> are not
+	  included in the <c>.rel</c> file and have start
+	  type <c>permanent</c> (default).</p>
+	<p>If <c>sasl</c> is not included as an application in
+	  the <c>.rel</c> file, a warning is emitted because such a
+	  release can not be used in an upgrade. To turn off this
+	  warning, add the option <c>no_warn_sasl</c>.</p>
         <p>All files are searched for in the current path. It is
           assumed that the <c>.app</c> and <c>.beam</c> files for an
           application is located in the same directory. The <c>.erl</c>
@@ -225,7 +234,7 @@
         <p>Example: If the option <c>{variables,[{"TEST","lib"}]}</c> is
           supplied, and <c>myapp.app</c> is found in
           <c>lib/myapp/ebin</c>, then the path to this application in
-          the boot script will be <c>$TEST/myapp-1/ebin"</c>. If
+          the boot script will be <c>"$TEST/myapp-1/ebin"</c>. If
           <c>myapp.app</c> is found in <c>lib/test</c>, then the path
           will be <c>$TEST/test/myapp-1/ebin</c>.</p>
         <p>The checks performed before the boot script is generated can
diff --git a/lib/sasl/examples/src/target_system.erl b/lib/sasl/examples/src/target_system.erl
index 0e1e0b2324..ffc0fcf443 100644
--- a/lib/sasl/examples/src/target_system.erl
+++ b/lib/sasl/examples/src/target_system.erl
@@ -16,6 +16,7 @@
 %%
 %% %CopyrightEnd%
 %%
+%module
 -module(target_system).
 -export([create/1, create/2, install/2]).
 
@@ -130,14 +131,14 @@ install(RelFileName, RootDir) ->
     [ErlVsn, _RelVsn| _] = string:tokens(StartErlData, " \n"),
     ErtsBinDir = filename:join([RootDir, "erts-" ++ ErlVsn, "bin"]),
     BinDir = filename:join([RootDir, "bin"]),
-    io:fwrite("Substituting in erl.src, start.src and start_erl.src to\n"
+    io:fwrite("Substituting in erl.src, start.src and start_erl.src to "
               "form erl, start and start_erl ...\n"),
     subst_src_scripts(["erl", "start", "start_erl"], ErtsBinDir, BinDir, 
                       [{"FINAL_ROOTDIR", RootDir}, {"EMU", "beam"}],
                       [preserve]),
     io:fwrite("Creating the RELEASES file ...\n"),
-    create_RELEASES(RootDir, 
-                    filename:join([RootDir, "releases", RelFileName])).
+    create_RELEASES(RootDir, filename:join([RootDir, "releases",
+					    filename:basename(RelFileName)])).
 
 %% LOCALS 
 
@@ -257,3 +258,4 @@ remove_all_files(Dir, Files) ->
                                   file:delete(FilePath)
                           end
                   end, Files).
+%module
diff --git a/lib/sasl/src/release_handler.erl b/lib/sasl/src/release_handler.erl
index 4e8cb4628c..8d2b9c35d3 100644
--- a/lib/sasl/src/release_handler.erl
+++ b/lib/sasl/src/release_handler.erl
@@ -842,8 +842,13 @@ do_unpack_release(Root, RelDir, ReleaseName, Releases) ->
     extract_tar(Root, Tar),
     NewReleases = [Release#release{status = unpacked} | Releases],
     write_releases(RelDir, NewReleases, false),
+
+    %% Keeping this for backwards compatibility reasons with older
+    %% systools:make_tar, where there is no copy of the .rel file in
+    %% the releases/<vsn> dir. See OTP-9746.
     Dir = filename:join([RelDir, Vsn]),
     copy_file(RelFile, Dir, false),
+
     {ok, NewReleases, Vsn}.
 
 %% Note that this function is not executed by a client
@@ -1050,38 +1055,50 @@ new_emulator_make_tmp_release(CurrentRelease,ToRelease,RelDir,Opts,Masters) ->
     CurrentVsn = CurrentRelease#release.vsn,
     ToVsn = ToRelease#release.vsn,
     TmpVsn = ?tmp_vsn(CurrentVsn),
-    BaseApps = [kernel,stdlib,sasl],
-    BaseLibs = [{App,Vsn,Lib} || {App,Vsn,Lib} <- ToRelease#release.libs,
-				 lists:member(App,BaseApps)],
-    check_base_libs(BaseLibs,ToVsn),
-    OldBaseLibs = [{App,Vsn,Lib} || {App,Vsn,Lib} <- CurrentRelease#release.libs,
-				    lists:member(App,BaseApps)],
-    check_base_libs(OldBaseLibs,CurrentVsn),
-    RestLibs = [{App,Vsn,Lib} || {App,Vsn,Lib} <- CurrentRelease#release.libs,
-				 not lists:member(App,BaseApps)],
-    TmpRelease = CurrentRelease#release{vsn=TmpVsn,
-					erts_vsn=ToRelease#release.erts_vsn,
-					libs = BaseLibs ++ RestLibs,
-					status = unpacked},
-    new_emulator_make_hybrid_boot(CurrentVsn,ToVsn,TmpVsn,BaseLibs,
-				  RelDir,Opts,Masters),
-    new_emulator_make_hybrid_config(CurrentVsn,ToVsn,TmpVsn,RelDir,Masters),
-    {TmpVsn,TmpRelease}.
-
-check_base_libs([_,_,_]=BaseLibs,_Vsn) ->
-    [Kernel,Sasl,Stdlib] = lists:keysort(1,BaseLibs),
-    [Kernel,Stdlib,Sasl];
-check_base_libs(SomeMissing,Vsn) ->
-    find_missing(SomeMissing,[kernel,stdlib,sasl],Vsn).
-
-find_missing(SomeMissing,[H|T],Vsn) ->
-    case lists:keymember(H,1,SomeMissing) of
-	true ->
-	    find_missing(SomeMissing,T,Vsn);
-	false ->
-	    throw({error,{missing_base_app,Vsn,H}})
+    case get_base_libs(ToRelease#release.libs) of
+	{ok,{Kernel,Stdlib,Sasl}=BaseLibs,_} ->
+	    case get_base_libs(ToRelease#release.libs) of
+		{ok,_,RestLibs} ->
+		    TmpErtsVsn = ToRelease#release.erts_vsn,
+		    TmpLibs = [Kernel,Stdlib,Sasl|RestLibs],
+		    TmpRelease = CurrentRelease#release{vsn=TmpVsn,
+							erts_vsn=TmpErtsVsn,
+							libs = TmpLibs,
+							status = unpacked},
+		    new_emulator_make_hybrid_boot(CurrentVsn,ToVsn,TmpVsn,
+						  BaseLibs,RelDir,Opts,Masters),
+		    new_emulator_make_hybrid_config(CurrentVsn,ToVsn,TmpVsn,
+						    RelDir,Masters),
+		    {TmpVsn,TmpRelease};
+		{error,{missing,Missing}} ->
+		    throw({error,{missing_base_app,CurrentVsn,Missing}})
+	    end;
+	{error,{missing,Missing}} ->
+	    throw({error,{missing_base_app,ToVsn,Missing}})
     end.
 
+%% Get kernel, stdlib and sasl libs,
+%% and also return the rest of the libs as a list.
+%% Return error if any of kernel, stdlib or sasl does not exist.
+get_base_libs(Libs) ->
+    get_base_libs(Libs,undefined,undefined,undefined,[]).
+get_base_libs([{kernel,_,_}=Kernel|Libs],undefined,Stdlib,Sasl,Rest) ->
+    get_base_libs(Libs,Kernel,Stdlib,Sasl,Rest);
+get_base_libs([{stdlib,_,_}=Stdlib|Libs],Kernel,undefined,Sasl,Rest) ->
+    get_base_libs(Libs,Kernel,Stdlib,Sasl,Rest);
+get_base_libs([{sasl,_,_}=Sasl|Libs],Kernel,Stdlib,undefined,Rest) ->
+    get_base_libs(Libs,Kernel,Stdlib,Sasl,Rest);
+get_base_libs([Lib|Libs],Kernel,Stdlib,Sasl,Rest) ->
+    get_base_libs(Libs,Kernel,Stdlib,Sasl,[Lib|Rest]);
+get_base_libs([],undefined,_Stdlib,_Sasl,_Rest) ->
+    {error,{missing,kernel}};
+get_base_libs([],_Kernel,undefined,_Sasl,_Rest) ->
+    {error,{missing,stdlib}};
+get_base_libs([],_Kernel,_Stdlib,undefined,_Rest) ->
+    {error,{missing,sasl}};
+get_base_libs([],Kernel,Stdlib,Sasl,Rest) ->
+    {ok,{Kernel,Stdlib,Sasl},lists:reverse(Rest)}.
+
 new_emulator_make_hybrid_boot(CurrentVsn,ToVsn,TmpVsn,BaseLibs,RelDir,Opts,Masters) ->
     FromBootFile = filename:join([RelDir,CurrentVsn,"start.boot"]),
     ToBootFile = filename:join([RelDir,ToVsn,"start.boot"]),
@@ -1090,9 +1107,10 @@ new_emulator_make_hybrid_boot(CurrentVsn,ToVsn,TmpVsn,BaseLibs,RelDir,Opts,Maste
     Args = [ToVsn,Opts],
     {ok,FromBoot} = read_file(FromBootFile,Masters),
     {ok,ToBoot} = read_file(ToBootFile,Masters),
-    [KernelPath,SaslPath,StdlibPath] =
-	[filename:join(Path,ebin) || {_,_,Path} <- lists:keysort(1,BaseLibs)],
-    Paths = {KernelPath,StdlibPath,SaslPath},
+    {{_,_,KernelPath},{_,_,SaslPath},{_,_,StdlibPath}} = BaseLibs,
+    Paths = {filename:join(KernelPath,"ebin"),
+	     filename:join(StdlibPath,"ebin"),
+	     filename:join(SaslPath,"ebin")},
     case systools_make:make_hybrid_boot(TmpVsn,FromBoot,ToBoot,Paths,Args) of
 	{ok,TmpBoot} ->
 	    write_file(TmpBootFile,TmpBoot,Masters);
@@ -1554,7 +1572,7 @@ memlib(_Lib, []) -> false.
 			 
 %% recursively remove file or directory
 remove_file(File) ->
-    case file:read_file_info(File) of
+    case file:read_link_info(File) of
 	{ok, Info} when Info#file_info.type==directory ->
 	    case file:list_dir(File) of
 		{ok, Files} ->
diff --git a/lib/sasl/src/release_handler_1.erl b/lib/sasl/src/release_handler_1.erl
index b4b288646f..93d12cf609 100644
--- a/lib/sasl/src/release_handler_1.erl
+++ b/lib/sasl/src/release_handler_1.erl
@@ -459,7 +459,9 @@ eval({apply, {M, F, A}}, EvalState) ->
     apply(M, F, A),
     EvalState;
 eval(restart_emulator, _EvalState) ->
-    throw(restart_emulator).
+    throw(restart_emulator);
+eval(restart_new_emulator, _EvalState) ->
+    throw(restart_new_emulator).
 
 get_opt(Tag, EvalState, Default) ->
     case lists:keysearch(Tag, 1, EvalState#eval_state.opts) of
@@ -503,15 +505,20 @@ resume(Pids) ->
 
 change_code(Pids, Mod, Vsn, Extra, Timeout) ->
     Fun = fun(Pid) -> 
-		  case Timeout of
-		      default ->
-			  ok = sys:change_code(Pid, Mod, Vsn, Extra);
-		      _Else ->
-			  ok = sys:change_code(Pid, Mod, Vsn, Extra, Timeout)
+		  case sys_change_code(Pid, Mod, Vsn, Extra, Timeout) of
+		      ok ->
+			  ok;
+		      {error,Reason} ->
+			  throw({code_change_failed,Pid,Mod,Vsn,Reason})
 		  end
 	  end,
     lists:foreach(Fun, Pids).
 
+sys_change_code(Pid, Mod, Vsn, Extra, default) ->
+    sys:change_code(Pid, Mod, Vsn, Extra);
+sys_change_code(Pid, Mod, Vsn, Extra, Timeout) ->
+    sys:change_code(Pid, Mod, Vsn, Extra, Timeout).
+
 stop(Mod, Procs) ->
     lists:zf(fun({undefined, _Name, _Pid, _Mods}) ->
 		     false;
diff --git a/lib/sasl/src/systools_make.erl b/lib/sasl/src/systools_make.erl
index ce37f3c2ce..12ba2a5476 100644
--- a/lib/sasl/src/systools_make.erl
+++ b/lib/sasl/src/systools_make.erl
@@ -58,6 +58,7 @@
 %%              {variables,[{Name,AbsString}]}
 %%              {machine, jam | beam | vee}
 %%              exref | {exref, [AppName]}
+%%              no_warn_sasl
 %%-----------------------------------------------------------------
 
 make_script(RelName) when is_list(RelName) ->
@@ -88,7 +89,8 @@ make_script(RelName, Output, Flags) when is_list(RelName),
 	    Path  = make_set(Path1 ++ code:get_path()),
 	    ModTestP = {member(src_tests, Flags),xref_p(Flags)},
 	    case get_release(RelName, Path, ModTestP, machine(Flags)) of
-		{ok, Release, Appls, Warnings} ->
+		{ok, Release, Appls, Warnings0} ->
+		    Warnings = wsasl(Flags, Warnings0),
 		    case systools_lib:werror(Flags, Warnings) of
 			true ->
 			    return(ok,Warnings,Flags);
@@ -112,7 +114,13 @@ make_script(RelName, _Output, Flags) when is_list(Flags) ->
 make_script(RelName, _Output, Flags) ->
     badarg(Flags,[RelName, Flags]).
 
-%% Inlined.
+
+wsasl(Options, Warnings) ->
+    case lists:member(no_warn_sasl,Options) of
+	true -> lists:delete({warning,missing_sasl},Warnings);
+	false -> Warnings
+    end.
+
 badarg(BadArg, Args) ->
     erlang:error({badarg,BadArg}, Args).
 
@@ -455,30 +463,35 @@ check_appl(Appl) ->
 		end,
 		Appl) of
 	[] ->
-	    {ok,Ws} = mandatory_applications(Appl),
-	    {split_app_incl(Appl),Ws};
+	    {ApplsNoIncls,Incls} = split_app_incl(Appl),
+	    {ok,Ws} = mandatory_applications(ApplsNoIncls,undefined,
+					     undefined,undefined),
+	    {{ApplsNoIncls,Incls},Ws};
 	Illegal ->
 	    throw({error, {illegal_applications,Illegal}})
     end.
 
-mandatory_applications(Appl) ->
-    AppNames = map(fun(AppT) -> element(1, AppT) end,
-		   Appl),
-    Mand = mandatory_applications(),
-    case filter(fun(X) -> member(X, AppNames) end, Mand) of
-	Mand ->
-	    case member(sasl,AppNames) of
-		true ->
-		    {ok,[]};
-		_ ->
-		    {ok, [{warning,missing_sasl}]}
-	    end;
-	_ ->
-	    throw({error, {missing_mandatory_app, Mand}})
-    end.
-
-mandatory_applications() ->
-    [kernel, stdlib].
+mandatory_applications([{kernel,_,Type}|Apps],undefined,Stdlib,Sasl) ->
+    mandatory_applications(Apps,Type,Stdlib,Sasl);
+mandatory_applications([{stdlib,_,Type}|Apps],Kernel,undefined,Sasl) ->
+    mandatory_applications(Apps,Kernel,Type,Sasl);
+mandatory_applications([{sasl,_,Type}|Apps],Kernel,Stdlib,undefined) ->
+    mandatory_applications(Apps,Kernel,Stdlib,Type);
+mandatory_applications([_|Apps],Kernel,Stdlib,Sasl) ->
+    mandatory_applications(Apps,Kernel,Stdlib,Sasl);
+mandatory_applications([],Type,_,_) when Type=/=permanent ->
+    error_mandatory_application(kernel,Type);
+mandatory_applications([],_,Type,_) when Type=/=permanent ->
+    error_mandatory_application(sasl,Type);
+mandatory_applications([],_,_,undefined) ->
+    {ok, [{warning,missing_sasl}]};
+mandatory_applications([],_,_,_) ->
+    {ok,[]}.
+
+error_mandatory_application(App,undefined) ->
+    throw({error, {missing_mandatory_app, App}});
+error_mandatory_application(App,Type) ->
+    throw({error, {mandatory_app, App, Type}}).
 
 split_app_incl(Appl) -> split_app_incl(Appl, [], []).
 
@@ -1630,8 +1643,19 @@ add_system_files(Tar, RelName, Release, Path1) ->
     SVsn = Release#release.vsn,
     RelName0 = filename:basename(RelName),
 
+    RelVsnDir = filename:join("releases", SVsn),
+
+    %% OTP-9746: store rel file in releases/<vsn>
+    %% Adding rel file to
+    %% 1) releases directory - so it can be easily extracted
+    %%    separately (see release_handler:unpack_release)
+    %% 2) releases/<vsn> - so the file must not be explicitly moved
+    %%    after unpack.
     add_to_tar(Tar, RelName ++ ".rel",
 	       filename:join("releases", RelName0 ++ ".rel")),
+    add_to_tar(Tar, RelName ++ ".rel",
+	       filename:join(RelVsnDir, RelName0 ++ ".rel")),
+
 
     %% OTP-6226 Look for the system files not only in cwd
     %% --
@@ -1647,26 +1671,27 @@ add_system_files(Tar, RelName, Release, Path1) ->
 		   [RelDir, "."|Path1]
 	   end,
 
-    ToDir = filename:join("releases", SVsn),
     case lookup_file(RelName0 ++ ".boot", Path) of
 	false ->
 	    throw({error, {tar_error,{add, RelName0++".boot",enoent}}});
 	Boot ->
-	    add_to_tar(Tar, Boot, filename:join(ToDir, "start.boot"))
+	    add_to_tar(Tar, Boot, filename:join(RelVsnDir, "start.boot"))
     end,
 
     case lookup_file("relup", Path) of
 	false ->
 	    ignore;
 	Relup ->
-	    add_to_tar(Tar, Relup, filename:join(ToDir, "relup"))
+	    check_relup(Relup),
+	    add_to_tar(Tar, Relup, filename:join(RelVsnDir, "relup"))
     end,
 
     case lookup_file("sys.config", Path) of
 	false ->
 	    ignore;
 	Sys ->
-	    add_to_tar(Tar, Sys, filename:join(ToDir, "sys.config"))
+	    check_sys_config(Sys),
+	    add_to_tar(Tar, Sys, filename:join(RelVsnDir, "sys.config"))
     end,
     
     ok.
@@ -1682,6 +1707,44 @@ lookup_file(Name, [Dir|Path]) ->
 lookup_file(_Name, []) ->
     false.
 
+%% Check that relup can be parsed and has expected format
+check_relup(File) ->
+    case file:consult(File) of
+	{ok,[{Vsn,UpFrom,DownTo}]} when is_list(Vsn), is_integer(hd(Vsn)),
+					is_list(UpFrom), is_list(DownTo) ->
+	    ok;
+	{ok,_} ->
+	    throw({error,{tar_error,{add,"relup",[invalid_format]}}});
+	Other ->
+	    throw({error,{tar_error,{add,"relup",[Other]}}})
+    end.
+
+%% Check that sys.config can be parsed and has expected format
+check_sys_config(File) ->
+    case file:consult(File) of
+	{ok,[SysConfig]} ->
+	    case lists:all(fun({App,KeyVals}) when is_atom(App),
+						   is_list(KeyVals)->
+				   true;
+			      (OtherConfig) when is_list(OtherConfig),
+						 is_integer(hd(OtherConfig)) ->
+				   true;
+			      (_) ->
+				   false
+			   end,
+			   SysConfig) of
+		true ->
+		    ok;
+		false ->
+		    throw({error,{tar_error,
+				  {add,"sys.config",[invalid_format]}}})
+	    end;
+	{ok,_} ->
+	    throw({error,{tar_error,{add,"sys.config",[invalid_format]}}});
+	Other ->
+	    throw({error,{tar_error,{add,"sys.config",[Other]}}})
+    end.
+
 %%______________________________________________________________________
 %% Add either a application located under a variable dir or all other
 %% applications to a tar file.
@@ -1970,90 +2033,67 @@ get_flag(_,_)         -> false.
 
 %% Check Options for make_script
 check_args_script(Args) ->
-    cas(Args,
-	{undef, undef, undef, undef, undef, undef, undef, undef,
-	 undef, []}).
+    cas(Args, []).
 
-cas([], {_Path,_Sil,_Loc,_Test,_Var,_Mach,_Xref,_XrefApps,_Werror, X}) ->
+cas([], X) ->
     X;
 %%% path ---------------------------------------------------------------
-cas([{path, P} | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			 XrefApps, Werror, X}) when is_list(P) ->
+cas([{path, P} | Args], X) when is_list(P) ->
     case check_path(P) of
 	ok ->
-	    cas(Args, {P, Sil, Loc, Test, Var, Mach, Xref, XrefApps,
-		       Werror, X});
+	    cas(Args, X);
 	error ->
-	    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps,
-		       Werror, X++[{path,P}]})
+	    cas(Args, X++[{path,P}])
     end;
 %%% silent -------------------------------------------------------------
-cas([silent | Args], {Path, _Sil, Loc, Test, Var, Mach, Xref,
-		      XrefApps, Werror, X}) ->
-    cas(Args, {Path, silent, Loc, Test, Var, Mach, Xref, XrefApps,
-	       Werror, X});
+cas([silent | Args], X) ->
+    cas(Args, X);
 %%% local --------------------------------------------------------------
-cas([local | Args], {Path, Sil, _Loc, Test, Var, Mach, Xref,
-		     XrefApps, Werror, X}) ->
-    cas(Args, {Path, Sil, local, Test, Var, Mach, Xref, XrefApps,
-	       Werror, X});
+cas([local | Args], X) ->
+    cas(Args, X);
 %%% src_tests -------------------------------------------------------
-cas([src_tests | Args], {Path, Sil, Loc, _Test, Var, Mach, Xref,
-			 XrefApps, Werror, X}) ->
-    cas(Args,
-	{Path, Sil, Loc, src_tests, Var, Mach, Xref, Werror, XrefApps,X});
+cas([src_tests | Args], X) ->
+    cas(Args, X);
 %%% variables ----------------------------------------------------------
-cas([{variables, V} | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			      XrefApps, Werror, X}) when is_list(V) ->
+cas([{variables, V} | Args], X) when is_list(V) ->
     case check_vars(V) of
 	ok ->
-	    cas(Args,
-		{Path, Sil, Loc, Test, V, Mach, Xref, XrefApps, Werror, X});
+	    cas(Args, X);
 	error ->
-	    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps,
-		       Werror, X++[{variables, V}]})
+	    cas(Args, X++[{variables, V}])
     end;
 %%% machine ------------------------------------------------------------
-cas([{machine, M} | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			    XrefApps, Werror, X}) when is_atom(M) ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps, Werror, X});
+cas([{machine, M} | Args], X) when is_atom(M) ->
+    cas(Args, X);
 %%% exref --------------------------------------------------------------
-cas([exref | Args], {Path, Sil, Loc, Test, Var, Mach, _Xref,
-		     XrefApps, Werror, X})  ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, exref, XrefApps, Werror, X});
+cas([exref | Args], X)  ->
+    cas(Args, X);
 %%% exref Apps ---------------------------------------------------------
-cas([{exref, Apps} | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			     XrefApps, Werror, X}) when is_list(Apps) ->
+cas([{exref, Apps} | Args], X) when is_list(Apps) ->
     case check_apps(Apps) of 
 	ok ->
-	    cas(Args, {Path, Sil, Loc, Test, Var, Mach, 
-		       Xref, Apps, Werror, X});
+	    cas(Args, X);
 	error ->
-	    cas(Args, {Path, Sil, Loc, Test, Var, Mach, 
-		       Xref, XrefApps, Werror, X++[{exref, Apps}]})
+	    cas(Args, X++[{exref, Apps}])
     end;
 %%% outdir Dir ---------------------------------------------------------
-cas([{outdir, Dir} | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			     XrefApps, Werror, X}) when is_list(Dir) ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps, Werror, X});
+cas([{outdir, Dir} | Args], X) when is_list(Dir) ->
+    cas(Args, X);
 %%% otp_build (secret, not documented) ---------------------------------
-cas([otp_build | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			 XrefApps, Werror, X}) ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps, Werror, X});
+cas([otp_build | Args], X) ->
+    cas(Args, X);
+%%% warnings_as_errors -------------------------------------------------
+cas([warnings_as_errors | Args], X) ->
+    cas(Args, X);
+%%% no_warn_sasl -------------------------------------------------------
+cas([no_warn_sasl | Args], X) ->
+    cas(Args, X);
 %%% no_module_tests (kept for backwards compatibility, but ignored) ----
-cas([no_module_tests | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-			       XrefApps, Werror, X}) ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps, Werror, X});
-%%% warnings_as_errors (kept for backwards compatibility, but ignored) ----
-cas([warnings_as_errors | Args], {Path, Sil, Loc, Test, Var, Mach, Xref,
-				  XrefApps, _Werror, X}) ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps,
-	       warnings_as_errors, X});
+cas([no_module_tests | Args], X) ->
+    cas(Args, X);
 %%% ERROR --------------------------------------------------------------
-cas([Y | Args], {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps,
-		 Werror, X}) ->
-    cas(Args, {Path, Sil, Loc, Test, Var, Mach, Xref, XrefApps, Werror,
-	       X++[Y]}).
+cas([Y | Args], X) ->
+    cas(Args, X++[Y]).
 
 
 
@@ -2192,9 +2232,12 @@ format_error({missing_parameter,Par}) ->
 format_error({illegal_applications,Names}) ->
     io_lib:format("Illegal applications in the release file: ~p~n",
 		  [Names]);
-format_error({missing_mandatory_app,Names}) ->
-    io_lib:format("Mandatory applications (~p) must be specified in the release file~n",
-		  [Names]);
+format_error({missing_mandatory_app,Name}) ->
+    io_lib:format("Mandatory application ~p must be specified in the release file~n",
+		  [Name]);
+format_error({mandatory_app,Name,Type}) ->
+    io_lib:format("Mandatory application ~p must be of type 'permanent' in the release file. Is '~p'.~n",
+		  [Name,Type]);
 format_error({duplicate_register,Dups}) ->
     io_lib:format("Duplicated register names: ~n~s",
 		  [map(fun({{Reg,App1,_,_},{Reg,App2,_,_}}) ->
diff --git a/lib/sasl/test/alarm_handler_SUITE.erl b/lib/sasl/test/alarm_handler_SUITE.erl
index a98e8c9c67..a4064ef27a 100644
--- a/lib/sasl/test/alarm_handler_SUITE.erl
+++ b/lib/sasl/test/alarm_handler_SUITE.erl
@@ -18,7 +18,7 @@
 %%
 -module(alarm_handler_SUITE).
 
--include_lib("test_server/include/test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
 
 %%-----------------------------------------------------------------
 %% We will add an own alarm handler in order to verify that the
@@ -56,34 +56,32 @@ end_per_group(_GroupName, Config) ->
 
 %%-----------------------------------------------------------------
 
-set_alarm(suite) -> [];
 set_alarm(Config) when is_list(Config) ->
-    ?line gen_event:add_handler(alarm_handler, ?MODULE, self()),
+    gen_event:add_handler(alarm_handler, ?MODULE, self()),
     Alarm1 = {alarm1, "this is the alarm"},
     Alarm2 = {"alarm2", this_is_the_alarm},
     Alarm3 = {{alarm3}, {this_is,"the_alarm"}},
-    ?line ok = alarm_handler:set_alarm(Alarm1),
+    ok = alarm_handler:set_alarm(Alarm1),
     reported(set_alarm, Alarm1),
-    ?line ok = alarm_handler:set_alarm(Alarm2),
+    ok = alarm_handler:set_alarm(Alarm2),
     reported(set_alarm, Alarm2),
-    ?line ok = alarm_handler:set_alarm(Alarm3),
+    ok = alarm_handler:set_alarm(Alarm3),
     reported(set_alarm, Alarm3),
 
-    ?line [Alarm3,Alarm2,Alarm1] = alarm_handler:get_alarms(),
+    [Alarm3,Alarm2,Alarm1] = alarm_handler:get_alarms(),
     alarm_handler:clear_alarm(alarm1),
     alarm_handler:clear_alarm("alarm2"),
     alarm_handler:clear_alarm({alarm3}),
-    ?line [] = alarm_handler:get_alarms(),
+    [] = alarm_handler:get_alarms(),
 
     test_server:messages_get(),
-    ?line my_yes = gen_event:delete_handler(alarm_handler, ?MODULE, []),
+    my_yes = gen_event:delete_handler(alarm_handler, ?MODULE, []),
     ok.
 
 %%-----------------------------------------------------------------
 
-clear_alarm(suite) -> [];
 clear_alarm(Config) when is_list(Config) ->
-    ?line gen_event:add_handler(alarm_handler, ?MODULE, self()),
+    gen_event:add_handler(alarm_handler, ?MODULE, self()),
     Alarm1 = {alarm1, "this is the alarm"},
     Alarm2 = {"alarm2", this_is_the_alarm},
     Alarm3 = {{alarm3}, {this_is,"the_alarm"}},
@@ -92,44 +90,42 @@ clear_alarm(Config) when is_list(Config) ->
     alarm_handler:set_alarm(Alarm3),
     test_server:messages_get(),
 
-    ?line ok = alarm_handler:clear_alarm(alarm1),
+    ok = alarm_handler:clear_alarm(alarm1),
     reported(clear_alarm, alarm1),
-    ?line ok = alarm_handler:clear_alarm("alarm2"),
+    ok = alarm_handler:clear_alarm("alarm2"),
     reported(clear_alarm, "alarm2"),
-    ?line ok = alarm_handler:clear_alarm({alarm3}),
+    ok = alarm_handler:clear_alarm({alarm3}),
     reported(clear_alarm, {alarm3}),
-    ?line [] = alarm_handler:get_alarms(),
+    [] = alarm_handler:get_alarms(),
 
-    ?line my_yes = gen_event:delete_handler(alarm_handler, ?MODULE, []),
+    my_yes = gen_event:delete_handler(alarm_handler, ?MODULE, []),
     ok.
 
 %%-----------------------------------------------------------------
 
-swap(suite) -> [];
 swap(Config) when is_list(Config) ->
-    ?line Alarm1 = {alarm1, "this is the alarm"},
-    ?line Alarm2 = {"alarm2", this_is_the_alarm},
-    ?line Alarm3 = {{alarm3}, {this_is,"the_alarm"}},
-    ?line alarm_handler:set_alarm(Alarm1),
-    ?line alarm_handler:set_alarm(Alarm2),
-    ?line alarm_handler:set_alarm(Alarm3),
-
-    ?line foo,
+    Alarm1 = {alarm1, "this is the alarm"},
+    Alarm2 = {"alarm2", this_is_the_alarm},
+    Alarm3 = {{alarm3}, {this_is,"the_alarm"}},
+    alarm_handler:set_alarm(Alarm1),
+    alarm_handler:set_alarm(Alarm2),
+    alarm_handler:set_alarm(Alarm3),
+
     case gen_event:which_handlers(alarm_handler) of
 	[alarm_handler] ->
-	    ?line ok = gen_event:swap_handler(alarm_handler,
-					      {alarm_handler, swap},
-					      {?MODULE, self()}),
-	    ?line [?MODULE] = gen_event:which_handlers(alarm_handler),
+	    ok = gen_event:swap_handler(alarm_handler,
+					{alarm_handler, swap},
+					{?MODULE, self()}),
+	    [?MODULE] = gen_event:which_handlers(alarm_handler),
 	    Alarms = [Alarm3, Alarm2, Alarm1],
 	    reported(swap_alarms, Alarms),
 
 	    %% get_alarms is only valid with the default handler installed.
-	    ?line {error, _} = alarm_handler:get_alarms(),
+	    {error, _} = alarm_handler:get_alarms(),
 
-	    ?line my_yes = gen_event:delete_handler(alarm_handler,
-						    ?MODULE, []),
-	    ?line gen_event:add_handler(alarm_handler, alarm_handler, []),
+	    my_yes = gen_event:delete_handler(alarm_handler,
+					      ?MODULE, []),
+	    gen_event:add_handler(alarm_handler, alarm_handler, []),
 	    ok;
 	_ ->
 	    alarm_handler:clear_alarm(alarm1),
diff --git a/lib/sasl/test/overload_SUITE.erl b/lib/sasl/test/overload_SUITE.erl
index 92b1aaed6e..e7f180b2ea 100644
--- a/lib/sasl/test/overload_SUITE.erl
+++ b/lib/sasl/test/overload_SUITE.erl
@@ -18,14 +18,13 @@
 %%
 
 -module(overload_SUITE).
--include("test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
 
 -compile(export_all).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 all() -> [info, set_config_data, set_env_vars, request, timeout].
-all(suite) -> all().
 
 init_per_testcase(_Case,Config) ->
     restart_sasl(),
@@ -38,37 +37,34 @@ end_per_testcase(Case,Config) ->
     ok.
 
 %%%-----------------------------------------------------------------
-info(suite) -> [];
 info(_Config) ->
-    ?line Info = overload:get_overload_info(),
-    ?line [{total_intensity,0.0},
-	   {accept_intensity,0.0},
-	   {max_intensity,0.8},
-	   {weight,0.1},
-	   {total_requests,0},
-	   {accepted_requests,0}] = Info.
+    Info = overload:get_overload_info(),
+    [{total_intensity,0.0},
+     {accept_intensity,0.0},
+     {max_intensity,0.8},
+     {weight,0.1},
+     {total_requests,0},
+     {accepted_requests,0}] = Info.
 
 %%%-----------------------------------------------------------------
-set_config_data(suite) -> [];
 set_config_data(_Config) ->
-    ?line InfoDefault = overload:get_overload_info(),
-    ?line ok = check_info(0.8,0.1,InfoDefault),
-    ?line ok = overload:set_config_data(0.5,0.4),
-    ?line Info1 = overload:get_overload_info(),
-    ?line ok = check_info(0.5,0.4,Info1),
+    InfoDefault = overload:get_overload_info(),
+    ok = check_info(0.8,0.1,InfoDefault),
+    ok = overload:set_config_data(0.5,0.4),
+    Info1 = overload:get_overload_info(),
+    ok = check_info(0.5,0.4,Info1),
     ok.
 
 %%%-----------------------------------------------------------------
-set_env_vars(suite) -> [];
 set_env_vars(_Config) ->
-    ?line InfoDefault = overload:get_overload_info(),
-    ?line ok = check_info(0.8,0.1,InfoDefault),
-    ?line ok = application:set_env(sasl,overload_max_intensity,0.5),
-    ?line ok = application:set_env(sasl,overload_weight,0.4),
-    ?line ok = application:stop(sasl),
-    ?line ok = application:start(sasl),
-    ?line Info1 = overload:get_overload_info(),
-    ?line ok = check_info(0.5,0.4,Info1),
+    InfoDefault = overload:get_overload_info(),
+    ok = check_info(0.8,0.1,InfoDefault),
+    ok = application:set_env(sasl,overload_max_intensity,0.5),
+    ok = application:set_env(sasl,overload_weight,0.4),
+    ok = application:stop(sasl),
+    ok = application:start(sasl),
+    Info1 = overload:get_overload_info(),
+    ok = check_info(0.5,0.4,Info1),
     ok.
 set_env_vars(cleanup,_Config) ->
     application:unset_env(sasl,overload_max_intensity),
@@ -76,63 +72,61 @@ set_env_vars(cleanup,_Config) ->
     ok.
 
 %%%-----------------------------------------------------------------
-request(suite) -> [];
 request(_Config) ->
     %% Find number of request that can be done with default settings
     %% and no delay
-    ?line overload:set_config_data(0.8, 0.1),
-    ?line NDefault = do_many_requests(0),
-    ?line restart_sasl(),
-    ?line ?t:format("NDefault: ~p",[NDefault]),
- 
+    overload:set_config_data(0.8, 0.1),
+    NDefault = do_many_requests(0),
+    restart_sasl(),
+    ?t:format("NDefault: ~p",[NDefault]),
+
     %% Check that the number of requests increases when max_intensity
     %% increases
-    ?line overload:set_config_data(2, 0.1),
-    ?line NLargeMI = do_many_requests(0),
-    ?line restart_sasl(),
-    ?line ?t:format("NLargeMI: ~p",[NLargeMI]),
-    ?line true = NLargeMI > NDefault,
+    overload:set_config_data(2, 0.1),
+    NLargeMI = do_many_requests(0),
+    restart_sasl(),
+    ?t:format("NLargeMI: ~p",[NLargeMI]),
+    true = NLargeMI > NDefault,
 
     %% Check that the number of requests decreases when weight
     %% increases
-    ?line overload:set_config_data(0.8, 1),
-    ?line NLargeWeight = do_many_requests(0),
-    ?line restart_sasl(),
-    ?line ?t:format("NLargeWeight: ~p",[NLargeWeight]),
-    ?line true = NLargeWeight < NDefault,
+    overload:set_config_data(0.8, 1),
+    NLargeWeight = do_many_requests(0),
+    restart_sasl(),
+    ?t:format("NLargeWeight: ~p",[NLargeWeight]),
+    true = NLargeWeight < NDefault,
 
     %% Check that number of requests increases when delay between
     %% requests increases.
     %% (Keeping same config and comparing to large weight in order to
     %% minimize the time needed for this case.)
-    ?line overload:set_config_data(0.8, 1),
-    ?line NLargeTime = do_many_requests(500),
-    ?line restart_sasl(),
-    ?line ?t:format("NLargeTime: ~p",[NLargeTime]),
-    ?line true = NLargeTime > NLargeWeight,
+    overload:set_config_data(0.8, 1),
+    NLargeTime = do_many_requests(500),
+    restart_sasl(),
+    ?t:format("NLargeTime: ~p",[NLargeTime]),
+    true = NLargeTime > NLargeWeight,
     ok.
 
 %%%-----------------------------------------------------------------
-timeout(suite) -> [];
 timeout(_Config) ->
-    ?line overload:set_config_data(0.8, 1),
-    ?line _N = do_many_requests(0),
-    
+    overload:set_config_data(0.8, 1),
+    _N = do_many_requests(0),
+
     %% Check that the overload alarm is raised
-    ?line [{overload,_}] = alarm_handler:get_alarms(),
+    [{overload,_}] = alarm_handler:get_alarms(),
 
     %% Fake a clear timeout in overload.erl and check that, since it
     %% came very soon after the overload situation, the alarm is not
     %% cleared
-    ?line overload ! timeout,
-    ?line timer:sleep(1000),
-    ?line [{overload,_}] = alarm_handler:get_alarms(),
+    overload ! timeout,
+    timer:sleep(1000),
+    [{overload,_}] = alarm_handler:get_alarms(),
 
     %% A bit later, try again and check that this time the alarm is
     %% cleared
-    ?line overload ! timeout,
-    ?line timer:sleep(1000),
-    ?line [] = alarm_handler:get_alarms(),
+    overload ! timeout,
+    timer:sleep(1000),
+    [] = alarm_handler:get_alarms(),
 
     ok.
 
@@ -171,5 +165,3 @@ check_info(MI,W,Info) ->
 	{{_,MI},{_,W}} -> ok;
 	_ -> ?t:fail({unexpected_info,MI,W,Info})
     end.
-    
-
diff --git a/lib/sasl/test/rb_SUITE.erl b/lib/sasl/test/rb_SUITE.erl
index b53c382609..35a4eb7e7b 100644
--- a/lib/sasl/test/rb_SUITE.erl
+++ b/lib/sasl/test/rb_SUITE.erl
@@ -18,7 +18,8 @@
 %%
 
 -module(rb_SUITE).
--include("test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
+
 
 -compile(export_all).
 
@@ -45,19 +46,10 @@ groups() ->
 				     ]}].
 
 
-all(suite) -> 
-    no_group_cases() ++
-	[{conf, 
-	  install_mf_h, 
-	  element(3,lists:keyfind(running_error_logger,1,groups())), 
-	  remove_mf_h}
-	].
-
-
 init_per_suite(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line RbDir = filename:join(PrivDir,rb),
-    ?line ok = file:make_dir(RbDir),
+    PrivDir = ?config(priv_dir,Config),
+    RbDir = filename:join(PrivDir,rb),
+    ok = file:make_dir(RbDir),
     NewConfig = [{rb_dir,RbDir}|Config],
     reset_sasl(NewConfig),
     NewConfig.
@@ -66,10 +58,18 @@ end_per_suite(_Config) ->
     ok.
 
 init_per_group(running_error_logger,Config) ->
-    install_mf_h(Config).
+    %% Install log_mf_h
+    RbDir = ?config(rb_dir,Config),
+    ok = application:set_env(sasl,error_logger_mf_dir,RbDir),
+    ok = application:set_env(sasl,error_logger_mf_maxbytes,5000),
+    ok = application:set_env(sasl,error_logger_mf_maxfiles,2),
+    restart_sasl(),
+    Config.
 
 end_per_group(running_error_logger,Config) ->
-    remove_mf_h(Config).
+    %% Remove log_mf_h???
+    ok.
+
 
 init_per_testcase(_Case,Config) ->
     case whereis(?SUP) of
@@ -92,187 +92,152 @@ end_per_testcase(Case,Config) ->
 
 
 %%%-----------------------------------------------------------------
+%%% Test cases
 
-help() -> help(suite).
-help(suite) -> [];
 help(_Config) ->
-    ?line Help = capture(fun() -> rb:h() end),
-    ?line "Report Browser Tool - usage" = hd(Help),
-    ?line "rb:stop            - stop the rb_server" = lists:last(Help),
+    Help = capture(fun() -> rb:h() end),
+    "Report Browser Tool - usage" = hd(Help),
+    "rb:stop            - stop the rb_server" = lists:last(Help),
     ok.
 
-
-start_error_stop() -> start_error_stop(suite).
-start_error_stop(suite) -> [];
+%% Test that all three sasl env vars must be set for a successful start of rb
+%% Then stop rb.
 start_error_stop(Config) ->
-    ?line RbDir = ?config(rb_dir,Config),
-
-    ?line {error,{"cannot locate report directory",_}} = rb:start(),
-
-
-    ?line ok = application:set_env(sasl,error_logger_mf_dir,"invaliddir"),
-    ?line ok = application:set_env(sasl,error_logger_mf_maxbytes,1000),
-    ?line ok = application:set_env(sasl,error_logger_mf_maxfiles,2),
-    ?line restart_sasl(),
-    ?line {error,{"cannot read the index file",_}} = rb:start(),
-    ?line ok = application:set_env(sasl,error_logger_mf_dir,RbDir),
-    ?line restart_sasl(),
-    ?line {ok,_} = rb:start(),
-
-    ?line ok = rb:stop(),
-    ok.
+    RbDir = ?config(rb_dir,Config),
 
+    {error,{"cannot locate report directory",_}} = rb:start(),
 
-%% start_opts(suite) -> [];
-%% start_opts(Config) ->
-%%     PrivDir = ?config(priv_dir,Config),
-%%     RbDir = filename:join(PrivDir,rb_opts),
-%%     ok = file:make_dir(RbDir),
-       
 
-install_mf_h(Config) ->
-    ?line RbDir = ?config(rb_dir,Config),
-    ?line ok = application:set_env(sasl,error_logger_mf_dir,RbDir),
-    ?line ok = application:set_env(sasl,error_logger_mf_maxbytes,5000),
-    ?line ok = application:set_env(sasl,error_logger_mf_maxfiles,2),
-    ?line restart_sasl(),
-    Config.
+    ok = application:set_env(sasl,error_logger_mf_dir,"invaliddir"),
+    ok = application:set_env(sasl,error_logger_mf_maxbytes,1000),
+    ok = application:set_env(sasl,error_logger_mf_maxfiles,2),
+    restart_sasl(),
+    {error,{"cannot read the index file",_}} = rb:start(),
+    ok = application:set_env(sasl,error_logger_mf_dir,RbDir),
+    restart_sasl(),
+    {ok,_} = rb:start(),
 
-remove_mf_h(_Config) ->
+    ok = rb:stop(),
     ok.
 
-
-
-show() -> show(suite).
-show(suite) -> [];
 show(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
-    
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+
     %% Insert some reports in the error log and start rb
     init_error_logs(),
-    ?line ok = start_rb(OutFile),
+    ok = start_rb(OutFile),
 
     %% Show all reports
-    ?line All = check_report(fun() -> rb:show() end,OutFile),
+    All = check_report(fun() -> rb:show() end,OutFile),
 
     %% Show by number
-    ?line [{_,First}] = check_report(fun() -> rb:show(1) end,OutFile),
-    ?line {1,First} = lists:keyfind(1,1,All),    
+    [{_,First}] = check_report(fun() -> rb:show(1) end,OutFile),
+    {1,First} = lists:keyfind(1,1,All),
 
     %% Show by type
-    ?line [{_,CR}] = check_report(fun() -> rb:show(crash_report) end,OutFile),
-    ?line true = contains(CR,"rb_test_crash"),
-    ?line [{_,EC},{_,EM}] = check_report(fun() -> rb:show(error) end,OutFile),
-    ?line true = contains(EC,"rb_test_crash"),
-    ?line true = contains(EM,"rb_test_error_msg"),
-    ?line [{_,ER}] = check_report(fun() -> rb:show(error_report) end,OutFile),
-    ?line true = contains(ER,"rb_test_error"),
-    ?line [{_,IR}] = check_report(fun() -> rb:show(info_report) end,OutFile),
-    ?line true = contains(IR,"rb_test_info"),
-    ?line [{_,IM}] = check_report(fun() -> rb:show(info_msg) end,OutFile),
-    ?line true = contains(IM,"rb_test_info_msg"),
-    ?line [_|_] = check_report(fun() -> rb:show(progress) end,OutFile),
-    ?line [{_,SR}] = check_report(fun() -> rb:show(supervisor_report) end,
-				   OutFile),
-    ?line true = contains(SR,"child_terminated"),
-    ?line true = contains(SR,"{rb_SUITE,rb_test_crash}"),
+    [{_,CR}] = check_report(fun() -> rb:show(crash_report) end,OutFile),
+    true = contains(CR,"rb_test_crash"),
+    [{_,EC},{_,EM}] = check_report(fun() -> rb:show(error) end,OutFile),
+    true = contains(EC,"rb_test_crash"),
+    true = contains(EM,"rb_test_error_msg"),
+    [{_,ER}] = check_report(fun() -> rb:show(error_report) end,OutFile),
+    true = contains(ER,"rb_test_error"),
+    [{_,IR}] = check_report(fun() -> rb:show(info_report) end,OutFile),
+    true = contains(IR,"rb_test_info"),
+    [{_,IM}] = check_report(fun() -> rb:show(info_msg) end,OutFile),
+    true = contains(IM,"rb_test_info_msg"),
+    [_|_] = check_report(fun() -> rb:show(progress) end,OutFile),
+    [{_,SR}] = check_report(fun() -> rb:show(supervisor_report) end,
+			    OutFile),
+    true = contains(SR,"child_terminated"),
+    true = contains(SR,"{rb_SUITE,rb_test_crash}"),
 
     ok.
 
-list() -> list(suite).
-list(suite) -> [];
 list(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
 
     %% Insert some reports in the error log and start rb
     init_error_logs(),
-    ?line ok = start_rb(OutFile),
-
-    ?line All = capture(fun() -> rb:list() end),
-    ?line [{crash_report,[_]=CR},
-	   {error,[_,_]=EM},
-	   {error_report,[_]=ER},
-	   {info_msg,[_]=IM},
-	   {info_report,[_]=IR},
-	   {progress,[_|_]=P},
-	   {supervisor_report,[_]=SR}] = sort_list(All),
-
-    ?line [{crash_report,CR}] = 
+    ok = start_rb(OutFile),
+
+    All = capture(fun() -> rb:list() end),
+    [{crash_report,[_]=CR},
+     {error,[_,_]=EM},
+     {error_report,[_]=ER},
+     {info_msg,[_]=IM},
+     {info_report,[_]=IR},
+     {progress,[_|_]=P},
+     {supervisor_report,[_]=SR}] = sort_list(All),
+
+    [{crash_report,CR}] =
 	sort_list(capture(fun() -> rb:list(crash_report) end)),
-    ?line [{error,EM}] = 
+    [{error,EM}] =
 	sort_list(capture(fun() -> rb:list(error) end)),
-    ?line [{error_report,ER}] = 
+    [{error_report,ER}] =
 	sort_list(capture(fun() -> rb:list(error_report) end)),
-    ?line [{info_msg,IM}] = 
+    [{info_msg,IM}] =
 	sort_list(capture(fun() -> rb:list(info_msg) end)),
-    ?line [{info_report,IR}] = 
+    [{info_report,IR}] =
 	sort_list(capture(fun() -> rb:list(info_report) end)),
-    ?line [{progress,P}] = 
+    [{progress,P}] =
 	sort_list(capture(fun() -> rb:list(progress) end)),
-    ?line [{supervisor_report,SR}] = 
+    [{supervisor_report,SR}] =
 	sort_list(capture(fun() -> rb:list(supervisor_report) end)),
-    
-    ok.
 
+    ok.
 
-grep() -> grep(suite).
-grep(suite) -> [];
 grep(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
 
     %% Insert some reports in the error log and start rb
     init_error_logs(),
-    ?line ok = start_rb(OutFile),
-
-    ?line [{_,S},
-	   {_,CR},
-	   {_,EC},
-	   {_,IM},
-	   {_,IR},
-	   {_,EM},
-	   {_,ER}]= check_report(fun() -> rb:grep("rb_test_") end,OutFile),
-    ?line true = contains(S, "rb_test_crash"),
-    ?line true = contains(CR, "rb_test_crash"),
-    ?line true = contains(EC, "rb_test_crash"),
-    ?line true = contains(IM, "rb_test_info_msg"),
-    ?line true = contains(IR, "rb_test_info"),
-    ?line true = contains(EM, "rb_test_error_msg"),
-    ?line true = contains(ER, "rb_test_error"),
+    ok = start_rb(OutFile),
+
+    [{_,S},
+     {_,CR},
+     {_,EC},
+     {_,IM},
+     {_,IR},
+     {_,EM},
+     {_,ER}]= check_report(fun() -> rb:grep("rb_test_") end,OutFile),
+    true = contains(S, "rb_test_crash"),
+    true = contains(CR, "rb_test_crash"),
+    true = contains(EC, "rb_test_crash"),
+    true = contains(IM, "rb_test_info_msg"),
+    true = contains(IR, "rb_test_info"),
+    true = contains(EM, "rb_test_error_msg"),
+    true = contains(ER, "rb_test_error"),
     ok.
 
-
-filter_filter() -> filter_filter(suite).
-filter_filter(suite) -> [];
 filter_filter(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
 
     %% Insert some reports in the error log and start rb
     init_error_logs(),
-    ?line ok = start_rb(OutFile),
+    ok = start_rb(OutFile),
 
-    ?line All = check_report(fun() -> rb:show() end,OutFile),
+    All = check_report(fun() -> rb:show() end,OutFile),
 
-    ?line ER = [_] = rb_filter([{rb_SUITE,rb_test_error}],OutFile),
-    ?line [] = rb_filter([{rb_SUITE,rb_test}],OutFile),
-    ?line _E = [_,_] = rb_filter([{rb_SUITE,"rb_test",re}],OutFile),
-    ?line AllButER = rb_filter([{rb_SUITE,rb_test_error,no}],OutFile),
+    ER = [_] = rb_filter([{rb_SUITE,rb_test_error}],OutFile),
+    [] = rb_filter([{rb_SUITE,rb_test}],OutFile),
+    _E = [_,_] = rb_filter([{rb_SUITE,"rb_test",re}],OutFile),
+    AllButER = rb_filter([{rb_SUITE,rb_test_error,no}],OutFile),
 
     {_,AllRep} = lists:unzip(All),
     {_,ERRep} = lists:unzip(ER),
     {_,AllButERRep} = lists:unzip(AllButER),
-    ?line AllButERRep = AllRep -- ERRep,
+    AllButERRep = AllRep -- ERRep,
 
     ok.
 
-filter_date() -> filter_date(suite).
-filter_date(suite) -> [];
 filter_date(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
 
 
     %% Insert some reports in the error log and start rb
@@ -280,35 +245,33 @@ filter_date(Config) ->
     Between1 = calendar:local_time(),
     timer:sleep(1000),
     Between2 = calendar:local_time(),
-    ?line ok = start_rb(OutFile),
+    ok = start_rb(OutFile),
 
-    ?line All = check_report(fun() -> rb:show() end,OutFile),
+    All = check_report(fun() -> rb:show() end,OutFile),
 
     Before = calendar:gregorian_seconds_to_datetime(
-	      calendar:datetime_to_gregorian_seconds(calendar:local_time()) - 10),
+	       calendar:datetime_to_gregorian_seconds(calendar:local_time()) - 10),
     After = calendar:gregorian_seconds_to_datetime(
 	      calendar:datetime_to_gregorian_seconds(calendar:local_time()) + 1),
 
-    ?line All = rb_filter([],{Before,from},OutFile),
-    ?line All = rb_filter([],{After,to},OutFile),
-    ?line [] = rb_filter([],{Before,to},OutFile),
-    ?line [] = rb_filter([],{After,from},OutFile),
-    ?line All = rb_filter([],{Before,After},OutFile),
+    All = rb_filter([],{Before,from},OutFile),
+    All = rb_filter([],{After,to},OutFile),
+    [] = rb_filter([],{Before,to},OutFile),
+    [] = rb_filter([],{After,from},OutFile),
+    All = rb_filter([],{Before,After},OutFile),
 
     %%?t:format("~p~n",[All]),
-    ?line AllButLast = [{N-1,R} || {N,R} <- tl(All)],
-    ?line AllButLast = rb_filter([],{Before,Between1},OutFile),
+    AllButLast = [{N-1,R} || {N,R} <- tl(All)],
+    AllButLast = rb_filter([],{Before,Between1},OutFile),
 
-    ?line Last = hd(All),
-    ?line [Last] = rb_filter([],{Between2,After},OutFile),
+    Last = hd(All),
+    [Last] = rb_filter([],{Between2,After},OutFile),
 
     ok.
 
-filter_filter_and_date() -> filter_filter_and_date(suite).
-filter_filter_and_date(suite) -> [];
 filter_filter_and_date(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
 
 
     %% Insert some reports in the error log and start rb
@@ -316,102 +279,96 @@ filter_filter_and_date(Config) ->
     Between1 = calendar:local_time(),
     timer:sleep(1000),
     Between2 = calendar:local_time(),
-    ?line error_logger:error_report([{rb_SUITE,rb_test_filter}]),    
-    ?line ok = start_rb(OutFile),
+    error_logger:error_report([{rb_SUITE,rb_test_filter}]),
+    ok = start_rb(OutFile),
 
     Before = calendar:gregorian_seconds_to_datetime(
-	      calendar:datetime_to_gregorian_seconds(calendar:local_time()) - 10),
+	       calendar:datetime_to_gregorian_seconds(calendar:local_time()) - 10),
     After = calendar:gregorian_seconds_to_datetime(
 	      calendar:datetime_to_gregorian_seconds(calendar:local_time()) + 1),
 
-    ?line All = check_report(fun() -> rb:show() end,OutFile),
-    ?line Last = hd(All),
+    All = check_report(fun() -> rb:show() end,OutFile),
+    Last = hd(All),
 
-    ?line [_,_,_] = rb_filter([{rb_SUITE,"rb_test",re}],{Before,After},OutFile),
-    ?line [_,_] = rb_filter([{rb_SUITE,"rb_test",re}],{Before,Between1},OutFile),
-    ?line [_] = rb_filter([{rb_SUITE,"rb_test",re}],{Between2,After},OutFile),
-    ?line [_] = rb_filter([{rb_SUITE,rb_test_filter}],{Before,After},OutFile),
-    ?line [] = rb_filter([{rb_SUITE,rb_test_filter}],{Before,Between1},OutFile),
-    ?line [Last] = rb_filter([{rb_SUITE,rb_test_filter,no}],{Between2,After},OutFile),
-    ?line {_,Str} = Last,
-    ?line false = contains(Str,"rb_test_filter"),
+    [_,_,_] = rb_filter([{rb_SUITE,"rb_test",re}],{Before,After},OutFile),
+    [_,_] = rb_filter([{rb_SUITE,"rb_test",re}],{Before,Between1},OutFile),
+    [_] = rb_filter([{rb_SUITE,"rb_test",re}],{Between2,After},OutFile),
+    [_] = rb_filter([{rb_SUITE,rb_test_filter}],{Before,After},OutFile),
+    [] = rb_filter([{rb_SUITE,rb_test_filter}],{Before,Between1},OutFile),
+    [Last] = rb_filter([{rb_SUITE,rb_test_filter,no}],{Between2,After},OutFile),
+    {_,Str} = Last,
+    false = contains(Str,"rb_test_filter"),
 
     ok.
 
 
-filter_re_no() -> filter_re_no(suite).
-filter_re_no(suite) -> [];
 filter_re_no(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
 
     %% Insert some reports in the error log and start rb
     init_error_logs(),
-    ?line ok = start_rb(OutFile),
+    ok = start_rb(OutFile),
 
-    ?line All = check_report(fun() -> rb:show() end,OutFile),
+    All = check_report(fun() -> rb:show() end,OutFile),
 
-    ?line E = [_,_] = rb_filter([{rb_SUITE,"rb_test",re}],OutFile),
-    ?line AllButE = rb_filter([{rb_SUITE,"rb_test",re,no}],OutFile),
+    E = [_,_] = rb_filter([{rb_SUITE,"rb_test",re}],OutFile),
+    AllButE = rb_filter([{rb_SUITE,"rb_test",re,no}],OutFile),
 
     {_,AllRep} = lists:unzip(All),
     {_,ERep} = lists:unzip(E),
     {_,AllButERep} = lists:unzip(AllButE),
-    ?line AllButERep = AllRep -- ERep,
+    AllButERep = AllRep -- ERep,
 
     ok.
 
 
-rescan() -> rescan(suite).
-rescan(suite) -> [];
 rescan(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
-    
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+
     %% Start rb
-    ?line ok = start_rb(OutFile),
+    ok = start_rb(OutFile),
 
     %% Insert one more report and check that the list is longer. Note
     %% that there might be two more reports, since the progress report
     %% from starting rb_server might not be included before the rescan.
-    ?line AllBefore = capture(fun() -> rb:list() end),
-    ?line error_logger:error_report([{rb_SUITE,rb_test_rescan}]),
-    ?line ok = rb:rescan(),
-    ?line AllAfter = capture(fun() -> rb:list() end),
-    ?line Diff = length(AllAfter) - length(AllBefore),
-    ?line true = (Diff >= 1),
+    AllBefore = capture(fun() -> rb:list() end),
+    error_logger:error_report([{rb_SUITE,rb_test_rescan}]),
+    ok = rb:rescan(),
+    AllAfter = capture(fun() -> rb:list() end),
+    Diff = length(AllAfter) - length(AllBefore),
+    true = (Diff >= 1),
 
     ok.
 
 
-start_stop_log() -> start_stop_log(suite).
-start_stop_log(suite) -> [];
 start_stop_log(Config) ->
-    ?line PrivDir = ?config(priv_dir,Config),
-    ?line OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
-    ?line ok = file:write_file(OutFile,[]),
+    PrivDir = ?config(priv_dir,Config),
+    OutFile = filename:join(PrivDir,"rb_SUITE_log.txt"),
+    ok = file:write_file(OutFile,[]),
 
     %% Start rb and check that show is printed to standard_io
-    ?line ok = start_rb(),
-    ?line StdioResult = [_|_] = capture(fun() -> rb:show(1) end),
-    ?line {ok,<<>>} = file:read_file(OutFile),
-    
+    ok = start_rb(),
+    StdioResult = [_|_] = capture(fun() -> rb:show(1) end),
+    {ok,<<>>} = file:read_file(OutFile),
+
     %% Start log and check that show is printed to log and not to standad_io
-    ?line ok = rb:start_log(OutFile),
-    ?line [] = capture(fun() -> rb:show(1) end),
-    ?line {ok,Bin} = file:read_file(OutFile),
-    ?line true = (Bin =/= <<>>),
+    ok = rb:start_log(OutFile),
+    [] = capture(fun() -> rb:show(1) end),
+    {ok,Bin} = file:read_file(OutFile),
+    true = (Bin =/= <<>>),
 
     %% Stop log and check that show is printed to standard_io and not to log
-    ?line ok = rb:stop_log(),
-    ?line ok = file:write_file(OutFile,[]),
-    ?line StdioResult = capture(fun() -> rb:show(1) end),
-    ?line {ok,<<>>} = file:read_file(OutFile),
+    ok = rb:stop_log(),
+    ok = file:write_file(OutFile,[]),
+    StdioResult = capture(fun() -> rb:show(1) end),
+    {ok,<<>>} = file:read_file(OutFile),
 
     %% Test that standard_io is used if log file can not be opened
-    ?line ok = rb:start_log(filename:join(nonexistingdir,"newfile.txt")),
-    ?line StdioResult = capture(fun() -> rb:show(1) end),
-    ?line {ok,<<>>} = file:read_file(OutFile),    
+    ok = rb:start_log(filename:join(nonexistingdir,"newfile.txt")),
+    StdioResult = capture(fun() -> rb:show(1) end),
+    {ok,<<>>} = file:read_file(OutFile),
 
     ok.
 
@@ -435,7 +392,7 @@ empty_error_logs(Config) ->
     catch delete_content(?config(rb_dir, Config)),
     ok = application:start(sasl),
     wait_for_sasl().
-    
+
 wait_for_sasl() ->
     wait_for_sasl(50).
 wait_for_sasl(0) ->
@@ -448,7 +405,7 @@ wait_for_sasl(N) ->
 	    timer:sleep(100),
 	    wait_for_sasl(N-1)
     end.
-    
+
 start_rb(OutFile) ->
     do_start_rb([{start_log,OutFile}]).
 start_rb() ->
@@ -482,20 +439,20 @@ delete_content(Dir) ->
 		  Files).
 
 init_error_logs() ->        
-    ?line error_logger:error_report([{rb_SUITE,rb_test_error}]),
-    ?line error_logger:error_msg("rb_test_error_msg"),
-    ?line error_logger:info_report([{rb_SUITE,rb_test_info}]),
-    ?line error_logger:info_msg("rb_test_info_msg"),
-    ?line _Pid = start(),
-    ?line Ref = erlang:monitor(process,?MODULE),
-    ?line gen_server:cast(?MODULE,crash),
-    ?line receive {'DOWN',Ref,process,_,{rb_SUITE,rb_test_crash}} -> ok 
-	  after 2000 -> 
-		  ?t:format("Got: ~p~n",[process_info(self(),messages)]),
-		  ?t:fail("rb_SUITE server never died")
-	  end,
-    ?line erlang:demonitor(Ref),
-    ?line wait_for_server(),
+    error_logger:error_report([{rb_SUITE,rb_test_error}]),
+    error_logger:error_msg("rb_test_error_msg"),
+    error_logger:info_report([{rb_SUITE,rb_test_info}]),
+    error_logger:info_msg("rb_test_info_msg"),
+    _Pid = start(),
+    Ref = erlang:monitor(process,?MODULE),
+    gen_server:cast(?MODULE,crash),
+    receive {'DOWN',Ref,process,_,{rb_SUITE,rb_test_crash}} -> ok
+    after 2000 ->
+	    ?t:format("Got: ~p~n",[process_info(self(),messages)]),
+	    ?t:fail("rb_SUITE server never died")
+    end,
+    erlang:demonitor(Ref),
+    wait_for_server(),
     ok.
 
 wait_for_server() ->
diff --git a/lib/sasl/test/release_handler_SUITE.erl b/lib/sasl/test/release_handler_SUITE.erl
index 11f8bbe4fe..467d1226b3 100644
--- a/lib/sasl/test/release_handler_SUITE.erl
+++ b/lib/sasl/test/release_handler_SUITE.erl
@@ -59,9 +59,11 @@ win32_cases() ->
 cases() ->
     [otp_2740, otp_2760, otp_5761, otp_9402, otp_9417,
      otp_9395_check_old_code, otp_9395_check_and_purge,
-     otp_9395_update_many_mods, otp_9395_rm_many_mods,
-     instructions, eval_appup, supervisor_which_children_timeout,
-     release_handler_which_releases, install_release_syntax_check].
+     otp_9395_update_many_mods, otp_9395_rm_many_mods, otp_9864,
+     instructions, eval_appup, eval_appup_with_restart,
+     supervisor_which_children_timeout,
+     release_handler_which_releases, install_release_syntax_check,
+     upgrade_supervisor, upgrade_supervisor_fail].
 
 groups() ->
     [{release,[],
@@ -1203,6 +1205,163 @@ otp_9395_rm_many_mods(Conf) when is_list(Conf) ->
 otp_9395_rm_many_mods(cleanup,_Conf) ->
     stop_node(node_name(otp_9395_rm_many_mods)).
 
+otp_9864(Conf) ->
+    %% Set some paths
+    PrivDir = priv_dir(Conf),
+    Dir = filename:join(PrivDir,"otp_9864"),
+    RelDir = filename:join(?config(data_dir, Conf), "app1_app2"),
+    LibDir1 = filename:join(RelDir, "lib1"),
+    LibDir2 = filename:join(RelDir, "lib2"),
+
+    %% Create the releases
+    Rel1 = create_and_install_fake_first_release(Dir,
+						 [{app1,"1.0",LibDir1},
+						  {app2,"1.0",LibDir1}]),
+    Rel2 = create_fake_upgrade_release(Dir,
+				       "2",
+				       [{app1,"2.0",LibDir2},
+					{app2,"1.0",LibDir2}],
+				       {[Rel1],[Rel1],[LibDir1]}),
+    Rel1Dir = filename:dirname(Rel1),
+    Rel2Dir = filename:dirname(Rel2),
+
+    %% Start a slave node
+    {ok, Node} = t_start_node(otp_9864, Rel1, filename:join(Rel1Dir,"sys.config")),
+    
+    %% Unpack rel2 (make sure it does not work if an AppDir is bad)
+    LibDir3 = filename:join(RelDir, "lib3"),
+    {error, {no_such_directory, _}} =
+	rpc:call(Node, release_handler, set_unpacked,
+		 [Rel2++".rel", [{app1,"2.0",LibDir2}, {app2,"1.0",LibDir3}]]),
+    {ok, RelVsn2} =
+	rpc:call(Node, release_handler, set_unpacked,
+		 [Rel2++".rel", [{app1,"2.0",LibDir2}, {app2,"1.0",LibDir2}]]),
+    ok = rpc:call(Node, release_handler, install_file,
+			[RelVsn2, filename:join(Rel2Dir, "relup")]),
+    ok = rpc:call(Node, release_handler, install_file,
+			[RelVsn2, filename:join(Rel2Dir, "start.boot")]),
+    ok = rpc:call(Node, release_handler, install_file,
+			[RelVsn2, filename:join(Rel2Dir, "sys.config")]),
+
+    %% Install RelVsn2 without {update_paths, true} option
+    {ok, RelVsn1, []} =
+	rpc:call(Node, release_handler, install_release, [RelVsn2]),
+
+    %% Install RelVsn1 again
+    {ok, RelVsn1, []} =
+	rpc:call(Node, release_handler, install_release, [RelVsn1]),
+
+    TempRel2Dir = filename:join(Dir,"releases/2"),
+    file:make_symlink(TempRel2Dir, filename:join(TempRel2Dir, "foo_symlink_dir")),
+
+    %% This will fail if symlinks are not handled
+    ok = rpc:call(Node, release_handler, remove_release, [RelVsn2]),
+
+    ok.
+
+
+upgrade_supervisor(Conf) when is_list(Conf) ->
+    %% Set some paths
+    PrivDir = priv_dir(Conf),
+    Dir = filename:join(PrivDir,"upgrade_supervisor"),
+    LibDir = filename:join(?config(data_dir, Conf), "lib"),
+
+    %% Create the releases
+    Lib1 = [{a,"1.0",LibDir}],
+    Lib2 = [{a,"9.0",LibDir}],
+    Rel1 = create_and_install_fake_first_release(Dir,Lib1),
+    Rel2 = create_fake_upgrade_release(Dir,"2",Lib2,{[Rel1],[Rel1],[LibDir]}),
+    Rel1Dir = filename:dirname(Rel1),
+    Rel2Dir = filename:dirname(Rel2),
+
+    %% Start a slave node
+    {ok, Node} = t_start_node(upgrade_supervisor, Rel1,
+			      filename:join(Rel1Dir,"sys.config")),
+
+    %% Check path
+    Dir1 = filename:join([LibDir, "a-1.0"]),
+    Dir1 = rpc:call(Node, code, lib_dir, [a]),
+    ASupBeam1 = filename:join([Dir1,ebin,"a_sup.beam"]),
+    ASupBeam1 = rpc:call(Node, code, which, [a_sup]),
+
+    %% Install second release, with no changed modules
+    {ok, RelVsn2} = rpc:call(Node, release_handler, set_unpacked,
+			     [Rel2++".rel", Lib2]),
+    ok = rpc:call(Node, release_handler, install_file,
+		  [RelVsn2, filename:join(Rel2Dir, "relup")]),
+    ok = rpc:call(Node, release_handler, install_file,
+		  [RelVsn2, filename:join(Rel2Dir, "start.boot")]),
+    ok = rpc:call(Node, release_handler, install_file,
+		  [RelVsn2, filename:join(Rel2Dir, "sys.config")]),
+
+    {ok, _RelVsn1, []} =
+	rpc:call(Node, release_handler, install_release, [RelVsn2]),
+
+    %% Check that libdir is changed
+    Dir2 = filename:join([LibDir, "a-9.0"]),
+    Dir2 = rpc:call(Node, code, lib_dir, [a]),
+    ASupBeam2 = filename:join([Dir2,ebin,"a_sup.beam"]),
+    ASupBeam2 = rpc:call(Node, code, which, [a_sup]),
+
+    %% Check that the restart strategy and child spec is updated
+    {status, _, {module, _}, [_, _, _, _, [_,_,{data,[{"State",State}]}]]} =
+	rpc:call(Node,sys,get_status,[a_sup]),
+    {state,_,RestartStrategy,[Child],_,_,_,_,_,_} = State,
+    one_for_all = RestartStrategy, % changed from one_for_one
+    {child,_,_,_,_,brutal_kill,_,_} = Child, % changed from timeout 2000
+
+    ok.
+
+%% Check that if the supervisor fails, then the upgrade is rolled back
+%% and an ok error message is returned
+upgrade_supervisor_fail(Conf) when is_list(Conf) ->
+    %% Set some paths
+    PrivDir = priv_dir(Conf),
+    Dir = filename:join(PrivDir,"upgrade_supervisor_fail"),
+    LibDir = filename:join(?config(data_dir, Conf), "lib"),
+
+    %% Create the releases
+    Lib1 = [{a,"1.0",LibDir}],
+    Lib2 = [{a,"9.1",LibDir}],
+    Rel1 = create_and_install_fake_first_release(Dir,Lib1),
+    Rel2 = create_fake_upgrade_release(Dir,"2",Lib2,{[Rel1],[Rel1],[LibDir]}),
+    Rel1Dir = filename:dirname(Rel1),
+    Rel2Dir = filename:dirname(Rel2),
+
+    %% Start a slave node
+    {ok, Node} = t_start_node(upgrade_supervisor_fail, Rel1,
+			      filename:join(Rel1Dir,"sys.config")),
+
+    %% Check path
+    Dir1 = filename:join([LibDir, "a-1.0"]),
+    Dir1 = rpc:call(Node, code, lib_dir, [a]),
+    ASupBeam1 = filename:join([Dir1,ebin,"a_sup.beam"]),
+    ASupBeam1 = rpc:call(Node, code, which, [a_sup]),
+
+    %% Install second release, with no changed modules
+    {ok, RelVsn2} = rpc:call(Node, release_handler, set_unpacked,
+			     [Rel2++".rel", Lib2]),
+    ok = rpc:call(Node, release_handler, install_file,
+		  [RelVsn2, filename:join(Rel2Dir, "relup")]),
+    ok = rpc:call(Node, release_handler, install_file,
+		  [RelVsn2, filename:join(Rel2Dir, "start.boot")]),
+    ok = rpc:call(Node, release_handler, install_file,
+		  [RelVsn2, filename:join(Rel2Dir, "sys.config")]),
+    ok = net_kernel:monitor_nodes(true),
+
+    {error,{code_change_failed,_Pid,a_sup,_Vsn,
+	    {error,{invalid_shutdown,brutal_kil}}}} =
+	rpc:call(Node, release_handler, install_release, [RelVsn2]),
+
+    %% Check that the upgrade is terminated - normally this would mean
+    %% rollback, but since this testcase is very simplified the node
+    %% is not started with heart supervision and will therefore not be
+    %% restarted. So we just check that the node goes down.
+    receive {nodedown,Node} -> ok
+    after 10000 -> ct:fail(failed_upgrade_never_restarted_node)
+    end,
+
+    ok.
 
 
 %% Test upgrade and downgrade of applications
@@ -1226,6 +1385,12 @@ eval_appup(Conf) when is_list(Conf) ->
     App11Dir = code:lib_dir(app1),
     ok = gen_server:call(harry, error),
 
+    %% Read appup script
+    {ok,"2.0",UpScript} = release_handler:upgrade_script(app1,App12Dir),
+    [{load_object_code,_},
+     point_of_no_return,
+     {load,_}] = UpScript,
+
     %% Upgrade to app1-2.0
     {ok, []} = release_handler:upgrade_app(app1, App12Dir),
     App12Dir = code:lib_dir(app1),
@@ -1236,6 +1401,12 @@ eval_appup(Conf) when is_list(Conf) ->
     %% (see myrel/lib2/app1-2.0/ebin/app1.app)
     [{var,val2}] = ets:lookup(otp_6162, var),
 
+    %% Read appup script
+    {ok,DnScript} = release_handler:downgrade_script(app1,"1.0",App11Dir),
+    [{load_object_code,_},
+     point_of_no_return,
+     {load,_}] = DnScript,
+
     %% Downgrade to app1-1.0
     {ok, []} = release_handler:downgrade_app(app1,"1.0",App11Dir),
     App11Dir = code:lib_dir(app1),
@@ -1253,6 +1424,85 @@ eval_appup(Conf) when is_list(Conf) ->
     ok.
 
 
+%% Test upgrade and downgrade of applications when appup contains
+%% restart_emulator and restart_new_emulator instructions
+eval_appup_with_restart(Conf) when is_list(Conf) ->
+
+    %% Set some paths
+    RelDir = filename:join(?config(data_dir, Conf), "app1_app2"),
+    App11Dir = filename:join([RelDir, "lib1", "app1-1.0"]),
+    App13Dir = filename:join([RelDir, "lib3", "app1-3.0"]), %restart_emulator
+    App14Dir = filename:join([RelDir, "lib4", "app1-4.0"]), %restart_new_emulator
+    EbinDir1 = filename:join(App11Dir, "ebin"),
+    EbinDir3 = filename:join(App13Dir, "ebin"),
+    EbinDir4 = filename:join(App14Dir, "ebin"),
+
+    %% Start app1-1.0
+    code:add_patha(EbinDir1),
+    ok = application:start(app1),
+    App11Dir = code:lib_dir(app1),
+
+    %% Read appup script
+    {ok,"3.0",UpScript3} = release_handler:upgrade_script(app1,App13Dir),
+    [{load_object_code,_},
+     point_of_no_return,
+     {load,_},
+     restart_emulator] = UpScript3,
+
+    %% Upgrade to app1-3.0 - restart_emulator
+    restart_emulator = release_handler:upgrade_app(app1, App13Dir),
+    App13Dir = code:lib_dir(app1),
+
+    %% Fake full upgrade to 3.0
+    {ok,AppSpec} = file:consult(filename:join([App13Dir,"ebin","app1.app"])),
+    application_controller:change_application_data(AppSpec,[]),
+
+    %% Read appup script
+    {ok,"4.0",UpScript4} = release_handler:upgrade_script(app1,App14Dir),
+    [restart_new_emulator,point_of_no_return] = UpScript4,
+
+    %% Try pgrade to app1-4.0 - restart_new_emulator
+    {error,restart_new_emulator} = release_handler:upgrade_app(app1, App14Dir),
+    App13Dir = code:lib_dir(app1),
+
+    %% Read appup script
+    {ok,DnScript1} = release_handler:downgrade_script(app1,"1.0",App11Dir),
+    [{load_object_code,_},
+     point_of_no_return,
+     {load,_},
+     restart_emulator] = DnScript1,
+
+    %% Still running 3.0 - downgrade to app1-1.0 - restart_emulator
+    restart_emulator = release_handler:downgrade_app(app1,"1.0",App11Dir),
+    App11Dir = code:lib_dir(app1),
+
+    ok = application:stop(app1),
+    ok = application:unload(app1),
+    true = code:del_path(EbinDir1),
+
+    %% Start again as version 4.0
+    code:add_patha(EbinDir4),
+    ok = application:start(app1),
+    App14Dir = code:lib_dir(app1),
+
+    %% Read appup script
+    {ok,DnScript3} = release_handler:downgrade_script(app1,"3.0",App13Dir),
+    [point_of_no_return,restart_emulator] = DnScript3,
+
+    %% Downgrade to app1-3.0 - restart_new_emulator
+    restart_emulator = release_handler:downgrade_app(app1,"3.0",App13Dir),
+    App13Dir = code:lib_dir(app1),
+
+    ok = application:stop(app1),
+    ok = application:unload(app1),
+
+    true = code:del_path(EbinDir3),
+    false = code:del_path(EbinDir1),
+    false = code:del_path(EbinDir4),
+
+    ok.
+
+
 %% Test the example/target_system.erl module
 target_system(Conf) when is_list(Conf) ->
     PrivDir = priv_dir(Conf),
@@ -1303,6 +1553,7 @@ target_system(Conf) when is_list(Conf) ->
     KernelVsn = vsn(kernel,current),
     StdlibVsn = vsn(stdlib,current),
     SaslVsn = vsn(sasl,current),
+    RelFileBasename = filename:basename(RelFile),
     true = filelib:is_dir(filename:join(LibDir,"kernel-"++KernelVsn)),
     true = filelib:is_dir(filename:join(LibDir,"stdlib-"++StdlibVsn)),
     true = filelib:is_dir(filename:join(LibDir,"sasl-"++SaslVsn)),
@@ -1310,10 +1561,10 @@ target_system(Conf) when is_list(Conf) ->
     RelDir = filename:join(TargetInstallDir,releases),
     true = filelib:is_regular(filename:join(RelDir,"RELEASES")),
     true = filelib:is_regular(filename:join(RelDir,"start_erl.data")),
-    true = filelib:is_regular(filename:join(RelDir,
-						  filename:basename(RelFile))),
+    true = filelib:is_regular(filename:join(RelDir,RelFileBasename)),
     true = filelib:is_dir(filename:join(RelDir,RelVsn)),
     true = filelib:is_regular(filename:join([RelDir,RelVsn,"start.boot"])),
+    true = filelib:is_regular(filename:join([RelDir,RelVsn,RelFileBasename])),
     BinDir = filename:join(TargetInstallDir,bin),
     true = filelib:is_regular(filename:join(BinDir,"start.boot")),
     true = filelib:is_regular(filename:join(BinDir,erl)),
diff --git a/lib/sasl/test/release_handler_SUITE_data/Makefile.src b/lib/sasl/test/release_handler_SUITE_data/Makefile.src
index edb446413d..55d20aa8b6 100644
--- a/lib/sasl/test/release_handler_SUITE_data/Makefile.src
+++ b/lib/sasl/test/release_handler_SUITE_data/Makefile.src
@@ -5,6 +5,10 @@ P2B= \
      P2B/a-2.0/ebin/a_sup.@EMULATOR@
 
 LIB= \
+     lib/a-9.1/ebin/a.@EMULATOR@ \
+     lib/a-9.1/ebin/a_sup.@EMULATOR@ \
+     lib/a-9.0/ebin/a.@EMULATOR@ \
+     lib/a-9.0/ebin/a_sup.@EMULATOR@ \
      lib/a-1.2/ebin/a.@EMULATOR@ \
      lib/a-1.2/ebin/a_sup.@EMULATOR@ \
      lib/a-1.1/ebin/a.@EMULATOR@ \
@@ -50,7 +54,13 @@ APP= \
      app1_app2/lib2/app1-2.0/ebin/app1.@EMULATOR@ \
      app1_app2/lib2/app2-1.0/ebin/app2_sup.@EMULATOR@ \
      app1_app2/lib2/app2-1.0/ebin/app2_server.@EMULATOR@ \
-     app1_app2/lib2/app2-1.0/ebin/app2.@EMULATOR@
+     app1_app2/lib2/app2-1.0/ebin/app2.@EMULATOR@ \
+     app1_app2/lib3/app1-3.0/ebin/app1_sup.@EMULATOR@ \
+     app1_app2/lib3/app1-3.0/ebin/app1_server.@EMULATOR@ \
+     app1_app2/lib3/app1-3.0/ebin/app1.@EMULATOR@ \
+     app1_app2/lib4/app1-4.0/ebin/app1_sup.@EMULATOR@ \
+     app1_app2/lib4/app1-4.0/ebin/app1_server.@EMULATOR@ \
+     app1_app2/lib4/app1-4.0/ebin/app1.@EMULATOR@
 
 OTP2740=  \
      otp_2740/vsn_atom.@EMULATOR@ \
@@ -95,6 +105,17 @@ lib/a-1.2/ebin/a.@EMULATOR@: lib/a-1.2/src/a.erl
 lib/a-1.2/ebin/a_sup.@EMULATOR@: lib/a-1.2/src/a_sup.erl
 	erlc $(EFLAGS) -olib/a-1.2/ebin lib/a-1.2/src/a_sup.erl
 
+lib/a-9.0/ebin/a.@EMULATOR@: lib/a-9.0/src/a.erl
+	erlc $(EFLAGS) -olib/a-9.0/ebin lib/a-9.0/src/a.erl
+lib/a-9.0/ebin/a_sup.@EMULATOR@: lib/a-9.0/src/a_sup.erl
+	erlc $(EFLAGS) -olib/a-9.0/ebin lib/a-9.0/src/a_sup.erl
+
+lib/a-9.1/ebin/a.@EMULATOR@: lib/a-9.1/src/a.erl
+	erlc $(EFLAGS) -olib/a-9.1/ebin lib/a-9.1/src/a.erl
+lib/a-9.1/ebin/a_sup.@EMULATOR@: lib/a-9.1/src/a_sup.erl
+	erlc $(EFLAGS) -olib/a-9.1/ebin lib/a-9.1/src/a_sup.erl
+
+
 lib/b-1.0/ebin/b_server.@EMULATOR@: lib/b-1.0/src/b_server.erl
 	erlc $(EFLAGS) -olib/b-1.0/ebin lib/b-1.0/src/b_server.erl
 lib/b-1.0/ebin/b_lib.@EMULATOR@: lib/b-1.0/src/b_lib.erl
@@ -183,6 +204,22 @@ app1_app2/lib2/app2-1.0/ebin/app2.@EMULATOR@: app1_app2/lib2/app2-1.0/src/app2.e
 	erlc $(EFLAGS) -oapp1_app2/lib2/app2-1.0/ebin app1_app2/lib2/app2-1.0/src/app2.erl
 
 
+app1_app2/lib3/app1-3.0/ebin/app1_sup.@EMULATOR@: app1_app2/lib3/app1-3.0/src/app1_sup.erl
+	erlc $(EFLAGS) -oapp1_app2/lib3/app1-3.0/ebin app1_app2/lib3/app1-3.0/src/app1_sup.erl
+app1_app2/lib3/app1-3.0/ebin/app1_server.@EMULATOR@: app1_app2/lib3/app1-3.0/src/app1_server.erl
+	erlc $(EFLAGS) -oapp1_app2/lib3/app1-3.0/ebin app1_app2/lib3/app1-3.0/src/app1_server.erl
+app1_app2/lib3/app1-3.0/ebin/app1.@EMULATOR@: app1_app2/lib3/app1-3.0/src/app1.erl
+	erlc $(EFLAGS) -oapp1_app2/lib3/app1-3.0/ebin app1_app2/lib3/app1-3.0/src/app1.erl
+
+
+app1_app2/lib4/app1-4.0/ebin/app1_sup.@EMULATOR@: app1_app2/lib4/app1-4.0/src/app1_sup.erl
+	erlc $(EFLAGS) -oapp1_app2/lib4/app1-4.0/ebin app1_app2/lib4/app1-4.0/src/app1_sup.erl
+app1_app2/lib4/app1-4.0/ebin/app1_server.@EMULATOR@: app1_app2/lib4/app1-4.0/src/app1_server.erl
+	erlc $(EFLAGS) -oapp1_app2/lib4/app1-4.0/ebin app1_app2/lib4/app1-4.0/src/app1_server.erl
+app1_app2/lib4/app1-4.0/ebin/app1.@EMULATOR@: app1_app2/lib4/app1-4.0/src/app1.erl
+	erlc $(EFLAGS) -oapp1_app2/lib4/app1-4.0/ebin app1_app2/lib4/app1-4.0/src/app1.erl
+
+
 otp_2740/vsn_atom.@EMULATOR@: otp_2740/vsn_atom.erl
 	erlc $(EFLAGS) -ootp_2740 otp_2740/vsn_atom.erl
 otp_2740/vsn_list.@EMULATOR@: otp_2740/vsn_list.erl
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/ebin/app1.app b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/ebin/app1.app
new file mode 100644
index 0000000000..4adc0540c4
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/ebin/app1.app
@@ -0,0 +1,9 @@
+{application, app1,
+ [{description, "very simple example application"},
+  {id, "app1"},
+  {vsn, "3.0"},
+  {modules, [app1, app1_sup, app1_server]},
+  {registered, [harry]},
+  {applications, [kernel, stdlib, sasl]},
+  {env, [{var,val2}]},
+  {mod, {app1, []}}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/ebin/app1.appup b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/ebin/app1.appup
new file mode 100644
index 0000000000..a5cdfe9fcc
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/ebin/app1.appup
@@ -0,0 +1,4 @@
+{"3.0",
+ [{"1.0", [{load_module, app1_server},restart_emulator]}],
+ [{"1.0", [{load_module, app1_server},restart_emulator]}]
+}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1.erl b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1.erl
new file mode 100644
index 0000000000..f123c8f470
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1.erl
@@ -0,0 +1,22 @@
+-module(app1).
+
+-behaviour(application).
+
+%% Application callbacks
+-export([start/2, stop/1]).
+-export([config_change/3]).
+
+start(_Type, _StartArgs) ->
+    case app1_sup:start_link() of
+	{ok, Pid} ->
+	    {ok, Pid};
+	Error ->
+	    Error
+    end.
+
+stop(_State) ->
+    ok.
+
+config_change(Changed, _New, _Removed) ->
+    catch ets:insert(otp_6162, hd(Changed)),
+    ok.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1_server.erl b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1_server.erl
new file mode 100644
index 0000000000..660d095ebf
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1_server.erl
@@ -0,0 +1,35 @@
+-module(app1_server).
+
+-behaviour(gen_server).
+
+%% API
+-export([start_link/0]).
+
+%% gen_server callbacks
+-export([init/1, handle_call/3, handle_cast/2, handle_info/2,
+	 terminate/2, code_change/3]).
+
+start_link() ->
+    gen_server:start_link({local, harry}, ?MODULE, [], []).
+
+init([]) ->
+    {ok, []}.
+
+handle_call(error, _From, State) ->
+    Reply = error,
+    {reply, Reply, State};
+handle_call(_Request, _From, State) ->
+    Reply = ok,
+    {reply, Reply, State}.
+
+handle_cast(_Msg, State) ->
+    {noreply, State}.
+
+handle_info(_Info, State) ->
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1_sup.erl b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1_sup.erl
new file mode 100644
index 0000000000..e6ad9b6967
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib3/app1-3.0/src/app1_sup.erl
@@ -0,0 +1,17 @@
+-module(app1_sup).
+
+-behaviour(supervisor).
+
+%% API
+-export([start_link/0]).
+
+%% Supervisor callbacks
+-export([init/1]).
+
+start_link() ->
+    supervisor:start_link(?MODULE, []).
+
+init([]) ->
+    AChild = {harry,{app1_server,start_link,[]},
+	      permanent,2000,worker,[app1_server]},
+    {ok,{{one_for_all,0,1}, [AChild]}}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/ebin/app1.app b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/ebin/app1.app
new file mode 100644
index 0000000000..243bc21f02
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/ebin/app1.app
@@ -0,0 +1,9 @@
+{application, app1,
+ [{description, "very simple example application"},
+  {id, "app1"},
+  {vsn, "4.0"},
+  {modules, [app1, app1_sup, app1_server]},
+  {registered, [harry]},
+  {applications, [kernel, stdlib, sasl]},
+  {env, [{var,val2}]},
+  {mod, {app1, []}}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/ebin/app1.appup b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/ebin/app1.appup
new file mode 100644
index 0000000000..72535c8b34
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/ebin/app1.appup
@@ -0,0 +1,4 @@
+{"4.0",
+ [{"3.0", [restart_new_emulator]}],
+ [{"3.0", [restart_new_emulator]}]
+}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1.erl b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1.erl
new file mode 100644
index 0000000000..f123c8f470
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1.erl
@@ -0,0 +1,22 @@
+-module(app1).
+
+-behaviour(application).
+
+%% Application callbacks
+-export([start/2, stop/1]).
+-export([config_change/3]).
+
+start(_Type, _StartArgs) ->
+    case app1_sup:start_link() of
+	{ok, Pid} ->
+	    {ok, Pid};
+	Error ->
+	    Error
+    end.
+
+stop(_State) ->
+    ok.
+
+config_change(Changed, _New, _Removed) ->
+    catch ets:insert(otp_6162, hd(Changed)),
+    ok.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1_server.erl b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1_server.erl
new file mode 100644
index 0000000000..660d095ebf
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1_server.erl
@@ -0,0 +1,35 @@
+-module(app1_server).
+
+-behaviour(gen_server).
+
+%% API
+-export([start_link/0]).
+
+%% gen_server callbacks
+-export([init/1, handle_call/3, handle_cast/2, handle_info/2,
+	 terminate/2, code_change/3]).
+
+start_link() ->
+    gen_server:start_link({local, harry}, ?MODULE, [], []).
+
+init([]) ->
+    {ok, []}.
+
+handle_call(error, _From, State) ->
+    Reply = error,
+    {reply, Reply, State};
+handle_call(_Request, _From, State) ->
+    Reply = ok,
+    {reply, Reply, State}.
+
+handle_cast(_Msg, State) ->
+    {noreply, State}.
+
+handle_info(_Info, State) ->
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1_sup.erl b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1_sup.erl
new file mode 100644
index 0000000000..e6ad9b6967
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/app1_app2/lib4/app1-4.0/src/app1_sup.erl
@@ -0,0 +1,17 @@
+-module(app1_sup).
+
+-behaviour(supervisor).
+
+%% API
+-export([start_link/0]).
+
+%% Supervisor callbacks
+-export([init/1]).
+
+start_link() ->
+    supervisor:start_link(?MODULE, []).
+
+init([]) ->
+    AChild = {harry,{app1_server,start_link,[]},
+	      permanent,2000,worker,[app1_server]},
+    {ok,{{one_for_all,0,1}, [AChild]}}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/README b/lib/sasl/test/release_handler_SUITE_data/lib/README
index 639a4ca0fb..ffb8c5120b 100644
--- a/lib/sasl/test/release_handler_SUITE_data/lib/README
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/README
@@ -8,6 +8,14 @@ a-1.2:
 can be upgraded to from a-1.1.
 No module have changed, but priv dir is added including one 'file'
 
+a-9.0:
+can be upgrade to from a-1.0
+Changes a_sup correctly - to test successful upgrade of supervisor
+
+a-9.1:
+can be upgrade to from a-1.0
+Changes a_sup faulty - to test failing upgrade of supervisor
+
 b-1.0:
 start version, includes b_lib and b_server
 
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/ebin/a.app b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/ebin/a.app
new file mode 100644
index 0000000000..aa436d3e8c
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/ebin/a.app
@@ -0,0 +1,8 @@
+{application, a,
+	     [{description, "A  CXC 138 11"},
+              {vsn, "9.0"},
+	      {modules, [a, a_sup]},
+	      {registered, [a_sup]},
+	      {applications, [kernel, stdlib]},
+	      {env, [{key1, val1}]},
+	      {mod, {a_sup, []}}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/ebin/a.appup b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/ebin/a.appup
new file mode 100644
index 0000000000..c4071d57a3
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/ebin/a.appup
@@ -0,0 +1,3 @@
+{"9.0",
+ [{"1.0",[{update,a_sup,{advanced,update_supervisor}}]}],
+ [{"1.0",[{update,a_sup,{advanced,update_supervisor}}]}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/src/a.erl b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/src/a.erl
new file mode 100644
index 0000000000..1050e53f35
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/src/a.erl
@@ -0,0 +1,56 @@
+%% ``The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved via the world wide web at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
+%% Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
+%% AB. All Rights Reserved.''
+%%
+%%     $Id$
+%%
+-module(a).
+
+
+-behaviour(gen_server).
+
+%% External exports
+-export([start_link/0, a/0, b/0]).
+%% Internal exports
+-export([init/1, handle_call/3, handle_info/2, terminate/2, code_change/3]).
+
+start_link() -> gen_server:start_link({local, aa}, a, [], []).
+
+a() -> gen_server:call(aa, a).
+b() -> gen_server:call(aa, b).
+
+%%-----------------------------------------------------------------
+%% Callback functions from gen_server
+%%-----------------------------------------------------------------
+init([]) ->
+    process_flag(trap_exit, true),
+    {ok, {state, bval}}.
+
+handle_call(a, _From, State) ->
+    X = application:get_all_env(a),
+    {reply, X, State};
+
+handle_call(b, _From, State) ->
+    {reply, {ok, element(2, State)}, State}.
+
+handle_info(_, State) ->
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(1, Extra, State) ->
+    {ok, {state, bval}};
+code_change({down,1},Extra,State) ->
+    {ok, state}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/src/a_sup.erl b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/src/a_sup.erl
new file mode 100644
index 0000000000..ae1d080f58
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.0/src/a_sup.erl
@@ -0,0 +1,37 @@
+%% ``The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved via the world wide web at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
+%% Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
+%% AB. All Rights Reserved.''
+%%
+%%     $Id$
+%%
+-module(a_sup).
+
+
+-behaviour(supervisor).
+
+%% External exports
+-export([start/2]).
+
+%% Internal exports
+-export([init/1]).
+
+start(_, _) ->
+    supervisor:start_link({local, a_sup}, a_sup, []).
+
+init([]) ->
+    SupFlags = {one_for_all, 4, 3600},
+    Config = {a,
+	      {a, start_link, []},
+	      permanent, brutal_kill, worker, [a]},
+    {ok, {SupFlags, [Config]}}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/ebin/a.app b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/ebin/a.app
new file mode 100644
index 0000000000..5b467ec4e8
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/ebin/a.app
@@ -0,0 +1,8 @@
+{application, a,
+	     [{description, "A  CXC 138 11"},
+              {vsn, "9.1"},
+	      {modules, [a, a_sup]},
+	      {registered, [a_sup]},
+	      {applications, [kernel, stdlib]},
+	      {env, [{key1, val1}]},
+	      {mod, {a_sup, []}}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/ebin/a.appup b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/ebin/a.appup
new file mode 100644
index 0000000000..efeb7f1fe3
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/ebin/a.appup
@@ -0,0 +1,3 @@
+{"9.1",
+ [{"1.0",[{update,a_sup,{advanced,update_supervisor}}]}],
+ [{"1.0",[{update,a_sup,{advanced,update_supervisor}}]}]}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/src/a.erl b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/src/a.erl
new file mode 100644
index 0000000000..1050e53f35
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/src/a.erl
@@ -0,0 +1,56 @@
+%% ``The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved via the world wide web at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
+%% Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
+%% AB. All Rights Reserved.''
+%%
+%%     $Id$
+%%
+-module(a).
+
+
+-behaviour(gen_server).
+
+%% External exports
+-export([start_link/0, a/0, b/0]).
+%% Internal exports
+-export([init/1, handle_call/3, handle_info/2, terminate/2, code_change/3]).
+
+start_link() -> gen_server:start_link({local, aa}, a, [], []).
+
+a() -> gen_server:call(aa, a).
+b() -> gen_server:call(aa, b).
+
+%%-----------------------------------------------------------------
+%% Callback functions from gen_server
+%%-----------------------------------------------------------------
+init([]) ->
+    process_flag(trap_exit, true),
+    {ok, {state, bval}}.
+
+handle_call(a, _From, State) ->
+    X = application:get_all_env(a),
+    {reply, X, State};
+
+handle_call(b, _From, State) ->
+    {reply, {ok, element(2, State)}, State}.
+
+handle_info(_, State) ->
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(1, Extra, State) ->
+    {ok, {state, bval}};
+code_change({down,1},Extra,State) ->
+    {ok, state}.
diff --git a/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/src/a_sup.erl b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/src/a_sup.erl
new file mode 100644
index 0000000000..b0597dc5c3
--- /dev/null
+++ b/lib/sasl/test/release_handler_SUITE_data/lib/a-9.1/src/a_sup.erl
@@ -0,0 +1,37 @@
+%% ``The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved via the world wide web at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% The Initial Developer of the Original Code is Ericsson Utvecklings AB.
+%% Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
+%% AB. All Rights Reserved.''
+%%
+%%     $Id$
+%%
+-module(a_sup).
+
+
+-behaviour(supervisor).
+
+%% External exports
+-export([start/2]).
+
+%% Internal exports
+-export([init/1]).
+
+start(_, _) ->
+    supervisor:start_link({local, a_sup}, a_sup, []).
+
+init([]) ->
+    SupFlags = {one_for_all, 4, 3600},
+    Config = {a,
+	      {a, start_link, []},
+	      permanent, brutal_kil, worker, [a]},
+    {ok, {SupFlags, [Config]}}.
diff --git a/lib/sasl/test/sasl_SUITE.erl b/lib/sasl/test/sasl_SUITE.erl
index 195324daa0..b6eaf41323 100644
--- a/lib/sasl/test/sasl_SUITE.erl
+++ b/lib/sasl/test/sasl_SUITE.erl
@@ -20,15 +20,15 @@
 -include_lib("common_test/include/ct.hrl").
 
 
-% Default timetrap timeout (set in init_per_testcase).
+%% Default timetrap timeout (set in init_per_testcase).
 -define(default_timeout, ?t:minutes(1)).
 -define(application, sasl).
 
-% Test server specific exports
+%% Test server specific exports
 -export([all/0,groups/0,init_per_group/2,end_per_group/2]).
 -export([init_per_testcase/2, end_per_testcase/2]).
 
-% Test cases must be exported.
+%% Test cases must be exported.
 -export([app_test/1,
 	 appup_test/1,
 	 log_mf_h_env/1]).
@@ -47,7 +47,7 @@ end_per_group(_GroupName, Config) ->
 
 
 init_per_testcase(_Case, Config) ->
-    ?line Dog=test_server:timetrap(?default_timeout),
+    Dog=test_server:timetrap(?default_timeout),
     [{watchdog, Dog}|Config].
 end_per_testcase(_Case, Config) ->
     Dog=?config(watchdog, Config),
@@ -55,7 +55,7 @@ end_per_testcase(_Case, Config) ->
     ok.
 
 app_test(Config) when is_list(Config) ->
-    ?line ?t:app_test(sasl, allow),
+    ?t:app_test(sasl, allow),
     ok.
 
 %% Test that appup allows upgrade from/downgrade to a maximum of two
@@ -67,11 +67,11 @@ appup_test(_Config) ->
     {ok,[{SaslVsn,UpFrom,DownTo}=Appup]} =
 	file:consult(filename:join(Ebin,"sasl.appup")),
     ct:log("~p~n",[Appup]),
-    ?line {OkVsns,NokVsns} = create_test_vsns(SaslVsn),
-    ?line check_appup(OkVsns,UpFrom,{ok,[restart_new_emulator]}),
-    ?line check_appup(OkVsns,DownTo,{ok,[restart_new_emulator]}),
-    ?line check_appup(NokVsns,UpFrom,error),
-    ?line check_appup(NokVsns,DownTo,error),
+    {OkVsns,NokVsns} = create_test_vsns(SaslVsn),
+    check_appup(OkVsns,UpFrom,{ok,[restart_new_emulator]}),
+    check_appup(OkVsns,DownTo,{ok,[restart_new_emulator]}),
+    check_appup(NokVsns,UpFrom,error),
+    check_appup(NokVsns,DownTo,error),
     ok.
 
 
diff --git a/lib/sasl/test/systools_SUITE.erl b/lib/sasl/test/systools_SUITE.erl
index 892c4994e8..4cf7364d74 100644
--- a/lib/sasl/test/systools_SUITE.erl
+++ b/lib/sasl/test/systools_SUITE.erl
@@ -28,9 +28,9 @@
 
 -module(systools_SUITE).
 
-%-define(debug, true).
+%%-define(debug, true).
 
--include_lib("test_server/include/test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
 -define(format(S, A), ok).
 -define(datadir, ?config(data_dir, Config)).
 -define(privdir, ?config(priv_dir, Config)).
@@ -40,20 +40,22 @@
 
 -export([all/0,suite/0,groups/0,init_per_group/2,end_per_group/2]).
 
--export([ script_options/1, normal_script/1, no_mod_vsn_script/1,
-	  wildcard_script/1, variable_script/1, no_sasl_script/1,
-	  abnormal_script/1, src_tests_script/1, crazy_script/1,
-	  warn_shadow_script/1,
-	  included_script/1, included_override_script/1,
-	  included_fail_script/1, included_bug_script/1, exref_script/1]).
--export([ tar_options/1, normal_tar/1, no_mod_vsn_tar/1, variable_tar/1,
-	  src_tests_tar/1, shadow_tar/1, var_tar/1,
-	  exref_tar/1, link_tar/1, otp_9507/1]).
--export([ normal_relup/1, restart_relup/1, abnormal_relup/1, no_sasl_relup/1,
-	  no_appup_relup/1, bad_appup_relup/1, app_start_type_relup/1,
-	  regexp_relup/1, otp_3065/1]).
--export([otp_6226/1]).
+-export([script_options/1, normal_script/1, no_mod_vsn_script/1,
+	 wildcard_script/1, variable_script/1, no_sasl_script/1,
+	 abnormal_script/1, src_tests_script/1, crazy_script/1,
+	 included_script/1, included_override_script/1,
+	 included_fail_script/1, included_bug_script/1, exref_script/1,
+	 otp_3065_circular_dependenies/1]).
+-export([tar_options/1, normal_tar/1, no_mod_vsn_tar/1, system_files_tar/1,
+	 system_files_tar/2, invalid_system_files_tar/1,
+	 invalid_system_files_tar/2, variable_tar/1,
+	 src_tests_tar/1, var_tar/1, exref_tar/1, link_tar/1,
+	 otp_9507_path_ebin/1]).
+-export([normal_relup/1, restart_relup/1, abnormal_relup/1, no_sasl_relup/1,
+	 no_appup_relup/1, bad_appup_relup/1, app_start_type_relup/1,
+	 regexp_relup/1]).
 -export([normal_hybrid/1,hybrid_no_old_sasl/1,hybrid_no_new_sasl/1]).
+-export([otp_6226_outdir/1]).
 -export([init_per_suite/1, end_per_suite/1, 
 	 init_per_testcase/2, end_per_testcase/2]).
 
@@ -69,26 +71,26 @@ suite() ->
 
 all() -> 
     [{group, script}, {group, tar}, {group, relup}, {group, hybrid},
-     {group, tickets}].
+     {group, options}].
 
 groups() -> 
     [{script, [],
       [script_options, normal_script, no_mod_vsn_script,
        wildcard_script, variable_script, abnormal_script,
        no_sasl_script, src_tests_script, crazy_script,
-       warn_shadow_script, included_script, included_override_script,
+       included_script, included_override_script,
        included_fail_script, included_bug_script, exref_script,
-       otp_3065]},
+       otp_3065_circular_dependenies]},
      {tar, [],
-      [tar_options, normal_tar, no_mod_vsn_tar, variable_tar,
-       src_tests_tar, shadow_tar, var_tar,
-       exref_tar, link_tar, otp_9507]},
+      [tar_options, normal_tar, no_mod_vsn_tar, system_files_tar,
+       invalid_system_files_tar, variable_tar,
+       src_tests_tar, var_tar, exref_tar, link_tar, otp_9507_path_ebin]},
      {relup, [],
       [normal_relup, restart_relup, abnormal_relup, no_sasl_relup,
        no_appup_relup, bad_appup_relup, app_start_type_relup, regexp_relup
       ]},
      {hybrid, [], [normal_hybrid,hybrid_no_old_sasl,hybrid_no_new_sasl]},
-     {tickets, [], [otp_6226]}].
+     {options, [], [otp_6226_outdir]}].
 
 init_per_group(_GroupName, Config) ->
     Config.
@@ -103,17 +105,17 @@ init_per_suite(Config) when is_list(Config) ->
     %% Make of copy of the data directory.
     DataDir = ?datadir,
     PrivDir = ?privdir,
-    ?line CopyDir = fname(PrivDir, "datacopy"),
-    ?line TarFile = fname(PrivDir, "datacopy.tgz"),
-    ?line {ok, Tar} = erl_tar:open(TarFile, [write, compressed]),
-    ?line ok = erl_tar:add(Tar, DataDir, CopyDir, [compressed]),
-    ?line ok = erl_tar:close(Tar),
-    ?line ok = erl_tar:extract(TarFile, [compressed]),
-    ?line ok = file:delete(TarFile),
+    CopyDir = fname(PrivDir, "datacopy"),
+    TarFile = fname(PrivDir, "datacopy.tgz"),
+    {ok, Tar} = erl_tar:open(TarFile, [write, compressed]),
+    ok = erl_tar:add(Tar, DataDir, CopyDir, [compressed]),
+    ok = erl_tar:close(Tar),
+    ok = erl_tar:extract(TarFile, [compressed]),
+    ok = file:delete(TarFile),
 
     %% Compile source files in the copy directory.
-    ?line Sources = filelib:wildcard(fname([CopyDir,'*','*','*','*','*.erl'])),
-    ?line lists:foreach(fun compile_source/1, Sources),
+    Sources = filelib:wildcard(fname([CopyDir,'*','*','*','*','*.erl'])),
+    lists:foreach(fun compile_source/1, Sources),
 
     %% To use in end_per_testcase
     Path = code:get_path(),
@@ -144,10 +146,13 @@ init_per_testcase(link_tar, Config) ->
 	{win32, _} -> {skip, "Skip on windows"}
     end;
 init_per_testcase(_Case, Config) ->
-    ?line Dog = test_server:timetrap(?default_timeout),
+    Dog = test_server:timetrap(?default_timeout),
     [{watchdog, Dog}|Config].
 
-end_per_testcase(_Case, Config) ->
+end_per_testcase(Case, Config) ->
+    try apply(?MODULE,Case,[cleanup,Config])
+    catch error:undef -> ok
+    end,
     Dog=?config(watchdog, Config),
     test_server:timetrap_cancel(Dog),
     case {?config(path,Config),?config(cwd,Config)} of
@@ -175,528 +180,468 @@ end_per_testcase(_Case, Config) ->
 %%
 
 
-%% make_script
-%%
-script_options(suite) -> [];
-script_options(doc) ->
-    ["Check illegal script options."];
+%% make_script: Check illegal script options
 script_options(Config) when is_list(Config) ->
-    ?line {'EXIT',{{badarg,[{path,["Path",12,"Another"]}]}, _}} =
-       (catch systools:make_script("release", [{path,["Path",12,"Another"]}])),
-    ?line {'EXIT',{{badarg,[sillent]}, _}} =
+    {'EXIT',{{badarg,[{path,["Path",12,"Another"]}]}, _}} =
+	(catch systools:make_script("release", [{path,["Path",12,"Another"]}])),
+    {'EXIT',{{badarg,[sillent]}, _}} =
 	(catch systools:make_script("release",
 				    [{path,["Path","Another"]},sillent])),
-    ?line {'EXIT',{{badarg,[locall]}, _}} =
+    {'EXIT',{{badarg,[locall]}, _}} =
 	(catch systools:make_script("release",
 				    [{path,["Path","Another"]},locall])),
-    ?line {'EXIT',{{badarg,[src_testsxx]}, _}} =
+    {'EXIT',{{badarg,[src_testsxx]}, _}} =
 	(catch systools:make_script("release",
 				    [{path,["Path"]},src_testsxx])),
-    ?line {'EXIT',{{badarg,[{variables, {"TEST", "/home/lib"}}]}, _}} =
+    {'EXIT',{{badarg,[{variables, {"TEST", "/home/lib"}}]}, _}} =
 	(catch systools:make_script("release",
 				    [{variables, {"TEST", "/home/lib"}}])),
-    ?line {'EXIT',{{badarg,[{variables, [{a, b}, {"a", "b"}]}]}, _}} =
+    {'EXIT',{{badarg,[{variables, [{a, b}, {"a", "b"}]}]}, _}} =
 	(catch systools:make_script("release",
 				    [{variables, [{a, b}, {"a", "b"}]}])),
-    ?line {'EXIT',{{badarg,[exreff]}, _}} =
+    {'EXIT',{{badarg,[exreff]}, _}} =
 	(catch systools:make_script("release",
 				    [{path,["Path","Another"]},exreff])),
-    ?line {'EXIT',{{badarg,[{exref,["appl"]}]}, _}} =
+    {'EXIT',{{badarg,[{exref,["appl"]}]}, _}} =
 	(catch systools:make_script("release", [{exref,["appl"]}])),
-    ?line {'EXIT',{{badarg,[{machine, "appl"}]}, _}} =
+    {'EXIT',{{badarg,[{machine, "appl"}]}, _}} =
 	(catch systools:make_script("release", [{machine,"appl"}])),
     ok.
 
 
-%% make_script
-%%
-normal_script(suite) -> [];
-normal_script(doc) ->
-    ["Check that make_script handles normal case."];
+%% make_script: Check that normal case
 normal_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line PSAVE = code:get_path(),		% Save path
+    {ok, OldDir} = file:get_cwd(),
+    PSAVE = code:get_path(),		% Save path
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P1 = fname([LibDir, 'db-2.1', ebin]),
-    ?line P2 = fname([LibDir, 'fe-3.1', ebin]),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P1 = fname([LibDir, 'db-2.1', ebin]),
+    P2 = fname([LibDir, 'fe-3.1', ebin]),
 
-    ?line true = code:add_patha(P1),
-    ?line true = code:add_patha(P2),
+    true = code:add_patha(P1),
+    true = code:add_patha(P2),
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line ok = systools:make_script(filename:basename(LatestName)),
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
+    ok = systools:make_script(filename:basename(LatestName)),
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
 
     %% Check the same but w. silent flag
-    ?line {ok, _, []} = systools:make_script(LatestName, [silent]),
+    {ok, _, []} = systools:make_script(LatestName, [silent]),
 
     %% Use the local option
-    ?line ok = systools:make_script(LatestName, [local]),
-    ?line ok = check_script_path(LatestName),
+    ok = systools:make_script(LatestName, [local]),
+    ok = check_script_path(LatestName),
 
     %% use the path option
-    ?line code:set_path(PSAVE),			% Restore path
+    code:set_path(PSAVE),			% Restore path
     %% Mess up std path:
-    ?line true = code:add_patha(fname([LibDir, 'db-1.0', ebin])),
-    ?line true = code:add_patha(fname([LibDir, 'fe-2.1', ebin])),
+    true = code:add_patha(fname([LibDir, 'db-1.0', ebin])),
+    true = code:add_patha(fname([LibDir, 'fe-2.1', ebin])),
 
-    ?line error = systools:make_script(LatestName),	%should fail
-    ?line ok = systools:make_script(LatestName,[{path, [P1, P2]}]),
+    error = systools:make_script(LatestName),	%should fail
+    ok = systools:make_script(LatestName,[{path, [P1, P2]}]),
 
-    ?line ok = file:set_cwd(OldDir),
-    ?line code:set_path(PSAVE),			% Restore path
+    ok = file:set_cwd(OldDir),
+    code:set_path(PSAVE),			% Restore path
     ok.
 
 
-%% make_script
-%%
-no_mod_vsn_script(suite) -> [];
-no_mod_vsn_script(doc) ->
-    ["Check that make_script handles normal case.",
-     "Modules specified without version in .app file (db-3.1)."
-     "Note that this is now the normal way - i.e. systools now "
-     "ignores the module versions in the .app file."];
+%% make_script:
+%% Modules specified without version in .app file (db-3.1).
+%% Note that this is now the normal way - i.e. systools now ignores
+%% the module versions in the .app file.
 no_mod_vsn_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line PSAVE = code:get_path(),		% Save path
+    {ok, OldDir} = file:get_cwd(),
+    PSAVE = code:get_path(),		% Save path
 
-    ?line {LatestDir, LatestName} = create_script(latest_no_mod_vsn,Config),
+    {LatestDir, LatestName} = create_script(latest_no_mod_vsn,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P1 = fname([LibDir, 'db-3.1', ebin]),
-    ?line P2 = fname([LibDir, 'fe-3.1', ebin]),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P1 = fname([LibDir, 'db-3.1', ebin]),
+    P2 = fname([LibDir, 'fe-3.1', ebin]),
 
-    ?line true = code:add_patha(P1),
-    ?line true = code:add_patha(P2),
+    true = code:add_patha(P1),
+    true = code:add_patha(P2),
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line ok = systools:make_script(filename:basename(LatestName)),
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
+    ok = systools:make_script(filename:basename(LatestName)),
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
 
     %% Check the same but w. silent flag
-    ?line {ok, _, []} = systools:make_script(LatestName, [silent]),
+    {ok, _, []} = systools:make_script(LatestName, [silent]),
 
     %% Use the local option
-    ?line ok = systools:make_script(LatestName, [local]),
-    ?line ok = check_script_path(LatestName),
+    ok = systools:make_script(LatestName, [local]),
+    ok = check_script_path(LatestName),
 
     %% use the path option
-    ?line code:set_path(PSAVE),			% Restore path
+    code:set_path(PSAVE),			% Restore path
     %% Mess up std path:
-    ?line true = code:add_patha(fname([LibDir, 'db-1.0', ebin])),
-    ?line true = code:add_patha(fname([LibDir, 'fe-2.1', ebin])),
+    true = code:add_patha(fname([LibDir, 'db-1.0', ebin])),
+    true = code:add_patha(fname([LibDir, 'fe-2.1', ebin])),
 
-    ?line error = systools:make_script(LatestName),	%should fail
-    ?line ok = systools:make_script(LatestName,
-				    [{path, [P1, P2]}]),
+    error = systools:make_script(LatestName),	%should fail
+    ok = systools:make_script(LatestName,
+			      [{path, [P1, P2]}]),
 
-    ?line ok = file:set_cwd(OldDir),
-    ?line code:set_path(PSAVE),			% Restore path
+    ok = file:set_cwd(OldDir),
+    code:set_path(PSAVE),			% Restore path
     ok.
 
 
-%% make_script
-%%
-wildcard_script(suite) -> [];
-wildcard_script(doc) ->
-    ["Check that make_script handles wildcards in path."];
+%% make_script: Check that make_script handles wildcards in path.
 wildcard_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line WildDir = fname([LibDir, '*', ebin]),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    WildDir = fname([LibDir, '*', ebin]),
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line error = systools:make_script(filename:basename(LatestName)),
+    error = systools:make_script(filename:basename(LatestName)),
 
-    ?line ok = systools:make_script(LatestName,
-				    [{path, [WildDir]}]),
+    ok = systools:make_script(LatestName,
+			      [{path, [WildDir]}]),
 
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% make_script
-%%
-variable_script(suite) -> [];
-variable_script(doc) ->
-    ["Add own installation dependent variable in script."];
+%% make_script: Add own installation dependent variable in script.
 variable_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line ok = systools:make_script(LatestName,
-				    [{path, P},
-				     {variables, [{"TEST", LibDir}]}]),
+    ok = systools:make_script(LatestName,
+			      [{path, P},
+			       {variables, [{"TEST", LibDir}]}]),
 
     %% Check variables
-    ?line ok = check_var_script_file([fname(['$TEST', 'db-2.1', ebin]),
-				      fname(['$TEST', 'fe-3.1', ebin])],
-				     P,
-				     LatestName),
+    ok = check_var_script_file([fname(['$TEST', 'db-2.1', ebin]),
+				fname(['$TEST', 'fe-3.1', ebin])],
+			       P,
+			       LatestName),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_script
-%%
-abnormal_script(suite) -> [];
-abnormal_script(doc) ->
-    ["Abnormal cases."];
+%% make_script: Abnormal cases.
 abnormal_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
+    DataDir = filename:absname(?copydir),
 
-    ?line ok = file:set_cwd(LatestDir),
-    ?line LibDir = fname([DataDir, d_bad_app_vsn, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    ok = file:set_cwd(LatestDir),
+    LibDir = fname([DataDir, d_bad_app_vsn, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
     %% Check wrong app vsn
-    ?line error = systools:make_script(LatestName, [{path, P}]),
-    ?line {error,
-	   systools_make,
-	   [{error_reading, {db, {no_valid_version,
-				  {{"should be","2.1"},
-				   {"found file", _, "2.0"}}}}}]} =
+    error = systools:make_script(LatestName, [{path, P}]),
+    {error,
+     systools_make,
+     [{error_reading, {db, {no_valid_version,
+			    {{"should be","2.1"},
+			     {"found file", _, "2.0"}}}}}]} =
 	systools:make_script(LatestName, [silent, {path, P}]),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% make_script
-%%
-no_sasl_script(suite) -> [];
-no_sasl_script(doc) ->
-    ["Create script without sasl appl. Check warning."];
+%% make_script: Create script without sasl appl. Check warning.
 no_sasl_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest1_no_sasl,Config),
+    {LatestDir, LatestName} = create_script(latest1_no_sasl,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = [fname([DataDir, d_normal, lib])],
-    ?line P = [fname([LibDir, '*', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _ , [{warning,missing_sasl}]} =
+    {ok, _ , [{warning,missing_sasl}]} =
 	systools:make_script(LatestName,[{path, P},silent]),
 
-    ?line ok = file:set_cwd(OldDir),
+    {ok, _ , []} =
+	systools:make_script(LatestName,[{path, P},silent, no_warn_sasl]),
+
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% make_script
-%%
-src_tests_script(suite) -> [];
-src_tests_script(doc) ->
-    ["Do not check date of object file or that source code can be found."];
+%% make_script: Do not check date of object file or that source code
+%% can be found.
 src_tests_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line PSAVE = code:get_path(),		% Save path
+    {ok, OldDir} = file:get_cwd(),
+    PSAVE = code:get_path(),		% Save path
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
-    ?line BootFile = LatestName ++ ".boot",
+    {LatestDir, LatestName} = create_script(latest,Config),
+    BootFile = LatestName ++ ".boot",
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_missing_src, lib]),
-    ?line P1 = fname([LibDir, 'db-2.1', ebin]),
-    ?line P2 = fname([LibDir, 'fe-3.1', ebin]),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_missing_src, lib]),
+    P1 = fname([LibDir, 'db-2.1', ebin]),
+    P2 = fname([LibDir, 'fe-3.1', ebin]),
     N = [P1, P2],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% Manipulate the modification date of a beam file so it seems
     %% older than its .erl file
-    ?line Erl = filename:join([P1,"..","src","db1.erl"]),
-    ?line {ok, FileInfo=#file_info{mtime={{Y,M,D},T}}} = file:read_file_info(Erl),
-    ?line Beam = filename:join(P1,"db1.beam"),
-    ?line ok=file:write_file_info(Beam, FileInfo#file_info{mtime={{Y-1,M,D},T}}),
+    Erl = filename:join([P1,"..","src","db1.erl"]),
+    {ok, FileInfo=#file_info{mtime={{Y,M,D},T}}} = file:read_file_info(Erl),
+    Beam = filename:join(P1,"db1.beam"),
+    ok=file:write_file_info(Beam, FileInfo#file_info{mtime={{Y-1,M,D},T}}),
 
     %% Remove a .erl file
-    ?line Erl2 = filename:join([P1,"..","src","db2.erl"]),
-    ?line file:delete(Erl2),
+    Erl2 = filename:join([P1,"..","src","db2.erl"]),
+    file:delete(Erl2),
 
     %% Then make script
 
     %% .boot file should not exist
-    ?line ok = file:delete(BootFile),
-    ?line false = filelib:is_regular(BootFile),
+    ok = file:delete(BootFile),
+    false = filelib:is_regular(BootFile),
     %% With warnings_as_errors and src_tests option, an error should be issued
-    ?line error =
+    error =
 	systools:make_script(LatestName, [silent, {path, N}, src_tests,
 					  warnings_as_errors]),
-    ?line error =
+    error =
 	systools:make_script(LatestName, [{path, N}, src_tests,
 					  warnings_as_errors]),
 
     %% due to warnings_as_errors .boot file should still not exist
-    ?line false = filelib:is_regular(BootFile),
+    false = filelib:is_regular(BootFile),
 
     %% Two warnings should be issued when src_tests is given
     %% 1. old object code for db1.beam
     %% 2. missing source code for db2.beam
-    ?line {ok, _, [{warning,{obj_out_of_date,_}},
-		   {warning,{source_not_found,_}}]} =
+    {ok, _, [{warning,{obj_out_of_date,_}},
+	     {warning,{source_not_found,_}}]} =
 	systools:make_script(LatestName, [silent, {path, N}, src_tests]),
 
     %% .boot file should exist now
-    ?line true = filelib:is_regular(BootFile),
+    true = filelib:is_regular(BootFile),
 
     %% Without the src_tests option, no warning should be issued
-    ?line {ok, _, []} =
+    {ok, _, []} =
 	systools:make_script(LatestName, [silent, {path, N}]),
 
     %% Check that the old no_module_tests option (from the time when
     %% it was default to do the src_test) is ignored
-    ?line {ok, _, [{warning,{obj_out_of_date,_}},
-		   {warning,{source_not_found,_}}]} =
+    {ok, _, [{warning,{obj_out_of_date,_}},
+	     {warning,{source_not_found,_}}]} =
 	systools:make_script(LatestName, [silent,
 					  {path, N},
 					  no_module_tests,
 					  src_tests]),
 
-    ?line ok = file:set_cwd(OldDir),
-    ?line code:set_path(PSAVE),
+    ok = file:set_cwd(OldDir),
+    code:set_path(PSAVE),
     ok.
 
-%% make_script
-%%
-warn_shadow_script(suite) -> [];
-warn_shadow_script(doc) ->
-    ["Check that jam file out of date warning doesn't",
-     "shadow bad module version error."];
-warn_shadow_script(Config) when is_list(Config) ->
-    %% This test has been removed since the 'vsn' attribute is
-    %% not used any more, starting with R6. No warning
-    %% 'obj_out_of_date' seemed to be generated.
-    true.
-
-
-%% make_script
-%%
-crazy_script(suite) -> [];
-crazy_script(doc) ->
-    ["Do the crazy cases."];
+%% make_script: Do the crazy cases.
 crazy_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest, Config),
+    {LatestDir, LatestName} = create_script(latest, Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% Run with bad path
-    ?line error = systools:make_script(LatestName),
-    ?line {error, _, [{error_reading, _}, {error_reading, _}]} =
+    error = systools:make_script(LatestName),
+    {error, _, [{error_reading, _}, {error_reading, _}]} =
 	systools:make_script(LatestName, [silent]),
 
     %% Run with .rel file lacking kernel
-    ?line {LatestDir2, LatestName2} = create_script(latest_nokernel, Config),
-    ?line ok = file:set_cwd(LatestDir2),
+    {LatestDir2, LatestName2} = create_script(latest_nokernel, Config),
+    ok = file:set_cwd(LatestDir2),
 
-    ?line error = systools:make_script(LatestName2),
-    ?line {error, _, {missing_mandatory_app,[kernel,stdlib]}} =
+    error = systools:make_script(LatestName2),
+    {error, _, {missing_mandatory_app,kernel}} =
 	systools:make_script(LatestName2, [silent,{path,P}]),
 
-    ?line ok = file:set_cwd(OldDir),
+    %% Run with .rel file with non-permanent kernel
+    {LatestDir3, LatestName3} = create_script(latest_kernel_start_type, Config),
+    ok = file:set_cwd(LatestDir3),
+
+    error = systools:make_script(LatestName3),
+    {error, _, {mandatory_app,kernel,load}} =
+	systools:make_script(LatestName3, [silent,{path,P}]),
+
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_script
-%%
-included_script(suite) -> [];
-included_script(doc) ->
-    ["Check that make_script handles generation of script",
-     "for applications with included applications."];
+%% make_script: Check that make_script handles generation of script
+%% for applications with included applications.
 included_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {LatestDir, LatestName} = create_include_files(inc1, Config),
-    ?line ok = file:set_cwd(LatestDir),
-    ?line ok = systools:make_script(LatestName),
-    ?line ok = check_include_script(LatestName,
-				    [t1, t2, t3, t5, t4, t6],
-				    [t1, t3, t6]),
-    ?line ok = file:set_cwd(OldDir),
+    {ok, OldDir} = file:get_cwd(),
+    {LatestDir, LatestName} = create_include_files(inc1, Config),
+    ok = file:set_cwd(LatestDir),
+    ok = systools:make_script(LatestName),
+    ok = check_include_script(LatestName,
+			      [t1, t2, t3, t5, t4, t6],
+			      [t1, t3, t6]),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_script
-%%
-included_override_script(suite) -> [];
-included_override_script(doc) ->
-    ["Check that make_script handles generation of script",
-     "for applications with included applications which are override by",
-     "the .rel file."];
+%% make_script: Check that make_script handles generation of script
+%% for applications with included applications which are override by
+%% the .rel file.
 included_override_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {LatestDir, LatestName} = create_include_files(inc2, Config),
-    ?line ok = file:set_cwd(LatestDir),
-    ?line ok = systools:make_script(LatestName),
-    ?line ok = check_include_script(LatestName,
-				    [t1, t2, t3, t4, t6, t5],
-				    [t1, t3, t6, t5]),
-
-    ?line {_, LatestName1} = create_include_files(inc3, Config),
-    ?line ok = systools:make_script(LatestName1),
-    ?line ok = check_include_script(LatestName1,
-				    [t3, t5, t4, t6, t1, t2],
-				    [t3, t6, t1, t2]),
-
-    ?line {_, LatestName2} = create_include_files(inc4, Config),
-    ?line ok = systools:make_script(LatestName2),
-    ?line ok = check_include_script(LatestName2,
-				    [t3, t4, t6, t5, t1, t2],
-				    [t3, t6, t5, t1, t2]),
-
-    ?line {_, LatestName3} = create_include_files(inc5, Config),
-    ?line ok = systools:make_script(LatestName3),
-    ?line ok = check_include_script(LatestName3,
-				    [t3, t4, t6, t1, t2],
-				    [t3, t6, t1, t2]),
-
-    ?line ok = file:set_cwd(OldDir),
+    {ok, OldDir} = file:get_cwd(),
+    {LatestDir, LatestName} = create_include_files(inc2, Config),
+    ok = file:set_cwd(LatestDir),
+    ok = systools:make_script(LatestName),
+    ok = check_include_script(LatestName,
+			      [t1, t2, t3, t4, t6, t5],
+			      [t1, t3, t6, t5]),
+
+    {_, LatestName1} = create_include_files(inc3, Config),
+    ok = systools:make_script(LatestName1),
+    ok = check_include_script(LatestName1,
+			      [t3, t5, t4, t6, t1, t2],
+			      [t3, t6, t1, t2]),
+
+    {_, LatestName2} = create_include_files(inc4, Config),
+    ok = systools:make_script(LatestName2),
+    ok = check_include_script(LatestName2,
+			      [t3, t4, t6, t5, t1, t2],
+			      [t3, t6, t5, t1, t2]),
+
+    {_, LatestName3} = create_include_files(inc5, Config),
+    ok = systools:make_script(LatestName3),
+    ok = check_include_script(LatestName3,
+			      [t3, t4, t6, t1, t2],
+			      [t3, t6, t1, t2]),
+
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_script
-%%
-included_fail_script(suite) -> [];
-included_fail_script(doc) ->
-    ["Check that make_script handles errors then generating",
-     "script with included applications."];
+%% make_script: Check that make_script handles errors then generating
+%% script with included applications.
 included_fail_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {LatestDir, LatestName} = create_include_files(inc6, Config),
-    ?line ok = file:set_cwd(LatestDir),
-    ?line {error, _, {undefined_applications,[t2]}} =
+    {ok, OldDir} = file:get_cwd(),
+    {LatestDir, LatestName} = create_include_files(inc6, Config),
+    ok = file:set_cwd(LatestDir),
+    {error, _, {undefined_applications,[t2]}} =
 	systools:make_script(LatestName, [silent]),
 
-    ?line {_, LatestName1} = create_include_files(inc7, Config),
-    ?line {error, _, {duplicate_include,[{{t5,t7,_,_},{t5,t6,_,_}}]}} =
+    {_, LatestName1} = create_include_files(inc7, Config),
+    {error, _, {duplicate_include,[{{t5,t7,_,_},{t5,t6,_,_}}]}} =
 	systools:make_script(LatestName1, [silent]),
 
-    ?line {_, LatestName3} = create_include_files(inc9, Config),
-    ?line {error, _, {circular_dependencies,[{t10,_},{t8,_}]}} =
+    {_, LatestName3} = create_include_files(inc9, Config),
+    {error, _, {circular_dependencies,[{t10,_},{t8,_}]}} =
 	systools:make_script(LatestName3, [silent]),
 
-    ?line {_, LatestName4} = create_include_files(inc10, Config),
-    ?line {error, _, [{error_reading,{t9,{override_include,[t7]}}}]} =
+    {_, LatestName4} = create_include_files(inc10, Config),
+    {error, _, [{error_reading,{t9,{override_include,[t7]}}}]} =
 	systools:make_script(LatestName4, [silent]),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_script
-%%
-included_bug_script(suite) -> [];
-included_bug_script(doc) ->
-    ["Check that make_script handles generation of script",
-     "with difficult dependency for included applications."];
+%% make_script: Check that make_script handles generation of script
+%% with difficult dependency for included applications.
 included_bug_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {LatestDir, LatestName} = create_include_files(inc11, Config),
-    ?line ok = file:set_cwd(LatestDir),
-    ?line ok = systools:make_script(LatestName),
-    ?line ok = check_include_script(LatestName,
-				    [t13, t11, t12],
-				    [t11, t12]),
-    ?line ok = file:set_cwd(OldDir),
+    {ok, OldDir} = file:get_cwd(),
+    {LatestDir, LatestName} = create_include_files(inc11, Config),
+    ok = file:set_cwd(LatestDir),
+    ok = systools:make_script(LatestName),
+    ok = check_include_script(LatestName,
+			      [t13, t11, t12],
+			      [t11, t12]),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% make_script
-%%
-otp_3065(suite) -> [];
-otp_3065(doc) ->
-    ["Circular dependencies in systools:make_script()."];
-otp_3065(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {LatestDir, LatestName} = create_include_files(otp_3065, Config),
-    ?line ok = file:set_cwd(LatestDir),
-    ?line ok = systools:make_script(LatestName),
-    ?line ok = check_include_script(LatestName,
-				    [aa12, chAts, chTraffic],
-				    [chTraffic]),
-    ?line ok = file:set_cwd(OldDir),
+%% make_script: Circular dependencies in systools:make_script().
+otp_3065_circular_dependenies(Config) when is_list(Config) ->
+    {ok, OldDir} = file:get_cwd(),
+    {LatestDir, LatestName} =
+	create_include_files(otp_3065_circular_dependenies, Config),
+    ok = file:set_cwd(LatestDir),
+    ok = systools:make_script(LatestName),
+    ok = check_include_script(LatestName,
+			      [aa12, chAts, chTraffic],
+			      [chTraffic]),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% make_script
-%%
-exref_script(suite) -> [];
-exref_script(doc) ->
-    ["Check that make_script exref option works."];
+%% make_script: Check that make_script exref option works.
 exref_script(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line PSAVE = code:get_path(),		% Save path
+    {ok, OldDir} = file:get_cwd(),
+    PSAVE = code:get_path(),		% Save path
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _, _} = systools:make_script(LatestName, [{path,P}, silent]),
+    {ok, _, _} = systools:make_script(LatestName, [{path,P}, silent]),
 
     %% Complete exref
-    ?line {ok, _, W1} = 
+    {ok, _, W1} =
 	systools:make_script(LatestName, [exref, {path,P}, silent]),
-    ?line check_exref_warnings(with_db1, W1),
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
+    check_exref_warnings(with_db1, W1),
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
 
     %% Only exref the db application.
-    ?line {ok, _, W2} =
+    {ok, _, W2} =
 	systools:make_script(LatestName, [{exref,[db]}, {path,P}, silent]),
-    ?line check_exref_warnings(with_db1, W2),
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
+    check_exref_warnings(with_db1, W2),
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
 
     %% Only exref the fe application.
-    ?line {ok, _, W3} =
+    {ok, _, W3} =
 	systools:make_script(LatestName, [{exref,[fe]}, {path,P}, silent]),
-    ?line check_exref_warnings(without_db1, W3),
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
+    check_exref_warnings(without_db1, W3),
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
 
     %% exref the db and stdlib applications.
-    ?line {ok, _, W4} =
+    {ok, _, W4} =
 	systools:make_script(LatestName, [{exref,[db,stdlib]}, {path,P}, silent]),
-    ?line check_exref_warnings(with_db1, W4),
-    ?line {ok, _} = read_script_file(LatestName),	% Check readabillity
-    ?line ok = file:set_cwd(OldDir),
-    ?line code:set_path(PSAVE),			% Restore path
+    check_exref_warnings(with_db1, W4),
+    {ok, _} = read_script_file(LatestName),	% Check readabillity
+    ok = file:set_cwd(OldDir),
+    code:set_path(PSAVE),			% Restore path
     ok.
 
 check_exref_warnings(with_db1, W) ->
@@ -726,11 +671,11 @@ filter({ok, W}) ->
     {ok, filter(W)};
 filter(L) ->
     lists:filter(fun%({hipe_consttab,_,_}) -> false;
-		    ({int,_,_}) -> false;
-		    ({i,_,_}) -> false;
-		    ({crypto,_,_}) -> false;
-		    (_) -> true
-		 end,
+		     ({int,_,_}) -> false;
+		     ({i,_,_}) -> false;
+		     ({crypto,_,_}) -> false;
+		     (_) -> true
+		end,
 		 L).
 
 get_exref1(T, [{warning, {T, Value}}|_]) -> {ok, Value};
@@ -750,197 +695,268 @@ no_hipe({ok, Value}) ->
 	    {ok, Value}
     end.
 
-%% tar_options
-%%
-tar_options(suite) -> [];
-tar_options(doc) ->
-    ["Check illegal tar options."];
+%% tar_options: Check illegal tar options.
 tar_options(Config) when is_list(Config) ->
-    ?line {'EXIT',{{badarg,[{path,["Path",12,"Another"]}]}, _}} =
+    {'EXIT',{{badarg,[{path,["Path",12,"Another"]}]}, _}} =
 	(catch systools:make_tar("release", [{path,["Path",12,"Another"]}])),
-    ?line {'EXIT',{{badarg,[sillent]}, _}} =
+    {'EXIT',{{badarg,[sillent]}, _}} =
 	(catch systools:make_tar("release",
 				 [{path,["Path","Another"]},sillent])),
-    ?line {'EXIT',{{badarg,[{dirs,["dirs"]}]}, _}} =
+    {'EXIT',{{badarg,[{dirs,["dirs"]}]}, _}} =
 	(catch systools:make_tar("release", [{dirs, ["dirs"]}])),
-    ?line {'EXIT',{{badarg,[{erts, illegal}]}, _}} =
+    {'EXIT',{{badarg,[{erts, illegal}]}, _}} =
 	(catch systools:make_tar("release", [{erts, illegal}])),
-    ?line {'EXIT',{{badarg,[src_testsxx]}, _}} =
+    {'EXIT',{{badarg,[src_testsxx]}, _}} =
 	(catch systools:make_tar("release",
 				 [{path,["Path"]},src_testsxx])),
-    ?line {'EXIT',{{badarg,[{variables, [{a, b}, {"a", "b"}]}]}, _}} =
+    {'EXIT',{{badarg,[{variables, [{a, b}, {"a", "b"}]}]}, _}} =
 	(catch systools:make_tar("release",
 				 [{variables, [{a, b}, {"a", "b"}]}])),
-    ?line {'EXIT',{{badarg,[{var_tar, illegal}]}, _}} =
+    {'EXIT',{{badarg,[{var_tar, illegal}]}, _}} =
 	(catch systools:make_tar("release", [{var_tar, illegal}])),
-    ?line {'EXIT',{{badarg,[exreff]}, _}} =
+    {'EXIT',{{badarg,[exreff]}, _}} =
 	(catch systools:make_tar("release",
 				 [{path,["Path","Another"]},exreff])),
-    ?line {'EXIT',{{badarg,[{exref,["appl"]}]}, _}} =
+    {'EXIT',{{badarg,[{exref,["appl"]}]}, _}} =
 	(catch systools:make_tar("release", [{exref,["appl"]}])),
-    ?line {'EXIT',{{badarg,[{machine, "appl"}]}, _}} =
+    {'EXIT',{{badarg,[{machine, "appl"}]}, _}} =
 	(catch systools:make_tar("release", [{machine,"appl"}])),
     ok.
 
 
-%% normal_tar
-%%
-normal_tar(suite) -> [];
-normal_tar(doc) ->
-    ["Check normal case"];
+%% make_tar: Check normal case
 normal_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
-    ?line ok = systools:make_tar(LatestName, [{path, P}]),
-    ?line ok = check_tar(fname([lib,'db-2.1',ebin,'db.app']), LatestName),
-    ?line {ok, _, _} = systools:make_tar(LatestName, [{path, P}, silent]),
-    ?line ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
+    {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
+    ok = systools:make_tar(LatestName, [{path, P}]),
+    ok = check_tar(fname([lib,'db-2.1',ebin,'db.app']), LatestName),
+    {ok, _, _} = systools:make_tar(LatestName, [{path, P}, silent]),
+    ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% no_mod_vsn_tar
-%%
-no_mod_vsn_tar(suite) -> [];
-no_mod_vsn_tar(doc) ->
-    ["Check normal case",
-     "Modules specified without version in .app file (db-3.1)."
-     "Note that this is now the normal way - i.e. systools now "
-     "ignores the module versions in the .app file."];
+%% make_tar: Modules specified without version in .app file (db-3.1).
+%% Note that this is now the normal way - i.e. systools now ignores
+%% the module versions in the .app file.
 no_mod_vsn_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest_no_mod_vsn,Config),
+    {LatestDir, LatestName} = create_script(latest_no_mod_vsn,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-3.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-3.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
-    ?line ok = systools:make_tar(LatestName, [{path, P}]),
-    ?line ok = check_tar(fname([lib,'db-3.1',ebin,'db.app']), LatestName),
-    ?line {ok, _, _} = systools:make_tar(LatestName, [{path, P}, silent]),
-    ?line ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
+    {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
+    ok = systools:make_tar(LatestName, [{path, P}]),
+    ok = check_tar(fname([lib,'db-3.1',ebin,'db.app']), LatestName),
+    {ok, _, _} = systools:make_tar(LatestName, [{path, P}, silent]),
+    ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% variable_tar
-%%
-variable_tar(suite) -> [];
-variable_tar(doc) ->
-    ["Use variable and create separate tar (included in generated tar)."];
+
+%% make_tar: Check that relup or sys.config are included if they exist
+system_files_tar(Config) ->
+    {ok, OldDir} = file:get_cwd(),
+
+    {LatestDir, LatestName} = create_script(latest,Config),
+
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
+
+    ok = file:set_cwd(LatestDir),
+
+    %% Add dummy relup and sys.config
+    ok = file:write_file("sys.config","[].\n"),
+    ok = file:write_file("relup","{\"LATEST\",[],[]}.\n"),
+
+    {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
+    ok = systools:make_tar(LatestName, [{path, P}]),
+    ok = check_tar(fname(["releases","LATEST","sys.config"]), LatestName),
+    ok = check_tar(fname(["releases","LATEST","relup"]), LatestName),
+    {ok, _, _} = systools:make_tar(LatestName, [{path, P}, silent]),
+    ok = check_tar(fname(["releases","LATEST","sys.config"]), LatestName),
+    ok = check_tar(fname(["releases","LATEST","relup"]), LatestName),
+
+    ok = file:set_cwd(OldDir),
+
+    ok.
+
+system_files_tar(cleanup,Config) ->
+    Dir = ?privdir,
+    file:delete(filename:join(Dir,"sys.config")),
+    file:delete(filename:join(Dir,"relup")),
+    ok.
+
+
+%% make_tar: Check that make_tar fails if relup or sys.config exist
+%% but do not have valid content
+invalid_system_files_tar(Config) ->
+    {ok, OldDir} = file:get_cwd(),
+
+    {LatestDir, LatestName} = create_script(latest,Config),
+
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
+
+    ok = file:set_cwd(LatestDir),
+
+    {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
+
+    %% Add dummy relup and sys.config - faulty sys.config
+    ok = file:write_file("sys.config","[]\n"), %!!! syntax error - missing '.'
+    ok = file:write_file("relup","{\"LATEST\",[],[]}.\n"),
+
+    error = systools:make_tar(LatestName, [{path, P}]),
+    {error,_,{tar_error,{add,"sys.config",[{error,_}]}}} =
+	systools:make_tar(LatestName, [{path, P}, silent]),
+
+    %% Add dummy relup and sys.config - faulty sys.config
+    ok = file:write_file("sys.config","[x,y].\n"), %!!! faulty format
+    ok = file:write_file("relup","{\"LATEST\",[],[]}.\n"),
+
+    error = systools:make_tar(LatestName, [{path, P}]),
+    {error,_,{tar_error,{add,"sys.config",[invalid_format]}}} =
+	systools:make_tar(LatestName, [{path, P}, silent]),
+
+    %% Add dummy relup and sys.config - faulty relup
+    ok = file:write_file("sys.config","[]\n"),
+    ok = file:write_file("relup","{\"LATEST\"\n"), %!!! syntax error - truncated
+
+    error = systools:make_tar(LatestName, [{path, P}]),
+    {error,_,{tar_error,{add,"relup",[{error,_}]}}} =
+	systools:make_tar(LatestName, [{path, P}, silent]),
+
+    %% Add dummy relup and sys.config - faulty relup
+    ok = file:write_file("sys.config","[]\n"),
+    ok = file:write_file("relup","[].\n"), %!!! faulty format
+
+    error = systools:make_tar(LatestName, [{path, P}]),
+    {error,_,{tar_error,{add,"relup",[invalid_format]}}} =
+	systools:make_tar(LatestName, [{path, P}, silent]),
+
+    ok = file:set_cwd(OldDir),
+
+    ok.
+
+invalid_system_files_tar(cleanup,Config) ->
+    Dir = ?privdir,
+    file:delete(filename:join(Dir,"sys.config")),
+    file:delete(filename:join(Dir,"relup")),
+    ok.
+
+
+%% make_tar: Use variable and create separate tar (included in generated tar).
 variable_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _, _} = systools:make_script(LatestName,
-					    [silent,
-					     {path, P},
-					     {variables,[{"TEST", LibDir}]}]),
+    {ok, _, _} = systools:make_script(LatestName,
+				      [silent,
+				       {path, P},
+				       {variables,[{"TEST", LibDir}]}]),
 
-    ?line ok = systools:make_tar(LatestName, [{path, P},
-					      {variables,[{"TEST", LibDir}]}]),
-    ?line ok = check_var_tar("TEST", LatestName),
+    ok = systools:make_tar(LatestName, [{path, P},
+					{variables,[{"TEST", LibDir}]}]),
+    ok = check_var_tar("TEST", LatestName),
 
-    ?line {ok, _, _} = systools:make_tar(LatestName,
-					 [{path, P}, silent,
-					  {variables,[{"TEST", LibDir}]}]),
-    ?line ok = check_var_tar("TEST", LatestName),
+    {ok, _, _} = systools:make_tar(LatestName,
+				   [{path, P}, silent,
+				    {variables,[{"TEST", LibDir}]}]),
+    ok = check_var_tar("TEST", LatestName),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% link_tar
-%%
-link_tar(suite) -> [];
-link_tar(doc) ->
-    ["Check that symlinks in applications are handled correctly"];
+%% make_tar: Check that symlinks in applications are handled correctly.
 link_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_links, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_links, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
     %% Make some links
-    ?line Db1Erl = fname(['db-2.1',src,'db1.erl']),
-    ?line NormalDb1Erl = fname([DataDir,d_normal,lib,Db1Erl]),
-    ?line LinkDb1Erl = fname([LibDir, Db1Erl]),
-    ?line ok = file:make_symlink(NormalDb1Erl, LinkDb1Erl),
-    ?line Db1Beam = fname(['db-2.1',ebin,'db1.beam']),
-    ?line NormalDb1Beam = fname([DataDir,d_normal,lib,Db1Beam]),
-    ?line LinkDb1Beam = fname([LibDir, Db1Beam]),
-    ?line ok = file:make_symlink(NormalDb1Beam, LinkDb1Beam),
-    ?line FeApp = fname(['fe-3.1',ebin,'fe.app']),
-    ?line NormalFeApp = fname([DataDir,d_normal,lib,FeApp]),
-    ?line LinkFeApp = fname([LibDir, FeApp]),
-    ?line ok = file:make_symlink(NormalFeApp, LinkFeApp),
-    
+    Db1Erl = fname(['db-2.1',src,'db1.erl']),
+    NormalDb1Erl = fname([DataDir,d_normal,lib,Db1Erl]),
+    LinkDb1Erl = fname([LibDir, Db1Erl]),
+    ok = file:make_symlink(NormalDb1Erl, LinkDb1Erl),
+    Db1Beam = fname(['db-2.1',ebin,'db1.beam']),
+    NormalDb1Beam = fname([DataDir,d_normal,lib,Db1Beam]),
+    LinkDb1Beam = fname([LibDir, Db1Beam]),
+    ok = file:make_symlink(NormalDb1Beam, LinkDb1Beam),
+    FeApp = fname(['fe-3.1',ebin,'fe.app']),
+    NormalFeApp = fname([DataDir,d_normal,lib,FeApp]),
+    LinkFeApp = fname([LibDir, FeApp]),
+    ok = file:make_symlink(NormalFeApp, LinkFeApp),
+
     %% Create the tar and check that the linked files are included as
     %% regular files
-    ?line ok = file:set_cwd(LatestDir),
-
-    ?line {ok,_,[]} = systools:make_script(LatestName, [{path, P},silent]),
-
-    ?line {ok, _, []} = systools:make_tar(LatestName, [{path, P}, silent]),
-    ?line ok = check_tar_regular(?privdir,
-				 [fname([lib,FeApp]),
-				  fname([lib,Db1Beam])],
-				 LatestName),
-    
-    ?line {ok, _, []} = systools:make_tar(LatestName, [{path, P}, silent,
-						       {dirs, [src]}]),
-    ?line ok = check_tar_regular(?privdir,
-				 [fname([lib,FeApp]),
-				  fname([lib,Db1Beam]),
-				  fname([lib,Db1Erl])],
-				 LatestName),
-
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(LatestDir),
+
+    {ok,_,[]} = systools:make_script(LatestName, [{path, P},silent]),
+
+    {ok, _, []} = systools:make_tar(LatestName, [{path, P}, silent]),
+    ok = check_tar_regular(?privdir,
+			   [fname([lib,FeApp]),
+			    fname([lib,Db1Beam])],
+			   LatestName),
+
+    {ok, _, []} = systools:make_tar(LatestName, [{path, P}, silent,
+						 {dirs, [src]}]),
+    ok = check_tar_regular(?privdir,
+			   [fname([lib,FeApp]),
+			    fname([lib,Db1Beam]),
+			    fname([lib,Db1Erl])],
+			   LatestName),
+
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% src_tests_tar
-%%
-src_tests_tar(suite) -> [];
-src_tests_tar(doc) ->
-    ["Do not check date of object file or that source code can be found."];
+%% make_tar: Do not check date of object file or that source code can be found.
 src_tests_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_missing_src, lib]),
-    ?line P1 = fname([LibDir, 'db-2.1', ebin]),
-    ?line P2 = fname([LibDir, 'fe-3.1', ebin]),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_missing_src, lib]),
+    P1 = fname([LibDir, 'db-2.1', ebin]),
+    P2 = fname([LibDir, 'fe-3.1', ebin]),
     P = [P1, P2],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% Manipulate the modification date of a beam file so it seems
     %% older than the .erl file
@@ -950,362 +966,308 @@ src_tests_tar(Config) when is_list(Config) ->
     ok = file:write_file_info(Beam, FileInfo#file_info{mtime={{Y-1,M,D},T}}),
 
     %% Remove a .erl file
-    ?line Erl2 = filename:join([P1,"..","src","db2.erl"]),
-    ?line file:delete(Erl2),
+    Erl2 = filename:join([P1,"..","src","db2.erl"]),
+    file:delete(Erl2),
 
-    ?line ok = systools:make_script(LatestName, [{path, P}]),
+    ok = systools:make_script(LatestName, [{path, P}]),
 
     %% Then make tar - two warnings should be issued when
     %% src_tests is given
     %% 1. old object code for db1.beam
     %% 2. missing source code for db2.beam
-    ?line {ok, _, [{warning,{obj_out_of_date,_}},
-    		   {warning,{source_not_found,_}}]} =
+    {ok, _, [{warning,{obj_out_of_date,_}},
+	     {warning,{source_not_found,_}}]} =
 	systools:make_tar(LatestName, [{path, P}, silent,
 				       {dirs, [src]},
 				       src_tests]),
-    ?line ok = check_tar(fname([lib,'db-2.1',src,'db1.erl']), LatestName),
+    ok = check_tar(fname([lib,'db-2.1',src,'db1.erl']), LatestName),
 
     %% Without the src_tests option, no warning should be issued
-    ?line {ok, _, []} = systools:make_tar(LatestName, [{path, P}, silent,
-						       {dirs, [src]}]),
-    ?line ok = check_tar(fname([lib,'db-2.1',src,'db1.erl']), LatestName),
+    {ok, _, []} = systools:make_tar(LatestName, [{path, P}, silent,
+						 {dirs, [src]}]),
+    ok = check_tar(fname([lib,'db-2.1',src,'db1.erl']), LatestName),
 
     %% Check that the old no_module_tests option (from the time when
     %% it was default to do the src_test) is ignored
-    ?line {ok, _, [{warning,{obj_out_of_date,_}},
-    		   {warning,{source_not_found,_}}]} =
+    {ok, _, [{warning,{obj_out_of_date,_}},
+	     {warning,{source_not_found,_}}]} =
 	systools:make_tar(LatestName, [{path, P}, silent,
 				       {dirs, [src]},
 				       no_module_tests,
 				       src_tests]),
-    ?line ok = check_tar(fname([lib,'db-2.1',src,'db1.erl']), LatestName),
+    ok = check_tar(fname([lib,'db-2.1',src,'db1.erl']), LatestName),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% shadow_tar
-%%
-shadow_tar(suite) -> [];
-shadow_tar(doc) ->
-    ["Check that jam file out of date warning doesn't",
-     "shadow bad module version error."];
-shadow_tar(Config) when is_list(Config) ->
-    % This test has been commented out since the 'vsn' attribute is not used
-    % any more, starting with R6. No warning 'obj_out_of_date' seemed to be
-    % generated.
-    true;
-shadow_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line PSAVE = code:get_path(),		% Save path
-
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
-
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, 'd_bad_mod+warn', lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
-
-    ?line ok = file:set_cwd(LatestDir),
-
-    ?line {error, _, _} = systools:make_tar(LatestName, [{path, P}, silent]),
-    ?line {error, _, _} = systools:make_tar(LatestName, [{path, P}, silent,
-							 {dirs, [src]}]),
-    ?line ok = file:set_cwd(OldDir),
-    ?line code:set_path(PSAVE),
-    ok.
 
-
-%% var_tar
-%%
-var_tar(suite) -> [];
-var_tar(doc) ->
-    ["Check that make_tar handles generation and placement of tar",
-     "files for variables outside the main tar file.",
-     "Test the {var_tar, include | ownfile | omit} option."];
+%% make_tar: Check that make_tar handles generation and placement of
+%% tar files for variables outside the main tar file.
+%% Test the {var_tar, include | ownfile | omit} optio.
 var_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line PSAVE = code:get_path(),		% Save path
+    {ok, OldDir} = file:get_cwd(),
+    PSAVE = code:get_path(),		% Save path
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _, _} = systools:make_script(LatestName,
-					    [silent,
-					     {path, P},
-					     {variables,[{"TEST", LibDir}]}]),
+    {ok, _, _} = systools:make_script(LatestName,
+				      [silent,
+				       {path, P},
+				       {variables,[{"TEST", LibDir}]}]),
 
-    ?line ok = systools:make_tar(LatestName, [{path, P},
-					      {var_tar, ownfile},
-					      {variables,[{"TEST", LibDir}]}]),
+    ok = systools:make_tar(LatestName, [{path, P},
+					{var_tar, ownfile},
+					{variables,[{"TEST", LibDir}]}]),
 
-    ?line true = exists_tar_file("TEST"), %% Also removes the file !
-    ?line {error, {not_generated, _}} = check_var_tar("TEST", LatestName),
+    true = exists_tar_file("TEST"), %% Also removes the file !
+    {error, {not_generated, _}} = check_var_tar("TEST", LatestName),
 
-    ?line ok = systools:make_tar(LatestName, [{path, P},
-					      {var_tar, omit},
-					      {variables,[{"TEST", LibDir}]}]),
+    ok = systools:make_tar(LatestName, [{path, P},
+					{var_tar, omit},
+					{variables,[{"TEST", LibDir}]}]),
 
-    ?line {error, {not_generated, _}} = check_var_tar("TEST", LatestName),
-    ?line false = exists_tar_file("TEST"),
+    {error, {not_generated, _}} = check_var_tar("TEST", LatestName),
+    false = exists_tar_file("TEST"),
 
-    ?line ok = systools:make_tar(LatestName, [{path, P},
-					      {var_tar, include},
-					      {variables,[{"TEST", LibDir}]}]),
+    ok = systools:make_tar(LatestName, [{path, P},
+					{var_tar, include},
+					{variables,[{"TEST", LibDir}]}]),
 
-    ?line ok = check_var_tar("TEST", LatestName),
-    ?line false = exists_tar_file("TEST"),
+    ok = check_var_tar("TEST", LatestName),
+    false = exists_tar_file("TEST"),
 
-    ?line ok = file:set_cwd(OldDir),
-    ?line code:set_path(PSAVE),
+    ok = file:set_cwd(OldDir),
+    code:set_path(PSAVE),
     ok.
 
 
-%% exref_tar
-%%
-exref_tar(suite) -> [];
-exref_tar(doc) ->
-    ["Check exref option."];
+%% make_tar: Check exref option.
 exref_tar(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest,Config),
+    {LatestDir, LatestName} = create_script(latest,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
-    ?line {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
+    {ok, _, _} = systools:make_script(LatestName, [silent, {path, P}]),
 
     %% Complete exref
-    ?line {ok, _, W1} =
+    {ok, _, W1} =
 	systools:make_tar(LatestName, [exref, {path, P}, silent]),
-    ?line check_exref_warnings(with_db1, W1),
-    ?line ok = check_tar(fname([lib,'db-2.1',ebin,'db.app']), LatestName),
+    check_exref_warnings(with_db1, W1),
+    ok = check_tar(fname([lib,'db-2.1',ebin,'db.app']), LatestName),
 
     %% Only exref the db application.
-    ?line {ok, _, W2} =
+    {ok, _, W2} =
 	systools:make_tar(LatestName, [{exref, [db]}, {path, P}, silent]),
-    ?line check_exref_warnings(with_db1, W2),
-    ?line ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
+    check_exref_warnings(with_db1, W2),
+    ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
 
     %% Only exref the fe application.
-    ?line {ok, _, W3} =
+    {ok, _, W3} =
 	systools:make_tar(LatestName, [{exref, [fe]}, {path, P}, silent]),
-    ?line check_exref_warnings(without_db1, W3),
-    ?line ok = check_tar(fname([lib,'db-2.1',ebin,'db.app']), LatestName),
+    check_exref_warnings(without_db1, W3),
+    ok = check_tar(fname([lib,'db-2.1',ebin,'db.app']), LatestName),
 
     %% exref the db and stdlib applications.
-    ?line {ok, _, W4} =
+    {ok, _, W4} =
 	systools:make_tar(LatestName, [{exref, [db, stdlib]},
 				       {path, P}, silent]),
-    ?line check_exref_warnings(with_db1, W4),
-    ?line ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
+    check_exref_warnings(with_db1, W4),
+    ok = check_tar(fname([lib,'fe-3.1',ebin,'fe.app']), LatestName),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
 
-%% otp_9507
-%%
-otp_9507(suite) -> [];
-otp_9507(doc) ->
-    ["make_tar failed when path given as just 'ebin'."];
-otp_9507(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+%% make_tar: OTP-9507 - make_tar failed when path given as just 'ebin'.
+otp_9507_path_ebin(Config) when is_list(Config) ->
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir, LatestName} = create_script(latest_small,Config),
+    {LatestDir, LatestName} = create_script(latest_small,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line FeDir = fname([LibDir, 'fe-3.1']),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    FeDir = fname([LibDir, 'fe-3.1']),
 
-    ?line ok = file:set_cwd(FeDir),
+    ok = file:set_cwd(FeDir),
 
     RelName = fname([LatestDir,LatestName]),
 
-    ?line P1 = ["./ebin",
-		fname([DataDir, lib, kernel, ebin]),
-		fname([DataDir, lib, stdlib, ebin]),
-		fname([DataDir, lib, sasl, ebin])],
-    ?line {ok, _, _} = systools:make_script(RelName, [silent, {path, P1}]),
-    ?line ok = systools:make_tar(RelName, [{path, P1}]),
-    ?line Content1 = tar_contents(RelName),
+    P1 = ["./ebin",
+	  fname([DataDir, lib, kernel, ebin]),
+	  fname([DataDir, lib, stdlib, ebin]),
+	  fname([DataDir, lib, sasl, ebin])],
+    {ok, _, _} = systools:make_script(RelName, [silent, {path, P1}]),
+    ok = systools:make_tar(RelName, [{path, P1}]),
+    Content1 = tar_contents(RelName),
 
-    ?line P2 = ["ebin",
-		fname([DataDir, lib, kernel, ebin]),
-		fname([DataDir, lib, stdlib, ebin]),
-		fname([DataDir, lib, sasl, ebin])],
+    P2 = ["ebin",
+	  fname([DataDir, lib, kernel, ebin]),
+	  fname([DataDir, lib, stdlib, ebin]),
+	  fname([DataDir, lib, sasl, ebin])],
 
     %% Tickets solves the following line - it used to fail with
     %% {function_clause,[{filename,join,[[]]},...}
-    ?line ok = systools:make_tar(RelName, [{path, P2}]),
-    ?line Content2 = tar_contents(RelName),
+    ok = systools:make_tar(RelName, [{path, P2}]),
+    Content2 = tar_contents(RelName),
     true = (Content1 == Content2),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
 
     ok.
 
 
-%% The relup stuff.
-%%
-%%
-
-
-%% make_relup
-%%
-normal_relup(suite) -> [];
-normal_relup(doc) ->
-    ["Check normal case"];
+%% make_relup: Check normal case
 normal_relup(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir,LatestName}   = create_script(latest0,Config),
-    ?line {_LatestDir1,LatestName1} = create_script(latest1,Config),
-    ?line {_LatestDir2,LatestName2} = create_script(latest2,Config),
+    {LatestDir,LatestName}   = create_script(latest0,Config),
+    {_LatestDir1,LatestName1} = create_script(latest1,Config),
+    {_LatestDir2,LatestName2} = create_script(latest2,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = [fname([DataDir, d_normal, lib])],
-    ?line P = [fname([LibDir, '*', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% This is the ultra normal case
-    ?line ok = systools:make_relup(LatestName, [LatestName1], [LatestName1],
-				   [{path, P}]),
-    ?line ok = check_relup([{db, "2.1"}], [{db, "1.0"}]),
-    ?line {ok, _, _, []} =
+    ok = systools:make_relup(LatestName, [LatestName1], [LatestName1],
+			     [{path, P}]),
+    ok = check_relup([{db, "2.1"}], [{db, "1.0"}]),
+    {ok, _, _, []} =
 	systools:make_relup(LatestName, [LatestName1], [LatestName1],
 			    [{path, P}, silent]),
-    ?line ok = check_relup([{db, "2.1"}], [{db, "1.0"}]),
+    ok = check_relup([{db, "2.1"}], [{db, "1.0"}]),
 
     %% file should not be written if warnings_as_errors is enabled.
     %% delete before running tests.
-    ?line ok = file:delete("relup"),
+    ok = file:delete("relup"),
 
     %% Check that warnings are treated as errors
-    ?line error =
+    error =
 	systools:make_relup(LatestName, [LatestName2], [LatestName1],
 			    [{path, P}, warnings_as_errors]),
-    ?line error =
+    error =
 	systools:make_relup(LatestName, [LatestName2], [LatestName1],
 			    [{path, P}, silent, warnings_as_errors]),
 
     %% relup file should not exist
-    ?line false = filelib:is_regular("relup"),
+    false = filelib:is_regular("relup"),
 
     %% Check that warnings get through
-    ?line ok = systools:make_relup(LatestName, [LatestName2], [LatestName1],
-				   [{path, P}]),
-    ?line ok = check_relup([{fe, "3.1"}, {db, "2.1"}], [{db, "1.0"}]),
-    ?line {ok, _, _, [pre_R15_emulator_upgrade,{erts_vsn_changed, _}]} =
+    ok = systools:make_relup(LatestName, [LatestName2], [LatestName1],
+			     [{path, P}]),
+    ok = check_relup([{fe, "3.1"}, {db, "2.1"}], [{db, "1.0"}]),
+    {ok, _, _, [pre_R15_emulator_upgrade,{erts_vsn_changed, _}]} =
 	systools:make_relup(LatestName, [LatestName2], [LatestName1],
 			    [{path, P}, silent]),
-    ?line ok = check_relup([{fe, "3.1"}, {db, "2.1"}], [{db, "1.0"}]),
+    ok = check_relup([{fe, "3.1"}, {db, "2.1"}], [{db, "1.0"}]),
 
     %% relup file should exist now
-    ?line true = filelib:is_regular("relup"),
+    true = filelib:is_regular("relup"),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-restart_relup(suite) -> [];
-restart_relup(doc) ->
-    ["Test relup which includes emulator restart"];
+%% make_relup: Test relup which includes emulator restart.
 restart_relup(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir,LatestName}   = create_script(latest0,Config),
-    ?line {_LatestDir1,LatestName1} = create_script(latest1,Config),
-    ?line {_LatestDir0CurrErts,LatestName0CurrErts} =
+    {LatestDir,LatestName}   = create_script(latest0,Config),
+    {_LatestDir1,LatestName1} = create_script(latest1,Config),
+    {_LatestDir0CurrErts,LatestName0CurrErts} =
 	create_script(latest0_current_erts,Config),
-    ?line {_CurrentAllDir,CurrentAllName} = create_script(current_all,Config),
-    ?line {_CurrentAllFutErtsDir,CurrentAllFutErtsName} =
+    {_CurrentAllDir,CurrentAllName} = create_script(current_all,Config),
+    {_CurrentAllFutErtsDir,CurrentAllFutErtsName} =
 	create_script(current_all_future_erts,Config),
-    ?line {_CurrentAllFutSaslDir,CurrentAllFutSaslName} =
+    {_CurrentAllFutSaslDir,CurrentAllFutSaslName} =
 	create_script(current_all_future_sasl,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = [fname([DataDir, d_normal, lib])],
-    ?line P = [fname([LibDir, '*', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin]),
-	       fname([DataDir, lib, 'sasl-9.9', ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin]),
+	 fname([DataDir, lib, 'sasl-9.9', ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% OTP-2561: Check that the option 'restart_emulator' generates a
     %% "restart_emulator" instruction.
-    ?line {ok, _ , _, []} =
-         systools:make_relup(LatestName, [LatestName1], [LatestName1],
-			     [{path, P},restart_emulator,silent]),
-    ?line ok = check_relup([{db, "2.1"}], [{db, "1.0"}]),
-    ?line ok = check_restart_emulator(),
+    {ok, _ , _, []} =
+	systools:make_relup(LatestName, [LatestName1], [LatestName1],
+			    [{path, P},restart_emulator,silent]),
+    ok = check_relup([{db, "2.1"}], [{db, "1.0"}]),
+    ok = check_restart_emulator(),
 
 
     %% Pre-R15 to Post-R15 upgrade
-    ?line {ok, _ , _, Ws} =
-         systools:make_relup(LatestName0CurrErts,
-			     [LatestName1],
-			     [LatestName1],
-			     [{path, P},silent]),
-    ?line ok = check_relup([{db,"2.1"}], [{db, "1.0"}]),
-    ?line ok = check_pre_to_post_r15_restart_emulator(),
-    ?line ok = check_pre_to_post_r15_warnings(Ws),
+    {ok, _ , _, Ws} =
+	systools:make_relup(LatestName0CurrErts,
+			    [LatestName1],
+			    [LatestName1],
+			    [{path, P},silent]),
+    ok = check_relup([{db,"2.1"}], [{db, "1.0"}]),
+    ok = check_pre_to_post_r15_restart_emulator(),
+    ok = check_pre_to_post_r15_warnings(Ws),
 
 
     %% Check that new sasl version generates a restart_new_emulator
     %% instruction
-    ?line {ok, _ , _, []} =
-         systools:make_relup(CurrentAllFutSaslName,
-			     [CurrentAllName],
-			     [CurrentAllName],
-			     [{path, P},silent]),
-    ?line ok = check_relup([{fe, "3.1"}], []),
-    ?line ok = check_restart_emulator_diff_coreapp(),
+    {ok, _ , _, []} =
+	systools:make_relup(CurrentAllFutSaslName,
+			    [CurrentAllName],
+			    [CurrentAllName],
+			    [{path, P},silent]),
+    ok = check_relup([{fe, "3.1"}], []),
+    ok = check_restart_emulator_diff_coreapp(),
 
 
     %% Check that new erts version generates a restart_new_emulator
     %% instruction, if FromSaslVsn >= R15SaslVsn
     %% (One erts_vsn_changed warning for upgrade and one for downgrade)
-    ?line {ok, _ , _, [{erts_vsn_changed,_},{erts_vsn_changed,_}]} =
-         systools:make_relup(CurrentAllFutErtsName,
-			     [CurrentAllName],
-			     [CurrentAllName],
-			     [{path, P},silent]),
-    ?line ok = check_relup([{fe, "3.1"}], []),
-    ?line ok = check_restart_emulator_diff_coreapp(),
+    {ok, _ , _, [{erts_vsn_changed,_},{erts_vsn_changed,_}]} =
+	systools:make_relup(CurrentAllFutErtsName,
+			    [CurrentAllName],
+			    [CurrentAllName],
+			    [{path, P},silent]),
+    ok = check_relup([{fe, "3.1"}], []),
+    ok = check_restart_emulator_diff_coreapp(),
 
 
     %% Check that new erts version generates a restart_new_emulator
     %% instruction, and can be combined with restart_emulator opt.
     %% (One erts_vsn_changed warning for upgrade and one for downgrade)
-    ?line {ok, _ , _, [{erts_vsn_changed,_},{erts_vsn_changed,_}]} =
-         systools:make_relup(CurrentAllFutErtsName,
-			     [CurrentAllName],
-			     [CurrentAllName],
-			     [{path, P},restart_emulator,silent]),
-    ?line ok = check_relup([{fe, "3.1"}], []),
-    ?line ok = check_restart_emulator(),
-    ?line ok = check_restart_emulator_diff_coreapp(),
-
-    ?line ok = file:set_cwd(OldDir),
+    {ok, _ , _, [{erts_vsn_changed,_},{erts_vsn_changed,_}]} =
+	systools:make_relup(CurrentAllFutErtsName,
+			    [CurrentAllName],
+			    [CurrentAllName],
+			    [{path, P},restart_emulator,silent]),
+    ok = check_relup([{fe, "3.1"}], []),
+    ok = check_restart_emulator(),
+    ok = check_restart_emulator_diff_coreapp(),
+
+    ok = file:set_cwd(OldDir),
     ok.
 
 
@@ -1361,293 +1323,276 @@ check_pre_to_post_r15_warnings(Ws) ->
     true = lists:member(pre_R15_emulator_upgrade,Ws),
     ok.
 
-%% make_relup
-%%
-no_appup_relup(suite) -> [];
-no_appup_relup(doc) ->
-    ["Check that appup files may be missing, but only if we don't need them."];
+%% make_relup: Check that appup files may be missing, but only if we
+%% don't need them.
 no_appup_relup(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir,LatestName}   = create_script(latest_small,Config),
-    ?line {_LatestDir0,LatestName0} = create_script(latest_small0,Config),
-    ?line {_LatestDir1,LatestName1} = create_script(latest_small1,Config),
+    {LatestDir,LatestName}   = create_script(latest_small,Config),
+    {_LatestDir0,LatestName0} = create_script(latest_small0,Config),
+    {_LatestDir1,LatestName1} = create_script(latest_small1,Config),
 
-    ?line DataDir = filename:absname(?copydir),
+    DataDir = filename:absname(?copydir),
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% Check that appup might be missing
-    ?line P1 = [fname([DataDir, d_no_appup, lib, 'fe-3.1', ebin]),
-		fname([DataDir, lib, kernel, ebin]),
-		fname([DataDir, lib, stdlib, ebin]),
-		fname([DataDir, lib, sasl, ebin])],
-    ?line ok =
+    P1 = [fname([DataDir, d_no_appup, lib, 'fe-3.1', ebin]),
+	  fname([DataDir, lib, kernel, ebin]),
+	  fname([DataDir, lib, stdlib, ebin]),
+	  fname([DataDir, lib, sasl, ebin])],
+    ok =
 	systools:make_relup(LatestName, [LatestName], [], [{path, P1}]),
-    ?line {ok,_, _, []} =
+    {ok,_, _, []} =
 	systools:make_relup(LatestName, [LatestName], [],
 			    [silent, {path, P1}]),
 
     %% Check that appup might NOT be missing when we need it
-    ?line P2 = [fname([DataDir, d_no_appup, lib, 'fe-3.1', ebin]),
-		fname([DataDir, d_no_appup, lib, 'fe-2.1', ebin]),
-		fname([DataDir, lib, kernel, ebin]),
-		fname([DataDir, lib, stdlib, ebin]),
-		fname([DataDir, lib, sasl, ebin])],
-    ?line error =
+    P2 = [fname([DataDir, d_no_appup, lib, 'fe-3.1', ebin]),
+	  fname([DataDir, d_no_appup, lib, 'fe-2.1', ebin]),
+	  fname([DataDir, lib, kernel, ebin]),
+	  fname([DataDir, lib, stdlib, ebin]),
+	  fname([DataDir, lib, sasl, ebin])],
+    error =
 	systools:make_relup(LatestName, [LatestName0], [], [{path, P2}]),
-    ?line {error,_,{file_problem, {_,{error,{open,_,_}}}}} =
+    {error,_,{file_problem, {_,{error,{open,_,_}}}}} =
 	systools:make_relup(LatestName, [], [LatestName0],
 			    [silent, {path, P2}]),
 
     %% Check that appups missing vsn traps
-    ?line P3 = [fname([DataDir, d_no_appup, lib, 'fe-2.1', ebin]),
-		fname([DataDir, d_no_appup, lib, 'fe-500.18.7', ebin]),
-		fname([DataDir, lib, kernel, ebin]),
-		fname([DataDir, lib, stdlib, ebin]),
-		fname([DataDir, lib, sasl, ebin])],
+    P3 = [fname([DataDir, d_no_appup, lib, 'fe-2.1', ebin]),
+	  fname([DataDir, d_no_appup, lib, 'fe-500.18.7', ebin]),
+	  fname([DataDir, lib, kernel, ebin]),
+	  fname([DataDir, lib, stdlib, ebin]),
+	  fname([DataDir, lib, sasl, ebin])],
 
-    ?line error =
+    error =
 	systools:make_relup(LatestName0, [LatestName1], [], [{path, P3}]),
-    ?line {error,_,{no_relup, _, _, _}} =
+    {error,_,{no_relup, _, _, _}} =
 	systools:make_relup(LatestName0, [], [LatestName1],
 			    [silent, {path, P3}]),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_relup
-%%
-bad_appup_relup(suite) -> [];
-bad_appup_relup(doc) ->
-    ["Check that badly written appup files are detected"];
+%% make_relup: Check that badly written appup files are detected.
 bad_appup_relup(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir,LatestName}   = create_script(latest_small,Config),
-    ?line {_LatestDir0,LatestName0} = create_script(latest_small0,Config),
+    {LatestDir,LatestName}   = create_script(latest_small,Config),
+    {_LatestDir0,LatestName0} = create_script(latest_small0,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line N2 = [fname([DataDir, d_bad_appup, lib, 'fe-3.1', ebin]),
-		fname([DataDir, d_bad_appup, lib, 'fe-2.1', ebin]),
-		fname([DataDir, lib, kernel, ebin]),
-		fname([DataDir, lib, stdlib, ebin]),
-		fname([DataDir, lib, sasl, ebin])],
+    DataDir = filename:absname(?copydir),
+    N2 = [fname([DataDir, d_bad_appup, lib, 'fe-3.1', ebin]),
+	  fname([DataDir, d_bad_appup, lib, 'fe-2.1', ebin]),
+	  fname([DataDir, lib, kernel, ebin]),
+	  fname([DataDir, lib, stdlib, ebin]),
+	  fname([DataDir, lib, sasl, ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% Check that bad appup is trapped
-    ?line error =
+    error =
 	systools:make_relup(LatestName, [LatestName0], [], [{path, N2}]),
-    ?line {error,_,{file_problem, {_, {error, {parse,_, _}}}}} =
+    {error,_,{file_problem, {_, {error, {parse,_, _}}}}} =
 	systools:make_relup(LatestName, [], [LatestName0],
 			    [silent, {path, N2}]),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
-%% make_relup
-%%
-abnormal_relup(suite) -> [];
-abnormal_relup(doc) ->
-    ["Check some abnormal cases"];
+%% make_relup: Check some abnormal cases.
 abnormal_relup(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir,LatestName}   = create_script(latest0,Config),
-    ?line {_LatestDir1,LatestName1} = create_script(latest1,Config),
+    {LatestDir,LatestName}   = create_script(latest0,Config),
+    {_LatestDir1,LatestName1} = create_script(latest1,Config),
 
     %% Check wrong app vsn
-    ?line DataDir = filename:absname(?copydir),
-    ?line P = [fname([DataDir, d_bad_app_vsn, lib, 'db-2.1', ebin]),
-	       fname([DataDir, d_bad_app_vsn, lib, 'fe-3.1', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin])],
-    
-    ?line ok = file:set_cwd(LatestDir),
-
-    ?line error = systools:make_relup(LatestName, [LatestName1], [LatestName1],
-				      [{path, P}]),
-    ?line R0 = systools:make_relup(LatestName, [LatestName1], [LatestName1],
-			      [silent, {path, P}]),
-    ?line {error,systools_make,
-	     [{error_reading,{db,{no_valid_version,
-				  {{"should be","2.1"},
-				   {"found file", _, "2.0"}}}}}]} = R0,
-    ?line ok = file:set_cwd(OldDir),
+    DataDir = filename:absname(?copydir),
+    P = [fname([DataDir, d_bad_app_vsn, lib, 'db-2.1', ebin]),
+	 fname([DataDir, d_bad_app_vsn, lib, 'fe-3.1', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
+
+    ok = file:set_cwd(LatestDir),
+
+    error = systools:make_relup(LatestName, [LatestName1], [LatestName1],
+				[{path, P}]),
+    R0 = systools:make_relup(LatestName, [LatestName1], [LatestName1],
+			     [silent, {path, P}]),
+    {error,systools_make,
+     [{error_reading,{db,{no_valid_version,
+			  {{"should be","2.1"},
+			   {"found file", _, "2.0"}}}}}]} = R0,
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% make_relup
-%%
-no_sasl_relup(suite) -> [];
-no_sasl_relup(doc) ->
-    ["Check relup can not be created is sasl is not in rel file"];
+%% make_relup: Check relup can not be created is sasl is not in rel file.
 no_sasl_relup(Config) when is_list(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {Dir1,Name1} = create_script(latest1_no_sasl,Config),
-    ?line {_Dir2,Name2} = create_script(latest1,Config),
+    {ok, OldDir} = file:get_cwd(),
+    {Dir1,Name1} = create_script(latest1_no_sasl,Config),
+    {_Dir2,Name2} = create_script(latest1,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = [fname([DataDir, d_normal, lib])],
-    ?line P = [fname([LibDir, '*', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
 
-    ?line ok = file:set_cwd(Dir1),
+    ok = file:set_cwd(Dir1),
 
-    ?line error = systools:make_relup(Name2, [Name1], [Name1], [{path, P}]),
-    ?line R1 = systools:make_relup(Name2, [Name1], [Name1],[silent, {path, P}]),
-    ?line {error,systools_relup,{missing_sasl,_}} = R1,
+    error = systools:make_relup(Name2, [Name1], [Name1], [{path, P}]),
+    R1 = systools:make_relup(Name2, [Name1], [Name1],[silent, {path, P}]),
+    {error,systools_relup,{missing_sasl,_}} = R1,
 
-    ?line error = systools:make_relup(Name1, [Name2], [Name2], [{path, P}]),
-    ?line R2 = systools:make_relup(Name1, [Name2], [Name2],[silent, {path, P}]),
-    ?line {error,systools_relup,{missing_sasl,_}} = R2,
+    error = systools:make_relup(Name1, [Name2], [Name2], [{path, P}]),
+    R2 = systools:make_relup(Name1, [Name2], [Name2],[silent, {path, P}]),
+    {error,systools_relup,{missing_sasl,_}} = R2,
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
-%% Check that application start type is used in relup
-app_start_type_relup(suite) ->
-    [];
-app_start_type_relup(doc) ->
-    ["Release upgrade file with various application start types"];
+%% make_relup: Check that application start type is used in relup
 app_start_type_relup(Config) when is_list(Config) ->
-    ?line PrivDir = ?config(priv_dir, Config),
-    ?line {Dir1,Name1} = create_script(latest_app_start_type1,Config),
-    ?line {Dir2,Name2} = create_script(latest_app_start_type2,Config),
-    ?line Release1 = filename:join(Dir1,Name1),
-    ?line Release2 = filename:join(Dir2,Name2),
-
-    ?line {ok, Release2Relup, systools_relup, []} = systools:make_relup(Release2, [Release1], [Release1], [{outdir, PrivDir}, silent]),
-    ?line {"LATEST_APP_START_TYPE2",
-	   [{"LATEST_APP_START_TYPE1",[], UpInstructions}],
-	   [{"LATEST_APP_START_TYPE1",[], DownInstructions}]} = Release2Relup,
+    PrivDir = ?config(priv_dir, Config),
+    {Dir1,Name1} = create_script(latest_app_start_type1,Config),
+    {Dir2,Name2} = create_script(latest_app_start_type2,Config),
+    Release1 = filename:join(Dir1,Name1),
+    Release2 = filename:join(Dir2,Name2),
+
+    {ok, Release2Relup, systools_relup, []} = systools:make_relup(Release2, [Release1], [Release1], [{outdir, PrivDir}, silent]),
+    {"LATEST_APP_START_TYPE2",
+     [{"LATEST_APP_START_TYPE1",[], UpInstructions}],
+     [{"LATEST_APP_START_TYPE1",[], DownInstructions}]} = Release2Relup,
     %% ?t:format("Up: ~p",[UpInstructions]),
     %% ?t:format("Dn: ~p",[DownInstructions]),
-    ?line [{load_object_code, {mnesia, _, _}},
-           {load_object_code, {runtime_tools, _, _}},
-           {load_object_code, {webtool, _, _}},
-           {load_object_code, {snmp, _, _}},
-           {load_object_code, {xmerl, _, _}},
-           point_of_no_return
-           | UpInstructionsT] = UpInstructions,
-    ?line true = lists:member({apply,{application,start,[mnesia,permanent]}}, UpInstructionsT),
-    ?line true = lists:member({apply,{application,start,[runtime_tools,transient]}}, UpInstructionsT),
-    ?line true = lists:member({apply,{application,start,[webtool,temporary]}}, UpInstructionsT),
-    ?line true = lists:member({apply,{application,load,[snmp]}}, UpInstructionsT),
-    ?line false = lists:any(fun({apply,{application,_,[xmerl|_]}}) -> true; (_) -> false end, UpInstructionsT),
-    ?line [point_of_no_return | DownInstructionsT] = DownInstructions,
-    ?line true = lists:member({apply,{application,stop,[mnesia]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,stop,[runtime_tools]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,stop,[webtool]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,stop,[snmp]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,stop,[xmerl]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,unload,[mnesia]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,unload,[runtime_tools]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,unload,[webtool]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,unload,[snmp]}}, DownInstructionsT),
-    ?line true = lists:member({apply,{application,unload,[xmerl]}}, DownInstructionsT),
+    [{load_object_code, {mnesia, _, _}},
+     {load_object_code, {runtime_tools, _, _}},
+     {load_object_code, {webtool, _, _}},
+     {load_object_code, {snmp, _, _}},
+     {load_object_code, {xmerl, _, _}},
+     point_of_no_return
+     | UpInstructionsT] = UpInstructions,
+    true = lists:member({apply,{application,start,[mnesia,permanent]}}, UpInstructionsT),
+    true = lists:member({apply,{application,start,[runtime_tools,transient]}}, UpInstructionsT),
+    true = lists:member({apply,{application,start,[webtool,temporary]}}, UpInstructionsT),
+    true = lists:member({apply,{application,load,[snmp]}}, UpInstructionsT),
+    false = lists:any(fun({apply,{application,_,[xmerl|_]}}) -> true; (_) -> false end, UpInstructionsT),
+    [point_of_no_return | DownInstructionsT] = DownInstructions,
+    true = lists:member({apply,{application,stop,[mnesia]}}, DownInstructionsT),
+    true = lists:member({apply,{application,stop,[runtime_tools]}}, DownInstructionsT),
+    true = lists:member({apply,{application,stop,[webtool]}}, DownInstructionsT),
+    true = lists:member({apply,{application,stop,[snmp]}}, DownInstructionsT),
+    true = lists:member({apply,{application,stop,[xmerl]}}, DownInstructionsT),
+    true = lists:member({apply,{application,unload,[mnesia]}}, DownInstructionsT),
+    true = lists:member({apply,{application,unload,[runtime_tools]}}, DownInstructionsT),
+    true = lists:member({apply,{application,unload,[webtool]}}, DownInstructionsT),
+    true = lists:member({apply,{application,unload,[snmp]}}, DownInstructionsT),
+    true = lists:member({apply,{application,unload,[xmerl]}}, DownInstructionsT),
     ok.
 
 
-%% regexp_relup
+%% make_relup: Check that regexp can be used in .appup for UpFromVsn
+%% and DownToVsn.
 regexp_relup(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
 
-    ?line {LatestDir,LatestName}   = create_script(latest_small,Config),
-    ?line {_LatestDir0,LatestName0} = create_script(latest_small0,Config),
-    ?line {_LatestDir1,LatestName1} = create_script(latest_small2,Config),
+    {LatestDir,LatestName}   = create_script(latest_small,Config),
+    {_LatestDir0,LatestName0} = create_script(latest_small0,Config),
+    {_LatestDir1,LatestName1} = create_script(latest_small2,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line P = [fname([DataDir, d_regexp_appup, lib, '*', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin])],
+    DataDir = filename:absname(?copydir),
+    P = [fname([DataDir, d_regexp_appup, lib, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
 
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(LatestDir),
 
     %% Upgrade fe 2.1 -> 3.1, and downgrade 2.1 -> 3.1
     %% Shall match the first entry if fe-3.1 appup.
-    ?line {ok, _, _, []} =
+    {ok, _, _, []} =
 	systools:make_relup(LatestName, [LatestName0], [LatestName0],
 			    [{path, P}, silent]),
-    ?line ok = check_relup([{fe, "3.1"}], [{fe, "2.1"}]),
+    ok = check_relup([{fe, "3.1"}], [{fe, "2.1"}]),
 
     %% Upgrade fe 2.1.1 -> 3.1
     %% Shall match the second entry in fe-3.1 appup. Have added a
     %% restart_emulator instruction there to distinguish it from
     %% the first entry...
-    ?line {ok, _, _, []} =
+    {ok, _, _, []} =
 	systools:make_relup(LatestName, [LatestName1], [], [{path, P}, silent]),
-    ?line ok = check_relup_up_only([{fe, "3.1"}]),
-    ?line ok = check_restart_emulator_up_only(),
+    ok = check_relup_up_only([{fe, "3.1"}]),
+    ok = check_restart_emulator_up_only(),
 
     %% Attempt downgrade fe 3.1 -> 2.1.1
     %% Shall not match any entry!!
-    ?line {error,systools_relup,{no_relup,_,_,_}} =
+    {error,systools_relup,{no_relup,_,_,_}} =
 	systools:make_relup(LatestName, [], [LatestName1], [{path, P}, silent]),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
 
     ok.
 
 
+%% make_hybrid_boot: Normal case.
 %% For upgrade of erts - create a boot file which is a hybrid between
 %% old and new release - i.e. starts erts, kernel, stdlib, sasl from
 %% new release, all other apps from old release.
 normal_hybrid(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {Dir1,Name1} = create_script(latest1,Config),
-    ?line {_Dir2,Name2} = create_script(current_all,Config),
+    {ok, OldDir} = file:get_cwd(),
+    {Dir1,Name1} = create_script(latest1,Config),
+    {_Dir2,Name2} = create_script(current_all,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = [fname([DataDir, d_normal, lib])],
-    ?line P = [fname([LibDir, '*', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
 
-    ?line ok = file:set_cwd(Dir1),
+    ok = file:set_cwd(Dir1),
 
-    ?line {ok, _ , []} = systools:make_script(Name1,[{path, P},silent]),
-    ?line {ok, _ , []} = systools:make_script(Name2,[{path, P},silent]),
-    ?line {ok,Boot1} = file:read_file(Name1 ++ ".boot"),
-    ?line {ok,Boot2} = file:read_file(Name2 ++ ".boot"),
+    {ok, _ , []} = systools:make_script(Name1,[{path, P},silent]),
+    {ok, _ , []} = systools:make_script(Name2,[{path, P},silent]),
+    {ok,Boot1} = file:read_file(Name1 ++ ".boot"),
+    {ok,Boot2} = file:read_file(Name2 ++ ".boot"),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
 
-    ?line BasePaths = {"testkernelpath","teststdlibpath","testsaslpath"},
-    ?line {ok,Hybrid} = systools_make:make_hybrid_boot("tmp_vsn",Boot1,Boot2,
-						       BasePaths, [dummy,args]),
+    BasePaths = {"testkernelpath","teststdlibpath","testsaslpath"},
+    {ok,Hybrid} = systools_make:make_hybrid_boot("tmp_vsn",Boot1,Boot2,
+						 BasePaths, [dummy,args]),
 
-    ?line {script,{"Test release","tmp_vsn"},Script} = binary_to_term(Hybrid),
+    {script,{"Test release","tmp_vsn"},Script} = binary_to_term(Hybrid),
     ct:log("~p.~n",[Script]),
 
     %% Check that all paths to base apps are replaced by paths from BaseLib
     Boot1Str = io_lib:format("~p~n",[binary_to_term(Boot1)]),
     HybridStr = io_lib:format("~p~n",[binary_to_term(Hybrid)]),
     ReOpts = [global,{capture,first,list},unicode],
-    ?line {match,OldKernelMatch} = re:run(Boot1Str,"kernel-[0-9\.]+",ReOpts),
-    ?line {match,OldStdlibMatch} = re:run(Boot1Str,"stdlib-[0-9\.]+",ReOpts),
-    ?line {match,OldSaslMatch} = re:run(Boot1Str,"sasl-[0-9\.]+",ReOpts),
+    {match,OldKernelMatch} = re:run(Boot1Str,"kernel-[0-9\.]+",ReOpts),
+    {match,OldStdlibMatch} = re:run(Boot1Str,"stdlib-[0-9\.]+",ReOpts),
+    {match,OldSaslMatch} = re:run(Boot1Str,"sasl-[0-9\.]+",ReOpts),
 
-    ?line nomatch = re:run(HybridStr,"kernel-[0-9\.]+",ReOpts),
-    ?line nomatch = re:run(HybridStr,"stdlib-[0-9\.]+",ReOpts),
-    ?line nomatch = re:run(HybridStr,"sasl-[0-9\.]+",ReOpts),
-    ?line {match,NewKernelMatch} = re:run(HybridStr,"testkernelpath",ReOpts),
-    ?line {match,NewStdlibMatch} = re:run(HybridStr,"teststdlibpath",ReOpts),
-    ?line {match,NewSaslMatch} = re:run(HybridStr,"testsaslpath",ReOpts),
+    nomatch = re:run(HybridStr,"kernel-[0-9\.]+",ReOpts),
+    nomatch = re:run(HybridStr,"stdlib-[0-9\.]+",ReOpts),
+    nomatch = re:run(HybridStr,"sasl-[0-9\.]+",ReOpts),
+    {match,NewKernelMatch} = re:run(HybridStr,"testkernelpath",ReOpts),
+    {match,NewStdlibMatch} = re:run(HybridStr,"teststdlibpath",ReOpts),
+    {match,NewSaslMatch} = re:run(HybridStr,"testsaslpath",ReOpts),
 
     NewKernelN = length(NewKernelMatch),
-    ?line NewKernelN = length(OldKernelMatch),
+    NewKernelN = length(OldKernelMatch),
     NewStdlibN = length(NewStdlibMatch),
-    ?line NewStdlibN = length(OldStdlibMatch),
+    NewStdlibN = length(OldStdlibMatch),
     NewSaslN = length(NewSaslMatch),
-    ?line NewSaslN = length(OldSaslMatch),
+    NewSaslN = length(OldSaslMatch),
 
     %% Check that application load instruction has correct versions
     Apps = application:loaded_applications(),
@@ -1655,33 +1600,33 @@ normal_hybrid(Config) ->
     {_,_,StdlibVsn} = lists:keyfind(stdlib,1,Apps),
     {_,_,SaslVsn} = lists:keyfind(sasl,1,Apps),
 
-    ?line [KernelInfo] = [I || {kernelProcess,application_controller,
+    [KernelInfo] = [I || {kernelProcess,application_controller,
 			  {application_controller,start,
 			   [{application,kernel,I}]}} <- Script],
-    ?line [StdlibInfo] = [I || {apply,
+    [StdlibInfo] = [I || {apply,
 			  {application,load,
 			   [{application,stdlib,I}]}} <- Script],
-    ?line [SaslInfo] = [I || {apply,
+    [SaslInfo] = [I || {apply,
 			{application,load,
 			 [{application,sasl,I}]}} <- Script],
 
-    ?line {vsn,KernelVsn} = lists:keyfind(vsn,1,KernelInfo),
-    ?line {vsn,StdlibVsn} = lists:keyfind(vsn,1,StdlibInfo),
-    ?line {vsn,SaslVsn} = lists:keyfind(vsn,1,SaslInfo),
+    {vsn,KernelVsn} = lists:keyfind(vsn,1,KernelInfo),
+    {vsn,StdlibVsn} = lists:keyfind(vsn,1,StdlibInfo),
+    {vsn,SaslVsn} = lists:keyfind(vsn,1,SaslInfo),
 
     %% Check that new_emulator_upgrade call is added
-    ?line [_,{apply,{release_handler,new_emulator_upgrade,[dummy,args]}}|_] =
+    [_,{apply,{release_handler,new_emulator_upgrade,[dummy,args]}}|_] =
 	lists:reverse(Script),
 
     %% Check that db-1.0 and fe-3.1 are used (i.e. vsns from old release)
     %% And that fe is in there (it exists in old rel but not in new)
-    ?line {match,DbMatch} = re:run(HybridStr,"db-[0-9\.]+",ReOpts),
-    ?line {match,[_|_]=FeMatch} = re:run(HybridStr,"fe-[0-9\.]+",ReOpts),
-    ?line true = lists:all(fun(["db-1.0"]) -> true;
+    {match,DbMatch} = re:run(HybridStr,"db-[0-9\.]+",ReOpts),
+    {match,[_|_]=FeMatch} = re:run(HybridStr,"fe-[0-9\.]+",ReOpts),
+    true = lists:all(fun(["db-1.0"]) -> true;
 			(_)  -> false
 		     end,
 		     DbMatch),
-    ?line true = lists:all(fun(["fe-3.1"]) -> true;
+    true = lists:all(fun(["fe-3.1"]) -> true;
 			(_)  -> false
 		     end,
 		     FeMatch),
@@ -1691,210 +1636,209 @@ normal_hybrid(Config) ->
     {_,_,Old} = binary_to_term(Boot1),
     OldLength = length(Old),
     NewLength = length(Script),
-    ?line NewLength = OldLength + 1,
+    NewLength = OldLength + 1,
 
     ok.
 
+%% make_hybrid_boot: No sasl in from-release.
 %% Check that systools_make:make_hybrid_boot fails with a meaningful
 %% error message if the FromBoot does not include the sasl
 %% application.
 hybrid_no_old_sasl(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {Dir1,Name1} = create_script(latest1_no_sasl,Config),
-    ?line {_Dir2,Name2} = create_script(current_all,Config),
+    {ok, OldDir} = file:get_cwd(),
+    {Dir1,Name1} = create_script(latest1_no_sasl,Config),
+    {_Dir2,Name2} = create_script(current_all,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = [fname([DataDir, d_normal, lib])],
-    ?line P = [fname([LibDir, '*', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
 
-    ?line ok = file:set_cwd(Dir1),
+    ok = file:set_cwd(Dir1),
 
-    ?line {ok, _ , [{warning,missing_sasl}]} =
+    {ok, _ , [{warning,missing_sasl}]} =
 	systools:make_script(Name1,[{path, P},silent]),
-    ?line {ok, _ , []} = systools:make_script(Name2,[{path, P},silent]),
-    ?line {ok,Boot1} = file:read_file(Name1 ++ ".boot"),
-    ?line {ok,Boot2} = file:read_file(Name2 ++ ".boot"),
+    {ok, _ , []} = systools:make_script(Name2,[{path, P},silent]),
+    {ok,Boot1} = file:read_file(Name1 ++ ".boot"),
+    {ok,Boot2} = file:read_file(Name2 ++ ".boot"),
 
-    ?line BasePaths = {"testkernelpath","teststdlibpath","testsaslpath"},
-    ?line {error,{app_not_replaced,sasl}} =
+    BasePaths = {"testkernelpath","teststdlibpath","testsaslpath"},
+    {error,{app_not_replaced,sasl}} =
 	systools_make:make_hybrid_boot("tmp_vsn",Boot1,Boot2,
 				       BasePaths,[dummy,args]),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
+%% make_hybrid_boot: No sasl in to-release.
 %% Check that systools_make:make_hybrid_boot fails with a meaningful
 %% error message if the ToBoot does not include the sasl
 %% application.
 hybrid_no_new_sasl(Config) ->
-    ?line {ok, OldDir} = file:get_cwd(),
-    ?line {Dir1,Name1} = create_script(latest1,Config),
-    ?line {_Dir2,Name2} = create_script(current_all_no_sasl,Config),
+    {ok, OldDir} = file:get_cwd(),
+    {Dir1,Name1} = create_script(latest1,Config),
+    {_Dir2,Name2} = create_script(current_all_no_sasl,Config),
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = [fname([DataDir, d_normal, lib])],
-    ?line P = [fname([LibDir, '*', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin])],
+    DataDir = filename:absname(?copydir),
+    LibDir = [fname([DataDir, d_normal, lib])],
+    P = [fname([LibDir, '*', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
 
-    ?line ok = file:set_cwd(Dir1),
+    ok = file:set_cwd(Dir1),
 
-    ?line {ok, _ , []} = systools:make_script(Name1,[{path, P},silent]),
-    ?line {ok, _ , [{warning,missing_sasl}]} =
+    {ok, _ , []} = systools:make_script(Name1,[{path, P},silent]),
+    {ok, _ , [{warning,missing_sasl}]} =
 	systools:make_script(Name2,[{path, P},silent]),
-    ?line {ok,Boot1} = file:read_file(Name1 ++ ".boot"),
-    ?line {ok,Boot2} = file:read_file(Name2 ++ ".boot"),
+    {ok,Boot1} = file:read_file(Name1 ++ ".boot"),
+    {ok,Boot2} = file:read_file(Name2 ++ ".boot"),
 
-    ?line BasePaths = {"testkernelpath","teststdlibpath","testsaslpath"},
-    ?line {error,{app_not_found,sasl}} =
+    BasePaths = {"testkernelpath","teststdlibpath","testsaslpath"},
+    {error,{app_not_found,sasl}} =
 	systools_make:make_hybrid_boot("tmp_vsn",Boot1,Boot2,
 				       BasePaths,[dummy,args]),
 
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
 
-otp_6226(suite) ->
-    [];
-otp_6226(doc) ->
-    ["{outdir,Dir} option for systools:make_script()"];
-otp_6226(Config) when is_list(Config) ->
+%% options: {outdir,Dir} option
+otp_6226_outdir(Config) when is_list(Config) ->
     PrivDir = ?privdir,
-    ?line {ok, OldDir} = file:get_cwd(),
+    {ok, OldDir} = file:get_cwd(),
+
+    {LatestDir, LatestName} = create_script(latest0,Config),
+    {_LatestDir, LatestName1} = create_script(latest1,Config),
 
-    ?line {LatestDir, LatestName} = create_script(latest0,Config),
-    ?line {_LatestDir, LatestName1} = create_script(latest1,Config),
+    DataDir = filename:absname(?copydir),
+    LibDir = fname([DataDir, d_normal, lib]),
+    P = [fname([LibDir, 'db-2.1', ebin]),
+	 fname([LibDir, 'db-1.0', ebin]),
+	 fname([LibDir, 'fe-3.1', ebin]),
+	 fname([DataDir, lib, kernel, ebin]),
+	 fname([DataDir, lib, stdlib, ebin]),
+	 fname([DataDir, lib, sasl, ebin])],
 
-    ?line DataDir = filename:absname(?copydir),
-    ?line LibDir = fname([DataDir, d_normal, lib]),
-    ?line P = [fname([LibDir, 'db-2.1', ebin]),
-	       fname([LibDir, 'db-1.0', ebin]),
-	       fname([LibDir, 'fe-3.1', ebin]),
-	       fname([DataDir, lib, kernel, ebin]),
-	       fname([DataDir, lib, stdlib, ebin]),
-	       fname([DataDir, lib, sasl, ebin])],
+    ok = file:set_cwd(LatestDir),
 
-    ?line ok = file:set_cwd(LatestDir),
 
- 
     %% Create an outdir1 directory
-    ?line ok = file:make_dir("outdir1"),
+    ok = file:make_dir("outdir1"),
 
     %% ==== Now test systools:make_script ====
     %% a) badarg
-    ?line {'EXIT', {{badarg,[{outdir,outdir1}]}, _}} =
+    {'EXIT', {{badarg,[{outdir,outdir1}]}, _}} =
 	(catch systools:make_script(LatestName, [{outdir,outdir1},
 						 {path,P},silent])),
 
     %% b) absolute path
     Outdir1 = filename:join(PrivDir, "outdir1"),
-    ?line {ok,_,[]} = systools:make_script(LatestName, [{outdir,Outdir1},
-							{path,P},silent]),
-    ?line Script1 = filename:join(Outdir1, LatestName ++ ".script"),
-    ?line Boot1 = filename:join(Outdir1, LatestName ++ ".boot"),
-    ?line true = filelib:is_file(Script1),
-    ?line true = filelib:is_file(Boot1),
-    ?line ok = file:delete(Script1),
-    ?line ok = file:delete(Boot1),
+    {ok,_,[]} = systools:make_script(LatestName, [{outdir,Outdir1},
+						  {path,P},silent]),
+    Script1 = filename:join(Outdir1, LatestName ++ ".script"),
+    Boot1 = filename:join(Outdir1, LatestName ++ ".boot"),
+    true = filelib:is_file(Script1),
+    true = filelib:is_file(Boot1),
+    ok = file:delete(Script1),
+    ok = file:delete(Boot1),
 
     %% c) relative path
-    ?line {ok,_,[]} = systools:make_script(LatestName, [{outdir,"./outdir1"},
-							{path,P},silent]),
-    ?line true = filelib:is_file(Script1),
-    ?line true = filelib:is_file(Boot1),
-    ?line ok = file:delete(Script1),
-    ?line ok = file:delete(Boot1),
+    {ok,_,[]} = systools:make_script(LatestName, [{outdir,"./outdir1"},
+						  {path,P},silent]),
+    true = filelib:is_file(Script1),
+    true = filelib:is_file(Boot1),
+    ok = file:delete(Script1),
+    ok = file:delete(Boot1),
 
     %% d) absolute but incorrect path
-    ?line Outdir2 = filename:join(PrivDir, "outdir2"),
-    ?line Script2 = filename:join(Outdir2, LatestName ++ ".script"),
-    ?line {error,_,{open,Script2,_}} = 
+    Outdir2 = filename:join(PrivDir, "outdir2"),
+    Script2 = filename:join(Outdir2, LatestName ++ ".script"),
+    {error,_,{open,Script2,_}} =
 	systools:make_script(LatestName, [{outdir,Outdir2},{path,P},silent]),
 
     %% e) relative but incorrect path
-    ?line {error,_,{open,_,_}} = 
+    {error,_,{open,_,_}} =
 	systools:make_script(LatestName, [{outdir,"./outdir2"},{path,P},silent]),
 
     %% f) with .rel in another directory than cwd
-    ?line ok = file:set_cwd(Outdir1),
-    ?line {ok,_,[]} = systools:make_script(filename:join(PrivDir, LatestName),
-					   [{outdir,"."},{path,P},silent]),
-    ?line true = filelib:is_file(LatestName ++ ".script"),
-    ?line true = filelib:is_file(LatestName ++ ".boot"),
-    ?line ok = file:delete(LatestName ++ ".script"),
-    ?line ok = file:delete(LatestName ++ ".boot"),
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(Outdir1),
+    {ok,_,[]} = systools:make_script(filename:join(PrivDir, LatestName),
+				     [{outdir,"."},{path,P},silent]),
+    true = filelib:is_file(LatestName ++ ".script"),
+    true = filelib:is_file(LatestName ++ ".boot"),
+    ok = file:delete(LatestName ++ ".script"),
+    ok = file:delete(LatestName ++ ".boot"),
+    ok = file:set_cwd(LatestDir),
 
     %% ==== Now test systools:make_tar =====
-    ?line {ok,_,[]} = systools:make_script(LatestName, [{path,P},silent]),
+    {ok,_,[]} = systools:make_script(LatestName, [{path,P},silent]),
     %% a) badarg
-    ?line {'EXIT', {{badarg, [{outdir,outdir1}]}, _}} =
+    {'EXIT', {{badarg, [{outdir,outdir1}]}, _}} =
     	(catch systools:make_tar(LatestName,[{outdir,outdir1},{path,P},silent])),
 
     %% b) absolute path
-    ?line {ok,_,[]} = systools:make_tar(LatestName, [{outdir,Outdir1}, 
-						     {path,P},silent]),
-    ?line Tar1 = filename:join(Outdir1,LatestName++".tar.gz"),
-    ?line true = filelib:is_file(Tar1),
-    ?line ok = file:delete(Tar1),
+    {ok,_,[]} = systools:make_tar(LatestName, [{outdir,Outdir1},
+					       {path,P},silent]),
+    Tar1 = filename:join(Outdir1,LatestName++".tar.gz"),
+    true = filelib:is_file(Tar1),
+    ok = file:delete(Tar1),
 
     %% c) relative path
-    ?line {ok,_,[]} = systools:make_tar(LatestName, [{outdir,"./outdir1"},
-						     {path,P},silent]),
-    ?line true = filelib:is_file(Tar1),
-    ?line ok = file:delete(Tar1),
+    {ok,_,[]} = systools:make_tar(LatestName, [{outdir,"./outdir1"},
+					       {path,P},silent]),
+    true = filelib:is_file(Tar1),
+    ok = file:delete(Tar1),
 
     %% d) absolute but incorrect path
-    ?line Tar2 = filename:join(Outdir2,LatestName++".tar.gz"),
-    ?line {error,_,{tar_error,{open,Tar2,{Tar2,enoent}}}} = 
+    Tar2 = filename:join(Outdir2,LatestName++".tar.gz"),
+    {error,_,{tar_error,{open,Tar2,{Tar2,enoent}}}} =
 	systools:make_tar(LatestName, [{outdir,Outdir2},{path,P},silent]),
-    
+
     %% e) relative but incorrect path
-    ?line {error,_,{tar_error,{open,_,_}}} = 
-	   systools:make_tar(LatestName, [{outdir,"./outdir2"},{path,P},silent]),
+    {error,_,{tar_error,{open,_,_}}} =
+	systools:make_tar(LatestName, [{outdir,"./outdir2"},{path,P},silent]),
 
     %% f) with .rel in another directory than cwd
-    ?line ok = file:set_cwd(Outdir1),
-    ?line {ok,_,[]} = systools:make_tar(filename:join(PrivDir, LatestName),
-					[{outdir,"."},{path,P},silent]),
-    ?line true = filelib:is_file(Tar1),
-    ?line ok = file:set_cwd(LatestDir),
+    ok = file:set_cwd(Outdir1),
+    {ok,_,[]} = systools:make_tar(filename:join(PrivDir, LatestName),
+				  [{outdir,"."},{path,P},silent]),
+    true = filelib:is_file(Tar1),
+    ok = file:set_cwd(LatestDir),
 
     %% ===== Now test systools:make_relup =====
     %% a) badarg
-    ?line {'EXIT', {{badarg, [{outdir,outdir1}]}, _}} =
+    {'EXIT', {{badarg, [{outdir,outdir1}]}, _}} =
     	(catch systools:make_relup(LatestName,[LatestName1],[LatestName1],
     				   [{outdir,outdir1}, 
 				    {path,P},silent])),
 
     %% b) absolute path
     Relup = filename:join(Outdir1, "relup"),
-    ?line {ok,_,_,[]} = systools:make_relup(LatestName,[LatestName1],[LatestName1],
-					    [{outdir,Outdir1},
-					     {path,P},silent]),
-    ?line true = filelib:is_file(Relup),
-    ?line ok = file:delete(Relup),
-    
+    {ok,_,_,[]} = systools:make_relup(LatestName,[LatestName1],[LatestName1],
+				      [{outdir,Outdir1},
+				       {path,P},silent]),
+    true = filelib:is_file(Relup),
+    ok = file:delete(Relup),
+
     %% c) relative path
-    ?line {ok,_,_,[]} = systools:make_relup(LatestName,[LatestName1],[LatestName1],
-					    [{outdir,"./outdir1"},
-					     {path,P},silent]),
-    ?line true = filelib:is_file(Relup),
-    ?line ok = file:delete(Relup),
-    
+    {ok,_,_,[]} = systools:make_relup(LatestName,[LatestName1],[LatestName1],
+				      [{outdir,"./outdir1"},
+				       {path,P},silent]),
+    true = filelib:is_file(Relup),
+    ok = file:delete(Relup),
+
     %% d) absolute but incorrect path
-    ?line {error,_,{file_problem,{"relup",enoent}}} = 
+    {error,_,{file_problem,{"relup",enoent}}} =
 	systools:make_relup(LatestName,[LatestName1],[LatestName1],
 			    [{outdir,Outdir2},{path,P},silent]),
-    
+
     %% e) relative but incorrect path
-    ?line {error,_,{file_problem,{"relup",enoent}}} = 
+    {error,_,{file_problem,{"relup",enoent}}} =
 	systools:make_relup(LatestName,[LatestName1],[LatestName1],
 			    [{outdir,"./outdir2"},{path,P},silent]),
 
@@ -1903,7 +1847,7 @@ otp_6226(Config) when is_list(Config) ->
     %%    cwd, not in the same directory as the .rel file --
 
     %% Change back to previous working directory
-    ?line ok = file:set_cwd(OldDir),
+    ok = file:set_cwd(OldDir),
     ok.
 
 
@@ -1926,7 +1870,7 @@ check_var_script_file(VarDirs, NoExistDirs, RelName) ->
     AllPaths = lists:append(lists:map(fun({path, P}) -> P;
 					 (_)         -> []
 				      end,
-				  ListOfThings)),
+				      ListOfThings)),
     case lists:filter(fun(VarDir) -> lists:member(VarDir, AllPaths) end,
 		      VarDirs) of
 	VarDirs ->
@@ -1951,7 +1895,7 @@ check_include_script(RelName, ExpectedLoad, ExpectedStart) ->
 	[App || {apply,{application,load,[{application,App,_}]}} <- ListOfThings,
 		App=/=kernel,
 		App=/=stdlib],
-    
+
     if ActualLoad =:= ExpectedLoad -> ok;
        true -> test_server:fail({bad_load_order, ActualLoad, ExpectedLoad})
     end,
@@ -2026,7 +1970,7 @@ check_tar_regular(PrivDir, Files, RelName) ->
 	NotThere ->
 	    {error,{erroneous_tar_file,tar_name(RelName),NotThere}}
     end.
-	    
+
 delete_tree(Dir) ->
     case filelib:is_dir(Dir) of
 	true ->
@@ -2081,6 +2025,9 @@ create_script(latest_small2,Config) ->
 create_script(latest_nokernel,Config) ->
     Apps = [{db,"2.1"},{fe,"3.1"}],
     do_create_script(latest_nokernel,Config,"4.4",Apps);
+create_script(latest_kernel_start_type,Config) ->
+    Apps = [{kernel,"1.0",load},{db,"2.1"},{fe,"3.1"}],
+    do_create_script(latest_kernel_start_type,Config,"4.4",Apps);
 create_script(latest_app_start_type1,Config) ->
     Apps = core_apps(current),
     do_create_script(latest_app_start_type1,Config,current,Apps);
@@ -2107,15 +2054,15 @@ create_script(current_all_future_sasl,Config) ->
 
 
 do_create_script(Id,Config,ErtsVsn,AppVsns) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, Id),
-    ?line {ok,Fd} = file:open(Name++".rel",write),
-    ?line RelfileContent =
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, Id),
+    {ok,Fd} = file:open(Name++".rel",write),
+    RelfileContent =
 	{release,{"Test release", string:to_upper(atom_to_list(Id))},
 	 {erts,erts_vsn(ErtsVsn)},
 	 app_vsns(AppVsns)},
-    ?line io:format(Fd,"~p.~n",[RelfileContent]),
-    ?line ok = file:close(Fd),
+    io:format(Fd,"~p.~n",[RelfileContent]),
+    ok = file:close(Fd),
     {filename:dirname(Name), filename:basename(Name)}.
 
 core_apps(Vsn) ->
@@ -2136,372 +2083,372 @@ erts_vsn(Vsn) -> Vsn.
 
 
 create_include_files(inc1, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc1),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc1),
     create_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\"}, {t2, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\"}, {t2, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc2, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc2),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc2),
     create_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t6 does not include t5 !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t6, \"1.0\", [t4]}, {t5, \"1.0\"}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\"}, {t2, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t6, \"1.0\", [t4]}, {t5, \"1.0\"}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\"}, {t2, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc3, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc3),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc3),
     create_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t3 does not include t2 !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\", []}, {t2, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\", []}, {t2, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc4, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc4),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc4),
     create_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t3 does not include t2 !
     %% t6 does not include t5 !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t6, \"1.0\", [t4]}, {t5, \"1.0\"}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\", []}, {t2, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t6, \"1.0\", [t4]}, {t5, \"1.0\"}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\", []}, {t2, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc5, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc5),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc5),
     create_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t6 does not include t5 !
     %% exclude t5.
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t6, \"1.0\", [t4]}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\", []}, {t2, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t6, \"1.0\", [t4]}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\", []}, {t2, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc6, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc6),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc6),
     create_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t3 does include non existing t2 !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc7, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc7),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc7),
     create_apps(PrivDir),
     create_app(t7, PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t7 and t6 does include t5 !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t7, \"1.0\"}, {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
-          "  {t4, \"1.0\"}, {t3, \"1.0\"}, {t2, \"1.0\"}, \n"
-          "  {t1, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t7, \"1.0\"}, {t6, \"1.0\"}, {t5, \"1.0\"}, \n"
+	"  {t4, \"1.0\"}, {t3, \"1.0\"}, {t2, \"1.0\"}, \n"
+	"  {t1, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc8, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc8),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc8),
     create_circular_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t8 uses t9 and t10 includes t9 !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t8, \"1.0\"}, {t9, \"1.0\"}, {t10, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t8, \"1.0\"}, {t9, \"1.0\"}, {t10, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc9, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc9),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc9),
     create_circular_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t8 uses t9, t9 uses t10 and t10 includes t8 ==> circular !!
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t8, \"1.0\"}, {t9, \"1.0\"}, {t10, \"1.0\", [t8]}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t8, \"1.0\"}, {t9, \"1.0\"}, {t10, \"1.0\", [t8]}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc10, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc10),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc10),
     create_circular_apps(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     %% t9 tries to include not specified (in .app file) application !
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t8, \"1.0\"}, {t9, \"1.0\", [t7]}, {t10, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t8, \"1.0\"}, {t9, \"1.0\", [t7]}, {t10, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
 create_include_files(inc11, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, inc11),
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, inc11),
     create_apps2(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {t11, \"1.0\"}, \n"
-          "  {t12, \"1.0\"}, \n"
-          "  {t13, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {t11, \"1.0\"}, \n"
+	"  {t12, \"1.0\"}, \n"
+	"  {t13, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)};
 
-create_include_files(otp_3065, Config) ->
-    ?line PrivDir = ?privdir,
-    ?line Name = fname(PrivDir, otp_3065),
+create_include_files(otp_3065_circular_dependenies, Config) ->
+    PrivDir = ?privdir,
+    Name = fname(PrivDir, otp_3065_circular_dependenies),
     create_apps_3065(PrivDir),
 
-    ?line Apps = application_controller:which_applications(),
-    ?line {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
-    ?line {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
+    Apps = application_controller:which_applications(),
+    {value,{_,_,KernelVer}} = lists:keysearch(kernel,1,Apps),
+    {value,{_,_,StdlibVer}} = lists:keysearch(stdlib,1,Apps),
 
     Rel = "{release, {\"test\",\"R1A\"}, {erts, \"45\"},\n"
-          " [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
-           ++ StdlibVer ++ "\"},\n"
-          "  {chAts, \"1.0\"}, {aa12, \"1.0\"}, \n"
-          "  {chTraffic, \"1.0\"}]}.\n",
+	" [{kernel, \"" ++ KernelVer ++ "\"}, {stdlib, \""
+	++ StdlibVer ++ "\"},\n"
+	"  {chAts, \"1.0\"}, {aa12, \"1.0\"}, \n"
+	"  {chTraffic, \"1.0\"}]}.\n",
     file:write_file(Name ++ ".rel", list_to_binary(Rel)),
     {filename:dirname(Name), filename:basename(Name)}.
 
 create_apps(Dir) ->
     T1 = "{application, t1,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [kernel, stdlib]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [kernel, stdlib]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't1.app'), list_to_binary(T1)),
 
     T2 = "{application, t2,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [t1]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [t1]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't2.app'), list_to_binary(T2)),
 
     T3 = "{application, t3,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [t2]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [t2]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't3.app'), list_to_binary(T3)),
 
     T4 = "{application, t4,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [t3]},\n"
-         "  {included_applications, []},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [t3]},\n"
+	"  {included_applications, []},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't4.app'), list_to_binary(T4)),
 
     T5 = "{application, t5,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [t3]},\n"
-         "  {included_applications, []},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [t3]},\n"
+	"  {included_applications, []},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't5.app'), list_to_binary(T5)),
 
     T6 = "{application, t6,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [t4, t5]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [t4, t5]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't6.app'), list_to_binary(T6)).
 
 create_app(t7, Dir) ->
     T7 = "{application, t7,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [t5]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [t5]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't7.app'), list_to_binary(T7)).
 
 create_circular_apps(Dir) ->
     T8 = "{application, t8,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [t9]},\n"
-         "  {included_applications, []},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [t9]},\n"
+	"  {included_applications, []},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't8.app'), list_to_binary(T8)),
 
     T9 = "{application, t9,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [t10]},\n"
-         "  {included_applications, []},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [t10]},\n"
+	"  {included_applications, []},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't9.app'), list_to_binary(T9)),
 
     T10 = "{application, t10,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [t8, t9]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [t8, t9]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't10.app'), list_to_binary(T10)).
 
 create_apps2(Dir) ->
     T11 = "{application, t11,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [t13]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [t13]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't11.app'), list_to_binary(T11)),
 
     T12 = "{application, t12,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [t11]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [t11]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't12.app'), list_to_binary(T12)),
 
     T13 = "{application, t13,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, []},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, []},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 't13.app'), list_to_binary(T13)).
 
 
 
 create_apps_3065(Dir) ->
     T11 = "{application, chTraffic,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [chAts]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [chAts]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 'chTraffic.app'), list_to_binary(T11)),
 
     T12 = "{application, chAts,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, []},\n"
-         "  {included_applications, [aa12]},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, []},\n"
+	"  {included_applications, [aa12]},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 'chAts.app'), list_to_binary(T12)),
 
     T13 = "{application, aa12,\n"
-         " [{vsn, \"1.0\"},\n"
-         "  {description, \"test\"},\n"
-	 "  {modules, []},\n"
-         "  {applications, [chAts]},\n"
-         "  {included_applications, []},\n"
-	 "  {registered, []}]}.\n",
+	" [{vsn, \"1.0\"},\n"
+	"  {description, \"test\"},\n"
+	"  {modules, []},\n"
+	"  {applications, [chAts]},\n"
+	"  {included_applications, []},\n"
+	"  {registered, []}]}.\n",
     file:write_file(fname(Dir, 'aa12.app'), list_to_binary(T13)).
 
 fname(N) ->
diff --git a/lib/sasl/test/systools_rc_SUITE.erl b/lib/sasl/test/systools_rc_SUITE.erl
index 2ab9e269f9..bd4aa9e7a7 100644
--- a/lib/sasl/test/systools_rc_SUITE.erl
+++ b/lib/sasl/test/systools_rc_SUITE.erl
@@ -18,7 +18,7 @@
 %%
 -module(systools_rc_SUITE).
 
--include_lib("test_server/include/test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
 -include_lib("sasl/src/systools.hrl").
 -export([all/0,groups/0,init_per_group/2,end_per_group/2, 
 	 syntax_check/1, translate/1, translate_app/1,
@@ -41,7 +41,6 @@ end_per_group(_GroupName, Config) ->
     Config.
 
 
-syntax_check(suite) -> [];
 syntax_check(Config) when is_list(Config) ->
     PreApps =
 	[#application{name = test,
@@ -69,8 +68,8 @@ syntax_check(Config) when is_list(Config) ->
 	  {update, baz, 5000, soft, brutal_purge, brutal_purge, []},
 	  {add_module, new_mod},
 	  {remove_application, snmp}
-	  ],
-    ?line {ok, _} = systools_rc:translate_scripts([S1], Apps, PreApps),
+	 ],
+    {ok, _} = systools_rc:translate_scripts([S1], Apps, PreApps),
     S2 = [
 	  {apply, {m, f, [a]}},
 	  {load_object_code, {tst, "1.0", [new_mod]}},
@@ -90,41 +89,40 @@ syntax_check(Config) when is_list(Config) ->
 	  {apply, {m,f,[a]}},
 	  restart_new_emulator,
 	  restart_emulator
-	  ],
-    ?line {ok, _} = systools_rc:translate_scripts([S2], Apps, []),
+	 ],
+    {ok, _} = systools_rc:translate_scripts([S2], Apps, []),
     S3 = [{apply, {m, f, a}}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S3], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S3], Apps, []),
     S3_1 = [{apply, {m, 3, a}}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S3_1], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S3_1], Apps, []),
     S4 = [{apply, {m, f}}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S4], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S4], Apps, []),
     S5 = [{load_object_code, hej}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S5], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S5], Apps, []),
     S6 = [{load_object_code, {342, "1.0", [foo]}}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S6], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S6], Apps, []),
     S7 = [{load_object_code, {tets, "1.0", foo}}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S7], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S7], Apps, []),
     S8 = [{suspend, [m1]}, point_of_no_return],
-    ?line {error, _, _} = systools_rc:translate_scripts([S8], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S8], Apps, []),
     S9 = [{update, ba, {advanced, extra}, brutal_purge, brutal_purge, []}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S9], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S9], Apps, []),
     S10 = [{update, bar, {advanced, extra}, brutal_purge, brutal_purge, [baz]}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S10], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S10], Apps, []),
     S11 = [{update, bar, {advanced, extra}, brutal_purge, brutal_purge, [ba]}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S11], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S11], Apps, []),
     S12 = [{update, bar, advanced, brutal_purge, brutal_purge, []}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S12], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S12], Apps, []),
     S13 = [{update, bar, {advanced, extra}, rutal_purge, brutal_purge, [ba]}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S13], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S13], Apps, []),
     S14 = [{update, bar, {advanced, extra}, brutal_purge, rutal_purge, [ba]}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S14], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S14], Apps, []),
     S15 = [{update, bar, {advanced, extra}, brutal_purge, brutal_purge, ba}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S15], Apps, []),
+    {error, _, _} = systools_rc:translate_scripts([S15], Apps, []),
     S16 = [{code_change, [module]}],
-    ?line {error, _, _} = systools_rc:translate_scripts([S16], Apps, []),
-    ?line ok.
+    {error, _, _} = systools_rc:translate_scripts([S16], Apps, []),
+    ok.
 
-translate(suite) -> [];
 translate(Config) when is_list(Config) ->
     Apps =
 	[#application{name = test,
@@ -136,170 +134,170 @@ translate(Config) when is_list(Config) ->
 		      mod = {sasl, []}}],
     %% Simple translation (1)
     Up1 = [{update, foo, soft, soft_purge, soft_purge, []}],
-    ?line {ok, X1} = systools_rc:translate_scripts([Up1], Apps, []),
-    ?line [{load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[foo]}] = X1,
+    {ok, X1} = systools_rc:translate_scripts([Up1], Apps, []),
+    [{load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[foo]}] = X1,
 
     %% Simple translation (2)
     Up2 = [{update, foo, {advanced, extra}, soft_purge, soft_purge, []}],
-    ?line {ok, X2} = systools_rc:translate_scripts([Up2], Apps, []),
-    ?line [{load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change, up, [{foo, extra}]},
-	   {resume,[foo]}] = X2,
-
-    ?line {ok, X22} = systools_rc:translate_scripts(dn,[Up2], Apps, []),
-    ?line [{load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {code_change, down, [{foo, extra}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[foo]}] = X22,
+    {ok, X2} = systools_rc:translate_scripts([Up2], Apps, []),
+    [{load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change, up, [{foo, extra}]},
+     {resume,[foo]}] = X2,
+
+    {ok, X22} = systools_rc:translate_scripts(dn,[Up2], Apps, []),
+    [{load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {code_change, down, [{foo, extra}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[foo]}] = X22,
 
     Up2a = [{update, foo, static, default, {advanced,extra},
 	     soft_purge, soft_purge, []}],
-    ?line {ok, X2a} = systools_rc:translate_scripts([Up2a], Apps, []),
-    ?line [{load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change, up, [{foo, extra}]},
-	   {resume,[foo]}] = X2a,
-
-    ?line {ok, X22a} = systools_rc:translate_scripts(dn,[Up2a], Apps, []),
-    ?line [{load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change, down, [{foo, extra}]},
-	   {resume,[foo]}] = X22a,
+    {ok, X2a} = systools_rc:translate_scripts([Up2a], Apps, []),
+    [{load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change, up, [{foo, extra}]},
+     {resume,[foo]}] = X2a,
+
+    {ok, X22a} = systools_rc:translate_scripts(dn,[Up2a], Apps, []),
+    [{load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change, down, [{foo, extra}]},
+     {resume,[foo]}] = X22a,
 
     %% Simple dependency (1)
     Up3 = [{update, foo, soft, soft_purge, soft_purge, [bar]},
 	   {update, bar, soft, soft_purge, soft_purge, []}],
-    ?line {ok, X31} = systools_rc:translate_scripts([Up3], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X31,
-    ?line {ok, X32} = systools_rc:translate_scripts(dn,[Up3], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X32,
+    {ok, X31} = systools_rc:translate_scripts([Up3], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X31,
+    {ok, X32} = systools_rc:translate_scripts(dn,[Up3], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X32,
 
     Up3a = [{update, foo, static, default, soft, soft_purge, soft_purge, [bar]},
 	    {update, bar, static, default, soft, soft_purge, soft_purge, []}],
-    ?line {ok, X3a1} = systools_rc:translate_scripts([Up3a], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo, bar]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X3a1,
-    ?line {ok, X3a2} = systools_rc:translate_scripts(dn,[Up3a], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X3a2,
+    {ok, X3a1} = systools_rc:translate_scripts([Up3a], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo, bar]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X3a1,
+    {ok, X3a2} = systools_rc:translate_scripts(dn,[Up3a], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X3a2,
 
     %%  Simple dependency (2)
     Up4 = [{update, foo, soft, soft_purge, soft_purge, [bar]},
 	   {update, bar, {advanced, []}, soft_purge, soft_purge, []}],
-    ?line {ok, X4} = systools_rc:translate_scripts(up,[Up4], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change,up,[{bar,[]}]},
-	   {resume,[bar,foo]}] = X4,
-
-    ?line {ok, X42} = systools_rc:translate_scripts(dn,[Up4], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {code_change,down,[{bar,[]}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X42,
+    {ok, X4} = systools_rc:translate_scripts(up,[Up4], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change,up,[{bar,[]}]},
+     {resume,[bar,foo]}] = X4,
+
+    {ok, X42} = systools_rc:translate_scripts(dn,[Up4], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {code_change,down,[{bar,[]}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X42,
 
     Up4a = [{update, foo, soft, soft_purge, soft_purge, [bar]},
 	    {update, bar, static, infinity, {advanced, []},
 	     soft_purge, soft_purge, []}],
-    ?line {ok, X4a} = systools_rc:translate_scripts(up,[Up4a], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,{bar,infinity}]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change,up,[{bar,[]}]},
-	   {resume,[bar,foo]}] = X4a,
-
-    ?line {ok, X42a} = systools_rc:translate_scripts(dn,[Up4a], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,{bar,infinity}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {code_change,down,[{bar,[]}]},
-	   {resume,[bar,foo]}] = X42a,
+    {ok, X4a} = systools_rc:translate_scripts(up,[Up4a], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,{bar,infinity}]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change,up,[{bar,[]}]},
+     {resume,[bar,foo]}] = X4a,
+
+    {ok, X42a} = systools_rc:translate_scripts(dn,[Up4a], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,{bar,infinity}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {code_change,down,[{bar,[]}]},
+     {resume,[bar,foo]}] = X42a,
 
     Up4b = [{update, foo, soft, soft_purge, soft_purge, [bar]},
 	    {update, bar, dynamic, infinity, {advanced, []},
 	     soft_purge, soft_purge, []}],
-    ?line {ok, X4b} = systools_rc:translate_scripts(up,[Up4b], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,{bar,infinity}]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change,up,[{bar,[]}]},
-	   {resume,[bar,foo]}] = X4b,
-
-    ?line {ok, X42b} = systools_rc:translate_scripts(dn,[Up4b], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,{bar,infinity}]},
-	   {code_change,down,[{bar,[]}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X42b,
+    {ok, X4b} = systools_rc:translate_scripts(up,[Up4b], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,{bar,infinity}]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change,up,[{bar,[]}]},
+     {resume,[bar,foo]}] = X4b,
+
+    {ok, X42b} = systools_rc:translate_scripts(dn,[Up4b], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,{bar,infinity}]},
+     {code_change,down,[{bar,[]}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X42b,
 
     %% More complex dependency
     Up5 = [{update, foo, soft, soft_purge, soft_purge, [bar, baz]},
 	   {update, bar, {advanced, []}, soft_purge, soft_purge, []},
 	   {update, baz, {advanced, baz}, soft_purge, soft_purge, [bar]}],
-    ?line {ok, X5} = systools_rc:translate_scripts([Up5], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,baz,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,baz,bar]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change,up,[{baz,baz},{bar,[]}]},
-	   {resume,[bar,baz,foo]}] = X5,
-
-    ?line {ok, X52} = systools_rc:translate_scripts(dn,[Up5], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,baz,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,baz,bar]},
-	   {code_change,down,[{baz,baz},{bar,[]}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {resume,[bar,baz,foo]}] = X52,
+    {ok, X5} = systools_rc:translate_scripts([Up5], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,baz,bar]}},
+     point_of_no_return,
+     {suspend,[foo,baz,bar]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change,up,[{baz,baz},{bar,[]}]},
+     {resume,[bar,baz,foo]}] = X5,
+
+    {ok, X52} = systools_rc:translate_scripts(dn,[Up5], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,baz,bar]}},
+     point_of_no_return,
+     {suspend,[foo,baz,bar]},
+     {code_change,down,[{baz,baz},{bar,[]}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {resume,[bar,baz,foo]}] = X52,
 
     Up5a = [{update, foo, dynamic, infinity, soft, soft_purge,
 	     soft_purge, [bar, baz]},
@@ -307,26 +305,26 @@ translate(Config) when is_list(Config) ->
 	     soft_purge, []},
 	    {update, baz, dynamic, default, {advanced, baz}, soft_purge,
 	     soft_purge, [bar]}],
-    ?line {ok, X5a} = systools_rc:translate_scripts([Up5a], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,baz,bar]}},
-	   point_of_no_return,
-	   {suspend,[{foo,infinity},baz,{bar,7000}]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change,up,[{baz,baz}, {bar,[]}]},
-	   {resume,[bar,baz,foo]}] = X5a,
-
-    ?line {ok, X52a} = systools_rc:translate_scripts(dn,[Up5a], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,baz,bar]}},
-	   point_of_no_return,
-	   {suspend,[{foo,infinity},baz,{bar,7000}]},
-	   {code_change,down,[{baz,baz}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {code_change,down,[{bar,[]}]},
-	   {resume,[bar,baz,foo]}] = X52a,
+    {ok, X5a} = systools_rc:translate_scripts([Up5a], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,baz,bar]}},
+     point_of_no_return,
+     {suspend,[{foo,infinity},baz,{bar,7000}]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change,up,[{baz,baz}, {bar,[]}]},
+     {resume,[bar,baz,foo]}] = X5a,
+
+    {ok, X52a} = systools_rc:translate_scripts(dn,[Up5a], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,baz,bar]}},
+     point_of_no_return,
+     {suspend,[{foo,infinity},baz,{bar,7000}]},
+     {code_change,down,[{baz,baz}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {code_change,down,[{bar,[]}]},
+     {resume,[bar,baz,foo]}] = X52a,
 
     Up5b = [{update, foo, dynamic, infinity, soft, soft_purge,
 	     soft_purge, [bar, baz]},
@@ -334,65 +332,65 @@ translate(Config) when is_list(Config) ->
 	     soft_purge, []},
 	    {update, baz, static, default, {advanced, baz}, soft_purge,
 	     soft_purge, [bar]}],
-    ?line {ok, X5b} = systools_rc:translate_scripts([Up5b], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,baz,bar]}},
-	   point_of_no_return,
-	   {suspend,[{foo,infinity},baz,{bar,7000}]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {code_change,up,[{baz,baz},{bar,[]}]},
-	   {resume,[bar,baz,foo]}] = X5b,
-
-    ?line {ok, X52b} = systools_rc:translate_scripts(dn,[Up5b], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,baz,bar]}},
-	   point_of_no_return,
-	   {suspend,[{foo,infinity},baz,{bar,7000}]},
-	   {code_change,down,[{bar,[]}]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {code_change,down,[{baz,baz}]},
-	   {resume,[bar,baz,foo]}] = X52b,
+    {ok, X5b} = systools_rc:translate_scripts([Up5b], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,baz,bar]}},
+     point_of_no_return,
+     {suspend,[{foo,infinity},baz,{bar,7000}]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {code_change,up,[{baz,baz},{bar,[]}]},
+     {resume,[bar,baz,foo]}] = X5b,
+
+    {ok, X52b} = systools_rc:translate_scripts(dn,[Up5b], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,baz,bar]}},
+     point_of_no_return,
+     {suspend,[{foo,infinity},baz,{bar,7000}]},
+     {code_change,down,[{bar,[]}]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {code_change,down,[{baz,baz}]},
+     {resume,[bar,baz,foo]}] = X52b,
 
     %% Simple circular dependency (1)
     Up6 = [{update, foo, soft, soft_purge, soft_purge, [bar]},
 	   {update, bar, soft, soft_purge, soft_purge, [foo]}],
-    ?line {ok, X61} = systools_rc:translate_scripts([Up6], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X61,
-    ?line {ok, X62} = systools_rc:translate_scripts(dn,[Up6], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {resume,[bar,foo]}] = X62,
+    {ok, X61} = systools_rc:translate_scripts([Up6], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X61,
+    {ok, X62} = systools_rc:translate_scripts(dn,[Up6], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {suspend,[foo,bar]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {resume,[bar,foo]}] = X62,
 
     %% Simple circular dependency (2)
     Up7 = [{update, foo, soft, soft_purge, soft_purge, [bar, baz]},
 	   {update, bar, soft, soft_purge, soft_purge, [foo]},
 	   {update, baz, soft, soft_purge, soft_purge, [bar]}],
-    ?line {ok, X71} = systools_rc:translate_scripts([Up7], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar,baz]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar,baz]},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[baz, bar, foo]}] = X71,
-    ?line {ok, X72} = systools_rc:translate_scripts(dn,[Up7], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar,baz]}},
-	   point_of_no_return,
-	   {suspend,[foo,bar,baz]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {load,{bar,soft_purge,soft_purge}},
-	   {load,{baz,soft_purge,soft_purge}},
-	   {resume,[baz,bar,foo]}] = X72,
+    {ok, X71} = systools_rc:translate_scripts([Up7], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar,baz]}},
+     point_of_no_return,
+     {suspend,[foo,bar,baz]},
+     {load,{baz,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[baz, bar, foo]}] = X71,
+    {ok, X72} = systools_rc:translate_scripts(dn,[Up7], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar,baz]}},
+     point_of_no_return,
+     {suspend,[foo,bar,baz]},
+     {load,{foo,soft_purge,soft_purge}},
+     {load,{bar,soft_purge,soft_purge}},
+     {load,{baz,soft_purge,soft_purge}},
+     {resume,[baz,bar,foo]}] = X72,
 
     %% Complex circular dependencies, check only order
     %%
@@ -402,20 +400,20 @@ translate(Config) when is_list(Config) ->
 	   {update, z, soft, soft_purge, soft_purge, [x]},
 	   {update, bar, soft, soft_purge, soft_purge, [baz]},
 	   {update, baz, soft, soft_purge, soft_purge, [bar]}],
-    ?line {ok, X8} = systools_rc:translate_scripts([Up8], Apps, []),
-    ?line {value, {suspend, Order}} = lists:keysearch(suspend, 1, X8),
-    ?line Rest = case lists:reverse(Order) of
-		     [bar, baz | R] -> R;
-		     [baz, bar | R] -> R
-		 end,
-    ?line case Rest of
-	      [y, z, x, foo] -> ok;
-	      [y, x, z, foo] -> ok;
-	      [foo, y, z, x] -> ok;
-	      [foo, y, x, z] -> ok;
-	      [y, foo, z, x] -> ok;
-	      [y, foo, x, z] -> ok
-	  end,
+    {ok, X8} = systools_rc:translate_scripts([Up8], Apps, []),
+    {value, {suspend, Order}} = lists:keysearch(suspend, 1, X8),
+    Rest = case lists:reverse(Order) of
+	       [bar, baz | R] -> R;
+	       [baz, bar | R] -> R
+	   end,
+    case Rest of
+	[y, z, x, foo] -> ok;
+	[y, x, z, foo] -> ok;
+	[foo, y, z, x] -> ok;
+	[foo, y, x, z] -> ok;
+	[y, foo, z, x] -> ok;
+	[y, foo, x, z] -> ok
+    end,
 
     %% Check that order among other instructions isn't changed
     Up9 = [{update, foo, soft, soft_purge, soft_purge, [baz]},
@@ -430,13 +428,12 @@ translate(Config) when is_list(Config) ->
 	   {apply, {m, f, [5]}},
 	   {update, baz, soft, soft_purge, soft_purge, [bar]},
 	   {apply, {m, f, [6]}}],
-    ?line {ok, X9} = systools_rc:translate_scripts([Up9], Apps, []),
+    {ok, X9} = systools_rc:translate_scripts([Up9], Apps, []),
     Other2 = [X || {apply, {m, f, [X]}} <- X9],
-    ?line [1,2,3,4,5,6] = lists:sort(Other2),
-    ?line ok.
+    [1,2,3,4,5,6] = lists:sort(Other2),
+    ok.
 
 
-translate_app(suite) -> [];
 translate_app(Config) when is_list(Config) ->
     PreApps =
 	[#application{name = test,
@@ -461,33 +458,33 @@ translate_app(Config) when is_list(Config) ->
     %% Simple translation (1)
     Up1 = [{add_module, foo},
 	   {add_module, bar}],
-    ?line {ok, X1} = systools_rc:translate_scripts([Up1], Apps, []),
-    ?line [{load_object_code,{test,"1.0",[foo,bar]}},
-	   point_of_no_return,
-	   {load,{foo,brutal_purge,brutal_purge}},
-	   {load,{bar,brutal_purge,brutal_purge}}] = X1,
+    {ok, X1} = systools_rc:translate_scripts([Up1], Apps, []),
+    [{load_object_code,{test,"1.0",[foo,bar]}},
+     point_of_no_return,
+     {load,{foo,brutal_purge,brutal_purge}},
+     {load,{bar,brutal_purge,brutal_purge}}] = X1,
 
     %% Simple translation (2)
     Up2 = [{add_application, test}],
-    ?line {ok, X2} = systools_rc:translate_scripts([Up2], Apps, []),
-io:format("X2=~p~n", [X2]),
-    ?line [{load_object_code,{test,"1.0",[foo,bar,baz]}},
-	   point_of_no_return,
-	   {load,{foo,brutal_purge,brutal_purge}},
-	   {load,{bar,brutal_purge,brutal_purge}},
-	   {load,{baz,brutal_purge,brutal_purge}},
-	   {apply,{application,start,[test,permanent]}}] = X2,
+    {ok, X2} = systools_rc:translate_scripts([Up2], Apps, []),
+    io:format("X2=~p~n", [X2]),
+    [{load_object_code,{test,"1.0",[foo,bar,baz]}},
+     point_of_no_return,
+     {load,{foo,brutal_purge,brutal_purge}},
+     {load,{bar,brutal_purge,brutal_purge}},
+     {load,{baz,brutal_purge,brutal_purge}},
+     {apply,{application,start,[test,permanent]}}] = X2,
 
     %% Simple translation (3)
     Up3 = [{remove_application, pelle}],
-    ?line {ok, X3} = systools_rc:translate_scripts([Up3], Apps, PreApps),
-    ?line [point_of_no_return,
-	   {apply,{application,stop,[pelle]}},
-	   {remove,{pelle,brutal_purge,brutal_purge}},
-	   {remove,{kalle,brutal_purge,brutal_purge}},
-	   {purge,[pelle,kalle]},
-	   {apply,{application,unload,[pelle]}}] = X3,
-    ?line ok.
+    {ok, X3} = systools_rc:translate_scripts([Up3], Apps, PreApps),
+    [point_of_no_return,
+     {apply,{application,stop,[pelle]}},
+     {remove,{pelle,brutal_purge,brutal_purge}},
+     {remove,{kalle,brutal_purge,brutal_purge}},
+     {purge,[pelle,kalle]},
+     {apply,{application,unload,[pelle]}}] = X3,
+    ok.
 
 
 translate_emulator_restarts(_Config) ->
@@ -506,36 +503,36 @@ translate_emulator_restarts(_Config) ->
 		      mod = {sasl, []}}],
     %% restart_new_emulator
     Up1 = [{update, foo, soft, soft_purge, soft_purge, []},restart_new_emulator],
-    ?line {ok, X1} = systools_rc:translate_scripts([Up1], Apps, []),
-    ?line [restart_new_emulator,
-	   {load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[foo]}] = X1,
+    {ok, X1} = systools_rc:translate_scripts([Up1], Apps, []),
+    [restart_new_emulator,
+     {load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[foo]}] = X1,
 
     %% restart_emulator
     Up2 = [{update, foo, soft, soft_purge, soft_purge, []},restart_emulator],
-    ?line {ok, X2} = systools_rc:translate_scripts([Up2], Apps, []),
-    ?line [{load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[foo]},
-	   restart_emulator] = X2,
+    {ok, X2} = systools_rc:translate_scripts([Up2], Apps, []),
+    [{load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[foo]},
+     restart_emulator] = X2,
 
     %% restart_emulator + restart_new_emulator
     Up3 = [{update, foo, soft, soft_purge, soft_purge, []},
 	   restart_emulator,
 	   restart_new_emulator],
-    ?line {ok, X3} = systools_rc:translate_scripts([Up3], Apps, []),
-    ?line [restart_new_emulator,
-	   {load_object_code, {test,"1.0",[foo]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[foo]},
-	   restart_emulator] = X3,
+    {ok, X3} = systools_rc:translate_scripts([Up3], Apps, []),
+    [restart_new_emulator,
+     {load_object_code, {test,"1.0",[foo]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[foo]},
+     restart_emulator] = X3,
 
     %% restart_emulator + restart_new_emulator
     Up4a = [{update, foo, soft, soft_purge, soft_purge, []},
@@ -545,28 +542,28 @@ translate_emulator_restarts(_Config) ->
 	    {update, x, soft, soft_purge, soft_purge, []},
 	    restart_emulator,
 	    restart_emulator],
-    ?line {ok, X4} = systools_rc:translate_scripts([Up4a,Up4b], Apps, []),
-    ?line [restart_new_emulator,
-	   {load_object_code, {test,"1.0",[foo,x]}},
-	   point_of_no_return,
-	   {suspend,[foo]},
-	   {load,{foo,soft_purge,soft_purge}},
-	   {resume,[foo]},
-	   {suspend,[x]},
-	   {load,{x,soft_purge,soft_purge}},
-	   {resume,[x]},
-	   restart_emulator] = X4,
+    {ok, X4} = systools_rc:translate_scripts([Up4a,Up4b], Apps, []),
+    [restart_new_emulator,
+     {load_object_code, {test,"1.0",[foo,x]}},
+     point_of_no_return,
+     {suspend,[foo]},
+     {load,{foo,soft_purge,soft_purge}},
+     {resume,[foo]},
+     {suspend,[x]},
+     {load,{x,soft_purge,soft_purge}},
+     {resume,[x]},
+     restart_emulator] = X4,
 
     %% only restart_new_emulator
     Up5 = [restart_new_emulator],
-    ?line {ok, X5} = systools_rc:translate_scripts([Up5], Apps, []),
-    ?line [restart_new_emulator,
-	   point_of_no_return] = X5,
+    {ok, X5} = systools_rc:translate_scripts([Up5], Apps, []),
+    [restart_new_emulator,
+     point_of_no_return] = X5,
 
     %% only restart_emulator
     Up6 = [restart_emulator],
-    ?line {ok, X6} = systools_rc:translate_scripts([Up6], Apps, []),
-    ?line [point_of_no_return,
-	   restart_emulator] = X6,
+    {ok, X6} = systools_rc:translate_scripts([Up6], Apps, []),
+    [point_of_no_return,
+     restart_emulator] = X6,
 
     ok.
diff --git a/lib/snmp/Makefile b/lib/snmp/Makefile
index 4264531112..ff6fad8ddc 100644
--- a/lib/snmp/Makefile
+++ b/lib/snmp/Makefile
@@ -54,6 +54,9 @@ else
 endif
 
 
+DIA_PLT      = ./priv/plt/$(APPLICATION).plt
+DIA_ANALYSIS = $(basename $(DIA_PLT)).dialyzer_analysis
+
 # ----------------------------------------------------
 # Default Subdir Targets
 # ----------------------------------------------------
@@ -75,6 +78,11 @@ info:
 	@echo ""
 	@echo "SNMP_VSN: $(SNMP_VSN)"
 	@echo "APP_VSN:  $(APP_VSN)"
+	@echo ""
+	@echo "DIA_PLT:      $(DIA_PLT)"
+	@echo "DIA_ANALYSIS: $(DIA_ANALYSIS)"
+	@echo ""
+
 
 gclean: 
 	git clean -fXd
@@ -120,3 +128,23 @@ tar: $(APP_TAR_FILE)
 
 $(APP_TAR_FILE): $(APP_DIR)
 	(cd $(APP_RELEASE_DIR); gtar zcf $(APP_TAR_FILE) $(DIR_NAME))
+
+dclean:
+	rm -f $(DIA_PLT)
+	rm -f $(DIA_ANALYSIS)
+
+dialyzer_plt: $(DIA_PLT)
+
+$(DIA_PLT): 
+	@echo "Building $(APPLICATION) plt file"
+	@dialyzer --build_plt \
+                  --output_plt $@ \
+                  -r ../$(APPLICATION)/ebin \
+                  --output $(DIA_ANALYSIS) \
+                  --verbose
+
+dialyzer: $(DIA_PLT)
+	@echo "Running dialyzer on $(APPLICATION)"
+	@dialyzer --plt $< \
+                  ../$(APPLICATION)/ebin \
+                  --verbose
\ No newline at end of file
diff --git a/lib/snmp/doc/src/Makefile b/lib/snmp/doc/src/Makefile
index df597c8ba7..8645886590 100644
--- a/lib/snmp/doc/src/Makefile
+++ b/lib/snmp/doc/src/Makefile
@@ -165,7 +165,7 @@ $(MAN7DIR)/%.7: $(MIBSDIR)/%.mib
 
 $(MAN1DIR)/snmpc.1: snmpc_cmd.xml
 	date=`date +"%B %e %Y"`; \
-        xsltproc --output "$@" --stringparam company "Ericsson AB" --stringparam docgen "$(DOCGEN)" --stringparam gendate "$$date" --stringparam appname "$(APPLICATION)" --stringparam appver "$(VSN)" --xinclude -path $(DOCGEN)/priv/docbuilder_dtd  -path $(DOCGEN)/priv/dtd_man_entities $(DOCGEN)/priv/xsl/db_man.xsl $<
+        xsltproc --output "$@" --stringparam company "Ericsson AB" --stringparam docgen "$(DOCGEN)" --stringparam gendate "$$date" --stringparam appname "$(APPLICATION)" --stringparam appver "$(VSN)" --xinclude -path $(DOCGEN)/priv/dtd  -path $(DOCGEN)/priv/dtd_man_entities $(DOCGEN)/priv/xsl/db_man.xsl $<
 
 include $(ERL_TOP)/make/otp_release_targets.mk
 
diff --git a/lib/snmp/doc/src/notes.xml b/lib/snmp/doc/src/notes.xml
index fd5a548b16..704ff0a20f 100644
--- a/lib/snmp/doc/src/notes.xml
+++ b/lib/snmp/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>1996</year><year>2011</year>
+      <year>1996</year><year>2012</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -34,23 +34,262 @@
 
 
   <section>
+    <title>SNMP Development Toolkit 4.21.7</title>
+    <p>Version 4.21.7 supports code replacement in runtime from/to
+    version 4.21.6, 4.21.5, 4.21.4, 4.21.3, 4.21.2, 4.21.1, 4.21, 4.20.1 and 
+    4.20. </p>
+
+    <section>
+      <title>Improvements and new features</title>
+      <p>-</p>
+
+      <!--
+      <list type="bulleted">
+        <item>
+          <p>[agent] DoS attack using GET-BULK with large value of 
+	  MaxRepetitions.
+	  A preventive method has been implementing by simply 
+	  limit the number of varbinds that can be included in 
+	  a Get-BULK response message. This is specified by the 
+	  new config option, 
+	  <seealso marker="snmp_app#agent_gb_max_vbs">gb_max_vbs</seealso>. 
+	  </p>
+	  <p>Own Id: OTP-9700</p>
+        </item>
+
+      </list>
+      -->
+
+    </section>
+
+    <section>
+      <title>Reported Fixed Bugs and Malfunctions</title>
+      <!--
+      <p>-</p>
+      -->
+
+      <list type="bulleted">
+        <item>
+          <p>[agent] Simultaneous 
+	  <seealso marker="snmpa#backup">snmpa:backup/1,2</seealso> 
+	  calls can interfere.
+	  The master agent did not check if a backup was already in 
+	  progress when a backup request was accepted. </p>
+          <p>Own Id: OTP-9884</p>
+          <p>Aux Id: Seq 11995</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+    </section>
+
+  </section> <!-- 4.21.7 -->
+
+
+  <section>
+    <title>SNMP Development Toolkit 4.21.6</title>
+    <p>Version 4.21.6 supports code replacement in runtime from/to
+    version 4.21.5, 4.21.4, 4.21.3, 4.21.2, 4.21.1, 4.21, 4.20.1 and 
+    4.20. </p>
+
+    <section>
+      <title>Improvements and new features</title>
+      <!--
+      <p>-</p>
+      -->
+
+      <list type="bulleted">
+        <item>
+          <p>[agent] DoS attack using GET-BULK with large value of 
+	  MaxRepetitions.
+	  A preventive method has been implementing by simply 
+	  limit the number of varbinds that can be included in 
+	  a Get-BULK response message. This is specified by the 
+	  new config option, 
+	  <seealso marker="snmp_app#agent_gb_max_vbs">gb_max_vbs</seealso>. 
+	  </p>
+	  <p>Own Id: OTP-9700</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Reported Fixed Bugs and Malfunctions</title>
+      <!--
+      <p>-</p>
+      -->
+
+      <list type="bulleted">
+        <item>
+          <p>[agent] Mib server cache gclimit update function incorrectly calls 
+	  age update function. 
+	  The gclimit update function, 
+	  <seealso marker="snmpa#update_mibs_cache_gclimit">update_mibs_cache_gclimit/1</seealso>, 
+	  <em>incorrectly</em> called the age update function, 
+	  <seealso marker="snmpa#update_mibs_cache_age">update_mibs_cache_age/2</seealso>. </p>
+	  <p>Johan Claesson</p>
+          <p>Own Id: OTP-9868</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+    </section>
+
+  </section> <!-- 4.21.6 -->
+
+
+  <section>
+    <title>SNMP Development Toolkit 4.21.5</title>
+    <p>Version 4.21.5 supports code replacement in runtime from/to
+      version 4.21.4, 4.21.3, 4.21.2, 4.21.1, 4.21, 4.20.1 and 4.20. </p>
+
+    <section>
+      <title>Improvements and new features</title>
+<!--
+      <p>-</p>
+-->
+
+      <list type="bulleted">
+        <item>
+          <p>[agent] Removed (more) use of old style tuple funs. </p>
+          <p>Own Id: OTP-9783</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Fixed Bugs and Malfunctions</title>
+<!--
+      <p>-</p> 
+-->
+
+      <list type="bulleted">
+        <item>
+          <p>[agent] Repeated vacm table dumping fails due to file name 
+          conflict. When dumping the vacm table to disk, a temoporary 
+          file with a fixed name was used. If the table dumping 
+          (snmpa_vacm:dump_table/0) was initiated from several different 
+          processes in rapid succesion, the dumping could fail because the 
+          different processes was simultaniously trying to write to the 
+          same file. This problem has been eliminated by creating a unique 
+          name for the temporary file. </p>
+          <p>Own Id: OTP-9851</p>
+          <p>Aux Id: Seq 11980</p>
+        </item>
+
+      </list>
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+
+<!--
+      <list type="bulleted">
+        <item>
+          <p>foo. </p>
+          <p>Own Id: OTP-9718</p>
+        </item>
+
+      </list>
+-->
+
+    </section>
+
+  </section> <!-- 4.21.5 -->
+
+
+  <section>
+    <title>SNMP Development Toolkit 4.21.4</title>
+    <p>This version has never been released for R14B.</p>
+    <p>Version 4.21.4 supports code replacement in runtime from/to
+      version 4.21.3, 4.21.2, 4.21.1, 4.21, 4.20.1, 4.20 and 4.19. </p>
+
+    <section>
+      <title>Improvements and new features</title>
+      <p>-</p>
+
+<!--
+      <list type="bulleted">
+        <item>
+          <p>[compiler] Improved version info printout from the 
+          <seealso marker="snmpc(command)#">MIB compiler frontend escript</seealso>. </p>
+          <p>Own Id: OTP-9618</p>
+        </item>
+
+      </list>
+-->
+
+    </section>
+
+    <section>
+      <title>Fixed Bugs and Malfunctions</title>
+<!--
+      <p>-</p> 
+-->
+
+      <list type="bulleted">
+        <item>
+          <p>[agent] Removed use of old style tuple funs. </p>
+          <p>Own Id: OTP-9779</p>
+        </item>
+
+      </list>
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+
+<!--
+      <list type="bulleted">
+        <item>
+          <p>foo. </p>
+          <p>Own Id: OTP-9718</p>
+        </item>
+
+      </list>
+-->
+
+    </section>
+
+  </section> <!-- 4.21.4 -->
+
+
+  <section>
     <title>SNMP Development Toolkit 4.21.3</title>
     <p>Version 4.21.3 supports code replacement in runtime from/to
-    version 4.21.2, 4.21.1, 4.21 and 4.20.1. </p>
-    
+      version 4.21.2, 4.21.1, 4.21, 4.20.1, 4.20 and 4.19. </p>
+
     <section>
       <title>Improvements and new features</title>
 <!--
       <p>-</p>
 -->
-      
+
       <list type="bulleted">
         <item>
-          <p>[compiler] Improved version info printout. </p>
+          <p>[compiler] Improved version info printout from the 
+	  <seealso marker="snmpc(command)#">MIB compiler frontend escript</seealso>. </p>
           <p>Own Id: OTP-9618</p>
         </item>
 
       </list>
+
     </section>
 
     <section>
@@ -61,35 +300,46 @@
 
       <list type="bulleted">
         <item>
+          <p>[agent] Version 4.20 introduced a change that broke trap 
+	  sending from subagents. Due to a bug in the test code, 
+	  this was not discovered, until that bug was fixed. </p>
+          <p>Own Id: OTP-9745</p>
+        </item>
+
+        <item>
+          <p>[agent] When sending an error message (reply) regarding 
+	  <c>snmpUnknownPDUHandlers</c>, the agent used the wrong OID. </p>
+          <p>Own Id: OTP-9747</p>
+        </item>
+
+        <item>
           <p>[compiler] Fix the <c>--warnings/--W</c> option parsing in the 
-	  <seealso marker="snmpc(command)#option_warnings">snmpc</seealso>
-	  wrapper (e)script. 
-	  The short warning option was incorrectly <c>--w</c>, instead
-	  of as documented <c>--W</c>. This has now been corrected. </p>
-	  <p>*** POTENTIAL INCOMPATIBILITY ***</p>
+          <seealso marker="snmpc(command)#option_warnings">snmpc</seealso>
+          wrapper (e)script. 
+          The short warning option was incorrectly <c>--w</c>, instead
+          of as documented <c>--W</c>. This has now been corrected. </p>
+          <p>*** POTENTIAL INCOMPATIBILITY ***</p>
           <p>Tuncer Ayaz</p>
           <p>Own Id: OTP-9718</p>
         </item>
 
       </list>
-
     </section>
 
 
     <section>
       <title>Incompatibilities</title>
 <!--
-      <p>-</p> 
+      <p>-</p>
 -->
 
       <list type="bulleted">
         <item>
           <p>[compiler] The short warning option has been changed from 
-	  <c>--w</c> to <c>--W</c> to comply with the documentation. </p>
+          <c>--w</c> to <c>--W</c> to comply with the documentation. </p>
           <p>Tuncer Ayaz</p>
           <p>Own Id: OTP-9718</p>
-	</item>
-
+        </item>
 
       </list>
     </section>
@@ -571,355 +821,6 @@ snmp_view_basec_acm_mib:vacmAccessTable(set, RowIndex, Cols).
   </section> <!-- 4.18 -->
 
 
-  <section>
-    <title>SNMP Development Toolkit 4.17.1</title>
-    <p>Version 4.17.1 supports code replacement in runtime from/to
-      version 4.17, 4.16.2, 4.16.1, 4.16, 4.15, 4.14 and 4.13.5.</p>
-
-    <section>
-      <title>Improvements and new features</title>
-      <p>-</p> 
-    </section>
-
-    <section>
-      <title>Reported Fixed Bugs and Malfunctions</title>
-      <list type="bulleted">
-        <item>
-          <p>When the function FilterMod:accept_recv/2
-	  returned false the SNMP agent stopped collecting 
-	  messages from UDP.</p>
-          <p>Own Id: OTP-8761</p>
-        </item>
-      </list>
-    </section>
-
-    <section>
-      <title>Incompatibilities</title>
-      <p>-</p>
-    </section>
-  </section> <!-- 4.17.1 -->
-
-
-  <section>
-    <title>SNMP Development Toolkit 4.17</title>
-    <p>Version 4.17 supports code replacement in runtime from/to
-      version 4.16.2, 4.16.1, 4.16, 4.15, 4.14 and 4.13.5.</p>
-
-    <section>
-      <title>Improvements and new features</title>
-      <!-- 
-      <p>-</p> 
-      -->
-      <list type="bulleted">
-        <item>
-          <p>[agent] Added very basic support for multiple SNMPv3 
-            EngineIDs in a single agent. See 
-            <seealso marker="snmpa#send_notification">send_notification/7</seealso>, 
-            <seealso marker="snmpa_mpd#process_packet">process_packet/7</seealso>, 
-            <seealso marker="snmpa_mpd#generate_response_msg">generate_response_msg/6</seealso> or 
-            <seealso marker="snmpa_mpd#generate_msg">generate_msg/6</seealso> 
-            for more info. </p> 
-
-          <p>Own Id: OTP-8478</p>
-        </item>
-
-      </list>
-
-    </section>
-
-    <section>
-      <title>Reported Fixed Bugs and Malfunctions</title>
-      <p>-</p>
-
-      <!-- 
-      <list type="bulleted">
-        <item>
-          <p>The config utility 
-            (<seealso marker="snmp#config">snmp:config/0</seealso>)
-            generated a default notify.conf 
-            with a bad name for the standard trap entry (was "stadard trap", 
-            but should have been "standard trap"). This has been corrected. </p>
-          <p>Kenji Rikitake</p>
-          <p>Own Id: OTP-8433</p>
-        </item>
-
-      </list>
-      -->
-
-    </section>
-
-    <section>
-      <title>Incompatibilities</title>
-      <p>-</p>
-    </section>
-  </section> <!-- 4.17 -->
-
-
-  <section>
-    <title>SNMP Development Toolkit 4.16.2</title>
-    <p>Version 4.16.2 supports code replacement in runtime from/to
-      version 4.16.1, 4.16, 4.15, 4.14 and 4.13.5.</p>
-
-    <section>
-      <title>Improvements and new features</title>
-      <!-- 
-      <p>-</p> 
-      -->
-      <list type="bulleted">
-        <item>
-          <p>[compiler] The SMI specifies that a table row OID should be 
-            named: { &lt;tableIdentifier&gt; "1" }. </p>
-	  <p>A new option has been introduced, 
-            <seealso marker="snmpc#compiler_opts">relaxed_row_name_assign_check</seealso>, 
-            that allows for a more liberal numbering scheme</p>
-          <p>Own Id: OTP-8574</p>
-        </item>
-
-        <item>
-          <p>[agent|manager] Changes to make snmp (forward) compatible with 
-            the new version of the crypto application (released in R14).
-            As of R14, crypto is implemented using NIFs. Also,
-            the API is more strict. </p> 
-          <p>Own Id: OTP-8594</p>
-        </item>
-
-        <item>
-          <p>Auto [agent] Changed default value for the MIB server cache. 
-            GC is now on by default. </p>
-          <p>Own Id: OTP-8648</p>
-        </item>
-
-      </list>
-
-    </section>
-
-    <section>
-      <title>Reported Fixed Bugs and Malfunctions</title>
-      <!-- 
-      <p>-</p>
-      -->
-
-      <list type="bulleted">
-        <item>
-          <p>Encode/decode of Counter64 values larger than 
-	    16#7fffffffffffffff (9223372036854775807) failed. </p>
-          <p>Own Id: OTP-8563</p>
-        </item>
-
-        <item>
-          <p>[compiler] Fails to compile non-contiguous BITS. </p>
-	  <p>Per Hedeland</p>
-          <p>Own Id: OTP-8595</p>
-        </item>
-
-        <item>
-          <p>[manager] Raise condition causing the manager server process to 
-            crash. Unregistering an agent while traffic (set/get-operations) 
-            is ongoing could cause a crash in the manager server process 
-            (raise condition). </p>
-          <p>Own Id: OTP-8646</p>
-	  <p>Aux Id: Seq 11585</p>
-        </item>
-
-      </list>
-
-    </section>
-
-    <section>
-      <title>Incompatibilities</title>
-      <p>-</p>
-    </section>
-  </section> <!-- 4.16.2 -->
-
-
-  <section>
-    <title>SNMP Development Toolkit 4.16.1</title>
-    <p>Version 4.16.1 supports code replacement in runtime from/to
-      version 4.16, 4.15, 4.14 and 4.13.5.</p>
-
-    <section>
-      <title>Improvements and new features</title>
-      <p>-</p> 
-      <!-- 
-      <list type="bulleted">
-        <item>
-          <p>[agent|manager] Entries in the audit trail log can now be 
-            augmented by a sequence number. </p>
-          <p>This is enabled by the <c>seqno</c> option, which is part of the 
-            <seealso marker="snmp_config#audit_trail_log">Audit Trail Log</seealso> 
-            config option. </p>
-          <p>See the 
-            <seealso marker="snmp_app#configuration_params">reference manual</seealso> 
-            or the 
-            <seealso marker="snmp_config#configuration_params">Configuring the application</seealso> 
-            chapter of the User's Guide for further info. </p> 
-
-          <p>Own Id: OTP-8395</p>
-        </item>
-
-      </list>
-      -->
-
-    </section>
-
-    <section>
-      <title>Reported Fixed Bugs and Malfunctions</title>
-      <!-- 
-      <p>-</p>
-      -->
-
-      <list type="bulleted">
-        <item>
-          <p>[manager] Fixed an upgrade/downgrade problem. </p>
-          <p>Upgrade/downgrade from/to 4.13.5 did not work for the net-if 
-            process. This has now been fixed. </p>
-          <p>Own Id: OTP-8481</p>
-        </item>
-
-        <item>
-          <p>[agent] A minor mnesia related performance improvement. </p>
-          <p>Own Id: OTP-8480</p>
-        </item>
-
-      </list>
-
-    </section>
-
-    <section>
-      <title>Incompatibilities</title>
-      <p>-</p>
-    </section>
-  </section> <!-- 4.16.1 -->
-
-
-  <section>
-    <title>SNMP Development Toolkit 4.16</title>
-    <p>Version 4.16 supports code replacement in runtime from/to
-      version 4.15, 4.14 and 4.13.5.</p>
-
-    <section>
-      <title>Improvements and new features</title>
-      <!-- 
-      <p>-</p> 
-      -->
-      <list type="bulleted">
-        <item>
-          <p>[agent|manager] Entries in the audit trail log can now be 
-            augmented by a sequence number. </p>
-          <p>This is enabled by the <c>seqno</c> option, which is part of the 
-            <seealso marker="snmp_config#audit_trail_log">Audit Trail Log</seealso> 
-            config option. </p>
-          <p>See the 
-            <seealso marker="snmp_app#configuration_params">reference manual</seealso> 
-            or the 
-            <seealso marker="snmp_config#configuration_params">Configuring the application</seealso> 
-            chapter of the User's Guide for further info. </p> 
-
-          <p>Own Id: OTP-8395</p>
-        </item>
-
-      </list>
-
-    </section>
-
-    <section>
-      <title>Reported Fixed Bugs and Malfunctions</title>
-      <!-- 
-      <p>-</p>
-      -->
-
-      <list type="bulleted">
-        <item>
-          <p>[manager] Registration of agents using the config file, 
-            <seealso marker="snmp_manager_config_files#agents">agents.conf</seealso>, 
-            does not work. This has now been corrected. </p>
-          <p>Per Hedeland</p>
-          <p>Own Id: OTP-8442</p>
-        </item>
-
-        <item>
-          <p>The config utility 
-            (<seealso marker="snmp#config">snmp:config/0</seealso>)
-            generated a default notify.conf 
-            with a bad name for the standard trap entry (was "stadard trap", 
-            but should have been "standard trap"). This has been corrected. </p>
-          <p>Kenji Rikitake</p>
-          <p>Own Id: OTP-8433</p>
-        </item>
-
-      </list>
-
-    </section>
-
-    <section>
-      <title>Incompatibilities</title>
-      <p>-</p>
-    </section>
-  </section> <!-- 4.16 -->
-
-
-  <section>
-    <title>SNMP Development Toolkit 4.15</title>
-
-    <p>Version 4.15 supports code replacement in runtime from/to
-      version 4.14 and 4.13.5.</p>
-
-    <section>
-      <title>Improvements and new features</title>
-      <!-- 
-      <p>-</p> 
-      -->
-
-      <list type="bulleted">
-        <item>
-          <p>The documentation is now built with open source tools 
-            (<em>xsltproc</em> and <em>fop</em>) that exists on most 
-            platforms. One visible change is that the frames are removed.</p>
-          <p>Own Id: OTP-8249</p>
-        </item>
-
-      </list>
-
-    </section>
-
-    <section>
-      <title>Reported Fixed Bugs and Malfunctions</title>
-      <!-- 
-      <p>-</p>
-      -->
-      <list type="bulleted">
-        <item>
-          <p>[manager] When information from an unknown agent is received,
-            it was previously delivered to the default user via calls to all
-            the functions of the callback API depending on the info type
-            (<c>pdu</c>, <c>trap</c>, <c>report</c> or <c>inform</c>). 
-            The problem was that the <c>TargetName</c> argument was useless 
-            in this case (only an already known agent has a known/valid 
-            <c>TargetName</c>, but the <c>TargetName</c> used in these calls
-            was generated "on the fly"). </p>
-          <p>This has now been changed so that when a message is received 
-            from an unknown agent, then only 
-            <seealso marker="snmpm_user#handle_agent">handle_agent</seealso>
-            (for the default user) is called, but now this call also has a 
-            <c>Type</c> argument, which is 
-            <c>pdu | trap | report | inform</c>, depending on what kind of 
-            message was actually received, thus making it possible for the 
-            user to properly analyze the data received. </p>
-	  <p>To handle this, the 
-            <seealso marker="snmpm_user">snmpm_user</seealso> behaviour has 
-            been updated. </p>
-	  <p>*** POTENTIAL INCOMPATIBILITY ***</p>
-          <p>Own Id: OTP-8229</p>
-	  <!-- <p>Aux Id: Seq 11312</p> -->
-        </item>
-
-      </list>
-
-    </section>
-
-  </section> <!-- 4.15 -->
-
-
   <!-- section>
     <title>Release notes history</title>
     <p>For information about older versions see
diff --git a/lib/snmp/doc/src/notes_history.xml b/lib/snmp/doc/src/notes_history.xml
index 722d02afbd..023717cd7c 100644
--- a/lib/snmp/doc/src/notes_history.xml
+++ b/lib/snmp/doc/src/notes_history.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2004</year><year>2010</year>
+      <year>2004</year><year>2012</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -33,6 +33,355 @@
   </header>
 
   <section>
+    <title>SNMP Development Toolkit 4.17.1</title>
+    <p>Version 4.17.1 supports code replacement in runtime from/to
+      version 4.17, 4.16.2, 4.16.1, 4.16, 4.15, 4.14 and 4.13.5.</p>
+
+    <section>
+      <title>Improvements and new features</title>
+      <p>-</p> 
+    </section>
+
+    <section>
+      <title>Reported Fixed Bugs and Malfunctions</title>
+      <list type="bulleted">
+        <item>
+          <p>When the function FilterMod:accept_recv/2
+	  returned false the SNMP agent stopped collecting 
+	  messages from UDP.</p>
+          <p>Own Id: OTP-8761</p>
+        </item>
+      </list>
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+    </section>
+  </section> <!-- 4.17.1 -->
+
+
+  <section>
+    <title>SNMP Development Toolkit 4.17</title>
+    <p>Version 4.17 supports code replacement in runtime from/to
+      version 4.16.2, 4.16.1, 4.16, 4.15, 4.14 and 4.13.5.</p>
+
+    <section>
+      <title>Improvements and new features</title>
+      <!-- 
+      <p>-</p> 
+      -->
+      <list type="bulleted">
+        <item>
+          <p>[agent] Added very basic support for multiple SNMPv3 
+            EngineIDs in a single agent. See 
+            <seealso marker="snmpa#send_notification">send_notification/7</seealso>, 
+            <seealso marker="snmpa_mpd#process_packet">process_packet/7</seealso>, 
+            <seealso marker="snmpa_mpd#generate_response_msg">generate_response_msg/6</seealso> or 
+            <seealso marker="snmpa_mpd#generate_msg">generate_msg/6</seealso> 
+            for more info. </p> 
+
+          <p>Own Id: OTP-8478</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Reported Fixed Bugs and Malfunctions</title>
+      <p>-</p>
+
+      <!-- 
+      <list type="bulleted">
+        <item>
+          <p>The config utility 
+            (<seealso marker="snmp#config">snmp:config/0</seealso>)
+            generated a default notify.conf 
+            with a bad name for the standard trap entry (was "stadard trap", 
+            but should have been "standard trap"). This has been corrected. </p>
+          <p>Kenji Rikitake</p>
+          <p>Own Id: OTP-8433</p>
+        </item>
+
+      </list>
+      -->
+
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+    </section>
+  </section> <!-- 4.17 -->
+
+
+  <section>
+    <title>SNMP Development Toolkit 4.16.2</title>
+    <p>Version 4.16.2 supports code replacement in runtime from/to
+      version 4.16.1, 4.16, 4.15, 4.14 and 4.13.5.</p>
+
+    <section>
+      <title>Improvements and new features</title>
+      <!-- 
+      <p>-</p> 
+      -->
+      <list type="bulleted">
+        <item>
+          <p>[compiler] The SMI specifies that a table row OID should be 
+            named: { &lt;tableIdentifier&gt; "1" }. </p>
+	  <p>A new option has been introduced, 
+            <seealso marker="snmpc#compiler_opts">relaxed_row_name_assign_check</seealso>, 
+            that allows for a more liberal numbering scheme</p>
+          <p>Own Id: OTP-8574</p>
+        </item>
+
+        <item>
+          <p>[agent|manager] Changes to make snmp (forward) compatible with 
+            the new version of the crypto application (released in R14).
+            As of R14, crypto is implemented using NIFs. Also,
+            the API is more strict. </p> 
+          <p>Own Id: OTP-8594</p>
+        </item>
+
+        <item>
+          <p>Auto [agent] Changed default value for the MIB server cache. 
+            GC is now on by default. </p>
+          <p>Own Id: OTP-8648</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Reported Fixed Bugs and Malfunctions</title>
+      <!-- 
+      <p>-</p>
+      -->
+
+      <list type="bulleted">
+        <item>
+          <p>Encode/decode of Counter64 values larger than 
+	    16#7fffffffffffffff (9223372036854775807) failed. </p>
+          <p>Own Id: OTP-8563</p>
+        </item>
+
+        <item>
+          <p>[compiler] Fails to compile non-contiguous BITS. </p>
+	  <p>Per Hedeland</p>
+          <p>Own Id: OTP-8595</p>
+        </item>
+
+        <item>
+          <p>[manager] Raise condition causing the manager server process to 
+            crash. Unregistering an agent while traffic (set/get-operations) 
+            is ongoing could cause a crash in the manager server process 
+            (raise condition). </p>
+          <p>Own Id: OTP-8646</p>
+	  <p>Aux Id: Seq 11585</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+    </section>
+  </section> <!-- 4.16.2 -->
+
+
+  <section>
+    <title>SNMP Development Toolkit 4.16.1</title>
+    <p>Version 4.16.1 supports code replacement in runtime from/to
+      version 4.16, 4.15, 4.14 and 4.13.5.</p>
+
+    <section>
+      <title>Improvements and new features</title>
+      <p>-</p> 
+      <!-- 
+      <list type="bulleted">
+        <item>
+          <p>[agent|manager] Entries in the audit trail log can now be 
+            augmented by a sequence number. </p>
+          <p>This is enabled by the <c>seqno</c> option, which is part of the 
+            <seealso marker="snmp_config#audit_trail_log">Audit Trail Log</seealso> 
+            config option. </p>
+          <p>See the 
+            <seealso marker="snmp_app#configuration_params">reference manual</seealso> 
+            or the 
+            <seealso marker="snmp_config#configuration_params">Configuring the application</seealso> 
+            chapter of the User's Guide for further info. </p> 
+
+          <p>Own Id: OTP-8395</p>
+        </item>
+
+      </list>
+      -->
+
+    </section>
+
+    <section>
+      <title>Reported Fixed Bugs and Malfunctions</title>
+      <!-- 
+      <p>-</p>
+      -->
+
+      <list type="bulleted">
+        <item>
+          <p>[manager] Fixed an upgrade/downgrade problem. </p>
+          <p>Upgrade/downgrade from/to 4.13.5 did not work for the net-if 
+            process. This has now been fixed. </p>
+          <p>Own Id: OTP-8481</p>
+        </item>
+
+        <item>
+          <p>[agent] A minor mnesia related performance improvement. </p>
+          <p>Own Id: OTP-8480</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+    </section>
+  </section> <!-- 4.16.1 -->
+
+
+  <section>
+    <title>SNMP Development Toolkit 4.16</title>
+    <p>Version 4.16 supports code replacement in runtime from/to
+      version 4.15, 4.14 and 4.13.5.</p>
+
+    <section>
+      <title>Improvements and new features</title>
+      <!-- 
+      <p>-</p> 
+      -->
+      <list type="bulleted">
+        <item>
+          <p>[agent|manager] Entries in the audit trail log can now be 
+            augmented by a sequence number. </p>
+          <p>This is enabled by the <c>seqno</c> option, which is part of the 
+            <seealso marker="snmp_config#audit_trail_log">Audit Trail Log</seealso> 
+            config option. </p>
+          <p>See the 
+            <seealso marker="snmp_app#configuration_params">reference manual</seealso> 
+            or the 
+            <seealso marker="snmp_config#configuration_params">Configuring the application</seealso> 
+            chapter of the User's Guide for further info. </p> 
+
+          <p>Own Id: OTP-8395</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Reported Fixed Bugs and Malfunctions</title>
+      <!-- 
+      <p>-</p>
+      -->
+
+      <list type="bulleted">
+        <item>
+          <p>[manager] Registration of agents using the config file, 
+            <seealso marker="snmp_manager_config_files#agents">agents.conf</seealso>, 
+            does not work. This has now been corrected. </p>
+          <p>Per Hedeland</p>
+          <p>Own Id: OTP-8442</p>
+        </item>
+
+        <item>
+          <p>The config utility 
+            (<seealso marker="snmp#config">snmp:config/0</seealso>)
+            generated a default notify.conf 
+            with a bad name for the standard trap entry (was "stadard trap", 
+            but should have been "standard trap"). This has been corrected. </p>
+          <p>Kenji Rikitake</p>
+          <p>Own Id: OTP-8433</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Incompatibilities</title>
+      <p>-</p>
+    </section>
+  </section> <!-- 4.16 -->
+
+
+  <section>
+    <title>SNMP Development Toolkit 4.15</title>
+
+    <p>Version 4.15 supports code replacement in runtime from/to
+      version 4.14 and 4.13.5.</p>
+
+    <section>
+      <title>Improvements and new features</title>
+      <!-- 
+      <p>-</p> 
+      -->
+
+      <list type="bulleted">
+        <item>
+          <p>The documentation is now built with open source tools 
+            (<em>xsltproc</em> and <em>fop</em>) that exists on most 
+            platforms. One visible change is that the frames are removed.</p>
+          <p>Own Id: OTP-8249</p>
+        </item>
+
+      </list>
+
+    </section>
+
+    <section>
+      <title>Reported Fixed Bugs and Malfunctions</title>
+      <!-- 
+      <p>-</p>
+      -->
+      <list type="bulleted">
+        <item>
+          <p>[manager] When information from an unknown agent is received,
+            it was previously delivered to the default user via calls to all
+            the functions of the callback API depending on the info type
+            (<c>pdu</c>, <c>trap</c>, <c>report</c> or <c>inform</c>). 
+            The problem was that the <c>TargetName</c> argument was useless 
+            in this case (only an already known agent has a known/valid 
+            <c>TargetName</c>, but the <c>TargetName</c> used in these calls
+            was generated "on the fly"). </p>
+          <p>This has now been changed so that when a message is received 
+            from an unknown agent, then only 
+            <seealso marker="snmpm_user#handle_agent">handle_agent</seealso>
+            (for the default user) is called, but now this call also has a 
+            <c>Type</c> argument, which is 
+            <c>pdu | trap | report | inform</c>, depending on what kind of 
+            message was actually received, thus making it possible for the 
+            user to properly analyze the data received. </p>
+	  <p>To handle this, the 
+            <seealso marker="snmpm_user">snmpm_user</seealso> behaviour has 
+            been updated. </p>
+	  <p>*** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>Own Id: OTP-8229</p>
+	  <!-- <p>Aux Id: Seq 11312</p> -->
+        </item>
+
+      </list>
+
+    </section>
+
+  </section> <!-- 4.15 -->
+
+
+  <section>
     <title>SNMP Development Toolkit 4.14</title>
 
     <p>Version 4.14 supports code replacement in runtime from/to
diff --git a/lib/snmp/doc/src/snmp_app.xml b/lib/snmp/doc/src/snmp_app.xml
index 694e619da1..f6abe783b3 100644
--- a/lib/snmp/doc/src/snmp_app.xml
+++ b/lib/snmp/doc/src/snmp_app.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE appref SYSTEM "appref.dtd">
 
 <appref>
   <header>
     <copyright>
-      <year>1997</year><year>2010</year>
+      <year>1997</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -78,7 +78,15 @@
       ].
     </pre>
 
-    <!-- The info below is also found in the snmp_config.xml file -->
+
+    <!-- 
+	 ********************************************************
+
+	 The info below is also found in the snmp_config.xml file 
+
+	 ********************************************************
+    -->
+
 
     <p>Each snmp component has its own set of configuration parameters,
       even though some of the types are common to both components. </p>
@@ -92,6 +100,7 @@
                        {agent_verbosity,  verbosity()}        |  
                        {discovery,        agent_discovery()}  |  
                        {versions,         versions()}         |  
+                       {gb_max_vbs,       gb_max_vbs()}       |  
                        {priority,         priority()}         |  
                        {multi_threaded,   multi_threaded()}   |  
                        {db_dir,           db_dir()}           |  
@@ -122,8 +131,10 @@
                          {def_user_data,            def_user_data()}
     </pre>
 
+    <marker id="agent_opts_and_types"></marker>
     <p>Agent specific config options and types:</p>
     <taglist>
+      <marker id="agent_type"></marker>
       <tag><c><![CDATA[agent_type() = master | sub <optional>]]></c></tag>
       <item>
         <p>If <c>master</c>, one master agent is
@@ -131,6 +142,7 @@
         <p>Default is <c>master</c>.</p>
       </item>
 
+      <marker id="agent_disco"></marker>
       <tag><c><![CDATA[agent_discovery() = [agent_discovery_opt()] <optional>]]></c></tag>
       <item>
         <p><c>agent_discovery_opt() = 
@@ -143,6 +155,7 @@
         <p>For defaults see the options in <c>agent_discovery_opt()</c>.</p>
       </item>
 
+      <marker id="agent_term_disco_opts"></marker>
       <tag><c><![CDATA[agent_terminating_discovery_opts() = [agent_terminating_discovery_opt()] <optional>]]></c></tag>
       <item>
         <p><c>agent_terminating_discovery_opt() = 
@@ -160,6 +173,7 @@
         </list>
       </item>
 
+      <marker id="agent_orig_disco_opts"></marker>
       <tag><c><![CDATA[agent_originating_discovery_opts() = [agent_originating_discovery_opt()] <optional>]]></c></tag>
       <item>
         <p><c>agent_originating_discovery_opt() = 
@@ -173,6 +187,7 @@
         </list>
       </item>
 
+      <marker id="agent_mt"></marker>
       <tag><c><![CDATA[multi_threaded() = bool() <optional>]]></c></tag>
       <item>
         <p>If <c>true</c>, the agent is multi-threaded, with one
@@ -180,11 +195,21 @@
         <p>Default is <c>false</c>.</p>
       </item>
 
+      <marker id="agent_data_dir"></marker>
       <tag><c><![CDATA[db_dir() = string() <mandatory>]]></c></tag>
       <item>
         <p>Defines where the SNMP agent internal db files are stored.</p>
       </item>
 
+      <marker id="agent_gb_max_vbs"></marker>
+      <tag><c><![CDATA[gb_max_vbs() = pos_integer() | infinity <optional>]]></c></tag>
+      <item>
+        <p>Defines the maximum number of varbinds allowed 
+	in a Get-BULK response.</p>
+        <p>Default is <c>1000</c>.</p>
+      </item>
+
+      <marker id="agent_local_db"></marker>
       <tag><c><![CDATA[local_db() = [local_db_opt()] <optional>]]></c></tag>
       <item>
         <p><c>local_db_opt() = {repair, agent_repair()} | {auto_save, agent_auto_save()} |   {verbosity, verbosity()}</c></p>
@@ -192,6 +217,7 @@
         <p>For defaults see the options in <c>local_db_opt()</c>.</p>
       </item>
 
+      <marker id="agent_ldb_repair"></marker>
       <tag><c><![CDATA[agent_repair() = false | true | force <optional>]]></c></tag>
       <item>
         <p>When starting snmpa_local_db it always tries to open an
@@ -202,6 +228,7 @@
         <p>Default is <c>true</c>.</p>
       </item>
 
+      <marker id="agent_ldb_auto_save"></marker>
       <tag><c><![CDATA[agent_auto_save() = integer() | infinity <optional>]]></c></tag>
       <item>
         <p>The auto save interval. The table is flushed to disk
@@ -209,6 +236,7 @@
         <p>Default is <c>5000</c>.</p>
       </item>
 
+      <marker id="agent_net_if"></marker>
       <tag><c><![CDATA[agent_net_if() = [agent_net_if_opt()] <optional>]]></c></tag>
       <item>
         <p><c>agent_net_if_opt() = {module, agent_net_if_module()} |  {verbosity, verbosity()} |  {options, agent_net_if_options()}</c></p>
@@ -217,6 +245,7 @@
         <p>For defaults see the options in <c>agent_net_if_opt()</c>.</p>
       </item>
 
+      <marker id="agent_ni_module"></marker>
       <tag><c><![CDATA[agent_net_if_module() = atom() <optional>]]></c></tag>
       <item>
         <p>Module which handles the network interface part for the
@@ -225,6 +254,7 @@
         <p>Default is <c>snmpa_net_if</c>.</p>
       </item>
 
+      <marker id="agent_ni_opts"></marker>
       <tag><c><![CDATA[agent_net_if_options() = [agent_net_if_option()] <optional>]]></c></tag>
       <item>
         <p><c>agent_net_if_option() = {bind_to, bind_to()} |  
@@ -239,12 +269,14 @@
         <p>For defaults see the options in <c>agent_net_if_option()</c>.</p>
       </item>
 
+      <marker id="agent_ni_req_limit"></marker>
       <tag><c><![CDATA[req_limit() = integer() | infinity <optional>]]></c></tag>
       <item>
         <p>Max number of simultaneous requests handled by the agent.</p>
         <p>Default is <c>infinity</c>.</p>
       </item>
 
+      <marker id="agent_ni_filter_opts"></marker>
       <tag><c><![CDATA[agent_net_if_filter_options() = [agent_net_if_filter_option()] <optional>]]></c></tag>
       <item>
 	<p><c>agent_net_if_filter_option() = {module, agent_net_if_filter_module()}</c></p>
@@ -255,6 +287,7 @@
           <c>agent_net_if_filter_option()</c>.</p>
       </item>
 
+      <marker id="agent_ni_filter_module"></marker>
       <tag><c><![CDATA[agent_net_if_filter_module() = atom() <optional>]]></c></tag>
       <item>
 	<p>Module which handles the network interface filter part for the
@@ -263,6 +296,7 @@
 	<p>Default is <c>snmpa_net_if_filter</c>.</p>
       </item>
 
+      <marker id="agent_mibs"></marker>
       <tag><c><![CDATA[agent_mibs() = [string()] <optional>]]></c></tag>
       <item>
         <p>Specifies a list of MIBs (including path) that defines which MIBs
@@ -277,6 +311,7 @@
         <p>Default is <c>[]</c>.</p>
       </item>
 
+      <marker id="agent_mib_storage"></marker>
       <tag><c><![CDATA[mib_storage() = ets | {ets, Dir} | {ets, Dir, Action} | dets | {dets, Dir} | {dets, Dir, Action} | mnesia | {mnesia, Nodes} | {mnesia, Nodes, Action} <optional>]]></c></tag>
       <item>
         <p>Specifies how info retrieved from the mibs will be stored.</p>
@@ -302,6 +337,7 @@
           mnesia/dets table already exist.</p>
       </item>
 
+      <marker id="agent_mib_server"></marker>
       <tag><c><![CDATA[mib_server() = [mib_server_opt()] <optional>]]></c></tag>
       <item>
         <p><c>mib_server_opt() = {mibentry_override, mibentry_override()} |  {trapentry_override, trapentry_override()} |  {verbosity, verbosity()} | {cache, mibs_cache()}</c></p>
@@ -309,6 +345,7 @@
         <p>For defaults see the options in <c>mib_server_opt()</c>.</p>
       </item>
 
+      <marker id="agent_ms_meo"></marker>
       <tag><c><![CDATA[mibentry_override() = bool() <optional>]]></c></tag>
       <item>
         <p>If this value is false, then when loading a mib each mib-
@@ -318,6 +355,7 @@
         <p>Default is <c>false</c>.</p>
       </item>
 
+      <marker id="agent_ms_teo"></marker>
       <tag><c><![CDATA[trapentry_override() = bool() <optional>]]></c></tag>
       <item>
         <p>If this value is false, then when loading a mib each trap
@@ -327,6 +365,7 @@
         <p>Default is <c>false</c>.</p>
       </item>
 
+      <marker id="agent_ms_cache"></marker>
       <tag><c><![CDATA[mibs_cache() = bool() | mibs_cache_opts() <optional>]]></c></tag>
       <item>
         <p>Shall the agent utilize the mib server lookup cache or not.</p>
@@ -334,6 +373,7 @@
           default values apply).</p>
       </item>
 
+      <marker id="agent_ms_cache_opts"></marker>
       <tag><c><![CDATA[mibs_cache_opts() = [mibs_cache_opt()] <optional>]]></c></tag>
       <item>
         <p><c>mibs_cache_opt() = {autogc, mibs_cache_autogc()} | {gclimit, mibs_cache_gclimit()} | {age, mibs_cache_age()}</c></p>
@@ -341,6 +381,7 @@
         <p>For defaults see the options in <c>mibs_cache_opt()</c>.</p>
       </item>
 
+      <marker id="agent_ms_cache_autogc"></marker>
       <tag><c><![CDATA[mibs_cache_autogc() = bool() <optional>]]></c></tag>
       <item>
         <p>Defines if the mib server shall perform cache gc automatically or 
@@ -349,6 +390,7 @@
         <p>Default is <c>true</c>.</p>
       </item>
 
+      <marker id="agent_ms_cache_age"></marker>
       <tag><c><![CDATA[mibs_cache_age() = integer() > 0 <optional>]]></c></tag>
       <item>
         <p>Defines how old the entries in the cache will be allowed before 
@@ -358,6 +400,7 @@
         <p>Default is <c>10 timutes</c>.</p>
       </item>
 
+      <marker id="agent_ms_cache_gclimit"></marker>
       <tag><c><![CDATA[mibs_cache_gclimit() = integer() > 0 | infinity <optional>]]></c></tag>
       <item>
         <p>When performing a GC, this is the max number of cache entries 
@@ -368,6 +411,7 @@
         <p>Default is <c>100</c>.</p>
       </item>
 
+      <marker id="agent_error_report_mod"></marker>
       <tag><c><![CDATA[error_report_mod() = atom() <optional>]]></c></tag>
       <item>
         <p>Defines an error report module, implementing the 
@@ -377,6 +421,7 @@
         <p>Default is <c>snmpa_error_logger</c>.</p>
       </item>
 
+      <marker id="agent_symbolic_store"></marker>
       <tag><c>symbolic_store() = [symbolic_store_opt()]</c></tag>
       <item>
         <p><c>symbolic_store_opt() = {verbosity, verbosity()}</c></p>
@@ -384,23 +429,29 @@
         <p>For defaults see the options in <c>symbolic_store_opt()</c>.</p>
       </item>
 
+      <marker id="agent_target_cache"></marker>
       <tag><c>target_cache() = [target_cache_opt()]</c></tag>
       <item>
         <p><c>target_cache_opt() = {verbosity, verbosity()}</c></p>
         <p>Defines options specific for the SNMP agent target cache. </p>
         <p>For defaults see the options in <c>target_cache_opt()</c>.</p>
       </item>
+
+      <marker id="agent_config"></marker>
       <tag><c><![CDATA[agent_config() = [agent_config_opt()] <mandatory>]]></c></tag>
       <item>
         <p><c>agent_config_opt() = {dir, agent_config_dir()} |  {force_load, force_load()} | {verbosity, verbosity()}</c></p>
         <p>Defines specific config related options for the SNMP agent. </p>
         <p>For defaults see the options in <c>agent_config_opt()</c>.</p>
       </item>
+
+      <marker id="agent_config_dir"></marker>
       <tag><c><![CDATA[agent_config_dir = dir() <mandatory>]]></c></tag>
       <item>
         <p>Defines where the SNMP agent configuration files are stored.</p>
       </item>
 
+      <marker id="agent_force_load"></marker>
       <tag><c><![CDATA[force_load() = bool() <optional>]]></c></tag>
       <item>
         <p>If <c>true</c> the configuration files are re-read
@@ -412,14 +463,18 @@
       </item>
     </taglist>
 
+    <marker id="manager_opts_and_types"></marker>
     <p>Manager specific config options and types:</p>
     <taglist>
+      <marker id="manager_server"></marker>
       <tag><c><![CDATA[server() = [server_opt()] <optional>]]></c></tag>
       <item>
         <p><c>server_opt() = {timeout, server_timeout()} |  {verbosity, verbosity()}</c></p>
         <p>Specifies the options for the manager server process.</p>
         <p>Default is <c>silence</c>.</p>
       </item>
+
+      <marker id="manager_server_timeout"></marker>
       <tag><c><![CDATA[server_timeout() = integer() <optional>]]></c></tag>
       <item>
         <p>Asynchroneous request cleanup time. For every requests, 
@@ -440,6 +495,7 @@
         <p>Default is <c>30000</c>.</p>
       </item>
 
+      <marker id="manager_config"></marker>
       <tag><c><![CDATA[manager_config() = [manager_config_opt()] <mandatory>]]></c></tag>
       <item>
         <p><c>manager_config_opt() = {dir, manager_config_dir()} |  {db_dir, manager_db_dir()} |  {db_init_error, db_init_error()} |  {repair, manager_repair()} |  {auto_save, manager_auto_save()} |  {verbosity, verbosity()}</c></p>
@@ -447,16 +503,19 @@
         <p>For defaults see the options in <c>manager_config_opt()</c>.</p>
       </item>
 
+      <marker id="manager_config_dir"></marker>
       <tag><c><![CDATA[manager_config_dir = dir() <mandatory>]]></c></tag>
       <item>
         <p>Defines where the SNMP manager configuration files are stored.</p>
       </item>
 
+      <marker id="manager_config_db_dir"></marker>
       <tag><c><![CDATA[manager_db_dir = dir() <mandatory>]]></c></tag>
       <item>
         <p>Defines where the SNMP manager store persistent data.</p>
       </item>
 
+      <marker id="manager_config_repair"></marker>
       <tag><c><![CDATA[manager_repair() = false | true | force <optional>]]></c></tag>
       <item>
         <p>Defines the repair option for the persistent database (if 
@@ -464,6 +523,7 @@
         <p>Default is <c>true</c>.</p>
       </item>
 
+      <marker id="manager_config_auto_save"></marker>
       <tag><c><![CDATA[manager_auto_save() = integer() | infinity <optional>]]></c></tag>
       <item>
         <p>The auto save interval. The table is flushed to disk
@@ -471,6 +531,7 @@
         <p>Default is <c>5000</c>.</p>
       </item>
 
+      <marker id="manager_irb"></marker>
       <tag><c><![CDATA[manager_irb() = auto | user | {user, integer()} <optional>]]></c></tag>
       <item>
         <p>This option defines how the manager will handle the sending of 
@@ -500,6 +561,7 @@
         <p>Default is <c>auto</c>.</p>
       </item>
 
+      <marker id="manager_mibs"></marker>
       <tag><c><![CDATA[manager_mibs() = [string()] <optional>]]></c></tag>
       <item>
         <p>Specifies a list of MIBs (including path) and defines which MIBs
@@ -507,6 +569,7 @@
         <p>Default is <c>[]</c>.</p>
       </item>
 
+      <marker id="manager_net_if"></marker>
       <tag><c><![CDATA[manager_net_if() = [manager_net_if_opt()] <optional>]]></c></tag>
       <item>
         <p><c>manager_net_if_opt() = {module, manager_net_if_module()} | 
@@ -517,6 +580,7 @@
         <p>For defaults see the options in <c>manager_net_if_opt()</c>.</p>
       </item>
 
+      <marker id="manager_ni_opts"></marker>
       <tag><c><![CDATA[manager_net_if_options() = [manager_net_if_option()] <optional>]]></c></tag>
       <item>
         <p><c>manager_net_if_option() = {bind_to, bind_to()} | 
@@ -530,6 +594,7 @@
         <p>For defaults see the options in <c>manager_net_if_option()</c>.</p>
       </item>
 
+      <marker id="manager_ni_module"></marker>
       <tag><c><![CDATA[manager_net_if_module() = atom() <optional>]]></c></tag>
       <item>
         <p>Module which handles the network interface part for the
@@ -538,6 +603,7 @@
         <p>Default is <c>snmpm_net_if</c>.</p>
       </item>
 
+      <marker id="manager_ni_filter_opts"></marker>
       <tag><c><![CDATA[manager_net_if_filter_options() = [manager_net_if_filter_option()] <optional>]]></c></tag>
       <item>
 	<p><c>manager_net_if_filter_option() = {module, manager_net_if_filter_module()}</c></p>
@@ -548,6 +614,7 @@
           <c>manager_net_if_filter_option()</c>.</p>
       </item>
 
+      <marker id="manager_ni_filter_module"></marker>
       <tag><c><![CDATA[manager_net_if_filter_module() = atom() <optional>]]></c></tag>
       <item>
 	<p>Module which handles the network interface filter part for the
@@ -556,6 +623,7 @@
 	<p>Default is <c>snmpm_net_if_filter</c>.</p>
       </item>
 
+      <marker id="manager_def_user_module"></marker>
       <tag><c><![CDATA[def_user_module() = atom() <optional>]]></c></tag>
       <item>
         <p>The module implementing the default user. See the 
@@ -563,6 +631,7 @@
         <p>Default is <c>snmpm_user_default</c>.</p>
       </item>
 
+      <marker id="manager_def_user_data"></marker>
       <tag><c><![CDATA[def_user_data() = term() <optional>]]></c></tag>
       <item>
         <p>Data for the default user. Passed to the user module when 
@@ -571,8 +640,10 @@
       </item>
     </taglist>
 
+    <marker id="common_types"></marker>
     <p>Common config types:</p>
     <taglist>
+      <marker id="restart_type"></marker>
       <tag><c>restart_type() = permanent | transient | temporary</c></tag>
       <item>
         <p>See <seealso marker="stdlib:supervisor#child_spec">supervisor</seealso> 
@@ -580,6 +651,8 @@
         <p>Default is <c>permanent</c> for the agent and <c>transient</c>
           for the manager.</p>
       </item>
+
+      <marker id="db_init_error"></marker>
       <tag><c>db_init_error() = terminate | create</c></tag>
       <item>
         <p>Defines what to do if the agent or manager is unable to open an
@@ -588,23 +661,31 @@
           agent/manager will remove the faulty file(s) and create new ones.</p>
         <p>Default is <c>terminate</c>.</p>
       </item>
+
+      <marker id="prio"></marker>
       <tag><c><![CDATA[priority() = atom() <optional>]]></c></tag>
       <item>
         <p>Defines the Erlang priority for all SNMP processes.</p>
         <p>Default is <c>normal</c>.</p>
       </item>
+
+      <marker id="versions"></marker>
       <tag><c><![CDATA[versions() = [version()] <optional>]]></c></tag>
       <item>
         <p><c>version() = v1 | v2 | v3</c></p>
         <p>Which SNMP versions shall be accepted/used.</p>
         <p>Default is <c>[v1,v2,v3]</c>.</p>
       </item>
+
+      <marker id="verbosity"></marker>
       <tag><c><![CDATA[verbosity() = silence | info | log | debug | trace <optional>]]></c></tag>
       <item>
         <p>Verbosity for a SNMP process. This specifies now much debug info
           is printed.</p>
         <p>Default is <c>silence</c>.</p>
       </item>
+
+      <marker id="bind_to"></marker>
       <tag><c><![CDATA[bind_to() = bool() <optional>]]></c></tag>
       <item>
         <p>If <c>true</c>, net_if binds to the IP address.
@@ -612,6 +693,8 @@
           where it is running. </p>
         <p>Default is <c>false</c>.</p>
       </item>
+
+      <marker id="no_reuse"></marker>
       <tag><c><![CDATA[no_reuse() = bool() <optional>]]></c></tag>
       <item>
         <p>If <c>true</c>, net_if does not specify that the IP
@@ -619,22 +702,30 @@
           the address is set to reusable. </p>
         <p>Default is <c>false</c>.</p>
       </item>
+
+      <marker id="recbuf"></marker>
       <tag><c><![CDATA[recbuf() = integer() <optional>]]></c></tag>
       <item>
         <p>Receive buffer size. </p>
         <p>Default value is defined by <c>gen_udp</c>.</p>
       </item>
+
+      <marker id="sndbuf"></marker>
       <tag><c><![CDATA[sndbuf() = integer() <optional>]]></c></tag>
       <item>
         <p>Send buffer size. </p>
         <p>Default value is defined by <c>gen_udp</c>.</p>
       </item>
+
+      <marker id="note_store"></marker>
       <tag><c><![CDATA[note_store() = [note_store_opt()] <optional>]]></c></tag>
       <item>
         <p><c>note_store_opt() = {timeout, note_store_timeout()} |  {verbosity, verbosity()}</c></p>
         <p>Specifies the start-up verbosity for the SNMP note store.</p>
         <p>For defaults see the options in <c>note_store_opt()</c>.</p>
       </item>
+
+      <marker id="ns_timeout"></marker>
       <tag><c><![CDATA[note_store_timeout() = integer() <optional>]]></c></tag>
       <item>
         <p>Note cleanup time. When storing a note in the note store,
@@ -643,9 +734,9 @@
           milli-seconds.</p>
         <p>Default is <c>30000</c>.</p>
 
-      <marker id="audit_trail_log"></marker>
       </item>
 
+      <marker id="audit_trail_log"></marker>
       <tag><c><![CDATA[audit_trail_log() = [audit_trail_log_opt()] <optional>]]></c></tag>
       <item>
         <p><c>audit_trail_log_opt() = {type, atl_type()} | {dir, atl_dir()} |  {size, atl_size()} |  {repair, atl_repair()} | {seqno, atl_seqno()}</c></p>
@@ -655,6 +746,8 @@
           <c>size</c> options are mandatory.</p>
         <p>If not present, audit trail logging is not used.</p>
       </item>
+
+      <marker id="atl_type"></marker>
       <tag><c><![CDATA[atl_type() = read | write | read_write <optional>]]></c></tag>
       <item>
         <p>Specifies what type of an audit trail log should be used. 
@@ -675,12 +768,16 @@
         </list>
         <p>Default is <c>read_write</c>.</p>
       </item>
+
+      <marker id="atl_dir"></marker>
       <tag><c><![CDATA[atl_dir = dir() <mandatory>]]></c></tag>
       <item>
         <p>Specifies where the audit trail log should be stored.</p>
         <p>If <c>audit_trail_log</c> specifies that logging should take
           place, this parameter <em>must</em> be defined.</p>
       </item>
+
+      <marker id="atl_size"></marker>
       <tag><c><![CDATA[atl_size() = {integer(), integer()} <mandatory>]]></c></tag>
       <item>
         <p>Specifies the size of the audit
@@ -688,6 +785,8 @@
         <p>If <c>audit_trail_log</c> specifies that logging should 
           take place, this parameter <em>must</em> be defined.</p>
       </item>
+
+      <marker id="atl_repair"></marker>
       <tag><c><![CDATA[atl_repair() = true | false | truncate | snmp_repair <optional>]]></c></tag>
       <item>
         <p>Specifies if and how the audit trail log shall be repaired
@@ -699,6 +798,8 @@
           analysis.</p>
         <p>Default is <c>true</c>.</p>
       </item>
+
+      <marker id="atl_seqno"></marker>
       <tag><c><![CDATA[atl_seqno() = true | false <optional>]]></c></tag>
       <item>
         <p>Specifies if the audit trail log entries will be (sequence)
diff --git a/lib/snmp/doc/src/snmp_config.xml b/lib/snmp/doc/src/snmp_config.xml
index fc8562b638..0a49b7a62e 100644
--- a/lib/snmp/doc/src/snmp_config.xml
+++ b/lib/snmp/doc/src/snmp_config.xml
@@ -40,6 +40,7 @@
     <item>starting the application (agent and/or manager)</item>
     <item>debugging the application (agent and/or manager)</item>
   </list>
+
   <p>Refer also to the chapter(s) 
     <seealso marker="snmp_agent_config_files">Definition of Agent  Configuration Files</seealso> and  
     <seealso marker="snmp_manager_config_files">Definition of Manager  Configuration Files</seealso> which contains more detailed information 
@@ -73,7 +74,14 @@
       </item>
     </list>
 
-    <!-- The info below is also found in the snmp_app.xml file -->
+
+    <!-- 
+	 *****************************************************
+
+	 The info below is also found in the snmp_app.xml file 
+
+	 *****************************************************
+    -->
 
     <p>The agent and manager uses (application) configuration parameters to 
       find out where these directories are located. The parameters should be
@@ -87,6 +95,7 @@
                        {agent_verbosity,  verbosity()}        |  
                        {versions,         versions()}         |  
                        {discovery,        agent_discovery()}  |  
+                       {gb_max_vbs,       gb_max_vbs()}       |  
                        {priority,         priority()}         |  
                        {multi_threaded,   multi_threaded()}   |  
                        {db_dir,           db_dir()}           |  
@@ -117,8 +126,10 @@
                          {def_user_data,            def_user_data()}
     </pre>
 
+    <marker id="agent_opts_and_types"></marker>
     <p>Agent specific config options and types:</p>
     <taglist>
+      <marker id="agent_type"></marker>
       <tag><c><![CDATA[agent_type() = master | sub <optional>]]></c></tag>
       <item>
         <p>If <c>master</c>, one master agent is
@@ -126,6 +137,7 @@
         <p>Default is <c>master</c>.</p>
       </item>
 
+      <marker id="agent_disco"></marker>
       <tag><c><![CDATA[agent_discovery() = [agent_discovery_opt()] <optional>]]></c></tag>
       <item>
         <p><c>agent_discovery_opt() = 
@@ -138,6 +150,7 @@
         <p>For defaults see the options in <c>agent_discovery_opt()</c>.</p>
       </item>
 
+      <marker id="agent_term_disco_opts"></marker>
       <tag><c><![CDATA[agent_terminating_discovery_opts() = [agent_terminating_discovery_opt()] <optional>]]></c></tag>
       <item>
         <p><c>agent_terminating_discovery_opt() = 
@@ -155,6 +168,7 @@
         </list>
       </item>
 
+      <marker id="agent_orig_disco_opts"></marker>
       <tag><c><![CDATA[agent_originating_discovery_opts() = [agent_originating_discovery_opt()] <optional>]]></c></tag>
       <item>
         <p><c>agent_originating_discovery_opt() = 
@@ -168,6 +182,7 @@
         </list>
       </item>
 
+      <marker id="agent_mt"></marker>
       <tag><c><![CDATA[multi_threaded() = bool() <optional>]]></c></tag>
       <item>
         <p>If <c>true</c>, the agent is multi-threaded, with one
@@ -175,11 +190,21 @@
         <p>Default is <c>false</c>.</p>
       </item>
 
+      <marker id="agent_data_dir"></marker>
       <tag><c><![CDATA[db_dir() = string() <mandatory>]]></c></tag>
       <item>
         <p>Defines where the SNMP agent internal db files are stored.</p>
       </item>
 
+      <marker id="agent_gb_max_vbs"></marker>
+      <tag><c><![CDATA[gb_max_vbs() = pos_integer() | infinity <optional>]]></c></tag>
+      <item>
+        <p>Defines the maximum number of varbinds allowed 
+	in a Get-BULK response.</p>
+        <p>Default is <c>1000</c>.</p>
+      </item>
+
+      <marker id="agent_local_db"></marker>
       <tag><c><![CDATA[local_db() = [local_db_opt()] <optional>]]></c></tag>
       <item>
         <p><c>local_db_opt() = {repair, agent_repair()} | {auto_save, agent_auto_save()} |   {verbosity, verbosity()}</c></p>
@@ -187,6 +212,7 @@
         <p>For defaults see the options in <c>local_db_opt()</c>.</p>
       </item>
 
+      <marker id="agent_ldb_repair"></marker>
       <tag><c><![CDATA[agent_repair() = false | true | force <optional>]]></c></tag>
       <item>
         <p>When starting snmpa_local_db it always tries to open an
@@ -197,6 +223,7 @@
         <p>Default is <c>true</c>.</p>
       </item>
 
+      <marker id="agent_ldb_auto_save"></marker>
       <tag><c><![CDATA[agent_auto_save() = integer() | infinity <optional>]]></c></tag>
       <item>
         <p>The auto save interval. The table is flushed to disk
@@ -204,6 +231,7 @@
         <p>Default is <c>5000</c>.</p>
       </item>
 
+      <marker id="agent_net_if"></marker>
       <tag><c><![CDATA[agent_net_if() = [agent_net_if_opt()] <optional>]]></c></tag>
       <item>
         <p><c>agent_net_if_option() = {module, agent_net_if_module()} | 
@@ -214,6 +242,7 @@
         <p>For defaults see the options in <c>agent_net_if_opt()</c>.</p>
       </item>
 
+      <marker id="agent_ni_module"></marker>
       <tag><c><![CDATA[agent_net_if_module() = atom() <optional>]]></c></tag>
       <item>
         <p>Module which handles the network interface part for the
@@ -222,6 +251,7 @@
         <p>Default is <c>snmpa_net_if</c>.</p>
       </item>
 
+      <marker id="agent_ni_opts"></marker>
       <tag><c><![CDATA[agent_net_if_options() = [agent_net_if_option()] <optional>]]></c></tag>
       <item>
         <p><c>agent_net_if_option() = {bind_to, bind_to()} |  
@@ -236,6 +266,14 @@
         <p>For defaults see the options in <c>agent_net_if_option()</c>.</p>
       </item>
 
+      <marker id="agent_ni_req_limit"></marker>
+      <tag><c><![CDATA[req_limit() = integer() | infinity <optional>]]></c></tag>
+      <item>
+        <p>Max number of simultaneous requests handled by the agent.</p>
+        <p>Default is <c>infinity</c>.</p>
+      </item>
+
+      <marker id="agent_ni_filter_opts"></marker>
       <tag><c><![CDATA[agent_net_if_filter_options() = [agent_net_if_filter_option()] <optional>]]></c></tag>
       <item>
 	<p><c><![CDATA[agent_net_if_filter_option() = {module, agent_net_if_filter_module()}]]></c></p>
@@ -245,6 +283,7 @@
 	<p>For defaults see the options in <c>agent_net_if_filter_option()</c>.</p>
       </item>
 
+      <marker id="agent_ni_filter_module"></marker>
       <tag><c><![CDATA[agent_net_if_filter_module() = atom() <optional>]]></c></tag>
       <item>
 	<p>Module which handles the network interface filter part for the
@@ -254,12 +293,7 @@
 	<p>Default is <c>snmpa_net_if_filter</c>.</p>
       </item>
 
-      <tag><c><![CDATA[req_limit() = integer() | infinity <optional>]]></c></tag>
-      <item>
-        <p>Max number of simultaneous requests handled by the agent.</p>
-        <p>Default is <c>infinity</c>.</p>
-      </item>
-
+      <marker id="agent_mibs"></marker>
       <tag><c><![CDATA[agent_mibs() = [string()] <optional>]]></c></tag>
       <item>
         <p>Specifies a list of MIBs (including path) that defines which MIBs
@@ -274,6 +308,7 @@
         <p>Default is <c>[]</c>.</p>
       </item>
 
+      <marker id="agent_mib_storage"></marker>
       <tag><c><![CDATA[mib_storage() = ets | {ets, Dir} | {ets, Dir, Action} | dets | {dets, Dir} | {dets, Dir, Action} | mnesia | {mnesia, Nodes} | {mnesia, Nodes, Action} <optional>]]></c></tag>
       <item>
         <p>Specifies how info retrieved from the mibs will be stored.</p>
@@ -299,6 +334,7 @@
           mnesia/dets table already exist.</p>
       </item>
 
+      <marker id="agent_mib_server"></marker>
       <tag><c><![CDATA[mib_server() = [mib_server_opt()] <optional>]]></c></tag>
       <item>
         <p><c>mib_server_opt() = {mibentry_override, mibentry_override()} |  {trapentry_override, trapentry_override()} |  {verbosity, verbosity()} | {cache, mibs_cache()}</c></p>
@@ -306,6 +342,7 @@
         <p>For defaults see the options in <c>mib_server_opt()</c>.</p>
       </item>
 
+      <marker id="agent_ms_meo"></marker>
       <tag><c><![CDATA[mibentry_override() = bool() <optional>]]></c></tag>
       <item>
         <p>If this value is false, then when loading a mib each mib-
@@ -315,6 +352,7 @@
         <p>Default is <c>false</c>.</p>
       </item>
 
+      <marker id="agent_ms_teo"></marker>
       <tag><c><![CDATA[trapentry_override() = bool() <optional>]]></c></tag>
       <item>
         <p>If this value is false, then when loading a mib each trap
@@ -324,6 +362,7 @@
         <p>Default is <c>false</c>.</p>
       </item>
 
+      <marker id="agent_ms_cache"></marker>
       <tag><c><![CDATA[mibs_cache() = bool() | mibs_cache_opts() <optional>]]></c></tag>
       <item>
         <p>Shall the agent utilize the mib server lookup cache or not.</p>
@@ -331,6 +370,7 @@
           default values apply).</p>
       </item>
 
+      <marker id="agent_ms_cache_opts"></marker>
       <tag><c><![CDATA[mibs_cache_opts() = [mibs_cache_opt()] <optional>]]></c></tag>
       <item>
         <p><c>mibs_cache_opt() = {autogc, mibs_cache_autogc()} | {gclimit, mibs_cache_gclimit()} | {age, mibs_cache_age()}</c></p>
@@ -338,6 +378,7 @@
         <p>For defaults see the options in <c>mibs_cache_opt()</c>.</p>
       </item>
 
+      <marker id="agent_ms_cache_autogc"></marker>
       <tag><c><![CDATA[mibs_cache_autogc() = bool() <optional>]]></c></tag>
       <item>
         <p>Defines if the mib server shall perform cache gc automatically or 
@@ -346,6 +387,7 @@
         <p>Default is <c>true</c>.</p>
       </item>
 
+      <marker id="agent_ms_cache_age"></marker>
       <tag><c><![CDATA[mibs_cache_age() = integer() > 0 <optional>]]></c></tag>
       <item>
         <p>Defines how old the entries in the cache will be allowed before 
@@ -355,6 +397,7 @@
         <p>Default is <c>10 timutes</c>.</p>
       </item>
 
+      <marker id="agent_ms_cache_gclimit"></marker>
       <tag><c><![CDATA[mibs_cache_gclimit() = integer() > 0 | infinity <optional>]]></c></tag>
       <item>
         <p>When performing a GC, this is the max number of cache entries 
@@ -365,6 +408,7 @@
         <p>Default is <c>100</c>.</p>
       </item>
 
+      <marker id="agent_error_report_mod"></marker>
       <tag><c><![CDATA[error_report_mod() = atom() <optional>]]></c></tag>
       <item>
         <p>Defines an error report module, implementing the 
@@ -374,6 +418,7 @@
         <p>Default is <c>snmpa_error_logger</c>.</p>
       </item>
 
+      <marker id="agent_symbolic_store"></marker>
       <tag><c>symbolic_store() = [symbolic_store_opt()]</c></tag>
       <item>
         <p><c>symbolic_store_opt() = {verbosity, verbosity()}</c></p>
@@ -381,12 +426,15 @@
         <p>For defaults see the options in <c>symbolic_store_opt()</c>.</p>
       </item>
 
+      <marker id="agent_target_cache"></marker>
       <tag><c>target_cache() = [target_cache_opt()]</c></tag>
       <item>
         <p><c>target_cache_opt() = {verbosity, verbosity()}</c></p>
         <p>Defines options specific for the SNMP agent target cache. </p>
         <p>For defaults see the options in <c>target_cache_opt()</c>.</p>
       </item>
+
+      <marker id="agent_config"></marker>
       <tag><c><![CDATA[agent_config() = [agent_config_opt()] <mandatory>]]></c></tag>
       <item>
         <p><c>agent_config_opt() = {dir, agent_config_dir()} |  {force_load, force_load()} | {verbosity, verbosity()}</c></p>
@@ -394,11 +442,13 @@
         <p>For defaults see the options in <c>agent_config_opt()</c>.</p>
       </item>
 
+      <marker id="agent_config_dir"></marker>
       <tag><c><![CDATA[agent_config_dir = dir() <mandatory>]]></c></tag>
       <item>
         <p>Defines where the SNMP agent configuration files are stored.</p>
       </item>
 
+      <marker id="agent_force_load"></marker>
       <tag><c><![CDATA[force_load() = bool() <optional>]]></c></tag>
       <item>
         <p>If <c>true</c> the configuration files are re-read
@@ -410,14 +460,18 @@
       </item>
     </taglist>
 
+    <marker id="manager_opts_and_types"></marker>
     <p>Manager specific config options and types:</p>
     <taglist>
+      <marker id="manager_server"></marker>
       <tag><c><![CDATA[server() = [server_opt()] <optional>]]></c></tag>
       <item>
         <p><c>server_opt() = {timeout, server_timeout()} |  {verbosity, verbosity()}</c></p>
         <p>Specifies the options for the manager server process.</p>
         <p>Default is <c>silence</c>.</p>
       </item>
+
+      <marker id="manager_server_timeout"></marker>
       <tag><c><![CDATA[server_timeout() = integer() <optional>]]></c></tag>
       <item>
         <p>Asynchroneous request cleanup time. For every requests, 
@@ -438,6 +492,7 @@
         <p>Default is <c>30000</c>.</p>
       </item>
 
+      <marker id="manager_config"></marker>
       <tag><c><![CDATA[manager_config() = [manager_config_opt()] <mandatory>]]></c></tag>
       <item>
         <p><c>manager_config_opt() = {dir, manager_config_dir()} |  {db_dir, manager_db_dir()} |  {db_init_error, db_init_error()} |  {repair, manager_repair()} |  {auto_save, manager_auto_save()} |  {verbosity, verbosity()}</c></p>
@@ -445,16 +500,19 @@
         <p>For defaults see the options in <c>manager_config_opt()</c>.</p>
       </item>
 
+      <marker id="manager_config_dir"></marker>
       <tag><c><![CDATA[manager_config_dir = dir() <mandatory>]]></c></tag>
       <item>
         <p>Defines where the SNMP manager configuration files are stored.</p>
       </item>
 
+      <marker id="manager_config_db_dir"></marker>
       <tag><c><![CDATA[manager_db_dir = dir() <mandatory>]]></c></tag>
       <item>
         <p>Defines where the SNMP manager store persistent data.</p>
       </item>
 
+      <marker id="manager_config_repair"></marker>
       <tag><c><![CDATA[manager_repair() = false | true | force <optional>]]></c></tag>
       <item>
         <p>Defines the repair option for the persistent database (if 
@@ -462,6 +520,7 @@
         <p>Default is <c>true</c>.</p>
       </item>
 
+      <marker id="manager_config_auto_save"></marker>
       <tag><c><![CDATA[manager_auto_save() = integer() | infinity <optional>]]></c></tag>
       <item>
         <p>The auto save interval. The table is flushed to disk
@@ -469,6 +528,7 @@
         <p>Default is <c>5000</c>.</p>
       </item>
 
+      <marker id="manager_irb"></marker>
       <tag><c><![CDATA[manager_irb() = auto | user | {user, integer()} <optional>]]></c></tag>
       <item>
         <p>This option defines how the manager will handle the sending of 
@@ -498,6 +558,7 @@
         <p>Default is <c>auto</c>.</p>
       </item>
 
+      <marker id="manager_mibs"></marker>
       <tag><c><![CDATA[manager_mibs() = [string()] <optional>]]></c></tag>
       <item>
         <p>Specifies a list of MIBs (including path) and defines which MIBs
@@ -505,6 +566,7 @@
         <p>Default is <c>[]</c>.</p>
       </item>
 
+      <marker id="manager_net_if"></marker>
       <tag><c><![CDATA[manager_net_if() = [manager_net_if_opt()] <optional>]]></c></tag>
       <item>
         <p><c>manager_net_if_opt() = {module, manager_net_if_module()} | 
@@ -515,6 +577,7 @@
         <p>For defaults see the options in <c>manager_net_if_opt()</c>.</p>
       </item>
 
+      <marker id="manager_ni_opts"></marker>
       <tag><c><![CDATA[manager_net_if_options() = [manager_net_if_option()] <optional>]]></c></tag>
       <item>
         <p><c>manager_net_if_option() = {bind_to, bind_to()} | 
@@ -528,6 +591,7 @@
         <p>For defaults see the options in <c>manager_net_if_option()</c>.</p>
       </item>
 
+      <marker id="manager_ni_module"></marker>
       <tag><c><![CDATA[manager_net_if_module() = atom() <optional>]]></c></tag>
       <item>
         <p>Module which handles the network interface part for the
@@ -536,6 +600,7 @@
         <p>Default is <c>snmpm_net_if</c>.</p>
       </item>
 
+      <marker id="manager_ni_filter_opts"></marker>
       <tag><c><![CDATA[manager_net_if_filter_options() = [manager_net_if_filter_option()] <optional>]]></c></tag>
       <item>
 	<p><c>manager_net_if_filter_option() = {module, manager_net_if_filter_module()}</c></p>
@@ -546,6 +611,7 @@
           <c>manager_net_if_filter_option()</c>.</p>
       </item>
 
+      <marker id="manager_ni_filter_module"></marker>
       <tag><c><![CDATA[manager_net_if_filter_module() = atom() <optional>]]></c></tag>
       <item>
 	<p>Module which handles the network interface filter part for the
@@ -554,6 +620,7 @@
 	<p>Default is <c>snmpm_net_if_filter</c>.</p>
       </item>
 
+      <marker id="manager_def_user_module"></marker>
       <tag><c><![CDATA[def_user_module() = atom() <optional>]]></c></tag>
       <item>
         <p>The module implementing the default user. See the 
@@ -561,6 +628,7 @@
         <p>Default is <c>snmpm_user_default</c>.</p>
       </item>
 
+      <marker id="manager_def_user_data"></marker>
       <tag><c><![CDATA[def_user_data() = term() <optional>]]></c></tag>
       <item>
         <p>Data for the default user. Passed to the user when calling 
@@ -569,8 +637,10 @@
       </item>
     </taglist>
 
+    <marker id="common_types"></marker>
     <p>Common config types:</p>
     <taglist>
+      <marker id="restart_type"></marker>
       <tag><c>restart_type() = permanent | transient | temporary</c></tag>
       <item>
         <p>See <seealso marker="stdlib:supervisor#child_spec">supervisor</seealso> 
@@ -579,6 +649,7 @@
           for the manager.</p>
       </item>
 
+      <marker id="db_init_error"></marker>
       <tag><c>db_init_error() = terminate | create</c></tag>
       <item>
         <p>Defines what to do if the agent is unable to open an
@@ -588,12 +659,14 @@
         <p>Default is <c>terminate</c>.</p>
       </item>
 
+      <marker id="prio"></marker>
       <tag><c><![CDATA[priority() = atom() <optional>]]></c></tag>
       <item>
         <p>Defines the Erlang priority for all SNMP processes.</p>
         <p>Default is <c>normal</c>.</p>
       </item>
 
+      <marker id="versions"></marker>
       <tag><c><![CDATA[versions() = [version()] <optional>]]></c></tag>
       <item>
         <p><c>version() = v1 | v2 | v3</c></p>
@@ -601,6 +674,7 @@
         <p>Default is <c>[v1,v2,v3]</c>.</p>
       </item>
 
+      <marker id="verbosity"></marker>
       <tag><c><![CDATA[verbosity() = silence | info | log | debug | trace <optional>]]></c></tag>
       <item>
         <p>Verbosity for a SNMP process. This specifies now much debug info
@@ -608,6 +682,7 @@
         <p>Default is <c>silence</c>.</p>
       </item>
 
+      <marker id="bind_to"></marker>
       <tag><c><![CDATA[bind_to() = bool() <optional>]]></c></tag>
       <item>
         <p>If <c>true</c>, net_if binds to the IP address.
@@ -616,6 +691,7 @@
         <p>Default is <c>false</c>.</p>
       </item>
 
+      <marker id="no_reuse"></marker>
       <tag><c><![CDATA[no_reuse() = bool() <optional>]]></c></tag>
       <item>
         <p>If <c>true</c>, net_if does not specify that the IP
@@ -624,17 +700,21 @@
         <p>Default is <c>false</c>.</p>
       </item>
 
+      <marker id="recbuf"></marker>
       <tag><c><![CDATA[recbuf() = integer() <optional>]]></c></tag>
       <item>
         <p>Receive buffer size. </p>
         <p>Default value is defined by <c>gen_udp</c>.</p>
       </item>
+
+      <marker id="sndbuf"></marker>
       <tag><c><![CDATA[sndbuf() = integer() <optional>]]></c></tag>
       <item>
         <p>Send buffer size. </p>
         <p>Default value is defined by <c>gen_udp</c>.</p>
       </item>
 
+      <marker id="note_store"></marker>
       <tag><c><![CDATA[note_store() = [note_store_opt()] <optional>]]></c></tag>
       <item>
         <p><c>note_store_opt() = {timeout, note_store_timeout()} |  {verbosity, verbosity()}</c></p>
@@ -642,6 +722,7 @@
         <p>For defaults see the options in <c>note_store_opt()</c>.</p>
       </item>
 
+      <marker id="ns_timeout"></marker>
       <tag><c><![CDATA[note_store_timeout() = integer() <optional>]]></c></tag>
       <item>
         <p>Note cleanup time. When storing a note in the note store,
@@ -649,10 +730,9 @@
           process performs a GC to remove the expired note's. Time in
           milli-seconds.</p>
         <p>Default is <c>30000</c>.</p>
-
-      <marker id="audit_trail_log"></marker>
       </item>
 
+      <marker id="audit_trail_log"></marker>
       <tag><c><![CDATA[audit_trail_log() [audit_trail_log_opt()] <optional>]]></c></tag>
       <item>
         <p><c>audit_trail_log_opt() = {type, atl_type()} | {dir, atl_dir()} |  {size, atl_size()} |  {repair, atl_repair()} | {seqno, atl_seqno()}</c></p>
@@ -663,6 +743,7 @@
         <p>If not present, audit trail logging is not used.</p>
       </item>
 
+      <marker id="atl_type"></marker>
       <tag><c><![CDATA[atl_type() = read | write | read_write <optional>]]></c></tag>
       <item>
         <p>Specifies what type of an audit trail log should be used. 
@@ -684,6 +765,7 @@
         <p>Default is <c>read_write</c>.</p>
       </item>
 
+      <marker id="atl_dir"></marker>
       <tag><c><![CDATA[atl_dir = dir() <mandatory>]]></c></tag>
       <item>
         <p>Specifies where the audit trail log should be stored.</p>
@@ -691,6 +773,7 @@
           place, this parameter <em>must</em> be defined.</p>
       </item>
 
+      <marker id="atl_size"></marker>
       <tag><c><![CDATA[atl_size() = {integer(), integer()} <mandatory>]]></c></tag>
       <item>
         <p>Specifies the size of the audit
@@ -699,6 +782,7 @@
           take place, this parameter <em>must</em> be defined.</p>
       </item>
 
+      <marker id="atl_repair"></marker>
       <tag><c><![CDATA[atl_repair() = true | false | truncate | snmp_repair <optional>]]></c></tag>
       <item>
         <p>Specifies if and how the audit trail log shall be repaired
@@ -710,6 +794,8 @@
           analysis.</p>
         <p>Default is <c>true</c>.</p>
       </item>
+
+      <marker id="atl_seqno"></marker>
       <tag><c><![CDATA[atl_seqno() = true | false <optional>]]></c></tag>
       <item>
         <p>Specifies if the audit trail log entries will be (sequence)
diff --git a/lib/snmp/doc/src/snmpa.xml b/lib/snmp/doc/src/snmpa.xml
index 27d89ea4e3..2322af28cc 100644
--- a/lib/snmp/doc/src/snmpa.xml
+++ b/lib/snmp/doc/src/snmpa.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>2004</year><year>2011</year>
+      <year>2004</year><year>2012</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -198,12 +198,18 @@ notification_delivery_info() = #snmpa_notification_delivery_info{}
       <type>
         <v>BackupDir = string()</v>
         <v>Agent = pid() | atom()</v>
+        <v>Reason = backup_in_progress | term()</v>
       </type>
       <desc>
         <p>Backup persistent/permanent data handled by the agent
           (such as local-db, mib-data and vacm). </p>
         <p>Data stored by mnesia is not handled. </p>
         <p>BackupDir cannot be identical to DbDir. </p>
+        <p>Simultaneous backup calls are <em>not</em> allowed. 
+	That is, two different processes cannot simultaneously 
+	successfully call this function. One of them will be first, 
+	and succeed. The second will fail with the error reason
+	<c>backup_in_progress</c>. </p>
 
         <marker id="info"></marker>
       </desc>
@@ -217,13 +223,13 @@ notification_delivery_info() = #snmpa_notification_delivery_info{}
       </type>
       <desc>
         <p>Returns a list (a dictionary) containing information about
-          the agent. Information includes loaded MIBs, registered
-          sub-agents, some information about the memory allocation. </p>
-        <p>As of version 4.4 the format of the info has been changed. 
-          To convert the info to the old format, call the 
-          <seealso marker="#old_info_format">old_info_format</seealso> 
-          function. </p>
-
+	the agent. Information includes loaded MIBs, registered
+	sub-agents, some information about the memory allocation. </p>
+	<p>As of version 4.4 the format of the info has been changed. 
+	To convert the info to the old format, call the 
+	<seealso marker="#old_info_format">old_info_format</seealso> 
+	function. </p>
+	
         <marker id="old_info_format"></marker>
       </desc>
     </func>
diff --git a/lib/snmp/priv/plt/.gitignore b/lib/snmp/priv/plt/.gitignore
new file mode 100644
index 0000000000..174481f561
--- /dev/null
+++ b/lib/snmp/priv/plt/.gitignore
@@ -0,0 +1,3 @@
+/*.plt
+/*.dialyzer_analysis
+
diff --git a/lib/snmp/src/agent/depend.mk b/lib/snmp/src/agent/depend.mk
index bc39e1fa35..078ef15821 100644
--- a/lib/snmp/src/agent/depend.mk
+++ b/lib/snmp/src/agent/depend.mk
@@ -52,6 +52,7 @@ $(EBIN)/snmpa_acm.$(EMULATOR): \
 
 $(EBIN)/snmpa_agent.$(EMULATOR): \
 	snmpa_agent.erl \
+	snmpa_internal.hrl \
 	../misc/snmp_debug.hrl \
 	../misc/snmp_verbosity.hrl \
 	../../include/snmp_types.hrl
@@ -136,6 +137,7 @@ $(EBIN)/snmpa_set_lib.$(EMULATOR): \
 
 $(EBIN)/snmpa_supervisor.$(EMULATOR): \
 	snmpa_supervisor.erl \
+	snmpa_internal.hrl \
 	../misc/snmp_debug.hrl \
 	../misc/snmp_verbosity.hrl
 
diff --git a/lib/snmp/src/agent/snmp_generic_mnesia.erl b/lib/snmp/src/agent/snmp_generic_mnesia.erl
index a73aad5b33..ce42af404b 100644
--- a/lib/snmp/src/agent/snmp_generic_mnesia.erl
+++ b/lib/snmp/src/agent/snmp_generic_mnesia.erl
@@ -121,7 +121,7 @@ table_func(set, RowIndex, Cols, Name) ->
 	   fun() ->
 		   snmp_generic:table_set_row(
 		     {Name, mnesia}, nofunc,
-		     {snmp_generic_mnesia, table_try_make_consistent},
+		     fun table_try_make_consistent/2,
 		     RowIndex, Cols)
 	   end) of
 	{atomic, Value} ->
@@ -368,7 +368,8 @@ table_set_elements(Name, RowIndex, Cols) ->
 	_ -> false
     end.
 table_set_elements(Name, RowIndex, Cols, ConsFunc) ->
-    #table_info{index_types = Indexes, first_own_index = FirstOwnIndex} =
+    #table_info{index_types     = Indexes, 
+		first_own_index = FirstOwnIndex} = 
 	snmp_generic:table_info(Name),
     AddCol = if
 		 FirstOwnIndex == 0 -> 2;
diff --git a/lib/snmp/src/agent/snmp_target_mib.erl b/lib/snmp/src/agent/snmp_target_mib.erl
index 60bd3e0912..a45db89c09 100644
--- a/lib/snmp/src/agent/snmp_target_mib.erl
+++ b/lib/snmp/src/agent/snmp_target_mib.erl
@@ -46,8 +46,14 @@
 %% Column not accessible via SNMP - needed when the agent sends informs
 -define(snmpTargetAddrEngineId, 10).
 %% Extra comlumns for the augmented table snmpTargetAddrExtTable
--define(snmpTargetAddrTMask, 11).
--define(snmpTargetAddrMMS, 12).
+-define(snmpTargetAddrTMask,    11).
+-define(snmpTargetAddrMMS,      12).
+
+-ifdef(snmp_extended_verbosity).
+-define(vt(F,A), ?vtrace(F, A)).
+-else.
+-define(vt(_F, _A), ok).
+-endif.
 
 
 %%-----------------------------------------------------------------
@@ -459,10 +465,16 @@ get_target_addrs() ->
 
 
 get_target_addrs(Key, {Tab, _} = TabDb, Acc) ->
+    ?vt("get_target_addrs -> entry with"
+	"~n   Key: ~p", [Key]),
     case table_next(Tab, Key) of
 	endOfTable -> 
+	    ?vt("get_target_addrs -> endOfTable when"
+		"~n   Acc: ~p", [Acc]),
 	    Acc;
 	NextKey ->
+	    ?vt("get_target_addrs -> next ok: "
+		"~n   NextKey: ~p", [NextKey]),
 	    case get_target_addr(TabDb, NextKey) of
 		{ok, Targ} ->
 		    get_target_addrs(NextKey, TabDb, [Targ| Acc]);
diff --git a/lib/snmp/src/agent/snmp_view_based_acm_mib.erl b/lib/snmp/src/agent/snmp_view_based_acm_mib.erl
index 37f6dd3f26..2cee91b081 100644
--- a/lib/snmp/src/agent/snmp_view_based_acm_mib.erl
+++ b/lib/snmp/src/agent/snmp_view_based_acm_mib.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2012. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -203,18 +203,16 @@ init_sec2group_table([Row | T]) ->
     init_sec2group_table(T);
 init_sec2group_table([]) -> true.
 
-init_access_table([{GN, Prefix, Model, Level, Row} | T]) ->
-%%     ?vtrace("init access table: "
-%%  	    "~n   GN:     ~p"
-%%  	    "~n   Prefix: ~p"
-%%  	    "~n   Model:  ~p"
-%%  	    "~n   Level:  ~p"
-%%  	    "~n   Row:    ~p",[GN, Prefix, Model, Level, Row]),    
-    Key = [length(GN) | GN] ++ [length(Prefix) | Prefix] ++ [Model, Level],
-    snmpa_vacm:insert([{Key, Row}], false),
-    init_access_table(T);
-init_access_table([]) ->
-    snmpa_vacm:dump_table().
+make_access_key(GN, Prefix, Model, Level) ->
+    [length(GN) | GN] ++ [length(Prefix) | Prefix] ++ [Model, Level].
+
+make_access_entry({GN, Prefix, Model, Level, Row}) ->
+    Key = make_access_key(GN, Prefix, Model, Level),
+    {Key, Row}.
+       
+init_access_table(TableData) ->
+    TableData2 = [make_access_entry(E) || E <- TableData],
+    snmpa_vacm:insert(TableData2, true).
 
 init_view_table([Row | T]) ->
 %%     ?vtrace("init view table: "
@@ -276,10 +274,7 @@ add_access(GroupName, Prefix, SecModel, SecLevel, Match, RV, WV, NV) ->
 	      Match, RV, WV, NV},
     case (catch check_vacm(Access)) of
 	{ok, {vacmAccess, {GN, Pref, SM, SL, Row}}} ->
-	    Key1 = [length(GN) | GN],
-	    Key2 = [length(Pref) | Pref],
-	    Key3 = [SM, SL],
-	    Key  = Key1 ++ Key2 ++ Key3, 
+	    Key = make_access_key(GN, Pref, SM, SL),
 	    snmpa_vacm:insert([{Key, Row}], false),
             snmpa_agent:invalidate_ca_cache(),
 	    {ok, Key};
diff --git a/lib/snmp/src/agent/snmpa.erl b/lib/snmp/src/agent/snmpa.erl
index 50b169e4e7..c400aaddf7 100644
--- a/lib/snmp/src/agent/snmpa.erl
+++ b/lib/snmp/src/agent/snmpa.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -547,7 +547,7 @@ update_mibs_cache_age(Agent, Age) ->
 
 
 update_mibs_cache_gclimit(GcLimit) ->
-    update_mibs_cache_age(snmp_master_agent, GcLimit).
+    update_mibs_cache_gclimit(snmp_master_agent, GcLimit).
 
 update_mibs_cache_gclimit(Agent, GcLimit) ->
     snmpa_agent:update_mibs_cache_gclimit(Agent, GcLimit).
diff --git a/lib/snmp/src/agent/snmpa_agent.erl b/lib/snmp/src/agent/snmpa_agent.erl
index 6322f0f21d..9cc986cf47 100644
--- a/lib/snmp/src/agent/snmpa_agent.erl
+++ b/lib/snmp/src/agent/snmpa_agent.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -68,8 +68,11 @@
 %% Internal exports
 -export([init/1, handle_call/3, handle_cast/2, handle_info/2,
 	 terminate/2, code_change/3, tr_var/2, tr_varbind/1,
-	 handle_pdu/7, worker/2, worker_loop/1, 
+	 handle_pdu/8, worker/2, worker_loop/1, 
 	 do_send_trap/7, do_send_trap/8]).
+%% <BACKWARD-COMPAT>
+-export([handle_pdu/7]).
+%% </BACKWARD-COMPAT>
 
 -include("snmpa_internal.hrl").
 
@@ -87,7 +90,6 @@
 
 -define(DISCO_TERMINATING_TRIGGER_USERNAME, "").
 
-
 -ifdef(snmp_debug).
 -define(GS_START_LINK3(Prio, Parent, Ref, Opts),
         gen_server:start_link(?MODULE, [Prio, Parent, Ref, Opts],
@@ -103,13 +105,49 @@
         gen_server:start_link({local, Name}, ?MODULE, 
 			      [Prio, Parent, Ref, Opts],[])).
 -endif.
- 
+
+%% Increment this whenever a change is made to the worker interface 
+-define(WORKER_INTERFACE_VERSION, 1).
+
+%% -- Utility macros for creating worker commands --
+-define(mk_pdu_wreq(Vsn, Pdu, PduMS, ACMData, Address, GbMaxVBs, Extra),
+	#wrequest{cmd  = handle_pdu, 
+		  info = [{vsn,        Vsn}, 
+			  {pdu,        Pdu}, 
+			  {pdu_ms,     PduMS}, 
+			  {acm_data,   ACMData}, 
+			  {addr,       Address}, 
+			  {gb_max_vbs, GbMaxVBs}, 
+			  {extra,      Extra}]}).
+-define(mk_send_trap_wreq(TrapRec, NotifyName, ContextName, 
+			  Recv, Vbs, LocalEngineID, Extra),
+	#wrequest{cmd  = send_trap, 
+		  info = [{trap_rec,        TrapRec}, 
+			  {notify_name,     NotifyName}, 
+			  {context_name,    ContextName}, 
+			  {receiver,        Recv}, 
+			  {varbinds,        Vbs}, 
+			  {local_engine_id, LocalEngineID},
+			  {extra,           Extra}]}).
+-define(mk_terminate_wreq(), #wrequest{cmd = terminate, info = []}).
+-define(mk_verbosity_wreq(V), #wrequest{cmd  = verbosity, 
+					info = [{verbosity, V}]}).
+
 
 -record(notification_filter, {id, mod, data}).
 -record(disco, 
 	{from, rec, sender, target, engine_id, 
 	 sec_level, ctx, ivbs, stage, handler, extra}).
 
+%% This record is used when sending requests to the worker processes
+-record(wrequest, 
+	{
+	  version = ?WORKER_INTERFACE_VERSION, 
+	  cmd, 
+	  info
+	 }
+       ).
+
 
 %%-----------------------------------------------------------------
 %% The agent is multi-threaded, i.e. each request is handled
@@ -142,7 +180,8 @@
 		net_if_mod,   
 		backup,
 		disco,
-		mibs_cache_request}).
+		mibs_cache_request,
+		gb_max_vbs}).
 
 
 %%%-----------------------------------------------------------------
@@ -330,6 +369,8 @@ do_init(Prio, Parent, Ref, Options) ->
     MultiT  = get_multi_threaded(Options),
     Vsns    = get_versions(Options),
 
+    GbMaxVbs = get_gb_max_vbs(Options), 
+
     NS = start_note_store(Prio, Ref, Options),
     {Type, NetIfPid, NetIfMod} = 
 	start_net_if(Parent, Prio, Ref, Vsns, NS, Options),
@@ -348,7 +389,8 @@ do_init(Prio, Parent, Ref, Options) ->
 		ref            = Ref,
 		vsns           = Vsns,
 		note_store     = NS,
-		net_if_mod     = NetIfMod}}.
+		net_if_mod     = NetIfMod,
+		gb_max_vbs     = GbMaxVbs}}.
 
 
 start_note_store(Prio, Ref, Options) ->
@@ -410,7 +452,8 @@ start_net_if(Parent, _Prio, _Ref, _Vsns, _NoteStore, _Options)
 start_mib_server(Prio, Ref, Mibs, Options) ->
     ?vdebug("start_mib_server -> with Prio: ~p", [Prio]),
     MibStorage = get_mib_storage(Options),
-    MibsOpts = [{mib_storage, MibStorage}|get_option(mib_server, Options, [])],
+    MibsOpts   = [{mib_storage, MibStorage} | 
+		  get_option(mib_server, Options, [])],
 
     ?vtrace("start_mib_server -> "
 	    "~n   Mibs:     ~p"
@@ -558,25 +601,6 @@ send_trap(Agent, Trap, NotifyName, CtxName, Recv, Varbinds) ->
 	       ],
     send_notification(Agent, Trap, SendOpts).
     
-%% send_trap(Agent, Trap, NotifyName, CtxName, Recv, Varbinds) ->
-%%     ?d("send_trap -> entry with"
-%%        "~n   self():        ~p"
-%%        "~n   Agent:         ~p [~p]"
-%%        "~n   Trap:          ~p"
-%%        "~n   NotifyName:    ~p"
-%%        "~n   CtxName:       ~p"
-%%        "~n   Recv:          ~p"
-%%        "~n   Varbinds:      ~p", 
-%%        [self(), Agent, wis(Agent), 
-%% 	Trap, NotifyName, CtxName, Recv, Varbinds]),
-%%     Msg = {send_trap, Trap, NotifyName, CtxName, Recv, Varbinds}, 
-%%     case (wis(Agent) =:= self()) of
-%% 	false ->
-%% 	    call(Agent, Msg);
-%% 	true ->
-%% 	    Agent ! Msg
-%%     end.
-
 send_trap(Agent, Trap, NotifyName, CtxName, Recv, Varbinds, LocalEngineID) ->
     ?d("send_trap -> entry with"
        "~n   self():        ~p"
@@ -599,27 +623,6 @@ send_trap(Agent, Trap, NotifyName, CtxName, Recv, Varbinds, LocalEngineID) ->
 	       ],
     send_notification(Agent, Trap, SendOpts).
     
-%% send_trap(Agent, Trap, NotifyName, CtxName, Recv, Varbinds, LocalEngineID) ->
-%%     ?d("send_trap -> entry with"
-%%        "~n   self():        ~p"
-%%        "~n   Agent:         ~p [~p]"
-%%        "~n   Trap:          ~p"
-%%        "~n   NotifyName:    ~p"
-%%        "~n   CtxName:       ~p"
-%%        "~n   Recv:          ~p"
-%%        "~n   Varbinds:      ~p" 
-%%        "~n   LocalEngineID: ~p", 
-%%        [self(), Agent, wis(Agent), 
-%% 	Trap, NotifyName, CtxName, Recv, Varbinds, LocalEngineID]),
-%%     Msg = 
-%% 	{send_trap, Trap, NotifyName, CtxName, Recv, Varbinds, LocalEngineID}, 
-%%     case (wis(Agent) =:= self()) of
-%% 	false ->
-%% 	    call(Agent, Msg);
-%% 	true ->
-%% 	    Agent ! Msg
-%%     end.
-
 %% </BACKWARD-COMPAT>
 
 
@@ -709,11 +712,6 @@ wis(Atom) when is_atom(Atom) ->
     whereis(Atom).
 
 
-forward_trap(Agent, TrapRecord, NotifyName, CtxName, Recv, Varbinds) ->
-    ExtraInfo = ?DEFAULT_NOTIF_EXTRA_INFO, 
-    forward_trap(Agent, TrapRecord, NotifyName, CtxName, Recv, Varbinds, 
-		 ExtraInfo).
-
 forward_trap(Agent, TrapRecord, NotifyName, CtxName, Recv, Varbinds, 
 	     ExtraInfo) ->
     Agent ! {forward_trap, TrapRecord, NotifyName, CtxName, Recv, Varbinds, 
@@ -796,7 +794,8 @@ handle_info({snmp_pdu, Vsn, Pdu, PduMS, ACMData, Address, Extra}, S) ->
     ?vdebug("handle_info(snmp_pdu) -> entry with"
 	    "~n   Vsn:     ~p"
 	    "~n   Pdu:     ~p"
-	    "~n   Address: ~p", [Vsn, Pdu, Address]),
+	    "~n   Address: ~p"
+	    "~n   Extra:   ~p", [Vsn, Pdu, Address, Extra]),
     
     NewS = handle_snmp_pdu(is_valid_pdu_type(Pdu#pdu.type),
 			   Vsn, Pdu, PduMS, ACMData, Address, Extra, S),
@@ -808,11 +807,11 @@ handle_info(worker_available, S) ->
     {noreply, S#state{worker_state = ready}};
 
 handle_info({send_notif, Notification, SendOpts}, S) ->
-    ?vlog("[handle_info] send trap request:"
+    ?vlog("[handle_info] send notif request:"
 	  "~n   Notification:  ~p"
 	  "~n   SendOpts:      ~p", 
 	  [Notification, SendOpts]),
-    case (catch handle_send_trap(cast, S, Notification, SendOpts)) of
+    case (catch handle_send_trap(S, Notification, SendOpts)) of
 	{ok, NewS} ->
 	    {noreply, NewS};
 	{'EXIT', R} ->
@@ -832,7 +831,7 @@ handle_info({send_trap, Trap, NotifyName, ContextName, Recv, Varbinds}, S) ->
 	  "~n   Varbinds:      ~p", 
 	  [Trap, NotifyName, ContextName, Recv, Varbinds]),
     ExtraInfo     = ?DEFAULT_NOTIF_EXTRA_INFO, 
-    LocalEngineID = ?DEFAULT_LOCAL_ENGINE_ID, 
+    LocalEngineID = local_engine_id(S),
     case (catch handle_send_trap(S, Trap, NotifyName, ContextName,
 				 Recv, Varbinds, LocalEngineID, ExtraInfo)) of
 	{ok, NewS} ->
@@ -979,6 +978,7 @@ handle_info({'EXIT', Pid, Reason}, S) ->
 	    end,
 	    {noreply, S}
     end;
+
 handle_info({'DOWN', Ref, process, Pid, {mibs_cache_reply, Reply}}, 
 	    #state{mibs_cache_request = {Pid, Ref, From}} = S) ->
     ?vlog("reply from the mibs cache request handler (~p): ~n~p", 
@@ -1014,11 +1014,11 @@ handle_call(restart_set_worker, _From, #state{set_worker = Pid} = S) ->
     {reply, ok, S};
 
 handle_call({send_notif, Notification, SendOpts}, _From, S) ->
-    ?vlog("[handle_info] send trap request:"
+    ?vlog("[handle_call] send notif request:"
 	  "~n   Notification:  ~p"
 	  "~n   SendOpts:      ~p", 
 	  [Notification, SendOpts]),
-    case (catch handle_send_trap(call, S, Notification, SendOpts)) of
+    case (catch handle_send_trap(S, Notification, SendOpts)) of
 	{ok, NewS} ->
 	    {reply, ok, NewS};
 	{'EXIT', Reason} ->
@@ -1039,18 +1039,8 @@ handle_call({send_trap, Trap, NotifyName, ContextName, Recv, Varbinds},
 	  "~n   Recv:          ~p" 
 	  "~n   Varbinds:      ~p", 
 	  [Trap, NotifyName, ContextName, Recv, Varbinds]),
-    ExtraInfo = ?DEFAULT_NOTIF_EXTRA_INFO, 
-    LocalEngineID = 
-	case S#state.type of
-	    master_agent ->
-		?DEFAULT_LOCAL_ENGINE_ID;
-	    _ -> 
-		%% subagent - 
-		%% we don't need this now, eventually the trap send 
-		%% request will reach the master-agent and then it 
-		%% will look up the proper engine id.
-		ignore
-	end,
+    ExtraInfo     = ?DEFAULT_NOTIF_EXTRA_INFO, 
+    LocalEngineID = local_engine_id(S),
     case (catch handle_send_trap(S, Trap, NotifyName, ContextName,
 				 Recv, Varbinds, LocalEngineID, ExtraInfo)) of
 	{ok, NewS} ->
@@ -1130,7 +1120,7 @@ handle_call({subagent_get_next, MibView, Varbinds, PduData}, _From, S) ->
 	  "~n   PduData:  ~p", 
 	  [MibView,Varbinds,PduData]),
     put_pdu_data(PduData),
-    {reply, do_get_next(MibView, Varbinds), S};
+    {reply, do_get_next(MibView, Varbinds, infinity), S};
 handle_call({subagent_set, Arguments, PduData}, _From, S) ->
     ?vlog("[handle_call] subagent set:"
 	  "~n   Arguments: ~p"
@@ -1171,7 +1161,7 @@ handle_call({get_next, Vars, Context}, _From, S) ->
             ?vdebug("Varbinds: ~p",[Varbinds]),
             MibView = snmpa_acm:get_root_mib_view(),
             Reply =
-                case do_get_next(MibView, Varbinds) of
+                case do_get_next(MibView, Varbinds, infinity) of
                     {noError, 0, NewVarbinds} ->
                         Vbs = lists:keysort(#varbind.org_index, NewVarbinds),
 			[{Oid,Val} || #varbind{oid = Oid, value = Val} <- Vbs];
@@ -1272,7 +1262,8 @@ handle_call(info, _From, S) ->
 handle_call(get_net_if, _From, S) ->
     {reply, get(net_if), S};
 
-handle_call({backup, BackupDir}, From, S) ->
+%% Only accept a backup request if there is none already in progress
+handle_call({backup, BackupDir}, From, #state{backup = undefined} = S) ->
     ?vlog("backup: ~p", [BackupDir]),
     Pid = self(),
     V   = get(verbosity),
@@ -1289,7 +1280,11 @@ handle_call({backup, BackupDir}, From, S) ->
 	  end),
     ?vtrace("backup server: ~p", [BackupServer]),
     {noreply, S#state{backup = {BackupServer, From}}};
-    
+
+handle_call({backup, _BackupDir}, From, #state{backup = Backup} = S) ->
+    ?vinfo("backup already in progress: ~p", [Backup]),
+    {reply, {error, backup_in_progress}, S};
+
 handle_call(dump_mibs, _From, S) ->
     Reply = snmpa_mib:dump(get(mibserver)),
     {reply, Reply, S};
@@ -1338,27 +1333,27 @@ handle_call({me_of, Oid}, _From, S) ->
     {reply, Reply, S};
 
 handle_call(get_log_type, _From, S) ->
-    ?vlog("get_log_type", []),
+    ?vlog("handle_call(get_log_type) -> entry with", []),
     Reply = handle_get_log_type(S), 
     {reply, Reply, S};
     
 handle_call({set_log_type, NewType}, _From, S) ->
-    ?vlog("set_log_type -> "
+    ?vlog("handle_call(set_log_type) -> entry with"
 	  "~n   NewType: ~p", [NewType]),
     Reply = handle_set_log_type(S, NewType), 
     {reply, Reply, S};
     
 handle_call(get_request_limit, _From, S) ->
-    ?vlog("get_request_limit", []),
+    ?vlog("handle_call(get_request_limit) -> entry with", []),
     Reply = handle_get_request_limit(S), 
     {reply, Reply, S};
     
 handle_call({set_request_limit, NewLimit}, _From, S) ->
-    ?vlog("set_request_limit -> "
+    ?vlog("handle_call(set_request_limit) -> entry with"
 	  "~n   NewLimit: ~p", [NewLimit]),
     Reply = handle_set_request_limit(S, NewLimit), 
     {reply, Reply, S};
-    
+
 handle_call(stop, _From, S) ->
     {stop, normal, ok, S};
 
@@ -1367,15 +1362,15 @@ handle_call(Req, _From, S) ->
     Reply = {error, {unknown, Req}}, 
     {reply, Reply, S}.
     
-handle_cast({verbosity,Verbosity}, S) ->
-    ?vlog("verbosity: ~p -> ~p",[get(verbosity),Verbosity]),
+handle_cast({verbosity, Verbosity}, S) ->
+    ?vlog("verbosity: ~p -> ~p",[get(verbosity), Verbosity]),
     put(verbosity,snmp_verbosity:validate(Verbosity)),
     case S#state.worker of
-	Pid when is_pid(Pid) -> Pid ! {verbosity,Verbosity};
+	Pid when is_pid(Pid) -> Pid ! ?mk_verbosity_wreq(Verbosity);
 	_ -> ok
     end,
     case S#state.set_worker of
-	Pid2 when is_pid(Pid2) -> Pid2 ! {verbosity,Verbosity};
+	Pid2 when is_pid(Pid2) -> Pid2 ! ?mk_verbosity_wreq(Verbosity);
 	_ -> ok
     end,
     {noreply, S};
@@ -1462,13 +1457,80 @@ handle_mibs_cache_request(MibServer, Req) ->
 
 %% Downgrade
 %%
-%% code_change({down, _Vsn}, S, downgrade_to_pre_4_13) ->
-%%     {ok, S2};
+code_change({down, _Vsn}, S1, downgrade_to_pre_4_17_3) ->
+    #state{type               = Type, 
+	   parent             = Parent, 
+	   worker             = Worker, 
+	   worker_state       = WorkerState,
+	   set_worker         = SetWorker, 
+	   multi_threaded     = MT, 
+	   ref                = Ref, 
+	   vsns               = Vsns,
+	   nfilters           = NF,
+	   note_store         = NoteStore,
+	   mib_server         = MS, 
+	   net_if             = NetIf, 
+	   net_if_mod         = NetIfMod, 
+	   backup             = Backup,
+	   disco              = Disco,
+	   mibs_cache_request = MCR} = S1, 
+    S2 = {state, 
+	  type               = Type, 
+	  parent             = Parent, 
+	  worker             = Worker, 
+	  worker_state       = WorkerState,
+	  set_worker         = SetWorker, 
+	  multi_threaded     = MT, 
+	  ref                = Ref, 
+	  vsns               = Vsns,
+	  nfilters           = NF,
+	  note_store         = NoteStore,
+	  mib_server         = MS, 
+	  net_if             = NetIf, 
+	  net_if_mod         = NetIfMod, 
+	  backup             = Backup,
+	  disco              = Disco,
+	  mibs_cache_request = MCR}, 
+    {ok, S2};
 
 %% Upgrade
 %%
-%% code_change(_Vsn, S, upgrade_from_pre_4_13) ->
-%%     {ok, S2};
+code_change(_Vsn, S1, upgrade_from_pre_4_17_3) ->
+    {state, 
+     type               = Type, 
+     parent             = Parent, 
+     worker             = Worker, 
+     worker_state       = WorkerState,
+     set_worker         = SetWorker, 
+     multi_threaded     = MT, 
+     ref                = Ref, 
+     vsns               = Vsns,
+     nfilters           = NF,
+     note_store         = NoteStore,
+     mib_server         = MS, 
+     net_if             = NetIf, 
+     net_if_mod         = NetIfMod, 
+     backup             = Backup,
+     disco              = Disco,
+     mibs_cache_request = MCR} = S1,
+    S2 = #state{type               = Type, 
+		parent             = Parent, 
+		worker             = Worker, 
+		worker_state       = WorkerState,
+		set_worker         = SetWorker, 
+		multi_threaded     = MT, 
+		ref                = Ref, 
+		vsns               = Vsns,
+		nfilters           = NF,
+		note_store         = NoteStore,
+		mib_server         = MS, 
+		net_if             = NetIf, 
+		net_if_mod         = NetIfMod, 
+		backup             = Backup,
+		disco              = Disco,
+		mibs_cache_request = MCR,
+		gb_max_vbs         = ?DEFAULT_GB_MAX_VBS}, 
+    {ok, S2};
 
 code_change(_Vsn, S, _Extra) ->
     {ok, S}.
@@ -1508,7 +1570,7 @@ worker_start(Dict) ->
 %%     worker_stop(Pid, infinity).
 
 worker_stop(Pid, Timeout) when is_pid(Pid) ->
-    Pid ! terminate, 
+    Pid ! ?mk_terminate_wreq(), 
     receive 
 	{'EXIT', Pid, normal} ->
 	    ok
@@ -1595,7 +1657,7 @@ handle_backup_res([{Who, Crap}|Results], Acc) ->
 %% because we (for some reason) support the function
 %% snmpa:current_community().
 %%-----------------------------------------------------------------
-cheat({community, SecModel, Community, _TAddress}, Address, ContextName) ->
+cheat({community, _SecModel, Community, _TAddress}, Address, ContextName) ->
     {Community, Address, ContextName};
 cheat({community, _SecModel, Community, _TDomain, _TAddress}, 
       Address, ContextName) ->
@@ -1645,9 +1707,11 @@ invalidate_ca_cache() ->
 %% 
 %%-----------------------------------------------------------------
 
-spawn_thread(Vsn, Pdu, PduMS, ACMData, Address, Extra) ->
+%% This functions spawns a temporary worker process, 
+%% that evaluates one request and then silently exits. 
+spawn_thread(Vsn, Pdu, PduMS, ACMData, Address, GbMaxVBs, Extra) ->
     Dict = get(),
-    Args = [Vsn, Pdu, PduMS, ACMData, Address, Extra, Dict], 
+    Args = [Vsn, Pdu, PduMS, ACMData, Address, GbMaxVBs, Extra, Dict], 
     proc_lib:spawn_link(?MODULE, handle_pdu, Args).
 
 spawn_trap_thread(TrapRec, NotifyName, ContextName, Recv, Vbs, 
@@ -1665,7 +1729,7 @@ do_send_trap(TrapRec, NotifyName, ContextName, Recv, Vbs,
 do_send_trap(TrapRec, NotifyName, ContextName, Recv, Vbs, 
 	     LocalEngineID, ExtraInfo, Dict) ->
     lists:foreach(fun({Key, Val}) -> put(Key, Val) end, Dict),
-    put(sname,trap_sender_short_name(get(sname))),
+    put(sname, trap_sender_short_name(get(sname))),
     ?vlog("starting",[]),
     snmpa_trap:send_trap(TrapRec, NotifyName, ContextName, Recv, Vbs, 
 			 LocalEngineID, ExtraInfo, get(net_if)).
@@ -1677,58 +1741,122 @@ worker(Master, Dict) ->
     worker_loop(Master).
 
 worker_loop(Master) ->
-    receive
-	{Vsn, Pdu, PduMS, ACMData, Address, Extra} ->
-	    ?vtrace("worker_loop -> received request", []),
-	    handle_pdu(Vsn, Pdu, PduMS, ACMData, Address, Extra),
-	    Master ! worker_available;
-
-	%% We don't trap EXITs!
-	{TrapRec, NotifyName, ContextName, Recv, Vbs} -> 
-	    ?vtrace("worker_loop -> send trap:"
-		    "~n   ~p", [TrapRec]),
-	    snmpa_trap:send_trap(TrapRec, NotifyName, 
-				 ContextName, Recv, Vbs, 
-				 ?DEFAULT_NOTIF_EXTRA_INFO, 
-				 get(net_if)),
-	    Master ! worker_available;
-
-	%% We don't trap EXITs!
-	{send_trap, 
-	 TrapRec, NotifyName, ContextName, Recv, Vbs, LocalEngineID} -> 
-	    ?vtrace("worker_loop -> send trap:"
-		    "~n   ~p", [TrapRec]),
-	    snmpa_trap:send_trap(TrapRec, NotifyName, 
-				 ContextName, Recv, Vbs, 
-				 LocalEngineID, ?DEFAULT_NOTIF_EXTRA_INFO, 
-				 get(net_if)),
-	    Master ! worker_available;
-
-	{send_trap, 
-	 TrapRec, NotifyName, ContextName, Recv, Vbs, LocalEngineID, ExtraInfo} -> 
-	    ?vtrace("worker_loop -> send trap:"
-		    "~n   ~p", [TrapRec]),
-	    snmpa_trap:send_trap(TrapRec, NotifyName, 
-				 ContextName, Recv, Vbs, 
-				 LocalEngineID, ExtraInfo, 
-				 get(net_if)),
-	    Master ! worker_available;
-
-	{verbosity, Verbosity} ->
-	    put(verbosity,snmp_verbosity:validate(Verbosity));
-
-	terminate ->
-	    exit(normal);
-
-	_X ->
-	    %% ignore
-	    ok
-
-    after 30000 ->
-	    %% This is to assure that the worker process leaves a
-	    %% possibly old version of this module.
-	    ok
-    end,
+    Res = 
+	receive
+	    #wrequest{cmd  = handle_pdu, 
+		      info = Info} = Req ->
+		?vtrace("worker_loop -> received handle_pdu request with"
+			"~n   Info: ~p", [Info]),
+		Vsn      = proplists:get_value(vsn,        Info),
+		Pdu      = proplists:get_value(pdu,        Info),
+		PduMS    = proplists:get_value(pdu_ms,     Info),
+		ACMData  = proplists:get_value(acm_data,   Info),
+		Address  = proplists:get_value(addr,       Info),
+		GbMaxVBs = proplists:get_value(gb_max_vbs, Info),
+		Extra    = proplists:get_value(extra,      Info),
+		HandlePduRes = 
+		    try 
+			begin
+			    handle_pdu2(Vsn, Pdu, PduMS, ACMData, Address, 
+					GbMaxVBs, Extra)
+			end
+		    catch 
+			T:E ->
+			    exit({worker_crash, Req, T, E, 
+				  erlang:get_stacktrace()})
+		    end,
+		Master ! worker_available,
+		HandlePduRes; % For debugging...
+	    
+	    
+	    #wrequest{cmd  = send_trap, 
+		      info = Info} = Req ->
+		?vtrace("worker_loop -> received send_trap request with"
+			"~n   Info: ~p", [Info]),
+		TrapRec       = proplists:get_value(trap_rec,        Info),
+		NotifyName    = proplists:get_value(notify_name,     Info),
+		ContextName   = proplists:get_value(context_name,    Info),
+		Recv          = proplists:get_value(receiver,        Info),
+		Vbs           = proplists:get_value(varbinds,        Info),
+		LocalEngineID = proplists:get_value(local_engine_id, Info),
+		Extra         = proplists:get_value(extra,           Info),
+		SendTrapRes = 
+		    try
+			begin
+			    snmpa_trap:send_trap(TrapRec, NotifyName, 
+						 ContextName, Recv, Vbs, 
+						 LocalEngineID, Extra, 
+						 get(net_if))
+			end
+		    catch 
+			T:E ->
+			    exit({worker_crash, Req, T, E, 
+				  erlang:get_stacktrace()})
+		    end,
+		Master ! worker_available, 
+		SendTrapRes; % For debugging...
+	    
+	    
+	    #wrequest{cmd  = verbosity, 
+		      info = Info} ->
+		Verbosity = proplists:get_value(verbosity, Info),
+		put(verbosity, snmp_verbosity:validate(Verbosity));
+	    
+	    
+	    #wrequest{cmd  = terminate} ->
+		?vtrace("worker_loop -> received terminate request", []),
+		exit(normal);
+	    
+	    
+	    %% *************************************************************
+	    %% 
+	    %%         Kept for backward compatibillity reasons
+	    %% 
+	    %% *************************************************************
+	    
+	    {Vsn, Pdu, PduMS, ACMData, Address, Extra} ->
+		?vtrace("worker_loop -> received request", []),
+		handle_pdu2(Vsn, Pdu, PduMS, ACMData, Address, 
+			    ?DEFAULT_GB_MAX_VBS, Extra),
+		Master ! worker_available;
+	    
+	    %% We don't trap exits!
+	    {TrapRec, NotifyName, ContextName, Recv, Vbs} -> 
+		?vtrace("worker_loop -> send trap:"
+			"~n   ~p", [TrapRec]),
+		snmpa_trap:send_trap(TrapRec, NotifyName, 
+				     ContextName, Recv, Vbs, get(net_if)),
+		Master ! worker_available;
+	    
+	    %% We don't trap exits!
+	    {send_trap, 
+	     TrapRec, NotifyName, ContextName, Recv, Vbs, LocalEngineID,
+	     ExtraInfo} -> 
+		?vtrace("worker_loop -> send trap:"
+			"~n   ~p", [TrapRec]),
+		snmpa_trap:send_trap(TrapRec, NotifyName, 
+				     ContextName, Recv, Vbs, 
+				     LocalEngineID, ExtraInfo, 
+				     get(net_if)),
+		Master ! worker_available;
+	    
+	    {verbosity, Verbosity} ->
+		put(verbosity, snmp_verbosity:validate(Verbosity));
+	    
+	    terminate ->
+		exit(normal);
+	    
+	    _X ->
+		%% ignore
+		ignore_unknown
+	
+	after 30000 ->
+		%% This is to assure that the worker process leaves a
+		%% possibly old version of this module.
+		ok
+	end,
+    ?vtrace("worker_loop -> wrap with"
+	    "~n   ~p", [Res]),
     ?MODULE:worker_loop(Master).
 
 
@@ -1736,42 +1864,52 @@ worker_loop(Master) ->
 %%-----------------------------------------------------------------
 
 handle_snmp_pdu(true, Vsn, Pdu, PduMS, ACMData, Address, Extra, 
-		#state{multi_threaded = false} = S) ->
+		#state{multi_threaded = false, 
+		       gb_max_vbs     = GbMaxVBs} = S) ->
     ?vtrace("handle_snmp_pdu -> single-thread agent",[]),
-    handle_pdu(Vsn, Pdu, PduMS, ACMData, Address, Extra),
+    handle_pdu2(Vsn, Pdu, PduMS, ACMData, Address, GbMaxVBs, Extra),
     S;
 handle_snmp_pdu(true, Vsn, #pdu{type = 'set-request'} = Pdu, PduMS, 
 		ACMData, Address, Extra, 
 		#state{set_worker = Worker} = S) ->
     ?vtrace("handle_snmp_pdu -> multi-thread agent: "
 	    "send set-request to main worker",[]),
-    Worker ! {Vsn, Pdu, PduMS, ACMData, Address, Extra}, 
+    WRequest = ?mk_pdu_wreq(Vsn, Pdu, PduMS, ACMData, Address, infinity, Extra),
+    Worker ! WRequest, 
     S#state{worker_state = busy};
 handle_snmp_pdu(true, Vsn, Pdu, PduMS, 
 		ACMData, Address, Extra, 
-		#state{worker_state = busy} = S) ->
+		#state{worker_state = busy, 
+		       gb_max_vbs   = GbMaxVBs} = S) ->
     ?vtrace("handle_snmp_pdu -> multi-thread agent: "
 	    "main worker busy - create new worker",[]),
-    spawn_thread(Vsn, Pdu, PduMS, ACMData, Address, Extra),
+    spawn_thread(Vsn, Pdu, PduMS, ACMData, Address, GbMaxVBs, Extra),
     S;
 handle_snmp_pdu(true, Vsn, Pdu, PduMS, ACMData, Address, Extra, 
-		#state{worker = Worker} = S) ->
+		#state{worker     = Worker, 
+		       gb_max_vbs = GbMaxVBs} = S) ->
     ?vtrace("handle_snmp_pdu -> multi-thread agent: "
 	    "send to main worker",[]),
-    Worker ! {Vsn, Pdu, PduMS, ACMData, Address, Extra}, 
+    WRequest = ?mk_pdu_wreq(Vsn, Pdu, PduMS, ACMData, Address, GbMaxVBs, Extra),
+    Worker ! WRequest, 
     S#state{worker_state = busy};
 handle_snmp_pdu(_, _Vsn, _Pdu, _PduMS, _ACMData, _Address, _Extra, S) ->
     S.
 
 
 %% Called via the spawn_thread function
+%% <BACKWARD-COMPAT>
 handle_pdu(Vsn, Pdu, PduMS, ACMData, Address, Extra, Dict) ->
+    handle_pdu(Vsn, Pdu, PduMS, ACMData, Address, ?DEFAULT_GB_MAX_VBS, Extra, 
+	       Dict).
+%% </BACKWARD-COMPAT>
+handle_pdu(Vsn, Pdu, PduMS, ACMData, Address, GbMaxVBs, Extra, Dict) ->
     lists:foreach(fun({Key, Val}) -> put(Key, Val) end, Dict),
     put(sname, pdu_handler_short_name(get(sname))),
     ?vlog("new worker starting",[]),
-    handle_pdu(Vsn, Pdu, PduMS, ACMData, Address, Extra).
+    handle_pdu2(Vsn, Pdu, PduMS, ACMData, Address, GbMaxVBs, Extra).
 
-handle_pdu(Vsn, Pdu, PduMS, ACMData, Address, Extra) ->
+handle_pdu2(Vsn, Pdu, PduMS, ACMData, Address, GbMaxVBs, Extra) ->
     %% OTP-3324
     AuthMod = get(auth_module),
     case AuthMod:init_check_access(Pdu, ACMData) of
@@ -1780,7 +1918,8 @@ handle_pdu(Vsn, Pdu, PduMS, ACMData, Address, Extra) ->
 		  "~n   MibView:     ~p"
 		  "~n   ContextName: ~p", [MibView, ContextName]),
 	    AgentData = cheat(ACMData, Address, ContextName),
-	    do_handle_pdu(MibView, Vsn, Pdu, PduMS, ACMData, AgentData, Extra);
+	    do_handle_pdu(MibView, Vsn, Pdu, PduMS, ACMData, AgentData, 
+			  GbMaxVBs, Extra);
 	{error, Reason} ->
 	    ?vlog("handle_pdu -> error:"
 		  "~n   Reason: ~p", [Reason]),
@@ -1794,16 +1933,19 @@ handle_pdu(Vsn, Pdu, PduMS, ACMData, Address, Extra) ->
     end.
 
 do_handle_pdu(MibView, Vsn, Pdu, PduMS, 
-	      ACMData, {Community, Address, ContextName}, Extra) ->
+	      ACMData, {Community, Address, ContextName}, 
+	      GbMaxVBs, Extra) ->
     
     put(net_if_data, Extra),
+
     RePdu = process_msg(MibView, Vsn, Pdu, PduMS, Community, 
-			Address, ContextName),
+			Address, ContextName, GbMaxVBs),
 
     ?vtrace("do_handle_pdu -> processed:"
 	    "~n   RePdu: ~p", [RePdu]),
-    get(net_if) ! {snmp_response, Vsn, RePdu, 
-		   RePdu#pdu.type, ACMData, Address, Extra}.
+    NetIf = get(net_if), 
+    NetIf ! {snmp_response, Vsn, RePdu, 
+	     RePdu#pdu.type, ACMData, Address, Extra}.
 
 
 handle_acm_error(Vsn, Reason, Pdu, ACMData, Address, Extra) ->
@@ -1859,7 +2001,7 @@ handle_acm_error(Vsn, Reason, Pdu, ACMData, Address, Extra) ->
 	    ok
     end.
 
-get_opt(Key, Default, SendOpts) ->
+get_send_opt(Key, Default, SendOpts) ->
     case lists:keysearch(Key, 1, SendOpts) of
 	{value, {Key, Value}} ->
 	    Value;
@@ -1867,40 +2009,19 @@ get_opt(Key, Default, SendOpts) ->
 	    Default
     end.
 
-handle_send_trap(call, #state{type = master_agent} = S, 
-		 Notification, SendOpts) ->
-    SendOpts2 = 
-	case lists:keymember(local_engine_id, 1, SendOpts) of
-	    true ->
-		SendOpts;
-	    false ->
-		[{local_engine_id, ?DEFAULT_LOCAL_ENGINE_ID}|SendOpts]
-	end,
-    handle_send_trap(S, Notification, SendOpts2);
-handle_send_trap(call, S, Notification, SendOpts) ->
-    SendOpts2 = 
-	case lists:keymember(local_engine_id, 1, SendOpts) of
-	    true ->
-		SendOpts;
-	    false ->
-		%% subagent - 
-		%% we don't need this now, eventually the trap send 
-		%% request will reach the master-agent and then it 
-		%% will look up the proper engine id.
-		[{local_engine_id, ignore}|SendOpts]
-	end,
-    handle_send_trap(S, Notification, SendOpts2);
-handle_send_trap(_, S, Notification, SendOpts) ->
-    handle_send_trap(S, Notification, SendOpts).
-
 handle_send_trap(S, Notification, SendOpts) ->
-    NotifyName    = get_opt(name,     "",                        SendOpts),
-    ContextName   = get_opt(context,  "",                        SendOpts),
-    Recv          = get_opt(receiver, no_receiver,               SendOpts),
-    Varbinds      = get_opt(varbinds, [],                        SendOpts),
-    ExtraInfo     = get_opt(extra,    ?DEFAULT_NOTIF_EXTRA_INFO, SendOpts),
+    NotifyName    = get_send_opt(name,     "",                        SendOpts),
+    ContextName   = get_send_opt(context,  "",                        SendOpts),
+    Recv          = get_send_opt(receiver, no_receiver,               SendOpts),
+    Varbinds      = get_send_opt(varbinds, [],                        SendOpts),
+    ExtraInfo     = get_send_opt(extra,    ?DEFAULT_NOTIF_EXTRA_INFO, SendOpts),
     LocalEngineID = 
-	get_opt(local_engine_id, ?DEFAULT_LOCAL_ENGINE_ID, SendOpts),
+	case lists:keysearch(local_engine_id, 1, SendOpts) of
+	    {value, {local_engine_id, Value}} ->
+		Value;
+	    false ->
+		local_engine_id(S)
+	end,
     handle_send_trap(S, Notification, NotifyName, ContextName, Recv, Varbinds, 
 		     LocalEngineID, ExtraInfo).
 
@@ -1908,11 +2029,11 @@ handle_send_trap(#state{type = Type} = S,
 		 Notification, NotifyName, ContextName, Recv, Varbinds, 
 		 LocalEngineID, ExtraInfo) ->
     ?vtrace("handle_send_trap -> entry with"
-	"~n   Agent type:    ~p"
-	"~n   TrapName:      ~p"
-	"~n   NotifyName:    ~p"
-	"~n   ContextName:   ~p"
-	"~n   LocalEngineID: ~p", 
+	    "~n   Agent type:    ~p"
+	    "~n   TrapName:      ~p"
+	    "~n   NotifyName:    ~p"
+	    "~n   ContextName:   ~p"
+	    "~n   LocalEngineID: ~p", 
 	    [Type, Notification, NotifyName, ContextName, LocalEngineID]),
     case snmpa_trap:construct_trap(Notification, Varbinds) of
 	{ok, TrapRecord, VarList} ->
@@ -2025,9 +2146,9 @@ do_handle_send_trap(S, TrapRec, NotifyName, ContextName, Recv, Varbinds,
 	master_agent ->
 	    %% Send to main worker
 	    ?vtrace("do_handle_send_trap -> send to main worker",[]),
-	    S#state.worker ! {send_trap, 
-			      TrapRec, NotifyName, ContextName, Recv, Vbs,
-			      LocalEngineID, ExtraInfo},
+	    S#state.worker ! ?mk_send_trap_wreq(TrapRec, NotifyName, 
+						ContextName, Recv, Vbs,
+						LocalEngineID, ExtraInfo),
 	    {ok, S#state{worker_state = busy}}
     end.
     
@@ -2367,17 +2488,18 @@ handle_mib_of(MibServer, Oid) ->
 %% Func: process_msg/7
 %% Returns: RePdu
 %%-----------------------------------------------------------------
-process_msg(MibView, Vsn, Pdu, PduMS, Community, {Ip, Udp}, ContextName) ->
+process_msg(MibView, Vsn, Pdu, PduMS, Community, {Ip, Udp}, ContextName, 
+	    GbMaxVBs) ->
     #pdu{request_id = ReqId} = Pdu,
     put(snmp_address, {tuple_to_list(Ip), Udp}),
     put(snmp_request_id, ReqId),
     put(snmp_community, Community),
     put(snmp_context, ContextName),
     ?vtrace("process ~p",[Pdu#pdu.type]),
-    process_pdu(Pdu, PduMS, Vsn, MibView).
+    process_pdu(Pdu, PduMS, Vsn, MibView, GbMaxVBs).
 
 process_pdu(#pdu{type='get-request', request_id = ReqId, varbinds=Vbs},
-	    _PduMS, Vsn, MibView) ->
+	    _PduMS, Vsn, MibView, _GbMaxVBs) ->
     ?vtrace("get ~p",[ReqId]),
     Res = get_err(do_get(MibView, Vbs, false)),
     ?vtrace("get result: "
@@ -2398,12 +2520,12 @@ process_pdu(#pdu{type='get-request', request_id = ReqId, varbinds=Vbs},
     make_response_pdu(ReqId, ErrStatus, ErrIndex, Vbs, ResponseVarbinds);
 
 process_pdu(#pdu{type = 'get-next-request', request_id = ReqId, varbinds = Vbs},
-	    _PduMS, Vsn, MibView) ->
+	    _PduMS, Vsn, MibView, _GbMaxVBs) ->
     ?vtrace("process get-next-request -> entry with"
 	    "~n   ReqId:   ~p"
 	    "~n   Vbs:     ~p"
 	    "~n   MibView: ~p",[ReqId, Vbs, MibView]),
-    Res = get_err(do_get_next(MibView, Vbs)),
+    Res = get_err(do_get_next(MibView, Vbs, infinity)),
     ?vtrace("get-next result: "
 	    "~n   ~p",[Res]),
     {ErrStatus, ErrIndex, ResVarbinds} = 
@@ -2420,11 +2542,15 @@ process_pdu(#pdu{type = 'get-next-request', request_id = ReqId, varbinds = Vbs},
 	    "~n   ~p",[ResponseVarbinds]),
     make_response_pdu(ReqId, ErrStatus, ErrIndex, Vbs, ResponseVarbinds);
 
-process_pdu(#pdu{type = 'get-bulk-request',request_id = ReqId,varbinds = Vbs,
-		 error_status = NonRepeaters, error_index = MaxRepetitions},
-	    PduMS, _Vsn, MibView)->
+process_pdu(#pdu{type         = 'get-bulk-request',
+		 request_id   = ReqId,
+		 varbinds     = Vbs,
+		 error_status = NonRepeaters, 
+		 error_index  = MaxRepetitions},
+	    PduMS, _Vsn, MibView, GbMaxVBs) ->
     {ErrStatus, ErrIndex, ResponseVarbinds} = 
-	get_err(do_get_bulk(MibView,NonRepeaters,MaxRepetitions,PduMS,Vbs)),
+	get_err(do_get_bulk(MibView, NonRepeaters, MaxRepetitions, PduMS, Vbs, 
+			    GbMaxVBs)),
     ?vtrace("get-bulk final result: "
 	    "~n   Error status:     ~p"
 	    "~n   Error index:      ~p"
@@ -2433,7 +2559,7 @@ process_pdu(#pdu{type = 'get-bulk-request',request_id = ReqId,varbinds = Vbs,
     make_response_pdu(ReqId, ErrStatus, ErrIndex, Vbs, ResponseVarbinds);
 
 process_pdu(#pdu{type = 'set-request', request_id = ReqId, varbinds = Vbs},
-	    _PduMS, Vsn, MibView)->
+	    _PduMS, Vsn, MibView, _GbMaxVbs)->
     Res = do_set(MibView, Vbs),
     ?vtrace("set result: "
 	    "~n   ~p",[Res]),
@@ -2490,7 +2616,8 @@ validate_next_v1_2([Vb | _Vbs], _MibView, _Res)
     {noSuchName, Vb#varbind.org_index};
 validate_next_v1_2([Vb | Vbs], MibView, Res)
   when Vb#varbind.variabletype =:= 'Counter64' ->
-    case validate_next_v1(do_get_next(MibView, [mk_next_oid(Vb)]), MibView) of
+    case validate_next_v1(
+	   do_get_next(MibView, [mk_next_oid(Vb)], infinity), MibView) of
 	{noError, 0, [NVb]} ->
 	    validate_next_v1_2(Vbs, MibView, [NVb | Res]);
 	{Error, Index, _OrgVb} ->
@@ -2963,59 +3090,97 @@ validate_tab_res(_TooMany, [], Mfa, _Res, I) ->
 %%      that this really matters, since many nexts across the same
 %%      subagent must be considered to be very rare.
 %%-----------------------------------------------------------------
-do_get_next(MibView, UnsortedVarbinds) ->
-    SortedVarbinds = oid_sort_varbindlist(UnsortedVarbinds),
-    next_loop_varbinds([], SortedVarbinds, MibView, [], []).
 
-oid_sort_varbindlist(Vbs) ->
+%% It may be a bit agressive to check this already, 
+%% but since it is a security measure, it makes sense.
+do_get_next(_MibView, UnsortedVarbinds, GbMaxVBs) 
+  when (is_integer(GbMaxVBs) andalso (length(UnsortedVarbinds) > GbMaxVBs)) ->
+    {tooBig, 0, []}; % What is the correct index in this case?
+do_get_next(MibView, UnsortedVBs, GbMaxVBs) ->
+    ?vt("do_get_next -> entry when"
+ 	"~n   MibView:          ~p"
+ 	"~n   UnsortedVBs: ~p", [MibView, UnsortedVBs]),
+    SortedVBs = oid_sort_vbs(UnsortedVBs),
+    ?vt("do_get_next -> "
+ 	"~n   SortedVBs: ~p", [SortedVBs]),
+    next_loop_varbinds([], SortedVBs, MibView, [], [], GbMaxVBs).
+
+oid_sort_vbs(Vbs) ->
     lists:keysort(#varbind.oid, Vbs).
 
+next_loop_varbinds(_, Vbs, _MibView, Res, _LAVb, GbMaxVBs) 
+  when (is_integer(GbMaxVBs) andalso 
+	((length(Vbs) + length(Res)) > GbMaxVBs)) ->
+    {tooBig, 0, []}; % What is the correct index in this case?
+
 %% LAVb is Last Accessible Vb
-next_loop_varbinds([], [Vb | Vbs], MibView, Res, LAVb) ->
+next_loop_varbinds([], [Vb | Vbs], MibView, Res, LAVb, GbMaxVBs) ->
     ?vt("next_loop_varbinds -> entry when"
  	"~n   Vb:      ~p"
  	"~n   MibView: ~p", [Vb, MibView]),
     case varbind_next(Vb, MibView) of
 	endOfMibView ->
+	    ?vt("next_loop_varbind -> endOfMibView", []),
 	    RVb = if LAVb =:= [] -> Vb;
 		     true -> LAVb
 		  end,
 	    NewVb = RVb#varbind{variabletype = 'NULL', value = endOfMibView},
-	    next_loop_varbinds([], Vbs, MibView, [NewVb | Res], []);
+	    next_loop_varbinds([], Vbs, MibView, [NewVb | Res], [], GbMaxVBs);
+
 	{variable, ME, VarOid} when ((ME#me.access =/= 'not-accessible') andalso 
 				     (ME#me.access =/= 'write-only') andalso 
 				     (ME#me.access =/= 'accessible-for-notify')) -> 
+	    ?vt("next_loop_varbind -> variable: "
+		"~n   ME:     ~p"
+		"~n   VarOid: ~p", [ME, VarOid]),
 	    case try_get_instance(Vb, ME) of
 		{value, noValue, _NoSuchSomething} ->
+		    ?vt("next_loop_varbind -> noValue", []),
 		    %% Try next one
-		    NewVb = Vb#varbind{oid = VarOid, value = 'NULL'},
-		    next_loop_varbinds([], [NewVb | Vbs], MibView, Res, []);
+		    NewVb = Vb#varbind{oid   = VarOid, 
+				       value = 'NULL'},
+		    next_loop_varbinds([], [NewVb | Vbs], MibView, Res, [], 
+				       GbMaxVBs);
 		{value, Type, Value} ->
-		    NewVb = Vb#varbind{oid = VarOid, variabletype = Type,
-				       value = Value},
-		    next_loop_varbinds([], Vbs, MibView, [NewVb | Res], []);
+		    ?vt("next_loop_varbind -> value"
+			"~n   Type:  ~p"
+			"~n   Value: ~p", [Type, Value]),
+		    NewVb = Vb#varbind{oid          = VarOid, 
+				       variabletype = Type,
+				       value        = Value},
+		    next_loop_varbinds([], Vbs, MibView, [NewVb | Res], [],
+				       GbMaxVBs);
 		{error, ErrorStatus} ->
 		    ?vdebug("next loop varbinds:"
 			    "~n   ErrorStatus: ~p",[ErrorStatus]),
 		    {ErrorStatus, Vb#varbind.org_index, []}
 	    end;
 	{variable, _ME, VarOid} -> 
+	    ?vt("next_loop_varbind -> variable: "
+		"~n   VarOid: ~p", [VarOid]),
 	    RVb = if LAVb =:= [] -> Vb;
 		     true -> LAVb
 		  end,
 	    NewVb = Vb#varbind{oid = VarOid, value = 'NULL'},
-	    next_loop_varbinds([], [NewVb | Vbs], MibView, Res, RVb);
+	    next_loop_varbinds([], [NewVb | Vbs], MibView, Res, RVb, GbMaxVBs);
 	{table, TableOid, TableRestOid, ME} ->
+	    ?vt("next_loop_varbind -> table: "
+		"~n   TableOid:     ~p"
+		"~n   TableRestOid: ~p"
+		"~n   ME:           ~p", [TableOid, TableRestOid, ME]),
 	    next_loop_varbinds({table, TableOid, ME,
 				[{tab_oid(TableRestOid), Vb}]},
-			       Vbs, MibView, Res, []);
+			       Vbs, MibView, Res, [], GbMaxVBs);
 	{subagent, SubAgentPid, SAOid} ->
+	    ?vt("next_loop_varbind -> subagent: "
+		"~n   SubAgentPid: ~p"
+		"~n   SAOid:       ~p", [SubAgentPid, SAOid]),
 	    NewVb = Vb#varbind{variabletype = 'NULL', value = 'NULL'},
 	    next_loop_varbinds({subagent, SubAgentPid, SAOid, [NewVb]},
-			       Vbs, MibView, Res, [])
+			       Vbs, MibView, Res, [], GbMaxVBs)
     end;
 next_loop_varbinds({table, TableOid, ME, TabOids},
-		   [Vb | Vbs], MibView, Res, _LAVb) ->
+		   [Vb | Vbs], MibView, Res, _LAVb, GbMaxVBs) ->
     ?vt("next_loop_varbinds(table) -> entry with"
  	"~n   TableOid: ~p"
  	"~n   Vb:       ~p", [TableOid, Vb]),
@@ -3023,13 +3188,14 @@ next_loop_varbinds({table, TableOid, ME, TabOids},
 	{table, TableOid, TableRestOid, _ME} ->
 	    next_loop_varbinds({table, TableOid, ME,
 				[{tab_oid(TableRestOid), Vb} | TabOids]},
-			       Vbs, MibView, Res, []);
+			       Vbs, MibView, Res, [], GbMaxVBs);
 	_ ->
 	    case get_next_table(ME, TableOid, TabOids, MibView) of
 		{ok, TabRes, TabEndOfTabVbs} ->
 		    NewVbs = lists:append(TabEndOfTabVbs, [Vb | Vbs]),
 		    NewRes = lists:append(TabRes, Res),
-		    next_loop_varbinds([], NewVbs, MibView, NewRes, []);
+		    next_loop_varbinds([], NewVbs, MibView, NewRes, [], 
+				       GbMaxVBs);
 		{ErrorStatus, OrgIndex} ->
 		    ?vdebug("next loop varbinds: next varbind"
 			    "~n   ErrorStatus: ~p"
@@ -3039,7 +3205,7 @@ next_loop_varbinds({table, TableOid, ME, TabOids},
 	    end
     end;
 next_loop_varbinds({table, TableOid, ME, TabOids},
-		   [], MibView, Res, _LAVb) ->
+		   [], MibView, Res, _LAVb, GbMaxVBs) ->
     ?vt("next_loop_varbinds(table) -> entry with"
 	"~n   TableOid: ~p", [TableOid]),
     case get_next_table(ME, TableOid, TabOids, MibView) of
@@ -3048,7 +3214,8 @@ next_loop_varbinds({table, TableOid, ME, TabOids},
 		"~n   TabRes:         ~p"
 		"~n   TabEndOfTabVbs: ~p", [TabRes, TabEndOfTabVbs]),
 	    NewRes = lists:append(TabRes, Res),
-	    next_loop_varbinds([], TabEndOfTabVbs, MibView, NewRes, []);
+	    next_loop_varbinds([], TabEndOfTabVbs, MibView, NewRes, [], 
+			       GbMaxVBs);
 	{ErrorStatus, OrgIndex} ->
 	    ?vdebug("next loop varbinds: next table"
 		    "~n   ErrorStatus: ~p"
@@ -3057,7 +3224,7 @@ next_loop_varbinds({table, TableOid, ME, TabOids},
 	    {ErrorStatus, OrgIndex, []}
     end;
 next_loop_varbinds({subagent, SAPid, SAOid, SAVbs},
-		   [Vb | Vbs], MibView, Res, _LAVb) ->
+		   [Vb | Vbs], MibView, Res, _LAVb, GbMaxVBs) ->
     ?vt("next_loop_varbinds(subagent) -> entry with"
 	"~n   SAPid: ~p"
 	"~n   SAOid: ~p"
@@ -3066,13 +3233,14 @@ next_loop_varbinds({subagent, SAPid, SAOid, SAVbs},
 	{subagent, _SubAgentPid, SAOid} ->
 	    next_loop_varbinds({subagent, SAPid, SAOid,
 				[Vb | SAVbs]},
-			       Vbs, MibView, Res, []);
+			       Vbs, MibView, Res, [], GbMaxVBs);
 	_ ->
 	    case get_next_sa(SAPid, SAOid, SAVbs, MibView) of
 		{ok, SARes, SAEndOfMibViewVbs} ->
 		    NewVbs = lists:append(SAEndOfMibViewVbs, [Vb | Vbs]),
 		    NewRes = lists:append(SARes, Res),
-		    next_loop_varbinds([], NewVbs, MibView, NewRes, []);
+		    next_loop_varbinds([], NewVbs, MibView, NewRes, [], 
+				       GbMaxVBs);
 		{noSuchName, OrgIndex} ->
 		    %% v1 reply, treat this Vb as endOfMibView, and try again
 		    %% for the others.
@@ -3085,12 +3253,14 @@ next_loop_varbinds({subagent, SAPid, SAOid, SAVbs},
 			    case lists:delete(EVb, SAVbs) of
 				[] ->
 				    next_loop_varbinds([], [EndOfVb, Vb | Vbs],
-						       MibView, Res, []);
+						       MibView, Res, [],
+						       GbMaxVBs);
 				TryAgainVbs ->
 				    next_loop_varbinds({subagent, SAPid, SAOid,
 							TryAgainVbs},
 						       [EndOfVb, Vb | Vbs],
-						       MibView, Res, [])
+						       MibView, Res, [],
+						       GbMaxVBs)
 			    end;
 			false ->
 			    %% bad index from subagent
@@ -3106,14 +3276,15 @@ next_loop_varbinds({subagent, SAPid, SAOid, SAVbs},
 	    end
     end;
 next_loop_varbinds({subagent, SAPid, SAOid, SAVbs},
-		   [], MibView, Res, _LAVb) ->
+		   [], MibView, Res, _LAVb, GbMaxVBs) ->
      ?vt("next_loop_varbinds(subagent) -> entry with"
 	 "~n   SAPid: ~p"
 	 "~n   SAOid: ~p", [SAPid, SAOid]),
     case get_next_sa(SAPid, SAOid, SAVbs, MibView) of
 	{ok, SARes, SAEndOfMibViewVbs} ->
 	    NewRes = lists:append(SARes, Res),
-	    next_loop_varbinds([], SAEndOfMibViewVbs, MibView, NewRes, []);
+	    next_loop_varbinds([], SAEndOfMibViewVbs, MibView, NewRes, [],
+			       GbMaxVBs);
 	{noSuchName, OrgIndex} ->
 	    %% v1 reply, treat this Vb as endOfMibView, and try again for
 	    %% the others.
@@ -3124,11 +3295,13 @@ next_loop_varbinds({subagent, SAPid, SAOid, SAVbs},
 					  value = {endOfMibView, NextOid}},
 		    case lists:delete(EVb, SAVbs) of
 			[] ->
-			    next_loop_varbinds([], [EndOfVb], MibView, Res, []);
+			    next_loop_varbinds([], [EndOfVb], MibView, Res, [],
+					       GbMaxVBs);
 			TryAgainVbs ->
 			    next_loop_varbinds({subagent, SAPid, SAOid,
 						TryAgainVbs},
-					       [EndOfVb], MibView, Res, [])
+					       [EndOfVb], MibView, Res, [],
+					       GbMaxVBs)
 		    end;
 		false ->
 		    %% bad index from subagent
@@ -3141,12 +3314,15 @@ next_loop_varbinds({subagent, SAPid, SAOid, SAVbs},
  		    [ErrorStatus,OrgIndex]),
  	    {ErrorStatus, OrgIndex, []}
     end;
-next_loop_varbinds([], [], _MibView, Res, _LAVb) ->
+next_loop_varbinds([], [], _MibView, Res, _LAVb, _GbMaxVBs) ->
     ?vt("next_loop_varbinds -> entry when done", []),
     {noError, 0, Res}.
 
 try_get_instance(_Vb, #me{mfa = {M, F, A}, asn1_type = ASN1Type}) ->
-    ?vtrace("try get instance from <~p,~p,~p>",[M,F,A]),
+    ?vtrace("try_get_instance -> entry with"
+	    "~n   M: ~p"
+	    "~n   F: ~p"
+	    "~n   A: ~p", [M,F,A]),
     Result = (catch dbg_apply(M, F, [get | A])),
     % mib shall return {value, <a-nice-value-within-range>} |
     % {noValue, noSuchName} (v1) | 
@@ -3157,6 +3333,7 @@ try_get_instance(_Vb, #me{mfa = {M, F, A}, asn1_type = ASN1Type}) ->
 tab_oid([]) -> [0];
 tab_oid(X) -> X.
 
+
 %%-----------------------------------------------------------------
 %% Perform a next, using the varbinds Oid if value is simple
 %% value. If value is {endOf<something>, NextOid}, use NextOid.
@@ -3403,22 +3580,30 @@ next_oid(Oid) ->
 
 %%%-----------------------------------------------------------------
 %%% 5. GET-BULK REQUEST
+%%% 
+%%% In order to prevent excesses in reply sizes there are two 
+%%% preventive methods in place. One is to check that the encode
+%%% size does not exceed Max PDU size (this is mentioned in the
+%%% standard). The other is a simple VBs limit. That is, the 
+%%% resulting response cannot contain more then this number of VBs.
 %%%-----------------------------------------------------------------
-do_get_bulk(MibView, NonRepeaters, MaxRepetitions, PduMS, Varbinds) ->
-    ?vtrace("do get bulk: start with"
+
+do_get_bulk(MibView, NonRepeaters, MaxRepetitions, PduMS, Varbinds, GbMaxVBs) ->
+    ?vtrace("do_get_bulk -> entry with"
 	    "~n   MibView:        ~p"
 	    "~n   NonRepeaters:   ~p"
 	    "~n   MaxRepetitions: ~p"
 	    "~n   PduMS:          ~p"
-	    "~n   Varbinds:       ~p",
-	    [MibView, NonRepeaters, MaxRepetitions, PduMS, Varbinds]),
+	    "~n   Varbinds:       ~p"
+	    "~n   GbMaxVBs:       ~p",
+	    [MibView, NonRepeaters, MaxRepetitions, PduMS, Varbinds, GbMaxVBs]),
     {NonRepVbs, RestVbs} = split_vbs(NonRepeaters, Varbinds, []),
-    ?vt("do get bulk -> split: "
+    ?vt("do_get_bulk -> split: "
 	"~n   NonRepVbs: ~p"
 	"~n   RestVbs:   ~p", [NonRepVbs, RestVbs]),
-    case do_get_next(MibView, NonRepVbs) of
-	{noError, 0, UResNonRepVbs} -> 
-	    ?vt("do get bulk -> next: "
+    case do_get_next(MibView, NonRepVbs, GbMaxVBs) of
+	{noError, 0, UResNonRepVbs} ->
+	    ?vt("do_get_bulk -> next noError: "
 		"~n   UResNonRepVbs: ~p", [UResNonRepVbs]),
 	    ResNonRepVbs = lists:keysort(#varbind.org_index, UResNonRepVbs),
 	    %% Decode the first varbinds, produce a reversed list of
@@ -3428,11 +3613,12 @@ do_get_bulk(MibView, NonRepeaters, MaxRepetitions, PduMS, Varbinds) ->
 		    user_err("failed encoding varbind ~w:~n~p", [Idx, Reason]),
                     {genErr, Idx, []};
                 {SizeLeft, Res} when is_integer(SizeLeft) and is_list(Res) ->
- 		    ?vtrace("do get bulk -> encoded: "
+ 		    ?vtrace("do_get_bulk -> encoded: "
 			    "~n   SizeLeft: ~p"
 			    "~n   Res:      ~w", [SizeLeft, Res]),
 		    case (catch do_get_rep(SizeLeft, MibView, MaxRepetitions,
-					   RestVbs, Res)) of
+					   RestVbs, Res, 
+					   length(UResNonRepVbs), GbMaxVBs)) of
 			{error, Idx, Reason} ->
 			    user_err("failed encoding varbind ~w:~n~p", 
 				     [Idx, Reason]),
@@ -3441,6 +3627,10 @@ do_get_bulk(MibView, NonRepeaters, MaxRepetitions, PduMS, Varbinds) ->
 			    ?vtrace("do get bulk -> Res: "
 				    "~n   ~w", [Res]),
 			    {noError, 0, conv_res(Res)};
+			{noError, 0, Data} = OK ->
+			    ?vtrace("do get bulk -> OK: "
+				    "~n   length(Data): ~w", [length(Data)]),
+			    OK;
 			Else ->
 			    ?vtrace("do get bulk -> Else: "
 				    "~n   ~w", [Else]),
@@ -3449,6 +3639,7 @@ do_get_bulk(MibView, NonRepeaters, MaxRepetitions, PduMS, Varbinds) ->
 		Res when is_list(Res) ->
 		    {noError, 0, conv_res(Res)}
 	    end;
+
 	{ErrorStatus, Index, _} ->
 	    ?vdebug("do get bulk: "
 		    "~n   ErrorStatus: ~p"
@@ -3498,11 +3689,12 @@ enc_vbs(SizeLeft, Vbs) ->
 	  end,
     lists:foldl(Fun, {SizeLeft, []}, Vbs).
 
-do_get_rep(Sz, MibView, MaxRepetitions, Varbinds, Res) 
+do_get_rep(Sz, MibView, MaxRepetitions, Varbinds, Res, GbNumVBs, GbMaxVBs) 
   when MaxRepetitions >= 0 ->
-    do_get_rep(Sz, MibView, 0, MaxRepetitions, Varbinds, Res);
-do_get_rep(Sz, MibView, _MaxRepetitions, Varbinds, Res) ->
-    do_get_rep(Sz, MibView, 0, 0, Varbinds, Res).
+    do_get_rep(Sz, MibView, 0, MaxRepetitions, Varbinds, Res, 
+	       GbNumVBs, GbMaxVBs);
+do_get_rep(Sz, MibView, _MaxRepetitions, Varbinds, Res, GbNumVBs, GbMaxVBs) ->
+    do_get_rep(Sz, MibView, 0, 0, Varbinds, Res, GbNumVBs, GbMaxVBs).
 
 conv_res(ResVarbinds) ->
     conv_res(ResVarbinds, []).
@@ -3511,22 +3703,30 @@ conv_res([VbListOfBytes | T], Bytes) ->
 conv_res([], Bytes) ->
     Bytes.
 
-do_get_rep(_Sz, _MibView, Max, Max, _, Res) ->
+%% The only other value, then a positive integer, is infinity.
+do_get_rep(_Sz, _MibView, Count, Max, _, _Res, GbNumVBs, GbMaxVBs) 
+  when (is_integer(GbMaxVBs) andalso (GbNumVBs > GbMaxVBs)) ->
+    ?vinfo("Max Get-BULK VBs limit (~w) exceeded (~w) when:"
+	   "~n   Count: ~p"
+	   "~n   Max:   ~p", [GbMaxVBs, GbNumVBs, Count, Max]),
+    {tooBig, 0, []};
+do_get_rep(_Sz, _MibView, Max, Max, _, Res, _GbNumVBs, _GbMaxVBs) ->
     ?vt("do_get_rep -> done when: "
 	"~n   Res: ~p", [Res]),
     {noError, 0, conv_res(Res)};
-do_get_rep(Sz, MibView, Count, Max, Varbinds, Res) -> 
+do_get_rep(Sz, MibView, Count, Max, Varbinds, Res, GbNumVBs, GbMaxVBs) -> 
     ?vt("do_get_rep -> entry when: "
 	"~n   Sz:    ~p"
 	"~n   Count: ~p"
 	"~n   Res:   ~w", [Sz, Count, Res]),
-    case try_get_bulk(Sz, MibView, Varbinds) of
+    case try_get_bulk(Sz, MibView, Varbinds, GbMaxVBs) of
 	{noError, NextVarbinds, SizeLeft, Res2} -> 
 	    ?vt("do_get_rep -> noError: "
 		"~n   SizeLeft: ~p"
 		"~n   Res2:     ~p", [SizeLeft, Res2]),
 	    do_get_rep(SizeLeft, MibView, Count+1, Max, NextVarbinds,
-		       Res2 ++ Res);
+		       Res2 ++ Res, 
+		       GbNumVBs + length(Varbinds), GbMaxVBs);
 	{endOfMibView, _NextVarbinds, _SizeLeft, Res2} -> 
 	    ?vt("do_get_rep -> endOfMibView: "
 		"~n   Res2: ~p", [Res2]),
@@ -3538,22 +3738,29 @@ do_get_rep(Sz, MibView, Count, Max, Varbinds, Res) ->
 	    {ErrorStatus, Index, []}
     end.
 
-try_get_bulk(Sz, MibView, Varbinds) -> 
+org_index_sort_vbs(Vbs) ->
+    lists:keysort(#varbind.org_index, Vbs).
+
+try_get_bulk(Sz, MibView, Varbinds, GbMaxVBs) -> 
     ?vt("try_get_bulk -> entry with"
-	"~n   Sz: ~w", [Sz]),
-    case do_get_next(MibView, Varbinds) of
+	"~n   Sz:       ~w"
+	"~n   MibView:  ~w"
+	"~n   Varbinds: ~w", [Sz, MibView, Varbinds]),
+    case do_get_next(MibView, Varbinds, GbMaxVBs) of
 	{noError, 0, UNextVarbinds} -> 
-	    ?vt("try_get_bulk -> noError", []),
-	    NextVarbinds = lists:keysort(#varbind.org_index, UNextVarbinds),
+	    ?vt("try_get_bulk -> noError: "
+		"~n   UNextVarbinds: ~p", [UNextVarbinds]),
+	    NextVarbinds = org_index_sort_vbs(UNextVarbinds),
 	    case (catch enc_vbs(Sz, NextVarbinds)) of
 		{error, Idx, Reason} ->
 		    user_err("failed encoding varbind ~w:~n~p", [Idx, Reason]),
-		    ?vtrace("try_get_bulk -> error: "
+		    ?vtrace("try_get_bulk -> encode error: "
 			    "~n   Idx:    ~p"
 			    "~n   Reason: ~p", [Idx, Reason]),
 		    {genErr, Idx};
-		{SizeLeft, Res} when is_integer(SizeLeft) andalso is_list(Res) ->
-		    ?vt("try get bulk -> "
+		{SizeLeft, Res} when is_integer(SizeLeft) andalso 
+				     is_list(Res) ->
+		    ?vt("try get bulk -> encode ok: "
 			"~n   SizeLeft: ~w"
 			"~n   Res:      ~w", [SizeLeft, Res]),
 		    {check_end_of_mibview(NextVarbinds),
@@ -3564,9 +3771,9 @@ try_get_bulk(Sz, MibView, Varbinds) ->
 		    {endOfMibView, [], 0, Res}
 	    end;
 	{ErrorStatus, Index, _} ->
-	    ?vt("try get bulk: "
+	    ?vt("try_get_bulk -> error: "
 		"~n   ErrorStatus: ~p"
-		"~n   Index:       ~p",[ErrorStatus, Index]),
+		"~n   Index:       ~p", [ErrorStatus, Index]),
 	    {ErrorStatus, Index}
     end.
 
@@ -3707,9 +3914,8 @@ get_err({ErrC, ErrI, Vbs}) ->
     {get_err_i(ErrC), ErrI, Vbs}.
 
 get_err_i(noError) -> noError;
-get_err_i(S) -> 
-    ?vtrace("convert '~p' to 'genErr'",[S]),
-    genErr.
+get_err_i(tooBig) -> tooBig;    % OTP-9700 
+get_err_i(ES) -> ?vtrace("convert ErrorStatus '~p' to 'genErr'", [ES]), genErr.
 
 v2err_to_v1err(noError) ->            noError;
 v2err_to_v1err(noAccess) ->           noSuchName;
@@ -3935,6 +4141,7 @@ mapfoldl(F, Eas, Accu0, [Hd|Tail]) ->
     {Accu2,[R|Rs]};
 mapfoldl(_F, _Eas, Accu, []) -> {Accu,[]}.
 
+
 %%-----------------------------------------------------------------
 %% Runtime debugging of the agent.
 %%-----------------------------------------------------------------
@@ -4001,6 +4208,18 @@ subagents_verbosity(_,_V) ->
 
 %% ---------------------------------------------------------------------
 
+local_engine_id(#state{type = master_agent}) ->
+    ?DEFAULT_LOCAL_ENGINE_ID;
+local_engine_id(_) ->
+    %% subagent - 
+    %% we don't need this now, eventually the trap send 
+    %% request will reach the master-agent and then it 
+    %% will look up the proper engine id.
+    ignore.
+
+
+%% ---------------------------------------------------------------------
+
 handle_get_log_type(#state{net_if_mod = Mod}) 
   when Mod =/= undefined ->
     case (catch Mod:get_log_type(get(net_if))) of
@@ -4047,7 +4266,7 @@ handle_set_request_limit(_, _) ->
     {error, not_supported}.
 
 
-agent_info(#state{worker = W, set_worker = SW}) ->	 
+agent_info(#state{worker = W, set_worker = SW}) -> 
     case (catch get_agent_info(W, SW)) of
 	Info when is_list(Info) ->
 	    Info;
@@ -4206,6 +4425,9 @@ get_multi_threaded(Opts) ->
 get_versions(Opts) ->
     get_option(versions, Opts, [v1,v2,v3]).
 
+get_gb_max_vbs(Opts) ->
+    get_option(gb_max_vbs, Opts, infinity).
+
 get_note_store_opt(Opts) ->
     get_option(note_store, Opts, []).
 
diff --git a/lib/snmp/src/agent/snmpa_internal.hrl b/lib/snmp/src/agent/snmpa_internal.hrl
index a490a78f84..c435b519d9 100644
--- a/lib/snmp/src/agent/snmpa_internal.hrl
+++ b/lib/snmp/src/agent/snmpa_internal.hrl
@@ -22,9 +22,19 @@
 
 -include_lib("snmp/src/app/snmp_internal.hrl").
 
--define(DEFAULT_LOCAL_ENGINE_ID, snmp_framework_mib:get_engine_id()).
+%% The DEFAULT_LOCAL_ENGINE_ID macro can only be used by the master_agent!!
+-define(DEFAULT_LOCAL_ENGINE_ID,  snmp_framework_mib:get_engine_id()). 
 -define(DEFAULT_NOTIF_EXTRA_INFO, {snmpa_default_notification_extra_info}).
 
+%% -- Max number of VBs in a Get-BULK response --
+%% (( The default value, 1000, is *way* more   ))
+%% (( then there is room for in a normal pdu   ))
+%% (( (unless the max pdu size has been        ))
+%% (( cranked way up), so this value should    ))
+%% (( suffice as "infinity" without actually   ))
+%% (( causing memory issues for the VM ...     ))
+-define(DEFAULT_GB_MAX_VBS, 1000).
+
 -define(snmpa_info(F, A),    ?snmp_info("agent",    F, A)).
 -define(snmpa_warning(F, A), ?snmp_warning("agent", F, A)).
 -define(snmpa_error(F, A),   ?snmp_error("agent",   F, A)).
diff --git a/lib/snmp/src/agent/snmpa_local_db.erl b/lib/snmp/src/agent/snmpa_local_db.erl
index d9d6e633de..1ec8dd3874 100644
--- a/lib/snmp/src/agent/snmpa_local_db.erl
+++ b/lib/snmp/src/agent/snmpa_local_db.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -486,7 +486,11 @@ handle_call({match, Name, Db, Pattern}, _From, State) ->
     L1 = match(Db, Name, Pattern, State),
     {reply, lists:delete([undef], L1), State};
 
-handle_call({backup, BackupDir}, From, #state{dets = Dets} = State) ->
+%% This check (that there is no backup already in progress) is also 
+%% done in the master agent process, but just in case a user issues 
+%% a backup call to this process directly, we add a similar check here. 
+handle_call({backup, BackupDir}, From, 
+	    #state{backup = undefined, dets = Dets} = State) ->
     ?vlog("backup: ~p",[BackupDir]),
     Pid = self(),
     V   = get(verbosity),
@@ -511,6 +515,10 @@ handle_call({backup, BackupDir}, From, #state{dets = Dets} = State) ->
 	    {reply, Error, State}
     end;
 
+handle_call({backup, _BackupDir}, From, #state{backup = Backup} = S) ->
+    ?vinfo("backup already in progress: ~p", [Backup]),
+    {reply, {error, backup_in_progress}, S};
+
 handle_call(dump, _From, #state{dets = Dets} = State) ->
     ?vlog("dump",[]),
     dets_sync(Dets),
@@ -1110,7 +1118,7 @@ table_func(is_set_ok, RowIndex, Cols, NameDb) ->
 table_func(set, RowIndex, Cols, NameDb) ->
     snmp_generic:table_set_row(NameDb,
 			       nofunc,
-			       {snmp_generic, table_try_make_consistent},
+			       fun snmp_generic:table_try_make_consistent/3,
 			       RowIndex,
 			       Cols);
 
diff --git a/lib/snmp/src/agent/snmpa_mib.erl b/lib/snmp/src/agent/snmpa_mib.erl
index ce90db18b3..574467d38f 100644
--- a/lib/snmp/src/agent/snmpa_mib.erl
+++ b/lib/snmp/src/agent/snmpa_mib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -552,8 +552,12 @@ handle_call({dump, File}, _From, #state{data = Data} = State) ->
     Reply = snmpa_mib_data:dump(Data, File),
     {reply, Reply, State};
     
-handle_call({backup, BackupDir}, From, #state{data = Data} = State) ->
-    ?vlog("backup to ~s",[BackupDir]),
+%% This check (that there is no backup already in progress) is also 
+%% done in the master agent process, but just in case a user issues 
+%% a backup call to this process directly, we add a similar check here. 
+handle_call({backup, BackupDir}, From, 
+	    #state{backup = undefined, data = Data} = State) ->
+    ?vlog("backup to ~s", [BackupDir]),
     Pid = self(),
     V   = get(verbosity),
     case file:read_file_info(BackupDir) of
@@ -576,6 +580,10 @@ handle_call({backup, BackupDir}, From, #state{data = Data} = State) ->
 	    {reply, Error, State}
     end;
     
+handle_call({backup, _BackupDir}, From, #state{backup = Backup} = S) ->
+    ?vinfo("backup already in progress: ~p", [Backup]),
+    {reply, {error, backup_in_progress}, S};
+
 handle_call(stop, _From, State) ->
     ?vlog("stop",[]),    
     {stop, normal, ok, State};
diff --git a/lib/snmp/src/agent/snmpa_mib_lib.erl b/lib/snmp/src/agent/snmpa_mib_lib.erl
index 078e681945..3c94cc8095 100644
--- a/lib/snmp/src/agent/snmpa_mib_lib.erl
+++ b/lib/snmp/src/agent/snmpa_mib_lib.erl
@@ -61,23 +61,23 @@ table_del_row({Tab, Db} = TabDb, Key) ->
 get_table(NameDb, FOI) ->
     (catch get_table(NameDb, FOI, [], [])).
 
-get_table(NameDb, FOI, Oid, Acc) ->
-    case table_next(NameDb, Oid) of
+get_table(NameDb, FOI, Key, Acc) ->
+    case table_next(NameDb, Key) of
         endOfTable ->
             ?vdebug("end of table",[]),
             {ok, lists:reverse(Acc)};
-        Oid ->
+        Key ->
             %% Crap, circular ref
-            ?vinfo("cyclic reference: ~w -> ~w", [Oid,Oid]),
-            throw({error, {cyclic_db_reference, Oid, Acc}});
-        NextOid ->
-            ?vtrace("get row for oid ~w", [NextOid]),
-            case table_get_row(NameDb, NextOid, FOI) of
+            ?vinfo("cyclic reference: ~w -> ~w", [Key, Key]),
+            throw({error, {cyclic_db_reference, Key, Acc}});
+        NextKey ->
+            ?vtrace("get row for key ~w", [NextKey]),
+            case table_get_row(NameDb, NextKey, FOI) of
                 undefined -> 
-		    throw({error, {invalid_rowindex, NextOid, Acc}});
+		    throw({error, {invalid_rowindex, NextKey, Acc}});
                 Row ->
                     ?vtrace("row: ~w", [Row]),
-		    get_table(NameDb, FOI, NextOid, [{NextOid, Row}|Acc])
+		    get_table(NameDb, FOI, NextKey, [{NextKey, Row}|Acc])
             end
     end.
     
diff --git a/lib/snmp/src/agent/snmpa_mpd.erl b/lib/snmp/src/agent/snmpa_mpd.erl
index 4f50b1a674..2d37ea56f0 100644
--- a/lib/snmp/src/agent/snmpa_mpd.erl
+++ b/lib/snmp/src/agent/snmpa_mpd.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -468,15 +468,10 @@ v3_proc(NoteStore, Packet, LocalEngineID, V3Hdr, Data, Log) ->
 			_ ->
 			    %% 4.2.2.1.2
 			    NIsReportable = snmp_misc:is_reportable_pdu(Type),
-			    Val = inc(snmpUnknownPDUHandlers),
 			    ErrorInfo = 
-				{#varbind{oid = ?snmpUnknownPDUHandlers,
-					  variabletype = 'Counter32',
-					  value = Val},
-				 SecName,
-				 [{securityLevel,   SecLevel},
-				  {contextEngineID, ContextEngineID},
-				  {contextName,     ContextName}]},
+				snmpUnknownPDUHandlers_ei(SecName, SecLevel, 
+							  ContextEngineID, 
+							  ContextName),
 			    case generate_v3_report_msg(MsgID, 
 							MsgSecurityModel,
 							Data, LocalEngineID, 
@@ -507,6 +502,21 @@ v3_proc(NoteStore, Packet, LocalEngineID, V3Hdr, Data, Log) ->
 	    end
     end.
 
+make_error_info(Variable, Oid, SecName, Opts) ->
+    Val = inc(Variable),
+    VB  = #varbind{oid          = Oid, 
+		   variabletype = 'Counter32',
+		   value        = Val},
+    {VB, SecName, Opts}.
+
+snmpUnknownPDUHandlers_ei(SecName, SecLevel, 
+			  ContextEngineID, ContextName) ->
+    Opts = [{securityLevel,   SecLevel},
+	    {contextEngineID, ContextEngineID},
+	    {contextName,     ContextName}], 
+    make_error_info(snmpUnknownPDUHandlers, 
+		    ?snmpUnknownPDUHandlers_instance,
+		    SecName, Opts).
 
 get_security_module(?SEC_USM) ->
     snmpa_usm;
diff --git a/lib/snmp/src/agent/snmpa_set_lib.erl b/lib/snmp/src/agent/snmpa_set_lib.erl
index 00c77a0cdb..f5218d5409 100644
--- a/lib/snmp/src/agent/snmpa_set_lib.erl
+++ b/lib/snmp/src/agent/snmpa_set_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -143,8 +143,8 @@ consistency_check(Varbinds) ->
     consistency_check(Varbinds, []).
 consistency_check([{TableOid, TableVbs} | Varbinds], Done) ->
     ?vtrace("consistency_check -> entry with"
-	"~n   TableOid: ~p"
-	"~n   TableVbs: ~p",[TableOid,TableVbs]),
+	    "~n   TableOid: ~p"
+	    "~n   TableVbs: ~p", [TableOid, TableVbs]),
     TableOpsWithShortOids = deletePrefixes(TableOid, TableVbs),
     [#ivarbind{mibentry = MibEntry}|_] = TableVbs,
     case is_set_ok_table(MibEntry, TableOpsWithShortOids) of
@@ -158,7 +158,7 @@ consistency_check([{TableOid, TableVbs} | Varbinds], Done) ->
     end;
 consistency_check([IVarbind | Varbinds], Done) ->
     ?vtrace("consistency_check -> entry with"
-	"~n   IVarbind: ~p",[IVarbind]),
+	    "~n   IVarbind: ~p", [IVarbind]),
     #ivarbind{varbind = Varbind, mibentry = MibEntry} = IVarbind,
     #varbind{value = Value, org_index = OrgIndex} = Varbind,
     case is_set_ok_variable(MibEntry, Value) of
@@ -358,38 +358,54 @@ make_value_a_correct_value(Value, ASN1Type, Mfa) ->
 %% Runtime debug support
 %%-----------------------------------------------------------------
 
-% XXX: This function match on the exakt return codes from EXIT
-% messages. As of this writing it was not decided if this is
-% the right way so don't blindly do things this way.
-%
-% We fake a real EXIT signal as the return value because the
-% result is passed to the function snmpa_agent:validate_err()
-% that expect it.
+%% XYZ: This function match on the exakt return codes from EXIT
+%% messages. As of this writing it was not decided if this is
+%% the right way so don't blindly do things this way.
+%%
+%% We fake a real EXIT signal as the return value because the
+%% result is passed to the function snmpa_agent:validate_err()
+%% that expect it.
   
 dbg_apply(M,F,A) ->
-    Result =
-	case get(verbosity) of
-	    false ->
-		(catch apply(M,F,A));
-	    _ ->
-		?vlog("~n   apply: ~w,~w,~p~n", [M,F,A]),
-		Res = (catch apply(M,F,A)),
-		?vlog("~n   returned: ~p", [Res]),
-		Res
-	end,
-    case Result of
-	{'EXIT', {undef, [{M, F, A, _} | _]}} ->
-	    {'EXIT', {hook_undef, {M, F, A}}};
-	{'EXIT', {function_clause, [{M, F, A, _} | _]}} ->
-	    {'EXIT', {hook_function_clause, {M, F, A}}};
-
-	% XXX: Old format for compatibility
-	{'EXIT', {undef, {M, F, A, _}}} ->
-	    {'EXIT', {hook_undef, {M, F, A}}};
-	{'EXIT', {function_clause, {M, F, A, _}}} ->
-	    {'EXIT', {hook_function_clause, {M, F, A}}};
-
-	Result ->
-	    Result
+    case maybe_verbose_apply(M, F, A) of
+        %% <Future proofing>
+        %% As of R15 we get extra info containing, 
+        %% among other things, line numbers.
+        {'EXIT', {undef, [{M, F, A, _} | _]}} ->
+            {'EXIT', {hook_undef, {M, F, A}}};
+        {'EXIT', {function_clause, [{M, F, A, _} | _]}} ->
+            {'EXIT', {hook_function_clause, {M, F, A}}};
+
+        %% This is really overkill, but just to be on the safe side...
+        {'EXIT', {undef, {M, F, A, _}}} ->
+            {'EXIT', {hook_undef, {M, F, A}}};
+        {'EXIT', {function_clause, {M, F, A, _}}} ->
+            {'EXIT', {hook_function_clause, {M, F, A}}};
+        %% </Future proofing>
+
+        %% Old format format for compatibility
+        {'EXIT', {undef, [{M, F, A} | _]}} ->
+            {'EXIT', {hook_undef, {M, F, A}}};
+        {'EXIT', {function_clause, [{M, F, A} | _]}} ->
+            {'EXIT', {hook_function_clause, {M, F, A}}};
+
+						% XYZ: Older format for compatibility
+        {'EXIT', {undef, {M, F, A}}} ->
+            {'EXIT', {hook_undef, {M, F, A}}};
+        {'EXIT', {function_clause, {M, F, A}}} ->
+            {'EXIT', {hook_function_clause, {M, F, A}}};
+
+        Result ->
+            Result
     end.
 
+maybe_verbose_apply(M, F, A) ->
+    case get(verbosity) of
+        false ->
+            (catch apply(M,F,A));
+        _ ->
+            ?vlog("~n   apply: ~w,~w,~p~n", [M,F,A]),
+            Res = (catch apply(M,F,A)),
+            ?vlog("~n   returned: ~p", [Res]),
+            Res
+    end.
diff --git a/lib/snmp/src/agent/snmpa_supervisor.erl b/lib/snmp/src/agent/snmpa_supervisor.erl
index 5ef5914e18..7a9c214e0d 100644
--- a/lib/snmp/src/agent/snmpa_supervisor.erl
+++ b/lib/snmp/src/agent/snmpa_supervisor.erl
@@ -176,8 +176,8 @@ init([AgentType, Opts]) ->
       "~n   AgentType: ~p"
       "~n   Opts:      ~p", [AgentType, Opts]),
 
-    put(sname, asup),
-    put(verbosity,get_verbosity(Opts)),
+    put(sname,     asup),
+    put(verbosity, get_verbosity(Opts)),
 
     ?vlog("starting",[]),
 
@@ -203,7 +203,12 @@ init([AgentType, Opts]) ->
     Vsns = get_opt(versions, Opts, [v1,v2,v3]),
     ?vdebug("[agent table] store versions: ~p",[Vsns]),
     ets:insert(snmp_agent_table, {versions, Vsns}),
-    
+
+    %% -- Max number of VBs in a Get-BULK response --
+    GbMaxVBs = get_gb_max_vbs(Opts),
+    ?vdebug("[agent table] Get-BULK max VBs: ~p", [GbMaxVBs]),
+    ets:insert(snmp_agent_table, {gb_max_vbs, GbMaxVBs}),
+
     %% -- DB-directory --
     DbDir = get_opt(db_dir, Opts),
     ?vdebug("[agent table] store db_dir: ~n   ~p",[DbDir]),
@@ -377,7 +382,8 @@ init([AgentType, Opts]) ->
 		     {versions,               Vsns},
 		     {net_if,                 NiOpts},
 		     {mib_server,             MibsOpts},
-		     {note_store,             NsOpts}|
+		     {note_store,             NsOpts},
+		     {gb_max_vbs,             GbMaxVBs} |
 		     get_opt(master_agent_options, Opts, [])],
 		     
 		AgentSpec =
@@ -542,6 +548,32 @@ get_verbosity(Opts) ->
 get_agent_type(Opts) ->
     get_opt(agent_type, Opts, master).
 
+
+%% We validate this option! This should really be done for all
+%% options, but it is beyond the scope of this ticket, OTP-9700.
+
+get_gb_max_vbs(Opts) ->
+    Validate = 
+	fun(GbMaxVBs) 
+	   when ((is_integer(GbMaxVBs) andalso (GbMaxVBs > 0)) orelse
+		 (GbMaxVBs =:= infinity)) ->
+		ok;
+	   (_) ->
+		error
+	end,
+    get_option(gb_max_vbs, ?DEFAULT_GB_MAX_VBS, Validate, Opts).
+
+get_option(Key, Default, Validate, Opts) 
+  when is_list(Opts) andalso is_function(Validate) ->
+    Value = get_opt(Key, Opts, Default),
+    case Validate(Value) of
+	ok ->
+	    Value;
+	error ->
+	    exit({bad_option, Key, Value})
+    end.
+    
+
 get_opt(Key, Opts) ->
     snmp_misc:get_option(Key, Opts).
 
diff --git a/lib/snmp/src/agent/snmpa_trap.erl b/lib/snmp/src/agent/snmpa_trap.erl
index 567de020c0..994d926224 100644
--- a/lib/snmp/src/agent/snmpa_trap.erl
+++ b/lib/snmp/src/agent/snmpa_trap.erl
@@ -352,11 +352,26 @@ send_trap(TrapRec, NotifyName, ContextName, Recv, Vbs, ExtraInfo, NetIf) ->
     send_trap(TrapRec, NotifyName, ContextName, Recv, Vbs, 
 	      LocalEngineID, ExtraInfo, NetIf).
 
+%% The agent normally does not care about the result, 
+%% but since it can be usefull when debugging, add 
+%% some info when we fail to send the trap(s).
 send_trap(TrapRec, NotifyName, ContextName, Recv, Vbs, LocalEngineID, 
 	  ExtraInfo, NetIf) ->
-    (catch do_send_trap(TrapRec, NotifyName, ContextName, Recv, Vbs, 
-			LocalEngineID, ExtraInfo, NetIf)).
-
+    try 
+	begin
+	    do_send_trap(TrapRec, NotifyName, ContextName, Recv, Vbs, 
+			 LocalEngineID, ExtraInfo, NetIf)
+	end
+    catch
+	T:E ->
+	    Info = [{args, [TrapRec, NotifyName, ContextName, 
+			    Recv, Vbs, LocalEngineID, ExtraInfo, NetIf]},
+		    {tag,  T},
+		    {err,  E},
+		    {stacktrace, erlang:get_stacktrace()}],
+	    {error, {failed_sending_trap, Info}}
+    end.
+     
 do_send_trap(TrapRec, NotifyName, ContextName, Recv, Vbs, 
 	     LocalEngineID, ExtraInfo, NetIf) ->
     VarbindList = make_varbind_list(Vbs),
@@ -379,8 +394,13 @@ send_discovery(TargetName, Record, ContextName, Vbs, NetIf, ExtraInfo) ->
 
 get_values(VariablesWithType) ->
     {Order, Varbinds} = extract_order(VariablesWithType, 1),
+    ?vtrace("get_values -> "
+	    "~n   Order:    ~p"
+	    "~n   Varbinds: ~p", [Order, Varbinds]),
     case snmpa_agent:do_get(snmpa_acm:get_root_mib_view(), Varbinds, true) of
 	{noError, _, NewVarbinds} ->
+	    ?vtrace("get_values -> values retrieved"
+		    "~n   NewVarbinds: ~p", [NewVarbinds]),
 	    %% NewVarbinds is the result of:
 	    %% first a reverse, then a sort on the oid field and finally 
 	    %% a reverse during the get-processing so we need to re-sort 
diff --git a/lib/snmp/src/agent/snmpa_vacm.erl b/lib/snmp/src/agent/snmpa_vacm.erl
index 892dc265f1..dadcf32543 100644
--- a/lib/snmp/src/agent/snmpa_vacm.erl
+++ b/lib/snmp/src/agent/snmpa_vacm.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2012. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -62,6 +62,13 @@ get_mib_view(ViewType, SecModel, SecName, SecLevel, ContextName) ->
 
 %% Follows the procedure in rfc2275
 auth(ViewType, SecModel, SecName, SecLevel, ContextName) ->
+    ?vtrace("auth -> entry with"
+	    "~n   ViewType:    ~p"
+	    "~n   SecModel:    ~p"
+	    "~n   SecName:     ~p"
+	    "~n   SecLevel:    ~p"
+	    "~n   ContextName: ~p", 
+	    [ViewType, SecModel, SecName, SecLevel, ContextName]),
     % 3.2.1 - Check that the context is known to us
     ?vdebug("check that the context (~p) is known to us",[ContextName]),
     case snmp_view_based_acm_mib:vacmContextTable(get, ContextName,
@@ -74,7 +81,7 @@ auth(ViewType, SecModel, SecName, SecLevel, ContextName) ->
     end,
     % 3.2.2 - Check that the SecModel and SecName is valid
     ?vdebug("check that SecModel (~p) and SecName (~p) is valid",
-	    [SecModel,SecName]),
+	    [SecModel, SecName]),
     GroupName = 
 	case snmp_view_based_acm_mib:get(vacmSecurityToGroupTable, 
 					 [SecModel, length(SecName) | SecName],
@@ -111,6 +118,8 @@ check_auth(Res)                 -> {ok, Res}.
 %% key in the table >= ViewIndex.
 %%-----------------------------------------------------------------
 get_mib_view(ViewName) ->
+    ?vtrace("get_mib_view -> entry with"
+	    "~n   ViewName: ~p", [ViewName]),
     ViewKey = [length(ViewName) | ViewName],
     case snmp_view_based_acm_mib:table_next(vacmViewTreeFamilyTable,
 					    ViewKey) of
@@ -202,6 +211,13 @@ backup(BackupDir) ->
 
 %% Ret: {ok, ViewName} | {error, Reason}
 get_view_name(ViewType, GroupName, ContextName, SecModel, SecLevel) ->
+    ?vtrace("get_view_name -> entry with"
+	    "~n   ViewType:    ~p"
+	    "~n   GroupName:   ~p"
+	    "~n   ContextName: ~p"
+	    "~n   SecModel:    ~p"
+	    "~n   SecLevel:    ~p", 
+	    [ViewType, GroupName, ContextName, SecModel, SecLevel]),
     GroupKey = [length(GroupName) | GroupName],
     case get_access_row(GroupKey, ContextName, SecModel, SecLevel) of
 	undefined ->
@@ -266,9 +282,10 @@ dump_table(true) ->
 dump_table(_) ->
     ok.
 
+
 dump_table() ->
     [{_, FName}] = ets:lookup(snmp_agent_table, snmpa_vacm_file),
-    TmpName = FName ++ ".tmp",
+    TmpName = unique_table_name(FName), 
     case ets:tab2file(snmpa_vacm, TmpName) of
 	ok ->
 	    case file:rename(TmpName, FName) of
@@ -283,6 +300,35 @@ dump_table() ->
 		     [FName, Reason])
     end.
 
+%% This little thing is an attempt to create a "unique" filename
+%% in order to minimize the risk of two processes at the same 
+%% time dumping the table.
+unique_table_name(Pre) ->
+    %% We want something that is guaranteed to be unique, 
+    %% therefor we use erlang:now() instead of os:timestamp()
+    unique_table_name(Pre, erlang:now()).
+
+unique_table_name(Pre, {_A, _B, C} = Now) ->
+    {Date, Time}     = calendar:now_to_datetime(Now),
+    {YYYY, MM, DD}   = Date,
+    {Hour, Min, Sec} = Time,
+    FormatDate =
+        io_lib:format("~.4w~.2.0w~.2.0w_~.2.0w~.2.0w~.2.0w_~w",
+                      [YYYY, MM, DD, Hour, Min, Sec, round(C/1000)]), 
+    unique_table_name2(Pre, FormatDate).
+
+unique_table_name2(Pre, FormatedDate) ->
+    PidPart = unique_table_name_pid(), 
+    lists:flatten(io_lib:format("~s.~s~s.tmp", [Pre, PidPart, FormatedDate])).
+
+unique_table_name_pid() ->
+    case string:tokens(pid_to_list(self()), [$<,$.,$>]) of
+	[A, B, C] ->
+	    A ++ B ++ C ++ ".";
+	_ ->
+	    ""
+    end.
+
 
 %%-----------------------------------------------------------------
 %% Alg.
diff --git a/lib/snmp/src/app/snmp.appup.src b/lib/snmp/src/app/snmp.appup.src
index af988fda26..c8e5eec6db 100644
--- a/lib/snmp/src/app/snmp.appup.src
+++ b/lib/snmp/src/app/snmp.appup.src
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2012. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -22,24 +22,124 @@
 %% ----- U p g r a d e -------------------------------------------------------
 
  [
+  {"4.21.6",
+   [
+    {update, snmpa_local_db, soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_agent,    soft, soft_purge, soft_purge, []}
+   ]
+  },
+  {"4.21.5",
+   [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib,   soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib,     soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap,        soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm,        soft_purge, soft_purge, []}, 
+    {update,      snmpa_local_db,   soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_mib,        soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_agent,      soft, soft_purge, soft_purge, []}
+   ]
+  },
+  {"4.21.4", 
+   [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {update,      snmpa_local_db, soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_agent,    soft, soft_purge, soft_purge, []}
+   ]
+  }, 
+  {"4.21.3", 
+   [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {update,      snmpa_local_db, soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_agent,    soft, soft_purge, soft_purge, []}
+   ]
+  }, 
   {"4.21.2", 
    [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mpd, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update,      snmpa_local_db, soft, soft_purge, soft_purge, []},
+    {update,      snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_agent,    soft, soft_purge, soft_purge, []}
    ]
   }, 
   {"4.21.1", 
    [
-    {update, snmp_note_store, soft, soft_purge, soft_purge, []}
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mpd, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update,      snmpa_local_db,  soft, soft_purge, soft_purge, []},
+    {update,      snmpa_mib,       soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_agent,     soft, soft_purge, soft_purge, []}, 
+    {update,      snmp_note_store, soft, soft_purge, soft_purge, []}
    ]
   }, 
   {"4.21", 
    [
-    {update, snmp_note_store, soft, soft_purge, soft_purge, []}, 
-    {load_module, snmp_target_mib, soft_purge, soft_purge, []}
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mpd, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]},
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update,      snmpa_local_db,  soft, soft_purge, soft_purge, []},
+    {update,      snmpa_mib,       soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_agent,     soft, soft_purge, soft_purge, []}, 
+    {update,      snmp_note_store, soft, soft_purge, soft_purge, []}
    ]
   }, 
   {"4.20.1", 
    [
-    {load_module, snmp_target_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]}, 
     {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
     {load_module, snmpm, soft_purge, soft_purge, 
      [snmpm_server, snmpm_config, snmp_config]}, 
@@ -51,36 +151,172 @@
      [snmp_conf, snmp_config]}, 
     {load_module, snmpa_conf, soft_purge, soft_purge, [snmp_config]}, 
     {update, snmp_note_store, soft, soft_purge, soft_purge, []}, 
-    {update, snmpa_agent, soft, soft_purge, soft_purge, [snmpa_mpd]}, 
-    {update, snmpm_config, soft, soft_purge, soft_purge, [snmp_conf]}, 
-    {update, snmpm_server, soft, soft_purge, soft_purge, 
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update,      snmpa_local_db, soft, soft_purge, soft_purge, []},
+    {update,      snmpa_mib,    soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_agent,  soft, soft_purge, soft_purge, [snmpa_mpd]}, 
+    {update,      snmpm_config, soft, soft_purge, soft_purge, [snmp_conf]}, 
+    {update,      snmpm_server, soft, soft_purge, soft_purge, 
      [snmpm_net_if, snmpm_mpd, snmpm_config]}, 
-    {update, snmpm_net_if, soft, soft_purge, soft_purge, 
+    {update,      snmpm_net_if, soft, soft_purge, soft_purge, 
+     [snmp_conf, snmpm_mpd, snmpm_config]}
+   ]
+  }, 
+  {"4.20", 
+   [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, 
+     [snmpa_mib_lib, snmp_conf]}, 
+    {load_module, snmpm, soft_purge, soft_purge, 
+     [snmpm_server, snmpm_config, snmp_config]}, 
+    {load_module, snmp_conf, soft_purge, soft_purge, []}, 
+    {load_module, snmp_config, soft_purge, soft_purge, []}, 
+    {load_module, snmpm_mpd, soft_purge, soft_purge, 
+     [snmp_conf, snmp_config, snmpm_config]}, 
+    {load_module, snmpa_mpd, soft_purge, soft_purge, 
+     [snmp_conf, snmp_config]}, 
+    {load_module, snmpa_conf, soft_purge, soft_purge, [snmp_config]}, 
+    {update, snmp_note_store, soft, soft_purge, soft_purge, []}, 
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update,      snmpa_local_db, soft, soft_purge, soft_purge, []},
+    {update,      snmpa_mib,    soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_agent, soft, soft_purge, soft_purge, [snmpa_mpd]}, 
+    {update,      snmpm_config, soft, soft_purge, soft_purge, [snmp_conf]}, 
+    {update,      snmpm_server, soft, soft_purge, soft_purge, 
+     [snmpm_net_if, snmpm_mpd, snmpm_config]}, 
+    {update,      snmpm_net_if, soft, soft_purge, soft_purge, 
      [snmp_conf, snmpm_mpd, snmpm_config]}
    ]
-  } 
+  }
  ], 
 
 %% ------D o w n g r a d e ---------------------------------------------------
 
  [
+  {"4.21.6",
+   [
+    {update, snmpa_local_db, soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_agent,    soft, soft_purge, soft_purge, []}
+   ]
+  },
+  {"4.21.5",
+   [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib,   soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib,     soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap,        soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm,        soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_local_db,   soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_mib,        soft, soft_purge, soft_purge, []}, 
+    {update,      snmpa_agent,      soft, soft_purge, soft_purge, []}
+   ]
+  },
+  {"4.21.4", 
+   [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {update, snmpa_local_db, soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_agent,    soft, soft_purge, soft_purge, []}
+   ]
+  }, 
+  {"4.21.3", 
+   [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {update, snmpa_local_db, soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_agent,    soft, soft_purge, soft_purge, []}
+   ]
+  }, 
   {"4.21.2", 
    [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mpd, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update, snmpa_local_db, soft, soft_purge, soft_purge, []},
+    {update, snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_agent,    soft, soft_purge, soft_purge, []}
    ]
   }, 
   {"4.21.1", 
    [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmpa_mib_lib]}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mpd, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update, snmpa_local_db,  soft, soft_purge, soft_purge, []},
+    {update, snmpa_mib,       soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_agent,     soft, soft_purge, soft_purge, []}, 
     {update, snmp_note_store, soft, soft_purge, soft_purge, []}
    ]
   }, 
   {"4.21", 
    [
-    {update, snmp_note_store, soft, soft_purge, soft_purge, []}, 
-    {load_module, snmp_target_mib, soft_purge, soft_purge, []}
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mpd, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, []},
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update, snmpa_local_db,  soft, soft_purge, soft_purge, []},
+    {update, snmpa_mib,       soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_agent,     soft, soft_purge, soft_purge, []}, 
+    {update, snmp_note_store, soft, soft_purge, soft_purge, []}
    ]
   }, 
   {"4.20.1", 
    [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
     {load_module, snmp_target_mib, soft_purge, soft_purge, []}, 
     {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
     {load_module, snmpm, soft_purge, soft_purge, 
@@ -93,7 +329,42 @@
      [snmp_conf, snmp_config]}, 
     {load_module, snmpa_conf, soft_purge, soft_purge, [snmp_config]}, 
     {update, snmp_note_store, soft, soft_purge, soft_purge, []}, 
-    {update, snmpa_agent, soft, soft_purge, soft_purge, [snmpa_mpd]}, 
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update, snmpa_local_db, soft, soft_purge, soft_purge, []},
+    {update, snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_agent,    soft, soft_purge, soft_purge, [snmpa_mpd]}, 
+    {update, snmpm_config, soft, soft_purge, soft_purge, [snmp_conf]}, 
+    {update, snmpm_server, soft, soft_purge, soft_purge, 
+     [snmpm_net_if, snmpm_mpd, snmpm_config]}, 
+    {update, snmpm_net_if, soft, soft_purge, soft_purge, 
+     [snmp_conf, snmpm_mpd, snmpm_config]}
+   ]
+  }, 
+  {"4.20", 
+   [
+    {load_module, snmpa, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_mib_lib, soft_purge, soft_purge, []}, 
+    {update,      snmpa_supervisor, soft, soft_purge, soft_purge, []}, 
+
+    {load_module, snmpa_vacm, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_set_lib, soft_purge, soft_purge, []}, 
+    {load_module, snmpa_trap, soft_purge, soft_purge, []}, 
+    {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, []}, 
+    {load_module, snmp_target_mib, soft_purge, soft_purge, [snmp_conf]}, 
+    {load_module, snmpm, soft_purge, soft_purge, 
+     [snmpm_server, snmpm_config, snmp_config]}, 
+    {load_module, snmp_conf, soft_purge, soft_purge, []}, 
+    {load_module, snmp_config, soft_purge, soft_purge, []}, 
+    {load_module, snmpm_mpd, soft_purge, soft_purge, 
+     [snmp_conf, snmp_config, snmpm_config]}, 
+    {load_module, snmpa_mpd, soft_purge, soft_purge, 
+     [snmp_conf, snmp_config]}, 
+    {load_module, snmpa_conf, soft_purge, soft_purge, [snmp_config]}, 
+    {update, snmp_note_store, soft, soft_purge, soft_purge, []}, 
+    {load_module, snmp_generic_mnesia, soft_purge, soft_purge, []}, 
+    {update, snmpa_local_db, soft, soft_purge, soft_purge, []},
+    {update, snmpa_mib,      soft, soft_purge, soft_purge, []}, 
+    {update, snmpa_agent,    soft, soft_purge, soft_purge, [snmpa_mpd]}, 
     {update, snmpm_config, soft, soft_purge, soft_purge, [snmp_conf]}, 
     {update, snmpm_server, soft, soft_purge, soft_purge, 
      [snmpm_net_if, snmpm_mpd, snmpm_config]}, 
diff --git a/lib/snmp/src/compile/snmpc.src b/lib/snmp/src/compile/snmpc.src
index 868e0929b4..6eb95be35e 100644
--- a/lib/snmp/src/compile/snmpc.src
+++ b/lib/snmp/src/compile/snmpc.src
@@ -401,7 +401,6 @@ usage() ->
 e(Reason) ->
     throw({error, Reason}).
 
-
 otp_release() ->
     system_info(otp_release, string).
 
@@ -414,4 +413,3 @@ system_info(Tag, Type) ->
         Info ->
             lists:flatten(io_lib:format("~w", [Info]))
     end.
-
diff --git a/lib/snmp/src/misc/snmp_note_store.erl b/lib/snmp/src/misc/snmp_note_store.erl
index 23fccf8a5f..608fdcd9ca 100644
--- a/lib/snmp/src/misc/snmp_note_store.erl
+++ b/lib/snmp/src/misc/snmp_note_store.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/snmp/test/snmp_agent_test.erl b/lib/snmp/test/snmp_agent_test.erl
index 468280db02..e968bc65b1 100644
--- a/lib/snmp/test/snmp_agent_test.erl
+++ b/lib/snmp/test/snmp_agent_test.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -92,7 +92,8 @@ all() ->
     Conf1 ++ Conf2.
 
 groups() -> 
-    [{all_tcs, [], cases()},
+    [
+     {all_tcs, [], cases()},
      {mib_storage, [],
       [
        {group, mib_storage_ets}, 
@@ -221,7 +222,7 @@ groups() ->
        {group, otp_7157}
       ]
      },
-     {tickets2, [], [otp8395]},
+     {tickets2, [], [otp8395, otp9884]},
      {otp_4394, [], [otp_4394_test]},
      {otp_7157, [], [otp_7157_test]
      }
@@ -321,6 +322,12 @@ init_per_testcase(otp8395 = Case, Config) when is_list(Config) ->
 	 "~n   Config: ~p", [Case, Config]),
     Config2 = init_per_testcase2(Case, init_per_suite(Config)), 
     otp8395({init, Config2});
+init_per_testcase(otp9884 = Case, Config) when is_list(Config) ->
+    ?DBG("init_per_testcase -> entry with"
+	 "~n   Case:   ~p"
+	 "~n   Config: ~p", [Case, Config]),
+    Config2 = init_per_testcase2(Case, init_per_suite(Config)), 
+    otp9884({init, Config2});
 init_per_testcase(otp_7157_test = _Case, Config) when is_list(Config) ->
     ?DBG("init_per_testcase -> entry with"
 	 "~n   Case:   ~p"
@@ -348,6 +355,8 @@ init_per_testcase(_Case, Config) when is_list(Config) ->
 
 end_per_testcase(otp8395, Config) when is_list(Config) ->
     otp8395({fin, Config});
+end_per_testcase(otp9884, Config) when is_list(Config) ->
+    otp9884({fin, Config});
 end_per_testcase(_Case, Config) when is_list(Config) ->
     ?DBG("end_per_testcase -> entry with"
 	 "~n   Case:   ~p"
@@ -1320,8 +1329,11 @@ finish_v3(Config) when is_list(Config) ->
     lists:keydelete(vsn, 1, C1).
 
 
-mt_cases() -> 
-[multi_threaded, mt_trap].
+mt_cases() ->
+    [
+     multi_threaded, 
+     mt_trap
+    ].
 
 init_mt(Config) when is_list(Config) ->
     SaNode = ?config(snmp_sa, Config),
@@ -1498,7 +1510,8 @@ mt_trap(Config) when is_list(Config) ->
     ?line load_master("TestTrapv2"),
     try_test(mt_trap_test, [MA]),
     ?line unload_master("TestTrapv2"),
-    ?line unload_master("Test1").
+    ?line unload_master("Test1"),
+    ok.
 
 v2_types(suite) -> [];
 v2_types(Config) when is_list(Config) ->
@@ -3134,8 +3147,9 @@ mt_trap_test(MA) ->
     ?DBG("mt_trap_test(01) -> issue testTrapv22 (standard trap)", []),
     snmpa:send_trap(MA, testTrapv22, "standard trap"),
     ?DBG("mt_trap_test(02) -> await v2trap", []),
-    ?line expect(1, v2trap, [{[sysUpTime, 0], any},
-			     {[snmpTrapOID, 0], ?system ++ [0,1]}]),
+    ?line expect(mt_trap_test_1, v2trap, 
+		 [{[sysUpTime, 0],   any},
+		  {[snmpTrapOID, 0], ?system ++ [0,1]}]),
 
     ?DBG("mt_trap_test(03) -> issue mtTrap (standard trap)", []),
     snmpa:send_trap(MA, mtTrap, "standard trap"),
@@ -3143,28 +3157,22 @@ mt_trap_test(MA) ->
     ?DBG("mt_trap_test(04) -> multi pid: ~p. Now request sysUpTime...", [Pid]),
     g([[sysUpTime,0]]),
 
-    %% Previously (before OTP-6784) this was done at 09 below 
-    %% when the test1:multiStr was actually executed by the 
-    %% worker-process, but as of 4.9.4, this is now executed
-    %% my the master_agent-process...
-    ?DBG("mt_trap_test(05) -> send continue to multi-pid", []),
-    Pid ! continue,
-
     ?DBG("mt_trap_test(06) -> await sysUpTime", []),
-    ?line expect(2, [{[sysUpTime,0], any}]),
+    ?line expect(mt_trap_test_2, [{[sysUpTime,0], any}]),
     ?DBG("mt_trap_test(07) -> issue testTrapv22 (standard trap)", []),
     snmpa:send_trap(MA, testTrapv22, "standard trap"),
     ?DBG("mt_trap_test(08) -> await v2trap", []),
-    ?line expect(3, v2trap, [{[sysUpTime, 0], any},
-			     {[snmpTrapOID, 0], ?system ++ [0,1]}]),
+    ?line expect(mt_trap_test_3, v2trap, 
+		 [{[sysUpTime, 0],   any}, 
+		  {[snmpTrapOID, 0], ?system ++ [0,1]}]),
 
-    %% ?DBG("mt_trap_test(09) -> send continue to multi-pid", []),
-    %% Pid ! continue,
+    ?DBG("mt_trap_test(09) -> send continue to multi-pid", []),
+    Pid ! continue,
 
     ?DBG("mt_trap_test(10) -> await v2trap", []),
-    ?line expect(4, v2trap, [{[sysUpTime, 0], any},
-			     {[snmpTrapOID, 0], ?testTrap ++ [2]},
-			     {[multiStr,0], "ok"}]),
+    ?line expect(mt_trap_test_4, v2trap, [{[sysUpTime, 0], any},
+					  {[snmpTrapOID, 0], ?testTrap ++ [2]},
+					  {[multiStr,0], "ok"}]),
     ?DBG("mt_trap_test(11) -> done", []),
     ok.
 
@@ -3563,53 +3571,82 @@ do_mul_set_err() ->
 %% Req. SA-MIB
 sa_mib() ->
     g([[sa, [2,0]]]),
-    ?line expect(1, [{[sa, [2,0]], 3}]),
+    ?line expect(sa_mib_1, [{[sa, [2,0]], 3}]),
     s([{[sa, [1,0]], s, "sa_test"}]),
-    ?line expect(2, [{[sa, [1,0]], "sa_test"}]).
+    ?line expect(sa_mib_2, [{[sa, [1,0]], "sa_test"}]),
+    ok.
 
 ma_trap1(MA) ->
     ok = snmpa:send_trap(MA, testTrap2, "standard trap"), 
-    ?line expect(1, trap, [system], 6, 1, [{[system, [4,0]],
-				    "{mbj,eklas}@erlang.ericsson.se"}]),
+    ?line expect(ma_trap1_1, 
+		 trap, [system], 6, 1, [{[system, [4,0]],
+					 "{mbj,eklas}@erlang.ericsson.se"}]),
     ok = snmpa:send_trap(MA, testTrap1, "standard trap"),
-    ?line expect(2, trap, [1,2,3] , 1, 0, [{[system, [4,0]],
-				      "{mbj,eklas}@erlang.ericsson.se"}]).
+    ?line expect(ma_trap1_2, 
+		 trap, [1,2,3] , 1, 0, [{[system, [4,0]],
+					 "{mbj,eklas}@erlang.ericsson.se"}]),
+    ok.
 
 ma_trap2(MA) ->
     snmpa:send_trap(MA,testTrap2,"standard trap",[{sysContact,"pelle"}]),
-    ?line expect(3, trap, [system], 6, 1, [{[system, [4,0]], "pelle"}]).
+    ?line expect(ma_trap2_3, 
+		 trap, [system], 6, 1, [{[system, [4,0]], "pelle"}]),
+    ok.
 
 ma_v2_2_v1_trap(MA) ->
     snmpa:send_trap(MA,testTrapv22,"standard trap",[{sysContact,"pelle"}]),
-    ?line expect(3, trap, [system], 6, 1, [{[system, [4,0]], "pelle"}]).    
+    ?line expect(ma_v2_2_v1_trap_3, 
+		 trap, [system], 6, 1, [{[system, [4,0]], "pelle"}]),
+    ok.    
 
 ma_v2_2_v1_trap2(MA) ->
     snmpa:send_trap(MA,linkUp,"standard trap",[{ifIndex, [1], 1},
 					      {ifAdminStatus, [1], 1},
 					      {ifOperStatus, [1], 2}]),
-    ?line expect(3, trap, [1,2,3], 3, 0, [{[ifIndex, 1], 1},
-					 {[ifAdminStatus, 1], 1},
-					 {[ifOperStatus, 1], 2}]).    
+    ?line expect(ma_v2_2_v1_trap2_3, 
+		 trap, [1,2,3], 3, 0, [{[ifIndex, 1], 1},
+				       {[ifAdminStatus, 1], 1},
+				       {[ifOperStatus, 1], 2}]),
+    ok.
 
 sa_trap1(SA) ->
-    snmpa:send_trap(SA, saTrap, "standard trap"),
-    ?line expect(4, trap, [ericsson], 6, 1, [{[system, [4,0]],
-				      "{mbj,eklas}@erlang.ericsson.se"},
-				     {[sa, [1,0]], "sa_test"}]).
+    %% io:format("sa_trap1 -> entry with"
+    %% 	      "~n   SA:       ~p"
+    %% 	      "~n   node(SA): ~p"
+    %% 	      "~n   self():   ~p"
+    %% 	      "~n   node():   ~p"
+    %% 	      "~n", [SA, node(SA), self(), node()]),
+    _VRes  = (catch snmpa:verbosity(SA, {subagents, trace})),
+    %% io:format("sa_trap1 -> SA verbosity set: "
+    %% 	      "~n   VRes: ~p"
+    %% 	      "~n", [VRes]),
+    _TSRes = (catch snmpa:send_trap(SA, saTrap, "standard trap")),
+    %% io:format("sa_trap1 -> SA trap send: "
+    %% 	      "~n   TSRes: ~p"
+    %% 	      "~n", [TSRes]),
+    ?line expect(sa_trap1_4, 
+		 trap, [ericsson], 6, 1, [{[system, [4,0]],
+					   "{mbj,eklas}@erlang.ericsson.se"},
+					  {[sa, [1,0]], "sa_test"}]),
+    snmpa:verbosity(SA, {subagents, silence}),
+    ok.
 
 sa_trap2(SA) ->
     snmpa:send_trap(SA, saTrap, "standard trap",[{sysContact,"pelle"}]),
-    ?line expect(5, trap, [ericsson], 6, 1, [{[system, [4,0]],
-				      "pelle"},
-				     {[sa, [1,0]], "sa_test"}]).
+    ?line expect(sa_trap2_5, 
+		 trap, [ericsson], 6, 1, [{[system, [4,0]], "pelle"},
+					  {[sa, [1,0]], "sa_test"}]),
+    ok.
 
 sa_trap3(SA) ->
     snmpa:send_trap(SA, saTrap2, "standard trap",
 			 [{intViewSubtree, [4], [1,2,3,4]}]),
-    ?line expect(6, trap, [ericsson], 6, 2, [{[system, [4,0]],
-				      "{mbj,eklas}@erlang.ericsson.se"},
-				     {[sa, [1,0]], "sa_test"},
-				     {[intViewSubtree,4],[1,2,3,4]}]).
+    ?line expect(sa_trap3_6, 
+		 trap, [ericsson], 6, 2, [{[system, [4,0]],
+					   "{mbj,eklas}@erlang.ericsson.se"},
+					  {[sa, [1,0]], "sa_test"},
+					  {[intViewSubtree,4],[1,2,3,4]}]),
+    ok.
 
 ma_v2_trap1(MA) ->
     ?DBG("ma_v2_traps -> entry with MA = ~p => "
@@ -4029,33 +4066,42 @@ ma_v1_2_v2_trap2(MA) ->
     
 
 sa_v1_2_v2_trap1(SA) ->
+    snmpa:verbosity(SA, {subagents, trace}),
     snmpa:send_trap(SA, saTrap, "standard trap"),
-    ?line expect(4, v2trap, [{[sysUpTime, 0], any},
-			     {[snmpTrapOID, 0], ?ericsson ++ [0, 1]},
-			     {[system, [4,0]],
-			      "{mbj,eklas}@erlang.ericsson.se"},
-			     {[sa, [1,0]], "sa_test"},
-			     {[snmpTrapEnterprise, 0], ?ericsson}]).
+    ?line expect(trap1_4, v2trap, [{[sysUpTime, 0], any},
+				   {[snmpTrapOID, 0], ?ericsson ++ [0, 1]},
+				   {[system, [4,0]],
+				    "{mbj,eklas}@erlang.ericsson.se"},
+				   {[sa, [1,0]], "sa_test"},
+				   {[snmpTrapEnterprise, 0], ?ericsson}]),
+    snmpa:verbosity(SA, {subagents, silence}),
+    ok.
 
 sa_v1_2_v2_trap2(SA) ->
+    snmpa:verbosity(SA, {subagents, trace}),
     snmpa:send_trap(SA, saTrap, "standard trap",[{sysContact,"pelle"}]),
-    ?line expect(4, v2trap, [{[sysUpTime, 0], any},
-			     {[snmpTrapOID, 0], ?ericsson ++ [0, 1]},
-			     {[system, [4,0]], "pelle"},
-			     {[sa, [1,0]], "sa_test"},
-			     {[snmpTrapEnterprise, 0], ?ericsson}]).
-			     
+    ?line expect(trap2_4, v2trap, [{[sysUpTime, 0], any},
+				   {[snmpTrapOID, 0], ?ericsson ++ [0, 1]},
+				   {[system, [4,0]], "pelle"},
+				   {[sa, [1,0]], "sa_test"},
+				   {[snmpTrapEnterprise, 0], ?ericsson}]),
+    snmpa:verbosity(SA, {subagents, silence}),
+    ok.
+
 
 sa_v1_2_v2_trap3(SA) ->
+    snmpa:verbosity(SA, {subagents, trace}),
     snmpa:send_trap(SA, saTrap2, "standard trap",
 			 [{intViewSubtree, [4], [1,2,3,4]}]),
-    ?line expect(4, v2trap, [{[sysUpTime, 0], any},
-			     {[snmpTrapOID, 0], ?ericsson ++ [0, 2]},
-			     {[system, [4,0]],
-			      "{mbj,eklas}@erlang.ericsson.se"},
-			     {[sa, [1,0]], "sa_test"},
-			     {[intViewSubtree,4],[1,2,3,4]},
-			     {[snmpTrapEnterprise, 0], ?ericsson}]).
+    ?line expect(trap3_4, v2trap, [{[sysUpTime, 0], any},
+				   {[snmpTrapOID, 0], ?ericsson ++ [0, 2]},
+				   {[system, [4,0]],
+				    "{mbj,eklas}@erlang.ericsson.se"},
+				   {[sa, [1,0]], "sa_test"},
+				   {[intViewSubtree,4],[1,2,3,4]},
+				   {[snmpTrapEnterprise, 0], ?ericsson}]),
+    snmpa:verbosity(SA, {subagents, silence}),
+    ok.
 			     
 
 %% Req. SA-MIB, OLD-SNMPEA-MIB
@@ -4195,9 +4241,9 @@ snmp_standard_mib(Config) when is_list(Config) ->
 
 %% Req. SNMP-STANDARD-MIB
 standard_mib_a() ->
-    ?line [OutPkts] = get_req(2, [[snmpOutPkts,0]]),
+    ?line [OutPkts]  = get_req(2, [[snmpOutPkts,0]]),
     ?line [OutPkts2] = get_req(3, [[snmpOutPkts,0]]),
-    ?line OutPkts2 = OutPkts + 1,
+    ?line OutPkts2   = OutPkts + 1,
     %% There are some more counters we could test here, but it's not that
     %% important, since they are removed from SNMPv2-MIB.
     ok.
@@ -4207,27 +4253,27 @@ std_mib_init() ->
     %% disable authentication failure traps.  (otherwise w'd get many of
     %% them - this is also a test to see that it works).
     s([{[snmpEnableAuthenTraps,0], 2}]),
-    ?line expect(1, [{[snmpEnableAuthenTraps, 0], 2}]).
+    ?line expect(std_mib_init_1, [{[snmpEnableAuthenTraps, 0], 2}]).
 
 %% Req. SNMP-STANDARD-MIB | SNMPv2-MIB
 std_mib_finish() ->
     %% enable again
     s([{[snmpEnableAuthenTraps,0], 1}]),
-    ?line expect(1, [{[snmpEnableAuthenTraps, 0], 1}]).
+    ?line expect(std_mib_finish_1, [{[snmpEnableAuthenTraps, 0], 1}]).
 
 %% Req. SNMP-STANDARD-MIB
 standard_mib_test_finish() ->
-    %% force a authenticationFailure
+    %% force a authenticationFailure (should result in a trap)
     std_mib_write(),
     %% check that we got a trap
-    ?line expect(2, trap, [1,2,3], 4, 0, []).
+    ?line expect(standard_mib_test_finish_2, trap, [1,2,3], 4, 0, []).
 
 %% Req. SNMP-STANDARD-MIB | SNMPv2-MIB
 std_mib_read() ->
     ?DBG("std_mib_read -> entry", []),
     g([[sysUpTime,0]]), % try a bad <something>; msg dropped, no reply
     ?DBG("std_mib_read -> await timeout (i.e. no reply)", []),
-    ?line expect(1, timeout). % make sure we don't get a trap!
+    ?line expect(std_mib_read_1, timeout). % make sure we don't get a trap!
 
 
 %% Req. SNMP-STANDARD-MIB | SNMPv2-MIB
@@ -4362,10 +4408,10 @@ std_mib_c({InBadCommunityNames, InBadCommunityUses, InASNErrs}) ->
 snmpv2_mib_a() ->
     ?line [SetSerial] = get_req(2, [[snmpSetSerialNo,0]]),
     s([{[snmpSetSerialNo,0], SetSerial}, {[sysLocation, 0], "val2"}]),
-    ?line expect(3, [{[snmpSetSerialNo,0], SetSerial},
-		     {[sysLocation, 0], "val2"}]),
+    ?line expect(snmpv2_mib_a_3, [{[snmpSetSerialNo,0], SetSerial},
+				  {[sysLocation, 0], "val2"}]),
     s([{[sysLocation, 0], "val3"}, {[snmpSetSerialNo,0], SetSerial}]),
-    ?line expect(4, inconsistentValue, 2,
+    ?line expect(snmpv2_mib_a_4, inconsistentValue, 2,
 		 [{[sysLocation, 0], "val3"},
 		  {[snmpSetSerialNo,0], SetSerial}]),
     ?line ["val2"] = get_req(5, [[sysLocation,0]]).
@@ -4688,46 +4734,46 @@ snmp_view_based_acm_mib() ->
 
 do_set(Row) ->
     s(Row),
-    expect(1, Row).
+    expect(do_set_1, Row).
     
 add_row(RowStatus) ->
     s([{RowStatus, ?createAndGo}]),
-    expect(1, [{RowStatus, ?createAndGo}]).
+    expect(add_row_1, [{RowStatus, ?createAndGo}]).
 
 del_row(RowStatus) ->
     s([{RowStatus, ?destroy}]),
-    expect(1, [{RowStatus, ?destroy}]).
+    expect(del_row_1, [{RowStatus, ?destroy}]).
     
     
 
 use_no_rights() ->
     g([[xDescr,0]]),
-    ?v1_2_3(expect(11, noSuchName, 1, any),
-	    expect(12, [{[xDescr,0], noSuchObject}]),
-	    expect(13, authorizationError, 1, any)),
+    ?v1_2_3(expect(use_no_rights_11, noSuchName, 1, any),
+	    expect(use_no_rights_12, [{[xDescr,0], noSuchObject}]),
+	    expect(use_no_rights_13, authorizationError, 1, any)),
     g([[xDescr2,0]]),
-    ?v1_2_3(expect(21, noSuchName, 1, any),
-	    expect(22, [{[xDescr2,0], noSuchObject}]),
-	    expect(23, authorizationError, 1, any)),
+    ?v1_2_3(expect(use_no_rights_21, noSuchName, 1, any),
+	    expect(use_no_rights_22, [{[xDescr2,0], noSuchObject}]),
+	    expect(use_no_rights_23, authorizationError, 1, any)),
     gn([[xDescr]]),
-    ?v1_2_3(expect(31, noSuchName, 1, any),
-	    expect(32, [{[xDescr], endOfMibView}]),
-	    expect(33, authorizationError, 1, any)),
+    ?v1_2_3(expect(use_no_rights_31, noSuchName, 1, any),
+	    expect(use_no_rights_32, [{[xDescr], endOfMibView}]),
+	    expect(use_no_rights_33, authorizationError, 1, any)),
     s([{[xDescr,0], "tryit"}]),
-    ?v1_2_3(expect(41, noSuchName, 1, any),
-	    expect(42, noAccess, 1, any),
-	    expect(43, authorizationError, 1, any)).
+    ?v1_2_3(expect(use_no_rights_41, noSuchName, 1, any),
+	    expect(use_no_rights_42, noAccess, 1, any),
+	    expect(use_no_rights_43, authorizationError, 1, any)).
 
 
 use_rights() ->
     g([[xDescr,0]]),
-    expect(1, [{[xDescr,0], any}]),
+    expect(use_rights_1, [{[xDescr,0], any}]),
     g([[xDescr2,0]]),
-    expect(2, [{[xDescr2,0], any}]),
+    expect(use_rights_2, [{[xDescr2,0], any}]),
     s([{[xDescr,0], "tryit"}]),
-    expect(3, noError, 0, any),
+    expect(use_rights_3, noError, 0, any),
     g([[xDescr,0]]),
-    expect(4, [{[xDescr,0], "tryit"}]).
+    expect(use_rights_4, [{[xDescr,0], "tryit"}]).
 
 mk_ln(X) ->
     [length(X) | X].
@@ -5200,16 +5246,6 @@ loop_it_2(Oid, N) ->
 %%%-----------------------------------------------------------------
 
 
-
-
-
-%% These are (ticket) test cases where the initiation has to be done
-%% individually.
-
-
-
-
-
 %%-----------------------------------------------------------------
 %% Ticket: OTP-1128
 %% Slogan: Bug in handling of createAndWait set-requests.
@@ -5850,7 +5886,7 @@ otp_7157_test1(MA) ->
 otp8395({init, Config}) when is_list(Config) ->
     ?DBG("otp8395(init) -> entry with"
 	 "~n   Config: ~p", [Config]),
-    
+
     %% -- 
     %% Start nodes
     %% 
@@ -5858,7 +5894,7 @@ otp8395({init, Config}) when is_list(Config) ->
     {ok, AgentNode}    = start_node(agent),
     %% {ok, SubAgentNode} = start_node(sub_agent),
     {ok, ManagerNode}  = start_node(manager),
-    
+
     %% -- 
     %% Mnesia init
     %% 
@@ -5866,10 +5902,10 @@ otp8395({init, Config}) when is_list(Config) ->
     AgentDbDir = ?config(agent_db_dir, Config),
     AgentMnesiaDir = filename:join([AgentDbDir, "mnesia"]),
     mnesia_init(AgentNode, AgentMnesiaDir),
-    
-%%     SubAgentDir = ?config(sub_agent_dir, Config),
-%%     SubAgentMnesiaDir = filename:join([SubAgentDir, "mnesia"]),
-%%     mnesia_init(SubAgentNode, SubAgentMnesiaDir),
+
+    %% SubAgentDir = ?config(sub_agent_dir, Config),
+    %% SubAgentMnesiaDir = filename:join([SubAgentDir, "mnesia"]),
+    %% mnesia_init(SubAgentNode, SubAgentMnesiaDir),
 
     %% ok = mnesia_create_schema(AgentNode, [AgentNode, SubAgentNode]), 
     %% ok = mnesia:create_schema([AgentNode, SubAgentNode]),
@@ -5894,12 +5930,12 @@ otp8395({init, Config}) when is_list(Config) ->
     %% SubAgentIP        = tuple_to_list(SubAgentIP0), 
     {ok, ManagerIP0}  = snmp_misc:ip(ManagerHost),
     ManagerIP         = tuple_to_list(ManagerIP0),
-    
+
 
     %% --
     %% Write agent config
     %% 
-    
+
     Vsns           = [v1], 
     AgentConfDir   = ?config(agent_conf_dir, Config),
     ManagerConfDir = ?config(manager_top_dir, Config),
@@ -5923,7 +5959,7 @@ otp8395({init, Config}) when is_list(Config) ->
 			   {manager_node,  ManagerNode},
 			   {manager_host,  ManagerHost}, 
 			   {manager_ip,    ManagerIP}|Config]),
-    
+
     %% -- 
     %% Create watchdog 
     %% 
@@ -5935,7 +5971,7 @@ otp8395({init, Config}) when is_list(Config) ->
 otp8395({fin, Config}) when is_list(Config) ->
     ?DBG("otp8395(fin) -> entry with"
 	 "~n   Config: ~p", [Config]),
-    
+
     AgentNode   = ?config(agent_node, Config),
     ManagerNode = ?config(manager_node, Config),
 
@@ -5943,11 +5979,11 @@ otp8395({fin, Config}) when is_list(Config) ->
     %% Stop agent (this is the nice way to do it, 
     %% so logs and files can be closed in the proper way).
     %% 
-    
+
     AgentSup = ?config(agent_sup, Config),
     ?DBG("otp8395(fin) -> stop (stand-alone) agent: ~p", [AgentSup]),
     stop_stdalone_agent(AgentSup), 
-    
+
     %% - 
     %% Stop mnesia
     %% 
@@ -5963,8 +5999,8 @@ otp8395({fin, Config}) when is_list(Config) ->
     stop_node(AgentNode),
 
 
-%%     SubAgentNode = ?config(sub_agent_node, Config),
-%%     stop_node(SubAgentNode),
+    %% SubAgentNode = ?config(sub_agent_node, Config),
+    %% stop_node(SubAgentNode),
 
 
     %% - 
@@ -5984,7 +6020,7 @@ otp8395(doc) ->
 otp8395(Config) when is_list(Config) ->
     ?DBG("otp8395 -> entry with"
 	 "~n   Config: ~p", [Config]),
-    
+
     ?SLEEP(1000),
 
     %% This is just to dirty trick for the ***old*** test-code
@@ -6002,8 +6038,8 @@ otp8395(Config) when is_list(Config) ->
     {ok, LogInfo} = rpc:call(AgentNode, snmpa, log_info, []),
     ?DBG("otp8395 -> LogInfo: ~p", [LogInfo]), 
 
-%%     SyncRes = rpc:call(AgentNode, snmp, log_sync, [?audit_trail_log_name]),
-%%     ?DBG("otp8395 -> SyncRes: ~p", [SyncRes]), 
+    %% SyncRes = rpc:call(AgentNode, snmp, log_sync, [?audit_trail_log_name]),
+    %% ?DBG("otp8395 -> SyncRes: ~p", [SyncRes]), 
 
     ok = agent_log_validation(AgentNode),
     LTTRes = 
@@ -6013,7 +6049,195 @@ otp8395(Config) when is_list(Config) ->
     ?SLEEP(1000),
     ?DBG("otp8395 -> done", []),
     ok.
-		    
+
+
+%%-----------------------------------------------------------------
+
+otp9884({init, Config}) when is_list(Config) ->
+    ?DBG("otp9884(init) -> entry with"
+	 "~n   Config: ~p", [Config]),
+
+    %% -- 
+    %% Start nodes
+    %% 
+
+    {ok, AgentNode}   = start_node(agent),
+
+    %% We don't use a manager in this test but the (common) config 
+    %% function takes an argument that is derived from this
+    {ok, ManagerNode} = start_node(manager), 
+
+    %% -- 
+    %% Mnesia init
+    %% 
+
+    AgentDbDir = ?config(agent_db_dir, Config),
+    AgentMnesiaDir = filename:join([AgentDbDir, "mnesia"]),
+    mnesia_init(AgentNode, AgentMnesiaDir),
+
+    mnesia_create_schema(AgentNode, [AgentNode]),
+
+    mnesia_start(AgentNode),
+
+    %% --
+    %% Host & IP
+    %% 
+
+    AgentHost   = ?HOSTNAME(AgentNode),
+    ManagerHost = ?HOSTNAME(ManagerNode),
+
+    Host              = snmp_test_lib:hostname(), 
+    Ip                = ?LOCALHOST(),
+    {ok, AgentIP0}    = snmp_misc:ip(AgentHost),
+    AgentIP           = tuple_to_list(AgentIP0), 
+    {ok, ManagerIP0}  = snmp_misc:ip(ManagerHost),
+    ManagerIP         = tuple_to_list(ManagerIP0),
+
+
+    %% --
+    %% Write agent config
+    %% 
+
+    Vsns           = [v1], 
+    ManagerConfDir = ?config(manager_top_dir, Config),
+    AgentConfDir   = ?config(agent_conf_dir, Config),
+    AgentTopDir    = ?config(agent_top_dir, Config),
+    AgentBkpDir1   = filename:join([AgentTopDir, backup1]),
+    AgentBkpDir2   = filename:join([AgentTopDir, backup2]),
+    ok = file:make_dir(AgentBkpDir1),
+    ok = file:make_dir(AgentBkpDir2),
+    AgentBkpDirs = [AgentBkpDir1, AgentBkpDir2], 
+    snmp_agent_test_lib:config(Vsns, 
+			       ManagerConfDir, AgentConfDir, 
+			       ManagerIP, AgentIP),
+
+
+    %% --
+    %% Start the agent
+    %% 
+
+    Config2 = start_agent([{host,              Host}, 
+			   {ip,                Ip}, 
+			   {agent_node,        AgentNode}, 
+			   {agent_host,        AgentHost}, 
+			   {agent_ip,          AgentIP}, 
+			   {agent_backup_dirs, AgentBkpDirs}|Config]),
+
+    %% -- 
+    %% Create watchdog 
+    %% 
+
+    Dog = ?WD_START(?MINS(1)),
+
+    [{watchdog, Dog} | Config2];
+
+otp9884({fin, Config}) when is_list(Config) ->
+    ?DBG("otp9884(fin) -> entry with"
+	 "~n   Config: ~p", [Config]),
+
+    AgentNode   = ?config(agent_node, Config),
+    ManagerNode = ?config(manager_node, Config),
+
+    %% -
+    %% Stop agent (this is the nice way to do it, 
+    %% so logs and files can be closed in the proper way).
+    %% 
+
+    AgentSup = ?config(agent_sup, Config),
+    ?DBG("otp9884(fin) -> stop (stand-alone) agent: ~p", [AgentSup]),
+    stop_stdalone_agent(AgentSup), 
+
+    %% - 
+    %% Stop mnesia
+    %% 
+    ?DBG("otp9884(fin) -> stop mnesia", []),
+    mnesia_stop(AgentNode),
+
+
+    %% - 
+    %% Stop the agent node
+    %% 
+
+    ?DBG("otp9884(fin) -> stop agent node", []),
+    stop_node(AgentNode),
+
+
+    %%     SubAgentNode = ?config(sub_agent_node, Config),
+    %%     stop_node(SubAgentNode),
+
+
+    %% - 
+    %% Stop the manager node
+    %% 
+
+    ?DBG("otp9884(fin) -> stop manager node", []),
+    stop_node(ManagerNode),
+
+    Dog = ?config(watchdog, Config),
+    ?WD_STOP(Dog),
+    lists:keydelete(watchdog, 1, Config);
+
+otp9884(doc) ->
+    "OTP-9884 - Simlutaneous backup call should not work. ";
+
+otp9884(Config) when is_list(Config) ->
+    ?DBG("otp9884 -> entry with"
+	 "~n   Config: ~p", [Config]),
+
+    AgentNode = ?config(agent_node, Config),
+    [AgentBkpDir1, AgentBkpDir2] = ?config(agent_backup_dirs, Config),
+    Self = self(), 
+    timer:apply_after(1000, 
+		      ?MODULE, otp9884_backup, [AgentNode, Self, first,  AgentBkpDir1]), 
+    timer:apply_after(1000, 
+		      ?MODULE, otp9884_backup, [AgentNode, Self, second, AgentBkpDir2]),
+    otp9884_await_backup_completion(undefined, undefined),
+
+    ?DBG("otp9884 -> done", []),
+    ok.
+
+
+otp9884_backup(Node, Pid, Tag, Dir) ->
+    io:format("[~w] call backup function~n", [Tag]),
+    Res = rpc:call(Node, snmpa, backup, [Dir]),
+    io:format("[~w] backup result: ~p~n", [Tag, Res]),
+    Pid ! {otp9884_backup_complete, Tag, Res}.
+
+otp9884_await_backup_completion(ok, Second) 
+  when ((Second =/= ok) andalso (Second =/= undefined)) ->
+    io:format("otp9884_await_backup_completion -> "
+	      "first backup succeed and second failed (~p)~n", [Second]),
+    ok;
+otp9884_await_backup_completion(First, ok) 
+  when ((First =/= ok) andalso (First =/= undefined)) ->
+    io:format("otp9884_await_backup_completion -> "
+	      "second backup succeed and first failed (~p)~n", [First]),
+    ok;
+otp9884_await_backup_completion(First, Second) 
+  when (((First =:= undefined) andalso (Second =:= undefined)) 
+	orelse 
+	((First =:= undefined) andalso (Second =/= undefined)) 
+	orelse 
+	((First =/= undefined) andalso (Second =:= undefined))) ->
+    io:format("otp9884_await_backup_completion -> await complete messages~n", []),
+    receive
+	{otp9884_backup_complete, first, Res} ->
+	    io:format("otp9884_await_backup_completion -> "
+		      "received complete message for first: ~p~n", [Res]),
+	    otp9884_await_backup_completion(Res, Second);
+	{otp9884_backup_complete, second, Res} ->
+	    io:format("otp9884_await_backup_completion -> "
+		      "received complete message for second: ~p~n", [Res]),
+	    otp9884_await_backup_completion(First, Res)
+    after 10000 ->
+	    %% we have waited long enough
+	    throw({error, {timeout, First, Second}})
+    end;
+otp9884_await_backup_completion(First, Second) ->
+    throw({error, {bad_completion, First, Second}}).
+
+
+%%-----------------------------------------------------------------
 
 agent_log_validation(Node) ->
     rpc:call(Node, ?MODULE, agent_log_validation, []).
diff --git a/lib/snmp/test/snmp_agent_test_lib.erl b/lib/snmp/test/snmp_agent_test_lib.erl
index a18d9f3201..084b3ee8da 100644
--- a/lib/snmp/test/snmp_agent_test_lib.erl
+++ b/lib/snmp/test/snmp_agent_test_lib.erl
@@ -296,7 +296,12 @@ call(N,M,F,A) ->
 	    ?DBG("call -> done:"
 		 "~n   Ret: ~p"
 		 "~n   Zed: ~p", [Ret, Zed]),
-	    Ret
+	    case Ret of
+		{error, Reason} ->
+		    exit(Reason);
+		OK ->
+		    OK
+	    end
     end.
 
 wait(From, Env, M, F, A) ->
@@ -724,17 +729,13 @@ expect(Id, A, B, C, D, E) ->
     expect2(Id, Fun).
 
 expect2(Id, F) ->
-    io:format("~w:expect2 -> entry with"
-	      "~n   Id:   ~w"
-	      "~n", [?MODULE, Id]),
+    io:format("EXPECT for ~w~n", [Id]),
     case F() of
 	{error, Reason} ->
-	    {error, Id, Reason};
+	    io:format("EXPECT failed for ~w: ~n~p~n", [Id, Reason]),
+	    throw({error, {expect, Id, Reason}});
 	Else ->
-	    io:format("~w:expect2 -> "
-		      "~n   Id:   ~w"
-		      "~n   Else: ~p"
-		      "~n", [?MODULE, Id, Else]),
+	    io:format("EXPECT result for ~w: ~n~p~n", [Id, Else]),
 	    Else
     end.
 
@@ -769,21 +770,15 @@ do_expect(Expect) when is_atom(Expect) ->
 
 do_expect({any_pdu, To}) 
   when is_integer(To) orelse (To =:= infinity) ->
-    io:format("~w:do_expect(any_pdu) -> entry with"
-	      "~n   To:   ~w"
-	      "~n", [?MODULE, To]),
+    io:format("EXPECT any PDU~n", []),
     receive_pdu(To);
 
 do_expect({any_trap, To}) ->
-    io:format("~w:do_expect(any_trap) -> entry with"
-	      "~n   To:   ~w"
-	      "~n", [?MODULE, To]),
+    io:format("EXPECT any TRAP within ~w~n", [To]),
     receive_trap(To);
 
 do_expect({timeout, To}) ->
-    io:format("~w:do_expect(timeout) -> entry with"
-	      "~n   To:   ~w"
-	      "~n", [?MODULE, To]),
+    io:format("EXPECT nothing within ~w~n", [To]),
     receive
 	X ->
 	    {error, {unexpected, X}}
@@ -794,13 +789,16 @@ do_expect({timeout, To}) ->
 
 do_expect({Err, To}) 
   when is_atom(Err) andalso (is_integer(To) orelse (To =:= infinity)) ->
+    io:format("EXPECT error ~w within ~w~n", [Err, To]),
     do_expect({{error, Err}, To});
 
 do_expect({error, Err}) when is_atom(Err) ->
     Check = fun(_, R) -> R end,
+    io:format("EXPECT error ~w~n", [Err]),
     do_expect2(Check, any, Err, any, any, get_timeout());
 do_expect({{error, Err}, To}) ->
     Check = fun(_, R) -> R end,
+    io:format("EXPECT error ~w within ~w~n", [Err, To]),
     do_expect2(Check, any, Err, any, any, To);
 
 %% exp_varbinds() -> [exp_varbind()]
@@ -810,16 +808,25 @@ do_expect({{error, Err}, To}) ->
 %% ExpVBs         -> exp_varbinds() | {VbsCondition, exp_varbinds()}
 do_expect(ExpVBs) ->
     Check = fun(_, R) -> R end,
+    io:format("EXPECT 'get-response'"
+	      "~n   with"
+	      "~n      Varbinds: ~p~n", [ExpVBs]),
     do_expect2(Check, 'get-response', noError, 0, ExpVBs, get_timeout()).
 
 
 do_expect(v2trap, ExpVBs) ->
     Check = fun(_, R) -> R end,
+    io:format("EXPECT 'snmpv2-trap'"
+	      "~n   with"
+	      "~n      Varbinds: ~p~n", [ExpVBs]),
     do_expect2(Check, 'snmpv2-trap', noError, 0, ExpVBs, get_timeout());
 
 
 do_expect(report, ExpVBs) ->
     Check = fun(_, R) -> R end,
+    io:format("EXPECT 'report'"
+	      "~n   with"
+	      "~n      Varbinds: ~p~n", [ExpVBs]),
     do_expect2(Check, 'report', noError, 0, ExpVBs, get_timeout());
 
 
@@ -827,16 +834,13 @@ do_expect(inform, ExpVBs) ->
     do_expect({inform, true}, ExpVBs);
 
 do_expect({inform, false}, ExpVBs) ->
-    io:format("~w:do_expect(inform, false) -> entry with"
-	      "~n   ExpVBs: ~p"
-	      "~n", [?MODULE, ExpVBs]),
     Check = fun(_, R) -> R end,
+    io:format("EXPECT 'inform-request' (false)"
+	      "~n   with"
+	      "~n      Varbinds: ~p~n", [ExpVBs]),
     do_expect2(Check, 'inform-request', noError, 0, ExpVBs, get_timeout());
 
 do_expect({inform, true}, ExpVBs) ->
-    io:format("~w:do_expect(inform, true) -> entry with"
-	      "~n   ExpVBs: ~p"
-	      "~n", [?MODULE, ExpVBs]),
     Check = 
 	fun(PDU, ok) ->
 		RespPDU = PDU#pdu{type         = 'get-response',
@@ -847,6 +851,9 @@ do_expect({inform, true}, ExpVBs) ->
 	   (_, Err) ->
 		Err
 	end,
+    io:format("EXPECT 'inform-request' (true)"
+	      "~n   with"
+	      "~n      Varbinds: ~p~n", [ExpVBs]),
     do_expect2(Check, 'inform-request', noError, 0, ExpVBs, get_timeout());
 
 do_expect({inform, {error, EStat, EIdx}}, ExpVBs) 
@@ -861,6 +868,11 @@ do_expect({inform, {error, EStat, EIdx}}, ExpVBs)
 	   (_, Err) ->
 		Err
 	end,
+    io:format("EXPECT 'inform-request' (error)"
+	      "~n   with"
+	      "~n      Error Status: ~p"
+	      "~n      Error Index:  ~p"
+	      "~n      Varbinds:     ~p~n", [EStat, EIdx, ExpVBs]),
     do_expect2(Check, 'inform-request', noError, 0, ExpVBs, get_timeout()).
 
 
@@ -871,6 +883,12 @@ do_expect(Err, Idx, ExpVBs, To)
   when is_atom(Err) andalso 
        (is_integer(Idx) orelse is_list(Idx) orelse (Idx == any)) ->
     Check = fun(_, R) -> R end,
+    io:format("EXPECT 'get-response'"
+	      "~n   with"
+	      "~n      Error:    ~p"
+	      "~n      Index:    ~p"
+	      "~n      Varbinds: ~p"
+	      "~n   within ~w~n", [Err, Idx, ExpVBs, To]),
     do_expect2(Check, 'get-response', Err, Idx, ExpVBs, To).
 
 
@@ -878,15 +896,13 @@ do_expect(Type, Enterp, Generic, Specific, ExpVBs) ->
     do_expect(Type, Enterp, Generic, Specific, ExpVBs, 3500).
 
 do_expect(trap, Enterp, Generic, Specific, ExpVBs, To) ->
-    io:format("~w:do_expect(trap) -> entry with"
-	      "~n   Enterp:   ~w"
-	      "~n   Generic:  ~w"
-	      "~n   Specific: ~w"
-	      "~n   ExpVBs:   ~w"
-	      "~n   To:       ~w"
-	      "~nwhen"
-	      "~n   Time:   ~w"
-	      "~n", [?MODULE, Enterp, Generic, Specific, ExpVBs, To, t()]),
+    io:format("EXPECT trap"
+	      "~n   with"
+	      "~n      Enterp:   ~w"
+	      "~n      Generic:  ~w"
+	      "~n      Specific: ~w"
+	      "~n      Varbinds: ~w"
+	      "~n   within ~w~n", [Enterp, Generic, Specific, ExpVBs, To]),
     PureE = purify_oid(Enterp),
     case receive_trap(To) of
 	#trappdu{enterprise    = PureE, 
@@ -916,49 +932,51 @@ do_expect2(Check, Type, Err, Idx, ExpVBs, To)
        (is_list(ExpVBs) orelse (ExpVBs =:= any)) andalso
        (is_integer(To) orelse (To =:= infinity)) ->
 
-    io:format("~w:do_expect2 -> entry with"
-	      "~n   Type:   ~w"
-	      "~n   Err:    ~w"
-	      "~n   Idx:    ~w"
-	      "~n   ExpVBs: ~w"
-	      "~n   To:     ~w"
-	      "~nwhen"
-	      "~n   Time:   ~w"
-	      "~n", [?MODULE, Type, Err, Idx, ExpVBs, To, t()]),
-
     case receive_pdu(To) of
 
 	#pdu{type         = Type, 
 	     error_status = Err,
 	     error_index  = Idx} when ExpVBs =:= any -> 
+	    io:format("EXPECT received expected pdu (1)~n", []),
 	    ok;
 
 	#pdu{type         = Type, 
 	     request_id   = ReqId, 
 	     error_status = Err2,
 	     error_index  = Idx} when ExpVBs =:= any -> 
+	    io:format("EXPECT received expected pdu with "
+		      "unexpected error status (2): "
+		      "~n   Error Status: ~p~n", [Err2]),
 	    {error, {unexpected_error_status, Err, Err2, ReqId}};
 
 	#pdu{error_status = Err} when (Type   =:= any) andalso 
 				      (Idx    =:= any) andalso 
 				      (ExpVBs =:= any) -> 
+	    io:format("EXPECT received expected pdu (3)~n", []),
 	    ok;
 
 	#pdu{request_id   = ReqId, 
 	     error_status = Err2} when (Type   =:= any) andalso 
 				       (Idx    =:= any) andalso 
 				       (ExpVBs =:= any) -> 
+	    io:format("EXPECT received expected pdu with "
+		      "unexpected error status (4): "
+		      "~n   Error Status: ~p~n", [Err2]),
 	    {error, {unexpected_error_status, Err, Err2, ReqId}};
 
 	#pdu{type         = Type, 
 	     error_status = Err} when (Idx =:= any) andalso 
 				      (ExpVBs =:= any) -> 
+	    io:format("EXPECT received expected pdu (5)~n", []),
 	    ok;
 
 	#pdu{type         = Type, 
 	     request_id   = ReqId, 
 	     error_status = Err2} when (Idx =:= any) andalso 
 				       (ExpVBs =:= any) -> 
+	    io:format("EXPECT received expected pdu with "
+		      "unexpected error status (6): "
+		      "~n   Error Status: ~p~n", [Err2]),
 	    {error, {unexpected_error_status, Err, Err2, ReqId}};
 
 	#pdu{type         = Type, 
@@ -967,8 +985,13 @@ do_expect2(Check, Type, Err, Idx, ExpVBs, To)
 	     error_index  = EI} when is_list(Idx) andalso (ExpVBs =:= any) -> 
 	    case lists:member(EI, Idx) of
 		true ->
+		    io:format("EXPECT received expected pdu with "
+			      "expected error index (7)~n", []),
 		    ok;
 		false ->
+		    io:format("EXPECT received expected pdu with "
+			      "unexpected error index (8): "
+			      "~n   Error Index: ~p~n", [EI]),
 		    {error, {unexpected_error_index, EI, Idx, ReqId}}
 	    end;
 
@@ -978,8 +1001,15 @@ do_expect2(Check, Type, Err, Idx, ExpVBs, To)
 	     error_index  = EI} when is_list(Idx) andalso (ExpVBs =:= any) -> 
 	    case lists:member(EI, Idx) of
 		true ->
+		    io:format("EXPECT received expected pdu with "
+			      "unexpected error status (9): "
+			      "~n   Error Status: ~p~n", [Err2]),
 		    {error, {unexpected_error_status, Err, Err2, ReqId}};
 		false ->
+		    io:format("EXPECT received expected pdu with "
+			      "unexpected error (10): "
+			      "~n   Error Status: ~p"
+			      "~n   Error index:  ~p~n", [Err2, EI]),
 		    {error, {unexpected_error, {Err, Idx}, {Err2, EI}, ReqId}}
 	    end;
 
@@ -987,6 +1017,12 @@ do_expect2(Check, Type, Err, Idx, ExpVBs, To)
 	     request_id   = ReqId, 
 	     error_status = Err2, 
 	     error_index  = Idx2} when ExpVBs =:= any ->
+	    io:format("EXPECT received unexpected pdu with (11) "
+		      "~n   Type:         ~p"
+		      "~n   ReqId:        ~p"
+		      "~n   Errot status: ~p"
+		      "~n   Error index:  ~p"
+		      "~n", [Type2, ReqId, Err2, Idx2]),
 	    {error, 
 	     {unexpected_pdu, 
 	      {Type, Err, Idx}, {Type2, Err2, Idx2}, ReqId}};
@@ -995,11 +1031,26 @@ do_expect2(Check, Type, Err, Idx, ExpVBs, To)
 	     error_status = Err, 
 	     error_index  = Idx,
 	     varbinds     = VBs} = PDU ->
+	    io:format("EXPECT received pdu (12): "
+		      "~n   [exp] Type:         ~p"
+		      "~n   [exp] Error Status: ~p"
+		      "~n   [exp] Error Index:  ~p"
+		      "~n   VBs:                ~p"
+		      "~nwhen"
+		      "~n   ExpVBs:             ~p"
+		      "~n", [Type, Err, Idx, VBs, ExpVBs]),
 	    Check(PDU, check_vbs(purify_oids(ExpVBs), VBs));
 
 	#pdu{type         = Type, 
 	     error_status = Err, 
 	     varbinds     = VBs} = PDU when Idx =:= any ->
+	    io:format("EXPECT received pdu (13): "
+		      "~n   [exp] Type:         ~p"
+		      "~n   [exp] Error Status: ~p"
+		      "~n   VBs:                ~p"
+		      "~nwhen"
+		      "~n   ExpVBs:             ~p"
+		      "~n", [Type, Err, VBs, ExpVBs]),
 	    Check(PDU, check_vbs(purify_oids(ExpVBs), VBs));
 
 	#pdu{type         = Type, 
@@ -1007,6 +1058,15 @@ do_expect2(Check, Type, Err, Idx, ExpVBs, To)
 	     error_status = Err, 
 	     error_index  = EI,
 	     varbinds     = VBs} = PDU when is_list(Idx) ->
+	    io:format("EXPECT received pdu (14): "
+		      "~n   [exp] Type:         ~p"
+		      "~n   ReqId:              ~p"
+		      "~n   [exp] Error Status: ~p"
+		      "~n   [exp] Error Index:  ~p"
+		      "~n   VBs:                ~p"
+		      "~nwhen"
+		      "~n   ExpVBs:             ~p"
+		      "~n", [Type, ReqId, Err, EI, VBs, ExpVBs]),
 	    PureVBs = purify_oids(ExpVBs), 
 	    case lists:member(EI, Idx) of
 		true ->
@@ -1020,6 +1080,13 @@ do_expect2(Check, Type, Err, Idx, ExpVBs, To)
 	     error_status = Err2, 
 	     error_index  = Idx2,
 	     varbinds     = VBs2} ->
+	    io:format("EXPECT received unexpected pdu with (15) "
+		      "~n   Type:         ~p"
+		      "~n   ReqId:        ~p"
+		      "~n   Errot status: ~p"
+		      "~n   Error index:  ~p"
+		      "~n   Varbinds:     ~p"
+		      "~n", [Type2, ReqId, Err2, Idx2, VBs2]),
 	    {error, 
 	     {unexpected_pdu, 
 	      {Type,  Err,  Idx, purify_oids(ExpVBs)}, 
@@ -1027,6 +1094,9 @@ do_expect2(Check, Type, Err, Idx, ExpVBs, To)
 	      ReqId}};
 	
 	Error ->
+	    io:format("EXPECT received error (16):  "
+		      "~n   Error: ~p"
+		      "~n", [Error]),
 	    Error
     end.
 
@@ -1466,7 +1536,7 @@ rpc(Node, F, A) ->
 %% 
 %% 
 %% t() ->
-%%     {A,B,C} = erlang:now(),
+%%     {A,B,C} = os:timestamp(),
 %%     A*1000000000+B*1000+(C div 1000).
 %% 
 %% 
@@ -1478,6 +1548,6 @@ rpc(Node, F, A) ->
     
 
 %% Time in milli seconds
-t() ->
-    {A,B,C} = erlang:now(),
-    A*1000000000+B*1000+(C div 1000).
+%% t() ->
+%%     {A,B,C} = os:timestamp(),
+%%     A*1000000000+B*1000+(C div 1000).
diff --git a/lib/snmp/test/snmp_compiler_test.erl b/lib/snmp/test/snmp_compiler_test.erl
index c964b08168..0a147130b0 100644
--- a/lib/snmp/test/snmp_compiler_test.erl
+++ b/lib/snmp/test/snmp_compiler_test.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -566,14 +566,7 @@ p(F, A) ->
 
 p(TName, F, A) ->
     io:format("*** [~w][~s] ***"
-              "~n" ++ F ++ "~n", [TName,format_timestamp(now())|A]).
-
-format_timestamp({_N1, _N2, N3}   = Now) ->
-    {Date, Time}   = calendar:now_to_datetime(Now),
-    {YYYY,MM,DD}   = Date,
-    {Hour,Min,Sec} = Time,
-    FormatDate =
-        io_lib:format("~.4w:~.2.0w:~.2.0w ~.2.0w:~.2.0w:~.2.0w 4~w",
-                      [YYYY,MM,DD,Hour,Min,Sec,round(N3/1000)]),
-    lists:flatten(FormatDate).
+              "~n" ++ F ++ "~n", [TName, formated_timestamp()|A]).
 
+formated_timestamp() ->
+    snmp_test_lib:formated_timestamp().
diff --git a/lib/snmp/test/snmp_manager_config_test.erl b/lib/snmp/test/snmp_manager_config_test.erl
index 4498d506f3..3192fe1b40 100644
--- a/lib/snmp/test/snmp_manager_config_test.erl
+++ b/lib/snmp/test/snmp_manager_config_test.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -2726,14 +2726,7 @@ p(F, A) ->
 
 p(TName, F, A) ->
     io:format("*** [~s] ***"
-              " ~w -> " ++ F ++ "~n", [format_timestamp(now()),TName|A]).
-
-format_timestamp({_N1, _N2, N3}   = Now) ->
-    {Date, Time}   = calendar:now_to_datetime(Now),
-    {YYYY,MM,DD}   = Date,
-    {Hour,Min,Sec} = Time,
-    FormatDate =
-        io_lib:format("~.4w:~.2.0w:~.2.0w ~.2.0w:~.2.0w:~.2.0w 4~w",
-                      [YYYY,MM,DD,Hour,Min,Sec,round(N3/1000)]),
-    lists:flatten(FormatDate).
+              " ~w -> " ++ F ++ "~n", [formated_timestamp(),TName|A]).
 
+formated_timestamp() ->
+    snmp_test_lib:formated_timestamp().
diff --git a/lib/snmp/test/snmp_manager_test.erl b/lib/snmp/test/snmp_manager_test.erl
index d18f20d359..75c9f7b277 100644
--- a/lib/snmp/test/snmp_manager_test.erl
+++ b/lib/snmp/test/snmp_manager_test.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -6064,7 +6064,7 @@ rcall(Node, Mod, Func, Args) ->
 
 %% Time in milli sec
 %% t() ->
-%%     {A,B,C} = erlang:now(),
+%%     {A,B,C} = os:timestamp(),
 %%     A*1000000000+B*1000+(C div 1000).
 
 
@@ -6078,16 +6078,10 @@ p(F, A) ->
  
 p(TName, F, A) ->
     io:format("*** [~w][~s] ***"
-              "~n" ++ F ++ "~n", [TName,format_timestamp(now())|A]).
-
-format_timestamp({_N1, _N2, N3}   = Now) ->
-    {Date, Time}   = calendar:now_to_datetime(Now),
-    {YYYY,MM,DD}   = Date,
-    {Hour,Min,Sec} = Time,
-    FormatDate =
-        io_lib:format("~.4w:~.2.0w:~.2.0w ~.2.0w:~.2.0w:~.2.0w 4~w",
-                      [YYYY,MM,DD,Hour,Min,Sec,round(N3/1000)]),
-    lists:flatten(FormatDate).
+              "~n" ++ F ++ "~n", [TName, formated_timestamp()|A]).
+
+formated_timestamp() ->
+    snmp_test_lib:formated_timestamp().
 
 %% p(TName, F, A) ->
 %%     io:format("~w -> " ++ F ++ "~n", [TName|A]).
diff --git a/lib/snmp/test/snmp_manager_user_old.erl b/lib/snmp/test/snmp_manager_user_old.erl
index edffc80dd4..6280cef51f 100644
--- a/lib/snmp/test/snmp_manager_user_old.erl
+++ b/lib/snmp/test/snmp_manager_user_old.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/snmp/test/snmp_test_lib.erl b/lib/snmp/test/snmp_test_lib.erl
index 54839d989b..e4d58a1253 100644
--- a/lib/snmp/test/snmp_test_lib.erl
+++ b/lib/snmp/test/snmp_test_lib.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2002-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -37,7 +37,7 @@
 -export([watchdog/3, watchdog_start/1, watchdog_start/2, watchdog_stop/1]).
 -export([del_dir/1]).
 -export([cover/1]).
--export([p/2, print/5]).
+-export([p/2, print/5, formated_timestamp/0]).
 
 
 %% ----------------------------------------------------------------------
@@ -521,15 +521,18 @@ p(F, A) when is_list(F) andalso is_list(A) ->
 
 print(Prefix, Module, Line, Format, Args) ->
     io:format("*** [~s] ~s ~p ~p ~p:~p *** " ++ Format ++ "~n", 
-	      [format_timestamp(now()), 
+	      [formated_timestamp(), 
 	       Prefix, node(), self(), Module, Line|Args]).
 
+formated_timestamp() ->
+    format_timestamp(os:timestamp()).
+
 format_timestamp({_N1, _N2, N3} = Now) ->
     {Date, Time}   = calendar:now_to_datetime(Now),
     {YYYY,MM,DD}   = Date,
     {Hour,Min,Sec} = Time,
     FormatDate =
-        io_lib:format("~.4w:~.2.0w:~.2.0w ~.2.0w:~.2.0w:~.2.0w 4~w",
+        io_lib:format("~.4w:~.2.0w:~.2.0w ~.2.0w:~.2.0w:~.2.0w ~w",
                       [YYYY,MM,DD,Hour,Min,Sec,round(N3/1000)]),
     lists:flatten(FormatDate).
 
diff --git a/lib/snmp/test/snmp_test_mgr.erl b/lib/snmp/test/snmp_test_mgr.erl
index 84bdc6b04f..499cf7abcf 100644
--- a/lib/snmp/test/snmp_test_mgr.erl
+++ b/lib/snmp/test/snmp_test_mgr.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -1124,16 +1124,11 @@ d(F,A) -> d(get(debug),F,A).
 
 d(true,F,A) ->
     io:format("*** [~s] MGR_DBG *** " ++ F ++ "~n",
-	      [format_timestamp(now())|A]);
+	      [formated_timestamp()|A]);
 d(_,_F,_A) -> 
     ok.
 
-format_timestamp({_N1, _N2, N3} = Now) ->
-    {Date, Time}   = calendar:now_to_datetime(Now),
-    {YYYY,MM,DD}   = Date,
-    {Hour,Min,Sec} = Time,
-    FormatDate =
-        io_lib:format("~.4w:~.2.0w:~.2.0w ~.2.0w:~.2.0w:~.2.0w 4~w",
-                      [YYYY,MM,DD,Hour,Min,Sec,round(N3/1000)]),
-    lists:flatten(FormatDate).
+
+formated_timestamp() ->
+    snmp_test_lib:formated_timestamp().
 
diff --git a/lib/snmp/test/snmp_test_mgr_misc.erl b/lib/snmp/test/snmp_test_mgr_misc.erl
index fc6dedd96d..5525c5c3ec 100644
--- a/lib/snmp/test/snmp_test_mgr_misc.erl
+++ b/lib/snmp/test/snmp_test_mgr_misc.erl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -779,16 +779,9 @@ d(F,A) -> d(get(debug),F,A).
 
 d(true,F,A) ->
     io:format("*** [~s] MGR_PS_DBG *** " ++ F ++ "~n",
-	      [format_timestamp(now())|A]);
+	      [formated_timestamp()|A]);
 d(_,_F,_A) -> 
     ok.
 
-format_timestamp({_N1, _N2, N3} = Now) ->
-    {Date, Time}   = calendar:now_to_datetime(Now),
-    {YYYY,MM,DD}   = Date,
-    {Hour,Min,Sec} = Time,
-    FormatDate =
-        io_lib:format("~.4w:~.2.0w:~.2.0w ~.2.0w:~.2.0w:~.2.0w 4~w",
-                      [YYYY,MM,DD,Hour,Min,Sec,round(N3/1000)]),
-    lists:flatten(FormatDate).
-
+formated_timestamp() ->
+    snmp_test_lib:formated_timestamp().
diff --git a/lib/snmp/vsn.mk b/lib/snmp/vsn.mk
index 25e3a9470b..fb1dcb6c41 100644
--- a/lib/snmp/vsn.mk
+++ b/lib/snmp/vsn.mk
@@ -2,7 +2,7 @@
 
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1997-2011. All Rights Reserved.
+# Copyright Ericsson AB 1997-2012. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -17,6 +17,7 @@
 #
 # %CopyrightEnd%
 
-SNMP_VSN = 4.21.3
-PRE_VSN  =
-APP_VSN  = "snmp-$(SNMP_VSN)$(PRE_VSN)"
+APPLICATION = snmp
+SNMP_VSN    = 4.21.7
+PRE_VSN     =
+APP_VSN     = "$(APPLICATION)-$(SNMP_VSN)$(PRE_VSN)"
diff --git a/lib/ssh/doc/src/Makefile b/lib/ssh/doc/src/Makefile
index c97c99cf52..125dcf8775 100644
--- a/lib/ssh/doc/src/Makefile
+++ b/lib/ssh/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2004-2010. All Rights Reserved.
+# Copyright Ericsson AB 2004-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml
index 6fc4fdc43d..c6c634212f 100644
--- a/lib/ssh/doc/src/notes.xml
+++ b/lib/ssh/doc/src/notes.xml
@@ -29,6 +29,32 @@
     <file>notes.xml</file>
   </header>
 
+<section><title>Ssh 2.0.9</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Erlang/OTP can now be built using parallel make if you
+	    limit the number of jobs, for instance using '<c>make
+	    -j6</c>' or '<c>make -j10</c>'. '<c>make -j</c>' does not
+	    work at the moment because of some missing
+	    dependencies.</p>
+          <p>
+	    Own Id: OTP-9451</p>
+        </item>
+        <item>
+          <p>
+	    Ssh behaviours now use the new directive "-callback".
+	    Parameters will be further specified in a later version
+	    of ssh.</p>
+          <p>
+	    Own Id: OTP-9796</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Ssh 2.0.8</title>
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml
index 2c5096a25f..ed88b3a1af 100644
--- a/lib/ssh/doc/src/ssh.xml
+++ b/lib/ssh/doc/src/ssh.xml
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="latin1" ?>
+<?xml version="1.0" encoding="iso-8859-1" ?>
 <!DOCTYPE erlref SYSTEM "erlref.dtd">
 
 <erlref>
   <header>
     <copyright>
-      <year>2004</year><year>2010</year>
+      <year>2004</year><year>2012</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -86,7 +86,7 @@
 	by calling ssh_connect:session_channel/2.</p>
 	<p>Options are:</p>
 	<taglist>
-          <tag><c><![CDATA[{user_dir, String}]]></c></tag>
+          <tag><c><![CDATA[{user_dir, string()}]]></c></tag>
 	  <item>
 	    <p>Sets the user directory e.i. the directory containing
 	    ssh configuration files for the user such as
@@ -94,6 +94,18 @@
 	    <c><![CDATA[authorized_key]]></c>. Defaults to the directory normally
 	    referred to as <c><![CDATA[~/.ssh]]></c> </p>
 	  </item>
+	  <tag><c><![CDATA[{dsa_pass_phrase, string()}]]></c></tag>
+	  <item>
+	    <p>If the user dsa key is protected by a pass phrase it can be
+	    supplied with this option.
+	    </p>
+	  </item>
+	  <tag><c><![CDATA[{rsa_pass_phrase, string()}]]></c></tag>
+	  <item>
+	    <p>If the user rsa key is protected by a pass phrase it can be
+	    supplied with this option.
+	    </p>
+	  </item>
           <tag><c><![CDATA[{silently_accept_hosts, boolean()}]]></c></tag>
 	  <item>
 	    <p>When true hosts are added to the
@@ -222,6 +234,14 @@
 	    option <c>shell</c> which is much less work than implementing
 	    your own cli channel.
 	  </item>
+	  <tag><c><![CDATA[{user_dir, String}]]></c></tag>
+	  <item>
+	    <p>Sets the user directory e.i. the directory containing
+	    ssh configuration files for the user such as
+	    <c><![CDATA[known_hosts]]></c>, <c><![CDATA[id_rsa, id_dsa]]></c> and
+	    <c><![CDATA[authorized_key]]></c>. Defaults to the directory normally
+	    referred to as <c><![CDATA[~/.ssh]]></c> </p>
+	  </item>
           <tag><c><![CDATA[{system_dir, string()}]]></c></tag>
           <item>
             <p>Sets the system directory, containing the host files
@@ -283,22 +303,6 @@
     </func>
 
     <func>
-      <name>sign_data(Data, Algorithm) -> Signature | {error, Reason}</name>
-      <fsummary> </fsummary>
-      <type>
-        <v> Data = binary()</v>
-	<v> Algorithm = "ssh-rsa"</v>
-	<v> Signature = binary()</v>
-	<v> Reason = term()</v>
-      </type>
-      <desc>
-        <p>Signs the supplied binary using the SSH key.
-	</p>
-      </desc>
-    </func>
-
-
-    <func>
       <name>start() -> </name>
       <name>start(Type) -> ok | {error, Reason}</name>
       <fsummary>Starts the Ssh application. </fsummary>
@@ -356,21 +360,6 @@
       </desc>
     </func>
 
-    <func>
-      <name>verify_data(Data, Signature, Algorithm) -> ok | {error, Reason}</name>
-      <fsummary> </fsummary>
-      <type>
-        <v> Data = binary()</v>
-	<v> Algorithm = "ssh-rsa"</v>
-	<v> Signature = binary()</v>
-	<v> Reason = term()</v>
-      </type>
-      <desc>
-        <p>Verifies the supplied binary against the binary signature.
-	</p>
-      </desc>
-    </func>
-
   </funcs>
   
 </erlref>
diff --git a/lib/ssh/src/DSS.asn1 b/lib/ssh/src/DSS.asn1
deleted file mode 100644
index 77aca3808b..0000000000
--- a/lib/ssh/src/DSS.asn1
+++ /dev/null
@@ -1,20 +0,0 @@
-DSS DEFINITIONS EXPLICIT TAGS ::=
-
-BEGIN
-
--- EXPORTS ALL
--- All types and values defined in this module are exported for use
--- in other ASN.1 modules.
-
-DSAPrivateKey ::= SEQUENCE {
-    version           INTEGER,
-    p                 INTEGER,  -- p
-    q                 INTEGER,  -- q
-    g                 INTEGER,  -- q
-    y                 INTEGER,  -- y
-    x                 INTEGER   -- x
-}
-
-END
-
-
diff --git a/lib/ssh/src/Makefile b/lib/ssh/src/Makefile
index e7cf2c6723..7be97abf66 100644
--- a/lib/ssh/src/Makefile
+++ b/lib/ssh/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2004-2010. All Rights Reserved.
+# Copyright Ericsson AB 2004-2012. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -36,7 +36,11 @@ RELSYSDIR = $(RELEASE_PATH)/lib/ssh-$(VSN)
 # Common Macros
 # ----------------------------------------------------
 
+# Behaviour (api) modules are first so they are compiled when
+# the compiler reaches a callback module using them.
 MODULES= \
+	ssh_sftpd_file_api \
+	ssh_key_api \
 	ssh \
 	ssh_sup \
 	sshc_sup \
@@ -56,25 +60,22 @@ MODULES= \
 	ssh_auth\
 	ssh_bits \
 	ssh_cli \
-	ssh_dsa \
 	ssh_file \
 	ssh_io \
 	ssh_math \
 	ssh_no_io \
-	ssh_rsa \
 	ssh_sftp \
 	ssh_sftpd \
 	ssh_sftpd_file\
-	ssh_sftpd_file_api \
 	ssh_transport \
 	ssh_userreg \
 	ssh_xfer
 
 PUBLIC_HRL_FILES= ssh.hrl ssh_userauth.hrl ssh_xfer.hrl
 
-ERL_FILES= $(MODULES:%=%.erl) $(ASN_ERLS)
+ERL_FILES= $(MODULES:%=%.erl)
 
-ALL_MODULES= $(MODULES) $(ASN_MODULES)
+ALL_MODULES= $(MODULES)
 
 TARGET_FILES= $(ALL_MODULES:%=$(EBIN)/%.$(EMULATOR)) $(APP_TARGET) $(APPUP_TARGET)
 
@@ -87,22 +88,13 @@ APP_TARGET= $(EBIN)/$(APP_FILE)
 APPUP_SRC= $(APPUP_FILE).src
 APPUP_TARGET= $(EBIN)/$(APPUP_FILE)
 
-ASN_MODULES = PKCS-1 DSS
-ASN_ASNS = $(ASN_MODULES:%=%.asn1)
-ASN_ERLS = $(ASN_MODULES:%=%.erl)
-ASN_HRLS = $(ASN_MODULES:%=%.hrl)
-ASN_DBS = $(ASN_MODULES:%=%.asn1db)
-ASN_TABLES = $(ASN_MODULES:%=%.table)
-
-ASN_FLAGS = -bber_bin +der +compact_bit_string +optimize +noobj +inline
-
-INTERNAL_HRL_FILES = $(ASN_HRLS) ssh_auth.hrl ssh_connect.hrl ssh_transport.hrl
+INTERNAL_HRL_FILES = ssh_auth.hrl ssh_connect.hrl ssh_transport.hrl
 
 # ----------------------------------------------------
 # FLAGS
 # ----------------------------------------------------
-ERL_COMPILE_FLAGS += -pa$(EBIN) 
-
+ERL_COMPILE_FLAGS += -pa$(EBIN)\
+	-pz $(ERL_TOP)/lib/public_key/ebin
 # ----------------------------------------------------
 # Targets
 # ----------------------------------------------------
@@ -114,7 +106,6 @@ debug: ERLC_FLAGS += -Ddebug
 clean:
 	rm -f $(TARGET_FILES)
 	rm -f errs core *~
-	rm -f $(ASN_ERLS) $(ASN_HRLS) $(ASN_DBS)
 
 $(TARGET_FILES): ssh.hrl
 
@@ -127,10 +118,6 @@ $(APP_TARGET): $(APP_SRC) ../vsn.mk
 $(APPUP_TARGET): $(APPUP_SRC) ../vsn.mk
 	sed -e 's;%VSN%;$(VSN);' $< > $@
 
-%.erl %.hrl: %.asn1
-	$(ERLC) $(ASN_FLAGS) $<
-
-$(EBIN)/ssh_file.$(EMULATOR) $(EBIN)/ssh_rsa.$(EMULATOR): $(ASN_HRLS)
 
 docs:
 
diff --git a/lib/ssh/src/PKCS-1.asn1 b/lib/ssh/src/PKCS-1.asn1
deleted file mode 100644
index e7d6b18c63..0000000000
--- a/lib/ssh/src/PKCS-1.asn1
+++ /dev/null
@@ -1,116 +0,0 @@
-PKCS-1 {
-    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)
-    modules(0) pkcs-1(1)
-}
-
--- $Revision: 1.1 $
-
-DEFINITIONS EXPLICIT TAGS ::=
-
-BEGIN
-
--- IMPORTS id-sha256, id-sha384, id-sha512
---     FROM NIST-SHA2 {
---         joint-iso-itu-t(2) country(16) us(840) organization(1)
---         gov(101) csor(3) nistalgorithm(4) modules(0) sha2(1)
---     };
-
-pkcs-1    OBJECT IDENTIFIER ::= {
-    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1
-}
-
-rsaEncryption    OBJECT IDENTIFIER ::= { pkcs-1 1 }
-
-id-RSAES-OAEP    OBJECT IDENTIFIER ::= { pkcs-1 7 }
-
-id-pSpecified    OBJECT IDENTIFIER ::= { pkcs-1 9 }
-
-id-RSASSA-PSS    OBJECT IDENTIFIER ::= { pkcs-1 10 }
-
-md2WithRSAEncryption       OBJECT IDENTIFIER ::= { pkcs-1 2 }
-md5WithRSAEncryption       OBJECT IDENTIFIER ::= { pkcs-1 4 }
-sha1WithRSAEncryption      OBJECT IDENTIFIER ::= { pkcs-1 5 }
-sha256WithRSAEncryption    OBJECT IDENTIFIER ::= { pkcs-1 11 }
-sha384WithRSAEncryption    OBJECT IDENTIFIER ::= { pkcs-1 12 }
-sha512WithRSAEncryption    OBJECT IDENTIFIER ::= { pkcs-1 13 }
-
-id-sha1    OBJECT IDENTIFIER ::= {
-    iso(1) identified-organization(3) oiw(14) secsig(3)
-    algorithms(2) 26
-}
-
-id-md2 OBJECT IDENTIFIER ::= {
-    iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2
-}
-
-id-md5 OBJECT IDENTIFIER ::= {
-    iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5
-}
-
-id-mgf1    OBJECT IDENTIFIER ::= { pkcs-1 8 }
-
-
-RSAPublicKey ::= SEQUENCE {
-    modulus           INTEGER,  -- n
-    publicExponent    INTEGER   -- e
-}
-
-RSAPrivateKey ::= SEQUENCE {
-    version           Version,
-    modulus           INTEGER,  -- n
-    publicExponent    INTEGER,  -- e
-    privateExponent   INTEGER,  -- d
-    prime1            INTEGER,  -- p
-    prime2            INTEGER,  -- q
-    exponent1         INTEGER,  -- d mod (p-1)
-    exponent2         INTEGER,  -- d mod (q-1)
-    coefficient       INTEGER,  -- (inverse of q) mod p
-    otherPrimeInfos   OtherPrimeInfos OPTIONAL
-}
-
-Version ::= INTEGER { two-prime(0), multi(1) }
-    (CONSTRAINED BY {
-        -- version must be multi if otherPrimeInfos present --
-    })
-
-OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo
-
-OtherPrimeInfo ::= SEQUENCE {
-    prime             INTEGER,  -- ri
-    exponent          INTEGER,  -- di
-    coefficient       INTEGER   -- ti
-}
-
-Algorithm ::= SEQUENCE {
-	algorithm OBJECT IDENTIFIER,
-	parameters ANY DEFINED BY algorithm OPTIONAL
-}
-
-AlgorithmNull ::= SEQUENCE {
-	algorithm OBJECT IDENTIFIER,
-	parameters NULL
-}
-
-
-RSASSA-PSS-params ::= SEQUENCE {
-    hashAlgorithm      [0] Algorithm,     --  DEFAULT sha1,
-    maskGenAlgorithm   [1] Algorithm,     --  DEFAULT mgf1SHA1,
-    saltLength         [2] INTEGER            DEFAULT 20,
-    trailerField       [3] TrailerField       DEFAULT trailerFieldBC
-}
-
-TrailerField ::= INTEGER { trailerFieldBC(1) }
-
-DigestInfo ::= SEQUENCE {
-	digestAlgorithm Algorithm,
-	digest OCTET STRING
-}
-
-DigestInfoNull ::= SEQUENCE {
-	digestAlgorithm AlgorithmNull,
-	digest OCTET STRING
-}
-
-
-END  -- PKCS1Definitions
-
diff --git a/lib/ssh/src/prebuild.skip b/lib/ssh/src/prebuild.skip
deleted file mode 100644
index 1d7552d98d..0000000000
--- a/lib/ssh/src/prebuild.skip
+++ /dev/null
@@ -1,2 +0,0 @@
-DSS.asn1db
-PKCS-1.asn1db
diff --git a/lib/ssh/src/ssh.app.src b/lib/ssh/src/ssh.app.src
index 8a3e15841f..7a58dbe54f 100644
--- a/lib/ssh/src/ssh.app.src
+++ b/lib/ssh/src/ssh.app.src
@@ -3,9 +3,7 @@
 {application, ssh,
  [{description, "SSH-2 for Erlang/OTP"},
   {vsn, "%VSN%"},
-  {modules, ['DSS',
-	     'PKCS-1',
-	     ssh,
+  {modules, [ssh,
 	     ssh_app,
 	     ssh_acceptor,
 	     ssh_acceptor_sup,
@@ -21,12 +19,11 @@
 	     ssh_shell,
 	     sshc_sup,
 	     sshd_sup,
-	     ssh_dsa,
 	     ssh_file,
 	     ssh_io,
+             ssh_key_api,
 	     ssh_math,
 	     ssh_no_io,
-	     ssh_rsa,
 	     ssh_sftp,
 	     ssh_sftpd,
 	     ssh_sftpd_file,
diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src
index 150b7d86dd..21a0582c06 100644
--- a/lib/ssh/src/ssh.appup.src
+++ b/lib/ssh/src/ssh.appup.src
@@ -18,7 +18,9 @@
 %%
 
 {"%VSN%",	
- [
+ [		
+  {"2.0.8", [{load_module, ssh_sftpd_file_api, soft_purge, soft_purge, []},
+             {load_module, ssh_channel, soft_purge, soft_purge, []}]},
   {"2.0.7", [{load_module, ssh_sftp, soft_purge, soft_purge, []}]},
   {"2.0.6", [{load_module, ssh_userreg, soft_purge, soft_purge, []},
              {load_module, ssh_sftp, soft_purge, soft_purge, []}]},
@@ -27,6 +29,8 @@
              {load_module, ssh_connection_handler, soft_purge, soft_purge, [ssh_userreg]}]}
  ],
  [
+  {"2.0.8", [{load_module, ssh_sftpd_file_api, soft_purge, soft_purge, []},
+             {load_module, ssh_channel, soft_purge, soft_purge, []}]},	
   {"2.0.7", [{load_module, ssh_sftp, soft_purge, soft_purge, []}]},
   {"2.0.6", [{load_module, ssh_userreg, soft_purge, soft_purge, []},
              {load_module, ssh_sftp, soft_purge, soft_purge, []}]},
diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl
index cada109df0..5751f2eaa0 100644
--- a/lib/ssh/src/ssh.erl
+++ b/lib/ssh/src/ssh.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,6 +23,7 @@
 
 -include("ssh.hrl").
 -include("ssh_connect.hrl").
+-include_lib("public_key/include/public_key.hrl").
 
 -export([start/0, start/1, stop/0, connect/3, connect/4, close/1, connection_info/2,
 	 channel_info/3,
@@ -30,6 +31,9 @@
 	 stop_listener/1, stop_listener/2, stop_daemon/1, stop_daemon/2,
 	 shell/1, shell/2, shell/3]).
 
+-deprecated({sign_data, 2, next_major_release}).
+-deprecated({verify_data, 3, next_major_release}).
+
 -export([sign_data/2, verify_data/3]).
 
 %%--------------------------------------------------------------------
@@ -89,6 +93,9 @@ connect(Host, Port, Options, Timeout) ->
 		%% might return undefined as the connection manager
 		%% could allready have terminated, so we will not
 		%% match the Manager in this case
+		{_, not_connected, {error, econnrefused}} when DisableIpv6 == false ->
+		    do_demonitor(MRef, Manager),
+		    connect(Host, Port, [{ip_v6_disabled, true} | Options], Timeout);
 		{_, not_connected, {error, Reason}} ->
 		    do_demonitor(MRef, Manager),
 		    {error, Reason};
@@ -247,43 +254,6 @@ shell(Host, Port, Options) ->
 	    Error
     end.
 
-
-%%--------------------------------------------------------------------
-%% Function: sign_data(Data, Algorithm) -> binary() | 
-%%                                         {error, Reason}
-%%
-%%   Data = binary()
-%%   Algorithm = "ssh-rsa"
-%%
-%% Description: Use SSH key to sign data.
-%%--------------------------------------------------------------------
-sign_data(Data, Algorithm) when is_binary(Data) ->
-    case ssh_file:private_identity_key(Algorithm,[]) of
-	{ok, Key} when Algorithm == "ssh-rsa" ->
-	    ssh_rsa:sign(Key, Data);
-	Error ->
-	    Error
-    end.
-
-%%--------------------------------------------------------------------
-%% Function: verify_data(Data, Signature, Algorithm) -> ok | 
-%%                                                      {error, Reason}
-%%
-%%   Data = binary()
-%%   Signature = binary()
-%%   Algorithm = "ssh-rsa"
-%%
-%% Description: Use SSH signature to verify data.
-%%--------------------------------------------------------------------
-verify_data(Data, Signature, Algorithm) when is_binary(Data), is_binary(Signature) ->
-    case ssh_file:public_identity_key(Algorithm, []) of
-	{ok, Key} when Algorithm == "ssh-rsa" ->
-	    ssh_rsa:verify(Key, Data, Signature);
-	Error ->
-	    Error
-    end.
-
-
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
@@ -336,6 +306,10 @@ handle_options([{connect_timeout, _} = Opt | Rest], SockOpts, Opts) ->
     handle_options(Rest, SockOpts, [Opt | Opts]);
 handle_options([{user, _} = Opt | Rest], SockOpts, Opts) -> 
     handle_options(Rest, SockOpts, [Opt | Opts]);
+handle_options([{dsa_pass_phrase, _} = Opt | Rest], SockOpts, Opts) ->
+    handle_options(Rest, SockOpts, [Opt | Opts]);
+handle_options([{rsa_pass_phrase, _} = Opt | Rest], SockOpts, Opts) ->
+    handle_options(Rest, SockOpts, [Opt | Opts]);
 handle_options([{password, _} = Opt | Rest], SockOpts, Opts) -> 
     handle_options(Rest, SockOpts, [Opt | Opts]);
 handle_options([{user_passwords, _} = Opt | Rest], SockOpts, Opts) -> 
@@ -379,6 +353,50 @@ handle_options([Opt | Rest], SockOpts, Opts) ->
 inetopt(true) ->
     inet;
 inetopt(false) ->
-    inet6.
+    case gen_tcp:listen(0, [inet6, {ip, loopback}]) of
+	{ok, Dummyport} ->
+	    gen_tcp:close(Dummyport),
+	    inet6;
+	_ ->
+	    inet
+    end.
+
+%%%
+%% Deprecated
+%%%
+
+%%--------------------------------------------------------------------
+%% Function: sign_data(Data, Algorithm) -> binary() |
+%%                                         {error, Reason}
+%%
+%%   Data = binary()
+%%   Algorithm = "ssh-rsa"
+%%
+%% Description: Use SSH key to sign data.
+%%--------------------------------------------------------------------
+sign_data(Data, Algorithm) when is_binary(Data) ->
+    case ssh_file:user_key(Algorithm,[]) of
+	{ok, Key} when Algorithm == "ssh-rsa" ->
+	    public_key:sign(Data, sha, Key);
+	Error ->
+	    Error
+    end.
 
+%%--------------------------------------------------------------------
+%% Function: verify_data(Data, Signature, Algorithm) -> ok |
+%%                                                      {error, Reason}
+%%
+%%   Data = binary()
+%%   Signature = binary()
+%%   Algorithm = "ssh-rsa"
+%%
+%% Description: Use SSH signature to verify data.
+%%--------------------------------------------------------------------
+verify_data(Data, Signature, Algorithm) when is_binary(Data), is_binary(Signature) ->
+    case ssh_file:user_key(Algorithm, []) of
+	{ok, #'RSAPrivateKey'{publicExponent = E, modulus = N}} when Algorithm == "ssh-rsa" ->
+	    public_key:verify(Data, sha, Signature, #'RSAPublicKey'{publicExponent = E, modulus = N});
+	Error ->
+	    Error
+    end.
 
diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl
index ac249b05e3..da5750b6c3 100644
--- a/lib/ssh/src/ssh.hrl
+++ b/lib/ssh/src/ssh.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -54,18 +54,6 @@
 -define(string(X), << ?STRING(list_to_binary(X)) >> ).
 -define(binary(X), << ?STRING(X) >>).
 
--ifdef(debug).
--define(dbg(Debug, Fmt, As),
-	case (Debug) of
-	    true ->
-		io:format([$# | (Fmt)], (As));
-	    _ ->
-		ok
-	end).
--else.
--define(dbg(Debug, Fmt, As), ok).
--endif.
-
 -define(SSH_CIPHER_NONE, 0).
 -define(SSH_CIPHER_3DES, 3).
 -define(SSH_CIPHER_AUTHFILE, ?SSH_CIPHER_3DES).
@@ -138,7 +126,8 @@
 	  userauth_quiet_mode,              %  boolean()
 	  userauth_supported_methods , %  
 	  userauth_methods,
-	  userauth_preference	  
+	  userauth_preference,
+	  available_host_keys
 	 }).
 
 -record(alg,
diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl
index 9dbd95886e..62d684f4dc 100644
--- a/lib/ssh/src/ssh_auth.erl
+++ b/lib/ssh/src/ssh_auth.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,8 +21,9 @@
 
 -module(ssh_auth).
 
--include("ssh.hrl").
+-include_lib("public_key/include/public_key.hrl").
 
+-include("ssh.hrl").
 -include("ssh_auth.hrl").
 -include("ssh_transport.hrl").
 
@@ -36,18 +37,21 @@
 %%--------------------------------------------------------------------
 %%% Internal application API
 %%--------------------------------------------------------------------
-publickey_msg([Cb, #ssh{user = User,
+publickey_msg([Alg, #ssh{user = User,
 		       session_id = SessionId,
 		       service = Service,
 		       opts = Opts} = Ssh]) ->
+
+    Hash = sha, %% Maybe option?!
     ssh_bits:install_messages(userauth_pk_messages()),
-    Alg = Cb:alg_name(),
-    case ssh_file:private_identity_key(Alg, Opts) of
-	{ok, PrivKey} ->
-	    PubKeyBlob = ssh_file:encode_public_key(PrivKey),
+    KeyCb = proplists:get_value(key_cb, Opts, ssh_file),
+
+    case KeyCb:user_key(Alg, Opts) of
+	{ok, Key} ->
+	    PubKeyBlob = encode_public_key(Key),
 	    SigData = build_sig_data(SessionId, 
-				     User, Service, Alg, PubKeyBlob),
-	    Sig = Cb:sign(PrivKey, SigData),
+				     User, Service, PubKeyBlob, Alg),
+	    Sig = ssh_transport:sign(SigData, Hash, Key),
 	    SigBlob = list_to_binary([?string(Alg), ?binary(Sig)]),
 	    ssh_transport:ssh_packet(
 	      #ssh_msg_userauth_request{user = User,
@@ -58,8 +62,8 @@ publickey_msg([Cb, #ssh{user = User,
 						?binary(PubKeyBlob),
 						?binary(SigBlob)]},
 	      Ssh);
-	_Error ->
-	  not_ok
+     	_Error ->
+	    not_ok
     end.
 
 password_msg([#ssh{opts = Opts, io_cb = IoCb,
@@ -67,29 +71,43 @@ password_msg([#ssh{opts = Opts, io_cb = IoCb,
     ssh_bits:install_messages(userauth_passwd_messages()),
     Password = case proplists:get_value(password, Opts) of
 		   undefined -> 
-		       IoCb:read_password("ssh password: ");
+		       user_interaction(Opts, IoCb);
 		   PW -> 
 		       PW
 	       end,
-    ssh_transport:ssh_packet(
-      #ssh_msg_userauth_request{user = User,
-				service = Service,
-				method = "password",
-				data =
-				<<?BOOLEAN(?FALSE),
-				 ?STRING(list_to_binary(Password))>>},
-      Ssh).
+    case Password of
+	not_ok ->
+	    not_ok;
+	_  ->
+	    ssh_transport:ssh_packet(
+	      #ssh_msg_userauth_request{user = User,
+					service = Service,
+					method = "password",
+					data =
+					    <<?BOOLEAN(?FALSE),
+					      ?STRING(list_to_binary(Password))>>},
+	      Ssh)
+    end.
+
+user_interaction(Opts, IoCb) ->
+    case proplists:get_value(allow_user_interaction, Opts, true) of
+	true ->
+	    IoCb:read_password("ssh password: ");
+	false ->
+	    not_ok
+    end.
+
 
 %% See RFC 4256 for info on keyboard-interactive
 keyboard_interactive_msg([#ssh{user = User,
-			      service = Service} = Ssh]) ->
+			       service = Service} = Ssh]) ->
     ssh_bits:install_messages(userauth_keyboard_interactive_messages()),
     ssh_transport:ssh_packet(
       #ssh_msg_userauth_request{user = User,
 				service = Service,
 				method = "keyboard-interactive",
 				data = << ?STRING(<<"">>),
-					?STRING(<<>>) >> }, 
+					  ?STRING(<<>>) >> },
       Ssh).
 
 service_request_msg(Ssh) ->
@@ -103,12 +121,12 @@ init_userauth_request_msg(#ssh{opts = Opts} = Ssh) ->
 					    service = "ssh-connection",
 					    method = "none",
 					    data = <<>>},
-	    CbFirst = proplists:get_value(public_key_alg, Opts, 
-					  ?PREFERRED_PK_ALG),
-	    CbSecond = other_cb(CbFirst),
+	    FirstAlg = algorithm(proplists:get_value(public_key_alg, Opts,
+					  ?PREFERRED_PK_ALG)),
+	    SecondAlg = other_alg(FirstAlg),
 	    AllowUserInt =  proplists:get_value(allow_user_interaction, Opts,
 						true),
-	    Prefs = method_preference(CbFirst, CbSecond, AllowUserInt),
+	    Prefs = method_preference(FirstAlg, SecondAlg, AllowUserInt),
 	    ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User,
 					    userauth_preference = Prefs,
 					    userauth_methods = none,
@@ -192,12 +210,12 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User,
 	?TRUE ->
 	    case verify_sig(SessionId, User, "ssh-connection", Alg,
 			    KeyBlob, SigWLen, Opts) of
-		ok ->
+		true ->
 		    {authorized, User, 
 		     ssh_transport:ssh_packet(
 		       #ssh_msg_userauth_success{}, Ssh)};
-		{error, Reason} ->
-		    {not_authorized, {User, {error, Reason}}, 
+		false ->
+		    {not_authorized, {User, {error, "Invalid signature"}}, 
 		     ssh_transport:ssh_packet(#ssh_msg_userauth_failure{
 			     authentications="publickey,password",
 			     partial_success = false}, Ssh)}
@@ -228,7 +246,6 @@ handle_userauth_info_request(
     PromptInfos = decode_keyboard_interactive_prompts(NumPrompts,Data),
     Resps = keyboard_interact_get_responses(IoCb, Opts,
 					    Name, Instr, PromptInfos),
-    %%?dbg(true, "keyboard_interactive_reply: resps=~n#~p ~n", [Resps]),
     RespBin = list_to_binary(
 		lists:map(fun(S) -> <<?STRING(list_to_binary(S))>> end,
 			  Resps)),
@@ -263,15 +280,15 @@ userauth_messages() ->
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
-method_preference(Callback1, Callback2, true) ->
-    [{"publickey", ?MODULE, publickey_msg, [Callback1]},
-     {"publickey", ?MODULE, publickey_msg,[Callback2]},
+method_preference(Alg1, Alg2, true) ->
+    [{"publickey", ?MODULE, publickey_msg, [Alg1]},
+     {"publickey", ?MODULE, publickey_msg,[Alg2]},
      {"password", ?MODULE, password_msg, []},
      {"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []}
     ];
-method_preference(Callback1, Callback2, false) ->
-    [{"publickey", ?MODULE, publickey_msg, [Callback1]},
-     {"publickey", ?MODULE, publickey_msg,[Callback2]},
+method_preference(Alg1, Alg2, false) ->
+    [{"publickey", ?MODULE, publickey_msg, [Alg1]},
+     {"publickey", ?MODULE, publickey_msg,[Alg2]},
      {"password", ?MODULE, password_msg, []}
     ].
 
@@ -295,7 +312,6 @@ user_name(Opts) ->
     end.
 
 check_password(User, Password, Opts) ->
-    %%?dbg(true, " ~p ~p ~p ~n", [User, Password, Opts]),
     case proplists:get_value(pwdfun, Opts) of
 	undefined ->
 	    Static = get_password_option(Opts, User),
@@ -312,25 +328,22 @@ get_password_option(Opts, User) ->
     end.
 	    
 verify_sig(SessionId, User, Service, Alg, KeyBlob, SigWLen, Opts) ->
-    case ssh_file:lookup_user_key(User, Alg, Opts) of
-	{ok, OurKey} ->
-	    {ok, Key} = ssh_file:decode_public_key_v2(KeyBlob, Alg),
-	    case OurKey of
-		Key ->
-		    NewSig = build_sig_data(SessionId, 
-					    User, Service, Alg, KeyBlob),
-		    <<?UINT32(AlgSigLen), AlgSig:AlgSigLen/binary>> = SigWLen,
-		    <<?UINT32(AlgLen), _Alg:AlgLen/binary,
-		     ?UINT32(SigLen), Sig:SigLen/binary>> = AlgSig,
-		    M = alg_to_module(Alg),
-		    M:verify(OurKey, NewSig, Sig);
-		_ ->
-		    {error, key_unacceptable}
-	    end;
-	Error -> Error
+    {ok, Key} = decode_public_key_v2(KeyBlob, Alg),
+    KeyCb =  proplists:get_value(key_cb, Opts, ssh_file),
+
+    case KeyCb:is_auth_key(Key, User, Alg, Opts) of
+	true ->
+	    PlainText = build_sig_data(SessionId, User,
+				       Service, KeyBlob, Alg),
+	    <<?UINT32(AlgSigLen), AlgSig:AlgSigLen/binary>> = SigWLen,
+	    <<?UINT32(AlgLen), _Alg:AlgLen/binary,
+	      ?UINT32(SigLen), Sig:SigLen/binary>> = AlgSig,
+	    ssh_transport:verify(PlainText, sha, Sig, Key);
+	false ->
+	    {error, key_unacceptable}
     end.
 
-build_sig_data(SessionId, User, Service, Alg, KeyBlob) ->
+build_sig_data(SessionId, User, Service, KeyBlob, Alg) ->
     Sig = [?binary(SessionId),
 	   ?SSH_MSG_USERAUTH_REQUEST,
 	   ?string(User),
@@ -341,6 +354,11 @@ build_sig_data(SessionId, User, Service, Alg, KeyBlob) ->
 	   ?binary(KeyBlob)],
     list_to_binary(Sig).
 
+algorithm(ssh_rsa) ->
+    "ssh-rsa";
+algorithm(ssh_dsa) ->
+     "ssh-dss".
+
 decode_keyboard_interactive_prompts(NumPrompts, Data) ->
     Types = lists:append(lists:duplicate(NumPrompts, [string, boolean])),
     pairwise_tuplify(ssh_bits:decode(Data, Types)).
@@ -412,12 +430,28 @@ userauth_pk_messages() ->
 	binary]} % key blob
      ].
 
-alg_to_module("ssh-dss") ->
-    ssh_dsa;
-alg_to_module("ssh-rsa") ->
-    ssh_rsa.
-
-other_cb(ssh_rsa) -> 
-    ssh_dsa;
-other_cb(ssh_dsa) -> 
-    ssh_rsa.
+other_alg("ssh-rsa") ->
+    "ssh-dss";
+other_alg("ssh-dss") ->
+    "ssh-rsa".
+decode_public_key_v2(K_S, "ssh-rsa") ->
+    case ssh_bits:decode(K_S,[string,mpint,mpint]) of
+	["ssh-rsa", E, N] ->
+	    {ok, #'RSAPublicKey'{publicExponent = E, modulus = N}};
+	_ ->
+	    {error, bad_format}
+    end;
+decode_public_key_v2(K_S, "ssh-dss") ->
+     case ssh_bits:decode(K_S,[string,mpint,mpint,mpint,mpint]) of
+	 ["ssh-dss",P,Q,G,Y] ->
+	     {ok, {Y, #'Dss-Parms'{p = P, q = Q, g = G}}};
+	 _ ->
+	     {error, bad_format}
+     end;
+decode_public_key_v2(_, _) ->
+    {error, bad_format}.
+
+encode_public_key(#'RSAPrivateKey'{publicExponent = E, modulus = N}) ->
+    ssh_bits:encode(["ssh-rsa",E,N], [string,mpint,mpint]);
+encode_public_key(#'DSAPrivateKey'{p = P, q = Q, g = G, y = Y}) ->
+    ssh_bits:encode(["ssh-dss",P,Q,G,Y], [string,mpint,mpint,mpint,mpint]).
diff --git a/lib/ssh/src/ssh_bits.erl b/lib/ssh/src/ssh_bits.erl
index 3f0a06575c..5841f06d70 100644
--- a/lib/ssh/src/ssh_bits.erl
+++ b/lib/ssh/src/ssh_bits.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -105,16 +105,12 @@ bignum(X) ->
 
 install_messages(Codes) ->
     foreach(fun({Name, Code, Ts}) ->
-		   %%  ?dbg(true, "install msg: ~s = ~w ~w~n", 
-%% 			 [Name,Code,Ts]),
 		    put({msg_name,Code}, {Name,Ts}),
 		    put({msg_code,Name}, {Code,Ts})
 	    end, Codes).
 
 uninstall_messages(Codes) ->
     foreach(fun({Name, Code, _Ts}) ->
-		  %%   ?dbg(true, "uninstall msg: ~s = ~w ~w~n", 
-%% 			 [Name,Code,_Ts]),
 		    erase({msg_name,Code}),
 		    erase({msg_code,Name})
 	    end, Codes).
diff --git a/lib/ssh/src/ssh_channel.erl b/lib/ssh/src/ssh_channel.erl
index dcb2d69290..7b600ed8b2 100644
--- a/lib/ssh/src/ssh_channel.erl
+++ b/lib/ssh/src/ssh_channel.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,10 +23,23 @@
 
 -include("ssh_connect.hrl").
 
+%%% Optional callbacks handle_call/3, handle_cast/2, handle_msg/2,
+%%% code_change/3
+%% Should be further specified later
+-callback init(Options::list()) ->
+    {ok, State::term()} | {ok, State::term(), Timeout::timeout()} | 
+    {stop, Reason ::term()}. 
+
+-callback terminate(term(), term()) -> term().
+
+-callback handle_ssh_msg({ssh_cm, ConnectionRef::term(), SshMsg::term()}, 
+ 			 State::term()) -> {ok, State::term()} | 
+ 					   {stop, ChannelId::integer(), 
+ 					    State::term()}.
 -behaviour(gen_server).
 
 %%% API
--export([behaviour_info/1, start/4, start/5, start_link/4, start_link/5, call/2, call/3,
+-export([start/4, start/5, start_link/4, start_link/5, call/2, call/3,
 	 cast/2, reply/2, enter_loop/1]).
 
 %% gen_server callbacks
@@ -50,17 +63,6 @@
 %% API
 %%====================================================================
 
-%%% Optionel callbacks handle_call/3, handle_cast/2, handle_msg/2,
-%%% code_change/3
-behaviour_info(callbacks) ->
-    [
-     {init, 1}, 
-     {terminate, 2}, 
-     {handle_ssh_msg, 2},
-     {handle_msg, 2}
-     ].
-
-
 call(ChannelPid, Msg) ->
     call(ChannelPid, Msg, infinity).
 
diff --git a/lib/ssh/src/ssh_connect.hrl b/lib/ssh/src/ssh_connect.hrl
index 34d4ff8fc1..e06c9ea211 100644
--- a/lib/ssh/src/ssh_connect.hrl
+++ b/lib/ssh/src/ssh_connect.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl
index 7b9e9185bf..cb02d7b824 100644
--- a/lib/ssh/src/ssh_connection.erl
+++ b/lib/ssh/src/ssh_connection.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -722,8 +722,6 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId,
 				    request_type = _Other,
 				    want_reply = WantReply}, Connection,
 	   ConnectionPid, _) ->
-    ?dbg(true, "ssh_msg ssh_msg_channel_request: Other=~p\n",
-	 [_Other]),
     if WantReply == true ->
 	    FailMsg = channel_failure_msg(ChannelId),
 	    {{replies, [{connection_reply, ConnectionPid, FailMsg}]}, 
diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl
index 00b30e5434..9079089d5d 100644
--- a/lib/ssh/src/ssh_connection_handler.erl
+++ b/lib/ssh/src/ssh_connection_handler.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -637,16 +637,18 @@ init_ssh(client = Role, Vsn, Version, Options, Socket) ->
     {ok, PeerAddr} = inet:peername(Socket),
     
     PeerName =  proplists:get_value(host, Options),
+    KeyCb =  proplists:get_value(key_cb, Options, ssh_file),
 
     #ssh{role = Role,
 	 c_vsn = Vsn,
 	 c_version = Version,
-	 key_cb = proplists:get_value(key_cb, Options, ssh_file),
+	 key_cb = KeyCb,
 	 io_cb = IOCb,
 	 userauth_quiet_mode = proplists:get_value(quiet_mode, Options, false),
 	 opts = Options,
 	 userauth_supported_methods = AuthMethods,
-	 peer = {PeerName, PeerAddr}
+	 peer = {PeerName, PeerAddr},
+	 available_host_keys = supported_host_keys(Role, KeyCb, Options)
 	};
 
 init_ssh(server = Role, Vsn, Version, Options, Socket) ->
@@ -654,17 +656,48 @@ init_ssh(server = Role, Vsn, Version, Options, Socket) ->
     AuthMethods = proplists:get_value(auth_methods, Options, 
 				      ?SUPPORTED_AUTH_METHODS),
     {ok, PeerAddr} = inet:peername(Socket),
-    
+    KeyCb =  proplists:get_value(key_cb, Options, ssh_file),
+
     #ssh{role = Role,
 	 s_vsn = Vsn,
 	 s_version = Version,
-	 key_cb = proplists:get_value(key_cb, Options, ssh_file),
+	 key_cb = KeyCb,
 	 io_cb = proplists:get_value(io_cb, Options, ssh_io),
 	 opts = Options,
 	 userauth_supported_methods = AuthMethods,
-	 peer = {undefined, PeerAddr}
+	 peer = {undefined, PeerAddr},
+	 available_host_keys = supported_host_keys(Role, KeyCb, Options)
 	 }.
 
+supported_host_keys(client, _, _) ->
+    ["ssh-rsa", "ssh-dss"];
+supported_host_keys(server, KeyCb, Options) ->
+    lists:foldl(fun(Type, Acc) ->
+			case available_host_key(KeyCb, Type, Options) of
+			    {error, _} ->
+				Acc;
+			    Alg ->
+				[Alg | Acc]
+			end
+		end, [],
+		%% Prefered alg last so no need to reverse
+		["ssh-dss", "ssh-rsa"]).
+
+available_host_key(KeyCb, "ssh-dss"= Alg, Opts) ->
+    case KeyCb:host_key('ssh-dss', Opts) of
+	{ok, _} ->
+	    Alg;
+	Other ->
+	    Other
+    end;
+available_host_key(KeyCb, "ssh-rsa" = Alg, Opts) ->
+    case KeyCb:host_key('ssh-rsa', Opts) of
+	{ok, _} ->
+	    Alg;
+	Other ->
+	    Other
+    end.
+
 send_msg(Msg, #state{socket = Socket, transport_cb = Transport}) ->
     Transport:send(Socket, Msg).
 
diff --git a/lib/ssh/src/ssh_connection_manager.erl b/lib/ssh/src/ssh_connection_manager.erl
index 9bfd5270da..f729276e65 100644
--- a/lib/ssh/src/ssh_connection_manager.erl
+++ b/lib/ssh/src/ssh_connection_manager.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -144,7 +144,7 @@ adjust_window(ConnectionManager, Channel, Bytes) ->
     cast(ConnectionManager, {adjust_window, Channel, Bytes}).
 
 close(ConnectionManager, ChannelId) ->
-    try   call(ConnectionManager, {close, ChannelId}) of
+    try call(ConnectionManager, {close, ChannelId}) of
 	  ok ->
 	    ok;
 	  {error, channel_closed} ->
@@ -604,6 +604,8 @@ call(Pid, Msg, Timeout) ->
 	exit:{timeout, _} ->
 	    {error, timeout};
 	exit:{normal, _} ->
+	    {error, channel_closed};
+	exit:{noproc,_} ->
 	    {error, channel_closed}
     end.
 
diff --git a/lib/ssh/src/ssh_dsa.erl b/lib/ssh/src/ssh_dsa.erl
deleted file mode 100644
index 1b9a396f0c..0000000000
--- a/lib/ssh/src/ssh_dsa.erl
+++ /dev/null
@@ -1,95 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-
-%%% Description: dsa public-key sign and verify
-
--module(ssh_dsa).
-
--export([verify/3]).
--export([sign/2]).
--export([alg_name/0]).
-
--include("ssh.hrl").
-
-%% start() ->
-%%     crypto:start().
-
-%% sign_file(File, Opts) ->
-%%     start(),
-%%     {ok,Bin} = file:read_file(File),
-%%     {ok,Key} = ssh_file:private_host_dsa_key(user, Opts),
-%%     sign(Key, Bin).
-
-%% verify_file(File, Sig) ->
-%%     start(),
-%%     {ok,Bin} = file:read_file(File),
-%%     {ok,Key} = ssh_file:public_host_key(user, dsa),
-%%     verify(Key, Bin, Sig).
-
-sign(_Private=#ssh_key { private={P,Q,G,X} },Mb) ->
-    K = ssh_bits:irandom(160) rem Q,
-    R = ssh_math:ipow(G, K, P) rem Q,
-    Ki = ssh_math:invert(K, Q),
-    <<M:160/big-unsigned-integer>> = crypto:sha(Mb),
-    S = (Ki * (M + X*R)) rem Q,
-    <<R:160/big-unsigned-integer, S:160/big-unsigned-integer>>.
-
-
-%% the paramiko client sends a bad sig sometimes, 
-%% instead of crashing, we nicely return error, the
-%% typcally manifests itself as Sb being 39 bytes
-%% instead of 40.
-
-verify(Public, Mb, Sb) ->
-    case catch xverify(Public, Mb, Sb) of
-	{'EXIT', _Reason} ->
-            %store({Public, Mb, Sb, _Reason}),
-	    {error, inconsistent_key};
-	ok ->
-  	    %store({Public, Mb, Sb, ok})
-	    ok
-    end.
-
-%% store(Term) ->
-%%     {ok, Fd} = file:open("/tmp/dsa", [append]),
-%%     io:format(Fd, "~p~n~n~n", [Term]),
-%%     file:close(Fd).
-
-
-xverify(_Public=#ssh_key { public={P,Q,G,Y} },Mb,Sb) ->
-    <<R0:160/big-unsigned-integer, S0:160/big-unsigned-integer>> = Sb,
-    ?ssh_assert(R0 >= 0 andalso R0 < Q andalso
-		S0 >= 0 andalso S0 < Q, out_of_range),
-    W = ssh_math:invert(S0,Q),
-    <<M0:160/big-unsigned-integer>> = crypto:sha(Mb),
-    U1 = (M0*W) rem Q,
-    U2 = (R0*W) rem Q,
-    T1 = ssh_math:ipow(G,U1,P),
-    T2 = ssh_math:ipow(Y,U2,P),
-    V = ((T1*T2) rem P) rem Q,
-    if V == R0 ->
-	    ok;
-       true ->
-	    {error, inconsistent_key}
-    end.
-
-alg_name() ->
-    "ssh-dss".
diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl
index 12180f56bb..d05fa8e09a 100644
--- a/lib/ssh/src/ssh_file.erl
+++ b/lib/ssh/src/ssh_file.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,80 +23,98 @@
 
 -module(ssh_file).
 
--include("ssh.hrl").
--include("PKCS-1.hrl").
--include("DSS.hrl").
+-behaviour(ssh_key_api).
 
+-include_lib("public_key/include/public_key.hrl").
 -include_lib("kernel/include/file.hrl").
 
--export([public_host_dsa_key/2,private_host_dsa_key/2,
-	 public_host_rsa_key/2,private_host_rsa_key/2,
-	 public_host_key/2,private_host_key/2,
-	 lookup_host_key/3, add_host_key/3, % del_host_key/2,
-	 lookup_user_key/3, ssh_dir/2, file_name/3]).
-
--export([private_identity_key/2, 
-	 public_identity_key/2]).
-%% 	 identity_keys/2]).
-
--export([encode_public_key/1, decode_public_key_v2/2]).
+-include("ssh.hrl").
 
--import(lists, [reverse/1, append/1]).
+-export([host_key/2,
+	 user_key/2,
+	 is_host_key/4,
+	 add_host_key/3,
+	 is_auth_key/4]).
 
--define(DBG_PATHS, true).
 
 -define(PERM_700, 8#700).
 -define(PERM_644, 8#644).
 
+
 %% API
-public_host_dsa_key(Type, Opts) ->
-    File = file_name(Type, "ssh_host_dsa_key.pub", Opts),
-    read_public_key_v2(File, "ssh-dss").
-
-private_host_dsa_key(Type, Opts) ->
-    File = file_name(Type, "ssh_host_dsa_key", Opts),
-    read_private_key_v2(File, "ssh-dss").
-
-public_host_rsa_key(Type, Opts) ->
-    File = file_name(Type, "ssh_host_rsa_key.pub", Opts),
-    read_public_key_v2(File, "ssh-rsa").
-
-private_host_rsa_key(Type, Opts) ->
-    File = file_name(Type, "ssh_host_rsa_key", Opts),
-    read_private_key_v2(File, "ssh-rsa").
-
-public_host_key(Type, Opts) ->
-    File = file_name(Type, "ssh_host_key", Opts),
-    case read_private_key_v1(File,public) of
-	{error, enoent} ->	
-	    read_public_key_v1(File++".pub");
-	Result ->
-	    Result
-    end.
-	    
 
-private_host_key(Type, Opts) ->
-    File = file_name(Type, "ssh_host_key", Opts),
-    read_private_key_v1(File,private).
+%% Used by server
+host_key(Algorithm, Opts) ->
+    File = file_name(system, file_base_name(Algorithm), Opts),
+    %% We do not expect host keys to have pass phrases
+    %% so probably we could hardcod Password = ignore, but
+    %% we keep it as an undocumented option for now.
+    Password = proplists:get_value(identity_pass_phrase(Algorithm), Opts, ignore),
+    decode(File, Password).
 
 
+is_auth_key(Key, User, Alg, Opts) ->
+    case lookup_user_key(Key, User, Alg, Opts) of
+	{ok, Key} ->
+	    true;
+	_ ->
+	    false
+    end.
 
-%% in: "host" out: "host,1.2.3.4.
-add_ip(Host)                                                             ->
-    case inet:getaddr(Host, inet) of
-	{ok, Addr} ->
-	    case ssh_connection:encode_ip(Addr) of
-		false -> Host;
-		IPString -> Host ++ "," ++ IPString
-	    end;
-	_ -> Host
-    end.    
 
-replace_localhost("localhost") ->
-    {ok, Hostname} = inet:gethostname(),
-    Hostname;
-replace_localhost(Host) ->
-    Host.
+%% Used by client
+is_host_key(Key, PeerName, Algorithm, Opts) ->
+    case lookup_host_key(PeerName, Algorithm, Opts) of
+	{ok, Key} ->
+	    true;
+	_ ->
+	    false
+    end.
+
+user_key(Algorithm, Opts) ->
+    File = file_name(user, identity_key_filename(Algorithm), Opts),
+    Password = proplists:get_value(identity_pass_phrase(Algorithm), Opts, ignore),
+    decode(File, Password).
+
+
+%% Internal functions %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+file_base_name('ssh-rsa') ->
+    "ssh_host_rsa_key";
+file_base_name('ssh-dss') ->
+    "ssh_host_dsa_key";
+file_base_name(_) ->
+    "ssh_host_key".
+
+decode(File, Password) ->
+    try 
+	{ok, decode_ssh_file(read_ssh_file(File), Password)}
+    catch 
+	throw:Reason ->
+	    {error, Reason};
+	error:Reason ->
+	    {error, Reason}
+    end.      
+
+read_ssh_file(File) ->
+    {ok, Bin} = file:read_file(File),
+    Bin.
+
+%% Public key
+decode_ssh_file(SshBin, public_key) ->
+    public_key:ssh_decode(SshBin, public_key);
+
+%% Private Key
+decode_ssh_file(Pem, Password) ->
+    case public_key:pem_decode(Pem) of
+	[{_, _, not_encrypted} = Entry]  -> 
+	    public_key:pem_entry_decode(Entry);
+	[Entry] when Password =/= ignore ->
+	    public_key:pem_entry_decode(Entry, Password);
+	 _ ->
+	    throw("No pass phrase provided for private key file")
+    end.
+    
 
 %% lookup_host_key
 %% return {ok, Key(s)} or {error, not_found}
@@ -106,15 +124,6 @@ lookup_host_key(Host, Alg, Opts) ->
     Host1 = replace_localhost(Host),
     do_lookup_host_key(Host1, Alg, Opts).
 	    
-do_lookup_host_key(Host, Alg, Opts) ->
-    case file:open(file_name(user, "known_hosts", Opts), [read]) of
-	{ok, Fd} ->
-	    Res = lookup_host_key_fd(Fd, Host, Alg),
-	    file:close(Fd),
-	    Res;
-	{error, enoent} -> {error, not_found};
-	Error -> Error
-    end.
 
 add_host_key(Host, Key, Opts) ->
     Host1 = add_ip(replace_localhost(Host)),
@@ -129,383 +138,16 @@ add_host_key(Host, Key, Opts) ->
    	    Error
     end.
 
-%% del_host_key(Host, Opts) ->
-%%     Host1 = replace_localhost(Host),
-%%     case file:open(file_name(user, "known_hosts", Opts),[write,read]) of
-%% 	{ok, Fd} ->
-%% 	    Res = del_key_fd(Fd, Host1),
-%% 	    file:close(Fd),
-%% 	    Res;
-%% 	Error ->
-%% 	    Error
-%%     end.
-
-identity_key_filename("ssh-dss") -> "id_dsa";
-identity_key_filename("ssh-rsa") -> "id_rsa".
-
-private_identity_key(Alg, Opts) ->
-    Path = file_name(user, identity_key_filename(Alg), Opts),
-    read_private_key_v2(Path, Alg).
-
-public_identity_key(Alg, Opts) ->
-    Path = file_name(user, identity_key_filename(Alg) ++ ".pub", Opts),
-    read_public_key_v2(Path, Alg).
-
-
-read_public_key_v2(File, Type) ->
-    case file:read_file(File) of
-	{ok,Bin} ->
-	    List = binary_to_list(Bin),
-	    case lists:prefix(Type, List) of
-		true ->
-		    List1 = lists:nthtail(length(Type), List),
-		    K_S = ssh_bits:b64_decode(List1),
-		    decode_public_key_v2(K_S, Type);
-		false ->
-		    {error, bad_format}
-	    end;
-	Error ->
-	    Error
-    end.
-
-decode_public_key_v2(K_S, "ssh-rsa") ->
-    case ssh_bits:decode(K_S,[string,mpint,mpint]) of
-	["ssh-rsa", E, N] ->
-	    {ok, #ssh_key { type = rsa,
-			    public = {N,E},
-			    comment=""}};
-	_ ->
-	    {error, bad_format}
-    end;
-decode_public_key_v2(K_S, "ssh-dss") ->
-    case ssh_bits:decode(K_S,[string,mpint,mpint,mpint,mpint]) of
-	["ssh-dss",P,Q,G,Y] ->
-	    {ok,#ssh_key { type = dsa,
-			   public = {P,Q,G,Y}
-			  }};
-	_A ->
-	    {error, bad_format}
-    end;
-decode_public_key_v2(_, _) ->
-    {error, bad_format}.
-    
-
-read_public_key_v1(File) ->
-    case file:read_file(File) of
-	{ok,Bin} ->
-	    List = binary_to_list(Bin),
-	    case io_lib:fread("~d ~d ~d ~s", List) of
-		{ok,[_Sz,E,N,Comment],_} ->
-		    {ok,#ssh_key { type = rsa,
-				   public ={N,E},
-				   comment = Comment }};
-		_Error ->
-		    {error, bad_format}
-	    end;
-	Error ->
-	    Error
-    end.
-
-%% pem_type("ssh-dss") -> "DSA";
-%% pem_type("ssh-rsa") -> "RSA".
-
-read_private_key_v2(File, Type) ->
-    case file:read_file(File) of
-        {ok, PemBin} ->
-            case catch (public_key:pem_decode(PemBin)) of
-                [{_, Bin, not_encrypted}] ->
-                    decode_private_key_v2(Bin, Type);
-                Error -> %% Note we do not handle password encrypted keys at the moment
-                    {error, Error}
-            end;
-        {error, Reason} ->
-            {error, Reason}
-    end.
-%%  case file:read_file(File) of
-%% 	{ok,Bin} ->
-%% 	    case read_pem(binary_to_list(Bin), pem_type(Type)) of
-%% 		{ok,Bin1} ->
-%% 		    decode_private_key_v2(Bin1, Type);
-%% 		Error ->
-%% 		    Error
-%% 	    end;
-%% 	Error ->
-%% 	    Error
-%%     end.
-
-decode_private_key_v2(Private,"ssh-rsa") ->
-    case 'PKCS-1':decode( 'RSAPrivateKey', Private) of
-	{ok,RSA} -> %% FIXME Check for two-prime version
-	    {ok, #ssh_key { type = rsa,
-			    public = {RSA#'RSAPrivateKey'.modulus,
-				      RSA#'RSAPrivateKey'.publicExponent},
-			    private = {RSA#'RSAPrivateKey'.modulus,
-				       RSA#'RSAPrivateKey'.privateExponent}
-			    }};
-	Error ->
-	    Error
-    end;
-decode_private_key_v2(Private, "ssh-dss") ->
-    case 'DSS':decode('DSAPrivateKey', Private) of
-	{ok,DSA} -> %% FIXME Check for two-prime version
-	    {ok, #ssh_key { type = dsa,
-			    public = {DSA#'DSAPrivateKey'.p,
-				      DSA#'DSAPrivateKey'.q,
-				      DSA#'DSAPrivateKey'.g,
-				      DSA#'DSAPrivateKey'.y},
-			    private= {DSA#'DSAPrivateKey'.p,
-				      DSA#'DSAPrivateKey'.q,
-				      DSA#'DSAPrivateKey'.g,
-				      DSA#'DSAPrivateKey'.x}
-			   }};
-	_ ->
-	    {error,bad_format}
-    end.
-
-%% SSH1 private key format
-%%  <<"SSH PRIVATE KEY FILE FORMATE 1.1\n" 0:8 
-%%    CipherNum:8, Reserved:32,
-%%    NSz/uint32, N/bignum, E/bignum, Comment/string,
-%%
-%% [ R0:8 R1:8 R0:8 R1:8, D/bignum, IQMP/bignum, Q/bignum, P/bignum, Pad(8)]>>
-%%
-%% where [ ] is encrypted using des3 (ssh1 version) and
-%% a posssibly empty pass phrase using md5(passphase) as key
-%% 
-
-read_private_key_v1(File, Type) ->
-    case file:read_file(File) of
-	{ok,<<"SSH PRIVATE KEY FILE FORMAT 1.1\n",0,
-	     CipherNum,_Resereved:32,Bin/binary>>} ->
-	    decode_private_key_v1(Bin, CipherNum,Type);
-	{ok,_} ->
-	    {error, bad_format};
-	Error ->
-	    Error
-    end.
-
-decode_private_key_v1(Bin, CipherNum, Type) ->
-    case ssh_bits:decode(Bin,0,[uint32, bignum, bignum, string]) of
-	{Offset,[_NSz,N,E,Comment]} ->
-	    if Type == public ->
-		    {ok,#ssh_key { type=rsa,
-				   public={N,E},
-				   comment=Comment}};
-	       Type == private ->
-		    <<_:Offset/binary, Encrypted/binary>> = Bin,
-		    case ssh_bits:decode(decrypt1(Encrypted, CipherNum),0,
-					 [uint32, bignum, bignum, 
-					  bignum, bignum,{pad,8}]) of
-			{_,[_,D,IQMP,Q,P]} ->
-			    {ok,#ssh_key { type=rsa,
-					   public={N,E},
-					   private={D,IQMP,Q,P},
-					   comment=Comment}};
-			_ ->
-			    {error,bad_format}
-		    end
-	    end;
-	_ ->
-	    {error,bad_format}
-    end.
-
-
-decrypt1(Bin, CipherNum) ->
-    decrypt1(Bin, CipherNum,"").
-
-decrypt1(Bin, CipherNum, Phrase) ->
-    if CipherNum == ?SSH_CIPHER_NONE; Phrase == "" ->
-	    Bin;
-       CipherNum == ?SSH_CIPHER_3DES ->
-	    <<K1:8/binary, K2:8/binary>> = erlang:md5(Phrase),
-	    K3 = K1,
-	    IV = <<0,0,0,0,0,0,0,0>>,
-	    Bin1 = crypto:des_cbc_decrypt(K3,IV,Bin),
-	    Bin2 = crypto:des_cbc_encrypt(K2,IV,Bin1),
-	    crypto:des_cbc_decrypt(K1,IV,Bin2)
-    end.
-
-%% encrypt1(Bin, CipherNum) ->
-%%     encrypt1(Bin, CipherNum,"").
-
-%% encrypt1(Bin, CipherNum, Phrase) ->
-%%     if CipherNum == ?SSH_CIPHER_NONE; Phrase == "" ->
-%% 	    Bin;
-%%        CipherNum == ?SSH_CIPHER_3DES ->
-%% 	    <<K1:8/binary, K2:8/binary>> = erlang:md5(Phrase),
-%% 	    K3 = K1,
-%% 	    IV = <<0,0,0,0,0,0,0,0>>,
-%% 	    Bin1 = crypto:des_cbc_encrypt(K1,IV,Bin),
-%% 	    Bin2 = crypto:des_cbc_decrypt(K2,IV,Bin1),
-%% 	    crypto:des_cbc_encrypt(K3,IV,Bin2)
-%%     end.
-
-lookup_host_key_fd(Fd, Host, Alg) ->
-    case io:get_line(Fd, '') of
-	eof ->
-	    {error, not_found};
-	Line ->
-	    case string:tokens(Line, " ") of
-		[HostList, Alg, KeyData] ->
-%% 		    io:format(" ~p lookup_host_key_fd: HostList ~p Alg ~p KeyData ~p\n",
-%%			      [Host, HostList, Alg, KeyData]),
-		    case lists:member(Host, string:tokens(HostList, ",")) of
-			true ->
-			    decode_public_key_v2(ssh_bits:b64_decode(KeyData), Alg);
-			false ->
-			    lookup_host_key_fd(Fd, Host, Alg)
-		    end;
-		_ ->
-		    lookup_host_key_fd(Fd, Host, Alg)
-	    end
-    end.
-
-
-
-%% del_key_fd(Fd, Host) ->
-%%     del_key_fd(Fd, Host, 0, 0).
-
-%% del_key_fd(Fd, Host, ReadPos0, WritePos0) ->
-%%     case io:get_line(Fd, '') of
-%% 	eof ->
-%% 	    if ReadPos0 == WritePos0 ->
-%% 		    ok;
-%% 	       true ->
-%% 		    file:truncate(Fd)
-%% 	    end;
-%% 	Line ->
-%% 	    {ok,ReadPos1} = file:position(Fd, cur),
-%% 	    case string:tokens(Line, " ") of
-%% 		[HostList, _Type, _KeyData] ->
-%% 		    case lists:member(Host, string:tokens(HostList, ",")) of
-%% 			true ->
-%% 			    del_key_fd(Fd, Host, ReadPos1, WritePos0);
-%% 			false ->
-%% 			    if ReadPos0 == WritePos0 ->
-%% 				    del_key_fd(Fd, Host, ReadPos1, ReadPos1);
-%% 			       true ->
-%% 				    file:position(Fd, WritePos0),
-%% 				    file:write(Fd, Line),
-%% 				    {ok,WritePos1} = file:position(Fd,cur),
-%% 				    del_key_fd(Fd, Host, ReadPos1, WritePos1)
-%% 			    end
-%% 		    end;
-%% 		_ ->
-%% 		    if ReadPos0 == WritePos0 ->
-%% 			    del_key_fd(Fd, Host, ReadPos1, ReadPos1);
-%% 		       true ->
-%% 			    file:position(Fd, WritePos0),
-%% 			    file:write(Fd, Line),
-%% 			    {ok,WritePos1} = file:position(Fd,cur),
-%% 			    del_key_fd(Fd, Host, ReadPos1, WritePos1)
-%% 		    end		    
-%% 	    end
-%%     end.
-
-
-add_key_fd(Fd, Host, Key) ->
-    case Key#ssh_key.type of
-	rsa ->
-	    {N,E} = Key#ssh_key.public,
-	    DK = ssh_bits:b64_encode(
-		   ssh_bits:encode(["ssh-rsa",E,N],
-				   [string,mpint,mpint])),
-	    file:write(Fd, [Host, " ssh-rsa ", DK, "\n"]);
-	dsa ->
-	    {P,Q,G,Y} = Key#ssh_key.public,
-	    DK = ssh_bits:b64_encode(
-		   ssh_bits:encode(["ssh-dss",P,Q,G,Y],
-				   [string,mpint,mpint,mpint,mpint])),
-	    file:write(Fd, [Host, " ssh-dss ", DK, "\n"])
-    end.
-
-
-%% read_pem(Cs, Type) ->
-%%     case read_line(Cs) of
-%% 	{"-----BEGIN "++Rest,Cs1} ->
-%% 	    case string:tokens(Rest, " ") of
-%% 		[Type, "PRIVATE", "KEY-----"] ->
-%% 		    read_pem64(Cs1, [], Type);
-%% 		_ ->
-%% 		    {error, bad_format}
-%% 	    end;
-%% 	{"",Cs1} when Cs1 =/= "" ->
-%% 	    read_pem(Cs1,Type);
-%% 	{_,""} ->
-%% 	    {error, bad_format}
-%%     end.
-
-%% read_pem64(Cs, Acc, Type) ->
-%%     case read_line(Cs) of
-%% 	{"-----END "++Rest,_Cs1} ->
-%% 	    case string:tokens(Rest, " ") of
-%% 		[Type, "PRIVATE", "KEY-----"] ->
-%% 		    {ok,ssh_bits:b64_decode(append(reverse(Acc)))};
-%% 		Toks ->
-%% 		    error_logger:format("ssh: TOKENS=~p\n", [Toks]),
-%% 		    {error, bad_format}
-%% 	    end;
-%% 	{B64, Cs1} when Cs1 =/= "" ->
-%% 	    read_pem64(Cs1, [B64|Acc], Type);
-%% 	_What ->
-%% 	    {error, bad_format}
-%%     end.
-
-
-%% read_line(Cs) -> read_line(Cs,[]).
-%% read_line([$\r,$\n|T], Acc) -> {reverse(Acc), T};
-%% read_line([$\n|T], Acc) -> {reverse(Acc), T};
-%% read_line([C|T], Acc) -> read_line(T,[C|Acc]);
-%% read_line([], Acc) -> {reverse(Acc),[]}.
-
-lookup_user_key(User, Alg, Opts) ->
+lookup_user_key(Key, User, Alg, Opts) ->
     SshDir = ssh_dir({remoteuser,User}, Opts),
-    case lookup_user_key_f(User, SshDir, Alg, "authorized_keys", Opts) of
+    case lookup_user_key_f(Key, User, SshDir, Alg, "authorized_keys", Opts) of
 	{ok, Key} ->
 	    {ok, Key};
 	_ ->
-	    lookup_user_key_f(User, SshDir, Alg,  "authorized_keys2", Opts)
-    end.
-
-lookup_user_key_f(_User, [], _Alg, _F, _Opts) ->
-    {error, nouserdir};
-lookup_user_key_f(_User, nouserdir, _Alg, _F, _Opts) ->
-    {error, nouserdir};
-lookup_user_key_f(_User, Dir, Alg, F, _Opts) ->
-    FileName = filename:join(Dir, F),
-    case file:open(FileName, [read]) of
-	{ok, Fd} ->
-	    Res = lookup_user_key_fd(Fd, Alg),
-	    file:close(Fd),
-	    Res;
-	{error, Reason} ->
-	    {error, {{openerr, Reason}, {file, FileName}}}
-    end.
-
-lookup_user_key_fd(Fd, Alg) ->
-    case io:get_line(Fd, '') of
-	eof ->
-	    {error, not_found};
-	Line ->
-	    case string:tokens(Line, " ") of
-		[Alg, KeyData, _] ->
-		    %% 		    io:format("lookup_user_key_fd: HostList ~p Alg ~p KeyData ~p\n",
-		    %% 			      [HostList, Alg, KeyData]),
-		    decode_public_key_v2(ssh_bits:b64_decode(KeyData), Alg);
-		_Other ->
-		    %%?dbg(false, "key_fd Other: ~w ~w\n", [Alg, _Other]),
-		    lookup_user_key_fd(Fd, Alg)
-	    end
+	    lookup_user_key_f(Key, User, SshDir, Alg,  "authorized_keys2", Opts)
     end.
 
 
-encode_public_key(#ssh_key{type = rsa, public = {N, E}}) ->
-    ssh_bits:encode(["ssh-rsa",E,N],
-		    [string,mpint,mpint]);
-encode_public_key(#ssh_key{type = dsa, public = {P,Q,G,Y}}) ->
-    ssh_bits:encode(["ssh-dss",P,Q,G,Y],
-		    [string,mpint,mpint,mpint,mpint]).
-
 %%
 %% Utils
 %%
@@ -537,11 +179,130 @@ ssh_dir(user, Opts) ->
 ssh_dir(system, Opts) ->
     proplists:get_value(system_dir, Opts, "/etc/ssh").
 
+
 file_name(Type, Name, Opts) ->
     FN = filename:join(ssh_dir(Type, Opts), Name),
-    %%?dbg(?DBG_PATHS, "file_name: ~p\n", [FN]),
     FN.
 
+
+
+%% in: "host" out: "host,1.2.3.4.
+add_ip(Host)                                                             ->
+    case inet:getaddr(Host, inet) of
+	{ok, Addr} ->
+	    case ssh_connection:encode_ip(Addr) of
+		false -> Host;
+		IPString -> Host ++ "," ++ IPString
+	    end;
+	_ -> Host
+    end.    
+
+replace_localhost("localhost") ->
+    {ok, Hostname} = inet:gethostname(),
+    Hostname;
+replace_localhost(Host) ->
+    Host.
+
+do_lookup_host_key(Host, Alg, Opts) ->
+    case file:open(file_name(user, "known_hosts", Opts), [read, binary]) of
+	{ok, Fd} ->
+	    Res = lookup_host_key_fd(Fd, Host, Alg),
+	    file:close(Fd),
+	    {ok, Res};
+	{error, enoent} -> {error, not_found};
+	Error -> Error
+    end.
+
+identity_key_filename("ssh-dss") ->
+    "id_dsa";
+identity_key_filename("ssh-rsa") ->
+    "id_rsa".
+
+identity_pass_phrase("ssh-dss") ->
+    dsa_pass_phrase;
+identity_pass_phrase('ssh-dss') ->
+    dsa_pass_phrase;
+identity_pass_phrase('ssh-rsa') ->
+    rsa_pass_phrase;
+identity_pass_phrase("ssh-rsa") ->
+    rsa_pass_phrase.
+
+lookup_host_key_fd(Fd, Host, KeyType) ->
+    case io:get_line(Fd, '') of
+	eof ->
+	    {error, not_found};
+	Line ->
+	    case public_key:ssh_decode(Line, known_hosts) of
+		[{Key, Attributes}] ->
+		    handle_host(Fd, Host, proplists:get_value(hostnames, Attributes), Key, KeyType);
+		[] ->
+		    lookup_host_key_fd(Fd, Host, KeyType)
+	    end
+    end.
+
+handle_host(Fd, Host, HostList, Key, KeyType) ->
+    Host1 = host_name(Host),
+    case lists:member(Host1, HostList) and key_match(Key, KeyType) of
+	true ->
+	    Key;
+	false ->
+	    lookup_host_key_fd(Fd, Host, KeyType)
+    end.
+
+host_name(Atom) when is_atom(Atom) ->
+    atom_to_list(Atom);
+host_name(List) ->
+    List.
+
+key_match(#'RSAPublicKey'{}, "ssh-rsa") ->
+    true;
+key_match({_, #'Dss-Parms'{}}, "ssh-dss") ->
+    true;
+key_match(_, _) ->
+    false.
+
+add_key_fd(Fd, Host,Key) ->
+    SshBin = public_key:ssh_encode([{Key, [{hostnames, [Host]}]}], known_hosts),
+    file:write(Fd, SshBin).
+
+lookup_user_key_f(_, _User, [], _Alg, _F, _Opts) ->
+    {error, nouserdir};
+lookup_user_key_f(_, _User, nouserdir, _Alg, _F, _Opts) ->
+    {error, nouserdir};
+lookup_user_key_f(Key, _User, Dir, _Alg, F, _Opts) ->
+    FileName = filename:join(Dir, F),
+    case file:open(FileName, [read, binary]) of
+	{ok, Fd} ->
+	    Res = lookup_user_key_fd(Fd, Key),
+	    file:close(Fd),
+	    Res;
+	{error, Reason} ->
+	    {error, {{openerr, Reason}, {file, FileName}}}
+    end.
+
+lookup_user_key_fd(Fd, Key) ->
+    case io:get_line(Fd, '') of
+	eof ->
+	    {error, not_found};
+	Line ->
+	    case public_key:ssh_decode(Line, auth_keys) of
+		[{AuthKey, _}] ->
+		    case is_auth_key(Key, AuthKey) of
+			true ->
+			    {ok, Key};
+			false ->
+			    lookup_user_key_fd(Fd, Key)
+		    end;
+		[] ->
+		    lookup_user_key_fd(Fd, Key)
+	    end
+    end.
+
+is_auth_key(Key, Key) -> 
+    true;
+is_auth_key(_,_) -> 
+    false.
+
 default_user_dir()->
     {ok,[[Home|_]]} = init:get_argument(home),
     UserDir = filename:join(Home, ".ssh"),
diff --git a/lib/ssh/src/ssh_io.erl b/lib/ssh/src/ssh_io.erl
index 915fd63e4f..1dbd097423 100644
--- a/lib/ssh/src/ssh_io.erl
+++ b/lib/ssh/src/ssh_io.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/src/ssh_key_api.erl b/lib/ssh/src/ssh_key_api.erl
new file mode 100644
index 0000000000..8085c12e21
--- /dev/null
+++ b/lib/ssh/src/ssh_key_api.erl
@@ -0,0 +1,45 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011-2012. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(ssh_key_api).
+
+-include_lib("public_key/include/public_key.hrl"). 
+-include("ssh.hrl").
+
+-type ssh_algorithm() :: string().
+-type file_error()    :: file:posix() | badarg | system_limit | terminated.
+
+-callback host_key(Algorithm :: ssh_algorithm(), Options :: list()) -> 
+                      {ok, [{public_key(), Attributes::list()}]} | public_key()
+                          | {error, string()}.
+
+-callback user_key(Algorithm :: ssh_algorithm(), Options :: list()) -> 
+                     {ok, [{public_key(), Attributes::list()}]} | public_key()
+                          | {error, string()}.
+
+-callback is_host_key(Key :: public_key(), PeerName :: string(), 
+                  Algorithm :: ssh_algorithm(), Options :: list()) ->
+                         boolean().
+
+-callback add_host_key(Host :: string(), Key :: public_key(), Options :: list()) ->
+                          ok | {error, file_error()}.
+
+-callback is_auth_key(Key :: public_key(), User :: string(),
+                  Algorithm :: ssh_algorithm(), Options :: list()) ->
+                         boolean().
diff --git a/lib/ssh/src/ssh_math.erl b/lib/ssh/src/ssh_math.erl
index 510eb16aa6..4aa385b18d 100644
--- a/lib/ssh/src/ssh_math.erl
+++ b/lib/ssh/src/ssh_math.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/src/ssh_rsa.erl b/lib/ssh/src/ssh_rsa.erl
deleted file mode 100644
index 91b8285b2e..0000000000
--- a/lib/ssh/src/ssh_rsa.erl
+++ /dev/null
@@ -1,298 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-
-%%% Description: rsa public-key sign and verify
-
--module(ssh_rsa).
-
--export([verify/3, sign/2]).
--export([alg_name/0]).
-
--include("ssh.hrl").
--include("PKCS-1.hrl").
-
-
--define(MGF(Seed,Len), mgf1((Seed),(Len))).
--define(HASH(X), crypto:sha((X))).
--define(HLen, 20).
-
-%% start() ->
-%%     crypto:start().
-
-%% sign_file(File) ->
-%%     start(),
-%%     {ok,Bin} = file:read_file(File),
-%%     {ok,Key} = ssh_file:private_host_rsa_key(user),
-%%     sign(Key, Bin).
-
-%% verify_file(File, Sig) ->
-%%     start(),
-%%     {ok,Bin} = file:read_file(File),
-%%     {ok,Key} = ssh_file:public_host_rsa_key(user),
-%%     verify(Key, Bin, Sig).
-
-sign(Private,Mb) ->
-    rsassa_pkcs1_v1_5_sign(Private,Mb).
-
-verify(Public,Mb,Sb) ->
-    rsassa_pkcs1_v1_5_verify(Public,Mb,Sb).
-
-
-
-%% Integer to octet string
-i2osp(X, XLen) ->
-    ssh_bits:i2bin(X, XLen).
-
-%% Octet string to Integer
-os2ip(X) ->
-    ssh_bits:bin2i(X).
-
-%% decrypt1, M = message representative
-%% rsaep(#ssh_key { public={N,E}}, M) ->
-%%     ?ssh_assert(M >= 0 andalso M =< N-1, out_of_range),
-%%     ssh_math:ipow(M, E, N).
-
-%% encrypt1, C = cipher representative
-%% rsadp(#ssh_key { public={N,_}, private={_,D}}, C) ->
-%%     ?ssh_assert(C >= 0 andalso C =< N-1, out_of_range),
-%%     ssh_math:ipow(C, D, N).
-
-%% sign1, M = message representative
-rsasp1(#ssh_key { public={N,_}, private={_,D}}, M) ->
-    ?ssh_assert((M >= 0 andalso M =< N-1), out_of_range),
-    ssh_math:ipow(M, D, N).
-
-%% verify1,  S =signature representative
-rsavp1(#ssh_key { public={N,E}}, S)  ->
-    ?ssh_assert(S >= 0 andalso S =< N-1, out_of_range),
-    ssh_math:ipow(S, E, N).
-
-
-%% M messaage
-%% rsaes_oaep_encrypt(Public, M) ->
-%%     rsaes_oaep_encrypt(Public, M, <<>>).
-
-%% rsaes_oaep_encrypt(Public=#ssh_key { public={N,_E}}, M, L) ->
-%%     ?ssh_assert(size(L) =< 16#ffffffffffffffff, label_to_long),
-%%     K = (ssh_bits:isize(N)+7) div 8,
-%%     MLen = size(M),
-%%     %% LLen  = size(L),
-%%     ?ssh_assert(MLen =< K - 2*?HLen - 2, message_to_long),
-%%     LHash = ?HASH(L),
-%%     PS = ssh_bits:fill_bits(K - MLen - 2*?HLen - 2, 0),
-%%     DB = <<LHash/binary, PS/binary, 16#01, M/binary>>,
-%%     Seed = ssh_bits:random(?HLen),
-%%     DbMask = ?MGF(Seed, K - ?HLen - 1),
-%%     MaskedDB = ssh_bits:xor_bits(DB, DbMask),
-%%     SeedMask = ?MGF(MaskedDB, ?HLen),
-%%     MaskedSeed = ssh_bits:xor_bits(Seed, SeedMask),
-%%     EM = <<16#00, MaskedSeed/binary, MaskedDB/binary>>,
-%%     Mc = os2ip(EM),
-%%     C = rsaep(Public, Mc),
-%%     i2osp(C, K).
-
-%% rsaes_oaep_decrypt(Key, C) ->
-%%     rsaes_oaep_decrypt(Key, C, <<>>).
-
-%% rsaes_oaep_decrypt(Private=#ssh_key { public={N,_},private={_,_}},Cb,L) ->
-%%     ?ssh_assert(size(L) =< 16#ffffffffffffffff, label_to_long),
-%%     K = (ssh_bits:isize(N)+7) div 8,
-%%     ?ssh_assert(K == 2*?HLen + 2, decryption_error),
-%%     C = os2ip(Cb),
-%%     M = rsadp(Private, C),
-%%     EM = i2osp(M, K),
-%%     LHash = ?HASH(L),
-%%     MLen = K - ?HLen -1,
-%%     case EM of
-%% 	<<16#00, MaskedSeed:?HLen/binary, MaskedDB:MLen>> ->
-%% 	    SeedMask = ?MGF(MaskedDB, ?HLen),
-%% 	    Seed = ssh_bits:xor_bits(MaskedSeed, SeedMask),
-%% 	    DbMask = ?MGF(Seed, K - ?HLen - 1),
-%% 	    DB = ssh_bits:xor_bits(MaskedDB, DbMask),
-%% 	    PSLen = K - MLen - 2*?HLen - 2,
-%% 	    case DB of
-%% 		<<LHash:?HLen, _PS:PSLen/binary, 16#01, M/binary>> ->
-%% 		    M;
-%% 		_ ->
-%% 		    exit(decryption_error)
-%% 	    end;
-%% 	_ ->
-%% 	    exit(decryption_error)
-%%     end.
-
-
-%% rsaes_pkcs1_v1_5_encrypt(Public=#ssh_key { public={N,_}}, M) ->    
-%%     K = (ssh_bits:isize(N)+7) div 8,
-%%     MLen = size(M),
-%%     ?ssh_assert(MLen =< K - 11, message_to_long),
-%%     PS = ssh_bits:random(K - MLen - 3),
-%%     EM = <<16#00,16#02,PS/binary,16#00,M/binary>>,
-%%     Mc = os2ip(EM),
-%%     C = rsaep(Public, Mc),
-%%     i2osp(C, K).
-
-
-%% rsaes_pkcs1_v1_5_decrypt(Private=#ssh_key { public={N,_},private={_,_}},
-%% 			 Cb) ->
-%%     K = (ssh_bits:isize(N)+7) div 8,
-%%     CLen = size(Cb),
-%%     ?ssh_assert(CLen == K andalso K >= 11, decryption_error),
-%%     C = os2ip(Cb),
-%%     M = rsadp(Private, C),
-%%     EM = i2osp(M, K),
-%%     PSLen = K - CLen - 3,
-%%     case EM of
-%% 	<<16#00, 16#02, _PS:PSLen/binary, 16#00, M>> ->
-%% 	    M;
-%% 	_ ->
-%% 	    exit(decryption_error)
-%%     end.
-
-%% rsassa_pss_sign(Private=#ssh_key { public={N,_},private={_,_}},Mb) ->
-%%     ModBits = ssh_bits:isize(N),
-%%     K = (ModBits+7) div 8,
-%%     EM = emsa_pss_encode(Mb, ModBits - 1),
-%%     M = os2ip(EM),
-%%     S = rsasp1(Private, M),
-%%     i2osp(S, K).
-
-%% rsassa_pss_verify(Public=#ssh_key { public={N,_E}},Mb,Sb) ->
-%%     ModBits = ssh_bits:isize(N),
-%%     K = (ModBits+7) div 8,
-%%     ?ssh_assert(size(Sb) == K, invalid_signature),
-%%     S = os2ip(Sb),
-%%     M = rsavp1(Public,S),
-%%     EMLen = (ModBits-1+7) div 8,
-%%     EM = i2osp(M, EMLen),
-%%     emsa_pss_verify(Mb, EM, ModBits-1).
-
-
-rsassa_pkcs1_v1_5_sign(Private=#ssh_key { public={N,_},private={_,_D}},Mb) ->
-    K = (ssh_bits:isize(N)+7) div 8,    
-    EM = emsa_pkcs1_v1_5_encode(Mb, K),
-    M = os2ip(EM),
-    S = rsasp1(Private, M),
-    i2osp(S, K).
-
-rsassa_pkcs1_v1_5_verify(Public=#ssh_key { public={N,_E}}, Mb, Sb) ->
-    K = (ssh_bits:isize(N)+7) div 8,
-    ?ssh_assert(size(Sb) == K, invalid_signature),
-    S = os2ip(Sb),
-    M = rsavp1(Public, S),
-    EM = i2osp(M, K),
-    %?dbg(true, "verify K=~p S=~w ~n#M=~w~n#EM=~w~n", [K, S, M, EM]),
-    case emsa_pkcs1_v1_5_encode(Mb, K) of
-	EM -> ok;
-	_S ->
-	    {error, invalid_signature}
-    end.
-
-
-emsa_pkcs1_v1_5_encode(M, EMLen) ->
-    H = ?HASH(M),
-    %% Must use speical xxNull types here!
-    Alg = #'AlgorithmNull' { algorithm = ?'id-sha1',
-			     parameters = <<>> },
-    {ok,TCode} = 'PKCS-1':encode('DigestInfoNull',
-				#'DigestInfoNull'{ digestAlgorithm = Alg,
-						   digest = H }),
-    T = list_to_binary(TCode),
-    TLen = size(T),
-    ?ssh_assert(EMLen >= TLen + 11, message_to_short),
-    PS = ssh_bits:fill_bits(EMLen - TLen - 3, 16#ff),
-    <<16#00, 16#01, PS/binary, 16#00, T/binary>>.
-
-
-%% emsa_pss_encode(M, EMBits) ->
-%%     emsa_pss_encode(M, EMBits, 0).
-
-%% emsa_pss_encode(M, EMBits, SLen) ->
-%%     ?ssh_assert(size(M) =< 16#ffffffffffffffff, message_to_long),
-%%     EMLen = (EMBits + 7) div 8,
-%%     MHash = ?HASH(M),
-%%     ?ssh_assert(EMLen >= ?HLen + SLen + 2, encoding_error),
-%%     Salt = ssh_bits:random(SLen),
-%%     M1 = [16#00,16#00,16#00,16#00,16#00,16#00,16#00,16#00,
-%% 	  MHash, Salt],
-%%     H = ?HASH(M1),
-%%     PS = ssh_bits:fill_bits(EMLen-SLen-?HLen-2, 0),
-%%     DB = <<PS/binary, 16#01, Salt/binary>>,
-%%     DbMask = ?MGF(H, EMLen - ?HLen -1),
-%%     MaskedDB = ssh_bits:xor_bits(DB, DbMask),
-%%     ZLen = 8*EMLen - EMBits,
-%%     NZLen = (8 - (ZLen rem 8)) rem 8,
-%%     <<_:ZLen, NZ:NZLen, MaskedDB1/binary>> = MaskedDB,
-%%     MaskedDB2 = <<0:ZLen, NZ:NZLen, MaskedDB1/binary>>,
-%%     <<MaskedDB2/binary, H/binary, 16#BC>>.
-
-
-%% emsa_pss_verify(M, EM, EMBits) ->
-%%     emsa_pss_verify(M, EM, EMBits, 0).
-
-%% emsa_pss_verify(M, EM, EMBits, SLen) ->
-%%     ?ssh_assert(size(M) =< 16#ffffffffffffffff, message_to_long),
-%%     EMLen = (EMBits + 7) div 8,
-%%     MHash = ?HASH(M),
-%%     ?ssh_assert(EMLen >= ?HLen + SLen + 2, inconsistent),
-%%     MaskLen = (EMLen - ?HLen - 1)-1,
-%%     ZLen = 8*EMLen - EMBits,
-%%     NZLen = (8 - (ZLen rem 8)) rem 8,
-%%     case EM of
-%% 	<<0:ZLen,Nz:NZLen,MaskedDB1:MaskLen/binary, H:?HLen/binary, 16#BC>> ->
-%% 	    MaskedDB = <<0:ZLen,Nz:NZLen,MaskedDB1/binary>>,
-%% 	    DbMask = ?MGF(H, EMLen - ?HLen - 1),
-%% 	    DB = ssh_bits:xor_bits(MaskedDB, DbMask),
-%% 	    PSLen1 = (EMLen - SLen - ?HLen - 2) - 1,
-%% 	    PS = ssh_bits:fill_bits(PSLen1, 0),
-%% 	    case DB of
-%% 		<<_:ZLen,0:NZLen,PS:PSLen1/binary,16#01,Salt:SLen/binary>> ->
-%% 		    M1 = [16#00,16#00,16#00,16#00,16#00,16#00,16#00,16#00,
-%% 			  MHash, Salt],
-%% 		    case ?HASH(M1) of
-%% 			H -> ok;
-%% 			_ -> exit(inconsistent)
-%% 		    end;
-%% 		_ ->
-%% 		    exit(inconsistent)
-%% 	    end;
-%% 	_ ->
-%% 	    exit(inconsistent)
-%%     end.
-
-    
-
-%% Mask generating function MGF1
-%% mgf1(MGFSeed, MaskLen) ->
-%%     T = mgf1_loop(0, ((MaskLen + ?HLen -1) div ?HLen) - 1, MGFSeed, ""),
-%%     <<R:MaskLen/binary, _/binary>> = T,
-%%     R.
-
-%% mgf1_loop(Counter, N, _, T) when Counter > N ->
-%%     list_to_binary(T);
-%% mgf1_loop(Counter, N, MGFSeed, T) ->
-%%     C = i2osp(Counter, 4),
-%%     mgf1_loop(Counter+1, N, MGFSeed, [T, ?HASH([MGFSeed, C])]).
-
-
-
-
-alg_name() ->
-    "ssh-rsa".
diff --git a/lib/ssh/src/ssh_sftpd.erl b/lib/ssh/src/ssh_sftpd.erl
index da91817fd7..8cc414f83a 100644
--- a/lib/ssh/src/ssh_sftpd.erl
+++ b/lib/ssh/src/ssh_sftpd.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -231,8 +231,6 @@ handle_op(?SSH_FXP_REALPATH, ReqId,
     case Res of
 	{ok, AbsPath} ->
 	    NewAbsPath = chroot_filename(AbsPath, State),
-	    ?dbg(true, "handle_op ?SSH_FXP_REALPATH: RelPath=~p AbsPath=~p\n",
-		 [RelPath, NewAbsPath]),
 	    XF = State#state.xf,
 	    Attr = #ssh_xfer_attr{type=directory},
 	    ssh_xfer:xf_send_name(XF, ReqId, NewAbsPath, Attr),
@@ -463,7 +461,6 @@ get_handle(Handles, BinHandle) ->
 read_dir(State0 = #state{file_handler = FileMod, max_files = MaxLength, file_state = FS0},
 	 XF, ReqId, Handle, RelPath, {cache, Files}) ->
     AbsPath = relate_file_name(RelPath, State0),
-    ?dbg(true, "read_dir: AbsPath=~p\n", [AbsPath]),
     if
 	length(Files) > MaxLength ->
 	    {ToSend, NewCache} = lists:split(MaxLength, Files),
@@ -484,7 +481,6 @@ read_dir(State0 = #state{file_handler = FileMod, max_files = MaxLength, file_sta
 read_dir(State0 = #state{file_handler = FileMod, max_files = MaxLength, file_state = FS0},
 	 XF, ReqId, Handle, RelPath, _Status) ->
     AbsPath = relate_file_name(RelPath, State0),
-    ?dbg(true, "read_dir: AbsPath=~p\n", [AbsPath]),
     {Res, FS1} = FileMod:list_dir(AbsPath, FS0),
     case Res of
 	{ok, Files} when MaxLength == 0 orelse MaxLength > length(Files) ->
@@ -516,7 +512,6 @@ get_attrs(_RelPath, [], _FileMod, FS, Acc) ->
     {lists:reverse(Acc), FS};
 get_attrs(RelPath, [F | Rest], FileMod, FS0, Acc) ->
     Path = filename:absname(F, RelPath),
-    ?dbg(true, "get_attrs fun: F=~p\n", [F]),
     case FileMod:read_link_info(Path, FS0) of
 	{{ok, Info}, FS1} ->
 	    Attrs = ssh_sftp:info_to_attr(Info),
@@ -560,7 +555,6 @@ stat(ReqId, RelPath, State0=#state{file_handler=FileMod,
 				   file_state=FS0}, F) ->
     AbsPath = relate_file_name(RelPath, State0),
     XF = State0#state.xf,
-    ?dbg(false, "stat: AbsPath=~p\n", [AbsPath]),
     {Res, FS1} = FileMod:F(AbsPath, FS0),
     State1 = State0#state{file_state = FS1},
     case Res of
@@ -605,6 +599,8 @@ decode_4_access_flag(add_subdirectory) ->
     [read];
 decode_4_access_flag(append_data) ->
     [append];
+decode_4_access_flag(write_attributes) ->
+    [write];
 decode_4_access_flag(_) ->
     [read].
 
@@ -619,8 +615,7 @@ open(Vsn, ReqId, Data, State) when Vsn =< 3 ->
     <<?UINT32(BLen), BPath:BLen/binary, ?UINT32(PFlags),
      _Attrs/binary>> = Data,
     Path = binary_to_list(BPath),
-    Flags = ssh_xfer:decode_open_flags(Vsn, PFlags) -- [creat, excl, trunc],
-    ?dbg(true, "open: Flags=~p\n", [Flags]),
+    Flags = ssh_xfer:decode_open_flags(Vsn, PFlags),
     do_open(ReqId, State, Path, Flags);
 open(Vsn, ReqId, Data, State) when Vsn >= 4 ->
     <<?UINT32(BLen), BPath:BLen/binary, ?UINT32(Access),
@@ -628,7 +623,6 @@ open(Vsn, ReqId, Data, State) when Vsn >= 4 ->
     Path = binary_to_list(BPath),
     FlagBits = ssh_xfer:decode_open_flags(Vsn, PFlags),
     AcessBits = ssh_xfer:decode_ace_mask(Access),
-    ?dbg(true, "open: Fl=~p\n", [FlagBits]),
     %% TODO: This is to make sure the Access flags are not ignored
     %% but this should be thought through better. This solution should
     %% be considered a hack in order to buy some time. At least
@@ -638,15 +632,12 @@ open(Vsn, ReqId, Data, State) when Vsn >= 4 ->
     AcessFlags = decode_4_acess(AcessBits),
     Flags = lists:append(lists:umerge(
 			   [[decode_4_flags(FlagBits)] | AcessFlags])),
-
-    ?dbg(true, "open: Flags=~p\n", [Flags]),
-    
     do_open(ReqId, State, Path, Flags).
 
 do_open(ReqId, State0, Path, Flags) ->
     #state{file_handler = FileMod, file_state = FS0, root = Root} = State0,
     XF = State0#state.xf,
-    F = [raw, binary | Flags],
+    F = [binary | Flags],
     %%   case FileMod:is_dir(Path) of %% This is version 6 we still have 5
     %% 	true ->
     %% 	    ssh_xfer:xf_send_status(State#state.xf, ReqId,
@@ -895,14 +886,11 @@ set_stat(Attr, Path,
 	 State0 = #state{file_handler=FileMod, file_state=FS0}) ->
     {DecodedAttr, _Rest} = 
 	ssh_xfer:decode_ATTR((State0#state.xf)#ssh_xfer.vsn, Attr),
-    ?dbg(true, "set_stat DecodedAttr=~p\n", [DecodedAttr]),
     Info = ssh_sftp:attr_to_info(DecodedAttr),
     {Res1, FS1} = FileMod:read_link_info(Path, FS0),
     case Res1 of
 	{ok, OldInfo} ->
 	    NewInfo = set_file_info(Info, OldInfo),
-	    ?dbg(true, "set_stat Path=~p\nInfo=~p\nOldInfo=~p\nNewInfo=~p\n",
-		 [Path, Info, OldInfo, NewInfo]),
 	    {Res2, FS2} = FileMod:write_file_info(Path, NewInfo, FS1),
 	    State1 = State0#state{file_state = FS2},
 	    {Res2, State1};
diff --git a/lib/ssh/src/ssh_sftpd_file_api.erl b/lib/ssh/src/ssh_sftpd_file_api.erl
index 176aa98194..38371f809d 100644
--- a/lib/ssh/src/ssh_sftpd_file_api.erl
+++ b/lib/ssh/src/ssh_sftpd_file_api.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,27 +21,41 @@
 
 -module(ssh_sftpd_file_api).
 
--export([behaviour_info/1]).
+%% To be further specified later
+-callback close(IoDevice::term(), State::term()) -> 
+    ok | {error, Reason::term()}.
+-callback delete(Path::term(), State::term()) ->
+     ok | {error, Reason::term()}.
+-callback del_dir(Path::term(), State::term()) ->
+    ok | {error, Reason::term()}.
+-callback get_cwd(State::term()) ->
+    {ok, Dir::term()} | {error, Reason::term()}.
+-callback is_dir(AbsPath::term(), State::term()) ->
+    boolean().
+-callback list_dir(AbsPath::term(), State::term()) ->
+    {ok, Filenames::term()} | {error, Reason::term()}.
+-callback make_dir(Dir::term(), State::term()) ->
+    ok | {error, Reason::term()}.
+-callback make_symlink(Path2::term(), Path::term(), State::term()) ->
+    ok | {error, Reason::term()}.
+-callback open(Path::term(), Flags::term(), State::term()) ->
+    {ok, IoDevice::term()} | {error, Reason::term()}.
+-callback position(IoDevice::term(), Offs::term(), State::term()) ->
+    {ok, NewPosition::term()} | {error, Reason::term()}.
+-callback read(IoDevice::term(), Len::term(), State::term()) ->
+    {ok, Data::term()} | eof | {error, Reason::term()}.
+-callback read_link(Path::term(), State::term()) ->
+    {ok, FileName::term()} | {error, Reason::term()}.
+-callback read_link_info(Path::term(), State::term()) ->
+    {ok, FileInfo::term()} | {error, Reason::term()}.
+-callback read_file_info(Path::term(), State::term()) ->
+    {ok, FileInfo::term()} | {error, Reason::term()}.
+-callback rename(Path::term(), Path2::term(), State::term()) ->
+    ok | {error, Reason::term()}.
+-callback write(IoDevice::term(), Data::term(), State::term()) ->
+    ok | {error, Reason::term()}.
+-callback write_file_info(Path::term(),Info::term(), State::term()) ->
+    ok | {error, Reason::term()}.
+
+
 
-behaviour_info(callbacks) ->
-    [
-     {close, 2}, 
-     {delete, 2}, 
-     {del_dir, 2}, 
-     {get_cwd, 1}, 
-     {is_dir, 2}, 
-     {list_dir, 2}, 
-     {make_dir, 2}, 
-     {make_symlink, 3}, 
-     {open, 3}, 
-     {position, 3}, 
-     {read, 3},
-     {read_file_info, 2}, 
-     {read_link, 2}, 
-     {read_link_info, 2}, 
-     {rename, 3},
-     {write, 3}, 
-     {write_file_info, 3}
-    ];
-behaviour_info(_) ->
-    undefined.
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index de3e29e2f1..6140c87f6e 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,10 +23,11 @@
 
 -module(ssh_transport).
 
--include("ssh_transport.hrl").
+-include_lib("public_key/include/public_key.hrl").
+-include_lib("kernel/include/inet.hrl").
 
+-include("ssh_transport.hrl").
 -include("ssh.hrl").
--include_lib("kernel/include/inet.hrl").
 
 -export([connect/5, accept/4]). 
 -export([versions/2, hello_version_msg/1]).
@@ -38,17 +39,8 @@
 	 handle_kex_dh_gex_group/2, handle_kex_dh_gex_reply/2,
 	 handle_new_keys/2, handle_kex_dh_gex_request/2,
 	 handle_kexdh_reply/2, 
-	 unpack/3, decompress/2, ssh_packet/2, pack/2, msg_data/1]).
-
-%% debug flagso
--define(DBG_ALG,     true).
--define(DBG_KEX,     true).
--define(DBG_CRYPTO,  false).
--define(DBG_PACKET,  false).
--define(DBG_MESSAGE, true).
--define(DBG_BIN_MESSAGE, true).
--define(DBG_MAC,     false).
--define(DBG_ZLIB,    true).
+	 unpack/3, decompress/2, ssh_packet/2, pack/2, msg_data/1,
+	 sign/3, verify/4]).
 
 versions(client, Options)->
     Vsn = proplists:get_value(vsn, Options, ?DEFAULT_CLIENT_VERSION),
@@ -212,24 +204,24 @@ key_exchange_init_msg(Ssh0) ->
     {SshPacket, Ssh} = ssh_packet(Msg, Ssh0),
     {Msg, SshPacket, Ssh}.
 
-kex_init(#ssh{role = Role, opts = Opts}) ->
+kex_init(#ssh{role = Role, opts = Opts, available_host_keys = HostKeyAlgs}) ->
     Random = ssh_bits:random(16),
     Compression = case proplists:get_value(compression, Opts, none) of
 		      zlib -> ["zlib", "none"];
 		      none -> ["none", "zlib"]
 		  end,
-    kexinit_messsage(Role, Random, Compression).
+    kexinit_messsage(Role, Random, Compression, HostKeyAlgs).
 
 key_init(client, Ssh, Value) ->
     Ssh#ssh{c_keyinit = Value};
 key_init(server, Ssh, Value) ->
     Ssh#ssh{s_keyinit = Value}.
 
-kexinit_messsage(client, Random, Compression) ->
+kexinit_messsage(client, Random, Compression, HostKeyAlgs) ->
     #ssh_msg_kexinit{ 
 		  cookie = Random,
 		  kex_algorithms = ["diffie-hellman-group1-sha1"],
-		  server_host_key_algorithms = ["ssh-rsa", "ssh-dss"],
+		  server_host_key_algorithms = HostKeyAlgs,
 		  encryption_algorithms_client_to_server = ["aes128-cbc","3des-cbc"],
 		  encryption_algorithms_server_to_client = ["aes128-cbc","3des-cbc"],
 		  mac_algorithms_client_to_server = ["hmac-sha1"],
@@ -240,11 +232,11 @@ kexinit_messsage(client, Random, Compression) ->
 		  languages_server_to_client = []
 		 };
 
-kexinit_messsage(server, Random, Compression) ->
+kexinit_messsage(server, Random, Compression, HostKeyAlgs) ->
     #ssh_msg_kexinit{
 		  cookie = Random,
 		  kex_algorithms = ["diffie-hellman-group1-sha1"],
-		  server_host_key_algorithms = ["ssh-dss"],
+		  server_host_key_algorithms = HostKeyAlgs,
 		  encryption_algorithms_client_to_server = ["aes128-cbc","3des-cbc"],
 		  encryption_algorithms_server_to_client = ["aes128-cbc","3des-cbc"],
 		  mac_algorithms_client_to_server = ["hmac-sha1"],
@@ -300,7 +292,6 @@ install_messages('diffie-hellman-group-exchange-sha1') ->
 key_exchange_first_msg('diffie-hellman-group1-sha1', Ssh0) ->
     {G, P} = dh_group1(),
     {Private, Public} = dh_gen_key(G, P, 1024),
-    %%?dbg(?DBG_KEX, "public: ~p~n", [Public]),
     {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kexdh_init{e = Public}, Ssh0),
     {ok, SshPacket, 
      Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}}}};
@@ -320,7 +311,6 @@ key_exchange_first_msg('diffie-hellman-group-exchange-sha1', Ssh0) ->
 handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, Ssh0) ->
     {G, P} = dh_group1(),
     {Private, Public} = dh_gen_key(G, P, 1024),
-    %%?dbg(?DBG_KEX, "public: ~p~n", [Public]),
     K = ssh_math:ipow(E, Private, P),
     {Key, K_S} = get_host_key(Ssh0),
     H = kex_h(Ssh0, K_S, E, Public, K),
@@ -329,8 +319,7 @@ handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, Ssh0) ->
 							f = Public,
 							h_sig = H_SIG
 						       }, Ssh0),
-    %%?dbg(?DBG_KEX, "shared_secret: ~s ~n", [fmt_binary(K, 16, 4)]),
-    %%?dbg(?DBG_KEX, "hash: ~s ~n", [fmt_binary(H, 16, 4)]),
+
     {ok, SshPacket, Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}},
 			     shared_secret = K,
 			     exchanged_hash = H,
@@ -338,7 +327,6 @@ handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, Ssh0) ->
 
 handle_kex_dh_gex_group(#ssh_msg_kex_dh_gex_group{p = P, g = G}, Ssh0) ->
     {Private, Public} = dh_gen_key(G,P,1024),
-    %%?dbg(?DBG_KEX, "public: ~p ~n", [Public]),
     {SshPacket, Ssh1} = 
 	ssh_packet(#ssh_msg_kex_dh_gex_init{e = Public}, Ssh0),
     {ok, SshPacket, 
@@ -362,8 +350,7 @@ handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = HostKey, f = F,
 		   #ssh{keyex_key = {{Private, Public}, {_G, P}}} = Ssh0) ->
     K = ssh_math:ipow(F, Private, P),
     H = kex_h(Ssh0, HostKey, Public, F, K),
-    %%?dbg(?DBG_KEX, "shared_secret: ~s ~n", [fmt_binary(K, 16, 4)]),
-    %%?dbg(?DBG_KEX, "hash: ~s ~n", [fmt_binary(H, 16, 4)]),
+
     case verify_host_key(Ssh0, HostKey, H, H_SIG) of
 	ok ->
 	    {SshPacket, Ssh} = ssh_packet(#ssh_msg_newkeys{}, Ssh0),
@@ -396,8 +383,7 @@ handle_kex_dh_gex_reply(#ssh_msg_kex_dh_gex_reply{public_host_key = HostKey,
 		 	Ssh0) ->
     K = ssh_math:ipow(F, Private, P),
     H = kex_h(Ssh0, HostKey, Min, NBits, Max, P, G, Public, F, K),
-    %%?dbg(?DBG_KEX, "shared_secret: ~s ~n", [fmt_binary(K, 16, 4)]),
-    %%?dbg(?DBG_KEX, "hash: ~s ~n", [fmt_binary(H, 16, 4)]),
+
     case verify_host_key(Ssh0, HostKey, H, H_SIG) of
 	ok ->
 	    {SshPacket, Ssh} = ssh_packet(#ssh_msg_newkeys{}, Ssh0),
@@ -423,83 +409,68 @@ sid(#ssh{session_id = Id}, _) ->
 %%
 get_host_key(SSH) ->
     #ssh{key_cb = Mod, opts = Opts, algorithms = ALG} = SSH,
-    Scope = proplists:get_value(key_scope, Opts, system),
-    case ALG#alg.hkey of
-	'ssh-rsa' ->
-	    case Mod:private_host_rsa_key(Scope, Opts) of
-		{ok,Key=#ssh_key { public={N,E}} } ->
-		    %%?dbg(true, "x~n", []),
-		    {Key,
-		     ssh_bits:encode(["ssh-rsa",E,N],[string,mpint,mpint])};
-		Error ->
-		    %%?dbg(true, "y~n", []),
-		    exit(Error)
-	    end;
-	'ssh-dss' ->
-	    case Mod:private_host_dsa_key(Scope, Opts) of
-		{ok,Key=#ssh_key { public={P,Q,G,Y}}} ->
-		    {Key, ssh_bits:encode(["ssh-dss",P,Q,G,Y],
-					  [string,mpint,mpint,mpint,mpint])};
-		Error ->
-		    exit(Error)
-	    end;
-	_ ->
-	    exit({error, bad_key_type})
+
+    case Mod:host_key(ALG#alg.hkey, Opts) of
+	{ok, #'RSAPrivateKey'{modulus = N, publicExponent = E} = Key} ->
+	    {Key,
+	     ssh_bits:encode(["ssh-rsa",E,N],[string,mpint,mpint])};
+	{ok, #'DSAPrivateKey'{y = Y, p = P, q = Q, g = G} = Key} ->
+	    {Key, ssh_bits:encode(["ssh-dss",P,Q,G,Y],
+				  [string,mpint,mpint,mpint,mpint])};
+	Result ->
+	    exit({error, {Result, unsupported_key_type}})
     end.
 
-sign_host_key(Ssh, Private, H) ->
-    ALG = Ssh#ssh.algorithms,
-    Module = case ALG#alg.hkey of
-		 'ssh-rsa' -> 
-		     ssh_rsa;
-		 'ssh-dss' -> 
-		     ssh_dsa
-	     end,
-    case catch Module:sign(Private, H) of
-	{'EXIT', Reason} ->
-	    error_logger:format("SIGN FAILED: ~p\n", [Reason]),
-	    {error, Reason};
-	SIG ->
-	    ssh_bits:encode([Module:alg_name() ,SIG],[string,binary])
-    end.    
+sign_host_key(_Ssh, #'RSAPrivateKey'{} = Private, H) ->
+    Hash = sha, %% Option ?!
+    Signature = sign(H, Hash, Private),
+    ssh_bits:encode(["ssh-rsa", Signature],[string, binary]);
+sign_host_key(_Ssh, #'DSAPrivateKey'{} = Private, H) ->
+    Hash = sha, %% Option ?!
+    RawSignature = sign(H, Hash, Private),
+    ssh_bits:encode(["ssh-dss", RawSignature],[string, binary]).
 
 verify_host_key(SSH, K_S, H, H_SIG) ->
     ALG = SSH#ssh.algorithms,
     case ALG#alg.hkey of
 	'ssh-rsa' ->
-	    case ssh_bits:decode(K_S,[string,mpint,mpint]) of
-		["ssh-rsa", E, N] ->
-		    ["ssh-rsa",SIG] = ssh_bits:decode(H_SIG,[string,binary]),
-		    Public = #ssh_key { type=rsa, public={N,E} },
-		    case catch ssh_rsa:verify(Public, H, SIG) of
-			{'EXIT', Reason} ->
-			    error_logger:format("VERIFY FAILED: ~p\n", [Reason]),
-			    {error, bad_signature};
-			ok ->
-			    known_host_key(SSH, Public, "ssh-rsa")
-		    end;
-		_ ->
-		    {error, bad_format}
-	    end;
+	    verify_host_key_rsa(SSH, K_S, H, H_SIG);
 	'ssh-dss' ->
-	    case ssh_bits:decode(K_S,[string,mpint,mpint,mpint,mpint]) of
-		["ssh-dss",P,Q,G,Y] ->
-		    ["ssh-dss",SIG] = ssh_bits:decode(H_SIG,[string,binary]),
-		    Public = #ssh_key { type=dsa, public={P,Q,G,Y} },
-		    case catch ssh_dsa:verify(Public, H, SIG) of
-			{'EXIT', Reason} ->
-			    error_logger:format("VERIFY FAILED: ~p\n", [Reason]),
-			    {error, bad_signature};
-			ok ->
-			    known_host_key(SSH, Public, "ssh-dss")
-		    end;
-		_ ->
-		    {error, bad_host_key_format}
-	    end;
+	    verify_host_key_dss(SSH, K_S, H, H_SIG);
 	_ ->
 	    {error, bad_host_key_algorithm}
     end.
 
+verify_host_key_rsa(SSH, K_S, H, H_SIG) ->
+    case ssh_bits:decode(K_S,[string,mpint,mpint]) of
+	["ssh-rsa", E, N] ->
+	    ["ssh-rsa",SIG] = ssh_bits:decode(H_SIG,[string,binary]),
+	    Public = #'RSAPublicKey'{publicExponent = E, modulus = N},
+	    case verify(H, sha, SIG, Public) of
+		false ->
+		    {error, bad_signature};
+		true ->
+		    known_host_key(SSH, Public, "ssh-rsa")
+	    end;
+	_ ->
+	    {error, bad_format}
+    end.
+
+verify_host_key_dss(SSH, K_S, H, H_SIG) ->
+    case ssh_bits:decode(K_S,[string,mpint,mpint,mpint,mpint]) of
+	["ssh-dss",P,Q,G,Y] ->
+	    ["ssh-dss",SIG] = ssh_bits:decode(H_SIG,[string,binary]),
+	    Public = {Y,  #'Dss-Parms'{p = P, q = Q, g = G}},
+	    case verify(H, sha, SIG, Public) of
+		false ->
+		    {error, bad_signature};
+		true ->
+		    known_host_key(SSH, Public, "ssh-dss")
+	    end;
+	_ ->
+	    {error, bad_host_key_format}
+    end.
+
 accepted_host(Ssh, PeerName, Opts) ->
     case proplists:get_value(silently_accept_hosts, Opts, false) of
 	true ->
@@ -511,14 +482,10 @@ accepted_host(Ssh, PeerName, Opts) ->
 known_host_key(#ssh{opts = Opts, key_cb = Mod, peer = Peer} = Ssh, 
 	       Public, Alg) ->
     PeerName = peer_name(Peer),
-    case Mod:lookup_host_key(PeerName, Alg, Opts) of
-	{ok, Public} ->
+    case Mod:is_host_key(Public, PeerName, Alg, Opts) of
+	true ->
 	    ok;
-	{ok, BadPublic} ->
-	    error_logger:format("known_host_key: Public ~p BadPublic ~p\n", 
-				[Public, BadPublic]),
-	    {error, bad_public_key};
-	{error, not_found} ->
+	false ->
 	    case accepted_host(Ssh, PeerName, Opts) of
 		yes ->
 		    Mod:add_host_key(PeerName, Public, Opts);
@@ -621,7 +588,6 @@ install_alg(SSH) ->
 
 alg_setup(SSH) ->
     ALG = SSH#ssh.algorithms,
-    %%?dbg(?DBG_ALG, "ALG: setup ~p ~n", [ALG]),
     SSH#ssh{kex = ALG#alg.kex,
 	    hkey = ALG#alg.hkey,
 	    encrypt = ALG#alg.encrypt,
@@ -638,7 +604,6 @@ alg_setup(SSH) ->
 	   }.
 
 alg_init(SSH0) ->
-    %%?dbg(?DBG_ALG, "ALG: init~n", []),    
     {ok,SSH1} = send_mac_init(SSH0),
     {ok,SSH2} = recv_mac_init(SSH1),
     {ok,SSH3} = encrypt_init(SSH2),
@@ -648,7 +613,6 @@ alg_init(SSH0) ->
     SSH6.
 
 alg_final(SSH0) ->
-    %%?dbg(?DBG_ALG, "ALG: final ~n", []),
     {ok,SSH1} = send_mac_final(SSH0),
     {ok,SSH2} = recv_mac_final(SSH1),
     {ok,SSH3} = encrypt_final(SSH2),
@@ -669,19 +633,15 @@ select(CL, SL) ->
 	    [] -> undefined;
 	    [ALG|_] -> ALG
 	end,
-    %%?dbg(?DBG_ALG, "ALG: select: ~p ~p = ~p~n", [CL, SL, C]),
     C.
 	    
 ssh_packet(#ssh_msg_kexinit{} = Msg, Ssh0) ->
     BinMsg = ssh_bits:encode(Msg),
     Ssh = key_init(Ssh0#ssh.role, Ssh0, BinMsg),
-    %%?dbg(?DBG_MESSAGE, "SEND_MSG: ~p~n", [Msg]),
     pack(BinMsg, Ssh);
 
 ssh_packet(Msg, Ssh) ->
     BinMsg = ssh_bits:encode(Msg),
-    %%?dbg(?DBG_MESSAGE, "SEND_MSG: ~p~n", [Msg]),
-    %%?dbg(?DBG_BIN_MESSAGE, "Encoded: ~p~n", [BinMsg]),
     pack(BinMsg, Ssh).
 
 pack(Data0, #ssh{encrypt_block_size = BlockSize, 
@@ -732,17 +692,20 @@ msg_data(PacketData) ->
      _:PaddingLen/binary>> = PacketData,
     Data.
 
+sign(SigData, Hash,  #'DSAPrivateKey'{} = Key) ->
+    DerSignature = public_key:sign(SigData, Hash, Key),
+    #'Dss-Sig-Value'{r = R, s = S} = public_key:der_decode('Dss-Sig-Value', DerSignature),
+    <<R:160/big-unsigned-integer, S:160/big-unsigned-integer>>;
+sign(SigData, Hash, Key) ->
+    public_key:sign(SigData, Hash, Key).
 
-%% Send a disconnect message
-%% terminate(S, SSH, Code, Message) ->
-%%     M = #ssh_msg_disconnect{code=Code, 
-%% 			    description = Message,
-%% 			    language = "en"},
-%%     send_msg(S, SSH, M),
-%%     gen_tcp:close(S),
-%%     {error, M}.
+verify(PlainText, Hash, Sig, {_,  #'Dss-Parms'{}} = Key) ->
+    <<R:160/big-unsigned-integer, S:160/big-unsigned-integer>> = Sig,
+    Signature = public_key:der_encode('Dss-Sig-Value', #'Dss-Sig-Value'{r = R, s = S}),
+    public_key:verify(PlainText, Hash, Signature, Key);
+verify(PlainText, Hash, Sig, Key) ->
+    public_key:verify(PlainText, Hash, Sig, Key).
 
-   
 %% public key algorithms
 %%
 %%   ssh-dss              REQUIRED     sign    Raw DSS Key
@@ -761,9 +724,6 @@ msg_data(PacketData) ->
 %%
 %%
 
-    
-
-
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Encryption
 %%
@@ -833,19 +793,13 @@ encrypt(#ssh{encrypt = none} = Ssh, Data) ->
 encrypt(#ssh{encrypt = '3des-cbc',
 	     encrypt_keys = {K1,K2,K3},
 	     encrypt_ctx = IV0} = Ssh, Data) ->
-    %%?dbg(?DBG_CRYPTO, "encrypt: IV=~p K1=~p, K2=~p, K3=~p ~n",
-    %%	 [IV0,K1,K2,K3]),
     Enc = crypto:des3_cbc_encrypt(K1,K2,K3,IV0,Data),
-    %%?dbg(?DBG_CRYPTO, "encrypt: ~p -> ~p ~n", [Data, Enc]),
     IV = crypto:des_cbc_ivec(Enc),
     {Ssh#ssh{encrypt_ctx = IV}, Enc};
 encrypt(#ssh{encrypt = 'aes128-cbc',
             encrypt_keys = K,
             encrypt_ctx = IV0} = Ssh, Data) ->
-    %%?dbg(?DBG_CRYPTO, "encrypt: IV=~p K=~p ~n",
-    %%     [IV0,K]),
     Enc = crypto:aes_cbc_128_encrypt(K,IV0,Data),
-    %%?dbg(?DBG_CRYPTO, "encrypt: ~p -> ~p ~n", [Data, Enc]),
     IV = crypto:aes_cbc_ivec(Enc),
     {Ssh#ssh{encrypt_ctx = IV}, Enc}.
   
@@ -893,18 +847,12 @@ decrypt(#ssh{decrypt = none} = Ssh, Data) ->
 decrypt(#ssh{decrypt = '3des-cbc', decrypt_keys = Keys,
 	     decrypt_ctx = IV0} = Ssh, Data) ->
     {K1, K2, K3} = Keys,
-    %%?dbg(?DBG_CRYPTO, "decrypt: IV=~p K1=~p, K2=~p, K3=~p ~n",
-    %%[IV0,K1,K2,K3]),
     Dec = crypto:des3_cbc_decrypt(K1,K2,K3,IV0,Data),
-    %%?dbg(?DBG_CRYPTO, "decrypt: ~p -> ~p ~n", [Data, Dec]),
     IV = crypto:des_cbc_ivec(Data),
     {Ssh#ssh{decrypt_ctx = IV}, Dec};
 decrypt(#ssh{decrypt = 'aes128-cbc', decrypt_keys = Key,
 	     decrypt_ctx = IV0} = Ssh, Data) ->
-    %%?dbg(?DBG_CRYPTO, "decrypt: IV=~p Key=~p ~n",
-    %%     [IV0,Key]),
     Dec = crypto:aes_cbc_128_decrypt(Key,IV0,Data),
-    %%?dbg(?DBG_CRYPTO, "decrypt: ~p -> ~p ~n", [Data, Dec]),
     IV = crypto:aes_cbc_ivec(Data),
     {Ssh#ssh{decrypt_ctx = IV}, Dec}.
 
@@ -936,7 +884,6 @@ compress(#ssh{compress = none} = Ssh, Data) ->
     {Ssh, Data};
 compress(#ssh{compress = zlib, compress_ctx = Context} = Ssh, Data) ->
     Compressed = zlib:deflate(Context, Data, sync),
-    %%?dbg(?DBG_ZLIB, "deflate: ~p -> ~p ~n", [Data, Compressed]),
     {Ssh, list_to_binary(Compressed)}.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -960,7 +907,6 @@ decompress(#ssh{decompress = none} = Ssh, Data) ->
     {Ssh, Data};
 decompress(#ssh{decompress = zlib, decompress_ctx = Context} = Ssh, Data) ->
     Decompressed = zlib:inflate(Context, Data),
-    %%?dbg(?DBG_ZLIB, "inflate: ~p -> ~p ~n", [Data, Decompressed]),
     {Ssh, list_to_binary(Decompressed)}.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -1039,7 +985,6 @@ hash(SSH, Char, N, HASH) ->
     K1 = HASH([K, H, Char, SessionID]),
     Sz = N div 8,
     <<Key:Sz/binary, _/binary>> = hash(K, H, K1, N-128, HASH),
-    %%?dbg(?DBG_KEX, "Key ~s: ~s ~n", [Char, fmt_binary(Key, 16, 4)]),
     Key.
 
 hash(_K, _H, Ki, N, _HASH) when N =< 0 ->
@@ -1055,6 +1000,7 @@ kex_h(SSH, K_S, E, F, K) ->
 			[string,string,binary,binary,binary,
 			 mpint,mpint,mpint]),
     crypto:sha(L).
+ 
 
 kex_h(SSH, K_S, Min, NBits, Max, Prime, Gen, E, F, K) ->
     L = if Min==-1; Max==-1 ->
@@ -1075,7 +1021,7 @@ kex_h(SSH, K_S, Min, NBits, Max, Prime, Gen, E, F, K) ->
 				 Prime, Gen, E,F,K], Ts)
 	end,
     crypto:sha(L).
-    
+  
 mac_key_size('hmac-sha1')    -> 20*8;
 mac_key_size('hmac-sha1-96') -> 20*8;
 mac_key_size('hmac-md5')     -> 16*8;
@@ -1105,9 +1051,6 @@ dh_gen_key(G, P, _Bits) ->
     Public = ssh_math:ipow(G, Private, P),
     {Private,Public}.
 
-%% trim(Str) ->
-%%     lists:reverse(trim_head(lists:reverse(trim_head(Str)))).
-
 trim_tail(Str) ->
     lists:reverse(trim_head(lists:reverse(Str))).
 
@@ -1116,48 +1059,3 @@ trim_head([$\t|Cs]) -> trim_head(Cs);
 trim_head([$\n|Cs]) -> trim_head(Cs);
 trim_head([$\r|Cs]) -> trim_head(Cs);
 trim_head(Cs) -> Cs.
-
-%% Retrieve session_id from ssh, needed by public-key auth
-%get_session_id(SSH) ->
-%    {ok, SessionID} = call(SSH, get_session_id),
-    
-%% DEBUG utils
-%% Format integers and binaries as hex blocks
-%%
-%% -ifdef(debug).
-%% fmt_binary(B, BlockSize, GroupSize) ->
-%%     fmt_block(fmt_bin(B), BlockSize, GroupSize).
-
-%% fmt_block(Bin, BlockSize, GroupSize) ->
-%%     fmt_block(Bin, BlockSize, 0, GroupSize).
-    
-
-%% fmt_block(Bin, 0, _I, _G) ->
-%%     binary_to_list(Bin);
-%% fmt_block(Bin, Sz, G, G) when G =/= 0 ->
-%%     ["~n#" | fmt_block(Bin, Sz, 0, G)];
-%% fmt_block(Bin, Sz, I, G) ->
-%%     case Bin of
-%% 	<<Block:Sz/binary, Tail/binary>> ->
-%% 	    if Tail == <<>> ->
-%% 		    [binary_to_list(Block)];
-%% 	       true ->
-%% 		    [binary_to_list(Block), " " | fmt_block(Tail, Sz, I+1, G)]
-%% 	    end;
-%% 	<<>> ->
-%% 	    [];
-%% 	_ -> 
-%% 	    [binary_to_list(Bin)]
-%%     end.
-
-%% %% Format integer or binary as hex
-%% fmt_bin(X) when integer(X) ->
-%%     list_to_binary(io_lib:format("~p", [X]));
-%% fmt_bin(X) when binary(X) ->
-%%     Sz = size(X)*8,
-%%     <<Y:Sz/unsigned-big>> = X,
-%%     %%Fmt = "~"++integer_to_list(size(X)*2)++"~p",
-%%     list_to_binary(io_lib:format("~p", [Y])).
-
-%% -endif.
-
diff --git a/lib/ssh/src/ssh_userauth.hrl b/lib/ssh/src/ssh_userauth.hrl
index 8eb2d46ed1..7c38719d92 100644
--- a/lib/ssh/src/ssh_userauth.hrl
+++ b/lib/ssh/src/ssh_userauth.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/src/ssh_xfer.erl b/lib/ssh/src/ssh_xfer.erl
index c9631a73b1..d5b6dd03d1 100644
--- a/lib/ssh/src/ssh_xfer.erl
+++ b/lib/ssh/src/ssh_xfer.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -298,8 +298,6 @@ xf_send_names(#ssh_xfer{cm = CM, channel = Channel, vsn = Vsn},
     Size = 1 + 4 + 4 + Len,
     ToSend = [<<?UINT32(Size), ?SSH_FXP_NAME, ?UINT32(ReqId), ?UINT32(Count)>>,
 	      Data],
-    %%?dbg(true, "xf_send_names: Size=~p size(ToSend)=~p\n",
-	%% [Size, size(list_to_binary(ToSend))]),
     ssh_connection:send(CM, Channel, ToSend).
 
 xf_send_status(XF, ReqId, ErrorCode) ->
@@ -353,7 +351,6 @@ xf_reply(_XF, <<?SSH_FXP_DATA, ?UINT32(ReqID),
     {data, ReqID, Data};
 xf_reply(XF, <<?SSH_FXP_NAME, ?UINT32(ReqID),
 	      ?UINT32(Count), AData/binary>>) ->
-    %%?dbg(true, "xf_reply ?SSH_FXP_NAME: AData=~p\n", [AData]),
     {name, ReqID, decode_names(XF#ssh_xfer.vsn, Count, AData)};
 xf_reply(XF, <<?SSH_FXP_ATTRS, ?UINT32(ReqID),
 	      AData/binary>>) ->
@@ -579,7 +576,6 @@ encode_attr_flags(Vsn, Flags) ->
       end, Flags).
 
 encode_file_type(Type) ->
-    %%?dbg(true, "encode_file_type(~p)\n", [Type]),
     case Type of
 	regular -> ?SSH_FILEXFER_TYPE_REGULAR;
 	directory -> ?SSH_FILEXFER_TYPE_DIRECTORY;
@@ -660,15 +656,12 @@ encode_ATTR(Vsn, A) ->
 		   {extended, A#ssh_xfer_attr.extensions}],
 		  0, []),
     Type = encode_file_type(A#ssh_xfer_attr.type),
-    %%?dbg(true, "encode_ATTR: Vsn=~p A=~p As=~p Flags=~p Type=~p",
-    %% 	 [Vsn, A, As, Flags, Type]),
     Result = list_to_binary([?uint32(Flags),
 			     if Vsn >= 5 ->
 				     ?byte(Type);
 				true ->
 				     (<<>>)
 			     end, As]),
-    %% ?dbg(true, " Result=~p\n", [Result]),
     Result.
 
 
@@ -722,7 +715,6 @@ encode_As(_Vsn, [], Flags, Acc) ->
 
 
 decode_ATTR(Vsn, <<?UINT32(Flags), Tail/binary>>) ->
-    %%?dbg(true, "decode_ATTR: Vsn=~p Flags=~p Tail=~p\n", [Vsn, Flags, Tail]),
     {Type,Tail2} =
 	if Vsn =< 3 ->
 		{?SSH_FILEXFER_TYPE_UNKNOWN, Tail};
@@ -751,7 +743,6 @@ decode_ATTR(Vsn, <<?UINT32(Flags), Tail/binary>>) ->
 	      Tail2).
 
 decode_As(Vsn, [{AName, AField}|As], R, Flags, Tail) ->
-    %%?dbg(false, "decode_As: Vsn=~p AName=~p AField=~p Flags=~p Tail=~p\n", [Vsn, AName, AField, Flags, Tail]),
     case AName of
 	size when ?is_set(?SSH_FILEXFER_ATTR_SIZE, Flags) ->
 	    <<?UINT64(X), Tail2/binary>> = Tail,
@@ -762,7 +753,6 @@ decode_As(Vsn, [{AName, AField}|As], R, Flags, Tail) ->
 	ownergroup when ?is_set(?SSH_FILEXFER_ATTR_OWNERGROUP, Flags),Vsn>=5 ->
 	    <<?UINT32(Len), Bin:Len/binary, Tail2/binary>> = Tail,
 	    X = binary_to_list(Bin),
-	    %%?dbg(true, "ownergroup X=~p\n", [X]),
 	    decode_As(Vsn, As, setelement(AField, R, X), Flags, Tail2);
 
 	permissions when ?is_set(?SSH_FILEXFER_ATTR_PERMISSIONS,Flags),Vsn>=5->
@@ -824,13 +814,11 @@ decode_names(Vsn, I, <<?UINT32(Len), FileName:Len/binary,
 		      ?UINT32(LLen), _LongName:LLen/binary,
 		      Tail/binary>>) when Vsn =< 3 ->
     Name = binary_to_list(FileName),
-    %%?dbg(true, "decode_names: ~p\n", [Name]),
     {A, Tail2} = decode_ATTR(Vsn, Tail),
     [{Name, A} | decode_names(Vsn, I-1, Tail2)];
 decode_names(Vsn, I, <<?UINT32(Len), FileName:Len/binary, 
 		      Tail/binary>>) when Vsn >= 4 ->
     Name = binary_to_list(FileName),
-    %%?dbg(true, "decode_names: ~p\n", [Name]),
     {A, Tail2} = decode_ATTR(Vsn, Tail),
     [{Name, A} | decode_names(Vsn, I-1, Tail2)].
 
@@ -839,8 +827,6 @@ encode_names(Vsn, NamesAndAttrs) ->
 
 encode_name(Vsn, {Name,Attr}, Len) when Vsn =< 3 ->
     NLen = length(Name),
-    %%?dbg(true, "encode_name: Vsn=~p Name=~p Attr=~p\n",
-    %% 	 [Vsn, Name, Attr]),
     EncAttr = encode_ATTR(Vsn, Attr),
     ALen = size(EncAttr),
     NewLen = Len + NLen*2 + 4 + 4 + ALen,
diff --git a/lib/ssh/src/ssh_xfer.hrl b/lib/ssh/src/ssh_xfer.hrl
index 4a4f1a4291..c13950eb6e 100644
--- a/lib/ssh/src/ssh_xfer.hrl
+++ b/lib/ssh/src/ssh_xfer.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssh/test/Makefile b/lib/ssh/test/Makefile
index 1820924ed6..145d5d2ad6 100644
--- a/lib/ssh/test/Makefile
+++ b/lib/ssh/test/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2004-2011. All Rights Reserved.
+# Copyright Ericsson AB 2004-2012. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -32,7 +32,6 @@ VSN=$(GS_VSN)
 
 MODULES= \
 	ssh_test_lib \
-	ssh_SUITE \
 	ssh_basic_SUITE \
 	ssh_to_openssh_SUITE \
 	ssh_sftp_SUITE \
diff --git a/lib/ssh/test/ssh_SUITE.erl b/lib/ssh/test/ssh_SUITE.erl
deleted file mode 100644
index 953c9080f9..0000000000
--- a/lib/ssh/test/ssh_SUITE.erl
+++ /dev/null
@@ -1,72 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-%%%----------------------------------------------------------------
-%%% Purpose:ssh application test suite.
-%%%-----------------------------------------------------------------
--module(ssh_SUITE).
--include_lib("common_test/include/ct.hrl").
--include("test_server_line.hrl").
-
-% Default timetrap timeout (set in init_per_testcase).
--define(default_timeout, ?t:minutes(1)).
--define(application, ssh).
-
-% Test server specific exports
--export([all/0,groups/0,init_per_group/2,end_per_group/2]).
--export([init_per_testcase/2, end_per_testcase/2]).
-
-% Test cases must be exported.
--export([app_test/1]).
--define(cases, [app_test]).
-
-%%
-%% all/1
-%%
-all() -> 
-    [app_test].
-
-groups() -> 
-    [].
-
-init_per_group(_GroupName, Config) ->
-	Config.
-
-end_per_group(_GroupName, Config) ->
-	Config.
-
-
-init_per_testcase(_Case, Config) ->
-    Dog=test_server:timetrap(?default_timeout),
-    [{watchdog, Dog}|Config].
-end_per_testcase(_Case, Config) ->
-    Dog=?config(watchdog, Config),
-    test_server:timetrap_cancel(Dog),
-    ok.
-%
-% Test cases starts here.
-%
-app_test(suite) ->
-    [];
-app_test(doc) ->
-    ["Application consistency test."];
-app_test(Config) when is_list(Config) ->
-    ?t:app_test(?application),
-    ok.
diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl
index 5ea0d98980..9c13180159 100644
--- a/lib/ssh/test/ssh_basic_SUITE.erl
+++ b/lib/ssh/test/ssh_basic_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -41,9 +41,6 @@
 init_per_suite(Config) ->
     case catch crypto:start() of
 	ok ->
-	    Dir = ?config(priv_dir, Config),
-	    {ok, _} =  ssh_test_lib:get_id_keys(Dir),
-	    ssh_test_lib:make_dsa_files(Config),
 	    Config;
 	_Else ->
 	    {skip, "Crypto could not be started!"}
@@ -55,10 +52,9 @@ init_per_suite(Config) ->
 %%   A list of key/value pairs, holding the test case configuration.
 %% Description: Cleanup after the whole suite
 %%--------------------------------------------------------------------
-end_per_suite(Config) ->
-    Dir = ?config(priv_dir, Config),
+end_per_suite(_Config) ->
+    ssh:stop(),
     crypto:stop(),
-    ssh_test_lib:remove_id_keys(Dir),
     ok.
 
 %%--------------------------------------------------------------------
@@ -75,7 +71,6 @@ end_per_suite(Config) ->
 %% Description: Initialization before each test case
 %%--------------------------------------------------------------------
 init_per_testcase(_TestCase, Config) ->
-    ssh_test_lib:known_hosts(backup),
     ssh:start(),
     Config.
 
@@ -87,9 +82,16 @@ init_per_testcase(_TestCase, Config) ->
 %%   A list of key/value pairs, holding the test case configuration.
 %% Description: Cleanup after each test case
 %%--------------------------------------------------------------------
-end_per_testcase(_TestCase, _Config) ->
+
+end_per_testcase(TestCase, Config) when TestCase == server_password_option;
+					TestCase == server_userpassword_option ->
+    UserDir = filename:join(?config(priv_dir, Config), nopubkey),
+    ssh_test_lib:del_dirs(UserDir),
+    end_per_testcase(Config);
+end_per_testcase(TestCase, Config) ->
+    end_per_testcase(Config).
+end_per_testcase(_Config) ->    
     ssh:stop(),
-    ssh_test_lib:known_hosts(restore),
     ok.
 
 %%--------------------------------------------------------------------
@@ -101,31 +103,72 @@ end_per_testcase(_TestCase, _Config) ->
 %% Description: Returns a list of all test cases in this test suite
 %%--------------------------------------------------------------------
 all() -> 
-    [exec, exec_compressed, shell, daemon_already_started,
-     server_password_option, server_userpassword_option,
-     known_hosts].
+    [app_test,
+     {group, dsa_key},
+     {group, rsa_key},
+     {group, dsa_pass_key},
+     {group, rsa_pass_key},
+     daemon_already_started,
+     server_password_option, server_userpassword_option].
 
 groups() -> 
-    [].
-
-init_per_group(_GroupName, Config) ->
-	Config.
+    [{dsa_key, [], [exec, exec_compressed, shell, known_hosts]},
+     {rsa_key, [], [exec, exec_compressed, shell, known_hosts]},
+     {dsa_pass_key, [], [pass_phrase]},
+     {rsa_pass_key, [], [pass_phrase]}
+    ].
+
+init_per_group(dsa_key, Config) ->
+    DataDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    ssh_test_lib:setup_dsa(DataDir, PrivDir),
+    Config;
+init_per_group(rsa_key, Config) ->
+    DataDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    ssh_test_lib:setup_rsa(DataDir, PrivDir),
+    Config;
+init_per_group(rsa_pass_key, Config) ->
+    DataDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    ssh_test_lib:setup_rsa_pass_pharse(DataDir, PrivDir, "Password"),
+    [{pass_phrase, {rsa_pass_phrase, "Password"}}| Config];
+init_per_group(dsa_pass_key, Config) ->
+    DataDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    ssh_test_lib:setup_dsa_pass_pharse(DataDir, PrivDir, "Password"),
+    [{pass_phrase, {dsa_pass_phrase, "Password"}}| Config];
+init_per_group(_, Config) ->
+    Config.
 
-end_per_group(_GroupName, Config) ->
-	Config.
+end_per_group(dsa_key, Config) ->
+    PrivDir = ?config(priv_dir, Config),
+    ssh_test_lib:clean_dsa(PrivDir),
+    Config;
+end_per_group(rsa_key, Config) ->
+    PrivDir = ?config(priv_dir, Config),
+    ssh_test_lib:clean_rsa(PrivDir),
+    Config;
+end_per_group(dsa_pass_key, Config) ->
+    PrivDir = ?config(priv_dir, Config),
+    ssh_test_lib:clean_dsa(PrivDir),
+    Config;
+end_per_group(rsa_pass_key, Config) ->
+    PrivDir = ?config(priv_dir, Config),
+    ssh_test_lib:clean_rsa(PrivDir),
+    Config;
+end_per_group(_, Config) ->
+    Config.
 
 %% Test cases starts here.
 %%--------------------------------------------------------------------
-sign_and_verify_rsa(doc) ->
-    ["Test api function ssh:sign_data and ssh:verify_data"];
-
-sign_and_verify_rsa(suite) ->
+app_test(suite) ->
     [];
-sign_and_verify_rsa(Config) when is_list(Config) ->
-    Data = ssh:sign_data(<<"correct data">>, "ssh-rsa"),
-    ok = ssh:verify_data(<<"correct data">>, Data, "ssh-rsa"),
-    {error,invalid_signature} = ssh:verify_data(<<"incorrect data">>, Data,"ssh-rsa").
-
+app_test(doc) ->
+    ["Application consistency test."];
+app_test(Config) when is_list(Config) ->
+    ?t:app_test(ssh),
+    ok.
 
 exec(doc) ->
     ["Test api function ssh_connection:exec"];
@@ -135,11 +178,15 @@ exec(suite) ->
 
 exec(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
-    SystemDir = ?config(data_dir, Config),
+    SystemDir = filename:join(?config(priv_dir, Config), system),
+    UserDir = ?config(priv_dir, Config),
+    
     {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+					     {user_dir, UserDir},
 					     {failfun, fun ssh_test_lib:failfun/2}]),
     ConnectionRef =
 	ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true},
+					  {user_dir, UserDir},
 					  {user_interaction, false}]),
     {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity),
     success = ssh_connection:exec(ConnectionRef, ChannelId0,
@@ -177,13 +224,16 @@ exec_compressed(suite) ->
 
 exec_compressed(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
-    SystemDir = ?config(data_dir, Config),
-    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+    SystemDir = filename:join(?config(priv_dir, Config), system),
+    UserDir = ?config(priv_dir, Config), 
+
+    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir},
 					     {compression, zlib},
 					     {failfun, fun ssh_test_lib:failfun/2}]),
     
     ConnectionRef =
 	ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true},
+					  {user_dir, UserDir},
 					  {user_interaction, false}]),
     {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity),
     success = ssh_connection:exec(ConnectionRef, ChannelId,
@@ -208,13 +258,15 @@ shell(suite) ->
 
 shell(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
-    SystemDir = ?config(data_dir, Config),
-    {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+    SystemDir = filename:join(?config(priv_dir, Config), system),
+    UserDir = ?config(priv_dir, Config),
+   
+    {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir},
 					       {failfun, fun ssh_test_lib:failfun/2}]),
     test_server:sleep(500),
 
     IO = ssh_test_lib:start_io_server(),
-    Shell = ssh_test_lib:start_shell(Port, IO),
+    Shell = ssh_test_lib:start_shell(Port, IO, UserDir),
     receive
 	ErlShellStart ->
 	    test_server:format("Erlang shell start: ~p~n", [ErlShellStart])
@@ -278,9 +330,13 @@ daemon_already_started(suite) ->
 
 daemon_already_started(Config) when is_list(Config) ->
     SystemDir = ?config(data_dir, Config),
+    UserDir = ?config(priv_dir, Config),
+
     {Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+					      {user_dir, UserDir},
 					      {failfun, fun ssh_test_lib:failfun/2}]),
     {error, eaddrinuse} = ssh_test_lib:daemon(Port, [{system_dir, SystemDir},
+						     {user_dir, UserDir},
 						     {failfun,
 						      fun ssh_test_lib:failfun/2}]),
     ssh:stop_daemon(Pid).
@@ -291,9 +347,12 @@ server_password_option(doc) ->
 server_password_option(suite) ->
     [];
 server_password_option(Config) when is_list(Config) ->
-    UserDir = ?config(data_dir, Config), % to make sure we don't use
-    SysDir = ?config(data_dir, Config),	 % public-key-auth
+    PrivDir = ?config(priv_dir, Config),
+    UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth
+    file:make_dir(UserDir),
+    SysDir = ?config(data_dir, Config),
     {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir},
+					     {user_dir, UserDir},
 					     {password, "morot"}]),
 
     ConnectionRef =
@@ -321,9 +380,12 @@ server_userpassword_option(doc) ->
 server_userpassword_option(suite) ->
     [];
 server_userpassword_option(Config) when is_list(Config) ->
-    UserDir = ?config(data_dir, Config),  % to make sure we don't use
-    SysDir = ?config(data_dir, Config),	  % public-key-auth
+    PrivDir = ?config(priv_dir, Config),
+    UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth
+    file:make_dir(UserDir),
+    SysDir = ?config(data_dir, Config),	  
     {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir},
+					     {user_dir, PrivDir},
 					     {user_passwords, [{"vego", "morot"}]}]),
 
     ConnectionRef =
@@ -362,16 +424,16 @@ known_hosts(suite) ->
     [];
 known_hosts(Config) when is_list(Config) ->
     SystemDir = ?config(data_dir, Config),
-    UserDir = ?config(priv_dir, Config),
-
-    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+    PrivDir = ?config(priv_dir, Config), 
+    
+    {Pid, Host, Port} = ssh_test_lib:daemon([{user_dir, PrivDir},{system_dir, SystemDir},
 					     {failfun, fun ssh_test_lib:failfun/2}]),
 
-    KnownHosts = filename:join(UserDir, "known_hosts"),
+    KnownHosts = filename:join(PrivDir, "known_hosts"),
     file:delete(KnownHosts),
     {error, enoent} = file:read_file(KnownHosts),
     ConnectionRef =
-	ssh_test_lib:connect(Host, Port, [{user_dir, UserDir},
+	ssh_test_lib:connect(Host, Port, [{user_dir, PrivDir},
 					  {user_interaction, false},
 					  silently_accept_hosts]),
     {ok, _Channel} = ssh_connection:session_channel(ConnectionRef, infinity),
@@ -382,7 +444,30 @@ known_hosts(Config) when is_list(Config) ->
     [HostAndIp, Alg, _KeyData] = string:tokens(Line, " "),
     [Host, _Ip] = string:tokens(HostAndIp, ","),
     "ssh-" ++ _ = Alg,
-     ssh:stop_daemon(Pid).
+    ssh:stop_daemon(Pid).
+
+pass_phrase(doc) ->
+    ["Test that we can use keyes protected by pass phrases"];
+
+pass_phrase(suite) ->
+    [];
+
+pass_phrase(Config) when is_list(Config) ->
+    process_flag(trap_exit, true),
+    SystemDir = filename:join(?config(priv_dir, Config), system),
+    UserDir = ?config(priv_dir, Config),
+    PhraseArg = ?config(pass_phrase, Config),
+
+    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+					     {user_dir, UserDir},
+					     {failfun, fun ssh_test_lib:failfun/2}]),
+    ConnectionRef =
+	ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true},
+					  PhraseArg,
+					  {user_dir, UserDir},
+					  {user_interaction, false}]),
+    {ok, _ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity),
+    ssh:stop_daemon(Pid).
 
 %%--------------------------------------------------------------------
 %% Internal functions
diff --git a/lib/ssh/test/ssh_basic_SUITE_data/id_dsa b/lib/ssh/test/ssh_basic_SUITE_data/id_dsa
new file mode 100644
index 0000000000..d306f8b26e
--- /dev/null
+++ b/lib/ssh/test/ssh_basic_SUITE_data/id_dsa
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQDfi2flSTZZofwT4yQT0NikX/LGNT7UPeB/XEWe/xovEYCElfaQ
+APFixXvEgXwoojmZ5kiQRKzLM39wBP0jPERLbnZXfOOD0PDnw0haMh7dD7XKVMod
+/EigVgHf/qBdM2M8yz1s/rRF7n1UpLSypziKjkzCm7JoSQ2zbWIPdmBIXwIVAMgP
+kpr7Sq3O7sHdb8D601DRjoExAoGAMOQxDfB2Fd8ouz6G96f/UOzRMI/Kdv8kYYKW
+JIGY+pRYrLPyYzUeJznwZreOJgrczAX+luHnKFWJ2Dnk5CyeXk67Wsr7pJ/4MBMD
+OKeIS0S8qoSBN8+Krp79fgA+yS3IfqbkJLtLu4EBaCX4mKQIX4++k44d4U5lc8pt
++9hlEI8CgYEAznKxx9kyC6bVo7LUYKaGhofRFt0SYFc5PVmT2VUGRs1R6+6DPD+e
+uEO6IhFct7JFSRbP9p0JD4Uk+3zlZF+XX6b2PsZkeV8f/02xlNGUSmEzCSiNg1AX
+Cy/WusYhul0MncWCHMcOZB5rIvU/aP5EJJtn3xrRaz6u0SThF6AnT34CFQC63czE
+ZU8w8Q+H7z0j+a+70x2iAw==
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_basic_SUITE_data/id_rsa b/lib/ssh/test/ssh_basic_SUITE_data/id_rsa
new file mode 100644
index 0000000000..9d7e0dd5fb
--- /dev/null
+++ b/lib/ssh/test/ssh_basic_SUITE_data/id_rsa
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQD1OET+3O/Bvj/dtjxDTXmj1oiJt4sIph5kGy0RfjoPrZfaS+CU
+DhakCmS6t2ivxWFgtpKWaoGMZMJqWj6F6ZsumyFl3FPBtujwY/35cgifrI9Ns4Tl
+zR1uuengNBmV+WRQ5cd9F2qS6Z8aDQihzt0r8JUqLcK+VQbrmNzboCCQQwIDAQAB
+AoGAPQEyqPTt8JUT7mRXuaacjFXiweAXhp9NEDpyi9eLOjtFe9lElZCrsUOkq47V
+TGUeRKEm9qSodfTbKPoqc8YaBJGJPhUaTAcha+7QcDdfHBvIsgxvU7ePVnlpXRp3
+CCUEMPhlnx6xBoTYP+fRU0e3+xJIPVyVCqX1jAdUMkzfRoECQQD6ux7B1QJAIWyK
+SGkbDUbBilNmzCFNgIpOP6PA+bwfi5d16diTpra5AX09keQABAo/KaP1PdV8Vg0p
+z4P3A7G3AkEA+l+AKG6m0kQTTBMJDqOdVPYwe+5GxunMaqmhokpEbuGsrZBl5Dvd
+WpcBjR7jmenrhKZRIuA+Fz5HPo/UQJPl1QJBAKxstDkeED8j/S2XoFhPKAJ+6t39
+sUVICVTIZQeXdmzHJXCcUSkw8+WEhakqw/3SyW0oaK2FSWQJFWJUZ+8eJj8CQEh3
+xeduB5kKnS9CvzdeghZqX6QvVosSdtlUmfUYW/BgH5PpHKTP8wTaeld3XldZTpMJ
+dKiMkUw2+XYROVUrubUCQD+Na1LhULlpn4ISEtIEfqpdlUhxDgO15Wg8USmsng+x
+ICliVOSQtwaZjm8kwaFt0W7XnpnDxbRs37vIEbIMWak=
+-----END RSA PRIVATE KEY-----
diff --git a/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_dsa_key
new file mode 100644
index 0000000000..51ab6fbd88
--- /dev/null
+++ b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_dsa_key
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK
+wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q
+diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA
+l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X
+skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF
+Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP
+ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah
+/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U
+ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W
+Lv62jKcdskxNyz2NQoBx
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_dsa_key.pub
new file mode 100644
index 0000000000..4dbb1305b0
--- /dev/null
+++ b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_dsa_key.pub
@@ -0,0 +1,11 @@
+---- BEGIN SSH2 PUBLIC KEY ----
+AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j
+YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2
+KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU
+aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI
+fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT
+MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh
+DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48
+wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2
+/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg==
+---- END SSH2 PUBLIC KEY ----
diff --git a/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_rsa_key b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_rsa_key
new file mode 100644
index 0000000000..79968bdd7d
--- /dev/null
+++ b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_rsa_key
@@ -0,0 +1,16 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8semM4q843337
+zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RWRWzjaxSB
+6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4QIDAQAB
+AoGANmvJzJO5hkLuvyDZHKfAnGTtpifcR1wtSa9DjdKUyn8vhKF0mIimnbnYQEmW
+NUUb3gXCZLi9PvkpRSVRrASDOZwcjoU/Kvww163vBUVb2cOZfFhyn6o2Sk88Tt++
+udH3hdjpf9i7jTtUkUe+QYPsia+wgvvrmn4QrahLAH86+kECQQDx5gFeXTME3cnW
+WMpFz3PPumduzjqgqMMWEccX4FtQkMX/gyGa5UC7OHFyh0N/gSWvPbRHa8A6YgIt
+n8DO+fh5AkEAzbqX4DOn8NY6xJIi42q7l/2jIA0RkB6P7YugW5NblhqBZ0XDnpA5
+sMt+rz+K07u9XZtxgh1xi7mNfwY6lEAMqQJBAJBEauCKmRj35Z6OyeQku59SPsnY
++SJEREVvSNw2lH9SOKQQ4wPsYlTGbvKtNVZgAcen91L5MmYfeckYE/fdIZECQQCt
+64zxsTnM1I8iFxj/gP/OYlJBikrKt8udWmjaghzvLMEw+T2DExJyb9ZNeT53+UMB
+m6O+B/4xzU/djvp+0hbhAkAemIt+rA5kTmYlFndhpvzkSSM8a2EXsO4XIPgGWCTT
+tQKS/tTly0ADMjN/TVy11+9d6zcqadNVuHXHGtR4W0GR
+-----END RSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_rsa_key.pub b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_rsa_key.pub
new file mode 100644
index 0000000000..75d2025c71
--- /dev/null
+++ b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_rsa_key.pub
@@ -0,0 +1,5 @@
+---- BEGIN SSH2 PUBLIC KEY ----
+AAAAB3NzaC1yc2EAAAADAQABAAAAgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8
+semM4q843337zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RW
+RWzjaxSB6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4Q==
+---- END SSH2 PUBLIC KEY ----
diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl
index c96b6de3ea..7644db155d 100644
--- a/lib/ssh/test/ssh_sftp_SUITE.erl
+++ b/lib/ssh/test/ssh_sftp_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -24,14 +24,12 @@
 -compile(export_all).
 
 -include_lib("common_test/include/ct.hrl").
--include("test_server_line.hrl").
 
 -include_lib("kernel/include/file.hrl").
 
 % Default timetrap timeout
 -define(default_timeout, ?t:minutes(1)).
 
--define(SFPD_PORT, 9999).
 -define(USER, "Alladin").
 -define(PASSWD, "Sesame").
 
@@ -46,18 +44,12 @@
 %% variable, but should NOT alter/remove any existing entries.
 %%--------------------------------------------------------------------
 init_per_suite(Config) ->
-    case {catch crypto:start(),catch ssh:start()} of
-	{ok,ok} ->
-	    Dir = ?config(priv_dir, Config),
-	    {ok, _} = ssh_test_lib:get_id_keys(Dir),
-	    ssh_test_lib:make_dsa_files(Config),
+    case (catch crypto:start()) of
+	ok ->
+	    ssh:start(),
 	    Config;
-	{ok,_} ->
-	    {skip,"Could not start ssh!"};
-	{_,ok} ->
-	    {skip,"Could not start crypto!"};
-	{_,_} ->
-	    {skip,"Could not start crypto and ssh!"}
+	_ ->
+	    {skip,"Could not start crypto!"}
     end.
 
 %%--------------------------------------------------------------------
@@ -67,9 +59,8 @@ init_per_suite(Config) ->
 %% Description: Cleanup after the whole suite
 %%--------------------------------------------------------------------
 end_per_suite(Config) ->
+    ssh:stop(),
     crypto:stop(),
-    Dir = ?config(priv_dir, Config),
-    ssh_test_lib:remove_id_keys(Dir),
     Config.
 
 %%--------------------------------------------------------------------
@@ -90,27 +81,30 @@ init_per_testcase(_Case, Config) ->
     TmpConfig0 = lists:keydelete(watchdog, 1, Config),
     TmpConfig = lists:keydelete(sftp, 1, TmpConfig0),
     Dog = test_server:timetrap(?default_timeout),
-    Dir = ?config(priv_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
     SysDir =  ?config(data_dir, Config),
     Host = ssh_test_lib:hostname(),
 
-    Sftp = case (catch ssh_sftp:start_channel(Host,
-					      [{user_dir, Dir},
-					       {user_interaction, false},
+    %% Run test against openssh server if available
+    Sftp = case (catch ssh_sftp:start_channel(Host,					      
+					      [{user_interaction, false},
 					       {silently_accept_hosts, true}])) of
 	       {ok, ChannelPid, Connection} ->
+		   test_server:format("Running against openssh"),
 		   {ChannelPid, Connection};
-	       _Error ->
-		   {_Sftpd, _Host, _Port} = 
-		       ssh_test_lib:daemon(Host, ?SFPD_PORT,
-					   [{system_dir, SysDir},
+	       _Error -> %% Start own sftp
+		   test_server:format("Running against erlang ssh"),
+		   {_Sftpd, Host1, Port} = 		       
+		       ssh_test_lib:daemon([{system_dir, SysDir},
+					    {user_dir, PrivDir},
 					    {user_passwords,
 					     [{?USER, ?PASSWD}]},
 					    {failfun,
 					     fun ssh_test_lib:failfun/2}]),
-		   Result = (catch ssh_sftp:start_channel(Host, ?SFPD_PORT,
+		   Result = (catch ssh_sftp:start_channel(Host1, Port,
 							  [{user, ?USER},
 							   {password, ?PASSWD},
+							   {user_dir, PrivDir},
 							   {user_interaction, false},
 							   {silently_accept_hosts, true}])),
 		   {ok, ChannelPid, Connection} = Result,
diff --git a/lib/ssh/test/ssh_sftp_SUITE_data/id_rsa b/lib/ssh/test/ssh_sftp_SUITE_data/id_rsa
deleted file mode 100644
index 7e3f885f5d..0000000000
--- a/lib/ssh/test/ssh_sftp_SUITE_data/id_rsa
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQDLKYTdRnGzphcN+pF8UuI3sYB7rxZUHbOT87K3vh8XOLkDOsS3
-8VREtNS8Wb3uYXsRtyDoUvrLIDnyllOfJSDupWLr4ibckUZd/nhFAaC6WryVmH6k
-GlQLLp9KU+vcn2DwYeo14gbwHYDB3pmv4CWAlnO1m/BkX4aLz1zC314OkQIBIwKB
-gD/Z2UzboBPjvhpWEHeHw3CW3zzQoJ4X9pw2peH57IOkHOPCA0/A3/hWFvleCH4e
-owWRU3w3ViKVGYbBh/7RJ5rllN+ENUmVn536srJTxLKUtvb5jRGj3W6EWgAGHSUB
-hm83Kt9Lb5hprL7dPrNGvSseBm/LQSfBQ4vUUyiVRKGPAkEA/rPxWoLdBBP+FZtE
-fGzz9izPM6Fe6o8ZGNZIlRBProOhgEvvIqdgzQWObgLVVrw+M/YApPpiYS3PEmWj
-b2b+jwJBAMwyYeL6coKTl8swDu8HvLnshgUFJFTtHhOTXsKtXQNI1b24xhUrB3Sb
-X8fmoByyRNRpOfvg4Jdqi3Z6KfIcsN8CQQDEfC83McBw3DkJWoVKCugVrYnmACSm
-USH9N5cT6AL0VupNB2C0VTwL37cEaJXyc/V4ipLIaWHV8CNl9qKmZWVJAkEAurG4
-lQI8zyfbPW3EgsU+1d+QeZ5NGnJkpC73jWtNudwxIn0M4CdXRgpmMxwAGjyWs5No
-Nr75OfsDKn5SPHIAywJAKrtONlOizgDiG3EvAXZlwFtOb+HkQ7lrFwczrQu9m7yi
-brSAcnTrLKI6CrR33b/QJLvb9C/HTEZojFABGq8M7A==
------END RSA PRIVATE KEY-----
diff --git a/lib/ssh/test/ssh_sftp_SUITE_data/id_rsa.pub b/lib/ssh/test/ssh_sftp_SUITE_data/id_rsa.pub
deleted file mode 100644
index 77f57de4af..0000000000
--- a/lib/ssh/test/ssh_sftp_SUITE_data/id_rsa.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAyymE3UZxs6YXDfqRfFLiN7GAe68WVB2zk/Oyt74fFzi5AzrEt/FURLTUvFm97mF7Ebcg6FL6yyA58pZTnyUg7qVi6+Im3JFGXf54RQGgulq8lZh+pBpUCy6fSlPr3J9g8GHqNeIG8B2Awd6Zr+AlgJZztZvwZF+Gi89cwt9eDpE= jakob@balin
diff --git a/lib/ssh/test/ssh_sftp_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_sftp_SUITE_data/ssh_host_dsa_key
new file mode 100644
index 0000000000..51ab6fbd88
--- /dev/null
+++ b/lib/ssh/test/ssh_sftp_SUITE_data/ssh_host_dsa_key
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK
+wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q
+diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA
+l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X
+skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF
+Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP
+ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah
+/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U
+ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W
+Lv62jKcdskxNyz2NQoBx
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_sftp_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_sftp_SUITE_data/ssh_host_dsa_key.pub
new file mode 100644
index 0000000000..4dbb1305b0
--- /dev/null
+++ b/lib/ssh/test/ssh_sftp_SUITE_data/ssh_host_dsa_key.pub
@@ -0,0 +1,11 @@
+---- BEGIN SSH2 PUBLIC KEY ----
+AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j
+YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2
+KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU
+aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI
+fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT
+MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh
+DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48
+wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2
+/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg==
+---- END SSH2 PUBLIC KEY ----
diff --git a/lib/ssh/test/ssh_sftpd_SUITE.erl b/lib/ssh/test/ssh_sftpd_SUITE.erl
index bfe54a3e75..6e4480ee9d 100644
--- a/lib/ssh/test/ssh_sftpd_SUITE.erl
+++ b/lib/ssh/test/ssh_sftpd_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2006-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2006-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -53,16 +53,18 @@
 %% variable, but should NOT alter/remove any existing entries.
 %%--------------------------------------------------------------------
 init_per_suite(Config) ->
-    case {catch ssh:stop(),catch crypto:start()} of
-	{ok,ok} ->
-	    ssh_test_lib:make_dsa_files(Config),
+    case (catch crypto:start()) of
+	ok ->
+	    DataDir = ?config(data_dir, Config),	    
+	    PrivDir = ?config(priv_dir, Config),
+	    ssh_test_lib:setup_dsa(DataDir, PrivDir),
+	    %% to make sure we don't use public-key-auth
+	    %% this should be tested by other test suites
+	    UserDir = filename:join(?config(priv_dir, Config), nopubkey), 
+	    file:make_dir(UserDir),  
 	    Config;
-	{ok,_} ->
-	    {skip,"Could not start ssh!"};
-	{_,ok} ->
-	    {skip,"Could not start crypto!"};
-	{_,_} ->
-	    {skip,"Could not start crypto and ssh!"}
+	_ ->
+	    {skip,"Could not start crypto!"}
     end.
 
 %%--------------------------------------------------------------------
@@ -71,7 +73,12 @@ init_per_suite(Config) ->
 %%   A list of key/value pairs, holding the test case configuration.
 %% Description: Cleanup after the whole suite
 %%--------------------------------------------------------------------
-end_per_suite(_Config) ->
+end_per_suite(Config) ->
+    SysDir = ?config(priv_dir, Config),
+    ssh_test_lib:clean_dsa(SysDir),
+    UserDir = filename:join(?config(priv_dir, Config), nopubkey),
+    file:del_dir(UserDir),
+    ssh:stop(),
     crypto:stop(),
     ok.
 
@@ -91,15 +98,18 @@ end_per_suite(_Config) ->
 init_per_testcase(TestCase, Config) ->
     ssh:start(),
     prep(Config),
-    SysDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    ClientUserDir = filename:join(PrivDir, nopubkey),
+    SystemDir = filename:join(?config(priv_dir, Config), system),
+
     {ok, Sftpd} =
-	ssh_sftpd:listen(?SFPD_PORT, [{system_dir, SysDir},
+	ssh_sftpd:listen(?SFPD_PORT, [{system_dir, SystemDir},
+				      {user_dir, PrivDir},
 				      {user_passwords,[{?USER, ?PASSWD}]},
 				      {pwdfun, fun(_,_) -> true end}]),
     
     Cm = ssh_test_lib:connect(?SFPD_PORT,
-			      [{system_dir, SysDir},
-			       {user_dir, SysDir},
+			      [{user_dir, ClientUserDir},
 			       {user, ?USER}, {password, ?PASSWD},
 			       {user_interaction, false},
 			       {silently_accept_hosts, true},
@@ -542,7 +552,7 @@ set_attributes(Config) when is_list(Config) ->
     {ok, FileInfo} = file:read_file_info(FileName),
 
     OrigPermissions = FileInfo#file_info.mode,
-    Permissions = 8#400, %% User read-only
+    Permissions = 8#600, %% User read-write-only
 
     Flags = ?SSH_FILEXFER_ATTR_PERMISSIONS,
 
diff --git a/lib/ssh/test/ssh_sftpd_SUITE_data/id_dsa b/lib/ssh/test/ssh_sftpd_SUITE_data/id_dsa
new file mode 100644
index 0000000000..d306f8b26e
--- /dev/null
+++ b/lib/ssh/test/ssh_sftpd_SUITE_data/id_dsa
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQDfi2flSTZZofwT4yQT0NikX/LGNT7UPeB/XEWe/xovEYCElfaQ
+APFixXvEgXwoojmZ5kiQRKzLM39wBP0jPERLbnZXfOOD0PDnw0haMh7dD7XKVMod
+/EigVgHf/qBdM2M8yz1s/rRF7n1UpLSypziKjkzCm7JoSQ2zbWIPdmBIXwIVAMgP
+kpr7Sq3O7sHdb8D601DRjoExAoGAMOQxDfB2Fd8ouz6G96f/UOzRMI/Kdv8kYYKW
+JIGY+pRYrLPyYzUeJznwZreOJgrczAX+luHnKFWJ2Dnk5CyeXk67Wsr7pJ/4MBMD
+OKeIS0S8qoSBN8+Krp79fgA+yS3IfqbkJLtLu4EBaCX4mKQIX4++k44d4U5lc8pt
++9hlEI8CgYEAznKxx9kyC6bVo7LUYKaGhofRFt0SYFc5PVmT2VUGRs1R6+6DPD+e
+uEO6IhFct7JFSRbP9p0JD4Uk+3zlZF+XX6b2PsZkeV8f/02xlNGUSmEzCSiNg1AX
+Cy/WusYhul0MncWCHMcOZB5rIvU/aP5EJJtn3xrRaz6u0SThF6AnT34CFQC63czE
+ZU8w8Q+H7z0j+a+70x2iAw==
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_sftpd_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_sftpd_SUITE_data/ssh_host_dsa_key
new file mode 100644
index 0000000000..51ab6fbd88
--- /dev/null
+++ b/lib/ssh/test/ssh_sftpd_SUITE_data/ssh_host_dsa_key
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK
+wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q
+diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA
+l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X
+skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF
+Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP
+ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah
+/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U
+ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W
+Lv62jKcdskxNyz2NQoBx
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_sftpd_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_sftpd_SUITE_data/ssh_host_dsa_key.pub
new file mode 100644
index 0000000000..4dbb1305b0
--- /dev/null
+++ b/lib/ssh/test/ssh_sftpd_SUITE_data/ssh_host_dsa_key.pub
@@ -0,0 +1,11 @@
+---- BEGIN SSH2 PUBLIC KEY ----
+AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j
+YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2
+KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU
+aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI
+fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT
+MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh
+DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48
+wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2
+/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg==
+---- END SSH2 PUBLIC KEY ----
diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl
index 2209af05d5..4c469ed5f7 100644
--- a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl
+++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -28,7 +28,6 @@
 
 -include_lib("kernel/include/file.hrl").
 
--define(SSHD_PORT, 9999).
 -define(USER, "Alladin").
 -define(PASSWD, "Sesame").
 -define(SSH_MAX_PACKET_SIZE, 32768).
@@ -48,13 +47,14 @@ init_per_suite(Config) ->
     case catch crypto:start() of
 	ok ->
 	    DataDir = ?config(data_dir, Config),
+	    PrivDir = ?config(priv_dir, Config),
 	    FileAlt = filename:join(DataDir, "ssh_sftpd_file_alt.erl"),
 	    c:c(FileAlt),
 	    FileName = filename:join(DataDir, "test.txt"),
 	    {ok, FileInfo} = file:read_file_info(FileName),
 	    ok = file:write_file_info(FileName,
 				      FileInfo#file_info{mode = 8#400}),
-	    ssh_test_lib:make_dsa_files(Config),
+	    ssh_test_lib:setup_dsa(DataDir, PrivDir),
 	    Config;
 	_Else ->
 	    {skip,"Could not start ssh!"}
@@ -66,7 +66,11 @@ init_per_suite(Config) ->
 %%   A list of key/value pairs, holding the test case configuration.
 %% Description: Cleanup after the whole suite
 %%--------------------------------------------------------------------
-end_per_suite(_Config) ->
+end_per_suite(Config) -> 
+    UserDir = filename:join(?config(priv_dir, Config), nopubkey),
+    file:del_dir(UserDir),
+    SysDir = ?config(priv_dir, Config),
+    ssh_test_lib:clean_dsa(SysDir),
     crypto:stop(),
     ok.
 
@@ -85,7 +89,8 @@ end_per_suite(_Config) ->
 %%--------------------------------------------------------------------
 init_per_testcase(TestCase, Config) ->
     ssh:start(),
-    DataDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    SystemDir = filename:join(PrivDir, system),
 
     Options =
 	case atom_to_list(TestCase) of
@@ -93,50 +98,39 @@ init_per_testcase(TestCase, Config) ->
 		Spec =
 		    ssh_sftpd:subsystem_spec([{file_handler,
 					       ssh_sftpd_file_alt}]),
-		[{user_passwords,[{?USER, ?PASSWD}]},
-		 {pwdfun, fun(_,_) -> true end},
-		 {system_dir, DataDir},
-		 {user_dir, DataDir},
+		[{system_dir, SystemDir},
+		 {user_dir, PrivDir},
 		 {subsystems, [Spec]}];
 	    "root_dir" ->
 		Privdir = ?config(priv_dir, Config),
 		Root = filename:join(Privdir, root),
 		file:make_dir(Root),
 		Spec = ssh_sftpd:subsystem_spec([{root,Root}]),
-		[{user_passwords,[{?USER, ?PASSWD}]},
-		 {pwdfun, fun(_,_) -> true end},
-		 {system_dir, DataDir},
-		 {user_dir, DataDir},
+		[{system_dir, SystemDir},
+		 {user_dir, PrivDir},
 		 {subsystems, [Spec]}];
 	    "list_dir_limited" ->
 		Spec =
 		    ssh_sftpd:subsystem_spec([{max_files,1}]),
-		[{user_passwords,[{?USER, ?PASSWD}]},
-		 {pwdfun, fun(_,_) -> true end},
-		 {system_dir, DataDir},
-		 {user_dir, DataDir},
+		[{system_dir, SystemDir},
+		 {user_dir, PrivDir},
 		 {subsystems, [Spec]}];
 
 	    _ ->
-		[{user_passwords,[{?USER, ?PASSWD}]},
-		 {pwdfun, fun(_,_) -> true end},
-		 {user_dir, DataDir},
-		 {system_dir, DataDir}]
+		[{user_dir, PrivDir},
+		 {system_dir, SystemDir}]
 	end,
 
-    {Sftpd, Host, _Port} = ssh_test_lib:daemon(any, ?SSHD_PORT, Options),
+    {Sftpd, Host, Port} = ssh_test_lib:daemon(Options),
 
     {ok, ChannelPid, Connection} =
-	ssh_sftp:start_channel(Host, ?SSHD_PORT,
+	ssh_sftp:start_channel(Host, Port,
 			       [{silently_accept_hosts, true},
-				{user, ?USER}, {password, ?PASSWD}, 
-				{pwdfun, fun(_,_) -> true end},
-				{system_dir, DataDir},
-				{user_dir, DataDir},
+				{user_dir, PrivDir},
 				{timeout, 30000}]),
     TmpConfig = lists:keydelete(sftp, 1, Config),
     NewConfig = lists:keydelete(sftpd, 1, TmpConfig),
-    [{sftp, {ChannelPid, Connection}}, {sftpd, Sftpd} | NewConfig].
+    [{port, Port}, {sftp, {ChannelPid, Connection}}, {sftpd, Sftpd} | NewConfig].
 
 %%--------------------------------------------------------------------
 %% Function: end_per_testcase(TestCase, Config) -> _
@@ -216,6 +210,8 @@ quit_OTP_6349(suite) ->
 quit_OTP_6349(Config) when is_list(Config) ->
     DataDir = ?config(data_dir, Config),
     FileName = filename:join(DataDir, "test.txt"),
+    UserDir = ?config(priv_dir, Config), 
+    Port = ?config(port, Config),
 
     {Sftp, _} = ?config(sftp, Config),
 
@@ -226,11 +222,10 @@ quit_OTP_6349(Config) when is_list(Config) ->
     Host = ssh_test_lib:hostname(),
 
     timer:sleep(5000),
-    {ok, NewSftp, _Conn} = ssh_sftp:start_channel(Host, ?SSHD_PORT,
+    {ok, NewSftp, _Conn} = ssh_sftp:start_channel(Host, Port,
 						 [{silently_accept_hosts, true},
 						  {pwdfun, fun(_,_) -> true end},
-						  {system_dir, DataDir},
-						  {user_dir, DataDir},
+						  {user_dir, UserDir},
 						  {user, ?USER}, {password, ?PASSWD}]),
 
     {ok, <<_/binary>>} = ssh_sftp:read_file(NewSftp, FileName),
diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/id_dsa b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/id_dsa
new file mode 100644
index 0000000000..d306f8b26e
--- /dev/null
+++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/id_dsa
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQDfi2flSTZZofwT4yQT0NikX/LGNT7UPeB/XEWe/xovEYCElfaQ
+APFixXvEgXwoojmZ5kiQRKzLM39wBP0jPERLbnZXfOOD0PDnw0haMh7dD7XKVMod
+/EigVgHf/qBdM2M8yz1s/rRF7n1UpLSypziKjkzCm7JoSQ2zbWIPdmBIXwIVAMgP
+kpr7Sq3O7sHdb8D601DRjoExAoGAMOQxDfB2Fd8ouz6G96f/UOzRMI/Kdv8kYYKW
+JIGY+pRYrLPyYzUeJznwZreOJgrczAX+luHnKFWJ2Dnk5CyeXk67Wsr7pJ/4MBMD
+OKeIS0S8qoSBN8+Krp79fgA+yS3IfqbkJLtLu4EBaCX4mKQIX4++k44d4U5lc8pt
++9hlEI8CgYEAznKxx9kyC6bVo7LUYKaGhofRFt0SYFc5PVmT2VUGRs1R6+6DPD+e
+uEO6IhFct7JFSRbP9p0JD4Uk+3zlZF+XX6b2PsZkeV8f/02xlNGUSmEzCSiNg1AX
+Cy/WusYhul0MncWCHMcOZB5rIvU/aP5EJJtn3xrRaz6u0SThF6AnT34CFQC63czE
+ZU8w8Q+H7z0j+a+70x2iAw==
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_host_dsa_key
new file mode 100644
index 0000000000..51ab6fbd88
--- /dev/null
+++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_host_dsa_key
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK
+wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q
+diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA
+l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X
+skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF
+Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP
+ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah
+/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U
+ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W
+Lv62jKcdskxNyz2NQoBx
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_host_dsa_key.pub
new file mode 100644
index 0000000000..4dbb1305b0
--- /dev/null
+++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_host_dsa_key.pub
@@ -0,0 +1,11 @@
+---- BEGIN SSH2 PUBLIC KEY ----
+AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j
+YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2
+KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU
+aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI
+fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT
+MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh
+DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48
+wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2
+/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg==
+---- END SSH2 PUBLIC KEY ----
diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl
index 425fae22c1..26bbdf5c5c 100644
--- a/lib/ssh/test/ssh_test_lib.erl
+++ b/lib/ssh/test/ssh_test_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -68,15 +68,14 @@ daemon(Host, Port, Options) ->
 	    Error
     end.
 
-
-
+start_shell(Port, IOServer, UserDir) ->
+    spawn_link(?MODULE, init_shell, [Port, IOServer, [{user_dir, UserDir}]]).
 
 start_shell(Port, IOServer) ->
-    spawn_link(?MODULE, init_shell, [Port, IOServer]).
+    spawn_link(?MODULE, init_shell, [Port, IOServer, []]).
 
-init_shell(Port, IOServer) ->
+init_shell(Port, IOServer, UserDir) ->
     Host = hostname(),
-    UserDir = get_user_dir(),
     Options = [{user_interaction, false}, {silently_accept_hosts,
 					   true}] ++ UserDir,
     group_leader(IOServer, self()),
@@ -95,13 +94,10 @@ init_io_server(TestCase) ->
 loop_io_server(TestCase, Buff0) ->
      receive
 	 {input, TestCase, Line} ->
-	     %io:format("~p~n",[{input, TestCase, Line}]),
 	     loop_io_server(TestCase, Buff0 ++ [Line]);
 	 {io_request, From, ReplyAs, Request} ->
-	     %io:format("request -> ~p~n",[Request]),
 	     {ok, Reply, Buff} = io_request(Request, TestCase, From,
 					    ReplyAs, Buff0),
-	     %io:format("reply -> ~p~n",[Reply]),
 	     io_reply(From, ReplyAs, Reply),
 	     loop_io_server(TestCase, Buff);
 	 {'EXIT',_, _} ->
@@ -139,12 +135,18 @@ reply(TestCase, Result) ->
 receive_exec_result(Msg) ->
     test_server:format("Expect data! ~p", [Msg]),
     receive
+	{ssh_cm,_,{data,_,1, Data}} ->
+	    test_server:format("StdErr: ~p~n", [Data]),
+	    receive_exec_result(Msg);
 	Msg ->
 	    test_server:format("1: Collected data ~p", [Msg]),
 	    expected;
 	Other ->
+	    test_server:format("Other ~p", [Other]),
 	    {unexpected_msg, Other}
     end.
+
+
 receive_exec_end(ConnectionRef, ChannelId) ->
     Eof = {ssh_cm, ConnectionRef, {eof, ChannelId}},
     ExitStatus = {ssh_cm, ConnectionRef, {exit_status, ChannelId, 0}},
@@ -181,27 +183,21 @@ inet_port()->
     gen_tcp:close(Socket),
     Port.
 
-
-%% copy private keys to given dir from ~/.ssh
-get_id_keys(DstDir) ->
-    SrcDir = filename:join(os:getenv("HOME"), ".ssh"),
-    RsaOk = copyfile(SrcDir, DstDir, "id_rsa"),
-    DsaOk = copyfile(SrcDir, DstDir, "id_dsa"),
-    case {RsaOk, DsaOk} of
-	{{ok, _}, {ok, _}} -> {ok, both};
-	{{ok, _}, _} -> {ok, rsa};
-	{_, {ok, _}} -> {ok, dsa};
-	{Error, _} -> Error
-    end.
-
-remove_id_keys(Dir) ->
-    file:delete(filename:join(Dir, "id_rsa")),
-    file:delete(filename:join(Dir, "id_dsa")).
-
-copyfile(SrcDir, DstDir, Fn) ->
-    file:copy(filename:join(SrcDir, Fn),
-	      filename:join(DstDir, Fn)).
-
+setup_ssh_auth_keys(RSAFile, DSAFile, Dir) ->
+    Entries = ssh_file_entry(RSAFile) ++ ssh_file_entry(DSAFile),
+    AuthKeys = public_key:ssh_encode(Entries , auth_keys),
+    AuthKeysFile = filename:join(Dir, "authorized_keys"),
+    file:write_file(AuthKeysFile, AuthKeys).
+
+ssh_file_entry(PubFile) ->
+    case file:read_file(PubFile) of
+	{ok, Ssh} ->
+	    [{Key, _}] = public_key:ssh_decode(Ssh, public_key), 
+	    [{Key, [{comment, "Test"}]}];
+	_ ->
+	    []
+    end. 
+	    
 failfun(_User, {authmethod,none}) ->
     ok;
 failfun(User, Reason) ->
@@ -222,463 +218,123 @@ known_hosts(BR) ->
 	    file:rename(B, KnownHosts)
     end.
 
-
-get_user_dir() ->
-    case os:type() of
-	{win32, _} ->
-	    [{user_dir, filename:join([os:getenv("HOME"), ".ssh"])}];
-	_ ->
-	    []
-    end.
-
-
-make_dsa_cert_files(Config) ->    
-    make_dsa_cert_files("", Config).
-
-make_dsa_cert_files(RoleStr, Config) ->    
-    
-    CaInfo = {CaCert, _} = make_cert([{key, dsa}]),
-    {Cert, CertKey} = make_cert([{key, dsa}, {issuer, CaInfo}]),
-    CaCertFile = filename:join([?config(data_dir, Config), 
- 				RoleStr, "dsa_cacerts.pem"]),
-    CertFile = filename:join([?config(data_dir, Config), 
- 			      RoleStr, "dsa_cert.pem"]),
-    KeyFile = filename:join([?config(data_dir, Config), 
-			     RoleStr, "dsa_key.pem"]),
+setup_dsa(DataDir, UserDir) ->
+    file:copy(filename:join(DataDir, "id_dsa"), filename:join(UserDir, "id_dsa")),
+    System = filename:join(UserDir, "system"),
+    file:make_dir(System),
+    file:copy(filename:join(DataDir, "ssh_host_dsa_key"), filename:join(System, "ssh_host_dsa_key")),
+    file:copy(filename:join(DataDir, "ssh_host_dsa_key.pub"), filename:join(System, "ssh_host_dsa_key.pub")),
+    setup_dsa_known_host(DataDir, UserDir),
+    setup_dsa_auth_keys(DataDir, UserDir).
     
-    der_to_pem(CaCertFile, [{'Certificate', CaCert, not_encrypted}]),
-    der_to_pem(CertFile, [{'Certificate', Cert, not_encrypted}]),
-    der_to_pem(KeyFile, [CertKey]),
-    {CaCertFile, CertFile, KeyFile}.
-
-make_dsa_files(Config) ->
-    make_dsa_files(Config, rfc4716_public_key).
-make_dsa_files(Config, Type) ->
-    {DSA, EncodedKey} = ssh_test_lib:gen_dsa(128, 20),
-    PKey = DSA#'DSAPrivateKey'.y,
-    P = DSA#'DSAPrivateKey'.p,
-    Q = DSA#'DSAPrivateKey'.q,
-    G = DSA#'DSAPrivateKey'.g,
-    Dss = #'Dss-Parms'{p=P, q=Q, g=G},
+setup_rsa(DataDir, UserDir) ->
+    file:copy(filename:join(DataDir, "id_rsa"), filename:join(UserDir, "id_rsa")),
+    System = filename:join(UserDir, "system"),
+    file:make_dir(System),
+    file:copy(filename:join(DataDir, "ssh_host_rsa_key"), filename:join(System, "ssh_host_rsa_key")),
+    file:copy(filename:join(DataDir, "ssh_host_rsa_key"), filename:join(System, "ssh_host_rsa_key.pub")),
+    setup_rsa_known_host(DataDir, UserDir),
+    setup_rsa_auth_keys(DataDir, UserDir).
+
+clean_dsa(UserDir) ->
+    del_dirs(filename:join(UserDir, "system")),
+    file:delete(filename:join(UserDir,"id_dsa")),
+    file:delete(filename:join(UserDir,"known_hosts")),
+    file:delete(filename:join(UserDir,"authorized_keys")).
+
+clean_rsa(UserDir) ->
+    del_dirs(filename:join(UserDir, "system")),
+    file:delete(filename:join(UserDir,"id_rsa")),
+    file:delete(filename:join(UserDir,"known_hosts")),
+    file:delete(filename:join(UserDir,"authorized_keys")).
+
+setup_dsa_pass_pharse(DataDir, UserDir, Phrase) ->
+    {ok, KeyBin} = file:read_file(filename:join(DataDir, "id_dsa")),
+    setup_pass_pharse(KeyBin, filename:join(UserDir, "id_dsa"), Phrase),
+    System = filename:join(UserDir, "system"),
+    file:make_dir(System),
+    file:copy(filename:join(DataDir, "ssh_host_dsa_key"), filename:join(System, "ssh_host_dsa_key")),
+    file:copy(filename:join(DataDir, "ssh_host_dsa_key.pub"), filename:join(System, "ssh_host_dsa_key.pub")),
+    setup_dsa_known_host(DataDir, UserDir),
+    setup_dsa_auth_keys(DataDir, UserDir).
+
+setup_rsa_pass_pharse(DataDir, UserDir, Phrase) ->
+    {ok, KeyBin} = file:read_file(filename:join(DataDir, "id_rsa")),
+    setup_pass_pharse(KeyBin, filename:join(UserDir, "id_rsa"), Phrase),
+    System = filename:join(UserDir, "system"),
+    file:make_dir(System),
+    file:copy(filename:join(DataDir, "ssh_host_rsa_key"), filename:join(System, "ssh_host_rsa_key")),
+    file:copy(filename:join(DataDir, "ssh_host_rsa_key.pub"), filename:join(System, "ssh_host_rsa_key.pub")),
+    setup_rsa_known_host(DataDir, UserDir),
+    setup_rsa_auth_keys(DataDir, UserDir).
+
+setup_pass_pharse(KeyBin, OutFile, Phrase) ->
+    [{KeyType, _,_} = Entry0] = public_key:pem_decode(KeyBin),
+    Key =  public_key:pem_entry_decode(Entry0),
+    Salt = crypto:rand_bytes(8),
+    Entry = public_key:pem_entry_encode(KeyType, Key,
+					{{"DES-CBC", Salt}, Phrase}),
+    Pem = public_key:pem_encode([Entry]),
+    file:write_file(OutFile, Pem).
+
+setup_dsa_known_host(SystemDir, UserDir) ->
+    {ok, SshBin} = file:read_file(filename:join(SystemDir, "ssh_host_dsa_key.pub")),
+    [{Key, _}] = public_key:ssh_decode(SshBin, public_key),
+    setup_known_hosts(Key, UserDir).
+
+setup_rsa_known_host(SystemDir, UserDir) ->
+    {ok, SshBin} = file:read_file(filename:join(SystemDir, "ssh_host_rsa_key.pub")),
+    [{Key, _}] = public_key:ssh_decode(SshBin, public_key),
+    setup_known_hosts(Key, UserDir).
+
+setup_known_hosts(Key, UserDir) ->
     {ok, Hostname} = inet:gethostname(),
     {ok, {A, B, C, D}} = inet:getaddr(Hostname, inet),
     IP = lists:concat([A, ".", B, ".", C, ".", D]),
-    Attributes = [], % Could be [{comment,"user@" ++ Hostname}],
-    HostNames = [{hostnames,[IP, IP]}],
-    PublicKey = [{{PKey, Dss}, Attributes}],
-    KnownHosts = [{{PKey, Dss}, HostNames}],
-
+    HostNames = [{hostnames,[Hostname, IP]}],
+    KnownHosts = [{Key, HostNames}],
     KnownHostsEnc = public_key:ssh_encode(KnownHosts, known_hosts),
-    KnownHosts = public_key:ssh_decode(KnownHostsEnc, known_hosts),
-
-    PublicKeyEnc = public_key:ssh_encode(PublicKey, Type),
-%    PublicKey = public_key:ssh_decode(PublicKeyEnc, Type),
-
-    SystemTmpDir = ?config(data_dir, Config),
-    filelib:ensure_dir(SystemTmpDir),
-    file:make_dir(SystemTmpDir),
-    
-    DSAFile = filename:join(SystemTmpDir, "ssh_host_dsa_key.pub"),
-    file:delete(DSAFile),
-    
-    DSAPrivateFile  = filename:join(SystemTmpDir, "ssh_host_dsa_key"),
-    file:delete(DSAPrivateFile),
+    KHFile = filename:join(UserDir, "known_hosts"),
+    file:write_file(KHFile, KnownHostsEnc).
 
-    KHFile = filename:join(SystemTmpDir, "known_hosts"),
-    file:delete(KHFile),
-    
-    PemBin = public_key:pem_encode([EncodedKey]),
-
-    file:write_file(DSAFile, PublicKeyEnc),
-    file:write_file(KHFile, KnownHostsEnc),
-    file:write_file(DSAPrivateFile, PemBin),
-    ok.
-
-%%--------------------------------------------------------------------
-%% Create and return a der encoded certificate
-%%   Option                                         Default
-%%   -------------------------------------------------------
-%%   digest                                         sha1
-%%   validity                                       {date(), date() + week()}
-%%   version                                        3
-%%   subject                                        [] list of the following content
-%%      {name,  Name}
-%%      {email, Email} 
-%%      {city,  City}
-%%      {state, State}
-%%      {org, Org}
-%%      {org_unit, OrgUnit}
-%%      {country, Country} 
-%%      {serial, Serial}
-%%      {title, Title}
-%%      {dnQualifer, DnQ}
-%%   issuer = {Issuer, IssuerKey}                   true (i.e. a ca cert is created) 
-%%                                                  (obs IssuerKey migth be {Key, Password}
-%%   key = KeyFile|KeyBin|rsa|dsa                   Subject PublicKey rsa or dsa generates key
-%%   
-%%
-%%   (OBS: The generated keys are for testing only)
-%% make_cert([{::atom(), ::term()}]) -> {Cert::binary(), Key::binary()}
-%%--------------------------------------------------------------------
-make_cert(Opts) ->
-    SubjectPrivateKey = get_key(Opts),
-    {TBSCert, IssuerKey} = make_tbs(SubjectPrivateKey, Opts),
-    Cert = public_key:pkix_sign(TBSCert, IssuerKey),
-    true = verify_signature(Cert, IssuerKey, undef), %% verify that the keys where ok
-    {Cert, encode_key(SubjectPrivateKey)}.
-
-%%--------------------------------------------------------------------
-%% Writes cert files in Dir with FileName and FileName ++ Suffix
-%% write_cert(::string(), ::string(), {Cert,Key}) -> ok
-%%--------------------------------------------------------------------
-write_cert(Dir, FileName, Suffix, {Cert, Key = {_,_,not_encrypted}}) when is_binary(Cert) ->
-    ok = der_to_pem(filename:join(Dir, FileName),
-			       [{'Certificate', Cert, not_encrypted}]),
-    ok = der_to_pem(filename:join(Dir, FileName ++ Suffix), [Key]).
-
-%%--------------------------------------------------------------------
-%% Creates a rsa key (OBS: for testing only)
-%%   the size are in bytes
-%% gen_rsa(::integer()) -> {::atom(), ::binary(), ::opaque()}
-%%--------------------------------------------------------------------
-gen_rsa(Size) when is_integer(Size) ->
-    Key = gen_rsa2(Size),
-    {Key, encode_key(Key)}.
-
-%%--------------------------------------------------------------------
-%% Creates a dsa key (OBS: for testing only)
-%%   the sizes are in bytes
-%% gen_dsa(::integer()) -> {::atom(), ::binary(), ::opaque()}
-%%--------------------------------------------------------------------
-gen_dsa(LSize,NSize) when is_integer(LSize), is_integer(NSize) ->
-    Key = gen_dsa2(LSize, NSize),
-    {Key, encode_key(Key)}.
-
-%%--------------------------------------------------------------------
-%% Verifies cert signatures
-%% verify_signature(::binary(), ::tuple()) -> ::boolean()
-%%--------------------------------------------------------------------
-verify_signature(DerEncodedCert, DerKey, _KeyParams) ->
-    Key = decode_key(DerKey),
-    case Key of 
-	#'RSAPrivateKey'{modulus=Mod, publicExponent=Exp} ->
-	    public_key:pkix_verify(DerEncodedCert, 
-				   #'RSAPublicKey'{modulus=Mod, publicExponent=Exp});
-	#'DSAPrivateKey'{p=P, q=Q, g=G, y=Y} ->
-	    public_key:pkix_verify(DerEncodedCert, {Y, #'Dss-Parms'{p=P, q=Q, g=G}})
-    end.
-
-%%%%%%%%%%%%%%%%%%%%%%%%% Implementation %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-get_key(Opts) ->
-    case proplists:get_value(key, Opts) of
-	undefined -> make_key(rsa, Opts);
-	rsa ->       make_key(rsa, Opts);
-	dsa ->       make_key(dsa, Opts);
-	Key ->
-	    Password = proplists:get_value(password, Opts, no_passwd),
-	    decode_key(Key, Password)
-    end.
-
-decode_key({Key, Pw}) ->
-    decode_key(Key, Pw);
-decode_key(Key) ->
-    decode_key(Key, no_passwd).
-    
-
-decode_key(#'RSAPublicKey'{} = Key,_) ->
-    Key;
-decode_key(#'RSAPrivateKey'{} = Key,_) ->
-    Key;
-decode_key(#'DSAPrivateKey'{} = Key,_) ->
-    Key;
-decode_key(PemEntry = {_,_,_}, Pw) ->
-    public_key:pem_entry_decode(PemEntry, Pw);
-decode_key(PemBin, Pw) ->
-    [KeyInfo] = public_key:pem_decode(PemBin),
-    decode_key(KeyInfo, Pw).
-
-encode_key(Key = #'RSAPrivateKey'{}) ->
-    {ok, Der} = 'OTP-PUB-KEY':encode('RSAPrivateKey', Key),
-    {'RSAPrivateKey', list_to_binary(Der), not_encrypted};   
-encode_key(Key = #'DSAPrivateKey'{}) ->
-    {ok, Der} = 'OTP-PUB-KEY':encode('DSAPrivateKey', Key),
-    {'DSAPrivateKey', list_to_binary(Der), not_encrypted}.
-
-make_tbs(SubjectKey, Opts) ->    
-    Version = list_to_atom("v"++integer_to_list(proplists:get_value(version, Opts, 3))),
-
-    IssuerProp = proplists:get_value(issuer, Opts, true),
-    {Issuer, IssuerKey}  = issuer(IssuerProp, Opts, SubjectKey),
-
-    {Algo, Parameters} = sign_algorithm(IssuerKey, Opts),
-    
-    SignAlgo = #'SignatureAlgorithm'{algorithm  = Algo,
-				     parameters = Parameters},    
-    Subject = case IssuerProp of
-		  true -> %% Is a Root Ca
-		      Issuer;
-		  _ ->
-		      subject(proplists:get_value(subject, Opts),false)
-	      end,
-
-    {#'OTPTBSCertificate'{serialNumber = trunc(random:uniform()*100000000)*10000 + 1,
-			  signature    = SignAlgo,
-			  issuer       = Issuer,
-			  validity     = validity(Opts),
-			  subject      = Subject,
-			  subjectPublicKeyInfo = publickey(SubjectKey),
-			  version      = Version,
-			  extensions   = extensions(Opts)
-			 }, IssuerKey}.
-
-issuer(true, Opts, SubjectKey) ->
-    %% Self signed
-    {subject(proplists:get_value(subject, Opts), true), SubjectKey};
-issuer({Issuer, IssuerKey}, _Opts, _SubjectKey) when is_binary(Issuer) ->
-    {issuer_der(Issuer), decode_key(IssuerKey)};
-issuer({File, IssuerKey}, _Opts, _SubjectKey) when is_list(File) ->
-    {ok, [{cert, Cert, _}|_]} = pem_to_der(File),
-    {issuer_der(Cert), decode_key(IssuerKey)}.
-
-issuer_der(Issuer) ->
-    Decoded = public_key:pkix_decode_cert(Issuer, otp),
-    #'OTPCertificate'{tbsCertificate=Tbs} = Decoded,
-    #'OTPTBSCertificate'{subject=Subject} = Tbs,
-    Subject.
-
-subject(undefined, IsRootCA) ->
-    User = if IsRootCA -> "RootCA"; true -> os:getenv("USER") end,
-    Opts = [{email, User ++ "@erlang.org"},
-	    {name, User},
-	    {city, "Stockholm"},
-	    {country, "SE"},
-	    {org, "erlang"},
-	    {org_unit, "testing dep"}],
-    subject(Opts);
-subject(Opts, _) ->
-    subject(Opts).
-
-subject(SubjectOpts) when is_list(SubjectOpts) ->
-    Encode = fun(Opt) ->
-		     {Type,Value} = subject_enc(Opt),
-		     [#'AttributeTypeAndValue'{type=Type, value=Value}]
-	     end,
-    {rdnSequence, [Encode(Opt) || Opt <- SubjectOpts]}.
-
-%% Fill in the blanks
-subject_enc({name,  Name}) ->       {?'id-at-commonName', {printableString, Name}};
-subject_enc({email, Email}) ->      {?'id-emailAddress', Email};
-subject_enc({city,  City}) ->       {?'id-at-localityName', {printableString, City}};
-subject_enc({state, State}) ->      {?'id-at-stateOrProvinceName', {printableString, State}};
-subject_enc({org, Org}) ->          {?'id-at-organizationName', {printableString, Org}};
-subject_enc({org_unit, OrgUnit}) -> {?'id-at-organizationalUnitName', {printableString, OrgUnit}};
-subject_enc({country, Country}) ->  {?'id-at-countryName', Country};
-subject_enc({serial, Serial}) ->    {?'id-at-serialNumber', Serial};
-subject_enc({title, Title}) ->      {?'id-at-title', {printableString, Title}};
-subject_enc({dnQualifer, DnQ}) ->   {?'id-at-dnQualifier', DnQ};
-subject_enc(Other) ->               Other.
-
-
-extensions(Opts) ->
-    case proplists:get_value(extensions, Opts, []) of
-	false -> 
-	    asn1_NOVALUE;
-	Exts  -> 
-	    lists:flatten([extension(Ext) || Ext <- default_extensions(Exts)])
-    end.
-
-default_extensions(Exts) ->
-    Def = [{key_usage,undefined}, 
-	   {subject_altname, undefined},
-	   {issuer_altname, undefined},
-	   {basic_constraints, default},
-	   {name_constraints, undefined},
-	   {policy_constraints, undefined},
-	   {ext_key_usage, undefined},
-	   {inhibit_any, undefined},
-	   {auth_key_id, undefined},
-	   {subject_key_id, undefined},
-	   {policy_mapping, undefined}],
-    Filter = fun({Key, _}, D) -> lists:keydelete(Key, 1, D) end,
-    Exts ++ lists:foldl(Filter, Def, Exts).
-       	
-extension({_, undefined}) -> [];
-extension({basic_constraints, Data}) ->
-    case Data of
-	default ->
-	    #'Extension'{extnID = ?'id-ce-basicConstraints',
-			 extnValue = #'BasicConstraints'{cA=true},
-			 critical=true};
-	false -> 
-	    [];
-	Len when is_integer(Len) ->
-	    #'Extension'{extnID = ?'id-ce-basicConstraints',
-			 extnValue = #'BasicConstraints'{cA=true, pathLenConstraint=Len},
-			 critical=true};
+setup_dsa_auth_keys(Dir, UserDir) ->
+    {ok, Pem} = file:read_file(filename:join(Dir, "id_dsa")),
+    DSA = public_key:pem_entry_decode(hd(public_key:pem_decode(Pem))),
+    PKey = DSA#'DSAPrivateKey'.y,
+    P = DSA#'DSAPrivateKey'.p,
+    Q = DSA#'DSAPrivateKey'.q,
+    G = DSA#'DSAPrivateKey'.g,
+    Dss = #'Dss-Parms'{p=P, q=Q, g=G},
+    setup_auth_keys([{{PKey, Dss}, [{comment, "Test"}]}], UserDir).
+
+setup_rsa_auth_keys(Dir, UserDir) ->
+    {ok, Pem} = file:read_file(filename:join(Dir, "id_rsa")),
+    RSA = public_key:pem_entry_decode(hd(public_key:pem_decode(Pem))),
+    #'RSAPrivateKey'{publicExponent = E, modulus = N} = RSA,
+    PKey = #'RSAPublicKey'{publicExponent = E, modulus = N},
+    setup_auth_keys([{ PKey, [{comment, "Test"}]}], UserDir).
+
+setup_auth_keys(Keys, Dir) ->
+    AuthKeys = public_key:ssh_encode(Keys, auth_keys),
+    AuthKeysFile = filename:join(Dir, "authorized_keys"),
+    file:write_file(AuthKeysFile, AuthKeys).
+
+
+del_dirs(Dir) ->
+    case file:list_dir(Dir) of
+	{ok, []} ->
+	    file:del_dir(Dir);
+	{ok, Files} ->
+	    lists:foreach(fun(File) ->
+				  FullPath = filename:join(Dir,File),
+				  case filelib:is_dir(FullPath) of
+				      true ->
+					  del_dirs(FullPath),
+					  file:del_dir(FullPath);
+				      false ->
+					  file:delete(FullPath)
+				  end
+			  end, Files);
 	_ ->
-	    #'Extension'{extnID = ?'id-ce-basicConstraints',
-			 extnValue = Data}
-    end;
-extension({Id, Data, Critical}) ->
-    #'Extension'{extnID = Id, extnValue = Data, critical = Critical}.
-
-
-publickey(#'RSAPrivateKey'{modulus=N, publicExponent=E}) ->
-    Public = #'RSAPublicKey'{modulus=N, publicExponent=E},
-    Algo = #'PublicKeyAlgorithm'{algorithm= ?rsaEncryption, parameters='NULL'},
-    #'OTPSubjectPublicKeyInfo'{algorithm = Algo,
-			       subjectPublicKey = Public};
-publickey(#'DSAPrivateKey'{p=P, q=Q, g=G, y=Y}) ->
-    Algo = #'PublicKeyAlgorithm'{algorithm= ?'id-dsa', 
-				 parameters={params, #'Dss-Parms'{p=P, q=Q, g=G}}},
-    #'OTPSubjectPublicKeyInfo'{algorithm = Algo, subjectPublicKey = Y}.
-
-validity(Opts) ->
-    DefFrom0 = calendar:gregorian_days_to_date(calendar:date_to_gregorian_days(date())-1),
-    DefTo0   = calendar:gregorian_days_to_date(calendar:date_to_gregorian_days(date())+7),
-    {DefFrom, DefTo} = proplists:get_value(validity, Opts, {DefFrom0, DefTo0}),
-    Format = fun({Y,M,D}) -> lists:flatten(io_lib:format("~w~2..0w~2..0w000000Z",[Y,M,D])) end,
-    #'Validity'{notBefore={generalTime, Format(DefFrom)},
-		notAfter ={generalTime, Format(DefTo)}}.
-
-sign_algorithm(#'RSAPrivateKey'{}, Opts) ->
-    Type = case proplists:get_value(digest, Opts, sha1) of
-	       sha1 ->   ?'sha1WithRSAEncryption';
-	       sha512 -> ?'sha512WithRSAEncryption';
-	       sha384 -> ?'sha384WithRSAEncryption';
-	       sha256 -> ?'sha256WithRSAEncryption';
-	       md5    -> ?'md5WithRSAEncryption';
-	       md2    -> ?'md2WithRSAEncryption'
-	   end,
-    {Type, 'NULL'};
-sign_algorithm(#'DSAPrivateKey'{p=P, q=Q, g=G}, _Opts) ->
-    {?'id-dsa-with-sha1', {params,#'Dss-Parms'{p=P, q=Q, g=G}}}.
-
-make_key(rsa, _Opts) ->
-    %% (OBS: for testing only)
-    gen_rsa2(64);
-make_key(dsa, _Opts) ->
-    gen_dsa2(128, 20).  %% Bytes i.e. {1024, 160} 
-    
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% RSA key generation  (OBS: for testing only)
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
--define(SMALL_PRIMES, [65537,97,89,83,79,73,71,67,61,59,53,
-		       47,43,41,37,31,29,23,19,17,13,11,7,5,3]).
-
-gen_rsa2(Size) ->
-    P = prime(Size),
-    Q = prime(Size),
-    N = P*Q,
-    Tot = (P - 1) * (Q - 1),
-    [E|_] = lists:dropwhile(fun(Candidate) -> (Tot rem Candidate) == 0 end, ?SMALL_PRIMES),
-    {D1,D2} = extended_gcd(E, Tot),
-    D = erlang:max(D1,D2),
-    case D < E of
-	true ->
-	    gen_rsa2(Size);
-	false ->
-	    {Co1,Co2} = extended_gcd(Q, P),
-	    Co = erlang:max(Co1,Co2),
-	    #'RSAPrivateKey'{version = 'two-prime',
-			     modulus = N,
-			     publicExponent  = E,
-			     privateExponent = D, 
-			     prime1 = P, 
-			     prime2 = Q, 
-			     exponent1 = D rem (P-1), 
-			     exponent2 = D rem (Q-1), 
-			     coefficient = Co
-			    }
+	    ok
     end.
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% DSA key generation  (OBS: for testing only)
-%% See http://en.wikipedia.org/wiki/Digital_Signature_Algorithm
-%% and the fips_186-3.pdf
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-gen_dsa2(LSize, NSize) ->
-    Q  = prime(NSize),  %% Choose N-bit prime Q
-    X0 = prime(LSize),
-    P0 = prime((LSize div 2) +1),
-    
-    %% Choose L-bit prime modulus P such that p-1 is a multiple of q.
-    case dsa_search(X0 div (2*Q*P0), P0, Q, 1000) of
-	error -> 
-	    gen_dsa2(LSize, NSize);
-	P ->	    
-	    G = crypto:mod_exp(2, (P-1) div Q, P), % Choose G a number whose multiplicative order modulo p is q.
-	    %%                 such that This may be done by setting g = h^(p-1)/q mod p, commonly h=2 is used.
-	    
-	    X = prime(20),               %% Choose x by some random method, where 0 < x < q.
-	    Y = crypto:mod_exp(G, X, P), %% Calculate y = g^x mod p.
-	    
-	    #'DSAPrivateKey'{version=0, p=P, q=Q, g=G, y=Y, x=X}
-    end.
-    
-%% See fips_186-3.pdf
-dsa_search(T, P0, Q, Iter) when Iter > 0 ->
-    P = 2*T*Q*P0 + 1,
-    case is_prime(crypto:mpint(P), 50) of
-	true -> P;
-	false -> dsa_search(T+1, P0, Q, Iter-1)
-    end;
-dsa_search(_,_,_,_) -> 
-    error.
-
-
-%%%%%%% Crypto Math %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-prime(ByteSize) ->
-    Rand = odd_rand(ByteSize),
-    crypto:erlint(prime_odd(Rand, 0)).
-
-prime_odd(Rand, N) ->
-    case is_prime(Rand, 50) of
-	true -> 
-	    Rand;
-	false -> 
-	    NotPrime = crypto:erlint(Rand),
-	    prime_odd(crypto:mpint(NotPrime+2), N+1)
-    end.
-
-%% see http://en.wikipedia.org/wiki/Fermat_primality_test
-is_prime(_, 0) -> true;
-is_prime(Candidate, Test) -> 
-    CoPrime = odd_rand(<<0,0,0,4, 10000:32>>, Candidate),
-    case crypto:mod_exp(CoPrime, Candidate, Candidate) of
-	CoPrime -> is_prime(Candidate, Test-1);
-	_       -> false
-    end.
-
-odd_rand(Size) ->
-    Min = 1 bsl (Size*8-1),
-    Max = (1 bsl (Size*8))-1,
-    odd_rand(crypto:mpint(Min), crypto:mpint(Max)).
-
-odd_rand(Min,Max) ->
-    Rand = <<Sz:32, _/binary>> = crypto:rand_uniform(Min,Max),
-    BitSkip = (Sz+4)*8-1,
-    case Rand of
-	Odd  = <<_:BitSkip,  1:1>> -> Odd;
-	Even = <<_:BitSkip,  0:1>> -> 
-	    crypto:mpint(crypto:erlint(Even)+1)
-    end.
-
-extended_gcd(A, B) ->
-    case A rem B of
-	0 ->
-	    {0, 1};
-	N ->
-	    {X, Y} = extended_gcd(B, N),
-	    {Y, X-Y*(A div B)}
-    end.
-
-pem_to_der(File) ->
-    {ok, PemBin} = file:read_file(File),
-    public_key:pem_decode(PemBin).
-
-der_to_pem(File, Entries) ->
-    PemBin = public_key:pem_encode(Entries),
-    file:write_file(File, PemBin).
diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl
index f959d50484..dfe526564d 100644
--- a/lib/ssh/test/ssh_to_openssh_SUITE.erl
+++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -42,8 +42,12 @@
 init_per_suite(Config) ->
     case catch crypto:start() of
 	ok ->
-	    ssh_test_lib:make_dsa_files(Config),
-	    Config;
+	    case gen_tcp:connect("localhost", 22, []) of
+		{error,econnrefused} ->
+		    {skip,"No openssh deamon"};
+		_ ->
+		    Config
+	    end;
 	_Else ->
 	    {skip,"Could not start crypto!"}
     end.
@@ -100,26 +104,38 @@ all() ->
 	false -> 
 	    {skip, "openSSH not installed on host"};
 	_ ->
-	    [erlang_shell_client_openssh_server,
-	     erlang_client_openssh_server_exec,
-	     erlang_client_openssh_server_exec_compressed,
-	     erlang_server_openssh_client_exec,
-	     erlang_server_openssh_client_exec_compressed,
-	     erlang_client_openssh_server_setenv,
-	     erlang_client_openssh_server_publickey_rsa,
-	     erlang_client_openssh_server_publickey_dsa,
-	     erlang_server_openssh_client_pulic_key_dsa,
-	     erlang_client_openssh_server_password]
+	    [{group, erlang_client},
+	     {group, erlang_server}
+	     ]
     end.
 
 groups() -> 
-    [].
-
-init_per_group(_GroupName, Config) ->
-	Config.
+    [{erlang_client, [], [erlang_shell_client_openssh_server,
+			  erlang_client_openssh_server_exec,
+			  erlang_client_openssh_server_exec_compressed,
+			  erlang_client_openssh_server_setenv,
+			  erlang_client_openssh_server_publickey_rsa,
+			  erlang_client_openssh_server_publickey_dsa,
+			  erlang_client_openssh_server_password]},
+     {erlang_server, [], [erlang_server_openssh_client_exec,
+			  erlang_server_openssh_client_exec_compressed,
+			  erlang_server_openssh_client_pulic_key_dsa]}
+    ].
+
+init_per_group(erlang_server, Config) ->
+    DataDir = ?config(data_dir, Config),
+    UserDir = ?config(priv_dir, Config),
+    ssh_test_lib:setup_dsa_known_host(DataDir, UserDir),
+    Config;
+init_per_group(_, Config) ->
+    Config.
 
-end_per_group(_GroupName, Config) ->
-	Config.
+end_per_group(erlang_server, Config) ->
+    UserDir = ?config(priv_dir, Config),
+    ssh_test_lib:clean_dsa(UserDir),
+    Config;
+end_per_group(_, Config) ->
+    Config.
 
 %% TEST cases starts here.
 %%--------------------------------------------------------------------
@@ -229,7 +245,9 @@ erlang_server_openssh_client_exec(suite) ->
 
 erlang_server_openssh_client_exec(Config) when is_list(Config) ->
     SystemDir = ?config(data_dir, Config),
-    
+    PrivDir = ?config(priv_dir, Config),
+    KnownHosts = filename:join(PrivDir, "known_hosts"),
+
     {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
 					     {failfun, fun ssh_test_lib:failfun/2}]),
     
@@ -237,7 +255,10 @@ erlang_server_openssh_client_exec(Config) when is_list(Config) ->
     test_server:sleep(500),
 
     Cmd = "ssh -p " ++ integer_to_list(Port) ++
-	" -o StrictHostKeyChecking=no "++ Host ++ " 1+1.",
+	" -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " 1+1.",
+
+    test_server:format("Cmd: ~p~n", [Cmd]),
+
     SshPort = open_port({spawn, Cmd}, [binary]),
 
     receive
@@ -258,6 +279,9 @@ erlang_server_openssh_client_exec_compressed(suite) ->
 
 erlang_server_openssh_client_exec_compressed(Config) when is_list(Config) ->
     SystemDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    KnownHosts = filename:join(PrivDir, "known_hosts"),
+
     {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
 					     {compression, zlib},
 					     {failfun, fun ssh_test_lib:failfun/2}]),
@@ -265,7 +289,7 @@ erlang_server_openssh_client_exec_compressed(Config) when is_list(Config) ->
     test_server:sleep(500),
 
     Cmd = "ssh -p " ++ integer_to_list(Port) ++
-	" -o StrictHostKeyChecking=no -C "++ Host ++ " 1+1.",
+	" -o UserKnownHostsFile=" ++ KnownHosts ++ " -C "++ Host ++ " 1+1.",
     SshPort = open_port({spawn, Cmd}, [binary]),
 
     receive
@@ -330,24 +354,27 @@ erlang_client_openssh_server_publickey_rsa(suite) ->
     [];
 erlang_client_openssh_server_publickey_rsa(Config) when is_list(Config) ->
     {ok,[[Home]]} = init:get_argument(home),
-    SrcDir =  filename:join(Home, ".ssh"),
-    UserDir = ?config(priv_dir, Config),
-    case ssh_test_lib:copyfile(SrcDir, UserDir, "id_rsa") of
-	{ok, _} ->
-	    ConnectionRef =
-		ssh_test_lib:connect(?SSH_DEFAULT_PORT,
-				     [{user_dir, UserDir},
-				      {public_key_alg, ssh_rsa},
-				      {user_interaction, false},
-				      silently_accept_hosts]),
-	    {ok, Channel} =
-		ssh_connection:session_channel(ConnectionRef, infinity),
-	    ok = ssh_connection:close(ConnectionRef, Channel),
-	    ok = ssh:close(ConnectionRef),
-	    ok = file:delete(filename:join(UserDir, "id_rsa"));
-	{error, enoent} ->
-	    {skip, "no ~/.ssh/id_rsa"}
+    KeyFile =  filename:join(Home, ".ssh/id_rsa"),
+    case file:read_file(KeyFile) of
+	{ok, Pem} ->
+	    case public_key:pem_decode(Pem) of
+		[{_,_, not_encrypted}] ->
+		    ConnectionRef =
+			ssh_test_lib:connect(?SSH_DEFAULT_PORT,
+					     [{public_key_alg, ssh_rsa},
+					      {user_interaction, false},
+					      silently_accept_hosts]),
+		    {ok, Channel} =
+			ssh_connection:session_channel(ConnectionRef, infinity),
+		    ok = ssh_connection:close(ConnectionRef, Channel),
+		    ok = ssh:close(ConnectionRef);
+		_ ->
+		    {skip, {error, "Has pass phrase can not be used by automated test case"}} 
+	    end;
+	_ ->
+	    {skip, "no ~/.ssh/id_rsa"}  
     end.
+	
 
 %%--------------------------------------------------------------------
 erlang_client_openssh_server_publickey_dsa(doc) ->
@@ -356,25 +383,26 @@ erlang_client_openssh_server_publickey_dsa(suite) ->
     [];
 erlang_client_openssh_server_publickey_dsa(Config) when is_list(Config) ->
     {ok,[[Home]]} = init:get_argument(home),
-    SrcDir =  filename:join(Home, ".ssh"),
-    UserDir = ?config(priv_dir, Config),
-    case ssh_test_lib:copyfile(SrcDir, UserDir, "id_dsa") of
-	{ok, _} ->
-	    ConnectionRef =
-		ssh_test_lib:connect(?SSH_DEFAULT_PORT,
-				     [{user_dir, UserDir},
-				      {public_key_alg, ssh_dsa},
-				      {user_interaction, false},
-				      silently_accept_hosts]),
-	    {ok, Channel} =
-		ssh_connection:session_channel(ConnectionRef, infinity),
-	    ok = ssh_connection:close(ConnectionRef, Channel),
-	    ok = ssh:close(ConnectionRef),
-	    ok = file:delete(filename:join(UserDir, "id_dsa"));
-	{error, enoent} ->
-	    {skip, "no ~/.ssh/id_dsa"}
+    KeyFile =  filename:join(Home, ".ssh/id_dsa"),
+    case file:read_file(KeyFile) of
+	{ok, Pem} ->
+	    case public_key:pem_decode(Pem) of
+		[{_,_, not_encrypted}] ->
+		    ConnectionRef =
+			ssh_test_lib:connect(?SSH_DEFAULT_PORT,
+					     [{public_key_alg, ssh_dsa},
+					      {user_interaction, false},
+					      silently_accept_hosts]),
+		    {ok, Channel} =
+			ssh_connection:session_channel(ConnectionRef, infinity),
+		    ok = ssh_connection:close(ConnectionRef, Channel),
+		    ok = ssh:close(ConnectionRef);
+		_ ->
+		    {skip, {error, "Has pass phrase can not be used by automated test case"}} 
+	    end;
+	_ ->
+	    {skip, "no ~/.ssh/id_dsa"}  
     end.
-
 %%--------------------------------------------------------------------
 erlang_server_openssh_client_pulic_key_dsa(doc) ->
     ["Validate using dsa publickey."];
@@ -384,6 +412,9 @@ erlang_server_openssh_client_pulic_key_dsa(suite) ->
 
 erlang_server_openssh_client_pulic_key_dsa(Config) when is_list(Config) ->
     SystemDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    KnownHosts = filename:join(PrivDir, "known_hosts"),
+
     {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
 					     {public_key_alg, ssh_dsa},
 					     {failfun, fun ssh_test_lib:failfun/2}]),
@@ -391,7 +422,8 @@ erlang_server_openssh_client_pulic_key_dsa(Config) when is_list(Config) ->
     test_server:sleep(500),
 
     Cmd = "ssh -p " ++ integer_to_list(Port) ++
-	" -o StrictHostKeyChecking=no "++ Host ++ " 1+1.",
+	" -o UserKnownHostsFile=" ++ KnownHosts ++
+	" " ++ Host ++ " 1+1.",
     SshPort = open_port({spawn, Cmd}, [binary]),
 
     receive
@@ -399,7 +431,6 @@ erlang_server_openssh_client_pulic_key_dsa(Config) when is_list(Config) ->
 	    ok
     after ?TIMEOUT ->
 	    test_server:fail("Did not receive answer")
-
     end,
      ssh:stop_daemon(Pid).
 
diff --git a/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_dsa_key
new file mode 100644
index 0000000000..51ab6fbd88
--- /dev/null
+++ b/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_dsa_key
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK
+wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q
+diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA
+l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X
+skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF
+Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP
+ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah
+/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U
+ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W
+Lv62jKcdskxNyz2NQoBx
+-----END DSA PRIVATE KEY-----
+
diff --git a/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_dsa_key.pub
new file mode 100644
index 0000000000..4dbb1305b0
--- /dev/null
+++ b/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_dsa_key.pub
@@ -0,0 +1,11 @@
+---- BEGIN SSH2 PUBLIC KEY ----
+AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j
+YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2
+KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU
+aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI
+fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT
+MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh
+DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48
+wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2
+/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg==
+---- END SSH2 PUBLIC KEY ----
diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk
index fe2b915d17..42f860d6ae 100644
--- a/lib/ssh/vsn.mk
+++ b/lib/ssh/vsn.mk
@@ -1,5 +1,5 @@
 #-*-makefile-*-   ; force emacs to enter makefile-mode
 
-SSH_VSN = 2.0.8
+SSH_VSN = 2.0.9
 APP_VSN    = "ssh-$(SSH_VSN)"
 
diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 5df2632149..1e1fe0d119 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -30,7 +30,101 @@
   </header>
   <p>This document describes the changes made to the SSL application.</p>
   
-  <section><title>SSL 4.1.6</title>
+  <section><title>SSL 5.0</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Invalidation handling of sessions could cause the
+	    time_stamp field in the session record to be set to
+	    undefined crashing the session clean up process. This did
+	    not affect the connections but would result in that the
+	    session table would grow.</p>
+          <p>
+	    Own Id: OTP-9696 Aux Id: seq11947 </p>
+        </item>
+        <item>
+          <p>
+	    Changed code to use ets:foldl and throw instead of
+	    ets:next traversal, avoiding the need to explicitly call
+	    ets:safe_fixtable. It was possible to get a badarg-crash
+	    under special circumstances.</p>
+          <p>
+	    Own Id: OTP-9703 Aux Id: seq11947 </p>
+        </item>
+        <item>
+          <p>
+	    Send ssl_closed notification to active ssl user when a
+	    tcp error occurs.</p>
+          <p>
+	    Own Id: OTP-9734 Aux Id: seq11946 </p>
+        </item>
+        <item>
+          <p>
+	    If a passive receive was ongoing during a renegotiation
+	    the process evaluating ssl:recv could be left hanging for
+	    ever.</p>
+          <p>
+	    Own Id: OTP-9744</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Support for the old ssl implementation is dropped and the
+	    code is removed.</p>
+          <p>
+	    Own Id: OTP-7048</p>
+        </item>
+        <item>
+          <p>
+	    The erlang distribution can now be run over the new ssl
+	    implementation. All options can currently not be set but
+	    it is enough to replace to old ssl implementation.</p>
+          <p>
+	    Own Id: OTP-7053</p>
+        </item>
+        <item>
+          <p>
+	    public_key, ssl and crypto now supports PKCS-8</p>
+          <p>
+	    Own Id: OTP-9312</p>
+        </item>
+        <item>
+          <p>
+	    Implements a CBC timing attack counter measure. Thanks to
+	    Andreas Schultz for providing the patch.</p>
+          <p>
+	    Own Id: OTP-9683</p>
+        </item>
+        <item>
+          <p>
+	    Mitigates an SSL/TLS Computational DoS attack by
+	    disallowing the client to renegotiate many times in a row
+	    in a short time interval, thanks to Tuncer Ayaz for
+	    alerting us about this.</p>
+          <p>
+	    Own Id: OTP-9739</p>
+        </item>
+        <item>
+          <p>
+	    Implements the 1/n-1 splitting countermeasure to the
+	    Rizzo Duong BEAST attack, affects SSL 3.0 and TLS 1.0.
+	    Thanks to Tuncer Ayaz for alerting us about this.</p>
+          <p>
+	    Own Id: OTP-9750</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 4.1.6</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/ssl/src/inet_tls_dist.erl b/lib/ssl/src/inet_tls_dist.erl
index 115527aae0..bc395cb6d5 100644
--- a/lib/ssl/src/inet_tls_dist.erl
+++ b/lib/ssl/src/inet_tls_dist.erl
@@ -57,7 +57,7 @@ accept_connection(AcceptPid, Socket, MyNode, Allowed, SetupTime) ->
 
 setup(Node, Type, MyNode, LongOrShortNames,SetupTime) ->
     Kernel = self(),
-    spawn(fun() -> do_setup(Kernel, Node, Type, MyNode, LongOrShortNames, SetupTime) end).
+    spawn_opt(fun() -> do_setup(Kernel, Node, Type, MyNode, LongOrShortNames, SetupTime) end, [link, {priority, max}]).
 		   
 do_setup(Kernel, Node, Type, MyNode, LongOrShortNames, SetupTime) ->
     [Name, Address] = splitnode(Node, LongOrShortNames),
@@ -229,9 +229,7 @@ connect_hs_data(Kernel, Node, MyNode, Socket, Timer, Version, Ip, TcpPort, Addre
 accept_hs_data(Kernel, MyNode, Socket, Timer, Allowed) ->
     common_hs_data(Kernel, MyNode, Socket, Timer, #hs_data{
 					     allowed = Allowed,
-					     f_address = fun(S, N) -> 
-								 ssl_tls_dist_proxy:get_remote_id(S, N)
-							 end
+					     f_address = fun get_remote_id/2
 					    }).
 
 common_hs_data(Kernel, MyNode, Socket, Timer, HsData) ->
@@ -273,3 +271,11 @@ common_hs_data(Kernel, MyNode, Socket, Timer, HsData) ->
 		  P = proplists:get_value(send_pend, Stats, 0),
 		  {ok, R,W,P}
 	  end}.
+
+get_remote_id(Socket, _Node) ->
+    case ssl_tls_dist_proxy:get_tcp_address(Socket) of
+        {ok, Address} ->
+	    Address;
+	{error, _Reason} ->
+	    ?shutdown(no_node)
+    end.
diff --git a/lib/ssl/src/ssl_app.erl b/lib/ssl/src/ssl_app.erl
index c9f81726b9..0c475a6d01 100644
--- a/lib/ssl/src/ssl_app.erl
+++ b/lib/ssl/src/ssl_app.erl
@@ -27,16 +27,9 @@
 
 -export([start/2, stop/1]).
 
-%%--------------------------------------------------------------------
--spec start(normal | {takeover, node()} | {failover, node()}, list()) -> 
-		   ignore | {ok, pid()} | {error, term()}.
-%%--------------------------------------------------------------------
 start(_Type, _StartArgs) ->
     ssl_sup:start_link().
 
-%--------------------------------------------------------------------
--spec stop(term())-> ok.
-%%-------------------------------------------------------------------- 
 stop(_State) ->
     ok.
 
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 95a5efd6d0..d43d312be8 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -166,7 +166,7 @@ block_decipher(Fun, #cipher_state{key=Key, iv=IV} = CipherState0,
 	    false ->
 		%% decryption failed or invalid padding,
 		%% intentionally break Content to make
-		%% sure a packet with a an invalid padding
+		%% sure a packet with invalid padding
 		%% but otherwise correct data will fail
 		%% the MAC test later
 		{<<16#F0, Content/binary>>, Mac, CipherState1}
@@ -523,7 +523,7 @@ hash_size(sha) ->
 %%
 %% implementation note:
 %%   We return the original (possibly invalid) PadLength in any case.
-%%   A invalid PadLength will be cought by is_correct_padding/2
+%%   An invalid PadLength will be caught by is_correct_padding/2
 %%
 generic_block_cipher_from_bin(T, HashSize) ->
     Sz1 = byte_size(T) - 1,
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index dda0c27d0c..28dd0c85d0 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -87,10 +87,10 @@
           bytes_to_read,       % integer(), # bytes to read in passive mode
           user_data_buffer,    % binary()
 	  log_alert,           % boolean() 
-	  renegotiation,        % {boolean(), From | internal | peer}
-	  recv_during_renegotiation,  %boolean() 
-	  send_queue,           % queue()
-	  terminated = false,   %
+	  renegotiation,       % {boolean(), From | internal | peer}
+	  recv_from,           %
+	  send_queue,          % queue()
+	  terminated = false,  %
 	  allow_renegotiate = true
 	 }).
 
@@ -293,10 +293,6 @@ start_link(Role, Host, Port, Socket, Options, User, CbInfo) ->
 %% gen_fsm callbacks
 %%====================================================================
 %%--------------------------------------------------------------------
--spec init(list()) -> {ok, state_name(), #state{}, timeout()} | {stop, term()}.
-%% Possible return values not used now.
-%%			  | {ok, state_name(), #state{}} |
-%%			  ignore  
 %% Description:Whenever a gen_fsm is started using gen_fsm:start/[3,4] or
 %% gen_fsm:start_link/3,4, this function is called by the new process to 
 %% initialize. 
@@ -324,8 +320,6 @@ init([Role, Host, Port, Socket, {SSLOpts0, _} = Options,
     end.
    
 %%--------------------------------------------------------------------
-%% -spec state_name(event(), #state{}) -> gen_fsm_state_return()
-%%
 %% Description:There should be one instance of this function for each
 %% possible state name. Whenever a gen_fsm receives an event sent
 %% using gen_fsm:send_event/2, the instance of this function with the
@@ -357,15 +351,15 @@ hello(start, #state{host = Host, port = Port, role = client,
 			      Session0#session{session_id = Hello#client_hello.session_id},
 			  tls_handshake_hashes = Hashes1},
     {Record, State} = next_record(State1),
-    next_state(hello, Record, State);
+    next_state(hello, hello, Record, State);
 
 hello(start, #state{role = server} = State0) ->
     {Record, State} = next_record(State0),
-    next_state(hello, Record, State);
+    next_state(hello, hello, Record, State);
 
 hello(#hello_request{}, #state{role = client} = State0) ->
     {Record, State} = next_record(State0),
-    next_state(hello, Record, State);
+    next_state(hello, hello, Record, State);
 
 hello(#server_hello{cipher_suite = CipherSuite,
 		    compression_method = Compression} = Hello,
@@ -428,7 +422,7 @@ hello(Msg, State) ->
 %%--------------------------------------------------------------------
 abbreviated(#hello_request{}, State0) ->
     {Record, State} = next_record(State0),
-    next_state(hello, Record, State);
+    next_state(abbreviated, hello, Record, State);
 
 abbreviated(#finished{verify_data = Data} = Finished,
 	    #state{role = server,
@@ -481,7 +475,7 @@ abbreviated(Msg, State) ->
 %%--------------------------------------------------------------------
 certify(#hello_request{}, State0) ->
     {Record, State} = next_record(State0),
-    next_state(hello, Record, State);
+    next_state(certify, hello, Record, State);
 
 certify(#certificate{asn1_certificates = []}, 
 	#state{role = server, negotiated_version = Version,
@@ -489,7 +483,7 @@ certify(#certificate{asn1_certificates = []},
 					  fail_if_no_peer_cert = true}} = 
 	State) ->
     Alert =  ?ALERT_REC(?FATAL,?HANDSHAKE_FAILURE),
-    handle_own_alert(Alert, Version, certify_certificate, State),
+    handle_own_alert(Alert, Version, certify, State),
     {stop, normal, State};
 
 certify(#certificate{asn1_certificates = []}, 
@@ -498,7 +492,7 @@ certify(#certificate{asn1_certificates = []},
 					  fail_if_no_peer_cert = false}} = 
 	State0) ->
     {Record, State} = next_record(State0#state{client_certificate_requested = false}),
-    next_state(certify, Record, State);
+    next_state(certify, certify, Record, State);
 
 certify(#certificate{} = Cert, 
         #state{negotiated_version = Version,
@@ -513,7 +507,7 @@ certify(#certificate{} = Cert,
 	    handle_peer_cert(PeerCert, PublicKeyInfo, 
 			     State#state{client_certificate_requested = false});
 	#alert{} = Alert ->
-            handle_own_alert(Alert, Version, certify_certificate, State),
+            handle_own_alert(Alert, Version, certify, State),
             {stop, normal, State}
     end;
 
@@ -524,10 +518,9 @@ certify(#server_key_exchange{} = KeyExchangeMsg,
     case handle_server_key(KeyExchangeMsg, State0) of
 	#state{} = State1 ->
 	    {Record, State} = next_record(State1),
-	    next_state(certify, Record, State);
+	    next_state(certify, certify, Record, State);
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, certify_server_keyexchange, 
-			     State0),
+	    handle_own_alert(Alert, Version, certify, State0),
 	    {stop, normal, State0}
     end;
 
@@ -537,7 +530,7 @@ certify(#server_key_exchange{} = Msg,
 
 certify(#certificate_request{}, State0) ->
     {Record, State} = next_record(State0#state{client_certificate_requested = true}),
-    next_state(certify, Record, State);
+    next_state(certify, certify, Record, State);
 
 %% Master secret was determined with help of server-key exchange msg
 certify(#server_hello_done{},
@@ -552,8 +545,7 @@ certify(#server_hello_done{},
 	    State = State0#state{connection_states = ConnectionStates1},
 	    client_certify_and_key_exchange(State);
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, 
-			     certify_server_hello_done, State0),
+	    handle_own_alert(Alert, Version, certify, State0),
 	    {stop, normal, State0} 
     end;
 
@@ -572,8 +564,7 @@ certify(#server_hello_done{},
 				  session = Session},
 	    client_certify_and_key_exchange(State);
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, 
-			     certify_server_hello_done, State0),
+	    handle_own_alert(Alert, Version, certify, State0),
 	    {stop, normal, State0} 
     end;
 
@@ -590,7 +581,7 @@ certify(#client_key_exchange{exchange_keys = Keys},
 	certify_client_key_exchange(ssl_handshake:decode_client_key(Keys, KeyAlg, Version), State)
     catch 
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, certify_client_key_exchange, State),
+	    handle_own_alert(Alert, Version, certify, State),
 	    {stop, normal, State}
     end;
 
@@ -613,10 +604,9 @@ certify_client_key_exchange(#encrypted_premaster_secret{premaster_secret= EncPMS
 	    State1 = State0#state{connection_states = ConnectionStates,
 				  session = Session},
 	    {Record, State} = next_record(State1),
-	    next_state(cipher, Record, State);
+	    next_state(certify, cipher, Record, State);
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version,
-			     certify_client_key_exchange, State0),
+	    handle_own_alert(Alert, Version, certify, State0),
 	    {stop, normal, State0} 
     end;
 
@@ -628,10 +618,9 @@ certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPubl
     case dh_master_secret(crypto:mpint(P), crypto:mpint(G), ClientPublicDhKey, ServerDhPrivateKey, State0) of
 	#state{} = State1 ->
 	    {Record, State} = next_record(State1),
-	    next_state(cipher, Record, State);
+	    next_state(certify, cipher, Record, State);
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, 
-			     certify_client_key_exchange, State0),
+	    handle_own_alert(Alert, Version, certify, State0),
 	    {stop, normal, State0} 
     end.
 
@@ -641,7 +630,7 @@ certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPubl
 %%--------------------------------------------------------------------
 cipher(#hello_request{}, State0) ->
     {Record, State} = next_record(State0),
-    next_state(hello, Record, State);
+    next_state(cipher, hello, Record, State);
 
 cipher(#certificate_verify{signature = Signature}, 
        #state{role = server, 
@@ -654,7 +643,7 @@ cipher(#certificate_verify{signature = Signature},
 					  Version, MasterSecret, Hashes) of
 	valid ->
 	    {Record, State} = next_record(State0),
-	    next_state(cipher, Record, State);
+	    next_state(cipher, cipher, Record, State);
 	#alert{} = Alert ->
 	    handle_own_alert(Alert, Version, cipher, State0), 
 	    {stop, normal, State0}
@@ -707,11 +696,13 @@ connection(#hello_request{}, #state{host = Host, port = Port,
     {Record, State} = next_record(State0#state{connection_states =  
 					       ConnectionStates1,
 					       tls_handshake_hashes = Hashes1}),
-    next_state(hello, Record, State);
+    next_state(connection, hello, Record, State);
 connection(#client_hello{} = Hello, #state{role = server, allow_renegotiate = true} = State) ->
-    %% Mitigate Computational DoS attack http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html
-    %% http://www.thc.org/thc-ssl-dos/ Rather than disabling client initiated renegotiation
-    %% we will disallow many client initiated renegotiations immediately after each other.
+    %% Mitigate Computational DoS attack
+    %% http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html
+    %% http://www.thc.org/thc-ssl-dos/ Rather than disabling client
+    %% initiated renegotiation we will disallow many client initiated
+    %% renegotiations immediately after each other.
     erlang:send_after(?WAIT_TO_ALLOW_RENEGOTIATION, self(), allow_renegotiate),
     hello(Hello, State#state{allow_renegotiate = false});
 
@@ -723,9 +714,7 @@ connection(#client_hello{}, #state{role = server, allow_renegotiate = false,
     {BinMsg, ConnectionStates} =
 	encode_alert(Alert, Version, ConnectionStates0),
     Transport:send(Socket, BinMsg),
-    {Record, State} = next_record(State0#state{connection_states = 
-     						   ConnectionStates}),
-    next_state(connection, Record, State);
+    next_state_connection(connection, State0#state{connection_states = ConnectionStates});
   
 connection(timeout, State) ->
     {next_state, connection, State, hibernate};
@@ -733,10 +722,6 @@ connection(timeout, State) ->
 connection(Msg, State) ->
     handle_unexpected_message(Msg, connection, State).
 %%--------------------------------------------------------------------
--spec handle_event(term(), state_name(), #state{}) -> term().
-%% As it is not currently used gen_fsm_state_return() makes
-%% dialyzer unhappy!
-%%
 %% Description: Whenever a gen_fsm receives an event sent using
 %% gen_fsm:send_all_state_event/2, this function is called to handle
 %% the event. Not currently used!
@@ -745,47 +730,16 @@ handle_event(_Event, StateName, State) ->
     {next_state, StateName, State, get_timeout(State)}.
 
 %%--------------------------------------------------------------------
--spec handle_sync_event(term(), from(), state_name(), #state{}) -> 
-			       gen_fsm_state_return() |  
-			       {reply, reply(), state_name(), #state{}} |
-			       {reply, reply(), state_name(), #state{}, timeout()} |
-			       {stop, reason(), reply(), #state{}}.
-%%
 %% Description: Whenever a gen_fsm receives an event sent using
 %% gen_fsm:sync_send_all_state_event/2,3, this function is called to handle
 %% the event.
 %%--------------------------------------------------------------------
-handle_sync_event({application_data, Data0}, From, connection, 
-		  #state{socket = Socket,
-			 negotiated_version = Version,
-			 transport_cb = Transport,
-			 connection_states = ConnectionStates0,
-			 send_queue = SendQueue,
-			 socket_options = SockOpts,
-			 ssl_options = #ssl_options{renegotiate_at = RenegotiateAt}} 
-		  = State) ->
+handle_sync_event({application_data, Data}, From, connection, State) ->
     %% We should look into having a worker process to do this to 
     %% parallize send and receive decoding and not block the receiver
     %% if sending is overloading the socket.
     try
-	Data = encode_packet(Data0, SockOpts),
-	case encode_data(Data, Version, ConnectionStates0, RenegotiateAt) of
-	    {Msgs, [], ConnectionStates} ->
-		Result = Transport:send(Socket, Msgs),
-		{reply, Result,
-		 connection, State#state{connection_states = ConnectionStates},
-                 get_timeout(State)};
-	    {Msgs, RestData, ConnectionStates} ->
-		if 
-		    Msgs =/= [] ->
-			Transport:send(Socket, Msgs);
-		    true ->
-			ok
-		end,
-		renegotiate(State#state{connection_states = ConnectionStates,
-					send_queue = queue:in_r({From, RestData}, SendQueue),
-					renegotiation = {true, internal}})
-	end
+	write_application_data(Data, From, State)
     catch throw:Error ->
 	    {reply, Error, connection, State, get_timeout(State)}
     end;
@@ -842,14 +796,12 @@ handle_sync_event({shutdown, How0}, _, StateName,
     end;
     
 handle_sync_event({recv, N}, From, connection = StateName, State0) ->
-    passive_receive(State0#state{bytes_to_read = N, from = From}, StateName);
+    passive_receive(State0#state{bytes_to_read = N, recv_from = From}, StateName);
 
 %% Doing renegotiate wait with handling request until renegotiate is
-%% finished. Will be handled by next_state_connection/2.
+%% finished. Will be handled by next_state_is_connection/2.
 handle_sync_event({recv, N}, From, StateName, State) ->
-    {next_state, StateName,
-     State#state{bytes_to_read = N, from = From,
-                 recv_during_renegotiation = true},
+    {next_state, StateName, State#state{bytes_to_read = N, recv_from = From},
      get_timeout(State)};
 
 handle_sync_event({new_user, User}, _From, StateName, 
@@ -887,7 +839,7 @@ handle_sync_event({set_opts, Opts0}, _From, StateName,
 	Buffer =:= <<>>, Opts1#socket_options.active =:= false ->
             %% Need data, set active once
 	    {Record, State2} = next_record_if_active(State1),
-	    case next_state(StateName, Record, State2) of
+	    case next_state(StateName, StateName, Record, State2) of
 		{next_state, StateName, State, Timeout} ->
 		    {reply, Reply, StateName, State, Timeout};
 		{stop, Reason, State} ->
@@ -897,11 +849,11 @@ handle_sync_event({set_opts, Opts0}, _From, StateName,
             %% Active once already set 
 	    {reply, Reply, StateName, State1, get_timeout(State1)};
 	true ->
-	    case application_data(<<>>, State1) of
+	    case read_application_data(<<>>, State1) of
 		Stop = {stop,_,_} ->
 		    Stop;
 		{Record, State2} ->
-		    case next_state(StateName, Record, State2) of
+		    case next_state(StateName, StateName, Record, State2) of
 			{next_state, StateName, State, Timeout} ->
 			    {reply, Reply, StateName, State, Timeout};
 			{stop, Reason, State} ->
@@ -937,11 +889,6 @@ handle_sync_event(peer_certificate, _, StateName,
     {reply, {ok, Cert}, StateName, State, get_timeout(State)}.
 
 %%--------------------------------------------------------------------
--spec handle_info(msg(),state_name(), #state{}) -> 
-			 {next_state, state_name(), #state{}}|
-			 {next_state, state_name(), #state{}, timeout()} |
-			 {stop, reason(), #state{}}.
-%%
 %% Description: This function is called by a gen_fsm when it receives any
 %% other message than a synchronous or asynchronous event
 %% (or a system message).
@@ -949,22 +896,18 @@ handle_sync_event(peer_certificate, _, StateName,
 
 %% raw data from TCP, unpack records
 handle_info({Protocol, _, Data}, StateName,
-            #state{data_tag = Protocol,
-		   negotiated_version = Version} = State0) ->
+            #state{data_tag = Protocol} = State0) ->
     case next_tls_record(Data, State0) of
 	{Record, State} ->
-	    next_state(StateName, Record, State);
+	    next_state(StateName, StateName, Record, State);
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, StateName, State0), 
+	    handle_normal_shutdown(Alert, StateName, State0), 
 	    {stop, normal, State0}
     end;
 
-handle_info({CloseTag, Socket}, _StateName,
+handle_info({CloseTag, Socket}, StateName,
             #state{socket = Socket, close_tag = CloseTag,
-		   negotiated_version = Version,
-		   socket_options = Opts,
-		   user_application = {_Mon,Pid}, from = From, 
-		   role = Role} = State) ->
+		   negotiated_version = Version} = State) ->
     %% Note that as of TLS 1.1,
     %% failure to properly close a connection no longer requires that a
     %% session not be resumed.  This is a change from TLS 1.0 to conform
@@ -979,8 +922,7 @@ handle_info({CloseTag, Socket}, _StateName,
 	    %%invalidate_session(Role, Host, Port, Session)
 	    ok
     end,
-    alert_user(Opts#socket_options.active, Pid, From,
-	       ?ALERT_REC(?WARNING, ?CLOSE_NOTIFY), Role),
+    handle_normal_shutdown(?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), StateName, State),
     {stop, normal, State};
 
 handle_info({ErrorTag, Socket, econnaborted}, StateName,  
@@ -989,12 +931,11 @@ handle_info({ErrorTag, Socket, econnaborted}, StateName,
     alert_user(User, ?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE), Role),
     {stop, normal, State};
 
-handle_info({ErrorTag, Socket, Reason}, _,  
-	    #state{socket = Socket, from = User, 
-		   role = Role, error_tag = ErrorTag} = State)  ->
+handle_info({ErrorTag, Socket, Reason}, StateName, #state{socket = Socket,
+							  error_tag = ErrorTag} = State)  ->
     Report = io_lib:format("SSL: Socket error: ~p ~n", [Reason]),
     error_logger:info_report(Report),
-    alert_user(User,  ?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), Role),
+    handle_normal_shutdown(?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), StateName, State),
     {stop, normal, State};
 
 handle_info({'DOWN', MonitorRef, _, _, _}, _, 
@@ -1010,8 +951,6 @@ handle_info(Msg, StateName, State) ->
     {next_state, StateName, State, get_timeout(State)}.
 
 %%--------------------------------------------------------------------
--spec terminate(reason(), state_name(), #state{}) -> term().
-%%
 %% Description:This function is called by a gen_fsm when it is about
 %% to terminate. It should be the opposite of Module:init/1 and do any
 %% necessary cleaning up. When it returns, the gen_fsm terminates with
@@ -1042,8 +981,6 @@ terminate(Reason, _StateName, #state{transport_cb = Transport,
     Transport:close(Socket).
 
 %%--------------------------------------------------------------------
--spec code_change(term(), state_name(), #state{}, list()) -> {ok, state_name(), #state{}}.
-%%			 
 %% code_change(OldVsn, StateName, State, Extra) -> {ok, StateName, NewState}
 %% Description: Convert process state when code is changed
 %%--------------------------------------------------------------------
@@ -1239,7 +1176,7 @@ handle_peer_cert(PeerCert, PublicKeyInfo,
 			 Session#session{peer_certificate = PeerCert},
 			 public_key_info = PublicKeyInfo},
     {Record, State} = next_record(State1),
-    next_state(certify, Record, State).
+    next_state(certify, certify, Record, State).
 
 certify_client(#state{client_certificate_requested = true, role = client,
                       connection_states = ConnectionStates0,
@@ -1281,8 +1218,7 @@ verify_client_cert(#state{client_certificate_requested = true, role = client,
 	ignore ->
 	    State;
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, certify, State)
-	    
+	    throw(Alert)	    
     end;
 verify_client_cert(#state{client_certificate_requested = false} = State) ->
     State.
@@ -1314,7 +1250,7 @@ do_server_hello(Type, #state{negotiated_version = Version,
 					  ConnectionStates,
 					  tls_handshake_hashes = Hashes},
 		    {Record, State} = next_record(State3),
-		    next_state(abbreviated, Record, State);
+		    next_state(hello, abbreviated, Record, State);
 		#alert{} = Alert ->
 		    handle_own_alert(Alert, Version, hello, State1), 
 		    {stop, normal, State1}
@@ -1334,7 +1270,7 @@ new_server_hello(#server_hello{cipher_suite = CipherSuite,
 				 cipher_suite = CipherSuite,
 				 compression_method = Compression},
 	    {Record, State} = next_record(State2#state{session = Session}),
-	    next_state(certify, Record, State)
+	    next_state(hello, certify, Record, State)
     catch        
         #alert{} = Alert ->  
 	    handle_own_alert(Alert, Version, hello, State0),
@@ -1346,7 +1282,7 @@ handle_new_session(NewId, CipherSuite, Compression, #state{session = Session0} =
 			       cipher_suite = CipherSuite,
 			       compression_method = Compression}, 
     {Record, State} = next_record(State0#state{session = Session}),
-    next_state(certify, Record, State).
+    next_state(hello, certify, Record, State).
 
 handle_resumed_session(SessId, #state{connection_states = ConnectionStates0,
 				      negotiated_version = Version,
@@ -1361,7 +1297,7 @@ handle_resumed_session(SessId, #state{connection_states = ConnectionStates0,
 		next_record(State0#state{
 			      connection_states = ConnectionStates1,
 			      session = Session}),
-	    next_state(abbreviated, Record, State);
+	    next_state(hello, abbreviated, Record, State);
 	#alert{} = Alert ->
 	    handle_own_alert(Alert, Version, hello, State0), 
 	    {stop, normal, State0}
@@ -1378,10 +1314,10 @@ client_certify_and_key_exchange(#state{negotiated_version = Version} =
 				 client_certificate_requested = false,
 				 tls_handshake_hashes = Hashes},
 	    {Record, State} = next_record(State2),
-	    next_state(cipher, Record, State)
+	    next_state(certify, cipher, Record, State)
     catch        
-        #alert{} = Alert ->  
-	    handle_own_alert(Alert, Version, client_certify_and_key_exchange, State0),
+        throw:#alert{} = Alert ->  
+	    handle_own_alert(Alert, Version, certify, State0),
             {stop, normal, State0}
     end.
 
@@ -1692,15 +1628,12 @@ encode_packet(Data, #socket_options{packet=Packet}) ->
     end.
 
 encode_size_packet(Bin, Size, Max) ->
-    Len = byte_size(Bin),
+    Len = erlang:byte_size(Bin),
     case Len > Max of
 	true  -> throw({error, {badarg, {packet_to_large, Len, Max}}});
 	false -> <<Len:Size, Bin/binary>>
     end.
 
-encode_data(Data, Version, ConnectionStates, RenegotiateAt) ->
-    ssl_record:encode_data(Data, Version, ConnectionStates, RenegotiateAt).
-
 decode_alerts(Bin) ->
     decode_alerts(Bin, []).
 
@@ -1714,20 +1647,20 @@ passive_receive(State0 = #state{user_data_buffer = Buffer}, StateName) ->
     case Buffer of
 	<<>> ->
 	    {Record, State} = next_record(State0),
-	    next_state(StateName, Record, State);
+	    next_state(StateName, StateName, Record, State);
 	_ ->
-	    case application_data(<<>>, State0) of
+	    case read_application_data(<<>>, State0) of
 		Stop = {stop, _, _} ->
 		    Stop;
 		{Record, State} ->
-		    next_state(StateName, Record, State)
+		    next_state(StateName, StateName, Record, State)
 	    end
     end.
 
-application_data(Data, #state{user_application = {_Mon, Pid},
+read_application_data(Data, #state{user_application = {_Mon, Pid},
                               socket_options = SOpts,
                               bytes_to_read = BytesToRead,
-                              from = From,
+                              recv_from = From,
                               user_data_buffer = Buffer0} = State0) ->
     Buffer1 = if 
 		  Buffer0 =:= <<>> -> Data;
@@ -1738,7 +1671,7 @@ application_data(Data, #state{user_application = {_Mon, Pid},
 	{ok, ClientData, Buffer} -> % Send data
 	    SocketOpt = deliver_app_data(SOpts, ClientData, Pid, From),
 	    State = State0#state{user_data_buffer = Buffer,
-				 from = undefined,
+				 recv_from = undefined,
 				 bytes_to_read = 0,
 				 socket_options = SocketOpt 
 				},
@@ -1748,7 +1681,7 @@ application_data(Data, #state{user_application = {_Mon, Pid},
 		    %% Active and empty, get more data
 		    next_record_if_active(State);
 	 	true -> %% We have more data
- 		    application_data(<<>>, State)
+ 		    read_application_data(<<>>, State)
 	    end;
 	{more, Buffer} -> % no reply, we need more data
 	    next_record(State0#state{user_data_buffer = Buffer});
@@ -1757,6 +1690,39 @@ application_data(Data, #state{user_application = {_Mon, Pid},
 	    {stop, normal, State0}
     end.
 
+write_application_data(Data0, From, #state{socket = Socket,
+					   negotiated_version = Version,
+					   transport_cb = Transport,
+					   connection_states = ConnectionStates0,
+					   send_queue = SendQueue,
+					   socket_options = SockOpts,
+					   ssl_options = #ssl_options{renegotiate_at = RenegotiateAt}} = State) ->
+    Data = encode_packet(Data0, SockOpts),
+    
+    case time_to_renegotiate(Data, ConnectionStates0, RenegotiateAt) of
+	true ->
+	    renegotiate(State#state{send_queue = queue:in_r({From, Data}, SendQueue),
+				    renegotiation = {true, internal}});
+	false ->
+	    {Msgs, ConnectionStates} = ssl_record:encode_data(Data, Version, ConnectionStates0),
+	    Result = Transport:send(Socket, Msgs),
+	    {reply, Result,
+	     connection, State#state{connection_states = ConnectionStates}, get_timeout(State)}
+    end.
+
+time_to_renegotiate(_Data, #connection_states{current_write = 
+						    #connection_state{sequence_number = Num}}, RenegotiateAt) ->
+    
+    %% We could do test:
+    %% is_time_to_renegotiate((erlang:byte_size(_Data) div ?MAX_PLAIN_TEXT_LENGTH) + 1, RenegotiateAt),
+    %% but we chose to have a some what lower renegotiateAt and a much cheaper test 
+    is_time_to_renegotiate(Num, RenegotiateAt).
+
+is_time_to_renegotiate(N, M) when N < M->
+    false;
+is_time_to_renegotiate(_,_) ->
+    true.
+
 %% Picks ClientData 
 get_data(_, _, <<>>) ->
     {more, <<>>};
@@ -1858,6 +1824,10 @@ header(N, Binary) ->
 
 send_or_reply(false, _Pid, From, Data) when From =/= undefined ->
     gen_fsm:reply(From, Data);
+%% Can happen when handling own alert or tcp error/close and there is
+%% no outstanding gen_fsm sync events
+send_or_reply(false, no_pid, _, _) ->
+    ok;
 send_or_reply(_, Pid, _From, Data) ->
     send_user(Pid, Data).
 
@@ -1882,18 +1852,18 @@ handle_tls_handshake(Handle, StateName, #state{tls_packets = [Packet | Packets]}
 	    Stop
     end.
 
-next_state(_, #alert{} = Alert, #state{negotiated_version = Version} = State) ->
-    handle_own_alert(Alert, Version, decipher_error, State),
+next_state(Current,_, #alert{} = Alert, #state{negotiated_version = Version} = State) ->
+    handle_own_alert(Alert, Version, Current, State),
     {stop, normal, State};
 
-next_state(Next, no_record, State) ->
+next_state(_,Next, no_record, State) ->
     {next_state, Next, State, get_timeout(State)};
 
-next_state(Next, #ssl_tls{type = ?ALERT, fragment = EncAlerts}, State) ->
+next_state(_,Next, #ssl_tls{type = ?ALERT, fragment = EncAlerts}, State) ->
     Alerts = decode_alerts(EncAlerts),
     handle_alerts(Alerts,  {next_state, Next, State, get_timeout(State)});
 
-next_state(StateName, #ssl_tls{type = ?HANDSHAKE, fragment = Data},
+next_state(Current, Next, #ssl_tls{type = ?HANDSHAKE, fragment = Data},
 	   State0 = #state{tls_handshake_buffer = Buf0, negotiated_version = Version}) ->
     Handle = 
    	fun({#hello_request{} = Packet, _}, {next_state, connection = SName, State}) ->
@@ -1919,30 +1889,30 @@ next_state(StateName, #ssl_tls{type = ?HANDSHAKE, fragment = Data},
     try
 	{Packets, Buf} = ssl_handshake:get_tls_handshake(Data,Buf0),
 	State = State0#state{tls_packets = Packets, tls_handshake_buffer = Buf},
-	handle_tls_handshake(Handle, StateName, State)
+	handle_tls_handshake(Handle, Next, State)
     catch throw:#alert{} = Alert ->
-   	    handle_own_alert(Alert, Version, StateName, State0), 
+   	    handle_own_alert(Alert, Version, Current, State0), 
    	    {stop, normal, State0}
     end;
 
-next_state(StateName, #ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, State0) ->
-    case application_data(Data, State0) of
+next_state(_, StateName, #ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, State0) ->
+    case read_application_data(Data, State0) of
 	Stop = {stop,_,_} ->
    	    Stop;
 	{Record, State} ->
-   	    next_state(StateName, Record, State)
+   	    next_state(StateName, StateName, Record, State)
     end;
-next_state(StateName, #ssl_tls{type = ?CHANGE_CIPHER_SPEC, fragment = <<1>>} = 
+next_state(Current, Next, #ssl_tls{type = ?CHANGE_CIPHER_SPEC, fragment = <<1>>} = 
  	   _ChangeCipher, 
  	   #state{connection_states = ConnectionStates0} = State0) ->
     ConnectionStates1 =
  	ssl_record:activate_pending_connection_state(ConnectionStates0, read),
     {Record, State} = next_record(State0#state{connection_states = ConnectionStates1}),
-    next_state(StateName, Record, State);
-next_state(StateName, #ssl_tls{type = _Unknown}, State0) ->
+    next_state(Current, Next, Record, State);
+next_state(Current, Next, #ssl_tls{type = _Unknown}, State0) ->
     %% Ignore unknown type 
     {Record, State} = next_record(State0),
-    next_state(StateName, Record, State).
+    next_state(Current, Next, Record, State).
 
 next_tls_record(Data, #state{tls_record_buffer = Buf0,
 		       tls_cipher_texts = CT0} = State0) ->
@@ -1981,50 +1951,36 @@ next_state_connection(StateName, #state{send_queue = Queue0,
 					negotiated_version = Version,
 					socket = Socket,
 					transport_cb = Transport,
-					connection_states = ConnectionStates0,
-					ssl_options = #ssl_options{renegotiate_at = RenegotiateAt}
+					connection_states = ConnectionStates0
 				       } = State) ->     
-    %% Send queued up data
+    %% Send queued up data that was queued while renegotiating
     case queue:out(Queue0) of
 	{{value, {From, Data}}, Queue} ->
-	    case encode_data(Data, Version, ConnectionStates0, RenegotiateAt) of
-		{Msgs, [], ConnectionStates} ->
-		    Result = Transport:send(Socket, Msgs),
-		    gen_fsm:reply(From, Result),
-		    next_state_connection(StateName,
-					  State#state{connection_states = ConnectionStates,
-						      send_queue = Queue});
-		%% This is unlikely to happen. User configuration of the 
-		%% undocumented test option renegotiation_at can make it more likely.
-		{Msgs, RestData, ConnectionStates} ->
-		    if 
-			Msgs =/= [] -> 
-			    Transport:send(Socket, Msgs);
-			true ->
-			    ok
-		    end,
-		    renegotiate(State#state{connection_states = ConnectionStates,
-					    send_queue = queue:in_r({From, RestData}, Queue),
-					    renegotiation = {true, internal}})
-	    end;
+	    {Msgs, ConnectionStates} = 
+		ssl_record:encode_data(Data, Version, ConnectionStates0),
+	    Result = Transport:send(Socket, Msgs),
+	    gen_fsm:reply(From, Result),
+	    next_state_connection(StateName,
+				  State#state{connection_states = ConnectionStates,
+						      send_queue = Queue});		
 	{empty, Queue0} ->
-	    next_state_is_connection(State)
+	    next_state_is_connection(StateName, State)
     end.
 
 %% In next_state_is_connection/1: clear tls_handshake_hashes,
 %% premaster_secret and public_key_info (only needed during handshake)
 %% to reduce memory foot print of a connection.
-next_state_is_connection(State = 
-		      #state{recv_during_renegotiation = true, socket_options = 
-			     #socket_options{active = false}})  -> 
-    passive_receive(State#state{recv_during_renegotiation = false,
-				premaster_secret = undefined,
+next_state_is_connection(_, State = 
+		      #state{recv_from = From,
+			     socket_options =
+			     #socket_options{active = false}}) when From =/= undefined ->
+    passive_receive(State#state{premaster_secret = undefined,
 				public_key_info = undefined,
 				tls_handshake_hashes = {<<>>, <<>>}}, connection);
 
-next_state_is_connection(State0) ->
+next_state_is_connection(StateName, State0) ->
     {Record, State} = next_record_if_active(State0),
-    next_state(connection, Record, State#state{premaster_secret = undefined,
+    next_state(StateName, connection, Record, State#state{premaster_secret = undefined,
 					       public_key_info = undefined,
 					       tls_handshake_hashes = {<<>>, <<>>}}).
 
@@ -2080,7 +2036,7 @@ initial_state(Role, Host, Port, Socket, {SSLOptions, SocketOptions}, User,
 	   log_alert = true,
 	   session_cache_cb = SessionCacheCb,
 	   renegotiation = {false, first},
-	   recv_during_renegotiation = false,
+	   recv_from = undefined,
 	   send_queue = queue:new()
 	  }.
 
@@ -2193,16 +2149,14 @@ handle_alert(#alert{level = ?FATAL} = Alert, StateName,
     {stop, normal, State};
 
 handle_alert(#alert{level = ?WARNING, description = ?CLOSE_NOTIFY} = Alert, 
-	     StateName, #state{from = From, role = Role,  
-			       user_application = {_Mon, Pid}, socket_options = Opts} = State) -> 
-    alert_user(StateName, Opts, Pid, From, Alert, Role),
+	     StateName, State) -> 
+    handle_normal_shutdown(Alert, StateName, State),
     {stop, normal, State};
 
 handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert, StateName, 
-	     #state{log_alert = Log, renegotiation = {true, internal}, from = From,
-		    role = Role} = State) ->
+	     #state{log_alert = Log, renegotiation = {true, internal}} = State) ->
     log_alert(Log, StateName, Alert),
-    alert_user(From, Alert, Role),
+    handle_normal_shutdown(Alert, StateName, State),
     {stop, normal, State};
 
 handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert, StateName, 
@@ -2210,13 +2164,13 @@ handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert,
     log_alert(Log, StateName, Alert),
     gen_fsm:reply(From, {error, renegotiation_rejected}),
     {Record, State} = next_record(State0),
-    next_state(connection, Record, State);
+    next_state(StateName, connection, Record, State);
 
 handle_alert(#alert{level = ?WARNING, description = ?USER_CANCELED} = Alert, StateName, 
 	     #state{log_alert = Log} = State0) ->
     log_alert(Log, StateName, Alert),
     {Record, State} = next_record(State0),
-    next_state(StateName, Record, State).
+    next_state(StateName, StateName, Record, State).
 
 alert_user(connection, Opts, Pid, From, Alert, Role) ->
     alert_user(Opts#socket_options.active, Pid, From, Alert, Role);
@@ -2248,13 +2202,11 @@ log_alert(true, Info, Alert) ->
 log_alert(false, _, _) ->
     ok.
 
-handle_own_alert(Alert, Version, Info, 
+handle_own_alert(Alert, Version, StateName, 
 		 #state{transport_cb = Transport,
 			socket = Socket,
-			from = User,
-			role = Role,
 			connection_states = ConnectionStates,
-			log_alert = Log}) ->
+			log_alert = Log} = State) ->
     try %% Try to tell the other side
 	{BinMsg, _} =
 	encode_alert(Alert, Version, ConnectionStates),
@@ -2264,12 +2216,20 @@ handle_own_alert(Alert, Version, Info,
 	    ignore
     end,
     try %% Try to tell the local user
-	log_alert(Log, Info, Alert),
-	alert_user(User, Alert, Role)
+	log_alert(Log, StateName, Alert),
+	handle_normal_shutdown(Alert,StateName, State)
     catch _:_ ->
 	    ok
     end.
 
+handle_normal_shutdown(Alert, _, #state{from = User, role = Role, renegotiation = {false, first}}) ->
+    alert_user(User, Alert, Role);
+
+handle_normal_shutdown(Alert, StateName, #state{socket_options = Opts,
+						user_application = {_Mon, Pid},
+						from = User, role = Role}) ->
+    alert_user(StateName, Opts, Pid, User, Alert, Role).
+
 handle_unexpected_message(Msg, Info, #state{negotiated_version = Version} = State) ->
     Alert =  ?ALERT_REC(?FATAL,?UNEXPECTED_MESSAGE),
     handle_own_alert(Alert, Version, {Info, Msg}, State),
@@ -2282,7 +2242,7 @@ make_premaster_secret(_, _) ->
     undefined.
 
 mpint_binary(Binary)  ->
-    Size = byte_size(Binary),
+    Size = erlang:byte_size(Binary),
     <<?UINT32(Size), Binary/binary>>.
 
 
@@ -2319,7 +2279,7 @@ renegotiate(#state{role = server,
     {Record, State} = next_record(State0#state{connection_states = 
 					       ConnectionStates,
 					       tls_handshake_hashes = Hs0}),
-    next_state(hello, Record, State#state{allow_renegotiate = true}).
+    next_state(connection, hello, Record, State#state{allow_renegotiate = true}).
 
 notify_senders(SendQueue) -> 
     lists:foreach(fun({From, _}) ->
diff --git a/lib/ssl/src/ssl_dist_sup.erl b/lib/ssl/src/ssl_dist_sup.erl
index c1912401d7..9d9afb7707 100644
--- a/lib/ssl/src/ssl_dist_sup.erl
+++ b/lib/ssl/src/ssl_dist_sup.erl
@@ -41,7 +41,6 @@ start_link() ->
 %%%=========================================================================
 %%%  Supervisor callback
 %%%=========================================================================
--spec init([]) -> {ok,  {SupFlags :: tuple(),  [ChildSpec :: tuple()]}}.
 
 init([]) ->    
     SessionCertManager = session_and_cert_manager_child_spec(),
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 7eb7f44df6..542033e6ce 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -188,14 +188,14 @@ certify(#certificate{asn1_certificates = ASN1Certs}, CertDbHandle, CertDbRef,
     ValidationFunAndState =
 	case VerifyFunAndState of
 	    undefined ->
-		{fun(OtpCert, ExtensionOrError, SslState) ->
+		{fun(OtpCert, ExtensionOrVerifyResult, SslState) ->
 			 ssl_certificate:validate_extension(OtpCert,
-							    ExtensionOrError, SslState)
+							    ExtensionOrVerifyResult, SslState)
 		 end, Role};
 	    {Fun, UserState0} ->
-		{fun(OtpCert, ExtensionOrError, {SslState, UserState}) ->
+		{fun(OtpCert, {extension, _} = Extension, {SslState, UserState}) ->
 			 case ssl_certificate:validate_extension(OtpCert,
-								 ExtensionOrError,
+								 Extension,
 								 SslState) of
 			     {valid, NewSslState} ->
 				 {valid, {NewSslState, UserState}};
@@ -204,8 +204,11 @@ certify(#certificate{asn1_certificates = ASN1Certs}, CertDbHandle, CertDbRef,
 						SslState);
 			     {unknown, _} ->
 				 apply_user_fun(Fun, OtpCert,
-						ExtensionOrError, UserState, SslState)
-			 end
+						Extension, UserState, SslState)
+			 end;
+		    (OtpCert, VerifyResult, {SslState, UserState}) ->
+			 apply_user_fun(Fun, OtpCert, VerifyResult, UserState,
+					SslState)
 		 end, {Role, UserState0}}
 	end,
 
@@ -447,7 +450,7 @@ server_hello_done() ->
 -spec encode_handshake(tls_handshake(), tls_version()) -> iolist().
 %%     
 %% Description: Encode a handshake packet to binary
-%%--------------------------------------------------------------------
+%%--------------------------------------------------------------------x
 encode_handshake(Package, Version) ->
     {MsgType, Bin} = enc_hs(Package, Version),
     Len = byte_size(Bin),
diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl
index 6a44ef8c3e..6389ff03f5 100644
--- a/lib/ssl/src/ssl_manager.erl
+++ b/lib/ssl/src/ssl_manager.erl
@@ -51,7 +51,7 @@
 	  session_lifetime,
 	  certificate_db,
 	  session_validation_timer,
-	  last_delay_timer %% Keep for testing purposes
+	  last_delay_timer  = {undefined, undefined}%% Keep for testing purposes
 	 }).
 
 -define('24H_in_msec', 8640000).
@@ -427,7 +427,7 @@ delay_time() ->
 	   ?CLEAN_SESSION_DB
     end.
 
-invalidate_session(Cache, CacheCb, Key, Session, State) ->
+invalidate_session(Cache, CacheCb, Key, Session, #state{last_delay_timer = LastTimer} = State) ->
     case CacheCb:lookup(Cache, Key) of
 	undefined -> %% Session is already invalidated
 	    {noreply, State};
@@ -441,5 +441,10 @@ invalidate_session(Cache, CacheCb, Key, Session, State) ->
 	    CacheCb:update(Cache, Key, Session#session{is_resumable = false}),
 	    TRef =
 		erlang:send_after(delay_time(), self(), {delayed_clean_session, Key}),
-	    {noreply, State#state{last_delay_timer = TRef}}
+	    {noreply, State#state{last_delay_timer = last_delay_timer(Key, TRef, LastTimer)}}
     end.
+
+last_delay_timer({{_,_},_}, TRef, {LastServer, _}) ->
+    {LastServer, TRef};
+last_delay_timer({_,_}, TRef, {_, LastClient}) ->
+    {TRef, LastClient}.
diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl
index 72091fdd5f..830026c825 100644
--- a/lib/ssl/src/ssl_record.erl
+++ b/lib/ssl/src/ssl_record.erl
@@ -48,7 +48,7 @@
 
 %% Encoding records
 -export([encode_handshake/3, encode_alert_record/3,
-	 encode_change_cipher_spec/2, encode_data/4]).
+	 encode_change_cipher_spec/2, encode_data/3]).
 
 %% Decoding
 -export([decode_cipher_text/2]).
@@ -503,36 +503,18 @@ decode_cipher_text(CipherText, ConnnectionStates0) ->
 	   Alert
    end.
 %%--------------------------------------------------------------------
--spec encode_data(iolist(), tls_version(), #connection_states{}, integer()) ->
-			 {iolist(), iolist(), #connection_states{}}.
+-spec encode_data(binary(), tls_version(), #connection_states{}) ->
+			 {iolist(), #connection_states{}}.
 %%
 %% Description: Encodes data to send on the ssl-socket.
 %%--------------------------------------------------------------------
-encode_data(Frag, Version, ConnectionStates, RenegotiateAt)
-  when byte_size(Frag) < (?MAX_PLAIN_TEXT_LENGTH - 2048) ->
-    case encode_plain_text(?APPLICATION_DATA,Version,Frag,ConnectionStates, RenegotiateAt) of
-	{renegotiate, Data} ->
-	    {[], Data, ConnectionStates};
-	{Msg, CS} ->
-	    {Msg, [], CS}
-    end;
-
-encode_data(Frag, Version, ConnectionStates, RenegotiateAt) when is_binary(Frag) ->
-    Data = split_bin(Frag, ?MAX_PLAIN_TEXT_LENGTH - 2048),
-    encode_data(Data, Version, ConnectionStates, RenegotiateAt);
-
-encode_data(Data, Version, ConnectionStates0, RenegotiateAt) when is_list(Data) ->
-    {ConnectionStates, EncodedMsg, NotEncdedData} =
-        lists:foldl(fun(B, {CS0, Encoded, Rest}) ->
-			    case encode_plain_text(?APPLICATION_DATA,
-						   Version, B, CS0, RenegotiateAt) of
-				{renegotiate, NotEnc} ->
-				    {CS0, Encoded, [NotEnc | Rest]};
-				{Enc, CS1} ->
-				    {CS1, [Enc | Encoded], Rest}
-			    end
-		    end, {ConnectionStates0, [], []}, Data),
-    {lists:reverse(EncodedMsg), lists:reverse(NotEncdedData), ConnectionStates}.
+encode_data(Frag, Version,
+	    #connection_states{current_write = #connection_state{
+				 security_parameters =
+				     #security_parameters{bulk_cipher_algorithm = BCA}}} =
+		ConnectionStates) ->
+    Data = split_bin(Frag, ?MAX_PLAIN_TEXT_LENGTH, Version, BCA),
+    encode_iolist(?APPLICATION_DATA, Data, Version, ConnectionStates).
 
 %%--------------------------------------------------------------------
 -spec encode_handshake(iolist(), tls_version(), #connection_states{}) ->
@@ -566,6 +548,14 @@ encode_change_cipher_spec(Version, ConnectionStates) ->
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
+encode_iolist(Type, Data, Version, ConnectionStates0) ->
+    {ConnectionStates, EncodedMsg} =
+        lists:foldl(fun(Text, {CS0, Encoded}) ->
+			    {Enc, CS1} = encode_plain_text(Type, Version, Text, CS0),
+			    {CS1, [Enc | Encoded]}
+		    end, {ConnectionStates0, []}, Data),
+    {lists:reverse(EncodedMsg), ConnectionStates}.
+
 highest_protocol_version() ->
     highest_protocol_version(supported_protocol_versions()).
 
@@ -602,29 +592,23 @@ record_protocol_role(client) ->
 record_protocol_role(server) ->
     ?SERVER.
 
-split_bin(Bin, ChunkSize) ->
-    split_bin(Bin, ChunkSize, []).
+%% 1/n-1 splitting countermeasure Rizzo/Duong-Beast, RC4 chiphers are not vulnerable to this attack.
+split_bin(<<FirstByte:8, Rest/binary>>, ChunkSize, Version, BCA) when BCA =/= ?RC4 andalso ({3, 1} == Version orelse
+											    {3, 0} == Version) ->
+    do_split_bin(Rest, ChunkSize, [[FirstByte]]);
+split_bin(Bin, ChunkSize, _, _) ->
+    do_split_bin(Bin, ChunkSize, []).
 
-split_bin(<<>>, _, Acc) ->
+do_split_bin(<<>>, _, Acc) ->
     lists:reverse(Acc);
-split_bin(Bin, ChunkSize, Acc) ->
+do_split_bin(Bin, ChunkSize, Acc) ->
     case Bin of
         <<Chunk:ChunkSize/binary, Rest/binary>> ->
-            split_bin(Rest, ChunkSize, [Chunk | Acc]);
+            do_split_bin(Rest, ChunkSize, [Chunk | Acc]);
         _ ->
             lists:reverse(Acc, [Bin])
     end.
 
-encode_plain_text(Type, Version, Data, ConnectionStates, RenegotiateAt) ->
-    #connection_states{current_write = 
-		       #connection_state{sequence_number = Num}} = ConnectionStates,
-    case renegotiate(Num, RenegotiateAt) of
-	false ->
-	    encode_plain_text(Type, Version, Data, ConnectionStates);
-	true ->
-	    {renegotiate, Data}
-    end.
-
 encode_plain_text(Type, Version, Data, ConnectionStates) ->
     #connection_states{current_write=#connection_state{
 			 compression_state=CompS0,
@@ -637,11 +621,6 @@ encode_plain_text(Type, Version, Data, ConnectionStates) ->
     CTBin = encode_tls_cipher_text(Type, Version, CipherText),
     {CTBin, ConnectionStates#connection_states{current_write = CS2}}.
 
-renegotiate(N, M) when N < M->
-    false;
-renegotiate(_,_) ->
-    true.
-
 encode_tls_cipher_text(Type, {MajVer, MinVer}, Fragment) ->
     Length = erlang:iolist_size(Fragment),
     [<<?BYTE(Type), ?BYTE(MajVer), ?BYTE(MinVer), ?UINT16(Length)>>, Fragment].
diff --git a/lib/ssl/src/ssl_record.hrl b/lib/ssl/src/ssl_record.hrl
index 5fb0070b91..282d642138 100644
--- a/lib/ssl/src/ssl_record.hrl
+++ b/lib/ssl/src/ssl_record.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -70,9 +70,10 @@
 -define(MAX_SEQENCE_NUMBER, 18446744073709552000). %% math:pow(2, 64) - 1 = 1.8446744073709552e19
 %% Sequence numbers can not wrap so when max is about to be reached we should renegotiate.
 %% We will renegotiate a little before so that there will be sequence numbers left
-%% for the rehandshake and a little data. 
--define(MARGIN, 100).
--define(DEFAULT_RENEGOTIATE_AT, ?MAX_SEQENCE_NUMBER - ?MARGIN).
+%% for the rehandshake and a little data. Currently we decided to renegotiate a little more
+%% often as we can have a cheaper test to check if it is time to renegotiate. It will still
+%% be fairly seldom. 
+-define(DEFAULT_RENEGOTIATE_AT, 268435456). %% math:pow(2, 28) 
 
 %% ConnectionEnd
 -define(SERVER, 0).
diff --git a/lib/ssl/src/ssl_session_cache.erl b/lib/ssl/src/ssl_session_cache.erl
index 93969f628f..f9bbf905e1 100644
--- a/lib/ssl/src/ssl_session_cache.erl
+++ b/lib/ssl/src/ssl_session_cache.erl
@@ -28,27 +28,19 @@
 -export([init/1, terminate/1, lookup/2, update/3, delete/2, foldl/3, 
 	 select_session/2]). 
 
--type key() :: {{host(), inet:port_number()}, session_id()} |  {inet:port_number(), session_id()}.
-
 %%--------------------------------------------------------------------
--spec init(list()) -> db_handle(). %% Returns reference to the cache (opaque)
-%%
 %% Description: Return table reference. Called by ssl_manager process. 
 %%--------------------------------------------------------------------
 init(_) ->
     ets:new(cache_name(), [set, protected]).
 
 %%--------------------------------------------------------------------
--spec terminate(db_handle()) -> any().
-%%
 %% Description: Handles cache table at termination of ssl manager. 
 %%--------------------------------------------------------------------
 terminate(Cache) ->
     ets:delete(Cache).
 
 %%--------------------------------------------------------------------
--spec lookup(db_handle(), key()) -> #session{} | undefined.
-%%
 %% Description: Looks up a cach entry. Should be callable from any
 %% process.
 %%--------------------------------------------------------------------
@@ -61,8 +53,6 @@ lookup(Cache, Key) ->
     end.
 
 %%--------------------------------------------------------------------
--spec update(db_handle(), key(), #session{}) -> any().
-%%
 %% Description: Caches a new session or updates a already cached one.
 %% Will only be called from the ssl_manager process.
 %%--------------------------------------------------------------------
@@ -70,8 +60,6 @@ update(Cache, Key, Session) ->
     ets:insert(Cache, {Key, Session}).
 
 %%--------------------------------------------------------------------
--spec delete(db_handle(), key()) -> any().
-%%
 %% Description: Delets a cache entry.
 %% Will only be called from the ssl_manager process.
 %%--------------------------------------------------------------------
@@ -79,8 +67,6 @@ delete(Cache, Key) ->
     ets:delete(Cache, Key).
 
 %%--------------------------------------------------------------------
--spec foldl(fun(), term(), db_handle()) -> term().
-%%
 %% Description: Calls Fun(Elem, AccIn) on successive elements of the
 %% cache, starting with AccIn == Acc0. Fun/2 must return a new
 %% accumulator which is passed to the next call. The function returns
@@ -91,8 +77,6 @@ foldl(Fun, Acc0, Cache) ->
     ets:foldl(Fun, Acc0, Cache).
   
 %%--------------------------------------------------------------------
--spec select_session(db_handle(), {host(), inet:port_number()} | inet:port_number()) -> [#session{}].
-%%
 %% Description: Selects a session that could be reused. Should be callable
 %% from any process.
 %%--------------------------------------------------------------------
diff --git a/lib/ssl/src/ssl_session_cache_api.erl b/lib/ssl/src/ssl_session_cache_api.erl
index f8416bf327..f2b22b0f1b 100644
--- a/lib/ssl/src/ssl_session_cache_api.erl
+++ b/lib/ssl/src/ssl_session_cache_api.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -20,18 +20,15 @@
 %%
 
 -module(ssl_session_cache_api).
+-include("ssl_handshake.hrl").
+-include("ssl_internal.hrl").
 
--export([behaviour_info/1]).
+-type key() :: {{host(), inet:port_number()}, session_id()} |  {inet:port_number(), session_id()}.
 
-behaviour_info(callbacks) ->
-    [
-     {init, 1}, 
-     {terminate, 1}, 
-     {lookup, 2}, 
-     {update, 3}, 
-     {delete, 2}, 
-     {foldl, 3},
-     {select_session, 2}
-    ];
-behaviour_info(_) ->
-    undefined.
+-callback init(list()) -> db_handle().
+-callback terminate(db_handle()) -> any().
+-callback lookup(db_handle(), key()) -> #session{} | undefined.
+-callback update(db_handle(), key(), #session{}) -> any().
+-callback delete(db_handle(), key()) -> any().
+-callback foldl(fun(), term(), db_handle()) -> term().
+-callback select_session(db_handle(), {host(), inet:port_number()} | inet:port_number()) -> [#session{}].
diff --git a/lib/ssl/src/ssl_sup.erl b/lib/ssl/src/ssl_sup.erl
index cb10b1362a..59039a6e0a 100644
--- a/lib/ssl/src/ssl_sup.erl
+++ b/lib/ssl/src/ssl_sup.erl
@@ -41,7 +41,6 @@ start_link() ->
 %%%=========================================================================
 %%%  Supervisor callback
 %%%=========================================================================
--spec init([]) -> {ok,  {SupFlags :: tuple(),  [ChildSpec :: tuple()]}}.
 
 init([]) ->    
     %% OLD ssl - moved start to ssl.erl only if old
diff --git a/lib/ssl/src/ssl_tls_dist_proxy.erl b/lib/ssl/src/ssl_tls_dist_proxy.erl
index d63eada571..1c61eb7ccc 100644
--- a/lib/ssl/src/ssl_tls_dist_proxy.erl
+++ b/lib/ssl/src/ssl_tls_dist_proxy.erl
@@ -19,7 +19,7 @@
 -module(ssl_tls_dist_proxy).
 
 
--export([listen/1, accept/1, connect/2, get_remote_id/2]).
+-export([listen/1, accept/1, connect/2, get_tcp_address/1]).
 -export([init/1, start_link/0, handle_call/3, handle_cast/2, handle_info/2, 
 	 terminate/2, code_change/3, ssl_options/2]).
 
@@ -47,9 +47,6 @@ accept(Listen) ->
 connect(Ip, Port) ->
     gen_server:call(?MODULE, {connect, Ip, Port}, infinity).
 
-get_remote_id(Socket, Node) ->
-    gen_server:call(?MODULE, {get_remote_id, {Socket,Node}}, infinity).
-
 %%====================================================================
 %% gen_server callbacks
 %%====================================================================
@@ -65,8 +62,8 @@ handle_call({listen, Name}, _From, State) ->
     case gen_tcp:listen(0, [{active, false}, {packet,?PPRE}]) of
 	{ok, Socket} ->
 	    {ok, World} = gen_tcp:listen(0, [{active, false}, binary, {packet,?PPRE}]),
-	    TcpAddress = get_tcp_address(Socket),
-	    WorldTcpAddress = get_tcp_address(World),
+	    {ok, TcpAddress} = get_tcp_address(Socket),
+	    {ok, WorldTcpAddress} = get_tcp_address(World),
 	    {_,Port} = WorldTcpAddress#net_address.address,
 	    {ok, Creation} = erl_epmd:register_node(Name, Port),
 	    {reply, {ok, {Socket, TcpAddress, Creation}},
@@ -87,17 +84,16 @@ handle_call({connect, Ip, Port}, {From, _}, State) ->
     receive 
 	{Pid, go_ahead, LPort} -> 
 	    Res = {ok, Socket} = try_connect(LPort),
-	    ok = gen_tcp:controlling_process(Socket, From),
-	    flush_old_controller(From, Socket),
-	    {reply, Res, State};
+	    case gen_tcp:controlling_process(Socket, From) of
+		{error, badarg} = Error -> {reply, Error, State};   % From is dead anyway.
+		ok ->
+		    flush_old_controller(From, Socket),
+		    {reply, Res, State}
+        end;
 	{Pid, Error} ->
 	    {reply, Error, State}
     end;
 
-handle_call({get_remote_id, {Socket,_Node}}, _From, State) ->
-    Address = get_tcp_address(Socket),
-    {reply, Address, State};
-
 handle_call(_What, _From, State) ->
     {reply, ok, State}.
 
@@ -117,14 +113,18 @@ code_change(_OldVsn, St, _Extra) ->
 %%% Internal functions
 %%--------------------------------------------------------------------
 get_tcp_address(Socket) ->
-    {ok, Address} = inet:sockname(Socket),
-    {ok, Host} = inet:gethostname(),
-    #net_address{
+    case inet:sockname(Socket) of
+	{ok, Address} ->
+	{ok, Host} = inet:gethostname(),
+	    NetAddress = #net_address{
 		  address = Address,
 		  host = Host,
 		  protocol = proxy,
 		  family = inet
-		}.
+		},
+	    {ok, NetAddress};
+	{error, _} = Error -> Error
+    end.
 
 accept_loop(Proxy, erts = Type, Listen, Extra) ->
     process_flag(priority, max),
@@ -178,8 +178,8 @@ setup_proxy(Ip, Port, Parent) ->
     Opts = get_ssl_options(client),
     case ssl:connect(Ip, Port, [{active, true}, binary, {packet,?PPRE}] ++ Opts) of
 	{ok, World} ->
-	    {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, binary, {packet,?PPRE}]),
-	    #net_address{address={_,LPort}} = get_tcp_address(ErtsL),
+	    {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, {ip, {127,0,0,1}}, binary, {packet,?PPRE}]),
+	    {ok, #net_address{address={_,LPort}}} = get_tcp_address(ErtsL),
 	    Parent ! {self(), go_ahead, LPort},
 	    case gen_tcp:accept(ErtsL) of
 		{ok, Erts} ->
@@ -194,7 +194,7 @@ setup_proxy(Ip, Port, Parent) ->
 
 setup_connection(World, ErtsListen) ->
     process_flag(trap_exit, true),
-    TcpAddress = get_tcp_address(ErtsListen),
+    {ok, TcpAddress} = get_tcp_address(ErtsListen),
     {_Addr,Port} = TcpAddress#net_address.address,
     {ok, Erts} = gen_tcp:connect({127,0,0,1}, Port, [{active, true}, binary, {packet,?PPRE}]),
     ssl:setopts(World, [{active,true}, {packet,?PPRE}]),
@@ -223,7 +223,11 @@ loop_conn_setup(World, Erts) ->
 	    loop_conn_setup(World, Erts);
 	{tcp, Erts, Data} ->
 	    ssl:send(World, Data),
-	    loop_conn_setup(World, Erts)
+	    loop_conn_setup(World, Erts);
+	{tcp_closed, Erts} ->
+	    ssl:close(World);
+	{ssl_closed,  World} ->
+	    gen_tcp:close(Erts)
     end.
 
 loop_conn(World, Erts) ->
diff --git a/lib/ssl/test/erl_make_certs.erl b/lib/ssl/test/erl_make_certs.erl
index 8b01ca3ad4..254aa6d2f9 100644
--- a/lib/ssl/test/erl_make_certs.erl
+++ b/lib/ssl/test/erl_make_certs.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -175,7 +175,7 @@ issuer(true, Opts, SubjectKey) ->
 issuer({Issuer, IssuerKey}, _Opts, _SubjectKey) when is_binary(Issuer) ->
     {issuer_der(Issuer), decode_key(IssuerKey)};
 issuer({File, IssuerKey}, _Opts, _SubjectKey) when is_list(File) ->
-    {ok, [{cert, Cert, _}|_]} = public_key:pem_to_der(File),
+    {ok, [{cert, Cert, _}|_]} = pem_to_der(File),
     {issuer_der(Cert), decode_key(IssuerKey)}.
 
 issuer_der(Issuer) ->
@@ -185,7 +185,7 @@ issuer_der(Issuer) ->
     Subject.
 
 subject(undefined, IsRootCA) ->
-    User = if IsRootCA -> "RootCA"; true -> os:getenv("USER") end,
+    User = if IsRootCA -> "RootCA"; true -> user() end,
     Opts = [{email, User ++ "@erlang.org"},
 	    {name, User},
 	    {city, "Stockholm"},
@@ -196,6 +196,14 @@ subject(undefined, IsRootCA) ->
 subject(Opts, _) ->
     subject(Opts).
 
+user() ->
+    case os:getenv("USER") of
+	false ->
+	    "test_user";
+	User ->
+	    User
+    end.
+
 subject(SubjectOpts) when is_list(SubjectOpts) ->
     Encode = fun(Opt) ->
 		     {Type,Value} = subject_enc(Opt),
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index fc8aafa426..590ecf33ca 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -250,6 +250,8 @@ all() ->
      no_authority_key_identifier, invalid_signature_client,
      invalid_signature_server, cert_expired,
      client_with_cert_cipher_suites_handshake,
+     verify_fun_always_run_client,
+     verify_fun_always_run_server,
      unknown_server_ca_fail, der_input,
      unknown_server_ca_accept_verify_none,
      unknown_server_ca_accept_verify_peer,
@@ -257,7 +259,9 @@ all() ->
      %%different_ca_peer_sign,
      no_reuses_session_server_restart_new_cert,
      no_reuses_session_server_restart_new_cert_file, reuseaddr,
-     hibernate, connect_twice, renegotiate_dos_mitigate
+     hibernate, connect_twice, renegotiate_dos_mitigate_active,
+     renegotiate_dos_mitigate_passive,
+     tcp_error_propagation_in_active_mode, rizzo, no_rizzo_rc4
     ].
 
 groups() -> 
@@ -394,8 +398,8 @@ controlling_process(Config) when is_list(Config) ->
     ClientOpts = ?config(client_opts, Config),
     ServerOpts = ?config(server_opts, Config),
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
-    ClientMsg = "Hello server",
-    ServerMsg = "Hello client",
+    ClientMsg = "Server hello",
+    ServerMsg = "Client hello",
    
     Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
 					{from, self()}, 
@@ -416,11 +420,15 @@ controlling_process(Config) when is_list(Config) ->
 		       [self(), Client, Server]),
     
     receive 
+	{ssl, _, "S"} ->
+	    receive_s_rizzo_duong_beast();
 	{ssl, _, ServerMsg} ->
 	    receive 
 		{ssl, _, ClientMsg} ->
 		    ok
 	    end;
+	{ssl, _, "C"} ->
+	    receive_c_rizzo_duong_beast();
 	{ssl, _, ClientMsg} ->
 	      receive 
 		  {ssl, _, ServerMsg} ->
@@ -441,6 +449,28 @@ controlling_process_result(Socket, Pid, Msg) ->
     ssl:send(Socket, Msg),
     no_result_msg.
 
+receive_s_rizzo_duong_beast() ->
+    receive 
+	{ssl, _, "erver hello"} ->
+	    receive 
+		{ssl, _, "C"} ->
+		    receive
+			{ssl, _, "lient hello"} ->
+			    ok
+		    end
+	    end
+    end.
+receive_c_rizzo_duong_beast() ->
+    receive 
+	{ssl, _, "lient hello"} ->
+	    receive
+		{ssl, _, "S"} ->
+		    receive
+			{ssl, _, "erver hello"} ->
+			    ok
+		    end
+	    end
+    end.
 %%--------------------------------------------------------------------
 controller_dies(doc) -> 
     ["Test that the socket is closed after controlling process dies"];
@@ -1232,6 +1262,11 @@ upgrade_result(Socket) ->
     %% Make sure binary is inherited from tcp socket and that we do
     %% not get the list default!
     receive 
+	{ssl, _, <<"H">>} ->
+	    receive 
+		{ssl, _, <<"ello world">>} ->
+		    ok
+	    end;
 	{ssl, _, <<"Hello world">>}  ->
 	    ok
     end.
@@ -1533,14 +1568,14 @@ eoptions(Config) when is_list(Config) ->
 		{cacertfile, ""}, 
 		{dhfile,'dh.pem' },
 		{ciphers, [{foo, bar, sha, ignore}]},
-		{reuse_session, foo}, 
-		{reuse_sessions, 0}, 
+		{reuse_session, foo},
+		{reuse_sessions, 0},
 		{renegotiate_at, "10"},
-		{debug, 1}, 
+		{debug, 1},
 		{mode, depech},
-		{packet, 8.0}, 
-		{packet_size, "2"}, 
-		{header, a}, 
+		{packet, 8.0},
+		{packet_size, "2"},
+		{header, a},
 		{active, trice},
 		{key, 'key.pem' }],
 
@@ -2314,8 +2349,8 @@ server_verify_client_once_passive(Config) when is_list(Config) ->
 					{options, [{active, false} | ClientOpts]}]),
     
     ssl_test_lib:check_result(Server, ok, Client0, ok),
-    ssl_test_lib:close(Client0),
     Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
+    ssl_test_lib:close(Client0),
     Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
 					{host, Hostname},
 					{from, self()}, 
@@ -2341,7 +2376,7 @@ server_verify_client_once_active(Config) when is_list(Config) ->
     Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
 					{from, self()}, 
 					{mfa, {?MODULE, send_recv_result_active, []}},
-					{options, [{active, once}, {verify, verify_peer},
+					{options, [{active, true}, {verify, verify_peer},
 						   {verify_client_once, true}
 						   | ServerOpts]}]),
     Port  = ssl_test_lib:inet_port(Server),
@@ -2352,8 +2387,8 @@ server_verify_client_once_active(Config) when is_list(Config) ->
 					 {options, [{active, true} | ClientOpts]}]),
     
     ssl_test_lib:check_result(Server, ok, Client0, ok),
-    ssl_test_lib:close(Client0),
     Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
+    ssl_test_lib:close(Client0),
     Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
 					{host, Hostname},
 					{from, self()}, 
@@ -2390,8 +2425,8 @@ server_verify_client_once_active_once(Config) when is_list(Config) ->
 					{options, [{active, once} | ClientOpts]}]),
     
     ssl_test_lib:check_result(Server, ok, Client0, ok),
-    ssl_test_lib:close(Client0),
     Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
+    ssl_test_lib:close(Client0),
     Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
 					 {host, Hostname},
 					 {from, self()},
@@ -2725,17 +2760,28 @@ client_no_wrap_sequence_number(Config) when is_list(Config) ->
 				   {options, ServerOpts}]),
     Port = ssl_test_lib:inet_port(Server),
  
+    Version = ssl_record:highest_protocol_version(ssl_record:supported_protocol_versions()),
+
     Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
 					{host, Hostname},
 					{from, self()}, 
 					{mfa, {ssl_test_lib, 
-					       trigger_renegotiate, [[ErlData, N+2]]}},
+					       trigger_renegotiate, [[ErlData, treashold(N, Version)]]}},
 					{options, [{reuse_sessions, false},
 						   {renegotiate_at, N} | ClientOpts]}]),
     
     ssl_test_lib:check_result(Client, ok), 
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
+
+ %% First two clauses handles 1/n-1 splitting countermeasure Rizzo/Duong-Beast
+treashold(N, {3,0}) ->
+    (N div 2) + 1;
+treashold(N, {3,1}) ->
+    (N div 2) + 1;
+treashold(N, _) ->
+    N + 1.
+    
 %%--------------------------------------------------------------------
 server_no_wrap_sequence_number(doc) -> 
     ["Test that erlang server will renegotiate session when",  
@@ -2989,8 +3035,8 @@ invalid_signature_server(Config) when is_list(Config) ->
 					      {from, self()}, 
 					      {options, [{verify, verify_peer} | ClientOpts]}]),
     
-    ssl_test_lib:check_result(Server, {error, "bad certificate"}, 
-			      Client, {error,"bad certificate"}).
+    tcp_delivery_workaround(Server, {error, "bad certificate"},
+			    Client, {error,"bad certificate"}).
     
 %%--------------------------------------------------------------------
 
@@ -3035,42 +3081,47 @@ invalid_signature_client(Config) when is_list(Config) ->
 tcp_delivery_workaround(Server, ServerMsg, Client, ClientMsg) ->
     receive 
 	{Server, ServerMsg} ->
-	    receive 
-		{Client, ClientMsg} ->
-		    ok;
-		{Client, {error,closed}} ->
-		    test_server:format("client got close"),
-		    ok;
-		Unexpected ->
-		    test_server:fail(Unexpected) 
-	    end;
+	    client_msg(Client, ClientMsg);
 	{Client, ClientMsg} ->
-	    receive 
-		{Server, ServerMsg} ->
-		    ok;
-		Unexpected ->
-		    test_server:fail(Unexpected) 
-	    end;
+	    server_msg(Server, ServerMsg);
        	{Client, {error,closed}} ->
-	    receive 
-		{Server, ServerMsg} ->
-		    ok;
-		Unexpected ->
-		    test_server:fail(Unexpected) 
-	    end;
+	    server_msg(Server, ServerMsg);
 	{Server, {error,closed}} ->
-	    receive 
-		{Client, ClientMsg} ->
-		    ok;
-		{Client, {error,closed}} ->
-		    test_server:format("client got close"),
-		    ok;
-		Unexpected ->
-		    test_server:fail(Unexpected) 
-	    end;
+	    client_msg(Client, ClientMsg);
+	{Client, {error, esslconnect}} ->
+	    server_msg(Server, ServerMsg);
+	{Server, {error, esslaccept}} ->
+	    client_msg(Client, ClientMsg)
+    end.
+
+client_msg(Client, ClientMsg) ->
+    receive
+	{Client, ClientMsg} ->
+	    ok;
+	{Client, {error,closed}} ->
+	    test_server:format("client got close"),
+	    ok;
+	{Client, {error, esslconnect}} ->
+	    test_server:format("client got econnaborted"),
+	    ok;
 	Unexpected ->
 	    test_server:fail(Unexpected)
     end.
+
+server_msg(Server, ServerMsg) ->
+    receive
+	{Server, ServerMsg} ->
+	    ok;
+	{Server, {error,closed}} ->
+	    test_server:format("server got close"),
+	    ok;
+	{Server, {error, esslaccept}} ->
+	    test_server:format("server got econnaborted"),
+	    ok;
+	Unexpected ->
+	    test_server:fail(Unexpected)
+    end.
+
 %%--------------------------------------------------------------------
 cert_expired(doc) -> 
     ["Test server with invalid signature"];
@@ -3168,6 +3219,105 @@ client_with_cert_cipher_suites_handshake(Config) when is_list(Config) ->
     ssl_test_lib:check_result(Server, ok, Client, ok),
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
+
+%%--------------------------------------------------------------------
+verify_fun_always_run_client(doc) ->
+    ["Verify that user verify_fun is always run (for valid and valid_peer not only unknown_extension)"];
+verify_fun_always_run_client(suite) ->
+    [];
+verify_fun_always_run_client(Config) when is_list(Config) ->
+    ClientOpts =  ?config(client_verification_opts, Config),
+    ServerOpts =  ?config(server_verification_opts, Config),
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+    Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
+					      {from, self()},
+					      {mfa, {ssl_test_lib,
+						     no_result, []}},
+					      {options, ServerOpts}]),
+    Port  = ssl_test_lib:inet_port(Server),
+
+    %% If user verify fun is called correctly we fail the connection.
+    %% otherwise we can not tell this case apart form where we miss
+    %% to call users verify fun
+    FunAndState =  {fun(_,{extension, _}, UserState) ->
+			    {unknown, UserState};
+		       (_, valid, [ChainLen]) ->
+			    {valid, [ChainLen + 1]};
+		       (_, valid_peer, [2]) ->
+			    {fail, "verify_fun_was_always_run"};
+		       (_, valid_peer, UserState) ->
+			    {valid, UserState}
+		    end, [0]},
+
+    Client = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port},
+					      {host, Hostname},
+					      {from, self()},
+					      {mfa, {ssl_test_lib,
+						     no_result, []}},
+					      {options,
+					       [{verify, verify_peer},
+						{verify_fun, FunAndState}
+						| ClientOpts]}]),
+    %% Server error may be esslaccept or closed depending on timing
+    %% this is not a bug it is a circumstance of how tcp works!
+    receive
+	{Server, ServerError} ->
+	    test_server:format("Server Error ~p~n", [ServerError])
+    end,
+
+    ssl_test_lib:check_result(Client, {error, esslconnect}).
+
+%%--------------------------------------------------------------------
+verify_fun_always_run_server(doc) ->
+    ["Verify that user verify_fun is always run (for valid and valid_peer not only unknown_extension)"];
+verify_fun_always_run_server(suite) ->
+    [];
+verify_fun_always_run_server(Config) when is_list(Config) ->
+    ClientOpts =  ?config(client_verification_opts, Config),
+    ServerOpts =  ?config(server_verification_opts, Config),
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+    %% If user verify fun is called correctly we fail the connection.
+    %% otherwise we can not tell this case apart form where we miss
+    %% to call users verify fun
+    FunAndState =  {fun(_,{extension, _}, UserState) ->
+			    {unknown, UserState};
+		       (_, valid, [ChainLen]) ->
+			    {valid, [ChainLen + 1]};
+		       (_, valid_peer, [2]) ->
+			    {fail, "verify_fun_was_always_run"};
+		       (_, valid_peer, UserState) ->
+			    {valid, UserState}
+		    end, [0]},
+
+    Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
+					      {from, self()},
+					      {mfa, {ssl_test_lib,
+						     no_result, []}},
+					      {options,
+					       [{verify, verify_peer},
+						{verify_fun, FunAndState} |
+						ServerOpts]}]),
+    Port  = ssl_test_lib:inet_port(Server),
+
+    Client = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port},
+					      {host, Hostname},
+					      {from, self()},
+					      {mfa, {ssl_test_lib,
+						     no_result, []}},
+					      {options,
+					       [{verify, verify_peer}
+						| ClientOpts]}]),
+
+    %% Client error may be esslconnect or closed depending on timing
+    %% this is not a bug it is a circumstance of how tcp works!
+    receive
+	{Client, ClientError} ->
+	    test_server:format("Client Error ~p~n", [ClientError])
+    end,
+
+    ssl_test_lib:check_result(Server, {error, esslaccept}).
+
 %%--------------------------------------------------------------------
 unknown_server_ca_fail(doc) ->
     ["Test that the client fails if the ca is unknown in verify_peer mode"];
@@ -3649,25 +3799,57 @@ connect_twice(Config) when is_list(Config) ->
     ssl_test_lib:close(Client1).
 
 %%--------------------------------------------------------------------
-renegotiate_dos_mitigate(doc) -> 
+renegotiate_dos_mitigate_active(doc) ->
     ["Mitigate DOS computational attack by not allowing client to renegotiate many times in a row",
     "immediately after each other"];
 
-renegotiate_dos_mitigate(suite) -> 
+renegotiate_dos_mitigate_active(suite) ->
     [];
 
-renegotiate_dos_mitigate(Config) when is_list(Config) -> 
-    ServerOpts = ?config(server_opts, Config),  
-    ClientOpts = ?config(client_opts, Config),  
+renegotiate_dos_mitigate_active(Config) when is_list(Config) ->
+    ServerOpts = ?config(server_opts, Config),
+    ClientOpts = ?config(client_opts, Config),
 
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
-    
-    Server = 
-	ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
+
+    Server =
+	ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 				   {from, self()},
 				   {mfa, {?MODULE, send_recv_result_active, []}},
 				   {options, [ServerOpts]}]),
     Port = ssl_test_lib:inet_port(Server),
+
+    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+					{host, Hostname},
+					{from, self()},
+					{mfa, {?MODULE,
+					       renegotiate_immediately, []}},
+					{options, ClientOpts}]),
+
+    ssl_test_lib:check_result(Client, ok, Server, ok),
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close(Client).
+
+%%--------------------------------------------------------------------
+renegotiate_dos_mitigate_passive(doc) ->
+    ["Mitigate DOS computational attack by not allowing client to renegotiate many times in a row",
+    "immediately after each other"];
+
+renegotiate_dos_mitigate_passive(suite) ->
+    [];
+
+renegotiate_dos_mitigate_passive(Config) when is_list(Config) ->
+    ServerOpts = ?config(server_opts, Config),
+    ClientOpts = ?config(client_opts, Config),
+
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+    Server =
+	ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+				   {from, self()},
+				   {mfa, {?MODULE, send_recv_result, []}},
+				   {options, [{active, false} | ServerOpts]}]),
+    Port = ssl_test_lib:inet_port(Server),
  
     Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
 					{host, Hostname},
@@ -3680,8 +3862,103 @@ renegotiate_dos_mitigate(Config) when is_list(Config) ->
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
 
-  
+%%--------------------------------------------------------------------
+tcp_error_propagation_in_active_mode(doc) ->
+    ["Test that process recives {ssl_error, Socket, closed} when tcp error ocurres"];
+tcp_error_propagation_in_active_mode(Config) when is_list(Config) ->
+    ClientOpts = ?config(client_opts, Config),
+    ServerOpts = ?config(server_opts, Config),
+
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+    Server  = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+					  {from, self()},
+					  {mfa, {ssl_test_lib, no_result, []}},
+					  {options, ServerOpts}]),
+    Port = ssl_test_lib:inet_port(Server),
+    {Client, #sslsocket{pid=Pid} = SslSocket} = ssl_test_lib:start_client([return_socket,
+							       {node, ClientNode}, {port, Port},
+							       {host, Hostname},
+							       {from, self()},
+							       {mfa, {?MODULE, receive_msg, []}},
+							       {options, ClientOpts}]),
+
+    {status, _, _, StatusInfo} = sys:get_status(Pid),
+    [_, _,_, _, Prop] = StatusInfo,
+    State = ssl_test_lib:state(Prop),
+    Socket = element(10, State),
+
+    %% Fake tcp error
+    Pid ! {tcp_error, Socket, etimedout},
+
+    ssl_test_lib:check_result(Client, {ssl_closed, SslSocket}).
+%%--------------------------------------------------------------------
+
+rizzo(doc) -> ["Test that there is a 1/n-1-split for non RC4 in 'TLS < 1.1' as it is
+    vunrable to Rizzo/Dungon attack"];
+
+rizzo(Config) when is_list(Config) ->
+    Ciphers  = [X || X ={_,Y,_} <- ssl:cipher_suites(), Y  =/= rc4_128],
+    run_send_recv_rizzo(Ciphers, Config, sslv3,
+			 {?MODULE, send_recv_result_active_rizzo, []}),
+    run_send_recv_rizzo(Ciphers, Config, tlsv1,
+			 {?MODULE, send_recv_result_active_rizzo, []}).
+
+no_rizzo_rc4(doc) -> 
+    ["Test that there is no 1/n-1-split for RC4 as it is not vunrable to Rizzo/Dungon attack"];
+
+no_rizzo_rc4(Config) when is_list(Config) ->
+    Ciphers = [X || X ={_,Y,_} <- ssl:cipher_suites(),Y == rc4_128],
+    run_send_recv_rizzo(Ciphers, Config, sslv3,
+			{?MODULE, send_recv_result_active_no_rizzo, []}),
+    run_send_recv_rizzo(Ciphers, Config, tlsv1,
+			{?MODULE, send_recv_result_active_no_rizzo, []}).
+
+run_send_recv_rizzo(Ciphers, Config, Version, Mfa) ->
+    Result =  lists:map(fun(Cipher) -> 
+				rizzo_test(Cipher, Config, Version, Mfa) end,
+			Ciphers),
+    case lists:flatten(Result) of
+	[] ->
+	    ok;
+	Error ->
+	    test_server:format("Cipher suite errors: ~p~n", [Error]),
+	    test_server:fail(cipher_suite_failed_see_test_case_log) 
+    end.
+
+rizzo_test(Cipher, Config, Version, Mfa) ->
+   {ClientOpts, ServerOpts} = client_server_opts(Cipher, Config),
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
+					{from, self()}, 
+			   {mfa, Mfa},
+			   {options, [{active, true}, {ciphers, [Cipher]},
+				       {versions, [Version]}
+				      | ServerOpts]}]),
+    Port  = ssl_test_lib:inet_port(Server),
+    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
+					{host, Hostname},
+			   {from, self()}, 
+			   {mfa, Mfa},
+			   {options, [{active, true} | ClientOpts]}]),
     
+    Result = ssl_test_lib:check_result(Server, ok, Client, ok),
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close(Client),
+    case Result of
+	ok ->
+	    [];
+	Error ->
+	    [{Cipher, Error}]
+    end.
+
+client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == rsa orelse KeyAlgo == dhe_rsa ->
+    {?config(client_opts, Config),
+     ?config(server_opts, Config)};   
+client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == dss orelse KeyAlgo == dhe_dss ->
+    {?config(client_dsa_opts, Config),
+     ?config(server_dsa_opts, Config)}.
+
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
@@ -3693,6 +3970,28 @@ send_recv_result(Socket) ->
 send_recv_result_active(Socket) ->
     ssl:send(Socket, "Hello world"),
     receive 
+	{ssl, Socket, "H"} ->
+	    receive 
+		{ssl, Socket, "ello world"} ->
+		    ok
+	    end;
+	{ssl, Socket, "Hello world"} ->
+	    ok
+    end.
+
+send_recv_result_active_rizzo(Socket) ->
+    ssl:send(Socket, "Hello world"),
+    receive 
+	{ssl, Socket, "H"} ->
+	    receive 
+		{ssl, Socket, "ello world"} ->
+		    ok
+	    end
+    end.
+
+send_recv_result_active_no_rizzo(Socket) ->
+    ssl:send(Socket, "Hello world"),
+    receive 
 	{ssl, Socket, "Hello world"} ->
 	    ok
     end.
@@ -3700,6 +3999,12 @@ send_recv_result_active(Socket) ->
 send_recv_result_active_once(Socket) ->
     ssl:send(Socket, "Hello world"),
     receive 
+	{ssl, Socket, "H"} ->
+	    ssl:setopts(Socket, [{active, once}]),
+	    receive 
+		{ssl, Socket, "ello world"} ->
+		    ok
+	    end;
 	{ssl, Socket, "Hello world"} ->
 	    ok
     end.
@@ -3720,14 +4025,20 @@ renegotiate(Socket, Data) ->
     end.
 
 renegotiate_reuse_session(Socket, Data) ->
-    %% Make sure session is registerd
+    %% Make sure session is registered
     test_server:sleep(?SLEEP),
     renegotiate(Socket, Data).
 
 renegotiate_immediately(Socket) ->
     receive 
 	{ssl, Socket, "Hello world"} ->
-	    ok
+	    ok;
+	%% Handle 1/n-1 splitting countermeasure Rizzo/Duong-Beast
+	{ssl, Socket, "H"} ->
+	    receive 
+		{ssl, Socket, "ello world"} ->
+		    ok
+	    end
     end,
     ok = ssl:renegotiate(Socket),  
     {error, renegotiation_rejected} = ssl:renegotiate(Socket),
@@ -3910,8 +4221,17 @@ erlang_ssl_receive(Socket, Data) ->
 	{ssl, Socket, Data} ->
 	    io:format("Received ~p~n",[Data]),
 	    ok;
+	{ssl, Socket, Byte} when length(Byte) == 1 ->  %% Handle 1/n-1 splitting countermeasure Rizzo/Duong-Beast
+	    io:format("Received ~p~n",[Byte]),
+	    erlang_ssl_receive(Socket, tl(Data));
 	Other ->
 	    test_server:fail({unexpected_message, Other})
     after ?SLEEP * 3 ->
 	    test_server:fail({did_not_get, Data})
     end.
+
+receive_msg(_) ->
+    receive
+	Msg ->
+	   Msg
+    end.
diff --git a/lib/ssl/test/ssl_dist_SUITE.erl b/lib/ssl/test/ssl_dist_SUITE.erl
index 8fe55ee7a4..06182970e3 100644
--- a/lib/ssl/test/ssl_dist_SUITE.erl
+++ b/lib/ssl/test/ssl_dist_SUITE.erl
@@ -26,7 +26,7 @@
 
 -define(DEFAULT_TIMETRAP_SECS, 240).
 
--define(AWAIT_SLL_NODE_UP_TIMEOUT, 30000).
+-define(AWAIT_SSL_NODE_UP_TIMEOUT, 30000).
 
 -record(node_handle,
 	{connection_handler,
@@ -120,6 +120,12 @@ basic(Config) when is_list(Config) ->
     pang = net_adm:ping(Node1),
     pang = net_adm:ping(Node2),
 
+    %% SSL nodes should not be able to communicate with the test_server node
+    %% either (and ping should return eventually).
+    TestServer = node(),
+    pang = apply_on_ssl_node(NH1, fun () -> net_adm:ping(TestServer) end),
+    pang = apply_on_ssl_node(NH2, fun () -> net_adm:ping(TestServer) end),
+
     %%
     %% Check that we are able to communicate over the erlang
     %% distribution between the ssl nodes.
@@ -380,7 +386,7 @@ mk_node_cmdline(ListenPort, Name, Args) ->
 %%
 
 await_ssl_node_up(Name, LSock) ->
-    case gen_tcp:accept(LSock, ?AWAIT_SLL_NODE_UP_TIMEOUT) of
+    case gen_tcp:accept(LSock, ?AWAIT_SSL_NODE_UP_TIMEOUT) of
 	timeout ->
 	    gen_tcp:close(LSock),
 	    ?t:format("Timeout waiting for ssl node ~s to come up~n",
diff --git a/lib/ssl/test/ssl_packet_SUITE.erl b/lib/ssl/test/ssl_packet_SUITE.erl
index 9d2599b778..4b74f57a60 100644
--- a/lib/ssl/test/ssl_packet_SUITE.erl
+++ b/lib/ssl/test/ssl_packet_SUITE.erl
@@ -158,14 +158,24 @@ all() ->
      packet_asn1_decode, packet_asn1_decode_list,
      packet_tpkt_decode, packet_tpkt_decode_list,
      packet_sunrm_decode, packet_sunrm_decode_list,
-     header_decode_one_byte, header_decode_two_bytes,
-     header_decode_two_bytes_one_sent,
-     header_decode_two_bytes_two_sent].
+     {group, header}
+    ].
 
 groups() -> 
-    [].
+    [{header, [], [ header_decode_one_byte,  
+		    header_decode_two_bytes, 
+		    header_decode_two_bytes_one_sent,
+		    header_decode_two_bytes_two_sent]}].
+
+init_per_group(header, Config) ->
+    case ssl_record:highest_protocol_version(ssl_record:supported_protocol_versions()) of
+	{3, N} when N < 2 ->
+	    {skip, ""};
+	_ ->
+	    Config
+    end;
 
-init_per_group(_GroupName, Config) ->
+init_per_group(_, Config) ->
     Config.
 
 end_per_group(_GroupName, Config) ->
@@ -2626,6 +2636,13 @@ active_once_raw(_, _, 0, _) ->
     ok;
 active_once_raw(Socket, Data, N, Acc) ->
     receive 
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    ssl:setopts(Socket, [{active, once}]),
+	    receive 
+		{ssl, Socket, _} ->
+		    ssl:setopts(Socket, [{active, once}]),
+		    active_once_raw(Socket, Data, N-1, [])
+	    end;
 	{ssl, Socket, Data} ->
 	    ssl:setopts(Socket, [{active, once}]),
 	    active_once_raw(Socket, Data, N-1, []);
@@ -2648,7 +2665,14 @@ active_once_packet(Socket,_, 0) ->
 	    {other, Other, ssl:session_info(Socket), 0}
     end;
 active_once_packet(Socket, Data, N) ->
-    receive 
+    receive 	
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    ssl:setopts(Socket, [{active, once}]),
+	    receive 
+		{ssl, Socket, _} ->
+		    ssl:setopts(Socket, [{active, once}]),
+		    active_once_packet(Socket, Data, N-1)
+	    end;
 	{ssl, Socket, Data} ->
 	    ok
     end,
@@ -2662,6 +2686,11 @@ active_raw(_Socket, _, 0, _) ->
     ok;
 active_raw(Socket, Data, N, Acc) ->
     receive 
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    receive
+		{ssl, Socket, _} ->
+		    active_raw(Socket, Data, N -1)
+	    end;
 	{ssl, Socket, Data} ->
 	    active_raw(Socket, Data, N-1, []);
 	{ssl, Socket, Other} ->
@@ -2682,6 +2711,11 @@ active_packet(Socket, _, 0) ->
     end;
 active_packet(Socket, Data, N) ->
     receive 
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    receive
+		{ssl, Socket, _} ->
+		    active_packet(Socket, Data, N -1)
+		end;
 	{ssl, Socket, Data} ->
 	    active_packet(Socket, Data, N -1);
 	Other ->
diff --git a/lib/ssl/test/ssl_session_cache_SUITE.erl b/lib/ssl/test/ssl_session_cache_SUITE.erl
index 8cdfdec2ce..491aa893c2 100644
--- a/lib/ssl/test/ssl_session_cache_SUITE.erl
+++ b/lib/ssl/test/ssl_session_cache_SUITE.erl
@@ -210,7 +210,7 @@ session_cleanup(Config)when is_list(Config) ->
 
     {status, _, _, StatusInfo} = sys:get_status(whereis(ssl_manager)),
     [_, _,_, _, Prop] = StatusInfo,
-    State = state(Prop),
+    State = ssl_test_lib:state(Prop),
     Cache = element(2, State),
     SessionTimer = element(6, State),
 
@@ -225,9 +225,10 @@ session_cleanup(Config)when is_list(Config) ->
     check_timer(SessionTimer),
     test_server:sleep(?DELAY *2),  %% Delay time + some extra time
 
-    DelayTimer = get_delay_timer(),
+    {ServerDelayTimer, ClientDelayTimer} = get_delay_timers(),
 
-    check_timer(DelayTimer),
+    check_timer(ServerDelayTimer),
+    check_timer(ClientDelayTimer),
 
     test_server:sleep(?SLEEP),  %% Make sure clean has had time to run
 
@@ -238,31 +239,34 @@ session_cleanup(Config)when is_list(Config) ->
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
 
-state([{data,[{"State", State}]} | _]) ->
-    State;
-state([_ | Rest]) ->
-    state(Rest).
-
 check_timer(Timer) ->
     case erlang:read_timer(Timer) of
 	false ->
 	    {status, _, _, _} = sys:get_status(whereis(ssl_manager)),
+	    timer:sleep(?SLEEP),
+	    {status, _, _, _} = sys:get_status(whereis(ssl_manager)),
 	    ok;
 	Int ->
 	    test_server:sleep(Int),
 	    check_timer(Timer)
     end.
 
-get_delay_timer() ->
+get_delay_timers() ->
     {status, _, _, StatusInfo} = sys:get_status(whereis(ssl_manager)),
     [_, _,_, _, Prop] = StatusInfo,
-    State = state(Prop),
+    State = ssl_test_lib:state(Prop),
     case element(7, State) of
-	undefined ->
+	{undefined, undefined} ->
+	    test_server:sleep(?SLEEP),
+	    get_delay_timers();
+	{undefined, _} ->
+	    test_server:sleep(?SLEEP),
+	    get_delay_timers();
+	{_, undefined} ->
 	    test_server:sleep(?SLEEP),
-	    get_delay_timer();
-	DelayTimer ->
-	    DelayTimer
+	    get_delay_timers();
+	DelayTimers ->
+	    DelayTimers
     end.
 %%--------------------------------------------------------------------
 session_cache_process_list(doc) ->
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 46a8112a41..fa8a1826f2 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -662,6 +662,9 @@ cipher_result(Socket, Result) ->
     %% to properly test "cipher state" handling
     ssl:send(Socket, "Hello\n"),
     receive 
+	{ssl, Socket, "H"} ->
+	    ssl:send(Socket, " world\n"),
+	    receive_rizzo_duong_beast();
 	{ssl, Socket, "Hello\n"} ->
 	    ssl:send(Socket, " world\n"),
 	    receive
@@ -687,3 +690,21 @@ public_key(#'PrivateKeyInfo'{privateKeyAlgorithm =
     public_key:der_decode('DSAPrivateKey', iolist_to_binary(Key));
 public_key(Key) ->
     Key.
+receive_rizzo_duong_beast() ->
+    receive 
+	{ssl, _, "ello\n"} ->
+	    receive 
+		{ssl, _, " "} ->
+		    receive
+			{ssl, _, "world\n"} ->
+			    ok
+		    end
+	    end
+    end.
+
+state([{data,[{"State", State}]} | _]) ->
+    State;
+state([{data,[{"StateData", State}]} | _]) ->
+    State;
+state([_ | Rest]) ->
+    state(Rest).
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index f37baeb9de..01fca1f166 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -849,7 +849,9 @@ ssl3_erlang_server_erlang_client_client_cert(Config) when is_list(Config) ->
     Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
 					{from, self()}, 
 					{mfa, {?MODULE, 
-					       erlang_ssl_receive, [Data]}},
+					       erlang_ssl_receive, 
+					       %% Due to 1/n-1 splitting countermeasure Rizzo/Duong-Beast
+					       [Data]}},
 					{options, 
 					 [{verify , verify_peer} 
 					  | ServerOpts]}]),
@@ -858,6 +860,7 @@ ssl3_erlang_server_erlang_client_client_cert(Config) when is_list(Config) ->
     Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
 					{host, Hostname},
 					{from, self()}, 
+					%% Due to 1/n-1 splitting countermeasure Rizzo/Duong-Beast
 					{mfa, {ssl, send, [Data]}},
 					{options, 
 					 [{versions, [sslv3]} | ClientOpts]}]),
@@ -869,6 +872,7 @@ ssl3_erlang_server_erlang_client_client_cert(Config) when is_list(Config) ->
     process_flag(trap_exit, false),
     ok.
 
+
 %%--------------------------------------------------------------------
 
 tls1_erlang_client_openssl_server(doc) ->
@@ -1350,6 +1354,8 @@ erlang_ssl_receive(Socket, Data) ->
 	    %% open_ssl server sometimes hangs waiting in blocking read
 	    ssl:send(Socket, "Got it"), 
 	    ok;
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    erlang_ssl_receive(Socket, tl(Data));
 	{Port, {data,Debug}} when is_port(Port) ->
 	    io:format("openssl ~s~n",[Debug]),
 	    erlang_ssl_receive(Socket,Data);
@@ -1440,8 +1446,8 @@ check_sane_openssl_renegotaite(Config) ->
 
 check_sane_openssl_sslv2(Config) ->
     case os:cmd("openssl version") of
-	"OpenSSL 1.0.0e" ++ _ ->
-	    {skip, "Known option bug"};
+	"OpenSSL 1.0.0" ++ _ ->
+	    {skip, "sslv2 by default turned of in 1.*"};
 	_ ->
 	    Config
     end.
diff --git a/lib/stdlib/doc/src/Makefile b/lib/stdlib/doc/src/Makefile
index 16e0a86e3b..6c92756ae7 100644
--- a/lib/stdlib/doc/src/Makefile
+++ b/lib/stdlib/doc/src/Makefile
@@ -83,7 +83,6 @@ XML_REF3_FILES = \
 	queue.xml \
 	random.xml \
 	re.xml \
-	regexp.xml \
 	sets.xml \
 	shell.xml \
 	shell_default.xml \
diff --git a/lib/stdlib/doc/src/binary.xml b/lib/stdlib/doc/src/binary.xml
index 88ce77e0d0..7ce2defb72 100644
--- a/lib/stdlib/doc/src/binary.xml
+++ b/lib/stdlib/doc/src/binary.xml
@@ -505,7 +505,7 @@
       <type>
         <v>Subject = binary()</v>
         <v>Pos = integer() >= 0</v>
-        <v>Len = integer() >= 0</v>
+        <v>Len = integer()</v>
       </type>
       <desc>
       <p>The same as <c>part(Subject, {Pos, Len})</c>.</p>
diff --git a/lib/stdlib/doc/src/filename.xml b/lib/stdlib/doc/src/filename.xml
index bc3a616d39..9296319b83 100644
--- a/lib/stdlib/doc/src/filename.xml
+++ b/lib/stdlib/doc/src/filename.xml
@@ -295,6 +295,12 @@
         <p>Finds the source filename and compiler options for a module.
           The result can be fed to <c>compile:file/2</c> in order to
           compile the file again.</p>
+
+	<warning><p>We don't recommend using this function. If possible,
+	use <seealso marker="beam_lib">beam_lib(3)</seealso> to extract
+	the abstract code format from the BEAM file and compile that
+	instead.</p></warning>
+
         <p>The <c><anno>Beam</anno></c> argument, which can be a string or an atom,
           specifies either the module name or the path to the source
           code, with or without the <c>".erl"</c> extension. In either
diff --git a/lib/stdlib/doc/src/gb_trees.xml b/lib/stdlib/doc/src/gb_trees.xml
index 65c866efbe..9316d60b1a 100644
--- a/lib/stdlib/doc/src/gb_trees.xml
+++ b/lib/stdlib/doc/src/gb_trees.xml
@@ -132,15 +132,6 @@
       </desc>
     </func>
     <func>
-      <name name="lookup" arity="2"/>
-      <fsummary>Look up a key in a tree</fsummary>
-      <desc>
-        <p>Looks up <c><anno>Key</anno></c> in <c><anno>Tree</anno></c>; returns
-          <c>{value, <anno>Val</anno>}</c>, or <c>none</c> if <c><anno>Key</anno></c> is not
-          present.</p>
-      </desc>
-    </func>
-    <func>
       <name name="insert" arity="3"/>
       <fsummary>Insert a new key and value in a tree</fsummary>
       <desc>
@@ -196,6 +187,15 @@
       </desc>
     </func>
     <func>
+      <name name="lookup" arity="2"/>
+      <fsummary>Look up a key in a tree</fsummary>
+      <desc>
+        <p>Looks up <c><anno>Key</anno></c> in <c><anno>Tree</anno></c>; returns
+          <c>{value, <anno>Val</anno>}</c>, or <c>none</c> if <c><anno>Key</anno></c> is not
+          present.</p>
+      </desc>
+    </func>
+    <func>
       <name name="map" arity="2"/>
       <fsummary>Return largest key and value</fsummary>
          <desc><p>Maps the function F(<anno>K</anno>, <anno>V1</anno>) -> <anno>V2</anno> to all key-value pairs
diff --git a/lib/stdlib/doc/src/gen_event.xml b/lib/stdlib/doc/src/gen_event.xml
index 0f50b37de6..ef81b06500 100644
--- a/lib/stdlib/doc/src/gen_event.xml
+++ b/lib/stdlib/doc/src/gen_event.xml
@@ -210,12 +210,13 @@ gen_event:stop             ----->  Module:terminate/2
           handlers using the same callback module.</p>
         <p><c>Args</c> is an arbitrary term which is passed as the argument
           to <c>Module:init/1</c>.</p>
-        <p>If <c>Module:init/1</c> returns a correct value, the event
-          manager adds the event handler and this function returns
+        <p>If <c>Module:init/1</c> returns a correct value indicating
+          successful completion, the event manager adds the event
+          handler and this function returns
           <c>ok</c>. If <c>Module:init/1</c> fails with <c>Reason</c> or
-          returns an unexpected value <c>Term</c>, the event handler is
+          returns <c>{error,Reason}</c>, the event handler is
           ignored and this function returns <c>{'EXIT',Reason}</c> or
-          <c>Term</c>, respectively.</p>
+          <c>{error,Reason}</c>, respectively.</p>
       </desc>
     </func>
     <func>
@@ -479,12 +480,13 @@ gen_event:stop             ----->  Module:terminate/2
   </section>
   <funcs>
     <func>
-      <name>Module:init(InitArgs) -> {ok,State} | {ok,State,hibernate}</name>
+      <name>Module:init(InitArgs) -> {ok,State} | {ok,State,hibernate} | {error,Reason}</name>
       <fsummary>Initialize an event handler.</fsummary>
       <type>
         <v>InitArgs = Args | {Args,Term}</v>
         <v>&nbsp;Args = Term = term()</v>
         <v>State = term()</v>
+	<v>Reason = term()</v>
       </type>
       <desc>
         <p>Whenever a new event handler is added to an event manager,
@@ -501,8 +503,9 @@ gen_event:stop             ----->  Module:terminate/2
           the argument provided in the function call/return tuple and
           <c>Term</c> is the result of terminating the old event handler,
           see <c>gen_event:swap_handler/3</c>.</p>
-        <p>The function should return <c>{ok,State}</c> or <c>{ok,State, hibernate}</c>
-	  where <c>State</c> is the initial internal state of the event handler.</p>
+        <p>If successful, the function should return <c>{ok,State}</c>
+	  or <c>{ok,State,hibernate}</c> where <c>State</c> is the
+	  initial internal state of the event handler.</p>
 	<p>If <c>{ok,State,hibernate}</c> is returned, the event
 	  manager will go into hibernation (by calling <seealso
 	  marker="proc_lib#hibernate/3">proc_lib:hibernate/3</seealso>),
diff --git a/lib/stdlib/doc/src/gen_server.xml b/lib/stdlib/doc/src/gen_server.xml
index 90b77d5cb6..9edff1b9cf 100644
--- a/lib/stdlib/doc/src/gen_server.xml
+++ b/lib/stdlib/doc/src/gen_server.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1996</year><year>2010</year>
+      <year>1996</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -585,13 +585,14 @@ gen_server:abcast     -----> Module:handle_cast/2
       </desc>
     </func>
     <func>
-      <name>Module:code_change(OldVsn, State, Extra) -> {ok, NewState}</name>
+      <name>Module:code_change(OldVsn, State, Extra) -> {ok, NewState} | {error, Reason}</name>
       <fsummary>Update the internal state during upgrade/downgrade.</fsummary>
       <type>
         <v>OldVsn = Vsn | {down, Vsn}</v>
         <v>&nbsp;&nbsp;Vsn = term()</v>
         <v>State = NewState = term()</v>
         <v>Extra = term()</v>
+	<v>Reason = term()</v>
       </type>
       <desc>
         <p>This function is called by a gen_server when it should
@@ -610,7 +611,10 @@ gen_server:abcast     -----> Module:handle_cast/2
         <p><c>State</c> is the internal state of the gen_server.</p>
         <p><c>Extra</c> is passed as-is from the <c>{advanced,Extra}</c>
           part of the update instruction.</p>
-        <p>The function should return the updated internal state.</p>
+        <p>If successful, the function shall return the updated
+          internal state.</p>
+	<p>If the function returns <c>{error,Reason}</c>, the ongoing
+	  upgrade will fail and roll back to the old release.</p>
       </desc>
     </func>
     <func>
diff --git a/lib/stdlib/doc/src/io.xml b/lib/stdlib/doc/src/io.xml
index 667d758e29..e6d262466c 100644
--- a/lib/stdlib/doc/src/io.xml
+++ b/lib/stdlib/doc/src/io.xml
@@ -70,7 +70,7 @@
       <desc>
         <p>Either <c>standard_io</c>, <c>standard_error</c>, a
           registered name, or a pid handling IO protocols (returned from
-            <seealso marker="file#open/2">file:open/2</seealso>).</p>
+            <seealso marker="kernel:file#open/2">file:open/2</seealso>).</p>
       </desc>
     </datatype>
     <datatype>
diff --git a/lib/stdlib/doc/src/io_protocol.xml b/lib/stdlib/doc/src/io_protocol.xml
index 3e8ab1affc..0ff3d5c1ee 100644
--- a/lib/stdlib/doc/src/io_protocol.xml
+++ b/lib/stdlib/doc/src/io_protocol.xml
@@ -50,10 +50,10 @@ current I/O-protocol.</p>
 and execution time efficiency has triggered extensions to the protocol
 over the years, making the protocol larger and somewhat less easy to
 implement than the original. It can certainly be argumented that the
-current protocol is to complex, but this text describes how it looks
+current protocol is too complex, but this text describes how it looks
 today, not how it should have looked.</p>
 
-<p>The basic ideas from the original protocol still holds. The io_server
+<p>The basic ideas from the original protocol still hold. The io_server
 and client communicate with one single, rather simplistic protocol and
 no server state is ever present in the client. Any io_server can be
 used together with any client code and client code need not be aware
@@ -62,7 +62,7 @@ of the actual device the io_server communicates with.</p>
 <section>
 <title>Protocol basics</title>
 
-<p>As described in Roberts paper, servers and clients communicate using
+<p>As described in Robert's paper, servers and clients communicate using
 io_request/io_reply tuples as follows:</p>
 
 <p><em>{io_request, From, ReplyAs, Request}</em><br/>
@@ -103,7 +103,7 @@ Reply part.</p>
 <em>{put_chars, Encoding, Module, Function, Args}</em>
 </p>
 <list type="bulleted">
-<item>Encoding is either 'latin1' or 'unicode', meaning that the
+<item>Encoding is either 'unicode' or 'latin1', meaning that the
   characters are (in case of binaries) encoded as either UTF-8 or
   iso-latin-1 (pure bytes). A well behaved io_server should also
   return error if list elements contain integers > 255 when the
@@ -116,13 +116,13 @@ Reply part.</p>
   produces. Note that byte-oriented data is simplest sent using latin1
   Encoding</item>
 
-<item>Characters are the data to be put on the device. If encoding is
-  latin1, this is an iolist(). If encoding is unicode, this is an
+<item>Characters are the data to be put on the device. If Encoding is
+  latin1, this is an iolist(). If Encoding is unicode, this is an
   Erlang standard mixed unicode list (one integer in a list per
   character, characters in binaries represented as UTF-8).</item>
 
 <item>Module, Function, Args denotes a function which will be called to
-  produce the data (like io_lib:format), Args is a list of arguments
+  produce the data (like io_lib:format). Args is a list of arguments
   to the function. The function should produce data in the given
   Encoding. The io_server should call the function as apply(Mod, Func,
   Args) and will put the returned data on the device as if it was sent
@@ -164,7 +164,7 @@ latin1, Module, Function, Args} respectively. </p>
 <list type="bulleted">
 <item>Encoding denotes how data is to be sent back to the client and
   what data is sent to the function denoted by
-  Module/Function/Arity. If the function supplied returns data as a
+  Module/Function/ExtraArgs. If the function supplied returns data as a
   list, the data is converted to this encoding. If however the
   function supplied returns data in some other format, no conversion
   can be done and it's up to the client supplied function to return
@@ -179,7 +179,7 @@ latin1, Module, Function, Args} respectively. </p>
 <item>Prompt is a list of characters (not mixed, no binaries) or an atom()
   to be output as a prompt for input on the device. The Prompt is
   often ignored by the io_server and a Prompt set to '' should always
-  be ignored (and result in nothing being written to the device). </item>
+  be ignored (and result in nothing being written to the device).</item>
 
 <item><p>Module, Function, ExtraArgs denotes a function and arguments to
   determine when enough data is written. The function should take two
@@ -550,7 +550,7 @@ request({get_line, Encoding, _Prompt}, State) -&gt;
 </code>
 
 <p>Here we have cheated a little by more or less only implementing
-get_until and using internal helpers to implement get__chars and
+get_until and using internal helpers to implement get_chars and
 get_line. In production code, this might be to inefficient, but that
 of course depends on the frequency of the different requests. Before
 we start actually implementing the functions put_chars/2 and
@@ -618,7 +618,7 @@ encounter an error or the list is exhausted. The last return value is
 sent back to the client (it's first returned to the main loop and then
 sent back by the function io_reply).</p>
 
-<p>The getopt and setopt requests is also simple to handle, we just
+<p>The getopt and setopt requests are also simple to handle, we just
 change or read our state record:</p>
 
 <code>
diff --git a/lib/stdlib/doc/src/ms_transform.xml b/lib/stdlib/doc/src/ms_transform.xml
index f81f8bda96..ad5f8bd5ac 100644
--- a/lib/stdlib/doc/src/ms_transform.xml
+++ b/lib/stdlib/doc/src/ms_transform.xml
@@ -308,7 +308,7 @@ ets:select(emp_tab, ets:fun2ms(
       Erlang code. Also arithmetics is allowed, as well as ordinary guard
       bif's. Here's a list of bif's and expressions:</p>
     <list type="bulleted">
-      <item>The type tests: is_atom, is_constant, is_float, is_integer,
+      <item>The type tests: is_atom, is_float, is_integer,
        is_list, is_number, is_pid, is_port, is_reference, is_tuple,
        is_binary, is_function, is_record</item>
       <item>The boolean operators: not, and, or, andalso, orelse </item>
@@ -318,7 +318,7 @@ ets:select(emp_tab, ets:fun2ms(
       <item>The guard bif's: abs, element, hd, length, node, round, size, tl, 
        trunc, self</item>
       <item>The obsolete type test (only in guards):
-       atom, constant, float, integer,
+       atom, float, integer,
        list, number, pid, port, reference, tuple,
        binary, function, record</item>
     </list>
diff --git a/lib/stdlib/doc/src/notes.xml b/lib/stdlib/doc/src/notes.xml
index d9c220b996..42a26ee44a 100644
--- a/lib/stdlib/doc/src/notes.xml
+++ b/lib/stdlib/doc/src/notes.xml
@@ -30,6 +30,297 @@
   </header>
   <p>This document describes the changes made to the STDLIB application.</p>
 
+<section><title>STDLIB 1.18</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Improved algorithm in module <c>random</c>. Avoid seed
+	    values that are even divisors of the primes and by that
+	    prevent getting sub-seeds that are stuck on zero. Worst
+	    case was random:seed(0,0,0) that produced a series of
+	    only zeros. This is an incompatible change in the sense
+	    that applications that relies on reproducing a specific
+	    series for a given seed will fail. The pseudo random
+	    output is still deterministic but different compared to
+	    earlier versions.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-8713</p>
+        </item>
+        <item>
+	    <p> Calls to <c>global:whereis_name/1</c> have been
+	    substituted for calls to
+	    <c>global:safe_whereis_name/1</c> since the latter is not
+	    safe at all.</p>
+	    <p>The reason for not doing this earlier is that setting
+	    a global lock masked out a bug concerning the restart of
+	    supervised children. The bug has now been fixed by a
+	    modification of <c>global:whereis_name/1</c>. (Thanks to
+	    Ulf Wiger for code contribution.)</p>
+	    <p>A minor race conditions in <c>gen_fsm:start*</c> has
+	    been fixed: if one of these functions returned <c>{error,
+	    Reason}</c> or ignore, the name could still be registered
+	    (either locally or in <c>global</c>. (This is the same
+	    modification as was done for gen_server in OTP-7669.)</p>
+	    <p>The undocumented function
+	    <c>global:safe_whereis_name/1</c> has been removed. </p>
+          <p>
+	    Own Id: OTP-9212 Aux Id: seq7117, OTP-4174 </p>
+        </item>
+        <item>
+          <p>
+	    If a child of a supervisor terminates with reason
+	    {shutdown,Term} it is now handled by the supervisor as if
+	    the reason was 'shutdown'. </p>
+          <p>
+	    For children with restart type 'permanent', this implies
+	    no change. For children with restart type 'transient',
+	    the child will no longer be restarted and no supervisor
+	    report will be written. For children with restart type
+	    'temporary', no supervisor report will be written.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9222</p>
+        </item>
+        <item>
+          <p>
+	    Minor improvement of documentation regarding supervisor
+	    restart strategy for temporary and transient child
+	    processes.</p>
+          <p>
+	    Own Id: OTP-9381</p>
+        </item>
+        <item>
+	    <p>A Dets table with sufficiently large buckets could not
+	    always be repaired. This bug has been fixed. </p> <p>The
+	    format of Dets files has been modified. When downgrading
+	    tables created with the new system will be repaired.
+	    Otherwise the modification should not be noticeable. </p>
+          <p>
+	    Own Id: OTP-9607</p>
+        </item>
+        <item>
+	    <p> A few contracts in the <c>lists</c> module have been
+	    corrected. </p>
+          <p>
+	    Own Id: OTP-9616</p>
+        </item>
+        <item>
+          <p>
+	    Add '-callback' attributes in stdlib's behaviours</p>
+          <p>
+	    Replace the behaviour_info(callbacks) export in stdlib's
+	    behaviours with -callback' attributes for all the
+	    callbacks. Update the documentation with information on
+	    the callback attribute Automatically generate
+	    'behaviour_info' function from '-callback' attributes</p>
+          <p>
+	    'behaviour_info(callbacks)' is a special function that is
+	    defined in a module which describes a behaviour and
+	    returns a list of its callbacks.</p>
+          <p>
+	    This function is now automatically generated using the
+	    '-callback' specs. An error is returned by lint if user
+	    defines both '-callback' attributes and the
+	    behaviour_info/1 function. If no type info is needed for
+	    a callback use a generic spec for it. Add '-callback'
+	    attribute to language syntax</p>
+          <p>
+	    Behaviours may define specs for their callbacks using the
+	    familiar spec syntax, replacing the '-spec' keyword with
+	    '-callback'. Simple lint checks are performed to ensure
+	    that no callbacks are defined twice and all types
+	    referred are declared.</p>
+          <p>
+	    These attributes can be then used by tools to provide
+	    documentation to the behaviour or find discrepancies in
+	    the callback definitions in the callback module.</p>
+          <p>
+	    Add callback specs into 'application' module in kernel
+	    Add callback specs to tftp module following internet
+	    documentation Add callback specs to inets_service module
+	    following possibly deprecated comments</p>
+          <p>
+	    Own Id: OTP-9621</p>
+        </item>
+        <item>
+	    <p> If a Dets table had been properly closed but the
+	    space management data could not been read, it was not
+	    possible to repair the file. This bug has been fixed.
+	    </p>
+          <p>
+	    Own Id: OTP-9622</p>
+        </item>
+        <item>
+          <p>
+	    The Unicode noncharacter code points 16#FFFE and 16#FFFE
+	    were not allowed to be encoded or decoded using the
+	    <c>unicode</c> module or bit syntax. That was
+	    inconsistent with the other noncharacters 16#FDD0 to
+	    16#FDEF that could be encoded/decoded. To resolve the
+	    inconsistency, 16#FFFE and 16#FFFE can now be encoded and
+	    decoded. (Thanks to Alisdair Sullivan.)</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9624</p>
+        </item>
+        <item>
+          <p>
+	    Make epp search directory of current file first when
+	    including another file This completes a partial fix in
+	    R11 that only worked for include_lib(). (Thanks to
+	    Richard Carlsson)</p>
+          <p>
+	    Own Id: OTP-9645</p>
+        </item>
+        <item>
+          <p>
+	    ms_transform: Fix incorrect `variable shadowed' warnings</p>
+          <p>
+	    This patch removes incorrect passing of variable bindings
+	    from one function clause to another. (Thanks to Haitao
+	    Li)</p>
+          <p>
+	    Own Id: OTP-9646</p>
+        </item>
+        <item>
+          <p>
+	    Explicitly kill dynamic children in supervisors</p>
+          <p>
+	    According to the supervisor's documentation: "Important
+	    note on simple-one-for-one supervisors: The dynamically
+	    created child processes of a simple-one-for-one
+	    supervisor are not explicitly killed, regardless of
+	    shutdown strategy, but are expected to terminate when the
+	    supervisor does (that is, when an exit signal from the
+	    parent process is received)."</p>
+          <p>
+	    All is fine as long as we stop simple_one_for_one
+	    supervisor manually. Dynamic children catch the exit
+	    signal from the supervisor and leave. But, if this
+	    happens when we stop an application, after the top
+	    supervisor has stopped, the application master kills all
+	    remaining processes associated to this application. So,
+	    dynamic children that trap exit signals can be killed
+	    during their cleanup (here we mean inside terminate/2).
+	    This is unpredictable and highly time-dependent.</p>
+          <p>
+	    In this commit, supervisor module is patched to
+	    explicitly terminate dynamic children accordingly to the
+	    shutdown strategy.</p>
+          <p>
+	    NOTE: Order in which dynamic children are stopped is not
+	    defined. In fact, this is "almost" done at the same time.</p>
+          <p>
+	    Stack errors when dynamic children are stopped</p>
+          <p>
+	    Because a simple_one_for_one supervisor can have many
+	    workers, we stack errors during its shutdown to report
+	    only one message for each encountered error type. Instead
+	    of reporting the child's pid, we use the number of
+	    concerned children. (Thanks to Christopher Faulet)</p>
+          <p>
+	    Own Id: OTP-9647</p>
+        </item>
+        <item>
+          <p>
+	    Allow an infinite timeout to shutdown worker processes</p>
+          <p>
+	    Now, in child specification, the shutdown value can also
+	    be set to infinity for worker children. This restriction
+	    was removed because this is not always possible to
+	    predict the shutdown time for a worker. This is highly
+	    application-dependent. Add a warning to docs about
+	    workers' shutdown strategy (Thanks to Christopher Faulet)</p>
+          <p>
+	    Own Id: OTP-9648</p>
+        </item>
+        <item>
+          <p>
+	    A badarg would sometimes occur in supervisor when
+	    printing error reports and the child pid was undefined.
+	    This has been corrected.</p>
+          <p>
+	    Own Id: OTP-9669</p>
+        </item>
+        <item>
+          <p>
+	    Fix re:split spec not to accept option 'global'(Thanks to
+	    Shunichi Shinohara)</p>
+          <p>
+	    Own Id: OTP-9691</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p> Fix a few tests that used to fail on the HiPE
+	    platform. </p>
+          <p>
+	    Own Id: OTP-9637</p>
+        </item>
+        <item>
+	    <p>Variables are now now allowed in '<c>fun M:F/A</c>' as
+	    suggested by Richard O'Keefe in EEP-23.</p>
+	    <p>The representation of '<c>fun M:F/A</c>' in the
+	    abstract format has been changed in an incompatible way.
+	    Tools that directly read or manipulate the abstract
+	    format (such as parse transforms) may need to be updated.
+	    The compiler can handle both the new and the old format
+	    (i.e. extracting the abstract format from a pre-R15 BEAM
+	    file and compiling it using compile:forms/1,2 will work).
+	    The <c>syntax_tools</c> application can also handle both
+	    formats.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9643</p>
+        </item>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+        <item>
+          <p>
+	    The deprecated '<c>regexp</c>' module has been removed.
+	    Use the '<c>re</c>' module instead.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9737</p>
+        </item>
+        <item>
+          <p>
+	    <c>filename:find_src/1,2</c> will now work on stripped
+	    BEAM files (reported by Per Hedeland). The HiPE compiler
+	    will also work on stripped BEAM files. The BEAM compiler
+	    will no longer include compilation options given in the
+	    source code itself in <c>M:module_info(compile)</c>
+	    (because those options will be applied anyway if the
+	    module is re-compiled).</p>
+          <p>
+	    Own Id: OTP-9752</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>STDLIB 1.17.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/stdlib/doc/src/re.xml b/lib/stdlib/doc/src/re.xml
index 18867cfb68..6d5336796c 100644
--- a/lib/stdlib/doc/src/re.xml
+++ b/lib/stdlib/doc/src/re.xml
@@ -41,8 +41,7 @@
     strings and binaries.</p>
 
     <p>The regular expression syntax and semantics resemble that of
-    Perl. This library replaces the deprecated pure-Erlang regexp
-    library; it has a richer syntax, more options and is faster.</p>
+    Perl.</p>
 
     <p>The library's matching algorithms are currently based on the
     PCRE library, but not all of the PCRE library is interfaced and
diff --git a/lib/stdlib/doc/src/ref_man.xml b/lib/stdlib/doc/src/ref_man.xml
index 85aae6151d..0f277f6c5e 100644
--- a/lib/stdlib/doc/src/ref_man.xml
+++ b/lib/stdlib/doc/src/ref_man.xml
@@ -4,7 +4,7 @@
 <application xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>1996</year><year>2010</year>
+      <year>1996</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -80,7 +80,6 @@
   <xi:include href="queue.xml"/>
   <xi:include href="random.xml"/>
   <xi:include href="re.xml"/>
-  <xi:include href="regexp.xml"/>
   <xi:include href="sets.xml"/>
   <xi:include href="shell.xml"/>
   <xi:include href="shell_default.xml"/>
diff --git a/lib/stdlib/doc/src/regexp.xml b/lib/stdlib/doc/src/regexp.xml
deleted file mode 100644
index 35d8e1c3f8..0000000000
--- a/lib/stdlib/doc/src/regexp.xml
+++ /dev/null
@@ -1,381 +0,0 @@
-<?xml version="1.0" encoding="latin1" ?>
-<!DOCTYPE erlref SYSTEM "erlref.dtd">
-
-<erlref>
-  <header>
-    <copyright>
-      <year>1996</year><year>2011</year>
-      <holder>Ericsson AB. All Rights Reserved.</holder>
-    </copyright>
-    <legalnotice>
-      The contents of this file are subject to the Erlang Public License,
-      Version 1.1, (the "License"); you may not use this file except in
-      compliance with the License. You should have received a copy of the
-      Erlang Public License along with this software. If not, it can be
-      retrieved online at http://www.erlang.org/.
-    
-      Software distributed under the License is distributed on an "AS IS"
-      basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-      the License for the specific language governing rights and limitations
-      under the License.
-    
-    </legalnotice>
-
-    <title>regexp</title>
-    <prepared>Robert Virding</prepared>
-    <responsible>Bjarne Dacker</responsible>
-    <docno>1</docno>
-    <approved>Bjarne D&auml;cker</approved>
-    <checked></checked>
-    <date>96-09-28</date>
-    <rev>A</rev>
-    <file>regexp.sgml</file>
-  </header>
-  <module>regexp</module>
-  <modulesummary>Regular Expression Functions for Strings</modulesummary>
-  <description>
-    <note><p>This module has been obsoleted by the
-    <seealso marker="re">re</seealso> module and will be removed in a future
-    release.</p></note>
-    <p>This module contains functions for regular expression
-      matching and substitution.</p>
-  </description>
-  <datatypes>
-    <datatype>
-      <name name="errordesc"></name>
-    </datatype>
-    <datatype>
-      <name name="regexp"></name>
-      <desc><p>Internal representation of a regular expression.</p></desc>
-    </datatype>
-  </datatypes>
-  <funcs>
-    <func>
-      <name name="match" arity="2"/>
-      <fsummary>Match a regular expression</fsummary>
-      <desc>
-        <p>Finds the first, longest match of the regular expression <c><anno>RegExp</anno></c> in <c><anno>String</anno></c>. This function searches for the longest possible match and returns the first one found if there are several expressions of the same length. It returns as follows:</p>
-        <taglist>
-          <tag><c>{match,<anno>Start</anno>,<anno>Length</anno>}</c></tag>
-          <item>
-            <p>if the match succeeded. <c><anno>Start</anno></c> is the starting
-              position of the match, and <c><anno>Length</anno></c> is the length of
-              the matching string.</p>
-          </item>
-          <tag><c>nomatch</c></tag>
-          <item>
-            <p>if there were no matching characters.</p>
-          </item>
-          <tag><c>{error,<anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there was an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="first_match" arity="2"/>
-      <fsummary>Match a regular expression</fsummary>
-      <desc>
-        <p>Finds the first match of the regular expression <c><anno>RegExp</anno></c> in <c><anno>String</anno></c>. This call is
-          usually faster than <c>match</c> and it is also a useful way to ascertain that a match exists. It returns as follows:</p>
-        <taglist>
-          <tag><c>{match,<anno>Start</anno>,<anno>Length</anno>}</c></tag>
-          <item>
-            <p>if the match succeeded. <c><anno>Start</anno></c> is the starting
-              position of the match and <c><anno>Length</anno></c> is the length of
-              the matching string.</p>
-          </item>
-          <tag><c>nomatch</c></tag>
-          <item>
-            <p>if there were no matching characters.</p>
-          </item>
-          <tag><c>{error,<anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there was an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="matches" arity="2"/>
-      <fsummary>Match a regular expression</fsummary>
-      <desc>
-        <p>Finds all non-overlapping matches of the
-          expression <c><anno>RegExp</anno></c> in <c><anno>String</anno></c>.
-          It returns as follows:</p>
-        <taglist>
-          <tag><c>{match, <anno>Matches</anno>}</c></tag>
-          <item>
-            <p>if the regular expression was correct.
-              The list will be empty if there was no match. Each element in the list looks like <c>{<anno>Start</anno>, <anno>Length</anno>}</c>, where <c><anno>Start</anno></c> is the starting position of the match, and <c><anno>Length</anno></c> is the length of the matching string.</p>
-          </item>
-          <tag><c>{error,<anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there was an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="sub" arity="3"/>
-      <fsummary>Substitute the first occurrence of a regular expression</fsummary>
-      <desc>
-        <p>Substitutes the first occurrence of a substring matching <c><anno>RegExp</anno></c> in <c><anno>String</anno></c> with the string <c><anno>New</anno></c>. A <c><![CDATA[&]]></c> in the string <c><anno>New</anno></c> is replaced by the matched substring of <c><anno>String</anno></c>.  <c><![CDATA[\&]]></c> puts a literal <c><![CDATA[&]]></c> into the replacement string. It returns as follows:</p>
-        <taglist>
-          <tag><c>{ok,<anno>NewString</anno>,<anno>RepCount</anno>}</c></tag>
-          <item>
-            <p>if <c><anno>RegExp</anno></c> is correct. <c><anno>RepCount</anno></c> is the number of replacements which have been made
-              (this will be either 0 or 1).</p>
-          </item>
-          <tag><c>{error, <anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there is an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="gsub" arity="3"/>
-      <fsummary>Substitute all occurrences of a regular expression</fsummary>
-      <desc>
-        <p>The same as <c>sub</c>, except that all non-overlapping
-          occurrences of a substring matching
-          <c><anno>RegExp</anno></c> in <c><anno>String</anno></c> are replaced by the string <c><anno>New</anno></c>. It returns:</p>
-        <taglist>
-          <tag><c>{ok,<anno>NewString</anno>,<anno>RepCount</anno>}</c></tag>
-          <item>
-            <p>if <c><anno>RegExp</anno></c> is correct. <c><anno>RepCount</anno></c> is the number of replacements which have been made.</p>
-          </item>
-          <tag><c>{error, <anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there is an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="split" arity="2"/>
-      <fsummary>Split a string into fields</fsummary>
-      <desc>
-        <p><c><anno>String</anno></c> is split into fields (sub-strings) by the
-          regular expression <c><anno>RegExp</anno></c>.</p>
-        <p>If the separator expression is <c>" "</c> (a single space),
-          then the fields are separated by blanks and/or tabs and
-          leading and trailing blanks and tabs are discarded. For all
-          other values of the separator, leading and trailing blanks
-          and tabs are not discarded. It returns:</p>
-        <taglist>
-          <tag><c>{ok, <anno>FieldList</anno>}</c></tag>
-          <item>
-            <p>to indicate that the string has been split up into the fields of
-              <c><anno>FieldList</anno></c>.</p>
-          </item>
-          <tag><c>{error, <anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there is an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="sh_to_awk" arity="1"/>
-      <fsummary>Convert an <c>sh</c>regular expression into an <c>AWK</c>one</fsummary>
-      <desc>
-        <p>Converts the <c>sh</c> type regular expression
-          <c><anno>ShRegExp</anno></c> into a full <c>AWK</c> regular
-          expression. Returns the converted regular expression
-          string. <c>sh</c> expressions are used in the shell for
-          matching file names and have the following special
-          characters:</p>
-        <taglist>
-          <tag><c>*</c></tag>
-          <item>
-            <p>matches any string including the null string.</p>
-          </item>
-          <tag><c>?</c></tag>
-          <item>
-            <p>matches any single character.</p>
-          </item>
-          <tag><c>[...]</c></tag>
-          <item>
-            <p>matches any of the enclosed characters. Character
-              ranges are specified by a pair of characters separated
-              by a <c>-</c>. If the first character after <c>[</c> is a
-              <c>!</c>, then any character not enclosed is matched.</p>
-          </item>
-        </taglist>
-        <p>It may sometimes be more practical to use <c>sh</c> type
-          expansions as they are simpler and easier to use, even though they are not as powerful.</p>
-      </desc>
-    </func>
-    <func>
-      <name name="parse" arity="1"/>
-      <fsummary>Parse a regular expression</fsummary>
-      <desc>
-        <p>Parses the regular expression <c><anno>RegExp</anno></c> and builds the
-          internal representation used in the other regular expression
-          functions. Such representations can be used in all of the
-          other functions instead of a regular expression string. This
-          is more efficient when the same regular expression is used
-          in many strings. It returns:</p>
-        <taglist>
-          <tag><c>{ok, <anno>RE</anno>}</c></tag>
-          <item>
-            <p>if <c>RegExp</c> is correct and <c><anno>RE</anno></c> is the internal representation.</p>
-          </item>
-          <tag><c>{error, <anno>Error</anno>}</c></tag>
-          <item>
-            <p>if there is an error in <c><anno>RegExp</anno></c>.</p>
-          </item>
-        </taglist>
-      </desc>
-    </func>
-    <func>
-      <name name="format_error" arity="1"/>
-      <fsummary>Format an error descriptor</fsummary>
-      <desc>
-        <p>Returns a string which describes the error <c><anno>ErrorDescriptor</anno></c>
-          returned when there is an error in a regular expression.</p>
-      </desc>
-    </func>
-  </funcs>
-
-  <section>
-    <title>Regular Expressions</title>
-    <p>The regular expressions allowed here is a subset of the set found
-      in <c>egrep</c> and in the <c>AWK</c> programming language, as
-      defined in the book, <c>The AWK Programming Language, by A. V. Aho, B. W. Kernighan, P. J. Weinberger</c>. They are
-      composed of the following characters:</p>
-    <taglist>
-      <tag>c</tag>
-      <item>
-        <p>matches the non-metacharacter <c>c</c>.</p>
-      </item>
-      <tag>\c</tag>
-      <item>
-        <p>matches the escape sequence or literal character <c>c</c>.</p>
-      </item>
-      <tag>.</tag>
-      <item>
-        <p>matches any character.</p>
-      </item>
-      <tag>^</tag>
-      <item>
-        <p>matches the beginning of a string.</p>
-      </item>
-      <tag>$</tag>
-      <item>
-        <p>matches the end of a string.</p>
-      </item>
-      <tag>[abc...]</tag>
-      <item>
-        <p>character class, which matches any of the characters
-          <c>abc...</c> Character ranges are specified by a pair of
-          characters separated by a <c>-</c>.</p>
-      </item>
-      <tag>[^abc...]</tag>
-      <item>
-        <p>negated character class, which matches any character except
-          <c>abc...</c>.</p>
-      </item>
-      <tag>r1 | r2</tag>
-      <item>
-        <p>alternation. It matches either <c>r1</c> or <c>r2</c>.</p>
-      </item>
-      <tag>r1r2</tag>
-      <item>
-        <p>concatenation. It matches <c>r1</c> and then <c>r2</c>.</p>
-      </item>
-      <tag>r+</tag>
-      <item>
-        <p>matches one or more <c>r</c>s.</p>
-      </item>
-      <tag>r*</tag>
-      <item>
-        <p>matches zero or more <c>r</c>s.</p>
-      </item>
-      <tag>r?</tag>
-      <item>
-        <p>matches zero or one <c>r</c>s.</p>
-      </item>
-      <tag>(r)</tag>
-      <item>
-        <p>grouping. It matches <c>r</c>.</p>
-      </item>
-    </taglist>
-    <p>The escape sequences allowed are the same as for Erlang
-      strings:</p>
-    <taglist>
-      <tag><c>\b</c></tag>
-      <item>
-        <p>backspace</p>
-      </item>
-      <tag><c>\f</c></tag>
-      <item>
-        <p>form feed </p>
-      </item>
-      <tag><c>\n</c></tag>
-      <item>
-        <p>newline (line feed) </p>
-      </item>
-      <tag><c>\r</c></tag>
-      <item>
-        <p>carriage return </p>
-      </item>
-      <tag><c>\t</c></tag>
-      <item>
-        <p>tab </p>
-      </item>
-      <tag><c>\e</c></tag>
-      <item>
-        <p>escape </p>
-      </item>
-      <tag><c>\v</c></tag>
-      <item>
-        <p>vertical tab </p>
-      </item>
-      <tag><c>\s</c></tag>
-      <item>
-        <p>space </p>
-      </item>
-      <tag><c>\d</c></tag>
-      <item>
-        <p>delete </p>
-      </item>
-      <tag><c>\ddd</c></tag>
-      <item>
-        <p>the octal value ddd </p>
-      </item>
-      <tag><c>\xhh</c></tag>
-      <item>
-        <p>The hexadecimal value <c>hh</c>.</p>
-      </item>
-      <tag><c>\x{h...}</c></tag>
-      <item>
-        <p>The hexadecimal value <c>h...</c>.</p>
-      </item>
-      <tag><c>\c</c></tag>
-      <item>
-        <p>any other character literally, for example <c>\\</c> for backslash,
-          <c>\"</c> for ")</p>
-      </item>
-    </taglist>
-    <p>To make these functions easier to use, in combination with the
-      function <c>io:get_line</c> which terminates the input line with
-      a new line, the <c>$</c> characters also matches a string ending
-      with <c>"...\n"</c>. The following examples
-      define Erlang data types:</p>
-    <pre>
-Atoms     [a-z][0-9a-zA-Z_]*
-
-Variables [A-Z_][0-9a-zA-Z_]*
-
-Floats    (\+|-)?[0-9]+\.[0-9]+((E|e)(\+|-)?[0-9]+)?</pre>
-    <p>Regular expressions are written as Erlang strings when used with the functions in this module. This means that any <c>\</c> or <c>"</c> characters in a regular expression
-      string must be written with <c>\</c> as they are also escape characters for the string. For example, the regular expression string for Erlang floats is:
-      <c>"(\\+|-)?[0-9]+\\.[0-9]+((E|e)(\\+|-)?[0-9]+)?"</c>.</p>
-    <p>It is not really necessary to have the escape sequences as part of the regular expression syntax as they can always be generated directly in the string. They are included for completeness and can they can also be useful when generating regular expressions, or when they are entered other than with Erlang strings.</p>
-  </section>
-</erlref>
-
diff --git a/lib/stdlib/doc/src/sofs.xml b/lib/stdlib/doc/src/sofs.xml
index 2e7768a1df..37c41501ae 100644
--- a/lib/stdlib/doc/src/sofs.xml
+++ b/lib/stdlib/doc/src/sofs.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>2001</year><year>2011</year>
+      <year>2001</year><year>2012</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -317,7 +317,7 @@
       but is to be preferred since it makes it possible to handle this
       case even more efficiently. Examples of SetFuns:</p>
     <pre>
-{sofs, union}
+fun sofs:union/1
 fun(S) -> sofs:partition(1, S) end
 {external, fun(A) -> A end}
 {external, fun({A,_,C}) -> {C,A} end}
@@ -711,7 +711,7 @@ fun(S) -> sofs:partition(1, S) end
           argument.</p>
         <pre>
 1> <input>F1 = sofs:from_term([{a,[[1,2],[2,3]]},{b,[[]]}]),</input>
-<input>F2 = sofs:family_projection({sofs, union}, F1),</input>
+<input>F2 = sofs:family_projection(fun sofs:union/1, F1),</input>
 <input>sofs:to_external(F2).</input>
 [{a,[1,2,3]},{b,[]}]</pre>
       </desc>
@@ -821,7 +821,7 @@ fun(S) -> sofs:partition(1, S) end
 <input>sofs:to_external(F2).</input>
 [{a,[1,2,3]},{b,[]}]</pre>
         <p><c>family_union(F)</c> is equivalent to
-          <c>family_projection({sofs,union},&nbsp;F)</c>.</p>
+          <c>family_projection(fun sofs:union/1,&nbsp;F)</c>.</p>
       </desc>
     </func>
     <func>
@@ -1438,7 +1438,7 @@ true</pre>
 1> <input>R1 = sofs:relation([{a,1},{b,2}]),</input>
 <input>R2 = sofs:relation([{x,1},{x,2},{y,3}]),</input>
 <input>S1 = sofs:from_sets([R1,R2]),</input>
-<input>S2 = sofs:specification({sofs,is_a_function}, S1),</input>
+<input>S2 = sofs:specification(fun sofs:is_a_function/1, S1),</input>
 <input>sofs:to_external(S2).</input>
 [[{a,1},{b,2}]]</pre>
       </desc>
diff --git a/lib/stdlib/doc/src/specs.xml b/lib/stdlib/doc/src/specs.xml
index 98338b5ec2..49c60529d2 100644
--- a/lib/stdlib/doc/src/specs.xml
+++ b/lib/stdlib/doc/src/specs.xml
@@ -46,7 +46,6 @@
   <xi:include href="../specs/specs_queue.xml"/>
   <xi:include href="../specs/specs_random.xml"/>
   <xi:include href="../specs/specs_re.xml"/>
-  <xi:include href="../specs/specs_regexp.xml"/>
   <xi:include href="../specs/specs_sets.xml"/>
   <xi:include href="../specs/specs_shell.xml"/>
   <xi:include href="../specs/specs_shell_default.xml"/>
diff --git a/lib/stdlib/doc/src/supervisor.xml b/lib/stdlib/doc/src/supervisor.xml
index 73df7183e6..d1e62230bc 100644
--- a/lib/stdlib/doc/src/supervisor.xml
+++ b/lib/stdlib/doc/src/supervisor.xml
@@ -127,25 +127,18 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
         <p><c>StartFunc</c> defines the function call used to start
           the child process. It should be a module-function-arguments
           tuple <c>{M,F,A}</c> used as <c>apply(M,F,A)</c>.</p>
-        <p>          <br></br>
-</p>
         <p>The start function <em>must create and link to</em> the child
           process, and should return <c>{ok,Child}</c> or
           <c>{ok,Child,Info}</c> where <c>Child</c> is the pid of
           the child process and <c>Info</c> an arbitrary term which is
           ignored by the supervisor.</p>
-        <p>          <br></br>
-</p>
         <p>The start function can also return <c>ignore</c> if the child
           process for some reason cannot be started, in which case
-          the child specification will be kept by the supervisor but
-          the non-existing child process will be ignored.</p>
-        <p>          <br></br>
-</p>
+          the child specification will be kept by the supervisor
+	  (unless it is a temporary child) but the non-existing child
+	  process will be ignored.</p>
         <p>If something goes wrong, the function may also return an
           error tuple <c>{error,Error}</c>.</p>
-        <p>          <br></br>
-</p>
         <p>Note that the <c>start_link</c> functions of the different
           behaviour modules fulfill the above requirements.</p>
       </item>
diff --git a/lib/stdlib/doc/src/unicode_usage.xml b/lib/stdlib/doc/src/unicode_usage.xml
index 0fa7de0a5c..a7e010a05f 100644
--- a/lib/stdlib/doc/src/unicode_usage.xml
+++ b/lib/stdlib/doc/src/unicode_usage.xml
@@ -59,7 +59,7 @@
 <title>Standard Unicode representation in Erlang</title>
 <p>In Erlang, strings are actually lists of integers. A string is defined to be encoded in the ISO-latin-1 (ISO8859-1) character set, which is, codepoint by codepoint, a sub-range of the Unicode character set.</p>
 <p>The standard list encoding for strings is therefore easily extendible to cope with the whole Unicode range: A Unicode string in Erlang is simply a list containing integers, each integer being a valid Unicode codepoint and representing one character in the Unicode character set.</p>
-<p>Regular Erlang strings in ISO-latin-1 are a subset of there Unicode strings.</p>
+<p>Regular Erlang strings in ISO-latin-1 are a subset of their Unicode strings.</p>
 
 <p>Binaries on the other hand are more troublesome. For performance reasons, programs often store textual data in binaries instead of lists, mainly because they are more compact (one byte per character instead of two words per character, as is the case with lists). Using erlang:list_to_binary/1, an regular Erlang string can be converted into a binary, effectively using the ISO-latin-1 encoding in the binary - one byte per character. This is very convenient for those regular Erlang strings, but cannot be done for Unicode lists.</p>
 <p>As the UTF-8 encoding is widely spread and provides the most compact storage, it is selected as the standard encoding of Unicode characters in binaries for Erlang.</p>
diff --git a/lib/stdlib/src/Makefile b/lib/stdlib/src/Makefile
index 600303d7e1..90e239b00f 100644
--- a/lib/stdlib/src/Makefile
+++ b/lib/stdlib/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 1996-2010. All Rights Reserved.
+# Copyright Ericsson AB 1996-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -105,7 +105,6 @@ MODULES= \
 	qlc_pt \
 	queue \
 	random \
-	regexp \
 	sets \
 	shell \
 	shell_default \
diff --git a/lib/stdlib/src/erl_eval.erl b/lib/stdlib/src/erl_eval.erl
index 88a0094d57..95ba6b1096 100644
--- a/lib/stdlib/src/erl_eval.erl
+++ b/lib/stdlib/src/erl_eval.erl
@@ -341,7 +341,7 @@ expr({call,_,{remote,_,Mod,Func},As0}, Bs0, Lf, Ef, RBs) ->
         true ->
             bif(F, As, Bs3, Ef, RBs);
         false ->
-            do_apply({M,F}, As, Bs3, Ef, RBs)
+            do_apply(M, F, As, Bs3, Ef, RBs)
     end;
 expr({call,_,{atom,_,Func},As0}, Bs0, Lf, Ef, RBs) ->
     case erl_internal:bif(Func, length(As0)) of
@@ -499,11 +499,11 @@ local_func2({eval,F,As,Bs}, RBs) -> % This reply is not documented.
 bif(apply, [erlang,apply,As], Bs, Ef, RBs) ->
     bif(apply, As, Bs, Ef, RBs);
 bif(apply, [M,F,As], Bs, Ef, RBs) ->
-    do_apply({M,F}, As, Bs, Ef, RBs);
+    do_apply(M, F, As, Bs, Ef, RBs);
 bif(apply, [F,As], Bs, Ef, RBs) ->
     do_apply(F, As, Bs, Ef, RBs);
 bif(Name, As, Bs, Ef, RBs) ->
-    do_apply({erlang,Name}, As, Bs, Ef, RBs).
+    do_apply(erlang, Name, As, Bs, Ef, RBs).
 
 %% do_apply(MF, Arguments, Bindings, ExternalFuncHandler, RBs) ->
 %%	{value,Value,Bindings} | Value when
@@ -563,6 +563,19 @@ do_apply(Func, As, Bs0, Ef, RBs) ->
             ret_expr(F(Func, As), Bs0, RBs)
     end.
 
+do_apply(Mod, Func, As, Bs0, Ef, RBs) ->
+    case Ef of
+        none when RBs =:= value ->
+            %% Make tail recursive calls when possible.
+            apply(Mod, Func, As);
+        none ->
+            ret_expr(apply(Mod, Func, As), Bs0, RBs);
+        {value,F} when RBs =:= value ->
+            F({Mod,Func}, As);
+        {value,F} ->
+            ret_expr(F({Mod,Func}, As), Bs0, RBs)
+    end.
+
 %% eval_lc(Expr, [Qualifier], Bindings, LocalFunctionHandler, 
 %%         ExternalFuncHandler, RetBindings) ->
 %%	{value,Value,Bindings} | Value
@@ -731,10 +744,10 @@ expr_list([], Vs, _, Bs, _Lf, _Ef) ->
     {reverse(Vs),Bs}.
 
 eval_op(Op, Arg1, Arg2, Bs, Ef, RBs) ->
-    do_apply({erlang,Op}, [Arg1,Arg2], Bs, Ef, RBs).
+    do_apply(erlang, Op, [Arg1,Arg2], Bs, Ef, RBs).
 
 eval_op(Op, Arg, Bs, Ef, RBs) ->
-    do_apply({erlang,Op}, [Arg], Bs, Ef, RBs).
+    do_apply(erlang, Op, [Arg], Bs, Ef, RBs).
 
 %% if_clauses(Clauses, Bindings, LocalFuncHandler, ExtFuncHandler, RBs)
 
@@ -920,8 +933,9 @@ guard0([], _Bs, _Lf, _Ef) -> true.
 
 guard_test({call,L,{atom,Ln,F},As0}, Bs0, Lf, Ef) ->
     TT = type_test(F),
-    guard_test({call,L,{tuple,Ln,[{atom,Ln,erlang},{atom,Ln,TT}]},As0},
-               Bs0, Lf, Ef);
+    G = {call,L,{atom,Ln,TT},As0},
+    try {value,true,_} = expr(G, Bs0, Lf, Ef, none)
+    catch error:_ -> {value,false,Bs0} end;
 guard_test({call,L,{remote,_Lr,{atom,_Lm,erlang},{atom,_Lf,_F}=T},As0}, 
            Bs0, Lf, Ef) ->
     guard_test({call,L,T,As0}, Bs0, Lf, Ef);
@@ -933,7 +947,6 @@ type_test(integer) -> is_integer;
 type_test(float) -> is_float;
 type_test(number) -> is_number;
 type_test(atom) -> is_atom;
-type_test(constant) -> is_constant;
 type_test(list) -> is_list;
 type_test(tuple) -> is_tuple;
 type_test(pid) -> is_pid;
diff --git a/lib/stdlib/src/erl_expand_records.erl b/lib/stdlib/src/erl_expand_records.erl
index 20fd247cea..1c69a131f9 100644
--- a/lib/stdlib/src/erl_expand_records.erl
+++ b/lib/stdlib/src/erl_expand_records.erl
@@ -452,8 +452,10 @@ conj([], _E) ->
 conj([{{Name,_Rp},L,R,Sz} | AL], E) ->
     NL = neg_line(L),
     T1 = {op,NL,'orelse',
-          {call,NL,{atom,NL,is_record},[R,{atom,NL,Name},{integer,NL,Sz}]},
-          {atom,NL,fail}},
+          {call,NL,
+	   {remote,NL,{atom,NL,erlang},{atom,NL,is_record}},
+	   [R,{atom,NL,Name},{integer,NL,Sz}]},
+	  {atom,NL,fail}},
     T2 = case conj(AL, none) of
         empty -> T1;
         C -> {op,NL,'and',C,T1}
@@ -581,7 +583,9 @@ strict_get_record_field(Line, R, {atom,_,F}=Index, Name, St0) ->
             ExpRp = erl_lint:modify_line(ExpR, fun(_L) -> 0 end),
             RA = {{Name,ExpRp},Line,ExpR,length(Fs)+1},
             St2 = St1#exprec{strict_ra = [RA | St1#exprec.strict_ra]},
-            {{call,Line,{atom,Line,element},[I,ExpR]},St2}
+            {{call,Line,
+	      {remote,Line,{atom,Line,erlang},{atom,Line,element}},
+	      [I,ExpR]},St2}
     end.
 
 record_pattern(I, I, Var, Sz, Line, Acc) ->
@@ -593,7 +597,9 @@ record_pattern(_, _, _, _, _, Acc) -> reverse(Acc).
 sloppy_get_record_field(Line, R, Index, Name, St) ->
     Fs = record_fields(Name, St),
     I = index_expr(Line, Index, Name, Fs),
-    expr({call,Line,{atom,Line,element},[I,R]}, St).
+    expr({call,Line,
+	  {remote,Line,{atom,Line,erlang},{atom,Line,element}},
+	  [I,R]}, St).
 
 strict_record_tests([strict_record_tests | _]) -> true;
 strict_record_tests([no_strict_record_tests | _]) -> false;
@@ -710,7 +716,8 @@ record_setel(R, Name, Fs, Us0) ->
     {'case',Lr,R,
      [{clause,Lr,[{tuple,Lr,[{atom,Lr,Name} | Wildcards]}],[],
        [foldr(fun ({I,Lf,Val}, Acc) ->
-                      {call,Lf,{atom,Lf,setelement},[I,Acc,Val]} end,
+                      {call,Lf,{remote,Lf,{atom,Lf,erlang},
+				{atom,Lf,setelement}},[I,Acc,Val]} end,
               R, Us)]},
       {clause,NLr,[{var,NLr,'_'}],[],
        [call_error(NLr, {tuple,NLr,[{atom,NLr,badrecord},{atom,NLr,Name}]})]}]}.
diff --git a/lib/stdlib/src/erl_lint.erl b/lib/stdlib/src/erl_lint.erl
index 5d45260fe9..a1af0057ca 100644
--- a/lib/stdlib/src/erl_lint.erl
+++ b/lib/stdlib/src/erl_lint.erl
@@ -1804,12 +1804,19 @@ guard_test(G, Vt, St0) ->
 %% Specially handle record type test here.
 guard_test2({call,Line,{atom,Lr,record},[E,A]}, Vt, St0) ->
     gexpr({call,Line,{atom,Lr,is_record},[E,A]}, Vt, St0);
-guard_test2({call,_Line,{atom,_La,F},As}=G, Vt, St0) ->
+guard_test2({call,Line,{atom,_La,F},As}=G, Vt, St0) ->
     {Asvt,St1} = gexpr_list(As, Vt, St0),       %Always check this.
     A = length(As),
     case erl_internal:type_test(F, A) of
-        true when F =/= is_record -> {Asvt,St1};
-        _ -> gexpr(G, Vt, St0)
+        true when F =/= is_record, A =/= 2 ->
+	    case no_guard_bif_clash(St1, {F,A}) of
+		false ->
+		    {Asvt,add_error(Line, {illegal_guard_local_call,{F,A}}, St1)};
+		true ->
+		    {Asvt,St1}
+	    end;
+	_ ->
+	    gexpr(G, Vt, St0)
     end;
 guard_test2(G, Vt, St) ->
     %% Everything else is a guard expression.
@@ -1865,9 +1872,15 @@ gexpr({call,Line,{atom,_Lr,is_record},[E,R]}, Vt, St0) ->
 gexpr({call,Line,{remote,_Lr,{atom,_Lm,erlang},{atom,Lf,is_record}},[E,A]},
       Vt, St0) ->
     gexpr({call,Line,{atom,Lf,is_record},[E,A]}, Vt, St0);
-gexpr({call,_Line,{atom,_Lr,is_record},[E,{atom,_,_Name},{integer,_,_}]},
+gexpr({call,Line,{atom,_Lr,is_record},[E0,{atom,_,_Name},{integer,_,_}]},
       Vt, St0) ->
-    gexpr(E, Vt, St0);
+    {E,St1} = gexpr(E0, Vt, St0),
+    case no_guard_bif_clash(St0, {is_record,3}) of
+	true ->
+	    {E,St1};
+	false ->
+	    {E,add_error(Line, {illegal_guard_local_call,{is_record,3}}, St1)}
+    end;
 gexpr({call,Line,{atom,_Lr,is_record},[_,_,_]=Asvt0}, Vt, St0) ->
     {Asvt,St1} = gexpr_list(Asvt0, Vt, St0),
     {Asvt,add_error(Line, illegal_guard_expr, St1)};
@@ -2767,12 +2780,6 @@ default_types() ->
 		{var, 1}],
     dict:from_list([{T, -1} || T <- DefTypes]).
 
-%% R12B-5
-is_newly_introduced_builtin_type({module, 0}) -> true;
-is_newly_introduced_builtin_type({node, 0}) -> true;
-is_newly_introduced_builtin_type({nonempty_string, 0}) -> true;
-is_newly_introduced_builtin_type({term, 0}) -> true;
-is_newly_introduced_builtin_type({timeout, 0}) -> true;
 %% R13
 is_newly_introduced_builtin_type({arity, 0}) -> true;
 is_newly_introduced_builtin_type({array, 0}) -> true; % opaque
@@ -3429,17 +3436,11 @@ obsolete_guard({call,Line,{atom,Lr,F},As}, St0) ->
 	false ->
 	    deprecated_function(Line, erlang, F, As, St0);
 	true ->
-	    St1 = case F of
-		      constant ->
-			  deprecated_function(Lr, erlang, is_constant, As, St0);
-		      _ ->
-			  St0
-		  end,
-	    case is_warn_enabled(obsolete_guard, St1) of
+	    case is_warn_enabled(obsolete_guard, St0) of
 		true ->
-		    add_warning(Lr,{obsolete_guard, {F, Arity}}, St1);
+		    add_warning(Lr,{obsolete_guard, {F, Arity}}, St0);
 		false ->
-		    St1
+		    St0
 	    end
     end;
 obsolete_guard(_G, St) ->
diff --git a/lib/stdlib/src/error_logger_file_h.erl b/lib/stdlib/src/error_logger_file_h.erl
index ee4f0b3a51..08f1873803 100644
--- a/lib/stdlib/src/error_logger_file_h.erl
+++ b/lib/stdlib/src/error_logger_file_h.erl
@@ -104,7 +104,7 @@ code_change(_OldVsn, State, _Extra) ->
 %%% ------------------------------------------------------
 
 tag_event(Event) ->    
-    {erlang:localtime(), Event}.
+    {erlang:universaltime(), Event}.
 
 write_events(Fd, Events) -> write_events1(Fd, lists:reverse(Events)).
 
@@ -169,23 +169,18 @@ write_event(_, _) ->
 
 maybe_utc(Time) ->
     UTC = case application:get_env(sasl, utc_log) of
-              {ok, Val} ->
-                  Val;
+              {ok, Val} -> Val;
               undefined ->
                   %% Backwards compatible:
                   case application:get_env(stdlib, utc_log) of
-                      {ok, Val} ->
-                          Val;
-                      undefined ->
-                          false
+                      {ok, Val} -> Val;
+                      undefined -> false
                   end
           end,
-    if
-        UTC =:= true ->
-            {utc, calendar:local_time_to_universal_time(Time)};
-        true -> 
-            Time
-    end.
+    maybe_utc(Time, UTC).
+
+maybe_utc(Time, true) -> {utc, Time};
+maybe_utc(Time, _) -> {local, calendar:universal_time_to_local_time(Time)}.
 
 format_report(Rep) when is_list(Rep) ->
     case string_p(Rep) of
@@ -238,7 +233,7 @@ write_time(Time) -> write_time(Time, "ERROR REPORT").
 write_time({utc,{{Y,Mo,D},{H,Mi,S}}}, Type) ->
     io_lib:format("~n=~s==== ~p-~s-~p::~s:~s:~s UTC ===~n",
 		  [Type,D,month(Mo),Y,t(H),t(Mi),t(S)]);
-write_time({{Y,Mo,D},{H,Mi,S}}, Type) ->
+write_time({local, {{Y,Mo,D},{H,Mi,S}}}, Type) ->
     io_lib:format("~n=~s==== ~p-~s-~p::~s:~s:~s ===~n",
 		  [Type,D,month(Mo),Y,t(H),t(Mi),t(S)]).
 
diff --git a/lib/stdlib/src/error_logger_tty_h.erl b/lib/stdlib/src/error_logger_tty_h.erl
index fa13fbb2bd..48e069a407 100644
--- a/lib/stdlib/src/error_logger_tty_h.erl
+++ b/lib/stdlib/src/error_logger_tty_h.erl
@@ -97,7 +97,7 @@ set_group_leader() ->
     end.
 
 tag_event(Event) ->    
-    {erlang:localtime(), Event}.
+    {erlang:universaltime(), Event}.
 
 write_events(Events,IOMod) -> write_events1(lists:reverse(Events),IOMod).
 
@@ -162,23 +162,18 @@ write_event({_Time, _Error},_IOMod) ->
 
 maybe_utc(Time) ->
     UTC = case application:get_env(sasl, utc_log) of
-              {ok, Val} ->
-                  Val;
+              {ok, Val} -> Val;
               undefined ->
                   %% Backwards compatible:
                   case application:get_env(stdlib, utc_log) of
-                      {ok, Val} ->
-                          Val;
-                      undefined ->
-                          false
+                      {ok, Val} -> Val;
+                      undefined -> false
                   end
           end,
-    if
-        UTC =:= true ->
-            {utc, calendar:local_time_to_universal_time(Time)};
-        true -> 
-            Time
-    end.
+    maybe_utc(Time, UTC).
+
+maybe_utc(Time, true) -> {utc, Time};
+maybe_utc(Time, _) -> {local, calendar:universal_time_to_local_time(Time)}.
 
 format(IOMod, String)       -> format(IOMod, String, []).
 format(io_lib, String, Args) -> io_lib:format(String, Args);
@@ -234,7 +229,7 @@ write_time(Time) -> write_time(Time, "ERROR REPORT").
 write_time({utc,{{Y,Mo,D},{H,Mi,S}}},Type) ->
     io_lib:format("~n=~s==== ~p-~s-~p::~s:~s:~s UTC ===~n",
 		  [Type,D,month(Mo),Y,t(H),t(Mi),t(S)]);
-write_time({{Y,Mo,D},{H,Mi,S}},Type) ->
+write_time({local, {{Y,Mo,D},{H,Mi,S}}},Type) ->
     io_lib:format("~n=~s==== ~p-~s-~p::~s:~s:~s ===~n",
 		  [Type,D,month(Mo),Y,t(H),t(Mi),t(S)]).
 
diff --git a/lib/stdlib/src/filename.erl b/lib/stdlib/src/filename.erl
index 2fc9128e4e..dbfcbea4f7 100644
--- a/lib/stdlib/src/filename.erl
+++ b/lib/stdlib/src/filename.erl
@@ -836,16 +836,18 @@ try_file(undefined, ObjFilename, Mod, Rules) ->
 	Error -> Error
     end;
 try_file(Src, _ObjFilename, Mod, _Rules) ->
-    List = Mod:module_info(compile),
-    {options, Options} = lists:keyfind(options, 1, List),
+    List = case Mod:module_info(compile) of
+	       none -> [];
+	       List0 -> List0
+	   end,
+    Options = proplists:get_value(options, List, []),
     {ok, Cwd} = file:get_cwd(),
     AbsPath = make_abs_path(Cwd, Src),
     {AbsPath, filter_options(dirname(AbsPath), Options, [])}.
 
 %% Filters the options.
 %%
-%% 1) Remove options that have no effect on the generated code,
-%%    such as report and verbose.
+%% 1) Only keep options that have any effect on code generation.
 %%
 %% 2) The paths found in {i, Path} and {outdir, Path} are converted
 %%    to absolute paths.  When doing this, it is assumed that relatives
@@ -857,14 +859,10 @@ filter_options(Base, [{outdir, Path}|Rest], Result) ->
     filter_options(Base, Rest, [{outdir, make_abs_path(Base, Path)}|Result]);
 filter_options(Base, [{i, Path}|Rest], Result) ->
     filter_options(Base, Rest, [{i, make_abs_path(Base, Path)}|Result]);
-filter_options(Base, [Option|Rest], Result) when Option =:= trace ->
-    filter_options(Base, Rest, [Option|Result]);
 filter_options(Base, [Option|Rest], Result) when Option =:= export_all ->
     filter_options(Base, Rest, [Option|Result]);
 filter_options(Base, [Option|Rest], Result) when Option =:= binary ->
     filter_options(Base, Rest, [Option|Result]);
-filter_options(Base, [Option|Rest], Result) when Option =:= fast ->
-    filter_options(Base, Rest, [Option|Result]);
 filter_options(Base, [Tuple|Rest], Result) when element(1, Tuple) =:= d ->
     filter_options(Base, Rest, [Tuple|Result]);
 filter_options(Base, [Tuple|Rest], Result)
@@ -878,12 +876,7 @@ filter_options(_Base, [], Result) ->
 %% Gets the source file given path of object code and module name.
 
 get_source_file(Obj, Mod, Rules) ->
-    case catch Mod:module_info(source_file) of
-	{'EXIT', _Reason} ->
-	    source_by_rules(dirname(Obj), packages:last(Mod), Rules);
-	File ->
-	    {ok, File}
-    end.
+    source_by_rules(dirname(Obj), packages:last(Mod), Rules).
 
 source_by_rules(Dir, Base, [{From, To}|Rest]) ->
     case try_rule(Dir, Base, From, To) of
diff --git a/lib/stdlib/src/gen_event.erl b/lib/stdlib/src/gen_event.erl
index 343eb7d4e4..ca05df20c0 100644
--- a/lib/stdlib/src/gen_event.erl
+++ b/lib/stdlib/src/gen_event.erl
@@ -70,7 +70,8 @@
 
 -callback init(InitArgs :: term()) ->
     {ok, State :: term()} |
-    {ok, State :: term(), hibernate}.
+    {ok, State :: term(), hibernate} |
+    {error, Reason :: term()}.
 -callback handle_event(Event :: term(), State :: term()) ->
     {ok, NewState :: term()} |
     {ok, NewState :: term(), hibernate} |
diff --git a/lib/stdlib/src/gen_fsm.erl b/lib/stdlib/src/gen_fsm.erl
index 8d43846c92..51dc0bcee2 100644
--- a/lib/stdlib/src/gen_fsm.erl
+++ b/lib/stdlib/src/gen_fsm.erl
@@ -338,7 +338,7 @@ name_to_pid(Name) ->
 	undefined ->
 	    case global:whereis_name(Name) of
 		undefined ->
-		    exit(could_not_find_registerd_name);
+		    exit(could_not_find_registered_name);
 		Pid ->
 		    Pid
 	    end;
diff --git a/lib/stdlib/src/gen_server.erl b/lib/stdlib/src/gen_server.erl
index 244795df9f..b384e8baf7 100644
--- a/lib/stdlib/src/gen_server.erl
+++ b/lib/stdlib/src/gen_server.erl
@@ -134,7 +134,7 @@
     term().
 -callback code_change(OldVsn :: (term() | {down, term()}), State :: term(),
                       Extra :: term()) ->
-    {ok, NewState :: term()}.
+    {ok, NewState :: term()} | {error, Reason :: term()}.
 
 %%%  -----------------------------------------------------------------
 %%% Starts a generic server.
@@ -863,7 +863,7 @@ name_to_pid(Name) ->
 	undefined ->
 	    case global:whereis_name(Name) of
 		undefined ->
-		    exit(could_not_find_registerd_name);
+		    exit(could_not_find_registered_name);
 		Pid ->
 		    Pid
 	    end;
diff --git a/lib/stdlib/src/ms_transform.erl b/lib/stdlib/src/ms_transform.erl
index 63b397f3a5..4389fd457c 100644
--- a/lib/stdlib/src/ms_transform.erl
+++ b/lib/stdlib/src/ms_transform.erl
@@ -881,7 +881,6 @@ translate_language_element(Atom) ->
     end.
 
 old_bool_test(atom,1) -> is_atom;
-old_bool_test(constant,1) -> is_constant;
 old_bool_test(float,1) -> is_float;
 old_bool_test(integer,1) -> is_integer;
 old_bool_test(list,1) -> is_list;
@@ -896,7 +895,6 @@ old_bool_test(record,2) -> is_record;
 old_bool_test(_,_) -> undefined.
 
 bool_test(is_atom,1) -> true;
-bool_test(is_constant,1) -> true;
 bool_test(is_float,1) -> true;
 bool_test(is_integer,1) -> true;
 bool_test(is_list,1) -> true;
diff --git a/lib/stdlib/src/otp_internal.erl b/lib/stdlib/src/otp_internal.erl
index c1285dab60..b9fbef9ed0 100644
--- a/lib/stdlib/src/otp_internal.erl
+++ b/lib/stdlib/src/otp_internal.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -41,37 +41,12 @@ obsolete(Module, Name, Arity) ->
 	    no
     end.
 
-obsolete_1(init, get_flag, 1) ->
-    {removed, {init, get_argument, 1}, "R12B"};
-obsolete_1(init, get_flags, 0) ->
-    {removed, {init, get_arguments, 0}, "R12B"};
-obsolete_1(init, get_args, 0) ->
-    {removed, {init, get_plain_arguments, 0}, "R12B"};
-obsolete_1(unix, cmd, 1) ->
-    {removed, {os,cmd,1}, "R9B"};
-
 obsolete_1(net, _, _) ->
     {deprecated, "module 'net' obsolete; use 'net_adm'"};
 
 obsolete_1(erl_internal, builtins, 0) ->
     {deprecated, {erl_internal, bif, 2}};
 
-obsolete_1(string, re_sh_to_awk, 1) ->
-    {removed, {regexp, sh_to_awk, 1}, "R12B"};
-obsolete_1(string, re_parse, 1) ->
-    {removed, {regexp, parse, 1}, "R12B"};
-obsolete_1(string, re_match, 2) ->
-    {removed, {regexp, match, 2}, "R12B"};
-obsolete_1(string, re_sub, 3) ->
-    {removed, {regexp, sub, 3}, "R12B"};
-obsolete_1(string, re_gsub, 3) ->
-    {removed, {regexp, gsub, 3}, "R12B"};
-obsolete_1(string, re_split, 2) ->
-    {removed, {regexp, split, 2}, "R12B"};
-
-obsolete_1(string, index, 2) ->
-    {removed, {string, str, 2}, "R12B"};
-
 obsolete_1(erl_eval, seq, 2) ->
     {deprecated, {erl_eval, exprs, 2}};
 obsolete_1(erl_eval, seq, 3) ->
@@ -81,99 +56,9 @@ obsolete_1(erl_eval, arg_list, 2) ->
 obsolete_1(erl_eval, arg_list, 3) ->
     {deprecated, {erl_eval, expr_list, 3}};
 
-obsolete_1(erl_pp, seq, 1) ->
-    {removed, {erl_pp, exprs, 1}, "R12B"};
-obsolete_1(erl_pp, seq, 2) ->
-    {removed, {erl_pp, exprs, 2}, "R12B"};
-
-obsolete_1(io, scan_erl_seq, 1) ->
-    {removed, {io, scan_erl_exprs, 1}, "R12B"};
-obsolete_1(io, scan_erl_seq, 2) ->
-    {removed, {io, scan_erl_exprs, 2}, "R12B"};
-obsolete_1(io, scan_erl_seq, 3) ->
-    {removed, {io, scan_erl_exprs, 3}, "R12B"};
-obsolete_1(io, parse_erl_seq, 1) ->
-    {removed, {io, parse_erl_exprs, 1}, "R12B"};
-obsolete_1(io, parse_erl_seq, 2) ->
-    {removed, {io, parse_erl_exprs, 2}, "R12B"};
-obsolete_1(io, parse_erl_seq, 3) ->
-    {removed, {io, parse_erl_exprs, 3}, "R12B"};
-obsolete_1(io, parse_exprs, 2) ->
-    {removed, {io, parse_erl_exprs, 2}, "R12B"};
-
-obsolete_1(io_lib, scan, 1) ->
-    {removed, {erl_scan, string, 1}, "R12B"};
-obsolete_1(io_lib, scan, 2) ->
-    {removed, {erl_scan, string, 2}, "R12B"};
-obsolete_1(io_lib, scan, 3) ->
-    {removed, {erl_scan, tokens, 3}, "R12B"};
-obsolete_1(io_lib, reserved_word, 1) ->
-    {removed, {erl_scan, reserved_word, 1}, "R12B"};
-
-obsolete_1(lists, keymap, 4) ->
-    {removed, {lists, keymap, 3}, "R12B"};
-obsolete_1(lists, all, 3) ->
-    {removed, {lists, all, 2}, "R12B"};
-obsolete_1(lists, any, 3) ->
-    {removed, {lists, any, 2}, "R12B"};
-obsolete_1(lists, map, 3) ->
-    {removed, {lists, map, 2}, "R12B"};
-obsolete_1(lists, flatmap, 3) ->
-    {removed, {lists, flatmap, 2}, "R12B"};
-obsolete_1(lists, foldl, 4) ->
-    {removed, {lists, foldl, 3}, "R12B"};
-obsolete_1(lists, foldr, 4) ->
-    {removed, {lists, foldr, 3}, "R12B"};
-obsolete_1(lists, mapfoldl, 4) ->
-    {removed, {lists, mapfoldl, 3}, "R12B"};
-obsolete_1(lists, mapfoldr, 4) ->
-    {removed, {lists, mapfoldr, 3}, "R12B"};
-obsolete_1(lists, filter, 3) ->
-    {removed, {lists, filter, 2}, "R12B"};
-obsolete_1(lists, foreach, 3) ->
-    {removed, {lists, foreach, 2}, "R12B"};
-obsolete_1(lists, zf, 3) ->
-    {removed, {lists, zf, 2}, "R12B"};
-
-obsolete_1(ets, fixtable, 2) ->
-    {removed, {ets, safe_fixtable, 2}, "R12B"};
-
-obsolete_1(erlang, old_binary_to_term, 1) ->
-    {removed, {erlang, binary_to_term, 1}, "R12B"};
-obsolete_1(erlang, info, 1) ->
-    {removed, {erlang, system_info, 1}, "R12B"};
 obsolete_1(erlang, hash, 2) ->
     {deprecated, {erlang, phash2, 2}};
 
-obsolete_1(file, file_info, 1) ->
-    {removed, {file, read_file_info, 1}, "R12B"};
-
-obsolete_1(dict, dict_to_list, 1) ->
-    {removed, {dict,to_list,1}, "R12B"};
-obsolete_1(dict, list_to_dict, 1) ->
-    {removed, {dict,from_list,1}, "R12B"};
-obsolete_1(orddict, dict_to_list, 1) ->
-    {removed, {orddict,to_list,1}, "R12B"};
-obsolete_1(orddict, list_to_dict, 1) ->
-    {removed, {orddict,from_list,1}, "R12B"};
-
-obsolete_1(sets, new_set, 0) ->
-    {removed, {sets, new, 0}, "R12B"};
-obsolete_1(sets, set_to_list, 1) ->
-    {removed, {sets, to_list, 1}, "R12B"};
-obsolete_1(sets, list_to_set, 1) ->
-    {removed, {sets, from_list, 1}, "R12B"};
-obsolete_1(sets, subset, 2) ->
-    {removed, {sets, is_subset, 2}, "R12B"};
-obsolete_1(ordsets, new_set, 0) ->
-    {removed, {ordsets, new, 0}, "R12B"};
-obsolete_1(ordsets, set_to_list, 1) ->
-    {removed, {ordsets, to_list, 1}, "R12B"};
-obsolete_1(ordsets, list_to_set, 1) ->
-    {removed, {ordsets, from_list, 1}, "R12B"};
-obsolete_1(ordsets, subset, 2) ->
-    {removed, {ordsets, is_subset, 2}, "R12B"};
-
 obsolete_1(calendar, local_time_to_universal_time, 1) ->
     {deprecated, {calendar, local_time_to_universal_time_dst, 1}};
 
@@ -302,17 +187,6 @@ obsolete_1(auth, node_cookie, 1) ->
 obsolete_1(auth, node_cookie, 2) ->
     {deprecated, "Deprecated; use erlang:set_cookie/2 and net_adm:ping/1 instead"};
 
-%% Added in R11B-5.
-obsolete_1(http_base_64, _, _) ->
-    {removed, "The http_base_64 module was removed in R12B; use the base64 module instead"};
-obsolete_1(httpd_util, encode_base64, 1) ->
-    {removed, "Removed in R12B; use one of the encode functions in the base64 module instead"};
-obsolete_1(httpd_util, decode_base64, 1) ->
-    {removed, "Removed in R12B; use one of the decode functions in the base64 module instead"};
-obsolete_1(httpd_util, to_upper, 1) ->
-    {removed, {string, to_upper, 1}, "R12B"};
-obsolete_1(httpd_util, to_lower, 1) ->
-    {removed, {string, to_lower, 1}, "R12B"};
 obsolete_1(erlang, is_constant, 1) ->
     {removed, "Removed in R13B"};
 
@@ -431,7 +305,7 @@ obsolete_1(ssh_sshd, stop, 1) ->
 
 %% Added in R13A.
 obsolete_1(regexp, _, _) ->
-    {deprecated, "the regexp module is deprecated (will be removed in R15A); use the re module instead"};
+    {removed, "removed in R15; use the re module instead"};
 
 obsolete_1(lists, flat_length, 1) ->
     {removed,{lists,flatlength,1},"R14"};
@@ -463,20 +337,31 @@ obsolete_1(public_key, decode_private_key, A) when A =:= 1; A =:= 2 ->
 
 %% Added in R14B03.
 obsolete_1(docb_gen, _, _) ->
-    {deprecated,"the DocBuilder application is deprecated (will be removed in R15B)"};
+    {removed,"the DocBuilder application was removed in R15B"};
 obsolete_1(docb_transform, _, _) ->
-    {deprecated,"the DocBuilder application is deprecated (will be removed in R15B)"};
+    {removed,"the DocBuilder application was removed in R15B"};
 obsolete_1(docb_xml_check, _, _) ->
-    {deprecated,"the DocBuilder application is deprecated (will be removed in R15B)"};
+    {removed,"the DocBuilder application was removed in R15B"};
 
 %% Added in R15B
 obsolete_1(asn1rt, F, _) when F == load_driver; F == unload_driver ->
     {deprecated,"deprecated (will be removed in R16A); has no effect as drivers are no longer used."};
-
+obsolete_1(ssl, pid, 1) ->
+    {deprecated,"deprecated (will be removed in R17); is no longer needed"};
+obsolete_1(inviso, _, _) ->
+    {deprecated,"the inviso application has been deprecated and will be removed in R16"};
+
+%% Added in R15B01.
+obsolete_1(gs, _, _) ->
+    {deprecated,"the gs application has been deprecated and will be removed in R16; use the wx application instead"};
+obsolete_1(ssh, sign_data, 2) ->
+    {deprecated,"deprecated (will be removed in R16A); use public_key:pem_decode/1, public_key:pem_entry_decode/1 "
+     "and public_key:sign/3 instead"};
+obsolete_1(ssh, verify_data, 3) ->
+    {deprecated,"deprecated (will be removed in R16A); use public_key:ssh_decode/1, and public_key:verify/4 instead"};
 obsolete_1(_, _, _) ->
     no.
 
-
 -spec is_snmp_agent_function(atom(), byte()) -> boolean().
 
 is_snmp_agent_function(c,                     1) -> true;
diff --git a/lib/stdlib/src/regexp.erl b/lib/stdlib/src/regexp.erl
deleted file mode 100644
index 65f9ca247d..0000000000
--- a/lib/stdlib/src/regexp.erl
+++ /dev/null
@@ -1,557 +0,0 @@
-%%
-%% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
-%% 
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%% 
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%% 
-%% %CopyrightEnd%
-%%
--module(regexp).
-
-%% This entire module is deprecated and will be removed in a future
-%% release. Use the 're' module instead.
-%%
-%% This module provides a basic set of regular expression functions
-%% for strings. The functions provided are taken from AWK.
-%%
-%% Note that we interpret the syntax tree of a regular expression
-%% directly instead of converting it to an NFA and then interpreting
-%% that. This method seems to go significantly faster.
-
--export([sh_to_awk/1,parse/1,format_error/1,match/2,first_match/2,matches/2]).
--export([sub/3,gsub/3,split/2]).
-
--deprecated([sh_to_awk/1,parse/1,format_error/1,match/2,first_match/2,matches/2]).
--deprecated([sub/3,gsub/3,split/2]).
-
--import(string, [substr/2,substr/3]).
--import(lists, [reverse/1]).
-
--type errordesc() :: term().
--opaque regexp() :: term().
-
-%% -type matchres() = {match,Start,Length} | nomatch | {error,E}.
-%% -type subres() = {ok,RepString,RepCount} | {error,E}.
-%% -type splitres() = {ok,[SubString]} | {error,E}.
-
-%%-compile([export_all]).
-
-%% This is the regular expression grammar used. It is equivalent to the
-%% one used in AWK, except that we allow ^ $ to be used anywhere and fail
-%% in the matching.
-%%
-%% reg -> reg1 : '$1'.
-%% reg1 -> reg1 "|" reg2 : {'or','$1','$2'}.
-%% reg1 -> reg2 : '$1'.
-%% reg2 -> reg2 reg3 : {concat,'$1','$2'}.
-%% reg2 -> reg3 : '$1'.
-%% reg3 -> reg3 "*" : {kclosure,'$1'}.
-%% reg3 -> reg3 "+" : {pclosure,'$1'}.
-%% reg3 -> reg3 "?" : {optional,'$1'}.
-%% reg3 -> reg4 : '$1'.
-%% reg4 -> "(" reg ")" : '$2'.
-%% reg4 -> "\\" char : '$2'.
-%% reg4 -> "^" : bos.
-%% reg4 -> "$" : eos.
-%% reg4 -> "." : char.
-%% reg4 -> "[" class "]" : {char_class,char_class('$2')}
-%% reg4 -> "[" "^" class "]" : {comp_class,char_class('$3')}
-%% reg4 -> "\"" chars "\"" : char_string('$2')
-%% reg4 -> char : '$1'.
-%% reg4 -> empty : epsilon.
-%%  The grammar of the current regular expressions. The actual parser
-%%  is a recursive descent implementation of the grammar.
-
-reg(S) -> reg1(S).
-
-%% reg1 -> reg2 reg1'
-%% reg1' -> "|" reg2
-%% reg1' -> empty
-
-reg1(S0) ->
-    {L,S1} = reg2(S0),
-    reg1p(S1, L).
-
-reg1p([$||S0], L) ->
-    {R,S1} = reg2(S0),
-    reg1p(S1, {'or',L,R});
-reg1p(S, L) -> {L,S}.
-
-%% reg2 -> reg3 reg2'
-%% reg2' -> reg3
-%% reg2' -> empty
-
-reg2(S0) ->
-    {L,S1} = reg3(S0),
-    reg2p(S1, L).
-
-reg2p([C|S0], L) when C =/= $|, C =/= $) ->
-    {R,S1} = reg3([C|S0]),
-    reg2p(S1, {concat,L,R});
-reg2p(S, L) -> {L,S}.
-
-%% reg3 -> reg4 reg3'
-%% reg3' -> "*" reg3'
-%% reg3' -> "+" reg3'
-%% reg3' -> "?" reg3'
-%% reg3' -> empty
-
-reg3(S0) ->
-    {L,S1} = reg4(S0),
-    reg3p(S1, L).
-
-reg3p([$*|S], L) -> reg3p(S, {kclosure,L});
-reg3p([$+|S], L) -> reg3p(S, {pclosure,L});
-reg3p([$?|S], L) -> reg3p(S, {optional,L});
-reg3p(S, L) -> {L,S}.
-
--define(HEX(C), C >= $0 andalso C =< $9 orelse 
-                C >= $A andalso C =< $F orelse 
-                C >= $a andalso C =< $f).
-
-reg4([$(|S0]) ->
-    case reg(S0) of
-	{R,[$)|S1]} -> {R,S1};
-	{_R,_S} -> throw({error,{unterminated,"("}})
-    end;
-reg4([$\\,O1,O2,O3|S]) when
-  O1 >= $0, O1 =< $7, O2 >= $0, O2 =< $7, O3 >= $0, O3 =< $7 ->
-    {(O1*8 + O2)*8 + O3 - 73*$0,S};
-reg4([$\\,$x,H1,H2|S]) when ?HEX(H1), ?HEX(H2) ->
-    {erlang:list_to_integer([H1,H2], 16),S};
-reg4([$\\,$x,${|S]) ->
-    hex(S, []);
-reg4([$\\,$x|_]) ->
-    throw({error,{illegal,[$x]}});
-reg4([$\\,C|S]) -> {escape_char(C),S};
-reg4([$\\]) -> throw({error,{unterminated,"\\"}});
-reg4([$^|S]) -> {bos,S};
-reg4([$$|S]) -> {eos,S};
-reg4([$.|S]) -> {{comp_class,"\n"},S};
-reg4("[^" ++ S0) ->
-    case char_class(S0) of
-	{Cc,[$]|S1]} -> {{comp_class,Cc},S1};
-	{_Cc,_S} -> throw({error,{unterminated,"["}})
-    end;
-reg4([$[|S0]) ->
-    case char_class(S0) of
-	{Cc,[$]|S1]} -> {{char_class,Cc},S1};
-	{_Cc,_S1} -> throw({error,{unterminated,"["}})
-    end;
-%reg4([$"|S0]) ->
-%    case char_string(S0) of
-%	{St,[$"|S1]} -> {St,S1};
-%	{St,S1} -> throw({error,{unterminated,"\""}})
-%    end;
-reg4([C|S]) when C =/= $*, C =/= $+, C =/= $?, C =/= $] -> {C,S};
-reg4([C|_S]) -> throw({error,{illegal,[C]}});
-reg4([]) -> {epsilon,[]}.
-
-hex([C|Cs], L) when ?HEX(C) ->
-    hex(Cs, [C|L]);
-hex([$}|S], L) ->
-    case catch erlang:list_to_integer(lists:reverse(L), 16) of
-        V when V =< 16#FF ->
-            {V,S};
-        _ ->
-            throw({error,{illegal,[$}]}})
-    end;
-hex(_S, _) ->
-    throw({error,{unterminated,"\\x{"}}).
-
-escape_char($n) -> $\n;				%\n = LF
-escape_char($r) -> $\r;				%\r = CR
-escape_char($t) -> $\t;				%\t = TAB
-escape_char($v) -> $\v;				%\v = VT
-escape_char($b) -> $\b;				%\b = BS
-escape_char($f) -> $\f;				%\f = FF
-escape_char($e) -> $\e;				%\e = ESC
-escape_char($s) -> $\s;				%\s = SPACE
-escape_char($d) -> $\d;				%\d = DEL
-escape_char(C) -> C.
-
-char_class([$]|S]) -> char_class(S, [$]]);
-char_class(S) -> char_class(S, []).
-
-char($\\, [O1,O2,O3|S]) when
-  O1 >= $0, O1 =< $7, O2 >= $0, O2 =< $7, O3 >= $0, O3 =< $7 ->
-    {(O1*8 + O2)*8 + O3 - 73*$0,S};
-char($\\, [$x,H1,H2|S]) when ?HEX(H1), ?HEX(H2) ->
-    {erlang:list_to_integer([H1,H2], 16),S};
-char($\\,[$x,${|S]) ->
-    hex(S, []);
-char($\\,[$x|_]) ->
-    throw({error,{illegal,[$x]}});
-char($\\, [C|S]) -> {escape_char(C),S};
-char(C, S) -> {C,S}.
-
-char_class([C1|S0], Cc) when C1 =/= $] ->
-    case char(C1, S0) of
-	{Cf,[$-,C2|S1]} when C2 =/= $] ->
-	    case char(C2, S1) of
-		{Cl,S2} when Cf < Cl -> char_class(S2, [{Cf,Cl}|Cc]); 
-		{Cl,_S2} -> throw({error,{char_class,[Cf,$-,Cl]}})
-	    end;
-	{C,S1} -> char_class(S1, [C|Cc])
-    end;
-char_class(S, Cc) -> {Cc,S}.
-
-%char_string([C|S]) when C =/= $" -> char_string(S, C);
-%char_string(S) -> {epsilon,S}.
-
-%char_string([C|S0], L) when C =/= $" ->
-%    char_string(S0, {concat,L,C});
-%char_string(S, L) -> {L,S}.
-
-%% -deftype re_app_res() = {match,RestPos,Rest} | nomatch.
-
-%% re_apply(String, StartPos, RegExp) -> re_app_res().
-%%
-%%  Apply the (parse of the) regular expression RegExp to String.  If
-%%  there is a match return the position of the remaining string and
-%%  the string if else return 'nomatch'. BestMatch specifies if we want
-%%  the longest match, or just a match.
-%%
-%%  StartPos should be the real start position as it is used to decide
-%%  if we ae at the beginning of the string.
-%%
-%%  Pass two functions to re_apply_or so it can decide, on the basis
-%%  of BestMatch, whether to just any take any match or try both to
-%%  find the longest. This is slower but saves duplicatng code.
-
-re_apply(S, St, RE) -> re_apply(RE, [], S, St).
-
-re_apply(epsilon, More, S, P) ->		%This always matches
-    re_apply_more(More, S, P);
-re_apply({'or',RE1,RE2}, More, S, P) ->
-    re_apply_or(re_apply(RE1, More, S, P),
-		re_apply(RE2, More, S, P));
-re_apply({concat,RE1,RE2}, More, S0, P) ->
-    re_apply(RE1, [RE2|More], S0, P);
-re_apply({kclosure,CE}, More, S, P) ->
-    %% Be careful with the recursion, explicitly do one call before
-    %% looping.
-    re_apply_or(re_apply_more(More, S, P),
-		re_apply(CE, [{kclosure,CE}|More], S, P));
-re_apply({pclosure,CE}, More, S, P) ->
-    re_apply(CE, [{kclosure,CE}|More], S, P);
-re_apply({optional,CE}, More, S, P) ->
-    re_apply_or(re_apply_more(More, S, P),
-		re_apply(CE, More, S, P));
-re_apply(bos, More, S, 1) -> re_apply_more(More, S, 1);
-re_apply(eos, More, [$\n|S], P) -> re_apply_more(More, S, P);
-re_apply(eos, More, [], P) -> re_apply_more(More, [], P);
-re_apply({char_class,Cc}, More, [C|S], P) ->
-    case in_char_class(C, Cc) of
-	true -> re_apply_more(More, S, P+1);
-	false -> nomatch
-    end;
-re_apply({comp_class,Cc}, More, [C|S], P) ->
-    case in_char_class(C, Cc) of
-	true -> nomatch;
-	false -> re_apply_more(More, S, P+1)
-    end;
-re_apply(C, More, [C|S], P) when is_integer(C) ->
-    re_apply_more(More, S, P+1);
-re_apply(_RE, _More, _S, _P) -> nomatch.
-
-%% re_apply_more([RegExp], String, Length) -> re_app_res().
-
-re_apply_more([RE|More], S, P) -> re_apply(RE, More, S, P);
-re_apply_more([], S, P) -> {match,P,S}.
-
-%% in_char_class(Char, Class) -> bool().
-
-in_char_class(C, [{C1,C2}|_Cc]) when C >= C1, C =< C2 -> true;
-in_char_class(C, [C|_Cc]) -> true;
-in_char_class(C, [_|Cc]) -> in_char_class(C, Cc);
-in_char_class(_C, []) -> false.
-
-%% re_apply_or(Match1, Match2) -> re_app_res().
-%%  If we want the best match then choose the longest match, else just
-%%  choose one by trying sequentially.
-
-re_apply_or({match,P1,S1},   {match,P2,_S2}) when P1 >= P2 -> {match,P1,S1};
-re_apply_or({match,_P1,_S1}, {match,P2,S2}) -> {match,P2,S2};
-re_apply_or(nomatch, R2) -> R2;
-re_apply_or(R1, nomatch) -> R1.
-
-%% sh_to_awk(ShellRegExp)
-%%  Convert a sh style regexp into a full AWK one. The main difficulty is
-%%  getting character sets right as the conventions are different.
-
--spec sh_to_awk(ShRegExp) -> AwkRegExp when
-      ShRegExp :: string(),
-      AwkRegExp :: string().
-
-sh_to_awk(Sh) -> "^(" ++ sh_to_awk_1(Sh).	%Fix the beginning
-
-sh_to_awk_1([$*|Sh]) ->				%This matches any string
-    ".*" ++ sh_to_awk_1(Sh);
-sh_to_awk_1([$?|Sh]) ->				%This matches any character
-    [$.|sh_to_awk_1(Sh)];
-sh_to_awk_1([$[,$^,$]|Sh]) ->			%This takes careful handling
-    "\\^" ++ sh_to_awk_1(Sh);
-sh_to_awk_1("[^" ++ Sh) -> [$[|sh_to_awk_2(Sh, true)];
-sh_to_awk_1("[!" ++ Sh) -> "[^" ++ sh_to_awk_2(Sh, false);
-sh_to_awk_1([$[|Sh]) -> [$[|sh_to_awk_2(Sh, false)];
-sh_to_awk_1([C|Sh]) ->
-    %% Unspecialise everything else which is not an escape character.
-    case special_char(C) of
-	true -> [$\\,C|sh_to_awk_1(Sh)];
-	false -> [C|sh_to_awk_1(Sh)]
-    end;
-sh_to_awk_1([]) -> ")$".			%Fix the end
-
-sh_to_awk_2([$]|Sh], UpArrow) -> [$]|sh_to_awk_3(Sh, UpArrow)];
-sh_to_awk_2(Sh, UpArrow) -> sh_to_awk_3(Sh, UpArrow).
-
-sh_to_awk_3([$]|Sh], true) -> "^]" ++ sh_to_awk_1(Sh);
-sh_to_awk_3([$]|Sh], false) -> [$]|sh_to_awk_1(Sh)];
-sh_to_awk_3([C|Sh], UpArrow) -> [C|sh_to_awk_3(Sh, UpArrow)];
-sh_to_awk_3([], true) -> [$^|sh_to_awk_1([])];
-sh_to_awk_3([], false) -> sh_to_awk_1([]).
-
-%% -type special_char(char()) -> bool().
-%%  Test if a character is a special character.
-
-special_char($|) -> true;
-special_char($*) -> true;
-special_char($+) -> true;
-special_char($?) -> true;
-special_char($() -> true;
-special_char($)) -> true;
-special_char($\\) -> true;
-special_char($^) -> true;
-special_char($$) -> true;
-special_char($.) -> true;
-special_char($[) -> true;
-special_char($]) -> true;
-special_char($") -> true;
-special_char(_C) -> false.
-
-%% parse(RegExp) -> {ok,RE} | {error,E}.
-%%  Parse the regexp described in the string RegExp.
-
--spec parse(RegExp) -> ParseRes when
-      RegExp :: string(),
-      ParseRes :: {ok, RE} | {error, Error},
-      RE :: regexp(),
-      Error :: errordesc().
-
-parse(S) ->
-    case catch reg(S) of
-	{R,[]} -> {ok,R};
-	{_R,[C|_]} -> {error,{illegal,[C]}};
-	{error,E} -> {error,E}
-    end.
-
-%% format_error(Error) -> String.
-
--spec format_error(ErrorDescriptor) -> Chars when
-      ErrorDescriptor :: errordesc(),
-      Chars :: io_lib:chars().
-
-format_error({illegal,What}) -> ["illegal character `",What,"'"];
-format_error({unterminated,What}) -> ["unterminated `",What,"'"];
-format_error({char_class,What}) ->
-    ["illegal character class ",io_lib:write_string(What)].
-
-%% -type match(String, RegExp) -> matchres().
-%%  Find the longest match of RegExp in String.
-
--spec match(String, RegExp) -> MatchRes when
-      String :: string(),
-      RegExp :: string() | regexp(),
-      MatchRes :: {match, Start, Length} | nomatch | {error, Error},
-      Start :: pos_integer(),
-      Length :: pos_integer(),
-      Error :: errordesc().
-
-match(S, RegExp) when is_list(RegExp) ->
-    case parse(RegExp) of
-	{ok,RE} -> match(S, RE);
-	{error,E} -> {error,E}
-    end;
-match(S, RE) ->
-    case match(RE, S, 1, 0, -1) of
-	{Start,Len} when Len >= 0 ->
-	    {match,Start,Len};
-	{_Start,_Len} -> nomatch
-    end.
-
-match(RE, S, St, Pos, L) ->
-    case first_match(RE, S, St) of
-	{St1,L1} ->
-	    Nst = St1 + 1,
-	    if L1 > L -> match(RE, lists:nthtail(Nst-St, S), Nst, St1, L1);
-	       true -> match(RE, lists:nthtail(Nst-St, S), Nst, Pos, L)
-	    end;
-	nomatch -> {Pos,L}
-    end.
-
-%% -type first_match(String, RegExp) -> matchres().
-%%  Find the first match of RegExp in String.
-
--spec first_match(String, RegExp) -> MatchRes when
-      String :: string(),
-      RegExp :: string() | regexp(),
-      MatchRes :: {match, Start, Length} | nomatch | {error, Error},
-      Start :: pos_integer(),
-      Length :: pos_integer(),
-      Error :: errordesc().
-
-first_match(S, RegExp) when is_list(RegExp) ->
-    case parse(RegExp) of
-	{ok,RE} -> first_match(S, RE);
-	{error,E} -> {error,E}
-    end;
-first_match(S, RE) ->
-    case first_match(RE, S, 1) of
-	{Start,Len} when Len >= 0 ->
-	    {match,Start,Len};
-	nomatch -> nomatch
-    end.
-
-first_match(RE, S, St) when S =/= [] ->
-    case re_apply(S, St, RE) of
-	{match,P,_Rest} -> {St,P-St};
-	nomatch -> first_match(RE, tl(S), St+1)
-    end;
-first_match(_RE, [], _St) -> nomatch.
-
-%% -type matches(String, RegExp) -> {match,[{Start,Length}]} | {error,E}.
-%%  Return the all the non-overlapping matches of RegExp in String.
-
--spec matches(String, RegExp) -> MatchRes when
-      String :: string(),
-      RegExp :: string() | regexp(),
-      MatchRes :: {match, Matches} | {error, Error},
-      Matches :: [{Start, Length}],
-      Start :: pos_integer(),
-      Length :: pos_integer(),
-      Error :: errordesc().
-
-matches(S, RegExp) when is_list(RegExp) ->
-    case parse(RegExp) of
-	{ok,RE} -> matches(S, RE);
-	{error,E} -> {error,E}
-    end;
-matches(S, RE) ->
-    {match,matches(S, RE, 1)}.
-
-matches(S, RE, St) ->
-    case first_match(RE, S, St) of
-	{St1,0} -> [{St1,0}|matches(substr(S, St1+2-St), RE, St1+1)];
-	{St1,L1} -> [{St1,L1}|matches(substr(S, St1+L1+1-St), RE, St1+L1)];
-	nomatch -> []
-    end.
-
-%% -type sub(String, RegExp, Replace) -> subsres().
-%%  Substitute the first match of the regular expression RegExp with
-%%  the string Replace in String. Accept pre-parsed regular
-%%  expressions.
-
--spec sub(String, RegExp, New) -> SubRes when
-      String :: string(),
-      RegExp :: string() | regexp(),
-      New :: string(),
-      NewString :: string(),
-      SubRes :: {ok, NewString, RepCount} | {error, Error},
-      RepCount :: 0 | 1,
-      Error :: errordesc().
-
-sub(String, RegExp, Rep) when is_list(RegExp) ->
-    case parse(RegExp) of
-	{ok,RE} -> sub(String, RE, Rep);
-	{error,E} -> {error,E}
-    end;
-sub(String, RE, Rep) ->
-    Ss = sub_match(String, RE, 1),
-    {ok,sub_repl(Ss, Rep, String, 1),length(Ss)}.
-
-sub_match(S, RE, St) ->
-    case first_match(RE, S, St) of
-	{St1,L1} -> [{St1,L1}];
-	nomatch -> []
-    end.
-
-sub_repl([{St,L}|Ss], Rep, S, Pos) ->
-    Rs = sub_repl(Ss, Rep, S, St+L),
-    substr(S, Pos, St-Pos) ++ sub_repl(Rep, substr(S, St, L), Rs);
-sub_repl([], _Rep, S, Pos) -> substr(S, Pos).
-
-sub_repl([$&|Rep], M, Rest) -> M ++ sub_repl(Rep, M, Rest);
-sub_repl("\\&" ++ Rep, M, Rest) -> [$&|sub_repl(Rep, M, Rest)];
-sub_repl([C|Rep], M, Rest) -> [C|sub_repl(Rep, M, Rest)];
-sub_repl([], _M, Rest) -> Rest.
-
-%% -type gsub(String, RegExp, Replace) -> subres().
-%%  Substitute every match of the regular expression RegExp with the
-%%  string New in String. Accept pre-parsed regular expressions.
-
--spec gsub(String, RegExp, New) -> SubRes when
-      String :: string(),
-      RegExp :: string() | regexp(),
-      New :: string(),
-      NewString :: string(),
-      SubRes :: {ok, NewString, RepCount} | {error, Error},
-      RepCount :: non_neg_integer(),
-      Error :: errordesc().
-
-gsub(String, RegExp, Rep) when is_list(RegExp) ->
-    case parse(RegExp) of
-	{ok,RE} -> gsub(String, RE, Rep);
-	{error,E} -> {error,E}
-    end;
-gsub(String, RE, Rep) ->
-    Ss = matches(String, RE, 1),
-    {ok,sub_repl(Ss, Rep, String, 1),length(Ss)}.
-
-%% -type split(String, RegExp) -> splitres().
-%%  Split a string into substrings where the RegExp describes the
-%%  field seperator. The RegExp " " is specially treated.
-
--spec split(String, RegExp) -> SplitRes when
-      String :: string(),
-      RegExp :: string() | regexp(),
-      SplitRes :: {ok, FieldList} | {error, Error},
-      FieldList :: [string()],
-      Error :: errordesc().
-
-split(String, " ") ->				%This is really special
-    {ok,RE} = parse("[ \t]+"),
-    case split_apply(String, RE, true) of
-	[[]|Ss] -> {ok,Ss};
-	Ss -> {ok,Ss}
-    end;
-split(String, RegExp) when is_list(RegExp) ->
-    case parse(RegExp) of
-	{ok,RE} -> {ok,split_apply(String, RE, false)};
-	{error,E} -> {error,E}
-    end;
-split(String, RE) -> {ok,split_apply(String, RE, false)}.
-
-split_apply(S, RE, Trim) -> split_apply(S, 1, RE, Trim, []).
-
-split_apply([], _P, _RE, true, []) -> [];
-split_apply([], _P, _RE, _T, Sub) -> [reverse(Sub)];
-split_apply(S, P, RE, T, Sub) ->
-    case re_apply(S, P, RE) of
-	{match,P,_Rest} ->
-	    split_apply(tl(S), P+1, RE, T, [hd(S)|Sub]);
-	{match,P1,Rest} ->
-	    [reverse(Sub)|split_apply(Rest, P1, RE, T, [])];
-	nomatch ->
-	    split_apply(tl(S), P+1, RE, T, [hd(S)|Sub])
-    end.
diff --git a/lib/stdlib/src/shell.erl b/lib/stdlib/src/shell.erl
index 964697cae6..dc450f0ee6 100644
--- a/lib/stdlib/src/shell.erl
+++ b/lib/stdlib/src/shell.erl
@@ -1065,9 +1065,10 @@ local_func(F, As0, Bs0, _Shell, _RT, Lf, Ef) when is_atom(F) ->
     non_builtin_local_func(F,As,Bs).
 
 non_builtin_local_func(F,As,Bs) ->
-    case erlang:function_exported(user_default, F, length(As)) of
+    Arity = length(As),
+    case erlang:function_exported(user_default, F, Arity) of
 	true ->
-            {eval,{user_default,F},As,Bs};
+            {eval,erlang:make_fun(user_default, F, Arity),As,Bs};
 	false ->
 	    shell_default(F,As,Bs)
     end.
@@ -1079,7 +1080,7 @@ shell_default(F,As,Bs) ->
 	{module, _} ->
 	    case erlang:function_exported(M,F,A) of
 		true ->
-		    {eval,{M,F},As,Bs};		    
+		    {eval,erlang:make_fun(M, F, A),As,Bs};
 		false ->
 		    shell_undef(F,A)
 	    end;
diff --git a/lib/stdlib/src/stdlib.app.src b/lib/stdlib/src/stdlib.app.src
index 9d15f01683..a30685e830 100644
--- a/lib/stdlib/src/stdlib.app.src
+++ b/lib/stdlib/src/stdlib.app.src
@@ -2,7 +2,7 @@
 %% 
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -85,7 +85,6 @@
 	     queue,
 	     random,
 	     re,
-	     regexp,
 	     sets,
 	     shell,
 	     shell_default,
diff --git a/lib/stdlib/src/supervisor.erl b/lib/stdlib/src/supervisor.erl
index 2dd5ccce7a..ac5b078c29 100644
--- a/lib/stdlib/src/supervisor.erl
+++ b/lib/stdlib/src/supervisor.erl
@@ -37,7 +37,7 @@
 
 %%--------------------------------------------------------------------------
 
--type child()    :: pid() | 'undefined'.
+-type child()    :: 'undefined' | pid() | [pid()].
 -type child_id() :: term().
 -type mfargs()   :: {M :: module(), F :: atom(), A :: [term()] | undefined}.
 -type modules()  :: [module()] | 'dynamic'.
@@ -270,6 +270,8 @@ start_children(Children, SupName) -> start_children(Children, [], SupName).
 
 start_children([Child|Chs], NChildren, SupName) ->
     case do_start_child(SupName, Child) of
+	{ok, undefined} when Child#child.restart_type =:= temporary ->
+	    start_children(Chs, NChildren, SupName);
 	{ok, Pid} ->
 	    start_children(Chs, [Child#child{pid = Pid}|NChildren], SupName);
 	{ok, Pid, _Extra} ->
@@ -325,6 +327,8 @@ handle_call({start_child, EArgs}, _From, State) when ?is_simple(State) ->
     #child{mfargs = {M, F, A}} = Child,
     Args = A ++ EArgs,
     case do_start_child_i(M, F, Args) of
+	{ok, undefined} when Child#child.restart_type =:= temporary ->
+	    {reply, {ok, undefined}, State};
 	{ok, Pid} ->
 	    NState = save_dynamic_child(Child#child.restart_type, Pid, Args, State),
 	    {reply, {ok, Pid}, NState};
@@ -611,12 +615,12 @@ handle_start_child(Child, State) ->
     case get_child(Child#child.name, State) of
 	false ->
 	    case do_start_child(State#state.name, Child) of
+		{ok, undefined} when Child#child.restart_type =:= temporary ->
+		    {{ok, undefined}, State};
 		{ok, Pid} ->
-		    {{ok, Pid},
-		     save_child(Child#child{pid = Pid}, State)};
+		    {{ok, Pid}, save_child(Child#child{pid = Pid}, State)};
 		{ok, Pid, Extra} ->
-		    {{ok, Pid, Extra},
-		     save_child(Child#child{pid = Pid}, State)};
+		    {{ok, Pid, Extra}, save_child(Child#child{pid = Pid}, State)};
 		{error, What} ->
 		    {{error, {What, Child}}, State}
 	    end;
diff --git a/lib/stdlib/test/erl_eval_SUITE.erl b/lib/stdlib/test/erl_eval_SUITE.erl
index 369d8b224e..ca2f18a05a 100644
--- a/lib/stdlib/test/erl_eval_SUITE.erl
+++ b/lib/stdlib/test/erl_eval_SUITE.erl
@@ -1167,15 +1167,22 @@ do_funs(LFH, EFH) ->
                 [[[0]]], ['F'], LFH, EFH),
 
     %% Tests for a bug found by the Dialyzer - used to crash.
-    ?line check(fun() -> Pmod = erl_eval_helper:new(42), Pmod:add(5) end,
-		"begin Pmod = erl_eval_helper:new(42), Pmod:add(5) end.",
-		47,
-		['Pmod'], LFH, EFH),
-    ?line check(fun() -> Pmod = erl_eval_helper:new(42), B = Pmod:add(7), B end,
-		"begin Pmod = erl_eval_helper:new(42), B = Pmod:add(7), B end.",
-		49,
-		['B','Pmod'], LFH, EFH),
-
+    case test_server:is_native(erl_eval) of
+	true ->
+	    %% Parameterized modules are not supported by HiPE.
+	    ok;
+	false ->
+	    check(fun() -> Pmod = erl_eval_helper:new(42), Pmod:add(5) end,
+		  "begin Pmod = erl_eval_helper:new(42), Pmod:add(5) end.",
+		  47,
+		  ['Pmod'], LFH, EFH),
+	    check(fun() -> Pmod = erl_eval_helper:new(42),
+			   B = Pmod:add(7), B end,
+		  "begin Pmod = erl_eval_helper:new(42), "
+		  "B = Pmod:add(7), B end.",
+		  49,
+		  ['B','Pmod'], LFH, EFH)
+    end,
     ok.
 
 count_down(F, N) when N > 0 ->
diff --git a/lib/stdlib/test/erl_expand_records_SUITE.erl b/lib/stdlib/test/erl_expand_records_SUITE.erl
index f8c1ad783c..8b162cfda0 100644
--- a/lib/stdlib/test/erl_expand_records_SUITE.erl
+++ b/lib/stdlib/test/erl_expand_records_SUITE.erl
@@ -178,6 +178,9 @@ expr(Config) when is_list(Config) ->
                  true ->
                      not_ok
              end.
+
+         is_record(_, _, _) ->
+             error(wrong_is_record).
       ">>
       ],
 
@@ -366,6 +369,8 @@ strict(Config) when is_list(Config) ->
                  end
              catch error:_ -> ok
              end.
+         element(_, _) ->
+             error(wrong_element).
       ">>
       ],
     ?line run(Config, Ts1, [strict_record_tests]),
@@ -380,6 +385,8 @@ strict(Config) when is_list(Config) ->
              case foo of
                  _ when A#r2.a =:= 1 -> ok
              end.
+         element(_, _) ->
+             error(wrong_element).
       ">>
       ],
     ?line run(Config, Ts2, [no_strict_record_tests]),
@@ -415,6 +422,11 @@ update(Config) when is_list(Config) ->
          t2() ->
              R0 = #r{},
              #r{_ = R0#r{a = ok}}.
+
+         %% Implicit calls to setelement/3 must go to the BIF,
+         %% not to this function.
+         setelement(_, _, _) ->
+             erlang:error(wrong_setelement_called).
       ">>
       ],
     ?line run(Config, Ts),
diff --git a/lib/stdlib/test/erl_lint_SUITE.erl b/lib/stdlib/test/erl_lint_SUITE.erl
index 9041adbe5c..4e93f056ad 100644
--- a/lib/stdlib/test/erl_lint_SUITE.erl
+++ b/lib/stdlib/test/erl_lint_SUITE.erl
@@ -2631,7 +2631,35 @@ bif_clash(Config) when is_list(Config) ->
                  binary_part(A,B,C).
              ">>,
 	   [warn_unused_import],
-	   {warnings,[{2,erl_lint,{redefine_bif_import,{binary_part,3}}}]}}
+	   {warnings,[{2,erl_lint,{redefine_bif_import,{binary_part,3}}}]}},
+	  %% Don't accept call to a guard BIF if there is a local definition
+	  %% or an import with the same name. Note: is_record/2 is an
+	  %% exception, since it is more of syntatic sugar than a real BIF.
+	  {clash21,
+           <<"-export([is_list/1]).
+              -import(x, [is_tuple/1]).
+              -record(r, {a,b}).
+              x(T) when is_tuple(T) -> ok;
+              x(T) when is_list(T) -> ok.
+              y(T) when is_tuple(T) =:= true -> ok;
+              y(T) when is_list(T) =:= true -> ok;
+              y(T) when is_record(T, r, 3) -> ok;
+              y(T) when is_record(T, r, 3) =:= true -> ok;
+              y(T) when is_record(T, r) =:= true -> ok.
+              is_list(_) ->
+                ok.
+              is_record(_, _) ->
+                ok.
+              is_record(_, _, _) ->
+                ok.
+             ">>,
+	   [{no_auto_import,[{is_tuple,1}]}],
+	   {errors,[{4,erl_lint,{illegal_guard_local_call,{is_tuple,1}}},
+		    {5,erl_lint,{illegal_guard_local_call,{is_list,1}}},
+		    {6,erl_lint,{illegal_guard_local_call,{is_tuple,1}}},
+		    {7,erl_lint,{illegal_guard_local_call,{is_list,1}}},
+		    {8,erl_lint,{illegal_guard_local_call,{is_record,3}}},
+		    {9,erl_lint,{illegal_guard_local_call,{is_record,3}}}],[]}}
 	 ],
 
     ?line [] = run(Config, Ts),
diff --git a/lib/stdlib/test/ets_SUITE.erl b/lib/stdlib/test/ets_SUITE.erl
index 0e8849b5b3..59532b65a0 100644
--- a/lib/stdlib/test/ets_SUITE.erl
+++ b/lib/stdlib/test/ets_SUITE.erl
@@ -72,9 +72,10 @@
 	 exit_many_many_tables_owner/1]).
 -export([write_concurrency/1, heir/1, give_away/1, setopts/1]).
 -export([bad_table/1, types/1]).
+-export([otp_9932/1]).
 -export([otp_9423/1]).
 
--export([init_per_testcase/2]).
+-export([init_per_testcase/2, end_per_testcase/2]).
 %% Convenience for manual testing
 -export([random_test/0]).
 
@@ -145,6 +146,7 @@ all() ->
      exit_many_large_table_owner, exit_many_tables_owner,
      exit_many_many_tables_owner, write_concurrency, heir,
      give_away, setopts, bad_table, types,
+     otp_9932,
      otp_9423].
 
 groups() -> 
@@ -2385,6 +2387,8 @@ setopts_do(Opts) ->
     ?line {'EXIT',{badarg,_}} = (catch ets:setopts(T,{protection,private,false})),
     ?line {'EXIT',{badarg,_}} = (catch ets:setopts(T,protection)),
     ?line ets:delete(T),
+    unlink(Heir),
+    exit(Heir, bang),
     ok.
 
 bad_table(doc) -> ["All kinds of operations with bad table argument"];
@@ -5432,6 +5436,22 @@ types_do(Opts) ->
     ?line verify_etsmem(EtsMem).
 
 
+%% OTP-9932: Memory overwrite when inserting large integers in compressed bag.
+%% Will crash with segv on 64-bit opt if not fixed.
+otp_9932(Config) when is_list(Config) ->
+    T = ets:new(xxx, [bag, compressed]),    
+    Fun = fun(N) -> 
+		  Key = {1316110174588445 bsl N,1316110174588583 bsl N},
+		  S = {Key, Key},
+		  true = ets:insert(T, S),
+		  [S] = ets:lookup(T, Key),
+		  true = ets:insert(T, S),
+		  [S] = ets:lookup(T, Key)
+	  end,
+    lists:foreach(Fun, lists:seq(0, 16)),
+    ets:delete(T).
+    
+
 otp_9423(doc) -> ["vm-deadlock caused by race between ets:delete and others on write_concurrency table"];
 otp_9423(Config) when is_list(Config) ->
     InitF = fun(_) -> {0,0} end,
@@ -5645,7 +5665,8 @@ spawn_logger(Procs) ->
 					      true -> exit(Proc, kill);
 					      _ -> ok
 					  end,
-					  erlang:display(process_info(Proc)),
+					  erlang:display({"Waiting for 'DOWN' from", Proc,
+							  process_info(Proc), pid_status(Proc)}),
 					  receive
 					      {'DOWN', Mon, _, _, _} ->
 						  ok
@@ -5656,6 +5677,15 @@ spawn_logger(Procs) ->
 	    spawn_logger([From])
     end.
 
+pid_status(Pid) ->
+    try
+	erts_debug:get_internal_state({process_status, Pid})
+    catch
+	error:undef ->
+	    erts_debug:set_internal_state(available_internal_state, true),
+	    pid_status(Pid)
+    end. 
+
 start_spawn_logger() ->
     case whereis(ets_test_spawn_logger) of
 	Pid when is_pid(Pid) -> true;
diff --git a/lib/stdlib/test/filename_SUITE.erl b/lib/stdlib/test/filename_SUITE.erl
index 70b0d413dc..4cfa589660 100644
--- a/lib/stdlib/test/filename_SUITE.erl
+++ b/lib/stdlib/test/filename_SUITE.erl
@@ -483,6 +483,22 @@ find_src(Config) when is_list(Config) ->
     
     %% Try to find the source for a preloaded module.
     ?line {error,{preloaded,init}} = filename:find_src(init),
+
+    %% Make sure that find_src works for a slim BEAM file.
+    OldPath = code:get_path(),
+    try
+	PrivDir = ?config(priv_dir, Config),
+	code:add_patha(PrivDir),
+	Src = "simple",
+	SrcPath = filename:join(PrivDir, Src) ++ ".erl",
+	SrcContents = "-module(simple).\n",
+	ok = file:write_file(SrcPath, SrcContents),
+	{ok,simple} = compile:file(SrcPath, [slim,{outdir,PrivDir}]),
+	BeamPath = filename:join(PrivDir, Src),
+	{BeamPath,[]} = filename:find_src(simple)
+    after
+	code:set_path(OldPath)
+    end,
     ok.
 
 %%
diff --git a/lib/stdlib/test/ms_transform_SUITE.erl b/lib/stdlib/test/ms_transform_SUITE.erl
index c9688354b1..a17307b07b 100644
--- a/lib/stdlib/test/ms_transform_SUITE.erl
+++ b/lib/stdlib/test/ms_transform_SUITE.erl
@@ -455,7 +455,6 @@ old_guards(Config) when is_list(Config) ->
     ?line setup(Config),
     Tests = [
 	     {atom,is_atom},
-	     {constant,is_constant},
 	     {float,is_float},
 	     {integer,is_integer},
 	     {list,is_list},
@@ -490,7 +489,6 @@ old_guards(Config) when is_list(Config) ->
     ?line [{'$1',[{is_integer,'$1'},
 		  {is_float,'$1'},
 		  {is_atom,'$1'},
-		  {is_constant,'$1'},
 		  {is_list,'$1'},
 		  {is_number,'$1'},
 		  {is_pid,'$1'},
@@ -502,7 +500,7 @@ old_guards(Config) when is_list(Config) ->
 	    [true]}] =
 	compile_and_run(RD, <<
 			     "ets:fun2ms(fun(X) when integer(X),"
-			     "float(X), atom(X), constant(X),"
+			     "float(X), atom(X),"
 			     "list(X), number(X), pid(X),"
 			     "port(X), reference(X), tuple(X),"
 			     "binary(X), record(X,a) -> true end)"
@@ -530,7 +528,6 @@ autoimported(Config) when is_list(Config) ->
 	       {self,0},
                %{float,1}, see float_1_function/1
 	       {is_atom,1},
-	       {is_constant,1},
 	       {is_float,1},
 	       {is_integer,1},
 	       {is_list,1},
diff --git a/lib/stdlib/test/qlc_SUITE.erl b/lib/stdlib/test/qlc_SUITE.erl
index 9be547c690..50a76cdfb5 100644
--- a/lib/stdlib/test/qlc_SUITE.erl
+++ b/lib/stdlib/test/qlc_SUITE.erl
@@ -20,7 +20,6 @@
 %%% Purpose:Test Suite for the 'qlc' module.
 %%%-----------------------------------------------------------------
 -module(qlc_SUITE).
--compile(r12).
 
 -define(QLC, qlc).
 -define(QLCs, "qlc").
@@ -7402,70 +7401,37 @@ backward(doc) ->
     "OTP-6674. Join info and extra constants.";
 backward(suite) -> [];
 backward(Config) when is_list(Config) ->
-    case try_old_join_info(Config) of
-        ok ->
-            ok;
-        Reply ->
-            Reply
-    end.
-
--ifdef(debug).
-try_old_join_info(_Config) ->
+    try_old_join_info(Config),
     ok.
--else.
+
 try_old_join_info(Config) ->
-    case ?t:is_release_available("r12b") of
-        true ->
-            %% Check join info for handlers of extra constants. Start R12B-0.
-            ?line {ok, R12} = start_node_rel(r12, r12b, slave),
-            File  = filename("handle.erl", Config),
-            ?line file:write_file(File, 
-                <<"-module(handle).\n"
-                  "-export([create_handle/0, lookup_handle/0]).\n"
-                  "-include_lib(\"stdlib/include/qlc.hrl\").\n"
-                  "create_handle() ->\n"
-                  "  H1 = qlc:sort([{192.0,1,a},{192.0,2,b},{192.0,3,c}]),\n"
-                  "  qlc:q([{X, Y} || {B,X,_} <- H1,\n"
-                  "                   B =:= 192.0,\n"
-                  "                   {Y} <- [{0},{1},{2}],\n"
-                  "                   X == Y]).\n",
-                  "\n",
-                  "lookup_handle() ->\n"
-                  "  E = qlc_SUITE:table([{1,a},{2,b},{3,c}], 1, [1]),\n"
-                  "  qlc:q([{X, Y} || {X,_} <- E,\n"
-                  "                   {Y} <- [{0},{1},{2}],\n"
-                  "                   X =:= Y]).\n">>),
-            ?line {ok, handle} = rpc:call(R12, compile, file,
-                                          [File, [{outdir,?privdir}]]),
-            ?line {module, handle} = rpc:call(R12, code, load_abs,
-                                              [filename:rootname(File)]),
-            ?line H = rpc:call(R12, handle, create_handle, []),
-            ?line {module, handle} = code:load_abs(filename:rootname(File)),
-            ?line {block,0,
-                     [{match,_,_,
-                       {call,_,_,
-                        [{lc,_,_,
-                          [_,
-                           {op,_,'=:=',
-                            {float,_,192.0},
-                            {call,_,{atom,_,element},[{integer,_,1},_]}}]}]}},
-                      _,_,
-                      {call,_,_,
-                       [{lc,_,_,
-                         [_,
-                          {op,_,'=:=',{var,_,'B'},{float,_,192.0}},
-                          {op,_,'==',{var,_,'X'},{var,_,'Y'}}]}]}]} 
-                    = qlc:info(H,{format,abstract_code}),
-            ?line [{1,1},{2,2}] = qlc:e(H),
-            ?line H2 = rpc:call(R12, handle, lookup_handle, []),
-            ?line {qlc,_,[{generate,_,{qlc,_,_,[{join,lookup}]}},_],[]} =
-                qlc:info(H2, {format,debug}),
-            ?line [{1,1},{2,2}] = qlc:e(H2),
-            stop_node(R12);
-	false ->
-	    ?line {skipped, "No support for old node"}
-    end.
--endif.
+    %% Check join info for handlers of extra constants.
+    File = filename:join(?datadir, "join_info_compat.erl"),
+    M = join_info_compat,
+    {ok, M} = compile:file(File, [{outdir, ?datadir}]),
+    {module, M} = code:load_abs(filename:rootname(File)),
+    H = M:create_handle(),
+    {block,0,
+     [{match,_,_,
+       {call,_,_,
+        [{lc,_,_,
+          [_,
+           {op,_,'=:=',
+            {float,_,192.0},
+            {call,_,{atom,_,element},[{integer,_,1},_]}}]}]}},
+      _,_,
+      {call,_,_,
+       [{lc,_,_,
+         [_,
+          {op,_,'=:=',{var,_,'B'},{float,_,192.0}},
+          {op,_,'==',{var,_,'X'},{var,_,'Y'}}]}]}]}
+        = qlc:info(H,{format,abstract_code}),
+    [{1,1},{2,2}] = qlc:e(H),
+
+    H2 = M:lookup_handle(),
+    {qlc,_,[{generate,_,{qlc,_,_,[{join,lookup}]}},_],[]} =
+        qlc:info(H2, {format,debug}),
+    [{1,1},{2,2}] = qlc:e(H2).
 
 forward(doc) ->
     "";
@@ -8130,27 +8096,6 @@ fail(Source) ->
 
 %% Copied from global_SUITE.erl.
 
-start_node_rel(Name, Rel, How) ->
-    {Release, Compat} = case Rel of
-                            this ->
-                                {[this], "+R8"};
-                            Rel when is_atom(Rel) ->
-                                {[{release, atom_to_list(Rel)}], ""};
-                            RelList ->
-			       {RelList, ""}
-		       end,
-    ?line Pa = filename:dirname(code:which(?MODULE)),
-    ?line Res = test_server:start_node(Name, How, 
-                                       [{args,
-                                         Compat ++ 
-                                         " -kernel net_setuptime 100 "
-                                         " -pa " ++ Pa},
-                                        {erl, Release}]),
-    Res.
-
-stop_node(Node) ->
-    ?line ?t:stop_node(Node).
-
 install_error_logger() ->
     error_logger:add_report_handler(?MODULE, self()).
 
diff --git a/lib/stdlib/test/qlc_SUITE_data/join_info_compat.erl b/lib/stdlib/test/qlc_SUITE_data/join_info_compat.erl
new file mode 100644
index 0000000000..e0db132c47
--- /dev/null
+++ b/lib/stdlib/test/qlc_SUITE_data/join_info_compat.erl
@@ -0,0 +1,1771 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(join_info_compat).
+
+-compile(export_all).
+
+create_handle() ->
+    H1 = qlc:sort([{192.0,1,a},{192.0,2,b},{192.0,3,c}]),
+    qlc:q({qlc_lc,
+           % fun-info: {23,109048965,'-create_handle/0-fun-23-'}
+           fun() ->
+                  {qlc_v1,
+                   % fun-info: {2,105724313,'-create_handle/0-fun-2-'}
+                   fun(S01_0_1, RL01_0_1, Go01_0_1) ->
+                          Fun1_0_1 =
+                              % fun-info: {1,131900588,'-create_handle/0-fun-1-'}
+                              fun(0, RL1_0_1, _, _, _, _, _, _, _)
+                                     when is_list(RL1_0_1) ->
+                                     lists:reverse(RL1_0_1);
+                                 (0, _, _, _, _, _, _, _, _) ->
+                                     [];
+                                 (1,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  C1_1_1,
+                                  B1,
+                                  X1)
+                                     when is_list(RL1_0_1) ->
+                                     Fun1_0_1(element(1, Go1_0_1),
+                                              [{X1,Y1}|RL1_0_1],
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              C1_1_1,
+                                              B1,
+                                              X1);
+                                 (1,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     [{X1,Y1}|
+                                      % fun-info: {0,27702789,'-create_handle/0-fun-0-'}
+                                      fun() ->
+                                             Fun1_0_1(element(1,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1)
+                                      end];
+                                 (2,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  _,
+                                  B1,
+                                  X1) ->
+                                     Fun1_0_1(3,
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              element(4, Go1_0_1),
+                                              B1,
+                                              X1);
+                                 (3,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  [{B1,X1,_}|C1_0_1],
+                                  _,
+                                  _) ->
+                                     Fun1_0_1(element(3, Go1_0_1),
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              C1_0_1,
+                                              B1,
+                                              X1);
+                                 (3,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  [_|C1_0_1],
+                                  _,
+                                  _) ->
+                                     Fun1_0_1(3,
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              C1_0_1,
+                                              [],
+                                              []);
+                                 (3,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  [],
+                                  _,
+                                  _) ->
+                                     Fun1_0_1(element(2, Go1_0_1),
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              [],
+                                              [],
+                                              []);
+                                 (3,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  C1_1_1,
+                                  _,
+                                  _) ->
+                                     case C1_1_1() of
+                                         [{B1,X1,_}|C1_0_1] ->
+                                             Fun1_0_1(element(3,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_0_1,
+                                                      B1,
+                                                      X1);
+                                         [_|C1_0_1] ->
+                                             Fun1_0_1(3,
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_0_1,
+                                                      [],
+                                                      []);
+                                         [] ->
+                                             Fun1_0_1(element(2,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      [],
+                                                      [],
+                                                      []);
+                                         E1_0_1 ->
+                                             E1_0_1
+                                     end;
+                                 (4,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     if
+                                         B1 =:= 192.0 ->
+                                             Fun1_0_1(element(6,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1);
+                                         true ->
+                                             Fun1_0_1(element(5,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1)
+                                     end;
+                                 (5,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  _,
+                                  Y1,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     Fun1_0_1(6,
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              element(9, Go1_0_1),
+                                              Y1,
+                                              C1_1_1,
+                                              B1,
+                                              X1);
+                                 (6,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  [{Y1}|C1_0_1],
+                                  _,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     Fun1_0_1(element(8, Go1_0_1),
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_0_1,
+                                              Y1,
+                                              C1_1_1,
+                                              B1,
+                                              X1);
+                                 (6,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  [_|C1_0_1],
+                                  _,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     Fun1_0_1(6,
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_0_1,
+                                              [],
+                                              C1_1_1,
+                                              B1,
+                                              X1);
+                                 (6,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  [],
+                                  _,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     Fun1_0_1(element(7, Go1_0_1),
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              [],
+                                              [],
+                                              C1_1_1,
+                                              B1,
+                                              X1);
+                                 (6,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  _,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     case C1_3_1() of
+                                         [{Y1}|C1_0_1] ->
+                                             Fun1_0_1(element(8,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_0_1,
+                                                      Y1,
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1);
+                                         [_|C1_0_1] ->
+                                             Fun1_0_1(6,
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_0_1,
+                                                      [],
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1);
+                                         [] ->
+                                             Fun1_0_1(element(7,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      [],
+                                                      [],
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1);
+                                         E1_0_1 ->
+                                             E1_0_1
+                                     end;
+                                 (7,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  C1_1_1,
+                                  B1,
+                                  X1) ->
+                                     if
+                                         X1 == Y1 ->
+                                             Fun1_0_1(element(11,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1);
+                                         true ->
+                                             Fun1_0_1(element(10,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_1_1,
+                                                      B1,
+                                                      X1)
+                                     end;
+                                 (8,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  Y1,
+                                  _,
+                                  B1,
+                                  X1) ->
+                                     Fun1_0_1(9,
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              element(14, Go1_0_1),
+                                              B1,
+                                              X1);
+                                 (9,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  _,
+                                  [[{B1,X1,_}|{Y1}]|C1_0_1],
+                                  _,
+                                  _) ->
+                                     Fun1_0_1(element(13, Go1_0_1),
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              Y1,
+                                              C1_0_1,
+                                              B1,
+                                              X1);
+                                 (9,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  _,
+                                  [_|C1_0_1],
+                                  _,
+                                  _) ->
+                                     Fun1_0_1(9,
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              [],
+                                              C1_0_1,
+                                              [],
+                                              []);
+                                 (9,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  _,
+                                  [],
+                                  _,
+                                  _) ->
+                                     Fun1_0_1(element(12, Go1_0_1),
+                                              RL1_0_1,
+                                              Fun1_0_1,
+                                              Go1_0_1,
+                                              C1_3_1,
+                                              [],
+                                              [],
+                                              [],
+                                              []);
+                                 (9,
+                                  RL1_0_1,
+                                  Fun1_0_1,
+                                  Go1_0_1,
+                                  C1_3_1,
+                                  _,
+                                  C1_1_1,
+                                  _,
+                                  _) ->
+                                     case C1_1_1() of
+                                         [[{B1,X1,_}|{Y1}]|C1_0_1] ->
+                                             Fun1_0_1(element(13,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      Y1,
+                                                      C1_0_1,
+                                                      B1,
+                                                      X1);
+                                         [_|C1_0_1] ->
+                                             Fun1_0_1(9,
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      [],
+                                                      C1_0_1,
+                                                      [],
+                                                      []);
+                                         [] ->
+                                             Fun1_0_1(element(12,
+                                                              Go1_0_1),
+                                                      RL1_0_1,
+                                                      Fun1_0_1,
+                                                      Go1_0_1,
+                                                      C1_3_1,
+                                                      [],
+                                                      [],
+                                                      [],
+                                                      []);
+                                         E1_0_1 ->
+                                             E1_0_1
+                                     end
+                              end,
+                          Fun1_0_1(S01_0_1,
+                                   RL01_0_1,
+                                   Fun1_0_1,
+                                   Go01_0_1,
+                                   [],
+                                   [],
+                                   [],
+                                   [],
+                                   [])
+                   end,
+                   % fun-info: {3,41816426,'-create_handle/0-fun-3-'}
+                   fun() ->
+                          {<<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $.:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $):8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $\026:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $r:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $F:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $":8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $<:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $):8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $\026:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $r:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $::8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $":8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $Y:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $9:8/integer-unit:1-unsigned-big,
+                             $\r:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $H:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $e:8/integer-unit:1-unsigned-big,
+                             $\211:8/integer-unit:1-unsigned-big,
+                             $E:8/integer-unit:1-unsigned-big,
+                             $\s:8/integer-unit:1-unsigned-big,
+                             $>:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\023:8/integer-unit:1-unsigned-big,
+                             $\210:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\232:8/integer-unit:1-unsigned-big,
+                             $\226:8/integer-unit:1-unsigned-big,
+                             $\223:8/integer-unit:1-unsigned-big,
+                             $\237:8/integer-unit:1-unsigned-big,
+                             $X:8/integer-unit:1-unsigned-big,
+                             $\222:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\235:8/integer-unit:1-unsigned-big,
+                             $l:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $g:8/integer-unit:1-unsigned-big,
+                             $i:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\200:8/integer-unit:1-unsigned-big,
+                             $\001:8/integer-unit:1-unsigned-big,
+                             $R:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\r:8/integer-unit:1-unsigned-big,
+                             $\214:8/integer-unit:1-unsigned-big,
+                             $\030:8/integer-unit:1-unsigned-big,
+                             $@:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $c:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\017:8/integer-unit:1-unsigned-big,
+                             $=:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $h:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\005:8/integer-unit:1-unsigned-big,
+                             $t:8/integer-unit:1-unsigned-big,
+                             $u:8/integer-unit:1-unsigned-big,
+                             $p:8/integer-unit:1-unsigned-big,
+                             $l:8/integer-unit:1-unsigned-big,
+                             $e:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $\f:8/integer-unit:1-unsigned-big,
+                             $l:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\001:8/integer-unit:1-unsigned-big,
+                             $h:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $v:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $r:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $\f:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\001:8/integer-unit:1-unsigned-big,
+                             $Y:8/integer-unit:1-unsigned-big,
+                             $j:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $*:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $H:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\005:8/integer-unit:1-unsigned-big,
+                             $R:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\031:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $):8/integer-unit:1-unsigned-big,
+                             $\f:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $e:8/integer-unit:1-unsigned-big,
+                             $\211:8/integer-unit:1-unsigned-big,
+                             $E:8/integer-unit:1-unsigned-big,
+                             $\s:8/integer-unit:1-unsigned-big,
+                             $.:8/integer-unit:1-unsigned-big,
+                             $c:8/integer-unit:1-unsigned-big,
+                             $\004:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $\022:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\205:8/integer-unit:1-unsigned-big,
+                             $\t:8/integer-unit:1-unsigned-big,
+                             $\216:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $j:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $+:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\f:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\024:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\222:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\202:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $D:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\034:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $f:8/integer-unit:1-unsigned-big,
+                             $\220:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $s:8/integer-unit:1-unsigned-big,
+                             $Y:8/integer-unit:1-unsigned-big,
+                             $b:8/integer-unit:1-unsigned-big,
+                             $Q:8/integer-unit:1-unsigned-big,
+                             $":8/integer-unit:1-unsigned-big,
+                             $W:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\023:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $\002:8/integer-unit:1-unsigned-big,
+                             $\205:8/integer-unit:1-unsigned-big,
+                             $\027:8/integer-unit:1-unsigned-big,
+                             $\237:8/integer-unit:1-unsigned-big,
+                             $\205:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $\007:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $\021:8/integer-unit:1-unsigned-big,
+                             $.:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $\224:8/integer-unit:1-unsigned-big,
+                             $\217:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\002:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\203:8/integer-unit:1-unsigned-big,
+                             $>:8/integer-unit:1-unsigned-big,
+                             $\034:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big>>}
+                   end,
+                   [{1,
+                     2,
+                     2,
+                     {gen,
+                      % fun-info: {4,131674517,'-create_handle/0-fun-4-'}
+                      fun() ->
+                             H1
+                      end}},
+                    {2,5,4,fil},
+                    {3,
+                     7,
+                     5,
+                     {gen,
+                      % fun-info: {5,108000324,'-create_handle/0-fun-5-'}
+                      fun() ->
+                             [{0},{1},{2}]
+                      end}},
+                    {4,10,7,fil},
+                    {5,
+                     12,
+                     8,
+                     {gen,
+                      {join,
+                       '==',
+                       1,
+                       3,
+                       % fun-info: {9,59718458,'-create_handle/0-fun-9-'}
+                       fun(H1_0_1) ->
+                              F1_0_1 =
+                                  % fun-info: {7,779460,'-create_handle/0-fun-7-'}
+                                  fun(_, []) ->
+                                         [];
+                                     (F1_0_1, [O1_0_1|C1_0_1]) ->
+                                         case O1_0_1 of
+                                             {_,_,_}
+                                                 when
+                                                     192.0
+                                                     =:=
+                                                     element(1, O1_0_1) ->
+                                                 [O1_0_1|
+                                                  % fun-info: {6,23729943,'-create_handle/0-fun-6-'}
+                                                  fun() ->
+                                                         F1_0_1(F1_0_1,
+                                                                C1_0_1)
+                                                  end];
+                                             _ ->
+                                                 F1_0_1(F1_0_1, C1_0_1)
+                                         end;
+                                     (F1_0_1, C1_0_1)
+                                         when is_function(C1_0_1) ->
+                                         F1_0_1(F1_0_1, C1_0_1());
+                                     (_, C1_0_1) ->
+                                         C1_0_1
+                                  end,
+                              % fun-info: {8,43652904,'-create_handle/0-fun-8-'}
+                              fun() ->
+                                     F1_0_1(F1_0_1, H1_0_1)
+                              end
+                       end,
+                       % fun-info: {13,102310144,'-create_handle/0-fun-13-'}
+                       fun(H1_0_1) ->
+                              F1_0_1 =
+                                  % fun-info: {11,74362432,'-create_handle/0-fun-11-'}
+                                  fun(_, []) ->
+                                         [];
+                                     (F1_0_1, [O1_0_1|C1_0_1]) ->
+                                         case O1_0_1 of
+                                             {_} ->
+                                                 [O1_0_1|
+                                                  % fun-info: {10,23729943,'-create_handle/0-fun-10-'}
+                                                  fun() ->
+                                                         F1_0_1(F1_0_1,
+                                                                C1_0_1)
+                                                  end];
+                                             _ ->
+                                                 F1_0_1(F1_0_1, C1_0_1)
+                                         end;
+                                     (F1_0_1, C1_0_1)
+                                         when is_function(C1_0_1) ->
+                                         F1_0_1(F1_0_1, C1_0_1());
+                                     (_, C1_0_1) ->
+                                         C1_0_1
+                                  end,
+                              % fun-info: {12,43652904,'-create_handle/0-fun-12-'}
+                              fun() ->
+                                     F1_0_1(F1_0_1, H1_0_1)
+                              end
+                       end,
+                       % fun-info: {14,17838355,'-create_handle/0-fun-14-'}
+                       fun() ->
+                              {[{1,[192.0]}],[],[]}
+                       end}}}],
+                   % fun-info: {22,31304647,'-create_handle/0-fun-22-'}
+                   fun(join) ->
+                          {[[{1,"\002"},{3,"\001"}]],[]};
+                      (size) ->
+                          % fun-info: {15,31963143,'-create_handle/0-fun-15-'}
+                          fun(0) ->
+                                 2;
+                             (1) ->
+                                 3;
+                             (3) ->
+                                 1;
+                             (_) ->
+                                 undefined
+                          end;
+                      (template) ->
+                          % fun-info: {16,113413274,'-create_handle/0-fun-16-'}
+                          fun({1,2}, '=:=') ->
+                                 "\001";
+                             ({1,2}, '==') ->
+                                 "\001\002";
+                             ({3,1}, '=:=') ->
+                                 "\002";
+                             ({3,1}, '==') ->
+                                 "\001\002";
+                             (_, _) ->
+                                 []
+                          end;
+                      (constants) ->
+                          % fun-info: {18,52148739,'-create_handle/0-fun-18-'}
+                          fun(1) ->
+                                 % fun-info: {17,5864387,'-create_handle/0-fun-17-'}
+                                 fun(1) ->
+                                        {values,[192.0],{some,[2]}};
+                                    (_) ->
+                                        false
+                                 end;
+                             (_) ->
+                                 no_column_fun
+                          end;
+                      (n_leading_constant_columns) ->
+                          % fun-info: {19,82183172,'-create_handle/0-fun-19-'}
+                          fun(1) ->
+                                 1;
+                             (_) ->
+                                 0
+                          end;
+                      (constant_columns) ->
+                          % fun-info: {20,80910005,'-create_handle/0-fun-20-'}
+                          fun(1) ->
+                                 "\001";
+                             (_) ->
+                                 []
+                          end;
+                      (match_specs) ->
+                          % fun-info: {21,91764346,'-create_handle/0-fun-21-'}
+                          fun(1) ->
+                                 {[{{'$1','$2','_'},
+                                    [{'=:=','$1',192.0}],
+                                    ['$_']}],
+                                  "\002"};
+                             (_) ->
+                                 undefined
+                          end;
+                      (_) ->
+                          undefined
+                   end}
+           end,
+           undefined}).
+
+lookup_handle() ->
+    E = qlc_SUITE:table([{1,a},{2,b},{3,c}], 1, [1]),
+    qlc:q({qlc_lc,
+           % fun-info: {46,120768015,'-lookup_handle/0-fun-22-'}
+           fun() ->
+                  {qlc_v1,
+                   % fun-info: {26,82970908,'-lookup_handle/0-fun-2-'}
+                   fun(S02_0_1, RL02_0_1, Go02_0_1) ->
+                          Fun2_0_1 =
+                              % fun-info: {25,75235357,'-lookup_handle/0-fun-1-'}
+                              fun(0, RL2_0_1, _, _, _, _, _, _)
+                                     when is_list(RL2_0_1) ->
+                                     lists:reverse(RL2_0_1);
+                                 (0, _, _, _, _, _, _, _) ->
+                                     [];
+                                 (1,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  C2_1_1,
+                                  X2)
+                                     when is_list(RL2_0_1) ->
+                                     Fun2_0_1(element(1, Go2_0_1),
+                                              [{X2,Y2}|RL2_0_1],
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              C2_1_1,
+                                              X2);
+                                 (1,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  C2_1_1,
+                                  X2) ->
+                                     [{X2,Y2}|
+                                      % fun-info: {24,124255471,'-lookup_handle/0-fun-0-'}
+                                      fun() ->
+                                             Fun2_0_1(element(1,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      C2_1_1,
+                                                      X2)
+                                      end];
+                                 (2,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  _,
+                                  X2) ->
+                                     Fun2_0_1(3,
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              element(4, Go2_0_1),
+                                              X2);
+                                 (3,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  [{X2,_}|C2_0_1],
+                                  _) ->
+                                     Fun2_0_1(element(3, Go2_0_1),
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              C2_0_1,
+                                              X2);
+                                 (3,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  [_|C2_0_1],
+                                  _) ->
+                                     Fun2_0_1(3,
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              C2_0_1,
+                                              []);
+                                 (3,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  [],
+                                  _) ->
+                                     Fun2_0_1(element(2, Go2_0_1),
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              [],
+                                              []);
+                                 (3,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  C2_1_1,
+                                  _) ->
+                                     case C2_1_1() of
+                                         [{X2,_}|C2_0_1] ->
+                                             Fun2_0_1(element(3,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      C2_0_1,
+                                                      X2);
+                                         [_|C2_0_1] ->
+                                             Fun2_0_1(3,
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      C2_0_1,
+                                                      []);
+                                         [] ->
+                                             Fun2_0_1(element(2,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      [],
+                                                      []);
+                                         E2_0_1 ->
+                                             E2_0_1
+                                     end;
+                                 (4,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  _,
+                                  Y2,
+                                  C2_1_1,
+                                  X2) ->
+                                     Fun2_0_1(5,
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              element(7, Go2_0_1),
+                                              Y2,
+                                              C2_1_1,
+                                              X2);
+                                 (5,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  [{Y2}|C2_0_1],
+                                  _,
+                                  C2_1_1,
+                                  X2) ->
+                                     Fun2_0_1(element(6, Go2_0_1),
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_0_1,
+                                              Y2,
+                                              C2_1_1,
+                                              X2);
+                                 (5,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  [_|C2_0_1],
+                                  _,
+                                  C2_1_1,
+                                  X2) ->
+                                     Fun2_0_1(5,
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_0_1,
+                                              [],
+                                              C2_1_1,
+                                              X2);
+                                 (5,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  [],
+                                  _,
+                                  C2_1_1,
+                                  X2) ->
+                                     Fun2_0_1(element(5, Go2_0_1),
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              [],
+                                              [],
+                                              C2_1_1,
+                                              X2);
+                                 (5,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  _,
+                                  C2_1_1,
+                                  X2) ->
+                                     case C2_2_1() of
+                                         [{Y2}|C2_0_1] ->
+                                             Fun2_0_1(element(6,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_0_1,
+                                                      Y2,
+                                                      C2_1_1,
+                                                      X2);
+                                         [_|C2_0_1] ->
+                                             Fun2_0_1(5,
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_0_1,
+                                                      [],
+                                                      C2_1_1,
+                                                      X2);
+                                         [] ->
+                                             Fun2_0_1(element(5,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      [],
+                                                      [],
+                                                      C2_1_1,
+                                                      X2);
+                                         E2_0_1 ->
+                                             E2_0_1
+                                     end;
+                                 (6,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  C2_1_1,
+                                  X2) ->
+                                     if
+                                         X2 =:= Y2 ->
+                                             Fun2_0_1(element(9,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      C2_1_1,
+                                                      X2);
+                                         true ->
+                                             Fun2_0_1(element(8,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      C2_1_1,
+                                                      X2)
+                                     end;
+                                 (7,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  Y2,
+                                  _,
+                                  X2) ->
+                                     Fun2_0_1(8,
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              element(12, Go2_0_1),
+                                              X2);
+                                 (8,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  _,
+                                  [[{X2,_}|{Y2}]|C2_0_1],
+                                  _) ->
+                                     Fun2_0_1(element(11, Go2_0_1),
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              Y2,
+                                              C2_0_1,
+                                              X2);
+                                 (8,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  _,
+                                  [_|C2_0_1],
+                                  _) ->
+                                     Fun2_0_1(8,
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              [],
+                                              C2_0_1,
+                                              []);
+                                 (8,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  _,
+                                  [],
+                                  _) ->
+                                     Fun2_0_1(element(10, Go2_0_1),
+                                              RL2_0_1,
+                                              Fun2_0_1,
+                                              Go2_0_1,
+                                              C2_2_1,
+                                              [],
+                                              [],
+                                              []);
+                                 (8,
+                                  RL2_0_1,
+                                  Fun2_0_1,
+                                  Go2_0_1,
+                                  C2_2_1,
+                                  _,
+                                  C2_1_1,
+                                  _) ->
+                                     case C2_1_1() of
+                                         [[{X2,_}|{Y2}]|C2_0_1] ->
+                                             Fun2_0_1(element(11,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      Y2,
+                                                      C2_0_1,
+                                                      X2);
+                                         [_|C2_0_1] ->
+                                             Fun2_0_1(8,
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      [],
+                                                      C2_0_1,
+                                                      []);
+                                         [] ->
+                                             Fun2_0_1(element(10,
+                                                              Go2_0_1),
+                                                      RL2_0_1,
+                                                      Fun2_0_1,
+                                                      Go2_0_1,
+                                                      C2_2_1,
+                                                      [],
+                                                      [],
+                                                      []);
+                                         E2_0_1 ->
+                                             E2_0_1
+                                     end
+                              end,
+                          Fun2_0_1(S02_0_1,
+                                   RL02_0_1,
+                                   Fun2_0_1,
+                                   Go02_0_1,
+                                   [],
+                                   [],
+                                   [],
+                                   [])
+                   end,
+                   % fun-info: {27,111349661,'-lookup_handle/0-fun-3-'}
+                   fun() ->
+                          {<<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $.:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $):8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $\024:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $\026:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $F:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $":8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\206:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $.:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $):8/integer-unit:1-unsigned-big,
+                             $-:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $\024:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $\026:8/integer-unit:1-unsigned-big,
+                             $%:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $0:8/integer-unit:1-unsigned-big,
+                             $F:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\222:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $h:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\005:8/integer-unit:1-unsigned-big,
+                             $t:8/integer-unit:1-unsigned-big,
+                             $u:8/integer-unit:1-unsigned-big,
+                             $p:8/integer-unit:1-unsigned-big,
+                             $l:8/integer-unit:1-unsigned-big,
+                             $e:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $\022:8/integer-unit:1-unsigned-big,
+                             $l:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\001:8/integer-unit:1-unsigned-big,
+                             $h:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $v:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $r:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $\022:8/integer-unit:1-unsigned-big,
+                             $d:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\001:8/integer-unit:1-unsigned-big,
+                             $Y:8/integer-unit:1-unsigned-big,
+                             $j:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $+:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $H:8/integer-unit:1-unsigned-big,
+                             $\024:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $e:8/integer-unit:1-unsigned-big,
+                             $\211:8/integer-unit:1-unsigned-big,
+                             $E:8/integer-unit:1-unsigned-big,
+                             $\s:8/integer-unit:1-unsigned-big,
+                             $>:8/integer-unit:1-unsigned-big,
+                             $c:8/integer-unit:1-unsigned-big,
+                             $\004:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $\022:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\227:8/integer-unit:1-unsigned-big,
+                             $\t:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big>>,
+                           <<$\203:8/integer-unit:1-unsigned-big,
+                             $P:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\\:8/integer-unit:1-unsigned-big,
+                             $x:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $a:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $+:8/integer-unit:1-unsigned-big,
+                             $N:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\f:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\024:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\222:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\202:8/integer-unit:1-unsigned-big,
+                             $\234:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $D:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\034:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $\006:8/integer-unit:1-unsigned-big,
+                             $&:8/integer-unit:1-unsigned-big,
+                             $\220:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $s:8/integer-unit:1-unsigned-big,
+                             $Y:8/integer-unit:1-unsigned-big,
+                             $b:8/integer-unit:1-unsigned-big,
+                             $Q:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $`:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $\003:8/integer-unit:1-unsigned-big,
+                             $c:8/integer-unit:1-unsigned-big,
+                             $\004:8/integer-unit:1-unsigned-big,
+                             $\n:8/integer-unit:1-unsigned-big,
+                             $/:8/integer-unit:1-unsigned-big,
+                             $>:8/integer-unit:1-unsigned-big,
+                             $\v:8/integer-unit:1-unsigned-big,
+                             $I:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\020:8/integer-unit:1-unsigned-big,
+                             $H:8/integer-unit:1-unsigned-big,
+                             $5:8/integer-unit:1-unsigned-big,
+                             $#:8/integer-unit:1-unsigned-big,
+                             $\\:8/integer-unit:1-unsigned-big,
+                             $^:8/integer-unit:1-unsigned-big,
+                             $\b:8/integer-unit:1-unsigned-big,
+                             $(:8/integer-unit:1-unsigned-big,
+                             $\037:8/integer-unit:1-unsigned-big,
+                             $\231:8/integer-unit:1-unsigned-big,
+                             $\005:8/integer-unit:1-unsigned-big,
+                             $\000:8/integer-unit:1-unsigned-big,
+                             $\024:8/integer-unit:1-unsigned-big,
+                             $�:8/integer-unit:1-unsigned-big,
+                             $\031:8/integer-unit:1-unsigned-big,
+                             $M:8/integer-unit:1-unsigned-big>>}
+                   end,
+                   [{1,
+                     2,
+                     2,
+                     {gen,
+                      % fun-info: {28,75197307,'-lookup_handle/0-fun-4-'}
+                      fun() ->
+                             E
+                      end}},
+                    {2,
+                     5,
+                     4,
+                     {gen,
+                      % fun-info: {29,86826511,'-lookup_handle/0-fun-5-'}
+                      fun() ->
+                             [{0},{1},{2}]
+                      end}},
+                    {3,8,6,fil},
+                    {4,
+                     10,
+                     7,
+                     {gen,
+                      {join,
+                       '==',
+                       1,
+                       2,
+                       % fun-info: {33,129609919,'-lookup_handle/0-fun-9-'}
+                       fun(H2_0_1) ->
+                              F2_0_1 =
+                                  % fun-info: {31,45768082,'-lookup_handle/0-fun-7-'}
+                                  fun(_, []) ->
+                                         [];
+                                     (F2_0_1, [O2_0_1|C2_0_1]) ->
+                                         case O2_0_1 of
+                                             {_,_} ->
+                                                 [O2_0_1|
+                                                  % fun-info: {30,28136696,'-lookup_handle/0-fun-6-'}
+                                                  fun() ->
+                                                         F2_0_1(F2_0_1,
+                                                                C2_0_1)
+                                                  end];
+                                             _ ->
+                                                 F2_0_1(F2_0_1, C2_0_1)
+                                         end;
+                                     (F2_0_1, C2_0_1)
+                                         when is_function(C2_0_1) ->
+                                         F2_0_1(F2_0_1, C2_0_1());
+                                     (_, C2_0_1) ->
+                                         C2_0_1
+                                  end,
+                              % fun-info: {32,48059625,'-lookup_handle/0-fun-8-'}
+                              fun() ->
+                                     F2_0_1(F2_0_1, H2_0_1)
+                              end
+                       end,
+                       % fun-info: {37,63676968,'-lookup_handle/0-fun-13-'}
+                       fun(H2_0_1) ->
+                              F2_0_1 =
+                                  % fun-info: {35,129320532,'-lookup_handle/0-fun-11-'}
+                                  fun(_, []) ->
+                                         [];
+                                     (F2_0_1, [O2_0_1|C2_0_1]) ->
+                                         case O2_0_1 of
+                                             {_} ->
+                                                 [O2_0_1|
+                                                  % fun-info: {34,28136696,'-lookup_handle/0-fun-10-'}
+                                                  fun() ->
+                                                         F2_0_1(F2_0_1,
+                                                                C2_0_1)
+                                                  end];
+                                             _ ->
+                                                 F2_0_1(F2_0_1, C2_0_1)
+                                         end;
+                                     (F2_0_1, C2_0_1)
+                                         when is_function(C2_0_1) ->
+                                         F2_0_1(F2_0_1, C2_0_1());
+                                     (_, C2_0_1) ->
+                                         C2_0_1
+                                  end,
+                              % fun-info: {36,48059625,'-lookup_handle/0-fun-12-'}
+                              fun() ->
+                                     F2_0_1(F2_0_1, H2_0_1)
+                              end
+                       end,
+                       % fun-info: {38,3236543,'-lookup_handle/0-fun-14-'}
+                       fun() ->
+                              {[],[],[]}
+                       end}}}],
+                   % fun-info: {45,56361026,'-lookup_handle/0-fun-21-'}
+                   fun(join) ->
+                          [[{1,"\001"},{2,"\001"}]];
+                      (size) ->
+                          % fun-info: {39,40607542,'-lookup_handle/0-fun-15-'}
+                          fun(0) ->
+                                 2;
+                             (1) ->
+                                 2;
+                             (2) ->
+                                 1;
+                             (_) ->
+                                 undefined
+                          end;
+                      (template) ->
+                          % fun-info: {40,34907048,'-lookup_handle/0-fun-16-'}
+                          fun({1,1}, _) ->
+                                 "\001\002";
+                             ({2,1}, _) ->
+                                 "\001\002";
+                             (_, _) ->
+                                 []
+                          end;
+                      (constants) ->
+                          % fun-info: {41,11686091,'-lookup_handle/0-fun-17-'}
+                          fun(_) ->
+                                 no_column_fun
+                          end;
+                      (n_leading_constant_columns) ->
+                          % fun-info: {42,21492441,'-lookup_handle/0-fun-18-'}
+                          fun(_) ->
+                                 0
+                          end;
+                      (constant_columns) ->
+                          % fun-info: {43,55297177,'-lookup_handle/0-fun-19-'}
+                          fun(_) ->
+                                 []
+                          end;
+                      (match_specs) ->
+                          % fun-info: {44,55081557,'-lookup_handle/0-fun-20-'}
+                          fun(_) ->
+                                 undefined
+                          end;
+                      (_) ->
+                          undefined
+                   end}
+           end,
+           undefined}).
diff --git a/lib/stdlib/test/re_SUITE.erl b/lib/stdlib/test/re_SUITE.erl
index 3b2e637c84..d6d946a28f 100644
--- a/lib/stdlib/test/re_SUITE.erl
+++ b/lib/stdlib/test/re_SUITE.erl
@@ -445,9 +445,17 @@ split_specials(Config) when is_list(Config) ->
     ok.
     
 
-error_handling(doc) ->
-    ["Test that errors are handled correctly by the erlang code."];
-error_handling(Config) when is_list(Config) ->
+%% Test that errors are handled correctly by the erlang code.
+error_handling(_Config) ->
+    case test_server:is_native(re) of
+	true ->
+	    %% Exceptions from native code look too different.
+	    {skip,"re is native"};
+	false ->
+	    error_handling()
+    end.
+	    
+error_handling() ->
     % This test checks the exception tuples manufactured in the erlang
     % code to hide the trapping from the user at least when it comes to errors
     Dog = ?t:timetrap(?t:minutes(1)),
@@ -455,14 +463,14 @@ error_handling(Config) when is_list(Config) ->
     % the trap to re:grun from grun, in the grun function clause
     % that handles precompiled expressions
     ?line {'EXIT',{badarg,[{re,run,["apa",{1,2,3,4},[global]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:run("apa",{1,2,3,4},[global])),
     % An invalid capture list will also cause a badarg late, 
     % but with a non pre compiled RE, the exception should be thrown by the
     % grun function clause that handles RE's compiled implicitly by
     % the run/3 BIF before trapping.
     ?line {'EXIT',{badarg,[{re,run,["apa","p",[{capture,[1,{a}]},global]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:run("apa","p",[{capture,[1,{a}]},global])),
     % And so the case of a precompiled expression together with
     % a compile-option (binary and list subject):
@@ -473,88 +481,88 @@ error_handling(Config) when is_list(Config) ->
 			    [<<"apa">>,
 			     {re_pattern,1,0,_},
 			     [global,unicode]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:run(<<"apa">>,RE,[global,unicode])),
     ?line {'EXIT',{badarg,[{re,run,
 			    ["apa",
 			     {re_pattern,1,0,_},
 			     [global,unicode]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:run("apa",RE,[global,unicode])),
     ?line {'EXIT',{badarg,_}} = (catch re:run("apa","(p",[])),
     ?line {'EXIT',{badarg,_}} = (catch re:run("apa","(p",[global])),
     % The replace errors:
     ?line {'EXIT',{badarg,[{re,replace,["apa",{1,2,3,4},"X",[]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:replace("apa",{1,2,3,4},"X",[])),
     ?line {'EXIT',{badarg,[{re,replace,["apa",{1,2,3,4},"X",[global]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:replace("apa",{1,2,3,4},"X",[global])),
     ?line {'EXIT',{badarg,[{re,replace,
 			    ["apa",
 			     {re_pattern,1,0,_},
 			     "X",
 			     [unicode]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:replace("apa",RE,"X",[unicode])),
     ?line <<"aXa">> = iolist_to_binary(re:replace("apa","p","X",[])),
     ?line {'EXIT',{badarg,[{re,replace,
 			    ["apa","p","X",[{capture,all,binary}]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch iolist_to_binary(re:replace("apa","p","X",
 					  [{capture,all,binary}]))),
     ?line {'EXIT',{badarg,[{re,replace,
 			    ["apa","p","X",[{capture,all}]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch iolist_to_binary(re:replace("apa","p","X",
 					  [{capture,all}]))),
     ?line {'EXIT',{badarg,[{re,replace,
 			    ["apa","p","X",[{return,banana}]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch iolist_to_binary(re:replace("apa","p","X",
 					  [{return,banana}]))),
     ?line {'EXIT',{badarg,_}} = (catch re:replace("apa","(p","X",[])),
     % Badarg, not compile error.
     ?line {'EXIT',{badarg,[{re,replace,
 			    ["apa","(p","X",[{return,banana}]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch iolist_to_binary(re:replace("apa","(p","X",
 					  [{return,banana}]))),
     % And the split errors:
     ?line [<<"a">>,<<"a">>] = (catch re:split("apa","p",[])),
     ?line [<<"a">>,<<"p">>,<<"a">>] = (catch re:split("apa",RE,[])),
     ?line {'EXIT',{badarg,[{re,split,["apa","p",[global]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:split("apa","p",[global])),
     ?line {'EXIT',{badarg,[{re,split,["apa","p",[{capture,all}]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:split("apa","p",[{capture,all}])),
     ?line {'EXIT',{badarg,[{re,split,["apa","p",[{capture,all,binary}]],_},
-			   {?MODULE, error_handling,1,_} | _]}} =
+			   {?MODULE, error_handling,0,_} | _]}} =
 	(catch re:split("apa","p",[{capture,all,binary}])),
     ?line {'EXIT',{badarg,[{re,split,["apa",{1,2,3,4},[]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:split("apa",{1,2,3,4})),
     ?line {'EXIT',{badarg,[{re,split,["apa",{1,2,3,4},[]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:split("apa",{1,2,3,4},[])),
     ?line {'EXIT',{badarg,[{re,split,
 			    ["apa",
 			     RE,
 			     [unicode]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:split("apa",RE,[unicode])),
     ?line {'EXIT',{badarg,[{re,split,
 			    ["apa",
 			     RE,
 			     [{return,banana}]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:split("apa",RE,[{return,banana}])),
     ?line {'EXIT',{badarg,[{re,split,
 			    ["apa",
 			     RE,
 			     [banana]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:split("apa",RE,[banana])),
     ?line {'EXIT',{badarg,_}} = (catch re:split("apa","(p")),
     %Exception on bad argument, not compilation error
@@ -562,7 +570,7 @@ error_handling(Config) when is_list(Config) ->
 			    ["apa",
 			     "(p",
 			     [banana]],_},
-			   {?MODULE,error_handling,1,_} | _]}} =
+			   {?MODULE,error_handling,0,_} | _]}} =
 	(catch re:split("apa","(p",[banana])),
     ?t:timetrap_cancel(Dog),
     ok.
diff --git a/lib/stdlib/test/shell_SUITE.erl b/lib/stdlib/test/shell_SUITE.erl
index b6019b86f0..a881742f13 100644
--- a/lib/stdlib/test/shell_SUITE.erl
+++ b/lib/stdlib/test/shell_SUITE.erl
@@ -2388,13 +2388,28 @@ otp_6554(Config) when is_list(Config) ->
         comm_err(<<"V = lists:seq(1, 20), case V of a -> ok end.">>),
     ?line "exception error: no function clause matching" = 
         comm_err(<<"fun(P) when is_pid(P) -> true end(a).">>),
-    ?line "exception error: {function_clause," =
-        comm_err(<<"erlang:error(function_clause, [unproper | list]).">>),
+    case test_server:is_native(erl_eval) of
+	true ->
+	    %% Native code has different exit reason. Don't bother
+	    %% testing them.
+	    ok;
+	false ->
+	    "exception error: {function_clause," =
+		comm_err(<<"erlang:error(function_clause, "
+			  "[unproper | list]).">>),
+	    %% Cheating:
+	    "exception error: no function clause matching "
+		"erl_eval:do_apply(4)" ++ _ =
+		comm_err(<<"erlang:error(function_clause, [4]).">>),
+		"exception error: no function clause matching "
+		"lists:reverse(" ++ _ =
+		comm_err(<<"F=fun() -> hello end, lists:reverse(F).">>),
+		"exception error: no function clause matching "
+		"lists:reverse(34) (lists.erl, line " ++ _ =
+		comm_err(<<"lists:reverse(34).">>)
+    end,
     ?line "exception error: function_clause" =
         comm_err(<<"erlang:error(function_clause, 4).">>),
-    %% Cheating:
-    ?line "exception error: no function clause matching erl_eval:do_apply(4)" ++ _ = 
-        comm_err(<<"erlang:error(function_clause, [4]).">>),
     ?line "exception error: no function clause matching" ++ _ = 
         comm_err(<<"fun(a, b, c, d) -> foo end"
                    "       (lists:seq(1,17),"
@@ -2404,10 +2419,6 @@ otp_6554(Config) when is_list(Config) ->
 
     ?line "exception error: no function clause matching" = 
         comm_err(<<"fun(P, q) when is_pid(P) -> true end(a, b).">>),
-    ?line "exception error: no function clause matching lists:reverse(" ++ _ = 
-        comm_err(<<"F=fun() -> hello end, lists:reverse(F).">>),
-    ?line "exception error: no function clause matching lists:reverse(34) (lists.erl, line " ++ _ = 
-        comm_err(<<"lists:reverse(34).">>),
     ?line "exception error: no true branch found when evaluating an if expression" = 
         comm_err(<<"if length([a,b]) > 17 -> a end.">>),
     ?line "exception error: no such process or port" = 
diff --git a/lib/stdlib/test/sofs_SUITE.erl b/lib/stdlib/test/sofs_SUITE.erl
index 73b282149a..f11c6ec4d6 100644
--- a/lib/stdlib/test/sofs_SUITE.erl
+++ b/lib/stdlib/test/sofs_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -536,7 +536,7 @@ projection(Conf) when is_list(Conf) ->
 			  from_term([], [[atom]]))),
     ?line {'EXIT', {badarg, _}} = 
         (catch projection({external, fun(X) -> X end}, from_term([[a]]))),
-    ?line eval(projection({sofs,union}, 
+    ?line eval(projection(fun sofs:union/1,
 			  from_term([[[1,2],[2,3]], [[a,b],[b,c]]])),
                from_term([[1,2,3], [a,b,c]])),
     ?line eval(projection(fun(_) -> from_term([a]) end, 
@@ -628,7 +628,7 @@ substitution(Conf) when is_list(Conf) ->
     ?line {'EXIT', {badarg, _}} = 
         (catch substitution({external, fun(X) -> X end}, from_term([[a]]))),
     ?line eval(substitution(fun(X) -> X end, from_term([], [[atom]])), E),
-    ?line eval(substitution({sofs,union}, 
+    ?line eval(substitution(fun sofs:union/1,
                             from_term([[[1,2],[2,3]], [[a,b],[b,c]]])),
                from_term([{[[1,2],[2,3]],[1,2,3]}, {[[a,b],[b,c]],[a,b,c]}])),
     ?line eval(substitution(fun(_) -> from_term([a]) end, 
@@ -745,7 +745,7 @@ restriction(Conf) when is_list(Conf) ->
     ?line eval(restriction(Id, S3, E), E),
     ?line eval(restriction(Id, from_term([], [[atom]]), set([a])),
 	       from_term([], [[atom]])),
-    ?line eval(restriction({sofs,union}, 
+    ?line eval(restriction(fun sofs:union/1,
                            from_term([[[a],[b]], [[b],[c]], 
                                       [[], [a,b]], [[1],[2]]]), 
                            from_term([[a,b],[1,2,3],[b,c]])),
@@ -862,7 +862,7 @@ drestriction(Conf) when is_list(Conf) ->
     ?line eval(drestriction(Id, S3, E), S3),
     ?line eval(drestriction(Id, from_term([], [[atom]]), set([a])),
 	       from_term([], [[atom]])),
-    ?line eval(drestriction({sofs,union}, 
+    ?line eval(drestriction(fun sofs:union/1,
                             from_term([[[a],[b]], [[b],[c]], 
                                        [[], [a,b]], [[1],[2]]]), 
                             from_term([[a,b],[1,2,3],[b,c]])),
@@ -1028,7 +1028,7 @@ specification(Conf) when is_list(Conf) ->
 	    end,
     ?line eval(specification({external,Fun2x}, S2), from_term([[1],[3]])),
 
-    Fun3 = fun(_) -> neither_true_or_false end,
+    Fun3 = fun(_) -> neither_true_nor_false end,
     ?line {'EXIT', {badarg, _}} = 
 	(catch specification(Fun3, set([a]))),
     ?line {'EXIT', {badarg, _}} = 
@@ -1810,8 +1810,8 @@ partition_3(Conf) when is_list(Conf) ->
 
     S12a = from_term([[[a],[b]], [[b],[c]], [[], [a,b]], [[1],[2]]]),
     S12b = from_term([[a,b],[1,2,3],[b,c]]),
-    ?line eval(partition({sofs,union}, S12a, S12b),
-	       lpartition({sofs,union}, S12a, S12b)),
+    ?line eval(partition(fun sofs:union/1, S12a, S12b),
+	       lpartition(fun sofs:union/1, S12a, S12b)),
 
     Fun13 = fun(_) -> from_term([a]) end,
     S13a = from_term([], [[atom]]),
@@ -1879,12 +1879,9 @@ digraph(Conf) when is_list(Conf) ->
 
     ?line {'EXIT', {badarg, _}} = 
         (catch family_to_digraph(set([a]))),
-    ?line {'EXIT', {badarg, [{sofs,family_to_digraph,[_,_],_}|_]}} =
-        (catch family_to_digraph(set([a]), [foo])),
-    ?line {'EXIT', {badarg, [{sofs,family_to_digraph,[_,_],_}|_]}} =
-        (catch family_to_digraph(F, [foo])),
-    ?line {'EXIT', {cyclic, [{sofs,family_to_digraph,[_,_],_}|_]}} =
-        (catch family_to_digraph(family([{a,[a]}]),[acyclic])),
+    digraph_fail(badarg, catch family_to_digraph(set([a]), [foo])),
+    digraph_fail(badarg, catch family_to_digraph(F, [foo])),
+    digraph_fail(cyclic, catch family_to_digraph(family([{a,[a]}]),[acyclic])),
 
     ?line G1 = family_to_digraph(E),
     ?line {'EXIT', {badarg, _}} = (catch digraph_to_family(G1, foo)),
@@ -1927,6 +1924,13 @@ digraph(Conf) when is_list(Conf) ->
     ?line true = T0 == ets:all(),
     ok.
 
+digraph_fail(ExitReason, Fail) ->
+    {'EXIT', {ExitReason, [{sofs,family_to_digraph,A,_}|_]}} = Fail,
+    case {test_server:is_native(sofs),A} of
+	{false,[_,_]} -> ok;
+	{true,2} -> ok
+    end.
+
 constant_function(suite) -> [];
 constant_function(doc) -> [""];
 constant_function(Conf) when is_list(Conf) ->
@@ -1952,10 +1956,8 @@ misc(Conf) when is_list(Conf) ->
     % the "functional" part:
     ?line eval(union(intersection(partition(1,S), partition(Id,S))),
                difference(S, RR)),
-
-    %% The function external:foo/1 is undefined.
     ?line {'EXIT', {undef, _}} =    
- 	(catch projection({external,foo}, set([a,b,c]))),
+        (catch projection(fun external:foo/1, set([a,b,c]))),
     ok.
 
 relational_restriction(R) ->
@@ -1968,19 +1970,19 @@ family_specification(doc) -> [""];
 family_specification(Conf) when is_list(Conf) ->
     E = empty_set(),
     %% internal
-    ?line eval(family_specification({sofs, is_set}, E), E),
+    ?line eval(family_specification(fun sofs:is_set/1, E), E),
     ?line {'EXIT', {badarg, _}} =    
- 	(catch family_specification({sofs,is_set}, set([]))),
+       (catch family_specification(fun sofs:is_set/1, set([]))),
     ?line F1 = from_term([{1,[1]}]),
-    ?line eval(family_specification({sofs,is_set}, F1), F1),
+    ?line eval(family_specification(fun sofs:is_set/1, F1), F1),
     Fun = fun(S) -> is_subset(S, set([0,1,2,3,4])) end,
     ?line F2 = family([{a,[1,2]},{b,[3,4,5]}]),
     ?line eval(family_specification(Fun, F2), family([{a,[1,2]}])),
     ?line F3 = from_term([{a,[]},{b,[]}]),
-    ?line eval(family_specification({sofs,is_set}, F3), F3),
+    ?line eval(family_specification(fun sofs:is_set/1, F3), F3),
     Fun2 = fun(_) -> throw(fippla) end, 
     ?line fippla = (catch family_specification(Fun2, family([{a,[1]}]))),
-    Fun3 = fun(_) -> neither_true_or_false end,
+    Fun3 = fun(_) -> neither_true_nor_false end,
     ?line {'EXIT', {badarg, _}} = 
 	(catch family_specification(Fun3, F3)),
 
@@ -2095,22 +2097,22 @@ family_projection(Conf) when is_list(Conf) ->
 
     ?line eval(family_projection(fun(X) -> X end, family([])), E),
     ?line L1 = [{a,[]}],
-    ?line eval(family_projection({sofs,union}, E), E),
-    ?line eval(family_projection({sofs,union}, from_term(L1, SSType)),
+    ?line eval(family_projection(fun sofs:union/1, E), E),
+    ?line eval(family_projection(fun sofs:union/1, from_term(L1, SSType)),
                family(L1)),
     ?line {'EXIT', {badarg, _}} =    
- 	(catch family_projection({sofs,union}, set([]))),
+        (catch family_projection(fun sofs:union/1, set([]))),
     ?line {'EXIT', {badarg, _}} =
-        (catch family_projection({sofs,union}, from_term([{1,[1]}]))),
+        (catch family_projection(fun sofs:union/1, from_term([{1,[1]}]))),
 
     ?line F2 = from_term([{a,[[1],[2]]},{b,[[3,4],[5]]}], SSType),
-    ?line eval(family_projection({sofs,union}, F2),
+    ?line eval(family_projection(fun sofs:union/1, F2),
                family_union(F2)),
 
     ?line F3 = from_term([{1,[{a,b},{b,c},{c,d}]},{3,[]},{5,[{3,5}]}],
                          SRType),
-    ?line eval(family_projection({sofs,domain}, F3), family_domain(F3)),
-    ?line eval(family_projection({sofs,range}, F3), family_range(F3)),
+    ?line eval(family_projection(fun sofs:domain/1, F3), family_domain(F3)),
+    ?line eval(family_projection(fun sofs:range/1, F3), family_range(F3)),
 
     ?line eval(family_projection(fun(_) -> E end, family([{a,[b,c]}])),
 	       from_term([{a,[]}])),
@@ -2290,7 +2292,7 @@ partition_family(Conf) when is_list(Conf) ->
 
     ?line eval(partition_family(1, E), E),
     ?line eval(partition_family(2, E), E),
-    ?line eval(partition_family({sofs,union}, E), E),
+    ?line eval(partition_family(fun sofs:union/1, E), E),
     ?line eval(partition_family(1, ER), EF),
     ?line eval(partition_family(2, ER), EF),
     ?line {'EXIT', {badarg, _}} = (catch partition_family(1, set([]))),
@@ -2354,7 +2356,7 @@ partition_family(Conf) when is_list(Conf) ->
     ?line {'EXIT', {badarg, _}} = 
         (catch partition_family({external, fun(X) -> X end}, 
 				from_term([[a]]))),
-    ?line eval(partition_family({sofs,union}, 
+    ?line eval(partition_family(fun sofs:union/1,
 				from_term([[[1],[1,2]], [[1,2]]])),
 	       from_term([{[1,2], [[[1],[1,2]],[[1,2]]]}])),
     ?line eval(partition_family(fun(X) -> X end, 
diff --git a/lib/stdlib/test/supervisor_1.erl b/lib/stdlib/test/supervisor_1.erl
index f819594c46..777a48e38b 100644
--- a/lib/stdlib/test/supervisor_1.erl
+++ b/lib/stdlib/test/supervisor_1.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/stdlib/test/supervisor_2.erl b/lib/stdlib/test/supervisor_2.erl
index 67aacf5a9c..60d037f4e0 100644
--- a/lib/stdlib/test/supervisor_2.erl
+++ b/lib/stdlib/test/supervisor_2.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1996-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/stdlib/test/supervisor_SUITE.erl b/lib/stdlib/test/supervisor_SUITE.erl
index d3d140abbc..71b76c093f 100644
--- a/lib/stdlib/test/supervisor_SUITE.erl
+++ b/lib/stdlib/test/supervisor_SUITE.erl
@@ -34,8 +34,10 @@
 
 %% API tests
 -export([ sup_start_normal/1, sup_start_ignore_init/1, 
-	  sup_start_ignore_child/1, sup_start_error_return/1,
-	  sup_start_fail/1, sup_stop_infinity/1,
+	  sup_start_ignore_child/1, sup_start_ignore_temporary_child/1,
+	  sup_start_ignore_temporary_child_start_child/1,
+	  sup_start_ignore_temporary_child_start_child_simple/1,
+	  sup_start_error_return/1, sup_start_fail/1, sup_stop_infinity/1,
 	  sup_stop_timeout/1, sup_stop_brutal_kill/1, child_adm/1,
 	  child_adm_simple/1, child_specs/1, extra_return/1]).
 
@@ -85,8 +87,10 @@ all() ->
 groups() -> 
     [{sup_start, [],
       [sup_start_normal, sup_start_ignore_init,
-       sup_start_ignore_child, sup_start_error_return,
-       sup_start_fail]},
+       sup_start_ignore_child, sup_start_ignore_temporary_child,
+       sup_start_ignore_temporary_child_start_child,
+       sup_start_ignore_temporary_child_start_child_simple,
+       sup_start_error_return, sup_start_fail]},
      {sup_stop, [],
       [sup_stop_infinity, sup_stop_timeout,
        sup_stop_brutal_kill]},
@@ -158,29 +162,23 @@ get_child_counts(Supervisor) ->
 
 %%-------------------------------------------------------------------------
 %% Test cases starts here.
-%%-------------------------------------------------------------------------
-sup_start_normal(doc) ->
-    ["Tests that the supervisor process starts correctly and that it "
-     "can be terminated gracefully."];
-sup_start_normal(suite) -> [];
+%% -------------------------------------------------------------------------
+%% Tests that the supervisor process starts correctly and that it can
+%% be terminated gracefully.
 sup_start_normal(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {ok, Pid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     terminate(Pid, shutdown).
 
 %%-------------------------------------------------------------------------
-sup_start_ignore_init(doc) ->
-    ["Tests what happens if init-callback returns ignore"];
-sup_start_ignore_init(suite) -> [];
+%% Tests what happens if init-callback returns ignore.
 sup_start_ignore_init(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     ignore = start_link(ignore),
     check_exit_reason(normal).
 
 %%-------------------------------------------------------------------------
-sup_start_ignore_child(doc) ->
-    ["Tests what happens if init-callback returns ignore"];
-sup_start_ignore_child(suite) -> [];
+%% Tests what happens if init-callback returns ignore.
 sup_start_ignore_child(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {ok, _Pid}  = start_link({ok, {{one_for_one, 2, 3600}, []}}),
@@ -197,30 +195,75 @@ sup_start_ignore_child(Config) when is_list(Config) ->
     [2,1,0,2] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-sup_start_error_return(doc) ->
-    ["Tests what happens if init-callback returns a invalid value"];
-sup_start_error_return(suite) -> [];
+%% Tests what happens if child's init-callback returns ignore for a
+%% temporary child when ChildSpec is returned directly from supervisor
+%% init callback.
+%% Child spec shall NOT be saved!!!
+sup_start_ignore_temporary_child(Config) when is_list(Config) ->
+    process_flag(trap_exit, true),
+    Child1 = {child1, {supervisor_1, start_child, [ignore]},
+	      temporary, 1000, worker, []},
+    Child2 = {child2, {supervisor_1, start_child, []}, temporary,
+	      1000, worker, []},
+    {ok, _Pid}  = start_link({ok, {{one_for_one, 2, 3600}, [Child1,Child2]}}),
+
+    [{child2, CPid2, worker, []}] = supervisor:which_children(sup_test),
+    true = is_pid(CPid2),
+    [1,1,0,1] = get_child_counts(sup_test).
+
+%%-------------------------------------------------------------------------
+%% Tests what happens if child's init-callback returns ignore for a
+%% temporary child when child is started with start_child/2.
+%% Child spec shall NOT be saved!!!
+sup_start_ignore_temporary_child_start_child(Config) when is_list(Config) ->
+    process_flag(trap_exit, true),
+    {ok, _Pid}  = start_link({ok, {{one_for_one, 2, 3600}, []}}),
+    Child1 = {child1, {supervisor_1, start_child, [ignore]},
+	      temporary, 1000, worker, []},
+    Child2 = {child2, {supervisor_1, start_child, []}, temporary,
+	      1000, worker, []},
+
+    {ok, undefined} = supervisor:start_child(sup_test, Child1),
+    {ok, CPid2} = supervisor:start_child(sup_test, Child2),
+
+    [{child2, CPid2, worker, []}] = supervisor:which_children(sup_test),
+    [1,1,0,1] = get_child_counts(sup_test).
+
+%%-------------------------------------------------------------------------
+%% Tests what happens if child's init-callback returns ignore for a
+%% temporary child when child is started with start_child/2, and the
+%% supervisor is simple_one_for_one.
+%% Child spec shall NOT be saved!!!
+sup_start_ignore_temporary_child_start_child_simple(Config)
+  when is_list(Config) ->
+    process_flag(trap_exit, true),
+    Child1 = {child1, {supervisor_1, start_child, [ignore]},
+	      temporary, 1000, worker, []},
+    {ok, _Pid}  = start_link({ok, {{simple_one_for_one, 2, 3600}, [Child1]}}),
+
+    {ok, undefined} = supervisor:start_child(sup_test, []),
+    {ok, CPid2} = supervisor:start_child(sup_test, []),
+
+    [{undefined, CPid2, worker, []}] = supervisor:which_children(sup_test),
+    [1,1,0,1] = get_child_counts(sup_test).
+
+%%-------------------------------------------------------------------------
+%% Tests what happens if init-callback returns a invalid value.
 sup_start_error_return(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {error, Term} = start_link(invalid),
     check_exit_reason(Term).
 
 %%-------------------------------------------------------------------------
-sup_start_fail(doc) ->
-    ["Tests what happens if init-callback fails"];
-sup_start_fail(suite) -> [];
+%% Tests what happens if init-callback fails.
 sup_start_fail(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {error, Term} = start_link(fail),
     check_exit_reason(Term).
 
 %%-------------------------------------------------------------------------
-
-sup_stop_infinity(doc) ->
-    ["See sup_stop/1 when Shutdown = infinity, this walue is allowed "
-     "for children of type supervisor _AND_ worker"];
-sup_stop_infinity(suite) -> [];
-
+%% See sup_stop/1 when Shutdown = infinity, this walue is allowed for
+%% children of type supervisor _AND_ worker.
 sup_stop_infinity(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {ok, Pid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
@@ -238,11 +281,7 @@ sup_stop_infinity(Config) when is_list(Config) ->
     check_exit_reason(CPid2, shutdown).
 
 %%-------------------------------------------------------------------------
-
-sup_stop_timeout(doc) ->
-    ["See sup_stop/1 when Shutdown = 1000"];
-sup_stop_timeout(suite) -> [];
-
+%% See sup_stop/1 when Shutdown = 1000
 sup_stop_timeout(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {ok, Pid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
@@ -264,10 +303,7 @@ sup_stop_timeout(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
-sup_stop_brutal_kill(doc) ->
-    ["See sup_stop/1 when Shutdown = brutal_kill"];
-sup_stop_brutal_kill(suite) -> [];
-
+%% See sup_stop/1 when Shutdown = brutal_kill
 sup_stop_brutal_kill(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {ok, Pid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
@@ -286,14 +322,10 @@ sup_stop_brutal_kill(Config) when is_list(Config) ->
     check_exit_reason(CPid2, killed).
 
 %%-------------------------------------------------------------------------
-extra_return(doc) -> 
-    ["The start function provided to start a child may " 
-     "return {ok, Pid} or {ok, Pid, Info}, if it returns "
-     "the later check that the supervisor ignores the Info, "
-     "and includes it unchanged in return from start_child/2 "
-     "and restart_child/2"];
-extra_return(suite) -> [];
-
+%% The start function provided to start a child may return {ok, Pid}
+%% or {ok, Pid, Info}, if it returns the latter check that the
+%% supervisor ignores the Info, and includes it unchanged in return
+%% from start_child/2 and restart_child/2.
 extra_return(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child = {child1, {supervisor_1, start_child, [extra_return]}, 
@@ -333,12 +365,10 @@ extra_return(Config) when is_list(Config) ->
 
     ok.
 %%-------------------------------------------------------------------------
-child_adm(doc)->
-    ["Test API functions start_child/2, terminate_child/2, delete_child/2 "
-     "restart_child/2, which_children/1, count_children/1. Only correct "
-     "childspecs are used, handling of incorrect childspecs is tested in "
-     "child_specs/1"];
-child_adm(suite) -> [];
+%% Test API functions start_child/2, terminate_child/2, delete_child/2
+%% restart_child/2, which_children/1, count_children/1. Only correct
+%% childspecs are used, handling of incorrect childspecs is tested in
+%% child_specs/1.
 child_adm(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -402,11 +432,9 @@ child_adm(Config) when is_list(Config) ->
 	= (catch supervisor:count_children(foo)),
     ok.
 %%-------------------------------------------------------------------------
-child_adm_simple(doc) ->
-    ["The API functions terminate_child/2, delete_child/2 "
-     "restart_child/2 are not valid for a simple_one_for_one supervisor "
-     "check that the correct error message is returned."];
-child_adm_simple(suite) -> [];
+%% The API functions terminate_child/2, delete_child/2 restart_child/2
+%% are not valid for a simple_one_for_one supervisor check that the
+%% correct error message is returned.
 child_adm_simple(Config) when is_list(Config) ->
     Child = {child, {supervisor_1, start_child, []}, permanent, 1000,
 	     worker, []},
@@ -454,9 +482,7 @@ child_adm_simple(Config) when is_list(Config) ->
     ok.
 
 %%-------------------------------------------------------------------------
-child_specs(doc) ->
-    ["Tests child specs, invalid formats should be rejected."];
-child_specs(suite) -> [];
+%% Tests child specs, invalid formats should be rejected.
 child_specs(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     {ok, _Pid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
@@ -507,9 +533,7 @@ child_specs(Config) when is_list(Config) ->
     ok.
 
 %%-------------------------------------------------------------------------
-permanent_normal(doc) ->
-    ["A permanent child should always be restarted"];
-permanent_normal(suite) -> [];
+%% A permanent child should always be restarted.
 permanent_normal(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -529,10 +553,8 @@ permanent_normal(Config) when is_list(Config) ->
     [1,1,0,1] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-transient_normal(doc) ->
-    ["A transient child should not be restarted if it exits with " 
-     "reason normal"];
-transient_normal(suite) -> [];
+%% A transient child should not be restarted if it exits with reason
+%% normal.
 transient_normal(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, transient, 1000,
@@ -546,9 +568,7 @@ transient_normal(Config) when is_list(Config) ->
     [1,0,0,1] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-temporary_normal(doc) ->
-    ["A temporary process should never be restarted"];
-temporary_normal(suite) -> [];
+%% A temporary process should never be restarted.
 temporary_normal(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, temporary, 1000,
@@ -562,9 +582,7 @@ temporary_normal(Config) when is_list(Config) ->
     [0,0,0,0] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-permanent_shutdown(doc) ->
-    ["A permanent child should always be restarted"];
-permanent_shutdown(suite) -> [];
+%% A permanent child should always be restarted.
 permanent_shutdown(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -596,10 +614,8 @@ permanent_shutdown(Config) when is_list(Config) ->
     [1,1,0,1] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-transient_shutdown(doc) ->
-    ["A transient child should not be restarted if it exits with " 
-     "reason shutdown or {shutdown,Term}"];
-transient_shutdown(suite) -> [];
+%% A transient child should not be restarted if it exits with reason
+%% shutdown or {shutdown,Term}.
 transient_shutdown(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, transient, 1000,
@@ -620,9 +636,7 @@ transient_shutdown(Config) when is_list(Config) ->
     [1,0,0,1] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-temporary_shutdown(doc) ->
-    ["A temporary process should never be restarted"];
-temporary_shutdown(suite) -> [];
+%% A temporary process should never be restarted.
 temporary_shutdown(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, temporary, 1000,
@@ -643,9 +657,7 @@ temporary_shutdown(Config) when is_list(Config) ->
     [0,0,0,0] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-permanent_abnormal(doc) ->
-    ["A permanent child should always be restarted"];
-permanent_abnormal(suite) -> [];
+%% A permanent child should always be restarted.
 permanent_abnormal(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -664,10 +676,7 @@ permanent_abnormal(Config) when is_list(Config) ->
     [1,1,0,1] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-transient_abnormal(doc) ->
-    ["A transient child should be restarted if it exits with " 
-     "reason abnormal"];
-transient_abnormal(suite) -> [];
+%% A transient child should be restarted if it exits with reason abnormal.
 transient_abnormal(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, transient, 1000,
@@ -686,9 +695,7 @@ transient_abnormal(Config) when is_list(Config) ->
     [1,1,0,1] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-temporary_abnormal(doc) ->
-    ["A temporary process should never be restarted"];
-temporary_abnormal(suite) -> [];
+%% A temporary process should never be restarted.
 temporary_abnormal(Config) when is_list(Config) ->
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
     Child1 = {child1, {supervisor_1, start_child, []}, temporary, 1000,
@@ -701,11 +708,9 @@ temporary_abnormal(Config) when is_list(Config) ->
     [0,0,0,0] = get_child_counts(sup_test).
 
 %%-------------------------------------------------------------------------
-temporary_bystander(doc) ->
-    ["A temporary process killed as part of a rest_for_one or one_for_all "
-     "restart strategy should not be restarted given its args are not "
-     " saved. Otherwise the supervisor hits its limit and crashes."];
-temporary_bystander(suite) -> [];
+%% A temporary process killed as part of a rest_for_one or one_for_all
+%% restart strategy should not be restarted given its args are not
+%% saved. Otherwise the supervisor hits its limit and crashes.
 temporary_bystander(_Config) ->
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 100,
 	      worker, []},
@@ -732,9 +737,7 @@ temporary_bystander(_Config) ->
     [{child1, _, _, _}] = supervisor:which_children(SupPid2).
 
 %%-------------------------------------------------------------------------
-one_for_one(doc) ->
-    ["Test the one_for_one base case."];
-one_for_one(suite) -> [];
+%% Test the one_for_one base case.
 one_for_one(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -764,9 +767,7 @@ one_for_one(Config) when is_list(Config) ->
     check_exit([SupPid]).
 
 %%-------------------------------------------------------------------------
-one_for_one_escalation(doc) ->
-    ["Test restart escalation on a one_for_one supervisor."];
-one_for_one_escalation(suite) -> [];
+%% Test restart escalation on a one_for_one supervisor.
 one_for_one_escalation(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
 
@@ -786,9 +787,7 @@ one_for_one_escalation(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
-one_for_all(doc) ->
-    ["Test the one_for_all base case."];
-one_for_all(suite) -> [];
+%% Test the one_for_all base case.
 one_for_all(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
 
@@ -824,9 +823,7 @@ one_for_all(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
-one_for_all_escalation(doc) -> 
-    ["Test restart escalation on a one_for_all supervisor."];
-one_for_all_escalation(suite) -> [];
+%% Test restart escalation on a one_for_all supervisor.
 one_for_all_escalation(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
 
@@ -845,9 +842,7 @@ one_for_all_escalation(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
-simple_one_for_one(doc) ->
-    ["Test the simple_one_for_one base case."];
-simple_one_for_one(suite) -> [];
+%% Test the simple_one_for_one base case.
 simple_one_for_one(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child = {child, {supervisor_1, start_child, []}, permanent, 1000,
@@ -878,10 +873,8 @@ simple_one_for_one(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
-simple_one_for_one_shutdown(doc) ->
-    ["Test simple_one_for_one children shutdown accordingly to the "
-     "supervisor's shutdown strategy."];
-simple_one_for_one_shutdown(suite) -> [];
+%% Test simple_one_for_one children shutdown accordingly to the
+%% supervisor's shutdown strategy.
 simple_one_for_one_shutdown(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     ShutdownTime = 1000,
@@ -909,10 +902,8 @@ simple_one_for_one_shutdown(Config) when is_list(Config) ->
 
 
 %%-------------------------------------------------------------------------
-simple_one_for_one_extra(doc) -> 
-    ["Tests automatic restart of children " 
-     "who's start function return extra info."];
-simple_one_for_one_extra(suite) -> [];
+%% Tests automatic restart of children who's start function return
+%% extra info.
 simple_one_for_one_extra(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child = {child, {supervisor_1, start_child, [extra_info]}, 
@@ -937,9 +928,7 @@ simple_one_for_one_extra(Config) when is_list(Config) ->
     check_exit([SupPid]).
 
 %%-------------------------------------------------------------------------
-simple_one_for_one_escalation(doc) ->
-    ["Test restart escalation on a simple_one_for_one supervisor."];
-simple_one_for_one_escalation(suite) -> [];
+%% Test restart escalation on a simple_one_for_one supervisor.
 simple_one_for_one_escalation(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child = {child, {supervisor_1, start_child, []}, permanent, 1000,
@@ -954,9 +943,7 @@ simple_one_for_one_escalation(Config) when is_list(Config) ->
     check_exit([SupPid, CPid2]).
 
 %%-------------------------------------------------------------------------
-rest_for_one(doc) ->
-    ["Test the rest_for_one base case."];
-rest_for_one(suite) -> [];
+%% Test the rest_for_one base case.
 rest_for_one(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -1004,9 +991,7 @@ rest_for_one(Config) when is_list(Config) ->
     check_exit([SupPid]).
 
 %%-------------------------------------------------------------------------
-rest_for_one_escalation(doc) ->
-    ["Test restart escalation on a rest_for_one supervisor."];
-rest_for_one_escalation(suite) -> [];
+%% Test restart escalation on a rest_for_one supervisor.
 rest_for_one_escalation(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child1 = {child1, {supervisor_1, start_child, []}, permanent, 1000,
@@ -1023,11 +1008,8 @@ rest_for_one_escalation(Config) when is_list(Config) ->
     check_exit([CPid2, SupPid]).
 
 %%-------------------------------------------------------------------------
-child_unlink(doc)->
-    ["Test that the supervisor does not hang forever if "
-     "the child unliks and then is terminated by the supervisor."];
-child_unlink(suite) ->
-    [];
+%% Test that the supervisor does not hang forever if the child unliks
+%% and then is terminated by the supervisor.
 child_unlink(Config) when is_list(Config) ->
 
     {ok, SupPid} = start_link({ok, {{one_for_one, 2, 3600}, []}}),
@@ -1052,10 +1034,7 @@ child_unlink(Config) when is_list(Config) ->
 	    test_server:fail(supervisor_hangs)
     end.
 %%-------------------------------------------------------------------------
-tree(doc) ->
-    ["Test a basic supervison tree."];
-tree(suite) ->
-    [];
+%% Test a basic supervison tree.
 tree(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
 
@@ -1131,11 +1110,9 @@ tree(Config) when is_list(Config) ->
 
     [] = supervisor:which_children(NewSup2),
     [0,0,0,0] = get_child_counts(NewSup2).
+
 %%-------------------------------------------------------------------------
-count_children_memory(doc) ->
-    ["Test that count_children does not eat memory."];
-count_children_memory(suite) ->
-    [];
+%% Test that count_children does not eat memory.
 count_children_memory(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     Child = {child, {supervisor_1, start_child, []}, temporary, 1000,
@@ -1177,12 +1154,12 @@ count_children_memory(Config) when is_list(Config) ->
     case (Size5 =< Size4) of
 	true -> ok;
 	false ->
-	    test_server:fail({count_children, used_more_memory})
+	    test_server:fail({count_children, used_more_memory,Size4,Size5})
     end,
     case Size7 =< Size6 of
 	true -> ok;
 	false ->
-	    test_server:fail({count_children, used_more_memory})
+	    test_server:fail({count_children, used_more_memory,Size6,Size7})
     end,
 
     [terminate(SupPid, Pid, child, kill) || {undefined, Pid, worker, _Modules} <- Children3],
@@ -1193,12 +1170,9 @@ proc_memory() ->
     erlang:memory(processes_used).
 
 %%-------------------------------------------------------------------------
-do_not_save_start_parameters_for_temporary_children(doc) ->
-    ["Temporary children shall not be restarted so they should not "
-     "save start parameters, as it potentially can "
-     "take up a huge amount of memory for no purpose."];
-do_not_save_start_parameters_for_temporary_children(suite) ->
-    [];
+%% Temporary children shall not be restarted so they should not save
+%% start parameters, as it potentially can take up a huge amount of
+%% memory for no purpose.
 do_not_save_start_parameters_for_temporary_children(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     dont_save_start_parameters_for_temporary_children(one_for_all),
@@ -1220,11 +1194,8 @@ child_spec({Name, MFA, RestartType, Shutdown, Type, Modules}, N) ->
     {NewName, MFA, RestartType, Shutdown, Type, Modules}.
 
 %%-------------------------------------------------------------------------
-do_not_save_child_specs_for_temporary_children(doc) ->
-    ["Temporary children shall not be restarted so supervisors should "
-     "not save their spec when they terminate"];
-do_not_save_child_specs_for_temporary_children(suite) ->
-    [];
+%% Temporary children shall not be restarted so supervisors should not
+%% save their spec when they terminate.
 do_not_save_child_specs_for_temporary_children(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     dont_save_child_specs_for_temporary_children(one_for_all, kill),
@@ -1373,13 +1344,18 @@ simple_one_for_one_scale_many_temporary_children(_Config) ->
 	     end || _<- lists:seq(1,10000)],
     {T2,done} = timer:tc(?MODULE,terminate_all_children,[C2]),
     
-    Scaling = T2 div T1,
-    if Scaling > 20 ->
-	    %% The scaling shoul be linear (i.e.10, really), but we
-	    %% give some extra here to avoid failing the test
-	    %% unecessarily.
-	    ?t:fail({bad_scaling,Scaling});
+    if T1 > 0 ->
+	    Scaling = T2 div T1,
+	    if Scaling > 20 ->
+		    %% The scaling shoul be linear (i.e.10, really), but we
+		    %% give some extra here to avoid failing the test
+		    %% unecessarily.
+		    ?t:fail({bad_scaling,Scaling});
+	       true ->
+		    ok
+	    end;
        true ->
+	    %% Means T2 div T1 -> infinity
 	    ok
     end.
     
diff --git a/lib/stdlib/test/tar_SUITE.erl b/lib/stdlib/test/tar_SUITE.erl
index 9ad3936928..5bc34e35af 100644
--- a/lib/stdlib/test/tar_SUITE.erl
+++ b/lib/stdlib/test/tar_SUITE.erl
@@ -533,7 +533,7 @@ symlinks(Config) when is_list(Config) ->
     ?line ok = file:make_dir(Dir),
     ?line ABadSymlink = filename:join(Dir, "bad_symlink"),
     ?line PointsTo = "/a/definitely/non_existing/path",
-    ?line Res = case file:make_symlink("/a/definitely/non_existing/path", ABadSymlink) of
+    ?line Res = case make_symlink("/a/definitely/non_existing/path", ABadSymlink) of
 		    {error, enotsup} ->
 			{skip, "Symbolic links not supported on this platform"};
 		    ok ->
@@ -544,7 +544,30 @@ symlinks(Config) when is_list(Config) ->
     %% Clean up.
     ?line delete_files([Dir]),
     Res.
-    
+
+make_symlink(Path, Link) ->
+    case os:type() of
+	{win32,_} ->
+	    %% Symlinks on Windows have two problems:
+	    %%   1) file:read_link_info/1 cannot read out the target
+	    %%      of the symlink if the target does not exist.
+	    %%      That is possible (but not easy) to fix in the
+	    %%      efile driver.
+	    %%
+	    %%   2) Symlinks to files and directories are different
+	    %%      creatures. If the target is not existing, the
+	    %%      symlink will be created to be of the file-pointing
+	    %%      type. That can be partially worked around in erl_tar
+	    %%      by creating all symlinks when the end of the tar
+	    %%      file has been reached.
+	    %%
+	    %% But for now, pretend that there are no symlinks on
+	    %% Windows.
+	    {error, enotsup};
+	_ ->
+	    file:make_symlink(Path, Link)
+    end.
+	  
 symlinks(Dir, BadSymlink, PointsTo) ->
     ?line Tar = filename:join(Dir, "symlink.tar"),
     ?line DerefTar = filename:join(Dir, "dereference.tar"),
@@ -743,9 +766,9 @@ run_in_short_tempdir(Config, Fun) ->
     %% We need a base directory with a much shorter pathname than
     %% priv_dir. We KNOW that priv_dir is located four levels below
     %% the directory that common_test puts the ct_run.* directories
-    %% in. That fact is not documented, but an usually reliable source
+    %% in. That fact is not documented, but a usually reliable source
     %% assured me that the directory structure is unlikely to change
-    %% in future versions of common_test because of backward
+    %% in future versions of common_test because of backwards
     %% compatibility (tools developed by users of common_test depend
     %% on the current directory layout).
     Base = lists:foldl(fun(_, D) ->
diff --git a/lib/stdlib/vsn.mk b/lib/stdlib/vsn.mk
index 2f0ecd3863..694d39ce9c 100644
--- a/lib/stdlib/vsn.mk
+++ b/lib/stdlib/vsn.mk
@@ -1 +1 @@
-STDLIB_VSN = 1.18
+STDLIB_VSN = 1.18.1
diff --git a/lib/syntax_tools/doc/src/notes.xml b/lib/syntax_tools/doc/src/notes.xml
index 5948f7ada3..b9ac587043 100644
--- a/lib/syntax_tools/doc/src/notes.xml
+++ b/lib/syntax_tools/doc/src/notes.xml
@@ -31,6 +31,38 @@
   <p>This document describes the changes made to the Syntax_Tools
     application.</p>
 
+<section><title>Syntax_Tools 1.6.7.2</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Variables are now now allowed in '<c>fun M:F/A</c>' as
+	    suggested by Richard O'Keefe in EEP-23.</p>
+	    <p>The representation of '<c>fun M:F/A</c>' in the
+	    abstract format has been changed in an incompatible way.
+	    Tools that directly read or manipulate the abstract
+	    format (such as parse transforms) may need to be updated.
+	    The compiler can handle both the new and the old format
+	    (i.e. extracting the abstract format from a pre-R15 BEAM
+	    file and compiling it using compile:forms/1,2 will work).
+	    The <c>syntax_tools</c> application can also handle both
+	    formats.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9643</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Syntax_Tools 1.6.7.1</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/syntax_tools/src/Makefile b/lib/syntax_tools/src/Makefile
index 50369e633e..bac138e95a 100644
--- a/lib/syntax_tools/src/Makefile
+++ b/lib/syntax_tools/src/Makefile
@@ -26,7 +26,7 @@ EBIN = ../ebin
 ifeq ($(NATIVE_LIBS_ENABLED),yes)
 ERL_COMPILE_FLAGS += +native
 endif
-ERL_COMPILE_FLAGS += +warn_unused_vars +nowarn_shadow_vars +warn_unused_import +warn_missing_spec +warn_untyped_record
+ERL_COMPILE_FLAGS += +warn_unused_vars +nowarn_shadow_vars +warn_unused_import # +warn_missing_spec +warn_untyped_record
 
 SOURCES=erl_syntax.erl erl_prettypr.erl erl_syntax_lib.erl	\
 	erl_comment_scan.erl erl_recomment.erl erl_tidy.erl	\
diff --git a/lib/syntax_tools/src/erl_syntax.erl b/lib/syntax_tools/src/erl_syntax.erl
index 7f58fda519..32fd3722d6 100644
--- a/lib/syntax_tools/src/erl_syntax.erl
+++ b/lib/syntax_tools/src/erl_syntax.erl
@@ -6100,8 +6100,9 @@ implicit_fun_name(Node) ->
 			     arity_qualifier(
 			       set_pos(atom(Atom), Pos),
 			       set_pos(integer(Arity), Pos)));
-	{'fun', Pos, {function, Module, Atom, Arity}} ->
+	{'fun', _Pos, {function, Module, Atom, Arity}} ->
 	    %% New in R15: fun M:F/A.
+	    %% XXX: Perhaps set position for this as well?
 	    module_qualifier(Module, arity_qualifier(Atom, Arity));
 	Node1 ->
 	    data(Node1)
diff --git a/lib/syntax_tools/vsn.mk b/lib/syntax_tools/vsn.mk
index cc7ea944f9..962492befd 100644
--- a/lib/syntax_tools/vsn.mk
+++ b/lib/syntax_tools/vsn.mk
@@ -1 +1 @@
-SYNTAX_TOOLS_VSN = 1.6.7.1
+SYNTAX_TOOLS_VSN = 1.6.7.2
diff --git a/lib/test_server/doc/src/Makefile b/lib/test_server/doc/src/Makefile
index f0be284324..b32f3d3c59 100644
--- a/lib/test_server/doc/src/Makefile
+++ b/lib/test_server/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2002-2010. All Rights Reserved.
+# Copyright Ericsson AB 2002-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/test_server/doc/src/notes.xml b/lib/test_server/doc/src/notes.xml
index beeff55ffe..d90ad2c4ed 100644
--- a/lib/test_server/doc/src/notes.xml
+++ b/lib/test_server/doc/src/notes.xml
@@ -32,6 +32,49 @@
     <file>notes.xml</file>
   </header>
 
+<section><title>Test_Server 3.5</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    The test case group info function has been implemented in
+	    Common Test. Before execution of a test case group, a
+	    call is now made to <c>TestSuite:group(GroupName)</c>.
+	    The function returns a list of test properties, e.g. to
+	    specify timetrap values, require configuration data, etc
+	    (analogue to the test suite- and test case info
+	    function). The scope of the properties set by
+	    <c>group(GroupName)</c> is all test cases and sub-groups
+	    of group <c>GroupName</c>.</p>
+          <p>
+	    Own Id: OTP-9235</p>
+        </item>
+        <item>
+          <p>
+	    The look of the HTML log files generated by Common Test
+	    and Test Server has been improved (and made easier to
+	    customize) by means of a CSS file.</p>
+          <p>
+	    Own Id: OTP-9706</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Known Bugs and Problems</title>
+      <list>
+        <item>
+          <p>
+	    Fix problems in CT/TS due to line numbers in exceptions.</p>
+          <p>
+	    Own Id: OTP-9203</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Test_Server 3.4.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/test_server/doc/src/test_server.xml b/lib/test_server/doc/src/test_server.xml
index 78bb922cc5..5bfa42c36f 100644
--- a/lib/test_server/doc/src/test_server.xml
+++ b/lib/test_server/doc/src/test_server.xml
@@ -203,7 +203,7 @@
     <func>
       <name>format(Format) -> ok</name>
       <name>format(Format, Args)</name>
-      <name>format(Pri,Format)</name>
+      <name>format(Pri, Format)</name>
       <name>format(Pri, Format, Args)</name>
       <fsummary></fsummary>
       <type>
diff --git a/lib/test_server/src/config.guess b/lib/test_server/src/config.guess
index 6f1eeddfcc..38a833903b 120000..100755
--- a/lib/test_server/src/config.guess
+++ b/lib/test_server/src/config.guess
@@ -1 +1,1519 @@
-../../../erts/autoconf/config.guess
\ No newline at end of file
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+#   Inc.
+
+timestamp='2007-05-17'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner <[email protected]>.
+# Please send patches to <[email protected]>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# The plan is that this can be called by configure scripts if you
+# don't specify an explicit build system type.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <[email protected]>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# ([email protected] 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep __ELF__ >/dev/null
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# [email protected] (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:SunOS:5.*:* | ix86xen:SunOS:5.*:*)
+	echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[45])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep __LP64__ >/dev/null
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	case ${UNAME_MACHINE} in
+	    pc98)
+		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    *:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    *:Interix*:[3456]*)
+    	case ${UNAME_MACHINE} in
+	    x86) 
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    EM64T | authenticamd)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    arm*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    avr32*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-gnu
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-gnu
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-gnu
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    mips:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips
+	#undef mipsel
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mipsel
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips64
+	#undef mips64el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mips64el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips64
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-gnu
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-gnu
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-gnu
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-gnu ;;
+	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
+	  *)    echo hppa-unknown-linux-gnu ;;
+	esac
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-gnu
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    tile:Linux:*:*)
+	echo tile-unknown-linux-gnu
+	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-gnu
+	exit ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-gnu
+	exit ;;
+    xtensa:Linux:*:*)
+    	echo xtensa-unknown-linux-gnu
+	exit ;;
+    i*86:Linux:*:*)
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	# Set LC_ALL=C to ensure ld outputs messages in English.
+	ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
+		;;
+	  a.out-i386-linux)
+		echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+		exit ;;
+	  coff-i386)
+		echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+		exit ;;
+	  "")
+		# Either a pre-BFD a.out linker (linux-gnuoldld) or
+		# one that does not give us useful --help.
+		echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+		exit ;;
+	esac
+	# Determine whether the default compiler is a.out or elf
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <features.h>
+	#ifdef __ELF__
+	# ifdef __GLIBC__
+	#  if __GLIBC__ >= 2
+	LIBC=gnu
+	#  else
+	LIBC=gnulibc1
+	#  endif
+	# else
+	LIBC=gnulibc1
+	# endif
+	#else
+	#if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+	LIBC=gnu
+	#else
+	LIBC=gnuaout
+	#endif
+	#endif
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^LIBC/{
+		s: ::g
+		p
+	    }'`"
+	test x"${LIBC}" != x && {
+		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+		exit
+	}
+	test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i386.
+	echo i386-pc-msdosdjgpp
+        exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && { echo i486-ncr-sysv4; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <[email protected]>
+        echo i586-unisys-sysv4
+        exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <[email protected]>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From [email protected].
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From [email protected].
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From [email protected].
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = "x86"; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    c34*)
+	echo c34-convex-bsd
+	exit ;;
+    c38*)
+	echo c38-convex-bsd
+	exit ;;
+    c4*)
+	echo c4-convex-bsd
+	exit ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <[email protected]> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/lib/test_server/src/config.sub b/lib/test_server/src/config.sub
index 47a0f10138..f43233b104 120000..100755
--- a/lib/test_server/src/config.sub
+++ b/lib/test_server/src/config.sub
@@ -1 +1,1630 @@
-../../../erts/autoconf/config.sub
\ No newline at end of file
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+#   Inc.
+
+timestamp='2007-04-29'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <[email protected]>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <[email protected]>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray)
+		os=
+		basic_machine=$1
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+	| bfin \
+	| c4x | clipper \
+	| d10v | d30v | dlx | dsp16xx \
+	| fido | fr30 | frv \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64vr | mips64vrel \
+	| mips64orion | mips64orionel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| mt \
+	| msp430 \
+	| nios | nios2 \
+	| ns16k | ns32k \
+	| or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
+	| tahoe | thumb | tic4x | tic80 | tron \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* | avr32-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| m32c-* | m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
+	| msp430-* \
+	| nios-* | nios2-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+	| tron-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa-* \
+	| ymp-* \
+	| z8k-*)
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16c)
+		basic_machine=cr16c-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+		;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	tile*)
+		basic_machine=tile-tilera
+		os=-linux-gnu
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+        -os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+        -tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+        mep-*)
+		os=-elf
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+    	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/lib/test_server/src/erl2html2.erl b/lib/test_server/src/erl2html2.erl
index e2fd951d9e..6891e87e48 100644
--- a/lib/test_server/src/erl2html2.erl
+++ b/lib/test_server/src/erl2html2.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1997-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/test_server/src/install-sh b/lib/test_server/src/install-sh
index a859cade7f..a5897de6ea 120000..100755
--- a/lib/test_server/src/install-sh
+++ b/lib/test_server/src/install-sh
@@ -1 +1,519 @@
-../../../erts/autoconf/install-sh
\ No newline at end of file
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2006-12-25.00
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  trap '(exit $?); exit' 1 2 13 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dst_arg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writeable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	-*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test -z "$d" && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/lib/test_server/src/test_server.app.src b/lib/test_server/src/test_server.app.src
index 7e87583a7b..faf7db835e 100644
--- a/lib/test_server/src/test_server.app.src
+++ b/lib/test_server/src/test_server.app.src
@@ -1,7 +1,7 @@
 % This is an -*- erlang -*- file.
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/test_server/src/test_server.erl b/lib/test_server/src/test_server.erl
index 743e6c1d29..51754cb3b4 100644
--- a/lib/test_server/src/test_server.erl
+++ b/lib/test_server/src/test_server.erl
@@ -36,7 +36,8 @@
 -export([capture_start/0,capture_stop/0,capture_get/0]).
 -export([messages_get/0]).
 -export([hours/1,minutes/1,seconds/1,sleep/1,adjusted_sleep/1,timecall/3]).
--export([timetrap_scale_factor/0,timetrap/1,timetrap_cancel/1,timetrap_cancel/0]).
+-export([timetrap_scale_factor/0,timetrap/1,get_timetrap_info/0,
+	 timetrap_cancel/1,timetrap_cancel/0]).
 -export([m_out_of_n/3,do_times/4,do_times/2]).
 -export([call_crash/3,call_crash/4,call_crash/5]).
 -export([temp_name/1]).
@@ -611,7 +612,7 @@ do_run_test_case_apply(Mod, Func, Args, Name, RunInit, TimetrapData) ->
     print(minor, "Test case started with:\n~s:~s(~p)\n", [Mod,Func,Args2Print]),
     print(minor, "Current directory is ~p\n", [Cwd]),
     print_timestamp(minor,"Started at "),
-    print(minor, "", []),
+    print(minor, "", [], internal_raw),
     TCCallback = get(test_server_testcase_callback),
     LogOpts = get(test_server_logopts),
     Ref = make_ref(),
@@ -1007,8 +1008,11 @@ spawn_fw_call(Mod,{end_per_testcase,Func},EndConf,Pid,
 		end,
 		%% if end_per_testcase fails a warning should be
 		%% printed as comment
-		Comment1 = if Comment == "" -> "";
-			      true -> Comment ++ "<br>"
+		Comment1 = if Comment == "" -> 
+				   "";
+			      true -> 
+				   Comment ++ test_server_ctrl:xhtml("<br>",
+								     "<br />")
 			   end,
 		%% finished, report back
 		SendTo ! {self(),fw_notify_done,
@@ -1136,7 +1140,7 @@ run_test_case_eval(Mod, Func, Args0, Name, Ref, RunInit,
 	    {auto_skip,Reason} ->
 		Where = {Mod,Func},
 		NewResult = do_end_tc_call(Mod,Func, Where, {{skip,Reason},Args0},
-					   {skip,{fw_auto_skip,Reason}}),
+					   {skip,Reason}),
 		{{0,NewResult},Where,[]}
 	end,
     exit({Ref,Time,Value,Loc,Opts}).
@@ -1254,11 +1258,15 @@ run_test_case_eval1(Mod, Func, Args, Name, RunInit, TCCallback) ->
     end.
 
 do_end_tc_call(M,F, Loc, Res, Return) ->
+    IsSuite = case lists:reverse(atom_to_list(M)) of
+		  [$E,$T,$I,$U,$S,$_|_]  -> true;
+		  _ -> false
+	      end,
     FwMod = os:getenv("TEST_SERVER_FRAMEWORK"),
     {Mod,Func} =
 	if FwMod == M ; FwMod == "undefined"; FwMod == false ->
 		{M,F};
-	   is_list(Loc) and (length(Loc)>1) ->
+	   (not IsSuite) and is_list(Loc) and (length(Loc)>1) ->
 		%% If failure in other module (M) than suite, try locate
 		%% suite name in Loc list and call end_tc with Suite:TestCase
 		%% instead of M:F.
@@ -1473,7 +1481,8 @@ do_end_per_testcase(Mod,EndFunc,Func,Conf) ->
 	throw:Other ->
 	    Comment0 = case read_comment() of
 			   ""  -> "";
-			   Cmt -> Cmt ++ "<br>"
+			   Cmt -> Cmt ++ test_server_ctrl:xhtml("<br>",
+								"<br />")
 		       end,
 	    set_loc(erlang:get_stacktrace()),
 	    comment(io_lib:format("~s<font color=\"red\">"
@@ -1496,7 +1505,8 @@ do_end_per_testcase(Mod,EndFunc,Func,Conf) ->
 		  end,
 	    Comment0 = case read_comment() of
 			   ""  -> "";
-			   Cmt -> Cmt ++ "<br>"
+			   Cmt -> Cmt ++ test_server_ctrl:xhtml("<br>",
+								"<br />")
 		       end,
 	    comment(io_lib:format("~s<font color=\"red\">"
 				  "WARNING: ~w crashed!"
@@ -1519,7 +1529,10 @@ get_loc(Pid) ->
 	process_info(Pid, [current_stacktrace,dictionary]),
     lists:foreach(fun({Key,Val}) -> put(Key, Val) end, Dict),
     Stk = [rewrite_loc_item(Loc) || Loc <- Stk0],
-    put(test_server_loc, Stk),
+    case get(test_server_loc) of
+	undefined -> put(test_server_loc, Stk);
+	_ -> ok
+    end,
     get_loc().
 
 %% find the latest known Suite:Testcase
@@ -1572,7 +1585,7 @@ fw_error_notify(Mod, Func, Args, Error, Loc) ->
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% print(Detail,Format,Args) -> ok
+%% print(Detail,Format,Args,Printer) -> ok
 %% Detail = integer()
 %% Format = string()
 %% Args = [term()]
@@ -1583,6 +1596,9 @@ fw_error_notify(Mod, Func, Args, Error, Loc) ->
 print(Detail,Format,Args) ->
     local_or_remote_apply({test_server_ctrl,print,[Detail,Format,Args]}).
 
+print(Detail,Format,Args,Printer) ->
+    local_or_remote_apply({test_server_ctrl,print,[Detail,Format,Args,Printer]}).
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% print_timsteamp(Detail,Leader) -> ok
 %%
@@ -1848,7 +1864,9 @@ fail() ->
 break(Comment) ->
     case erase(test_server_timetraps) of
 	undefined -> ok;
-	List -> lists:foreach(fun({Ref,_}) -> timetrap_cancel(Ref) end, List)
+	List -> lists:foreach(fun({Ref,_,_}) -> 
+				      timetrap_cancel(Ref)
+			      end, List)
     end,
     io:format(user,
 	      "\n\n\n--- SEMIAUTOMATIC TESTING ---"
@@ -1937,8 +1955,8 @@ timetrap1(Timeout, Scale) ->
     TCPid = self(),
     Ref = spawn_link(test_server_sup,timetrap,[Timeout,Scale,TCPid]),
     case get(test_server_timetraps) of
-	undefined -> put(test_server_timetraps,[{Ref,TCPid}]);
-	List -> put(test_server_timetraps,[{Ref,TCPid}|List])
+	undefined -> put(test_server_timetraps,[{Ref,TCPid,{Timeout,Scale}}]);
+	List -> put(test_server_timetraps,[{Ref,TCPid,{Timeout,Scale}}|List])
     end,
     Ref.
 
@@ -2049,7 +2067,7 @@ timetrap_cancel(infinity) ->
 timetrap_cancel(Handle) ->
     case get(test_server_timetraps) of
 	undefined -> ok;
-	[{Handle,_}] -> erase(test_server_timetraps);
+	[{Handle,_,_}] -> erase(test_server_timetraps);
 	Timers -> put(test_server_timetraps,
 		      lists:keydelete(Handle, 1, Timers))
     end,
@@ -2065,13 +2083,30 @@ timetrap_cancel() ->
 	    ok;
 	Timers ->
 	    case lists:keysearch(self(), 2, Timers) of
-		{value,{Handle,_}} ->
+		{value,{Handle,_,_}} ->
 		    timetrap_cancel(Handle);
 		_ ->
 		    ok
 	    end
     end.
 
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% get_timetrap_info() -> {Timeout,Scale} | undefined
+%%
+%% Read timetrap info for current test case
+get_timetrap_info() ->
+    case get(test_server_timetraps) of
+	undefined ->
+	    undefined;
+	Timers ->
+	    case lists:keysearch(self(), 2, Timers) of
+		{value,{_,_,Info}} ->
+		    Info;
+		_ ->
+		    undefined
+	    end
+    end.
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% hours(N) -> Milliseconds
 %% minutes(N) -> Milliseconds
diff --git a/lib/test_server/src/test_server_ctrl.erl b/lib/test_server/src/test_server_ctrl.erl
index 9fd0adbfc8..3432b3bc8e 100644
--- a/lib/test_server/src/test_server_ctrl.erl
+++ b/lib/test_server/src/test_server_ctrl.erl
@@ -171,7 +171,7 @@
 -export([kill_slavenodes/0]).
 
 %%% TEST_SERVER INTERFACE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
--export([output/2, print/2, print/3, print_timestamp/2]).
+-export([output/2, print/2, print/3, print/4, print_timestamp/2]).
 -export([start_node/3, stop_node/1, wait_for_node/1, is_release_available/1]).
 -export([format/1, format/2, format/3, to_string/1]).
 -export([get_target_info/0]).
@@ -187,6 +187,7 @@
 -export([handle_call/3, handle_cast/2, handle_info/2]).
 -export([do_test_cases/4]).
 -export([do_spec/2, do_spec_list/2]).
+-export([xhtml/2]).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -1825,18 +1826,27 @@ start_log_file() ->
 	    exit({cant_create_log_dir,{MkDirError,Dir}})
     end,
     TestDir = timestamp_filename_get(filename:join(Dir, "run.")),
-    case file:make_dir(TestDir) of
-	ok ->
-	    ok;
-	MkDirError2 ->
-	    exit({cant_create_log_dir,{MkDirError2,TestDir}})
-    end,
-
-    ok = file:write_file(filename:join(Dir, ?last_file), TestDir ++ "\n"),
-    ok = file:write_file(?last_file, TestDir ++ "\n"),
-
-    put(test_server_log_dir_base,TestDir),
-    MajorName = filename:join(TestDir, ?suitelog_name),
+    TestDir1 =
+	case file:make_dir(TestDir) of
+	    ok ->
+		TestDir;
+	    {error,eexist} ->
+		timer:sleep(1000),
+		%% we need min 1 second between timestamps unfortunately
+		TestDirX = timestamp_filename_get(filename:join(Dir, "run.")),
+		case file:make_dir(TestDirX) of
+		    ok ->
+			TestDirX;
+		    MkDirError2 ->
+			exit({cant_create_log_dir,{MkDirError2,TestDirX}})
+		end;
+	    MkDirError2 ->
+		exit({cant_create_log_dir,{MkDirError2,TestDir}})
+	end,
+    ok = file:write_file(filename:join(Dir, ?last_file), TestDir1 ++ "\n"),
+    ok = file:write_file(?last_file, TestDir1 ++ "\n"),
+    put(test_server_log_dir_base,TestDir1),
+    MajorName = filename:join(TestDir1, ?suitelog_name),
     HtmlName = MajorName ++ ?html_ext,
     {ok,Major} = file:open(MajorName, [write]),
     {ok,Html}  = file:open(HtmlName,  [write]),
@@ -1849,14 +1859,14 @@ start_log_file() ->
     make_html_link(LinkName ++ ?html_ext, HtmlName,
 		   filename:basename(Dir)),
 
-    PrivDir = filename:join(TestDir, ?priv_dir),
+    PrivDir = filename:join(TestDir1, ?priv_dir),
     ok = file:make_dir(PrivDir),
     put(test_server_priv_dir,PrivDir++"/"),
     print_timestamp(13,"Suite started at "),
 
-    LogInfo = [{topdir,Dir},{rundir,lists:flatten(TestDir)}],
+    LogInfo = [{topdir,Dir},{rundir,lists:flatten(TestDir1)}],
     test_server_sup:framework_call(report, [loginfo,LogInfo]),
-    {ok,TestDir}.
+    {ok,TestDir1}.
 
 make_html_link(LinkName, Target, Explanation) ->
     %% if possible use a relative reference to Target.
@@ -2724,23 +2734,32 @@ run_test_cases_loop([{conf,Ref,Props,{Mod,Func}}|_Cases]=Cs0,
 				      "(configuration case ~w)", [What]);
 			   (_) -> ok
 			end,
-
     CfgProps = if StartConf ->
 		       if Shuffle == undefined ->
 			       [{tc_group_properties,Props}];
 			  true ->
-			       [{tc_group_properties,[Shuffle|delete_shuffle(Props)]}]
+			       [{tc_group_properties,
+				 [Shuffle|delete_shuffle(Props)]}]
 		       end;
 		  not StartConf ->
 		       {TcOk,TcSkip,TcFail} = get_tc_results(Status1),
 		       [{tc_group_properties,get_props(Mode0)},
-			{tc_group_result,[{ok,TcOk},{skipped,TcSkip},{failed,TcFail}]}]
+			{tc_group_result,[{ok,TcOk},
+					  {skipped,TcSkip},
+					  {failed,TcFail}]}]
 	       end,
-    ActualCfg =
-	update_config(hd(Config), [{priv_dir,get(test_server_priv_dir)},
-				   {data_dir,get_data_dir(Mod)}] ++ CfgProps),
+    TSDirs = [{priv_dir,get(test_server_priv_dir)},{data_dir,get_data_dir(Mod)}],
+    ActualCfg = 
+	if not StartConf ->
+		update_config(hd(Config), TSDirs ++ CfgProps);
+	   true ->
+		GroupPath = lists:flatmap(fun({_Ref,[],_T}) -> [];
+					     ({_Ref,GrProps,_T}) -> [GrProps]
+					  end, Mode0),
+		update_config(hd(Config), 
+			      TSDirs ++ [{tc_group_path,GroupPath} | CfgProps])
+	end,	   
     CurrMode = curr_mode(Ref, Mode0, Mode),
-
     ConfCaseResult = run_test_case(Ref, 0, Mod, Func, [ActualCfg], skip_init, target,
 				   TimetrapData, CurrMode),
 
@@ -3624,12 +3643,15 @@ run_test_case1(Ref, Num, Mod, Func, Args, RunInit, Where,
 	host ->
 	    ok
     end,
-    test_server_sup:framework_call(report, [tc_start,{?pl2a(Mod),Func}]),
     print(major, "=case          ~p:~p", [Mod, Func]),
     MinorName = start_minor_log_file(Mod, Func),
-    print(minor, "<a name=\"top\"></a>", []),
+    print(minor, "<a name=\"top\"></a>", [], internal_raw),
     MinorBase = filename:basename(MinorName),
     print(major, "=logfile       ~s", [filename:basename(MinorName)]),
+
+    Args1 = [[{tc_logfile,MinorName} | proplists:delete(tc_logfile,hd(Args))]],
+    test_server_sup:framework_call(report, [tc_start,{{?pl2a(Mod),Func},MinorName}]),
+
     print_props((RunInit==skip_init), get_props(Mode)),
     print(major, "=started       ~s", [lists:flatten(timestamp_get(""))]),
     {{Col0,Col1},Style} = get_font_style((RunInit==run_init), Mode),
@@ -3643,7 +3665,7 @@ run_test_case1(Ref, Num, Mod, Func, Args, RunInit, Where,
     do_if_parallel(Main, ok, fun erlang:yield/0),
     %% run the test case
     {Result,DetectedFail,ProcsBefore,ProcsAfter} =
-	run_test_case_apply(Num, Mod, Func, Args, get_name(Mode),
+	run_test_case_apply(Num, Mod, Func, Args1, get_name(Mode),
 			    RunInit, Where, TimetrapData),
     {Time,RetVal,Loc,Opts,Comment} =
 	case Result of
@@ -3651,7 +3673,8 @@ run_test_case1(Ref, Num, Mod, Func, Args, RunInit, Where,
 	    {died,DReason,DLoc,DCmt} -> {died,DReason,DLoc,[],DCmt}
 	end,
 
-    print(minor, "<a name=\"end\"></a>", []),
+    print(minor, "<a name=\"end\"></a>", [], internal_raw),
+    print(minor, "\n", [], internal_raw),
     print_timestamp(minor, "Ended at "),
     print(major, "=ended         ~s", [lists:flatten(timestamp_get(""))]),
 
diff --git a/lib/test_server/src/ts_erl_config.erl b/lib/test_server/src/ts_erl_config.erl
index 3b41f90d55..5585e8ccd3 100644
--- a/lib/test_server/src/ts_erl_config.erl
+++ b/lib/test_server/src/ts_erl_config.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/test_server/test/test_server_SUITE_data/Makefile.src b/lib/test_server/test/test_server_SUITE_data/Makefile.src
index d5af919eec..332b855df6 100644
--- a/lib/test_server/test/test_server_SUITE_data/Makefile.src
+++ b/lib/test_server/test/test_server_SUITE_data/Makefile.src
@@ -1,2 +1,7 @@
 all:
-	erlc *.erl
\ No newline at end of file
+	erlc test_server_SUITE.erl
+	erlc test_server_parallel01_SUITE.erl
+	erlc test_server_conf01_SUITE.erl
+	erlc test_server_shuffle01_SUITE.erl
+	erlc test_server_conf02_SUITE.erl
+	erlc test_server_skip_SUITE.erl
\ No newline at end of file
diff --git a/lib/test_server/vsn.mk b/lib/test_server/vsn.mk
index 563c1b6db6..88e3856cf4 100644
--- a/lib/test_server/vsn.mk
+++ b/lib/test_server/vsn.mk
@@ -1,2 +1 @@
-TEST_SERVER_VSN = 3.4.5
-
+TEST_SERVER_VSN = 3.5
diff --git a/lib/toolbar/doc/src/notes.xml b/lib/toolbar/doc/src/notes.xml
index ffca2c5fbf..ac6ad533fc 100644
--- a/lib/toolbar/doc/src/notes.xml
+++ b/lib/toolbar/doc/src/notes.xml
@@ -4,7 +4,7 @@
 <chapter>
   <header>
     <copyright>
-      <year>2004</year><year>2009</year>
+      <year>2004</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
@@ -31,6 +31,21 @@
   <p>This document describes the changes made to the Toolbar
     application.</p>
 
+<section><title>Toolbar 1.4.2.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Miscellaneous documentation build updates</p>
+          <p>
+	    Own Id: OTP-9813</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Toolbar 1.4.2</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/toolbar/doc/src/toolbar.xml b/lib/toolbar/doc/src/toolbar.xml
index ad379438fe..3ad0b4eb78 100644
--- a/lib/toolbar/doc/src/toolbar.xml
+++ b/lib/toolbar/doc/src/toolbar.xml
@@ -33,6 +33,11 @@
   <module>toolbar</module>
   <modulesummary>GUI for Starting Tools and User Contributions</modulesummary>
   <description>
+    <warning>
+      <p>
+	The Toolbar application is deprecated and will be removed in R16.
+      </p>
+    </warning>
     <p>Toolbar makes it easier to use
       the different Erlang tools - and the user contributions - which are provided.
       It has a graphical user interface with an icon for each tool.
diff --git a/lib/toolbar/doc/src/toolbar_chapter.xml b/lib/toolbar/doc/src/toolbar_chapter.xml
index a80dc5bd3e..4ea2101218 100644
--- a/lib/toolbar/doc/src/toolbar_chapter.xml
+++ b/lib/toolbar/doc/src/toolbar_chapter.xml
@@ -28,6 +28,11 @@
     <rev>A</rev>
     <file>toolbar_chapter.xml</file>
   </header>
+    <warning>
+      <p>
+	The Toolbar application is deprecated and will be removed in R16.
+      </p>
+    </warning>
   <p>Toolbar provides an interface to the various Erlang tools which are available. Toolbar can also provide access to user supplied tools which are included with the Erlang software release. These tools are called GS Contributions.</p>
   <p>All tools included in Toolbar must have a configuration file which contains information about the tool, such as its start function and the location of help information. The name of a configuration file must include the suffix <c>.tool</c>.
     </p>
diff --git a/lib/toolbar/src/canvasbutton.erl b/lib/toolbar/src/canvasbutton.erl
index 38fce537bb..7613253efe 100644
--- a/lib/toolbar/src/canvasbutton.erl
+++ b/lib/toolbar/src/canvasbutton.erl
@@ -17,6 +17,9 @@
 %% %CopyrightEnd%
 %%
 -module(canvasbutton).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,read,2}}]).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %
diff --git a/lib/toolbar/src/toolbar.erl b/lib/toolbar/src/toolbar.erl
index 67967172fe..b78df15700 100644
--- a/lib/toolbar/src/toolbar.erl
+++ b/lib/toolbar/src/toolbar.erl
@@ -17,6 +17,7 @@
 %% %CopyrightEnd%
 %%
 -module(toolbar).
+-compile([{nowarn_deprecated_function,{gs,start,1}}]).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %
diff --git a/lib/toolbar/src/toolbar_graphics.erl b/lib/toolbar/src/toolbar_graphics.erl
index ad390440e3..b442d7ff06 100644
--- a/lib/toolbar/src/toolbar_graphics.erl
+++ b/lib/toolbar/src/toolbar_graphics.erl
@@ -17,6 +17,9 @@
 %% %CopyrightEnd%
 %%
 -module(toolbar_graphics).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,read,2}}]).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %
diff --git a/lib/toolbar/src/toolbar_toolconfig.erl b/lib/toolbar/src/toolbar_toolconfig.erl
index 6dccb7ba72..6fb56cb1bd 100644
--- a/lib/toolbar/src/toolbar_toolconfig.erl
+++ b/lib/toolbar/src/toolbar_toolconfig.erl
@@ -17,6 +17,11 @@
 %% %CopyrightEnd%
 %%
 -module(toolbar_toolconfig).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %
diff --git a/lib/toolbar/vsn.mk b/lib/toolbar/vsn.mk
index 105303d785..b2b0764877 100644
--- a/lib/toolbar/vsn.mk
+++ b/lib/toolbar/vsn.mk
@@ -1,4 +1,4 @@
-TOOLBAR_VSN = 1.4.2
+TOOLBAR_VSN = 1.4.2.1
 
 
 
diff --git a/lib/tools/c_src/Makefile.in b/lib/tools/c_src/Makefile.in
index 6921193154..b8c4aed6e2 100644
--- a/lib/tools/c_src/Makefile.in
+++ b/lib/tools/c_src/Makefile.in
@@ -1,26 +1,27 @@
-# ``The contents of this file are subject to the Erlang Public License,
+#
+# %CopyrightBegin%
+#
+# Copyright Ericsson AB 2009-2012. All Rights Reserved.
+#
+# The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
 # compliance with the License. You should have received a copy of the
 # Erlang Public License along with this software. If not, it can be
-# retrieved via the world wide web at http://www.erlang.org/.
-# 
+# retrieved online at http://www.erlang.org/.
+#
 # Software distributed under the License is distributed on an "AS IS"
 # basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 # the License for the specific language governing rights and limitations
 # under the License.
-# 
-# The Initial Developer of the Original Code is Ericsson Utvecklings AB.
-# Portions created by Ericsson are Copyright 1999, Ericsson Utvecklings
-# AB. All Rights Reserved.''
-# 
-#     $Id$
+#
+# %CopyrightEnd%
 #
 
 include $(ERL_TOP)/make/target.mk
 include $(ERL_TOP)/erts/include/internal/$(TARGET)/ethread.mk
 
 USING_MINGW=@MIXED_CYGWIN_MINGW@
-USING_VC=@MIXED_CYGWIN_VC@
+USING_VC=@MIXED_VC@
 
 CC=@CC@
 LD=@LD@
@@ -138,15 +139,17 @@ EMEM_LIBS =	$(LIBS) \
 
 EMEM_OBJS = $(addprefix $(EMEM_OBJ_DIR)/,$(notdir $(EMEM_SRCS:.c=.o)))
 
+ERTS_LIB = $(ERL_TOP/erts/lib_src/obj/$(TARGET)/$(TYPE)/MADE
+
 #
 # Misc targets
 #
 
 _create_dirs := $(shell mkdir -p $(CREATE_DIRS))
 
-all: erts_lib $(PROGS) $(DRIVERS)
+all: $(PROGS) $(DRIVERS)
 
-erts_lib:
+$(ERTS_LIB):
 	cd $(ERL_TOP)/erts/lib_src && $(MAKE) $(TYPE)
 
 
@@ -174,7 +177,7 @@ $(EMEM_OBJ_DIR)/%.o: %.c
 # Program targets
 #
 
-$(BIN_DIR)/emem$(TYPEMARKER)@EXEEXT@: $(EMEM_OBJS)
+$(BIN_DIR)/emem$(TYPEMARKER)@EXEEXT@: $(EMEM_OBJS) $(ERTS_LIB)
 	$(PRE_LD) $(LD) $(EMEM_LDFLAGS) -o $@ $(EMEM_OBJS) $(EMEM_LIBS)
 
 #
diff --git a/lib/tools/c_src/erl_memory.c b/lib/tools/c_src/erl_memory.c
index 872d55e789..5239176d03 100644
--- a/lib/tools/c_src/erl_memory.c
+++ b/lib/tools/c_src/erl_memory.c
@@ -1224,7 +1224,7 @@ print_main_footer(em_state *state)
 
     switch (state->info.stop_reason) {
     case EMTP_STOP:
-	p += sprintf(p, stop_str);
+	p += sprintf(p, "%s", stop_str);
 	break;
     case EMTP_EXIT:
 	p += sprintf(p, exit_str, state->info.exit_status);
@@ -2339,7 +2339,7 @@ usage(char *sw, char *error)
     if (error)
 	exit(1);
     else {
-	char *help_str =
+	fprintf(filep, 
 	    "\n"
 	    "  []        - switch is allowed any number of times\n"
 	    "  {}        - switch is allowed at most one time\n"
@@ -2370,8 +2370,7 @@ usage(char *sw, char *error)
 	    "  " SW_CHAR "o        - display operation count values\n"
 	    "  " SW_CHAR "p <P>    - set listen port to <P>\n"
 	    "  " SW_CHAR "t        - display info about total values\n"
-	    "  " SW_CHAR "v        - verbose output\n";
-	fprintf(filep, help_str);
+	    "  " SW_CHAR "v        - verbose output\n");
 	exit(0);
     }
 
diff --git a/lib/tools/doc/src/eprof.xml b/lib/tools/doc/src/eprof.xml
index 1dbc41ec8e..8b614d8860 100644
--- a/lib/tools/doc/src/eprof.xml
+++ b/lib/tools/doc/src/eprof.xml
@@ -4,7 +4,7 @@
 <erlref>
   <header>
     <copyright>
-      <year>1996</year><year>2010</year>
+      <year>1996</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/tools/doc/src/notes.xml b/lib/tools/doc/src/notes.xml
index 17506fb6e2..e24e1c5977 100644
--- a/lib/tools/doc/src/notes.xml
+++ b/lib/tools/doc/src/notes.xml
@@ -30,6 +30,85 @@
   </header>
   <p>This document describes the changes made to the Tools application.</p>
 
+<section><title>Tools 2.6.6.6</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+	    <p>Update system profiling principles to reflect eprof
+	    performance improvements.</p>
+          <p>
+	    Own Id: OTP-9656</p>
+        </item>
+        <item>
+          <p>
+	    [cover] fix leftover {'DOWN', ..} msg in callers queue</p>
+          <p>
+	    After stopping cover with cover:stop() there could still
+	    be a {'DOWN',...} leftover message in the calling
+	    process's message queue. This unexpected leftover could
+	    be eliminated if erlang:demonitor/2 with option flush
+	    would be used in certain points</p>
+          <p>
+	    Own Id: OTP-9694</p>
+        </item>
+        <item>
+          <p>
+	    Add deps as erlang-flymake include directory.</p>
+          <p>
+	    Update erlang-flymake to recognize the "deps" folder as
+	    an include directory. This makes erlang-flymake
+	    compatible with the rebar dependency management tool's
+	    default folder structure, which puts included
+	    dependencies in "deps".(Thanks to Kevin Albrecht)</p>
+          <p>
+	    Own Id: OTP-9791</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p>Variables are now now allowed in '<c>fun M:F/A</c>' as
+	    suggested by Richard O'Keefe in EEP-23.</p>
+	    <p>The representation of '<c>fun M:F/A</c>' in the
+	    abstract format has been changed in an incompatible way.
+	    Tools that directly read or manipulate the abstract
+	    format (such as parse transforms) may need to be updated.
+	    The compiler can handle both the new and the old format
+	    (i.e. extracting the abstract format from a pre-R15 BEAM
+	    file and compiling it using compile:forms/1,2 will work).
+	    The <c>syntax_tools</c> application can also handle both
+	    formats.</p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9643</p>
+        </item>
+        <item>
+          <p>
+	    Tuple funs (a two-element tuple with a module name and a
+	    function) are now officially deprecated and will be
+	    removed in R16. Use '<c>fun M:F/A</c>' instead. To make
+	    you aware that your system uses tuple funs, the very
+	    first time a tuple fun is applied, a warning will be sent
+	    to the error logger.</p>
+          <p>
+	    Own Id: OTP-9649</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Tools 2.6.6.5</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/tools/emacs/erlang-flymake.el b/lib/tools/emacs/erlang-flymake.el
index bc368e9454..2e447b55de 100644
--- a/lib/tools/emacs/erlang-flymake.el
+++ b/lib/tools/emacs/erlang-flymake.el
@@ -60,7 +60,8 @@ check on newline and when there are no changes)."
   (list (concat (erlang-flymake-get-app-dir) "ebin")))
 
 (defun erlang-flymake-get-include-dirs ()
-  (list (concat (erlang-flymake-get-app-dir) "include")))
+  (list (concat (erlang-flymake-get-app-dir) "include")
+        (concat (erlang-flymake-get-app-dir) "deps")))
 
 (defun erlang-flymake-get-app-dir ()
   (let ((src-path (file-name-directory (buffer-file-name))))
diff --git a/lib/tools/src/fprof.erl b/lib/tools/src/fprof.erl
index 155965a65a..8165a6c13a 100644
--- a/lib/tools/src/fprof.erl
+++ b/lib/tools/src/fprof.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2001-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2001-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -87,8 +87,10 @@ dbg(_, _, _) ->
 
 
 
-apply({M, F} = Function, Args) 
+apply({M, F}, Args) 
   when is_atom(M), is_atom(F), is_list(Args) ->
+    Arity = length(Args),
+    Function = fun M:F/Arity,
     apply_1(Function, Args, []);
 apply(Fun, Args) 
   when is_function(Fun), is_list(Args) ->
@@ -98,8 +100,10 @@ apply(A, B) ->
 
 apply(M, F, Args) when is_atom(M), is_atom(F), is_list(Args) ->
     apply_1({M, F}, Args, []);
-apply({M, F} = Function, Args, Options) 
+apply({M, F}, Args, Options) 
   when is_atom(M), is_atom(F), is_list(Args), is_list(Options) ->
+    Arity = length(Args),
+    Function = fun M:F/Arity,
     apply_1(Function, Args, Options);
 apply(Fun, Args, Options) 
   when is_function(Fun), is_list(Args), is_list(Options) ->
@@ -109,7 +113,9 @@ apply(A, B, C) ->
 
 apply(Module, Function, Args, Options) 
   when is_atom(Module), is_atom(Function), is_list(Args), is_list(Options) ->
-    apply_1({Module, Function}, Args, Options);
+    Arity = length(Args),
+    Fun = fun Module:Function/Arity,
+    apply_1(Fun, Args, Options);
 apply(A, B, C, D) ->
     erlang:error(badarg, [A, B, C, D]).
 
diff --git a/lib/tools/src/xref_compiler.erl b/lib/tools/src/xref_compiler.erl
index 1445e135be..22312c6754 100644
--- a/lib/tools/src/xref_compiler.erl
+++ b/lib/tools/src/xref_compiler.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2000-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2000-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -736,8 +736,11 @@ find_nodes(Tuple, I, T) when is_tuple(Tuple) ->
 	  end,
     {NL, NI, T1} = foldl(Fun, {[], I, T}, L),
     Tag = case Tag0 of
-	      _ when is_function(Tag0) -> Tag0;
-	      _ when is_atom(Tag0) -> {sofs, Tag0}
+	      _ when is_function(Tag0) ->
+		  Tag0;
+	      _ when is_atom(Tag0) ->
+		  Arity = length(NL),
+		  fun sofs:Tag0/Arity
 	  end,
     find_node({apply, Tag, NL}, NI, T1).
 
diff --git a/lib/tools/test/cover_SUITE.erl b/lib/tools/test/cover_SUITE.erl
index 881a3c2997..576d7e261c 100644
--- a/lib/tools/test/cover_SUITE.erl
+++ b/lib/tools/test/cover_SUITE.erl
@@ -130,13 +130,20 @@ compile(Config) when is_list(Config) ->
     ?line {ok,_} = compile:file(x),
     ?line {ok,_} = compile:file("d/y",[debug_info,{outdir,"d"},report]),
     ?line Key = "A Krypto Key",
-    ?line {ok,_} = compile:file(crypt, [debug_info,{debug_info_key,Key},report]),
+    CryptoWorks = crypto_works(),
+    case CryptoWorks of
+	false ->
+	    {ok,_} = compile:file(crypt, [debug_info,report]),
+	    {ok,crypt} = cover:compile_beam("crypt.beam");
+	true ->
+	    {ok,_} = compile:file(crypt, [{debug_info_key,Key},report]),
+	    {error,{encrypted_abstract_code,_}} =
+		cover:compile_beam("crypt.beam"),
+	    ok = beam_lib:crypto_key_fun(simple_crypto_fun(Key)),
+	    {ok,crypt} = cover:compile_beam("crypt.beam")
+    end,
     ?line {ok,v} = cover:compile_beam(v),
     ?line {ok,w} = cover:compile_beam("w.beam"),
-    ?line {error,{encrypted_abstract_code,_}} =
-	cover:compile_beam("crypt.beam"),
-    ?line ok = beam_lib:crypto_key_fun(simple_crypto_fun(Key)),
-    ?line {ok,crypt} = cover:compile_beam("crypt.beam"),
     ?line {error,{no_abstract_code,"./x.beam"}} = cover:compile_beam(x),
     ?line {error,{already_cover_compiled,no_beam_found,a}}=cover:compile_beam(a),
     ?line {error,non_existing} = cover:compile_beam(z),
@@ -148,6 +155,15 @@ compile(Config) when is_list(Config) ->
     ?line Files = lsfiles(),
     ?line remove(files(Files, ".beam")).
 
+crypto_works() ->
+    try crypto:start() of
+	{error,{already_started,crypto}} -> true;
+	ok -> true
+    catch
+	error:_ ->
+	    false
+    end.
+
 simple_crypto_fun(Key) ->
     fun(init) -> ok;
        ({debug_info, des3_cbc, crypt, _}) -> Key
diff --git a/lib/tools/test/eprof_SUITE.erl b/lib/tools/test/eprof_SUITE.erl
index ecdbc5ce57..3283fa571f 100644
--- a/lib/tools/test/eprof_SUITE.erl
+++ b/lib/tools/test/eprof_SUITE.erl
@@ -183,8 +183,14 @@ eed(Config) when is_list(Config) ->
     ?line ok = eprof:log("eprof_SUITE_logfile"),
     ?line stopped = eprof:stop(),
     ?line ?t:timetrap_cancel(TTrap),
-    S = lists:flatten(io_lib:format("~p times slower", [10*(T3-T2)/(T2-T1)])),
-    {comment,S}.
+    try
+	S = lists:flatten(io_lib:format("~p times slower",
+					[10*(T3-T2)/(T2-T1)])),
+	{comment,S}
+    catch
+	error:badarith ->
+	    {comment,"No time elapsed. Bad clock? Fast computer?"}
+    end.
 
 ensure_eprof_stopped() ->
     Pid = whereis(eprof),
diff --git a/lib/tools/test/fprof_SUITE.erl b/lib/tools/test/fprof_SUITE.erl
index 0da6d4a9ea..f491c1e227 100644
--- a/lib/tools/test/fprof_SUITE.erl
+++ b/lib/tools/test/fprof_SUITE.erl
@@ -191,11 +191,17 @@ tail_seq(Config) when is_list(Config) ->
 
 %%%---------------------------------------------------------------------
 
-create_file_slow(doc) ->
-    ["Tests the create_file_slow benchmark"];
-create_file_slow(suite) ->
-    [];
-create_file_slow(Config) when is_list(Config) ->
+%% Tests the create_file_slow benchmark.
+create_file_slow(Config) ->
+    case test_server:is_native(lists) orelse
+	test_server:is_native(file) of
+	true ->
+	    {skip,"Native libs -- tracing does not work"};
+	false ->
+	    do_create_file_slow(Config)
+    end.
+
+do_create_file_slow(Config) ->
     ?line Timetrap = ?t:timetrap(?t:seconds(40)),
     ?line PrivDir = ?config(priv_dir, Config),
     ?line TraceFile = 
diff --git a/lib/tools/test/lcnt_SUITE.erl b/lib/tools/test/lcnt_SUITE.erl
index f2afa60e33..1bee6021ab 100644
--- a/lib/tools/test/lcnt_SUITE.erl
+++ b/lib/tools/test/lcnt_SUITE.erl
@@ -34,7 +34,7 @@
 	]).
 
 %% Default timetrap timeout (set in init_per_testcase)
--define(default_timeout, ?t:minutes(2)).
+-define(default_timeout, ?t:minutes(4)).
 
 init_per_suite(Config) when is_list(Config) ->
     Config.
@@ -49,6 +49,7 @@ init_per_testcase(_Case, Config) ->
 end_per_testcase(_Case, Config) ->
     Dog = ?config(watchdog, Config),
     ?t:timetrap_cancel(Dog),
+    catch lcnt:stop(),
     ok.
 
 suite() -> [{ct_hooks,[ts_install_cth]}].
diff --git a/lib/tools/vsn.mk b/lib/tools/vsn.mk
index 2d63a33554..269d3d7773 100644
--- a/lib/tools/vsn.mk
+++ b/lib/tools/vsn.mk
@@ -1 +1 @@
-TOOLS_VSN = 2.6.6.5
+TOOLS_VSN = 2.6.6.6
diff --git a/lib/tv/doc/src/Makefile b/lib/tv/doc/src/Makefile
index 5a41b28d48..21478d0931 100644
--- a/lib/tv/doc/src/Makefile
+++ b/lib/tv/doc/src/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 1997-2009. All Rights Reserved.
+# Copyright Ericsson AB 1997-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/tv/doc/src/notes.xml b/lib/tv/doc/src/notes.xml
index 77a6a43d51..97c99e6202 100644
--- a/lib/tv/doc/src/notes.xml
+++ b/lib/tv/doc/src/notes.xml
@@ -30,6 +30,21 @@
   </header>
   <p>This document describes the changes made to the TV application.</p>
 
+<section><title>TV 2.1.4.8</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>TV 2.1.4.7</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/tv/doc/src/table_visualizer_chapter.xml b/lib/tv/doc/src/table_visualizer_chapter.xml
index 12efbe643c..dbfd322945 100644
--- a/lib/tv/doc/src/table_visualizer_chapter.xml
+++ b/lib/tv/doc/src/table_visualizer_chapter.xml
@@ -31,6 +31,12 @@
     <rev>C</rev>
     <file>table_visualizer.xml</file>
   </header>
+    <warning>
+      <p>
+	The TV application has been superseded by the Observer application.
+	TV will be removed in R16.
+      </p>
+    </warning>
   <p>The TV, TV, is a tool that enables the user to examine 
     ETS and Mnesia tables on any (connected) node in the currently running Erlang
     system. Once a certain table has been opened in the tool, the content may be
diff --git a/lib/tv/doc/src/tv.xml b/lib/tv/doc/src/tv.xml
index 84b9f8c33d..83bbdfc052 100644
--- a/lib/tv/doc/src/tv.xml
+++ b/lib/tv/doc/src/tv.xml
@@ -36,6 +36,12 @@
   <module>tv</module>
   <modulesummary>TV graphically examines ETS and Mnesia tables. </modulesummary>
   <description>
+    <warning>
+      <p>
+	The TV application has been superseded by the Observer application.
+	TV will be removed in R16.
+      </p>
+    </warning>
     <p>TV enables the user to examine ETS and Mnesia tables. Once 
       a certain table has been opened in the tool, the content may be viewed at 
       various levels of detail. The content viewed may also be sorted, using any 
diff --git a/lib/tv/src/tv_db.erl b/lib/tv/src/tv_db.erl
index 201b4c0e6b..179b75c2e6 100644
--- a/lib/tv/src/tv_db.erl
+++ b/lib/tv/src/tv_db.erl
@@ -22,6 +22,10 @@
 %%%*********************************************************************
 
 -module(tv_db).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_db_search.erl b/lib/tv/src/tv_db_search.erl
index 7634bc63b6..6ae999253a 100644
--- a/lib/tv/src/tv_db_search.erl
+++ b/lib/tv/src/tv_db_search.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1998-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,6 +21,18 @@
 %%%
 %%%*********************************************************************
 -module(tv_db_search).
+-compile([{nowarn_deprecated_function,{gs,button,3}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,entry,3}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,label,3}},
+          {nowarn_deprecated_function,{gs,listbox,3}},
+          {nowarn_deprecated_function,{gs,radiobutton,3}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_etsread.erl b/lib/tv/src/tv_etsread.erl
index d3240ef513..b3e38f9d45 100644
--- a/lib/tv/src/tv_etsread.erl
+++ b/lib/tv/src/tv_etsread.erl
@@ -25,6 +25,9 @@
 
 
 -module(tv_etsread).
+-compile([{nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_info.erl b/lib/tv/src/tv_info.erl
index 7bc31e35cd..941286362c 100644
--- a/lib/tv/src/tv_info.erl
+++ b/lib/tv/src/tv_info.erl
@@ -16,6 +16,14 @@
 %% 
 %% %CopyrightEnd%
 -module(tv_info).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,listbox,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_ip.erl b/lib/tv/src/tv_ip.erl
index aeec4e8f6d..2d3ada878a 100644
--- a/lib/tv/src/tv_ip.erl
+++ b/lib/tv/src/tv_ip.erl
@@ -16,6 +16,12 @@
 %% 
 %% %CopyrightEnd%
 -module(tv_ip).
+-compile([{nowarn_deprecated_function,{gs,canvas,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_main.erl b/lib/tv/src/tv_main.erl
index 283ba4c967..fbf56971f9 100644
--- a/lib/tv/src/tv_main.erl
+++ b/lib/tv/src/tv_main.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1998-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -16,6 +16,20 @@
 %% 
 %% %CopyrightEnd%
 -module(tv_main).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,frame,3}},
+          {nowarn_deprecated_function,{gs,grid,3}},
+          {nowarn_deprecated_function,{gs,gridline,2}},
+          {nowarn_deprecated_function,{gs,label,3}},
+          {nowarn_deprecated_function,{gs,menu,2}},
+          {nowarn_deprecated_function,{gs,menubar,3}},
+          {nowarn_deprecated_function,{gs,menubutton,2}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,menuitem,3}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_mnesia_rpc.erl b/lib/tv/src/tv_mnesia_rpc.erl
index 4a75994145..b2434fcdd3 100644
--- a/lib/tv/src/tv_mnesia_rpc.erl
+++ b/lib/tv/src/tv_mnesia_rpc.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 1998-2009. All Rights Reserved.
+%% Copyright Ericsson AB 1998-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/tv/src/tv_new_table.erl b/lib/tv/src/tv_new_table.erl
index 3d62b0548b..d31b9a4ee2 100644
--- a/lib/tv/src/tv_new_table.erl
+++ b/lib/tv/src/tv_new_table.erl
@@ -16,6 +16,16 @@
 %% 
 %% %CopyrightEnd%k
 -module(tv_new_table).
+-compile([{nowarn_deprecated_function,{gs,button,3}},
+          {nowarn_deprecated_function,{gs,checkbutton,3}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,entry,3}},
+          {nowarn_deprecated_function,{gs,frame,3}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,radiobutton,3}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_nodewin.erl b/lib/tv/src/tv_nodewin.erl
index 3999d201d8..9030ed930f 100644
--- a/lib/tv/src/tv_nodewin.erl
+++ b/lib/tv/src/tv_nodewin.erl
@@ -16,6 +16,15 @@
 %% 
 %% %CopyrightEnd%
 -module(tv_nodewin).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,listbox,3}},
+          {nowarn_deprecated_function,{gs,menu,3}},
+          {nowarn_deprecated_function,{gs,menubar,3}},
+          {nowarn_deprecated_function,{gs,menubutton,3}},
+          {nowarn_deprecated_function,{gs,menuitem,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_pb.erl b/lib/tv/src/tv_pb.erl
index 78a27185dc..fa3dcde919 100644
--- a/lib/tv/src/tv_pb.erl
+++ b/lib/tv/src/tv_pb.erl
@@ -16,6 +16,9 @@
 %%
 %% %CopyrightEnd%
 -module(tv_pb).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,frame,2}}]).
 
 
 
diff --git a/lib/tv/src/tv_pb_funcs.erl b/lib/tv/src/tv_pb_funcs.erl
index 87a4719bbd..0670d2795f 100644
--- a/lib/tv/src/tv_pb_funcs.erl
+++ b/lib/tv/src/tv_pb_funcs.erl
@@ -16,6 +16,12 @@
 %% 
 %% %CopyrightEnd%
 -module(tv_pb_funcs).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,canvas,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}}]).
 
 
 
diff --git a/lib/tv/src/tv_pc.erl b/lib/tv/src/tv_pc.erl
index 50214fe06a..fcb7aba3a7 100644
--- a/lib/tv/src/tv_pc.erl
+++ b/lib/tv/src/tv_pc.erl
@@ -25,6 +25,7 @@
 
 
 -module(tv_pc).
+-compile([{nowarn_deprecated_function,{gs,config,2}}]).
 
 
 
diff --git a/lib/tv/src/tv_pc_menu_handling.erl b/lib/tv/src/tv_pc_menu_handling.erl
index 16195bf91f..5d411b106e 100644
--- a/lib/tv/src/tv_pc_menu_handling.erl
+++ b/lib/tv/src/tv_pc_menu_handling.erl
@@ -25,6 +25,10 @@
 
 
 -module(tv_pc_menu_handling).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_pd.erl b/lib/tv/src/tv_pd.erl
index ea14bf67b1..6694ea22a3 100644
--- a/lib/tv/src/tv_pd.erl
+++ b/lib/tv/src/tv_pd.erl
@@ -24,6 +24,11 @@
 
 
 -module(tv_pd).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,destroy,1}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_pd_display.erl b/lib/tv/src/tv_pd_display.erl
index f5a30cb640..dab442e28e 100644
--- a/lib/tv/src/tv_pd_display.erl
+++ b/lib/tv/src/tv_pd_display.erl
@@ -22,6 +22,13 @@
 %%%*********************************************************************
 
 -module(tv_pd_display).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,editor,2}},
+          {nowarn_deprecated_function,{gs,entry,3}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,read,2}}]).
 
 
 
diff --git a/lib/tv/src/tv_pd_frames.erl b/lib/tv/src/tv_pd_frames.erl
index 4e091ac9f0..d18dcaf70d 100644
--- a/lib/tv/src/tv_pd_frames.erl
+++ b/lib/tv/src/tv_pd_frames.erl
@@ -16,6 +16,8 @@
 %% 
 %% %CopyrightEnd%
 -module(tv_pd_frames).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,frame,2}}]).
 
 
 
diff --git a/lib/tv/src/tv_pd_scale.erl b/lib/tv/src/tv_pd_scale.erl
index c94e57f468..2f98c3183f 100644
--- a/lib/tv/src/tv_pd_scale.erl
+++ b/lib/tv/src/tv_pd_scale.erl
@@ -24,6 +24,8 @@
 
 
 -module(tv_pd_scale).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,scale,2}}]).
 
 
 
diff --git a/lib/tv/src/tv_pg.erl b/lib/tv/src/tv_pg.erl
index ba8782392b..0b36b18212 100644
--- a/lib/tv/src/tv_pg.erl
+++ b/lib/tv/src/tv_pg.erl
@@ -16,6 +16,7 @@
 %% 
 %% %CopyrightEnd%
 -module(tv_pg).
+-compile([{nowarn_deprecated_function,{gs,config,2}}]).
 
 
 
diff --git a/lib/tv/src/tv_pg_gridfcns.erl b/lib/tv/src/tv_pg_gridfcns.erl
index 3d23c8a69f..e47dac28a8 100644
--- a/lib/tv/src/tv_pg_gridfcns.erl
+++ b/lib/tv/src/tv_pg_gridfcns.erl
@@ -16,6 +16,10 @@
 %%
 %% %CopyrightEnd%
 -module(tv_pg_gridfcns).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,read,2}}]).
 
 
 
diff --git a/lib/tv/src/tv_poll_dialog.erl b/lib/tv/src/tv_poll_dialog.erl
index 8d41251266..4bf49f44f1 100644
--- a/lib/tv/src/tv_poll_dialog.erl
+++ b/lib/tv/src/tv_poll_dialog.erl
@@ -22,7 +22,13 @@
 %%%*********************************************************************
 
 -module(tv_poll_dialog).
-
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,radiobutton,2}},
+          {nowarn_deprecated_function,{gs,scale,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,2}}]).
 
 
 -export([start/1, init/2]).
diff --git a/lib/tv/src/tv_pw.erl b/lib/tv/src/tv_pw.erl
index 8b3186e090..bd6d06e241 100644
--- a/lib/tv/src/tv_pw.erl
+++ b/lib/tv/src/tv_pw.erl
@@ -23,6 +23,7 @@
 
 
 -module(tv_pw).
+-compile([{nowarn_deprecated_function,{gs,config,2}}]).
 
 
 
diff --git a/lib/tv/src/tv_pw_window.erl b/lib/tv/src/tv_pw_window.erl
index 9cb5c879c0..0cd241a031 100644
--- a/lib/tv/src/tv_pw_window.erl
+++ b/lib/tv/src/tv_pw_window.erl
@@ -23,6 +23,10 @@
 
 
 -module(tv_pw_window).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,menuitem,3}},
+          {nowarn_deprecated_function,{gs,start,0}}]).
 
 
 
diff --git a/lib/tv/src/tv_rec_edit.erl b/lib/tv/src/tv_rec_edit.erl
index e8f663073e..f6c09ebc67 100644
--- a/lib/tv/src/tv_rec_edit.erl
+++ b/lib/tv/src/tv_rec_edit.erl
@@ -16,6 +16,16 @@
 %% 
 %% %CopyrightEnd%
 -module(tv_rec_edit).
+-compile([{nowarn_deprecated_function,{gs,button,2}},
+          {nowarn_deprecated_function,{gs,button,3}},
+          {nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,entry,3}},
+          {nowarn_deprecated_function,{gs,frame,2}},
+          {nowarn_deprecated_function,{gs,frame,3}},
+          {nowarn_deprecated_function,{gs,label,2}},
+          {nowarn_deprecated_function,{gs,read,2}},
+          {nowarn_deprecated_function,{gs,start,0}},
+          {nowarn_deprecated_function,{gs,window,3}}]).
 
 
 
diff --git a/lib/tv/src/tv_utils.erl b/lib/tv/src/tv_utils.erl
index fd232bde69..9c7458d302 100644
--- a/lib/tv/src/tv_utils.erl
+++ b/lib/tv/src/tv_utils.erl
@@ -16,6 +16,9 @@
 %% 
 %% %CopyrightEnd%
 -module(tv_utils).
+-compile([{nowarn_deprecated_function,{gs,config,2}},
+          {nowarn_deprecated_function,{gs,create,3}},
+          {nowarn_deprecated_function,{gs,destroy,1}}]).
 
 
 
diff --git a/lib/tv/vsn.mk b/lib/tv/vsn.mk
index 43e3d2ebce..756aae2096 100644
--- a/lib/tv/vsn.mk
+++ b/lib/tv/vsn.mk
@@ -1 +1 @@
-TV_VSN = 2.1.4.7
+TV_VSN = 2.1.4.8
diff --git a/lib/typer/src/typer.erl b/lib/typer/src/typer.erl
index f2a70f49b7..6392f5765f 100644
--- a/lib/typer/src/typer.erl
+++ b/lib/typer/src/typer.erl
@@ -119,9 +119,9 @@ extract(#analysis{macros = Macros,
 	      {ok, RecDict} ->
 		Mod = list_to_atom(filename:basename(File, ".erl")),
 		case dialyzer_utils:get_spec_info(Mod, AbstractCode, RecDict) of
-		  {ok, SpecDict} ->
+		  {ok, SpecDict, CbDict} ->
 		    CS1 = dialyzer_codeserver:store_temp_records(Mod, RecDict, CS),
-		    dialyzer_codeserver:store_temp_contracts(Mod, SpecDict, CS1);
+		    dialyzer_codeserver:store_temp_contracts(Mod, SpecDict, CbDict, CS1);
 		  {error, Reason} -> compile_error([Reason])
 		end;
 	      {error, Reason} -> compile_error([Reason])
@@ -682,10 +682,10 @@ analyze_result(show_succ, Args, Analysis) ->
 analyze_result(no_spec, Args, Analysis) ->
   {Args, Analysis#analysis{no_spec = true}};
 analyze_result({pa, Dir}, Args, Analysis) ->
-  code:add_patha(Dir),
+  true = code:add_patha(Dir),
   {Args, Analysis};
 analyze_result({pz, Dir}, Args, Analysis) ->
-  code:add_pathz(Dir),
+  true = code:add_pathz(Dir),
   {Args, Analysis}.
 
 %%--------------------------------------------------------------------
@@ -873,16 +873,16 @@ collect_one_file_info(File, Analysis) ->
 	      Mod = cerl:concrete(cerl:module_name(Core)),
 	      case dialyzer_utils:get_spec_info(Mod, AbstractCode, Records) of
 		{error, Reason} -> compile_error([Reason]);
-		{ok, SpecInfo} ->
+		{ok, SpecInfo, CbInfo} ->
                   ExpTypes = get_exported_types_from_core(Core),
-		  analyze_core_tree(Core, Records, SpecInfo, ExpTypes,
-                                    Analysis, File)
+		  analyze_core_tree(Core, Records, SpecInfo, CbInfo,
+				    ExpTypes, Analysis, File)
 	      end
 	  end
       end
   end.
 
-analyze_core_tree(Core, Records, SpecInfo, ExpTypes, Analysis, File) ->
+analyze_core_tree(Core, Records, SpecInfo, CbInfo, ExpTypes, Analysis, File) ->
   Module = cerl:concrete(cerl:module_name(Core)),
   TmpTree = cerl:from_records(Core),
   CS1 = Analysis#analysis.codeserver,
@@ -894,7 +894,8 @@ analyze_core_tree(Core, Records, SpecInfo, ExpTypes, Analysis, File) ->
   CS5 =
     case Analysis#analysis.no_spec of
       true -> CS4;
-      false -> dialyzer_codeserver:store_temp_contracts(Module, SpecInfo, CS4)
+      false ->
+	dialyzer_codeserver:store_temp_contracts(Module, SpecInfo, CbInfo, CS4)
     end,
   OldExpTypes = dialyzer_codeserver:get_temp_exported_types(CS5),
   MergedExpTypes = sets:union(ExpTypes, OldExpTypes),
diff --git a/lib/typer/vsn.mk b/lib/typer/vsn.mk
index 9e73aed286..85a7c01424 100644
--- a/lib/typer/vsn.mk
+++ b/lib/typer/vsn.mk
@@ -1 +1 @@
-TYPER_VSN = 0.9.2
+TYPER_VSN = 0.9.3
diff --git a/lib/webtool/doc/src/notes.xml b/lib/webtool/doc/src/notes.xml
index c58a440937..a56fdd7b6f 100644
--- a/lib/webtool/doc/src/notes.xml
+++ b/lib/webtool/doc/src/notes.xml
@@ -31,6 +31,21 @@
   <p>This document describes the changes made to the Webtool
     application.</p>
 
+<section><title>WebTool 0.8.9.1</title>
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Miscellaneous documentation build updates</p>
+          <p>
+	    Own Id: OTP-9813</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>WebTool 0.8.9</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/webtool/vsn.mk b/lib/webtool/vsn.mk
index 2643be866e..690f9a22cf 100644
--- a/lib/webtool/vsn.mk
+++ b/lib/webtool/vsn.mk
@@ -1 +1 @@
-WEBTOOL_VSN=0.8.9
+WEBTOOL_VSN=0.8.9.1
diff --git a/lib/wx/Makefile b/lib/wx/Makefile
index 0bc89e08ad..9a75b2e36e 100644
--- a/lib/wx/Makefile
+++ b/lib/wx/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2008-2010. All Rights Reserved.
+# Copyright Ericsson AB 2008-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
@@ -18,12 +18,19 @@
 #
 
 include ./vsn.mk
-include ./config.mk
-SUBDIRS = src 
-ifeq ($(CAN_BUILD_DRIVER), true) 
-SUBDIRS += c_src 
-endif 
-SUBDIRS += examples doc/src
+
+ifdef TERTIARY_BOOTSTRAP
+ INSIDE_ERLSRC = true
+ SUBDIRS = src
+else # Normal build
+ include ./config.mk
+ SUBDIRS = src
+ ifeq ($(CAN_BUILD_DRIVER), true)
+ SUBDIRS += c_src
+ endif
+ SUBDIRS += examples doc/src
+endif #TERTIARY_BOOTSTRAP
+
 CLEANDIRS = $(SUBDIRS) api_gen
 
 ifeq ($(INSIDE_ERLSRC),true)
@@ -32,6 +39,7 @@ ifeq ($(INSIDE_ERLSRC),true)
 # Default Subdir Targets
 # ----------------------------------------------------
 SUB_DIRECTORIES=$(SUBDIRS)
+
 include $(ERL_TOP)/make/otp_subdir.mk
 else 
 # we are building standalone wxErlang
diff --git a/lib/wx/aclocal.m4 b/lib/wx/aclocal.m4
new file mode 100644
index 0000000000..339a15a2bb
--- /dev/null
+++ b/lib/wx/aclocal.m4
@@ -0,0 +1,1766 @@
+dnl
+dnl %CopyrightBegin%
+dnl
+dnl Copyright Ericsson AB 1998-2011. All Rights Reserved.
+dnl
+dnl The contents of this file are subject to the Erlang Public License,
+dnl Version 1.1, (the "License"); you may not use this file except in
+dnl compliance with the License. You should have received a copy of the
+dnl Erlang Public License along with this software. If not, it can be
+dnl retrieved online at http://www.erlang.org/.
+dnl
+dnl Software distributed under the License is distributed on an "AS IS"
+dnl basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+dnl the License for the specific language governing rights and limitations
+dnl under the License.
+dnl
+dnl %CopyrightEnd%
+dnl
+
+dnl
+dnl aclocal.m4
+dnl
+dnl Local macros used in configure.in. The Local Macros which
+dnl could/should be part of autoconf are prefixed LM_, macros specific
+dnl to the Erlang system are prefixed ERL_.
+dnl
+
+AC_DEFUN(LM_PRECIOUS_VARS,
+[
+
+dnl ERL_TOP
+AC_ARG_VAR(ERL_TOP, [Erlang/OTP top source directory])
+
+dnl Tools
+AC_ARG_VAR(CC, [C compiler])
+AC_ARG_VAR(CFLAGS, [C compiler flags])
+AC_ARG_VAR(STATIC_CFLAGS, [C compiler static flags])
+AC_ARG_VAR(CFLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag passed via C compiler])
+AC_ARG_VAR(CPP, [C/C++ preprocessor])
+AC_ARG_VAR(CPPFLAGS, [C/C++ preprocessor flags])
+AC_ARG_VAR(CXX, [C++ compiler])
+AC_ARG_VAR(CXXFLAGS, [C++ compiler flags])
+AC_ARG_VAR(LD, [linker (is often overridden by configure)])
+AC_ARG_VAR(LDFLAGS, [linker flags (can be risky to set since LD may be overriden by configure)])
+AC_ARG_VAR(LIBS, [libraries])
+AC_ARG_VAR(DED_LD, [linker for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LDFLAGS, [linker flags for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(DED_LD_FLAG_RUNTIME_LIBRARY_PATH, [runtime library path linker flag for Dynamic Erlang Drivers (set all DED_LD* variables or none)])
+AC_ARG_VAR(LFS_CFLAGS, [large file support C compiler flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LDFLAGS, [large file support linker flags (set all LFS_* variables or none)])
+AC_ARG_VAR(LFS_LIBS, [large file support libraries (set all LFS_* variables or none)])
+AC_ARG_VAR(RANLIB, [ranlib])
+AC_ARG_VAR(AR, [ar])
+AC_ARG_VAR(GETCONF, [getconf])
+
+dnl Cross system root
+AC_ARG_VAR(erl_xcomp_sysroot, [Absolute cross system root path (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_isysroot, [Absolute cross system root include path (only used when cross compiling)])
+
+dnl Cross compilation variables
+AC_ARG_VAR(erl_xcomp_bigendian, [big endian system: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_clock_gettime_correction, [clock_gettime() can be used for time correction: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_nptl, [have Native POSIX Thread Library: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigusrx, [SIGUSR1 and SIGUSR2 can be used: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_linux_usable_sigaltstack, [have working sigaltstack(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_poll, [have working poll(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_kqueue, [have working kqueue(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_putenv_copy, [putenv() stores key-value copy: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_reliable_fpe, [have reliable floating point exceptions: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_getaddrinfo, [have working getaddrinfo() for both IPv4 and IPv6: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_gethrvtime_procfs_ioctl, [have working gethrvtime() which can be used with procfs ioctl(): yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_clock_gettime_cpu_time, [clock_gettime() can be used for retrieving process CPU time: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_after_morecore_hook, [__after_morecore_hook can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+AC_ARG_VAR(erl_xcomp_dlsym_brk_wrappers, [dlsym(RTLD_NEXT, _) brk wrappers can track malloc()s core memory usage: yes|no (only used when cross compiling)])
+
+])
+
+AC_DEFUN(ERL_XCOMP_SYSROOT_INIT,
+[
+erl_xcomp_without_sysroot=no
+if test "$cross_compiling" = "yes"; then
+    test "$erl_xcomp_sysroot" != "" || erl_xcomp_without_sysroot=yes
+    test "$erl_xcomp_isysroot" != "" || erl_xcomp_isysroot="$erl_xcomp_sysroot"
+else
+    erl_xcomp_sysroot=
+    erl_xcomp_isysroot=
+fi
+])
+
+AC_DEFUN(LM_CHECK_GETCONF,
+[
+if test "$cross_compiling" != "yes"; then
+    AC_CHECK_PROG([GETCONF], [getconf], [getconf], [false])
+else
+    dnl First check if we got a `<HOST>-getconf' in $PATH
+    host_getconf="$host_alias-getconf"
+    AC_CHECK_PROG([GETCONF], [$host_getconf], [$host_getconf], [false])
+    if test "$GETCONF" = "false" && test "$erl_xcomp_sysroot" != ""; then
+	dnl We should perhaps give up if we have'nt found it by now, but at
+	dnl least in one Tilera MDE `getconf' under sysroot is a bourne
+	dnl shell script which we can use. We try to find `<HOST>-getconf'
+    	dnl or `getconf' under sysconf, but only under sysconf since
+	dnl `getconf' in $PATH is almost guaranteed to be for the build
+	dnl machine.
+	GETCONF=
+	prfx="$erl_xcomp_sysroot"
+        AC_PATH_TOOL([GETCONF], [getconf], [false],
+	             ["$prfx/usr/bin:$prfx/bin:$prfx/usr/local/bin"])
+    fi
+fi
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_WINDOWS_ENVIRONMENT
+dnl
+dnl
+dnl Tries to determine thw windows build environment, i.e. 
+dnl MIXED_CYGWIN_VC or MIXED_MSYS_VC 
+dnl
+
+AC_DEFUN(LM_WINDOWS_ENVIRONMENT,
+[
+MIXED_CYGWIN=no
+MIXED_MSYS=no
+
+AC_MSG_CHECKING(for mixed cygwin or msys and native VC++ environment)
+if test "X$host" = "Xwin32" -a "x$GCC" != "xyes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([Cygwin and VC])
+		MIXED_CYGWIN_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_VC"
+	elif test -x /usr/bin/msysinfo; then
+	        CFLAGS="-O2"
+		MIXED_MSYS=yes
+		AC_MSG_RESULT([MSYS and VC])
+		MIXED_MSYS_VC=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_MSYS_VC"
+	else		    
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_VC=no
+	MIXED_MSYS_VC=no
+fi
+AC_SUBST(MIXED_CYGWIN_VC)
+AC_SUBST(MIXED_MSYS_VC)
+
+MIXED_VC=no
+if test "x$MIXED_MSYS_VC" = "xyes" -o  "x$MIXED_CYGWIN_VC" = "xyes" ; then
+   MIXED_VC=yes
+fi
+
+AC_SUBST(MIXED_VC)
+
+if test "x$MIXED_MSYS" != "xyes"; then
+   AC_MSG_CHECKING(for mixed cygwin and native MinGW environment)
+   if test "X$host" = "Xwin32" -a "x$GCC" = x"yes"; then
+	if test -x /usr/bin/cygpath; then
+		CFLAGS="-O2"
+		MIXED_CYGWIN=yes
+		AC_MSG_RESULT([yes])
+		MIXED_CYGWIN_MINGW=yes
+		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_MINGW"
+	else
+		AC_MSG_RESULT([undeterminable])
+		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
+	fi
+    else
+	AC_MSG_RESULT([no])
+	MIXED_CYGWIN_MINGW=no
+    fi
+else
+	MIXED_CYGWIN_MINGW=no
+fi	
+AC_SUBST(MIXED_CYGWIN_MINGW)
+
+AC_MSG_CHECKING(if we mix cygwin with any native compiler)
+if test "X$MIXED_CYGWIN" = "Xyes"; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_CYGWIN)
+	
+AC_MSG_CHECKING(if we mix msys with another native compiler)
+if test "X$MIXED_MSYS" = "Xyes" ; then
+	AC_MSG_RESULT([yes])	
+else
+	AC_MSG_RESULT([no])
+fi
+
+AC_SUBST(MIXED_MSYS)
+])		
+	
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_FIND_EMU_CC
+dnl
+dnl
+dnl Tries fairly hard to find a C compiler that can handle jump tables.
+dnl Defines the @EMU_CC@ variable for the makefiles and 
+dnl inserts NO_JUMP_TABLE in the header if one cannot be found...
+dnl
+
+AC_DEFUN(LM_FIND_EMU_CC,
+	[AC_CACHE_CHECK(for a compiler that handles jumptables,
+			ac_cv_prog_emu_cc,
+			[
+AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    __label__ lbl1;
+    __label__ lbl2;
+    int x = magic();
+    static void *jtab[2];
+
+    jtab[0] = &&lbl1;
+    jtab[1] = &&lbl2;
+    goto *jtab[x];
+lbl1:
+    return 1;
+lbl2:
+    return 2;
+],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+
+if test $ac_cv_prog_emu_cc = no; then
+	for ac_progname in emu_cc.sh gcc-4.2 gcc; do
+  		IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  		ac_dummy="$PATH"
+  		for ac_dir in $ac_dummy; do
+    			test -z "$ac_dir" && ac_dir=.
+    			if test -f $ac_dir/$ac_progname; then
+      				ac_cv_prog_emu_cc=$ac_dir/$ac_progname
+      				break
+    			fi
+  		done
+  		IFS="$ac_save_ifs"
+		if test $ac_cv_prog_emu_cc != no; then
+			break
+		fi
+	done
+fi
+
+if test $ac_cv_prog_emu_cc != no; then
+	save_CC=$CC
+	save_CFLAGS=$CFLAGS
+	save_CPPFLAGS=$CPPFLAGS
+	CC=$ac_cv_prog_emu_cc
+	CFLAGS=""
+	CPPFLAGS=""
+	AC_TRY_COMPILE([],[
+#if defined(__clang_major__) && __clang_major__ >= 3
+    /* clang 3.x or later is fine */
+#elif defined(__llvm__)
+#error "this version of llvm is unable to correctly compile beam_emu.c"
+#endif
+    	__label__ lbl1;
+    	__label__ lbl2;
+    	int x = magic();
+    	static void *jtab[2];
+
+    	jtab[0] = &&lbl1;
+    	jtab[1] = &&lbl2;
+    	goto *jtab[x];
+	lbl1:
+    	return 1;
+	lbl2:
+    	return 2;
+	],ac_cv_prog_emu_cc=$CC,ac_cv_prog_emu_cc=no)
+	CC=$save_CC
+	CFLAGS=$save_CFLAGS
+	CPPFLAGS=$save_CPPFLAGS
+fi
+])
+if test $ac_cv_prog_emu_cc = no; then
+	AC_DEFINE(NO_JUMP_TABLE,[],[Defined if no found C compiler can handle jump tables])
+	EMU_CC=$CC
+else
+	EMU_CC=$ac_cv_prog_emu_cc
+fi
+AC_SUBST(EMU_CC)
+])		
+			
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_INSTALL_DIR
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl Figure out how to create directories with parents.
+dnl (In my opinion INSTALL_DIR is a bad name, MKSUBDIRS or something is better)
+dnl
+dnl We prefer 'install -d', but use 'mkdir -p' if it exists.
+dnl If none of these methods works, we give up.
+dnl
+
+
+AC_DEFUN(LM_PROG_INSTALL_DIR,
+[AC_CACHE_CHECK(how to create a directory including parents,
+ac_cv_prog_mkdir_p,
+[
+temp_name_base=config.$$
+temp_name=$temp_name_base/x/y/z
+$INSTALL -d $temp_name >/dev/null 2>&1
+ac_cv_prog_mkdir_p=none
+if test -d $temp_name; then
+        ac_cv_prog_mkdir_p="$INSTALL -d"
+else
+        mkdir -p $temp_name >/dev/null 2>&1
+        if test -d $temp_name; then
+                ac_cv_prog_mkdir_p="mkdir -p"
+        fi
+fi
+rm -fr $temp_name_base           
+])
+
+case "${ac_cv_prog_mkdir_p}" in
+  none) AC_MSG_ERROR(don't know how create directories with parents) ;;
+  *)    INSTALL_DIR="$ac_cv_prog_mkdir_p" AC_SUBST(INSTALL_DIR)     ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_PROG_PERL5
+dnl
+dnl Try to find perl version 5. If found set PERL to the absolute path
+dnl of the program, if not found set PERL to false.
+dnl
+dnl On some systems /usr/bin/perl is perl 4 and e.g.
+dnl /usr/local/bin/perl is perl 5. We try to handle this case by
+dnl putting a couple of 
+dnl Tries to handle the case that there are two programs called perl
+dnl in the path and one of them is perl 5 and the other isn't. 
+dnl
+AC_DEFUN(LM_PROG_PERL5,
+[AC_PATH_PROGS(PERL, perl5 perl, false,
+   /usr/local/bin:/opt/local/bin:/usr/local/gnu/bin:${PATH})
+changequote(, )dnl
+dnl[ That bracket is needed to balance the right bracket below
+if test "$PERL" = "false" || $PERL -e 'exit ($] >= 5)'; then
+changequote([, ])dnl
+  ac_cv_path_PERL=false
+  PERL=false
+dnl  AC_MSG_WARN(perl version 5 not found)
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SO_BSDCOMPAT
+dnl
+dnl Check if the system has the SO_BSDCOMPAT flag on sockets (linux) 
+dnl
+AC_DEFUN(LM_DECL_SO_BSDCOMPAT,
+[AC_CACHE_CHECK([for SO_BSDCOMPAT declaration], ac_cv_decl_so_bsdcompat,
+AC_TRY_COMPILE([#include <sys/socket.h>], [int i = SO_BSDCOMPAT;],
+               ac_cv_decl_so_bsdcompat=yes,
+               ac_cv_decl_so_bsdcompat=no))
+
+case "${ac_cv_decl_so_bsdcompat}" in
+  "yes" ) AC_DEFINE(HAVE_SO_BSDCOMPAT,[],
+		[Define if you have SO_BSDCOMPAT flag on sockets]) ;;
+  * ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_INADDR_LOOPBACK
+dnl
+dnl Try to find declaration of INADDR_LOOPBACK, if nowhere provide a default
+dnl
+
+AC_DEFUN(LM_DECL_INADDR_LOOPBACK,
+[AC_CACHE_CHECK([for INADDR_LOOPBACK in netinet/in.h],
+ ac_cv_decl_inaddr_loopback,
+[AC_TRY_COMPILE([#include <sys/types.h>
+#include <netinet/in.h>], [int i = INADDR_LOOPBACK;],
+ac_cv_decl_inaddr_loopback=yes, ac_cv_decl_inaddr_loopback=no)
+])
+
+if test ${ac_cv_decl_inaddr_loopback} = no; then
+  AC_CACHE_CHECK([for INADDR_LOOPBACK in rpc/types.h],
+                   ac_cv_decl_inaddr_loopback_rpc,
+                   AC_TRY_COMPILE([#include <rpc/types.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_rpc=yes,
+                                   ac_cv_decl_inaddr_loopback_rpc=no))
+
+   case "${ac_cv_decl_inaddr_loopback_rpc}" in
+     "yes" )
+        AC_DEFINE(DEF_INADDR_LOOPBACK_IN_RPC_TYPES_H,[],
+		[Define if you need to include rpc/types.h to get INADDR_LOOPBACK defined]) ;;
+      * )
+  	AC_CACHE_CHECK([for INADDR_LOOPBACK in winsock2.h],
+                   ac_cv_decl_inaddr_loopback_winsock2,
+                   AC_TRY_COMPILE([#define WIN32_LEAN_AND_MEAN
+				   #include <winsock2.h>],
+                                   [int i = INADDR_LOOPBACK;],
+                                   ac_cv_decl_inaddr_loopback_winsock2=yes,
+                                   ac_cv_decl_inaddr_loopback_winsock2=no))
+	case "${ac_cv_decl_inaddr_loopback_winsock2}" in
+     		"yes" )
+			AC_DEFINE(DEF_INADDR_LOOPBACK_IN_WINSOCK2_H,[],
+				[Define if you need to include winsock2.h to get INADDR_LOOPBACK defined]) ;;
+		* )
+			# couldn't find it anywhere
+        		AC_DEFINE(HAVE_NO_INADDR_LOOPBACK,[],
+				[Define if you don't have a definition of INADDR_LOOPBACK]) ;;
+	esac;;
+   esac
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_SOCKADDR_SA_LEN
+dnl
+dnl Check if the sockaddr structure has the field sa_len
+dnl
+
+AC_DEFUN(LM_STRUCT_SOCKADDR_SA_LEN,
+[AC_CACHE_CHECK([whether struct sockaddr has sa_len field],
+                ac_cv_struct_sockaddr_sa_len,
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <sys/socket.h>], [struct sockaddr s; s.sa_len = 10;],
+  ac_cv_struct_sockaddr_sa_len=yes, ac_cv_struct_sockaddr_sa_len=no))
+
+dnl FIXME convbreak
+case ${ac_cv_struct_sockaddr_sa_len} in
+  "no" ) AC_DEFINE(NO_SA_LEN,[1],[Define if you dont have salen]) ;;
+  *) ;;
+esac
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_STRUCT_EXCEPTION
+dnl
+dnl Check to see whether the system supports the matherr function
+dnl and its associated type "struct exception".
+dnl
+
+AC_DEFUN(LM_STRUCT_EXCEPTION,
+[AC_CACHE_CHECK([for struct exception (and matherr function)],
+ ac_cv_struct_exception,
+AC_TRY_COMPILE([#include <math.h>],
+  [struct exception x; x.type = DOMAIN; x.type = SING;],
+  ac_cv_struct_exception=yes, ac_cv_struct_exception=no))
+
+case "${ac_cv_struct_exception}" in
+  "yes" ) AC_DEFINE(USE_MATHERR,[1],[Define if you have matherr() function and struct exception type]) ;;
+  *  ) ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_IPV6
+dnl
+dnl Check for ipv6 support and what the in6_addr structure is called.
+dnl (early linux used in_addr6 insted of in6_addr)
+dnl
+
+AC_DEFUN(LM_SYS_IPV6,
+[AC_MSG_CHECKING(for IP version 6 support)
+AC_CACHE_VAL(ac_cv_sys_ipv6_support,
+[ok_so_far=yes
+ AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+   [struct in6_addr a6; struct sockaddr_in6 s6;], ok_so_far=yes, ok_so_far=no)
+
+if test $ok_so_far = yes; then
+  ac_cv_sys_ipv6_support=yes
+else
+  AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef __WIN32__
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif],
+    [struct in_addr6 a6; struct sockaddr_in6 s6;],
+    ac_cv_sys_ipv6_support=in_addr6, ac_cv_sys_ipv6_support=no)
+fi
+])dnl
+
+dnl
+dnl Have to use old style AC_DEFINE due to BC with old autoconf.
+dnl
+
+case ${ac_cv_sys_ipv6_support} in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    ;;
+  in_addr6)
+    AC_MSG_RESULT([yes (but I am redefining in_addr6 to in6_addr)])
+    AC_DEFINE(HAVE_IN6,[1],[Define if ipv6 is present])
+    AC_DEFINE(HAVE_IN_ADDR6_STRUCT,[],[Early linux used in_addr6 instead of in6_addr, define if you have this])
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+esac
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_SYS_MULTICAST
+dnl
+dnl Check for multicast support. Only checks for multicast options in
+dnl setsockopt(), no check is performed that multicasting actually works.
+dnl If options are found defines HAVE_MULTICAST_SUPPORT
+dnl
+
+AC_DEFUN(LM_SYS_MULTICAST,
+[AC_CACHE_CHECK([for multicast support], ac_cv_sys_multicast_support,
+[AC_EGREP_CPP(yes,
+[#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#if defined(IP_MULTICAST_TTL) && defined(IP_MULTICAST_LOOP) && defined(IP_MULTICAST_IF) && defined(IP_ADD_MEMBERSHIP) && defined(IP_DROP_MEMBERSHIP)
+yes
+#endif
+], ac_cv_sys_multicast_support=yes, ac_cv_sys_multicast_support=no)])
+if test $ac_cv_sys_multicast_support = yes; then
+  AC_DEFINE(HAVE_MULTICAST_SUPPORT,[1],
+	[Define if setsockopt() accepts multicast options])
+fi
+])dnl
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_DECL_SYS_ERRLIST
+dnl
+dnl Define SYS_ERRLIST_DECLARED if the variable sys_errlist is declared
+dnl in a system header file, stdio.h or errno.h.
+dnl
+
+AC_DEFUN(LM_DECL_SYS_ERRLIST,
+[AC_CACHE_CHECK([for sys_errlist declaration in stdio.h or errno.h],
+  ac_cv_decl_sys_errlist,
+[AC_TRY_COMPILE([#include <stdio.h>
+#include <errno.h>], [char *msg = *(sys_errlist + 1);],
+  ac_cv_decl_sys_errlist=yes, ac_cv_decl_sys_errlist=no)])
+if test $ac_cv_decl_sys_errlist = yes; then
+  AC_DEFINE(SYS_ERRLIST_DECLARED,[],
+	[define if the variable sys_errlist is declared in a system header file])
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_FUNC_DECL( funname, declaration [, extra includes 
+dnl                     [, action-if-found [, action-if-not-found]]] )
+dnl
+dnl Checks if the declaration "declaration" of "funname" conflicts
+dnl with the header files idea of how the function should be
+dnl declared. It is useful on systems which lack prototypes and you
+dnl need to provide your own (e.g. when you want to take the address
+dnl of a function). The 4'th argument is expanded if conflicting, 
+dnl the 5'th argument otherwise
+dnl
+dnl
+
+AC_DEFUN(LM_CHECK_FUNC_DECL,
+[AC_MSG_CHECKING([for conflicting declaration of $1])
+AC_CACHE_VAL(ac_cv_func_decl_$1,
+[AC_TRY_COMPILE([#include <stdio.h>
+$3],[$2
+char *c = (char *)$1;
+], eval "ac_cv_func_decl_$1=no", eval "ac_cv_func_decl_$1=yes")])
+if eval "test \"`echo '$ac_cv_func_decl_'$1`\" = yes"; then
+  AC_MSG_RESULT(yes)
+  ifelse([$4], , :, [$4])
+else
+  AC_MSG_RESULT(no)
+ifelse([$5], , , [$5
+])dnl
+fi
+])
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl LM_CHECK_THR_LIB
+dnl
+dnl This macro may be used by any OTP application.
+dnl
+dnl LM_CHECK_THR_LIB sets THR_LIBS, THR_DEFS, and THR_LIB_NAME. It also
+dnl checks for some pthread headers which will appear in DEFS or config.h.
+dnl
+
+AC_DEFUN(LM_CHECK_THR_LIB,
+[
+
+NEED_NPTL_PTHREAD_H=no
+
+dnl win32?
+AC_MSG_CHECKING([for native win32 threads])
+if test "X$host_os" = "Xwin32"; then
+    AC_MSG_RESULT(yes)
+    THR_DEFS="-DWIN32_THREADS"
+    THR_LIBS=
+    THR_LIB_NAME=win32_threads
+    THR_LIB_TYPE=win32_threads
+else
+    AC_MSG_RESULT(no)
+    THR_DEFS=
+    THR_LIBS=
+    THR_LIB_NAME=
+    THR_LIB_TYPE=posix_unknown
+
+dnl Try to find POSIX threads
+
+dnl The usual pthread lib...
+    AC_CHECK_LIB(pthread, pthread_create, THR_LIBS="-lpthread")
+
+dnl FreeBSD has pthreads in special c library, c_r...
+    if test "x$THR_LIBS" = "x"; then
+	AC_CHECK_LIB(c_r, pthread_create, THR_LIBS="-lc_r")
+    fi
+
+dnl On ofs1 the '-pthread' switch should be used
+    if test "x$THR_LIBS" = "x"; then
+	AC_MSG_CHECKING([if the '-pthread' switch can be used])
+	saved_cflags=$CFLAGS
+	CFLAGS="$CFLAGS -pthread"
+	AC_TRY_LINK([#include <pthread.h>],
+		    pthread_create((void*)0,(void*)0,(void*)0,(void*)0);,
+		    [THR_DEFS="-pthread"
+		     THR_LIBS="-pthread"])
+	CFLAGS=$saved_cflags
+	if test "x$THR_LIBS" != "x"; then
+	    AC_MSG_RESULT(yes)
+	else
+	    AC_MSG_RESULT(no)
+	fi
+    fi
+
+    if test "x$THR_LIBS" != "x"; then
+	THR_DEFS="$THR_DEFS -D_THREAD_SAFE -D_REENTRANT -DPOSIX_THREADS"
+	THR_LIB_NAME=pthread
+	case $host_os in
+	    solaris*)
+		THR_DEFS="$THR_DEFS -D_POSIX_PTHREAD_SEMANTICS" ;;
+	    linux*)
+		THR_DEFS="$THR_DEFS -D_POSIX_THREAD_SAFE_FUNCTIONS"
+
+		LM_CHECK_GETCONF
+		AC_MSG_CHECKING(for Native POSIX Thread Library)
+		libpthr_vsn=`$GETCONF GNU_LIBPTHREAD_VERSION 2>/dev/null`
+		if test $? -eq 0; then
+		    case "$libpthr_vsn" in
+			*nptl*|*NPTL*) nptl=yes;;
+			*) nptl=no;;
+		    esac
+		elif test "$cross_compiling" = "yes"; then
+		    case "$erl_xcomp_linux_nptl" in
+			"") nptl=cross;;
+			yes|no) nptl=$erl_xcomp_linux_nptl;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_nptl value: $erl_xcomp_linux_nptl]);;
+		    esac
+		else
+		    nptl=no
+		fi
+		AC_MSG_RESULT($nptl)
+		if test $nptl = cross; then
+		    nptl=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $nptl = yes; then
+		    THR_LIB_TYPE=posix_nptl
+		    need_nptl_incldir=no
+		    AC_CHECK_HEADER(nptl/pthread.h,
+				    [need_nptl_incldir=yes
+				     NEED_NPTL_PTHREAD_H=yes])
+		    if test $need_nptl_incldir = yes; then
+			# Ahh...
+			nptl_path="$C_INCLUDE_PATH:$CPATH"
+			if test X$cross_compiling != Xyes; then
+			    nptl_path="$nptl_path:/usr/local/include:/usr/include"
+			else
+			    IROOT="$erl_xcomp_isysroot"
+			    test "$IROOT" != "" || IROOT="$erl_xcomp_sysroot"
+			    test "$IROOT" != "" || AC_MSG_ERROR([Don't know where to search for includes! Please set erl_xcomp_isysroot])
+			    nptl_path="$nptl_path:$IROOT/usr/local/include:$IROOT/usr/include"
+			fi
+			nptl_ws_path=
+			save_ifs="$IFS"; IFS=":"
+			for dir in $nptl_path; do
+			    if test "x$dir" != "x"; then
+				nptl_ws_path="$nptl_ws_path $dir"
+			    fi
+			done
+			IFS=$save_ifs
+			nptl_incldir=
+			for dir in $nptl_ws_path; do
+		            AC_CHECK_HEADER($dir/nptl/pthread.h,
+					    nptl_incldir=$dir/nptl)
+			    if test "x$nptl_incldir" != "x"; then
+				THR_DEFS="$THR_DEFS -isystem $nptl_incldir"
+				break
+			    fi
+			done
+			if test "x$nptl_incldir" = "x"; then
+			    AC_MSG_ERROR(Failed to locate nptl system include directory)
+			fi
+		    fi
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need THR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags=$CPPFLAGS
+	CPPFLAGS="$CPPFLAGS $THR_DEFS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h,
+			AC_DEFINE(HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+    fi
+fi
+
+])
+
+AC_DEFUN(ERL_INTERNAL_LIBS,
+[
+
+ERTS_INTERNAL_X_LIBS=
+
+AC_CHECK_LIB(kstat, kstat_open,
+[AC_DEFINE(HAVE_KSTAT, 1, [Define if you have kstat])
+ERTS_INTERNAL_X_LIBS="$ERTS_INTERNAL_X_LIBS -lkstat"])
+
+AC_SUBST(ERTS_INTERNAL_X_LIBS)
+
+])
+
+AC_DEFUN(ETHR_CHK_SYNC_OP,
+[
+    AC_MSG_CHECKING([for $3-bit $1()])
+    case "$2" in
+	"1") sync_call="$1(&var);";;
+	"2") sync_call="$1(&var, ($4) 0);";;
+	"3") sync_call="$1(&var, ($4) 0, ($4) 0);";;
+    esac
+    have_sync_op=no
+    AC_TRY_LINK([],
+	[
+	    $4 res;
+	    volatile $4 var;
+	    res = $sync_call
+	],
+	[have_sync_op=yes])
+    test $have_sync_op = yes && $5
+    AC_MSG_RESULT([$have_sync_op])
+])
+
+AC_DEFUN(ETHR_CHK_INTERLOCKED,
+[
+    ilckd="$1"
+    AC_MSG_CHECKING([for ${ilckd}()])
+    case "$2" in
+	"1") ilckd_call="${ilckd}(var);";;
+	"2") ilckd_call="${ilckd}(var, ($3) 0);";;
+	"3") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0);";;
+	"4") ilckd_call="${ilckd}(var, ($3) 0, ($3) 0, arr);";;
+    esac
+    have_interlocked_op=no
+    AC_TRY_LINK(
+	[
+	#define WIN32_LEAN_AND_MEAN
+	#include <windows.h>
+	#include <intrin.h>
+	],
+	[
+	    volatile $3 *var;
+	    volatile $3 arr[2];
+
+	    $ilckd_call
+	    return 0;
+	],
+	[have_interlocked_op=yes])
+    test $have_interlocked_op = yes && $4
+    AC_MSG_RESULT([$have_interlocked_op])
+])
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_FIND_ETHR_LIB
+dnl
+dnl NOTE! This macro may be changed at any time! Should *only* be used by
+dnl       ERTS!
+dnl
+dnl Find a thread library to use. Sets ETHR_LIBS to libraries to link
+dnl with, ETHR_X_LIBS to extra libraries to link with (same as ETHR_LIBS
+dnl except that the ethread lib itself is not included), ETHR_DEFS to
+dnl defines to compile with, ETHR_THR_LIB_BASE to the name of the
+dnl thread library which the ethread library is based on, and ETHR_LIB_NAME
+dnl to the name of the library where the ethread implementation is located.
+dnl  ERL_FIND_ETHR_LIB currently searches for 'pthreads', and
+dnl 'win32_threads'. If no thread library was found ETHR_LIBS, ETHR_X_LIBS,
+dnl ETHR_DEFS, ETHR_THR_LIB_BASE, and ETHR_LIB_NAME are all set to the
+dnl empty string.
+dnl
+
+AC_DEFUN(ERL_FIND_ETHR_LIB,
+[
+
+LM_CHECK_THR_LIB
+ERL_INTERNAL_LIBS
+
+ethr_have_native_atomics=no
+ethr_have_native_spinlock=no
+ETHR_THR_LIB_BASE="$THR_LIB_NAME"
+ETHR_THR_LIB_BASE_TYPE="$THR_LIB_TYPE"
+ETHR_DEFS="$THR_DEFS"
+ETHR_X_LIBS="$THR_LIBS $ERTS_INTERNAL_X_LIBS"
+ETHR_LIBS=
+ETHR_LIB_NAME=
+
+ethr_modified_default_stack_size=
+
+dnl Name of lib where ethread implementation is located
+ethr_lib_name=ethread
+
+case "$THR_LIB_NAME" in
+
+    win32_threads)
+	ETHR_THR_LIB_BASE_DIR=win
+	# * _WIN32_WINNT >= 0x0400 is needed for
+	#   TryEnterCriticalSection
+	# * _WIN32_WINNT >= 0x0403 is needed for
+	#   InitializeCriticalSectionAndSpinCount
+	# The ethread lib will refuse to build if _WIN32_WINNT < 0x0403.
+	#
+	# -D_WIN32_WINNT should have been defined in $CPPFLAGS; fetch it
+	# and save it in ETHR_DEFS.
+	found_win32_winnt=no
+	for cppflag in $CPPFLAGS; do
+	    case $cppflag in
+		-DWINVER*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    ;;
+		-D_WIN32_WINNT*)
+		    ETHR_DEFS="$ETHR_DEFS $cppflag"
+		    found_win32_winnt=yes
+		    ;;
+		*)
+		    ;;
+	    esac
+        done
+        if test $found_win32_winnt = no; then
+	    AC_MSG_ERROR([-D_WIN32_WINNT missing in CPPFLAGS])
+        fi
+
+	AC_DEFINE(ETHR_WIN32_THREADS, 1, [Define if you have win32 threads])
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT, 1, [Define if you have _InterlockedDecrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement_rel], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT_REL, 1, [Define if you have _InterlockedDecrement_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT, 1, [Define if you have _InterlockedIncrement()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement_acq], [1], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT_ACQ, 1, [Define if you have _InterlockedIncrement_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD, 1, [Define if you have _InterlockedExchangeAdd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd_acq], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD_ACQ, 1, [Define if you have _InterlockedExchangeAdd_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND, 1, [Define if you have _InterlockedAnd()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR, 1, [Define if you have _InterlockedOr()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange], [2], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE, 1, [Define if you have _InterlockedExchange()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE, 1, [Define if you have _InterlockedCompareExchange()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_acq], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_ACQ, 1, [Define if you have _InterlockedCompareExchange_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange_rel], [3], [long], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE_REL, 1, [Define if you have _InterlockedCompareExchange_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64, 1, [Define if you have _InterlockedDecrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedDecrement64_rel], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDDECREMENT64_REL, 1, [Define if you have _InterlockedDecrement64_rel()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64, 1, [Define if you have _InterlockedIncrement64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedIncrement64_acq], [1], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDINCREMENT64_ACQ, 1, [Define if you have _InterlockedIncrement64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64, 1, [Define if you have _InterlockedExchangeAdd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchangeAdd64_acq], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGEADD64_ACQ, 1, [Define if you have _InterlockedExchangeAdd64_acq()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedAnd64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDAND64, 1, [Define if you have _InterlockedAnd64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedOr64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDOR64, 1, [Define if you have _InterlockedOr64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedExchange64], [2], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDEXCHANGE64, 1, [Define if you have _InterlockedExchange64()]))
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64, 1, [Define if you have _InterlockedCompareExchange64()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_acq], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_ACQ, 1, [Define if you have _InterlockedCompareExchange64_acq()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange64_rel], [3], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE64_REL, 1, [Define if you have _InterlockedCompareExchange64_rel()]))
+	test "$have_interlocked_op" = "yes" && ethr_have_native_atomics=yes
+
+	ETHR_CHK_INTERLOCKED([_InterlockedCompareExchange128], [4], [__int64], AC_DEFINE_UNQUOTED(ETHR_HAVE__INTERLOCKEDCOMPAREEXCHANGE128, 1, [Define if you have _InterlockedCompareExchange128()]))
+
+	test "$ethr_have_native_atomics" = "yes" && ethr_have_native_spinlock=yes
+	;;
+
+    pthread)
+	ETHR_THR_LIB_BASE_DIR=pthread
+    	AC_DEFINE(ETHR_PTHREADS, 1, [Define if you have pthreads])
+	case $host_os in
+	    openbsd*)
+		# The default stack size is insufficient for our needs
+		# on OpenBSD. We increase it to 256 kilo words.
+		ethr_modified_default_stack_size=256;;
+	    linux*)
+		ETHR_DEFS="$ETHR_DEFS -D_GNU_SOURCE"
+
+		if test	X$cross_compiling = Xyes; then
+		    case X$erl_xcomp_linux_usable_sigusrx in
+			X) usable_sigusrx=cross;;
+			Xyes|Xno) usable_sigusrx=$erl_xcomp_linux_usable_sigusrx;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigusrx value: $erl_xcomp_linux_usable_sigusrx]);;
+		    esac
+		    case X$erl_xcomp_linux_usable_sigaltstack in
+			X) usable_sigaltstack=cross;;
+			Xyes|Xno) usable_sigaltstack=$erl_xcomp_linux_usable_sigaltstack;;
+			*) AC_MSG_ERROR([Bad erl_xcomp_linux_usable_sigaltstack value: $erl_xcomp_linux_usable_sigaltstack]);;
+		    esac
+		else
+		    # FIXME: Test for actual problems instead of kernel versions
+		    linux_kernel_vsn_=`uname -r`
+		    case $linux_kernel_vsn_ in
+			[[0-1]].*|2.[[0-1]]|2.[[0-1]].*)
+			    usable_sigusrx=no
+			    usable_sigaltstack=no;;
+			2.[[2-3]]|2.[[2-3]].*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=no;;
+		    	*)
+			    usable_sigusrx=yes
+			    usable_sigaltstack=yes;;
+		    esac
+		fi
+
+		AC_MSG_CHECKING(if SIGUSR1 and SIGUSR2 can be used)
+		AC_MSG_RESULT($usable_sigusrx)
+		if test $usable_sigusrx = cross; then
+		    usable_sigusrx=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigusrx = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGUSRX"
+		fi
+
+		AC_MSG_CHECKING(if sigaltstack can be used)
+		AC_MSG_RESULT($usable_sigaltstack)
+		if test $usable_sigaltstack = cross; then
+		    usable_sigaltstack=yes
+		    AC_MSG_WARN([result yes guessed because of cross compilation])
+		fi
+		if test $usable_sigaltstack = no; then
+		    ETHR_DEFS="$ETHR_DEFS -DETHR_UNUSABLE_SIGALTSTACK"
+		fi
+		;;
+	    *) ;;
+	esac
+
+	dnl We sometimes need ETHR_DEFS in order to find certain headers
+	dnl (at least for pthread.h on osf1).
+	saved_cppflags="$CPPFLAGS"
+	CPPFLAGS="$CPPFLAGS $ETHR_DEFS"
+
+	dnl We need the thread library in order to find some functions
+	saved_libs="$LIBS"
+	LIBS="$LIBS $ETHR_X_LIBS"
+
+	dnl
+	dnl Check for headers
+	dnl
+
+	AC_CHECK_HEADER(pthread.h, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_H, 1, \
+[Define if you have the <pthread.h> header file.]))
+
+	dnl Some Linuxes have <pthread/mit/pthread.h> instead of <pthread.h>
+	AC_CHECK_HEADER(pthread/mit/pthread.h, \
+			AC_DEFINE(ETHR_HAVE_MIT_PTHREAD_H, 1, \
+[Define if the pthread.h header file is in pthread/mit directory.]))
+
+	if test $NEED_NPTL_PTHREAD_H = yes; then
+	    AC_DEFINE(ETHR_NEED_NPTL_PTHREAD_H, 1, \
+[Define if you need the <nptl/pthread.h> header file.])
+	fi
+
+	AC_CHECK_HEADER(sched.h, \
+			AC_DEFINE(ETHR_HAVE_SCHED_H, 1, \
+[Define if you have the <sched.h> header file.]))
+
+	AC_CHECK_HEADER(sys/time.h, \
+			AC_DEFINE(ETHR_HAVE_SYS_TIME_H, 1, \
+[Define if you have the <sys/time.h> header file.]))
+
+	AC_TRY_COMPILE([#include <time.h>
+			#include <sys/time.h>], 
+			[struct timeval *tv; return 0;],
+			AC_DEFINE(ETHR_TIME_WITH_SYS_TIME, 1, \
+[Define if you can safely include both <sys/time.h> and <time.h>.]))
+
+
+	dnl
+	dnl Check for functions
+	dnl
+
+	AC_CHECK_FUNC(pthread_spin_lock, \
+			[ethr_have_native_spinlock=yes \
+			 AC_DEFINE(ETHR_HAVE_PTHREAD_SPIN_LOCK, 1, \
+[Define if you have the pthread_spin_lock function.])])
+
+	have_sched_yield=no
+	have_librt_sched_yield=no
+	AC_CHECK_FUNC(sched_yield, [have_sched_yield=yes])
+	if test $have_sched_yield = no; then
+	    AC_CHECK_LIB(rt, sched_yield,
+			 [have_librt_sched_yield=yes
+			  ETHR_X_LIBS="$ETHR_X_LIBS -lrt"])
+	fi
+	if test $have_sched_yield = yes || test $have_librt_sched_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_SCHED_YIELD, 1, [Define if you have the sched_yield() function.])
+	    AC_MSG_CHECKING([whether sched_yield() returns an int])
+	    sched_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#ifdef ETHR_HAVE_SCHED_H
+				#include <sched.h>
+				#endif
+			   ],
+			   [int sched_yield();],
+			   [sched_yield_ret_int=yes])
+	    AC_MSG_RESULT([$sched_yield_ret_int])
+	    if test $sched_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_SCHED_YIELD_RET_INT, 1, [Define if sched_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_yield=no
+	AC_CHECK_FUNC(pthread_yield, [have_pthread_yield=yes])
+	if test $have_pthread_yield = yes; then
+	    AC_DEFINE(ETHR_HAVE_PTHREAD_YIELD, 1, [Define if you have the pthread_yield() function.])
+	    AC_MSG_CHECKING([whether pthread_yield() returns an int])
+	    pthread_yield_ret_int=no
+	    AC_TRY_COMPILE([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			   ],
+			   [int pthread_yield();],
+			   [pthread_yield_ret_int=yes])
+	    AC_MSG_RESULT([$pthread_yield_ret_int])
+	    if test $pthread_yield_ret_int = yes; then
+		AC_DEFINE(ETHR_PTHREAD_YIELD_RET_INT, 1, [Define if pthread_yield() returns an int.])
+	    fi
+	fi
+
+	have_pthread_rwlock_init=no
+	AC_CHECK_FUNC(pthread_rwlock_init, [have_pthread_rwlock_init=yes])
+	if test $have_pthread_rwlock_init = yes; then
+
+	    ethr_have_pthread_rwlockattr_setkind_np=no
+	    AC_CHECK_FUNC(pthread_rwlockattr_setkind_np,
+			  [ethr_have_pthread_rwlockattr_setkind_np=yes])
+
+	    if test $ethr_have_pthread_rwlockattr_setkind_np = yes; then
+		AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCKATTR_SETKIND_NP, 1, \
+[Define if you have the pthread_rwlockattr_setkind_np() function.])
+
+		AC_MSG_CHECKING([for PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP])
+		ethr_pthread_rwlock_writer_nonrecursive_initializer_np=no
+		AC_TRY_LINK([
+				#if defined(ETHR_NEED_NPTL_PTHREAD_H)
+				#include <nptl/pthread.h>
+				#elif defined(ETHR_HAVE_MIT_PTHREAD_H)
+				#include <pthread/mit/pthread.h>
+				#elif defined(ETHR_HAVE_PTHREAD_H)
+				#include <pthread.h>
+				#endif
+			    ],
+			    [
+				pthread_rwlockattr_t *attr;
+				return pthread_rwlockattr_setkind_np(attr,
+				    PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP);
+			    ],
+			    [ethr_pthread_rwlock_writer_nonrecursive_initializer_np=yes])
+		AC_MSG_RESULT([$ethr_pthread_rwlock_writer_nonrecursive_initializer_np])
+		if test $ethr_pthread_rwlock_writer_nonrecursive_initializer_np = yes; then
+		    AC_DEFINE(ETHR_HAVE_PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP, 1, \
+[Define if you have the PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP rwlock attribute.])
+		fi
+	    fi
+	fi
+
+	if test "$force_pthread_rwlocks" = "yes"; then
+
+	    AC_DEFINE(ETHR_FORCE_PTHREAD_RWLOCK, 1, \
+[Define if you want to force usage of pthread rwlocks])
+
+	    if test $have_pthread_rwlock_init = yes; then
+		AC_MSG_WARN([Forced usage of pthread rwlocks. Note that this implementation may suffer from starvation issues.])
+	    else
+		AC_MSG_ERROR([User forced usage of pthread rwlock, but no such implementation was found])
+	    fi
+	fi
+
+	AC_CHECK_FUNC(pthread_attr_setguardsize, \
+			AC_DEFINE(ETHR_HAVE_PTHREAD_ATTR_SETGUARDSIZE, 1, \
+[Define if you have the pthread_attr_setguardsize function.]))
+
+	linux_futex=no
+	AC_MSG_CHECKING([for Linux futexes])
+	AC_TRY_LINK([
+			#include <sys/syscall.h>
+			#include <unistd.h>
+			#include <linux/futex.h>
+			#include <sys/time.h>
+		    ],
+		    [
+			int i = 1;
+			syscall(__NR_futex, (void *) &i, FUTEX_WAKE, 1,
+				(void*)0,(void*)0, 0);
+			syscall(__NR_futex, (void *) &i, FUTEX_WAIT, 0,
+				(void*)0,(void*)0, 0);
+			return 0;
+		    ],
+		    linux_futex=yes)
+	AC_MSG_RESULT([$linux_futex])
+	test $linux_futex = yes && AC_DEFINE(ETHR_HAVE_LINUX_FUTEX, 1, [Define if you have a linux futex implementation.])
+
+	AC_CHECK_SIZEOF(int)
+	AC_CHECK_SIZEOF(long)
+	AC_CHECK_SIZEOF(long long)
+	AC_CHECK_SIZEOF(__int128_t)
+
+	if test "$ac_cv_sizeof_int" = "4"; then
+	    int32="int"
+	elif test "$ac_cv_sizeof_long" = "4"; then
+	    int32="long"
+	elif test "$ac_cv_sizeof_long_long" = "4"; then
+	    int32="long long"
+	else
+	    AC_MSG_ERROR([No 32-bit type found])
+	fi
+
+	if test "$ac_cv_sizeof_int" = "8"; then
+	    int64="int"
+	elif test "$ac_cv_sizeof_long" = "8"; then
+	    int64="long"
+	elif test "$ac_cv_sizeof_long_long" = "8"; then
+	    int64="long long"
+	else
+	    AC_MSG_ERROR([No 64-bit type found])
+	fi
+
+	int128=no
+	if test "$ac_cv_sizeof___int128_t" = "16"; then
+	    int128="__int128_t"
+	fi
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP32, 1, [Define if you have __sync_val_compare_and_swap() for 32-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH32, 1, [Define if you have __sync_add_and_fetch() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND32, 1, [Define if you have __sync_fetch_and_and() for 32-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [32], [$int32], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR32, 1, [Define if you have __sync_fetch_and_or() for 32-bit integers]))
+
+	ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP64, 1, [Define if you have __sync_val_compare_and_swap() for 64-bit integers]))
+	test "$have_sync_op" = "yes" && ethr_have_native_atomics=yes
+	ETHR_CHK_SYNC_OP([__sync_add_and_fetch], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_ADD_AND_FETCH64, 1, [Define if you have __sync_add_and_fetch() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_and], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_AND64, 1, [Define if you have __sync_fetch_and_and() for 64-bit integers]))
+	ETHR_CHK_SYNC_OP([__sync_fetch_and_or], [2], [64], [$int64], AC_DEFINE(ETHR_HAVE___SYNC_FETCH_AND_OR64, 1, [Define if you have __sync_fetch_and_or() for 64-bit integers]))
+
+	if test $int128 != no; then
+	    ETHR_CHK_SYNC_OP([__sync_val_compare_and_swap], [3], [128], [$int128], AC_DEFINE(ETHR_HAVE___SYNC_VAL_COMPARE_AND_SWAP128, 1, [Define if you have __sync_val_compare_and_swap() for 128-bit integers]))
+	fi
+
+	AC_MSG_CHECKING([for a usable libatomic_ops implementation])
+	case "x$with_libatomic_ops" in
+	    xno | xyes | x)
+		libatomic_ops_include=
+		;;
+	    *)
+		if test -d "${with_libatomic_ops}/include"; then
+		    libatomic_ops_include="-I$with_libatomic_ops/include"
+		    CPPFLAGS="$CPPFLAGS $libatomic_ops_include"
+		else
+		    AC_MSG_ERROR([libatomic_ops include directory $with_libatomic_ops/include not found])
+		fi;;
+	esac
+	ethr_have_libatomic_ops=no
+	AC_TRY_LINK([#include "atomic_ops.h"],
+		    [
+			volatile AO_t x;
+			AO_t y;
+			int z;
+
+			AO_nop_full();
+			AO_store(&x, (AO_t) 0);
+			z = AO_load(&x);
+			z = AO_compare_and_swap_full(&x, (AO_t) 0, (AO_t) 1);
+		    ],
+		    [ethr_have_native_atomics=yes
+		     ethr_have_libatomic_ops=yes])
+	AC_MSG_RESULT([$ethr_have_libatomic_ops])
+	if test $ethr_have_libatomic_ops = yes; then
+	    AC_CHECK_SIZEOF(AO_t, ,
+			    [
+				#include <stdio.h>
+				#include "atomic_ops.h"
+			    ])
+	    AC_DEFINE_UNQUOTED(ETHR_SIZEOF_AO_T, $ac_cv_sizeof_AO_t, [Define to the size of AO_t if libatomic_ops is used])
+
+	    AC_DEFINE(ETHR_HAVE_LIBATOMIC_OPS, 1, [Define if you have libatomic_ops atomic operations])
+	    if test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+		AC_DEFINE(ETHR_PREFER_LIBATOMIC_OPS_NATIVE_IMPLS, 1, [Define if you prefer libatomic_ops native ethread implementations])
+	    fi
+	    ETHR_DEFS="$ETHR_DEFS $libatomic_ops_include"
+	elif test "x$with_libatomic_ops" != "xno" && test "x$with_libatomic_ops" != "x"; then
+	    AC_MSG_ERROR([No usable libatomic_ops implementation found])
+	fi
+
+	case "$host_cpu" in
+	  sparc | sun4u | sparc64 | sun4v)
+		case "$with_sparc_memory_order" in
+		    "TSO")
+			AC_DEFINE(ETHR_SPARC_TSO, 1, [Define if only run in Sparc TSO mode]);;
+		    "PSO")
+			AC_DEFINE(ETHR_SPARC_PSO, 1, [Define if only run in Sparc PSO, or TSO mode]);;
+		    "RMO"|"")
+			AC_DEFINE(ETHR_SPARC_RMO, 1, [Define if run in Sparc RMO, PSO, or TSO mode]);;
+		    *)
+			AC_MSG_ERROR([Unsupported Sparc memory order: $with_sparc_memory_order]);;
+		esac
+		ethr_have_native_atomics=yes;; 
+	  i86pc | i*86 | x86_64 | amd64)
+		if test "$enable_x86_out_of_order" = "yes"; then
+			AC_DEFINE(ETHR_X86_OUT_OF_ORDER, 1, [Define if x86/x86_64 out of order instructions should be synchronized])
+		fi
+		ethr_have_native_atomics=yes;;
+	  macppc | ppc | "Power Macintosh")
+		ethr_have_native_atomics=yes;;
+	  tile)
+		ethr_have_native_atomics=yes;;
+	  *)
+		;;
+	esac
+
+	test ethr_have_native_atomics = "yes" && ethr_have_native_spinlock=yes
+
+	dnl Restore LIBS
+	LIBS=$saved_libs
+	dnl restore CPPFLAGS
+	CPPFLAGS=$saved_cppflags
+
+	;;
+    *)
+	;;
+esac
+
+AC_MSG_CHECKING([whether default stack size should be modified])
+if test "x$ethr_modified_default_stack_size" != "x"; then
+	AC_DEFINE_UNQUOTED(ETHR_MODIFIED_DEFAULT_STACK_SIZE, $ethr_modified_default_stack_size, [Define if you want to modify the default stack size])
+	AC_MSG_RESULT([yes; to $ethr_modified_default_stack_size kilo words])
+else
+	AC_MSG_RESULT([no])
+fi
+
+if test "x$ETHR_THR_LIB_BASE" != "x"; then
+	ETHR_DEFS="-DUSE_THREADS $ETHR_DEFS"
+	ETHR_LIBS="-l$ethr_lib_name -lerts_internal_r $ETHR_X_LIBS"
+	ETHR_LIB_NAME=$ethr_lib_name
+fi
+
+AC_CHECK_SIZEOF(void *)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_PTR, $ac_cv_sizeof_void_p, [Define to the size of pointers])
+
+AC_CHECK_SIZEOF(int)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_INT, $ac_cv_sizeof_int, [Define to the size of int])
+AC_CHECK_SIZEOF(long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG, $ac_cv_sizeof_long, [Define to the size of long])
+AC_CHECK_SIZEOF(long long)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF_LONG_LONG, $ac_cv_sizeof_long_long, [Define to the size of long long])
+AC_CHECK_SIZEOF(__int64)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT64, $ac_cv_sizeof___int64, [Define to the size of __int64])
+AC_CHECK_SIZEOF(__int128_t)
+AC_DEFINE_UNQUOTED(ETHR_SIZEOF___INT128_T, $ac_cv_sizeof___int128_t, [Define to the size of __int128_t])
+
+
+case X$erl_xcomp_bigendian in
+    X) ;;
+    Xyes|Xno) ac_cv_c_bigendian=$erl_xcomp_bigendian;;
+    *) AC_MSG_ERROR([Bad erl_xcomp_bigendian value: $erl_xcomp_bigendian]);;
+esac
+
+AC_C_BIGENDIAN
+
+if test "$ac_cv_c_bigendian" = "yes"; then
+    AC_DEFINE(ETHR_BIGENDIAN, 1, [Define if bigendian])
+fi
+
+AC_ARG_ENABLE(native-ethr-impls,
+	      AS_HELP_STRING([--disable-native-ethr-impls],
+                             [disable native ethread implementations]),
+[ case "$enableval" in
+    no) disable_native_ethr_impls=yes ;;
+    *)  disable_native_ethr_impls=no ;;
+  esac ], disable_native_ethr_impls=no)
+
+AC_ARG_ENABLE(x86-out-of-order,
+	      AS_HELP_STRING([--enable-x86-out-of-order],
+                             [enable x86/x84_64 out of order support (default disabled)]))
+
+test "X$disable_native_ethr_impls" = "Xyes" &&
+  AC_DEFINE(ETHR_DISABLE_NATIVE_IMPLS, 1, [Define if you want to disable native ethread implementations])
+
+AC_ARG_ENABLE(prefer-gcc-native-ethr-impls,
+	      AS_HELP_STRING([--enable-prefer-gcc-native-ethr-impls],
+			     [prefer gcc native ethread implementations]),
+[ case "$enableval" in
+    yes) enable_prefer_gcc_native_ethr_impls=yes ;;
+    *)  enable_prefer_gcc_native_ethr_impls=no ;;
+  esac ], enable_prefer_gcc_native_ethr_impls=no)
+
+test $enable_prefer_gcc_native_ethr_impls = yes &&
+  AC_DEFINE(ETHR_PREFER_GCC_NATIVE_IMPLS, 1, [Define if you prefer gcc native ethread implementations])
+
+AC_ARG_WITH(libatomic_ops,
+	    AS_HELP_STRING([--with-libatomic_ops=PATH],
+			   [specify and prefer usage of libatomic_ops in the ethread library]))
+
+AC_ARG_WITH(with_sparc_memory_order,
+	    AS_HELP_STRING([--with-sparc-memory-order=TSO|PSO|RMO],
+			   [specify sparc memory order (defaults to RMO)]))
+
+ETHR_X86_SSE2_ASM=no
+case "$GCC-$ac_cv_sizeof_void_p-$host_cpu" in
+  yes-4-i86pc | yes-4-i*86 | yes-4-x86_64 | yes-4-amd64)
+    AC_MSG_CHECKING([for gcc sse2 asm support])
+    save_CFLAGS="$CFLAGS"
+    CFLAGS="$CFLAGS -msse2"
+    gcc_sse2_asm=no
+    AC_TRY_COMPILE([],
+	[
+		long long x, *y;
+		__asm__ __volatile__("movq %1, %0\n\t" : "=x"(x) : "m"(*y) : "memory");
+	],
+	[gcc_sse2_asm=yes])
+    CFLAGS="$save_CFLAGS"
+    AC_MSG_RESULT([$gcc_sse2_asm])
+    if test "$gcc_sse2_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_SSE2_ASM_SUPPORT, 1, [Define if you use a gcc that supports -msse2 and understand sse2 specific asm statements])
+      ETHR_X86_SSE2_ASM=yes
+    fi
+    ;;
+  *)
+    ;;
+esac
+
+case "$GCC-$host_cpu" in
+  yes-i86pc | yes-i*86 | yes-x86_64 | yes-amd64)
+    gcc_dw_cmpxchg_asm=no
+    AC_MSG_CHECKING([for gcc double word cmpxchg asm support])    
+    AC_TRY_COMPILE([],
+	[
+    char xchgd;
+    long new[2], xchg[2], *p;		  
+    __asm__ __volatile__(
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"pushl %%ebx\n\t"
+	"movl %8, %%ebx\n\t"
+#endif
+#if ETHR_SIZEOF_PTR == 4
+	"lock; cmpxchg8b %0\n\t"
+#else
+	"lock; cmpxchg16b %0\n\t"
+#endif
+	"setz %3\n\t"
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	"popl %%ebx\n\t"
+#endif
+	: "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	: "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new[1]),
+#if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__
+	  "r"(new[0])
+#else
+	  "b"(new[0])
+#endif
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+    if test $gcc_dw_cmpxchg_asm = no && test $ac_cv_sizeof_void_p = 4; then
+      AC_TRY_COMPILE([],
+	  [
+      char xchgd;
+      long new[2], xchg[2], *p;
+#if !defined(__PIC__) || !__PIC__
+#  error nope
+#endif
+      __asm__ __volatile__(
+    	  "pushl %%ebx\n\t"
+	  "movl (%7), %%ebx\n\t"
+	  "movl 4(%7), %%ecx\n\t"
+	  "lock; cmpxchg8b %0\n\t"
+  	  "setz %3\n\t"
+	  "popl %%ebx\n\t"
+	  : "=m"(*p), "=d"(xchg[1]), "=a"(xchg[0]), "=c"(xchgd)
+	  : "m"(*p), "1"(xchg[1]), "2"(xchg[0]), "3"(new)
+	: "cc", "memory");
+
+	],
+	[gcc_dw_cmpxchg_asm=yes])
+      if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+        AC_DEFINE(ETHR_CMPXCHG8B_REGISTER_SHORTAGE, 1, [Define if you get a register shortage with cmpxchg8b and position independent code])
+      fi
+    fi
+    AC_MSG_RESULT([$gcc_dw_cmpxchg_asm])
+    if test "$gcc_dw_cmpxchg_asm" = "yes"; then
+      AC_DEFINE(ETHR_GCC_HAVE_DW_CMPXCHG_ASM_SUPPORT, 1, [Define if you use a gcc that supports the double word cmpxchg instruction])
+    fi;;
+  *)
+    ;;
+esac
+
+AC_DEFINE(ETHR_HAVE_ETHREAD_DEFINES, 1, \
+[Define if you have all ethread defines])
+
+AC_SUBST(ETHR_X_LIBS)
+AC_SUBST(ETHR_LIBS)
+AC_SUBST(ETHR_LIB_NAME)
+AC_SUBST(ETHR_DEFS)
+AC_SUBST(ETHR_THR_LIB_BASE)
+AC_SUBST(ETHR_THR_LIB_BASE_DIR)
+AC_SUBST(ETHR_X86_SSE2_ASM)
+
+])
+
+
+
+dnl ----------------------------------------------------------------------
+dnl
+dnl ERL_TIME_CORRECTION
+dnl
+dnl In the presence of a high resolution realtime timer Erlang can adapt
+dnl its view of time relative to this timer. On solaris such a timer is
+dnl available with the syscall gethrtime(). On other OS's a fallback
+dnl solution using times() is implemented. (However on e.g. FreeBSD times()
+dnl is implemented using gettimeofday so it doesn't make much sense to
+dnl use it there...) On second thought, it seems to be safer to do it the
+dnl other way around. I.e. only use times() on OS's where we know it will
+dnl work...
+dnl
+
+AC_DEFUN(ERL_TIME_CORRECTION,
+[if test x$ac_cv_func_gethrtime = x; then
+  AC_CHECK_FUNC(gethrtime)
+fi
+if test x$clock_gettime_correction = xunknown; then
+	AC_TRY_COMPILE([#include <time.h>],
+			[struct timespec ts;
+     			 long long result;
+			 clock_gettime(CLOCK_MONOTONIC,&ts);
+                         result = ((long long) ts.tv_sec) * 1000000000LL + 
+			 ((long long) ts.tv_nsec);],
+			clock_gettime_compiles=yes,
+			clock_gettime_compiles=no)
+else
+	clock_gettime_compiles=no
+fi
+			
+
+AC_CACHE_CHECK([how to correct for time adjustments], erl_cv_time_correction,
+[
+case $clock_gettime_correction in
+    yes)
+	erl_cv_time_correction=clock_gettime;;	
+    no|unknown)
+	case $ac_cv_func_gethrtime in
+  	    yes)
+    		erl_cv_time_correction=hrtime ;;
+  	    no)
+    		case $host_os in
+        	    linux*)
+			case $clock_gettime_correction in
+			    unknown)
+				if test x$clock_gettime_compiles = xyes; then
+				    if test X$cross_compiling != Xyes; then
+				    	linux_kernel_vsn_=`uname -r`
+				    	case $linux_kernel_vsn_ in
+					    [[0-1]].*|2.[[0-5]]|2.[[0-5]].*)
+					    	erl_cv_time_correction=times ;;
+					    *)
+					    	erl_cv_time_correction=clock_gettime;;
+				    	esac
+				    else
+					case X$erl_xcomp_linux_clock_gettime_correction in
+					    X)
+						erl_cv_time_correction=cross;;
+					    Xyes|Xno)
+						if test $erl_xcomp_linux_clock_gettime_correction = yes; then
+						    erl_cv_time_correction=clock_gettime
+						else
+					    	    erl_cv_time_correction=times
+						fi;;
+					    *)
+						AC_MSG_ERROR([Bad erl_xcomp_linux_clock_gettime_correction value: $erl_xcomp_linux_clock_gettime_correction]);;
+					esac
+				    fi
+				else
+				    erl_cv_time_correction=times
+				fi
+				;;
+			     *)				
+        			erl_cv_time_correction=times ;;
+			esac
+			;;
+            	    *)
+        		erl_cv_time_correction=none ;;
+    		esac
+    		;;
+	esac
+	;;
+esac
+])
+
+xrtlib=""
+case $erl_cv_time_correction in
+  times)
+    AC_DEFINE(CORRECT_USING_TIMES,[],
+	[Define if you do not have a high-res. timer & want to use times() instead])
+    ;;
+  clock_gettime|cross)
+    if test $erl_cv_time_correction = cross; then
+	erl_cv_time_correction=clock_gettime
+	AC_MSG_WARN([result clock_gettime guessed because of cross compilation])
+    fi
+    xrtlib="-lrt"
+    AC_DEFINE(GETHRTIME_WITH_CLOCK_GETTIME,[1],
+	[Define if you want to use clock_gettime to simulate gethrtime])
+    ;;
+esac
+dnl
+dnl Check if gethrvtime is working, and if to use procfs ioctl
+dnl or (yet to be written) write to the procfs ctl file.
+dnl
+
+AC_MSG_CHECKING([if gethrvtime works and how to use it])
+AC_TRY_RUN([
+/* gethrvtime procfs ioctl test */
+/* These need to be undef:ed to not break activation of
+ * micro level process accounting on /proc/self 
+ */
+#ifdef _LARGEFILE_SOURCE
+#  undef _LARGEFILE_SOURCE
+#endif
+#ifdef _FILE_OFFSET_BITS
+#  undef _FILE_OFFSET_BITS
+#endif
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/signal.h>
+#include <sys/fault.h>
+#include <sys/syscall.h>
+#include <sys/procfs.h>
+#include <fcntl.h>
+
+int main() {
+    long msacct = PR_MSACCT;
+    int fd;
+    long long start, stop;
+    int i;
+    pid_t pid = getpid();
+    char proc_self[30] = "/proc/";
+
+    sprintf(proc_self+strlen(proc_self), "%lu", (unsigned long) pid);
+    if ( (fd = open(proc_self, O_WRONLY)) == -1)
+	exit(1);
+    if (ioctl(fd, PIOCSET, &msacct) < 0)
+	exit(2);
+    if (close(fd) < 0)
+	exit(3);
+    start = gethrvtime();
+    for (i = 0; i < 100; i++)
+	stop = gethrvtime();
+    if (start == 0)
+	exit(4);
+    if (start == stop)
+	exit(5);
+    exit(0); return 0;
+}
+],
+erl_gethrvtime=procfs_ioctl,
+erl_gethrvtime=false,
+[
+case X$erl_xcomp_gethrvtime_procfs_ioctl in
+    X)
+	erl_gethrvtime=cross;;
+    Xyes|Xno)
+	if test $erl_xcomp_gethrvtime_procfs_ioctl = yes; then
+	    erl_gethrvtime=procfs_ioctl
+	else
+	    erl_gethrvtime=false
+	fi;;
+    *)
+	AC_MSG_ERROR([Bad erl_xcomp_gethrvtime_procfs_ioctl value: $erl_xcomp_gethrvtime_procfs_ioctl]);;
+esac
+])
+
+case $erl_gethrvtime in
+  procfs_ioctl)
+	AC_DEFINE(HAVE_GETHRVTIME_PROCFS_IOCTL,[1],
+		[define if gethrvtime() works and uses ioctl() to /proc/self])
+	AC_MSG_RESULT(uses ioctl to procfs)
+	;;
+  *)
+	if test $erl_gethrvtime = cross; then
+	    erl_gethrvtime=false
+	    AC_MSG_RESULT(cross)
+	    AC_MSG_WARN([result 'not working' guessed because of cross compilation])
+	else
+	    AC_MSG_RESULT(not working)
+	fi
+
+	dnl
+	dnl Check if clock_gettime (linux) is working
+	dnl
+
+	AC_MSG_CHECKING([if clock_gettime can be used to get process CPU time])
+	save_libs=$LIBS
+	LIBS="-lrt"
+	AC_TRY_RUN([
+	#include <stdlib.h>
+	#include <unistd.h>
+	#include <string.h>
+	#include <stdio.h>
+	#include <time.h>
+	int main() {
+	    long long start, stop;
+	    int i;
+	    struct timespec tp;
+
+	    if (clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp) < 0)
+	      exit(1);
+	    start = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    for (i = 0; i < 100; i++)
+	      clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp);
+	    stop = ((long long)tp.tv_sec * 1000000000LL) + (long long)tp.tv_nsec;
+	    if (start == 0)
+	      exit(4);
+	    if (start == stop)
+	      exit(5);
+	    exit(0); return 0;
+	  }
+	],
+	erl_clock_gettime=yes,
+	erl_clock_gettime=no,
+	[
+	case X$erl_xcomp_clock_gettime_cpu_time in
+	    X) erl_clock_gettime=cross;;
+	    Xyes|Xno) erl_clock_gettime=$erl_xcomp_clock_gettime_cpu_time;;
+	    *) AC_MSG_ERROR([Bad erl_xcomp_clock_gettime_cpu_time value: $erl_xcomp_clock_gettime_cpu_time]);;
+	esac
+	])
+	LIBS=$save_libs
+	case $host_os in
+		linux*)
+			AC_MSG_RESULT([no; not stable])
+			LIBRT=$xrtlib
+			;;
+		*)
+			AC_MSG_RESULT($erl_clock_gettime)
+			case $erl_clock_gettime in
+	  			yes)
+					AC_DEFINE(HAVE_CLOCK_GETTIME,[],
+						  [define if clock_gettime() works for getting process time])
+					LIBRT=-lrt
+					;;
+	  			cross)
+					erl_clock_gettime=no
+					AC_MSG_WARN([result no guessed because of cross compilation])
+					LIBRT=$xrtlib
+					;;
+	  			*)
+					LIBRT=$xrtlib
+					;;
+			esac
+			;;
+	esac
+	AC_SUBST(LIBRT)
+	;;
+esac
+])dnl
+
+dnl ERL_TRY_LINK_JAVA(CLASSES, FUNCTION-BODY
+dnl                   [ACTION_IF_FOUND [, ACTION-IF-NOT-FOUND]])
+dnl Freely inspired by AC_TRY_LINK. (Maybe better to create a 
+dnl AC_LANG_JAVA instead...)
+AC_DEFUN(ERL_TRY_LINK_JAVA,
+[java_link='$JAVAC conftest.java 1>&AC_FD_CC'
+changequote(, )dnl
+cat > conftest.java <<EOF
+$1
+class conftest { public static void main(String[] args) {
+   $2
+   ; return; }}
+EOF
+changequote([, ])dnl
+if AC_TRY_EVAL(java_link) && test -s conftest.class; then
+   ifelse([$3], , :, [rm -rf conftest*
+   $3])
+else
+   echo "configure: failed program was:" 1>&AC_FD_CC
+   cat conftest.java 1>&AC_FD_CC
+   echo "configure: PATH was $PATH" 1>&AC_FD_CC
+ifelse([$4], , , [  rm -rf conftest*
+  $4
+])dnl
+fi
+rm -f conftest*])
+#define UNSAFE_MASK  0xc0000000 /* Mask for bits that must be constant */
+
+
diff --git a/lib/wx/api_gen/gl_gen_c.erl b/lib/wx/api_gen/gl_gen_c.erl
index 0f5cb0e1f4..be2c5cf2bf 100644
--- a/lib/wx/api_gen/gl_gen_c.erl
+++ b/lib/wx/api_gen/gl_gen_c.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -238,7 +238,7 @@ decode_arg(P=#arg{name=Name,type=#type{size=BSz,name=Type,single={list,TSz}}},A0
     {P, A};
 decode_arg(P=#arg{name=Name,type=#type{name=Type,base=guard_int}},A0) ->
     A = align(4,A0),
-    w(" ~s *~s = (~s *) * (int *) bp; bp += 4;~n", [Type,Name,Type]),
+    w(" ~s *~s = (~s *) (ErlDrvSInt) * (int *) bp; bp += 4;~n", [Type,Name,Type]),
     {P, A};
 decode_arg(P=#arg{name=Name,type=#type{name=Type,base=string,single=true}},A0) ->
     w(" ~s *~s = (~s *) bp;~n", [Type,Name,Type]),
diff --git a/lib/wx/api_gen/wx_extra/wxEvtHandler.erl b/lib/wx/api_gen/wx_extra/wxEvtHandler.erl
index c6810eb32c..080ebfa49f 100644
--- a/lib/wx/api_gen/wx_extra/wxEvtHandler.erl
+++ b/lib/wx/api_gen/wx_extra/wxEvtHandler.erl
@@ -76,7 +76,7 @@ parse_opts([{callback,Fun}|R], Opts) when is_function(Fun) ->
     %% Check Fun Arity?
     parse_opts(R, Opts#evh{cb=Fun});
 parse_opts([callback|R], Opts) ->
-    parse_opts(R, Opts#evh{cb=1});
+    parse_opts(R, Opts#evh{cb=self()});
 parse_opts([{userData, UserData}|R],Opts) ->
     parse_opts(R, Opts#evh{userdata=UserData});
 parse_opts([{skip, Skip}|R],Opts) when is_boolean(Skip) ->
diff --git a/lib/wx/c_src/Makefile.in b/lib/wx/c_src/Makefile.in
index ae5a149d14..d40ce88e99 100644
--- a/lib/wx/c_src/Makefile.in
+++ b/lib/wx/c_src/Makefile.in
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 #
-# Copyright Ericsson AB 2008-2010. All Rights Reserved.
+# Copyright Ericsson AB 2008-2011. All Rights Reserved.
 #
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/c_src/gen/gl_funcs.cpp b/lib/wx/c_src/gen/gl_funcs.cpp
index 30542a0f02..fa1476dba5 100644
--- a/lib/wx/c_src/gen/gl_funcs.cpp
+++ b/lib/wx/c_src/gen/gl_funcs.cpp
@@ -1,7 +1,7 @@
 /*
  * %CopyrightBegin%
  *
- * Copyright Ericsson AB 2008-2010. All Rights Reserved.
+ * Copyright Ericsson AB 2008-2011. All Rights Reserved.
  *
  * The contents of this file are subject to the Erlang Public License,
  * Version 1.1, (the "License"); you may not use this file except in
@@ -395,7 +395,7 @@ case 5043: { // glBitmap
  GLfloat *yorig = (GLfloat *) bp; bp += 4;
  GLfloat *xmove = (GLfloat *) bp; bp += 4;
  GLfloat *ymove = (GLfloat *) bp; bp += 4;
- GLubyte *bitmap = (GLubyte *) * (int *) bp; bp += 4;
+ GLubyte *bitmap = (GLubyte *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglBitmap(*width,*height,*xorig,*yorig,*xmove,*ymove,bitmap);
 }; break;
 case 5044: { // glBitmap
@@ -538,7 +538,7 @@ case 5073: { // glColorPointer
  GLint *size = (GLint *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglColorPointer(*size,*type,*stride,pointer);
 }; break;
 case 5074: { // glColorPointer
@@ -646,7 +646,7 @@ case 5090: { // glDrawElements
  GLenum *mode = (GLenum *) bp; bp += 4;
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indices = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indices = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglDrawElements(*mode,*count,*type,indices);
 }; break;
 case 5091: { // glDrawElements
@@ -661,7 +661,7 @@ case 5092: { // glDrawPixels
  GLsizei *height = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglDrawPixels(*width,*height,*format,*type,pixels);
 }; break;
 case 5093: { // glDrawPixels
@@ -678,7 +678,7 @@ case 5094: { // glEdgeFlagv
 }; break;
 case 5095: { // glEdgeFlagPointer
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglEdgeFlagPointer(*stride,pointer);
 }; break;
 case 5096: { // glEdgeFlagPointer
@@ -1265,7 +1265,7 @@ case 5149: { // glIndexMask
 case 5150: { // glIndexPointer
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglIndexPointer(*type,*stride,pointer);
 }; break;
 case 5151: { // glIndexPointer
@@ -1300,7 +1300,7 @@ case 5157: { // glInitNames
 case 5158: { // glInterleavedArrays
  GLenum *format = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglInterleavedArrays(*format,*stride,pointer);
 }; break;
 case 5159: { // glInterleavedArrays
@@ -1561,7 +1561,7 @@ case 5199: { // glNormal3sv
 case 5200: { // glNormalPointer
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglNormalPointer(*type,*stride,pointer);
 }; break;
 case 5201: { // glNormalPointer
@@ -1933,7 +1933,7 @@ case 5274: { // glTexCoordPointer
  GLint *size = (GLint *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexCoordPointer(*size,*type,*stride,pointer);
 }; break;
 case 5275: { // glTexCoordPointer
@@ -2016,7 +2016,7 @@ case 5286: { // glTexImage1D
  GLint *border = (GLint *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexImage1D(*target,*level,*internalformat,*width,*border,*format,*type,pixels);
 }; break;
 case 5287: { // glTexImage1D
@@ -2039,7 +2039,7 @@ case 5288: { // glTexImage2D
  GLint *border = (GLint *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexImage2D(*target,*level,*internalformat,*width,*height,*border,*format,*type,pixels);
 }; break;
 case 5289: { // glTexImage2D
@@ -2087,7 +2087,7 @@ case 5294: { // glTexSubImage1D
  GLsizei *width = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexSubImage1D(*target,*level,*xoffset,*width,*format,*type,pixels);
 }; break;
 case 5295: { // glTexSubImage1D
@@ -2109,7 +2109,7 @@ case 5296: { // glTexSubImage2D
  GLsizei *height = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexSubImage2D(*target,*level,*xoffset,*yoffset,*width,*height,*format,*type,pixels);
 }; break;
 case 5297: { // glTexSubImage2D
@@ -2188,7 +2188,7 @@ case 5312: { // glVertexPointer
  GLint *size = (GLint *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglVertexPointer(*size,*type,*stride,pointer);
 }; break;
 case 5313: { // glVertexPointer
@@ -2222,7 +2222,7 @@ case 5317: { // glDrawRangeElements
  GLuint *end = (GLuint *) bp; bp += 4;
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indices = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indices = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglDrawRangeElements(*mode,*start,*end,*count,*type,indices);
 }; break;
 case 5318: { // glDrawRangeElements
@@ -2244,7 +2244,7 @@ case 5319: { // glTexImage3D
  GLint *border = (GLint *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexImage3D(*target,*level,*internalformat,*width,*height,*depth,*border,*format,*type,pixels);
 }; break;
 case 5320: { // glTexImage3D
@@ -2271,7 +2271,7 @@ case 5321: { // glTexSubImage3D
  GLsizei *depth = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *pixels = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pixels = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglTexSubImage3D(*target,*level,*xoffset,*yoffset,*zoffset,*width,*height,*depth,*format,*type,pixels);
 }; break;
 case 5322: { // glTexSubImage3D
@@ -2306,7 +2306,7 @@ case 5324: { // glColorTable
  GLsizei *width = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *table = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *table = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglColorTable(*target,*internalformat,*width,*format,*type,table);
 }; break;
 case 5325: { // glColorTable
@@ -2389,7 +2389,7 @@ case 5332: { // glColorSubTable
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglColorSubTable(*target,*start,*count,*format,*type,data);
 }; break;
 case 5333: { // glColorSubTable
@@ -2415,7 +2415,7 @@ case 5335: { // glConvolutionFilter1D
  GLsizei *width = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *image = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *image = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglConvolutionFilter1D(*target,*internalformat,*width,*format,*type,image);
 }; break;
 case 5336: { // glConvolutionFilter1D
@@ -2434,7 +2434,7 @@ case 5337: { // glConvolutionFilter2D
  GLsizei *height = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *image = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *image = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglConvolutionFilter2D(*target,*internalformat,*width,*height,*format,*type,image);
 }; break;
 case 5338: { // glConvolutionFilter2D
@@ -2530,8 +2530,8 @@ case 5346: { // glSeparableFilter2D
  GLsizei *height = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *row = (GLvoid *) * (int *) bp; bp += 4;
- GLvoid *column = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *row = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
+ GLvoid *column = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglSeparableFilter2D(*target,*internalformat,*width,*height,*format,*type,row,column);
 }; break;
 case 5347: { // glSeparableFilter2D
@@ -2666,7 +2666,7 @@ case 5360: { // glCompressedTexImage3D
  GLsizei *depth = (GLsizei *) bp; bp += 4;
  GLint *border = (GLint *) bp; bp += 4;
  GLsizei *imageSize = (GLsizei *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglCompressedTexImage3D(*target,*level,*internalformat,*width,*height,*depth,*border,*imageSize,data);
 }; break;
 case 5361: { // glCompressedTexImage3D
@@ -2689,7 +2689,7 @@ case 5362: { // glCompressedTexImage2D
  GLsizei *height = (GLsizei *) bp; bp += 4;
  GLint *border = (GLint *) bp; bp += 4;
  GLsizei *imageSize = (GLsizei *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglCompressedTexImage2D(*target,*level,*internalformat,*width,*height,*border,*imageSize,data);
 }; break;
 case 5363: { // glCompressedTexImage2D
@@ -2710,7 +2710,7 @@ case 5364: { // glCompressedTexImage1D
  GLsizei *width = (GLsizei *) bp; bp += 4;
  GLint *border = (GLint *) bp; bp += 4;
  GLsizei *imageSize = (GLsizei *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglCompressedTexImage1D(*target,*level,*internalformat,*width,*border,*imageSize,data);
 }; break;
 case 5365: { // glCompressedTexImage1D
@@ -2734,7 +2734,7 @@ case 5366: { // glCompressedTexSubImage3D
  GLsizei *depth = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLsizei *imageSize = (GLsizei *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglCompressedTexSubImage3D(*target,*level,*xoffset,*yoffset,*zoffset,*width,*height,*depth,*format,*imageSize,data);
 }; break;
 case 5367: { // glCompressedTexSubImage3D
@@ -2760,7 +2760,7 @@ case 5368: { // glCompressedTexSubImage2D
  GLsizei *height = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLsizei *imageSize = (GLsizei *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglCompressedTexSubImage2D(*target,*level,*xoffset,*yoffset,*width,*height,*format,*imageSize,data);
 }; break;
 case 5369: { // glCompressedTexSubImage2D
@@ -2782,7 +2782,7 @@ case 5370: { // glCompressedTexSubImage1D
  GLsizei *width = (GLsizei *) bp; bp += 4;
  GLenum *format = (GLenum *) bp; bp += 4;
  GLsizei *imageSize = (GLsizei *) bp; bp += 4;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglCompressedTexSubImage1D(*target,*level,*xoffset,*width,*format,*imageSize,data);
 }; break;
 case 5371: { // glCompressedTexSubImage1D
@@ -2958,7 +2958,7 @@ case 5401: { // glFogCoorddv
 case 5402: { // glFogCoordPointer
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglFogCoordPointer(*type,*stride,pointer);
 }; break;
 case 5403: { // glFogCoordPointer
@@ -3003,7 +3003,7 @@ case 5412: { // glSecondaryColorPointer
  GLint *size = (GLint *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglSecondaryColorPointer(*size,*type,*stride,pointer);
 }; break;
 case 5413: { // glSecondaryColorPointer
@@ -3156,7 +3156,7 @@ case 5434: { // glBufferData
  GLenum *target = (GLenum *) bp; bp += 4;
  bp += 4;
  GLsizeiptr size = (GLsizeiptr) * (GLuint64EXT *) bp; bp += 8;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  GLenum *usage = (GLenum *) bp; bp += 4;
  weglBufferData(*target,size,data,*usage);
 }; break;
@@ -3173,7 +3173,7 @@ case 5436: { // glBufferSubData
  bp += 4;
  GLintptr offset = (GLintptr) * (GLuint64EXT *) bp; bp += 8;
  GLsizeiptr size = (GLsizeiptr) * (GLuint64EXT *) bp; bp += 8;
- GLvoid *data = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *data = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglBufferSubData(*target,offset,size,data);
 }; break;
 case 5437: { // glBufferSubData
@@ -3833,7 +3833,7 @@ case 5518: { // glVertexAttribPointer
  GLboolean *normalized = (GLboolean *) bp; bp += 1;
  bp += 3;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglVertexAttribPointer(*index,*size,*type,*normalized,*stride,pointer);
 }; break;
 case 5519: { // glVertexAttribPointer
@@ -4051,7 +4051,7 @@ case 5541: { // glVertexAttribIPointer
  GLint *size = (GLint *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglVertexAttribIPointer(*index,*size,*type,*stride,pointer);
 }; break;
 case 5542: { // glVertexAttribIPointer
@@ -4345,7 +4345,7 @@ case 5578: { // glDrawElementsInstanced
  GLenum *mode = (GLenum *) bp; bp += 4;
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indices = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indices = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  GLsizei *primcount = (GLsizei *) bp; bp += 4;
  weglDrawElementsInstanced(*mode,*count,*type,indices,*primcount);
 }; break;
@@ -5341,7 +5341,7 @@ case 5683: { // glDrawElementsBaseVertex
  GLenum *mode = (GLenum *) bp; bp += 4;
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indices = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indices = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  GLint *basevertex = (GLint *) bp; bp += 4;
  weglDrawElementsBaseVertex(*mode,*count,*type,indices,*basevertex);
 }; break;
@@ -5359,7 +5359,7 @@ case 5685: { // glDrawRangeElementsBaseVertex
  GLuint *end = (GLuint *) bp; bp += 4;
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indices = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indices = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  GLint *basevertex = (GLint *) bp; bp += 4;
  weglDrawRangeElementsBaseVertex(*mode,*start,*end,*count,*type,indices,*basevertex);
 }; break;
@@ -5377,7 +5377,7 @@ case 5687: { // glDrawElementsInstancedBaseVertex
  GLenum *mode = (GLenum *) bp; bp += 4;
  GLsizei *count = (GLsizei *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indices = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indices = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  GLsizei *primcount = (GLsizei *) bp; bp += 4;
  GLint *basevertex = (GLint *) bp; bp += 4;
  weglDrawElementsInstancedBaseVertex(*mode,*count,*type,indices,*primcount,*basevertex);
@@ -5772,7 +5772,7 @@ case 5725: { // glGetQueryObjectui64v
 }; break;
 case 5726: { // glDrawArraysIndirect
  GLenum *mode = (GLenum *) bp; bp += 4;
- GLvoid *indirect = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indirect = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglDrawArraysIndirect(*mode,indirect);
 }; break;
 case 5727: { // glDrawArraysIndirect
@@ -5783,7 +5783,7 @@ case 5727: { // glDrawArraysIndirect
 case 5728: { // glDrawElementsIndirect
  GLenum *mode = (GLenum *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
- GLvoid *indirect = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *indirect = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglDrawElementsIndirect(*mode,*type,indirect);
 }; break;
 case 5729: { // glDrawElementsIndirect
@@ -6718,7 +6718,7 @@ case 5840: { // glVertexAttribLPointer
  GLint *size = (GLint *) bp; bp += 4;
  GLenum *type = (GLenum *) bp; bp += 4;
  GLsizei *stride = (GLsizei *) bp; bp += 4;
- GLvoid *pointer = (GLvoid *) * (int *) bp; bp += 4;
+ GLvoid *pointer = (GLvoid *) (ErlDrvSInt) * (int *) bp; bp += 4;
  weglVertexAttribLPointer(*index,*size,*type,*stride,pointer);
 }; break;
 case 5841: { // glVertexAttribLPointer
diff --git a/lib/wx/c_src/wxe_driver.c b/lib/wx/c_src/wxe_driver.c
index 2404b13cc3..d1ed252ec0 100644
--- a/lib/wx/c_src/wxe_driver.c
+++ b/lib/wx/c_src/wxe_driver.c
@@ -40,9 +40,14 @@ static ErlDrvData wxe_driver_start(ErlDrvPort port, char *buff);
 static int  wxe_driver_load(void);
 static void wxe_driver_stop(ErlDrvData handle);
 static void wxe_driver_unload(void);
-static int  wxe_driver_control(ErlDrvData handle, unsigned int command,  
- 			       char* buf, int count, char** res, int res_size); 
-static int wxe_driver_call(ErlDrvData drv_data, unsigned int command, char *buf, int len, char **rbuf, int rlen, unsigned int *flags);
+static ErlDrvSSizeT wxe_driver_control(ErlDrvData handle,
+				       unsigned int command,  
+				       char* buf, ErlDrvSizeT count,
+				       char** res, ErlDrvSizeT res_size); 
+static ErlDrvSSizeT wxe_driver_call(ErlDrvData drv_data, unsigned int command,
+				    char *buf, ErlDrvSizeT len,
+				    char **rbuf, ErlDrvSizeT rlen,
+				    unsigned int *flags);
 
 static void standard_outputv(ErlDrvData drv_data, ErlIOVec *ev);
 static void wxe_process_died(ErlDrvData drv_data, ErlDrvMonitor *monitor);
@@ -151,17 +156,20 @@ wxe_driver_unload(void)
    wxe_master = NULL;
 }
 
-static int
+static ErlDrvSSizeT
 wxe_driver_control(ErlDrvData handle, unsigned op,
-		   char* buf, int count, char** res, int res_size)
+		   char* buf, ErlDrvSizeT count,
+		   char** res, ErlDrvSizeT res_size)
 {
    wxe_data *sd = ((wxe_data *)handle);
    push_command(op,buf,count,sd);
    return 0;
 }
 
-static int wxe_driver_call(ErlDrvData handle, unsigned int command, 
-			   char *buf, int len, char **res, int rlen, unsigned int *flags)
+static ErlDrvSSizeT
+wxe_driver_call(ErlDrvData handle, unsigned int command, 
+		char *buf, ErlDrvSizeT len,
+		char **res, ErlDrvSizeT rlen, unsigned int *flags)
 {
    wxe_data *sd = ((wxe_data *)handle);
    if(command == WXE_DEBUG_DRIVER) {
diff --git a/lib/wx/configure.in b/lib/wx/configure.in
index 78c3f0d3d2..b27e114a3d 100755
--- a/lib/wx/configure.in
+++ b/lib/wx/configure.in
@@ -2,7 +2,7 @@ dnl Process this file with autoconf to produce a configure script. -*-m4-*-
 
 dnl %CopyrightBegin%
 dnl
-dnl Copyright Ericsson AB 2008-2010. All Rights Reserved.
+dnl Copyright Ericsson AB 2008-2011. All Rights Reserved.
 dnl
 dnl The contents of this file are subject to the Erlang Public License,
 dnl Version 1.1, (the "License"); you may not use this file except in
@@ -67,55 +67,14 @@ AC_PROG_RANLIB
 AC_PROG_CPP
 
 AC_MSG_NOTICE(Building for [$host_os])
-MIXED_CYGWIN=no
 WXERL_CAN_BUILD_DRIVER=true
 
-AC_MSG_CHECKING(for mixed cygwin and native VC++ environment)
-if test "X$CC" = "Xcc.sh" -a "X$host" = "Xwin32" -a "x$GCC" != x"yes"; then
-	if test -x /usr/bin/cygpath; then
-		CFLAGS="-Owx"		
-		MIXED_CYGWIN=yes
-		AC_MSG_RESULT([yes])
-		MIXED_CYGWIN_VC=yes
-		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_VC"
-	else
-		AC_MSG_RESULT([undeterminable])
-		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
-	fi
-else
-	AC_MSG_RESULT([no])
-	MIXED_CYGWIN_VC=no
-fi
-AC_SUBST(MIXED_CYGWIN_VC)
-
-AC_MSG_CHECKING(for mixed cygwin and native MinGW environment)
-if test "X$CC" = "Xcc.sh" -a "X$host" = "Xwin32" -a "x$GCC" = x"yes"; then
-	if test -x /usr/bin/cygpath; then
-		CFLAGS="-O2"
-		MIXED_CYGWIN=yes
-		AC_MSG_RESULT([yes])
-		MIXED_CYGWIN_MINGW=yes
-		CPPFLAGS="$CPPFLAGS -DERTS_MIXED_CYGWIN_MINGW"
-	else
-		AC_MSG_RESULT([undeterminable])
-		AC_MSG_ERROR(Seems to be mixed windows but not with cygwin, cannot handle this!)
-	fi
-else
-	AC_MSG_RESULT([no])
-	MIXED_CYGWIN_MINGW=no
-fi
-AC_SUBST(MIXED_CYGWIN_MINGW)
+LM_WINDOWS_ENVIRONMENT
 
-AC_MSG_CHECKING(if we mix cygwin with any native compiler)
-if test "X$MIXED_CYGWIN" = "Xyes" ; then
-	AC_MSG_RESULT([yes])	
-else
-	AC_MSG_RESULT([no])
+if test  X"$MIXED_CYGWIN_VC" == X"yes" -o X"$MIXED_MSYS_VC" == X"yes"; then
+   CFLAGS="-Owx"
 fi
 
-AC_SUBST(MIXED_CYGWIN)
-
-
 ## Check that we are in 32 bits mode on darwin 
 ## (wxWidgets require that it currently uses 32-bits Carbon)
 ## Otherwise skip building wxErlang
@@ -219,19 +178,6 @@ AC_SUBST(OBJC_CFLAGS)
 
 case $host_os in
     darwin*)
-	AC_TRY_COMPILE([],[
-		#if __GNUC__ >= 4 
-		;
-		#else
-		#error old or no gcc
-		#endif
-		],
-		gcc_need_no_cpp_precomp=no,
-		gcc_need_no_cpp_precomp=yes)
-
-	if test x$gcc_need_no_cpp_precomp = xyes; then
-	   CFLAGS="-no-cpp-precomp $CFLAGS"
-	fi
 	LDFLAGS="-bundle -flat_namespace -undefined warning -fPIC $LDFLAGS"
 	# Check sizof_void_p as future will hold 64bit MacOS wx
 	if test $ac_cv_sizeof_void_p = 4; then
@@ -361,7 +307,7 @@ dnl
 if test "$cross_compiling" = "yes"; then
     echo "Cross compilation of the wx driver is not supported yet, wx will NOT be usable" > ./CONF_INFO
     WXERL_CAN_BUILD_DRIVER=false
-elif test X"$MIXED_CYGWIN_VC" != X"yes" ; then
+elif test  X"$MIXED_CYGWIN_VC" == X"no" -a X"$MIXED_MSYS_VC" == X"no"; then
     m4_include(wxwin.m4)
 
     AM_OPTIONS_WXCONFIG
@@ -431,7 +377,11 @@ define(wx_warn_text,[
 else
     AC_MSG_CHECKING(for wxWidgets in standard locations)
 		  
-    CWXWIN_CONFIG=`cygpath $wx_config_name 2>/dev/null`
+    if test "x$MIXED_MSYS" = "xyes"; then
+        CWXWIN_CONFIG=`win2msys_path.sh $wx_config_name 2>/dev/null`
+    else
+	CWXWIN_CONFIG=`cygpath $wx_config_name 2>/dev/null`
+    fi
     CWXWIN1=`dirname $CWXWIN_CONFIG 2>/dev/null`
     CWXWIN2=`dirname $CWXWIN1 2>/dev/null`
 
@@ -439,10 +389,24 @@ else
        PROGRAMFILES=c:/Program Files
     fi
 
-    CWXWIN_PROG=`cygpath -d "$PROGRAMFILES" | cygpath -f - 2>/dev/null`
+    
+    if test "x$MIXED_MSYS" = "xyes"; then
+        CWXWIN_PROG=`win2msys_path.sh "$PROGRAMFILES" 2>/dev/null`
+    else
+	CWXWIN_PROG=`cygpath -d "$PROGRAMFILES" | cygpath -f - 2>/dev/null`
+    fi
     CWXWIN3=$CWXWIN_PROG/wxWidgets-2.8
     CWXWIN4=$CWXWIN_PROG/wxMSW-2.8
     CWX_DOCUMENTED="/opt/local/pgm/wxMSW-2.8.* /opt/local/pgm/wxWidgets-2.8.*"
+    case $ac_cv_sizeof_void_p in
+    	 8)
+		CWX_DOCUMENTED="/opt/local64/pgm/wxMSW-2.8.* /opt/local64/pgm/wxWidgets-2.8.* $CWX_DOCUMENTED"
+		;;
+         *)
+		true
+		;;
+    esac	
+			
     CWXPATH="$CWXWIN1 $CWXWIN2 $CWX_DOCUMENTED $CWXWIN3.* $CWXWIN4.*"
 
     for dir in $CWXPATH; do
@@ -451,11 +415,11 @@ else
 	    WXINCLUDE_PLAIN=$dir/include
 	    WXINCLUDE_CONTRIB=$dir/contrib/include
 	    WX_CFLAGS="-EHsc -D_UNICODE -DUNICODE -I$WXINCLUDE_MSVC -I$WXINCLUDE_PLAIN -I$WXINCLUDE_CONTRIB -D__WXMSW__"
-	    WX_CXXFLAGS=$WX_CFLAGS
+	    WX_CXXFLAGS="-TP $WX_CFLAGS"
 	    WX_LIBDIR=$dir/lib/vc_lib
 	    WX_RESCOMP="rc.sh -I$WXINCLUDE_PLAIN -D __WIN32__"
 	    RC_FILE_TYPE=res
-	    for lib in $WX_LIBDIR/wxbase*.lib; do
+	    for lib in $WX_LIBDIR/wxbase*.lib $WX_LIBDIR2/wxbase*.lib; do
 		maybe=`echo $lib | egrep 'wxbase[[0-9]]*u\.lib'`
 		if test '!' -z "$maybe"; then
 		   corelib_number=`echo $maybe | sed 's,.*\([[0-9]].\)u\.lib,\1,'`
@@ -589,7 +553,7 @@ AC_CHECK_HEADERS([wx/stc/stc.h],
         [],
     	[WXERL_CAN_BUILD_DRIVER=false
 	 echo "wxWidgets don't have wxStyledTextControl (stc.h), wx will NOT be useable" > ./CONF_INFO
-     	 AC_MSG_WARN([Can not find wx/stc/stc.h])      
+     	 AC_MSG_WARN([Can not find wx/stc/stc.h $CXXFLAGS])      
      	],
 	[#ifdef WIN32
 	 # include <windows.h>
diff --git a/lib/wx/doc/src/Makefile b/lib/wx/doc/src/Makefile
index c8eb6174c4..03e9f1e1bb 100644
--- a/lib/wx/doc/src/Makefile
+++ b/lib/wx/doc/src/Makefile
@@ -22,7 +22,7 @@
 # ----------------------------------------------------
 include ../../vsn.mk
 include ../../config.mk
-APPLICATION=wxErlang
+APPLICATION=wx
 
 ErlMods         = wx.erl wx_object.erl
 
diff --git a/lib/wx/doc/src/notes.xml b/lib/wx/doc/src/notes.xml
index 7bd8d18592..4a94227a55 100644
--- a/lib/wx/doc/src/notes.xml
+++ b/lib/wx/doc/src/notes.xml
@@ -31,6 +31,37 @@
   <p>This document describes the changes made to the wxErlang
     application.</p>
 
+<section><title>Wx 0.99.1</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Fixed a deadlock in the driver, which could happen if a
+	    callback caused another callback to be invoked.</p>
+          <p>
+	    Own Id: OTP-9725</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+          <p>
+	    Implemented wxSystemOptions.</p>
+          <p>
+	    Load Opengl from libGL.so.1 instead libGL.so to work
+	    around linux problems.</p>
+          <p>
+	    Own Id: OTP-9702</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Wx 0.99</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/wx/examples/demo/Makefile b/lib/wx/examples/demo/Makefile
index 8afa0e780e..3f054ec75f 100644
--- a/lib/wx/examples/demo/Makefile
+++ b/lib/wx/examples/demo/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2009. All Rights Reserved.
+# Copyright Ericsson AB 2009-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/demo/demo.erl b/lib/wx/examples/demo/demo.erl
index 59c20e09fb..61e71af021 100644
--- a/lib/wx/examples/demo/demo.erl
+++ b/lib/wx/examples/demo/demo.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -27,7 +27,7 @@
 -behaviour(wx_object).
 -export([start/0, start/1, start_link/0, start_link/1, format/3, 
 	 init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 
 -record(state, {win, demo, example, selector, log, code}).
@@ -189,6 +189,10 @@ handle_call(Msg, _From, State) ->
     io:format("Got Call ~p~n",[Msg]),
     {reply,ok,State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 %% Async Events are handled in handle_event as in handle_info
 handle_event(#wx{event=#wxCommand{type=command_listbox_selected, cmdString=Ex}}, 
 	     State = #state{demo={_,DemoSz}, example=Example, code=Code}) ->
diff --git a/lib/wx/examples/demo/ex_aui.erl b/lib/wx/examples/demo/ex_aui.erl
index 6adfd970fc..50f077638d 100644
--- a/lib/wx/examples/demo/ex_aui.erl
+++ b/lib/wx/examples/demo/ex_aui.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include("../../include/wx.hrl").
 
@@ -92,6 +92,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 %% Async Events are handled in handle_event as in handle_info
 handle_event(#wx{obj = Notebook,
 		 event = #wxCommand{type = command_button_clicked}},
diff --git a/lib/wx/examples/demo/ex_button.erl b/lib/wx/examples/demo/ex_button.erl
index 28c8273cb9..0dd0363933 100644
--- a/lib/wx/examples/demo/ex_button.erl
+++ b/lib/wx/examples/demo/ex_button.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -26,7 +26,7 @@
 
 -behaviour(wx_object).
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -record(state, 
 	{
@@ -153,6 +153,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p~n",[Msg]),
     {reply,ok,State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_canvas.erl b/lib/wx/examples/demo/ex_canvas.erl
index 844c7eddf3..1ec4760f40 100644
--- a/lib/wx/examples/demo/ex_canvas.erl
+++ b/lib/wx/examples/demo/ex_canvas.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2, handle_sync_event/3]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2, handle_sync_event/3]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -144,6 +144,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_canvas_paint.erl b/lib/wx/examples/demo/ex_canvas_paint.erl
index 38d6b62f1d..9bc083766a 100644
--- a/lib/wx/examples/demo/ex_canvas_paint.erl
+++ b/lib/wx/examples/demo/ex_canvas_paint.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2, handle_sync_event/3]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2, handle_sync_event/3]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -211,6 +211,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_choices.erl b/lib/wx/examples/demo/ex_choices.erl
index 75f8d22493..2e456ae249 100644
--- a/lib/wx/examples/demo/ex_choices.erl
+++ b/lib/wx/examples/demo/ex_choices.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,7 +21,7 @@
 -behaviour(wx_object).
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -147,6 +147,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply, {error,nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_cursor.erl b/lib/wx/examples/demo/ex_cursor.erl
index 322bdcbb6c..c1a558541b 100644
--- a/lib/wx/examples/demo/ex_cursor.erl
+++ b/lib/wx/examples/demo/ex_cursor.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -135,6 +135,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_dialogs.erl b/lib/wx/examples/demo/ex_dialogs.erl
index 020e9eeb14..b39344f8b1 100644
--- a/lib/wx/examples/demo/ex_dialogs.erl
+++ b/lib/wx/examples/demo/ex_dialogs.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -153,6 +153,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_frame_utils.erl b/lib/wx/examples/demo/ex_frame_utils.erl
index 3064c9f3b7..a90642b355 100644
--- a/lib/wx/examples/demo/ex_frame_utils.erl
+++ b/lib/wx/examples/demo/ex_frame_utils.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -102,6 +102,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_gauge.erl b/lib/wx/examples/demo/ex_gauge.erl
index d30c3fea58..ffc667ff05 100644
--- a/lib/wx/examples/demo/ex_gauge.erl
+++ b/lib/wx/examples/demo/ex_gauge.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,7 +23,7 @@
 -include_lib("wx/include/wx.hrl").
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -record(gauge, {obj,
 		value,
@@ -118,6 +118,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply,ok, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 %% Async Events are handled in handle_event as in handle_info
 handle_event(#wx{id = ?ID_START_STOP,
 		 event = #wxCommand{type = command_togglebutton_clicked,
diff --git a/lib/wx/examples/demo/ex_gl.erl b/lib/wx/examples/demo/ex_gl.erl
index 53f1eda847..72dad2cf9d 100644
--- a/lib/wx/examples/demo/ex_gl.erl
+++ b/lib/wx/examples/demo/ex_gl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,7 +21,7 @@
 -behaviour(wx_object).
 
 -export([init/1, code_change/3, handle_info/2, handle_event/2,
-	 handle_call/3, terminate/2,
+	 handle_call/3, handle_cast/2, terminate/2,
 	 start/1]).
 
 -include_lib("wx/include/wx.hrl"). 
@@ -118,6 +118,10 @@ handle_call(Msg, _From, State) ->
     io:format("Got Call ~p~n",[Msg]),
     {reply,ok,State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, not_yet_implemented, State}.
 
diff --git a/lib/wx/examples/demo/ex_graphicsContext.erl b/lib/wx/examples/demo/ex_graphicsContext.erl
index bcd7a75be0..c356500d99 100644
--- a/lib/wx/examples/demo/ex_graphicsContext.erl
+++ b/lib/wx/examples/demo/ex_graphicsContext.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -26,7 +26,7 @@
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
 	 handle_info/2, handle_call/3,
-	 handle_event/2, handle_sync_event/3]).
+handle_cast/2, 	 handle_event/2, handle_sync_event/3]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -98,6 +98,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_grid.erl b/lib/wx/examples/demo/ex_grid.erl
index 2169c818ff..d1a9952ab2 100644
--- a/lib/wx/examples/demo/ex_grid.erl
+++ b/lib/wx/examples/demo/ex_grid.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -81,6 +81,10 @@ handle_info(_Msg, State) ->
 handle_call(_Msg, _From, State) ->
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_htmlWindow.erl b/lib/wx/examples/demo/ex_htmlWindow.erl
index b864cd10b2..564c790e48 100644
--- a/lib/wx/examples/demo/ex_htmlWindow.erl
+++ b/lib/wx/examples/demo/ex_htmlWindow.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include("../../include/wx.hrl").
 
@@ -81,6 +81,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_listCtrl.erl b/lib/wx/examples/demo/ex_listCtrl.erl
index 3faec4e229..13096dfa52 100644
--- a/lib/wx/examples/demo/ex_listCtrl.erl
+++ b/lib/wx/examples/demo/ex_listCtrl.erl
@@ -23,7 +23,7 @@
 -behaviour(wx_object).
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -record(state,
 	{
@@ -147,6 +147,11 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply,ok,State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_notebook.erl b/lib/wx/examples/demo/ex_notebook.erl
index 2e16ccfffa..fc38fdae08 100644
--- a/lib/wx/examples/demo/ex_notebook.erl
+++ b/lib/wx/examples/demo/ex_notebook.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,7 +23,7 @@
 -behaviour(wx_object).
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -record(state, 
 	{
@@ -133,6 +133,11 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply,ok,State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_pickers.erl b/lib/wx/examples/demo/ex_pickers.erl
index 892c5b449d..8013a5ba32 100644
--- a/lib/wx/examples/demo/ex_pickers.erl
+++ b/lib/wx/examples/demo/ex_pickers.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -124,6 +124,11 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_popupMenu.erl b/lib/wx/examples/demo/ex_popupMenu.erl
index 8774dbef7b..d6778c5dc5 100644
--- a/lib/wx/examples/demo/ex_popupMenu.erl
+++ b/lib/wx/examples/demo/ex_popupMenu.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -90,6 +90,11 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_radioBox.erl b/lib/wx/examples/demo/ex_radioBox.erl
index 8211aec4a2..ab7685f41f 100644
--- a/lib/wx/examples/demo/ex_radioBox.erl
+++ b/lib/wx/examples/demo/ex_radioBox.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,7 +21,7 @@
 -behaviour(wx_object).
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -107,6 +107,9 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply, {error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
 
 code_change(_, _, State) ->
     {stop, ignore, State}.
diff --git a/lib/wx/examples/demo/ex_sashWindow.erl b/lib/wx/examples/demo/ex_sashWindow.erl
index dd05f4e45f..d8a8958f28 100644
--- a/lib/wx/examples/demo/ex_sashWindow.erl
+++ b/lib/wx/examples/demo/ex_sashWindow.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -116,6 +116,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_sizers.erl b/lib/wx/examples/demo/ex_sizers.erl
index 2cc6efd503..7b9e8eb37f 100644
--- a/lib/wx/examples/demo/ex_sizers.erl
+++ b/lib/wx/examples/demo/ex_sizers.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -101,6 +101,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_slider.erl b/lib/wx/examples/demo/ex_slider.erl
index 7b669d96f6..612543ff26 100644
--- a/lib/wx/examples/demo/ex_slider.erl
+++ b/lib/wx/examples/demo/ex_slider.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,7 +21,7 @@
 -behaviour(wx_object).
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -101,6 +101,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply, {error, nyi},State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_splitterWindow.erl b/lib/wx/examples/demo/ex_splitterWindow.erl
index c135f298fa..4f25b73293 100644
--- a/lib/wx/examples/demo/ex_splitterWindow.erl
+++ b/lib/wx/examples/demo/ex_splitterWindow.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -90,6 +90,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_static.erl b/lib/wx/examples/demo/ex_static.erl
index 67061520c4..013bd5ac35 100644
--- a/lib/wx/examples/demo/ex_static.erl
+++ b/lib/wx/examples/demo/ex_static.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -105,6 +105,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_textCtrl.erl b/lib/wx/examples/demo/ex_textCtrl.erl
index 95837c7c4c..d82884f30b 100644
--- a/lib/wx/examples/demo/ex_textCtrl.erl
+++ b/lib/wx/examples/demo/ex_textCtrl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -21,7 +21,7 @@
 -behaviour(wx_object).
 
 -export([start/1, init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -92,6 +92,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config,"Got Call ~p\n",[Msg]),
     {reply, {error,nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/demo/ex_treeCtrl.erl b/lib/wx/examples/demo/ex_treeCtrl.erl
index fa40795393..611904500a 100644
--- a/lib/wx/examples/demo/ex_treeCtrl.erl
+++ b/lib/wx/examples/demo/ex_treeCtrl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -25,7 +25,7 @@
 
 %% wx_object callbacks
 -export([init/1, terminate/2,  code_change/3,
-	 handle_info/2, handle_call/3, handle_event/2]).
+	 handle_info/2, handle_call/3, handle_cast/2, handle_event/2]).
 
 -include_lib("wx/include/wx.hrl").
 
@@ -109,6 +109,10 @@ handle_call(Msg, _From, State) ->
     demo:format(State#state.config, "Got Call ~p\n", [Msg]),
     {reply,{error, nyi}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, ignore, State}.
 
diff --git a/lib/wx/examples/simple/Makefile b/lib/wx/examples/simple/Makefile
index 66f5952f0d..295e739202 100644
--- a/lib/wx/examples/simple/Makefile
+++ b/lib/wx/examples/simple/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2009. All Rights Reserved.
+# Copyright Ericsson AB 2009-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/simple/hello.erl b/lib/wx/examples/simple/hello.erl
index dc845ddfbb..02af1b501f 100644
--- a/lib/wx/examples/simple/hello.erl
+++ b/lib/wx/examples/simple/hello.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/simple/menu.erl b/lib/wx/examples/simple/menu.erl
index d573fcf13a..0025a0b027 100644
--- a/lib/wx/examples/simple/menu.erl
+++ b/lib/wx/examples/simple/menu.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/simple/minimal.erl b/lib/wx/examples/simple/minimal.erl
index dca4adc643..bdff66e217 100644
--- a/lib/wx/examples/simple/minimal.erl
+++ b/lib/wx/examples/simple/minimal.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/sudoku/Makefile b/lib/wx/examples/sudoku/Makefile
index 33725756b7..a7cbf85e03 100644
--- a/lib/wx/examples/sudoku/Makefile
+++ b/lib/wx/examples/sudoku/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2009. All Rights Reserved.
+# Copyright Ericsson AB 2009-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/sudoku/sudoku.erl b/lib/wx/examples/sudoku/sudoku.erl
index 01caeb9524..6749fec30a 100644
--- a/lib/wx/examples/sudoku/sudoku.erl
+++ b/lib/wx/examples/sudoku/sudoku.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/sudoku/sudoku.hrl b/lib/wx/examples/sudoku/sudoku.hrl
index 775b563bdc..6bb2eefd07 100644
--- a/lib/wx/examples/sudoku/sudoku.hrl
+++ b/lib/wx/examples/sudoku/sudoku.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/sudoku/sudoku_board.erl b/lib/wx/examples/sudoku/sudoku_board.erl
index 756837582f..4b26ff97da 100644
--- a/lib/wx/examples/sudoku/sudoku_board.erl
+++ b/lib/wx/examples/sudoku/sudoku_board.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -30,7 +30,7 @@
 	 draw/3, 
 	 %% Callbacks
 	 init/1, handle_sync_event/3, 
-	 handle_event/2, handle_info/2, handle_call/3, 
+	 handle_event/2, handle_info/2, handle_call/3, handle_cast/2,
 	 code_change/3, terminate/2]).
 
 -include("sudoku.hrl").
@@ -209,6 +209,10 @@ handle_call({draw, DC, Size},_From, S) ->
     redraw(DC,Size,S),
     {reply, ok, S}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, not_yet_implemented, State}.
 
diff --git a/lib/wx/examples/sudoku/sudoku_game.erl b/lib/wx/examples/sudoku/sudoku_game.erl
index 470aee0e3b..ec705918b3 100644
--- a/lib/wx/examples/sudoku/sudoku_game.erl
+++ b/lib/wx/examples/sudoku/sudoku_game.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/examples/sudoku/sudoku_gui.erl b/lib/wx/examples/sudoku/sudoku_gui.erl
index 4aaecfe086..3d0c95ffa7 100644
--- a/lib/wx/examples/sudoku/sudoku_gui.erl
+++ b/lib/wx/examples/sudoku/sudoku_gui.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2009. All Rights Reserved.
+%% Copyright Ericsson AB 2009-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -24,7 +24,7 @@
 %%%-------------------------------------------------------------------
 -module(sudoku_gui).
 
--export([init/1, handle_info/2, handle_call/3, handle_event/2, 
+-export([init/1, handle_info/2, handle_call/3, handle_cast/2, handle_event/2,
 	 terminate/2, code_change/3]).
 
 -compile(export_all).
@@ -230,6 +230,10 @@ handle_event(Msg,S) ->
 handle_call(What, _From, State) ->
     {stop, {call, What}, State}.
 
+handle_cast(Msg, State) ->
+    io:format("Got cast ~p~n",[Msg]),
+    {noreply,State}.
+
 code_change(_, _, State) ->
     {stop, not_yet_implemented, State}.
 
diff --git a/lib/wx/examples/xrc/Makefile b/lib/wx/examples/xrc/Makefile
index aba58e0d0f..79d86ac1b9 100644
--- a/lib/wx/examples/xrc/Makefile
+++ b/lib/wx/examples/xrc/Makefile
@@ -1,7 +1,7 @@
 #
 # %CopyrightBegin%
 # 
-# Copyright Ericsson AB 2009. All Rights Reserved.
+# Copyright Ericsson AB 2009-2011. All Rights Reserved.
 # 
 # The contents of this file are subject to the Erlang Public License,
 # Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/wx/src/Makefile b/lib/wx/src/Makefile
index 46bc06271c..4e5971de03 100644
--- a/lib/wx/src/Makefile
+++ b/lib/wx/src/Makefile
@@ -18,7 +18,15 @@
 #
 
 include ../vsn.mk
-include ../config.mk
+ifdef TERTIARY_BOOTSTRAP
+ VSN = $(WX_VSN)
+ INSIDE_ERLSRC = true
+ include $(ERL_TOP)/make/target.mk
+ include $(ERL_TOP)/make/$(TARGET)/otp.mk
+ RELSYSDIR = $(RELEASE_PATH)/lib/wx-$(VSN)
+else # Normal build
+ include ../config.mk
+endif
 
 ESRC = .
 EGEN = gen
@@ -65,7 +73,11 @@ APPUP_SRC    = $(APPUP_FILE).src
 APPUP_TARGET = $(EBIN)/$(APPUP_FILE)
 
 # Targets
-debug opt: $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET)
+ifdef TERTIARY_BOOTSTRAP
+ opt: $(EBIN)/wx_object.beam
+else
+ debug opt: $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET)
+endif
 
 clean:  
 	rm -f $(TARGET_FILES) 
diff --git a/lib/wx/src/gen/wxEvtHandler.erl b/lib/wx/src/gen/wxEvtHandler.erl
index f155351b66..820c2b7a58 100644
--- a/lib/wx/src/gen/wxEvtHandler.erl
+++ b/lib/wx/src/gen/wxEvtHandler.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -95,7 +95,7 @@ parse_opts([{callback,Fun}|R], Opts) when is_function(Fun) ->
     %% Check Fun Arity?
     parse_opts(R, Opts#evh{cb=Fun});
 parse_opts([callback|R], Opts) ->
-    parse_opts(R, Opts#evh{cb=1});
+    parse_opts(R, Opts#evh{cb=self()});
 parse_opts([{userData, UserData}|R],Opts) ->
     parse_opts(R, Opts#evh{userdata=UserData});
 parse_opts([{skip, Skip}|R],Opts) when is_boolean(Skip) ->
diff --git a/lib/wx/src/wx_object.erl b/lib/wx/src/wx_object.erl
index 82c4cfbad5..80f8937656 100644
--- a/lib/wx/src/wx_object.erl
+++ b/lib/wx/src/wx_object.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -108,7 +108,38 @@
 	 get_pid/1
 	]).
 
--export([behaviour_info/1]).
+%% -export([behaviour_info/1]).
+-callback init(Args :: term()) ->
+    {#wx_ref{}, State :: term()} | {#wx_ref{}, State :: term(), timeout() | hibernate} |
+    {stop, Reason :: term()} | ignore.
+-callback handle_event(Request :: #wx{}, State :: term()) ->
+    {noreply, NewState :: term()} |
+    {noreply, NewState :: term(), timeout() | hibernate} |
+    {stop, Reason :: term(), NewState :: term()}.
+-callback handle_call(Request :: term(), From :: {pid(), Tag :: term()},
+                      State :: term()) ->
+    {reply, Reply :: term(), NewState :: term()} |
+    {reply, Reply :: term(), NewState :: term(), timeout() | hibernate} |
+    {noreply, NewState :: term()} |
+    {noreply, NewState :: term(), timeout() | hibernate} |
+    {stop, Reason :: term(), Reply :: term(), NewState :: term()} |
+    {stop, Reason :: term(), NewState :: term()}.
+-callback handle_cast(Request :: term(), State :: term()) ->
+    {noreply, NewState :: term()} |
+    {noreply, NewState :: term(), timeout() | hibernate} |
+    {stop, Reason :: term(), NewState :: term()}.
+-callback handle_info(Info :: timeout() | term(), State :: term()) ->
+    {noreply, NewState :: term()} |
+    {noreply, NewState :: term(), timeout() | hibernate} |
+    {stop, Reason :: term(), NewState :: term()}.
+-callback terminate(Reason :: (normal | shutdown | {shutdown, term()} |
+                               term()),
+                    State :: term()) ->
+    term().
+-callback code_change(OldVsn :: (term() | {down, term()}), State :: term(),
+                      Extra :: term()) ->
+    {ok, NewState :: term()} | {error, Reason :: term()}.
+
 
 %% System exports
 -export([system_continue/3,
@@ -125,15 +156,15 @@
 %%%  API
 %%%=========================================================================
 %% @hidden
-behaviour_info(callbacks) ->
-    [{init,1},
-     {handle_call,3},
-     {handle_info,2},
-     {handle_event,2},
-     {terminate,2},
-     {code_change,3}];
-behaviour_info(_Other) ->
-    undefined.
+%% behaviour_info(callbacks) ->
+%%     [{init,1},
+%%      {handle_call,3},
+%%      {handle_info,2},
+%%      {handle_event,2},
+%%      {terminate,2},
+%%      {code_change,3}];
+%% behaviour_info(_Other) ->
+%%     undefined.
 
 
 %%  -----------------------------------------------------------------
@@ -226,9 +257,11 @@ call(Name, Request, Timeout) when is_atom(Name) orelse is_pid(Name) ->
 %% Invokes handle_cast(Request, State) in the server
 
 cast(#wx_ref{state=Pid}, Request) when is_pid(Pid) ->
-    Pid ! {'$gen_cast',Request};
+    Pid ! {'$gen_cast',Request},
+    ok;
 cast(Name, Request) when is_atom(Name) orelse is_pid(Name) ->
-    Name ! {'$gen_cast',Request}.
+    Name ! {'$gen_cast',Request},
+    ok.
 
 %% @spec (Ref::wxObject()) -> pid()
 %% @doc Get the pid of the object handle.
@@ -258,9 +291,10 @@ init_it(Starter, self, Name, Mod, Args, Options) ->
     init_it(Starter, self(), Name, Mod, Args, Options);
 init_it(Starter, Parent, Name, Mod, Args, [WxEnv|Options]) ->
     case WxEnv of
-	undefined -> ok;	
+	undefined -> ok;
 	_ -> wx:set_env(WxEnv)
     end,
+    put('_wx_object_', {Mod,'_wx_init_'}),
     Debug = debug_options(Name, Options),
     case catch Mod:init(Args) of
 	{#wx_ref{} = Ref, State} ->
@@ -350,57 +384,16 @@ handle_msg({'$gen_call', From, Msg}, Parent, Name, State, Mod) ->
 	{noreply, NState, Time1} ->
 	    loop(Parent, Name, NState, Mod, Time1, []);
 	{stop, Reason, Reply, NState} ->
-	    {'EXIT', R} = 
+	    {'EXIT', R} =
 		(catch terminate(Reason, Name, Msg, Mod, NState, [])),
 	    reply(From, Reply),
 	    exit(R);
 	Other -> handle_common_reply(Other, Name, Msg, Mod, State, [])
     end;
-
-handle_msg(Msg = {_,_,'_wx_invoke_cb_'}, Parent, Name, State, Mod) ->
-    Reply = dispatch_cb(Msg, Mod, State),
-    handle_no_reply(Reply, Parent, Name, Msg, Mod, State, []);
 handle_msg(Msg, Parent, Name, State, Mod) ->
     Reply = (catch dispatch(Msg, Mod, State)),
     handle_no_reply(Reply, Parent, Name, Msg, Mod, State, []).
-%% @hidden
-dispatch_cb({{Msg=#wx{}, Obj=#wx_ref{}}, _, '_wx_invoke_cb_'}, Mod, State) ->
-    Callback = fun() ->
-		       wxe_util:cast(?WXE_CB_START, <<>>),
-		       case Mod:handle_sync_event(Msg, Obj, State) of
-			   ok -> <<>>;
-			   noreply -> <<>>;
-			   Other ->
-			       Args = [Msg, Obj, State],
-			       MFA = {Mod, handle_sync_event, Args},
-			       exit({bad_return, Other, MFA})
-		       end
-	       end,
-    wxe_server:invoke_callback(Callback),
-    {noreply, State};
-dispatch_cb({Func, ArgList, '_wx_invoke_cb_'}, Mod, State) ->
-    try  %% This don't work yet....
-	[#wx_ref{type=ThisClass}] = ArgList,
-	case Mod:handle_overloaded(Func, ArgList, State) of
-	    {reply, CBReply, NState} -> 
-		ThisClass:send_return_value(Func, CBReply),
-		{noreply, NState};
-	    {reply, CBReply, NState, Time1} -> 
-		ThisClass:send_return_value(Func, CBReply),
-		{noreply, NState, Time1};
-	    {noreply, NState} ->
-		ThisClass:send_return_value(Func, <<>>),
-		{noreply, NState};
-	    {noreply, NState, Time1} ->
-		ThisClass:send_return_value(Func, <<>>),
-		{noreply, NState, Time1};
-	    Other -> Other
-	end
-    catch _Err:Reason ->
-	    %% Hopefully we can release the wx-thread with this
-	    wxe_util:cast(?WXE_CB_RETURN, <<>>),
-	    {'EXIT', {Reason, erlang:get_stacktrace()}}
-    end.
+
 %% @hidden
 handle_msg({'$gen_call', From, Msg}, Parent, Name, State, Mod, Debug) ->
     case catch Mod:handle_call(Msg, From, State) of
@@ -426,9 +419,6 @@ handle_msg({'$gen_call', From, Msg}, Parent, Name, State, Mod, Debug) ->
 	Other ->
 	    handle_common_reply(Other, Name, Msg, Mod, State, Debug)
     end;
-handle_msg(Msg = {_,_,'_wx_invoke_cb_'}, Parent, Name, State, Mod, Debug) ->
-    Reply = dispatch_cb(Msg, Mod, State),
-    handle_no_reply(Reply, Parent, Name, Msg, Mod, State, Debug);
 handle_msg(Msg, Parent, Name, State, Mod, Debug) ->
     Reply = (catch dispatch(Msg, Mod, State)),
     handle_no_reply(Reply, Parent, Name, Msg, Mod, State, Debug).
diff --git a/lib/wx/src/wxe_server.erl b/lib/wx/src/wxe_server.erl
index 69e2189fac..6e982c97f6 100644
--- a/lib/wx/src/wxe_server.erl
+++ b/lib/wx/src/wxe_server.erl
@@ -221,7 +221,7 @@ handle_connect(Object, EvData, From, State0 = #state{users=Users}) ->
     Evs = [#event{object=Object,callback=Callback, cb_handler=CBHandler}|Evs0],
     User = User0#user{events=Evs, evt_handler=Handler},
     State1 = State0#state{users=gb_trees:update(From, User, Users)},
-    if is_function(Callback) ->
+    if is_function(Callback) orelse is_pid(Callback) ->
 	    {FunId, State} = attach_fun(Callback,State1),
 	    Res = wxEvtHandler:connect_impl(CBHandler,Object,
 					    wxEvtHandler:replace_fun_with_id(EvData,FunId)),
@@ -229,6 +229,7 @@ handle_connect(Object, EvData, From, State0 = #state{users=Users}) ->
 		ok     -> {reply,Res,State};
 		_Error -> {reply,Res,State0}
 	    end;
+
        true ->
 	    Res = {call_impl, connect_cb, CBHandler},
 	    {reply, Res, State1}
@@ -239,6 +240,8 @@ invoke_cb({{Ev=#wx{}, Ref=#wx_ref{}}, FunId,_}, _S) ->
     case get(FunId) of
 	Fun when is_function(Fun) ->
 	    invoke_callback(fun() -> Fun(Ev, Ref), <<>> end);
+	Pid when is_pid(Pid) -> %% wx_object sync event
+	    invoke_callback(Pid, Ev, Ref);
 	Err ->
 	    ?log("Internal Error ~p~n",[Err])
     end;
@@ -270,6 +273,44 @@ invoke_callback(Fun) ->
     spawn(CB),
     ok.
 
+invoke_callback(Pid, Ev, Ref) ->
+    Env = get(?WXE_IDENTIFIER),
+    CB = fun() ->
+		 wx:set_env(Env),
+		 wxe_util:cast(?WXE_CB_START, <<>>),
+		 try
+		     case get_wx_object_state(Pid) of
+			 ignore ->
+			     %% Ignore early events
+			     wxEvent:skip(Ref);
+			 {Mod, State} ->
+			     case Mod:handle_sync_event(Ev, Ref, State) of
+				 ok -> ok;
+				 noreply -> ok;
+				 Return -> exit({bad_return, Return})
+			     end
+		     end
+		 catch _:Reason ->
+			 wxEvent:skip(Ref),
+			 ?log("Callback fun crashed with {'EXIT, ~p, ~p}~n",
+			      [Reason, erlang:get_stacktrace()])
+		 end,
+		 wxe_util:cast(?WXE_CB_RETURN, <<>>)
+	 end,
+    spawn(CB),
+    ok.
+
+get_wx_object_state(Pid) ->
+    case process_info(Pid, dictionary) of
+	{dictionary, Dict} ->
+	    case lists:keysearch('_wx_object_',1,Dict) of
+		{value, {'_wx_object_', {_Mod, '_wx_init_'}}} -> ignore;
+		{value, {'_wx_object_', Value}} -> Value;
+		_ -> ignore
+	    end;
+	_ -> ignore
+    end.
+
 new_evt_listener(State) ->
     #wx_env{port=Port} = wx:get_env(),
     _ = erlang:port_control(Port,98,<<>>),
diff --git a/lib/wx/test/Makefile b/lib/wx/test/Makefile
index cf51d7918f..333711789f 100644
--- a/lib/wx/test/Makefile
+++ b/lib/wx/test/Makefile
@@ -27,7 +27,7 @@ PWD = $(shell pwd)
 APPDIR = $(shell dirname $(PWD))
 ERL_COMPILE_FLAGS = -pa $(APPDIR)/ebin
 
-Mods =  wxt wx_test_lib \
+Mods =  wxt wx_test_lib wx_obj_test \
 	wx_app_SUITE \
 	wx_basic_SUITE \
 	wx_event_SUITE \
diff --git a/lib/wx/test/wx_basic_SUITE.erl b/lib/wx/test/wx_basic_SUITE.erl
index 9ad34248a9..46c72bb453 100644
--- a/lib/wx/test/wx_basic_SUITE.erl
+++ b/lib/wx/test/wx_basic_SUITE.erl
@@ -48,7 +48,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> 
     [create_window, several_apps, wx_api, wx_misc,
-     data_types].
+     data_types, wx_object].
 
 groups() -> 
     [].
@@ -298,3 +298,77 @@ data_types(_Config) ->
     wxClientDC:destroy(CDC),
     %%wx_test_lib:wx_destroy(Frame,Config).
     wx:destroy().
+
+wx_object(TestInfo) when is_atom(TestInfo) -> wx_test_lib:tc_info(TestInfo);
+wx_object(Config) ->
+    wx:new(),
+    Frame = ?mt(wxFrame, wx_obj_test:start([])),
+    timer:sleep(500),
+    ?m(ok, check_events(flush())),
+
+    Me = self(),
+    ?m({call, foobar, {Me, _}}, wx_object:call(Frame, foobar)),
+    ?m(ok, wx_object:cast(Frame, foobar2)),
+    ?m([{cast, foobar2}], flush()),
+    FramePid = wx_object:get_pid(Frame),
+    io:format("wx_object pid ~p~n",[FramePid]),
+    FramePid ! foo3,
+    ?m([{info, foo3}], flush()),
+
+    ?m(ok, wx_object:cast(Frame, fun(_) -> hehe end)),
+    ?m([{cast, hehe}], flush()),
+    wxWindow:refresh(Frame),
+    ?m([{sync_event, #wx{event=#wxPaint{}}, _}], flush()),
+    ?m(ok, wx_object:cast(Frame, fun(_) -> timer:sleep(200), slept end)),
+    %% The sleep above should not hinder the Paint event below
+    %% Which it did in my buggy handling of the sync_callback
+    wxWindow:refresh(Frame),
+    ?m([{sync_event, #wx{event=#wxPaint{}}, _}], flush()),
+    ?m([{cast, slept}], flush()),
+
+    Monitor = erlang:monitor(process, FramePid),
+    case proplists:get_value(user, Config, false) of
+	false ->
+	    timer:sleep(100),
+	    wxFrame:destroy(Frame);
+	true ->
+	    timer:sleep(500),
+	    ?m(ok, wxFrame:destroy(Frame));
+	_ ->
+	    ?m(ok, wxEvtHandler:connect(Frame, close_window, [{skip,true}])),
+	    wx_test_lib:wait_for_close()
+    end,
+    ?m(ok, receive
+	       {'DOWN', Monitor, _, _, _} ->
+		   ?m([{terminate, wx_deleted}], flush()),
+		   ok
+	   after 1000 ->
+		   Msgs = flush(),
+		   io:format("Error ~p Alive ~p~n",[Msgs, is_process_alive(FramePid)])
+	   end),
+    catch wx:destroy(),
+    ok.
+
+check_events(Msgs) ->
+    check_events(Msgs, 0,0).
+
+check_events([{event, #wx{event=#wxSize{}}}|Rest], Async, Sync) ->
+    check_events(Rest, Async+1, Sync);
+check_events([{sync_event, #wx{event=#wxPaint{}}, Obj}|Rest], Async, Sync) ->
+    ?mt(wxPaintEvent, Obj),
+    check_events(Rest, Async, Sync+1);
+check_events([], Async, Sync) ->
+    case Async > 0 of  %% Test sync explictly
+	true -> ok;
+	false -> {Async, Sync}
+    end.
+
+flush() ->
+    flush([], 500).
+
+flush(Acc, Wait) ->
+    receive
+	Msg -> flush([Msg|Acc], Wait div 10)
+    after Wait ->
+	    lists:reverse(Acc)
+    end.
diff --git a/lib/wx/test/wx_obj_test.erl b/lib/wx/test/wx_obj_test.erl
new file mode 100644
index 0000000000..b4d7640c7e
--- /dev/null
+++ b/lib/wx/test/wx_obj_test.erl
@@ -0,0 +1,86 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+-module(wx_obj_test).
+-include_lib("wx/include/wx.hrl").
+
+-export([start/1]).
+
+%% wx_object callbacks
+-export([init/1, handle_info/2, terminate/2, code_change/3, handle_call/3,
+	 handle_sync_event/3, handle_event/2, handle_cast/2]).
+
+-record(state, {frame, panel, opts}).
+
+start(Opts) ->
+    wx_object:start_link(?MODULE, [{parent, self()}, Opts], []).
+
+init(Opts) ->
+    put(parent_pid, proplists:get_value(parent, Opts)),
+    Frame = wxFrame:new(wx:null(), ?wxID_ANY, "Test wx_object", [{size, {500, 400}}]),
+    Sz = wxBoxSizer:new(?wxHORIZONTAL),
+    Panel = wxPanel:new(Frame),
+    wxSizer:add(Sz, Panel, [{flag, ?wxEXPAND}, {proportion, 1}]),
+    wxPanel:connect(Panel, size, [{skip, true}]),
+    wxPanel:connect(Panel, paint, [callback, {userData, proplists:get_value(parent, Opts)}]),
+    wxWindow:show(Frame),
+    {Frame, #state{frame=Frame, panel=Panel, opts=Opts}}.
+
+handle_sync_event(Event = #wx{obj=Panel}, WxEvent, #state{opts=Opts}) ->
+    DC=wxPaintDC:new(Panel),  %% We must create & destroy paintDC, or call wxEvent:skip(WxEvent))
+    wxPaintDC:destroy(DC),    %% in sync_event. Otherwise wx on windows keeps sending the events.
+    Pid = proplists:get_value(parent, Opts),
+    true = is_pid(Pid),
+    Pid ! {sync_event, Event, WxEvent},
+    ok.
+
+handle_event(Event, State = #state{opts=Opts}) ->
+    Pid = proplists:get_value(parent, Opts),
+    Pid ! {event, Event},
+    {noreply, State}.
+
+handle_call(What, From, State) when is_function(What) ->
+    Result = What(State),
+    {reply, {call, Result, From}, State};
+handle_call(What, From, State) ->
+    {reply, {call, What, From}, State}.
+
+handle_cast(What, State = #state{opts=Opts})  when is_function(What) ->
+    Result = What(State),
+    Pid = proplists:get_value(parent, Opts),
+    Pid ! {cast, Result},
+    {noreply, State};
+
+handle_cast(What, State = #state{opts=Opts}) ->
+    Pid = proplists:get_value(parent, Opts),
+    Pid ! {cast, What},
+    {noreply, State}.
+
+handle_info(What, State = #state{opts=Opts}) ->
+    Pid = proplists:get_value(parent, Opts),
+    Pid ! {info, What},
+    {noreply, State}.
+
+terminate(What, #state{opts=Opts}) ->
+    Pid = proplists:get_value(parent, Opts),
+    Pid ! {terminate, What},
+    ok.
+
+code_change(Ver1, Ver2, State = #state{opts=Opts}) ->
+    Pid = proplists:get_value(parent, Opts),
+    Pid ! {code_change, Ver1, Ver2},
+    State.
diff --git a/lib/wx/test/wx_test_lib.hrl b/lib/wx/test/wx_test_lib.hrl
index 34e1e9c6b8..820e8f0050 100644
--- a/lib/wx/test/wx_test_lib.hrl
+++ b/lib/wx/test/wx_test_lib.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -40,7 +40,6 @@
 
 -define(m(ExpectedRes, Expr),
 	fun() ->
-		{TeStFILe, TeSTLiNe} = {?FILE, ?LINE},
 		AcTuAlReS = (catch (Expr)),
 		case AcTuAlReS of
 		    ExpectedRes ->
@@ -48,8 +47,8 @@
 			AcTuAlReS;
 		    _ ->
 			wx_test_lib:error("Not Matching Actual result was:~n ~p ~n Expected ~s~n",
-					  [AcTuAlReS, ??ExpectedRes], 
-					  TeStFILe,TeSTLiNe),
+					  [AcTuAlReS, ??ExpectedRes],
+					  ?FILE,?LINE),
 			AcTuAlReS
 		end
 	end()).
diff --git a/lib/wx/vsn.mk b/lib/wx/vsn.mk
index 8685c633d4..3f3e9422a8 100644
--- a/lib/wx/vsn.mk
+++ b/lib/wx/vsn.mk
@@ -1 +1 @@
-WX_VSN = 0.99
+WX_VSN = 0.99.1
diff --git a/lib/xmerl/doc/src/notes.xml b/lib/xmerl/doc/src/notes.xml
index 15c42d6f6a..8734bd8771 100644
--- a/lib/xmerl/doc/src/notes.xml
+++ b/lib/xmerl/doc/src/notes.xml
@@ -31,6 +31,117 @@
   <p>This document describes the changes made to the Xmerl application.</p>
 
 
+<section><title>Xmerl 1.3</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+	    <p> Fix character check of non-characters due to change
+	    in unicode module. </p>
+          <p>
+	    Own Id: OTP-9670</p>
+        </item>
+        <item>
+          <p>
+	    Treat , as special in xmerl_xpath_scan. (Thanks to Anneli
+	    Cuss)</p>
+          <p>
+	    Own Id: OTP-9753</p>
+        </item>
+        <item>
+	  <p> 
+	    Fix bug in namespace handling for attributes when the  
+            <c>namespace_conformant</c> flag is set to true. </p>
+          <p>
+	    Own Id: OTP-9821</p>
+        </item>
+      </list>
+    </section>
+
+
+    <section><title>Improvements and New Features</title>
+      <list>
+        <item>
+	    <p> Updates to the xml scanner </p> <list> <item>
+	    <p>xmerl_scan is now returning xmlComment records in the
+	    output.<br/><br/> Functions <c>xmerl_scan:file/2</c> and
+	    <c>xmerl_scan:string/2</c> now accepts a new option
+	    <c>{comments, Flag}</c> for filtering of comments.<br/>
+	    Default (<c>true</c>) is that <c>#xmlComment</c> records
+	    are returned from the scanner and this flag should be set
+	    to false if one don't want comments in the output. </p>
+	    </item> <item> <p>Add <i>default_attrs</i>
+	    option<br/><br/> When <i>default_attrs</i> is <c>true</c>
+	    any attribute with a default value defined in the doctype
+	    but not in the attribute axis of the currently scanned
+	    element is added to it. </p> </item> <item> <p>Allow
+	    whole documents to be returned<br/><br/> Functions
+	    <c>xmerl_scan:file/2</c> and <c>xmerl_scan:string/2</c>
+	    now accepts a new option <c>{document, true}</c> to
+	    produce a whole document as a <c>xmlDocument</c> record
+	    instead of just the root element node.<br/> This option
+	    is the only way to get to the top-level comments and
+	    processing instructions without hooking through the
+	    customization functions. Those nodes are needed to
+	    implement [Canonical XML][c14n-xml] support.<br/>
+	    [c14n-xml]:
+	    http://www.w3.org/TR/2008/PR-xml-c14n11-20080129/
+	    <i>Canonical XML</i> </p> </item> <item><p>Parents and
+	    namespace are tracked in <c>#xmlAttribute</c>
+	    nodes</p></item> <item><p>Parents are tracked in
+	    <c>#xmlPI</c> nodes</p></item> <item><p>Set <c>vsn</c>
+	    field in <c>#xmlDecl</c> record</p></item> <item><p>Fix
+	    namespace-conformance constraints<br/><br/> See
+	    [Namespaces in XML 1.0 (Third Edition)][1]: The prefix
+	    xml is by definition bound to the namespace name
+	    http://www.w3.org/XML/1998/namespace. It MAY, but need
+	    not, be declared, and MUST NOT be bound to any other
+	    namespace name. Other prefixes MUST NOT be bound to this
+	    namespace name, and it MUST NOT be declared as the
+	    default namespace.<br/> The prefix xmlns is used only to
+	    declare namespace bindings and is by definition bound to
+	    the namespace name http://www.w3.org/2000/xmlns/. It MUST
+	    NOT be declared . Other prefixes MUST NOT be bound to
+	    this namespace name, and it MUST NOT be declared as the
+	    default namespace. Element names MUST NOT have the prefix
+	    xmlns.<br/> In XML documents conforming to this
+	    specification, no tag may contain two attributes which
+	    have identical names, or have qualified names with the
+	    same local part and with prefixes which have been bound
+	    to namespace names that are identical.<br/> [1]
+	    http://www.w3.org/TR/REC-xml-names/ </p></item> </list>
+	    <p> Updates of xmerl's Xpath functionality. </p> <list>
+	    <item><p>Add <c>#xmlPI</c> support to
+	    xmerl_xpath:write_node/1</p></item> <item><p>Fix
+	    processing-instruction(name?)</p></item> <item><p>Fix
+	    path filters, support more top-level primary
+	    expressions</p></item> <item><p>Accumulate comments in
+	    element nodes</p></item> <item><p>Implement namespace
+	    axis<br/><br/> Namespace nodes are represented as
+	    <c>#xmlNsNode</c> records. Now that the namespace axis is
+	    correctly implemented, attributes nodes corresponding to
+	    attributes that declare namespaces are ignored.<br/> See
+	    [5.3 Attribute Nodes][xpath-5.3]:<br/> There are no
+	    attribute nodes corresponding to attributes that declare
+	    namespaces.<br/> [xpath-5.3]:
+	    http://www.w3.org/TR/xpath/#attribute-nodes </p></item>
+	    </list> <p> (Thanks to Anthony Ramine) </p>
+          <p>
+	    *** POTENTIAL INCOMPATIBILITY ***</p>
+          <p>
+	    Own Id: OTP-9664</p>
+        </item>
+        <item>
+          <p>
+	    Eliminate use of deprecated regexp module</p>
+          <p>
+	    Own Id: OTP-9810</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
 <section><title>Xmerl 1.2.10</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
diff --git a/lib/xmerl/doc/src/part_notes.xml b/lib/xmerl/doc/src/part_notes.xml
index 827ffd90e9..b3c0597323 100644
--- a/lib/xmerl/doc/src/part_notes.xml
+++ b/lib/xmerl/doc/src/part_notes.xml
@@ -4,7 +4,7 @@
 <part xmlns:xi="http://www.w3.org/2001/XInclude">
   <header>
     <copyright>
-      <year>2004</year><year>2009</year>
+      <year>2004</year><year>2011</year>
       <holder>Ericsson AB. All Rights Reserved.</holder>
     </copyright>
     <legalnotice>
diff --git a/lib/xmerl/doc/src/xmerl_ug.xmlsrc b/lib/xmerl/doc/src/xmerl_ug.xmlsrc
index 6ee6707e53..9ef8fbb0b9 100644
--- a/lib/xmerl/doc/src/xmerl_ug.xmlsrc
+++ b/lib/xmerl/doc/src/xmerl_ug.xmlsrc
@@ -36,9 +36,9 @@
       <title>Features</title>
       <p>The <em>xmerl</em> XML parser is able to parse XML documents
         according to the XML 1.0 standard. As default it performs
-        well-formed parsing,(syntax checks and checks of well-formed
+        well-formed parsing, (syntax checks and checks of well-formed
         constraints). Optionally one can also use xmerl as a validating
-        parser,(validate according to referenced DTD and validating
+        parser, (validate according to referenced DTD and validating
         constraints). By means of for example the xmerl_xs module it is
         possible to transform the parsed result to other formats,
         e.g. text, HTML, XML etc.</p>
diff --git a/lib/xmerl/include/xmerl.hrl b/lib/xmerl/include/xmerl.hrl
index 3760a5cce0..331d1507a0 100644
--- a/lib/xmerl/include/xmerl.hrl
+++ b/lib/xmerl/include/xmerl.hrl
@@ -1,7 +1,7 @@
 %% 
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2004-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/xmerl/include/xmerl_xsd.hrl b/lib/xmerl/include/xmerl_xsd.hrl
index 6dad7d8ff0..644cc2e433 100644
--- a/lib/xmerl/include/xmerl_xsd.hrl
+++ b/lib/xmerl/include/xmerl_xsd.hrl
@@ -184,7 +184,7 @@
 %% allowed for a schema.
 %% chain, represents a series of ordered objects, some of whom may be
 %% optional.
-%% alterantive, a collection of objects of which only one is choosen.
+%% alterantive, a collection of objects of which only one is chosen.
 -record(chain,{
 	  content,
 	  occurance={1,1}
diff --git a/lib/xmerl/src/xmerl.erl b/lib/xmerl/src/xmerl.erl
index 2332517988..3249094e78 100644
--- a/lib/xmerl/src/xmerl.erl
+++ b/lib/xmerl/src/xmerl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/xmerl/src/xmerl_sax_parser_base.erlsrc b/lib/xmerl/src/xmerl_sax_parser_base.erlsrc
index ec9178ea25..c25cde0472 100644
--- a/lib/xmerl/src/xmerl_sax_parser_base.erlsrc
+++ b/lib/xmerl/src/xmerl_sax_parser_base.erlsrc
@@ -1,7 +1,7 @@
 %%-*-erlang-*-
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/xmerl/src/xmerl_scan.erl b/lib/xmerl/src/xmerl_scan.erl
index ec7ea534d6..05431a5fd2 100644
--- a/lib/xmerl/src/xmerl_scan.erl
+++ b/lib/xmerl/src/xmerl_scan.erl
@@ -20,8 +20,8 @@
 %% Description  : Simgle-pass XML scanner. See xmerl.hrl for data defs.
 
 %% @doc This module is the interface to the XML parser, it handles XML 1.0.
-%%     The XML parser is activated through 
-%%     <tt>xmerl_scan:string/[1,2]</tt> or 
+%%     The XML parser is activated through
+%%     <tt>xmerl_scan:string/[1,2]</tt> or
 %%     <tt>xmerl_scan:file/[1,2]</tt>.
 %%     It returns records of the type defined in xmerl.hrl.
 %% See also <a href="xmerl_examples.html">tutorial</a> on customization
@@ -79,15 +79,15 @@
 %%  <dt><code>{validation, Flag}</code></dt>
 %%    <dd>Controls whether to process as a validating XML parser:
 %%    'off' (default) no validation, or validation 'dtd' by DTD or 'schema'
-%%    by XML Schema. 'false' and 'true' options are obsolete 
-%%    (i.e. they may be removed in a future release), if used 'false' 
+%%    by XML Schema. 'false' and 'true' options are obsolete
+%%    (i.e. they may be removed in a future release), if used 'false'
 %%    equals 'off' and 'true' equals 'dtd'.</dd>
 %%  <dt><code>{schemaLocation, [{Namespace,Link}|...]}</code></dt>
-%%    <dd>Tells explicitly which XML Schema documents to use to validate 
-%%    the XML document. Used together with the 
+%%    <dd>Tells explicitly which XML Schema documents to use to validate
+%%    the XML document. Used together with the
 %%    <code>{validation,schema}</code> option.</dd>
 %%  <dt><code>{quiet, Flag}</code></dt>
-%%    <dd>Set to 'true' if xmerl should behave quietly and not output any 
+%%    <dd>Set to 'true' if xmerl should behave quietly and not output any
 %%    information to standard output (default 'false').</dd>
 %%  <dt><code>{doctype_DTD, DTD}</code></dt>
 %%    <dd>Allows to specify DTD name when it isn't available in the XML
@@ -275,7 +275,7 @@ int_file_decl(F, Options,_ExtCharset) ->
 %% @spec string(Text::list()) -> {xmlElement(),Rest}
 %%   Rest = list()
 %% @equiv string(Test, [])
-string(Str) ->  
+string(Str) ->
     string(Str, []).
 
 %% @spec string(Text::list(),Options::option_list()) -> {document(),Rest}
@@ -306,7 +306,7 @@ int_string(Str, Options, XMLBase, FileName) ->
 	    scan_document(Str2, S#xmerl_scanner{encoding="iso-10646-utf-1"});
 	{undefined,undefined,Str2} -> %% no auto detection
 	    scan_document(Str2, S);
-	{external,ExtCharset,Str2} -> 
+	{external,ExtCharset,Str2} ->
 	    %% no auto detection, ExtCharset is an explicitly provided
 	    %% 7 bit,8 bit or utf-8 encoding
 	    scan_document(Str2, S#xmerl_scanner{encoding=atom_to_list(ExtCharset)})
@@ -325,7 +325,7 @@ int_string_decl(Str, Options, XMLBase, FileName) ->
 	{external,ExtCharset,Str2} ->
 	    scan_decl(Str2, S#xmerl_scanner{encoding=atom_to_list(ExtCharset)})
     end.
-    
+
 
 
 initial_state0(Options,XMLBase) ->
@@ -386,7 +386,7 @@ initial_state([{line, L}|T], S) ->
     initial_state(T, S#xmerl_scanner{line = L});
 initial_state([{namespace_conformant, F}|T], S) when F==true; F==false ->
     initial_state(T, S#xmerl_scanner{namespace_conformant = F});
-initial_state([{validation, F}|T], S) 
+initial_state([{validation, F}|T], S)
   when F==off; F==dtd; F==schema; F==true; F==false ->
     initial_state(T, S#xmerl_scanner{validation = validation_value(F)});
 initial_state([{schemaLocation, SL}|T], S) when is_list(SL) ->
@@ -422,7 +422,7 @@ validation_value(false) ->
 validation_value(F) ->
     F.
 
-%% Used for compacting (some) indentations. 
+%% Used for compacting (some) indentations.
 %% See also fast_accumulate_whitespace().
 common_data() ->
     {comdata(lists:duplicate(60, $\s), []),
@@ -465,7 +465,7 @@ event(_X, S) ->
 %% where Pos' can be derived from X#xmlElement.pos, X#xmlText.pos, or
 %% X#xmlAttribute.pos (whichever is the current object type.)
 %% The acc/3 function is not allowed to redefine the type of object
-%% being defined, but _is_ allowed to either ignore it or split it 
+%% being defined, but _is_ allowed to either ignore it or split it
 %% into multiple objects (in which case {Acc',Pos',S'} should be returned.)
 %% If {Acc',S'} is returned, Pos will be incremented by 1 by default.
 %% Below is an example of an acceptable operation
@@ -488,10 +488,10 @@ fetch_URI(URI, S) ->
     %% assume URI is a filename
     Split = filename:split(URI),
     Filename = fun([])->[];(X)->lists:last(X) end (Split),
-    Fullname = 
+    Fullname =
 	case Split of %% how about Windows systems?
 	    ["file:"|Name]-> %% absolute path, see RFC2396 sect 3
-		%% file:/dtd_name 
+		%% file:/dtd_name
 		filename:join(["/"|Name]);
 	    ["/"|Rest] when Rest /= [] ->
 		%% absolute path name
@@ -544,9 +544,9 @@ scan_document(Str0, S=#xmerl_scanner{event_fun = Event,
 			    line = L,
 			    col = C,
 			    data = document}, S),
-    
+
     %% Transform to given character set.
-    %% Note that if another character set is given in the encoding 
+    %% Note that if another character set is given in the encoding
     %% attribute in a XML declaration that one will be used later
     Str=if
 	    Charset == "utf-8" ->
@@ -573,7 +573,7 @@ scan_document(Str0, S=#xmerl_scanner{event_fun = Event,
     {Misc, _Pos1, Tail, S4}=scan_misc(T3, S3, Pos + 1),
 %%     M5 = erlang:memory(),
 %%     io:format("Memory status after misc: ~p~n",[M5]),
-    
+
     S5 = #xmerl_scanner{} = Event(#xmerl_event{event = ended,
 					       line = S4#xmerl_scanner.line,
 					       col = S4#xmerl_scanner.col,
@@ -636,7 +636,7 @@ scan_decl(Str, S=#xmerl_scanner{event_fun = Event,
 			    line = L,
 			    col = C,
 			    data = document}, S),
-    
+
     case scan_prolog(Str, S1, _StartPos = 1) of
 	{_,_,T2="<"++_, S2} ->
 	    {{S2#xmerl_scanner.user_state,T2},[],S2};
@@ -665,14 +665,14 @@ scan_prolog("<?xml"++T,
 	    Pos,Acc) when ?whitespace(hd(T)) ->
     {Charset, T3, S3} =
     if
-	Col==1,L==1,S0#xmerl_scanner.text_decl==true -> 
+	Col==1,L==1,S0#xmerl_scanner.text_decl==true ->
 	    ?dbg("prolog(\"<?xml\")~n", []),
 	    ?bump_col(5),
 	    {_,T1,S1} = mandatory_strip(T,S),
 	    {Decl,T2, S2}=scan_text_decl(T1,S1),
 	    Encoding=Decl#xmlDecl.encoding,
 	    {Encoding, T2, S2#xmerl_scanner{encoding=Encoding}};
-	Col==1,L==1 -> 
+	Col==1,L==1 ->
 	    ?dbg("prolog(\"<?xml\")~n", []),
 	    ?bump_col(5),
 	    {Decl,T2, S2}=scan_xml_decl(T, S),
@@ -728,7 +728,7 @@ scan_prolog(Str="%"++_T,S=#xmerl_scanner{environment={external,_}},
 scan_prolog(Str, S0 = #xmerl_scanner{user_state=_US,encoding=_Charset},
 	    Pos,Acc) ->
     ?dbg("prolog(\"<\")~n", []),
-    
+
     %% Check for Comments, PI before possible DOCTYPE declaration
     ?bump_col(1),
     %% If no known character set assume it is UTF-8
@@ -759,7 +759,7 @@ scan_prolog2(Str = "<!" ++ _, S, Pos, Acc) ->
     {Acc, Pos, T, S1};
 scan_prolog2(Str, S0 = #xmerl_scanner{user_state=_US},Pos,Acc) ->
     ?dbg("prolog(\"<\")~n", []),
-    
+
     %% Here we consider the DTD provided by doctype_DTD option,
     S1 =
 	case S0 of
@@ -793,7 +793,7 @@ scan_misc("<!--" ++ T, S0=#xmerl_scanner{acc_fun = F, comments=CF}, Pos, Acc) ->
     {C, T1, S1} = scan_comment(T, S, Pos, _Parents = [], _Lang = []),
     case CF of
 	true ->
-	    {Acc2, Pos2, S3} = 
+	    {Acc2, Pos2, S3} =
 		case F(C, Acc, S1) of
 		    {Acc1, S2} ->
 			{Acc1, Pos + 1, S2};
@@ -838,7 +838,7 @@ scan_xml_decl(T, S) ->
     {_,T1,S1} = mandatory_strip(T,S),
     {T2,S2} =
 	case T1 of
-	    "version" ++ _T2 -> 
+	    "version" ++ _T2 ->
 		{_T2,S1#xmerl_scanner{col=S1#xmerl_scanner.col+7}};
 	    _ -> ?fatal(expected_version_attribute,S1)
 	end,
@@ -879,8 +879,8 @@ scan_xml_decl2("encoding" ++ T, S0 = #xmerl_scanner{event_fun = Event},
 			 value = LowEncName},
     Decl = Decl0#xmlDecl{encoding = LowEncName,
 			 attributes = [Attr|Attrs]},
-    S3 = #xmerl_scanner{} = Event(#xmerl_event{event = ended, 
-					       line = S0#xmerl_scanner.line, 
+    S3 = #xmerl_scanner{} = Event(#xmerl_event{event = ended,
+					       line = S0#xmerl_scanner.line,
 					       col = S0#xmerl_scanner.col,
 					       data = Attr}, S2),
     case T2 of
@@ -902,7 +902,7 @@ scan_xml_decl3("?>" ++ T, S0,Decl) ->
     return_xml_decl(T,S,Decl);
 scan_xml_decl3("standalone" ++ T,S0 = #xmerl_scanner{event_fun = Event},
 	      Decl0 = #xmlDecl{attributes = Attrs}) ->
-    %% [32] SDDecl 
+    %% [32] SDDecl
     ?bump_col(10),
     {T1, S1} = scan_eq(T, S),
     {StValue,T2,S2}=scan_standalone_value(T1,S1),
@@ -911,8 +911,8 @@ scan_xml_decl3("standalone" ++ T,S0 = #xmerl_scanner{event_fun = Event},
 			 value = StValue},
     Decl = Decl0#xmlDecl{standalone = StValue,
 			 attributes = [Attr|Attrs]},
-    S3 = #xmerl_scanner{} = Event(#xmerl_event{event = ended, 
-					       line = S0#xmerl_scanner.line, 
+    S3 = #xmerl_scanner{} = Event(#xmerl_event{event = ended,
+					       line = S0#xmerl_scanner.line,
 					       col = S0#xmerl_scanner.col,
 					       data = Attr}, S2),
     {_,T3,S4} = strip(T2,S3),
@@ -933,7 +933,7 @@ return_xml_decl(T,S=#xmerl_scanner{hook_fun = _Hook,
 %%    {Ret, S3} = Hook(Decl, S2),
 %%    {Ret, T1, S3}.
     {Decl, T1, S2}.
-    
+
 
 scan_standalone_value("'yes'" ++T,S0)->
     ?bump_col(5),
@@ -976,7 +976,7 @@ scan_text_decl(T,S=#xmerl_scanner{event_fun = Event}) ->
     scan_text_decl(T5,S6,Decl).
 
 scan_text_decl("?>"++T,S0 = #xmerl_scanner{hook_fun = _Hook,
-					   event_fun = Event}, 
+					   event_fun = Event},
 	       Decl0 = #xmlDecl{attributes = Attrs}) ->
     ?bump_col(2),
     ?strip1,
@@ -1001,7 +1001,7 @@ scan_optional_version("version"++T,S0) ->
     {#xmlDecl{attributes=[Attr]},T4,S4};
 scan_optional_version(T,S) ->
     {#xmlDecl{attributes=[]},T,S}.
-    
+
 
 
 %%%%%%% [81] EncName
@@ -1010,7 +1010,7 @@ scan_enc_name([], S=#xmerl_scanner{continuation_fun = F}) ->
     F(fun(MoreBytes, S1) -> scan_enc_name(MoreBytes, S1) end,
       fun(S1) -> ?fatal(expected_encoding_name, S1) end,
       S);
-scan_enc_name([H|T], S0) when H >= $"; H =< $' -> 
+scan_enc_name([H|T], S0) when H >= $"; H =< $' ->
     ?bump_col(1),
     scan_enc_name(T, S, H, []).
 
@@ -1063,7 +1063,7 @@ scan_xml_vsn([H|T], S) when H==$"; H==$'->
 
 xml_vsn([], S=#xmerl_scanner{continuation_fun = F}, Delim, Acc) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> xml_vsn(MoreBytes, S1, Delim, Acc) end, 
+    F(fun(MoreBytes, S1) -> xml_vsn(MoreBytes, S1, Delim, Acc) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
 xml_vsn([H|T], S=#xmerl_scanner{col = C}, H, Acc) ->
@@ -1093,7 +1093,7 @@ scan_pi(Str = [H1,H2,H3 | T],S0=#xmerl_scanner{line = L, col = C}, Pos, Ps)
   when H1==$x;H1==$X ->
     %% names beginning with [xX][mM][lL] are reserved for future use.
     ?bump_col(3),
-    if 
+    if
 	((H2==$m) or (H2==$M)) and
 	((H3==$l) or (H3==$L)) ->
 	    scan_wellknown_pi(T,S,Pos,Ps);
@@ -1126,7 +1126,7 @@ scan_pi([], S=#xmerl_scanner{continuation_fun = F}, Target,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
 scan_pi("?>" ++ T, S0 = #xmerl_scanner{hook_fun = Hook,
-				       event_fun = Event}, 
+				       event_fun = Event},
 	Target, L, C, Pos, Ps, Acc) ->
     ?bump_col(2),
     PI = #xmlPI{name = Target,
@@ -1153,7 +1153,7 @@ scan_pi2([], S=#xmerl_scanner{continuation_fun = F}, Target,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
 scan_pi2("?>" ++ T, S0 = #xmerl_scanner{hook_fun = Hook,
-				       event_fun = Event}, 
+				       event_fun = Event},
 	 Target, L, C, Pos, Ps, Acc) ->
     ?bump_col(2),
     PI = #xmlPI{name = Target,
@@ -1173,7 +1173,7 @@ scan_pi2(Str, S0, Target, L, C, Pos, Ps, Acc) ->
 
 
 
-%% [28] doctypedecl ::= 
+%% [28] doctypedecl ::=
 %%   '<!DOCTYPE' S Name (S ExternalID)? S? ('[' intSubset ']' S?)? '>'
 scan_doctype([], S=#xmerl_scanner{continuation_fun = F}) ->
     ?dbg("cont()...~n", []),
@@ -1279,7 +1279,7 @@ fetch_DTD(undefined, S) ->
     S;
 % fetch_DTD(_,S=#xmerl_scanner{validation=false}) ->
 %     S;
-fetch_DTD(DTDSpec, S)-> 
+fetch_DTD(DTDSpec, S)->
     case fetch_and_parse(DTDSpec,S,[{text_decl,true},
 				    {environment,{external,subset}}]) of
 	NewS when is_record(NewS,xmerl_scanner) ->
@@ -1294,7 +1294,7 @@ fetch_and_parse(ExtSpec,S=#xmerl_scanner{fetch_fun=Fetch,
 		Options0) ->
     RetS =
     case Fetch(ExtSpec, S) of
-	{ok, NewS} -> 
+	{ok, NewS} ->
 	    %% For backward compatibility only. This will be removed later!!
 	    NewS;
 	{ok, not_fetched,NewS} ->
@@ -1359,7 +1359,7 @@ fetch_not_parse(ExtSpec,S=#xmerl_scanner{fetch_fun=Fetch}) ->
 	{ok, DataRet, NewS} ->
 	    {String,LocationName} =
 		case DataRet of
-		    {file,F} ->	
+		    {file,F} ->
 			{get_file(F,S),F};
 		    {string,Str} ->
 			{binary_to_list(Str),file_name_unknown};
@@ -1375,7 +1375,7 @@ fetch_not_parse(ExtSpec,S=#xmerl_scanner{fetch_fun=Fetch}) ->
 get_file(F,S) ->
 %     io:format("get_file F=~p~n",[F]),
     case file:read_file(F) of
-	{ok,Bin} ->	    
+	{ok,Bin} ->
 	    binary_to_list(Bin);
 	Err ->
 	    ?fatal({error_reading_file,F,Err},S)
@@ -1390,7 +1390,7 @@ check_decl(#xmerl_scanner{rules=Tab} = S) ->
     check_notations(Tab,S),
     check_elements(Tab,S), %% check also attribute defs for element
     check_entities(Tab,S).
-	    
+
 check_notations(Tab,S) ->
     case ets:match(Tab,{{notation,'$1'},undeclared}) of
 	[[]] -> ok;
@@ -1439,7 +1439,7 @@ check_attributes([{N1,'ID',_,_,_}=Attr|Rest],S) ->
 check_attributes([{_,{enumeration,_},_,_,_}=Attr|T],S) ->
     vc_Enumeration(Attr,S),
     check_attributes(T,S);
-check_attributes([{_,Ent,_,_,_}=Attr|T],S) 
+check_attributes([{_,Ent,_,_,_}=Attr|T],S)
   when Ent=='ENTITY';Ent=='ENTITIES' ->
     vc_Entity_Name(Attr,S),
     check_attributes(T,S);
@@ -1483,7 +1483,7 @@ scan_ext_subset([], S=#xmerl_scanner{continuation_fun = F}) ->
     F(fun(MoreBytes, S1) -> scan_ext_subset(MoreBytes, S1) end,
       fun(S1) -> {[], S1} end,
       S);
-scan_ext_subset("%" ++ T, S0) -> 
+scan_ext_subset("%" ++ T, S0) ->
     %% DeclSep [28a]: WFC: PE Between Declarations.
     %% The replacement text of a parameter entity reference in a
     %% DeclSep must match the production extSubsetDecl.
@@ -1537,7 +1537,7 @@ scan_decl_sep(T,S) ->
 % 		{" " ++ EntV2 ++ " ",_S3};
 % 	    ExpRef ->
 % 		{ExpRef,S1}
-% 	end,		     
+% 	end,
 %     {_, T3, S3} = strip(ExpandedRef,S2),
 %     {_T4,S4} = scan_ext_subset(T3,S3),
 %     strip(T1,S4).
@@ -1623,7 +1623,7 @@ scan_include(T, S) ->
     scan_include(T1, S1).
 
 
-%%%%%%% [29] markupdecl ::= elementdecl | AttlistDecl | EntityDecl | 
+%%%%%%% [29] markupdecl ::= elementdecl | AttlistDecl | EntityDecl |
 %%%%%%%                     NotationDecl | PI |Comment
 %%%%%%% [45] elementdecl ::= '<!ELEMENT' S Name S contentspec S? '>'
 
@@ -1642,14 +1642,14 @@ scan_markup_decl("<?" ++ T, S0) ->
     ?bump_col(2),
     {_PI, T1, S1} = scan_pi(T, S,_Pos=markup,[]),
     strip(T1, S1);
-scan_markup_decl("<!ELEMENT" ++ T, 
+scan_markup_decl("<!ELEMENT" ++ T,
 		 #xmerl_scanner{rules_read_fun = Read,
 				rules_write_fun = Write,
 				rules_delete_fun = Delete} = S0) ->
     ?bump_col(9),
     {_,T1,S1} = mandatory_strip(T,S),
     {Ename, _NamespaceInfo, T2, S2} = scan_name(T1, S1),
-    Element  = 
+    Element  =
 	case Read(elem_def, Ename, S2) of
 	    El = #xmlElement{elementdef=Decl} when Decl =/= undeclared ->
 		case S2#xmerl_scanner.validation of
@@ -1690,7 +1690,7 @@ scan_markup_decl("<!NOTATION" ++ T, S0) ->
     {_,T1,S1} = mandatory_strip(T,S),
     {T2, S2} = scan_notation_decl(T1, S1),
     strip(T2,S2);
-scan_markup_decl("<!ATTLIST" ++ T, 
+scan_markup_decl("<!ATTLIST" ++ T,
 		 #xmerl_scanner{rules_read_fun = Read,
 				rules_write_fun = Write,
 				rules_delete_fun= Delete} = S0) ->
@@ -1707,7 +1707,7 @@ scan_markup_decl("<!ATTLIST" ++ T,
 		%% internal DTD.
 		{#xmlElement{},update_attributes(Attributes,[])};
 	    Edef = #xmlElement{attributes = OldAttrs} ->
-		Delete(elem_def,Ename,S4), 
+		Delete(elem_def,Ename,S4),
 		%% the slot in rules table must be empty so that the
 		%% later write has the assumed effect. Read maybe
 		%% should empty the table slot.
@@ -1726,7 +1726,7 @@ scan_element_completion(T,S) ->
 update_attributes(NewAttrs, OldAttrs) ->
     update_attributes1(NewAttrs,lists:reverse(OldAttrs)).
 
-update_attributes1([A = {Name,_Type,_DefaultV,_DefaultD,_Env}|Attrs], 
+update_attributes1([A = {Name,_Type,_DefaultV,_DefaultD,_Env}|Attrs],
 		   OldAttrs) ->
     case lists:keymember(Name, 1, OldAttrs) of
 	true ->
@@ -1867,7 +1867,7 @@ scan_notation_type("|" ++ T, S0, Acc) ->
     ?strip3,
     scan_notation_type(T3, S3, [Name | Acc]).
 
-%%% Validity constraint for NotationType: 
+%%% Validity constraint for NotationType:
 %%% The used notation names must be declared in the DTD, but they may
 %%% be declared later.
 notation_exists(Name, #xmerl_scanner{rules_read_fun = Read,
@@ -1996,7 +1996,7 @@ scan_entity_def(Str, S, EName) ->
 				  {environment,{external,{entity,EName}}}]) of
 		{{_USret,Entity},_Tail,_Sx} ->
 		    {Entity, external,T2, S2};
-		{Entity,_Tail,Sx} -> 
+		{Entity,_Tail,Sx} ->
 			OldRef=S2#xmerl_scanner.entity_references,
 			NewRef=Sx#xmerl_scanner.entity_references,
 		    {Entity,external,T2,
@@ -2048,26 +2048,26 @@ scan_element(T, S=#xmerl_scanner{line=L,col=C},
     {Name, NamespaceInfo, T1, S1} = scan_name(T, S),
     vc_Element_valid(Name,NamespaceInfo,S),
     ?strip2,
-    scan_element(T2, S2, Pos, Name, L, C, _Attrs = [], 
-		 Lang, Parents, NamespaceInfo, NS, 
+    scan_element(T2, S2, Pos, Name, L, C, _Attrs = [],
+		 Lang, Parents, NamespaceInfo, NS,
 		 SpaceDefault).
 
 
 scan_element("/", S=#xmerl_scanner{continuation_fun = F},
-	     Pos, Name, StartL, StartC, Attrs, Lang, Parents, 
+	     Pos, Name, StartL, StartC, Attrs, Lang, Parents,
 	     NSI, NS, SpaceDefault) ->
     ?dbg("trailing / detected~n", []),
-    F(fun(MoreBytes, S1) -> scan_element("/" ++ MoreBytes, S1, 
-					 Pos, Name, StartL, StartC, Attrs, 
+    F(fun(MoreBytes, S1) -> scan_element("/" ++ MoreBytes, S1,
+					 Pos, Name, StartL, StartC, Attrs,
 					 Lang,Parents,NSI,NS,SpaceDefault) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
-scan_element([], S=#xmerl_scanner{continuation_fun = F}, 
-	     Pos, Name, StartL, StartC, Attrs, Lang, Parents, 
+scan_element([], S=#xmerl_scanner{continuation_fun = F},
+	     Pos, Name, StartL, StartC, Attrs, Lang, Parents,
 	     NSI, NS, SpaceDefault) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_element(MoreBytes, S1, 
-					 Pos, Name, StartL, StartC, Attrs, 
+    F(fun(MoreBytes, S1) -> scan_element(MoreBytes, S1,
+					 Pos, Name, StartL, StartC, Attrs,
 					 Lang,Parents,NSI,NS,SpaceDefault) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
@@ -2075,12 +2075,12 @@ scan_element("/>" ++ T, S0 = #xmerl_scanner{hook_fun = Hook,
 					    event_fun = Event,
 					    line = L, col = C,
 					    xmlbase_cache=XMLBase}, Pos,
-	     Name, _StartL, _StartC, Attrs0, Lang, Parents, NSI, 
+	     Name, _StartL, _StartC, Attrs0, Lang, Parents, NSI,
 	     Namespace, _SpaceDefault) ->
     ?bump_col(2),
     Attrs = lists:reverse(Attrs0),
     E=processed_whole_element(S, Pos, Name, Attrs, Lang, Parents,NSI,Namespace),
-    
+
     #xmlElement{attributes = Attrs1} = E,
     wfc_unique_att_spec(Attrs1,S),
     S1 = #xmerl_scanner{} = Event(#xmerl_event{event = ended,
@@ -2091,11 +2091,11 @@ scan_element("/>" ++ T, S0 = #xmerl_scanner{hook_fun = Hook,
     S2b=S2#xmerl_scanner{xmlbase=XMLBase},
     {Ret, T, S2b};
 scan_element(">", S=#xmerl_scanner{continuation_fun = F},
-	     Pos, Name, StartL, StartC, Attrs, Lang, Parents, 
+	     Pos, Name, StartL, StartC, Attrs, Lang, Parents,
 	     NSI, NS, SpaceDefault) ->
     ?dbg("trailing > detected~n", []),
-    F(fun(MoreBytes, S1) -> scan_element(">" ++ MoreBytes, S1, 
-					 Pos, Name, StartL, StartC, Attrs, 
+    F(fun(MoreBytes, S1) -> scan_element(">" ++ MoreBytes, S1,
+					 Pos, Name, StartL, StartC, Attrs,
 					 Lang,Parents,NSI,NS,SpaceDefault) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
@@ -2104,28 +2104,31 @@ scan_element(">" ++ T, S0 = #xmerl_scanner{event_fun = Event,
 					   line = L, col = C,
 					   xmlbase_cache=XMLBase,
 					   space = SpaceOption},
-	     Pos, Name, StartL, StartC, Attrs0, Lang, Parents, 
+	     Pos, Name, StartL, StartC, Attrs0, Lang, Parents,
 	     NSI, Namespace, SpaceDefault) ->
     ?bump_col(1),
     Attrs = lists:reverse(Attrs0),
-    wfc_unique_att_spec(Attrs,S),
-    XMLSpace = case lists:keysearch('xml:space', #xmlAttribute.name, Attrs) of
+    E0=processed_whole_element(S,Pos,Name,Attrs,Lang,Parents,NSI,Namespace),
+
+    #xmlElement{attributes = Attrs1} = E0,
+    wfc_unique_att_spec(Attrs1,S),
+    XMLSpace = case lists:keysearch('xml:space', #xmlAttribute.name, Attrs1) of
 		   false ->			SpaceDefault;
 		   {value, #xmlAttribute{value="default"}} ->	SpaceOption;
 		   {value, #xmlAttribute{value="preserve"}} ->	preserve;
 		   _ ->				SpaceDefault
 	       end,
-    
-    E0=processed_whole_element(S,Pos,Name,Attrs,Lang,Parents,NSI,Namespace),
+
+    E0=processed_whole_element(S,Pos,Name,Attrs1,Lang,Parents,NSI,Namespace),
     S1 = #xmerl_scanner{} = Event(#xmerl_event{event = started,
 					       line = StartL,
 					       col = StartC,
 					       data = E0}, S),
-    
-    {Content, T1, S2} = scan_content(T, S1, Name, Attrs, XMLSpace, 
+
+    {Content, T1, S2} = scan_content(T, S1, Name, Attrs1, XMLSpace,
 				     E0#xmlElement.language,
 				     [{Name, Pos}|Parents], Namespace),
-    
+
     Element=E0#xmlElement{content=Content,
 			  xmlbase=E0#xmlElement.xmlbase},
     S3 = #xmerl_scanner{} = Event(#xmerl_event{event = ended,
@@ -2135,7 +2138,7 @@ scan_element(">" ++ T, S0 = #xmerl_scanner{event_fun = Event,
     {Ret, S4} = Hook(Element, S3),
     S4b=S4#xmerl_scanner{xmlbase=XMLBase},
     {Ret, T1, S4b};
-scan_element(T, S, Pos, Name, StartL, StartC, Attrs, Lang, Parents, 
+scan_element(T, S, Pos, Name, StartL, StartC, Attrs, Lang, Parents,
 	     NSI, NS, SpaceDefault) ->
     {AttName, NamespaceInfo, T1, S1} = scan_name(T, S),
     {T2, S2} = scan_eq(T1, S1),
@@ -2144,14 +2147,14 @@ scan_element(T, S, Pos, Name, StartL, StartC, Attrs, Lang, Parents,
 %%    check_default_value(S3,DefaultDecl,AttValue),
     NewNS = check_namespace(AttName, NamespaceInfo, AttValue, NS),
     {T3,S3} = wfc_whitespace_betw_attrs(T3a,S3a),
-    ?strip4,  
+    ?strip4,
     AttrPos = case Attrs of
 		  [] ->
 		      1;
 		  [#xmlAttribute{pos = P}|_] ->
 		      P+1
 	      end,
-    Attr = #xmlAttribute{name = AttName, 
+    Attr = #xmlAttribute{name = AttName,
 			 parents = [{Name, Pos}|Parents],
 			 pos = AttrPos,
 			 language = Lang,
@@ -2161,10 +2164,10 @@ scan_element(T, S, Pos, Name, StartL, StartC, Attrs, Lang, Parents,
     XMLBase=if
 		AttName=='xml:base' ->
 		    resolve_relative_uri(AttValue,S4#xmerl_scanner.xmlbase);
-		true ->	
+		true ->
 		    S4#xmerl_scanner.xmlbase
 	    end,
-    
+
     #xmerl_scanner{event_fun = Event,
 		   line = Line,
 		   col = Col} = S4,
@@ -2174,7 +2177,7 @@ scan_element(T, S, Pos, Name, StartL, StartC, Attrs, Lang, Parents,
 			    data = Attr},
 	       S4#xmerl_scanner{xmlbase=XMLBase,
 				xmlbase_cache=S#xmerl_scanner.xmlbase}),
-    scan_element(T4, S5, Pos, Name, StartL, StartC, [Attr|Attrs], 
+    scan_element(T4, S5, Pos, Name, StartL, StartC, [Attr|Attrs],
 		 Lang, Parents, NSI, NewNS, SpaceDefault).
 
 get_default_attrs(S = #xmerl_scanner{rules_read_fun = Read}, ElemName) ->
@@ -2210,7 +2213,7 @@ resolve_relative_uri(NewBase,CurrentBase) ->
 processed_whole_element(S=#xmerl_scanner{hook_fun = _Hook,
 					 xmlbase = XMLBase,
 					 line = _L, col = _C,
-					 event_fun = _Event}, 
+					 event_fun = _Event},
 			Pos, Name, Attrs, Lang, Parents, NSI, Namespace) ->
     Language = check_language(Attrs, Lang),
 
@@ -2231,7 +2234,7 @@ processed_whole_element(S=#xmerl_scanner{hook_fun = _Hook,
 		Attrs
 	end,
 
-    {ExpName, ExpAttrs} = 
+    {ExpName, ExpAttrs} =
 	case S#xmerl_scanner.namespace_conformant of
 	    true ->
 		%% expand attribute names. We need to do this after having
@@ -2243,11 +2246,11 @@ processed_whole_element(S=#xmerl_scanner{hook_fun = _Hook,
 		%% should apply to those attributes as well.
 		%% Note that the default URI does not apply to attrbute names.
 		TempNamespace = Namespace#xmlNamespace{default = []},
-		ExpAttrsX = 
+		ExpAttrsX =
 		    [A#xmlAttribute{
 		       namespace=Namespace,
 		       expanded_name=expanded_name(
-				       A#xmlAttribute.name, 
+				       A#xmlAttribute.name,
 				       A#xmlAttribute.nsinfo,
 						% NSI,
 				       TempNamespace, S)} || A <- AllAttrs],
@@ -2277,7 +2280,7 @@ check_language([], Lang) ->
 
 check_namespace(xmlns, _, Value, NS) ->
     NS#xmlNamespace{default = list_to_atom(Value)};
-check_namespace(_, {"xmlns", Prefix}, Value, 
+check_namespace(_, {"xmlns", Prefix}, Value,
 		NS = #xmlNamespace{nodes = Ns}) ->
     NS#xmlNamespace{nodes = keyreplaceadd(
 			      Prefix, 1, Ns, {Prefix, list_to_atom(Value)})};
@@ -2322,7 +2325,7 @@ expanded_name(_Name, {Prefix, Local}, #xmlNamespace{nodes = Ns}, S) ->
 	    %% must be declared
 	    ?fatal({namespace_prefix_not_declared, Prefix}, S)
     end.
-		    
+
 
 
 
@@ -2348,7 +2351,7 @@ scan_att_value("%"++T,S0=#xmerl_scanner{rules_read_fun=Read,
 					rules_delete_fun=Delete},AttType) ->
     ?bump_col(1),
     {Name,T1,S1} = scan_pe_reference(T,S),
-    {ExpandedRef,S2} = 
+    {ExpandedRef,S2} =
 	case expand_pe_reference(Name,S1,in_literal) of
 	    Tuple when is_tuple(Tuple) ->
 		%% {system,URI} or {public,URI}
@@ -2386,9 +2389,9 @@ scan_att_chars([H|T], S0, H, Acc, TmpAcc,AttType,IsNorm) -> % End quote
     ?bump_col(1),
     check_att_default_val(S#xmerl_scanner.validation,TmpAcc,AttType,S),
     {Acc2,S2,IsNorm2} =
-	if 
+	if
 	    AttType == 'CDATA' -> {Acc,S,IsNorm};
-	    true -> 
+	    true ->
 		normalize(Acc,S,IsNorm)
 	end,
     {lists:flatten(lists:reverse(Acc2)), T, S2,IsNorm2};
@@ -2443,7 +2446,7 @@ check_att_default_val(dtd,RevName,Ent,S) ->
 check_att_default_val(_,_,_,_) ->
     ok.
 
-check_att_default_val(Name,Ent,S=#xmerl_scanner{rules_write_fun=Write}) 
+check_att_default_val(Name,Ent,S=#xmerl_scanner{rules_write_fun=Write})
   when Ent == 'ENTITY'; Ent == 'ENTITIES' ->
     case xmerl_lib:is_letter(hd(Name)) of
 	true -> ok;
@@ -2504,28 +2507,28 @@ valid_Char(_,_,C,S) ->
 %%%%%%% [43] content
 
 scan_content(T, S, Name, Attrs, Space, Lang, Parents, NS) ->
-    scan_content(T, S, _Pos = 1, Name, Attrs, Space, 
+    scan_content(T, S, _Pos = 1, Name, Attrs, Space,
                  Lang, Parents, NS, _Acc = [],_MarkupDel=[]).
 
 scan_content("<", S= #xmerl_scanner{continuation_fun = F},
             Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,_) ->
     ?dbg("trailing < detected~n", []),
-    F(fun(MoreBytes, S1) -> scan_content("<" ++ MoreBytes, S1, 
-					 Pos, Name, Attrs, 
+    F(fun(MoreBytes, S1) -> scan_content("<" ++ MoreBytes, S1,
+					 Pos, Name, Attrs,
 					 Space, Lang, Parents, NS, Acc,[]) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
-scan_content([], S=#xmerl_scanner{environment={external,{entity,_}}}, 
+scan_content([], S=#xmerl_scanner{environment={external,{entity,_}}},
              _Pos, _Name, _Attrs, _Space, _Lang, _Parents, _NS, Acc,_) ->
     {lists:reverse(Acc),[],S};
-scan_content([], S=#xmerl_scanner{environment=internal_parsed_entity}, 
+scan_content([], S=#xmerl_scanner{environment=internal_parsed_entity},
              _Pos, _Name, _Attrs, _Space, _Lang, _Parents, _NS, Acc,_) ->
     {lists:reverse(Acc),[],S};
-scan_content([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_content([], S=#xmerl_scanner{continuation_fun = F},
              Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,_) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_content(MoreBytes, S1, 
-					 Pos, Name, Attrs, 
+    F(fun(MoreBytes, S1) -> scan_content(MoreBytes, S1,
+					 Pos, Name, Attrs,
 					 Space, Lang, Parents, NS, Acc,[]) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
@@ -2542,10 +2545,10 @@ scan_content("</" ++ T, S0, _Pos, Name, _Attrs, _Space, _Lang,
     case T2 of
         ">" ++ T3 ->
             {lists:reverse(Acc), T3, S2};
-        _ -> 
+        _ ->
 	    ?fatal({error,{unexpected_end_of_STag}},S)
     end;
-scan_content([$&|_T]=Str, 
+scan_content([$&|_T]=Str,
 	     #xmerl_scanner{environment={external,{entity,EName}}} = S0,
 	     Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,_) ->
     {_EntV,T1,S1}=scan_entity_value(Str,S0 ,[],EName,general),
@@ -2564,13 +2567,13 @@ scan_content("&" ++ T, S0, Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,[]) -
 	_ ->
 	    scan_content(string_to_char_set(S1#xmerl_scanner.encoding,ExpRef)++T1,S1,Pos,Name,Attrs,Space,Lang,Parents,NS,Acc,[])
     end;
-scan_content("<!--" ++ T, S0=#xmerl_scanner{acc_fun = F, comments=CF}, Pos, Name, Attrs, Space, 
+scan_content("<!--" ++ T, S0=#xmerl_scanner{acc_fun = F, comments=CF}, Pos, Name, Attrs, Space,
 	     Lang, Parents, NS, Acc,[]) ->
     ?bump_col(4),
     {C, T1, S1} = scan_comment(T, S, Pos, Parents, Lang),
     case CF of
 	true ->
-	    {Acc2, Pos2, S3} = 
+	    {Acc2, Pos2, S3} =
 		case F(C, Acc, S1) of
 		    {Acc1, S2} ->
 			{Acc1, Pos + 1, S2};
@@ -2580,10 +2583,10 @@ scan_content("<!--" ++ T, S0=#xmerl_scanner{acc_fun = F, comments=CF}, Pos, Name
 	    scan_content(T1, S3, Pos2, Name, Attrs, Space, Lang, Parents, NS, Acc2,[]);
 	false ->
 	    scan_content(T1, S1, Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,[])
-    end;   
+    end;
 scan_content("<" ++ T, S0, Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,[]) ->
     ?bump_col(1),
-    {Markup, T1, S1} = 
+    {Markup, T1, S1} =
         scan_content_markup(T, S, Pos, Name, Attrs, Space, Lang, Parents, NS),
     AccF = S1#xmerl_scanner.acc_fun,
     {NewAcc, NewPos, NewS} = case AccF(Markup, Acc, S1) of
@@ -2599,10 +2602,10 @@ scan_content([_H|T], S= #xmerl_scanner{environment={external,{entity,_}}},
     %% Guess we have to scan the content to find any internal entity
     %% references.
     scan_content(T,S,Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,[]);
-scan_content(T, S=#xmerl_scanner{acc_fun = F, 
+scan_content(T, S=#xmerl_scanner{acc_fun = F,
 				 event_fun = Event,
 				 hook_fun=Hook,
-				 line = _L}, 
+				 line = _L},
              Pos, Name, Attrs, Space, Lang, Parents, NS, Acc,MarkupDel) ->
     Text0 = #xmlText{pos = Pos,
                      parents = Parents},
@@ -2625,7 +2628,7 @@ scan_content(T, S=#xmerl_scanner{acc_fun = F,
 		 Parents, NS, NewAcc,[]).
 
 
-scan_content_markup([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_content_markup([], S=#xmerl_scanner{continuation_fun = F},
 		    Pos, Name, Attrs, Space, Lang, Parents, NS) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes, S1) -> scan_content_markup(
@@ -2650,21 +2653,21 @@ scan_char_data(T, S, Space,MUD) ->
 
 scan_char_data([], S=#xmerl_scanner{environment={external,{entity,_}}},
 	       _Space,_MUD, Acc) ->
-    
+
     {lists:reverse(Acc), [], S};
 scan_char_data([], S=#xmerl_scanner{environment=internal_parsed_entity},
 	       _Space, _MUD,Acc) ->
-    
+
     {lists:reverse(Acc), [], S};
 scan_char_data([], S=#xmerl_scanner{continuation_fun = F}, Space, _MUD,Acc) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_char_data(MoreBytes,S1,Space,_MUD,Acc) end, 
+    F(fun(MoreBytes, S1) -> scan_char_data(MoreBytes,S1,Space,_MUD,Acc) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
 scan_char_data([$&|T], S,Space,"&",Acc) ->
     scan_char_data(T, S, Space,[], [$&|Acc]);
 scan_char_data(T=[$&|_], S,_Space,_MUD,Acc) ->
-    
+
     {lists:reverse(Acc), T, S};
 scan_char_data("]]>" ++ _T, S, _Space,_MUD, _Acc) ->
     %% See Section 2.4: Especially:
@@ -2676,7 +2679,7 @@ scan_char_data("]]>" ++ _T, S, _Space,_MUD, _Acc) ->
 scan_char_data([$<|T],S,Space,"<", Acc) ->
     scan_char_data(T, S, Space,[], [$<|Acc]);
 scan_char_data(T = [$<|_], S, _Space,_MUD,Acc) ->
-    
+
     {lists:reverse(Acc), T, S};
 scan_char_data(T = [H|R], S, Space,MUD, Acc) when ?whitespace(H) ->
     if
@@ -2769,7 +2772,7 @@ scan_reference(T, S) ->
 %% ampersand is not recognized as an entity-reference delimiter.)"
 %%
 %% How to achieve this? My current approach is to insert the *strings* "&",
-%% "<", ">", "'", and "\"" instead of the characters. The processor will 
+%% "<", ">", "'", and "\"" instead of the characters. The processor will
 %% ignore them when performing multiple expansions. This means, for now, that
 %% the character data output by the processor is (1-2 levels) deep.
 %% At some suitable point, we should flatten these, so that application-level
@@ -2798,7 +2801,7 @@ scan_entity_ref("quot;" ++ T, S0) ->
 scan_entity_ref(T, S) ->
     {Name, _NamespaceInfo, T1, S1} = scan_name(T, S),
     T2 = scan_mandatory(";",T1,1,S1,expected_entity_reference_semicolon),
-%    ";" ++ T2 = T1, 
+%    ";" ++ T2 = T1,
     S2 = S1,
     Entity = expand_reference(Name, S2),
     {Entity, T2, S2}.
@@ -2809,7 +2812,7 @@ scan_entity_ref(T, S) ->
 scan_pe_reference(T, S) ->
     {Name, _NamespaceInfo, T1, S1} = scan_name(T, S),
     T2 = scan_mandatory(";",T1,1,S1,expected_parsed_entity_reference_semicolon),
-%    ";" ++ T2 = T1, 
+%    ";" ++ T2 = T1,
     {Name, T2, S1#xmerl_scanner{col = S1#xmerl_scanner.col+1}}.
 
 expand_pe_reference(Name, #xmerl_scanner{rules_read_fun = Read} = S,WS) ->
@@ -2836,7 +2839,7 @@ expand_pe_reference(Name, #xmerl_scanner{rules_read_fun = Read} = S,WS) ->
 % 	Result ->
 % 	    fetch_DTD(Result,S)
 %     end.
-    
+
 
 %%%%%%% [68] EntityReference
 
@@ -2915,15 +2918,15 @@ scan_eq(T, S) ->
 
 %% scan_name/2
 %%
-%% We perform some checks here to make sure that the names conform to 
+%% We perform some checks here to make sure that the names conform to
 %% the "Namespaces in XML" specification. This is an option.
-%% 
+%%
 %% Qualified Name:
 %% [6]      QName ::= (Prefix ':')? LocalPart
 %% [7]     Prefix ::= NCName
 %% [8]  LocalPart ::= NCName
 %% [4]     NCName ::= (Letter | '_') (NCNameChar)*
-%% [5] NCNameChar ::= Letter | Digit | '.' | '-' | '_' 
+%% [5] NCNameChar ::= Letter | Digit | '.' | '-' | '_'
 %%                    | CombiningChar | Extender
 
 
@@ -2937,9 +2940,9 @@ scan_eq(T, S) ->
 %%
 scan_name_no_colons(Str, S) ->
     NSC = S#xmerl_scanner.namespace_conformant,
-    case NSC of 
+    case NSC of
 	true ->
-	    {Target, NSI, T1, S1} = 
+	    {Target, NSI, T1, S1} =
 		scan_name(Str,S#xmerl_scanner{namespace_conformant=no_colons}),
 	    {Target,NSI,T1,S1#xmerl_scanner{namespace_conformant=NSC}};
 	false ->
@@ -2951,7 +2954,7 @@ scan_name_no_colons(Str, S) ->
 %% [5] Name ::= (Letter | '_' | ':') (NameChar)*
 scan_name([], S=#xmerl_scanner{continuation_fun = F}) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_name(MoreBytes, S1) end, 
+    F(fun(MoreBytes, S1) -> scan_name(MoreBytes, S1) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
 scan_name(Str = [$:|T], S0 = #xmerl_scanner{namespace_conformant = NSC}) ->
@@ -3014,15 +3017,15 @@ scan_nmtoken(Str, S) ->
     {Ch,T} = to_ucs(S#xmerl_scanner.encoding,Str),
     case xmerl_lib:is_namechar(Ch) of
 	true ->
-	    scan_nmtoken(T, S#xmerl_scanner{col = S#xmerl_scanner.col+1}, 
-			 _Acc = [Ch], _Prefix = [], _Local = [Ch], 
+	    scan_nmtoken(T, S#xmerl_scanner{col = S#xmerl_scanner.col+1},
+			 _Acc = [Ch], _Prefix = [], _Local = [Ch],
 			 _NamespaceConformant = false,isLatin1(Ch,true));
 	false ->
 	    ?fatal({invalid_nmtoken, lists:sublist(Str, 1, 6)}, S)
     end.
 
 
-scan_nmtoken([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_nmtoken([], S=#xmerl_scanner{continuation_fun = F},
 	     Acc, Prefix, Local, NSC,IsLatin1) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes, S1) -> scan_nmtoken(MoreBytes,S1,Acc,Prefix,Local,NSC,IsLatin1) end,
@@ -3036,16 +3039,16 @@ scan_nmtoken(Str = [H|_], S, Acc, Prefix, Local, _NSC,true) when ?whitespace(H)
     NmString = lists:reverse(Acc),
     {list_to_atom(NmString), namespace_info(Prefix, Local), Str, S};
 scan_nmtoken(Str = [$:|_], S, Acc, [], _Local, no_colons,_IsLatin1) ->
-    ?fatal({invalid_NCName, 
+    ?fatal({invalid_NCName,
 	    lists:sublist(lists:reverse(Acc) ++ Str, 1, 6)}, S);
 scan_nmtoken([$:|T], S0, Acc, [], Local, NSC, IsLatin1) ->
     ?bump_col(1),
     scan_nmtoken(T, S, [$:|Acc], lists:reverse(Local), [], NSC,IsLatin1);
 scan_nmtoken(Str = [$:|_T], S, Acc, _Prefix, _Local, _NSC = true,_IsLatin1) ->
     %% non-empty Prefix means that we've encountered a ":" already.
-    %% Conformity with "Namespaces in XML" requires 
+    %% Conformity with "Namespaces in XML" requires
     %% at most one colon in a name
-    ?fatal({invalid_NCName, 
+    ?fatal({invalid_NCName,
 	    lists:sublist(lists:reverse(Acc) ++ Str, 1, 6)}, S);
 
 %% non-namechar also marks the end of a name
@@ -3078,7 +3081,7 @@ isLatin1(_,_) ->
 
 scan_system_literal([], S=#xmerl_scanner{continuation_fun = F}) ->
     ?dbg("cont()...~n", []),
-    F(fun(MoreBytes, S1) -> scan_system_literal(MoreBytes, S1) end, 
+    F(fun(MoreBytes, S1) -> scan_system_literal(MoreBytes, S1) end,
       fun(S1) -> ?fatal(unexpected_end, S1) end,
       S);
 scan_system_literal("\"" ++ T, S) ->
@@ -3087,7 +3090,7 @@ scan_system_literal("'" ++ T, S) ->
     scan_system_literal(T, S, $', []).
 
 
-scan_system_literal([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_system_literal([], S=#xmerl_scanner{continuation_fun = F},
 		    Delimiter, Acc) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes, S1) -> scan_system_literal(MoreBytes,S1,Delimiter,Acc) end,
@@ -3100,7 +3103,7 @@ scan_system_literal("#"++_R, S, _H, _Acc) ->
     ?fatal(fragment_identifier_in_system_literal,S);
 scan_system_literal(Str, S, Delimiter, Acc) ->
     {Ch,T} = to_ucs(S#xmerl_scanner.encoding,Str),
-    scan_system_literal(T, S#xmerl_scanner{col = S#xmerl_scanner.col+1}, 
+    scan_system_literal(T, S#xmerl_scanner{col = S#xmerl_scanner.col+1},
 			Delimiter, [Ch|Acc]).
 
 
@@ -3117,7 +3120,7 @@ scan_pubid_literal([H|_T], S) ->
     ?fatal({invalid_pubid_char, H}, S).
 
 
-scan_pubid_literal([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_pubid_literal([], S=#xmerl_scanner{continuation_fun = F},
 		   Delimiter, Acc) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes, S1) -> scan_pubid_literal(MoreBytes,S1,Delimiter,Acc) end,
@@ -3134,7 +3137,7 @@ scan_pubid_literal([H|T], S, Delimiter, Acc) ->
     case is_pubid_char(H) of
 	true ->
 	    scan_pubid_literal(
-	      T, S#xmerl_scanner{col = S#xmerl_scanner.col+1}, 
+	      T, S#xmerl_scanner{col = S#xmerl_scanner.col+1},
 	      Delimiter, [H|Acc]);
 	false ->
 	    ?fatal({invalid_pubid_char, H}, S)
@@ -3186,7 +3189,7 @@ scan_contentspec(_Str,S) ->
 scan_elem_content(T, S) ->
     scan_elem_content(T, S, _Context = children, _Mode = unknown, _Acc = []).
 
-scan_elem_content([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_elem_content([], S=#xmerl_scanner{continuation_fun = F},
 		  Context, Mode, Acc) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes,S1) -> scan_elem_content(MoreBytes,S1,Context,Mode,Acc) end,
@@ -3207,7 +3210,7 @@ scan_elem_content(")" ++ T, S0, Context, Mode0, Acc0) ->
                                          % more names than '#PCDATA'
                                          % and no '*'.
 	{'*', mixed,_} -> ok;
-	{Other, mixed,_} -> 
+	{Other, mixed,_} ->
 	    ?fatal({illegal_for_mixed_content, Other}, S1);
 	_ ->
 	    ok
@@ -3216,7 +3219,7 @@ scan_elem_content(")" ++ T, S0, Context, Mode0, Acc0) ->
     {format_elem_content({Occurrence, {Mode, Acc}}), T2, S2};
 scan_elem_content("#PCDATA" ++ _T, S, not_mixed, _Mode, _Acc) ->
     ?fatal({error,{extra_set_of_parenthesis}},S);
-scan_elem_content("#PCDATA" ++ _T, S, _Cont, Mode, Acc) 
+scan_elem_content("#PCDATA" ++ _T, S, _Cont, Mode, Acc)
   when Mode==choice;Mode==seq;Acc/=[] ->
     ?fatal({error,{invalid_format_of_mixed_content}},S);
 scan_elem_content("#PCDATA" ++ T, S0, _Context, Mode, Acc) ->
@@ -3259,7 +3262,7 @@ scan_elem_content2(T, S, Context, Mode, Acc) ->
     {Occurrence, T2, S2} = scan_occurrence(T1, S1),
     case {Occurrence, Context} of
 	{once, mixed} -> ok;
-	{Other, mixed} -> 
+	{Other, mixed} ->
 	    ?fatal({illegal_for_mixed_content, Other}, S1);
 	_ ->
 	    ok
@@ -3305,17 +3308,17 @@ vc_Valid_Char(_AT,C,S) ->
 
 
 
-vc_ID_Attribute_Default(_,#xmerl_scanner{validation=Valid}) 
+vc_ID_Attribute_Default(_,#xmerl_scanner{validation=Valid})
   when Valid /= dtd ->
-    ok;  
-vc_ID_Attribute_Default({_,'ID',_,Def,_},_S) 
+    ok;
+vc_ID_Attribute_Default({_,'ID',_,Def,_},_S)
   when Def=='#IMPLIED';Def=='#REQUIRED' ->
     ok;
 vc_ID_Attribute_Default({_,'ID',_,Def,_},S) ->
     ?fatal({error,{validity_constraint_error_ID_Attribute_Default,Def}},S).
 
-vc_Enumeration({_Name,{_,NameList},DefaultVal,_,_},S) 
-  when is_list(DefaultVal) ->    
+vc_Enumeration({_Name,{_,NameList},DefaultVal,_,_},S)
+  when is_list(DefaultVal) ->
     case lists:member(list_to_atom(DefaultVal),NameList) of
 	true ->
 	    ok;
@@ -3338,12 +3341,12 @@ vc_Entity_Name({_,'ENTITIES',DefaultVal,_,_},S) when is_list(DefaultVal) ->
     Read = S#xmerl_scanner.rules_read_fun,
     NameListFun = fun([],Acc,_St,_Fun) ->
 		       lists:reverse(Acc);
-		  (Str,Acc,St,Fun) -> 
+		  (Str,Acc,St,Fun) ->
 		       {N,_,St2,Str2} = scan_name(Str,St),
 		       Fun(Str2,[N|Acc],St2,Fun)
 	       end,
     NameList = NameListFun(DefaultVal,[],S,NameListFun),
-    VcFun = 
+    VcFun =
 	fun(X) ->
 		case Read(entity,X,S) of
 		    {_,external,{_,{ndata,_}}} ->
@@ -3356,7 +3359,7 @@ vc_Entity_Name({_,'ENTITIES',_,_,_},_S) ->
     ok.
 
 vc_No_Duplicate_Types(#xmerl_scanner{validation=dtd} = S,mixed,Acc) ->
-    CheckDupl = 
+    CheckDupl =
 	fun([H|T],F) ->
 		case lists:member(H,T) of
 		    true ->
@@ -3519,7 +3522,7 @@ scan_notation_decl1("PUBLIC" ++ T, S0) ->
     ?strip3,
     case T3 of
 	">" ++ _ ->
-	    {{public, PIDL}, T3, 
+	    {{public, PIDL}, T3,
 	     S3#xmerl_scanner{col = S3#xmerl_scanner.col+1}};
 	_ ->
 	    {SL, T4, S4} = scan_system_literal(T3, S3),
@@ -3570,7 +3573,7 @@ scan_entity_value([],S,
 scan_entity_value([],S=#xmerl_scanner{validation=dtd},
 		  no_delim,_Acc,PEName,_,_PENesting) ->
     {{error,{failed_VC_Proper_Declaration_PE_Nesting,2,PEName}},[],S};
-scan_entity_value([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_entity_value([], S=#xmerl_scanner{continuation_fun = F},
 		  Delim, Acc, PEName,Namespace,PENesting) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes, S1) ->
@@ -3589,7 +3592,7 @@ scan_entity_value([Delim|T], S0,
 scan_entity_value("%" ++ _T,S=#xmerl_scanner{environment=prolog},_,_,_,_,_) ->
     ?fatal({error,{wfc_PEs_In_Internal_Subset}},S);
 % %% This is a PEdecl in an external entity
-% scan_entity_value([$%,WS|T], S0, Delim, Acc, PEName,Namespace,PENesting) 
+% scan_entity_value([$%,WS|T], S0, Delim, Acc, PEName,Namespace,PENesting)
 %   when ?whitespace(WS) ->
 %     ?bump_col(2),
 %     scan_entity_value(T, S, Delim, [WS,$%|Acc], PEName,Namespace,PENesting);
@@ -3599,7 +3602,7 @@ scan_entity_value("%" ++ T, S0, Delim, Acc, PEName,Namespace,PENesting) ->
     if PERefName == PEName,Namespace==parameter ->
 	    ?fatal({illegal_recursion_in_PE, PEName}, S1);
        true ->
-	    {ExpandedRef,S2} = 
+	    {ExpandedRef,S2} =
 		case expand_pe_reference(PERefName, S1, in_literal) of
 		    %% actually should pe ref be expanded as_PE but
 		    %% handle whitespace explicitly in this case.
@@ -3607,7 +3610,7 @@ scan_entity_value("%" ++ T, S0, Delim, Acc, PEName,Namespace,PENesting) ->
 			%% {system,URI} or {public,URI}
 			%% Included in literal.
 			{ExpRef,Sx}=fetch_not_parse(Tuple,S1),
-			{EntV, _, S5} = 
+			{EntV, _, S5} =
 		 	    scan_entity_value(ExpRef, Sx, no_delim,[],
 					      PERefName,parameter,[]),
 			%% should do an update Write(parameter_entity)
@@ -3727,7 +3730,7 @@ scan_entity_value(")"++ T,S0,Delim,Acc,PEName, parameter=NS,PENesting) ->
     scan_entity_value(T,S,Delim,[")"|Acc],PEName,NS,
 		      pe_pop(")",PENesting,S));
 scan_entity_value("\n"++T, S, Delim, Acc, PEName,Namespace,PENesting) ->
-    scan_entity_value(T, S#xmerl_scanner{line=S#xmerl_scanner.line+1}, 
+    scan_entity_value(T, S#xmerl_scanner{line=S#xmerl_scanner.line+1},
 		      Delim, ["\n"|Acc], PEName,Namespace,PENesting);
 scan_entity_value(Str, S0, Delim, Acc, PEName,Namespace,PENesting) ->
     {Ch,T} = to_ucs(S0#xmerl_scanner.encoding,Str),
@@ -3770,7 +3773,7 @@ save_refed_entity_name1(Name,PEName,
 pe_push(Tok,Stack,_S) when Tok=="<!";Tok=="<?";Tok=="<!--";Tok=="<![";
 			   Tok=="[";Tok=="<";Tok=="</";Tok=="(" ->
     [Tok|Stack];
-pe_push(Tok,Stack,#xmerl_scanner{validation=dtd}) 
+pe_push(Tok,Stack,#xmerl_scanner{validation=dtd})
   when Tok==")";Tok==">";Tok=="?>";Tok=="]]>";Tok=="-->";Tok=="/>"->
     [Tok|Stack];
 pe_push(_,Stack,_S) ->
@@ -3838,10 +3841,10 @@ scan_comment(Str,S=#xmerl_scanner{col=C,event_fun=Event}, Pos, Parents, Lang) ->
 					       col = C,
 					       pos = Pos,
 					       data = Comment}, S),
-    
+
     scan_comment1(Str, S1, Pos, Comment, _Acc = []).
 
-scan_comment1([], S=#xmerl_scanner{continuation_fun = F}, 
+scan_comment1([], S=#xmerl_scanner{continuation_fun = F},
 	     Pos, Comment, Acc) ->
     ?dbg("cont()...~n", []),
     F(fun(MoreBytes, S1) -> scan_comment1(MoreBytes, S1, Pos, Comment, Acc) end,
@@ -3849,7 +3852,7 @@ scan_comment1([], S=#xmerl_scanner{continuation_fun = F},
       S);
 scan_comment1("-->" ++ T, S0 = #xmerl_scanner{col = C,
 					     event_fun = Event,
-					     hook_fun = Hook}, 
+					     hook_fun = Hook},
 	     _Pos, Comment, Acc) ->
     ?bump_col(3),
     Comment1 = Comment#xmlComment{value = lists:reverse(Acc)},
@@ -3957,9 +3960,9 @@ normalize(T,S,IsNorm) ->
     end.
 
 
-%% Optimization: 
+%% Optimization:
 %% - avoid building list of spaces or tabs;
-%% - avoid reverse; 
+%% - avoid reverse;
 %% - compact two common indentation patterns.
 %% Note: only to be called when a \n was found.
 fast_accumulate_whitespace(" " ++ T, S, _) ->
@@ -3971,7 +3974,7 @@ fast_accumulate_whitespace("<"++_=R, S, _T) ->
     {done, {element(3, CD), R, S#xmerl_scanner{col = 1, line = Line + 1}}};
 fast_accumulate_whitespace(_, S, T) ->
     accumulate_whitespace(T, S, []).
-    
+
 fast_acc_spaces(" " ++ T, S, N) ->
     fast_acc_spaces(T, S, N + 1);
 fast_acc_spaces(T, S, N) ->
@@ -3985,18 +3988,18 @@ fast_acc_tabs(T, S, N) ->
 fast_acc_end(T, S, N, Col, C, CD_I) ->
     #xmerl_scanner{common_data = CD, line = Line0} = S,
     Line = Line0 + 1,
-    try 
+    try
         $< = hd(T),
-        {done,{element(N, element(CD_I, CD)), T, 
+        {done,{element(N, element(CD_I, CD)), T,
                S#xmerl_scanner{col = Col, line = Line}}}
-    catch _:_ -> 
+    catch _:_ ->
         accumulate_whitespace(T, S, Line, Col, lists:duplicate(N, C)++"\n")
     end.
-    
+
 
 %%% @spec accumulate_whitespace(T::string(),S::global_state(),
 %%%                             atom(),Acc::string()) -> {Acc, T1, S1}
-%%%     
+%%%
 %%% @doc Function to accumulate and normalize whitespace.
 accumulate_whitespace(T, S, preserve, Acc) ->
     accumulate_whitespace(T, S, Acc);
@@ -4055,19 +4058,19 @@ schemaLocations(El,#xmerl_scanner{schemaLocation=SL}) ->
 	    schemaLocations(El)
     end.
 
-schemaLocations(#xmlElement{attributes=Atts,xmlbase=_Base}) -> 
+schemaLocations(#xmlElement{attributes=Atts,xmlbase=_Base}) ->
     Pred = fun(#xmlAttribute{name=schemaLocation}) -> false;
 	      (#xmlAttribute{nsinfo={_,"schemaLocation"}}) -> false;
 	      (_) -> true
 	   end,
     case lists:dropwhile(Pred,Atts) of
 	[#xmlAttribute{value=Paths}|_] ->
-	    
+
 	    case string:tokens(Paths," \n\t\r") of
 		L when length(L) > 0 ->
 		    case length(L) rem 2 of
 			0 ->
-			    PairList = 
+			    PairList =
 				fun([],_Fun) ->
 					[];
 				   ([SLNS,SLLoc|Rest],Fun) ->
@@ -4137,7 +4140,7 @@ to_ucs(Encoding, Chars) when Encoding=="utf-8"; Encoding == undefined ->
     utf8_2_ucs(Chars);
 to_ucs(_,[C|Rest]) ->
     {C,Rest}.
-    
+
 utf8_2_ucs([A,B,C,D|Rest]) when A band 16#f8 =:= 16#f0,
 			      B band 16#c0 =:= 16#80,
 			      C band 16#c0 =:= 16#80,
@@ -4226,7 +4229,7 @@ string_to_char_set(_,Str) ->
 %% 	{{_,{_,Tot}},Tot110} when Tot > Tot110 ->
 %% 	    io:format("From ~p to ~p, total memory: ~p (~p)~n",[OldLine,Line,Tot,OldTot]),
 %% 	    Tot;
-%% 	{{_,{_,Tot}},_} ->    
+%% 	{{_,{_,Tot}},_} ->
 %% 	    Tot
 %%     end,
 %%     put_total({NewTot,Line}).
diff --git a/lib/xmerl/src/xmerl_uri.erl b/lib/xmerl/src/xmerl_uri.erl
index a0c6f1c2a7..1864651491 100644
--- a/lib/xmerl/src/xmerl_uri.erl
+++ b/lib/xmerl/src/xmerl_uri.erl
@@ -358,7 +358,7 @@ scan_host(C0) ->
 %% 							  Hex3=<?HEX;
 %% 							  Hex4=<?HEX ->
 %% 	    {C1,lists:reverse(lists:append(IPv6address))};
-	{C1,Hostname,[A|_HostF]} -> 
+	{C1,Hostname,[_A|_HostF]} -> 
 	    {C1,lists:reverse(lists:append(Hostname))}
 %%	_ ->
 %%	    {error,no_host}
diff --git a/lib/xmerl/src/xmerl_validate.erl b/lib/xmerl/src/xmerl_validate.erl
index 4028fef2b9..60f228474b 100644
--- a/lib/xmerl/src/xmerl_validate.erl
+++ b/lib/xmerl/src/xmerl_validate.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/xmerl/src/xmerl_xpath_lib.erl b/lib/xmerl/src/xmerl_xpath_lib.erl
index 096f54ec30..b37bdc93f9 100644
--- a/lib/xmerl/src/xmerl_xpath_lib.erl
+++ b/lib/xmerl/src/xmerl_xpath_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2008-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/xmerl/src/xmerl_xpath_parse.yrl b/lib/xmerl/src/xmerl_xpath_parse.yrl
index f60cea0a2e..381ea20193 100644
--- a/lib/xmerl/src/xmerl_xpath_parse.yrl
+++ b/lib/xmerl/src/xmerl_xpath_parse.yrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/xmerl/src/xmerl_xpath_pred.erl b/lib/xmerl/src/xmerl_xpath_pred.erl
index 855b8599fe..b94f3bb14d 100644
--- a/lib/xmerl/src/xmerl_xpath_pred.erl
+++ b/lib/xmerl/src/xmerl_xpath_pred.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/xmerl/src/xmerl_xpath_scan.erl b/lib/xmerl/src/xmerl_xpath_scan.erl
index 10e2756e74..f0a5bd35a3 100644
--- a/lib/xmerl/src/xmerl_xpath_scan.erl
+++ b/lib/xmerl/src/xmerl_xpath_scan.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -287,6 +287,7 @@ strip_ws(T) ->
 
 special_token('@') -> true;
 special_token('::') -> true;
+special_token(',') -> true;
 special_token('(') -> true;
 special_token('[') -> true;
 special_token('/') -> true;