diff -ruN openssh-5.2p1+x509-6.2/dns.c openssh-5.2p1+x509-6.2.1/dns.c
--- openssh-5.2p1+x509-6.2/dns.c	2009-02-23 21:06:01.000000000 +0200
+++ openssh-5.2p1+x509-6.2.1/dns.c	2009-08-03 09:06:01.000000000 +0300
@@ -41,6 +41,7 @@
 #include "xmalloc.h"
 #include "key.h"
 #include "ssh-x509.h"
+#include "uuencode.h"
 #include "dns.h"
 #include "log.h"
 
diff -ruN openssh-5.2p1+x509-6.2/README.x509v3 openssh-5.2p1+x509-6.2.1/README.x509v3
--- openssh-5.2p1+x509-6.2/README.x509v3	2008-03-31 20:43:34.000000000 +0300
+++ openssh-5.2p1+x509-6.2.1/README.x509v3	2009-08-03 01:26:31.000000000 +0300
@@ -131,7 +131,7 @@
 c)/O=Test Team/OU=OpenSSH Testers/C=XX/ST=World/CN=dsa test certificate
 d)O=Test Team,OU=OpenSSH Testers/C=XX,ST=World/CN=dsa test certificate
 
-- CertBlob is uuencoded sequence of bytes in only one line.
+- CertBlob is base64 encoded sequence of bytes in only one line.
 
 Shell sample:
 - "Distinguished Name" format:
diff -ruN openssh-5.2p1+x509-6.2/ssh-ocsp.c openssh-5.2p1+x509-6.2.1/ssh-ocsp.c
--- openssh-5.2p1+x509-6.2/ssh-ocsp.c	2007-10-04 23:12:47.000000000 +0300
+++ openssh-5.2p1+x509-6.2.1/ssh-ocsp.c	2009-08-03 01:37:57.000000000 +0300
@@ -43,6 +43,49 @@
 #  include <openssl/ssl.h>
 #endif
 
+#ifdef sk_OPENSSL_STRING_new_null
+/*
+ * STACK_OF(OPENSSL_STRING) is defined for openssl version >= 1.1
+ * (OPENSSL_VERSION_NUMBER >= 0x10100000L).
+ * NOTE: We will test for definition of sk_OPENSSL_STRING_new_null
+ * instead openssl version number !
+ */
+#define ssh_sk_OPENSSL_STRING		STACK_OF(OPENSSL_STRING)
+
+#if 0
+/*
+.../ssh-ocsp.c: In function 'ssh_ocsp_validate2':
+.../ssh-ocsp.c:840: warning: pointer type mismatch in conditional expression
+.../ssh-ocsp.c:840: warning: ISO C forbids conversion of object pointer to function pointer type
+*/
+#undef sk_OPENSSL_STRING_pop_free
+#define SSH_CHECKED_SK_FREE_FUNC2(type, p) \
+    ((void (*)(void *)) ((1 ? (void (*)(type))p : (void (*)(type))0)))
+
+#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(\
+  CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), \
+  SSH_CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func) \
+)
+#endif
+
+#else
+#ifdef sk_STRING_new_null
+/*some OpenSSL 1.0 pre and release candidate */
+# define ssh_sk_OPENSSL_STRING		STACK_OF(STRING)
+# define sk_OPENSSL_STRING_new_null	sk_STRING_new_null
+# define sk_OPENSSL_STRING_push		sk_STRING_push
+# define sk_OPENSSL_STRING_num		sk_STRING_num
+# define sk_OPENSSL_STRING_value	sk_STRING_value
+# define sk_OPENSSL_STRING_pop_free	sk_STRING_pop_free
+#else
+# define ssh_sk_OPENSSL_STRING		STACK
+# define sk_OPENSSL_STRING_new_null	sk_new_null
+# define sk_OPENSSL_STRING_push		sk_push
+# define sk_OPENSSL_STRING_num		sk_num
+# define sk_OPENSSL_STRING_value	sk_value
+# define sk_OPENSSL_STRING_pop_free	sk_pop_free
+#endif
+#endif
 
 static VAOptions va = { SSHVA_NONE, NULL, NULL };
 
@@ -261,7 +304,7 @@
 	X509_STORE* x509store,
 	OCSP_REQUEST *req,
 	STACK_OF(OCSP_CERTID) *ids,
-	STACK *subjs
+	ssh_sk_OPENSSL_STRING *subjs
 ) {
 	X509        *issuer = NULL;
 	OCSP_CERTID *id = NULL;
@@ -316,7 +359,7 @@
 		return(0);
 	}
 	subj = ssh_X509_NAME_oneline(X509_get_subject_name(cert)); /*fatal on error*/
-	if (!sk_push(subjs, subj)) {
+	if (!sk_OPENSSL_STRING_push(subjs, subj)) {
 		error("ssh_ocspreq_addcert: sk_push(..., subj) fail");
 		return(0);
 	}
@@ -520,7 +563,7 @@
 	 * OCSP_sendreq_bio accept null as path argument but if path
 	 * is null http request will contain <NULL> what is incorrect.
 	 */
-	resp = OCSP_sendreq_bio(bio_conn, (conn->path ? conn->path : "/") , req);
+	resp = OCSP_sendreq_bio(bio_conn, (char*)(conn->path ? conn->path : "/") , req);
 	if (resp == NULL) {
 		openssl_error("ssh_ocsp_get_response", "OCSP_sendreq_bio");
 	}
@@ -650,7 +693,7 @@
 	OCSP_REQUEST *req,
 	OCSP_BASICRESP *br,
 	STACK_OF(OCSP_CERTID) *ids,
-	STACK *subjs
+	ssh_sk_OPENSSL_STRING *subjs
 ) {
 	int ret = 1;
 	/* Maximum leeway in validity period: default 5 minutes */
@@ -675,17 +718,17 @@
 			, sk_OCSP_CERTID_num(ids));
 		return(-1);
 	}
-	if (sk_OCSP_CERTID_num(subjs) <= 0) {
+	if (sk_OPENSSL_STRING_num(subjs) <= 0) {
 		error("ssh_ocsp_check_validity:"
 			" number of subjs is %d"
-			, sk_OCSP_CERTID_num(subjs));
+			, sk_OPENSSL_STRING_num(subjs));
 		return(-1);
 	}
-	if (sk_OCSP_CERTID_num(ids) != sk_OCSP_CERTID_num(subjs)) {
+	if (sk_OCSP_CERTID_num(ids) != sk_OPENSSL_STRING_num(subjs)) {
 		error("ssh_ocsp_check_validity:"
 			" ids(%d) != subjs(%d)"
 			, sk_OCSP_CERTID_num(ids)
-			, sk_OCSP_CERTID_num(subjs));
+			, sk_OPENSSL_STRING_num(subjs));
 		return(-1);
 	}
 
@@ -693,7 +736,7 @@
 		OCSP_CERTID *id = sk_OCSP_CERTID_value(ids, k);
 
 		if (get_log_level() >= SYSLOG_LEVEL_DEBUG3) {
-			char *subject = sk_value(subjs, k);
+			char *subject = sk_OPENSSL_STRING_value(subjs, k);
 			debug3("ssh_ocsp_check_validity: cert[%d]='%s'", k, subject);
 		}
 
@@ -765,7 +808,7 @@
 	STACK_OF(X509)        *vacrts = NULL;
 	OCSP_REQUEST          *req = OCSP_REQUEST_new();
 	STACK_OF(OCSP_CERTID) *ids = sk_OCSP_CERTID_new_null();
-	STACK                 *subjs = sk_new_null();
+	ssh_sk_OPENSSL_STRING *subjs = sk_OPENSSL_STRING_new_null();
 	OCSP_RESPONSE         *resp = NULL;
 	OCSP_BASICRESP        *br = NULL;
 
@@ -806,7 +849,7 @@
 exit:
 	if (br     != NULL)	OCSP_BASICRESP_free(br);
 	if (resp   != NULL)	OCSP_RESPONSE_free(resp);
-	if (subjs  != NULL)	sk_pop_free(subjs, xfree);
+	if (subjs  != NULL)	sk_OPENSSL_STRING_pop_free(subjs, xfree);
 	if (ids    != NULL)	sk_OCSP_CERTID_free(ids);
 	if (req    != NULL)	OCSP_REQUEST_free(req);
 	if (vacrts != NULL)	sk_X509_pop_free(vacrts, X509_free);
@@ -819,7 +862,7 @@
 ssh_aia_get(X509_EXTENSION *ext) {
 	X509V3_EXT_METHOD *method = NULL;
 	void *ext_str = NULL;
-	unsigned char *p;
+	const unsigned char *p;
 	int len;
 
 	if (ext == NULL) {
@@ -827,7 +870,7 @@
 		return(NULL);
 	}
 
-	method = X509V3_EXT_get(ext);
+	method = (X509V3_EXT_METHOD*) X509V3_EXT_get(ext);
 	if (method == NULL) {
 		debug("ssh_aia_get: cannot get method");
 		return(NULL);
@@ -858,7 +901,7 @@
 		return;
 	}
 
-	method = X509V3_EXT_get(ext);
+	method = (X509V3_EXT_METHOD*) X509V3_EXT_get(ext);
 	if (method == NULL) return;
 
 	if (method->it) {
diff -ruN openssh-5.2p1+x509-6.2/ssh-xkalg.c openssh-5.2p1+x509-6.2.1/ssh-xkalg.c
--- openssh-5.2p1+x509-6.2/ssh-xkalg.c	2007-08-06 21:20:15.000000000 +0300
+++ openssh-5.2p1+x509-6.2.1/ssh-xkalg.c	2009-07-31 19:34:20.000000000 +0300
@@ -41,9 +41,16 @@
 #endif
 
 
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+#define EVP_PKEY_DSARAW_method	\
+	(evp_sign_method *)DSARAW_sign, \
+	(evp_verify_method *)DSARAW_verify, \
+	{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,EVP_PKEY_DSA4,0}
+#else
 #define EVP_PKEY_DSARAW_method	\
 	DSARAW_sign,DSARAW_verify, \
 	{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,EVP_PKEY_DSA4,0}
+#endif
 
 
 static int/*bool*/
@@ -57,6 +64,7 @@
 	int ret = 0;
 	DSA_SIG *sig = NULL;
 
+	(void) type;
 #ifdef TRACE_XKALG
 fprintf(stderr, "TRACE_XKALG DSARAW_sign:\n");
 #endif
@@ -97,6 +105,7 @@
 	int ret = -1;
 	DSA_SIG *sig = NULL;
 
+	(void) type;
 #ifdef TRACE_XKALG
 fprintf(stderr, "TRACE_XKALG DSARAW_verify: siglen=%d\n", siglen);
 #endif
@@ -130,7 +139,11 @@
 
 
 static int
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+update(EVP_MD_CTX *ctx, const void *data, size_t count) {
+#else
 update(EVP_MD_CTX *ctx, const void *data, unsigned long count) {
+#endif
 	return(SHA1_Update(ctx->md_data, data, count));
 }
 
@@ -174,6 +187,9 @@
 	EVP_PKEY_DSARAW_method,
 	SHA_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(SHA_CTX),
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	NULL /*md_ctrl*/
+#endif
 };
 
 
diff -ruN openssh-5.2p1+x509-6.2/umac.c openssh-5.2p1+x509-6.2.1/umac.c
--- openssh-5.2p1+x509-6.2/umac.c	2008-07-14 05:04:43.000000000 +0300
+++ openssh-5.2p1+x509-6.2.1/umac.c	2009-08-03 09:06:01.000000000 +0300
@@ -123,7 +123,7 @@
 /* --- Endian Conversion --- Forcing assembly on some platforms           */
 /* ---------------------------------------------------------------------- */
 
-#if HAVE_SWAP32
+#ifdef HAVE_SWAP32
 #define LOAD_UINT32_REVERSED(p)		(swap32(*(UINT32 *)(p)))
 #define STORE_UINT32_REVERSED(p,v) 	(*(UINT32 *)(p) = swap32(v))
 #else /* HAVE_SWAP32 */
diff -ruN openssh-5.2p1+x509-6.2/x509store.c openssh-5.2p1+x509-6.2.1/x509store.c
--- openssh-5.2p1+x509-6.2/x509store.c	2009-01-21 23:04:07.000000000 +0200
+++ openssh-5.2p1+x509-6.2.1/x509store.c	2009-08-03 01:09:06.000000000 +0300
@@ -59,6 +59,22 @@
 
 #ifndef SSH_X509STORE_DISABLED
 static X509_STORE	*x509store = NULL;
+
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+/* void X509_STORE_CTX_init() */
+static int ssh_X509_STORE_CTX_init (
+	X509_STORE_CTX *ctx,
+	X509_STORE *store,
+	X509 *x509,
+	STACK_OF(X509) *chain)
+{
+	X509_STORE_CTX_init(ctx, store, x509, chain);
+	return(1);
+}
+
+#define X509_STORE_CTX_init ssh_X509_STORE_CTX_init
+#endif
+
 #if 1
 #  define SSH_CHECK_REVOKED
 #endif