2018-11-16 16:33 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)

* contrib/hbssl/bio.c * contrib/hbssl/err.c * contrib/hbssl/evp.c * contrib/hbssl/evpciph.c * contrib/hbssl/evpenc.c * contrib/hbssl/evpmd.c * contrib/hbssl/evppkey.c * contrib/hbssl/hbssl.ch * contrib/hbssl/hbssl.h * contrib/hbssl/hbssl.hbx * contrib/hbssl/pem.c * contrib/hbssl/rand.c * contrib/hbssl/ssl.c * contrib/hbssl/ssl_hb.c * contrib/hbssl/ssl_inet.c * contrib/hbssl/ssl_sock.c * contrib/hbssl/sslciph.c * contrib/hbssl/sslctx.c * contrib/hbssl/sslsess.c * contrib/hbssl/x509.c * synced with Viktor's 3.4 branch and updated to OpenSSL 1.1 * include/hbsocket.h * src/rtl/hbsocket.c + added new C function: HB_U16 hb_socketNToHS( HB_U16 netshort ) * include/hbapiitm.h * src/vm/itemapi.c + added new C functions: const char * hb_itemGetCRef( PHB_ITEM pItem, void ** phRef, HB_SIZE * pnLen ); void hb_itemFreeCRef( void * hRef ); hb_itemGetCRef() locks string inside character item so it cannot be released when item is cleared an hb_itemFreeCRef() unlocks it and free if item holding it was cleared.
2018-11-16 16:33:28 +01:00
parent 8230fcc258
commit 611a7ac281
25 changed files with 679 additions and 368 deletions
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -7,6 +7,44 @@
   Entries may not always be in chronological/commit order.
   See license at the end of file. */
 2018-11-16 16:33 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
  * contrib/hbssl/bio.c
  * contrib/hbssl/err.c
  * contrib/hbssl/evp.c
  * contrib/hbssl/evpciph.c
  * contrib/hbssl/evpenc.c
  * contrib/hbssl/evpmd.c
  * contrib/hbssl/evppkey.c
  * contrib/hbssl/hbssl.ch
  * contrib/hbssl/hbssl.h
  * contrib/hbssl/hbssl.hbx
  * contrib/hbssl/pem.c
  * contrib/hbssl/rand.c
  * contrib/hbssl/ssl.c
  * contrib/hbssl/ssl_hb.c
  * contrib/hbssl/ssl_inet.c
  * contrib/hbssl/ssl_sock.c
  * contrib/hbssl/sslciph.c
  * contrib/hbssl/sslctx.c
  * contrib/hbssl/sslsess.c
  * contrib/hbssl/x509.c
    * synced with Viktor's 3.4 branch and updated to OpenSSL 1.1
  * include/hbsocket.h
  * src/rtl/hbsocket.c
    + added new C function:
         HB_U16 hb_socketNToHS( HB_U16 netshort )
  * include/hbapiitm.h
  * src/vm/itemapi.c
    + added new C functions:
         const char * hb_itemGetCRef( PHB_ITEM pItem, void ** phRef,
                                      HB_SIZE * pnLen );
         void hb_itemFreeCRef( void * hRef );
      hb_itemGetCRef() locks string inside character item so it cannot be
      released when item is cleared an hb_itemFreeCRef() unlocks it and
      free if item holding it was cleared.
 2018-09-14 15:36 UTC+0200 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
  * include/harbour.hbx
  * include/hbchksum.h
--- a/contrib/hbssl/bio.c
+++ b/contrib/hbssl/bio.c
@@ -1,7 +1,7 @@
 /*
 * OpenSSL API (BIO) - Harbour interface.
 *
- * Copyright 2009 Viktor Szakats (vszakats.net/harbour)
+ * Copyright 2009-2016 Viktor Szakats (vszakats.net/harbour)
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -44,34 +44,32 @@
 *
 */
 #include "hbapi.h"
 #include "hbapiitm.h"
 #include "hbapierr.h"
 #include "hbssl.h"
 #include "hbapiitm.h"
 /* */
 typedef struct
 {
   BIO *    bio;
-   char *   pszBuffer;
+   void *   hStrRef;
 } HB_BIO, * PHB_BIO;
-static PHB_BIO PHB_BIO_create( BIO * bio, char * pszBuffer )
+static PHB_BIO PHB_BIO_create( BIO * bio, void * hStrRef )
 {
   PHB_BIO hb_bio = ( PHB_BIO ) hb_xgrab( sizeof( HB_BIO ) );
   hb_bio->bio       = bio;
-   hb_bio->pszBuffer = pszBuffer;
+   hb_bio->hStrRef   = hStrRef;
   return hb_bio;
 }
 static void PHB_BIO_free( PHB_BIO hb_bio )
 {
-   if( hb_bio->pszBuffer )
+   if( hb_bio->hStrRef )
-      hb_itemFreeC( hb_bio->pszBuffer );
+      hb_itemFreeCRef( hb_bio->hStrRef );
   hb_xfree( hb_bio );
 }
@@ -107,32 +105,40 @@ BIO * hb_BIO_par( int iParam )
   return ptr ? ( *ptr )->bio : NULL;
 }
-void * hb_BIO_is( int iParam )
+HB_BOOL hb_BIO_is( int iParam )
 {
   HB_BIO ** ptr = ( HB_BIO ** ) hb_parptrGC( &s_gcBIOFuncs, iParam );
-   return ptr ? ( *ptr )->bio : NULL;
+   return ptr && ( *ptr )->bio;
 }
-static void hb_BIO_ret( BIO * bio, char * pszBuffer )
+static void hb_BIO_ret( BIO * bio, void * hStrRef )
 {
   HB_BIO ** ptr = ( HB_BIO ** ) hb_gcAllocate( sizeof( HB_BIO * ), &s_gcBIOFuncs );
-   *ptr = PHB_BIO_create( bio, pszBuffer );
+   *ptr = PHB_BIO_create( bio, hStrRef );
   hb_retptrGC( ( void * ) ptr );
 }
 /* */
-static int hb_BIO_METHOD_is( int iParam )
+static HB_BOOL hb_BIO_METHOD_is( int iParam )
 {
   return HB_ISCHAR( iParam );
 }
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
 static const BIO_METHOD * hb_BIO_METHOD_par( int iParam )
 #else
 static BIO_METHOD * hb_BIO_METHOD_par( int iParam )
 #endif
 {
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
   const BIO_METHOD * p;
 #else
   BIO_METHOD * p;
 #endif
   switch( hb_parni( iParam ) )
   {
@@ -215,7 +221,12 @@ HB_FUNC( BIO_SET )
   BIO * bio = hb_BIO_par( 1 );
   if( bio && hb_BIO_METHOD_is( 2 ) )
 #if OPENSSL_VERSION_NUMBER < 0x10100000L || \
    defined( LIBRESSL_VERSION_NUMBER )
      hb_retni( BIO_set( bio, hb_BIO_METHOD_par( 2 ) ) );
 #else
      hb_retni( 0 );
 #endif
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
@@ -506,9 +517,11 @@ HB_FUNC( BIO_NEW_MEM_BUF )
   if( pBuffer )
   {
-      char * pszBuffer = hb_itemGetC( pBuffer );
+      void * hStrRef;
      HB_SIZE nLen;
      const char * pszBuffer = hb_itemGetCRef( pBuffer, &hStrRef, &nLen );
-      hb_BIO_ret( BIO_new_mem_buf( pszBuffer, ( int ) hb_itemGetCLen( pBuffer ) ), pszBuffer );
+      hb_BIO_ret( BIO_new_mem_buf( HB_UNCONST( pszBuffer ), ( int ) nLen ), hStrRef );
   }
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
@@ -599,43 +612,35 @@ HB_FUNC( BIO_PUTS )
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
 HB_FUNC( BIO_VFREE )
 {
   BIO * bio = hb_BIO_par( 1 );
   if( bio )
      BIO_vfree( bio );
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
 HB_FUNC( BIO_FREE )
 {
-   BIO * bio = hb_BIO_par( 1 );
+   void ** ph = ( void ** ) hb_parptrGC( &s_gcBIOFuncs, 1 );
-   if( bio )
+   if( ph )
-      hb_retni( BIO_free( bio ) );
+   {
      BIO * bio = ( BIO * ) *ph;
      *ph = NULL;
      hb_retni( bio ? BIO_free( bio ) : 0 );
   }
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
-HB_FUNC( BIO_FREE_ALL )
+HB_FUNC_TRANSLATE( BIO_VFREE, BIO_FREE )
-{
+HB_FUNC_TRANSLATE( BIO_FREE_ALL, BIO_FREE )  /* These wrappers don't allow to create chained BIOs, so this is valid. */
   BIO * bio = hb_BIO_par( 1 );
   if( bio )
      BIO_free_all( bio );
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
 /* --- connect --- */
 HB_FUNC( BIO_NEW_CONNECT )
 {
   if( HB_ISCHAR( 1 ) )
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L && \
    ! defined( LIBRESSL_VERSION_NUMBER )
      hb_BIO_ret( BIO_new_connect( hb_parc( 1 ) ), NULL );
 #else
      /* NOTE: Discarding 'const', OpenSSL will strdup() */
      hb_BIO_ret( BIO_new_connect( ( char * ) HB_UNCONST( hb_parc( 1 ) ) ), NULL );
 #endif
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
@@ -643,8 +648,13 @@ HB_FUNC( BIO_NEW_CONNECT )
 HB_FUNC( BIO_NEW_ACCEPT )
 {
   if( HB_ISCHAR( 1 ) )
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L && \
    ! defined( LIBRESSL_VERSION_NUMBER )
      hb_BIO_ret( BIO_new_accept( hb_parc( 1 ) ), NULL );
 #else
      /* NOTE: Discarding 'const', OpenSSL will strdup() */
      hb_BIO_ret( BIO_new_accept( ( char * ) HB_UNCONST( hb_parc( 1 ) ) ), NULL );
 #endif
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
@@ -654,7 +664,7 @@ HB_FUNC( BIO_SET_CONN_HOSTNAME )
   BIO * bio = hb_BIO_par( 1 );
   if( bio && HB_ISCHAR( 2 ) )
-      hb_retnl( BIO_set_conn_hostname( bio, hb_parc( 2 ) ) );
+      hb_retnl( BIO_set_conn_hostname( bio, HB_UNCONST( hb_parc( 2 ) ) ) );
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
@@ -664,7 +674,7 @@ HB_FUNC( BIO_SET_CONN_PORT )
   BIO * bio = hb_BIO_par( 1 );
   if( bio && HB_ISCHAR( 2 ) )
-      hb_retnl( BIO_set_conn_port( bio, hb_parc( 2 ) ) );
+      hb_retnl( BIO_set_conn_port( bio, HB_UNCONST( hb_parc( 2 ) ) ) );
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
@@ -687,7 +697,17 @@ HB_FUNC( BIO_SET_CONN_IP )
   BIO * bio = hb_BIO_par( 1 );
   if( bio && HB_ISCHAR( 2 ) && hb_parclen( 2 ) == 4 )
-      hb_retnl( BIO_set_conn_ip( bio, hb_parc( 2 ) ) );
+   {
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
      HB_SYMBOL_UNUSED( bio );  /* TODO: reimplement using BIO_set_conn_address() */
      hb_retnl( 0 );
 #else
      if( hb_parclen( 2 ) == 4 )
         hb_retnl( BIO_set_conn_ip( bio, HB_UNCONST( hb_parc( 2 ) ) ) );
      else
         hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 #endif
   }
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
@@ -717,22 +737,38 @@ HB_FUNC( BIO_GET_CONN_IP )
   BIO * bio = hb_BIO_par( 1 );
   if( bio )
-#if OPENSSL_VERSION_NUMBER >= 0x00906040L
+   {
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
      HB_SYMBOL_UNUSED( bio );  /* TODO: reimplement using BIO_get_conn_address() */
      hb_retc_null();
 #elif OPENSSL_VERSION_NUMBER >= 0x00906040L
      hb_retc( BIO_get_conn_ip( bio ) );
 #else
      hb_retc( BIO_get_conn_ip( bio, 0 ) );
 #endif
   }
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
 HB_FUNC( BIO_GET_CONN_INT_PORT )
 {
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L  /* fixed here: https://rt.openssl.org/Ticket/Display.html?id=1989 */
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L  /* fixed here: https://rt.openssl.org/Ticket/Display.html?id=1989&user=guest&pass=guest */
   BIO * bio = hb_BIO_par( 1 );
   if( bio )
   {
 #if OPENSSL_VERSION_NUMBER == 0x1000206fL /* 1.0.2f */ || \
    OPENSSL_VERSION_NUMBER == 0x1000112fL /* 1.0.1r */
      /* Fix for header regression */
      hb_retnl( BIO_ctrl( bio, BIO_C_GET_CONNECT, 3, NULL ) );
 #elif OPENSSL_VERSION_NUMBER >= 0x10101000L
      const BIO_ADDR * ba = BIO_get_conn_address( bio );
      hb_retnl( ba ? hb_socketNToHS( BIO_ADDR_rawport( ba ) ) : 0 );
 #else
      hb_retnl( BIO_get_conn_int_port( bio ) );
 #endif
   }
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 #else
--- a/contrib/hbssl/err.c
+++ b/contrib/hbssl/err.c
@@ -44,9 +44,6 @@
 *
 */
 #include "hbapi.h"
 #include "hbapierr.h"
 #include "hbssl.h"
 #include <openssl/err.h>
--- a/contrib/hbssl/evp.c
+++ b/contrib/hbssl/evp.c
@@ -44,9 +44,6 @@
 *
 */
 #include "hbapi.h"
 #include "hbapierr.h"
 #include "hbssl.h"
 #include <openssl/evp.h>
--- a/contrib/hbssl/evpciph.c
+++ b/contrib/hbssl/evpciph.c
@@ -1,7 +1,7 @@
 /*
 * OpenSSL API (EVP CIPHER) - Harbour interface.
 *
- * Copyright 2009 Viktor Szakats (vszakats.net/harbour)
+ * Copyright 2009-2016 Viktor Szakats (vszakats.net/harbour)
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -44,12 +44,10 @@
 *
 */
 #include "hbapi.h"
 #include "hbapierr.h"
 #include "hbapiitm.h"
 #include "hbssl.h"
 #include "hbapiitm.h"
 #include <openssl/evp.h>
 HB_FUNC( OPENSSL_ADD_ALL_CIPHERS )
@@ -64,10 +62,14 @@ static HB_GARBAGE_FUNC( EVP_CIPHER_CTX_release )
   /* Check if pointer is not NULL to avoid multiple freeing */
   if( ph && *ph )
   {
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
      EVP_CIPHER_CTX_free( ( EVP_CIPHER_CTX * ) *ph );
 #else
      /* Cleanup the object */
      EVP_CIPHER_CTX_cleanup( ( EVP_CIPHER_CTX * ) *ph );
      /* Destroy the object */
      hb_xfree( *ph );
 #endif
      /* set pointer to NULL just in case */
      *ph = NULL;
@@ -80,9 +82,9 @@ static const HB_GC_FUNCS s_gcEVP_CIPHER_CTX_funcs =
   hb_gcDummyMark
 };
-static void * hb_EVP_CIPHER_CTX_is( int iParam )
+static HB_BOOL hb_EVP_CIPHER_CTX_is( int iParam )
 {
-   return hb_parptrGC( &s_gcEVP_CIPHER_CTX_funcs, iParam );
+   return hb_parptrGC( &s_gcEVP_CIPHER_CTX_funcs, iParam ) != NULL;
 }
 static EVP_CIPHER_CTX * hb_EVP_CIPHER_CTX_par( int iParam )
@@ -92,7 +94,7 @@ static EVP_CIPHER_CTX * hb_EVP_CIPHER_CTX_par( int iParam )
   return ph ? ( EVP_CIPHER_CTX * ) *ph : NULL;
 }
-int hb_EVP_CIPHER_is( int iParam )
+HB_BOOL hb_EVP_CIPHER_is( int iParam )
 {
   return HB_ISCHAR( iParam ) || HB_ISNUM( iParam );
 }
@@ -441,28 +443,28 @@ HB_FUNC( EVP_CIPHER_KEY_LENGTH )
   hb_retni( cipher ? EVP_CIPHER_key_length( cipher ) : 0 );
 }
-HB_FUNC( EVP_CIPHER_KEY_IV_LENGTH )
+HB_FUNC( EVP_CIPHER_IV_LENGTH )
 {
   const EVP_CIPHER * cipher = hb_EVP_CIPHER_par( 1 );
   hb_retni( cipher ? EVP_CIPHER_iv_length( cipher ) : 0 );
 }
-HB_FUNC( EVP_CIPHER_KEY_FLAGS )
+HB_FUNC( EVP_CIPHER_FLAGS )
 {
   const EVP_CIPHER * cipher = hb_EVP_CIPHER_par( 1 );
   hb_retnint( cipher ? EVP_CIPHER_flags( cipher ) : 0 );
 }
-HB_FUNC( EVP_CIPHER_KEY_MODE )
+HB_FUNC( EVP_CIPHER_MODE )
 {
   const EVP_CIPHER * cipher = hb_EVP_CIPHER_par( 1 );
 #if OPENSSL_VERSION_NUMBER < 0x00906040L
   /* fix for typo in macro definition in openssl/evp.h */
   #undef EVP_CIPHER_mode
-   #define EVP_CIPHER_mode(e)  ((e)->flags & EVP_CIPH_MODE)
+   #define EVP_CIPHER_mode( e )  ( ( e )->flags & EVP_CIPH_MODE )
 #endif
   hb_retni( cipher ? EVP_CIPHER_mode( cipher ) : 0 );
 }
@@ -474,45 +476,46 @@ HB_FUNC( EVP_CIPHER_TYPE )
   hb_retni( cipher ? EVP_CIPHER_type( cipher ) : 0 );
 }
-HB_FUNC( HB_EVP_CIPHER_CTX_CREATE )
+HB_FUNC( EVP_CIPHER_CTX_NEW )
 {
   void ** ph = ( void ** ) hb_gcAllocate( sizeof( EVP_CIPHER_CTX * ), &s_gcEVP_CIPHER_CTX_funcs );
   EVP_CIPHER_CTX * ctx;
-   EVP_CIPHER_CTX * ctx = ( EVP_CIPHER_CTX * ) hb_xgrab( sizeof( EVP_CIPHER_CTX ) );
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-
+   ctx = EVP_CIPHER_CTX_new();
 #else
   ctx = ( EVP_CIPHER_CTX * ) hb_xgrab( sizeof( EVP_CIPHER_CTX ) );
   EVP_CIPHER_CTX_init( ctx );
 #endif
   *ph = ctx;
   hb_retptrGC( ph );
 }
-HB_FUNC( EVP_CIPHER_CTX_INIT )
+HB_FUNC_TRANSLATE( HB_EVP_CIPHER_CTX_CREATE, EVP_CIPHER_CTX_NEW )
-{
+
-   if( hb_EVP_CIPHER_CTX_is( 1 ) )
+HB_FUNC( EVP_CIPHER_CTX_RESET )
   {
      EVP_CIPHER_CTX * ctx = hb_EVP_CIPHER_CTX_par( 1 );
      if( ctx )
         EVP_CIPHER_CTX_init( ctx );
   }
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
 HB_FUNC( EVP_CIPHER_CTX_CLEANUP )
 {
   if( hb_EVP_CIPHER_CTX_is( 1 ) )
   {
      EVP_CIPHER_CTX * ctx = hb_EVP_CIPHER_CTX_par( 1 );
      if( ctx )
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
    ! defined( LIBRESSL_VERSION_NUMBER )
         hb_retni( EVP_CIPHER_CTX_reset( ctx ) );
 #else
         hb_retni( EVP_CIPHER_CTX_cleanup( ctx ) );
 #endif
   }
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
 HB_FUNC_TRANSLATE( EVP_CIPHER_CTX_INIT, EVP_CIPHER_CTX_RESET )
 HB_FUNC_TRANSLATE( EVP_CIPHER_CTX_CLEANUP, EVP_CIPHER_CTX_RESET )
 HB_FUNC( EVP_CIPHER_CTX_SET_PADDING )
 {
   if( hb_EVP_CIPHER_CTX_is( 1 ) )
@@ -567,8 +570,8 @@ HB_FUNC( EVP_CIPHER_CTX_CTRL )
      if( ctx )
         /* NOTE: 4th param doesn't have a 'const' qualifier. This is a setter
                  function, so even if we do a copy, what sort of allocation
-                  routines to use? Probably an omission from OpenSSLs part. [vszakats] */
+                  routine to use? [vszakats] */
-         hb_retni( EVP_CIPHER_CTX_ctrl( ctx, hb_parni( 2 ), hb_parni( 3 ), ( void * ) hb_parc( 4 ) ) );
+         hb_retni( EVP_CIPHER_CTX_ctrl( ctx, hb_parni( 2 ), hb_parni( 3 ), ( void * ) HB_UNCONST( hb_parc( 4 ) ) ) );
   }
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
@@ -1232,10 +1235,9 @@ HB_FUNC( EVP_OPENFINAL )
 #if 0
-#define EVP_CIPHER_CTX_get_app_data( e )     ( ( e )->app_data )
+void * EVP_CIPHER_CTX_get_app_data( const EVP_CIPHER_CTX * ctx );
-#define EVP_CIPHER_CTX_set_app_data( e, d )  ( ( e )->app_data = ( char * ) ( d ) )
+void EVP_CIPHER_CTX_set_app_data( EVP_CIPHER_CTX * ctx, void * data );
-
+int EVP_CIPHER_param_to_asn1( EVP_CIPHER_CTX * ctx, ASN1_TYPE * type );
-int EVP_CIPHER_param_to_asn1( EVP_CIPHER_CTX * c, ASN1_TYPE * type );
+int EVP_CIPHER_asn1_to_param( EVP_CIPHER_CTX * ctx, ASN1_TYPE * type );
 int EVP_CIPHER_asn1_to_param( EVP_CIPHER_CTX * c, ASN1_TYPE * type );
 #endif
--- a/contrib/hbssl/evpenc.c
+++ b/contrib/hbssl/evpenc.c
@@ -1,7 +1,7 @@
 /*
 * OpenSSL API (EVP ENCODE) - Harbour interface.
 *
- * Copyright 2009 Viktor Szakats (vszakats.net/harbour)
+ * Copyright 2009-2016 Viktor Szakats (vszakats.net/harbour)
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -44,12 +44,10 @@
 *
 */
 #include "hbapi.h"
 #include "hbapierr.h"
 #include "hbapiitm.h"
 #include "hbssl.h"
 #include "hbapiitm.h"
 #include <openssl/evp.h>
 static HB_GARBAGE_FUNC( EVP_ENCODE_CTX_release )
@@ -59,8 +57,13 @@ static HB_GARBAGE_FUNC( EVP_ENCODE_CTX_release )
   /* Check if pointer is not NULL to avoid multiple freeing */
   if( ph && *ph )
   {
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
    ! defined( LIBRESSL_VERSION_NUMBER )
      EVP_ENCODE_CTX_free( ( EVP_ENCODE_CTX * ) *ph );
 #else
      /* Destroy the object */
      hb_xfree( *ph );
 #endif
      /* set pointer to NULL just in case */
      *ph = NULL;
@@ -73,9 +76,9 @@ static const HB_GC_FUNCS s_gcEVP_ENCODE_CTX_funcs =
   hb_gcDummyMark
 };
-static void * hb_EVP_ENCODE_CTX_is( int iParam )
+static HB_BOOL hb_EVP_ENCODE_CTX_is( int iParam )
 {
-   return hb_parptrGC( &s_gcEVP_ENCODE_CTX_funcs, iParam );
+   return hb_parptrGC( &s_gcEVP_ENCODE_CTX_funcs, iParam ) != NULL;
 }
 static EVP_ENCODE_CTX * hb_EVP_ENCODE_CTX_par( int iParam )
@@ -85,17 +88,25 @@ static EVP_ENCODE_CTX * hb_EVP_ENCODE_CTX_par( int iParam )
   return ph ? ( EVP_ENCODE_CTX * ) *ph : NULL;
 }
-HB_FUNC( HB_EVP_ENCODE_CTX_CREATE )
+HB_FUNC( EVP_ENCODE_CTX_NEW )
 {
   void ** ph = ( void ** ) hb_gcAllocate( sizeof( EVP_ENCODE_CTX * ), &s_gcEVP_ENCODE_CTX_funcs );
   EVP_ENCODE_CTX * ctx;
-   EVP_ENCODE_CTX * ctx = ( EVP_ENCODE_CTX * ) hb_xgrab( sizeof( EVP_ENCODE_CTX ) );
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
    ! defined( LIBRESSL_VERSION_NUMBER )
   ctx = EVP_ENCODE_CTX_new();
 #else
   ctx = ( EVP_ENCODE_CTX * ) hb_xgrabz( sizeof( EVP_ENCODE_CTX ) );
 #endif
   *ph = ctx;
   hb_retptrGC( ph );
 }
 HB_FUNC_TRANSLATE( HB_EVP_ENCODE_CTX_CREATE, EVP_ENCODE_CTX_NEW )
 HB_FUNC( EVP_ENCODEINIT )
 {
   if( hb_EVP_ENCODE_CTX_is( 1 ) )
@@ -119,12 +130,24 @@ HB_FUNC( EVP_ENCODEUPDATE )
      {
         int size = 512;
         unsigned char * buffer = ( unsigned char * ) hb_xgrab( size + 1 );
         int result;
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
    ! defined( LIBRESSL_VERSION_NUMBER )
         result = EVP_EncodeUpdate( ctx,
                           buffer,
                           &size,
                           ( HB_SSL_CONST unsigned char * ) hb_parcx( 3 ),
                           ( int ) hb_parclen( 3 ) );
 #else
         EVP_EncodeUpdate( ctx,
                           buffer,
                           &size,
                           ( HB_SSL_CONST unsigned char * ) hb_parcx( 3 ),
                           ( int ) hb_parclen( 3 ) );
         result = 1;  /* Success */
 #endif
         hb_retni( result );
         if( size > 0 )
         {
--- a/contrib/hbssl/evpmd.c
+++ b/contrib/hbssl/evpmd.c
@@ -1,7 +1,7 @@
 /*
 * OpenSSL API (EVP MD) - Harbour interface.
 *
- * Copyright 2009 Viktor Szakats (vszakats.net/harbour)
+ * Copyright 2009-2016 Viktor Szakats (vszakats.net/harbour)
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -44,14 +44,17 @@
 *
 */
 #include "hbapi.h"
 #include "hbapierr.h"
 #include "hbapiitm.h"
 #include "hbssl.h"
 #include "hbapiitm.h"
 #include <openssl/evp.h>
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
   #define EVP_MD_CTX_new   EVP_MD_CTX_create
   #define EVP_MD_CTX_free  EVP_MD_CTX_destroy
 #endif
 HB_FUNC( OPENSSL_ADD_ALL_DIGESTS )
 {
   OpenSSL_add_all_digests();
@@ -64,9 +67,11 @@ static HB_GARBAGE_FUNC( EVP_MD_CTX_release )
   /* Check if pointer is not NULL to avoid multiple freeing */
   if( ph && *ph )
   {
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
      /* Destroy the object */
 #if defined( LIBRESSL_VERSION_NUMBER )
      EVP_MD_CTX_destroy( ( EVP_MD_CTX * ) *ph );
 #elif OPENSSL_VERSION_NUMBER >= 0x00907000L
      EVP_MD_CTX_free( ( EVP_MD_CTX * ) *ph );
 #else
      hb_xfree( *ph );
 #endif
@@ -82,9 +87,9 @@ static const HB_GC_FUNCS s_gcEVP_MD_CTX_funcs =
   hb_gcDummyMark
 };
-static void * hb_EVP_MD_CTX_is( int iParam )
+static HB_BOOL hb_EVP_MD_CTX_is( int iParam )
 {
-   return hb_parptrGC( &s_gcEVP_MD_CTX_funcs, iParam );
+   return hb_parptrGC( &s_gcEVP_MD_CTX_funcs, iParam ) != NULL;
 }
 static EVP_MD_CTX * hb_EVP_MD_CTX_par( int iParam )
@@ -94,7 +99,7 @@ static EVP_MD_CTX * hb_EVP_MD_CTX_par( int iParam )
   return ph ? ( EVP_MD_CTX * ) *ph : NULL;
 }
-int hb_EVP_MD_is( int iParam )
+HB_BOOL hb_EVP_MD_is( int iParam )
 {
   return HB_ISCHAR( iParam ) || HB_ISNUM( iParam );
 }
@@ -119,14 +124,19 @@ const EVP_MD * hb_EVP_MD_par( int iParam )
      case HB_EVP_MD_MD5:        p = EVP_md5();       break;
 #endif
 #ifndef OPENSSL_NO_SHA
 #if OPENSSL_VERSION_NUMBER < 0x10100000L && \
    ! defined( LIBRESSL_VERSION_NUMBER )
      case HB_EVP_MD_SHA:        p = EVP_sha();       break;
 #endif
      case HB_EVP_MD_SHA1:       p = EVP_sha1();      break;
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
      case HB_EVP_MD_DSS:        p = EVP_dss();       break;
      case HB_EVP_MD_DSS1:       p = EVP_dss1();      break;
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L && ! defined( HB_OPENSSL_OLD_OSX_ )
      case HB_EVP_MD_ECDSA:      p = EVP_ecdsa();     break;
 #endif
 #endif
 #endif
 #ifndef OPENSSL_NO_SHA256
      case HB_EVP_MD_SHA224:     p = EVP_sha224();    break;
      case HB_EVP_MD_SHA256:     p = EVP_sha256();    break;
@@ -162,11 +172,17 @@ static int hb_EVP_MD_ptr_to_id( const EVP_MD * p )
   else if( p == EVP_md5()       ) n = HB_EVP_MD_MD5;
 #endif
 #ifndef OPENSSL_NO_SHA
 #if OPENSSL_VERSION_NUMBER < 0x10100000L && \
    ! defined( LIBRESSL_VERSION_NUMBER )
   else if( p == EVP_sha()       ) n = HB_EVP_MD_SHA;
 #endif
   else if( p == EVP_sha1()      ) n = HB_EVP_MD_SHA1;
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
   else if( p == EVP_dss()       ) n = HB_EVP_MD_DSS;
   else if( p == EVP_dss1()      ) n = HB_EVP_MD_DSS1;
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L && ! defined( HB_OPENSSL_OLD_OSX_ )
+#endif
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L && \
    OPENSSL_VERSION_NUMBER < 0x10100000L && ! defined( HB_OPENSSL_OLD_OSX_ )
   else if( p == EVP_ecdsa()     ) n = HB_EVP_MD_ECDSA;
 #endif
 #endif
@@ -244,14 +260,16 @@ HB_FUNC( EVP_MD_BLOCK_SIZE )
   hb_retni( md ? EVP_MD_block_size( md ) : 0 );
 }
-HB_FUNC( EVP_MD_CTX_CREATE )
+HB_FUNC( EVP_MD_CTX_NEW )
 {
   void ** ph = ( void ** ) hb_gcAllocate( sizeof( EVP_MD_CTX * ), &s_gcEVP_MD_CTX_funcs );
   EVP_MD_CTX * ctx;
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L && \
-   EVP_MD_CTX * ctx = EVP_MD_CTX_create();
+    ! defined( LIBRESSL_VERSION_NUMBER )
   ctx = EVP_MD_CTX_new();
 #else
-   EVP_MD_CTX * ctx = ( EVP_MD_CTX * ) hb_xgrabz( sizeof( EVP_MD_CTX ) );
+   ctx = ( EVP_MD_CTX * ) hb_xgrabz( sizeof( EVP_MD_CTX ) );
 #endif
   *ph = ctx;
@@ -259,22 +277,9 @@ HB_FUNC( EVP_MD_CTX_CREATE )
   hb_retptrGC( ph );
 }
-HB_FUNC( EVP_MD_CTX_INIT )
+HB_FUNC_TRANSLATE( EVP_MD_CTX_CREATE, EVP_MD_CTX_NEW )
 {
   if( hb_EVP_MD_CTX_is( 1 ) )
   {
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
      EVP_MD_CTX * ctx = hb_EVP_MD_CTX_par( 1 );
-      if( ctx )
+HB_FUNC( EVP_MD_CTX_RESET )
         EVP_MD_CTX_init( ctx );
 #endif
   }
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
 HB_FUNC( EVP_MD_CTX_CLEANUP )
 {
   if( hb_EVP_MD_CTX_is( 1 ) )
   {
@@ -282,7 +287,11 @@ HB_FUNC( EVP_MD_CTX_CLEANUP )
      if( ctx )
      {
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+#if defined( LIBRESSL_VERSION_NUMBER )
         hb_retni( EVP_MD_CTX_cleanup( ctx ) );
 #elif OPENSSL_VERSION_NUMBER >= 0x10100000L
         hb_retni( EVP_MD_CTX_reset( ctx ) );
 #elif OPENSSL_VERSION_NUMBER >= 0x00907000L
         hb_retni( EVP_MD_CTX_cleanup( ctx ) );
 #else
         hb_retni( 0 );
@@ -293,6 +302,9 @@ HB_FUNC( EVP_MD_CTX_CLEANUP )
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
 HB_FUNC_TRANSLATE( EVP_MD_CTX_INIT, EVP_MD_CTX_RESET )
 HB_FUNC_TRANSLATE( EVP_MD_CTX_CLEANUP, EVP_MD_CTX_RESET )
 HB_FUNC( EVP_MD_CTX_MD )
 {
   if( hb_EVP_MD_CTX_is( 1 ) )
--- a/contrib/hbssl/evppkey.c
+++ b/contrib/hbssl/evppkey.c
@@ -44,12 +44,10 @@
 *
 */
 #include "hbapi.h"
 #include "hbapierr.h"
 #include "hbapiitm.h"
 #include "hbssl.h"
 #include "hbapiitm.h"
 #include <openssl/evp.h>
 static HB_GARBAGE_FUNC( EVP_PKEY_release )
@@ -73,9 +71,9 @@ static const HB_GC_FUNCS s_gcEVP_PKEY_funcs =
   hb_gcDummyMark
 };
-void * hb_EVP_PKEY_is( int iParam )
+HB_BOOL hb_EVP_PKEY_is( int iParam )
 {
-   return hb_parptrGC( &s_gcEVP_PKEY_funcs, iParam );
+   return hb_parptrGC( &s_gcEVP_PKEY_funcs, iParam ) != NULL;
 }
 EVP_PKEY * hb_EVP_PKEY_par( int iParam )
--- a/contrib/hbssl/hbssl.ch
+++ b/contrib/hbssl/hbssl.ch
@@ -60,15 +60,24 @@
 #define HB_SSL_CTX_NEW_METHOD_TLSV1                         6
 #define HB_SSL_CTX_NEW_METHOD_TLSV1_SERVER                  7
 #define HB_SSL_CTX_NEW_METHOD_TLSV1_CLIENT                  8
-#define HB_SSL_CTX_NEW_METHOD_SSLV23                        9
+#define HB_SSL_CTX_NEW_METHOD_TLS                           9
-#define HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER                 10
+#define HB_SSL_CTX_NEW_METHOD_TLS_SERVER                    10
-#define HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT                 11
+#define HB_SSL_CTX_NEW_METHOD_TLS_CLIENT                    11
 #define HB_SSL_CTX_NEW_METHOD_SSLV23                        HB_SSL_CTX_NEW_METHOD_TLS
 #define HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER                 HB_SSL_CTX_NEW_METHOD_TLS_SERVER
 #define HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT                 HB_SSL_CTX_NEW_METHOD_TLS_CLIENT
-#define HB_SSLEAY_VERSION                                   0
+#define HB_OPENSSL_VERSION                                  0
-#define HB_SSLEAY_CFLAGS                                    1
+#define HB_OPENSSL_CFLAGS                                   1
-#define HB_SSLEAY_BUILT_ON                                  2
+#define HB_OPENSSL_BUILT_ON                                 2
-#define HB_SSLEAY_PLATFORM                                  3
+#define HB_OPENSSL_PLATFORM                                 3
-#define HB_SSLEAY_DIR                                       4
+#define HB_OPENSSL_DIR                                      4
 #define HB_SSLEAY_VERSION                                   HB_OPENSSL_VERSION
 #define HB_SSLEAY_CFLAGS                                    HB_OPENSSL_CFLAGS
 #define HB_SSLEAY_BUILT_ON                                  HB_OPENSSL_BUILT_ON
 #define HB_SSLEAY_PLATFORM                                  HB_OPENSSL_PLATFORM
 #define HB_SSLEAY_DIR                                       HB_OPENSSL_DIR
 #define HB_SSL_ERROR_NONE                                   0
 #define HB_SSL_ERROR_SSL                                    1
@@ -105,6 +114,8 @@
 #define HB_SSL_OP_NO_SSLv2                                  0x01000000
 #define HB_SSL_OP_NO_SSLv3                                  0x02000000
 #define HB_SSL_OP_NO_TLSv1                                  0x04000000
 #define HB_SSL_OP_NO_TLSv1_2                                0x08000000
 #define HB_SSL_OP_NO_TLSv1_1                                0x10000000
 #define HB_SSL_OP_PKCS1_CHECK_1                             0x08000000
 #define HB_SSL_OP_PKCS1_CHECK_2                             0x10000000
 #define HB_SSL_OP_NETSCAPE_CA_DN_BUG                        0x20000000
--- a/contrib/hbssl/hbssl.h
+++ b/contrib/hbssl/hbssl.h
@@ -48,6 +48,7 @@
 #define HBSSL_H_
 #include "hbapi.h"
 #include "hbapierr.h"
 #include "hbsocket.h"
 #if defined( HB_OS_WIN )
@@ -156,6 +157,14 @@
   #define SSL_get_wfd  SSL_get_fd
 #endif
 #if ! defined( OPENSSL_VERSION )
   #define OPENSSL_VERSION   SSLEAY_VERSION
   #define OPENSSL_CFLAGS    SSLEAY_CFLAGS
   #define OPENSSL_BUILT_ON  SSLEAY_BUILT_ON
   #define OPENSSL_PLATFORM  SSLEAY_PLATFORM
   #define OPENSSL_DIR       SSLEAY_DIR
 #endif
 /* use macro to pacify warnings with missing 'const' in some function
   declarations in OpenSSL prior 0.9.8 */
 #if OPENSSL_VERSION_NUMBER < 0x0090800fL
@@ -183,31 +192,31 @@ extern long               hb_ssl_socketWrite( PHB_SSLSTREAM pStream, HB_SOCKET s
 extern const SSL_METHOD * hb_ssl_method_id_to_ptr( int n );
-extern void *             hb_BIO_is( int iParam );
+extern HB_BOOL            hb_BIO_is( int iParam );
 extern BIO *              hb_BIO_par( int iParam );
-extern void *             hb_SSL_CTX_is( int iParam );
+extern HB_BOOL            hb_SSL_CTX_is( int iParam );
 extern SSL_CTX *          hb_SSL_CTX_par( int iParam );
 extern SSL_CTX *          hb_SSL_CTX_itemGet( PHB_ITEM pItem );
-extern void *             hb_SSL_is( int iParam );
+extern HB_BOOL            hb_SSL_is( int iParam );
 extern SSL *              hb_SSL_par( int iParam );
 extern SSL *              hb_SSL_itemGet( PHB_ITEM pItem );
-extern void *             hb_SSL_SESSION_is( int iParam );
+extern HB_BOOL            hb_SSL_SESSION_is( int iParam );
 extern SSL_SESSION *      hb_SSL_SESSION_par( int iParam );
-extern void *             hb_X509_is( int iParam );
+extern HB_BOOL            hb_X509_is( int iParam );
 extern X509 *             hb_X509_par( int iParam );
 extern void               hb_X509_ret( X509 * x509, HB_BOOL fRelease );
-extern int                hb_EVP_MD_is( int iParam );
+extern HB_BOOL            hb_EVP_MD_is( int iParam );
 extern const EVP_MD *     hb_EVP_MD_par( int iParam );
-extern int                hb_EVP_CIPHER_is( int iParam );
+extern HB_BOOL            hb_EVP_CIPHER_is( int iParam );
 extern const EVP_CIPHER * hb_EVP_CIPHER_par( int iParam );
-extern void *             hb_EVP_PKEY_is( int iParam );
+extern HB_BOOL            hb_EVP_PKEY_is( int iParam );
 extern EVP_PKEY *         hb_EVP_PKEY_par( int iParam );
 extern void               hb_EVP_PKEY_ret( EVP_PKEY * pkey );
--- a/contrib/hbssl/hbssl.hbx
+++ b/contrib/hbssl/hbssl.hbx
@@ -102,12 +102,14 @@ DYNAMIC EVP_CIPHER_CTX_cleanup
 DYNAMIC EVP_CIPHER_CTX_ctrl
 DYNAMIC EVP_CIPHER_CTX_init
 DYNAMIC EVP_CIPHER_CTX_key_length
 DYNAMIC EVP_CIPHER_CTX_new
 DYNAMIC EVP_CIPHER_CTX_reset
 DYNAMIC EVP_CIPHER_CTX_set_key_length
 DYNAMIC EVP_CIPHER_CTX_set_padding
-DYNAMIC EVP_CIPHER_KEY_FLAGS
+DYNAMIC EVP_CIPHER_flags
-DYNAMIC EVP_CIPHER_KEY_IV_LENGTH
+DYNAMIC EVP_CIPHER_iv_length
 DYNAMIC EVP_CIPHER_key_length
-DYNAMIC EVP_CIPHER_KEY_MODE
+DYNAMIC EVP_CIPHER_mode
 DYNAMIC EVP_CIPHER_nid
 DYNAMIC EVP_CIPHER_type
 DYNAMIC EVP_cleanup
@@ -127,6 +129,7 @@ DYNAMIC EVP_DigestUpdate
 DYNAMIC EVP_EncodeFinal
 DYNAMIC EVP_EncodeInit
 DYNAMIC EVP_EncodeUpdate
 DYNAMIC EVP_ENCODE_CTX_new
 DYNAMIC EVP_EncryptFinal
 DYNAMIC EVP_EncryptFinal_ex
 DYNAMIC EVP_EncryptInit
@@ -143,6 +146,8 @@ DYNAMIC EVP_MD_CTX_copy_ex
 DYNAMIC EVP_MD_CTX_create
 DYNAMIC EVP_MD_CTX_init
 DYNAMIC EVP_MD_CTX_md
 DYNAMIC EVP_MD_CTX_new
 DYNAMIC EVP_MD_CTX_reset
 DYNAMIC EVP_MD_nid
 DYNAMIC EVP_MD_pkey_type
 DYNAMIC EVP_MD_size
@@ -176,15 +181,19 @@ DYNAMIC hb_inetSSL_accept
 DYNAMIC hb_inetSSL_connect
 DYNAMIC hb_socketNewSSL_accept
 DYNAMIC hb_socketNewSSL_connect
 DYNAMIC hb_SSL_APPLINK
 DYNAMIC hb_SSL_connect_inet
 DYNAMIC hb_SSL_connect_socket
 DYNAMIC hb_SSL_new
 DYNAMIC hb_SSL_read_all
 DYNAMIC hb_SSL_read_line
 DYNAMIC hb_SSL_STATIC
 DYNAMIC OpenSSL_add_all_algorithms
 DYNAMIC OpenSSL_add_all_ciphers
 DYNAMIC OpenSSL_add_all_digests
-DYNAMIC OPENSSL_VERSION
+DYNAMIC OpenSSL_version
 DYNAMIC OpenSSL_version_num
 DYNAMIC OPENSSL_VERSION_NUMBER
 DYNAMIC PEM_READ_BIO_DHPARAMS
 DYNAMIC PEM_READ_BIO_DSAPARAMS
 DYNAMIC PEM_READ_BIO_DSAPRIVATEKEY
@@ -205,11 +214,12 @@ DYNAMIC PEM_READ_X509
 DYNAMIC PEM_READ_X509_AUX
 DYNAMIC RAND_add
 DYNAMIC RAND_event
 DYNAMIC RAND_poll
 DYNAMIC RAND_screen
 DYNAMIC RAND_seed
 DYNAMIC RAND_status
 DYNAMIC SSLeay
-DYNAMIC SSLeay_version
+DYNAMIC SSLEAY_VERSION
 DYNAMIC SSL_accept
 DYNAMIC SSL_add_client_CA
 DYNAMIC SSL_alert_desc_string
--- a/contrib/hbssl/pem.c
+++ b/contrib/hbssl/pem.c
@@ -1,7 +1,7 @@
 /*
 * OpenSSL API (PEM) - Harbour interface.
 *
- * Copyright 2009 Viktor Szakats (vszakats.net/harbour)
+ * Copyright 2009-2016 Viktor Szakats (vszakats.net/harbour)
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -44,13 +44,12 @@
 *
 */
-#include "hbapi.h"
+#include "hbssl.h"
-#include "hbapierr.h"
+
 #include "hbapifs.h"
 #include "hbapiitm.h"
 #include "hbvm.h"
 #include "hbssl.h"
 typedef enum
 {
   hb_PEM_X509,
@@ -124,7 +123,7 @@ static void hb_PEM_read_bio( PEM_READ_BIO * func, HB_PEM_TYPES type )
      else
      {
         cb = NULL;
-         cargo = ( void * ) hb_parc( 2 ); /* NOTE: Dropping 'const' qualifier. [vszakats] */
+         cargo = HB_UNCONST( hb_parc( 2 ) );  /* NOTE: Discarding 'const' qualifier, OpenSSL will memcpy() it */
      }
      result = ( *func )( bio, NULL, cb, cargo );
@@ -176,22 +175,22 @@ HB_FUNC( PEM_READ_PUBKEY            ) { hb_PEM_read_bio( ( PEM_READ_BIO * ) PEM_
 #if 0
-int        PEM_write_bio_RSAPrivateKey(      BIO * bp, RSA      * x, const EVP_CIPHER * enc, unsigned char * kstr, int klen, pem_password_cb * cb, void * u );
+int PEM_write_bio_RSAPrivateKey(       BIO * bp, RSA      * x, const EVP_CIPHER * enc, unsigned char * kstr, int klen, pem_password_cb * cb, void * u );
-int        PEM_write_bio_DSAPrivateKey(      BIO * bp, DSA      * x, const EVP_CIPHER * enc, unsigned char * kstr, int klen, pem_password_cb * cb, void * u );
+int PEM_write_bio_DSAPrivateKey(       BIO * bp, DSA      * x, const EVP_CIPHER * enc, unsigned char * kstr, int klen, pem_password_cb * cb, void * u );
-int        PEM_write_bio_PrivateKey(         BIO * bp, EVP_PKEY * x, const EVP_CIPHER * enc, unsigned char * kstr, int klen, pem_password_cb * cb, void * u );
+int PEM_write_bio_PrivateKey(          BIO * bp, EVP_PKEY * x, const EVP_CIPHER * enc, unsigned char * kstr, int klen, pem_password_cb * cb, void * u );
-int        PEM_write_bio_PKCS8PrivateKey(    BIO * bp, EVP_PKEY * x, const EVP_CIPHER * enc, char * kstr, int klen, pem_password_cb * cb, void * u );
+int PEM_write_bio_PKCS8PrivateKey(     BIO * bp, EVP_PKEY * x, const EVP_CIPHER * enc, char * kstr, int klen, pem_password_cb * cb, void * u );
-int        PEM_write_bio_PKCS8PrivateKey_nid( BIO * bp, EVP_PKEY * x, int nid, char * kstr, int klen, pem_password_cb * cb, void * u );
+int PEM_write_bio_PKCS8PrivateKey_nid( BIO * bp, EVP_PKEY * x, int nid, char * kstr, int klen, pem_password_cb * cb, void * u );
-int        PEM_write_bio_PUBKEY(             BIO * bp, EVP_PKEY * x );
+int PEM_write_bio_PUBKEY(              BIO * bp, EVP_PKEY * x );
-int        PEM_write_bio_RSAPublicKey(       BIO * bp, RSA * x );
+int PEM_write_bio_RSAPublicKey(        BIO * bp, RSA * x );
-int        PEM_write_bio_RSA_PUBKEY(         BIO * bp, RSA * x );
+int PEM_write_bio_RSA_PUBKEY(          BIO * bp, RSA * x );
-int        PEM_write_bio_DSA_PUBKEY(         BIO * bp, DSA * x );
+int PEM_write_bio_DSA_PUBKEY(          BIO * bp, DSA * x );
-int        PEM_write_bio_DSAparams(          BIO * bp, DSA * x );
+int PEM_write_bio_DSAparams(           BIO * bp, DSA * x );
-int        PEM_write_bio_DHparams(           BIO * bp, DH * x );
+int PEM_write_bio_DHparams(            BIO * bp, DH * x );
-int        PEM_write_bio_X509(               BIO * bp, X509 * x );
+int PEM_write_bio_X509(                BIO * bp, X509 * x );
-int        PEM_write_bio_X509_AUX(           BIO * bp, X509 * x );
+int PEM_write_bio_X509_AUX(            BIO * bp, X509 * x );
-int        PEM_write_bio_X509_REQ(           BIO * bp, X509_REQ * x );
+int PEM_write_bio_X509_REQ(            BIO * bp, X509_REQ * x );
-int        PEM_write_bio_X509_REQ_NEW(       BIO * bp, X509_REQ * x );
+int PEM_write_bio_X509_REQ_NEW(        BIO * bp, X509_REQ * x );
-int        PEM_write_bio_X509_CRL(           BIO * bp, X509_CRL * x );
+int PEM_write_bio_X509_CRL(            BIO * bp, X509_CRL * x );
-int        PEM_write_bio_PKCS7(              BIO * bp, PKCS7 * x );
+int PEM_write_bio_PKCS7(               BIO * bp, PKCS7 * x );
 #endif
--- a/contrib/hbssl/rand.c
+++ b/contrib/hbssl/rand.c
@@ -44,8 +44,6 @@
 *
 */
 #include "hbapi.h"
 #include "hbssl.h"
 #include <openssl/rand.h>
@@ -60,6 +58,11 @@ HB_FUNC( RAND_ADD )
   RAND_add( hb_parcx( 1 ), ( int ) hb_parclen( 1 ), hb_parnd( 2 ) );
 }
 HB_FUNC( RAND_POLL )
 {
   RAND_poll();
 }
 HB_FUNC( RAND_STATUS )
 {
   hb_retni( RAND_status() );
@@ -68,7 +71,12 @@ HB_FUNC( RAND_STATUS )
 HB_FUNC( RAND_EVENT )
 {
 #if defined( HB_OS_WIN ) && ! defined( __CYGWIN__ )
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
   RAND_poll();
   hb_retni( RAND_status() );
 #else
   hb_retni( RAND_event( hb_parni( 1 ), ( WPARAM ) hb_parnint( 2 ), ( LPARAM ) hb_parnint( 3 ) ) );
 #endif
 #else
   hb_retni( 1 );
 #endif
@@ -77,6 +85,10 @@ HB_FUNC( RAND_EVENT )
 HB_FUNC( RAND_SCREEN )
 {
 #if defined( HB_OS_WIN ) && ! defined( __CYGWIN__ )
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
   RAND_poll();
 #else
   RAND_screen();
 #endif
 #endif
 }
--- a/contrib/hbssl/ssl.c
+++ b/contrib/hbssl/ssl.c
@@ -1,7 +1,7 @@
 /*
 * OpenSSL API (SSL) - Harbour interface.
 *
- * Copyright 2009 Viktor Szakats (vszakats.net/harbour)
+ * Copyright 2009-2017 Viktor Szakats (vszakats.net/harbour)
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -45,19 +45,27 @@
 */
 /* for applink.c */
-#if ! defined( HB_OPENSSL_STATIC )
+#if defined( _MSC_VER )
-   #if defined( _MSC_VER )
+   #ifndef _CRT_SECURE_NO_WARNINGS
-      #ifndef _CRT_SECURE_NO_WARNINGS
+   #define _CRT_SECURE_NO_WARNINGS
      #define _CRT_SECURE_NO_WARNINGS
      #endif
   #endif
 #elif defined( __BORLANDC__ )
   /* NOTE: To avoid these with BCC 5.5:
            Warning W8065 openssl/applink.c 40: Call to function '_setmode' with no prototype in function app_fsetmod
            Error E2451 openssl/applink.c 82: Undefined symbol '_lseek' in function OPENSSL_Applink
    */
   #include "io.h"
   #define _setmode  setmode
   #undef _lseek
   #define _lseek    lseek
 #endif
-#include "hbapi.h"
+/* This must come before #include "hbssl.h".
-#include "hbapierr.h"
+   OpenSSL 1.1.x and upper don't require Windows headers anymore,
-#include "hbapiitm.h"
+   but if #included, it still must come before its own headers.
-#include "hbvm.h"
+   The Harbour wrapper code doesn't need the Windows headers, so
-
+   they will be dropped once 1.0.2 is EOLed in 2019-12-31. */
 #include "hbdefs.h"
 #if defined( HB_OS_WIN )
   #include <windows.h>
   #include <wincrypt.h>
@@ -65,17 +73,36 @@
 #include "hbssl.h"
 #include "hbapiitm.h"
 #include "hbvm.h"
 #if ! defined( HB_OPENSSL_NO_APPLINK ) && \
    defined( HB_OS_WIN ) && \
    defined( HB_CPU_X86 ) && \
    OPENSSL_VERSION_NUMBER >= 0x00908000L
   /* Enable this to add support for various scenarios when
      OpenSSL is build with OPENSSL_USE_APPLINK (the default).
      In such case care must be taken to initialize pointers
      to C RTL function to avoid crashes. */
   #define HB_OPENSSL_HAS_APPLINK
 #endif
 /* NOTE: See: http://www.openssl.org/support/faq.html#PROG2
         Application must call SSL_init(), so that this module gets linked.
         [vszakats] */
 #if defined( HB_OS_WIN ) && ! defined( HB_OPENSSL_STATIC ) && OPENSSL_VERSION_NUMBER >= 0x00908000L
-   /* NOTE: It doesn't build in bcc55:
+   /* Pull a stub that returns a table with some selected
-            Warning W8065 openssl/applink.c 40: Call to function '_setmode' with no prototype in function app_fsetmod
+      C RTL function pointers. When linking to OpenSSL shared
-            Error E2451 openssl/applink.c 82: Undefined symbol '_lseek' in function OPENSSL_Applink
+      libraries, the function OPENSSL_Applink() exported from
-    */
+      the application executable will be dynamically called
-   #if ! defined( __BORLANDC__ )
+      from the OpenSSL crypto .dll. When linking OpenSSL statically,
-      #include "openssl/applink.c"
+      we will call it manually from SSL_init(). This will not
-   #endif
+      work when using 'hbssl' as a dynamic lib, because
      OPENSSL_Applink() must be exported from the main executable.
      Consequently 'hbrun' will fail with operations that require
      C RTL calls internally. Such calls are currently made when
      using BIO_new_fd() BIO_new_file() IO API. */
   #include "openssl/applink.c"
 #endif
 HB_FUNC( SSL_INIT )
@@ -84,10 +111,40 @@ HB_FUNC( SSL_INIT )
   SSL_load_error_strings();
 }
-HB_FUNC( SSLEAY_VERSION )
+HB_FUNC( HB_SSL_APPLINK )
 {
 #if defined( HB_OPENSSL_HAS_APPLINK )
   hb_retl( HB_TRUE );
 #else
   hb_retl( HB_FALSE );
 #endif
 }
 HB_FUNC( HB_SSL_STATIC )
 {
 #if defined( HB_DYNLIB )
   hb_retl( HB_FALSE );
 #else
   hb_retl( HB_TRUE );
 #endif
 }
 HB_FUNC( OPENSSL_VERSION )
 {
   int value = hb_parni( 1 );
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
    ! defined( LIBRESSL_VERSION_NUMBER )
   switch( value )
   {
      case HB_OPENSSL_VERSION:   value = OPENSSL_VERSION;  break;
      case HB_OPENSSL_CFLAGS:    value = OPENSSL_CFLAGS;   break;
      case HB_OPENSSL_BUILT_ON:  value = OPENSSL_BUILT_ON; break;
      case HB_OPENSSL_PLATFORM:  value = OPENSSL_PLATFORM; break;
      case HB_OPENSSL_DIR:       value = OPENSSL_DIR;      break;
   }
   hb_retc( OpenSSL_version( value ) );
 #else
   switch( value )
   {
      case HB_SSLEAY_VERSION:   value = SSLEAY_VERSION;  break;
@@ -96,58 +153,106 @@ HB_FUNC( SSLEAY_VERSION )
      case HB_SSLEAY_PLATFORM:  value = SSLEAY_PLATFORM; break;
      case HB_SSLEAY_DIR:       value = SSLEAY_DIR;      break;
   }
   hb_retc( SSLeay_version( value ) );
 #endif
 }
-HB_FUNC( OPENSSL_VERSION )
+HB_FUNC( OPENSSL_VERSION_NUMBER )
 {
   hb_retnint( OPENSSL_VERSION_NUMBER );
 }
-HB_FUNC( SSLEAY )
+HB_FUNC( OPENSSL_VERSION_NUM )
 {
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
    ! defined( LIBRESSL_VERSION_NUMBER )
   hb_retnint( OpenSSL_version_num() );
 #else
   hb_retnint( SSLeay() );
 #endif
 }
-static HB_GARBAGE_FUNC( SSL_release )
+/* SSLEAY_VERSION is existing macro so we cannot use HB_FUNC_TRANSLATE */
-{
+#if 0
-   void ** ph = ( void ** ) Cargo;
+   HB_FUNC_TRANSLATE( SSLEAY_VERSION, OPENSSL_VERSION )
 #else
   HB_FUNC( SSLEAY_VERSION )
   {
      HB_FUNC_EXEC( OPENSSL_VERSION );
   }
 #endif
 HB_FUNC_TRANSLATE( SSLEAY, OPENSSL_VERSION_NUM )
-   /* Check if pointer is not NULL to avoid multiple freeing */
+typedef struct _HB_SSL
-   if( ph && *ph )
+{
   SSL * ssl;
   PHB_ITEM pCallbackArg;
 } HB_SSL, * PHB_SSL;
 static HB_GARBAGE_FUNC( PHB_SSL_release )
 {
   PHB_SSL hb_ssl = ( PHB_SSL ) Cargo;
   if( hb_ssl )
   {
      /* Destroy the object */
-      SSL_free( ( SSL * ) *ph );
+      if( hb_ssl->ssl )
      {
         SSL_free( hb_ssl->ssl );
         hb_ssl->ssl = NULL;
      }
-      /* set pointer to NULL just in case */
+      if( hb_ssl->pCallbackArg )
-      *ph = NULL;
+      {
         hb_itemRelease( hb_ssl->pCallbackArg );
         hb_ssl->pCallbackArg = NULL;
      }
   }
 }
 static HB_GARBAGE_FUNC( PHB_SSL_mark )
 {
   PHB_SSL hb_ssl = ( PHB_SSL ) Cargo;
   if( hb_ssl )
   {
      if( hb_ssl->pCallbackArg )
         hb_gcMark( hb_ssl->pCallbackArg );
   }
 }
 static const HB_GC_FUNCS s_gcSSL_funcs =
 {
-   SSL_release,
+   PHB_SSL_release,
-   hb_gcDummyMark
+   PHB_SSL_mark
 };
-void * hb_SSL_is( int iParam )
+HB_BOOL hb_SSL_is( int iParam )
 {
-   return hb_parptrGC( &s_gcSSL_funcs, iParam );
+   PHB_SSL hb_ssl = ( PHB_SSL ) hb_parptrGC( &s_gcSSL_funcs, iParam );
   return hb_ssl && hb_ssl->ssl;
 }
 static PHB_SSL hb_SSL_par_raw( int iParam )
 {
   PHB_SSL hb_ssl = ( PHB_SSL ) hb_parptrGC( &s_gcSSL_funcs, iParam );
   return hb_ssl;
 }
 SSL * hb_SSL_par( int iParam )
 {
-   void ** ph = ( void ** ) hb_parptrGC( &s_gcSSL_funcs, iParam );
+   PHB_SSL hb_ssl = ( PHB_SSL ) hb_parptrGC( &s_gcSSL_funcs, iParam );
-   return ph ? ( SSL * ) *ph : NULL;
+   return hb_ssl ? hb_ssl->ssl : NULL;
 }
 SSL * hb_SSL_itemGet( PHB_ITEM pItem )
 {
-   void ** ph = ( void ** ) hb_itemGetPtrGC( pItem, &s_gcSSL_funcs );
+   PHB_SSL hb_ssl = ( PHB_SSL ) hb_itemGetPtrGC( pItem, &s_gcSSL_funcs );
-   return ph ? ( SSL * ) *ph : NULL;
+   return hb_ssl ? hb_ssl->ssl : NULL;
 }
 HB_FUNC( SSL_NEW )
@@ -158,13 +263,12 @@ HB_FUNC( SSL_NEW )
      if( ctx )
      {
-         void ** ph = ( void ** ) hb_gcAllocate( sizeof( SSL * ), &s_gcSSL_funcs );
+         PHB_SSL hb_ssl = ( PHB_SSL ) hb_gcAllocate( sizeof( HB_SSL ), &s_gcSSL_funcs );
-         SSL * ssl = SSL_new( ctx );
+         memset( hb_ssl, 0, sizeof( HB_SSL ) );
         hb_ssl->ssl = SSL_new( ctx );
-         *ph = ssl;
+         hb_retptrGC( hb_ssl );
         hb_retptrGC( ph );
      }
   }
   else
@@ -179,13 +283,13 @@ HB_FUNC( SSL_DUP )
      if( ssl_par )
      {
-         void ** ph = ( void ** ) hb_gcAllocate( sizeof( SSL * ), &s_gcSSL_funcs );
+         PHB_SSL hb_ssl = ( PHB_SSL ) hb_gcAllocate( sizeof( HB_SSL ), &s_gcSSL_funcs );
-         SSL * ssl = SSL_dup( ssl_par );
+         memset( hb_ssl, 0, sizeof( HB_SSL ) );
-         *ph = ssl;
+         hb_ssl->ssl = SSL_dup( ssl_par );
-         hb_retptrGC( ph );
+         hb_retptrGC( hb_ssl );
      }
   }
   else
@@ -218,6 +322,9 @@ HB_FUNC( SSL_CLEAR )
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
 HB_FUNC_TRANSLATE( SSL_STATE, SSL_GET_STATE )
 #else
 HB_FUNC( SSL_STATE )
 {
   if( hb_SSL_is( 1 ) )
@@ -230,6 +337,7 @@ HB_FUNC( SSL_STATE )
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
 #endif
 HB_FUNC( SSL_PENDING )
 {
@@ -625,6 +733,11 @@ HB_FUNC( SSL_GET_SSL_METHOD )
 #endif
         int n;
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
         if(      p == TLS_method()           ) n = HB_SSL_CTX_NEW_METHOD_TLS;
         else if( p == TLS_server_method()    ) n = HB_SSL_CTX_NEW_METHOD_TLS_SERVER;
         else if( p == TLS_client_method()    ) n = HB_SSL_CTX_NEW_METHOD_TLS_CLIENT;
 #else
         if(      p == SSLv3_method()         ) n = HB_SSL_CTX_NEW_METHOD_SSLV3;
         else if( p == SSLv3_server_method()  ) n = HB_SSL_CTX_NEW_METHOD_SSLV3_SERVER;
         else if( p == SSLv3_client_method()  ) n = HB_SSL_CTX_NEW_METHOD_SSLV3_CLIENT;
@@ -639,6 +752,7 @@ HB_FUNC( SSL_GET_SSL_METHOD )
         else if( p == SSLv23_method()        ) n = HB_SSL_CTX_NEW_METHOD_SSLV23;
         else if( p == SSLv23_server_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER;
         else if( p == SSLv23_client_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT;
 #endif
         else                                   n = HB_SSL_CTX_NEW_METHOD_UNKNOWN;
         hb_retni( n );
@@ -765,6 +879,21 @@ HB_FUNC( SSL_GET_SHARED_CIPHERS )
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
 HB_FUNC( SSL_SET_TLSEXT_HOST_NAME )
 {
   if( hb_SSL_is( 1 ) )
   {
 #if defined( SSL_CTRL_SET_TLSEXT_HOSTNAME )
      SSL * ssl = hb_SSL_par( 1 );
      if( ssl )
         hb_retni( SSL_set_tlsext_host_name( ssl, HB_UNCONST( hb_parc( 2 ) ) ) );
 #endif
   }
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
 HB_FUNC( SSL_ALERT_DESC_STRING )
 {
   hb_retc( SSL_alert_desc_string( hb_parni( 1 ) ) );
@@ -962,7 +1091,7 @@ HB_FUNC( SSL_GET_READ_AHEAD )
 {
   if( hb_SSL_is( 1 ) )
   {
-#if defined( __BORLANDC__ ) /* TOFIX: SSL_get_read_ahead is an unresolved external when trying to link with BCC */
+#if defined( __BORLANDC__ ) /* FIXME: SSL_get_read_ahead is an unresolved external when trying to link with BCC */
      hb_retni( 0 );
 #else
      SSL * ssl = hb_SSL_par( 1 );
@@ -1196,21 +1325,6 @@ HB_FUNC( SSL_SET_VERIFY )
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
 HB_FUNC( SSL_SET_TLSEXT_HOST_NAME )
 {
   if( hb_SSL_is( 1 ) )
   {
 #if defined( SSL_set_tlsext_host_name ) || OPENSSL_VERSION_NUMBER >= 0x00908060L
      SSL * ssl = hb_SSL_par( 1 );
      if( ssl )
         SSL_set_tlsext_host_name( ssl, hb_parc( 2 ) );
 #endif
   }
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
 HB_FUNC( SSL_SET_QUIET_SHUTDOWN )
 {
   if( hb_SSL_is( 1 ) )
@@ -1414,7 +1528,7 @@ HB_FUNC( SSL_GET_CIPHERS )
            int      tmp;
            for( tmp = 0; tmp < len; tmp++ )
-               hb_arraySetPtr( pArray, tmp + 1, sk_SSL_CIPHER_value( stack, tmp ) );
+               hb_arraySetPtr( pArray, tmp + 1, HB_UNCONST( sk_SSL_CIPHER_value( stack, tmp ) ) );
            hb_itemReturnRelease( pArray );
         }
@@ -1486,10 +1600,15 @@ HB_FUNC( SSL_USE_RSAPRIVATEKEY_ASN1 )
      SSL * ssl = hb_SSL_par( 1 );
      if( ssl )
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
    ! defined( LIBRESSL_VERSION_NUMBER )
         hb_retni( SSL_use_RSAPrivateKey_ASN1( ssl, ( const unsigned char * ) hb_parc( 2 ), ( int ) hb_parclen( 2 ) ) );
 #else
         /* 'const' not used in 2nd param because ssh.h misses it, too.
-             Bug report sent: #1988
+             Bug reported: #1988 [Fixed in 1.1.0 after submitting patch]
             [vszakats] */
         hb_retni( SSL_use_RSAPrivateKey_ASN1( ssl, ( unsigned char * ) HB_UNCONST( hb_parc( 2 ) ), ( int ) hb_parclen( 2 ) ) );
 #endif
   }
   else
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
@@ -1563,26 +1682,29 @@ HB_FUNC( SSL_SET_MSG_CALLBACK )
 {
   if( hb_SSL_is( 1 ) )
   {
-      SSL * ssl = hb_SSL_par( 1 );
+      PHB_SSL hb_ssl = hb_SSL_par_raw( 1 );
-      if( ssl )
+      if( hb_ssl )
      {
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
         PHB_ITEM pCallback = hb_param( 2, HB_IT_EVALITEM );
         if( hb_ssl->pCallbackArg )
         {
            SSL_set_msg_callback_arg( hb_ssl->ssl, NULL );
            hb_itemRelease( hb_ssl->pCallbackArg );
            hb_ssl->pCallbackArg = NULL;
         }
         if( pCallback )
         {
-            PHB_ITEM pPassCallback = hb_itemNew( pCallback );
+            hb_ssl->pCallbackArg = hb_itemNew( pCallback );
-            SSL_set_msg_callback_arg( ssl, pPassCallback );
+            SSL_set_msg_callback_arg( hb_ssl->ssl, hb_ssl->pCallbackArg );
-            SSL_set_msg_callback( ssl, hb_ssl_msg_callback );
+            SSL_set_msg_callback( hb_ssl->ssl, hb_ssl_msg_callback );
            hb_gcUnlock( hb_ssl->pCallbackArg );
         }
         else
-         {
+            SSL_set_msg_callback( hb_ssl->ssl, NULL );
            /* NOTE: WARNING: Direct access to OpenSSL internals. [vszakats] */
            hb_itemRelease( ( PHB_ITEM ) ssl->msg_callback_arg );
            SSL_set_msg_callback_arg( ssl, NULL );
            SSL_set_msg_callback( ssl, NULL );
         }
 #endif
      }
   }
@@ -1590,29 +1712,30 @@ HB_FUNC( SSL_SET_MSG_CALLBACK )
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
-/*
+#if 0
-   void         SSL_set_psk_client_callback(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));
+void         SSL_set_psk_client_callback( SSL * ssl, unsigned int ( * callback )( SSL * ssl, const char * hint, char * identity, unsigned int max_identity_len, unsigned char * psk, unsigned int max_psk_len ) );
-   void         SSL_set_psk_server_callback(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
+void         SSL_set_psk_server_callback( SSL * ssl, unsigned int ( * callback )( SSL * ssl, const char * identity, unsigned char * psk, int max_psk_len ) );
-   EVP_PKEY *   SSL_get_privatekey(SSL *ssl);
+EVP_PKEY *   SSL_get_privatekey( SSL * ssl );
-   STACK *      SSL_get_peer_cert_chain(const SSL *ssl);
+STACK *      SSL_get_peer_cert_chain( const SSL * ssl );
-   int          SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+int          SSL_use_RSAPrivateKey( SSL * ssl, RSA * rsa );
-   void         SSL_set_app_data(SSL *ssl, char *arg);
+void         SSL_set_app_data( SSL * ssl, char * arg );
-   int          SSL_set_ex_data(SSL *ssl, int idx, char *arg);
+int          SSL_set_ex_data( SSL * ssl, int idx, char * arg );
-   char *       SSL_get_app_data(SSL *ssl);
+char *       SSL_get_app_data( SSL * ssl );
-   char *       SSL_get_ex_data( ssl, int );
+char *       SSL_get_ex_data( ssl, int );
-   int          SSL_add_dir_cert_subjects_to_stack(STACK *stack, const char *dir);
+int          SSL_add_dir_cert_subjects_to_stack( STACK * stack, const char * dir );
-   int          SSL_add_file_cert_subjects_to_stack(STACK *stack, const char *file);
+int          SSL_add_file_cert_subjects_to_stack( STACK * stack, const char * file );
-   STACK *      SSL_dup_CA_list(STACK *sk);
+STACK *      SSL_dup_CA_list( STACK * sk );
-   SSL_CTX *    SSL_get_SSL_CTX(const SSL *ssl);
+SSL_CTX *    SSL_get_SSL_CTX( const SSL * ssl );
-   int          SSL_get_ex_data_X509_STORE_CTX_idx(void);
+int          SSL_get_ex_data_X509_STORE_CTX_idx( void );
-   int          SSL_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+int          SSL_get_ex_new_index( long argl, char * argp, int ( *new_func ); ( void ), int ( * dup_func )( void ), void ( * free_func )( void ) )
-   void (*SSL_get_info_callback(const SSL *ssl);)()
+void( *SSL_get_info_callback( const SSL * ssl ); )()
-   SSL_SESSION *SSL_get_session(const SSL *ssl);
+SSL_SESSION * SSL_get_session( const SSL * ssl );
-   int (*SSL_get_verify_callback(const SSL *ssl))(int,X509_STORE_CTX *)
+int( *SSL_get_verify_callback( const SSL * ssl ) )( int, X509_STORE_CTX * )
-   void         SSL_set_client_CA_list(SSL *ssl, STACK *list);
+void         SSL_set_client_CA_list( SSL * ssl, STACK * list );
-   void         SSL_set_info_callback(SSL *ssl, void (*cb);(void))
+void         SSL_set_info_callback( SSL * ssl, void ( *cb ); ( void ) )
-   void         SSL_set_verify(SSL *ssl, int mode, int (*callback);(void))
+void         SSL_set_verify( SSL * ssl, int mode, int ( *callback ); ( void ) )
- */
+
 #endif
--- a/contrib/hbssl/ssl_hb.c
+++ b/contrib/hbssl/ssl_hb.c
@@ -44,14 +44,11 @@
 *
 */
 #include "hbapi.h"
 #include "hbapierr.h"
 #include "hbapiitm.h"
 #include "hbsocket.h"
 #include "hbvm.h"
 #include "hbssl.h"
 #include "hbapiitm.h"
 #include "hbvm.h"
 HB_FUNC( HB_SSL_READ_ALL )
 {
   if( hb_SSL_is( 1 ) )
--- a/contrib/hbssl/ssl_inet.c
+++ b/contrib/hbssl/ssl_inet.c
@@ -46,13 +46,11 @@
 #define _HB_ZNET_INTERNAL_
-#include "hbapi.h"
+#include "hbssl.h"
 #include "hbapiitm.h"
 #include "hbapierr.h"
 #include "hbsocket.h"
 #include "hbdate.h"
 #include "hbznet.h"
 #include "hbssl.h"
 static long hb_inetReadSSL( PHB_ZNETSTREAM pStream, HB_SOCKET sd,
                            void * buffer, long len, HB_MAXINT timeout )
--- a/contrib/hbssl/ssl_sock.c
+++ b/contrib/hbssl/ssl_sock.c
@@ -47,12 +47,11 @@
 /* this has to be declared before hbsocket.h is included */
 #define _HB_SOCKEX_IMPLEMENTATION_
 #include "hbapiitm.h"
 #include "hbapierr.h"
 #include "hbvm.h"
 #include "hbsocket.h"
 #include "hbdate.h"
 #include "hbssl.h"
 #include "hbapiitm.h"
 #include "hbvm.h"
 #include "hbdate.h"
 #include "hbinit.h"
 typedef struct _HB_SSLSTREAM
@@ -116,7 +115,7 @@ long hb_ssl_socketRead( PHB_SSLSTREAM pStream, HB_SOCKET sd,
   if( pStream->blocking ? timeout >= 0 : timeout < 0 )
   {
      if( hb_socketSetBlockingIO( sd, timeout < 0 ) >= 0 )
-         pStream->blocking = !pStream->blocking;
+         pStream->blocking = ! pStream->blocking;
   }
   timer = hb_timerInit( timeout );
@@ -205,7 +204,7 @@ long hb_ssl_socketWrite( PHB_SSLSTREAM pStream, HB_SOCKET sd,
   if( pStream->blocking ? timeout >= 0 : timeout < 0 )
   {
      if( hb_socketSetBlockingIO( sd, timeout < 0 ) >= 0 )
-         pStream->blocking = !pStream->blocking;
+         pStream->blocking = ! pStream->blocking;
   }
   timer = hb_timerInit( timeout );
@@ -288,10 +287,10 @@ PHB_SSLSTREAM hb_ssl_socketNew( HB_SOCKET sd, SSL * ssl, HB_BOOL fServer,
   pStream->pSSL = pSSL ? hb_itemNew( pSSL ) : NULL;
   pStream->blocking = timeout < 0;
   if( hb_socketSetBlockingIO( sd, pStream->blocking ) < 0 )
-      pStream->blocking = !pStream->blocking;
+      pStream->blocking = ! pStream->blocking;
   SSL_set_mode( ssl, HB_SSL_MODE_AUTO_RETRY );
-   iResult = SSL_set_fd( ssl, sd );
+   iResult = SSL_set_fd( ssl, sd );  /* Truncates `sd` on win64. OpenSSL bug: https://rt.openssl.org/Ticket/Display.html?id=1928&user=guest&pass=guest */
   timer = hb_timerInit( timeout );
--- a/contrib/hbssl/sslciph.c
+++ b/contrib/hbssl/sslciph.c
@@ -44,9 +44,6 @@
 *
 */
 #include "hbapi.h"
 #include "hbapierr.h"
 #include "hbssl.h"
 HB_FUNC( SSL_CIPHER_DESCRIPTION )
--- a/contrib/hbssl/sslctx.c
+++ b/contrib/hbssl/sslctx.c
@@ -44,10 +44,12 @@
 *
 */
-#include "hbapi.h"
+/* This must come before #include "hbssl.h".
-#include "hbapierr.h"
+   OpenSSL 1.1.x and upper don't require Windows headers anymore,
-#include "hbapiitm.h"
+   but if #included, it still must come before its own headers.
-
+   The Harbour wrapper code doesn't need the Windows headers, so
   they will be dropped once 1.0.2 is EOLed in 2019-12-31. */
 #include "hbdefs.h"
 #if defined( HB_OS_WIN )
   #include <windows.h>
   #include <wincrypt.h>
@@ -55,6 +57,8 @@
 #include "hbssl.h"
 #include "hbapiitm.h"
 static HB_GARBAGE_FUNC( SSL_CTX_release )
 {
   void ** ph = ( void ** ) Cargo;
@@ -76,9 +80,9 @@ static const HB_GC_FUNCS s_gcSSL_CTX_funcs =
   hb_gcDummyMark
 };
-void * hb_SSL_CTX_is( int iParam )
+HB_BOOL hb_SSL_CTX_is( int iParam )
 {
-   return hb_parptrGC( &s_gcSSL_CTX_funcs, iParam );
+   return hb_parptrGC( &s_gcSSL_CTX_funcs, iParam ) != NULL;
 }
 SSL_CTX * hb_SSL_CTX_par( int iParam )
@@ -101,6 +105,11 @@ const SSL_METHOD * hb_ssl_method_id_to_ptr( int n )
   switch( n )
   {
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
      case HB_SSL_CTX_NEW_METHOD_TLS:           p = TLS_method();           break;
      case HB_SSL_CTX_NEW_METHOD_TLS_SERVER:    p = TLS_server_method();    break;
      case HB_SSL_CTX_NEW_METHOD_TLS_CLIENT:    p = TLS_client_method();    break;
 #else
 #if OPENSSL_VERSION_NUMBER < 0x10000000L
      case HB_SSL_CTX_NEW_METHOD_SSLV2:         p = SSLv2_method();         break;
      case HB_SSL_CTX_NEW_METHOD_SSLV2_SERVER:  p = SSLv2_server_method();  break;
@@ -115,6 +124,7 @@ const SSL_METHOD * hb_ssl_method_id_to_ptr( int n )
      case HB_SSL_CTX_NEW_METHOD_SSLV23:        p = SSLv23_method();        break;
      case HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER: p = SSLv23_server_method(); break;
      case HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT: p = SSLv23_client_method(); break;
 #endif
      default: p = SSLv23_method();
   }
@@ -607,7 +617,7 @@ HB_FUNC( SSL_CTX_GET_CLIENT_CA_LIST )
      if( ctx )
      {
-#if OPENSSL_VERSION_NUMBER < 0x10000000L /* TOFIX: Compilation error when tried with 1.0.0beta5 */
+#if OPENSSL_VERSION_NUMBER < 0x10000000L || OPENSSL_VERSION_NUMBER >= 0x1000000FL /* NOTE: Compilation error when tried with 1.0.0beta5 */
         STACK_OF( X509_NAME ) * stack = SSL_CTX_get_client_CA_list( ctx );
         int len = sk_X509_NAME_num( stack );
@@ -785,51 +795,50 @@ HB_FUNC( SSL_CTX_SET_DEFAULT_VERIFY_PATHS )
 #endif
 }
-/*
+#if 0
-   #define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME)
+#define sk_X509_NAME_new_null()       SKM_sk_new_null( X509_NAME )
-   #define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val))
+#define sk_X509_NAME_push( st, val )  SKM_sk_push( X509_NAME, ( st ), ( val ) )
-   #define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st))
+#define sk_X509_NAME_free( st )       SKM_sk_free( X509_NAME, ( st ) )
-   X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
+X509_STORE * SSL_CTX_get_cert_store( const SSL_CTX * );
-   void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
+void SSL_CTX_set_cert_store( SSL_CTX *, X509_STORE * );
-   void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs);
+void SSL_CTX_set_cert_store( SSL_CTX * ctx, X509_STORE * cs );
-   int  SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+int  SSL_CTX_use_RSAPrivateKey( SSL_CTX * ctx, RSA * rsa );
-   long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);
+long SSL_CTX_ctrl( SSL_CTX * ctx, int cmd, long larg, char * parg );
-   void SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg);
+void SSL_CTX_set_app_data( SSL_CTX * ctx, void * arg );
-   int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);
+int SSL_CTX_set_ex_data( SSL_CTX * s, int idx, char * arg );
-   char * SSL_CTX_get_app_data( ctx );
+char * SSL_CTX_get_app_data( ctx );
-   char * SSL_CTX_get_ex_data( ctx, int );
+char * SSL_CTX_get_ex_data( ctx, int );
-   int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+int( *SSL_CTX_get_client_cert_cb( SSL_CTX * ctx ) )( SSL * ssl, X509 * *x509, EVP_PKEY * *pkey );
-   int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+int SSL_CTX_get_ex_new_index( long argl, char * argp, int ( *new_func ); ( void ), int ( * dup_func )( void ), void ( * free_func )( void ) )
-   void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);
+void( *SSL_CTX_get_info_callback( SSL_CTX * ctx ) )( SSL * ssl, int cb, int ret );
-   int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);
+int( *SSL_CTX_get_verify_callback( const SSL_CTX * ctx ) )( int ok, X509_STORE_CTX * ctx );
-   SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);
+SSL_SESSION *( *SSL_CTX_sess_get_get_cb( SSL_CTX * ctx ) )( SSL * ssl, unsigned char * data, int len, int * copy );
-   int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);
+int ( *SSL_CTX_sess_get_new_cb( SSL_CTX * ctx )( SSL * ssl, SSL_SESSION * sess );
-   void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);
+void ( *SSL_CTX_sess_get_remove_cb( SSL_CTX * ctx )( SSL_CTX * ctx, SSL_SESSION * sess );
-   void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));
+void SSL_CTX_sess_set_get_cb( SSL_CTX * ctx, SSL_SESSION * ( *cb )( SSL * ssl, unsigned char * data, int len, int * copy ) );
-   void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));
+void SSL_CTX_sess_set_new_cb( SSL_CTX * ctx, int ( * cb )( SSL * ssl, SSL_SESSION * sess ) );
-   void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));
+void SSL_CTX_sess_set_remove_cb( SSL_CTX * ctx, void ( * cb )( SSL_CTX * ctx, SSL_SESSION * sess ) );
-   LHASH *SSL_CTX_sessions(SSL_CTX *ctx);
+LHASH * SSL_CTX_sessions( SSL_CTX * ctx );
-   void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(), char *arg)
+void SSL_CTX_set_cert_verify_cb( SSL_CTX * ctx, int ( * cb )(), char * arg )
-   void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);
+void SSL_CTX_set_client_CA_list( SSL_CTX * ctx, STACK * list );
-   void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+void SSL_CTX_set_client_cert_cb( SSL_CTX * ctx, int ( * cb )( SSL * ssl, X509 ** x509, EVP_PKEY ** pkey ) );
-   void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, int (*cb);(void))
+void SSL_CTX_set_default_passwd_cb( SSL_CTX * ctx, int ( *cb ); ( void ) )
-   void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));
+void SSL_CTX_set_info_callback( SSL_CTX * ctx, void ( * cb )( SSL * ssl, int cb, int ret ) );
-   void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+void SSL_CTX_set_msg_callback( SSL_CTX * ctx, void ( * cb )( int write_p, int version, int content_type, const void * buf, size_t len, SSL * ssl, void * arg ) );
-   void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
+void SSL_CTX_set_msg_callback_arg( SSL_CTX * ctx, void * arg );
-   long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh);
+long SSL_CTX_set_tmp_dh( SSL_CTX * ctx, DH * dh );
-   long SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(void));
+long SSL_CTX_set_tmp_dh_callback( SSL_CTX * ctx, DH * ( *cb )( void ) );
-   long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);
+long SSL_CTX_set_tmp_rsa( SSL_CTX * ctx, RSA * rsa );
-   SSL_CTX_set_tmp_rsa_callback
+/* SSL_CTX_set_tmp_rsa_callback */
-   long SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int export, int keylength));
+long SSL_CTX_set_tmp_rsa_callback( SSL_CTX * ctx, RSA * ( *cb )( SSL * ssl, int export, int keylength ) );
-   Sets the callback which will be called when a temporary private key is required. The export flag will be set if the reason for needing a temp key is that an export ciphersuite is in use, in which case, keylength will contain the required keylength in bits. Generate a key of appropriate size (using ???) and return it.
+long SSL_set_tmp_rsa_callback( SSL * ssl, RSA * ( *cb )( SSL * ssl, int export, int keylength ) );
-   SSL_set_tmp_rsa_callback
+The same as SSL_CTX_set_tmp_rsa_callback, except it operates on an SSL session instead of a context.
-   long SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
+void SSL_CTX_set_verify( SSL_CTX * ctx, int mode, int ( *cb ); ( void ) )
-   The same as SSL_CTX_set_tmp_rsa_callback, except it operates on an SSL session instead of a context.
+void SSL_CTX_set_psk_client_callback( SSL_CTX * ctx, unsigned int ( * callback )( SSL * ssl, const char * hint, char * identity, unsigned int max_identity_len, unsigned char * psk, unsigned int max_psk_len ) );
-   void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))
+void SSL_CTX_set_psk_server_callback( SSL_CTX * ctx, unsigned int ( * callback )( SSL * ssl, const char * identity, unsigned char * psk, int max_psk_len ) );
-   void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));
+
-   void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
+#endif
 */
--- a/contrib/hbssl/sslsess.c
+++ b/contrib/hbssl/sslsess.c
@@ -44,9 +44,6 @@
 *
 */
 #include "hbapi.h"
 #include "hbapierr.h"
 #include "hbssl.h"
 static HB_GARBAGE_FUNC( SSL_SESSION_release )
@@ -70,9 +67,9 @@ static const HB_GC_FUNCS s_gcSSL_SESSION_funcs =
   hb_gcDummyMark
 };
-void * hb_SSL_SESSION_is( int iParam )
+HB_BOOL hb_SSL_SESSION_is( int iParam )
 {
-   return hb_parptrGC( &s_gcSSL_SESSION_funcs, iParam );
+   return hb_parptrGC( &s_gcSSL_SESSION_funcs, iParam ) != NULL;
 }
 SSL_SESSION * hb_SSL_SESSION_par( int iParam )
@@ -176,13 +173,15 @@ HB_FUNC( SSL_SESSION_HASH )
      hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
-/*
+#if 0
   char *SSL_SESSION_get_app_data(SSL_SESSION *s);
   char *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx);
   void SSL_SESSION_set_app_data(SSL_SESSION *s, char *a);
   int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, char *arg);
-   int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(void), int (*dup_func)(void), void (*free_func)(void))
+char * SSL_SESSION_get_app_data( SSL_SESSION * s );
-   int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x);
+char * SSL_SESSION_get_ex_data( const SSL_SESSION * s, int idx );
-   int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x);
+void SSL_SESSION_set_app_data( SSL_SESSION * s, char * a );
- */
+int SSL_SESSION_set_ex_data( SSL_SESSION * s, int idx, char * arg );
 int SSL_SESSION_get_ex_new_index( long argl, char * argp, int ( * new_func )( void ), int ( * dup_func )( void ), void ( * free_func )( void ) )
 int SSL_SESSION_print( BIO * bp, const SSL_SESSION * x );
 int SSL_SESSION_print_fp( FILE * fp, const SSL_SESSION * x );
 #endif
--- a/contrib/hbssl/x509.c
+++ b/contrib/hbssl/x509.c
@@ -44,9 +44,12 @@
 *
 */
-#include "hbapi.h"
+/* This must come before #include "hbssl.h".
-#include "hbapierr.h"
+   OpenSSL 1.1.x and upper don't require Windows headers anymore,
-
+   but if #included, it still must come before its own headers.
   The Harbour wrapper code doesn't need the Windows headers, so
   they will be dropped once 1.0.2 is EOLed in 2019-12-31. */
 #include "hbdefs.h"
 #if defined( HB_OS_WIN )
   #include <windows.h>
   #include <wincrypt.h>
@@ -82,9 +85,9 @@ static const HB_GC_FUNCS s_gcX509_funcs =
   hb_gcDummyMark
 };
-void * hb_X509_is( int iParam )
+HB_BOOL hb_X509_is( int iParam )
 {
-   return hb_parptrGC( &s_gcX509_funcs, iParam );
+   return hb_parptrGC( &s_gcX509_funcs, iParam ) != NULL;
 }
 X509 * hb_X509_par( int iParam )
--- a/include/hbapiitm.h
+++ b/include/hbapiitm.h
@@ -78,6 +78,8 @@ extern HB_EXPORT PHB_ITEM     hb_itemArrayNew  ( HB_SIZE nLen );
 extern HB_EXPORT PHB_ITEM     hb_itemArrayPut  ( PHB_ITEM pArray, HB_SIZE nIndex, PHB_ITEM pItem );
 extern HB_EXPORT HB_SIZE      hb_itemCopyC     ( PHB_ITEM pItem, char * szBuffer, HB_SIZE nLen );
 extern HB_EXPORT HB_BOOL      hb_itemFreeC     ( char * szText );
 extern HB_EXPORT const char * hb_itemGetCRef   ( PHB_ITEM pItem, void ** phRef, HB_SIZE * pnLen );
 extern HB_EXPORT void         hb_itemFreeCRef  ( void * hRef );
 extern HB_EXPORT char *       hb_itemGetC      ( PHB_ITEM pItem );
 extern HB_EXPORT const char * hb_itemGetCPtr   ( PHB_ITEM pItem );
 extern HB_EXPORT HB_SIZE      hb_itemGetCLen   ( PHB_ITEM pItem );
--- a/include/hbsocket.h
+++ b/include/hbsocket.h
@@ -69,6 +69,7 @@ extern HB_EXPORT int          hb_socketGetError( void );
 extern HB_EXPORT int          hb_socketGetOsError( void );
 extern HB_EXPORT const char * hb_socketErrorStr( int iError );
 extern HB_EXPORT void         hb_socketSetError( int iError );
 extern HB_EXPORT HB_U16       hb_socketNToHS( HB_U16 netshort );
 extern HB_EXPORT int          hb_socketGetAddrFamily( const void * pSockAddr, unsigned len );
 extern HB_EXPORT HB_BOOL      hb_socketLocalAddr( void ** pSockAddr, unsigned * puiLen, const char * szAddr );
 extern HB_EXPORT HB_BOOL      hb_socketInetAddr( void ** pSockAddr, unsigned * puiLen, const char * szAddr, int iPort );
--- a/src/rtl/hbsocket.c
+++ b/src/rtl/hbsocket.c
@@ -1956,6 +1956,11 @@ static int hb_socketSelectWRE( HB_SOCKET sd, HB_MAXINT timeout )
 #endif /* ! HB_HAS_POLL */
 }
 HB_U16 hb_socketNToHS( HB_U16 netshort )
 {
   return ntohs( netshort );
 }
 int hb_socketGetAddrFamily( const void * pSockAddr, unsigned len )
 {
   return pSockAddr && len ? ( ( const struct sockaddr * ) pSockAddr )->sa_family : -1;
--- a/src/vm/itemapi.c
+++ b/src/vm/itemapi.c
@@ -487,6 +487,40 @@ HB_BOOL hb_itemFreeC( char * szText )
      return HB_FALSE;
 }
 const char * hb_itemGetCRef( PHB_ITEM pItem, void ** phRef, HB_SIZE * pnLen )
 {
   HB_TRACE( HB_TR_DEBUG, ( "hb_itemGetCRef(%p, %p, %p)", ( void * ) pItem, ( void * ) phRef, ( void * ) pnLen ) );
   * phRef = NULL;
   if( pItem && HB_IS_STRING( pItem ) )
   {
      if( pnLen )
         * pnLen = pItem->item.asString.length;
      if( pItem->item.asString.allocated )
      {
         * phRef = ( void * ) pItem->item.asString.value;
         hb_xRefInc( pItem->item.asString.value );
      }
      return pItem->item.asString.value;
   }
   if( pnLen )
      * pnLen = 0;
   return NULL;
 }
 void hb_itemFreeCRef( void * hRef )
 {
   HB_TRACE( HB_TR_DEBUG, ( "hb_itemFreeCRef(%p)", hRef ) );
   if( hRef )
      hb_xRefFree( hRef );
 }
 /* NOTE: Clipper is buggy and will not append a trailing zero, although
         the NG says that it will. Check your buffers, since what may have
         worked with Clipper could overrun the buffer with Harbour.