More type-checking.
diff --git a/apps/Makefile b/apps/Makefile
index 1ef5c14..1718538 100644
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -362,10 +362,10 @@
 dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dsaparam.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-dsaparam.o: ../include/openssl/x509v3.h apps.h dsaparam.c
+dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
+dsaparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+dsaparam.o: dsaparam.c
 ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -470,10 +470,10 @@
 gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
-gendh.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-gendh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-gendh.o: ../include/openssl/x509v3.h apps.h gendh.c
+gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h
+gendh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+gendh.o: gendh.c
 gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -522,10 +522,10 @@
 genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-genrsa.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-genrsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-genrsa.o: ../include/openssl/x509v3.h apps.h genrsa.c
+genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
+genrsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+genrsa.o: genrsa.c
 nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -741,10 +741,9 @@
 req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 req.o: ../include/openssl/sha.h ../include/openssl/stack.h
-req.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-req.o: ../include/openssl/x509v3.h apps.h req.c
+req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+req.o: ../include/openssl/ui.h ../include/openssl/x509.h
+req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
 rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -839,11 +838,11 @@
 s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_server.o: ../include/openssl/stack.h ../include/openssl/store.h
-s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-s_server.o: ../include/openssl/x509v3.h apps.h s_apps.h s_server.c timeouts.h
+s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h
+s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+s_server.o: s_apps.h s_server.c timeouts.h
 s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index b1a7c8e..a6a4845 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -96,7 +96,7 @@
 	unsigned char *tmpbuf;
 	const unsigned char *ctmpbuf;
 	BUF_MEM *buf=NULL;
-	STACK *osk=NULL;
+	STACK_OF(STRING) *osk=NULL;
 	ASN1_TYPE *at=NULL;
 
 	informat=FORMAT_PEM;
@@ -113,7 +113,7 @@
 	prog=argv[0];
 	argc--;
 	argv++;
-	if ((osk=sk_new_null()) == NULL)
+	if ((osk=sk_STRING_new_null()) == NULL)
 		{
 		BIO_printf(bio_err,"Memory allocation failure\n");
 		goto end;
@@ -169,7 +169,7 @@
 		else if (strcmp(*argv,"-strparse") == 0)
 			{
 			if (--argc < 1) goto bad;
-			sk_push(osk,*(++argv));
+			sk_STRING_push(osk,*(++argv));
 			}
 		else if (strcmp(*argv,"-genstr") == 0)
 			{
@@ -302,18 +302,18 @@
 
 	/* If any structs to parse go through in sequence */
 
-	if (sk_num(osk))
+	if (sk_STRING_num(osk))
 		{
 		tmpbuf=(unsigned char *)str;
 		tmplen=num;
-		for (i=0; i<sk_num(osk); i++)
+		for (i=0; i<sk_STRING_num(osk); i++)
 			{
 			ASN1_TYPE *atmp;
 			int typ;
-			j=atoi(sk_value(osk,i));
+			j=atoi(sk_STRING_value(osk,i));
 			if (j == 0)
 				{
-				BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i));
+				BIO_printf(bio_err,"'%s' is an invalid number\n",sk_STRING_value(osk,i));
 				continue;
 				}
 			tmpbuf+=j;
@@ -378,7 +378,7 @@
 		ERR_print_errors(bio_err);
 	if (buf != NULL) BUF_MEM_free(buf);
 	if (at != NULL) ASN1_TYPE_free(at);
-	if (osk != NULL) sk_free(osk);
+	if (osk != NULL) sk_STRING_free(osk);
 	OBJ_cleanup();
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
diff --git a/apps/ca.c b/apps/ca.c
index 7bc3e28..0967b34 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -306,7 +306,8 @@
 	ASN1_TIME *tmptm;
 	ASN1_INTEGER *tmpser;
 	char *f;
-	const char *p, **pp;
+	const char *p;
+	char * const *pp;
 	int i,j;
 	const EVP_MD *dgst=NULL;
 	STACK_OF(CONF_VALUE) *attribs=NULL;
@@ -555,8 +556,10 @@
 
 	if (badops)
 		{
-		for (pp=ca_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
+		const char **pp2;
+
+		for (pp2=ca_usage; (*pp2 != NULL); pp2++)
+			BIO_printf(bio_err,"%s",*pp2);
 		goto err;
 		}
 
@@ -876,9 +879,9 @@
 	if (db == NULL) goto err;
 
 	/* Lets check some fields */
-	for (i=0; i<sk_num(db->db->data); i++)
+	for (i=0; i<sk_PSTRING_num(db->db->data); i++)
 		{
-		pp=(const char **)sk_value(db->db->data,i);
+		pp=sk_PSTRING_value(db->db->data,i);
 		if ((pp[DB_type][0] != DB_TYPE_REV) &&
 			(pp[DB_rev_date][0] != '\0'))
 			{
@@ -931,7 +934,7 @@
 #endif
 		TXT_DB_write(out,db->db);
 		BIO_printf(bio_err,"%d entries loaded from the database\n",
-			db->db->data->num);
+			   sk_PSTRING_num(db->db->data));
 		BIO_printf(bio_err,"generating index\n");
 		}
 	
@@ -1401,9 +1404,9 @@
 
 		ASN1_TIME_free(tmptm);
 
-		for (i=0; i<sk_num(db->db->data); i++)
+		for (i=0; i<sk_PSTRING_num(db->db->data); i++)
 			{
-			pp=(const char **)sk_value(db->db->data,i);
+			pp=sk_PSTRING_value(db->db->data,i);
 			if (pp[DB_type][0] == DB_TYPE_REV)
 				{
 				if ((r=X509_REVOKED_new()) == NULL) goto err;
@@ -2630,9 +2633,9 @@
 	else
 		a_y2k = 0;
 
-	for (i = 0; i < sk_num(db->db->data); i++)
+	for (i = 0; i < sk_PSTRING_num(db->db->data); i++)
 		{
-		rrow = (char **) sk_value(db->db->data, i);
+		rrow = sk_PSTRING_value(db->db->data, i);
 
 		if (rrow[DB_type][0] == 'V')
 		 	{
diff --git a/apps/cms.c b/apps/cms.c
index 42bdb69..868de4e 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -71,8 +71,9 @@
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
 static int cms_cb(int ok, X509_STORE_CTX *ctx);
 static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
-static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,
-								STACK *rr_from);
+static CMS_ReceiptRequest *make_receipt_request(STACK_OF(STRING) *rr_to,
+						int rr_allorfirst,
+						STACK_OF(STRING) *rr_from);
 
 #define SMIME_OP	0x10
 #define SMIME_IP	0x20
@@ -105,7 +106,7 @@
 	const char *inmode = "r", *outmode = "w";
 	char *infile = NULL, *outfile = NULL, *rctfile = NULL;
 	char *signerfile = NULL, *recipfile = NULL;
-	STACK *sksigners = NULL, *skkeys = NULL;
+	STACK_OF(STRING) *sksigners = NULL, *skkeys = NULL;
 	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
 	char *certsoutfile = NULL;
 	const EVP_CIPHER *cipher = NULL;
@@ -118,7 +119,7 @@
 	int badarg = 0;
 	int flags = CMS_DETACHED, noout = 0, print = 0;
 	int rr_print = 0, rr_allorfirst = -1;
-	STACK *rr_to = NULL, *rr_from = NULL;
+	STACK_OF(STRING) *rr_to = NULL, *rr_from = NULL;
 	CMS_ReceiptRequest *rr = NULL;
 	char *to = NULL, *from = NULL, *subject = NULL;
 	char *CAfile = NULL, *CApath = NULL;
@@ -275,8 +276,8 @@
 				goto argerr;
 			args++;
 			if (!rr_from)
-				rr_from = sk_new_null();
-			sk_push(rr_from, *args);
+				rr_from = sk_STRING_new_null();
+			sk_STRING_push(rr_from, *args);
 			}
 		else if (!strcmp(*args,"-receipt_request_to"))
 			{
@@ -284,8 +285,8 @@
 				goto argerr;
 			args++;
 			if (!rr_to)
-				rr_to = sk_new_null();
-			sk_push(rr_to, *args);
+				rr_to = sk_STRING_new_null();
+			sk_STRING_push(rr_to, *args);
 			}
 		else if (!strcmp (*args, "-print"))
 				{
@@ -381,13 +382,13 @@
 			if (signerfile)
 				{
 				if (!sksigners)
-					sksigners = sk_new_null();
-				sk_push(sksigners, signerfile);
+					sksigners = sk_STRING_new_null();
+				sk_STRING_push(sksigners, signerfile);
 				if (!keyfile)
 					keyfile = signerfile;
 				if (!skkeys)
-					skkeys = sk_new_null();
-				sk_push(skkeys, keyfile);
+					skkeys = sk_STRING_new_null();
+				sk_STRING_push(skkeys, keyfile);
 				keyfile = NULL;
 				}
 			signerfile = *++args;
@@ -429,12 +430,12 @@
 					goto argerr;
 					}
 				if (!sksigners)
-					sksigners = sk_new_null();
-				sk_push(sksigners, signerfile);
+					sksigners = sk_STRING_new_null();
+				sk_STRING_push(sksigners, signerfile);
 				signerfile = NULL;
 				if (!skkeys)
-					skkeys = sk_new_null();
-				sk_push(skkeys, keyfile);
+					skkeys = sk_STRING_new_null();
+				sk_STRING_push(skkeys, keyfile);
 				}
 			keyfile = *++args;
 			}
@@ -533,13 +534,13 @@
 		if (signerfile)
 			{
 			if (!sksigners)
-				sksigners = sk_new_null();
-			sk_push(sksigners, signerfile);
+				sksigners = sk_STRING_new_null();
+			sk_STRING_push(sksigners, signerfile);
 			if (!skkeys)
-				skkeys = sk_new_null();
+				skkeys = sk_STRING_new_null();
 			if (!keyfile)
 				keyfile = signerfile;
-			sk_push(skkeys, keyfile);
+			sk_STRING_push(skkeys, keyfile);
 			}
 		if (!sksigners)
 			{
@@ -974,11 +975,11 @@
 			}
 		else
 			flags |= CMS_REUSE_DIGEST;
-		for (i = 0; i < sk_num(sksigners); i++)
+		for (i = 0; i < sk_STRING_num(sksigners); i++)
 			{
 			CMS_SignerInfo *si;
-			signerfile = sk_value(sksigners, i);
-			keyfile = sk_value(skkeys, i);
+			signerfile = sk_STRING_value(sksigners, i);
+			keyfile = sk_STRING_value(skkeys, i);
 			signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
 					e, "signer certificate");
 			if (!signer)
@@ -1152,9 +1153,9 @@
 	if (vpm)
 		X509_VERIFY_PARAM_free(vpm);
 	if (sksigners)
-		sk_free(sksigners);
+		sk_STRING_free(sksigners);
 	if (skkeys)
-		sk_free(skkeys);
+		sk_STRING_free(skkeys);
 	if (secret_key)
 		OPENSSL_free(secret_key);
 	if (secret_keyid)
@@ -1164,9 +1165,9 @@
 	if (rr)
 		CMS_ReceiptRequest_free(rr);
 	if (rr_to)
-		sk_free(rr_to);
+		sk_STRING_free(rr_to);
 	if (rr_from)
-		sk_free(rr_from);
+		sk_STRING_free(rr_from);
 	X509_STORE_free(store);
 	X509_free(cert);
 	X509_free(recip);
@@ -1286,7 +1287,7 @@
 		}
 	}
 
-static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK *ns)
+static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(STRING) *ns)
 	{
 	int i;
 	STACK_OF(GENERAL_NAMES) *ret;
@@ -1295,9 +1296,9 @@
 	ret = sk_GENERAL_NAMES_new_null();
 	if (!ret)
 		goto err;
-	for (i = 0; i < sk_num(ns); i++)
+	for (i = 0; i < sk_STRING_num(ns); i++)
 		{
-		char *str = sk_value(ns, i);
+		char *str = sk_STRING_value(ns, i);
 		gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
 		if (!gen)
 			goto err;
@@ -1325,8 +1326,9 @@
 	}
 
 
-static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,
-								STACK *rr_from)
+static CMS_ReceiptRequest *make_receipt_request(STACK_OF(STRING) *rr_to,
+						int rr_allorfirst,
+						STACK_OF(STRING) *rr_from)
 	{
 	STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
 	CMS_ReceiptRequest *rr;
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
index 15138ac..194971d 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -92,7 +92,7 @@
 	PKCS7 *p7 = NULL;
 	PKCS7_SIGNED *p7s = NULL;
 	X509_CRL *crl=NULL;
-	STACK *certflst=NULL;
+	STACK_OF(STRING) *certflst=NULL;
 	STACK_OF(X509_CRL) *crl_stack=NULL;
 	STACK_OF(X509) *cert_stack=NULL;
 	int ret=1,nocrl=0;
@@ -140,8 +140,8 @@
 		else if (strcmp(*argv,"-certfile") == 0)
 			{
 			if (--argc < 1) goto bad;
-			if(!certflst) certflst = sk_new_null();
-			sk_push(certflst,*(++argv));
+			if(!certflst) certflst = sk_STRING_new_null();
+			sk_STRING_push(certflst,*(++argv));
 			}
 		else
 			{
@@ -226,8 +226,8 @@
 	if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
 	p7s->cert=cert_stack;
 
-	if(certflst) for(i = 0; i < sk_num(certflst); i++) {
-		certfile = sk_value(certflst, i);
+	if(certflst) for(i = 0; i < sk_STRING_num(certflst); i++) {
+		certfile = sk_STRING_value(certflst, i);
 		if (add_certs_from_file(cert_stack,certfile) < 0)
 			{
 			BIO_printf(bio_err, "error loading certificates\n");
@@ -236,7 +236,7 @@
 			}
 	}
 
-	sk_free(certflst);
+	sk_STRING_free(certflst);
 
 	if (outfile == NULL)
 		{
diff --git a/apps/dgst.c b/apps/dgst.c
index b22b008..96e72c6 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -107,7 +107,7 @@
 #endif
 	char *hmac_key=NULL;
 	char *mac_name=NULL;
-	STACK *sigopts = NULL, *macopts = NULL;
+	STACK_OF(STRING) *sigopts = NULL, *macopts = NULL;
 
 	apps_startup();
 
@@ -210,8 +210,8 @@
 			if (--argc < 1)
 				break;
 			if (!sigopts)
-				sigopts = sk_new_null();
-			if (!sigopts || !sk_push(sigopts, *(++argv)))
+				sigopts = sk_STRING_new_null();
+			if (!sigopts || !sk_STRING_push(sigopts, *(++argv)))
 				break;
 			}
 		else if (strcmp(*argv,"-macopt") == 0)
@@ -219,8 +219,8 @@
 			if (--argc < 1)
 				break;
 			if (!macopts)
-				macopts = sk_new_null();
-			if (!macopts || !sk_push(macopts, *(++argv)))
+				macopts = sk_STRING_new_null();
+			if (!macopts || !sk_STRING_push(macopts, *(++argv)))
 				break;
 			}
 		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
@@ -372,9 +372,9 @@
 		if (macopts)
 			{
 			char *macopt;
-			for (i = 0; i < sk_num(macopts); i++)
+			for (i = 0; i < sk_STRING_num(macopts); i++)
 				{
-				macopt = sk_value(macopts, i);
+				macopt = sk_STRING_value(macopts, i);
 				if (pkey_ctrl_string(mac_ctx, macopt) <= 0)
 					{
 					BIO_printf(bio_err,
@@ -431,9 +431,9 @@
 		if (sigopts)
 			{
 			char *sigopt;
-			for (i = 0; i < sk_num(sigopts); i++)
+			for (i = 0; i < sk_STRING_num(sigopts); i++)
 				{
-				sigopt = sk_value(sigopts, i);
+				sigopt = sk_STRING_value(sigopts, i);
 				if (pkey_ctrl_string(pctx, sigopt) <= 0)
 					{
 					BIO_printf(bio_err,
@@ -538,9 +538,9 @@
 	BIO_free_all(out);
 	EVP_PKEY_free(sigkey);
 	if (sigopts)
-		sk_free(sigopts);
+		sk_STRING_free(sigopts);
 	if (macopts)
-		sk_free(macopts);
+		sk_STRING_free(macopts);
 	if(sigbuf) OPENSSL_free(sigbuf);
 	if (bmd != NULL) BIO_free(bmd);
 	apps_shutdown();
diff --git a/apps/engine.c b/apps/engine.c
index a93ea4d..b51244a 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -92,7 +92,7 @@
 NULL
 };
 
-static void identity(void *ptr)
+static void identity(char *ptr)
 	{
 	return;
 	}
@@ -200,7 +200,7 @@
 	char *desc = NULL;
 	int flags;
 	int xpos = 0;
-	STACK *cmds = NULL;
+	STACK_OF(STRING) *cmds = NULL;
 	if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
 			((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
 					0, NULL, NULL)) <= 0))
@@ -211,7 +211,7 @@
 		return 1;
 		}
 
-	cmds = sk_new_null();
+	cmds = sk_STRING_new_null();
 
 	if(!cmds)
 		goto err;
@@ -284,15 +284,17 @@
 		BIO_printf(bio_out, "\n");
 	ret = 1;
 err:
-	if(cmds) sk_pop_free(cmds, identity);
+	if(cmds) sk_STRING_pop_free(cmds, identity);
 	if(name) OPENSSL_free(name);
 	if(desc) OPENSSL_free(desc);
 	return ret;
 	}
 
-static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent)
+static void util_do_cmds(ENGINE *e, STACK_OF(STRING) *cmds, BIO *bio_out,
+			 const char *indent)
 	{
-	int loop, res, num = sk_num(cmds);
+	int loop, res, num = sk_STRING_num(cmds);
+
 	if(num < 0)
 		{
 		BIO_printf(bio_out, "[Error]: internal stack error\n");
@@ -302,7 +304,7 @@
 		{
 		char buf[256];
 		const char *cmd, *arg;
-		cmd = sk_value(cmds, loop);
+		cmd = sk_STRING_value(cmds, loop);
 		res = 1; /* assume success */
 		/* Check if this command has no ":arg" */
 		if((arg = strstr(cmd, ":")) == NULL)
@@ -342,9 +344,9 @@
 	const char **pp;
 	int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;
 	ENGINE *e;
-	STACK *engines = sk_new_null();
-	STACK *pre_cmds = sk_new_null();
-	STACK *post_cmds = sk_new_null();
+	STACK_OF(STRING) *engines = sk_STRING_new_null();
+	STACK_OF(STRING) *pre_cmds = sk_STRING_new_null();
+	STACK_OF(STRING) *post_cmds = sk_STRING_new_null();
 	int badops=1;
 	BIO *bio_out=NULL;
 	const char *indent = "     ";
@@ -391,20 +393,20 @@
 			argc--; argv++;
 			if (argc == 0)
 				goto skip_arg_loop;
-			sk_push(pre_cmds,*argv);
+			sk_STRING_push(pre_cmds,*argv);
 			}
 		else if (strcmp(*argv,"-post") == 0)
 			{
 			argc--; argv++;
 			if (argc == 0)
 				goto skip_arg_loop;
-			sk_push(post_cmds,*argv);
+			sk_STRING_push(post_cmds,*argv);
 			}
 		else if ((strncmp(*argv,"-h",2) == 0) ||
 				(strcmp(*argv,"-?") == 0))
 			goto skip_arg_loop;
 		else
-			sk_push(engines,*argv);
+			sk_STRING_push(engines,*argv);
 		argc--;
 		argv++;
 		}
@@ -419,17 +421,17 @@
 		goto end;
 		}
 
-	if (sk_num(engines) == 0)
+	if (sk_STRING_num(engines) == 0)
 		{
 		for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
 			{
-			sk_push(engines,(char *)ENGINE_get_id(e));
+			sk_STRING_push(engines,(char *)ENGINE_get_id(e));
 			}
 		}
 
-	for (i=0; i<sk_num(engines); i++)
+	for (i=0; i<sk_STRING_num(engines); i++)
 		{
-		const char *id = sk_value(engines,i);
+		const char *id = sk_STRING_value(engines,i);
 		if ((e = ENGINE_by_id(id)) != NULL)
 			{
 			const char *name = ENGINE_get_name(e);
@@ -531,9 +533,9 @@
 end:
 
 	ERR_print_errors(bio_err);
-	sk_pop_free(engines, identity);
-	sk_pop_free(pre_cmds, identity);
-	sk_pop_free(post_cmds, identity);
+	sk_STRING_pop_free(engines, identity);
+	sk_STRING_pop_free(pre_cmds, identity);
+	sk_STRING_pop_free(post_cmds, identity);
 	if (bio_out != NULL) BIO_free_all(bio_out);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
diff --git a/apps/ocsp.c b/apps/ocsp.c
index eb38e4d..af92ae6 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -92,8 +92,9 @@
 static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, const EVP_MD * cert_id_md, X509 *issuer,
 				STACK_OF(OCSP_CERTID) *ids);
 static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
-				STACK *names, STACK_OF(OCSP_CERTID) *ids,
-				long nsec, long maxage);
+			      STACK_OF(STRING) *names,
+			      STACK_OF(OCSP_CERTID) *ids, long nsec,
+			      long maxage);
 
 static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
 			X509 *ca, X509 *rcert, EVP_PKEY *rkey,
@@ -145,7 +146,7 @@
 	int badarg = 0;
 	int i;
 	int ignore_err = 0;
-	STACK *reqnames = NULL;
+	STACK_OF(STRING) *reqnames = NULL;
 	STACK_OF(OCSP_CERTID) *ids = NULL;
 
 	X509 *rca_cert = NULL;
@@ -162,7 +163,7 @@
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();
 	args = argv + 1;
-	reqnames = sk_new_null();
+	reqnames = sk_STRING_new_null();
 	ids = sk_OCSP_CERTID_new_null();
 	while (!badarg && *args && *args[0] == '-')
 		{
@@ -424,7 +425,7 @@
 				if (!cert_id_md) cert_id_md = EVP_sha1();
 				if(!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids))
 					goto end;
-				if(!sk_push(reqnames, *args))
+				if(!sk_STRING_push(reqnames, *args))
 					goto end;
 				}
 			else badarg = 1;
@@ -437,7 +438,7 @@
 				if (!cert_id_md) cert_id_md = EVP_sha1();
 				if(!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids))
 					goto end;
-				if(!sk_push(reqnames, *args))
+				if(!sk_STRING_push(reqnames, *args))
 					goto end;
 				}
 			else badarg = 1;
@@ -893,7 +894,7 @@
 	OCSP_REQUEST_free(req);
 	OCSP_RESPONSE_free(resp);
 	OCSP_BASICRESP_free(bs);
-	sk_free(reqnames);
+	sk_STRING_free(reqnames);
 	sk_OCSP_CERTID_free(ids);
 	sk_X509_pop_free(sign_other, X509_free);
 	sk_X509_pop_free(verify_other, X509_free);
@@ -963,8 +964,9 @@
 	}
 
 static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
-					STACK *names, STACK_OF(OCSP_CERTID) *ids,
-					long nsec, long maxage)
+			      STACK_OF(STRING) *names,
+			      STACK_OF(OCSP_CERTID) *ids, long nsec,
+			      long maxage)
 	{
 	OCSP_CERTID *id;
 	char *name;
@@ -974,13 +976,13 @@
 
 	ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
 
-	if (!bs || !req || !sk_num(names) || !sk_OCSP_CERTID_num(ids))
+	if (!bs || !req || !sk_STRING_num(names) || !sk_OCSP_CERTID_num(ids))
 		return 1;
 
 	for (i = 0; i < sk_OCSP_CERTID_num(ids); i++)
 		{
 		id = sk_OCSP_CERTID_value(ids, i);
-		name = sk_value(names, i);
+		name = sk_STRING_value(names, i);
 		BIO_printf(out, "%s: ", name);
 
 		if(!OCSP_resp_find_status(bs, id, &status, &reason,
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 1a63bf2..4b7a995 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -116,7 +116,7 @@
     int ret = 1;
     int macver = 1;
     int noprompt = 0;
-    STACK *canames = NULL;
+    STACK_OF(STRING) *canames = NULL;
     char *cpass = NULL, *mpass = NULL;
     char *passargin = NULL, *passargout = NULL, *passarg = NULL;
     char *passin = NULL, *passout = NULL;
@@ -219,8 +219,8 @@
 		} else if (!strcmp (*args, "-caname")) {
 		    if (args[1]) {
 			args++;	
-			if (!canames) canames = sk_new_null();
-			sk_push(canames, *args);
+			if (!canames) canames = sk_STRING_new_null();
+			sk_STRING_push(canames, *args);
 		    } else badarg = 1;
 		} else if (!strcmp (*args, "-in")) {
 		    if (args[1]) {
@@ -545,9 +545,9 @@
 
 	/* Add any CA names */
 
-	for (i = 0; i < sk_num(canames); i++)
+	for (i = 0; i < sk_STRING_num(canames); i++)
 		{
-		catmp = (unsigned char *)sk_value(canames, i);
+		catmp = (unsigned char *)sk_STRING_value(canames, i);
 		X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
 		}
 
@@ -681,7 +681,7 @@
 #endif
     BIO_free(in);
     BIO_free_all(out);
-    if (canames) sk_free(canames);
+    if (canames) sk_STRING_free(canames);
     if(passin) OPENSSL_free(passin);
     if(passout) OPENSSL_free(passout);
     apps_shutdown();
diff --git a/apps/req.c b/apps/req.c
index 7953f9d..75d8780 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -165,7 +165,7 @@
 	EVP_PKEY_CTX *genctx = NULL;
 	const char *keyalg = NULL;
 	char *keyalgstr = NULL;
-	STACK *pkeyopts = NULL;
+	STACK_OF(STRING) *pkeyopts = NULL;
 	EVP_PKEY *pkey=NULL;
 	int i=0,badops=0,newreq=0,verbose=0,pkey_type=-1;
 	long newkey = -1;
@@ -306,8 +306,8 @@
 			if (--argc < 1)
 				goto bad;
 			if (!pkeyopts)
-				pkeyopts = sk_new_null();
-			if (!pkeyopts || !sk_push(pkeyopts, *(++argv)))
+				pkeyopts = sk_STRING_new_null();
+			if (!pkeyopts || !sk_STRING_push(pkeyopts, *(++argv)))
 				goto bad;
 			}
 		else if (strcmp(*argv,"-batch") == 0)
@@ -667,9 +667,9 @@
 		if (pkeyopts)
 			{
 			char *genopt;
-			for (i = 0; i < sk_num(pkeyopts); i++)
+			for (i = 0; i < sk_STRING_num(pkeyopts); i++)
 				{
-				genopt = sk_value(pkeyopts, i);
+				genopt = sk_STRING_value(pkeyopts, i);
 				if (pkey_ctrl_string(genctx, genopt) <= 0)
 					{
 					BIO_printf(bio_err,
@@ -1083,7 +1083,7 @@
 	if (genctx)
 		EVP_PKEY_CTX_free(genctx);
 	if (pkeyopts)
-		sk_free(pkeyopts);
+		sk_STRING_free(pkeyopts);
 #ifndef OPENSSL_NO_ENGINE
 	if (gen_eng)
 		ENGINE_free(gen_eng);
diff --git a/apps/s_server.c b/apps/s_server.c
index a7a728c..27e520a 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -705,7 +705,7 @@
 	int use_ssl;
 	unsigned char *rspder = NULL;
 	int rspderlen;
-	STACK *aia = NULL;
+	STACK_OF(STRING) *aia = NULL;
 	X509 *x = NULL;
 	X509_STORE_CTX inctx;
 	X509_OBJECT obj;
@@ -727,7 +727,7 @@
 	aia = X509_get1_ocsp(x);
 	if (aia)
 		{
-		if (!OCSP_parse_url(sk_value(aia, 0),
+		if (!OCSP_parse_url(sk_STRING_value(aia, 0),
 			&host, &port, &path, &use_ssl))
 			{
 			BIO_puts(err, "cert_status: can't parse AIA URL\n");
@@ -735,7 +735,7 @@
 			}
 		if (srctx->verbose)
 			BIO_printf(err, "cert_status: AIA URL: %s\n",
-					sk_value(aia, 0));
+					sk_STRING_value(aia, 0));
 		}
 	else
 		{
diff --git a/apps/smime.c b/apps/smime.c
index af29606..3aa8b70 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -93,7 +93,7 @@
 	const char *inmode = "r", *outmode = "w";
 	char *infile = NULL, *outfile = NULL;
 	char *signerfile = NULL, *recipfile = NULL;
-	STACK *sksigners = NULL, *skkeys = NULL;
+	STACK_OF(STRING) *sksigners = NULL, *skkeys = NULL;
 	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
 	const EVP_CIPHER *cipher = NULL;
 	PKCS7 *p7 = NULL;
@@ -260,13 +260,13 @@
 			if (signerfile)
 				{
 				if (!sksigners)
-					sksigners = sk_new_null();
-				sk_push(sksigners, signerfile);
+					sksigners = sk_STRING_new_null();
+				sk_STRING_push(sksigners, signerfile);
 				if (!keyfile)
 					keyfile = signerfile;
 				if (!skkeys)
-					skkeys = sk_new_null();
-				sk_push(skkeys, keyfile);
+					skkeys = sk_STRING_new_null();
+				sk_STRING_push(skkeys, keyfile);
 				keyfile = NULL;
 				}
 			signerfile = *++args;
@@ -302,12 +302,12 @@
 					goto argerr;
 					}
 				if (!sksigners)
-					sksigners = sk_new_null();
-				sk_push(sksigners, signerfile);
+					sksigners = sk_STRING_new_null();
+				sk_STRING_push(sksigners, signerfile);
 				signerfile = NULL;
 				if (!skkeys)
-					skkeys = sk_new_null();
-				sk_push(skkeys, keyfile);
+					skkeys = sk_STRING_new_null();
+				sk_STRING_push(skkeys, keyfile);
 				}
 			keyfile = *++args;
 			}
@@ -389,13 +389,13 @@
 		if (signerfile)
 			{
 			if (!sksigners)
-				sksigners = sk_new_null();
-			sk_push(sksigners, signerfile);
+				sksigners = sk_STRING_new_null();
+			sk_STRING_push(sksigners, signerfile);
 			if (!skkeys)
-				skkeys = sk_new_null();
+				skkeys = sk_STRING_new_null();
 			if (!keyfile)
 				keyfile = signerfile;
-			sk_push(skkeys, keyfile);
+			sk_STRING_push(skkeys, keyfile);
 			}
 		if (!sksigners)
 			{
@@ -707,10 +707,10 @@
 			}
 		else
 			flags |= PKCS7_REUSE_DIGEST;
-		for (i = 0; i < sk_num(sksigners); i++)
+		for (i = 0; i < sk_STRING_num(sksigners); i++)
 			{
-			signerfile = sk_value(sksigners, i);
-			keyfile = sk_value(skkeys, i);
+			signerfile = sk_STRING_value(sksigners, i);
+			keyfile = sk_STRING_value(skkeys, i);
 			signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
 					e, "signer certificate");
 			if (!signer)
@@ -807,9 +807,9 @@
 	if (vpm)
 		X509_VERIFY_PARAM_free(vpm);
 	if (sksigners)
-		sk_free(sksigners);
+		sk_STRING_free(sksigners);
 	if (skkeys)
-		sk_free(skkeys);
+		sk_STRING_free(skkeys);
 	X509_STORE_free(store);
 	X509_free(cert);
 	X509_free(recip);
diff --git a/apps/x509.c b/apps/x509.c
index 1fa93aa..e08fdac 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -738,13 +738,14 @@
 			else if ((email == i) || (ocsp_uri == i))
 				{
 				int j;
-				STACK *emlst;
+				STACK_OF(STRING) *emlst;
 				if (email == i)
 					emlst = X509_get1_email(x);
 				else
 					emlst = X509_get1_ocsp(x);
-				for (j = 0; j < sk_num(emlst); j++)
-					BIO_printf(STDout, "%s\n", sk_value(emlst, j));
+				for (j = 0; j < sk_STRING_num(emlst); j++)
+					BIO_printf(STDout, "%s\n",
+						   sk_STRING_value(emlst, j));
 				X509_email_free(emlst);
 				}
 			else if (aliasout == i)