Add type-safe STACKs and SETs.
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 06ca4aa..4bb1a2e 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -63,6 +63,8 @@
 extern "C" {
 #endif
 
+#include "safestack.h"
+
 /* SSLeay version number for ASN.1 encoding of the session information */
 /* Version 0 - initial version
  * Version 1 - added the optional peer certificate
@@ -167,6 +169,8 @@
 	unsigned long mask;		/* used for matching */
 	} SSL_CIPHER;
 
+DECLARE_STACK_OF(SSL_CIPHER)
+
 typedef struct ssl_st SSL;
 typedef struct ssl_ctx_st SSL_CTX;
 
@@ -254,7 +258,7 @@
 					 * needs to be used to load
 					 * the 'cipher' structure */
 
-	STACK /* SSL_CIPHER */ *ciphers; /* shared ciphers? */
+	STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
 
 	CRYPTO_EX_DATA ex_data; /* application specific data */
 
@@ -314,14 +318,16 @@
 #endif
 } SSL_COMP;
 
+DECLARE_STACK_OF(SSL_COMP)
+
 struct ssl_ctx_st
 	{
 	SSL_METHOD *method;
 	unsigned long options;
 
-	STACK /* SSL_CIPHER */ *cipher_list;
+	STACK_OF(SSL_CIPHER) *cipher_list;
 	/* same as above but sorted for lookup */
-	STACK /* SSL_CIPHER */ *cipher_list_by_id;
+	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
 
 	struct x509_store_st /* X509_STORE */ *cert_store;
 	struct lhash_st /* LHASH */ *sessions;	/* a set of SSL_SESSION's */
@@ -404,7 +410,7 @@
 /**/	int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */);
 
 	/* what we put in client requests */
-	STACK *client_CA;
+	STACK_OF(X509_NAME) *client_CA;
 
 /**/	int quiet_shutdown;
 
@@ -414,8 +420,8 @@
 	EVP_MD *md5;	/* For SSLv3/TLSv1 'ssl3-md5' */
 	EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
 
-	STACK *extra_certs;
-        STACK *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
+	STACK_OF(X509) *extra_certs;
+        STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
 	};
 
 #define SSL_SESS_CACHE_OFF			0x0000
@@ -533,8 +539,8 @@
 	int hit;		/* reusing a previous session */
 
 	/* crypto */
-	STACK /* SSL_CIPHER */ *cipher_list;
-	STACK /* SSL_CIPHER */ *cipher_list_by_id;
+	STACK_OF(SSL_CIPHER) *cipher_list;
+	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
 
 	/* These are the ones being used, the ones is SSL_SESSION are
 	 * the ones to be 'copied' into these ones */
@@ -588,7 +594,7 @@
 	CRYPTO_EX_DATA ex_data;
 
 	/* for server side, keep the list of CA_dn we can use */
-	STACK /* X509_NAME */ *client_CA;
+	STACK_OF(X509_NAME) *client_CA;
 
 	int references;
 	unsigned long options;
@@ -868,7 +874,7 @@
 int	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type);
 int	SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type);
 int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);
-STACK * SSL_load_client_CA_file(char *file);
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
 int	SSL_add_file_cert_subjects_to_stack(STACK *stackCAs,
 					    const char *file);
 int	SSL_add_dir_cert_subjects_to_stack(STACK *stackCAs,
@@ -907,7 +913,7 @@
 X509 *	SSL_get_peer_certificate(SSL *s);
 #endif
 
-STACK *	SSL_get_peer_cert_chain(SSL *s);
+STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s);
 
 int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
 int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *);
@@ -961,7 +967,7 @@
 SSL_METHOD *TLSv1_server_method(void);	/* TLSv1.0 */
 SSL_METHOD *TLSv1_client_method(void);	/* TLSv1.0 */
 
-STACK *SSL_get_ciphers(SSL *s);
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s);
 
 int SSL_do_handshake(SSL *s);
 int SSL_renegotiate(SSL *s);
@@ -974,10 +980,10 @@
 char *SSL_alert_desc_string_long(int value);
 char *SSL_alert_desc_string(int value);
 
-void SSL_set_client_CA_list(SSL *s, STACK *list);
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);
-STACK *SSL_get_client_CA_list(SSL *s);
-STACK *SSL_CTX_get_client_CA_list(SSL_CTX *s);
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
 int SSL_add_client_CA(SSL *ssl,X509 *x);
 int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);