diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000000000..1f0ec263c2b69
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,6 @@
+{
+    "files.associations": {
+        "*.in": "c",
+        "types.h": "c"
+    }
+}
\ No newline at end of file
diff --git a/crypto/x509/build.info b/crypto/x509/build.info
index 6cebadea77296..9c84b4ca64d8f 100644
--- a/crypto/x509/build.info
+++ b/crypto/x509/build.info
@@ -16,7 +16,10 @@ SOURCE[../../libcrypto]=\
         pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \
         v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c v3_no_rev_avail.c \
         v3_soa_id.c v3_no_ass.c v3_group_ac.c v3_single_use.c v3_ind_iss.c \
-        x509_acert.c x509aset.c t_acert.c x_ietfatt.c
+        x509_acert.c x509aset.c t_acert.c x_ietfatt.c x_unotice.c x_iserial.c \
+        v3_ac_tgt.c v3_attrdesc.c v3_attrmap.c v3_audit_id.c v3_authattid.c \
+        v3_bacons.c v3_iobo.c v3_rolespec.c v3_sda.c v3_timespec.c \
+        v3_usernotice.c platcert.c
 
 IF[{- !$disabled{'deprecated-3.0'} -}]
   SOURCE[../../libcrypto]=x509type.c
diff --git a/crypto/x509/ext_dat.h b/crypto/x509/ext_dat.h
index 1ffc816e5eea3..07edb8b2bdd41 100644
--- a/crypto/x509/ext_dat.h
+++ b/crypto/x509/ext_dat.h
@@ -30,4 +30,22 @@ extern const X509V3_EXT_METHOD ossl_v3_soa_identifier;
 extern const X509V3_EXT_METHOD ossl_v3_no_assertion;
 extern const X509V3_EXT_METHOD ossl_v3_no_rev_avail;
 extern const X509V3_EXT_METHOD ossl_v3_single_use;
+extern const X509V3_EXT_METHOD ossl_v3_targeting_information;
+extern const X509V3_EXT_METHOD ossl_v3_audit_identity;
+extern const X509V3_EXT_METHOD ossl_v3_bacons;
+extern const X509V3_EXT_METHOD ossl_v3_delegated_name_constraints;
+extern const X509V3_EXT_METHOD ossl_v3_subj_dir_attrs;
+extern const X509V3_EXT_METHOD ossl_v3_associated_info;
+extern const X509V3_EXT_METHOD ossl_v3_user_notice;
+extern const X509V3_EXT_METHOD ossl_v3_acc_cert_policies;
+extern const X509V3_EXT_METHOD ossl_v3_acc_priv_policies;
+extern const X509V3_EXT_METHOD ossl_v3_authority_attribute_identifier;
+extern const X509V3_EXT_METHOD ossl_v3_issued_on_behalf_of;
+extern const X509V3_EXT_METHOD ossl_v3_allowed_attribute_assignments;
+extern const X509V3_EXT_METHOD ossl_v3_attribute_mappings;
+extern const X509V3_EXT_METHOD ossl_v3_holder_name_constraints;
 extern const X509V3_EXT_METHOD ossl_v3_indirect_issuer;
+extern const X509V3_EXT_METHOD ossl_v3_attribute_descriptor;
+extern const X509V3_EXT_METHOD ossl_v3_aa_issuing_dist_point;
+extern const X509V3_EXT_METHOD ossl_v3_role_spec_cert_identifier;
+extern const X509V3_EXT_METHOD ossl_v3_time_specification;
diff --git a/crypto/x509/platcert.c b/crypto/x509/platcert.c
new file mode 100644
index 0000000000000..7c2d4bb52586e
--- /dev/null
+++ b/crypto/x509/platcert.c
@@ -0,0 +1,670 @@
+/*
+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "x509_local.h"
+#include <stdio.h>
+#include <openssl/x509v3.h>
+#include <openssl/ts.h>
+
+ASN1_SEQUENCE(URI_REFERENCE) = {
+    ASN1_SIMPLE(URI_REFERENCE, uniformResourceIdentifier, ASN1_IA5STRING),
+    ASN1_OPT(URI_REFERENCE, hashAlgorithm, X509_ALGOR),
+    ASN1_OPT(URI_REFERENCE, hashValue, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(URI_REFERENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS(URI_REFERENCE)
+
+ASN1_SEQUENCE(COMMON_CRITERIA_MEASURES) = {
+    ASN1_SIMPLE(COMMON_CRITERIA_MEASURES, version, ASN1_IA5STRING),
+    ASN1_SIMPLE(COMMON_CRITERIA_MEASURES, assurancelevel, ASN1_ENUMERATED),
+    ASN1_SIMPLE(COMMON_CRITERIA_MEASURES, evaluationStatus, ASN1_ENUMERATED),
+    ASN1_OPT(COMMON_CRITERIA_MEASURES, plus, ASN1_FBOOLEAN),
+    ASN1_IMP_OPT(COMMON_CRITERIA_MEASURES, strengthOfFunction, ASN1_ENUMERATED, 0),
+    ASN1_IMP_OPT(COMMON_CRITERIA_MEASURES, profileOid, ASN1_OBJECT, 1),
+    ASN1_IMP_OPT(COMMON_CRITERIA_MEASURES, profileUri, URI_REFERENCE, 2),
+    ASN1_IMP_OPT(COMMON_CRITERIA_MEASURES, targetOid, ASN1_OBJECT, 3),
+    ASN1_IMP_OPT(COMMON_CRITERIA_MEASURES, targetUri, URI_REFERENCE, 4),
+} ASN1_SEQUENCE_END(COMMON_CRITERIA_MEASURES)
+
+IMPLEMENT_ASN1_FUNCTIONS(COMMON_CRITERIA_MEASURES)
+
+ASN1_SEQUENCE(FIPS_LEVEL) = {
+    ASN1_SIMPLE(FIPS_LEVEL, version, ASN1_IA5STRING),
+    ASN1_SIMPLE(FIPS_LEVEL, level, ASN1_ENUMERATED),
+    ASN1_OPT(FIPS_LEVEL, plus, ASN1_FBOOLEAN)
+} ASN1_SEQUENCE_END(FIPS_LEVEL)
+
+IMPLEMENT_ASN1_FUNCTIONS(FIPS_LEVEL)
+
+ASN1_SEQUENCE(TBB_SECURITY_ASSERTIONS) = {
+    ASN1_OPT(TBB_SECURITY_ASSERTIONS, version, ASN1_INTEGER),
+    ASN1_IMP_OPT(TBB_SECURITY_ASSERTIONS, ccInfo, COMMON_CRITERIA_MEASURES, 0),
+    ASN1_IMP_OPT(TBB_SECURITY_ASSERTIONS, fipsLevel, FIPS_LEVEL, 1),
+    ASN1_IMP_OPT(TBB_SECURITY_ASSERTIONS, rtmType, ASN1_ENUMERATED, 2),
+    ASN1_OPT(TBB_SECURITY_ASSERTIONS, iso9000Certified, ASN1_FBOOLEAN),
+    ASN1_OPT(TBB_SECURITY_ASSERTIONS, iso9000Uri, ASN1_IA5STRING),
+} ASN1_SEQUENCE_END(TBB_SECURITY_ASSERTIONS)
+
+IMPLEMENT_ASN1_FUNCTIONS(TBB_SECURITY_ASSERTIONS)
+
+ASN1_SEQUENCE(MANUFACTURER_ID) = {
+    ASN1_SIMPLE(MANUFACTURER_ID, manufacturerIdentifier, ASN1_OBJECT)
+} ASN1_SEQUENCE_END(MANUFACTURER_ID)
+
+IMPLEMENT_ASN1_FUNCTIONS(MANUFACTURER_ID)
+
+ASN1_SEQUENCE(TCG_SPEC_VERSION) = {
+    ASN1_SIMPLE(TCG_SPEC_VERSION, majorVersion, ASN1_INTEGER),
+    ASN1_SIMPLE(TCG_SPEC_VERSION, minorVersion, ASN1_INTEGER),
+    ASN1_SIMPLE(TCG_SPEC_VERSION, revision, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(TCG_SPEC_VERSION)
+
+IMPLEMENT_ASN1_FUNCTIONS(TCG_SPEC_VERSION)
+
+ASN1_SEQUENCE(TCG_PLATFORM_SPEC) = {
+    ASN1_SIMPLE(TCG_PLATFORM_SPEC, version, TCG_SPEC_VERSION),
+    ASN1_SIMPLE(TCG_PLATFORM_SPEC, platformClass, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(TCG_PLATFORM_SPEC)
+
+IMPLEMENT_ASN1_FUNCTIONS(TCG_PLATFORM_SPEC)
+
+ASN1_SEQUENCE(TCG_CRED_TYPE) = {
+    ASN1_SIMPLE(TCG_CRED_TYPE, certificateType, ASN1_OBJECT)
+} ASN1_SEQUENCE_END(TCG_CRED_TYPE)
+
+IMPLEMENT_ASN1_FUNCTIONS(TCG_CRED_TYPE)
+
+ASN1_SEQUENCE(COMPONENT_ADDRESS) = {
+    ASN1_SIMPLE(COMPONENT_ADDRESS, addressType, ASN1_OBJECT),
+    ASN1_SIMPLE(COMPONENT_ADDRESS, addressValue, ASN1_UTF8STRING)
+} ASN1_SEQUENCE_END(COMPONENT_ADDRESS)
+
+IMPLEMENT_ASN1_FUNCTIONS(COMPONENT_ADDRESS)
+
+ASN1_SEQUENCE(PLATFORM_PROPERTY) = {
+    ASN1_SIMPLE(PLATFORM_PROPERTY, propertyName, ASN1_UTF8STRING),
+    ASN1_SIMPLE(PLATFORM_PROPERTY, propertyValue, ASN1_UTF8STRING),
+    ASN1_IMP_OPT(PLATFORM_PROPERTY, status, ASN1_ENUMERATED, 0)
+} ASN1_SEQUENCE_END(PLATFORM_PROPERTY)
+
+IMPLEMENT_ASN1_FUNCTIONS(PLATFORM_PROPERTY)
+
+ASN1_SEQUENCE(ATTRIBUTE_CERTIFICATE_IDENTIFIER) = {
+    ASN1_SIMPLE(ATTRIBUTE_CERTIFICATE_IDENTIFIER, hashAlgorithm, X509_ALGOR),
+    ASN1_SIMPLE(ATTRIBUTE_CERTIFICATE_IDENTIFIER, hashOverSignatureValue, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(ATTRIBUTE_CERTIFICATE_IDENTIFIER)
+
+ASN1_SEQUENCE(CERTIFICATE_IDENTIFIER) = {
+    ASN1_IMP_OPT(CERTIFICATE_IDENTIFIER, attributeCertIdentifier, ATTRIBUTE_CERTIFICATE_IDENTIFIER, 0),
+    ASN1_IMP_OPT(CERTIFICATE_IDENTIFIER, genericCertIdentifier, OSSL_ISSUER_SERIAL, 1)
+} ASN1_SEQUENCE_END(CERTIFICATE_IDENTIFIER)
+
+ASN1_SEQUENCE(COMPONENT_CLASS) = {
+    ASN1_SIMPLE(COMPONENT_CLASS, componentClassRegistry, ASN1_OBJECT),
+    ASN1_SIMPLE(COMPONENT_CLASS, componentClassValue, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(COMPONENT_CLASS)
+
+IMPLEMENT_ASN1_FUNCTIONS(COMPONENT_CLASS)
+
+ASN1_SEQUENCE(COMPONENT_IDENTIFIER) = {
+    ASN1_SIMPLE(COMPONENT_IDENTIFIER, componentClass, COMPONENT_CLASS),
+    ASN1_SIMPLE(COMPONENT_IDENTIFIER, componentManufacturer, ASN1_UTF8STRING),
+    ASN1_SIMPLE(COMPONENT_IDENTIFIER, componentModel, ASN1_UTF8STRING),
+    ASN1_IMP_OPT(COMPONENT_IDENTIFIER, componentSerial, ASN1_UTF8STRING, 0),
+    ASN1_IMP_OPT(COMPONENT_IDENTIFIER, componentRevision, ASN1_UTF8STRING, 1),
+    ASN1_IMP_OPT(COMPONENT_IDENTIFIER, componentManufacturerId, ASN1_OBJECT, 2),
+    ASN1_IMP_OPT(COMPONENT_IDENTIFIER, fieldReplaceable, ASN1_BOOLEAN, 3),
+    ASN1_IMP_SEQUENCE_OF_OPT(COMPONENT_IDENTIFIER, componentAddresses, COMPONENT_ADDRESS, 4),
+    ASN1_IMP_OPT(COMPONENT_IDENTIFIER, componentPlatformCert, CERTIFICATE_IDENTIFIER, 5),
+    ASN1_IMP_OPT(COMPONENT_IDENTIFIER, componentPlatformCertUri, URI_REFERENCE, 6),
+    ASN1_IMP_OPT(COMPONENT_IDENTIFIER, status, ASN1_ENUMERATED, 7)
+} ASN1_SEQUENCE_END(COMPONENT_IDENTIFIER)
+
+IMPLEMENT_ASN1_FUNCTIONS(COMPONENT_IDENTIFIER)
+
+ASN1_SEQUENCE(PLATFORM_CONFIG) = {
+    ASN1_IMP_SEQUENCE_OF_OPT(PLATFORM_CONFIG, componentIdentifiers, COMPONENT_IDENTIFIER, 0),
+    ASN1_IMP_OPT(PLATFORM_CONFIG, componentIdentifiersUri, URI_REFERENCE, 1),
+    ASN1_IMP_SEQUENCE_OF_OPT(PLATFORM_CONFIG, platformProperties, PLATFORM_PROPERTY, 2),
+    ASN1_IMP_OPT(PLATFORM_CONFIG, platformPropertiesUri, URI_REFERENCE, 3)
+} ASN1_SEQUENCE_END(PLATFORM_CONFIG)
+
+IMPLEMENT_ASN1_FUNCTIONS(PLATFORM_CONFIG)
+
+int URI_REFERENCE_print (BIO *out, URI_REFERENCE *value, int indent) {
+    int rc;
+    
+    rc = BIO_printf(out, "%*sURI: %.*s\n", indent, "",
+        value->uniformResourceIdentifier->length,
+        value->uniformResourceIdentifier->data);
+    if (rc <= 0) return rc;
+    if (value->hashAlgorithm != NULL) {
+        rc = BIO_printf(out, "%*sHash Algorithm:\n%*s", indent, "", indent + 4, "");
+        if (rc <= 0) return rc;
+        rc = TS_X509_ALGOR_print_bio(out, value->hashAlgorithm);
+        if (rc <= 0) return rc;
+    }
+    if (value->hashValue != NULL) {
+        rc = BIO_printf(out, "%*sHash Value: ", indent, "");
+        if (rc <= 0) return rc;
+        rc = print_hex(out, value->hashValue->data, value->hashValue->length);
+        if (rc <= 0) return rc;
+    }
+    return rc;
+}
+
+static ENUMERATED_NAMES measurement_root_types[] = {
+    {MEASUREMENT_ROOT_TYPE_STATIC, "Static (0)", "static"},
+    {MEASUREMENT_ROOT_TYPE_DYNAMIC, "Dynamic (1)", "dynamic"},
+    {MEASUREMENT_ROOT_TYPE_NONHOST, "Non-Host (2)", "nonHost"},
+    {MEASUREMENT_ROOT_TYPE_HYBRID, "Hybrid (3)", "hybrid"},
+    {MEASUREMENT_ROOT_TYPE_PHYSICAL, "Physical (4)", "physical"},
+    {MEASUREMENT_ROOT_TYPE_VIRTUAL, "Virtual (5)", "virtual"},
+    {-1, NULL, NULL},
+};
+
+static ENUMERATED_NAMES evaluation_assurance_levels[] = {
+    {EVALUATION_ASSURANCE_LEVEL_1, "Level 1", "level1"},
+    {EVALUATION_ASSURANCE_LEVEL_2, "Level 2", "level2"},
+    {EVALUATION_ASSURANCE_LEVEL_3, "Level 3", "level3"},
+    {EVALUATION_ASSURANCE_LEVEL_4, "Level 4", "level4"},
+    {EVALUATION_ASSURANCE_LEVEL_5, "Level 5", "level5"},
+    {EVALUATION_ASSURANCE_LEVEL_6, "Level 6", "level6"},
+    {EVALUATION_ASSURANCE_LEVEL_7, "Level 7", "level7"},
+    {-1, NULL, NULL},
+};
+
+static ENUMERATED_NAMES evaluation_statuses[] = {
+    {EVALUATION_STATUS_DESIGNED_TO_MEET, "Designed To Meet (0)", "designedToMeet"},
+    {EVALUATION_STATUS_EVAL_IN_PROGRESS, "Evaluation In Progress (1)", "evaluationInProgress"},
+    {EVALUATION_STATUS_EVAL_COMPLETED, "Evaluation Completed (2)", "evaluationCompleted"},
+    {-1, NULL, NULL},
+};
+
+static ENUMERATED_NAMES strengths_of_function[] = {
+    {STRENGTH_OF_FUNCTION_BASIC, "Basic (0)", "basic"},
+    {STRENGTH_OF_FUNCTION_MEDIUM, "Medium (1)", "medium"},
+    {STRENGTH_OF_FUNCTION_HIGH, "High (2)", "high"},
+    {-1, NULL, NULL},
+};
+
+static ENUMERATED_NAMES security_levels[] = {
+    {SECURITY_LEVEL_1, "Level 1", "level1"},
+    {SECURITY_LEVEL_2, "Level 2", "level2"},
+    {SECURITY_LEVEL_3, "Level 3", "level3"},
+    {SECURITY_LEVEL_4, "Level 4", "level4"},
+    {-1, NULL, NULL},
+};
+
+static ENUMERATED_NAMES attribute_statuses[] = {
+    {ATTRIBUTE_STATUS_ADDED, "Added (0)", "added"},
+    {ATTRIBUTE_STATUS_MODIFIED, "Modified (1)", "modified"},
+    {ATTRIBUTE_STATUS_REMOVED, "Removed (2)", "removed"},
+    {-1, NULL, NULL},
+};
+
+int COMPONENT_CLASS_print (BIO *out, COMPONENT_CLASS *value, int indent) {
+    int rc;
+    
+    rc = BIO_printf(out, "%*sComponent Class Registry: ", indent, "");
+    if (rc <= 0) return rc;
+    rc = print_oid(out, value->componentClassRegistry);
+    if (rc <= 0) return rc;
+    rc = BIO_puts(out, "\n");
+    if (rc <= 0) return rc;
+    rc = BIO_printf(out, "%*sComponent Class Registry: ", indent, "");
+    if (rc <= 0) return rc;
+    rc = print_hex(out, value->componentClassValue->data, value->componentClassValue->length);
+    if (rc <= 0) return rc;
+    return BIO_puts(out, "\n");
+}
+
+int COMMON_CRITERIA_MEASURES_print (BIO *out,
+                                    COMMON_CRITERIA_MEASURES *value,
+                                    int indent) {
+    int rc;
+    int64_t int_val;
+
+    rc = BIO_printf(out, "%*sVersion: %.*s\n", indent, "",
+                    value->version->length,
+                    value->version->data);
+    if (rc <= 0) return rc;
+    rc = BIO_printf(out, "%*sAssurance Level: ", indent, "");
+    if (rc <= 0) return rc;
+    if (!ASN1_ENUMERATED_get_int64(&int_val, value->assurancelevel)
+        || int_val <= 0
+        || int_val > INT_MAX)
+        return -1;
+    if (int_val > 7) {
+        rc = BIO_printf(out, "%ld\n", int_val);
+    } else {
+        rc = BIO_printf(out, "%s\n", evaluation_assurance_levels[int_val - 1].lname);
+    }
+    if (rc <= 0) return rc;
+    if (!ASN1_ENUMERATED_get_int64(&int_val, value->evaluationStatus)
+        || int_val < 0
+        || int_val > INT_MAX)
+        return -1;
+    if (int_val > 2) {
+        rc = BIO_printf(out, "%*sEvaluation Status: %ld\n", indent, "", int_val);
+    } else {
+        rc = BIO_printf(out, "%*sEvaluation Status: %s\n", indent, "", evaluation_statuses[int_val].lname);
+    }
+    if (rc <= 0) return rc;
+    rc = BIO_printf(out, "%*sPlus: ", indent, "");
+    if (rc <= 0) return rc;
+    if (value->plus) {
+        rc = BIO_puts(out, "TRUE\n");
+    } else {
+        rc = BIO_puts(out, "FALSE\n");
+    }
+    if (rc <= 0) return rc;
+    if (value->strengthOfFunction != NULL) {
+        rc = BIO_printf(out, "%*sStrength Of Function: ", indent, "");
+        if (rc <= 0) return rc;
+        if (!ASN1_ENUMERATED_get_int64(&int_val, value->strengthOfFunction)
+            || int_val < 0
+            || int_val > INT_MAX)
+            return -1;
+        if (int_val > 2) {
+            rc = BIO_printf(out, "%ld\n", int_val);
+        } else {
+            rc = BIO_printf(out, "%s\n", strengths_of_function[int_val].lname);
+        }
+        if (rc <= 0) return rc;
+    }
+    if (value->profileOid != NULL) {
+        rc = BIO_printf(out, "%*sProfile OID: ", indent, "");
+        if (rc <= 0) return rc;
+        rc = print_oid(out, value->profileOid);
+        if (rc <= 0) return rc;
+        rc = BIO_puts(out, "\n");
+        if (rc <= 0) return rc;
+    }
+    if (value->profileUri != NULL) {
+        rc = BIO_printf(out, "%*sProfile URI:\n", indent, "");
+        if (rc <= 0) return rc;
+        rc = URI_REFERENCE_print(out, value->profileUri, indent + 4);
+        if (rc <= 0) return rc;
+        rc = BIO_puts(out, "\n");
+        if (rc <= 0) return rc;
+    }
+    if (value->targetOid != NULL) {
+        rc = BIO_printf(out, "%*sTarget OID: ", indent, "");
+        if (rc <= 0) return rc;
+        rc = print_oid(out, value->targetOid);
+        if (rc <= 0) return rc;
+        rc = BIO_puts(out, "\n");
+        if (rc <= 0) return rc;
+    }
+    if (value->targetUri != NULL) {
+        rc = BIO_printf(out, "%*sTarget URI:\n", indent, "");
+        if (rc <= 0) return rc;
+        rc = URI_REFERENCE_print(out, value->targetUri, indent + 4);
+        if (rc <= 0) return rc;
+    }
+    return rc;
+}
+
+int FIPS_LEVEL_print (BIO *out, FIPS_LEVEL *value, int indent) {
+    int rc;
+    int64_t int_val;
+
+    rc = BIO_printf(out, "%*sVersion: %.*s\n", indent, "",
+                    value->version->length,
+                    value->version->data);
+    if (rc <= 0) return rc;
+    if (value->level != NULL) {
+        rc = BIO_printf(out, "%*sLevel: ", indent, "");
+        if (rc <= 0) return rc;
+        if (!ASN1_ENUMERATED_get_int64(&int_val, value->level)
+            || int_val <= 0
+            || int_val > INT_MAX)
+            return -1;
+        if (int_val > 4) {
+            rc = BIO_printf(out, "%ld\n", int_val);
+        } else {
+            rc = BIO_printf(out, "%s\n", security_levels[int_val - 1].lname);
+        }
+        if (rc <= 0) return rc;
+    }
+    if (value->plus) {
+        rc = BIO_printf(out, "%*sPlus: TRUE\n", indent, "");
+    } else {
+        rc = BIO_printf(out, "%*sPlus: FALSE\n", indent, "");
+    }
+    return rc;
+}
+
+int TBB_SECURITY_ASSERTIONS_print (BIO *out, TBB_SECURITY_ASSERTIONS *value, int indent) {
+    int rc = 1; /* All fields are OPTIONAL, so we start off at 1 in case all are omitted. */
+    int64_t int_val;
+
+    if (value->version != NULL) {
+        if (!ASN1_INTEGER_get_int64(&int_val, value->version)
+            || int_val < 0
+            || int_val > INT_MAX)
+            return -1;
+        rc = BIO_printf(out, "%*sVersion: %ld\n", indent, "", int_val);
+    } else {
+        rc = BIO_printf(out, "%*sVersion: 1\n", indent, "");
+    }
+    if (rc <= 0) return rc;
+    if (value->ccInfo != NULL) {
+        rc = BIO_printf(out, "%*sCommon Criteria Measures:\n", indent, "");
+        if (rc <= 0) return rc;
+        rc = COMMON_CRITERIA_MEASURES_print(out, value->ccInfo, indent + 4);
+        if (rc <= 0) return rc;
+    }
+    if (value->fipsLevel != NULL) {
+        rc = BIO_printf(out, "%*sFIPS Level:\n", indent, "");
+        if (rc <= 0) return rc;
+        rc = FIPS_LEVEL_print(out, value->fipsLevel, indent + 4);
+        if (rc <= 0) return rc;
+    }
+    if (value->rtmType != NULL) {
+        rc = BIO_printf(out, "%*sRoot Measurement Type: ", indent, "");
+        if (rc <= 0) return rc;
+        if (!ASN1_ENUMERATED_get_int64(&int_val, value->rtmType)
+            || int_val < 0
+            || int_val > INT_MAX)
+            return -1;
+        if (int_val > 5) {
+            rc = BIO_printf(out, "%ld\n", int_val);
+        } else {
+            rc = BIO_printf(out, "%s\n", measurement_root_types[int_val].lname);
+        }
+        if (rc <= 0) return rc;
+    }
+    if (value->iso9000Certified) {
+        rc = BIO_printf(out, "%*sPlus: TRUE\n", indent, "");
+    } else {
+        rc = BIO_printf(out, "%*sPlus: FALSE\n", indent, "");
+    }
+    if (rc <= 0) return rc;
+    if (value->iso9000Uri) {
+        rc = BIO_printf(out, "%*sISO 9001 URI: %.*s",
+                        indent,
+                        "",
+                        value->iso9000Uri->length,
+                        value->iso9000Uri->data);
+    }
+    return rc;
+}
+
+int MANUFACTURER_ID_print (BIO *out, MANUFACTURER_ID *value, int indent) {
+    int rc;
+
+    rc = BIO_printf(out, "%*sManufacturer Identifier: ", indent, "");
+    if (rc <= 0) return rc;
+    return print_oid(out, value->manufacturerIdentifier);
+}
+
+int TCG_SPEC_VERSION_print (BIO *out, TCG_SPEC_VERSION *value) {
+    int64_t major, minor, rev;
+
+    if (!ASN1_INTEGER_get_int64(&major, value->majorVersion)
+        || major < 0
+        || major > INT_MAX)
+        return -1;
+    if (!ASN1_INTEGER_get_int64(&minor, value->minorVersion)
+        || minor < 0
+        || minor > INT_MAX)
+        return -1;
+    if (!ASN1_INTEGER_get_int64(&rev, value->revision)
+        || rev < 0
+        || rev > INT_MAX)
+        return -1;
+    return BIO_printf(out, "%ld.%ld.%ld", major, minor, rev);
+}
+
+int TCG_PLATFORM_SPEC_print (BIO *out, TCG_PLATFORM_SPEC *value) {
+    int rc;
+
+    rc = TCG_SPEC_VERSION_print(out, value->version);
+    if (rc <= 0) return rc;
+    rc = BIO_puts(out, " : ");
+    if (rc <= 0) return rc;
+    return print_hex(out, value->platformClass->data, value->platformClass->length);
+}
+
+int TCG_CRED_TYPE_print (BIO *out, TCG_CRED_TYPE *value, int indent) {
+    int rc;
+    rc = BIO_printf(out, "%*sCredential Type: ", indent, "");
+    if (rc <= 0) return rc;
+    return print_oid(out, value->certificateType);
+}
+
+int COMPONENT_ADDRESS_print (BIO *out, COMPONENT_ADDRESS *value, int indent) {
+    int rc;
+
+    rc = BIO_printf(out, "%*sAddress Type: ", indent, "");
+    if (rc <= 0) return rc;
+    rc = print_oid(out, value->addressType);
+    if (rc <= 0) return rc;
+    rc = BIO_puts(out, "\n");
+    if (rc <= 0) return rc;
+    rc = BIO_printf(out, "%*sAddress Value: %.*s", indent, "", value->addressValue->length, value->addressValue->data);
+    if (rc <= 0) return rc;
+    return BIO_puts(out, "\n");
+}
+
+int PLATFORM_PROPERTY_print (BIO *out, PLATFORM_PROPERTY *value, int indent) {
+    int rc;
+    int64_t int_val;
+
+    rc = BIO_printf(out, "%*sProperty Name: %.*s\n", indent, "", value->propertyName->length, value->propertyName->data);
+    if (rc <= 0) return rc;
+    rc = BIO_printf(out, "%*sProperty Value: %.*s\n", indent, "", value->propertyValue->length, value->propertyValue->data);
+    if (rc <= 0) return rc;
+    if (value->status != NULL) {
+        rc = BIO_printf(out, "%*sStatus: ", indent, "");
+        if (rc <= 0) return rc;
+        if (!ASN1_ENUMERATED_get_int64(&int_val, value->status)
+            || int_val < 0
+            || int_val > INT_MAX)
+            return -1;
+        if (int_val > 2) {
+            rc = BIO_printf(out, "%ld\n", int_val);
+        } else {
+            rc = BIO_printf(out, "%s\n", attribute_statuses[int_val].lname);
+        }
+        if (rc <= 0) return rc;
+    }
+    return 1;
+}
+
+int ATTRIBUTE_CERTIFICATE_IDENTIFIER_print (BIO *out, ATTRIBUTE_CERTIFICATE_IDENTIFIER *value, int indent) {
+    int rc;
+
+    rc = BIO_printf(out, "%*sHash Algorithm:\n%*s", indent, "", indent + 4, "");
+    if (rc <= 0) return rc;
+    rc = TS_X509_ALGOR_print_bio(out, value->hashAlgorithm);
+    if (rc <= 0) return rc;
+    rc = BIO_printf(out, "%*sHash Over Signature Value: ", indent, "");
+    if (rc <= 0) return rc;
+    rc = print_hex(out, value->hashOverSignatureValue->data, value->hashOverSignatureValue->length);
+    if (rc <= 0) return rc;
+    return BIO_puts(out, "\n");
+}
+
+int CERTIFICATE_IDENTIFIER_print (BIO *out, CERTIFICATE_IDENTIFIER *value, int indent) {
+    int rc;
+    OSSL_ISSUER_SERIAL *iss;
+
+    if (value->attributeCertIdentifier != NULL) {
+        rc = BIO_printf(out, "%*sAttribute Certificate Identifier:\n", indent, "");
+        if (rc <= 0) return rc;
+        rc = ATTRIBUTE_CERTIFICATE_IDENTIFIER_print(out, value->attributeCertIdentifier, indent + 4);
+        if (rc <= 0) return rc;
+        rc = BIO_puts(out, "\n");
+        if (rc <= 0) return rc;
+    }
+    if (value->genericCertIdentifier != NULL) {
+        rc = BIO_printf(out, "%*sGeneric Certificate Identifier:\n", indent, "");
+        if (rc <= 0) return rc;
+        iss = value->genericCertIdentifier;
+        if (iss->issuer != NULL) {
+            rc = BIO_printf(out, "%*sIssuer Names:\n", indent + 4, "");
+            if (rc <= 0) return rc;
+            rc = ossl_print_gens(out, iss->issuer, indent + 4);
+            if (rc <= 0) return rc;
+            rc = BIO_puts(out, "\n");
+            if (rc <= 0) return rc;
+        }
+        rc = BIO_printf(out, "%*sIssuer Serial: 0x", indent + 4, "");
+        if (rc <= 0) return rc;
+        if (i2a_ASN1_INTEGER(out, &iss->serial) <= 0)
+            return 0;
+        rc = BIO_puts(out, "\n");
+        if (rc <= 0) return rc;
+        if (iss->issuerUID != NULL) {
+            BIO_printf(out, "%*sIssuer UID: ", indent + 4, "");
+            if (i2a_ASN1_STRING(out, iss->issuerUID, V_ASN1_BIT_STRING) <= 0)
+                return 0;
+            rc = BIO_puts(out, "\n");
+            if (rc <= 0) return rc;
+        }
+    }
+    return 1;
+}
+
+int COMPONENT_IDENTIFIER_print (BIO *out, COMPONENT_IDENTIFIER *value, int indent) {
+    int rc, i;
+    int64_t int_val;
+    COMPONENT_ADDRESS *caddr;
+
+    rc = BIO_printf(out, "%*sComponent Class:\n", indent, "");
+    if (rc <= 0) return rc;
+    rc = COMPONENT_CLASS_print(out, value->componentClass, indent + 4);
+    if (rc <= 0) return rc;
+    rc = BIO_printf(out, "%*sComponent Manufacturer: %.*s\n", indent, "",
+                    value->componentManufacturer->length,
+                    value->componentManufacturer->data);
+    if (rc <= 0) return rc;
+    rc = BIO_printf(out, "%*sComponent Model: %.*s\n", indent, "",
+                    value->componentModel->length,
+                    value->componentModel->data);
+    if (rc <= 0) return rc;
+    if (value->componentSerial != NULL) {
+        rc = BIO_printf(out, "%*sComponent Serial: %.*s\n", indent, "",
+                        value->componentSerial->length,
+                        value->componentSerial->data);
+        if (rc <= 0) return rc;
+    }
+    if (value->componentRevision != NULL) {
+        rc = BIO_printf(out, "%*sComponent Revision: %.*s\n", indent, "",
+                        value->componentRevision->length,
+                        value->componentRevision->data);
+        if (rc <= 0) return rc;
+    }
+    if (value->componentManufacturerId != NULL) {
+        rc = BIO_printf(out, "%*sComponent Manufacturer ID: ", indent, "");
+        if (rc <= 0) return rc;
+        rc = print_oid(out, value->componentManufacturerId);
+        if (rc <= 0) return rc;
+        rc = BIO_puts(out, "\n");
+        if (rc <= 0) return rc;
+    }
+    if (value->fieldReplaceable) {
+        rc = BIO_printf(out, "%*sField Replaceable: TRUE\n", indent, "");
+    } else {
+        rc = BIO_printf(out, "%*sField Replaceable: TRUE\n", indent, "");
+    }
+    if (rc <= 0) return rc;
+    if (value->componentAddresses != NULL) {
+        rc = BIO_printf(out, "%*sComponent Addresses:\n", indent, "");
+        for (i = 0; i < sk_COMPONENT_ADDRESS_num(value->componentAddresses); i++) {
+            rc = BIO_printf(out, "%*sComponent Address:\n", indent + 4, "");
+            if (rc <= 0) return rc;
+            caddr = sk_COMPONENT_ADDRESS_value(value->componentAddresses, i);
+            rc = COMPONENT_ADDRESS_print(out, caddr, indent + 8);
+            if (rc <= 0) return rc;
+            rc = BIO_puts(out, "\n");
+            if (rc <= 0) return rc;
+        }
+    }
+    if (value->componentPlatformCert != NULL) {
+        rc = BIO_printf(out, "%*sComponent Platform Certificate:\n", indent, "");
+        if (rc <= 0) return rc;
+        rc = CERTIFICATE_IDENTIFIER_print(out, value->componentPlatformCert, indent + 4);
+        if (rc <= 0) return rc;
+    }
+    if (value->componentPlatformCertUri != NULL) {
+        rc = BIO_printf(out, "%*sComponent Platform Certificate URI:\n", indent, "");
+        if (rc <= 0) return rc;
+        rc = URI_REFERENCE_print(out, value->componentPlatformCertUri, indent + 4);
+        if (rc <= 0) return rc;
+        rc = BIO_puts(out, "\n");
+        if (rc <= 0) return rc;
+    }
+    if (value->status != NULL) {
+        rc = BIO_printf(out, "%*sStatus: ", indent, "");
+        if (rc <= 0) return rc;
+        if (!ASN1_ENUMERATED_get_int64(&int_val, value->status)
+            || int_val < 0
+            || int_val > INT_MAX)
+            return -1;
+        if (int_val > 2) {
+            rc = BIO_printf(out, "%ld\n", int_val);
+        } else {
+            rc = BIO_printf(out, "%s\n", attribute_statuses[int_val].lname);
+        }
+        if (rc <= 0) return rc;
+    }
+    return 1;
+}
+
+int PLATFORM_CONFIG_print (BIO *out, PLATFORM_CONFIG *value, int indent) {
+    int rc = 1, i; /* All fields are OPTIONAL, so we start off rc at 1 in case all are omitted. */
+    COMPONENT_IDENTIFIER *cid;
+    PLATFORM_PROPERTY *p;
+
+    if (value->componentIdentifiers) {
+        rc = BIO_printf(out, "%*sComponent Identifiers:\n", indent, "");
+        for (i = 0; i < sk_COMPONENT_IDENTIFIER_num(value->componentIdentifiers); i++) {
+            rc = BIO_printf(out, "%*sComponent Identifier:\n", indent + 4, "");
+            if (rc <= 0) return rc;
+            cid = sk_COMPONENT_IDENTIFIER_value(value->componentIdentifiers, i);
+            rc = COMPONENT_IDENTIFIER_print(out, cid, indent + 8);
+            if (rc <= 0) return rc;
+            rc = BIO_puts(out, "\n");
+            if (rc <= 0) return rc;
+        }
+    }
+    if (value->componentIdentifiersUri) {
+        rc = BIO_printf(out, "%*sComponent Identifier URI:\n", indent, "");
+        if (rc <= 0) return rc;
+        rc = URI_REFERENCE_print(out, value->componentIdentifiersUri, indent + 4);
+        if (rc <= 0) return rc;
+        rc = BIO_puts(out, "\n");
+        if (rc <= 0) return rc;
+    }
+    if (value->platformProperties) {
+        rc = BIO_printf(out, "%*sProperties:\n", indent, "");
+        for (i = 0; i < sk_PLATFORM_PROPERTY_num(value->platformProperties); i++) {
+            rc = BIO_printf(out, "%*sProperty:\n", indent + 4, "");
+            if (rc <= 0) return rc;
+            p = sk_PLATFORM_PROPERTY_value(value->platformProperties, i);
+            rc = PLATFORM_PROPERTY_print(out, p, indent + 8);
+            if (rc <= 0) return rc;
+        }
+    }
+    if (value->platformPropertiesUri) {
+        rc = BIO_printf(out, "%*sPlatform Properties URI:\n", indent, "");
+        if (rc <= 0) return rc;
+        rc = URI_REFERENCE_print(out, value->platformPropertiesUri, indent + 4);
+        if (rc <= 0) return rc;
+        rc = BIO_puts(out, "\n");
+        if (rc <= 0) return rc;
+    }
+    return 1;
+}
diff --git a/crypto/x509/standard_exts.h b/crypto/x509/standard_exts.h
index 87a564b238d6b..572b7a31923a8 100644
--- a/crypto/x509/standard_exts.h
+++ b/crypto/x509/standard_exts.h
@@ -39,6 +39,7 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
 #endif
     &ossl_v3_sxnet,
     &ossl_v3_info,
+    &ossl_v3_audit_identity,
 #ifndef OPENSSL_NO_RFC3779
     &ossl_v3_addr,
     &ossl_v3_asid,
@@ -53,6 +54,7 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
 #endif
     &ossl_v3_sinfo,
     &ossl_v3_policy_constraints,
+    &ossl_v3_targeting_information,
     &ossl_v3_no_rev_avail,
 #ifndef OPENSSL_NO_OCSP
     &ossl_v3_crl_hold,
@@ -61,6 +63,7 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
     &ossl_v3_name_constraints,
     &ossl_v3_policy_mappings,
     &ossl_v3_inhibit_anyp,
+    &ossl_v3_subj_dir_attrs,
     &ossl_v3_idp,
     &ossl_v3_alt[2],
     &ossl_v3_freshest_crl,
@@ -73,11 +76,26 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
     &ossl_v3_issuer_sign_tool,
     &ossl_v3_tls_feature,
     &ossl_v3_ext_admission,
-    &ossl_v3_soa_identifier,
-    &ossl_v3_indirect_issuer,
-    &ossl_v3_no_assertion,
-    &ossl_v3_single_use,
-    &ossl_v3_group_ac
+    &ossl_v3_authority_attribute_identifier, // 1291
+    &ossl_v3_role_spec_cert_identifier, // 1292
+    &ossl_v3_bacons, // 1293
+    &ossl_v3_delegated_name_constraints, // 1294
+    &ossl_v3_time_specification, // 1295
+    &ossl_v3_attribute_descriptor, // 1296
+    &ossl_v3_user_notice, // 1297
+    &ossl_v3_soa_identifier, // 1298
+    &ossl_v3_acc_cert_policies, // 1299
+    &ossl_v3_acc_priv_policies, // 1300
+    &ossl_v3_indirect_issuer, // 1301
+    &ossl_v3_no_assertion, // 1302
+    &ossl_v3_aa_issuing_dist_point, // 1303
+    &ossl_v3_issued_on_behalf_of, // 1304
+    &ossl_v3_single_use, // 1305
+    &ossl_v3_group_ac, // 1306
+    &ossl_v3_allowed_attribute_assignments, // 1307
+    &ossl_v3_attribute_mappings, // 1308
+    &ossl_v3_holder_name_constraints, // 1309
+    &ossl_v3_associated_info, // 1315
 };
 
 /* Number of standard extensions */
diff --git a/crypto/x509/v3_aaa.c b/crypto/x509/v3_aaa.c
new file mode 100644
index 0000000000000..7060b9c82c1ed
--- /dev/null
+++ b/crypto/x509/v3_aaa.c
@@ -0,0 +1,134 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include <openssl/x509.h>
+
+IMPLEMENT_ASN1_FUNCTIONS(ALLOWED_ATTRIBUTES_SYNTAX)
+
+ASN1_CHOICE(ALLOWED_ATTRIBUTES_CHOICE) = {
+    ASN1_IMP(ALLOWED_ATTRIBUTES_CHOICE, choice.attributeType, ASN1_OBJECT, AAA_ATTRIBUTE_TYPE),
+    ASN1_IMP(ALLOWED_ATTRIBUTES_CHOICE, choice.attributeTypeandValues, X509_ATTRIBUTE, AAA_ATTRIBUTE_VALUES),
+} ASN1_CHOICE_END(ALLOWED_ATTRIBUTES_CHOICE)
+
+ASN1_SEQUENCE(ALLOWED_ATTRIBUTES_ITEM) = {
+    ASN1_IMP_SET_OF(ALLOWED_ATTRIBUTES_ITEM, attributes, ALLOWED_ATTRIBUTES_CHOICE, 0),
+    // This MUST be EXPLICIT, because it contains a CHOICE.
+    ASN1_EXP(ALLOWED_ATTRIBUTES_ITEM, holderDomain, GENERAL_NAME, 1),
+} ASN1_SEQUENCE_END(ALLOWED_ATTRIBUTES_ITEM)
+
+ASN1_ITEM_TEMPLATE(ALLOWED_ATTRIBUTES_SYNTAX) =
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, ALLOWED_ATTRIBUTES_SYNTAX, ALLOWED_ATTRIBUTES_ITEM)
+ASN1_ITEM_TEMPLATE_END(ALLOWED_ATTRIBUTES_SYNTAX)
+
+static int i2r_ALLOWED_ATTRIBUTES_CHOICE(X509V3_EXT_METHOD *method,
+                                       ALLOWED_ATTRIBUTES_CHOICE *a,
+                                       BIO *out, int indent)
+{
+    ASN1_OBJECT *attr_obj;
+    int attr_nid, j;
+    X509_ATTRIBUTE *attr;
+    ASN1_TYPE *av;
+
+    switch (a->type) {
+    case (AAA_ATTRIBUTE_TYPE):
+        if (BIO_printf(out, "%*sAttribute Type: ", indent, "") <= 0) {
+            return 0;
+        }
+        if (i2a_ASN1_OBJECT(out, a->choice.attributeType) <= 0) {
+            return 0;
+        }
+        return BIO_puts(out, "\n");
+    case (AAA_ATTRIBUTE_VALUES):
+        attr = a->choice.attributeTypeandValues;
+        attr_obj = X509_ATTRIBUTE_get0_object(attr);
+        attr_nid = OBJ_obj2nid(attr_obj);
+        if (BIO_printf(out, "%*sAttribute Values: ", indent, "") <= 0) {
+            return 0;
+        }
+        if (i2a_ASN1_OBJECT(out, attr_obj) <= 0) {
+            return 0;
+        }
+        if (BIO_puts(out, "\n") <= 0) {
+            return 0;
+        }
+        for (j = 0; j < X509_ATTRIBUTE_count(attr); j++)
+        {
+            av = X509_ATTRIBUTE_get0_type(attr, j);
+            if (print_attribute_value(out, attr_nid, av, indent + 4) <= 0) {
+                return 0;
+            }
+            if (BIO_puts(out, "\n") <= 0) {
+                return 0;
+            }
+        }
+        // BIO_puts(out, "\n");
+        break;
+    default: return 0;
+    }
+    return 1;
+}
+
+static int i2r_ALLOWED_ATTRIBUTES_ITEM(X509V3_EXT_METHOD *method,
+                                       ALLOWED_ATTRIBUTES_ITEM *aai,
+                                       BIO *out, int indent)
+{
+    int i;
+    ALLOWED_ATTRIBUTES_CHOICE *a;
+    for (i = 0; i < sk_ALLOWED_ATTRIBUTES_CHOICE_num(aai->attributes); i++) {
+        if (BIO_printf(out, "%*sAllowed Attribute Type or Values:\n", indent, "") <= 0) {
+            return 0;
+        }
+        a = sk_ALLOWED_ATTRIBUTES_CHOICE_value(aai->attributes, i);
+        if (i2r_ALLOWED_ATTRIBUTES_CHOICE(method, a, out, indent + 4) <= 0) {
+            return 0;
+        }
+    }
+    if (BIO_printf(out, "%*sHolder Domain: ", indent, "") <= 0) {
+        return 0;
+    }
+    if (GENERAL_NAME_print(out, aai->holderDomain) <= 0) {
+        return 0;
+    }
+    if (BIO_puts(out, "\n") <= 0) {
+        return 0;
+    }
+    return 1;
+}
+
+static int i2r_ALLOWED_ATTRIBUTES_SYNTAX(X509V3_EXT_METHOD *method,
+                                         ALLOWED_ATTRIBUTES_SYNTAX *aaa,
+                                         BIO *out, int indent)
+{
+    int i;
+    ALLOWED_ATTRIBUTES_ITEM *aai;
+    for (i = 0; i < sk_ALLOWED_ATTRIBUTES_ITEM_num(aaa); i++) {
+        if (BIO_printf(out, "%*sAllowed Attributes:\n", indent, "") <= 0) {
+            return 0;
+        }
+        aai = sk_ALLOWED_ATTRIBUTES_ITEM_value(aaa, i);
+        if (i2r_ALLOWED_ATTRIBUTES_ITEM(method, aai, out, indent + 4) <= 0) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+const X509V3_EXT_METHOD ossl_v3_allowed_attribute_assignments = {
+    NID_allowed_attribute_assignments, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(ALLOWED_ATTRIBUTES_SYNTAX),
+    0, 0, 0, 0,
+    0, 0,
+    0,
+    0,
+    (X509V3_EXT_I2R)i2r_ALLOWED_ATTRIBUTES_SYNTAX,
+    0,
+    NULL
+};
diff --git a/crypto/x509/v3_ac_tgt.c b/crypto/x509/v3_ac_tgt.c
new file mode 100644
index 0000000000000..230e00ec99e22
--- /dev/null
+++ b/crypto/x509/v3_ac_tgt.c
@@ -0,0 +1,248 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+#include "x509_local.h"
+#include "crypto/asn1.h"
+
+static int i2r_TARGET_CERT(X509V3_EXT_METHOD *method,
+                           TARGET_CERT *tc,
+                           BIO *out, int indent);
+static int i2r_TARGET(X509V3_EXT_METHOD *method,
+                      TARGET *target,
+                      BIO *out, int indent);
+static int i2r_TARGETING_INFORMATION(X509V3_EXT_METHOD *method,
+                                     TARGETING_INFORMATION *tinfo,
+                                     BIO *out, int indent);
+
+ASN1_SEQUENCE(OBJECT_DIGEST_INFO) = {
+    ASN1_SIMPLE(OBJECT_DIGEST_INFO, digestedObjectType, ASN1_ENUMERATED),
+    ASN1_OPT(OBJECT_DIGEST_INFO, otherObjectTypeID, ASN1_OBJECT),
+    ASN1_SIMPLE(OBJECT_DIGEST_INFO, digestAlgorithm, X509_ALGOR),
+    ASN1_SIMPLE(OBJECT_DIGEST_INFO, objectDigest, ASN1_BIT_STRING),
+} ASN1_SEQUENCE_END(OBJECT_DIGEST_INFO)
+
+ASN1_SEQUENCE(TARGET_CERT) = {
+    ASN1_SIMPLE(TARGET_CERT, targetCertificate, OSSL_ISSUER_SERIAL),
+    ASN1_OPT(TARGET_CERT, targetName, GENERAL_NAME),
+    ASN1_OPT(TARGET_CERT, certDigestInfo, OBJECT_DIGEST_INFO),
+} ASN1_SEQUENCE_END(TARGET_CERT)
+
+ASN1_CHOICE(TARGET) = {
+    ASN1_EXP(TARGET, choice.targetName, GENERAL_NAME, 0),
+    ASN1_EXP(TARGET, choice.targetGroup, GENERAL_NAME, 1),
+    ASN1_IMP(TARGET, choice.targetCert, TARGET_CERT, 2),
+} ASN1_CHOICE_END(TARGET)
+
+ASN1_ITEM_TEMPLATE(TARGETS) =
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Targets, TARGET)
+ASN1_ITEM_TEMPLATE_END(TARGETS)
+
+ASN1_ITEM_TEMPLATE(TARGETING_INFORMATION) =
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, TargetingInformation, TARGETS)
+ASN1_ITEM_TEMPLATE_END(TARGETING_INFORMATION)
+
+IMPLEMENT_ASN1_FUNCTIONS(OBJECT_DIGEST_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(TARGET_CERT)
+IMPLEMENT_ASN1_FUNCTIONS(TARGET)
+IMPLEMENT_ASN1_FUNCTIONS(TARGETS)
+IMPLEMENT_ASN1_FUNCTIONS(TARGETING_INFORMATION)
+
+static int i2r_OBJECT_DIGEST_INFO(X509V3_EXT_METHOD *method,
+                           OBJECT_DIGEST_INFO *odi,
+                           BIO *out, int indent)
+{
+    int64_t dot = 0;
+    int sig_nid;
+    X509_ALGOR *digalg;
+    ASN1_STRING *sig;
+
+    if (odi == NULL) {
+        ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    digalg = odi->digestAlgorithm;
+    sig = odi->objectDigest;
+    if (!ASN1_ENUMERATED_get_int64(&dot, odi->digestedObjectType)) {
+        return 0;
+    }
+    switch (dot) {
+    case (ODI_TYPE_PUBLIC_KEY):
+        if (BIO_printf(out, "%*sDigest Type: Public Key\n", indent, "") <= 0) {
+            return 0;
+        }
+        break;
+    case (ODI_TYPE_PUBLIC_KEY_CERT):
+        if (BIO_printf(out, "%*sDigest Type: Public Key Certificate\n", indent, "") <= 0) {
+            return 0;
+        }
+        break;
+    case (ODI_TYPE_OTHER): {
+        if (BIO_printf(out, "%*sDigest Type: Other\n", indent, "") <= 0) {
+            return 0;
+        }
+        break;
+    }
+    }
+    if (odi->otherObjectTypeID != NULL) {
+        if (BIO_printf(out, "%*sDigest Type Identifier: ", indent, "") <= 0) {
+            return 0;
+        }
+        if (i2a_ASN1_OBJECT(out, odi->otherObjectTypeID) <= 0) {
+            return 0;
+        }
+        if (BIO_puts(out, "\n") <= 0) {
+            return 0;
+        }
+    }
+    if (BIO_printf(out, "%*sSignature Algorithm: ", indent, "") <= 0)
+        return 0;
+    if (i2a_ASN1_OBJECT(out, odi->digestAlgorithm->algorithm) <= 0)
+        return 0;
+    if (BIO_puts(out, "\n") <= 0) {
+        return 0;
+    }
+    if (BIO_printf(out, "\n%*sSignature Value: ", indent, "") <= 0)
+        return 0;
+    sig_nid = OBJ_obj2nid(odi->digestAlgorithm->algorithm);
+    if (sig_nid != NID_undef) {
+        int pkey_nid, dig_nid;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) {
+            ameth = EVP_PKEY_asn1_find(NULL, pkey_nid);
+            if (ameth && ameth->sig_print)
+                return ameth->sig_print(out, digalg, sig, indent + 4, 0);
+        }
+    }
+    if (BIO_write(out, "\n", 1) <= 0)
+        return 0;
+    if (sig)
+        return X509_signature_dump(out, sig, indent + 4);
+    return 1;
+}
+
+static int i2r_TARGET_CERT(X509V3_EXT_METHOD *method,
+                           TARGET_CERT *tc,
+                           BIO *out, int indent)
+{
+    if (BIO_printf(out, "%*s", indent, "") <= 0) {
+        return 0;
+    }
+    if (tc->targetCertificate != NULL) {
+        if (BIO_puts(out, "Target Certificate:\n") <= 0) {
+            return 0;
+        }
+        if (i2r_ISSUER_SERIAL(method, tc->targetCertificate, out, indent + 2) <= 0) {
+            return 0;
+        }
+    }
+    if (tc->targetName != NULL) {
+        if (BIO_printf(out, "%*sTarget Name: ", indent, "") <= 0) {
+            return 0;
+        }
+        if (GENERAL_NAME_print(out, tc->targetName) <= 0) {
+            return 0;
+        }
+        if (BIO_puts(out, "\n") <= 0) {
+            return 0;
+        }
+    }
+    if (tc->certDigestInfo != NULL) {
+        if (BIO_printf(out, "%*sCertificate Digest Info:\n", indent, "") <= 0) {
+            return 0;
+        }
+        if (i2r_OBJECT_DIGEST_INFO(method, tc->certDigestInfo, out, indent + 2) <= 0) {
+            return 0;
+        }
+    }
+    return BIO_puts(out, "\n");
+}
+
+static int i2r_TARGET(X509V3_EXT_METHOD *method,
+                      TARGET *target,
+                      BIO *out, int indent)
+{
+    switch (target->type) {
+    case (TGT_TARGET_NAME):
+        if (BIO_printf(out, "%*sTarget Name: ", indent, "") <= 0) {
+            return 0;
+        }
+        if (GENERAL_NAME_print(out, target->choice.targetName) <= 0) {
+            return 0;
+        }
+        return BIO_puts(out, "\n");
+    case (TGT_TARGET_GROUP):
+        if (BIO_printf(out, "%*sTarget Group: ", indent, "") <= 0) {
+            return 0;
+        }
+        if (GENERAL_NAME_print(out, target->choice.targetGroup) <= 0) {
+            return 0;
+        }
+        return BIO_puts(out, "\n");
+    case (TGT_TARGET_CERT):
+        if (BIO_printf(out, "%*sTarget Cert:\n", indent, "") <= 0) {
+            return 0;
+        }
+        return i2r_TARGET_CERT(method, target->choice.targetCert, out, indent + 2);
+    }
+    return 1;
+}
+
+static int i2r_TARGETS(X509V3_EXT_METHOD *method,
+                      TARGETS *targets,
+                      BIO *out, int indent)
+{
+    int i;
+    TARGET *target;
+    for (i = 0; i < sk_TARGET_num(targets); i++) {
+        if (BIO_printf(out, "%*sTarget:\n", indent, "") <= 0) {
+            return 0;
+        }
+        target = sk_TARGET_value(targets, i);
+        if (i2r_TARGET(method, target, out, indent + 2) <= 0) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static int i2r_TARGETING_INFORMATION(X509V3_EXT_METHOD *method,
+                                     TARGETING_INFORMATION *tinfo,
+                                     BIO *out, int indent)
+{
+    int i;
+    TARGETS *targets;
+    for (i = 0; i < sk_TARGETS_num(tinfo); i++) {
+        if (BIO_printf(out, "%*sTargets:\n", indent, "") <= 0) {
+            return 0;
+        }
+        targets = sk_TARGETS_value(tinfo, i);
+        if (i2r_TARGETS(method, targets, out, indent + 2) <= 0) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+const X509V3_EXT_METHOD ossl_v3_targeting_information = {
+    NID_target_information, 0, ASN1_ITEM_ref(TARGETING_INFORMATION),
+    0, 0, 0, 0,
+    0,
+    0,
+    0, 0,
+    (X509V3_EXT_I2R)i2r_TARGETING_INFORMATION,
+    0,
+    NULL
+};
diff --git a/crypto/x509/v3_attrdesc.c b/crypto/x509/v3_attrdesc.c
new file mode 100644
index 0000000000000..f5748fa4a35ba
--- /dev/null
+++ b/crypto/x509/v3_attrdesc.c
@@ -0,0 +1,192 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(HASH) = {
+    ASN1_SIMPLE(HASH, algorithmIdentifier, X509_ALGOR),
+    ASN1_OPT(HASH, hashValue, ASN1_BIT_STRING),
+} ASN1_SEQUENCE_END(HASH)
+
+ASN1_SEQUENCE(INFO_SYNTAX_POINTER) = {
+    ASN1_SIMPLE(INFO_SYNTAX_POINTER, name, GENERAL_NAMES),
+    ASN1_OPT(INFO_SYNTAX_POINTER, hash, HASH),
+} ASN1_SEQUENCE_END(INFO_SYNTAX_POINTER)
+
+ASN1_CHOICE(INFO_SYNTAX) = {
+    ASN1_SIMPLE(INFO_SYNTAX, choice.content, DIRECTORYSTRING),
+    ASN1_SIMPLE(INFO_SYNTAX, choice.pointer, INFO_SYNTAX_POINTER)
+} ASN1_CHOICE_END(INFO_SYNTAX)
+
+ASN1_SEQUENCE(PRIVILEGE_POLICY_ID) = {
+    ASN1_SIMPLE(PRIVILEGE_POLICY_ID, privilegePolicy, ASN1_OBJECT),
+    ASN1_SIMPLE(PRIVILEGE_POLICY_ID, privPolSyntax, INFO_SYNTAX),
+} ASN1_SEQUENCE_END(PRIVILEGE_POLICY_ID)
+
+ASN1_SEQUENCE(ATTRIBUTE_DESCRIPTOR) = {
+    ASN1_SIMPLE(ATTRIBUTE_DESCRIPTOR, identifier, ASN1_OBJECT),
+    ASN1_SIMPLE(ATTRIBUTE_DESCRIPTOR, attributeSyntax, ASN1_OCTET_STRING),
+    ASN1_IMP_OPT(ATTRIBUTE_DESCRIPTOR, name, ASN1_UTF8STRING, 0),
+    ASN1_IMP_OPT(ATTRIBUTE_DESCRIPTOR, description, ASN1_UTF8STRING, 1),
+    ASN1_SIMPLE(ATTRIBUTE_DESCRIPTOR, dominationRule, PRIVILEGE_POLICY_ID),
+} ASN1_SEQUENCE_END(ATTRIBUTE_DESCRIPTOR)
+
+IMPLEMENT_ASN1_FUNCTIONS(ATTRIBUTE_DESCRIPTOR)
+
+static int i2r_HASH(X509V3_EXT_METHOD *method,
+                    HASH *hash,
+                    BIO *out, int indent)
+{
+    if (BIO_printf(out, "%*sAlgorithm: ", indent, "") <= 0) {
+        return 0;
+    }
+    if (i2a_ASN1_OBJECT(out, hash->algorithmIdentifier->algorithm) <= 0) {
+        return 0;
+    }
+    if (BIO_puts(out, "\n") <= 0) {
+        return 0;
+    }
+    if (hash->algorithmIdentifier->parameter) {
+        if (BIO_printf(out, "%*sParameter: ", indent, "") <= 0) {
+            return 0;
+        }
+        if (print_attribute_value(out, 0, hash->algorithmIdentifier->parameter, indent + 4) <= 0) {
+            return 0;
+        }
+        if (BIO_puts(out, "\n") <= 0) {
+            return 0;
+        }
+    }
+    if (BIO_printf(out, "%*sHash Value: ", indent, "") <= 0) {
+        return 0;
+    }
+    return print_hex(out, hash->hashValue->data, hash->hashValue->length);
+}
+
+static int i2r_INFO_SYNTAX_POINTER(X509V3_EXT_METHOD *method,
+                                   INFO_SYNTAX_POINTER *pointer,
+                                   BIO *out, int indent)
+{
+    if (BIO_printf(out, "%*sNames:\n", indent, "") <= 0) {
+        return 0;
+    }
+    if (ossl_print_gens(out, pointer->name, indent) <= 0) {
+        return 0;
+    }
+    if (BIO_puts(out, "\n") <= 0) {
+        return 0;
+    }
+    if (pointer->hash != NULL) {
+        if (BIO_printf(out, "%*sHash:\n", indent, "") <= 0) {
+            return 0;
+        }
+        if (i2r_HASH(method, pointer->hash, out, indent + 4) <= 0) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static int i2r_INFO_SYNTAX(X509V3_EXT_METHOD *method,
+                           INFO_SYNTAX *info,
+                           BIO *out, int indent)
+{
+    switch (info->type) {
+    case (INFO_SYNTAX_TYPE_CONTENT): {
+        if (BIO_printf(out, "%*sContent: ", indent, "") <= 0) {
+            return 0;
+        }
+        if (BIO_printf(out, "%.*s", info->choice.content->length, info->choice.content->data) <= 0) {
+            return 0;
+        }
+        if (BIO_puts(out, "\n") <= 0) {
+            return 0;
+        }
+        return 1;
+    }
+    case (INFO_SYNTAX_TYPE_POINTER): {
+        if (BIO_printf(out, "%*sPointer:\n", indent, "") <= 0) {
+            return 0;
+        }
+        return i2r_INFO_SYNTAX_POINTER(method, info->choice.pointer, out, indent + 4);
+    }
+    default: return 0;
+    }
+    return 0;
+}
+
+static int i2r_PRIVILEGE_POLICY_ID(X509V3_EXT_METHOD *method,
+                                   PRIVILEGE_POLICY_ID *ppid,
+                                   BIO *out, int indent)
+{
+    char buf[80];
+
+    /* Intentionally display the numeric OID, rather than the textual name. */
+    if (OBJ_obj2txt(buf, sizeof(buf), ppid->privilegePolicy, 1) <= 0) {
+        return 0;
+    }
+    if (BIO_printf(out, "%*sIdentifier: %s\n", indent, "", buf) <= 0) {
+        return 0;
+    }
+    if (BIO_printf(out, "%*sSyntax:\n", indent, "") <= 0) {
+        return 0;
+    }
+    return i2r_INFO_SYNTAX(method, ppid->privPolSyntax, out, indent + 4);
+}
+
+static int i2r_ATTRIBUTE_DESCRIPTOR(X509V3_EXT_METHOD *method,
+                                    ATTRIBUTE_DESCRIPTOR *ad,
+                                    BIO *out, int indent)
+{
+    char buf[80];
+
+    /* Intentionally display the numeric OID, rather than the textual name. */
+    if (OBJ_obj2txt(buf, sizeof(buf), ad->identifier, 1) <= 0) {
+        return 0;
+    }
+    if (BIO_printf(out, "%*sIdentifier: %s\n", indent, "", buf) <= 0) {
+        return 0;
+    }
+    if (BIO_printf(out, "%*sSyntax:\n", indent, "") <= 0) {
+        return 0;
+    }
+    if (BIO_printf(out, "%*s%.*s", indent + 4, "", ad->attributeSyntax->length, ad->attributeSyntax->data) <= 0) {
+        return 0;
+    }
+    if (BIO_puts(out, "\n\n") <= 0) {
+        return 0;
+    }
+    if (ad->name != NULL) {
+        if (BIO_printf(out, "%*sName: %.*s\n", indent, "", ad->name->length, ad->name->data) <= 0) {
+            return 0;
+        }
+    }
+    if (ad->description != NULL) {
+        if (BIO_printf(out, "%*sDescription: %.*s\n", indent, "", ad->description->length, ad->description->data) <= 0) {
+            return 0;
+        }
+    }
+    if (BIO_printf(out, "%*sDomination Rule:\n", indent, "") <= 0) {
+        return 0;
+    }
+    return i2r_PRIVILEGE_POLICY_ID(method, ad->dominationRule, out, indent + 4);
+}
+
+const X509V3_EXT_METHOD ossl_v3_attribute_descriptor = {
+    NID_attribute_descriptor, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(ATTRIBUTE_DESCRIPTOR),
+    0, 0, 0, 0,
+    0, 0,
+    0,
+    0,
+    (X509V3_EXT_I2R)i2r_ATTRIBUTE_DESCRIPTOR,
+    NULL,
+    NULL
+};
diff --git a/crypto/x509/v3_attrmap.c b/crypto/x509/v3_attrmap.c
new file mode 100644
index 0000000000000..815cd10a2c13a
--- /dev/null
+++ b/crypto/x509/v3_attrmap.c
@@ -0,0 +1,120 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(ATAV) = {
+    ASN1_SIMPLE(ATAV, type, ASN1_OBJECT),
+    ASN1_SIMPLE(ATAV, value, ASN1_ANY)
+} ASN1_SEQUENCE_END(ATAV)
+
+ASN1_SEQUENCE(ATTRIBUTE_TYPE_MAPPING) = {
+    ASN1_IMP(ATTRIBUTE_TYPE_MAPPING, local, ASN1_OBJECT, 0),
+    ASN1_IMP(ATTRIBUTE_TYPE_MAPPING, remote, ASN1_OBJECT, 1),
+} ASN1_SEQUENCE_END(ATTRIBUTE_TYPE_MAPPING)
+
+ASN1_SEQUENCE(ATTRIBUTE_VALUE_MAPPING) = {
+    ASN1_IMP(ATTRIBUTE_VALUE_MAPPING, local, ATAV, 0),
+    ASN1_IMP(ATTRIBUTE_VALUE_MAPPING, remote, ATAV, 1),
+} ASN1_SEQUENCE_END(ATTRIBUTE_VALUE_MAPPING)
+
+ASN1_CHOICE(ATTRIBUTE_MAPPING) = {
+    ASN1_IMP(ATTRIBUTE_MAPPING, choice.typeMappings, ATTRIBUTE_TYPE_MAPPING, ATTR_MAP_TYPE),
+    ASN1_IMP(ATTRIBUTE_MAPPING, choice.typeValueMappings, ATTRIBUTE_VALUE_MAPPING, ATTR_MAP_VALUE),
+} ASN1_CHOICE_END(ATTRIBUTE_MAPPING)
+
+ASN1_ITEM_TEMPLATE(ATTRIBUTE_MAPPINGS) =
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, ATTRIBUTE_MAPPINGS, ATTRIBUTE_MAPPING)
+ASN1_ITEM_TEMPLATE_END(ATTRIBUTE_MAPPINGS)
+
+IMPLEMENT_ASN1_FUNCTIONS(ATTRIBUTE_MAPPINGS)
+
+static int i2r_ATTRIBUTE_MAPPING(X509V3_EXT_METHOD *method,
+                                 ATTRIBUTE_MAPPING *am,
+                                 BIO *out, int indent)
+{
+    ASN1_OBJECT *local_type, *remote_type;
+    int local_attr_nid, remote_attr_nid;
+    ASN1_TYPE *local_val, *remote_val;
+
+    switch (am->type) {
+    case (ATTR_MAP_TYPE): {
+        if (i2a_ASN1_OBJECT(out, am->choice.typeMappings->local) <= 0) {
+            return 0;
+        }
+        if (BIO_puts(out, " == ") <= 0) {
+            return 0;
+        }
+        return i2a_ASN1_OBJECT(out, am->choice.typeMappings->remote);
+    }
+    case (ATTR_MAP_VALUE): {
+        local_type = am->choice.typeValueMappings->local->type;
+        remote_type = am->choice.typeValueMappings->remote->type;
+        local_val = am->choice.typeValueMappings->local->value;
+        remote_val = am->choice.typeValueMappings->remote->value;
+        local_attr_nid = OBJ_obj2nid(local_type);
+        remote_attr_nid = OBJ_obj2nid(remote_type);
+        if (i2a_ASN1_OBJECT(out, local_type) <= 0) {
+            return 0;
+        }
+        if (BIO_puts(out, ":") <= 0) {
+            return 0;
+        }
+        if (print_attribute_value(out, local_attr_nid, local_val, 0) <= 0) {
+            return 0;
+        }
+        if (BIO_puts(out, " == ") <= 0) {
+            return 0;
+        }
+        if (i2a_ASN1_OBJECT(out, remote_type) <= 0) {
+            return 0;
+        }
+        if (BIO_puts(out, ":") <= 0) {
+            return 0;
+        }
+        return print_attribute_value(out, remote_attr_nid, remote_val, 0);
+    }
+    default: return 0;
+    }
+    return 1;
+}
+
+static int i2r_ATTRIBUTE_MAPPINGS(X509V3_EXT_METHOD *method,
+                                  ATTRIBUTE_MAPPINGS *ams,
+                                  BIO *out, int indent)
+{
+    int i;
+    ATTRIBUTE_MAPPING *am;
+    for (i = 0; i < sk_ATTRIBUTE_MAPPING_num(ams); i++) {
+        am = sk_ATTRIBUTE_MAPPING_value(ams, i);
+        if (BIO_printf(out, "%*s", indent, "") <= 0) {
+            return 0;
+        }
+        if (i2r_ATTRIBUTE_MAPPING(method, am, out, indent + 4) <= 0) {
+            return 0;
+        }
+        if (BIO_puts(out, "\n") <= 0) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+const X509V3_EXT_METHOD ossl_v3_attribute_mappings = {
+    NID_attribute_mappings, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(ATTRIBUTE_MAPPINGS),
+    0, 0, 0, 0,
+    0, 0,
+    0,
+    0,
+    (X509V3_EXT_I2R)i2r_ATTRIBUTE_MAPPINGS,
+    0,
+    NULL
+};
diff --git a/crypto/x509/v3_audit_id.c b/crypto/x509/v3_audit_id.c
new file mode 100644
index 0000000000000..b74cb18997c96
--- /dev/null
+++ b/crypto/x509/v3_audit_id.c
@@ -0,0 +1,19 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/x509v3.h>
+
+const X509V3_EXT_METHOD ossl_v3_audit_identity = {
+    NID_ac_auditEntity, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
+    (X509V3_EXT_S2I)s2i_ASN1_OCTET_STRING,
+    0, 0, 0, 0,
+    NULL
+};
diff --git a/crypto/x509/v3_authattid.c b/crypto/x509/v3_authattid.c
new file mode 100644
index 0000000000000..faa6e6370ecac
--- /dev/null
+++ b/crypto/x509/v3_authattid.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+static int i2r_AUTHORITY_ATTRIBUTE_ID_SYNTAX(X509V3_EXT_METHOD *method,
+                                             AUTHORITY_ATTRIBUTE_ID_SYNTAX *aids,
+                                             BIO *out, int indent)
+{
+    int i;
+    OSSL_ISSUER_SERIAL *aid;
+    for (i = 0; i < sk_OSSL_ISSUER_SERIAL_num(aids); i++) {
+        if (BIO_printf(out, "%*sIssuer-Serials:\n", indent, "") <= 0) {
+            return 0;
+        }
+        aid = sk_OSSL_ISSUER_SERIAL_value(aids, i);
+        if (i2r_ISSUER_SERIAL(method, aid, out, indent + 4) <= 0) {
+            return 0;
+        }
+        if (BIO_puts(out, "\n") <= 0) {
+            return 0;
+        };
+    }
+    return 1;
+}
+
+ASN1_ITEM_TEMPLATE(AUTHORITY_ATTRIBUTE_ID_SYNTAX) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, AUTHORITY_ATTRIBUTE_ID_SYNTAX, OSSL_ISSUER_SERIAL)
+ASN1_ITEM_TEMPLATE_END(AUTHORITY_ATTRIBUTE_ID_SYNTAX)
+
+IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_ATTRIBUTE_ID_SYNTAX)
+
+const X509V3_EXT_METHOD ossl_v3_authority_attribute_identifier = {
+    NID_authority_attribute_identifier, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(AUTHORITY_ATTRIBUTE_ID_SYNTAX),
+    0, 0, 0, 0,
+    0,
+    0,
+    0, 0,
+    (X509V3_EXT_I2R)i2r_AUTHORITY_ATTRIBUTE_ID_SYNTAX,
+    0,
+    NULL
+};
diff --git a/crypto/x509/v3_bacons.c b/crypto/x509/v3_bacons.c
new file mode 100644
index 0000000000000..008cb82c8f3f0
--- /dev/null
+++ b/crypto/x509/v3_bacons.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "x509_local.h"
+
+static STACK_OF(CONF_VALUE) *i2v_BASIC_ATTR_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                                                   BASIC_ATTR_CONSTRAINTS *bcons,
+                                                   STACK_OF(CONF_VALUE)
+                                                   *extlist);
+static BASIC_ATTR_CONSTRAINTS *v2i_BASIC_ATTR_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                                                X509V3_CTX *ctx,
+                                                STACK_OF(CONF_VALUE) *values);
+
+const X509V3_EXT_METHOD ossl_v3_bacons = {
+    NID_basic_att_constraints, 0,
+    ASN1_ITEM_ref(BASIC_ATTR_CONSTRAINTS),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V) i2v_BASIC_ATTR_CONSTRAINTS,
+    (X509V3_EXT_V2I)v2i_BASIC_ATTR_CONSTRAINTS,
+    NULL, NULL,
+    NULL
+};
+
+ASN1_SEQUENCE(BASIC_ATTR_CONSTRAINTS) = {
+        ASN1_OPT(BASIC_ATTR_CONSTRAINTS, authority, ASN1_FBOOLEAN),
+        ASN1_OPT(BASIC_ATTR_CONSTRAINTS, pathlen, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(BASIC_ATTR_CONSTRAINTS)
+
+IMPLEMENT_ASN1_FUNCTIONS(BASIC_ATTR_CONSTRAINTS)
+
+static STACK_OF(CONF_VALUE) *i2v_BASIC_ATTR_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                                                   BASIC_ATTR_CONSTRAINTS *bcons,
+                                                   STACK_OF(CONF_VALUE)
+                                                   *extlist)
+{
+    X509V3_add_value_bool("authority", bcons->authority, &extlist);
+    X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
+    return extlist;
+}
+
+static BASIC_ATTR_CONSTRAINTS *v2i_BASIC_ATTR_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                                                X509V3_CTX *ctx,
+                                                STACK_OF(CONF_VALUE) *values)
+{
+    BASIC_ATTR_CONSTRAINTS *bcons = NULL;
+    CONF_VALUE *val;
+    int i;
+
+    if ((bcons = BASIC_ATTR_CONSTRAINTS_new()) == NULL) {
+        ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        val = sk_CONF_VALUE_value(values, i);
+        if (strcmp(val->name, "authority") == 0) {
+            if (!X509V3_get_value_bool(val, &bcons->authority))
+                goto err;
+        } else if (strcmp(val->name, "pathlen") == 0) {
+            if (!X509V3_get_value_int(val, &bcons->pathlen))
+                goto err;
+        } else {
+            ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NAME);
+            X509V3_conf_add_error_name_value(val);
+            goto err;
+        }
+    }
+    return bcons;
+ err:
+    BASIC_ATTR_CONSTRAINTS_free(bcons);
+    return NULL;
+}
diff --git a/crypto/x509/v3_cpols.c b/crypto/x509/v3_cpols.c
index ae602ea2cd28a..81cc90d0c9a6f 100644
--- a/crypto/x509/v3_cpols.c
+++ b/crypto/x509/v3_cpols.c
@@ -26,7 +26,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
                                          X509V3_CTX *ctx, const char *value);
 static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
                              int indent);
-static void print_notice(BIO *out, USERNOTICE *notice, int indent);
+static void print_unotice(BIO *out, USERNOTICE *notice, int indent);
 static POLICYINFO *policy_section(X509V3_CTX *ctx,
                                   STACK_OF(CONF_VALUE) *polstrs, int ia5org);
 static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
@@ -449,7 +449,7 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
 
         case NID_id_qt_unotice:
             BIO_printf(out, "%*sUser Notice:\n", indent, "");
-            print_notice(out, qualinfo->d.usernotice, indent + 2);
+            print_unotice(out, qualinfo->d.usernotice, indent + 2);
             break;
 
         default:
@@ -461,7 +461,7 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
     }
 }
 
-static void print_notice(BIO *out, USERNOTICE *notice, int indent)
+static void print_unotice(BIO *out, USERNOTICE *notice, int indent)
 {
     int i;
     if (notice->noticeref) {
diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.c
index 839b2c1afefc4..3f03d31338534 100644
--- a/crypto/x509/v3_crld.c
+++ b/crypto/x509/v3_crld.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -13,9 +13,7 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
-
 #include "crypto/x509.h"
-#include "ext_dat.h"
 #include "x509_local.h"
 
 static void *v2i_crld(const X509V3_EXT_METHOD *method,
@@ -70,11 +68,6 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
     STACK_OF(GENERAL_NAME) *fnm = NULL;
     STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
 
-    if (cnf->value == NULL) {
-        ERR_raise(ERR_LIB_X509V3, X509V3_R_MISSING_VALUE);
-        goto err;
-    }
-
     if (HAS_PREFIX(cnf->name, "fullname")) {
         fnm = gnames_from_sectname(ctx, cnf->value);
         if (!fnm)
@@ -187,7 +180,7 @@ static int print_reasons(BIO *out, const char *rname,
 {
     int first = 1;
     const BIT_STRING_BITNAME *pbn;
-    BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, "");
+    BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 4, "");
     for (pbn = reason_flags; pbn->lname; pbn++) {
         if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) {
             if (first)
@@ -327,7 +320,6 @@ ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = {
 
 
 IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
-IMPLEMENT_ASN1_DUP_FUNCTION(DIST_POINT_NAME)
 
 ASN1_SEQUENCE(DIST_POINT) = {
         ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
@@ -419,27 +411,16 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
     return NULL;
 }
 
-static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)
-{
-    int i;
-    for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
-        if (i > 0)
-            BIO_puts(out, "\n");
-        BIO_printf(out, "%*s", indent + 2, "");
-        GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i));
-    }
-    return 1;
-}
-
 static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)
 {
     if (dpn->type == 0) {
         BIO_printf(out, "%*sFull Name:\n", indent, "");
-        print_gens(out, dpn->name.fullname, indent);
+        ossl_print_gens(out, dpn->name.fullname, indent);
+        BIO_puts(out, "\n");
     } else {
         X509_NAME ntmp;
         ntmp.entries = dpn->name.relativename;
-        BIO_printf(out, "%*sRelative Name:\n%*s", indent, "", indent + 2, "");
+        BIO_printf(out, "%*sRelative Name:\n%*s", indent, "", indent + 4, "");
         X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE);
         BIO_puts(out, "\n");
     }
@@ -486,7 +467,7 @@ static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
             print_reasons(out, "Reasons", point->reasons, indent);
         if (point->CRLissuer) {
             BIO_printf(out, "%*sCRL Issuer:\n", indent, "");
-            print_gens(out, point->CRLissuer, indent);
+            ossl_print_gens(out, point->CRLissuer, indent);
         }
     }
     return 1;
@@ -520,3 +501,190 @@ int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, const X509_NAME *iname)
     dpn->dpname = NULL;
     return 0;
 }
+
+ASN1_SEQUENCE(AA_DIST_POINT) = {
+    ASN1_EXP_OPT(AA_DIST_POINT, distpoint, DIST_POINT_NAME, 0),
+    ASN1_IMP_OPT(AA_DIST_POINT, reasons, ASN1_BIT_STRING, 1),
+    ASN1_IMP_OPT(AA_DIST_POINT, indirectCRL, ASN1_FBOOLEAN, 2),
+    ASN1_IMP_OPT(AA_DIST_POINT, containsUserAttributeCerts, ASN1_TBOOLEAN, 3),
+    ASN1_IMP_OPT(AA_DIST_POINT, containsAACerts, ASN1_TBOOLEAN, 4),
+    ASN1_IMP_OPT(AA_DIST_POINT, containsSOAPublicKeyCerts, ASN1_TBOOLEAN, 5)
+} ASN1_SEQUENCE_END(AA_DIST_POINT)
+
+IMPLEMENT_ASN1_FUNCTIONS(AA_DIST_POINT)
+
+static int print_boolean (BIO *out, ASN1_BOOLEAN b) {
+    if (b) {
+        return BIO_puts(out, "TRUE");
+    } else {
+        return BIO_puts(out, "FALSE");
+    }
+}
+
+static AA_DIST_POINT *aaidp_from_section(X509V3_CTX *ctx,
+                                         STACK_OF(CONF_VALUE) *nval)
+{
+    int i;
+    CONF_VALUE *cnf;
+    AA_DIST_POINT *point = AA_DIST_POINT_new();
+
+    if (point == NULL)
+        goto err;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        int ret;
+        cnf = sk_CONF_VALUE_value(nval, i);
+        ret = set_dist_point_name(&point->distpoint, ctx, cnf);
+        if (ret > 0)
+            continue;
+        if (ret < 0)
+            goto err;
+        if (strcmp(cnf->name, "reasons") == 0) {
+            if (!set_reasons(&point->reasons, cnf->value))
+                goto err;
+        } else if (strcmp(cnf->name, "indirectCRL") == 0) {
+            if (!X509V3_get_value_bool(cnf, &point->indirectCRL))
+                goto err;
+        } else if (strcmp(cnf->name, "containsUserAttributeCerts") == 0) {
+            if (!X509V3_get_value_bool(cnf, &point->containsUserAttributeCerts))
+                goto err;
+        } else if (strcmp(cnf->name, "containsAACerts") == 0) {
+            if (!X509V3_get_value_bool(cnf, &point->containsAACerts))
+                goto err;
+        } else if (strcmp(cnf->name, "containsSOAPublicKeyCerts") == 0) {
+            if (!X509V3_get_value_bool(cnf, &point->containsSOAPublicKeyCerts))
+                goto err;
+        }
+    }
+
+    return point;
+
+ err:
+    AA_DIST_POINT_free(point);
+    return NULL;
+}
+
+static void *v2i_aaidp(const X509V3_EXT_METHOD *method,
+                      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAME *gen = NULL;
+    CONF_VALUE *cnf;
+    int i = 0;
+    AA_DIST_POINT *point = NULL;
+
+    cnf = sk_CONF_VALUE_value(nval, i);
+    if (cnf->value == NULL) {
+        STACK_OF(CONF_VALUE) *dpsect;
+        dpsect = X509V3_get_section(ctx, cnf->name);
+        if (!dpsect)
+            goto err;
+        point = aaidp_from_section(ctx, dpsect);
+        X509V3_section_free(ctx, dpsect);
+        if (point == NULL) {
+            goto err;            
+        }
+    } else {
+        if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
+            goto err;
+        if ((gens = GENERAL_NAMES_new()) == NULL) {
+            ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        if (!sk_GENERAL_NAME_push(gens, gen)) {
+            ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB);
+            goto err;
+        }
+        gen = NULL;
+        if ((point = AA_DIST_POINT_new()) == NULL) {
+            ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        if ((point->distpoint = DIST_POINT_NAME_new()) == NULL) {
+            ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        point->distpoint->name.fullname = gens;
+        point->distpoint->type = 0;
+        gens = NULL;
+    }
+    return point;
+
+ err:
+    if (point != NULL) {
+        AA_DIST_POINT_free(point);
+    }
+    GENERAL_NAME_free(gen);
+    GENERAL_NAMES_free(gens);
+    return NULL;
+}
+
+
+static int i2r_aaidp(const X509V3_EXT_METHOD *method, void *pdp, BIO *out,
+                     int indent)
+{
+    AA_DIST_POINT *dp = pdp;
+    if (dp->distpoint)
+        if (print_distpoint(out, dp->distpoint, indent) <= 0) {
+            return 0;
+        }
+    if (dp->reasons)
+        if (print_reasons(out, "Reasons", dp->reasons, indent) <= 0) {
+            return 0;
+        }
+    if (dp->indirectCRL) {
+        if (BIO_printf(out, "%*sIndirect CRL: ", indent, "") <= 0) {
+            return 0;
+        }
+        if (print_boolean(out, dp->indirectCRL) <= 0) {
+            return 0;
+        }
+        if (BIO_puts(out, "\n") <= 0) {
+            return 0;
+        }
+    }
+    if (dp->containsUserAttributeCerts) {
+        if (BIO_printf(out, "%*sContains User Attribute Certificates: ", indent, "") <= 0) {
+            return 0;
+        }
+        if (print_boolean(out, dp->containsUserAttributeCerts) <= 0) {
+            return 0;
+        }
+        if (BIO_puts(out, "\n") <= 0) {
+            return 0;
+        }
+    }
+    if (dp->containsAACerts) {
+        if (BIO_printf(out, "%*sContains Attribute Authority (AA) Certificates: ", indent, "") <= 0) {
+            return 0;
+        }
+        if (print_boolean(out, dp->containsAACerts) <= 0) {
+            return 0;
+        }
+        if (BIO_puts(out, "\n") <= 0) {
+            return 0;
+        }
+    }
+    if (dp->containsSOAPublicKeyCerts) {
+        if (BIO_printf(out, "%*sContains Source Of Authority (SOA) Public Key Certificates: ", indent, "") <= 0) {
+            return 0;
+        }
+        if (print_boolean(out, dp->containsSOAPublicKeyCerts) <= 0) {
+            return 0;
+        }
+        if (BIO_puts(out, "\n") <= 0) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+const X509V3_EXT_METHOD ossl_v3_aa_issuing_dist_point = {
+    NID_id_aa_issuing_distribution_point, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(AA_DIST_POINT),
+    0, 0, 0, 0,
+    0, 0,
+    0,
+    v2i_aaidp,
+    i2r_aaidp, 0,
+    NULL
+};
\ No newline at end of file
diff --git a/crypto/x509/v3_extku.c b/crypto/x509/v3_extku.c
index 22c951e251c2a..6053d5e2cb999 100644
--- a/crypto/x509/v3_extku.c
+++ b/crypto/x509/v3_extku.c
@@ -44,6 +44,30 @@ const X509V3_EXT_METHOD ossl_v3_ocsp_accresp = {
     NULL
 };
 
+/* Acceptable Certificate Policies also is a SEQUENCE OF OBJECT */
+const X509V3_EXT_METHOD ossl_v3_acc_cert_policies = {
+    NID_acceptable_cert_policies, 0,
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_EXTENDED_KEY_USAGE,
+    v2i_EXTENDED_KEY_USAGE,
+    0, 0,
+    NULL
+};
+
+/* Acceptable Privilege Policies also is a SEQUENCE OF OBJECT */
+const X509V3_EXT_METHOD ossl_v3_acc_priv_policies = {
+    NID_acceptable_privilege_policies, 0,
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_EXTENDED_KEY_USAGE,
+    v2i_EXTENDED_KEY_USAGE,
+    0, 0,
+    NULL
+};
+
 ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) =
         ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
 ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
diff --git a/crypto/x509/v3_iobo.c b/crypto/x509/v3_iobo.c
new file mode 100644
index 0000000000000..31929a966da30
--- /dev/null
+++ b/crypto/x509/v3_iobo.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/x509v3.h>
+
+static int i2r_IOBO(X509V3_EXT_METHOD *method,
+                    GENERAL_NAME *gn, BIO *out,
+                    int indent)
+{
+    if (BIO_printf(out, "%*s", indent, "") <= 0) {
+        return 0;
+    }
+    if (GENERAL_NAME_print(out, gn) <= 0) {
+        return 0;
+    }
+    return BIO_puts(out, "\n");
+}
+
+const X509V3_EXT_METHOD ossl_v3_issued_on_behalf_of = {
+    NID_issued_on_behalf_of, 0, ASN1_ITEM_ref(GENERAL_NAME),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    (X509V3_EXT_I2R)i2r_IOBO,
+    0,
+    NULL
+};
diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c
index a6817b9e177f3..50a3cb5087169 100644
--- a/crypto/x509/v3_ncons.c
+++ b/crypto/x509/v3_ncons.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -53,6 +53,26 @@ const X509V3_EXT_METHOD ossl_v3_name_constraints = {
     NULL
 };
 
+const X509V3_EXT_METHOD ossl_v3_delegated_name_constraints = {
+    NID_delegated_name_constraints, 0,
+    ASN1_ITEM_ref(NAME_CONSTRAINTS),
+    0, 0, 0, 0,
+    0, 0,
+    0, v2i_NAME_CONSTRAINTS,
+    i2r_NAME_CONSTRAINTS, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD ossl_v3_holder_name_constraints = {
+    NID_holder_name_constraints, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(NAME_CONSTRAINTS),
+    0, 0, 0, 0,
+    0, 0,
+    0, v2i_NAME_CONSTRAINTS,
+    i2r_NAME_CONSTRAINTS, 0,
+    NULL
+};
+
 ASN1_SEQUENCE(GENERAL_SUBTREE) = {
         ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME),
         ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0),
diff --git a/crypto/x509/v3_rolespec.c b/crypto/x509/v3_rolespec.c
new file mode 100644
index 0000000000000..968866a43c79f
--- /dev/null
+++ b/crypto/x509/v3_rolespec.c
@@ -0,0 +1,123 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(ROLE_SPEC_CERT_ID) = {
+    ASN1_EXP(ROLE_SPEC_CERT_ID, roleName, GENERAL_NAME, 0),
+    ASN1_EXP(ROLE_SPEC_CERT_ID, roleCertIssuer, GENERAL_NAME, 1),
+    ASN1_IMP_OPT(ROLE_SPEC_CERT_ID, roleCertSerialNumber, ASN1_INTEGER, 2),
+    ASN1_IMP_SEQUENCE_OF_OPT(ROLE_SPEC_CERT_ID, roleCertLocator, GENERAL_NAME, 3),
+} ASN1_SEQUENCE_END(ROLE_SPEC_CERT_ID)
+
+IMPLEMENT_ASN1_FUNCTIONS(ROLE_SPEC_CERT_ID)
+
+ASN1_ITEM_TEMPLATE(ROLE_SPEC_CERT_ID_SYNTAX) =
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, ROLE_SPEC_CERT_ID_SYNTAX, ROLE_SPEC_CERT_ID)
+ASN1_ITEM_TEMPLATE_END(ROLE_SPEC_CERT_ID_SYNTAX)
+
+IMPLEMENT_ASN1_FUNCTIONS(ROLE_SPEC_CERT_ID_SYNTAX)
+
+// This was copied from crypto/x509/x_attrib.c
+static int ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num)
+{
+    BIGNUM *num_bn;
+    int result = 0;
+    char *hex;
+
+    num_bn = ASN1_INTEGER_to_BN(num, NULL);
+    if (num_bn == NULL)
+        return -1;
+    if ((hex = BN_bn2hex(num_bn))) {
+        result = BIO_write(bio, "0x", 2) > 0;
+        result = result && BIO_write(bio, hex, strlen(hex)) > 0;
+        OPENSSL_free(hex);
+    }
+    BN_free(num_bn);
+
+    return result;
+}
+
+static int i2r_ROLE_SPEC_CERT_ID(X509V3_EXT_METHOD *method,
+                                 ROLE_SPEC_CERT_ID *rscid,
+                                 BIO *out, int indent)
+{
+    if (BIO_printf(out, "%*sRole Name: ", indent, "") <= 0) {
+        return 0;
+    }
+    if (GENERAL_NAME_print(out, rscid->roleName) <= 0) {
+        return 0;
+    }
+    if (BIO_puts(out, "\n") <= 0) {
+        return 0;
+    }
+    if (BIO_printf(out, "%*sRole Certificate Issuer: ", indent, "") <= 0) {
+        return 0;
+    }
+    if (GENERAL_NAME_print(out, rscid->roleCertIssuer) <= 0) {
+        return 0;
+    }
+    if (rscid->roleCertSerialNumber) {
+        if (BIO_puts(out, "\n") <= 0) {
+            return 0;
+        }
+        if (BIO_printf(out, "%*sRole Certificate Serial Number: ", indent, "") <= 0) {
+            return 0;
+        }
+        if (ASN1_INTEGER_print_bio(out, rscid->roleCertSerialNumber) <= 0) {
+            return 0;
+        }
+    }
+    if (rscid->roleCertLocator) {
+        if (BIO_puts(out, "\n") <= 0) {
+            return 0;
+        }
+        if (BIO_printf(out, "%*sRole Certificate Locator:\n", indent, "") <= 0) {
+            return 0;
+        }
+        if (ossl_print_gens(out, rscid->roleCertLocator, indent) <= 0) {
+            return 0;
+        }
+    }
+    return BIO_puts(out, "\n");
+}
+
+static int i2r_ROLE_SPEC_CERT_ID_SYNTAX(X509V3_EXT_METHOD *method,
+                                        ROLE_SPEC_CERT_ID_SYNTAX *rscids,
+                                        BIO *out, int indent)
+{
+    ROLE_SPEC_CERT_ID *rscid;
+    int i;
+    for (i = 0; i < sk_ROLE_SPEC_CERT_ID_num(rscids); i++) {
+        if (i > 0 && BIO_puts(out, "\n") <= 0) {
+            return 0;
+        }
+        if (BIO_printf(out, "%*sRole Specification Certificate Identifier #%d:\n", indent, "", i+1) <= 0) {
+            return 0;
+        }
+        rscid = sk_ROLE_SPEC_CERT_ID_value(rscids, i);
+        if (i2r_ROLE_SPEC_CERT_ID(method, rscid, out, indent + 4) != 1) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+const X509V3_EXT_METHOD ossl_v3_role_spec_cert_identifier = {
+    NID_role_spec_cert_identifier, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(ROLE_SPEC_CERT_ID_SYNTAX),
+    0, 0, 0, 0,
+    0, 0,
+    0,
+    0,
+    (X509V3_EXT_I2R)i2r_ROLE_SPEC_CERT_ID_SYNTAX,
+    NULL,
+    NULL
+};
diff --git a/crypto/x509/v3_sda.c b/crypto/x509/v3_sda.c
new file mode 100644
index 0000000000000..44fefb83d182b
--- /dev/null
+++ b/crypto/x509/v3_sda.c
@@ -0,0 +1,92 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+ASN1_ITEM_TEMPLATE(ATTRIBUTES_SYNTAX) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Attributes, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(ATTRIBUTES_SYNTAX)
+
+IMPLEMENT_ASN1_FUNCTIONS(ATTRIBUTES_SYNTAX)
+
+static int i2r_ATTRIBUTES_SYNTAX(X509V3_EXT_METHOD *method,
+                                 ATTRIBUTES_SYNTAX *attrlst,
+                                 BIO *out, int indent)
+{
+    X509_ATTRIBUTE *attr;
+    ASN1_TYPE *av;
+    int i, j, attr_nid;
+    if (!attrlst) {
+        if (BIO_printf(out, "<No Attributes>\n") <= 0) {
+            return 0;
+        }
+        return 1;
+    }
+    if (!sk_X509_ATTRIBUTE_num(attrlst)) {
+        if (BIO_printf(out, "<Empty Attributes>\n") <= 0) {
+            return 0;
+        }
+        return 1;
+    }
+    for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
+        ASN1_OBJECT *attr_obj;
+        attr = sk_X509_ATTRIBUTE_value(attrlst, i);
+        attr_obj = X509_ATTRIBUTE_get0_object(attr);
+        attr_nid = OBJ_obj2nid(attr_obj);
+        if (indent && BIO_printf(out, "%*s", indent, "") <= 0)
+            return 0;
+        if (attr_nid == NID_undef) {
+            if (i2a_ASN1_OBJECT(out, attr_obj) <= 0) {
+                return 0;
+            }
+            if (BIO_puts(out, ":\n") <= 0) {
+                return 0;
+            }
+        } else if (BIO_printf(out, "%s:\n", OBJ_nid2ln(attr_nid)) <= 0) {
+            return 0;
+        }
+
+        if (X509_ATTRIBUTE_count(attr)) {
+            for (j = 0; j < X509_ATTRIBUTE_count(attr); j++)
+            {
+                av = X509_ATTRIBUTE_get0_type(attr, j);
+                if (print_attribute_value(out, attr_nid, av, indent + 4) <= 0) {
+                    return 0;
+                }
+                if (BIO_puts(out, "\n") <= 0) {
+                    return 0;
+                }
+            }
+        } else if (BIO_printf(out, "%*s<No Values>\n", indent + 4, "") <= 0) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+const X509V3_EXT_METHOD ossl_v3_subj_dir_attrs = {
+    NID_subject_directory_attributes, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(ATTRIBUTES_SYNTAX),
+    0, 0, 0, 0,
+    0, 0, 0, 0,
+    (X509V3_EXT_I2R)i2r_ATTRIBUTES_SYNTAX,
+    0,
+    NULL
+};
+
+const X509V3_EXT_METHOD ossl_v3_associated_info = {
+    NID_associated_information, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(ATTRIBUTES_SYNTAX),
+    0, 0, 0, 0,
+    0, 0, 0, 0,
+    (X509V3_EXT_I2R)i2r_ATTRIBUTES_SYNTAX,
+    0,
+    NULL
+};
diff --git a/crypto/x509/v3_timespec.c b/crypto/x509/v3_timespec.c
new file mode 100644
index 0000000000000..2fec0c4bf0749
--- /dev/null
+++ b/crypto/x509/v3_timespec.c
@@ -0,0 +1,853 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include <crypto/asn1.h>
+
+ASN1_SEQUENCE(TIME_SPEC_ABSOLUTE) = {
+    ASN1_EXP_OPT(TIME_SPEC_ABSOLUTE, startTime, ASN1_GENERALIZEDTIME, 0),
+    ASN1_EXP_OPT(TIME_SPEC_ABSOLUTE, endTime, ASN1_GENERALIZEDTIME, 1),
+} ASN1_SEQUENCE_END(TIME_SPEC_ABSOLUTE)
+
+ASN1_SEQUENCE(DAY_TIME) = {
+    ASN1_EXP_OPT(DAY_TIME, hour, ASN1_INTEGER, 0),
+    ASN1_EXP_OPT(DAY_TIME, minute, ASN1_INTEGER, 1),
+    ASN1_EXP_OPT(DAY_TIME, second, ASN1_INTEGER, 2),
+} ASN1_SEQUENCE_END(DAY_TIME)
+
+ASN1_SEQUENCE(DAY_TIME_BAND) = {
+    ASN1_EXP_OPT(DAY_TIME_BAND, startDayTime, DAY_TIME, 0),
+    ASN1_EXP_OPT(DAY_TIME_BAND, endDayTime, DAY_TIME, 1),
+} ASN1_SEQUENCE_END(DAY_TIME_BAND)
+
+ASN1_CHOICE(NAMED_DAY) = {
+    ASN1_SET_OF(NAMED_DAY, choice.intNamedDays, ASN1_ENUMERATED),
+    ASN1_SIMPLE(NAMED_DAY, choice.bitNamedDays, ASN1_BIT_STRING),
+} ASN1_CHOICE_END(NAMED_DAY)
+
+ASN1_CHOICE(TIME_SPEC_X_DAY_OF) = {
+    ASN1_EXP(TIME_SPEC_X_DAY_OF, choice.first, NAMED_DAY, 1),
+    ASN1_EXP(TIME_SPEC_X_DAY_OF, choice.second, NAMED_DAY, 2),
+    ASN1_EXP(TIME_SPEC_X_DAY_OF, choice.third, NAMED_DAY, 3),
+    ASN1_EXP(TIME_SPEC_X_DAY_OF, choice.fourth, NAMED_DAY, 4),
+    ASN1_EXP(TIME_SPEC_X_DAY_OF, choice.fifth, NAMED_DAY, 5),
+} ASN1_CHOICE_END(TIME_SPEC_X_DAY_OF)
+
+ASN1_CHOICE(TIME_SPEC_DAY) = {
+    ASN1_SET_OF(TIME_SPEC_DAY, choice.intDay, ASN1_INTEGER),
+    ASN1_SIMPLE(TIME_SPEC_DAY, choice.bitDay, ASN1_BIT_STRING),
+    ASN1_SIMPLE(TIME_SPEC_DAY, choice.dayOf, TIME_SPEC_X_DAY_OF),
+} ASN1_CHOICE_END(TIME_SPEC_DAY)
+
+ASN1_CHOICE(TIME_SPEC_WEEKS) = {
+    ASN1_SIMPLE(TIME_SPEC_WEEKS, choice.allWeeks, ASN1_NULL),
+    ASN1_SET_OF(TIME_SPEC_WEEKS, choice.intWeek, ASN1_INTEGER),
+    ASN1_SIMPLE(TIME_SPEC_WEEKS, choice.bitWeek, ASN1_BIT_STRING),
+} ASN1_CHOICE_END(TIME_SPEC_WEEKS)
+
+ASN1_CHOICE(TIME_SPEC_MONTH) = {
+    ASN1_SIMPLE(TIME_SPEC_MONTH, choice.allMonths, ASN1_NULL),
+    ASN1_SET_OF(TIME_SPEC_MONTH, choice.intMonth, ASN1_INTEGER),
+    ASN1_SIMPLE(TIME_SPEC_MONTH, choice.bitMonth, ASN1_BIT_STRING),
+} ASN1_CHOICE_END(TIME_SPEC_MONTH)
+
+ASN1_SEQUENCE(TIME_PERIOD) = {
+    ASN1_EXP_SET_OF_OPT(TIME_PERIOD, timesOfDay, DAY_TIME_BAND, 0),
+    ASN1_EXP_OPT(TIME_PERIOD, days, TIME_SPEC_DAY, 1),
+    ASN1_EXP_OPT(TIME_PERIOD, weeks, TIME_SPEC_WEEKS, 2),
+    ASN1_EXP_OPT(TIME_PERIOD, months, TIME_SPEC_MONTH, 3),
+    ASN1_EXP_SET_OF_OPT(TIME_PERIOD, years, ASN1_INTEGER, 4),
+} ASN1_SEQUENCE_END(TIME_PERIOD)
+
+ASN1_CHOICE(TIME_SPEC_TIME) = {
+    ASN1_SIMPLE(TIME_SPEC_TIME, choice.absolute, TIME_SPEC_ABSOLUTE),
+    ASN1_SET_OF(TIME_SPEC_TIME, choice.periodic, TIME_PERIOD)
+} ASN1_CHOICE_END(TIME_SPEC_TIME)
+
+ASN1_SEQUENCE(TIME_SPEC) = {
+    ASN1_SIMPLE(TIME_SPEC, time, TIME_SPEC_TIME),
+    ASN1_OPT(TIME_SPEC, notThisTime, ASN1_FBOOLEAN),
+    ASN1_OPT(TIME_SPEC, timeZone, ASN1_INTEGER),
+} ASN1_SEQUENCE_END(TIME_SPEC)
+
+IMPLEMENT_ASN1_FUNCTIONS(TIME_SPEC_ABSOLUTE)
+IMPLEMENT_ASN1_FUNCTIONS(TIME_SPEC_TIME)
+IMPLEMENT_ASN1_FUNCTIONS(TIME_SPEC)
+
+static int i2r_TIME_SPEC_ABSOLUTE(X509V3_EXT_METHOD *method,
+                                  TIME_SPEC_ABSOLUTE *time,
+                                  BIO *out, int indent)
+{
+    if (time->startTime != NULL && time->endTime != NULL) {
+        if (!BIO_puts(out, "Any time between ")) {
+            return 0;
+        }
+        if (!ossl_asn1_time_print_ex(out, time->startTime, 0)) {
+            return 0;
+        }
+        if (!BIO_puts(out, " and ")) {
+            return 0;
+        }
+        if (!ossl_asn1_time_print_ex(out, time->endTime, 0)) {
+            return 0;
+        }
+    } else if (time->startTime != NULL) {
+        if (!BIO_puts(out, "Any time after ")) {
+            return 0;
+        }
+        if (!ossl_asn1_time_print_ex(out, time->startTime, 0)) {
+            return 0;
+        }
+        BIO_printf(out, "%.*s", time->startTime->length, time->startTime->data);
+    } else if (time->endTime != NULL) {
+        if (!BIO_puts(out, "Any time until ")) {
+            return 0;
+        }
+        if (!ossl_asn1_time_print_ex(out, time->endTime, 0)) {
+            return 0;
+        }
+    } else { // Invalid: there must be SOME time specified.
+        return BIO_puts(out, "INVALID (EMPTY)");
+    }
+    return 1;
+}
+
+static int i2r_DAY_TIME(X509V3_EXT_METHOD *method,
+                        DAY_TIME *dt,
+                        BIO *out, int indent)
+{
+    int64_t h;
+    int64_t m;
+    int64_t s;
+
+    if (!ASN1_INTEGER_get_int64(&h, dt->hour)) {
+        return 0;
+    }
+    if (dt->minute && !ASN1_INTEGER_get_int64(&m, dt->minute)) {
+        return 0;
+    }
+    if (dt->minute && !ASN1_INTEGER_get_int64(&s, dt->second)) {
+        return 0;
+    }
+    return BIO_printf(out, "%02ld:%02ld:%02ld", h, m, s);
+}
+
+static int i2r_DAY_TIME_BAND(X509V3_EXT_METHOD *method,
+                             DAY_TIME_BAND *band,
+                             BIO *out, int indent)
+{
+    if (band->startDayTime) {
+        if (!i2r_DAY_TIME(method, band->startDayTime, out, indent)) {
+            return 0;
+        }
+    } else {
+        if (!BIO_puts(out, "00:00:00")) {
+            return 0;
+        }
+    }
+    if (!BIO_puts(out, " - ")) {
+        return 0;
+    }
+    if (band->endDayTime) {
+        if (!i2r_DAY_TIME(method, band->endDayTime, out, indent)) {
+            return 0;
+        }
+    } else {
+        if (!BIO_puts(out, "23:59:59")) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static int print_int_month (BIO *out, int64_t month) {
+    switch (month) {
+        case (TIME_SPEC_INT_MONTH_JAN): return BIO_puts(out, "JAN");
+        case (TIME_SPEC_INT_MONTH_FEB): return BIO_puts(out, "FEB");
+        case (TIME_SPEC_INT_MONTH_MAR): return BIO_puts(out, "MAR");
+        case (TIME_SPEC_INT_MONTH_APR): return BIO_puts(out, "APR");
+        case (TIME_SPEC_INT_MONTH_MAY): return BIO_puts(out, "MAY");
+        case (TIME_SPEC_INT_MONTH_JUN): return BIO_puts(out, "JUN");
+        case (TIME_SPEC_INT_MONTH_JUL): return BIO_puts(out, "JUL");
+        case (TIME_SPEC_INT_MONTH_AUG): return BIO_puts(out, "AUG");
+        case (TIME_SPEC_INT_MONTH_SEP): return BIO_puts(out, "SEP");
+        case (TIME_SPEC_INT_MONTH_OCT): return BIO_puts(out, "OCT");
+        case (TIME_SPEC_INT_MONTH_NOV): return BIO_puts(out, "NOV");
+        case (TIME_SPEC_INT_MONTH_DEC): return BIO_puts(out, "DEC");
+        default: return 0;
+    }
+    return 0;
+}
+
+static int print_bit_month (BIO *out, ASN1_BIT_STRING *bs) {
+    int i = 0;
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_BIT_MONTH_JAN)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "JAN")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_BIT_MONTH_FEB)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "FEB")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_BIT_MONTH_MAR)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "MAR")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_BIT_MONTH_APR)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "APR")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_BIT_MONTH_MAY)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "MAY")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_BIT_MONTH_JUN)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "JUN")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_BIT_MONTH_JUL)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "JUL")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_BIT_MONTH_AUG)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "AUG")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_BIT_MONTH_SEP)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "SEP")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_BIT_MONTH_OCT)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "OCT")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_BIT_MONTH_NOV)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "NOV")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_BIT_MONTH_DEC)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "DEC")) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+/* It might seem like you could just print the bits of the
+string numerically, but the fifth bit has the special meaning
+of "the final week" imputed to it by the text of ITU Rec. X.520. */
+static int print_bit_week (BIO *out, ASN1_BIT_STRING *bs) {
+    int i = 0;
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_BIT_WEEKS_1)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "first")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_BIT_WEEKS_2)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "second")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_BIT_WEEKS_3)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "third")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_BIT_WEEKS_4)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "fourth")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_BIT_WEEKS_5)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "final")) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static int print_day_of_week (BIO *out, ASN1_BIT_STRING *bs) {
+    int i = 0;
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_DAY_BIT_SUN)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "SUN")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_DAY_BIT_MON)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "MON")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_DAY_BIT_TUE)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "TUE")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_DAY_BIT_WED)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "WED")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_DAY_BIT_THU)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "THU")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_DAY_BIT_FRI)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "FRI")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, TIME_SPEC_DAY_BIT_SAT)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "SAT")) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static int print_int_day_of_week (BIO *out, int64_t month) {
+    switch (month) {
+        case (TIME_SPEC_DAY_INT_SUN): return BIO_puts(out, "SUN");
+        case (TIME_SPEC_DAY_INT_MON): return BIO_puts(out, "MON");
+        case (TIME_SPEC_DAY_INT_TUE): return BIO_puts(out, "TUE");
+        case (TIME_SPEC_DAY_INT_WED): return BIO_puts(out, "WED");
+        case (TIME_SPEC_DAY_INT_THU): return BIO_puts(out, "THU");
+        case (TIME_SPEC_DAY_INT_FRI): return BIO_puts(out, "FRI");
+        case (TIME_SPEC_DAY_INT_SAT): return BIO_puts(out, "SAT");
+        default: return 0;
+    }
+    return 0;
+}
+
+static int print_int_named_day (BIO *out, int64_t nd) {
+    switch (nd) {
+        case (NAMED_DAY_INT_SUN): return BIO_puts(out, "SUN");
+        case (NAMED_DAY_INT_MON): return BIO_puts(out, "MON");
+        case (NAMED_DAY_INT_TUE): return BIO_puts(out, "TUE");
+        case (NAMED_DAY_INT_WED): return BIO_puts(out, "WED");
+        case (NAMED_DAY_INT_THU): return BIO_puts(out, "THU");
+        case (NAMED_DAY_INT_FRI): return BIO_puts(out, "FRI");
+        case (NAMED_DAY_INT_SAT): return BIO_puts(out, "SAT");
+        default: return 0;
+    }
+    return 0;
+}
+
+static int print_bit_named_day (BIO *out, ASN1_BIT_STRING *bs) {
+    int i = 0;
+    if (ASN1_BIT_STRING_get_bit(bs, NAMED_DAY_BIT_SUN)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "SUN")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, NAMED_DAY_BIT_MON)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "MON")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, NAMED_DAY_BIT_TUE)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "TUE")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, NAMED_DAY_BIT_WED)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "WED")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, NAMED_DAY_BIT_THU)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "THU")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, NAMED_DAY_BIT_FRI)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "FRI")) {
+            return 0;
+        }
+    }
+    if (ASN1_BIT_STRING_get_bit(bs, NAMED_DAY_BIT_SAT)) {
+        if (i > 0 && !BIO_puts(out, ", ")) {
+            return 0;
+        }
+        i++;
+        if (!BIO_puts(out, "SAT")) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static int i2r_PERIOD(X509V3_EXT_METHOD *method,
+                      TIME_PERIOD *p,
+                      BIO *out, int indent)
+{
+    if (BIO_printf(out, "%*sPeriod:\n", indent, "") <= 0) {
+        return 0;
+    }
+    int i;
+    if (p->timesOfDay) {
+        DAY_TIME_BAND *band;
+        BIO_printf(out, "%*sDaytime bands:\n", indent + 4, "");
+        for (i = 0; i < sk_DAY_TIME_BAND_num(p->timesOfDay); i++) {
+            band = sk_DAY_TIME_BAND_value(p->timesOfDay, i);
+            if (BIO_printf(out, "%*s", indent + 8, "") <= 0) {
+                return 0;
+            }
+            if (!i2r_DAY_TIME_BAND(method, band, out, indent + 8)) {
+                return 0;
+            }
+            if (!BIO_puts(out, "\n")) {
+                return 0;
+            }
+        }
+        if (!BIO_puts(out, "\n")) {
+            return 0;
+        }
+    }
+    if (p->days) {
+        if (p->days->type == TIME_SPEC_DAY_TYPE_INT) {
+            if (p->weeks != NULL) {
+                if (!BIO_printf(out, "%*sDays of the week: ", indent + 4, "")) {
+                    return 0;
+                }
+            } else if (p->months != NULL) {
+                if (!BIO_printf(out, "%*sDays of the month: ", indent + 4, "")) {
+                    return 0;
+                }
+            } else if (p->years != NULL) {
+                if (!BIO_printf(out, "%*sDays of the year: ", indent + 4, "")) {
+                    return 0;
+                }
+            }
+        } else {
+            if (!BIO_printf(out, "%*sDays: ", indent + 4, "")) {
+                return 0;
+            }
+        }
+
+        switch (p->days->type) {
+            case (TIME_SPEC_DAY_TYPE_INT): {
+                for (i = 0; i < sk_ASN1_INTEGER_num(p->days->choice.intDay); i++) {
+                    ASN1_INTEGER *big_day;
+                    int64_t day;
+
+                    big_day = sk_ASN1_INTEGER_value(p->days->choice.intDay, i);
+                    if (!ASN1_INTEGER_get_int64(&day, big_day)) {
+                        return 0;
+                    }
+                    if (i > 0 && !BIO_puts(out, ", ")) {
+                        return 0;
+                    }
+                    // If weeks is defined, then print day of week by name.
+                    if (p->weeks != NULL) {
+                        if (!print_int_day_of_week(out, day)) {
+                            return 0;
+                        }
+                    } else if (!BIO_printf(out, "%ld", day)) {
+                        return 0;
+                    }
+                }
+                break;
+            }
+            case (TIME_SPEC_DAY_TYPE_BIT): {
+                if (!print_day_of_week(out, p->days->choice.bitDay)) {
+                    return 0;
+                }
+                break;
+            }
+            case (TIME_SPEC_DAY_TYPE_DAY_OF): {
+                NAMED_DAY *nd;
+                switch (p->days->choice.dayOf->type) {
+                    case (TIME_SPEC_X_DAY_OF_FIRST): {
+                        if (!BIO_puts(out, "FIRST ")) {
+                            return 0;
+                        }
+                        nd = p->days->choice.dayOf->choice.first;
+                        break;
+                    }
+                    case (TIME_SPEC_X_DAY_OF_SECOND): {
+                        if (!BIO_puts(out, "SECOND ")) {
+                            return 0;
+                        }
+                        nd = p->days->choice.dayOf->choice.second;
+                        break;
+                    }
+                    case (TIME_SPEC_X_DAY_OF_THIRD): {
+                        if (!BIO_puts(out, "THIRD ")) {
+                            return 0;
+                        }
+                        nd = p->days->choice.dayOf->choice.third;
+                        break;
+                    }
+                    case (TIME_SPEC_X_DAY_OF_FOURTH): {
+                        if (!BIO_puts(out, "FOURTH ")) {
+                            return 0;
+                        }
+                        nd = p->days->choice.dayOf->choice.fourth;
+                        break;
+                    }
+                    case (TIME_SPEC_X_DAY_OF_FIFTH): {
+                        if (!BIO_puts(out, "FIFTH ")) {
+                            return 0;
+                        }
+                        nd = p->days->choice.dayOf->choice.fifth;
+                        break;
+                    }
+                    default: return 0;
+                }
+                switch (nd->type) {
+                    case (NAMED_DAY_TYPE_INT): {
+                        int64_t day;
+
+                        if (!ASN1_INTEGER_get_int64(&day, nd->choice.intNamedDays)) {
+                            return 0;
+                        }
+                        if (!print_int_named_day(out, day)) {
+                            return 0;
+                        }
+                        break;
+                    }
+                    case (NAMED_DAY_TYPE_BIT): {
+                        if (!print_bit_named_day(out, nd->choice.bitNamedDays)) {
+                            return 0;
+                        }
+                        break;
+                    }
+                    default: return 0;
+                }
+                break;
+            }
+            default: return 0;   
+        }
+        if (!BIO_puts(out, "\n")) {
+            return 0;
+        }
+    }
+    if (p->weeks) {
+        if (p->weeks->type == TIME_SPEC_WEEKS_TYPE_INT) {
+            if (p->months != NULL) {
+                if (!BIO_printf(out, "%*sWeeks of the month: ", indent + 4, "")) {
+                    return 0;
+                }
+            } else if (p->years != NULL) {
+                if (!BIO_printf(out, "%*sWeeks of the year: ", indent + 4, "")) {
+                    return 0;
+                }
+            }
+        } else {
+            if (!BIO_printf(out, "%*sWeeks: ", indent + 4, "")) {
+                return 0;
+            }
+        }
+
+        switch (p->weeks->type) {
+            case (TIME_SPEC_WEEKS_TYPE_ALL): {
+                if (!BIO_puts(out, "ALL")) {
+                    return 0;
+                }
+                break;
+            }
+            case (TIME_SPEC_WEEKS_TYPE_INT): {
+                for (i = 0; i < sk_ASN1_INTEGER_num(p->weeks->choice.intWeek); i++) {
+                    ASN1_INTEGER *big_week;
+                    int64_t week;
+
+                    big_week = sk_ASN1_INTEGER_value(p->weeks->choice.intWeek, i);
+                    if (!ASN1_INTEGER_get_int64(&week, big_week)) {
+                        return 0;
+                    }
+                    if (i > 0 && !BIO_puts(out, ", ")) {
+                        return 0;
+                    }
+                    if (!BIO_printf(out, "%ld", week)) {
+                        return 0;
+                    }
+                }
+                break;
+            }
+            case (TIME_SPEC_WEEKS_TYPE_BIT): {
+                if (!print_bit_week(out, p->weeks->choice.bitWeek)) {
+                    return 0;
+                }
+                break;
+            }
+            default: return 0;    
+        }
+        if (!BIO_puts(out, "\n")) {
+            return 0;
+        }
+    }
+    if (p->months) {
+        if (!BIO_printf(out, "%*sMonths: ", indent + 4, "")) {
+            return 0;
+        }
+        switch (p->months->type) {
+            case (TIME_SPEC_MONTH_TYPE_ALL): {
+                if (!BIO_puts(out, "ALL")) {
+                    return 0;
+                }
+                break;
+            }
+            case (TIME_SPEC_MONTH_TYPE_INT): {
+                for (i = 0; i < sk_ASN1_INTEGER_num(p->months->choice.intMonth); i++) {
+                    ASN1_INTEGER *big_month;
+                    int64_t month;
+
+                    big_month = sk_ASN1_INTEGER_value(p->months->choice.intMonth, i);
+                    if (!ASN1_INTEGER_get_int64(&month, big_month)) {
+                        return 0;
+                    }
+                    if (i > 0 && !BIO_puts(out, ", ")) {
+                        return 0;
+                    }
+                    if (!print_int_month(out, month)) {
+                        return 0;
+                    }
+                }
+                break;
+            }
+            case (TIME_SPEC_MONTH_TYPE_BIT): {
+                if (!print_bit_month(out, p->months->choice.bitMonth)) {
+                    return 0;
+                }
+                break;
+            }
+            default: return 0;   
+        }
+        if (!BIO_puts(out, "\n")) {
+            return 0;
+        }
+    }
+    if (p->years) {
+        if (!BIO_printf(out, "%*sYears: ", indent + 4, "")) {
+            return 0;
+        }
+        for (i = 0; i < sk_ASN1_INTEGER_num(p->years); i++) {
+            ASN1_INTEGER *big_year;
+            int64_t year;
+
+            big_year = sk_ASN1_INTEGER_value(p->years, i);
+            if (!ASN1_INTEGER_get_int64(&year, big_year)) {
+                return 0;
+            }
+            if (i > 0 && !BIO_puts(out, ", ")) {
+                return 0;
+            }
+            if (!BIO_printf(out, "%04ld", year)) {
+                return 0;
+            }
+        }
+    }
+    return 1;
+}
+
+static int i2r_TIME_SPEC_TIME(X509V3_EXT_METHOD *method,
+                              TIME_SPEC_TIME *time,
+                              BIO *out, int indent)
+{
+    TIME_PERIOD *tp;
+    int i;
+    switch (time->type) {
+    case (TIME_SPEC_TIME_TYPE_ABSOLUTE): {
+        if (BIO_printf(out, "%*sAbsolute: ", indent, "") <= 0) {
+            return 0;
+        }
+        if (i2r_TIME_SPEC_ABSOLUTE(method, time->choice.absolute, out, indent + 4) <= 0) {
+            return 0;
+        }
+        return BIO_puts(out, "\n");
+    }
+    case (TIME_SPEC_TIME_TYPE_PERIODIC): {
+        if (BIO_printf(out, "%*sPeriodic:\n", indent, "") <= 0) {
+            return 0;
+        }
+        for (i = 0; i < sk_TIME_PERIOD_num(time->choice.periodic); i++) {
+            if (i > 0 && !BIO_puts(out, "\n")) {
+                return 0;
+            }
+            tp = sk_TIME_PERIOD_value(time->choice.periodic, i);
+            if (!i2r_PERIOD(method, tp, out, indent + 4)) {
+                return 0;
+            }
+        }
+        return BIO_puts(out, "\n");
+    }
+    default: return 0;
+    }
+    return 0;
+}
+
+static int i2r_TIME_SPEC(X509V3_EXT_METHOD *method,
+                         TIME_SPEC *time,
+                         BIO *out, int indent)
+{
+    if (time->timeZone) {
+        int64_t tz;
+        if (ASN1_INTEGER_get_int64(&tz, time->timeZone) != 1) {
+            return 0;
+        }
+        if (BIO_printf(out, "%*sTimezone: UTC%+03ld:00\n", indent, "", tz) <= 0) {
+            return 0;
+        }
+    }
+    if (time->notThisTime > 0) {
+        if (BIO_printf(out, "%*sNOT this time:\n", indent, "") <= 0) {
+            return 0;
+        }
+    } else if (BIO_printf(out, "%*sTime:\n", indent, "") <= 0) {
+        return 0;
+    }
+    return i2r_TIME_SPEC_TIME(method, time->time, out, indent + 4);
+}
+
+const X509V3_EXT_METHOD ossl_v3_time_specification = {
+    NID_time_specification, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(TIME_SPEC),
+    0, 0, 0, 0,
+    0, 0,
+    0,
+    0,
+    (X509V3_EXT_I2R)i2r_TIME_SPEC,
+    NULL,
+    NULL
+};
diff --git a/crypto/x509/v3_usernotice.c b/crypto/x509/v3_usernotice.c
new file mode 100644
index 0000000000000..51ad2a625216b
--- /dev/null
+++ b/crypto/x509/v3_usernotice.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+
+ASN1_ITEM_TEMPLATE(USER_NOTICE_SYNTAX) =
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, USER_NOTICE_SYNTAX, USERNOTICE)
+ASN1_ITEM_TEMPLATE_END(USER_NOTICE_SYNTAX)
+
+IMPLEMENT_ASN1_FUNCTIONS(USER_NOTICE_SYNTAX)
+
+static int i2r_USER_NOTICE_SYNTAX(X509V3_EXT_METHOD *method,
+                                  USER_NOTICE_SYNTAX *uns,
+                                  BIO *out, int indent)
+{
+    int i;
+    USERNOTICE *unotice;
+    if (BIO_printf(out, "%*sUser Notices:\n", indent, "") <= 0) {
+        return 0;
+    }
+    for (i = 0; i < sk_USERNOTICE_num(uns); i++) {
+        unotice = sk_USERNOTICE_value(uns, i);
+        if (print_notice(out, unotice, indent + 4) <= 0) {
+            return 0;
+        }
+        if (BIO_puts(out, "\n") <= 0) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+const X509V3_EXT_METHOD ossl_v3_user_notice = {
+    NID_user_notice, 0,
+    ASN1_ITEM_ref(USER_NOTICE_SYNTAX),
+    0, 0, 0, 0,
+    0,
+    0,
+    0, 0,
+    (X509V3_EXT_I2R)i2r_USER_NOTICE_SYNTAX,
+    0,
+    NULL
+};
diff --git a/crypto/x509/x509_acert.c b/crypto/x509/x509_acert.c
index a3c894636339e..4e61e4ce26fc2 100644
--- a/crypto/x509/x509_acert.c
+++ b/crypto/x509/x509_acert.c
@@ -70,7 +70,6 @@ ASN1_SEQUENCE(X509_ACERT) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509_ACERT)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_ACERT)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X509_ACERT_INFO)
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(OSSL_ISSUER_SERIAL)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(OSSL_OBJECT_DIGEST_INFO)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X509_ACERT_ISSUER_V2FORM)
 
diff --git a/crypto/x509/x_iserial.c b/crypto/x509/x_iserial.c
new file mode 100644
index 0000000000000..dfa1643776609
--- /dev/null
+++ b/crypto/x509/x_iserial.c
@@ -0,0 +1,33 @@
+#include <openssl/x509v3.h>
+#include <openssl/x509.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(OSSL_ISSUER_SERIAL) = {
+    ASN1_SIMPLE(OSSL_ISSUER_SERIAL, issuer, GENERAL_NAMES),
+    ASN1_EMBED(OSSL_ISSUER_SERIAL, serial, ASN1_INTEGER),
+    ASN1_OPT(OSSL_ISSUER_SERIAL, issuerUID, ASN1_BIT_STRING),
+} ASN1_SEQUENCE_END(OSSL_ISSUER_SERIAL)
+
+IMPLEMENT_ASN1_FUNCTIONS(OSSL_ISSUER_SERIAL)
+
+int i2r_ISSUER_SERIAL(X509V3_EXT_METHOD *method,
+                      OSSL_ISSUER_SERIAL *iss,
+                      BIO *out, int indent)
+{
+    if (iss->issuer != NULL) {
+        BIO_printf(out, "%*sIssuer Names:\n", indent, "");
+        ossl_print_gens(out, iss->issuer, indent);
+        BIO_puts(out, "\n");
+    }
+    BIO_printf(out, "%*sIssuer Serial: ", indent, "");
+    if (i2a_ASN1_INTEGER(out, &iss->serial) <= 0)
+        return 0;
+    BIO_puts(out, "\n");
+    if (iss->issuerUID != NULL) {
+        BIO_printf(out, "%*sIssuer UID: ", indent, "");
+        if (i2a_ASN1_STRING(out, iss->issuerUID, V_ASN1_BIT_STRING) <= 0)
+            return 0;
+        BIO_puts(out, "\n");
+    }
+    return 1;
+}
diff --git a/crypto/x509/x_unotice.c b/crypto/x509/x_unotice.c
new file mode 100644
index 0000000000000..a8f364dfaf11a
--- /dev/null
+++ b/crypto/x509/x_unotice.c
@@ -0,0 +1,46 @@
+#include <openssl/x509v3.h>
+
+int print_notice(BIO *out, USERNOTICE *notice, int indent)
+{
+    int i;
+    if (notice->noticeref) {
+        NOTICEREF *ref;
+        ref = notice->noticeref;
+        if (BIO_printf(out, "%*sOrganization: %.*s\n", indent, "",
+                   ref->organization->length,
+                   ref->organization->data) <= 0) {
+            return 0;
+        }
+        if (BIO_printf(out, "%*sNumber%s: ", indent, "",
+                   sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "") <= 0) {
+            return 0;
+        }
+        for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
+            ASN1_INTEGER *num;
+            char *tmp;
+            num = sk_ASN1_INTEGER_value(ref->noticenos, i);
+            if (i && BIO_puts(out, ", ") <= 0) {
+                return 0;
+            }
+            if (num == NULL && BIO_puts(out, "(null)") <= 0)
+                return 0;
+            else {
+                tmp = i2s_ASN1_INTEGER(NULL, num);
+                if (tmp == NULL)
+                    return 0;
+                if (BIO_puts(out, tmp) <= 0) {
+                    return 0;
+                }
+                OPENSSL_free(tmp);
+            }
+        }
+        if (notice->exptext && BIO_puts(out, "\n") <= 0) {
+            return 0;
+        }
+    }
+    if (notice->exptext)
+        return BIO_printf(out, "%*sExplicit Text: %.*s", indent, "",
+                   notice->exptext->length,
+                   notice->exptext->data);
+    return 1;
+}
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index 75c5c9223acce..9c4d60ba7c345 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -14,6 +14,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include "crypto/x509.h"
+#include <openssl/x509_acert.h>
 
 ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
         ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
@@ -314,3 +315,25 @@ ASN1_OCTET_STRING *X509_get0_distinguishing_id(X509 *x)
 {
     return x->distinguishing_id;
 }
+
+OSSL_ISSUER_SERIAL *X509_get_issuer_serial (X509 *x)
+{
+    STACK_OF(GENERAL_NAME) *issuer = sk_GENERAL_NAME_new(NULL);
+    ASN1_INTEGER serial;
+    ASN1_BIT_STRING *issuerUID;
+
+    GENERAL_NAME *gn = GENERAL_NAME_new();
+    gn->type = GEN_DIRNAME;
+    gn->d.dirn = x->cert_info.issuer;
+    if (sk_GENERAL_NAME_push(issuer, gn) <= 0)
+        return NULL;
+
+    serial = x->cert_info.serialNumber;
+    issuerUID = x->cert_info.issuerUID;
+
+    OSSL_ISSUER_SERIAL *iss_ser = OSSL_ISSUER_SERIAL_new();
+    iss_ser->issuer = issuer;
+    iss_ser->serial = serial;
+    iss_ser->issuerUID = issuerUID;
+    return iss_ser;
+}
\ No newline at end of file
diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod
index 17100a45ffb5e..b6e2b551f4c3f 100644
--- a/doc/man3/X509_dup.pod
+++ b/doc/man3/X509_dup.pod
@@ -176,6 +176,12 @@ OSSL_CRMF_PKIPUBLICATIONINFO_new,
 OSSL_CRMF_SINGLEPUBINFO_free,
 OSSL_CRMF_SINGLEPUBINFO_it,
 OSSL_CRMF_SINGLEPUBINFO_new,
+OSSL_ISSUER_SERIAL_free,
+OSSL_ISSUER_SERIAL_it,
+OSSL_ISSUER_SERIAL_new,
+OSSL_OBJECT_DIGEST_INFO_free,
+OSSL_OBJECT_DIGEST_INFO_it,
+OSSL_OBJECT_DIGEST_INFO_new,
 OSSL_IETF_ATTR_SYNTAX_VALUE_free,
 OSSL_IETF_ATTR_SYNTAX_VALUE_it,
 OSSL_IETF_ATTR_SYNTAX_VALUE_new,
@@ -289,6 +295,9 @@ X509_ACERT_ISSUER_V2FORM_new,
 X509_ALGOR_free,
 X509_ALGOR_it,
 X509_ALGOR_new,
+X509_ACERT_free,
+X509_ACERT_it,
+X509_ACERT_new,
 X509_ATTRIBUTE_dup,
 X509_ATTRIBUTE_free,
 X509_ATTRIBUTE_new,
diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
index 7d7ffa27d08f5..7f33f5658cc57 100644
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -588,8 +588,15 @@ void X509_get0_signature(const ASN1_BIT_STRING **psig,
                          const X509_ALGOR **palg, const X509 *x);
 int X509_get_signature_nid(const X509 *x);
 
+typedef struct ossl_issuer_serial_st {
+    STACK_OF(GENERAL_NAME) *issuer;
+    ASN1_INTEGER serial;
+    ASN1_BIT_STRING *issuerUID;
+} OSSL_ISSUER_SERIAL;
+
 void X509_set0_distinguishing_id(X509 *x, ASN1_OCTET_STRING *d_id);
 ASN1_OCTET_STRING *X509_get0_distinguishing_id(X509 *x);
+OSSL_ISSUER_SERIAL *X509_get_issuer_serial (X509 *x);
 void X509_REQ_set0_distinguishing_id(X509_REQ *x, ASN1_OCTET_STRING *d_id);
 ASN1_OCTET_STRING *X509_REQ_get0_distinguishing_id(X509_REQ *x);
 
diff --git a/include/openssl/x509_acert.h.in b/include/openssl/x509_acert.h.in
index 42376a6cb763e..ee6e909ad2000 100644
--- a/include/openssl/x509_acert.h.in
+++ b/include/openssl/x509_acert.h.in
@@ -32,7 +32,6 @@ DECLARE_ASN1_DUP_FUNCTION(X509_ACERT)
 DECLARE_ASN1_ITEM(X509_ACERT_INFO)
 DECLARE_ASN1_ALLOC_FUNCTIONS(X509_ACERT_INFO)
 DECLARE_ASN1_ALLOC_FUNCTIONS(OSSL_OBJECT_DIGEST_INFO)
-DECLARE_ASN1_ALLOC_FUNCTIONS(OSSL_ISSUER_SERIAL)
 DECLARE_ASN1_ALLOC_FUNCTIONS(X509_ACERT_ISSUER_V2FORM)
 
 # ifndef OPENSSL_NO_STDIO
diff --git a/include/openssl/x509_vfy.h.in b/include/openssl/x509_vfy.h.in
index a396193b86d13..1fc6d100728c8 100644
--- a/include/openssl/x509_vfy.h.in
+++ b/include/openssl/x509_vfy.h.in
@@ -316,6 +316,12 @@ X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
 # define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               94
 # define X509_V_ERR_RPK_UNTRUSTED                        95
 
+/* Attribute certificate / PMI delegation path errors */
+# define X509_V_ERR_NO_ASSERTION                         96
+# define X509_V_ERR_SINGLE_USE                           97
+# define X509_V_ERR_INVALID_TARGET                       98
+# define X509_V_ERR_ISSUER_HOLDER_MISMATCH               99
+
 /* Certificate verify flags */
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 #  define X509_V_FLAG_CB_ISSUER_CHECK             0x0   /* Deprecated */
diff --git a/include/openssl/x509v3.h.in b/include/openssl/x509v3.h.in
index a967064f4c4b5..d0069b2a445e6 100644
--- a/include/openssl/x509v3.h.in
+++ b/include/openssl/x509v3.h.in
@@ -126,6 +126,11 @@ typedef struct BASIC_CONSTRAINTS_st {
     ASN1_INTEGER *pathlen;
 } BASIC_CONSTRAINTS;
 
+typedef struct BASIC_ATTR_CONSTRAINTS_st {
+    int authority;
+    ASN1_INTEGER *pathlen;
+} BASIC_ATTR_CONSTRAINTS;
+
 typedef struct PKEY_USAGE_PERIOD_st {
     ASN1_GENERALIZEDTIME *notBefore;
     ASN1_GENERALIZEDTIME *notAfter;
@@ -272,6 +277,13 @@ typedef struct USERNOTICE_st {
     ASN1_STRING *exptext;
 } USERNOTICE;
 
+typedef STACK_OF(USERNOTICE) USER_NOTICE_SYNTAX;
+DECLARE_ASN1_FUNCTIONS(USER_NOTICE_SYNTAX)
+
+{-
+    generate_stack_macros("USERNOTICE");
+-}
+
 typedef struct POLICYQUALINFO_st {
     ASN1_OBJECT *pqualid;
     union {
@@ -511,6 +523,7 @@ typedef struct x509_purpose_st {
 # define X509V3_ADD_SILENT               0x10
 
 DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
+DECLARE_ASN1_FUNCTIONS(BASIC_ATTR_CONSTRAINTS)
 
 DECLARE_ASN1_FUNCTIONS(SXNET)
 DECLARE_ASN1_FUNCTIONS(SXNETID)
@@ -787,6 +800,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
 ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
 int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
                              unsigned long chtype);
+int ossl_print_gens(BIO *out, GENERAL_NAMES *gens, int indent);
 
 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
 {-
@@ -1019,6 +1033,585 @@ const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(
 void PROFESSION_INFO_set0_registrationNumber(
     PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn);
 
+typedef STACK_OF(OSSL_ISSUER_SERIAL) AUTHORITY_ATTRIBUTE_ID_SYNTAX;
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_ATTRIBUTE_ID_SYNTAX)
+
+{-
+    generate_stack_macros("OSSL_ISSUER_SERIAL");
+-}
+
+#define ODI_TYPE_PUBLIC_KEY      0
+#define ODI_TYPE_PUBLIC_KEY_CERT 1
+#define ODI_TYPE_OTHER           2
+
+typedef struct OBJECT_DIGEST_INFO_st {
+    ASN1_ENUMERATED *digestedObjectType;
+    ASN1_OBJECT *otherObjectTypeID;
+    X509_ALGOR *digestAlgorithm;
+    ASN1_BIT_STRING *objectDigest;
+} OBJECT_DIGEST_INFO;
+
+typedef struct TARGET_CERT_st {
+    OSSL_ISSUER_SERIAL *targetCertificate;
+    GENERAL_NAME *targetName;
+    OBJECT_DIGEST_INFO *certDigestInfo;
+} TARGET_CERT;
+
+# define TGT_TARGET_NAME  0
+# define TGT_TARGET_GROUP 1
+# define TGT_TARGET_CERT  2
+
+typedef struct TARGET_st {
+    int type;
+    union {
+        GENERAL_NAME *targetName;
+        GENERAL_NAME *targetGroup;
+        TARGET_CERT *targetCert;
+    } choice;
+} TARGET;
+
+typedef STACK_OF(TARGET) TARGETS;
+typedef STACK_OF(TARGETS) TARGETING_INFORMATION;
+
+{-
+    generate_stack_macros("TARGET");
+-}
+
+{-
+    generate_stack_macros("TARGETS");
+-}
+
+DECLARE_ASN1_FUNCTIONS(OSSL_ISSUER_SERIAL)
+DECLARE_ASN1_FUNCTIONS(OBJECT_DIGEST_INFO)
+DECLARE_ASN1_FUNCTIONS(TARGET_CERT)
+DECLARE_ASN1_FUNCTIONS(TARGET)
+DECLARE_ASN1_FUNCTIONS(TARGETS)
+DECLARE_ASN1_FUNCTIONS(TARGETING_INFORMATION)
+
+typedef STACK_OF(X509_ATTRIBUTE) ATTRIBUTES_SYNTAX;
+DECLARE_ASN1_FUNCTIONS(ATTRIBUTES_SYNTAX)
+
+# define AAA_ATTRIBUTE_TYPE     0
+# define AAA_ATTRIBUTE_VALUES   1
+
+typedef struct ALLOWED_ATTRIBUTES_CHOICE_st {
+    int type;
+    union {
+        ASN1_OBJECT *attributeType;
+        X509_ATTRIBUTE *attributeTypeandValues;
+    } choice;
+} ALLOWED_ATTRIBUTES_CHOICE;
+
+DECLARE_ASN1_ITEM(ALLOWED_ATTRIBUTES_CHOICE)
+
+typedef struct ALLOWED_ATTRIBUTES_ITEM_st {
+    STACK_OF(ALLOWED_ATTRIBUTES_CHOICE) *attributes;
+    GENERAL_NAME *holderDomain;
+} ALLOWED_ATTRIBUTES_ITEM;
+
+DECLARE_ASN1_ITEM(ALLOWED_ATTRIBUTES_ITEM)
+
+typedef STACK_OF(ALLOWED_ATTRIBUTES_ITEM) ALLOWED_ATTRIBUTES_SYNTAX;
+DECLARE_ASN1_FUNCTIONS(ALLOWED_ATTRIBUTES_SYNTAX)
+
+{-
+    generate_stack_macros("ALLOWED_ATTRIBUTES_CHOICE");
+-}
+{-
+    generate_stack_macros("ALLOWED_ATTRIBUTES_ITEM");
+-}
+
+typedef struct atav_st {
+    ASN1_OBJECT *type;
+    ASN1_TYPE *value;
+} ATAV;
+
+DECLARE_ASN1_ITEM(ATAV)
+
+typedef struct ATTRIBUTE_TYPE_MAPPING_st {
+    ASN1_OBJECT *local;
+    ASN1_OBJECT *remote;
+} ATTRIBUTE_TYPE_MAPPING;
+
+DECLARE_ASN1_ITEM(ATTRIBUTE_TYPE_MAPPING)
+
+typedef struct ATTRIBUTE_VALUE_MAPPING_st {
+    ATAV *local;
+    ATAV *remote;
+} ATTRIBUTE_VALUE_MAPPING;
+
+DECLARE_ASN1_ITEM(ATTRIBUTE_VALUE_MAPPING)
+
+#define ATTR_MAP_TYPE   0
+#define ATTR_MAP_VALUE  1
+
+typedef struct ATTRIBUTE_MAPPING_st {
+    int type;
+    union {
+        ATTRIBUTE_TYPE_MAPPING *typeMappings;
+        ATTRIBUTE_VALUE_MAPPING *typeValueMappings;
+    } choice;
+} ATTRIBUTE_MAPPING;
+
+DECLARE_ASN1_ITEM(ATTRIBUTE_MAPPING)
+
+typedef STACK_OF(ATTRIBUTE_MAPPING) ATTRIBUTE_MAPPINGS;
+DECLARE_ASN1_FUNCTIONS(ATTRIBUTE_MAPPINGS)
+
+{-
+    generate_stack_macros("ATTRIBUTE_MAPPING");
+-}
+
+typedef struct HASH_st {
+    X509_ALGOR *algorithmIdentifier;
+    ASN1_BIT_STRING *hashValue;
+} HASH;
+
+DECLARE_ASN1_ITEM(HASH)
+
+typedef struct INFO_SYNTAX_POINTER_st {
+    GENERAL_NAMES *name;
+    HASH *hash;
+} INFO_SYNTAX_POINTER;
+
+DECLARE_ASN1_ITEM(INFO_SYNTAX_POINTER)
+
+#define INFO_SYNTAX_TYPE_CONTENT 0
+#define INFO_SYNTAX_TYPE_POINTER 1
+
+typedef struct INFO_SYNTAX_st {
+    int type;
+    union {
+        ASN1_STRING *content;
+        INFO_SYNTAX_POINTER *pointer;
+    } choice;
+} INFO_SYNTAX;
+
+DECLARE_ASN1_ITEM(INFO_SYNTAX)
+
+typedef struct PRIVILEGE_POLICY_ID_st {
+    ASN1_OBJECT *privilegePolicy;
+    INFO_SYNTAX *privPolSyntax;
+} PRIVILEGE_POLICY_ID;
+
+DECLARE_ASN1_ITEM(PRIVILEGE_POLICY_ID)
+
+typedef struct ATTRIBUTE_DESCRIPTOR_st {
+    ASN1_OBJECT *identifier;
+    ASN1_STRING *attributeSyntax;
+    ASN1_UTF8STRING *name;
+    ASN1_UTF8STRING *description;
+    PRIVILEGE_POLICY_ID *dominationRule;
+} ATTRIBUTE_DESCRIPTOR;
+
+DECLARE_ASN1_FUNCTIONS(ATTRIBUTE_DESCRIPTOR)
+
+typedef struct AA_DIST_POINT_st {
+    DIST_POINT_NAME *distpoint;
+    ASN1_BIT_STRING *reasons;
+    int dp_reasons;
+    ASN1_BOOLEAN indirectCRL;
+    ASN1_BOOLEAN containsUserAttributeCerts;
+    ASN1_BOOLEAN containsAACerts;
+    ASN1_BOOLEAN containsSOAPublicKeyCerts;
+} AA_DIST_POINT;
+
+DECLARE_ASN1_FUNCTIONS(AA_DIST_POINT)
+
+typedef struct ROLE_SPEC_CERT_ID_st {
+    GENERAL_NAME *roleName;
+    GENERAL_NAME *roleCertIssuer;
+    ASN1_INTEGER *roleCertSerialNumber;
+    GENERAL_NAMES *roleCertLocator;
+} ROLE_SPEC_CERT_ID;
+
+DECLARE_ASN1_FUNCTIONS(ROLE_SPEC_CERT_ID)
+{-
+    generate_stack_macros("ROLE_SPEC_CERT_ID");
+-}
+
+typedef STACK_OF(ROLE_SPEC_CERT_ID) ROLE_SPEC_CERT_ID_SYNTAX;
+
+DECLARE_ASN1_FUNCTIONS(ROLE_SPEC_CERT_ID_SYNTAX)
+
+typedef struct TIME_SPEC_ABSOLUTE_st {
+    ASN1_GENERALIZEDTIME *startTime;
+    ASN1_GENERALIZEDTIME *endTime;
+} TIME_SPEC_ABSOLUTE;
+
+typedef struct DAY_TIME_st {
+    ASN1_INTEGER *hour;
+    ASN1_INTEGER *minute;
+    ASN1_INTEGER *second;
+} DAY_TIME;
+
+DECLARE_ASN1_ITEM(DAY_TIME)
+
+typedef struct DAY_TIME_BAND_st {
+    DAY_TIME *startDayTime;
+    DAY_TIME *endDayTime;
+} DAY_TIME_BAND;
+
+DECLARE_ASN1_ITEM(DAY_TIME_BAND)
+
+#define NAMED_DAY_TYPE_INT 0
+#define NAMED_DAY_TYPE_BIT 1
+#define NAMED_DAY_INT_SUN 1
+#define NAMED_DAY_INT_MON 2
+#define NAMED_DAY_INT_TUE 3
+#define NAMED_DAY_INT_WED 4
+#define NAMED_DAY_INT_THU 5
+#define NAMED_DAY_INT_FRI 6
+#define NAMED_DAY_INT_SAT 7
+#define NAMED_DAY_BIT_SUN 0
+#define NAMED_DAY_BIT_MON 1
+#define NAMED_DAY_BIT_TUE 2
+#define NAMED_DAY_BIT_WED 3
+#define NAMED_DAY_BIT_THU 4
+#define NAMED_DAY_BIT_FRI 5
+#define NAMED_DAY_BIT_SAT 6
+
+typedef struct NAMED_DAY_st {
+    int type;
+    union {
+        ASN1_INTEGER *intNamedDays;
+        ASN1_BIT_STRING *bitNamedDays;
+    } choice;
+} NAMED_DAY;
+
+DECLARE_ASN1_ITEM(NAMED_DAY)
+
+#define TIME_SPEC_X_DAY_OF_FIRST 0
+#define TIME_SPEC_X_DAY_OF_SECOND 1
+#define TIME_SPEC_X_DAY_OF_THIRD 2
+#define TIME_SPEC_X_DAY_OF_FOURTH 3
+#define TIME_SPEC_X_DAY_OF_FIFTH 4
+
+typedef struct TIME_SPEC_X_DAY_OF_st {
+    int type;
+    union {
+        NAMED_DAY *first;
+        NAMED_DAY *second;
+        NAMED_DAY *third;
+        NAMED_DAY *fourth;
+        NAMED_DAY *fifth;
+    } choice;
+} TIME_SPEC_X_DAY_OF;
+
+DECLARE_ASN1_ITEM(TIME_SPEC_X_DAY_OF)
+
+#define TIME_SPEC_DAY_TYPE_INT 0
+#define TIME_SPEC_DAY_TYPE_BIT 1
+#define TIME_SPEC_DAY_TYPE_DAY_OF 2
+#define TIME_SPEC_DAY_BIT_SUN 0
+#define TIME_SPEC_DAY_BIT_MON 1
+#define TIME_SPEC_DAY_BIT_TUE 2
+#define TIME_SPEC_DAY_BIT_WED 3
+#define TIME_SPEC_DAY_BIT_THU 4
+#define TIME_SPEC_DAY_BIT_FRI 5
+#define TIME_SPEC_DAY_BIT_SAT 6
+#define TIME_SPEC_DAY_INT_SUN 1
+#define TIME_SPEC_DAY_INT_MON 2
+#define TIME_SPEC_DAY_INT_TUE 3
+#define TIME_SPEC_DAY_INT_WED 4
+#define TIME_SPEC_DAY_INT_THU 5
+#define TIME_SPEC_DAY_INT_FRI 6
+#define TIME_SPEC_DAY_INT_SAT 7
+
+typedef struct TIME_SPEC_DAY_st {
+    int type;
+    union {
+        STACK_OF(ASN1_INTEGER) *intDay;
+        ASN1_BIT_STRING *bitDay;
+        TIME_SPEC_X_DAY_OF *dayOf;
+    } choice;
+} TIME_SPEC_DAY;
+
+DECLARE_ASN1_ITEM(TIME_SPEC_DAY)
+
+#define TIME_SPEC_WEEKS_TYPE_ALL 0
+#define TIME_SPEC_WEEKS_TYPE_INT 1
+#define TIME_SPEC_WEEKS_TYPE_BIT 2
+#define TIME_SPEC_BIT_WEEKS_1 0
+#define TIME_SPEC_BIT_WEEKS_2 1
+#define TIME_SPEC_BIT_WEEKS_3 2
+#define TIME_SPEC_BIT_WEEKS_4 3
+#define TIME_SPEC_BIT_WEEKS_5 4
+
+typedef struct TIME_SPEC_WEEKS_st {
+    int type;
+    union {
+        ASN1_NULL *allWeeks;
+        STACK_OF(ASN1_INTEGER) *intWeek;
+        ASN1_BIT_STRING *bitWeek;
+    } choice;
+} TIME_SPEC_WEEKS;
+
+DECLARE_ASN1_ITEM(TIME_SPEC_WEEKS)
+
+#define TIME_SPEC_MONTH_TYPE_ALL 0
+#define TIME_SPEC_MONTH_TYPE_INT 1
+#define TIME_SPEC_MONTH_TYPE_BIT 2
+#define TIME_SPEC_INT_MONTH_JAN 1
+#define TIME_SPEC_INT_MONTH_FEB 2
+#define TIME_SPEC_INT_MONTH_MAR 3
+#define TIME_SPEC_INT_MONTH_APR 4
+#define TIME_SPEC_INT_MONTH_MAY 5
+#define TIME_SPEC_INT_MONTH_JUN 6
+#define TIME_SPEC_INT_MONTH_JUL 7
+#define TIME_SPEC_INT_MONTH_AUG 8
+#define TIME_SPEC_INT_MONTH_SEP 9
+#define TIME_SPEC_INT_MONTH_OCT 10
+#define TIME_SPEC_INT_MONTH_NOV 11
+#define TIME_SPEC_INT_MONTH_DEC 12
+#define TIME_SPEC_BIT_MONTH_JAN 0
+#define TIME_SPEC_BIT_MONTH_FEB 1
+#define TIME_SPEC_BIT_MONTH_MAR 2
+#define TIME_SPEC_BIT_MONTH_APR 3
+#define TIME_SPEC_BIT_MONTH_MAY 4
+#define TIME_SPEC_BIT_MONTH_JUN 5
+#define TIME_SPEC_BIT_MONTH_JUL 6
+#define TIME_SPEC_BIT_MONTH_AUG 7
+#define TIME_SPEC_BIT_MONTH_SEP 8
+#define TIME_SPEC_BIT_MONTH_OCT 9
+#define TIME_SPEC_BIT_MONTH_NOV 10
+#define TIME_SPEC_BIT_MONTH_DEC 11
+
+typedef struct TIME_SPEC_MONTH_st {
+    int type;
+    union {
+        ASN1_NULL *allMonths;
+        STACK_OF(ASN1_INTEGER) *intMonth;
+        ASN1_BIT_STRING *bitMonth;
+    } choice;
+} TIME_SPEC_MONTH;
+
+DECLARE_ASN1_ITEM(TIME_SPEC_MONTH)
+
+typedef struct TIME_PERIOD_st {
+    STACK_OF(DAY_TIME_BAND) *timesOfDay;
+    TIME_SPEC_DAY *days;
+    TIME_SPEC_WEEKS *weeks;
+    TIME_SPEC_MONTH *months;
+    STACK_OF(ASN1_INTEGER) *years;
+} TIME_PERIOD;
+
+DECLARE_ASN1_ITEM(TIME_PERIOD)
+
+#define TIME_SPEC_TIME_TYPE_ABSOLUTE 0
+#define TIME_SPEC_TIME_TYPE_PERIODIC 1
+
+typedef struct TIME_SPEC_TIME_st {
+    int type;
+    union {
+        TIME_SPEC_ABSOLUTE *absolute;
+        STACK_OF(TIME_PERIOD) *periodic;
+    } choice;
+} TIME_SPEC_TIME;
+
+typedef struct TIME_SPEC_st {
+    TIME_SPEC_TIME *time;
+    ASN1_BOOLEAN notThisTime;
+    ASN1_INTEGER *timeZone;
+} TIME_SPEC;
+
+DECLARE_ASN1_FUNCTIONS(TIME_SPEC_ABSOLUTE)
+DECLARE_ASN1_FUNCTIONS(TIME_SPEC_TIME)
+DECLARE_ASN1_FUNCTIONS(TIME_SPEC)
+{-
+    generate_stack_macros("TIME_PERIOD");
+-}
+
+{-
+    generate_stack_macros("DAY_TIME_BAND");
+-}
+
+typedef struct URI_REFERENCE_st {
+    ASN1_IA5STRING *uniformResourceIdentifier;
+    X509_ALGOR *hashAlgorithm;
+    ASN1_BIT_STRING *hashValue;
+} URI_REFERENCE;
+
+typedef struct COMMON_CRITERIA_MEASURES_st {
+    ASN1_IA5STRING *version;
+    ASN1_ENUMERATED *assurancelevel;
+    ASN1_ENUMERATED *evaluationStatus;
+    ASN1_BOOLEAN plus;
+    ASN1_ENUMERATED *strengthOfFunction;
+    ASN1_OBJECT *profileOid;
+    URI_REFERENCE *profileUri;
+    ASN1_OBJECT *targetOid;
+    URI_REFERENCE *targetUri;
+} COMMON_CRITERIA_MEASURES; 
+DECLARE_ASN1_FUNCTIONS(COMMON_CRITERIA_MEASURES)
+
+typedef struct FIPS_LEVEL_st {
+    ASN1_IA5STRING *version;
+    ASN1_ENUMERATED *level;
+    ASN1_BOOLEAN plus;
+} FIPS_LEVEL;
+DECLARE_ASN1_FUNCTIONS(FIPS_LEVEL)
+
+typedef struct TBB_SECURITY_ASSERTIONS_st {
+    ASN1_INTEGER *version;
+    COMMON_CRITERIA_MEASURES *ccInfo;
+    FIPS_LEVEL *fipsLevel;
+    ASN1_ENUMERATED *rtmType;
+    ASN1_BOOLEAN iso9000Certified;
+    ASN1_IA5STRING *iso9000Uri;
+} TBB_SECURITY_ASSERTIONS;
+DECLARE_ASN1_FUNCTIONS(TBB_SECURITY_ASSERTIONS)
+
+typedef struct MANUFACTURER_ID_st {
+    ASN1_OBJECT *manufacturerIdentifier;
+} MANUFACTURER_ID;
+
+DECLARE_ASN1_FUNCTIONS(MANUFACTURER_ID)
+
+typedef struct TCG_SPEC_VERSION_st {
+    ASN1_INTEGER *majorVersion;
+    ASN1_INTEGER *minorVersion;
+    ASN1_INTEGER *revision;
+} TCG_SPEC_VERSION;
+
+DECLARE_ASN1_FUNCTIONS(TCG_SPEC_VERSION)
+
+typedef struct TCG_PLATFORM_SPEC_st {
+    TCG_SPEC_VERSION *version;
+    ASN1_OCTET_STRING *platformClass;
+} TCG_PLATFORM_SPEC;
+
+DECLARE_ASN1_FUNCTIONS(TCG_PLATFORM_SPEC)
+
+typedef struct TCG_CRED_TYPE_st {
+    ASN1_OBJECT *certificateType;
+} TCG_CRED_TYPE;
+
+DECLARE_ASN1_FUNCTIONS(TCG_CRED_TYPE)
+
+typedef struct COMPONENT_CLASS_st {
+    ASN1_OBJECT *componentClassRegistry;
+    ASN1_OCTET_STRING *componentClassValue;
+} COMPONENT_CLASS;
+
+DECLARE_ASN1_FUNCTIONS(COMPONENT_CLASS)
+
+typedef struct COMPONENT_ADDRESS_st {
+    ASN1_OBJECT *addressType;
+    ASN1_UTF8STRING *addressValue;
+} COMPONENT_ADDRESS;
+
+typedef struct PLATFORM_PROPERTY_st {
+    ASN1_UTF8STRING *propertyName;
+    ASN1_UTF8STRING *propertyValue;
+    ASN1_ENUMERATED *status;
+} PLATFORM_PROPERTY;
+
+typedef struct ATTRIBUTE_CERTIFICATE_IDENTIFIER_st {
+    X509_ALGOR *hashAlgorithm;
+    ASN1_OCTET_STRING *hashOverSignatureValue;
+} ATTRIBUTE_CERTIFICATE_IDENTIFIER;
+
+DECLARE_ASN1_ITEM(ATTRIBUTE_CERTIFICATE_IDENTIFIER)
+
+typedef struct CERTIFICATE_IDENTIFIER_st {
+    ATTRIBUTE_CERTIFICATE_IDENTIFIER *attributeCertIdentifier;
+    OSSL_ISSUER_SERIAL *genericCertIdentifier;
+} CERTIFICATE_IDENTIFIER;
+
+DECLARE_ASN1_ITEM(CERTIFICATE_IDENTIFIER)
+
+typedef struct COMPONENT_IDENTIFIER_st {
+    COMPONENT_CLASS *componentClass;
+    ASN1_UTF8STRING *componentManufacturer;
+    ASN1_UTF8STRING *componentModel;
+    ASN1_UTF8STRING *componentSerial;
+    ASN1_UTF8STRING *componentRevision;
+    ASN1_OBJECT *componentManufacturerId;
+    ASN1_BOOLEAN fieldReplaceable;
+    STACK_OF(COMPONENT_ADDRESS) *componentAddresses;
+    CERTIFICATE_IDENTIFIER *componentPlatformCert;
+    URI_REFERENCE *componentPlatformCertUri;
+    ASN1_ENUMERATED *status;
+} COMPONENT_IDENTIFIER;
+
+typedef struct PLATFORM_CONFIG_st {
+    STACK_OF(COMPONENT_IDENTIFIER) *componentIdentifiers;
+    URI_REFERENCE *componentIdentifiersUri;
+    STACK_OF(PLATFORM_PROPERTY) *platformProperties;
+    URI_REFERENCE *platformPropertiesUri;
+} PLATFORM_CONFIG;
+DECLARE_ASN1_FUNCTIONS(PLATFORM_CONFIG)
+
+#define MEASUREMENT_ROOT_TYPE_STATIC        0
+#define MEASUREMENT_ROOT_TYPE_DYNAMIC       1
+#define MEASUREMENT_ROOT_TYPE_NONHOST       2
+#define MEASUREMENT_ROOT_TYPE_HYBRID        3
+#define MEASUREMENT_ROOT_TYPE_PHYSICAL      4
+#define MEASUREMENT_ROOT_TYPE_VIRTUAL       5
+#define EVALUATION_ASSURANCE_LEVEL_1        1
+#define EVALUATION_ASSURANCE_LEVEL_2        2
+#define EVALUATION_ASSURANCE_LEVEL_3        3
+#define EVALUATION_ASSURANCE_LEVEL_4        4
+#define EVALUATION_ASSURANCE_LEVEL_5        5
+#define EVALUATION_ASSURANCE_LEVEL_6        6
+#define EVALUATION_ASSURANCE_LEVEL_7        7
+#define EVALUATION_STATUS_DESIGNED_TO_MEET  0
+#define EVALUATION_STATUS_EVAL_IN_PROGRESS  1
+#define EVALUATION_STATUS_EVAL_COMPLETED    2
+#define STRENGTH_OF_FUNCTION_BASIC          0
+#define STRENGTH_OF_FUNCTION_MEDIUM         1
+#define STRENGTH_OF_FUNCTION_HIGH           2
+#define SECURITY_LEVEL_1                    1
+#define SECURITY_LEVEL_2                    2
+#define SECURITY_LEVEL_3                    3
+#define SECURITY_LEVEL_4                    4
+#define ATTRIBUTE_STATUS_ADDED              0
+#define ATTRIBUTE_STATUS_MODIFIED           1
+#define ATTRIBUTE_STATUS_REMOVED            2
+
+DECLARE_ASN1_FUNCTIONS(URI_REFERENCE)
+{-
+    generate_stack_macros("URI_REFERENCE");
+-}
+
+DECLARE_ASN1_FUNCTIONS(COMPONENT_ADDRESS)
+{-
+    generate_stack_macros("COMPONENT_ADDRESS");
+-}
+
+DECLARE_ASN1_FUNCTIONS(PLATFORM_PROPERTY)
+{-
+    generate_stack_macros("PLATFORM_PROPERTY");
+-}
+
+DECLARE_ASN1_FUNCTIONS(COMPONENT_IDENTIFIER)
+{-
+    generate_stack_macros("COMPONENT_IDENTIFIER");
+-}
+
+int print_notice(BIO *out, USERNOTICE *notice, int indent);
+
+int URI_REFERENCE_print (BIO *out, URI_REFERENCE *value, int indent);
+int COMPONENT_CLASS_print (BIO *out, COMPONENT_CLASS *value, int indent);
+int COMMON_CRITERIA_MEASURES_print (BIO *out, COMMON_CRITERIA_MEASURES *value, int indent);
+int FIPS_LEVEL_print (BIO *out, FIPS_LEVEL *value, int indent);
+int TBB_SECURITY_ASSERTIONS_print (BIO *out, TBB_SECURITY_ASSERTIONS *value, int indent);
+int MANUFACTURER_ID_print (BIO *out, MANUFACTURER_ID *value, int indent);
+int TCG_SPEC_VERSION_print (BIO *out, TCG_SPEC_VERSION *value);
+int TCG_PLATFORM_SPEC_print (BIO *out, TCG_PLATFORM_SPEC *value);
+int TCG_CRED_TYPE_print (BIO *out, TCG_CRED_TYPE *value, int indent);
+int COMPONENT_ADDRESS_print (BIO *out, COMPONENT_ADDRESS *value, int indent);
+int PLATFORM_PROPERTY_print (BIO *out, PLATFORM_PROPERTY *value, int indent);
+int ATTRIBUTE_CERTIFICATE_IDENTIFIER_print (BIO *out, ATTRIBUTE_CERTIFICATE_IDENTIFIER *value, int indent);
+int CERTIFICATE_IDENTIFIER_print (BIO *out, CERTIFICATE_IDENTIFIER *value, int indent);
+int COMPONENT_IDENTIFIER_print (BIO *out, COMPONENT_IDENTIFIER *value, int indent);
+int PLATFORM_CONFIG_print (BIO *out, PLATFORM_CONFIG *value, int indent);
+
+int i2r_ISSUER_SERIAL(X509V3_EXT_METHOD *method,
+                      OSSL_ISSUER_SERIAL *iss,
+                      BIO *out, int indent);
+
 # ifdef  __cplusplus
 }
 # endif
diff --git a/test/build.info b/test/build.info
index e2b09ae9650b1..7eb2a809dd810 100644
--- a/test/build.info
+++ b/test/build.info
@@ -26,7 +26,7 @@ IF[{- !$disabled{tests} -}]
           testutil/format_output.c testutil/load.c testutil/fake_random.c \
           testutil/test_cleanup.c testutil/main.c testutil/testutil_init.c \
           testutil/options.c testutil/test_options.c testutil/provider.c \
-          testutil/apps_shims.c testutil/random.c testutil/helper.c $LIBAPPSSRC
+          testutil/apps_shims.c testutil/random.c $LIBAPPSSRC
   INCLUDE[libtestutil.a]=../include ../apps/include ..
   DEPEND[libtestutil.a]=../libcrypto
 
@@ -34,13 +34,15 @@ IF[{- !$disabled{tests} -}]
           confdump \
           versions \
           aborttest test_test pkcs12_format_test pkcs12_api_test \
-          sanitytest time_test rsa_complex exdatatest bntest \
+          sanitytest rsa_complex exdatatest bntest \
           ecstresstest gmdifftest pbelutest \
           destest mdc2test sha_test \
           exptest pbetest localetest evp_pkey_ctx_new_from_name \
           evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
           evp_fetch_prov_test evp_libctx_test ossl_store_test \
           v3nametest v3ext punycode_test \
+          evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
+          evp_fetch_prov_test v3nametest v3ext \
           crltest danetest bad_dtls_test lhash_test sparse_array_test \
           conf_include_test params_api_test params_conversion_test \
           constant_time_test safe_math_test verify_extra_test clienthellotest \
@@ -48,23 +50,21 @@ IF[{- !$disabled{tests} -}]
           dtlsv1listentest ct_test threadstest afalgtest d2i_test \
           ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
           bio_callback_test bio_memleak_test bio_core_test bio_dgram_test param_build_test \
-          bioprinttest sslapitest ssl_handshake_rtt_test dtlstest sslcorrupttest \
+          bioprinttest sslapitest dtlstest sslcorrupttest \
           bio_enc_test pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \
           cipherbytes_test threadstest_fips threadpool_test \
-          asn1_encode_test asn1_decode_test asn1_string_table_test asn1_stable_parse_test \
+          asn1_encode_test asn1_decode_test asn1_string_table_test \
           x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
           recordlentest drbgtest rand_status_test sslbuffertest \
           time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
-          servername_test ocspapitest fatalerrtest tls13ccstest \
+          http_test servername_test ocspapitest fatalerrtest tls13ccstest \
           sysdefaulttest errtest ssl_ctx_test build_wincrypt_test \
           context_internal_test aesgcmtest params_test evp_pkey_dparams_test \
           keymgmt_internal_test hexstr_test provider_status_test defltfips_test \
           bio_readbuffer_test user_property_test pkcs7_test upcallstest \
-          provfetchtest prov_config_test rand_test \
-          ca_internals_test bio_tfo_test membio_test bio_dgram_test list_test \
-          fips_version_test x509_test hpke_test pairwise_fail_test \
-          nodefltctxtest evp_xof_test x509_load_cert_file_test bio_meth_test \
-          x509_acert_test
+          provfetchtest prov_config_test rand_test ca_internals_test \
+          bio_tfo_test membio_test bio_dgram_test list_test fips_version_test \
+          x509_test hpke_test pairwise_fail_test nodefltctxtest x509acert_test
 
   IF[{- !$disabled{'rpk'} -}]
     PROGRAMS{noinst}=rpktest
@@ -75,12 +75,7 @@ IF[{- !$disabled{tests} -}]
   ENDIF
 
   IF[{- !$disabled{quic} -}]
-    PROGRAMS{noinst}=priority_queue_test event_queue_test quicfaultstest quicapitest \
-                     quic_newcid_test quic_srt_gen_test
-  ENDIF
-
-  IF[{- !$disabled{qlog} -}]
-    PROGRAMS{noinst}=json_test quic_qlog_test
+    PROGRAMS{noinst}=priority_queue_test event_queue_test quicfaultstest quicapitest
   ENDIF
 
   IF[{- !$disabled{comp} && (!$disabled{brotli} || !$disabled{zstd} || !$disabled{zlib}) -}]
@@ -103,13 +98,9 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[sanitytest]=../include ../apps/include
   DEPEND[sanitytest]=../libcrypto.a libtestutil.a
 
-  SOURCE[time_test]=time_test.c
-  INCLUDE[time_test]=../include ../apps/include
-  DEPEND[time_test]=../libcrypto.a libtestutil.a
-
   SOURCE[rand_test]=rand_test.c
   INCLUDE[rand_test]=../include ../apps/include
-  DEPEND[rand_test]=../libcrypto.a libtestutil.a
+  DEPEND[rand_test]=../libcrypto libtestutil.a
 
   SOURCE[rsa_complex]=rsa_complex.c
   INCLUDE[rsa_complex]=../include ../apps/include
@@ -196,14 +187,6 @@ IF[{- !$disabled{tests} -}]
   SOURCE[evp_extra_test]=evp_extra_test.c fake_rsaprov.c
   INCLUDE[evp_extra_test]=../include ../apps/include
   DEPEND[evp_extra_test]=../libcrypto.a libtestutil.a
-  IF[{- !$disabled{module} && !$disabled{legacy} -}]
-    DEFINE[evp_extra_test]=STATIC_LEGACY
-    SOURCE[evp_extra_test]=../providers/legacyprov.c
-    INCLUDE[evp_extra_test]=../providers/common/include \
-                            ../providers/implementations/include
-    DEPEND[evp_extra_test]=../providers/liblegacy.a \
-                           ../providers/libcommon.a
-  ENDIF
 
   SOURCE[hpke_test]=hpke_test.c
   INCLUDE[hpke_test]=../include ../apps/include
@@ -341,18 +324,6 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[quic_txpim_test]=../include ../apps/include
   DEPEND[quic_txpim_test]=../libcrypto.a ../libssl.a libtestutil.a
 
-  SOURCE[quic_srtm_test]=quic_srtm_test.c
-  INCLUDE[quic_srtm_test]=../include ../apps/include
-  DEPEND[quic_srtm_test]=../libcrypto.a ../libssl.a libtestutil.a
-
-  SOURCE[quic_lcidm_test]=quic_lcidm_test.c
-  INCLUDE[quic_lcidm_test]=../include ../apps/include
-  DEPEND[quic_lcidm_test]=../libcrypto.a ../libssl.a libtestutil.a
-
-  SOURCE[quic_rcidm_test]=quic_rcidm_test.c
-  INCLUDE[quic_rcidm_test]=../include ../apps/include
-  DEPEND[quic_rcidm_test]=../libcrypto.a ../libssl.a libtestutil.a
-
   SOURCE[quic_fifd_test]=quic_fifd_test.c cc_dummy.c
   INCLUDE[quic_fifd_test]=../include ../apps/include
   DEPEND[quic_fifd_test]=../libcrypto.a ../libssl.a libtestutil.a
@@ -369,18 +340,10 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[quic_client_test]=../include ../apps/include
   DEPEND[quic_client_test]=../libcrypto.a ../libssl.a libtestutil.a
 
-  $QUICTESTHELPERS=helpers/quictestlib.c helpers/noisydgrambio.c helpers/pktsplitbio.c
-
-  SOURCE[quic_multistream_test]=quic_multistream_test.c helpers/ssltestlib.c $QUICTESTHELPERS
+  SOURCE[quic_multistream_test]=quic_multistream_test.c
   INCLUDE[quic_multistream_test]=../include ../apps/include
   DEPEND[quic_multistream_test]=../libcrypto.a ../libssl.a libtestutil.a
 
-  IF[{- !$disabled{'qlog'} -}]
-      SOURCE[quic_qlog_test]=quic_qlog_test.c
-      INCLUDE[quic_qlog_test]=../include ../apps/include
-      DEPEND[quic_qlog_test]=../libcrypto.a ../libssl.a libtestutil.a
-  ENDIF
-
   SOURCE[asynctest]=asynctest.c
   INCLUDE[asynctest]=../include ../apps/include
   DEPEND[asynctest]=../libcrypto
@@ -419,7 +382,7 @@ IF[{- !$disabled{tests} -}]
 
   SOURCE[lhash_test]=lhash_test.c
   INCLUDE[lhash_test]=../include ../apps/include
-  DEPEND[lhash_test]=../libcrypto.a libtestutil.a
+  DEPEND[lhash_test]=../libcrypto libtestutil.a
 
   SOURCE[dtlsv1listentest]=dtlsv1listentest.c
   INCLUDE[dtlsv1listentest]=../include ../apps/include
@@ -490,10 +453,6 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[bio_memleak_test]=../include ../apps/include
   DEPEND[bio_memleak_test]=../libcrypto libtestutil.a
 
-  SOURCE[bio_meth_test]=bio_meth_test.c
-  INCLUDE[bio_meth_test]=../include ../apps/include
-  DEPEND[bio_meth_test]=../libcrypto libtestutil.a
-
   SOURCE[bioprinttest]=bioprinttest.c
   INCLUDE[bioprinttest]=../include ../apps/include
   DEPEND[bioprinttest]=../libcrypto libtestutil.a
@@ -532,11 +491,7 @@ IF[{- !$disabled{tests} -}]
 
   SOURCE[sslapitest]=sslapitest.c helpers/ssltestlib.c filterprov.c tls-provider.c
   INCLUDE[sslapitest]=../include ../apps/include ..
-  DEPEND[sslapitest]=../libcrypto.a ../libssl.a libtestutil.a
-
-  SOURCE[ssl_handshake_rtt_test]=ssl_handshake_rtt_test.c helpers/ssltestlib.c
-  INCLUDE[ssl_handshake_rtt_test]=../include ../apps/include ..
-  DEPEND[ssl_handshake_rtt_test]=../libcrypto.a ../libssl.a libtestutil.a
+  DEPEND[sslapitest]=../libcrypto ../libssl libtestutil.a
 
   SOURCE[rpktest]=rpktest.c helpers/ssltestlib.c
   INCLUDE[rpktest]=../include ../apps/include ..
@@ -555,21 +510,13 @@ IF[{- !$disabled{tests} -}]
   DEPEND[ocspapitest]=../libcrypto libtestutil.a
 
   IF[{- !$disabled{sock} -}]
-    IF[{- !$disabled{http} -}]
-      PROGRAMS{noinst}=http_test
-
-      SOURCE[http_test]=http_test.c
-      INCLUDE[http_test]=../include ../apps/include
-      DEPEND[http_test]=../libcrypto libtestutil.a
-    ENDIF
-
-    PROGRAMS{noinst}=bio_addr_test
-
-    SOURCE[bio_addr_test]=bio_addr_test.c
-    INCLUDE[bio_addr_test]=../include ../apps/include
-    DEPEND[bio_addr_test]=../libcrypto libtestutil.a
+    PROGRAMS{noinst}=http_test
   ENDIF
 
+  SOURCE[http_test]=http_test.c
+  INCLUDE[http_test]=../include ../apps/include
+  DEPEND[http_test]=../libcrypto libtestutil.a
+
   SOURCE[dtlstest]=dtlstest.c helpers/ssltestlib.c
   INCLUDE[dtlstest]=../include ../apps/include
   DEPEND[dtlstest]=../libcrypto ../libssl libtestutil.a
@@ -594,10 +541,6 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[evp_kdf_test]=../include ../apps/include
   DEPEND[evp_kdf_test]=../libcrypto libtestutil.a
 
-  SOURCE[evp_xof_test]=evp_xof_test.c
-  INCLUDE[evp_xof_test]=../include ../apps/include
-  DEPEND[evp_xof_test]=../libcrypto libtestutil.a
-
   SOURCE[evp_pkey_dparams_test]=evp_pkey_dparams_test.c
   INCLUDE[evp_pkey_dparams_test]=../include ../apps/include
   DEPEND[evp_pkey_dparams_test]=../libcrypto libtestutil.a
@@ -626,10 +569,6 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[x509_dup_cert_test]=../include ../apps/include
   DEPEND[x509_dup_cert_test]=../libcrypto libtestutil.a
 
-  SOURCE[x509_load_cert_file_test]=x509_load_cert_file_test.c
-  INCLUDE[x509_load_cert_file_test]=../include ../apps/include
-  DEPEND[x509_load_cert_file_test]=../libcrypto libtestutil.a
-
   SOURCE[x509_check_cert_pkey_test]=x509_check_cert_pkey_test.c
   INCLUDE[x509_check_cert_pkey_test]=../include ../apps/include
   DEPEND[x509_check_cert_pkey_test]=../libcrypto libtestutil.a
@@ -646,6 +585,10 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[ciphername_test]=../include ../apps/include
   DEPEND[ciphername_test]=../libcrypto ../libssl libtestutil.a
 
+  SOURCE[http_test]=http_test.c
+  INCLUDE[http_test]=../include ../apps/include
+  DEPEND[http_test]=../libcrypto libtestutil.a
+
   SOURCE[servername_test]=servername_test.c helpers/ssltestlib.c
   INCLUDE[servername_test]=../include ../apps/include
   DEPEND[servername_test]=../libcrypto ../libssl libtestutil.a
@@ -701,10 +644,6 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[asn1_string_table_test]=../include ../apps/include
   DEPEND[asn1_string_table_test]=../libcrypto libtestutil.a
 
-  SOURCE[asn1_stable_parse_test]=asn1_stable_parse_test.c
-  INCLUDE[asn1_stable_parse_test]=../include ../apps/include
-  DEPEND[asn1_stable_parse_test]=../libcrypto libtestutil.a
-
   SOURCE[time_offset_test]=time_offset_test.c
   INCLUDE[time_offset_test]=../include ../apps/include
   DEPEND[time_offset_test]=../libcrypto libtestutil.a
@@ -796,10 +735,8 @@ IF[{- !$disabled{tests} -}]
       PROGRAMS{noinst}=sm4_internal_test
     ENDIF
     IF[{- !$disabled{ec} -}]
-      PROGRAMS{noinst}=ectest ec_internal_test evp_pkey_dhkem_test
-    ENDIF
-    IF[{- !$disabled{ecx} -}]
-      PROGRAMS{noinst}=curve448_internal_test
+      PROGRAMS{noinst}=ectest ec_internal_test curve448_internal_test \
+                       evp_pkey_dhkem_test
     ENDIF
     IF[{- !$disabled{cmac} -}]
       PROGRAMS{noinst}=cmactest
@@ -878,27 +815,13 @@ IF[{- !$disabled{tests} -}]
       INCLUDE[event_queue_test]=../include ../apps/include
       DEPEND[event_queue_test]=../libcrypto ../libssl.a libtestutil.a
 
-      SOURCE[quicfaultstest]=quicfaultstest.c helpers/ssltestlib.c $QUICTESTHELPERS
+      SOURCE[quicfaultstest]=quicfaultstest.c helpers/ssltestlib.c helpers/quictestlib.c
       INCLUDE[quicfaultstest]=../include ../apps/include ..
       DEPEND[quicfaultstest]=../libcrypto.a ../libssl.a libtestutil.a
 
-      SOURCE[quicapitest]=quicapitest.c helpers/ssltestlib.c $QUICTESTHELPERS
+      SOURCE[quicapitest]=quicapitest.c helpers/ssltestlib.c helpers/quictestlib.c
       INCLUDE[quicapitest]=../include ../apps/include
       DEPEND[quicapitest]=../libcrypto.a ../libssl.a libtestutil.a
-
-      SOURCE[quic_newcid_test]=quic_newcid_test.c helpers/ssltestlib.c $QUICTESTHELPERS
-      INCLUDE[quic_newcid_test]=../include ../apps/include ..
-      DEPEND[quic_newcid_test]=../libcrypto.a ../libssl.a libtestutil.a
-
-      SOURCE[quic_srt_gen_test]=quic_srt_gen_test.c helpers/ssltestlib.c $QUICTESTHELPERS
-      INCLUDE[quic_srt_gen_test]=../include ../apps/include ..
-      DEPEND[quic_srt_gen_test]=../libcrypto.a ../libssl.a libtestutil.a
-    ENDIF
-
-    IF[{- !$disabled{qlog} -}]
-      SOURCE[json_test]=json_test.c helpers/ssltestlib.c $QUICTESTHELPERS
-      INCLUDE[json_test]=../include ../apps/include
-      DEPEND[json_test]=../libcrypto.a ../libssl.a libtestutil.a
     ENDIF
 
     SOURCE[dhtest]=dhtest.c
@@ -955,11 +878,9 @@ IF[{- !$disabled{tests} -}]
     INCLUDE[ec_internal_test]=../include ../crypto/ec ../apps/include
     DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a
 
-    IF[{- !$disabled{ecx} -}]
-      SOURCE[curve448_internal_test]=curve448_internal_test.c
-      INCLUDE[curve448_internal_test]=.. ../include ../apps/include ../crypto/ec/curve448
-      DEPEND[curve448_internal_test]=../libcrypto.a libtestutil.a
-    ENDIF
+    SOURCE[curve448_internal_test]=curve448_internal_test.c
+    INCLUDE[curve448_internal_test]=.. ../include ../apps/include ../crypto/ec/curve448
+    DEPEND[curve448_internal_test]=../libcrypto.a libtestutil.a
 
     SOURCE[rc4test]=rc4test.c
     INCLUDE[rc4test]=../include ../apps/include
@@ -1083,17 +1004,9 @@ IF[{- !$disabled{tests} -}]
       SOURCE[p_test]=p_test.ld
       GENERATE[p_test.ld]=../util/providers.num
     ENDIF
-    MODULES{noinst}=p_minimal
-    SOURCE[p_minimal]=p_minimal.c
-    INCLUDE[p_minimal]=../include ..
-    IF[{- defined $target{shared_defflag} -}]
-      SOURCE[p_minimal]=p_minimal.ld
-      GENERATE[p_minimal.ld]=../util/providers.num
-    ENDIF
   ENDIF
   IF[{- $disabled{module} || !$target{dso_scheme} -}]
     DEFINE[provider_test]=NO_PROVIDER_MODULE
-    DEFINE[prov_config_test]=NO_PROVIDER_MODULE
     DEFINE[provider_internal_test]=NO_PROVIDER_MODULE
   ENDIF
   DEPEND[]=provider_internal_test.cnf
@@ -1149,11 +1062,6 @@ IF[{- !$disabled{tests} -}]
     DEPEND[endecoder_legacy_test]=../libcrypto.a libtestutil.a
   ENDIF
 
-  PROGRAMS{noinst}=decoder_propq_test
-  SOURCE[decoder_propq_test]=decoder_propq_test.c
-  INCLUDE[decoder_propq_test]=.. ../include ../apps/include
-  DEPEND[decoder_propq_test]=../libcrypto.a libtestutil.a
-
   PROGRAMS{noinst}=namemap_internal_test
   SOURCE[namemap_internal_test]=namemap_internal_test.c
   INCLUDE[namemap_internal_test]=.. ../include ../apps/include
@@ -1190,7 +1098,6 @@ ENDIF
   IF[{- !$disabled{'quic'} -}]
     PROGRAMS{noinst}=quic_wire_test quic_ackm_test quic_record_test
     PROGRAMS{noinst}=quic_fc_test quic_stream_test quic_cfq_test quic_txpim_test
-    PROGRAMS{noinst}=quic_srtm_test quic_lcidm_test quic_rcidm_test
     PROGRAMS{noinst}=quic_fifd_test quic_txp_test quic_tserver_test
     PROGRAMS{noinst}=quic_client_test quic_cc_test quic_multistream_test
   ENDIF
@@ -1203,14 +1110,14 @@ ENDIF
   INCLUDE[quic_cc_test]=../include ../apps/include
   DEPEND[quic_cc_test]=../libcrypto.a ../libssl.a libtestutil.a
 
+  SOURCE[x509acert_test]=x509acert_test.c
+  INCLUDE[x509acert_test]=../include ../apps/include
+  DEPEND[x509acert_test]=../libcrypto.a libtestutil.a
+
   SOURCE[cert_comp_test]=cert_comp_test.c helpers/ssltestlib.c
   INCLUDE[cert_comp_test]=../include ../apps/include ..
   DEPEND[cert_comp_test]=../libcrypto ../libssl libtestutil.a
 
-  SOURCE[x509_acert_test]=x509_acert_test.c
-  INCLUDE[x509_acert_test]=../include ../apps/include
-  DEPEND[x509_acert_test]=../libcrypto libtestutil.a
-
 {-
    use File::Spec::Functions;
    use File::Basename;
diff --git a/test/certs/acert.pem b/test/certs/acert.pem
index efd2a05dc6e94..a1b10854a7e4c 100644
--- a/test/certs/acert.pem
+++ b/test/certs/acert.pem
@@ -1,5 +1,15 @@
-Generated with paccor (https://github.com/nsacyber/paccor)
-
 -----BEGIN ATTRIBUTE CERTIFICATE-----
-MIID4zCCAssCAQEwOaA3MB+kHTAbMRkwFwYDVQQDDBBUUE0gTWFudWZhY3R1cmVyAhRADHoGLYO7i9GfV2Yz2rrlRFDPSqA6MDikNjA0MQswCQYDVQQGEwJVUzEUMBIGA1UECgwLZXhhbXBsZS5jb20xDzANBgNVBAsMBlBDVGVzdDANBgkqhkiG9w0BAQsFAAIBATAiGA8yMDE4MDEwMTA1MDAwMFoYDzIwMjgwMTAxMDUwMDAwWjCB7TALBgVngQUCEzECMAAwHAYFZ4EFAhExEzARMAkCAQECAQMCARYEBAAAAAEwEgYFZ4EFAhkxCTAHBgVngQUIAjCBlQYHZ4EFBQEHAjGBiTCBhqBkMC8wDgYGZ4EFEgMBBAQAAgABDBJYWVogQ29tcHV0aW5nIEluYy4MATGABkFCQzEyMzAxMA4GBmeBBRIDAQQEAAcAAgwNTm90IFNwZWNpZmllZAwDSEQxgAgxMjM0QUJDRIMB/6IeMBwMCHVuYW1lIC1yDBA2LjUuMC0xNS1nZW5lcmljMBQGBWeBBQIXMQswCQIBAQIBAQIBETCCAScwbwYDVR0jBGgwZoAUl46DRCrPD3GZndkBbbNDngf6ZHChOKQ2MDQxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtleGFtcGxlLmNvbTEPMA0GA1UECwwGUENUZXN0ghRmuv6Ey2JadCAOFysMNOn9CiH45zBBBgNVHSAEOjA4MDYGAioDMDAwLgYIKwYBBQUHAgIwIgwgVENHIFRydXN0ZWQgUGxhdGZvcm0gRW5kb3JzZW1lbnQwcQYDVR0RBGowaKRmMGQxEzARBgZngQUFAQQMB01vZGVsIEExHjAcBgZngQUFAQEMElhZWiBDb21wdXRpbmcgSW5jLjEZMBcGBmeBBQUBBQwNTm90IFNwZWNpZmllZDESMBAGBmeBBQUBBgwGQUJDMTIzMA0GCSqGSIb3DQEBCwUAA4IBAQBKj3TsMcVSu8zFLPwMX5f8SHelruSr0Oi4QCNLwAylo9Oi3loIaIwCRf95+z4SUJjGhyuBBooWP6Io0uWJ43tI7IFHdZ5vMtRIdemD3te+2iYH7OHMzMucsQ3L63n+XHHxhNrMgBOGI9+7Q4Rnvnm7OFFVqSKt5rX0sZFrR12XVD67CA3VC+khyXy1cV/3v95DwWFSHOG2VkiKjDdO2B4WRrK0Cy2J7ZFo0TYtaLNEONABL5nfa9MIXUAgo4hDwhxNSXfirJPgVt8HQNaoQPepHDiZbmRZc38Q1LAUpTxMYDePH0pQDkmI9Tdk+4/CMYhU0CIq6jzRHrOaUwfgNGp9
------END ATTRIBUTE CERTIFICATE-----
+MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG
+A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl
+IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4
+LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj
+BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP
+gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI
+i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEARYpFEjordN68NXSLmDae
+uruxhw+Zsr9Grom4mqYy/2lAuu58os4xA4Cez9OdkfCZmU9baDBVfMWys7GlCJdg
+wn5uO5Kk2eiEWsujO/EV4c5eyXSrsUghQZQKfIVsgeut+7WfmDy/+j8ibbxJxJp/
+KMIoDjBAaMDhhxaCYclm8dJRT9DPba/bCNjuPGeTXslDQSXIfzFDgQkRZ0+Z7s9i
+enYBmnH4rvW+SX8v5MzfGOu8VtHAKKBEcCbs2qGwYBEUUsCA/LYKSnOwn655wsd9
+k6KifIGOCVS4ZbK9pDyYcH/6/OmD1eSUwDZsd8CrJYDC31gAu7xqhOsBzR9DL3oD
+4Q==
+-----END ATTRIBUTE CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-aAissuingDistributionPoint.pem b/test/certs/ext-aAissuingDistributionPoint.pem
new file mode 100644
index 0000000000000..7e96f42a05b65
--- /dev/null
+++ b/test/certs/ext-aAissuingDistributionPoint.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBtDCCAaCgAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDA1
+MjIzWhgPMjAyMTA4MzEwMDUyMjNaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABozswOTA3BgNVHT8EMDAuoCKgIKQe
+MBwxGjAYBgNVBAMMEVdpbGRib2FyIFNvZnR3YXJlgQIFIIIB/4QB/zALBgkqhkiG
+9w0BAQUDAQA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-acceptableCertPolicies.pem b/test/certs/ext-acceptableCertPolicies.pem
new file mode 100644
index 0000000000000..6f1a759859296
--- /dev/null
+++ b/test/certs/ext-acceptableCertPolicies.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkDCCAXygAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDIy
+MDM4WhgPMjAyMTA4MzEwMjIwMzhaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABoxcwFTATBgNVHTQEDDAKBgNVBAsG
+A1UEDTALBgkqhkiG9w0BAQUDAQA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-acceptablePrivilegePolicies.pem b/test/certs/ext-acceptablePrivilegePolicies.pem
new file mode 100644
index 0000000000000..61cc9ea5b4476
--- /dev/null
+++ b/test/certs/ext-acceptablePrivilegePolicies.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkDCCAXygAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMwMTI1
+NjEyWhgPMjAyMTA4MzAxMjU2MTJaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABoxcwFTATBgNVHTkEDDAKBgNVBAMG
+A1UECjALBgkqhkiG9w0BAQUDAQA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-allowedAttributeAssignments.pem b/test/certs/ext-allowedAttributeAssignments.pem
new file mode 100644
index 0000000000000..3757876d10c68
--- /dev/null
+++ b/test/certs/ext-allowedAttributeAssignments.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBtzCCAaOgAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDIz
+NDU4WhgPMjAyMTA4MzEwMjM0NThaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABoz4wPDA6BgNVHUMEMzExMC+gBYAD
+VQQDoSaBJGpvbmF0aGFuLndpbGJ1ckB3aWxkYm9hcnNvZnR3YXJlLmNvbTALBgkq
+hkiG9w0BAQUDAQA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-associatedInformation.pem b/test/certs/ext-associatedInformation.pem
new file mode 100644
index 0000000000000..c8253cacfee15
--- /dev/null
+++ b/test/certs/ext-associatedInformation.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBYzCCAU2gAwIBAgIEDCI4TjANBgkqhkiG9w0BAQEFADARMQ8wDQYDVQQDDAZI
+aSBtb20wIhgPMjAyMjEwMjkwMTIzNDNaGA8yMDIyMTAyOTAxMjM0M1owETEPMA0G
+A1UEAwwGSGkgbW9tMAowBQYDKgMEAwEAo4HaMIHXMIHUBgNVHUsEgcwwgckwgX8G
+A1UEAzF4DAtTdGV2ZSBCcnVsZQwPRHIuIFN0ZXZlIEJydWxlDCJEci4gU3RldmUg
+QnJ1bGUsIGZyb20gQnJ1bGVzIFJ1bGVzDDRUaGUgZ2l2ZW5OYW1lIGF0dHJpYnV0
+ZSBiZWxvdyBpcyBpbnRlbnRpb25hbGx5IGVtcHR5MAwGA1UEajEFBgNVBAMwGgYD
+VQQgMRMwETEPMA0GA1UEAwwGSGkgbW9tMAcGA1UEKjEAMBIGA1UEBzELDAlGdW5r
+eXRvd24wDQYJKoZIhvcNAQEBBQADAQA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-attributeDescriptor.pem b/test/certs/ext-attributeDescriptor.pem
new file mode 100644
index 0000000000000..ee88859203fe8
--- /dev/null
+++ b/test/certs/ext-attributeDescriptor.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICCzCCAfegAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDEw
+NzA5WhgPMjAyMTA4MzEwMTA3MDlaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABo4GRMIGOMIGLBgNVHTAEgYMwgYAG
+A1UEAwQYVW5ib3VuZGVkRGlyZWN0b3J5U3RyaW5ngApjb21tb25OYW1lgRZBIGdl
+bmVyYWwtcHVycG9zZSBuYW1lMDsGA1UECjA0MCCkHjAcMRowGAYDVQQDDBFXaWxk
+Ym9hciBTb2Z0d2FyZTAQMAsGCWCGSAFlAwQCAQMBADALBgkqhkiG9w0BAQUDAQA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-attributeMappings.pem b/test/certs/ext-attributeMappings.pem
new file mode 100644
index 0000000000000..5fdd6a8907e10
--- /dev/null
+++ b/test/certs/ext-attributeMappings.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB1TCCAb+gAwIBAgIEDCI4TjANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDDAZI
+aSBtb20wIhgPMjAyMjEyMTIxOTM3MDhaGA8yMDIyMTIxMjE5MzcwOFowETEPMA0G
+A1UEAwwGSGkgbW9tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnjL
+m1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmqnuGrBOUfgbmH
+3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWirGu0oDRzhWLHe
+1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqIqpOynJB02thX
+rTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06GkwLFJHNv2tU
++tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3VuspVz+6pU2xgl3
+nrAVMQHB4fReQPH0pQIDAQABozMwMTAvBgNVHUQEKDEmoAqAA1UEA4EDVQQHoRig
+CwYDVQQDDARhc2RmoQkGA1UEBwICAz4wDQYJKoZIhvcNAQEFBQADAQA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-auditIdentity.pem b/test/certs/ext-auditIdentity.pem
new file mode 100644
index 0000000000000..3f58447f9fd3f
--- /dev/null
+++ b/test/certs/ext-auditIdentity.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkTCCAX2gAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDI0
+NDAyWhgPMjAyMTA4MzEwMjQ0MDJaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABoxgwFjAUBggrBgEFBQcBBAEB/wQF
+BAMJCAcwCwYJKoZIhvcNAQEFAwEA
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-authorityAttributeIdentifier.pem b/test/certs/ext-authorityAttributeIdentifier.pem
new file mode 100644
index 0000000000000..70cdf245d6b38
--- /dev/null
+++ b/test/certs/ext-authorityAttributeIdentifier.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBtDCCAaCgAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDIy
+NDM1WhgPMjAyMTA4MzEwMjI0MzVaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABozswOTA3BgNVHSYEMDAuMCwwIKQe
+MBwxGjAYBgNVBAMMEVdpbGRib2FyIFNvZnR3YXJlAgQBAwUHAwIBsjALBgkqhkiG
+9w0BAQUDAQA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-basicAttConstraints.pem b/test/certs/ext-basicAttConstraints.pem
new file mode 100644
index 0000000000000..e85d8a2db9561
--- /dev/null
+++ b/test/certs/ext-basicAttConstraints.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBjDCCAXigAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDIx
+MjQ5WhgPMjAyMTA4MzEwMjEyNDlaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABoxMwETAPBgNVHSkECDAGAQH/AgED
+MAsGCSqGSIb3DQEBBQMBAA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-delegatedNameConstraints.pem b/test/certs/ext-delegatedNameConstraints.pem
new file mode 100644
index 0000000000000..7f8360b560a48
--- /dev/null
+++ b/test/certs/ext-delegatedNameConstraints.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB2jCCAcagAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDIx
+ODAyWhgPMjAyMTA4MzEwMjE4MDJaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABo2EwXzBdBgNVHSoEVjBUoCgwJqQe
+MBwxGjAYBgNVBAMMEVdpbGRib2FyIFNvZnR3YXJlgAEBgQEDoSgwJqQeMBwxGjAY
+BgNVBAMMEVdpbGRib2FyIFNvZnR3YXJlgAECgQEEMAsGCSqGSIb3DQEBBQMBAA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-groupAC.pem b/test/certs/ext-groupAC.pem
index f5325eb2ae6eb..e7e2da5927bfb 100644
--- a/test/certs/ext-groupAC.pem
+++ b/test/certs/ext-groupAC.pem
@@ -8,4 +8,4 @@ qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
 GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
 pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABow0wCzAJBgNVHUIEAgUAMAsGCSqG
 SIb3DQEBBQMBAA==
------END CERTIFICATE-----
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-holderNameConstraints.pem b/test/certs/ext-holderNameConstraints.pem
new file mode 100644
index 0000000000000..1c267cb9a6034
--- /dev/null
+++ b/test/certs/ext-holderNameConstraints.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBsDCCAZygAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDI0
+MTA0WhgPMjAyMTA4MzEwMjQxMDRaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABozcwNTAzBgNVHUUELDAqoCgwJqQe
+MBwxGjAYBgNVBAMMEVdpbGRib2FyIFNvZnR3YXJlgAEBgQEDMAsGCSqGSIb3DQEB
+BQMBAA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-indirectIssuer.pem b/test/certs/ext-indirectIssuer.pem
index afc21806aef02..3fbfa6a2e54bb 100644
--- a/test/certs/ext-indirectIssuer.pem
+++ b/test/certs/ext-indirectIssuer.pem
@@ -8,4 +8,4 @@ qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
 GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
 pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABow0wCzAJBgNVHT0EAgUAMAsGCSqG
 SIb3DQEBBQMBAA==
------END CERTIFICATE-----
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-issuedOnBehalfOf.pem b/test/certs/ext-issuedOnBehalfOf.pem
new file mode 100644
index 0000000000000..b37b1baa584ed
--- /dev/null
+++ b/test/certs/ext-issuedOnBehalfOf.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBpDCCAZCgAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDIy
+OTM2WhgPMjAyMTA4MzEwMjI5MzZaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABoyswKTAnBgNVHUAEIKQeMBwxGjAY
+BgNVBAMMEVdpbGRib2FyIFNvZnR3YXJlMAsGCSqGSIb3DQEBBQMBAA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-noAssertion.pem b/test/certs/ext-noAssertion.pem
index 1aaa860bdda58..a91064d93cb0f 100644
--- a/test/certs/ext-noAssertion.pem
+++ b/test/certs/ext-noAssertion.pem
@@ -8,4 +8,4 @@ qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
 GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
 pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABow0wCzAJBgNVHT4EAgUAMAsGCSqG
 SIb3DQEBBQMBAA==
------END CERTIFICATE-----
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-noRevAvail.pem b/test/certs/ext-noRevAvail.pem
index 23bf49b9852a8..b09a897c32953 100644
--- a/test/certs/ext-noRevAvail.pem
+++ b/test/certs/ext-noRevAvail.pem
@@ -8,4 +8,4 @@ qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
 GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
 pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABoxAwDjAMBgNVHTgBAf8EAgUAMAsG
 CSqGSIb3DQEBBQMBAA==
------END CERTIFICATE-----
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-roleSpecCertIdentifier.pem b/test/certs/ext-roleSpecCertIdentifier.pem
new file mode 100644
index 0000000000000..3096f08a5c89a
--- /dev/null
+++ b/test/certs/ext-roleSpecCertIdentifier.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB7zCCAdugAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMxMDIw
+NzA0WhgPMjAyMTA4MzEwMjA3MDRaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABo3YwdDByBgNVHScEazBpMGegIKQe
+MBwxGjAYBgNVBAMMEVdpbGRib2FyIFNvZnR3YXJloSCkHjAcMRowGAYDVQQDDBFX
+aWxkYm9hciBTb2Z0d2FyZYIEAgQGCKMbghR3aWxkYm9hcnNvZnR3YXJlLmNvbYgD
+VQQNMAsGCSqGSIb3DQEBBQMBAA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-sOAIdentifier.pem b/test/certs/ext-sOAIdentifier.pem
index 7da3a3b448541..2db78f1e43f38 100644
--- a/test/certs/ext-sOAIdentifier.pem
+++ b/test/certs/ext-sOAIdentifier.pem
@@ -8,4 +8,4 @@ qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
 GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
 pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABow0wCzAJBgNVHTIEAgUAMAsGCSqG
 SIb3DQEBBQMBAA==
------END CERTIFICATE-----
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-singleUse.pem b/test/certs/ext-singleUse.pem
index e72701c305948..380461670ed71 100644
--- a/test/certs/ext-singleUse.pem
+++ b/test/certs/ext-singleUse.pem
@@ -1,12 +1,11 @@
 -----BEGIN CERTIFICATE-----
-MIIBrzCCAZmgAwIBAgIEDCI4TjANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDDAZI
-aSBtb20wIhgPMjAyMzA3MDExMzA4MDRaGA8yMDIzMDcwMTEzMDgwNFowETEPMA0G
-A1UEAwwGSGkgbW9tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnjL
-m1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmqnuGrBOUfgbmH
-3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWirGu0oDRzhWLHe
-1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqIqpOynJB02thX
-rTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06GkwLFJHNv2tU
-+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3VuspVz+6pU2xgl3
-nrAVMQHB4fReQPH0pQIDAQABow0wCzAJBgNVHUEEAgUAMA0GCSqGSIb3DQEBBQUA
-AwEA
------END CERTIFICATE-----
+MIIBiTCCAXWgAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODI5MjIx
+MTMyWhgPMjAyMTA4MjkyMjExMzJaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABoxAwDjAMBgNVHUEBAf8EAgUAMAsG
+CSqGSIb3DQEBBQMBAA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-subjectDirectoryAttributes.pem b/test/certs/ext-subjectDirectoryAttributes.pem
new file mode 100644
index 0000000000000..298280db8b578
--- /dev/null
+++ b/test/certs/ext-subjectDirectoryAttributes.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBYzCCAU2gAwIBAgIEDCI4TjANBgkqhkiG9w0BAQEFADARMQ8wDQYDVQQDDAZI
+aSBtb20wIhgPMjAyMjEwMjkwMTI0NDlaGA8yMDIyMTAyOTAxMjQ0OVowETEPMA0G
+A1UEAwwGSGkgbW9tMAowBQYDKgMEAwEAo4HaMIHXMIHUBgNVHQkEgcwwgckwgX8G
+A1UEAzF4DAtTdGV2ZSBCcnVsZQwPRHIuIFN0ZXZlIEJydWxlDCJEci4gU3RldmUg
+QnJ1bGUsIGZyb20gQnJ1bGVzIFJ1bGVzDDRUaGUgZ2l2ZW5OYW1lIGF0dHJpYnV0
+ZSBiZWxvdyBpcyBpbnRlbnRpb25hbGx5IGVtcHR5MAwGA1UEajEFBgNVBAMwGgYD
+VQQgMRMwETEPMA0GA1UEAwwGSGkgbW9tMAcGA1UEKjEAMBIGA1UEBzELDAlGdW5r
+eXRvd24wDQYJKoZIhvcNAQEBBQADAQA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-targetingInformation-empty.pem b/test/certs/ext-targetingInformation-empty.pem
new file mode 100644
index 0000000000000..9170b3767c264
--- /dev/null
+++ b/test/certs/ext-targetingInformation-empty.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBizCCAXegAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjExMDAzMjIz
+MDU1WhgPMjAyMTEwMDMyMjMwNTVaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABoxIwEDAOBgNVHTcBAf8EBDACMAAw
+CwYJKoZIhvcNAQEFAwEA
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-targetingInformation-simple.pem b/test/certs/ext-targetingInformation-simple.pem
new file mode 100644
index 0000000000000..cbfb29208479f
--- /dev/null
+++ b/test/certs/ext-targetingInformation-simple.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBrTCCAZmgAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjExMDAzMjIy
+OTAxWhgPMjAyMTEwMDMyMjI5MDFaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABozQwMjAwBgNVHTcBAf8EJjAkMCKg
+IKQeMBwxGjAYBgNVBAMMEVdpbGRib2FyIFNvZnR3YXJlMAsGCSqGSIb3DQEBBQMB
+AA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-targetingInformation.pem b/test/certs/ext-targetingInformation.pem
new file mode 100644
index 0000000000000..0ce3998ab246e
--- /dev/null
+++ b/test/certs/ext-targetingInformation.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICKzCCAhegAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMwMTI1
+NDEzWhgPMjAyMTA4MzAxMjU0MTNaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABo4GxMIGuMIGrBgNVHTcEgaMwgaAw
+OqAgpB4wHDEaMBgGA1UEAwwRV2lsZGJvYXIgU29mdHdhcmWhFoIUd2lsZGJvYXJz
+b2Z0d2FyZS5jb20wYqJgMDEwJaQeMBwxGjAYBgNVBAMMEVdpbGRib2FyIFNvZnR3
+YXJliANVBAMCBAECAwQDAgOwgRVqb25hdGhhbkB3aWxidXIuc3BhY2UwFAoBADAL
+BgkqhkiG9w0BAQUDAgIkMAsGCSqGSIb3DQEBBQMBAA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-timeSpecification-absolute.pem b/test/certs/ext-timeSpecification-absolute.pem
new file mode 100644
index 0000000000000..8ce07092d5f83
--- /dev/null
+++ b/test/certs/ext-timeSpecification-absolute.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB2jCCAcSgAwIBAgIEDCI4TjANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDDAZI
+aSBtb20wIhgPMjAyMjEyMjAxMzA3MjFaGA8yMDIyMTIyMDEzMDcyMVowETEPMA0G
+A1UEAwwGSGkgbW9tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnjL
+m1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmqnuGrBOUfgbmH
+3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWirGu0oDRzhWLHe
+1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqIqpOynJB02thX
+rTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06GkwLFJHNv2tU
++tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3VuspVz+6pU2xgl3
+nrAVMQHB4fReQPH0pQIDAQABozgwNjA0BgNVHSsELTArMCagERgPMjAyMjEyMjAx
+MzA3MjFaoREYDzIwMjIxMjIwMTMwNzIxWgIB+zANBgkqhkiG9w0BAQUFAAMBAA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-timeSpecification-periodic.pem b/test/certs/ext-timeSpecification-periodic.pem
new file mode 100644
index 0000000000000..171e2a7a81732
--- /dev/null
+++ b/test/certs/ext-timeSpecification-periodic.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICNjCCAiCgAwIBAgIEDCI4TjANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDDAZI
+aSBtb20wIhgPMjAyMjEyMjExNDQ5NDJaGA8yMDIyMTIyMTE0NDk0MlowETEPMA0G
+A1UEAwwGSGkgbW9tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnjL
+m1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmqnuGrBOUfgbmH
+3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWirGu0oDRzhWLHe
+1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqIqpOynJB02thX
+rTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06GkwLFJHNv2tU
++tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3VuspVz+6pU2xgl3
+nrAVMQHB4fReQPH0pQIDAQABo4GTMIGQMIGNBgNVHSsEgYUwgYIxejBWoCoxKDAm
+oBEwD6ADAgEFoQMCASuiAwIBFaERMA+gAwIBDKEDAgEiogMCATihCDEGAgEBAgEC
+oggxBgIBAwIBBKMIMQYCAQUCAQakCjEIAgIH5gICB+cwIKEIMQYCAQMCAQSjCDEG
+AgEHAgEIpAoxCAICB+cCAgfoAQH/AgH7MA0GCSqGSIb3DQEBBQUAAwEA
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/ext-userNotice.pem b/test/certs/ext-userNotice.pem
new file mode 100644
index 0000000000000..460091c954000
--- /dev/null
+++ b/test/certs/ext-userNotice.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB8jCCAd6gAwIBAgIDAQIDMAsGCSqGSIb3DQEBBTAAMCIYDzIwMjEwODMwMDEw
+MjAzWhgPMjAyMTA4MzAwMTAyMDNaMAAwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIB
+CgKCAQEAtnjLm1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmq
+nuGrBOUfgbmH3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWir
+Gu0oDRzhWLHe1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqI
+qpOynJB02thXrTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06
+GkwLFJHNv2tU+tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3Vus
+pVz+6pU2xgl3nrAVMQHB4fReQPH0pQIDAQABo3kwdzB1BgNVHTEEbjBsMDEwHAwR
+V2lsZGJvYXIgU29mdHdhcmUwBwIBewICAcgaEUhleSB0aGVyZSBiaWcgYm9pMDcw
+Jx4eAEoAbwBuAGEAdABoAGEAbgAgAFcAaQBsAGIAdQByMAUCAwDFSQwMSWNlIGlj
+ZSBiYWJ5MAsGCSqGSIb3DQEBBQMBAA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/certs/platcert1.pem b/test/certs/platcert1.pem
new file mode 100644
index 0000000000000..903c496b3ad57
--- /dev/null
+++ b/test/certs/platcert1.pem
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIGkTCCBnugAwIBAgIEDCI4TjANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDDAZI
+aSBtb20wIhgPMjAyMzAxMTUyMzA0NTNaGA8yMDIzMDExNTIzMDQ1M1owETEPMA0G
+A1UEAwwGSGkgbW9tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnjL
+m1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmqnuGrBOUfgbmH
+3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWirGu0oDRzhWLHe
+1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqIqpOynJB02thX
+rTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06GkwLFJHNv2tU
++tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3VuspVz+6pU2xgl3
+nrAVMQHB4fReQPH0pQIDAQABo4IE7TCCBOkwggTlBgNVHQkEggTcMIIE2DBKBgZn
+gQUFAQMxQDA+FhxodHRwczovL3d3dy5nb29nbGUuY29tL2hpbW9tMAsGCWCGSAFl
+AwQCAQMRAMeuIFad0PQy1Ce6kvzb9G8wHAYFZ4EFAhExEzARMAkCAQECAQICAQME
+BAIEBggwEgYFZ4EFAhkxCTAHBgVngQUIAjAdBgZngQUFAQExEwwRV2lsZGJvYXIg
+U29mdHdhcmUwGwYGZ4EFBQEEMREMD01jVWx0cmEgU3VwcmVtZTARBgZngQUFAQUx
+BwwFWC41MTEwGAYGZ4EFBQEGMQ4MDGUzNGEzMTFiMmU1YzAWBgZngQUFAQIxDDAK
+BggrBgEEAYO5KjCBpQYFZ4EFAhMxgZswgZigWxYDMi4yCgEFCgECAQH/gAEBgQNV
+BAOiHhYcaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS9oaW1vbYMDVQQDpB4WHGh0dHBz
+Oi8vd3d3Lmdvb2dsZS5jb20vaGltb22hDRYFMTQwLTEKAQIBAf+CAQQBAf8WJGh0
+dHBzOi8vdHJ1c3RlZGNvbXB1dGluZy5jb20vaXNvOTAwMDCCAy0GB2eBBQUBBwIx
+ggMgMIIDHKCCAkUwggENMAsGA1UEAwQEAgQGCAwRV2lsZGJvYXIgU29mdHdhcmUM
+DFg1MTEtMzQxIChHKYAIYjA3OWYwMzmBA0EzMYIDVQQDgwH/pBwwGgYFZ4EFEQEM
+ETA4OkFGOkJBOjA4OjA4OjE0pU+gHzALBglghkgBZQMEAgEEEDjm31Qtiu8Fg8ud
+su8HGhahLDAVpBMwETEPMA0GA1UEAwwGSGkgbW9tAghD4fc9f0LibAMJADfV1pFR
+XcuTplQWMmh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vY29tcG9uZW50LXBsYXRmb3Jt
+LWNlcnQtdXJpMAsGCWCGSAFlAwQCAQMRAAYNbG2S5adXwLFa8w8xqgeHAQAwggEw
+MAsGA1UEBgQEAlAGCgwWV2lsZGJvYXIgU29mdHdhcmUgKElJKQwMWDUxMS0zNDEg
+KEYpgAg0Njc1M2RmY4EDQjUwggNVBAeDAf+kHDAaBgVngQURAQwRMDM6QUY6QkE6
+MDM6MDM6MTSlcKAfMAsGCWCGSAFlAwQCAQQQAkNXJL5i9I6C0ksh1p/vzKFNMDak
+NDAyMQ8wDQYDVQQDDAZIaSBtb20xHzAdBgNVBAMMFkN5YmVyc2VjdXJpdHkgRGl2
+aXNpb24CCPRZEqk4dJKMAwkAgkQwbsdqYw+mVBYyaHR0cHM6Ly93d3cuZ29vZ2xl
+LmNvbS9jb21wb25lbnQtcGxhdGZvcm0tY2VydC11cmkwCwYJYIZIAWUDBAIBAxEA
+2y7eMHDn0DiQhhzlLZsIZaFSFjBodHRwczovL3d3dy5nb29nbGUuY29tL2NvbXBv
+bmVudC1pZGVudGlmaWVycy11cmkwCwYJYIZIAWUDBAIBAxEAbx0Zpfnm7NXWHz3n
+SktUAaIrMBMMDFNBVEFfVkVSU0lPTgwDMi4wMBQMDFJBSURfVkVSU0lPTgwBNYAB
+AqNQFi5odHRwczovL3d3dy5nb29nbGUuY29tL3BsYXRmb3JtLXByb3BlcnRpZXMt
+dXJpMAsGCWCGSAFlAwQCAQMRAPiacURWmXVWUI/GNYq1wT4wDQYJKoZIhvcNAQEF
+BQADAQA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
index c727e5cdb3dcf..1a78655dc8690 100644
--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_x509");
 
-plan tests => 51;
+plan tests => 119;
 
 # Prevent MSys2 filename munging for arguments that look like file paths but
 # aren't
@@ -81,15 +81,6 @@ ok(run(app(["openssl", "pkey", "-in", $pkey, "-pubout", "-out", $pubkey]))
 # not unlinking $pubkey
 # not unlinking $selfout
 
-# test -set_issuer option
-my $ca_issu = srctop_file(@certs, "ca-cert.pem"); # issuer cert
-my $caout_issu = "ca-issu.out";
-ok(run(app(["openssl", "x509", "-new", "-force_pubkey", $key, "-subj", "/CN=EE",
-            "-set_issuer", "/CN=TEST-CA", "-extfile", $extfile, "-CA", $ca_issu,
-            "-CAkey", $pkey, "-text", "-out", $caout_issu])));
-ok(get_issuer($caout_issu) =~ /CN=TEST-CA/);
-# not unlinking $caout
-
 # simple way of directly producing a CA-signed cert with private/pubkey input
 my $ca = srctop_file(@certs, "ca-cert.pem"); # issuer cert
 my $caout = "ca-issued.out";
@@ -133,15 +124,273 @@ cert_contains(srctop_file(@certs, "ext-sOAIdentifier.pem"),
 
 cert_contains(srctop_file(@certs, "ext-noRevAvail.pem"),
               "No Revocation Available",
-              1, 'X.509 No Revocation Available');
-
+              1, 'X.509 Source of Authority Extension');
 cert_contains(srctop_file(@certs, "ext-singleUse.pem"),
               "Single Use",
-              1, 'X509v3 Single Use');
-
-cert_contains(srctop_file(@certs, "ext-indirectIssuer.pem"),
-              "Indirect Issuer",
-              1, 'X.509 Indirect Issuer');
+              1, 'X.509 Single Use Certification Extension');
+cert_contains(srctop_file(@certs, "ext-auditIdentity.pem"),
+              "Audit Identity",
+              1, 'X.509 Audit Identity Extension');
+
+my $tgt_info_cert = srctop_file(@certs, "ext-targetingInformation.pem");
+cert_contains($tgt_info_cert,
+              "AC Targeting",
+              1, 'X.509 Targeting Information Extension');
+cert_contains($tgt_info_cert,
+              "Targets:",
+              1, 'X.509 Targeting Information Targets');
+cert_contains($tgt_info_cert,
+              "Target:",
+              1, 'X.509 Targeting Information Target');
+cert_contains($tgt_info_cert,
+              "Target Name: DirName:CN = W",
+              1, 'X.509 Targeting Information Target Name');
+cert_contains($tgt_info_cert,
+              "Target Group: DNS:wildboarsoftware.com",
+              1, 'X.509 Targeting Information Target Name');
+cert_contains($tgt_info_cert,
+              "Issuer Names:",
+              1, 'X.509 Targeting Information Issuer Names');
+cert_contains($tgt_info_cert,
+              "Issuer Serial: 01020304",
+              1, 'X.509 Targeting Information Issuer Serial');
+cert_contains($tgt_info_cert,
+              "Issuer UID: B0",
+              1, 'X.509 Targeting Information Issuer UID');
+cert_contains($tgt_info_cert,
+              "Digest Type: Public Key",
+              1, 'X.509 Targeting Information Object Digest Type');
+
+my $bacons_cert = srctop_file(@certs, "ext-basicAttConstraints.pem");
+cert_contains($bacons_cert,
+              "authority:TRUE",
+              1, 'X.509 Basic Attribute Constraints Authority');
+cert_contains($bacons_cert,
+              "pathlen:3",
+              1, 'X.509 Basic Attribute Constraints Path Length');
+
+my $dncons_cert = srctop_file(@certs, "ext-delegatedNameConstraints.pem");
+cert_contains($dncons_cert,
+              "DirName:CN = Wil",
+              1, 'X.509 Delegated Name Constraints');
+cert_contains($dncons_cert,
+              "Permitted:",
+              1, 'X.509 Delegated Name Constraints');
+cert_contains($dncons_cert,
+              "Excluded:",
+              1, 'X.509 Delegated Name Constraints');
+
+my $sda_cert = srctop_file(@certs, "ext-subjectDirectoryAttributes.pem");
+cert_contains($sda_cert,
+              "Steve Brule",
+              1, 'X.509 Subject Directory Attributes');
+cert_contains($sda_cert,
+              "CN=Hi mom",
+              1, 'X.509 Subject Directory Attributes');
+cert_contains($sda_cert,
+              "<No Values>",
+              1, 'X.509 Subject Directory Attributes');
+cert_contains($sda_cert,
+              "Funkytown",
+              1, 'X.509 Subject Directory Attributes');
+cert_contains($sda_cert,
+              "commonName",
+              1, 'X.509 Subject Directory Attributes');
+cert_contains($sda_cert,
+              "owner",
+              1, 'X.509 Subject Directory Attributes');
+cert_contains($sda_cert,
+              "givenName",
+              1, 'X.509 Subject Directory Attributes');
+cert_contains($sda_cert,
+              "localityName",
+              1, 'X.509 Subject Directory Attributes');
+
+my $ass_info_cert = srctop_file(@certs, "ext-associatedInformation.pem");
+cert_contains($ass_info_cert,
+              "Steve Brule",
+              1, 'X509v3 Associated Information');
+cert_contains($ass_info_cert,
+              "CN=Hi mom",
+              1, 'X509v3 Associated Information');
+cert_contains($ass_info_cert,
+              "<No Values>",
+              1, 'X509v3 Associated Information');
+cert_contains($ass_info_cert,
+              "Funkytown",
+              1, 'X509v3 Associated Information');
+cert_contains($ass_info_cert,
+              "commonName",
+              1, 'X509v3 Associated Information');
+cert_contains($ass_info_cert,
+              "owner",
+              1, 'X509v3 Associated Information');
+cert_contains($sda_cert,
+              "givenName",
+              1, 'X509v3 Associated Information');
+cert_contains($ass_info_cert,
+              "localityName",
+              1, 'X509v3 Associated Information');
+
+my $user_notice_cert = srctop_file(@certs, "ext-userNotice.pem");
+cert_contains($user_notice_cert,
+              "Organization: Wildboar Software",
+              1, 'X509v3 User Notice');
+cert_contains($user_notice_cert,
+              "Numbers: 123, 456",
+              1, 'X509v3 User Notice');
+cert_contains($user_notice_cert,
+              "Explicit Text: Hey there big boi",
+              1, 'X509v3 User Notice');
+cert_contains($user_notice_cert,
+              "Number: 50505",
+              1, 'X509v3 User Notice');
+cert_contains($user_notice_cert,
+              "Explicit Text: Ice ice baby",
+              1, 'X509v3 User Notice');
+
+my $auth_attr_id_cert = srctop_file(@certs, "ext-authorityAttributeIdentifier.pem");
+cert_contains($auth_attr_id_cert,
+              "DirName:CN = Wildboar",
+              1, 'X509v3 Authority Attribute Identifier');
+cert_contains($auth_attr_id_cert,
+              "Issuer Serial: 01030507",
+              1, 'X509v3 Authority Attribute Identifier');
+cert_contains($auth_attr_id_cert,
+              "Issuer UID: B2",
+              1, 'X509v3 Authority Attribute Identifier');
+
+my $iobo_cert = srctop_file(@certs, "ext-issuedOnBehalfOf.pem");
+cert_contains($iobo_cert,
+              "DirName:CN = Wildboar",
+              1, 'X509v3 Issued On Behalf Of');
+
+my $aaa_cert = srctop_file(@certs, "ext-allowedAttributeAssignments.pem");
+cert_contains($aaa_cert,
+              "Attribute Type: commonName",
+              1, 'X509v3 Allowed Attribute Assignments');
+cert_contains($aaa_cert,
+              "Holder Domain: email:jonathan",
+              1, 'X509v3 Allowed Attribute Assignments');
+
+my $attr_map_cert = srctop_file(@certs, "ext-attributeMappings.pem");
+cert_contains($attr_map_cert,
+              "commonName == localityName",
+              1, 'X509v3 Attribute Mappings');
+cert_contains($attr_map_cert,
+              "commonName:asdf == localityName:830",
+              1, 'X509v3 Attribute Mappings');
+
+my $indirect_issuer_cert = srctop_file(@certs, "ext-indirectIssuer.pem");
+cert_contains($indirect_issuer_cert,
+              "NULL",
+              1, 'X509v3 Indirect Issuer');
+
+my $attr_desc_cert = srctop_file(@certs, "ext-attributeDescriptor.pem");
+cert_contains($attr_desc_cert,
+              "Identifier: 2.5.4.3",
+              1, 'X509v3 Attribute Descriptor');
+cert_contains($attr_desc_cert,
+              "Syntax: UnboundedDirectoryString",
+              1, 'X509v3 Attribute Descriptor');
+cert_contains($attr_desc_cert,
+              "Name: commonName",
+              1, 'X509v3 Attribute Descriptor');
+cert_contains($attr_desc_cert,
+              "Description: A general-purpose name",
+              1, 'X509v3 Attribute Descriptor');
+cert_contains($attr_desc_cert,
+              "Identifier: 2.5.4.10",
+              1, 'X509v3 Attribute Descriptor');
+cert_contains($attr_desc_cert,
+              "DirName:CN = Wild",
+              1, 'X509v3 Attribute Descriptor');
+cert_contains($attr_desc_cert,
+              "Algorithm: sha256",
+              1, 'X509v3 Attribute Descriptor');
+cert_contains($attr_desc_cert,
+              "Hash Value:",
+              1, 'X509v3 Attribute Descriptor');
+
+my $aa_idp_cert = srctop_file(@certs, "ext-aAissuingDistributionPoint.pem");
+cert_contains($aa_idp_cert,
+              "DirName:CN = Wild",
+              1, 'X509v3 Attribute Authority Issuing Distribution Point');
+cert_contains($aa_idp_cert,
+              "CA Compromise",
+              1, 'X509v3 Attribute Authority Issuing Distribution Point');
+cert_contains($aa_idp_cert,
+              "Indirect CRL: TRUE",
+              1, 'X509v3 Attribute Authority Issuing Distribution Point');
+cert_contains($aa_idp_cert,
+              "Contains User Attribute Certificates: TRUE",
+              1, 'X509v3 Attribute Authority Issuing Distribution Point');
+cert_contains($aa_idp_cert,
+              'Contains Attribute Authority \(AA\) Certificates: TRUE',
+              1, 'X509v3 Attribute Authority Issuing Distribution Point');
+cert_contains($aa_idp_cert,
+              'Contains Source Of Authority \(SOA\) Public Key Certificates: TRUE',
+              1, 'X509v3 Attribute Authority Issuing Distribution Point');
+
+my $role_spec_cert = srctop_file(@certs, "ext-roleSpecCertIdentifier.pem");
+cert_contains($role_spec_cert,
+              "Role Specification Certificate Identifier #1",
+              1, 'X509v3 Role Specification Certificate Identifier');
+cert_contains($role_spec_cert,
+              "Role Name: DirName:CN = Wild",
+              1, 'X509v3 Role Specification Certificate Identifier');
+cert_contains($role_spec_cert,
+              "Role Certificate Issuer: DirName:CN = Wild",
+              1, 'X509v3 Role Specification Certificate Identifier');
+cert_contains($role_spec_cert,
+              "Role Certificate Serial Number: 0x02040608",
+              1, 'X509v3 Role Specification Certificate Identifier');
+cert_contains($role_spec_cert,
+              "DNS:wildboar",
+              1, 'X509v3 Role Specification Certificate Identifier');
+cert_contains($role_spec_cert,
+              "Registered ID:description",
+              1, 'X509v3 Role Specification Certificate Identifier');
+
+my $time_spec_abs_cert = srctop_file(@certs, "ext-timeSpecification-absolute.pem");
+cert_contains($time_spec_abs_cert,
+              "Timezone: UTC-05:00",
+              1, 'X509v3 Time Specification');
+cert_contains($time_spec_abs_cert,
+              "Absolute: Any time between Dec 20 13:07:21 2022 GMT and Dec 20 13:07:21 2022 GMT",
+              1, 'X509v3 Time Specification');
+
+my $time_spec_per_cert = srctop_file(@certs, "ext-timeSpecification-periodic.pem");
+cert_contains($time_spec_per_cert,
+              "Timezone: UTC-05:00",
+              1, 'X509v3 Time Specification');
+cert_contains($time_spec_per_cert,
+              "NOT this time:",
+              1, 'X509v3 Time Specification');
+cert_contains($time_spec_per_cert,
+              "05:43:21 - 12:34:56",
+              1, 'X509v3 Time Specification');
+cert_contains($time_spec_per_cert,
+              "Days of the week: SUN, MON",
+              1, 'X509v3 Time Specification');
+cert_contains($time_spec_per_cert,
+              "Weeks of the month: 3, 4",
+              1, 'X509v3 Time Specification');
+cert_contains($time_spec_per_cert,
+              "Months: MAY, JUN",
+              1, 'X509v3 Time Specification');
+cert_contains($time_spec_per_cert,
+              "Years: 2022, 2023",
+              1, 'X509v3 Time Specification');
+cert_contains($time_spec_per_cert,
+              "Days of the month: 3, 4",
+              1, 'X509v3 Time Specification');
+cert_contains($time_spec_per_cert,
+              "Months: JUL, AUG",
+              1, 'X509v3 Time Specification');
+cert_contains($time_spec_per_cert,
+              "Years: 2023, 2024",
+              1, 'X509v3 Time Specification');
 
 sub test_errors { # actually tests diagnostics of OSSL_STORE
     my ($expected, $cert, @opts) = @_;
@@ -187,6 +436,20 @@ ok(!run(app(["openssl", "x509", "-noout", "-dates", "-dateopt", "invalid_format"
 	     "-in", srctop_file("test/certs", "ca-cert.pem")])),
    "Run with invalid -dateopt format");
 
+# extracts issuer from a -text formatted-output
+sub get_issuer {
+    my $f = shift(@_);
+    my $issuer = "";
+    open my $fh, $f or die;
+    while (my $line = <$fh>) {
+        if ($line =~ /Issuer:/) {
+            $issuer = $line;
+        }
+    }
+    close $fh;
+    return $issuer;
+}
+
 # Tests for signing certs (broken in 1.1.1o)
 my $a_key = "a-key.pem";
 my $a_cert = "a-cert.pem";
@@ -210,15 +473,7 @@ ok(run(app(["openssl", "x509", "-in", $a_cert, "-CA", $ca_cert,
             "-CAkey", $ca_key, "-set_serial", "1234567890",
             "-preserve_dates", "-sha256", "-text", "-out", $a2_cert])));
 # verify issuer is CA
-ok(get_issuer($a2_cert) =~ /CN=ca.example.com/);
-
-my $in_csr = srctop_file('test', 'certs', 'x509-check.csr');
-my $in_key = srctop_file('test', 'certs', 'x509-check-key.pem');
-my $invextfile = srctop_file('test', 'invalid-x509.cnf');
-# Test that invalid extensions settings fail
-ok(!run(app(["openssl", "x509", "-req", "-in", $in_csr, "-signkey", $in_key,
-            "-out", "/dev/null", "-days", "3650" , "-extensions", "ext",
-            "-extfile", $invextfile])));
+ok (get_issuer($a2_cert) =~ /CN=ca.example.com/);
 
 # Tests for issue #16080 (fixed in 1.1.1o)
 my $b_key = "b-key.pem";
@@ -254,53 +509,6 @@ ok(run(app(["openssl", "x509", "-req", "-text", "-CAcreateserial",
             "-in", $b_csr])));
 ok(-e $ca_serial_dot_in_dir);
 
-# Tests for explict start and end dates of certificates
-my %today = (strftime("%Y-%m-%d", gmtime) => 1);
-my $enddate;
-ok(run(app(["openssl", "x509", "-req", "-text",
-	    "-key", $b_key,
-	    "-not_before", "20231031000000Z",
-	    "-not_after", "today",
-            "-in", $b_csr, "-out", $b_cert]))
-&& get_not_before($b_cert) =~ /Oct 31 00:00:00 2023 GMT/
-&& ++$today{strftime("%Y-%m-%d", gmtime)}
-&& (grep { defined $today{$_} } get_not_after_date($b_cert)));
-# explicit start and end dates
-ok(run(app(["openssl", "x509", "-req", "-text",
-	    "-key", $b_key,
-	    "-not_before", "20231031000000Z",
-	    "-not_after", "20231231000000Z",
-	    "-days", "99",
-            "-in", $b_csr, "-out", $b_cert]))
-&& get_not_before($b_cert) =~ /Oct 31 00:00:00 2023 GMT/
-&& get_not_after($b_cert) =~ /Dec 31 00:00:00 2023 GMT/);
-# start date today and days
-%today = (strftime("%Y-%m-%d", gmtime) => 1);
-$enddate = strftime("%Y-%m-%d", gmtime(time + 99 * 24 * 60 * 60));
-ok(run(app(["openssl", "x509", "-req", "-text",
-	    "-key", $b_key,
-	    "-not_before", "today",
-	    "-days", "99",
-            "-in", $b_csr, "-out", $b_cert]))
-&& ++$today{strftime("%Y-%m-%d", gmtime)}
-&& (grep { defined $today{$_} } get_not_before_date($b_cert))
-&& get_not_after_date($b_cert) eq $enddate);
-# end date before start date
-ok(!run(app(["openssl", "x509", "-req", "-text",
-	      "-key", $b_key,
-	      "-not_before", "today",
-	      "-not_after", "20231031000000Z",
-              "-in", $b_csr, "-out", $b_cert])));
-# default days option
-%today = (strftime("%Y-%m-%d", gmtime) => 1);
-$enddate = strftime("%Y-%m-%d", gmtime(time + 30 * 24 * 60 * 60));
-ok(run(app(["openssl", "x509", "-req", "-text",
-	    "-key", $b_key,
-            "-in", $b_csr, "-out", $b_cert]))
-&& ++$today{strftime("%Y-%m-%d", gmtime)}
-&& (grep { defined $today{$_} } get_not_before_date($b_cert))
-&& get_not_after_date($b_cert) eq $enddate);
-
 SKIP: {
     skip "EC is not supported by this OpenSSL build", 1
         if disabled("ec");
diff --git a/test/x509acert_test.c b/test/x509acert_test.c
new file mode 100644
index 0000000000000..85346829c234d
--- /dev/null
+++ b/test/x509acert_test.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/pem.h>
+#include <openssl/x509_acert.h>
+
+#include "testutil.h"
+
+static const char *acert_file = NULL;
+
+static int test_read_acert(void)
+{
+    X509_ACERT *acert = NULL;
+    BIO *bp = NULL, *bout = NULL;
+    int ret = 0;
+
+    if (!TEST_ptr(bp = BIO_new_file(acert_file, "r")))
+        goto err;
+
+    if (!TEST_ptr(acert = PEM_read_bio_X509_ACERT(bp, NULL, NULL, NULL)))
+        goto err;
+
+    if (!TEST_ptr(bout = BIO_new_fp(stdout, BIO_NOCLOSE)))
+        goto err;
+
+    if (!TEST_int_gt(X509_ACERT_print(bout, acert), 0))
+        goto err;
+
+    ret = 1;
+err:
+    BIO_free(bp);
+    BIO_free(bout);
+    X509_ACERT_free(acert);
+    ERR_print_errors_fp(stdout);
+    return ret;
+}
+
+OPT_TEST_DECLARE_USAGE("acert_file\n")
+int setup_tests(void)
+{
+    if (!test_skip_common_options()) {
+        TEST_error("Error parsing test options\n");
+        return 0;
+    }
+
+    if (!TEST_ptr(acert_file = test_get_argument(0)))
+        return 0;
+
+    ADD_TEST(test_read_acert);
+    return 1;
+}
\ No newline at end of file
diff --git a/util/libcrypto.num b/util/libcrypto.num
index a5f9bb32cb17f..4ba7def0a4f7b 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5646,3 +5646,200 @@ OSSL_IETF_ATTR_SYNTAX_print             ?	3_4_0	EXIST::FUNCTION:
 X509_ACERT_add_attr_nconf               ?	3_4_0	EXIST::FUNCTION:
 OSSL_LIB_CTX_get_conf_diagnostics       ?	3_4_0	EXIST::FUNCTION:
 OSSL_LIB_CTX_set_conf_diagnostics       ?	3_4_0	EXIST::FUNCTION:
+X509_get_issuer_serial                  ?	3_4_0	EXIST::FUNCTION:
+d2i_USER_NOTICE_SYNTAX                  ?	3_4_0	EXIST::FUNCTION:
+i2d_USER_NOTICE_SYNTAX                  ?	3_4_0	EXIST::FUNCTION:
+USER_NOTICE_SYNTAX_free                 ?	3_4_0	EXIST::FUNCTION:
+USER_NOTICE_SYNTAX_new                  ?	3_4_0	EXIST::FUNCTION:
+USER_NOTICE_SYNTAX_it                   ?	3_4_0	EXIST::FUNCTION:
+d2i_BASIC_ATTR_CONSTRAINTS              ?	3_4_0	EXIST::FUNCTION:
+i2d_BASIC_ATTR_CONSTRAINTS              ?	3_4_0	EXIST::FUNCTION:
+BASIC_ATTR_CONSTRAINTS_free             ?	3_4_0	EXIST::FUNCTION:
+BASIC_ATTR_CONSTRAINTS_new              ?	3_4_0	EXIST::FUNCTION:
+BASIC_ATTR_CONSTRAINTS_it               ?	3_4_0	EXIST::FUNCTION:
+ossl_print_gens                         ?	3_4_0	EXIST::FUNCTION:
+d2i_AUTHORITY_ATTRIBUTE_ID_SYNTAX       ?	3_4_0	EXIST::FUNCTION:
+i2d_AUTHORITY_ATTRIBUTE_ID_SYNTAX       ?	3_4_0	EXIST::FUNCTION:
+AUTHORITY_ATTRIBUTE_ID_SYNTAX_free      ?	3_4_0	EXIST::FUNCTION:
+AUTHORITY_ATTRIBUTE_ID_SYNTAX_new       ?	3_4_0	EXIST::FUNCTION:
+AUTHORITY_ATTRIBUTE_ID_SYNTAX_it        ?	3_4_0	EXIST::FUNCTION:
+d2i_OSSL_ISSUER_SERIAL                  ?	3_4_0	EXIST::FUNCTION:
+i2d_OSSL_ISSUER_SERIAL                  ?	3_4_0	EXIST::FUNCTION:
+OSSL_ISSUER_SERIAL_it                   ?	3_4_0	EXIST::FUNCTION:
+d2i_OBJECT_DIGEST_INFO                  ?	3_4_0	EXIST::FUNCTION:
+i2d_OBJECT_DIGEST_INFO                  ?	3_4_0	EXIST::FUNCTION:
+OBJECT_DIGEST_INFO_free                 ?	3_4_0	EXIST::FUNCTION:
+OBJECT_DIGEST_INFO_new                  ?	3_4_0	EXIST::FUNCTION:
+OBJECT_DIGEST_INFO_it                   ?	3_4_0	EXIST::FUNCTION:
+d2i_TARGET_CERT                         ?	3_4_0	EXIST::FUNCTION:
+i2d_TARGET_CERT                         ?	3_4_0	EXIST::FUNCTION:
+TARGET_CERT_free                        ?	3_4_0	EXIST::FUNCTION:
+TARGET_CERT_new                         ?	3_4_0	EXIST::FUNCTION:
+TARGET_CERT_it                          ?	3_4_0	EXIST::FUNCTION:
+d2i_TARGET                              ?	3_4_0	EXIST::FUNCTION:
+i2d_TARGET                              ?	3_4_0	EXIST::FUNCTION:
+TARGET_free                             ?	3_4_0	EXIST::FUNCTION:
+TARGET_new                              ?	3_4_0	EXIST::FUNCTION:
+TARGET_it                               ?	3_4_0	EXIST::FUNCTION:
+d2i_TARGETS                             ?	3_4_0	EXIST::FUNCTION:
+i2d_TARGETS                             ?	3_4_0	EXIST::FUNCTION:
+TARGETS_free                            ?	3_4_0	EXIST::FUNCTION:
+TARGETS_new                             ?	3_4_0	EXIST::FUNCTION:
+TARGETS_it                              ?	3_4_0	EXIST::FUNCTION:
+d2i_TARGETING_INFORMATION               ?	3_4_0	EXIST::FUNCTION:
+i2d_TARGETING_INFORMATION               ?	3_4_0	EXIST::FUNCTION:
+TARGETING_INFORMATION_free              ?	3_4_0	EXIST::FUNCTION:
+TARGETING_INFORMATION_new               ?	3_4_0	EXIST::FUNCTION:
+TARGETING_INFORMATION_it                ?	3_4_0	EXIST::FUNCTION:
+d2i_ATTRIBUTES_SYNTAX                   ?	3_4_0	EXIST::FUNCTION:
+i2d_ATTRIBUTES_SYNTAX                   ?	3_4_0	EXIST::FUNCTION:
+ATTRIBUTES_SYNTAX_free                  ?	3_4_0	EXIST::FUNCTION:
+ATTRIBUTES_SYNTAX_new                   ?	3_4_0	EXIST::FUNCTION:
+ATTRIBUTES_SYNTAX_it                    ?	3_4_0	EXIST::FUNCTION:
+ALLOWED_ATTRIBUTES_CHOICE_it            ?	3_4_0	EXIST::FUNCTION:
+ALLOWED_ATTRIBUTES_ITEM_it              ?	3_4_0	EXIST::FUNCTION:
+d2i_ALLOWED_ATTRIBUTES_SYNTAX           ?	3_4_0	EXIST::FUNCTION:
+i2d_ALLOWED_ATTRIBUTES_SYNTAX           ?	3_4_0	EXIST::FUNCTION:
+ALLOWED_ATTRIBUTES_SYNTAX_free          ?	3_4_0	EXIST::FUNCTION:
+ALLOWED_ATTRIBUTES_SYNTAX_new           ?	3_4_0	EXIST::FUNCTION:
+ALLOWED_ATTRIBUTES_SYNTAX_it            ?	3_4_0	EXIST::FUNCTION:
+ATAV_it                                 ?	3_4_0	EXIST::FUNCTION:
+ATTRIBUTE_TYPE_MAPPING_it               ?	3_4_0	EXIST::FUNCTION:
+ATTRIBUTE_VALUE_MAPPING_it              ?	3_4_0	EXIST::FUNCTION:
+ATTRIBUTE_MAPPING_it                    ?	3_4_0	EXIST::FUNCTION:
+d2i_ATTRIBUTE_MAPPINGS                  ?	3_4_0	EXIST::FUNCTION:
+i2d_ATTRIBUTE_MAPPINGS                  ?	3_4_0	EXIST::FUNCTION:
+ATTRIBUTE_MAPPINGS_free                 ?	3_4_0	EXIST::FUNCTION:
+ATTRIBUTE_MAPPINGS_new                  ?	3_4_0	EXIST::FUNCTION:
+ATTRIBUTE_MAPPINGS_it                   ?	3_4_0	EXIST::FUNCTION:
+HASH_it                                 ?	3_4_0	EXIST::FUNCTION:
+INFO_SYNTAX_POINTER_it                  ?	3_4_0	EXIST::FUNCTION:
+INFO_SYNTAX_it                          ?	3_4_0	EXIST::FUNCTION:
+PRIVILEGE_POLICY_ID_it                  ?	3_4_0	EXIST::FUNCTION:
+d2i_ATTRIBUTE_DESCRIPTOR                ?	3_4_0	EXIST::FUNCTION:
+i2d_ATTRIBUTE_DESCRIPTOR                ?	3_4_0	EXIST::FUNCTION:
+ATTRIBUTE_DESCRIPTOR_free               ?	3_4_0	EXIST::FUNCTION:
+ATTRIBUTE_DESCRIPTOR_new                ?	3_4_0	EXIST::FUNCTION:
+ATTRIBUTE_DESCRIPTOR_it                 ?	3_4_0	EXIST::FUNCTION:
+d2i_AA_DIST_POINT                       ?	3_4_0	EXIST::FUNCTION:
+i2d_AA_DIST_POINT                       ?	3_4_0	EXIST::FUNCTION:
+AA_DIST_POINT_free                      ?	3_4_0	EXIST::FUNCTION:
+AA_DIST_POINT_new                       ?	3_4_0	EXIST::FUNCTION:
+AA_DIST_POINT_it                        ?	3_4_0	EXIST::FUNCTION:
+d2i_ROLE_SPEC_CERT_ID                   ?	3_4_0	EXIST::FUNCTION:
+i2d_ROLE_SPEC_CERT_ID                   ?	3_4_0	EXIST::FUNCTION:
+ROLE_SPEC_CERT_ID_free                  ?	3_4_0	EXIST::FUNCTION:
+ROLE_SPEC_CERT_ID_new                   ?	3_4_0	EXIST::FUNCTION:
+ROLE_SPEC_CERT_ID_it                    ?	3_4_0	EXIST::FUNCTION:
+d2i_ROLE_SPEC_CERT_ID_SYNTAX            ?	3_4_0	EXIST::FUNCTION:
+i2d_ROLE_SPEC_CERT_ID_SYNTAX            ?	3_4_0	EXIST::FUNCTION:
+ROLE_SPEC_CERT_ID_SYNTAX_free           ?	3_4_0	EXIST::FUNCTION:
+ROLE_SPEC_CERT_ID_SYNTAX_new            ?	3_4_0	EXIST::FUNCTION:
+ROLE_SPEC_CERT_ID_SYNTAX_it             ?	3_4_0	EXIST::FUNCTION:
+DAY_TIME_it                             ?	3_4_0	EXIST::FUNCTION:
+DAY_TIME_BAND_it                        ?	3_4_0	EXIST::FUNCTION:
+NAMED_DAY_it                            ?	3_4_0	EXIST::FUNCTION:
+TIME_SPEC_X_DAY_OF_it                   ?	3_4_0	EXIST::FUNCTION:
+TIME_SPEC_DAY_it                        ?	3_4_0	EXIST::FUNCTION:
+TIME_SPEC_WEEKS_it                      ?	3_4_0	EXIST::FUNCTION:
+TIME_SPEC_MONTH_it                      ?	3_4_0	EXIST::FUNCTION:
+TIME_PERIOD_it                          ?	3_4_0	EXIST::FUNCTION:
+d2i_TIME_SPEC_ABSOLUTE                  ?	3_4_0	EXIST::FUNCTION:
+i2d_TIME_SPEC_ABSOLUTE                  ?	3_4_0	EXIST::FUNCTION:
+TIME_SPEC_ABSOLUTE_free                 ?	3_4_0	EXIST::FUNCTION:
+TIME_SPEC_ABSOLUTE_new                  ?	3_4_0	EXIST::FUNCTION:
+TIME_SPEC_ABSOLUTE_it                   ?	3_4_0	EXIST::FUNCTION:
+d2i_TIME_SPEC_TIME                      ?	3_4_0	EXIST::FUNCTION:
+i2d_TIME_SPEC_TIME                      ?	3_4_0	EXIST::FUNCTION:
+TIME_SPEC_TIME_free                     ?	3_4_0	EXIST::FUNCTION:
+TIME_SPEC_TIME_new                      ?	3_4_0	EXIST::FUNCTION:
+TIME_SPEC_TIME_it                       ?	3_4_0	EXIST::FUNCTION:
+d2i_TIME_SPEC                           ?	3_4_0	EXIST::FUNCTION:
+i2d_TIME_SPEC                           ?	3_4_0	EXIST::FUNCTION:
+TIME_SPEC_free                          ?	3_4_0	EXIST::FUNCTION:
+TIME_SPEC_new                           ?	3_4_0	EXIST::FUNCTION:
+TIME_SPEC_it                            ?	3_4_0	EXIST::FUNCTION:
+d2i_COMMON_CRITERIA_MEASURES            ?	3_4_0	EXIST::FUNCTION:
+i2d_COMMON_CRITERIA_MEASURES            ?	3_4_0	EXIST::FUNCTION:
+COMMON_CRITERIA_MEASURES_free           ?	3_4_0	EXIST::FUNCTION:
+COMMON_CRITERIA_MEASURES_new            ?	3_4_0	EXIST::FUNCTION:
+COMMON_CRITERIA_MEASURES_it             ?	3_4_0	EXIST::FUNCTION:
+d2i_FIPS_LEVEL                          ?	3_4_0	EXIST::FUNCTION:
+i2d_FIPS_LEVEL                          ?	3_4_0	EXIST::FUNCTION:
+FIPS_LEVEL_free                         ?	3_4_0	EXIST::FUNCTION:
+FIPS_LEVEL_new                          ?	3_4_0	EXIST::FUNCTION:
+FIPS_LEVEL_it                           ?	3_4_0	EXIST::FUNCTION:
+d2i_TBB_SECURITY_ASSERTIONS             ?	3_4_0	EXIST::FUNCTION:
+i2d_TBB_SECURITY_ASSERTIONS             ?	3_4_0	EXIST::FUNCTION:
+TBB_SECURITY_ASSERTIONS_free            ?	3_4_0	EXIST::FUNCTION:
+TBB_SECURITY_ASSERTIONS_new             ?	3_4_0	EXIST::FUNCTION:
+TBB_SECURITY_ASSERTIONS_it              ?	3_4_0	EXIST::FUNCTION:
+d2i_MANUFACTURER_ID                     ?	3_4_0	EXIST::FUNCTION:
+i2d_MANUFACTURER_ID                     ?	3_4_0	EXIST::FUNCTION:
+MANUFACTURER_ID_free                    ?	3_4_0	EXIST::FUNCTION:
+MANUFACTURER_ID_new                     ?	3_4_0	EXIST::FUNCTION:
+MANUFACTURER_ID_it                      ?	3_4_0	EXIST::FUNCTION:
+d2i_TCG_SPEC_VERSION                    ?	3_4_0	EXIST::FUNCTION:
+i2d_TCG_SPEC_VERSION                    ?	3_4_0	EXIST::FUNCTION:
+TCG_SPEC_VERSION_free                   ?	3_4_0	EXIST::FUNCTION:
+TCG_SPEC_VERSION_new                    ?	3_4_0	EXIST::FUNCTION:
+TCG_SPEC_VERSION_it                     ?	3_4_0	EXIST::FUNCTION:
+d2i_TCG_PLATFORM_SPEC                   ?	3_4_0	EXIST::FUNCTION:
+i2d_TCG_PLATFORM_SPEC                   ?	3_4_0	EXIST::FUNCTION:
+TCG_PLATFORM_SPEC_free                  ?	3_4_0	EXIST::FUNCTION:
+TCG_PLATFORM_SPEC_new                   ?	3_4_0	EXIST::FUNCTION:
+TCG_PLATFORM_SPEC_it                    ?	3_4_0	EXIST::FUNCTION:
+d2i_TCG_CRED_TYPE                       ?	3_4_0	EXIST::FUNCTION:
+i2d_TCG_CRED_TYPE                       ?	3_4_0	EXIST::FUNCTION:
+TCG_CRED_TYPE_free                      ?	3_4_0	EXIST::FUNCTION:
+TCG_CRED_TYPE_new                       ?	3_4_0	EXIST::FUNCTION:
+TCG_CRED_TYPE_it                        ?	3_4_0	EXIST::FUNCTION:
+d2i_COMPONENT_CLASS                     ?	3_4_0	EXIST::FUNCTION:
+i2d_COMPONENT_CLASS                     ?	3_4_0	EXIST::FUNCTION:
+COMPONENT_CLASS_free                    ?	3_4_0	EXIST::FUNCTION:
+COMPONENT_CLASS_new                     ?	3_4_0	EXIST::FUNCTION:
+COMPONENT_CLASS_it                      ?	3_4_0	EXIST::FUNCTION:
+ATTRIBUTE_CERTIFICATE_IDENTIFIER_it     ?	3_4_0	EXIST::FUNCTION:
+CERTIFICATE_IDENTIFIER_it               ?	3_4_0	EXIST::FUNCTION:
+d2i_PLATFORM_CONFIG                     ?	3_4_0	EXIST::FUNCTION:
+i2d_PLATFORM_CONFIG                     ?	3_4_0	EXIST::FUNCTION:
+PLATFORM_CONFIG_free                    ?	3_4_0	EXIST::FUNCTION:
+PLATFORM_CONFIG_new                     ?	3_4_0	EXIST::FUNCTION:
+PLATFORM_CONFIG_it                      ?	3_4_0	EXIST::FUNCTION:
+d2i_URI_REFERENCE                       ?	3_4_0	EXIST::FUNCTION:
+i2d_URI_REFERENCE                       ?	3_4_0	EXIST::FUNCTION:
+URI_REFERENCE_free                      ?	3_4_0	EXIST::FUNCTION:
+URI_REFERENCE_new                       ?	3_4_0	EXIST::FUNCTION:
+URI_REFERENCE_it                        ?	3_4_0	EXIST::FUNCTION:
+d2i_COMPONENT_ADDRESS                   ?	3_4_0	EXIST::FUNCTION:
+i2d_COMPONENT_ADDRESS                   ?	3_4_0	EXIST::FUNCTION:
+COMPONENT_ADDRESS_free                  ?	3_4_0	EXIST::FUNCTION:
+COMPONENT_ADDRESS_new                   ?	3_4_0	EXIST::FUNCTION:
+COMPONENT_ADDRESS_it                    ?	3_4_0	EXIST::FUNCTION:
+d2i_PLATFORM_PROPERTY                   ?	3_4_0	EXIST::FUNCTION:
+i2d_PLATFORM_PROPERTY                   ?	3_4_0	EXIST::FUNCTION:
+PLATFORM_PROPERTY_free                  ?	3_4_0	EXIST::FUNCTION:
+PLATFORM_PROPERTY_new                   ?	3_4_0	EXIST::FUNCTION:
+PLATFORM_PROPERTY_it                    ?	3_4_0	EXIST::FUNCTION:
+d2i_COMPONENT_IDENTIFIER                ?	3_4_0	EXIST::FUNCTION:
+i2d_COMPONENT_IDENTIFIER                ?	3_4_0	EXIST::FUNCTION:
+COMPONENT_IDENTIFIER_free               ?	3_4_0	EXIST::FUNCTION:
+COMPONENT_IDENTIFIER_new                ?	3_4_0	EXIST::FUNCTION:
+COMPONENT_IDENTIFIER_it                 ?	3_4_0	EXIST::FUNCTION:
+print_notice                            ?	3_4_0	EXIST::FUNCTION:
+URI_REFERENCE_print                     ?	3_4_0	EXIST::FUNCTION:
+COMPONENT_CLASS_print                   ?	3_4_0	EXIST::FUNCTION:
+COMMON_CRITERIA_MEASURES_print          ?	3_4_0	EXIST::FUNCTION:
+FIPS_LEVEL_print                        ?	3_4_0	EXIST::FUNCTION:
+TBB_SECURITY_ASSERTIONS_print           ?	3_4_0	EXIST::FUNCTION:
+MANUFACTURER_ID_print                   ?	3_4_0	EXIST::FUNCTION:
+TCG_SPEC_VERSION_print                  ?	3_4_0	EXIST::FUNCTION:
+TCG_PLATFORM_SPEC_print                 ?	3_4_0	EXIST::FUNCTION:
+TCG_CRED_TYPE_print                     ?	3_4_0	EXIST::FUNCTION:
+COMPONENT_ADDRESS_print                 ?	3_4_0	EXIST::FUNCTION:
+PLATFORM_PROPERTY_print                 ?	3_4_0	EXIST::FUNCTION:
+ATTRIBUTE_CERTIFICATE_IDENTIFIER_print  ?	3_4_0	EXIST::FUNCTION:
+CERTIFICATE_IDENTIFIER_print            ?	3_4_0	EXIST::FUNCTION:
+COMPONENT_IDENTIFIER_print              ?	3_4_0	EXIST::FUNCTION:
+PLATFORM_CONFIG_print                   ?	3_4_0	EXIST::FUNCTION:
+i2r_ISSUER_SERIAL                       ?	3_4_0	EXIST::FUNCTION: