From 49b547db08af0b2f95dc1a81b1c0376e78beb0df Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Tue, 8 Mar 2016 15:20:45 -0700
Subject: [PATCH 1/2] make QSH debug compile for C89

---
 src/keys.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/keys.c b/src/keys.c
index 07a0b1d38..f641a39df 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -3058,6 +3058,7 @@ int MakeMasterSecret(WOLFSSL* ssl)
 
         /* show secret SerSi and CliSi */
         #ifdef SHOW_SECRETS
+        {
             word32 j;
             printf("QSH generated secret material\n");
             printf("SerSi        : ");
@@ -3070,6 +3071,7 @@ int MakeMasterSecret(WOLFSSL* ssl)
                 printf("%02x", ssl->QSH_secret->CliSi->buffer[j]);
             }
             printf("\n");
+        }
         #endif
     }
 #endif

From 6e1c5b380173be3d9e92c885de5b5741efcb1dac Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Wed, 9 Mar 2016 17:22:38 -0700
Subject: [PATCH 2/2] disable CERT_EXT policies check when SEP is used instead

---
 wolfcrypt/test/test.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index b025dbf74..922bfda4c 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -3832,12 +3832,14 @@ int certext_test(void)
     if (cert.isCA)
         return -206;
 
+#ifndef WOLFSSL_SEP /* test only if not using SEP policies */
     /* check the Certificate Policies Id */
     if (cert.extCertPoliciesNb != 1)
         return -227;
 
     if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
         return -228;
+#endif
 
     FreeDecodedCert(&cert);
 
@@ -3881,6 +3883,7 @@ int certext_test(void)
     if (cert.isCA)
         return -216;
 
+#ifndef WOLFSSL_SEP /* test only if not using SEP policies */
     /* check the Certificate Policies Id */
     if (cert.extCertPoliciesNb != 2)
         return -217;
@@ -3890,6 +3893,7 @@ int certext_test(void)
 
     if (strncmp(cert.extCertPolicies[1], "1.2.13025.489.1.113549", 22))
         return -219;
+#endif
 
     FreeDecodedCert(&cert);
 #endif /* HAVE_ECC */
@@ -3933,6 +3937,7 @@ int certext_test(void)
     if (!cert.isCA)
         return -226;
 
+#ifndef WOLFSSL_SEP /* test only if not using SEP policies */
     /* check the Certificate Policies Id */
     if (cert.extCertPoliciesNb != 2)
         return -227;
@@ -3942,6 +3947,7 @@ int certext_test(void)
 
     if (strncmp(cert.extCertPolicies[1], "1.2.840.113549.1.9.16.6.5", 25))
         return -229;
+#endif
 
     FreeDecodedCert(&cert);
     free(tmp);