Index: CSP.pm
--- CSP.pm.orig	2007-03-10 23:28:53.000000000 +0100
+++ CSP.pm	2015-07-12 20:01:57.379910791 +0200
@@ -111,7 +111,7 @@
     my $vars = shift;
     my $line = shift;
 
-    while ($line =~ s/%{([a-zA-Z0-9_\.]+)}/$vars->{$1}/eg) { }
+    while ($line =~ s/\%\{([a-zA-Z0-9_\.]+)\}/$vars->{$1}/eg) { }
     $line;
   }
 
@@ -132,25 +132,25 @@
 	
       SWITCH:
 	{
-	  last SWITCH unless /^(%if|%ifdef|%endif)/ or $ctx->doPrint();
+	  last SWITCH unless /^(\%if|\%ifdef|\%endif)/ or $ctx->doPrint();
 
-	  if (/^%ifdef\s+([A-Za-z0-9_\.]+)/)
+	  if (/^\%ifdef\s+([A-Za-z0-9_\.]+)/)
 	    {
 	      $ctx->push(defined $vars->{$1});
 	      last SWITCH;
 	    }
 
-	  if (/^%ifndef\s+([A-Za-z0-9_\.]+)/)
+	  if (/^\%ifndef\s+([A-Za-z0-9_\.]+)/)
 	    {
 	      $ctx->push(not defined $vars->{$1});
 	      last SWITCH;
 	    }
 
-	  if (/^%if\s+(.+)$/)
+	  if (/^\%if\s+(.+)$/)
 	      {
 		my $expr = $1;
 		
-		$expr =~ s/%{([A-Za-z0-9_\.]+)}/"\$vars->{\"$1\"}"/eg;
+		$expr =~ s/\%\{([A-Za-z0-9_\.]+)\}/"\$vars->{\"$1\"}"/eg;
 		
 		my $result = eval $expr;
 		$self->die("$@") if $@;
@@ -158,9 +158,9 @@
 		last SWITCH;
 	      }
 
-	  $ctx->pop(),last SWITCH if /^%endif/;
+	  $ctx->pop(),last SWITCH if /^\%endif/;
 
-	  $self->mppFile($cf,$vars,$1),last SWITCH if /^%include\s+(.+)/;
+	  $self->mppFile($cf,$vars,$1),last SWITCH if /^\%include\s+(.+)/;
 
 	  print $cf &_rewrite($vars,$_);
 	}
Index: ca/etc/extensions.conf
--- ca/etc/extensions.conf.orig	2007-03-10 23:28:34.000000000 +0100
+++ ca/etc/extensions.conf	2015-07-12 20:00:24.119810275 +0200
@@ -47,7 +47,18 @@
 crlDistributionPoints   = URI:http://ca.example.com/crl-v2.crl
 certificatePolicies     = ia5org,@certpolicy
 issuerAltName		= email:ca@example.com,URI:http://ca.example.com
-subjectAltName          = @altnames 
+%ifdef EMAIL
+subjectAltName          = @altnames
+%endif
+%ifdef URI
+subjectAltName          = @altnames
+%endif
+%ifdef DNS
+subjectAltName          = @altnames
+%endif
+%ifdef IP
+subjectAltName          = @altnames
+%endif
 
 [ altnames ]
 
@@ -67,11 +78,10 @@
 [certpolicy]
 
 policyIdentifier	= 1.1.1.1.1
-## Map this to a real document in your webserver configuration
 CPS.1			= http://ca.example.com/CPS
 userNotice.1		= @notice
 
 [notice]
 
-explicitText="Limited Liability, see http://ca.example.com/CP"
+explicitText            = "Limited Liability, see http://ca.example.com/CP"
 
Index: csp
--- csp.orig	2007-03-10 23:28:34.000000000 +0100
+++ csp	2015-07-12 20:00:24.119810275 +0200
@@ -1,9 +1,14 @@
-#!/usr/bin/perl
+#!@l_prefix@/bin/perl
 
-use lib './blib/lib';
+use lib '@l_prefix@/libexec/csp';
 
 use CSP;
 use Getopt::Long;
+use Cwd;
+
+$ENV{CSPHOME} = getcwd()                 if (not defined($ENV{CSPHOME}) and -d "./csp");
+$ENV{CSPHOME} = '@l_prefix@/var/csp/ca'  if (not defined($ENV{CSPHOME}));
+$ENV{OPENSSL} = '@l_prefix@/bin/openssl' if (not defined($ENV{OPENSSL}));
 
 sub list_csp
   {
@@ -175,6 +180,9 @@
 
 my $home = $ENV{CSPHOME} || 'ca';
 
+die "Panic: Cannot write to \$CSPHOME \"$home\""
+  unless -w $home;
+
 mkdir "$home/csp",00755 unless -d "$home/csp";
 
 $name eq '--list' and