diff --git a/CHANGES b/CHANGES
index c63a2dfcc9285852c902761bcaccd79320d92b3f..b08201245e3c3533fbd25ea6748f43812594f347 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,11 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Fix to avoid calling the underlying ASN1 print routine when
+     an extension cannot be parsed. Correct a typo in the
+     OCSP_SERVICELOC extension. Tidy up print OCSP format.
+     [Steve Henson]
+
   *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
      Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
      when writing a 32767 byte record.
@@ -19,6 +24,7 @@
 
   *) Make mkdef.pl parse some of the ASN1 macros and add apropriate
      entries for variables.
+     [Steve Henson]
 
   *) Add functionality to apps/openssl.c for detecting locking
      problems: As the program is single-threaded, all we have
@@ -66,7 +72,11 @@
      [Steve Henson]
 
   *) Merge in replacement ASN1 code from the ASN1 branch. This almost
-     completely replaces the old ASN1 functionality.
+     completely replaces the old ASN1 functionality with a table driven
+     encoder and decoder which interprets an ASN1_ITEM structure describing
+     the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
+     largely maintained. Almost all of the old asn1_mac.h macro based ASN1
+     has also been converted to the new form.
      [Steve Henson]
 
   *) Change BN_mod_exp_recp so that negative moduli are tolerated
diff --git a/crypto/ocsp/ocsp_asn.c b/crypto/ocsp/ocsp_asn.c
index a84db660da399e62768de8c18eeeda193ed1aee6..336d5e396b9097af7b09c529d1bd3bc0e536d3ef 100644
--- a/crypto/ocsp/ocsp_asn.c
+++ b/crypto/ocsp/ocsp_asn.c
@@ -174,7 +174,7 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)
 
 ASN1_SEQUENCE(OCSP_SERVICELOC) = {
 	ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME),
-	ASN1_SEQUENCE_OF(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
+	ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
 } ASN1_SEQUENCE_END(OCSP_SERVICELOC);
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC)
diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c
index 649a9cec913bb921bc9dce73f377bde5953fb3b6..533d3010f260a78d6f8c9580e8865ed14ede0461 100644
--- a/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
@@ -158,23 +158,22 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
 		cid = one->reqCert;
 		ocsp_certid_print(bp, cid, 8);
 		if (!X509V3_extensions_print(bp,
-					"OCSP Request Single Extensions",
-					one->singleRequestExtensions, flags, 4))
+					"Request Single Extensions",
+					one->singleRequestExtensions, flags, 8))
 							goto err;
 		}
-	if (!X509V3_extensions_print(bp, "OCSP Request Extensions",
+	if (!X509V3_extensions_print(bp, "Request Extensions",
 			inf->requestExtensions, flags, 4))
 							goto err;
 	if (sig)
 	        {
 		X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
-		}
-
-	for (i=0; i<sk_X509_num(sig->certs); i++)
-		if (sk_X509_value(sig->certs,i) != NULL) {
+		for (i=0; i<sk_X509_num(sig->certs); i++)
+			{
 			X509_print(bp, sk_X509_value(sig->certs,i));
 			PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i));
-	}
+			}
+		}
 	return 1;
 err:
 	return 0;
@@ -269,20 +268,20 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
 			}
 		if (!BIO_write(bp,"\n",1)) goto err;
 		if (!X509V3_extensions_print(bp,
-					"OCSP Basic Response Single Extensions",
-					single->singleExtensions, flags, 4))
+					"Response Single Extensions",
+					single->singleExtensions, flags, 8))
 							goto err;
 		}
-	if (!X509V3_extensions_print(bp, "OCSP Basic Response Extensions",
+	if (!X509V3_extensions_print(bp, "Response Extensions",
 					rd->responseExtensions, flags, 4))
 	if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
 							goto err;
 
 	for (i=0; i<sk_X509_num(br->certs); i++)
-		if (sk_X509_value(br->certs,i) != NULL) {
-			X509_print(bp, sk_X509_value(br->certs,i));
-			PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
-	}
+		{
+		X509_print(bp, sk_X509_value(br->certs,i));
+		PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
+		}
 
 	return 1;
 err:
diff --git a/crypto/x509v3/v3_ocsp.c b/crypto/x509v3/v3_ocsp.c
index a10bfa97f425245fe1047b52b09bcac670e5b0f6..c65dbfa9f73b466b06cec155f455213ff90633dc 100644
--- a/crypto/x509v3/v3_ocsp.c
+++ b/crypto/x509v3/v3_ocsp.c
@@ -229,7 +229,7 @@ static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int
 	OCSP_SERVICELOC *a = in;
 	ACCESS_DESCRIPTION *ad;
 
-        if (BIO_printf(bp, "%*ssIissuer: ", ind, "") <= 0) goto err;
+        if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
         if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
 	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
 	        {
diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c
index 475c48098c0b56ce56c1b42774714afaa46659ba..62ec1f1db312099e650cb1ab575e2119a8152ca1 100644
--- a/crypto/x509v3/v3_prn.c
+++ b/crypto/x509v3/v3_prn.c
@@ -112,7 +112,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde
 	if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, method->it);
 	else ext_str = method->d2i(NULL, &p, ext->value->length);
 
-	if(!ext_str) unknown_ext_print(out, ext, flag, indent, 1);
+	if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);
 
 	if(method->i2s) {
 		if(!(value = method->i2s(method, ext_str))) {