diff -up bro-1.5.1/src/ssl-analyzer.pac.openssl bro-1.5.1/src/ssl-analyzer.pac
--- bro-1.5.1/src/ssl-analyzer.pac.openssl	2008-10-13 00:01:26.000000000 +0200
+++ bro-1.5.1/src/ssl-analyzer.pac	2010-09-08 13:36:04.179260819 +0200
@@ -382,7 +382,7 @@ refine analyzer SSLAnalyzer += {
 			STACK_OF(X509)* untrusted_certs = 0;
 			if ( certificates->size() > 1 )
 				{
-				untrusted_certs = sk_new_null();
+				untrusted_certs = sk_X509_new_null();
 				if ( ! untrusted_certs )
 					{
 					// X509_V_ERR_OUT_OF_MEM;
@@ -405,7 +405,7 @@ refine analyzer SSLAnalyzer += {
 						return false;
 						}
 
-					sk_push(untrusted_certs, (char*) pTemp);
+					sk_X509_push(untrusted_certs, pTemp);
 					}
 				}
 
@@ -417,7 +417,7 @@ refine analyzer SSLAnalyzer += {
 				certificate_error(csc.error);
 			X509_STORE_CTX_cleanup(&csc);
 
-			sk_pop_free(untrusted_certs, free_X509);
+			sk_X509_pop_free(untrusted_certs, X509_free);
 			}
 
 		X509_free(pCert);
diff -up bro-1.5.1/src/X509.cc.openssl bro-1.5.1/src/X509.cc
--- bro-1.5.1/src/X509.cc.openssl	2009-06-29 23:43:50.000000000 +0200
+++ bro-1.5.1/src/X509.cc	2010-09-08 13:36:04.180250612 +0200
@@ -192,7 +192,7 @@ int X509_Cert::verifyChain(Contents_SSL*
 	// but in chain format).
 
 	// Init the stack.
-	STACK_OF(X509)* untrustedCerts = sk_new_null();
+	STACK_OF(X509)* untrustedCerts = sk_X509_new_null();
 	if ( ! untrustedCerts )
 		{
 		// Internal error allocating stack of untrusted certs.
@@ -233,7 +233,7 @@ int X509_Cert::verifyChain(Contents_SSL*
 		else
 			// The remaining certificates (if any) are put into
 			// the list of untrusted certificates
-			sk_push(untrustedCerts, (char*) pTemp);
+			sk_X509_push(untrustedCerts, pTemp);
 
 		tempLength += certLength + 3;
 		}
@@ -259,7 +259,7 @@ int X509_Cert::verifyChain(Contents_SSL*
 	// Free the stack, incuding. contents.
 
 	// FIXME: could this break Bro's memory tracking?
-	sk_pop_free(untrustedCerts, free);
+	sk_X509_pop_free(untrustedCerts, X509_free);
 
 	return ret;
 	}