diff --git a/xmlsec1-1.2.12-openssl10.patch b/xmlsec1-1.2.12-openssl10.patch
new file mode 100644
index 0000000..8b8ae3f
--- /dev/null
+++ b/xmlsec1-1.2.12-openssl10.patch
@@ -0,0 +1,57 @@
+diff -up xmlsec1-1.2.12/src/openssl/x509vfy.c.ossl10 xmlsec1-1.2.12/src/openssl/x509vfy.c
+--- xmlsec1-1.2.12/src/openssl/x509vfy.c.ossl10	2009-06-25 22:53:18.000000000 +0200
++++ xmlsec1-1.2.12/src/openssl/x509vfy.c	2009-08-26 16:40:04.000000000 +0200
+@@ -173,7 +173,7 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDa
+ 			     XMLSEC_STACK_OF_X509_CRL* crls, xmlSecKeyInfoCtx* keyInfoCtx) {
+     xmlSecOpenSSLX509StoreCtxPtr ctx;
+     STACK_OF(X509)* certs2 = NULL;
+-    STACK_OF(X509_CRLS)* crls2 = NULL;
++    STACK_OF(X509_CRL)* crls2 = NULL;
+     X509* res = NULL;
+     X509* cert;
+     X509 *err_cert = NULL;
+@@ -802,8 +802,8 @@ xmlSecOpenSSLX509FindCert(STACK_OF(X509)
+ 	    return(NULL);    
+ 	}
+ 
+-	for(i = 0; i < certs->num; ++i) {
+-	    cert = ((X509**)(certs->data))[i];
++	for(i = 0; i < sk_X509_num(certs); ++i) {
++	    cert = sk_X509_value(certs, i);
+ 	    subj = X509_get_subject_name(cert);
+ 	    if(xmlSecOpenSSLX509NamesCompare(nm, subj) == 0) {
+ 		X509_NAME_free(nm);
+@@ -863,8 +863,8 @@ xmlSecOpenSSLX509FindCert(STACK_OF(X509)
+ 	BN_free(bn); 
+ 
+ 
+-	for(i = 0; i < certs->num; ++i) {
+-	    cert = ((X509**)(certs->data))[i];
++	for(i = 0; i < sk_X509_num(certs); ++i) {
++	    cert = sk_X509_value(certs, i);
+ 	    if(ASN1_INTEGER_cmp(X509_get_serialNumber(cert), serial) != 0) {
+ 		continue;
+ 	    } 
+@@ -895,8 +895,8 @@ xmlSecOpenSSLX509FindCert(STACK_OF(X509)
+ 			xmlSecErrorsSafeString(ski));
+ 	    return(NULL);    	
+ 	}
+-	for(i = 0; i < certs->num; ++i) {
+-	    cert = ((X509**)(certs->data))[i];
++	for(i = 0; i < sk_X509_num(certs); ++i) {
++	    cert = sk_X509_value(certs, i);
+ 	    index = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); 
+ 	    if((index >= 0)  && (ext = X509_get_ext(cert, index))) {
+ 		keyId = X509V3_EXT_d2i(ext);
+@@ -982,9 +982,9 @@ xmlSecOpenSSLX509VerifyCertAgainstCrls(S
+     /* 
+      * Check if the current certificate is revoked by this CRL
+      */
+-    n = sk_num(X509_CRL_get_REVOKED(crl));
++    n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
+     for (i = 0; i < n; i++) {
+-        revoked = (X509_REVOKED *)sk_value(X509_CRL_get_REVOKED(crl), i);
++        revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
+         if (ASN1_INTEGER_cmp(revoked->serialNumber, X509_get_serialNumber(cert)) == 0) {
+ 	    xmlSecError(XMLSEC_ERRORS_HERE,
+ 			NULL,
diff --git a/xmlsec1.spec b/xmlsec1.spec
index debd690..30bdecd 100644
--- a/xmlsec1.spec
+++ b/xmlsec1.spec
@@ -5,6 +5,7 @@ Release: 2%{?dist}%{?extra_release}
 License: MIT
 Group: Development/Libraries
 Source: ftp://ftp.aleksey.com/pub/xmlsec/releases/xmlsec1-%{version}.tar.gz
+Patch1: xmlsec1-1.2.12-openssl10.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 URL: http://www.aleksey.com/xmlsec/
 Requires: libxml2 >= 2.6.0
@@ -134,6 +135,7 @@ Libraries, includes, etc. for developing XML Security applications with NSS
 
 %prep
 %setup -q
+%patch1 -p1 -b .ossl10
 
 %build
 %configure
@@ -232,7 +234,7 @@ rm -fr %{buildroot}
 %{prefix}/lib*/pkgconfig/xmlsec1-nss.pc
 
 %changelog
-* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.12-2
+* Wed Aug 26 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.12-2
 - rebuilt with new openssl
 
 * Tue Aug 11 2009 Daniel Veillard <veillard@redhat.com> - 1.2.12-1