partial support for users to query SSL/TLS sessions for negotiated settings

added querying test
removed SSLv2 code

13 files changed, 71 insertions, 1687 deletions

diff --git a/src/daemon/connection.c b/src/daemon/connection.c
index 1cfd4029..b12ac705 100644
--- a/src/daemon/connection.c
+++ b/src/daemon/connection.c
@@ -33,6 +33,7 @@
 
 // get opaque type
 #include "gnutls_int.h"
+
 // TODO clean
 #undef MAX
 #define MAX(a,b) ((a)<(b)) ? (b) : (a)
@@ -160,6 +161,23 @@ MHD_get_connection_values (struct MHD_Connection *connection,
   return ret;
 }
 
+#if HTTPS_SUPPORT
+/* get cipher spec for this connection */
+gnutls_cipher_algorithm_t MHDS_get_session_cipher (struct MHD_Connection * session ){
+  return gnutls_cipher_get(session->tls_session);
+}
+
+gnutls_mac_algorithm_t MHDS_get_session_mac (struct MHD_Connection * session ){
+  return gnutls_mac_get(session->tls_session);
+}
+gnutls_compression_method_t MHDS_get_session_compression (struct MHD_Connection * session ){
+  return gnutls_compression_get(session->tls_session);
+}
+gnutls_certificate_type_t MHDS_get_session_cert_type (struct MHD_Connection * session ){
+  return gnutls_certificate_type_get(session->tls_session);
+}
+#endif
+
 /**
  * Get a particular header value.  If multiple
  * values match the kind, return any one of them.
@@ -1546,7 +1564,7 @@ MHDS_connection_handle_read (struct MHD_Connection *connection)
 
       break;
     case GNUTLS_ALERT:
-      /* 
+      /*
        * this call of _gnutls_recv_int expects 0 bytes read.
        * done to decrypt alert message
        */
@@ -1601,7 +1619,7 @@ MHDS_connection_handle_read (struct MHD_Connection *connection)
       /* forward application level content to MHD */
     case GNUTLS_APPLICATION_DATA:
       return MHD_connection_handle_read (connection);
-      // TODO impl  
+      // TODO impl
     case GNUTLS_HANDSHAKE:
       break;
     case GNUTLS_INNER_APPLICATION:
@@ -1823,7 +1841,7 @@ MHDS_connection_handle_write (struct MHD_Connection *connection)
           connection->s_state = MHDS_REPLY_SENDING;
           do_write (connection);
           break;
-          
+
         case MHDS_CONNECTION_CLOSED:
           if (connection->socket_fd != -1)
             connection_close_error (connection);
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c
index ecc70a02..83e1c8bc 100644
--- a/src/daemon/daemon.c
+++ b/src/daemon/daemon.c
@@ -220,7 +220,7 @@ MHDS_handle_connection (void *data)
                           con->daemon->x509_cret);
 
   /* avoid gnutls blocking recv / write calls */
-  gnutls_transport_set_pull_function(tls_session, &recv);
+  // gnutls_transport_set_pull_function(tls_session, &recv);
   // gnutls_transport_set_push_function(tls_session, &send);
 
   gnutls_transport_set_ptr (tls_session, con->socket_fd);
@@ -240,9 +240,9 @@ MHDS_handle_connection (void *data)
       con->s_state = MHDS_HANDSHAKE_FAILED;
       gnutls_bye (con->tls_session, GNUTLS_SHUT_WR);
       gnutls_deinit (tls_session);
-      con->socket_fd = 1;
+      con->socket_fd = -1;
       return MHD_NO;
-      
+
     }
 
   MHD_handle_connection (data);
@@ -338,7 +338,7 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
       CLOSE (s);
       return MHD_NO;
     }
-  
+
   /* apply connection acceptance policy if present */
   if ((daemon->apc != NULL)
       && (MHD_NO == daemon->apc (daemon->apc_cls, addr, addrlen)))
@@ -415,7 +415,7 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
                                             &MHDS_handle_connection,
                                             connection);
       else
-#endif        
+#endif
         {
           res_thread_create = pthread_create (&connection->pid, NULL,
                                               &MHD_handle_connection,
@@ -607,7 +607,7 @@ MHD_select (struct MHD_Daemon *daemon, int may_block)
   ds = daemon->socket_fd;
   if (ds == -1)
     return MHD_YES;
-  
+
   /* select connection thread handling type */
   if (__FD_ISSET (ds, &rs))
     MHD_accept_connection (daemon);
diff --git a/src/daemon/https/Makefile.am b/src/daemon/https/Makefile.am
index 33f46f1b..ec37f95b 100644
--- a/src/daemon/https/Makefile.am
+++ b/src/daemon/https/Makefile.am
@@ -6,6 +6,7 @@ AM_CPPFLAGS = -I./includes \
 -I$(top_srcdir)/src/daemon/https/openpgp \
 -I$(top_srcdir)/src/daemon/https/opencdk \
 -I$(top_srcdir)/src/daemon/https/tls \
+-I$(top_srcdir)/src/daemon/https/includes \
 -I$(top_srcdir)/src/daemon/https/cfg 
 
 noinst_LTLIBRARIES = libhttps.la
diff --git a/src/daemon/https/includes/gnutlsxx.h b/src/daemon/https/includes/gnutlsxx.h
deleted file mode 100644
index 3e98da12..00000000
--- a/src/daemon/https/includes/gnutlsxx.h
+++ /dev/null
@@ -1,393 +0,0 @@
-#ifndef GNUTLSXX_H
-# define GNUTLSXX_H
-
-#include <exception>
-#include <vector>
-#include <gnutls.h>
-
-namespace gnutls {
-
-class exception: public std::exception
-{
-    public:
-        exception( int x);
-        const char* what() const throw();
-        int get_code();
-    protected:
-        int retcode;
-};
-
-class dh_params
-{
-    public:
-        dh_params();
-        ~dh_params();
-        void import_raw( const gnutls_datum_t & prime,
-                     const gnutls_datum_t & generator);
-        void import_pkcs3( const gnutls_datum_t & pkcs3_params,
-                           gnutls_x509_crt_fmt_t format);
-        void generate( unsigned int bits);
-        
-        void export_pkcs3( gnutls_x509_crt_fmt_t format, unsigned char *params_data, size_t * params_data_size);
-        void export_raw( gnutls_datum_t& prime, gnutls_datum_t &generator);
-
-        gnutls_dh_params_t get_params_t() const;
-        dh_params & operator=(const dh_params& src);
-    protected:
-        gnutls_dh_params_t params;
-};
-  
-  
-class rsa_params
-{
-    public:
-        rsa_params();
-        ~rsa_params();
-        void import_raw( const gnutls_datum_t & m,
-                     const gnutls_datum_t & e,
-                     const gnutls_datum_t & d,
-                     const gnutls_datum_t & p,
-                     const gnutls_datum_t & q,
-                     const gnutls_datum_t & u);
-        void import_pkcs1( const gnutls_datum_t & pkcs1_params,
-                           gnutls_x509_crt_fmt_t format);
-        void generate( unsigned int bits);
-        
-        void export_pkcs1( gnutls_x509_crt_fmt_t format, unsigned char *params_data, size_t * params_data_size);
-        void export_raw(  gnutls_datum_t & m, gnutls_datum_t & e,
-                      gnutls_datum_t & d, gnutls_datum_t & p,
-                      gnutls_datum_t & q, gnutls_datum_t & u);
-        gnutls_rsa_params_t get_params_t() const;
-        rsa_params & operator=(const rsa_params& src);
-
-    protected:
-        gnutls_rsa_params_t params;
-};
-
-class session
-{
-    protected:
-        gnutls_session_t s;
-    public:
-        session( gnutls_connection_end_t);
-        session( session& s);
-        virtual ~session();
-
-        int bye( gnutls_close_request_t how);
-        int handshake ();
-        
-        gnutls_alert_description_t get_alert() const;
-
-        int send_alert ( gnutls_alert_level_t level,
-                         gnutls_alert_description_t desc);
-        int send_appropriate_alert (int err);
-
-        gnutls_cipher_algorithm_t get_cipher() const;
-        gnutls_kx_algorithm_t get_kx () const;
-        gnutls_mac_algorithm_t get_mac () const;
-        gnutls_compression_method_t get_compression () const;
-        gnutls_certificate_type_t get_certificate_type() const;
-
-        // for the handshake
-        void set_private_extensions ( bool allow);
-
-        gnutls_handshake_description_t get_handshake_last_out() const;
-        gnutls_handshake_description_t get_handshake_last_in() const;
-
-        ssize_t send (const void *data, size_t sizeofdata);
-        ssize_t recv (void *data, size_t sizeofdata);
-
-        bool get_record_direction() const;
-
-        // maximum packet size
-        size_t get_max_size() const;
-        void set_max_size(size_t size);
-
-        size_t check_pending() const;
-
-        void prf (size_t label_size, const char *label,
-                        int server_random_first,
-                        size_t extra_size, const char *extra,
-                        size_t outsize, char *out);
-
-        void prf_raw ( size_t label_size, const char *label,
-                      size_t seed_size, const char *seed,
-                      size_t outsize, char *out);
-
-        void set_cipher_priority (const int *list);
-        void set_mac_priority (const int *list);
-        void set_compression_priority (const int *list);
-        void set_kx_priority (const int *list);
-        void set_protocol_priority (const int *list);
-        void set_certificate_type_priority (const int *list);
-
-/* if you just want some defaults, use the following.
- */
-        void set_priority (const char* prio, const char** err_pos);
-        void set_priority (gnutls_priority_t p);
-
-        gnutls_protocol_t get_protocol_version() const;
-
-        // for resuming sessions
-        void set_data ( const void *session_data,
-                        size_t session_data_size);
-        void get_data (void *session_data,
-                       size_t * session_data_size) const;
-        void get_data(gnutls_session_t session,
-                      gnutls_datum_t & data) const;
-        void get_id ( void *session_id,
-                      size_t * session_id_size) const;
-
-        bool is_resumed () const;
-
-        void set_max_handshake_packet_length ( size_t max);
-
-        void clear_credentials();
-        void set_credentials( class credentials & cred);
-
-        void set_transport_ptr( gnutls_transport_ptr_t ptr);
-        void set_transport_ptr( gnutls_transport_ptr_t recv_ptr, gnutls_transport_ptr_t send_ptr);
-        gnutls_transport_ptr_t get_transport_ptr() const;
-        void get_transport_ptr(gnutls_transport_ptr_t & recv_ptr,
-                               gnutls_transport_ptr_t & send_ptr) const;
-
-        void set_transport_lowat (size_t num);
-        void set_transport_push_function( gnutls_push_func push_func);
-        void set_transport_pull_function( gnutls_pull_func pull_func);
-        
-        void set_user_ptr( void* ptr);
-        void *get_user_ptr() const;
-        
-        void send_openpgp_cert( gnutls_openpgp_crt_status_t status);
-
-        gnutls_credentials_type_t get_auth_type() const;
-        gnutls_credentials_type_t get_server_auth_type() const;
-        gnutls_credentials_type_t get_client_auth_type() const;
-
-        // informational stuff
-        void set_dh_prime_bits( unsigned int bits);
-        unsigned int get_dh_secret_bits() const;
-        unsigned int get_dh_peers_public_bits() const;
-        unsigned int get_dh_prime_bits() const;
-        void get_dh_group( gnutls_datum_t & gen, gnutls_datum_t & prime) const;
-        void get_dh_pubkey( gnutls_datum_t & raw_key) const;
-        void get_rsa_export_pubkey( gnutls_datum_t& exponent, gnutls_datum_t& modulus) const;
-        unsigned int get_rsa_export_modulus_bits() const;
-        
-        void get_our_certificate(gnutls_datum_t & cert) const;
-        bool get_peers_certificate(std::vector<gnutls_datum_t> &out_certs) const;
-        bool get_peers_certificate(const gnutls_datum_t** certs, unsigned int *certs_size) const;
-
-        time_t get_peers_certificate_activation_time() const;
-        time_t get_peers_certificate_expiration_time() const;
-        void verify_peers_certificate( unsigned int& status) const;
-
-};
-
-// interface for databases
-class DB
-{
-    public:
-        virtual ~DB()=0;
-        virtual bool store( const gnutls_datum_t& key, const gnutls_datum_t& data)=0;
-        virtual bool retrieve( const gnutls_datum_t& key, gnutls_datum_t& data)=0;
-        virtual bool remove( const gnutls_datum_t& key)=0;
-};
-
-class server_session: public session
-{
-    public:
-        server_session();
-        void db_remove() const;
-        
-        void set_db_cache_expiration (unsigned int seconds);
-        void set_db( const DB& db);
-        
-        // returns true if session is expired
-        bool db_check_entry ( gnutls_datum_t &session_data) const;
-    
-    // server side only
-        const char *get_srp_username() const;
-        const char *get_psk_username() const;
-
-        void get_server_name (void *data, size_t * data_length,
-                          unsigned int *type, unsigned int indx) const;
-
-        int rehandshake();
-        void set_certificate_request( gnutls_certificate_request_t);
-};
-
-class client_session: public session
-{
-    public:
-        client_session();
-        void set_server_name (gnutls_server_name_type_t type,
-                          const void *name, size_t name_length);
-    
-        bool get_request_status();
-};
-
-
-class credentials
-{
-    public:
-        credentials(gnutls_credentials_type_t t);
-#if defined(__APPLE__) || defined(__MACOS__)
-        /* FIXME: This #if is due to a compile bug in Mac OS X.  Give
-           it some time and then remove this cruft.  See also
-           lib/gnutlsxx.cpp. */
-        credentials( credentials& c) {
-          type = c.type;
-          set_ptr( c.ptr());
-        }
-#else
-        credentials( credentials& c);
-#endif
-        virtual ~credentials() { }
-        gnutls_credentials_type_t get_type() const;
-    protected:
-        friend class session;
-        virtual void* ptr() const=0;
-        virtual void set_ptr(void* ptr)=0;
-        gnutls_credentials_type_t type;
-};
-
-class certificate_credentials: public credentials
-{
-    public:
-        ~certificate_credentials();
-        certificate_credentials();
-        
-        void free_keys ();
-        void free_cas ();
-        void free_ca_names ();
-        void free_crls ();
-
-        void set_dh_params ( const dh_params &params);
-        void set_rsa_export_params ( const rsa_params& params);
-        void set_verify_flags ( unsigned int flags);
-        void set_verify_limits ( unsigned int max_bits, unsigned int max_depth);
-
-        void set_x509_trust_file(const char *cafile, gnutls_x509_crt_fmt_t type);
-        void set_x509_trust(const gnutls_datum_t & CA, gnutls_x509_crt_fmt_t type);
-        // FIXME: use classes instead of gnutls_x509_crt_t
-        void set_x509_trust ( gnutls_x509_crt_t * ca_list, int ca_list_size);
-
-        void set_x509_crl_file( const char *crlfile, gnutls_x509_crt_fmt_t type);
-        void set_x509_crl(const gnutls_datum_t & CRL, gnutls_x509_crt_fmt_t type);
-        void set_x509_crl ( gnutls_x509_crl_t * crl_list, int crl_list_size);
-
-        void set_x509_key_file(const char *certfile, const char *KEYFILE, gnutls_x509_crt_fmt_t type);
-        void set_x509_key(const gnutls_datum_t & CERT, const gnutls_datum_t & KEY, gnutls_x509_crt_fmt_t type);
-        // FIXME: use classes
-        void set_x509_key ( gnutls_x509_crt_t * cert_list, int cert_list_size,
-                       gnutls_x509_privkey_t key);
-        
-
-        void set_simple_pkcs12_file( const char *pkcs12file,
-                 gnutls_x509_crt_fmt_t type, const char *password);
-        
-    protected:
-        void* ptr() const;
-        void set_ptr(void* p);
-        gnutls_certificate_credentials_t cred;
-};
-
-class certificate_server_credentials: public certificate_credentials
-{
-    certificate_server_credentials() { }
-    public:
-        void set_retrieve_function( gnutls_certificate_server_retrieve_function* func);
-        void set_params_function( gnutls_params_function* func);
-};
-
-class certificate_client_credentials: public certificate_credentials
-{
-    public:
-        certificate_client_credentials() { }
-        void set_retrieve_function( gnutls_certificate_client_retrieve_function* func);
-};
-
-
-
-
-class anon_server_credentials: public credentials
-{
-    public:
-        anon_server_credentials();
-        ~anon_server_credentials();
-        void set_dh_params ( const dh_params &params);
-        void set_params_function ( gnutls_params_function * func);
-    protected:
-        gnutls_anon_server_credentials_t cred;
-};
-
-class anon_client_credentials: public credentials
-{
-    public:
-        anon_client_credentials();
-        ~anon_client_credentials();
-    protected:
-        gnutls_anon_client_credentials_t cred;
-};
-
-
-class srp_server_credentials: public credentials
-{
-    public:
-        srp_server_credentials();
-        ~srp_server_credentials();
-        void set_credentials_file (const char *password_file, const char *password_conf_file);
-        void set_credentials_function( gnutls_srp_server_credentials_function *func);
-    protected:
-        void* ptr() const;
-        void set_ptr(void* p);
-        gnutls_srp_server_credentials_t cred;
-};
-
-class srp_client_credentials: public credentials
-{
-    public:
-        srp_client_credentials();
-        ~srp_client_credentials();
-        void set_credentials (const char *username, const char *password);
-        void set_credentials_function( gnutls_srp_client_credentials_function* func);
-    protected:
-        void* ptr() const;
-        void set_ptr(void* p);
-        gnutls_srp_client_credentials_t cred;
-};
-
-
-class psk_server_credentials: public credentials
-{
-    public:
-        psk_server_credentials();
-        ~psk_server_credentials();
-        void set_credentials_file(const char* password_file);
-        void set_credentials_function( gnutls_psk_server_credentials_function* func);
-        void set_dh_params ( const dh_params &params);
-        void set_params_function (gnutls_params_function * func);
-    protected:
-        void* ptr() const;
-        void set_ptr(void* p);
-        gnutls_psk_server_credentials_t cred;
-};
-
-class psk_client_credentials: public credentials
-{
-    public:
-        psk_client_credentials();
-        ~psk_client_credentials();
-        void set_credentials (const char *username, const gnutls_datum_t& key, gnutls_psk_key_flags flags);
-        void set_credentials_function( gnutls_psk_client_credentials_function* func);
-    protected:
-        void* ptr() const;
-        void set_ptr(void* p);
-        gnutls_psk_client_credentials_t cred;
-};
-
-
-}; /* namespace */
-
-#endif                          /* GNUTLSXX_H */
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am
index 309080ea..ca847aa2 100644
--- a/src/daemon/https/tls/Makefile.am
+++ b/src/daemon/https/tls/Makefile.am
@@ -64,10 +64,8 @@ gnutls_state.c \
 gnutls_str.c \
 gnutls_supplemental.c \
 gnutls_ui.c \
-gnutls_v2_compat.c \
 gnutls_x509.c \
 pkix_asn1_tab.c \
 x509_b64.c
 
-# gnutlsxx.cpp
 
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
index 1af07a91..f943a669 100644
--- a/src/daemon/https/tls/gnutls_handshake.c
+++ b/src/daemon/https/tls/gnutls_handshake.c
@@ -41,15 +41,14 @@
 #include "gnutls_extensions.h"
 #include "gnutls_supplemental.h"
 #include "gnutls_auth_int.h"
-#include "gnutls_v2_compat.h"
 #include "auth_cert.h"
 #include "gnutls_cert.h"
 #include "gnutls_constate.h"
-#include <gnutls_record.h>
-#include <gnutls_state.h>
-#include <gnutls_rsa_export.h>  /* for gnutls_get_rsa_params() */
-#include <auth_anon.h>          /* for gnutls_anon_server_credentials_t */
-#include <gc.h>
+#include "gnutls_record.h"
+#include "gnutls_state.h"
+#include "gnutls_rsa_export.h"  /* for gnutls_get_rsa_params() */
+#include "auth_anon.h"          /* for gnutls_anon_server_credentials_t */
+#include "gc.h"
 
 #ifdef HANDSHAKE_DEBUG
 #define ERR(x, y) _gnutls_handshake_log( "HSK[%x]: %s (%d)\n", session, x,y)
@@ -76,7 +75,7 @@ _gnutls_handshake_hash_buffers_clear (gnutls_session_t session)
   _gnutls_handshake_buffer_clear (session);
 }
 
-/* this will copy the required values for resuming to 
+/* this will copy the required values for resuming to
  * internals, and to security_parameters.
  * this will keep as less data to security_parameters.
  */
@@ -91,7 +90,7 @@ resume_copy_required_values (gnutls_session_t session)
           client_random,
           session->security_parameters.client_random, TLS_RANDOM_SIZE);
 
-  /* keep the ciphersuite and compression 
+  /* keep the ciphersuite and compression
    * That is because the client must see these in our
    * hello message.
    */
@@ -135,8 +134,7 @@ _gnutls_set_client_random (gnutls_session_t session, uint8_t * rnd)
   memcpy (session->security_parameters.client_random, rnd, TLS_RANDOM_SIZE);
 }
 
-/* Calculate The SSL3 Finished message 
- */
+/* Calculate The SSL3 Finished message */
 #define SSL3_CLIENT_MSG "CLNT"
 #define SSL3_SERVER_MSG "SRVR"
 #define SSL_MSG_LEN 4
@@ -185,8 +183,7 @@ _gnutls_ssl3_finished (gnutls_session_t session, int type, opaque * ret)
   return 0;
 }
 
-/* Hash the handshake messages as required by TLS 1.0 
- */
+/* Hash the handshake messages as required by TLS 1.0 */
 #define SERVER_MSG "server finished"
 #define CLIENT_MSG "client finished"
 #define TLS_MSG_LEN 15
@@ -331,7 +328,7 @@ _gnutls_user_hello_func (gnutls_session session,
   return 0;
 }
 
-/* Read a client hello packet. 
+/* Read a client hello packet.
  * A client hello must be a known version client hello
  * or version 2.0 client hello (only for compatibility
  * since SSL version 2.0 is not supported).
@@ -348,10 +345,6 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data,
   int len = datalen;
   opaque rnd[TLS_RANDOM_SIZE], *suite_ptr, *comp_ptr;
 
-  if (session->internals.v2_hello != 0)
-    {                           /* version 2.0 */
-      return _gnutls_read_client_hello_v2 (session, data, datalen);
-    }
   DECR_LEN (len, 2);
 
   _gnutls_handshake_log ("HSK[%x]: Client's version: %d.%d\n", session,
@@ -382,8 +375,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data,
   DECR_LEN (len, 1);
   session_id_len = data[pos++];
 
-  /* RESUME SESSION 
-   */
+  /* RESUME SESSION */
   if (session_id_len > TLS_MAX_SESSION_ID_SIZE)
     {
       gnutls_assert ();
@@ -478,7 +470,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data,
   return 0;
 }
 
-/* here we hash all pending data. 
+/* here we hash all pending data.
  */
 inline static int
 _gnutls_handshake_hash_pending (gnutls_session_t session)
@@ -569,7 +561,7 @@ _gnutls_send_finished (gnutls_session_t session, int again)
 }
 
 /* This is to be called after sending our finished message. If everything
- * went fine we have negotiated a secure connection 
+ * went fine we have negotiated a secure connection
  */
 int
 _gnutls_recv_finished (gnutls_session_t session)
@@ -803,7 +795,7 @@ finish:
 }
 
 
-/* This selects the best supported compression method from the ones provided 
+/* This selects the best supported compression method from the ones provided
  */
 int
 _gnutls_server_select_comp_method (gnutls_session_t session,
@@ -875,8 +867,7 @@ _gnutls_send_empty_handshake (gnutls_session_t session,
 }
 
 
-/* This function will hash the handshake message we sent.
- */
+/* This function will hash the handshake message we sent. */
 static int
 _gnutls_handshake_hash_add_sent (gnutls_session_t session,
                                  gnutls_handshake_description_t type,
@@ -904,7 +895,7 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session,
 
 /* This function sends a handshake message of type 'type' containing the
  * data specified here. If the previous _gnutls_send_handshake() returned
- * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again 
+ * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again
  * (until it returns ok), with NULL parameters.
  */
 int
@@ -1533,8 +1524,7 @@ _gnutls_read_server_hello (gnutls_session_t session,
 
 
 
-  /* move to compression 
-   */
+  /* move to compression   */
   DECR_LEN (len, 1);
 
   ret = _gnutls_client_set_comp_method (session, data[pos++]);
@@ -1628,7 +1618,7 @@ _gnutls_copy_ciphersuites (gnutls_session_t session,
 }
 
 
-/* This function copies the appropriate compression methods, to a locally allocated buffer 
+/* This function copies the appropriate compression methods, to a locally allocated buffer
  * Needed in hello messages. Returns the new data length.
  */
 static int
@@ -1701,7 +1691,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again)
     {
 
       datalen = 2 + (session_id_len + 1) + TLS_RANDOM_SIZE;
-      /* 2 for version, (4 for unix time + 28 for random bytes==TLS_RANDOM_SIZE) 
+      /* 2 for version, (4 for unix time + 28 for random bytes==TLS_RANDOM_SIZE)
        */
 
       data = gnutls_malloc (datalen);
@@ -1731,7 +1721,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again)
       data[pos++] = _gnutls_version_get_major (hver);
       data[pos++] = _gnutls_version_get_minor (hver);
 
-      /* Set the version we advertized as maximum 
+      /* Set the version we advertized as maximum
        * (RSA uses it).
        */
       _gnutls_set_adv_version (session, hver);
@@ -1740,8 +1730,8 @@ _gnutls_send_client_hello (gnutls_session_t session, int again)
        * different version in the record layer.
        * It seems they prefer to read the record's version
        * as the one we actually requested.
-       * The proper behaviour is to use the one in the client hello 
-       * handshake packet and ignore the one in the packet's record 
+       * The proper behaviour is to use the one in the client hello
+       * handshake packet and ignore the one in the packet's record
        * header.
        */
       _gnutls_set_current_version (session, hver);
@@ -1750,7 +1740,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again)
        */
       session->security_parameters.timestamp = time (NULL);
 
-      /* Generate random data 
+      /* Generate random data
        */
       _gnutls_tls_create_random (rnd);
       _gnutls_set_client_random (session, rnd);
@@ -1758,8 +1748,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again)
       memcpy (&data[pos], rnd, TLS_RANDOM_SIZE);
       pos += TLS_RANDOM_SIZE;
 
-      /* Copy the Session ID 
-       */
+      /* Copy the Session ID       */
       data[pos++] = session_id_len;
 
       if (session_id_len > 0)
@@ -2286,7 +2275,7 @@ gnutls_handshake (gnutls_session_t session)
 
 
 /*
- * _gnutls_handshake_client 
+ * _gnutls_handshake_client
  * This function performs the client side of the handshake of the TLS/SSL protocol.
  */
 int
@@ -2348,7 +2337,7 @@ _gnutls_handshake_client (gnutls_session_t session)
       IMED_RET ("recv server kx message", ret);
 
     case STATE5:
-      /* receive the server certificate request - if any 
+      /* receive the server certificate request - if any
        */
 
       if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
@@ -2405,7 +2394,7 @@ _gnutls_handshake_client (gnutls_session_t session)
   return 0;
 }
 
-/* This function sends the final handshake packets and initializes connection 
+/* This function sends the final handshake packets and initializes connection
  */
 static int
 _gnutls_send_handshake_final (gnutls_session_t session, int init)
@@ -2427,7 +2416,7 @@ _gnutls_send_handshake_final (gnutls_session_t session, int init)
           return ret;
         }
 
-      /* Initialize the connection session (start encryption) - in case of client 
+      /* Initialize the connection session (start encryption) - in case of client
        */
       if (init == TRUE)
         {
@@ -2465,7 +2454,7 @@ _gnutls_send_handshake_final (gnutls_session_t session, int init)
   return 0;
 }
 
-/* This function receives the final handshake packets 
+/* This function receives the final handshake packets
  * And executes the appropriate function to initialize the
  * read session.
  */
@@ -2525,7 +2514,7 @@ _gnutls_recv_handshake_final (gnutls_session_t session, int init)
 }
 
  /*
-  * _gnutls_handshake_server 
+  * _gnutls_handshake_server
   * This function does the server stuff of the handshake protocol.
   */
 
@@ -2846,7 +2835,7 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
   gnutls_kx_algorithm_t *alg = NULL;
   int alg_size = 0;
 
-  /* if we should use a specific certificate, 
+  /* if we should use a specific certificate,
    * we should remove all algorithms that are not supported
    * by that certificate and are on the same authentication
    * method (CERTIFICATE).
@@ -2873,7 +2862,7 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
         }
     }
 
-  /* get all the key exchange algorithms that are 
+  /* get all the key exchange algorithms that are
    * supported by the X509 certificate parameters.
    */
   if ((ret =
@@ -2902,7 +2891,7 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
        */
       kx = _gnutls_cipher_suite_get_kx_algo (&(*cipherSuites)[i]);
 
-      /* if it is defined but had no credentials 
+      /* if it is defined but had no credentials
        */
       if (_gnutls_get_kx_cred (session, kx, NULL) == NULL)
         {
diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c
index 69019191..1b20cd1a 100644
--- a/src/daemon/https/tls/gnutls_priority.c
+++ b/src/daemon/https/tls/gnutls_priority.c
@@ -193,7 +193,7 @@ gnutls_protocol_set_priority (gnutls_session_t session, const int *list)
  * Sets the priority on the certificate types supported by gnutls.
  * Priority is higher for elements specified before others.
  * After specifying the types you want, you must append a 0.
- * Note that the certificate type priority is set on the client. 
+ * Note that the certificate type priority is set on the client.
  * The server does not use the cert type priority except for disabling
  * types that were not specified.
  *
@@ -215,7 +215,7 @@ gnutls_certificate_type_set_priority (gnutls_session_t session,
 }
 
 static const int protocol_priority[] = { GNUTLS_TLS1_1,
-  GNUTLS_TLS1_0,
+  GNUTLS_TLS1_0, GNUTLS_SSL3,
   0
 };
 
diff --git a/src/daemon/https/tls/gnutls_v2_compat.c b/src/daemon/https/tls/gnutls_v2_compat.c
deleted file mode 100644
index ecf8c936..00000000
--- a/src/daemon/https/tls/gnutls_v2_compat.c
+++ /dev/null
@@ -1,259 +0,0 @@
-/*
- * Copyright (C) 2001, 2004, 2005, 2006 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* Functions to parse the SSLv2.0 hello message.
- */
-
-#include "gnutls_int.h"
-#include "gnutls_errors.h"
-#include "gnutls_dh.h"
-#include "debug.h"
-#include "gnutls_algorithms.h"
-#include "gnutls_compress.h"
-#include "gnutls_cipher.h"
-#include "gnutls_buffers.h"
-#include "gnutls_kx.h"
-#include "gnutls_handshake.h"
-#include "gnutls_num.h"
-#include "gnutls_hash_int.h"
-#include "gnutls_db.h"
-#include "gnutls_extensions.h"
-#include "gnutls_auth_int.h"
-
-/* This selects the best supported ciphersuite from the ones provided */
-static int
-_gnutls_handshake_select_v2_suite (gnutls_session_t session,
-                                   opaque * data, int datalen)
-{
-  int i, j, ret;
-  opaque *_data;
-  int _datalen;
-
-  _gnutls_handshake_log ("HSK[%x]: Parsing a version 2.0 client hello.\n",
-                         session);
-
-  _data = gnutls_malloc (datalen);
-  if (_data == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  if (datalen % 3 != 0)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-    }
-
-  i = _datalen = 0;
-  for (j = 0; j < datalen; j += 3)
-    {
-      if (data[j] == 0)
-        {
-          memcpy (&_data[i], &data[j + 1], 2);
-          i += 2;
-          _datalen += 2;
-        }
-    }
-
-  ret = _gnutls_server_select_suite (session, _data, _datalen);
-  gnutls_free (_data);
-
-  return ret;
-
-}
-
-
-/* Read a v2 client hello. Some browsers still use that beast!
- * However they set their version to 3.0 or 3.1.
- */
-int
-_gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data,
-                              int datalen)
-{
-  uint16_t session_id_len = 0;
-  int pos = 0;
-  int ret = 0;
-  uint16_t sizeOfSuites;
-  gnutls_protocol_t adv_version;
-  opaque rnd[TLS_RANDOM_SIZE];
-  int len = datalen;
-  int err;
-  uint16_t challenge;
-  opaque session_id[TLS_MAX_SESSION_ID_SIZE];
-
-  /* we only want to get here once - only in client hello */
-  session->internals.v2_hello = 0;
-
-  DECR_LEN (len, 2);
-
-  _gnutls_handshake_log
-    ("HSK[%x]: SSL 2.0 Hello: Client's version: %d.%d\n", session,
-     data[pos], data[pos + 1]);
-
-  set_adv_version (session, data[pos], data[pos + 1]);
-
-  adv_version = _gnutls_version_get (data[pos], data[pos + 1]);
-
-  ret = _gnutls_negotiate_version (session, adv_version);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  pos += 2;
-
-  /* Read uint16_t cipher_spec_length */
-  DECR_LEN (len, 2);
-  sizeOfSuites = _gnutls_read_uint16 (&data[pos]);
-  pos += 2;
-
-  /* read session id length */
-  DECR_LEN (len, 2);
-  session_id_len = _gnutls_read_uint16 (&data[pos]);
-  pos += 2;
-
-  if (session_id_len > TLS_MAX_SESSION_ID_SIZE)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-    }
-
-  /* read challenge length */
-  DECR_LEN (len, 2);
-  challenge = _gnutls_read_uint16 (&data[pos]);
-  pos += 2;
-
-  if (challenge < 16 || challenge > TLS_RANDOM_SIZE)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
-    }
-
-  /* call the user hello callback
-   */
-  ret = _gnutls_user_hello_func (session, adv_version);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  /* find an appropriate cipher suite */
-
-  DECR_LEN (len, sizeOfSuites);
-  ret = _gnutls_handshake_select_v2_suite (session, &data[pos], sizeOfSuites);
-
-  pos += sizeOfSuites;
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  /* check if the credentials (username, public key etc.) are ok
-   */
-  if (_gnutls_get_kx_cred
-      (session,
-       _gnutls_cipher_suite_get_kx_algo (&session->security_parameters.
-                                         current_cipher_suite),
-       &err) == NULL && err != 0)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  /* set the mod_auth_st to the appropriate struct
-   * according to the KX algorithm. This is needed since all the
-   * handshake functions are read from there;
-   */
-  session->internals.auth_struct =
-    _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo
-                            (&session->security_parameters.
-                             current_cipher_suite));
-  if (session->internals.auth_struct == NULL)
-    {
-
-      _gnutls_handshake_log
-        ("HSK[%x]: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n",
-         session);
-
-      gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-
-
-  /* read random new values -skip session id for now */
-  DECR_LEN (len, session_id_len);       /* skip session id for now */
-  memcpy (session_id, &data[pos], session_id_len);
-  pos += session_id_len;
-
-  DECR_LEN (len, challenge);
-  memset (rnd, 0, TLS_RANDOM_SIZE);
-
-  memcpy (&rnd[TLS_RANDOM_SIZE - challenge], &data[pos], challenge);
-
-  _gnutls_set_client_random (session, rnd);
-
-  /* generate server random value */
-
-  _gnutls_tls_create_random (rnd);
-  _gnutls_set_server_random (session, rnd);
-
-  session->security_parameters.timestamp = time (NULL);
-
-
-  /* RESUME SESSION */
-
-  DECR_LEN (len, session_id_len);
-  ret = _gnutls_server_restore_session (session, session_id, session_id_len);
-
-  if (ret == 0)
-    {                           /* resumed! */
-      /* get the new random values */
-      memcpy (session->internals.resumed_security_parameters.
-              server_random, session->security_parameters.server_random,
-              TLS_RANDOM_SIZE);
-      memcpy (session->internals.resumed_security_parameters.
-              client_random, session->security_parameters.client_random,
-              TLS_RANDOM_SIZE);
-
-      session->internals.resumed = RESUME_TRUE;
-      return 0;
-    }
-  else
-    {
-      _gnutls_generate_session_id (session->security_parameters.
-                                   session_id,
-                                   &session->security_parameters.
-                                   session_id_size);
-      session->internals.resumed = RESUME_FALSE;
-    }
-
-  session->internals.compression_method = GNUTLS_COMP_NULL;
-
-  return 0;
-}
diff --git a/src/daemon/https/tls/gnutls_v2_compat.h b/src/daemon/https/tls/gnutls_v2_compat.h
deleted file mode 100644
index 59ee6130..00000000
--- a/src/daemon/https/tls/gnutls_v2_compat.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-int _gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data,
-                                  int datalen);
diff --git a/src/daemon/https/tls/gnutlsxx.cpp b/src/daemon/https/tls/gnutlsxx.cpp
deleted file mode 100644
index 70621a43..00000000
--- a/src/daemon/https/tls/gnutlsxx.cpp
+++ /dev/null
@@ -1,907 +0,0 @@
-#include <gnutlsxx.h>
-
-using namespace gnutls;
-
-inline int RETWRAP_NET(int ret) 
-{
-    if (gnutls_error_is_fatal(ret)) throw(exception(ret));
-    else return ret;
-}
-
-inline int RETWRAP(int ret) 
-{
-    if (ret < 0) throw(exception(ret));
-    return ret;
-}
-
-session::session( gnutls_connection_end_t end)
-{
-    RETWRAP(gnutls_init( &this->s, end));
-}
-
-session::session( session& s)
-{
-    this->s = s.s;
-}
-
-session::~session()
-{
-    gnutls_deinit( this->s);
-}
-
-int session::bye( gnutls_close_request_t how)
-{
-    return RETWRAP_NET( gnutls_bye( this->s, how));
-}
-
-int session::handshake ()
-{
-    return RETWRAP_NET( gnutls_handshake( this->s));
-}
-
-
-server_session::server_session() : session( GNUTLS_SERVER)
-{
-}
-
-int server_session::rehandshake()
-{
-    return RETWRAP_NET( gnutls_rehandshake( this->s));
-}
-
-gnutls_alert_description_t session::get_alert() const
-{
-    return gnutls_alert_get( this->s);
-}
-
-int session::send_alert ( gnutls_alert_level_t level,
-                          gnutls_alert_description_t desc)
-{
-    return RETWRAP_NET(gnutls_alert_send( this->s, level, desc));
-}
-
-int session::send_appropriate_alert (int err)
-{
-    return RETWRAP_NET(gnutls_alert_send_appropriate( this->s, err));
-}
-
-gnutls_cipher_algorithm_t session::get_cipher() const
-{
-    return gnutls_cipher_get( this->s);
-}
-
-gnutls_kx_algorithm_t session::get_kx () const
-{
-    return gnutls_kx_get( this->s);
-}
-
-gnutls_mac_algorithm_t session::get_mac () const
-{
-    return gnutls_mac_get( this->s);
-}
-
-gnutls_compression_method_t session::get_compression() const
-{
-    return gnutls_compression_get( this->s);
-}
-
-gnutls_certificate_type_t session::get_certificate_type() const
-{
-    return gnutls_certificate_type_get( this->s);
-}
-
-void session::set_private_extensions ( bool allow)
-{
-    gnutls_handshake_set_private_extensions( this->s, (int)allow);
-}
-
-gnutls_handshake_description_t session::get_handshake_last_out() const
-{
-    return gnutls_handshake_get_last_out( this->s);
-}
-
-gnutls_handshake_description_t session::get_handshake_last_in() const
-{
-    return gnutls_handshake_get_last_in( this->s);
-}
-
-ssize_t session::send (const void *data, size_t sizeofdata)
-{
-    return RETWRAP_NET(gnutls_record_send( this->s, data, sizeofdata));
-}
-
-ssize_t session::recv (void *data, size_t sizeofdata)
-{
-    return RETWRAP_NET(gnutls_record_recv( this->s, data, sizeofdata));
-}
-
-bool session::get_record_direction() const
-{
-    return gnutls_record_get_direction(this->s);
-}
-
-        // maximum packet size
-size_t session::get_max_size () const
-{
-    return gnutls_record_get_max_size( this->s);
-}
-
-void session::set_max_size(size_t size)
-{
-    RETWRAP( gnutls_record_set_max_size( this->s, size));
-}
-
-size_t session::check_pending () const
-{
-    return gnutls_record_check_pending( this->s);
-}
-
-
-void session::prf (size_t label_size, const char *label,
-                 int server_random_first,
-                 size_t extra_size, const char *extra,
-                 size_t outsize, char *out)
-{
-    RETWRAP(gnutls_prf( this->s, label_size, label, server_random_first,
-            extra_size, extra, outsize, out));
-}
-
-void session::prf_raw ( size_t label_size, const char *label,
-                      size_t seed_size, const char *seed,
-                      size_t outsize, char *out)
-{
-    RETWRAP( gnutls_prf_raw( this->s, label_size, label, seed_size, seed, outsize, out));
-}
-
-
-void session::set_cipher_priority (const int *list)
-{
-    RETWRAP( gnutls_cipher_set_priority( this->s, list));
-}
-
-void session::set_mac_priority (const int *list)
-{
-    RETWRAP( gnutls_mac_set_priority( this->s, list));
-}
-
-void session::set_compression_priority (const int *list)
-{
-    RETWRAP( gnutls_compression_set_priority( this->s, list));
-}
-
-void session::set_kx_priority (const int *list)
-{
-    RETWRAP( gnutls_kx_set_priority( this->s, list));
-}
-
-void session::set_protocol_priority (const int *list)
-{
-    RETWRAP( gnutls_protocol_set_priority( this->s, list));
-}
-
-void session::set_certificate_type_priority (const int *list)
-{
-    RETWRAP( gnutls_certificate_type_set_priority( this->s, list));
-}
-
-
-/* if you just want some defaults, use the following.
- */
-void session::set_priority(const char* prio, const char** err_pos)
-{
-    RETWRAP(gnutls_priority_set_direct( this->s, prio, err_pos));
-}
-
-void session::set_priority(gnutls_priority_t p)
-{
-    RETWRAP(gnutls_priority_set( this->s, p));
-}
-
-gnutls_protocol_t session::get_protocol_version() const
-{
-    return gnutls_protocol_get_version( this->s);
-}
-
-void session::set_data ( const void *session_data,
-                        size_t session_data_size)
-{
-    RETWRAP(gnutls_session_set_data( this->s, session_data, session_data_size));
-}
-
-void session::get_data (void *session_data,
-                        size_t * session_data_size) const
-{
-    RETWRAP(gnutls_session_get_data( this->s, session_data, session_data_size));
-}
-
-void session::get_data(gnutls_session_t session,
-                       gnutls_datum_t & data) const
-{
-    RETWRAP(gnutls_session_get_data2( this->s, &data));
-
-}
-
-void session::get_id ( void *session_id,
-                       size_t * session_id_size) const
-{
-    RETWRAP( gnutls_session_get_id( this->s, session_id, session_id_size));
-}
-
-bool session::is_resumed() const
-{
-    int ret = gnutls_session_is_resumed( this->s);
-    
-    if (ret != 0) return true;
-    return false;
-}
-
-
-bool session::get_peers_certificate(std::vector<gnutls_datum_t> &out_certs) const
-{
-    const gnutls_datum_t *certs;
-    unsigned int certs_size;
-    
-    certs = gnutls_certificate_get_peers (this->s, &certs_size);
-    
-    if (certs==NULL) return false;
-    
-    for(unsigned int i=0;i<certs_size;i++)
-        out_certs.push_back( certs[i]);
-    
-    return true;
-}
-
-bool session::get_peers_certificate(const gnutls_datum_t** certs, unsigned int *certs_size) const
-{
-    *certs = gnutls_certificate_get_peers (this->s, certs_size);
-    
-    if (*certs==NULL) return false;
-    return true;
-}
-
-void session::get_our_certificate(gnutls_datum_t& cert) const
-{
-const gnutls_datum_t *d;
-    
-    d = gnutls_certificate_get_ours(this->s);
-    if (d==NULL)
-        throw(exception( GNUTLS_E_INVALID_REQUEST));
-    cert = *d;
-}
-          
-time_t session::get_peers_certificate_activation_time() const
-{
-    return gnutls_certificate_activation_time_peers( this->s);
-}
-
-time_t session::get_peers_certificate_expiration_time() const
-{
-    return gnutls_certificate_expiration_time_peers( this->s);
-}
-void session::verify_peers_certificate( unsigned int& status) const
-{
-    RETWRAP( gnutls_certificate_verify_peers2( this->s, &status));
-}
-
-
-client_session::client_session() : session( GNUTLS_CLIENT)
-{
-}
-
-// client session
-void client_session::set_server_name (gnutls_server_name_type_t type,
-                                      const void *name, size_t name_length)
-{
-    RETWRAP( gnutls_server_name_set( this->s, type, name, name_length));
-}
-
-bool client_session::get_request_status()
-{
-    return RETWRAP(gnutls_certificate_client_get_request_status (this->s));
-}
-
-// server_session
-void server_session::get_server_name (void *data, size_t * data_length,
-                                      unsigned int *type, unsigned int indx) const
-{
-    RETWRAP( gnutls_server_name_get( this->s, data, data_length, type, indx));
-}
-
-// internal DB stuff
-static int store_function(void *_db, gnutls_datum_t key, gnutls_datum_t data)
-{
-    try {
-        DB* db = static_cast<DB*>(_db);
-    
-        if (db->store( key, data)==false) return -1;
-    } catch(...) {
-        return -1;
-    }
-
-    return 0;
-}
-
-const static gnutls_datum_t null_datum = { NULL, 0 };
-
-static gnutls_datum_t retrieve_function(void *_db, gnutls_datum_t key)
-{
-    gnutls_datum_t data;
-    
-    try {
-        DB* db = static_cast<DB*>(_db);
-    
-        if (db->retrieve( key, data)==false) return null_datum;
-    
-    } catch(...) {
-        return null_datum;
-    }
-
-    return data;
-}
-
-static int remove_function(void *_db, gnutls_datum_t key)
-{
-    try {
-        DB* db = static_cast<DB*>(_db);
-    
-        if (db->remove( key)==false) return -1;
-    } catch(...) {
-        return -1;
-    }
-
-    return 0;
-}
-
-void server_session::set_db( const DB& db)
-{
-    gnutls_db_set_ptr( this->s, const_cast<DB*>(&db));
-    gnutls_db_set_store_function( this->s, store_function);
-    gnutls_db_set_retrieve_function( this->s, retrieve_function);
-    gnutls_db_set_remove_function( this->s, remove_function);
-}
-
-void server_session::set_db_cache_expiration (unsigned int seconds)
-{
-    gnutls_db_set_cache_expiration( this->s, seconds);
-}
-
-void server_session::db_remove () const
-{
-    gnutls_db_remove_session( this->s);
-}
-
-bool server_session::db_check_entry ( gnutls_datum_t &session_data) const
-{
-    int ret = gnutls_db_check_entry( this->s, session_data);
-
-    if (ret != 0) return true;
-    return false;
-}
-
-void session::set_max_handshake_packet_length ( size_t max)
-{
-    gnutls_handshake_set_max_packet_length( this->s, max);
-}
-
-void session::clear_credentials()
-{
-    gnutls_credentials_clear( this->s);
-}
-
-void session::set_credentials( credentials &cred)
-{
-    RETWRAP(gnutls_credentials_set( this->s, cred.get_type(), cred.ptr()));
-}
-
-const char* server_session::get_srp_username() const
-{
-    return gnutls_srp_server_get_username( this->s);
-}
-
-const char* server_session::get_psk_username() const
-{
-    return gnutls_psk_server_get_username( this->s);
-}
-
-
-void session::set_transport_ptr( gnutls_transport_ptr_t ptr)
-{
-    gnutls_transport_set_ptr( this->s, ptr);
-}
-  
-void session::set_transport_ptr( gnutls_transport_ptr_t recv_ptr, gnutls_transport_ptr_t send_ptr)
-{
-    gnutls_transport_set_ptr2( this->s, recv_ptr, send_ptr);
-}
-
-
-gnutls_transport_ptr_t session::get_transport_ptr () const
-{
-    return gnutls_transport_get_ptr (this->s);
-}
-  
-void session::get_transport_ptr( gnutls_transport_ptr_t & recv_ptr,
-                                 gnutls_transport_ptr_t & send_ptr) const
-{
-    gnutls_transport_get_ptr2 (this->s, &recv_ptr, &send_ptr);
-}
-
-void session::set_transport_lowat( size_t num)
-{
-    gnutls_transport_set_lowat (this->s, num);
-}
-
-void session::set_transport_push_function( gnutls_push_func push_func)
-{
-    gnutls_transport_set_push_function ( this->s,  push_func);
-}
-  
-void session::set_transport_pull_function( gnutls_pull_func pull_func)
-{
-    gnutls_transport_set_pull_function ( this->s,  pull_func);
-}
-
-void session::set_user_ptr( void* ptr)
-{
-    gnutls_session_set_ptr( this->s, ptr);
-}
-
-void* session::get_user_ptr( ) const
-{
-    return gnutls_session_get_ptr(this->s);
-}
-  
-void session::send_openpgp_cert( gnutls_openpgp_crt_status_t status)
-{
-    gnutls_openpgp_send_cert(this->s, status);
-}
-
-
-void session::set_dh_prime_bits( unsigned int bits)
-{
-    gnutls_dh_set_prime_bits( this->s, bits);
-}
-
-unsigned int session::get_dh_secret_bits() const
-{
-    return RETWRAP( gnutls_dh_get_secret_bits( this->s));
-}
-
-unsigned int session::get_dh_peers_public_bits() const
-{
-    return RETWRAP(gnutls_dh_get_peers_public_bits( this->s));
-}
-
-unsigned int session::get_dh_prime_bits() const
-{
-    return RETWRAP( gnutls_dh_get_prime_bits( this->s));
-}
-
-void session::get_dh_group( gnutls_datum_t & gen, gnutls_datum_t & prime) const
-{
-    RETWRAP( gnutls_dh_get_group( this->s, &gen, &prime));
-}
-
-void session::get_dh_pubkey( gnutls_datum_t & raw_key) const
-{
-    RETWRAP(gnutls_dh_get_pubkey( this->s, &raw_key));
-}
-
-void session::get_rsa_export_pubkey( gnutls_datum_t& exponent, gnutls_datum_t& modulus) const
-{
-    RETWRAP( gnutls_rsa_export_get_pubkey( this->s, &exponent, &modulus));
-}
-
-unsigned int session::get_rsa_export_modulus_bits() const
-{
-    return RETWRAP(gnutls_rsa_export_get_modulus_bits( this->s));
-}
-
-void server_session::set_certificate_request( gnutls_certificate_request_t req)
-{
-    gnutls_certificate_server_set_request (this->s, req);
-}
-
-
-
-
-gnutls_credentials_type_t session::get_auth_type() const
-{
-    return gnutls_auth_get_type( this->s);
-}
-
-gnutls_credentials_type_t session::get_server_auth_type() const
-{
-    return gnutls_auth_server_get_type( this->s);
-}
-
-gnutls_credentials_type_t session::get_client_auth_type() const
-{
-    return gnutls_auth_client_get_type( this->s);
-}
-
-
-void* certificate_credentials::ptr() const
-{
-    return this->cred;
-}
-
-void certificate_credentials::set_ptr(void* p)
-{
-    this->cred = static_cast<gnutls_certificate_credentials_t> (p);
-}
-
-certificate_credentials::~certificate_credentials()
-{
-    gnutls_certificate_free_credentials (this->cred); 
-}
-
-certificate_credentials::certificate_credentials() : credentials(GNUTLS_CRD_CERTIFICATE)
-{
-    RETWRAP(gnutls_certificate_allocate_credentials ( &this->cred));
-}
-
-void certificate_server_credentials::set_params_function( gnutls_params_function* func)
-{
-    gnutls_certificate_set_params_function( this->cred, func);
-}
-
-anon_server_credentials::anon_server_credentials() : credentials(GNUTLS_CRD_ANON)
-{ 
-    RETWRAP(gnutls_anon_allocate_server_credentials( &this->cred));
-}
-        
-anon_server_credentials::~anon_server_credentials() 
-{ 
-    gnutls_anon_free_server_credentials( this->cred); 
-}
-
-void anon_server_credentials::set_dh_params( const dh_params& params) 
-{
-    gnutls_anon_set_server_dh_params (this->cred, params.get_params_t());
-}
-
-void anon_server_credentials::set_params_function ( gnutls_params_function * func)
-{
-    gnutls_anon_set_server_params_function ( this->cred, func); 
-}
-
-anon_client_credentials::anon_client_credentials() : credentials(GNUTLS_CRD_ANON)
-{ 
-    RETWRAP(gnutls_anon_allocate_client_credentials( &this->cred));
-}
-        
-anon_client_credentials::~anon_client_credentials() 
-{ 
-    gnutls_anon_free_client_credentials( this->cred); 
-}
-
-void certificate_credentials::free_keys ()
-{
-    gnutls_certificate_free_keys( this->cred);
-}
-
-void certificate_credentials::free_cas ()
-{
-    gnutls_certificate_free_cas( this->cred);
-}
-
-void certificate_credentials::free_ca_names ()
-{
-    gnutls_certificate_free_ca_names( this->cred);
-}
-
-void certificate_credentials::free_crls ()
-{
-    gnutls_certificate_free_crls( this->cred);
-}
-
-
-void certificate_credentials::set_dh_params ( const dh_params& params)
-{
-    gnutls_certificate_set_dh_params( this->cred, params.get_params_t());
-}
-
-void certificate_credentials::set_rsa_export_params ( const rsa_params & params)
-{
-    gnutls_certificate_set_rsa_export_params( this->cred, params.get_params_t());
-}
-
-void certificate_credentials::set_verify_flags ( unsigned int flags)
-{
-    gnutls_certificate_set_verify_flags( this->cred, flags);
-}
-
-void certificate_credentials::set_verify_limits ( unsigned int max_bits, unsigned int max_depth)
-{
-    gnutls_certificate_set_verify_limits( this->cred, max_bits, max_depth);
-}
-
-void certificate_credentials::set_x509_trust_file(const char *cafile, gnutls_x509_crt_fmt_t type)
-{
-    RETWRAP( gnutls_certificate_set_x509_trust_file( this->cred, cafile, type));
-}
-
-void certificate_credentials::set_x509_trust(const gnutls_datum_t & CA, gnutls_x509_crt_fmt_t type)
-{
-    RETWRAP( gnutls_certificate_set_x509_trust_mem( this->cred, &CA, type));
-}
-
-
-void certificate_credentials::set_x509_crl_file( const char *crlfile, gnutls_x509_crt_fmt_t type)
-{
-    RETWRAP( gnutls_certificate_set_x509_crl_file( this->cred, crlfile, type));
-}
-
-void certificate_credentials::set_x509_crl(const gnutls_datum_t & CRL, gnutls_x509_crt_fmt_t type)
-{
-    RETWRAP( gnutls_certificate_set_x509_crl_mem( this->cred, &CRL, type));
-}
-
-void certificate_credentials::set_x509_key_file(const char *certfile, const char *keyfile, gnutls_x509_crt_fmt_t type)
-{
-    RETWRAP( gnutls_certificate_set_x509_key_file( this->cred, certfile, keyfile, type));
-}
-
-void certificate_credentials::set_x509_key(const gnutls_datum_t & CERT, const gnutls_datum_t & KEY, gnutls_x509_crt_fmt_t type)
-{
-    RETWRAP( gnutls_certificate_set_x509_key_mem( this->cred, &CERT, &KEY, type));
-}
-
-void certificate_credentials::set_simple_pkcs12_file( const char *pkcs12file,
-                                     gnutls_x509_crt_fmt_t type, const char *password)
-{
-    RETWRAP( gnutls_certificate_set_x509_simple_pkcs12_file( this->cred, pkcs12file, type, password));
-}
-
-void certificate_credentials::set_x509_key ( gnutls_x509_crt_t * cert_list, int cert_list_size,
-                            gnutls_x509_privkey_t key)
-{
-    RETWRAP( gnutls_certificate_set_x509_key( this->cred, cert_list, cert_list_size, key));
-}
-
-void certificate_credentials::set_x509_trust ( gnutls_x509_crt_t * ca_list, int ca_list_size)
-{
-    RETWRAP( gnutls_certificate_set_x509_trust( this->cred, ca_list, ca_list_size));
-}
-
-void certificate_credentials::set_x509_crl ( gnutls_x509_crl_t * crl_list, int crl_list_size)
-{
-    RETWRAP( gnutls_certificate_set_x509_crl( this->cred, crl_list, crl_list_size));
-}
-
-void certificate_server_credentials::set_retrieve_function( gnutls_certificate_server_retrieve_function* func)
-{
-    gnutls_certificate_server_set_retrieve_function( this->cred, func);
-}
-
-void certificate_client_credentials::set_retrieve_function( gnutls_certificate_client_retrieve_function* func)
-{
-    gnutls_certificate_client_set_retrieve_function( this->cred, func);
-}
-
-// SRP
-
-srp_server_credentials::srp_server_credentials() : credentials(GNUTLS_CRD_SRP)
-{ 
-    RETWRAP(gnutls_srp_allocate_server_credentials( &this->cred));
-}
-        
-srp_server_credentials::~srp_server_credentials() 
-{ 
-    gnutls_srp_free_server_credentials( this->cred); 
-}
-
-void* srp_server_credentials::ptr() const
-{
-    return this->cred;
-}
-
-void srp_server_credentials::set_ptr(void* p)
-{
-    this->cred = static_cast<gnutls_srp_server_credentials_t> (p);
-}
-
-srp_client_credentials::srp_client_credentials() : credentials(GNUTLS_CRD_SRP)
-{ 
-    RETWRAP(gnutls_srp_allocate_client_credentials( &this->cred));
-}
-        
-srp_client_credentials::~srp_client_credentials() 
-{ 
-    gnutls_srp_free_client_credentials( this->cred); 
-}
-
-void* srp_client_credentials::ptr() const
-{
-    return this->cred;
-}
-
-void srp_client_credentials::set_ptr(void* p)
-{
-    this->cred = static_cast<gnutls_srp_client_credentials_t> (p);
-}
-
-void srp_client_credentials::set_credentials( const char* username, const char* password)
-{
-    RETWRAP(gnutls_srp_set_client_credentials (this->cred, username, password));
-}
-
-void srp_server_credentials::set_credentials_file (
-    const char *password_file, const char *password_conf_file)
-{
-    RETWRAP( gnutls_srp_set_server_credentials_file( this->cred, password_file, password_conf_file));
-}
-
-
-void srp_server_credentials::set_credentials_function(gnutls_srp_server_credentials_function * func)
-{
-    gnutls_srp_set_server_credentials_function( this->cred, func);
-}
-
-void srp_client_credentials::set_credentials_function(gnutls_srp_client_credentials_function * func)
-{
-    gnutls_srp_set_client_credentials_function( this->cred, func);
-}
-
-credentials::credentials(gnutls_credentials_type_t t) : type(t) 
-{ 
-}
-
-#if !(defined(__APPLE__) || defined(__MACOS__))
-/* FIXME: This #if is due to a compile bug in Mac OS X.  Give it some
-   time and then remove this cruft.  See also
-   includes/gnutls/gnutlsxx.h. */
-credentials::credentials( credentials& c)
-{
-    this->type = c.type;
-    this->set_ptr( c.ptr());
-}
-#endif
-
-gnutls_credentials_type_t credentials::get_type() const
-{ 
-    return type; 
-}
-        
-exception::exception( int x) 
-{ 
-    retcode = x; 
-}
-
-int exception::get_code()
-{
-    return retcode;
-}
-
-const char* exception::what() const throw()
-{ 
-    return gnutls_strerror(retcode); 
-}
-
-
-
-
-dh_params::dh_params()
-{
-    RETWRAP(gnutls_dh_params_init( &params));
-}
-
-dh_params::~dh_params()
-{
-    gnutls_dh_params_deinit(params);
-}
-
-void dh_params::import_raw( const gnutls_datum_t & prime,
-                     const gnutls_datum_t & generator)
-{
-    RETWRAP( gnutls_dh_params_import_raw( params, &prime, &generator));
-}
-
-void dh_params::import_pkcs3( const gnutls_datum_t & pkcs3_params,
-                              gnutls_x509_crt_fmt_t format)
-{
-    RETWRAP(gnutls_dh_params_import_pkcs3( params, &pkcs3_params, format));
-}
-
-void dh_params::generate( unsigned int bits)
-{
-    RETWRAP(gnutls_dh_params_generate2( params, bits));
-}
-        
-void dh_params::export_pkcs3( gnutls_x509_crt_fmt_t format, unsigned char *params_data, size_t * params_data_size)
-{
-    RETWRAP( gnutls_dh_params_export_pkcs3( params, format, params_data, params_data_size));
-}
-
-void dh_params::export_raw( gnutls_datum_t& prime, gnutls_datum_t &generator)
-{
-    RETWRAP( gnutls_dh_params_export_raw( params, &prime, &generator, NULL));
-}
-
-gnutls_dh_params_t dh_params::get_params_t() const
-{
-    return params;
-}
-
-dh_params & dh_params::operator=(const dh_params& src)
-{
-    dh_params* dst = new dh_params;
-    int ret;
-    
-    ret = gnutls_dh_params_cpy( dst->params, src.params);
-    
-    if (ret < 0) {
-        delete dst;
-        throw(ret);
-    }
-    
-    return *dst;
-}
-
-
-// RSA
-
-rsa_params::rsa_params()
-{
-    RETWRAP(gnutls_rsa_params_init( &params));
-}
-
-rsa_params::~rsa_params()
-{
-    gnutls_rsa_params_deinit(params);
-}
-
-void rsa_params::import_pkcs1( const gnutls_datum_t & pkcs1_params,
-                              gnutls_x509_crt_fmt_t format)
-{
-    RETWRAP(gnutls_rsa_params_import_pkcs1( params, &pkcs1_params, format));
-}
-
-void rsa_params::generate( unsigned int bits)
-{
-    RETWRAP(gnutls_rsa_params_generate2( params, bits));
-}
-        
-void rsa_params::export_pkcs1( gnutls_x509_crt_fmt_t format, unsigned char *params_data, size_t * params_data_size)
-{
-    RETWRAP( gnutls_rsa_params_export_pkcs1( params, format, params_data, params_data_size));
-}
-
-gnutls_rsa_params_t rsa_params::get_params_t() const
-{
-    return params;
-}
-
-rsa_params & rsa_params::operator=(const rsa_params& src)
-{
-    rsa_params* dst = new rsa_params;
-    int ret;
-    
-    ret = gnutls_rsa_params_cpy( dst->params, src.params);
-    
-    if (ret < 0)
-        delete dst;
-    throw(ret);
-    
-    return *dst;
-}
-  
-void rsa_params::import_raw( const gnutls_datum_t & m,
-                         const gnutls_datum_t & e,
-                         const gnutls_datum_t & d,
-                         const gnutls_datum_t & p,
-                         const gnutls_datum_t & q,
-                         const gnutls_datum_t & u)
-{
-    
-    RETWRAP(gnutls_rsa_params_import_raw ( params, &m, &e, &d, &p, &q, &u));
-}
-  
-
-void rsa_params::export_raw( gnutls_datum_t & m, gnutls_datum_t & e,
-                      gnutls_datum_t & d, gnutls_datum_t & p,
-                      gnutls_datum_t & q, gnutls_datum_t & u)
-{
-    RETWRAP( gnutls_rsa_params_export_raw ( params, &m, &e, &d, &p, &q, &u, NULL));
-}
diff --git a/src/daemon/https/tls/io_debug.h b/src/daemon/https/tls/io_debug.h
index 9800565e..53d9c371 100644
--- a/src/daemon/https/tls/io_debug.h
+++ b/src/daemon/https/tls/io_debug.h
@@ -22,9 +22,9 @@
  *
  */
 
-/* This debug file was contributed by 
+/* This debug file was contributed by
  * Paul Sheer <psheer@icon.co.za>. Some changes were made by nmav.
- * Its purpose is to debug non blocking behaviour of gnutls. The included
+ * Its purpose is to debug non blocking behavior of gnutls. The included
  * send() and recv() functions return EAGAIN errors in random.
  *
  */
diff --git a/src/daemon/https/tls/libgnutlsxx.vers b/src/daemon/https/tls/libgnutlsxx.vers
deleted file mode 100644
index 8b8af51d..00000000
--- a/src/daemon/https/tls/libgnutlsxx.vers
+++ /dev/null
@@ -1,30 +0,0 @@
-# libgnutlsxx.vers -- Versioning script to control what symbols to export.
-# Copyright (C) 2005, 2006 Free Software Foundation
-#
-# Author: Simon Josefsson
-#
-# This file is part of GNUTLS.
-#
-# The GNUTLS library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public License
-# as published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# The GNUTLS library is distributed in the hope that it will be
-#useful, but WITHOUT ANY WARRANTY; without even the implied warranty
-#of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-#Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with the GNUTLS library; if not, write to the Free
-# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-# MA 02110-1301, USA
-
-GNUTLS_1_6
-{
-  global:
-    extern "C++" {
-      gnutls*;
-  };
-  local: *;
-};
diff --git a/src/daemon/https/x509/x509_privkey.c b/src/daemon/https/x509/x509_privkey.c
index f5c64dee..ff295fcd 100644
--- a/src/daemon/https/x509/x509_privkey.c
+++ b/src/daemon/https/x509/x509_privkey.c
@@ -51,7 +51,7 @@ int _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params);
  * gnutls_x509_privkey_init - This function initializes a gnutls_crl structure
  * @key: The structure to be initialized
  *
- * This function will initialize an private key structure. 
+ * This function will initialize an private key structure.
  *
  * Returns 0 on success.
  *
@@ -75,7 +75,7 @@ gnutls_x509_privkey_init (gnutls_x509_privkey_t * key)
  * gnutls_x509_privkey_deinit - This function deinitializes memory used by a gnutls_x509_privkey_t structure
  * @key: The structure to be initialized
  *
- * This function will deinitialize a private key structure. 
+ * This function will deinitialize a private key structure.
  *
  **/
 void
@@ -357,8 +357,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
 
   key->pk_algorithm = GNUTLS_PK_UNKNOWN;
 
-  /* If the Certificate is in PEM format then decode it
-   */
+  /* If the Certificate is in PEM format then decode it */
   if (format == GNUTLS_X509_FMT_PEM)
     {
       opaque *out;
@@ -399,9 +398,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
     }
   else
     {
-      /* Try decoding with both, and accept the one that 
-       * succeeds.
-       */
+      /* Try decoding with both, and accept the one that succeeds. */
       key->pk_algorithm = GNUTLS_PK_RSA;
       key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
 
@@ -419,7 +416,8 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
     {
       gnutls_assert ();
       result = GNUTLS_E_ASN1_DER_ERROR;
-      goto cleanup;
+      key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+      return result;
     }
 
   if (need_free)
@@ -429,11 +427,6 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
    */
 
   return 0;
-
-cleanup:key->pk_algorithm = GNUTLS_PK_UNKNOWN;
-  if (need_free)
-    _gnutls_free_datum (&_data);
-  return result;
 }
 
 #define FREE_RSA_PRIVATE_PARAMS for (i=0;i<RSA_PRIVATE_PARAMS;i++) \