migrated code to connection_https

fixed gcrypt lib initialization to support mt
removed some gnutls psk code
added CIPHER_ALGORITHM & KX_PRIORITY options
added certificate loading test
added TLS GET test

19 files changed, 708 insertions, 749 deletions

diff --git a/src/daemon/Makefile.am b/src/daemon/Makefile.am
index ed1818a4..b8f586b2 100644
--- a/src/daemon/Makefile.am
+++ b/src/daemon/Makefile.am
@@ -22,11 +22,6 @@ lib_LTLIBRARIES = \
 SUBDIRS =
 libmicrohttpd_la_LIBADD = 
 
-if ENABLE_HTTPS
-SUBDIRS += https .
-libmicrohttpd_la_LIBADD += https/libhttps.la 
-endif
-
 libmicrohttpd_la_SOURCES = \
 connection.c connection.h \
 reason_phrase.c reason_phrase.h \
@@ -38,6 +33,12 @@ postprocessor.c \
 response.c response.h
 libmicrohttpd_la_LDFLAGS = \
   -export-dynamic -version-info 4:3:0 $(retaincommand)
+
+if ENABLE_HTTPS
+SUBDIRS += https .
+libmicrohttpd_la_SOURCES += connection_https.c
+libmicrohttpd_la_LIBADD += https/libhttps.la
+endif
  
 check_PROGRAMS = \
   postprocessor_test \
diff --git a/src/daemon/connection.c b/src/daemon/connection.c
index 38f60a3a..fc4b7954 100644
--- a/src/daemon/connection.c
+++ b/src/daemon/connection.c
@@ -161,33 +161,6 @@ MHD_get_connection_values (struct MHD_Connection *connection,
   return ret;
 }
 
-#if HTTPS_SUPPORT
-/* get cipher spec for this connection */
-gnutls_cipher_algorithm_t
-MHDS_get_session_cipher (struct MHD_Connection * session)
-{
-  return gnutls_cipher_get (session->tls_session);
-}
-
-gnutls_mac_algorithm_t
-MHDS_get_session_mac (struct MHD_Connection * session)
-{
-  return gnutls_mac_get (session->tls_session);
-}
-
-gnutls_compression_method_t
-MHDS_get_session_compression (struct MHD_Connection * session)
-{
-  return gnutls_compression_get (session->tls_session);
-}
-
-gnutls_certificate_type_t
-MHDS_get_session_cert_type (struct MHD_Connection * session)
-{
-  return gnutls_certificate_type_get (session->tls_session);
-}
-#endif
-
 /**
  * Get a particular header value.  If multiple
  * values match the kind, return any one of them.
@@ -1276,8 +1249,7 @@ do_write (struct MHD_Connection *connection)
   return MHD_YES;
 }
 
-
-int
+static int
 MHD_con_read (struct MHD_Connection *connection)
 {
   return RECV (connection->socket_fd,
@@ -1286,18 +1258,6 @@ MHD_con_read (struct MHD_Connection *connection)
                connection->read_buffer_offset, MSG_NOSIGNAL);
 }
 
-#if HTTPS_SUPPORT
-ssize_t
-MHDS_con_read (struct MHD_Connection * connection)
-{
-  ssize_t size = gnutls_record_recv (connection->tls_session,
-                                     &connection->read_buffer[connection->
-                                                              read_buffer_offset],
-                                     connection->read_buffer_size);
-  return size;
-}
-#endif
-
 /**
  * Check if we are done sending the write-buffer.
  * If so, transition into "next_state".
@@ -1549,122 +1509,7 @@ MHD_connection_handle_read (struct MHD_Connection *connection)
   return MHD_YES;
 }
 
-#if HTTPS_SUPPORT
-int
-MHDS_connection_handle_read (struct MHD_Connection *connection)
-{
-  int ret;
-
-  connection->last_activity = time (NULL);
-
-  if (connection->s_state == MHDS_CONNECTION_CLOSED)
-    return MHD_NO;
-
-  /* discover content type */
-  unsigned char msg_type;
-  if (recv (connection->socket_fd, &msg_type, 1, MSG_PEEK) == -1)
-    {
-#if HAVE_MESSAGES
-      MHD_DLOG (connection->daemon, "Failed to peek into TLS content type\n");
-#endif
-      return MHD_NO;
-    }
-
-  switch (msg_type)
-    {
-    case GNUTLS_CHANGE_CIPHER_SPEC:
-
-      break;
-    case GNUTLS_ALERT:
-      /*
-       * this call of _gnutls_recv_int expects 0 bytes read.
-       * done to decrypt alert message
-       */
-      _gnutls_recv_int (connection->tls_session, GNUTLS_ALERT,
-                        GNUTLS_HANDSHAKE_FINISHED, 0);
-
-      /* CLOSE_NOTIFY */
-      if (connection->tls_session->internals.last_alert ==
-          GNUTLS_A_CLOSE_NOTIFY)
-        {
-          gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR);
-          connection->tls_session->internals.read_eof = 1;
-          connection->socket_fd = -1;
-          gnutls_deinit (connection->tls_session);
-          return MHD_YES;
-        }
-      /* non FATAL or WARNING */
-      else if (connection->tls_session->internals.last_alert !=
-               GNUTLS_AL_FATAL)
-        {
-#if HAVE_MESSAGES
-          MHD_DLOG (connection->daemon,
-                    "Received TLS alert: %s\n",
-                    gnutls_alert_get_name ((int) connection->tls_session->
-                                           internals.last_alert));
-#endif
-          return MHD_YES;
-        }
-      /* FATAL */
-      else if (connection->tls_session->internals.last_alert ==
-               GNUTLS_AL_FATAL)
-        {
-          connection->tls_session->internals.resumable = RESUME_FALSE;
-          connection->tls_session->internals.valid_connection = VALID_FALSE;
-          connection->socket_fd = -1;
-          gnutls_deinit (connection->tls_session);
-
-          return MHD_NO;
-        }
-      /* this should never execut */
-      else
-        {
-#if HAVE_MESSAGES
-          MHD_DLOG (connection->daemon,
-                    "Received unrecognized alert: %s\n",
-                    connection->tls_session->internals.last_alert);
-#endif
-          return MHD_NO;
-        }
-
-
-      /* forward application level content to MHD */
-    case GNUTLS_APPLICATION_DATA:
-      return MHD_connection_handle_read (connection);
-
-    case GNUTLS_HANDSHAKE:
-      ret = gnutls_handshake (connection->tls_session);
-      if (ret == 0)
-        {
-          connection->s_state = MHDS_HANDSHAKE_COMPLETE;
-          connection->state = MHD_CONNECTION_INIT;
-        }
-      /* set connection as closed */
-      else
-        {
-#if HAVE_MESSAGES
-          MHD_DLOG (connection->daemon,
-                    "Error: Handshake has failed (%s)\n",
-                    ret);
-#endif
-          connection->s_state = MHDS_HANDSHAKE_FAILED;
-          gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR);
-          gnutls_deinit (connection->tls_session);
-          connection->socket_fd = -1;
-          return MHD_NO;
-
-        }
-      break;
-    case GNUTLS_INNER_APPLICATION:
-      break;
-    }
-
-  return MHD_YES;
-}
-#endif
-
-
-int
+static int
 MHD_con_write (struct MHD_Connection *connection)
 {
   return SEND (connection->socket_fd,
@@ -1674,19 +1519,6 @@ MHD_con_write (struct MHD_Connection *connection)
                connection->write_buffer_send_offset, MSG_NOSIGNAL);
 }
 
-#if HTTPS_SUPPORT
-ssize_t
-MHDS_con_write (struct MHD_Connection * connection)
-{
-  ssize_t sent = gnutls_record_send (connection->tls_session,
-                                     &connection->write_buffer[connection->
-                                                               write_buffer_send_offset],
-                                     connection->write_buffer_append_offset
-                                     - connection->write_buffer_send_offset);
-  return sent;
-}
-#endif
-
 /**
  * This function was created to handle writes to sockets when it has
  * been determined that the socket can be written to. All
@@ -1849,52 +1681,6 @@ MHD_connection_handle_write (struct MHD_Connection *connection)
   return MHD_YES;
 }
 
-#if HTTPS_SUPPORT
-int
-MHDS_connection_handle_write (struct MHD_Connection *connection)
-{
-  connection->last_activity = time (NULL);
-  while (1)
-    {
-#if HAVE_MESSAGES
-      MHD_DLOG (connection->daemon, "MHDS reached case: %d, l: %d, f: %s\n",
-                connection->s_state, __LINE__, __FUNCTION__);
-#endif
-      switch (connection->s_state)
-        {
-
-          /* these cases shouldn't occur */
-        case MHDS_CONNECTION_INIT:
-          // TODO do we have to write back a responce ?
-        case MHDS_HANDSHAKE_FAILED:
-          /* we should first exit MHDS_REPLY_SENDING */
-        case MHDS_REQUEST_READING:
-          /* these should go through the idle state at first */
-        case MHDS_REQUEST_READ:
-          connection->s_state = MHDS_REPLY_SENDING;
-          do_write (connection);
-          break;
-
-        case MHDS_CONNECTION_CLOSED:
-          if (connection->socket_fd != -1)
-            connection_close_error (connection);
-          return MHD_NO;
-        case MHDS_HANDSHAKE_COMPLETE:
-
-        case MHDS_REPLY_SENDING:
-          do_write (connection);
-          // TODO check write done
-          break;
-
-        case MHDS_REPLY_READY:
-          /* switch to MHDS_REPLY_SENDING through idle */
-          break;
-        }
-    }
-  return MHD_YES;
-}
-#endif
-
 /**
  * This function was created to handle per-connection processing that
  * has to happen even if the socket cannot be read or written to.  All
@@ -2223,77 +2009,14 @@ MHD_connection_handle_idle (struct MHD_Connection *connection)
 
 }
 
-#if HTTPS_SUPPORT
 int
-MHDS_connection_handle_idle (struct MHD_Connection *connection)
+MHD_set_http_calbacks (struct MHD_Connection *connection)
 {
-  unsigned int timeout;
-  const char *end;
-  char *line;
-  ssize_t msgLength;
-  while (1)
-    {
-#if HAVE_MESSAGES
-      MHD_DLOG (connection->daemon, "MHDS reached case: %d, l: %d, f: %s\n",
-                connection->s_state, __LINE__, __FUNCTION__);
-#endif
-      switch (connection->s_state)
-        {
-        case MHDS_HANDSHAKE_FAILED:
-          connection->socket_fd = -1;
-        case MHDS_CONNECTION_INIT:
-          /* wait for request */
-        case MHDS_HANDSHAKE_COMPLETE:
-
-        case MHDS_REPLY_SENDING:
-          connection->s_state = MHDS_REPLY_SENT;
-          break;
-
-        case MHDS_REPLY_READY:
-          /* send data for encryption */
-          //memcpy (connection->write_buffer,
-          //connection->tls_session->internals.application_data_buffer.
-          //        data, connection->write_buffer_size);
-          //connection->s_state = MHDS_REPLY_SENDING;
-          break;
-
-        case MHDS_REQUEST_READING:
-          // TODO mv handshake here
-          connection->s_state = MHDS_REQUEST_READ;
-
-        case MHDS_REQUEST_READ:
-          /* pipe data to HTTP state machine */
-
-          // msgLength = connection->tls_session->internals.application_data_buffer.length;
-          // memcpy (connection->tls_session->internals.application_data_buffer.data, connection->read_buffer, msgLength);
-          // connection->read_buffer_offset = msgLength;
-          /* pass connection to MHD */
-          MHD_connection_handle_idle (connection);
-
-          break;
-
-        case MHDS_CONNECTION_CLOSED:
-          if (connection->socket_fd != -1)
-            connection_close_error (connection);
-          break;
-
-        default:
-          EXTRA_CHECK (0);
-          break;
-        }
-      break;
-    }
-
-  timeout = connection->daemon->connection_timeout;
-
-  if ((connection->socket_fd != -1) && (timeout != 0)
-      && (time (NULL) - timeout > connection->last_activity))
-    {
-      connection_close_error (connection);
-      return MHD_NO;
-    }
-  return MHD_YES;
+  connection->recv_cls = &MHD_con_read;
+  connection->send_cls = &MHD_con_write;
+  connection->read_handler = &MHD_connection_handle_read;
+  connection->write_handler = &MHD_connection_handle_write;
+  connection->idle_handler = &MHD_connection_handle_idle;
 }
-#endif
 
 /* end of connection.c */
diff --git a/src/daemon/connection.h b/src/daemon/connection.h
index ee96cfc4..6df81e77 100644
--- a/src/daemon/connection.h
+++ b/src/daemon/connection.h
@@ -40,50 +40,9 @@ MHD_connection_get_fdset (struct MHD_Connection *connection,
                           fd_set * write_fd_set,
                           fd_set * except_fd_set, int *max_fd);
 
-/**
- * This function handles a particular connection when it has been
- * determined that there is data to be read off a socket. All implementations
- * (multithreaded, external select, internal select) call this function
- * to handle reads.
- *
- * @return MHD_YES if we should continue to process the
- *         connection (not dead yet), MHD_NO if it died
- */
-int MHD_connection_handle_read (struct MHD_Connection *connection);
-
-
-/**
- * This function was created to handle writes to sockets when it has been
- * determined that the socket can be written to. If there is no data
- * to be written, however, the function call does nothing. All implementations
- * (multithreaded, external select, internal select) call this function
- *
- * @return MHD_YES if we should continue to process the
- *         connection (not dead yet), MHD_NO if it died
- */
-int MHD_connection_handle_write (struct MHD_Connection *connection);
-
-
-/**
- * This function was created to handle per-connection processing that
- * has to happen even if the socket cannot be read or written to.  All
- * implementations (multithreaded, external select, internal select)
- * call this function.
- *
- * @return MHD_YES if we should continue to process the
- *         connection (not dead yet), MHD_NO if it died
- */
-int MHD_connection_handle_idle (struct MHD_Connection *connection);
-
-int MHD_con_read(struct MHD_Connection *connection);
-int MHD_con_write(struct MHD_Connection *connection);
-
+int MHD_set_http_calbacks (struct MHD_Connection *connection);
 #if HTTPS_SUPPORT
-int MHDS_connection_handle_read(struct MHD_Connection *connection);
-int MHDS_connection_handle_write(struct MHD_Connection *connection);
-int MHDS_connection_handle_idle(struct MHD_Connection *connection);
-
-ssize_t MHDS_con_read(struct MHD_Connection *connection);
-ssize_t MHDS_con_write(struct MHD_Connection *connection);
+int MHD_set_https_calbacks (struct MHD_Connection *connection);
 #endif
+
 #endif
diff --git a/src/daemon/connection_https.c b/src/daemon/connection_https.c
new file mode 100644
index 00000000..f3b44bc3
--- /dev/null
+++ b/src/daemon/connection_https.c
@@ -0,0 +1,309 @@
+/*
+     This file is part of libmicrohttpd
+     (C) 2007, 2008 Daniel Pittman and Christian Grothoff
+
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation; either
+     version 2.1 of the License, or (at your option) any later version.
+
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+*/
+
+/**
+ * @file connection.c
+ * @brief  Methods for managing SSL/TLS connections. This file is only
+ *         compiled if ENABLE_HTTPS is set.
+ * @author Sagie Amir
+ * @author Christian Grothoff
+ */
+
+#include "internal.h"
+#include "connection.h"
+#include "memorypool.h"
+#include "response.h"
+#include "reason_phrase.h"
+
+// get opaque type
+#include "gnutls_int.h"
+
+// TODO clean
+#undef MAX
+#define MAX(a,b) ((a)<(b)) ? (b) : (a)
+#undef MIN
+#define MIN(a,b) ((a)<(b)) ? (a) : (b)
+
+// TODO rm - appears in a switch default clause
+#if EXTRA_CHECKS
+#define EXTRA_CHECK(a) if (!(a)) abort();
+#else
+#define EXTRA_CHECK(a)
+#endif
+
+/* forward declarations used when setting secure connection callbacks */
+int MHD_connection_handle_read (struct MHD_Connection *connection);
+int MHD_connection_handle_write (struct MHD_Connection *connection);
+int MHD_connection_handle_idle (struct MHD_Connection *connection);
+
+// TODO rm - appears in a switch default clause
+static void
+connection_close_error (struct MHD_Connection *connection)
+{
+  SHUTDOWN (connection->socket_fd, SHUT_RDWR);
+  CLOSE (connection->socket_fd);
+  connection->socket_fd = -1;
+  connection->state = MHD_CONNECTION_CLOSED;
+  if (connection->daemon->notify_completed != NULL)
+    connection->daemon->notify_completed (connection->daemon->
+                                          notify_completed_cls, connection,
+                                          &connection->client_context,
+                                          MHD_REQUEST_TERMINATED_WITH_ERROR);
+}
+
+/* get cipher spec for this connection */
+gnutls_cipher_algorithm_t
+MHDS_get_session_cipher (struct MHD_Connection *session)
+{
+  return gnutls_cipher_get (session->tls_session);
+}
+
+gnutls_mac_algorithm_t
+MHDS_get_session_mac (struct MHD_Connection * session)
+{
+  return gnutls_mac_get (session->tls_session);
+}
+
+gnutls_compression_method_t
+MHDS_get_session_compression (struct MHD_Connection * session)
+{
+  return gnutls_compression_get (session->tls_session);
+}
+
+gnutls_certificate_type_t
+MHDS_get_session_cert_type (struct MHD_Connection * session)
+{
+  return gnutls_certificate_type_get (session->tls_session);
+}
+
+static ssize_t
+MHDS_con_read (struct MHD_Connection *connection)
+{
+  ssize_t size = gnutls_record_recv (connection->tls_session,
+                                     &connection->read_buffer[connection->
+                                                              read_buffer_offset],
+                                     connection->read_buffer_size);
+  return size;
+}
+
+static ssize_t
+MHDS_con_write (struct MHD_Connection *connection)
+{
+  ssize_t sent = gnutls_record_send (connection->tls_session,
+                                     &connection->write_buffer[connection->
+                                                               write_buffer_send_offset],
+                                     connection->write_buffer_append_offset
+                                     - connection->write_buffer_send_offset);
+  return sent;
+}
+
+int
+MHDS_connection_handle_idle (struct MHD_Connection *connection)
+{
+  unsigned int timeout;
+  const char *end;
+  char *line;
+  ssize_t msgLength;
+  while (1)
+    {
+#if HAVE_MESSAGES
+      MHD_DLOG (connection->daemon, "MHDS reached case: %d, l: %d, f: %s\n",
+                connection->s_state, __LINE__, __FUNCTION__);
+#endif
+      switch (connection->s_state)
+        {
+        case MHDS_HANDSHAKE_FAILED:
+          connection->socket_fd = -1;
+        case MHDS_CONNECTION_INIT:
+          /* wait for request */
+        case MHDS_HANDSHAKE_COMPLETE:
+
+        case MHDS_CONNECTION_CLOSED:
+          if (connection->socket_fd != -1)
+            connection_close_error (connection);
+          break;
+
+        default:
+          EXTRA_CHECK (0);
+          break;
+        }
+      break;
+    }
+
+  timeout = connection->daemon->connection_timeout;
+
+  if ((connection->socket_fd != -1) && (timeout != 0)
+      && (time (NULL) - timeout > connection->last_activity))
+    {
+      connection_close_error (connection);
+      return MHD_NO;
+    }
+  return MHD_YES;
+}
+
+int
+MHDS_connection_handle_read (struct MHD_Connection *connection)
+{
+  int ret;
+
+  connection->last_activity = time (NULL);
+
+  if (connection->s_state == MHDS_CONNECTION_CLOSED)
+    return MHD_NO;
+
+  /* discover content type */
+  unsigned char msg_type;
+  if (recv (connection->socket_fd, &msg_type, 1, MSG_PEEK) == -1)
+    {
+#if HAVE_MESSAGES
+      MHD_DLOG (connection->daemon, "Failed to peek into TLS content type\n");
+#endif
+      return MHD_NO;
+    }
+
+  switch (msg_type)
+    {
+    case GNUTLS_CHANGE_CIPHER_SPEC:
+
+      break;
+    case GNUTLS_ALERT:
+      /*
+       * this call of _gnutls_recv_int expects 0 bytes read.
+       * done to decrypt alert message
+       */
+      _gnutls_recv_int (connection->tls_session, GNUTLS_ALERT,
+                        GNUTLS_HANDSHAKE_FINISHED, 0);
+
+      /* CLOSE_NOTIFY */
+      if (connection->tls_session->internals.last_alert ==
+          GNUTLS_A_CLOSE_NOTIFY)
+        {
+          gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR);
+          connection->tls_session->internals.read_eof = 1;
+          connection->socket_fd = -1;
+          gnutls_deinit (connection->tls_session);
+          return MHD_YES;
+        }
+      /* non FATAL or WARNING */
+      else if (connection->tls_session->internals.last_alert !=
+               GNUTLS_AL_FATAL)
+        {
+#if HAVE_MESSAGES
+          MHD_DLOG (connection->daemon,
+                    "Received TLS alert: %s\n",
+                    gnutls_alert_get_name ((int) connection->tls_session->
+                                           internals.last_alert));
+#endif
+          return MHD_YES;
+        }
+      /* FATAL */
+      else if (connection->tls_session->internals.last_alert ==
+               GNUTLS_AL_FATAL)
+        {
+          connection->tls_session->internals.resumable = RESUME_FALSE;
+          connection->tls_session->internals.valid_connection = VALID_FALSE;
+          connection->socket_fd = -1;
+          gnutls_deinit (connection->tls_session);
+
+          return MHD_NO;
+        }
+      /* this should never execut */
+      else
+        {
+#if HAVE_MESSAGES
+          MHD_DLOG (connection->daemon,
+                    "Received unrecognized alert: %s\n",
+                    connection->tls_session->internals.last_alert);
+#endif
+          return MHD_NO;
+        }
+
+
+      /* forward application level content to MHD */
+    case GNUTLS_APPLICATION_DATA:
+      return MHD_connection_handle_read (connection);
+
+    case GNUTLS_HANDSHAKE:
+      ret = gnutls_handshake (connection->tls_session);
+      if (ret == 0)
+        {
+          connection->s_state = MHDS_HANDSHAKE_COMPLETE;
+          connection->state = MHD_CONNECTION_INIT;
+        }
+      /* set connection as closed */
+      else
+        {
+#if HAVE_MESSAGES
+          MHD_DLOG (connection->daemon,
+                    "Error: Handshake has failed (%s)\n", ret);
+#endif
+          connection->s_state = MHDS_HANDSHAKE_FAILED;
+          gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR);
+          gnutls_deinit (connection->tls_session);
+          connection->socket_fd = -1;
+          return MHD_NO;
+
+        }
+      break;
+    case GNUTLS_INNER_APPLICATION:
+      break;
+    }
+
+  return MHD_YES;
+}
+
+int
+MHDS_connection_handle_write (struct MHD_Connection *connection)
+{
+  connection->last_activity = time (NULL);
+  while (1)
+    {
+#if HAVE_MESSAGES
+      MHD_DLOG (connection->daemon, "MHDS reached case: %d, l: %d, f: %s\n",
+                connection->s_state, __LINE__, __FUNCTION__);
+#endif
+      switch (connection->s_state)
+        {
+
+          /* these cases shouldn't occur */
+        case MHDS_HANDSHAKE_COMPLETE:
+        case MHDS_CONNECTION_INIT:
+          // TODO do we have to write back a responce ?
+        case MHDS_HANDSHAKE_FAILED:
+          /* we should first exit MHDS_REPLY_SENDING */
+
+        case MHDS_CONNECTION_CLOSED:
+          if (connection->socket_fd != -1)
+            connection_close_error (connection);
+          return MHD_NO;
+        }
+    }
+  return MHD_YES;
+}
+
+int
+MHD_set_https_calbacks (struct MHD_Connection *connection)
+{
+  connection->recv_cls = &MHDS_con_read;
+  connection->send_cls = &MHDS_con_write;
+  connection->read_handler = &MHDS_connection_handle_read;
+  connection->write_handler = &MHD_connection_handle_write;
+  connection->idle_handler = &MHD_connection_handle_idle;
+}
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c
index d667b5cb..937cd642 100644
--- a/src/daemon/daemon.c
+++ b/src/daemon/daemon.c
@@ -28,7 +28,9 @@
 #include "response.h"
 #include "connection.h"
 #include "memorypool.h"
-#include "gnutls.h"
+
+#include "gnutls_int.h"
+#include "gnutls_datum.h"
 
 /**
  * Default connection limit.
@@ -53,97 +55,86 @@
 #define DEBUG_CONNECT MHD_NO
 
 #if HTTPS_SUPPORT
-// TODO rm
-static void
-tls_log_func (int level, const char *str)
-{
-  fprintf (stdout, "|<%d>| %s", level, str);
-}
-
-/**
- * Initialize security aspects of the HTTPS daemon 
- */
+/* initialize security aspects of the HTTPS daemon */
 static int
-MHDS_init (struct MHD_Daemon *daemon)
-{
-  // TODO rm
-  gnutls_global_set_log_level (11);
-  gnutls_global_set_log_function (tls_log_func);
-
-  gnutls_global_init ();
-
-  /* Generate Diffie Hellman parameters - for use with DHE kx algorithms. */
-  // TODO should we be initializing RSA params or DH params ?
-  gnutls_dh_params_init (&daemon->dh_params);
-  gnutls_dh_params_generate2 (daemon->dh_params, DH_BITS);
-
-  // TODO rm NONE:+AES-256-CBC:+RSA:+SHA1:+COMP-NULL", NULL);
-  gnutls_priority_init (&daemon->priority_cache,
-                        "NONE:+AES-256-CBC:+RSA:+SHA1:+COMP-NULL", NULL);
-
-  /* setup server certificate */
-  gnutls_certificate_allocate_credentials (&daemon->x509_cret);
-
-  // TODO remove if unused
-  /* add trusted CAs to certificate */
-  // gnutls_certificate_set_x509_trust_file(x509_cret, CAFILE,GNUTLS_X509_FMT_PEM);
-
-  /* add Certificate revocation list to certificate */
-  //gnutls_certificate_set_x509_crl_file(x509_cret, CRLFILE, GNUTLS_X509_FMT_PEM);
-
-  /* sets a certificate private key pair */
-  if (daemon->https_cert_path && daemon->https_key_path )
-    {
-      /* test for private key & certificate file exsitance */
-      FILE *cert_file = fopen (daemon->https_cert_path, "r");
-      FILE *key_file = fopen (daemon->https_key_path, "r");
-      if (key_file == NULL || cert_file == NULL)
-        {
-          printf ("missing cert files");
-#if HAVE_MESSAGES
-          MHD_DLOG (daemon, "Missing X.509 key or certificate file\n");
-#endif
-          free (daemon);
-          CLOSE (daemon->socket_fd);
-          return MHD_NO;
-        }
-      fclose (cert_file);
-      fclose (key_file);
-      gnutls_certificate_set_x509_key_file (daemon->x509_cret,
-                                            daemon->https_cert_path,
-                                            daemon->https_key_path,
-                                            GNUTLS_X509_FMT_PEM);
-    }
-  else if (daemon->https_mem_cert && daemon->https_mem_key )
-    {
-      // TODO free
-      gnutls_datum_t * key = ( gnutls_datum_t * ) malloc (sizeof(gnutls_datum_t));
-      gnutls_datum_t * cert = ( gnutls_datum_t * ) malloc (sizeof(gnutls_datum_t));
-
-      _gnutls_set_datum_m(key,daemon->https_mem_key,strlen (daemon->https_mem_key), &malloc);
-      _gnutls_set_datum_m(cert,daemon->https_mem_cert,strlen (daemon->https_mem_cert), &malloc);
-
-      gnutls_certificate_set_x509_key_mem (daemon->x509_cret, cert, key,
-                                           GNUTLS_X509_FMT_PEM);
-      printf("");
-    }
-  else
-    {
-#if HAVE_MESSAGES
-      MHD_DLOG (daemon, "Failed to load certificate\n");
-#endif
-      return MHD_NO;
-    }
+MHDS_init (struct MHD_Daemon *daemon){
+  gnutls_global_set_log_function (MHD_tls_log_func);
+    /* TODO let user access log level */
+
+    /* setup server certificate */
+    gnutls_certificate_allocate_credentials (&daemon->x509_cret);
+
+    /* Generate Diffie Hellman parameters - for use with DHE kx algorithms. */
+    // TODO should we be initializing RSA params or DH params ?
+
+    gnutls_dh_params_init (&daemon->dh_params);
+    gnutls_dh_params_generate2 (daemon->dh_params, 1024);
+
+    // TODO remove if unused
+    /* add trusted CAs to certificate */
+    // gnutls_certificate_set_x509_trust_file(x509_cret, CAFILE,GNUTLS_X509_FMT_PEM);
+
+    /* add Certificate revocation list to certificate */
+    //gnutls_certificate_set_x509_crl_file(x509_cret, CRLFILE, GNUTLS_X509_FMT_PEM);
+
+    /* sets a certificate private key pair */
+    if (daemon->https_cert_path && daemon->https_key_path)
+      {
+        /* test for private key & certificate file exsitance */
+        if (access (daemon->https_cert_path, R_OK))
+          {
+  #if HAVE_MESSAGES
+            MHD_DLOG (daemon, "Missing X.509 certificate file\n");
+  #endif
+            free (daemon);
+            CLOSE (daemon->socket_fd);
+            return -1;
+          }
+
+        if (access (daemon->https_key_path, R_OK))
+          {
+  #if HAVE_MESSAGES
+            MHD_DLOG (daemon, "Missing X.509 key file\n");
+  #endif
+            free (daemon);
+            CLOSE (daemon->socket_fd);
+            return -1;
+          }
+        gnutls_certificate_set_x509_key_file (daemon->x509_cret,
+                                              daemon->https_cert_path,
+                                              daemon->https_key_path,
+                                              GNUTLS_X509_FMT_PEM);
+      }
+    else if (daemon->https_mem_cert && daemon->https_mem_key)
+      {
+        gnutls_datum_t *key =
+          (gnutls_datum_t *) malloc (sizeof (gnutls_datum_t));
+        gnutls_datum_t *cert =
+          (gnutls_datum_t *) malloc (sizeof (gnutls_datum_t));
+
+        _gnutls_set_datum_m (key, daemon->https_mem_key,
+                             strlen (daemon->https_mem_key), &malloc);
+        _gnutls_set_datum_m (cert, daemon->https_mem_cert,
+                             strlen (daemon->https_mem_cert), &malloc);
+
+        gnutls_certificate_set_x509_key_mem (daemon->x509_cret, cert, key,
+                                             GNUTLS_X509_FMT_PEM);
+      }
+    else
+      {
+  #if HAVE_MESSAGES
+        MHD_DLOG (daemon, "Failed to load certificate\n");
+  #endif
+        return MHD_NO;
+      }
 
-  gnutls_certificate_set_dh_params (daemon->x509_cret, daemon->dh_params);
+    gnutls_certificate_set_dh_params (daemon->x509_cret, daemon->dh_params);
 
-  // TODO address error case return value
-  return MHD_YES;
+    // TODO address error case return value
+    return MHD_YES;
 }
 #endif
 
-
-
 /**
  * Obtain the select sets for this daemon.
  *
@@ -257,7 +248,7 @@ MHD_handle_connection (void *data)
 
 #if 0
 /* TODO rm if unused - gnutls parameter adapter , used to set gnutls pull function */
-long
+static long
 gnutls_pull_param_adapter (void *connection, void *other, unsigned long i)
 {
   ssize_t bytes;
@@ -268,7 +259,7 @@ gnutls_pull_param_adapter (void *connection, void *other, unsigned long i)
 
 }
 
-long
+static long
 gnutls_push_param_adapter (void *connection,
                            const void *other, unsigned long i)
 {
@@ -311,7 +302,7 @@ MHDS_handle_connection (void *data)
 
   gnutls_transport_set_ptr (tls_session, con->socket_fd);
 
-  MHD_handle_connection (data);
+  return MHD_handle_connection (data);
 }
 #endif
 
@@ -454,21 +445,12 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
   connection->daemon = daemon;
 
   /* set default connection handlers  */
-  connection->recv_cls = &MHD_con_read;
-  connection->send_cls = &MHD_con_write;
-  connection->read_handler = &MHD_connection_handle_read;
-  connection->write_handler = &MHD_connection_handle_write;
-  connection->idle_handler = &MHD_connection_handle_idle;
+  MHD_set_http_calbacks (connection);
 
 #if HTTPS_SUPPORT
   if (daemon->options & MHD_USE_SSL)
     {
-      /* set HTTPS connection handlers  */
-      connection->recv_cls = &MHDS_con_read;
-      connection->send_cls = &MHDS_con_write;
-      connection->read_handler = &MHDS_connection_handle_read;
-      connection->write_handler = &MHD_connection_handle_write;
-      connection->idle_handler = &MHD_connection_handle_idle;
+      MHD_set_https_calbacks (connection);
     }
 #endif
 
@@ -739,6 +721,27 @@ MHD_select_thread (void *cls)
   return NULL;
 }
 
+/* TODO unite with code in gnutls_priority.c */
+/* this is used to set HTTPS related daemon priorities */
+inline static int
+_set_priority (priority_st * st, const int *list)
+{
+  int num = 0, i;
+
+  while (list[num] != 0)
+    num++;
+  if (num > MAX_ALGOS)
+    num = MAX_ALGOS;
+  st->algorithms = num;
+
+  for (i = 0; i < num; i++)
+    {
+      st->priority[i] = list[i];
+    }
+
+  return 0;
+}
+
 /**
  * Start a webserver on the given port.
  *
@@ -758,7 +761,7 @@ MHD_start_daemon (unsigned int options,
                   MHD_AccessHandlerCallback dh, void *dh_cls, ...)
 {
   const int on = 1;
-  struct MHD_Daemon *retVal;
+  struct MHD_Daemon * retVal;
 
   /* listeningss sockets used by the daemon */
   int socket_fd;
@@ -851,6 +854,13 @@ MHD_start_daemon (unsigned int options,
   retVal->max_connections = MHD_MAX_CONNECTIONS_DEFAULT;
   retVal->pool_size = MHD_POOL_SIZE_DEFAULT;
   retVal->connection_timeout = 0;       /* no timeout */
+  if (options & MHD_USE_SSL)
+    {
+      gnutls_global_init ();
+      gnutls_priority_init (&retVal->priority_cache,
+                            "NONE:+AES-256-CBC:+RSA:+SHA1:+COMP-NULL", NULL);
+    }
+
 
   /* initializes the argument pointer variable */
   va_start (ap, dh_cls);
@@ -890,6 +900,14 @@ MHD_start_daemon (unsigned int options,
         case MHD_OPTION_HTTPS_MEM_CERT:
           retVal->https_mem_cert = va_arg (ap, const char *);
           break;
+        case MHDS_KX_PRIORITY:
+          _set_priority (&retVal->priority_cache->kx,
+                         va_arg (ap, const int *));
+          break;
+        case MHDS_CIPHER_ALGORITHM:
+          _set_priority (&retVal->priority_cache->cipher,
+                         va_arg (ap, const int *));
+          break;
         default:
 #if HAVE_MESSAGES
           fprintf (stderr,
diff --git a/src/daemon/https/errcodes.c b/src/daemon/https/errcodes.c
index 96d04240..0177eccc 100644
--- a/src/daemon/https/errcodes.c
+++ b/src/daemon/https/errcodes.c
@@ -15,7 +15,6 @@ typedef struct
   int error_index;
 } error_name;
 
-
 static int
 compar (const void *_n1, const void *_n2)
 {
@@ -23,43 +22,3 @@ compar (const void *_n1, const void *_n2)
     *n2 = (const error_name *) _n2;
   return strcmp (n1->name, n2->name);
 }
-
-//int
-//main (int argc, char *argv[])
-//{
-//  int i, j;
-//  const char *desc;
-//  const char *_name;
-//  error_name names_to_sort[400];      /* up to 400 names  */
-//
-//  printf ("@table @code\n");
-//
-//  memset (names_to_sort, 0, sizeof (names_to_sort));
-//  j = 0;
-//  for (i = 0; i > -400; i--)
-//    {
-//      _name = _gnutls_strerror (i);
-//      if (_name == NULL)
-//      continue;
-//
-//      strcpy (names_to_sort[j].name, _name);
-//      names_to_sort[j].error_index = i;
-//      j++;
-//    }
-//
-//  qsort (names_to_sort, j, sizeof (error_name), compar);
-//
-//  for (i = 0; i < j; i++)
-//    {
-//      _name = names_to_sort[i].name;
-//      desc = gnutls_strerror (names_to_sort[i].error_index);
-//      if (desc == NULL || _name == NULL)
-//      continue;
-//
-//      printf ("@item %s:\n%s\n\n", _name, desc);
-//    }
-//
-//  printf ("@end table\n");
-//
-//  return 0;
-//}
diff --git a/src/daemon/https/includes/gnutls.h b/src/daemon/https/includes/gnutls.h
index 535e89ed..5178609b 100644
--- a/src/daemon/https/includes/gnutls.h
+++ b/src/daemon/https/includes/gnutls.h
@@ -93,8 +93,6 @@ extern "C"
     GNUTLS_KX_RSA_EXPORT,
     GNUTLS_KX_SRP_RSA,
     GNUTLS_KX_SRP_DSS,
-    GNUTLS_KX_PSK,
-    GNUTLS_KX_DHE_PSK
   } gnutls_kx_algorithm_t;
 
   typedef enum
@@ -318,7 +316,7 @@ extern "C"
   typedef struct gnutls_x509_privkey_int *gnutls_rsa_params_t;  /* XXX ugly. */
 
   struct gnutls_priority_st;
-  typedef struct gnutls_priority_st *gnutls_priority_t;
+  typedef struct gnutls_priority_st * gnutls_priority_t;
 
   typedef struct
   {
@@ -508,7 +506,7 @@ extern "C"
 
 /* if you just want some defaults, use the following.
  */
-  int gnutls_priority_init( gnutls_priority_t*, const char *priority, const char** err_pos);
+  int gnutls_priority_init( gnutls_priority_t * , const char *priority, const char** err_pos);
   void gnutls_priority_deinit( gnutls_priority_t);
 
   int gnutls_priority_set(gnutls_session_t session, gnutls_priority_t);
diff --git a/src/daemon/https/tls/auth_dh_common.c b/src/daemon/https/tls/auth_dh_common.c
index f1b82bf9..f6354cb6 100644
--- a/src/daemon/https/tls/auth_dh_common.c
+++ b/src/daemon/https/tls/auth_dh_common.c
@@ -23,7 +23,7 @@
  */
 
 /* This file contains common stuff in Ephemeral Diffie Hellman (DHE) and
- * Anonymous DH key exchange(DHA). These are used in the handshake procedure 
+ * Anonymous DH key exchange(DHA). These are used in the handshake procedure
  * of the certificate and anoymous authentication.
  */
 
@@ -86,29 +86,7 @@ _gnutls_proc_dh_common_client_kx (gnutls_session_t session,
   _gnutls_mpi_release (&session->key->client_Y);
   _gnutls_mpi_release (&session->key->dh_secret);
 
-
-  if (_gnutls_cipher_suite_get_kx_algo
-      (&session->security_parameters.current_cipher_suite)
-      != GNUTLS_KX_DHE_PSK)
-    {
-      ret = _gnutls_mpi_dprint (&session->key->key, session->key->KEY);
-    }
-  /* In DHE_PSK the key is set differently 
-  else                          
-    {
-      gnutls_datum_t tmp_dh_key;
-      ret = _gnutls_mpi_dprint (&tmp_dh_key, session->key->KEY);
-      if (ret < 0)
-        {
-          gnutls_assert ();
-          return ret;
-        }
-
-      ret = _gnutls_set_psk_session_key (session, &tmp_dh_key);
-      _gnutls_free_datum (&tmp_dh_key);
-
-    }
-    */
+  ret = _gnutls_mpi_dprint (&session->key->key, session->key->KEY);
 
   _gnutls_mpi_release (&session->key->KEY);
 
@@ -170,27 +148,7 @@ _gnutls_gen_dh_common_client_kx (gnutls_session_t session, opaque ** data)
   _gnutls_mpi_release (&session->key->client_p);
   _gnutls_mpi_release (&session->key->client_g);
 
-  if (_gnutls_cipher_suite_get_kx_algo
-      (&session->security_parameters.current_cipher_suite)
-      != GNUTLS_KX_DHE_PSK)
-    {
-      ret = _gnutls_mpi_dprint (&session->key->key, session->key->KEY);
-    }
-  /* In DHE_PSK the key is set differently 
-  else                         
-    {
-      gnutls_datum_t tmp_dh_key;
-      ret = _gnutls_mpi_dprint (&tmp_dh_key, session->key->KEY);
-      if (ret < 0)
-        {
-          gnutls_assert ();
-          goto error;
-        }
-
-      ret = _gnutls_set_psk_session_key (session, &tmp_dh_key);
-      _gnutls_free_datum (&tmp_dh_key);
-
-    }*/
+  ret = _gnutls_mpi_dprint (&session->key->key, session->key->KEY);
 
   _gnutls_mpi_release (&session->key->KEY);
 
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c
index 82bf9bf6..9921d076 100644
--- a/src/daemon/https/tls/gnutls_algorithms.c
+++ b/src/daemon/https/tls/gnutls_algorithms.c
@@ -29,7 +29,7 @@
 /* x509 */
 #include "common.h"
 
-/* Cred type mappings to KX algorithms 
+/* Cred type mappings to KX algorithms
  * FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require
  * more than one credentials type.
  */
@@ -57,12 +57,6 @@ static const gnutls_cred_map cred_mappings[] = {
   {GNUTLS_KX_DHE_RSA,
    GNUTLS_CRD_CERTIFICATE,
    GNUTLS_CRD_CERTIFICATE},
-  {GNUTLS_KX_PSK,
-   GNUTLS_CRD_PSK,
-   GNUTLS_CRD_PSK},
-  {GNUTLS_KX_DHE_PSK,
-   GNUTLS_CRD_PSK,
-   GNUTLS_CRD_PSK},
   {GNUTLS_KX_SRP,
    GNUTLS_CRD_SRP,
    GNUTLS_CRD_SRP},
@@ -197,7 +191,7 @@ struct gnutls_cipher_entry
 };
 typedef struct gnutls_cipher_entry gnutls_cipher_entry;
 
-/* Note that all algorithms are in CBC or STREAM modes. 
+/* Note that all algorithms are in CBC or STREAM modes.
  * Do not add any algorithms in other modes (avoid modified algorithms).
  * View first: "The order of encryption and authentication for
  * protecting communications" by Hugo Krawczyk - CRYPTO 2001
@@ -614,34 +608,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                              GNUTLS_MAC_SHA1, GNUTLS_TLS1),
 #endif
 
-  /* PSK */
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1,
-                             GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1,
-                             GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1,
-                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1,
-                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1),
-
-  /* DHE-PSK */
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1,
-                             GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1,
-                             GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1,
-                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1,
-                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1),
-
   /* SRP */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
                              GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
@@ -1689,8 +1655,8 @@ _gnutls_qsort (gnutls_session_t session,
                  compar);
 }
 
-/* a compare function for KX algorithms (using priorities). 
- * For use with qsort 
+/* a compare function for KX algorithms (using priorities).
+ * For use with qsort
  */
 static int
 _gnutls_compare_algo (gnutls_session_t session,
@@ -1894,7 +1860,7 @@ _gnutls_supported_ciphersuites (gnutls_session_t session,
 
 #define MIN_PRIVATE_COMP_ALGO 0xEF
 
-/* returns the TLS numbers of the compression methods we support 
+/* returns the TLS numbers of the compression methods we support
  */
 #define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.algorithms
 int
diff --git a/src/daemon/https/tls/gnutls_global.c b/src/daemon/https/tls/gnutls_global.c
index d019dcda..822293ac 100644
--- a/src/daemon/https/tls/gnutls_global.c
+++ b/src/daemon/https/tls/gnutls_global.c
@@ -27,10 +27,19 @@
 #include <libtasn1.h>
 #include <gnutls_dh.h>
 
+/* this is used in order to make the multi-threaded initialization call to libgcrypt */
+#include <pthread.h>
+#include <gcrypt.h>
+/* TODO fix :  needed by GCRY_THREAD_OPTION_PTHREAD_IMPL but missing otherwise */
+#define ENOMEM    12  /* Out of memory */
+
 #ifdef HAVE_WINSOCK
 # include <winsock2.h>
 #endif
 
+
+GCRY_THREAD_OPTION_PTHREAD_IMPL;
+
 #include "gettext.h"
 
 #define gnutls_log_func LOG_FUNC
@@ -57,7 +66,8 @@ ASN1_TYPE _gnutls_gnutls_asn;
  * gnutls_log_func is of the form, 
  * void (*gnutls_log_func)( int level, const char*);
  **/
-void gnutls_global_set_log_function(gnutls_log_func log_func)
+void
+gnutls_global_set_log_function (gnutls_log_func log_func)
 {
   _gnutls_log_func = log_func;
 }
@@ -74,7 +84,8 @@ void gnutls_global_set_log_function(gnutls_log_func log_func)
  * Use a log level over 10 to enable all debugging options.
  *
  **/
-void gnutls_global_set_log_level(int level)
+void
+gnutls_global_set_log_level (int level)
 {
   _gnutls_log_level = level;
 }
@@ -83,21 +94,20 @@ void gnutls_global_set_log_level(int level)
 /* default logging function */
 static void
 dlog (int level, const char *str)
-  {
-    fputs (str, stderr);
-  }
+{
+  fputs (str, stderr);
+}
 #endif
 
 extern gnutls_alloc_function gnutls_secure_malloc;
 extern gnutls_alloc_function gnutls_malloc;
 extern gnutls_free_function gnutls_free;
-extern int (*_gnutls_is_secure_memory)(const void *);
+extern int (*_gnutls_is_secure_memory) (const void *);
 extern gnutls_realloc_function gnutls_realloc;
-extern char *(*gnutls_strdup)(const char *);
-extern void *(*gnutls_calloc)(size_t,
-                              size_t);
+extern char *(*gnutls_strdup) (const char *);
+extern void *(*gnutls_calloc) (size_t, size_t);
 
-int _gnutls_is_secure_mem_null(const void *);
+int _gnutls_is_secure_mem_null (const void *);
 
 /**
  * gnutls_global_set_mem_functions - This function sets the memory allocation functions
@@ -116,13 +126,14 @@ int _gnutls_is_secure_mem_null(const void *);
  * This function must be called before gnutls_global_init() is called.
  *
  **/
-void gnutls_global_set_mem_functions(gnutls_alloc_function alloc_func,
-                                     gnutls_alloc_function
-                                     secure_alloc_func,
-                                     gnutls_is_secure_function
-                                     is_secure_func,
-                                     gnutls_realloc_function realloc_func,
-                                     gnutls_free_function free_func)
+void
+gnutls_global_set_mem_functions (gnutls_alloc_function alloc_func,
+                                 gnutls_alloc_function
+                                 secure_alloc_func,
+                                 gnutls_is_secure_function
+                                 is_secure_func,
+                                 gnutls_realloc_function realloc_func,
+                                 gnutls_free_function free_func)
 {
   gnutls_secure_malloc = secure_alloc_func;
   gnutls_malloc = alloc_func;
@@ -152,10 +163,10 @@ void gnutls_global_set_mem_functions(gnutls_alloc_function alloc_func,
 #ifdef DEBUG
 static void
 _gnutls_gcry_log_handler (void *dummy, int level,
-    const char *fmt, va_list list)
-  {
-    _gnutls_log (fmt, list);
-  }
+                          const char *fmt, va_list list)
+{
+  _gnutls_log (fmt, list);
+}
 #endif
 
 static int _gnutls_init = 0;
@@ -190,7 +201,8 @@ static int _gnutls_init = 0;
  * memory leak is also an option.
  *
  **/
-int gnutls_global_init(void)
+int
+gnutls_global_init (void)
 {
   int result = 0;
   int res;
@@ -200,41 +212,62 @@ int gnutls_global_init(void)
     return;
 
 #if HAVE_WINSOCK
+  {
+    WORD requested;
+    WSADATA data;
+    int err;
+
+    requested = MAKEWORD (1, 1);
+    err = WSAStartup (requested, &data);
+    if (err != 0)
+      {
+        _gnutls_debug_log ("WSAStartup failed: %d.\n", err);
+        return GNUTLS_E_LIBRARY_VERSION_MISMATCH;
+      }
+
+    if (data.wVersion < requested)
+      {
+        _gnutls_debug_log ("WSAStartup version check failed (%d < %d).\n",
+                           data.wVersion, requested);
+        WSACleanup ();
+        return GNUTLS_E_LIBRARY_VERSION_MISMATCH;
+      }
+  }
+#endif
+
+
+  // bindtextdomain("mhd", "./");
+
+  if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P) == 0)
     {
-      WORD requested;
-      WSADATA data;
-      int err;
+      const char *p;
 
-      requested = MAKEWORD (1, 1);
-      err = WSAStartup (requested, &data);
-      if (err != 0)
-        {
-          _gnutls_debug_log ("WSAStartup failed: %d.\n", err);
-          return GNUTLS_E_LIBRARY_VERSION_MISMATCH;
-        }
+      /* to enable multi-threading this call must precede any other call made to libgcrypt */
+      gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
 
-      if (data.wVersion < requested)
+      /* set p to point at the required version of gcrypt */
+      p = strchr(MHD_GCRYPT_VERSION, ':');
+      if (p == NULL)
+        p = MHD_GCRYPT_VERSION;
+      else
+        p++;
+
+      /* this call initializes libgcrypt */
+      if (gcry_check_version(p) == NULL)
         {
-          _gnutls_debug_log ("WSAStartup version check failed (%d < %d).\n",
-              data.wVersion, requested);
-          WSACleanup ();
-          return GNUTLS_E_LIBRARY_VERSION_MISMATCH;
+          gnutls_assert();
+          _gnutls_debug_log("Checking for libgcrypt failed '%s'\n", p);
+          return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY;
         }
-    }
-#endif
 
-  // TODO rm ? bindtextdomain(PACKAGE, LOCALEDIR);
-
-  if (gcry_control(GCRYCTL_ANY_INITIALIZATION_P) == 0)
-    {
       /* for gcrypt in order to be able to allocate memory */
-      gcry_set_allocation_handler(gnutls_malloc, gnutls_secure_malloc,
-                                  _gnutls_is_secure_memory, gnutls_realloc,
-                                  gnutls_free);
+      gcry_set_allocation_handler (gnutls_malloc, gnutls_secure_malloc,
+                                   _gnutls_is_secure_memory, gnutls_realloc,
+                                   gnutls_free);
 
       /* gcry_control (GCRYCTL_DISABLE_INTERNAL_LOCKING, NULL, 0); */
 
-      gcry_control(GCRYCTL_INITIALIZATION_FINISHED, NULL, 0);
+      gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0);
 
 #ifdef DEBUG
       /* applications may want to override that, so we only use
@@ -244,7 +277,7 @@ int gnutls_global_init(void)
 #endif
     }
 
-  if (gc_init() != GC_OK)
+  if (gc_init () != GC_OK)
     {
       gnutls_assert ();
       _gnutls_debug_log ("Initializing crypto backend failed\n");
@@ -267,16 +300,16 @@ int gnutls_global_init(void)
       return result;
     }
 
-  res = asn1_array2tree(gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
+  res = asn1_array2tree (gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
   if (res != ASN1_SUCCESS)
     {
-      asn1_delete_structure(&_gnutls_pkix1_asn);
-      result = _gnutls_asn2err(res);
+      asn1_delete_structure (&_gnutls_pkix1_asn);
+      result = _gnutls_asn2err (res);
       return result;
     }
 
   /* Initialize the gcrypt (if used random generator) */
-  gc_pseudo_random(&c, 1);
+  gc_pseudo_random (&c, 1);
 
   return result;
 }
@@ -291,16 +324,17 @@ int gnutls_global_init(void)
  * gnutls_global_init() for more information.
  *
  **/
-void gnutls_global_deinit(void)
+void
+gnutls_global_deinit (void)
 {
   if (_gnutls_init == 1)
     {
 #if HAVE_WINSOCK
       WSACleanup ();
 #endif
-      asn1_delete_structure(&_gnutls_gnutls_asn);
-      asn1_delete_structure(&_gnutls_pkix1_asn);
-      gc_done();
+      asn1_delete_structure (&_gnutls_gnutls_asn);
+      asn1_delete_structure (&_gnutls_pkix1_asn);
+      gc_done ();
     }
   _gnutls_init--;
 }
@@ -322,8 +356,9 @@ void gnutls_global_deinit(void)
  * PULL_FUNC is of the form, 
  * ssize_t (*gnutls_pull_func)(gnutls_transport_ptr_t, void*, size_t);
  **/
-void gnutls_transport_set_pull_function(gnutls_session_t session,
-                                        gnutls_pull_func pull_func)
+void
+gnutls_transport_set_pull_function (gnutls_session_t session,
+                                    gnutls_pull_func pull_func)
 {
   session->internals._gnutls_pull_func = pull_func;
 }
@@ -342,8 +377,9 @@ void gnutls_transport_set_pull_function(gnutls_session_t session,
  * PUSH_FUNC is of the form, 
  * ssize_t (*gnutls_push_func)(gnutls_transport_ptr_t, const void*, size_t);
  **/
-void gnutls_transport_set_push_function(gnutls_session_t session,
-                                        gnutls_push_func push_func)
+void
+gnutls_transport_set_push_function (gnutls_session_t session,
+                                    gnutls_push_func push_func)
 {
   session->internals._gnutls_push_func = push_func;
 }
@@ -366,9 +402,10 @@ void gnutls_transport_set_push_function(gnutls_session_t session,
  *   %NULL is passed to this function no check is done and only the
  *   version string is returned.
  **/
-const char * gnutls_check_version(const char *req_version)
+const char *
+gnutls_check_version (const char *req_version)
 {
-  if (!req_version || strverscmp(req_version, VERSION) <= 0)
+  if (!req_version || strverscmp (req_version, VERSION) <= 0)
     return VERSION;
 
   return NULL;
diff --git a/src/daemon/https/tls/gnutls_int.h b/src/daemon/https/tls/gnutls_int.h
index 5161c966..c1e501a0 100644
--- a/src/daemon/https/tls/gnutls_int.h
+++ b/src/daemon/https/tls/gnutls_int.h
@@ -28,9 +28,9 @@
 
 #include <defines.h>
 
-#include <gnutls.h>
-#include <extra.h>
-#include <gnutls_mem.h>
+#include "gnutls.h"
+#include "extra.h"
+#include "gnutls_mem.h"
 
 /* FIXME: delete this once opencdk has reentrant keyring functions
  */
@@ -210,7 +210,7 @@ struct gnutls_key_st
      */
     void *auth_info;
     gnutls_credentials_type_t auth_info_type;
-    int auth_info_size; /* needed in order to store to db for restoring 
+    int auth_info_size; /* needed in order to store to db for restoring
      */
     uint8_t crypt_algo;
 
@@ -424,7 +424,7 @@ typedef struct
 typedef struct
   {
     gnutls_buffer application_data_buffer; /* holds data to be delivered to application layer */
-    gnutls_buffer handshake_hash_buffer; /* used to keep the last received handshake 
+    gnutls_buffer handshake_hash_buffer; /* used to keep the last received handshake
      * message */
     mac_hd_t handshake_mac_handle_sha; /* hash of the handshake messages */
     mac_hd_t handshake_mac_handle_md5; /* hash of the handshake messages */
@@ -500,10 +500,12 @@ typedef struct
 
     int expire_time; /* after expire_time seconds this session will expire */
     struct mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */
+
+    /* TODO rm */
     int v2_hello; /* 0 if the client hello is v3+.
      * non-zero if we got a v2 hello.
      */
-    /* keeps the headers of the handshake packet 
+    /* keeps the headers of the handshake packet
      */
     handshake_header_buffer_st handshake_header_buffer;
 
@@ -653,8 +655,7 @@ struct gnutls_session_int
     gnutls_key_st key;
   };
 
-/* functions 
- */
+/* functions */
 void _gnutls_set_current_version(gnutls_session_t session,
                                  gnutls_protocol_t version);
 
diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c
index 1b20cd1a..29132f8a 100644
--- a/src/daemon/https/tls/gnutls_priority.c
+++ b/src/daemon/https/tls/gnutls_priority.c
@@ -32,10 +32,6 @@
 
 #define MAX_ELEMENTS 48
 
-static void break_comma_list (char *etag,
-                              char **broken_etag,
-                              int *elements, int max_elements, char sep);
-
 /**
  * gnutls_cipher_set_priority - Sets the priority on the ciphers supported by gnutls.
  * @session: is a #gnutls_session_t structure.
@@ -87,7 +83,6 @@ _set_priority (priority_st * st, const int *list)
     }
 
   return 0;
-
 }
 
 /**
@@ -215,7 +210,8 @@ gnutls_certificate_type_set_priority (gnutls_session_t session,
 }
 
 static const int protocol_priority[] = { GNUTLS_TLS1_1,
-  GNUTLS_TLS1_0, GNUTLS_SSL3,
+  GNUTLS_TLS1_0,
+  GNUTLS_SSL3,
   0
 };
 
@@ -336,10 +332,6 @@ int
 gnutls_priority_init (gnutls_priority_t * priority_cache,
                       const char *priorities, const char **err_pos)
 {
-  int broken_list_size, i, j;
-  char *darg;
-  int algo;
-
   *priority_cache = gnutls_calloc (1, sizeof (struct gnutls_priority_st));
   if (*priority_cache == NULL)
     {
@@ -354,8 +346,8 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
   _set_priority (&(*priority_cache)->mac, mac_priority_secure);
   _set_priority (&(*priority_cache)->cert_type, cert_type_priority);
   _set_priority (&(*priority_cache)->compression, comp_priority);
-  (*priority_cache)->no_padding = 0;
 
+  (*priority_cache)->no_padding = 0;
   return 0;
 }
 
@@ -412,40 +404,6 @@ gnutls_priority_set_direct (gnutls_session_t session,
   return 0;
 }
 
-/* Breaks a list of "xxx", "yyy", to a character array, of
- * MAX_COMMA_SEP_ELEMENTS size; Note that the given string is modified.
- */
-static void
-break_comma_list (char *etag,
-                  char **broken_etag,
-                  int *elements, int max_elements, char sep)
-{
-  char *p = etag;
-  if (sep == 0)
-    sep = ',';
-
-  *elements = 0;
-
-  do
-    {
-      broken_etag[*elements] = p;
-
-      (*elements)++;
-
-      p = strchr (p, sep);
-      if (p)
-        {
-          *p = 0;
-          p++;                  /* move to next entry and skip white
-                                 * space.
-                                 */
-          while (*p == ' ')
-            p++;
-        }
-    }
-  while (p != NULL && *elements < max_elements);
-}
-
 /**
  * gnutls_set_default_priority - Sets some default priority on the cipher suites supported by gnutls.
  * @session: is a #gnutls_session_t structure.
diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c
index f18fe97a..c05e27cb 100644
--- a/src/daemon/https/tls/gnutls_session_pack.c
+++ b/src/daemon/https/tls/gnutls_session_pack.c
@@ -49,21 +49,6 @@ static int unpack_certificate_auth_info (gnutls_session_t,
                                          const gnutls_datum_t *
                                          packed_session);
 
-static int unpack_srp_auth_info (gnutls_session_t session,
-                                 const gnutls_datum_t * packed_session);
-static int pack_srp_auth_info (gnutls_session_t session,
-                               gnutls_datum_t * packed_session);
-
-static int unpack_psk_auth_info (gnutls_session_t session,
-                                 const gnutls_datum_t * packed_session);
-static int pack_psk_auth_info (gnutls_session_t session,
-                               gnutls_datum_t * packed_session);
-
-static int unpack_anon_auth_info (gnutls_session_t session,
-                                  const gnutls_datum_t * packed_session);
-static int pack_anon_auth_info (gnutls_session_t session,
-                                gnutls_datum_t * packed_session);
-
 static int unpack_security_parameters (gnutls_session_t session,
                                        const gnutls_datum_t * packed_session);
 static int pack_security_parameters (gnutls_session_t session,
@@ -230,7 +215,7 @@ _gnutls_session_unpack (gnutls_session_t session,
 }
 
 
-/* Format: 
+/* Format:
  *      1 byte the credentials type
  *      4 bytes the size of the whole structure
  *        DH stuff
diff --git a/src/daemon/internal.c b/src/daemon/internal.c
index 8a56a6a6..a86c70d8 100644
--- a/src/daemon/internal.c
+++ b/src/daemon/internal.c
@@ -42,6 +42,13 @@ MHD_DLOG (const struct MHD_Daemon *daemon, const char *format, ...)
   VFPRINTF (stderr, format, va);
   va_end (va);
 }
+
+void
+MHD_tls_log_func (int level, const char *str)
+{
+  fprintf (stdout, "|<%d>| %s", level, str);
+}
+
 #endif
 
 /**
diff --git a/src/daemon/internal.h b/src/daemon/internal.h
index b916e22d..99566073 100644
--- a/src/daemon/internal.h
+++ b/src/daemon/internal.h
@@ -60,15 +60,13 @@
  */
 #define MHD_BUF_INC_SIZE 2048
 
-/* TLS Diffie-Hellman parameter */
-#define DH_BITS 1024
-
 #if HAVE_MESSAGES
 /**
  * fprintf-like helper function for logging debug
  * messages.
  */
 void MHD_DLOG (const struct MHD_Daemon *daemon, const char *format, ...);
+void MHD_tls_log_func (int level, const char *str);
 #endif
 
 /**
@@ -288,6 +286,11 @@ enum MHD_CONNECTION_STATE
 
 };
 
+
+/**
+ * States in a state machine for a secure SSL/TLS connection.
+ *
+ */
 enum MHDS_CONNECTION_STATE
 {
   /* initial HTTPS state */
@@ -297,20 +300,6 @@ enum MHDS_CONNECTION_STATE
 
   MHDS_HANDSHAKE_COMPLETE,
 
-  /* while receiving an HTTP request through the encrypted channel */
-  MHDS_REQUEST_READING,
-
-  /* msg waiting to be forwarded to the internal HTTP daemon */
-  MHDS_REQUEST_READ,
-
-  /* http msg waiting to be sent */
-  MHDS_REPLY_READY,
-
-  /* while receiving an HTTP request through the encrypted channel */
-  MHDS_REPLY_SENDING,
-
-  MHDS_REPLY_SENT,
-
   MHDS_CONNECTION_CLOSED
 };
 
@@ -558,9 +547,9 @@ struct MHD_Connection
   int (*send_cls) (struct MHD_Connection * connection);
 
 #if HTTPS_SUPPORT
+  /* TODO rename as this might be an SSL connection */
   gnutls_session_t tls_session;
 #endif
-
 };
 
 struct MHD_Daemon
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 2cf77f17..f65b0aba 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -349,6 +349,7 @@ enum MHD_OPTION
    */
   MHD_OPTION_PER_IP_CONNECTION_LIMIT = 5,
 
+#if HTTPS_SUPPORT
   // TODO rename
   /**
    * Filename for the private key (key.pem) to be used by the
@@ -383,6 +384,22 @@ enum MHD_OPTION
   * This should be used in conjunction with 'MHD_OPTION_HTTPS_MEM_KEY'.
   */
   MHD_OPTION_HTTPS_MEM_CERT = 9,
+
+
+  /*
+   * Memory pointer to a zero terminated int array representing the
+   * cipher priority order to which the HTTPS daemon should adhere.
+   * "const int *" argument.
+   */
+  MHDS_CIPHER_ALGORITHM,
+
+  /*
+   * Memory pointer to a zero terminated int array representing the
+   * key exchange algorithm priority order to which the HTTPS daemon should adhere.
+   * "const int *" argument.
+   */
+  MHDS_KX_PRIORITY,
+#endif
 };
 
 /**
diff --git a/src/testcurl/https/Makefile.am b/src/testcurl/https/Makefile.am
index 36f97082..4dab41dc 100644
--- a/src/testcurl/https/Makefile.am
+++ b/src/testcurl/https/Makefile.am
@@ -1,6 +1,6 @@
 SUBDIRS = .
 
-AM_CPPFLAGS = -ggdb \
+AM_CPPFLAGS = \
 -I$(top_srcdir)/src/daemon/https/includes \
 -I$(top_srcdir)/src/daemon \
 -I$(top_srcdir)/src/include
diff --git a/src/testcurl/https/daemon_https_test_get.c b/src/testcurl/https/daemon_https_test_get.c
index 9cfb7ec4..981fc705 100644
--- a/src/testcurl/https/daemon_https_test_get.c
+++ b/src/testcurl/https/daemon_https_test_get.c
@@ -21,7 +21,7 @@
 /**
  * @file daemon_HTTPS_test_get.c
  * @brief  Testcase for libmicrohttpd GET operations
- * @author lv-426
+ * @author Sagie Amir
  */
 
 #include "config.h"
@@ -43,6 +43,11 @@
 
 #define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>"
 
+#define MHD_E_SERVER_INIT "Error: failed to start server\n"
+#define MHD_E_TEST_FILE_CREAT "Error: failed to setup test file\n"
+#define MHD_E_CERT_FILE_CREAT "Error: failed to setup test certificate\n"
+#define MHD_E_KEY_FILE_CREAT "Error: failed to setup test certificate\n"
+
 /* Test Certificate */
 const char cert_pem[] =
   "-----BEGIN CERTIFICATE-----\n"
@@ -173,9 +178,8 @@ http_ahc (void *cls, struct MHD_Connection *connection,
  * @param test_fd: file to attempt transfering
  */
 static int
-test_HTTPS_Get (FILE * test_fd, char * cipher_suite, int proto_version)
+test_daemon_get (FILE * test_fd, char *cipher_suite, int proto_version)
 {
-  struct MHD_Daemon *d;
   CURL *c;
   struct CBC cbc;
   CURLcode errornum;
@@ -192,7 +196,7 @@ test_HTTPS_Get (FILE * test_fd, char * cipher_suite, int proto_version)
 
   mem_test_file_local = malloc (len);
   fseek (test_fd, 0, SEEK_SET);
-  if (fread (mem_test_file_local, sizeof(char), len, test_fd) != len)
+  if (fread (mem_test_file_local, sizeof (char), len, test_fd) != len)
     {
       fclose (test_fd);
       fprintf (stderr, "Error: failed to read test file. %s\n",
@@ -202,30 +206,20 @@ test_HTTPS_Get (FILE * test_fd, char * cipher_suite, int proto_version)
 
   if (NULL == (cbc.buf = malloc (sizeof (char) * len)))
     {
-         fclose (test_fd);
-         fprintf (stderr, "Error: failed to read test file. %s\n",
-                  strerror (errno));
-         return -1;
-       }
+      fclose (test_fd);
+      fprintf (stderr, "Error: failed to read test file. %s\n",
+               strerror (errno));
+      return -1;
+    }
   cbc.size = len;
   cbc.pos = 0;
 
-  /* setup test */
-  d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
-                        MHD_USE_DEBUG, 42433,
-                        NULL, NULL, &http_ahc, NULL,
-                        MHD_OPTION_HTTPS_MEM_KEY, key_pem,
-                        MHD_OPTION_HTTPS_MEM_CERT, cert_pem, MHD_OPTION_END);
-
-  if (d == NULL)
-    return 2;
-
   /* construct url - this might use doc_path */
   sprintf (url, "%s%s/%s", "https://localhost:42433",
            doc_path, test_file_name);
 
   c = curl_easy_init ();
-  //curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
+  // curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
   curl_easy_setopt (c, CURLOPT_URL, url);
   curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
   curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L);
@@ -252,36 +246,107 @@ test_HTTPS_Get (FILE * test_fd, char * cipher_suite, int proto_version)
       fprintf (stderr, "curl_easy_perform failed: `%s'\n",
                curl_easy_strerror (errornum));
       curl_easy_cleanup (c);
-      MHD_stop_daemon (d);
-      return 4;
+      return errornum;
     }
 
   curl_easy_cleanup (c);
-  MHD_stop_daemon (d);
 
   if (memcmp (cbc.buf, mem_test_file_local, len) != 0)
     {
-      fprintf (stderr, "Error: local file & received file differ. %s\n");
-      return 8;
+      fprintf (stderr, "Error: local file & received file differ.\n");
+      return -1;
     }
 
   return 0;
 }
 
+/* perform a HTTP GET request via SSL/TLS */
+int
+test_secure_get (FILE * test_fd, char *cipher_suite, int proto_version)
+{
+
+  int ret;
+  struct MHD_Daemon *d;
+  d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
+                        MHD_USE_DEBUG, 42433,
+                        NULL, NULL, &http_ahc, NULL,
+                        MHD_OPTION_HTTPS_MEM_KEY, key_pem,
+                        MHD_OPTION_HTTPS_MEM_CERT, cert_pem, MHD_OPTION_END);
+
+  if (d == NULL)
+    {
+      fprintf (stderr, MHD_E_SERVER_INIT);
+      return -1;
+    }
+
+  ret = test_daemon_get (test_fd, cipher_suite, proto_version);
+  MHD_stop_daemon (d);
+  return ret;
+}
+
+/* test server works with key & certificate files */
+int
+test_file_certificates (FILE * test_fd, char *cipher_suite, int proto_version)
+{
+  int ret;
+  struct MHD_Daemon *d;
+  FILE *cert_fd, *key_fd;
+  char cert_path[255], key_path[255];
+
+  sprintf (cert_path, "%s/%s", get_current_dir_name (), "cert.pem");
+  sprintf (key_path, "%s/%s", get_current_dir_name (), "key.pem");
+
+  if (NULL == (key_fd = fopen (key_path, "w+")))
+    {
+      fprintf (stderr, MHD_E_KEY_FILE_CREAT);
+      return -1;
+    }
+  if (NULL == (cert_fd = fopen (cert_path, "w+")))
+    {
+      fprintf (stderr, MHD_E_CERT_FILE_CREAT);
+      return -1;
+    }
+
+  fwrite (key_pem, strlen (key_pem), sizeof (char), key_fd);
+  fwrite (cert_pem, strlen (cert_pem), sizeof (char), cert_fd);
+  fclose (key_fd);
+  fclose (cert_fd);
+
+  d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
+                        MHD_USE_DEBUG, 42433,
+                        NULL, NULL, &http_ahc, NULL,
+                        MHD_OPTION_HTTPS_KEY_PATH, key_path,
+                        MHD_OPTION_HTTPS_CERT_PATH, cert_path,
+                        MHD_OPTION_END);
+
+  if (d == NULL)
+    {
+      fprintf (stderr, MHD_E_SERVER_INIT);
+      return -1;
+    }
+
+  ret = test_daemon_get (test_fd, cipher_suite, proto_version);
+  MHD_stop_daemon (d);
+
+  remove (cert_path);
+  remove (key_path);
+  return ret;
+}
+
 /* setup a temporary transfer test file */
 FILE *
 setupTestFile ()
 {
   FILE *test_fd;
 
-  if ( NULL == (test_fd = fopen (test_file_name, "w+")))
+  if (NULL == (test_fd = fopen (test_file_name, "w+")))
     {
       fprintf (stderr, "Error: failed to open `%s': %s\n",
                test_file_name, strerror (errno));
       return NULL;
     }
-  if (fwrite (test_file_data, sizeof(char), strlen (test_file_data), test_fd) !=
-      strlen (test_file_data))
+  if (fwrite (test_file_data, sizeof (char), strlen (test_file_data), test_fd)
+      != strlen (test_file_data))
     {
       fprintf (stderr, "Error: failed to write `%s. %s'\n",
                test_file_name, strerror (errno));
@@ -302,19 +367,27 @@ main (int argc, char *const *argv)
 {
   FILE *test_fd;
   unsigned int errorCount = 0;
-  if ((test_fd = setupTestFile ()) == NULL )
+
+  gnutls_global_set_log_level (0);
+
+  if ((test_fd = setupTestFile ()) == NULL)
     {
-      return 16;
+      fprintf (stderr, MHD_E_TEST_FILE_CREAT);
+      return -1;
     }
 
   if (0 != curl_global_init (CURL_GLOBAL_ALL))
     {
       fprintf (stderr, "Error (code: %u)\n", errorCount);
-      return 32;
+      return -1;
     }
 
-  errorCount += test_HTTPS_Get (test_fd, "AES256-SHA", CURL_SSLVERSION_SSLv3);
-  errorCount += test_HTTPS_Get (test_fd, "AES256-SHA", CURL_SSLVERSION_TLSv1);
+  errorCount +=
+    test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_TLSv1);
+  errorCount +=
+    test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_SSLv3);
+  errorCount +=
+    test_file_certificates (test_fd, "AES256-SHA", CURL_SSLVERSION_TLSv1);
 
   if (errorCount != 0)
     fprintf (stderr, "Error (code: %u)\n", errorCount);
@@ -322,6 +395,7 @@ main (int argc, char *const *argv)
   curl_global_cleanup ();
   fclose (test_fd);
 
-  
+  remove (test_file_name);
+
   return errorCount != 0;
 }
diff --git a/src/testcurl/https/mhds_test_session_info.c b/src/testcurl/https/mhds_test_session_info.c
index c7aa3317..35266a19 100644
--- a/src/testcurl/https/mhds_test_session_info.c
+++ b/src/testcurl/https/mhds_test_session_info.c
@@ -21,7 +21,7 @@
 /**
  * @file mhds_test_session_info.c
  * @brief  Testcase for libmicrohttpd GET operations
- * @author lv-426
+ * @author Sagie Amir
  */
 
 #include "config.h"