29 files changed, 1 insertions, 3086 deletions
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h
index 74e62ef4..f779e1b9 100644
--- a/src/daemon/https/gnutls.h
+++ b/src/daemon/https/gnutls.h
@@ -239,48 +239,15 @@ extern "C"
  enum MHD_GNUTLS_CompressionMethod
    MHD_gtls_compression_get (MHD_gtls_session_t session);
-//  enum MHD_GNUTLS_CipherAlgorithm MHD_gnutls_cipher_get (MHD_gtls_session_t session);
-//  enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gnutls_kx_get (MHD_gtls_session_t session);
-//  enum MHD_GNUTLS_HashAlgorithm MHD_gnutls_mac_get (MHD_gtls_session_t session);
-//  enum MHD_GNUTLS_CertificateType MHD_gnutls_certificate_type_get (MHD_gtls_session_t
-//                                                         session);
  size_t MHD__gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm
                                          algorithm);
-  size_t MHD__gnutls_mac_get_key_size (enum MHD_GNUTLS_HashAlgorithm
-                                       algorithm);
 /* the name of the specified algorithms */
-  const char *MHD__gnutls_cipher_get_name (enum MHD_GNUTLS_CipherAlgorithm
-                                           algorithm);
-  const char *MHD__gnutls_mac_get_name (enum MHD_GNUTLS_HashAlgorithm
-                                        algorithm);
  const char *MHD_gtls_compression_get_name (enum
                                             MHD_GNUTLS_CompressionMethod
                                             algorithm);
-  const char *MHD__gnutls_kx_get_name (enum MHD_GNUTLS_KeyExchangeAlgorithm
-                                       algorithm);
-  const char *MHD__gnutls_certificate_type_get_name (enum
-                                                     MHD_GNUTLS_CertificateType
-                                                     type);
-  enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name);
  enum MHD_GNUTLS_CompressionMethod MHD_gtls_compression_get_id (const char
                                                                 *name);
-  enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name);
-  enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_kx_get_id (const char *name);
-  enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char *name);
-  enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char
-                                                                    *name);
-  /* list supported algorithms */
-  const enum MHD_GNUTLS_CipherAlgorithm *MHD_gtls_cipher_list (void);
-  const enum MHD_GNUTLS_HashAlgorithm *MHD_gtls_mac_list (void);
-  const enum MHD_GNUTLS_CompressionMethod *MHD_gtls_compression_list (void);
-  const enum MHD_GNUTLS_Protocol *MHD_gtls_protocol_list (void);
-  const enum MHD_GNUTLS_CertificateType
-    *MHD_gtls_certificate_type_list (void);
-  const enum MHD_GNUTLS_KeyExchangeAlgorithm *MHD_gtls_kx_list (void);
  /* error functions */
  int MHD_gtls_error_is_fatal (int error);
@@ -288,8 +255,6 @@ extern "C"
  void MHD_gtls_perror (int error);
  const char *MHD_gtls_strerror (int error);
-  void MHD_gtls_handshake_set_private_extensions (MHD_gtls_session_t session,
-                                                  int allow);
 /*
 * Record layer functions.
 */
@@ -299,25 +264,7 @@ extern "C"
                                   size_t sizeofdata);
  /* provides extra compatibility */
-  void MHD_gtls_record_disable_padding (MHD_gtls_session_t session);
-  size_t MHD_gtls_record_check_pending (MHD_gtls_session_t session);
  int MHD__gnutls_record_get_direction (MHD_gtls_session_t session);
-  size_t MHD__gnutls_record_get_max_size (MHD_gtls_session_t session);
-  ssize_t MHD__gnutls_record_set_max_size (MHD_gtls_session_t session,
-                                           size_t size);
-  int MHD__gnutls_prf (MHD_gtls_session_t session,
-                       size_t label_size, const char *label,
-                       int server_random_first,
-                       size_t extra_size, const char *extra,
-                       size_t outsize, char *out);
-  int MHD__gnutls_prf_raw (MHD_gtls_session_t session,
-                           size_t label_size, const char *label,
-                           size_t seed_size, const char *seed,
-                           size_t outsize, char *out);
 /*
 * TLS Extensions
@@ -327,22 +274,10 @@ extern "C"
    GNUTLS_NAME_DNS = 1
  } MHD_gnutls_server_name_type_t;
-  int MHD__gnutls_server_name_set (MHD_gtls_session_t session,
-                                   MHD_gnutls_server_name_type_t type,
-                                   const void *name, size_t name_length);
-  int MHD__gnutls_server_name_get (MHD_gtls_session_t session,
-                                   void *data, size_t * data_length,
-                                   unsigned int *type, unsigned int indx);
  /* Opaque PRF Input
   * http://tools.ietf.org/id/draft-rescorla-tls-opaque-prf-input-00.txt
   */
-  void
-    MHD_gtls_oprfi_enable_client (MHD_gtls_session_t session,
-                                  size_t len, unsigned char *data);
  typedef int (*MHD_gnutls_oprfi_callback_func) (MHD_gtls_session_t session,
                                                 void *userdata,
                                                 size_t oprfi_len,
@@ -350,32 +285,12 @@ extern "C"
                                                 *in_oprfi,
                                                 unsigned char *out_oprfi);
-  void
-    MHD_gtls_oprfi_enable_server (MHD_gtls_session_t session,
-                                  MHD_gnutls_oprfi_callback_func cb,
-                                  void *userdata);
  /* Supplemental data, RFC 4680. */
  typedef enum
  {
    GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0
  } MHD_gnutls_supplemental_data_format_type_t;
-  const char *MHD_gtls_supplemental_get_name
-    (MHD_gnutls_supplemental_data_format_type_t type);
-  int MHD__gnutls_cipher_set_priority (MHD_gtls_session_t session,
-                                       const int *list);
-  int MHD__gnutls_mac_set_priority (MHD_gtls_session_t session,
-                                    const int *list);
-  int MHD__gnutls_compression_set_priority (MHD_gtls_session_t session,
-                                            const int *list);
-  int MHD__gnutls_kx_set_priority (MHD_gtls_session_t session,
-                                   const int *list);
-  int MHD__gnutls_protocol_set_priority (MHD_gtls_session_t session,
-                                         const int *list);
-  int MHD__gnutls_certificate_type_set_priority (MHD_gtls_session_t session,
-                                                 const int *list);
  int MHD_tls_set_default_priority (MHD_gnutls_priority_t *,
                                    const char *priority,
@@ -392,38 +307,8 @@ extern "C"
  enum MHD_GNUTLS_Protocol
    MHD__gnutls_protocol_get_version (MHD_gtls_session_t session);
-  const char *MHD__gnutls_protocol_get_name (enum MHD_GNUTLS_Protocol
-                                             version);
-/*
- * get/set session
- */
-//  int MHD_gnutls_session_set_data (MHD_gtls_session_t session,
-//                               const void *session_data,
-//                               size_t session_data_size);
-//  int MHD_gnutls_session_get_data (MHD_gtls_session_t session, void *session_data,
-//                               size_t * session_data_size);
-//  int MHD_gnutls_session_get_data2 (MHD_gtls_session_t session,
-//                                MHD_gnutls_datum_t * data);
-  int MHD_gtls_session_get_id (MHD_gtls_session_t session, void *session_id,
-                               size_t * session_id_size);
-/* returns security values.
- * Do not use them unless you know what you're doing.
- */
-  const void *MHD_gtls_session_get_server_random (MHD_gtls_session_t session);
-  const void *MHD_gtls_session_get_client_random (MHD_gtls_session_t session);
-  const void *MHD_gtls_session_get_master_secret (MHD_gtls_session_t session);
-  int MHD_gtls_session_is_resumed (MHD_gtls_session_t session);
  typedef
    int (*MHD_gnutls_handshake_post_client_hello_func) (MHD_gtls_session_t);
-  void
-    MHD__gnutls_handshake_set_post_client_hello_function (MHD_gtls_session_t,
-                                                          MHD_gnutls_handshake_post_client_hello_func);
  void MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t
                                                    session, size_t max);
@@ -490,17 +375,6 @@ extern "C"
  struct MHD_gnutls_x509_crt_int;
  typedef struct MHD_gnutls_x509_crt_int *MHD_gnutls_x509_crt_t;
-//  int MHD_gnutls_certificate_set_x509_key (MHD_gtls_cert_credentials_t res,
-//                                       MHD_gnutls_x509_crt_t * cert_list,
-//                                       int cert_list_size,
-//                                       MHD_gnutls_x509_privkey_t key);
-//  int MHD_gnutls_certificate_set_x509_trust (MHD_gtls_cert_credentials_t res,
-//                                         MHD_gnutls_x509_crt_t * ca_list,
-//                                         int ca_list_size);
-//  int MHD_gnutls_certificate_set_x509_crl (MHD_gtls_cert_credentials_t res,
-//                                       MHD_gnutls_x509_crl_t * crl_list,
-//                                       int crl_list_size);
 /* global state functions
 */
@@ -518,8 +392,6 @@ extern "C"
  extern MHD_gnutls_calloc_function MHD_gnutls_calloc;
  extern MHD_gnutls_free_function MHD_gnutls_free;
-  extern char *(*MHD_gnutls_strdup) (const char *);
  typedef void (*MHD_gnutls_log_func) (int, const char *);
  void MHD_gtls_global_set_log_function (MHD_gnutls_log_func log_func);
  void MHD_gtls_global_set_log_level (int level);
@@ -549,10 +421,6 @@ extern "C"
                                         const void *, size_t);
  void MHD__gnutls_transport_set_ptr (MHD_gtls_session_t session,
                                      MHD_gnutls_transport_ptr_t ptr);
-  void MHD__gnutls_transport_set_ptr2 (MHD_gtls_session_t session,
-                                       MHD_gnutls_transport_ptr_t recv_ptr,
-                                       MHD_gnutls_transport_ptr_t send_ptr);
  void MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num);
@@ -561,15 +429,6 @@ extern "C"
  void MHD__gnutls_transport_set_pull_function (MHD_gtls_session_t session,
                                                MHD_gtls_pull_func pull_func);
-  void MHD__gnutls_transport_set_errno (MHD_gtls_session_t session, int err);
-  void MHD__gnutls_transport_set_global_errno (int err);
-/*
- * session specific
- */
-  void MHD__gnutls_session_set_ptr (MHD_gtls_session_t session, void *ptr);
-  void *MHD_gtls_session_get_ptr (MHD_gtls_session_t session);
  typedef enum MHD_gnutls_x509_subject_alt_name_t
  {
    GNUTLS_SAN_DNSNAME = 1,
@@ -620,11 +479,6 @@ extern "C"
   */
  enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_get_type (MHD_gtls_session_t
                                                          session);
-  enum MHD_GNUTLS_CredentialsType
-    MHD_gtls_auth_server_get_type (MHD_gtls_session_t session);
-  enum MHD_GNUTLS_CredentialsType
-    MHD_gtls_auth_client_get_type (MHD_gtls_session_t session);
  /*
   * DH
   */
@@ -640,25 +494,6 @@ extern "C"
                                       const MHD_gnutls_datum_t * hash,
                                       MHD_gnutls_datum_t * signature);
-  void MHD_gtls_sign_callback_set (MHD_gtls_session_t session,
-                                   MHD_gnutls_sign_func sign_func,
-                                   void *userdata);
-  MHD_gnutls_sign_func MHD_gtls_sign_callback_get (MHD_gtls_session_t session,
-                                                   void **userdata);
-  /* These are set on the credentials structure.
-   */
-  void MHD_gtls_certificate_client_set_retrieve_function
-    (MHD_gtls_cert_credentials_t cred,
-     MHD_gnutls_certificate_client_retrieve_function * func);
-  void MHD_gtls_certificate_server_set_retrieve_function
-    (MHD_gtls_cert_credentials_t cred,
-     MHD_gnutls_certificate_server_retrieve_function * func);
-  void MHD_gtls_certificate_server_set_request (MHD_gtls_session_t session,
-                                                MHD_gnutls_certificate_request_t
-                                                req);
  int MHD_gtls_pem_base64_encode (const char *msg,
                                  const MHD_gnutls_datum_t * data,
                                  char *result, size_t * result_size);
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am
index 77dee4a4..6902fd9b 100644
--- a/src/daemon/https/tls/Makefile.am
+++ b/src/daemon/https/tls/Makefile.am
@@ -54,8 +54,6 @@ gnutls_pk.c \
 gnutls_priority.c \
 gnutls_record.c \
 gnutls_rsa_export.c \
-gnutls_session.c \
-gnutls_session_pack.c \
 gnutls_sig.c \
 gnutls_state.c \
 gnutls_str.c \
@@ -97,7 +95,6 @@ gnutls_num.h \
 gnutls_pk.h \
 gnutls_record.h \
 gnutls_rsa_export.h \
-gnutls_session_pack.h \
 gnutls_sig.h \
 gnutls_state.h \
 gnutls_str.h \
diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c
index d0191f24..7b04e9d4 100644
--- a/src/daemon/https/tls/auth_cert.c
+++ b/src/daemon/https/tls/auth_cert.c
@@ -639,7 +639,7 @@ MHD_gtls_gen_cert_server_certificate (MHD_gtls_session_t session,
 */
 #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) MHD_gtls_gcert_deinit(&peer_certificate_list[x])
-int
+static int
 MHD_gtls_proc_x509_server_certificate (MHD_gtls_session_t session,
                                       opaque * data, size_t data_size)
 {
diff --git a/src/daemon/https/tls/debug.c b/src/daemon/https/tls/debug.c
index a0a4953a..c1634515 100644
--- a/src/daemon/https/tls/debug.c
+++ b/src/daemon/https/tls/debug.c
@@ -94,14 +94,3 @@ MHD__gnutls_handshake2str (MHD_gnutls_handshake_description_t handshake)
    }
 }
-void
-MHD__gnutls_dump_mpi (const char *prefix, mpi_t a)
-{
-  opaque buf[1024];
-  size_t n = sizeof buf;
-  if (gcry_mpi_print (GCRYMPI_FMT_HEX, buf, n, &n, a))
-    strcpy ((char *) buf, "[can't print value]");       /* Flawfinder: ignore */
-  MHD__gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (n - 1) / 2, prefix,
-                        buf);
-}
diff --git a/src/daemon/https/tls/debug.h b/src/daemon/https/tls/debug.h
index 0ecce182..ba1f1006 100644
--- a/src/daemon/https/tls/debug.h
+++ b/src/daemon/https/tls/debug.h
@@ -25,4 +25,3 @@
 const char *MHD__gnutls_packet2str (content_type_t packet);
 const char *MHD__gnutls_handshake2str (MHD_gnutls_handshake_description_t
                                       handshake);
-void MHD__gnutls_dump_mpi (const char *prefix, mpi_t a);
diff --git a/src/daemon/https/tls/ext_oprfi.c b/src/daemon/https/tls/ext_oprfi.c
index 8b245404..060155e4 100644
--- a/src/daemon/https/tls/ext_oprfi.c
+++ b/src/daemon/https/tls/ext_oprfi.c
@@ -215,52 +215,3 @@ MHD_gtls_oprfi_send_params (MHD_gtls_session_t session,
    return oprfi_send_server (session, data, data_size);
 }
-/**
- * MHD_gtls_oprfi_enable_client:
- * @session: is a #MHD_gtls_session_t structure.
- * @len: length of Opaque PRF data to use in client.
- * @data: Opaque PRF data to use in client.
- *
- * Request that the client should attempt to negotiate the Opaque PRF
- * Input TLS extension, using the given data as the client's Opaque
- * PRF input.
- *
- * The data is copied into the session context after this call, so you
- * may de-allocate it immediately after calling this function.
- **/
-void
-MHD_gtls_oprfi_enable_client (MHD_gtls_session_t session,
-                              size_t len, unsigned char *data)
-{
-  session->security_parameters.extensions.oprfi_client_len = len;
-  session->security_parameters.extensions.oprfi_client = data;
-}
-/**
- * MHD_gtls_oprfi_enable_server:
- * @session: is a #MHD_gtls_session_t structure.
- * @cb: function pointer to Opaque PRF extension server callback.
- * @userdata: hook passed to callback function for passing application state.
- *
- * Request that the server should attempt to accept the Opaque PRF
- * Input TLS extension.  If the client requests the extension, the
- * provided callback @cb will be invoked.  The callback must have the
- * following prototype:
- *
- * int callback (MHD_gtls_session_t session, void *userdata,
- *               size_t oprfi_len, const unsigned char *in_oprfi,
- *               unsigned char *out_oprfi);
- *
- * The callback can inspect the client-provided data in the input
- * parameters, and specify its own opaque prf input data in the output
- * variable.  The function must return 0 on success, otherwise the
- * handshake will be aborted.
- **/
-void
-MHD_gtls_oprfi_enable_server (MHD_gtls_session_t session,
-                              MHD_gnutls_oprfi_callback_func cb,
-                              void *userdata)
-{
-  session->security_parameters.extensions.oprfi_cb = cb;
-  session->security_parameters.extensions.oprfi_userdata = userdata;
-}
diff --git a/src/daemon/https/tls/ext_server_name.c b/src/daemon/https/tls/ext_server_name.c
index 1e3cab02..d7f945d6 100644
--- a/src/daemon/https/tls/ext_server_name.c
+++ b/src/daemon/https/tls/ext_server_name.c
@@ -209,122 +209,3 @@ MHD_gtls_server_name_send_params (MHD_gtls_session_t session,
  return total_size;
 }
-/**
-  * MHD__gnutls_server_name_get - Used to get the server name indicator send by a client
-  * @session: is a #MHD_gtls_session_t structure.
-  * @data: will hold the data
-  * @data_length: will hold the data length. Must hold the maximum size of data.
-  * @type: will hold the server name indicator type
-  * @indx: is the index of the server_name
-  *
-  * This function will allow you to get the name indication (if any),
-  * a client has sent. The name indication may be any of the enumeration
-  * MHD_gnutls_server_name_type_t.
-  *
-  * If @type is GNUTLS_NAME_DNS, then this function is to be used by servers
-  * that support virtual hosting, and the data will be a null terminated UTF-8 string.
-  *
-  * If @data has not enough size to hold the server name GNUTLS_E_SHORT_MEMORY_BUFFER
-  * is returned, and @data_length will hold the required size.
-  *
-  * @index is used to retrieve more than one server names (if sent by the client).
-  * The first server name has an index of 0, the second 1 and so on. If no name with the given
-  * index exists GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
-  *
-  **/
-int
-MHD__gnutls_server_name_get (MHD_gtls_session_t session, void *data,
-                             size_t * data_length,
-                             unsigned int *type, unsigned int indx)
-{
-  char *_data = data;
-#if MHD_DEBUG_TLS
-  if (session->security_parameters.entity == GNUTLS_CLIENT)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-#endif
-  if (indx + 1 > session->security_parameters.extensions.server_names_size)
-    {
-      return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-    }
-  *type = session->security_parameters.extensions.server_names[indx].type;
-  if (*data_length >            /* greater since we need one extra byte for the null */
-      session->security_parameters.extensions.server_names[indx].name_length)
-    {
-      *data_length =
-        session->security_parameters.extensions.
-        server_names[indx].name_length;
-      memcpy (data,
-              session->security_parameters.extensions.server_names[indx].name,
-              *data_length);
-      if (*type == GNUTLS_NAME_DNS)     /* null terminate */
-        _data[(*data_length)] = 0;
-    }
-  else
-    {
-      *data_length =
-        session->security_parameters.extensions.
-        server_names[indx].name_length;
-      return GNUTLS_E_SHORT_MEMORY_BUFFER;
-    }
-  return 0;
-}
-/**
-  * MHD__gnutls_server_name_set - Used to set a name indicator to be sent as an extension
-  * @session: is a #MHD_gtls_session_t structure.
-  * @type: specifies the indicator type
-  * @name: is a string that contains the server name.
-  * @name_length: holds the length of name
-  *
-  * This function is to be used by clients that want to inform
-  * (via a TLS extension mechanism) the server of the name they
-  * connected to. This should be used by clients that connect
-  * to servers that do virtual hosting.
-  *
-  * The value of @name depends on the @ind type. In case of GNUTLS_NAME_DNS,
-  * an ASCII or UTF-8 null terminated string, without the trailing dot, is expected.
-  * IPv4 or IPv6 addresses are not permitted.
-  *
-  **/
-int
-MHD__gnutls_server_name_set (MHD_gtls_session_t session,
-                             MHD_gnutls_server_name_type_t type,
-                             const void *name, size_t name_length)
-{
-  int server_names;
-  if (session->security_parameters.entity == GNUTLS_SERVER)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  if (name_length > MAX_SERVER_NAME_SIZE)
-    return GNUTLS_E_SHORT_MEMORY_BUFFER;
-  server_names =
-    session->security_parameters.extensions.server_names_size + 1;
-  if (server_names > MAX_SERVER_NAME_EXTENSIONS)
-    server_names = MAX_SERVER_NAME_EXTENSIONS;
-  session->security_parameters.extensions.server_names[server_names -
-                                                       1].type = type;
-  memcpy (session->security_parameters.
-          extensions.server_names[server_names - 1].name, name, name_length);
-  session->security_parameters.extensions.server_names[server_names -
-                                                       1].name_length =
-    name_length;
-  session->security_parameters.extensions.server_names_size++;
-  return 0;
-}
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c
index 02be3637..876d860c 100644
--- a/src/daemon/https/tls/gnutls_algorithms.c
+++ b/src/daemon/https/tls/gnutls_algorithms.c
@@ -54,15 +54,6 @@ static const MHD_gnutls_cred_map MHD_gtls_cred_mappings[] = {
  {MHD_GNUTLS_KX_DHE_RSA,
   MHD_GNUTLS_CRD_CERTIFICATE,
   MHD_GNUTLS_CRD_CERTIFICATE},
-  {MHD_GNUTLS_KX_SRP,
-   MHD_GNUTLS_CRD_SRP,
-   MHD_GNUTLS_CRD_SRP},
-  {MHD_GNUTLS_KX_SRP_RSA,
-   MHD_GNUTLS_CRD_SRP,
-   MHD_GNUTLS_CRD_CERTIFICATE},
-  {MHD_GNUTLS_KX_SRP_DSS,
-   MHD_GNUTLS_CRD_SRP,
-   MHD_GNUTLS_CRD_CERTIFICATE},
  {0,
   0,
   0}
@@ -423,17 +414,6 @@ static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = {
   &MHD_gtls_dhe_dss_auth_struct,
   1,
   0},
-#ifdef ENABLE_SRP
-  {"SRP-DSS", MHD_GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0, 0},
-  {"SRP-RSA", MHD_GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0, 0},
-  {"SRP", MHD_GNUTLS_KX_SRP, &srp_auth_struct, 0, 0},
-#endif
-#ifdef ENABLE_PSK
-  {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0, 0},
-  {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
-   1 /* needs DHE params */ , 0},
-#endif
  {0,
   0,
   0,
@@ -448,15 +428,6 @@ static const enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_supported_kxs[] =
  MHD_GNUTLS_KX_RSA_EXPORT,
  MHD_GNUTLS_KX_DHE_RSA,
  MHD_GNUTLS_KX_DHE_DSS,
-#ifdef ENABLE_SRP
-  MHD_GNUTLS_KX_SRP_DSS,
-  MHD_GNUTLS_KX_SRP_RSA,
-  MHD_GNUTLS_KX_SRP,
-#endif
-#ifdef ENABLE_PSK
-  GNUTLS_KX_PSK,
-  GNUTLS_KX_DHE_PSK,
-#endif
  0
 };
@@ -728,105 +699,6 @@ MHD_gtls_mac_priority (MHD_gtls_session_t session,
  return -1;
 }
-/**
- * MHD__gnutls_mac_get_name - Returns a string with the name of the specified mac algorithm
- * @algorithm: is a MAC algorithm
- *
- * Returns: a string that contains the name of the specified MAC
- * algorithm, or %NULL.
- **/
-const char *
-MHD__gnutls_mac_get_name (enum MHD_GNUTLS_HashAlgorithm algorithm)
-{
-  const char *ret = NULL;
-  /* avoid prefix */
-  GNUTLS_HASH_ALG_LOOP (ret = p->name);
-  return ret;
-}
-/**
- * MHD_gtls_mac_get_id - Returns the gnutls id of the specified in string algorithm
- * @algorithm: is a MAC algorithm name
- *
- * Returns: an %enum MHD_GNUTLS_HashAlgorithmid of the specified in a string
- * MAC algorithm, or %GNUTLS_MAC_UNKNOWN on failures.  The names are
- * compared in a case insensitive way.
- **/
-enum MHD_GNUTLS_HashAlgorithm
-MHD_gtls_mac_get_id (const char *name)
-{
-  enum MHD_GNUTLS_HashAlgorithm ret = MHD_GNUTLS_MAC_UNKNOWN;
-  GNUTLS_HASH_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id)
-    ;
-  return ret;
-}
-/**
- * MHD__gnutls_mac_get_key_size - Returns the length of the MAC's key size
- * @algorithm: is an encryption algorithm
- *
- * Returns: length (in bytes) of the given MAC key size, or 0 if the
- * given MAC algorithm is invalid.
- *
- **/
-size_t
-MHD__gnutls_mac_get_key_size (enum MHD_GNUTLS_HashAlgorithm algorithm)
-{
-  size_t ret = 0;
-  /* avoid prefix */
-  GNUTLS_HASH_ALG_LOOP (ret = p->key_size);
-  return ret;
-}
-/**
- * MHD_gtls_mac_list:
- *
- * Get a list of hash algorithms for use as MACs.  Note that not
- * necessarily all MACs are supported in TLS cipher suites.  For
- * example, MD2 is not supported as a cipher suite, but is supported
- * for other purposes (e.g., X.509 signature verification or similar).
- *
- * Returns: Return a zero-terminated list of %enum MHD_GNUTLS_HashAlgorithm
- * integers indicating the available MACs.
- **/
-const enum MHD_GNUTLS_HashAlgorithm *
-MHD_gtls_mac_list (void)
-{
-  return MHD_gtls_supported_macs;
-}
-const char *
-MHD_gtls_x509_mac_to_oid (enum MHD_GNUTLS_HashAlgorithm algorithm)
-{
-  const char *ret = NULL;
-  /* avoid prefix */
-  GNUTLS_HASH_ALG_LOOP (ret = p->oid);
-  return ret;
-}
-enum MHD_GNUTLS_HashAlgorithm
-MHD_gtls_x509_oid2mac_algorithm (const char *oid)
-{
-  enum MHD_GNUTLS_HashAlgorithm ret = 0;
-  GNUTLS_HASH_LOOP (if (p->oid && strcmp (oid, p->oid) == 0)
-                    {
-                    ret = p->id; break;}
-  )
-    ;
-  if (ret == 0)
-    return MHD_GNUTLS_MAC_UNKNOWN;
-  return ret;
-}
 int
 MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm)
@@ -840,20 +712,6 @@ MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm)
  return ret;
 }
-/* Compression Functions */
-int
-MHD_gtls_compression_priority (MHD_gtls_session_t session,
-                               enum MHD_GNUTLS_CompressionMethod algorithm)
-{                               /* actually returns the priority */
-  unsigned int i;
-  for (i = 0; i < session->internals.priorities.compression.num_algorithms;
-       i++)
-    {
-      if (session->internals.priorities.compression.priority[i] == algorithm)
-        return i;
-    }
-  return -1;
-}
 /**
 * MHD__gnutls_compression_get_name - Returns a string with the name of the specified compression algorithm
@@ -897,21 +755,6 @@ MHD_gtls_compression_get_id (const char *name)
  return ret;
 }
-/**
- * MHD_gtls_compression_list:
- *
- * Get a list of compression methods.  Note that to be able to use LZO
- * compression, you must link to libgnutls-extra and call
- * MHD_gnutls_global_init_extra().
- *
- * Returns: a zero-terminated list of %enum MHD_GNUTLS_CompressionMethod
- * integers indicating the available compression methods.
- **/
-const enum MHD_GNUTLS_CompressionMethod *
-MHD_gtls_compression_list (void)
-{
-  return MHD_gtls_supported_compressions;
-}
 /* return the tls number of the specified algorithm */
 int
@@ -1048,62 +891,6 @@ MHD_gtls_cipher_get_export_flag (enum MHD_GNUTLS_CipherAlgorithm algorithm)
 }
-/**
- * MHD__gnutls_cipher_get_name - Returns a string with the name of the specified cipher algorithm
- * @algorithm: is an encryption algorithm
- *
- * Returns: a pointer to a string that contains the name of the
- *   specified cipher, or %NULL.
- **/
-const char *
-MHD__gnutls_cipher_get_name (enum MHD_GNUTLS_CipherAlgorithm algorithm)
-{
-  const char *ret = NULL;
-  /* avoid prefix */
-  GNUTLS_ALG_LOOP (ret = p->name);
-  return ret;
-}
-/**
- * MHD_gtls_cipher_get_id - Returns the gnutls id of the specified in string algorithm
- * @algorithm: is a MAC algorithm name
- *
- * The names are compared in a case insensitive way.
- *
- * Returns: an id of the specified cipher, or %GNUTLS_CIPHER_UNKNOWN
- * on error.
- *
- **/
-enum MHD_GNUTLS_CipherAlgorithm
-MHD_gtls_cipher_get_id (const char *name)
-{
-  enum MHD_GNUTLS_CipherAlgorithm ret = MHD_GNUTLS_CIPHER_UNKNOWN;
-  GNUTLS_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id)
-    ;
-  return ret;
-}
-/**
- * MHD_gtls_cipher_list:
- *
- * Get a list of supported cipher algorithms.  Note that not
- * necessarily all ciphers are supported as TLS cipher suites.  For
- * example, DES is not supported as a cipher suite, but is supported
- * for other purposes (e.g., PKCS#8 or similar).
- *
- * Returns: a zero-terminated list of %enum MHD_GNUTLS_CipherAlgorithm
- * integers indicating the available ciphers.
- *
- **/
-const enum MHD_GNUTLS_CipherAlgorithm *
-MHD_gtls_cipher_list (void)
-{
-  return MHD_gtls_supported_ciphers;
-}
 int
 MHD_gtls_cipher_is_ok (enum MHD_GNUTLS_CipherAlgorithm algorithm)
@@ -1140,57 +927,6 @@ MHD_gtls_kx_priority (MHD_gtls_session_t session,
  return -1;
 }
-/**
- * MHD__gnutls_kx_get_name - Returns a string with the name of the specified key exchange algorithm
- * @algorithm: is a key exchange algorithm
- *
- * Returns: a pointer to a string that contains the name of the
- * specified key exchange algorithm, or %NULL.
- **/
-const char *
-MHD__gnutls_kx_get_name (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm)
-{
-  const char *ret = NULL;
-  /* avoid prefix */
-  GNUTLS_KX_ALG_LOOP (ret = p->name);
-  return ret;
-}
-/**
- * MHD_gtls_kx_get_id - Returns the gnutls id of the specified in string algorithm
- * @algorithm: is a KX name
- *
- * The names are compared in a case insensitive way.
- *
- * Returns: an id of the specified KX algorithm, or
- * %GNUTLS_KX_UNKNOWN on error.
- **/
-enum MHD_GNUTLS_KeyExchangeAlgorithm
-MHD_gtls_kx_get_id (const char *name)
-{
-  enum MHD_GNUTLS_CipherAlgorithm ret = MHD_GNUTLS_KX_UNKNOWN;
-  GNUTLS_KX_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->algorithm)
-    ;
-  return ret;
-}
-/**
- * MHD_gtls_kx_list:
- *
- * Get a list of supported key exchange algorithms.
- *
- * Returns: a zero-terminated list of %enum MHD_GNUTLS_KeyExchangeAlgorithm integers
- * indicating the available key exchange algorithms.
- **/
-const enum MHD_GNUTLS_KeyExchangeAlgorithm *
-MHD_gtls_kx_list (void)
-{
-  return MHD_gtls_supported_kxs;
-}
 int
 MHD_gtls_kx_is_ok (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm)
@@ -1241,28 +977,6 @@ MHD_gtls_version_priority (MHD_gtls_session_t session,
  return -1;
 }
-enum MHD_GNUTLS_Protocol
-MHD_gtls_version_lowest (MHD_gtls_session_t session)
-{                               /* returns the lowest version supported */
-  unsigned int i, min = 0xff;
-  if (session->internals.priorities.protocol.priority == NULL)
-    {
-      return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN;
-    }
-  else
-    for (i = 0; i < session->internals.priorities.protocol.num_algorithms;
-         i++)
-      {
-        if (session->internals.priorities.protocol.priority[i] < min)
-          min = session->internals.priorities.protocol.priority[i];
-      }
-  if (min == 0xff)
-    return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; /* unknown version */
-  return min;
-}
 enum MHD_GNUTLS_Protocol
 MHD_gtls_version_max (MHD_gtls_session_t session)
@@ -1287,58 +1001,6 @@ MHD_gtls_version_max (MHD_gtls_session_t session)
  return max;
 }
-/**
- * MHD__gnutls_protocol_get_name - Returns a string with the name of the specified SSL/TLS version
- * @version: is a (gnutls) version number
- *
- * Returns: a string that contains the name of the specified TLS
- * version (e.g., "TLS 1.0"), or %NULL.
- **/
-const char *
-MHD__gnutls_protocol_get_name (enum MHD_GNUTLS_Protocol version)
-{
-  const char *ret = NULL;
-  /* avoid prefix */
-  GNUTLS_VERSION_ALG_LOOP (ret = p->name);
-  return ret;
-}
-/**
- * MHD_gtls_protocol_get_id - Returns the gnutls id of the specified in string protocol
- * @algorithm: is a protocol name
- *
- * The names are compared in a case insensitive way.
- *
- * Returns: an id of the specified protocol, or
- * %GNUTLS_VERSION_UNKNOWN on error.
- **/
-enum MHD_GNUTLS_Protocol
-MHD_gtls_protocol_get_id (const char *name)
-{
-  enum MHD_GNUTLS_Protocol ret = MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN;
-  GNUTLS_VERSION_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id)
-    ;
-  return ret;
-}
-/**
- * MHD_gtls_protocol_list:
- *
- * Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc.
- *
- * Returns: a zero-terminated list of %enum MHD_GNUTLS_Protocol integers
- * indicating the available protocols.
- *
- **/
-const enum MHD_GNUTLS_Protocol *
-MHD_gtls_protocol_list (void)
-{
-  return MHD_gtls_supported_protocols;
-}
 int
 MHD_gtls_version_get_minor (enum MHD_GNUTLS_Protocol version)
 {
@@ -1386,23 +1048,6 @@ MHD_gtls_version_is_supported (MHD_gtls_session_t session,
    return 1;
 }
-/* Type to KX mappings */
-enum MHD_GNUTLS_KeyExchangeAlgorithm
-MHD_gtls_map_kx_get_kx (enum MHD_GNUTLS_CredentialsType type, int server)
-{
-  enum MHD_GNUTLS_KeyExchangeAlgorithm ret = -1;
-  if (server)
-    {
-      GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm);
-    }
-  else
-    {
-      GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm);
-    }
-  return ret;
-}
 enum MHD_GNUTLS_CredentialsType
 MHD_gtls_map_kx_get_cred (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm,
                          int server)
@@ -1807,62 +1452,12 @@ MHD_gtls_supported_compression_methods (MHD_gtls_session_t session,
  return j;
 }
-/**
- * MHD__gnutls_certificate_type_get_name - Returns a string with the name of the specified certificate type
- * @type: is a certificate type
- *
- * Returns: a string (or %NULL) that contains the name of the
- * specified certificate type.
- **/
-const char *
-MHD__gnutls_certificate_type_get_name (enum MHD_GNUTLS_CertificateType type)
-{
-  const char *ret = NULL;
-  if (type == MHD_GNUTLS_CRT_X509)
-    ret = "X.509";
-  return ret;
-}
-/**
- * MHD_gtls_certificate_type_get_id - Returns the gnutls id of the specified in string type
- * @name: is a certificate type name
- *
- * The names are compared in a case insensitive way.
- *
- * Returns: an id of the specified in a string certificate type, or
- * %GNUTLS_CRT_UNKNOWN on error.
- **/
-enum MHD_GNUTLS_CertificateType
-MHD_gtls_certificate_type_get_id (const char *name)
-{
-  enum MHD_GNUTLS_CertificateType ret = MHD_GNUTLS_CRT_UNKNOWN;
-  if (strcasecmp (name, "X.509") == 0 || strcasecmp (name, "X509") == 0)
-    return MHD_GNUTLS_CRT_X509;
-  return ret;
-}
 static const enum MHD_GNUTLS_CertificateType
  MHD_gtls_supported_certificate_types[] =
 { MHD_GNUTLS_CRT_X509,
  0
 };
-/**
- * MHD_gtls_certificate_type_list:
- *
- * Get a list of certificate types.
- *
- * Returns: a zero-terminated list of %enum MHD_GNUTLS_CertificateType
- * integers indicating the available certificate types.
- *
- **/
-const enum MHD_GNUTLS_CertificateType *
-MHD_gtls_certificate_type_list (void)
-{
-  return MHD_gtls_supported_certificate_types;
-}
 /* returns the enum MHD_GNUTLS_PublicKeyAlgorithm which is compatible with
 * the given enum MHD_GNUTLS_KeyExchangeAlgorithm.
@@ -1942,55 +1537,6 @@ static const MHD_gnutls_sign_entry MHD_gtls_sign_algorithms[] = {
 #define GNUTLS_SIGN_ALG_LOOP(a) \
  GNUTLS_SIGN_LOOP( if(p->id && p->id == sign) { a; break; } )
-MHD_gnutls_sign_algorithm_t
-MHD_gtls_x509_oid2sign_algorithm (const char *oid)
-{
-  MHD_gnutls_sign_algorithm_t ret = 0;
-  GNUTLS_SIGN_LOOP (if (strcmp (oid, p->oid) == 0)
-                    {
-                    ret = p->id; break;}
-  );
-  if (ret == 0)
-    {
-      MHD__gnutls_x509_log ("Unknown SIGN OID: '%s'\n", oid);
-      return GNUTLS_SIGN_UNKNOWN;
-    }
-  return ret;
-}
-MHD_gnutls_sign_algorithm_t
-MHD_gtls_x509_pk_to_sign (enum MHD_GNUTLS_PublicKeyAlgorithm pk,
-                          enum MHD_GNUTLS_HashAlgorithm mac)
-{
-  MHD_gnutls_sign_algorithm_t ret = 0;
-  GNUTLS_SIGN_LOOP (if (pk == p->pk && mac == p->mac)
-                    {
-                    ret = p->id; break;}
-  );
-  if (ret == 0)
-    return GNUTLS_SIGN_UNKNOWN;
-  return ret;
-}
-const char *
-MHD_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk,
-                           enum MHD_GNUTLS_HashAlgorithm mac)
-{
-  MHD_gnutls_sign_algorithm_t sign;
-  const char *ret = NULL;
-  sign = MHD_gtls_x509_pk_to_sign (pk, mac);
-  if (sign == GNUTLS_SIGN_UNKNOWN)
-    return NULL;
-  GNUTLS_SIGN_ALG_LOOP (ret = p->oid);
-  return ret;
-}
 /* pk algorithms;
 */
 struct MHD_gnutls_pk_entry
@@ -2032,18 +1578,3 @@ MHD_gtls_x509_oid2pk_algorithm (const char *oid)
  return ret;
 }
-const char *
-MHD_gtls_x509_pk_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm algorithm)
-{
-  const char *ret = NULL;
-  const MHD_gnutls_pk_entry *p;
-  for (p = MHD_gtls_pk_algorithms; p->name != NULL; p++)
-    if (p->id == algorithm)
-      {
-        ret = p->oid;
-        break;
-      }
-  return ret;
-}
diff --git a/src/daemon/https/tls/gnutls_algorithms.h b/src/daemon/https/tls/gnutls_algorithms.h
index ba4e83ba..6a4021c7 100644
--- a/src/daemon/https/tls/gnutls_algorithms.h
+++ b/src/daemon/https/tls/gnutls_algorithms.h
@@ -28,7 +28,6 @@
 #include "gnutls_auth.h"
 /* Functions for version handling. */
-enum MHD_GNUTLS_Protocol MHD_gtls_version_lowest (MHD_gtls_session_t session);
 enum MHD_GNUTLS_Protocol MHD_gtls_version_max (MHD_gtls_session_t session);
 int MHD_gtls_version_priority (MHD_gtls_session_t session,
                               enum MHD_GNUTLS_Protocol version);
@@ -40,10 +39,6 @@ enum MHD_GNUTLS_Protocol MHD_gtls_version_get (int major, int minor);
 /* Functions for MACs. */
 int MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm);
-enum MHD_GNUTLS_HashAlgorithm MHD_gtls_x509_oid2mac_algorithm (const char
-                                                               *oid);
-const char *MHD_gtls_x509_mac_to_oid (enum MHD_GNUTLS_HashAlgorithm mac);
 /* Functions for cipher suites. */
 int MHD_gtls_supported_ciphersuites (MHD_gtls_session_t session,
                                     cipher_suite_st ** ciphers);
@@ -103,10 +98,6 @@ int MHD_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod
                                    algorithm);
 /* Type to KX mappings. */
-enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_map_kx_get_kx (enum
-                                                             MHD_GNUTLS_CredentialsType
-                                                             type,
-                                                             int server);
 enum MHD_GNUTLS_CredentialsType MHD_gtls_map_kx_get_cred (enum
                                                          MHD_GNUTLS_KeyExchangeAlgorithm
                                                          algorithm,
@@ -118,8 +109,6 @@ enum MHD_GNUTLS_PublicKeyAlgorithm MHD_gtls_map_pk_get_pk (enum
                                                           kx_algorithm);
 enum MHD_GNUTLS_PublicKeyAlgorithm MHD_gtls_x509_oid2pk_algorithm (const char
                                                                   *oid);
-const char *MHD_gtls_x509_pk_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm pk);
 enum encipher_type
 { CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN };
@@ -141,16 +130,6 @@ struct MHD_gtls_compression_entry
 typedef struct MHD_gtls_compression_entry MHD_gnutls_compression_entry;
 /* Functions for sign algorithms. */
-MHD_gnutls_sign_algorithm_t MHD_gtls_x509_oid2sign_algorithm (const char
-                                                              *oid);
-MHD_gnutls_sign_algorithm_t MHD_gtls_x509_pk_to_sign (enum
-                                                      MHD_GNUTLS_PublicKeyAlgorithm
-                                                      pk,
-                                                      enum
-                                                      MHD_GNUTLS_HashAlgorithm
-                                                      mac);
-const char *MHD_gtls_x509_sign_to_oid (enum MHD_GNUTLS_PublicKeyAlgorithm,
-                                       enum MHD_GNUTLS_HashAlgorithm mac);
 int MHD_gtls_mac_priority (MHD_gtls_session_t session,
                           enum MHD_GNUTLS_HashAlgorithm algorithm);
@@ -158,9 +137,6 @@ int MHD_gtls_cipher_priority (MHD_gtls_session_t session,
                              enum MHD_GNUTLS_CipherAlgorithm algorithm);
 int MHD_gtls_kx_priority (MHD_gtls_session_t session,
                          enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm);
-int MHD_gtls_compression_priority (MHD_gtls_session_t session,
-                                   enum MHD_GNUTLS_CompressionMethod
-                                   algorithm);
 enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name);
 enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name);
diff --git a/src/daemon/https/tls/gnutls_auth.c b/src/daemon/https/tls/gnutls_auth.c
index fcb8ed55..df978ef9 100644
--- a/src/daemon/https/tls/gnutls_auth.c
+++ b/src/daemon/https/tls/gnutls_auth.c
@@ -171,43 +171,6 @@ MHD_gtls_auth_get_type (MHD_gtls_session_t session)
                              server);
 }
-/**
-  * MHD_gtls_auth_server_get_type - Returns the type of credentials for the server authentication schema.
-  * @session: is a #MHD_gtls_session_t structure.
-  *
-  * Returns the type of credentials that were used for server authentication.
-  * The returned information is to be used to distinguish the function used
-  * to access authentication data.
-  *
-  **/
-enum MHD_GNUTLS_CredentialsType
-MHD_gtls_auth_server_get_type (MHD_gtls_session_t session)
-{
-  return
-    MHD_gtls_map_kx_get_cred (MHD_gtls_cipher_suite_get_kx_algo
-                              (&session->
-                               security_parameters.current_cipher_suite), 1);
-}
-/**
-  * MHD_gtls_auth_client_get_type - Returns the type of credentials for the client authentication schema.
-  * @session: is a #MHD_gtls_session_t structure.
-  *
-  * Returns the type of credentials that were used for client authentication.
-  * The returned information is to be used to distinguish the function used
-  * to access authentication data.
-  *
-  **/
-enum MHD_GNUTLS_CredentialsType
-MHD_gtls_auth_client_get_type (MHD_gtls_session_t session)
-{
-  return
-    MHD_gtls_map_kx_get_cred (MHD_gtls_cipher_suite_get_kx_algo
-                              (&session->
-                               security_parameters.current_cipher_suite), 0);
-}
 /*
 * This returns a pointer to the linked list. Don't
 * free that!!!
@@ -294,8 +257,6 @@ MHD_gtls_free_auth_info (MHD_gtls_session_t session)
  switch (session->key->auth_info_type)
    {
-    case MHD_GNUTLS_CRD_SRP:
-      break;
    case MHD_GNUTLS_CRD_CERTIFICATE:
      {
        unsigned int i;
diff --git a/src/daemon/https/tls/gnutls_buffers.c b/src/daemon/https/tls/gnutls_buffers.c
index 8c6bb750..4588e62d 100644
--- a/src/daemon/https/tls/gnutls_buffers.c
+++ b/src/daemon/https/tls/gnutls_buffers.c
@@ -67,58 +67,6 @@
 # include <io_debug.h>
 #endif
-/**
- * MHD__gnutls_transport_set_errno:
- * @session: is a #MHD_gtls_session_t structure.
- * @err: error value to store in session-specific errno variable.
- *
- * Store @err in the session-specific errno variable.  Useful values
- * for @err is EAGAIN and EINTR, other values are treated will be
- * treated as real errors in the push/pull function.
- *
- * This function is useful in replacement push/pull functions set by
- * MHD__gnutls_transport_set_push_function and
- * MHD_gnutls_transport_set_pullpush_function under Windows, where the
- * replacement push/pull may not have access to the same @errno
- * variable that is used by GnuTLS (e.g., the application is linked to
- * msvcr71.dll and gnutls is linked to msvcrt.dll).
- *
- * If you don't have the @session variable easily accessible from the
- * push/pull function, and don't worry about thread conflicts, you can
- * also use MHD__gnutls_transport_set_global_errno().
- **/
-void
-MHD__gnutls_transport_set_errno (MHD_gtls_session_t session, int err)
-{
-  session->internals.errnum = err;
-}
-/**
- * MHD__gnutls_transport_set_global_errno:
- * @err: error value to store in global errno variable.
- *
- * Store @err in the global errno variable.  Useful values for @err is
- * EAGAIN and EINTR, other values are treated will be treated as real
- * errors in the push/pull function.
- *
- * This function is useful in replacement push/pull functions set by
- * MHD__gnutls_transport_set_push_function and
- * MHD_gnutls_transport_set_pullpush_function under Windows, where the
- * replacement push/pull may not have access to the same @errno
- * variable that is used by GnuTLS (e.g., the application is linked to
- * msvcr71.dll and gnutls is linked to msvcrt.dll).
- *
- * Whether this function is thread safe or not depends on whether the
- * global variable errno is thread safe, some system libraries make it
- * a thread-local variable.  When feasible, using the guaranteed
- * thread-safe MHD__gnutls_transport_set_errno() may be better.
- **/
-void
-MHD__gnutls_transport_set_global_errno (int err)
-{
-  errno = err;
-}
 /* Buffers received packets of type APPLICATION DATA and
 * HANDSHAKE DATA.
 */
@@ -186,23 +134,6 @@ MHD_gnutls_record_buffer_get_size (content_type_t type,
    }
 }
-/**
- * MHD_gtls_record_check_pending - checks if there are any data to receive in gnutls buffers.
- * @session: is a #MHD_gtls_session_t structure.
- *
- * This function checks if there are any data to receive
- * in the gnutls buffers. Returns the size of that data or 0.
- * Notice that you may also use select() to check for data in
- * a TCP connection, instead of this function.
- * (gnutls leaves some data in the tcp buffer in order for select
- * to work).
- **/
-size_t
-MHD_gtls_record_check_pending (MHD_gtls_session_t session)
-{
-  return MHD_gnutls_record_buffer_get_size (GNUTLS_APPLICATION_DATA, session);
-}
 int
 MHD_gtls_record_buffer_get (content_type_t type, MHD_gtls_session_t session,
                            opaque * data, size_t length)
@@ -1193,31 +1124,6 @@ MHD_gtls_handshake_buffer_put (MHD_gtls_session_t session, opaque * data,
  return 0;
 }
-int
-MHD_gtls_handshake_buffer_get_size (MHD_gtls_session_t session)
-{
-  return session->internals.handshake_hash_buffer.length;
-}
-/* this function does not touch the buffer
- * and returns data from it (peek mode!)
- */
-int
-MHD_gtls_handshake_buffer_peek (MHD_gtls_session_t session, opaque * data,
-                                size_t length)
-{
-  if (length > session->internals.handshake_hash_buffer.length)
-    {
-      length = session->internals.handshake_hash_buffer.length;
-    }
-  MHD__gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", length);
-  memcpy (data, session->internals.handshake_hash_buffer.data, length);
-  return length;
-}
 /* this function does not touch the buffer
 * and returns data from it (peek mode!)
 */
diff --git a/src/daemon/https/tls/gnutls_buffers.h b/src/daemon/https/tls/gnutls_buffers.h
index 918da673..e09506ac 100644
--- a/src/daemon/https/tls/gnutls_buffers.h
+++ b/src/daemon/https/tls/gnutls_buffers.h
@@ -40,9 +40,6 @@ ssize_t MHD_gtls_io_write_buffered (MHD_gtls_session_t, const void *iptr,
 ssize_t MHD_gtls_io_write_buffered2 (MHD_gtls_session_t, const void *iptr,
                                     size_t n, const void *iptr2, size_t n2);
-int MHD_gtls_handshake_buffer_get_size (MHD_gtls_session_t session);
-int MHD_gtls_handshake_buffer_peek (MHD_gtls_session_t session, opaque * data,
-                                    size_t length);
 int MHD_gtls_handshake_buffer_put (MHD_gtls_session_t session, opaque * data,
                                   size_t length);
 int MHD_gtls_handshake_buffer_clear (MHD_gtls_session_t session);
diff --git a/src/daemon/https/tls/gnutls_cert.c b/src/daemon/https/tls/gnutls_cert.c
index f0357840..a8353d70 100644
--- a/src/daemon/https/tls/gnutls_cert.c
+++ b/src/daemon/https/tls/gnutls_cert.c
@@ -279,87 +279,6 @@ MHD_gtls_selected_cert_supported_kx (MHD_gtls_session_t session,
 }
-/**
-  * MHD_gtls_certificate_server_set_request - Used to set whether to request a client certificate
-  * @session: is an #MHD_gtls_session_t structure.
-  * @req: is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE
-  *
-  * This function specifies if we (in case of a server) are going
-  * to send a certificate request message to the client. If @req
-  * is GNUTLS_CERT_REQUIRE then the server will return an error if
-  * the peer does not provide a certificate. If you do not
-  * call this function then the client will not be asked to
-  * send a certificate.
-  **/
-void
-MHD_gtls_certificate_server_set_request (MHD_gtls_session_t session,
-                                         MHD_gnutls_certificate_request_t req)
-{
-  session->internals.send_cert_req = req;
-}
-/**
-  * MHD_gtls_certificate_client_set_retrieve_function - Used to set a callback to retrieve the certificate
-  * @cred: is a #MHD_gtls_cert_credentials_t structure.
-  * @func: is the callback function
-  *
-  * This function sets a callback to be called in order to retrieve the certificate
-  * to be used in the handshake.
-  * The callback's function prototype is:
-  * int (*callback)(MHD_gtls_session_t, const MHD_gnutls_datum_t* req_ca_dn, int nreqs,
-  * const enum MHD_GNUTLS_PublicKeyAlgorithm* pk_algos, int pk_algos_length, MHD_gnutls_retr_st* st);
-  *
-  * @req_ca_cert is only used in X.509 certificates.
-  * Contains a list with the CA names that the server considers trusted.
-  * Normally we should send a certificate that is signed
-  * by one of these CAs. These names are DER encoded. To get a more
-  * meaningful value use the function MHD_gnutls_x509_rdn_get().
-  *
-  * @pk_algos contains a list with server's acceptable signature algorithms.
-  * The certificate returned should support the server's given algorithms.
-  *
-  * @st should contain the certificates and private keys.
-  *
-  * If the callback function is provided then gnutls will call it, in the
-  * handshake, after the certificate request message has been received.
-  *
-  * The callback function should set the certificate list to be sent, and
-  * return 0 on success. If no certificate was selected then the number of certificates
-  * should be set to zero. The value (-1) indicates error and the handshake
-  * will be terminated.
-  **/
-void MHD_gtls_certificate_client_set_retrieve_function
-  (MHD_gtls_cert_credentials_t cred,
-   MHD_gnutls_certificate_client_retrieve_function * func)
-{
-  cred->client_get_cert_callback = func;
-}
-/**
-  * MHD_gtls_certificate_server_set_retrieve_function - Used to set a callback to retrieve the certificate
-  * @cred: is a #MHD_gtls_cert_credentials_t structure.
-  * @func: is the callback function
-  *
-  * This function sets a callback to be called in order to retrieve the certificate
-  * to be used in the handshake.
-  * The callback's function prototype is:
-  * int (*callback)(MHD_gtls_session_t, MHD_gnutls_retr_st* st);
-  *
-  * @st should contain the certificates and private keys.
-  *
-  * If the callback function is provided then gnutls will call it, in the
-  * handshake, after the certificate request message has been received.
-  *
-  * The callback function should set the certificate list to be sent, and
-  * return 0 on success.  The value (-1) indicates error and the handshake
-  * will be terminated.
-  **/
-void MHD_gtls_certificate_server_set_retrieve_function
-  (MHD_gtls_cert_credentials_t cred,
-   MHD_gnutls_certificate_server_retrieve_function * func)
-{
-  cred->server_get_cert_callback = func;
-}
 int
 MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert,
@@ -377,23 +296,6 @@ MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert,
    }
 }
-int
-MHD_gtls_raw_privkey_to_gkey (MHD_gnutls_privkey * key,
-                              enum MHD_GNUTLS_CertificateType type,
-                              const MHD_gnutls_datum_t * raw_key,
-                              int key_enc /* DER or PEM */ )
-{
-  switch (type)
-    {
-    case MHD_GNUTLS_CRT_X509:
-      return MHD__gnutls_x509_raw_privkey_to_gkey (key, raw_key, key_enc);
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-}
 /* This function will convert a der certificate to a format
 * (structure) that gnutls can understand and use. Actually the
 * important thing on this function is that it extracts the
@@ -538,47 +440,3 @@ MHD_gtls_gcert_deinit (MHD_gnutls_cert * cert)
  MHD__gnutls_free_datum (&cert->raw);
 }
-/**
- * MHD_gtls_sign_callback_set:
- * @session: is a gnutls session
- * @sign_func: function pointer to application's sign callback.
- * @userdata: void pointer that will be passed to sign callback.
- *
- * Set the callback function.  The function must have this prototype:
- *
- * typedef int (*MHD_gnutls_sign_func) (MHD_gtls_session_t session,
- *                                  void *userdata,
- *                                  enum MHD_GNUTLS_CertificateType cert_type,
- *                                  const MHD_gnutls_datum_t * cert,
- *                                  const MHD_gnutls_datum_t * hash,
- *                                  MHD_gnutls_datum_t * signature);
- *
- * The @userdata parameter is passed to the @sign_func verbatim, and
- * can be used to store application-specific data needed in the
- * callback function.  See also MHD_gtls_sign_callback_get().
- **/
-void
-MHD_gtls_sign_callback_set (MHD_gtls_session_t session,
-                            MHD_gnutls_sign_func sign_func, void *userdata)
-{
-  session->internals.sign_func = sign_func;
-  session->internals.sign_func_userdata = userdata;
-}
-/**
- * MHD_gtls_sign_callback_get:
- * @session: is a gnutls session
- * @userdata: if non-%NULL, will be set to abstract callback pointer.
- *
- * Retrieve the callback function, and its userdata pointer.
- *
- * Returns: The function pointer set by MHD_gtls_sign_callback_set(), or
- *   if not set, %NULL.
- **/
-MHD_gnutls_sign_func
-MHD_gtls_sign_callback_get (MHD_gtls_session_t session, void **userdata)
-{
-  if (userdata)
-    *userdata = session->internals.sign_func_userdata;
-  return session->internals.sign_func;
-}
diff --git a/src/daemon/https/tls/gnutls_cert.h b/src/daemon/https/tls/gnutls_cert.h
index 0a1a04db..124ac963 100644
--- a/src/daemon/https/tls/gnutls_cert.h
+++ b/src/daemon/https/tls/gnutls_cert.h
@@ -124,9 +124,4 @@ int MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert,
                                enum MHD_GNUTLS_CertificateType type,
                                const MHD_gnutls_datum_t * raw_cert,
                                int flags /* OR of ConvFlags */ );
-int MHD_gtls_raw_privkey_to_gkey (MHD_gnutls_privkey * key,
-                                  enum MHD_GNUTLS_CertificateType type,
-                                  const MHD_gnutls_datum_t * raw_key,
-                                  int key_enc /* DER or PEM */ );
 #endif
diff --git a/src/daemon/https/tls/gnutls_datum.c b/src/daemon/https/tls/gnutls_datum.c
index a62c4204..2f03da3b 100644
--- a/src/daemon/https/tls/gnutls_datum.c
+++ b/src/daemon/https/tls/gnutls_datum.c
@@ -49,23 +49,6 @@ MHD_gtls_write_datum24 (opaque * dest, MHD_gnutls_datum_t dat)
    memcpy (&dest[3], dat.data, dat.size);
 }
-void
-MHD_gtls_write_datum32 (opaque * dest, MHD_gnutls_datum_t dat)
-{
-  MHD_gtls_write_uint32 (dat.size, dest);
-  if (dat.data != NULL)
-    memcpy (&dest[4], dat.data, dat.size);
-}
-void
-MHD_gtls_write_datum8 (opaque * dest, MHD_gnutls_datum_t dat)
-{
-  dest[0] = (uint8_t) dat.size;
-  if (dat.data != NULL)
-    memcpy (&dest[1], dat.data, dat.size);
-}
 int
 MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data,
                      size_t data_size, MHD_gnutls_alloc_function galloc_func)
@@ -87,22 +70,6 @@ MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data,
  return 0;
 }
-int
-MHD_gtls_datum_append_m (MHD_gnutls_datum_t * dst, const void *data,
-                         size_t data_size,
-                         MHD_gnutls_realloc_function grealloc_func)
-{
-  dst->data = grealloc_func (dst->data, data_size + dst->size);
-  if (dst->data == NULL)
-    return GNUTLS_E_MEMORY_ERROR;
-  memcpy (&dst->data[dst->size], data, data_size);
-  dst->size += data_size;
-  return 0;
-}
 void
 MHD_gtls_free_datum_m (MHD_gnutls_datum_t * dat,
                       MHD_gnutls_free_function gfree_func)
diff --git a/src/daemon/https/tls/gnutls_datum.h b/src/daemon/https/tls/gnutls_datum.h
index 3e787318..6160de3d 100644
--- a/src/daemon/https/tls/gnutls_datum.h
+++ b/src/daemon/https/tls/gnutls_datum.h
@@ -24,16 +24,12 @@
 void MHD_gtls_write_datum16 (opaque * dest, MHD_gnutls_datum_t dat);
 void MHD_gtls_write_datum24 (opaque * dest, MHD_gnutls_datum_t dat);
-void MHD_gtls_write_datum32 (opaque * dest, MHD_gnutls_datum_t dat);
-void MHD_gtls_write_datum8 (opaque * dest, MHD_gnutls_datum_t dat);
 int MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data,
                          size_t data_size, MHD_gnutls_alloc_function);
 #define MHD__gnutls_set_datum( x, y, z) MHD_gtls_set_datum_m(x,y,z, MHD_gnutls_malloc)
 #define MHD__gnutls_sset_datum( x, y, z) MHD_gtls_set_datum_m(x,y,z, MHD_gnutls_secure_malloc)
-int MHD_gtls_datum_append_m (MHD_gnutls_datum_t * dat, const void *data,
-                             size_t data_size, MHD_gnutls_realloc_function);
 #define MHD__gnutls_datum_append(x,y,z) MHD_gtls_datum_append_m(x,y,z, MHD_gnutls_realloc)
 void MHD_gtls_free_datum_m (MHD_gnutls_datum_t * dat,
diff --git a/src/daemon/https/tls/gnutls_extensions.c b/src/daemon/https/tls/gnutls_extensions.c
index b8892324..f6c947cb 100644
--- a/src/daemon/https/tls/gnutls_extensions.c
+++ b/src/daemon/https/tls/gnutls_extensions.c
@@ -64,12 +64,6 @@ MHD_gtls_extension_entry MHD_gtls_extensions[MAX_EXT_SIZE] = {
                          MHD_gtls_oprfi_recv_params,
                          MHD_gtls_oprfi_send_params),
 #endif
-#ifdef ENABLE_SRP
-  GNUTLS_EXTENSION_ENTRY (GNUTLS_EXTENSION_SRP,
-                          EXTENSION_TLS,
-                          MHD__gnutls_srp_recv_params,
-                          MHD__gnutls_srp_send_params),
-#endif
  {0, 0, 0, 0}
 };
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
index a0ea34c8..45041ccd 100644
--- a/src/daemon/https/tls/gnutls_handshake.c
+++ b/src/daemon/https/tls/gnutls_handshake.c
@@ -1929,36 +1929,6 @@ MHD__gnutls_send_server_hello (MHD_gtls_session_t session, int again)
  datalen = 0;
-#ifdef ENABLE_SRP
-  if (IS_SRP_KX
-      (MHD_gtls_cipher_suite_get_kx_algo
-       (&session->security_parameters.current_cipher_suite)))
-    {
-      /* While resuming we cannot check the username extension since it is
-       * not available at this point. It will be copied on connection
-       * state activation.
-       */
-      if (session->internals.resumed == RESUME_FALSE &&
-          session->security_parameters.extensions.srp_username[0] == 0)
-        {
-          /* The peer didn't send a valid SRP extension with the
-           * SRP username. The draft requires that we send a fatal
-           * alert and abort.
-           */
-          MHD_gnutls_assert ();
-          ret = MHD__gnutls_alert_send (session, GNUTLS_AL_FATAL,
-                                        GNUTLS_A_UNKNOWN_PSK_IDENTITY);
-          if (ret < 0)
-            {
-              MHD_gnutls_assert ();
-              return ret;
-            }
-          return GNUTLS_E_ILLEGAL_SRP_USERNAME;
-        }
-    }
-#endif
  if (again == 0)
    {
      datalen = 2 + session_id_len + 1 + TLS_RANDOM_SIZE + 3;
@@ -2807,22 +2777,6 @@ check_server_params (MHD_gtls_session_t session,
      if (delete == 1)
        return 1;
-#ifdef ENABLE_PSK
-    }
-  else if (cred_type == MHD_GNUTLS_CRD_PSK)
-    {
-      MHD_gnutls_psk_server_credentials_t psk_cred =
-        (MHD_gnutls_psk_server_credentials_t) MHD_gtls_get_cred (session->key,
-                                                                 cred_type,
-                                                                 NULL);
-      if (psk_cred != NULL)
-        {
-          dh_params =
-            MHD_gtls_get_dh_params (psk_cred->dh_params,
-                                    psk_cred->params_func, session);
-        }
-#endif
    }
  else
    return 0;                   /* no need for params */
@@ -2955,7 +2909,6 @@ MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session,
         SRP credential too.  */
      if (kx == MHD_GNUTLS_KX_SRP_RSA || kx == MHD_GNUTLS_KX_SRP_DSS)
        {
-          if (!MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_SRP, NULL))
            delete = 1;
        }
diff --git a/src/daemon/https/tls/gnutls_mem.c b/src/daemon/https/tls/gnutls_mem.c
index 6f6086e5..44f1ccf5 100644
--- a/src/daemon/https/tls/gnutls_mem.c
+++ b/src/daemon/https/tls/gnutls_mem.c
@@ -32,7 +32,6 @@ MHD_gnutls_free_function MHD_gnutls_free = free;
 MHD_gnutls_realloc_function MHD_gnutls_realloc = realloc;
 void *(*MHD_gnutls_calloc) (size_t, size_t) = calloc;
-char *(*MHD_gnutls_strdup) (const char *) = MHD_gtls_strdup;
 int
 MHD__gnutls_is_secure_mem_null (const void *ign)
@@ -64,15 +63,3 @@ MHD_gtls_realloc_fast (void *ptr, size_t size)
  return ret;
 }
-char *
-MHD_gtls_strdup (const char *str)
-{
-  size_t siz = strlen (str) + 1;
-  char *ret;
-  ret = MHD_gnutls_malloc (siz);
-  if (ret != NULL)
-    memcpy (ret, str, siz);
-  return ret;
-}
diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c
index 62bf3489..8d7b5269 100644
--- a/src/daemon/https/tls/gnutls_priority.c
+++ b/src/daemon/https/tls/gnutls_priority.c
@@ -32,40 +32,6 @@
 #define MAX_ELEMENTS 48
-/**
- * MHD__gnutls_cipher_set_priority - Sets the priority on the ciphers supported by gnutls.
- * @session: is a #MHD_gtls_session_t structure.
- * @list: is a 0 terminated list of enum MHD_GNUTLS_CipherAlgorithm elements.
- *
- * Sets the priority on the ciphers supported by gnutls.
- * Priority is higher for elements specified before others.
- * After specifying the ciphers you want, you must append a 0.
- * Note that the priority is set on the client. The server does
- * not use the algorithm's priority except for disabling
- * algorithms that were not specified.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD__gnutls_cipher_set_priority (MHD_gtls_session_t session, const int *list)
-{
-  int num = 0, i;
-  while (list[num] != 0)
-    num++;
-  if (num > MAX_ALGOS)
-    num = MAX_ALGOS;
-  session->internals.priorities.cipher.num_algorithms = num;
-  for (i = 0; i < num; i++)
-    {
-      session->internals.priorities.cipher.priority[i] = list[i];
-    }
-  return 0;
-}
 static int
 _set_priority (MHD_gtls_priority_st * st, const int *list)
 {
@@ -78,129 +44,6 @@ _set_priority (MHD_gtls_priority_st * st, const int *list)
  return 0;
 }
-/**
- * MHD__gnutls_kx_set_priority - Sets the priority on the key exchange algorithms supported by gnutls.
- * @session: is a #MHD_gtls_session_t structure.
- * @list: is a 0 terminated list of enum MHD_GNUTLS_KeyExchangeAlgorithm elements.
- *
- * Sets the priority on the key exchange algorithms supported by gnutls.
- * Priority is higher for elements specified before others.
- * After specifying the algorithms you want, you must append a 0.
- * Note that the priority is set on the client. The server does
- * not use the algorithm's priority except for disabling
- * algorithms that were not specified.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD__gnutls_kx_set_priority (MHD_gtls_session_t session, const int *list)
-{
-  return _set_priority (&session->internals.priorities.kx, list);
-}
-/**
- * MHD__gnutls_mac_set_priority - Sets the priority on the mac algorithms supported by gnutls.
- * @session: is a #MHD_gtls_session_t structure.
- * @list: is a 0 terminated list of enum MHD_GNUTLS_HashAlgorithm elements.
- *
- * Sets the priority on the mac algorithms supported by gnutls.
- * Priority is higher for elements specified before others.
- * After specifying the algorithms you want, you must append a 0.
- * Note that the priority is set on the client. The server does
- * not use the algorithm's priority except for disabling
- * algorithms that were not specified.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD__gnutls_mac_set_priority (MHD_gtls_session_t session, const int *list)
-{
-  return _set_priority (&session->internals.priorities.mac, list);
-}
-/**
- * MHD__gnutls_compression_set_priority - Sets the priority on the compression algorithms supported by gnutls.
- * @session: is a #MHD_gtls_session_t structure.
- * @list: is a 0 terminated list of enum MHD_GNUTLS_CompressionMethod elements.
- *
- * Sets the priority on the compression algorithms supported by gnutls.
- * Priority is higher for elements specified before others.
- * After specifying the algorithms you want, you must append a 0.
- * Note that the priority is set on the client. The server does
- * not use the algorithm's priority except for disabling
- * algorithms that were not specified.
- *
- * TLS 1.0 does not define any compression algorithms except
- * NULL. Other compression algorithms are to be considered
- * as gnutls extensions.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD__gnutls_compression_set_priority (MHD_gtls_session_t session,
-                                      const int *list)
-{
-  return _set_priority (&session->internals.priorities.compression, list);
-}
-/**
- * MHD__gnutls_protocol_set_priority - Sets the priority on the protocol versions supported by gnutls.
- * @session: is a #MHD_gtls_session_t structure.
- * @list: is a 0 terminated list of enum MHD_GNUTLS_Protocol elements.
- *
- * Sets the priority on the protocol versions supported by gnutls.
- * This function actually enables or disables protocols. Newer protocol
- * versions always have highest priority.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD__gnutls_protocol_set_priority (MHD_gtls_session_t session,
-                                   const int *list)
-{
-  int ret;
-  ret = _set_priority (&session->internals.priorities.protocol, list);
-  /* set the current version to the first in the chain.
-   * This will be overridden later.
-   */
-  MHD_gtls_set_current_version (session, list[0]);
-  return ret;
-}
-/**
- * MHD__gnutls_certificate_type_set_priority - Sets the priority on the certificate types supported by gnutls.
- * @session: is a #MHD_gtls_session_t structure.
- * @list: is a 0 terminated list of enum MHD_GNUTLS_CertificateType elements.
- *
- * Sets the priority on the certificate types supported by gnutls.
- * Priority is higher for elements specified before others.
- * After specifying the types you want, you must append a 0.
- * Note that the certificate type priority is set on the client.
- * The server does not use the cert type priority except for disabling
- * types that were not specified.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD__gnutls_certificate_type_set_priority (MHD_gtls_session_t session,
-                                           const int *list)
-{
-#if ENABLE_OPENPGP
-  return _set_priority (&session->internals.priorities.cert_type, list);
-#else
-  return GNUTLS_E_UNIMPLEMENTED_FEATURE;
-#endif
-}
 static const int MHD_gtls_protocol_priority[] = { MHD_GNUTLS_PROTOCOL_TLS1_1,
  MHD_GNUTLS_PROTOCOL_TLS1_0,
  MHD_GNUTLS_PROTOCOL_SSL3,
diff --git a/src/daemon/https/tls/gnutls_record.c b/src/daemon/https/tls/gnutls_record.c
index 80d5f70f..e1667105 100644
--- a/src/daemon/https/tls/gnutls_record.c
+++ b/src/daemon/https/tls/gnutls_record.c
@@ -81,24 +81,6 @@ MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num)
 }
 /**
- * MHD_gtls_record_disable_padding - Used to disabled padding in TLS 1.0 and above
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Used to disabled padding in TLS 1.0 and above.  Normally you do
- * not need to use this function, but there are buggy clients that
- * complain if a server pads the encrypted data.  This of course will
- * disable protection against statistical attacks on the data.
- *
- * Normally only servers that require maximum compatibility with everything
- * out there, need to call this function.
- **/
-void
-MHD_gtls_record_disable_padding (MHD_gtls_session_t session)
-{
-  session->internals.priorities.no_padding = 1;
-}
-/**
 * MHD__gnutls_transport_set_ptr - Used to set first argument of the transport functions
 * @session: is a #MHD_gtls_session_t structure.
 * @ptr: is the value.
@@ -116,26 +98,6 @@ MHD__gnutls_transport_set_ptr (MHD_gtls_session_t session,
 }
 /**
- * MHD__gnutls_transport_set_ptr2 - Used to set first argument of the transport functions
- * @session: is a #MHD_gtls_session_t structure.
- * @recv_ptr: is the value for the pull function
- * @send_ptr: is the value for the push function
- *
- * Used to set the first argument of the transport function (like
- * PUSH and PULL). In berkeley style sockets this function will set
- * the connection handle.  With this function you can use two
- * different pointers for receiving and sending.
- **/
-void
-MHD__gnutls_transport_set_ptr2 (MHD_gtls_session_t session,
-                                MHD_gnutls_transport_ptr_t recv_ptr,
-                                MHD_gnutls_transport_ptr_t send_ptr)
-{
-  session->internals.transport_send_ptr = send_ptr;
-  session->internals.transport_recv_ptr = recv_ptr;
-}
-/**
 * MHD__gnutls_bye - This function terminates the current TLS/SSL connection.
 * @session: is a #MHD_gtls_session_t structure.
 * @how: is an integer
@@ -1128,59 +1090,3 @@ MHD__gnutls_record_recv (MHD_gtls_session_t session, void *data,
                            sizeofdata);
 }
-/**
- * MHD__gnutls_record_get_max_size - returns the maximum record size
- * @session: is a #MHD_gtls_session_t structure.
- *
- * This function returns the maximum record packet size in this
- * connection.  The maximum record size is negotiated by the client
- * after the first handshake message.
- **/
-size_t
-MHD__gnutls_record_get_max_size (MHD_gtls_session_t session)
-{
-  /* Recv will hold the negotiated max record size
-   * always.
-   */
-  return session->security_parameters.max_record_recv_size;
-}
-/**
- * MHD__gnutls_record_set_max_size - sets the maximum record size
- * @session: is a #MHD_gtls_session_t structure.
- * @size: is the new size
- *
- * This function sets the maximum record packet size in this
- * connection.  This property can only be set to clients.  The server
- * may choose not to accept the requested size.
- *
- * Acceptable values are 512(=2^9), 1024(=2^10), 2048(=2^11) and
- * 4096(=2^12).  Returns 0 on success. The requested record size does
- * get in effect immediately only while sending data. The receive
- * part will take effect after a successful handshake.
- *
- * This function uses a TLS extension called 'max record size'.  Not
- * all TLS implementations use or even understand this extension.
- **/
-ssize_t
-MHD__gnutls_record_set_max_size (MHD_gtls_session_t session, size_t size)
-{
-  ssize_t new_size;
-  if (session->security_parameters.entity == GNUTLS_SERVER)
-    return GNUTLS_E_INVALID_REQUEST;
-  new_size = MHD_gtls_mre_record2num (size);
-  if (new_size < 0)
-    {
-      MHD_gnutls_assert ();
-      return new_size;
-    }
-  session->security_parameters.max_record_send_size = size;
-  session->internals.proposed_record_size = size;
-  return 0;
-}
diff --git a/src/daemon/https/tls/gnutls_session.c b/src/daemon/https/tls/gnutls_session.c
deleted file mode 100644
index b7ba3764..00000000
--- a/src/daemon/https/tls/gnutls_session.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (C) 2000, 2003, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-#include "gnutls_int.h"
-#include "gnutls_errors.h"
-#include "debug.h"
-#include "gnutls_session_pack.h"
-#include <gnutls_datum.h>
-/* TODO this file should be removed if session resumption will be abandoned */
-/**
-  * MHD_gtls_session_get_id - Returns session id.
-  * @session: is a #MHD_gtls_session_t structure.
-  * @session_id: is a pointer to space to hold the session id.
-  * @session_id_size: is the session id's size, or it will be set by the function.
-  *
-  * Returns the current session id. This can be used if you want to check if
-  * the next session you tried to resume was actually resumed.
-  * This is because resumed sessions have the same sessionID with the
-  * original session.
-  *
-  * Session id is some data set by the server, that identify the current session.
-  * In TLS 1.0 and SSL 3.0 session id is always less than 32 bytes.
-  *
-  * Returns zero on success.
-  **/
-int
-MHD_gtls_session_get_id (MHD_gtls_session_t session,
-                         void *session_id, size_t * session_id_size)
-{
-  size_t given_session_id_size = *session_id_size;
-  *session_id_size = session->security_parameters.session_id_size;
-  /* just return the session size */
-  if (session_id == NULL)
-    {
-      return 0;
-    }
-  if (given_session_id_size < session->security_parameters.session_id_size)
-    {
-      return GNUTLS_E_SHORT_MEMORY_BUFFER;
-    }
-  memcpy (session_id, &session->security_parameters.session_id,
-          *session_id_size);
-  return 0;
-}
diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c
deleted file mode 100644
index be80bfb7..00000000
--- a/src/daemon/https/tls/gnutls_session_pack.c
+++ /dev/null
@@ -1,1025 +0,0 @@
-/*
- * Copyright (C) 2000, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-/* Contains functions that are supposed to pack and unpack session data,
- * before and after they are sent to the database backend.
- */
-#include <gnutls_int.h>
-#ifdef ENABLE_SRP
-# include <auth_srp.h>
-#endif
-#ifdef ENABLE_PSK
-# include <auth_psk.h>
-#endif
-#include <auth_cert.h>
-#include <gnutls_errors.h>
-#include <gnutls_auth_int.h>
-#include <gnutls_session_pack.h>
-#include <gnutls_datum.h>
-#include <gnutls_num.h>
-#define PACK_HEADER_SIZE 1
-#define MAX_SEC_PARAMS 7+MAX_SRP_USERNAME+MAX_SERVER_NAME_EXTENSIONS*(3+MAX_SERVER_NAME_SIZE)+165
-static int pack_certificate_auth_info (MHD_gtls_session_t,
-                                       MHD_gnutls_datum_t * packed_session);
-static int unpack_certificate_auth_info (MHD_gtls_session_t,
-                                         const MHD_gnutls_datum_t *
-                                         packed_session);
-static int unpack_security_parameters (MHD_gtls_session_t session,
-                                       const MHD_gnutls_datum_t *
-                                       packed_session);
-static int pack_security_parameters (MHD_gtls_session_t session,
-                                     MHD_gnutls_datum_t * packed_session);
-/* Since auth_info structures contain malloced data, this function
- * is required in order to pack these structures in a vector in
- * order to store them to the DB.
- *
- * packed_session will contain the session data.
- *
- * The data will be in a platform independent format.
- */
-int
-MHD_gtls_session_pack (MHD_gtls_session_t session,
-                       MHD_gnutls_datum_t * packed_session)
-{
-  int ret;
-  if (packed_session == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  switch (MHD_gtls_auth_get_type (session))
-    {
-#ifdef ENABLE_SRP
-    case MHD_GNUTLS_CRD_SRP:
-      ret = pack_srp_auth_info (session, packed_session);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-      break;
-#endif
-#ifdef ENABLE_PSK
-    case MHD_GNUTLS_CRD_PSK:
-      ret = pack_psk_auth_info (session, packed_session);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-      break;
-#endif
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      ret = pack_certificate_auth_info (session, packed_session);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-      break;
-    default:
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  /* Auth_info structures copied. Now copy MHD_gtls_security_param_st.
-   * packed_session must have allocated space for the security parameters.
-   */
-  ret = pack_security_parameters (session, packed_session);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD__gnutls_free_datum (packed_session);
-      return ret;
-    }
-  return 0;
-}
-/* Load session data from a buffer.
- */
-int
-MHD_gtls_session_unpack (MHD_gtls_session_t session,
-                         const MHD_gnutls_datum_t * packed_session)
-{
-  int ret;
-  if (packed_session == NULL || packed_session->size == 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  if (MHD_gtls_get_auth_info (session) != NULL)
-    {
-      MHD_gtls_free_auth_info (session);
-    }
-  switch (packed_session->data[0])
-    {
-#ifdef ENABLE_SRP
-    case MHD_GNUTLS_CRD_SRP:
-      ret = unpack_srp_auth_info (session, packed_session);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-      break;
-#endif
-#ifdef ENABLE_PSK
-    case MHD_GNUTLS_CRD_PSK:
-      ret = unpack_psk_auth_info (session, packed_session);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-      break;
-#endif
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      ret = unpack_certificate_auth_info (session, packed_session);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-      break;
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  /* Auth_info structures copied. Now copy MHD_gtls_security_param_st.
-   * packed_session must have allocated space for the security parameters.
-   */
-  ret = unpack_security_parameters (session, packed_session);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-  return 0;
-}
-/* Format:
- *      1 byte the credentials type
- *      4 bytes the size of the whole structure
- *        DH stuff
- *      2 bytes the size of secret key in bits
- *      4 bytes the size of the prime
- *      x bytes the prime
- *      4 bytes the size of the generator
- *      x bytes the generator
- *      4 bytes the size of the public key
- *      x bytes the public key
- *        RSA stuff
- *      4 bytes the size of the modulus
- *      x bytes the modulus
- *      4 bytes the size of the exponent
- *      x bytes the exponent
- *        CERTIFICATES
- *      4 bytes the length of the certificate list
- *      4 bytes the size of first certificate
- *      x bytes the certificate
- *       and so on...
- */
-static int
-pack_certificate_auth_info (MHD_gtls_session_t session,
-                            MHD_gnutls_datum_t * packed_session)
-{
-  unsigned int pos = 0, i;
-  int cert_size, pack_size;
-  cert_auth_info_t info = MHD_gtls_get_auth_info (session);
-  if (info)
-    {
-      cert_size = 4;
-      for (i = 0; i < info->ncerts; i++)
-        cert_size += 4 + info->raw_certificate_list[i].size;
-      pack_size = 2 + 4 + info->dh.prime.size +
-        4 + info->dh.generator.size + 4 + info->dh.public_key.size +
-        4 + info->rsa_export.modulus.size +
-        4 + info->rsa_export.exponent.size + cert_size;
-    }
-  else
-    pack_size = 0;
-  packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
-  /* calculate the size and allocate the data.
-   */
-  packed_session->data =
-    MHD_gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
-  if (packed_session->data == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-  packed_session->data[0] = MHD_GNUTLS_CRD_CERTIFICATE;
-  MHD_gtls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]);
-  pos += 4 + PACK_HEADER_SIZE;
-  if (pack_size > 0)
-    {
-      MHD_gtls_write_uint16 (info->dh.secret_bits,
-                             &packed_session->data[pos]);
-      pos += 2;
-      MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime);
-      pos += 4 + info->dh.prime.size;
-      MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator);
-      pos += 4 + info->dh.generator.size;
-      MHD_gtls_write_datum32 (&packed_session->data[pos],
-                              info->dh.public_key);
-      pos += 4 + info->dh.public_key.size;
-      MHD_gtls_write_datum32 (&packed_session->data[pos],
-                              info->rsa_export.modulus);
-      pos += 4 + info->rsa_export.modulus.size;
-      MHD_gtls_write_datum32 (&packed_session->data[pos],
-                              info->rsa_export.exponent);
-      pos += 4 + info->rsa_export.exponent.size;
-      MHD_gtls_write_uint32 (info->ncerts, &packed_session->data[pos]);
-      pos += 4;
-      for (i = 0; i < info->ncerts; i++)
-        {
-          MHD_gtls_write_datum32 (&packed_session->data[pos],
-                                  info->raw_certificate_list[i]);
-          pos += sizeof (uint32_t) + info->raw_certificate_list[i].size;
-        }
-    }
-  return 0;
-}
-/* Upack certificate info.
- */
-static int
-unpack_certificate_auth_info (MHD_gtls_session_t session,
-                              const MHD_gnutls_datum_t * packed_session)
-{
-  int pos = 0, size, ret;
-  unsigned int i = 0, j;
-  size_t pack_size;
-  cert_auth_info_t info;
-  if (packed_session->data[0] != MHD_GNUTLS_CRD_CERTIFICATE)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  pack_size = MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
-  pos += PACK_HEADER_SIZE + 4;
-  if (pack_size == 0)
-    return 0;                   /* nothing to be done */
-  /* a simple check for integrity */
-  if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  /* client and server have the same auth_info here
-   */
-  ret =
-    MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE,
-                            sizeof (cert_auth_info_st), 1);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  info->dh.secret_bits = MHD_gtls_read_uint16 (&packed_session->data[pos]);
-  pos += 2;
-  size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  ret =
-    MHD__gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      goto error;
-    }
-  pos += size;
-  size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  ret =
-    MHD__gnutls_set_datum (&info->dh.generator, &packed_session->data[pos],
-                           size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      goto error;
-    }
-  pos += size;
-  size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  ret =
-    MHD__gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos],
-                           size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      goto error;
-    }
-  pos += size;
-  size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  ret =
-    MHD__gnutls_set_datum (&info->rsa_export.modulus,
-                           &packed_session->data[pos], size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      goto error;
-    }
-  pos += size;
-  size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  ret =
-    MHD__gnutls_set_datum (&info->rsa_export.exponent,
-                           &packed_session->data[pos], size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      goto error;
-    }
-  pos += size;
-  info->ncerts = MHD_gtls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  if (info->ncerts > 0)
-    {
-      info->raw_certificate_list =
-        MHD_gnutls_calloc (1, sizeof (MHD_gnutls_datum_t) * info->ncerts);
-      if (info->raw_certificate_list == NULL)
-        {
-          MHD_gnutls_assert ();
-          ret = GNUTLS_E_MEMORY_ERROR;
-          goto error;
-        }
-    }
-  for (i = 0; i < info->ncerts; i++)
-    {
-      size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
-      pos += sizeof (uint32_t);
-      ret =
-        MHD__gnutls_set_datum (&info->raw_certificate_list[i],
-                               &packed_session->data[pos], size);
-      pos += size;
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          goto error;
-        }
-    }
-  return 0;
-error:
-  MHD__gnutls_free_datum (&info->dh.prime);
-  MHD__gnutls_free_datum (&info->dh.generator);
-  MHD__gnutls_free_datum (&info->dh.public_key);
-  MHD__gnutls_free_datum (&info->rsa_export.modulus);
-  MHD__gnutls_free_datum (&info->rsa_export.exponent);
-  for (j = 0; j < i; j++)
-    MHD__gnutls_free_datum (&info->raw_certificate_list[j]);
-  MHD_gnutls_free (info->raw_certificate_list);
-  return ret;
-}
-#ifdef ENABLE_SRP
-/* Packs the SRP session authentication data.
- */
-/* Format:
- *      1 byte the credentials type
- *      4 bytes the size of the SRP username (x)
- *      x bytes the SRP username
- */
-static int
-pack_srp_auth_info (MHD_gtls_session_t session,
-                    MHD_gnutls_datum_t * packed_session)
-{
-  srp_server_auth_info_t info = MHD_gtls_get_auth_info (session);
-  int pack_size;
-  if (info && info->username)
-    pack_size = strlen (info->username) + 1;    /* include the terminating null */
-  else
-    pack_size = 0;
-  packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
-  /* calculate the size and allocate the data.
-   */
-  packed_session->data =
-    MHD_gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
-  if (packed_session->data == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-  packed_session->data[0] = MHD_GNUTLS_CRD_SRP;
-  MHD_gtls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]);
-  if (pack_size > 0)
-    memcpy (&packed_session->data[PACK_HEADER_SIZE + sizeof (uint32_t)],
-            info->username, pack_size + 1);
-  return 0;
-}
-static int
-unpack_srp_auth_info (MHD_gtls_session_t session,
-                      const MHD_gnutls_datum_t * packed_session)
-{
-  size_t username_size;
-  int ret;
-  srp_server_auth_info_t info;
-  if (packed_session->data[0] != MHD_GNUTLS_CRD_SRP)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  username_size =
-    MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
-  if (username_size == 0)
-    return 0;                   /* nothing to be done */
-  /* a simple check for integrity */
-  if (username_size + 4 + PACK_HEADER_SIZE > packed_session->size)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  ret =
-    MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_SRP,
-                            sizeof (srp_server_auth_info_st), 1);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  memcpy (info->username,
-          &packed_session->data[PACK_HEADER_SIZE + sizeof (uint32_t)],
-          username_size);
-  return 0;
-}
-#endif
-#ifdef ENABLE_PSK
-/* Packs the PSK session authentication data.
- */
-/* Format:
- *      1 byte the credentials type
- *      4 bytes the size of the whole structure
- *      4 bytes the size of the PSK username (x)
- *      x bytes the PSK username
- *      2 bytes the size of secret key in bits
- *      4 bytes the size of the prime
- *      x bytes the prime
- *      4 bytes the size of the generator
- *      x bytes the generator
- *      4 bytes the size of the public key
- *      x bytes the public key
- */
-static int
-pack_psk_auth_info (MHD_gtls_session_t session,
-                    MHD_gnutls_datum_t * packed_session)
-{
-  psk_auth_info_t info;
-  int pack_size, username_size = 0, pos;
-  info = MHD_gtls_get_auth_info (session);
-  if (info)
-    {
-      username_size = strlen (info->username) + 1;      /* include the terminating null */
-      pack_size = username_size +
-        2 + 4 * 3 + info->dh.prime.size + info->dh.generator.size +
-        info->dh.public_key.size;
-    }
-  else
-    pack_size = 0;
-  packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
-  /* calculate the size and allocate the data.
-   */
-  packed_session->data =
-    MHD_gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
-  if (packed_session->data == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-  pos = 0;
-  packed_session->data[pos] = MHD_GNUTLS_CRD_PSK;
-  pos++;
-  MHD_gtls_write_uint32 (pack_size, &packed_session->data[pos]);
-  pos += 4;
-  if (pack_size > 0)
-    {
-      MHD_gtls_write_uint32 (username_size, &packed_session->data[pos]);
-      pos += 4;
-      memcpy (&packed_session->data[pos], info->username, username_size);
-      pos += username_size;
-      MHD_gtls_write_uint16 (info->dh.secret_bits,
-                             &packed_session->data[pos]);
-      pos += 2;
-      MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime);
-      pos += 4 + info->dh.prime.size;
-      MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator);
-      pos += 4 + info->dh.generator.size;
-      MHD_gtls_write_datum32 (&packed_session->data[pos],
-                              info->dh.public_key);
-      pos += 4 + info->dh.public_key.size;
-    }
-  return 0;
-}
-static int
-unpack_psk_auth_info (MHD_gtls_session_t session,
-                      const MHD_gnutls_datum_t * packed_session)
-{
-  size_t username_size;
-  size_t pack_size;
-  int pos = 0, size, ret;
-  psk_auth_info_t info;
-  if (packed_session->data[0] != MHD_GNUTLS_CRD_PSK)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  pack_size = MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
-  pos += PACK_HEADER_SIZE + 4;
-  if (pack_size == 0)
-    return 0;                   /* nothing to be done */
-  /* a simple check for integrity */
-  if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  /* client and serer have the same auth_info here
-   */
-  ret =
-    MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_PSK,
-                            sizeof (psk_auth_info_st), 1);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  username_size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  memcpy (info->username, &packed_session->data[pos], username_size);
-  pos += username_size;
-  info->dh.secret_bits = MHD_gtls_read_uint16 (&packed_session->data[pos]);
-  pos += 2;
-  size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  ret =
-    MHD__gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      goto error;
-    }
-  pos += size;
-  size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  ret =
-    MHD__gnutls_set_datum (&info->dh.generator, &packed_session->data[pos],
-                           size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      goto error;
-    }
-  pos += size;
-  size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  ret =
-    MHD__gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos],
-                           size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      goto error;
-    }
-  pos += size;
-  return 0;
-error:
-  MHD__gnutls_free_datum (&info->dh.prime);
-  MHD__gnutls_free_datum (&info->dh.generator);
-  MHD__gnutls_free_datum (&info->dh.public_key);
-  return ret;
-}
-#endif
-/* Packs the security parameters.
- */
-/* Format:
- *      4 bytes the total security data size
- *      1 byte the entity type (client/server)
- *      1 byte the key exchange algorithm used
- *      1 byte the read cipher algorithm
- *      1 byte the read mac algorithm
- *      1 byte the read compression algorithm
- *
- *      1 byte the write cipher algorithm
- *      1 byte the write mac algorithm
- *      1 byte the write compression algorithm
- *
- *      1 byte the certificate type
- *      1 byte the protocol version
- *
- *      2 bytes the cipher suite
- *
- *      48 bytes the master secret
- *
- *      32 bytes the client random
- *      32 bytes the server random
- *
- *      1 byte the session ID size
- *      x bytes the session ID (32 bytes max)
- *
- *      4 bytes a timestamp
- *            -------------------
- *                MAX: 165 bytes
- *
- *      EXTENSIONS:
- *      2 bytes the record send size
- *      2 bytes the record recv size
- *
- *      1 byte the SRP username size
- *      x bytes the SRP username (MAX_SRP_USERNAME)
- *
- *      2 bytes the number of server name extensions (up to MAX_SERVER_NAME_EXTENSIONS)
- *      1 byte the first name type
- *      2 bytes the size of the first name
- *      x bytes the first name (MAX_SERVER_NAME_SIZE)
- *       and so on...
- *
- *           --------------------
- *                MAX: 7+MAX_SRP_USERNAME+MAX_SERVER_NAME_EXTENSIONS*(3+MAX_SERVER_NAME_SIZE)
- */
-static int
-pack_security_parameters (MHD_gtls_session_t session,
-                          MHD_gnutls_datum_t * packed_session)
-{
-  int pos = 0;
-  size_t len, init, i;
-  /* move after the auth info stuff.
-   */
-  init =
-    MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]) + 4 +
-    PACK_HEADER_SIZE;
-  pos = init + 4;               /* make some space to write later the size */
-  packed_session->data[pos++] = session->security_parameters.entity;
-  packed_session->data[pos++] = session->security_parameters.kx_algorithm;
-  packed_session->data[pos++] =
-    session->security_parameters.read_bulk_cipher_algorithm;
-  packed_session->data[pos++] =
-    session->security_parameters.read_mac_algorithm;
-  packed_session->data[pos++] =
-    session->security_parameters.read_compression_algorithm;
-  packed_session->data[pos++] =
-    session->security_parameters.write_bulk_cipher_algorithm;
-  packed_session->data[pos++] =
-    session->security_parameters.write_mac_algorithm;
-  packed_session->data[pos++] =
-    session->security_parameters.write_compression_algorithm;
-  packed_session->data[pos++] =
-    session->security_parameters.current_cipher_suite.suite[0];
-  packed_session->data[pos++] =
-    session->security_parameters.current_cipher_suite.suite[1];
-  packed_session->data[pos++] = session->security_parameters.cert_type;
-  packed_session->data[pos++] = session->security_parameters.version;
-  memcpy (&packed_session->data[pos],
-          session->security_parameters.master_secret, TLS_MASTER_SIZE);
-  pos += TLS_MASTER_SIZE;
-  memcpy (&packed_session->data[pos],
-          session->security_parameters.client_random, TLS_RANDOM_SIZE);
-  pos += TLS_RANDOM_SIZE;
-  memcpy (&packed_session->data[pos],
-          session->security_parameters.server_random, TLS_RANDOM_SIZE);
-  pos += TLS_RANDOM_SIZE;
-  packed_session->data[pos++] = session->security_parameters.session_id_size;
-  memcpy (&packed_session->data[pos], session->security_parameters.session_id,
-          session->security_parameters.session_id_size);
-  pos += session->security_parameters.session_id_size;
-  MHD_gtls_write_uint32 (session->security_parameters.timestamp,
-                         &packed_session->data[pos]);
-  pos += 4;
-  /* Extensions */
-  MHD_gtls_write_uint16 (session->security_parameters.max_record_send_size,
-                         &packed_session->data[pos]);
-  pos += 2;
-  MHD_gtls_write_uint16 (session->security_parameters.max_record_recv_size,
-                         &packed_session->data[pos]);
-  pos += 2;
-  /* SRP */
-  len =
-    strlen ((char *) session->security_parameters.extensions.srp_username);
-  packed_session->data[pos++] = len;
-  memcpy (&packed_session->data[pos],
-          session->security_parameters.extensions.srp_username, len);
-  pos += len;
-  MHD_gtls_write_uint16 (session->security_parameters.
-                         extensions.server_names_size,
-                         &packed_session->data[pos]);
-  pos += 2;
-  for (i = 0; i < session->security_parameters.extensions.server_names_size;
-       i++)
-    {
-      packed_session->data[pos++] =
-        session->security_parameters.extensions.server_names[i].type;
-      MHD_gtls_write_uint16 (session->security_parameters.
-                             extensions.server_names[i].name_length,
-                             &packed_session->data[pos]);
-      pos += 2;
-      memcpy (&packed_session->data[pos],
-              session->security_parameters.extensions.server_names[i].name,
-              session->security_parameters.extensions.
-              server_names[i].name_length);
-      pos +=
-        session->security_parameters.extensions.server_names[i].name_length;
-    }
-  /* write the total size */
-  MHD_gtls_write_uint32 (pos - init - 4, &packed_session->data[init]);
-  packed_session->size += pos - init;
-  return 0;
-}
-static int
-unpack_security_parameters (MHD_gtls_session_t session,
-                            const MHD_gnutls_datum_t * packed_session)
-{
-  size_t pack_size, init, i;
-  int pos = 0, len;
-  time_t timestamp = time (0);
-  /* skip the auth info stuff */
-  init =
-    MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]) + 4 +
-    PACK_HEADER_SIZE;
-  pos = init;
-  pack_size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  if (pack_size == 0)
-    return GNUTLS_E_INVALID_REQUEST;
-  /* a simple check for integrity */
-  if (pack_size > MAX_SEC_PARAMS)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  session->internals.resumed_security_parameters.entity =
-    packed_session->data[pos++];
-  session->internals.resumed_security_parameters.kx_algorithm =
-    packed_session->data[pos++];
-  session->internals.resumed_security_parameters.read_bulk_cipher_algorithm =
-    packed_session->data[pos++];
-  session->internals.resumed_security_parameters.read_mac_algorithm =
-    packed_session->data[pos++];
-  session->internals.resumed_security_parameters.read_compression_algorithm =
-    packed_session->data[pos++];
-  session->internals.resumed_security_parameters.write_bulk_cipher_algorithm =
-    packed_session->data[pos++];
-  session->internals.resumed_security_parameters.write_mac_algorithm =
-    packed_session->data[pos++];
-  session->internals.resumed_security_parameters.write_compression_algorithm =
-    packed_session->data[pos++];
-  session->internals.resumed_security_parameters.
-    current_cipher_suite.suite[0] = packed_session->data[pos++];
-  session->internals.resumed_security_parameters.
-    current_cipher_suite.suite[1] = packed_session->data[pos++];
-  session->internals.resumed_security_parameters.cert_type =
-    packed_session->data[pos++];
-  session->internals.resumed_security_parameters.version =
-    packed_session->data[pos++];
-  memcpy (session->internals.resumed_security_parameters.master_secret,
-          &packed_session->data[pos], TLS_MASTER_SIZE);
-  pos += TLS_MASTER_SIZE;
-  memcpy (session->internals.resumed_security_parameters.client_random,
-          &packed_session->data[pos], TLS_RANDOM_SIZE);
-  pos += TLS_RANDOM_SIZE;
-  memcpy (session->internals.resumed_security_parameters.server_random,
-          &packed_session->data[pos], TLS_RANDOM_SIZE);
-  pos += TLS_RANDOM_SIZE;
-  session->internals.resumed_security_parameters.session_id_size =
-    packed_session->data[pos++];
-  memcpy (session->internals.resumed_security_parameters.session_id,
-          &packed_session->data[pos],
-          session->internals.resumed_security_parameters.session_id_size);
-  pos += session->internals.resumed_security_parameters.session_id_size;
-  session->internals.resumed_security_parameters.timestamp =
-    MHD_gtls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  if (timestamp - session->internals.resumed_security_parameters.timestamp >
-      session->internals.expire_time
-      || session->internals.resumed_security_parameters.timestamp > timestamp)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_EXPIRED;
-    }
-  /* Extensions */
-  session->internals.resumed_security_parameters.max_record_send_size =
-    MHD_gtls_read_uint16 (&packed_session->data[pos]);
-  pos += 2;
-  session->internals.resumed_security_parameters.max_record_recv_size =
-    MHD_gtls_read_uint16 (&packed_session->data[pos]);
-  pos += 2;
-  /* SRP */
-  len = packed_session->data[pos++];    /* srp username length */
-  memcpy (session->internals.resumed_security_parameters.
-          extensions.srp_username, &packed_session->data[pos], len);
-  session->internals.resumed_security_parameters.
-    extensions.srp_username[len] = 0;
-  pos += len;
-  session->internals.resumed_security_parameters.
-    extensions.server_names_size =
-    MHD_gtls_read_uint16 (&packed_session->data[pos]);
-  pos += 2;
-  for (i = 0;
-       i <
-       session->internals.resumed_security_parameters.
-       extensions.server_names_size; i++)
-    {
-      session->internals.resumed_security_parameters.
-        extensions.server_names[i].type = packed_session->data[pos++];
-      session->internals.resumed_security_parameters.
-        extensions.server_names[i].name_length =
-        MHD_gtls_read_uint16 (&packed_session->data[pos]);
-      pos += 2;
-      memcpy (session->internals.resumed_security_parameters.
-              extensions.server_names[i].name, &packed_session->data[pos],
-              session->internals.resumed_security_parameters.
-              extensions.server_names[i].name_length);
-      pos +=
-        session->internals.resumed_security_parameters.
-        extensions.server_names[i].name_length;
-    }
-  return 0;
-}
diff --git a/src/daemon/https/tls/gnutls_session_pack.h b/src/daemon/https/tls/gnutls_session_pack.h
deleted file mode 100644
index e327f71f..00000000
--- a/src/daemon/https/tls/gnutls_session_pack.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-int MHD_gtls_session_pack (MHD_gtls_session_t session,
-                           MHD_gnutls_datum_t * packed_session);
-int MHD_gtls_session_unpack (MHD_gtls_session_t session,
-                             const MHD_gnutls_datum_t * packed_session);
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c
index 0372b0f6..9d819b68 100644
--- a/src/daemon/https/tls/gnutls_state.c
+++ b/src/daemon/https/tls/gnutls_state.c
@@ -89,18 +89,6 @@ MHD_gnutls_kx_get (MHD_gtls_session_t session)
 }
 /**
- * MHD_gnutls_mac_get - Returns the currently used mac algorithm.
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Returns: the currently used mac algorithm.
- **/
-enum MHD_GNUTLS_HashAlgorithm
-MHD_gnutls_mac_get (MHD_gtls_session_t session)
-{
-  return session->security_parameters.read_mac_algorithm;
-}
-/**
 * MHD_gnutls_compression_get - Returns the currently used compression algorithm.
 * @session: is a #MHD_gtls_session_t structure.
 *
@@ -322,13 +310,6 @@ MHD__gnutls_init (MHD_gtls_session_t * session,
  return 0;
 }
-/* returns RESUME_FALSE or RESUME_TRUE.
- */
-int
-MHD_gtls_session_is_resumable (MHD_gtls_session_t session)
-{
-  return session->internals.resumable;
-}
 /**
 * MHD__gnutls_deinit - This function clears all buffers associated with a session
@@ -607,29 +588,6 @@ MHD__gnutls_record_set_default_version (MHD_gtls_session_t session,
  session->internals.default_record_version[1] = minor;
 }
-/**
- * MHD_gtls_handshake_set_private_extensions - Used to enable the private cipher suites
- * @session: is a #MHD_gtls_session_t structure.
- * @allow: is an integer (0 or 1)
- *
- * This function will enable or disable the use of private cipher
- * suites (the ones that start with 0xFF).  By default or if @allow
- * is 0 then these cipher suites will not be advertized nor used.
- *
- * Unless this function is called with the option to allow (1), then
- * no compression algorithms, like LZO.  That is because these
- * algorithms are not yet defined in any RFC or even internet draft.
- *
- * Enabling the private ciphersuites when talking to other than
- * gnutls servers and clients may cause interoperability problems.
- **/
-void
-MHD_gtls_handshake_set_private_extensions (MHD_gtls_session_t session,
-                                           int allow)
-{
-  session->internals.enable_private = allow;
-}
 inline static int
 MHD__gnutls_cal_PRF_A (enum MHD_GNUTLS_HashAlgorithm algorithm,
                       const void *secret,
@@ -834,208 +792,6 @@ MHD_gtls_PRF (MHD_gtls_session_t session,
 }
-/**
- * MHD__gnutls_prf_raw - access the TLS PRF directly
- * @session: is a #MHD_gtls_session_t structure.
- * @label_size: length of the @label variable.
- * @label: label used in PRF computation, typically a short string.
- * @seed_size: length of the @seed variable.
- * @seed: optional extra data to seed the PRF with.
- * @outsize: size of pre-allocated output buffer to hold the output.
- * @out: pre-allocate buffer to hold the generated data.
- *
- * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
- * on some data.
- *
- * The @label variable usually contain a string denoting the purpose
- * for the generated data.  The @seed usually contain data such as the
- * client and server random, perhaps together with some additional
- * data that is added to guarantee uniqueness of the output for a
- * particular purpose.
- *
- * Because the output is not guaranteed to be unique for a particular
- * session unless @seed include the client random and server random
- * fields (the PRF would output the same data on another connection
- * resumed from the first one), it is not recommended to use this
- * function directly.  The MHD__gnutls_prf() function seed the PRF with the
- * client and server random fields directly, and is recommended if you
- * want to generate pseudo random data unique for each session.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
- **/
-int
-MHD__gnutls_prf_raw (MHD_gtls_session_t session,
-                     size_t label_size,
-                     const char *label,
-                     size_t seed_size, const char *seed, size_t outsize,
-                     char *out)
-{
-  int ret;
-  ret = MHD_gtls_PRF (session, session->security_parameters.master_secret,
-                      TLS_MASTER_SIZE, label, label_size, (opaque *) seed,
-                      seed_size, outsize, out);
-  return ret;
-}
-/**
- * MHD__gnutls_prf - derive pseudo-random data using the TLS PRF
- * @session: is a #MHD_gtls_session_t structure.
- * @label_size: length of the @label variable.
- * @label: label used in PRF computation, typically a short string.
- * @server_random_first: non-0 if server random field should be first in seed
- * @extra_size: length of the @extra variable.
- * @extra: optional extra data to seed the PRF with.
- * @outsize: size of pre-allocated output buffer to hold the output.
- * @out: pre-allocate buffer to hold the generated data.
- *
- * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
- * on some data, seeded with the client and server random fields.
- *
- * The @label variable usually contain a string denoting the purpose
- * for the generated data.  The @server_random_first indicate whether
- * the client random field or the server random field should be first
- * in the seed.  Non-0 indicate that the server random field is first,
- * 0 that the client random field is first.
- *
- * The @extra variable can be used to add more data to the seed, after
- * the random variables.  It can be used to tie make sure the
- * generated output is strongly connected to some additional data
- * (e.g., a string used in user authentication).
- *
- * The output is placed in *@OUT, which must be pre-allocated.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
- **/
-int
-MHD__gnutls_prf (MHD_gtls_session_t session,
-                 size_t label_size,
-                 const char *label,
-                 int server_random_first,
-                 size_t extra_size, const char *extra, size_t outsize,
-                 char *out)
-{
-  int ret;
-  opaque *seed;
-  size_t seedsize = 2 * TLS_RANDOM_SIZE + extra_size;
-  seed = MHD_gnutls_malloc (seedsize);
-  if (!seed)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-  memcpy (seed,
-          server_random_first ? session->security_parameters.server_random
-          : session->security_parameters.client_random, TLS_RANDOM_SIZE);
-  memcpy (seed + TLS_RANDOM_SIZE,
-          server_random_first ? session->security_parameters.client_random
-          : session->security_parameters.server_random, TLS_RANDOM_SIZE);
-  memcpy (seed + 2 * TLS_RANDOM_SIZE, extra, extra_size);
-  ret = MHD_gtls_PRF (session, session->security_parameters.master_secret,
-                      TLS_MASTER_SIZE, label, label_size, seed, seedsize,
-                      outsize, out);
-  MHD_gnutls_free (seed);
-  return ret;
-}
-/**
- * MHD_gtls_session_get_client_random - get the session's client random value
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Return a pointer to the 32-byte client random field used in the
- * session.  The pointer must not be modified or deallocated.
- *
- * If a client random value has not yet been established, the output
- * will be garbage; in particular, a %NULL return value should not be
- * expected.
- *
- * Returns: pointer to client random data.
- **/
-const void *
-MHD_gtls_session_get_client_random (MHD_gtls_session_t session)
-{
-  return (char *) session->security_parameters.client_random;
-}
-/**
- * MHD_gtls_session_get_server_random - get the session's server random value
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Return a pointer to the 32-byte server random field used in the
- * session.  The pointer must not be modified or deallocated.
- *
- * If a server random value has not yet been established, the output
- * will be garbage; in particular, a %NULL return value should not be
- * expected.
- *
- * Returns: pointer to server random data.
- **/
-const void *
-MHD_gtls_session_get_server_random (MHD_gtls_session_t session)
-{
-  return (char *) session->security_parameters.server_random;
-}
-/**
- * MHD_gtls_session_get_master_secret - get the session's master secret value
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Return a pointer to the 48-byte master secret in the session.  The
- * pointer must not be modified or deallocated.
- *
- * If a master secret value has not yet been established, the output
- * will be garbage; in particular, a %NULL return value should not be
- * expected.
- *
- * Consider using MHD__gnutls_prf() rather than extracting the master
- * secret and use it to derive further data.
- *
- * Returns: pointer to master secret data.
- **/
-const void *
-MHD_gtls_session_get_master_secret (MHD_gtls_session_t session)
-{
-  return (char *) session->security_parameters.master_secret;
-}
-/**
- * MHD_gtls_session_is_resumed - Used to check whether this session is a resumed one
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Returns: non zero if this session is resumed, or a zero if this is
- * a new session.
- **/
-int
-MHD_gtls_session_is_resumed (MHD_gtls_session_t session)
-{
-#if MHD_DEBUG_TLS
-  if (session->security_parameters.entity == GNUTLS_CLIENT)
-    {
-      if (session->security_parameters.session_id_size > 0
-          && session->security_parameters.session_id_size
-          == session->internals.resumed_security_parameters.session_id_size
-          && memcmp (session->security_parameters.session_id,
-                     session->internals.
-                     resumed_security_parameters.session_id,
-                     session->security_parameters.session_id_size) == 0)
-        return 1;
-    }
-  else
-#endif
-    {
-      if (session->internals.resumed == RESUME_TRUE)
-        return 1;
-    }
-  return 0;
-}
 /*-
 * MHD_gtls_session_is_export - Used to check whether this session is of export grade
@@ -1060,34 +816,6 @@ MHD_gtls_session_is_export (MHD_gtls_session_t session)
 }
 /**
- * MHD_gtls_session_get_ptr - Used to get the user pointer from the session structure
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Returns: the user given pointer from the session structure.  This
- * is the pointer set with MHD__gnutls_session_set_ptr().
- **/
-void *
-MHD_gtls_session_get_ptr (MHD_gtls_session_t session)
-{
-  return session->internals.user_ptr;
-}
-/**
- * MHD__gnutls_session_set_ptr - Used to set the user pointer to the session structure
- * @session: is a #MHD_gtls_session_t structure.
- * @ptr: is the user pointer
- *
- * This function will set (associate) the user given pointer to the
- * session structure.  This is pointer can be accessed with
- * MHD_gtls_session_get_ptr().
- **/
-void
-MHD__gnutls_session_set_ptr (MHD_gtls_session_t session, void *ptr)
-{
-  session->internals.user_ptr = ptr;
-}
-/**
 * MHD__gnutls_record_get_direction - This function will return the direction of the last interrupted function call
 * @session: is a #MHD_gtls_session_t structure.
 *
@@ -1110,52 +838,3 @@ MHD__gnutls_record_get_direction (MHD_gtls_session_t session)
  return session->internals.direction;
 }
-/*-
- * MHD__gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS
- * @session: is a #MHD_gtls_session_t structure.
- * @major: is the major version to use
- * @minor: is the minor version to use
- *
- * This function will set the given version number to be used at the
- * RSA PMS secret. This is only useful to clients, which want to
- * test server's capabilities.
- *
- -*/
-void
-MHD__gnutls_rsa_pms_set_version (MHD_gtls_session_t session,
-                                 unsigned char major, unsigned char minor)
-{
-  session->internals.rsa_pms_version[0] = major;
-  session->internals.rsa_pms_version[1] = minor;
-}
-/**
- * MHD__gnutls_handshake_set_post_client_hello_function - This function will a callback to be called after the client hello is received
- * @res: is a MHD_gtls_anon_server_credentials_t structure
- * @func: is the function to be called
- *
- * This function will set a callback to be called after the client
- * hello has been received (callback valid in server side only). This
- * allows the server to adjust settings based on received extensions.
- *
- * Those settings could be ciphersuites, requesting certificate, or
- * anything else except for version negotiation (this is done before
- * the hello message is parsed).
- *
- * This callback must return 0 on success or a gnutls error code to
- * terminate the handshake.
- *
- * NOTE: You should not use this function to terminate the handshake
- * based on client input unless you know what you are doing. Before
- * the handshake is finished there is no way to know if there is a
- * man-in-the-middle attack being performed.
- *
- **/
-void
-MHD__gnutls_handshake_set_post_client_hello_function (MHD_gtls_session_t
-                                                      session,
-                                                      MHD_gnutls_handshake_post_client_hello_func
-                                                      func)
-{
-  session->internals.user_hello_func = func;
-}
diff --git a/src/daemon/https/tls/gnutls_str.c b/src/daemon/https/tls/gnutls_str.c
index 4fc4174b..4f123217 100644
--- a/src/daemon/https/tls/gnutls_str.c
+++ b/src/daemon/https/tls/gnutls_str.c
@@ -73,24 +73,6 @@ MHD_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src)
 }
 void
-MHD_gtls_mem_cpy (char *dest,
-                  size_t dest_tot_size, const char *src, size_t src_size)
-{
-  if (dest_tot_size >= src_size)
-    {
-      memcpy (dest, src, src_size);
-    }
-  else
-    {
-      if (dest_tot_size > 0)
-        {
-          memcpy (dest, src, dest_tot_size);
-        }
-    }
-}
-void
 MHD_gtls_string_init (MHD_gtls_string * str,
                      MHD_gnutls_alloc_function alloc_func,
                      MHD_gnutls_realloc_function realloc_func,
@@ -117,83 +99,8 @@ MHD_gtls_string_clear (MHD_gtls_string * str)
  str->length = 0;
 }
-/* This one does not copy the string.
- */
-MHD_gnutls_datum_t
-MHD_gtls_string2datum (MHD_gtls_string * str)
-{
-  MHD_gnutls_datum_t ret;
-  ret.data = str->data;
-  ret.size = str->length;
-  return ret;
-}
 #define MIN_CHUNK 256
-int
-MHD_gtls_string_copy_str (MHD_gtls_string * dest, const char *src)
-{
-  size_t src_len = strlen (src);
-  size_t max;
-  if (dest->max_length >= src_len)
-    {
-      memcpy (dest->data, src, src_len);
-      dest->length = src_len;
-      return src_len;
-    }
-  else
-    {
-      max = (src_len > MIN_CHUNK) ? src_len : MIN_CHUNK;
-      dest->data = dest->realloc_func (dest->data, max);
-      if (dest->data == NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-      dest->max_length = MAX (MIN_CHUNK, src_len);
-      memcpy (dest->data, src, src_len);
-      dest->length = src_len;
-      return src_len;
-    }
-}
-int
-MHD_gtls_string_append_str (MHD_gtls_string * dest, const char *src)
-{
-  size_t src_len = strlen (src);
-  size_t tot_len = src_len + dest->length;
-  if (dest->max_length >= tot_len)
-    {
-      memcpy (&dest->data[dest->length], src, src_len);
-      dest->length = tot_len;
-      return tot_len;
-    }
-  else
-    {
-      size_t new_len =
-        MAX (src_len, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK);
-      dest->data = dest->realloc_func (dest->data, new_len);
-      if (dest->data == NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-      dest->max_length = new_len;
-      memcpy (&dest->data[dest->length], src, src_len);
-      dest->length = tot_len;
-      return tot_len;
-    }
-}
 int
 MHD_gtls_string_append_data (MHD_gtls_string * dest,
@@ -249,39 +156,3 @@ MHD_gtls_bin2hex (const void *_old,
  return buffer;
 }
-/* just a hex2bin function.
- */
-int
-MHD_gtls_hex2bin (const opaque * hex_data,
-                  int hex_size, opaque * bin_data, size_t * bin_size)
-{
-  int i, j;
-  opaque hex2_data[3];
-  unsigned long val;
-  /* FIXME: we don't handle whitespace.
-   */
-  hex_size /= 2;
-  if (*bin_size < (size_t) hex_size)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_SHORT_MEMORY_BUFFER;
-    }
-  for (i = j = 0; j < hex_size; i += 2, j++)
-    {
-      hex2_data[0] = hex_data[i];
-      hex2_data[1] = hex_data[i + 1];
-      hex2_data[2] = 0;
-      val = strtoul ((char *) hex2_data, NULL, 16);
-      if (val == ULONG_MAX)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_SRP_PWD_PARSING_ERROR;
-        }
-      bin_data[j] = val;
-    }
-  return 0;
-}
diff --git a/src/daemon/https/tls/gnutls_str.h b/src/daemon/https/tls/gnutls_str.h
index befa957e..51ed1bd1 100644
--- a/src/daemon/https/tls/gnutls_str.h
+++ b/src/daemon/https/tls/gnutls_str.h
@@ -28,8 +28,6 @@
 #include <gnutls_int.h>
 void MHD_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src);
-void MHD_gtls_mem_cpy (char *dest, size_t dest_tot_size, const char *src,
-                       size_t src_size);
 void MHD_gtls_str_cat (char *dest, size_t dest_tot_size, const char *src);
 typedef struct
@@ -47,18 +45,9 @@ void MHD_gtls_string_init (MHD_gtls_string *, MHD_gnutls_alloc_function,
                           MHD_gnutls_free_function);
 void MHD_gtls_string_clear (MHD_gtls_string *);
-/* Beware, do not clear the string, after calling this
- * function
- */
-MHD_gnutls_datum_t MHD_gtls_string2datum (MHD_gtls_string * str);
-int MHD_gtls_string_copy_str (MHD_gtls_string * dest, const char *src);
-int MHD_gtls_string_append_str (MHD_gtls_string *, const char *str);
 int MHD_gtls_string_append_data (MHD_gtls_string *, const void *data,
                                 size_t data_size);
 char *MHD_gtls_bin2hex (const void *old, size_t oldlen, char *buffer,
                        size_t buffer_size);
-int MHD_gtls_hex2bin (const opaque * hex_data, int hex_size,
-                      opaque * bin_data, size_t * bin_size);
 #endif
diff --git a/src/daemon/https/tls/gnutls_supplemental.c b/src/daemon/https/tls/gnutls_supplemental.c
index 0419917c..3b9641d4 100644
--- a/src/daemon/https/tls/gnutls_supplemental.c
+++ b/src/daemon/https/tls/gnutls_supplemental.c
@@ -67,18 +67,6 @@ MHD_gnutls_supplemental_entry MHD__gnutls_supplemental[] = {
  {0, 0, 0, 0}
 };
-const char *
-MHD_gtls_supplemental_get_name (MHD_gnutls_supplemental_data_format_type_t
-                                type)
-{
-  MHD_gnutls_supplemental_entry *p;
-  for (p = MHD__gnutls_supplemental; p->name != NULL; p++)
-    if (p->type == type)
-      return p->name;
-  return NULL;
-}
 static supp_recv_func
 get_supp_func_recv (MHD_gnutls_supplemental_data_format_type_t type)
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index fc9df921..96f394ff 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -547,16 +547,6 @@ enum MHD_GNUTLS_CredentialsType
   */
  MHD_GNUTLS_CRD_CERTIFICATE = 1,
-  /**
-   * Use SRP (password-based authentication).
-   */
-  MHD_GNUTLS_CRD_SRP,
-  /**
-   * Use PSK (pre-shared keys).
-   */
-  MHD_GNUTLS_CRD_PSK,
 };
 /**