10 files changed, 0 insertions, 1023 deletions
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h
index a8f8d47f..87963eb6 100644
--- a/src/daemon/https/gnutls.h
+++ b/src/daemon/https/gnutls.h
@@ -694,12 +694,6 @@ extern "C"
                                                MHD_gnutls_certificate_request_t
                                                req);
-  /* get data from the session */
-  time_t MHD_gtls_certificate_activation_time_peers (MHD_gtls_session_t
-                                                     session);
-  time_t MHD_gtls_certificate_expiration_time_peers (MHD_gtls_session_t
-                                                     session);
  int MHD_gtls_pem_base64_encode (const char *msg,
                                  const MHD_gnutls_datum_t * data,
                                  char *result, size_t * result_size);
diff --git a/src/daemon/https/tls/gnutls_cert.c b/src/daemon/https/tls/gnutls_cert.c
index f5d657d4..f0357840 100644
--- a/src/daemon/https/tls/gnutls_cert.c
+++ b/src/daemon/https/tls/gnutls_cert.c
@@ -361,153 +361,6 @@ void MHD_gtls_certificate_server_set_retrieve_function
  cred->server_get_cert_callback = func;
 }
-/*-
- * MHD__gnutls_x509_extract_certificate_activation_time - This function returns the peer's certificate activation time
- * @cert: should contain an X.509 DER encoded certificate
- *
- * This function will return the certificate's activation time in UNIX time
- * (ie seconds since 00:00:00 UTC January 1, 1970).
- *
- * Returns a (time_t) -1 in case of an error.
- *
- -*/
-static time_t
-MHD__gnutls_x509_get_raw_crt_activation_time (const MHD_gnutls_datum_t * cert)
-{
-  MHD_gnutls_x509_crt_t xcert;
-  time_t result;
-  result = MHD_gnutls_x509_crt_init (&xcert);
-  if (result < 0)
-    return (time_t) - 1;
-  result = MHD_gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
-  if (result < 0)
-    {
-      MHD_gnutls_x509_crt_deinit (xcert);
-      return (time_t) - 1;
-    }
-  result = MHD_gnutls_x509_crt_get_activation_time (xcert);
-  MHD_gnutls_x509_crt_deinit (xcert);
-  return result;
-}
-/*-
- * MHD_gnutls_x509_extract_certificate_expiration_time - This function returns the certificate's expiration time
- * @cert: should contain an X.509 DER encoded certificate
- *
- * This function will return the certificate's expiration time in UNIX
- * time (ie seconds since 00:00:00 UTC January 1, 1970).  Returns a
- *
- * (time_t) -1 in case of an error.
- *
- -*/
-static time_t
-MHD__gnutls_x509_get_raw_crt_expiration_time (const MHD_gnutls_datum_t * cert)
-{
-  MHD_gnutls_x509_crt_t xcert;
-  time_t result;
-  result = MHD_gnutls_x509_crt_init (&xcert);
-  if (result < 0)
-    return (time_t) - 1;
-  result = MHD_gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
-  if (result < 0)
-    {
-      MHD_gnutls_x509_crt_deinit (xcert);
-      return (time_t) - 1;
-    }
-  result = MHD_gnutls_x509_crt_get_expiration_time (xcert);
-  MHD_gnutls_x509_crt_deinit (xcert);
-  return result;
-}
-/**
-  * MHD_gtls_certificate_expiration_time_peers - This function returns the peer's certificate expiration time
-  * @session: is a gnutls session
-  *
-  * This function will return the peer's certificate expiration time.
-  *
-  * Returns: (time_t)-1 on error.
-  **/
-time_t
-MHD_gtls_certificate_expiration_time_peers (MHD_gtls_session_t session)
-{
-  cert_auth_info_t info;
-  CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL)
-    {
-      return (time_t) - 1;
-    }
-  if (info->raw_certificate_list == NULL || info->ncerts == 0)
-    {
-      MHD_gnutls_assert ();
-      return (time_t) - 1;
-    }
-  switch (MHD_gnutls_certificate_type_get (session))
-    {
-    case MHD_GNUTLS_CRT_X509:
-      return
-        MHD__gnutls_x509_get_raw_crt_expiration_time (&info->
-                                                      raw_certificate_list
-                                                      [0]);
-    default:
-      return (time_t) - 1;
-    }
-}
-/**
-  * MHD_gtls_certificate_activation_time_peers - This function returns the peer's certificate activation time
-  * @session: is a gnutls session
-  *
-  * This function will return the peer's certificate activation time.
-  * This is the creation time for openpgp keys.
-  *
-  * Returns: (time_t)-1 on error.
-  **/
-time_t
-MHD_gtls_certificate_activation_time_peers (MHD_gtls_session_t session)
-{
-  cert_auth_info_t info;
-  CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL)
-    {
-      return (time_t) - 1;
-    }
-  if (info->raw_certificate_list == NULL || info->ncerts == 0)
-    {
-      MHD_gnutls_assert ();
-      return (time_t) - 1;
-    }
-  switch (MHD_gnutls_certificate_type_get (session))
-    {
-    case MHD_GNUTLS_CRT_X509:
-      return
-        MHD__gnutls_x509_get_raw_crt_activation_time (&info->
-                                                      raw_certificate_list
-                                                      [0]);
-    default:
-      return (time_t) - 1;
-    }
-}
 int
 MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert,
                            enum MHD_GNUTLS_CertificateType type,
diff --git a/src/daemon/https/x509/common.c b/src/daemon/https/x509/common.c
index 2dabe3e9..9134597e 100644
--- a/src/daemon/https/x509/common.c
+++ b/src/daemon/https/x509/common.c
@@ -35,692 +35,6 @@
 #include <mpi.h>
 #include <time.h>
-typedef struct _oid2string
-{
-  const char *oid;
-  const char *ldap_desc;
-  int choice;                   /* of type DirectoryString */
-  int printable;
-} oid2string;
-/* This list contains all the OIDs that may be
- * contained in a rdnSequence and are printable.
- */
-static const oid2string _oid2str[] = {
-  /* PKIX
-   */
-  {"1.3.6.1.5.5.7.9.1",
-   "dateOfBirth",
-   0,
-   1},
-  {"1.3.6.1.5.5.7.9.2",
-   "placeOfBirth",
-   0,
-   1},
-  {"1.3.6.1.5.5.7.9.3",
-   "gender",
-   0,
-   1},
-  {"1.3.6.1.5.5.7.9.4",
-   "countryOfCitizenship",
-   0,
-   1},
-  {"1.3.6.1.5.5.7.9.5",
-   "countryOfResidence",
-   0,
-   1},
-  {"2.5.4.6",
-   "C",
-   0,
-   1},
-  {"2.5.4.9",
-   "STREET",
-   1,
-   1},
-  {"2.5.4.12",
-   "T",
-   1,
-   1},
-  {"2.5.4.10",
-   "O",
-   1,
-   1},
-  {"2.5.4.11",
-   "OU",
-   1,
-   1},
-  {"2.5.4.3",
-   "CN",
-   1,
-   1},
-  {"2.5.4.7",
-   "L",
-   1,
-   1},
-  {"2.5.4.8",
-   "ST",
-   1,
-   1},
-  {"2.5.4.5",
-   "serialNumber",
-   0,
-   1},
-  {"2.5.4.20",
-   "telephoneNumber",
-   0,
-   1},
-  {"2.5.4.4",
-   "surName",
-   1,
-   1},
-  {"2.5.4.43",
-   "initials",
-   1,
-   1},
-  {"2.5.4.44",
-   "generationQualifier",
-   1,
-   1},
-  {"2.5.4.42",
-   "givenName",
-   1,
-   1},
-  {"2.5.4.65",
-   "pseudonym",
-   1,
-   1},
-  {"2.5.4.46",
-   "dnQualifier",
-   0,
-   1},
-  {"0.9.2342.19200300.100.1.25",
-   "DC",
-   0,
-   1},
-  {"0.9.2342.19200300.100.1.1",
-   "UID",
-   1,
-   1},
-  /* PKCS #9
-   */
-  {"1.2.840.113549.1.9.1",
-   "EMAIL",
-   0,
-   1},
-  {"1.2.840.113549.1.9.7",
-   NULL,
-   1,
-   1},
-  /* friendly name */
-  {"1.2.840.113549.1.9.20",
-   NULL,
-   0,
-   1},
-  {NULL,
-   NULL,
-   0,
-   0}
-};
-/* Returns 1 if the data defined by the OID are printable.
- */
-int
-MHD__gnutls_x509_oid_data_printable (const char *oid)
-{
-  int i = 0;
-  do
-    {
-      if (strcmp (_oid2str[i].oid, oid) == 0)
-        return _oid2str[i].printable;
-      i++;
-    }
-  while (_oid2str[i].oid != NULL);
-  return 0;
-}
-/**
- * MHD_gnutls_x509_dn_oid_known - This function will return true if the given OID is known
- * @oid: holds an Object Identifier in a null terminated string
- *
- * This function will inform about known DN OIDs. This is useful since functions
- * like MHD_gnutls_x509_crt_set_dn_by_oid() use the information on known
- * OIDs to properly encode their input. Object Identifiers that are not
- * known are not encoded by these functions, and their input is stored directly
- * into the ASN.1 structure. In that case of unknown OIDs, you have
- * the responsibility of DER encoding your data.
- *
- * Returns 1 on known OIDs and 0 otherwise.
- *
- **/
-int
-MHD_gnutls_x509_dn_oid_known (const char *oid)
-{
-  int i = 0;
-  do
-    {
-      if (strcmp (_oid2str[i].oid, oid) == 0)
-        return 1;
-      i++;
-    }
-  while (_oid2str[i].oid != NULL);
-  return 0;
-}
-/* Returns 1 if the data defined by the OID are of a choice
- * type.
- */
-static int
-MHD__gnutls_x509_oid_data_choice (const char *oid)
-{
-  int i = 0;
-  do
-    {
-      if (strcmp (_oid2str[i].oid, oid) == 0)
-        return _oid2str[i].choice;
-      i++;
-    }
-  while (_oid2str[i].oid != NULL);
-  return 0;
-}
-const char *
-MHD__gnutls_x509_oid2ldap_string (const char *oid)
-{
-  int i = 0;
-  do
-    {
-      if (strcmp (_oid2str[i].oid, oid) == 0)
-        return _oid2str[i].ldap_desc;
-      i++;
-    }
-  while (_oid2str[i].oid != NULL);
-  return NULL;
-}
-/* This function will convert an attribute value, specified by the OID,
- * to a string. The result will be a null terminated string.
- *
- * res may be null. This will just return the res_size, needed to
- * hold the string.
- */
-int
-MHD__gnutls_x509_oid_data2string (const char *oid,
-                                  void *value,
-                                  int value_size, char *res,
-                                  size_t * res_size)
-{
-  char str[MAX_STRING_LEN], tmpname[128];
-  const char *ANAME = NULL;
-  int CHOICE = -1, len = -1, result;
-  ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY;
-  char MHD__asn1_err[MAX_ERROR_DESCRIPTION_SIZE] = "";
-  if (value == NULL || value_size <= 0 || res_size == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  if (MHD__gnutls_x509_oid_data_printable (oid) == 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  ANAME = MHD__asn1_find_structure_from_oid (MHD__gnutls_get_pkix (), oid);
-  CHOICE = MHD__gnutls_x509_oid_data_choice (oid);
-  if (ANAME == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  MHD_gtls_str_cpy (str, sizeof (str), "PKIX1.");
-  MHD_gtls_str_cat (str, sizeof (str), ANAME);
-  if ((result = MHD__asn1_create_element (MHD__gnutls_get_pkix (), str,
-                                          &tmpasn)) != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-  if ((result =
-       MHD__asn1_der_decoding (&tmpasn, value, value_size,
-                               MHD__asn1_err)) != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      MHD__gnutls_x509_log ("MHD__asn1_der_decoding: %s:%s\n", str,
-                            MHD__asn1_err);
-      MHD__asn1_delete_structure (&tmpasn);
-      return MHD_gtls_asn2err (result);
-    }
-  /* If this is a choice then we read the choice. Otherwise it
-   * is the value;
-   */
-  len = sizeof (str) - 1;
-  if ((result = MHD__asn1_read_value (tmpasn, "", str, &len)) != ASN1_SUCCESS)
-    {                           /* CHOICE */
-      MHD_gnutls_assert ();
-      MHD__asn1_delete_structure (&tmpasn);
-      return MHD_gtls_asn2err (result);
-    }
-  if (CHOICE == 0)
-    {
-      str[len] = 0;
-      if (res)
-        MHD_gtls_str_cpy (res, *res_size, str);
-      *res_size = len;
-      MHD__asn1_delete_structure (&tmpasn);
-    }
-  else
-    {                           /* CHOICE */
-      int non_printable = 0, teletex = 0;
-      str[len] = 0;
-      /* Note that we do not support strings other than
-       * UTF-8 (thus ASCII as well).
-       */
-      if (strcmp (str, "printableString") != 0
-          && strcmp (str, "ia5String") != 0
-          && strcmp (str, "utf8String") != 0)
-        {
-          non_printable = 1;
-        }
-      if (strcmp (str, "teletexString") == 0)
-        teletex = 1;
-      MHD_gtls_str_cpy (tmpname, sizeof (tmpname), str);
-      len = sizeof (str) - 1;
-      if ((result = MHD__asn1_read_value (tmpasn, tmpname, str, &len))
-          != ASN1_SUCCESS)
-        {
-          MHD__asn1_delete_structure (&tmpasn);
-          return MHD_gtls_asn2err (result);
-        }
-      MHD__asn1_delete_structure (&tmpasn);
-      if (teletex != 0)
-        {
-          int ascii = 0, i;
-          /* HACK: if the teletex string contains only ascii
-           * characters then treat it as printable.
-           */
-          for (i = 0; i < len; i++)
-            if (!isascii (str[i]))
-              ascii = 1;
-          if (ascii == 0)
-            non_printable = 0;
-        }
-      if (res)
-        {
-          if (non_printable == 0)
-            {
-              str[len] = 0;
-              MHD_gtls_str_cpy (res, *res_size, str);
-              *res_size = len;
-            }
-          else
-            {
-              result =
-                MHD__gnutls_x509_data2hex ((const unsigned char *) str, len,
-                                           (unsigned char *) res, res_size);
-              if (result < 0)
-                {
-                  MHD_gnutls_assert ();
-                  return result;
-                }
-            }
-        }
-    }
-  return 0;
-}
-/* Converts a data string to an LDAP rfc2253 hex string
- * something like '#01020304'
- */
-int
-MHD__gnutls_x509_data2hex (const opaque * data,
-                           size_t data_size, opaque * out,
-                           size_t * sizeof_out)
-{
-  char *res;
-  char escaped[MAX_STRING_LEN];
-  unsigned int size;
-  if (2 * data_size + 1 > MAX_STRING_LEN)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  res = MHD_gtls_bin2hex (data, data_size, escaped, sizeof (escaped));
-  if (!res)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  
-  size = strlen (res) + 1;
-  if (size + 1 > *sizeof_out)
-    {
-      *sizeof_out = size;
-      return GNUTLS_E_SHORT_MEMORY_BUFFER;
-    }
-  *sizeof_out = size;   /* -1 for the null +1 for the '#' */
-  
-  if (out)
-    {
-      strcpy ((char*) out, "#");
-      strcat ((char*) out, res);
-    }
-  return 0;
-}
-/* TIME functions
- * Convertions between generalized or UTC time to time_t
- *
- */
-/* This is an emulations of the struct tm.
- * Since we do not use libc's functions, we don't need to
- * depend on the libc structure.
- */
-typedef struct fake_tm
-{
-  int tm_mon;
-  int tm_year;                  /* FULL year - ie 1971 */
-  int tm_mday;
-  int tm_hour;
-  int tm_min;
-  int tm_sec;
-} fake_tm;
-/* The mktime_utc function is due to Russ Allbery (rra@stanford.edu),
- * who placed it under public domain:
- */
-/* The number of days in each month.
- */
-static const int MONTHDAYS[] = { 31,
-  28,
-  31,
-  30,
-  31,
-  30,
-  31,
-  31,
-  30,
-  31,
-  30,
-  31
-};
-/* Whether a given year is a leap year. */
-#define ISLEAP(year) \
-        (((year) % 4) == 0 && (((year) % 100) != 0 || ((year) % 400) == 0))
-/*
- **  Given a struct tm representing a calendar time in UTC, convert it to
- **  seconds since epoch.  Returns (time_t) -1 if the time is not
- **  convertable.  Note that this function does not canonicalize the provided
- **  struct tm, nor does it allow out of range values or years before 1970.
- */
-static time_t
-mktime_utc (const struct fake_tm *tm)
-{
-  time_t result = 0;
-  int i;
-  /* We do allow some ill-formed dates, but we don't do anything special
-   * with them and our callers really shouldn't pass them to us.  Do
-   * explicitly disallow the ones that would cause invalid array accesses
-   * or other algorithm problems.
-   */
-  if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970)
-    return (time_t) - 1;
-  /* Convert to a time_t.
-   */
-  for (i = 1970; i < tm->tm_year; i++)
-    result += 365 + ISLEAP (i);
-  for (i = 0; i < tm->tm_mon; i++)
-    result += MONTHDAYS[i];
-  if (tm->tm_mon > 1 && ISLEAP (tm->tm_year))
-    result++;
-  result = 24 * (result + tm->tm_mday - 1) + tm->tm_hour;
-  result = 60 * result + tm->tm_min;
-  result = 60 * result + tm->tm_sec;
-  return result;
-}
-/* this one will parse dates of the form:
- * month|day|hour|minute|sec* (2 chars each)
- * and year is given. Returns a time_t date.
- */
-static time_t
-MHD__gnutls_x509_time2gtime (const char *ttime, int year)
-{
-  char xx[3];
-  struct fake_tm etime;
-  time_t ret;
-  if (strlen (ttime) < 8)
-    {
-      MHD_gnutls_assert ();
-      return (time_t) - 1;
-    }
-  etime.tm_year = year;
-  /* In order to work with 32 bit
-   * time_t.
-   */
-  if (sizeof (time_t) <= 4 && etime.tm_year >= 2038)
-    return (time_t) 2145914603; /* 2037-12-31 23:23:23 */
-  xx[2] = 0;
-  /* get the month
-   */
-  memcpy (xx, ttime, 2);        /* month */
-  etime.tm_mon = atoi (xx) - 1;
-  ttime += 2;
-  /* get the day
-   */
-  memcpy (xx, ttime, 2);        /* day */
-  etime.tm_mday = atoi (xx);
-  ttime += 2;
-  /* get the hour
-   */
-  memcpy (xx, ttime, 2);        /* hour */
-  etime.tm_hour = atoi (xx);
-  ttime += 2;
-  /* get the minutes
-   */
-  memcpy (xx, ttime, 2);        /* minutes */
-  etime.tm_min = atoi (xx);
-  ttime += 2;
-  if (strlen (ttime) >= 2)
-    {
-      memcpy (xx, ttime, 2);
-      etime.tm_sec = atoi (xx);
-      ttime += 2;
-    }
-  else
-    etime.tm_sec = 0;
-  ret = mktime_utc (&etime);
-  return ret;
-}
-/* returns a time_t value that contains the given time.
- * The given time is expressed as:
- * YEAR(2)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)*
- *
- * (seconds are optional)
- */
-static time_t
-MHD__gnutls_x509_utcTime2gtime (const char *ttime)
-{
-  char xx[3];
-  int year;
-  if (strlen (ttime) < 10)
-    {
-      MHD_gnutls_assert ();
-      return (time_t) - 1;
-    }
-  xx[2] = 0;
-  /* get the year
-   */
-  memcpy (xx, ttime, 2);        /* year */
-  year = atoi (xx);
-  ttime += 2;
-  if (year > 49)
-    year += 1900;
-  else
-    year += 2000;
-  return MHD__gnutls_x509_time2gtime (ttime, year);
-}
-/* returns a time_t value that contains the given time.
- * The given time is expressed as:
- * YEAR(4)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)*
- */
-static time_t
-MHD__gnutls_x509_generalTime2gtime (const char *ttime)
-{
-  char xx[5];
-  int year;
-  if (strlen (ttime) < 12)
-    {
-      MHD_gnutls_assert ();
-      return (time_t) - 1;
-    }
-  if (strchr (ttime, 'Z') == 0)
-    {
-      MHD_gnutls_assert ();
-      /* sorry we don't support it yet
-       */
-      return (time_t) - 1;
-    }
-  xx[4] = 0;
-  /* get the year
-   */
-  memcpy (xx, ttime, 4);        /* year */
-  year = atoi (xx);
-  ttime += 4;
-  return MHD__gnutls_x509_time2gtime (ttime, year);
-}
-/* Extracts the time in time_t from the ASN1_TYPE given. When should
- * be something like "tbsCertList.thisUpdate".
- */
-#define MAX_TIME 64
-time_t
-MHD__gnutls_x509_get_time (ASN1_TYPE c2, const char *when)
-{
-  char ttime[MAX_TIME];
-  char name[128];
-  time_t c_time = (time_t) - 1;
-  int len, result;
-  MHD_gtls_str_cpy (name, sizeof (name), when);
-  len = sizeof (ttime) - 1;
-  if ((result = MHD__asn1_read_value (c2, name, ttime, &len)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return (time_t) (-1);
-    }
-  /* CHOICE */
-  if (strcmp (ttime, "generalTime") == 0)
-    {
-      MHD_gtls_str_cat (name, sizeof (name), ".generalTime");
-      len = sizeof (ttime) - 1;
-      result = MHD__asn1_read_value (c2, name, ttime, &len);
-      if (result == ASN1_SUCCESS)
-        c_time = MHD__gnutls_x509_generalTime2gtime (ttime);
-    }
-  else
-    {                           /* UTCTIME */
-      MHD_gtls_str_cat (name, sizeof (name), ".utcTime");
-      len = sizeof (ttime) - 1;
-      result = MHD__asn1_read_value (c2, name, ttime, &len);
-      if (result == ASN1_SUCCESS)
-        c_time = MHD__gnutls_x509_utcTime2gtime (ttime);
-    }
-  /* We cannot handle dates after 2031 in 32 bit machines.
-   * a time_t of 64bits has to be used.
-   */
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return (time_t) (-1);
-    }
-  return c_time;
-}
-MHD_gnutls_x509_subject_alt_name_t
-MHD__gnutls_x509_san_find_type (char *str_type)
-{
-  if (strcmp (str_type, "dNSName") == 0)
-    return GNUTLS_SAN_DNSNAME;
-  if (strcmp (str_type, "rfc822Name") == 0)
-    return GNUTLS_SAN_RFC822NAME;
-  if (strcmp (str_type, "uniformResourceIdentifier") == 0)
-    return GNUTLS_SAN_URI;
-  if (strcmp (str_type, "iPAddress") == 0)
-    return GNUTLS_SAN_IPADDRESS;
-  if (strcmp (str_type, "otherName") == 0)
-    return GNUTLS_SAN_OTHERNAME;
-  if (strcmp (str_type, "directoryName") == 0)
-    return GNUTLS_SAN_DN;
-  return (MHD_gnutls_x509_subject_alt_name_t) - 1;
-}
 /* A generic export function. Will export the given ASN.1 encoded data
 * to PEM or DER raw data.
 */
diff --git a/src/daemon/https/x509/common.h b/src/daemon/https/x509/common.h
index 5fa84808..7b8421c7 100644
--- a/src/daemon/https/x509/common.h
+++ b/src/daemon/https/x509/common.h
@@ -58,21 +58,6 @@
 #define SIG_GOST_R3410_94_OID "1.2.643.2.2.4"
 #define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3"
-int MHD__gnutls_x509_oid_data2string (const char *OID, void *value,
-                                      int value_size, char *res,
-                                      size_t * res_size);
-int MHD__gnutls_x509_data2hex (const opaque * data, size_t data_size,
-                               opaque * out, size_t * sizeof_out);
-const char *MHD__gnutls_x509_oid2ldap_string (const char *OID);
-int MHD__gnutls_x509_oid_data_printable (const char *OID);
-time_t MHD__gnutls_x509_get_time (ASN1_TYPE c2, const char *when);
-MHD_gnutls_x509_subject_alt_name_t MHD__gnutls_x509_san_find_type (char
-                                                                   *str_type);
 int MHD__gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name,
                                 MHD_gnutls_datum_t * res, int str);
diff --git a/src/daemon/https/x509/extensions.c b/src/daemon/https/x509/extensions.c
index 1835f2ae..3c2b67ec 100644
--- a/src/daemon/https/x509/extensions.c
+++ b/src/daemon/https/x509/extensions.c
@@ -217,59 +217,3 @@ MHD__gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
  return 0;
 }
-/* extract the basicConstraints from the DER encoded extension
- */
-int
-MHD__gnutls_x509_ext_extract_basicConstraints (int *CA,
-                                               int *pathLenConstraint,
-                                               opaque * extnValue,
-                                               int extnValueLen)
-{
-  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
-  char str[128];
-  int len, result;
-  if ((result = MHD__asn1_create_element
-       (MHD__gnutls_get_pkix (), "PKIX1.BasicConstraints",
-        &ext)) != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-  result = MHD__asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      MHD__asn1_delete_structure (&ext);
-      return MHD_gtls_asn2err (result);
-    }
-  if (pathLenConstraint)
-    {
-      result = MHD__gnutls_x509_read_uint (ext, "pathLenConstraint",
-                                           (unsigned int *)
-                                           pathLenConstraint);
-      if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
-        *pathLenConstraint = -1;
-      else if (result != GNUTLS_E_SUCCESS)
-        {
-          MHD_gnutls_assert ();
-          MHD__asn1_delete_structure (&ext);
-          return MHD_gtls_asn2err (result);
-        }
-    }
-  /* the default value of cA is false.
-   */
-  len = sizeof (str) - 1;
-  result = MHD__asn1_read_value (ext, "cA", str, &len);
-  if (result == ASN1_SUCCESS && strcmp (str, "TRUE") == 0)
-    *CA = 1;
-  else
-    *CA = 0;
-  MHD__asn1_delete_structure (&ext);
-  return 0;
-}
diff --git a/src/daemon/https/x509/extensions.h b/src/daemon/https/x509/extensions.h
index fe4372f8..5a945cb1 100644
--- a/src/daemon/https/x509/extensions.h
+++ b/src/daemon/https/x509/extensions.h
@@ -33,7 +33,3 @@ int MHD__gnutls_x509_crt_get_extension_oid (MHD_gnutls_x509_crt_t cert,
 int MHD__gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
                                           opaque * extnValue,
                                           int extnValueLen);
-int MHD__gnutls_x509_ext_extract_basicConstraints (int *CA,
-                                                   int *pathLenConstraint,
-                                                   opaque * extnValue,
-                                                   int extnValueLen);
diff --git a/src/daemon/https/x509/mpi.c b/src/daemon/https/x509/mpi.c
index e8563967..43f1a633 100644
--- a/src/daemon/https/x509/mpi.c
+++ b/src/daemon/https/x509/mpi.c
@@ -211,57 +211,3 @@ cleanup:MHD__asn1_delete_structure (&spk);
  return result;
 }
-/* this function reads a (small) unsigned integer
- * from asn1 structs. Combines the read and the convertion
- * steps.
- */
-int
-MHD__gnutls_x509_read_uint (ASN1_TYPE node, const char *value,
-                            unsigned int *ret)
-{
-  int len, result;
-  opaque *tmpstr;
-  len = 0;
-  result = MHD__asn1_read_value (node, value, NULL, &len);
-  if (result != ASN1_MEM_ERROR)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-  tmpstr = MHD_gnutls_alloca (len);
-  if (tmpstr == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-  result = MHD__asn1_read_value (node, value, tmpstr, &len);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_afree (tmpstr);
-      return MHD_gtls_asn2err (result);
-    }
-  if (len == 1)
-    *ret = tmpstr[0];
-  else if (len == 2)
-    *ret = MHD_gtls_read_uint16 (tmpstr);
-  else if (len == 3)
-    *ret = MHD_gtls_read_uint24 (tmpstr);
-  else if (len == 4)
-    *ret = MHD_gtls_read_uint32 (tmpstr);
-  else
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_afree (tmpstr);
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  MHD_gnutls_afree (tmpstr);
-  return 0;
-}
diff --git a/src/daemon/https/x509/mpi.h b/src/daemon/https/x509/mpi.h
index 8db519fd..651ebb46 100644
--- a/src/daemon/https/x509/mpi.h
+++ b/src/daemon/https/x509/mpi.h
@@ -31,9 +31,6 @@ int MHD__gnutls_x509_read_rsa_params (opaque * der, int dersize,
                                      mpi_t * params);
 int MHD__gnutls_x509_write_rsa_params (mpi_t * params, int params_size,
                                       MHD_gnutls_datum_t * der);
-int MHD__gnutls_x509_read_uint (ASN1_TYPE node, const char *value,
-                                unsigned int *ret);
 int MHD__gnutls_x509_read_int (ASN1_TYPE node, const char *value,
                               mpi_t * ret_mpi);
 int MHD__gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi,
diff --git a/src/daemon/https/x509/x509.c b/src/daemon/https/x509/x509.c
index 9ce1e76d..2fa84551 100644
--- a/src/daemon/https/x509/x509.c
+++ b/src/daemon/https/x509/x509.c
@@ -213,50 +213,6 @@ MHD_gnutls_x509_crt_get_version (MHD_gnutls_x509_crt_t cert)
 }
 /**
- * MHD_gnutls_x509_crt_get_activation_time - This function returns the Certificate's activation time
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- *
- * This function will return the time this Certificate was or will be activated.
- *
- * Returns (time_t)-1 on error.
- *
- **/
-time_t
-MHD_gnutls_x509_crt_get_activation_time (MHD_gnutls_x509_crt_t cert)
-{
-  if (cert == NULL)
-    {
-      MHD_gnutls_assert ();
-      return (time_t) - 1;
-    }
-  return MHD__gnutls_x509_get_time (cert->cert,
-                                    "tbsCertificate.validity.notBefore");
-}
-/**
- * MHD_gnutls_x509_crt_get_expiration_time - This function returns the Certificate's expiration time
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- *
- * This function will return the time this Certificate was or will be expired.
- *
- * Returns (time_t)-1 on error.
- *
- **/
-time_t
-MHD_gnutls_x509_crt_get_expiration_time (MHD_gnutls_x509_crt_t cert)
-{
-  if (cert == NULL)
-    {
-      MHD_gnutls_assert ();
-      return (time_t) - 1;
-    }
-  return MHD__gnutls_x509_get_time (cert->cert,
-                                    "tbsCertificate.validity.notAfter");
-}
-/**
 * MHD_gnutls_x509_crt_get_pk_algorithm - This function returns the certificate's PublicKey algorithm
 * @cert: should contain a MHD_gnutls_x509_crt_t structure
 * @bits: if bits is non null it will hold the size of the parameters' in bits
diff --git a/src/daemon/https/x509/x509.h b/src/daemon/https/x509/x509.h
index be14b784..11628186 100644
--- a/src/daemon/https/x509/x509.h
+++ b/src/daemon/https/x509/x509.h
@@ -109,8 +109,6 @@ extern "C"
 #define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1
 #define GNUTLS_CRL_REASON_AA_COMPROMISE 32768
-  time_t MHD_gnutls_x509_crt_get_activation_time (MHD_gnutls_x509_crt_t cert);
-  time_t MHD_gnutls_x509_crt_get_expiration_time (MHD_gnutls_x509_crt_t cert);
  int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert,
                                            unsigned int *bits);
  int MHD_gnutls_x509_crt_get_ca_status (MHD_gnutls_x509_crt_t cert,
@@ -124,8 +122,6 @@ extern "C"
  int MHD_gnutls_x509_crt_set_key_usage (MHD_gnutls_x509_crt_t crt,
                                         unsigned int usage);
-  int MHD_gnutls_x509_dn_oid_known (const char *oid);
 /* Read extensions by sequence number. */
  int MHD_gnutls_x509_crt_set_extension_by_oid (MHD_gnutls_x509_crt_t crt,
                                                const char *oid,
@@ -168,10 +164,6 @@ extern "C"
                                 MHD_gnutls_x509_privkey_t issuer_key,
                                 enum MHD_GNUTLS_HashAlgorithm,
                                 unsigned int flags);
-  int MHD_gnutls_x509_crt_set_activation_time (MHD_gnutls_x509_crt_t cert,
-                                               time_t act_time);
-  int MHD_gnutls_x509_crt_set_expiration_time (MHD_gnutls_x509_crt_t cert,
-                                               time_t exp_time);
  int MHD_gnutls_x509_crt_set_serial (MHD_gnutls_x509_crt_t cert,
                                      const void *serial, size_t serial_size);