16 files changed, 232 insertions, 656 deletions

diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am
index 40d49e08..3155e0bd 100644
--- a/src/daemon/https/tls/Makefile.am
+++ b/src/daemon/https/tls/Makefile.am
@@ -43,7 +43,6 @@ gnutls_compress.c \
 gnutls_compress_int.c \
 gnutls_constate.c \
 gnutls_datum.c \
-gnutls_db.c \
 gnutls_dh.c \
 gnutls_dh_primes.c \
 gnutls_errors.c \
diff --git a/src/daemon/https/tls/auth_cert.h b/src/daemon/https/tls/auth_cert.h
index 86e0230f..e49a6089 100644
--- a/src/daemon/https/tls/auth_cert.h
+++ b/src/daemon/https/tls/auth_cert.h
@@ -34,6 +34,7 @@
 /* This structure may be complex, but it's the only way to
  * support a server that has multiple certificates
  */
+
 typedef struct gnutls_certificate_credentials_st
 {
   gnutls_dh_params_t dh_params;
@@ -45,7 +46,7 @@ typedef struct gnutls_certificate_credentials_st
 
   gnutls_cert **cert_list;
   /* contains a list of a list of certificates.
-   * eg (X509): [0] certificate1, certificate11, certificate111 
+   * eg (X509): [0] certificate1, certificate11, certificate111
    * (if more than one, one certificate certifies the one before)
    *       [1] certificate2, certificate22, ...
    */
@@ -75,14 +76,14 @@ typedef struct gnutls_certificate_credentials_st
   /* X509 specific stuff */
 
   gnutls_x509_crt_t *x509_ca_list;
-  unsigned x509_ncas;           /* number of CAs in the ca_list 
+  unsigned x509_ncas;           /* number of CAs in the ca_list
                                  */
 
   gnutls_x509_crl_t *x509_crl_list;
-  unsigned x509_ncrls;          /* number of CRLs in the crl_list 
+  unsigned x509_ncrls;          /* number of CRLs in the crl_list
                                  */
 
-  unsigned int verify_flags;    /* flags to be used at 
+  unsigned int verify_flags;    /* flags to be used at
                                  * certificate verification.
                                  */
   unsigned int verify_depth;
diff --git a/src/daemon/https/tls/ext_cert_type.c b/src/daemon/https/tls/ext_cert_type.c
index 6f1c17bc..a1bec6a1 100644
--- a/src/daemon/https/tls/ext_cert_type.c
+++ b/src/daemon/https/tls/ext_cert_type.c
@@ -150,10 +150,10 @@ _gnutls_cert_type_send_params (gnutls_session_t session, opaque * data,
   if (session->security_parameters.entity == GNUTLS_CLIENT)
     {
 
-      if (session->internals.priorities.cert_type.algorithms > 0)
+      if (session->internals.priorities.cert_type.num_algorithms > 0)
         {
 
-          len = session->internals.priorities.cert_type.algorithms;
+          len = session->internals.priorities.cert_type.num_algorithms;
 
           if (len == 1 &&
               session->internals.priorities.cert_type.priority[0] ==
diff --git a/src/daemon/https/tls/gnutls_alert.c b/src/daemon/https/tls/gnutls_alert.c
index dfa35f85..29422dab 100644
--- a/src/daemon/https/tls/gnutls_alert.c
+++ b/src/daemon/https/tls/gnutls_alert.c
@@ -148,7 +148,7 @@ gnutls_alert_send (gnutls_session_t session, gnutls_alert_level_t level,
   * alert should be sent to the peer indicating that no renegotiation will
   * be performed.
   *
-  * If there is no mapping to a valid alert the alert to indicate internal error 
+  * If there is no mapping to a valid alert the alert to indicate internal error
   * is returned.
   *
   **/
@@ -163,7 +163,7 @@ gnutls_error_to_alert (int err, int *level)
       /* GNUTLS_A_DECRYPTION_FAILED is not sent, because
        * it is not defined in SSL3. Note that we must
        * not distinguish Decryption failures from mac
-       * check failures, due to the possibility of some 
+       * check failures, due to the possibility of some
        * attacks.
        */
       ret = GNUTLS_A_BAD_RECORD_MAC;
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c
index 56435345..1809afda 100644
--- a/src/daemon/https/tls/gnutls_algorithms.c
+++ b/src/daemon/https/tls/gnutls_algorithms.c
@@ -767,7 +767,7 @@ _gnutls_mac_priority (gnutls_session_t session,
                       gnutls_mac_algorithm_t algorithm)
 {                               /* actually returns the priority */
   unsigned int i;
-  for (i = 0; i < session->internals.priorities.mac.algorithms; i++)
+  for (i = 0; i < session->internals.priorities.mac.num_algorithms; i++)
     {
       if (session->internals.priorities.mac.priority[i] == algorithm)
         return i;
@@ -893,7 +893,7 @@ _gnutls_compression_priority (gnutls_session_t session,
                               gnutls_compression_method_t algorithm)
 {                               /* actually returns the priority */
   unsigned int i;
-  for (i = 0; i < session->internals.priorities.compression.algorithms; i++)
+  for (i = 0; i < session->internals.priorities.compression.num_algorithms; i++)
     {
       if (session->internals.priorities.compression.priority[i] == algorithm)
         return i;
@@ -1040,7 +1040,7 @@ _gnutls_cipher_priority (gnutls_session_t session,
                          gnutls_cipher_algorithm_t algorithm)
 {
   unsigned int i;
-  for (i = 0; i < session->internals.priorities.cipher.algorithms; i++)
+  for (i = 0; i < session->internals.priorities.cipher.num_algorithms; i++)
     {
       if (session->internals.priorities.cipher.priority[i] == algorithm)
         return i;
@@ -1176,7 +1176,7 @@ _gnutls_kx_priority (gnutls_session_t session,
                      gnutls_kx_algorithm_t algorithm)
 {
   unsigned int i;
-  for (i = 0; i < session->internals.priorities.kx.algorithms; i++)
+  for (i = 0; i < session->internals.priorities.kx.num_algorithms; i++)
     {
       if (session->internals.priorities.kx.priority[i] == algorithm)
         return i;
@@ -1276,7 +1276,7 @@ _gnutls_version_priority (gnutls_session_t session, gnutls_protocol_t version)
       return -1;
     }
 
-  for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
+  for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++)
     {
       if (session->internals.priorities.protocol.priority[i] == version)
         return i;
@@ -1294,7 +1294,7 @@ _gnutls_version_lowest (gnutls_session_t session)
       return MHD_GNUTLS_VERSION_UNKNOWN;
     }
   else
-    for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
+    for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++)
       {
         if (session->internals.priorities.protocol.priority[i] < min)
           min = session->internals.priorities.protocol.priority[i];
@@ -1316,7 +1316,7 @@ _gnutls_version_max (gnutls_session_t session)
       return MHD_GNUTLS_VERSION_UNKNOWN;
     }
   else
-    for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
+    for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++)
       {
         if (session->internals.priorities.protocol.priority[i] > max)
           max = session->internals.priorities.protocol.priority[i];
@@ -1886,7 +1886,7 @@ _gnutls_supported_ciphersuites (gnutls_session_t session,
 
 /* returns the TLS numbers of the compression methods we support
  */
-#define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.algorithms
+#define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.num_algorithms
 int
 _gnutls_supported_compression_methods (gnutls_session_t session,
                                        uint8_t ** comp)
diff --git a/src/daemon/https/tls/gnutls_anon_cred.c b/src/daemon/https/tls/gnutls_anon_cred.c
index 919315ef..fd0917f8 100644
--- a/src/daemon/https/tls/gnutls_anon_cred.c
+++ b/src/daemon/https/tls/gnutls_anon_cred.c
@@ -62,8 +62,9 @@ int
 gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t *
                                          sc)
 {
-
   *sc = gnutls_calloc (1, sizeof (anon_server_credentials_st));
+  if (*sc == NULL)
+            return GNUTLS_E_MEMORY_ERROR;
 
   return 0;
 }
diff --git a/src/daemon/https/tls/gnutls_db.c b/src/daemon/https/tls/gnutls_db.c
deleted file mode 100644
index 806961c1..00000000
--- a/src/daemon/https/tls/gnutls_db.c
+++ /dev/null
@@ -1,386 +0,0 @@
-/*
- * Copyright (C) 2000, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file contains functions that manipulate a database backend
- * for resumed sessions. 
- */
-
-#include "gnutls_int.h"
-#include "gnutls_errors.h"
-// #include "gnutls_session.h"
-#include <gnutls_db.h>
-#include "debug.h"
-#include <gnutls_session_pack.h>
-#include <gnutls_datum.h>
-
-/**
-  * gnutls_db_set_retrieve_function - Sets the function that will be used to get data
-  * @session: is a #gnutls_session_t structure.
-  * @retr_func: is the function.
-  *
-  * Sets the function that will be used to retrieve data from the resumed
-  * sessions database. This function must return a gnutls_datum_t containing the
-  * data on success, or a gnutls_datum_t containing null and 0 on failure.
-  *
-  * The datum's data must be allocated using the function
-  * gnutls_malloc().
-  *
-  * The first argument to retr_func() will be null unless gnutls_db_set_ptr() 
-  * has been called.
-  *
-  **/
-void
-gnutls_db_set_retrieve_function (gnutls_session_t session,
-                                 gnutls_db_retr_func retr_func)
-{
-  session->internals.db_retrieve_func = retr_func;
-}
-
-/**
-  * gnutls_db_set_remove_function - Sets the function that will be used to remove data
-  * @session: is a #gnutls_session_t structure.
-  * @rem_func: is the function.
-  *
-  * Sets the function that will be used to remove data from the resumed
-  * sessions database. This function must return 0 on success.
-  *
-  * The first argument to rem_func() will be null unless gnutls_db_set_ptr() 
-  * has been called.
-  *
-  **/
-void
-gnutls_db_set_remove_function (gnutls_session_t session,
-                               gnutls_db_remove_func rem_func)
-{
-  session->internals.db_remove_func = rem_func;
-}
-
-/**
-  * gnutls_db_set_store_function - Sets the function that will be used to put data
-  * @session: is a #gnutls_session_t structure.
-  * @store_func: is the function
-  *
-  * Sets the function that will be used to store data from the resumed
-  * sessions database. This function must remove 0 on success. 
-  *
-  * The first argument to store_func() will be null unless gnutls_db_set_ptr() 
-  * has been called.
-  *
-  **/
-void
-gnutls_db_set_store_function (gnutls_session_t session,
-                              gnutls_db_store_func store_func)
-{
-  session->internals.db_store_func = store_func;
-}
-
-/**
-  * gnutls_db_set_ptr - Sets a pointer to be sent to db functions
-  * @session: is a #gnutls_session_t structure.
-  * @ptr: is the pointer
-  *
-  * Sets the pointer that will be provided to db store, retrieve and delete functions, as
-  * the first argument. 
-  *
-  **/
-void
-gnutls_db_set_ptr (gnutls_session_t session, void *ptr)
-{
-  session->internals.db_ptr = ptr;
-}
-
-/**
-  * gnutls_db_get_ptr - Returns the pointer which is sent to db functions
-  * @session: is a #gnutls_session_t structure.
-  *
-  * Returns the pointer that will be sent to db store, retrieve and delete functions, as
-  * the first argument. 
-  *
-  **/
-void *
-gnutls_db_get_ptr (gnutls_session_t session)
-{
-  return session->internals.db_ptr;
-}
-
-/**
-  * gnutls_db_set_cache_expiration - Sets the expiration time for resumed sessions.
-  * @session: is a #gnutls_session_t structure.
-  * @seconds: is the number of seconds.
-  *
-  * Sets the expiration time for resumed sessions. The default is 3600 (one hour)
-  * at the time writing this.
-  **/
-void
-gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds)
-{
-  session->internals.expire_time = seconds;
-}
-
-/**
-  * gnutls_db_check_entry - checks if the given db entry has expired
-  * @session: is a #gnutls_session_t structure.
-  * @session_entry: is the session data (not key)
-  *
-  * This function returns GNUTLS_E_EXPIRED, if the database entry
-  * has expired or 0 otherwise. This function is to be used when
-  * you want to clear unnesessary session which occupy space in your
-  * backend.
-  *
-  **/
-int
-gnutls_db_check_entry (gnutls_session_t session, gnutls_datum_t session_entry)
-{
-  time_t timestamp;
-
-  timestamp = time (0);
-
-  if (session_entry.data != NULL)
-    if (timestamp -
-        ((security_parameters_st *) (session_entry.data))->timestamp <=
-        session->internals.expire_time
-        || ((security_parameters_st *) (session_entry.data))->
-        timestamp > timestamp
-        || ((security_parameters_st *) (session_entry.data))->timestamp == 0)
-      return GNUTLS_E_EXPIRED;
-
-  return 0;
-}
-
-/* The format of storing data is:
- * (forget it). Check gnutls_session_pack.c
- */
-int
-_gnutls_server_register_current_session (gnutls_session_t session)
-{
-  gnutls_datum_t key;
-  gnutls_datum_t content;
-  int ret = 0;
-
-  key.data = session->security_parameters.session_id;
-  key.size = session->security_parameters.session_id_size;
-
-  if (session->internals.resumable == RESUME_FALSE)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_SESSION;
-    }
-
-  if (session->security_parameters.session_id == NULL
-      || session->security_parameters.session_id_size == 0)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_SESSION;
-    }
-
-/* copy data */
-  ret = _gnutls_session_pack (session, &content);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  ret = _gnutls_store_session (session, key, content);
-  _gnutls_free_datum (&content);
-
-  return ret;
-}
-
-/* Checks if both db_store and db_retrieve functions have
- * been set up.
- */
-static int
-_gnutls_db_func_is_ok (gnutls_session_t session)
-{
-  if (session->internals.db_store_func != NULL &&
-      session->internals.db_retrieve_func != NULL &&
-      session->internals.db_remove_func != NULL)
-    return 0;
-  else
-    return GNUTLS_E_DB_ERROR;
-}
-
-
-int
-_gnutls_server_restore_session (gnutls_session_t session,
-                                uint8_t * session_id, int session_id_size)
-{
-  gnutls_datum_t data;
-  gnutls_datum_t key;
-  int ret;
-
-  key.data = session_id;
-  key.size = session_id_size;
-
-  if (_gnutls_db_func_is_ok (session) != 0)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_SESSION;
-    }
-
-  data = _gnutls_retrieve_session (session, key);
-
-  if (data.data == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_SESSION;
-    }
-
-  /* expiration check is performed inside */
-  ret = gnutls_session_set_data (session, data.data, data.size);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  gnutls_free (data.data);
-
-  return 0;
-}
-
-int
-_gnutls_db_remove_session (gnutls_session_t session, uint8_t * session_id,
-                           int session_id_size)
-{
-  gnutls_datum_t key;
-
-  key.data = session_id;
-  key.size = session_id_size;
-
-  return _gnutls_remove_session (session, key);
-}
-
-
-/* Stores session data to the db backend.
- */
-int
-_gnutls_store_session (gnutls_session_t session,
-                       gnutls_datum_t session_id, gnutls_datum_t session_data)
-{
-  int ret = 0;
-
-  if (session->internals.resumable == RESUME_FALSE)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_SESSION;
-    }
-
-  if (_gnutls_db_func_is_ok (session) != 0)
-    {
-      return GNUTLS_E_DB_ERROR;
-    }
-
-  if (session_id.data == NULL || session_id.size == 0)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_SESSION;
-    }
-
-  if (session_data.data == NULL || session_data.size == 0)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_SESSION;
-    }
-  /* if we can't read why bother writing? */
-
-  if (session->internals.db_store_func != NULL)
-    ret =
-      session->internals.db_store_func (session->internals.db_ptr,
-                                        session_id, session_data);
-
-  return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
-
-}
-
-/* Retrieves session data from the db backend.
- */
-gnutls_datum_t
-_gnutls_retrieve_session (gnutls_session_t session, gnutls_datum_t session_id)
-{
-  gnutls_datum_t ret = { NULL, 0 };
-
-  if (session_id.data == NULL || session_id.size == 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  if (session->internals.db_retrieve_func != NULL)
-    ret =
-      session->internals.db_retrieve_func (session->internals.db_ptr,
-                                           session_id);
-
-  return ret;
-
-}
-
-/* Removes session data from the db backend.
- */
-int
-_gnutls_remove_session (gnutls_session_t session, gnutls_datum_t session_id)
-{
-  int ret = 0;
-
-  if (_gnutls_db_func_is_ok (session) != 0)
-    {
-      return GNUTLS_E_DB_ERROR;
-    }
-
-  if (session_id.data == NULL || session_id.size == 0)
-    return GNUTLS_E_INVALID_SESSION;
-
-  /* if we can't read why bother writing? */
-  if (session->internals.db_remove_func != NULL)
-    ret =
-      session->internals.db_remove_func (session->internals.db_ptr,
-                                         session_id);
-
-  return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
-
-}
-
-/**
-  * gnutls_db_remove_session - This function will remove the current session data from the database
-  * @session: is a #gnutls_session_t structure.
-  *
-  * This function will remove the current session data from the session
-  * database. This will prevent future handshakes reusing these session
-  * data. This function should be called if a session was terminated
-  * abnormally, and before gnutls_deinit() is called.
-  *
-  * Normally gnutls_deinit() will remove abnormally terminated sessions.
-  *
-  **/
-void
-gnutls_db_remove_session (gnutls_session_t session)
-{
-  /* if the session has failed abnormally it has 
-   * to be removed from the db 
-   */
-  _gnutls_db_remove_session (session,
-                             session->security_parameters.session_id,
-                             session->security_parameters.session_id_size);
-}
diff --git a/src/daemon/https/tls/gnutls_db.h b/src/daemon/https/tls/gnutls_db.h
deleted file mode 100644
index 9adece4e..00000000
--- a/src/daemon/https/tls/gnutls_db.h
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-int _gnutls_server_register_current_session (gnutls_session_t session);
-int _gnutls_server_restore_session (gnutls_session_t session,
-                                    uint8_t * session_id,
-                                    int session_id_size);
-int _gnutls_db_remove_session (gnutls_session_t session, uint8_t * session_id,
-                               int session_id_size);
-int _gnutls_store_session (gnutls_session_t session,
-                           gnutls_datum_t session_id,
-                           gnutls_datum_t session_data);
-gnutls_datum_t _gnutls_retrieve_session (gnutls_session_t session,
-                                         gnutls_datum_t session_id);
-int _gnutls_remove_session (gnutls_session_t session,
-                            gnutls_datum_t session_id);
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
index b304bdcb..5f56822e 100644
--- a/src/daemon/https/tls/gnutls_handshake.c
+++ b/src/daemon/https/tls/gnutls_handshake.c
@@ -37,7 +37,6 @@
 #include "gnutls_handshake.h"
 #include "gnutls_num.h"
 #include "gnutls_hash_int.h"
-#include "gnutls_db.h"
 #include "gnutls_extensions.h"
 #include "gnutls_supplemental.h"
 #include "gnutls_auth_int.h"
@@ -338,7 +337,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data,
                            int datalen)
 {
   uint8_t session_id_len;
-  int pos = 0, ret;
+  int pos = 0, ret = 0;
   uint16_t suite_size, comp_size;
   gnutls_protocol_t adv_version;
   int neg_version;
@@ -383,10 +382,10 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data,
     }
   DECR_LEN (len, session_id_len);
 
-  ret = _gnutls_server_restore_session (session, &data[pos], session_id_len);
   pos += session_id_len;
 
-  if (ret == 0)
+  /* TODO rm if support for resumed sessions won't be supported */
+  if (0)
     {                           /* resumed! */
       resume_copy_required_values (session);
       session->internals.resumed = RESUME_TRUE;
@@ -2647,12 +2646,6 @@ _gnutls_handshake_common (gnutls_session_t session)
       IMED_RET ("recv handshake final 2", ret);
     }
 
-  if (session->security_parameters.entity == GNUTLS_SERVER)
-    {
-      /* in order to support session resuming */
-      _gnutls_server_register_current_session (session);
-    }
-
   /* clear handshake buffer */
   _gnutls_handshake_hash_buffers_clear (session);
   return ret;
diff --git a/src/daemon/https/tls/gnutls_int.h b/src/daemon/https/tls/gnutls_int.h
index 5d30ac58..7791b554 100644
--- a/src/daemon/https/tls/gnutls_int.h
+++ b/src/daemon/https/tls/gnutls_int.h
@@ -380,7 +380,7 @@ typedef struct
 typedef struct
   {
     unsigned int priority[MAX_ALGOS];
-    unsigned int algorithms;
+    unsigned int num_algorithms;
   } priority_st;
 
 /* For the external api */
@@ -391,6 +391,8 @@ struct gnutls_priority_st
     priority_st kx;
     priority_st compression;
     priority_st protocol;
+
+    /* certificate type : x509, OpenPGP, etc. */
     priority_st cert_type;
 
     /* to disable record padding */
diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c
index 0dfb27e3..cea6446b 100644
--- a/src/daemon/https/tls/gnutls_priority.c
+++ b/src/daemon/https/tls/gnutls_priority.c
@@ -56,7 +56,7 @@ gnutls_cipher_set_priority (gnutls_session_t session, const int *list)
     num++;
   if (num > MAX_ALGOS)
     num = MAX_ALGOS;
-  session->internals.priorities.cipher.algorithms = num;
+  session->internals.priorities.cipher.num_algorithms = num;
 
   for (i = 0; i < num; i++)
     {
@@ -75,7 +75,7 @@ _set_priority (priority_st * st, const int *list)
     num++;
   if (num > MAX_ALGOS)
     num = MAX_ALGOS;
-  st->algorithms = num;
+  st->num_algorithms = num;
 
   for (i = 0; i < num; i++)
     {
diff --git a/src/daemon/https/tls/gnutls_record.c b/src/daemon/https/tls/gnutls_record.c
index e52cf922..68c83330 100644
--- a/src/daemon/https/tls/gnutls_record.c
+++ b/src/daemon/https/tls/gnutls_record.c
@@ -35,7 +35,6 @@
 #include "gnutls_hash_int.h"
 #include "gnutls_cipher_int.h"
 #include "gnutls_algorithms.h"
-#include "gnutls_db.h"
 #include "gnutls_auth_int.h"
 #include "gnutls_num.h"
 #include "gnutls_record.h"
@@ -289,7 +288,7 @@ session_is_valid (gnutls_session_t session)
   return 0;
 }
 
-/* Copies the record version into the headers. The 
+/* Copies the record version into the headers. The
  * version must have 2 bytes at least.
  */
 inline static void
@@ -316,7 +315,7 @@ copy_record_version (gnutls_session_t session,
 /* This function behaves exactly like write(). The only difference is
  * that it accepts, the gnutls_session_t and the content_type_t of data to
  * send (if called by the user the Content is specific)
- * It is intended to transfer data, under the current session.    
+ * It is intended to transfer data, under the current session.
  *
  * Oct 30 2001: Removed capability to send data more than MAX_RECORD_SIZE.
  * This makes the function much easier to read, and more error resistant
@@ -376,7 +375,7 @@ _gnutls_send_int (gnutls_session_t session,
   else
     data2send_size = sizeofdata;
 
-  /* Only encrypt if we don't have data to send 
+  /* Only encrypt if we don't have data to send
    * from the previous run. - probably interrupted.
    */
   if (session->internals.record_send_buffer.length > 0)
@@ -469,7 +468,7 @@ _gnutls_send_int (gnutls_session_t session,
   return retval;
 }
 
-/* This function is to be called if the handshake was successfully 
+/* This function is to be called if the handshake was successfully
  * completed. This sends a Change Cipher Spec packet to the peer.
  */
 ssize_t
@@ -556,8 +555,8 @@ record_check_headers (gnutls_session_t session,
                       uint16_t * length, uint16_t * header_size)
 {
 
-  /* Read the first two bytes to determine if this is a 
-   * version 2 message 
+  /* Read the first two bytes to determine if this is a
+   * version 2 message
    */
 
   if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && type == GNUTLS_HANDSHAKE
@@ -565,7 +564,7 @@ record_check_headers (gnutls_session_t session,
     {
 
       /* if msb set and expecting handshake message
-       * it should be SSL 2 hello 
+       * it should be SSL 2 hello
        */
       version[0] = 3;           /* assume SSL 3.0 */
       version[1] = 0;
@@ -593,7 +592,7 @@ record_check_headers (gnutls_session_t session,
       version[0] = headers[1];
       version[1] = headers[2];
 
-      /* No DECR_LEN, since headers has enough size. 
+      /* No DECR_LEN, since headers has enough size.
        */
       *length = _gnutls_read_uint16 (&headers[3]);
     }
@@ -676,7 +675,7 @@ record_check_type (gnutls_session_t session,
            */
           if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL)
             {
-              /* If we have been expecting for an alert do 
+              /* If we have been expecting for an alert do
                */
               session->internals.read_eof = 1;
               return GNUTLS_E_INT_RET_0;        /* EOF */
@@ -911,7 +910,7 @@ begin:
     }
 
   /* Here we check if the Type of the received packet is
-   * ok. 
+   * ok.
    */
   if ((ret = check_recv_type (recv_type)) < 0)
     {
@@ -952,7 +951,7 @@ begin:
       return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
     }
 
-  /* check if we have that data into buffer. 
+  /* check if we have that data into buffer.
    */
   if ((ret = _gnutls_io_read_buffered (session, &recv_data,
                                        header_size + length, recv_type))
@@ -1017,7 +1016,7 @@ begin:
                                    read_sequence_number),
      _gnutls_packet2str (recv_type), recv_type, decrypted_length);
 
-  /* increase sequence number 
+  /* increase sequence number
    */
   if (_gnutls_uint64pp (&session->connection_state.read_sequence_number) != 0)
     {
@@ -1037,7 +1036,7 @@ begin:
       return ret;
     }
 
-  /* Get Application data from buffer 
+  /* Get Application data from buffer
    */
   if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type
                               == GNUTLS_HANDSHAKE
@@ -1051,7 +1050,7 @@ begin:
           return ret;
         }
 
-      /* if the buffer just got empty 
+      /* if the buffer just got empty
        */
       if (_gnutls_record_buffer_get_size (type, session) == 0)
         {
@@ -1066,11 +1065,11 @@ begin:
     {
       gnutls_assert ();
       return GNUTLS_E_UNEXPECTED_PACKET;
-      /* we didn't get what we wanted to 
+      /* we didn't get what we wanted to
        */
     }
 
-  /* (originally for) TLS 1.0 CBC protection. 
+  /* (originally for) TLS 1.0 CBC protection.
    * Actually this code is called if we just received
    * an empty packet. An empty TLS packet is usually
    * sent to protect some vulnerabilities in the CBC mode.
diff --git a/src/daemon/https/tls/gnutls_session.c b/src/daemon/https/tls/gnutls_session.c
index 541cc699..fb9b5e80 100644
--- a/src/daemon/https/tls/gnutls_session.c
+++ b/src/daemon/https/tls/gnutls_session.c
@@ -24,7 +24,7 @@
 #include "gnutls_int.h"
 #include "gnutls_errors.h"
 #include "debug.h"
-#include <gnutls_session_pack.h>
+#include "gnutls_session_pack.h"
 #include <gnutls_datum.h>
 
 /**
@@ -123,10 +123,10 @@ gnutls_session_get_data2 (gnutls_session_t session, gnutls_datum_t * data)
   *
   * Returns the current session id. This can be used if you want to check if
   * the next session you tried to resume was actually resumed.
-  * This is because resumed sessions have the same sessionID with the 
+  * This is because resumed sessions have the same sessionID with the
   * original session.
   *
-  * Session id is some data set by the server, that identify the current session. 
+  * Session id is some data set by the server, that identify the current session.
   * In TLS 1.0 and SSL 3.0 session id is always less than 32 bytes.
   *
   * Returns zero on success.
diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c
index ed4945b6..3e549c4c 100644
--- a/src/daemon/https/tls/gnutls_session_pack.c
+++ b/src/daemon/https/tls/gnutls_session_pack.c
@@ -54,6 +54,169 @@ static int unpack_security_parameters (gnutls_session_t session,
 static int pack_security_parameters (gnutls_session_t session,
                                      gnutls_datum_t * packed_session);
 
+/* Packs the ANON session authentication data. */
+#ifdef ENABLE_ANON
+
+/* Format:
+ *      1 byte the credentials type
+ *      4 bytes the size of the whole structure
+ *      2 bytes the size of secret key in bits
+ *      4 bytes the size of the prime
+ *      x bytes the prime
+ *      4 bytes the size of the generator
+ *      x bytes the generator
+ *      4 bytes the size of the public key
+ *      x bytes the public key
+ */
+static int
+pack_anon_auth_info (gnutls_session_t session, gnutls_datum_t * packed_session)
+{
+  anon_auth_info_t info = _gnutls_get_auth_info (session);
+  int pos = 0;
+  size_t pack_size;
+
+  if (info)
+    pack_size = 2 + 4 * 3 + info->dh.prime.size +
+      info->dh.generator.size + info->dh.public_key.size;
+  else
+    pack_size = 0;
+
+  packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
+
+  /* calculate the size and allocate the data.
+   */
+  packed_session->data =
+    gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
+
+  if (packed_session->data == NULL)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_MEMORY_ERROR;
+    }
+
+  packed_session->data[0] = MHD_GNUTLS_CRD_ANON;
+  _gnutls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]);
+  pos += 4 + PACK_HEADER_SIZE;
+
+  if (pack_size > 0)
+    {
+      _gnutls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]);
+      pos += 2;
+
+      _gnutls_write_datum32 (&packed_session->data[pos], info->dh.prime);
+      pos += 4 + info->dh.prime.size;
+      _gnutls_write_datum32 (&packed_session->data[pos], info->dh.generator);
+      pos += 4 + info->dh.generator.size;
+      _gnutls_write_datum32 (&packed_session->data[pos], info->dh.public_key);
+      pos += 4 + info->dh.public_key.size;
+
+    }
+
+  return 0;
+}
+
+/* Format:
+ *      1 byte the credentials type
+ *      4 bytes the size of the whole structure
+ *      2 bytes the size of secret key in bits
+ *      4 bytes the size of the prime
+ *      x bytes the prime
+ *      4 bytes the size of the generator
+ *      x bytes the generator
+ *      4 bytes the size of the public key
+ *      x bytes the public key
+ */
+static int
+unpack_anon_auth_info (gnutls_session_t session,
+                       const gnutls_datum_t * packed_session)
+{
+  size_t pack_size;
+  int pos = 0, size, ret;
+  anon_auth_info_t info;
+
+  if (packed_session->data[0] != MHD_GNUTLS_CRD_ANON)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_INVALID_REQUEST;
+    }
+
+  pack_size = _gnutls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
+  pos += PACK_HEADER_SIZE + 4;
+
+
+  if (pack_size == 0)
+    return 0;                   /* nothing to be done */
+
+  /* a simple check for integrity */
+  if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_INVALID_REQUEST;
+    }
+
+  /* client and serer have the same auth_info here
+   */
+  ret =
+    _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
+                           sizeof (anon_auth_info_st), 1);
+  if (ret < 0)
+    {
+      gnutls_assert ();
+      return ret;
+    }
+
+  info = _gnutls_get_auth_info (session);
+  if (info == NULL)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_INTERNAL_ERROR;
+    }
+
+  info->dh.secret_bits = _gnutls_read_uint16 (&packed_session->data[pos]);
+  pos += 2;
+
+  size = _gnutls_read_uint32 (&packed_session->data[pos]);
+  pos += 4;
+  ret = _gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size);
+  if (ret < 0)
+    {
+      gnutls_assert ();
+      goto error;
+    }
+  pos += size;
+
+  size = _gnutls_read_uint32 (&packed_session->data[pos]);
+  pos += 4;
+  ret =
+    _gnutls_set_datum (&info->dh.generator, &packed_session->data[pos], size);
+  if (ret < 0)
+    {
+      gnutls_assert ();
+      goto error;
+    }
+  pos += size;
+
+  size = _gnutls_read_uint32 (&packed_session->data[pos]);
+  pos += 4;
+  ret =
+    _gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos],
+                       size);
+  if (ret < 0)
+    {
+      gnutls_assert ();
+      goto error;
+    }
+  pos += size;
+
+  return 0;
+
+error:
+  _gnutls_free_datum (&info->dh.prime);
+  _gnutls_free_datum (&info->dh.generator);
+  _gnutls_free_datum (&info->dh.public_key);
+  return ret;
+}
+#endif /* ANON */
 
 /* Since auth_info structures contain malloced data, this function
  * is required in order to pack these structures in a vector in
@@ -121,7 +284,7 @@ _gnutls_session_pack (gnutls_session_t session,
 
     }
 
-  /* Auth_info structures copied. Now copy security_parameters_st. 
+  /* Auth_info structures copied. Now copy security_parameters_st.
    * packed_session must have allocated space for the security parameters.
    */
   ret = pack_security_parameters (session, packed_session);
@@ -201,7 +364,7 @@ _gnutls_session_unpack (gnutls_session_t session,
 
     }
 
-  /* Auth_info structures copied. Now copy security_parameters_st. 
+  /* Auth_info structures copied. Now copy security_parameters_st.
    * packed_session must have allocated space for the security parameters.
    */
   ret = unpack_security_parameters (session, packed_session);
@@ -477,7 +640,7 @@ error:
 /* Packs the SRP session authentication data.
  */
 
-/* Format: 
+/* Format:
  *      1 byte the credentials type
  *      4 bytes the size of the SRP username (x)
  *      x bytes the SRP username
@@ -569,167 +732,12 @@ unpack_srp_auth_info (gnutls_session_t session,
 #endif
 
 
-#ifdef ENABLE_ANON
-/* Packs the ANON session authentication data.
- */
-
-/* Format: 
- *      1 byte the credentials type
- *      4 bytes the size of the whole structure
- *      2 bytes the size of secret key in bits
- *      4 bytes the size of the prime
- *      x bytes the prime
- *      4 bytes the size of the generator
- *      x bytes the generator
- *      4 bytes the size of the public key
- *      x bytes the public key
- */
-static int
-pack_anon_auth_info (gnutls_session_t session,
-                     gnutls_datum_t * packed_session)
-{
-  anon_auth_info_t info = _gnutls_get_auth_info (session);
-  int pos = 0;
-  size_t pack_size;
-
-  if (info)
-    pack_size = 2 + 4 * 3 + info->dh.prime.size +
-      info->dh.generator.size + info->dh.public_key.size;
-  else
-    pack_size = 0;
-
-  packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
-
-  /* calculate the size and allocate the data.
-   */
-  packed_session->data =
-    gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
-
-  if (packed_session->data == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  packed_session->data[0] = MHD_GNUTLS_CRD_ANON;
-  _gnutls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]);
-  pos += 4 + PACK_HEADER_SIZE;
-
-  if (pack_size > 0)
-    {
-      _gnutls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]);
-      pos += 2;
-
-      _gnutls_write_datum32 (&packed_session->data[pos], info->dh.prime);
-      pos += 4 + info->dh.prime.size;
-      _gnutls_write_datum32 (&packed_session->data[pos], info->dh.generator);
-      pos += 4 + info->dh.generator.size;
-      _gnutls_write_datum32 (&packed_session->data[pos], info->dh.public_key);
-      pos += 4 + info->dh.public_key.size;
-
-    }
-
-  return 0;
-}
-
-
-static int
-unpack_anon_auth_info (gnutls_session_t session,
-                       const gnutls_datum_t * packed_session)
-{
-  size_t pack_size;
-  int pos = 0, size, ret;
-  anon_auth_info_t info;
-
-  if (packed_session->data[0] != MHD_GNUTLS_CRD_ANON)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  pack_size = _gnutls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
-  pos += PACK_HEADER_SIZE + 4;
-
-
-  if (pack_size == 0)
-    return 0;                   /* nothing to be done */
-
-  /* a simple check for integrity */
-  if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  /* client and serer have the same auth_info here
-   */
-  ret =
-    _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
-                           sizeof (anon_auth_info_st), 1);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  info = _gnutls_get_auth_info (session);
-  if (info == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  info->dh.secret_bits = _gnutls_read_uint16 (&packed_session->data[pos]);
-  pos += 2;
-
-  size = _gnutls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  ret = _gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      goto error;
-    }
-  pos += size;
-
-  size = _gnutls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  ret =
-    _gnutls_set_datum (&info->dh.generator, &packed_session->data[pos], size);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      goto error;
-    }
-  pos += size;
-
-  size = _gnutls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  ret =
-    _gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos],
-                       size);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      goto error;
-    }
-  pos += size;
-
-  return 0;
-
-error:
-  _gnutls_free_datum (&info->dh.prime);
-  _gnutls_free_datum (&info->dh.generator);
-  _gnutls_free_datum (&info->dh.public_key);
-  return ret;
-}
-#endif /* ANON */
 
 #ifdef ENABLE_PSK
 /* Packs the PSK session authentication data.
  */
 
-/* Format: 
+/* Format:
  *      1 byte the credentials type
  *      4 bytes the size of the whole structure
  *      4 bytes the size of the PSK username (x)
@@ -909,7 +917,7 @@ error:
 /* Packs the security parameters.
  */
 
-/* Format: 
+/* Format:
  *      4 bytes the total security data size
  *      1 byte the entity type (client/server)
  *      1 byte the key exchange algorithm used
@@ -947,7 +955,7 @@ error:
  *
  *      2 bytes the number of server name extensions (up to MAX_SERVER_NAME_EXTENSIONS)
  *      1 byte the first name type
- *      2 bytes the size of the first name 
+ *      2 bytes the size of the first name
  *      x bytes the first name (MAX_SERVER_NAME_SIZE)
  *       and so on...
  *
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c
index 3fde3db4..3931b393 100644
--- a/src/daemon/https/tls/gnutls_state.c
+++ b/src/daemon/https/tls/gnutls_state.c
@@ -32,7 +32,6 @@
 #include <gnutls_auth_int.h>
 #include <gnutls_num.h>
 #include <gnutls_datum.h>
-#include <gnutls_db.h>
 #include <gnutls_record.h>
 #include <gnutls_handshake.h>
 #include <gnutls_dh.h>
@@ -154,11 +153,11 @@ _gnutls_session_cert_type_supported (gnutls_session_t session,
         }
     }
 
-  if (session->internals.priorities.cert_type.algorithms == 0 && cert_type
+  if (session->internals.priorities.cert_type.num_algorithms == 0 && cert_type
       == DEFAULT_CERT_TYPE)
     return 0;
 
-  for (i = 0; i < session->internals.priorities.cert_type.algorithms; i++)
+  for (i = 0; i < session->internals.priorities.cert_type.num_algorithms; i++)
     {
       if (session->internals.priorities.cert_type.priority[i] == cert_type)
         {
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c
index 7c84fa0a..a9b6829d 100644
--- a/src/daemon/https/tls/gnutls_x509.c
+++ b/src/daemon/https/tls/gnutls_x509.c
@@ -93,9 +93,9 @@ check_bits (gnutls_x509_crt_t crt, unsigned int max_bits)
   * _gnutls_x509_cert_verify_peers - This function returns the peer's certificate status
   * @session: is a gnutls session
   *
-  * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.). 
+  * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.).
   * The return value (status) should be one of the gnutls_certificate_status_t enumerated elements.
-  * However you must also check the peer's name in order to check if the verified certificate belongs to the 
+  * However you must also check the peer's name in order to check if the verified certificate belongs to the
   * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
   *
   -*/
@@ -178,7 +178,7 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session,
 
     }
 
-  /* Verify certificate 
+  /* Verify certificate
    */
   ret =
     gnutls_x509_crt_list_verify (peer_certificate_list,
@@ -522,7 +522,7 @@ parse_pem_cert_mem (gnutls_cert ** cert_list, unsigned *ncerts,
         }
       _gnutls_free_datum (&tmp);        /* free ptr2 */
 
-      /* now we move ptr after the pem header 
+      /* now we move ptr after the pem header
        */
       ptr++;
       /* find the next certificate (if any)
@@ -794,18 +794,18 @@ read_key_file (gnutls_certificate_credentials_t res,
   * @key: is the private key, or %NULL
   * @type: is PEM or DER
   *
-  * This function sets a certificate/private key pair in the 
+  * This function sets a certificate/private key pair in the
   * gnutls_certificate_credentials_t structure. This function may be called
   * more than once (in case multiple keys/certificates exist for the
   * server).
   *
-  * Currently are supported: RSA PKCS-1 encoded private keys, 
+  * Currently are supported: RSA PKCS-1 encoded private keys,
   * DSA private keys.
   *
   * DSA private keys are encoded the OpenSSL way, which is an ASN.1
   * DER sequence of 6 INTEGERs - version, p, q, g, pub, priv.
   *
-  * Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates 
+  * Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates
   * is supported. This means that certificates intended for signing cannot
   * be used for ciphersuites that require encryption.
   *
@@ -825,7 +825,7 @@ gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t
 {
   int ret;
 
-  /* this should be first 
+  /* this should be first
    */
   if ((ret = read_key_mem (res, key ? key->data : NULL,
                            key ? key->size : 0, type)) < 0)
@@ -867,7 +867,7 @@ gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
 {
   int ret, i;
 
-  /* this should be first 
+  /* this should be first
    */
 
   res->pkey =
@@ -956,7 +956,7 @@ gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t
 {
   int ret;
 
-  /* this should be first 
+  /* this should be first
    */
   if ((ret = read_key_file (res, KEYFILE, type)) < 0)
     return ret;
@@ -983,7 +983,7 @@ generate_rdn_seq (gnutls_certificate_credentials_t res)
   unsigned size, i;
   opaque *pdata;
 
-  /* Generate the RDN sequence 
+  /* Generate the RDN sequence
    * This will be sent to clients when a certificate
    * request message is sent.
    */
@@ -1036,11 +1036,8 @@ generate_rdn_seq (gnutls_certificate_credentials_t res)
   return 0;
 }
 
-
-
-
-/* Returns 0 if it's ok to use the gnutls_kx_algorithm_t with this 
- * certificate (uses the KeyUsage field). 
+/* Returns 0 if it's ok to use the gnutls_kx_algorithm_t with this
+ * certificate (uses the KeyUsage field).
  */
 int
 _gnutls_check_key_usage (const gnutls_cert * cert, gnutls_kx_algorithm_t alg)
@@ -1158,7 +1155,7 @@ parse_pem_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
           return ret;
         }
 
-      /* now we move ptr after the pem header 
+      /* now we move ptr after the pem header
        */
       ptr++;
       size--;
@@ -1452,7 +1449,7 @@ parse_pem_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls,
           return ret;
         }
 
-      /* now we move ptr after the pem header 
+      /* now we move ptr after the pem header
        */
       ptr++;
       /* find the next certificate (if any)