13 files changed, 63 insertions, 244 deletions
diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c
index f3bbeba9..6f34a120 100644
--- a/src/daemon/https/tls/auth_cert.c
+++ b/src/daemon/https/tls/auth_cert.c
@@ -808,9 +808,9 @@ MHD__gnutls_check_supported_sign_algo (CertificateSigType algo)
    {
    case RSA_SIGN:
      return MHD_GNUTLS_PK_RSA;
+    default:
+      return -1;
    }
-  return -1;
 }
 int
diff --git a/src/daemon/https/tls/auth_rsa.c b/src/daemon/https/tls/auth_rsa.c
index 7a66eae6..97f1901d 100644
--- a/src/daemon/https/tls/auth_rsa.c
+++ b/src/daemon/https/tls/auth_rsa.c
@@ -291,7 +291,7 @@ MHD__gnutls_proc_rsa_client_kx (MHD_gtls_session_t session, opaque * data,
      /* we do not need strong random numbers here.
       */
-      if (MHD_gc_nonce (session->key->key.data, session->key->key.size) != GC_OK)
+      if (MHD_gc_nonce ((char*) session->key->key.data, session->key->key.size) != GC_OK)
        {
          MHD_gnutls_assert ();
          return GNUTLS_E_RANDOM_FAILED;
@@ -352,7 +352,7 @@ MHD__gnutls_gen_rsa_client_kx (MHD_gtls_session_t session, opaque ** data)
      return GNUTLS_E_MEMORY_ERROR;
    }
-  if (MHD_gc_pseudo_random (session->key->key.data,
+  if (MHD_gc_pseudo_random ((char*) session->key->key.data,
                        session->key->key.size) != GC_OK)
    {
      MHD_gnutls_assert ();
diff --git a/src/daemon/https/tls/debug.c b/src/daemon/https/tls/debug.c
index 21cd945f..b7408e39 100644
--- a/src/daemon/https/tls/debug.c
+++ b/src/daemon/https/tls/debug.c
@@ -123,6 +123,6 @@ MHD__gnutls_dump_mpi (const char *prefix, mpi_t a)
  size_t n = sizeof buf;
  if (gcry_mpi_print (GCRYMPI_FMT_HEX, buf, n, &n, a))
-    strcpy (buf, "[can't print value]");        /* Flawfinder: ignore */
+    strcpy ((char*) buf, "[can't print value]");        /* Flawfinder: ignore */
  MHD__gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (n - 1) / 2, prefix, buf);
 }
diff --git a/src/daemon/https/tls/ext_cert_type.c b/src/daemon/https/tls/ext_cert_type.c
index 4feeb18f..a104b00b 100644
--- a/src/daemon/https/tls/ext_cert_type.c
+++ b/src/daemon/https/tls/ext_cert_type.c
@@ -147,10 +147,11 @@ int
 MHD_gtls_cert_type_send_params (MHD_gtls_session_t session, opaque * data,
                                size_t data_size)
 {
-  unsigned len, i;
+  unsigned int len;
  /* this function sends the client extension data (dnsname) */
 #if MHD_DEBUG_TLS
+  unsigned int i;
  if (session->security_parameters.entity == GNUTLS_CLIENT)
    {
diff --git a/src/daemon/https/tls/gnutls_cipher.c b/src/daemon/https/tls/gnutls_cipher.c
index 94e87eb3..9ff19759 100644
--- a/src/daemon/https/tls/gnutls_cipher.c
+++ b/src/daemon/https/tls/gnutls_cipher.c
@@ -244,7 +244,7 @@ calc_enc_length (MHD_gtls_session_t session, int data_size,
      break;
    case CIPHER_BLOCK:
-      if (MHD_gc_nonce (&rnd, 1) != GC_OK)
+      if (MHD_gc_nonce ((char*) &rnd, 1) != GC_OK)
        {
          MHD_gnutls_assert ();
          return GNUTLS_E_RANDOM_FAILED;
@@ -377,7 +377,7 @@ MHD_gtls_compressed2ciphertext (MHD_gtls_session_t session,
    {
      /* copy the random IV.
       */
-      if (MHD_gc_nonce (data_ptr, blocksize) != GC_OK)
+      if (MHD_gc_nonce ((char*) data_ptr, blocksize) != GC_OK)
        {
          MHD_gnutls_assert ();
          return GNUTLS_E_RANDOM_FAILED;
diff --git a/src/daemon/https/tls/gnutls_cipher_int.c b/src/daemon/https/tls/gnutls_cipher_int.c
index fef2c1d9..21fda10c 100644
--- a/src/daemon/https/tls/gnutls_cipher_int.c
+++ b/src/daemon/https/tls/gnutls_cipher_int.c
@@ -80,9 +80,9 @@ MHD_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher,
  if (err == 0)
    {
-      MHD_gc_cipher_setkey (ret, key->size, key->data);
+      MHD_gc_cipher_setkey (ret, key->size, (const char*) key->data);
      if (iv->data != NULL && iv->size > 0)
-        MHD_gc_cipher_setiv (ret, iv->size, iv->data);
+        MHD_gc_cipher_setiv (ret, iv->size, (const char*) iv->data);
    }
  else if (cipher != MHD_GNUTLS_CIPHER_NULL)
    {
diff --git a/src/daemon/https/tls/gnutls_compress_int.c b/src/daemon/https/tls/gnutls_compress_int.c
index 6b97fac4..07ffd5e1 100644
--- a/src/daemon/https/tls/gnutls_compress_int.c
+++ b/src/daemon/https/tls/gnutls_compress_int.c
@@ -52,6 +52,7 @@ MHD_gtls_comp_init (enum MHD_GNUTLS_CompressionMethod method, int d)
      {
        int window_bits, mem_level;
        int comp_level;
+        int err;
        z_stream *zhandle;
        window_bits = MHD_gtls_compression_get_wbits (method);
@@ -73,12 +74,10 @@ MHD_gtls_comp_init (enum MHD_GNUTLS_CompressionMethod method, int d)
        if (d)
          err = inflateInit2 (zhandle, window_bits);
-        else
+        else          
-          {
+          err = deflateInit2 (zhandle,
-            err = deflateInit2 (zhandle,
+                              comp_level, Z_DEFLATED,
-                                comp_level, Z_DEFLATED,
+                              window_bits, mem_level, Z_DEFAULT_STRATEGY);          
-                                window_bits, mem_level, Z_DEFAULT_STRATEGY);
-          }
        if (err != Z_OK)
          {
            MHD_gnutls_assert ();
@@ -90,6 +89,9 @@ MHD_gtls_comp_init (enum MHD_GNUTLS_CompressionMethod method, int d)
 #endif
    case MHD_GNUTLS_COMP_NULL:
      break;
+    default:
+      /* not supported! */
+      goto cleanup_ret;
    }
  return ret;
@@ -109,6 +111,7 @@ MHD_gtls_comp_deinit (comp_hd_t handle, int d)
      switch (handle->algo)
        {
 #ifdef HAVE_LIBZ
+          int err;
        case MHD_GNUTLS_COMP_DEFLATE:
          if (d)
            err = inflateEnd (handle->handle);
@@ -151,6 +154,7 @@ MHD_gtls_compress (comp_hd_t handle, const opaque * plain,
      {
        uLongf size;
        z_stream *zhandle;
+        int err;
        size = (plain_size + plain_size) + 10;
        *compressed = MHD_gnutls_malloc (size);
@@ -230,8 +234,10 @@ MHD_gtls_decompress (comp_hd_t handle, opaque * compressed,
 #ifdef HAVE_LIBZ
    case MHD_GNUTLS_COMP_DEFLATE:
      {
+        int err;
        uLongf out_size;
        z_stream *zhandle;
+        unsigned int cur_pos;
        *plain = NULL;
        out_size = compressed_size + compressed_size;
diff --git a/src/daemon/https/tls/gnutls_constate.c b/src/daemon/https/tls/gnutls_constate.c
index e38b720f..41aff98c 100644
--- a/src/daemon/https/tls/gnutls_constate.c
+++ b/src/daemon/https/tls/gnutls_constate.c
@@ -107,7 +107,7 @@ MHD__gnutls_set_keys (MHD_gtls_session_t session, int hash_size, int IV_size,
  else
    {                           /* TLS 1.0 */
      ret =
-        MHD_gtls_PRF (session, session->security_parameters.master_secret,
+        MHD_gtls_PRF (session, (const unsigned char*) session->security_parameters.master_secret,
                      TLS_MASTER_SIZE, keyexp, keyexp_length,
                      rnd, 2 * TLS_RANDOM_SIZE, block_size, key_block);
    }
@@ -342,7 +342,7 @@ MHD__gnutls_set_keys (MHD_gtls_session_t session, int hash_size, int IV_size,
        }
      else
        {                       /* TLS 1.0 */
-          ret = MHD_gtls_PRF (session, "", 0,
+          ret = MHD_gtls_PRF (session, (const unsigned char*) "", 0,
                              ivblock, ivblock_length, rrnd,
                              2 * TLS_RANDOM_SIZE, IV_size * 2, iv_block);
        }
diff --git a/src/daemon/https/tls/gnutls_hash_int.c b/src/daemon/https/tls/gnutls_hash_int.c
index 158f0843..97b6680d 100644
--- a/src/daemon/https/tls/gnutls_hash_int.c
+++ b/src/daemon/https/tls/gnutls_hash_int.c
@@ -133,7 +133,7 @@ MHD_gnutls_hash_deinit (GNUTLS_HASH_HANDLE handle, void *digest)
  maclen = MHD_gnutls_hash_get_algo_len (handle->algorithm);
-  mac = MHD_gc_hash_read (handle->handle);
+  mac = (unsigned char*) MHD_gc_hash_read (handle->handle);
  if (digest != NULL)
    memcpy (digest, mac, maclen);
@@ -178,7 +178,7 @@ MHD_gnutls_MHD_hmac_deinit (mac_hd_t handle, void *digest)
  maclen = MHD_gnutls_hash_get_algo_len (handle->algorithm);
-  mac = MHD_gc_hash_read (handle->handle);
+  mac = (unsigned char*) MHD_gc_hash_read (handle->handle);
  if (digest != NULL)
    memcpy (digest, mac, maclen);
diff --git a/src/daemon/https/tls/gnutls_pk.c b/src/daemon/https/tls/gnutls_pk.c
index 53bc6394..c4ec508a 100644
--- a/src/daemon/https/tls/gnutls_pk.c
+++ b/src/daemon/https/tls/gnutls_pk.c
@@ -104,7 +104,7 @@ MHD_gtls_pkcs1_rsa_encrypt (MHD_gnutls_datum_t * ciphertext,
          return GNUTLS_E_INTERNAL_ERROR;
        }
-      if (MHD_gc_pseudo_random (ps, psize) != GC_OK)
+      if (MHD_gc_pseudo_random ((char*)ps, psize) != GC_OK)
        {
          MHD_gnutls_assert ();
          MHD_gnutls_afree (edata);
@@ -113,7 +113,7 @@ MHD_gtls_pkcs1_rsa_encrypt (MHD_gnutls_datum_t * ciphertext,
      for (i = 0; i < psize; i++)
        while (ps[i] == 0)
          {
-            if (MHD_gc_pseudo_random (&ps[i], 1) != GC_OK)
+            if (MHD_gc_pseudo_random ((char*) &ps[i], 1) != GC_OK)
              {
                MHD_gnutls_assert ();
                MHD_gnutls_afree (edata);
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c
index 183f12ba..503bea9b 100644
--- a/src/daemon/https/tls/gnutls_x509.c
+++ b/src/daemon/https/tls/gnutls_x509.c
@@ -46,7 +46,6 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 /* x509 */
 #include "common.h"
 #include "x509.h"
@@ -337,10 +336,10 @@ parse_pem_cert_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts,
  /* move to the certificate
   */
-  ptr = MHD_memmem (input_cert, input_cert_size,
+  ptr = memmem (input_cert, input_cert_size,
                PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
  if (ptr == NULL)
-    ptr = MHD_memmem (input_cert, input_cert_size,
+    ptr = memmem (input_cert, input_cert_size,
                  PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
  if (ptr == NULL)
@@ -396,9 +395,9 @@ parse_pem_cert_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts,
        {
          char *ptr3;
-          ptr3 = MHD_memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
+          ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
          if (ptr3 == NULL)
-            ptr3 = MHD_memmem (ptr, size, PEM_CERT_SEP2,
+            ptr3 = memmem (ptr, size, PEM_CERT_SEP2,
                           sizeof (PEM_CERT_SEP2) - 1);
          ptr = ptr3;
@@ -794,10 +793,10 @@ parse_pem_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
  /* move to the certificate
   */
-  ptr = MHD_memmem (input_cert, input_cert_size,
+  ptr = memmem (input_cert, input_cert_size,
                PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
  if (ptr == NULL)
-    ptr = MHD_memmem (input_cert, input_cert_size,
+    ptr = memmem (input_cert, input_cert_size,
                  PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
  if (ptr == NULL)
@@ -855,9 +854,9 @@ parse_pem_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
        {
          char *ptr3;
-          ptr3 = MHD_memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
+          ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
          if (ptr3 == NULL)
-            ptr3 = MHD_memmem (ptr, size,
+            ptr3 = memmem (ptr, size,
                           PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
          ptr = (const opaque *) ptr3;
@@ -977,7 +976,7 @@ parse_pem_crl_mem (MHD_gnutls_x509_crl_t ** crl_list, unsigned *ncrls,
  /* move to the certificate
   */
-  ptr = MHD_memmem (input_crl, input_crl_size,
+  ptr = memmem (input_crl, input_crl_size,
                PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1);
  if (ptr == NULL)
    {
@@ -1033,7 +1032,7 @@ parse_pem_crl_mem (MHD_gnutls_x509_crl_t ** crl_list, unsigned *ncrls,
      size = input_crl_size - (ptr - input_crl);
      if (size > 0)
-        ptr = MHD_memmem (ptr, size, PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1);
+        ptr = memmem (ptr, size, PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1);
      else
        ptr = NULL;
      i++;
diff --git a/src/daemon/https/tls/x509_b64.c b/src/daemon/https/tls/x509_b64.c
index b19e301f..abe3fb40 100644
--- a/src/daemon/https/tls/x509_b64.c
+++ b/src/daemon/https/tls/x509_b64.c
@@ -58,6 +58,17 @@ static const uint8_t asciitable[128] = {
  0xff, 0xff
 };
+#define INCR(what, size) \
+       do { \
+       what+=size; \
+       if (what > ret) { \
+               MHD_gnutls_assert(); \
+               MHD_gnutls_free( (*result)); *result = NULL; \
+               return GNUTLS_E_INTERNAL_ERROR; \
+       } \
+       } while(0)
 inline static int
 encode (char *result, const uint8_t * data, int left)
 {
@@ -139,48 +150,6 @@ decode (uint8_t * result, const opaque * data)
 }
 /* encodes data and puts the result into result (locally allocated)
- * The result_size is the return value
- */
-int
-MHD__gnutls_base64_encode (const uint8_t * data, size_t data_size,
-                       uint8_t ** result)
-{
-  unsigned int i, j;
-  int ret, tmp;
-  char tmpres[4];
-  ret = B64SIZE (data_size);
-  (*result) = MHD_gnutls_malloc (ret + 1);
-  if ((*result) == NULL)
-    return GNUTLS_E_MEMORY_ERROR;
-  for (i = j = 0; i < data_size; i += 3, j += 4)
-    {
-      tmp = encode (tmpres, &data[i], data_size - i);
-      if (tmp == -1)
-        {
-          MHD_gnutls_free ((*result));
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-      memcpy (&(*result)[j], tmpres, tmp);
-    }
-  (*result)[ret] = 0;           /* null terminated */
-  return ret;
-}
-#define INCR(what, size) \
-        do { \
-        what+=size; \
-        if (what > ret) { \
-                MHD_gnutls_assert(); \
-                MHD_gnutls_free( (*result)); *result = NULL; \
-                return GNUTLS_E_INTERNAL_ERROR; \
-        } \
-        } while(0)
-/* encodes data and puts the result into result (locally allocated)
 * The result_size (including the null terminator) is the return value.
 */
 int
@@ -204,16 +173,16 @@ MHD__gnutls_fbase64_encode (const char *msg, const uint8_t * data,
  memset (bottom, 0, sizeof (bottom));
  memset (top, 0, sizeof (top));
-  strcat (top, "-----BEGIN ");  /* Flawfinder: ignore */
+  strcat ((char*) top, "-----BEGIN ");  /* Flawfinder: ignore */
-  strcat (top, msg);            /* Flawfinder: ignore */
+  strcat ((char*)top, msg);            /* Flawfinder: ignore */
-  strcat (top, "-----");        /* Flawfinder: ignore */
+  strcat ((char*)top, "-----");        /* Flawfinder: ignore */
-  strcat (bottom, "\n-----END ");       /* Flawfinder: ignore */
+  strcat ((char*)bottom, "\n-----END ");       /* Flawfinder: ignore */
-  strcat (bottom, msg);         /* Flawfinder: ignore */
+  strcat ((char*)bottom, msg);         /* Flawfinder: ignore */
-  strcat (bottom, "-----\n");   /* Flawfinder: ignore */
+  strcat ((char*)bottom, "-----\n");   /* Flawfinder: ignore */
-  top_len = strlen (top);
+  top_len = strlen ((char*)top);
-  bottom_len = strlen (bottom);
+  bottom_len = strlen ((char*)bottom);
  ret = B64FSIZE (msglen, data_size);
@@ -228,7 +197,7 @@ MHD__gnutls_fbase64_encode (const char *msg, const uint8_t * data,
  INCR (bytes, top_len);
  pos = top_len;
-  strcpy (*result, top);        /* Flawfinder: ignore */
+  strcpy ((char*)*result,(char*) top);        /* Flawfinder: ignore */
  for (i = j = 0; i < data_size; i += 3, j += 4)
    {
@@ -286,82 +255,6 @@ MHD__gnutls_fbase64_encode (const char *msg, const uint8_t * data,
  return ret + 1;
 }
-/**
-  * MHD_gtls_pem_base64_encode - This function will convert raw data to Base64 encoded
-  * @msg: is a message to be put in the header
-  * @data: contain the raw data
-  * @result: the place where base64 data will be copied
-  * @result_size: holds the size of the result
-  *
-  * This function will convert the given data to printable data, using the base64
-  * encoding. This is the encoding used in PEM messages. If the provided
-  * buffer is not long enough GNUTLS_E_SHORT_MEMORY_BUFFER is returned.
-  *
-  * The output string will be null terminated, although the size will not include
-  * the terminating null.
-  *
-  **/
-int
-MHD_gtls_pem_base64_encode (const char *msg, const MHD_gnutls_datum_t * data,
-                            char *result, size_t * result_size)
-{
-  opaque *ret;
-  int size;
-  size = MHD__gnutls_fbase64_encode (msg, data->data, data->size, &ret);
-  if (size < 0)
-    return size;
-  if (result == NULL || *result_size < (unsigned) size)
-    {
-      MHD_gnutls_free (ret);
-      *result_size = size;
-      return GNUTLS_E_SHORT_MEMORY_BUFFER;
-    }
-  else
-    {
-      memcpy (result, ret, size);
-      MHD_gnutls_free (ret);
-      *result_size = size - 1;
-    }
-  return 0;
-}
-/**
-  * MHD_gtls_pem_base64_encode_alloc - This function will convert raw data to Base64 encoded
-  * @msg: is a message to be put in the encoded header
-  * @data: contains the raw data
-  * @result: will hold the newly allocated encoded data
-  *
-  * This function will convert the given data to printable data, using the base64
-  * encoding. This is the encoding used in PEM messages. This function will
-  * allocate the required memory to hold the encoded data.
-  *
-  * You should use MHD_gnutls_free() to free the returned data.
-  *
-  **/
-int
-MHD_gtls_pem_base64_encode_alloc (const char *msg,
-                                  const MHD_gnutls_datum_t * data,
-                                  MHD_gnutls_datum_t * result)
-{
-  opaque *ret;
-  int size;
-  if (result == NULL)
-    return GNUTLS_E_INVALID_REQUEST;
-  size = MHD__gnutls_fbase64_encode (msg, data->data, data->size, &ret);
-  if (size < 0)
-    return size;
-  result->data = ret;
-  result->size = size - 1;
-  return 0;
-}
 /* decodes data and puts the result into result (locally allocated)
 * The result_size is the return value
 */
@@ -440,7 +333,7 @@ MHD__gnutls_fbase64_decode (const char *header, const opaque * data,
  if (header != NULL)
    MHD_gtls_str_cat (pem_header, sizeof (pem_header), header);
-  rdata = MHD_memmem (data, data_size, pem_header, strlen (pem_header));
+  rdata = memmem (data, data_size, pem_header, strlen (pem_header));
  if (rdata == NULL)
    {
@@ -457,11 +350,11 @@ MHD__gnutls_fbase64_decode (const char *header, const opaque * data,
      return GNUTLS_E_BASE64_DECODING_ERROR;
    }
-  kdata = MHD_memmem (rdata, data_size, ENDSTR, sizeof (ENDSTR) - 1);
+  kdata = memmem (rdata, data_size, ENDSTR, sizeof (ENDSTR) - 1);
  /* allow CR as well.
   */
  if (kdata == NULL)
-    kdata = MHD_memmem (rdata, data_size, ENDSTR2, sizeof (ENDSTR2) - 1);
+    kdata = memmem (rdata, data_size, ENDSTR2, sizeof (ENDSTR2) - 1);
  if (kdata == NULL)
    {
@@ -476,7 +369,7 @@ MHD__gnutls_fbase64_decode (const char *header, const opaque * data,
  /* position is now after the ---BEGIN--- headers */
-  kdata = MHD_memmem (rdata, data_size, bottom, strlen (bottom));
+  kdata = memmem (rdata, data_size, bottom, strlen (bottom));
  if (kdata == NULL)
    {
      MHD_gnutls_assert ();
@@ -519,81 +412,3 @@ MHD__gnutls_fbase64_decode (const char *header, const opaque * data,
  return ret;
 }
-/**
-  * MHD_gtls_pem_base64_decode - This function will decode base64 encoded data
-  * @header: A null terminated string with the PEM header (eg. CERTIFICATE)
-  * @b64_data: contain the encoded data
-  * @result: the place where decoded data will be copied
-  * @result_size: holds the size of the result
-  *
-  * This function will decode the given encoded data. If the header given
-  * is non null this function will search for "-----BEGIN header" and decode
-  * only this part. Otherwise it will decode the first PEM packet found.
-  *
-  * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not long enough,
-  * or 0 on success.
-  **/
-int
-MHD_gtls_pem_base64_decode (const char *header,
-                            const MHD_gnutls_datum_t * b64_data,
-                            unsigned char *result, size_t * result_size)
-{
-  opaque *ret;
-  int size;
-  size =
-    MHD__gnutls_fbase64_decode (header, b64_data->data, b64_data->size, &ret);
-  if (size < 0)
-    return size;
-  if (result == NULL || *result_size < (unsigned) size)
-    {
-      MHD_gnutls_free (ret);
-      *result_size = size;
-      return GNUTLS_E_SHORT_MEMORY_BUFFER;
-    }
-  else
-    {
-      memcpy (result, ret, size);
-      MHD_gnutls_free (ret);
-      *result_size = size;
-    }
-  return 0;
-}
-/**
-  * MHD_gtls_pem_base64_decode_alloc - This function will decode base64 encoded data
-  * @header: The PEM header (eg. CERTIFICATE)
-  * @b64_data: contains the encoded data
-  * @result: the place where decoded data lie
-  *
-  * This function will decode the given encoded data. The decoded data
-  * will be allocated, and stored into result.
-  * If the header given is non null this function will search for
-  * "-----BEGIN header" and decode only this part. Otherwise it will decode the
-  * first PEM packet found.
-  *
-  * You should use MHD_gnutls_free() to free the returned data.
-  *
-  **/
-int
-MHD_gtls_pem_base64_decode_alloc (const char *header,
-                                  const MHD_gnutls_datum_t * b64_data,
-                                  MHD_gnutls_datum_t * result)
-{
-  opaque *ret;
-  int size;
-  if (result == NULL)
-    return GNUTLS_E_INVALID_REQUEST;
-  size =
-    MHD__gnutls_fbase64_decode (header, b64_data->data, b64_data->size, &ret);
-  if (size < 0)
-    return size;
-  result->data = ret;
-  result->size = size;
-  return 0;
-}
diff --git a/src/daemon/https/tls/x509_b64.h b/src/daemon/https/tls/x509_b64.h
index 8638420b..9cb27c86 100644
--- a/src/daemon/https/tls/x509_b64.h
+++ b/src/daemon/https/tls/x509_b64.h
@@ -22,8 +22,6 @@
 *
 */
-int MHD__gnutls_base64_encode (const uint8_t * data, size_t data_size,
-                           uint8_t ** result);
 int MHD__gnutls_fbase64_encode (const char *msg, const uint8_t * data,
                            int data_size, uint8_t ** result);
 int MHD__gnutls_base64_decode (const uint8_t * data, size_t data_size,