18 files changed, 9 insertions, 2175 deletions
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c
index b9e2a5a8..a0a50992 100644
--- a/src/daemon/daemon.c
+++ b/src/daemon/daemon.c
@@ -153,15 +153,6 @@ MHD_TLS_init (struct MHD_Daemon *daemon)
 {
  switch (daemon->cred_type)
    {
-    case MHD_GNUTLS_CRD_ANON:
-      if ((0 !=
-           MHD__gnutls_anon_allocate_server_credentials (&daemon->anon_cred))
-          || (0 != MHD__gnutls_dh_params_init (&daemon->dh_params)))
-        return GNUTLS_E_MEMORY_ERROR;
-      MHD__gnutls_dh_params_generate2 (daemon->dh_params, 1024);
-      MHD__gnutls_anon_set_server_dh_params (daemon->anon_cred,
-                                             daemon->dh_params);
-      return 0;
    case MHD_GNUTLS_CRD_CERTIFICATE:
      if (0 !=
          MHD__gnutls_certificate_allocate_credentials (&daemon->x509_cred))
@@ -495,13 +486,6 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
                                       MHD_GNUTLS_CRD_CERTIFICATE,
                                       connection->daemon->x509_cred);
          break;
-        case MHD_GNUTLS_CRD_ANON:
-          /* set needed credentials for anonymous authentication. */
-          MHD__gnutls_credentials_set (connection->tls_session,
-                                       MHD_GNUTLS_CRD_ANON,
-                                       connection->daemon->anon_cred);
-          MHD__gnutls_dh_set_prime_bits (connection->tls_session, 1024);
-          break;
        default:
 #if HAVE_MESSAGES
          MHD_DLOG (connection->daemon,
@@ -1101,8 +1085,6 @@ MHD_stop_daemon (struct MHD_Daemon *daemon)
      MHD__gnutls_priority_deinit (daemon->priority_cache);
      if (daemon->x509_cred)
        MHD__gnutls_certificate_free_credentials (daemon->x509_cred);
-      if (daemon->anon_cred)
-        MHD__gnutls_anon_free_server_credentials (daemon->anon_cred);
      /* lock MHD_gnutls_global mutex since it uses reference counting */
      pthread_mutex_lock (&MHD_gnutls_init_mutex);
      MHD__gnutls_global_deinit ();
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h
index 217e0fb7..985455c8 100644
--- a/src/daemon/https/gnutls.h
+++ b/src/daemon/https/gnutls.h
@@ -448,35 +448,6 @@ extern "C"
  typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_server_credentials;
  typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_client_credentials;
-  typedef struct MHD_gtls_anon_server_credentials_st
-    *MHD_gtls_anon_server_credentials_t;
-  typedef struct MHD_gtls_anon_client_credentials_st
-    *MHD_gtls_anon_client_credentials_t;
-  void
-    MHD__gnutls_anon_free_server_credentials
-    (MHD_gtls_anon_server_credentials_t sc);
-  int
-    MHD__gnutls_anon_allocate_server_credentials
-    (MHD_gtls_anon_server_credentials_t * sc);
-  void
-    MHD__gnutls_anon_set_server_dh_params (MHD_gtls_anon_server_credentials_t
-                                           res,
-                                           MHD_gtls_dh_params_t dh_params);
-  void
-    MHD__gnutls_anon_set_server_params_function
-    (MHD_gtls_anon_server_credentials_t res,
-     MHD_gnutls_params_function * func);
-  void
-    MHD__gnutls_anon_free_client_credentials
-    (MHD_gtls_anon_client_credentials_t sc);
-  int
-    MHD__gnutls_anon_allocate_client_credentials
-    (MHD_gtls_anon_client_credentials_t * sc);
  void MHD__gnutls_certificate_free_credentials (MHD_gtls_cert_credentials_t
                                                 sc);
  int
@@ -488,19 +459,6 @@ extern "C"
  void MHD__gnutls_certificate_free_ca_names (MHD_gtls_cert_credentials_t sc);
  void MHD__gnutls_certificate_free_crls (MHD_gtls_cert_credentials_t sc);
-  void MHD__gnutls_certificate_set_dh_params (MHD_gtls_cert_credentials_t res,
-                                              MHD_gtls_dh_params_t dh_params);
-  void
-    MHD__gnutls_certificate_set_rsa_export_params (MHD_gtls_cert_credentials_t
-                                                   res,
-                                                   MHD_gtls_rsa_params_t
-                                                   rsa_params);
-  void MHD__gnutls_certificate_set_verify_flags (MHD_gtls_cert_credentials_t
-                                                 res, unsigned int flags);
-  void MHD__gnutls_certificate_set_verify_limits (MHD_gtls_cert_credentials_t
-                                                  res, unsigned int max_bits,
-                                                  unsigned int max_depth);
  int MHD__gnutls_certificate_set_x509_trust_file (MHD_gtls_cert_credentials_t
                                                   res, const char *CAFILE,
                                                   MHD_gnutls_x509_crt_fmt_t
@@ -647,13 +605,6 @@ extern "C"
  void MHD__gnutls_session_set_ptr (MHD_gtls_session_t session, void *ptr);
  void *MHD_gtls_session_get_ptr (MHD_gtls_session_t session);
-/*
- * this function returns the hash of the given data.
- */
-  int MHD__gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo,
-                               const MHD_gnutls_datum_t * data, void *result,
-                               size_t * result_size);
  typedef enum MHD_gnutls_x509_subject_alt_name_t
  {
    GNUTLS_SAN_DNSNAME = 1,
@@ -714,23 +665,6 @@ extern "C"
   */
  void MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session,
                                      unsigned int bits);
-  int MHD__gnutls_dh_get_secret_bits (MHD_gtls_session_t session);
-  int MHD__gnutls_dh_get_peers_public_bits (MHD_gtls_session_t session);
-  int MHD__gnutls_dh_get_prime_bits (MHD_gtls_session_t session);
-  int MHD__gnutls_dh_get_group (MHD_gtls_session_t session,
-                                MHD_gnutls_datum_t * raw_gen,
-                                MHD_gnutls_datum_t * raw_prime);
-  int MHD__gnutls_dh_get_pubkey (MHD_gtls_session_t session,
-                                 MHD_gnutls_datum_t * raw_key);
-  /*
-   * RSA
-   */
-  int MHD_gtls_rsa_export_get_pubkey (MHD_gtls_session_t session,
-                                      MHD_gnutls_datum_t * exponent,
-                                      MHD_gnutls_datum_t * modulus);
-  int MHD_gtls_rsa_export_get_modulus_bits (MHD_gtls_session_t session);
  /* External signing callback.  Experimental. */
  typedef int (*MHD_gnutls_sign_func) (MHD_gtls_session_t session,
@@ -761,20 +695,11 @@ extern "C"
                                                req);
  /* get data from the session */
-  const MHD_gnutls_datum_t *MHD_gtls_certificate_get_peers (MHD_gtls_session_t
-                                                            session,
-                                                            unsigned int
-                                                            *list_size);
-  const MHD_gnutls_datum_t *MHD_gtls_certificate_get_ours (MHD_gtls_session_t
-                                                           session);
  time_t MHD_gtls_certificate_activation_time_peers (MHD_gtls_session_t
                                                     session);
  time_t MHD_gtls_certificate_expiration_time_peers (MHD_gtls_session_t
                                                     session);
-  int MHD_gtls_certificate_client_get_request_status (MHD_gtls_session_t
-                                                      session);
  int MHD_gtls_certificate_verify_peers2 (MHD_gtls_session_t session,
                                          unsigned int *status);
@@ -796,16 +721,6 @@ extern "C"
                                        const MHD_gnutls_datum_t * b64_data,
                                        MHD_gnutls_datum_t * result);
-  //  void
-  //    MHD_gnutls_certificate_set_params_function (MHD_gtls_cert_credentials_t
-  //                                            res,
-  //                                            MHD_gnutls_params_function * func);
-  //  void MHD_gnutls_anon_set_params_function (MHD_gtls_anon_server_credentials_t res,
-  //                                        MHD_gnutls_params_function * func);
-  //  void MHD_gnutls_psk_set_params_function (MHD_gnutls_psk_server_credentials_t res,
-  //                                       MHD_gnutls_params_function * func);
  /* key_usage will be an OR of the following values: */
  /* when the key is to be used for signing: */
 #define GNUTLS_KEY_DIGITAL_SIGNATURE    128
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am
index aa8a71a7..420307fc 100644
--- a/src/daemon/https/tls/Makefile.am
+++ b/src/daemon/https/tls/Makefile.am
@@ -16,7 +16,6 @@ libtls_la_LDFLAGS = \
 -L$(GCRYPT_LIB_PATH)
 libtls_la_SOURCES = \
-auth_anon.c \
 auth_cert.c \
 auth_dh_common.c \
 auth_dhe.c \
@@ -30,7 +29,6 @@ ext_oprfi.c \
 ext_server_name.c \
 gnutls_alert.c \
 gnutls_algorithms.c \
-gnutls_anon_cred.c \
 gnutls_asn1_tab.c \
 gnutls_auth.c \
 gnutls_buffers.c \
@@ -66,7 +64,6 @@ gnutls_ui.c \
 gnutls_x509.c \
 pkix_asn1_tab.c \
 x509_b64.c \
-auth_anon.h \
 auth_cert.h \
 auth_dh_common.h \
 debug.h \
diff --git a/src/daemon/https/tls/auth_anon.c b/src/daemon/https/tls/auth_anon.c
deleted file mode 100644
index 1d6922cc..00000000
--- a/src/daemon/https/tls/auth_anon.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-/* This file contains the Anonymous Diffie Hellman key exchange part of
- * the anonymous authentication. The functions here are used in the
- * handshake.
- */
-#include <gnutls_int.h>
-#ifdef ENABLE_ANON
-#include "gnutls_auth_int.h"
-#include "gnutls_errors.h"
-#include "gnutls_dh.h"
-#include "auth_anon.h"
-#include "gnutls_num.h"
-#include "gnutls_mpi.h"
-#include <gnutls_state.h>
-#include <auth_dh_common.h>
-static int MHD_gtls_gen_anon_server_kx (MHD_gtls_session_t, opaque **);
-static int MHD_gtls_proc_anon_client_kx (MHD_gtls_session_t, opaque *,
-                                         size_t);
-static int MHD_gtls_proc_anon_server_kx (MHD_gtls_session_t, opaque *,
-                                         size_t);
-const MHD_gtls_mod_auth_st MHD_gtls_anon_auth_struct = {
-  "ANON",
-  NULL,
-  NULL,
-  MHD_gtls_gen_anon_server_kx,
-  MHD_gtls_gen_dh_common_client_kx,     /* this can be shared */
-  NULL,
-  NULL,
-  NULL,
-  NULL,                         /* certificate */
-  MHD_gtls_proc_anon_server_kx,
-  MHD_gtls_proc_anon_client_kx,
-  NULL,
-  NULL
-};
-static int
-MHD_gtls_gen_anon_server_kx (MHD_gtls_session_t session, opaque ** data)
-{
-  mpi_t g, p;
-  const mpi_t *mpis;
-  int ret;
-  MHD_gtls_dh_params_t dh_params;
-  MHD_gtls_anon_server_credentials_t cred;
-  cred = (MHD_gtls_anon_server_credentials_t)
-    MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_ANON, NULL);
-  if (cred == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-  dh_params =
-    MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session);
-  mpis = MHD_gtls_dh_params_to_mpi (dh_params);
-  if (mpis == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
-    }
-  p = mpis[0];
-  g = mpis[1];
-  if ((ret =
-       MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
-                               sizeof (anon_auth_info_st), 1)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-  MHD_gtls_dh_set_group (session, g, p);
-  ret = MHD_gtls_dh_common_print_server_kx (session, g, p, data, 0);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-    }
-  return ret;
-}
-static int
-MHD_gtls_proc_anon_client_kx (MHD_gtls_session_t session, opaque * data,
-                              size_t _data_size)
-{
-  MHD_gtls_anon_server_credentials_t cred;
-  int bits;
-  int ret;
-  mpi_t p, g;
-  MHD_gtls_dh_params_t dh_params;
-  const mpi_t *mpis;
-  bits = MHD_gtls_dh_get_allowed_prime_bits (session);
-  cred = (MHD_gtls_anon_server_credentials_t)
-    MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_ANON, NULL);
-  if (cred == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-  dh_params =
-    MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session);
-  mpis = MHD_gtls_dh_params_to_mpi (dh_params);
-  if (mpis == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
-    }
-  p = mpis[0];
-  g = mpis[1];
-  ret = MHD_gtls_proc_dh_common_client_kx (session, data, _data_size, g, p);
-  return ret;
-}
-int
-MHD_gtls_proc_anon_server_kx (MHD_gtls_session_t session, opaque * data,
-                              size_t _data_size)
-{
-  int ret;
-  /* set auth_info */
-  if ((ret =
-       MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
-                               sizeof (anon_auth_info_st), 1)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-  ret = MHD_gtls_proc_dh_common_server_kx (session, data, _data_size, 0);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-  return 0;
-}
-#endif /* ENABLE_ANON */
diff --git a/src/daemon/https/tls/auth_anon.h b/src/daemon/https/tls/auth_anon.h
deleted file mode 100644
index 4602ab23..00000000
--- a/src/daemon/https/tls/auth_anon.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-/* this is not to be included by MHD_gnutls_anon.c */
-#include <gnutls_auth.h>
-#include <auth_dh_common.h>
-typedef struct MHD_gtls_anon_server_credentials_st
-{
-  MHD_gtls_dh_params_t dh_params;
-  /* this callback is used to retrieve the DH or RSA
-   * parameters.
-   */
-  MHD_gnutls_params_function *params_func;
-} mhd_anon_server_credentials_st;
-typedef struct MHD_gtls_anon_client_credentials_st
-{
-  int dummy;
-} mhd_anon_client_credentials_st;
-typedef struct MHD_gtls_anon_auth_info_st
-{
-  MHD_gtls_dh_info_st dh;
-} *mhd_anon_auth_info_t;
-typedef struct MHD_gtls_anon_auth_info_st anon_auth_info_st;
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c
index 18ba0457..89ca70bc 100644
--- a/src/daemon/https/tls/gnutls_algorithms.c
+++ b/src/daemon/https/tls/gnutls_algorithms.c
@@ -42,9 +42,6 @@ typedef struct
 } MHD_gnutls_cred_map;
 static const MHD_gnutls_cred_map MHD_gtls_cred_mappings[] = {
-  {MHD_GNUTLS_KX_ANON_DH,
-   MHD_GNUTLS_CRD_ANON,
-   MHD_GNUTLS_CRD_ANON},
  {MHD_GNUTLS_KX_RSA,
   MHD_GNUTLS_CRD_CERTIFICATE,
   MHD_GNUTLS_CRD_CERTIFICATE},
@@ -390,7 +387,6 @@ extern MHD_gtls_mod_auth_st MHD_gtls_rsa_auth_struct;
 extern MHD_gtls_mod_auth_st MHD_rsa_export_auth_struct;
 extern MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct;
 extern MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct;
-extern MHD_gtls_mod_auth_st MHD_gtls_anon_auth_struct;
 extern MHD_gtls_mod_auth_st srp_auth_struct;
 extern MHD_gtls_mod_auth_st psk_auth_struct;
 extern MHD_gtls_mod_auth_st dhe_psk_auth_struct;
@@ -407,9 +403,6 @@ typedef struct MHD_gtls_kx_algo_entry
 } MHD_gtls_kx_algo_entry_t;
 static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = {
-#ifdef ENABLE_ANON
-  {"ANON-DH", MHD_GNUTLS_KX_ANON_DH, &MHD_gtls_anon_auth_struct, 1, 0},
-#endif
  {"RSA",
   MHD_GNUTLS_KX_RSA,
   &MHD_gtls_rsa_auth_struct,
@@ -451,9 +444,6 @@ static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = {
 /* Keep the contents of this struct the same as the previous one. */
 static const enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_supported_kxs[] =
 {
-#ifdef ENABLE_ANON
-  MHD_GNUTLS_KX_ANON_DH,
-#endif
  MHD_GNUTLS_KX_RSA,
  MHD_GNUTLS_KX_RSA_EXPORT,
  MHD_GNUTLS_KX_DHE_RSA,
@@ -498,20 +488,6 @@ typedef struct
 */
 #define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 }
-/* ANONymous cipher suites.
- */
-#define GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1 { 0x00, 0x1B }
-#define GNUTLS_ANON_DH_ARCFOUR_MD5 { 0x00, 0x18 }
-/* rfc3268: */
-#define GNUTLS_ANON_DH_AES_128_CBC_SHA1 { 0x00, 0x34 }
-#define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A }
-/* rfc4132 */
-#define GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 }
-#define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
 /* PSK (not in TLS 1.0)
 * draft-ietf-tls-psk:
 */
@@ -590,34 +566,6 @@ typedef struct
 #define CIPHER_SUITES_COUNT sizeof(MHD_gtls_cs_algorithms)/sizeof(MHD_gtls_cipher_suite_entry)-1
 static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = {
-  /* ANON_DH */
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5,
-                             MHD_GNUTLS_CIPHER_ARCFOUR_128,
-                             MHD_GNUTLS_KX_ANON_DH, MHD_GNUTLS_MAC_MD5,
-                             MHD_GNUTLS_PROTOCOL_SSL3),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_3DES_CBC,
-                             MHD_GNUTLS_KX_ANON_DH,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_AES_128_CBC,
-                             MHD_GNUTLS_KX_ANON_DH,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_AES_256_CBC,
-                             MHD_GNUTLS_KX_ANON_DH,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
-#ifdef  ENABLE_CAMELLIA
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC,
-                             MHD_GNUTLS_KX_ANON_DH,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC,
-                             MHD_GNUTLS_KX_ANON_DH,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-#endif
  /* SRP */
  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
                             MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_SRP,
diff --git a/src/daemon/https/tls/gnutls_anon_cred.c b/src/daemon/https/tls/gnutls_anon_cred.c
deleted file mode 100644
index d73c0edd..00000000
--- a/src/daemon/https/tls/gnutls_anon_cred.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/*
- * Copyright (C) 2001, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-#include "gnutls_int.h"
-#ifdef ENABLE_ANON
-#include "gnutls_errors.h"
-#include "auth_anon.h"
-#include "gnutls_auth_int.h"
-#include "gnutls_dh.h"
-#include "gnutls_num.h"
-#include "gnutls_mpi.h"
-static const int anon_dummy;
-/**
-  * MHD__gnutls_anon_free_server_credentials - Used to free an allocated MHD_gtls_anon_server_credentials_t structure
-  * @sc: is an #MHD_gtls_anon_server_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus this
-  * helper function is provided in order to free (deallocate) it.
-  **/
-void
-MHD__gnutls_anon_free_server_credentials (MHD_gtls_anon_server_credentials_t
-                                          sc)
-{
-  MHD_gnutls_free (sc);
-}
-/**
-  * MHD__gnutls_anon_allocate_server_credentials - Used to allocate an MHD_gtls_anon_server_credentials_t structure
-  * @sc: is a pointer to an #MHD_gtls_anon_server_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus this
-  * helper function is provided in order to allocate it.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  **/
-int
-  MHD__gnutls_anon_allocate_server_credentials
-  (MHD_gtls_anon_server_credentials_t * sc)
-{
-  *sc = MHD_gnutls_calloc (1, sizeof (mhd_anon_server_credentials_st));
-  if (*sc == NULL)
-    return GNUTLS_E_MEMORY_ERROR;
-  return 0;
-}
-/**
-  * MHD__gnutls_anon_free_client_credentials - Used to free an allocated MHD_gtls_anon_client_credentials_t structure
-  * @sc: is an #MHD_gtls_anon_client_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus this
-  * helper function is provided in order to free (deallocate) it.
-  **/
-void
-MHD__gnutls_anon_free_client_credentials (MHD_gtls_anon_client_credentials_t
-                                          sc)
-{
-}
-/**
- * MHD__gnutls_anon_allocate_client_credentials - Used to allocate a credentials structure
- * @sc: is a pointer to an #MHD_gtls_anon_client_credentials_t structure.
- *
- * This structure is complex enough to manipulate directly thus
- * this helper function is provided in order to allocate it.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
- **/
-int
-  MHD__gnutls_anon_allocate_client_credentials
-  (MHD_gtls_anon_client_credentials_t * sc)
-{
-  /* anon_dummy is only there for *sc not to be null.
-   * it is not used at all;
-   */
-  *sc = (void *) &anon_dummy;
-  return 0;
-}
-/**
-  * MHD__gnutls_anon_set_server_dh_params - This function will set the DH parameters for a server to use
-  * @res: is a MHD_gtls_anon_server_credentials_t structure
-  * @dh_params: is a structure that holds diffie hellman parameters.
-  *
-  * This function will set the diffie hellman parameters for an
-  * anonymous server to use.  These parameters will be used in
-  * Anonymous Diffie Hellman cipher suites.
-  **/
-void
-MHD__gnutls_anon_set_server_dh_params (MHD_gtls_anon_server_credentials_t res,
-                                       MHD_gtls_dh_params_t dh_params)
-{
-  res->dh_params = dh_params;
-}
-/**
-  * MHD__gnutls_anon_set_server_params_function - This function will set the DH parameters callback
-  * @res: is a MHD_gtls_cert_credentials_t structure
-  * @func: is the function to be called
-  *
-  * This function will set a callback in order for the server to get
-  * the diffie hellman parameters for anonymous authentication.  The
-  * callback should return zero on success.
-  **/
-void
-MHD__gnutls_anon_set_server_params_function
-  (MHD_gtls_anon_server_credentials_t res, MHD_gnutls_params_function * func)
-{
-  res->params_func = func;
-}
-#endif
diff --git a/src/daemon/https/tls/gnutls_auth.c b/src/daemon/https/tls/gnutls_auth.c
index 6f14d9c8..fcb8ed55 100644
--- a/src/daemon/https/tls/gnutls_auth.c
+++ b/src/daemon/https/tls/gnutls_auth.c
@@ -30,7 +30,6 @@
 #include "auth_cert.h"
 #include <gnutls_datum.h>
-#include "auth_anon.h"
 /* The functions here are used in order for authentication algorithms
 * to be able to retrieve the needed credentials eg public and private
 * key etc.
@@ -79,9 +78,6 @@ MHD__gnutls_credentials_clear (MHD_gtls_session_t session)
  * structure. Thus you will have to keep the structure allocated until
  * you call MHD__gnutls_deinit(). ]
  *
-  * For GNUTLS_CRD_ANON cred should be MHD_gtls_anon_client_credentials_t in case of a client.
-  * In case of a server it should be MHD_gtls_anon_server_credentials_t.
-  *
  * For GNUTLS_CRD_SRP cred should be MHD_gnutls_srp_client_credentials_t
  * in case of a client, and MHD_gnutls_srp_server_credentials_t, in case
  * of a server.
@@ -267,7 +263,6 @@ out:
  * is data obtained by the handshake protocol, the key exchange algorithm,
  * and the TLS extensions messages.
  *
-  * In case of GNUTLS_CRD_ANON returns a type of &anon_(server/client)_auth_info_t;
  * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t;
  * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t;
  -*/
@@ -301,17 +296,6 @@ MHD_gtls_free_auth_info (MHD_gtls_session_t session)
    {
    case MHD_GNUTLS_CRD_SRP:
      break;
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        mhd_anon_auth_info_t info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          break;
-        dh_info = &info->dh;
-        MHD_gtls_free_dh_info (dh_info);
-      }
-      break;
    case MHD_GNUTLS_CRD_CERTIFICATE:
      {
        unsigned int i;
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
index db28ad9a..ba93018d 100644
--- a/src/daemon/https/tls/gnutls_handshake.c
+++ b/src/daemon/https/tls/gnutls_handshake.c
@@ -47,7 +47,6 @@
 #include "gnutls_record.h"
 #include "gnutls_state.h"
 #include "gnutls_rsa_export.h"  /* for MHD_gnutls_get_rsa_params() */
-#include "auth_anon.h"          /* for MHD_gtls_anon_server_credentials_t */
 #include "gc.h"
 #ifdef HANDSHAKE_DEBUG
@@ -2800,22 +2799,6 @@ check_server_params (MHD_gtls_session_t session,
      if (delete == 1)
        return 1;
-#ifdef ENABLE_ANON
-    }
-  else if (cred_type == MHD_GNUTLS_CRD_ANON)
-    {
-      MHD_gtls_anon_server_credentials_t anon_cred =
-        (MHD_gtls_anon_server_credentials_t) MHD_gtls_get_cred (session->key,
-                                                                cred_type,
-                                                                NULL);
-      if (anon_cred != NULL)
-        {
-          dh_params =
-            MHD_gtls_get_dh_params (anon_cred->dh_params,
-                                    anon_cred->params_func, session);
-        }
-#endif
 #ifdef ENABLE_PSK
    }
  else if (cred_type == MHD_GNUTLS_CRD_PSK)
diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c
index ab359f6c..be80bfb7 100644
--- a/src/daemon/https/tls/gnutls_session_pack.c
+++ b/src/daemon/https/tls/gnutls_session_pack.c
@@ -33,7 +33,6 @@
 #ifdef ENABLE_PSK
 # include <auth_psk.h>
 #endif
-#include <auth_anon.h>
 #include <auth_cert.h>
 #include <gnutls_errors.h>
 #include <gnutls_auth_int.h>
@@ -55,175 +54,6 @@ static int unpack_security_parameters (MHD_gtls_session_t session,
 static int pack_security_parameters (MHD_gtls_session_t session,
                                     MHD_gnutls_datum_t * packed_session);
-/* Packs the ANON session authentication data. */
-#ifdef ENABLE_ANON
-/* Format:
- *      1 byte the credentials type
- *      4 bytes the size of the whole structure
- *      2 bytes the size of secret key in bits
- *      4 bytes the size of the prime
- *      x bytes the prime
- *      4 bytes the size of the generator
- *      x bytes the generator
- *      4 bytes the size of the public key
- *      x bytes the public key
- */
-static int
-pack_anon_auth_info (MHD_gtls_session_t session,
-                     MHD_gnutls_datum_t * packed_session)
-{
-  mhd_anon_auth_info_t info = MHD_gtls_get_auth_info (session);
-  int pos = 0;
-  size_t pack_size;
-  if (info)
-    pack_size = 2 + 4 * 3 + info->dh.prime.size +
-      info->dh.generator.size + info->dh.public_key.size;
-  else
-    pack_size = 0;
-  packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
-  /* calculate the size and allocate the data.
-   */
-  packed_session->data =
-    MHD_gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
-  if (packed_session->data == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-  packed_session->data[0] = MHD_GNUTLS_CRD_ANON;
-  MHD_gtls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]);
-  pos += 4 + PACK_HEADER_SIZE;
-  if (pack_size > 0)
-    {
-      MHD_gtls_write_uint16 (info->dh.secret_bits,
-                             &packed_session->data[pos]);
-      pos += 2;
-      MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime);
-      pos += 4 + info->dh.prime.size;
-      MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator);
-      pos += 4 + info->dh.generator.size;
-      MHD_gtls_write_datum32 (&packed_session->data[pos],
-                              info->dh.public_key);
-      pos += 4 + info->dh.public_key.size;
-    }
-  return 0;
-}
-/* Format:
- *      1 byte the credentials type
- *      4 bytes the size of the whole structure
- *      2 bytes the size of secret key in bits
- *      4 bytes the size of the prime
- *      x bytes the prime
- *      4 bytes the size of the generator
- *      x bytes the generator
- *      4 bytes the size of the public key
- *      x bytes the public key
- */
-static int
-unpack_anon_auth_info (MHD_gtls_session_t session,
-                       const MHD_gnutls_datum_t * packed_session)
-{
-  size_t pack_size;
-  int pos = 0, size, ret;
-  mhd_anon_auth_info_t info;
-  if (packed_session->data[0] != MHD_GNUTLS_CRD_ANON)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  pack_size = MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
-  pos += PACK_HEADER_SIZE + 4;
-  if (pack_size == 0)
-    return 0;                   /* nothing to be done */
-  /* a simple check for integrity */
-  if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  /* client and serer have the same auth_info here
-   */
-  ret =
-    MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
-                            sizeof (anon_auth_info_st), 1);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  info->dh.secret_bits = MHD_gtls_read_uint16 (&packed_session->data[pos]);
-  pos += 2;
-  size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  ret =
-    MHD__gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      goto error;
-    }
-  pos += size;
-  size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  ret =
-    MHD__gnutls_set_datum (&info->dh.generator, &packed_session->data[pos],
-                           size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      goto error;
-    }
-  pos += size;
-  size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  ret =
-    MHD__gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos],
-                           size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      goto error;
-    }
-  pos += size;
-  return 0;
-error:
-  MHD__gnutls_free_datum (&info->dh.prime);
-  MHD__gnutls_free_datum (&info->dh.generator);
-  MHD__gnutls_free_datum (&info->dh.public_key);
-  return ret;
-}
-#endif /* ANON */
 /* Since auth_info structures contain malloced data, this function
 * is required in order to pack these structures in a vector in
 * order to store them to the DB.
@@ -267,16 +97,6 @@ MHD_gtls_session_pack (MHD_gtls_session_t session,
        }
      break;
 #endif
-#ifdef ENABLE_ANON
-    case MHD_GNUTLS_CRD_ANON:
-      ret = pack_anon_auth_info (session, packed_session);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-      break;
-#endif
    case MHD_GNUTLS_CRD_CERTIFICATE:
      ret = pack_certificate_auth_info (session, packed_session);
      if (ret < 0)
@@ -346,16 +166,6 @@ MHD_gtls_session_unpack (MHD_gtls_session_t session,
        }
      break;
 #endif
-#ifdef ENABLE_ANON
-    case MHD_GNUTLS_CRD_ANON:
-      ret = unpack_anon_auth_info (session, packed_session);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-      break;
-#endif
    case MHD_GNUTLS_CRD_CERTIFICATE:
      ret = unpack_certificate_auth_info (session, packed_session);
      if (ret < 0)
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c
index 4f4ea122..0372b0f6 100644
--- a/src/daemon/https/tls/gnutls_state.c
+++ b/src/daemon/https/tls/gnutls_state.c
@@ -38,7 +38,6 @@
 #include <gnutls_buffers.h>
 #include <gnutls_state.h>
 #include <auth_cert.h>
-#include <auth_anon.h>
 #include <gnutls_algorithms.h>
 #include <gnutls_rsa_export.h>
@@ -437,16 +436,6 @@ MHD_gtls_dh_set_peer_public (MHD_gtls_session_t session, mpi_t public)
  switch (MHD_gtls_auth_get_type (session))
    {
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        mhd_anon_auth_info_t info;
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &info->dh;
-        break;
-      }
    case MHD_GNUTLS_CRD_CERTIFICATE:
      {
        cert_auth_info_t info;
@@ -478,15 +467,6 @@ MHD_gtls_dh_set_secret_bits (MHD_gtls_session_t session, unsigned bits)
 {
  switch (MHD_gtls_auth_get_type (session))
    {
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        mhd_anon_auth_info_t info;
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        info->dh.secret_bits = bits;
-        break;
-      }
    case MHD_GNUTLS_CRD_CERTIFICATE:
      {
        cert_auth_info_t info;
@@ -548,16 +528,6 @@ MHD_gtls_dh_set_group (MHD_gtls_session_t session, mpi_t gen, mpi_t prime)
  switch (MHD_gtls_auth_get_type (session))
    {
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        mhd_anon_auth_info_t info;
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &info->dh;
-        break;
-      }
    case MHD_GNUTLS_CRD_CERTIFICATE:
      {
        cert_auth_info_t info;
diff --git a/src/daemon/https/tls/gnutls_ui.c b/src/daemon/https/tls/gnutls_ui.c
index a2594332..1963ce08 100644
--- a/src/daemon/https/tls/gnutls_ui.c
+++ b/src/daemon/https/tls/gnutls_ui.c
@@ -27,7 +27,6 @@
 */
 #include <gnutls_int.h>
-#include <auth_anon.h>
 #include <auth_cert.h>
 #include <gnutls_errors.h>
 #include <gnutls_auth_int.h>
@@ -58,575 +57,3 @@ MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session, unsigned int bits)
  session->internals.dh_prime_bits = bits;
 }
-/**
- * MHD__gnutls_dh_get_group - This function returns the group of the DH authentication
- * @session: is a gnutls session
- * @raw_gen: will hold the generator.
- * @raw_prime: will hold the prime.
- *
- * This function will return the group parameters used in the last Diffie Hellman
- * authentication with the peer. These are the prime and the generator used.
- * This function should be used for both anonymous and ephemeral diffie Hellman.
- * The output parameters must be freed with MHD_gnutls_free().
- *
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_group (MHD_gtls_session_t session,
-                          MHD_gnutls_datum_t * raw_gen,
-                          MHD_gnutls_datum_t * raw_prime)
-{
-  MHD_gtls_dh_info_st *dh;
-  int ret;
-  mhd_anon_auth_info_t anon_info;
-  cert_auth_info_t cert_info;
-  switch (MHD_gtls_auth_get_type (session))
-    {
-    case MHD_GNUTLS_CRD_ANON:
-      anon_info = MHD_gtls_get_auth_info (session);
-      if (anon_info == NULL)
-        return GNUTLS_E_INTERNAL_ERROR;
-      dh = &anon_info->dh;
-      break;
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      cert_info = MHD_gtls_get_auth_info (session);
-      if (cert_info == NULL)
-        return GNUTLS_E_INTERNAL_ERROR;
-      dh = &cert_info->dh;
-      break;
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  ret = MHD__gnutls_set_datum (raw_prime, dh->prime.data, dh->prime.size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-  ret =
-    MHD__gnutls_set_datum (raw_gen, dh->generator.data, dh->generator.size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD__gnutls_free_datum (raw_prime);
-      return ret;
-    }
-  return 0;
-}
-/**
- * MHD__gnutls_dh_get_pubkey - This function returns the peer's public key used in DH authentication
- * @session: is a gnutls session
- * @raw_key: will hold the public key.
- *
- * This function will return the peer's public key used in the last Diffie Hellman authentication.
- * This function should be used for both anonymous and ephemeral diffie Hellman.
- * The output parameters must be freed with MHD_gnutls_free().
- *
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_pubkey (MHD_gtls_session_t session,
-                           MHD_gnutls_datum_t * raw_key)
-{
-  MHD_gtls_dh_info_st *dh;
-  mhd_anon_auth_info_t anon_info;
-  cert_auth_info_t cert_info;
-  cert_auth_info_t psk_info;
-  switch (MHD_gtls_auth_get_type (session))
-    {
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        anon_info = MHD_gtls_get_auth_info (session);
-        if (anon_info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &anon_info->dh;
-        break;
-      }
-    case MHD_GNUTLS_CRD_PSK:
-      {
-        psk_info = MHD_gtls_get_auth_info (session);
-        if (psk_info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &psk_info->dh;
-        break;
-      }
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      {
-        cert_info = MHD_gtls_get_auth_info (session);
-        if (cert_info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &cert_info->dh;
-        break;
-      }
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  return MHD__gnutls_set_datum (raw_key, dh->public_key.data,
-                                dh->public_key.size);
-}
-/**
- * MHD_gtls_rsa_export_get_pubkey - This function returns the peer's public key used in RSA-EXPORT authentication
- * @session: is a gnutls session
- * @exponent: will hold the exponent.
- * @modulus: will hold the modulus.
- *
- * This function will return the peer's public key exponent and
- * modulus used in the last RSA-EXPORT authentication.  The output
- * parameters must be freed with MHD_gnutls_free().
- *
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD_gtls_rsa_export_get_pubkey (MHD_gtls_session_t session,
-                                MHD_gnutls_datum_t * exponent,
-                                MHD_gnutls_datum_t * modulus)
-{
-  cert_auth_info_t info;
-  int ret;
-  if (MHD_gtls_auth_get_type (session) == MHD_GNUTLS_CRD_CERTIFICATE)
-    {
-      info = MHD_gtls_get_auth_info (session);
-      if (info == NULL)
-        return GNUTLS_E_INTERNAL_ERROR;
-      ret = MHD__gnutls_set_datum (modulus, info->rsa_export.modulus.data,
-                                   info->rsa_export.modulus.size);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-      ret = MHD__gnutls_set_datum (exponent, info->rsa_export.exponent.data,
-                                   info->rsa_export.exponent.size);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          MHD__gnutls_free_datum (modulus);
-          return ret;
-        }
-      return 0;
-    }
-  return GNUTLS_E_INVALID_REQUEST;
-}
-/**
- * MHD__gnutls_dh_get_secret_bits - This function returns the bits used in DH authentication
- * @session: is a gnutls session
- *
- * This function will return the bits used in the last Diffie Hellman authentication
- * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_secret_bits (MHD_gtls_session_t session)
-{
-  switch (MHD_gtls_auth_get_type (session))
-    {
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        mhd_anon_auth_info_t info;
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        return info->dh.secret_bits;
-      }
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      {
-        cert_auth_info_t info;
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        return info->dh.secret_bits;
-      }
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-}
-/**
- * MHD__gnutls_dh_get_prime_bits - This function returns the bits used in DH authentication
- * @session: is a gnutls session
- *
- * This function will return the bits of the prime used in the last Diffie Hellman authentication
- * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_prime_bits (MHD_gtls_session_t session)
-{
-  MHD_gtls_dh_info_st *dh;
-  switch (MHD_gtls_auth_get_type (session))
-    {
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        mhd_anon_auth_info_t info;
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &info->dh;
-        break;
-      }
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      {
-        cert_auth_info_t info;
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &info->dh;
-        break;
-      }
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  return (dh->prime.size) * 8;
-}
-/**
- * MHD_gtls_rsa_export_get_modulus_bits - This function returns the bits used in RSA-export key exchange
- * @session: is a gnutls session
- *
- * This function will return the bits used in the last RSA-EXPORT key exchange
- * with the peer.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD_gtls_rsa_export_get_modulus_bits (MHD_gtls_session_t session)
-{
-  cert_auth_info_t info;
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL)
-    return GNUTLS_E_INTERNAL_ERROR;
-  return info->rsa_export.modulus.size * 8;
-}
-/**
- * MHD__gnutls_dh_get_peers_public_bits - This function returns the bits used in DH authentication
- * @session: is a gnutls session
- *
- * This function will return the bits used in the last Diffie Hellman authentication
- * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_peers_public_bits (MHD_gtls_session_t session)
-{
-  MHD_gtls_dh_info_st *dh;
-  switch (MHD_gtls_auth_get_type (session))
-    {
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        mhd_anon_auth_info_t info;
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &info->dh;
-        break;
-      }
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      {
-        cert_auth_info_t info;
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &info->dh;
-        break;
-      }
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  return dh->public_key.size * 8;
-}
-/* CERTIFICATE STUFF */
-/**
- * MHD_gtls_certificate_get_ours - This function returns the raw certificate sent in the last handshake
- * @session: is a gnutls session
- *
- * This function will return the certificate as sent to the peer,
- * in the last handshake. These certificates are in raw format.
- * In X.509 this is a certificate list. In OpenPGP this is a single
- * certificate.
- * Returns NULL in case of an error, or if no certificate was used.
- *
- **/
-const MHD_gnutls_datum_t *
-MHD_gtls_certificate_get_ours (MHD_gtls_session_t session)
-{
-  MHD_gtls_cert_credentials_t cred;
-  CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-  cred
-    = (MHD_gtls_cert_credentials_t) MHD_gtls_get_cred (session->key,
-                                                       MHD_GNUTLS_CRD_CERTIFICATE,
-                                                       NULL);
-  if (cred == NULL || cred->cert_list == NULL)
-    {
-      MHD_gnutls_assert ();
-      return NULL;
-    }
-  if (session->internals.selected_cert_list == NULL)
-    return NULL;
-  return &session->internals.selected_cert_list[0].raw;
-}
-/**
- * MHD_gtls_certificate_get_peers - This function returns the peer's raw certificate
- * @session: is a gnutls session
- * @list_size: is the length of the certificate list
- *
- * This function will return the peer's raw certificate (chain) as
- * sent by the peer. These certificates are in raw format (DER encoded
- * for X.509). In case of a X.509 then a certificate list may be present.
- * The first certificate in the list is the peer's certificate,
- * following the issuer's certificate, then the issuer's issuer etc.
- *
- * In case of OpenPGP keys a single key will be returned
- * in raw format.
- *
- * Returns NULL in case of an error, or if no certificate was sent.
- *
- **/
-const MHD_gnutls_datum_t *
-MHD_gtls_certificate_get_peers (MHD_gtls_session_t
-                                session, unsigned int *list_size)
-{
-  cert_auth_info_t info;
-  CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL)
-    return NULL;
-  *list_size = info->ncerts;
-  return info->raw_certificate_list;
-}
-/**
- * MHD_gtls_certificate_client_get_request_status - This function returns the certificate request status
- * @session: is a gnutls session
- *
- * This function will return 0 if the peer (server) did not request client
- * authentication or 1 otherwise.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD_gtls_certificate_client_get_request_status (MHD_gtls_session_t session)
-{
-  cert_auth_info_t info;
-  CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, 0);
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL)
-    return GNUTLS_E_INTERNAL_ERROR;
-  return info->certificate_requested;
-}
-/**
- * MHD__gnutls_fingerprint - This function calculates the fingerprint of the given data
- * @algo: is a digest algorithm
- * @data: is the data
- * @result: is the place where the result will be copied (may be null).
- * @result_size: should hold the size of the result. The actual size
- * of the returned result will also be copied there.
- *
- * This function will calculate a fingerprint (actually a hash), of the
- * given data. The result is not printable data. You should convert it
- * to hex, or to something else printable.
- *
- * This is the usual way to calculate a fingerprint of an X.509
- * DER encoded certificate. Note however that the fingerprint
- * of an OpenPGP is not just a hash and cannot be calculated with
- * this function.
- *
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo,
-                         const MHD_gnutls_datum_t * data,
-                         void *result, size_t * result_size)
-{
-  GNUTLS_HASH_HANDLE td;
-  int hash_len = MHD_gnutls_hash_get_algo_len (HASH2MAC (algo));
-  if (hash_len < 0 || (unsigned) hash_len > *result_size || result == NULL)
-    {
-      *result_size = hash_len;
-      return GNUTLS_E_SHORT_MEMORY_BUFFER;
-    }
-  *result_size = hash_len;
-  if (result)
-    {
-      td = MHD_gtls_hash_init (HASH2MAC (algo));
-      if (td == NULL)
-        return GNUTLS_E_HASH_FAILED;
-      MHD_gnutls_hash (td, data->data, data->size);
-      MHD_gnutls_hash_deinit (td, result);
-    }
-  return 0;
-}
-/**
- * MHD__gnutls_certificate_set_dh_params - This function will set the DH parameters for a server to use
- * @res: is a MHD_gtls_cert_credentials_t structure
- * @dh_params: is a structure that holds diffie hellman parameters.
- *
- * This function will set the diffie hellman parameters for a
- * certificate server to use. These parameters will be used in
- * Ephemeral Diffie Hellman cipher suites.  Note that only a pointer
- * to the parameters are stored in the certificate handle, so if you
- * deallocate the parameters before the certificate is deallocated,
- * you must change the parameters stored in the certificate first.
- *
- **/
-void
-MHD__gnutls_certificate_set_dh_params (MHD_gtls_cert_credentials_t res,
-                                       MHD_gtls_dh_params_t dh_params)
-{
-  res->dh_params = dh_params;
-}
-/**
- * MHD_gnutls_certificate_set_params_function - This function will set the DH or RSA parameters callback
- * @res: is a MHD_gtls_cert_credentials_t structure
- * @func: is the function to be called
- *
- * This function will set a callback in order for the server to get the
- * diffie hellman or RSA parameters for certificate authentication. The callback
- * should return zero on success.
- *
- **/
-void
-MHD_gnutls_certificate_set_params_function (MHD_gtls_cert_credentials_t res,
-                                            MHD_gnutls_params_function * func)
-{
-  res->params_func = func;
-}
-/**
- * MHD__gnutls_certificate_set_verify_flags - This function will set the flags to be used at certificate verification
- * @res: is a MHD_gtls_cert_credentials_t structure
- * @flags: are the flags
- *
- * This function will set the flags to be used at verification of the
- * certificates.  Flags must be OR of the
- * #MHD_gnutls_certificate_verify_flags enumerations.
- *
- **/
-void
-MHD__gnutls_certificate_set_verify_flags (MHD_gtls_cert_credentials_t
-                                          res, unsigned int flags)
-{
-  res->verify_flags = flags;
-}
-/**
- * MHD__gnutls_certificate_set_verify_limits - This function will set the upper limits to be used at certificate verification
- * @res: is a MHD_gnutls_certificate_credentials structure
- * @max_bits: is the number of bits of an acceptable certificate (default 8200)
- * @max_depth: is maximum depth of the verification of a certificate chain (default 5)
- *
- * This function will set some upper limits for the default verification function,
- * MHD_gtls_certificate_verify_peers2(), to avoid denial of service attacks.
- * You can set them to zero to disable limits.
- *
- **/
-void
-MHD__gnutls_certificate_set_verify_limits (MHD_gtls_cert_credentials_t
-                                           res,
-                                           unsigned int max_bits,
-                                           unsigned int max_depth)
-{
-  res->verify_depth = max_depth;
-  res->verify_bits = max_bits;
-}
-/**
- * MHD__gnutls_certificate_set_rsa_export_params - This function will set the RSA parameters for a server to use
- * @res: is a MHD_gtls_cert_credentials_t structure
- * @rsa_params: is a structure that holds temporary RSA parameters.
- *
- * This function will set the temporary RSA parameters for a certificate
- * server to use. These parameters will be used in RSA-EXPORT
- * cipher suites.
- *
- **/
-void
-MHD__gnutls_certificate_set_rsa_export_params (MHD_gtls_cert_credentials_t
-                                               res,
-                                               MHD_gtls_rsa_params_t
-                                               rsa_params)
-{
-  res->rsa_params = rsa_params;
-}
-/**
- * MHD_gnutls_anon_set_params_function - This function will set the DH or RSA parameters callback
- * @res: is a MHD_gtls_anon_server_credentials_t structure
- * @func: is the function to be called
- *
- * This function will set a callback in order for the server to get the
- * diffie hellman or RSA parameters for anonymous authentication. The callback
- * should return zero on success.
- *
- **/
-void
-MHD_gnutls_anon_set_params_function (MHD_gtls_anon_server_credentials_t res,
-                                     MHD_gnutls_params_function * func)
-{
-  res->params_func = func;
-}
diff --git a/src/daemon/internal.h b/src/daemon/internal.h
index 8c4b8eb4..e0514b9a 100644
--- a/src/daemon/internal.h
+++ b/src/daemon/internal.h
@@ -652,9 +652,6 @@ struct MHD_Daemon
  /* server x509 credintials */
  MHD_gtls_cert_credentials_t x509_cred;
-  /* credentials used for anonymous authentication */
-  MHD_gtls_anon_server_credentials_t anon_cred;
  /* cipher priority cache */
  MHD_gnutls_priority_t priority_cache;
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 35b14e62..fc9df921 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -365,8 +365,8 @@ enum MHD_OPTION
  MHD_OPTION_HTTPS_MEM_CERT = 10,
  /**
-   * Daemon credentials type.  Either certificate or anonymous,
+   * Daemon credentials type. 
-   * this option should be followed by one of the values listed in
+   * This option should be followed by one of the values listed in
   * "enum MHD_GNUTLS_CredentialsType".
   */
  MHD_OPTION_CRED_TYPE = 11,
@@ -530,7 +530,6 @@ enum MHD_GNUTLS_KeyExchangeAlgorithm
  MHD_GNUTLS_KX_RSA = 1,
  MHD_GNUTLS_KX_DHE_DSS,
  MHD_GNUTLS_KX_DHE_RSA,
-  MHD_GNUTLS_KX_ANON_DH,
  MHD_GNUTLS_KX_SRP,
  MHD_GNUTLS_KX_RSA_EXPORT,
  MHD_GNUTLS_KX_SRP_RSA,
@@ -549,11 +548,6 @@ enum MHD_GNUTLS_CredentialsType
  MHD_GNUTLS_CRD_CERTIFICATE = 1,
  /**
-   * We have no certificate ("anonymous").
-   */
-  MHD_GNUTLS_CRD_ANON,
-  /**
   * Use SRP (password-based authentication).
   */
  MHD_GNUTLS_CRD_SRP,
diff --git a/src/testcurl/https/Makefile.am b/src/testcurl/https/Makefile.am
index 7d3e8460..c4276711 100644
--- a/src/testcurl/https/Makefile.am
+++ b/src/testcurl/https/Makefile.am
@@ -11,8 +11,6 @@ $(LIBCURL_CPPFLAGS)
 check_PROGRAMS = \
  tls_daemon_options_test \
-  tls_daemon_options_adh_test \
-  tls_daemon_options_dh_test \
  tls_authentication_test \
  mhds_multi_daemon_test \
  mhds_session_info_test
@@ -55,20 +53,6 @@ tls_daemon_options_test_LDADD = \
  $(top_builddir)/src/daemon/libmicrohttpd.la \
  @LIBCURL@
-tls_daemon_options_dh_test_SOURCES = \
-  tls_daemon_options_dh_test.c
-tls_daemon_options_dh_test_LDADD = \
-  $(top_builddir)/src/testcurl/libcurl_version_check.a \
-  $(top_builddir)/src/daemon/libmicrohttpd.la \
-  @LIBCURL@
-tls_daemon_options_adh_test_SOURCES = \
-  tls_daemon_options_adh_test.c
-tls_daemon_options_adh_test_LDADD = \
-  $(top_builddir)/src/testcurl/libcurl_version_check.a \
-  $(top_builddir)/src/daemon/libmicrohttpd.la \
-  @LIBCURL@
 tls_authentication_test_SOURCES = \
  tls_authentication_test.c
 tls_authentication_test_LDADD  = \
diff --git a/src/testcurl/https/tls_daemon_options_adh_test.c b/src/testcurl/https/tls_daemon_options_adh_test.c
deleted file mode 100644
index 9cce0002..00000000
--- a/src/testcurl/https/tls_daemon_options_adh_test.c
+++ /dev/null
@@ -1,395 +0,0 @@
-/*
- This file is part of libmicrohttpd
- (C) 2007 Christian Grothoff
- libmicrohttpd is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published
- by the Free Software Foundation; either version 2, or (at your
- option) any later version.
- libmicrohttpd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with libmicrohttpd; see the file COPYING.  If not, write to the
- Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA.
- */
-/**
- * @file tls_daemon_options_adh_test.c
- * @brief  Testcase for libmicrohttpd HTTPS GET operations
- * @author Sagie Amir
- */
-#include "platform.h"
-#include "microhttpd.h"
-#include <sys/stat.h>
-#include "gnutls.h"
-#include <curl/curl.h>
-#define DEBUG_CURL_VERBOSE 0
-#define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>"
-#define MHD_E_MEM "Error: memory error\n"
-#define MHD_E_SERVER_INIT "Error: failed to start server\n"
-#define MHD_E_TEST_FILE_CREAT "Error: failed to setup test file\n"
-#define MHD_E_CERT_FILE_CREAT "Error: failed to setup test certificate\n"
-#define MHD_E_KEY_FILE_CREAT "Error: failed to setup test certificate\n"
-#include "tls_test_keys.h"
-const int DEBUG_GNUTLS_LOG_LEVEL = 0;
-const char *test_file_name = "https_test_file";
-const char test_file_data[] = "Hello World\n";
-int curl_check_version (const char *req_version, ...);
-struct CBC
-{
-  char *buf;
-  size_t pos;
-  size_t size;
-};
-static size_t
-copyBuffer (void *ptr, size_t size, size_t nmemb, void *ctx)
-{
-  struct CBC *cbc = ctx;
-  if (cbc->pos + size * nmemb > cbc->size)
-    return 0;                   /* overflow */
-  memcpy (&cbc->buf[cbc->pos], ptr, size * nmemb);
-  cbc->pos += size * nmemb;
-  return size * nmemb;
-}
-static int
-file_reader (void *cls, size_t pos, char *buf, int max)
-{
-  FILE *file = cls;
-  fseek (file, pos, SEEK_SET);
-  return fread (buf, 1, max, file);
-}
-/* HTTP access handler call back */
-static int
-http_ahc (void *cls, struct MHD_Connection *connection,
-          const char *url, const char *method, const char *upload_data,
-          const char *version, unsigned int *upload_data_size, void **ptr)
-{
-  static int aptr;
-  struct MHD_Response *response;
-  int ret;
-  FILE *file;
-  struct stat buf;
-  if (0 != strcmp (method, MHD_HTTP_METHOD_GET))
-    return MHD_NO;              /* unexpected method */
-  if (&aptr != *ptr)
-    {
-      /* do never respond on first call */
-      *ptr = &aptr;
-      return MHD_YES;
-    }
-  *ptr = NULL;                  /* reset when done */
-  file = fopen (url, "r");
-  if (file == NULL)
-    {
-      response = MHD_create_response_from_data (strlen (PAGE_NOT_FOUND),
-                                                (void *) PAGE_NOT_FOUND,
-                                                MHD_NO, MHD_NO);
-      ret = MHD_queue_response (connection, MHD_HTTP_NOT_FOUND, response);
-      MHD_destroy_response (response);
-    }
-  else
-    {
-      stat (url, &buf);
-      response = MHD_create_response_from_callback (buf.st_size, 32 * 1024,     /* 32k PAGE_NOT_FOUND size */
-                                                    &file_reader, file,
-                                                    (MHD_ContentReaderFreeCallback)
-                                                    & fclose);
-      ret = MHD_queue_response (connection, MHD_HTTP_OK, response);
-      MHD_destroy_response (response);
-    }
-  return ret;
-}
-/*
- * test HTTPS transfer
- * @param test_fd: file to attempt transfering
- */
-static int
-test_https_transfer (FILE * test_fd, char *cipher_suite, int proto_version)
-{
-  CURL *c;
-  CURLcode errornum;
-  struct CBC cbc;
-  char *doc_path;
-  char url[255];
-  struct stat statb;
-  stat (test_file_name, &statb);
-  int len = statb.st_size;
-  /* used to memcmp local copy & deamon supplied copy */
-  unsigned char *mem_test_file_local;
-  /* setup test file path, url */
-  doc_path = get_current_dir_name ();
-  if (NULL == (mem_test_file_local = malloc (len)))
-    {
-      fclose (test_fd);
-      fprintf (stderr, MHD_E_MEM);
-      return -1;
-    }
-  fseek (test_fd, 0, SEEK_SET);
-  if (fread (mem_test_file_local, sizeof (char), len, test_fd) != len)
-    {
-      fclose (test_fd);
-      fprintf (stderr, "Error: failed to read test file. %s\n",
-               strerror (errno));
-      return -1;
-    }
-  if (NULL == (cbc.buf = malloc (sizeof (char) * len)))
-    {
-      fclose (test_fd);
-      fprintf (stderr, MHD_E_MEM);
-      return -1;
-    }
-  cbc.size = len;
-  cbc.pos = 0;
-  /* construct url - this might use doc_path */
-  sprintf (url, "%s%s/%s", "https://localhost:42433",
-           doc_path, test_file_name);
-  c = curl_easy_init ();
-#if DEBUG_CURL_VERBOSE
-  curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
-#endif
-  curl_easy_setopt (c, CURLOPT_URL, url);
-  curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
-  curl_easy_setopt (c, CURLOPT_TIMEOUT, 5L);
-  curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 5L);
-  curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, &copyBuffer);
-  curl_easy_setopt (c, CURLOPT_FILE, &cbc);
-  /* TLS options */
-  curl_easy_setopt (c, CURLOPT_SSLVERSION, proto_version);
-  curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite);
-  /* currently skip any peer authentication */
-  curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
-  curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
-  curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);
-  /* NOTE: use of CONNECTTIMEOUT without also
-     setting NOSIGNAL results in really weird
-     crashes on my system! */
-  curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1);
-  if (CURLE_OK != (errornum = curl_easy_perform (c)))
-    {
-      fprintf (stderr, "curl_easy_perform failed: `%s'\n",
-               curl_easy_strerror (errornum));
-      curl_easy_cleanup (c);
-      return errornum;
-    }
-  curl_easy_cleanup (c);
-  if (memcmp (cbc.buf, mem_test_file_local, len) != 0)
-    {
-      fprintf (stderr, "Error: local file & received file differ.\n");
-      free (cbc.buf);
-      free (mem_test_file_local);
-      return -1;
-    }
-  free (mem_test_file_local);
-  free (cbc.buf);
-  free (doc_path);
-  return 0;
-}
-static FILE *
-setupTestFile ()
-{
-  FILE *test_fd;
-  if (NULL == (test_fd = fopen (test_file_name, "w+")))
-    {
-      fprintf (stderr, "Error: failed to open `%s': %s\n",
-               test_file_name, strerror (errno));
-      return NULL;
-    }
-  if (fwrite (test_file_data, sizeof (char), strlen (test_file_data), test_fd)
-      != strlen (test_file_data))
-    {
-      fprintf (stderr, "Error: failed to write `%s. %s'\n",
-               test_file_name, strerror (errno));
-      return NULL;
-    }
-  if (fflush (test_fd))
-    {
-      fprintf (stderr, "Error: failed to flush test file stream. %s\n",
-               strerror (errno));
-      return NULL;
-    }
-  return test_fd;
-}
-static int
-setup (struct MHD_Daemon **d, va_list arg_list)
-{
-  *d = MHD_start_daemon_va (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
-                            MHD_USE_DEBUG, 42433,
-                            NULL, NULL, &http_ahc, NULL, arg_list);
-  if (*d == NULL)
-    {
-      fprintf (stderr, MHD_E_SERVER_INIT);
-      return -1;
-    }
-  return 0;
-}
-static void
-teardown (struct MHD_Daemon *d)
-{
-  MHD_stop_daemon (d);
-}
-/* TODO test_wrap: change sig to (setup_func, test, va_list test_arg) & move to test_util.c */
-int
-test_wrap (char *test_name, int
-           (*test) (FILE * test_fd, char *cipher_suite, int proto_version),
-           FILE * test_fd, char *cipher_suite, int proto_version, ...)
-{
-  int ret;
-  va_list arg_list;
-  struct MHD_Daemon *d;
-  va_start (arg_list, proto_version);
-  if (setup (&d, arg_list) != 0)
-    {
-      va_end (arg_list);
-      return -1;
-    }
-  fprintf (stdout, "running test: %s ", test_name);
-  ret = test (test_fd, cipher_suite, proto_version);
-  if (ret == 0)
-    {
-      fprintf (stdout, "[pass]\n");
-    }
-  else
-    {
-      fprintf (stdout, "[fail]\n");
-    }
-  teardown (d);
-  va_end (arg_list);
-  return ret;
-}
-/*
- * test server refuses to negotiate connections with unsupported protocol versions
- */
-int
-test_protocol_version (FILE * test_fd, char *cipher_suite,
-                       int curl_proto_version)
-{
-  CURL *c;
-  CURLcode errornum;
-  c = curl_easy_init ();
-#if DEBUG_CURL_VERBOSE
-  curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
-#endif
-  curl_easy_setopt (c, CURLOPT_URL, "https://localhost:42433/");
-  curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
-  curl_easy_setopt (c, CURLOPT_TIMEOUT, 5L);
-  curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 5L);
-  /* TLS options */
-  curl_easy_setopt (c, CURLOPT_SSLVERSION, curl_proto_version);
-  curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite);
-  curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
-  curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
-  curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);
-  /* NOTE: use of CONNECTTIMEOUT without also
-     setting NOSIGNAL results in really weird
-     crashes on my system! */
-  curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1);
-  /* assert daemon rejected request */
-  if (CURLE_OK == (errornum = curl_easy_perform (c)))
-    {
-      fprintf (stderr, "curl_easy_perform failed: `%s'\n",
-               curl_easy_strerror (errornum));
-      curl_easy_cleanup (c);
-      return -1;
-    }
-  return 0;
-}
-/* setup a temporary transfer test file */
-int
-main (int argc, char *const *argv)
-{
-  FILE *test_fd;
-  unsigned int errorCount = 0;
-  MHD_gtls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL);
-  if (curl_check_version (MHD_REQ_CURL_VERSION))
-    {
-      return -1;
-    }
-  if ((test_fd = setupTestFile ()) == NULL)
-    {
-      fprintf (stderr, MHD_E_TEST_FILE_CREAT);
-      return -1;
-    }
-  if (0 != curl_global_init (CURL_GLOBAL_ALL))
-    {
-      fprintf (stderr, "Error: %s\n", strerror (errno));
-      return -1;
-    }
-  int kx[] = { MHD_GNUTLS_KX_ANON_DH, 0 };
-  errorCount +=
-    test_wrap ("ADH-AES256-SHA", &test_https_transfer, test_fd,
-               "ADH-AES256-SHA", CURL_SSLVERSION_TLSv1,
-               MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON,
-               MHD_OPTION_KX_PRIORITY, kx, MHD_OPTION_END);
-  if (errorCount != 0)
-    fprintf (stderr, "Failed test: %s.\n", argv[0]);
-  curl_global_cleanup ();
-  fclose (test_fd);
-  remove (test_file_name);
-  return errorCount != 0;
-}
diff --git a/src/testcurl/https/tls_daemon_options_dh_test.c b/src/testcurl/https/tls_daemon_options_dh_test.c
deleted file mode 100644
index ff659185..00000000
--- a/src/testcurl/https/tls_daemon_options_dh_test.c
+++ /dev/null
@@ -1,397 +0,0 @@
-/*
- This file is part of libmicrohttpd
- (C) 2007 Christian Grothoff
- libmicrohttpd is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published
- by the Free Software Foundation; either version 2, or (at your
- option) any later version.
- libmicrohttpd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with libmicrohttpd; see the file COPYING.  If not, write to the
- Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA.
- */
-/**
- * @file tls_daemon_options_dh_test.c
- * @brief  Testcase for libmicrohttpd HTTPS GET operations
- * @author Sagie Amir
- */
-#include "platform.h"
-#include "microhttpd.h"
-#include <sys/stat.h>
-#include "gnutls.h"
-#include <curl/curl.h>
-#define DEBUG_CURL_VERBOSE 0
-#define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>"
-#define MHD_E_MEM "Error: memory error\n"
-#define MHD_E_SERVER_INIT "Error: failed to start server\n"
-#define MHD_E_TEST_FILE_CREAT "Error: failed to setup test file\n"
-#define MHD_E_CERT_FILE_CREAT "Error: failed to setup test certificate\n"
-#define MHD_E_KEY_FILE_CREAT "Error: failed to setup test certificate\n"
-#include "tls_test_keys.h"
-const int DEBUG_GNUTLS_LOG_LEVEL = 0;
-const char *test_file_name = "https_test_file";
-const char test_file_data[] = "Hello World\n";
-int curl_check_version (const char *req_version, ...);
-struct CBC
-{
-  char *buf;
-  size_t pos;
-  size_t size;
-};
-static size_t
-copyBuffer (void *ptr, size_t size, size_t nmemb, void *ctx)
-{
-  struct CBC *cbc = ctx;
-  if (cbc->pos + size * nmemb > cbc->size)
-    return 0;                   /* overflow */
-  memcpy (&cbc->buf[cbc->pos], ptr, size * nmemb);
-  cbc->pos += size * nmemb;
-  return size * nmemb;
-}
-static int
-file_reader (void *cls, size_t pos, char *buf, int max)
-{
-  FILE *file = cls;
-  fseek (file, pos, SEEK_SET);
-  return fread (buf, 1, max, file);
-}
-/* HTTP access handler call back */
-static int
-http_ahc (void *cls, struct MHD_Connection *connection,
-          const char *url, const char *method, const char *upload_data,
-          const char *version, unsigned int *upload_data_size, void **ptr)
-{
-  static int aptr;
-  struct MHD_Response *response;
-  int ret;
-  FILE *file;
-  struct stat buf;
-  if (0 != strcmp (method, MHD_HTTP_METHOD_GET))
-    return MHD_NO;              /* unexpected method */
-  if (&aptr != *ptr)
-    {
-      /* do never respond on first call */
-      *ptr = &aptr;
-      return MHD_YES;
-    }
-  *ptr = NULL;                  /* reset when done */
-  file = fopen (url, "r");
-  if (file == NULL)
-    {
-      response = MHD_create_response_from_data (strlen (PAGE_NOT_FOUND),
-                                                (void *) PAGE_NOT_FOUND,
-                                                MHD_NO, MHD_NO);
-      ret = MHD_queue_response (connection, MHD_HTTP_NOT_FOUND, response);
-      MHD_destroy_response (response);
-    }
-  else
-    {
-      stat (url, &buf);
-      response = MHD_create_response_from_callback (buf.st_size, 32 * 1024,     /* 32k PAGE_NOT_FOUND size */
-                                                    &file_reader, file,
-                                                    (MHD_ContentReaderFreeCallback)
-                                                    & fclose);
-      ret = MHD_queue_response (connection, MHD_HTTP_OK, response);
-      MHD_destroy_response (response);
-    }
-  return ret;
-}
-/*
- * test HTTPS transfer
- * @param test_fd: file to attempt transfering
- */
-static int
-test_https_transfer (FILE * test_fd, char *cipher_suite, int proto_version)
-{
-  CURL *c;
-  CURLcode errornum;
-  struct CBC cbc;
-  char *doc_path;
-  char url[255];
-  struct stat statb;
-  stat (test_file_name, &statb);
-  int len = statb.st_size;
-  /* used to memcmp local copy & deamon supplied copy */
-  unsigned char *mem_test_file_local;
-  /* setup test file path, url */
-  doc_path = get_current_dir_name ();
-  if (NULL == (mem_test_file_local = malloc (len)))
-    {
-      fclose (test_fd);
-      fprintf (stderr, MHD_E_MEM);
-      return -1;
-    }
-  fseek (test_fd, 0, SEEK_SET);
-  if (fread (mem_test_file_local, sizeof (char), len, test_fd) != len)
-    {
-      fclose (test_fd);
-      fprintf (stderr, "Error: failed to read test file. %s\n",
-               strerror (errno));
-      return -1;
-    }
-  if (NULL == (cbc.buf = malloc (sizeof (char) * len)))
-    {
-      fclose (test_fd);
-      fprintf (stderr, MHD_E_MEM);
-      return -1;
-    }
-  cbc.size = len;
-  cbc.pos = 0;
-  /* construct url - this might use doc_path */
-  sprintf (url, "%s%s/%s", "https://localhost:42433",
-           doc_path, test_file_name);
-  c = curl_easy_init ();
-#if DEBUG_CURL_VERBOSE
-  curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
-#endif
-  curl_easy_setopt (c, CURLOPT_URL, url);
-  curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
-  curl_easy_setopt (c, CURLOPT_TIMEOUT, 5L);
-  curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 5L);
-  curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, &copyBuffer);
-  curl_easy_setopt (c, CURLOPT_FILE, &cbc);
-  /* TLS options */
-  curl_easy_setopt (c, CURLOPT_SSLVERSION, proto_version);
-  curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite);
-  /* currently skip any peer authentication */
-  curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
-  curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
-  curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);
-  /* NOTE: use of CONNECTTIMEOUT without also
-     setting NOSIGNAL results in really weird
-     crashes on my system! */
-  curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1);
-  if (CURLE_OK != (errornum = curl_easy_perform (c)))
-    {
-      fprintf (stderr, "curl_easy_perform failed: `%s'\n",
-               curl_easy_strerror (errornum));
-      curl_easy_cleanup (c);
-      return errornum;
-    }
-  curl_easy_cleanup (c);
-  if (memcmp (cbc.buf, mem_test_file_local, len) != 0)
-    {
-      fprintf (stderr, "Error: local file & received file differ.\n");
-      free (cbc.buf);
-      free (mem_test_file_local);
-      return -1;
-    }
-  free (mem_test_file_local);
-  free (cbc.buf);
-  free (doc_path);
-  return 0;
-}
-FILE *
-setupTestFile ()
-{
-  FILE *test_fd;
-  if (NULL == (test_fd = fopen (test_file_name, "w+")))
-    {
-      fprintf (stderr, "Error: failed to open `%s': %s\n",
-               test_file_name, strerror (errno));
-      return NULL;
-    }
-  if (fwrite (test_file_data, sizeof (char), strlen (test_file_data), test_fd)
-      != strlen (test_file_data))
-    {
-      fprintf (stderr, "Error: failed to write `%s. %s'\n",
-               test_file_name, strerror (errno));
-      return NULL;
-    }
-  if (fflush (test_fd))
-    {
-      fprintf (stderr, "Error: failed to flush test file stream. %s\n",
-               strerror (errno));
-      return NULL;
-    }
-  return test_fd;
-}
-static int
-setup (struct MHD_Daemon **d, va_list arg_list)
-{
-  *d = MHD_start_daemon_va (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
-                            MHD_USE_DEBUG, 42433,
-                            NULL, NULL, &http_ahc, NULL, arg_list);
-  if (*d == NULL)
-    {
-      fprintf (stderr, MHD_E_SERVER_INIT);
-      return -1;
-    }
-  return 0;
-}
-static void
-teardown (struct MHD_Daemon *d)
-{
-  MHD_stop_daemon (d);
-}
-/* TODO test_wrap: change sig to (setup_func, test, va_list test_arg) & move to test_util.c */
-int
-test_wrap (char *test_name, int
-           (*test) (FILE * test_fd, char *cipher_suite, int proto_version),
-           FILE * test_fd, char *cipher_suite, int proto_version, ...)
-{
-  int ret;
-  va_list arg_list;
-  struct MHD_Daemon *d;
-  va_start (arg_list, proto_version);
-  if (setup (&d, arg_list) != 0)
-    {
-      va_end (arg_list);
-      return -1;
-    }
-  fprintf (stdout, "running test: %s ", test_name);
-  ret = test (test_fd, cipher_suite, proto_version);
-  if (ret == 0)
-    {
-      fprintf (stdout, "[pass]\n");
-    }
-  else
-    {
-      fprintf (stdout, "[fail]\n");
-    }
-  teardown (d);
-  va_end (arg_list);
-  return ret;
-}
-/*
- * test server refuses to negotiate connections with unsupported protocol versions
- */
-int
-test_protocol_version (FILE * test_fd, char *cipher_suite,
-                       int curl_proto_version)
-{
-  CURL *c;
-  CURLcode errornum;
-  c = curl_easy_init ();
-#if DEBUG_CURL_VERBOSE
-  curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
-#endif
-  curl_easy_setopt (c, CURLOPT_URL, "https://localhost:42433/");
-  curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
-  curl_easy_setopt (c, CURLOPT_TIMEOUT, 5L);
-  curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 5L);
-  /* TLS options */
-  curl_easy_setopt (c, CURLOPT_SSLVERSION, curl_proto_version);
-  curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite);
-  curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
-  curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
-  curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);
-  /* NOTE: use of CONNECTTIMEOUT without also
-     setting NOSIGNAL results in really weird
-     crashes on my system! */
-  curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1);
-  /* assert daemon rejected request */
-  if (CURLE_OK == (errornum = curl_easy_perform (c)))
-    {
-      fprintf (stderr, "curl_easy_perform failed: `%s'\n",
-               curl_easy_strerror (errornum));
-      curl_easy_cleanup (c);
-      return -1;
-    }
-  return 0;
-}
-/* setup a temporary transfer test file */
-int
-main (int argc, char *const *argv)
-{
-  FILE *test_fd;
-  unsigned int errorCount = 0;
-  MHD_gtls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL);
-  if (curl_check_version (MHD_REQ_CURL_VERSION))
-    {
-      return -1;
-    }
-  if ((test_fd = setupTestFile ()) == NULL)
-    {
-      fprintf (stderr, MHD_E_TEST_FILE_CREAT);
-      return -1;
-    }
-  if (0 != curl_global_init (CURL_GLOBAL_ALL))
-    {
-      fprintf (stderr, "Error: %s\n", strerror (errno));
-      return -1;
-    }
-  int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 };
-  int kx[] = { MHD_GNUTLS_KX_ANON_DH, 0 };
-  errorCount +=
-    test_wrap ("kx ANON_DH", &test_https_transfer, test_fd,
-               "ADH-DES-CBC3-SHA", CURL_SSLVERSION_TLSv1,
-               MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON,
-               MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_KX_PRIORITY,
-               kx, MHD_OPTION_END);
-  if (errorCount != 0)
-    fprintf (stderr, "Failed test: %s.\n", argv[0]);
-  curl_global_cleanup ();
-  fclose (test_fd);
-  remove (test_file_name);
-  return errorCount != 0;
-}
diff --git a/src/testcurl/https/tls_daemon_options_test.c b/src/testcurl/https/tls_daemon_options_test.c
index 737ea58a..11439db4 100644
--- a/src/testcurl/https/tls_daemon_options_test.c
+++ b/src/testcurl/https/tls_daemon_options_test.c
@@ -222,7 +222,7 @@ test_https_transfer (FILE * test_fd, char *cipher_suite, int proto_version)
  return 0;
 }
-FILE *
+static FILE *
 setupTestFile ()
 {
  FILE *test_fd;
@@ -381,7 +381,8 @@ main (int argc, char *const *argv)
  int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 };
  errorCount +=
-    test_wrap ("https_transfer", &test_https_transfer, test_fd, "AES256-SHA",
+    test_wrap ("https_transfer", &test_https_transfer, 
+               test_fd, "AES256-SHA",
               CURL_SSLVERSION_TLSv1,
               MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
               MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
@@ -389,9 +390,11 @@ main (int argc, char *const *argv)
  errorCount +=
    test_wrap ("protocol_version", &test_protocol_version, test_fd,
-               "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+               "AES256-SHA", CURL_SSLVERSION_TLSv1,
+               MHD_OPTION_HTTPS_MEM_KEY,
               srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
-               srv_self_signed_cert_pem, MHD_OPTION_PROTOCOL_VERSION, p,
+               srv_self_signed_cert_pem, 
+               MHD_OPTION_PROTOCOL_VERSION, p,
               MHD_OPTION_END);
  errorCount +=
    test_wrap ("cipher DES-CBC3-SHA", &test_https_transfer, test_fd,