18 files changed, 106 insertions, 432 deletions

diff --git a/src/daemon/connection_https.c b/src/daemon/connection_https.c
index 20baa770..e9a2226f 100644
--- a/src/daemon/connection_https.c
+++ b/src/daemon/connection_https.c
@@ -152,7 +152,7 @@ MHD_tls_connection_handle_idle (struct MHD_Connection *connection)
       return MHD_NO;
     case MHD_TLS_HANDSHAKE_FAILED:
       MHD_tls_connection_close (connection,
-                                    MHD_TLS_REQUEST_TERMINATED_WITH_ERROR);
+                                MHD_REQUEST_TERMINATED_WITH_ERROR);
       return MHD_NO;
       /* some HTTP state */
     default:
@@ -237,14 +237,14 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection)
                     "Error: received handshake message out of context\n");
 #endif
           MHD_tls_connection_close (connection,
-                                        MHD_TLS_REQUEST_TERMINATED_WITH_ERROR);
+                                        MHD_REQUEST_TERMINATED_WITH_ERROR);
           return MHD_NO;
         }
 
     /* ignore any out of bound change chiper spec messages */
     case GNUTLS_CHANGE_CIPHER_SPEC:
       MHD_tls_connection_close (connection,
-                                    MHD_TLS_REQUEST_TERMINATED_WITH_ERROR);
+                                MHD_REQUEST_TERMINATED_WITH_ERROR);
       return MHD_NO;
 
     case GNUTLS_ALERT:
@@ -279,7 +279,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection)
                GNUTLS_AL_FATAL)
         {
           MHD_tls_connection_close (connection,
-                                    MHD_TLS_REQUEST_TERMINATED_WITH_FATAL_ALERT);
+                                    MHD_REQUEST_TERMINATED_WITH_ERROR);
           return MHD_NO;
         }
       /* this should never execute */
@@ -308,7 +308,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection)
 #endif
       /* close connection upon reception of unrecognized message type */
       MHD_tls_connection_close (connection,
-                                    MHD_TLS_REQUEST_TERMINATED_WITH_ERROR);
+                                MHD_REQUEST_TERMINATED_WITH_ERROR);
       return MHD_NO;
     }
 
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c
index 950239a6..7e3e7e3e 100644
--- a/src/daemon/daemon.c
+++ b/src/daemon/daemon.c
@@ -1,6 +1,6 @@
 /*
   This file is part of libmicrohttpd
-  (C) 2007 Daniel Pittman and Christian Grothoff
+  (C) 2007, 2008 Daniel Pittman and Christian Grothoff
   
   This library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
@@ -125,55 +125,9 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon)
   gnutls_datum_t key;
   gnutls_datum_t cert;
 
-  /* certificate & key loaded from file */
-  if (daemon->https_cert_path && daemon->https_key_path)
-    {
-      if (daemon->https_mem_cert || daemon->https_mem_key)
-        {
-#if HAVE_MESSAGES
-          MHD_DLOG (daemon, "You specified certificates both in memory and on disk!",
-                    daemon->https_cert_path,
-                    strerror(errno));
-#endif
-          return -1;
-        }
-     /* test for private key & certificate file exsitance */
-      if (access (daemon->https_cert_path, R_OK))
-        {
-#if HAVE_MESSAGES
-          MHD_DLOG (daemon, "Missing X.509 certificate file `%s': %s\n",
-                    daemon->https_cert_path,
-                    strerror(errno));
-#endif
-          return -1;
-        }
-      
-      if (access (daemon->https_key_path, R_OK))
-        {
-#if HAVE_MESSAGES
-          MHD_DLOG (daemon, "Missing X.509 key file `%s': %s\n",
-                    daemon->https_key_path,
-                    strerror(errno));
-#endif
-          return -1;
-        }
-      return MHD_gnutls_certificate_set_x509_key_file (daemon->x509_cred,
-                                                       daemon->https_cert_path,
-                                                       daemon->https_key_path,
-                                                       GNUTLS_X509_FMT_PEM);
-    }
   /* certificate & key loaded from memory */
   if (daemon->https_mem_cert && daemon->https_mem_key)
     {
-      if (daemon->https_cert_path || daemon->https_key_path)
-        {
-#if HAVE_MESSAGES
-          MHD_DLOG (daemon, "You specified certificates both in memory and on disk!",
-                    daemon->https_cert_path,
-                    strerror(errno));
-#endif
-          return -1;
-        }
       key.data = (unsigned char *) daemon->https_mem_key;
       key.size = strlen (daemon->https_mem_key);
       cert.data = (unsigned char *) daemon->https_mem_cert;
@@ -928,12 +882,6 @@ MHD_start_daemon_va (unsigned int options,
           _set_priority (&retVal->priority_cache->protocol,
                          va_arg (ap, const int *));
           break;
-        case MHD_OPTION_HTTPS_KEY_PATH:
-          retVal->https_key_path = va_arg (ap, const char *);
-          break;
-        case MHD_OPTION_HTTPS_CERT_PATH:
-          retVal->https_cert_path = va_arg (ap, const char *);
-          break;
         case MHD_OPTION_HTTPS_MEM_KEY:
           retVal->https_mem_key = va_arg (ap, const char *);
           break;
diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c
index ae6ef698..7f0369ca 100644
--- a/src/daemon/https/tls/auth_cert.c
+++ b/src/daemon/https/tls/auth_cert.c
@@ -870,7 +870,7 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data,
       return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
     }
 
-  if (ver == MHD_GNUTLS_TLS1_2)
+  if (ver == MHD_GNUTLS_PROTOCOL_TLS1_2)
     {
       /* read supported hashes */
       int hash_num;
@@ -1039,7 +1039,7 @@ mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t session, opaque ** data)
       session->internals.ignore_rdn_sequence == 0)
     size += cred->x509_rdn_sequence.size;
 
-  if (ver == MHD_GNUTLS_TLS1_2)
+  if (ver == MHD_GNUTLS_PROTOCOL_TLS1_2)
     /* Need at least one byte to announce the number of supported hash
        functions (see below).  */
     size += 1;
@@ -1059,7 +1059,7 @@ mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t session, opaque ** data)
   pdata[2] = DSA_SIGN;          /* only these for now */
   pdata += CERTTYPE_SIZE;
 
-  if (ver == MHD_GNUTLS_TLS1_2)
+  if (ver == MHD_GNUTLS_PROTOCOL_TLS1_2)
     {
       /* Supported hashes (nothing for now -- FIXME). */
       *pdata = 0;
diff --git a/src/daemon/https/tls/auth_rsa.c b/src/daemon/https/tls/auth_rsa.c
index 4c909bcc..b3833814 100644
--- a/src/daemon/https/tls/auth_rsa.c
+++ b/src/daemon/https/tls/auth_rsa.c
@@ -217,7 +217,7 @@ _gnutls_proc_rsa_client_kx (mhd_gtls_session_t session, opaque * data,
   int randomize_key = 0;
   ssize_t data_size = _data_size;
 
-  if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3)
+  if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3)
     {
       /* SSL 3.0
        */
@@ -385,7 +385,7 @@ _gnutls_gen_rsa_client_kx (mhd_gtls_session_t session, opaque ** data)
   for (i = 0; i < params_len; i++)
     mhd_gtls_mpi_release (&params[i]);
 
-  if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3)
+  if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3)
     {
       /* SSL 3.0 */
       *data = sdata.data;
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c
index 9558119b..c3daa08b 100644
--- a/src/daemon/https/tls/gnutls_algorithms.c
+++ b/src/daemon/https/tls/gnutls_algorithms.c
@@ -138,22 +138,22 @@ typedef struct
 
 static const gnutls_version_entry mhd_gtls_sup_versions[] = {
   {"SSL3.0",
-   MHD_GNUTLS_SSL3,
+   MHD_GNUTLS_PROTOCOL_SSL3,
    3,
    0,
    1},
   {"TLS1.0",
-   MHD_GNUTLS_TLS1_0,
+   MHD_GNUTLS_PROTOCOL_TLS1_0,
    3,
    1,
    1},
   {"TLS1.1",
-   MHD_GNUTLS_TLS1_1,
+   MHD_GNUTLS_PROTOCOL_TLS1_1,
    3,
    2,
    1},
   {"TLS1.2",
-   MHD_GNUTLS_TLS1_2,
+   MHD_GNUTLS_PROTOCOL_TLS1_2,
    3,
    3,
    1},
@@ -166,10 +166,10 @@ static const gnutls_version_entry mhd_gtls_sup_versions[] = {
 
 /* Keep the contents of this struct the same as the previous one. */
 static const enum MHD_GNUTLS_Protocol mhd_gtls_supported_protocols[] =
-{ MHD_GNUTLS_SSL3,
-  MHD_GNUTLS_TLS1_0,
-  MHD_GNUTLS_TLS1_1,
-  MHD_GNUTLS_TLS1_2,
+{ MHD_GNUTLS_PROTOCOL_SSL3,
+  MHD_GNUTLS_PROTOCOL_TLS1_0,
+  MHD_GNUTLS_PROTOCOL_TLS1_1,
+  MHD_GNUTLS_PROTOCOL_TLS1_2,
   0
 };
 
@@ -593,159 +593,159 @@ static const mhd_gtls_cipher_suite_entry mhd_gtls_cs_algorithms[] = {
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5,
                              MHD_GNUTLS_CIPHER_ARCFOUR_128,
                              MHD_GNUTLS_KX_ANON_DH, MHD_GNUTLS_MAC_MD5,
-                             MHD_GNUTLS_SSL3),
+                             MHD_GNUTLS_PROTOCOL_SSL3),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_3DES_CBC,
                              MHD_GNUTLS_KX_ANON_DH,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_AES_128_CBC,
                              MHD_GNUTLS_KX_ANON_DH,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_AES_256_CBC,
                              MHD_GNUTLS_KX_ANON_DH,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
 #ifdef  ENABLE_CAMELLIA
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC,
                              MHD_GNUTLS_KX_ANON_DH,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC,
                              MHD_GNUTLS_KX_ANON_DH,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
 #endif
 
   /* SRP */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_SRP,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_SRP,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_SRP,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
 
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_3DES_CBC,
                              MHD_GNUTLS_KX_SRP_DSS,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
 
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_3DES_CBC,
                              MHD_GNUTLS_KX_SRP_RSA,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
 
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_AES_128_CBC,
                              MHD_GNUTLS_KX_SRP_DSS,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
 
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_AES_128_CBC,
                              MHD_GNUTLS_KX_SRP_RSA,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
 
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_AES_256_CBC,
                              MHD_GNUTLS_KX_SRP_DSS,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
 
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_AES_256_CBC,
                              MHD_GNUTLS_KX_SRP_RSA,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
 
   /* DHE_DSS */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1,
                              MHD_GNUTLS_CIPHER_ARCFOUR_128,
                              MHD_GNUTLS_KX_DHE_DSS,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_3DES_CBC,
                              MHD_GNUTLS_KX_DHE_DSS,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_AES_128_CBC,
                              MHD_GNUTLS_KX_DHE_DSS,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_AES_256_CBC,
                              MHD_GNUTLS_KX_DHE_DSS,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
 #ifdef  ENABLE_CAMELLIA
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC,
                              MHD_GNUTLS_KX_DHE_DSS,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC,
                              MHD_GNUTLS_KX_DHE_DSS,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
 #endif
   /* DHE_RSA */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_3DES_CBC,
                              MHD_GNUTLS_KX_DHE_RSA,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_AES_128_CBC,
                              MHD_GNUTLS_KX_DHE_RSA,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_AES_256_CBC,
                              MHD_GNUTLS_KX_DHE_RSA,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
 #ifdef  ENABLE_CAMELLIA
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC,
                              MHD_GNUTLS_KX_DHE_RSA,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC,
                              MHD_GNUTLS_KX_DHE_RSA,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
 #endif
   /* RSA */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
                              MHD_GNUTLS_CIPHER_NULL,
                              MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_MD5,
-                             MHD_GNUTLS_SSL3),
+                             MHD_GNUTLS_PROTOCOL_SSL3),
 
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5,
                              MHD_GNUTLS_CIPHER_ARCFOUR_40,
                              MHD_GNUTLS_KX_RSA_EXPORT, MHD_GNUTLS_MAC_MD5,
-                             MHD_GNUTLS_SSL3),
+                             MHD_GNUTLS_PROTOCOL_SSL3),
 
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1,
                              MHD_GNUTLS_CIPHER_ARCFOUR_128,
                              MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_SHA1,
-                             MHD_GNUTLS_SSL3),
+                             MHD_GNUTLS_PROTOCOL_SSL3),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5,
                              MHD_GNUTLS_CIPHER_ARCFOUR_128,
                              MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_MD5,
-                             MHD_GNUTLS_SSL3),
+                             MHD_GNUTLS_PROTOCOL_SSL3),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_3DES_CBC,
                              MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_SHA1,
-                             MHD_GNUTLS_SSL3),
+                             MHD_GNUTLS_PROTOCOL_SSL3),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_RSA,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_RSA,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
 #ifdef  ENABLE_CAMELLIA
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC,
                              MHD_GNUTLS_KX_RSA,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC,
                              MHD_GNUTLS_KX_RSA,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0),
+                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
 #endif
   {0,
    {
@@ -1299,7 +1299,7 @@ mhd_gtls_version_lowest (mhd_gtls_session_t session)
 
   if (session->internals.priorities.protocol.priority == NULL)
     {
-      return MHD_GNUTLS_VERSION_UNKNOWN;
+      return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN;
     }
   else
     for (i = 0; i < session->internals.priorities.protocol.num_algorithms;
@@ -1310,7 +1310,7 @@ mhd_gtls_version_lowest (mhd_gtls_session_t session)
       }
 
   if (min == 0xff)
-    return MHD_GNUTLS_VERSION_UNKNOWN;  /* unknown version */
+    return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN;  /* unknown version */
 
   return min;
 }
@@ -1322,7 +1322,7 @@ mhd_gtls_version_max (mhd_gtls_session_t session)
 
   if (session->internals.priorities.protocol.priority == NULL)
     {
-      return MHD_GNUTLS_VERSION_UNKNOWN;
+      return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN;
     }
   else
     for (i = 0; i < session->internals.priorities.protocol.num_algorithms;
@@ -1333,7 +1333,7 @@ mhd_gtls_version_max (mhd_gtls_session_t session)
       }
 
   if (max == 0x00)
-    return MHD_GNUTLS_VERSION_UNKNOWN;  /* unknown version */
+    return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN;  /* unknown version */
 
   return max;
 }
@@ -1367,7 +1367,7 @@ MHD_gnutls_protocol_get_name (enum MHD_GNUTLS_Protocol version)
 enum MHD_GNUTLS_Protocol
 MHD_gtls_protocol_get_id (const char *name)
 {
-  enum MHD_GNUTLS_Protocol ret = MHD_GNUTLS_VERSION_UNKNOWN;
+  enum MHD_GNUTLS_Protocol ret = MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN;
 
   GNUTLS_VERSION_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id)
     ;
diff --git a/src/daemon/https/tls/gnutls_cipher.c b/src/daemon/https/tls/gnutls_cipher.c
index 872abdf0..69b62d16 100644
--- a/src/daemon/https/tls/gnutls_cipher.c
+++ b/src/daemon/https/tls/gnutls_cipher.c
@@ -202,7 +202,7 @@ mac_init (enum MHD_GNUTLS_HashAlgorithm mac, opaque * secret, int secret_size,
   if (mac == MHD_GNUTLS_MAC_NULL)
     return GNUTLS_MAC_FAILED;
 
-  if (ver == MHD_GNUTLS_SSL3)
+  if (ver == MHD_GNUTLS_PROTOCOL_SSL3)
     {                           /* SSL 3.0 */
       td = mhd_gnutls_mac_init_ssl3 (mac, secret, secret_size);
     }
@@ -217,7 +217,7 @@ mac_init (enum MHD_GNUTLS_HashAlgorithm mac, opaque * secret, int secret_size,
 inline static void
 mac_deinit (mac_hd_t td, opaque * res, int ver)
 {
-  if (ver == MHD_GNUTLS_SSL3)
+  if (ver == MHD_GNUTLS_PROTOCOL_SSL3)
     {                           /* SSL 3.0 */
       mhd_gnutls_mac_deinit_ssl3 (td, res);
     }
@@ -251,7 +251,7 @@ calc_enc_length (mhd_gtls_session_t session, int data_size,
         }
 
       /* make rnd a multiple of blocksize */
-      if (session->security_parameters.version == MHD_GNUTLS_SSL3 ||
+      if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3 ||
           random_pad == 0)
         {
           rnd = 0;
@@ -271,7 +271,7 @@ calc_enc_length (mhd_gtls_session_t session, int data_size,
       *pad = (uint8_t) (blocksize - (length % blocksize)) + rnd;
 
       length += *pad;
-      if (session->security_parameters.version >= MHD_GNUTLS_TLS1_1)
+      if (session->security_parameters.version >= MHD_GNUTLS_PROTOCOL_TLS1_1)
         length += blocksize;    /* for the IV */
 
       break;
@@ -341,7 +341,7 @@ mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session,
                                    write_sequence_number), 8);
 
       mhd_gnutls_hash (td, &type, 1);
-      if (ver >= MHD_GNUTLS_TLS1_0)
+      if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_0)
         {                       /* TLS 1.0 or higher */
           mhd_gnutls_hash (td, &major, 1);
           mhd_gnutls_hash (td, &minor, 1);
@@ -373,7 +373,7 @@ mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session,
 
   data_ptr = cipher_data;
   if (block_algo == CIPHER_BLOCK &&
-      session->security_parameters.version >= MHD_GNUTLS_TLS1_1)
+      session->security_parameters.version >= MHD_GNUTLS_PROTOCOL_TLS1_1)
     {
       /* copy the random IV.
        */
@@ -494,7 +494,7 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session,
 
       /* ignore the IV in TLS 1.1.
        */
-      if (session->security_parameters.version >= MHD_GNUTLS_TLS1_1)
+      if (session->security_parameters.version >= MHD_GNUTLS_PROTOCOL_TLS1_1)
         {
           ciphertext.size -= blocksize;
           ciphertext.data += blocksize;
@@ -521,7 +521,7 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session,
 
       /* Check the pading bytes (TLS 1.x)
        */
-      if (ver >= MHD_GNUTLS_TLS1_0 && pad_failed == 0)
+      if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_0 && pad_failed == 0)
         for (i = 2; i < pad; i++)
           {
             if (ciphertext.data[ciphertext.size - i] !=
@@ -548,7 +548,7 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session,
                                    read_sequence_number), 8);
 
       mhd_gnutls_hash (td, &type, 1);
-      if (ver >= MHD_GNUTLS_TLS1_0)
+      if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_0)
         {                       /* TLS 1.x */
           mhd_gnutls_hash (td, &major, 1);
           mhd_gnutls_hash (td, &minor, 1);
diff --git a/src/daemon/https/tls/gnutls_constate.c b/src/daemon/https/tls/gnutls_constate.c
index 9a2ee004..9ace3533 100644
--- a/src/daemon/https/tls/gnutls_constate.c
+++ b/src/daemon/https/tls/gnutls_constate.c
@@ -97,7 +97,7 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size,
   memcpy (&rrnd[TLS_RANDOM_SIZE],
           session->security_parameters.server_random, TLS_RANDOM_SIZE);
 
-  if (session->security_parameters.version == MHD_GNUTLS_SSL3)
+  if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3)
     {                           /* SSL 3 */
       ret =
         mhd_gnutls_ssl3_generate_random
@@ -187,7 +187,7 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size,
 
           /* generate the final keys */
 
-          if (session->security_parameters.version == MHD_GNUTLS_SSL3)
+          if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3)
             {                   /* SSL 3 */
               ret =
                 mhd_gnutls_ssl3_hash_md5 (&key_block[pos],
@@ -219,7 +219,7 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size,
           client_write_key_size = EXPORT_FINAL_KEY_SIZE;
           pos += key_size;
 
-          if (session->security_parameters.version == MHD_GNUTLS_SSL3)
+          if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3)
             {                   /* SSL 3 */
               ret =
                 mhd_gnutls_ssl3_hash_md5 (&key_block[pos], key_size,
@@ -321,7 +321,7 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size,
           return GNUTLS_E_MEMORY_ERROR;
         }
 
-      if (session->security_parameters.version == MHD_GNUTLS_SSL3)
+      if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3)
         {                       /* SSL 3 */
           ret = mhd_gnutls_ssl3_hash_md5 ("", 0,
                                           rrnd, TLS_RANDOM_SIZE * 2,
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
index 08d423b5..e53d6985 100644
--- a/src/daemon/https/tls/gnutls_handshake.c
+++ b/src/daemon/https/tls/gnutls_handshake.c
@@ -195,7 +195,7 @@ _gnutls_finished (mhd_gtls_session_t session, int type, void *ret)
   mac_hd_t td_sha;
   enum MHD_GNUTLS_Protocol ver = MHD_gnutls_protocol_get_version (session);
 
-  if (ver < MHD_GNUTLS_TLS1_2)
+  if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2)
     {
       td_md5 =
         mhd_gnutls_hash_copy (session->internals.handshake_mac_handle_md5);
@@ -215,7 +215,7 @@ _gnutls_finished (mhd_gtls_session_t session, int type, void *ret)
       return GNUTLS_E_HASH_FAILED;
     }
 
-  if (ver < MHD_GNUTLS_TLS1_2)
+  if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2)
     {
       mhd_gnutls_hash_deinit (td_md5, concat);
       mhd_gnutls_hash_deinit (td_sha, &concat[16]);
@@ -281,7 +281,7 @@ mhd_gtls_negotiate_version (mhd_gtls_session_t session,
        * then we send him the highest we support.
        */
       ret = mhd_gtls_version_max (session);
-      if (ret == MHD_GNUTLS_VERSION_UNKNOWN)
+      if (ret == MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN)
         {
           /* this check is not really needed.
            */
@@ -420,7 +420,7 @@ _gnutls_read_client_hello (mhd_gtls_session_t session, opaque * data,
 
   /* Parse the extensions (if any)
    */
-  if (neg_version >= MHD_GNUTLS_TLS1_0)
+  if (neg_version >= MHD_GNUTLS_PROTOCOL_TLS1_0)
     {
       ret = mhd_gtls_parse_extensions (session, EXTENSION_APPLICATION, &data[pos], len);        /* len is the rest of the parsed length */
       if (ret < 0)
@@ -437,7 +437,7 @@ _gnutls_read_client_hello (mhd_gtls_session_t session, opaque * data,
       return ret;
     }
 
-  if (neg_version >= MHD_GNUTLS_TLS1_0)
+  if (neg_version >= MHD_GNUTLS_PROTOCOL_TLS1_0)
     {
       ret = mhd_gtls_parse_extensions (session, EXTENSION_TLS, &data[pos], len);        /* len is the rest of the parsed length */
       if (ret < 0)
@@ -529,7 +529,7 @@ _gnutls_send_finished (mhd_gtls_session_t session, int again)
           return ret;
         }
 
-      if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3)
+      if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3)
         {
           ret =
             _gnutls_ssl3_finished (session,
@@ -581,7 +581,7 @@ _gnutls_recv_finished (mhd_gtls_session_t session)
     }
 
 
-  if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3)
+  if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3)
     {
       data_size = 36;
     }
@@ -597,7 +597,7 @@ _gnutls_recv_finished (mhd_gtls_session_t session)
       return GNUTLS_E_ERROR_IN_FINISHED_PACKET;
     }
 
-  if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3)
+  if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3)
     {
       ret =
         _gnutls_ssl3_finished (session,
@@ -1530,7 +1530,7 @@ _gnutls_read_server_hello (mhd_gtls_session_t session,
 
   /* Parse extensions.
    */
-  if (version >= MHD_GNUTLS_TLS1_0)
+  if (version >= MHD_GNUTLS_PROTOCOL_TLS1_0)
     {
       ret = mhd_gtls_parse_extensions (session, EXTENSION_ANY, &data[pos], len);        /* len is the rest of the parsed length */
       if (ret < 0)
@@ -1706,7 +1706,7 @@ _gnutls_send_client_hello (mhd_gtls_session_t session, int again)
           hver = session->internals.resumed_security_parameters.version;
         }
 
-      if (hver == MHD_GNUTLS_VERSION_UNKNOWN || hver == 0)
+      if (hver == MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN || hver == 0)
         {
           gnutls_assert ();
           gnutls_free (data);
@@ -1810,7 +1810,7 @@ _gnutls_send_client_hello (mhd_gtls_session_t session, int again)
 
       /* Generate and copy TLS extensions.
        */
-      if (hver >= MHD_GNUTLS_TLS1_0)
+      if (hver >= MHD_GNUTLS_PROTOCOL_TLS1_0)
         {
           extdatalen =
             mhd_gtls_gen_extensions (session, extdata, sizeof (extdata));
diff --git a/src/daemon/https/tls/gnutls_kx.c b/src/daemon/https/tls/gnutls_kx.c
index 024af674..45717b4f 100644
--- a/src/daemon/https/tls/gnutls_kx.c
+++ b/src/daemon/https/tls/gnutls_kx.c
@@ -71,7 +71,7 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster)
                     mhd_gtls_bin2hex (session->security_parameters.
                                       server_random, 32, buf, sizeof (buf)));
 
-  if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3)
+  if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3)
     {
       opaque rnd[2 * TLS_RANDOM_SIZE + 1];
 
@@ -504,7 +504,7 @@ mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again)
 
   if (again == 0)
     {
-      if (MHD_gnutls_protocol_get_version (session) != MHD_GNUTLS_SSL3 ||
+      if (MHD_gnutls_protocol_get_version (session) != MHD_GNUTLS_PROTOCOL_SSL3 ||
           session->internals.selected_cert_list_length > 0)
         {
           /* TLS 1.0 or SSL 3.0 with a valid certificate
@@ -525,7 +525,7 @@ mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again)
    * no certificate alert instead of an
    * empty certificate.
    */
-  if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3 &&
+  if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3 &&
       session->internals.selected_cert_list_length == 0)
     {
       ret =
@@ -632,7 +632,7 @@ mhd_gtls_recv_client_certificate (mhd_gtls_session_t session)
            */
           if (optional == OPTIONAL_PACKET &&
               ret == GNUTLS_E_WARNING_ALERT_RECEIVED &&
-              MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3 &&
+              MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3 &&
               gnutls_alert_get (session) == GNUTLS_A_SSL3_NO_CERTIFICATE)
             {
 
diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c
index bbdce41c..f0a91bd6 100644
--- a/src/daemon/https/tls/gnutls_priority.c
+++ b/src/daemon/https/tls/gnutls_priority.c
@@ -201,9 +201,9 @@ MHD_gnutls_certificate_type_set_priority (mhd_gtls_session_t session,
 #endif
 }
 
-static const int mhd_gtls_protocol_priority[] = { MHD_GNUTLS_TLS1_1,
-  MHD_GNUTLS_TLS1_0,
-  MHD_GNUTLS_SSL3,
+static const int mhd_gtls_protocol_priority[] = { MHD_GNUTLS_PROTOCOL_TLS1_1,
+  MHD_GNUTLS_PROTOCOL_TLS1_0,
+  MHD_GNUTLS_PROTOCOL_SSL3,
   0
 };
 
diff --git a/src/daemon/https/tls/gnutls_sig.c b/src/daemon/https/tls/gnutls_sig.c
index 07ceb21b..3a41999d 100644
--- a/src/daemon/https/tls/gnutls_sig.c
+++ b/src/daemon/https/tls/gnutls_sig.c
@@ -65,7 +65,7 @@ mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session,
       return GNUTLS_E_HASH_FAILED;
     }
 
-  if (ver == MHD_GNUTLS_SSL3)
+  if (ver == MHD_GNUTLS_PROTOCOL_SSL3)
     {
       ret = mhd_gtls_generate_master (session, 1);
       if (ret < 0)
@@ -92,7 +92,7 @@ mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session,
           return GNUTLS_E_HASH_FAILED;
         }
 
-      if (ver == MHD_GNUTLS_SSL3)
+      if (ver == MHD_GNUTLS_PROTOCOL_SSL3)
         mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, concat,
                                               session->security_parameters.
                                               master_secret, TLS_MASTER_SIZE);
@@ -146,7 +146,7 @@ mhd_gtls_tls_sign_params (mhd_gtls_session_t session,
   switch (cert->subject_pk_algorithm)
     {
     case MHD_GNUTLS_PK_RSA:
-      if (ver < MHD_GNUTLS_TLS1_2)
+      if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2)
         {
           mac_hd_t td_md5 = mhd_gtls_hash_init (MHD_GNUTLS_MAC_MD5);
           if (td_md5 == NULL)
@@ -352,7 +352,7 @@ mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session,
       return GNUTLS_E_HASH_FAILED;
     }
 
-  if (ver == MHD_GNUTLS_SSL3)
+  if (ver == MHD_GNUTLS_PROTOCOL_SSL3)
     {
       ret = mhd_gtls_generate_master (session, 1);
       if (ret < 0)
@@ -404,7 +404,7 @@ mhd_gtls_verify_sig_params (mhd_gtls_session_t session,
   opaque concat[36];
   enum MHD_GNUTLS_Protocol ver = MHD_gnutls_protocol_get_version (session);
 
-  if (ver < MHD_GNUTLS_TLS1_2)
+  if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2)
     {
       td_md5 = mhd_gtls_hash_init (MHD_GNUTLS_MAC_MD5);
       if (td_md5 == NULL)
@@ -435,7 +435,7 @@ mhd_gtls_verify_sig_params (mhd_gtls_session_t session,
                    TLS_RANDOM_SIZE);
   mhd_gnutls_hash (td_sha, params->data, params->size);
 
-  if (ver < MHD_GNUTLS_TLS1_2)
+  if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2)
     {
       mhd_gnutls_hash_deinit (td_md5, concat);
       mhd_gnutls_hash_deinit (td_sha, &concat[16]);
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c
index 6eb01660..ae793ee0 100644
--- a/src/daemon/https/tls/gnutls_state.c
+++ b/src/daemon/https/tls/gnutls_state.c
@@ -812,7 +812,7 @@ mhd_gtls_PRF (mhd_gtls_session_t session,
   memcpy (s_seed, label, label_size);
   memcpy (&s_seed[label_size], seed, seed_size);
 
-  if (ver >= MHD_GNUTLS_TLS1_2)
+  if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_2)
     {
       result =
         _gnutls_P_hash (MHD_GNUTLS_MAC_SHA1, secret, secret_size, s_seed,
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c
index 49e093cc..f854b710 100644
--- a/src/daemon/https/tls/gnutls_x509.c
+++ b/src/daemon/https/tls/gnutls_x509.c
@@ -202,7 +202,7 @@ _gnutls_x509_cert_verify_peers (mhd_gtls_session_t session,
 }
 
 /*
- * Read certificates and private keys, from files, memory etc.
+ * Read certificates and private keys, from memory etc.
  */
 
 /* returns error if the certificate has different algorithm than
@@ -605,82 +605,6 @@ read_key_mem (mhd_gtls_cert_credentials_t res,
   return 0;
 }
 
-static char *
-read_file (const char *filename, size_t * length)
-{
-  struct stat st;
-  char *out;
-  int fd;
-
-  fd = open (filename, O_RDONLY);
-  if (-1 == fd)
-    return NULL;
-  if (0 != fstat(fd, &st))
-    goto ERR;
-  out = malloc(st.st_size);
-  if (out == NULL)
-    goto ERR;
-  if (st.st_size != read(fd, out, st.st_size))
-    {
-      free(out);
-      goto ERR;
-    }
-  *length = st.st_size;
-  close(fd);
-  return out;
- ERR:
-  close(fd);
-  return NULL;
-}
-
-/* Reads a certificate file
- */
-static int
-read_cert_file (mhd_gtls_cert_credentials_t res,
-                const char *certfile, gnutls_x509_crt_fmt_t type)
-{
-  int ret;
-  size_t size;
-  char *data = read_file (certfile, &size);
-
-  if (data == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_FILE_ERROR;
-    }
-
-  ret = read_cert_mem (res, data, size, type);
-  free (data);
-
-  return ret;
-
-}
-
-
-
-/* Reads PKCS-1 RSA private key file or a DSA file (in the format openssl
- * stores it).
- */
-static int
-read_key_file (mhd_gtls_cert_credentials_t res,
-               const char *keyfile, gnutls_x509_crt_fmt_t type)
-{
-  int ret;
-  size_t size;
-  char *data = read_file (keyfile, &size);
-
-  if (data == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_FILE_ERROR;
-    }
-
-  ret = read_key_mem (res, data, size, type);
-  free (data);
-
-  return ret;
-}
-
 /**
   * MHD_gnutls_certificate_set_x509_key_mem - Used to set keys in a mhd_gtls_cert_credentials_t structure
   * @res: is an #mhd_gtls_cert_credentials_t structure.
@@ -739,51 +663,6 @@ MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t
   return 0;
 }
 
-/**
-  * MHD_gnutls_certificate_set_x509_key_file - Used to set keys in a mhd_gtls_cert_credentials_t structure
-  * @res: is an #mhd_gtls_cert_credentials_t structure.
-  * @CERTFILE: is a file that containing the certificate list (path) for
-  * the specified private key, in PKCS7 format, or a list of certificates
-  * @KEYFILE: is a file that contains the private key
-  * @type: is PEM or DER
-  *
-  * This function sets a certificate/private key pair in the
-  * mhd_gtls_cert_credentials_t structure.  This function may be
-  * called more than once (in case multiple keys/certificates exist
-  * for the server).
-  *
-  * Currently only PKCS-1 encoded RSA and DSA private keys are accepted by
-  * this function.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  **/
-int
-MHD_gnutls_certificate_set_x509_key_file (mhd_gtls_cert_credentials_t
-                                          res, const char *CERTFILE,
-                                          const char *KEYFILE,
-                                          gnutls_x509_crt_fmt_t type)
-{
-  int ret;
-
-  /* this should be first
-   */
-  if ((ret = read_key_file (res, KEYFILE, type)) < 0)
-    return ret;
-
-  if ((ret = read_cert_file (res, CERTFILE, type)) < 0)
-    return ret;
-
-  res->ncerts++;
-
-  if ((ret = _gnutls_check_key_cert_match (res)) < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  return 0;
-}
-
 static int
 generate_rdn_seq (mhd_gtls_cert_credentials_t res)
 {
@@ -1085,59 +964,6 @@ MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t
   return ret;
 }
 
-/**
-  * MHD_gnutls_certificate_set_x509_trust_file - Used to add trusted CAs in a mhd_gtls_cert_credentials_t structure
-  * @res: is an #mhd_gtls_cert_credentials_t structure.
-  * @cafile: is a file containing the list of trusted CAs (DER or PEM list)
-  * @type: is PEM or DER
-  *
-  * This function adds the trusted CAs in order to verify client or
-  * server certificates. In case of a client this is not required to
-  * be called if the certificates are not verified using
-  * MHD_gtls_certificate_verify_peers2().  This function may be called
-  * multiple times.
-  *
-  * In case of a server the names of the CAs set here will be sent to
-  * the client if a certificate request is sent. This can be disabled
-  * using MHD_gnutls_certificate_send_x509_rdn_sequence().
-  *
-  * Returns: number of certificates processed, or a negative value on
-  * error.
-  **/
-int
-MHD_gnutls_certificate_set_x509_trust_file (mhd_gtls_cert_credentials_t
-                                            res, const char *cafile,
-                                            gnutls_x509_crt_fmt_t type)
-{
-  int ret, ret2;
-  size_t size;
-  unsigned char *data = (unsigned char*) read_file (cafile, &size);
-
-  if (data == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_FILE_ERROR;
-    }
-
-  if (type == GNUTLS_X509_FMT_DER)
-    ret = parse_der_ca_mem (&res->x509_ca_list, &res->x509_ncas, data, size);
-  else
-    ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas, data, size);
-
-  free (data);
-
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  if ((ret2 = generate_rdn_seq (res)) < 0)
-    return ret2;
-
-  return ret;
-}
-
 #ifdef ENABLE_PKI
 
 static int
@@ -1333,53 +1159,6 @@ MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t
   return ret;
 }
 
-/**
-  * MHD_gnutls_certificate_set_x509_crl_file - Used to add CRLs in a mhd_gtls_cert_credentials_t structure
-  * @res: is an #mhd_gtls_cert_credentials_t structure.
-  * @crlfile: is a file containing the list of verified CRLs (DER or PEM list)
-  * @type: is PEM or DER
-  *
-  * This function adds the trusted CRLs in order to verify client or server
-  * certificates.  In case of a client this is not required
-  * to be called if the certificates are not verified using
-  * MHD_gtls_certificate_verify_peers2().
-  * This function may be called multiple times.
-  *
-  * Returns: number of CRLs processed or a negative value on error.
-  **/
-int
-MHD_gnutls_certificate_set_x509_crl_file (mhd_gtls_cert_credentials_t
-                                          res, const char *crlfile,
-                                          gnutls_x509_crt_fmt_t type)
-{
-  int ret;
-  size_t size;
-  unsigned char *data = (unsigned char*) read_file (crlfile, &size);
-
-  if (data == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_FILE_ERROR;
-    }
-
-  if (type == GNUTLS_X509_FMT_DER)
-    ret = parse_der_crl_mem (&res->x509_crl_list, &res->x509_ncrls,
-                             data, size);
-  else
-    ret = parse_pem_crl_mem (&res->x509_crl_list, &res->x509_ncrls,
-                             data, size);
-
-  free (data);
-
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  return ret;
-}
-
 #include <pkcs12.h>
 
 /**
diff --git a/src/daemon/internal.h b/src/daemon/internal.h
index 39886187..47d2963f 100644
--- a/src/daemon/internal.h
+++ b/src/daemon/internal.h
@@ -663,10 +663,6 @@ struct MHD_Daemon
   /* Diffie-Hellman parameters */
   mhd_gtls_dh_params_t dh_params;
 
-  const char *https_key_path;
-
-  const char *https_cert_path;
-
   const char *https_mem_key;
 
   const char *https_mem_cert;
diff --git a/src/examples/https_fileserver_example.c b/src/examples/https_fileserver_example.c
index 55201ce2..a8897a8d 100644
--- a/src/examples/https_fileserver_example.c
+++ b/src/examples/https_fileserver_example.c
@@ -170,19 +170,9 @@ main (int argc, char *const *argv)
 
                                  MHD_OPTION_END);
   }
-  else if (argc == 5){
-          TLS_daemon = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_DEBUG
-          | MHD_USE_SSL, atoi (argv[1]),
-          NULL,
-          NULL, &http_ahc,
-          NULL, MHD_OPTION_CONNECTION_TIMEOUT, 256,
-          MHD_OPTION_HTTPS_CERT_PATH, argv[3],
-          MHD_OPTION_HTTPS_KEY_PATH, argv[4],
-          MHD_OPTION_END);
-  }
   else {
           printf
-                  ("Usage : %s HTTP-PORT SECONDS-TO-RUN [CERTIFICATE PATH, KEY PATH]\n", argv[0]);
+                  ("Usage : %s HTTP-PORT SECONDS-TO-RUN\n", argv[0]);
                 return 1;
   }
 
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 9c98433c..ce1bdd9d 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -349,24 +349,6 @@ enum MHD_OPTION
   MHD_OPTION_SOCK_ADDR = 6,
 
   /**
-   * Filename for the private key (key.pem) to be used by the
-   * HTTPS daemon.  This option should be followed by an
-   * "const char*" argument.  The memory of the filename must
-   * not be released until the application terminates.
-   * This should be used in conjunction with 'MHD_OPTION_HTTPS_CERT_PATH'.
-   */
-  MHD_OPTION_HTTPS_KEY_PATH = 7,
-
-  /**
-   * Filename for the certificate (cert.pem) to be used by the
-   * HTTPS daemon.  This option should be followed by an
-   * "const char*" argument.  The memory of the filename must
-   * not be released until the application terminates.
-   * This should be used in conjunction with 'MHD_OPTION_HTTPS_KEY_PATH'.
-   */
-  MHD_OPTION_HTTPS_CERT_PATH = 8,
-
-  /**
    * Memory pointer for the private key (key.pem) to be used by the
    * HTTPS daemon.  This option should be followed by an
    * "const char*" argument.
@@ -515,15 +497,6 @@ enum MHD_RequestTerminationCode
    */
   MHD_REQUEST_TERMINATED_DAEMON_SHUTDOWN = 3,
 
-  /* FIXME: add TLS-specific error codes,
-     but only those that are useful! */
-  /**
-   * Processing of this secure connection encountered
-   * an error.
-   */
-  MHD_TLS_REQUEST_TERMINATED_WITH_ERROR,
-
-  MHD_TLS_REQUEST_TERMINATED_WITH_FATAL_ALERT
 };
 
 /**
@@ -640,11 +613,11 @@ enum MHD_GNUTLS_CompressionMethod
 enum MHD_GNUTLS_Protocol
 {
   MHD_GNUTLS_PROTOCOL_END = 0,
-  MHD_GNUTLS_SSL3 = 1,
-  MHD_GNUTLS_TLS1_0,
-  MHD_GNUTLS_TLS1_1,
-  MHD_GNUTLS_TLS1_2,
-  MHD_GNUTLS_VERSION_UNKNOWN = 0xff
+  MHD_GNUTLS_PROTOCOL_SSL3 = 1,
+  MHD_GNUTLS_PROTOCOL_TLS1_0,
+  MHD_GNUTLS_PROTOCOL_TLS1_1,
+  MHD_GNUTLS_PROTOCOL_TLS1_2,
+  MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN = 0xff
 };
 
 /**
diff --git a/src/testcurl/https/mhds_session_info_test.c b/src/testcurl/https/mhds_session_info_test.c
index d57c6037..2f25f312 100644
--- a/src/testcurl/https/mhds_session_info_test.c
+++ b/src/testcurl/https/mhds_session_info_test.c
@@ -105,7 +105,7 @@ query_session_ahc (void *cls, struct MHD_Connection *connection,
     }
 
   if (MHD_get_connection_info (connection, MHD_CONNECTION_INFO_PROTOCOL)->protocol !=
-      MHD_GNUTLS_SSL3)
+      MHD_GNUTLS_PROTOCOL_SSL3)
     {
       fprintf (stderr, "Error: requested compression mismatch. %s\n",
                strerror (errno));
diff --git a/src/testcurl/https/tls_daemon_options_test.c b/src/testcurl/https/tls_daemon_options_test.c
index 38a8c1d5..5817c9c5 100644
--- a/src/testcurl/https/tls_daemon_options_test.c
+++ b/src/testcurl/https/tls_daemon_options_test.c
@@ -356,8 +356,6 @@ main (int argc, char *const *argv)
 {
   FILE *test_fd;
   unsigned int errorCount = 0;
-  char * cur_dir;
-  char cert_path[255], key_path[255];
 
   MHD_gtls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL);
 
@@ -379,7 +377,7 @@ main (int argc, char *const *argv)
     }
 
   int mac[] = { MHD_GNUTLS_MAC_SHA1, 0 };
-  int p[] = { MHD_GNUTLS_SSL3, 0 };
+  int p[] = { MHD_GNUTLS_PROTOCOL_SSL3, 0 };
   int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 };
   int kx[] = { MHD_GNUTLS_KX_ANON_DH, 0 };
 
@@ -390,16 +388,6 @@ main (int argc, char *const *argv)
                MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
                MHD_OPTION_END);
 
-  cur_dir = get_current_dir_name ();
-  sprintf (cert_path, "%s/%s", cur_dir, "cert.pem");
-  sprintf (key_path, "%s/%s", cur_dir, "key.pem");
-
-  errorCount +=
-    test_wrap ("file certificates", &test_https_transfer, test_fd,
-               "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_CERT_PATH, cert_path,
-               MHD_OPTION_HTTPS_KEY_PATH, key_path, MHD_OPTION_END);
-  free (cur_dir);
-
   errorCount +=
     test_wrap ("protocol_version", &test_protocol_version, test_fd,
                "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,