Clean up #include situation, merge from gnutls_1_2_1_with_include_fixes.

Now lib/gnutls_int.h start by including gnutls/gnutls.h, to
check prototypes during compile time.
More cleanups are expected.

44 files changed, 460 insertions, 520 deletions

diff --git a/configure.in b/configure.in
index ffc473d79a..86a200b2b5 100644
--- a/configure.in
+++ b/configure.in
@@ -497,9 +497,6 @@ AC_CONFIG_FILES(lib/gnutls.h.in)
 AC_CONFIG_COMMANDS([includes/gnutls/gnutls.h],[[
  test -f lib/gnutls.h.in || (echo "Could not generate includes/gnutls/gnutls.h" && exit 1)
  cat lib/gnutls.h.in > includes/gnutls/gnutls.h
- cat $srcdir/lib/gnutls_ui.h >> includes/gnutls/gnutls.h
- echo "" >> includes/gnutls/gnutls.h
- cat $srcdir/lib/gnutls_errors_int.h | grep -v _INT_ >> includes/gnutls/gnutls.h
  echo "" >> includes/gnutls/gnutls.h
  echo "#ifdef __cplusplus" >> includes/gnutls/gnutls.h
  echo "}" >> includes/gnutls/gnutls.h
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 43e5b9a9b8..700a967e92 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -26,7 +26,8 @@ SUBDIRS += minitasn1
 endif
 
 AM_CPPFLAGS = -I$(top_srcdir)/crypto -I$(top_srcdir)/gl			\
-	-I$(top_srcdir)/includes -I$(srcdir)/x509			\
+	-I$(top_srcdir)/includes -I../includes				\
+	-I$(srcdir)/x509						\
 	-I$(top_srcdir)/libextra -I$(top_srcdir)/libextra/openpgp/	\
 	-I$(top_srcdir)/libextra/opencdk 				\
 	$(LIBOPENCDK_CFLAGS) $(LIBGCRYPT_CFLAGS)
@@ -79,7 +80,7 @@ HFILES = debug.h gnutls_compress.h defines.h gnutls_cipher.h		\
 	gnutls_errors_int.h gnutls_datum.h auth_cert.h gnutls_mpi.h	\
 	gnutls_pk.h gnutls_record.h gnutls_cert.h gnutls_constate.h	\
 	gnutls_global.h strfile.h gnutls_sig.h gnutls_mem.h		\
-	gnutls_ui.h io_debug.h ext_max_record.h gnutls_session_pack.h	\
+	io_debug.h ext_max_record.h gnutls_session_pack.h	\
 	gnutls_alert.h gnutls_str.h gnutls_state.h gnutls_x509.h	\
 	ext_cert_type.h gnutls_rsa_export.h ext_server_name.h		\
 	auth_dh_common.h ext_srp.h gnutls_srp.h auth_srp.h		\
diff --git a/lib/auth_anon.c b/lib/auth_anon.c
index e27b2c880f..0e9c66e9e1 100644
--- a/lib/auth_anon.c
+++ b/lib/auth_anon.c
@@ -67,7 +67,7 @@ static int gen_anon_server_kx(gnutls_session_t session, opaque ** data)
     const mpi_t *mpis;
     int ret;
     gnutls_dh_params_t dh_params;
-    const gnutls_anon_server_credentials_t cred;
+    gnutls_anon_server_credentials_t cred;
 
     cred = _gnutls_get_cred(session->key, GNUTLS_CRD_ANON, NULL);
     if (cred == NULL) {
@@ -106,7 +106,7 @@ static int gen_anon_server_kx(gnutls_session_t session, opaque ** data)
 static int proc_anon_client_kx(gnutls_session_t session, opaque * data,
 			       size_t _data_size)
 {
-    const gnutls_anon_server_credentials_t cred;
+    gnutls_anon_server_credentials_t cred;
     int bits;
     int ret;
     mpi_t p, g;
diff --git a/lib/auth_anon.h b/lib/auth_anon.h
index e7104aa5f3..6dc54f1b13 100644
--- a/lib/auth_anon.h
+++ b/lib/auth_anon.h
@@ -26,16 +26,17 @@
 #include <gnutls_auth.h>
 #include <auth_dh_common.h>
 
-typedef struct {
+typedef struct gnutls_anon_server_credentials_st {
     gnutls_dh_params_t dh_params;
     /* this callback is used to retrieve the DH or RSA
      * parameters.
      */
     gnutls_params_function *params_func;
 } anon_server_credentials_st;
-#define gnutls_anon_server_credentials_t anon_server_credentials_st*
 
-#define gnutls_anon_client_credentials_t void*
+typedef struct gnutls_anon_client_credentials_st {
+  int dummy;
+} anon_client_credentials_st;
 
 typedef struct anon_client_auth_info_st {
     dh_info_st dh;
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 81a183a3b9..92efe19e35 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -376,7 +376,7 @@ static int call_get_cert_callback(gnutls_session_t session,
     gnutls_retr_st st;
     int ret;
     gnutls_certificate_type_t type = gnutls_certificate_type_get(session);
-    const gnutls_certificate_credentials_t cred;
+    gnutls_certificate_credentials_t cred;
 
     cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
     if (cred == NULL) {
@@ -473,7 +473,7 @@ static int _select_client_cert(gnutls_session_t session,
 {
     int result;
     int indx = -1;
-    const gnutls_certificate_credentials_t cred;
+    gnutls_certificate_credentials_t cred;
     opaque *data = _data;
     ssize_t data_size = _data_size;
     int issuers_dn_length;
@@ -773,7 +773,7 @@ int _gnutls_proc_x509_server_certificate(gnutls_session_t session,
     int size, len, ret;
     opaque *p = data;
     cert_auth_info_t info;
-    const gnutls_certificate_credentials_t cred;
+    gnutls_certificate_credentials_t cred;
     ssize_t dsize = data_size;
     int i, j, x;
     gnutls_cert *peer_certificate_list;
@@ -901,7 +901,7 @@ int _gnutls_proc_openpgp_server_certificate(gnutls_session_t session,
     int size, ret, len;
     opaque *p = data;
     cert_auth_info_t info;
-    const gnutls_certificate_credentials_t cred;
+    gnutls_certificate_credentials_t cred;
     ssize_t dsize = data_size;
     int i, x;
     gnutls_cert *peer_certificate_list = NULL;
@@ -1097,7 +1097,7 @@ int _gnutls_proc_cert_cert_req(gnutls_session_t session, opaque * data,
 {
     int size, ret;
     opaque *p;
-    const gnutls_certificate_credentials_t cred;
+    gnutls_certificate_credentials_t cred;
     cert_auth_info_t info;
     ssize_t dsize;
     int i, j;
@@ -1268,7 +1268,7 @@ int _gnutls_proc_cert_client_cert_vrfy(gnutls_session_t session,
 int _gnutls_gen_cert_server_cert_req(gnutls_session_t session,
 				     opaque ** data)
 {
-    const gnutls_certificate_credentials_t cred;
+    gnutls_certificate_credentials_t cred;
     int size;
     opaque *pdata;
 
@@ -1543,7 +1543,7 @@ int _gnutls_server_select_cert(gnutls_session_t session,
 {
     uint i;
     int index, ret;
-    const gnutls_certificate_credentials_t cred;
+    gnutls_certificate_credentials_t cred;
 
     cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
     if (cred == NULL) {
diff --git a/lib/auth_cert.h b/lib/auth_cert.h
index ccf21ea654..f49792ebc9 100644
--- a/lib/auth_cert.h
+++ b/lib/auth_cert.h
@@ -22,42 +22,18 @@
  *
  */
 
-#ifndef AUTH_X509_H
-# define AUTH_X509_H
+#ifndef AUTH_CERT_H
+# define AUTH_CERT_H
 # include "gnutls_cert.h"
 # include "gnutls_auth.h"
 # include "auth_dh_common.h"
 # include "x509/x509.h"
 # include "../libextra/openpgp/openpgp.h"
 
-typedef struct retr_st {
-    gnutls_certificate_type_t type;
-    union cert {
-	gnutls_x509_crt_t *x509;
-	gnutls_openpgp_key_t pgp;
-    } cert;
-    uint ncerts;
-
-    union key {
-	gnutls_x509_privkey_t x509;
-	gnutls_openpgp_privkey_t pgp;
-    } key;
-
-    uint deinit_all;
-} gnutls_retr_st;
-
-typedef int gnutls_certificate_client_retrieve_function(gnutls_session_t,
-    const gnutls_datum_t *req_ca_rdn, int nreqs,
-    const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length,
-    gnutls_retr_st *);
-
-typedef int gnutls_certificate_server_retrieve_function(struct
-    gnutls_session_int*, gnutls_retr_st *);
-
 /* This structure may be complex, but it's the only way to
  * support a server that has multiple certificates
  */
-typedef struct {
+typedef struct gnutls_certificate_credentials_st {
     gnutls_dh_params_t dh_params;
     gnutls_rsa_params_t rsa_params;
     /* this callback is used to retrieve the DH or RSA
@@ -120,8 +96,6 @@ typedef struct {
     gnutls_certificate_server_retrieve_function *server_get_cert_callback;
 } certificate_credentials_st;
 
-#define gnutls_certificate_credentials_t certificate_credentials_st*
-
 typedef struct rsa_info_st {
     gnutls_datum_t modulus;
     gnutls_datum_t exponent;
diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c
index 6be2dd36ac..a576481ba8 100644
--- a/lib/auth_dhe.c
+++ b/lib/auth_dhe.c
@@ -89,7 +89,7 @@ static int gen_dhe_server_kx(gnutls_session_t session, opaque ** data)
     gnutls_privkey *apr_pkey;
     int apr_cert_list_length;
     gnutls_datum_t signature, ddata;
-    const gnutls_certificate_credentials_t cred;
+    gnutls_certificate_credentials_t cred;
     gnutls_dh_params_t dh_params;
 
     cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
@@ -228,7 +228,7 @@ static int proc_dhe_server_kx(gnutls_session_t session, opaque * data,
 static int proc_dhe_client_kx(gnutls_session_t session, opaque * data,
 			      size_t _data_size)
 {
-    const gnutls_certificate_credentials_t cred;
+    gnutls_certificate_credentials_t cred;
     int ret;
     mpi_t p, g;
     const mpi_t *mpis;
diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c
index 5ed7c0129d..b63937908a 100644
--- a/lib/auth_rsa.c
+++ b/lib/auth_rsa.c
@@ -142,7 +142,7 @@ int _gnutls_get_private_rsa_params(gnutls_session_t session,
 				   mpi_t ** params, int *params_size)
 {
     int bits;
-    const gnutls_certificate_credentials_t cred;
+    gnutls_certificate_credentials_t cred;
     gnutls_rsa_params_t rsa_params;
 
     cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c
index 765f66e99f..7a682d13b5 100644
--- a/lib/auth_rsa_export.c
+++ b/lib/auth_rsa_export.c
@@ -80,7 +80,7 @@ static int gen_rsa_export_server_kx(gnutls_session_t session,
     int apr_cert_list_length;
     gnutls_datum_t signature, ddata;
     cert_auth_info_t info;
-    const gnutls_certificate_credentials_t cred;
+    gnutls_certificate_credentials_t cred;
 
     cred = _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
     if (cred == NULL) {
diff --git a/lib/auth_srp.h b/lib/auth_srp.h
index 087bae3844..a7006bc28a 100644
--- a/lib/auth_srp.h
+++ b/lib/auth_srp.h
@@ -27,24 +27,13 @@
 
 #include <gnutls_auth.h>
 
-typedef int gnutls_srp_server_credentials_function(gnutls_session_t,
-   const char *username, gnutls_datum_t * salt,
-   gnutls_datum_t *verifier, gnutls_datum_t *generator,
-   gnutls_datum_t * prime);
-
-typedef int gnutls_srp_client_credentials_function(gnutls_session_t,
-   unsigned int times, char **username, char **password);
-
-
-typedef struct {
+typedef struct gnutls_srp_client_credentials_st {
     char *username;
     char *password;
     gnutls_srp_client_credentials_function *get_function;
 } srp_client_credentials_st;
 
-#define gnutls_srp_client_credentials_t srp_client_credentials_st*
-
-typedef struct {
+typedef struct gnutls_srp_server_credentials_st {
     char *password_file;
     char *password_conf_file;
     /* callback function, instead of reading the
@@ -53,8 +42,6 @@ typedef struct {
     gnutls_srp_server_credentials_function *pwd_callback;
 } srp_server_cred_st;
 
-#define gnutls_srp_server_credentials_t srp_server_cred_st*
-
 /* these structures should not use allocated data */
 typedef struct srp_server_auth_info_st {
     char username[MAX_SRP_USERNAME];
diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c
index 1a087aa2d8..f8ba26030e 100644
--- a/lib/auth_srp_passwd.c
+++ b/lib/auth_srp_passwd.c
@@ -227,7 +227,7 @@ static int pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry,
 int _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username,
 			       SRP_PWD_ENTRY ** _entry)
 {
-    const gnutls_srp_server_credentials_t cred;
+    gnutls_srp_server_credentials_t cred;
     FILE *fd;
     char line[2 * 1024];
     uint i, len;
diff --git a/lib/auth_srp_rsa.c b/lib/auth_srp_rsa.c
index cc091a4856..c1ded881a1 100644
--- a/lib/auth_srp_rsa.c
+++ b/lib/auth_srp_rsa.c
@@ -83,7 +83,7 @@ static int gen_srp_cert_server_kx(gnutls_session_t session, opaque ** data)
 {
     ssize_t ret, data_size;
     gnutls_datum_t signature, ddata;
-    const gnutls_certificate_credentials_t cred;
+    gnutls_certificate_credentials_t cred;
     gnutls_cert *apr_cert_list;
     gnutls_privkey *apr_pkey;
     int apr_cert_list_length;
diff --git a/lib/debug.c b/lib/debug.c
index b5040007cd..c517d40ec4 100644
--- a/lib/debug.c
+++ b/lib/debug.c
@@ -68,38 +68,38 @@ const char *_gnutls_packet2str(content_type_t packet)
     }
 }
 
-const char *_gnutls_handshake2str(handshake_t handshake)
+const char *_gnutls_handshake2str(gnutls_handshake_description_t handshake)
 {
 
     switch (handshake) {
-    case GNUTLS_HELLO_REQUEST:
+    case GNUTLS_HANDSHAKE_HELLO_REQUEST:
 	return "HELLO REQUEST";
 	break;
-    case GNUTLS_CLIENT_HELLO:
+    case GNUTLS_HANDSHAKE_CLIENT_HELLO:
 	return "CLIENT HELLO";
 	break;
-    case GNUTLS_SERVER_HELLO:
+    case GNUTLS_HANDSHAKE_SERVER_HELLO:
 	return "SERVER HELLO";
 	break;
-    case GNUTLS_CERTIFICATE_PKT:
+    case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
 	return "CERTIFICATE";
 	break;
-    case GNUTLS_SERVER_KEY_EXCHANGE:
+    case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
 	return "SERVER KEY EXCHANGE";
 	break;
-    case GNUTLS_CERTIFICATE_REQUEST:
+    case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
 	return "CERTIFICATE REQUEST";
 	break;
-    case GNUTLS_SERVER_HELLO_DONE:
+    case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
 	return "SERVER HELLO DONE";
 	break;
-    case GNUTLS_CERTIFICATE_VERIFY:
+    case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
 	return "CERTIFICATE VERIFY";
 	break;
-    case GNUTLS_CLIENT_KEY_EXCHANGE:
+    case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
 	return "CLIENT KEY EXCHANGE";
 	break;
-    case GNUTLS_FINISHED:
+    case GNUTLS_HANDSHAKE_FINISHED:
 	return "FINISHED";
 	break;
     default:
diff --git a/lib/debug.h b/lib/debug.h
index a96cc0076a..751ad27fa9 100644
--- a/lib/debug.h
+++ b/lib/debug.h
@@ -26,5 +26,5 @@
 void _gnutls_print_state(gnutls_session_t session);
 #endif
 const char *_gnutls_packet2str(content_type_t packet);
-const char *_gnutls_handshake2str(handshake_t handshake);
+const char *_gnutls_handshake2str(gnutls_handshake_description_t handshake);
 void _gnutls_dump_mpi(const char *prefix, mpi_t a);
diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in
index b5cf800550..2dbaa22941 100644
--- a/lib/gnutls.h.in.in
+++ b/lib/gnutls.h.in.in
@@ -1,4 +1,4 @@
-/*
+/* -*- c -*-
  * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
  *
  * Author: Nikos Mavroyanopoulos
@@ -61,9 +61,11 @@ extern "C" {
 #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
 #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
 
-typedef enum { GNUTLS_CIPHER_NULL=1, 
-    GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_AES_128_CBC, 
-    GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_ARCFOUR_40
+typedef enum gnutls_cipher_algorithm { GNUTLS_CIPHER_NULL = 1,
+    GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_3DES_CBC,
+    GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC,
+    GNUTLS_CIPHER_ARCFOUR_40,
+    GNUTLS_CIPHER_RC2_40_CBC = 90, GNUTLS_CIPHER_DES_CBC
 } gnutls_cipher_algorithm_t;
 
 typedef enum { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, 
@@ -79,8 +81,12 @@ typedef enum { GNUTLS_CRD_CERTIFICATE=1, GNUTLS_CRD_ANON, GNUTLS_CRD_SRP } gnutl
 
 #define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1
 #define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1
-typedef enum { GNUTLS_MAC_NULL=1, 
-    GNUTLS_MAC_MD5, GNUTLS_MAC_SHA1, GNUTLS_MAC_RMD160
+typedef enum {
+  GNUTLS_MAC_UNKNOWN = 0,
+  GNUTLS_MAC_NULL = 1,
+  GNUTLS_MAC_MD5,
+  GNUTLS_MAC_SHA1,
+  GNUTLS_MAC_RMD160
 } gnutls_mac_algorithm_t;
 
 /* The enumerations here should have the same value with gnutls_mac_algorithm_t.
@@ -154,8 +160,12 @@ typedef enum { GNUTLS_OPENPGP_KEY,
 typedef enum { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } gnutls_close_request_t;
 
 #define GNUTLS_TLS1 GNUTLS_TLS1_0
-typedef enum { GNUTLS_SSL3=1, GNUTLS_TLS1_0,
-    GNUTLS_TLS1_1 } gnutls_protocol_t;
+typedef enum  {
+  GNUTLS_SSL3 = 1,
+  GNUTLS_TLS1_0,
+  GNUTLS_TLS1_1,
+  GNUTLS_VERSION_UNKNOWN = 0xff
+} gnutls_protocol_t;
 
 typedef enum { GNUTLS_CRT_X509=1, GNUTLS_CRT_OPENPGP 
 } gnutls_certificate_type_t;
@@ -187,8 +197,8 @@ typedef struct gnutls_session_int* gnutls_session_t;
 struct gnutls_dh_params_int;
 typedef struct gnutls_dh_params_int* gnutls_dh_params_t;
 
-struct gnutls_rsa_params_int;
-typedef struct gnutls_rsa_params_int* gnutls_rsa_params_t;
+struct gnutls_x509_privkey_int; /* XXX ugly. */
+typedef struct gnutls_x509_privkey_int* gnutls_rsa_params_t; /* XXX ugly. */
 
 typedef struct {
     unsigned char * data;
@@ -330,7 +340,7 @@ const char* gnutls_check_version( const char *req_version);
 
 /* Functions for setting/clearing credentials
  */
-int gnutls_credentials_clear( gnutls_session_t session);
+void gnutls_credentials_clear( gnutls_session_t session);
 
 /* cred is a structure defined by the kx algorithm
  */
@@ -341,13 +351,13 @@ int gnutls_credentials_set( gnutls_session_t session,
 
 /* Credential structures for SRP - used in gnutls_credentials_set(); */
 
-struct DSTRUCT;
-typedef struct DSTRUCT* gnutls_certificate_credentials_t;
+struct gnutls_certificate_credentials_st;
+typedef struct gnutls_certificate_credentials_st *gnutls_certificate_credentials_t;
 typedef gnutls_certificate_credentials_t gnutls_certificate_server_credentials;
 typedef gnutls_certificate_credentials_t gnutls_certificate_client_credentials;
 
-typedef struct DSTRUCT* gnutls_anon_server_credentials_t;
-typedef struct DSTRUCT* gnutls_anon_client_credentials_t;
+typedef struct gnutls_anon_server_credentials_st* gnutls_anon_server_credentials_t;
+typedef struct gnutls_anon_client_credentials_st* gnutls_anon_client_credentials_t;
 
 void gnutls_anon_free_server_credentials( gnutls_anon_server_credentials_t sc);
 int gnutls_anon_allocate_server_credentials( gnutls_anon_server_credentials_t *sc);
@@ -449,7 +459,7 @@ int gnutls_dh_params_import_raw(gnutls_dh_params_t dh_params,
 				const gnutls_datum_t* generator);
 int gnutls_dh_params_import_pkcs3(gnutls_dh_params_t params,
     const gnutls_datum_t * pkcs3_params, gnutls_x509_crt_fmt_t format);
-int gnutls_dh_params_generate2(gnutls_dh_params_t params, int bits);
+int gnutls_dh_params_generate2(gnutls_dh_params_t params, unsigned int bits);
 int gnutls_dh_params_export_pkcs3( gnutls_dh_params_t params,
     gnutls_x509_crt_fmt_t format, unsigned char* params_data, size_t* params_data_size);
 int gnutls_dh_params_export_raw(gnutls_dh_params_t params,
@@ -466,7 +476,7 @@ int gnutls_rsa_params_import_raw(gnutls_rsa_params_t rsa_params,
     const gnutls_datum_t *m, const gnutls_datum_t *e,
     const gnutls_datum_t *d, const gnutls_datum_t *p, 
     const gnutls_datum_t *q, const gnutls_datum_t *u);
-int gnutls_rsa_params_generate2(gnutls_rsa_params_t params, int bits);
+int gnutls_rsa_params_generate2(gnutls_rsa_params_t params, unsigned int bits);
 int gnutls_rsa_params_export_raw(gnutls_rsa_params_t params,
     gnutls_datum_t * m, gnutls_datum_t *e,
     gnutls_datum_t *d, gnutls_datum_t *p, gnutls_datum_t* q, 
@@ -513,8 +523,8 @@ int gnutls_fingerprint(gnutls_digest_algorithm_t algo, const gnutls_datum_t* dat
 /* SRP 
  */
 
-typedef struct DSTRUCT* gnutls_srp_server_credentials_t;
-typedef struct DSTRUCT* gnutls_srp_client_credentials_t;
+typedef struct gnutls_srp_server_credentials_st* gnutls_srp_server_credentials_t;
+typedef struct gnutls_srp_client_credentials_st* gnutls_srp_client_credentials_t;
 
 void gnutls_srp_free_client_credentials( gnutls_srp_client_credentials_t sc);
 int gnutls_srp_allocate_client_credentials( gnutls_srp_client_credentials_t *sc);
@@ -567,3 +577,289 @@ int gnutls_srp_base64_encode_alloc( const gnutls_datum_t *data, gnutls_datum_t*
 int gnutls_srp_base64_decode( const gnutls_datum_t *b64_data, char* result, int* result_size);
 int gnutls_srp_base64_decode_alloc( const gnutls_datum_t *b64_data,
 				      gnutls_datum_t* result);
+
+#ifndef GNUTLS_UI_H
+# define GNUTLS_UI_H
+
+  typedef enum gnutls_x509_subject_alt_name_t {
+    GNUTLS_SAN_DNSNAME = 1, GNUTLS_SAN_RFC822NAME,
+    GNUTLS_SAN_URI, GNUTLS_SAN_IPADDRESS
+  } gnutls_x509_subject_alt_name_t;
+
+# ifdef LIBGNUTLS_VERSION	/* These are defined only in gnutls.h */
+
+  struct gnutls_openpgp_key_int;
+  typedef struct gnutls_openpgp_key_int *gnutls_openpgp_key_t;
+
+  struct gnutls_openpgp_privkey_int;
+  typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t;
+
+  typedef struct gnutls_retr_st {
+    gnutls_certificate_type_t type;
+    union cert {
+      gnutls_x509_crt_t *x509;
+      gnutls_openpgp_key_t pgp;
+    } cert;
+    unsigned int ncerts;	/* one for pgp keys */
+
+    union key {
+      gnutls_x509_privkey_t x509;
+      gnutls_openpgp_privkey_t pgp;
+    } key;
+
+    unsigned int deinit_all;	/* if non zero all keys will be deinited */
+  } gnutls_retr_st;
+
+  typedef int gnutls_certificate_client_retrieve_function(gnutls_session_t,
+							  const
+							  gnutls_datum_t *
+							  req_ca_rdn,
+							  int nreqs,
+							  const
+							  gnutls_pk_algorithm_t
+							  * pk_algos,
+							  int
+							  pk_algos_length,
+							  gnutls_retr_st *);
+  typedef int gnutls_certificate_server_retrieve_function(gnutls_session_t,
+							  gnutls_retr_st *);
+
+
+  /* Functions that allow auth_info_t structures handling
+   */
+
+  gnutls_credentials_type_t gnutls_auth_get_type(gnutls_session_t session);
+  gnutls_credentials_type_t gnutls_auth_server_get_type(gnutls_session_t
+							session);
+  gnutls_credentials_type_t gnutls_auth_client_get_type(gnutls_session_t
+							session);
+
+  /* DH */
+
+  void gnutls_dh_set_prime_bits(gnutls_session_t session, unsigned int bits);
+  int gnutls_dh_get_secret_bits(gnutls_session_t session);
+  int gnutls_dh_get_peers_public_bits(gnutls_session_t session);
+  int gnutls_dh_get_prime_bits(gnutls_session_t session);
+
+  int gnutls_dh_get_group(gnutls_session_t session, gnutls_datum_t * raw_gen,
+			  gnutls_datum_t * raw_prime);
+  int gnutls_dh_get_pubkey(gnutls_session_t session,
+			   gnutls_datum_t * raw_key);
+
+  /* RSA */
+  int gnutls_rsa_export_get_pubkey(gnutls_session_t session,
+				   gnutls_datum_t * exponent,
+				   gnutls_datum_t * modulus);
+  int gnutls_rsa_export_get_modulus_bits(gnutls_session_t session);
+
+  /* X509PKI */
+
+  /* These are set on the credentials structure.
+   */
+  void gnutls_certificate_client_set_retrieve_function
+  (gnutls_certificate_credentials_t cred,
+   gnutls_certificate_client_retrieve_function * func);
+  void gnutls_certificate_server_set_retrieve_function
+  (gnutls_certificate_credentials_t cred,
+   gnutls_certificate_server_retrieve_function * func);
+
+  void gnutls_certificate_server_set_request(gnutls_session_t session,
+					     gnutls_certificate_request_t
+					     req);
+
+  /* get data from the session
+   */
+  const gnutls_datum_t *gnutls_certificate_get_peers(gnutls_session_t
+						     session, unsigned int
+						     *list_size);
+  const gnutls_datum_t *gnutls_certificate_get_ours(gnutls_session_t
+						    session);
+
+  time_t gnutls_certificate_activation_time_peers(gnutls_session_t session);
+  time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session);
+
+  int gnutls_certificate_client_get_request_status(gnutls_session_t session);
+  int gnutls_certificate_verify_peers2(gnutls_session_t session,
+				       unsigned int *status);
+
+  /* this is obsolete (?). */
+  int gnutls_certificate_verify_peers(gnutls_session_t session);
+
+  int gnutls_pem_base64_encode(const char *msg, const gnutls_datum_t * data,
+			       char *result, size_t * result_size);
+  int gnutls_pem_base64_decode(const char *header,
+			       const gnutls_datum_t * b64_data,
+			       unsigned char *result, size_t * result_size);
+
+  int gnutls_pem_base64_encode_alloc(const char *msg,
+				     const gnutls_datum_t * data,
+				     gnutls_datum_t * result);
+  int gnutls_pem_base64_decode_alloc(const char *header,
+				     const gnutls_datum_t * b64_data,
+				     gnutls_datum_t * result);
+
+  /* key_usage will be an OR of the following values:
+   */
+#define GNUTLS_KEY_DIGITAL_SIGNATURE            128	/* when the key is to be
+							 * used for signing.
+							 */
+#define GNUTLS_KEY_NON_REPUDIATION              64
+#define GNUTLS_KEY_KEY_ENCIPHERMENT             32	/* when the key is to be
+							 * used for encryption.
+							 */
+#define GNUTLS_KEY_DATA_ENCIPHERMENT            16
+#define GNUTLS_KEY_KEY_AGREEMENT                8
+#define GNUTLS_KEY_KEY_CERT_SIGN                4
+#define GNUTLS_KEY_CRL_SIGN                     2
+#define GNUTLS_KEY_ENCIPHER_ONLY                1
+#define GNUTLS_KEY_DECIPHER_ONLY                32768
+
+  typedef struct gnutls_params_st {
+    gnutls_params_type_t type;
+    union params {
+      gnutls_dh_params_t dh;
+      gnutls_rsa_params_t rsa_export;
+    } params;
+    int deinit;
+  } gnutls_params_st;
+
+  typedef int gnutls_params_function(gnutls_session_t, gnutls_params_type_t,
+				     gnutls_params_st *);
+
+  void
+  gnutls_certificate_set_params_function(gnutls_certificate_credentials_t
+					 res, gnutls_params_function * func);
+  void gnutls_anon_set_params_function(gnutls_anon_server_credentials_t res,
+				       gnutls_params_function * func);
+
+
+# endif				/* LIBGNUTLS_VERSION */
+
+#endif				/* GNUTLS_UI_H */
+
+  /* Gnutls error codes. The mapping to a TLS alert is also shown in
+   * comments.
+   */
+
+#define GNUTLS_E_SUCCESS 0
+#define	GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
+#define	GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
+#define	GNUTLS_E_LARGE_PACKET -7
+#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8	/* GNUTLS_A_PROTOCOL_VERSION */
+#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9	/* GNUTLS_A_RECORD_OVERFLOW */
+#define GNUTLS_E_INVALID_SESSION -10
+#define GNUTLS_E_FATAL_ALERT_RECEIVED -12
+#define GNUTLS_E_UNEXPECTED_PACKET -15	/* GNUTLS_A_UNEXPECTED_MESSAGE */
+#define GNUTLS_E_WARNING_ALERT_RECEIVED -16
+#define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18
+#define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19
+#define	GNUTLS_E_UNKNOWN_CIPHER_SUITE -21	/* GNUTLS_A_HANDSHAKE_FAILURE */
+#define	GNUTLS_E_UNWANTED_ALGORITHM -22
+#define	GNUTLS_E_MPI_SCAN_FAILED -23
+#define GNUTLS_E_DECRYPTION_FAILED -24	/* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
+#define GNUTLS_E_MEMORY_ERROR -25
+#define GNUTLS_E_DECOMPRESSION_FAILED -26	/* GNUTLS_A_DECOMPRESSION_FAILURE */
+#define GNUTLS_E_COMPRESSION_FAILED -27
+#define GNUTLS_E_AGAIN -28
+#define GNUTLS_E_EXPIRED -29
+#define GNUTLS_E_DB_ERROR -30
+#define GNUTLS_E_SRP_PWD_ERROR -31
+#define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32
+#define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS	/* for backwards compatibility only */
+#define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS
+#define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS	/* for backwards compatibility only */
+
+#define GNUTLS_E_HASH_FAILED -33
+#define GNUTLS_E_BASE64_DECODING_ERROR -34
+
+#define	GNUTLS_E_MPI_PRINT_FAILED -35
+#define GNUTLS_E_REHANDSHAKE -37	/* GNUTLS_A_NO_RENEGOTIATION */
+#define GNUTLS_E_GOT_APPLICATION_DATA -38
+#define GNUTLS_E_RECORD_LIMIT_REACHED -39
+#define GNUTLS_E_ENCRYPTION_FAILED -40
+
+#define GNUTLS_E_PK_ENCRYPTION_FAILED -44
+#define GNUTLS_E_PK_DECRYPTION_FAILED -45
+#define GNUTLS_E_PK_SIGN_FAILED -46
+#define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47
+#define GNUTLS_E_KEY_USAGE_VIOLATION -48
+#define GNUTLS_E_NO_CERTIFICATE_FOUND -49	/* GNUTLS_A_BAD_CERTIFICATE */
+#define GNUTLS_E_INVALID_REQUEST -50
+#define GNUTLS_E_SHORT_MEMORY_BUFFER -51
+#define GNUTLS_E_INTERRUPTED -52
+#define GNUTLS_E_PUSH_ERROR -53
+#define GNUTLS_E_PULL_ERROR -54
+#define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55	/* GNUTLS_A_ILLEGAL_PARAMETER */
+#define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56
+#define GNUTLS_E_PKCS1_WRONG_PAD -57
+#define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58
+#define GNUTLS_E_INTERNAL_ERROR -59
+#define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63
+#define GNUTLS_E_FILE_ERROR -64
+#define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78
+#define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80
+
+
+  /* returned if libextra functionality was requested but
+   * gnutls_global_init_extra() was not called.
+   */
+#define GNUTLS_E_INIT_LIBEXTRA -82
+#define GNUTLS_E_LIBRARY_VERSION_MISMATCH -83
+
+
+  /* returned if you need to generate temporary RSA
+   * parameters. These are needed for export cipher suites.
+   */
+#define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84
+
+#define GNUTLS_E_LZO_INIT_FAILED -85
+#define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86
+#define GNUTLS_E_NO_CIPHER_SUITES -87
+
+#define GNUTLS_E_OPENPGP_GETKEY_FAILED -88
+#define GNUTLS_E_PK_SIG_VERIFY_FAILED -89
+
+#define GNUTLS_E_ILLEGAL_SRP_USERNAME -90
+#define GNUTLS_E_SRP_PWD_PARSING_ERROR -91
+#define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93
+
+  /* For certificate and key stuff
+   */
+#define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67
+#define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68
+#define GNUTLS_E_ASN1_DER_ERROR -69
+#define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70
+#define GNUTLS_E_ASN1_GENERIC_ERROR -71
+#define GNUTLS_E_ASN1_VALUE_NOT_VALID -72
+#define GNUTLS_E_ASN1_TAG_ERROR -73
+#define GNUTLS_E_ASN1_TAG_IMPLICIT -74
+#define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75
+#define GNUTLS_E_ASN1_SYNTAX_ERROR -76
+#define GNUTLS_E_ASN1_DER_OVERFLOW -77
+#define GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED -81
+#define GNUTLS_E_OPENPGP_UID_REVOKED -79
+#define GNUTLS_E_CERTIFICATE_ERROR -43
+#define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR
+#define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
+#define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61	/* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
+#define GNUTLS_E_X509_UNKNOWN_SAN -62
+#define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94
+#define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95
+#define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96
+#define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97
+#define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98
+#define GNUTLS_E_INVALID_PASSWORD -99
+#define GNUTLS_E_MAC_VERIFY_FAILED -100	/* for PKCS #12 MAC */
+#define GNUTLS_E_CONSTRAINT_ERROR -101
+
+#define GNUTLS_E_BASE64_ENCODING_ERROR -201
+#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202	/* obsolete */
+#define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202
+#define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203
+
+#define GNUTLS_E_OPENPGP_KEYRING_ERROR -204
+#define GNUTLS_E_X509_UNSUPPORTED_OID -205
+
+#define GNUTLS_E_RANDOM_FAILED -206
+
+#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
diff --git a/lib/gnutls_alert.h b/lib/gnutls_alert.h
index 93788fcfd7..bd742d3008 100644
--- a/lib/gnutls_alert.h
+++ b/lib/gnutls_alert.h
@@ -22,29 +22,6 @@
  *
  */
 
-typedef enum gnutls_alert_level_t { GNUTLS_AL_WARNING = 1, GNUTLS_AL_FATAL
-} gnutls_alert_level_t;
-
-typedef enum AlertDescription {
-    GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_UNEXPECTED_MESSAGE = 10,
-    GNUTLS_A_BAD_RECORD_MAC = 20, GNUTLS_A_DECRYPTION_FAILED,
-    GNUTLS_A_RECORD_OVERFLOW, GNUTLS_A_DECOMPRESSION_FAILURE = 30,
-    GNUTLS_A_HANDSHAKE_FAILURE = 40, GNUTLS_A_SSL3_NO_CERTIFICATE = 41,
-    GNUTLS_A_BAD_CERTIFICATE = 42, GNUTLS_A_UNSUPPORTED_CERTIFICATE,
-    GNUTLS_A_CERTIFICATE_REVOKED, GNUTLS_A_CERTIFICATE_EXPIRED,
-    GNUTLS_A_CERTIFICATE_UNKNOWN, GNUTLS_A_ILLEGAL_PARAMETER,
-    GNUTLS_A_UNKNOWN_CA, GNUTLS_A_ACCESS_DENIED, GNUTLS_A_DECODE_ERROR =
-	50,
-    GNUTLS_A_DECRYPT_ERROR, GNUTLS_A_EXPORT_RESTRICTION = 60,
-    GNUTLS_A_PROTOCOL_VERSION = 70, GNUTLS_A_INSUFFICIENT_SECURITY,
-    GNUTLS_A_INTERNAL_ERROR = 80, GNUTLS_A_USER_CANCELED = 90,
-    GNUTLS_A_NO_RENEGOTIATION = 100, GNUTLS_A_UNSUPPORTED_EXTENSION = 110,
-    GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111, GNUTLS_A_UNRECOGNIZED_NAME =
-	112,
-    GNUTLS_A_UNKNOWN_SRP_USERNAME = 120, GNUTLS_A_MISSING_SRP_USERNAME =
-	121
-} gnutls_alert_description_t;
-
 gnutls_alert_description_t gnutls_alert_get(gnutls_session_t session);
 int gnutls_alert_send(gnutls_session_t session, gnutls_alert_level_t level,
 		      gnutls_alert_description_t desc);
diff --git a/lib/gnutls_auth_int.h b/lib/gnutls_auth_int.h
index 4a3b58fc52..a12bb0a199 100644
--- a/lib/gnutls_auth_int.h
+++ b/lib/gnutls_auth_int.h
@@ -22,9 +22,6 @@
  *
  */
 
-void gnutls_credentials_clear(gnutls_session_t session);
-int gnutls_credentials_set(gnutls_session_t session,
-			   gnutls_credentials_type_t type, void *cred);
 const void *_gnutls_get_cred(gnutls_key_st key,
 			     gnutls_credentials_type_t kx, int *err);
 const void *_gnutls_get_kx_cred(gnutls_session_t session,
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index fdfd9aa5bb..6ef024d881 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -780,7 +780,7 @@ ssize_t _gnutls_handshake_io_write_flush(gnutls_session_t session)
  */
 ssize_t _gnutls_handshake_io_send_int(gnutls_session_t session,
 				      content_type_t type,
-				      handshake_t htype,
+				      gnutls_handshake_description_t htype,
 				      const void *iptr, size_t n)
 {
     size_t left;
@@ -898,7 +898,7 @@ ssize_t _gnutls_handshake_io_send_int(gnutls_session_t session,
  */
 ssize_t _gnutls_handshake_io_recv_int(gnutls_session_t session,
 				      content_type_t type,
-				      handshake_t htype, void *iptr,
+				      gnutls_handshake_description_t htype, void *iptr,
 				      size_t sizeOfPtr)
 {
     size_t left;
diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h
index 82114973d2..121311186f 100644
--- a/lib/gnutls_buffers.h
+++ b/lib/gnutls_buffers.h
@@ -56,9 +56,9 @@ int _gnutls_handshake_buffer_get_ptr(gnutls_session_t session,
         session->internals.handshake_send_buffer_prev_size = 0
 
 ssize_t _gnutls_handshake_io_recv_int(gnutls_session_t, content_type_t,
-				      handshake_t, void *, size_t);
+				      gnutls_handshake_description_t, void *, size_t);
 ssize_t _gnutls_handshake_io_send_int(gnutls_session_t, content_type_t,
-				      handshake_t, const void *, size_t);
+				      gnutls_handshake_description_t, const void *, size_t);
 ssize_t _gnutls_io_write_flush(gnutls_session_t session);
 ssize_t _gnutls_handshake_io_write_flush(gnutls_session_t session);
 
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 7077404acc..d956986732 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -45,8 +45,6 @@
 #include "x509/x509.h"
 #include "x509/mpi.h"
 
-void gnutls_certificate_free_crls(gnutls_certificate_credentials_t sc);
-
 /**
   * gnutls_certificate_free_keys - Used to free all the keys from a gnutls_certificate_credentials_t structure
   * @sc: is an #gnutls_certificate_credentials_t structure.
@@ -403,7 +401,7 @@ int _gnutls_openpgp_cert_verify_peers(gnutls_session_t session,
 				      unsigned int *status)
 {
     cert_auth_info_t info;
-    const gnutls_certificate_credentials_t cred;
+    gnutls_certificate_credentials_t cred;
     int peer_certificate_list_size, ret;
 
     CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h
index a9d553d070..3298c96e5a 100644
--- a/lib/gnutls_cert.h
+++ b/lib/gnutls_cert.h
@@ -27,7 +27,6 @@
 
 #include <gnutls_pk.h>
 #include <libtasn1.h>
-#include <gnutls_ui.h>
 #include "x509/x509.h"
 
 #define MAX_PUBLIC_PARAMS_SIZE 4	/* ok for RSA and DSA */
diff --git a/lib/gnutls_dh.h b/lib/gnutls_dh.h
index 3b49209412..ae69a44ab9 100644
--- a/lib/gnutls_dh.h
+++ b/lib/gnutls_dh.h
@@ -26,4 +26,3 @@ const mpi_t *_gnutls_get_dh_params(gnutls_dh_params_t);
 mpi_t gnutls_calc_dh_secret(mpi_t * ret_x, mpi_t g, mpi_t prime);
 mpi_t gnutls_calc_dh_key(mpi_t f, mpi_t x, mpi_t prime);
 int _gnutls_dh_generate_prime(mpi_t * ret_g, mpi_t * ret_n, uint bits);
-void gnutls_dh_params_deinit(gnutls_dh_params_t dh_params);
diff --git a/lib/gnutls_errors_int.h b/lib/gnutls_errors_int.h
index 5f853b44f4..d9fd66c9eb 100644
--- a/lib/gnutls_errors_int.h
+++ b/lib/gnutls_errors_int.h
@@ -22,139 +22,7 @@
  *
  */
 
-#ifndef GNUTLS_ERRORS_IH
-# define GNUTLS_ERRORS_IH
-
-/* Gnutls error codes. The mapping to a TLS alert is also shown in
- * comments.
- */
-
-#define GNUTLS_E_SUCCESS 0
-#define	GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
-#define	GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
-#define	GNUTLS_E_LARGE_PACKET -7
-#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8	/* GNUTLS_A_PROTOCOL_VERSION */
-#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9	/* GNUTLS_A_RECORD_OVERFLOW */
-#define GNUTLS_E_INVALID_SESSION -10
-#define GNUTLS_E_FATAL_ALERT_RECEIVED -12
-#define GNUTLS_E_UNEXPECTED_PACKET -15	/* GNUTLS_A_UNEXPECTED_MESSAGE */
-#define GNUTLS_E_WARNING_ALERT_RECEIVED -16
-#define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18
-#define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19
-#define	GNUTLS_E_UNKNOWN_CIPHER_SUITE -21	/* GNUTLS_A_HANDSHAKE_FAILURE */
-#define	GNUTLS_E_UNWANTED_ALGORITHM -22
-#define	GNUTLS_E_MPI_SCAN_FAILED -23
-#define GNUTLS_E_DECRYPTION_FAILED -24	/* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
-#define GNUTLS_E_MEMORY_ERROR -25
-#define GNUTLS_E_DECOMPRESSION_FAILED -26	/* GNUTLS_A_DECOMPRESSION_FAILURE */
-#define GNUTLS_E_COMPRESSION_FAILED -27
-#define GNUTLS_E_AGAIN -28
-#define GNUTLS_E_EXPIRED -29
-#define GNUTLS_E_DB_ERROR -30
-#define GNUTLS_E_SRP_PWD_ERROR -31
-#define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32
-#define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS	/* for backwards compatibility only */
-#define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS
-#define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS	/* for backwards compatibility only */
-
-#define GNUTLS_E_HASH_FAILED -33
-#define GNUTLS_E_BASE64_DECODING_ERROR -34
-
-#define	GNUTLS_E_MPI_PRINT_FAILED -35
-#define GNUTLS_E_REHANDSHAKE -37	/* GNUTLS_A_NO_RENEGOTIATION */
-#define GNUTLS_E_GOT_APPLICATION_DATA -38
-#define GNUTLS_E_RECORD_LIMIT_REACHED -39
-#define GNUTLS_E_ENCRYPTION_FAILED -40
-
-#define GNUTLS_E_PK_ENCRYPTION_FAILED -44
-#define GNUTLS_E_PK_DECRYPTION_FAILED -45
-#define GNUTLS_E_PK_SIGN_FAILED -46
-#define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47
-#define GNUTLS_E_KEY_USAGE_VIOLATION -48
-#define GNUTLS_E_NO_CERTIFICATE_FOUND -49	/* GNUTLS_A_BAD_CERTIFICATE */
-#define GNUTLS_E_INVALID_REQUEST -50
-#define GNUTLS_E_SHORT_MEMORY_BUFFER -51
-#define GNUTLS_E_INTERRUPTED -52
-#define GNUTLS_E_PUSH_ERROR -53
-#define GNUTLS_E_PULL_ERROR -54
-#define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55	/* GNUTLS_A_ILLEGAL_PARAMETER */
-#define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56
-#define GNUTLS_E_PKCS1_WRONG_PAD -57
-#define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58
-#define GNUTLS_E_INTERNAL_ERROR -59
-#define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63
-#define GNUTLS_E_FILE_ERROR -64
-#define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78
-#define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80
-
-
-/* returned if libextra functionality was requested but
- * gnutls_global_init_extra() was not called.
- */
-#define GNUTLS_E_INIT_LIBEXTRA -82
-#define GNUTLS_E_LIBRARY_VERSION_MISMATCH -83
-
-
-/* returned if you need to generate temporary RSA 
- * parameters. These are needed for export cipher suites.
- */
-#define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84
-
-#define GNUTLS_E_LZO_INIT_FAILED -85
-#define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86
-#define GNUTLS_E_NO_CIPHER_SUITES -87
-
-#define GNUTLS_E_OPENPGP_GETKEY_FAILED -88
-#define GNUTLS_E_PK_SIG_VERIFY_FAILED -89
-
-#define GNUTLS_E_ILLEGAL_SRP_USERNAME -90
-#define GNUTLS_E_SRP_PWD_PARSING_ERROR -91
-#define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93
-
-/* For certificate and key stuff
- */
-#define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67
-#define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68
-#define GNUTLS_E_ASN1_DER_ERROR -69
-#define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70
-#define GNUTLS_E_ASN1_GENERIC_ERROR -71
-#define GNUTLS_E_ASN1_VALUE_NOT_VALID -72
-#define GNUTLS_E_ASN1_TAG_ERROR -73
-#define GNUTLS_E_ASN1_TAG_IMPLICIT -74
-#define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75
-#define GNUTLS_E_ASN1_SYNTAX_ERROR -76
-#define GNUTLS_E_ASN1_DER_OVERFLOW -77
-#define GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED -81
-#define GNUTLS_E_OPENPGP_UID_REVOKED -79
-#define GNUTLS_E_CERTIFICATE_ERROR -43
-#define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR
-#define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
-#define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61	/* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
-#define GNUTLS_E_X509_UNKNOWN_SAN -62
-#define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94
-#define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95
-#define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96
-#define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97
-#define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98
-#define GNUTLS_E_INVALID_PASSWORD -99
-#define GNUTLS_E_MAC_VERIFY_FAILED -100	/* for PKCS #12 MAC */
-#define GNUTLS_E_CONSTRAINT_ERROR -101
-
-#define GNUTLS_E_BASE64_ENCODING_ERROR -201
-#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202	/* obsolete */
-#define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202
-#define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203
-
-#define GNUTLS_E_OPENPGP_KEYRING_ERROR -204
-#define GNUTLS_E_X509_UNSUPPORTED_OID -205
-
-#define GNUTLS_E_RANDOM_FAILED -206
-
-#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
-
 /* _INT_ internal errors. Not exported */
 
 #define GNUTLS_E_INT_RET_0 -1251
 #define GNUTLS_E_INT_HANDSHAKE_AGAIN -1252
-
-#endif				/* GNUTLS_ERRORS_IH */
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 5e1770dd46..385ca9cc61 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -459,7 +459,7 @@ int _gnutls_send_finished(gnutls_session_t session, int again)
     }
 
     ret =
-	_gnutls_send_handshake(session, data, data_size, GNUTLS_FINISHED);
+	_gnutls_send_handshake(session, data, data_size, GNUTLS_HANDSHAKE_FINISHED);
 
     return ret;
 }
@@ -476,7 +476,7 @@ int _gnutls_recv_finished(gnutls_session_t session)
 
     ret =
 	_gnutls_recv_handshake(session, &vrfy, &vrfysize,
-			       GNUTLS_FINISHED, MANDATORY_PACKET);
+			       GNUTLS_HANDSHAKE_FINISHED, MANDATORY_PACKET);
     if (ret < 0) {
 	ERR("recv finished int", ret);
 	gnutls_assert();
@@ -728,7 +728,7 @@ int _gnutls_server_select_comp_method(gnutls_session_t session,
  * (until it returns ok), with NULL parameters.
  */
 int _gnutls_send_empty_handshake(gnutls_session_t session,
-				 handshake_t type, int again)
+				 gnutls_handshake_description_t type, int again)
 {
     opaque data = 0;
     opaque *ptr;
@@ -746,7 +746,7 @@ int _gnutls_send_empty_handshake(gnutls_session_t session,
  */
 static
 int _gnutls_handshake_hash_add_sent(gnutls_session_t session,
-				    handshake_t type, opaque * dataptr,
+				    gnutls_handshake_description_t type, opaque * dataptr,
 				    uint32 datalen)
 {
     int ret;
@@ -756,7 +756,7 @@ int _gnutls_handshake_hash_add_sent(gnutls_session_t session,
 	return ret;
     }
 
-    if (type != GNUTLS_HELLO_REQUEST) {
+    if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) {
 	_gnutls_hash(session->internals.handshake_mac_handle_sha, dataptr,
 		     datalen);
 	_gnutls_hash(session->internals.handshake_mac_handle_md5, dataptr,
@@ -773,7 +773,7 @@ int _gnutls_handshake_hash_add_sent(gnutls_session_t session,
  * (until it returns ok), with NULL parameters.
  */
 int _gnutls_send_handshake(gnutls_session_t session, void *i_data,
-			   uint32 i_datasize, handshake_t type)
+			   uint32 i_datasize, gnutls_handshake_description_t type)
 {
     int ret;
     uint8 *data;
@@ -815,7 +815,7 @@ int _gnutls_send_handshake(gnutls_session_t session, void *i_data,
 
     /* Here we keep the handshake messages in order to hash them...
      */
-    if (type != GNUTLS_HELLO_REQUEST)
+    if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
 	if ((ret =
 	     _gnutls_handshake_hash_add_sent(session, type, data,
 					     datasize)) < 0) {
@@ -843,8 +843,8 @@ int _gnutls_send_handshake(gnutls_session_t session, void *i_data,
  */
 #define SSL2_HEADERS 1
 static int _gnutls_recv_handshake_header(gnutls_session_t session,
-					 handshake_t type,
-					 handshake_t * recv_type)
+					 gnutls_handshake_description_t type,
+					 gnutls_handshake_description_t * recv_type)
 {
     int ret;
     uint32 length32 = 0;
@@ -857,7 +857,7 @@ static int _gnutls_recv_handshake_header(gnutls_session_t session,
      */
     if (session->internals.handshake_header_buffer.header_size ==
 	handshake_header_size || (session->internals.v2_hello != 0
-				  && type == GNUTLS_CLIENT_HELLO
+				  && type == GNUTLS_HANDSHAKE_CLIENT_HELLO
 				  && session->internals.
 				  handshake_header_buffer.
 				  packet_length > 0)) {
@@ -894,7 +894,7 @@ static int _gnutls_recv_handshake_header(gnutls_session_t session,
 	    header_size = SSL2_HEADERS;
     }
 
-    if (session->internals.v2_hello == 0 || type != GNUTLS_CLIENT_HELLO) {
+    if (session->internals.v2_hello == 0 || type != GNUTLS_HANDSHAKE_CLIENT_HELLO) {
 	ret =
 	    _gnutls_handshake_io_recv_int(session, GNUTLS_HANDSHAKE,
 					  type,
@@ -939,7 +939,7 @@ static int _gnutls_recv_handshake_header(gnutls_session_t session,
 			      session, _gnutls_handshake2str(*recv_type),
 			      length32 + handshake_header_size);
 
-	if (*recv_type != GNUTLS_CLIENT_HELLO) {	/* it should be one or nothing */
+	if (*recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO) {	/* it should be one or nothing */
 	    gnutls_assert();
 	    return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
 	}
@@ -968,7 +968,7 @@ static int _gnutls_recv_handshake_header(gnutls_session_t session,
  */
 static
 int _gnutls_handshake_hash_add_recvd(gnutls_session_t session,
-				     handshake_t recv_type,
+				     gnutls_handshake_description_t recv_type,
 				     opaque * header, uint16 header_size,
 				     opaque * dataptr, uint32 datalen)
 {
@@ -984,7 +984,7 @@ int _gnutls_handshake_hash_add_recvd(gnutls_session_t session,
     }
 
     /* here we buffer the handshake messages - needed at Finished message */
-    if (recv_type != GNUTLS_HELLO_REQUEST) {
+    if (recv_type != GNUTLS_HANDSHAKE_HELLO_REQUEST) {
 
 	if ((ret =
 	     _gnutls_handshake_buffer_put(session,
@@ -1013,13 +1013,13 @@ int _gnutls_handshake_hash_add_recvd(gnutls_session_t session,
  * passed to _gnutls_recv_hello().
  */
 int _gnutls_recv_handshake(gnutls_session_t session, uint8 ** data,
-			   int *datalen, handshake_t type,
+			   int *datalen, gnutls_handshake_description_t type,
 			   Optional optional)
 {
     int ret;
     uint32 length32 = 0;
     opaque *dataptr = NULL;
-    handshake_t recv_type;
+    gnutls_handshake_description_t recv_type;
 
     ret = _gnutls_recv_handshake_header(session, type, &recv_type);
     if (ret < 0) {
@@ -1029,7 +1029,7 @@ int _gnutls_recv_handshake(gnutls_session_t session, uint8 ** data,
 	 */
 	if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED &&
 	    gnutls_alert_get(session) == GNUTLS_A_MISSING_SRP_USERNAME &&
-	    type == GNUTLS_SERVER_HELLO) {
+	    type == GNUTLS_HANDSHAKE_SERVER_HELLO) {
 	    gnutls_assert();
 	    return GNUTLS_E_INT_HANDSHAKE_AGAIN;
 	}
@@ -1052,7 +1052,7 @@ int _gnutls_recv_handshake(gnutls_session_t session, uint8 ** data,
 
     if (length32 > 0)
 	dataptr = gnutls_malloc(length32);
-    else if (recv_type != GNUTLS_SERVER_HELLO_DONE) {
+    else if (recv_type != GNUTLS_HANDSHAKE_SERVER_HELLO_DONE) {
 	gnutls_assert();
 	return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
     }
@@ -1099,8 +1099,8 @@ int _gnutls_recv_handshake(gnutls_session_t session, uint8 ** data,
     _gnutls_handshake_header_buffer_clear(session);
 
     switch (recv_type) {
-    case GNUTLS_CLIENT_HELLO:
-    case GNUTLS_SERVER_HELLO:
+    case GNUTLS_HANDSHAKE_CLIENT_HELLO:
+    case GNUTLS_HANDSHAKE_SERVER_HELLO:
 	ret = _gnutls_recv_hello(session, dataptr, length32);
 	/* dataptr is freed because the caller does not
 	 * need it */
@@ -1108,18 +1108,18 @@ int _gnutls_recv_handshake(gnutls_session_t session, uint8 ** data,
 	if (data != NULL)
 	    *data = NULL;
 	break;
-    case GNUTLS_SERVER_HELLO_DONE:
+    case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
 	if (length32 == 0)
 	    ret = 0;
 	else
 	    ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
 	break;
-    case GNUTLS_CERTIFICATE_PKT:
-    case GNUTLS_FINISHED:
-    case GNUTLS_SERVER_KEY_EXCHANGE:
-    case GNUTLS_CLIENT_KEY_EXCHANGE:
-    case GNUTLS_CERTIFICATE_REQUEST:
-    case GNUTLS_CERTIFICATE_VERIFY:
+    case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
+    case GNUTLS_HANDSHAKE_FINISHED:
+    case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
+    case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
+    case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
+    case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
 	ret = length32;
 	break;
     default:
@@ -1659,7 +1659,7 @@ static int _gnutls_send_client_hello(gnutls_session_t session, int again)
 
     ret =
 	_gnutls_send_handshake(session, data, datalen,
-			       GNUTLS_CLIENT_HELLO);
+			       GNUTLS_HANDSHAKE_CLIENT_HELLO);
     gnutls_free(data);
 
     return ret;
@@ -1767,7 +1767,7 @@ static int _gnutls_send_server_hello(gnutls_session_t session, int again)
 
     ret =
 	_gnutls_send_handshake(session, data, datalen,
-			       GNUTLS_SERVER_HELLO);
+			       GNUTLS_HANDSHAKE_SERVER_HELLO);
     gnutls_afree(data);
 
     return ret;
@@ -1867,7 +1867,7 @@ int gnutls_rehandshake(gnutls_session_t session)
 	return GNUTLS_E_INVALID_REQUEST;
 
     ret =
-	_gnutls_send_empty_handshake(session, GNUTLS_HELLO_REQUEST,
+	_gnutls_send_empty_handshake(session, GNUTLS_HANDSHAKE_HELLO_REQUEST,
 				     AGAIN(STATE50));
     STATE = STATE50;
 
@@ -2046,7 +2046,7 @@ int _gnutls_handshake_client(gnutls_session_t session)
 	/* receive the server hello */
 	ret =
 	    _gnutls_recv_handshake(session, NULL, NULL,
-				   GNUTLS_SERVER_HELLO, MANDATORY_PACKET);
+				   GNUTLS_HANDSHAKE_SERVER_HELLO, MANDATORY_PACKET);
 	STATE = STATE2;
 	IMED_RET("recv hello", ret);
 
@@ -2078,7 +2078,7 @@ int _gnutls_handshake_client(gnutls_session_t session)
 	if (session->internals.resumed == RESUME_FALSE)	/* if we are not resuming */
 	    ret =
 		_gnutls_recv_handshake(session, NULL, NULL,
-				       GNUTLS_SERVER_HELLO_DONE,
+				       GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
 				       MANDATORY_PACKET);
 	STATE = STATE6;
 	IMED_RET("recv server hello done", ret);
@@ -2238,7 +2238,7 @@ int _gnutls_handshake_server(gnutls_session_t session)
     case STATE1:
 	ret =
 	    _gnutls_recv_handshake(session, NULL, NULL,
-				   GNUTLS_CLIENT_HELLO, MANDATORY_PACKET);
+				   GNUTLS_HANDSHAKE_CLIENT_HELLO, MANDATORY_PACKET);
 	STATE = STATE1;
 	IMED_RET("recv hello", ret);
 
@@ -2277,7 +2277,7 @@ int _gnutls_handshake_server(gnutls_session_t session)
 	if (session->internals.resumed == RESUME_FALSE)	/* if we are not resuming */
 	    ret =
 		_gnutls_send_empty_handshake(session,
-					     GNUTLS_SERVER_HELLO_DONE,
+					     GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
 					     AGAIN(STATE6));
 	STATE = STATE6;
 	IMED_RET("send server hello done", ret);
@@ -2377,7 +2377,7 @@ int _gnutls_recv_hello_request(gnutls_session_t session, void *data,
 	return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
     }
     type = ((uint8 *) data)[0];
-    if (type == GNUTLS_HELLO_REQUEST)
+    if (type == GNUTLS_HANDSHAKE_HELLO_REQUEST)
 	return GNUTLS_E_REHANDSHAKE;
     else {
 	gnutls_assert();
@@ -2394,8 +2394,6 @@ inline static int check_server_params(gnutls_session_t session,
 				      int alg_size)
 {
     int cred_type;
-    const gnutls_certificate_credentials_t x509_cred;
-    const gnutls_anon_server_credentials_t anon_cred;
     gnutls_dh_params_t dh_params = NULL;
     gnutls_rsa_params_t rsa_params = NULL;
     int j, remove;
@@ -2405,7 +2403,8 @@ inline static int check_server_params(gnutls_session_t session,
     /* Read the Diffie Hellman parameters, if any.
      */
     if (cred_type == GNUTLS_CRD_CERTIFICATE) {
-	x509_cred = _gnutls_get_cred(session->key, cred_type, NULL);
+      const gnutls_certificate_credentials_t x509_cred =
+	_gnutls_get_cred(session->key, cred_type, NULL);
 
 	if (x509_cred != NULL) {
 	    dh_params =
@@ -2430,7 +2429,8 @@ inline static int check_server_params(gnutls_session_t session,
 
 #ifdef ENABLE_ANON
     } else if (cred_type == GNUTLS_CRD_ANON) {
-	anon_cred = _gnutls_get_cred(session->key, cred_type, NULL);
+      const gnutls_anon_server_credentials_t anon_cred =
+	_gnutls_get_cred(session->key, cred_type, NULL);
 
 	if (anon_cred != NULL) {
 	    dh_params = _gnutls_anon_get_dh_params(anon_cred, session);
@@ -2473,7 +2473,7 @@ int _gnutls_remove_unwanted_ciphersuites(gnutls_session_t session,
     int ret = 0;
     cipher_suite_st *newSuite, cs;
     int newSuiteSize = 0, i, remove;
-    const gnutls_certificate_credentials_t x509_cred;
+    gnutls_certificate_credentials_t x509_cred;
     gnutls_kx_algorithm_t kx;
     int server =
 	session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
diff --git a/lib/gnutls_handshake.h b/lib/gnutls_handshake.h
index dcc28c3d8a..7e04608c20 100644
--- a/lib/gnutls_handshake.h
+++ b/lib/gnutls_handshake.h
@@ -25,7 +25,7 @@
 typedef enum Optional { OPTIONAL_PACKET, MANDATORY_PACKET } Optional;
 
 int _gnutls_send_handshake(gnutls_session_t session, void *i_data,
-			   uint32 i_datasize, handshake_t type);
+			   uint32 i_datasize, gnutls_handshake_description_t type);
 int gnutls_send_hello_request(gnutls_session_t session);
 int _gnutls_recv_hello_request(gnutls_session_t session, void *data,
 			       uint32 data_size);
@@ -34,7 +34,7 @@ int _gnutls_recv_hello(gnutls_session_t session, opaque * data,
 		       int datalen);
 int gnutls_handshake(gnutls_session_t session);
 int _gnutls_recv_handshake(gnutls_session_t session, uint8 **, int *,
-			   handshake_t, Optional optional);
+			   gnutls_handshake_description_t, Optional optional);
 int _gnutls_generate_session_id(opaque * session_id, uint8 * len);
 int _gnutls_handshake_common(gnutls_session_t session);
 int _gnutls_handshake_client(gnutls_session_t session);
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 27fa306a3a..be6bb611d6 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -26,6 +26,8 @@
 
 #define GNUTLS_INT_H
 
+#include <gnutls/gnutls.h>
+
 #include <defines.h>
 
 /*
@@ -41,11 +43,6 @@
 #define DEBUG
 */
 
-/* It might be a good idea to replace int with void*
- * here.
- */
-typedef void *gnutls_transport_ptr_t;
-
 #define MAX32 4294967295
 #define MAX24 16777215
 #define MAX16 65535
@@ -101,7 +98,6 @@ typedef void *gnutls_transport_ptr_t;
 #define DEFAULT_VERIFY_BITS 8200
 
 #include <gnutls_mem.h>
-#include <gnutls_ui.h>
 
 #define DECR_LEN(len, x) do { len-=x; if (len<0) {gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;} } while (0)
 #define DECR_LENGTH_RET(len, x, RET) do { len-=x; if (len<0) {gnutls_assert(); return RET;} } while (0)
@@ -112,59 +108,17 @@ typedef struct {
     opaque pint[3];
 } uint24;
 
-typedef struct {
-    opaque *data;
-    unsigned int size;
-} gnutls_datum_t;
-
 #include <gnutls_mpi.h>
 
 typedef enum change_cipher_spec_t { GNUTLS_TYPE_CHANGE_CIPHER_SPEC = 1
 } change_cipher_spec_t;
 
-typedef enum gnutls_certificate_status {
-    GNUTLS_CERT_INVALID = 2,	/* will be set if the certificate
-				 * was not verified.
-				 */
-    GNUTLS_CERT_REVOKED = 32,	/* in X.509 this will be set only if CRLs are checked
-				 */
-
-    /* Those are extra information about the verification
-     * process. Will be set only if the certificate was 
-     * not verified.
-     */
-    GNUTLS_CERT_SIGNER_NOT_FOUND = 64,
-    GNUTLS_CERT_SIGNER_NOT_CA = 128
-} gnutls_certificate_status_t;
-
-typedef enum gnutls_certificate_request { GNUTLS_CERT_IGNORE,
-    GNUTLS_CERT_REQUEST = 1, GNUTLS_CERT_REQUIRE
-} gnutls_certificate_request_t;
-
-typedef enum gnutls_openpgp_key_status { GNUTLS_OPENPGP_KEY,
-    GNUTLS_OPENPGP_KEY_FINGERPRINT
-} gnutls_openpgp_key_status_t;
-
-typedef enum gnutls_close_request_t {
-    GNUTLS_SHUT_RDWR = 0, GNUTLS_SHUT_WR = 1
-} gnutls_close_request_t;
-
 typedef enum handshake_state_t { STATE0 = 0, STATE1, STATE2,
     STATE3, STATE4, STATE5,
     STATE6, STATE7, STATE8, STATE9, STATE20 = 20, STATE21,
     STATE30 = 30, STATE31, STATE50 = 50, STATE60 = 60, STATE61, STATE62
 } handshake_state_t;
 
-typedef enum handshake_t { GNUTLS_HELLO_REQUEST,
-    GNUTLS_CLIENT_HELLO, GNUTLS_SERVER_HELLO,
-    GNUTLS_CERTIFICATE_PKT = 11, GNUTLS_SERVER_KEY_EXCHANGE,
-    GNUTLS_CERTIFICATE_REQUEST, GNUTLS_SERVER_HELLO_DONE,
-    GNUTLS_CERTIFICATE_VERIFY, GNUTLS_CLIENT_KEY_EXCHANGE,
-    GNUTLS_FINISHED = 20
-} handshake_t;
-
-typedef handshake_t gnutls_handshake_description_t;
-
 #include <gnutls_buffer.h>
 
 /* This is the maximum number of algorithms (ciphers or macs etc).
@@ -174,52 +128,11 @@ typedef handshake_t gnutls_handshake_description_t;
 
 #define MAX_CIPHERSUITES 256
 
-
-typedef enum gnutls_cipher_algorithm { GNUTLS_CIPHER_NULL = 1,
-    GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_3DES_CBC,
-    GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC,
-    GNUTLS_CIPHER_ARCFOUR_40,
-    GNUTLS_CIPHER_RC2_40_CBC = 90, GNUTLS_CIPHER_DES_CBC
-} gnutls_cipher_algorithm_t;
-
-typedef enum gnutls_kx_algorithm { GNUTLS_KX_RSA = 1, GNUTLS_KX_DHE_DSS,
-    GNUTLS_KX_DHE_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_SRP,
-    GNUTLS_KX_RSA_EXPORT, GNUTLS_KX_SRP_RSA, GNUTLS_KX_SRP_DSS
-} gnutls_kx_algorithm_t;
-
-typedef enum gnutls_params_type { GNUTLS_PARAMS_RSA_EXPORT = 1,
-    GNUTLS_PARAMS_DH
-} gnutls_params_type_t;
-
-typedef enum gnutls_mac_algorithm { GNUTLS_MAC_UNKNOWN = 0,
-    GNUTLS_MAC_NULL = 1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA1,
-    GNUTLS_MAC_RMD160
-} gnutls_mac_algorithm_t;
-typedef gnutls_mac_algorithm_t gnutls_digest_algorithm_t;
-
-typedef enum gnutls_compression_method {
-    GNUTLS_COMP_NULL = 1, GNUTLS_COMP_DEFLATE,
-    GNUTLS_COMP_LZO
-} gnutls_compression_method_t;
-
-typedef enum gnutls_connection_end {
-    GNUTLS_SERVER = 1, GNUTLS_CLIENT
-} gnutls_connection_end_t;
-
 typedef enum extensions_t { GNUTLS_EXTENSION_SERVER_NAME = 0,
     GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1, GNUTLS_EXTENSION_SRP = 6,
     GNUTLS_EXTENSION_CERT_TYPE = 7
 } extensions_t;
 
-typedef enum gnutls_credentials_type {
-    GNUTLS_CRD_CERTIFICATE = 1, GNUTLS_CRD_ANON,
-    GNUTLS_CRD_SRP
-} gnutls_credentials_type_t;
-
-typedef enum gnutls_certificate_type {
-    GNUTLS_CRT_X509 = 1, GNUTLS_CRT_OPENPGP
-} gnutls_certificate_type_t;
-
 typedef enum { CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t;
 
 typedef enum valid_session_t { VALID_TRUE, VALID_FALSE } valid_session_t;
@@ -233,40 +146,16 @@ typedef enum content_type_t {
     GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA
 } content_type_t;
 
-typedef enum gnutls_x509_crt_fmt {
-    GNUTLS_X509_FMT_DER,
-    GNUTLS_X509_FMT_PEM
-} gnutls_x509_crt_fmt_t;
-
-typedef enum gnutls_pk_algorithm {
-    GNUTLS_PK_UNKNOWN = 0, GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA
-} gnutls_pk_algorithm_t;
-
 #define GNUTLS_PK_ANY (gnutls_pk_algorithm_t)-1
 #define GNUTLS_PK_NONE (gnutls_pk_algorithm_t)-2
 
-typedef enum gnutls_sign_algorithm {
-    GNUTLS_SIGN_UNKNOWN = 0,
-    GNUTLS_SIGN_RSA_SHA1 = 1, GNUTLS_SIGN_DSA_SHA1,
-    GNUTLS_SIGN_RSA_MD5, GNUTLS_SIGN_RSA_MD2, GNUTLS_SIGN_RSA_RMD160
-} gnutls_sign_algorithm_t;
-
 /* STATE (stop) */
 
 typedef void (*LOG_FUNC) (int, const char *);
 
-/* Pull & Push functions defines: 
- */
-typedef ssize_t(*gnutls_pull_func)(gnutls_transport_ptr_t, void *, size_t);
-typedef ssize_t(*gnutls_push_func)(gnutls_transport_ptr_t, const void *,size_t);
-
 
 /* Store & Retrieve functions defines: 
  */
-typedef int (*gnutls_db_store_func) (void *, gnutls_datum_t key,
-     gnutls_datum_t data);
-typedef int (*gnutls_db_remove_func) (void *, gnutls_datum_t key);
-typedef gnutls_datum_t(*gnutls_db_retr_func) (void *, gnutls_datum_t key);
 
 typedef struct auth_cred_st {
     gnutls_credentials_type_t algorithm;
@@ -335,23 +224,11 @@ typedef struct {
     uint8 suite[2];
 } cipher_suite_st;
 
-/* Versions should be in order of the oldest
- * (eg. SSL3 is before TLS1)
- */
-#define GNUTLS_TLS1 GNUTLS_TLS1_0
-typedef enum gnutls_protocol_version {
-    GNUTLS_SSL3 = 1, GNUTLS_TLS1_0,
-    GNUTLS_TLS1_1, GNUTLS_VERSION_UNKNOWN = 0xff
-} gnutls_protocol_t;
-
 /* This structure holds parameters got from TLS extension
  * mechanism. (some extensions may hold parameters in auth_info_t
  * structures also - see SRP).
  */
 
-typedef enum { GNUTLS_NAME_DNS = 1
-} gnutls_server_name_type_t;
-
 typedef struct {
     opaque name[MAX_SERVER_NAME_SIZE];
     uint name_length;
@@ -458,16 +335,12 @@ typedef struct {
 
 /* DH and RSA parameters types.
  */
-typedef struct {
+typedef struct gnutls_dh_params_int {
     /* [0] is the prime, [1] is the generator.
      */
     mpi_t params[2];
 } dh_params_st;
 
-#define gnutls_dh_params_t dh_params_st*
-
-#define gnutls_rsa_params_t gnutls_x509_privkey_t
-
 typedef struct {
     gnutls_dh_params_t anon_dh_params;
     int free_anon_dh_params;
@@ -477,15 +350,6 @@ typedef struct {
     int free_rsa_params;
 } internal_params_st;
 
-typedef struct gnutls_params_st {
-    gnutls_params_type_t type;
-    union params {
-	gnutls_dh_params_t dh;
-	gnutls_rsa_params_t rsa_export;
-    } params;
-    int deinit;
-} gnutls_params_st;
-
 
 
 typedef struct {
@@ -494,7 +358,7 @@ typedef struct {
     size_t header_size;
     /* this holds the length of the handshake packet */
     size_t packet_length;
-    handshake_t recv_type;
+    gnutls_handshake_description_t recv_type;
 } handshake_header_buffer_st;
 
 /* Openpgp key retrieval callback */
@@ -556,9 +420,9 @@ typedef struct {
     gnutls_buffer handshake_send_buffer;
     size_t handshake_send_buffer_prev_size;
     content_type_t handshake_send_buffer_type;
-    handshake_t handshake_send_buffer_htype;
+    gnutls_handshake_description_t handshake_send_buffer_htype;
     content_type_t handshake_recv_buffer_type;
-    handshake_t handshake_recv_buffer_htype;
+    gnutls_handshake_description_t handshake_recv_buffer_htype;
     gnutls_buffer handshake_recv_buffer;
 
     /* this buffer holds a record packet -mostly used for
@@ -720,8 +584,6 @@ struct gnutls_session_int {
     gnutls_key_st key;
 };
 
-typedef struct gnutls_session_int *gnutls_session_t;
-
 
 
 /* functions 
@@ -751,7 +613,4 @@ int gnutls_fingerprint(gnutls_digest_algorithm_t algo,
 		       const gnutls_datum_t * data, void *result,
 		       size_t * result_size);
 
-typedef int gnutls_params_function(gnutls_session_t, gnutls_params_type_t,
-				   gnutls_params_st *);
-
 #endif				/* GNUTLS_INT_H */
diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c
index 58676e2b3a..49c81e285e 100644
--- a/lib/gnutls_kx.c
+++ b/lib/gnutls_kx.c
@@ -142,7 +142,7 @@ int _gnutls_send_server_kx_message(gnutls_session_t session, int again)
 
     ret =
 	_gnutls_send_handshake(session, data, data_size,
-			       GNUTLS_SERVER_KEY_EXCHANGE);
+			       GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE);
     gnutls_free(data);
 
     if (ret < 0) {
@@ -184,7 +184,7 @@ int _gnutls_send_server_certificate_request(gnutls_session_t session,
     }
     ret =
 	_gnutls_send_handshake(session, data, data_size,
-			       GNUTLS_CERTIFICATE_REQUEST);
+			       GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST);
     gnutls_free(data);
 
     if (ret < 0) {
@@ -222,7 +222,7 @@ int _gnutls_send_client_kx_message(gnutls_session_t session, int again)
     }
     ret =
 	_gnutls_send_handshake(session, data, data_size,
-			       GNUTLS_CLIENT_KEY_EXCHANGE);
+			       GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE);
     gnutls_free(data);
 
     if (ret < 0) {
@@ -278,7 +278,7 @@ int _gnutls_send_client_certificate_verify(gnutls_session_t session,
     }
     ret =
 	_gnutls_send_handshake(session, data,
-			       data_size, GNUTLS_CERTIFICATE_VERIFY);
+			       data_size, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY);
     gnutls_free(data);
 
     return ret;
@@ -304,7 +304,7 @@ int _gnutls_recv_server_kx_message(gnutls_session_t session)
 	ret =
 	    _gnutls_recv_handshake(session, &data,
 				   &datasize,
-				   GNUTLS_SERVER_KEY_EXCHANGE,
+				   GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
 				   MANDATORY_PACKET);
 	if (ret < 0) {
 	    gnutls_assert();
@@ -337,7 +337,7 @@ int _gnutls_recv_server_certificate_request(gnutls_session_t session)
 	ret =
 	    _gnutls_recv_handshake(session, &data,
 				   &datasize,
-				   GNUTLS_CERTIFICATE_REQUEST,
+				   GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
 				   OPTIONAL_PACKET);
 	if (ret < 0)
 	    return ret;
@@ -370,7 +370,7 @@ int _gnutls_recv_client_kx_message(gnutls_session_t session)
 	ret =
 	    _gnutls_recv_handshake(session, &data,
 				   &datasize,
-				   GNUTLS_CLIENT_KEY_EXCHANGE,
+				   GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
 				   MANDATORY_PACKET);
 	if (ret < 0)
 	    return ret;
@@ -437,7 +437,7 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again)
 				 */
 	ret =
 	    _gnutls_send_handshake(session, data, data_size,
-				   GNUTLS_CERTIFICATE_PKT);
+				   GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
 	gnutls_free(data);
     }
 
@@ -478,7 +478,7 @@ int _gnutls_send_server_certificate(gnutls_session_t session, int again)
     }
     ret =
 	_gnutls_send_handshake(session, data, data_size,
-			       GNUTLS_CERTIFICATE_PKT);
+			       GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
     gnutls_free(data);
 
     if (ret < 0) {
@@ -514,7 +514,7 @@ int _gnutls_recv_client_certificate(gnutls_session_t session)
 	ret =
 	    _gnutls_recv_handshake(session, &data,
 				   &datasize,
-				   GNUTLS_CERTIFICATE_PKT, optional);
+				   GNUTLS_HANDSHAKE_CERTIFICATE_PKT, optional);
 	if (ret < 0) {
 	    if (optional == OPTIONAL_PACKET &&
 		ret == GNUTLS_E_WARNING_ALERT_RECEIVED &&
@@ -581,7 +581,7 @@ int _gnutls_recv_server_certificate(gnutls_session_t session)
 	ret =
 	    _gnutls_recv_handshake(session, &data,
 				   &datasize,
-				   GNUTLS_CERTIFICATE_PKT,
+				   GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
 				   MANDATORY_PACKET);
 	if (ret < 0) {
 	    gnutls_assert();
@@ -624,7 +624,7 @@ int _gnutls_recv_client_certificate_verify_message(gnutls_session_t
 	ret =
 	    _gnutls_recv_handshake(session, &data,
 				   &datasize,
-				   GNUTLS_CERTIFICATE_VERIFY,
+				   GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY,
 				   OPTIONAL_PACKET);
 	if (ret < 0)
 	    return ret;
diff --git a/lib/gnutls_mem.h b/lib/gnutls_mem.h
index 7f693310e9..ef04a388c5 100644
--- a/lib/gnutls_mem.h
+++ b/lib/gnutls_mem.h
@@ -55,11 +55,6 @@ typedef void svoid;		/* for functions that allocate using gnutls_secure_malloc *
 # endif
 #endif				/* HAVE_ALLOCA */
 
-typedef void *(*gnutls_alloc_function) (size_t);
-typedef int (*gnutls_is_secure_function) (const void *);
-typedef void (*gnutls_free_function) (void *);
-typedef void *(*gnutls_realloc_function) (void *, size_t);
-
 extern gnutls_alloc_function gnutls_secure_malloc;
 extern gnutls_alloc_function gnutls_malloc;
 extern gnutls_free_function gnutls_free;
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 4475136dd3..d8757382a7 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -254,12 +254,12 @@ inline static int session_is_valid(gnutls_session_t session)
  * version must have 2 bytes at least.
  */
 inline static
-void copy_record_version(gnutls_session_t session, handshake_t htype,
+void copy_record_version(gnutls_session_t session, gnutls_handshake_description_t htype,
 			 opaque version[2])
 {
     gnutls_protocol_t lver;
 
-    if (htype != GNUTLS_CLIENT_HELLO
+    if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO
 	|| session->internals.default_record_version[0] == 0) {
 	lver = gnutls_protocol_get_version(session);
 
@@ -286,7 +286,7 @@ void copy_record_version(gnutls_session_t session, handshake_t htype,
  *
  */
 ssize_t _gnutls_send_int(gnutls_session_t session, content_type_t type,
-			 handshake_t htype, const void *_data,
+			 gnutls_handshake_description_t htype, const void *_data,
 			 size_t sizeofdata)
 {
     uint8 *cipher;
@@ -494,7 +494,7 @@ static int check_buffers(gnutls_session_t session, content_type_t type,
  */
 static
 int record_check_headers(gnutls_session_t session,
-    uint8 headers[RECORD_HEADER_SIZE], content_type_t type, handshake_t htype,
+    uint8 headers[RECORD_HEADER_SIZE], content_type_t type, gnutls_handshake_description_t htype,
     /*output */ content_type_t * recv_type, opaque version[2], uint16 * length,
     uint16 * header_size)
 {
@@ -503,7 +503,7 @@ int record_check_headers(gnutls_session_t session,
      * version 2 message 
      */
 
-    if (htype == GNUTLS_CLIENT_HELLO && type == GNUTLS_HANDSHAKE
+    if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && type == GNUTLS_HANDSHAKE
 	&& headers[0] > 127) {
 
 	/* if msb set and expecting handshake message
@@ -547,9 +547,9 @@ int record_check_headers(gnutls_session_t session,
  */
 inline
     static int record_check_version(gnutls_session_t session,
-				    handshake_t htype, opaque version[2])
+				    gnutls_handshake_description_t htype, opaque version[2])
 {
-    if (htype == GNUTLS_CLIENT_HELLO) {
+    if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) {
 	/* Reject hello packets with major version higher than 3.
 	 */
 	if (version[0] > 3) {
@@ -559,7 +559,7 @@ inline
 		 htype, version[0], version[1]);
 	    return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
 	}
-    } else if (htype != GNUTLS_SERVER_HELLO &&
+    } else if (htype != GNUTLS_HANDSHAKE_SERVER_HELLO &&
 	       gnutls_protocol_get_version(session) !=
 	       _gnutls_version_get(version[0], version[1])) {
 	/* Reject record packets that have a different version than the
@@ -581,7 +581,7 @@ inline
  */
 static int record_check_type(gnutls_session_t session,
     content_type_t recv_type, content_type_t type,
-    handshake_t htype, opaque * data, int data_size)
+    gnutls_handshake_description_t htype, opaque * data, int data_size)
 {
 
     int ret;
@@ -648,7 +648,7 @@ static int record_check_type(gnutls_session_t session,
 	     * if expecting client hello (for rehandshake
 	     * reasons). Otherwise it is an unexpected packet
 	     */
-	    if (type==GNUTLS_ALERT || (htype == GNUTLS_CLIENT_HELLO
+	    if (type==GNUTLS_ALERT || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO
 		&& type == GNUTLS_HANDSHAKE))
 		return GNUTLS_E_GOT_APPLICATION_DATA;
 	    else {
@@ -736,10 +736,10 @@ inline
  * receive (if called by the user the Content is Userdata only)
  * It is intended to receive data, under the current session.
  *
- * The handshake_t was introduced to support SSL V2.0 client hellos.
+ * The gnutls_handshake_description_t was introduced to support SSL V2.0 client hellos.
  */
 ssize_t _gnutls_recv_int(gnutls_session_t session, content_type_t type,
-			 handshake_t htype, opaque * data,
+			 gnutls_handshake_description_t htype, opaque * data,
 			 size_t sizeofdata)
 {
     gnutls_datum_t tmp;
diff --git a/lib/gnutls_record.h b/lib/gnutls_record.h
index 53285dfdbe..05cf4e66fd 100644
--- a/lib/gnutls_record.h
+++ b/lib/gnutls_record.h
@@ -23,10 +23,10 @@
  */
 
 ssize_t _gnutls_send_int(gnutls_session_t session, content_type_t type,
-			 handshake_t htype, const void *data,
+			 gnutls_handshake_description_t htype, const void *data,
 			 size_t sizeofdata);
 ssize_t _gnutls_recv_int(gnutls_session_t session, content_type_t type,
-			 handshake_t, opaque * data, size_t sizeofdata);
+			 gnutls_handshake_description_t, opaque * data, size_t sizeofdata);
 ssize_t _gnutls_send_change_cipher_spec(gnutls_session_t session,
 					int again);
 void gnutls_transport_set_lowat(gnutls_session_t session, int num);
diff --git a/lib/gnutls_rsa_export.h b/lib/gnutls_rsa_export.h
index ff2f40d2e8..6b7641eca1 100644
--- a/lib/gnutls_rsa_export.h
+++ b/lib/gnutls_rsa_export.h
@@ -25,4 +25,4 @@
 const mpi_t *_gnutls_get_rsa_params(gnutls_rsa_params_t);
 int _gnutls_peers_cert_less_512(gnutls_session_t session);
 int _gnutls_rsa_generate_params(mpi_t * resarr, int *resarr_len, int bits);
-void gnutls_rsa_params_deinit(gnutls_rsa_params_t rsa_params);
+
diff --git a/lib/gnutls_session.h b/lib/gnutls_session.h
index 332cf5129d..18037c1543 100644
--- a/lib/gnutls_session.h
+++ b/lib/gnutls_session.h
@@ -21,9 +21,3 @@
  * USA
  *
  */
-
-int gnutls_session_set_data(gnutls_session_t session,
-			    const opaque * session_data,
-			    int session_data_size);
-int gnutls_session_get_data(gnutls_session_t session,
-			    opaque * session_data, int *session_data_size);
diff --git a/lib/gnutls_sig.h b/lib/gnutls_sig.h
index 732012886e..2bbb284d62 100644
--- a/lib/gnutls_sig.h
+++ b/lib/gnutls_sig.h
@@ -24,19 +24,29 @@
 
 #ifndef GNUTLS_SIG_H
 # define GNUTLS_SIG_H
-# include <auth_cert.h>
 
-gnutls_certificate_status_t gnutls_x509_verify_signature(gnutls_cert *
-    cert, gnutls_cert * issuer);
-int _gnutls_tls_sign_hdata(gnutls_session_t session, gnutls_cert * cert,
-    gnutls_privkey * pkey, gnutls_datum_t * signature);
-int _gnutls_tls_sign_params(gnutls_session_t session, gnutls_cert * cert,
-    gnutls_privkey * pkey, gnutls_datum_t * params, gnutls_datum_t * signature);
-int _gnutls_verify_sig_hdata(gnutls_session_t session, gnutls_cert * cert,
-    gnutls_datum_t * signature);
-int _gnutls_verify_sig_params(gnutls_session_t session, gnutls_cert * cert,
-    const gnutls_datum_t * params, gnutls_datum_t * signature);
-int _gnutls_sign(gnutls_pk_algorithm_t algo, mpi_t * params,
-    int params_size, const gnutls_datum_t * data, gnutls_datum_t * signature);
+int _gnutls_tls_sign_hdata(gnutls_session_t session,
+			   gnutls_cert * cert,
+			   gnutls_privkey * pkey,
+			   gnutls_datum_t * signature);
+
+int _gnutls_tls_sign_params(gnutls_session_t session,
+			    gnutls_cert * cert,
+			    gnutls_privkey * pkey,
+			    gnutls_datum_t * params,
+			    gnutls_datum_t * signature);
+
+int _gnutls_verify_sig_hdata(gnutls_session_t session,
+			     gnutls_cert * cert,
+			     gnutls_datum_t * signature);
+
+int _gnutls_verify_sig_params(gnutls_session_t session,
+			      gnutls_cert * cert,
+			      const gnutls_datum_t * params,
+			      gnutls_datum_t * signature);
+
+int _gnutls_sign(gnutls_pk_algorithm_t algo,
+		 mpi_t * params, int params_size,
+		 const gnutls_datum_t * data, gnutls_datum_t * signature);
 
 #endif
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 823b2ba691..41963109f2 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -124,7 +124,7 @@ int _gnutls_session_cert_type_supported(gnutls_session_t session,
 {
     uint i;
     uint cert_found = 0;
-    const gnutls_certificate_credentials_t cred;
+    gnutls_certificate_credentials_t cred;
 
     if (session->security_parameters.entity == GNUTLS_SERVER) {
 	cred =
diff --git a/lib/gnutls_state.h b/lib/gnutls_state.h
index 580a5ccdfe..e29e2569f1 100644
--- a/lib/gnutls_state.h
+++ b/lib/gnutls_state.h
@@ -51,7 +51,6 @@ int _gnutls_dh_set_peer_public(gnutls_session_t session, mpi_t public);
 int _gnutls_dh_set_group(gnutls_session_t session, mpi_t gen, mpi_t prime);
 
 int _gnutls_dh_get_allowed_prime_bits(gnutls_session_t session);
-void gnutls_dh_set_prime_bits(gnutls_session_t session, unsigned int bits);
 void _gnutls_handshake_internal_state_clear(gnutls_session_t);
 
 int _gnutls_rsa_export_set_pubkey(gnutls_session_t session, mpi_t exp,
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index 33380b75f8..0cb5507451 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -364,7 +364,7 @@ int gnutls_dh_get_peers_public_bits(gnutls_session_t session)
   **/
 const gnutls_datum_t *gnutls_certificate_get_ours(gnutls_session_t session)
 {
-    const gnutls_certificate_credentials_t cred;
+    gnutls_certificate_credentials_t cred;
 
     CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL);
 
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index e66a9790de..5f1bff16cc 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -98,7 +98,7 @@ int _gnutls_x509_cert_verify_peers(gnutls_session_t session,
 				   unsigned int *status)
 {
     cert_auth_info_t info;
-    const gnutls_certificate_credentials_t cred;
+    gnutls_certificate_credentials_t cred;
     gnutls_x509_crt_t *peer_certificate_list;
     int peer_certificate_list_size, i, x, ret;
 
diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c
index 3f6a02b41a..79b4fdf097 100644
--- a/lib/x509/crl_write.c
+++ b/lib/x509/crl_write.c
@@ -41,7 +41,6 @@
 #include <sign.h>
 #include <extensions.h>
 #include <libtasn1.h>
-#include <gnutls_ui.h>
 
 static void disable_optional_stuff(gnutls_x509_crl_t crl);
 
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index af55d81dce..e595b48259 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -41,7 +41,6 @@
 #include <sign.h>
 #include <extensions.h>
 #include <libtasn1.h>
-#include <gnutls_ui.h>
 
 /**
   * gnutls_x509_crq_init - This function initializes a gnutls_x509_crq_t structure
diff --git a/lib/x509/rfc2818_hostname.c b/lib/x509/rfc2818_hostname.c
index 488eacf4ad..e0bdaa12a7 100644
--- a/lib/x509/rfc2818_hostname.c
+++ b/lib/x509/rfc2818_hostname.c
@@ -22,7 +22,6 @@
  */
 
 #include <gnutls_int.h>
-#include <gnutls_ui.h>
 #include <compat.h>
 #include <x509.h>
 #include <dn.h>
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 534a232e5f..de4085794d 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -36,7 +36,6 @@
 #include <dn.h>
 #include <extensions.h>
 #include <libtasn1.h>
-#include <gnutls_ui.h>
 #include <mpi.h>
 #include <privkey.h>
 #include <verify.h>
diff --git a/lib/x509/x509.h b/lib/x509/x509.h
index dd93616240..386c6f2a4e 100644
--- a/lib/x509/x509.h
+++ b/lib/x509/x509.h
@@ -89,10 +89,6 @@ typedef struct gnutls_x509_privkey_int {
     ASN1_TYPE key;
 } gnutls_x509_privkey_int;
 
-typedef struct gnutls_x509_crt_int *gnutls_x509_crt_t;
-typedef struct gnutls_x509_crl_int *gnutls_x509_crl_t;
-typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey_t;
-
 int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert,
 					 const char *oid, int indx,
 					 unsigned int raw_flag, void *buf,
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c
index 3bf0c2d18b..453ca523c5 100644
--- a/lib/x509/x509_write.c
+++ b/lib/x509/x509_write.c
@@ -41,7 +41,6 @@
 #include <sign.h>
 #include <extensions.h>
 #include <libtasn1.h>
-#include <gnutls_ui.h>
 
 static void disable_optional_stuff(gnutls_x509_crt_t cert);
 
diff --git a/libextra/openpgp/openpgp.h b/libextra/openpgp/openpgp.h
index 4f9fa50684..eb9e3a73ed 100644
--- a/libextra/openpgp/openpgp.h
+++ b/libextra/openpgp/openpgp.h
@@ -28,8 +28,6 @@ typedef struct gnutls_openpgp_trustdb_int {
     cdk_stream_t st;
 } gnutls_openpgp_trustdb_int;
 
-typedef struct gnutls_openpgp_key_int *gnutls_openpgp_key_t;
-typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t;
 typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring_t;
 typedef struct gnutls_openpgp_trustdb_int *gnutls_openpgp_trustdb_t;