- I did a cleanup of the internal generic SSL layer and how the various SSL

  libraries are supported. Starting now, each underlying SSL library support
  code does a set of defines for the 16 functions the generic layer (sslgen.c)
  uses (all these new function defines use the prefix "curlssl_"). This
  greatly simplified the generic layer in readability by involving much less
  #ifdefs and other preprocessor stuff and should make it easier for people to
  make libcurl work with new SSL libraries.

  Hopefully I can later on document these 16 functions somewhat as well.

  I also made most of the internal SSL-dependent functions (using Curl_ssl_
  prefix) #defined to nothing when no SSL support is requested - previously
  they would unnecessarily call mostly empty functions.

9 files changed, 187 insertions, 345 deletions

diff --git a/CHANGES b/CHANGES
index bfe49f423..759221251 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,28 @@
                                   Changelog
 
 
+Daniel Stenberg (11 Jun 2008)
+- I did a cleanup of the internal generic SSL layer and how the various SSL
+  libraries are supported. Starting now, each underlying SSL library support
+  code does a set of defines for the 16 functions the generic layer (sslgen.c)
+  uses (all these new function defines use the prefix "curlssl_"). This
+  greatly simplified the generic layer in readability by involving much less
+  #ifdefs and other preprocessor stuff and should make it easier for people to
+  make libcurl work with new SSL libraries.
+
+  Hopefully I can later on document these 16 functions somewhat as well.
+
+  I also made most of the internal SSL-dependent functions (using Curl_ssl_
+  prefix) #defined to nothing when no SSL support is requested - previously
+  they would unnecessarily call mostly empty functions.
+
+  I've built libcurl with OpenSSL and GnuTLS and without SSL to test this and
+  I've also tried building with NSS but the NSS support is a mystery to me and
+  I failed to build libcurl with the NSS libraries I have installed. We really
+  should A) improve our configure script to detect unsuitable NSS versions
+  already at configure time and B) document our requirements better for the
+  SSL libraries.
+
 Daniel Stenberg (10 Jun 2008)
 - I made the OpenSSL code build again with OpenSSL 0.9.6. The CRLFILE
   functionality killed it due to its unconditional use of
diff --git a/lib/gtls.h b/lib/gtls.h
index ee560a9cb..49e39c563 100644
--- a/lib/gtls.h
+++ b/lib/gtls.h
@@ -22,6 +22,9 @@
  *
  * $Id$
  ***************************************************************************/
+
+#ifdef USE_GNUTLS
+
 int Curl_gtls_init(void);
 int Curl_gtls_cleanup(void);
 CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex);
@@ -45,4 +48,22 @@ void Curl_gtls_session_free(void *ptr);
 size_t Curl_gtls_version(char *buffer, size_t size);
 int Curl_gtls_shutdown(struct connectdata *conn, int sockindex);
 
+/* API setup for GnuTLS */
+#define curlssl_init Curl_gtls_init
+#define curlssl_cleanup Curl_gtls_cleanup
+#define curlssl_connect Curl_gtls_connect
+#define curlssl_session_free(x)  Curl_gtls_session_free(x)
+#define curlssl_close_all Curl_gtls_close_all
+#define curlssl_close Curl_gtls_close
+#define curlssl_shutdown(x,y) Curl_gtls_shutdown(x,y)
+#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_FAILED_INIT)
+#define curlssl_set_engine_default(x) (x=x, CURLE_FAILED_INIT)
+#define curlssl_engines_list(x) (x=x, NULL)
+#define curlssl_send Curl_gtls_send
+#define curlssl_recv Curl_gtls_recv
+#define curlssl_version Curl_gtls_version
+#define curlssl_check_cxn(x) (x=x, -1)
+#define curlssl_data_pending(x,y) (x=x, y=y, 0)
+
+#endif /* USE_GNUTLS */
 #endif
diff --git a/lib/nss.c b/lib/nss.c
index 97797842d..4267b2492 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -743,7 +743,8 @@ static void display_conn_info(struct connectdata *conn, PRFileDesc *sock)
  * issuer check, so we provide comments that mimic the OpenSSL
  * X509_check_issued function (in x509v3/v3_purp.c)
  */
-static SECStatus check_issuer_cert(struct connectdata *conn, PRFileDesc *sock,
+static SECStatus check_issuer_cert(struct connectdata *conn,
+                                   PRFileDesc *sock,
                                    char* issuer_nickname)
 {
   CERTCertificate *cert,*cert_issuer,*issuer;
diff --git a/lib/nssg.h b/lib/nssg.h
index 0dad7523d..0c6cd5d63 100644
--- a/lib/nssg.h
+++ b/lib/nssg.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -23,6 +23,7 @@
  * $Id$
  ***************************************************************************/
 
+#ifdef USE_NSS
 /*
  * This header should only be needed to get included by sslgen.c and nss.c
  */
@@ -56,4 +57,25 @@ size_t Curl_nss_version(char *buffer, size_t size);
 int Curl_nss_check_cxn(struct connectdata *cxn);
 int Curl_nss_seed(struct SessionHandle *data);
 
+/* API setup for NSS */
+#define curlssl_init Curl_nss_init
+#define curlssl_cleanup Curl_nss_cleanup
+#define curlssl_connect Curl_nss_connect
+
+/* NSS has its own session ID cache */
+#define curlssl_session_free(x)
+#define curlssl_close_all Curl_nss_close_all
+#define curlssl_close Curl_nss_close
+/* NSS has no shutdown function provided and thus always fail */
+#define curlssl_shutdown(x,y) (x=x, y=y, 1)
+#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_FAILED_INIT)
+#define curlssl_set_engine_default(x) (x=x, CURLE_FAILED_INIT)
+#define curlssl_engines_list(x) (x=x, NULL)
+#define curlssl_send Curl_nss_send
+#define curlssl_recv Curl_nss_recv
+#define curlssl_version Curl_nss_version
+#define curlssl_check_cxn(x) Curl_nss_check_cxn(x)
+#define curlssl_data_pending(x,y) (x=x, y=y, 0)
+
+#endif /* USE_NSS */
 #endif
diff --git a/lib/qssl.h b/lib/qssl.h
index ff3f6f56a..64b91347f 100644
--- a/lib/qssl.h
+++ b/lib/qssl.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -29,6 +29,7 @@
 
 #include "urldata.h"
 
+#ifdef USE_QSOSSL
 int Curl_qsossl_init(void);
 void Curl_qsossl_cleanup(void);
 CURLcode Curl_qsossl_connect(struct connectdata * conn, int sockindex);
@@ -49,4 +50,23 @@ ssize_t Curl_qsossl_recv(struct connectdata * conn, /* connection data */
 size_t Curl_qsossl_version(char * buffer, size_t size);
 int Curl_qsossl_check_cxn(struct connectdata * cxn);
 
+/* API setup for QsoSSL */
+#define curlssl_init Curl_qossl_init
+#define curlssl_cleanup Curl_qossl_cleanup
+#define curlssl_connect Curl_qossl_connect
+
+/*  No session handling for QsoSSL */
+#define curlssl_session_free(x)
+#define curlssl_close_all Curl_qsossl_close_all
+#define curlssl_close Curl_qsossl_close
+#define curlssl_shutdown(x,y) Curl_qsossl_shutdown(x,y)
+#define curlssl_set_engine(x,y) CURLE_FAILED_INIT
+#define curlssl_set_engine_default(x) CURLE_FAILED_INIT
+#define curlssl_engines_list(x) NULL
+#define curlssl_send Curl_qsossl_send
+#define curlssl_recv Curl_qsossl_recv
+#define curlssl_version Curl_qsossl_version
+#define curlssl_check_cxn(x) Curl_qsossl_check_cxn(x)
+#define curlssl_data_pending(x,y) 0
+#endif /* USE_QSOSSL */
 #endif
diff --git a/lib/sslgen.c b/lib/sslgen.c
index b25cbddf2..a6824090d 100644
--- a/lib/sslgen.c
+++ b/lib/sslgen.c
@@ -33,6 +33,9 @@
    Curl_gtls_ - prefix for GnuTLS ones
    Curl_nss_ - prefix for NSS ones
 
+   Note that this source code uses curlssl_* functions, and they are all
+   defines/macros #defined by the lib-specific header files.
+
    "SSL/TLS Strong Encryption: An Introduction"
    http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html
 */
@@ -60,9 +63,6 @@
 /* The last #include file should be: */
 #include "memdebug.h"
 
-/* "global" init done? */
-static bool init_ssl=FALSE;
-
 static bool safe_strequal(char* str1, char* str2);
 
 static bool safe_strequal(char* str1, char* str2)
@@ -143,6 +143,11 @@ void Curl_free_ssl_config(struct ssl_config_data* sslc)
   Curl_safefree(sslc->random_file);
 }
 
+#ifdef USE_SSL
+
+/* "global" init done? */
+static bool init_ssl=FALSE;
+
 /**
  * Global SSL init
  *
@@ -156,24 +161,7 @@ int Curl_ssl_init(void)
     return 1;
   init_ssl = TRUE; /* never again */
 
-#ifdef USE_SSLEAY
-  return Curl_ossl_init();
-#else
-#ifdef USE_GNUTLS
-  return Curl_gtls_init();
-#else
-#ifdef USE_NSS
-  return Curl_nss_init();
-#else
-#ifdef USE_QSOSSL
-  return Curl_qsossl_init();
-#else
-  /* no SSL support */
-  return 1;
-#endif /* USE_QSOSSL */
-#endif /* USE_NSS */
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
+  return curlssl_init();
 }
 
 
@@ -182,21 +170,7 @@ void Curl_ssl_cleanup(void)
 {
   if(init_ssl) {
     /* only cleanup if we did a previous init */
-#ifdef USE_SSLEAY
-    Curl_ossl_cleanup();
-#else
-#ifdef USE_GNUTLS
-    Curl_gtls_cleanup();
-#else
-#ifdef USE_NSS
-    Curl_nss_cleanup();
-#else
-#ifdef USE_QSOSSL
-    Curl_qsossl_cleanup();
-#endif /* USE_QSOSSL */
-#endif /* USE_NSS */
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
+    curlssl_cleanup();
     init_ssl = FALSE;
   }
 }
@@ -204,67 +178,28 @@ void Curl_ssl_cleanup(void)
 CURLcode
 Curl_ssl_connect(struct connectdata *conn, int sockindex)
 {
-#ifdef USE_SSL
-  /* mark this is being ssl enabled from here on. */
+  /* mark this is being ssl-enabled from here on. */
   conn->ssl[sockindex].use = TRUE;
   conn->ssl[sockindex].state = ssl_connection_negotiating;
 
-#ifdef USE_SSLEAY
-  return Curl_ossl_connect(conn, sockindex);
-#else
-#ifdef USE_GNUTLS
-  return Curl_gtls_connect(conn, sockindex);
-#else
-#ifdef USE_NSS
-  return Curl_nss_connect(conn, sockindex);
-#else
-#ifdef USE_QSOSSL
-  return Curl_qsossl_connect(conn, sockindex);
-#endif /* USE_QSOSSL */
-#endif /* USE_NSS */
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
-
-#else
-  /* without SSL */
-  (void)conn;
-  (void)sockindex;
-  return CURLE_OK;
-#endif /* USE_SSL */
+  return curlssl_connect(conn, sockindex);
 }
 
 CURLcode
 Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex,
                              bool *done)
 {
-#if defined(USE_SSL) && defined(USE_SSLEAY)
-  /* mark this is being ssl enabled from here on. */
+#ifdef curlssl_connect_nonblocking
+  /* mark this is being ssl requested from here on. */
   conn->ssl[sockindex].use = TRUE;
   return Curl_ossl_connect_nonblocking(conn, sockindex, done);
-
-#else
-#ifdef USE_NSS
-  *done = TRUE; /* fallback to BLOCKING */
-  conn->ssl[sockindex].use = TRUE;
-  return Curl_nss_connect(conn, sockindex);
 #else
-#ifdef USE_QSOSSL
   *done = TRUE; /* fallback to BLOCKING */
   conn->ssl[sockindex].use = TRUE;
-  return Curl_qsossl_connect(conn, sockindex);
-#else
-  /* not implemented!
-     fallback to BLOCKING call. */
-  *done = TRUE;
-  conn->ssl[sockindex].use = TRUE;
-  return Curl_ssl_connect(conn, sockindex);
-#endif /* USE_QSOSSL */
-#endif /* USE_NSS */
-#endif /* USE_SSLEAY */
+  return curlssl_connect(conn, sockindex);
+#endif /* non-blocking connect support */
 }
 
-#ifdef USE_SSL
-
 /*
  * Check if there's a session ID for the given connection in the cache, and if
  * there's one suitable, it is provided. Returns TRUE when no entry matched.
@@ -311,21 +246,8 @@ static int kill_session(struct curl_ssl_session *session)
     /* defensive check */
 
     /* free the ID the SSL-layer specific way */
-#ifdef USE_SSLEAY
-    Curl_ossl_session_free(session->sessionid);
-#else
-#ifdef USE_GNUTLS
-    Curl_gtls_session_free(session->sessionid);
-#else
-#ifdef USE_QSOSSL
-    /* No session handling for QsoSSL. */
-#else
-#ifdef USE_NSS
-    /* NSS has its own session ID cache */
-#endif /* USE_NSS */
-#endif /* USE_QSOSSL */
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
+    curlssl_session_free(session->sessionid);
+
     session->sessionid=NULL;
     session->age = 0; /* fresh */
 
@@ -398,11 +320,8 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
 }
 
 
-#endif /* USE_SSL */
-
 void Curl_ssl_close_all(struct SessionHandle *data)
 {
-#ifdef USE_SSL
   long i;
   /* kill the session ID cache */
   if(data->state.session) {
@@ -414,64 +333,20 @@ void Curl_ssl_close_all(struct SessionHandle *data)
     free(data->state.session);
     data->state.session = NULL;
   }
-#ifdef USE_SSLEAY
-  Curl_ossl_close_all(data);
-#else
-#ifdef USE_GNUTLS
-  Curl_gtls_close_all(data);
-#else
-#ifdef USE_NSS
-  Curl_nss_close_all(data);
-#else
-#ifdef USE_QSOSSL
-  Curl_qsossl_close_all(data);
-#endif /* USE_QSOSSL */
-#endif /* USE_NSS */
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
-#else /* USE_SSL */
-  (void)data;
-#endif /* USE_SSL */
+
+  curlssl_close_all(data);
 }
 
 void Curl_ssl_close(struct connectdata *conn, int sockindex)
 {
   DEBUGASSERT((sockindex <= 1) && (sockindex >= -1));
-
-#ifdef USE_SSLEAY
-  Curl_ossl_close(conn, sockindex);
-#endif /* USE_SSLEAY */
-#ifdef USE_GNUTLS
-  Curl_gtls_close(conn, sockindex);
-#endif /* USE_GNUTLS */
-#ifdef USE_NSS
-  Curl_nss_close(conn, sockindex);
-#endif /* USE_NSS */
-#ifdef USE_QSOSSL
-  Curl_qsossl_close(conn, sockindex);
-#endif /* USE_QSOSSL */
-#ifndef USE_SSL
-  (void)conn;
-  (void)sockindex;
-#endif /* !USE_SSL */
+  curlssl_close(conn, sockindex);
 }
 
 CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex)
 {
-#ifdef USE_SSLEAY
-  if(Curl_ossl_shutdown(conn, sockindex))
-    return CURLE_SSL_SHUTDOWN_FAILED;
-#else
-#ifdef USE_GNUTLS
-  if(Curl_gtls_shutdown(conn, sockindex))
+  if(curlssl_shutdown(conn, sockindex))
     return CURLE_SSL_SHUTDOWN_FAILED;
-#else
-#ifdef USE_QSOSSL
-  if(Curl_qsossl_shutdown(conn, sockindex))
-    return CURLE_SSL_SHUTDOWN_FAILED;
-#endif /* USE_QSOSSL */
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
 
   conn->ssl[sockindex].use = FALSE; /* get back to ordinary socket usage */
   conn->ssl[sockindex].state = ssl_connection_none;
@@ -479,100 +354,24 @@ CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex)
   return CURLE_OK;
 }
 
-/* Selects an (Open)SSL crypto engine
+/* Selects an SSL crypto engine
  */
 CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine)
 {
-#ifdef USE_SSLEAY
-  return Curl_ossl_set_engine(data, engine);
-#else
-#ifdef USE_GNUTLS
-  /* FIX: add code here */
-  (void)data;
-  (void)engine;
-  return CURLE_FAILED_INIT;
-#else
-#ifdef USE_NSS
-  /* NSS doesn't set an engine this way */
-  (void)data;
-  (void)engine;
-  return CURLE_FAILED_INIT;
-#else
-#ifdef USE_QSOSSL
-  /* QSOSSL doesn't set an engine this way */
-  (void)data;
-  (void)engine;
-  return CURLE_FAILED_INIT;
-#else
-  /* no SSL layer */
-  (void)data;
-  (void)engine;
-  return CURLE_FAILED_INIT;
-#endif /* USE_QSOSSL */
-#endif /* USE_NSS */
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
+  return curlssl_set_engine(data, engine);
 }
 
-/* Selects an (Open?)SSL crypto engine
+/* Selects the default SSL crypto engine
  */
 CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data)
 {
-#ifdef USE_SSLEAY
-  return Curl_ossl_set_engine_default(data);
-#else
-#ifdef USE_GNUTLS
-  /* FIX: add code here */
-  (void)data;
-  return CURLE_FAILED_INIT;
-#else
-#ifdef USE_NSS
-  /* A no-op for NSS */
-  (void)data;
-  return CURLE_FAILED_INIT;
-#else
-#ifdef USE_QSOSSL
-  /* A no-op for QSOSSL */
-  (void)data;
-  return CURLE_FAILED_INIT;
-#else
-  /* No SSL layer */
-  (void)data;
-  return CURLE_FAILED_INIT;
-#endif /* USE_QSOSSL */
-#endif /* USE_NSS */
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
+  return curlssl_set_engine_default(data);
 }
 
 /* Return list of OpenSSL crypto engine names. */
 struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data)
 {
-#ifdef USE_SSLEAY
-  return Curl_ossl_engines_list(data);
-#else
-#ifdef USE_GNUTLS
-  /* FIX: add code here? */
-  (void)data;
-  return NULL;
-#else
-#ifdef USE_NSS
-  /* In theory we could return the PKCS#11 modules loaded but that
-   * would just confuse things */
-  (void)data;
-  return NULL;
-#else
-#ifdef USE_QSOSSL
-  /* No engine support in QSOSSL. */
-  (void)data;
-  return NULL;
-#else
-  (void)data;
-  return NULL;
-#endif /* USE_QSOSSL */
-#endif /* USE_NSS */
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
+  return curlssl_engines_list(data);
 }
 
 /* return number of sent (non-SSL) bytes */
@@ -581,27 +380,7 @@ ssize_t Curl_ssl_send(struct connectdata *conn,
                       const void *mem,
                       size_t len)
 {
-#ifdef USE_SSLEAY
-  return Curl_ossl_send(conn, sockindex, mem, len);
-#else
-#ifdef USE_GNUTLS
-  return Curl_gtls_send(conn, sockindex, mem, len);
-#else
-#ifdef USE_NSS
-  return Curl_nss_send(conn, sockindex, mem, len);
-#else
-#ifdef USE_QSOSSL
-  return Curl_qsossl_send(conn, sockindex, mem, len);
-#else
-  (void)conn;
-  (void)sockindex;
-  (void)mem;
-  (void)len;
-  return 0;
-#endif /* USE_QSOSSL */
-#endif /* USE_NSS */
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
+  return curlssl_send(conn, sockindex, mem, len);
 }
 
 /* return number of received (decrypted) bytes */
@@ -615,25 +394,10 @@ ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */
                       char *mem,                /* store read data here */
                       size_t len)               /* max amount to read */
 {
-#ifdef USE_SSL
   ssize_t nread;
   bool block = FALSE;
 
-#ifdef USE_SSLEAY
-  nread = Curl_ossl_recv(conn, sockindex, mem, len, &block);
-#else
-#ifdef USE_GNUTLS
-  nread = Curl_gtls_recv(conn, sockindex, mem, len, &block);
-#else
-#ifdef USE_NSS
-  nread = Curl_nss_recv(conn, sockindex, mem, len, &block);
-#else
-#ifdef USE_QSOSSL
-  nread = Curl_qsossl_recv(conn, sockindex, mem, len, &block);
-#endif /* USE_QSOSSL */
-#endif /* USE_NSS */
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
+  nread = curlssl_recv(conn, sockindex, mem, len, &block);
   if(nread == -1) {
     if(!block)
       return 0; /* this is a true error, not EWOULDBLOCK */
@@ -642,14 +406,6 @@ ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */
   }
 
   return nread;
-
-#else /* USE_SSL */
-  (void)conn;
-  (void)sockindex;
-  (void)mem;
-  (void)len;
-  return 0;
-#endif /* USE_SSL */
 }
 
 
@@ -659,7 +415,6 @@ ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */
  */
 CURLcode Curl_ssl_initsessions(struct SessionHandle *data, long amount)
 {
-#ifdef USE_SSL
   struct curl_ssl_session *session;
 
   if(data->state.session)
@@ -675,39 +430,14 @@ CURLcode Curl_ssl_initsessions(struct SessionHandle *data, long amount)
   data->set.ssl.numsessions = amount;
   data->state.session = session;
   data->state.sessionage = 1; /* this is brand new */
-#else
-  /* without SSL, do nothing */
-  (void)data;
-  (void)amount;
-#endif
-
   return CURLE_OK;
 }
 
 size_t Curl_ssl_version(char *buffer, size_t size)
 {
-#ifdef USE_SSLEAY
-  return Curl_ossl_version(buffer, size);
-#else
-#ifdef USE_GNUTLS
-  return Curl_gtls_version(buffer, size);
-#else
-#ifdef USE_NSS
-  return Curl_nss_version(buffer, size);
-#else
-#ifdef USE_QSOSSL
-  return Curl_qsossl_version(buffer, size);
-#else
-  (void)buffer;
-  (void)size;
-  return 0; /* no SSL support */
-#endif /* USE_QSOSSL */
-#endif /* USE_NSS */
-#endif /* USE_GNUTLS */
-#endif /* USE_SSLEAY */
+  return curlssl_version(buffer, size);
 }
 
-
 /*
  * This function tries to determine connection status.
  *
@@ -718,35 +448,13 @@ size_t Curl_ssl_version(char *buffer, size_t size)
  */
 int Curl_ssl_check_cxn(struct connectdata *conn)
 {
-#ifdef USE_SSLEAY
-  return Curl_ossl_check_cxn(conn);
-#else
-#ifdef USE_NSS
-  return Curl_nss_check_cxn(conn);
-#else
-#ifdef USE_QSOSSL
-  return Curl_qsossl_check_cxn(conn);
-#else
-  (void)conn;
-  /* TODO: we lack implementation of this for GnuTLS */
-  return -1; /* connection status unknown */
-#endif /* USE_QSOSSL */
-#endif /* USE_NSS */
-#endif /* USE_SSLEAY */
+  return curlssl_check_cxn(conn);
 }
 
 bool Curl_ssl_data_pending(const struct connectdata *conn,
                            int connindex)
 {
-#ifdef USE_SSLEAY
-  /* OpenSSL-specific */
-  if(conn->ssl[connindex].handle)
-    /* SSL is in use */
-    return (bool)(0 != SSL_pending(conn->ssl[connindex].handle));
-#else
-  (void)conn;
-  (void)connindex;
-#endif
-  return FALSE; /* nothing pending */
-
+  return curlssl_data_pending(conn, connindex);
 }
+#endif /* USE_SSL */
+
diff --git a/lib/sslgen.h b/lib/sslgen.h
index d93225dd8..b421fc362 100644
--- a/lib/sslgen.h
+++ b/lib/sslgen.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -29,19 +29,22 @@ bool Curl_clone_ssl_config(struct ssl_config_data* source,
                            struct ssl_config_data* dest);
 void Curl_free_ssl_config(struct ssl_config_data* sslc);
 
+#ifdef USE_SSL
 int Curl_ssl_init(void);
 void Curl_ssl_cleanup(void);
 CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex);
 CURLcode Curl_ssl_connect_nonblocking(struct connectdata *conn,
                                       int sockindex,
                                       bool *done);
-void Curl_ssl_close(struct connectdata *conn, int sockindex);
 /* tell the SSL stuff to close down all open information regarding
    connections (and thus session ID caching etc) */
 void Curl_ssl_close_all(struct SessionHandle *data);
+void Curl_ssl_close(struct connectdata *conn, int sockindex);
+CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex);
 CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine);
 /* Sets engine as default for all SSL operations */
 CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data);
+struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data);
 ssize_t Curl_ssl_send(struct connectdata *conn,
                       int sockindex,
                       const void *mem,
@@ -50,9 +53,34 @@ ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */
                       int sockindex,            /* socketindex */
                       char *mem,                /* store read data here */
                       size_t len);              /* max amount to read */
-
 /* init the SSL session ID cache */
 CURLcode Curl_ssl_initsessions(struct SessionHandle *, long);
+size_t Curl_ssl_version(char *buffer, size_t size);
+bool Curl_ssl_data_pending(const struct connectdata *conn,
+                           int connindex);
+int Curl_ssl_check_cxn(struct connectdata *conn);
+
+#else
+/* When SSL support is not present, just define away these function calls */
+#define Curl_ssl_init() 1
+#define Curl_ssl_cleanup()
+#define Curl_ssl_connect(x,y) CURLE_FAILED_INIT
+#define Curl_ssl_connect_nonblocking(x,y,z) (z=z, CURLE_FAILED_INIT)
+#define Curl_ssl_close_all(x)
+#define Curl_ssl_close(x,y)
+#define Curl_ssl_shutdown(x,y) CURLE_FAILED_INIT
+#define Curl_ssl_set_engine(x,y) CURLE_FAILED_INIT
+#define Curl_ssl_set_engine_default(x) CURLE_FAILED_INIT
+#define Curl_ssl_engines_list(x) NULL
+#define Curl_ssl_send(a,b,c,d) -1
+#define Curl_ssl_recv(a,b,c,d) -1
+#define Curl_ssl_initsessions(x,y) CURLE_OK
+#define Curl_ssl_version(x,y) 0
+#define Curl_ssl_data_pending(x,y) 0
+#define Curl_ssl_check_cxn(x) 0
+
+#endif
+
 /* extract a session ID */
 int Curl_ssl_getsessionid(struct connectdata *conn,
                           void **ssl_sessionid,
@@ -62,18 +90,6 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
                                void *ssl_sessionid,
                                size_t idsize);
 
-
-struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data);
-
-size_t Curl_ssl_version(char *buffer, size_t size);
-
-int Curl_ssl_check_cxn(struct connectdata *conn);
-
-CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex);
-
-bool Curl_ssl_data_pending(const struct connectdata *conn,
-                           int connindex);
-
 #if !defined(USE_SSL) && !defined(SSLGEN_C)
 /* set up blank macros for none-SSL builds */
 #define Curl_ssl_close_all(x)
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 27e6d4d8d..0311ed16b 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1936,6 +1936,16 @@ Curl_ossl_connect(struct connectdata *conn,
   return CURLE_OK;
 }
 
+bool Curl_ossl_data_pending(const struct connectdata *conn,
+                            int connindex)
+{
+  if(conn->ssl[connindex].handle)
+    /* SSL is in use */
+    return (bool)(0 != SSL_pending(conn->ssl[connindex].handle));
+  else
+    return FALSE;
+}
+
 /* return number of sent (non-SSL) bytes */
 ssize_t Curl_ossl_send(struct connectdata *conn,
                        int sockindex,
diff --git a/lib/ssluse.h b/lib/ssluse.h
index 9707c0581..851548902 100644
--- a/lib/ssluse.h
+++ b/lib/ssluse.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -23,6 +23,7 @@
  * $Id$
  ***************************************************************************/
 
+#ifdef USE_SSLEAY
 /*
  * This header should only be needed to get included by sslgen.c and ssluse.c
  */
@@ -71,5 +72,26 @@ int Curl_ossl_check_cxn(struct connectdata *cxn);
 int Curl_ossl_seed(struct SessionHandle *data);
 
 int Curl_ossl_shutdown(struct connectdata *conn, int sockindex);
+bool Curl_ossl_data_pending(const struct connectdata *conn,
+                            int connindex);
 
+/* API setup for OpenSSL */
+#define curlssl_init Curl_ossl_init
+#define curlssl_cleanup Curl_ossl_cleanup
+#define curlssl_connect Curl_ossl_connect
+#define curlssl_connect_nonblocking Curl_ossl_connect_nonblocking
+#define curlssl_session_free(x) Curl_ossl_session_free(x)
+#define curlssl_close_all Curl_ossl_close_all
+#define curlssl_close Curl_ossl_close
+#define curlssl_shutdown(x,y) Curl_ossl_shutdown(x,y)
+#define curlssl_set_engine(x,y) Curl_ossl_set_engine(x,y)
+#define curlssl_set_engine_default(x) Curl_ossl_set_engine_default(x)
+#define curlssl_engines_list(x) Curl_ossl_engines_list(x)
+#define curlssl_send Curl_ossl_send
+#define curlssl_recv Curl_ossl_recv
+#define curlssl_version Curl_ossl_version
+#define curlssl_check_cxn Curl_ossl_check_cxn
+#define curlssl_data_pending(x,y) Curl_ossl_data_pending(x,y)
+
+#endif /* USE_SSLEAY */
 #endif